WebKit-https.git
3 years agoWe should support the ability to do a non-effectful getById
keith_miller@apple.com [Thu, 7 Apr 2016 19:38:00 +0000 (19:38 +0000)]
We should support the ability to do a non-effectful getById
https://bugs.webkit.org/show_bug.cgi?id=156116

Reviewed by Benjamin Poulain.

Currently, there is no way in JS to do a non-effectful getById. A non-effectful getById is
useful because it enables us to take different code paths based on values that we would
otherwise not be able to have knowledge of. This patch adds this new feature called
try_get_by_id that will attempt to do as much of a get_by_id as possible without performing
an effectful behavior. Thus, try_get_by_id will return the value if the slot is a value, the
GetterSetter object if the slot is a normal accessor (not a CustomGetterSetter) and
undefined if the slot is unset.  If the slot is proxied or any other cases then the result
is null. In theory, if we ever wanted to check for null we could add a sentinal object to
the global object that indicates we could not get the result.

In order to implement this feature we add a new enum GetByIdKind that indicates what to do
for accessor properties in PolymorphicAccess. If the GetByIdKind is pure then we treat the
get_by_id the same way we would for load and return the value at the appropriate offset.
Additionally, in order to make sure the we can properly compare the GetterSetter object
with === GetterSetters are now JSObjects. This comes at the cost of eight extra bytes on the
GetterSetter object but it vastly simplifies the patch. Additionally, the extra bytes are
likely to have little to no impact on memory usage as normal accessors are generally rare.

* JavaScriptCore.xcodeproj/project.pbxproj:
* builtins/BuiltinExecutableCreator.cpp: Added.
(JSC::createBuiltinExecutable):
* builtins/BuiltinExecutableCreator.h: Copied from Source/JavaScriptCore/builtins/BuiltinExecutables.h.
* builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::createDefaultConstructor):
(JSC::BuiltinExecutables::createBuiltinExecutable):
(JSC::createBuiltinExecutable):
(JSC::BuiltinExecutables::createExecutable):
(JSC::createExecutableInternal): Deleted.
* builtins/BuiltinExecutables.h:
* bytecode/BytecodeIntrinsicRegistry.h:
* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::tryGet):
(JSC::AccessCase::generate):
(WTF::printInternal):
* bytecode/PolymorphicAccess.h:
(JSC::AccessCase::isGet): Deleted.
(JSC::AccessCase::isPut): Deleted.
(JSC::AccessCase::isIn): Deleted.
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::reset):
* bytecode/StructureStubInfo.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitTryGetById):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::BytecodeIntrinsicNode::emit_intrinsic_tryGetById):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::getById):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
* jit/JITInlineCacheGenerator.h:
* jit/JITInlines.h:
(JSC::JIT::callOperation):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id):
* jit/Repatch.cpp:
(JSC::repatchByIdSelfAccess):
(JSC::appropriateOptimizingGetByIdFunction):
(JSC::appropriateGenericGetByIdFunction):
(JSC::tryCacheGetByID):
(JSC::repatchGetByID):
(JSC::resetGetByID):
* jit/Repatch.h:
* jsc.cpp:
(GlobalObject::finishCreation):
(functionGetGetterSetter):
(functionCreateBuiltin):
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
* runtime/GetterSetter.cpp:
* runtime/GetterSetter.h:
* runtime/JSType.h:
* runtime/PropertySlot.cpp:
(JSC::PropertySlot::getPureResult):
* runtime/PropertySlot.h:
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::getOwnPropertySlotCommon):
* tests/stress/try-get-by-id.js: Added.
(tryGetByIdText):
(getCaller.obj.1.throw.new.Error.let.func):
(getCaller.obj.1.throw.new.Error):
(throw.new.Error.get let):
(throw.new.Error.):
(throw.new.Error.let.get createBuiltin):
(get let):
(let.get createBuiltin):
(let.func):
(get let.func):
(get throw):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199170 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Inspector hangs when trying to view a large XHR resource
joepeck@webkit.org [Thu, 7 Apr 2016 19:29:38 +0000 (19:29 +0000)]
Web Inspector: Inspector hangs when trying to view a large XHR resource
https://bugs.webkit.org/show_bug.cgi?id=144107
<rdar://problem/20669463>

Reviewed by NOBODY (OOPS!).

Previously auto formatting (initially pretty print source code) in TextEditor
was done synchronously in this order:

  (1) revealing the Editor as soon as we have content
  (2) set the CodeMirror value
  (3) pretty print with the CodeMirror editor
  (4) set the CodeMirror value
      => Layout

At the end, CodeMirror would layout once with the new content. This approach
performs very poorly when step (3) is an asynchronous action, because it would
mean CodeMirror would layout for both (2) and at the end (4) and the layout
itself can be very costly if the content is minified and so has very long
lines at the top of the file that need to be syntax highlighted and visible
since we do not wrap.

This patch changes the order of operations to benefit asynchronous formatting.
When SourceCodeTextEditor determines that it can autoformat it:

  (1) set the CodeMirror value
  (2) pretty print to source text
  (3) reveal the Editor when pretty printing is done
  (4) set the CodeMirror value
      => Layout

This maintains the fact that to undo pretty printing we can just "undo" the
editor to get the original text. This also means we only do a single
CodeMirror layout, with the pretty printed and therefore more manageable
source text for highlighting. It also means we continue to show a loading
indicator in the editor while we are pretty printing. If this is truely
done asynchronously, which is the case for JavaScript with FormatterWorker,
then the loading indicator will animate smoothly.

This sequence also works with the traditional synchronous formatters,
which we still have for CSS.

* UserInterface/Views/ContentView.js:
(WebInspector.ContentView.contentViewForRepresentedObject):
* UserInterface/Views/NavigationSidebarPanel.js:
(WebInspector.NavigationSidebarPanel.prototype.showDefaultContentViewForTreeElement):
(WebInspector.NavigationSidebarPanel.prototype._checkElementsForPendingViewStateCookie):
BreakpointTreeElements can now be restored and reselected when its
source code is null. Avoid deleting the pending cookie data if a
ContentView was not shown for the resource. When the Breakpoint
and SourceCode get hooked up, this code will run again and work.

* UserInterface/Views/ScriptContentView.js:
(WebInspector.ScriptContentView.prototype._togglePrettyPrint):
* UserInterface/Views/TextResourceContentView.js:
(WebInspector.TextResourceContentView.prototype._togglePrettyPrint):
* UserInterface/Views/TextContentView.js:
(WebInspector.TextContentView.prototype._togglePrettyPrint):
New API for toggling formatting, now that it is an async operation.

* UserInterface/Views/SourceCodeTextEditor.js:
(WebInspector.SourceCodeTextEditor):
(WebInspector.SourceCodeTextEditor.prototype.toggleTypeAnnotations):
(WebInspector.SourceCodeTextEditor.prototype.prettyPrint):
(WebInspector.SourceCodeTextEditor.prototype._populateWithContent):
(WebInspector.SourceCodeTextEditor.prototype._proceedPopulateWithContent):
(WebInspector.SourceCodeTextEditor.prototype._prepareEditorForInitialContent):
(WebInspector.SourceCodeTextEditor.prototype._populateWithInlineScriptContent.scriptContentAvailable):
(WebInspector.SourceCodeTextEditor.prototype._populateWithInlineScriptContent):
(WebInspector.SourceCodeTextEditor.prototype._populateWithScriptContent):
(WebInspector.SourceCodeTextEditor.prototype.textEditorUpdatedFormatting):
(WebInspector.SourceCodeTextEditor.prototype._contentWillPopulate): Deleted.
Move auto formatting logic into SourceCodeTextEditor, because it
determines if content should be auto formatted, and it loads the
initial content so it can determine when to show the editor for
the first time.

When we get the initial content and determine we have to autoformat,
setup the TextEditor, but don't proceed with WillPopulate/DidPopulate
until after we have formatted text.

* UserInterface/Views/TextEditor.js:
(WebInspector.TextEditor):
(WebInspector.TextEditor.set string.update):
(WebInspector.TextEditor.prototype.set string):
(WebInspector.TextEditor.prototype.setFormatted):
(WebInspector.TextEditor.prototype.hasFormatter):
(WebInspector.TextEditor.prototype._format):
(WebInspector.TextEditor.prototype.prettyPrint):
(WebInspector.TextEditor.prototype._canUseFormatterWorker):
(WebInspector.TextEditor.prototype._startWorkerPrettyPrint):
(WebInspector.TextEditor.prototype._startCodeMirrorPrettyPrint):
(WebInspector.TextEditor.prototype._finishPrettyPrint):
(WebInspector.TextEditor.prototype._undoFormatting):
(WebInspector.TextEditor.prototype._updateAfterFormatting):
Break up the synchronous pretty printing code into multiple steps.
One path can be asynchronous formatting via FormatterWorker, another
path may be synchronous formatting using the CodeMirror formatters.

(WebInspector.TextEditor.prototype.set formatted): Deleted.
Remove the synchronous `set formatted` setter. Replace with setFormatted().

(WebInspector.TextEditor.prototype.set autoFormat): Deleted.
Remove the TextEditor's autoformat. Since formatting can be async, having
the TextEditor showing and asynchronously format its initial contents is
a recipe for poor performance causing multiple layouts of different content.
Instead, autoformatting is handled by SourceCodeTextEditor, and TextEditor
can then be shown when it has the right data.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199169 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Improve JavaScript pretty printing
joepeck@webkit.org [Thu, 7 Apr 2016 19:29:32 +0000 (19:29 +0000)]
Web Inspector: Improve JavaScript pretty printing
https://bugs.webkit.org/show_bug.cgi?id=156178
<rdar://problem/25535719>

Reviewed by Timothy Hatcher.

Source/WebInspectorUI:

Add a new EsprimaFormatter which pretty prints JavaScript source text
using the Esprima AST and Tokens. Currently we use CodeMirror's
tokenizer for pretty printing. By moving to Esprima for pretty
printing we get a few advantages: (1) can be used within a Worker
as there are no dependencies on DOM objects, (2) a full featured AST
gives more context to handling individual tokens. One disadvantage
is that Esprima requires valid input, so scripts with syntax errors
will not work.

EsprimaFormatter works by:
- Getting the Esprima AST and token stream.
- Walk all AST nodes:
  - when entering an AST node, handle any tokens before the start of this node
  - when leaving an AST node, handle any tokens that were inside the node
- Whenever we handle a new node or token check if we should preserve any
  newlines or comments that do not show up in the AST or token stream.

This allows us to handle any token based on its context. Currently the
formatter prefers to operate on tokens based on their context. So the
formatter has a case for each AST node type and handles the tokens
within that AST node. A small exception is made to special case the
handling of semicolons.

* Scripts/copy-user-interface-resources-dryrun.rb:
Add a generic check for -h, -help, --help to print usage.

* Tools/Formatting/EsprimaFormatterDebug.js: Added.
(EsprimaFormatterDebug):
(EsprimaFormatterDebug.prototype.get debugText):
(EsprimaFormatterDebug.prototype._pad):
(EsprimaFormatterDebug.prototype._debugHeader):
(EsprimaFormatterDebug.prototype._debugFooter):
(EsprimaFormatterDebug.prototype._debug):
(EsprimaFormatterDebug.prototype._debugComments):
(EsprimaFormatterDebug.prototype._debugAfterProgramNode):
(EsprimaFormatterDebug.prototype._before):
(EsprimaFormatterDebug.prototype._after):
* Tools/Formatting/codemirror-additions.css: Copied from Source/WebInspectorUI/Tools/PrettyPrinting/codemirror-additions.css.
* Tools/Formatting/index.html: Added.
* Tools/PrettyPrinting/codemirror-additions.css:
(pre): Deleted.
(a.download): Deleted.
* Tools/PrettyPrinting/index.html:
* Tools/PrettyPrinting/populate/jquery.min.js: Removed.
Add a Formatter tool that is similiar to the PrettyPrinting tool but
outputs debug information for Esprima tokens. This is useful for
iterating on tests, performance measurements, and general debugging
of token stream for any input.

* UserInterface/Controllers/FormatterSourceMap.js:
(WebInspector.FormatterSourceMap.fromSourceMapData):
(WebInspector.FormatterSourceMap.fromBuilder): Deleted.
Switch to constructing with a common data objects, instead of a Builder.

* UserInterface/Main.html:
* UserInterface/Test.html:
New files and moved files.

* UserInterface/Proxies/FormatterWorkerProxy.js: Added.
(WebInspector.FormatterWorkerProxy):
(WebInspector.FormatterWorkerProxy.singleton):
(WebInspector.FormatterWorkerProxy.canFormat):
(WebInspector.FormatterWorkerProxy.prototype.formatJavaScript):
(WebInspector.FormatterWorkerProxy.prototype.performAction):
(WebInspector.FormatterWorkerProxy.prototype._postMessage):
(WebInspector.FormatterWorkerProxy.prototype._handleMessage):
Main world object which provides a static formatJavaScript action.

* UserInterface/Views/CSSStyleDeclarationTextEditor.js:
(WebInspector.CSSStyleDeclarationTextEditor.prototype._formattedContentFromEditor):
* UserInterface/Views/TextEditor.js:
(WebInspector.TextEditor.prototype.prettyPrint.prettyPrintAndUpdateEditor):
(WebInspector.TextEditor.prototype.prettyPrint):
* UserInterface/Workers/Formatter/FormatterContentBuilder.js: Renamed from Source/WebInspectorUI/UserInterface/Controllers/FormatterContentBuilder.js.
(FormatterContentBuilder):
Simplify construction of a Builder. The constructor objects were always
the same and often unnecessary. Also move out of the WebInspector
namespace signifying it can be used within a Worker.

(FormatterContentBuilder.prototype.get originalContent): Deleted.
(FormatterContentBuilder.prototype.get formattedContent): Deleted.
(FormatterContentBuilder.prototype.get sourceMapData): Added.
Simplify getting all the data needed for SourceMaps.

(FormatterContentBuilder.prototype.setOriginalLineEndings):
A client may wish to pre-fill line endings instead of filling
while building.

(FormatterContentBuilder.prototype.appendNewline):
Auto-clear trailing whitespace on the previous line.

* UserInterface/Workers/Formatter/ESTreeWalker.js: Added.
(ESTreeWalker):
(ESTreeWalker.prototype.walk):
(ESTreeWalker.prototype._walk):
(ESTreeWalker.prototype._walkArray):
(ESTreeWalker.prototype._walkChildren):
Walk AST nodes in an ESTree format. Due to the spec's incompleteness
this is essentially Esprima's ESTree.

* UserInterface/Workers/Formatter/EsprimaFormatter.js: Added.
(EsprimaFormatter):
(EsprimaFormatter.isWhitespace):
(EsprimaFormatter.prototype.get formattedText):
(EsprimaFormatter.prototype.get sourceMapData):
(EsprimaFormatter.prototype._insertNewlinesBeforeToken):
(EsprimaFormatter.prototype._insertComment):
(EsprimaFormatter.prototype._insertSameLineTrailingComments):
(EsprimaFormatter.prototype._insertCommentsAndNewlines):
(EsprimaFormatter.prototype._before):
(EsprimaFormatter.prototype._after):
(EsprimaFormatter.prototype._isInForHeader):
(EsprimaFormatter.prototype._isRangeWhitespace):
(EsprimaFormatter.prototype._handleTokenAtNode):
(EsprimaFormatter.prototype._exitNode):
(EsprimaFormatter.prototype._afterProgram):
Pretty print source text.

* UserInterface/Workers/Formatter/FormatterUtilities.js: Added.
(Array.prototype.lastValue):
(String.prototype.lineEndings):
(isECMAScriptWhitespace):
(isECMAScriptLineTerminator):
Helpers used by the classes in the Worker code.

* UserInterface/Workers/Formatter/FormatterWorker.js: Added.
(FormatterWorker):
(FormatterWorker.prototype.formatJavaScript):
(FormatterWorker.prototype._handleMessage):
Handle the formatJavaScript action.

LayoutTests:

Expand the JavaScript formatting tests.

* inspector/codemirror/resources/prettyprinting/javascript-tests/single-statement-blocks-expected.js:
Update output now that the builder removes extra trailing whitespace automatically.

* inspector/codemirror/resources/prettyprinting/utilities.js:
Update due to simplified construction.

* inspector/formatting/formatting-javascript-expected.txt: Added.
* inspector/formatting/formatting-javascript.html: Added.
* inspector/formatting/resources/javascript-tests/arrow-functions-expected.js: Added.
* inspector/formatting/resources/javascript-tests/arrow-functions.js: Added.
* inspector/formatting/resources/javascript-tests/classes-expected.js: Added.
* inspector/formatting/resources/javascript-tests/classes.js: Added.
* inspector/formatting/resources/javascript-tests/comments-and-preserve-newlines-expected.js: Added.
* inspector/formatting/resources/javascript-tests/comments-and-preserve-newlines.js: Added.
* inspector/formatting/resources/javascript-tests/comments-only-expected.js: Added.
* inspector/formatting/resources/javascript-tests/comments-only.js: Added.
* inspector/formatting/resources/javascript-tests/do-while-statement-expected.js: Added.
* inspector/formatting/resources/javascript-tests/do-while-statement.js: Added.
* inspector/formatting/resources/javascript-tests/for-statements-expected.js: Added.
* inspector/formatting/resources/javascript-tests/for-statements.js: Added.
* inspector/formatting/resources/javascript-tests/functions-expected.js: Added.
* inspector/formatting/resources/javascript-tests/functions.js: Added.
* inspector/formatting/resources/javascript-tests/generators-expected.js: Added.
* inspector/formatting/resources/javascript-tests/generators.js: Added.
* inspector/formatting/resources/javascript-tests/if-statement-expected.js: Added.
* inspector/formatting/resources/javascript-tests/if-statement.js: Added.
* inspector/formatting/resources/javascript-tests/label-break-continue-block-expected.js: Added.
* inspector/formatting/resources/javascript-tests/label-break-continue-block.js: Added.
* inspector/formatting/resources/javascript-tests/logic-expressions-expected.js: Added.
* inspector/formatting/resources/javascript-tests/logic-expressions.js: Added.
* inspector/formatting/resources/javascript-tests/new-expression-expected.js: Added.
* inspector/formatting/resources/javascript-tests/new-expression.js: Added.
* inspector/formatting/resources/javascript-tests/object-array-literal-expected.js: Added.
* inspector/formatting/resources/javascript-tests/object-array-literal.js: Added.
* inspector/formatting/resources/javascript-tests/return-statement-expected.js: Added.
* inspector/formatting/resources/javascript-tests/return-statement.js: Added.
* inspector/formatting/resources/javascript-tests/sample-jquery-expected.js: Added.
* inspector/formatting/resources/javascript-tests/sample-jquery.js: Added.
* inspector/formatting/resources/javascript-tests/sample-normal-utilities-expected.js: Added.
* inspector/formatting/resources/javascript-tests/sample-normal-utilities.js: Added.
* inspector/formatting/resources/javascript-tests/sample-webinspector-object-expected.js: Added.
* inspector/formatting/resources/javascript-tests/sample-webinspector-object.js: Added.
* inspector/formatting/resources/javascript-tests/switch-case-default-expected.js: Added.
* inspector/formatting/resources/javascript-tests/switch-case-default.js: Added.
* inspector/formatting/resources/javascript-tests/ternary-expressions-expected.js: Added.
* inspector/formatting/resources/javascript-tests/ternary-expressions.js: Added.
* inspector/formatting/resources/javascript-tests/throw-statement-expected.js: Added.
* inspector/formatting/resources/javascript-tests/throw-statement.js: Added.
* inspector/formatting/resources/javascript-tests/try-catch-finally-statements-expected.js: Added.
* inspector/formatting/resources/javascript-tests/try-catch-finally-statements.js: Added.
* inspector/formatting/resources/javascript-tests/unary-binary-expressions-expected.js: Added.
* inspector/formatting/resources/javascript-tests/unary-binary-expressions.js: Added.
* inspector/formatting/resources/javascript-tests/variable-declaration-expected.js: Added.
* inspector/formatting/resources/javascript-tests/variable-declaration.js: Added.
* inspector/formatting/resources/javascript-tests/while-statement-expected.js: Added.
* inspector/formatting/resources/javascript-tests/while-statement.js: Added.
* inspector/formatting/resources/javascript-tests/with-statement-expected.js: Added.
* inspector/formatting/resources/javascript-tests/with-statement.js: Added.
* inspector/formatting/resources/utilities.js: Added.
Expanded test coverage for the new formatter.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199168 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCookieJar should support adding synthetic cookies for developer tools
bburg@apple.com [Thu, 7 Apr 2016 19:00:53 +0000 (19:00 +0000)]
CookieJar should support adding synthetic cookies for developer tools
https://bugs.webkit.org/show_bug.cgi?id=156091
<rdar://problem/25581340>

Reviewed by Timothy Hatcher.

Source/WebCore:

This patch adds an API that can set an arbitrary cookie in cookie storage
in order to support developer tools and automated testing. It delegates storing
the cookie to a platform implementation.

No new tests because the code isn't used by any clients yet.

* loader/CookieJar.cpp:
(WebCore::addCookie): Added.
* loader/CookieJar.h:

* platform/Cookie.h:
Remove an outdated comment. This struct is used in many places.

* platform/CookiesStrategy.h: Add new method.
* platform/network/PlatformCookieJar.h: Add new method.
* platform/network/cf/CookieJarCFNet.cpp:
(WebCore::addCookie): Add a stub.
* platform/network/curl/CookieJarCurl.cpp:
(WebCore::addCookie): Add a stub.
* platform/network/mac/CookieJarMac.mm:
(WebCore::addCookie): Add an implementation that turns the WebCore::Cookie into
an NSHTTPCookie and converts it again to CFHTTPCookie if necessary.

* platform/network/soup/CookieJarSoup.cpp:
(WebCore::addCookie): Add a stub.

* platform/spi/cf/CFNetworkSPI.h:
Add -[NSHTTPCookie _CFHTTPCookie] SPI.

Source/WebKit/mac:

* WebCoreSupport/WebPlatformStrategies.h:
* WebCoreSupport/WebPlatformStrategies.mm:
(WebPlatformStrategies::addCookie):
Add new method override.

Source/WebKit/win:

* WebCoreSupport/WebPlatformStrategies.h:
* WebCoreSupport/WebPlatformStrategies.cpp:
Add new method override.

Source/WebKit2:

Plumb the new method through the strategy and out to the network process.

* NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::addCookie):
* NetworkProcess/NetworkConnectionToWebProcess.h:
* NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
(WebKit::WebPlatformStrategies::addCookie):
* WebProcess/WebCoreSupport/WebPlatformStrategies.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199167 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRationalize the makeSpaceForCCall stuff
fpizlo@apple.com [Thu, 7 Apr 2016 18:38:15 +0000 (18:38 +0000)]
Rationalize the makeSpaceForCCall stuff
https://bugs.webkit.org/show_bug.cgi?id=156352

Reviewed by Mark Lam.

I want to add more code to PolymorphicAccess that makes C calls, so that I can finally fix
https://bugs.webkit.org/show_bug.cgi?id=130914 (allow transition caches to handle indexing
headers).

When trying to understand what it takes to make a C call, I came across code that was making
room on the stack for spilled arguments. This logic was guarded with some complicated
condition. At first, I tried to just refactor the code so that the same ugly condition
wouldn't have to be copy-pasted everywhere that we made C calls. But then I started thinking
about the condition, and realized that it was probably wrong: if the outer PolymorphicAccess
harness decides to reuse a register for the scratchGPR then the top of the stack will store
the old value of scratchGPR, but the condition wouldn't necessarily trigger. So if the call
then overwrote something on the stack, we'd have a bad time.

Making room on the stack for a call is a cheap operation. It's orders of magnitude cheaper
than the rest of the call. Therefore, I think that it's best to just unconditionally make
room on the stack.

This patch makes us do just that. I also made the relevant helpers not inline, because I
think that we have too many inline methods in our assemblers. Now it's much easier to make
C calls from PolymorphicAccess because you just call the AssemblyHelper methods for making
space. There are no special conditions or anything like that.

* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::generate):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitLoadStructure):
(JSC::AssemblyHelpers::makeSpaceOnStackForCCall):
(JSC::AssemblyHelpers::reclaimSpaceOnStackForCCall):
(JSC::emitRandomThunkImpl):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::makeSpaceOnStackForCCall): Deleted.
(JSC::AssemblyHelpers::reclaimSpaceOnStackForCCall): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199166 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking storage/indexeddb/modern/autoincrement-abort-private.html as flaky on Macs
jiewen_tan@apple.com [Thu, 7 Apr 2016 18:22:03 +0000 (18:22 +0000)]
Marking storage/indexeddb/modern/autoincrement-abort-private.html as flaky on Macs
https://bugs.webkit.org/show_bug.cgi?id=156351

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199165 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r199128 and r199141.
commit-queue@webkit.org [Thu, 7 Apr 2016 18:06:42 +0000 (18:06 +0000)]
Unreviewed, rolling out r199128 and r199141.
https://bugs.webkit.org/show_bug.cgi?id=156348

Causes crashes on multiple webpages (Requested by keith_mi_ on
#webkit).

Reverted changesets:

"[ES6] Add support for Symbol.isConcatSpreadable."
https://bugs.webkit.org/show_bug.cgi?id=155351
http://trac.webkit.org/changeset/199128

"Unreviewed, uncomment accidentally commented line in test."
http://trac.webkit.org/changeset/199141

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199164 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSP: Should only honor CSP policy delivered in meta tag that is a descendent of ...
dbates@webkit.org [Thu, 7 Apr 2016 18:03:04 +0000 (18:03 +0000)]
CSP: Should only honor CSP policy delivered in meta tag that is a descendent of <head>
https://bugs.webkit.org/show_bug.cgi?id=59858
<rdar://problem/25603538>

Reviewed by Brent Fulgham.

Source/WebCore:

Ignore the Content Security Policy meta tag if it is not a descendent of <head> as per
section HTML meta Element of the Content Security Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/>
(Editor's Draft, 29 August 2015).

Tests: http/tests/security/contentSecurityPolicy/meta-tag-ignored-if-not-in-head.html
       http/tests/security/contentSecurityPolicy/meta-tag-ignored-if-not-in-head2.html
       http/tests/security/contentSecurityPolicy/report-only-meta-tag-ignored-if-not-in-head.html
       http/tests/security/contentSecurityPolicy/report-only-meta-tag-ignored-if-not-in-head2.html

* dom/Document.cpp:
(WebCore::Document::processHttpEquiv): Modified to take a boolean argument whether the http-equiv
meta tag is a descendent of <head> and to parse the value of a Content Security Policy http-equiv
only if the http-equiv meta tag is a descendent of <head>.
* dom/Document.h: Add parameter isInDocument to processHttpEquiv(). Remove javadoc-style parameters
from processHttpEquiv() comment as we do not document parameters for non-API functions using such style.
Also write the comment for processHttpEquiv() using C++ style comments instead of a C-style comment.
* html/HTMLMetaElement.cpp:
(WebCore::HTMLMetaElement::process): Pass whether this element is a descendent of <head>. Additionally
update stale comment and move it closer to the code it refers to.

LayoutTests:

Add tests to ensure that we ignore the meta tags for Content-Security-Policy, Content-Security-Policy-Report-Only,
X-WebKit-CSP, and X-WebKit-CSP-Report-Only if it is not a descendent of <head>.

* http/tests/security/contentSecurityPolicy/meta-tag-ignored-if-not-in-head-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/meta-tag-ignored-if-not-in-head.html: Added.
* http/tests/security/contentSecurityPolicy/meta-tag-ignored-if-not-in-head2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/meta-tag-ignored-if-not-in-head2.html: Added.
* http/tests/security/contentSecurityPolicy/report-only-meta-tag-ignored-if-not-in-head-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/report-only-meta-tag-ignored-if-not-in-head.html: Added.
* http/tests/security/contentSecurityPolicy/report-only-meta-tag-ignored-if-not-in-head2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/report-only-meta-tag-ignored-if-not-in-head2.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199163 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRationalize the handling of PutById transitions a bit
fpizlo@apple.com [Thu, 7 Apr 2016 17:59:24 +0000 (17:59 +0000)]
Rationalize the handling of PutById transitions a bit
https://bugs.webkit.org/show_bug.cgi?id=156330

Reviewed by Mark Lam.

* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::generate): Get rid of the specialized slow calls. We can just use the failAndIgnore jump target. We just need to make sure that we don't make observable effects until we're done with all of the fast path checks.
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::addAccessCase): MadeNoChanges indicates that we should keep trying to repatch. Currently PutById transitions might trigger the case that addAccessCase() sees null, if the transition involves an indexing header. Doing repatching in that case is probably not good. But, we should just fix this the right way eventually.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199162 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Output WebCore.pdb to the same location as WebCore.lib
bfulgham@apple.com [Thu, 7 Apr 2016 17:40:48 +0000 (17:40 +0000)]
[Win] Output WebCore.pdb to the same location as WebCore.lib
https://bugs.webkit.org/show_bug.cgi?id=156256
<rdar://problem/19416363>

Reviewed by Alex Christensen.

Add a rule to WebCore's CMake generator to tell Visual Studio to output
the PDB file for the WebCore.lib in the same location as the resulting
library, rather than in the build intermediary location).

* CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199161 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Fix for JSC stress test failures.
peavo@outlook.com [Thu, 7 Apr 2016 17:31:06 +0000 (17:31 +0000)]
[Win] Fix for JSC stress test failures.
https://bugs.webkit.org/show_bug.cgi?id=156343

Reviewed by Filip Pizlo.

We need to make it clear to MSVC that the method loadPtr(ImplicitAddress address, RegisterID dest)
should be used, and not loadPtr(const void* address, RegisterID dest).

* jit/CCallHelpers.cpp:
(JSC::CCallHelpers::setupShadowChickenPacket):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199160 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agowindow.Crypto is missing
weinig@apple.com [Thu, 7 Apr 2016 17:12:26 +0000 (17:12 +0000)]
window.Crypto is missing
<rdar://problem/25584034>
https://bugs.webkit.org/show_bug.cgi?id=156307

Reviewed by Joseph Pecoraro.

Source/WebCore:

Expose the Crypto constructor on the window object.

* page/Crypto.idl:

LayoutTests:

* js/dom/global-constructors-attributes-expected.txt:
* platform/efl/js/dom/global-constructors-attributes-expected.txt:
* platform/gtk/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
* platform/mac/js/dom/global-constructors-attributes-expected.txt:
* platform/win/js/dom/global-constructors-attributes-expected.txt:
Update for the new Crypto constructor.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199159 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[CMake][Win] Generating autoversion.h of WebKitGUID is triggered again and again
commit-queue@webkit.org [Thu, 7 Apr 2016 16:37:42 +0000 (16:37 +0000)]
[CMake][Win] Generating autoversion.h of WebKitGUID is triggered again and again
https://bugs.webkit.org/show_bug.cgi?id=156332

Patch by Fujii Hironori <Hironori.Fujii@jp.sony.com> on 2016-04-07
Reviewed by Brent Fulgham.

* PlatformWin.cmake:
Correct the output path of autoversion.h.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199158 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[CMake][Win] WEBKIT_WRAP_SOURCELIST is not applied in WebCore project
commit-queue@webkit.org [Thu, 7 Apr 2016 16:27:28 +0000 (16:27 +0000)]
[CMake][Win] WEBKIT_WRAP_SOURCELIST is not applied in WebCore project
https://bugs.webkit.org/show_bug.cgi?id=156336

Patch by Fujii Hironori <Hironori.Fujii@jp.sony.com> on 2016-04-07
Reviewed by Csaba Osztrogon√°c.

* CMakeLists.txt: Do WEBKIT_WRAP_SOURCELIST for WebCore_SOURCES.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199157 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (197987): Ingredient lists on smittenkitchen.com are full justified instea...
zalan@apple.com [Thu, 7 Apr 2016 14:55:54 +0000 (14:55 +0000)]
REGRESSION (197987): Ingredient lists on smittenkitchen.com are full justified instead of left justified.
https://bugs.webkit.org/show_bug.cgi?id=156326
<rdar://problem/25519393>

Reviewed by Antti Koivisto.

According to the spec (https://drafts.csswg.org/css-text-3/#text-align-property)
unless otherwise specified by text-align-last, the last line before
a forced break or the end of the block is start-aligned.

In this patch we check if a forced break is present and we apply text alignment accordingly.

Test: fast/css3-text/css3-text-justify/text-justify-last-line-simple-line-layout.html

Source/WebCore:

* rendering/SimpleLineLayout.cpp:
(WebCore::SimpleLineLayout::LineState::lastFragment): Make it optional so that we don't just check against a default fragment.
(WebCore::SimpleLineLayout::createLineRuns):
(WebCore::SimpleLineLayout::justifyRuns): Do not compute first run index on the current line twice.
(WebCore::SimpleLineLayout::textAlignForLine):
(WebCore::SimpleLineLayout::closeLineEndingAndAdjustRuns):

LayoutTests:

* fast/css3-text/css3-text-justify/text-justify-last-line-simple-line-layout-expected.html: Added.
* fast/css3-text/css3-text-justify/text-justify-last-line-simple-line-layout.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199156 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFrameView::qualifiesAsVisuallyNonEmpty() returns false when loading a Google search...
antti@apple.com [Thu, 7 Apr 2016 14:22:11 +0000 (14:22 +0000)]
FrameView::qualifiesAsVisuallyNonEmpty() returns false when loading a Google search results page before search results are loaded, even though the header is visible
https://bugs.webkit.org/show_bug.cgi?id=156339
<rdar://problem/24491381>

Reviewed by Andreas Kling.

Jeff's testing indicates lowering the document height threshold improves things visually during page loading.

* page/FrameView.cpp:
(WebCore::FrameView::qualifiesAsVisuallyNonEmpty):

    Lower document height threshold to from 200 to 48 pixels.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199155 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoShadow DOM: Implement display: contents for slots
antti@apple.com [Thu, 7 Apr 2016 10:29:15 +0000 (10:29 +0000)]
Shadow DOM: Implement display: contents for slots
https://bugs.webkit.org/show_bug.cgi?id=149439
<rdar://problem/22731922>

Reviewed by Ryosuke Niwa.

Source/WebCore:

This patch adds support for value 'contents' of the 'display' property for <slot> elements only. The value is ignored
for other elements for now. With this display value the element does not generate a box for itself but its descendants
generate them normally.

Slots already have implicit "display: contents". With this patch the value comes from the user agent stylesheet and can
be overriden by the author.

* css/CSSParser.cpp:
(WebCore::isValidKeywordPropertyAndValue):
* css/CSSPrimitiveValueMappings.h:
(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
* css/CSSValueKeywords.in:

    Suport parsing display: contents.

* css/StyleResolver.cpp:
(WebCore::equivalentBlockDisplay):
(WebCore::StyleResolver::adjustRenderStyle):

    Disallow for non-slots for now.

* css/html.css:
(slot):

    Add "slot { display: contents }" to the UA sheet.

* dom/Element.cpp:
(WebCore::Element::resolveStyle):
(WebCore::Element::hasDisplayContents):
(WebCore::Element::setHasDisplayContents):

    Add a rare data bit for elements with display:contents (as we don't save the RenderStyle for them).

(WebCore::Element::rendererIsNeeded):

    Don't need renderer for display:contents.

(WebCore::Element::createElementRenderer):
* dom/Element.h:
(WebCore::Element::isVisibleInViewportChanged):
* dom/ElementAndTextDescendantIterator.h:
(WebCore::ElementAndTextDescendantIterator::operator!):
(WebCore::ElementAndTextDescendantIterator::operator bool):
(WebCore::ElementAndTextDescendantIterator::ElementAndTextDescendantIterator):
(WebCore::ElementAndTextDescendantIterator::operator==):
(WebCore::ElementAndTextDescendantIterator::operator!=):

    Support initializing ElementAndTextDescendantIterator with root==current so that m_current is not nulled.
    This is needed for ComposedTreeIterator to be initialized correctly when root is a slot and the current node
    is a slotted node. The case happens in RenderTreePosition::previousSiblingRenderer when slot display is overriden
    to something else than 'contents'.

* dom/ElementRareData.h:
(WebCore::ElementRareData::hasDisplayContents):
(WebCore::ElementRareData::setHasDisplayContents):
(WebCore::ElementRareData::ElementRareData):
* rendering/RenderElement.cpp:
(WebCore::RenderElement::createFor):
* rendering/style/RenderStyleConstants.h:
* style/RenderTreePosition.cpp:
(WebCore::RenderTreePosition::nextSiblingRenderer):

    Test for dynamic display:contents.

* style/RenderTreeUpdater.cpp:
(WebCore::findRenderingRoot):
(WebCore::RenderTreeUpdater::updateRenderTree):
(WebCore::RenderTreeUpdater::updateElementRenderer):

    Test for dynamic display:contents.

* style/StyleTreeResolver.cpp:
(WebCore::Style::affectsRenderedSubtree):

    No need for special case.

(WebCore::Style::TreeResolver::resolveComposedTree):

    Test for dynamic display:contents.

LayoutTests:

* platform/mac/TestExpectations:

Enable fast/shadow-dom/css-scoping-shadow-slot-display-override.html, the test for overriding slot display value.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199154 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[css-grid] Content box incorrectly used as non-auto min-height
svillar@igalia.com [Thu, 7 Apr 2016 10:23:53 +0000 (10:23 +0000)]
[css-grid] Content box incorrectly used as non-auto min-height
https://bugs.webkit.org/show_bug.cgi?id=155946

Reviewed by Antti Koivisto.

Source/WebCore:

When computing the minimum height value of grid items with
non-auto min-height we used to return the size of the content
box meaning that borders and paddings were incorrectly
ignored.

Note that we're also ignoring margins, but as that is a
problem also for widths it'll be fixed in a follow up patch.

Test: fast/css-grid-layout/min-height-border-box.html

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::minSizeForChild):

LayoutTests:

* fast/css-grid-layout/min-height-border-box-expected.txt: Added.
* fast/css-grid-layout/min-height-border-box.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199153 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoReverting previous due to bad LayoutTest ChangeLog.
antti@apple.com [Thu, 7 Apr 2016 10:21:25 +0000 (10:21 +0000)]
Reverting previous due to bad LayoutTest ChangeLog.
LayoutTests:

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199152 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSource/WebCore:
antti@apple.com [Thu, 7 Apr 2016 10:11:39 +0000 (10:11 +0000)]
Source/WebCore:
Shadow DOM: Implement display: contents for slots
https://bugs.webkit.org/show_bug.cgi?id=149439
<rdar://problem/22731922>

Reviewed by Ryosuke Niwa.

This patch adds support for value 'contents' of the 'display' property for <slot> elements only. The value is ignored
for other elements for now. With this display value the element does not generate a box for itself but its descendants
generate them normally.

Slots already have implicit "display: contents". With this patch the value comes from the user agent stylesheet and can
be overriden by the author.

* css/CSSParser.cpp:
(WebCore::isValidKeywordPropertyAndValue):
* css/CSSPrimitiveValueMappings.h:
(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
* css/CSSValueKeywords.in:

    Suport parsing display: contents.

* css/StyleResolver.cpp:
(WebCore::equivalentBlockDisplay):
(WebCore::StyleResolver::adjustRenderStyle):

    Disallow for non-slots for now.

* css/html.css:
(slot):

    Add "slot { display: contents }" to the UA sheet.

* dom/Element.cpp:
(WebCore::Element::resolveStyle):
(WebCore::Element::hasDisplayContents):
(WebCore::Element::setHasDisplayContents):

    Add a rare data bit for elements with display:contents (as we don't save the RenderStyle for them).

(WebCore::Element::rendererIsNeeded):

    Don't need renderer for display:contents.

(WebCore::Element::createElementRenderer):
* dom/Element.h:
(WebCore::Element::isVisibleInViewportChanged):
* dom/ElementAndTextDescendantIterator.h:
(WebCore::ElementAndTextDescendantIterator::operator!):
(WebCore::ElementAndTextDescendantIterator::operator bool):
(WebCore::ElementAndTextDescendantIterator::ElementAndTextDescendantIterator):
(WebCore::ElementAndTextDescendantIterator::operator==):
(WebCore::ElementAndTextDescendantIterator::operator!=):

    Support initializing ElementAndTextDescendantIterator with root==current so that m_current is not nulled.
    This is needed for ComposedTreeIterator to be initialized correctly when root is a slot and the current node
    is a slotted node. The case happens in RenderTreePosition::previousSiblingRenderer when slot display is overriden
    to something else than 'contents'.

* dom/ElementRareData.h:
(WebCore::ElementRareData::hasDisplayContents):
(WebCore::ElementRareData::setHasDisplayContents):
(WebCore::ElementRareData::ElementRareData):
* rendering/RenderElement.cpp:
(WebCore::RenderElement::createFor):
* rendering/style/RenderStyleConstants.h:
* style/RenderTreePosition.cpp:
(WebCore::RenderTreePosition::nextSiblingRenderer):

    Test for dynamic display:contents.

* style/RenderTreeUpdater.cpp:
(WebCore::findRenderingRoot):
(WebCore::RenderTreeUpdater::updateRenderTree):
(WebCore::RenderTreeUpdater::updateElementRenderer):

    Test for dynamic display:contents.

* style/StyleTreeResolver.cpp:
(WebCore::Style::affectsRenderedSubtree):

    No need for special case.

(WebCore::Style::TreeResolver::resolveComposedTree):

    Test for dynamic display:contents.

LayoutTests:
REGRESSION (r188591): thingiverse.com direct messaging UI is not rendered properly
https://bugs.webkit.org/show_bug.cgi?id=156241
<rdar://problem/25262213>

Patch by Myles C. Maxfield <mmaxfield@apple.com> on 2016-04-06
Reviewed by Simon Fraser.

* fast/text/zero-sized-fonts-expected.txt: Added.
* fast/text/zero-sized-fonts.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199151 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r188591): thingiverse.com direct messaging UI is not rendered properly
mmaxfield@apple.com [Thu, 7 Apr 2016 05:19:52 +0000 (05:19 +0000)]
REGRESSION (r188591): thingiverse.com direct messaging UI is not rendered properly
https://bugs.webkit.org/show_bug.cgi?id=156241
<rdar://problem/25262213>

Reviewed by Simon Fraser.

Source/WebCore:

When creating a CoreText font with a size of 0, the CoreText docs say that it will
interpret this as a missing argument, and create a font of size 12 instead. However,
this doesn't cause a problem (at least on this particular website) because we will
use CGFontGetGlyphAdvancesForStyle(), which gets scaled by the supplied font
size (which is 0). However, if you turn on text-rendering: optimizeLegibility, we
will use CTFontGetAdvancesForGlyphs() instead, which does not scale by the font size.
The solution is to detect this case, and force the advance to 0.

Test: fast/text/zero-sized-fonts.html

* platform/graphics/cocoa/FontCocoa.mm:
(WebCore::Font::platformWidthForGlyph):

LayoutTests:

* fast/text/zero-sized-fonts-expected.txt: Added.
* fast/text/zero-sized-fonts.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199150 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRename MidpointState to WhitespaceCollapsingState
mmaxfield@apple.com [Thu, 7 Apr 2016 04:59:55 +0000 (04:59 +0000)]
Rename MidpointState to WhitespaceCollapsingState
https://bugs.webkit.org/show_bug.cgi?id=156304

Reviewed by David Hyatt.

MidpointState has nothing to do with midpoints.

An individual midpoint is now known as a "whitespace collapsing transition."

No new tests because there is no behavior change.

* platform/text/BidiResolver.h:
(WebCore::WhitespaceCollapsingState::reset): (See addMidpoint() below.)
Previously, we were using operator= to destroy old Iterators when their
storage inside the Vector was reused. Now that we are elliminating
m_numMidpoints, we can push destruction earlier to this reset() function.
Because the same amount of destruction happens in both cases, this doesn't
add additional work. (Vector can destroy its contents without shrinking
its storage overcommitment.)
(WebCore::WhitespaceCollapsingState::startIgnoringSpaces):
(WebCore::WhitespaceCollapsingState::stopIgnoringSpaces):
(WebCore::WhitespaceCollapsingState::ensureLineBoxInsideIgnoredSpaces):
(WebCore::WhitespaceCollapsingState::decrementTransitionAt):
(WebCore::WhitespaceCollapsingState::thresholds): Make the return value
const. The only clients of this function which needed mutation were
migrated to using decrementTransitionAt().
(WebCore::WhitespaceCollapsingState::numTransitions):
(WebCore::WhitespaceCollapsingState::currentTransition):
(WebCore::WhitespaceCollapsingState::setCurrentTransition):
(WebCore::WhitespaceCollapsingState::incrementCurrentTransition):
(WebCore::WhitespaceCollapsingState::decrementNumTransitions):
(WebCore::WhitespaceCollapsingState::betweenTransitions):
(WebCore::BidiResolverBase::whitespaceCollapsingState):
(WebCore::Subclass>::setWhitespaceCollapsingTransitionForIsolatedRun):
(WebCore::Subclass>::whitespaceCollapsingTransitionForIsolatedRun):
(WebCore::MidpointState::MidpointState): Deleted.
(WebCore::MidpointState::reset): Deleted.
(WebCore::MidpointState::startIgnoringSpaces): Deleted.
(WebCore::MidpointState::stopIgnoringSpaces): Deleted.
(WebCore::MidpointState::ensureLineBoxInsideIgnoredSpaces): Deleted.
(WebCore::MidpointState::midpoints): Deleted.
(WebCore::MidpointState::numMidpoints): Deleted.
(WebCore::MidpointState::currentMidpoint): Deleted.
(WebCore::MidpointState::setCurrentMidpoint): Deleted.
(WebCore::MidpointState::incrementCurrentMidpoint): Deleted.
(WebCore::MidpointState::decrementNumMidpoints): Deleted.
(WebCore::MidpointState::betweenMidpoints): Deleted.
(WebCore::MidpointState::addMidpoint): Deleted. This code has been around for 13
years (since r3672) where it was using QMemArray. That class doesn't have an
append() class, so it was implemented inside this function. Luckily, Vector
already overcommits its allocation, so we can elliminate m_numMidpoints entirely.
(WebCore::BidiResolverBase::midpointState): Deleted.
(WebCore::Subclass>::setMidpointForIsolatedRun): Deleted.
(WebCore::Subclass>::midpointForIsolatedRun): Deleted.
* rendering/InlineIterator.h:
(WebCore::addPlaceholderRunForIsolatedInline):
* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlockFlow::appendRunsForObject):
(WebCore::setUpResolverToResumeInIsolate):
(WebCore::constructBidiRunsForSegment):
(WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
* rendering/line/BreakingContext.h:
(WebCore::BreakingContext::BreakingContext):
(WebCore::BreakingContext::handleBR):
(WebCore::BreakingContext::handleOutOfFlowPositioned):
(WebCore::shouldSkipWhitespaceAfterStartObject):
(WebCore::BreakingContext::handleEmptyInline):
(WebCore::BreakingContext::handleReplaced):
(WebCore::ensureCharacterGetsLineBox):
(WebCore::BreakingContext::handleText):
(WebCore::checkWhitespaceCollapsingTransitions):
(WebCore::BreakingContext::handleEndOfLine):
(WebCore::checkMidpoints): Deleted.
* rendering/line/TrailingObjects.cpp:
(WebCore::TrailingObjects::updateWhitespaceCollapsingTransitionsForTrailingBoxes):
(WebCore::TrailingObjects::updateMidpointsForTrailingBoxes): Deleted.
* rendering/line/TrailingObjects.h:
(WebCore::TrailingObjects::appendBoxIfNeeded):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199149 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] UInt32ToNumber should be NodeMustGenerate
commit-queue@webkit.org [Thu, 7 Apr 2016 04:33:32 +0000 (04:33 +0000)]
[JSC] UInt32ToNumber should be NodeMustGenerate
https://bugs.webkit.org/show_bug.cgi?id=156329

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-04-06
Reviewed by Filip Pizlo.

It exits on negative numbers on the integer path.

* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199148 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, Update my primary email address and expertise.
changseok@webkit.org [Thu, 7 Apr 2016 04:11:55 +0000 (04:11 +0000)]
Unreviewed, Update my primary email address and expertise.

* Scripts/webkitpy/common/config/contributors.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199147 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate the Animometer patch and plan files
jonlee@apple.com [Thu, 7 Apr 2016 03:57:01 +0000 (03:57 +0000)]
Update the Animometer patch and plan files
https://bugs.webkit.org/show_bug.cgi?id=156263

Reviewed by Ryosuke Niwa.

Measure the latest set of tests by updating the plan revision to r199134.

* Scripts/webkitpy/benchmark_runner/data/patches/Animometer.patch: Update to run the master suite only.
* Scripts/webkitpy/benchmark_runner/data/plans/animometer.plan: Update to use the release page instead
of the developer page.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199146 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago2016-04-04 Geoffrey Garen <ggaren@apple.com>
ggaren@apple.com [Thu, 7 Apr 2016 03:33:08 +0000 (03:33 +0000)]
2016-04-04  Geoffrey Garen  <ggaren@apple.com>

        Unreviewed, rolling out r199016.
        https://bugs.webkit.org/show_bug.cgi?id=156140

        "Perf bots are down, so I can't re-land this right now."

        Reverted changeset:

        CopiedBlock should be 16kB
        https://bugs.webkit.org/show_bug.cgi?id=156168
        http://trac.webkit.org/changeset/199016

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199145 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoString.prototype.match() should be calling internal function RegExpCreate.
mark.lam@apple.com [Thu, 7 Apr 2016 03:17:58 +0000 (03:17 +0000)]
String.prototype.match() should be calling internal function RegExpCreate.
https://bugs.webkit.org/show_bug.cgi?id=156318

Reviewed by Filip Pizlo.

RegExpCreate is not the same as the RegExp constructor.  The current implementation
invokes new @RegExp which calls the constructor.  This results in failures in
es6/Proxy_internal_get_calls_String.prototype.match.js, and
es6/Proxy_internal_get_calls_String.prototype.search.js due to observable side
effects.

This patch fixes this by factoring out the part of the RegExp constructor that
makes the RegExpCreate function, and changing String's match and search to call
RegExpCreate instead in accordance with the ES6 spec.

* builtins/StringPrototype.js:
(match):
(search):
* runtime/CommonIdentifiers.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/RegExpConstructor.cpp:
(JSC::toFlags):
(JSC::regExpCreate):
(JSC::constructRegExp):
(JSC::esSpecRegExpCreate):
(JSC::constructWithRegExpConstructor):
* runtime/RegExpConstructor.h:
(JSC::isRegExp):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199144 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Improve filtering in OpenResourceDialog
mattbaker@apple.com [Thu, 7 Apr 2016 02:09:07 +0000 (02:09 +0000)]
Web Inspector: Improve filtering in OpenResourceDialog
https://bugs.webkit.org/show_bug.cgi?id=155324
<rdar://problem/25094504>

Source/WebInspectorUI:

Reviewed by Joseph Pecoraro and Timothy Hatcher.

* UserInterface/Base/Utilities.js:
(value):
Added String methods isLowerCase, isUpperCase, removeWhitespace.

* UserInterface/Controllers/ResourceQueryController.js: Added.
(WebInspector.ResourceQueryController):
(WebInspector.ResourceQueryController.prototype.addResource):
(WebInspector.ResourceQueryController.prototype.removeResource):
Add and remove the resources to be queried.

(WebInspector.ResourceQueryController.prototype.reset):
Reset controller state. Current just clears resources.

(WebInspector.ResourceQueryController.prototype.executeQuery):
Executes a query against the list of resources and returns a list of
QueryResult objects, with at most one result per resource, ordered by
descending rank.

The query string is stripped of whitespace characters and lowercased
before use. Prior to running the query, resources undergo a one-time
pre-processing step to locate special characters.

(WebInspector.ResourceQueryController.prototype._findQueryMatches.pushMatch):
(WebInspector.ResourceQueryController.prototype._findQueryMatches.matchNextSpecialCharacter):
(WebInspector.ResourceQueryController.prototype._findQueryMatches.backtrack):
(WebInspector.ResourceQueryController.prototype._findQueryMatches):
Returns a list of query matches for a single resource, along with metadata
which is used to rank the matches. The algorithm attempts to match the
entire query, first comparing each query character against "special" characters
in the resource (commonly used filename separators, the first character,
and camel-case word boundaries).

If there are remaining query characters after exhausting special characters,
regular characters are matched starting from the last matched special
character. Failing that, the algorithm attempts to find a match by backtracking.
To backtrack, the last match is discarded and the query position decremented.
If a special match is now the last match, matching starts again from the
next character in the filename after the match. If a normal match is now
the last match, keep discarding until a special match is found or no matches
remain. The query fails if no matches remain. For example, consider:

   Query: "abcd"
   Filename: "AxBcdCx"

The capital A, B, and C are all special characters, and are successfully
matched with the first three query characters. Having exhausted the special
characters the "d" at the end of the query is compared with the "x" at
the end of the filename, and fails to match. Backtracking then kicks in.
The last match, "C", is discarded and the search position in the query
decremented. The search resumes after the next to last match, "B", and now
matches the non-special characters "cd", yielding the following: "A Bcd  ".

(WebInspector.ResourceQueryController.prototype._findSpecialCharacterIndices):
Pre-processing step for resources. Locates the positions of special
characters in the resource filename. Special characters are defined as:

   1. The first character
   2. Common filename separators, and the character immediately following.
   3. A capital letter that follows a lowercase character.

* UserInterface/Models/ResourceQueryMatch.js: Added.
Helper class used internally by the controller and QueryResult classes.
(WebInspector.ResourceQueryMatch):
(WebInspector.ResourceQueryMatch.prototype.get type):
(WebInspector.ResourceQueryMatch.prototype.get index):
(WebInspector.ResourceQueryMatch.prototype.get queryIndex):

* UserInterface/Models/ResourceQueryResult.js: Added.
Holds a resource that matched the executed query.
(WebInspector.ResourceQueryResult):
(WebInspector.ResourceQueryResult.prototype.get resource):
(WebInspector.ResourceQueryResult.prototype.get rank):
Ranking relative to other results returned by the query. Used by
the ResourceQueryController to sort results.

(WebInspector.ResourceQueryResult.prototype.get matchingTextRanges):
Get TextRanges for matching substrings in the resource display name.

(WebInspector.ResourceQueryResult.prototype._calculateRank):
Calculate the rank of the result. Matches are scored based on the type
of match (Special vs. Normal), the location of the match within the filename
(matches closer to the beginning are scored higher), and whether the match
is adjacent to the previous match.

Values assigned to each ranking criteria are somewhat arbitrary, and may
be fine-tuned over time to produce better results.

(WebInspector.ResourceQueryResult.prototype._createMatchingTextRanges):
(WebInspector.ResourceQueryResult.prototype.__test_createMatchesMask):
Test API for visualizing matches. For a result returned from the query
"abce", run against a filename "abcde", the mask is "a c e".

* UserInterface/Main.html:
* UserInterface/Test.html:
New files.

* UserInterface/Views/Dialog.js:
(WebInspector.Dialog.prototype.dismiss):
(WebInspector.Dialog.prototype.didDismissDialog):
Add hook for subclasses to perform actions after on dialog dismissal.

* UserInterface/Views/OpenResourceDialog.js:
(WebInspector.OpenResourceDialog):
(WebInspector.OpenResourceDialog.prototype._populateResourceTreeOutline.createHighlightedTitleFragment):
(WebInspector.OpenResourceDialog.prototype._populateResourceTreeOutline):
Add tree elements for each QueryResult returned by the last query, creating
titles with contiguous matching query characters wrapped in highlight spans.

(WebInspector.OpenResourceDialog.prototype.didDismissDialog):
Clear resources from the ResourceQueryController.
(WebInspector.OpenResourceDialog.prototype.didPresentDialog):
Add resources to the ResourceQueryController.
(WebInspector.OpenResourceDialog.prototype._updateFilter):
Execute the filter text as a resource query.

* UserInterface/Views/TreeOutline.css:
(.tree-outline.large .item .titles): Deleted.
Line height too small, hid the bottom border of highlighted matches in
tree element title spans. Removing the style had no negative visual impact
on the Quick Open or Timelines tree outlines (the only "large" trees).

LayoutTests:

Reviewed by Joseph Pecoraro.

Add test coverage for ResourceQueryController.

* inspector/unit-tests/resource-query-controller-expected.txt: Added.
* inspector/unit-tests/resource-query-controller.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199143 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove duplicated parsePortFromStringPosition()
gyuyoung.kim@webkit.org [Thu, 7 Apr 2016 02:07:26 +0000 (02:07 +0000)]
Remove duplicated parsePortFromStringPosition()
https://bugs.webkit.org/show_bug.cgi?id=156289

Reviewed by Simon Fraser.

Same parsePortFromStringPosition() functions have been defined in both URLUtils.h and HTMLAnchorElement.cpp.
Remove duplicated one in HTMLAnchorElement.cpp.

No new tests, no behavior change.

* html/HTMLAnchorElement.cpp:
(WebCore::parsePortFromStringPosition): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199142 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, uncomment accidentally commented line in test.
keith_miller@apple.com [Thu, 7 Apr 2016 02:05:22 +0000 (02:05 +0000)]
Unreviewed, uncomment accidentally commented line in test.

* tests/stress/array-concat-spread-object.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199141 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoJSC should have a simple way of gathering IC statistics
fpizlo@apple.com [Thu, 7 Apr 2016 02:02:47 +0000 (02:02 +0000)]
JSC should have a simple way of gathering IC statistics
https://bugs.webkit.org/show_bug.cgi?id=156317

Reviewed by Benjamin Poulain.
Source/JavaScriptCore:

This adds a cheap, runtime-enabled way of gathering statistics about why we take the slow
paths for inline caches. This is complementary to our existing bytecode profiler. Eventually
we may want to combine the two things.

This is not a slow-down on anything because we only do extra work on IC slow paths and if
it's disabled it's just a load-and-branch to skip the stats gathering code.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* jit/ICStats.cpp: Added.
* jit/ICStats.h: Added.
* jit/JITOperations.cpp:
* runtime/JSCJSValue.h:
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::inherits):
(JSC::JSValue::classInfoOrNull):
(JSC::JSValue::toThis):
* runtime/Options.h:

Source/WTF:

Make it easier to do relative sleeping on a condition. Previously you could do this using
std::chrono. I now believe that std::chrono is just a bad decision, and I always want to
use doubles instead. This makes it easier to do the right thing and use doubles.

* wtf/Condition.h:
(WTF::ConditionBase::waitUntilMonotonicClockSeconds):
(WTF::ConditionBase::waitForSeconds):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199140 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoVersioning.
bshafiei@apple.com [Thu, 7 Apr 2016 01:56:03 +0000 (01:56 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199137 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agojsc-layout-tests.yaml/js/script-tests/regress-141098.js failing on Yosemite Debug...
sbarati@apple.com [Thu, 7 Apr 2016 01:50:09 +0000 (01:50 +0000)]
jsc-layout-tests.yaml/js/script-tests/regress-141098.js failing on Yosemite Debug after r198989
https://bugs.webkit.org/show_bug.cgi?id=156187

Reviewed by Keith Miller.

Tools:

* Scripts/run-jsc-stress-tests:

LayoutTests:

* js/script-tests/regress-141098.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199135 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate master benchmark with SVG test
jonlee@apple.com [Thu, 7 Apr 2016 01:47:53 +0000 (01:47 +0000)]
Update master benchmark with SVG test
https://bugs.webkit.org/show_bug.cgi?id=156273

Reviewed by Dean Jackson.
Provisionally reviewed by Said Abou-Hallawa.

Switch masks tests for SVG path test.

* Animometer/resources/debug-runner/tests.js: Move mask test here.
* Animometer/resources/runner/tests.js: Add SVG test here.
* Animometer/tests/dom/particles.html: Renamed from PerformanceTests/Animometer/tests/master/particles.html.
* Animometer/tests/dom/resources/dom-particles.js: Renamed from PerformanceTests/Animometer/tests/master/resources/dom-particles.js.

* Animometer/tests/master/resources/particles.js: Add minPosition for bounds checking. Prevents particle from being
partially obscured.
* Animometer/tests/master/resources/svg-particles.js: Added.
(Particle): The particle is either a path object or a rect using a path as a clip. The
same path is used either way. For each particle create a linear gradient with a random
rotation.
(SVGParticlesStage): Look in #shapes to see how many different kinds of paths are available.
This makes the test more generic in case other shapes need to be tested.
* Animometer/tests/master/svg-particles.html: Added. Have two defs, one that houses each
particle's gradient, and one that holds the shape templates.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199134 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix Windows build by converting clampToInteger() into a template that only
simon.fraser@apple.com [Thu, 7 Apr 2016 01:46:53 +0000 (01:46 +0000)]
Fix Windows build by converting clampToInteger() into a template that only
takes integral types.

* wtf/MathExtras.h:
(clampToInteger):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199133 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago32-bit JSC stress/multi-put-by-offset-multiple-transitions.js failing
fpizlo@apple.com [Thu, 7 Apr 2016 01:44:23 +0000 (01:44 +0000)]
32-bit JSC stress/multi-put-by-offset-multiple-transitions.js failing
https://bugs.webkit.org/show_bug.cgi?id=156292

Reviewed by Benjamin Poulain.

Make sure that we stash the callsite index before calling operationReallocateStorageAndFinishPut.

* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::generate):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199132 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Belatedly rebaseline several test expectations after r196244
mcatanzaro@igalia.com [Thu, 7 Apr 2016 01:42:13 +0000 (01:42 +0000)]
[GTK] Belatedly rebaseline several test expectations after r196244

Unreviewed

* platform/gtk/css3/unicode-bidi-isolate-basic-expected.txt:
* platform/gtk/fast/block/positioning/auto/vertical-rl/007-expected.txt:
* platform/gtk/fast/block/positioning/vertical-rl/fixed-positioning-expected.txt:
* platform/gtk/fast/borders/border-antialiasing-expected.txt:
* platform/gtk/fast/clip/001-expected.txt:
* platform/gtk/fast/clip/013-expected.txt:
* platform/gtk/fast/clip/014-expected.txt:
* platform/gtk/fast/clip/016-expected.txt:
* platform/gtk/fast/clip/outline-overflowClip-expected.txt:
* platform/gtk/fast/css/clip-zooming-expected.txt:
* platform/gtk/fast/forms/validation-message-appearance-expected.txt:
* platform/gtk/fast/line-grid/line-grid-inside-columns-expected.txt:
* platform/gtk/fast/line-grid/line-grid-into-columns-expected.txt:
* platform/gtk/fast/lists/scrolled-marker-paint-expected.txt:
* platform/gtk/fast/multicol/client-rects-expected.txt:
* platform/gtk/fast/multicol/column-break-with-balancing-expected.txt:
* platform/gtk/fast/multicol/column-rules-expected.txt:
* platform/gtk/fast/multicol/column-rules-stacking-expected.txt:
* platform/gtk/fast/multicol/columns-shorthand-parsing-expected.txt:
* platform/gtk/fast/multicol/float-paginate-complex-expected.txt:
* platform/gtk/fast/multicol/float-paginate-empty-lines-expected.txt:
* platform/gtk/fast/multicol/float-paginate-expected.txt:
* platform/gtk/fast/multicol/layers-in-multicol-expected.txt:
* platform/gtk/fast/multicol/layers-split-across-columns-expected.txt:
* platform/gtk/fast/multicol/max-height-columns-block-expected.txt:
* platform/gtk/fast/multicol/nested-columns-expected.txt:
* platform/gtk/fast/multicol/newmulticol/client-rects-expected.txt:
* platform/gtk/fast/multicol/overflow-across-columns-expected.txt:
* platform/gtk/fast/multicol/overflow-across-columns-percent-height-expected.txt:
* platform/gtk/fast/multicol/overflow-unsplittable-expected.txt:
* platform/gtk/fast/multicol/paginate-block-replaced-expected.txt:
* platform/gtk/fast/multicol/pagination/BottomToTop-bt-expected.txt:
* platform/gtk/fast/multicol/pagination/BottomToTop-lr-expected.txt:
* platform/gtk/fast/multicol/pagination/BottomToTop-rl-expected.txt:
* platform/gtk/fast/multicol/pagination/BottomToTop-tb-expected.txt:
* platform/gtk/fast/multicol/pagination/LeftToRight-bt-expected.txt:
* platform/gtk/fast/multicol/pagination/LeftToRight-rl-expected.txt:
* platform/gtk/fast/multicol/pagination/LeftToRight-tb-expected.txt:
* platform/gtk/fast/multicol/pagination/RightToLeft-bt-expected.txt:
* platform/gtk/fast/multicol/pagination/RightToLeft-lr-expected.txt:
* platform/gtk/fast/multicol/pagination/RightToLeft-rl-dynamic-expected.txt:
* platform/gtk/fast/multicol/pagination/RightToLeft-rl-expected.txt:
* platform/gtk/fast/multicol/pagination/RightToLeft-tb-expected.txt:
* platform/gtk/fast/multicol/pagination/TopToBottom-bt-expected.txt:
* platform/gtk/fast/multicol/pagination/TopToBottom-lr-expected.txt:
* platform/gtk/fast/multicol/pagination/TopToBottom-rl-expected.txt:
* platform/gtk/fast/multicol/positive-leading-expected.txt:
* platform/gtk/fast/multicol/scrolling-column-rules-expected.txt:
* platform/gtk/fast/multicol/span/anonymous-style-inheritance-expected.txt:
* platform/gtk/fast/multicol/span/span-as-immediate-child-complex-splitting-expected.txt:
* platform/gtk/fast/multicol/span/span-as-immediate-child-property-removal-expected.txt:
* platform/gtk/fast/multicol/span/span-as-immediate-columns-child-removal-expected.txt:
* platform/gtk/fast/multicol/span/span-as-nested-columns-child-dynamic-expected.txt:
* platform/gtk/fast/multicol/span/span-as-nested-columns-child-expected.txt:
* platform/gtk/fast/multicol/span/span-margin-collapsing-expected.txt:
* platform/gtk/fast/multicol/table-vertical-align-expected.txt:
* platform/gtk/fast/multicol/tall-image-behavior-expected.txt:
* platform/gtk/fast/multicol/vertical-lr/column-break-with-balancing-expected.txt:
* platform/gtk/fast/multicol/vertical-lr/column-rules-expected.txt:
* platform/gtk/fast/multicol/vertical-lr/float-multicol-expected.txt:
* platform/gtk/fast/multicol/vertical-lr/float-paginate-complex-expected.txt:
* platform/gtk/fast/multicol/vertical-lr/float-paginate-expected.txt:
* platform/gtk/fast/multicol/vertical-lr/nested-columns-expected.txt:
* platform/gtk/fast/multicol/vertical-rl/column-break-with-balancing-expected.txt:
* platform/gtk/fast/multicol/vertical-rl/column-rules-expected.txt:
* platform/gtk/fast/multicol/vertical-rl/float-multicol-expected.txt:
* platform/gtk/fast/multicol/vertical-rl/float-paginate-complex-expected.txt:
* platform/gtk/fast/multicol/vertical-rl/float-paginate-expected.txt:
* platform/gtk/fast/multicol/vertical-rl/nested-columns-expected.txt:
* platform/gtk/fast/overflow/clip-rects-fixed-ancestor-expected.txt:
* platform/gtk/fast/overflow/float-in-relpositioned-expected.txt:
* platform/gtk/fast/overflow/overflow-auto-position-absolute-expected.txt:
* platform/gtk/fast/overflow/overflow-rtl-expected.txt:
* platform/gtk/fast/overflow/paged-x-div-expected.txt:
* platform/gtk/fast/overflow/paged-x-div-with-column-gap-expected.txt:
* platform/gtk/fast/overflow/paged-x-on-root-expected.txt:
* platform/gtk/fast/overflow/paged-x-with-column-gap-expected.txt:
* platform/gtk/fast/overflow/paged-y-div-expected.txt:
* platform/gtk/fast/overflow/scroll-nested-positioned-layer-in-overflow-expected.txt:
* platform/gtk/fast/regions/repaint/region-painting-via-layout-expected.txt:
* platform/gtk/fast/repaint/box-shadow-h-expected.txt:
* platform/gtk/fast/repaint/box-shadow-v-expected.txt:
* platform/gtk/fast/repaint/layer-outline-expected.txt:
* platform/gtk/fast/repaint/layer-outline-horizontal-expected.txt:
* platform/gtk/fast/table/edge-offsets-expected.txt:
* platform/gtk/fast/transforms/overflow-with-transform-expected.txt:
* platform/gtk/fast/transforms/rotated-transform-affects-scrolling-1-expected.txt: Added.
* platform/gtk/fast/transforms/rotated-transform-affects-scrolling-2-expected.txt: Added.
* platform/gtk/printing/single-line-must-not-be-split-into-two-pages-expected.txt:
* platform/gtk/scrollbars/scrollbars-on-positioned-content-expected.txt:
* platform/gtk/svg/custom/getscreenctm-in-scrollable-div-area-nested-expected.txt:
* platform/gtk/svg/custom/image-rescale-clip-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199131 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoPage tiles are missing when graphics acceleration is unavailable
simon.fraser@apple.com [Thu, 7 Apr 2016 01:20:52 +0000 (01:20 +0000)]
Page tiles are missing when graphics acceleration is unavailable
https://bugs.webkit.org/show_bug.cgi?id=156325
Source/WebCore:

rdar://problem/25587476

Reviewed by Tim Horton.

When graphics acceleration is unavailable on Mac (e.g. in a VM or when running from
the recovery partition), page contents were missing. This is because
IOSurfaceGetPropertyMaximum(kIOSurfaceWidth) and IOSurfaceGetPropertyMaximum(kIOSurfaceHeight)
returned INT_MAX, causing us to compute a tile size of 0x0.

Fix by changing IOSurface::maximumSize() to report a value between 1K x 1K and 32K x 32K.

Rename kGiantTileSize to better describe its purpose.

Add correct clamping in IOSurface::maximumSize().

* platform/graphics/ca/TileController.cpp:
(WebCore::TileController::tileSize):
* platform/graphics/ca/TileController.h:
* platform/graphics/cocoa/IOSurface.mm:
(IOSurface::maximumSize):

Source/WTF:

Reviewed by Tim Horton.

Add clampToInteger(size_t).

* wtf/MathExtras.h:
(clampToInteger):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199130 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoJSC test stress/arrowfunction-lexical-bind-superproperty.js failing
fpizlo@apple.com [Thu, 7 Apr 2016 01:11:47 +0000 (01:11 +0000)]
JSC test stress/arrowfunction-lexical-bind-superproperty.js failing
https://bugs.webkit.org/show_bug.cgi?id=156309

Reviewed by Saam Barati.

Just be honest about the fact that the ArgumentCount and Callee parts of inline callframe runtime
meta-data can be read at any time.

We only have to say this for the inline callframe forms of ArgumentCount and Callee because we don't
sink any part of the machine prologue. This change just prevents us from sinking the pseudoprologue
of inlined varargs or closure calls.

Shockingly, this is not a regression on anything.

* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199129 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[ES6] Add support for Symbol.isConcatSpreadable.
keith_miller@apple.com [Thu, 7 Apr 2016 00:50:44 +0000 (00:50 +0000)]
[ES6] Add support for Symbol.isConcatSpreadable.
https://bugs.webkit.org/show_bug.cgi?id=155351

Reviewed by Saam Barati.

Source/JavaScriptCore:

This patch adds support for Symbol.isConcatSpreadable. In order to do so it was necessary to move the
Array.prototype.concat function to JS. A number of different optimizations were needed to make such the move to
a builtin performant. First, four new DFG intrinsics were added.

1) IsArrayObject (I would have called it IsArray but we use the same name for an IndexingType): an intrinsic of
   the Array.isArray function.
2) IsJSArray: checks the first child is a JSArray object.
3) IsArrayConstructor: checks the first child is an instance of ArrayConstructor.
4) CallObjectConstructor: an intrinsic of the Object constructor.

IsActualObject, IsJSArray, and CallObjectConstructor can all be converted into constants in the abstract interpreter if
we are able to prove that the first child is an Array or for ToObject an Object.

In order to further improve the perfomance we also now cover more indexing types in our fast path memcpy
code. Before we would only memcpy Arrays if they had the same indexing type and did not have Array storage and
were not undecided. Now the memcpy code covers the following additional two cases: One array is undecided and
the other is a non-array storage and the case where one array is Int32 and the other is contiguous (we map this
into a contiguous array).

This patch also adds a new fast path for concat with more than one array argument by using memcpy to append
values onto the result array. This works roughly the same as the two array fast path using the same methodology
to decide if we can memcpy the other butterfly into the result butterfly.

Two new debugging tools are also added to the jsc cli. One is a version of the print function with a private
name so it can be used for debugging builtins. The other is dumpDataLog, which takes a JSValue and runs our
dataLog function on it.

Finally, this patch add a new constructor to JSValueRegsTemporary that allows it to reuse the the registers of a
JSValueOperand if the operand's use count is one.

* JavaScriptCore.xcodeproj/project.pbxproj:
* builtins/ArrayPrototype.js:
(concatSlowPath):
(concat):
* bytecode/BytecodeIntrinsicRegistry.cpp:
(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
* bytecode/BytecodeIntrinsicRegistry.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::compileIsJSArray):
(JSC::DFG::SpeculativeJIT::compileIsArrayObject):
(JSC::DFG::SpeculativeJIT::compileIsArrayConstructor):
(JSC::DFG::SpeculativeJIT::compileCallObjectConstructor):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCallObjectConstructor):
(JSC::FTL::DFG::LowerDFGToB3::compileIsArrayObject):
(JSC::FTL::DFG::LowerDFGToB3::compileIsJSArray):
(JSC::FTL::DFG::LowerDFGToB3::compileIsArrayConstructor):
(JSC::FTL::DFG::LowerDFGToB3::isArray):
* jit/JITOperations.h:
* jsc.cpp:
(WTF::RuntimeArray::createStructure):
(GlobalObject::finishCreation):
(functionDebug):
(functionDataLogValue):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::finishCreation):
(JSC::arrayConstructorPrivateFuncIsArrayConstructor):
* runtime/ArrayConstructor.h:
(JSC::isArrayConstructor):
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::finishCreation):
(JSC::arrayProtoPrivateFuncIsJSArray):
(JSC::moveElements):
(JSC::arrayProtoPrivateFuncConcatMemcpy):
(JSC::arrayProtoPrivateFuncAppendMemcpy):
(JSC::arrayProtoFuncConcat): Deleted.
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::createStructure):
* runtime/CommonIdentifiers.h:
* runtime/Intrinsic.h:
* runtime/JSArray.cpp:
(JSC::JSArray::appendMemcpy):
(JSC::JSArray::fastConcatWith): Deleted.
* runtime/JSArray.h:
(JSC::JSArray::createStructure):
(JSC::JSArray::fastConcatType): Deleted.
* runtime/JSArrayInlines.h: Added.
(JSC::JSArray::memCopyWithIndexingType):
(JSC::JSArray::canFastCopy):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/JSType.h:
* runtime/ObjectConstructor.h:
(JSC::constructObject):
* tests/es6.yaml:
* tests/stress/array-concat-spread-object.js: Added.
(arrayEq):
* tests/stress/array-concat-spread-proxy-exception-check.js: Added.
(arrayEq):
* tests/stress/array-concat-spread-proxy.js: Added.
(arrayEq):
* tests/stress/array-concat-with-slow-indexingtypes.js: Added.
(arrayEq):
* tests/stress/array-species-config-array-constructor.js:

Source/WebCore:

Makes runtime arrays have the new ArrayType

* bridge/runtime_array.h:
(JSC::RuntimeArray::createStructure):

LayoutTests:

Fix tests for Symbol.isConcatSpreadable on the Symbol object.

* js/Object-getOwnPropertyNames-expected.txt:
* js/dom/array-prototype-properties-expected.txt:
* js/script-tests/Object-getOwnPropertyNames.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199128 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r199070.
commit-queue@webkit.org [Thu, 7 Apr 2016 00:40:37 +0000 (00:40 +0000)]
Unreviewed, rolling out r199070.
https://bugs.webkit.org/show_bug.cgi?id=156324

"It didn't fix the timeout" (Requested by saamyjoon on
#webkit).

Reverted changeset:

"jsc-layout-tests.yaml/js/script-tests/regress-141098.js
failing on Yosemite Debug after r198989"
https://bugs.webkit.org/show_bug.cgi?id=156187
http://trac.webkit.org/changeset/199070

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199127 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS Simulator WK1] Crash in MediaPlayer::setPrivateBrowsingMode()
eric.carlson@apple.com [Thu, 7 Apr 2016 00:14:42 +0000 (00:14 +0000)]
[iOS Simulator WK1] Crash in MediaPlayer::setPrivateBrowsingMode()
https://bugs.webkit.org/show_bug.cgi?id=155721
<rdar://problem/18590481>

Speculative fix for a crash that appears to happen when the media engine is destroyed
during a callback.

Reviewed by Dean Jackson.

No new tests, this prevents existing tests from crashing.

* html/HTMLMediaElement.cpp:
(WebCore::actionName): Log MediaEngineUpdated.
(WebCore::HTMLMediaElement::scheduleDelayedAction): Support MediaEngineUpdated.
(WebCore::HTMLMediaElement::pendingActionTimerFired): Ditto. Clear m_pendingActionFlags.
(WebCore::HTMLMediaElement::mediaEngineWasUpdated): New.
(WebCore::HTMLMediaElement::mediaPlayerEngineUpdated): Move guts to mediaEngineWasUpdated and
  call it on a timer so we can't change the media engine in the middle of a callback from
  MediaPlayer or the media engine.
* html/HTMLMediaElement.h:
* html/HTMLMediaElementEnums.h:

* platform/graphics/MediaPlayer.cpp:
(WebCore::MediaPlayer::~MediaPlayer): Assert if new flag m_initializingMediaEngine is set to
  catch HTMLMediaElement destroying the media engine during a callback.
(WebCore::MediaPlayer::loadWithNextMediaEngine): Set/clear m_initializingMediaEngine.
* platform/graphics/MediaPlayer.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199126 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling in r199016.
ggaren@apple.com [Thu, 7 Apr 2016 00:13:51 +0000 (00:13 +0000)]
Unreviewed, rolling in r199016.
https://bugs.webkit.org/show_bug.cgi?id=156140

It might work this time without regression because 16kB aligned requests
now take the allocation fast path.

Restored changeset:

CopiedBlock should be 16kB
https://bugs.webkit.org/show_bug.cgi?id=156168
http://trac.webkit.org/changeset/199016

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199125 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd the executable bit on tools/sync-buildbot.js as supposed to be done in the previo...
rniwa@webkit.org [Wed, 6 Apr 2016 23:22:29 +0000 (23:22 +0000)]
Add the executable bit on tools/sync-buildbot.js as supposed to be done in the previous commit

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199124 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoNew buildbot syncing scripts that supports multiple builders and slaves
rniwa@webkit.org [Wed, 6 Apr 2016 23:19:29 +0000 (23:19 +0000)]
New buildbot syncing scripts that supports multiple builders and slaves
https://bugs.webkit.org/show_bug.cgi?id=156269

Reviewed by Chris Dumez.

Add sync-buildbot.js that supports scheduling A/B testing jobs on multiple builders and slaves.
The old python script (sync-with-buildbot.py) could only support a single builder and slave
for each platform, test pair.

The main logic is implemented in BuildbotTriggerable.syncOnce. Various helper methods are added
throughout the codebase and tests have been refactored.

BuildbotSyncer has been updated to support multiple platform, test pairs. It's now responsible
for syncing everything on each builder (on a buildbot).

Added more unit tests for BuildbotSyncer and server tests for BuildbotTriggerable, and refactored
test helpers and mocks as needed.

* public/v3/models/build-request.js:
(BuildRequest.prototype.status): Added.
(BuildRequest.prototype.isScheduled): Added.
* public/v3/models/metric.js:
(Metric.prototype.fullName): Added.
* public/v3/models/platform.js:
(Platform): Added the map based on platform name.
(Platform.findByName): Added.
* public/v3/models/test.js:
(Test.topLevelTests):
(Test.findByPath): Added. Finds a test based on an array of test names; e.g. ['A', 'B'] would
find the test whose name is "B" which has a parent test named "A".
(Test.prototype.fullName): Added.
* server-tests/api-build-requests-tests.js:
(addMockData): Moved to resources/mock-data.js.
(addAnotherMockTestGroup): Ditto.
* server-tests/resources/mock-data.js: Added.
(MockData.resetV3Models): Added.
(MockData.addMockData): Moved from api-build-requests-tests.js.
(MockData.addAnotherMockTestGroup): Ditto.
(MockData.mockTestSyncConfigWithSingleBuilder): Added.
(MockData.mockTestSyncConfigWithTwoBuilders): Added.
(MockData.pendingBuild): Added.
(MockData.runningBuild): Added.
(MockData.finishedBuild): Added.
* server-tests/resources/test-server.js:
(TestServer):
(TestServer.prototype.remoteAPI):
(TestServer.prototype._ensureTestDatabase): Don't fail even if the test database doesn't exit.
(TestServer.prototype._startApache): Create a RemoteAPI instance to access the test sever.
(TestServer.prototype._waitForPid): Increase the timeout.
(TestServer.prototype.inject): Replace global.RemoteAPI during the test and restore it afterwards.
* server-tests/tools-buildbot-triggerable-tests.js: Added. Tests BuildbotTriggerable.syncOnce.
(MockLogger): Added.
(MockLogger.prototype.log): Added.
(MockLogger.prototype.error): Added.
* tools/detect-changes.js:
(parseArgument): Moved to js/parse-arguments.js.
* tools/js/buildbot-syncer.js:
(BuildbotBuildEntry):
(BuildbotBuildEntry.prototype.syncer): Added.
(BuildbotBuildEntry.prototype.buildRequestStatusIfUpdateIsNeeded): Added. Returns a new status
for a build request (of the matching build request ID) if it needs to be updated in the server.
(BuildbotSyncer): This class
(BuildbotSyncer.prototype.addTestConfiguration): Added.
(BuildbotSyncer.prototype.testConfigurations): Returns the list of test configurations.
(BuildbotSyncer.prototype.matchesConfiguration): Returns true iff the request can be scheduled on
this builder.
(BuildbotSyncer.prototype.scheduleRequest): Added. Schedules a new job on buildbot for a request.
(BuildbotSyncer.prototype.scheduleFirstRequestInGroupIfAvailable): Added. Schedules a new job for
the specified build request on the first slave that's available.
(BuildbotSyncer.prototype.pullBuildbot): Return a list of BuildbotBuildEntry instead of an object.
Also store it on an instance variable so that scheduleFirstRequestInGroupIfAvailable could use it.
(BuildbotSyncer.prototype._pullRecentBuilds):
(BuildbotSyncer.prototype.pathForPendingBuildsJSON): Renamed from urlForPendingBuildsJSON and now
only returns the path instead of the full URL since RemoteAPI takes a path, not full URL.
(BuildbotSyncer.prototype.pathForBuildJSON): Ditto from pathForBuildJSON.
(BuildbotSyncer.prototype.pathForForceBuild): Added.
(BuildbotSyncer.prototype.url): Use RemoteAPI's url method instead of manually constructing URL.
(BuildbotSyncer.prototype.urlForBuildNumber): Ditto.
(BuildbotSyncer.prototype._propertiesForBuildRequest): Now that each syncer can have multiple test
configurations associated with it, find the one matching for this request.
(BuildbotSyncer._loadConfig): Create a syncer per builder and add all test configurations to it.
(BuildbotSyncer._validateAndMergeConfig): Added the support for 'SlaveList', which is a list of
slave names present on this builder.
* tools/js/buildbot-triggerable.js: Added.
(BuildbotTriggerable): Added.
(BuildbotTriggerable.prototype.name): Added.
(BuildbotTriggerable.prototype.syncOnce): Added. The main logic for the syncing script. It pulls
existing build requests from the perf dashboard, pulls buildbot for pending and running/completed
builds on each builder (represented by each syncer), schedules build requests on buildbot if there
is any builder/slave available, and updates the status of build requests in the database.
(BuildbotTriggerable.prototype._validateRequests): Added.
(BuildbotTriggerable.prototype._pullBuildbotOnAllSyncers): Added.
(BuildbotTriggerable.prototype._scheduleNextRequestInGroupIfSlaveIsAvailable): Added.
(BuildbotTriggerable._testGroupMapForBuildRequests): Added.
* tools/js/database.js:
* tools/js/parse-arguments.js: Added. Extracted out of tools/detect-changes.js.
(parseArguments):
* tools/js/remote.js:
(RemoteAPI): Now optionally takes the server configuration.
(RemoteAPI.prototype.url): Added.
(RemoteAPI.prototype.getJSON): Removed the code for specifying request content.
(RemoteAPI.prototype.getJSONWithStatus): Ditto.
(RemoteAPI.prototype.postJSON): Added.
(RemoteAPI.prototype.postFormUrlencodedData): Added.
(RemoteAPI.prototype.sendHttpRequest): Fixed the code to specify auth.
* tools/js/v3-models.js: Don't include RemoteAPI here as they require a configuration for each host.
* tools/sync-buildbot.js: Added.
(main): Added. Parse the arguments and start the loop.
(syncLoop): Added.
* unit-tests/buildbot-syncer-tests.js: Added tests for pullBuildbot, scheduleRequest, as well as
scheduleFirstRequestInGroupIfAvailable. Refactored helper functions as needed.
(sampleiOSConfig):
(smallConfiguration): Added.
(smallPendingBuild): Added.
(smallInProgressBuild): Added.
(smallFinishedBuild): Added.
(createSampleBuildRequest): Create a unique build request for each platform.
(samplePendingBuild): Optionally specify build time and slave name.
(sampleInProgressBuild): Optionally specify slave name.
(sampleFinishedBuild): Ditto.
* unit-tests/resources/mock-remote-api.js:
(assert.notReached.assert.notReached):
(MockRemoteAPI.url): Added.
(MockRemoteAPI.postFormUrlencodedData): Added.
(MockRemoteAPI._addRequest): Extracted from getJSONWithStatus.
(MockRemoteAPI.waitForRequest): Extracted from inject. For tools-buildbot-triggerable-tests.js, we
need to instantiate a RemoteAPI for buildbot without replacing global.RemoteAPI.
(MockRemoteAPI.inject):
(MockRemoteAPI.reset): Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199123 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate es6.yaml to expect es6/Proxy_internal_get_calls_RegExp_constructor.js to pass.
mark.lam@apple.com [Wed, 6 Apr 2016 22:51:58 +0000 (22:51 +0000)]
Update es6.yaml to expect es6/Proxy_internal_get_calls_RegExp_constructor.js to pass.
https://bugs.webkit.org/show_bug.cgi?id=156314

Reviewed by Saam Barati.

* tests/es6.yaml:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199122 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModern IDB: Make sure SQLite backing store records have a INTEGER PRIMARY KEY column.
beidson@apple.com [Wed, 6 Apr 2016 22:25:37 +0000 (22:25 +0000)]
Modern IDB: Make sure SQLite backing store records have a INTEGER PRIMARY KEY column.
https://bugs.webkit.org/show_bug.cgi?id=156264

Reviewed by Alex Christensen.

No new tests (No testable change in behavior yet, current tests pass).

* Modules/indexeddb/IDBKeyData.cpp:
(WebCore::IDBKeyData::encode): Fix the key name for backwards compatibility.
(WebCore::IDBKeyData::decode): Ditto.

* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
(WebCore::IDBServer::v3RecordsTableSchema): Added v3 Records schema that includes a primary key column.
(WebCore::IDBServer::v3RecordsTableSchemaAlternate):
(WebCore::IDBServer::createOrMigrateRecordsTableIfNecessary): Upgrade to v3 instead of v2.
(WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199120 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAvoid using an unengaged Optional<FloatRect> when positioning the tiled scrolling...
simon.fraser@apple.com [Wed, 6 Apr 2016 22:22:02 +0000 (22:22 +0000)]
Avoid using an unengaged Optional<FloatRect> when positioning the tiled scrolling indicator
https://bugs.webkit.org/show_bug.cgi?id=156313

Reviewed by Tim Horton.

Fixes an assertion seen when running the WebKit2.AutoLayoutIntegration API test.

* page/FrameView.cpp:
(WebCore::FrameView::setViewExposedRect):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199119 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCompile WebKitTestRunner with CMake on Mac
achristensen@apple.com [Wed, 6 Apr 2016 21:51:56 +0000 (21:51 +0000)]
Compile WebKitTestRunner with CMake on Mac
https://bugs.webkit.org/show_bug.cgi?id=156310

Reviewed by Daniel Bates.

Source/WebKit2:

* PlatformMac.cmake:

Tools:

* CMakeLists.txt:
* WebKitTestRunner/CMakeLists.txt:
* WebKitTestRunner/InjectedBundle/mac/InjectedBundleMac.mm:
* WebKitTestRunner/PlatformEfl.cmake:
* WebKitTestRunner/PlatformGTK.cmake:
* WebKitTestRunner/PlatformMac.cmake: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199118 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix windows build.
weinig@apple.com [Wed, 6 Apr 2016 21:48:21 +0000 (21:48 +0000)]
Fix windows build.

* DerivedSources.cpp:
* css/CSSAllInOne.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199117 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCRASH in AudioDestinationNode::render()
jer.noble@apple.com [Wed, 6 Apr 2016 21:21:47 +0000 (21:21 +0000)]
CRASH in AudioDestinationNode::render()
https://bugs.webkit.org/show_bug.cgi?id=156308
<rdar://problem/25468815>

Reviewed by Eric Carlson.

AudioDestinationNode::render() will crash when passed in a zero-length frame count. Rather than get into
this bad state, ASSERT() and bail out early in this case.

Also, address the situation in AudioDestinationIOS::render which can cause this 0-frame count to occur.

* Modules/webaudio/AudioDestinationNode.cpp:
(WebCore::AudioDestinationNode::render):
* platform/audio/ios/AudioDestinationIOS.cpp:
(WebCore::AudioDestinationIOS::render):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199116 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agobmalloc: handle aligned allocations on the fast path
ggaren@apple.com [Wed, 6 Apr 2016 20:52:11 +0000 (20:52 +0000)]
bmalloc: handle aligned allocations on the fast path
https://bugs.webkit.org/show_bug.cgi?id=156302

Reviewed by Michael Saboff.

This helps keep the JavaScriptCore GC on the fast path, and it also
helps avoid fragmentation on our website stress test:

    nimlang                      209,584kB            198,076kB      ^ 1.06x smaller

* bmalloc/Allocator.cpp:
(bmalloc::Allocator::allocate): Because we arrange for power-of-two size
classes to allocate at power-of-two alignments, we can allocate any
small aligned request on the small path.

* bmalloc/Chunk.h:
(bmalloc::Chunk::bytes):
(bmalloc::Chunk::lines):
(bmalloc::Chunk::pages):
(bmalloc::Chunk::boundaryTags):
(bmalloc::Chunk::objectType): Moved some code around to provide better
API.

(bmalloc::Chunk::Chunk): Moved this code to VMHeap.

(bmalloc::Chunk::offset):
(bmalloc::Chunk::object): Use our new bytes() helper function.

* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::allocateChunk): Moved code here from Chunk.

(bmalloc::VMHeap::allocateSmallChunk): Ensure that power-of-two page
sizes always begin allocation at the same alignment. Power-of-two object
sizes always request power-of-two page sizes (since that's the least
wasteful option), so if we also ensure that power-of-two page sizes get
power-of-two alignment, then everything is aligned for all small objects.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199115 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[WinCairo][MediaFoundation] Videos are always autoplaying.
peavo@outlook.com [Wed, 6 Apr 2016 20:41:48 +0000 (20:41 +0000)]
[WinCairo][MediaFoundation] Videos are always autoplaying.
https://bugs.webkit.org/show_bug.cgi?id=156284

Reviewed by Alex Christensen.

Videos are autoplaying because the MediaFoundation implementation always starts playback
after the load method has been called. When the load method has been called, we should
only start buffering data, not automatically start the playback. This has been fixed by
implementing the prepareToPlay method, and calling this instead of the play method.

* platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
(WebCore::MediaPlayerPrivateMediaFoundation::MediaPlayerPrivateMediaFoundation):
(WebCore::MediaPlayerPrivateMediaFoundation::load):
(WebCore::MediaPlayerPrivateMediaFoundation::prepareToPlay):
(WebCore::MediaPlayerPrivateMediaFoundation::play):
(WebCore::MediaPlayerPrivateMediaFoundation::networkState):
(WebCore::MediaPlayerPrivateMediaFoundation::startSession):
(WebCore::MediaPlayerPrivateMediaFoundation::endGetEvent):
(WebCore::MediaPlayerPrivateMediaFoundation::updateReadyState):
(WebCore::MediaPlayerPrivateMediaFoundation::onTopologySet):
(WebCore::MediaPlayerPrivateMediaFoundation::onBufferingStarted):
(WebCore::MediaPlayerPrivateMediaFoundation::onBufferingStopped):
(WebCore::MediaPlayerPrivateMediaFoundation::onSessionEnded):
(WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::updateDestRect):
* platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199114 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd ASSERT_WITH_SECURITY_IMPLICATION when a float box is referenced by multiple RootI...
zalan@apple.com [Wed, 6 Apr 2016 20:03:58 +0000 (20:03 +0000)]
Add ASSERT_WITH_SECURITY_IMPLICATION when a float box is referenced by multiple RootInlineBoxes.
https://bugs.webkit.org/show_bug.cgi?id=156297
<rdar://problem/25580844>

Reviewed by Brent Fulgham.

See http://trac.webkit.org/changeset/199101

No change in functionality.

* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlockFlow::appendFloatingObjectToLastLine):
(WebCore::RenderBlockFlow::reattachCleanLineFloats):
(WebCore::RenderBlockFlow::determineStartPosition):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199113 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agowindow.CSS should be a constructor with static functions
weinig@apple.com [Wed, 6 Apr 2016 19:54:30 +0000 (19:54 +0000)]
window.CSS should be a constructor with static functions
<rdar://problem/25580516>
https://bugs.webkit.org/show_bug.cgi?id=156294

Reviewed by Chris Dumez.

Source/WebCore:

Rename DOMWindowCSS to DOMCSSNamespace to avoid name collisions, DOMWindow prefixed
classes cause collisions in JSDOMWindow.

* CMakeLists.txt:
* DerivedSources.make:
* WebCore.xcodeproj/project.pbxproj:
Update for renames.

* css/DOMCSSNamespace.cpp: Copied from Source/WebCore/css/DOMWindowCSS.cpp.
(WebCore::valueWithoutImportant):
(WebCore::DOMCSSNamespace::supports):
(WebCore::DOMWindowCSS::create): Deleted.
(WebCore::DOMWindowCSS::supports): Deleted.
* css/DOMCSSNamespace.h: Copied from Source/WebCore/css/DOMWindowCSS.h.
(WebCore::DOMWindowCSS::DOMWindowCSS): Deleted.
Rename DOMWindowCSS to DOMCSSNamespace and turn functions into static functions.

* css/DOMCSSNamespace.idl: Copied from Source/WebCore/css/DOMWindowCSS.idl.
Remove NoInterfaceObject, to inject a constructor, and turn functions into
static functions matching spec.

* page/DOMWindow.cpp:
(WebCore::DOMWindow::css): Deleted.
* page/DOMWindow.h:
* page/DOMWindow.idl:
Remove CSS property. Constructor will be implicitly added.

LayoutTests:

* platform/efl/js/dom/global-constructors-attributes-expected.txt:
* platform/gtk/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
* platform/mac/js/dom/global-constructors-attributes-expected.txt:
* platform/win/js/dom/global-constructors-attributes-expected.txt:
Update for new CSS constructor property.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199112 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRename exposedRect to viewExposedRect and propagate it as Optional<> through WK2
simon.fraser@apple.com [Wed, 6 Apr 2016 19:22:57 +0000 (19:22 +0000)]
Rename exposedRect to viewExposedRect and propagate it as Optional<> through WK2
https://bugs.webkit.org/show_bug.cgi?id=156274

Reviewed by NOBODY (OOPS!).

DrawingArea and FrameView have an "exposedRect" property that is used by applications
on Mac, like Mail, that embed web views inside scroll views. However, this name is very
similar to the "exposedContentRect" that is used on iOS to denote the part of the view
whose pixels are visible, including through blurring overlaid UI.

To disambiguate these two, rename the Mac "exposedRect" to "viewExposedRect" to
emphasize that it's a rect that takes into account clipping in the native view
hierarchy.

Also make this rect Optional<> through the DrawingArea, removing comparisons against
FloatRect::infiniteRect().

Do some other minor renaming in VisibleContentRectUpdateInfo.

Source/WebCore:

* page/FrameView.cpp:
(WebCore::FrameView::setViewExposedRect): This now takes an Optional<> because WebViewImpl::updateViewExposedRect()
can clear it.
* page/FrameView.h:
* page/PageOverlayController.cpp:
(WebCore::PageOverlayController::didChangeViewExposedRect):
(WebCore::PageOverlayController::didChangeExposedRect): Deleted.
* page/PageOverlayController.h:
* rendering/RenderLayerBacking.cpp:
(WebCore::computeTileCoverage):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::flushPendingLayerChanges):

Source/WebKit2:

* Shared/VisibleContentRectUpdateInfo.cpp: Rename "exposedRect" and "unobscuredRect" to
have "Content" in the names.
(WebKit::VisibleContentRectUpdateInfo::encode):
(WebKit::VisibleContentRectUpdateInfo::decode):
* Shared/VisibleContentRectUpdateInfo.h:
(WebKit::VisibleContentRectUpdateInfo::VisibleContentRectUpdateInfo):
(WebKit::VisibleContentRectUpdateInfo::exposedContentRect):
(WebKit::VisibleContentRectUpdateInfo::unobscuredContentRect):
(WebKit::operator==):
(WebKit::VisibleContentRectUpdateInfo::exposedRect): Deleted.
(WebKit::VisibleContentRectUpdateInfo::unobscuredRect): Deleted.
* UIProcess/Cocoa/WebViewImpl.mm:
(WebKit::WebViewImpl::updateViewExposedRect):
* UIProcess/DrawingAreaProxy.cpp:
(WebKit::DrawingAreaProxy::DrawingAreaProxy):
(WebKit::DrawingAreaProxy::setViewExposedRect):
(WebKit::DrawingAreaProxy::viewExposedRectChangedTimerFired):
(WebKit::DrawingAreaProxy::setExposedRect): Deleted.
(WebKit::DrawingAreaProxy::exposedRectChangedTimerFired): Deleted.
* UIProcess/DrawingAreaProxy.h:
(WebKit::DrawingAreaProxy::viewExposedRect):
(WebKit::DrawingAreaProxy::exposedRect): Deleted.
* UIProcess/WebPageProxy.h:
(WebKit::WebPageProxy::exposedContentRect):
(WebKit::WebPageProxy::unobscuredContentRect):
* UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.h:
* UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:
(WebKit::RemoteLayerTreeDrawingAreaProxy::setViewExposedRect):
(WebKit::RemoteLayerTreeDrawingAreaProxy::indicatorLocation):
(WebKit::RemoteLayerTreeDrawingAreaProxy::updateDebugIndicator):
(WebKit::RemoteLayerTreeDrawingAreaProxy::scaledExposedRect): Deleted.
(WebKit::RemoteLayerTreeDrawingAreaProxy::setExposedRect): Deleted. This was only used
to position the indicator, and confusingly used either exposedContentRect() or viewExposedRect()
depending on platform.
* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage):
* WebProcess/WebPage/DrawingArea.h:
* WebProcess/WebPage/DrawingArea.messages.in:
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::updateVisibleContentRects):
* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h:
* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:
(WebKit::RemoteLayerTreeDrawingArea::setViewExposedRect):
(WebKit::RemoteLayerTreeDrawingArea::updateScrolledExposedRect):
(WebKit::RemoteLayerTreeDrawingArea::flushLayers):
(WebKit::RemoteLayerTreeDrawingArea::RemoteLayerTreeDrawingArea): Deleted.
(WebKit::RemoteLayerTreeDrawingArea::setExposedRect): Deleted.
* WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h:
* WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:
(WebKit::TiledCoreAnimationDrawingArea::flushLayers):
(WebKit::TiledCoreAnimationDrawingArea::setViewExposedRect):
(WebKit::TiledCoreAnimationDrawingArea::updateScrolledExposedRect):
(WebKit::TiledCoreAnimationDrawingArea::TiledCoreAnimationDrawingArea): Deleted.
(WebKit::TiledCoreAnimationDrawingArea::setExposedRect): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199111 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r195463): [GTK] accessibility/roles-computedRoleString.html and accessibil...
jdiggs@igalia.com [Wed, 6 Apr 2016 19:13:50 +0000 (19:13 +0000)]
REGRESSION(r195463): [GTK] accessibility/roles-computedRoleString.html and accessibility/roles-exposed.html failing
https://bugs.webkit.org/show_bug.cgi?id=153696

Reviewed by Chris Fleizach.

Source/WebCore:

The failures were due to always mapping style format groups to GroupRole, even for
RenderInline objects. The fix is to expose inline style format groups as InlineRole,
add handling of GroupRole style groups to the ATK code, and InlineRole style groups
to the Mac code.

No new tests because we have sufficient coverage. Updated roles-computedRoleString.html
to reflect new exposure.

* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::determineAccessibilityRole):
* accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
(atkRole):
* accessibility/mac/AccessibilityObjectMac.mm:
(WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):
* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(createAccessibilityRoleMap):
(-[WebAccessibilityObjectWrapper subrole]):

LayoutTests:

Now that RenderInline style format groups are exposed as InlineRole, there is
no longer a corresponding computed role for ins, samp, and var elements. Updated
the roles-computedRoleString.html test and expectations accordingly. Also added
the now-correct results for Gtk for both of the previously-failing tests.

* accessibility/roles-computedRoleString-expected.txt: Updated.
* accessibility/roles-computedRoleString.html: Updated.
* platform/gtk/TestExpectations: Unskip the two tests which are now passing.
* platform/gtk/accessibility/roles-computedRoleString-expected.txt: Updated.
* platform/gtk/accessibility/roles-exposed-expected.txt: Updated.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199110 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix CMake DumpRenderTree
achristensen@apple.com [Wed, 6 Apr 2016 19:07:59 +0000 (19:07 +0000)]
Fix CMake DumpRenderTree
https://bugs.webkit.org/show_bug.cgi?id=156305

Reviewed by Daniel Bates.

.:

* Source/cmake/OptionsMac.cmake:

Source/WebKit:

* PlatformMac.cmake:

Source/WebKit/mac:

* WebKitPrefix.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199109 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r199104.
commit-queue@webkit.org [Wed, 6 Apr 2016 18:49:54 +0000 (18:49 +0000)]
Unreviewed, rolling out r199104.
https://bugs.webkit.org/show_bug.cgi?id=156301

Still breaks internal builds (Requested by keith_miller on
#webkit).

Reverted changeset:

"We should support the ability to do a non-effectful getById"
https://bugs.webkit.org/show_bug.cgi?id=156116
http://trac.webkit.org/changeset/199104

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199108 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoImplement operator== and operator!= for Optional<>
simon.fraser@apple.com [Wed, 6 Apr 2016 18:39:59 +0000 (18:39 +0000)]
Implement operator== and operator!= for Optional<>
https://bugs.webkit.org/show_bug.cgi?id=156266

Reviewed by Anders Carlsson.
Source/WTF:

Implement non-member operator== and operator!= variants for Optional<>.

* wtf/Optional.h:
(WTF::operator==):
(WTF::operator!=):

Tools:

* TestWebKitAPI/Tests/WTF/Optional.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199107 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRegExp constructor should use Symbol.match and other properties
keith_miller@apple.com [Wed, 6 Apr 2016 18:26:11 +0000 (18:26 +0000)]
RegExp constructor should use Symbol.match and other properties
https://bugs.webkit.org/show_bug.cgi?id=155873

Reviewed by Michael Saboff.

Source/JavaScriptCore:

This patch updates the behavior of the RegExp constructor. Now the constructor
should get the Symbol.match property and check if it exists to decide if something
should be constructed like a regexp object.

* runtime/RegExpConstructor.cpp:
(JSC::toFlags):
(JSC::constructRegExp):
(JSC::constructWithRegExpConstructor):
(JSC::callRegExpConstructor):
* runtime/RegExpConstructor.h:
* tests/stress/regexp-constructor.js: Added.
(assert):
(throw.new.Error.get let):
(throw.new.Error.):
(throw.new.Error.get re):

LayoutTests:

Fix test for new behavior.

* fast/regex/constructor-expected.txt:
* fast/regex/script-tests/constructor.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199106 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCRASH in -[WebCoreNSURLSession taskCompleted:]
jer.noble@apple.com [Wed, 6 Apr 2016 17:44:42 +0000 (17:44 +0000)]
CRASH in -[WebCoreNSURLSession taskCompleted:]
https://bugs.webkit.org/show_bug.cgi?id=156290

Reviewed by Eric Carlson.

Fixes currently flakily crashing http/tests/media tests.

Protect against -taskCompleted: being called multiple times by only calling
-taskCompleted: if the task's state is not yet NSURLSessionTaskStateCompleted.
Additionally, make sure to clear the task's session pointer when removing it
from _dataTasks, as this ensures a task that outlives its session does not
keep a pointer to a dealloc'd object.

* platform/network/cocoa/WebCoreNSURLSession.mm:
(-[WebCoreNSURLSession taskCompleted:]):
(-[WebCoreNSURLSessionDataTask _resource:loadFinishedWithError:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199105 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWe should support the ability to do a non-effectful getById
keith_miller@apple.com [Wed, 6 Apr 2016 17:36:12 +0000 (17:36 +0000)]
We should support the ability to do a non-effectful getById
https://bugs.webkit.org/show_bug.cgi?id=156116

Reviewed by Benjamin Poulain.

Currently, there is no way in JS to do a non-effectful getById. A non-effectful getById is
useful because it enables us to take different code paths based on values that we would
otherwise not be able to have knowledge of. This patch adds this new feature called
try_get_by_id that will attempt to do as much of a get_by_id as possible without performing
an effectful behavior. Thus, try_get_by_id will return the value if the slot is a value, the
GetterSetter object if the slot is a normal accessor (not a CustomGetterSetter) and
undefined if the slot is unset.  If the slot is proxied or any other cases then the result
is null. In theory, if we ever wanted to check for null we could add a sentinal object to
the global object that indicates we could not get the result.

In order to implement this feature we add a new enum GetByIdKind that indicates what to do
for accessor properties in PolymorphicAccess. If the GetByIdKind is pure then we treat the
get_by_id the same way we would for load and return the value at the appropriate offset.
Additionally, in order to make sure the we can properly compare the GetterSetter object
with === GetterSetters are now JSObjects. This comes at the cost of eight extra bytes on the
GetterSetter object but it vastly simplifies the patch. Additionally, the extra bytes are
likely to have little to no impact on memory usage as normal accessors are generally rare.

* builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::createDefaultConstructor):
(JSC::BuiltinExecutables::createBuiltinExecutable):
(JSC::createBuiltinExecutable):
(JSC::BuiltinExecutables::createExecutable):
(JSC::createExecutableInternal): Deleted.
* builtins/BuiltinExecutables.h:
* bytecode/BytecodeIntrinsicRegistry.h:
* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::tryGet):
(JSC::AccessCase::generate):
(WTF::printInternal):
* bytecode/PolymorphicAccess.h:
(JSC::AccessCase::isGet): Deleted.
(JSC::AccessCase::isPut): Deleted.
(JSC::AccessCase::isIn): Deleted.
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::reset):
* bytecode/StructureStubInfo.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitTryGetById):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::BytecodeIntrinsicNode::emit_intrinsic_tryGetById):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::getById):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
* jit/JITInlineCacheGenerator.h:
* jit/JITInlines.h:
(JSC::JIT::callOperation):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id):
* jit/Repatch.cpp:
(JSC::repatchByIdSelfAccess):
(JSC::appropriateOptimizingGetByIdFunction):
(JSC::appropriateGenericGetByIdFunction):
(JSC::tryCacheGetByID):
(JSC::repatchGetByID):
(JSC::resetGetByID):
* jit/Repatch.h:
* jsc.cpp:
(GlobalObject::finishCreation):
(functionGetGetterSetter):
(functionCreateBuiltin):
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
* runtime/GetterSetter.cpp:
* runtime/GetterSetter.h:
* runtime/JSType.h:
* runtime/PropertySlot.cpp:
(JSC::PropertySlot::getPureResult):
* runtime/PropertySlot.h:
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::getOwnPropertySlotCommon):
* tests/stress/try-get-by-id.js: Added.
(tryGetByIdText):
(getCaller.obj.1.throw.new.Error.let.func):
(getCaller.obj.1.throw.new.Error):
(throw.new.Error.get let):
(throw.new.Error.):
(throw.new.Error.let.get createBuiltin):
(get let):
(let.get createBuiltin):
(let.func):
(get let.func):
(get throw):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199104 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[IDL] Extend support for [EnabledAtRuntime] attributes / operations to all global...
cdumez@apple.com [Wed, 6 Apr 2016 17:33:57 +0000 (17:33 +0000)]
[IDL] Extend support for [EnabledAtRuntime] attributes / operations to all global objects, not just Window
https://bugs.webkit.org/show_bug.cgi?id=156291

Reviewed by Alex Christensen.

Extend support for [EnabledAtRuntime] attributes / operations to all
global objects, not just Window. This is needed by the Fetch API which
is enabled at runtime and exposed on both Window and WorkerGlobalScope.

* bindings/scripts/CodeGeneratorJS.pm:
(IsDOMGlobalObject):
(OperationShouldBeOnInstance):
(GenerateHeader):
(GeneratePropertiesHashTable):
(GenerateImplementation):
* bindings/scripts/test/GObject/WebKitDOMTestGlobalObject.cpp: Added.
(WebKit::kit):
(WebKit::core):
(WebKit::wrapTestGlobalObject):
(webkit_dom_test_global_object_finalize):
(webkit_dom_test_global_object_set_property):
(webkit_dom_test_global_object_get_property):
(webkit_dom_test_global_object_constructor):
(webkit_dom_test_global_object_class_init):
(webkit_dom_test_global_object_init):
(webkit_dom_test_global_object_regular_operation):
(webkit_dom_test_global_object_enabled_at_runtime_operation):
(webkit_dom_test_global_object_get_regular_attribute):
(webkit_dom_test_global_object_set_regular_attribute):
(webkit_dom_test_global_object_get_enabled_at_runtime_attribute):
(webkit_dom_test_global_object_set_enabled_at_runtime_attribute):
* bindings/scripts/test/GObject/WebKitDOMTestGlobalObject.h: Added.
* bindings/scripts/test/GObject/WebKitDOMTestGlobalObjectPrivate.h: Added.
* bindings/scripts/test/JS/JSTestGlobalObject.cpp: Added.
(WebCore::JSTestGlobalObjectConstructor::prototypeForStructure):
(WebCore::JSTestGlobalObjectConstructor::initializeProperties):
(WebCore::JSTestGlobalObjectPrototype::getOwnPropertySlot):
(WebCore::JSTestGlobalObject::JSTestGlobalObject):
(WebCore::JSTestGlobalObject::finishCreation):
(WebCore::JSTestGlobalObject::destroy):
(WebCore::JSTestGlobalObject::getOwnPropertySlot):
(WebCore::jsTestGlobalObjectRegularAttribute):
(WebCore::jsTestGlobalObjectEnabledAtRuntimeAttribute):
(WebCore::jsTestGlobalObjectConstructor):
(WebCore::setJSTestGlobalObjectConstructor):
(WebCore::setJSTestGlobalObjectRegularAttribute):
(WebCore::setJSTestGlobalObjectEnabledAtRuntimeAttribute):
(WebCore::JSTestGlobalObject::getConstructor):
(WebCore::jsTestGlobalObjectInstanceFunctionRegularOperation):
(WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation1):
(WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation2):
(WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation):
(WebCore::JSTestGlobalObjectOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestGlobalObjectOwner::finalize):
(WebCore::toJSNewlyCreated):
(WebCore::toJS):
(WebCore::JSTestGlobalObject::toWrapped):
* bindings/scripts/test/JS/JSTestGlobalObject.h: Added.
(WebCore::JSTestGlobalObject::create):
(WebCore::JSTestGlobalObject::createStructure):
(WebCore::JSTestGlobalObject::finishCreation):
(WebCore::wrapperOwner):
(WebCore::wrapperKey):
(WebCore::toJS):
(WebCore::JSTestGlobalObjectPrototype::create):
(WebCore::JSTestGlobalObjectPrototype::createStructure):
(WebCore::JSTestGlobalObjectPrototype::JSTestGlobalObjectPrototype):
* bindings/scripts/test/ObjC/DOMTestGlobalObject.h: Added.
* bindings/scripts/test/ObjC/DOMTestGlobalObject.mm: Added.
(-[DOMTestGlobalObject dealloc]):
(-[DOMTestGlobalObject regularAttribute]):
(-[DOMTestGlobalObject setRegularAttribute:]):
(-[DOMTestGlobalObject enabledAtRuntimeAttribute]):
(-[DOMTestGlobalObject setEnabledAtRuntimeAttribute:]):
(-[DOMTestGlobalObject regularOperation:]):
(-[DOMTestGlobalObject enabledAtRuntimeOperation:]):
(core):
(kit):
* bindings/scripts/test/ObjC/DOMTestGlobalObjectInternal.h: Added.
* bindings/scripts/test/TestGlobalObject.idl: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199103 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate IndexedDB feature status to the much more correct "In Development"
beidson@apple.com [Wed, 6 Apr 2016 16:38:41 +0000 (16:38 +0000)]
Update IndexedDB feature status to the much more correct "In Development"

Reviewed by Tim Hatcher.

* features.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199102 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoASSERTION FAILED: !floatingObject->originatingLine() in WebCore::RenderBlockFlow...
zalan@apple.com [Wed, 6 Apr 2016 15:56:06 +0000 (15:56 +0000)]
ASSERTION FAILED: !floatingObject->originatingLine() in WebCore::RenderBlockFlow::linkToEndLineIfNeeded
https://bugs.webkit.org/show_bug.cgi?id=153001

Reviewed by Dan Bernstein.

1. Float boxes are always attached to the line where we see them first.
2. Float box can only be attached to one line.
3. RenderBlockFlow can perform partial layout on dirty lines only.

In certain cases, the last dirty line can "pull up" float boxes from the first clean line.
It simply means that due to some layout changes on previous lines now we see those floats on this last dirty line first.
If after placing the float we still find it on the same position, the line below is still considered clean.
Source/WebCore:

Remove the float box from its original line if the line above already placed it.

Test: fast/block/float/float-moves-between-lines.html

* rendering/RenderBlockFlow.h:
* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlockFlow::reattachCleanLineFloats):
(WebCore::RenderBlockFlow::linkToEndLineIfNeeded):
(WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange): Deleted.

LayoutTests:

Remove the float box from its original line if the line above already placed it.

* fast/block/float/float-moves-between-lines-expected.txt: Added.
* fast/block/float/float-moves-between-lines.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199101 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] [l10n] Updated Italian translation of WebKitGTK+
mcatanzaro@igalia.com [Wed, 6 Apr 2016 15:44:35 +0000 (15:44 +0000)]
[GTK] [l10n] Updated Italian translation of WebKitGTK+
https://bugs.webkit.org/show_bug.cgi?id=156283

Patch by Milo Casagrande <milo@milo.name> on 2016-04-06
Rubber-stamped by Michael Catanzaro.

* it.po:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199100 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r196629): Messages text size only changes for sending text, conversation...
antti@apple.com [Wed, 6 Apr 2016 12:26:49 +0000 (12:26 +0000)]
REGRESSION(r196629): Messages text size only changes for sending text, conversation text size does not change
https://bugs.webkit.org/show_bug.cgi?id=156287
<rdar://problem/24264756>

Reviewed by Andreas Kling.

Source/WebCore:

* css/RuleFeature.cpp:
(WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
(WebCore::makeAttributeSelectorKey):

    Include attribute value to the key. Otherwise we may deduplicate selectors that are not indentical.

(WebCore::RuleFeatureSet::collectFeatures):
(WebCore::RuleFeatureSet::add):

    Use HashMap::ensure().

* css/RuleFeature.h:

LayoutTests:

* fast/css/style-invalidation-attribute-change-descendants-expected.txt:
* fast/css/style-invalidation-attribute-change-descendants.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199099 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[css-grid] Fix positioned children in RTL
rego@igalia.com [Wed, 6 Apr 2016 10:21:59 +0000 (10:21 +0000)]
[css-grid] Fix positioned children in RTL
https://bugs.webkit.org/show_bug.cgi?id=156162

Reviewed by Sergio Villar Senin.

Source/WebCore:

This patch fixes a problem affecting the items without
a static inline position (i.e. "left" and/or "right" properties
are not "auto"). In this particular case we need to compute
the "offset" from the left, so we need a specific condition
and computation.

Let's use an example to understand what it's fixing:
<div style="display: grid; grid-template-columns: 100px 50px; width: 300px;
            position: relative; direction: rtl;">
    <div style="position: absolute; left: 0; grid-column: 1 / 2;">item</div>
</div>

In this case the item has to be placed in the first column
(the one on the right as we're in RTL).
For this we need to calculate the offset from the left, which is 200px:
150px (alignment offset) + 50px (offset from line 3 to 2).

Test: fast/css-grid-layout/grid-positioned-items-background-rtl.html

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):

LayoutTests:

Added more RTL cases for the positioned tests.

* fast/css-grid-layout/absolute-positioning-grid-container-containing-block-expected.txt:
* fast/css-grid-layout/absolute-positioning-grid-container-containing-block.html:
* fast/css-grid-layout/grid-positioned-items-background-rtl-expected.html: Added.
* fast/css-grid-layout/grid-positioned-items-background-rtl.html: Added.
* fast/css-grid-layout/grid-positioned-items-padding-expected.txt:
* fast/css-grid-layout/grid-positioned-items-padding.html:
* fast/css-grid-layout/grid-positioned-items-within-grid-implicit-track-expected.txt:
* fast/css-grid-layout/grid-positioned-items-within-grid-implicit-track.html:
* fast/css-grid-layout/grid-sizing-positioned-items-expected.txt:
* fast/css-grid-layout/grid-sizing-positioned-items.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199098 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoComposedTreeIterator may crash when first child of shadow root is a comment node
antti@apple.com [Wed, 6 Apr 2016 09:27:22 +0000 (09:27 +0000)]
ComposedTreeIterator may crash when first child of shadow root is a comment node
https://bugs.webkit.org/show_bug.cgi?id=156281

Reviewed by Andreas Kling.

Source/WebCore:

It should not use plain firstChild() and assume it is Element or Text.

* dom/ComposedTreeIterator.cpp:
(WebCore::ComposedTreeIterator::Context::Context):

    Add FirstChildTag to various iterator constructors to make clear that they search for the first child.

(WebCore::ComposedTreeIterator::ComposedTreeIterator):
(WebCore::ComposedTreeIterator::traverseShadowRoot):

    Fix by using ElementAndTextDescendantIterator to find the first child.

* dom/ComposedTreeIterator.h:
(WebCore::ComposedTreeIterator::operator*):
(WebCore::ComposedTreeDescendantAdapter::ComposedTreeDescendantAdapter):
(WebCore::ComposedTreeDescendantAdapter::begin):
(WebCore::ComposedTreeDescendantAdapter::end):
(WebCore::ComposedTreeDescendantAdapter::at):
(WebCore::ComposedTreeChildAdapter::Iterator::Iterator):
* dom/ElementAndTextDescendantIterator.h:
(WebCore::ElementAndTextDescendantIterator::operator++):
(WebCore::ElementAndTextDescendantIterator::ElementAndTextDescendantIterator):
(WebCore::ElementAndTextDescendantIteratorAdapter::begin):
(WebCore::ElementAndTextDescendantIteratorAdapter::end):

LayoutTests:

* fast/shadow-dom/composed-tree-shadow-subtree-expected.txt:
* fast/shadow-dom/composed-tree-shadow-subtree.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199097 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd support for [EnabledAtRuntime] operations on DOMWindow
cdumez@apple.com [Wed, 6 Apr 2016 06:10:32 +0000 (06:10 +0000)]
Add support for [EnabledAtRuntime] operations on DOMWindow
https://bugs.webkit.org/show_bug.cgi?id=156272

Reviewed by Alex Christensen.

Source/JavaScriptCore:

Add identifier for 'fetch' so it can be used from the generated
bindings.

* runtime/CommonIdentifiers.h:

Source/WebCore:

Add support for [EnabledAtRuntime] operations on DOMWindow by omitting
such operations from the static table and add them at run-time in
JSDOMWindow::finishCreation() if the corresponding feature is enabled.

This was needed for window.fetch() for which a hack was temporarily
landed in r199081. This patch drops this hack now that the generated
bindings do the right thing.

* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::scriptExecutionContext):
Drop hack landed in r199081.

* bindings/scripts/CodeGeneratorJS.pm:
(OperationShouldBeOnInstance):
(GeneratePropertiesHashTable):
(GenerateImplementation):
Add support for [EnabledAtRuntime] operations on DOMWindow.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199096 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Do not create CodeMirror color/gradient markers in JavaScript resources
commit-queue@webkit.org [Wed, 6 Apr 2016 05:45:13 +0000 (05:45 +0000)]
Web Inspector: Do not create CodeMirror color/gradient markers in JavaScript resources
https://bugs.webkit.org/show_bug.cgi?id=156278
<rdar://problem/25570404>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-04-05
Reviewed by Timothy Hatcher.

* UserInterface/Views/SourceCodeTextEditor.js:
(WebInspector.SourceCodeTextEditor.prototype._hasStyleSheetContents):
(WebInspector.SourceCodeTextEditor.prototype._updateEditableMarkers):
Only spend the time to create style markers for style sheet contents.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199095 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMake CMake-generated binaries on Mac able to run
achristensen@apple.com [Wed, 6 Apr 2016 05:31:07 +0000 (05:31 +0000)]
Make CMake-generated binaries on Mac able to run
https://bugs.webkit.org/show_bug.cgi?id=156268

Reviewed by Daniel Bates.

.:

* Source/cmake/OptionsMac.cmake:

Source/JavaScriptCore:

* CMakeLists.txt:

Source/WebCore:

* CMakeLists.txt:
* PlatformMac.cmake:

Source/WebKit:

* CMakeLists.txt:

Source/WebKit2:

* CMakeLists.txt:
* PlatformMac.cmake:

Tools:

* DumpRenderTree/CMakeLists.txt:
* DumpRenderTree/PlatformMac.cmake:
* DumpRenderTree/PlatformWin.cmake:
* TestWebKitAPI/PlatformMac.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199094 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoImprove some other cases of context-sensitive inlining
fpizlo@apple.com [Wed, 6 Apr 2016 04:46:12 +0000 (04:46 +0000)]
Improve some other cases of context-sensitive inlining
https://bugs.webkit.org/show_bug.cgi?id=156277

Reviewed by Benjamin Poulain.

This implements some improvements for inlining:

- We no longer do guarded inlining when the profiling doesn't come from a stub. Doing so would have
  been risky, and according to benchmarks, it wasn't common enough to matter. I think it's better to
  err on the side of not inlining.

- The jneq_ptr pattern for variadic calls no longer breaks the basic block. Not breaking the block
  increases the chances of the parser seeing the callee constant. While inlining doesn't require a
  callee constant, sometimes it makes a difference. Note that we were previously breaking the block
  for no reason at all: if the boundary after jneq_ptr is a jump target from some other jump, then
  the parser will automatically break the block for us. There is no reason to add any block breaking
  ourselves since we implement jneq_ptr by ignoring the affirmative jump destination and inserting a
  check and falling through.

- get_by_id handling now tries to apply some common sense to its status object. In particular, if
  the source is a NewObject and there was no interfering operation that could clobber the structure,
  then we know which case of a polymorphic GetByIdStatus we would take. This arises in some
  constructor patterns.

Long term, we should address all of these cases comprehensively by having a late inliner. The inliner
being part of the bytecode parser means that there is a lot of complexity in the parser and it
prevents us from inlining upon learning new information from static analysis. But for now, I think
it's fine to experiment with one-off hacks, if only to learn what the possibilities are.

This is a 14% speed-up on Octane/raytrace.

* bytecode/CallLinkStatus.cpp:
(JSC::CallLinkStatus::dump):
* bytecode/CallLinkStatus.h:
(JSC::CallLinkStatus::couldTakeSlowPath):
(JSC::CallLinkStatus::setCouldTakeSlowPath):
(JSC::CallLinkStatus::variants):
(JSC::CallLinkStatus::size):
(JSC::CallLinkStatus::at):
* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::makesCalls):
(JSC::GetByIdStatus::filter):
(JSC::GetByIdStatus::dump):
* bytecode/GetByIdStatus.h:
(JSC::GetByIdStatus::wasSeenInJIT):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleCall):
(JSC::DFG::ByteCodeParser::refineStatically):
(JSC::DFG::ByteCodeParser::handleVarargsCall):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::parseBlock):
* runtime/Options.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199093 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoJSC SamplingProfiler: Use a thread + sleep loop instead of WTF::WorkQueue for taking...
sbarati@apple.com [Wed, 6 Apr 2016 03:55:11 +0000 (03:55 +0000)]
JSC SamplingProfiler: Use a thread + sleep loop instead of WTF::WorkQueue for taking samples
https://bugs.webkit.org/show_bug.cgi?id=154017

Reviewed by Geoffrey Garen.

By moving to an explicitly created seperate thread + sample-then-sleep
loop, we can remove a lot of the crufty code around WorkQueue.
We're also getting sample rates that are much closer to what we're
asking the OS for. When the sampling handler was built off of WorkQueue,
we'd often get sample rates much higher than the 1ms we asked for. On Kraken,
we would average about 1.7ms sample rates, even though we'd ask for a 1ms rate.
Now, on Kraken, we're getting about 1.2ms rates. Because we're getting
higher rates, this patch is a performance regression. It's slower because
we're sampling more frequently.

Before this patch, the sampling profiler had the following overhead:
- 10% on Kraken
- 12% on octane
- 15% on AsmBench

With this patch, the sampling profiler has the following overhead:
- 16% on Kraken
- 17% on Octane
- 30% on AsmBench

Comparatively, this new patch has the following overhead over the old sampling profiler:
- 5% on Kraken
- 3.5% on Octane
- 13% slower on AsmBench

* inspector/agents/InspectorScriptProfilerAgent.cpp:
(Inspector::InspectorScriptProfilerAgent::trackingComplete):
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::SamplingProfiler):
(JSC::SamplingProfiler::~SamplingProfiler):
(JSC::SamplingProfiler::createThreadIfNecessary):
(JSC::SamplingProfiler::timerLoop):
(JSC::SamplingProfiler::takeSample):
(JSC::tryGetBytecodeIndex):
(JSC::SamplingProfiler::shutdown):
(JSC::SamplingProfiler::start):
(JSC::SamplingProfiler::pause):
(JSC::SamplingProfiler::noticeCurrentThreadAsJSCExecutionThread):
(JSC::SamplingProfiler::noticeJSLockAcquisition):
(JSC::SamplingProfiler::noticeVMEntry):
(JSC::SamplingProfiler::clearData):
(JSC::SamplingProfiler::stop): Deleted.
(JSC::SamplingProfiler::dispatchIfNecessary): Deleted.
(JSC::SamplingProfiler::dispatchFunction): Deleted.
* runtime/SamplingProfiler.h:
(JSC::SamplingProfiler::setTimingInterval):
(JSC::SamplingProfiler::setStopWatch):
* runtime/VM.cpp:
(JSC::VM::VM):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199092 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Automation: add support for getting, deleting, and adding cookies
bburg@apple.com [Wed, 6 Apr 2016 03:23:18 +0000 (03:23 +0000)]
Web Automation: add support for getting, deleting, and adding cookies
https://bugs.webkit.org/show_bug.cgi?id=156090
<rdar://problem/25477678>

Reviewed by Timothy Hatcher.

Add protocol commands for manipulating cookies with respect to a given page.
Implement all but the addSingleCookie command, which needs a new WebCore API.

* UIProcess/Automation/Automation.json:
Copy the Page domain Cookie object. Add new commands.

* UIProcess/Automation/WebAutomationSession.cpp:
(WebKit::WebAutomationSession::getAllCookies):
(WebKit::buildObjectForCookie): Copied from InspectorPageAgent.
(WebKit::buildArrayForCookies): Copied from InspectorPageAgent.
(WebKit::WebAutomationSession::didGetCookiesForFrame):
(WebKit::WebAutomationSession::deleteSingleCookie):
(WebKit::WebAutomationSession::didDeleteCookie):
(WebKit::WebAutomationSession::addSingleCookie): Added a stub for now.
(WebKit::WebAutomationSession::deleteAllCookies):
This command can use the WebCookieManager supplement directly instead of
proxying through AutomationSession. It doesn't block until the delete is
performed like the other methods do, but this shouldn't be a problem.

* UIProcess/Automation/WebAutomationSession.h:
* UIProcess/Automation/WebAutomationSession.messages.in:
* WebProcess/Automation/WebAutomationSessionProxy.cpp:
(WebKit::WebAutomationSessionProxy::getCookiesForFrame):
(WebKit::WebAutomationSessionProxy::deleteCookie):
* WebProcess/Automation/WebAutomationSessionProxy.h:
* WebProcess/Automation/WebAutomationSessionProxy.messages.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199091 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix Range requests when not using the NetworkCache with NetworkSession
commit-queue@webkit.org [Wed, 6 Apr 2016 01:37:07 +0000 (01:37 +0000)]
Fix Range requests when not using the NetworkCache with NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=156036
rdar://problem/25334939

Patch by Alex Christensen <achristensen@webkit.org> on 2016-04-05
Reviewed by Sam Weinig.

* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:dataTask:willCacheResponse:completionHandler:]):
Don't cache any responses with Content-Range headers to work around rdar://problem/20001985.
This is similar to the workaround in shouldCacheResponse in WebCoreNSURLSession.mm
(WebKit::NetworkSession::NetworkSession):
If we are using the NetworkCache, then don't use CFNetwork's cache.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199090 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFixed CSS Shapes entry on the WebKit Feature Status page.
commit-queue@webkit.org [Wed, 6 Apr 2016 01:36:01 +0000 (01:36 +0000)]
Fixed CSS Shapes entry on the WebKit Feature Status page.
https://bugs.webkit.org/show_bug.cgi?id=156262

Patch by Jon Davis <jond@ingenesis.net> on 2016-04-05
Reviewed by Timothy Hatcher.

* features.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199089 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCorrect applicationWillTerminate logic for ResourceLoadStatistics
bfulgham@apple.com [Wed, 6 Apr 2016 01:31:13 +0000 (01:31 +0000)]
Correct applicationWillTerminate logic for ResourceLoadStatistics
https://bugs.webkit.org/show_bug.cgi?id=156249
<rdar://problem/25179611>

Reviewed by Andy Estes.

The applicationWillTerminate handling for ResourceLoadStatistics incorrectly
assumes that a ResourceLoadStatistics object will always be present.
1. The termination handling for 'dataStoresWithStorageManagers' should be
   calling 'applicationWillTerminate' on any ResourceLoadStatistics
   objects attached to the dataStore.
2. platformInitialize should null-check before attempting to dispatch.
3. platformDestroy should null check before attempting to dispatch.

* UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:
(WebKit::WebsiteDataStore::platformInitialize):
(WebKit::WebsiteDataStore::platformDestroy): Invoke 'applicationWillTerminate' on
m_resourceLoadStatistics if present.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199088 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMessageEvent.source window is incorrect once window has been reified
cdumez@apple.com [Wed, 6 Apr 2016 01:18:05 +0000 (01:18 +0000)]
MessageEvent.source window is incorrect once window has been reified
https://bugs.webkit.org/show_bug.cgi?id=156227
<rdar://problem/25545831>

Reviewed by Mark Lam.

Source/WebCore:

MessageEvent.source window was incorrect once window had been reified.

If the Window had not been reified, we kept constructing new
postMessage() functions when calling window.postMessage(). We used to
pass activeDOMWindow(execState) as source Window to
DOMWindow::postMessage(). activeDOMWindow() uses
exec->lexicalGlobalObject() which did the right thing because we
used to construct a new postMessage() function in the caller's context.

However, after reification, due to the way JSDOMWindow::getOwnPropertySlot()
was implemented, we would stop constructing new postMessage() functions
when calling window.postMessage(). As a result, the source window would
become incorrect because exec->lexicalGlobalObject() would return the
target Window instead.

In this patch, the following is done:
1. Stop constructing a new function every time in the same origin case
   for postMessage, blur, focus and close. This was inefficient and lead
   to incorrect behavior:
   - The behavior would differ depending if the Window is reified or not
   - It would be impossible to delete those operations, which is
     incompatible with the specification and other browsers (tested
     Firefox and Chrome).
2. Use callerDOMWindow(execState) instead of activeDOMWindow(execState)
   as source Window in JSDOMWindow::handlePostMessage(). callerDOMWindow()
   is a new utility function that returns the caller's Window object.

Tests: fast/dom/Window/delete-operations.html
       fast/dom/Window/messageevent-source-postmessage-reified.html
       fast/dom/Window/messageevent-source-postmessage.html
       fast/dom/Window/messageevent-source-postmessage2.html
       fast/dom/Window/window-postmessage-clone-frames.html
       fast/dom/Window/post-message-crash2.html

* bindings/js/JSDOMBinding.cpp:
(WebCore::GetCallerCodeBlockFunctor::operator()):
(WebCore::GetCallerCodeBlockFunctor::codeBlock):
(WebCore::callerDOMWindow):
* bindings/js/JSDOMBinding.h:
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::handlePostMessage):

LayoutTests:

Add tests that cover using MessageEvent.source Window for messaging
using postMessage(). There are 2 versions of the test, one where the
main window is reified and one where it is not. The test that has a
reified main window was failing because this fix.

* fast/dom/Window/delete-operations-expected.txt: Added.
* fast/dom/Window/delete-operations.html: Added.
Make sure that operations on Window are indeed deletable. Previously,
it would be impossible to delete postMessage, blur, focus and close.

* fast/dom/Window/messageevent-source-postmessage-expected.txt: Added.
* fast/dom/Window/messageevent-source-postmessage-reified-expected.txt: Added.
* fast/dom/Window/messageevent-source-postmessage-reified.html: Added.
* fast/dom/Window/messageevent-source-postmessage.html: Added.
* fast/dom/Window/messageevent-source-postmessage2.html: Added.
* fast/dom/Window/resources/messageevent-source-postmessage-frame.html: Added.
* fast/dom/Window/post-message-crash2-expected.txt: Added.
* fast/dom/Window/post-message-crash2.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199087 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTest listbox clipping to contents rect
mmaxfield@apple.com [Wed, 6 Apr 2016 01:17:20 +0000 (01:17 +0000)]
Test listbox clipping to contents rect
https://bugs.webkit.org/show_bug.cgi?id=156265

Reviewed by Simon Fraser.

These tests create some <select><option></option></select>s with padding.
These list boxes use the zapfino "f" character (because it draws wildly
far outside of its layout box) to create a case where text inside the list
box would naturally intersect with the padding. This overflow should be
clipped so that the padding is undisturbed.

* fast/forms/listbox-padding-clip-expected.html: Added.
* fast/forms/listbox-padding-clip-overlay-expected.html: Added.
* fast/forms/listbox-padding-clip-overlay.html: Added.
* fast/forms/listbox-padding-clip.html: Added.
* platform/ios-simulator/TestExpectations: Skip on iOS

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199086 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Make the Timelines sidebar wider
timothy@apple.com [Tue, 5 Apr 2016 23:56:48 +0000 (23:56 +0000)]
Web Inspector: Make the Timelines sidebar wider

https://bugs.webkit.org/show_bug.cgi?id=156257
rdar://problem/25564218

Reviewed by Joseph Pecoraro.

* UserInterface/Views/TimelineOverview.css:
(.timeline-overview): Added. Set define --timeline-sidebar-width.
(.timeline-overview > .navigation-bar.timelines): Use --timeline-sidebar-width.
(.timeline-overview > .tree-outline.timelines): Ditto.
(.timeline-overview > .scroll-container): Ditto.
(.timeline-overview > .timeline-ruler): Ditto.
(.timeline-overview > .graphs-container): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199085 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r199073.
ryanhaddad@apple.com [Tue, 5 Apr 2016 23:50:34 +0000 (23:50 +0000)]
Unreviewed, rolling out r199073.
https://bugs.webkit.org/show_bug.cgi?id=156261

This change broke internal Mac builds (Requested by ryanhaddad
on #webkit).

Reverted changeset:

"We should support the ability to do a non-effectful getById"
https://bugs.webkit.org/show_bug.cgi?id=156116
http://trac.webkit.org/changeset/199073

Patch by Commit Queue <commit-queue@webkit.org> on 2016-04-05

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199084 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMake requestCandidatesForSelection available on any EditorClient
bdakin@apple.com [Tue, 5 Apr 2016 23:33:47 +0000 (23:33 +0000)]
Make requestCandidatesForSelection available on any EditorClient
https://bugs.webkit.org/show_bug.cgi?id=156253
-and corresponding-
rdar://problem/24661147

Reviewed by Dean Jackson.

Source/WebCore:

* loader/EmptyClients.h:
* page/EditorClient.h:
(WebCore::EditorClient::requestCandidatesForSelection):

Source/WebKit/mac:

* WebCoreSupport/WebEditorClient.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199083 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Command-Option-R opens Inspector details sidebar or Responsive Design...
timothy@apple.com [Tue, 5 Apr 2016 23:20:34 +0000 (23:20 +0000)]
Web Inspector: Command-Option-R opens Inspector details sidebar or Responsive Design Mode, should only do one

https://bugs.webkit.org/show_bug.cgi?id=156258
rdar://problem/25483871

Reviewed by Joseph Pecoraro.

* UserInterface/Base/Main.js:
(WebInspector.contentLoaded): Change shortcuts to Command-Option-0 and Command-Shift-0.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199082 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Fetch API] Add a runtime flag to fetch API and related constructs
achristensen@apple.com [Tue, 5 Apr 2016 23:20:15 +0000 (23:20 +0000)]
[Fetch API] Add a runtime flag to fetch API and related constructs
https://bugs.webkit.org/show_bug.cgi?id=156113

Patch by Youenn Fablet <youenn.fablet@crf.canon.fr> on 2016-04-05
Reviewed by Alex Christensen.

Source/JavaScriptCore:

Add a fetch API runtime flag based on preferences.
Disable fetch API by default.

* runtime/CommonIdentifiers.h:

Source/WebCore:

Marking all Fetch interfaces EnabledAtRuntime=FetchAPI.
Adding FetchAPI runtime flag setter and getter.
In case, fetch API is disabled, ensure Window.prototype.fetch returns undefined.

* Modules/fetch/DOMWindowFetch.idl:
* Modules/fetch/FetchBody.idl:
* Modules/fetch/FetchHeaders.idl:
* Modules/fetch/FetchRequest.idl:
* Modules/fetch/FetchResponse.idl:
* Modules/fetch/WorkerGlobalScopeFetch.idl:
* bindings/generic/RuntimeEnabledFeatures.h:
(WebCore::RuntimeEnabledFeatures::webGL2Enabled):
(WebCore::RuntimeEnabledFeatures::setFetchAPIEnabled):
(WebCore::RuntimeEnabledFeatures::fetchAPIEnabled):
* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::finishCreation):

Source/WebKit/mac:

Add a fetch API runtime flag based on preferences.
Disable fetch API by default.

* WebView/WebPreferenceKeysPrivate.h:
* WebView/WebPreferences.mm:
(+[WebPreferences initialize]):
(-[WebPreferences setCustomElementsEnabled:]):
(-[WebPreferences fetchAPIEnabled]):
(-[WebPreferences setFetchAPIEnabled:]):
* WebView/WebPreferencesPrivate.h:
* WebView/WebView.mm:
(-[WebView _preferencesChanged:]):
(-[WebView preferencesIdentifier]):
(-[WebView setUIDelegate:]):

Source/WebKit2:

Add a fetch API runtime flag based on preferences.
Disable fetch API by default.

* Shared/WebPreferencesDefinitions.h:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesGetCustomElementsEnabled):
(WKPreferencesSetFetchAPIEnabled):
(WKPreferencesGetFetchAPIEnabled):
* UIProcess/API/C/WKPreferencesRefPrivate.h:
* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::overrideBoolPreferenceForTestRunner):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):

Tools:

* DumpRenderTree/TestRunner.h:
* DumpRenderTree/mac/DumpRenderTree.mm:
(resetWebPreferencesToConsistentValues):
* WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
(WTR::InjectedBundle::beginTesting):
* WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::setWebGL2Enabled):
(WTR::TestRunner::setFetchAPIEnabled):
(WTR::TestRunner::setAllowUniversalAccessFromFileURLs):
* WebKitTestRunner/InjectedBundle/TestRunner.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199081 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, fix cloop some more.
fpizlo@apple.com [Tue, 5 Apr 2016 22:57:26 +0000 (22:57 +0000)]
Unreviewed, fix cloop some more.

* runtime/RegExpInlines.h:
(JSC::RegExp::hasCodeFor):
(JSC::RegExp::hasMatchOnlyCodeFor):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199080 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, fix cloop.
fpizlo@apple.com [Tue, 5 Apr 2016 22:55:55 +0000 (22:55 +0000)]
Unreviewed, fix cloop.

* jit/CCallHelpers.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199079 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModern IDB: Get blob URLs/files all the way to the IDB backing store.
beidson@apple.com [Tue, 5 Apr 2016 22:55:33 +0000 (22:55 +0000)]
Modern IDB: Get blob URLs/files all the way to the IDB backing store.
https://bugs.webkit.org/show_bug.cgi?id=156248

Reviewed by Alex Christensen.

No new tests (No change in behavior).

* Modules/indexeddb/IDBTransaction.cpp:
(WebCore::IDBTransaction::putOrAddOnServer):

* Modules/indexeddb/IDBValue.cpp:
(WebCore::IDBValue::IDBValue):
(WebCore::IDBValue::isolatedCopy):
* Modules/indexeddb/IDBValue.h:
(WebCore::IDBValue::blobURLs):
(WebCore::IDBValue::blobFilePaths):
(WebCore::IDBValue::encode):
(WebCore::IDBValue::decode):

* Modules/indexeddb/server/IDBBackingStore.h:

* Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
(WebCore::IDBServer::MemoryIDBBackingStore::addRecord):
* Modules/indexeddb/server/MemoryIDBBackingStore.h:

* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
(WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
* Modules/indexeddb/server/SQLiteIDBBackingStore.h:

* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd):

* bindings/js/SerializedScriptValue.cpp:
(WebCore::SerializedScriptValue::writeBlobsToDiskForIndexedDB):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199078 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Should not allow selecting no Timelines when editing in Timeline tab
mattbaker@apple.com [Tue, 5 Apr 2016 22:32:03 +0000 (22:32 +0000)]
Web Inspector: Should not allow selecting no Timelines when editing in Timeline tab
https://bugs.webkit.org/show_bug.cgi?id=156223
<rdar://problem/25552221>

Reviewed by Joseph Pecoraro.

* UserInterface/Views/TimelineOverview.js:
(WebInspector.TimelineOverview):
(WebInspector.TimelineOverview.prototype._startEditingInstruments):
Register EnabledDidChange event handler for all tree elements.

(WebInspector.TimelineOverview.prototype._stopEditingInstruments):
Unregister event handler for enabled tree elements. The rest are removed
from the tree outline once editing has completed.

(WebInspector.TimelineOverview.prototype._timelineTreeElementEnabledDidChange):
Enable "Done" button if at least one timeline is enabled.

* UserInterface/Views/TimelineTreeElement.js:
Dispatch a new event, EnabledDidChange, when the checkbox state changes.

(WebInspector.TimelineTreeElement.prototype._showCheckbox):
(WebInspector.TimelineTreeElement.prototype._clickHandler):
(WebInspector.TimelineTreeElement.prototype._dispatchEnabledDidChangeEvent):
(WebInspector.TimelineTreeElement):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199077 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoJSC should use a shadow stack version of CHICKEN so that debuggers have the option...
fpizlo@apple.com [Tue, 5 Apr 2016 22:17:35 +0000 (22:17 +0000)]
JSC should use a shadow stack version of CHICKEN so that debuggers have the option of retrieving tail-deleted frames
https://bugs.webkit.org/show_bug.cgi?id=155598

Reviewed by Saam Barati.
PerformanceTests/SunSpider:

* shadow-chicken.yaml: Added.

Source/JavaScriptCore:

JSC is the first JSVM to have proper tail calls. This means that error.stack and the
debugger will appear to "delete" strict mode stack frames, if the call that this frame made
was in tail position. This is exactly what functional programmers expect - they don't want
the VM to waste resources on tail-deleted frames to ensure that it's legal to loop forever
using tail calls. It's also something that non-functional programmers fear. It's not clear
that tail-deleted frames would actually degrade the debugging experience, but the fear is
real, so it's worthwhile to do something about it.

It turns out that there is at least one tail call implementation that doesn't suffer from
this problem. It implements proper tail calls in the sense that you won't run out of memory
by tail-looping. It also has the power to show you tail-deleted frames in a backtrace, so
long as you haven't yet run out of memory. It's called CHICKEN Scheme, and it's one of my
favorite hacks:

http://www.more-magic.net/posts/internals-gc.html

CHICKEN does many awesome things. The intuition from CHICKEN that we use here is a simple
one: what if a tail call still kept the tail-deleted frame, and the GC actually deleted that
frame only once we proved that there was insufficient memory to keep it around.

CHICKEN does this by reshaping the C stack with longjmp/setjmp. We can't do that because we
can have arbitrary native code, and that native code does not have relocatable stack frames.

But we can do something almost like CHICKEN on a shadow stack. It's a common trick to have a
VM maintain two stacks - the actual execution stack plus a shadow stack that has some extra
information. The shadow stack can be reshaped, moved, etc, since the VM tightly controls its
layout. The main stack can then continue to obey ABI rules.

This patch implements a mechanism for being able to display stack traces that include
tail-deleted frames. It uses a shadow stack that behaves like a CHICKEN stack: it has all
frames all the time, though we will collect the tail-deleted ones if the stack gets too big.
This new mechanism is called ShadowChicken, obviously: it's CHICKEN on a shadow stack.

ShadowChicken is always on, but individual CodeBlocks may make their own choices about
whether to opt into it. They will do that at bytecompile time based on the debugger mode on
their global object.

When no CodeBlock opts in, there is no overhead, since ShadowChicken ends up doing nothing
in that case. Well, except when exceptions are thrown. Then it might do some work, but it's
minor.

When all CodeBlocks opt in, there is about 6% overhead. That's too much overhead to enable
this all the time, but it's low enough to justify enabling in the Inspector. It's currently
enabled on all CodeBlocks only when you use an Option. Otherwise it will auto-enable if the
debugger is on.

Note that ShadowChicken attempts to gracefully handle the presence of stack frames that have
no logging. This is essential since we *can* have debugging enabled in one GlobalObject and
disabled in another. Also, some frames don't do ShadowChicken because they just haven't been
hacked to do it yet. Native frames fall into this category, as do the VM entry frames.

This doesn't yet wire ShadowChicken into DebuggerCallFrame. That will take more work. It
just makes a ShadowChicken stack walk function available to jsc. It's used from the
shadow-chicken tests.

* API/JSContextRef.cpp:
(BacktraceFunctor::BacktraceFunctor):
(BacktraceFunctor::operator()):
(JSContextCreateBacktrace):
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::RecursionCheckFunctor::RecursionCheckFunctor):
(JSC::RecursionCheckFunctor::operator()):
(JSC::CodeBlock::noticeIncomingCall):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitEnter):
(JSC::BytecodeGenerator::emitCallInTailPosition):
(JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
(JSC::BytecodeGenerator::emitCallVarargs):
(JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
(JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
(JSC::BytecodeGenerator::emitCallDefineProperty):
* bytecompiler/BytecodeGenerator.h:
* debugger/DebuggerCallFrame.cpp:
(JSC::LineAndColumnFunctor::operator()):
(JSC::LineAndColumnFunctor::column):
(JSC::FindCallerMidStackFunctor::FindCallerMidStackFunctor):
(JSC::FindCallerMidStackFunctor::operator()):
(JSC::DebuggerCallFrame::DebuggerCallFrame):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLAbstractHeapRepository.cpp:
* ftl/FTLAbstractHeapRepository.h:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileSetRegExpObjectLastIndex):
(JSC::FTL::DFG::LowerDFGToB3::compileLogShadowChickenPrologue):
(JSC::FTL::DFG::LowerDFGToB3::compileLogShadowChickenTail):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):
(JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
(JSC::FTL::DFG::LowerDFGToB3::setupShadowChickenPacket):
(JSC::FTL::DFG::LowerDFGToB3::boolify):
* heap/Heap.cpp:
(JSC::Heap::markRoots):
(JSC::Heap::visitSamplingProfiler):
(JSC::Heap::visitShadowChicken):
(JSC::Heap::traceCodeBlocksAndJITStubRoutines):
(JSC::Heap::collectImpl):
* heap/Heap.h:
* inspector/ScriptCallStackFactory.cpp:
(Inspector::CreateScriptCallStackFunctor::CreateScriptCallStackFunctor):
(Inspector::CreateScriptCallStackFunctor::operator()):
(Inspector::createScriptCallStack):
* interpreter/CallFrame.h:
(JSC::ExecState::iterate):
* interpreter/Interpreter.cpp:
(JSC::DumpRegisterFunctor::DumpRegisterFunctor):
(JSC::DumpRegisterFunctor::operator()):
(JSC::GetStackTraceFunctor::GetStackTraceFunctor):
(JSC::GetStackTraceFunctor::operator()):
(JSC::Interpreter::getStackTrace):
(JSC::GetCatchHandlerFunctor::handler):
(JSC::GetCatchHandlerFunctor::operator()):
(JSC::notifyDebuggerOfUnwinding):
(JSC::UnwindFunctor::UnwindFunctor):
(JSC::UnwindFunctor::operator()):
(JSC::UnwindFunctor::copyCalleeSavesToVMCalleeSavesBuffer):
* interpreter/ShadowChicken.cpp: Added.
(JSC::ShadowChicken::Packet::dump):
(JSC::ShadowChicken::Frame::dump):
(JSC::ShadowChicken::ShadowChicken):
(JSC::ShadowChicken::~ShadowChicken):
(JSC::ShadowChicken::log):
(JSC::ShadowChicken::update):
(JSC::ShadowChicken::visitChildren):
(JSC::ShadowChicken::reset):
(JSC::ShadowChicken::dump):
(JSC::ShadowChicken::functionsOnStack):
* interpreter/ShadowChicken.h: Added.
(JSC::ShadowChicken::Packet::Packet):
(JSC::ShadowChicken::Packet::tailMarker):
(JSC::ShadowChicken::Packet::throwMarker):
(JSC::ShadowChicken::Packet::prologue):
(JSC::ShadowChicken::Packet::tail):
(JSC::ShadowChicken::Packet::throwPacket):
(JSC::ShadowChicken::Packet::operator bool):
(JSC::ShadowChicken::Packet::isPrologue):
(JSC::ShadowChicken::Packet::isTail):
(JSC::ShadowChicken::Packet::isThrow):
(JSC::ShadowChicken::Frame::Frame):
(JSC::ShadowChicken::Frame::operator==):
(JSC::ShadowChicken::Frame::operator!=):
(JSC::ShadowChicken::log):
(JSC::ShadowChicken::logSize):
(JSC::ShadowChicken::addressOfLogCursor):
(JSC::ShadowChicken::logEnd):
* interpreter/ShadowChickenInlines.h: Added.
(JSC::ShadowChicken::iterate):
* interpreter/StackVisitor.h:
(JSC::StackVisitor::Frame::callee):
(JSC::StackVisitor::Frame::codeBlock):
(JSC::StackVisitor::Frame::bytecodeOffset):
(JSC::StackVisitor::Frame::inlineCallFrame):
(JSC::StackVisitor::Frame::isJSFrame):
(JSC::StackVisitor::Frame::isInlinedFrame):
(JSC::StackVisitor::visit):
* jit/CCallHelpers.cpp: Added.
(JSC::CCallHelpers::logShadowChickenProloguePacket):
(JSC::CCallHelpers::logShadowChickenTailPacket):
(JSC::CCallHelpers::setupShadowChickenPacket):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::prepareForTailCallSlow):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITExceptions.cpp:
(JSC::genericUnwind):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_resume):
(JSC::JIT::emit_op_log_shadow_chicken_prologue):
(JSC::JIT::emit_op_log_shadow_chicken_tail):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jsc.cpp:
(GlobalObject::finishCreation):
(FunctionJSCStackFunctor::FunctionJSCStackFunctor):
(FunctionJSCStackFunctor::operator()):
(functionClearSamplingFlags):
(functionShadowChickenFunctionsOnStack):
(functionReadline):
* llint/LLIntOffsetsExtractor.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::llint_throw_stack_overflow_error):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
* profiler/ProfileGenerator.cpp:
(JSC::AddParentForConsoleStartFunctor::foundParent):
(JSC::AddParentForConsoleStartFunctor::operator()):
* runtime/Error.cpp:
(JSC::FindFirstCallerFrameWithCodeblockFunctor::FindFirstCallerFrameWithCodeblockFunctor):
(JSC::FindFirstCallerFrameWithCodeblockFunctor::operator()):
(JSC::addErrorInfoAndGetBytecodeOffset):
* runtime/JSFunction.cpp:
(JSC::RetrieveArgumentsFunctor::result):
(JSC::RetrieveArgumentsFunctor::operator()):
(JSC::retrieveArguments):
(JSC::RetrieveCallerFunctionFunctor::result):
(JSC::RetrieveCallerFunctionFunctor::operator()):
(JSC::retrieveCallerFunction):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::GlobalFuncProtoGetterFunctor::result):
(JSC::GlobalFuncProtoGetterFunctor::operator()):
(JSC::globalFuncProtoGetter):
(JSC::GlobalFuncProtoSetterFunctor::allowsAccess):
(JSC::GlobalFuncProtoSetterFunctor::operator()):
* runtime/NullSetterFunction.cpp:
(JSC::GetCallerStrictnessFunctor::GetCallerStrictnessFunctor):
(JSC::GetCallerStrictnessFunctor::operator()):
(JSC::GetCallerStrictnessFunctor::callerIsStrict):
(JSC::callerIsStrict):
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructorGetPrototypeOfFunctor::result):
(JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
(JSC::objectConstructorGetPrototypeOf):
* runtime/Options.h:
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::SetEnabledProfilerFunctor::operator()):
* runtime/VM.h:
(JSC::VM::shouldBuilderPCToCodeOriginMapping):
(JSC::VM::bytecodeIntrinsicRegistry):
(JSC::VM::shadowChicken):
* tests/stress/resources/shadow-chicken-support.js: Added.
(describeFunction):
(describeArray):
(expectStack):
(initialize):
* tests/stress/shadow-chicken-disabled.js: Added.
(test1.foo):
(test1.bar):
(test1.baz):
(test1):
(test2.foo):
(test2.bar):
(test2.baz):
(test2):
(test3.foo):
(test3.bar):
(test3.baz):
(test3):
* tests/stress/shadow-chicken-enabled.js: Added.
(test1.foo):
(test1.bar):
(test1.baz):
(test1):
(test2.foo):
(test2.bar):
(test2.baz):
(test2):
(test3.bob):
(test3.thingy):
(test3.foo):
(test3.bar):
(test3.baz):
(test3):
(test4.bob):
(test4.thingy):
(test4.foo):
(test4.bar):
(test4.baz):
(test4):
(test5.foo):
(test5):
* tools/JSDollarVMPrototype.cpp:
(JSC::CallerFrameJITTypeFunctor::CallerFrameJITTypeFunctor):
(JSC::CallerFrameJITTypeFunctor::operator()):
(JSC::CallerFrameJITTypeFunctor::jitType):
(JSC::functionLLintTrue):
(JSC::CellAddressCheckFunctor::CellAddressCheckFunctor):
(JSC::CellAddressCheckFunctor::operator()):
(JSC::JSDollarVMPrototype::isValidCell):
(JSC::JSDollarVMPrototype::isValidCodeBlock):
(JSC::JSDollarVMPrototype::codeBlockForFrame):
(JSC::PrintFrameFunctor::PrintFrameFunctor):
(JSC::PrintFrameFunctor::operator()):
(JSC::printCallFrame):

Source/WebCore:

Fixed some uses of the stack walking functor to obey the new lambda-friendly API, which
requires that operator() is const.

No new tests because no change in behavior.

* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::SendFunctor::column):
(WebCore::SendFunctor::url):
(WebCore::SendFunctor::operator()):
(WebCore::JSXMLHttpRequest::send):
* testing/Internals.cpp:
(WebCore::GetCallerCodeBlockFunctor::GetCallerCodeBlockFunctor):
(WebCore::GetCallerCodeBlockFunctor::operator()):
(WebCore::GetCallerCodeBlockFunctor::codeBlock):
(WebCore::Internals::parserMetaData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199076 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSource/JavaScriptCore:
fpizlo@apple.com [Tue, 5 Apr 2016 22:13:16 +0000 (22:13 +0000)]
Source/JavaScriptCore:
DFG and FTL should constant-fold RegExpExec, RegExpTest, and StringReplace
https://bugs.webkit.org/show_bug.cgi?id=155270

Reviewed by Saam Barati.

This enables constant-folding of RegExpExec, RegExpTest, and StringReplace.

It's now possible to run Yarr on the JIT threads. Since previous work on constant-folding
strings gave the DFG an API for reasoning about JSString constants in terms of
JIT-thread-local WTF::Strings, it's now super easy to just pass strings to Yarr and build IR
based on the results.

But RegExpExec is hard: the folded version still must allocate a RegExpMatchesArray. We must
use the same Structure that the code would have used or else we'll pollute the program's
inline caches. Also, RegExpMatchesArray.h|cpp will allocate the array and its named
properties in one go - we don't want to lose that optimization. So, this patch enables
MaterializeNewObject to allocate objects or arrays with any number of indexed or named
properties. Previously it could only handle objects (but not arrays) and named properties
(but not indexed ones).

This also adds a few minor things for setting the RegExpConstructor cached result.

This is about a 2x speed-up on microbenchmarks when we fold a match success and about a
8x speed-up when we fold a match failure. It's a 10% speed-up on Octane/regexp.

* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGInsertionSet.cpp:
(JSC::DFG::InsertionSet::insertSlow):
(JSC::DFG::InsertionSet::execute):
* dfg/DFGInsertionSet.h:
(JSC::DFG::InsertionSet::insertCheck):
* dfg/DFGLazyJSValue.cpp:
(JSC::DFG::LazyJSValue::tryGetString):
* dfg/DFGMayExit.cpp:
(JSC::DFG::mayExit):
* dfg/DFGNode.h:
(JSC::DFG::StackAccessData::flushedAt):
(JSC::DFG::OpInfo::OpInfo): Deleted.
* dfg/DFGNodeType.h:
* dfg/DFGObjectAllocationSinkingPhase.cpp:
* dfg/DFGObjectMaterializationData.cpp:
(JSC::DFG::ObjectMaterializationData::dump):
(JSC::DFG::PhantomPropertyValue::dump): Deleted.
(JSC::DFG::ObjectMaterializationData::oneWaySimilarityScore): Deleted.
(JSC::DFG::ObjectMaterializationData::similarityScore): Deleted.
* dfg/DFGObjectMaterializationData.h:
(JSC::DFG::PhantomPropertyValue::PhantomPropertyValue): Deleted.
(JSC::DFG::PhantomPropertyValue::operator==): Deleted.
* dfg/DFGOpInfo.h: Added.
(JSC::DFG::OpInfo::OpInfo):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGPromotedHeapLocation.cpp:
(WTF::printInternal):
* dfg/DFGPromotedHeapLocation.h:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::~SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
(JSC::DFG::SpeculativeJIT::emitGetLength):
(JSC::DFG::SpeculativeJIT::compileLazyJSConstant):
(JSC::DFG::SpeculativeJIT::compileMaterializeNewObject):
(JSC::DFG::SpeculativeJIT::compileRecordRegExpCachedResult):
(JSC::DFG::SpeculativeJIT::emitAllocateJSArray): Deleted.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::emitAllocateDestructibleObject):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStoreBarrierInsertionPhase.cpp:
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::StrengthReductionPhase):
(JSC::DFG::StrengthReductionPhase::handleNode):
(JSC::DFG::StrengthReductionPhase::handleCommutativity):
(JSC::DFG::StrengthReductionPhase::executeInsertionSet):
* dfg/DFGValidate.cpp:
(JSC::DFG::Validate::validate):
(JSC::DFG::Validate::validateCPS):
* ftl/FTLAbstractHeapRepository.cpp:
* ftl/FTLAbstractHeapRepository.h:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSize):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
(JSC::FTL::DFG::LowerDFGToB3::compileSetRegExpObjectLastIndex):
(JSC::FTL::DFG::LowerDFGToB3::compileRecordRegExpCachedResult):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):
(JSC::FTL::DFG::LowerDFGToB3::storageForTransition):
(JSC::FTL::DFG::LowerDFGToB3::initializeArrayElements):
(JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::isNotCellOrMisc):
(JSC::FTL::DFG::LowerDFGToB3::unboxDouble):
* ftl/FTLOperations.cpp:
(JSC::FTL::operationPopulateObjectInOSR):
(JSC::FTL::operationNewObjectWithButterfly): Deleted.
* ftl/FTLOperations.h:
* inspector/ContentSearchUtilities.cpp:
* runtime/JSObject.h:
(JSC::JSObject::createRawObject):
(JSC::JSFinalObject::create):
* runtime/RegExp.cpp:
(JSC::RegExp::compile):
(JSC::RegExp::match):
(JSC::RegExp::matchConcurrently):
(JSC::RegExp::compileMatchOnly):
(JSC::RegExp::deleteCode):
* runtime/RegExp.h:
* runtime/RegExpCachedResult.h:
(JSC::RegExpCachedResult::offsetOfLastRegExp):
(JSC::RegExpCachedResult::offsetOfLastInput):
(JSC::RegExpCachedResult::offsetOfResult):
(JSC::RegExpCachedResult::offsetOfReified):
* runtime/RegExpConstructor.h:
(JSC::RegExpConstructor::offsetOfCachedResult):
* runtime/RegExpInlines.h:
(JSC::RegExp::hasCodeFor):
(JSC::RegExp::compileIfNecessary):
(JSC::RegExp::matchInline):
(JSC::RegExp::hasMatchOnlyCodeFor):
(JSC::RegExp::compileIfNecessaryMatchOnly):
* runtime/RegExpObjectInlines.h:
(JSC::RegExpObject::execInline):
* runtime/StringPrototype.cpp:
(JSC::substituteBackreferencesSlow):
(JSC::substituteBackreferencesInline):
(JSC::substituteBackreferences):
(JSC::StringRange::StringRange):
* runtime/StringPrototype.h:
* runtime/VM.h:
* tests/stress/simple-regexp-exec-folding-fail.js: Added.
(foo):
* tests/stress/simple-regexp-exec-folding.js: Added.
(foo):
* tests/stress/simple-regexp-test-folding-fail.js: Added.
(foo):
* tests/stress/simple-regexp-test-folding.js: Added.
(foo):
* yarr/RegularExpression.cpp:
* yarr/Yarr.h:
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::interpret):
(JSC::Yarr::ByteCompiler::ByteCompiler):
(JSC::Yarr::ByteCompiler::compile):
(JSC::Yarr::ByteCompiler::checkInput):
(JSC::Yarr::byteCompile):
(JSC::Yarr::interpret):
* yarr/YarrInterpreter.h:
(JSC::Yarr::BytecodePattern::BytecodePattern):

Source/WTF:
DFG and FTL should constant-fold RegExpExec
https://bugs.webkit.org/show_bug.cgi?id=155270

Reviewed by Saam Barati.

Make executeInsertions() return the amount by which the vector increased in size. This is a
convenient feature that I use in DFG::InsertionSet.

* wtf/Insertion.h:
(WTF::executeInsertions):

LayoutTests:
DFG and FTL should constant-fold RegExpExec
https://bugs.webkit.org/show_bug.cgi?id=155270

Reviewed by Saam Barati.

* js/regress/script-tests/simple-regexp-exec-folding-fail.js: Added.
* js/regress/script-tests/simple-regexp-exec-folding.js: Added.
* js/regress/script-tests/simple-regexp-test-folding-fail.js: Added.
* js/regress/script-tests/simple-regexp-test-folding.js: Added.
* js/regress/simple-regexp-exec-folding-expected.txt: Added.
* js/regress/simple-regexp-exec-folding-fail-expected.txt: Added.
* js/regress/simple-regexp-exec-folding-fail.html: Added.
* js/regress/simple-regexp-exec-folding.html: Added.
* js/regress/simple-regexp-test-folding-expected.txt: Added.
* js/regress/simple-regexp-test-folding-fail-expected.txt: Added.
* js/regress/simple-regexp-test-folding-fail.html: Added.
* js/regress/simple-regexp-test-folding.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199075 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMake the @webkit link on the front page link to the feed
jond@apple.com [Tue, 5 Apr 2016 22:12:39 +0000 (22:12 +0000)]
Make the @webkit link on the front page link to the feed
https://bugs.webkit.org/show_bug.cgi?id=156244

Reviewed by Timothy Hatcher.

* wp-content/themes/webkit/widgets/twitter.php:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199074 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWe should support the ability to do a non-effectful getById
keith_miller@apple.com [Tue, 5 Apr 2016 21:36:25 +0000 (21:36 +0000)]
We should support the ability to do a non-effectful getById
https://bugs.webkit.org/show_bug.cgi?id=156116

Reviewed by Benjamin Poulain.

Currently, there is no way in JS to do a non-effectful getById. A non-effectful getById is
useful because it enables us to take different code paths based on values that we would
otherwise not be able to have knowledge of. This patch adds this new feature called
try_get_by_id that will attempt to do as much of a get_by_id as possible without performing
an effectful behavior. Thus, try_get_by_id will return the value if the slot is a value, the
GetterSetter object if the slot is a normal accessor (not a CustomGetterSetter) and
undefined if the slot is unset.  If the slot is proxied or any other cases then the result
is null. In theory, if we ever wanted to check for null we could add a sentinal object to
the global object that indicates we could not get the result.

In order to implement this feature we add a new enum GetByIdKind that indicates what to do
for accessor properties in PolymorphicAccess. If the GetByIdKind is pure then we treat the
get_by_id the same way we would for load and return the value at the appropriate offset.
Additionally, in order to make sure the we can properly compare the GetterSetter object
with === GetterSetters are now JSObjects. This comes at the cost of eight extra bytes on the
GetterSetter object but it vastly simplifies the patch. Additionally, the extra bytes are
likely to have little to no impact on memory usage as normal accessors are generally rare.

* JavaScriptCore.xcodeproj/project.pbxproj:
* builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::createDefaultConstructor):
(JSC::BuiltinExecutables::createBuiltinExecutable):
(JSC::createBuiltinExecutable):
(JSC::BuiltinExecutables::createExecutable):
(JSC::createExecutableInternal): Deleted.
* builtins/BuiltinExecutables.h:
* bytecode/BytecodeIntrinsicRegistry.h:
* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::tryGet):
(JSC::AccessCase::generate):
(WTF::printInternal):
* bytecode/PolymorphicAccess.h:
(JSC::AccessCase::isGet): Deleted.
(JSC::AccessCase::isPut): Deleted.
(JSC::AccessCase::isIn): Deleted.
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::reset):
* bytecode/StructureStubInfo.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitTryGetById):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::BytecodeIntrinsicNode::emit_intrinsic_tryGetById):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::getById):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
* jit/JITInlineCacheGenerator.h:
* jit/JITInlines.h:
(JSC::JIT::callOperation):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id):
* jit/Repatch.cpp:
(JSC::repatchByIdSelfAccess):
(JSC::appropriateOptimizingGetByIdFunction):
(JSC::appropriateGenericGetByIdFunction):
(JSC::tryCacheGetByID):
(JSC::repatchGetByID):
(JSC::resetGetByID):
* jit/Repatch.h:
* jsc.cpp:
(GlobalObject::finishCreation):
(functionGetGetterSetter):
(functionCreateBuiltin):
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
* runtime/GetterSetter.cpp:
* runtime/GetterSetter.h:
* runtime/JSType.h:
* runtime/PropertySlot.cpp:
(JSC::PropertySlot::getPureResult):
* runtime/PropertySlot.h:
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::getOwnPropertySlotCommon):
* tests/stress/try-get-by-id.js: Added.
(tryGetByIdText):
(getCaller.obj.1.throw.new.Error.let.func):
(getCaller.obj.1.throw.new.Error):
(throw.new.Error.get let):
(throw.new.Error.):
(throw.new.Error.let.get createBuiltin):
(get let):
(let.get createBuiltin):
(let.func):
(get let.func):
(get throw):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199073 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModern IDB: Replace use of SerializedScriptValue with IDBValue.
beidson@apple.com [Tue, 5 Apr 2016 21:27:05 +0000 (21:27 +0000)]
Modern IDB: Replace use of SerializedScriptValue with IDBValue.
https://bugs.webkit.org/show_bug.cgi?id=156242

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (No change in behavior).

* Modules/indexeddb/IDBTransaction.cpp:
(WebCore::IDBTransaction::putOrAddOnServer):

* Modules/indexeddb/IDBValue.cpp:
(WebCore::IDBValue::IDBValue):
(WebCore::IDBValue::isolatedCopy):
* Modules/indexeddb/IDBValue.h:
(WebCore::IDBValue::data):
(WebCore::IDBValue::encode):
(WebCore::IDBValue::decode):

* Modules/indexeddb/client/IDBConnectionToServer.cpp:
(WebCore::IDBClient::IDBConnectionToServer::putOrAdd):
* Modules/indexeddb/client/IDBConnectionToServer.h:
* Modules/indexeddb/client/IDBConnectionToServerDelegate.h:

* Modules/indexeddb/server/IDBServer.cpp:
(WebCore::IDBServer::IDBServer::putOrAdd):
* Modules/indexeddb/server/IDBServer.h:

* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::putOrAdd):
(WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd):
* Modules/indexeddb/server/UniqueIDBDatabase.h:

* Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp:
(WebCore::IDBServer::UniqueIDBDatabaseTransaction::putOrAdd):
* Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h:

* Modules/indexeddb/shared/InProcessIDBServer.cpp:
(WebCore::InProcessIDBServer::putOrAdd):
* Modules/indexeddb/shared/InProcessIDBServer.h:

* WebCore.xcodeproj/project.pbxproj:

* platform/CrossThreadCopier.cpp:
(WebCore::IDBValue>::copy):
* platform/CrossThreadCopier.h:

* platform/ThreadSafeDataBuffer.h:
(WebCore::ThreadSafeDataBuffer::encode):
(WebCore::ThreadSafeDataBuffer::decode):

Source/WebKit2:

* DatabaseProcess/IndexedDB/WebIDBConnectionToClient.cpp:
(WebKit::WebIDBConnectionToClient::putOrAdd):
* DatabaseProcess/IndexedDB/WebIDBConnectionToClient.h:
* DatabaseProcess/IndexedDB/WebIDBConnectionToClient.messages.in:

* WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:
(WebKit::WebIDBConnectionToServer::putOrAdd):
* WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199072 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAvoid context save/restore in GraphicsContext::drawNativeImage
commit-queue@webkit.org [Tue, 5 Apr 2016 20:24:01 +0000 (20:24 +0000)]
Avoid context save/restore in GraphicsContext::drawNativeImage
https://bugs.webkit.org/show_bug.cgi?id=156173

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-04-05
Reviewed by Simon Fraser.

CG save/restore is a costly operation. Try to avoid it, if possible, in
GraphicsContext::drawNativeImage. If no clipping is involved, don't save/
save/restore the GraphicsContext.

* platform/graphics/cg/GraphicsContextCG.cpp:
(WebCore::GraphicsContext::drawNativeImage):
* platform/graphics/cg/GraphicsContextCG.h:
(WebCore::CGContextStateSaver::didSave):
* platform/spi/cg/CoreGraphicsSPI.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199071 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agojsc-layout-tests.yaml/js/script-tests/regress-141098.js failing on Yosemite Debug...
sbarati@apple.com [Tue, 5 Apr 2016 20:05:02 +0000 (20:05 +0000)]
jsc-layout-tests.yaml/js/script-tests/regress-141098.js failing on Yosemite Debug after r198989
https://bugs.webkit.org/show_bug.cgi?id=156187

Reviewed by Filip Pizlo.

This is a speculative fix. Lets see if the prevents the timeout.

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseStatementListItem):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199070 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoPolymorphicAccess should have a MegamorphicLoad case
fpizlo@apple.com [Tue, 5 Apr 2016 19:58:04 +0000 (19:58 +0000)]
PolymorphicAccess should have a MegamorphicLoad case
https://bugs.webkit.org/show_bug.cgi?id=156182

Reviewed by Geoffrey Garen and Keith Miller.

Source/JavaScriptCore:

This introduces a new case to PolymorphicAccess called MegamorphicLoad. This inlines the lookup in
the PropertyTable. It's cheaper than switching on a huge number of cases and it's cheaper than
calling into C++ to do the same job - particularly since inlining the lookup into an access means
that we can precompute the hash code.

When writing the inline code for the hashtable lookup, I found that our hashing algorithm was not
optimal. It used a double-hashing method for reducing collision pathologies. This is great for
improving the performance of some worst-case scenarios. But this misses the point of a hashtable: we
want to optimize the average-case performance. When optimizing for average-case, we can choose to
either focus on maximizing the likelihood of the fast case happening, or to minimize the cost of the
worst-case, or to minimize the cost of the fast case. Even a very basic hashtable will achieve a high
probability of hitting the fast case. So, doing work to reduce the likelihood of a worst-case
pathology only makes sense if it also preserves the good performance of the fast case, or reduces the
likelihood of the worst-case by so much that it's a win for the average case even with a slow-down in
the fast case.

I don't believe, based on looking at how the double-hashing is implemented, that it's possible that
this preserves the good performance of the fast case. It requires at least one more value to be live
around the loop, and dramatically increases the register pressure at key points inside the loop. The
biggest offender is the doubleHash() method itself. There is no getting around how bad this is: if
the compiler live-range-splits that method to death to avoid degrading register pressure elsewhere
then we will pay a steep price anytime we take the second iteration around the loop; but if the
compiler doesn't split around the call then the hashtable lookup fast path will be full of spills on
some architectures (I performed biological register allocation and found that I needed 9 registers
for complete lookup, while x86-64 has only 6 callee-saves; OTOH ARM64 has 10 callee-saves so it might
be better off).

Hence, this patch changes the hashtable lookup to use simple linear probing. This was not a slow-down
on anything, and it made MegamorphicLoad much more sensible since it is less likely to have to spill.

There are some other small changes in this patch, like rationalizing the IC's choice between giving
up after a repatch (i.e. never trying again) and just pretending that nothing happened (so we can
try to repatch again in the future). It looked like the code in Repatch.cpp was set up to be able to
choose between those options, but we weren't fully taking advantage of it because the
regenerateWithCase() method just returned null for any failure, and didn't say whether it was the
sort of failure that renders the inline cache unrepatchable (like memory allocation failure). Now
this is all made explicit. I wanted to make sure this change happened in this patch since the
MegamorphicLoad code automagically generates a MegamorphicLoad case by coalescing other cases. Since
this is intended to avoid blowing out the cache and making it unrepatchable, I wanted to make sure
that the rules for giving up were something that made sense to me.

This is a big win on microbenchmarks. It's neutral on traditional JS benchmarks. It's a slight
speed-up for page loading, because many real websites like to have megamorphic property accesses.

* bytecode/PolymorphicAccess.cpp:
(JSC::AccessGenerationResult::dump):
(JSC::AccessGenerationState::addWatchpoint):
(JSC::AccessCase::get):
(JSC::AccessCase::megamorphicLoad):
(JSC::AccessCase::replace):
(JSC::AccessCase::guardedByStructureCheck):
(JSC::AccessCase::couldStillSucceed):
(JSC::AccessCase::canBeReplacedByMegamorphicLoad):
(JSC::AccessCase::canReplace):
(JSC::AccessCase::generateWithGuard):
(JSC::AccessCase::generate):
(JSC::PolymorphicAccess::PolymorphicAccess):
(JSC::PolymorphicAccess::~PolymorphicAccess):
(JSC::PolymorphicAccess::regenerateWithCases):
(JSC::PolymorphicAccess::regenerateWithCase):
(WTF::printInternal):
* bytecode/PolymorphicAccess.h:
(JSC::AccessCase::isGet):
(JSC::AccessCase::isPut):
(JSC::AccessCase::isIn):
(JSC::AccessGenerationResult::AccessGenerationResult):
(JSC::AccessGenerationResult::operator==):
(JSC::AccessGenerationResult::operator!=):
(JSC::AccessGenerationResult::operator bool):
(JSC::AccessGenerationResult::kind):
(JSC::AccessGenerationResult::code):
(JSC::AccessGenerationResult::madeNoChanges):
(JSC::AccessGenerationResult::gaveUp):
(JSC::AccessGenerationResult::generatedNewCode):
(JSC::PolymorphicAccess::isEmpty):
(JSC::AccessGenerationState::AccessGenerationState):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::aboutToDie):
(JSC::StructureStubInfo::addAccessCase):
* bytecode/StructureStubInfo.h:
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):
(JSC::AssemblyHelpers::loadProperty):
(JSC::emitRandomThunkImpl):
(JSC::AssemblyHelpers::emitRandomThunk):
(JSC::AssemblyHelpers::emitLoadStructure):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::loadValue):
(JSC::AssemblyHelpers::moveValueRegs):
(JSC::AssemblyHelpers::argumentsStart):
(JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):
(JSC::AssemblyHelpers::emitLoadStructure): Deleted.
* jit/GPRInfo.cpp:
(JSC::JSValueRegs::dump):
* jit/GPRInfo.h:
(JSC::JSValueRegs::uses):
* jit/Repatch.cpp:
(JSC::replaceWithJump):
(JSC::tryCacheGetByID):
(JSC::tryCachePutByID):
(JSC::tryRepatchIn):
* jit/ThunkGenerators.cpp:
(JSC::virtualThunkFor):
* runtime/Options.h:
* runtime/PropertyMapHashTable.h:
(JSC::PropertyTable::begin):
(JSC::PropertyTable::find):
(JSC::PropertyTable::get):
* runtime/Structure.h:

LayoutTests:

* js/regress/megamorphic-load-expected.txt: Added.
* js/regress/megamorphic-load.html: Added.
* js/regress/script-tests/megamorphic-load.js: Added.
* js/regress/string-repeat-not-resolving-no-inline-expected.txt: Added.
* js/regress/string-repeat-not-resolving-no-inline.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199069 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd a "notifyutil" callback for dumping the RenderLayer tree, and move the registrati...
simon.fraser@apple.com [Tue, 5 Apr 2016 19:40:07 +0000 (19:40 +0000)]
Add a "notifyutil" callback for dumping the RenderLayer tree, and move the registration to Page code
https://bugs.webkit.org/show_bug.cgi?id=156224

Reviewed by Zalan Bujtas.

Make it possible to run:
    notifyutil -p com.apple.WebKit.showLayerTree
on the command line and have it dump out layer trees for all live documents, in
debug builds.

Move callback registration from RenderObject's constructor to Page.

* page/mac/PageMac.mm:
(WebCore::Page::platformInitialize):
* rendering/RenderObject.cpp:
(WebCore::printLayerTreeForLiveDocuments):
(WebCore::RenderObject::RenderObject): Deleted.
* rendering/RenderObject.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199068 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMake Keith a reviewer!
keith_miller@apple.com [Tue, 5 Apr 2016 19:29:16 +0000 (19:29 +0000)]
Make Keith a reviewer!
https://bugs.webkit.org/show_bug.cgi?id=156246

Reviewed by Mark Lam.

* Scripts/webkitpy/common/config/contributors.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199065 268f45cc-cd09-0410-ab3c-d52691b4dbfc