WebKit-https.git
4 years ago[Curl] WebSocket platform part is not implemented.
peavo@outlook.com [Fri, 15 May 2015 13:50:05 +0000 (13:50 +0000)]
[Curl] WebSocket platform part is not implemented.
https://bugs.webkit.org/show_bug.cgi?id=144628

Reviewed by Darin Adler.

Add Curl platform code implementation for WebSockets.

* platform/network/curl/SocketStreamHandle.h:
(WebCore::SocketStreamHandle::create):
(WebCore::SocketStreamHandle::SocketData::SocketData):
* platform/network/curl/SocketStreamHandleCurl.cpp:
(WebCore::SocketStreamHandle::SocketStreamHandle):
(WebCore::SocketStreamHandle::~SocketStreamHandle):
(WebCore::SocketStreamHandle::platformSend):
(WebCore::SocketStreamHandle::platformClose):
(WebCore::SocketStreamHandle::readData):
(WebCore::SocketStreamHandle::sendData):
(WebCore::SocketStreamHandle::waitForAvailableData):
(WebCore::SocketStreamHandle::startThread):
(WebCore::SocketStreamHandle::stopThread):
(WebCore::SocketStreamHandle::didReceiveData):
(WebCore::SocketStreamHandle::didOpenSocket):
(WebCore::SocketStreamHandle::createCopy):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184389 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUser interruption while running of run-webkit-tests should also generate results...
ossy@webkit.org [Fri, 15 May 2015 12:22:12 +0000 (12:22 +0000)]
User interruption while running of run-webkit-tests should also generate results.html
https://bugs.webkit.org/show_bug.cgi?id=122154

Patch by Ravi Phaneendra Kasibhatla <r.kasibhatla@samsung.com> on 2015-05-15
Reviewed by Csaba Osztrogonác.

Generation of results.html on execution of run-webkit-tests happens only
on completion of entire layout tests run. It should be created even when
the execution has been interrupted - either by user (by pressing Ctrl+C)
or because of other interruptions (like exit-after-n-failures option).

* Scripts/webkitpy/layout_tests/controllers/layout_test_runner.py:
(LayoutTestRunner.run_tests):
* Scripts/webkitpy/layout_tests/controllers/manager.py:
(Manager.run):
* Scripts/webkitpy/layout_tests/models/test_run_results.py:
(TestRunResults.__init__):
* Scripts/webkitpy/layout_tests/run_webkit_tests.py:
(main):
* Scripts/webkitpy/layout_tests/run_webkit_tests_integrationtest.py:
(RunTest.test_keyboard_interrupt):
(MainTest.test_exception_handling):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184382 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[buildbot] Fix the URL of the performance bots
ossy@webkit.org [Fri, 15 May 2015 11:00:15 +0000 (11:00 +0000)]
[buildbot] Fix the URL of the performance bots
https://bugs.webkit.org/show_bug.cgi?id=145043

Reviewed by Ryosuke Niwa.

* BuildSlaveSupport/build.webkit.org-config/templates/root.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184379 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix typo in function name parseFunctionParamters -> parseFunctionParameters
commit-queue@webkit.org [Fri, 15 May 2015 09:22:19 +0000 (09:22 +0000)]
Fix typo in function name parseFunctionParamters -> parseFunctionParameters
https://bugs.webkit.org/show_bug.cgi?id=145040

Patch by Alexandr Skachkov <gskachkov@gmail.com> on 2015-05-15
Reviewed by Mark Lam.

* parser/Parser.h:
* parser/Parser.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184378 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r183861): [SOUP] Downloads are broken when using the Network Process
carlosgc@webkit.org [Fri, 15 May 2015 08:03:16 +0000 (08:03 +0000)]
REGRESSION(r183861): [SOUP] Downloads are broken when using the Network Process
https://bugs.webkit.org/show_bug.cgi?id=144738

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Add ResourceHandle::releaseForDownload() that releases the current
handle to be used as a download.

* platform/network/ResourceHandle.h:
* platform/network/soup/ResourceHandleSoup.cpp:
(WebCore::ResourceHandle::releaseForDownload):

Source/WebKit2:

When converting the main resource handle to a download, the
NetworkResourceLoader is aborted, and the ResourceHandle is
cleaned up aborting the download operation. We need to use a
different ResourceHandle for the download operation.

* Shared/Downloads/soup/DownloadSoup.cpp:
(WebKit::Download::startWithHandle): Use ResourceHandle::releaseForDownload()
instead of reusing the given handle.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184376 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemoved failing test expectations from passing tests.
rniwa@webkit.org [Fri, 15 May 2015 08:01:42 +0000 (08:01 +0000)]
Removed failing test expectations from passing tests.

* TestExpectations:
* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184375 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Fix PlatformDisplayWayland construction error, implement the destructor
zandobersek@gmail.com [Fri, 15 May 2015 07:05:47 +0000 (07:05 +0000)]
[GTK] Fix PlatformDisplayWayland construction error, implement the destructor
https://bugs.webkit.org/show_bug.cgi?id=144997

Reviewed by Carlos Garcia Campos.

The PlatformDisplayWayland constructor is private, so we can't use
std::make_unique<>() to construct an object of this class.

Implement the PlatformDisplayWayland destructor, cleaning out all
the Wayland resources, if present.

* platform/graphics/wayland/PlatformDisplayWayland.cpp:
(WebCore::PlatformDisplayWayland::create):
(WebCore::PlatformDisplayWayland::PlatformDisplayWayland):
(WebCore::PlatformDisplayWayland::~PlatformDisplayWayland):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184374 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImages on www.fitstylelife.com jiggle on hover.
zalan@apple.com [Fri, 15 May 2015 05:09:46 +0000 (05:09 +0000)]
Images on www.fitstylelife.com jiggle on hover.
https://bugs.webkit.org/show_bug.cgi?id=145020
rdar://problem/20885337

Reviewed by Simon Fraser.

This patch ensures that the clipping layer of a composited content is pixel snapped properly.

Source/WebCore:

Tests: compositing/composited-parent-clipping-layer-on-subpixel-position.html
       compositing/parent-clipping-layer-on-subpixel-position.html

* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::updateGeometry):

LayoutTests:

* compositing/composited-parent-clipping-layer-on-subpixel-position-expected.html: Added.
* compositing/composited-parent-clipping-layer-on-subpixel-position.html: Added.
* compositing/parent-clipping-layer-on-subpixel-position-expected.html: Added.
* compositing/parent-clipping-layer-on-subpixel-position.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184373 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoHave DOMWindow::createWindow() take references to frames
cdumez@apple.com [Fri, 15 May 2015 05:07:22 +0000 (05:07 +0000)]
Have DOMWindow::createWindow() take references to frames
https://bugs.webkit.org/show_bug.cgi?id=145037

Reviewed by Gyuyoung Kim.

Have DOMWindow::createWindow() take references to frames instead of
pointers as they are expected to be non-null. Also return a RefPtr
instead of a PassRefPtr.

* inspector/InspectorFrontendClientLocal.cpp:
(WebCore::InspectorFrontendClientLocal::openInNewTab):
* loader/FrameLoader.cpp:
(WebCore::createWindow):
* loader/FrameLoader.h:
* page/DOMWindow.cpp:
(WebCore::DOMWindow::createWindow):
(WebCore::DOMWindow::open):
(WebCore::DOMWindow::showModalDialog):
* page/DOMWindow.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184372 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r183794): Garbage tiles when body background switches to fixed
simon.fraser@apple.com [Fri, 15 May 2015 04:43:05 +0000 (04:43 +0000)]
REGRESSION (r183794): Garbage tiles when body background switches to fixed
https://bugs.webkit.org/show_bug.cgi?id=145032
rdar://problem/20963679

Reviewed by Dean Jackson.

Source/WebCore:

After r183794 (or possibly an earlier commit), we failed to dynamically update
the configuration of layers that handled fixed background attachment on the root.

This would result in unpainted tiles, and non-fixed-background behavior.

Fix by calling RenderLayerCompositor::rootOrBodyStyleChanged() whenever the
style changes on the root or body renderers, and triggering a compositing update
if the fixedness of the background changes. It calls the existing rootBackgroundTransparencyChanged()
if the color changes.

Test: platform/mac-wk2/tiled-drawing/toggle-to-fixed-background.html

* rendering/RenderBox.cpp:
(WebCore::RenderBox::styleDidChange):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::rootOrBodyStyleChanged):
(WebCore::RenderLayerCompositor::rootBackgroundTransparencyChanged):
* rendering/RenderLayerCompositor.h:

LayoutTests:

Test that toggles the attachment of the body background to fixed, then dumps layers.

* platform/mac-wk2/tiled-drawing/toggle-to-fixed-background-expected.txt: Added.
* platform/mac-wk2/tiled-drawing/toggle-to-fixed-background.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184371 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRename connectionDidClose and related methods to be more clear.
beidson@apple.com [Fri, 15 May 2015 04:39:51 +0000 (04:39 +0000)]
Rename connectionDidClose and related methods to be more clear.
https://bugs.webkit.org/show_bug.cgi?id=145030

Reviewed by Darin Adler.

These methods were easy to confuse with "Connection::Client::didClose()", yet they
were about something much more explicit: A child process being shut down by the UI Process.

Let's call them as such.

* Shared/ChildProcessProxy.cpp:
(WebKit::ChildProcessProxy::shutDownProcess):
(WebKit::ChildProcessProxy::clearConnection): Deleted.
(WebKit::ChildProcessProxy::connectionDidClose): Deleted.
* Shared/ChildProcessProxy.h:

* UIProcess/Databases/DatabaseProcessProxy.cpp:
(WebKit::DatabaseProcessProxy::processWillShutDown):
* UIProcess/Databases/DatabaseProcessProxy.h:

* UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::processWillShutDown):
* UIProcess/Network/NetworkProcessProxy.h:

* UIProcess/Plugins/PluginProcessProxy.cpp:
(WebKit::PluginProcessProxy::processWillShutDown):
* UIProcess/Plugins/PluginProcessProxy.h:

* UIProcess/WebFrameProxy.cpp:
(WebKit::WebFrameProxy::webProcessWillShutDown):
(WebKit::WebFrameProxy::disconnect): Deleted.
* UIProcess/WebFrameProxy.h:

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::webProcessWillShutDown):
(WebKit::WebPageProxy::connectionDidClose): Deleted.
* UIProcess/WebPageProxy.h:

* UIProcess/WebProcessLifetimeTracker.cpp:
(WebKit::WebProcessLifetimeTracker::webProcessWillShutDown):
(WebKit::WebProcessLifetimeTracker::connectionDidClose): Deleted.
* UIProcess/WebProcessLifetimeTracker.h:

* UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::processWillShutDown):
(WebKit::WebProcessProxy::shutDown):
(WebKit::WebProcessProxy::removeWebPage):
(WebKit::WebProcessProxy::didClose):
(WebKit::WebProcessProxy::disconnectFramesFromPage):
(WebKit::WebProcessProxy::shouldTerminate):
(WebKit::WebProcessProxy::requestTermination):
(WebKit::WebProcessProxy::connectionDidClose): Deleted.
(WebKit::WebProcessProxy::disconnect): Deleted.
* UIProcess/WebProcessProxy.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184370 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoReverted r177753, now that <rdar://problem/19347133> is fixed.
mitz@apple.com [Fri, 15 May 2015 04:36:27 +0000 (04:36 +0000)]
Reverted r177753, now that <rdar://problem/19347133> is fixed.

Rubber-stamped by Benjamin Poulain.

* wtf/SaturatedArithmetic.h:
(signedAddOverflows):
(signedSubtractOverflows):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184369 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove StoreBarrierWithNullCheck, nobody ever generates this.
fpizlo@apple.com [Fri, 15 May 2015 04:14:39 +0000 (04:14 +0000)]
Remove StoreBarrierWithNullCheck, nobody ever generates this.

Rubber stamped by Benjamin Poulain and Michael Saboff.

If we did bring something like this back in the future, we would just use UntypedUse instead
of CellUse to indicate that this is what we want.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::isStoreBarrier):
* dfg/DFGNodeType.h:
* dfg/DFGObjectAllocationSinkingPhase.cpp:
(JSC::DFG::ObjectAllocationSinkingPhase::lowerNonReadingOperationsOnPhantomAllocations):
(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileStoreBarrier):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileStoreBarrierWithNullCheck): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184368 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoPutGlobalVar should reference the global object it's storing into
fpizlo@apple.com [Fri, 15 May 2015 03:51:52 +0000 (03:51 +0000)]
PutGlobalVar should reference the global object it's storing into
https://bugs.webkit.org/show_bug.cgi?id=145036

Reviewed by Michael Saboff.

This makes it easier to reason about store barrier insertion and elimination. This changes
the format of PutGlobalVar so that child1 is the global object and child2 is the value.
Previously it just had child1, and that was the value.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compilePutGlobalVar):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184367 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r184359 and r184362.
commit-queue@webkit.org [Fri, 15 May 2015 03:28:24 +0000 (03:28 +0000)]
Unreviewed, rolling out r184359 and r184362.
https://bugs.webkit.org/show_bug.cgi?id=145035

Introduced a crash in six media element tests (Requested by
rniwa on #webkit).

Reverted changesets:

"[MediaControls] Refactor media controls & bring improvements
made to iOS controls to Mac."
https://bugs.webkit.org/show_bug.cgi?id=144973
http://trac.webkit.org/changeset/184359

"Unreviewed build fix after r184359; typo."
http://trac.webkit.org/changeset/184362

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184366 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSome CFNetwork SPI to reset HSTS hosts added since a date should not be used on Yosemite.
commit-queue@webkit.org [Fri, 15 May 2015 02:03:23 +0000 (02:03 +0000)]
Some CFNetwork SPI to reset HSTS hosts added since a date should not be used on Yosemite.
https://bugs.webkit.org/show_bug.cgi?id=145025.
and
rdar://problem/20646308.

Patch by Zhuo Li <zachli@apple.com> on 2015-05-14
Reviewed by Alexey Proskuryakov.

* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::resetHSTSHostsAddedAfterDate):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184365 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Update the New Tab button disabled state after extra domains are activated
commit-queue@webkit.org [Fri, 15 May 2015 00:25:07 +0000 (00:25 +0000)]
Web Inspector: Update the New Tab button disabled state after extra domains are activated
https://bugs.webkit.org/show_bug.cgi?id=145028

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-05-14
Reviewed by Timothy Hatcher.

* UserInterface/Base/Main.js:
(WebInspector.activateExtraDomains):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184364 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[CMake] Error out when ruby is too old
mcatanzaro@igalia.com [Fri, 15 May 2015 00:08:51 +0000 (00:08 +0000)]
[CMake] Error out when ruby is too old
https://bugs.webkit.org/show_bug.cgi?id=145014

Reviewed by Martin Robinson.

.:

Error out immediately after checking for Ruby if the ruby executable is not found, or if it
is too old.

* CMakeLists.txt:

Source/JavaScriptCore:

Don't enforce the check for the Ruby executable here; it's now enforced in the top-level
CMakeLists.txt instead.

* CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184363 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed build fix after r184359; typo.
jer.noble@apple.com [Thu, 14 May 2015 23:52:29 +0000 (23:52 +0000)]
Unreviewed build fix after r184359; typo.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::layoutSizeChanged):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184362 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdjust button CSS and positioning in preparation.
roger_fong@apple.com [Thu, 14 May 2015 23:40:29 +0000 (23:40 +0000)]
Adjust button CSS and positioning in preparation.
https://bugs.webkit.org/show_bug.cgi?id=144973.
<rdar://problem/20306227>

Reviewed by Dean Jackson.

The only visual change here is the swapping of the rewind and play button positions.
Also, position buttons based off of both left and right margins instead of just one of the two.
This allows the controls drop off to work without having to use a spacer element to take the place
of the timeline if the controls are too small.
* Modules/mediacontrols/mediaControlsApple.css:
(audio::-webkit-media-controls-rewind-button):
(audio::-webkit-media-controls-play-button):
(audio::-webkit-media-controls-panel .mute-box):
(audio::-webkit-media-controls-wireless-playback-picker-button):
(audio::-webkit-media-controls-toggle-closed-captions-button):
(audio::-webkit-media-controls-fullscreen-button):
(audio::-webkit-media-controls-fullscreen-button.exit):
(audio::-webkit-media-controls-time-remaining-display):
(audio:-webkit-full-screen::-webkit-media-controls-toggle-closed-captions-button):
(audio:-webkit-full-screen::-webkit-media-controls-wireless-playback-picker-button):
* Modules/mediacontrols/mediaControlsApple.js:
(Controller.prototype.configureInlineControls):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184361 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMediaControls: controls are live even when invisible
dino@apple.com [Thu, 14 May 2015 23:35:42 +0000 (23:35 +0000)]
MediaControls: controls are live even when invisible
https://bugs.webkit.org/show_bug.cgi?id=145029
<rdar://problem/20865442>

Reviewed by Jer Noble.

When the controls are invisible they should ignore touch/mouse
events.

* Modules/mediacontrols/mediaControlsiOS.css: Add pointer-events: none where appropriate.
(video::-webkit-media-controls-panel-container):
(video::-webkit-media-controls-panel-background):
(video::-webkit-media-controls-panel):
(video::-webkit-media-controls-panel.paused):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184360 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[MediaControls] Refactor media controls & bring improvements made to iOS controls...
jer.noble@apple.com [Thu, 14 May 2015 23:27:35 +0000 (23:27 +0000)]
[MediaControls] Refactor media controls & bring improvements made to iOS controls to Mac.
https://bugs.webkit.org/show_bug.cgi?id=144973

Reviewed by Dean Jackson.

Pull improvements made to the iOS media controls back into the Mac controls by moving
code from mediaControlsiOS.js into MediaControlsApple.js.

The largest refactored feature is the ability to drop individual controls from the media
controls when the video is too small to contain them. To allow these controls to resize
dynamically, a new "resize" event is fired inside the media element's shadow DOM.

* Modules/mediacontrols/mediaControlsApple.css:
(audio::-webkit-media-controls-panel .dropped): Added; sets "display: none".
* Modules/mediacontrols/mediaControlsApple.js:
(Controller): Set defaults for new variables.
(Controller.prototype.updateControls): Update the controls width; moved from iOS.js.
(Controller.prototype.handleReadyStateChange): Update the controls; moved from iOS.js.
(Controller.prototype.handleTimeUpdate): Update the progress; moved from iOS.js.
(Controller.prototype.handleTimelineInput): Pause if scrubbing; moved from iOS.js.
(Controller.prototype.handleTimelineChange): Update the progress; moved from iOS.js.
(Controller.prototype.showControls): Update the controls width; moved from iOS.js.
(Controller.prototype.hideControls): Removed _potentiallyScrubbing check; not needed due to changes
    to controlsAlwaysVisible().
(Controller.prototype.scheduleUpdateLayoutForDisplayedWidth): Moved from iOS.js.
(Controller.prototype.isControlVisible): Added; checks whether control is parented & not hidden.
(Controller.prototype.updateLayoutForDisplayedWidth): Moved from iOS.js and refactored.
(Controller.prototype.controlsAlwaysVisible): Return true if scrubbing.
(Controller.prototype.updateHasAudio): Check currentPlaybackTargetIsWireless(); moved from iOS.js.
(Controller.prototype.get scrubbing): Simple getter for _scrubbing.
(Controller.prototype.set scrubbing): Check play state if scrubbing; start playback (if necessary)
    if not scrubbing.
(Controller.prototype.get pageScaleFactor): Moved from iOS.js.
(Controller.prototype.set pageScaleFactor): Ditto.
(Controller.prototype.handleRootResize): Schedule an update of the contrtols width.

Remove a bunch of newly unnecessary code from the iOS media controls:

* Modules/mediacontrols/mediaControlsiOS.js:
(ControllerIOS):
(ControllerIOS.prototype.createControls): Remove ivars moved into Apple.js.
(ControllerIOS.prototype.configureInlineControls): Remove spacer; made unnecessary.
(ControllerIOS.prototype.showControls): Deleted.
(ControllerIOS.prototype.updateTime): Deleted.
(ControllerIOS.prototype.handleTimelineTouchStart): Just call "scrubbing = true", handled in Apple.js.
(ControllerIOS.prototype.handleTimelineTouchEnd): Just call "scrubbing = false", handled in Apple.js.
(ControllerIOS.prototype.handleReadyStateChange): Deleted.
(ControllerIOS.prototype.setPlaying): Don't check _timelineIsHidden; not needed.
(ControllerIOS.prototype.get pageScaleFactor): Deleted.
(ControllerIOS.prototype.set pageScaleFactor): Deleted.
(ControllerIOS.prototype.scheduleUpdateLayoutForDisplayedWidth): Deleted.
(ControllerIOS.prototypeupdateLayoutForDisplayedWidth): Deleted.

Fire a "resize" event at the shadow DOM root when layout results in a size change.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::layoutSizeChanged): Fire the "resize" event at the shadow DOM.
* html/HTMLMediaElement.h:
* rendering/RenderMedia.cpp:
(WebCore::RenderMedia::layout): Trigger layoutSizeChanged()
* rendering/RenderMedia.h:

Drive-by fixes:

* Modules/mediacontrols/mediaControlsApple.js:
(Controller.prototype.createControls): aria-label text is totally wrong; removed.
(Controller.prototype.updateWirelessPlaybackStatus): Use class-names to hide controls, not inline styles.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184359 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd a layout mode that scales down the view to try to fit the document
timothy_horton@apple.com [Thu, 14 May 2015 22:46:15 +0000 (22:46 +0000)]
Add a layout mode that scales down the view to try to fit the document
https://bugs.webkit.org/show_bug.cgi?id=145022
<rdar://problem/19790341>

Reviewed by Dean Jackson.

* Shared/WebPageCreationParameters.cpp:
(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):
* Shared/WebPageCreationParameters.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::creationParameters):
(WebKit::WebPageProxy::setShouldScaleViewToFitDocument):
* UIProcess/WebPageProxy.h:
* WebProcess/WebPage/DrawingArea.h:
(WebKit::DrawingArea::setShouldScaleViewToFitDocument):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::WebPage):
(WebKit::WebPage::setShouldScaleViewToFitDocument):
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/WebPage.messages.in:
Plumb shouldScaleViewToFitDocument through to the DrawingArea.

* UIProcess/mac/WKViewLayoutStrategy.mm:
(+[WKViewLayoutStrategy layoutStrategyWithPage:view:mode:]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy initWithPage:view:mode:]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy updateLayout]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy willChangeLayoutStrategy]):
* UIProcess/API/C/WKLayoutMode.h:
* UIProcess/API/Cocoa/_WKLayoutMode.h:
Add a new layout mode, which just turns on shouldScaleViewToFitDocument,
and otherwise behaves as normal.

* WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h:
* WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:
(WebKit::TiledCoreAnimationDrawingArea::setShouldScaleViewToFitDocument):
(WebKit::TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded):
(WebKit::TiledCoreAnimationDrawingArea::flushLayers):
On every flush where either the document size or view size has changed,
or layout is outstanding, do a layout with fixed layout off to determine
whether the document fits inside the view. If it doesn't, scale it down
to fit. This will require an extra layout for every resize while in the
scaled-down state, but there is potential for future optimization.

* MiniBrowser/mac/BrowserWindow.xib:
* MiniBrowser/mac/BrowserWindowController.h:
* MiniBrowser/mac/WK2BrowserWindowController.m:
(-[WK2BrowserWindowController toggleShrinkToFit:]):
(-[WK2BrowserWindowController toggleUseMinimumViewSize:]): Deleted.
Switch to _WKLayoutModeDynamicSizeComputedFromMinimumDocumentSize.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184358 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[CMake] Don't read the LOCATION property of targets
mcatanzaro@igalia.com [Thu, 14 May 2015 22:29:25 +0000 (22:29 +0000)]
[CMake] Don't read the LOCATION property of targets
https://bugs.webkit.org/show_bug.cgi?id=145018

Reviewed by Martin Robinson.

Use the TARGET_FILE_DIR generator expression to determine the location of the test injected
bundle, rather than assuming that the LOCATION property of TestWebKitAPIInjectedBundle will
be the same at configure-time as it is at generate-time.

* TestWebKitAPI/CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184357 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoLocal storage origins should include origins with transient local storage
andersca@apple.com [Thu, 14 May 2015 21:43:30 +0000 (21:43 +0000)]
Local storage origins should include origins with transient local storage
https://bugs.webkit.org/show_bug.cgi?id=145017
rdar://problem/10690447

Reviewed by Sam Weinig.

The transient local storage namespaces are used for third party data blocking and will stay
around until the UI process exits so we need to be able to include website data from transient storage
in the website data store APIs.

* UIProcess/Storage/StorageManager.cpp:
(WebKit::StorageManager::TransientLocalStorageNamespace::origins):
(WebKit::StorageManager::getLocalStorageOrigins):
* UIProcess/Storage/StorageManager.h:
* UIProcess/WebKeyValueStorageManager.cpp:
(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):
* UIProcess/WebsiteData/WebsiteDataStore.cpp:
(WebKit::WebsiteDataStore::fetchData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184356 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCrash in ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline
rniwa@webkit.org [Thu, 14 May 2015 21:39:50 +0000 (21:39 +0000)]
Crash in ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline
https://bugs.webkit.org/show_bug.cgi?id=119068

Reviewed by Enrica Casucci.

Source/WebCore:

The bug was caused by makeInsertedContentRoundTrippableWithHTMLTreeBuilder not updating
nodes kept tracked by insertedNodes and moveNodeOutOfAncestor stumbling upon it.

Fixed the bug by updating insertedNodes in makeInsertedContentRoundTrippableWithHTMLTreeBuilder.

Test: editing/inserting/insert-table-in-paragraph-crash.html

* editing/ReplaceSelectionCommand.cpp:
(WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):
(WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor):
* editing/ReplaceSelectionCommand.h:

LayoutTests:

Added a test based on https://chromium.googlesource.com/chromium/blink/+/3500267482e60550ce84fadd6c0db883937ce744

* editing/inserting/insert-table-in-paragraph-crash-expected.txt: Added.
* editing/inserting/insert-table-in-paragraph-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184355 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoEnforce options coherency
basile_clement@apple.com [Thu, 14 May 2015 21:32:05 +0000 (21:32 +0000)]
Enforce options coherency
https://bugs.webkit.org/show_bug.cgi?id=144921

Reviewed by Mark Lam.

JavaScriptCore should be failing early when the options are set in such
a way that we don't have a meaningful way to execute JavaScript, rather
than failing for obscure reasons at some point during execution.

This patch adds a new function that checks whether the options are set
in a coherent way, and makes JSC::Options::initialize() crash when the
environment enforces incoherent options.
Client applications able to add or change additional options are
responsible to check for coherency again before starting to actually
execute JavaScript, if any additional options have been set. This is
implemented for the jsc executable in this patch.

* jsc.cpp:
(CommandLine::parseArguments):
* runtime/Options.cpp:
(JSC::Options::initialize):
(JSC::Options::ensureOptionsAreCoherent): Added.
* runtime/Options.h:
(JSC::Options::ensureOptionsAreCoherent): Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184354 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Mac] Expose more font weights for -apple-system
mmaxfield@apple.com [Thu, 14 May 2015 21:28:54 +0000 (21:28 +0000)]
[Mac] Expose more font weights for -apple-system
https://bugs.webkit.org/show_bug.cgi?id=144707

Reviewed by Simon Fraser.

Source/WebCore:

Previously, when we parsed a CSS declaration of the form font: keyword; where keyword
is one of caption, icon, menu, message-box, small-caption, -webkit-mini-control, -webkit-small-control,
or -webkit-control (which html.css does for form controls), we would ask the system what the appropriate
system font is, get that font's family name, and synthesize a font-family CSS property for the element.
Then, later when we actually go to look up the font, we would look up the font by family name using this
information. However, this round-tripping of a font through a family name is actually lossy, and is not
guaranteed to preserve system-font-ness (which we use for various things including metrics calculations).

This patch modifies this logic to specify a token family name instead, which the font lookup code special
cases (and reacts by making the appropriate system-font lookup call). This approach is currently how iOS
handles these system fonts; this patch simply brings this approach to OS X.

There is also an added progression here. We used to simply call [NSFont fontWithName:size:] on the system
font family name (which the parser found for us) which entirely disregards weight. This means that we
used to be getting synthesized bold in form controls which ask for a heavy weight. Migrating to this
system-font aware call means that we get the real bold font instead of synthesized bold.

Once this system-font-ness is guaranteed to be preserved between parsing time and font lookup time, we
can safely migrate to using [NSFont systemFontOfSize:weight] instead of [NSFont systemFontOfSize:] on
platforms which support it.

Tests: fast/text/systemFont.html
       fast/css/css2-system-fonts.html
       fast/forms/select/optgroup-rendering.html
       fast/forms/validation-message-appearance.html

* css/CSSParser.cpp:
(WebCore::CSSParser::parseSystemFont): Add a comment regarding why we are bothering with expanding out
the font property in the first place.
* platform/graphics/cocoa/FontCascadeCocoa.mm:
(WebCore::FontCascade::primaryFontIsSystemFont): Update to use new system font tokens.
* platform/graphics/mac/FontCacheMac.mm:
(WebCore::toNSFontWeight): New static method to map font weights to NSFontWeight constants available on
Yosemite and later.
(WebCore::fontWithFamilySpecialCase): Pull all these special-case font token name handling into a
separate function, which returns an Optional.
(WebCore::fontWithFamily):
* platform/mac/ThemeMac.mm:
(WebCore::ThemeMac::controlFont): Use the font token name instead of the generated system font family
name.
* platform/spi/mac/NSFontSPI.h: Add [NSFont systemFontWithSize:weight:] and the proper NSFontWeight
constants.
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::updateCachedSystemFontDescription): Use the font token names instead of the
generated system font family name.
(WebCore::RenderThemeMac::setFontFromControlSize): Ditto.

LayoutTests:

* platform/mac/fast/text/systemFont-expected.txt: Update expectations.
* platform/mac/fast/text/systemFont.html: Update test to include font weights for -apple-system.
* platform/mac/fast/css/css2-system-fonts-expected.txt: Updated to not hardcode the system font family name.
* platform/mac-mavericks/fast/css/css2-system-fonts-expected.txt: Ditto.
* platform/mac/fast/forms/select/optgroup-rendering-expected.txt: Updated to not use synthetic bold.
* platform/mac/fast/forms/validation-message-appearance-expected.txt: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184353 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r184337): [EFL] unresolved reference errors in ARM builds
utatane.tea@gmail.com [Thu, 14 May 2015 21:24:35 +0000 (21:24 +0000)]
REGRESSION (r184337): [EFL] unresolved reference errors in ARM builds
https://bugs.webkit.org/show_bug.cgi?id=145019

Reviewed by Ryosuke Niwa.

Attempt to fix compile errors in EFL ARM buildbots.
By executing `nm`, found JSTemplateRegistryKey.cpp.o and TemplateRegistry.cpp.o have
unresolved reference to Structure::get. That is inlined function in StructureInlines.h.

* runtime/JSTemplateRegistryKey.cpp:
* runtime/TemplateRegistry.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184352 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd internals setting to disable wireless playback availability for layout tests
roger_fong@apple.com [Thu, 14 May 2015 21:19:09 +0000 (21:19 +0000)]
Add internals setting to disable wireless playback availability for layout tests
https://bugs.webkit.org/show_bug.cgi?id=145012.
<rdar://problem/20946504>

Reviewed by Eric Carlson.

* testing/InternalSettings.cpp:
(WebCore::InternalSettings::resetToConsistentState):
(WebCore::InternalSettings::setWirelessPlaybackDisabled):
* testing/InternalSettings.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184351 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSmall refactoring before implementation of the ES6 arrow function.
commit-queue@webkit.org [Thu, 14 May 2015 20:38:43 +0000 (20:38 +0000)]
Small refactoring before implementation of the ES6 arrow function.
https://bugs.webkit.org/show_bug.cgi?id=144954

Patch by Alexandr Skachkov <gskachkov@gmail.com> on 2015-05-14
Reviewed by Ryosuke Niwa.

* parser/Parser.h:
* parser/Parser.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184349 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r184337): ASSERT failed in debug builds for tagged templates
utatane.tea@gmail.com [Thu, 14 May 2015 19:58:00 +0000 (19:58 +0000)]
REGRESSION (r184337): ASSERT failed in debug builds for tagged templates
https://bugs.webkit.org/show_bug.cgi?id=145013

Reviewed by Filip Pizlo.

Fix the regression introduced by r184337.

1. JSTemporaryRegistryKey::s_info should inherit the Base::s_info,
   JSDestructibleObject::s_info.

2. The first register argument of BytecodeGenerator::emitNode
   should be a referenced register if it is a temporary register.

* bytecompiler/NodesCodegen.cpp:
(JSC::TaggedTemplateNode::emitBytecode):
* runtime/JSTemplateRegistryKey.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184347 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoString.prototype.split() should create efficient substrings.
akling@apple.com [Thu, 14 May 2015 19:07:30 +0000 (19:07 +0000)]
String.prototype.split() should create efficient substrings.
<https://webkit.org/b/144985>
<rdar://problem/20949344>

Reviewed by Geoffrey Garen.

Teach split() how to make substring JSStrings instead of relying on StringImpl's
substring sharing mechanism. The optimization works by deferring the construction
of a StringImpl until the substring's value is actually needed.

This knocks ~2MB off of theverge.com by avoiding the extra StringImpl allocations.
Out of ~70000 substrings created by split(), only ~2000 of them get reified.

* runtime/StringPrototype.cpp:
(JSC::jsSubstring):
(JSC::splitStringByOneCharacterImpl):
(JSC::stringProtoFuncSplit):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184346 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoChange range of possible forces for mouseforcechanged DOM event
bdakin@apple.com [Thu, 14 May 2015 18:17:39 +0000 (18:17 +0000)]
Change range of possible forces for mouseforcechanged DOM event
https://bugs.webkit.org/show_bug.cgi?id=144987
-and corresponding-
rdar://problem/20472802

Reviewed by Tim Horton.

Change to a 0-3 range.
Source/WebCore:

* platform/PlatformMouseEvent.h:
* platform/mac/PlatformEventFactoryMac.mm:
(WebCore::PlatformMouseEventBuilder::PlatformMouseEventBuilder):

Source/WebKit2:

* Shared/mac/WebEventFactory.mm:
(WebKit::WebEventFactory::createWebMouseEvent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184345 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoChange the status of ES6 tagged templates to Done in features.json
utatane.tea@gmail.com [Thu, 14 May 2015 18:11:55 +0000 (18:11 +0000)]
Change the status of ES6 tagged templates to Done in features.json
https://bugs.webkit.org/show_bug.cgi?id=145003

Reviewed by Benjamin Poulain.

Now it's implemented in r184337.

* features.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184344 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd String literal overloads to equalIgnoringASCIICase()
mmaxfield@apple.com [Thu, 14 May 2015 17:55:38 +0000 (17:55 +0000)]
Add String literal overloads to equalIgnoringASCIICase()
https://bugs.webkit.org/show_bug.cgi?id=145008

Patch by Myles C. Maxfield <mmaxfield@apple.com> on 2015-05-14
Reviewed by Benjamin Poulain.

Source/WTF:

Create an overload for equalIgnoringASCIICase for string literals.

* wtf/text/StringImpl.h:
(WTF::equalIgnoringASCIICase): Use a non-templated helper function.
* wtf/text/StringImpl.cpp:
(WTF::equalIgnoringASCIICase): Implement it.
* wtf/text/StringView.h:
(WTF::equalIgnoringASCIICase): Use a non-templated helper function.
* wtf/text/StringView.cpp:
(WTF::equalIgnoringASCIICase): Implement it.
* wtf/text/WTFString.h:
(WTF::equalIgnoringASCIICase): Delegate to StringImpl's implementation.

Tools:

Test changes to WTF.

* TestWebKitAPI/Tests/WTF/StringImpl.cpp:
(WTF.StringImplEqualIgnoringASCIICaseBasic): Test const char*.
(WTF.StringImplEqualIgnoringASCIICaseWithLatin1Characters): Ditto.
* TestWebKitAPI/Tests/WTF/StringView.cpp:
(WTF.StringViewEqualIgnoringASCIICaseBasic): Ditto.
(WTF.StringViewEqualIgnoringASCIICaseWithLatin1Characters): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184341 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoIntroduce SymbolType into SpeculativeTypes
utatane.tea@gmail.com [Thu, 14 May 2015 17:36:12 +0000 (17:36 +0000)]
Introduce SymbolType into SpeculativeTypes
https://bugs.webkit.org/show_bug.cgi?id=142651

Reviewed by Filip Pizlo.

Introduce SpecSymbol type into speculative types.
Previously symbol type is categorized into SpecCellOther.
But SpecCellOther is not intended to be used for such cells.

This patch just introduces SpecSymbol.
It represents the type of target value is definitely the symbol type.
It is the part of SpecCell.

In this patch, we do not introduce SymbolUse tracking.
It will be added in the separate patch.

* bytecode/SpeculatedType.cpp:
(JSC::dumpSpeculation):
(JSC::speculationFromStructure):
* bytecode/SpeculatedType.h:
(JSC::isSymbolSpeculation):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::setType):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* tests/stress/typeof-symbol.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184340 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix typo in RenderBox::instrinsicScrollbarLogicalWidth()
rego@igalia.com [Thu, 14 May 2015 16:37:27 +0000 (16:37 +0000)]
Fix typo in RenderBox::instrinsicScrollbarLogicalWidth()
https://bugs.webkit.org/show_bug.cgi?id=144999

Reviewed by Sergio Villar Senin.

Rename RenderBox::instrinsicScrollbarLogicalWidth() to
RenderBox::intrinsicScrollbarLogicalWidth().

No new tests, no behavior changes.

* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::computeIntrinsicLogicalWidths):
* rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths):
* rendering/RenderBox.cpp:
(WebCore::RenderBox::intrinsicScrollbarLogicalWidth):
(WebCore::RenderBox::instrinsicScrollbarLogicalWidth): Deleted.
* rendering/RenderBox.h:
* rendering/RenderDeprecatedFlexibleBox.cpp:
(WebCore::RenderDeprecatedFlexibleBox::computeIntrinsicLogicalWidths):
* rendering/RenderFlexibleBox.cpp:
(WebCore::RenderFlexibleBox::computeIntrinsicLogicalWidths):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184339 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, skip js/regress-141098.html. The fix will be tracked in https://bugs...
fpizlo@apple.com [Thu, 14 May 2015 16:31:23 +0000 (16:31 +0000)]
Unreviewed, skip js/regress-141098.html. The fix will be tracked in https://bugs.webkit.org/show_bug.cgi?id=145007

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184338 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Implement tagged templates
utatane.tea@gmail.com [Thu, 14 May 2015 16:07:54 +0000 (16:07 +0000)]
[ES6] Implement tagged templates
https://bugs.webkit.org/show_bug.cgi?id=143183

Reviewed by Oliver Hunt.

This patch implements ES6 tagged templates.
In tagged templates, the function takes the template object.

The template object contains the raw and cooked template strings,
so when parsing the tagged templates, we need to tokenize the raw and cooked strings.
While tagged templates require the both strings, the template literal only requires
the cooked strings. So when tokenizing under the template literal context,
we only builds the cooked strings.

As per ES6 spec, the template objects for the same raw strings are shared in the same realm.
The template objects is cached. And every time we evaluate the same tagged templates,
the same (cached) template objects are used.
Since the spec freezes this template objects completely,
we cannot attach some properties to it.
So we can say that it behaves as if the template objects are the primitive values (like JSString).
Since we cannot attach properties, the only way to test the identity of the template object is comparing. (===)
As the result, when there is no reference to the template object, we can garbage collect it
because the user has no way to test that the newly created template object does not equal
to the already collected template object.

So, to implement tagged templates, we implement the following components.

1. JSTemplateRegistryKey
It holds the template registry key and it does not exposed to users.
TemplateRegistryKey holds the vector of raw and cooked strings with the pre-computed hash value.
When obtaining the template object for the (statically, a.k.a. at the parsing time) given raw string vectors,
we use this JSTemplateRegistryKey as a key to the map and look up the template object from
TemplateRegistry.
JSTemplateRegistryKey is created at the bytecode compiling time and
stored in the CodeBlock as like as JSString content values.

2. TemplateRegistry
This manages the cached template objects.
It holds the weak map (JSTemplateRegistryKey -> the template object).
The template object is weakly referenced.
So if there is no reference to the template object,
the template object is automatically GC-ed.
When looking up the template object, it searches the cached template object.
If it is found, it is returned to the users.
If there is no cached template objects, it creates the new template object and
stores it with the given template registry key.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::addTemplateRegistryKeyConstant):
(JSC::BytecodeGenerator::emitGetTemplateObject):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::TaggedTemplateNode::emitBytecode):
(JSC::TemplateLiteralNode::emitBytecode): Deleted.
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createTaggedTemplate):
(JSC::ASTBuilder::createTemplateLiteral): Deleted.
* parser/Lexer.cpp:
(JSC::Lexer<T>::setCode):
(JSC::Lexer<T>::parseTemplateLiteral):
(JSC::Lexer<T>::lex):
(JSC::Lexer<T>::scanTrailingTemplateString):
(JSC::Lexer<T>::clear):
* parser/Lexer.h:
(JSC::Lexer<T>::makeEmptyIdentifier):
* parser/NodeConstructors.h:
(JSC::TaggedTemplateNode::TaggedTemplateNode):
(JSC::TemplateLiteralNode::TemplateLiteralNode): Deleted.
* parser/Nodes.h:
(JSC::TemplateLiteralNode::templateStrings):
(JSC::TemplateLiteralNode::templateExpressions):
(JSC::TaggedTemplateNode::templateLiteral):
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseTemplateString):
(JSC::Parser<LexerType>::parseTemplateLiteral):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::parseMemberExpression):
* parser/Parser.h:
* parser/ParserArena.h:
(JSC::IdentifierArena::makeEmptyIdentifier):
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::createTaggedTemplate):
(JSC::SyntaxChecker::createTemplateLiteral): Deleted.
* runtime/CommonIdentifiers.h:
* runtime/JSGlobalObject.cpp:
(JSC::getTemplateObject):
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::init):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::templateRegistry):
* runtime/JSTemplateRegistryKey.cpp: Added.
(JSC::JSTemplateRegistryKey::JSTemplateRegistryKey):
(JSC::JSTemplateRegistryKey::create):
(JSC::JSTemplateRegistryKey::destroy):
* runtime/JSTemplateRegistryKey.h: Added.
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorFreeze):
* runtime/ObjectConstructor.h:
* runtime/TemplateRegistry.cpp: Added.
(JSC::TemplateRegistry::TemplateRegistry):
(JSC::TemplateRegistry::getTemplateObject):
* runtime/TemplateRegistry.h: Added.
* runtime/TemplateRegistryKey.h: Added.
(JSC::TemplateRegistryKey::isDeletedValue):
(JSC::TemplateRegistryKey::isEmptyValue):
(JSC::TemplateRegistryKey::hash):
(JSC::TemplateRegistryKey::rawStrings):
(JSC::TemplateRegistryKey::cookedStrings):
(JSC::TemplateRegistryKey::operator==):
(JSC::TemplateRegistryKey::operator!=):
(JSC::TemplateRegistryKey::Hasher::hash):
(JSC::TemplateRegistryKey::Hasher::equal):
(JSC::TemplateRegistryKey::TemplateRegistryKey):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
* tests/stress/tagged-templates-identity.js: Added.
(shouldBe):
* tests/stress/tagged-templates-raw-strings.js: Added.
(shouldBe):
(tag):
(testEval):
* tests/stress/tagged-templates-syntax.js: Added.
(tag):
(testSyntax):
(testSyntaxError):
* tests/stress/tagged-templates-template-object.js: Added.
(shouldBe):
(tag):
* tests/stress/tagged-templates-this.js: Added.
(shouldBe):
(tag):
* tests/stress/tagged-templates.js: Added.
(shouldBe):
(raw):
(cooked):
(Counter):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184337 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Current time marker is always at zero in Rendering Frames ruler
mattbaker@apple.com [Thu, 14 May 2015 15:33:12 +0000 (15:33 +0000)]
Web Inspector: Current time marker is always at zero in Rendering Frames ruler
https://bugs.webkit.org/show_bug.cgi?id=144518

Reviewed by Timothy Hatcher.

The current and end time values for the rendering frame timeline overview should always be equal to the frame
number of the last record in the rendering frames timeline.

* UserInterface/Views/TimelineOverview.js:
(WebInspector.TimelineOverview):
(WebInspector.TimelineOverview.prototype.updateLayout):
* UserInterface/Views/TimelineRecordingContentView.js:
(WebInspector.TimelineRecordingContentView.prototype._updateTimes):
(WebInspector.TimelineRecordingContentView.prototype._recordingTimesUpdated):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184336 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Enable plugin-related CMake options and variables for the X11 target only
zandobersek@gmail.com [Thu, 14 May 2015 10:52:20 +0000 (10:52 +0000)]
[GTK] Enable plugin-related CMake options and variables for the X11 target only
https://bugs.webkit.org/show_bug.cgi?id=144995

Reviewed by Carlos Garcia Campos.

* Source/cmake/OptionsGTK.cmake: Plugins are only supported for
the X11 windowing target at the moment, so the following options
and variables should be enabled or disabled accordingly:
- ENABLE_PLUGIN_PROCESS_GTK2
- ENABLE_NETSCAPE_PLUGIN_API
- ENABLE_PLUGIN_PROCESS

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184335 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Add missing ENABLE(NETSCAPE_PLUGIN_API) build guards
zandobersek@gmail.com [Thu, 14 May 2015 09:33:54 +0000 (09:33 +0000)]
[GTK] Add missing ENABLE(NETSCAPE_PLUGIN_API) build guards
https://bugs.webkit.org/show_bug.cgi?id=144994

Reviewed by Carlos Garcia Campos.

This fixes the build when configured with Netscape plugin API
support disabled.

* UIProcess/API/gtk/WebKitWebContext.cpp:
(webkit_web_context_set_additional_plugins_directory):
(webkitWebContextGetPluginThread):
* UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:
(WebKit::ProcessLauncher::launchProcess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184334 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] RunLoop constructor should properly retrieve or establish the thread-default...
zandobersek@gmail.com [Thu, 14 May 2015 09:32:49 +0000 (09:32 +0000)]
[GTK] RunLoop constructor should properly retrieve or establish the thread-default GMainContext
https://bugs.webkit.org/show_bug.cgi?id=144732

Reviewed by Carlos Garcia Campos.

RunLoop constructor in the GTK implementation should use the
existing thread-default context, create a new one if not on
the main thread, or use the global-default one if on the main
thread.

In RunLoop::run(), the GMainContext should then be pushed as
the thread-default before calling g_main_loop_run(), and popped
off when the main loop stops.

* wtf/gtk/RunLoopGtk.cpp:
(WTF::RunLoop::RunLoop):
(WTF::RunLoop::run):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184333 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[EFL] Unskip passing AX tests since r184198
gyuyoung.kim@webkit.org [Thu, 14 May 2015 07:59:14 +0000 (07:59 +0000)]
[EFL] Unskip passing AX tests since r184198

Unreviewed EFL gardening.

* platform/efl/TestExpectations: Two AX tests have been passed since r184198.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184332 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSharedBuffer::createWithContentsOfFile should use map file routines
youenn.fablet@crf.canon.fr [Thu, 14 May 2015 07:57:52 +0000 (07:57 +0000)]
SharedBuffer::createWithContentsOfFile should use map file routines
https://bugs.webkit.org/show_bug.cgi?id=144192

Reviewed by Darin Adler.

Source/WebCore:

Made use of mmap routines within SharedBuffer::createWithContentsOfFile for EFL, GTK and Mac ports.
If mapping is failing, it falls back to the previous version of SharedBuffer::createWithContentsOfFile renamed as
SharedBuffer::createFromReadingFile (using open/read method).
File content is mapped until SharedBuffer is cleared, destroyed or additional content is appended to the SharedBuffer.

A helper class, MappedFileData, is introduced to handle mapped files through calls to open/mmap/munmap/close.

Patch covered by existing layout tests and added unit tests.

* platform/FileSystem.cpp:
(WebCore::MappedFileData::MappedFileData):
(WebCore::MappedFileData::operator=):
(WebCore::MappedFileData::~MappedFileData):
* platform/FileSystem.h:
(WebCore::MappedFileData::MappedFileData):
(WebCore::MappedFileData::operator bool):
(WebCore::MappedFileData::data):
(WebCore::MappedFileData::size):
* platform/SharedBuffer.cpp:
(WebCore::SharedBuffer::SharedBuffer):
(WebCore::SharedBuffer::createWithContentsOfFile): Making use of MappedFileData before using createFromReadingFile.
(WebCore::SharedBuffer::size): Checking whether data is coming from a MappedFileData.
(WebCore::SharedBuffer::data): Ditto.
(WebCore::SharedBuffer::append): Ditto.
(WebCore::SharedBuffer::clear): Clearing MappedFileData if needed.
(WebCore::SharedBuffer::copy): Transferring mapped data to buffer if needed.
(WebCore::SharedBuffer::getSomeData):
(WebCore::SharedBuffer::maybeTransferMappedFileData):
* platform/SharedBuffer.h:
* platform/gtk/SharedBufferGtk.cpp:
(WebCore::SharedBuffer::createFromReadingFile): renamed from createWithContentsOfFile.
* platform/mac/SharedBufferMac.mm:
(WebCore::SharedBuffer::createFromReadingFile): Dito.
* platform/posix/SharedBufferPOSIX.cpp:
(WebCore::SharedBuffer::createFromReadingFile): Ditto.
* platform/win/SharedBufferWin.cpp:
(WebCore::SharedBuffer::createFromReadingFile): Ditto.

Tools:

Adding SharedBuffer and FileSystem Unit tests to Mac and GTK, not yet for EFL.

* TestWebKitAPI/PlatformGTK.cmake:
* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebCore/FileSystem.cpp: Added.
(TestWebKitAPI::FileSystemTest::tempFilePath):
(TestWebKitAPI::FileSystemTest::tempEmptyFilePath):
(TestWebKitAPI::TEST_F):
* TestWebKitAPI/Tests/WebCore/SharedBuffer.cpp: Added.
(TestWebKitAPI::SharedBufferTest::tempFilePath):
(TestWebKitAPI::SharedBufferTest::tempEmptyFilePath):
(TestWebKitAPI::TEST_F):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184331 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[SOUP] Network Cache: NetworkProcess segfault when file system doesn't support xattrs
carlosgc@webkit.org [Thu, 14 May 2015 05:59:14 +0000 (05:59 +0000)]
[SOUP] Network Cache: NetworkProcess segfault when file system doesn't support xattrs
https://bugs.webkit.org/show_bug.cgi?id=144953

Reviewed by Martin Robinson.

Return early if we fail to get the birthtime xattr.

* NetworkProcess/cache/NetworkCacheFileSystemPosix.h:
(WebKit::NetworkCache::fileTimes):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184330 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoGet the ScriptController from the correct frame for media elements and plug-ins
simon.fraser@apple.com [Thu, 14 May 2015 05:10:55 +0000 (05:10 +0000)]
Get the ScriptController from the correct frame for media elements and plug-ins
https://bugs.webkit.org/show_bug.cgi?id=144983
rdar://problem/20692642&19943135

Reviewed by Sam Weinig.

HTMLMediaElement, QuickTimePluginReplacement and HTMLPlugInImageElement were
getting the main frame's ScriptController instead of the one for their frame.
This caused media controls JS to be running in the context of the main frame,
which broke media controls which use getCSSCanvasContext() and -webkit-canvas.

Fix by getting the frame via the element's document.

Also undo r180584 which was working around this bug.

* Modules/mediacontrols/mediaControlsiOS.js:
(ControllerIOS.prototype.drawTimelineBackground):
* Modules/plugins/QuickTimePluginReplacement.mm:
(WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected):
(WebCore::QuickTimePluginReplacement::installReplacement):
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::updateCaptionContainer):
(WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::pageScaleFactorChanged):
* html/HTMLPlugInImageElement.cpp:
(WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184329 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r180595): same-callee profiling no longer works
rniwa@webkit.org [Thu, 14 May 2015 04:19:18 +0000 (04:19 +0000)]
REGRESSION(r180595): same-callee profiling no longer works
https://bugs.webkit.org/show_bug.cgi?id=144787

Reviewed by Filip Pizlo.

This patch introduces a DFG optimization to use NewObject node when the callee of op_create_this is
always the same JSFunction. This condition doesn't hold when the byte code creates multiple
JSFunction objects at runtime as in: function y() { return function () {} }; new y(); new y();

To enable this optimization, LLint and baseline JIT now store the last callee we saw in the newly
added fourth operand of op_create_this. We use this JSFunction's structure in DFG after verifying
our speculation that the callee is the same. To avoid recompiling the same code for different callee
objects in the polymorphic case, the special value of seenMultipleCalleeObjects() is set in
LLint and baseline JIT when multiple callees are observed.

Tests: stress/create-this-with-callee-variants.js

* bytecode/BytecodeList.json: Increased the number of operands to 5.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode): Dump the newly added callee cache.
(JSC::CodeBlock::finalizeUnconditionally): Clear the callee cache if the callee is no longer alive.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCreateThis): Add the instruction to propertyAccessInstructions so that
we can clear the callee cache in CodeBlock::finalizeUnconditionally. Also initialize the newly added
operand.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock): Implement the optimization. Speculate the actual callee to
match the cache. Use the cached callee's structure if the speculation succeeds. Otherwise, OSR exit.
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_create_this): Go to the slow path to update the cache unless it's already marked
as seenMultipleCalleeObjects() to indicate the polymorphic behavior and/or we've OSR exited here.
(JSC::JIT::emitSlow_op_create_this):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_create_this): Ditto.
(JSC::JIT::emitSlow_op_create_this):
* llint/LowLevelInterpreter32_64.asm:
(_llint_op_create_this): Ditto.
* llint/LowLevelInterpreter64.asm:
(_llint_op_create_this): Ditto.
* runtime/CommonSlowPaths.cpp:
(slow_path_create_this): Set the callee cache to the actual callee if it's not set. If the cache has
been set to a JSFunction* different from the actual callee, set it to seenMultipleCalleeObjects().
* runtime/JSCell.h:
(JSC::JSCell::seenMultipleCalleeObjects): Added.
* runtime/WriteBarrier.h:
(JSC::WriteBarrierBase::unvalidatedGet): Removed the compile guard around it.
* tests/stress/create-this-with-callee-variants.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184328 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix trivial typos in ApplyBlockElementCommand
commit-queue@webkit.org [Thu, 14 May 2015 04:07:45 +0000 (04:07 +0000)]
Fix trivial typos in ApplyBlockElementCommand
https://bugs.webkit.org/show_bug.cgi?id=144984

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-13
Reviewed by Alexey Proskuryakov.

No new tests, no behavior change.

* editing/ApplyBlockElementCommand.cpp:
(WebCore::ApplyBlockElementCommand::formatSelection):
(WebCore::ApplyBlockElementCommand::endOfNextParagraphSplittingTextNodesIfNeeded):
(WebCore::ApplyBlockElementCommand::endOfNextParagrahSplittingTextNodesIfNeeded): Deleted.
* editing/ApplyBlockElementCommand.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184327 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRename ProcessThrottlerClient::{send, cancel}ProcessWillSuspend() to {send, cancel...
dbates@webkit.org [Thu, 14 May 2015 03:07:25 +0000 (03:07 +0000)]
Rename ProcessThrottlerClient::{send, cancel}ProcessWillSuspend() to {send, cancel}PrepareToSuspend()
https://bugs.webkit.org/show_bug.cgi?id=144619
<rdar://problem/20812779>

Reviewed by Andy Estes.

The names of the functions ProcessThrottlerClient::{send, cancel}ProcessWillSuspend() are misnomers. These
functions are called when the ProcessThrottler wants to prepare the process that it manages for suspension
and changes its mind, respectively. That is, these functions do not actually correspond to the OS decision
to suspend a process or cancel the suspension of a process, respectively. So, rename these functions and
associated {Network, Web}ProcessProxy message names to better describe their purpose.

* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::prepareToSuspend):
(WebKit::NetworkProcess::cancelPrepareToSuspend):
(WebKit::NetworkProcess::processWillSuspend): Deleted.
(WebKit::NetworkProcess::cancelProcessWillSuspend): Deleted.
* NetworkProcess/NetworkProcess.h:
* NetworkProcess/NetworkProcess.messages.in:
* UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::sendPrepareToSuspend):
(WebKit::NetworkProcessProxy::sendCancelPrepareToSuspend):
(WebKit::NetworkProcessProxy::sendProcessWillSuspend): Deleted.
(WebKit::NetworkProcessProxy::sendCancelProcessWillSuspend): Deleted.
* UIProcess/Network/NetworkProcessProxy.h:
* UIProcess/ProcessThrottler.cpp:
(WebKit::ProcessThrottler::updateAssertion):
* UIProcess/ProcessThrottlerClient.h:
* UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcess::actualPrepareToSuspend): Formerly named prepareToSuspend.
(WebKit::WebProcessProxy::sendPrepareToSuspend):
(WebKit::WebProcessProxy::sendCancelPrepareToSuspend):
(WebKit::WebProcessProxy::sendProcessWillSuspend): Deleted.
(WebKit::WebProcessProxy::sendCancelProcessWillSuspend): Deleted.
* UIProcess/WebProcessProxy.h:
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::prepareToSuspend):
(WebKit::WebProcess::cancelPrepareToSuspend):
(WebKit::WebProcess::processWillSuspend): Deleted.
(WebKit::WebProcess::cancelProcessWillSuspend): Deleted.
* WebProcess/WebProcess.h:
* WebProcess/WebProcess.messages.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184326 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoClean up some possible RefPtr to PassRefPtr churn
commit-queue@webkit.org [Thu, 14 May 2015 01:34:08 +0000 (01:34 +0000)]
Clean up some possible RefPtr to PassRefPtr churn
https://bugs.webkit.org/show_bug.cgi?id=144779

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-05-13
Reviewed by Darin Adler.

* runtime/GenericTypedArrayViewInlines.h:
(JSC::GenericTypedArrayView<Adaptor>::create):
(JSC::GenericTypedArrayView<Adaptor>::createUninitialized):
* runtime/JSArrayBufferConstructor.cpp:
(JSC::constructArrayBuffer):
* runtime/Structure.cpp:
(JSC::Structure::toStructureShape):
* runtime/TypedArrayBase.h:
(JSC::TypedArrayBase::create):
(JSC::TypedArrayBase::createUninitialized):
* tools/FunctionOverrides.cpp:
(JSC::initializeOverrideInfo):
Release the last use of a RefPtr as it is passed on.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184325 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoES6: Allow duplicate property names
commit-queue@webkit.org [Thu, 14 May 2015 01:32:25 +0000 (01:32 +0000)]
ES6: Allow duplicate property names
https://bugs.webkit.org/show_bug.cgi?id=142895

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-05-13
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Introduce new `op_put_getter_by_id` and `op_put_setter_by_id` opcodes
that will define a single getter or setter property on an object.

The existing `op_put_getter_setter` opcode is still preferred for
putting both a getter and setter at the same time but cannot be used
for putting an individual getter or setter which is needed in
some cases.

Add a new slow path when generating bytecodes for a property list
with computed properties, as computed properties are the only time
the list of properties cannot be determined statically.

* bytecompiler/NodesCodegen.cpp:
(JSC::PropertyListNode::emitBytecode):
- fast path for all constant properties
- slow but paired getter/setter path if there are no computed properties
- slow path, individual put operation for every property, if there are computed properties

* parser/Nodes.h:
Distinguish a Computed property from a Constant property.

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseProperty):
(JSC::Parser<LexerType>::parsePropertyMethod):
Distingish Computed and Constant properties.

(JSC::Parser<LexerType>::parseObjectLiteral):
When we drop into strict mode it is because we saw a getter
or setter, so be more explicit.

(JSC::Parser<LexerType>::parseStrictObjectLiteral):
Eliminate duplicate property syntax error exception.

* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::getName):
* parser/ASTBuilder.h:
(JSC::ASTBuilder::getName): Deleted.
No longer used.

* runtime/JSObject.h:
(JSC::JSObject::putDirectInternal):
When updating a property. If the Accessor attribute changed
update the Structure.

* runtime/JSObject.cpp:
(JSC::JSObject::putGetter):
(JSC::JSObject::putSetter):
Called by the opcodes, just perform the same operation that
__defineGetter__ or __defineSetter__ would do.

(JSC::JSObject::putDirectNonIndexAccessor):
This transition is now handled in putDirectInternal.

* runtime/Structure.h:
Add needed export.

* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitPutGetterById):
(JSC::BytecodeGenerator::emitPutSetterById):
* bytecompiler/BytecodeGenerator.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITInlines.h:
(JSC::JIT::callOperation):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
New bytecodes. Modelled after existing op_put_getter_setter.

LayoutTests:

* js/object-literal-duplicate-properties-expected.txt: Added.
* js/object-literal-duplicate-properties.html: Added.
* js/script-tests/object-literal-duplicate-properties.js: Added.
Include a new test all about testing duplicate property names
and their expected cascading results.

* ietestcenter/Javascript/11.1.5_4-4-b-1-expected.txt:
* ietestcenter/Javascript/11.1.5_4-4-b-2-expected.txt:
* ietestcenter/Javascript/11.1.5_4-4-c-1-expected.txt:
* ietestcenter/Javascript/11.1.5_4-4-c-2-expected.txt:
* ietestcenter/Javascript/11.1.5_4-4-d-1-expected.txt:
* ietestcenter/Javascript/11.1.5_4-4-d-2-expected.txt:
* ietestcenter/Javascript/11.1.5_4-4-d-3-expected.txt:
* ietestcenter/Javascript/11.1.5_4-4-d-4-expected.txt:
ES5 behavior for duplciate properties has changed.

* js/mozilla/strict/11.1.5-expected.txt:
* js/object-literal-syntax-expected.txt:
* js/script-tests/object-literal-syntax.js:
Update other tests and values now that duplicate properties
are allowed, and their cascade order behaves correctly.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184324 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESION (r179958): Crash in WebCore::DocumentLoader::detachFromFrame when -[id...
ddkilzer@apple.com [Thu, 14 May 2015 01:21:03 +0000 (01:21 +0000)]
REGRESION (r179958): Crash in WebCore::DocumentLoader::detachFromFrame when -[id<WebPolicyDelegate> decidePolicyForMIMEType:request:frame:decisionListener:] fails to call -[id<WebPolicyDecisionListener> download|ignore|use]
<http://webkit.org/b/144975>

Reviewed by Andy Estes.

This change reverts r179958.  It changes RELEASE_ASSERT*()
statements back to Debug-only ASSERT*() statements.

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::~DocumentLoader):
(WebCore::DocumentLoader::continueAfterContentPolicy):
(WebCore::DocumentLoader::detachFromFrame):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184323 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCreating a new blank document in icloud pages causes an AI error: Abstract value...
fpizlo@apple.com [Wed, 13 May 2015 23:57:17 +0000 (23:57 +0000)]
Creating a new blank document in icloud pages causes an AI error: Abstract value (CellBytecodedoubleBoolOther, TOP, TOP) for double node has type outside SpecFullDouble.
https://bugs.webkit.org/show_bug.cgi?id=144856

Reviewed by Benjamin Poulain.

First I made fixTypeForRepresentation() print out better diagnostics when it dies.

Then I fixed the bug: Node::convertToIdentityOn(Node*) needs to make sure that when it
converts to a representation-changing node, it needs to use one of the UseKinds that such
a node expects. For example, DoubleRep(UntypedUse:) doesn't make sense; it needs to be
something like DoubleRep(NumberUse:) since it will speculate that the input is a number.

* dfg/DFGAbstractInterpreter.h:
(JSC::DFG::AbstractInterpreter::setBuiltInConstant):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::fixTypeForRepresentation):
* dfg/DFGAbstractValue.h:
* dfg/DFGInPlaceAbstractState.cpp:
(JSC::DFG::InPlaceAbstractState::initialize):
* dfg/DFGNode.cpp:
(JSC::DFG::Node::convertToIdentityOn):
* tests/stress/cloned-arguments-get-by-val-double-array.js: Added.
(foo):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184318 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r184313.
commit-queue@webkit.org [Wed, 13 May 2015 23:33:10 +0000 (23:33 +0000)]
Unreviewed, rolling out r184313.
https://bugs.webkit.org/show_bug.cgi?id=144974

Introduced an assertion failure in class-syntax-
declaration.js, class-syntax-expression.js, and object-
literal-syntax.js (Requested by rniwa on #webkit).

Reverted changeset:

"Small refactoring before ES6 Arrow function implementation."
https://bugs.webkit.org/show_bug.cgi?id=144954
http://trac.webkit.org/changeset/184313

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184317 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSource/JavaScriptCore:
oliver@apple.com [Wed, 13 May 2015 23:18:56 +0000 (23:18 +0000)]
Source/JavaScriptCore:
Ensure that all the smart pointer types in WTF clear their pointer before deref
https://bugs.webkit.org/show_bug.cgi?id=143789

Reviewed by Ryosuke Niwa.

One of the simpler cases of this in JavaScriptCore. There
are other cases where we need to guard the derefs but they
are more complex cases.

* inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::releaseImpl):
* inspector/JSJavaScriptCallFrame.cpp:
(Inspector::JSJavaScriptCallFrame::releaseImpl):

Source/WTF:
       Ensure that all the smart pointer types in WTF clear their pointer before deref
       https://bugs.webkit.org/show_bug.cgi?id=143789

       Reviewed by Ryosuke Niwa.

       In order to prevent use after free bugs caused by destructors
       that end up trying to access the smart pointer itself, we should
       make sure we always clear the m_ptr field before calling deref.

       Essentially the UaF path is:
       struct Foo : RefCounted<Foo> {
 Wibble* m_wibble;
 void doSomething();
 ~Foo() { m_wibble->doSomethingLikeCleanup(); }
       };

       struct Wibble {
 void doSomethingLikeCleanup()
 {
   if (m_foo) {
       /* if this branch is not here we get a null deref */
       m_foo->doSomething();
   }
 }
 void replaceFoo(Foo* foo) { m_foo = foo; }
 RefPtr<Foo> m_foo;
       };

       Wibble* someWibble = /* a Wibble with m_foo->m_refCount == 1 */;
                    /* and m_foo points to someWibble       */;

       someWibble->replaceFoo(someOtherFoo);
       + someWibble->m_foo->m_ptr->deref();
 + someWibble->m_foo->m_ptr->~Foo()
   + someWibble->m_foo->m_ptr->m_wibble->doSomethingLikeCleanup()
     + someWibble->m_foo->m_ptr->m_wibble /* someWibble */ ->m_foo->m_ptr /*logically dead*/ ->doSomething()

       By clearing m_ptr first we either force a null pointer deref or
       we force our code down a path that does not use the dead smart
       pointer.

       * wtf/PassRefPtr.h:
       (WTF::PassRefPtr::~PassRefPtr):
       * wtf/Ref.h:
       (WTF::Ref::~Ref):
       (WTF::Ref::operator=):
       * wtf/RefPtr.h:
       (WTF::RefPtr::~RefPtr):
       * wtf/RetainPtr.h:
       (WTF::RetainPtr::~RetainPtr):
       (WTF::RetainPtr<T>::clear):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184316 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCached CSS image resources don't show up after reloading <http://nightly.webkit.org...
antti@apple.com [Wed, 13 May 2015 23:09:13 +0000 (23:09 +0000)]
Cached CSS image resources don't show up after reloading <nightly.webkit.org/start/>
https://bugs.webkit.org/show_bug.cgi?id=144952
Source/WebCore:

rdar://problem/13387307

Reviewed by Oliver Hunt.

This is a symptom of a general problem that we don't revalidate subresources of cached parsed stylesheets.

Fix by tightening the check we perform when choosing to used the cached sheet. If there are expired subresources
we reparse the sheet.

Test: http/tests/cache/stylesheet-sharing.html

* css/CSSCrossfadeValue.cpp:
(WebCore::CSSCrossfadeValue::traverseSubresources):
(WebCore::CSSCrossfadeValue::hasFailedOrCanceledSubresources): Deleted.

    Replace hasFailedOrCanceledSubresources with general purpose subresource traversal functions.

* css/CSSCrossfadeValue.h:
* css/CSSFilterImageValue.cpp:
(WebCore::CSSFilterImageValue::traverseSubresources):
(WebCore::CSSFilterImageValue::hasFailedOrCanceledSubresources): Deleted.
* css/CSSFilterImageValue.h:
* css/CSSFontFaceSrcValue.cpp:
(WebCore::CSSFontFaceSrcValue::traverseSubresources):
(WebCore::CSSFontFaceSrcValue::hasFailedOrCanceledSubresources): Deleted.
* css/CSSFontFaceSrcValue.h:
* css/CSSImageSetValue.cpp:
(WebCore::CSSImageSetValue::traverseSubresources):
(WebCore::CSSImageSetValue::hasFailedOrCanceledSubresources): Deleted.
* css/CSSImageSetValue.h:
* css/CSSImageValue.cpp:
(WebCore::CSSImageValue::traverseSubresources):
(WebCore::CSSImageValue::hasFailedOrCanceledSubresources): Deleted.
* css/CSSImageValue.h:
* css/CSSValue.cpp:
(WebCore::CSSValue::traverseSubresources):
(WebCore::CSSValue::hasFailedOrCanceledSubresources): Deleted.
* css/CSSValue.h:
* css/CSSValueList.cpp:
(WebCore::CSSValueList::traverseSubresources):
(WebCore::CSSValueList::hasFailedOrCanceledSubresources): Deleted.
* css/CSSValueList.h:
* css/StyleProperties.cpp:
(WebCore::StyleProperties::traverseSubresources):
(WebCore::StyleProperties::hasFailedOrCanceledSubresources): Deleted.
* css/StyleProperties.h:
* css/StyleSheetContents.cpp:
(WebCore::traverseSubresourcesInRules):
(WebCore::StyleSheetContents::traverseSubresources):
(WebCore::StyleSheetContents::subresourcesAllowReuse):

    Disallow reuse if there are expired subresources.

(WebCore::StyleSheetContents::isLoadingSubresources):

    Testing support.

(WebCore::childRulesHaveFailedOrCanceledSubresources): Deleted.
(WebCore::StyleSheetContents::hasFailedOrCanceledSubresources): Deleted.
* css/StyleSheetContents.h:
(WebCore::StyleSheetContents::loadCompleted):
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::setCSSStyleSheet):
* loader/cache/CachedCSSStyleSheet.cpp:
(WebCore::CachedCSSStyleSheet::restoreParsedStyleSheet):
* loader/cache/CachedCSSStyleSheet.h:
* loader/cache/CachedImage.cpp:
(WebCore::CachedImage::makeRevalidationDecision):
(WebCore::CachedImage::mustRevalidateDueToCacheHeaders): Deleted.

    Move the logging code out from this function (it requires frame access this function doesn't otherwise need)
    and refactor to return a decision enum.

* loader/cache/CachedImage.h:
* loader/cache/CachedResource.cpp:
(WebCore::CachedResource::makeRevalidationDecision):
(WebCore::logResourceRevalidationReason): Deleted.
(WebCore::CachedResource::mustRevalidateDueToCacheHeaders): Deleted.
* loader/cache/CachedResource.h:
(WebCore::CachedResource::loadFailedOrCanceled):
* loader/cache/CachedResourceLoader.cpp:
(WebCore::logRevalidation):
(WebCore::logResourceRevalidationDecision):
(WebCore::CachedResourceLoader::determineRevalidationPolicy):

    Move logging here.

* testing/Internals.cpp:
(WebCore::Internals::isSharingStyleSheetContents):
(WebCore::Internals::isStyleSheetLoadingSubresources):
* testing/Internals.h:
* testing/Internals.idl:

LayoutTests:

Reviewed by Oliver Hunt.

* http/tests/cache/resources/non-shareable.css: Added.
(#foo):
(#bar):
(#test1):
(#test2):
* http/tests/cache/resources/shareable.css: Added.
(#foo):
(#bar):
(#test1):
(#test2):
* http/tests/cache/resources/stylesheet-html.php: Added.
* http/tests/cache/stylesheet-sharing-expected.txt: Added.
* http/tests/cache/stylesheet-sharing.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184315 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Content Extensions] Test interactions between multiple extensions and multiple domains.
commit-queue@webkit.org [Wed, 13 May 2015 22:27:37 +0000 (22:27 +0000)]
[Content Extensions] Test interactions between multiple extensions and multiple domains.
https://bugs.webkit.org/show_bug.cgi?id=144967

Patch by Alex Christensen <achristensen@webkit.org> on 2015-05-13
Reviewed by Benjamin Poulain.

* DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:
Xcode wanted to fix an alphabetization issue.
* TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:
(TestWebKitAPI::TEST_F):
Test interactions that worked but were not explicitly tested before.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184314 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSmall refactoring before ES6 Arrow function implementation.
commit-queue@webkit.org [Wed, 13 May 2015 22:23:52 +0000 (22:23 +0000)]
Small refactoring before ES6 Arrow function implementation.
https://bugs.webkit.org/show_bug.cgi?id=144954

Patch by Alexandr Skachkov <gskachkov@gmail.com> on 2015-05-13
Reviewed by Filip Pizlo.

* parser/Parser.h:
* parser/Parser.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184313 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[CoordinatedGraphics] Remove scaleFactor from SurfaceUpdateInfo
ryuan.choi@navercorp.com [Wed, 13 May 2015 22:16:57 +0000 (22:16 +0000)]
[CoordinatedGraphics] Remove scaleFactor from SurfaceUpdateInfo
https://bugs.webkit.org/show_bug.cgi?id=144935

Reviewed by Darin Adler.

The members of SurfaceUpdateInfo are only used to update tile except scaleFactor.
So, this patch removes scaleFactor from SurfaceUpdateInfo.
In addition, removes unnecessary parameters in createTile()

No new tests because there is no behavior change.

* platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
(WebCore::CoordinatedGraphicsLayer::createTile):
* platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
* platform/graphics/texmap/coordinated/CoordinatedTile.cpp:
(WebCore::CoordinatedTile::updateBackBuffer):
* platform/graphics/texmap/coordinated/CoordinatedTile.h:
* platform/graphics/texmap/coordinated/SurfaceUpdateInfo.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184312 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoThe liveness pruning done by ObjectAllocationSinkingPhase ignores the possibility...
fpizlo@apple.com [Wed, 13 May 2015 22:14:25 +0000 (22:14 +0000)]
The liveness pruning done by ObjectAllocationSinkingPhase ignores the possibility of an object's bytecode liveness being longer than its DFG liveness
https://bugs.webkit.org/show_bug.cgi?id=144945

Reviewed by Michael Saboff.

We were making the mistake of using DFG liveness for object allocation sinking decisions.
This is wrong. In fact we almost never want to use DFG liveness directly. The only place
where that makes sense is pruning in DFG AI.

So, I created a CombinedLiveness class that combines the DFG liveness with bytecode
liveness.

In the process of doing this, I realized that the DFGForAllKills definition of combined
liveness at block tail was not strictly right; it was using the bytecode liveness at the
block terminal instead of the union of the bytecode live-at-heads of successor blocks. So,
I changed DFGForAllKills to work in terms of CombinedLiveness.

This allows me to unskip the test I added in r184260. I also added a new test that tries to
trigger this bug more directly.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGArgumentsEliminationPhase.cpp:
* dfg/DFGCombinedLiveness.cpp: Added.
(JSC::DFG::liveNodesAtHead):
(JSC::DFG::CombinedLiveness::CombinedLiveness):
* dfg/DFGCombinedLiveness.h: Added.
(JSC::DFG::CombinedLiveness::CombinedLiveness):
* dfg/DFGForAllKills.h:
(JSC::DFG::forAllKillsInBlock):
(JSC::DFG::forAllLiveNodesAtTail): Deleted.
* dfg/DFGObjectAllocationSinkingPhase.cpp:
(JSC::DFG::ObjectAllocationSinkingPhase::performSinking):
(JSC::DFG::ObjectAllocationSinkingPhase::determineMaterializationPoints):
(JSC::DFG::ObjectAllocationSinkingPhase::placeMaterializationPoints):
(JSC::DFG::ObjectAllocationSinkingPhase::promoteSunkenFields):
* tests/stress/escape-object-in-diamond-then-exit.js: Added.
* tests/stress/sink-object-past-invalid-check-sneaky.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184311 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDon't create a per-pool data store when using the modern API
andersca@apple.com [Wed, 13 May 2015 22:07:09 +0000 (22:07 +0000)]
Don't create a per-pool data store when using the modern API
https://bugs.webkit.org/show_bug.cgi?id=144963
rdar://problem/20331756

Reviewed by Tim Horton.

* UIProcess/API/APIProcessPoolConfiguration.cpp:
(API::ProcessPoolConfiguration::createWithLegacyOptions):
(API::ProcessPoolConfiguration::copy):
* UIProcess/API/APIProcessPoolConfiguration.h:
Keep track of whether the process pool should have a data store.

* UIProcess/API/C/WKContext.cpp:
(WKContextGetWebsiteDataStore):
* UIProcess/WebKeyValueStorageManager.cpp:
(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):
(WebKit::WebKeyValueStorageManager::getStorageDetailsByOrigin):
(WebKit::WebKeyValueStorageManager::deleteEntriesForOrigin):
(WebKit::WebKeyValueStorageManager::deleteAllEntries):
Update now that WebProcessPool::dataStore() no longer returns a reference.

* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::WebProcessPool):
Only create a data store if the configuration states that we should.

* UIProcess/WebProcessPool.h:
Change dataStore() to return a pointer instead of a reference.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184310 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModernize ContainerNode::childElementCount
commit-queue@webkit.org [Wed, 13 May 2015 22:06:45 +0000 (22:06 +0000)]
Modernize ContainerNode::childElementCount
https://bugs.webkit.org/show_bug.cgi?id=144930

Patch by Sam Weinig <sam@webkit.org> on 2015-05-13
Reviewed by Darin Adler.

* dom/ContainerNode.cpp:
(WebCore::ContainerNode::childElementCount):
Use std::distance to compute the number of child elements.

* dom/ElementChildIterator.h:
Add typedefs to make the child element iterators conform STL standards.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184309 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r183770): Crash inside WebEditorClient::shouldApplyStyle when applying...
rniwa@webkit.org [Wed, 13 May 2015 21:58:41 +0000 (21:58 +0000)]
REGRESSION(r183770): Crash inside WebEditorClient::shouldApplyStyle when applying underline
https://bugs.webkit.org/show_bug.cgi?id=144949
Source/WebCore:

<rdar://problem/20895753>

Reviewed by Darin Adler.

The crash was caused by the variant of applyStyleToSelection that takes EditingStyle passing
a null pointer to shouldApplyStyle when we're only applying text decoration changes so that
m_mutableStyle in the editing style is null. This didn't reproduce in execCommand since we
wouldn't call shouldApplyStyle in that case. It didn't reproduce in my manual testing because
font panel also sets text shadow, which ends up filling up m_mutableStyle.

Fixed the bug by creating a mutable style properties when one is not provided by EditingStyle.
Also fixed the "FIXME" in the function by converting text decoration changes to a corresponding
text decoration value. The values passed to shouldApplyStyle now matches the old behavior prior
to r183770.

Test: editing/style/underline-by-user.html

* editing/EditingStyle.cpp:
(WebCore::EditingStyle::styleWithResolvedTextDecorations): Added.
* editing/EditingStyle.h:
* editing/Editor.cpp:
(WebCore::Editor::applyStyleToSelection): Use styleWithResolvedTextDecorations to avoid the crash.

LayoutTests:

Reviewed by Darin Adler.

Added a test that emulates underlining of text by the user. Unlike document.execCommand,
testRunner.execCommand simulates a user initiated editing command and therefore invokes
shouldApplyStyle.

* editing/style/underline-by-user-expected.txt: Added.
* editing/style/underline-by-user.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184308 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWork around HTMLMediaElement::documentDidResumeFromPageCache being called twice
eric.carlson@apple.com [Wed, 13 May 2015 21:18:57 +0000 (21:18 +0000)]
Work around HTMLMediaElement::documentDidResumeFromPageCache being called twice
https://bugs.webkit.org/show_bug.cgi?id=144969

Reviewed by Alexey Proskuryakov.

* dom/Document.cpp:
(WebCore::Document::addPlaybackTargetPickerClient): Replace ASSERT with early
return to work around https://webkit.org/b/144970.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184306 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoI skipped a wrong test in r184270. Fix that.
rniwa@webkit.org [Wed, 13 May 2015 21:05:03 +0000 (21:05 +0000)]
I skipped a wrong test in r184270. Fix that.
The failure is tracked by webkit.org/b/144947.

* tests/stress/arith-modulo-node-behaviors.js:
* tests/stress/arith-mul-with-constants.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184305 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoGoing back after resizing causes scroll knob to appear in the middle of the page
timothy_horton@apple.com [Wed, 13 May 2015 20:51:37 +0000 (20:51 +0000)]
Going back after resizing causes scroll knob to appear in the middle of the page
https://bugs.webkit.org/show_bug.cgi?id=144968
<rdar://problem/18299827>

Reviewed by Beth Dakin.

* history/CachedPage.cpp:
(WebCore::CachedPage::restore):
(WebCore::CachedPage::clear):
* history/CachedPage.h:
(WebCore::CachedPage::markForContentsSizeChanged):
* history/PageCache.cpp:
(WebCore::PageCache::markPagesForContentsSizeChanged):
* history/PageCache.h:
Add a flag that will cause us to call updateContentsSize() after a page
comes out of the page cache, if necessary.

* page/FrameView.cpp:
(WebCore::FrameView::setContentsSize):
* page/FrameView.h:
Mark all cached pages for this frame as needing updateContentsSize()
when setContentsSize happens. This will ensure that scrollbar layers
are repositioned when coming out of the page cache.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184304 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Mac] Sandbox violation reading SubmitDiagInfo.domains
ap@apple.com [Wed, 13 May 2015 20:42:18 +0000 (20:42 +0000)]
[Mac] Sandbox violation reading SubmitDiagInfo.domains
https://bugs.webkit.org/show_bug.cgi?id=144962
rdar://problem/20719330

Reviewed by Darin Adler.

* WebProcess/com.apple.WebProcess.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184303 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSpeculative build fix.
bdakin@apple.com [Wed, 13 May 2015 19:59:35 +0000 (19:59 +0000)]
Speculative build fix.

* UIProcess/API/Cocoa/_WKOverlayScrollbarStyle.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184299 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK][CMake] Extra include directory when libnotify is present but disabled
mcatanzaro@igalia.com [Wed, 13 May 2015 19:56:30 +0000 (19:56 +0000)]
[GTK][CMake] Extra include directory when libnotify is present but disabled
https://bugs.webkit.org/show_bug.cgi?id=144941

Reviewed by Martin Robinson.

Add LIBNOTIFY_INCLUDE_DIRS to WebKit2_INCLUDE_DIRECTORIES only if USE_LIBNOTIFY is true,
rather than checking LIBNOTIFY_FOUND.

* PlatformGTK.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184298 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoNeed SPI to set the overlay scroll bar style
bdakin@apple.com [Wed, 13 May 2015 19:28:21 +0000 (19:28 +0000)]
Need SPI to set the overlay scroll bar style
https://bugs.webkit.org/show_bug.cgi?id=144928
-and corresponding-
rdar://problem/20143614

Reviewed by Anders Carlsson.

Source/WebCore:

New ChromeClient function preferredScrollbarOverlayStyle() will fetch the
scrollbar style that was set via the new SPI.
* page/ChromeClient.h:

If the preferredScrollbarOverlayStyle() is anything but None, then use it. None is
used to indicate that the normal heuristic should compute the appropriate color.
* page/FrameView.cpp:
(WebCore::FrameView::recalculateScrollbarOverlayStyle):
* page/FrameView.h:

Source/WebKit2:

Make scrollbarOverlayStyle a part of the creation parameters.
* Shared/WebPageCreationParameters.cpp:
(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):
* Shared/WebPageCreationParameters.h:

New SPI.
* UIProcess/API/Cocoa/WKViewPrivate.h:
* UIProcess/API/Cocoa/_WKOverlayScrollbarStyle.h: Added.
* UIProcess/API/mac/WKView.mm:
(-[WKView _setOverlayScrollbarStyle:]):
(-[WKView _overlayScrollbarStyle]):

Store m_scrollbarOverlayStyle on WebPageProxy, and set it to the WebProcess.
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::creationParameters):
(WebKit::WebPageProxy::setOverlayScrollbarStyle):
* UIProcess/WebPageProxy.h:
(WebKit::WebPageProxy::overlayScrollbarStyle):
* WebKit2.xcodeproj/project.pbxproj:

Return WebPage’s scrollbarOverlayStyle().
* WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::preferredScrollbarOverlayStyle):
* WebProcess/WebCoreSupport/WebChromeClient.h:

Cache the scrollbarOverlayStyle() here for the WebProcess.
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::WebPage):
(WebKit::WebPage::setScrollbarOverlayStyle):
* WebProcess/WebPage/WebPage.h:
(WebKit::WebPage::scrollbarOverlayStyle):
* WebProcess/WebPage/WebPage.messages.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184297 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoScrollbars in overflow regions are not vanishing after scrolling with scroll snap...
bfulgham@apple.com [Wed, 13 May 2015 19:26:50 +0000 (19:26 +0000)]
Scrollbars in overflow regions are not vanishing after scrolling with scroll snap points
https://bugs.webkit.org/show_bug.cgi?id=142521
<rdar://problem/20100706>

Reviewed by Darin Adler.

The scrollbars were not being dismissed because they were not being notified that the wheel
gesture was finished. This was happening because the wheel event 'ended' state has zero
deltaX and deltaY. If the region did not allow stretching, it would exit early, never passing
through the 'handleWheelEventPhase' code that would notify the scrollbar controller that
the gesture had ended.

* platform/ScrollableArea.cpp:
(WebCore::ScrollableArea::mouseExitedContentArea): The wrong ScrollAnimator method was being
called when the mouse exited the content area.
* platform/mac/ScrollAnimatorMac.mm:
(WebCore::ScrollAnimatorMac::handleWheelEvent): Do not early return when the wheel event has
no change in X or Y coordinate.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184296 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRename some StorageManager functions to indicate that they work on local storage...
andersca@apple.com [Wed, 13 May 2015 19:24:10 +0000 (19:24 +0000)]
Rename some StorageManager functions to indicate that they work on local storage entries
https://bugs.webkit.org/show_bug.cgi?id=144958
First part of rdar://problem/10690447.

Reviewed by Beth Dakin.

* UIProcess/Storage/StorageManager.cpp:
(WebKit::StorageManager::getLocalStorageOrigins):
(WebKit::StorageManager::getLocalStorageDetailsByOrigin):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigin):
(WebKit::StorageManager::deleteAllLocalStorageEntries):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):
(WebKit::StorageManager::getOrigins): Deleted.
(WebKit::StorageManager::getStorageDetailsByOrigin): Deleted.
(WebKit::StorageManager::deleteEntriesForOrigin): Deleted.
(WebKit::StorageManager::deleteAllEntries): Deleted.
(WebKit::StorageManager::deleteEntriesForOrigins): Deleted.
* UIProcess/Storage/StorageManager.h:
* UIProcess/WebKeyValueStorageManager.cpp:
(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):
(WebKit::WebKeyValueStorageManager::getStorageDetailsByOrigin):
(WebKit::WebKeyValueStorageManager::deleteEntriesForOrigin):
(WebKit::WebKeyValueStorageManager::deleteAllEntries):
* UIProcess/WebsiteData/WebsiteDataStore.cpp:
(WebKit::WebsiteDataStore::fetchData):
(WebKit::WebsiteDataStore::removeData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184295 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCrash under WebKit::WebInspectorProxy::attachAvailabilityChanged sometimes opening...
commit-queue@webkit.org [Wed, 13 May 2015 19:20:42 +0000 (19:20 +0000)]
Crash under WebKit::WebInspectorProxy::attachAvailabilityChanged sometimes opening new page
https://bugs.webkit.org/show_bug.cgi?id=144957

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-05-13
Reviewed by Simon Fraser.

* UIProcess/WebInspectorProxy.cpp:
(WebKit::WebInspectorProxy::attachAvailabilityChanged):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184294 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDon't compute selection painting info when we don't have selection.
hyatt@apple.com [Wed, 13 May 2015 18:56:15 +0000 (18:56 +0000)]
Don't compute selection painting info when we don't have selection.
https://bugs.webkit.org/show_bug.cgi?id=144920
<rdar://problem/20919920>

Reviewed by Simon Fraser.

* rendering/InlineTextBox.cpp:
(WebCore::InlineTextBox::paint):

Just set the selection paint style to the text paint style when we don't have a selection
at all. Computing the selection style takes time in the case where a ::selection pseudo is
used on the page, so we don't want to waste time computing that info unless it's actually
needed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184293 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAvoid always running some debug code in type profiling
joepeck@webkit.org [Wed, 13 May 2015 18:51:46 +0000 (18:51 +0000)]
Avoid always running some debug code in type profiling
https://bugs.webkit.org/show_bug.cgi?id=144775

Reviewed by Daniel Bates.

* runtime/TypeProfilerLog.cpp:
(JSC::TypeProfilerLog::processLogEntries):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184292 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoPass String as reference in more places
joepeck@webkit.org [Wed, 13 May 2015 18:51:44 +0000 (18:51 +0000)]
Pass String as reference in more places
https://bugs.webkit.org/show_bug.cgi?id=144769

Reviewed by Daniel Bates.

Source/JavaScriptCore:

* debugger/Breakpoint.h:
(JSC::Breakpoint::Breakpoint):
* parser/Parser.h:
(JSC::Parser::setErrorMessage):
(JSC::Parser::updateErrorWithNameAndMessage):
* parser/ParserError.h:
(JSC::ParserError::ParserError):
* runtime/RegExp.cpp:
(JSC::RegExpFunctionalTestCollector::outputOneTest):
* runtime/RegExpObject.cpp:
(JSC::regExpObjectSourceInternal):
* runtime/TypeProfiler.cpp:
(JSC::TypeProfiler::typeInformationForExpressionAtOffset):
* runtime/TypeProfilerLog.cpp:
(JSC::TypeProfilerLog::processLogEntries):
* runtime/TypeProfilerLog.h:
* tools/FunctionOverrides.cpp:
(JSC::initializeOverrideInfo):
* inspector/scripts/codegen/generate_objc_conversion_helpers.py:
(ObjCConversionHelpersGenerator._generate_enum_from_protocol_string):

* inspector/scripts/codegen/objc_generator_templates.py:
* inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
* inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
* inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
* inspector/scripts/tests/expected/enum-values.json-result:
* inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
* inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
* inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
* inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
* inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
* inspector/scripts/tests/expected/type-declaration-array-type.json-result:
* inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
* inspector/scripts/tests/expected/type-declaration-object-type.json-result:
* inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
Rebaseline tests after updating the generator.

Source/WebCore:

* bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::dumpString):
(WebCore::CloneSerializer::dumpStringObject):
* dom/DocumentMarkerController.cpp:
(WebCore::DocumentMarkerController::addMarker):
* dom/DocumentMarkerController.h:
* inspector/InspectorApplicationCacheAgent.cpp:
(WebCore::InspectorApplicationCacheAgent::assertFrameWithDocumentLoader):
* inspector/InspectorApplicationCacheAgent.h:
* inspector/InspectorNodeFinder.cpp:
(WebCore::stripCharacters):
(WebCore::InspectorNodeFinder::InspectorNodeFinder):
* inspector/InspectorNodeFinder.h:

Source/WebKit2:

* WebProcess/WebPage/WebInspectorUI.cpp:
(WebKit::WebInspectorUI::showMainResourceForFrame):
* WebProcess/WebPage/WebInspectorUI.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184291 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoView scale changes are temporarily lost after restoring a page from the page cache
timothy_horton@apple.com [Wed, 13 May 2015 18:11:38 +0000 (18:11 +0000)]
View scale changes are temporarily lost after restoring a page from the page cache
https://bugs.webkit.org/show_bug.cgi?id=144934

Reviewed by Brady Eidson.

* history/CachedPage.cpp:
(WebCore::CachedPage::CachedPage):
(WebCore::CachedPage::restore):
(WebCore::CachedPage::clear):
* history/CachedPage.h:
(WebCore::CachedPage::markForDeviceOrPageScaleChanged): Renamed.
* history/PageCache.cpp:
(WebCore::PageCache::markPagesForDeviceOrPageScaleChanged): Renamed.
* history/PageCache.h:
Rename PageCache/CachedPage methods to make it more clear that they
will eventually result in calling deviceOrPageScaleFactorChanged().
Also, use modern initialization for CachedPage members.

* loader/HistoryController.cpp:
(WebCore::HistoryController::saveScrollPositionAndViewStateToItem):
(WebCore::HistoryController::restoreScrollPositionAndViewState):
Store the pageScaleFactor on HistoryItem with the view scale factored out,
because the view scale can change while the page is in the page cache, and
WebCore needs a way - without consulting with WebKit2 - to apply the changed
view scale to the cached page scale.

* page/Page.cpp:
(WebCore::Page::setViewScaleFactor):
(WebCore::Page::setDeviceScaleFactor):
* page/Page.h:
(WebCore::Page::viewScaleFactor):
Keep track of the viewScaleFactor, and mark all pages in the page cache
as needing to call deviceOrPageScaleFactorChanged and do a full style recalc
when they come back from the page cache.

For now, we expect all callers of setPageScaleFactor (including WebKit2 and
HistoryController) to multiply the viewScale in manually, to avoid the
significant amount of change in WebCore that would be required to keep them
totally separately.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::WebPage):
(WebKit::WebPage::scalePage):
(WebKit::WebPage::scalePageInViewCoordinates):
(WebKit::WebPage::pageScaleFactor):
(WebKit::WebPage::viewScaleFactor):
(WebKit::WebPage::scaleView):
* WebProcess/WebPage/WebPage.h:
(WebKit::WebPage::viewScaleFactor): Deleted.
Get rid of m_viewScaleFactor, instead using Page::viewScaleFactor.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184290 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agocom.apple.WebKit.WebContent crashed at JavaScriptCore: JSC::CodeBlock::finalizeUncond...
msaboff@apple.com [Wed, 13 May 2015 17:58:59 +0000 (17:58 +0000)]
com.apple.WebKit.WebContent crashed at JavaScriptCore: JSC::CodeBlock::finalizeUnconditionally
https://bugs.webkit.org/show_bug.cgi?id=144933

Changed the RELEASE_ASSERT_NOT_REACHED into an ASSERT.  Added some diagnostic messages to
help determine the cause for any crash.

Reviewed by Geoffrey Garen.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finalizeUnconditionally):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184289 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r184260): arguments elimination has stopped working because of Check(Untyp...
fpizlo@apple.com [Wed, 13 May 2015 17:39:02 +0000 (17:39 +0000)]
REGRESSION(r184260): arguments elimination has stopped working because of Check(UntypedUse:) from SSAConversionPhase
https://bugs.webkit.org/show_bug.cgi?id=144951

Reviewed by Michael Saboff.

There were two issues here:

- In r184260 we expected a small number of possible use kinds in Check nodes, and
  UntypedUse was not one of them. That seemed like a sensible assumption because we don't
  create Check nodes unless it's to have a check. But, SSAConversionPhase was creating a
  Check that could have UntypedUse. I fixed this. It's cleaner for SSAConversionPhase to
  follow the same idiom as everyone else and not create tautological checks.

- It's clearly not very robust to assume that Checks will not be used tautologically. So,
  this changes how we validate Checks in the escape analyses. We now use willHaveCheck,
  which catches cases that AI would have already marked as unnecessary. It then also uses
  a new helper called alreadyChecked(), which allows us to just ask if the check is
  unnecessary for objects. That's a good fall-back in case AI hadn't run yet.

* dfg/DFGArgumentsEliminationPhase.cpp:
* dfg/DFGMayExit.cpp:
* dfg/DFGObjectAllocationSinkingPhase.cpp:
(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):
* dfg/DFGSSAConversionPhase.cpp:
(JSC::DFG::SSAConversionPhase::run):
* dfg/DFGUseKind.h:
(JSC::DFG::alreadyChecked):
* dfg/DFGVarargsForwardingPhase.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184288 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Implement String.raw
utatane.tea@gmail.com [Wed, 13 May 2015 16:48:33 +0000 (16:48 +0000)]
[ES6] Implement String.raw
https://bugs.webkit.org/show_bug.cgi?id=144330

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Implement String.raw. It is intended to be used with tagged-templates syntax.
To implement ToString abstract operation efficiently,
we introduce @toString bytecode intrinsic. It emits op_to_string directly.

* CMakeLists.txt:
* builtins/StringConstructor.js: Added.
(raw):
* bytecompiler/NodesCodegen.cpp:
(JSC::BytecodeIntrinsicNode::emit_intrinsic_toString):
* runtime/CommonIdentifiers.h:
* runtime/StringConstructor.cpp:
* tests/stress/string-raw.js: Added.
(shouldBe):
(.get shouldBe):
(Counter):

LayoutTests:

Add String.raw.

* js/Object-getOwnPropertyNames-expected.txt:
* js/script-tests/Object-getOwnPropertyNames.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184287 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMinor cleanups to PluginProxy.cpp.
commit-queue@webkit.org [Wed, 13 May 2015 09:31:21 +0000 (09:31 +0000)]
Minor cleanups to PluginProxy.cpp.
https://bugs.webkit.org/show_bug.cgi?id=144948

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-13
Reviewed by Gyuyoung Kim.

1. Remove unnecessary #include.
2. Remove unnecessary return statement from PluginProxy::paint().

No new tests, no behavior change.

* WebProcess/Plugins/PluginProxy.cpp:
(WebKit::PluginProxy::paint):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184285 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r176631): [EFL] Fullscreen feature doesn't work correctly on MiniBrowser
commit-queue@webkit.org [Wed, 13 May 2015 09:13:41 +0000 (09:13 +0000)]
REGRESSION(r176631): [EFL] Fullscreen feature doesn't work correctly on MiniBrowser
https://bugs.webkit.org/show_bug.cgi?id=144906

Patch by Daegyu Lee <daegyu.lee@navercorp.com> on 2015-05-13
Reviewed by Gyuyoung Kim.

* UIProcess/CoordinatedGraphics/PageViewportController.cpp:
(WebKit::PageViewportController::updateMinimumScaleToFit): Recover the r176631 condition to
call applyScaleAfterRenderingContents function to apply correct scale.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184283 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoReduce TransformationMatrix copies in MatrixTransformOperation, Matrix3DTransformOper...
zandobersek@gmail.com [Wed, 13 May 2015 06:47:21 +0000 (06:47 +0000)]
Reduce TransformationMatrix copies in MatrixTransformOperation, Matrix3DTransformOperation
https://bugs.webkit.org/show_bug.cgi?id=144797

Reviewed by Darin Adler.

Using std::swap() on TransformationMatrix objects which don't
provide move constructors will result in copies.

Instead, use a helper function in both MatrixTransformOperation
and Matrix3DTransformOperation that calls TransformationMatrix::blend()
and returns the new Matrix(3D)TransformOperation object, and call it
with fromT and toT arguments switched when blending to identity.

* platform/graphics/transforms/Matrix3DTransformOperation.cpp:
(WebCore::createOperation):
(WebCore::Matrix3DTransformOperation::blend):
* platform/graphics/transforms/Matrix3DTransformOperation.h: No need
to copy the m_matrix member, it won't change when passed to
TransformationMatrix::multiply().
* platform/graphics/transforms/MatrixTransformOperation.cpp:
(WebCore::createOperation):
(WebCore::MatrixTransformOperation::blend):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184274 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[EGL][X11] XPixmap created in GLContextEGL::createPixmapContext() is leaked
carlosgc@webkit.org [Wed, 13 May 2015 06:18:22 +0000 (06:18 +0000)]
[EGL][X11] XPixmap created in GLContextEGL::createPixmapContext() is leaked
https://bugs.webkit.org/show_bug.cgi?id=144909

Reviewed by Sergio Villar Senin and Žan Doberšek.

The pixmap is created and passed to eglCreatePixmapSurface(), but
never released. eglCreatePixmapSurface() doesn't take the
ownership of the pixmap, so we should explicitly free it when the
GLContextEGL is destroyed.

* platform/graphics/egl/GLContextEGL.cpp:
(WebCore::GLContextEGL::createPixmapContext): Use XUniquePixmap
and transfer the ownership to the context by using the new
constructor that receives a XUniquePixmap&&.
(WebCore::GLContextEGL::createContext): createPixmapContext() is
now only defined for X11.
(WebCore::GLContextEGL::GLContextEGL): New constructor that
receives a XUniquePixmap&&.
* platform/graphics/egl/GLContextEGL.h: Add new constructor and
initialize the cairo device when defined to simplify constructors.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184273 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed build fix.
rniwa@webkit.org [Wed, 13 May 2015 05:44:07 +0000 (05:44 +0000)]
Unreviewed build fix.

Added the missing metric name and wrapped values in an array as done in SunSpider.patch.

* Scripts/webkitpy/benchmark_runner/data/patches/Kraken.patch:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184271 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTemporarily disable the test on Windows. The failure is tracked in webkit.org/b/144897.
rniwa@webkit.org [Wed, 13 May 2015 05:39:50 +0000 (05:39 +0000)]
Temporarily disable the test on Windows. The failure is tracked in webkit.org/b/144897.

* tests/stress/arith-mul-with-constants.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184270 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoReindent DIBPixelData.h for consistency.
commit-queue@webkit.org [Wed, 13 May 2015 05:31:25 +0000 (05:31 +0000)]
Reindent DIBPixelData.h for consistency.
https://bugs.webkit.org/show_bug.cgi?id=144942

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-12
Reviewed by Darin Adler.

No new tests, no behavior change.

* platform/graphics/win/DIBPixelData.h:
(WebCore::DIBPixelData::DIBPixelData):
(WebCore::DIBPixelData::buffer):
(WebCore::DIBPixelData::bufferLength):
(WebCore::DIBPixelData::size):
(WebCore::DIBPixelData::bytesPerRow):
(WebCore::DIBPixelData::bitsPerPixel):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184262 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agofast/text/simple-line-layout-text-stroke-width.html fails on Windows
ap@apple.com [Wed, 13 May 2015 05:25:52 +0000 (05:25 +0000)]
fast/text/simple-line-layout-text-stroke-width.html fails on Windows

* platform/win/TestExpectations: Mark it as such. The tets likely needs to be
improved to work cross-platform.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184261 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agojs/dom/stack-trace.html fails with eager compilation
fpizlo@apple.com [Wed, 13 May 2015 05:21:16 +0000 (05:21 +0000)]
js/dom/stack-trace.html fails with eager compilation
https://bugs.webkit.org/show_bug.cgi?id=144853

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

All of our escape analyses were mishandling Check(). They were assuming that this is a
non-escaping operation. But, if we do for example a Check(Int32:@x) and @x is an escape
candidate, then we need to do something: if we eliminate or sink @x, then the check no
longer makes any sense since a phantom allocation has no type. This will make us forget
that this operation would have exited. This was causing us to not call a valueOf method in
js/dom/stack-trace.html with eager compilation enabled, because it was doing something like
+o where o had a valueOf method, and o was otherwise sinkable.

This changes our escape analyses to basically pretend that any Check() that isn't obviously
unnecessary is an escape. We don't have to be super careful here. Most checks will be
completely eliminated by constant-folding. If that doesn't run in time, then the most
common check we will see is CellUse. So, we just recognize some very obvious check kinds
that we know would have passed, and for all of the rest we just assume that it's an escape.

This was super tricky to test. The obvious way to test it is to use +o like
stack-trace.html, except that doing so relies on the fact that we still haven't implemented
the optimal behavior for op_to_number. So, I take four approaches in testing this patch:

1) Use +o. These will test what we want it to test for now, but at some point in the future
   these tests will just be a good sanity-check that our op_to_number implementation is
   right.

2) Do fancy control flow tricks to fool the profiling into thinking that some arithmetic
   operation always sees integers even though we eventually feed it an object and that
   object is a sink candidate.

3) Introduce a new jsc.cpp intrinsic called isInt32() which returns true if the incoming
   value is an int32. This intrinsic is required to be implemented by DFG by
   unconditionally speculating that the input is int32. This allows us to write much more
   targetted tests of the underlying issue.

4) I made a version of stack-trace.html that runs in run-jsc-stress-tests, so that we can
   get regression test coverage of this test in eager mode.

* dfg/DFGArgumentsEliminationPhase.cpp:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsic):
* dfg/DFGObjectAllocationSinkingPhase.cpp:
(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):
* dfg/DFGVarargsForwardingPhase.cpp:
* ftl/FTLExitValue.cpp:
(JSC::FTL::ExitValue::dumpInContext):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::buildExitArguments):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileFTLOSRExit):
* jsc.cpp:
(GlobalObject::finishCreation):
(functionIsInt32):
* runtime/Intrinsic.h:
* tests/stress/sink-arguments-past-invalid-check-dfg.js: Added.
* tests/stress/sink-arguments-past-invalid-check-int32-dfg.js: Added.
* tests/stress/sink-arguments-past-invalid-check-int32.js: Added.
* tests/stress/sink-arguments-past-invalid-check-sneakier.js: Added.
* tests/stress/sink-arguments-past-invalid-check.js: Added.
* tests/stress/sink-function-past-invalid-check-sneakier.js: Added.
* tests/stress/sink-function-past-invalid-check-sneaky.js: Added.
* tests/stress/sink-object-past-invalid-check-int32.js: Added.
* tests/stress/sink-object-past-invalid-check-sneakier.js: Added.
* tests/stress/sink-object-past-invalid-check-sneaky.js: Added.
* tests/stress/sink-object-past-invalid-check.js: Added.

LayoutTests:

Make a copy of the stack-trace test that only runs in run-jsc-stress-tests. Sadly, we don't
have a good way of having different expectation files for when a test runs in RJST versus
RWT. So, the approach I take is that I make a copy of the test just for RJST and I exclude
the .html file, which makes RWT overlook it. The test has different expectations in the
two harnesses because it does some small DOM things.

* js/script-tests/stack-trace.js: Added.
* js/stack-trace-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184260 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r184224.
commit-queue@webkit.org [Wed, 13 May 2015 05:18:01 +0000 (05:18 +0000)]
Unreviewed, rolling out r184224.
https://bugs.webkit.org/show_bug.cgi?id=144946

Made inspector/page/main-frame-resource.html assert every time
(Requested by ap on #webkit).

Reverted changeset:

"Web Inspector: REGRESSION (r181625): Timeline recording
started from console.profile is always empty"
https://bugs.webkit.org/show_bug.cgi?id=144882
http://trac.webkit.org/changeset/184224

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184259 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoIn Safari, Debug > Get Bytecode Profile crashes the Web Content process
mitz@apple.com [Wed, 13 May 2015 04:38:39 +0000 (04:38 +0000)]
In Safari, Debug > Get Bytecode Profile crashes the Web Content process
https://bugs.webkit.org/show_bug.cgi?id=144944

Reviewed by Darin Adler.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::getBytecodeProfile): Don’t assert that m_perBytecodeProfiler isn’t null,
because it is when the profiler is disabled, which is the default. In that case, return
after sending back the empty string, rather than continuing to dereference a null pointer.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184258 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Mac] Hang in MediaPlayerPrivateAVFoundationObjC::audioSourceProvider() - 'tracks...
jer.noble@apple.com [Wed, 13 May 2015 04:10:54 +0000 (04:10 +0000)]
[Mac] Hang in MediaPlayerPrivateAVFoundationObjC::audioSourceProvider() - 'tracks' property not yet loaded
https://bugs.webkit.org/show_bug.cgi?id=144937

Reviewed by Eric Carlson.

Querying for the -[AVAsset tracks] property blocks for network loading; and could
block forever if the asset in question is not reachable. Add a "safe" mechanism for
querying the list of audible tracks, and use that when providing the audioSourceProvider()
with an audible track.

* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerItem):
(WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged):
(WebCore::MediaPlayerPrivateAVFoundationObjC::audioSourceProvider):
(WebCore::MediaPlayerPrivateAVFoundationObjC::processLegacyClosedCaptionsTracks):
(WebCore::MediaPlayerPrivateAVFoundationObjC::safeAVAssetTracksForAudibleMedia):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184249 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoIf JSC cannot get executable memory, it shouldn't call madvise
msaboff@apple.com [Wed, 13 May 2015 04:02:09 +0000 (04:02 +0000)]
If JSC cannot get executable memory, it shouldn't call madvise
https://bugs.webkit.org/show_bug.cgi?id=144931

Reviewed by Mark Lam.

Made calling madvise conditional on really getting mmapped memory.

* wtf/OSAllocatorPosix.cpp:
(WTF::OSAllocator::reserveUncommitted):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184245 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCrash when using <input type=file>
jhoneycutt@apple.com [Wed, 13 May 2015 03:51:19 +0000 (03:51 +0000)]
Crash when using <input type=file>

<https://bugs.webkit.org/show_bug.cgi?id=144939>
<rdar://problem/20172315>

Reviewed by Andy Estes.

* UIProcess/ios/forms/WKFileUploadPanel.mm:
Use a RefPtr to hold the WebOpenPanelResultListenerProxy, because the
WKFileUploadPanel can outlive it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184241 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAX: [Win] REGRESSION(r184213) breaks aria-menubar-menuitems.html
jdiggs@igalia.com [Wed, 13 May 2015 03:42:25 +0000 (03:42 +0000)]
AX: [Win] REGRESSION(r184213) breaks aria-menubar-menuitems.html
https://bugs.webkit.org/show_bug.cgi?id=144936

Unreviewed gardening.

Adding the platform-specific expectations for Windows now that the
accessibility tree is being correctly generated for this test.

* platform/win/accessibility/aria-menubar-menuitems-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184239 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMac build fix after r184228.
rniwa@webkit.org [Wed, 13 May 2015 03:08:50 +0000 (03:08 +0000)]
Mac build fix after r184228.

* bindings/scripts/CodeGeneratorJS.pm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184234 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTurn antialiased font dilation off by default
simon.fraser@apple.com [Wed, 13 May 2015 02:01:22 +0000 (02:01 +0000)]
Turn antialiased font dilation off by default
https://bugs.webkit.org/show_bug.cgi?id=144940
rdar://problem/20923031

Reviewed by Sam Weinig.
Source/WebCore:

Turn antialised font dilation off by default.

* page/Settings.cpp:
(WebCore::Settings::Settings):
* platform/graphics/FontCascade.cpp:

Source/WebKit/mac:

Turn antialised font dilation off by default.

* WebView/WebPreferences.mm:
(+[WebPreferences initialize]):

Source/WebKit2:

Turn antialised font dilation off by default.

* Shared/WebPreferencesDefinitions.h:
* UIProcess/API/C/WKPreferencesRefPrivate.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184231 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix the iteration count of arith-modulo-node-behaviors.js
benjamin@webkit.org [Wed, 13 May 2015 01:52:52 +0000 (01:52 +0000)]
Fix the iteration count of arith-modulo-node-behaviors.js

* tests/stress/arith-modulo-node-behaviors.js:
No need for big numbers for the real testing.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184230 268f45cc-cd09-0410-ab3c-d52691b4dbfc