WebKit-https.git
4 years agoUpdate Xcode project for InstallAPI
ap@apple.com [Wed, 2 Mar 2016 02:28:12 +0000 (02:28 +0000)]
Update Xcode project for InstallAPI
https://bugs.webkit.org/show_bug.cgi?id=154896
rdar://problem/24825992

Patch by Daniel Dunbar, reviewed by me.

* Configurations/WebCore.xcconfig:
* WebCore.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197433 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoOne more attempt to fix the build.
adachan@apple.com [Wed, 2 Mar 2016 02:16:12 +0000 (02:16 +0000)]
One more attempt to fix the build.

* platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:
(WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197432 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAttempt to fix the internal build.
adachan@apple.com [Wed, 2 Mar 2016 02:07:20 +0000 (02:07 +0000)]
Attempt to fix the internal build.

* platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:
(WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197431 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix iOS EWS.
commit-queue@webkit.org [Wed, 2 Mar 2016 01:43:03 +0000 (01:43 +0000)]
Fix iOS EWS.
https://bugs.webkit.org/show_bug.cgi?id=154880

Patch by Dean Johnson <dean_johnson@apple.com> on 2016-03-01
Reviewed by Alexey Proskuryakov.

* Scripts/copy-webkitlibraries-to-product-directory:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197430 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdopt the new version of AVOutputDeviceMenuController's showMenuForRect method.
adachan@apple.com [Wed, 2 Mar 2016 01:15:09 +0000 (01:15 +0000)]
Adopt the new version of AVOutputDeviceMenuController's showMenuForRect method.
https://bugs.webkit.org/show_bug.cgi?id=154823

Reviewed by Tim Horton.

Source/WebCore:

* Modules/mediasession/WebMediaSessionManager.cpp:
(WebCore::WebMediaSessionManager::showPlaybackTargetPicker):
(WebCore::WebMediaSessionManager::customPlaybackActionSelected):
Call customPlaybackActionSelected() on the client that requested the picker.
* Modules/mediasession/WebMediaSessionManager.h:
* Modules/mediasession/WebMediaSessionManagerClient.h:
* dom/Document.cpp:
(WebCore::Document::showPlaybackTargetPicker):
(WebCore::Document::customPlaybackActionSelected):
* dom/Document.h:
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::customPlaybackActionSelected):
(WebCore::HTMLMediaElement::playbackTargetPickerCustomActionName):
* html/HTMLMediaElement.h:
* html/MediaElementSession.cpp:
(WebCore::MediaElementSession::showPlaybackTargetPicker):
(WebCore::MediaElementSession::customPlaybackActionSelected):
* html/MediaElementSession.h:
* page/ChromeClient.h:
* page/Page.cpp:
(WebCore::Page::showPlaybackTargetPicker):
(WebCore::Page::customPlaybackActionSelected):
* page/Page.h:
* platform/audio/PlatformMediaSession.h:
(WebCore::PlatformMediaSessionClient::customPlaybackActionSelected):
* platform/graphics/MediaPlaybackTargetClient.h:
* platform/graphics/MediaPlaybackTargetPicker.cpp:
(WebCore::MediaPlaybackTargetPicker::pendingActionTimerFired):
(WebCore::MediaPlaybackTargetPicker::showPlaybackTargetPicker):
* platform/graphics/MediaPlaybackTargetPicker.h:
(WebCore::MediaPlaybackTargetPicker::Client::customPlaybackActionSelected):
(WebCore::MediaPlaybackTargetPicker::customPlaybackActionSelected):
* platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.h:
* platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:
Update the forward declaration of AVOutputDeviceMenuController's showMenuForRect method.
(WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):
Call the new version of showMenuForRect if available.
* platform/mac/WebVideoFullscreenInterfaceMac.h:
* platform/mac/WebVideoFullscreenInterfaceMac.mm:
(WebCore::WebVideoFullscreenInterfaceMac::setExternalPlayback):
* platform/mock/MediaPlaybackTargetPickerMock.cpp:
(WebCore::MediaPlaybackTargetPickerMock::showPlaybackTargetPicker):
* platform/mock/MediaPlaybackTargetPickerMock.h:
* platform/spi/cocoa/AVKitSPI.h:
Updated with the new version of showMenuForRect.

Source/WebKit/mac:

* WebCoreSupport/WebChromeClient.h:
* WebCoreSupport/WebChromeClient.mm:
(WebChromeClient::showPlaybackTargetPicker):
* WebView/WebMediaPlaybackTargetPicker.h:
* WebView/WebMediaPlaybackTargetPicker.mm:
(WebMediaPlaybackTargetPicker::showPlaybackTargetPicker):
(WebMediaPlaybackTargetPicker::customPlaybackActionSelected):
* WebView/WebView.mm:
(-[WebView _showPlaybackTargetPicker:location:hasVideo:]):

Source/WebKit2:

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::showPlaybackTargetPicker):
(WebKit::WebPageProxy::customPlaybackActionSelected):
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in:
* WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::showPlaybackTargetPicker):
* WebProcess/WebCoreSupport/WebChromeClient.h:
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/WebPage.messages.in:
* WebProcess/WebPage/mac/WebPageMac.mm:
(WebKit::WebPage::customPlaybackActionSelected):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197429 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoPromise.prototype.then should use Symbol.species to construct the return Promise
keith_miller@apple.com [Wed, 2 Mar 2016 01:08:53 +0000 (01:08 +0000)]
Promise.prototype.then should use Symbol.species to construct the return Promise
https://bugs.webkit.org/show_bug.cgi?id=154862

Reviewed by Saam Barati.

* builtins/PromisePrototype.js:
* tests/stress/promise-species-functions.js: Added.
(Symbol.species):
(id):
(funcThrows):
(makeC):
(test.species):
(test.speciesThrows):
(test):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197428 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[WK2] Stub support for WebsiteDataTypeResourceLoadStatistics
bfulgham@apple.com [Wed, 2 Mar 2016 01:02:13 +0000 (01:02 +0000)]
[WK2] Stub support for WebsiteDataTypeResourceLoadStatistics
https://bugs.webkit.org/show_bug.cgi?id=154689
<rdar://problem/24702576>

Reviewed by Sam Weinig.

* Shared/WebsiteData/WebsiteDataType.h: Add new WebsiteDataTypeResourceLoadStatistics.
* UIProcess/API/Cocoa/WKWebsiteDataRecord.mm:
(dataTypesToString): Handle new type.
* UIProcess/API/Cocoa/WKWebsiteDataRecordInternal.h:
(WebKit::toWebsiteDataTypes): Ditto.
(WebKit::toWKWebsiteDataTypes): Ditto.
* UIProcess/API/Cocoa/WKWebsiteDataRecordPrivate.h: Add new _WebsiteDataTypeResourceLoadStatistics.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197427 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Add support for Unicode regular expressions
msaboff@apple.com [Wed, 2 Mar 2016 00:39:01 +0000 (00:39 +0000)]
[ES6] Add support for Unicode regular expressions
https://bugs.webkit.org/show_bug.cgi?id=154842

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Added processing of Unicode regular expressions to the Yarr interpreter.

Changed parsing of regular expression patterns and PatternTerms to process characters as
UChar32 in the Yarr code.  The parser converts matched surrogate pairs into the appropriate
Unicode character when the expression is parsed.  When matching a unicode expression and
reading source characters, we convert proper surrogate pair into a Unicode character and
advance the source cursor, "pos", one more position.  The exception to this is when we
know when generating a fixed character atom that we need to match a unicode character
that doesn't fit in 16 bits.  The code calls this an extendedUnicodeCharacter and has a
helper to determine this.

Added 'u' flag and 'unicode' identifier to regular expression classes.  Added an "isUnicode"
parameter to YarrPattern pattern() and internal users of that function.

Updated the generation of the canonicalization tables to include a new set a tables that
follow the ES 6.0, 21.2.2.8.2 Step 2.  Renamed the YarrCanonicalizeUCS2.* files to
YarrCanonicalizeUnicode.*.

Added a new Layout/js test that tests the added functionality.  Updated other tests that
have minor es6 unicode checks and look for valid flags.

Ran the ChakraCore Unicode regular expression tests as well.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:

* inspector/ContentSearchUtilities.cpp:
(Inspector::ContentSearchUtilities::findMagicComment):
* yarr/RegularExpression.cpp:
(JSC::Yarr::RegularExpression::Private::compile):
Updated use of pattern().

* runtime/CommonIdentifiers.h:
* runtime/RegExp.cpp:
(JSC::regExpFlags):
(JSC::RegExpFunctionalTestCollector::outputOneTest):
(JSC::RegExp::finishCreation):
(JSC::RegExp::compile):
(JSC::RegExp::compileMatchOnly):
* runtime/RegExp.h:
* runtime/RegExpKey.h:
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncCompile):
(JSC::flagsString):
(JSC::regExpProtoGetterMultiline):
(JSC::regExpProtoGetterUnicode):
(JSC::regExpProtoGetterFlags):
Updated for new 'y' (unicode) flag.  Add check to use the interpreter for unicode regular expressions.

* tests/es6.yaml:
* tests/stress/static-getter-in-names.js:
Updated tests for new flag and for passing the minimal es6 regular expression processing.

* yarr/Yarr.h: Updated the size of information now kept for backtracking.

* yarr/YarrCanonicalizeUCS2.cpp: Removed.
* yarr/YarrCanonicalizeUCS2.h: Removed.
* yarr/YarrCanonicalizeUCS2.js: Removed.
* yarr/YarrCanonicalizeUnicode.cpp: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUCS2.cpp.
* yarr/YarrCanonicalizeUnicode.h: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUCS2.h.
(JSC::Yarr::canonicalCharacterSetInfo):
(JSC::Yarr::canonicalRangeInfoFor):
(JSC::Yarr::getCanonicalPair):
(JSC::Yarr::isCanonicallyUnique):
(JSC::Yarr::areCanonicallyEquivalent):
(JSC::Yarr::rangeInfoFor): Deleted.
* yarr/YarrCanonicalizeUnicode.js: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUCS2.js.
(printHeader):
(printFooter):
(hex):
(canonicalize):
(canonicalizeUnicode):
(createUCS2CanonicalGroups):
(createUnicodeCanonicalGroups):
(cu.in.groupedCanonically.characters.sort): Deleted.
(cu.in.groupedCanonically.else): Deleted.
Refactored to output two sets of tables, one for UCS2 and one for Unicode.  The UCS2 tables follow
the legacy canonicalization rules now specified in ES 6.0, 21.2.2.8.2 Step 3.  The new Unicode
tables follow the rules specified in ES 6.0, 21.2.2.8.2 Step 2.  Eliminated the unused Latin1 tables.

* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::InputStream::InputStream):
(JSC::Yarr::Interpreter::InputStream::readChecked):
(JSC::Yarr::Interpreter::InputStream::readSurrogatePairChecked):
(JSC::Yarr::Interpreter::InputStream::reread):
(JSC::Yarr::Interpreter::InputStream::prev):
(JSC::Yarr::Interpreter::testCharacterClass):
(JSC::Yarr::Interpreter::checkCharacter):
(JSC::Yarr::Interpreter::checkSurrogatePair):
(JSC::Yarr::Interpreter::checkCasedCharacter):
(JSC::Yarr::Interpreter::tryConsumeBackReference):
(JSC::Yarr::Interpreter::backtrackPatternCharacter):
(JSC::Yarr::Interpreter::matchCharacterClass):
(JSC::Yarr::Interpreter::backtrackCharacterClass):
(JSC::Yarr::Interpreter::matchParenthesesTerminalEnd):
(JSC::Yarr::Interpreter::matchDisjunction):
(JSC::Yarr::Interpreter::Interpreter):
(JSC::Yarr::ByteCompiler::assertionWordBoundary):
(JSC::Yarr::ByteCompiler::atomPatternCharacter):
* yarr/YarrInterpreter.h:
(JSC::Yarr::ByteTerm::ByteTerm):
(JSC::Yarr::BytecodePattern::BytecodePattern):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::optimizeAlternative):
(JSC::Yarr::YarrGenerator::matchCharacterClassRange):
(JSC::Yarr::YarrGenerator::matchCharacterClass):
(JSC::Yarr::YarrGenerator::notAtEndOfInput):
(JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
(JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
(JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
* yarr/YarrParser.h:
(JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
(JSC::Yarr::Parser::Parser):
(JSC::Yarr::Parser::parseEscape):
(JSC::Yarr::Parser::consumePossibleSurrogatePair):
(JSC::Yarr::Parser::parseCharacterClass):
(JSC::Yarr::Parser::parseTokens):
(JSC::Yarr::Parser::parse):
(JSC::Yarr::Parser::atEndOfPattern):
(JSC::Yarr::Parser::patternRemaining):
(JSC::Yarr::Parser::peek):
(JSC::Yarr::parse):
* yarr/YarrPattern.cpp:
(JSC::Yarr::CharacterClassConstructor::CharacterClassConstructor):
(JSC::Yarr::CharacterClassConstructor::append):
(JSC::Yarr::CharacterClassConstructor::putChar):
(JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase):
(JSC::Yarr::CharacterClassConstructor::putRange):
(JSC::Yarr::CharacterClassConstructor::charClass):
(JSC::Yarr::CharacterClassConstructor::addSorted):
(JSC::Yarr::CharacterClassConstructor::addSortedRange):
(JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
(JSC::Yarr::YarrPatternConstructor::assertionWordBoundary):
(JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
(JSC::Yarr::YarrPatternConstructor::atomCharacterClassBegin):
(JSC::Yarr::YarrPatternConstructor::atomCharacterClassAtom):
(JSC::Yarr::YarrPatternConstructor::atomCharacterClassRange):
(JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
(JSC::Yarr::YarrPattern::compile):
(JSC::Yarr::YarrPattern::YarrPattern):
* yarr/YarrPattern.h:
(JSC::Yarr::CharacterRange::CharacterRange):
(JSC::Yarr::CharacterClass::CharacterClass):
(JSC::Yarr::PatternTerm::PatternTerm):
(JSC::Yarr::YarrPattern::reset):
* yarr/YarrSyntaxChecker.cpp:
(JSC::Yarr::SyntaxChecker::assertionBOL):
(JSC::Yarr::SyntaxChecker::assertionEOL):
(JSC::Yarr::SyntaxChecker::assertionWordBoundary):
(JSC::Yarr::SyntaxChecker::atomPatternCharacter):
(JSC::Yarr::SyntaxChecker::atomBuiltInCharacterClass):
(JSC::Yarr::SyntaxChecker::atomCharacterClassBegin):
(JSC::Yarr::SyntaxChecker::atomCharacterClassAtom):
(JSC::Yarr::checkSyntax):

LayoutTests:

Added a new test for the added unicode regular expression processing.

Updated several tests for the y flag changes and "unicode" property.

* js/regexp-unicode-expected.txt: Added.
* js/regexp-unicode.html: Added.
* js/script-tests/regexp-unicode.js: Added.
New test.

* js/Object-getOwnPropertyNames-expected.txt:
* js/regexp-flags-expected.txt:
* js/script-tests/Object-getOwnPropertyNames.js:
* js/script-tests/regexp-flags.js:
(RegExp.prototype.hasOwnProperty):
Updated tests.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197426 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking fast/text/crash-complex-text-surrogate.html as flaky on mac
ryanhaddad@apple.com [Wed, 2 Mar 2016 00:31:47 +0000 (00:31 +0000)]
Marking fast/text/crash-complex-text-surrogate.html as flaky on mac
https://bugs.webkit.org/show_bug.cgi?id=154709

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197425 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agocom.apple.WebKit.Networking.Development crashes in WebCore::formOpen()
dbates@webkit.org [Wed, 2 Mar 2016 00:01:31 +0000 (00:01 +0000)]
com.apple.WebKit.Networking.Development crashes in WebCore::formOpen()
https://bugs.webkit.org/show_bug.cgi?id=154682
<rdar://problem/23550269>

Reviewed by Brent Fulgham.

Speculative fix for a race condition when opening the stream for the next form data element.
Calling CFReadStreamOpen(s) in WebCore::openNextStream() can cause stream s to be closed and
deallocated before CFReadStreamOpen(s) returns.

When WebCore::openNextStream() is called it closes and deallocates the current stream and
then opens a new stream for the next form data element. Calling CFReadStreamOpen() in
WebCore::openNextStream() can lead to WebCore::openNextStream() being re-entered via
WebCore::formEventCallback() from another thread. One example when this can occur is when
the stream being opened has no data (i.e. WebCore::formEventCallback() is called
back with event type kCFStreamEventEndEncountered).

I have been unable to reproduce this crash. We know that it occurs from crash reports.

* platform/network/cf/FormDataStreamCFNet.cpp:
(WebCore::closeCurrentStream): Assert that we had acquired a lock to close the stream.
(WebCore::advanceCurrentStream): Assert that we had acquired a lock to advance the stream.
(WebCore::openNextStream): Acquire a lock before we open the next stream to ensure that
exactly one thread executes this critical section at a time.
(WebCore::formFinalize): Acquire a lock before we close the current stream.
(WebCore::formClose): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197424 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoASSERT in platform/graphics/mac/ComplexTextController.cpp::capitalize()
msaboff@apple.com [Wed, 2 Mar 2016 00:00:02 +0000 (00:00 +0000)]
ASSERT in platform/graphics/mac/ComplexTextController.cpp::capitalize()
https://bugs.webkit.org/show_bug.cgi?id=154875

Reviewed by Myles C. Maxfield.

Source/WebCore:

Change an ASSERT to verify that uper casing a character doesn't change its size.

Test: fast/text/regress-154875.html

* platform/graphics/mac/ComplexTextController.cpp:
(WebCore::capitalized):

LayoutTests:

New test.

* fast/text/regress-154875-expected.txt: Added.
* fast/text/regress-154875.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197423 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove FIXMEs and add valid test cases after necessary patch has landed.
sbarati@apple.com [Tue, 1 Mar 2016 23:58:11 +0000 (23:58 +0000)]
Remove FIXMEs and add valid test cases after necessary patch has landed.

Rubber stamped by Mark Lam.

* tests/stress/proxy-prevent-extensions.js:
(assert.Object.isSealed):
(assert):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197422 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Implement Proxy.[[IsExtensible]]
sbarati@apple.com [Tue, 1 Mar 2016 23:51:53 +0000 (23:51 +0000)]
[ES6] Implement Proxy.[[IsExtensible]]
https://bugs.webkit.org/show_bug.cgi?id=154872

Reviewed by Oliver Hunt.

This patch is a direct implementation of Proxy.[[IsExtensible]] with respect to section 9.5.3
of the ECMAScript 6 spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-isextensible

* runtime/ProxyObject.cpp:
(JSC::ProxyObject::preventExtensions):
(JSC::ProxyObject::performIsExtensible):
(JSC::ProxyObject::isExtensible):
(JSC::ProxyObject::visitChildren):
* runtime/ProxyObject.h:
* tests/es6.yaml:
* tests/stress/proxy-is-extensible.js: Added.
(assert):
(throw.new.Error.let.handler.get isExtensible):
(throw.new.Error):
(assert.let.handler.isExtensible):
(assert.):
(let.handler.isExtensible):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197420 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Implement Proxy.[[PreventExtensions]]
sbarati@apple.com [Tue, 1 Mar 2016 23:42:33 +0000 (23:42 +0000)]
[ES6] Implement Proxy.[[PreventExtensions]]
https://bugs.webkit.org/show_bug.cgi?id=154873

Reviewed by Oliver Hunt.

This patch is a direct implementation of Proxy.[[PreventExtensions]] with respect to section 9.5.4
of the ECMAScript 6 spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-preventextensions

* runtime/ProxyObject.cpp:
(JSC::ProxyObject::deletePropertyByIndex):
(JSC::ProxyObject::performPreventExtensions):
(JSC::ProxyObject::preventExtensions):
(JSC::ProxyObject::visitChildren):
* runtime/ProxyObject.h:
* tests/es6.yaml:
* tests/stress/proxy-prevent-extensions.js: Added.
(assert):
(throw.new.Error.let.handler.get preventExtensions):
(throw.new.Error):
(assert.let.handler.preventExtensions):
(assert.):
(let.handler.preventExtensions):
(assert.Object.isSealed.let.handler.preventExtensions):
(assert.Object.isSealed):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197418 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFTL should simplify StringReplace with an empty replacement string
fpizlo@apple.com [Tue, 1 Mar 2016 23:40:46 +0000 (23:40 +0000)]
FTL should simplify StringReplace with an empty replacement string
https://bugs.webkit.org/show_bug.cgi?id=154871

Reviewed by Michael Saboff.

Really add this new test.

* js/regress/script-tests/string-replace-empty.js: Added.
* js/regress/string-replace-empty-expected.txt: Added.
* js/regress/string-replace-empty.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197417 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFTL should simplify StringReplace with an empty replacement string
fpizlo@apple.com [Tue, 1 Mar 2016 23:35:05 +0000 (23:35 +0000)]
FTL should simplify StringReplace with an empty replacement string
https://bugs.webkit.org/show_bug.cgi?id=154871

Reviewed by Michael Saboff.

This is a simple and hugely profitable change. If we do a string.replace(/things/, ""), then
this calls directly into StringPrototype's replace-with-empty-string logic instead of going
through stuff that does checks before reaching that same conclusion.

This speeds up Octane/regexp by about 6-10%. It also speeds up the attached microbenchmark by
about 7%.

* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):
* runtime/StringPrototype.cpp:
(JSC::jsSpliceSubstringsWithSeparators):
(JSC::removeUsingRegExpSearch):
(JSC::replaceUsingRegExpSearch):
(JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
(JSC::operationStringProtoFuncReplaceRegExpString):
* runtime/StringPrototype.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197416 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTimer alignment in separate web processes should not all sync up to the same point.
barraclough@apple.com [Tue, 1 Mar 2016 23:33:36 +0000 (23:33 +0000)]
Timer alignment in separate web processes should not all sync up to the same point.
https://bugs.webkit.org/show_bug.cgi?id=154878

Reviewed by Chris Dumez.

For any given WebContent process it is desirable that timers are synchronized to a single
alignment point, but if all WebContent processes align to the same point then there may
be a thundering herd of processes waking up.

* page/DOMTimer.cpp:
(WebCore::DOMTimer::alignedFireTime):
    - align to a randomized point.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197415 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoReduce size of internal windows build output
commit-queue@webkit.org [Tue, 1 Mar 2016 22:29:39 +0000 (22:29 +0000)]
Reduce size of internal windows build output
https://bugs.webkit.org/show_bug.cgi?id=154763

Patch by Alex Christensen <achristensen@webkit.org> on 2016-03-01
Reviewed by Brent Fulgham.

.:

* Source/cmake/OptionsWin.cmake:

Source/JavaScriptCore:

* JavaScriptCore.vcxproj/JavaScriptCore.proj:

Source/WebCore:

* WebCore.vcxproj/WebCore.proj:

Source/WebKit:

* WebKit.vcxproj/WebKit.proj:

Source/WTF:

* WTF.vcxproj/WTF.proj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197414 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCorrectly keep track of NetworkDataTasks with and without credentials when using...
achristensen@apple.com [Tue, 1 Mar 2016 22:13:00 +0000 (22:13 +0000)]
Correctly keep track of NetworkDataTasks with and without credentials when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154876

Reviewed by Brady Eidson.

I was seeing an assertion failure from ASSERT(!m_session.m_dataTaskMap.contains(taskIdentifier()))
in the NetworkDataTask constructor sometimes.  This is because a task identifier is not enough information
to uniquely find a NetworkDataTask in a NetworkSession since r196034 because there are two NSURLSessions
in a NetworkSession, one with credentials and one without.  The assertion would fire in a case like if we
made the first NetworkDataTask with credentials (taskIdentifier is 1) and the first NetworkDataTask
without credentials before the first NetworkDataTask with credentials was finished.  In that case, the
taskIdentifier would also be 1, which would conflict with the other taskIdentifier.  That taskIdentifier
would uniquely identify the task in the correct NSURLSession, though, so the solution is to keep a map
for each NSURLSession in the NetworkSession.

* NetworkProcess/NetworkDataTask.h:
* NetworkProcess/NetworkSession.h:
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTask::NetworkDataTask):
(WebKit::NetworkDataTask::~NetworkDataTask):
(WebKit::NetworkDataTask::suspend):
(WebKit::serverTrustCredential):
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:didSendBodyData:totalBytesSent:totalBytesExpectedToSend:]):
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:task:didCompleteWithError:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveData:]):
(-[WKNetworkSessionDelegate URLSession:downloadTask:didWriteData:totalBytesWritten:totalBytesExpectedToWrite:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:didBecomeDownloadTask:]):
(WebKit::NetworkSession::clearCredentials):
(WebKit::NetworkSession::dataTaskForIdentifier):
(WebKit::NetworkSession::addDownloadID):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197413 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[[IsExtensible]] should be a virtual method in the method table
sbarati@apple.com [Tue, 1 Mar 2016 21:45:16 +0000 (21:45 +0000)]
[[IsExtensible]] should be a virtual method in the method table
https://bugs.webkit.org/show_bug.cgi?id=154799

Reviewed by Mark Lam.

This patch makes us more consistent with how the ES6 specification models the
[[IsExtensible]] trap. Moving this method into ClassInfo::methodTable
is a prerequisite for implementing Proxy.[[IsExtensible]].

* runtime/ClassInfo.h:
* runtime/JSCell.cpp:
(JSC::JSCell::preventExtensions):
(JSC::JSCell::isExtensible):
* runtime/JSCell.h:
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncProtoSetter):
* runtime/JSObject.cpp:
(JSC::JSObject::preventExtensions):
(JSC::JSObject::isExtensible):
(JSC::JSObject::reifyAllStaticProperties):
(JSC::JSObject::defineOwnIndexedProperty):
(JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
(JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
(JSC::JSObject::defineOwnNonIndexProperty):
(JSC::JSObject::defineOwnProperty):
* runtime/JSObject.h:
(JSC::JSObject::isSealed):
(JSC::JSObject::isFrozen):
(JSC::JSObject::isExtensibleImpl):
(JSC::JSObject::isStructureExtensible):
(JSC::JSObject::isExtensibleInline):
(JSC::JSObject::indexingShouldBeSparse):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::isExtensible): Deleted.
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorSetPrototypeOf):
(JSC::objectConstructorIsSealed):
(JSC::objectConstructorIsFrozen):
(JSC::objectConstructorIsExtensible):
(JSC::objectConstructorIs):
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
* runtime/ReflectObject.cpp:
(JSC::reflectObjectIsExtensible):
(JSC::reflectObjectSetPrototypeOf):
* runtime/SparseArrayValueMap.cpp:
(JSC::SparseArrayValueMap::putEntry):
(JSC::SparseArrayValueMap::putDirect):
* runtime/StringObject.cpp:
(JSC::StringObject::defineOwnProperty):
* runtime/Structure.cpp:
(JSC::Structure::isSealed):
(JSC::Structure::isFrozen):
* runtime/Structure.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197412 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, fix CLOOP build.
fpizlo@apple.com [Tue, 1 Mar 2016 21:40:38 +0000 (21:40 +0000)]
Unreviewed, fix CLOOP build.

* jit/JITOperations.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197411 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Arrow function. Some not used byte code is emited
gskachkov@gmail.com [Tue, 1 Mar 2016 21:28:45 +0000 (21:28 +0000)]
[ES6] Arrow function. Some not used byte code is emited
https://bugs.webkit.org/show_bug.cgi?id=154639

Reviewed by Saam Barati.

Currently bytecode that is generated for arrow function is not optimal.
Current fix removed following unnecessary bytecode:
1.create_lexical_environment not emited always for arrow function, only if some of
features(this/super/arguments/eval) is used inside of the arrow function.
2.load 'this' from arrow function scope in constructor is done only if super
contains in arrow function

* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::isSuperCallUsedInInnerArrowFunction):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::ThisNode::emitBytecode):
(JSC::FunctionNode::emitBytecode):
* parser/Nodes.h:
(JSC::ScopeNode::doAnyInnerArrowFunctionsUseAnyFeature):
* tests/stress/arrowfunction-lexical-bind-supercall-4.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197410 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r154616): Accelerated drawing is off during the initial load
akling@apple.com [Tue, 1 Mar 2016 21:20:46 +0000 (21:20 +0000)]
REGRESSION (r154616): Accelerated drawing is off during the initial load
<https://webkit.org/b/123812>

Reviewed by Tim Horton.

Source/WebCore:

Robustify the hey-the-Settings-changed callbacks in Page to handle document-less frames.
This is needed because now Settings are changed even before the main Frame has a Document.

* page/Page.cpp:
(WebCore::networkStateChanged):
(WebCore::Page::updateStyleForAllPagesAfterGlobalChangeInEnvironment):
(WebCore::Page::takeAnyMediaCanStartListener):
(WebCore::Page::setMediaVolume):
(WebCore::Page::setPageScaleFactor):
(WebCore::Page::invalidateStylesForAllLinks):
(WebCore::Page::invalidateStylesForLink):
(WebCore::Page::dnsPrefetchingStateChanged):
(WebCore::Page::storageBlockingStateChanged):
(WebCore::Page::setMuted):
(WebCore::Page::captionPreferencesChanged):
(WebCore::Page::setSessionID):
(WebCore::Page::setPlaybackTarget):
(WebCore::Page::playbackTargetAvailabilityDidChange):
(WebCore::Page::setShouldPlayToPlaybackTarget):
* page/Settings.cpp:
(WebCore::setImageLoadingSettings):

Source/WebKit2:

Load preferences before instantiating the first DrawingArea. This ensures that we do the
initial paint using accelerated drawing, and avoids allocating persistent data structures
only needed by the software rendering path.

* WebProcess/WebPage/WebPage.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197409 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTurn String.prototype.replace into an intrinsic
fpizlo@apple.com [Tue, 1 Mar 2016 21:18:42 +0000 (21:18 +0000)]
Turn String.prototype.replace into an intrinsic
https://bugs.webkit.org/show_bug.cgi?id=154835

Reviewed by Michael Saboff.

Source/JavaScriptCore:

Octane/regexp spends a lot of time in String.prototype.replace(). That function does a lot
of checks to see if the parameters are what they are likely to often be (a string, a
regexp, and a string). The intuition of this patch is that it's good to remove those checks
and it's good to call the native function as directly as possible.

This yields a 10% speed-up on a replace microbenchmark and a 3% speed-up on Octane/regexp.
It also improves Octane/jquery.

This is only the beginning of what I want to do with replace optimizations. The other
optimizations will rely on StringReplace being revealed as a construct in DFG IR.

* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/SpeculatedType.cpp:
(JSC::dumpSpeculation):
(JSC::speculationToAbbreviatedString):
(JSC::speculationFromClassInfo):
* bytecode/SpeculatedType.h:
(JSC::isStringOrStringObjectSpeculation):
(JSC::isRegExpObjectSpeculation):
(JSC::isBoolInt32Speculation):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::shouldSpeculateStringOrStringObject):
(JSC::DFG::Node::shouldSpeculateRegExpObject):
(JSC::DFG::Node::shouldSpeculateSymbol):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::SafeToExecuteEdge::operator()):
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::speculateFinalObject):
(JSC::DFG::SpeculativeJIT::speculateRegExpObject):
(JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
(JSC::DFG::SpeculativeJIT::speculate):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGUseKind.cpp:
(WTF::printInternal):
* dfg/DFGUseKind.h:
(JSC::DFG::typeFilterFor):
(JSC::DFG::isCell):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):
(JSC::FTL::DFG::LowerDFGToB3::speculate):
(JSC::FTL::DFG::LowerDFGToB3::speculateFinalObject):
(JSC::FTL::DFG::LowerDFGToB3::speculateRegExpObject):
(JSC::FTL::DFG::LowerDFGToB3::speculateString):
* jit/JITOperations.h:
* runtime/Intrinsic.h:
* runtime/JSType.h:
* runtime/RegExpObject.h:
(JSC::RegExpObject::createStructure):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::finishCreation):
(JSC::removeUsingRegExpSearch):
(JSC::replaceUsingRegExpSearch):
(JSC::operationStringProtoFuncReplaceRegExpString):
(JSC::replaceUsingStringSearch):
(JSC::stringProtoFuncRepeat):
(JSC::replace):
(JSC::stringProtoFuncReplace):
(JSC::operationStringProtoFuncReplaceGeneric):
(JSC::stringProtoFuncToString):
* runtime/StringPrototype.h:

LayoutTests:

* js/regress/script-tests/string-replace.js: Added.
* js/regress/string-replace-expected.txt: Added.
* js/regress/string-replace.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197408 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix tests when using NetworkSession
achristensen@apple.com [Tue, 1 Mar 2016 20:00:58 +0000 (20:00 +0000)]
Fix tests when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154866

Reviewed by Brady Eidson.

* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(WebKit::globalCustomProtocolManager):
(WebKit::NetworkSession::setCustomProtocolManager):

Use a static NeverDestroyed instead of a local NeverDestroyed.
This fix was suggested by Darin after I broke the custom protocol tests in r197362.

(WebKit::NetworkSession::clearCredentials):

In r197223 I added code that I thought cleared the credentials of a session, but it was
actually trying (and failing) to remove the credentials from the NSURLCredentialStorage that
were stored with NSURLCredentialPersistencePermanent.
This was causing credentials stored in an NSURLSession with NSURLCredentialPersistenceForSession
to remain for the next tests, and was causing credentials from previous tests, usually from
http/tests/loading/basic-credentials-sent-automatically.html, to be used in future tests.
Creating a new NSURLSession is the equivalent of CredentialStorage::clearCredentials because it
removes all credentials stored with NSURLCredentialPersistenceForSession.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197407 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197056.
commit-queue@webkit.org [Tue, 1 Mar 2016 19:47:31 +0000 (19:47 +0000)]
Unreviewed, rolling out r197056.
https://bugs.webkit.org/show_bug.cgi?id=154870

broke win ews (Requested by alexchristensen on #webkit).

Reverted changeset:

"[cmake] Moved PRE/POST_BUILD_COMMAND to WEBKIT_FRAMEWORK."
https://bugs.webkit.org/show_bug.cgi?id=154651
http://trac.webkit.org/changeset/197056

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197406 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModern IDB: Possible crash deallocating IDBDatabaseInfo/IDBObjectStoreInfo/IDBIndexInfo.
beidson@apple.com [Tue, 1 Mar 2016 19:41:46 +0000 (19:41 +0000)]
Modern IDB: Possible crash deallocating IDBDatabaseInfo/IDBObjectStoreInfo/IDBIndexInfo.
https://bugs.webkit.org/show_bug.cgi?id=154860

Reviewed by Alex Christensen.

Covered by existing tests.

* Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
(WebCore::IDBDatabaseInfo::IDBDatabaseInfo):
(WebCore::IDBDatabaseInfo::isolatedCopy):
* Modules/indexeddb/shared/IDBDatabaseInfo.h:

* Modules/indexeddb/shared/IDBTransactionInfo.cpp:
(WebCore::IDBTransactionInfo::isolatedCopy): If there's an IDBDatabaseInfo to copy,  that
  copy needs to be isolated.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197405 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoExpose MediaElement and VideoElement to the Objective-C DOM bindings
timothy_horton@apple.com [Tue, 1 Mar 2016 18:49:42 +0000 (18:49 +0000)]
Expose MediaElement and VideoElement to the Objective-C DOM bindings
https://bugs.webkit.org/show_bug.cgi?id=154830

Reviewed by Sam Weinig.

Source/WebCore:

* Modules/mediasession/HTMLMediaElementMediaSession.idl:
* Modules/mediastream/HTMLMediaElementMediaStream.idl:
* html/HTMLMediaElement.idl:
* html/HTMLVideoElement.idl:
Avoid Objective-C bindings for various extraneous bits, like MediaSource and MediaSession,
to avoid exposing way more than we need to.

* WebCore.xcodeproj/project.pbxproj:
Add a bunch of Derived Sources.

Source/WebKit/mac:

* MigrateHeaders.make:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197404 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaseline isplaylists/extent-includes tests for mac-wk1
ryanhaddad@apple.com [Tue, 1 Mar 2016 18:33:41 +0000 (18:33 +0000)]
Rebaseline isplaylists/extent-includes tests for mac-wk1

Unreviewed test gardening.

* platform/mac-wk1/displaylists/extent-includes-shadow-expected.txt:
* platform/mac-wk1/displaylists/extent-includes-transforms-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197403 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoNetworkCache: Web process leaks resource buffer when using shareable reasources
carlosgc@webkit.org [Tue, 1 Mar 2016 17:42:35 +0000 (17:42 +0000)]
NetworkCache: Web process leaks resource buffer when using shareable reasources
https://bugs.webkit.org/show_bug.cgi?id=154852

Reviewed by Darin Adler.

ResourceLoader::didReceiveBuffer() expects a PassRefPtr, but we
are passing a raw pointer making PassRefPtr to take another
reference instead of transfering the ownership as expected.

* WebProcess/Network/WebResourceLoader.cpp:
(WebKit::WebResourceLoader::didReceiveResource):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197402 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoText control shadow element style shouldn't depend on renderers
antti@apple.com [Tue, 1 Mar 2016 17:33:47 +0000 (17:33 +0000)]
Text control shadow element style shouldn't depend on renderers
https://bugs.webkit.org/show_bug.cgi?id=154855

Reviewed by Andreas Kling.

Currently the code for computing style for text control shadow elements lives in render tree.
Style is the input for building a render tree and should be computable without having one.

Fix by moving virtual createInnerTextStyle() from RenderTextControl hierarchy to the DOM side
HTMLTextFormControlElement hierarchy.

* dom/Element.cpp:
(WebCore::Element::didDetachRenderers):
(WebCore::Element::customStyleForRenderer):

    Also pass shadow host style as it is needed for text controls.

* dom/Element.h:
* dom/PseudoElement.cpp:
(WebCore::PseudoElement::clearHostElement):
(WebCore::PseudoElement::customStyleForRenderer):
* dom/PseudoElement.h:
* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::setRangeText):
(WebCore::HTMLInputElement::createInnerTextStyle):
(WebCore::HTMLInputElement::setupDateTimeChooserParameters):
* html/HTMLInputElement.h:
* html/HTMLTextAreaElement.cpp:
(WebCore::HTMLTextAreaElement::willRespondToMouseClickEvents):
(WebCore::HTMLTextAreaElement::createInnerTextStyle):
* html/HTMLTextAreaElement.h:
* html/HTMLTextFormControlElement.cpp:
(WebCore::HTMLTextFormControlElement::directionForFormData):
(WebCore::HTMLTextFormControlElement::adjustInnerTextStyle):
* html/HTMLTextFormControlElement.h:
(WebCore::HTMLTextFormControlElement::cachedSelectionDirection):
* html/shadow/TextControlInnerElements.cpp:
(WebCore::TextControlInnerElement::create):
(WebCore::TextControlInnerElement::customStyleForRenderer):
(WebCore::TextControlInnerTextElement::renderer):
(WebCore::TextControlInnerTextElement::customStyleForRenderer):
* html/shadow/TextControlInnerElements.h:
* rendering/RenderTextControl.cpp:
(WebCore::RenderTextControl::styleDidChange):
(WebCore::RenderTextControl::textBlockLogicalHeight):
(WebCore::RenderTextControl::adjustInnerTextStyle): Deleted.
* rendering/RenderTextControl.h:
* rendering/RenderTextControlMultiLine.cpp:
(WebCore::RenderTextControlMultiLine::baselinePosition):
(WebCore::RenderTextControlMultiLine::layoutSpecialExcludedChild):
(WebCore::RenderTextControlMultiLine::createInnerTextStyle): Deleted.

    createInnerTextStyle moves to HTMLTextAreaElement::createInnerTextStyle

* rendering/RenderTextControlMultiLine.h:
* rendering/RenderTextControlSingleLine.cpp:
(WebCore::RenderTextControlSingleLine::RenderTextControlSingleLine):

    Remove m_desiredInnerTextLogicalHeight cache. It doesn't work, it is never valid when hit.

(WebCore::RenderTextControlSingleLine::layout):
(WebCore::RenderTextControlSingleLine::styleDidChange):
(WebCore::RenderTextControlSingleLine::computeControlLogicalHeight):
(WebCore::RenderTextControlSingleLine::textShouldBeTruncated):
(WebCore::RenderTextControlSingleLine::createInnerTextStyle): Deleted.
(WebCore::RenderTextControlSingleLine::createInnerBlockStyle): Deleted.

    - createInnerTextStyle moves to HTMLInputElement::createInnerTextStyle
    - createInnerBlockStyle moves to TextControlInnerElement::customStyleForRenderer

* rendering/RenderTextControlSingleLine.h:
(WebCore::RenderTextControlSingleLine::centerContainerIfNeeded):
(WebCore::RenderTextControlSingleLine::containerElement):
* style/StyleTreeResolver.cpp:
(WebCore::Style::TreeResolver::styleForElement):
* svg/SVGElement.cpp:
(WebCore::SVGElement::synchronizeSystemLanguage):
(WebCore::SVGElement::customStyleForRenderer):
* svg/SVGElement.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197401 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Get rid of GridResolvedPosition
rego@igalia.com [Tue, 1 Mar 2016 16:54:19 +0000 (16:54 +0000)]
[css-grid] Get rid of GridResolvedPosition
https://bugs.webkit.org/show_bug.cgi?id=154818

Reviewed by Darin Adler.

GridResolvedPosition was a small class just wrapping a unsigned.
In the future it should actually wrap an integer,
as we want to support implicit tracks before the explicit grid.

The class itself is not providing any benefit,
so we can get rid of it and store directly 2 unsigned in GridSpan.

This will make simpler future changes related to this task.

We keep the class just as a utility for the methods
that deal with the positions resolution.
But it should be renamed in a follow-up patch.

No new tests, no change of behavior.

* css/CSSGridTemplateAreasValue.cpp:
(WebCore::stringForPosition):
* css/CSSParser.cpp:
(WebCore::CSSParser::parseGridTemplateAreasRow):
* css/StyleBuilderConverter.h:
(WebCore::StyleBuilderConverter::createImplicitNamedGridLinesFromGridArea):
* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
(WebCore::RenderGrid::findFlexFactorUnitSize):
(WebCore::RenderGrid::spanningItemCrossesFlexibleSizedTracks):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
(WebCore::RenderGrid::insertItemIntoGrid):
(WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
(WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid):
(WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
(WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
(WebCore::RenderGrid::gridAreaBreadthForChild):
(WebCore::RenderGrid::gridAreaBreadthForChildIncludingAlignmentOffsets):
(WebCore::RenderGrid::columnAxisOffsetForChild):
(WebCore::RenderGrid::rowAxisOffsetForChild):
* rendering/style/GridCoordinate.h:
(WebCore::GridSpan::definiteGridSpan):
(WebCore::GridSpan::integerSpan):
(WebCore::GridSpan::resolvedInitialPosition):
(WebCore::GridSpan::resolvedFinalPosition):
(WebCore::GridSpan::GridSpanIterator::GridSpanIterator):
(WebCore::GridSpan::GridSpanIterator::operator*):
(WebCore::GridSpan::GridSpanIterator::operator++):
(WebCore::GridSpan::GridSpanIterator::operator!=):
(WebCore::GridSpan::begin):
(WebCore::GridSpan::end):
(WebCore::GridSpan::GridSpan):
* rendering/style/GridResolvedPosition.cpp:
(WebCore::resolveNamedGridLinePositionFromStyle):
(WebCore::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveGridPositionAgainstOppositePosition):
(WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):
(WebCore::resolveGridPositionFromStyle):
(WebCore::GridResolvedPosition::resolveGridPositionsFromStyle):
* rendering/style/GridResolvedPosition.h:
(WebCore::GridResolvedPosition::GridResolvedPosition): Deleted.
(WebCore::GridResolvedPosition::operator*): Deleted.
(WebCore::GridResolvedPosition::operator++): Deleted.
(WebCore::GridResolvedPosition::operator==): Deleted.
(WebCore::GridResolvedPosition::operator!=): Deleted.
(WebCore::GridResolvedPosition::operator<): Deleted.
(WebCore::GridResolvedPosition::operator>): Deleted.
(WebCore::GridResolvedPosition::operator<=): Deleted.
(WebCore::GridResolvedPosition::operator>=): Deleted.
(WebCore::GridResolvedPosition::toInt): Deleted.
(WebCore::GridResolvedPosition::next): Deleted.
(WebCore::GridResolvedPosition::prev): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197400 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMemoryCache::forEachResource() should guard resources across function invocation.
akling@apple.com [Tue, 1 Mar 2016 14:29:18 +0000 (14:29 +0000)]
MemoryCache::forEachResource() should guard resources across function invocation.
<https://webkit.org/b/154846>

Reviewed by Antti Koivisto.

It occurred to me that we should protect the CachedResources from being
deleted while invoking the custom function here, lest we create a giant footgun.

* loader/cache/MemoryCache.cpp:
(WebCore::MemoryCache::forEachResource):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197399 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Mac][cmake] One more unreviewed speculative buildfix after r197375. Just for fun.
ossy@webkit.org [Tue, 1 Mar 2016 11:58:59 +0000 (11:58 +0000)]
[Mac][cmake] One more unreviewed speculative buildfix after r197375. Just for fun.

* PlatformMac.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197398 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Mac][cmake] Unreviewed speculative buildfix after r197375. Just for fun.
ossy@webkit.org [Tue, 1 Mar 2016 11:17:19 +0000 (11:17 +0000)]
[Mac][cmake] Unreviewed speculative buildfix after r197375. Just for fun.

* PlatformMac.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197397 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Fetch API] Support Request and Response blob() when body data is a blob
youenn.fablet@crf.canon.fr [Tue, 1 Mar 2016 10:34:17 +0000 (10:34 +0000)]
[Fetch API] Support Request and Response blob() when body data is a blob
https://bugs.webkit.org/show_bug.cgi?id=154820

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Adding blob specific tests. New tests are not covered yet as they require converting data from a blob into another form (JSON, text...).
Rebasing expectations with test that is now passing and new failing tests.
Fixing typos in test (Json -> JSON and removing TextDecoder use).

* web-platform-tests/fetch/api/request/request-consume-expected.txt:
* web-platform-tests/fetch/api/request/request-consume.html:
* web-platform-tests/fetch/api/response/response-consume-expected.txt:
* web-platform-tests/fetch/api/response/response-consume.html:

Source/WebCore:

Adding support for returning the same Blob that is stored in Body in case JS blob() is called.
Adding support for Blob creation when data is stored as text.
Updated JSDOMBinding and JSDOMPromise to return a JS ArrayBuffer for Vector<char> as well as Vector<unsigned char>.

Covered by added tests.

* Modules/fetch/FetchBody.cpp:
(WebCore::FetchBody::arrayBuffer):
(WebCore::FetchBody::blob):
(WebCore::FetchBody::extractFromText):
* Modules/fetch/FetchBody.h:
* bindings/js/JSDOMBinding.h:
(WebCore::toJS):
* bindings/js/JSDOMPromise.h:
(WebCore::DeferredWrapper::resolve): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197396 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[[PreventExtensions]] should be a virtual method in the method table.
sbarati@apple.com [Tue, 1 Mar 2016 08:11:20 +0000 (08:11 +0000)]
[[PreventExtensions]] should be a virtual method in the method table.
https://bugs.webkit.org/show_bug.cgi?id=154800

Reviewed by Yusuke Suzuki.

This patch makes us more consistent with how the ES6 specification models the
[[PreventExtensions]] trap. Moving this method into ClassInfo::methodTable
is a prerequisite for implementing Proxy.[[PreventExtensions]].

* runtime/ClassInfo.h:
* runtime/JSCell.cpp:
(JSC::JSCell::getGenericPropertyNames):
(JSC::JSCell::preventExtensions):
* runtime/JSCell.h:
* runtime/JSModuleNamespaceObject.cpp:
(JSC::JSModuleNamespaceObject::JSModuleNamespaceObject):
(JSC::JSModuleNamespaceObject::finishCreation):
(JSC::JSModuleNamespaceObject::destroy):
* runtime/JSModuleNamespaceObject.h:
(JSC::JSModuleNamespaceObject::create):
(JSC::JSModuleNamespaceObject::moduleRecord):
* runtime/JSObject.cpp:
(JSC::JSObject::freeze):
(JSC::JSObject::preventExtensions):
(JSC::JSObject::reifyAllStaticProperties):
* runtime/JSObject.h:
(JSC::JSObject::isSealed):
(JSC::JSObject::isFrozen):
(JSC::JSObject::isExtensible):
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorSeal):
(JSC::objectConstructorFreeze):
(JSC::objectConstructorPreventExtensions):
(JSC::objectConstructorIsSealed):
* runtime/ReflectObject.cpp:
(JSC::reflectObjectPreventExtensions):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::preventExtensionsTransition):
* runtime/Structure.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197391 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoThreadedCompositor: clean up composition-specific resources before shutting down...
zandobersek@gmail.com [Tue, 1 Mar 2016 07:39:23 +0000 (07:39 +0000)]
ThreadedCompositor: clean up composition-specific resources before shutting down the thread
https://bugs.webkit.org/show_bug.cgi?id=154793

Reviewed by Carlos Garcia Campos.

* Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:
(WebKit::ThreadedCompositor::runCompositingThread): Before concluding the
compositing thread run, clean up all the resources that were allocated at
the start, and in the reverse order. Specifically, we now also deallocate
the CoordinatedGraphicsScene and the SimpleViewportController objects. This
way these are not deallocated on the main thread when the ThreadedCompositor
destructor would otherwise clean them up.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197390 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoHave parseHTMLInteger() / parseHTMLNonNegativeInteger() use WTF::Optional
cdumez@apple.com [Tue, 1 Mar 2016 07:37:16 +0000 (07:37 +0000)]
Have parseHTMLInteger() / parseHTMLNonNegativeInteger() use WTF::Optional
https://bugs.webkit.org/show_bug.cgi?id=154845

Reviewed by Ryosuke Niwa.

Source/WebCore:

Have parseHTMLInteger() / parseHTMLNonNegativeInteger() use
WTF::Optional.

* dom/Element.cpp:
(WebCore::Element::getIntegralAttribute):
(WebCore::Element::getUnsignedIntegralAttribute):
(WebCore::Element::setUnsignedIntegralAttribute): Deleted.
* html/HTMLElement.cpp:
(WebCore::HTMLElement::parseBorderWidthAttribute):
(WebCore::HTMLElement::parseAttribute):
* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::parseMaxLengthAttribute):
* html/HTMLInputElement.h:
* html/HTMLOListElement.cpp:
(WebCore::HTMLOListElement::parseAttribute):
* html/HTMLTextAreaElement.cpp:
(WebCore::HTMLTextAreaElement::maxLength):
* html/ImageInputType.cpp:
(WebCore::ImageInputType::height):
(WebCore::ImageInputType::width):
* html/parser/HTMLParserIdioms.cpp:
(WebCore::parseHTMLIntegerInternal):
(WebCore::parseHTMLInteger):
(WebCore::parseHTMLNonNegativeInteger):
* html/parser/HTMLParserIdioms.h:
(WebCore::limitToOnlyHTMLNonNegativeNumbersGreaterThanZero):
(WebCore::limitToOnlyHTMLNonNegative):
* svg/SVGElement.cpp:
(WebCore::SVGElement::parseAttribute):

Tools:

Update API tests accordingly.

* TestWebKitAPI/Tests/WebCore/HTMLParserIdioms.cpp:
(TestWebKitAPI::testParseHTMLInteger):
(TestWebKitAPI::parseHTMLIntegerFails):
(TestWebKitAPI::testParseHTMLNonNegativeInteger):
(TestWebKitAPI::parseHTMLNonNegativeIntegerFails):
(TestWebKitAPI::TEST): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197389 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoThreadSafeCoordinatedSurface: remove the unused private create() static method
zandobersek@gmail.com [Tue, 1 Mar 2016 07:36:02 +0000 (07:36 +0000)]
ThreadSafeCoordinatedSurface: remove the unused private create() static method
https://bugs.webkit.org/show_bug.cgi?id=154792

Reviewed by Carlos Garcia Campos.

Remove the static ThreadSafeCoordinatedSurface::create() method that accepted
a std::unique_ptr<ImageBuffer> object as its third parameter. This was not used
anywhere.

* Shared/CoordinatedGraphics/threadedcompositor/ThreadSafeCoordinatedSurface.cpp:
(WebKit::ThreadSafeCoordinatedSurface::create): Deleted.
* Shared/CoordinatedGraphics/threadedcompositor/ThreadSafeCoordinatedSurface.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197388 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTextureMapperGL: simplify TransformationMatrix copies in draw(), beginClip()
zandobersek@gmail.com [Tue, 1 Mar 2016 07:32:29 +0000 (07:32 +0000)]
TextureMapperGL: simplify TransformationMatrix copies in draw(), beginClip()
https://bugs.webkit.org/show_bug.cgi?id=154791

Reviewed by Carlos Garcia Campos.

In both functions, the passed-in model-view matrix is first copied, multiplied
against a rect-to-rect TransformationMatrix, and then assigned into a local
TransformationMatrix variable, which causes another copy due to the multiply()
function returning a reference to the modified object.

To avoid the last copy, first copy the model-view matrix into a local variable,
and multiply the rect-to-rect TransformationMatrix into the new object afterwards.

* platform/graphics/texmap/TextureMapperGL.cpp:
(WebCore::TextureMapperGL::draw):
(WebCore::TextureMapperGL::beginClip):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197387 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImageBufferCairo should support OpenGL ES 2 configurations
zandobersek@gmail.com [Tue, 1 Mar 2016 07:31:44 +0000 (07:31 +0000)]
ImageBufferCairo should support OpenGL ES 2 configurations
https://bugs.webkit.org/show_bug.cgi?id=154790

Reviewed by Carlos Garcia Campos.

When building with OpenGL ES 2 and with accelerated 2D canvas support,
the GLES2 header should be included instead of the OpenGLShims.h header.

The glTexParameterf() calls targeting GL_TEXTURE_WRAP_S and
GL_TEXTURE_WRAP_T parameters should use the GL_CLAMP_TO_EDGE value.
GL_CLAMP isn't available in OpenGL ES 2 and was dropped in OpenGL 3.

* platform/graphics/cairo/ImageBufferCairo.cpp:
(WebCore::ImageBufferData::createCairoGLSurface):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197386 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTextureMapperGL: beginPainting() should handle the PaintingMirrored value in PaintFlags
zandobersek@gmail.com [Tue, 1 Mar 2016 07:30:18 +0000 (07:30 +0000)]
TextureMapperGL: beginPainting() should handle the PaintingMirrored value in PaintFlags
https://bugs.webkit.org/show_bug.cgi?id=154789

Reviewed by Carlos Garcia Campos.

* platform/graphics/texmap/TextureMapperGL.cpp:
(WebCore::TextureMapperGL::beginPainting): The ClipStack should be reset with
a Y-axis mode that corresponds to the presence of the PaintingMirrored value in
the passed-in PaintFlags argument. If present, the default Y-axis mode should be
used, and the inverted Y-axis otherwise.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197385 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCoordinatedGraphicsLayer should override the inherited TextureMapperPlatformLayer...
zandobersek@gmail.com [Tue, 1 Mar 2016 07:28:42 +0000 (07:28 +0000)]
CoordinatedGraphicsLayer should override the inherited TextureMapperPlatformLayer::Client methods
https://bugs.webkit.org/show_bug.cgi?id=154788

Reviewed by Carlos Garcia Campos.

* platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
Add the override specifiers for the two methods that are inherited
from the TextureMapperPlatformLayer::Client interface.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197384 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] Private symbols should not be trapped by proxy handler
utatane.tea@gmail.com [Tue, 1 Mar 2016 03:48:36 +0000 (03:48 +0000)]
[JSC] Private symbols should not be trapped by proxy handler
https://bugs.webkit.org/show_bug.cgi?id=154817

Reviewed by Mark Lam.

Since the runtime has some assumptions on the properties associated with the private symbols, ES6 Proxy should not trap these property operations.
For example, in ArrayIteratorPrototype.js

    var itemKind = this.@arrayIterationKind;
    if (itemKind === @undefined)
        throw new @TypeError("%ArrayIteratorPrototype%.next requires that |this| be an Array Iterator instance");

Here, we assume that only the array iterator has the @arrayIterationKind property that value is non-undefined.
But If we implement Proxy with the get handler, that returns a non-undefined value for every operations, we accidentally assumes that the given value is an array iterator.

To avoid these situation, we perform the default operations onto property operations with private symbols.

* runtime/ProxyObject.cpp:
(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::performPut):
(JSC::ProxyObject::performDelete):
(JSC::ProxyObject::deleteProperty):
(JSC::ProxyObject::deletePropertyByIndex):
* tests/stress/proxy-basic.js:
* tests/stress/proxy-with-private-symbols.js: Added.
(assert):
(let.handler.getOwnPropertyDescriptor):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197383 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove the experimental feature of antialiased font dilation
simon.fraser@apple.com [Tue, 1 Mar 2016 03:42:41 +0000 (03:42 +0000)]
Remove the experimental feature of antialiased font dilation
https://bugs.webkit.org/show_bug.cgi?id=154843

Reviewed by Zalan Bujtas.
Source/WebCore:

Remove the "antialiased font dilation" code path, and related prefs.

* page/Settings.cpp:
(WebCore::Settings::Settings): Deleted.
(WebCore::Settings::setAntialiasedFontDilationEnabled): Deleted.
* page/Settings.h:
(WebCore::Settings::antialiasedFontDilationEnabled): Deleted.
* platform/graphics/FontCascade.cpp:
(WebCore::FontCascade::setAntialiasedFontDilationEnabled): Deleted.
(WebCore::FontCascade::antialiasedFontDilationEnabled): Deleted.
* platform/graphics/FontCascade.h:
* platform/graphics/GraphicsContext.cpp:
(WebCore::GraphicsContextStateChange::changesFromState): Deleted.
(WebCore::GraphicsContextStateChange::accumulate): Deleted.
(WebCore::GraphicsContextStateChange::apply): Deleted.
(WebCore::GraphicsContextStateChange::dump): Deleted.
(WebCore::GraphicsContext::setAntialiasedFontDilationEnabled): Deleted.
* platform/graphics/GraphicsContext.h:
(WebCore::GraphicsContextState::GraphicsContextState): Deleted.
(WebCore::GraphicsContext::antialiasedFontDilationEnabled): Deleted.
* platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
(PlatformCALayer::drawLayerContents): Deleted.
* platform/graphics/cocoa/FontCascadeCocoa.mm:
(WebCore::dilationSizeForTextColor): Deleted.
(WebCore::FontCascade::drawGlyphs): Deleted.
* platform/graphics/displaylists/DisplayList.cpp:
(WebCore::DisplayList::DisplayList::shouldDumpForFlags): Deleted.

Source/WebKit/mac:

Remove the "antialiased font dilation" code path, and related prefs.

* WebView/WebPreferenceKeysPrivate.h:
* WebView/WebPreferences.mm:
(+[WebPreferences initialize]): Deleted.
(-[WebPreferences setAntialiasedFontDilationEnabled:]): Deleted.
(-[WebPreferences antialiasedFontDilationEnabled]): Deleted.
* WebView/WebPreferencesPrivate.h:
* WebView/WebView.mm:
(-[WebView _preferencesChanged:]): Deleted.

Source/WebKit2:

Remove the "antialiased font dilation" code path, and related prefs.

* Shared/WebPreferencesDefinitions.h:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetAntialiasedFontDilationEnabled):
(WKPreferencesGetAntialiasedFontDilationEnabled):
* UIProcess/API/C/WKPreferencesRefPrivate.h:
* UIProcess/API/Cocoa/WKPreferences.mm:
(-[WKPreferences _antialiasedFontDilationEnabled]): Deleted.
(-[WKPreferences _setAntialiasedFontDilationEnabled:]): Deleted.
* UIProcess/API/Cocoa/WKPreferencesPrivate.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences): Deleted.

Tools:

Remove the "antialiased font dilation" code path, and related prefs.

* DumpRenderTree/mac/DumpRenderTree.mm:
(resetWebPreferencesToConsistentValues): Deleted.
* WebKitTestRunner/TestController.cpp:
(WTR::TestController::resetPreferencesToConsistentValues): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197382 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoregress/script-tests/double-pollution-putbyoffset.js.ftl-eager timed out because...
fpizlo@apple.com [Tue, 1 Mar 2016 03:18:59 +0000 (03:18 +0000)]
regress/script-tests/double-pollution-putbyoffset.js.ftl-eager timed out because of a lock ordering deadlock involving InferredType and CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=154841

Reviewed by Benjamin Poulain.

Here's the deadlock:

Main thread:
    1) Change an InferredType.  This acquires InferredType::m_lock.
    2) Fire watchpoint set.  This triggers CodeBlock invalidation, which acquires
       CodeBlock::m_lock.

DFG thread:
    1) Iterate over the information in a CodeBlock.  This acquires CodeBlock::m_lock.
    2) Ask an InferredType for its descriptor().  This acquires InferredType::m_lock.

I think that the DFG thread's ordering should be legal, because the best logic for lock
hierarchies is that locks that protect the largest set of stuff should be acquired first.

This means that the main thread shouldn't be holding the InferredType::m_lock when firing
watchpoint sets.  That's what this patch ensures.

At the time of writing, this test was deadlocking for me on trunk 100% of the time.  With
this change I cannot get it to deadlock.

* runtime/InferredType.cpp:
(JSC::InferredType::willStoreValueSlow):
(JSC::InferredType::makeTopSlow):
(JSC::InferredType::set):
(JSC::InferredType::removeStructure):
(JSC::InferredType::InferredStructureWatchpoint::fireInternal):
* runtime/InferredType.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197381 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[DFG][FTL][B3] Support floor and ceil
utatane.tea@gmail.com [Tue, 1 Mar 2016 02:30:46 +0000 (02:30 +0000)]
[DFG][FTL][B3] Support floor and ceil
https://bugs.webkit.org/show_bug.cgi?id=154683

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch implements and fixes the following things.

1. Implement Ceil and Floor in DFG, FTL and B3

x86 SSE 4.2 and ARM64 have round instructions that can directly perform Ceil or Floor.
This patch leverages this functionality. We introduce ArithFloor and ArithCeil.
During DFG phase, these nodes attempt to convert itself to Identity (in Fixup phase).
As the same to ArithRound, it tracks arith rounding mode.
And if these nodes are required to emit machine codes, we emit rounding machine code
if it is supported in the current machine. For example, in x86, we emit `round`.

This `Floor` functionality is nice for @toInteger in builtin.
That is used for Array.prototype.{forEach, map, every, some, reduce...}
And according to the benchmark results, Kraken audio-oscillator is slightly improved
due to its frequent Math.round and Math.floor calls.

2. Implement Floor in B3 and Air

As the same to Ceil in B3, we add a new B3 IR and Air opcode, Floor.
This Floor is leveraged to implement ArithFloor in DFG.

3. Fix ArithRound operation

Currently, we used cvtsd2si (in x86) to convert double value to int32.
And we also used this to implement Math.round, like, cvtsd2si(value + 0.5).
However, this implementation is not correct. Because cvtsd2si is not floor operation.
It is trucate operation. This is OK for positive numbers. But NG for negative numbers.
For example, the current implementation accidentally rounds `-0.6` to `-0.0`. This should be `-1.0`.
Using Ceil and Floor instructions, we implement correct ArithRound.

* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::supportsFloatingPointRounding):
(JSC::MacroAssemblerARM::ceilDouble):
(JSC::MacroAssemblerARM::floorDouble):
(JSC::MacroAssemblerARM::supportsFloatingPointCeil): Deleted.
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::supportsFloatingPointRounding):
(JSC::MacroAssemblerARM64::floorFloat):
(JSC::MacroAssemblerARM64::supportsFloatingPointCeil): Deleted.
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::supportsFloatingPointRounding):
(JSC::MacroAssemblerARMv7::ceilDouble):
(JSC::MacroAssemblerARMv7::floorDouble):
(JSC::MacroAssemblerARMv7::supportsFloatingPointCeil): Deleted.
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::ceilDouble):
(JSC::MacroAssemblerMIPS::floorDouble):
(JSC::MacroAssemblerMIPS::supportsFloatingPointRounding):
(JSC::MacroAssemblerMIPS::supportsFloatingPointCeil): Deleted.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::supportsFloatingPointRounding):
(JSC::MacroAssemblerSH4::ceilDouble):
(JSC::MacroAssemblerSH4::floorDouble):
(JSC::MacroAssemblerSH4::supportsFloatingPointCeil): Deleted.
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::floorDouble):
(JSC::MacroAssemblerX86Common::floorFloat):
(JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
(JSC::MacroAssemblerX86Common::supportsFloatingPointCeil): Deleted.
* b3/B3ConstDoubleValue.cpp:
(JSC::B3::ConstDoubleValue::floorConstant):
* b3/B3ConstDoubleValue.h:
* b3/B3ConstFloatValue.cpp:
(JSC::B3::ConstFloatValue::floorConstant):
* b3/B3ConstFloatValue.h:
* b3/B3LowerMacrosAfterOptimizations.cpp:
* b3/B3LowerToAir.cpp:
(JSC::B3::Air::LowerToAir::lower):
* b3/B3Opcode.cpp:
(WTF::printInternal):
* b3/B3Opcode.h:
* b3/B3ReduceDoubleToFloat.cpp:
* b3/B3ReduceStrength.cpp:
* b3/B3Validate.cpp:
* b3/B3Value.cpp:
(JSC::B3::Value::floorConstant):
(JSC::B3::Value::isRounded):
(JSC::B3::Value::effects):
(JSC::B3::Value::key):
(JSC::B3::Value::typeFor):
* b3/B3Value.h:
* b3/air/AirFixPartialRegisterStalls.cpp:
* b3/air/AirOpcode.opcodes:
* b3/testb3.cpp:
(JSC::B3::testFloorCeilArg):
(JSC::B3::testFloorArg):
(JSC::B3::testFloorImm):
(JSC::B3::testFloorMem):
(JSC::B3::testFloorFloorArg):
(JSC::B3::testCeilFloorArg):
(JSC::B3::testFloorIToD64):
(JSC::B3::testFloorIToD32):
(JSC::B3::testFloorArgWithUselessDoubleConversion):
(JSC::B3::testFloorArgWithEffectfulDoubleConversion):
(JSC::B3::run):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGArithMode.cpp:
(WTF::printInternal):
* dfg/DFGArithMode.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::roundShouldSpeculateInt32):
* dfg/DFGNode.h:
(JSC::DFG::Node::arithNodeFlags):
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::hasArithRoundingMode):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileArithRounding):
(JSC::DFG::SpeculativeJIT::compileArithRound): Deleted.
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileArithRound):
(JSC::FTL::DFG::LowerDFGToB3::compileArithFloor):
(JSC::FTL::DFG::LowerDFGToB3::compileArithCeil):
* ftl/FTLOutput.h:
(JSC::FTL::Output::doubleFloor):
* jit/ThunkGenerators.cpp:
(JSC::ceilThunkGenerator):
* tests/stress/math-ceil-arith-rounding-mode.js: Added.
(firstCareAboutZeroSecondDoesNot):
(firstDoNotCareAboutZeroSecondDoes):
(warmup):
(verifyNegativeZeroIsPreserved):
* tests/stress/math-ceil-basics.js: Added.
(mathCeilOnIntegers):
(mathCeilOnDoubles):
(mathCeilOnBooleans):
(uselessMathCeil):
(mathCeilWithOverflow):
(mathCeilConsumedAsDouble):
(mathCeilDoesNotCareAboutMinusZero):
(mathCeilNoArguments):
(mathCeilTooManyArguments):
(testMathCeilOnConstants):
(mathCeilStructTransition):
(Math.ceil):
* tests/stress/math-floor-arith-rounding-mode.js: Added.
(firstCareAboutZeroSecondDoesNot):
(firstDoNotCareAboutZeroSecondDoes):
(warmup):
(verifyNegativeZeroIsPreserved):
* tests/stress/math-floor-basics.js: Added.
(mathFloorOnIntegers):
(mathFloorOnDoubles):
(mathFloorOnBooleans):
(uselessMathFloor):
(mathFloorWithOverflow):
(mathFloorConsumedAsDouble):
(mathFloorDoesNotCareAboutMinusZero):
(mathFloorNoArguments):
(mathFloorTooManyArguments):
(testMathFloorOnConstants):
(mathFloorStructTransition):
(Math.floor):
* tests/stress/math-round-should-not-use-truncate.js: Added.
(mathRoundDoesNotCareAboutMinusZero):
* tests/stress/math-rounding-infinity.js: Added.
(shouldBe):
(testRound):
(testFloor):
(testCeil):
* tests/stress/math-rounding-nan.js: Added.
(shouldBe):
(testRound):
(testFloor):
(testCeil):
* tests/stress/math-rounding-negative-zero.js: Added.
(shouldBe):
(testRound):
(testFloor):
(testCeil):
(testRoundNonNegativeZero):
(testRoundNonNegativeZero2):

Websites/webkit.org:

* docs/b3/intermediate-representation.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197380 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd new MethodTable method to get an estimated size for a cell
commit-queue@webkit.org [Tue, 1 Mar 2016 02:07:12 +0000 (02:07 +0000)]
Add new MethodTable method to get an estimated size for a cell
https://bugs.webkit.org/show_bug.cgi?id=154838

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-29
Reviewed by Filip Pizlo.

The new class method estimatedSize(JSCell*) estimates the size for a single cell.
As the name implies, this is meant to be an approximation. It is more important
that big objects report a large size, then to get perfect size information for
all objects in the heap.

    Base implementation (JSCell):
      - returns the MarkedBlock bucket size for this cell.
      - This gets us the object size include inline storage. Basically a better sizeof.

    Subclasses with "Extra Memory Cost":
      - Any class that reports extra memory (reportExtraMemoryVisited) should include that in the estimated size.
      - E.g. CodeBlock, JSGenericTypedArrayView, WeakMapData, etc.

    Subclasses with "Copied Space" storage:
      - Any class with data in copied space (copyBackingStore) should include that in the estimated size.
      - E.g. JSObject, JSGenericTypedArrayView, JSMap, JSSet, DirectArguments, etc.

Add reportExtraMemoryVisited for UnlinkedCodeBlock's compressed unlinked
instructions because this can be larger than 1kb, which is significant.

This has one special case for RegExp generated bytecode / JIT code, which
does not currently fall into the extra memory cost or copied space storage.
In practice I haven't seen this grow to a significant cost.

* runtime/ClassInfo.h:
Add the new estimatedSize method to the table.

* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::visitChildren):
(JSC::UnlinkedCodeBlock::estimatedSize):
(JSC::UnlinkedCodeBlock::setInstructions):
* bytecode/UnlinkedCodeBlock.h:
Report an extra memory cost for unlinked code blocks like
we do for linked code blocks.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::estimatedSize):
* bytecode/CodeBlock.h:
* bytecode/UnlinkedInstructionStream.cpp:
(JSC::UnlinkedInstructionStream::sizeInBytes):
* bytecode/UnlinkedInstructionStream.h:
* runtime/DirectArguments.cpp:
(JSC::DirectArguments::estimatedSize):
* runtime/DirectArguments.h:
* runtime/JSCell.cpp:
(JSC::JSCell::estimatedSizeInBytes):
(JSC::JSCell::estimatedSize):
* runtime/JSCell.h:
* runtime/JSGenericTypedArrayView.h:
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::estimatedSize):
* runtime/JSMap.cpp:
(JSC::JSMap::estimatedSize):
* runtime/JSMap.h:
* runtime/JSObject.cpp:
(JSC::JSObject::visitButterfly):
* runtime/JSObject.h:
* runtime/JSSet.cpp:
(JSC::JSSet::estimatedSize):
* runtime/JSSet.h:
* runtime/JSString.cpp:
(JSC::JSString::estimatedSize):
* runtime/JSString.h:
* runtime/MapData.h:
(JSC::MapDataImpl::capacityInBytes):
* runtime/WeakMapData.cpp:
(JSC::WeakMapData::estimatedSize):
(JSC::WeakMapData::visitChildren):
* runtime/WeakMapData.h:
Implement estimated size following the pattern of reporting
extra visited size, or copy space memory.

* runtime/RegExp.cpp:
(JSC::RegExp::estimatedSize):
* runtime/RegExp.h:
* yarr/YarrInterpreter.h:
(JSC::Yarr::ByteDisjunction::estimatedSizeInBytes):
(JSC::Yarr::BytecodePattern::estimatedSizeInBytes):
* yarr/YarrJIT.h:
(JSC::Yarr::YarrCodeBlock::size):
Include generated bytecode / JITCode to a RegExp's size.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197379 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking webgl/1.0.2/conformance/extensions/get-extension.html as flaky on mac, removi...
ryanhaddad@apple.com [Tue, 1 Mar 2016 01:36:09 +0000 (01:36 +0000)]
Marking webgl/1.0.2/conformance/extensions/get-extension.html as flaky on mac, removing wk1 specific flakiness expectation.
https://bugs.webkit.org/show_bug.cgi?id=152506

Unreviewed test gardening.

* platform/mac-wk1/TestExpectations:
* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197378 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange.html as...
ryanhaddad@apple.com [Tue, 1 Mar 2016 01:16:45 +0000 (01:16 +0000)]
Marking storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange.html as flaky on mac
https://bugs.webkit.org/show_bug.cgi?id=154748

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197377 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRe-enable passing fast/multicol/newmulticol tests on ios-simulator
ryanhaddad@apple.com [Tue, 1 Mar 2016 00:54:15 +0000 (00:54 +0000)]
Re-enable passing fast/multicol/newmulticol tests on ios-simulator

Unreviewed test gardening.

* platform/ios-simulator-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197376 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRefactor CoreVideo API access into their own classes so code can be re-used.
jer.noble@apple.com [Tue, 1 Mar 2016 00:44:53 +0000 (00:44 +0000)]
Refactor CoreVideo API access into their own classes so code can be re-used.
https://bugs.webkit.org/show_bug.cgi?id=154544

Reviewed by Eric Carlson.

In order for common CoreVideo code paths to be re-used in other classes, pull those paths
out of MediaPlayerPrivateAVFoundationObjC and into re-usable clasess.

* WebCore.xcodeproj/project.pbxproj:
* platform/cf/CoreMediaSoftLink.cpp:
* platform/cf/CoreMediaSoftLink.h:
* platform/cocoa/CoreVideoSoftLink.cpp: Added.
* platform/cocoa/CoreVideoSoftLink.h: Added.
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::createPixelBuffer):
(WebCore::MediaPlayerPrivateAVFoundationObjC::updateLastImage):
(WebCore::MediaPlayerPrivateAVFoundationObjC::copyVideoTextureToPlatformTexture):
(WebCore::CVPixelBufferGetBytePointerCallback): Deleted.
(WebCore::CVPixelBufferReleaseBytePointerCallback): Deleted.
(WebCore::CVPixelBufferReleaseInfoCallback): Deleted.
(WebCore::createImageFromPixelBuffer): Deleted.
(WebCore::enumToStringMap): Deleted.
* platform/graphics/cv/PixelBufferConformerCV.cpp: Added.
(WebCore::PixelBufferConformerCV::PixelBufferConformerCV):
(WebCore::CVPixelBufferGetBytePointerCallback):
(WebCore::CVPixelBufferReleaseBytePointerCallback):
(WebCore::CVPixelBufferReleaseInfoCallback):
(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer):
* platform/graphics/cv/PixelBufferConformerCV.h: Added.
* platform/graphics/cv/TextureCacheCV.h: Added.
(WebCore::TextureCacheCV::context):
* platform/graphics/cv/TextureCacheCV.mm: Added.
(WebCore::TextureCacheCV::create):
(WebCore::TextureCacheCV::TextureCacheCV):
(WebCore::TextureCacheCV::textureFromImage):
* platform/graphics/cv/VideoTextureCopierCV.cpp: Added.
(WebCore::VideoTextureCopierCV::VideoTextureCopierCV):
(WebCore::VideoTextureCopierCV::~VideoTextureCopierCV):
(WebCore::enumToStringMap):
(WebCore::VideoTextureCopierCV::copyVideoTextureToPlatformTexture):
* platform/graphics/cv/VideoTextureCopierCV.h: Added.
(WebCore::VideoTextureCopierCV::context):
* platform/mediastream/mac/AVVideoCaptureSource.mm: Move SOFT_LINK declarations into CoreVideoSoftLink.h/cpp.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197375 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSpeculatedType should be easier to edit
fpizlo@apple.com [Tue, 1 Mar 2016 00:39:20 +0000 (00:39 +0000)]
SpeculatedType should be easier to edit
https://bugs.webkit.org/show_bug.cgi?id=154840

Reviewed by Mark Lam.

We used to specify the bitmasks in SpeculatedType.h using hex codes. This used to work
great because we didn't have so many masks and you could use the mask to visually see
which ones overlapped. It also made it easy to visualize subset relationships.

But now we have a lot of masks with a lot of confusing overlaps, and it's no longer
possible to just see their relationship by looking at hex codes. Worse, the use of hex
codes makes it super annoying to move the bits around. For example, right now we have two
bits free, but if we wanted to reclaim them by editing the old hex masks, it would be a
nightmare.

So this patch replaces the hex masks with shift expressions (1u << 15 for example) and it
makes any derived masks (i.e. masks that are the bit-or of other masks) be expressed using
an or expression (SpecFoo | SpecBar | SpecBaz for example).

This makes it easier to see the relationships and it makes it easier to take bits for new
types.

* bytecode/SpeculatedType.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197374 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix timing flakiness in test I added in http://trac.webkit.org/changeset/197372
beidson@apple.com [Tue, 1 Mar 2016 00:08:27 +0000 (00:08 +0000)]
Fix timing flakiness in test I added in trac.webkit.org/changeset/197372

Unreviewed.

* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-1.html:
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-2.html:
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess.mm:
(TEST): Sometimes a third message from the first html file was leaking through. The message is expected
  so we should always wait for it and make sure we got it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197373 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModern IDB: WebKit 2 IPC layer easily confused about multiple web processes being...
beidson@apple.com [Mon, 29 Feb 2016 23:13:35 +0000 (23:13 +0000)]
Modern IDB: WebKit 2 IPC layer easily confused about multiple web processes being connected.
https://bugs.webkit.org/show_bug.cgi?id=154837

Reviewed by Alex Christensen.

Source/WebKit2:

The crux of the bug is that WebProcesses cannot assign themselves server-unique identifiers...
The server must do that for them.

A once-per-session-per-WebProcess sync message and a few updates to connection management fix this.

* DatabaseProcess/DatabaseToWebProcessConnection.cpp:
(WebKit::DatabaseToWebProcessConnection::didReceiveSyncMessage):
(WebKit::generateConnectionToServerIdentifier):
(WebKit::DatabaseToWebProcessConnection::establishIDBConnectionToServer):
* DatabaseProcess/DatabaseToWebProcessConnection.h:
* DatabaseProcess/DatabaseToWebProcessConnection.messages.in:

* WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:
(WebKit::WebIDBConnectionToServer::WebIDBConnectionToServer):
(WebKit::generateConnectionToServerIdentifier): Deleted.

* WebProcess/Databases/WebToDatabaseProcessConnection.cpp:
(WebKit::WebToDatabaseProcessConnection::didReceiveMessage):
(WebKit::WebToDatabaseProcessConnection::idbConnectionToServerForSession):
* WebProcess/Databases/WebToDatabaseProcessConnection.h:

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-1.html: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-2.html: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess.mm: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197372 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Add direct number inputs to Bezier editor
commit-queue@webkit.org [Mon, 29 Feb 2016 23:06:58 +0000 (23:06 +0000)]
Web Inspector: Add direct number inputs to Bezier editor
https://bugs.webkit.org/show_bug.cgi?id=154809
<rdar://problem/24881465>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-02-29
Reviewed by Timothy Hatcher.

* UserInterface/Base/Main.js:
(WebInspector._updateWindowKeydownListener):
Now only adds the shared event listener when the first keydown listener
is added via WebInspector.addWindowKeydownListener

* UserInterface/Controllers/CodeMirrorBezierEditingController.js:
(WebInspector.CodeMirrorBezierEditingController.prototype.popoverDidDismiss):

* UserInterface/Controllers/CodeMirrorEditingController.js:
(WebInspector.CodeMirrorEditingController.prototype.popoverDidDismiss):
(WebInspector.CodeMirrorEditingController.prototype.didDismissPopover):
Added function that is called when the popover is dismissed so that
removing event listeners is possible.

* UserInterface/Views/BezierEditor.css:
(.bezier-editor):
(.bezier-editor > .number-input-container):
(.bezier-editor > .number-input-container > input):

* UserInterface/Views/BezierEditor.js:
(WebInspector.BezierEditor.createControl):
(WebInspector.BezierEditor.createBezierInput):
(WebInspector.BezierEditor):
Added usage of Element.prototype.createChild for ease of readability.
Also added input elements for manually changing the values of each bezier
point's x and y values.

(WebInspector.BezierEditor.prototype.set bezier):
(WebInspector.BezierEditor.prototype.removeListeners):
(WebInspector.BezierEditor.prototype._handleMousedown):
(WebInspector.BezierEditor.prototype._updateBezier):
(WebInspector.BezierEditor.prototype._updateBezierPreview):
(WebInspector.BezierEditor.prototype._triggerPreviewAnimation):
(WebInspector.BezierEditor.prototype._handleNumberInputInput):
(WebInspector.BezierEditor.prototype._handleNumberInputKeydown):
(WebInspector.BezierEditor.prototype._changeBezierForInput):
Refactored code to make it more reusable, as well as adding event listeners
to the newly created inputs, including value chaning from the arrow keys.

* UserInterface/Views/CSSStyleDeclarationTextEditor.js:
(WebInspector.CSSStyleDeclarationTextEditor.prototype.didDismissPopover): Deleted.
Removed unused code.

* UserInterface/Views/InlineSwatch.js:
(WebInspector.InlineSwatch):
(WebInspector.InlineSwatch.prototype.didDismissPopover):
Removes any global event listeners added by the current editor if able.

(WebInspector.InlineSwatch.prototype._swatchElementClicked):
Now saves the current editor object as a member variable.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197371 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoOverridesHasInstance constant folding is wrong
keith_miller@apple.com [Mon, 29 Feb 2016 22:45:16 +0000 (22:45 +0000)]
OverridesHasInstance constant folding is wrong
https://bugs.webkit.org/show_bug.cgi?id=154833

Reviewed by Filip Pizlo.

The current implementation of OverridesHasInstance constant folding
is incorrect. Since it relies on OSR exit information it has been
moved to the StrengthReductionPhase. Normally, such an optimazation would be
put in FixupPhase, however, there are a number of cases where we don't
determine an edge of OverridesHasInstance is a constant until after fixup.
Performing the optimization during StrengthReductionPhase means we can defer
our decision until later.

In the future we should consider creating a version of this optimization
that does not depend on OSR exit information and move the optimization back
to ConstantFoldingPhase.

* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197370 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemoving unnecessary ios-simulator-wk2 expectation file.
ryanhaddad@apple.com [Mon, 29 Feb 2016 22:41:06 +0000 (22:41 +0000)]
Removing unnecessary ios-simulator-wk2 expectation file.

Unreviewed test gardening.

* platform/ios-simulator-wk2/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/type-change-state-expected.txt: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197369 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaseline imported/w3c/web-platform-tests/html/dom/reflection-forms.html after r197355
ryanhaddad@apple.com [Mon, 29 Feb 2016 22:37:10 +0000 (22:37 +0000)]
Rebaseline imported/w3c/web-platform-tests/html/dom/reflection-forms.html after r197355

Unreviewed test gardening.

* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-forms-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197368 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaseline imported/w3c/web-platform-tests/html/dom/reflection-embedded.html for...
ryanhaddad@apple.com [Mon, 29 Feb 2016 22:37:08 +0000 (22:37 +0000)]
Rebaseline imported/w3c/web-platform-tests/html/dom/reflection-embedded.html for ios-simulator after r197237

Unreviewed test gardening.

* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-embedded-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197367 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoB3 should have global store elimination
fpizlo@apple.com [Mon, 29 Feb 2016 22:33:58 +0000 (22:33 +0000)]
B3 should have global store elimination
https://bugs.webkit.org/show_bug.cgi?id=154658

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Implements fairly comprehensive global store elimination:

1) If you store the result of a load with no interference in between, remove the store.

2) If you store the same thing you stored previously, remove the store.

3) If you store something that you either loaded previously or stored previously along
   arbitrarily many paths, remove the store.

4) If you store to something that is stored to again in the future with no interference in
   between, remove the store.

Rule (4) is super relevant to FTL since the DFG does not eliminate redundant PutStructures.
A constructor that produces a large object will have many redundant stores to the same base
pointer, offset, and heap range, with no code to observe that heap raneg in between.

This doesn't have a decisive effect on major benchmarks, but it's an enormous win for
microbenchmarks:

- 30% faster to construct an object with many fields.

- 5x faster to do many stores to a global variable.

The compile time cost should be very small. Although the optimization is global, it aborts as
soon as it sees anything that would confound store elimination. For rules (1)-(3), we
piggy-back the existing load elimination, which gives up on interfering stores. For rule (4),
we search forward through the current block and then globally a block at a time (skipping
block contents thanks to summary data), which could be expensive. But rule (4) aborts as soon
as it sees a read, write, or end block (Return or Oops). Any Check will claim to read TOP. Any
Patchpoint that results from an InvalidationPoint will claim to read TOP, as will any
Patchpoints for ICs. Those are usually sprinkled all over the program.

In other words, this optimization rarely kicks in. When it does kick in, it makes programs run
faster. When it doesn't kick in, it's usually O(1) because there are reasons for aborting all
over a "normal" program so the search will halt almost immediately. This of course raises the
question: how much more in compile time do we pay when the optimization does kick in? The
optimization kicks in the most for the microbenchmarks I wrote for this patch. Amazingly, the
effect of the optimization a wash for compile time: whatever cost we pay doing the O(n^2)
searches is balanced by the massive reduction in work in the backend. On one of the two
microbenchmarks, overall compile time actually shrank with this optimization even though CSE
itself cost more. That's not too surprising - the backend costs much more per instruction, so
things that remove instructions before we get to the backend tend to be a good idea.

We could consider adding a more aggressive version of this in the future, which could sink
stores into checks. That could be crazy fun: https://bugs.webkit.org/show_bug.cgi?id=152162#c3

But mainly, I'm adding this optimization because it was super fun to implement during the
WebAssembly CG summit.

* b3/B3EliminateCommonSubexpressions.cpp:
* b3/B3MemoryValue.h:
* b3/B3SuccessorCollection.h:
(JSC::B3::SuccessorCollection::begin):
(JSC::B3::SuccessorCollection::end):
(JSC::B3::SuccessorCollection::const_iterator::const_iterator):
(JSC::B3::SuccessorCollection::const_iterator::operator*):
(JSC::B3::SuccessorCollection::const_iterator::operator++):
(JSC::B3::SuccessorCollection::const_iterator::operator==):
(JSC::B3::SuccessorCollection::const_iterator::operator!=):

LayoutTests:

These two benchmarks both speed up significantly with this change.

* js/regress/build-large-object-expected.txt: Added.
* js/regress/build-large-object.html: Added.
* js/regress/many-repeat-stores-expected.txt: Added.
* js/regress/many-repeat-stores.html: Added.
* js/regress/script-tests/build-large-object.js: Added.
* js/regress/script-tests/many-repeat-stores.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197366 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMake it cheap to #include "JITOperations.h"
fpizlo@apple.com [Mon, 29 Feb 2016 22:14:59 +0000 (22:14 +0000)]
Make it cheap to #include "JITOperations.h"
https://bugs.webkit.org/show_bug.cgi?id=154836

Reviewed by Mark Lam.

Prior to this change, this header included the whole world even though it did't have any
definitions. This patch turns almost all of the includes into forward declarations. Right
now this header is very cheap to include.

* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGSpeculativeJIT.h:
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/Repatch.h:
* runtime/CommonSlowPaths.h:
(JSC::encodeResult): Deleted.
(JSC::decodeResult): Deleted.
* runtime/SlowPathReturnType.h: Added.
(JSC::encodeResult):
(JSC::decodeResult):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197365 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse WTF::Optional for HTMLOListElement::m_start
cdumez@apple.com [Mon, 29 Feb 2016 21:32:28 +0000 (21:32 +0000)]
Use WTF::Optional for HTMLOListElement::m_start
https://bugs.webkit.org/show_bug.cgi?id=154824

Reviewed by Andreas Kling.

Use WTF::Optional for HTMLOListElement::m_start.

* html/HTMLOListElement.cpp:
(WebCore::HTMLOListElement::parseAttribute):
* html/HTMLOListElement.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197364 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK][jhbuild] GLib build fails with GCC 6.0
jdiggs@igalia.com [Mon, 29 Feb 2016 21:14:51 +0000 (21:14 +0000)]
[GTK][jhbuild] GLib build fails with GCC 6.0
https://bugs.webkit.org/show_bug.cgi?id=154825

Use the upstream work-around. https://bugzilla.gnome.org/show_bug.cgi?id=761550

Reviewed by Csaba Osztrogonác.

* gtk/jhbuild.modules: Apply upstream path.
* gtk/patches/gdate-suppress-string-format-literal-warning.patch: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197363 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDon't call NetworkProcess::singleton from WebProcess when using NetworkSession
achristensen@apple.com [Mon, 29 Feb 2016 20:46:13 +0000 (20:46 +0000)]
Don't call NetworkProcess::singleton from WebProcess when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154829

Reviewed by Anders Carlsson.

We were calling NetworkProcess::singleton when making the default session in the
WebProcess, which caused bad things to happen.  We also were never clearing the
credentials in the WebProcess between tests because it used to always call
NetworkProcess::singleton, which caused flaky tests.

This fixes repeatable crashes in http/tests/media/media-document-referer.html and
http/tests/media/media-document.html when using NetworkSession.

* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::NetworkProcess):
(WebKit::NetworkProcess::~NetworkProcess):
* NetworkProcess/NetworkSession.h:
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(WebKit::configurationForType):
(WebKit::globalCustomProtocolManager):
(WebKit::NetworkSession::setCustomProtocolManager):
(WebKit::NetworkSession::defaultSession):
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::clearCachedCredentials):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197362 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWe've been running Octane/regexp all wrong in run-jsc-benchmarks
fpizlo@apple.com [Mon, 29 Feb 2016 19:35:17 +0000 (19:35 +0000)]
We've been running Octane/regexp all wrong in run-jsc-benchmarks
https://bugs.webkit.org/show_bug.cgi?id=154827

Reviewed by Andreas Kling.

Octane v.2 and JetStream v.1.1 run this benchmark with warmup. This script was running
it without warmup. This patches fixes this by making this script run it with warmup.

This fix shows that my last patch, which added FTL support for regexp, was actually a 3%
speed-up on Octane/regexp, not a slow-down as the ChangeLog claimed.

It discovered this bug because for each Octane test that I want to debug, I usually make
a standalone .js file that contains the whole test along with a miniharness - usually
a plain loop - that runs it almost like it would for real but with whatever hacks I'm
using for debugging. When I wrote such a thing for regexp, I used a ~20 iteration warmup
to match the one second of warmup that this benchmark gets in Octane. To my surprise,
this quite faithful regexp runner did not see the regression that run-jsc-benchmarks
saw. That's when I found out that run-jsc-benchmarks was running it wrong.

The reason for the no-warmup slow-down is that the FTL is actually fairly expensive to
run on some of these very large functions in the regexp benchmark. I don't think we can
do anything about that, and I'd argue that the speed-up we see after the compilation is
done suggests that it was worth it.

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197361 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRefCounter<T>::Event -> RefCounterEvent
barraclough@apple.com [Mon, 29 Feb 2016 18:55:21 +0000 (18:55 +0000)]
RefCounter<T>::Event -> RefCounterEvent
https://bugs.webkit.org/show_bug.cgi?id=154767

Reviewed by Darin Adler.

RefCounter<T>::Event is kinda verbose to use, and there is no need for this
to be specific to a particular typeof RefCounter. Move the enum class up to
the top level & rename to RefCounterEvent.

Source/WebCore:

* page/PageThrottler.cpp:
(WebCore::PageThrottler::PageThrottler):
(WebCore::m_audiblePluginHysteresis):
(WebCore::m_mediaActivityCounter):
(WebCore::m_pageLoadActivityCounter):
* platform/VNodeTracker.cpp:
(WebCore::VNodeTracker::singleton):
(WebCore::VNodeTracker::VNodeTracker):
(WebCore::m_lastWarningTime):

Source/WebKit2:

Also remove UserObservablePageToken - this is vestigial & not really offering
anything over just using UserObservablePageCounter::Token directly.

* UIProcess/Plugins/PluginProcessManager.cpp:
(WebKit::PluginProcessManager::PluginProcessManager):
* UIProcess/Plugins/PluginProcessManager.h:
* UIProcess/Plugins/mac/PluginProcessManagerMac.mm:
(WebKit::PluginProcessManager::updateProcessSuppressionDisabled):
* UIProcess/ProcessThrottler.cpp:
(WebKit::ProcessThrottler::ProcessThrottler):
(WebKit::m_backgroundCounter):
(WebKit::m_suspendMessageCount):
* UIProcess/ProcessThrottler.h:
* UIProcess/WebPageProxy.h:
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::WebProcessPool):
(WebKit::m_processSuppressionDisabledForPageCounter):
(WebKit::m_hiddenPageThrottlingAutoIncreasesCounter):
* UIProcess/WebProcessPool.h:

Source/WTF:

* wtf/RefCounter.h:
(WTF::RefCounter<T>::Count::ref):
(WTF::RefCounter<T>::Count::deref):

Tools:

* TestWebKitAPI/Tests/WTF/RefCounter.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197360 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agostreams/pipe-to.html flaky on mac-wk1 debug
youenn.fablet@crf.canon.fr [Mon, 29 Feb 2016 18:51:28 +0000 (18:51 +0000)]
streams/pipe-to.html flaky on mac-wk1 debug
https://bugs.webkit.org/show_bug.cgi?id=154687

Reviewed by Darin Adler.

* TestExpectations: Marking streams/pipe-to.html as slow.
* streams/pipe-to.html: Increasing the timeout value.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197359 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove more LLVM related cruft
ossy@webkit.org [Mon, 29 Feb 2016 18:33:24 +0000 (18:33 +0000)]
Remove more LLVM related cruft
https://bugs.webkit.org/show_bug.cgi?id=154821

Reviewed by Darin Adler.

* Scripts/build-jsc:
* Scripts/build-webkit:
* Scripts/copy-webkitlibraries-to-product-directory:
* Scripts/export-llvm-build: Removed.
* Scripts/run-jsc-stress-tests:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197358 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFTL should be able to run everything in Octane/regexp
fpizlo@apple.com [Mon, 29 Feb 2016 18:05:17 +0000 (18:05 +0000)]
FTL should be able to run everything in Octane/regexp
https://bugs.webkit.org/show_bug.cgi?id=154266

Reviewed by Saam Barati.

Adds FTL support for NewRegexp, RegExpTest, and RegExpExec. I couldn't figure out how to
make the RegExpExec peephole optimization work in FTL. This optimizations shouldn't be a
DFG backend optimization anyway - if we need this optimization then it should be a
strength reduction rule over IR. That way, it can be shared by all backends.

I measured whether removing that optimization had any effect on performance separately
from measuring the performance of this patch. Removing that optimization did not change
our score on any benchmarks.

This patch does have an overall negative effect on the Octane/regexp score. This is
presumably because tiering up to the FTL has no value to the code in the regexp test. Or
maybe it's something else. No matter - the overall effect on the Octane score is not
statistically significant and we don't want this kind of coverage blocked by the fact
that adding coverage hurts a benchmark.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGNode.h:
(JSC::DFG::Node::setIndexingType):
(JSC::DFG::Node::hasRegexpIndex):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileNotifyWrite):
(JSC::DFG::SpeculativeJIT::compileIsObjectOrNull):
(JSC::DFG::SpeculativeJIT::compileRegExpExec): Deleted.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):
* tests/stress/ftl-regexp-exec.js: Added.
* tests/stress/ftl-regexp-test.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197357 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse HTML parsing rules for textarea.maxLength
cdumez@apple.com [Mon, 29 Feb 2016 17:36:51 +0000 (17:36 +0000)]
Use HTML parsing rules for textarea.maxLength
https://bugs.webkit.org/show_bug.cgi?id=154805

Reviewed by Andreas Kling.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-forms-expected.txt:

Source/WebCore:

Use HTML parsing rules for textarea.maxLength:
- https://html.spec.whatwg.org/multipage/forms.html#dom-textarea-maxlength
- https://html.spec.whatwg.org/multipage/infrastructure.html#limited-to-only-non-negative-numbers

No new tests, already covered by existing test.

* html/HTMLTextAreaElement.cpp:
(WebCore::HTMLTextAreaElement::maxLength):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197355 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAlign td.rowSpan / td.colSpan with the specification
cdumez@apple.com [Mon, 29 Feb 2016 17:32:18 +0000 (17:32 +0000)]
Align td.rowSpan / td.colSpan with the specification
https://bugs.webkit.org/show_bug.cgi?id=154803

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-tabular-expected.txt:

Source/WebCore:

Align td.rowSpan / td.colSpan with the specification:
- https://html.spec.whatwg.org/multipage/tables.html#htmltablecellelement
- https://html.spec.whatwg.org/multipage/tables.html#dom-tdth-colspan
- https://html.spec.whatwg.org/multipage/tables.html#dom-tdth-rowspan

In particular, the following changes were made:
- Change type from 'long' to 'unsigned long'.
- Use HTML rules for parsing unsigned integers:
  - https://html.spec.whatwg.org/multipage/infrastructure.html#rules-for-parsing-non-negative-integers
- Use 1 as default value when the input value is out of range instead
  of 0 when setting.
- rowspan is still clamped to [1, 8190] internally but we now expose the
  unclamped value to JS as this is an internal restriction. The same is
  done for a colSpan value of 0, we expose 0 to the Web but clamp to 1
  internally.

No new tests, already covered by existing test.

* html/HTMLTableCellElement.cpp:
(WebCore::HTMLTableCellElement::colSpan):
(WebCore::HTMLTableCellElement::rowSpan):
(WebCore::HTMLTableCellElement::rowSpanForBindings):
(WebCore::HTMLTableCellElement::setColSpan):
(WebCore::HTMLTableCellElement::setRowSpanForBindings):
(WebCore::HTMLTableCellElement::axis): Deleted.
(WebCore::HTMLTableCellElement::headers): Deleted.
* html/HTMLTableCellElement.h:
* html/HTMLTableCellElement.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197354 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Web IDL] Add support for [TreatNullAs=EmptyString] and use it
cdumez@apple.com [Mon, 29 Feb 2016 17:28:13 +0000 (17:28 +0000)]
[Web IDL] Add support for [TreatNullAs=EmptyString] and use it
https://bugs.webkit.org/show_bug.cgi?id=154654

Reviewed by Darin Adler.

Add support for [TreatNullAs=EmptyString] standard Web IDL extended
attribute:
- http://heycam.github.io/webidl/#TreatNullAs

This replaces the WebKit-specific [TreatNullAs=NullString] IDL
extended attribute. Instead of passing a null String() to the
implementation, emptyString() is passed.

This patch does not cause any web-exposed behavior change. For
case where switching from NullString to EmptyString would change
the behavior (or require changes to the implementation), the old
IDL attribute was kept. However, it was renamed to
[TreatNullAs=LegacyNullString] to discourage its use in new code.
Eventually, this legacy IDL attribute should go away entirely.

[TreatNullAs=EmptyString] should only be used when it is present
in the corresponding specification. Note that there are a lot of
places where we use [TreatNullAs=EmptyString] in our IDL where it
does not match the specification. I have added FIXME comments for
those so we can clean them up later.

No new tests, no web-exposed behavior change.

* Modules/mediastream/RTCPeerConnection.idl:
No behavior change because this is not implemented.

* bindings/js/JSDOMBinding.cpp:
(WebCore::valueToStringTreatingNullAsEmptyString):
* bindings/js/JSDOMBinding.h:
Add new function to convert a JSValue into a String while treating
null as the empty string.

* bindings/scripts/CodeGeneratorJS.pm:
(JSValueToNative):
* bindings/scripts/IDLAttributes.txt:
- Add support for [TreatNullAs=EmptyString].
- Rename NullString to LegacyNullString to discourage its use.

* bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
* bindings/scripts/test/GObject/WebKitDOMTestObj.h:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/ObjC/DOMTestObj.h:
* bindings/scripts/test/ObjC/DOMTestObj.mm:
* bindings/scripts/test/TestObj.idl:
Add bindings tests coverage for [TreatNullAs=EmptyString].

* css/CSSStyleDeclaration.idl:
* dom/CharacterData.idl:
* dom/DOMImplementation.idl:
* dom/Document.idl:
* dom/Element.idl:
* dom/ShadowRoot.idl:
* html/HTMLOutputElement.idl:
* html/HTMLScriptElement.idl:
* html/URLUtils.idl:
* svg/SVGAngle.idl:
* svg/SVGLength.idl:
Use [TreatNullAs=EmptyString] instead of [TreatNullAs=NullString].
There is not behavior change because the implementation does
not distinguish the null string from the empty string.

* html/HTMLBaseElement.idl:
* html/HTMLButtonElement.idl:
* html/HTMLFormElement.idl:
* html/HTMLMediaElement.idl:
* html/HTMLSelectElement.idl:
* svg/SVGElement.idl:
* svg/SVGScriptElement.idl:
Rename [TreatNullAs=NullString] to [TreatNullAs=LegacyNullString],
no behavior change.

* html/HTMLDocument.idl:
- dir and *Color: Rename [TreatNullAs=NullString] to
  [TreatNullAs=LegacyNullString].
- designMode: Drop [TreatNullAs=NullString] as per the specification:
  - https://html.spec.whatwg.org/multipage/dom.html#the-document-object
  null now gets converted to "null" instead of the null String but this
  does not change behavior because the implementation only recognizes
  "on" / "off" / others. So we still end up using inherit mode when
  set to null.

* html/HTMLElement.idl:
- Use [TreatNullAs=EmptyString] instead of [TreatNullAs=NullString] for
  innerText / outerText. Does not change behavior because the
  implementation does not distinguishes.
- Drop [TreatNullAs=NullString] from contentEditable to match the spec:
  - https://html.spec.whatwg.org/multipage/interaction.html#elementcontenteditable
  This does not change behavior because the implementation will the a SyntaxError
  wether a null String or the string "null" is passed.

* html/HTMLFrameElement.idl:
Drop [TreatNullAs=NullString] from location attribute. This does not
change behavior because the attribute is using a custom setter.

* html/HTMLInputElement.idl:
- formEnctype / formMethod / autocapitalize: Rename [TreatNullAs=NullString] to
  [TreatNullAs=LegacyNullString].
- value: Rename [TreatNullAs=NullString] to Rename [TreatNullAs=EmptyString], which
  does not change behavior because the implementation does not distinguish. Also
  drop the extended attribute for non-JS bindings as it has no impact.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::setMediaGroup):
Drop redundant group.isNull() check as group.isEmpty() already checks for null.

* html/HTMLScriptElement.cpp:
(WebCore::HTMLScriptElement::setText):
Drop useless .impl() call as we have a String and the method requires a String
as input.

* html/HTMLTextAreaElement.cpp:
(WebCore::HTMLTextAreaElement::setValueCommon):
Use emptyString() instead of "" as it is slightly more efficient.

* html/HTMLTextAreaElement.idl:
- value: Use [TreatNullAs=EmptyString] instead of [TreatNullAs=NullString]. No
  behavior change because the implementation does not distinguish.
- autocapitalize: Rename [TreatNullAs=NullString] to [TreatNullAs=LegacyNullString].

* html/canvas/CanvasRenderingContext2D.idl:
- globalCompositeOperation / repetitionType: Use [TreatNullAs=EmptyString] instead of
  [TreatNullAs=NullString]. No behavior change because the implementation does not
  distinguish.
- lineCap / lineJoin: Drop the [TreatNullAs=NullString] to match the spec:
  - https://html.spec.whatwg.org/multipage/scripting.html#canvaspathdrawingstyles
  There is no behavior change because those are string enumerations and the value
  is not recognized either way (String() or String("null")).
- shadowColor: Drop the [TreatNullAs=NullString] to match the spec:
  - https://html.spec.whatwg.org/multipage/scripting.html#canvasshadowstyles
  No behavior change because this is not a valid color either way.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197353 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFixed compilation with !ENABLE(DATABASE_PROCESS).
commit-queue@webkit.org [Mon, 29 Feb 2016 15:03:41 +0000 (15:03 +0000)]
Fixed compilation with !ENABLE(DATABASE_PROCESS).
https://bugs.webkit.org/show_bug.cgi?id=154813

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-02-29
Reviewed by Michael Catanzaro.

* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::terminateDatabaseProcess): Added missing #if
guard.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197352 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Touch slider test fails due to assertion in webkitWebViewBaseTouchEvent()
commit-queue@webkit.org [Mon, 29 Feb 2016 15:01:55 +0000 (15:01 +0000)]
[GTK] Touch slider test fails due to assertion in webkitWebViewBaseTouchEvent()
https://bugs.webkit.org/show_bug.cgi?id=153829

Patch by Adrien Plazas <aplazas@igalia.com> on 2016-02-29
Reviewed by Carlos Garcia Campos.

Source/WebKit2:

Once a touch event sequence is identified as a gesture, remove it
from the list of handled touch events.

* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkitWebViewBaseTouchEvent):

LayoutTests:

* platform/gtk/TestExpectations:
Remove now passing tests from the expected failures.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197351 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[cmake] Allow using FindGLIB in case glib is optional dependency.
commit-queue@webkit.org [Mon, 29 Feb 2016 14:59:39 +0000 (14:59 +0000)]
[cmake] Allow using FindGLIB in case glib is optional dependency.
https://bugs.webkit.org/show_bug.cgi?id=154796

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-02-29
Reviewed by Michael Catanzaro.

FindGLIB caused internal CMake error in case glibconfig.h is not
found.

* Source/cmake/FindGLIB.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197350 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRefactor FetchBody constructors
youenn.fablet@crf.canon.fr [Mon, 29 Feb 2016 13:01:51 +0000 (13:01 +0000)]
Refactor FetchBody constructors
https://bugs.webkit.org/show_bug.cgi?id=154721

Reviewed by Sam Weinig and Darin Adler.

Covered by existing tests.

* Modules/fetch/FetchBody.cpp:
(WebCore::FetchBody::extract): Renamed from "fromJSValue"
(WebCore::FetchBody::extractFromBody): Renamed from "fromRequestBody" and making use of move constructor.
* Modules/fetch/FetchBody.h:
(WebCore::FetchBody::FetchBody): Making default constructor public and removing empty static method.
* Modules/fetch/FetchRequest.cpp:
(WebCore::buildBody):
* Modules/fetch/FetchResponse.cpp:
(WebCore::FetchResponse::error):
(WebCore::FetchResponse::redirect):
(WebCore::FetchResponse::initializeWith):
* Modules/fetch/FetchResponse.h:
(WebCore::FetchResponse::create):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197347 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Mac][cmake] Unreviewed buildfix after r197177. Just for fun.
ossy@webkit.org [Mon, 29 Feb 2016 11:47:14 +0000 (11:47 +0000)]
[Mac][cmake] Unreviewed buildfix after r197177. Just for fun.

* PlatformMac.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197346 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197297.
commit-queue@webkit.org [Mon, 29 Feb 2016 10:06:33 +0000 (10:06 +0000)]
Unreviewed, rolling out r197297.
https://bugs.webkit.org/show_bug.cgi?id=154810

This change broke build of GTK from scratch (Requested by
annulen on #webkit).

Reverted changeset:

"[cmake] Allow using FindGLIB in case glib is optional
dependency."
https://bugs.webkit.org/show_bug.cgi?id=154796
http://trac.webkit.org/changeset/197297

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197327 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago::slotted doesn't work in nested shadow trees
antti@apple.com [Mon, 29 Feb 2016 08:36:53 +0000 (08:36 +0000)]
::slotted doesn't work in nested shadow trees
https://bugs.webkit.org/show_bug.cgi?id=154765
<rdar://problem/24870995>

Reviewed by Ryosuke Niwa.

Source/WebCore:

See https://github.com/w3c/webcomponents/issues/331#issuecomment-189191593

Test: fast/shadow-dom/css-scoping-shadow-slotted-nested.html

* css/ElementRuleCollector.cpp:
(WebCore::ElementRuleCollector::matchSlottedPseudoElementRules):

Collect ::slotted rules from all the nested shadow trees instead of just the host's.

LayoutTests:

* fast/shadow-dom/css-scoping-shadow-slotted-nested-expected.html: Added.
* fast/shadow-dom/css-scoping-shadow-slotted-nested.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197316 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMake JSFunction.name allocation fully lazy.
akling@apple.com [Mon, 29 Feb 2016 05:26:05 +0000 (05:26 +0000)]
Make JSFunction.name allocation fully lazy.
<https://webkit.org/b/154806>

Reviewed by Saam Barati.

We were reifying the "name" field on functions lazily, but created the string
value itself up front. This patch gets rid of the up-front allocation,
saving us a JSString allocation per function in most cases.

* builtins/BuiltinExecutables.cpp:
(JSC::createExecutableInternal):
* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::UnlinkedFunctionExecutable::visitChildren):
* bytecode/UnlinkedFunctionExecutable.h:
* runtime/CodeCache.cpp:
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):
* runtime/Executable.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::reifyName):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197308 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoParse HTMLOLElement.start as per the HTML spec
cdumez@apple.com [Mon, 29 Feb 2016 04:36:06 +0000 (04:36 +0000)]
Parse HTMLOLElement.start as per the HTML spec
https://bugs.webkit.org/show_bug.cgi?id=154802

Reviewed by Andreas Kling.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-grouping-expected.txt:

Source/WebCore:

Parse HTMLOLElement.start as per the HTML spec:
- https://html.spec.whatwg.org/multipage/semantics.html#dom-ol-start
- https://html.spec.whatwg.org/multipage/infrastructure.html#rules-for-parsing-integers

No new tests, already covered by existing test.

* html/HTMLOListElement.cpp:
(WebCore::HTMLOListElement::parseAttribute):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197307 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoReduce uses of PassRefPtr in indexeddb
gyuyoung.kim@webkit.org [Mon, 29 Feb 2016 01:57:41 +0000 (01:57 +0000)]
Reduce uses of PassRefPtr in indexeddb
https://bugs.webkit.org/show_bug.cgi?id=154273

Reviewed by Darin Adler.

No new tests, no behavior changes.

* Modules/indexeddb/IDBDatabaseError.h:
(WebCore::IDBDatabaseError::create):
* Modules/indexeddb/IDBKeyData.cpp:
(WebCore::IDBKeyData::maybeCreateIDBKey):
* Modules/indexeddb/IDBKeyData.h:
* Modules/indexeddb/IDBKeyRange.cpp:
(WebCore::IDBKeyRange::create):
(WebCore::IDBKeyRange::IDBKeyRange):
(WebCore::IDBKeyRange::only):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):
* Modules/indexeddb/IDBKeyRange.h:
(WebCore::IDBKeyRange::create):
(WebCore::IDBKeyRange::lower):
(WebCore::IDBKeyRange::upper):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):
* Modules/indexeddb/IDBKeyRangeData.cpp:
(WebCore::IDBKeyRangeData::maybeCreateIDBKeyRange):
* Modules/indexeddb/IDBKeyRangeData.h:
* Modules/indexeddb/IDBServerConnection.h:
* Modules/indexeddb/legacy/IDBCallbacks.h:
* Modules/indexeddb/legacy/IDBCursorBackend.cpp:
(WebCore::IDBCursorBackend::continueFunction):
* Modules/indexeddb/legacy/IDBCursorBackend.h:
* Modules/indexeddb/legacy/IDBCursorBackendOperations.h:
(WebCore::CursorIterationOperation::create):
(WebCore::CursorIterationOperation::CursorIterationOperation):
* Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp:
(WebCore::GetOperation::perform):
(WebCore::PutOperation::perform):
* Modules/indexeddb/legacy/LegacyCursor.cpp:
(WebCore::LegacyCursor::continueFunction):
* Modules/indexeddb/legacy/LegacyCursor.h:
* Modules/indexeddb/legacy/LegacyFactory.h:
(WebCore::LegacyFactory::create):
* Modules/indexeddb/legacy/LegacyRequest.cpp:
(WebCore::LegacyRequest::onSuccess):
* Modules/indexeddb/legacy/LegacyRequest.h:
* inspector/InspectorIndexedDBAgent.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197306 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r197303): 4 jsc tests failing on bots.
akling@apple.com [Mon, 29 Feb 2016 01:44:26 +0000 (01:44 +0000)]
REGRESSION(r197303): 4 jsc tests failing on bots.

Unreviewed follow-up fix.

* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): This function
can still get called with !m_rareData, in case the type profiler is active but this
particular code block doesn't have type profiler data. Handle it gracefully.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197305 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoReimplement WKPageGroup in terms of WKUserContentController
weinig@apple.com [Mon, 29 Feb 2016 00:32:24 +0000 (00:32 +0000)]
Reimplement WKPageGroup in terms of WKUserContentController
https://bugs.webkit.org/show_bug.cgi?id=154804

Reviewed by Dan Bernstein.

Source/WebKit2:

Instead of having both WebPageGroup and WebUserContentControllerProxy both keep track
of user scripts and user stylesheets, give WebPageGroup a WebUserContentControllerProxy
and let it take care of things. This allows us to remove a ton of duplicate code, and
provides a convenient way for clients currently using PageGroup based user content insertion
to start using UserContentController, since they can now be used at the same time.

When using WKPageConfigurationRef, the rule is:
    - If you don't set a WKUserContentControllerRef, the one from the WKPageGroupRef will be used.
    - If you do set a WKUserContentControllerRef, it will be used, and the one from the WKPageGroupRef
      will do nothing for that web view.

* DerivedSources.make:
Remove WebPageGroupProxy. It no longer is a MessageReceiver.

* Shared/WebPageGroupData.cpp:
(WebKit::WebPageGroupData::encode):
(WebKit::WebPageGroupData::decode):
* Shared/WebPageGroupData.h:
Stop encoding/decoding user content, instead just encode the identifier to the UserContentController.

* UIProcess/API/C/WKPageGroup.cpp:
(WKPageGroupGetUserContentController):
* UIProcess/API/C/WKPageGroup.h:
Add getter for the underlying WKUserContentControllerRef.

* UIProcess/API/cpp/WKRetainPtr.h:
(WebKit::retainWK):
Add retainWK() helper to match RetainPtr's retainPtr() helper.

* UIProcess/WebPageGroup.cpp:
(WebKit::WebPageGroup::WebPageGroup):
(WebKit::WebPageGroup::userContentController):
(WebKit::WebPageGroup::addUserStyleSheet):
(WebKit::WebPageGroup::addUserScript):
(WebKit::WebPageGroup::removeAllUserStyleSheets):
(WebKit::WebPageGroup::removeAllUserScripts):
(WebKit::WebPageGroup::removeAllUserContent):
(WebKit::WebPageGroup::addUserContentExtension):
(WebKit::WebPageGroup::removeUserContentExtension):
(WebKit::WebPageGroup::removeAllUserContentExtensions):
* UIProcess/WebPageGroup.h:
Pass through to the WebUserContentControllerProxy.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::finishInitializingWebPageAfterProcessLaunch):
(WebKit::WebPageProxy::creationParameters):
* UIProcess/WebPageProxy.h:
WebPageProxies always have a WebUserContentControllerProxy now, so it can go in a Ref and
a few branches can be removed.

* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::createWebPage):
If a UserContentController is not passed in, use the one from the PageGroup.

* WebKit2.xcodeproj/project.pbxproj:
Remove files.

* WebProcess/InjectedBundle/InjectedBundle.cpp:
Add some #includes that are now needed.

* WebProcess/UserContent/WebUserContentController.cpp:
(WebKit::WebUserContentController::getOrCreate):
* WebProcess/UserContent/WebUserContentController.h:
Modernize WebUserContentController::getOrCreate to return a Ref.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::WebPage):
(WebKit::m_shouldDispatchFakeMouseMoveEvents):
(WebKit::WebPage::addUserScript):
(WebKit::WebPage::addUserStyleSheet):
(WebKit::WebPage::removeAllUserContent):
* WebProcess/WebPage/WebPage.h:
Store the WebUserContentController in Ref, remove unnecessary branches/asserts.

* WebProcess/WebPage/WebPageGroupProxy.cpp:
(WebKit::WebPageGroupProxy::WebPageGroupProxy):
(WebKit::WebPageGroupProxy::~WebPageGroupProxy):
(WebKit::WebPageGroupProxy::userContentController):
(WebKit::WebPageGroupProxy::addUserStyleSheet): Deleted.
(WebKit::WebPageGroupProxy::addUserScript): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserStyleSheets): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserScripts): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserContent): Deleted.
(WebKit::WebPageGroupProxy::addUserContentExtension): Deleted.
(WebKit::WebPageGroupProxy::removeUserContentExtension): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserContentExtensions): Deleted.
* WebProcess/WebPage/WebPageGroupProxy.h:
Store a WebUserContentController in a Ref, remove now unnecessary message handling functions.

* WebProcess/WebPage/WebPageGroupProxy.messages.in:
Removed.

* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::didReceiveMessage):
Remove routing to WebPageGroupProxy, which is no longer a MessageReceiver.

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2/PageGroup.cpp: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197304 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoShrink UnlinkedCodeBlock a bit.
akling@apple.com [Sun, 28 Feb 2016 22:21:54 +0000 (22:21 +0000)]
Shrink UnlinkedCodeBlock a bit.
<https://webkit.org/b/154797>

Reviewed by Anders Carlsson.

Move profiler-related members of UnlinkedCodeBlock into its RareData
structure, saving 40 bytes, and then reorder the other members of
UnlinkedCodeBlock to save another 24 bytes, netting a nice total 64.

The VM member was removed entirely since UnlinkedCodeBlock is a cell
and can retrieve its VM through MarkedBlock header lookup.

* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::vm):
(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset):
(JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo):
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::addRegExp):
(JSC::UnlinkedCodeBlock::addConstant):
(JSC::UnlinkedCodeBlock::addFunctionDecl):
(JSC::UnlinkedCodeBlock::addFunctionExpr):
(JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
(JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
(JSC::UnlinkedCodeBlock::vm): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197303 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSource/WebKit2:
weinig@apple.com [Sun, 28 Feb 2016 21:56:44 +0000 (21:56 +0000)]
Source/WebKit2:
Bind _WKUserStyleSheets to _WKUserContentWorlds to allow for grouping of user content by associating to a world
https://bugs.webkit.org/show_bug.cgi?id=154798

Reviewed by Dan Bernstein.

Treat _WKUserStyleSheets like WKUserScripts and allow them to be bound to a _WKUserContentWorld.
The immediate benefit of this is allowing a client to bind a set of user content (scripts and stylesheets
for now) to a world and have them easily remove all user content associated with that world easily.

* Shared/API/APIArray.h:
Add helpers removeAllMatching and removeAllOfTypeMatching.

* UIProcess/API/APIUserStyleSheet.h:
Add API::UserContentWorld member.

* UIProcess/API/Cocoa/WKUserContentController.mm:
(-[WKUserContentController _removeAllUserScriptsAssociatedWithUserContentWorld:]):
(-[WKUserContentController _removeAllUserStyleSheetsAssociatedWithUserContentWorld:]):
* UIProcess/API/Cocoa/WKUserContentControllerPrivate.h:
Add _removeAllUserScriptsAssociatedWithUserContentWorld and _removeAllUserStyleSheetsAssociatedWithUserContentWorld.

* UIProcess/API/Cocoa/WKUserScript.mm:
(-[WKUserScript _initWithSource:injectionTime:forMainFrameOnly:legacyWhitelist:legacyBlacklist:userContentWorld:]):
(toStringVector): Deleted.
* UIProcess/API/Cocoa/_WKUserContentWorldInternal.h:
(API::toStringVector):
Move toStringVector to a location where it can be shared.

* UIProcess/API/Cocoa/_WKUserStyleSheet.h:
* UIProcess/API/Cocoa/_WKUserStyleSheet.mm:
(-[_WKUserStyleSheet initWithSource:forMainFrameOnly:legacyWhitelist:legacyBlacklist:userContentWorld:]):
Add new initializer which has a world to be bound to. While here, match WKUserScript and add support for the
legacy whitelist and blacklists.

* UIProcess/UserContent/WebUserContentControllerProxy.cpp:
(WebKit::WebUserContentControllerProxy::addProcess):
(WebKit::WebUserContentControllerProxy::removeProcess):
(WebKit::WebUserContentControllerProxy::addUserContentWorldUse):
(WebKit::WebUserContentControllerProxy::shouldSendRemoveUserContentWorldsMessage):
(WebKit::WebUserContentControllerProxy::removeUserContentWorldUses):
(WebKit::WebUserContentControllerProxy::addUserScript):
(WebKit::WebUserContentControllerProxy::removeUserScript):
(WebKit::WebUserContentControllerProxy::removeAllUserScripts):
(WebKit::WebUserContentControllerProxy::addUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeAllUserStyleSheets):
* UIProcess/UserContent/WebUserContentControllerProxy.h:
Refactor to share the code which decides whether to send AddUserContentWorlds/RemoveUserContentWorlds
messages.

* WebProcess/UserContent/WebUserContentController.cpp:
(WebKit::WebUserContentController::addUserContentWorlds):
(WebKit::WebUserContentController::removeUserContentWorlds):
(WebKit::WebUserContentController::addUserScripts):
(WebKit::WebUserContentController::removeUserScript):
(WebKit::WebUserContentController::removeAllUserScripts):
(WebKit::WebUserContentController::addUserStyleSheets):
(WebKit::WebUserContentController::removeUserStyleSheet):
(WebKit::WebUserContentController::removeAllUserStyleSheets):
* WebProcess/UserContent/WebUserContentController.h:
* WebProcess/UserContent/WebUserContentController.messages.in:
Add support for binding stylesheets to worlds and allow removing all the scripts/stylesheets from a
set of worlds at once by passing Vectors of world identifiers in the remove messages.

Tools:
Bind _WKUserStyleSheets to WKUserContentWorlds to allow for grouping of user content by associating to a world
https://bugs.webkit.org/show_bug.cgi?id=154798

Reviewed by Dan Bernstein.

* TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:
Add tests for removing _WKUserStyleSheets and WKUserScripts

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197302 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSwitch to application/vnd.apple.folder for <attachment> folder special-case
timothy_horton@apple.com [Sun, 28 Feb 2016 21:00:15 +0000 (21:00 +0000)]
Switch to application/vnd.apple.folder for <attachment> folder special-case
https://bugs.webkit.org/show_bug.cgi?id=154786
<rdar://problem/24416632>

Reviewed by Anders Carlsson.

Source/WebCore:

No new tests, adjusted an existing test to cover this.

* rendering/RenderThemeMac.mm:
(WebCore::iconForAttachment):
Add a second folder MIME type.

LayoutTests:

* fast/attachment/attachment-folder-icon-expected.html:
* fast/attachment/attachment-folder-icon.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197301 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoVariables can resolve to the wrong value when elements differ in nothing but inherite...
timothy_horton@apple.com [Sun, 28 Feb 2016 20:42:55 +0000 (20:42 +0000)]
Variables can resolve to the wrong value when elements differ in nothing but inherited variable value
https://bugs.webkit.org/show_bug.cgi?id=154785

Reviewed by Antti Koivisto.

Source/WebCore:

Test: fast/css/variables/avoid-matched-property-cache.html

* css/StyleResolver.cpp:
(WebCore::StyleResolver::MatchResult::addMatchedProperties):
Disable the matched property cache when a value is variable-dependent, because
they can resolve to inherited values, and the matched property cache could
end up copying the wrong value from another similarly-styled element.

LayoutTests:

* fast/css/variables/avoid-matched-property-cache-expected.html: Added.
* fast/css/variables/avoid-matched-property-cache.html: Added.
Add a test. The non-standard element is necessary because the resolved property
cache is already disabled when using the "simple" default style sheet, and
it seems better to use a totally non-standard element than one that might
end up in the "simple" default style sheet in the future and would silently
invalidate the test.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197300 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFTL should lower its abstract heaps to B3 heap ranges
fpizlo@apple.com [Sun, 28 Feb 2016 20:34:03 +0000 (20:34 +0000)]
FTL should lower its abstract heaps to B3 heap ranges
https://bugs.webkit.org/show_bug.cgi?id=154782

Reviewed by Saam Barati.

The FTL can describe the abstract heaps (points-to sets) that a memory operation will
affect. The abstract heaps are arranged as a hierarchy. We used to transform this into
TBAA hierarchies in LLVM, but we never got around to wiring this up to B3's equivalent
notion - the HeapRange. That's what this patch fixes.

B3 has a minimalistic alias analysis. It represents abstract heaps using unsigned 32-bit
integers. There are 1<<32 abstract heaps. The B3 client can describe what an operation
affects by specifying a heap range: a begin...end pair that says that the operation
affects all abstract heaps H such that begin <= H < end.

This peculiar scheme was a deliberate attempt to distill what the abstract heap
hierarchy is all about. We can assign begin...end numbers to abstract heaps so that:

- A heap's end is greater than its begin.
- A heap's begin is greater than or equal to its parent's begin.
- A heap's end is less than or equal to its parent's end.

This is easy to do using a recursive traversal of the abstract heap hierarchy. I almost
went for the iterative traversal, which is a splendid algorithm, but it's totally
unnecessary here since we tightly control the height of the heap hierarchy.

Because abstract heaps are produced on-the-fly by FTL lowering, due to the fact that we
generate new ones for field names and constant indices we encounter, we can't actually
decorate the B3 instructions we create in lowering until all lowering is done. Adding a
new abstract heap to the hierarchy after ranges were already computed would require
updating the ranges of any heaps "to the right" of that heap in the hierarchy. This
patch solves that problem by recording the associations between abstract heaps and their
intended roles in the generated IR, and then decorating all of the relevant B3 values
after we compute the ranges of the hierarchy after lowering.

This is perf-neutral. I was hoping for a small speed-up, but I could not detect a
speed-up on any benchmark. That's not too surprising. We already have very precise CSE
in the DFG, so there aren't many opportunities left for the B3 CSE and it may have
already been getting the big ones even without alias analysis.

Even without a speed-up, this patch is valuable because it makes it easier to implement
other optimizations, like store elimination.

* b3/B3HeapRange.h:
(JSC::B3::HeapRange::HeapRange):
* ftl/FTLAbstractHeap.cpp:
(JSC::FTL::AbstractHeap::AbstractHeap):
(JSC::FTL::AbstractHeap::changeParent):
(JSC::FTL::AbstractHeap::compute):
(JSC::FTL::AbstractHeap::shallowDump):
(JSC::FTL::AbstractHeap::dump):
(JSC::FTL::AbstractHeap::deepDump):
(JSC::FTL::AbstractHeap::badRangeError):
(JSC::FTL::IndexedAbstractHeap::IndexedAbstractHeap):
(JSC::FTL::IndexedAbstractHeap::baseIndex):
(JSC::FTL::IndexedAbstractHeap::atSlow):
(JSC::FTL::IndexedAbstractHeap::initialize):
(JSC::FTL::AbstractHeap::decorateInstruction): Deleted.
(JSC::FTL::AbstractField::dump): Deleted.
* ftl/FTLAbstractHeap.h:
(JSC::FTL::AbstractHeap::AbstractHeap):
(JSC::FTL::AbstractHeap::isInitialized):
(JSC::FTL::AbstractHeap::initialize):
(JSC::FTL::AbstractHeap::parent):
(JSC::FTL::AbstractHeap::heapName):
(JSC::FTL::AbstractHeap::range):
(JSC::FTL::AbstractHeap::offset):
(JSC::FTL::IndexedAbstractHeap::atAnyIndex):
(JSC::FTL::IndexedAbstractHeap::at):
(JSC::FTL::IndexedAbstractHeap::operator[]):
(JSC::FTL::IndexedAbstractHeap::returnInitialized):
(JSC::FTL::IndexedAbstractHeap::WithoutZeroOrOneHashTraits::constructDeletedValue):
(JSC::FTL::IndexedAbstractHeap::WithoutZeroOrOneHashTraits::isDeletedValue):
(JSC::FTL::AbstractHeap::changeParent): Deleted.
(JSC::FTL::AbstractField::AbstractField): Deleted.
(JSC::FTL::AbstractField::initialize): Deleted.
(JSC::FTL::AbstractField::offset): Deleted.
* ftl/FTLAbstractHeapRepository.cpp:
(JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
(JSC::FTL::AbstractHeapRepository::~AbstractHeapRepository):
(JSC::FTL::AbstractHeapRepository::decorateMemory):
(JSC::FTL::AbstractHeapRepository::decorateCCallRead):
(JSC::FTL::AbstractHeapRepository::decorateCCallWrite):
(JSC::FTL::AbstractHeapRepository::decoratePatchpointRead):
(JSC::FTL::AbstractHeapRepository::decoratePatchpointWrite):
(JSC::FTL::AbstractHeapRepository::computeRangesAndDecorateInstructions):
* ftl/FTLAbstractHeapRepository.h:
(JSC::FTL::AbstractHeapRepository::forArrayType):
(JSC::FTL::AbstractHeapRepository::HeapForValue::HeapForValue):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::lower):
* ftl/FTLOutput.cpp:
(JSC::FTL::Output::load):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::load8ZeroExt32):
(JSC::FTL::Output::load16SignExt32):
(JSC::FTL::Output::load16ZeroExt32):
(JSC::FTL::Output::store):
(JSC::FTL::Output::store32As8):
(JSC::FTL::Output::store32As16):
(JSC::FTL::Output::baseIndex):
* ftl/FTLOutput.h:
(JSC::FTL::Output::address):
(JSC::FTL::Output::absolute):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::load8ZeroExt32):
(JSC::FTL::Output::load16SignExt32):
(JSC::FTL::Output::load16ZeroExt32):
(JSC::FTL::Output::load32):
(JSC::FTL::Output::load64):
(JSC::FTL::Output::loadPtr):
(JSC::FTL::Output::loadDouble):
(JSC::FTL::Output::store32):
(JSC::FTL::Output::store64):
(JSC::FTL::Output::storePtr):
(JSC::FTL::Output::storeDouble):
(JSC::FTL::Output::ascribeRange):
(JSC::FTL::Output::nonNegative32):
(JSC::FTL::Output::load32NonNegative):
(JSC::FTL::Output::equal):
(JSC::FTL::Output::notEqual):
* ftl/FTLTypedPointer.h:
(JSC::FTL::TypedPointer::operator!):
(JSC::FTL::TypedPointer::heap):
(JSC::FTL::TypedPointer::value):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197299 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSVGToOTFFontConversion.cpp does not compile with libstdc++ 4.8
commit-queue@webkit.org [Sun, 28 Feb 2016 20:12:06 +0000 (20:12 +0000)]
SVGToOTFFontConversion.cpp does not compile with libstdc++ 4.8
https://bugs.webkit.org/show_bug.cgi?id=154794

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-02-28
Reviewed by Michael Catanzaro.

No new tests needed.

* svg/SVGToOTFFontConversion.cpp:
(WebCore::SVGToOTFFontConverter::appendLigatureSubtable): Added const
qualifiers.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197298 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[cmake] Allow using FindGLIB in case glib is optional dependency.
commit-queue@webkit.org [Sun, 28 Feb 2016 20:11:02 +0000 (20:11 +0000)]
[cmake] Allow using FindGLIB in case glib is optional dependency.
https://bugs.webkit.org/show_bug.cgi?id=154796

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-02-28
Reviewed by Michael Catanzaro.

FindGLIB caused internal CMake error in case GLIBCONFIG_INCLUDE_DIR is
not defined.

* Source/cmake/FindGLIB.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197297 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Arrow function syntax. Emit loading&putting this/super only if they are used...
gskachkov@gmail.com [Sun, 28 Feb 2016 19:14:26 +0000 (19:14 +0000)]
[ES6] Arrow function syntax. Emit loading&putting this/super only if they are used in arrow function. https://bugs.webkit.org/show_bug.cgi?id=153981

Small improvements

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197296 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoProxyObject.[[GetOwnProperty]] is partially broken because it doesn't propagate infor...
sbarati@apple.com [Sun, 28 Feb 2016 18:40:35 +0000 (18:40 +0000)]
ProxyObject.[[GetOwnProperty]] is partially broken because it doesn't propagate information back to the slot
https://bugs.webkit.org/show_bug.cgi?id=154768

Reviewed by Ryosuke Niwa.

This fixes a big bug with ProxyObject.[[GetOwnProperty]]:
http://www.ecma-international.org/ecma-262/6.0/index.html#sec-proxy-object-internal-methods-and-internal-slots-getownproperty-p
We weren't correctly propagating the result of this operation to the
out PropertySlot& parameter. This patch fixes that and adds tests.

* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorGetOwnPropertyDescriptor):
I added a missing exception check after object allocation
because I saw that it was missing while reading the code.

* runtime/PropertyDescriptor.cpp:
(JSC::PropertyDescriptor::setUndefined):
(JSC::PropertyDescriptor::slowGetterSetter):
(JSC::PropertyDescriptor::getter):
* runtime/PropertyDescriptor.h:
(JSC::PropertyDescriptor::attributes):
(JSC::PropertyDescriptor::value):
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
* tests/es6.yaml:
* tests/stress/proxy-get-own-property.js:
(let.handler.getOwnPropertyDescriptor):
(set get let.handler.return):
(set get let.handler.getOwnPropertyDescriptor):
(set get let):
(set get let.a):
(let.b):
(let.setter):
(let.getter):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197295 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: DataGrid's resizers aren't horizontally centered
nvasilyev@apple.com [Sun, 28 Feb 2016 08:01:10 +0000 (08:01 +0000)]
Web Inspector: DataGrid's resizers aren't horizontally centered
https://bugs.webkit.org/show_bug.cgi?id=154787
<rdar://problem/24876901>

Reviewed by Timothy Hatcher.

* UserInterface/Views/DataGrid.css:
(.data-grid .resizer):
Use CSS transforms as margin-left doesn't support sub-pixel values.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197265 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemoving ios-simulator baseline for js/number-toLocaleString.html
sukolsak@gmail.com [Sun, 28 Feb 2016 03:33:19 +0000 (03:33 +0000)]
Removing ios-simulator baseline for js/number-toLocaleString.html
https://bugs.webkit.org/show_bug.cgi?id=154524

Reviewed by Darin Adler.

The default locale issue has been fixed in r197261.
Infinity.toLocaleString() should return "∞" as expected.

* platform/ios-simulator/js/number-toLocaleString-expected.txt: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197264 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoPrevent cross-origin access to Location.assign() / Location.reload()
cdumez@apple.com [Sun, 28 Feb 2016 00:50:28 +0000 (00:50 +0000)]
Prevent cross-origin access to Location.assign() / Location.reload()
https://bugs.webkit.org/show_bug.cgi?id=154779

Reviewed by Darin Adler.

Source/WebCore:

Prevent cross-origin access to Location.assign() / Location.reload()
to match the latest specification:
- https://html.spec.whatwg.org/multipage/browsers.html#crossoriginproperties-(-o-)

Firefox and Chrome already prevent this but WebKit allowed it.

No new tests, already covered by existing tests.

* bindings/js/JSLocationCustom.cpp:
(WebCore::JSLocation::getOwnPropertySlotDelegate):
(WebCore::JSLocation::putDelegate): Deleted.

LayoutTests:

Update existing layout tests now that we prevent cross-origin access to
Location.assign() / Location.reload().

* http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt:
* http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html:
* http/tests/security/cross-frame-access-location-get-expected.txt:
* http/tests/security/cross-frame-access-location-get-override-expected.txt:
* http/tests/security/cross-frame-access-location-get-override.html:
* http/tests/security/cross-frame-access-location-get.html:
* http/tests/security/xss-DENIED-defineProperty-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197263 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSilence leaks under TextCodecICU::registerCodecs
ap@apple.com [Sun, 28 Feb 2016 00:40:18 +0000 (00:40 +0000)]
Silence leaks under TextCodecICU::registerCodecs
https://bugs.webkit.org/show_bug.cgi?id=154737

Reviewed by Darin Adler.

* Scripts/webkitpy/port/leakdetector.py:
(LeakDetector._callstacks_to_exclude_from_leaks):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197262 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoIntl.Collator uses POSIX locale (detected by js/intl-collator.html on iOS Simulator)
commit-queue@webkit.org [Sun, 28 Feb 2016 00:36:01 +0000 (00:36 +0000)]
Intl.Collator uses POSIX locale (detected by js/intl-collator.html on iOS Simulator)
https://bugs.webkit.org/show_bug.cgi?id=152448

Patch by Andy VanWagoner <thetalecrafter@gmail.com> on 2016-02-27
Reviewed by Darin Adler.

Source/JavaScriptCore:

Add defaultLanguage to the globalObjectMethodTable and use it for the
default locale in Intl object initializations. Fall back to ICU default
locale only if the defaultLanguage function is null, or returns an
empty string.

* jsc.cpp:
* runtime/IntlCollator.cpp:
(JSC::IntlCollator::initializeCollator):
* runtime/IntlDateTimeFormat.cpp:
(JSC::IntlDateTimeFormat::initializeDateTimeFormat):
* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::initializeNumberFormat):
* runtime/IntlObject.cpp:
(JSC::defaultLocale):
(JSC::lookupMatcher):
(JSC::bestFitMatcher):
(JSC::resolveLocale):
* runtime/IntlObject.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/StringPrototype.cpp:
(JSC::toLocaleCase):

Source/WebCore:

Pass defaultLanguage from Language.h to the globalObjectMethodTable to
ensure Intl objects can be initialized with the correct default locale.

* bindings/js/JSDOMWindowBase.cpp:
* bindings/js/JSWorkerGlobalScopeBase.cpp:

LayoutTests:

Add tests for default locale in test runner to be en-US.

* js/intl-collator-expected.txt:
* js/intl-datetimeformat-expected.txt:
* js/intl-numberformat-expected.txt:
* js/script-tests/intl-collator.js:
* js/script-tests/intl-datetimeformat.js:
* js/script-tests/intl-numberformat.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197261 268f45cc-cd09-0410-ab3c-d52691b4dbfc