WebKit-https.git
3 years ago[GStreamer] Bump internal jhbuild versions to 1.8.0 and patches to support MSE
commit-queue@webkit.org [Thu, 5 May 2016 08:40:21 +0000 (08:40 +0000)]
[GStreamer] Bump internal jhbuild versions to 1.8.0 and patches to support MSE
https://bugs.webkit.org/show_bug.cgi?id=157341

Patch by Enrique Ocaña González <eocanha@igalia.com> on 2016-05-05
Reviewed by Xabier Rodriguez-Calvar.

* gtk/jhbuild.modules:
* gtk/patches/gst-plugins-good-Revert-qtdemux-expose-streams-with-first-moof-for-fr.patch: Added.
* gtk/patches/gst-plugins-good-use-the-tfdt-decode-time.patch: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200454 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Mac][cmake] Unreviewed speculative buildfix after r200433, just for fun.
ossy@webkit.org [Thu, 5 May 2016 08:25:23 +0000 (08:25 +0000)]
[Mac][cmake] Unreviewed speculative buildfix after r200433, just for fun.

* PlatformMac.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200453 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCreate console object lazily
commit-queue@webkit.org [Thu, 5 May 2016 07:54:14 +0000 (07:54 +0000)]
Create console object lazily
https://bugs.webkit.org/show_bug.cgi?id=157328

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-05
Reviewed by Geoffrey Garen.

* runtime/CommonIdentifiers.h:
* runtime/JSGlobalObject.cpp:
(JSC::createConsoleProperty):
(JSC::JSGlobalObject::init): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200452 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[TexMap] Clean up TextureMapperShaderProgram
zandobersek@gmail.com [Thu, 5 May 2016 06:42:32 +0000 (06:42 +0000)]
[TexMap] Clean up TextureMapperShaderProgram
https://bugs.webkit.org/show_bug.cgi?id=157302

Reviewed by Carlos Garcia Campos.

Clean up the header and the implementation file of the
TextureMapperShaderProgram class. Reference the GraphicsContext3D
object through a Ref<>, and have the context() return a reference,
not a pointer.

Sort the parts of the implementation file into something more
sensible. StringBuilder usage in create() is improved. getLocation()
only needs to do one lookup in the m_variables map by using ensure().

No new tests -- no change in behavior.

* platform/graphics/surfaces/GLTransportSurface.cpp:
(WebCore::GLTransportSurface::initializeShaderProgram):
* platform/graphics/texmap/TextureMapperGL.cpp:
(WebCore::TextureMapperGLData::SharedGLData::getShaderProgram):
(WebCore::prepareFilterProgram):
* platform/graphics/texmap/TextureMapperShaderProgram.cpp:
(WebCore::TextureMapperShaderProgram::create):
(WebCore::TextureMapperShaderProgram::TextureMapperShaderProgram):
(WebCore::TextureMapperShaderProgram::~TextureMapperShaderProgram):
(WebCore::TextureMapperShaderProgram::setMatrix):
(WebCore::TextureMapperShaderProgram::getLocation):
* platform/graphics/texmap/TextureMapperShaderProgram.h:
(WebCore::TextureMapperShaderProgram::context):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200451 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd JSC test results in JSON format to a Buildbot log
commit-queue@webkit.org [Thu, 5 May 2016 06:13:28 +0000 (06:13 +0000)]
Add JSC test results in JSON format to a Buildbot log
https://bugs.webkit.org/show_bug.cgi?id=156920

Patch by Srinivasan Vijayaraghavan <svijayaraghavan@apple.com> on 2016-05-04
Reviewed by Daniel Bates.

* BuildSlaveSupport/build.webkit.org-config/master.cfg:
(RunJavaScriptCoreTests): Move command-line option for output file out
of WithProperties.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200450 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSummary page should show warnings when current or baseline data is missing.
dewei_zhu@apple.com [Thu, 5 May 2016 05:27:18 +0000 (05:27 +0000)]
Summary page should show warnings when current or baseline data is missing.
https://bugs.webkit.org/show_bug.cgi?id=157339

Reviewed by Ryosuke Niwa.

Set summary page to be the default page of v3 UI.
Show warning icon when either baseline or current data is missing.
Make fetchBetween returns a promise.
Update unit tests for MeasurementSet.fetchBetween since it returns a promise now.
Add a workaround to skip some platform and metric configurations.

* public/v3/components/ratio-bar-graph.js:
(RatioBarGraph):
(RatioBarGraph.prototype.update): Add showWarningIcon flag to indicate whether we should show warning icon.
(RatioBarGraph.prototype.render): Show warning icon when showWarningIcon is true.
(RatioBarGraph.cssTemplate): Add style for warning icon.
* public/v3/components/warning-icon.js: Add warning icon.
(WarningIcon):
(WarningIcon.cssTemplate):
* public/v3/index.html:
* public/v3/main.js:
(main): Set summary page to be the default page of v3 UI.
* public/v3/models/measurement-set.js:
(MeasurementSet):
(MeasurementSet.prototype.fetchBetween): Returns a promise. Fix the bug in previous implementation that we miss
some callbacks sometimes. Basically, we will fetch primary cluster first, then secondary clusters. For each
secondary cluster fetch, we will always invoke callback even when it fails.
(MeasurementSet.prototype._fetchSecondaryClusters): Deleted.
(MeasurementSet.prototype._fetch.else.url.api.measurement.set platform): Deleted.
* public/v3/pages/summary-page.js:
(SummaryPage): Add a variable for excluded configurations.
(SummaryPage.prototype._createConfigurationGroup): Pass excluded configurations while building config groups.
(SummaryPage.prototype._constructTable): Remove the logic for unified header since it breaks consistency of the table appearance.
(SummaryPage.prototype.this._renderQueue.push): Show warning message when baseline/current data is missing.
(SummaryPageConfigurationGroup): Add a variable to keep track of the warnings while computing summary.
(SummaryPageConfigurationGroup.prototype.warnings): A getter for warnings.
(SummaryPageConfigurationGroup._computeSummary): Fix a bug in calculating ratios. We should always use
current/baseline for ratio and present the difference between ratio and 1 in the summary page.
(SummaryPageConfigurationGroup.set then): Deleted.
(SummaryPageConfigurationGroup.set var): Deleted.
* unit-tests/measurement-set-tests.js: Add a helper function to wait for fetchBetween. Update unit tests since fetchBetween returns a promise now.
(promise.set fetchBetween):
(set MeasurementSet):
(set fetchBetween): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200449 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoStart on dictionary support for IDL, getting enough to work for one dictionary
darin@apple.com [Thu, 5 May 2016 03:09:41 +0000 (03:09 +0000)]
Start on dictionary support for IDL, getting enough to work for one dictionary
https://bugs.webkit.org/show_bug.cgi?id=157336

Reviewed by Alex Christensen.

* bindings/js/JSDOMBinding.h: Return RefPtr instead of PassRefPtr for the return
value of toArrayBufferView. Not only is this the correct modern idiom, it also
works properly with auto, and PassRefPtr does not.

* bindings/js/JSDOMBuild.h: Added. This has the build function template in it.
It's used to build values like dictionaries. We specialize and call the tempate
in generated code. This is only the initial simplistic version; will be refining
for exception handling, optional handling, default value handling, and lots of
other things not yet needed for this first dictionary.

* bindings/scripts/CodeGenerator.pm:
(ProcessDocument): Handle dictionaries much like how we handle enumerations.
(SkipIncludeHeader): Moved small list of special types here from CodeGeneratorJS.
(IsDictionaryType): Added.
(IsRefPtrType): Make this return 0 for dictionary types.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateInterface): Added handling for dictionaries.
(SkipIncludeHeader): Deleted.
(AddIncludesForType): Call the the SkipIncludeHeader from CodeGenerator.pm directly.
(GetNestedClassName): Factored out the work that was previously in
GetEnumerationClassName so we could reuse it for dictionaries too.
(GetEnumerationClassName): Changed to call GetNestedClassName.
(GetEnumerationClassIdentifier): Deleted. Instead of using this, we now use templates
so we can use the actual class name.
(GenerateEnumerationImplementationContent): Changed parse and expectedEnumerationValues
to use function template specialization instead of functions. This cleans up the code
a bit and makes it eaiser to use from other templates. Later we may want to merge the
parse function template build function template from JSDOMBuild.h. Added specialization
of the build function template.
(GetDictionaryClassName): Added. Calls GetNestedClassName.
(GenerateDictionaryImplementationContent): Added. Generates the build function for each
dictionary type. Initial simplistic version to be refined.
(GenerateImplementation): Added dictionaries argument and called the
GenerateDictionaryImplementationContent function. Also changed many functions to take
interface arguments and also removed redundant interfaceName arguments from functions
that formerly took both.
(GenerateParametersCheck): Updated for changes above. That includes calling the new
parse function template. Also changed to use auto and WTFMove, which makes the code
both more generic and potentially more efficient and obviates the need for a special
case for dictionary types.
(GenerateCallbackHeader): Updated for changes above.
(GenerateCallbackImplementation): Ditto.
(GenerateImplementationFunctionCall): Ditto.
(GetNativeTypeFromSignature): Ditto.
(GetNativeType): Changed this function to take the interface because that's needed to
get the type name right for enumeration types rather than returning "auto". Made that
change as well. Moved one type, DOMStringList, into the nativeType hash instead of
having explicit code here for it. Didn't add a dictionary type case here yet, but
probably will need to do that in the next patch.
(ShouldPassWrapperByReference): Pass interface in to GetNativeType.
(GetNativeVectorInnerType): Removed unneeded special case for DOMString.
(GetNativeTypeForCallbacks): Changed to take the interface.
(GetNativeTypeForMemoization): Ditto.
(JSValueToNative): Changed expression for Dictionary (the thing I am working to make
obsolete) to name the type so it will work with auto. Added a case for dictionary
types and updated the case for enumeration types.
(NativeToJSValue): Updated to take an interface rather than an interface name, and to
pass that along as needed.

* bindings/scripts/IDLParser.pm:
(Parse): Add dictionaries to a list.
(parseDictionary): Put name, extended attributes, and members into the dictionary.
(parseDictionaryMembers): Build up a members array.
(parseDictionaryMember): Put isOptional, type, name, and default value into the
dictionary member.

* bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
* bindings/scripts/test/GObject/WebKitDOMTestObj.h:
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestNondeterministic.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
* bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
* bindings/scripts/test/ObjC/DOMTestObj.h:
* bindings/scripts/test/ObjC/DOMTestObj.mm:
Regenerated.

* bindings/scripts/test/TestObj.idl: Added some test cases that I was using to
get the bindings script to work. Right now this is basically identical to the
actual use of this in Element.idl, but over time I will modify it to cover more
features of dictionaries. Also fixed some incorrect test cases trying to use
the type "bool", which doesn't exist in IDL.

* dom/Element.cpp:
(WebCore::Element::canHaveUserAgentShadowRoot): Added. The existing code used a
combination of a virtual function on HTMLElement and type checking. It's better
to just use a virtual function on Element.
(WebCore::Element::attachShadow): Updated to take a ShadowRootInit struct instead
of a Dictionary. Also tweaked the code in a couple other minor ways.

* dom/Element.h: Added the ShadowRootMode enum class and the ShadowRootInit struct,
and changed attachShadow to take ShadowRootInit instead of Dictionary. Also added
the private canHaveUserAgentShadowRoot virtual function.

* dom/Element.idl: Added ShadowRootMode, ShadowRootInit, and used them in as the
arguemnt type for attachShadow.

* html/HTMLElement.h: Made canHaveUserAgentShadowRoot a private override instead
of a public virtual function.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200448 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoEnable Dwarf2 debug information in offline assembler for clang compiler
msaboff@apple.com [Thu, 5 May 2016 01:06:59 +0000 (01:06 +0000)]
Enable Dwarf2 debug information in offline assembler for clang compiler
https://bugs.webkit.org/show_bug.cgi?id=157364.

Reviewed by Mark Lam.

Added a new function shouldEnableDebugAnnotations() that determines if
we are using clang and a new enough version to support the debug annotations.

* offlineasm/config.rb:
(shouldEnableDebugAnnotations): Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200447 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] Playback does not pause when locking screen after playing to AirPlay.
eric.carlson@apple.com [Thu, 5 May 2016 00:55:57 +0000 (00:55 +0000)]
[iOS] Playback does not pause when locking screen after playing to AirPlay.
https://bugs.webkit.org/show_bug.cgi?id=157366
<rdar://problem/22100651>

Reviewed by Dean Jackson.

* platform/audio/PlatformMediaSession.cpp:
(WebCore::PlatformMediaSession::isPlayingToWirelessPlaybackTargetChanged): Save and restore
  m_interruptionCount around calling sessionIsPlayingToWirelessPlaybackTargetChanged because
  it will call beginInterruption if we are already in the background and the counter will
  get out of sync.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200446 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSP: Perform case sensitive match against path portion of source expression URL that...
dbates@webkit.org [Thu, 5 May 2016 00:32:36 +0000 (00:32 +0000)]
CSP: Perform case sensitive match against path portion of source expression URL that ends in '/'
https://bugs.webkit.org/show_bug.cgi?id=157275

Reviewed by Darin Adler.

Source/WebCore:

Merged from Blink:
<https://chromium.googlesource.com/chromium/src/+/7bd0a75e3f71a10e71ded31ea5905d5ee3d992eb>

Perform a case-sensitive prefix match of the path portion a source expression that ends in '/'
against the path portion of a request URL as per step 8.5.4 of section Does url match expression
in origin with redirect count of the Content Security Policy Level 3 spec., <https://w3c.github.io/webappsec-csp>
(Editor's Draft, 27 April 2016).

* page/csp/ContentSecurityPolicySource.cpp:
(WebCore::ContentSecurityPolicySource::pathMatches):

LayoutTests:

Add test to ensure that the path portion of a request URL is case-sensitively
matched against the path portion of a source expression that ends in '/'.

* http/tests/security/contentSecurityPolicy/source-list-parsing-paths-01-expected.txt:
* http/tests/security/contentSecurityPolicy/source-list-parsing-paths-01.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200445 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd HLE locks and synchronic TTAS locks to the ToyLocks benchmark suite
fpizlo@apple.com [Thu, 5 May 2016 00:18:13 +0000 (00:18 +0000)]
Add HLE locks and synchronic TTAS locks to the ToyLocks benchmark suite
https://bugs.webkit.org/show_bug.cgi?id=157367

Rubber stamped by Benjamin Poulain.

Turns out they are both a lot slower than WTF::Lock. The HLE lock is written according to Intel's
documentation. The synchronic lock follows the algorithm of the "ttas_lock" in the synchronic
test.hpp.

* benchmarks/ToyLocks.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200444 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoVersioning.
bshafiei@apple.com [Thu, 5 May 2016 00:14:46 +0000 (00:14 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200443 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAX: Nonfunctional controls appear before every HTML5 video when using VoiceOver
commit-queue@webkit.org [Thu, 5 May 2016 00:05:47 +0000 (00:05 +0000)]
AX: Nonfunctional controls appear before every HTML5 video when using VoiceOver
https://bugs.webkit.org/show_bug.cgi?id=153089
<rdar://problem/24050668>

Patch by Aaron Chu <aaron_chu@apple.com> on 2016-05-04
Reviewed by Dean Jackson.

Source/WebCore:

Test: media/video-controls-show-on-kb-or-ax-event.html

* Modules/mediacontrols/mediaControlsApple.js:
(Controller):
(Controller.prototype.createControls):
(Controller.prototype.updateControls):
(Controller.prototype.handlePlayButtonClicked):
(Controller.prototype.setPlaying):
(Controller.prototype.showShowControlsButton):
(Controller.prototype.showControls):
(Controller.prototype.hideControls):
* Modules/mediacontrols/mediaControlsiOS.js:
(ControllerIOS.prototype.addStartPlaybackControls):
(ControllerIOS.prototype.handleStartPlaybackButtonTouchEnd):
(ControllerIOS.prototype.showControls):

Fix to make sure the showControls button in a media player behaves correctly.

LayoutTests:

* media/video-controls-show-on-kb-or-ax-event-expected.txt:
* media/video-controls-show-on-kb-or-ax-event.html:

A Layout Test to make sure showControls Button in media player is hidden by default.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200441 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoExperimental Features don't need an "Experimental" prefix
dino@apple.com [Wed, 4 May 2016 23:41:16 +0000 (23:41 +0000)]
Experimental Features don't need an "Experimental" prefix
https://bugs.webkit.org/show_bug.cgi?id=157363
<rdar://problem/26100630>

Reviewed by Anders Carlsson.

Since we're not persisting the value of the experimental
features, it's unlikely there will ever be the case
where we move a Preference from experimental to normal
and use a stored value.

* Shared/WebPreferencesDefinitions.h:
* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::overrideBoolPreferenceForTestRunner):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200440 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r200401): Web Inspector: TypeError: undefined is not an object (evaluatin...
nvasilyev@apple.com [Wed, 4 May 2016 23:36:26 +0000 (23:36 +0000)]
REGRESSION (r200401): Web Inspector: TypeError: undefined is not an object (evaluating 'messageElement.classList')
https://bugs.webkit.org/show_bug.cgi?id=157356
<rdar://problem/26097424>

Reviewed by Timothy Hatcher.

* UserInterface/Views/LogContentView.js:
(WebInspector.LogContentView.prototype._reappendProvisionalMessages):
Don't filter messages since we already do that in didAppendConsoleMessageView.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200439 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd a few more WTF locking benchmarks
fpizlo@apple.com [Wed, 4 May 2016 23:01:25 +0000 (23:01 +0000)]
Add a few more WTF locking benchmarks
https://bugs.webkit.org/show_bug.cgi?id=157365

Rubber stamped by Benjamin Poulain.

Factors out our toy locks into ToyLocks.h and adds a new test (LockFairnessTest) that measures
the fairness of locks.

The result: WTF::Lock is pretty fair enough.

* benchmarks/LockFairnessTest.cpp: Added.
(main):
* benchmarks/LockSpeedTest.cpp:
(main):
* benchmarks/ToyLocks.h: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200438 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoExperimental features should toggle runtime flags
dino@apple.com [Wed, 4 May 2016 22:29:18 +0000 (22:29 +0000)]
Experimental features should toggle runtime flags
https://bugs.webkit.org/show_bug.cgi?id=157353
<rdar://problem/23621603>

Reviewed by Anders Carlsson.

Hook up the experimental WebPreferences to RuntimeEnabledFeatures.
In the process I removed the general preference for WebGL 2 (we
already had an experimental feature for it) and moved Custom
Elements and Shadow DOM to experimental.

I also removed the C versions of the preferences, since experimental
features only need the ObjC API (which is generated automatically).

* Shared/WebPreferencesDefinitions.h: Move/remove some features and
make the experimental section more clear.
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetWebGL2Enabled): Deleted.
(WKPreferencesGetWebGL2Enabled): Deleted.
(WKPreferencesSetShadowDOMEnabled): Deleted.
(WKPreferencesGetShadowDOMEnabled): Deleted.
(WKPreferencesSetCustomElementsEnabled): Deleted.
(WKPreferencesGetCustomElementsEnabled): Deleted.
* UIProcess/API/C/WKPreferencesRefPrivate.h:
* UIProcess/WebPreferences.cpp:
(WebKit::WebPreferences::updateBoolValueForExperimentalFeatureKey): A
version of updateBoolValueForKey that doesn't call the platform
function (e.g. doesn't save to NSUserDefaults).
* UIProcess/WebPreferences.h:
* UIProcess/mac/WebPreferencesMac.mm:
(WebKit::WebPreferences::platformInitializeStore): Deleted.
* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::overrideBoolPreferenceForTestRunner):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200437 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTestRunner should always enable all the experimental features
dino@apple.com [Wed, 4 May 2016 22:28:40 +0000 (22:28 +0000)]
TestRunner should always enable all the experimental features
https://bugs.webkit.org/show_bug.cgi?id=157360
<rdar://problem/26099748>

Reviewed by Anders Carlsson.

Source/WebKit2:

Experimental features are disabled by default, but it is
a pain to enable them in every test. Instead, have the
test runner turn them all on.

* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesEnableAllExperimentalFeatures):
* UIProcess/API/C/WKPreferencesRefPrivate.h:
* UIProcess/WebPreferences.cpp:
(WebKit::WebPreferences::enableAllExperimentalFeatures):
* UIProcess/WebPreferences.h:

Tools:

Call the new SPI that enables all the experimental features.

* WebKitTestRunner/TestController.cpp:
(WTR::TestController::resetPreferencesToConsistentValues):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200436 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDisabling WebGL2 should mean no context is created
dino@apple.com [Wed, 4 May 2016 22:27:58 +0000 (22:27 +0000)]
Disabling WebGL2 should mean no context is created
https://bugs.webkit.org/show_bug.cgi?id=157352
<rdar://problem/26096346>

Reviewed by Eric Carlson.

Source/WebCore:

If WebGL2 is disabled by the runtime flag, we should
not create a context.

Test: fast/canvas/webgl/webgl2-runtime-flag.html

* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::create):
* testing/Internals.cpp: Added some helpers to toggle the runtime setting.
(WebCore::Internals::webGL2Enabled):
(WebCore::Internals::setWebGL2Enabled):
* testing/Internals.h:
* testing/Internals.idl:

LayoutTests:

Check that toggling the runtime flag enables/disables WebGL 2.0.

* fast/canvas/webgl/webgl2-runtime-flag-expected.txt: Added.
* fast/canvas/webgl/webgl2-runtime-flag.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200435 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, fix test for new ArrayIteratorPrototype.next() error message.
keith_miller@apple.com [Wed, 4 May 2016 22:22:31 +0000 (22:22 +0000)]
Unreviewed, fix test for new ArrayIteratorPrototype.next() error message.

* tests/stress/array-iterators-next-with-call.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200434 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd an override point for drawing named images in ThemeCocoa
andersca@apple.com [Wed, 4 May 2016 22:14:45 +0000 (22:14 +0000)]
Add an override point for drawing named images in ThemeCocoa
https://bugs.webkit.org/show_bug.cgi?id=157357
rdar://problem/25878445

Reviewed by Dean Jackson.

Rename ThemeCocoa.cpp to ThemeCocoa.mm and rearrange the code that draws the wireless-playback image
so we can import ThemeCocoaDrawNamedImage.mm below.

* WebCore.xcodeproj/project.pbxproj:
* platform/cocoa/ThemeCocoa.cpp:
(WebCore::fitContextToBox): Deleted.
(WebCore::ThemeCocoa::drawNamedImage): Deleted.
* platform/cocoa/ThemeCocoa.mm: Renamed from Source/WebCore/platform/cocoa/ThemeCocoa.cpp.
(WebCore::fitContextToBox):
(WebCore::ThemeCocoa::drawNamedImage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200433 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDon't disconnect WebAVPlayerController from its delegate since there is no way to...
commit-queue@webkit.org [Wed, 4 May 2016 22:03:45 +0000 (22:03 +0000)]
Don't disconnect WebAVPlayerController from its delegate since there is no way to reconnect it.
https://bugs.webkit.org/show_bug.cgi?id=157337

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-05-04
Reviewed by Jer Noble.

WebAVPlayerController used to be deleted and recreated each time we begin fullscreen video mode.
Since it is now preserved, we shouldn't paritally tear it down in cleanupFullscreen by disconnecting it
from its delegate, especially since we have no way to reconnect it.

The side effect of leaving it connected is that it can continue to make callbacks during cleanup.
Of importance is that it sets the audio and legible media selctions to nil. We don't want to change
the selection as a result of teardown. Nil selection is unsupported by WebVideoFullscreenModelVideoElement
and causes an assert. This transition to nil selection is now ignored.

* platform/ios/WebAVPlayerController.mm:
(-[WebAVPlayerController setCurrentAudioMediaSelectionOption:]):
(-[WebAVPlayerController setCurrentLegibleMediaSelectionOption:]):
* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(WebVideoFullscreenInterfaceAVKit::cleanupFullscreen):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200432 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMedia elements should not be paused right away when removed from the document
cdumez@apple.com [Wed, 4 May 2016 21:33:45 +0000 (21:33 +0000)]
Media elements should not be paused right away when removed from the document
https://bugs.webkit.org/show_bug.cgi?id=157347
<rdar://problem/25888758>

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Rebaseline now that more W3C tests are passing.

* web-platform-tests/html/semantics/embedded-content/media-elements/playing-the-media-resource/pause-move-to-other-document-expected.txt:
* web-platform-tests/html/semantics/embedded-content/media-elements/playing-the-media-resource/pause-move-within-document-expected.txt:
* web-platform-tests/html/semantics/embedded-content/media-elements/playing-the-media-resource/pause-remove-from-document-expected.txt:

Source/WebCore:

Media elements should not be paused right away when removed from the document.
Instead we should allow the task that removed the media element from the
document to finish because considering pausing.

This avoid inadvertently pausing media elements when the JS merely moves them
on the page (e.g. using Node.replaceChild()).

Text from the HTML specification:
"""
When a media element is removed from a Document, the user agent must run the
following steps:
1.  Await a stable state, allowing the task that removed the media element
    from the Document to continue. The synchronous section consists of all the
    remaining steps of this algorithm. (Steps in the synchronous section are
    marked with ⌛.)
2. ⌛ If the media element is in a Document, abort these steps.
3. ⌛ Run the internal pause steps for the media element.
"""

c.f. https://html.spec.whatwg.org/multipage/embedded-content.html#htmlmediaelement

Test: media/replaceChild-should-not-pause-video.html

* dom/GenericEventQueue.cpp:
(WebCore::GenericEventQueue::sharedTimerFired):
Copy the queue of events before processing it so that we don't fire events that
get scheduled by the event handlers as a result of us firing the pending events.
Otherwise, we end up firing events synchronously right after they've been queued,
which is wrong. This was causing several W3C tests to fail.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::HTMLMediaElement):
(WebCore::HTMLMediaElement::pauseAfterDetachedTimerFired):
(WebCore::HTMLMediaElement::removedFrom):
* html/HTMLMediaElement.h:
After the media element gets removed from the document, schedule a 0 timer before
pausing the media element, to give the task that removed us a chance to finish.
When the timer fires, we check if we were added back into an active document and
avoid pausing in such case.

LayoutTests:

* media/remove-from-document-expected.txt:
* media/remove-from-document.html:
Check asynchronously if the video has been paused after removing it from
the document instead of synchronously as we no longer pause the video
synchronously in this case.

* media/replaceChild-should-not-pause-video-expected.txt: Added.
* media/replaceChild-should-not-pause-video.html: Added.
Add test case to make sure that calling replaceChild() on with a video
element as newChild does not pause the video if it is already playing.
This is a regression test for <rdar://problem/25888758>.

* webaudio/audiocontext-state-interrupted-expected.txt:
* webaudio/audiocontext-state-interrupted.html:
Add a missing call to
internals.setMediaSessionRestrictions("WebAudio", "InterruptedPlaybackNotPermitted")
before the fourth test. The fourth test was previously passing by
chance, due to a bug in GenericEventQueue sometimes firing events
synchronously after they are scheduled.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200431 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSpeed up JSGlobalObject initialization by making some properties lazy
fpizlo@apple.com [Wed, 4 May 2016 21:21:36 +0000 (21:21 +0000)]
Speed up JSGlobalObject initialization by making some properties lazy
https://bugs.webkit.org/show_bug.cgi?id=157045

Source/JavaScriptCore:

Reviewed by Keith Miller.

This makes about half of JSGlobalObject's state lazy. There are three categories of
state in JSGlobalObject:

1) C++ fields in JSGlobalObject.
2) JS object properties in JSGlobalObject's JSObject superclass.
3) JS variables in JSGlobalObject's JSSegmentedVariableObject superclass.

State held in JS variables cannot yet be made lazy. That's why this patch only goes
half-way.

State in JS object properties can be made lazy if we move it to the static property
hashtable. JSGlobalObject already had one of those. This patch makes static property
hashtables a lot more powerful, by adding three new kinds of static properties. These
new kinds allow us to make almost all of JSGlobalObject's object properties lazy.

State in C++ fields can now be made lazy thanks in part to WTF's support for stateless
lambdas. You can of course make anything lazy by hand, but there are many C++ fields in
JSGlobalObject and we are adding more all the time. We don't want to require that each
of these has a getter with an initialization check and a corresponding out-of-line slow
path that does the initialization. We want this kind of boilerplate to be handled by
some abstractions.

The primary abstraction introduced in this patch is LazyProperty<Type>. Currently, this
only works where Type is a subclass of JSCell. Such a property holds a pointer to Type.
You can use it like you would a WriteBarrier<Type>. It even has set() and get() methods,
so it's almost a drop-in replacement.

The key to LazyProperty<Type>'s power is that you can do this:

    class Bar {
        ...
        LazyProperty<Foo> m_foo;
    };
    ...
    m_foo.initLater(
        [] (const LazyProperty<Foo>::Initializer<Bar>& init) {
            init.set(Foo::create(init.vm, init.owner));
        });

This initLater() call requires that you pass a stateless lambda (see WTF changelog for
the definition). Miraculously, this initLater() call is guaranteed to compile to a store
of a pointer constant to m_foo, as in:

    movabsq 0xBLAH, %rax
    movq %rax, &m_foo

This magical pointer constant points to a callback that was generated by the template
instantiation of initLater(). That callback knows to call your stateless lambda, but
also does some other bookkeeping: it makes sure that you indeed initialized the property
inside the callback and it manages recursive initializations. It's totally legal to call
m_foo.get() inside the initLater() callback. If you do that before you call init.set(),
m_foo.get() will return null. This is an excellent escape hatch if we ever find
ourselves in a dependency cycle. I added this feature because I already had to create a
dependency cycle.

Note that using LazyProperties from DFG threads is super awkward. It's going to be hard
to get this right. The DFG thread cannot initialize those fields, so it has to make sure
that it does conservative things. But for some nodes this could mean adding a lot of new
logic, like NewTypedArray, which currently is written in such a way that it assumes that
we always have the typed array structure. Currently we take a two-fold approach: for
typed arrays we don't handle the NewTypedArray intrinsic if the structure isn't
initialized, and for everything else we don't make the properties lazy if the DFG needs
them. As we optimize this further we might need to teach the DFG to handle more lazy
properties. I tried to do this for RegExp but found it to be very confusing. With typed
arrays I got lucky.

There is also a somewhat more powerful construct called LazyClassStructure. We often
need to keep around the structure of some standard JS class, like Date. We also need to
make sure that the constructor ends up in the global object's property table. And we
often need to keep the original value of the constructor for ourselves. In this case, we
want to make sure that the creation of the structure-prototype-constructor constellation
is atomic. We don't want code to start looking at the structure if it points to a
prototype that doesn't have its "constructor" property set yet, for example.
LazyClassStructure solves this by abstracting that whole initialization. You provide the
callback that allocates everything, since we are super inconsistent about the way we
initialize things, but LazyClassStructure establishes the workflow and helps you not
mess up.

Finally, the new static hashtable attributes allow for all of this to work with the JS
property table:

PropertyCallback: if you use this attribute, the second column in the table should be
the name of a function to call to initialize this property. This is useful for things
like the Math property. The Math object turns out to be very expensive to allocate.
Delaying its allocation is super easy with the PropertyCallback attribute.

CellProperty: with this attribute the second column should be a C++ field name like
JSGlobalObject::m_evalErrorConstructor. The static hashtable will grab the offset of
this property, and when it needs to be initialized, Lookup will assume you have a
LazyProperty<JSCell> and call its get() method. It will initialize the property to
whatever get() returned. Note that it's legal to cast a LazyProperty<Anything> to
LazyProperty<JSCell> for the purpose of calling get() because the get() method will just
call whatever callback function pointer is encoded in the property and it does not need
to know anything about what type that callback will instantiate.

ClassStructure: with this attribute the second column should be a C++ field name. The
static hashtable will initialize the property by treating the field as a
LazyClassStructure and it will call get(). LazyClassStructure completely owns the whole
initialization workflow, so Lookup assumes that when LazyClassStructure::get() returns,
the property in question will already be set. By convention, we have LazyClassStructure
initialize the property with a pointer to the constructor, since that's how all of our
classes work: "globalObject.Date" points to the DateConstructor.

This is a 2x speed-up in JSGlobalObject initialization time in a microbenchmark that
calls our C API. This is a 1% speed-up on SunSpider and JSRegress.

Rolling this back in after fixing the function pointer alignment issue. The last version
relied on function pointers being aligned to a 4-byte boundary. We cannot rely on this,
especially since ARMv7 uses the low bit of function pointers as a tag to indicate the
instruction set. This version adds an extra indirection, so that
LazyProperty<>::m_pointer points to a pointer that points to the function. A pointer to
a pointer is guaranteed to be at least 4-byte aligned.

* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::create):
* API/ObjCCallbackFunction.h:
(JSC::ObjCCallbackFunction::impl):
* API/ObjCCallbackFunction.mm:
(JSC::ObjCCallbackFunction::ObjCCallbackFunction):
(JSC::ObjCCallbackFunction::create):
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* create_hash_table:
* debugger/DebuggerScope.cpp:
(JSC::DebuggerScope::create):
(JSC::DebuggerScope::DebuggerScope):
* debugger/DebuggerScope.h:
(JSC::DebuggerScope::jsScope):
(JSC::DebuggerScope::create): Deleted.
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::set):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::originalArrayStructure):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileNewTypedArray):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStructureRegistrationPhase.cpp:
(JSC::DFG::StructureRegistrationPhase::run):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
* runtime/ClonedArguments.cpp:
(JSC::ClonedArguments::getOwnPropertySlot):
(JSC::ClonedArguments::materializeSpecials):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncToString):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::visitChildren):
(JSC::InternalFunction::name):
(JSC::InternalFunction::calculatedDisplayName):
(JSC::InternalFunction::createSubclassStructure):
* runtime/InternalFunction.h:
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::finishCreation):
(JSC::JSBoundFunction::visitChildren):
* runtime/JSBoundSlotBaseFunction.cpp:
(JSC::JSBoundSlotBaseFunction::create):
* runtime/JSFunction.cpp:
(JSC::retrieveCallerFunction):
(JSC::getThrowTypeErrorGetterSetter):
(JSC::JSFunction::callerGetter):
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::defineOwnProperty):
* runtime/JSGenericTypedArrayViewConstructorInlines.h:
(JSC::constructGenericTypedArrayView):
* runtime/JSGlobalObject.cpp:
(JSC::createProxyProperty):
(JSC::createJSONProperty):
(JSC::createMathProperty):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::stringPrototypeChainIsSane):
(JSC::JSGlobalObject::resetPrototype):
(JSC::JSGlobalObject::visitChildren):
(JSC::JSGlobalObject::toThis):
(JSC::JSGlobalObject::getOwnPropertySlot):
(JSC::JSGlobalObject::createThrowTypeError): Deleted.
(JSC::JSGlobalObject::createThrowTypeErrorArgumentsAndCaller): Deleted.
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::objectConstructor):
(JSC::JSGlobalObject::promiseConstructor):
(JSC::JSGlobalObject::internalPromiseConstructor):
(JSC::JSGlobalObject::evalErrorConstructor):
(JSC::JSGlobalObject::rangeErrorConstructor):
(JSC::JSGlobalObject::referenceErrorConstructor):
(JSC::JSGlobalObject::syntaxErrorConstructor):
(JSC::JSGlobalObject::typeErrorConstructor):
(JSC::JSGlobalObject::URIErrorConstructor):
(JSC::JSGlobalObject::nullGetterFunction):
(JSC::JSGlobalObject::nullSetterFunction):
(JSC::JSGlobalObject::callFunction):
(JSC::JSGlobalObject::applyFunction):
(JSC::JSGlobalObject::definePropertyFunction):
(JSC::JSGlobalObject::arrayProtoValuesFunction):
(JSC::JSGlobalObject::initializePromiseFunction):
(JSC::JSGlobalObject::newPromiseCapabilityFunction):
(JSC::JSGlobalObject::functionProtoHasInstanceSymbolFunction):
(JSC::JSGlobalObject::regExpProtoExecFunction):
(JSC::JSGlobalObject::regExpProtoSymbolReplaceFunction):
(JSC::JSGlobalObject::regExpProtoGlobalGetter):
(JSC::JSGlobalObject::regExpProtoUnicodeGetter):
(JSC::JSGlobalObject::throwTypeErrorGetterSetter):
(JSC::JSGlobalObject::throwTypeErrorArgumentsAndCallerGetterSetter):
(JSC::JSGlobalObject::moduleLoader):
(JSC::JSGlobalObject::objectPrototype):
(JSC::JSGlobalObject::functionPrototype):
(JSC::JSGlobalObject::arrayPrototype):
(JSC::JSGlobalObject::booleanPrototype):
(JSC::JSGlobalObject::stringPrototype):
(JSC::JSGlobalObject::symbolPrototype):
(JSC::JSGlobalObject::numberPrototype):
(JSC::JSGlobalObject::datePrototype):
(JSC::JSGlobalObject::regExpPrototype):
(JSC::JSGlobalObject::errorPrototype):
(JSC::JSGlobalObject::iteratorPrototype):
(JSC::JSGlobalObject::generatorFunctionPrototype):
(JSC::JSGlobalObject::generatorPrototype):
(JSC::JSGlobalObject::debuggerScopeStructure):
(JSC::JSGlobalObject::withScopeStructure):
(JSC::JSGlobalObject::strictEvalActivationStructure):
(JSC::JSGlobalObject::activationStructure):
(JSC::JSGlobalObject::moduleEnvironmentStructure):
(JSC::JSGlobalObject::directArgumentsStructure):
(JSC::JSGlobalObject::scopedArgumentsStructure):
(JSC::JSGlobalObject::clonedArgumentsStructure):
(JSC::JSGlobalObject::isOriginalArrayStructure):
(JSC::JSGlobalObject::booleanObjectStructure):
(JSC::JSGlobalObject::callbackConstructorStructure):
(JSC::JSGlobalObject::callbackFunctionStructure):
(JSC::JSGlobalObject::callbackObjectStructure):
(JSC::JSGlobalObject::propertyNameIteratorStructure):
(JSC::JSGlobalObject::objcCallbackFunctionStructure):
(JSC::JSGlobalObject::objcWrapperObjectStructure):
(JSC::JSGlobalObject::dateStructure):
(JSC::JSGlobalObject::nullPrototypeObjectStructure):
(JSC::JSGlobalObject::errorStructure):
(JSC::JSGlobalObject::calleeStructure):
(JSC::JSGlobalObject::functionStructure):
(JSC::JSGlobalObject::boundFunctionStructure):
(JSC::JSGlobalObject::boundSlotBaseFunctionStructure):
(JSC::JSGlobalObject::getterSetterStructure):
(JSC::JSGlobalObject::nativeStdFunctionStructure):
(JSC::JSGlobalObject::namedFunctionStructure):
(JSC::JSGlobalObject::functionNameOffset):
(JSC::JSGlobalObject::numberObjectStructure):
(JSC::JSGlobalObject::privateNameStructure):
(JSC::JSGlobalObject::mapStructure):
(JSC::JSGlobalObject::regExpStructure):
(JSC::JSGlobalObject::generatorFunctionStructure):
(JSC::JSGlobalObject::setStructure):
(JSC::JSGlobalObject::stringObjectStructure):
(JSC::JSGlobalObject::symbolObjectStructure):
(JSC::JSGlobalObject::iteratorResultObjectStructure):
(JSC::JSGlobalObject::lazyTypedArrayStructure):
(JSC::JSGlobalObject::typedArrayStructure):
(JSC::JSGlobalObject::typedArrayStructureConcurrently):
(JSC::JSGlobalObject::isOriginalTypedArrayStructure):
(JSC::JSGlobalObject::typedArrayConstructor):
(JSC::JSGlobalObject::actualPointerFor):
(JSC::JSGlobalObject::internalFunctionStructure): Deleted.
* runtime/JSNativeStdFunction.cpp:
(JSC::JSNativeStdFunction::create):
* runtime/JSWithScope.cpp:
(JSC::JSWithScope::create):
(JSC::JSWithScope::visitChildren):
(JSC::JSWithScope::createStructure):
(JSC::JSWithScope::JSWithScope):
* runtime/JSWithScope.h:
(JSC::JSWithScope::object):
(JSC::JSWithScope::create): Deleted.
(JSC::JSWithScope::createStructure): Deleted.
(JSC::JSWithScope::JSWithScope): Deleted.
* runtime/LazyClassStructure.cpp: Added.
(JSC::LazyClassStructure::Initializer::Initializer):
(JSC::LazyClassStructure::Initializer::setPrototype):
(JSC::LazyClassStructure::Initializer::setStructure):
(JSC::LazyClassStructure::Initializer::setConstructor):
(JSC::LazyClassStructure::visit):
(JSC::LazyClassStructure::dump):
* runtime/LazyClassStructure.h: Added.
(JSC::LazyClassStructure::LazyClassStructure):
(JSC::LazyClassStructure::get):
(JSC::LazyClassStructure::prototype):
(JSC::LazyClassStructure::constructor):
(JSC::LazyClassStructure::getConcurrently):
(JSC::LazyClassStructure::prototypeConcurrently):
(JSC::LazyClassStructure::constructorConcurrently):
* runtime/LazyClassStructureInlines.h: Added.
(JSC::LazyClassStructure::initLater):
* runtime/LazyProperty.h: Added.
(JSC::LazyProperty::Initializer::Initializer):
(JSC::LazyProperty::LazyProperty):
(JSC::LazyProperty::get):
(JSC::LazyProperty::getConcurrently):
* runtime/LazyPropertyInlines.h: Added.
(JSC::ElementType>::Initializer::set):
(JSC::ElementType>::initLater):
(JSC::ElementType>::setMayBeNull):
(JSC::ElementType>::set):
(JSC::ElementType>::visit):
(JSC::ElementType>::dump):
(JSC::ElementType>::callFunc):
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
* runtime/Lookup.h:
(JSC::HashTableValue::function):
(JSC::HashTableValue::functionLength):
(JSC::HashTableValue::propertyGetter):
(JSC::HashTableValue::propertyPutter):
(JSC::HashTableValue::accessorGetter):
(JSC::HashTableValue::accessorSetter):
(JSC::HashTableValue::constantInteger):
(JSC::HashTableValue::lexerValue):
(JSC::HashTableValue::lazyCellPropertyOffset):
(JSC::HashTableValue::lazyClassStructureOffset):
(JSC::HashTableValue::lazyPropertyCallback):
(JSC::getStaticPropertySlot):
(JSC::getStaticValueSlot):
(JSC::putEntry):
(JSC::reifyStaticProperty):
* runtime/PropertySlot.h:
* runtime/TypedArrayType.h:

Source/WebCore:

Reviewed by Keith Miller.

No new tests because no change in behavior.

This adapts JSHTMLElementCustom.cpp to the new JSWithScope API. Note that this revealed
that this was using a curious choice of global object, which may not be right. I decided
to do a very literal refactoring that exactly preserves what this code got before, but I
added a FIXME to reconsider this later.

* bindings/js/JSHTMLElementCustom.cpp:
(WebCore::JSHTMLElement::pushEventHandlerScope):

Source/WTF:

Reviewed by Keith Miller.

This WTF change is at the heart of a large JSC change. In JSC I found myself wanting to
do this a lot:

    static void callback(Foo& foo) { ... }

    foo.setCallback(callback);

But that's not very nice to write if many different setCallback() calls are inside of the
same very large function: you'll have to have a lot of static function definitions in
one part of the file, and then a bunch of setCallback() calls in another part. It's hard
to reason about what's going on with such code.

So what if you wrote this instead:

    foo.setCallback([] (Foo& foo) { ... });

Much nicer! There is a standard way to do this: lambdas that are stateless are
convertible to function pointers. This change also offers another approach that is a bit
more general.

These additions to WTF help you do it:

isStatelessLambda<Func>(): tells you if Func is a stateless lambda. This uses is_empty to
test if the lambda is stateless. This turns out to be a stronger property than
convertibility to function pointers. For example, a function pointer is convertible to a
function pointer, but it is definitely stateful: you cannot successfully call it if you
only has its type. On the other hand, a stateless lambda is really stateless in the sense
that you only need its type to call it.

callStatelessLambda<ResultType, Func>(Arguments&&...): calls the given stateless lambda.

JSC uses these to build up some sophisticated lazy-initialization APIs. The use of
statelessness allows JSC to combine a lambda with other logic into a single function
pointer.

* wtf/StdLibExtras.h:
(WTF::isStatelessLambda):
(WTF::callStatelessLambda):

LayoutTests:

Reviewed by Mark Lam.

* js/dom/cross-window-put-math-expected.txt: Added.
* js/dom/cross-window-put-math.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200430 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoImprove the grammar of some error messages 'a argument list' => 'an argument list'
commit-queue@webkit.org [Wed, 4 May 2016 21:05:16 +0000 (21:05 +0000)]
Improve the grammar of some error messages 'a argument list' => 'an argument list'
https://bugs.webkit.org/show_bug.cgi?id=157350
<rdar://problem/26082108>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-04
Reviewed by Mark Lam.

LayoutTests/imported/w3c:

* web-platform-tests/html/dom/interfaces-expected.txt:

Source/JavaScriptCore:

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseIfStatement):
(JSC::Parser<LexerType>::parseImportDeclaration):
(JSC::Parser<LexerType>::parseExportDeclaration):
(JSC::Parser<LexerType>::parseObjectLiteral):
(JSC::Parser<LexerType>::parseStrictObjectLiteral):
(JSC::Parser<LexerType>::parseArguments):
Use the alternate error message formatter macro which outputs 'an'
instead of 'a' preceding the last argument.

LayoutTests:

* fast/css/css-selector-text-expected.txt:
* inspector/runtime/parse-expected.txt:
* js/object-literal-computed-methods-expected.txt:
* js/object-literal-methods-expected.txt:
* sputnik/Conformance/07_Lexical_Conventions/7.5_Tokens/7.5.2_Keywords/S7.5.2_A1.12-expected.txt:
* sputnik/Conformance/12_Statement/12.5_The_if_Statement/S12.5_A6_T1-expected.txt:
* sputnik/Conformance/12_Statement/12.5_The_if_Statement/S12.5_A6_T2-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200429 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCorrections to r200422
keith_miller@apple.com [Wed, 4 May 2016 20:49:26 +0000 (20:49 +0000)]
Corrections to r200422
https://bugs.webkit.org/show_bug.cgi?id=157351

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

Fix some typos in various files. Also, make separate error messages
for the this value being undefined vs null in the ArrayIteratorprototype
next function and add test.

* Scripts/builtins/builtins_model.py:
* builtins/ArrayIteratorPrototype.js:
(next):
(arrayIteratorValueNext):
(arrayIteratorKeyNext):
(arrayIteratorKeyValueNext):
* builtins/ArrayPrototype.js:
(keys):
(entries):
* builtins/TypedArrayPrototype.js:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init): Deleted.
* tests/stress/array-iterators-next-error-messages.js: Added.
(assert):
(catch):

LayoutTests:

Test case had some code changed that was not intended.

* js/regress/script-tests/deltablue-for-of.js:
(deltaBlue):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200428 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[css-grid] Refactor information stored related to column positions
rego@igalia.com [Wed, 4 May 2016 20:32:06 +0000 (20:32 +0000)]
[css-grid] Refactor information stored related to column positions
https://bugs.webkit.org/show_bug.cgi?id=157342

Reviewed by Darin Adler.

In m_columnPositions we were storing position of each column
including the alignment offset, always from the logical left,
and the border and padding, depending on the direction.

This was really confusing as in the case of RTL direction
we were adding the offset from the left and
the right border and padding.

This patches changes it to store always the info from the left,
so even in RTL direction we use the left border and padding.

This allows us to simplify translateRTLCoordinate() as
it doesn't need to care about border and padding anymore.
And also to refactor offsetAndBreadthForPositionedChild()
which became really complex after adding RTL support.

No new tests, no change of behavior.

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
(WebCore::RenderGrid::populateGridPositions):
(WebCore::RenderGrid::translateRTLCoordinate):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200427 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, reland r200149 since the rollout had inconclusive PLT AB testing results.
keith_miller@apple.com [Wed, 4 May 2016 20:15:26 +0000 (20:15 +0000)]
Unreviewed, reland r200149 since the rollout had inconclusive PLT AB testing results.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200426 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: GC Root Path sometimes does not go up to Window
commit-queue@webkit.org [Wed, 4 May 2016 20:00:21 +0000 (20:00 +0000)]
Web Inspector: GC Root Path sometimes does not go up to Window
https://bugs.webkit.org/show_bug.cgi?id=156768
<rdar://problem/25816131>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-04
Reviewed by Geoffrey Garen.

Source/WebInspectorUI:

* UserInterface/Proxies/HeapSnapshotNodeProxy.js:
(WebInspector.HeapSnapshotNodeProxy.prototype.retainers):
Include paths for debugging.

* UserInterface/Workers/HeapSnapshot/HeapSnapshot.js:
(HeapSnapshot.prototype.shortestGCRootPath):
(HeapSnapshot.prototype._isNodeGlobalObject):
Prefer the shortest GC Root Path that contains a known
global object, otherwise fallback to the shortest.

(HeapSnapshot.prototype.retainers):
Include paths for debugging.

LayoutTests:

* inspector/unit-tests/heap-snapshot-expected.txt:
* inspector/unit-tests/heap-snapshot.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200425 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRebaseline inspector/model/remote-object.html after r200422
ryanhaddad@apple.com [Wed, 4 May 2016 19:51:16 +0000 (19:51 +0000)]
Rebaseline inspector/model/remote-object.html after r200422

Unreviewed test gardening.

* platform/mac/inspector/model/remote-object-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200424 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoES6 Function.name inferred from property names of literal objects can break some...
mark.lam@apple.com [Wed, 4 May 2016 19:23:41 +0000 (19:23 +0000)]
ES6 Function.name inferred from property names of literal objects can break some websites.
https://bugs.webkit.org/show_bug.cgi?id=157246

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Specifically, the library mathjs (see http://mathjs.org and https://github.com/josdejong/mathjs)
uses an idiom where it created literal objects with property names that look like
this: 'number | BigNumber | Unit'.  Later, this name is used in a string to create
function source code that gets eval'ed.  Since 'number | BigNumber | Unit' is not
a valid function name, we get a syntax error.

Here are the details:

1. mathjs uses object literals with the funky property names for its function members.
   For example,

      // helper function to type check the middle value of the array
      var middle = typed({
        'number | BigNumber | Unit': function (value) {
          return value;
        }
      });

2. mathjs' getName() uses Function.name to get the name of functions (hence, picks
   up the property name as inferred value of Function.name as specified by ES6):

        /**
         * Retrieve the function name from a set of functions, and check
         * whether the name of all functions match (if given)
         ...
         */
        function getName (fns) {
          var name = '';

          for (var i = 0; i < fns.length; i++) {
            var fn = fns[i];
            ...
                name = fn.name;
            ...
          return name;
        }

3. mathjs uses that name to assembler new function source code that gets eval'ed:

        /**
         * Compose a function from sub-functions each handling a single type signature.
         ...
         */
        function _typed(name, signatures) {
          ...
          // generate code for the typed function
          var code = [];
          var _name = name || '';
          ...
          code.push('function ' + _name + '(' + _args.join(', ') + ') {');
          code.push('  "use strict";');
          code.push('  var name = \'' + _name + '\';');
          code.push(node.toCode(refs, '  '));
          code.push('}');

          // generate body for the factory function
          var body = [
            refs.toCode(),
            'return ' + code.join('\n')
          ].join('\n');

          // evaluate the JavaScript code and attach function references
          var factory = (new Function(refs.name, 'createError', body));  // <== Syntax Error here!
          var fn = factory(refs, createError);
          ...
          return fn;
        }

Until mathjs (and any other frameworks that does similar things) and sites that
uses mathjs has been updated to work with ES6, we'll need a compatibility hack to
work around it.

Here's what we'll do:
1. Introduce a needsSiteSpecificQuirks flag in JSGlobalObject.
2. Have WebCore's JSDOMWindowBase set that flag if the browser's
   needsSiteSpecificQuirks is enabled in its settings.
3. If needsSiteSpecificQuirks is enabled, have JSFunction::reifyName() check for
   ' ' or '|' in the name string it will use to reify the Function.name property.
   If those characters exists in the name, we'll replace the name string with a
   null string.

* runtime/JSFunction.cpp:
(JSC::JSFunction::reifyName):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::needsSiteSpecificQuirks):
(JSC::JSGlobalObject::GlobalPropertyInfo::GlobalPropertyInfo):
(JSC::JSGlobalObject::setNeedsSiteSpecificQuirks):

Source/WebCore:

Test: js/dom/regress-157246.html

* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::finishCreation):
- Set the needsSiteSpecificQuirks flag in the JSGlobalObject if needed.

Tools:

* WebKitTestRunner/TestController.cpp:
(WTR::TestController::resetPreferencesToConsistentValues):
(WTR::updateTestOptionsFromTestHeader):
* WebKitTestRunner/TestOptions.h:

* WebKitTestRunner/ios/PlatformWebViewIOS.mm:
(WTR::PlatformWebView::viewSupportsOptions):
* WebKitTestRunner/mac/PlatformWebViewMac.mm:
(WTR::PlatformWebView::viewSupportsOptions):
- Add needsSiteSpecificQuirks to WKTR options that can be set.

LayoutTests:

* js/dom/regress-157246-expected.txt: Added.
* js/dom/regress-157246.html: Added.
* js/dom/script-tests/regress-157246.js: Added.

* platform/ios-simulator-wk1/TestExpectations:
* platform/mac-wk1/TestExpectations:
- Skip js/dom/regress-157246.html for wk1 because it relies on a WKTR feature to
  enable the needsSiteSpecificQuirks settings before running the test.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200423 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSpeedup array iterators
keith_miller@apple.com [Wed, 4 May 2016 17:59:10 +0000 (17:59 +0000)]
Speedup array iterators
https://bugs.webkit.org/show_bug.cgi?id=157315

Reviewed by Michael Saboff.

Source/JavaScriptCore:

This patch improves the performance of Array iterators in ES6. There are two main changes
that make things faster. The first is that the value, keys and entries functions have been
moved to JS. This enables us to inline the construction of the iterator. Thus, when we get
to the FTL we are able to sink the allocation of the iterator object. This significantly
improves the performance of any for-of loop since we are now able to have both the iteration
counter and the iterated object in local variables rather than in the heap.

Secondly, instead of using a number to store the iteratation kind we now use a virtual
method on the iteration object to indicate which next function to use. This ends up being
helpful because it means we can eliminate the branches in the old next function that decide
what value to return. With those branches gone the various next functions are now small
enough to inline. Once the next functions are inlined then the FTL is able to sink the
allocation of next() result object. There is still room for optimization in the loop since
we currently don't recognize that the array access in the next function is in bounds or that
the increment to the loop counter cannot overflow.

The overall performance changes appear to be a ~4-6x speedup in a simple microbenchmark that
computes the sum of an array with some extra arithmetic. The variance depends on the exact
body of the loop. Additionally, on a new regress test that changes all the loops in
deltablue into for-of loops this patch is a 1.8x progression. Overall, it still looks like
for-of loops are significantly slower than an indexed for loop. In the first test it's ~2-4x
slower with the difference depending on the body of the loop. If the loop is just the sum
then we see a much larger regression than if the loop does even simple arithmetic. It looks
like the indexed for loop without extra arithmetic is small enough to fit into the x86
replay buffer on my machine, which would explain why there is such a big difference between
the for of loop in that case. On the deltablue benchmark it's 1.4x slower. It's clear from
these numbers that there is still a lot of work we can do to make for of loops faster.

This patch also makes some changes to the way that we decorate our builtin js
functions. Instead of the old syntax (putting the decorated values in [] before the function
declaration i.e. [intrinsic=foo]) this patch changes the syntax to be closer to the way that
decorators are proposed in a future ECMAScript proposal (using @ followed by the entry on a
new line before the function declaration i.e. @intrinsic=foo).

Finally, in the builtin scripts regular expressions re.S has been changed to re.DOTALL since
DOTALL is easier to understand without going to the reference page for python regular
expressions.

* Scripts/builtins/builtins_model.py:
* builtins/ArrayIteratorPrototype.js:
(next):
(arrayIteratorValueNext):
(arrayIteratorKeyNext):
(arrayIteratorKeyValueNext):
* builtins/ArrayPrototype.js:
(createArrayIterator):
(values):
(keys):
(entries):
* builtins/RegExpPrototype.js:
(intrinsic.RegExpTestIntrinsic.test):
* builtins/StringPrototype.js:
(intrinsic.StringPrototypeReplaceIntrinsic.replace):
* builtins/TypedArrayPrototype.js:
(values):
(keys):
(entries):
* inspector/JSInjectedScriptHost.cpp:
(Inspector::cloneArrayIteratorObject):
(Inspector::JSInjectedScriptHost::iteratorEntries):
* jit/ThunkGenerators.cpp:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::finishCreation):
(JSC::arrayProtoFuncValues): Deleted.
(JSC::arrayProtoFuncEntries): Deleted.
(JSC::arrayProtoFuncKeys): Deleted.
* runtime/CommonIdentifiers.h:
* runtime/JSArrayIterator.cpp:
(JSC::JSArrayIterator::clone): Deleted.
* runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::genericTypedArrayViewProtoFuncEntries): Deleted.
(JSC::genericTypedArrayViewProtoFuncKeys): Deleted.
(JSC::typedArrayViewProtoFuncValues): Deleted.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/JSGlobalObject.h:
* runtime/JSTypedArrayViewPrototype.cpp:
(JSC::JSTypedArrayViewPrototype::finishCreation):
(JSC::typedArrayViewProtoFuncEntries): Deleted.
(JSC::typedArrayViewProtoFuncKeys): Deleted.
(JSC::typedArrayViewProtoFuncValues): Deleted.
* runtime/MapPrototype.cpp:
(JSC::MapPrototype::finishCreation):
* runtime/SetPrototype.cpp:
(JSC::SetPrototype::finishCreation):

LayoutTests:

Add a new regression test for for-of iterators in ES6. The test is a
modification of the deltablue benchmark that converts all the
loops on Arrays into for-of loops.

* js/regress/deltablue-for-of-expected.txt: Added.
* js/regress/deltablue-for-of.html: Added.
* js/regress/script-tests/deltablue-for-of.js: Added.
(Object.prototype.inheritsFrom):
(OrderedCollection):
(OrderedCollection.prototype.add):
(OrderedCollection.prototype.at):
(OrderedCollection.prototype.size):
(OrderedCollection.prototype.removeFirst):
(OrderedCollection.prototype.remove):
(Strength):
(Strength.stronger):
(Strength.weaker):
(Strength.weakestOf):
(Strength.strongest):
(Strength.prototype.nextWeaker):
(Constraint):
(Constraint.prototype.addConstraint):
(Constraint.prototype.satisfy):
(Constraint.prototype.destroyConstraint):
(Constraint.prototype.isInput):
(UnaryConstraint):
(UnaryConstraint.prototype.addToGraph):
(UnaryConstraint.prototype.chooseMethod):
(UnaryConstraint.prototype.isSatisfied):
(UnaryConstraint.prototype.markInputs):
(UnaryConstraint.prototype.output):
(UnaryConstraint.prototype.recalculate):
(UnaryConstraint.prototype.markUnsatisfied):
(UnaryConstraint.prototype.inputsKnown):
(UnaryConstraint.prototype.removeFromGraph):
(StayConstraint):
(StayConstraint.prototype.execute):
(EditConstraint.prototype.isInput):
(EditConstraint.prototype.execute):
(BinaryConstraint):
(BinaryConstraint.prototype.chooseMethod):
(BinaryConstraint.prototype.addToGraph):
(BinaryConstraint.prototype.isSatisfied):
(BinaryConstraint.prototype.markInputs):
(BinaryConstraint.prototype.input):
(BinaryConstraint.prototype.output):
(BinaryConstraint.prototype.recalculate):
(BinaryConstraint.prototype.markUnsatisfied):
(BinaryConstraint.prototype.inputsKnown):
(BinaryConstraint.prototype.removeFromGraph):
(ScaleConstraint):
(ScaleConstraint.prototype.addToGraph):
(ScaleConstraint.prototype.removeFromGraph):
(ScaleConstraint.prototype.markInputs):
(ScaleConstraint.prototype.execute):
(ScaleConstraint.prototype.recalculate):
(EqualityConstraint):
(EqualityConstraint.prototype.execute):
(Variable):
(Variable.prototype.addConstraint):
(Variable.prototype.removeConstraint):
(Planner):
(Planner.prototype.incrementalAdd):
(Planner.prototype.incrementalRemove):
(Planner.prototype.newMark):
(Planner.prototype.makePlan):
(Planner.prototype.extractPlanFromConstraints):
(Planner.prototype.addPropagate):
(Planner.prototype.removePropagateFrom):
(Planner.prototype.addConstraintsConsumingTo):
(Plan):
(Plan.prototype.addConstraint):
(Plan.prototype.size):
(Plan.prototype.constraintAt):
(Plan.prototype.execute):
(chainTest):
(projectionTest):
(change):
(deltaBlue):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200422 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] Object constructor need to be aware of new.target
utatane.tea@gmail.com [Wed, 4 May 2016 17:40:46 +0000 (17:40 +0000)]
[JSC] Object constructor need to be aware of new.target
https://bugs.webkit.org/show_bug.cgi?id=157196

Reviewed by Darin Adler.

Object constructor should be aware of new.target.
When the new.target is specified, we should store it.prototype to the newly created
object's [[Prototype]].

* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):
Take the design that caches the structure used for empty object.
This structure is also used in constructEmptyObject frequently.

* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::objectStructureForObjectConstructor):
* runtime/ObjectConstructor.cpp:
(JSC::constructObject):
(JSC::constructWithObjectConstructor):
(JSC::callObjectConstructor):
* runtime/ObjectConstructor.h:
(JSC::constructEmptyObject):
Construct the object by using the plain structure that is also used in the ObjectConstructor.

* tests/stress/object-constructor-should-be-new-target-aware.js: Added.
(shouldBe):
(Hello):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200421 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Use NeverDestroyed template.
peavo@outlook.com [Wed, 4 May 2016 17:20:31 +0000 (17:20 +0000)]
[Win] Use NeverDestroyed template.
https://bugs.webkit.org/show_bug.cgi?id=157345

Reviewed by Darin Adler.

* wtf/ThreadingWin.cpp:
(WTF::threadMapMutex):
(WTF::threadMap):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200420 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking imported/w3c/web-platform-tests/html/dom/interfaces.html as failing on ios...
ryanhaddad@apple.com [Wed, 4 May 2016 16:35:28 +0000 (16:35 +0000)]
Marking imported/w3c/web-platform-tests/html/dom/interfaces.html as failing on ios-simulator release builds
https://bugs.webkit.org/show_bug.cgi?id=157344

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200419 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove failure expectation for imported/w3c/web-platform-tests/html/dom/interfaces...
ryanhaddad@apple.com [Wed, 4 May 2016 16:21:43 +0000 (16:21 +0000)]
Remove failure expectation for imported/w3c/web-platform-tests/html/dom/interfaces.html on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=157344

Unreviewed test gardening.

This failure expectation was overriding the global skip on debug builds.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200418 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDeduplicated initializer lists of BitmapImage constructors.
annulen@yandex.ru [Wed, 4 May 2016 16:20:02 +0000 (16:20 +0000)]
Deduplicated initializer lists of BitmapImage constructors.
https://bugs.webkit.org/show_bug.cgi?id=157249

Reviewed by Darin Adler.

No new tests needed.

* platform/graphics/BitmapImage.cpp:
(WebCore::BitmapImage::BitmapImage): Added new private constructor of
BitmapImage for delegation purpose only.
* platform/graphics/BitmapImage.h: Use inline initialization for some
BitmapImage fields.
* platform/graphics/cairo/BitmapImageCairo.cpp:
(WebCore::BitmapImage::BitmapImage): Delegate field initialization to
new private constructor.
* platform/graphics/cg/BitmapImageCG.cpp:
(WebCore::BitmapImage::BitmapImage): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200417 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r200383 and r200406.
cdumez@apple.com [Wed, 4 May 2016 15:48:16 +0000 (15:48 +0000)]
Unreviewed, rolling out r200383 and r200406.

Seems to have caused crashes on iOS / ARMv7s

Reverted changesets:

"Speed up JSGlobalObject initialization by making some
properties lazy"
https://bugs.webkit.org/show_bug.cgi?id=157045
http://trac.webkit.org/changeset/200383

"REGRESSION(r200383): Setting lazily initialized properties
across frame boundaries crashes"
https://bugs.webkit.org/show_bug.cgi?id=157333
http://trac.webkit.org/changeset/200406

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200416 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAX: ARIA 'region' role is now a landmark; HTML 'section' element should be a landmark...
jdiggs@igalia.com [Wed, 4 May 2016 12:54:59 +0000 (12:54 +0000)]
AX: ARIA 'region' role is now a landmark; HTML 'section' element should be a landmark only if named
https://bugs.webkit.org/show_bug.cgi?id=157331

Reviewed by Chris Fleizach.

Source/WebCore:

The 'region' role is now mapped as a landmark: The WebCore DocumentRegionRole
AccessibilityRole has been renamed to LandmarkRegionRole. The AXDocumentRegion
subrole has been renamed to AXLandmarkRegion. A 'section' element is mapped to
the LandmarkRegionRole if it has an author-provided accessible name via either
the aria-label or aria-labelledby attribute. Otherwise, it is mapped as GroupRole
with no subrole.

Our existing test coverage for exposure of the 'region' role and the 'section'
element is sufficient. These tests were updated to reflect the new behavior.
Several new test cases were added to cover both sections with accessible names
and those without.

* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::accessibleNameDerivesFromContent):
(WebCore::AccessibilityObject::isLandmark):
(WebCore::initializeRoleMap):
* accessibility/AccessibilityObject.h:
* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored):
(WebCore::AccessibilityRenderObject::determineAccessibilityRole):
* accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
(atkRole):
* accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
(-[WebAccessibilityObjectWrapper _accessibilityIsLandmarkRole:]):
(-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):
* accessibility/mac/WebAccessibilityObjectWrapperBase.mm:
(-[WebAccessibilityObjectWrapperBase ariaLandmarkRoleDescription]):
* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(createAccessibilityRoleMap):
(-[WebAccessibilityObjectWrapper subrole]):
* platform/LocalizedStrings.cpp:
(WebCore::AXARIAContentGroupText):

Source/WebKit/win:

As part of this change, the WebCore DocumentRegionRole AccessibilityRole has
been renamed to LandmarkRegionRole. Update MSAARole() to use the new name.

* AccessibleBase.cpp:
(MSAARole):

Tools:

Add AXLandmarkRegion to the landmark strings handled by roleToString
for objects with ATK_ROLE_LANDMARK.

* WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:

LayoutTests:

Our existing test coverage for exposure of the 'region' role and the 'section'
element is sufficient. These tests were updated to reflect the new behavior.
Several new test cases were added to cover both sections with accessible names
and those without.

* accessibility/gtk/xml-roles-exposed-expected.txt: Updated.
* accessibility/mac/aria-grouping-roles-expected.txt: Updated.
* accessibility/mac/aria-grouping-roles.html: Updated.
* accessibility/mac/html-section-elements-expected.txt: Updated.
* accessibility/mac/html-section-elements.html: Updated.
* accessibility/mac/landmark-not-ignored-expected.txt: Updated.
* accessibility/mac/landmark-not-ignored.html: Updated.
* accessibility/roles-computedRoleString-expected.txt: Updated.
* accessibility/roles-computedRoleString.html: New test cases added.
* accessibility/roles-exposed.html: New test cases added.
* platform/efl/accessibility/roles-exposed-expected.txt: Updated.
* platform/gtk/accessibility/roles-computedRoleString-expected.txt: Updated.
* platform/gtk/accessibility/roles-exposed-expected.txt: Updated.
* platform/mac-mavericks/accessibility/roles-exposed-expected.txt: Updated.
* platform/mac/accessibility/roles-exposed-expected.txt: Updated.
* platform/win/accessibility/roles-exposed-expected.txt: Updated.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200415 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoClicks inside button elements are sometimes discarded when the mouse moves
youenn.fablet@crf.canon.fr [Wed, 4 May 2016 12:51:28 +0000 (12:51 +0000)]
Clicks inside button elements are sometimes discarded when the mouse moves
https://bugs.webkit.org/show_bug.cgi?id=39620

Reviewed by Darin Adler.

Source/WebCore:

Test: fast/events/click-over-descendant-elements.html

* dom/Node.cpp:
(WebCore::ancestor):
(WebCore::commonAncestor): Method inspired from
http://src.chromium.org/viewvc/blink?view=revision&revision=162081.
(WebCore::commonAncestorCrossingShadowBoundary): Helper routine
that handles the case of nodes into a shadow node.
* dom/Node.h:
* page/EventHandler.cpp:
(WebCore::EventHandler::handleMouseReleaseEvent): Selecting click event
target node according commonAncestorOverShadowBoundary method.
(WebCore::EventHandler::targetNodeForClickEvent): Deleted.

LayoutTests:

Test coming from http://src.chromium.org/viewvc/blink?view=revision&revision=162081.
Modified to ensure click events do not end up being considered as double click events.

* fast/events/click-over-descendant-elements-expected.txt: Added.
* fast/events/click-over-descendant-elements.html: Added.
* platform/ios-simulator/TestExpectations: Marked new test as failing.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200414 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, fixing crashing GTK+ tests after r200407.
zandobersek@gmail.com [Wed, 4 May 2016 10:26:29 +0000 (10:26 +0000)]
Unreviewed, fixing crashing GTK+ tests after r200407.

* platform/graphics/texmap/TextureMapperGL.cpp:
(WebCore::TextureMapperGLData::SharedGLData::~SharedGLData):
Don't use RELEASE_ASSERT. Also fix the actual assertion,
checking that any of the values in the map matches the object
that's being destroyed, instead of checking the keys.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200413 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd WKPreference for SelectionPaintingWithoutSelectionGaps
gyuyoung.kim@webkit.org [Wed, 4 May 2016 08:39:07 +0000 (08:39 +0000)]
Add WKPreference for SelectionPaintingWithoutSelectionGaps
https://bugs.webkit.org/show_bug.cgi?id=156900

Reviewed by Michael Catanzaro.

Unlike other browsers WebKit has been drawing selection gaps
between render blocks during the text selection. This often
cause text selection screen looks messy.

This patch adds a setting method to disable the functionality,
and EFL port disables it by default.

Source/WebCore:

* page/Settings.in:
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::shouldPaintSelectionGaps):

Source/WebKit2:

* Shared/WebPreferencesDefinitions.h:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetSelectionPaintingWithoutSelectionGapsEnabled):
(WKPreferencesGetSelectionPaintingWithoutSelectionGapsEnabled):
* UIProcess/API/C/WKPreferencesRefPrivate.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200412 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRename JSKeyValueIterator as JSDOMIterator
youenn.fablet@crf.canon.fr [Wed, 4 May 2016 08:22:18 +0000 (08:22 +0000)]
Rename JSKeyValueIterator as JSDOMIterator
https://bugs.webkit.org/show_bug.cgi?id=157308

Reviewed by Darin Adler.

No change of behavior.

* bindings/js/JSDOMIterator.h: Renamed from Source/WebCore/bindings/js/JSKeyValueIterator.h.
(WebCore::JSDOMIteratorPrototype::create):
(WebCore::JSDOMIteratorPrototype::createStructure):
(WebCore::JSDOMIteratorPrototype::JSDOMIteratorPrototype):
(WebCore::createKeyValueIterator):
(WebCore::keyValueIteratorForEach):
(WebCore::JSDOMIterator<JSWrapper>::destroy):
(WebCore::JSDOMIterator<JSWrapper>::next):
(WebCore::JSDOMIteratorPrototype<JSWrapper>::next):
(WebCore::JSDOMIteratorPrototype<JSWrapper>::finishCreation):
* bindings/js/JSFontFaceSetCustom.cpp:
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementationIterableFunctions):
* bindings/scripts/test/JS/JSTestObj.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200411 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCrashTracer: [USER] com.apple.WebKit.WebContent at …ple.WebCore: WebCore::EditCommand...
jiewen_tan@apple.com [Wed, 4 May 2016 07:44:40 +0000 (07:44 +0000)]
CrashTracer: [USER] com.apple.WebKit.WebContent at …ple.WebCore: WebCore::EditCommandComposition::unapply + 105
https://bugs.webkit.org/show_bug.cgi?id=157282
<rdar://problem/25391441>

Reviewed by Darin Adler.

A frame could be destroyed in the middle of executing undo/redo command.
Therefore, add an early return.

* editing/CompositeEditCommand.cpp:
(WebCore::EditCommandComposition::unapply):
(WebCore::EditCommandComposition::reapply):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200410 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAssertion failure for super() call in direct eval in method function
utatane.tea@gmail.com [Wed, 4 May 2016 07:43:17 +0000 (07:43 +0000)]
Assertion failure for super() call in direct eval in method function
https://bugs.webkit.org/show_bug.cgi?id=157091

Reviewed by Darin Adler.

While we ensure that direct super is under the correct context,
we don't check it for the eval code. This patch moves the check from the end of parsing the function
to the places where we found the direct super or the super bindings. This covers the direct eval that
contains the direct super calls.

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseGeneratorFunctionSourceElements):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseMemberExpression):
* parser/Parser.h:
(JSC::Scope::hasDirectSuper):
(JSC::Scope::setHasDirectSuper):
(JSC::Scope::needsSuperBinding):
(JSC::Scope::setNeedsSuperBinding):
(JSC::Parser::closestParentOrdinaryFunctionNonLexicalScope):
* tests/stress/eval-and-super.js: Added.
(shouldBe):
(shouldThrow):
(prototype.m):
(prototype.n):
* tests/stress/generator-and-super.js: Added.
(testSyntaxError):
(testSyntaxError.Base.prototype.hello):
(testSyntaxError.Base.prototype.ok):
(testSyntaxError.Base):
(Hello.prototype.gen):
(Hello):
(testSyntaxError.hello):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200409 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[CoordGraphics] CompositingCoordinator should hande root compositing and view overlay...
zandobersek@gmail.com [Wed, 4 May 2016 07:39:23 +0000 (07:39 +0000)]
[CoordGraphics] CompositingCoordinator should hande root compositing and view overlay layers separately
https://bugs.webkit.org/show_bug.cgi?id=157305

Reviewed by Carlos Garcia Campos.

Source/WebCore:

Split out handling of the root compositing and the view overlay layers
into two separate methods. Both do nothing if the passed-in layer is
the same as the current one. Otherwise, the current one is removed
from the tree and the new one added to it.

No change in behavior is expected.

* platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
(WebCore::CompositingCoordinator::setRootCompositingLayer):
(WebCore::CompositingCoordinator::setViewOverlayRootLayer):
* platform/graphics/texmap/coordinated/CompositingCoordinator.h:

Source/WebKit2:

Update CoordinatedLayerTreeHost and ThreadCoordinatedLayerTreeHost to
correctly use setRootCompositingLayer() and setViewOverlayRootLayer()
methods on the CompositingCoordinator object.

CoordinatedLayerTreeHost doesn't have to keep a pointer to the root
compositing layer anymore. updateRootLayers() can be removed.

ThreadCoordinatedLayerTreeHost doen't have to keep a pointer to both
the root compositing and the view overlay layers anymore. Similarly,
updateRootLayers() can be removed.

* WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:
(WebKit::CoordinatedLayerTreeHost::setViewOverlayRootLayer):
(WebKit::CoordinatedLayerTreeHost::setRootCompositingLayer):
(WebKit::CoordinatedLayerTreeHost::CoordinatedLayerTreeHost): Deleted.
(WebKit::CoordinatedLayerTreeHost::updateRootLayers): Deleted.
* WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.h:
* WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.cpp:
(WebKit::ThreadedCoordinatedLayerTreeHost::setRootCompositingLayer):
(WebKit::ThreadedCoordinatedLayerTreeHost::setViewOverlayRootLayer):
(WebKit::ThreadedCoordinatedLayerTreeHost::ThreadedCoordinatedLayerTreeHost): Deleted.
(WebKit::ThreadedCoordinatedLayerTreeHost::updateRootLayers): Deleted.
* WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200408 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[TexMap] Clean up TextureMapperGLData, TextureMapperGLData::SharedGLData
zandobersek@gmail.com [Wed, 4 May 2016 07:36:17 +0000 (07:36 +0000)]
[TexMap] Clean up TextureMapperGLData, TextureMapperGLData::SharedGLData
https://bugs.webkit.org/show_bug.cgi?id=157303

Reviewed by Carlos Garcia Campos.

Torch the TextureMapperGLData and TextureMapperGLData::SharedGLData
classes into a better form.

SharedGLData is now private to the TextureMapperGLData class, but
lists that class as a friend. This enables moving the getShaderProgram()
method to TextureMapperGLData and removes the need to expose the
SharedGLData publicly. SharedGLData also doesn't have to keep a
reference to the GraphicsContext3D object.

TextureMapperGLData now default-initializes the publicly accessible
member variables while making some other members private, not exposing
anything that isn't necessary.

Usual whitespace cleanup included. More elegant HashMap::ensure()
insertions are used where they don't obfuscate object creation.

No new tests -- no change in behavior.

* platform/graphics/texmap/TextureMapperGL.cpp:
(WebCore::TextureMapperGLData::SharedGLData::currentSharedGLData):
(WebCore::TextureMapperGLData::SharedGLData::~SharedGLData):
(WebCore::TextureMapperGLData::SharedGLData::contextDataMap):
(WebCore::TextureMapperGLData::SharedGLData::SharedGLData):
(WebCore::TextureMapperGLData::TextureMapperGLData):
(WebCore::TextureMapperGLData::~TextureMapperGLData):
(WebCore::TextureMapperGLData::initializeStencil):
(WebCore::TextureMapperGLData::getStaticVBO):
(WebCore::TextureMapperGLData::getShaderProgram):
(WebCore::TextureMapperGL::TextureMapperGL):
(WebCore::TextureMapperGL::drawBorder):
(WebCore::TextureMapperGL::drawTexture):
(WebCore::TextureMapperGL::drawSolidColor):
(WebCore::TextureMapperGL::drawFiltered):
(WebCore::TextureMapperGL::beginClip):
(WebCore::TextureMapperGLData::SharedGLData::glContextDataMap): Deleted.
(WebCore::TextureMapperGLData::SharedGLData::getShaderProgram): Deleted.
(WebCore::TextureMapperGLData::sharedGLData): Deleted.
* platform/graphics/texmap/TextureMapperGL.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200407 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r200383): Setting lazily initialized properties across frame boundaries...
fpizlo@apple.com [Wed, 4 May 2016 05:01:08 +0000 (05:01 +0000)]
REGRESSION(r200383): Setting lazily initialized properties across frame boundaries crashes
https://bugs.webkit.org/show_bug.cgi?id=157333

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

I forgot to add logic for lazy properties in putEntry(). It turns out that it's easy to
add.

* runtime/Lookup.h:
(JSC::putEntry):
* runtime/PropertySlot.h:

LayoutTests:

This is JoePeck's original test case. It used to crash and now it doesn't crash anymore.

* js/dom/cross-window-put-math-expected.txt: Added.
* js/dom/cross-window-put-math.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200406 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoReferences from code to Structures should be stronger than weak
fpizlo@apple.com [Wed, 4 May 2016 02:23:28 +0000 (02:23 +0000)]
References from code to Structures should be stronger than weak
https://bugs.webkit.org/show_bug.cgi?id=157324

Reviewed by Mark Lam.

If code refers to a Structure and the Structure dies, then previously we'd kill the code.
This makes sense because the Structure could be the only thing left referring to some global
object or prototype.

But this also causes unnecessary churn. Sometimes there will be a structure that we just
haven't really done anything with recently and so it appears dead. The approach we use
elsewhere in our type inference is that the type that the code uses is general enough to
handle every past execution. Having the GC clear code when some Structure it uses dies means
that we forget that the code used that Structure. We'll either assume that the code is more
monomorphic than it really is (because after GC we patch in some other structure but not the
deleted one, so it looks like we only ever saw the new structure), or we'll assume that it's
crazier than it really is (because we'll remember that there had been some structure that
caused deletion, so we'll assume that deletions might happen in the future, so we'll use a
fully dynamic IC).

This change introduces a more nuanced policy: if it's cheap to mark a dead Structure then we
should mark it just so that all of the code that refers to it remembers that there had been
this exact Structure in the past. If the code often goes through different Structures then
we already have great mechanisms to realize that the code is nutty (namely, the
PolymorphicAccess size limit). But if the code just does this a handful of times then
remembering this old Structure is probably net good:

- It obeys the "handle all past executions" law.
- It preserves the history of the property access, allowing a precise measure of its past
  polymorphism.
- It makes the code ready to run fast if the user decides to use that Structure again.
  Marking the Structure means it will stay in whatever property transition tables it was in,
  so if the program does the same thing it did in the past, it will get this old Structure.

It looks like this is a progression in gbemu and it makes gbemu perform more
deterministically. Also, it seems that this makes JetStream run faster.

Over five in-browser runs of JetStream, here's what we see before and after:

Geometric Mean:
    Before              After
    229.23 +- 8.2523    230.70 +- 12.888
    232.91 +- 15.638    239.04 +- 13.766
    234.79 +- 12.760    236.32 +- 15.562
    236.20 +- 23.125    242.02 +- 3.3865
    237.22 +- 2.1929    237.23 +- 17.664

Just gbemu:
    Before              After
    541.0 +- 135.8      481.7 +- 143.4
    518.9 +- 15.65      508.1 +- 136.3
    362.5 +- 0.8884     489.7 +- 101.4
    470.7 +- 313.3      530.7 +- 11.49
    418.7 +- 180.6      537.2 +- 6.514

Notice that there is plenty of noise before and after, but the noise is now far less severe.
After this change I did not see any runs like "470.7 +- 313.3" where the size of the
confidence interval (313.3 * 2) is greater than the score (470.7). Also, notice that the
least noisy run before the change also got a lower score than we ever observed after the
change (36.5 +- 0.8884). The noise, and these occasional very low scores, are due to a
pathology where the GC would reset some stubs at an unfortunate time during profiling,
causing the optimizing compiler to make many poor decisions. That pathology doesn't exist
anymore.

On the other hand, prior to this change it was possible for gbemu to sometimes run sooooper
fast because the GC would cause the profiler to forget gbemu's behavior on the first tick
and focus only on its behavior in subsequent ticks. So, in steady state, we'd optimize gbemu
for its later behavior rather than a combination of its early behavior and later behavior.
We rarely got lucky this way, so it's not fair to view this quirk as a feature.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::propagateTransitions):
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::visitWeak):
(JSC::AccessCase::propagateTransitions):
(JSC::AccessCase::generateWithGuard):
(JSC::PolymorphicAccess::visitWeak):
(JSC::PolymorphicAccess::propagateTransitions):
(JSC::PolymorphicAccess::dump):
* bytecode/PolymorphicAccess.h:
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::visitWeakReferences):
(JSC::StructureStubInfo::propagateTransitions):
(JSC::StructureStubInfo::containsPC):
* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::considerCaching):
* runtime/Structure.cpp:
(JSC::Structure::visitChildren):
(JSC::Structure::isCheapDuringGC):
(JSC::Structure::markIfCheap):
(JSC::Structure::prototypeChainMayInterceptStoreTo):
* runtime/Structure.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200405 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Simplify console.clear
commit-queue@webkit.org [Wed, 4 May 2016 01:54:39 +0000 (01:54 +0000)]
Web Inspector: Simplify console.clear
https://bugs.webkit.org/show_bug.cgi?id=157316

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-03
Reviewed by Timothy Hatcher.

* inspector/ScriptArguments.cpp:
(Inspector::ScriptArguments::createEmpty):
(Inspector::ScriptArguments::ScriptArguments):
* inspector/ScriptArguments.h:
Provide a way to create an empty list.

* runtime/ConsoleClient.cpp:
(JSC::ConsoleClient::clear):
* runtime/ConsoleClient.h:
Drop unnecessary parameter.

* runtime/ConsoleObject.cpp:
(JSC::consoleProtoFuncClear):
No need to parse arguments.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200404 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd VideoControlsManager tests
bdakin@apple.com [Wed, 4 May 2016 01:46:30 +0000 (01:46 +0000)]
Add VideoControlsManager tests
https://bugs.webkit.org/show_bug.cgi?id=157332
-and corresponding-
rdar://problem/24358431

Reviewed by Sam Weinig.

Source/WebKit2:

Expose _hasActiveVideoForControlsManager on WKWebViewPrivate for the sake of
testing.
* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _hasActiveVideoForControlsManager]):
(-[WKWebView _doAfterNextPresentationUpdate:]):
* UIProcess/API/Cocoa/WKWebViewPrivate.h:

Tools:

This patch adds three VideoControlsManager tests.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit/ios/video-with-audio.html:
* TestWebKitAPI/Tests/WebKit2Cocoa/VideoControlsManager.mm: Added.
(-[DidPlayMessageHandler initWithWKWebView:]):
(-[DidPlayMessageHandler userContentController:didReceiveScriptMessage:]):
(TestWebKitAPI::TEST):
* TestWebKitAPI/Tests/WebKit2Cocoa/large-video-with-audio.html: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/large-video-with-audio.mp4: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/large-video-without-audio.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200403 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoImprove Symbol() to string coercion error message
utatane.tea@gmail.com [Wed, 4 May 2016 01:21:38 +0000 (01:21 +0000)]
Improve Symbol() to string coercion error message
https://bugs.webkit.org/show_bug.cgi?id=157317

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Improve error messages related to Symbols.

* runtime/JSCJSValue.cpp:
(JSC::JSValue::toStringSlowCase):
* runtime/Symbol.cpp:
(JSC::Symbol::toNumber):
* runtime/SymbolConstructor.cpp:
(JSC::symbolConstructorKeyFor):
* runtime/SymbolPrototype.cpp:
(JSC::symbolProtoFuncToString):
(JSC::symbolProtoFuncValueOf):
* tests/stress/dfg-to-primitive-pass-symbol.js:
* tests/stress/floating-point-div-to-mul.js:
(i.catch):
* tests/stress/string-from-code-point.js:
(shouldThrow):
(string_appeared_here.shouldThrow):
* tests/stress/symbol-error-messages.js: Added.
(shouldThrow):
* tests/stress/symbol-registry.js:

LayoutTests:

* js/math-clz32-expected.txt:
* js/script-tests/symbol-abstract-relational-comparison.js:
(relationalOperators.forEach):
* js/script-tests/symbol-object.js:
* js/script-tests/symbol-prototype-is-ordinary-object.js:
* js/script-tests/symbol-tostring.js:
* js/string-code-point-at-expected.txt:
* js/symbol-abstract-relational-comparison-expected.txt:
* js/symbol-object-expected.txt:
* js/symbol-prototype-is-ordinary-object-expected.txt:
* js/symbol-tostring-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200402 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Adding a new console message shouldn't modify DOM when the console...
nvasilyev@apple.com [Wed, 4 May 2016 01:19:17 +0000 (01:19 +0000)]
Web Inspector: Adding a new console message shouldn't modify DOM when the console log is hidden
https://bugs.webkit.org/show_bug.cgi?id=155629
<rdar://problem/25235470>

Reviewed by Timothy Hatcher.

Instead of rendering console messages right away, store them (in _pendingMessages)
and render only when the console tab or the split console is visible.
Also, batch rendering operations using requestAnimationFrame.

* UserInterface/Controllers/JavaScriptLogViewController.js:
(WebInspector.JavaScriptLogViewController):
Store console message views in _pendingMessages.

(WebInspector.JavaScriptLogViewController.prototype._appendConsoleMessageView):
(WebInspector.JavaScriptLogViewController.prototype.renderPendingMessages):
Use requestAnimationFrame batching. Run isScrolledToBottom() at most only once
per batch.

(WebInspector.JavaScriptLogViewController.prototype.renderPendingMessagesSoon):
(WebInspector.JavaScriptLogViewController.prototype._didRenderConsoleMessageView):
There is no need to run scrollToBottom again.

* UserInterface/Views/ConsoleCommandView.js:
(WebInspector.ConsoleCommandView):
Move all DOM operations to a new render method.

(WebInspector.ConsoleCommandView.prototype.render):
* UserInterface/Views/ConsoleMessageView.js:
(WebInspector.ConsoleMessageView):
(WebInspector.ConsoleMessageView.prototype.render):
(WebInspector.ConsoleMessageView.prototype.set repeatCount):
(WebInspector.ConsoleMessageView.prototype._renderRepeatCount):
* UserInterface/Views/LogContentView.js:
(WebInspector.LogContentView.prototype.shown):
When the console tab or the split console is opened render all pending messages.

(WebInspector.LogContentView.prototype.didAppendConsoleMessageView):
Don't call needsLayout on every added console message. Call it only once per
requestAnimationFrame. Also, no need to scrollToBottom once again.

(WebInspector.LogContentView.prototype._messageAdded):
(WebInspector.LogContentView.prototype._previousMessageRepeatCountUpdated):
(WebInspector.LogContentView.prototype._scopeFromMessageLevel): Deleted.
(WebInspector.LogContentView.prototype._markScopeBarItemUnread): Added.
Rename _pulseScopeBarItemBorder. In the very first version the border was pulsing,
but now we use small colored circles instead.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200401 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Give console.time/timeEnd a default label and warnings
commit-queue@webkit.org [Wed, 4 May 2016 01:08:49 +0000 (01:08 +0000)]
Web Inspector: Give console.time/timeEnd a default label and warnings
https://bugs.webkit.org/show_bug.cgi?id=157325
<rdar://problem/26073290>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-03
Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

Provide more user friendly console.time/timeEnd. The timer name
is now optional, and is "default" if not provided. Also provide
warnings when attempting to start an already started timer,
or stop a timer that does not exist.

* inspector/agents/InspectorConsoleAgent.cpp:
(Inspector::InspectorConsoleAgent::startTiming):
(Inspector::InspectorConsoleAgent::stopTiming):
Warnings for bad cases.

* runtime/ConsoleObject.cpp:
(JSC::defaultLabelString):
(JSC::consoleProtoFuncTime):
(JSC::consoleProtoFuncTimeEnd):
Optional label becomes "default".

Source/WebInspectorUI:

* UserInterface/Models/NativeFunctionParameters.js:
Update the convenience signature.

LayoutTests:

* inspector/console/console-time-expected.txt: Added.
* inspector/console/console-time.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200400 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix the ENABLE(WEBASSEMBLY) build
commit-queue@webkit.org [Wed, 4 May 2016 01:06:37 +0000 (01:06 +0000)]
Fix the ENABLE(WEBASSEMBLY) build
https://bugs.webkit.org/show_bug.cgi?id=157312

Patch by Xan Lopez <xlopez@igalia.com> on 2016-05-03
Reviewed by Darin Adler.

* runtime/Executable.cpp:
(JSC::WebAssemblyExecutable::WebAssemblyExecutable):
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::convertValueToDouble):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200399 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Remove unused parameter of ScriptArguments::getFirstArgumentAsString
commit-queue@webkit.org [Wed, 4 May 2016 01:06:02 +0000 (01:06 +0000)]
Web Inspector: Remove unused parameter of ScriptArguments::getFirstArgumentAsString
https://bugs.webkit.org/show_bug.cgi?id=157301

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-03
Reviewed by Timothy Hatcher.

* inspector/ScriptArguments.cpp:
(Inspector::ScriptArguments::getFirstArgumentAsString):
* inspector/ScriptArguments.h:
Remove unused argument and related code.

* runtime/ConsoleClient.cpp:
(JSC::ConsoleClient::printConsoleMessageWithArguments):
Drive by remove unnecessary cast.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200398 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[ATK] accessibility/document-attributes.html is failing
jdiggs@igalia.com [Wed, 4 May 2016 01:05:05 +0000 (01:05 +0000)]
[ATK] accessibility/document-attributes.html is failing
https://bugs.webkit.org/show_bug.cgi?id=125348

Reviewed by Chris Fleizach.

Tools:

The test was failing because the WebArea is now being exposed with the role of
ATK_ROLE_DOCUMENT_WEB; not ATK_ROLE_DOCUMENT_FRAME. Unfortunately, when that
change was made, documentEncoding() and documentURI() were not updated accordingly.

* WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:
(WTR::AccessibilityUIElement::documentEncoding):
(WTR::AccessibilityUIElement::documentURI):

LayoutTests:

* platform/efl/TestExpectations: Unskipped failing test.
* platform/gtk/TestExpectations: Unskipped failing test.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200397 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS][WK2] Allow WKWebView to play local filesystem media when created with -loadFile...
jer.noble@apple.com [Wed, 4 May 2016 01:04:37 +0000 (01:04 +0000)]
[iOS][WK2] Allow WKWebView to play local filesystem media when created with -loadFileURL:allowingReadAccessToURL:
https://bugs.webkit.org/show_bug.cgi?id=156875
<rdar://problem/24281444>

Reviewed by Alexey Proskuryakov.

Grant AVFoundation the right to issue file read sandbox extensions from the WebContent process to the mediaserverd
process, so that it can play back local media files.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200396 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFile Upload: Photo upload name is always generic (image.jpg)
jiewen_tan@apple.com [Wed, 4 May 2016 01:03:55 +0000 (01:03 +0000)]
File Upload: Photo upload name is always generic (image.jpg)
https://bugs.webkit.org/show_bug.cgi?id=157291
<rdar://problem/12353008>

Reviewed by Darin Adler.

Use the original filename as the name of an uploaded image instead of
a generic name, i.e. image.jpg.

* Platform/spi/ios/PhotosSPI.h: Added.
* UIProcess/ios/forms/WKFileUploadPanel.mm:
(-[WKFileUploadPanel _uploadItemForImage:withAssetURL:successBlock:failureBlock:]):
* WebKit2.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200395 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[WK2][DiskCache] Store common HTTP header names as strings
cdumez@apple.com [Tue, 3 May 2016 23:26:03 +0000 (23:26 +0000)]
[WK2][DiskCache] Store common HTTP header names as strings
https://bugs.webkit.org/show_bug.cgi?id=157326
<rdar://problem/26073498>

Reviewed by Antti Koivisto.

Store common HTTP header names as strings in the disk cache instead of
using their value in the HTTPHeaderName enumeration. Having the disk
cache rely in the HTTPHeaderName enumeration is risky becomes it means
the cached data would become invalid every time someone updates
HTTPHeaderNames.in in WebCore. If someone were to update
HTTPHeaderNames.in without bumping the disk cache version, we would end
up with wrongly recognized HTTP header names after loading responses
from the cache.

* NetworkProcess/cache/NetworkCacheCoders.cpp:
(WebKit::NetworkCache::Coder<WebCore::HTTPHeaderMap>::encode):
(WebKit::NetworkCache::Coder<WebCore::HTTPHeaderMap>::decode):
* NetworkProcess/cache/NetworkCacheCoders.h:
* NetworkProcess/cache/NetworkCacheStorage.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200394 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoOptimize [StrictTypeChecking] on IDL attributes
cdumez@apple.com [Tue, 3 May 2016 23:25:30 +0000 (23:25 +0000)]
Optimize [StrictTypeChecking] on IDL attributes
https://bugs.webkit.org/show_bug.cgi?id=157321

Reviewed by Geoffrey Garen.

Optimize [StrictTypeChecking] on IDL attributes:
- Only generate extra code for nullable attributes because for non-nullable
  attributes, JSXXX::toWrapped() will return null in case of a bad input
  type. We will then throw a TypeError when null-checking it already.
- After the JSValue::isNullOrUndefined() check, avoid calling
  JSXXX::toWrapped() and set nativeValue to nullptr directly.
- Drop the check for JSValue::inherits(JSXXX::info()) and just do a null
  check on the value returned by JSXXX::toWrapped(). toWrapped() already
  does a JSValue::inherits(JSXXX::info() check. Since we only call
  toWrapped() if the JSValue is not null/undefined, a null return value
  always indicates a bad input type.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
(webkit_dom_test_obj_set_strict_type_checking_attribute):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::setJSTestObjStrictTypeCheckingAttribute):
* bindings/scripts/test/ObjC/DOMTestObj.mm:
(-[DOMTestObj setStrictTypeCheckingAttribute:]):
* bindings/scripts/test/TestObj.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200393 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUn-skipping storage/indexeddb/intversion-open-in-upgradeneeded.html, but leaving...
ryanhaddad@apple.com [Tue, 3 May 2016 23:01:46 +0000 (23:01 +0000)]
Un-skipping storage/indexeddb/intversion-open-in-upgradeneeded.html, but leaving it as flaky
https://bugs.webkit.org/show_bug.cgi?id=155050

Unreviewed test gardening.

* platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200392 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTemporary workaround for Apple Internal builds
dbates@webkit.org [Tue, 3 May 2016 22:31:16 +0000 (22:31 +0000)]
Temporary workaround for Apple Internal builds
<rdar://problem/25992976>

For Apple Internal builds treat error code errSecCSGuestInvalid as if it were error code errSecCSUnsigned.
We will look to remove this workaround in the fix for <rdar://problem/26075714>.

* Shared/mac/CodeSigning.mm:
(WebKit::secCodeSigningIdentifier):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200391 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r199259 and r200161.
cdumez@apple.com [Tue, 3 May 2016 22:20:07 +0000 (22:20 +0000)]
Unreviewed, rolling out r199259 and r200161.

Seems to have caused a ~1.2% PLT regression on iOS

Reverted changesets:

"[iOS WK2] WKWebViews should consult ancestor UIScrollViews to
determine tiling area"
https://bugs.webkit.org/show_bug.cgi?id=156429
http://trac.webkit.org/changeset/199259

"[iOS WK2] When determining tile size, check whether ancestor
UIScrollViews are actually scrollable"
https://bugs.webkit.org/show_bug.cgi?id=157107
http://trac.webkit.org/changeset/200161

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200390 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSS Grid should be an experimental feature flag
dino@apple.com [Tue, 3 May 2016 22:12:53 +0000 (22:12 +0000)]
CSS Grid should be an experimental feature flag
https://bugs.webkit.org/show_bug.cgi?id=157327
<rdar://problem/26075147>

Reviewed by Anders Carlsson.

The CSS Grid Layout runtime flag was exposed by
a WebKit preference. It was in the experimental
section but was missing the "Experimental" prefix.

It was also missing the human readable description.

Lastly, there is no need for the C API for experimental
features.

* Shared/WebPreferencesDefinitions.h:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetCSSGridLayoutEnabled): Deleted.
(WKPreferencesGetCSSGridLayoutEnabled): Deleted.
* UIProcess/API/C/WKPreferencesRefPrivate.h:
* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::overrideBoolPreferenceForTestRunner):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200389 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove firing assertion when redirecting
achristensen@apple.com [Tue, 3 May 2016 21:46:06 +0000 (21:46 +0000)]
Remove firing assertion when redirecting
https://bugs.webkit.org/show_bug.cgi?id=155800
rdar://25299194

Reviewed by Sam Weinig.

* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:willCacheResponse:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:task:didCompleteWithError:]):
With NSURLConnection, we stopped getting delegate callbacks once the delegate is destroyed, and everything was cancelled.
With NSURLSession we continue getting delegate callbacks because the session's delegate is not destroyed after each load.
As documented in NSURLSession.h: "In some cases, the task may signal other work before it acknowledges the cancelation."
In the cases where we cancel a load, delete the NetworkLoad and corresponding NetworkDataTask, we want to call all
completion handlers indicating that we really want to cancel instead of asserting.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200388 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCrash: Array.prototype.slice() and .splice() can call fastSlice() after an array...
msaboff@apple.com [Tue, 3 May 2016 21:42:44 +0000 (21:42 +0000)]
Crash: Array.prototype.slice() and .splice() can call fastSlice() after an array is truncated
https://bugs.webkit.org/show_bug.cgi?id=157322

Reviewed by Filip Pizlo.

Check to see if the source array has changed length before calling fastSlice().
If it has, take the slow path.

* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSplice):
* tests/stress/regress-157322.js: New test.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200387 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago2016-05-03 Geoffrey Garen <ggaren@apple.com>
ggaren@apple.com [Tue, 3 May 2016 20:54:51 +0000 (20:54 +0000)]
2016-05-03  Geoffrey Garen  <ggaren@apple.com>

        Assertion failure in bmalloc::vmRevokePermissions(void*, unsigned long).
        https://bugs.webkit.org/show_bug.cgi?id=157047

        Reviewed by Filip Pizlo.

        Renamed roundUpToMultipleOfSloppy => roundUpToMultipleOfNonPowerOfTwo.

        * bmalloc/Algorithm.h:
        (bmalloc::roundUpToMultipleOfNonPowerOfTwo):
        (bmalloc::roundUpToMultipleOfSloppy): Deleted.
        * bmalloc/VMHeap.cpp:
        (bmalloc::VMHeap::allocateSmallChunk):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200386 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAssertion failure in bmalloc::vmRevokePermissions(void*, unsigned long).
ggaren@apple.com [Tue, 3 May 2016 19:43:56 +0000 (19:43 +0000)]
Assertion failure in bmalloc::vmRevokePermissions(void*, unsigned long).
https://bugs.webkit.org/show_bug.cgi?id=157047

Reviewed by Filip Pizlo.

The previous fix aligned the guard page sizes correctly but forgot to
align the guard page start address correctly.

* bmalloc/Algorithm.h:
(bmalloc::roundUpToMultipleOfSloppy): Use a new helper method to round
up when not working with a power of two, instead of writing out the
math by hand.

* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::allocateSmallChunk): Make sure to round up the guard
page start address in addition to its size. Assert at the very end to
try to catch more bugs.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200385 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoEliminate PassRefPtr conversion from ConsoleObject
joepeck@webkit.org [Tue, 3 May 2016 18:38:59 +0000 (18:38 +0000)]
Eliminate PassRefPtr conversion from ConsoleObject
https://bugs.webkit.org/show_bug.cgi?id=157300

Reviewed by Timothy Hatcher.

* runtime/ConsoleObject.cpp:
(JSC::consoleLogWithLevel):
(JSC::consoleProtoFuncClear):
(JSC::consoleProtoFuncDir):
(JSC::consoleProtoFuncDirXML):
(JSC::consoleProtoFuncTable):
(JSC::consoleProtoFuncTrace):
(JSC::consoleProtoFuncAssert):
(JSC::consoleProtoFuncCount):
(JSC::consoleProtoFuncTimeStamp):
(JSC::consoleProtoFuncGroup):
(JSC::consoleProtoFuncGroupCollapsed):
(JSC::consoleProtoFuncGroupEnd):
No need to release to a PassRefPtr, we can just move into the RefPtr<>&&.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200384 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSpeed up JSGlobalObject initialization by making some properties lazy
fpizlo@apple.com [Tue, 3 May 2016 18:36:34 +0000 (18:36 +0000)]
Speed up JSGlobalObject initialization by making some properties lazy
https://bugs.webkit.org/show_bug.cgi?id=157045

Reviewed by Keith Miller.
Source/JavaScriptCore:

This makes about half of JSGlobalObject's state lazy. There are three categories of
state in JSGlobalObject:

1) C++ fields in JSGlobalObject.
2) JS object properties in JSGlobalObject's JSObject superclass.
3) JS variables in JSGlobalObject's JSSegmentedVariableObject superclass.

State held in JS variables cannot yet be made lazy. That's why this patch only goes
half-way.

State in JS object properties can be made lazy if we move it to the static property
hashtable. JSGlobalObject already had one of those. This patch makes static property
hashtables a lot more powerful, by adding three new kinds of static properties. These
new kinds allow us to make almost all of JSGlobalObject's object properties lazy.

State in C++ fields can now be made lazy thanks in part to WTF's support for stateless
lambdas. You can of course make anything lazy by hand, but there are many C++ fields in
JSGlobalObject and we are adding more all the time. We don't want to require that each
of these has a getter with an initialization check and a corresponding out-of-line slow
path that does the initialization. We want this kind of boilerplate to be handled by
some abstractions.

The primary abstraction introduced in this patch is LazyProperty<Type>. Currently, this
only works where Type is a subclass of JSCell. Such a property holds a pointer to Type.
You can use it like you would a WriteBarrier<Type>. It even has set() and get() methods,
so it's almost a drop-in replacement.

The key to LazyProperty<Type>'s power is that you can do this:

    class Bar {
        ...
        LazyProperty<Foo> m_foo;
    };
    ...
    m_foo.initLater(
        [] (const LazyProperty<Foo>::Initializer<Bar>& init) {
            init.set(Foo::create(init.vm, init.owner));
        });

This initLater() call requires that you pass a stateless lambda (see WTF changelog for
the definition). Miraculously, this initLater() call is guaranteed to compile to a store
of a pointer constant to m_foo, as in:

    movabsq 0xBLAH, %rax
    movq %rax, &m_foo

This magical pointer constant points to a callback that was generated by the template
instantiation of initLater(). That callback knows to call your stateless lambda, but
also does some other bookkeeping: it makes sure that you indeed initialized the property
inside the callback and it manages recursive initializations. It's totally legal to call
m_foo.get() inside the initLater() callback. If you do that before you call init.set(),
m_foo.get() will return null. This is an excellent escape hatch if we ever find
ourselves in a dependency cycle. I added this feature because I already had to create a
dependency cycle.

Note that using LazyProperties from DFG threads is super awkward. It's going to be hard
to get this right. The DFG thread cannot initialize those fields, so it has to make sure
that it does conservative things. But for some nodes this could mean adding a lot of new
logic, like NewTypedArray, which currently is written in such a way that it assumes that
we always have the typed array structure. Currently we take a two-fold approach: for
typed arrays we don't handle the NewTypedArray intrinsic if the structure isn't
initialized, and for everything else we don't make the properties lazy if the DFG needs
them. As we optimize this further we might need to teach the DFG to handle more lazy
properties. I tried to do this for RegExp but found it to be very confusing. With typed
arrays I got lucky.

There is also a somewhat more powerful construct called LazyClassStructure. We often
need to keep around the structure of some standard JS class, like Date. We also need to
make sure that the constructor ends up in the global object's property table. And we
often need to keep the original value of the constructor for ourselves. In this case, we
want to make sure that the creation of the structure-prototype-constructor constellation
is atomic. We don't want code to start looking at the structure if it points to a
prototype that doesn't have its "constructor" property set yet, for example.
LazyClassStructure solves this by abstracting that whole initialization. You provide the
callback that allocates everything, since we are super inconsistent about the way we
initialize things, but LazyClassStructure establishes the workflow and helps you not
mess up.

Finally, the new static hashtable attributes allow for all of this to work with the JS
property table:

PropertyCallback: if you use this attribute, the second column in the table should be
the name of a function to call to initialize this property. This is useful for things
like the Math property. The Math object turns out to be very expensive to allocate.
Delaying its allocation is super easy with the PropertyCallback attribute.

CellProperty: with this attribute the second column should be a C++ field name like
JSGlobalObject::m_evalErrorConstructor. The static hashtable will grab the offset of
this property, and when it needs to be initialized, Lookup will assume you have a
LazyProperty<JSCell> and call its get() method. It will initialize the property to
whatever get() returned. Note that it's legal to cast a LazyProperty<Anything> to
LazyProperty<JSCell> for the purpose of calling get() because the get() method will just
call whatever callback function pointer is encoded in the property and it does not need
to know anything about what type that callback will instantiate.

ClassStructure: with this attribute the second column should be a C++ field name. The
static hashtable will initialize the property by treating the field as a
LazyClassStructure and it will call get(). LazyClassStructure completely owns the whole
initialization workflow, so Lookup assumes that when LazyClassStructure::get() returns,
the property in question will already be set. By convention, we have LazyClassStructure
initialize the property with a pointer to the constructor, since that's how all of our
classes work: "globalObject.Date" points to the DateConstructor.

This is a 2x speed-up in JSGlobalObject initialization time in a microbenchmark that
calls our C API. This is a 1% speed-up on SunSpider and JSRegress.

* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::create):
* API/ObjCCallbackFunction.h:
(JSC::ObjCCallbackFunction::impl):
* API/ObjCCallbackFunction.mm:
(JSC::ObjCCallbackFunction::ObjCCallbackFunction):
(JSC::ObjCCallbackFunction::create):
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* create_hash_table:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::set):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::originalArrayStructure):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileNewTypedArray):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStructureRegistrationPhase.cpp:
(JSC::DFG::StructureRegistrationPhase::run):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
* runtime/ClonedArguments.cpp:
(JSC::ClonedArguments::getOwnPropertySlot):
(JSC::ClonedArguments::materializeSpecials):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncToString):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::visitChildren):
(JSC::InternalFunction::name):
(JSC::InternalFunction::calculatedDisplayName):
(JSC::InternalFunction::createSubclassStructure):
* runtime/InternalFunction.h:
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::finishCreation):
(JSC::JSBoundFunction::visitChildren):
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::defineOwnProperty):
* runtime/JSGenericTypedArrayViewConstructorInlines.h:
(JSC::constructGenericTypedArrayView):
* runtime/JSGlobalObject.cpp:
(JSC::createProxyProperty):
(JSC::createJSONProperty):
(JSC::createMathProperty):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::stringPrototypeChainIsSane):
(JSC::JSGlobalObject::resetPrototype):
(JSC::JSGlobalObject::visitChildren):
(JSC::JSGlobalObject::toThis):
(JSC::JSGlobalObject::getOwnPropertySlot):
(JSC::JSGlobalObject::createThrowTypeError): Deleted.
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::objectConstructor):
(JSC::JSGlobalObject::promiseConstructor):
(JSC::JSGlobalObject::internalPromiseConstructor):
(JSC::JSGlobalObject::evalErrorConstructor):
(JSC::JSGlobalObject::rangeErrorConstructor):
(JSC::JSGlobalObject::referenceErrorConstructor):
(JSC::JSGlobalObject::syntaxErrorConstructor):
(JSC::JSGlobalObject::typeErrorConstructor):
(JSC::JSGlobalObject::URIErrorConstructor):
(JSC::JSGlobalObject::nullGetterFunction):
(JSC::JSGlobalObject::nullSetterFunction):
(JSC::JSGlobalObject::callFunction):
(JSC::JSGlobalObject::applyFunction):
(JSC::JSGlobalObject::definePropertyFunction):
(JSC::JSGlobalObject::arrayProtoValuesFunction):
(JSC::JSGlobalObject::initializePromiseFunction):
(JSC::JSGlobalObject::newPromiseCapabilityFunction):
(JSC::JSGlobalObject::functionProtoHasInstanceSymbolFunction):
(JSC::JSGlobalObject::regExpProtoExecFunction):
(JSC::JSGlobalObject::regExpProtoSymbolReplaceFunction):
(JSC::JSGlobalObject::regExpProtoGlobalGetter):
(JSC::JSGlobalObject::regExpProtoUnicodeGetter):
(JSC::JSGlobalObject::throwTypeErrorGetterSetter):
(JSC::JSGlobalObject::moduleLoader):
(JSC::JSGlobalObject::objectPrototype):
(JSC::JSGlobalObject::functionPrototype):
(JSC::JSGlobalObject::arrayPrototype):
(JSC::JSGlobalObject::booleanPrototype):
(JSC::JSGlobalObject::stringPrototype):
(JSC::JSGlobalObject::symbolPrototype):
(JSC::JSGlobalObject::numberPrototype):
(JSC::JSGlobalObject::datePrototype):
(JSC::JSGlobalObject::regExpPrototype):
(JSC::JSGlobalObject::errorPrototype):
(JSC::JSGlobalObject::iteratorPrototype):
(JSC::JSGlobalObject::generatorFunctionPrototype):
(JSC::JSGlobalObject::generatorPrototype):
(JSC::JSGlobalObject::debuggerScopeStructure):
(JSC::JSGlobalObject::withScopeStructure):
(JSC::JSGlobalObject::strictEvalActivationStructure):
(JSC::JSGlobalObject::activationStructure):
(JSC::JSGlobalObject::moduleEnvironmentStructure):
(JSC::JSGlobalObject::directArgumentsStructure):
(JSC::JSGlobalObject::scopedArgumentsStructure):
(JSC::JSGlobalObject::clonedArgumentsStructure):
(JSC::JSGlobalObject::isOriginalArrayStructure):
(JSC::JSGlobalObject::booleanObjectStructure):
(JSC::JSGlobalObject::callbackConstructorStructure):
(JSC::JSGlobalObject::callbackFunctionStructure):
(JSC::JSGlobalObject::callbackObjectStructure):
(JSC::JSGlobalObject::propertyNameIteratorStructure):
(JSC::JSGlobalObject::objcCallbackFunctionStructure):
(JSC::JSGlobalObject::objcWrapperObjectStructure):
(JSC::JSGlobalObject::dateStructure):
(JSC::JSGlobalObject::nullPrototypeObjectStructure):
(JSC::JSGlobalObject::errorStructure):
(JSC::JSGlobalObject::calleeStructure):
(JSC::JSGlobalObject::functionStructure):
(JSC::JSGlobalObject::boundFunctionStructure):
(JSC::JSGlobalObject::boundSlotBaseFunctionStructure):
(JSC::JSGlobalObject::getterSetterStructure):
(JSC::JSGlobalObject::nativeStdFunctionStructure):
(JSC::JSGlobalObject::namedFunctionStructure):
(JSC::JSGlobalObject::functionNameOffset):
(JSC::JSGlobalObject::numberObjectStructure):
(JSC::JSGlobalObject::privateNameStructure):
(JSC::JSGlobalObject::mapStructure):
(JSC::JSGlobalObject::regExpStructure):
(JSC::JSGlobalObject::generatorFunctionStructure):
(JSC::JSGlobalObject::setStructure):
(JSC::JSGlobalObject::stringObjectStructure):
(JSC::JSGlobalObject::symbolObjectStructure):
(JSC::JSGlobalObject::iteratorResultObjectStructure):
(JSC::JSGlobalObject::lazyTypedArrayStructure):
(JSC::JSGlobalObject::typedArrayStructure):
(JSC::JSGlobalObject::typedArrayStructureConcurrently):
(JSC::JSGlobalObject::isOriginalTypedArrayStructure):
(JSC::JSGlobalObject::typedArrayConstructor):
(JSC::JSGlobalObject::actualPointerFor):
(JSC::JSGlobalObject::internalFunctionStructure): Deleted.
* runtime/JSNativeStdFunction.cpp:
(JSC::JSNativeStdFunction::create):
* runtime/JSWithScope.cpp:
(JSC::JSWithScope::create):
(JSC::JSWithScope::visitChildren):
(JSC::JSWithScope::createStructure):
(JSC::JSWithScope::JSWithScope):
* runtime/JSWithScope.h:
(JSC::JSWithScope::object):
(JSC::JSWithScope::create): Deleted.
(JSC::JSWithScope::createStructure): Deleted.
(JSC::JSWithScope::JSWithScope): Deleted.
* runtime/LazyClassStructure.cpp: Added.
(JSC::LazyClassStructure::Initializer::Initializer):
(JSC::LazyClassStructure::Initializer::setPrototype):
(JSC::LazyClassStructure::Initializer::setStructure):
(JSC::LazyClassStructure::Initializer::setConstructor):
(JSC::LazyClassStructure::visit):
(JSC::LazyClassStructure::dump):
* runtime/LazyClassStructure.h: Added.
(JSC::LazyClassStructure::LazyClassStructure):
(JSC::LazyClassStructure::get):
(JSC::LazyClassStructure::prototype):
(JSC::LazyClassStructure::constructor):
(JSC::LazyClassStructure::getConcurrently):
(JSC::LazyClassStructure::prototypeConcurrently):
(JSC::LazyClassStructure::constructorConcurrently):
* runtime/LazyClassStructureInlines.h: Added.
(JSC::LazyClassStructure::initLater):
* runtime/LazyProperty.h: Added.
(JSC::LazyProperty::Initializer::Initializer):
(JSC::LazyProperty::LazyProperty):
(JSC::LazyProperty::get):
(JSC::LazyProperty::getConcurrently):
* runtime/LazyPropertyInlines.h: Added.
(JSC::LazyProperty<ElementType>::Initializer<OwnerType>::set):
(JSC::LazyProperty<ElementType>::initLater):
(JSC::LazyProperty<ElementType>::setMayBeNull):
(JSC::LazyProperty<ElementType>::set):
(JSC::LazyProperty<ElementType>::visit):
(JSC::LazyProperty<ElementType>::dump):
(JSC::LazyProperty<ElementType>::callFunc):
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
* runtime/Lookup.h:
(JSC::HashTableValue::function):
(JSC::HashTableValue::functionLength):
(JSC::HashTableValue::propertyGetter):
(JSC::HashTableValue::propertyPutter):
(JSC::HashTableValue::accessorGetter):
(JSC::HashTableValue::accessorSetter):
(JSC::HashTableValue::constantInteger):
(JSC::HashTableValue::lexerValue):
(JSC::HashTableValue::lazyCellPropertyOffset):
(JSC::HashTableValue::lazyClassStructureOffset):
(JSC::HashTableValue::lazyPropertyCallback):
(JSC::getStaticPropertySlot):
(JSC::getStaticValueSlot):
(JSC::reifyStaticProperty):
* runtime/PropertySlot.h:
* runtime/TypedArrayType.h:

Source/WebCore:

No new tests because no change in behavior.

This adapts JSHTMLElementCustom.cpp to the new JSWithScope API. Note that this revealed
that this was using a curious choice of global object, which may not be right. I decided
to do a very literal refactoring that exactly preserves what this code got before, but I
added a FIXME to reconsider this later.

* bindings/js/JSHTMLElementCustom.cpp:
(WebCore::JSHTMLElement::pushEventHandlerScope):

Source/WTF:

This WTF change is at the heart of a large JSC change. In JSC I found myself wanting to
do this a lot:

    static void callback(Foo& foo) { ... }

    foo.setCallback(callback);

But that's not very nice to write if many different setCallback() calls are inside of the
same very large function: you'll have to have a lot of static function definitions in
one part of the file, and then a bunch of setCallback() calls in another part. It's hard
to reason about what's going on with such code.

So what if you wrote this instead:

    foo.setCallback([] (Foo& foo) { ... });

Much nicer! There is a standard way to do this: lambdas that are stateless are
convertible to function pointers. This change also offers another approach that is a bit
more general.

These additions to WTF help you do it:

isStatelessLambda<Func>(): tells you if Func is a stateless lambda. This uses is_empty to
test if the lambda is stateless. This turns out to be a stronger property than
convertibility to function pointers. For example, a function pointer is convertible to a
function pointer, but it is definitely stateful: you cannot successfully call it if you
only has its type. On the other hand, a stateless lambda is really stateless in the sense
that you only need its type to call it.

callStatelessLambda<ResultType, Func>(Arguments&&...): calls the given stateless lambda.

JSC uses these to build up some sophisticated lazy-initialization APIs. The use of
statelessness allows JSC to combine a lambda with other logic into a single function
pointer.

* wtf/StdLibExtras.h:
(WTF::isStatelessLambda):
(WTF::callStatelessLambda):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200383 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Remove Windows XP Compatibility Requirements
peavo@outlook.com [Tue, 3 May 2016 18:22:18 +0000 (18:22 +0000)]
[Win] Remove Windows XP Compatibility Requirements
https://bugs.webkit.org/show_bug.cgi?id=152899

Reviewed by Brent Fulgham.

Source/JavaScriptCore:

Windows XP is not supported anymore, we can remove workarounds.

* JavaScriptCore.vcxproj/jsc/DLLLauncherMain.cpp:
(enableTerminationOnHeapCorruption):

Source/WebCore:

Windows XP is not supported anymore, we can remove compatibility workarounds.

* platform/text/win/LocaleWin.cpp:
(WebCore::extractLanguageCode):
(WebCore::LCIDFromLocaleInternal):
(WebCore::LCIDFromLocale):
(WebCore::removeLastComponent): Deleted.
(WebCore::ensureNameToLCIDMap): Deleted.
(WebCore::convertLocaleNameToLCID): Deleted.

Source/WTF:

Windows XP is not supported anymore, we can remove workarounds.

* wtf/Assertions.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200382 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r198943): Transitions don't work if they animate display property
antti@apple.com [Tue, 3 May 2016 18:00:04 +0000 (18:00 +0000)]
REGRESSION (r198943): Transitions don't work if they animate display property
https://bugs.webkit.org/show_bug.cgi?id=157244
<rdar://problem/26042189>

Reviewed by Simon Fraser.

Source/WebCore:

Test: transitions/transition-display-property.html

* style/RenderTreeUpdater.cpp:
(WebCore::RenderTreeUpdater::updateBeforeOrAfterPseudoElement):

    Call the common function for ::before/::after updates.

* style/StyleTreeResolver.cpp:
(WebCore::Style::TreeResolver::resolveElement):
(WebCore::Style::TreeResolver::createAnimatedElementUpdate):

    If animation forces render tree reconstruction use the original rather than animated style for update.
    Because animations are tied to renderers we start them during renderer construction in this case.

    Factor to a function.

(WebCore::Style::elementImplicitVisibility):
* style/StyleTreeResolver.h:

LayoutTests:

* transitions/transition-display-property-expected.html: Added.
* transitions/transition-display-property.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200381 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Warning fix.
peavo@outlook.com [Tue, 3 May 2016 17:58:23 +0000 (17:58 +0000)]
[Win] Warning fix.
https://bugs.webkit.org/show_bug.cgi?id=157309

Reviewed by Darin Adler.

MSVC gives a warning when converting from signed to unsigned.

* wtf/SmallPtrSet.h:
(WTF::SmallPtrSet::begin):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200380 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, drop outdated layout test after r200375.
cdumez@apple.com [Tue, 3 May 2016 17:24:48 +0000 (17:24 +0000)]
Unreviewed, drop outdated layout test after r200375.

* fast/workers/resources/worker-replace-self.js: Removed.
* fast/workers/worker-replace-self-expected.txt: Removed.
* fast/workers/worker-replace-self.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200378 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Unreviewed build fix.
bfulgham@apple.com [Tue, 3 May 2016 17:10:35 +0000 (17:10 +0000)]
[Win] Unreviewed build fix.

* EWSTools/start-queue-win.sh: Establish proper VS2015 build
environment at start of queue run.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200377 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed GTK+ gardening.
jdiggs@igalia.com [Tue, 3 May 2016 16:39:00 +0000 (16:39 +0000)]
Unreviewed GTK+ gardening.
Adding a platform-specific expectations file for aria-text-role.html.

* platform/gtk/accessibility/aria-text-role-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200376 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWorkerGlobalScope's self, location and navigator attributes should not be replaceable
cdumez@apple.com [Tue, 3 May 2016 15:50:37 +0000 (15:50 +0000)]
WorkerGlobalScope's self, location and navigator attributes should not be replaceable
https://bugs.webkit.org/show_bug.cgi?id=157296
<rdar://problem/25962738>

Patch by Pranjal Jumde <pjumde@apple.com> on 2016-05-03
Reviewed by Chris Dumez.

Source/WebCore:

Tests: http/tests/workers/location-readonly.html
       http/tests/workers/navigator-readonly.html
       http/tests/workers/self-readonly.html

* workers/WorkerGlobalScope.idl:
The 'self', 'location', and 'navigator' properties of the WorkerGlobalScope must be immutable.
See: https://html.spec.whatwg.org/multipage/workers.html#the-workerglobalscope-common-interface

LayoutTests:

* http/tests/workers/location-readonly-expected.txt: Added.
* http/tests/workers/location-readonly.html: Added.
* http/tests/workers/navigator-readonly-expected.txt: Added.
* http/tests/workers/navigator-readonly.html: Added.
* http/tests/workers/self-readonly-expected.txt: Added.
* http/tests/workers/self-readonly.html: Added.
* http/tests/workers/worker-location.js: Added.
* http/tests/workers/worker-navigator.js: Added.
* http/tests/workers/worker-self.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200375 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDrop some unnecessary exception checking in the generated bindings
cdumez@apple.com [Tue, 3 May 2016 15:44:36 +0000 (15:44 +0000)]
Drop some unnecessary exception checking in the generated bindings
https://bugs.webkit.org/show_bug.cgi?id=157299

Reviewed by Darin Adler.

Drop some unnecessary exception checking in the generated bindings.
Only do a check for state->hadException() after converting a JSValue
to a native value when necessary. Update JSValueToNative() to
indicate the caller if converting to the native value may throw an
exception.

This gets rid of a lot of unnecessary branching in the bindings.

No new tests, no intended web-exposed behavior change.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
(GenerateParametersCheck):
(JSValueToNative):
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200374 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Update window.console function API description strings in Console
commit-queue@webkit.org [Tue, 3 May 2016 15:39:28 +0000 (15:39 +0000)]
Web Inspector: Update window.console function API description strings in Console
https://bugs.webkit.org/show_bug.cgi?id=157298

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-03
Reviewed by Timothy Hatcher.

* UserInterface/Models/NativeFunctionParameters.js:
* UserInterface/Views/ObjectTreePropertyTreeElement.js:
(WebInspector.ObjectTreePropertyTreeElement.prototype._functionParameterString):
The Console object changed how it works. Work with the new
structure, and the older structure for legacy backends.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200373 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd/refactor isolatedCopy methods for 3 IDB classes.
beidson@apple.com [Tue, 3 May 2016 15:30:52 +0000 (15:30 +0000)]
Add/refactor isolatedCopy methods for 3 IDB classes.
https://bugs.webkit.org/show_bug.cgi?id=157289

Reviewed by Alex Christensen.

No new tests (Refactor, no behavior change).

In an upcoming, much larger patch, I'll need the ability to directly construct these three objects
as isolated copies.

This is a nice standalone refactor that enables that ability.

* Modules/indexeddb/IDBGetResult.cpp:
(WebCore::IDBGetResult::IDBGetResult):
(WebCore::IDBGetResult::isolatedCopy):
* Modules/indexeddb/IDBGetResult.h:

* Modules/indexeddb/IDBKeyData.cpp:
(WebCore::IDBKeyData::IDBKeyData):
(WebCore::IDBKeyData::isolatedCopy):
* Modules/indexeddb/IDBKeyData.h:

* Modules/indexeddb/shared/IDBTransactionInfo.cpp:
(WebCore::IDBTransactionInfo::IDBTransactionInfo):
(WebCore::IDBTransactionInfo::isolatedCopy):
* Modules/indexeddb/shared/IDBTransactionInfo.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200372 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: console.assert should do far less work when the assertion is true
commit-queue@webkit.org [Tue, 3 May 2016 15:24:36 +0000 (15:24 +0000)]
Web Inspector: console.assert should do far less work when the assertion is true
https://bugs.webkit.org/show_bug.cgi?id=157297
<rdar://problem/26056556>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-03
Reviewed by Timothy Hatcher.

* runtime/ConsoleClient.h:
* runtime/ConsoleClient.cpp:
(JSC::ConsoleClient::assertion):
(JSC::ConsoleClient::assertCondition): Deleted.
Rename, now that this will only get called when the assertion failed.

* runtime/ConsoleObject.cpp:
(JSC::consoleProtoFuncAssert):
Avoid doing any work if the assertion succeeded.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200371 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Allow format specifiers in console.assert and console.trace
commit-queue@webkit.org [Tue, 3 May 2016 15:23:53 +0000 (15:23 +0000)]
Web Inspector: Allow format specifiers in console.assert and console.trace
https://bugs.webkit.org/show_bug.cgi?id=157295
<rdar://problem/26056039>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-03
Reviewed by Timothy Hatcher.

* UserInterface/Views/ConsoleMessageView.js:
(WebInspector.ConsoleMessageView.prototype._appendMessageTextAndArguments):
Treat the first argument as a format specifier.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200370 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[ATK] accessibility/content-editable-as-textarea.html fails
jdiggs@igalia.com [Tue, 3 May 2016 15:23:23 +0000 (15:23 +0000)]
[ATK] accessibility/content-editable-as-textarea.html fails
https://bugs.webkit.org/show_bug.cgi?id=155353

Reviewed by Darin Adler.

Source/WebCore:

The test was timing out because it expected an AXValueChanged notification.
In ATK, AXValueChanged notifications are made for widgets which implement
the AtkValue interface (sliders, progress bars, etc.). We should be listening
for AXTextChanged instead.

In addition, for contenteditable elements, we should emit the notification on
the element itself. Because we were handling the notification in the same way
as native text controls (where the notification we receive from WebCore is for
StaticTextRole children), we were attempting to emit the notification from
the parent of the contenteditable.

Lastly, ATK's AccessibilityUIElement support had a number of unimplemented
methods that are being used as part of the previously-failing test. Those
methods are now implemented so that the ATK results are much more similar
to those on the Mac.

No new tests needed. The previously-failing test now passes.

* accessibility/AccessibilityNodeObject.cpp:
(WebCore::AccessibilityNodeObject::childrenChanged):
* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::isNonNativeTextControl):
* accessibility/AccessibilityObject.h:
* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::textChanged):
* accessibility/atk/AXObjectCacheAtk.cpp:
(WebCore::AXObjectCache::nodeTextChangePlatformNotification):

Tools:

The test was timing out because it expected an AXValueChanged notification.
In ATK, AXValueChanged notifications are made for widgets which implement
the AtkValue interface (sliders, progress bars, etc.). We should be listening
for AXTextChanged instead. AtkText's text-insert and text-remove have been
added to the AccessibilityNotificationHandler.

Also, ATK's AccessibilityUIElement support had a number of unimplemented
methods that are being used as part of the previously-failing test. Those
methods are now implemented so that the ATK results are much more similar
to those on the Mac.

* WebKitTestRunner/InjectedBundle/atk/AccessibilityNotificationHandlerAtk.cpp:
(WTR::AccessibilityNotificationHandler::connectAccessibilityCallbacks):
* WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:
(WTR::AccessibilityUIElement::stringAttributeValue):
(WTR::AccessibilityUIElement::rangeForLine):
(WTR::AccessibilityUIElement::boundsForRange):
(WTR::AccessibilityUIElement::attributedStringForRange):

LayoutTests:

Updated the test identified in the bug to listen for the appropriate
notification for ATK and created platform-specific expectations.

In addition, set-selected-text-range-contenteditable.html was timing out
due to the use of shouldBecomeEqual() with an assertion that is wrong for
ATK. Modifying the test so that it verifies the result appropriate for
each platform eliminates the timeout.

* accessibility/content-editable-as-textarea.html: Updated.
* accessibility/set-selected-text-range-contenteditable.html: Updated.
* platform/gtk/TestExpectations: Unskipped the failing tests.
* platform/gtk/accessibility/content-editable-as-textarea-expected.txt: Added.
* platform/gtk/accessibility/set-selected-text-range-contenteditable-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200369 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[css-grid] Add support for position resolution with auto-repeat tracks
svillar@igalia.com [Tue, 3 May 2016 11:30:29 +0000 (11:30 +0000)]
[css-grid] Add support for position resolution with auto-repeat tracks
https://bugs.webkit.org/show_bug.cgi?id=157260

Reviewed by Darin Adler.

This is a generalization of our position resolution code so it now supports every possible
type of resolution (definite position, position spans, automatic resolution, named lines
resolution, grid areas...) under the presence of auto-repeat tracks, i.e., tracks that are
dynamically created by the LayoutGrid depending on the available space and that cannot be
directly inferred from the CSS declarations.

This means that we need two extra things to resolve positions:
- the LayoutGrid needs to provide the number of auto-repeat tracks per axis
- a wrapper is needed to hide the eventual presence of auto-repeat tracks (with their line
names) from the rest of the resolution code which should remain mostly unchanged.

The former is trivial (requires passing a new argument to some functions at the most) but
the latter requires a new class called NamedLineCollection. This class allow us to locate
and resolve named lines without having to insert the auto-repeat named lines in the already
existing data structures. It does it in a very compact representation as it does not
duplicate the names for every single repetition.

No new tests required as there is no change in behavior because the auto-repeat tracks
computation is not implemented yet. Current tests already test this code extensively, and
the auto-repeat code paths will be tested later once
RenderGrid::computeAutoRepeatTracksCount() is implemented.

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeAutoRepeatTracksCount): New method with empty implementation.
(WebCore::RenderGrid::placeItemsOnGrid): Initialize the auto repeat tracks count.
(WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
* rendering/RenderGrid.h:
* rendering/style/GridPositionsResolver.cpp:
(WebCore::directionFromSide):
(WebCore::NamedLineCollection::NamedLineCollection): New class which is able to resolve the
positions of a given named line in the presence of auto-repeat and "normal" tracks.
(WebCore::NamedLineCollection::isValidNamedLineOrArea): Checks whether the given named line
is a valid line name or area.
(WebCore::NamedLineCollection::hasNamedLines): Checks whether the named line exists in the
given axis (either specified by auto-repeat or "normal" tracks).
(WebCore::NamedLineCollection::find): Looks for a line number whithin the line numbers where
the given named line was found.
(WebCore::NamedLineCollection::contains):
(WebCore::NamedLineCollection::firstPosition): Returns the first line where the given named
line is located.
(WebCore::adjustGridPositionsFromStyle): Use NamedLineCollection.
(WebCore::GridPositionsResolver::explicitGridColumnCount): Include auto repeat tracks.
(WebCore::GridPositionsResolver::explicitGridRowCount): Ditto.
(WebCore::explicitGridSizeForSide): Ditto.
(WebCore::lookAheadForNamedGridLine): Use NamedLineCollection.
(WebCore::lookBackForNamedGridLine): Ditto.
(WebCore::resolveNamedGridLinePositionFromStyle):
(WebCore::definiteGridSpanWithNamedLineSpanAgainstOpposite):
(WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveGridPositionAgainstOppositePosition):
(WebCore::resolveGridPositionFromStyle):
(WebCore::GridPositionsResolver::resolveGridPositionsFromStyle):
(WebCore::gridLinesForSide): Deleted.
(WebCore::GridPositionsResolver::isNonExistentNamedLineOrArea): Deleted.
* rendering/style/GridPositionsResolver.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200368 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed follow-up testapi fix after r200355.
joepeck@webkit.org [Tue, 3 May 2016 09:18:40 +0000 (09:18 +0000)]
Unreviewed follow-up testapi fix after r200355.

Source/JavaScriptCore:

* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
Revert back to non-enumerable. This matches our older behavior,
we can decide to make this Enumerable later if needed.

LayoutTests:

* js/console-expected.txt:
* js/console.html:
Make window.console non-enumerable.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200367 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed GTK+ gardening. Update drag and drop tests bug reference.
carlosgc@webkit.org [Tue, 3 May 2016 09:09:25 +0000 (09:09 +0000)]
Unreviewed GTK+ gardening. Update drag and drop tests bug reference.

We were using a fixed bug, because drag and drop was already implemented in WebKit2. However, some tests still
fail because some drag and drop events are not emitted when using synthetic events like even sender does. So,
update the bug reference to https://bugs.webkit.org/show_bug.cgi?id=157179 and add two more tests that are
timing out in the bots for the same reason.

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200366 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed. Fix GObject DOM bindings API break after r200316.
carlosgc@webkit.org [Tue, 3 May 2016 08:50:59 +0000 (08:50 +0000)]
Unreviewed. Fix GObject DOM bindings API break after r200316.

webkit_dom_tree_walker_set_current_node no longer raises exceptions after r200316, so mark it accordingly.

* bindings/scripts/CodeGeneratorGObject.pm:
(FunctionUsedToRaiseException):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200365 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[OpenType] OpenTypeVerticalData object should not be created if the font is not OpenType
carlosgc@webkit.org [Tue, 3 May 2016 08:18:13 +0000 (08:18 +0000)]
[OpenType] OpenTypeVerticalData object should not be created if the font is not OpenType
https://bugs.webkit.org/show_bug.cgi?id=157172

Reviewed by Michael Catanzaro.

It's a bit weird that the object is always created and has an isOpenType() method to check whether it's an
OpenType or not. The caller is always deleting the object when it's not an OpenType, so it would be better if
the create method returned nullptr instead of creating the object when the font is not OpenType.

* platform/graphics/FontCache.cpp:
(WebCore::FontCache::verticalData): Do not use isOpenType(), we can now simply use the return value of OpenTypeVerticalData::create().
* platform/graphics/opentype/OpenTypeVerticalData.cpp:
(WebCore::loadHmtxTable): Moved to a helper funtion that returns false if the font is not OpenType.
(WebCore::OpenTypeVerticalData::create): Try to load the Hmtx table, and create the object if succeeded or
return nullptr otherwise.
(WebCore::OpenTypeVerticalData::OpenTypeVerticalData): Receive the advanceWidths as constructor parameter.
(WebCore::OpenTypeVerticalData::loadMetrics): Load all other tables.
* platform/graphics/opentype/OpenTypeVerticalData.h:
(WebCore::OpenTypeVerticalData::isOpenType): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200364 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoChange IDL enumerations to be nested in their C++ class instead of at WebCore namespa...
darin@apple.com [Tue, 3 May 2016 05:47:34 +0000 (05:47 +0000)]
Change IDL enumerations to be nested in their C++ class instead of at WebCore namespace level
https://bugs.webkit.org/show_bug.cgi?id=157257

Reviewed by Chris Dumez.

Source/WebCore:

Chris and Alex requested this alternate style, where the enum class for each enumeration
goes inside the class for the interface the enumeration is used in. Also made a rule that
keeps the names short and not redundant with the class name they are nested in.

* Modules/fetch/FetchOptions.h: Moved all the enum class types into the struct.

* Modules/fetch/FetchRequest.cpp:
(WebCore::setReferrerPolicy): Updated.
(WebCore::setMode): Ditto.
(WebCore::setCredentials): Ditto.
(WebCore::setCache): Ditto.
(WebCore::setRedirect): Ditto.
(WebCore::buildOptions): Ditto.
(WebCore::buildHeaders): Ditto.
(WebCore::FetchRequest::create): Ditto.
* Modules/fetch/FetchRequest.h: Used "using" to repeat the types from FetchOptions
here in FetchRequest. That way the generated bindings can find the types, and we don't
need to do any trick like [ImplementedAs] in thd IDL to make it work.

* Modules/fetch/FetchResponse.cpp:
(WebCore::FetchResponse::error): Updated.
(WebCore::FetchResponse::redirect): Ditto.
(WebCore::FetchResponse::FetchResponse): Ditto.
(WebCore::FetchResponse::startFetching): Ditto.
* Modules/fetch/FetchResponse.h: Moved enum class into the class.

* Modules/mediacontrols/MediaControlsHost.cpp:
(WebCore::MediaControlsHost::externalDeviceType): Updated.
* Modules/mediacontrols/MediaControlsHost.h: Moved enum classs into the class.

* Modules/mediasession/MediaSession.cpp:
(WebCore::MediaSession::MediaSession): Updated.
* Modules/mediasession/MediaSession.h: Moved enum classs into the class.

* Modules/mediasource/MediaSource.cpp:
(WebCore::MediaSource::addSourceBuffer): Updated.
(WebCore::MediaSource::removeSourceBuffer): Ditto.

* Modules/mediasource/MediaSource.h: Moved enum class into the class.

* Modules/mediasource/SourceBuffer.cpp:
(WebCore::SourceBuffer::sourceBufferPrivateDidReceiveRenderingError): Updated.
(WebCore::SourceBuffer::appendError): Ditto.
(WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample): Ditto.
(WebCore::SourceBuffer::textTrackModeChanged): Ditto.

* Modules/mediasource/SourceBuffer.h: Removed incorrect forward declaration
of EndOfStreamError that also now seems to be unneeded. Moved enum class into
the class.

* Modules/mediastream/MediaDeviceInfo.cpp:
(WebCore::MediaDeviceInfo::MediaDeviceInfo): Updated.
(WebCore::MediaDeviceInfo::create): Ditto.
* Modules/mediastream/MediaDeviceInfo.h: Moved enum class into the class.

* Modules/mediastream/MediaDevicesRequest.cpp:
(WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest): Updated.
* Modules/mediastream/MediaStreamTrack.cpp:
(WebCore::MediaStreamTrack::readyState): Updated.

* Modules/mediastream/MediaStreamTrack.h: Moved enum class into the class.

* Modules/mediastream/RTCConfiguration.h: Moved enum classes into the class.

* Modules/webaudio/AudioContext.h: Moved enum class into the class.

* Modules/webaudio/WaveShaperNode.cpp:
(WebCore::processorType): Updated.
(WebCore::WaveShaperNode::oversample): Ditto.
* Modules/webaudio/WaveShaperNode.h: Moved enum class into the class.

* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::response): Updated.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateGetOwnPropertySlotBody): Removed unneeded $interfaceName argument.
(GetAttributeGetterName): Ditto.
(GetAttributeSetterName): Ditto.
(GetFunctionName): Tweaked style.
(AttributeShouldBeOnInstanceForCompatibility): Deleted. Was a function that
always returned 0.
(AttributeShouldBeOnInstance): Removed the call to the function above.
(IsClassNameWordBoundary): Added. Helper for function below.
(IsPrefixRemovable): Ditto.
(GetEnumerationClassName): Added an $interface argument and changed this
so it creates a nested name inside the class rather than a top level name
for use at the WebCore namespace level.
(GetEnumerationClassIdentifier): Added. Calls GetEnumerationClassName and
makes a flattened name without "::" that can be used in an identifier.
(GenerateEnumerationImplementationContent): Renamed from GetXXX. Added an
$interface argument, so it can pass that along to the functions above.
(GenerateHeader): Updated to not pass $interfaceName.
(GeneratePropertiesHashTable): Ditto.
(GenerateOverloadedFunction): Removed unneeded $interfaceName argument.
(GenerateImplementation): Updated for changes above. Tweaked formatting.
(GenerateFunctionCastedThis): Removed unneeded $interfaceName argument.
(GenerateParametersCheck): Ditto. Also streamlined implementation a bit
and made the IsEnumType section call the new functions.
(GenerateCallbackImplementation): Ditto.
(JSValueToNative): Added an $interface argument and pass it along when
dealing with enumerations.
(GeneratePrototypeDeclaration): Removed unneeded $interfaceName argument.
(GenerateConstructorDeclaration): Ditto.
(GenerateConstructorDefinitions): Ditto.
(GenerateConstructorDefinition): Ditto.
(GenerateConstructorHelperMethods): Ditto.

* bindings/scripts/test/JS/JSTestObj.cpp: Regenerated.

* bindings/scripts/test/TestObj.idl: Added some new enums that test some
of the logic above.

* crypto/CryptoKey.cpp:
(WebCore::CryptoKey::CryptoKey): Updated.
(WebCore::CryptoKey::usages): Ditto.
* crypto/CryptoKey.h: Moved enum class types inside the CryptoKey class.
Added comments about the two similar but distinct types named
CryptoKeyUsage and CryptoKey::Usage.

* css/FontFace.cpp:
(WebCore::FontFace::status): Updated.
* css/FontFace.h: Moved enum class into the class.

* css/FontFaceSet.cpp:
(WebCore::FontFaceSet::status): Updated.
* css/FontFaceSet.h: Moved enum class into the class.

* dom/Document.cpp:
(WebCore::Document::Document): Updated for the name change back from
ReferrerHeaderPolicy to ReferrerPolicy.
(WebCore::Document::processReferrerPolicy): Ditto.
(WebCore::Document::applyContentDispositionAttachmentSandbox): Ditto.
* dom/Document.h: More of the same.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::loadInternal): Updated.
(WebCore::HTMLMediaElement::textTrackModeChanged): Ditto.
(WebCore::HTMLMediaElement::textTrackKindChanged): Ditto.
(WebCore::HTMLMediaElement::textTrackAddCues): Ditto.
(WebCore::HTMLMediaElement::textTrackAddCue): Ditto.
(WebCore::HTMLMediaElement::addTextTrack): Ditto.
(WebCore::HTMLMediaElement::configureTextTrackGroup): Ditto.
(WebCore::HTMLMediaElement::setSelectedTextTrack): Ditto.
(WebCore::HTMLMediaElement::configureTextTracks): Ditto.
(WebCore::HTMLMediaElement::hasClosedCaptions): Ditto.
(WebCore::HTMLMediaElement::configureTextTrackDisplay): Ditto.
(WebCore::HTMLMediaElement::markCaptionAndSubtitleTracksAsUnconfigured): Ditto.
(WebCore::toPlatform): Ditto.
(WebCore::HTMLMediaElement::outOfBandTrackSources): Ditto.
* html/HTMLTrackElement.cpp:
(WebCore::HTMLTrackElement::scheduleLoad): Ditto.

* html/HTMLVideoElement.h: Moved enum class into class.

* html/HTMLVideoElement.idl: Added the missing conditional on
VideoPresentationMode, and also moved it to the bottom of the file
to work around what is apparently a bug in the IDL parser.

* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::toWindRule): Updated.
(WebCore::CanvasRenderingContext2D::fill): Ditto.
(WebCore::CanvasRenderingContext2D::clip): Ditto.
(WebCore::CanvasRenderingContext2D::fillInternal): Ditto.
(WebCore::CanvasRenderingContext2D::clipInternal): Ditto.
(WebCore::CanvasRenderingContext2D::isPointInPath): Ditto.
(WebCore::CanvasRenderingContext2D::isPointInPathInternal): Ditto.
(WebCore::smoothingToInterpolationQuality): Ditto.

* html/canvas/CanvasRenderingContext2D.h: Moved enum class types into the class.

* html/shadow/MediaControlElements.cpp:
(WebCore::MediaControlClosedCaptionsTrackListElement::updateDisplay): Updated.
(WebCore::MediaControlTextTrackContainerElement::updateDisplay): Ditto.

* html/track/InbandTextTrack.cpp:
(WebCore::InbandTextTrack::setMode): Updated.
(WebCore::toPrivate): Ditto.
(WebCore::InbandTextTrack::setModeInternal): Ditto.
(WebCore::InbandTextTrack::updateKindFromPrivate): Ditto.
* html/track/InbandTextTrack.h: Ditto.
* html/track/TextTrack.cpp:
(WebCore::TextTrack::TextTrack): Ditto.
(WebCore::TextTrack::enabled): Ditto.
(WebCore::TextTrack::kindKeyword): Ditto.
(WebCore::TextTrack::setKind): Ditto.
(WebCore::TextTrack::setKindKeywordIgnoringASCIICase): Ditto.
(WebCore::TextTrack::setMode): Ditto.
(WebCore::TextTrack::cues): Ditto.
(WebCore::TextTrack::activeCues): Ditto.
(WebCore::TextTrack::addCue): Ditto.
(WebCore::TextTrack::regions): Ditto.
(WebCore::TextTrack::isRendered): Ditto.
(WebCore::TextTrack::isMainProgramContent): Ditto.
(WebCore::TextTrack::containsOnlyForcedSubtitles): Ditto.

* html/track/TextTrack.h: Moved enum class types into the class.

* html/track/TextTrackCue.cpp:
(WebCore::TextTrackCue::dispatchEvent): Updated.
(WebCore::TextTrackCue::isActive): Ditto.
* loader/FrameNetworkingContext.h: Ditto.
* page/CaptionUserPreferences.cpp:
(WebCore::CaptionUserPreferences::sortedTrackListForMenu): Ditto.
(WebCore::CaptionUserPreferences::textTrackSelectionScore): Ditto.
* page/CaptionUserPreferencesMediaAF.cpp:
(WebCore::CaptionUserPreferencesMediaAF::textTrackSelectionScore): Ditto.
(WebCore::CaptionUserPreferencesMediaAF::sortedTrackListForMenu): Ditto.

* page/SecurityPolicy.cpp:
(WebCore::SecurityPolicy::generateReferrerHeader): Updated since we
changed ReferrerHeaderPolicy back to ReferrerPolicy.
* page/SecurityPolicy.h: Ditto.

* platform/ReferrerPolicy.h: Changed ReferrerHeaderPolicy name back
to ReferrerPolicy now that nesting inside a class eliminated the conflict;
still should merge them and that FIXME remains.

* platform/cocoa/WebPlaybackSessionModelMediaElement.mm:
(WebPlaybackSessionModelMediaElement::updateForEventName): Updated.
(WebPlaybackSessionModelMediaElement::updateLegibleOptions): Ditto.

* testing/Internals.cpp:
(WebCore::toResourceRequestCachePolicy): Updated.
(WebCore::Internals::setOverrideCachePolicy): Ditto.
(WebCore::toResourceLoadPriority): Ditto.
(WebCore::Internals::setOverrideResourceLoadPriority): Ditto.
(WebCore::toAutoFillButtonType): Ditto.
(WebCore::Internals::setShowAutoFillButton): Ditto.

* testing/Internals.h: Moved enum class types into class.

* testing/Internals.idl: Removed the "Internals" prefixes we added
to resolve ambiguity before. Nesting these in the class now takes care
of the ambiguity instead.

* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::responseText): Updated.
(WebCore::XMLHttpRequest::didCacheResponseJSON): Ditto.
(WebCore::XMLHttpRequest::responseXML): Ditto.
(WebCore::XMLHttpRequest::responseBlob): Ditto.
(WebCore::XMLHttpRequest::responseArrayBuffer): Ditto.
(WebCore::XMLHttpRequest::setResponseType): Ditto.
(WebCore::XMLHttpRequest::open): Ditto.
(WebCore::shouldDecodeResponse): Ditto.

* xml/XMLHttpRequest.h: Moved the enum class into the class.

Source/WebKit2:

* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::loadResource): Updated since we changed
ReferrerHeaderPolicy back to ReferrerPolicy.
(WebKit::WebLoaderStrategy::schedulePluginStreamLoad): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200361 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDon't run transitions to/from 'auto' values
simon.fraser@apple.com [Tue, 3 May 2016 03:39:51 +0000 (03:39 +0000)]
Don't run transitions to/from 'auto' values
https://bugs.webkit.org/show_bug.cgi?id=38243
rdar://problem/20904225

Reviewed by Dean Jackson.
Source/WebCore:

The specified behavior of transitions and animations is to not animate when either endpoint is 'auto'.
Previously, we were treating 'auto' as zero and interpolating, which caused unwanted animations
on fandango.com, airbnb.com and others.

Fix by having blend() return the from value if progress is 0, otherwise the to value. The
isZero() check can be removed, since this was effectively picking up auto value for one endpoint.

Tests: transitions/lengthsize-transition-to-from-auto.html
       transitions/transition-to-from-auto.html

* platform/Length.cpp:
(WebCore::blend):

LayoutTests:

* platform/mac-wk2/transitions/default-timing-function-expected.txt: New baseline.
* transitions/default-timing-function.html: Set explicit start value.
* transitions/interrupted-all-transition.html: Set explicit start value.
* transitions/lengthsize-transition-to-from-auto-expected.txt: Added.
* transitions/lengthsize-transition-to-from-auto.html: Added.
* transitions/transition-to-from-auto-expected.txt: Added.
* transitions/transition-to-from-auto.html: Added.
* transitions/zero-duration-in-list.html: Set explicit start value.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200360 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r200337.
commit-queue@webkit.org [Tue, 3 May 2016 02:58:42 +0000 (02:58 +0000)]
Unreviewed, rolling out r200337.
https://bugs.webkit.org/show_bug.cgi?id=157294

Console hangs when evaluating expresisons (Requested by
JoePeck on #webkit).

Reverted changeset:

"Web Inspector: Adding a new console message shouldn't modify
DOM when the console log is hidden"
https://bugs.webkit.org/show_bug.cgi?id=155629
http://trac.webkit.org/changeset/200337

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200359 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoIndexing CSSStyleDeclaration object with out-of-range index should return undefined
cdumez@apple.com [Tue, 3 May 2016 02:52:19 +0000 (02:52 +0000)]
Indexing CSSStyleDeclaration object with out-of-range index should return undefined
https://bugs.webkit.org/show_bug.cgi?id=157283

Reviewed by Darin Adler.

Source/WebCore:

Indexing CSSStyleDeclaration object with out-of-range index should return undefined,
as per:
- http://heycam.github.io/webidl/#idl-indexed-properties
- http://heycam.github.io/webidl/#getownproperty-guts

WebKit was incorrectly returning the empty string in this case. We however, still
return the empty string if calling the indexed property getter via item(), as is
expected.

The new behavior matches Firefox and the Web IDL specification. Chrome returns the
empty string in this case though.

Test: fast/dom/indexed-getters-returning-string.html

* css/CSSComputedStyleDeclaration.cpp:
(WebCore::CSSComputedStyleDeclaration::item):
* css/PropertySetCSSStyleDeclaration.cpp:
(WebCore::PropertySetCSSStyleDeclaration::item):

LayoutTests:

Rebaseline a couple of existing tests due to the slight behavior change.
Also add a new layout test for more extensive testing.

* fast/dom/CSSStyleDeclaration/css-computed-style-item-expected.txt:
* fast/dom/CSSStyleDeclaration/css-style-item-expected.txt:
* fast/dom/CSSStyleDeclaration/script-tests/css-computed-style-item.js:
* fast/dom/CSSStyleDeclaration/script-tests/css-style-item.js:
* fast/dom/indexed-getters-returning-string-expected.txt: Added.
* fast/dom/indexed-getters-returning-string.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200358 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSpecifying a longhand property should not serialize to a shorthand property
dino@apple.com [Tue, 3 May 2016 02:25:31 +0000 (02:25 +0000)]
Specifying a longhand property should not serialize to a shorthand property
https://bugs.webkit.org/show_bug.cgi?id=157180

Patch by Antoine Quint <graouts@apple.com> on 2016-05-02
Reviewed by Dean Jackson.

Source/WebCore:

Ensure that we don't serialize to a shorthand property when the required longhand components
are not specified, per http://www.w3.org/TR/cssom-1/#serialize-a-css-declaration-block.

Test: fast/css/no-shorthand-with-incomplete-longhands.html

* css/StyleProperties.cpp:
(WebCore::StyleProperties::getLayeredShorthandValue):
Returning an empty string here means that calling getPropertyValue() with
the shorthand property matching the currently processed longhand property
in asText() will return an empty string as well and the shorthand property
will be disregarded.

LayoutTests:

A fair few tests relied on reading from a shorthand value when it was incorrect
to produce one, so we fix those incorrect assertions. We also add a new test that
goes through all the longhand properties for a given shorthand property and checks
that none of the longhand properties will yield a shorthand value.

* cssom/cssvalue-comparison-expected.txt:
* cssom/cssvalue-comparison.html:
* fast/css/background-position-serialize-expected.txt:
* fast/css/background-position-serialize.html:
* fast/css/no-shorthand-with-incomplete-longhands-expected.txt: Added.
* fast/css/no-shorthand-with-incomplete-longhands.html: Added.
* fast/css/remove-shorthand-expected.txt:
* fast/css/script-tests/image-set-setting.js:
(testComputedStyle):
* fast/css/uri-token-parsing-expected.txt:
* fast/css/uri-token-parsing.html:
* fast/css/webkit-mask-crash-implicit-expected.txt:
* fast/css/webkit-mask-crash-implicit.html:
* fast/dom/Element/setAttributeNode-for-existing-attribute.html:
* fast/dom/background-shorthand-csstext-expected.txt:
* fast/dom/background-shorthand-csstext.html:
* http/tests/security/contentSecurityPolicy/inline-style-allowed-while-cloning-objects-expected.txt:
* http/tests/security/contentSecurityPolicy/inline-style-allowed-while-cloning-objects.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200357 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION: Page layout of Manga/Picture books and all Fixed Layout ePubs corrupted
dino@apple.com [Tue, 3 May 2016 02:17:36 +0000 (02:17 +0000)]
REGRESSION: Page layout of Manga/Picture books and all Fixed Layout ePubs corrupted
https://bugs.webkit.org/show_bug.cgi?id=157292
<rdar://problem/25750144>

Reviewed by Tim Horton.

The scroll state restoration fixes caused a regression in UIWebViews.
Code in UIKit checks for a non-zero page scale in a history item, and
r199233 changed the initialization from 0 to 1.

* history/HistoryItem.h: Use 0 instead of 1 as the initial m_scale.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200356 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Reflect.toString() should be [object Object] not [object Reflect]
commit-queue@webkit.org [Tue, 3 May 2016 02:00:22 +0000 (02:00 +0000)]
Web Inspector: Reflect.toString() should be [object Object] not [object Reflect]
https://bugs.webkit.org/show_bug.cgi?id=157288

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-02
Reviewed by Darin Adler.

* runtime/ReflectObject.cpp:
* tests/stress/reflect.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200355 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Mac] AirPlay fails if target is set before AVPlayer has been created
eric.carlson@apple.com [Tue, 3 May 2016 01:39:50 +0000 (01:39 +0000)]
[Mac] AirPlay fails if target is set before AVPlayer has been created
https://bugs.webkit.org/show_bug.cgi?id=157147
<rdar://problem/24197592>

Reviewed by Dean Jackson.

No new tests, it won't be possible to test this until
https://bugs.webkit.org/show_bug.cgi?id=157290 has been fixed.

* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200354 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Unexpected "Script Element #" resources in Debugger Sidebar
commit-queue@webkit.org [Tue, 3 May 2016 01:34:32 +0000 (01:34 +0000)]
Web Inspector: Unexpected "Script Element #" resources in Debugger Sidebar
https://bugs.webkit.org/show_bug.cgi?id=157280

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-02
Reviewed by Timothy Hatcher.

* UserInterface/Views/DebuggerSidebarPanel.js:
(WebInspector.DebuggerSidebarPanel.prototype._addScript):
Don't include Script Element resources in the debugger sidebar by default.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200353 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoConst-ify some IDB code.
beidson@apple.com [Tue, 3 May 2016 01:01:53 +0000 (01:01 +0000)]
Const-ify some IDB code.
https://bugs.webkit.org/show_bug.cgi?id=157287

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (Refactor only).

* Modules/indexeddb/client/IDBConnectionToServerDelegate.h:
* Modules/indexeddb/shared/InProcessIDBServer.cpp:
(WebCore::InProcessIDBServer::deleteDatabase):
(WebCore::InProcessIDBServer::openDatabase):
(WebCore::InProcessIDBServer::abortTransaction):
(WebCore::InProcessIDBServer::commitTransaction):
(WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
* Modules/indexeddb/shared/InProcessIDBServer.h:

Source/WebKit2:

* WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:
(WebKit::WebIDBConnectionToServer::deleteDatabase):
(WebKit::WebIDBConnectionToServer::openDatabase):
(WebKit::WebIDBConnectionToServer::abortTransaction):
(WebKit::WebIDBConnectionToServer::commitTransaction):
(WebKit::WebIDBConnectionToServer::didFinishHandlingVersionChangeTransaction):
* WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200352 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd Resource Timing entry to the Feature Status page.
jond@apple.com [Tue, 3 May 2016 00:51:39 +0000 (00:51 +0000)]
Add Resource Timing entry to the Feature Status page.
https://bugs.webkit.org/show_bug.cgi?id=157285

Reviewed by Timothy Hatcher.

* features.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200351 268f45cc-cd09-0410-ab3c-d52691b4dbfc