WebKit-https.git
4 years ago[Fetch API] Support Request and Response blob() when body data is a blob
youenn.fablet@crf.canon.fr [Tue, 1 Mar 2016 10:34:17 +0000 (10:34 +0000)]
[Fetch API] Support Request and Response blob() when body data is a blob
https://bugs.webkit.org/show_bug.cgi?id=154820

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Adding blob specific tests. New tests are not covered yet as they require converting data from a blob into another form (JSON, text...).
Rebasing expectations with test that is now passing and new failing tests.
Fixing typos in test (Json -> JSON and removing TextDecoder use).

* web-platform-tests/fetch/api/request/request-consume-expected.txt:
* web-platform-tests/fetch/api/request/request-consume.html:
* web-platform-tests/fetch/api/response/response-consume-expected.txt:
* web-platform-tests/fetch/api/response/response-consume.html:

Source/WebCore:

Adding support for returning the same Blob that is stored in Body in case JS blob() is called.
Adding support for Blob creation when data is stored as text.
Updated JSDOMBinding and JSDOMPromise to return a JS ArrayBuffer for Vector<char> as well as Vector<unsigned char>.

Covered by added tests.

* Modules/fetch/FetchBody.cpp:
(WebCore::FetchBody::arrayBuffer):
(WebCore::FetchBody::blob):
(WebCore::FetchBody::extractFromText):
* Modules/fetch/FetchBody.h:
* bindings/js/JSDOMBinding.h:
(WebCore::toJS):
* bindings/js/JSDOMPromise.h:
(WebCore::DeferredWrapper::resolve): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197396 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[[PreventExtensions]] should be a virtual method in the method table.
sbarati@apple.com [Tue, 1 Mar 2016 08:11:20 +0000 (08:11 +0000)]
[[PreventExtensions]] should be a virtual method in the method table.
https://bugs.webkit.org/show_bug.cgi?id=154800

Reviewed by Yusuke Suzuki.

This patch makes us more consistent with how the ES6 specification models the
[[PreventExtensions]] trap. Moving this method into ClassInfo::methodTable
is a prerequisite for implementing Proxy.[[PreventExtensions]].

* runtime/ClassInfo.h:
* runtime/JSCell.cpp:
(JSC::JSCell::getGenericPropertyNames):
(JSC::JSCell::preventExtensions):
* runtime/JSCell.h:
* runtime/JSModuleNamespaceObject.cpp:
(JSC::JSModuleNamespaceObject::JSModuleNamespaceObject):
(JSC::JSModuleNamespaceObject::finishCreation):
(JSC::JSModuleNamespaceObject::destroy):
* runtime/JSModuleNamespaceObject.h:
(JSC::JSModuleNamespaceObject::create):
(JSC::JSModuleNamespaceObject::moduleRecord):
* runtime/JSObject.cpp:
(JSC::JSObject::freeze):
(JSC::JSObject::preventExtensions):
(JSC::JSObject::reifyAllStaticProperties):
* runtime/JSObject.h:
(JSC::JSObject::isSealed):
(JSC::JSObject::isFrozen):
(JSC::JSObject::isExtensible):
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorSeal):
(JSC::objectConstructorFreeze):
(JSC::objectConstructorPreventExtensions):
(JSC::objectConstructorIsSealed):
* runtime/ReflectObject.cpp:
(JSC::reflectObjectPreventExtensions):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::preventExtensionsTransition):
* runtime/Structure.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197391 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoThreadedCompositor: clean up composition-specific resources before shutting down...
zandobersek@gmail.com [Tue, 1 Mar 2016 07:39:23 +0000 (07:39 +0000)]
ThreadedCompositor: clean up composition-specific resources before shutting down the thread
https://bugs.webkit.org/show_bug.cgi?id=154793

Reviewed by Carlos Garcia Campos.

* Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:
(WebKit::ThreadedCompositor::runCompositingThread): Before concluding the
compositing thread run, clean up all the resources that were allocated at
the start, and in the reverse order. Specifically, we now also deallocate
the CoordinatedGraphicsScene and the SimpleViewportController objects. This
way these are not deallocated on the main thread when the ThreadedCompositor
destructor would otherwise clean them up.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197390 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoHave parseHTMLInteger() / parseHTMLNonNegativeInteger() use WTF::Optional
cdumez@apple.com [Tue, 1 Mar 2016 07:37:16 +0000 (07:37 +0000)]
Have parseHTMLInteger() / parseHTMLNonNegativeInteger() use WTF::Optional
https://bugs.webkit.org/show_bug.cgi?id=154845

Reviewed by Ryosuke Niwa.

Source/WebCore:

Have parseHTMLInteger() / parseHTMLNonNegativeInteger() use
WTF::Optional.

* dom/Element.cpp:
(WebCore::Element::getIntegralAttribute):
(WebCore::Element::getUnsignedIntegralAttribute):
(WebCore::Element::setUnsignedIntegralAttribute): Deleted.
* html/HTMLElement.cpp:
(WebCore::HTMLElement::parseBorderWidthAttribute):
(WebCore::HTMLElement::parseAttribute):
* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::parseMaxLengthAttribute):
* html/HTMLInputElement.h:
* html/HTMLOListElement.cpp:
(WebCore::HTMLOListElement::parseAttribute):
* html/HTMLTextAreaElement.cpp:
(WebCore::HTMLTextAreaElement::maxLength):
* html/ImageInputType.cpp:
(WebCore::ImageInputType::height):
(WebCore::ImageInputType::width):
* html/parser/HTMLParserIdioms.cpp:
(WebCore::parseHTMLIntegerInternal):
(WebCore::parseHTMLInteger):
(WebCore::parseHTMLNonNegativeInteger):
* html/parser/HTMLParserIdioms.h:
(WebCore::limitToOnlyHTMLNonNegativeNumbersGreaterThanZero):
(WebCore::limitToOnlyHTMLNonNegative):
* svg/SVGElement.cpp:
(WebCore::SVGElement::parseAttribute):

Tools:

Update API tests accordingly.

* TestWebKitAPI/Tests/WebCore/HTMLParserIdioms.cpp:
(TestWebKitAPI::testParseHTMLInteger):
(TestWebKitAPI::parseHTMLIntegerFails):
(TestWebKitAPI::testParseHTMLNonNegativeInteger):
(TestWebKitAPI::parseHTMLNonNegativeIntegerFails):
(TestWebKitAPI::TEST): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197389 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoThreadSafeCoordinatedSurface: remove the unused private create() static method
zandobersek@gmail.com [Tue, 1 Mar 2016 07:36:02 +0000 (07:36 +0000)]
ThreadSafeCoordinatedSurface: remove the unused private create() static method
https://bugs.webkit.org/show_bug.cgi?id=154792

Reviewed by Carlos Garcia Campos.

Remove the static ThreadSafeCoordinatedSurface::create() method that accepted
a std::unique_ptr<ImageBuffer> object as its third parameter. This was not used
anywhere.

* Shared/CoordinatedGraphics/threadedcompositor/ThreadSafeCoordinatedSurface.cpp:
(WebKit::ThreadSafeCoordinatedSurface::create): Deleted.
* Shared/CoordinatedGraphics/threadedcompositor/ThreadSafeCoordinatedSurface.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197388 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTextureMapperGL: simplify TransformationMatrix copies in draw(), beginClip()
zandobersek@gmail.com [Tue, 1 Mar 2016 07:32:29 +0000 (07:32 +0000)]
TextureMapperGL: simplify TransformationMatrix copies in draw(), beginClip()
https://bugs.webkit.org/show_bug.cgi?id=154791

Reviewed by Carlos Garcia Campos.

In both functions, the passed-in model-view matrix is first copied, multiplied
against a rect-to-rect TransformationMatrix, and then assigned into a local
TransformationMatrix variable, which causes another copy due to the multiply()
function returning a reference to the modified object.

To avoid the last copy, first copy the model-view matrix into a local variable,
and multiply the rect-to-rect TransformationMatrix into the new object afterwards.

* platform/graphics/texmap/TextureMapperGL.cpp:
(WebCore::TextureMapperGL::draw):
(WebCore::TextureMapperGL::beginClip):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197387 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImageBufferCairo should support OpenGL ES 2 configurations
zandobersek@gmail.com [Tue, 1 Mar 2016 07:31:44 +0000 (07:31 +0000)]
ImageBufferCairo should support OpenGL ES 2 configurations
https://bugs.webkit.org/show_bug.cgi?id=154790

Reviewed by Carlos Garcia Campos.

When building with OpenGL ES 2 and with accelerated 2D canvas support,
the GLES2 header should be included instead of the OpenGLShims.h header.

The glTexParameterf() calls targeting GL_TEXTURE_WRAP_S and
GL_TEXTURE_WRAP_T parameters should use the GL_CLAMP_TO_EDGE value.
GL_CLAMP isn't available in OpenGL ES 2 and was dropped in OpenGL 3.

* platform/graphics/cairo/ImageBufferCairo.cpp:
(WebCore::ImageBufferData::createCairoGLSurface):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197386 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTextureMapperGL: beginPainting() should handle the PaintingMirrored value in PaintFlags
zandobersek@gmail.com [Tue, 1 Mar 2016 07:30:18 +0000 (07:30 +0000)]
TextureMapperGL: beginPainting() should handle the PaintingMirrored value in PaintFlags
https://bugs.webkit.org/show_bug.cgi?id=154789

Reviewed by Carlos Garcia Campos.

* platform/graphics/texmap/TextureMapperGL.cpp:
(WebCore::TextureMapperGL::beginPainting): The ClipStack should be reset with
a Y-axis mode that corresponds to the presence of the PaintingMirrored value in
the passed-in PaintFlags argument. If present, the default Y-axis mode should be
used, and the inverted Y-axis otherwise.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197385 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCoordinatedGraphicsLayer should override the inherited TextureMapperPlatformLayer...
zandobersek@gmail.com [Tue, 1 Mar 2016 07:28:42 +0000 (07:28 +0000)]
CoordinatedGraphicsLayer should override the inherited TextureMapperPlatformLayer::Client methods
https://bugs.webkit.org/show_bug.cgi?id=154788

Reviewed by Carlos Garcia Campos.

* platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
Add the override specifiers for the two methods that are inherited
from the TextureMapperPlatformLayer::Client interface.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197384 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] Private symbols should not be trapped by proxy handler
utatane.tea@gmail.com [Tue, 1 Mar 2016 03:48:36 +0000 (03:48 +0000)]
[JSC] Private symbols should not be trapped by proxy handler
https://bugs.webkit.org/show_bug.cgi?id=154817

Reviewed by Mark Lam.

Since the runtime has some assumptions on the properties associated with the private symbols, ES6 Proxy should not trap these property operations.
For example, in ArrayIteratorPrototype.js

    var itemKind = this.@arrayIterationKind;
    if (itemKind === @undefined)
        throw new @TypeError("%ArrayIteratorPrototype%.next requires that |this| be an Array Iterator instance");

Here, we assume that only the array iterator has the @arrayIterationKind property that value is non-undefined.
But If we implement Proxy with the get handler, that returns a non-undefined value for every operations, we accidentally assumes that the given value is an array iterator.

To avoid these situation, we perform the default operations onto property operations with private symbols.

* runtime/ProxyObject.cpp:
(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::performPut):
(JSC::ProxyObject::performDelete):
(JSC::ProxyObject::deleteProperty):
(JSC::ProxyObject::deletePropertyByIndex):
* tests/stress/proxy-basic.js:
* tests/stress/proxy-with-private-symbols.js: Added.
(assert):
(let.handler.getOwnPropertyDescriptor):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197383 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove the experimental feature of antialiased font dilation
simon.fraser@apple.com [Tue, 1 Mar 2016 03:42:41 +0000 (03:42 +0000)]
Remove the experimental feature of antialiased font dilation
https://bugs.webkit.org/show_bug.cgi?id=154843

Reviewed by Zalan Bujtas.
Source/WebCore:

Remove the "antialiased font dilation" code path, and related prefs.

* page/Settings.cpp:
(WebCore::Settings::Settings): Deleted.
(WebCore::Settings::setAntialiasedFontDilationEnabled): Deleted.
* page/Settings.h:
(WebCore::Settings::antialiasedFontDilationEnabled): Deleted.
* platform/graphics/FontCascade.cpp:
(WebCore::FontCascade::setAntialiasedFontDilationEnabled): Deleted.
(WebCore::FontCascade::antialiasedFontDilationEnabled): Deleted.
* platform/graphics/FontCascade.h:
* platform/graphics/GraphicsContext.cpp:
(WebCore::GraphicsContextStateChange::changesFromState): Deleted.
(WebCore::GraphicsContextStateChange::accumulate): Deleted.
(WebCore::GraphicsContextStateChange::apply): Deleted.
(WebCore::GraphicsContextStateChange::dump): Deleted.
(WebCore::GraphicsContext::setAntialiasedFontDilationEnabled): Deleted.
* platform/graphics/GraphicsContext.h:
(WebCore::GraphicsContextState::GraphicsContextState): Deleted.
(WebCore::GraphicsContext::antialiasedFontDilationEnabled): Deleted.
* platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
(PlatformCALayer::drawLayerContents): Deleted.
* platform/graphics/cocoa/FontCascadeCocoa.mm:
(WebCore::dilationSizeForTextColor): Deleted.
(WebCore::FontCascade::drawGlyphs): Deleted.
* platform/graphics/displaylists/DisplayList.cpp:
(WebCore::DisplayList::DisplayList::shouldDumpForFlags): Deleted.

Source/WebKit/mac:

Remove the "antialiased font dilation" code path, and related prefs.

* WebView/WebPreferenceKeysPrivate.h:
* WebView/WebPreferences.mm:
(+[WebPreferences initialize]): Deleted.
(-[WebPreferences setAntialiasedFontDilationEnabled:]): Deleted.
(-[WebPreferences antialiasedFontDilationEnabled]): Deleted.
* WebView/WebPreferencesPrivate.h:
* WebView/WebView.mm:
(-[WebView _preferencesChanged:]): Deleted.

Source/WebKit2:

Remove the "antialiased font dilation" code path, and related prefs.

* Shared/WebPreferencesDefinitions.h:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetAntialiasedFontDilationEnabled):
(WKPreferencesGetAntialiasedFontDilationEnabled):
* UIProcess/API/C/WKPreferencesRefPrivate.h:
* UIProcess/API/Cocoa/WKPreferences.mm:
(-[WKPreferences _antialiasedFontDilationEnabled]): Deleted.
(-[WKPreferences _setAntialiasedFontDilationEnabled:]): Deleted.
* UIProcess/API/Cocoa/WKPreferencesPrivate.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences): Deleted.

Tools:

Remove the "antialiased font dilation" code path, and related prefs.

* DumpRenderTree/mac/DumpRenderTree.mm:
(resetWebPreferencesToConsistentValues): Deleted.
* WebKitTestRunner/TestController.cpp:
(WTR::TestController::resetPreferencesToConsistentValues): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197382 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoregress/script-tests/double-pollution-putbyoffset.js.ftl-eager timed out because...
fpizlo@apple.com [Tue, 1 Mar 2016 03:18:59 +0000 (03:18 +0000)]
regress/script-tests/double-pollution-putbyoffset.js.ftl-eager timed out because of a lock ordering deadlock involving InferredType and CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=154841

Reviewed by Benjamin Poulain.

Here's the deadlock:

Main thread:
    1) Change an InferredType.  This acquires InferredType::m_lock.
    2) Fire watchpoint set.  This triggers CodeBlock invalidation, which acquires
       CodeBlock::m_lock.

DFG thread:
    1) Iterate over the information in a CodeBlock.  This acquires CodeBlock::m_lock.
    2) Ask an InferredType for its descriptor().  This acquires InferredType::m_lock.

I think that the DFG thread's ordering should be legal, because the best logic for lock
hierarchies is that locks that protect the largest set of stuff should be acquired first.

This means that the main thread shouldn't be holding the InferredType::m_lock when firing
watchpoint sets.  That's what this patch ensures.

At the time of writing, this test was deadlocking for me on trunk 100% of the time.  With
this change I cannot get it to deadlock.

* runtime/InferredType.cpp:
(JSC::InferredType::willStoreValueSlow):
(JSC::InferredType::makeTopSlow):
(JSC::InferredType::set):
(JSC::InferredType::removeStructure):
(JSC::InferredType::InferredStructureWatchpoint::fireInternal):
* runtime/InferredType.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197381 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[DFG][FTL][B3] Support floor and ceil
utatane.tea@gmail.com [Tue, 1 Mar 2016 02:30:46 +0000 (02:30 +0000)]
[DFG][FTL][B3] Support floor and ceil
https://bugs.webkit.org/show_bug.cgi?id=154683

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch implements and fixes the following things.

1. Implement Ceil and Floor in DFG, FTL and B3

x86 SSE 4.2 and ARM64 have round instructions that can directly perform Ceil or Floor.
This patch leverages this functionality. We introduce ArithFloor and ArithCeil.
During DFG phase, these nodes attempt to convert itself to Identity (in Fixup phase).
As the same to ArithRound, it tracks arith rounding mode.
And if these nodes are required to emit machine codes, we emit rounding machine code
if it is supported in the current machine. For example, in x86, we emit `round`.

This `Floor` functionality is nice for @toInteger in builtin.
That is used for Array.prototype.{forEach, map, every, some, reduce...}
And according to the benchmark results, Kraken audio-oscillator is slightly improved
due to its frequent Math.round and Math.floor calls.

2. Implement Floor in B3 and Air

As the same to Ceil in B3, we add a new B3 IR and Air opcode, Floor.
This Floor is leveraged to implement ArithFloor in DFG.

3. Fix ArithRound operation

Currently, we used cvtsd2si (in x86) to convert double value to int32.
And we also used this to implement Math.round, like, cvtsd2si(value + 0.5).
However, this implementation is not correct. Because cvtsd2si is not floor operation.
It is trucate operation. This is OK for positive numbers. But NG for negative numbers.
For example, the current implementation accidentally rounds `-0.6` to `-0.0`. This should be `-1.0`.
Using Ceil and Floor instructions, we implement correct ArithRound.

* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::supportsFloatingPointRounding):
(JSC::MacroAssemblerARM::ceilDouble):
(JSC::MacroAssemblerARM::floorDouble):
(JSC::MacroAssemblerARM::supportsFloatingPointCeil): Deleted.
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::supportsFloatingPointRounding):
(JSC::MacroAssemblerARM64::floorFloat):
(JSC::MacroAssemblerARM64::supportsFloatingPointCeil): Deleted.
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::supportsFloatingPointRounding):
(JSC::MacroAssemblerARMv7::ceilDouble):
(JSC::MacroAssemblerARMv7::floorDouble):
(JSC::MacroAssemblerARMv7::supportsFloatingPointCeil): Deleted.
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::ceilDouble):
(JSC::MacroAssemblerMIPS::floorDouble):
(JSC::MacroAssemblerMIPS::supportsFloatingPointRounding):
(JSC::MacroAssemblerMIPS::supportsFloatingPointCeil): Deleted.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::supportsFloatingPointRounding):
(JSC::MacroAssemblerSH4::ceilDouble):
(JSC::MacroAssemblerSH4::floorDouble):
(JSC::MacroAssemblerSH4::supportsFloatingPointCeil): Deleted.
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::floorDouble):
(JSC::MacroAssemblerX86Common::floorFloat):
(JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
(JSC::MacroAssemblerX86Common::supportsFloatingPointCeil): Deleted.
* b3/B3ConstDoubleValue.cpp:
(JSC::B3::ConstDoubleValue::floorConstant):
* b3/B3ConstDoubleValue.h:
* b3/B3ConstFloatValue.cpp:
(JSC::B3::ConstFloatValue::floorConstant):
* b3/B3ConstFloatValue.h:
* b3/B3LowerMacrosAfterOptimizations.cpp:
* b3/B3LowerToAir.cpp:
(JSC::B3::Air::LowerToAir::lower):
* b3/B3Opcode.cpp:
(WTF::printInternal):
* b3/B3Opcode.h:
* b3/B3ReduceDoubleToFloat.cpp:
* b3/B3ReduceStrength.cpp:
* b3/B3Validate.cpp:
* b3/B3Value.cpp:
(JSC::B3::Value::floorConstant):
(JSC::B3::Value::isRounded):
(JSC::B3::Value::effects):
(JSC::B3::Value::key):
(JSC::B3::Value::typeFor):
* b3/B3Value.h:
* b3/air/AirFixPartialRegisterStalls.cpp:
* b3/air/AirOpcode.opcodes:
* b3/testb3.cpp:
(JSC::B3::testFloorCeilArg):
(JSC::B3::testFloorArg):
(JSC::B3::testFloorImm):
(JSC::B3::testFloorMem):
(JSC::B3::testFloorFloorArg):
(JSC::B3::testCeilFloorArg):
(JSC::B3::testFloorIToD64):
(JSC::B3::testFloorIToD32):
(JSC::B3::testFloorArgWithUselessDoubleConversion):
(JSC::B3::testFloorArgWithEffectfulDoubleConversion):
(JSC::B3::run):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGArithMode.cpp:
(WTF::printInternal):
* dfg/DFGArithMode.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::roundShouldSpeculateInt32):
* dfg/DFGNode.h:
(JSC::DFG::Node::arithNodeFlags):
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::hasArithRoundingMode):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileArithRounding):
(JSC::DFG::SpeculativeJIT::compileArithRound): Deleted.
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileArithRound):
(JSC::FTL::DFG::LowerDFGToB3::compileArithFloor):
(JSC::FTL::DFG::LowerDFGToB3::compileArithCeil):
* ftl/FTLOutput.h:
(JSC::FTL::Output::doubleFloor):
* jit/ThunkGenerators.cpp:
(JSC::ceilThunkGenerator):
* tests/stress/math-ceil-arith-rounding-mode.js: Added.
(firstCareAboutZeroSecondDoesNot):
(firstDoNotCareAboutZeroSecondDoes):
(warmup):
(verifyNegativeZeroIsPreserved):
* tests/stress/math-ceil-basics.js: Added.
(mathCeilOnIntegers):
(mathCeilOnDoubles):
(mathCeilOnBooleans):
(uselessMathCeil):
(mathCeilWithOverflow):
(mathCeilConsumedAsDouble):
(mathCeilDoesNotCareAboutMinusZero):
(mathCeilNoArguments):
(mathCeilTooManyArguments):
(testMathCeilOnConstants):
(mathCeilStructTransition):
(Math.ceil):
* tests/stress/math-floor-arith-rounding-mode.js: Added.
(firstCareAboutZeroSecondDoesNot):
(firstDoNotCareAboutZeroSecondDoes):
(warmup):
(verifyNegativeZeroIsPreserved):
* tests/stress/math-floor-basics.js: Added.
(mathFloorOnIntegers):
(mathFloorOnDoubles):
(mathFloorOnBooleans):
(uselessMathFloor):
(mathFloorWithOverflow):
(mathFloorConsumedAsDouble):
(mathFloorDoesNotCareAboutMinusZero):
(mathFloorNoArguments):
(mathFloorTooManyArguments):
(testMathFloorOnConstants):
(mathFloorStructTransition):
(Math.floor):
* tests/stress/math-round-should-not-use-truncate.js: Added.
(mathRoundDoesNotCareAboutMinusZero):
* tests/stress/math-rounding-infinity.js: Added.
(shouldBe):
(testRound):
(testFloor):
(testCeil):
* tests/stress/math-rounding-nan.js: Added.
(shouldBe):
(testRound):
(testFloor):
(testCeil):
* tests/stress/math-rounding-negative-zero.js: Added.
(shouldBe):
(testRound):
(testFloor):
(testCeil):
(testRoundNonNegativeZero):
(testRoundNonNegativeZero2):

Websites/webkit.org:

* docs/b3/intermediate-representation.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197380 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd new MethodTable method to get an estimated size for a cell
commit-queue@webkit.org [Tue, 1 Mar 2016 02:07:12 +0000 (02:07 +0000)]
Add new MethodTable method to get an estimated size for a cell
https://bugs.webkit.org/show_bug.cgi?id=154838

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-29
Reviewed by Filip Pizlo.

The new class method estimatedSize(JSCell*) estimates the size for a single cell.
As the name implies, this is meant to be an approximation. It is more important
that big objects report a large size, then to get perfect size information for
all objects in the heap.

    Base implementation (JSCell):
      - returns the MarkedBlock bucket size for this cell.
      - This gets us the object size include inline storage. Basically a better sizeof.

    Subclasses with "Extra Memory Cost":
      - Any class that reports extra memory (reportExtraMemoryVisited) should include that in the estimated size.
      - E.g. CodeBlock, JSGenericTypedArrayView, WeakMapData, etc.

    Subclasses with "Copied Space" storage:
      - Any class with data in copied space (copyBackingStore) should include that in the estimated size.
      - E.g. JSObject, JSGenericTypedArrayView, JSMap, JSSet, DirectArguments, etc.

Add reportExtraMemoryVisited for UnlinkedCodeBlock's compressed unlinked
instructions because this can be larger than 1kb, which is significant.

This has one special case for RegExp generated bytecode / JIT code, which
does not currently fall into the extra memory cost or copied space storage.
In practice I haven't seen this grow to a significant cost.

* runtime/ClassInfo.h:
Add the new estimatedSize method to the table.

* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::visitChildren):
(JSC::UnlinkedCodeBlock::estimatedSize):
(JSC::UnlinkedCodeBlock::setInstructions):
* bytecode/UnlinkedCodeBlock.h:
Report an extra memory cost for unlinked code blocks like
we do for linked code blocks.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::estimatedSize):
* bytecode/CodeBlock.h:
* bytecode/UnlinkedInstructionStream.cpp:
(JSC::UnlinkedInstructionStream::sizeInBytes):
* bytecode/UnlinkedInstructionStream.h:
* runtime/DirectArguments.cpp:
(JSC::DirectArguments::estimatedSize):
* runtime/DirectArguments.h:
* runtime/JSCell.cpp:
(JSC::JSCell::estimatedSizeInBytes):
(JSC::JSCell::estimatedSize):
* runtime/JSCell.h:
* runtime/JSGenericTypedArrayView.h:
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::estimatedSize):
* runtime/JSMap.cpp:
(JSC::JSMap::estimatedSize):
* runtime/JSMap.h:
* runtime/JSObject.cpp:
(JSC::JSObject::visitButterfly):
* runtime/JSObject.h:
* runtime/JSSet.cpp:
(JSC::JSSet::estimatedSize):
* runtime/JSSet.h:
* runtime/JSString.cpp:
(JSC::JSString::estimatedSize):
* runtime/JSString.h:
* runtime/MapData.h:
(JSC::MapDataImpl::capacityInBytes):
* runtime/WeakMapData.cpp:
(JSC::WeakMapData::estimatedSize):
(JSC::WeakMapData::visitChildren):
* runtime/WeakMapData.h:
Implement estimated size following the pattern of reporting
extra visited size, or copy space memory.

* runtime/RegExp.cpp:
(JSC::RegExp::estimatedSize):
* runtime/RegExp.h:
* yarr/YarrInterpreter.h:
(JSC::Yarr::ByteDisjunction::estimatedSizeInBytes):
(JSC::Yarr::BytecodePattern::estimatedSizeInBytes):
* yarr/YarrJIT.h:
(JSC::Yarr::YarrCodeBlock::size):
Include generated bytecode / JITCode to a RegExp's size.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197379 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking webgl/1.0.2/conformance/extensions/get-extension.html as flaky on mac, removi...
ryanhaddad@apple.com [Tue, 1 Mar 2016 01:36:09 +0000 (01:36 +0000)]
Marking webgl/1.0.2/conformance/extensions/get-extension.html as flaky on mac, removing wk1 specific flakiness expectation.
https://bugs.webkit.org/show_bug.cgi?id=152506

Unreviewed test gardening.

* platform/mac-wk1/TestExpectations:
* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197378 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange.html as...
ryanhaddad@apple.com [Tue, 1 Mar 2016 01:16:45 +0000 (01:16 +0000)]
Marking storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange.html as flaky on mac
https://bugs.webkit.org/show_bug.cgi?id=154748

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197377 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRe-enable passing fast/multicol/newmulticol tests on ios-simulator
ryanhaddad@apple.com [Tue, 1 Mar 2016 00:54:15 +0000 (00:54 +0000)]
Re-enable passing fast/multicol/newmulticol tests on ios-simulator

Unreviewed test gardening.

* platform/ios-simulator-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197376 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRefactor CoreVideo API access into their own classes so code can be re-used.
jer.noble@apple.com [Tue, 1 Mar 2016 00:44:53 +0000 (00:44 +0000)]
Refactor CoreVideo API access into their own classes so code can be re-used.
https://bugs.webkit.org/show_bug.cgi?id=154544

Reviewed by Eric Carlson.

In order for common CoreVideo code paths to be re-used in other classes, pull those paths
out of MediaPlayerPrivateAVFoundationObjC and into re-usable clasess.

* WebCore.xcodeproj/project.pbxproj:
* platform/cf/CoreMediaSoftLink.cpp:
* platform/cf/CoreMediaSoftLink.h:
* platform/cocoa/CoreVideoSoftLink.cpp: Added.
* platform/cocoa/CoreVideoSoftLink.h: Added.
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::createPixelBuffer):
(WebCore::MediaPlayerPrivateAVFoundationObjC::updateLastImage):
(WebCore::MediaPlayerPrivateAVFoundationObjC::copyVideoTextureToPlatformTexture):
(WebCore::CVPixelBufferGetBytePointerCallback): Deleted.
(WebCore::CVPixelBufferReleaseBytePointerCallback): Deleted.
(WebCore::CVPixelBufferReleaseInfoCallback): Deleted.
(WebCore::createImageFromPixelBuffer): Deleted.
(WebCore::enumToStringMap): Deleted.
* platform/graphics/cv/PixelBufferConformerCV.cpp: Added.
(WebCore::PixelBufferConformerCV::PixelBufferConformerCV):
(WebCore::CVPixelBufferGetBytePointerCallback):
(WebCore::CVPixelBufferReleaseBytePointerCallback):
(WebCore::CVPixelBufferReleaseInfoCallback):
(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer):
* platform/graphics/cv/PixelBufferConformerCV.h: Added.
* platform/graphics/cv/TextureCacheCV.h: Added.
(WebCore::TextureCacheCV::context):
* platform/graphics/cv/TextureCacheCV.mm: Added.
(WebCore::TextureCacheCV::create):
(WebCore::TextureCacheCV::TextureCacheCV):
(WebCore::TextureCacheCV::textureFromImage):
* platform/graphics/cv/VideoTextureCopierCV.cpp: Added.
(WebCore::VideoTextureCopierCV::VideoTextureCopierCV):
(WebCore::VideoTextureCopierCV::~VideoTextureCopierCV):
(WebCore::enumToStringMap):
(WebCore::VideoTextureCopierCV::copyVideoTextureToPlatformTexture):
* platform/graphics/cv/VideoTextureCopierCV.h: Added.
(WebCore::VideoTextureCopierCV::context):
* platform/mediastream/mac/AVVideoCaptureSource.mm: Move SOFT_LINK declarations into CoreVideoSoftLink.h/cpp.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197375 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSpeculatedType should be easier to edit
fpizlo@apple.com [Tue, 1 Mar 2016 00:39:20 +0000 (00:39 +0000)]
SpeculatedType should be easier to edit
https://bugs.webkit.org/show_bug.cgi?id=154840

Reviewed by Mark Lam.

We used to specify the bitmasks in SpeculatedType.h using hex codes. This used to work
great because we didn't have so many masks and you could use the mask to visually see
which ones overlapped. It also made it easy to visualize subset relationships.

But now we have a lot of masks with a lot of confusing overlaps, and it's no longer
possible to just see their relationship by looking at hex codes. Worse, the use of hex
codes makes it super annoying to move the bits around. For example, right now we have two
bits free, but if we wanted to reclaim them by editing the old hex masks, it would be a
nightmare.

So this patch replaces the hex masks with shift expressions (1u << 15 for example) and it
makes any derived masks (i.e. masks that are the bit-or of other masks) be expressed using
an or expression (SpecFoo | SpecBar | SpecBaz for example).

This makes it easier to see the relationships and it makes it easier to take bits for new
types.

* bytecode/SpeculatedType.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197374 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix timing flakiness in test I added in http://trac.webkit.org/changeset/197372
beidson@apple.com [Tue, 1 Mar 2016 00:08:27 +0000 (00:08 +0000)]
Fix timing flakiness in test I added in trac.webkit.org/changeset/197372

Unreviewed.

* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-1.html:
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-2.html:
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess.mm:
(TEST): Sometimes a third message from the first html file was leaking through. The message is expected
  so we should always wait for it and make sure we got it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197373 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModern IDB: WebKit 2 IPC layer easily confused about multiple web processes being...
beidson@apple.com [Mon, 29 Feb 2016 23:13:35 +0000 (23:13 +0000)]
Modern IDB: WebKit 2 IPC layer easily confused about multiple web processes being connected.
https://bugs.webkit.org/show_bug.cgi?id=154837

Reviewed by Alex Christensen.

Source/WebKit2:

The crux of the bug is that WebProcesses cannot assign themselves server-unique identifiers...
The server must do that for them.

A once-per-session-per-WebProcess sync message and a few updates to connection management fix this.

* DatabaseProcess/DatabaseToWebProcessConnection.cpp:
(WebKit::DatabaseToWebProcessConnection::didReceiveSyncMessage):
(WebKit::generateConnectionToServerIdentifier):
(WebKit::DatabaseToWebProcessConnection::establishIDBConnectionToServer):
* DatabaseProcess/DatabaseToWebProcessConnection.h:
* DatabaseProcess/DatabaseToWebProcessConnection.messages.in:

* WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:
(WebKit::WebIDBConnectionToServer::WebIDBConnectionToServer):
(WebKit::generateConnectionToServerIdentifier): Deleted.

* WebProcess/Databases/WebToDatabaseProcessConnection.cpp:
(WebKit::WebToDatabaseProcessConnection::didReceiveMessage):
(WebKit::WebToDatabaseProcessConnection::idbConnectionToServerForSession):
* WebProcess/Databases/WebToDatabaseProcessConnection.h:

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-1.html: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-2.html: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess.mm: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197372 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Add direct number inputs to Bezier editor
commit-queue@webkit.org [Mon, 29 Feb 2016 23:06:58 +0000 (23:06 +0000)]
Web Inspector: Add direct number inputs to Bezier editor
https://bugs.webkit.org/show_bug.cgi?id=154809
<rdar://problem/24881465>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-02-29
Reviewed by Timothy Hatcher.

* UserInterface/Base/Main.js:
(WebInspector._updateWindowKeydownListener):
Now only adds the shared event listener when the first keydown listener
is added via WebInspector.addWindowKeydownListener

* UserInterface/Controllers/CodeMirrorBezierEditingController.js:
(WebInspector.CodeMirrorBezierEditingController.prototype.popoverDidDismiss):

* UserInterface/Controllers/CodeMirrorEditingController.js:
(WebInspector.CodeMirrorEditingController.prototype.popoverDidDismiss):
(WebInspector.CodeMirrorEditingController.prototype.didDismissPopover):
Added function that is called when the popover is dismissed so that
removing event listeners is possible.

* UserInterface/Views/BezierEditor.css:
(.bezier-editor):
(.bezier-editor > .number-input-container):
(.bezier-editor > .number-input-container > input):

* UserInterface/Views/BezierEditor.js:
(WebInspector.BezierEditor.createControl):
(WebInspector.BezierEditor.createBezierInput):
(WebInspector.BezierEditor):
Added usage of Element.prototype.createChild for ease of readability.
Also added input elements for manually changing the values of each bezier
point's x and y values.

(WebInspector.BezierEditor.prototype.set bezier):
(WebInspector.BezierEditor.prototype.removeListeners):
(WebInspector.BezierEditor.prototype._handleMousedown):
(WebInspector.BezierEditor.prototype._updateBezier):
(WebInspector.BezierEditor.prototype._updateBezierPreview):
(WebInspector.BezierEditor.prototype._triggerPreviewAnimation):
(WebInspector.BezierEditor.prototype._handleNumberInputInput):
(WebInspector.BezierEditor.prototype._handleNumberInputKeydown):
(WebInspector.BezierEditor.prototype._changeBezierForInput):
Refactored code to make it more reusable, as well as adding event listeners
to the newly created inputs, including value chaning from the arrow keys.

* UserInterface/Views/CSSStyleDeclarationTextEditor.js:
(WebInspector.CSSStyleDeclarationTextEditor.prototype.didDismissPopover): Deleted.
Removed unused code.

* UserInterface/Views/InlineSwatch.js:
(WebInspector.InlineSwatch):
(WebInspector.InlineSwatch.prototype.didDismissPopover):
Removes any global event listeners added by the current editor if able.

(WebInspector.InlineSwatch.prototype._swatchElementClicked):
Now saves the current editor object as a member variable.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197371 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoOverridesHasInstance constant folding is wrong
keith_miller@apple.com [Mon, 29 Feb 2016 22:45:16 +0000 (22:45 +0000)]
OverridesHasInstance constant folding is wrong
https://bugs.webkit.org/show_bug.cgi?id=154833

Reviewed by Filip Pizlo.

The current implementation of OverridesHasInstance constant folding
is incorrect. Since it relies on OSR exit information it has been
moved to the StrengthReductionPhase. Normally, such an optimazation would be
put in FixupPhase, however, there are a number of cases where we don't
determine an edge of OverridesHasInstance is a constant until after fixup.
Performing the optimization during StrengthReductionPhase means we can defer
our decision until later.

In the future we should consider creating a version of this optimization
that does not depend on OSR exit information and move the optimization back
to ConstantFoldingPhase.

* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197370 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemoving unnecessary ios-simulator-wk2 expectation file.
ryanhaddad@apple.com [Mon, 29 Feb 2016 22:41:06 +0000 (22:41 +0000)]
Removing unnecessary ios-simulator-wk2 expectation file.

Unreviewed test gardening.

* platform/ios-simulator-wk2/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/type-change-state-expected.txt: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197369 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaseline imported/w3c/web-platform-tests/html/dom/reflection-forms.html after r197355
ryanhaddad@apple.com [Mon, 29 Feb 2016 22:37:10 +0000 (22:37 +0000)]
Rebaseline imported/w3c/web-platform-tests/html/dom/reflection-forms.html after r197355

Unreviewed test gardening.

* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-forms-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197368 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaseline imported/w3c/web-platform-tests/html/dom/reflection-embedded.html for...
ryanhaddad@apple.com [Mon, 29 Feb 2016 22:37:08 +0000 (22:37 +0000)]
Rebaseline imported/w3c/web-platform-tests/html/dom/reflection-embedded.html for ios-simulator after r197237

Unreviewed test gardening.

* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-embedded-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197367 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoB3 should have global store elimination
fpizlo@apple.com [Mon, 29 Feb 2016 22:33:58 +0000 (22:33 +0000)]
B3 should have global store elimination
https://bugs.webkit.org/show_bug.cgi?id=154658

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Implements fairly comprehensive global store elimination:

1) If you store the result of a load with no interference in between, remove the store.

2) If you store the same thing you stored previously, remove the store.

3) If you store something that you either loaded previously or stored previously along
   arbitrarily many paths, remove the store.

4) If you store to something that is stored to again in the future with no interference in
   between, remove the store.

Rule (4) is super relevant to FTL since the DFG does not eliminate redundant PutStructures.
A constructor that produces a large object will have many redundant stores to the same base
pointer, offset, and heap range, with no code to observe that heap raneg in between.

This doesn't have a decisive effect on major benchmarks, but it's an enormous win for
microbenchmarks:

- 30% faster to construct an object with many fields.

- 5x faster to do many stores to a global variable.

The compile time cost should be very small. Although the optimization is global, it aborts as
soon as it sees anything that would confound store elimination. For rules (1)-(3), we
piggy-back the existing load elimination, which gives up on interfering stores. For rule (4),
we search forward through the current block and then globally a block at a time (skipping
block contents thanks to summary data), which could be expensive. But rule (4) aborts as soon
as it sees a read, write, or end block (Return or Oops). Any Check will claim to read TOP. Any
Patchpoint that results from an InvalidationPoint will claim to read TOP, as will any
Patchpoints for ICs. Those are usually sprinkled all over the program.

In other words, this optimization rarely kicks in. When it does kick in, it makes programs run
faster. When it doesn't kick in, it's usually O(1) because there are reasons for aborting all
over a "normal" program so the search will halt almost immediately. This of course raises the
question: how much more in compile time do we pay when the optimization does kick in? The
optimization kicks in the most for the microbenchmarks I wrote for this patch. Amazingly, the
effect of the optimization a wash for compile time: whatever cost we pay doing the O(n^2)
searches is balanced by the massive reduction in work in the backend. On one of the two
microbenchmarks, overall compile time actually shrank with this optimization even though CSE
itself cost more. That's not too surprising - the backend costs much more per instruction, so
things that remove instructions before we get to the backend tend to be a good idea.

We could consider adding a more aggressive version of this in the future, which could sink
stores into checks. That could be crazy fun: https://bugs.webkit.org/show_bug.cgi?id=152162#c3

But mainly, I'm adding this optimization because it was super fun to implement during the
WebAssembly CG summit.

* b3/B3EliminateCommonSubexpressions.cpp:
* b3/B3MemoryValue.h:
* b3/B3SuccessorCollection.h:
(JSC::B3::SuccessorCollection::begin):
(JSC::B3::SuccessorCollection::end):
(JSC::B3::SuccessorCollection::const_iterator::const_iterator):
(JSC::B3::SuccessorCollection::const_iterator::operator*):
(JSC::B3::SuccessorCollection::const_iterator::operator++):
(JSC::B3::SuccessorCollection::const_iterator::operator==):
(JSC::B3::SuccessorCollection::const_iterator::operator!=):

LayoutTests:

These two benchmarks both speed up significantly with this change.

* js/regress/build-large-object-expected.txt: Added.
* js/regress/build-large-object.html: Added.
* js/regress/many-repeat-stores-expected.txt: Added.
* js/regress/many-repeat-stores.html: Added.
* js/regress/script-tests/build-large-object.js: Added.
* js/regress/script-tests/many-repeat-stores.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197366 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMake it cheap to #include "JITOperations.h"
fpizlo@apple.com [Mon, 29 Feb 2016 22:14:59 +0000 (22:14 +0000)]
Make it cheap to #include "JITOperations.h"
https://bugs.webkit.org/show_bug.cgi?id=154836

Reviewed by Mark Lam.

Prior to this change, this header included the whole world even though it did't have any
definitions. This patch turns almost all of the includes into forward declarations. Right
now this header is very cheap to include.

* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGSpeculativeJIT.h:
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/Repatch.h:
* runtime/CommonSlowPaths.h:
(JSC::encodeResult): Deleted.
(JSC::decodeResult): Deleted.
* runtime/SlowPathReturnType.h: Added.
(JSC::encodeResult):
(JSC::decodeResult):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197365 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse WTF::Optional for HTMLOListElement::m_start
cdumez@apple.com [Mon, 29 Feb 2016 21:32:28 +0000 (21:32 +0000)]
Use WTF::Optional for HTMLOListElement::m_start
https://bugs.webkit.org/show_bug.cgi?id=154824

Reviewed by Andreas Kling.

Use WTF::Optional for HTMLOListElement::m_start.

* html/HTMLOListElement.cpp:
(WebCore::HTMLOListElement::parseAttribute):
* html/HTMLOListElement.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197364 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK][jhbuild] GLib build fails with GCC 6.0
jdiggs@igalia.com [Mon, 29 Feb 2016 21:14:51 +0000 (21:14 +0000)]
[GTK][jhbuild] GLib build fails with GCC 6.0
https://bugs.webkit.org/show_bug.cgi?id=154825

Use the upstream work-around. https://bugzilla.gnome.org/show_bug.cgi?id=761550

Reviewed by Csaba Osztrogonác.

* gtk/jhbuild.modules: Apply upstream path.
* gtk/patches/gdate-suppress-string-format-literal-warning.patch: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197363 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDon't call NetworkProcess::singleton from WebProcess when using NetworkSession
achristensen@apple.com [Mon, 29 Feb 2016 20:46:13 +0000 (20:46 +0000)]
Don't call NetworkProcess::singleton from WebProcess when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154829

Reviewed by Anders Carlsson.

We were calling NetworkProcess::singleton when making the default session in the
WebProcess, which caused bad things to happen.  We also were never clearing the
credentials in the WebProcess between tests because it used to always call
NetworkProcess::singleton, which caused flaky tests.

This fixes repeatable crashes in http/tests/media/media-document-referer.html and
http/tests/media/media-document.html when using NetworkSession.

* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::NetworkProcess):
(WebKit::NetworkProcess::~NetworkProcess):
* NetworkProcess/NetworkSession.h:
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(WebKit::configurationForType):
(WebKit::globalCustomProtocolManager):
(WebKit::NetworkSession::setCustomProtocolManager):
(WebKit::NetworkSession::defaultSession):
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::clearCachedCredentials):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197362 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWe've been running Octane/regexp all wrong in run-jsc-benchmarks
fpizlo@apple.com [Mon, 29 Feb 2016 19:35:17 +0000 (19:35 +0000)]
We've been running Octane/regexp all wrong in run-jsc-benchmarks
https://bugs.webkit.org/show_bug.cgi?id=154827

Reviewed by Andreas Kling.

Octane v.2 and JetStream v.1.1 run this benchmark with warmup. This script was running
it without warmup. This patches fixes this by making this script run it with warmup.

This fix shows that my last patch, which added FTL support for regexp, was actually a 3%
speed-up on Octane/regexp, not a slow-down as the ChangeLog claimed.

It discovered this bug because for each Octane test that I want to debug, I usually make
a standalone .js file that contains the whole test along with a miniharness - usually
a plain loop - that runs it almost like it would for real but with whatever hacks I'm
using for debugging. When I wrote such a thing for regexp, I used a ~20 iteration warmup
to match the one second of warmup that this benchmark gets in Octane. To my surprise,
this quite faithful regexp runner did not see the regression that run-jsc-benchmarks
saw. That's when I found out that run-jsc-benchmarks was running it wrong.

The reason for the no-warmup slow-down is that the FTL is actually fairly expensive to
run on some of these very large functions in the regexp benchmark. I don't think we can
do anything about that, and I'd argue that the speed-up we see after the compilation is
done suggests that it was worth it.

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197361 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRefCounter<T>::Event -> RefCounterEvent
barraclough@apple.com [Mon, 29 Feb 2016 18:55:21 +0000 (18:55 +0000)]
RefCounter<T>::Event -> RefCounterEvent
https://bugs.webkit.org/show_bug.cgi?id=154767

Reviewed by Darin Adler.

RefCounter<T>::Event is kinda verbose to use, and there is no need for this
to be specific to a particular typeof RefCounter. Move the enum class up to
the top level & rename to RefCounterEvent.

Source/WebCore:

* page/PageThrottler.cpp:
(WebCore::PageThrottler::PageThrottler):
(WebCore::m_audiblePluginHysteresis):
(WebCore::m_mediaActivityCounter):
(WebCore::m_pageLoadActivityCounter):
* platform/VNodeTracker.cpp:
(WebCore::VNodeTracker::singleton):
(WebCore::VNodeTracker::VNodeTracker):
(WebCore::m_lastWarningTime):

Source/WebKit2:

Also remove UserObservablePageToken - this is vestigial & not really offering
anything over just using UserObservablePageCounter::Token directly.

* UIProcess/Plugins/PluginProcessManager.cpp:
(WebKit::PluginProcessManager::PluginProcessManager):
* UIProcess/Plugins/PluginProcessManager.h:
* UIProcess/Plugins/mac/PluginProcessManagerMac.mm:
(WebKit::PluginProcessManager::updateProcessSuppressionDisabled):
* UIProcess/ProcessThrottler.cpp:
(WebKit::ProcessThrottler::ProcessThrottler):
(WebKit::m_backgroundCounter):
(WebKit::m_suspendMessageCount):
* UIProcess/ProcessThrottler.h:
* UIProcess/WebPageProxy.h:
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::WebProcessPool):
(WebKit::m_processSuppressionDisabledForPageCounter):
(WebKit::m_hiddenPageThrottlingAutoIncreasesCounter):
* UIProcess/WebProcessPool.h:

Source/WTF:

* wtf/RefCounter.h:
(WTF::RefCounter<T>::Count::ref):
(WTF::RefCounter<T>::Count::deref):

Tools:

* TestWebKitAPI/Tests/WTF/RefCounter.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197360 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agostreams/pipe-to.html flaky on mac-wk1 debug
youenn.fablet@crf.canon.fr [Mon, 29 Feb 2016 18:51:28 +0000 (18:51 +0000)]
streams/pipe-to.html flaky on mac-wk1 debug
https://bugs.webkit.org/show_bug.cgi?id=154687

Reviewed by Darin Adler.

* TestExpectations: Marking streams/pipe-to.html as slow.
* streams/pipe-to.html: Increasing the timeout value.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197359 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove more LLVM related cruft
ossy@webkit.org [Mon, 29 Feb 2016 18:33:24 +0000 (18:33 +0000)]
Remove more LLVM related cruft
https://bugs.webkit.org/show_bug.cgi?id=154821

Reviewed by Darin Adler.

* Scripts/build-jsc:
* Scripts/build-webkit:
* Scripts/copy-webkitlibraries-to-product-directory:
* Scripts/export-llvm-build: Removed.
* Scripts/run-jsc-stress-tests:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197358 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFTL should be able to run everything in Octane/regexp
fpizlo@apple.com [Mon, 29 Feb 2016 18:05:17 +0000 (18:05 +0000)]
FTL should be able to run everything in Octane/regexp
https://bugs.webkit.org/show_bug.cgi?id=154266

Reviewed by Saam Barati.

Adds FTL support for NewRegexp, RegExpTest, and RegExpExec. I couldn't figure out how to
make the RegExpExec peephole optimization work in FTL. This optimizations shouldn't be a
DFG backend optimization anyway - if we need this optimization then it should be a
strength reduction rule over IR. That way, it can be shared by all backends.

I measured whether removing that optimization had any effect on performance separately
from measuring the performance of this patch. Removing that optimization did not change
our score on any benchmarks.

This patch does have an overall negative effect on the Octane/regexp score. This is
presumably because tiering up to the FTL has no value to the code in the regexp test. Or
maybe it's something else. No matter - the overall effect on the Octane score is not
statistically significant and we don't want this kind of coverage blocked by the fact
that adding coverage hurts a benchmark.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGNode.h:
(JSC::DFG::Node::setIndexingType):
(JSC::DFG::Node::hasRegexpIndex):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileNotifyWrite):
(JSC::DFG::SpeculativeJIT::compileIsObjectOrNull):
(JSC::DFG::SpeculativeJIT::compileRegExpExec): Deleted.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):
* tests/stress/ftl-regexp-exec.js: Added.
* tests/stress/ftl-regexp-test.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197357 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse HTML parsing rules for textarea.maxLength
cdumez@apple.com [Mon, 29 Feb 2016 17:36:51 +0000 (17:36 +0000)]
Use HTML parsing rules for textarea.maxLength
https://bugs.webkit.org/show_bug.cgi?id=154805

Reviewed by Andreas Kling.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-forms-expected.txt:

Source/WebCore:

Use HTML parsing rules for textarea.maxLength:
- https://html.spec.whatwg.org/multipage/forms.html#dom-textarea-maxlength
- https://html.spec.whatwg.org/multipage/infrastructure.html#limited-to-only-non-negative-numbers

No new tests, already covered by existing test.

* html/HTMLTextAreaElement.cpp:
(WebCore::HTMLTextAreaElement::maxLength):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197355 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAlign td.rowSpan / td.colSpan with the specification
cdumez@apple.com [Mon, 29 Feb 2016 17:32:18 +0000 (17:32 +0000)]
Align td.rowSpan / td.colSpan with the specification
https://bugs.webkit.org/show_bug.cgi?id=154803

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-tabular-expected.txt:

Source/WebCore:

Align td.rowSpan / td.colSpan with the specification:
- https://html.spec.whatwg.org/multipage/tables.html#htmltablecellelement
- https://html.spec.whatwg.org/multipage/tables.html#dom-tdth-colspan
- https://html.spec.whatwg.org/multipage/tables.html#dom-tdth-rowspan

In particular, the following changes were made:
- Change type from 'long' to 'unsigned long'.
- Use HTML rules for parsing unsigned integers:
  - https://html.spec.whatwg.org/multipage/infrastructure.html#rules-for-parsing-non-negative-integers
- Use 1 as default value when the input value is out of range instead
  of 0 when setting.
- rowspan is still clamped to [1, 8190] internally but we now expose the
  unclamped value to JS as this is an internal restriction. The same is
  done for a colSpan value of 0, we expose 0 to the Web but clamp to 1
  internally.

No new tests, already covered by existing test.

* html/HTMLTableCellElement.cpp:
(WebCore::HTMLTableCellElement::colSpan):
(WebCore::HTMLTableCellElement::rowSpan):
(WebCore::HTMLTableCellElement::rowSpanForBindings):
(WebCore::HTMLTableCellElement::setColSpan):
(WebCore::HTMLTableCellElement::setRowSpanForBindings):
(WebCore::HTMLTableCellElement::axis): Deleted.
(WebCore::HTMLTableCellElement::headers): Deleted.
* html/HTMLTableCellElement.h:
* html/HTMLTableCellElement.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197354 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Web IDL] Add support for [TreatNullAs=EmptyString] and use it
cdumez@apple.com [Mon, 29 Feb 2016 17:28:13 +0000 (17:28 +0000)]
[Web IDL] Add support for [TreatNullAs=EmptyString] and use it
https://bugs.webkit.org/show_bug.cgi?id=154654

Reviewed by Darin Adler.

Add support for [TreatNullAs=EmptyString] standard Web IDL extended
attribute:
- http://heycam.github.io/webidl/#TreatNullAs

This replaces the WebKit-specific [TreatNullAs=NullString] IDL
extended attribute. Instead of passing a null String() to the
implementation, emptyString() is passed.

This patch does not cause any web-exposed behavior change. For
case where switching from NullString to EmptyString would change
the behavior (or require changes to the implementation), the old
IDL attribute was kept. However, it was renamed to
[TreatNullAs=LegacyNullString] to discourage its use in new code.
Eventually, this legacy IDL attribute should go away entirely.

[TreatNullAs=EmptyString] should only be used when it is present
in the corresponding specification. Note that there are a lot of
places where we use [TreatNullAs=EmptyString] in our IDL where it
does not match the specification. I have added FIXME comments for
those so we can clean them up later.

No new tests, no web-exposed behavior change.

* Modules/mediastream/RTCPeerConnection.idl:
No behavior change because this is not implemented.

* bindings/js/JSDOMBinding.cpp:
(WebCore::valueToStringTreatingNullAsEmptyString):
* bindings/js/JSDOMBinding.h:
Add new function to convert a JSValue into a String while treating
null as the empty string.

* bindings/scripts/CodeGeneratorJS.pm:
(JSValueToNative):
* bindings/scripts/IDLAttributes.txt:
- Add support for [TreatNullAs=EmptyString].
- Rename NullString to LegacyNullString to discourage its use.

* bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
* bindings/scripts/test/GObject/WebKitDOMTestObj.h:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/ObjC/DOMTestObj.h:
* bindings/scripts/test/ObjC/DOMTestObj.mm:
* bindings/scripts/test/TestObj.idl:
Add bindings tests coverage for [TreatNullAs=EmptyString].

* css/CSSStyleDeclaration.idl:
* dom/CharacterData.idl:
* dom/DOMImplementation.idl:
* dom/Document.idl:
* dom/Element.idl:
* dom/ShadowRoot.idl:
* html/HTMLOutputElement.idl:
* html/HTMLScriptElement.idl:
* html/URLUtils.idl:
* svg/SVGAngle.idl:
* svg/SVGLength.idl:
Use [TreatNullAs=EmptyString] instead of [TreatNullAs=NullString].
There is not behavior change because the implementation does
not distinguish the null string from the empty string.

* html/HTMLBaseElement.idl:
* html/HTMLButtonElement.idl:
* html/HTMLFormElement.idl:
* html/HTMLMediaElement.idl:
* html/HTMLSelectElement.idl:
* svg/SVGElement.idl:
* svg/SVGScriptElement.idl:
Rename [TreatNullAs=NullString] to [TreatNullAs=LegacyNullString],
no behavior change.

* html/HTMLDocument.idl:
- dir and *Color: Rename [TreatNullAs=NullString] to
  [TreatNullAs=LegacyNullString].
- designMode: Drop [TreatNullAs=NullString] as per the specification:
  - https://html.spec.whatwg.org/multipage/dom.html#the-document-object
  null now gets converted to "null" instead of the null String but this
  does not change behavior because the implementation only recognizes
  "on" / "off" / others. So we still end up using inherit mode when
  set to null.

* html/HTMLElement.idl:
- Use [TreatNullAs=EmptyString] instead of [TreatNullAs=NullString] for
  innerText / outerText. Does not change behavior because the
  implementation does not distinguishes.
- Drop [TreatNullAs=NullString] from contentEditable to match the spec:
  - https://html.spec.whatwg.org/multipage/interaction.html#elementcontenteditable
  This does not change behavior because the implementation will the a SyntaxError
  wether a null String or the string "null" is passed.

* html/HTMLFrameElement.idl:
Drop [TreatNullAs=NullString] from location attribute. This does not
change behavior because the attribute is using a custom setter.

* html/HTMLInputElement.idl:
- formEnctype / formMethod / autocapitalize: Rename [TreatNullAs=NullString] to
  [TreatNullAs=LegacyNullString].
- value: Rename [TreatNullAs=NullString] to Rename [TreatNullAs=EmptyString], which
  does not change behavior because the implementation does not distinguish. Also
  drop the extended attribute for non-JS bindings as it has no impact.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::setMediaGroup):
Drop redundant group.isNull() check as group.isEmpty() already checks for null.

* html/HTMLScriptElement.cpp:
(WebCore::HTMLScriptElement::setText):
Drop useless .impl() call as we have a String and the method requires a String
as input.

* html/HTMLTextAreaElement.cpp:
(WebCore::HTMLTextAreaElement::setValueCommon):
Use emptyString() instead of "" as it is slightly more efficient.

* html/HTMLTextAreaElement.idl:
- value: Use [TreatNullAs=EmptyString] instead of [TreatNullAs=NullString]. No
  behavior change because the implementation does not distinguish.
- autocapitalize: Rename [TreatNullAs=NullString] to [TreatNullAs=LegacyNullString].

* html/canvas/CanvasRenderingContext2D.idl:
- globalCompositeOperation / repetitionType: Use [TreatNullAs=EmptyString] instead of
  [TreatNullAs=NullString]. No behavior change because the implementation does not
  distinguish.
- lineCap / lineJoin: Drop the [TreatNullAs=NullString] to match the spec:
  - https://html.spec.whatwg.org/multipage/scripting.html#canvaspathdrawingstyles
  There is no behavior change because those are string enumerations and the value
  is not recognized either way (String() or String("null")).
- shadowColor: Drop the [TreatNullAs=NullString] to match the spec:
  - https://html.spec.whatwg.org/multipage/scripting.html#canvasshadowstyles
  No behavior change because this is not a valid color either way.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197353 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFixed compilation with !ENABLE(DATABASE_PROCESS).
commit-queue@webkit.org [Mon, 29 Feb 2016 15:03:41 +0000 (15:03 +0000)]
Fixed compilation with !ENABLE(DATABASE_PROCESS).
https://bugs.webkit.org/show_bug.cgi?id=154813

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-02-29
Reviewed by Michael Catanzaro.

* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::terminateDatabaseProcess): Added missing #if
guard.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197352 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Touch slider test fails due to assertion in webkitWebViewBaseTouchEvent()
commit-queue@webkit.org [Mon, 29 Feb 2016 15:01:55 +0000 (15:01 +0000)]
[GTK] Touch slider test fails due to assertion in webkitWebViewBaseTouchEvent()
https://bugs.webkit.org/show_bug.cgi?id=153829

Patch by Adrien Plazas <aplazas@igalia.com> on 2016-02-29
Reviewed by Carlos Garcia Campos.

Source/WebKit2:

Once a touch event sequence is identified as a gesture, remove it
from the list of handled touch events.

* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkitWebViewBaseTouchEvent):

LayoutTests:

* platform/gtk/TestExpectations:
Remove now passing tests from the expected failures.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197351 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[cmake] Allow using FindGLIB in case glib is optional dependency.
commit-queue@webkit.org [Mon, 29 Feb 2016 14:59:39 +0000 (14:59 +0000)]
[cmake] Allow using FindGLIB in case glib is optional dependency.
https://bugs.webkit.org/show_bug.cgi?id=154796

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-02-29
Reviewed by Michael Catanzaro.

FindGLIB caused internal CMake error in case glibconfig.h is not
found.

* Source/cmake/FindGLIB.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197350 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRefactor FetchBody constructors
youenn.fablet@crf.canon.fr [Mon, 29 Feb 2016 13:01:51 +0000 (13:01 +0000)]
Refactor FetchBody constructors
https://bugs.webkit.org/show_bug.cgi?id=154721

Reviewed by Sam Weinig and Darin Adler.

Covered by existing tests.

* Modules/fetch/FetchBody.cpp:
(WebCore::FetchBody::extract): Renamed from "fromJSValue"
(WebCore::FetchBody::extractFromBody): Renamed from "fromRequestBody" and making use of move constructor.
* Modules/fetch/FetchBody.h:
(WebCore::FetchBody::FetchBody): Making default constructor public and removing empty static method.
* Modules/fetch/FetchRequest.cpp:
(WebCore::buildBody):
* Modules/fetch/FetchResponse.cpp:
(WebCore::FetchResponse::error):
(WebCore::FetchResponse::redirect):
(WebCore::FetchResponse::initializeWith):
* Modules/fetch/FetchResponse.h:
(WebCore::FetchResponse::create):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197347 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Mac][cmake] Unreviewed buildfix after r197177. Just for fun.
ossy@webkit.org [Mon, 29 Feb 2016 11:47:14 +0000 (11:47 +0000)]
[Mac][cmake] Unreviewed buildfix after r197177. Just for fun.

* PlatformMac.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197346 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197297.
commit-queue@webkit.org [Mon, 29 Feb 2016 10:06:33 +0000 (10:06 +0000)]
Unreviewed, rolling out r197297.
https://bugs.webkit.org/show_bug.cgi?id=154810

This change broke build of GTK from scratch (Requested by
annulen on #webkit).

Reverted changeset:

"[cmake] Allow using FindGLIB in case glib is optional
dependency."
https://bugs.webkit.org/show_bug.cgi?id=154796
http://trac.webkit.org/changeset/197297

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197327 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago::slotted doesn't work in nested shadow trees
antti@apple.com [Mon, 29 Feb 2016 08:36:53 +0000 (08:36 +0000)]
::slotted doesn't work in nested shadow trees
https://bugs.webkit.org/show_bug.cgi?id=154765
<rdar://problem/24870995>

Reviewed by Ryosuke Niwa.

Source/WebCore:

See https://github.com/w3c/webcomponents/issues/331#issuecomment-189191593

Test: fast/shadow-dom/css-scoping-shadow-slotted-nested.html

* css/ElementRuleCollector.cpp:
(WebCore::ElementRuleCollector::matchSlottedPseudoElementRules):

Collect ::slotted rules from all the nested shadow trees instead of just the host's.

LayoutTests:

* fast/shadow-dom/css-scoping-shadow-slotted-nested-expected.html: Added.
* fast/shadow-dom/css-scoping-shadow-slotted-nested.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197316 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMake JSFunction.name allocation fully lazy.
akling@apple.com [Mon, 29 Feb 2016 05:26:05 +0000 (05:26 +0000)]
Make JSFunction.name allocation fully lazy.
<https://webkit.org/b/154806>

Reviewed by Saam Barati.

We were reifying the "name" field on functions lazily, but created the string
value itself up front. This patch gets rid of the up-front allocation,
saving us a JSString allocation per function in most cases.

* builtins/BuiltinExecutables.cpp:
(JSC::createExecutableInternal):
* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::UnlinkedFunctionExecutable::visitChildren):
* bytecode/UnlinkedFunctionExecutable.h:
* runtime/CodeCache.cpp:
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):
* runtime/Executable.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::reifyName):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197308 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoParse HTMLOLElement.start as per the HTML spec
cdumez@apple.com [Mon, 29 Feb 2016 04:36:06 +0000 (04:36 +0000)]
Parse HTMLOLElement.start as per the HTML spec
https://bugs.webkit.org/show_bug.cgi?id=154802

Reviewed by Andreas Kling.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-grouping-expected.txt:

Source/WebCore:

Parse HTMLOLElement.start as per the HTML spec:
- https://html.spec.whatwg.org/multipage/semantics.html#dom-ol-start
- https://html.spec.whatwg.org/multipage/infrastructure.html#rules-for-parsing-integers

No new tests, already covered by existing test.

* html/HTMLOListElement.cpp:
(WebCore::HTMLOListElement::parseAttribute):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197307 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoReduce uses of PassRefPtr in indexeddb
gyuyoung.kim@webkit.org [Mon, 29 Feb 2016 01:57:41 +0000 (01:57 +0000)]
Reduce uses of PassRefPtr in indexeddb
https://bugs.webkit.org/show_bug.cgi?id=154273

Reviewed by Darin Adler.

No new tests, no behavior changes.

* Modules/indexeddb/IDBDatabaseError.h:
(WebCore::IDBDatabaseError::create):
* Modules/indexeddb/IDBKeyData.cpp:
(WebCore::IDBKeyData::maybeCreateIDBKey):
* Modules/indexeddb/IDBKeyData.h:
* Modules/indexeddb/IDBKeyRange.cpp:
(WebCore::IDBKeyRange::create):
(WebCore::IDBKeyRange::IDBKeyRange):
(WebCore::IDBKeyRange::only):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):
* Modules/indexeddb/IDBKeyRange.h:
(WebCore::IDBKeyRange::create):
(WebCore::IDBKeyRange::lower):
(WebCore::IDBKeyRange::upper):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):
* Modules/indexeddb/IDBKeyRangeData.cpp:
(WebCore::IDBKeyRangeData::maybeCreateIDBKeyRange):
* Modules/indexeddb/IDBKeyRangeData.h:
* Modules/indexeddb/IDBServerConnection.h:
* Modules/indexeddb/legacy/IDBCallbacks.h:
* Modules/indexeddb/legacy/IDBCursorBackend.cpp:
(WebCore::IDBCursorBackend::continueFunction):
* Modules/indexeddb/legacy/IDBCursorBackend.h:
* Modules/indexeddb/legacy/IDBCursorBackendOperations.h:
(WebCore::CursorIterationOperation::create):
(WebCore::CursorIterationOperation::CursorIterationOperation):
* Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp:
(WebCore::GetOperation::perform):
(WebCore::PutOperation::perform):
* Modules/indexeddb/legacy/LegacyCursor.cpp:
(WebCore::LegacyCursor::continueFunction):
* Modules/indexeddb/legacy/LegacyCursor.h:
* Modules/indexeddb/legacy/LegacyFactory.h:
(WebCore::LegacyFactory::create):
* Modules/indexeddb/legacy/LegacyRequest.cpp:
(WebCore::LegacyRequest::onSuccess):
* Modules/indexeddb/legacy/LegacyRequest.h:
* inspector/InspectorIndexedDBAgent.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197306 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r197303): 4 jsc tests failing on bots.
akling@apple.com [Mon, 29 Feb 2016 01:44:26 +0000 (01:44 +0000)]
REGRESSION(r197303): 4 jsc tests failing on bots.

Unreviewed follow-up fix.

* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): This function
can still get called with !m_rareData, in case the type profiler is active but this
particular code block doesn't have type profiler data. Handle it gracefully.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197305 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoReimplement WKPageGroup in terms of WKUserContentController
weinig@apple.com [Mon, 29 Feb 2016 00:32:24 +0000 (00:32 +0000)]
Reimplement WKPageGroup in terms of WKUserContentController
https://bugs.webkit.org/show_bug.cgi?id=154804

Reviewed by Dan Bernstein.

Source/WebKit2:

Instead of having both WebPageGroup and WebUserContentControllerProxy both keep track
of user scripts and user stylesheets, give WebPageGroup a WebUserContentControllerProxy
and let it take care of things. This allows us to remove a ton of duplicate code, and
provides a convenient way for clients currently using PageGroup based user content insertion
to start using UserContentController, since they can now be used at the same time.

When using WKPageConfigurationRef, the rule is:
    - If you don't set a WKUserContentControllerRef, the one from the WKPageGroupRef will be used.
    - If you do set a WKUserContentControllerRef, it will be used, and the one from the WKPageGroupRef
      will do nothing for that web view.

* DerivedSources.make:
Remove WebPageGroupProxy. It no longer is a MessageReceiver.

* Shared/WebPageGroupData.cpp:
(WebKit::WebPageGroupData::encode):
(WebKit::WebPageGroupData::decode):
* Shared/WebPageGroupData.h:
Stop encoding/decoding user content, instead just encode the identifier to the UserContentController.

* UIProcess/API/C/WKPageGroup.cpp:
(WKPageGroupGetUserContentController):
* UIProcess/API/C/WKPageGroup.h:
Add getter for the underlying WKUserContentControllerRef.

* UIProcess/API/cpp/WKRetainPtr.h:
(WebKit::retainWK):
Add retainWK() helper to match RetainPtr's retainPtr() helper.

* UIProcess/WebPageGroup.cpp:
(WebKit::WebPageGroup::WebPageGroup):
(WebKit::WebPageGroup::userContentController):
(WebKit::WebPageGroup::addUserStyleSheet):
(WebKit::WebPageGroup::addUserScript):
(WebKit::WebPageGroup::removeAllUserStyleSheets):
(WebKit::WebPageGroup::removeAllUserScripts):
(WebKit::WebPageGroup::removeAllUserContent):
(WebKit::WebPageGroup::addUserContentExtension):
(WebKit::WebPageGroup::removeUserContentExtension):
(WebKit::WebPageGroup::removeAllUserContentExtensions):
* UIProcess/WebPageGroup.h:
Pass through to the WebUserContentControllerProxy.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::finishInitializingWebPageAfterProcessLaunch):
(WebKit::WebPageProxy::creationParameters):
* UIProcess/WebPageProxy.h:
WebPageProxies always have a WebUserContentControllerProxy now, so it can go in a Ref and
a few branches can be removed.

* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::createWebPage):
If a UserContentController is not passed in, use the one from the PageGroup.

* WebKit2.xcodeproj/project.pbxproj:
Remove files.

* WebProcess/InjectedBundle/InjectedBundle.cpp:
Add some #includes that are now needed.

* WebProcess/UserContent/WebUserContentController.cpp:
(WebKit::WebUserContentController::getOrCreate):
* WebProcess/UserContent/WebUserContentController.h:
Modernize WebUserContentController::getOrCreate to return a Ref.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::WebPage):
(WebKit::m_shouldDispatchFakeMouseMoveEvents):
(WebKit::WebPage::addUserScript):
(WebKit::WebPage::addUserStyleSheet):
(WebKit::WebPage::removeAllUserContent):
* WebProcess/WebPage/WebPage.h:
Store the WebUserContentController in Ref, remove unnecessary branches/asserts.

* WebProcess/WebPage/WebPageGroupProxy.cpp:
(WebKit::WebPageGroupProxy::WebPageGroupProxy):
(WebKit::WebPageGroupProxy::~WebPageGroupProxy):
(WebKit::WebPageGroupProxy::userContentController):
(WebKit::WebPageGroupProxy::addUserStyleSheet): Deleted.
(WebKit::WebPageGroupProxy::addUserScript): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserStyleSheets): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserScripts): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserContent): Deleted.
(WebKit::WebPageGroupProxy::addUserContentExtension): Deleted.
(WebKit::WebPageGroupProxy::removeUserContentExtension): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserContentExtensions): Deleted.
* WebProcess/WebPage/WebPageGroupProxy.h:
Store a WebUserContentController in a Ref, remove now unnecessary message handling functions.

* WebProcess/WebPage/WebPageGroupProxy.messages.in:
Removed.

* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::didReceiveMessage):
Remove routing to WebPageGroupProxy, which is no longer a MessageReceiver.

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2/PageGroup.cpp: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197304 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoShrink UnlinkedCodeBlock a bit.
akling@apple.com [Sun, 28 Feb 2016 22:21:54 +0000 (22:21 +0000)]
Shrink UnlinkedCodeBlock a bit.
<https://webkit.org/b/154797>

Reviewed by Anders Carlsson.

Move profiler-related members of UnlinkedCodeBlock into its RareData
structure, saving 40 bytes, and then reorder the other members of
UnlinkedCodeBlock to save another 24 bytes, netting a nice total 64.

The VM member was removed entirely since UnlinkedCodeBlock is a cell
and can retrieve its VM through MarkedBlock header lookup.

* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::vm):
(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset):
(JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo):
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::addRegExp):
(JSC::UnlinkedCodeBlock::addConstant):
(JSC::UnlinkedCodeBlock::addFunctionDecl):
(JSC::UnlinkedCodeBlock::addFunctionExpr):
(JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
(JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
(JSC::UnlinkedCodeBlock::vm): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197303 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSource/WebKit2:
weinig@apple.com [Sun, 28 Feb 2016 21:56:44 +0000 (21:56 +0000)]
Source/WebKit2:
Bind _WKUserStyleSheets to _WKUserContentWorlds to allow for grouping of user content by associating to a world
https://bugs.webkit.org/show_bug.cgi?id=154798

Reviewed by Dan Bernstein.

Treat _WKUserStyleSheets like WKUserScripts and allow them to be bound to a _WKUserContentWorld.
The immediate benefit of this is allowing a client to bind a set of user content (scripts and stylesheets
for now) to a world and have them easily remove all user content associated with that world easily.

* Shared/API/APIArray.h:
Add helpers removeAllMatching and removeAllOfTypeMatching.

* UIProcess/API/APIUserStyleSheet.h:
Add API::UserContentWorld member.

* UIProcess/API/Cocoa/WKUserContentController.mm:
(-[WKUserContentController _removeAllUserScriptsAssociatedWithUserContentWorld:]):
(-[WKUserContentController _removeAllUserStyleSheetsAssociatedWithUserContentWorld:]):
* UIProcess/API/Cocoa/WKUserContentControllerPrivate.h:
Add _removeAllUserScriptsAssociatedWithUserContentWorld and _removeAllUserStyleSheetsAssociatedWithUserContentWorld.

* UIProcess/API/Cocoa/WKUserScript.mm:
(-[WKUserScript _initWithSource:injectionTime:forMainFrameOnly:legacyWhitelist:legacyBlacklist:userContentWorld:]):
(toStringVector): Deleted.
* UIProcess/API/Cocoa/_WKUserContentWorldInternal.h:
(API::toStringVector):
Move toStringVector to a location where it can be shared.

* UIProcess/API/Cocoa/_WKUserStyleSheet.h:
* UIProcess/API/Cocoa/_WKUserStyleSheet.mm:
(-[_WKUserStyleSheet initWithSource:forMainFrameOnly:legacyWhitelist:legacyBlacklist:userContentWorld:]):
Add new initializer which has a world to be bound to. While here, match WKUserScript and add support for the
legacy whitelist and blacklists.

* UIProcess/UserContent/WebUserContentControllerProxy.cpp:
(WebKit::WebUserContentControllerProxy::addProcess):
(WebKit::WebUserContentControllerProxy::removeProcess):
(WebKit::WebUserContentControllerProxy::addUserContentWorldUse):
(WebKit::WebUserContentControllerProxy::shouldSendRemoveUserContentWorldsMessage):
(WebKit::WebUserContentControllerProxy::removeUserContentWorldUses):
(WebKit::WebUserContentControllerProxy::addUserScript):
(WebKit::WebUserContentControllerProxy::removeUserScript):
(WebKit::WebUserContentControllerProxy::removeAllUserScripts):
(WebKit::WebUserContentControllerProxy::addUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeAllUserStyleSheets):
* UIProcess/UserContent/WebUserContentControllerProxy.h:
Refactor to share the code which decides whether to send AddUserContentWorlds/RemoveUserContentWorlds
messages.

* WebProcess/UserContent/WebUserContentController.cpp:
(WebKit::WebUserContentController::addUserContentWorlds):
(WebKit::WebUserContentController::removeUserContentWorlds):
(WebKit::WebUserContentController::addUserScripts):
(WebKit::WebUserContentController::removeUserScript):
(WebKit::WebUserContentController::removeAllUserScripts):
(WebKit::WebUserContentController::addUserStyleSheets):
(WebKit::WebUserContentController::removeUserStyleSheet):
(WebKit::WebUserContentController::removeAllUserStyleSheets):
* WebProcess/UserContent/WebUserContentController.h:
* WebProcess/UserContent/WebUserContentController.messages.in:
Add support for binding stylesheets to worlds and allow removing all the scripts/stylesheets from a
set of worlds at once by passing Vectors of world identifiers in the remove messages.

Tools:
Bind _WKUserStyleSheets to WKUserContentWorlds to allow for grouping of user content by associating to a world
https://bugs.webkit.org/show_bug.cgi?id=154798

Reviewed by Dan Bernstein.

* TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:
Add tests for removing _WKUserStyleSheets and WKUserScripts

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197302 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSwitch to application/vnd.apple.folder for <attachment> folder special-case
timothy_horton@apple.com [Sun, 28 Feb 2016 21:00:15 +0000 (21:00 +0000)]
Switch to application/vnd.apple.folder for <attachment> folder special-case
https://bugs.webkit.org/show_bug.cgi?id=154786
<rdar://problem/24416632>

Reviewed by Anders Carlsson.

Source/WebCore:

No new tests, adjusted an existing test to cover this.

* rendering/RenderThemeMac.mm:
(WebCore::iconForAttachment):
Add a second folder MIME type.

LayoutTests:

* fast/attachment/attachment-folder-icon-expected.html:
* fast/attachment/attachment-folder-icon.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197301 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoVariables can resolve to the wrong value when elements differ in nothing but inherite...
timothy_horton@apple.com [Sun, 28 Feb 2016 20:42:55 +0000 (20:42 +0000)]
Variables can resolve to the wrong value when elements differ in nothing but inherited variable value
https://bugs.webkit.org/show_bug.cgi?id=154785

Reviewed by Antti Koivisto.

Source/WebCore:

Test: fast/css/variables/avoid-matched-property-cache.html

* css/StyleResolver.cpp:
(WebCore::StyleResolver::MatchResult::addMatchedProperties):
Disable the matched property cache when a value is variable-dependent, because
they can resolve to inherited values, and the matched property cache could
end up copying the wrong value from another similarly-styled element.

LayoutTests:

* fast/css/variables/avoid-matched-property-cache-expected.html: Added.
* fast/css/variables/avoid-matched-property-cache.html: Added.
Add a test. The non-standard element is necessary because the resolved property
cache is already disabled when using the "simple" default style sheet, and
it seems better to use a totally non-standard element than one that might
end up in the "simple" default style sheet in the future and would silently
invalidate the test.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197300 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFTL should lower its abstract heaps to B3 heap ranges
fpizlo@apple.com [Sun, 28 Feb 2016 20:34:03 +0000 (20:34 +0000)]
FTL should lower its abstract heaps to B3 heap ranges
https://bugs.webkit.org/show_bug.cgi?id=154782

Reviewed by Saam Barati.

The FTL can describe the abstract heaps (points-to sets) that a memory operation will
affect. The abstract heaps are arranged as a hierarchy. We used to transform this into
TBAA hierarchies in LLVM, but we never got around to wiring this up to B3's equivalent
notion - the HeapRange. That's what this patch fixes.

B3 has a minimalistic alias analysis. It represents abstract heaps using unsigned 32-bit
integers. There are 1<<32 abstract heaps. The B3 client can describe what an operation
affects by specifying a heap range: a begin...end pair that says that the operation
affects all abstract heaps H such that begin <= H < end.

This peculiar scheme was a deliberate attempt to distill what the abstract heap
hierarchy is all about. We can assign begin...end numbers to abstract heaps so that:

- A heap's end is greater than its begin.
- A heap's begin is greater than or equal to its parent's begin.
- A heap's end is less than or equal to its parent's end.

This is easy to do using a recursive traversal of the abstract heap hierarchy. I almost
went for the iterative traversal, which is a splendid algorithm, but it's totally
unnecessary here since we tightly control the height of the heap hierarchy.

Because abstract heaps are produced on-the-fly by FTL lowering, due to the fact that we
generate new ones for field names and constant indices we encounter, we can't actually
decorate the B3 instructions we create in lowering until all lowering is done. Adding a
new abstract heap to the hierarchy after ranges were already computed would require
updating the ranges of any heaps "to the right" of that heap in the hierarchy. This
patch solves that problem by recording the associations between abstract heaps and their
intended roles in the generated IR, and then decorating all of the relevant B3 values
after we compute the ranges of the hierarchy after lowering.

This is perf-neutral. I was hoping for a small speed-up, but I could not detect a
speed-up on any benchmark. That's not too surprising. We already have very precise CSE
in the DFG, so there aren't many opportunities left for the B3 CSE and it may have
already been getting the big ones even without alias analysis.

Even without a speed-up, this patch is valuable because it makes it easier to implement
other optimizations, like store elimination.

* b3/B3HeapRange.h:
(JSC::B3::HeapRange::HeapRange):
* ftl/FTLAbstractHeap.cpp:
(JSC::FTL::AbstractHeap::AbstractHeap):
(JSC::FTL::AbstractHeap::changeParent):
(JSC::FTL::AbstractHeap::compute):
(JSC::FTL::AbstractHeap::shallowDump):
(JSC::FTL::AbstractHeap::dump):
(JSC::FTL::AbstractHeap::deepDump):
(JSC::FTL::AbstractHeap::badRangeError):
(JSC::FTL::IndexedAbstractHeap::IndexedAbstractHeap):
(JSC::FTL::IndexedAbstractHeap::baseIndex):
(JSC::FTL::IndexedAbstractHeap::atSlow):
(JSC::FTL::IndexedAbstractHeap::initialize):
(JSC::FTL::AbstractHeap::decorateInstruction): Deleted.
(JSC::FTL::AbstractField::dump): Deleted.
* ftl/FTLAbstractHeap.h:
(JSC::FTL::AbstractHeap::AbstractHeap):
(JSC::FTL::AbstractHeap::isInitialized):
(JSC::FTL::AbstractHeap::initialize):
(JSC::FTL::AbstractHeap::parent):
(JSC::FTL::AbstractHeap::heapName):
(JSC::FTL::AbstractHeap::range):
(JSC::FTL::AbstractHeap::offset):
(JSC::FTL::IndexedAbstractHeap::atAnyIndex):
(JSC::FTL::IndexedAbstractHeap::at):
(JSC::FTL::IndexedAbstractHeap::operator[]):
(JSC::FTL::IndexedAbstractHeap::returnInitialized):
(JSC::FTL::IndexedAbstractHeap::WithoutZeroOrOneHashTraits::constructDeletedValue):
(JSC::FTL::IndexedAbstractHeap::WithoutZeroOrOneHashTraits::isDeletedValue):
(JSC::FTL::AbstractHeap::changeParent): Deleted.
(JSC::FTL::AbstractField::AbstractField): Deleted.
(JSC::FTL::AbstractField::initialize): Deleted.
(JSC::FTL::AbstractField::offset): Deleted.
* ftl/FTLAbstractHeapRepository.cpp:
(JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
(JSC::FTL::AbstractHeapRepository::~AbstractHeapRepository):
(JSC::FTL::AbstractHeapRepository::decorateMemory):
(JSC::FTL::AbstractHeapRepository::decorateCCallRead):
(JSC::FTL::AbstractHeapRepository::decorateCCallWrite):
(JSC::FTL::AbstractHeapRepository::decoratePatchpointRead):
(JSC::FTL::AbstractHeapRepository::decoratePatchpointWrite):
(JSC::FTL::AbstractHeapRepository::computeRangesAndDecorateInstructions):
* ftl/FTLAbstractHeapRepository.h:
(JSC::FTL::AbstractHeapRepository::forArrayType):
(JSC::FTL::AbstractHeapRepository::HeapForValue::HeapForValue):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::lower):
* ftl/FTLOutput.cpp:
(JSC::FTL::Output::load):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::load8ZeroExt32):
(JSC::FTL::Output::load16SignExt32):
(JSC::FTL::Output::load16ZeroExt32):
(JSC::FTL::Output::store):
(JSC::FTL::Output::store32As8):
(JSC::FTL::Output::store32As16):
(JSC::FTL::Output::baseIndex):
* ftl/FTLOutput.h:
(JSC::FTL::Output::address):
(JSC::FTL::Output::absolute):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::load8ZeroExt32):
(JSC::FTL::Output::load16SignExt32):
(JSC::FTL::Output::load16ZeroExt32):
(JSC::FTL::Output::load32):
(JSC::FTL::Output::load64):
(JSC::FTL::Output::loadPtr):
(JSC::FTL::Output::loadDouble):
(JSC::FTL::Output::store32):
(JSC::FTL::Output::store64):
(JSC::FTL::Output::storePtr):
(JSC::FTL::Output::storeDouble):
(JSC::FTL::Output::ascribeRange):
(JSC::FTL::Output::nonNegative32):
(JSC::FTL::Output::load32NonNegative):
(JSC::FTL::Output::equal):
(JSC::FTL::Output::notEqual):
* ftl/FTLTypedPointer.h:
(JSC::FTL::TypedPointer::operator!):
(JSC::FTL::TypedPointer::heap):
(JSC::FTL::TypedPointer::value):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197299 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSVGToOTFFontConversion.cpp does not compile with libstdc++ 4.8
commit-queue@webkit.org [Sun, 28 Feb 2016 20:12:06 +0000 (20:12 +0000)]
SVGToOTFFontConversion.cpp does not compile with libstdc++ 4.8
https://bugs.webkit.org/show_bug.cgi?id=154794

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-02-28
Reviewed by Michael Catanzaro.

No new tests needed.

* svg/SVGToOTFFontConversion.cpp:
(WebCore::SVGToOTFFontConverter::appendLigatureSubtable): Added const
qualifiers.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197298 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[cmake] Allow using FindGLIB in case glib is optional dependency.
commit-queue@webkit.org [Sun, 28 Feb 2016 20:11:02 +0000 (20:11 +0000)]
[cmake] Allow using FindGLIB in case glib is optional dependency.
https://bugs.webkit.org/show_bug.cgi?id=154796

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-02-28
Reviewed by Michael Catanzaro.

FindGLIB caused internal CMake error in case GLIBCONFIG_INCLUDE_DIR is
not defined.

* Source/cmake/FindGLIB.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197297 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Arrow function syntax. Emit loading&putting this/super only if they are used...
gskachkov@gmail.com [Sun, 28 Feb 2016 19:14:26 +0000 (19:14 +0000)]
[ES6] Arrow function syntax. Emit loading&putting this/super only if they are used in arrow function. https://bugs.webkit.org/show_bug.cgi?id=153981

Small improvements

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197296 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoProxyObject.[[GetOwnProperty]] is partially broken because it doesn't propagate infor...
sbarati@apple.com [Sun, 28 Feb 2016 18:40:35 +0000 (18:40 +0000)]
ProxyObject.[[GetOwnProperty]] is partially broken because it doesn't propagate information back to the slot
https://bugs.webkit.org/show_bug.cgi?id=154768

Reviewed by Ryosuke Niwa.

This fixes a big bug with ProxyObject.[[GetOwnProperty]]:
http://www.ecma-international.org/ecma-262/6.0/index.html#sec-proxy-object-internal-methods-and-internal-slots-getownproperty-p
We weren't correctly propagating the result of this operation to the
out PropertySlot& parameter. This patch fixes that and adds tests.

* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorGetOwnPropertyDescriptor):
I added a missing exception check after object allocation
because I saw that it was missing while reading the code.

* runtime/PropertyDescriptor.cpp:
(JSC::PropertyDescriptor::setUndefined):
(JSC::PropertyDescriptor::slowGetterSetter):
(JSC::PropertyDescriptor::getter):
* runtime/PropertyDescriptor.h:
(JSC::PropertyDescriptor::attributes):
(JSC::PropertyDescriptor::value):
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
* tests/es6.yaml:
* tests/stress/proxy-get-own-property.js:
(let.handler.getOwnPropertyDescriptor):
(set get let.handler.return):
(set get let.handler.getOwnPropertyDescriptor):
(set get let):
(set get let.a):
(let.b):
(let.setter):
(let.getter):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197295 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: DataGrid's resizers aren't horizontally centered
nvasilyev@apple.com [Sun, 28 Feb 2016 08:01:10 +0000 (08:01 +0000)]
Web Inspector: DataGrid's resizers aren't horizontally centered
https://bugs.webkit.org/show_bug.cgi?id=154787
<rdar://problem/24876901>

Reviewed by Timothy Hatcher.

* UserInterface/Views/DataGrid.css:
(.data-grid .resizer):
Use CSS transforms as margin-left doesn't support sub-pixel values.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197265 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemoving ios-simulator baseline for js/number-toLocaleString.html
sukolsak@gmail.com [Sun, 28 Feb 2016 03:33:19 +0000 (03:33 +0000)]
Removing ios-simulator baseline for js/number-toLocaleString.html
https://bugs.webkit.org/show_bug.cgi?id=154524

Reviewed by Darin Adler.

The default locale issue has been fixed in r197261.
Infinity.toLocaleString() should return "∞" as expected.

* platform/ios-simulator/js/number-toLocaleString-expected.txt: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197264 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoPrevent cross-origin access to Location.assign() / Location.reload()
cdumez@apple.com [Sun, 28 Feb 2016 00:50:28 +0000 (00:50 +0000)]
Prevent cross-origin access to Location.assign() / Location.reload()
https://bugs.webkit.org/show_bug.cgi?id=154779

Reviewed by Darin Adler.

Source/WebCore:

Prevent cross-origin access to Location.assign() / Location.reload()
to match the latest specification:
- https://html.spec.whatwg.org/multipage/browsers.html#crossoriginproperties-(-o-)

Firefox and Chrome already prevent this but WebKit allowed it.

No new tests, already covered by existing tests.

* bindings/js/JSLocationCustom.cpp:
(WebCore::JSLocation::getOwnPropertySlotDelegate):
(WebCore::JSLocation::putDelegate): Deleted.

LayoutTests:

Update existing layout tests now that we prevent cross-origin access to
Location.assign() / Location.reload().

* http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt:
* http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html:
* http/tests/security/cross-frame-access-location-get-expected.txt:
* http/tests/security/cross-frame-access-location-get-override-expected.txt:
* http/tests/security/cross-frame-access-location-get-override.html:
* http/tests/security/cross-frame-access-location-get.html:
* http/tests/security/xss-DENIED-defineProperty-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197263 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSilence leaks under TextCodecICU::registerCodecs
ap@apple.com [Sun, 28 Feb 2016 00:40:18 +0000 (00:40 +0000)]
Silence leaks under TextCodecICU::registerCodecs
https://bugs.webkit.org/show_bug.cgi?id=154737

Reviewed by Darin Adler.

* Scripts/webkitpy/port/leakdetector.py:
(LeakDetector._callstacks_to_exclude_from_leaks):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197262 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoIntl.Collator uses POSIX locale (detected by js/intl-collator.html on iOS Simulator)
commit-queue@webkit.org [Sun, 28 Feb 2016 00:36:01 +0000 (00:36 +0000)]
Intl.Collator uses POSIX locale (detected by js/intl-collator.html on iOS Simulator)
https://bugs.webkit.org/show_bug.cgi?id=152448

Patch by Andy VanWagoner <thetalecrafter@gmail.com> on 2016-02-27
Reviewed by Darin Adler.

Source/JavaScriptCore:

Add defaultLanguage to the globalObjectMethodTable and use it for the
default locale in Intl object initializations. Fall back to ICU default
locale only if the defaultLanguage function is null, or returns an
empty string.

* jsc.cpp:
* runtime/IntlCollator.cpp:
(JSC::IntlCollator::initializeCollator):
* runtime/IntlDateTimeFormat.cpp:
(JSC::IntlDateTimeFormat::initializeDateTimeFormat):
* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::initializeNumberFormat):
* runtime/IntlObject.cpp:
(JSC::defaultLocale):
(JSC::lookupMatcher):
(JSC::bestFitMatcher):
(JSC::resolveLocale):
* runtime/IntlObject.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/StringPrototype.cpp:
(JSC::toLocaleCase):

Source/WebCore:

Pass defaultLanguage from Language.h to the globalObjectMethodTable to
ensure Intl objects can be initialized with the correct default locale.

* bindings/js/JSDOMWindowBase.cpp:
* bindings/js/JSWorkerGlobalScopeBase.cpp:

LayoutTests:

Add tests for default locale in test runner to be en-US.

* js/intl-collator-expected.txt:
* js/intl-datetimeformat-expected.txt:
* js/intl-numberformat-expected.txt:
* js/script-tests/intl-collator.js:
* js/script-tests/intl-datetimeformat.js:
* js/script-tests/intl-numberformat.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197261 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAlign HTMLMarqueeElement.scrollAmount / scrollDelay with the specification
cdumez@apple.com [Sun, 28 Feb 2016 00:35:18 +0000 (00:35 +0000)]
Align HTMLMarqueeElement.scrollAmount / scrollDelay with the specification
https://bugs.webkit.org/show_bug.cgi?id=154781

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-obsolete-expected.txt:

Source/WebCore:

Align HTMLMarqueeElement.scrollAmount / scrollDelay with the
specification:
- https://www.w3.org/TR/html5/obsolete.html#the-marquee-element-0

In particular:
- The attributes should have unsigned long type
- We should not throw for negative values
- Values should be in the range [0, 2147483647] as per:
- https://html.spec.whatwg.org/multipage/infrastructure.html#reflect

No new tests, already covered by existing tests.

* html/HTMLMarqueeElement.cpp:
(WebCore::HTMLMarqueeElement::scrollAmount):
(WebCore::HTMLMarqueeElement::setScrollAmount):
(WebCore::HTMLMarqueeElement::scrollDelay):
(WebCore::HTMLMarqueeElement::setScrollDelay):
(WebCore::HTMLMarqueeElement::loop): Deleted.
* html/HTMLMarqueeElement.h:
* html/HTMLMarqueeElement.idl:

LayoutTests:

Update existing test to reflect the behavior changes.

* fast/html/marquee-element-expected.txt:
* fast/html/marquee-element.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197260 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197204, r197207, r197211, r197217,
commit-queue@webkit.org [Sat, 27 Feb 2016 21:05:24 +0000 (21:05 +0000)]
Unreviewed, rolling out r197204, r197207, r197211, r197217,
r197218, and r197219.
https://bugs.webkit.org/show_bug.cgi?id=154780

Caused crashes in WebVideoFullscreenManagerProxy (Requested by
ap on #webkit).

Reverted changesets:

"Add support for playbackControlsManager"
https://bugs.webkit.org/show_bug.cgi?id=154742
http://trac.webkit.org/changeset/197204

"Attempted build fix."
http://trac.webkit.org/changeset/197207

"Attempted build fix."
http://trac.webkit.org/changeset/197211

"Attempted 32-bit build fix."
http://trac.webkit.org/changeset/197217

"Another 32-bit build fix."
http://trac.webkit.org/changeset/197218

"32-bit!!!"
http://trac.webkit.org/changeset/197219

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197259 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMark failing reftests as such, now that we detect reftest failures.
ap@apple.com [Sat, 27 Feb 2016 20:20:58 +0000 (20:20 +0000)]
Mark failing reftests as such, now that we detect reftest failures.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197258 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r195795): [WK2] fast/text/crash-complex-text-surrogate.html is flakey
ap@apple.com [Sat, 27 Feb 2016 20:01:02 +0000 (20:01 +0000)]
REGRESSION(r195795): [WK2] fast/text/crash-complex-text-surrogate.html is flakey
https://bugs.webkit.org/show_bug.cgi?id=154709

The test has been made made non-flaky, but it also needs new results.

* platform/mac/fast/text/crash-complex-text-surrogate-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197257 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCLoop build fix.
oliver@apple.com [Sat, 27 Feb 2016 19:28:25 +0000 (19:28 +0000)]
CLoop build fix.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197256 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoOptimize parseHTMLInteger()
cdumez@apple.com [Sat, 27 Feb 2016 18:30:58 +0000 (18:30 +0000)]
Optimize parseHTMLInteger()
https://bugs.webkit.org/show_bug.cgi?id=154772

Reviewed by Ryosuke Niwa.

Optimize parseHTMLInteger() a bit now that it is used a lot more and
that it has decent API test coverage. In particular, we now:
- Avoid using a StringBuilder for the digits.
- Get rid of a is8Bit() branch.
- Only traverse the input string once.

* html/parser/HTMLParserIdioms.cpp:
(WebCore::parseHTMLIntegerInternal):
(WebCore::parseHTMLInteger):
(WebCore::parseHTMLNonNegativeInteger): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197255 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Discard decoded image data on top-level navigation.
akling@apple.com [Sat, 27 Feb 2016 17:49:29 +0000 (17:49 +0000)]
[iOS] Discard decoded image data on top-level navigation.
<https://webkit.org/b/154776>

Reviewed by Anders Carlsson.

Add a mechanism that destroys decoded data for all CachedImages and invoke it
when performing a top-level navigation on iOS.

This substantially reduces the ImageIO contribution to our peak memory footprint.

It would be even better if we could mark these images volatile during the transition
but we currently don't have framework support for such machinations.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::commitProvisionalLoad):
* loader/cache/MemoryCache.cpp:
(WebCore::MemoryCache::forEachResource):
(WebCore::MemoryCache::destroyDecodedDataForAllImages):
* loader/cache/MemoryCache.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197254 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed. Fix GTK+ clean build.
carlosgc@webkit.org [Sat, 27 Feb 2016 07:45:36 +0000 (07:45 +0000)]
Unreviewed. Fix GTK+ clean build.

Add missing header include.

* WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197246 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Increase clickable area of the console prompt
nvasilyev@apple.com [Sat, 27 Feb 2016 07:44:29 +0000 (07:44 +0000)]
Web Inspector: Increase clickable area of the console prompt
https://bugs.webkit.org/show_bug.cgi?id=154719
<rdar://problem/24854538>

Reviewed by Timothy Hatcher.

Clicking on the area around CodeMirror element now moves
focus to the console prompt.

* UserInterface/Views/QuickConsole.js:
(WebInspector.QuickConsole.prototype._handleMouseDown):
Only capture mousedown events on .quick-console.
Don't capture clicks on CodeMirror.

* UserInterface/Views/QuickConsole.css:
(.quick-console > .console-prompt):
(.quick-console > .console-prompt > .CodeMirror):
Make sure .console-prompt is never an event.target for _handleMouseDown.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197245 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoNetwork cache: old pages returned by disk cache on history navigation after session...
carlosgc@webkit.org [Sat, 27 Feb 2016 07:44:07 +0000 (07:44 +0000)]
Network cache: old pages returned by disk cache on history navigation after session is restored
https://bugs.webkit.org/show_bug.cgi?id=153230

Reviewed by Chris Dumez.

Source/WebCore:

Add a flag to HistoryItem to mark them as restored from session
and use it from the FrameLoader to not change the policy request
when navigating to a history item that was restored from session,
except for iOS port.

* history/HistoryItem.h:
(WebCore::HistoryItem::setWasRestoredFromSession):
(WebCore::HistoryItem::wasRestoredFromSession):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadDifferentDocumentItem):

Source/WebKit2:

Since r181734, the network cache never revalidates resources for
history navigation. This is good for the memory cache, but in the
case of disk cache, we might end up with outdated pages when
restoring the session. When restoring the session happens because
of an API request (we also restore the session when recovering
from a web process crash), we should revalidate back forward list
requests in the disk cache if needed. This will only happen the
first time they are loaded after a session restore. After a web process
crash, resources will be used uncondionally from the disk cache.

* WebProcess/WebPage/WebBackForwardListProxy.cpp:
(WebKit::WebBackForwardListProxy::addItemFromUIProcess): Use Ref&&
instead of PassRefPtr.
* WebProcess/WebPage/WebBackForwardListProxy.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WePage::WebPage): Call restoreSessionInternal passing
No as restoredByAPIRequest parameter.
(WebKit::WebPage::restoreSessionInternal): Set restoredFromSession
flag to the created HistoryItem if the item was restored from
session by an API request.
(WebKit::WebPage::restoreSession): Call restoreSessionInternal
passing Yes as restoredByAPIRequest parameter.
* WebProcess/WebPage/WebPage.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197244 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Remove unused member variables from overview graphs
commit-queue@webkit.org [Sat, 27 Feb 2016 07:26:09 +0000 (07:26 +0000)]
Web Inspector: Remove unused member variables from overview graphs
https://bugs.webkit.org/show_bug.cgi?id=154774

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-26
Reviewed by Timothy Hatcher.

* UserInterface/Views/LayoutTimelineOverviewGraph.js:
(WebInspector.LayoutTimelineOverviewGraph.prototype.reset):
* UserInterface/Views/ScriptTimelineOverviewGraph.js:
(WebInspector.ScriptTimelineOverviewGraph.prototype.reset):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197243 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r196741): Web Inspector: Bottom section of Layers sidebar is 1px shorter...
nvasilyev@apple.com [Sat, 27 Feb 2016 07:17:53 +0000 (07:17 +0000)]
REGRESSION (r196741): Web Inspector: Bottom section of Layers sidebar is 1px shorter than the console prompt
https://bugs.webkit.org/show_bug.cgi?id=154773
<rdar://problem/24873345>

Reviewed by Timothy Hatcher.

* UserInterface/Views/LayerTreeDetailsSidebarPanel.css:
(.sidebar > .panel.details.layer-tree > .content):
(.panel.details.layer-tree .bottom-bar):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197242 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Fix incorrect cast
mcatanzaro@igalia.com [Sat, 27 Feb 2016 06:19:08 +0000 (06:19 +0000)]
[GTK] Fix incorrect cast

Unreviewed.

* MiniBrowser/gtk/main.c:
(createBrowserWindow):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197241 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove unused private field from WEBPImageDecoder
mcatanzaro@igalia.com [Sat, 27 Feb 2016 06:16:42 +0000 (06:16 +0000)]
Remove unused private field from WEBPImageDecoder

Unreviewed.

* platform/image-decoders/webp/WEBPImageDecoder.cpp:
(WebCore::WEBPImageDecoder::WEBPImageDecoder):
* platform/image-decoders/webp/WEBPImageDecoder.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197240 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix a typo.
mcatanzaro@igalia.com [Sat, 27 Feb 2016 06:11:59 +0000 (06:11 +0000)]
Fix a typo.

Unreviewed. Shame I didn't notice in the previous commit.

* WebProcess/UserContent/WebUserContentController.cpp:
(WebKit::WebUserContentController::removeUserContentWorld):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197239 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix GTK and maybe EFL build after r197172.
mcatanzaro@igalia.com [Sat, 27 Feb 2016 06:09:55 +0000 (06:09 +0000)]
Fix GTK and maybe EFL build after r197172.

Unreviewed.

* CMakeLists.txt:
* UIProcess/API/gtk/WebKitUserContent.cpp:
(_WebKitUserScript::_WebKitUserScript):
* WebProcess/UserContent/WebUserContentController.cpp:
(WebKit::WebUserContentController::removeUserContentWorld):
(WebKit::WebUserContentController::addUserScripts):
(WebKit::WebUserContentController::removeUserScript):
(WebKit::WebUserContentController::removeAllUserScripts):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197238 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix the behavior of reflecting IDL attributes of type unsigned long
cdumez@apple.com [Sat, 27 Feb 2016 06:09:37 +0000 (06:09 +0000)]
Fix the behavior of reflecting IDL attributes of type unsigned long
https://bugs.webkit.org/show_bug.cgi?id=154771

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-embedded-expected.txt:
* web-platform-tests/html/dom/reflection-obsolete-expected.txt:

Source/WebCore:

Fix the behavior of reflecting IDL attributes of type unsigned long to
align with the specification:
- https://html.spec.whatwg.org/multipage/infrastructure.html#reflecting-content-attributes-in-idl-attributes
- https://html.spec.whatwg.org/multipage/infrastructure.html#rules-for-parsing-non-negative-integers

Firefox and Chrome already follow the specification.

There were several issues with our implementation, which are all
addressed in this patch:
- Upon getting, the value returned must be in the range 0 to 2147483647.
  Otherwise, we must return the default value (0 unless specified
  otherwise). We previously returned values in the range 0 to 4294967295
  instead.
- Upon setting, we must set the content attribute to the default value
  (0 unless specified otherwise) if the input value is not in the range
  0 to 2147483647. We previously allowed values in the range 0 to
  4294967295 instead.
- "-0" was not recognized as a valid unsigned integer

Test: fast/dom/reflect-unsigned-long.html

* dom/Element.cpp:
(WebCore::Element::setUnsignedIntegralAttribute):
Update setUnsignedIntegralAttribute() to limit the input value in the
0 to 2147483647 range, as per the HTML specification. This method is
called by the bindings implementation of reflecting attributes setters.

* html/parser/HTMLParserIdioms.cpp:
(WebCore::parseHTMLNonNegativeInteger):
Update parseHTMLNonNegativeInteger() to call parseHTMLInteger() instead
of duplicating most of its code and fail if the value returned is
negative. This matches the algorithm in the specification:
- https://html.spec.whatwg.org/multipage/infrastructure.html#rules-for-parsing-non-negative-integers

This has 2 behavior changes:
1. "-0" is now correctly parsed as 0.
2. The returned values are in the range 0 to 2147483647.

* html/parser/HTMLParserIdioms.h:
(WebCore::limitToOnlyHTMLNonNegativeNumbersGreaterThanZero):
(WebCore::limitToOnlyHTMLNonNegative):
Drop the checks for "<= 2147483647" and replace with an assertion
now that parseHTMLNonNegativeInteger() already returned values in
the right range.

Tools:

Update API tests to cover the fixes to the parseHTMLNonNegativeInteger()
implementation:
- "-0" is parsed as 0.
- Range boundaries are now [0; 2147483647].

* TestWebKitAPI/Tests/WebCore/HTMLParserIdioms.cpp:
(TestWebKitAPI::TEST):

LayoutTests:

Add test coverage for the behavior of reflecting IDL attributes of type
unsigned long.

* fast/dom/reflect-unsigned-long-expected.txt: Added.
* fast/dom/reflect-unsigned-long.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197237 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Fix order of parameters in gtkdoc for webkit_web_view_get_snapshot
mcatanzaro@igalia.com [Sat, 27 Feb 2016 05:51:22 +0000 (05:51 +0000)]
[GTK] Fix order of parameters in gtkdoc for webkit_web_view_get_snapshot

Unreviewed.

* UIProcess/API/gtk/WebKitWebView.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197236 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Custom transition bezier curve editor preview should loop when not...
commit-queue@webkit.org [Sat, 27 Feb 2016 05:40:51 +0000 (05:40 +0000)]
Web Inspector: Custom transition bezier curve editor preview should loop when not editing curve
https://bugs.webkit.org/show_bug.cgi?id=154738
<rdar://problem/24861563>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-02-26
Reviewed by Timothy Hatcher.

Added extra frames to bezier preview animation to allow it to infinitely
repeat without being jarring to watch.

* UserInterface/Views/BezierEditor.css:
(.bezier-editor > .bezier-preview-timing.animate):
(@keyframes bezierPreview):
* UserInterface/Views/BezierEditor.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197235 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (188611): Search field Cancel button should not overlap search text on...
zalan@apple.com [Sat, 27 Feb 2016 05:11:09 +0000 (05:11 +0000)]
REGRESSION (188611): Search field Cancel button should not overlap search text on extensions page.
https://bugs.webkit.org/show_bug.cgi?id=154692
<rdar://problem/22840453>

Reviewed by Brent Fulgham.

Adjust the cancel button position using the actual size of the cancel button.

When the input box and the font height trigger different cancel button sizes, we need to readjust
the rectangle returned by cancelButtonRectForBounds.
This fixes both the mispositioned cancel button and the squared off icon when the input field is zoomed all the way in.

Source/WebCore:

Covered by existing tests.

* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::paintSearchFieldCancelButton):
(WebCore::RenderThemeMac::cancelButtonSizes): Update button size.

LayoutTests:

* fast/forms/search/search-padding-cancel-results-buttons-expected.txt:
* platform/mac/fast/css/focus-ring-exists-for-search-field-expected.txt:
* platform/mac/fast/css/text-input-with-webkit-border-radius-expected.txt:
* platform/mac/fast/css/text-overflow-input-expected.txt:
* platform/mac/fast/forms/box-shadow-override-expected.txt:
* platform/mac/fast/forms/control-restrict-line-height-expected.txt:
* platform/mac/fast/forms/input-appearance-height-expected.txt:
* platform/mac/fast/forms/placeholder-position-expected.txt:
* platform/mac/fast/forms/placeholder-pseudo-style-expected.txt:
* platform/mac/fast/forms/search-cancel-button-style-sharing-expected.txt:
* platform/mac/fast/forms/search-display-none-cancel-button-expected.txt:
* platform/mac/fast/forms/search-rtl-expected.txt:
* platform/mac/fast/forms/search-styled-expected.txt:
* platform/mac/fast/forms/search-vertical-alignment-expected.txt:
* platform/mac/fast/forms/search/search-size-with-decorations-expected.txt:
* platform/mac/fast/forms/searchfield-heights-expected.txt:
* platform/mac/fast/repaint/search-field-cancel-expected.txt:
* platform/mac/fast/replaced/width100percent-searchfield-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197234 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Keyboard controls to nudge control points in custom transition bezier...
commit-queue@webkit.org [Sat, 27 Feb 2016 04:54:36 +0000 (04:54 +0000)]
Web Inspector: Keyboard controls to nudge control points in custom transition bezier curve editor would be nice
https://bugs.webkit.org/show_bug.cgi?id=154739
<rdar://problem/24861498>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-02-26
Reviewed by Timothy Hatcher.

Adds ability for user to nudge the most recently selected bezier control
handle by using the arrow keys. Also makes the currently selected bezier
control line snap to an axis, which is defined when the user mouses down,
whenever the mouse is dragged while the shift key is pressed.

* UserInterface/Views/BezierEditor.js:
(WebInspector.BezierEditor):
(WebInspector.BezierEditor.prototype.handleKeydownEvent):
(WebInspector.BezierEditor.prototype._handleMouseup):
(WebInspector.BezierEditor.prototype._updateControlPointsForMouseEvent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197233 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAddress Dean's comments in 154673.
jonlee@apple.com [Sat, 27 Feb 2016 04:43:57 +0000 (04:43 +0000)]
Address Dean's comments in 154673.

* Animometer/developer.html:
* Animometer/resources/debug-runner/animometer.js:
* Animometer/resources/debug-runner/graph.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197232 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModern IDB: New database versions are never committed to SQLite.
beidson@apple.com [Sat, 27 Feb 2016 04:39:05 +0000 (04:39 +0000)]
Modern IDB: New database versions are never committed to SQLite.
<rdar://problem/24860952> and https://bugs.webkit.org/show_bug.cgi?id=154741

Modern IDB: If a database handle is not open, files are not actually deleted from disk
https://bugs.webkit.org/show_bug.cgi?id=154756

Reviewed by Alex Christensen.

Source/WebCore:

Tested by API test "IndexedDBPersistence"

* Modules/indexeddb/server/IDBServer.cpp:
(WebCore::IDBServer::IDBServer::deleteDatabase): If there's not an open handle to the database, create one.

* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
(WebCore::IDBServer::SQLiteIDBBackingStore::beginTransaction): If a version change transaction, actually
  set the new version on disk.

* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
(WebCore::IDBServer::UniqueIDBDatabase::deleteBackingStore): If there is no open backing store, create one.
  This is necessary to both read the current database version, and to actually delete the file on disk.
(WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore): If necessary, manufacture a "most recently
  deleted database info" from the version returned by deleteBackingStore.
* Modules/indexeddb/server/UniqueIDBDatabase.h:

Source/WebKit2:

Add WK2 SPI to force termination of the database process.

* UIProcess/API/Cocoa/WKProcessPool.mm:
(-[WKProcessPool _terminateDatabaseProcess]):
* UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::terminateDatabaseProcess):
* UIProcess/WebProcessPool.h:

Tools:

This also happens to test the previously untested fix for http://trac.webkit.org/changeset/197190

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence-1.html: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence-2.html: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence.mm: Added.
(-[IndexedDBNavigationDelegate webView:didFinishNavigation:]):
(-[IndexedDBMessageHandler userContentController:didReceiveScriptMessage:]):
(TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197231 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdate animation benchmark and tests
jonlee@apple.com [Sat, 27 Feb 2016 04:33:30 +0000 (04:33 +0000)]
Update animation benchmark and tests
https://bugs.webkit.org/show_bug.cgi?id=154673

Reviewed by Dean Jackson.

Update test visuals.

* Animometer/tests/master/resources/canvas-tests.js:
(CanvasLineSegment.Utilities.createClass): Line segments near the edge of the stage get clipped.
Update circle position and radius to minimize impact.
* Animometer/tests/master/resources/particles.js: Get rid of rotating gradient background, and
have 3 locations for emitting particles.
* Animometer/tests/master/resources/multiply.js: Update distance metric so that fringe tiles get
more color.
(initialize): Fix some of the math for laying out the tiles.
(animate): When a tile isn't used, set visibility: hidden.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197230 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdate animation benchmark and tests
jonlee@apple.com [Sat, 27 Feb 2016 04:32:09 +0000 (04:32 +0000)]
Update animation benchmark and tests
https://bugs.webkit.org/show_bug.cgi?id=154673

Reviewed by Dean Jackson.

Update the ramp controller.

The controller refines the complexity interval to test across.

* Animometer/resources/statistics.js: Add functions that estimate cumulative distribution function.
(Regression): For the flat regression, force the first segment to be at 60 fps.
(valueAt): Add convenience function to return interpolated value based on the regression used.
(_calculateRegression): Include the number of points included for both segments, and the piecewise
errors.
* Animometer/tests/resources/math.js: Make the Kalman estimator subclass Experiment, and allow it
to be reset.

* Animometer/tests/resources/main.js: Initialize the tier such that it starts at 10^0 = 1.
Increase the number of ramps. Maintain three FPS thresholds-- the frame rate of interest, a limit
on the lowest FPS we care to go for later interpolation, and a minimum FPS threshold we want to
aim for each ramp. Also keep three estimators: a running average of the change point, a minimum
boundary for each ramp, and an estimator for all the frames within an interval. The first two
are used to determine the parameters of the next ramp, and the latter allows us to refine the
parameters.
(update): During the tier phase, it is possible that the highest complexity possible for a test
won't stress the system enough to trigger stopping the tier phase and transitioning to the ramps.
If the complexity doesn't change when going to the next tier, we've maxed the test out, and move
on. When the tier phase completed, turn off Controller.frameLengthEstimator, which estimates the
FPS at each tier.
(tune): At each interval, look at the confidence distribution of being on the 60 FPS side or the
slow side. If the slowest FPS we achieve at the ramp's maximum complexity is not at least
_fpsRampSlowThreshold, then increase the maximum complexity. If we ever achieve 60 FPS, increase
the ramp's minimum complexity to that level. If, at an even lower complexity, a glitch causes the
FPS to drop, we reset the minimum complexity.

Have the bootstrap calculation occur between tests. Clean up harness.

* Animometer/resources/debug-runner/animometer.js: Run bootstrap after a test has
completed to avoid doing all of it at the end before showing the results. Clean up
parameters being passed around.
* Animometer/resources/debug-runner/tests.js:
(text):
* Animometer/resources/runner/animometer.js:
(this._processData.calculateScore): Save the results to the same object holding the data.
(this._processData._processData): In the case where a file is dragged, calculate the score
serially. Grab the results object and move it to the results variable and remove it from
the data object. This avoids serializing the results into the JSON.
(this._processData.findRegression): Include the samples used for bootstrapping. Reduce the
resample size to shorten the wait.
* Animometer/resources/runner/benchmark-runner.js:
* Animometer/resources/statistics.js:
(bootstrap): Update how bootstrapData is sorted. In some regression results the mix of
floats and integers causes an alphabetical sort to occur.
* Animometer/resources/strings.js:

Add meta charset so that encodings between harness and test match.

* Animometer/tests/bouncing-particles/bouncing-canvas-images.html:
* Animometer/tests/bouncing-particles/bouncing-canvas-shapes.html:
* Animometer/tests/bouncing-particles/bouncing-css-images.html:
* Animometer/tests/bouncing-particles/bouncing-css-shapes.html:
* Animometer/tests/bouncing-particles/bouncing-svg-images.html:
* Animometer/tests/bouncing-particles/bouncing-svg-shapes.html:
* Animometer/tests/master/canvas-stage.html:
* Animometer/tests/master/focus.html:
* Animometer/tests/master/image-data.html:
* Animometer/tests/master/multiply.html:
* Animometer/tests/master/particles.html:
* Animometer/tests/misc/canvas-electrons.html:
* Animometer/tests/misc/canvas-stars.html:
* Animometer/tests/misc/compositing-transforms.html:
* Animometer/tests/simple/simple-canvas-paths.html:
* Animometer/tests/simple/tiled-canvas-image.html:
* Animometer/tests/template/template-canvas.html:
* Animometer/tests/template/template-css.html:
* Animometer/tests/template/template-svg.html:
* Animometer/tests/text/layering-text.html:
* Animometer/tests/text/text-boxes.html:

Update test harness reporting.

* Animometer/developer.html: Add missing meta charset.
* Animometer/index.html: Remove unnecessary utf-8 declaration.
* Animometer/resources/debug-runner/animometer.css: Add convenience classes for
formatting the results table.
* Animometer/resources/debug-runner/animometer.js: Adjust which stats are shown.
* Animometer/resources/debug-runner/tests.js: Display bootstrapping statistics.
* Animometer/resources/strings.js: Move strings not used by the release harness.

Switch to a pseudo-random number generator.

* Animometer/resources/statistics.js: Add a Pseudo class, with a simple
pseudo-random number generator.
(_calculateRegression): Reset the generator before running bootstrap.
(bootstrap): Deleted.

Replace Math.random with Pseudo.random.
* Animometer/tests/master/resources/canvas-tests.js:
* Animometer/tests/master/resources/focus.js:
* Animometer/tests/master/resources/particles.js:
* Animometer/tests/resources/main.js:

Use bootstrapping to get confidence interval in the breakpoint.

For the ramp controller, calculate the piecewise regression, and then use
bootstrapping in order to find the 95% confidence interval. Use the raw data.

* Animometer/developer.html: Default to the complexity graph. Add a legend
checkbox to toggle visibility of the bootstrap score and histogram.
* Animometer/resources/debug-runner/animometer.css: Make some more space to show
the old raw and average scores in the legend. Add new styles for the data.
* Animometer/resources/debug-runner/graph.js:
(_addRegressionLine): Allow passing an array for the variance bar tied to the
regression line. Now |stdev| is |range|.
(createComplexityGraph): Add bootstrap median, and overlay a histogram of
the bootstrap samples. Switch raw samples from circles to X's.
(onComplexityGraphOptionsChanged): Allow toggling of the bootstrap data.
(onGraphTypeChanged): Move the regressions for the raw and average samples to the
legend. In the subtitle use the bootstrap median, and include the 95% confidence
interval.
* Animometer/resources/runner/animometer.js:
(this._processData.findRegression): Factor out the code that determines which
samples to include when calculating the piecewise regression. For series that have
many samples, or a wider range of recorded complexities, throw away the 2.5%
lowest and highest samples before calculating the regression. Keep all samples
if the number of samples to regress is small or the range of complexities is
narrow.
(this._processData._calculateScore): Factor out regression calculation to
findRegression(). Bootstrap the change point of the regression. The score is the
median.
* Animometer/resources/statistics.js:
(_calculateRegression): Correct an issue in the calculation of the regression, where
the denominator can be 0.
(bootstrap): Template for bootstrapping. Create a bootstrap sample array, Create
re-samples by random selection with replacement. Return the 95% confidence samples,
the bootstrap median, mean, and the data itself.
* Animometer/resources/strings.js: Add bootstrap.
* Animometer/tests/resources/main.js:
(processSamples): Don't prematurely cut the sample data.

Fix graph drawing.

* Animometer/resources/debug-runner/animometer.js: Add spacing in the JSON output.
Multiple tests output a lot of JSON and can hang when selecting JSON with no whitespace.
* Animometer/resources/debug-runner/animometer.css:
(#complexity-graph .series.raw circle): Update the color.
* Animometer/resources/debug-runner/graph.js: Use the FPS axis instead of the
complexity axis, which can vary in domain. For determining the complexity domain,
only use samples after samplingTimeOffset.

Allow dropping results JSON.

* Animometer/developer.html: Add a button.
* Animometer/resources/debug-runner/animometer.css:
* Animometer/resources/debug-runner/animometer.js: Read the data and go straight
to the dashboard. With JSON output, write out only the options and the raw data.

Teach the harness to evaluate the samples and determine the test score.

This will allow us to update how the score is calculated separately from the samples recorded.
This also prepares the harness to be able to accept JSON of prior runs.

* Animometer/resources/strings.js: Clean up and remove unneeded strings and reduce some of the
hierarchy.
* Animometer/resources/debug-runner/tests.js: Update to use the new strings.

* Animometer/tests/resources/main.js: Allow all controllers to show a complexity-FPS graph.
(_processComplexitySamples): Factor out some of the sample processing done in the ramp
controller for the benefit of the other controllers. |complexitySamples| contains a list of
samples. Sort the samples by complexity. Optionally remove the top x% of samples.
Group them, and calculate distribution of samples within the same complexity, and add those as
new entries into |complexityAverageSamples|.
(Controller.processSamples): Move the code responsible for determining the complexity and FPS
scores out to ResultsDashboard. The structure of the data returned by the controller is:

{
    controller: [time-regression, time-regression, ...], // optional, data specific to controller
    marks: [...],
    samples: {                    // all of the sample data
        controller: [...],
        complexity: [...],        // processed from controller samples
        complexityAverage: [...], // processed from complexity samples
    }
}

(AdaptiveController.processSamples): Adding the target frame length is no longer necessary; we
now pass the test options to the graph.
(Regression): Move to statistics.js.
* Animometer/resources/statistics.js: Move Regression to here. Add a check if the sampling range
only contains one sample, since we cannot calculate a regression from one sample point.

Teach the test harness to evaluate the data.
* Animometer/resources/runner/animometer.js:
(ResultsDashboard): Store the options used to run the test and the computed results/score separately
from the data. The results are stored as:

{
    score: /* geomean of iteration score */,
    iterationsResults: [
        {
            score: /* geomean of tests */,
            testsResults: {
                suiteName: {
                    testName: {
                        controller: {
                            average:
                            concern:
                            stdev:
                            percent:
                        },
                        frameLength: { ... },
                        complexity: {
                            complexity:
                            stdev:
                            segment1:
                            segment2:
                        },
                        complexityAverage: { ... }
                    },
                    testName: { ... },
                },
                ... next suite ...
            }
        },
        { ...next iteration... }
    ]
}

* Animometer/resources/debug-runner/animometer.js: Pass options around instead of relying
on what was selected in the form. This will later allow for dropping previous results, and
using those runs' options when calculating scores.
(ResultsTable._addGraphButton): Simplify button action by using attached test data.
* Animometer/resources/debug-runner/graph.js: Refactor to use the data.

Consolidate JS files, and move statistics out to a separate JS.

Preparation for having the Controller only handle recording and storage of the samples,
and leave the evaluation of the test score out to the harness. Move Experiment to
a new statistics.js, where Regression will also eventually go. Get rid of algorithm.js
and move it to utilities.js since the Heap is used only for Experiments.

* Animometer/tests/resources/algorithm.js: Removed. Heap is in utilities.js.
* Animometer/tests/resources/sampler.js: Removed. Experiment is in statistics.js,
Sampler in main.js.
* Animometer/tests/resources/main.js: Move Sampler here.
* Animometer/resources/statistics.js: Added. Move Statistics and Experiment here.
* Animometer/resources/extensions.js: Move Heap here. Attach static method to create
a max or min heap to Heap, instead of a new Algorithm object.

Update JS files.
* Animometer/developer.html:
* Animometer/index.html:
* Animometer/tests/bouncing-particles/bouncing-canvas-images.html:
* Animometer/tests/bouncing-particles/bouncing-canvas-shapes.html:
* Animometer/tests/bouncing-particles/bouncing-css-images.html:
* Animometer/tests/bouncing-particles/bouncing-css-shapes.html:
* Animometer/tests/bouncing-particles/bouncing-svg-images.html:
* Animometer/tests/bouncing-particles/bouncing-svg-shapes.html:
* Animometer/tests/master/canvas-stage.html:
* Animometer/tests/master/focus.html:
* Animometer/tests/master/image-data.html:
* Animometer/tests/master/multiply.html:
* Animometer/tests/master/particles.html:
* Animometer/tests/misc/canvas-electrons.html:
* Animometer/tests/misc/canvas-stars.html:
* Animometer/tests/misc/compositing-transforms.html:
* Animometer/tests/simple/simple-canvas-paths.html:
* Animometer/tests/simple/tiled-canvas-image.html:
* Animometer/tests/template/template-canvas.html:
* Animometer/tests/template/template-css.html:
* Animometer/tests/template/template-svg.html:
* Animometer/tests/text/layering-text.html:
* Animometer/tests/text/text-boxes.html:

Fix the cursor in the graph analysis when the min
complexity is not 0.

* Animometer/resources/debug-runner/graph.js:
(_addRegression):
(createComplexityGraph):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197229 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197216.
mmaxfield@apple.com [Sat, 27 Feb 2016 02:59:36 +0000 (02:59 +0000)]
Unreviewed, rolling out r197216.
https://bugs.webkit.org/show_bug.cgi?id=154766

Test simply needs updated result (Requested by litherum on
#webkit).

Reverted changeset:

"Unreviewed, rolling out r197158."
https://bugs.webkit.org/show_bug.cgi?id=154758
http://trac.webkit.org/changeset/197216

Patch by Commit Queue <commit-queue@webkit.org> on 2016-02-26

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197228 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS Simulator] Reftests don't work
ap@apple.com [Sat, 27 Feb 2016 02:53:44 +0000 (02:53 +0000)]
[iOS Simulator] Reftests don't work
https://bugs.webkit.org/show_bug.cgi?id=154764

Reviewed by Daniel Bates.

* Scripts/webkitpy/port/image_diff.py: (IOSSimulatorImageDiffer._start):
Use simctl instead of sim.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197227 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove the on demand executable allocator
oliver@apple.com [Sat, 27 Feb 2016 02:10:29 +0000 (02:10 +0000)]
Remove the on demand executable allocator
https://bugs.webkit.org/show_bug.cgi?id=154749

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Remove all the DemandExecutable code and executable allocator ifdefs.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* jit/ExecutableAllocator.cpp: Removed.
(JSC::DemandExecutableAllocator::DemandExecutableAllocator): Deleted.
(JSC::DemandExecutableAllocator::~DemandExecutableAllocator): Deleted.
(JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): Deleted.
(JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): Deleted.
(JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): Deleted.
(JSC::DemandExecutableAllocator::allocateNewSpace): Deleted.
(JSC::DemandExecutableAllocator::notifyNeedPage): Deleted.
(JSC::DemandExecutableAllocator::notifyPageIsFree): Deleted.
(JSC::DemandExecutableAllocator::allocators): Deleted.
(JSC::DemandExecutableAllocator::allocatorsMutex): Deleted.
(JSC::ExecutableAllocator::initializeAllocator): Deleted.
(JSC::ExecutableAllocator::ExecutableAllocator): Deleted.
(JSC::ExecutableAllocator::~ExecutableAllocator): Deleted.
(JSC::ExecutableAllocator::isValid): Deleted.
(JSC::ExecutableAllocator::underMemoryPressure): Deleted.
(JSC::ExecutableAllocator::memoryPressureMultiplier): Deleted.
(JSC::ExecutableAllocator::allocate): Deleted.
(JSC::ExecutableAllocator::committedByteCount): Deleted.
(JSC::ExecutableAllocator::dumpProfile): Deleted.
(JSC::ExecutableAllocator::getLock): Deleted.
(JSC::ExecutableAllocator::isValidExecutableMemory): Deleted.
(JSC::ExecutableAllocator::reprotectRegion): Deleted.
* jit/ExecutableAllocator.h:
* jit/ExecutableAllocatorFixedVMPool.cpp:
* jit/JITStubRoutine.h:
(JSC::JITStubRoutine::canPerformRangeFilter): Deleted.
(JSC::JITStubRoutine::filteringStartAddress): Deleted.
(JSC::JITStubRoutine::filteringExtentSize): Deleted.

Source/WTF:

Remove the DeamndExecutableAllocator compile flags.

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197226 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd API test coverage for parseHTMLInteger / parseHTMLNonNegativeInteger
cdumez@apple.com [Sat, 27 Feb 2016 02:03:18 +0000 (02:03 +0000)]
Add API test coverage for parseHTMLInteger / parseHTMLNonNegativeInteger
https://bugs.webkit.org/show_bug.cgi?id=154714

Reviewed by Darin Adler.

Source/WebCore:

Export a couple more symbols for API testing.

* html/parser/HTMLParserIdioms.h:

Tools:

Add API test coverage for parseHTMLInteger / parseHTMLNonNegativeInteger as per:
- https://html.spec.whatwg.org/multipage/infrastructure.html#signed-integers
- https://html.spec.whatwg.org/multipage/infrastructure.html#non-negative-integers

* TestWebKitAPI/PlatformEfl.cmake:
* TestWebKitAPI/PlatformGTK.cmake:
* TestWebKitAPI/PlatformWin.cmake:
* TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPI.vcxproj:
* TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPI.vcxproj.filters:
* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebCore/HTMLParserIdioms.cpp: Added.
(TestWebKitAPI::testParseHTMLInteger):
(TestWebKitAPI::parseHTMLIntegerFails):
(TestWebKitAPI::TEST):
(TestWebKitAPI::testParseHTMLNonNegativeInteger):
(TestWebKitAPI::parseHTMLNonNegativeIntegerFails):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197225 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoClear credentials and prevent unauthorized credential storage when using NetworkSession
achristensen@apple.com [Sat, 27 Feb 2016 01:29:05 +0000 (01:29 +0000)]
Clear credentials and prevent unauthorized credential storage when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154755

Reviewed by Brady Eidson.

Credentials from previous tests were being used sometimes, notably in
http/tests/misc/401-alternative-content.php when running multiple credential-based
tests with the same WebKitTestRunner.

* NetworkProcess/NetworkDataTask.h:
* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::clearCachedCredentials):
(WebKit::NetworkProcess::ensurePrivateBrowsingSession):
* NetworkProcess/NetworkSession.h:
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTask::NetworkDataTask):
(WebKit::NetworkDataTask::tryPasswordBasedAuthentication):
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(WebKit::NetworkSession::~NetworkSession):
(WebKit::NetworkSession::clearCredentials):
(WebKit::NetworkSession::dataTaskForIdentifier):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197223 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197174.
ryanhaddad@apple.com [Sat, 27 Feb 2016 00:59:48 +0000 (00:59 +0000)]
Unreviewed, rolling out r197174.
https://bugs.webkit.org/show_bug.cgi?id=154762

This change caused LayoutTests to crash on iOS simulator
(Requested by ryanhaddad on #webkit).

Reverted changeset:

"bmalloc: Added a fast XLarge allocator"
https://bugs.webkit.org/show_bug.cgi?id=154720
http://trac.webkit.org/changeset/197174

Patch by Commit Queue <commit-queue@webkit.org> on 2016-02-26

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197221 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaseline tests for ios-simulator after r197162
ryanhaddad@apple.com [Sat, 27 Feb 2016 00:37:04 +0000 (00:37 +0000)]
Rebaseline tests for ios-simulator after r197162

Unreviewed test gardening.

* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:
* platform/ios-simulator/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/type-change-state-expected.txt:
* platform/ios-simulator/imported/w3c/web-platform-tests/html/semantics/selectors/pseudo-classes/indeterminate-radio-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197220 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago32-bit!!!
bdakin@apple.com [Sat, 27 Feb 2016 00:15:46 +0000 (00:15 +0000)]
32-bit!!!

* platform/mac/WebVideoFullscreenInterfaceMac.mm:
(-[WebPlaybackControlsManager initWithWebVideoFullscreenInterfaceMac:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197219 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAnother 32-bit build fix.
bdakin@apple.com [Sat, 27 Feb 2016 00:02:02 +0000 (00:02 +0000)]
Another 32-bit build fix.

* platform/spi/cocoa/AVKitSPI.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197218 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAttempted 32-bit build fix.
bdakin@apple.com [Fri, 26 Feb 2016 23:51:42 +0000 (23:51 +0000)]
Attempted 32-bit build fix.

* platform/mac/WebVideoFullscreenInterfaceMac.mm:
(-[WebPlaybackControlsManager initWithWebVideoFullscreenInterfaceMac:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197217 268f45cc-cd09-0410-ab3c-d52691b4dbfc