WebKit-https.git
4 years agoAnother buid fix for master.cfg.
ap@apple.com [Sun, 19 Jun 2016 20:49:28 +0000 (20:49 +0000)]
Another buid fix for master.cfg.

* BuildSlaveSupport/build.webkit.org-config/master.cfg:
(CompileWebKit.start):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202216 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAnother buid fix for master.cfg.
ap@apple.com [Sun, 19 Jun 2016 20:35:03 +0000 (20:35 +0000)]
Another buid fix for master.cfg.

* BuildSlaveSupport/build.webkit.org-config/master.cfg:
(CompileWebKit.start):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202215 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWe should be able to generate more types of ICs inline
sbarati@apple.com [Sun, 19 Jun 2016 19:42:18 +0000 (19:42 +0000)]
We should be able to generate more types of ICs inline
https://bugs.webkit.org/show_bug.cgi?id=158719
<rdar://problem/26825641>

Reviewed by Filip Pizlo.

This patch changes how we emit code for *byId ICs inline.
We no longer keep data labels to patch structure checks, etc.
Instead, we just regenerate the entire IC into a designated
region of code that the Baseline/DFG/FTL JIT will emit inline.
This makes it much simpler to patch inline ICs. All that's
needed to patch an inline IC is to memcpy the code from
a macro assembler inline using LinkBuffer. This architecture
will be easy to extend into other forms of ICs, such as one
for add, in the future.

To support this change, I've reworked the fields inside
StructureStubInfo. It now has one field that is the CodeLocationLabel
of the start of the inline IC. Then it has a few ints that track deltas
to other locations in the IC such as the slow path start, slow path call, the
ICs 'done' location. We used to perform math on these ints in a bunch of different
places. I've consolidated that math into methods inside StructureStubInfo.

To generate inline ICs, I've implemented a new class called InlineAccess.
InlineAccess is stateless: it just has a bunch of static methods for
generating code into the inline region specified by StructureStubInfo.
Repatch will now decide when it wants to generate such an inline
IC, and it will ask InlineAccess to do so.

I've implemented three types of inline ICs to begin with (extending
this in the future should be easy):
- Self property loads (both inline and out of line offsets).
- Self property replace (both inline and out of line offsets).
- Array length on specific array types.
(An easy extension would be to implement JSString length.)

To know how much inline space to reserve, I've implemented a
method that stubs out the various inline cache shapes and
dumps their size. This is used to determine how much space
to save inline. When InlineAccess ends up generating more
code than can fit inline, we will fall back to generating
code with PolymorphicAccess instead.

To make generating code into already allocated executable memory
efficient, I've made AssemblerData have 128 bytes of inline storage.
This saves us a malloc when splatting code into the inline region.

This patch also tidies up LinkBuffer's API for generating
into already allocated executable memory. Now, when generating
code that has less size than the already allocated space, LinkBuffer
will fill the extra space with nops. Also, if branch compaction shrinks
the code, LinkBuffer will add a nop sled at the end of the shrunken
code to take up the entire allocated size.

This looks like it could be a 1% octane progression.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::nop):
(JSC::ARM64Assembler::fillNops):
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::nopw):
(JSC::ARMv7Assembler::nopPseudo16):
(JSC::ARMv7Assembler::nopPseudo32):
(JSC::ARMv7Assembler::fillNops):
(JSC::ARMv7Assembler::dmbSY):
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::addLinkTask):
(JSC::AbstractMacroAssembler::emitNops):
(JSC::AbstractMacroAssembler::AbstractMacroAssembler):
* assembler/AssemblerBuffer.h:
(JSC::AssemblerData::AssemblerData):
(JSC::AssemblerData::operator=):
(JSC::AssemblerData::~AssemblerData):
(JSC::AssemblerData::buffer):
(JSC::AssemblerData::grow):
(JSC::AssemblerData::isInlineBuffer):
(JSC::AssemblerBuffer::AssemblerBuffer):
(JSC::AssemblerBuffer::ensureSpace):
(JSC::AssemblerBuffer::codeSize):
(JSC::AssemblerBuffer::setCodeSize):
(JSC::AssemblerBuffer::label):
(JSC::AssemblerBuffer::debugOffset):
(JSC::AssemblerBuffer::releaseAssemblerData):
* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::copyCompactAndLinkCode):
(JSC::LinkBuffer::linkCode):
(JSC::LinkBuffer::allocate):
(JSC::LinkBuffer::performFinalization):
(JSC::LinkBuffer::shrink): Deleted.
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::LinkBuffer):
(JSC::LinkBuffer::debugAddress):
(JSC::LinkBuffer::size):
(JSC::LinkBuffer::wasAlreadyDisassembled):
(JSC::LinkBuffer::didAlreadyDisassemble):
(JSC::LinkBuffer::applyOffset):
(JSC::LinkBuffer::code):
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::patchableBranch32):
(JSC::MacroAssemblerARM64::patchableBranch64):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::patchableBranch32):
(JSC::MacroAssemblerARMv7::patchableBranchPtrWithPatch):
* assembler/X86Assembler.h:
(JSC::X86Assembler::nop):
(JSC::X86Assembler::fillNops):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printGetByIdCacheStatus):
* bytecode/InlineAccess.cpp: Added.
(JSC::InlineAccess::dumpCacheSizesAndCrash):
(JSC::linkCodeInline):
(JSC::InlineAccess::generateSelfPropertyAccess):
(JSC::getScratchRegister):
(JSC::hasFreeRegister):
(JSC::InlineAccess::canGenerateSelfPropertyReplace):
(JSC::InlineAccess::generateSelfPropertyReplace):
(JSC::InlineAccess::isCacheableArrayLength):
(JSC::InlineAccess::generateArrayLength):
(JSC::InlineAccess::rewireStubAsJump):
* bytecode/InlineAccess.h: Added.
(JSC::InlineAccess::sizeForPropertyAccess):
(JSC::InlineAccess::sizeForPropertyReplace):
(JSC::InlineAccess::sizeForLengthAccess):
* bytecode/PolymorphicAccess.cpp:
(JSC::PolymorphicAccess::regenerate):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::initGetByIdSelf):
(JSC::StructureStubInfo::initArrayLength):
(JSC::StructureStubInfo::initPutByIdReplace):
(JSC::StructureStubInfo::deref):
(JSC::StructureStubInfo::aboutToDie):
(JSC::StructureStubInfo::propagateTransitions):
(JSC::StructureStubInfo::containsPC):
* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::considerCaching):
(JSC::StructureStubInfo::slowPathCallLocation):
(JSC::StructureStubInfo::doneLocation):
(JSC::StructureStubInfo::slowPathStartLocation):
(JSC::StructureStubInfo::patchableJumpForIn):
(JSC::StructureStubInfo::valueRegs):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileIn):
(JSC::FTL::DFG::LowerDFGToB3::getById):
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITByIdGenerator::finalize):
(JSC::JITByIdGenerator::generateFastCommon):
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
(JSC::JITGetByIdGenerator::generateFastPath):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):
(JSC::JITPutByIdGenerator::generateFastPath):
(JSC::JITPutByIdGenerator::slowPathFunction):
(JSC::JITByIdGenerator::generateFastPathChecks): Deleted.
* jit/JITInlineCacheGenerator.h:
(JSC::JITByIdGenerator::reportSlowPathCall):
(JSC::JITByIdGenerator::slowPathBegin):
(JSC::JITByIdGenerator::slowPathJump):
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id):
* jit/Repatch.cpp:
(JSC::repatchCall):
(JSC::tryCacheGetByID):
(JSC::repatchGetByID):
(JSC::appropriateGenericPutByIdFunction):
(JSC::tryCachePutByID):
(JSC::repatchPutByID):
(JSC::tryRepatchIn):
(JSC::repatchIn):
(JSC::linkSlowFor):
(JSC::resetGetByID):
(JSC::resetPutByID):
(JSC::resetIn):
(JSC::repatchByIdSelfAccess): Deleted.
(JSC::resetGetByIDCheckAndLoad): Deleted.
(JSC::resetPutByIDCheckAndLoad): Deleted.
(JSC::replaceWithJump): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202214 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix master.cfg
lforschler@apple.com [Sun, 19 Jun 2016 18:26:52 +0000 (18:26 +0000)]
Fix master.cfg

Unreviewed build fix.

* BuildSlaveSupport/build.webkit.org-config/master.cfg:
(CompileWebKit.start):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202213 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTest another commit.
lforschler@apple.com [Sun, 19 Jun 2016 18:02:55 +0000 (18:02 +0000)]
Test another commit.

Unreviewed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202212 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoThe JSBuiltinConstructor feature can't handle a JS interface extending an other JS...
youenn.fablet@crf.canon.fr [Sun, 19 Jun 2016 17:51:51 +0000 (17:51 +0000)]
The JSBuiltinConstructor feature can't handle a JS interface extending an other JS interface
https://bugs.webkit.org/show_bug.cgi?id=158834

Reviewed by Eric Carlson.

No change of behavior.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader): Explicitly setting DOMWrapped type definition from
JSXX class deriving from another JSYY class.
* bindings/scripts/test/JS/JSTestEventTarget.h: Rebased.
* bindings/scripts/test/JS/JSTestNode.h: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202211 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTest commit.
lforschler@apple.com [Sun, 19 Jun 2016 17:48:54 +0000 (17:48 +0000)]
Test commit.

Unreviewed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202210 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTest another commit.
lforschler@apple.com [Sun, 19 Jun 2016 17:35:43 +0000 (17:35 +0000)]
Test another commit.

Unreviewed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202209 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTest commit.
lforschler@apple.com [Sun, 19 Jun 2016 17:31:07 +0000 (17:31 +0000)]
Test commit.

Unreviewed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202208 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTest yet another commit.
lforschler@apple.com [Sun, 19 Jun 2016 17:19:56 +0000 (17:19 +0000)]
Test yet another commit.

Unreviewed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202207 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTest another commit.
lforschler@apple.com [Sun, 19 Jun 2016 17:01:30 +0000 (17:01 +0000)]
Test another commit.

Unreviewed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202206 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(concurrent baseline JIT): Kraken/ai-astar runs 20% slower
fpizlo@apple.com [Sun, 19 Jun 2016 16:42:18 +0000 (16:42 +0000)]
REGRESSION(concurrent baseline JIT): Kraken/ai-astar runs 20% slower
https://bugs.webkit.org/show_bug.cgi?id=158906

Reviewed by Benjamin Poulain.

The concurrent baseline JIT was a 2-3% progression on JSBench, possibly a 1% progression
on PLT3, but a 2-5% regression on Kraken. This patch fixes the Kraken regression without
affecting the other tests.

The problem is that Kraken/ai-astar's initialization code had a ginormous piece of init
code that took about 16ms to compile in baseline. There's no good way to avoid letting it
tier-up into baseline since it has a compute loop. The time it takes to run this code is
never measured. The concurrent baseline JIT caused us to schedule the compilation of this
huge code rather than doing it eagerly. This meant that after initialization was done and
we started actually running real stuff, all of the real stuff's compiles would be convoyed
behind this super-expensive baseline compile. Note that DFG and FTL compiles convoy behind
baseline compiles, since you can't schedule a DFG compile for a code block until that code
block is in baseline.

This uses the simplest fix: if we are thinking about scheduling some compile and the
thread is busy, do the compile on the main thread instead. This doesn't completely
eliminate the ai-astar regression (we still have a 4% regression on that test) but it now
results in concurrent baseline JIT being an overall progression on Kraken as a whole (1%
on my machine). This is because concurrent baseline appears to help on other tests.

In the future, we could fix this even better by allowing the JITWorklist to spawn more
threads or by being smarter about baseline compilation. I think it's nasty that if a giant
piece of initialization code ends in a compute loop, we compile all of the code instead of
just the loop. It's also gross that a constant-like object creation expression will result
in so much code. It would result in less code if we allowed ourselves to do a bit more
static reasoning about object literals.

But for now, I think that this is a great way to recover the Kraken regression while still
keeping the other progressions from concurrent baseline.

* jit/JITWorklist.cpp:
(JSC::JITWorklist::Plan::Plan):
(JSC::JITWorklist::Plan::compileInThread):
(JSC::JITWorklist::Plan::finalize):
(JSC::JITWorklist::Plan::codeBlock):
(JSC::JITWorklist::Plan::isFinishedCompiling):
(JSC::JITWorklist::Plan::compileNow):
(JSC::JITWorklist::JITWorklist):
(JSC::JITWorklist::compileLater):
(JSC::JITWorklist::compileNow):
(JSC::JITWorklist::runThread):
(JSC::JITWorklist::Plan::isFinalized): Deleted.
* jit/JITWorklist.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202205 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTest commit.
lforschler@apple.com [Sun, 19 Jun 2016 16:28:49 +0000 (16:28 +0000)]
Test commit.

Unreviewed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202204 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTest post-commit after apache restart.
lforschler@apple.com [Sun, 19 Jun 2016 15:54:46 +0000 (15:54 +0000)]
Test post-commit after apache restart.

Unreviewed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202203 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTesting yet another fix for trac-mirror.
lforschler@apple.com [Sun, 19 Jun 2016 15:22:21 +0000 (15:22 +0000)]
Testing yet another fix for trac-mirror.

Unreviewed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202202 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTesting another fix for trac-mirror.
lforschler@apple.com [Sun, 19 Jun 2016 15:16:47 +0000 (15:16 +0000)]
Testing another fix for trac-mirror.

Unreviewed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202201 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTesting fix for trac-mirror.
lforschler@apple.com [Sun, 19 Jun 2016 15:10:28 +0000 (15:10 +0000)]
Testing fix for trac-mirror.

Unreviewed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202200 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTest a commit against the SVN 1.9 server upgrade.
lforschler@apple.com [Sun, 19 Jun 2016 14:53:58 +0000 (14:53 +0000)]
Test a commit against the SVN 1.9 server upgrade.

Unreviewed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202199 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse time literals in WebCore
antti@apple.com [Sat, 18 Jun 2016 11:46:16 +0000 (11:46 +0000)]
Use time literals in WebCore
https://bugs.webkit.org/show_bug.cgi?id=158905

Reviewed by Andreas Kling.

std::chrono::milliseconds(1) -> 1ms etc.

* dom/Document.cpp:
(WebCore::Document::minimumLayoutDelay):
(WebCore::Document::elapsedTime):
* fileapi/FileReader.cpp:
(WebCore::FileReader::create):
* inspector/InspectorOverlay.cpp:
(WebCore::InspectorOverlay::showPaintRect):
* loader/CrossOriginPreflightResultCache.cpp:
(WebCore::CrossOriginPreflightResultCache::CrossOriginPreflightResultCache):
* loader/ProgressTracker.cpp:
(WebCore::ProgressTracker::progressStarted):
* loader/cache/CachedResource.cpp:
(WebCore::CachedResource::freshnessLifetime):
* page/ChromeClient.h:
* page/DOMTimer.cpp:
(WebCore::DOMTimer::intervalClampedToMinimum):
(WebCore::DOMTimer::alignedFireTime):
* page/DOMTimer.h:
* page/FrameView.cpp:
(WebCore::FrameView::scrollPositionChanged):
* page/ResourceUsageThread.cpp:
(WebCore::ResourceUsageThread::threadBody):
* page/Settings.cpp:
(WebCore::Settings::Settings):
* page/mac/ServicesOverlayController.mm:
(WebCore::ServicesOverlayController::remainingTimeUntilHighlightShouldBeShown):
* platform/graphics/FontCache.cpp:
(WebCore::FontCache::fontForFamily):
* platform/network/CacheValidation.cpp:
(WebCore::computeCurrentAge):
(WebCore::computeFreshnessLifetimeForHTTPFamily):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202198 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago:indeterminate pseudo-class should match radios whose group has no checked radio
benjamin@webkit.org [Sat, 18 Jun 2016 05:53:28 +0000 (05:53 +0000)]
:indeterminate pseudo-class should match radios whose group has no checked radio
https://bugs.webkit.org/show_bug.cgi?id=156270

Reviewed by Simon Fraser.

LayoutTests/imported/w3c:

* web-platform-tests/html/semantics/selectors/pseudo-classes/indeterminate-expected.txt:
One more pass on official tests :)

Source/WebCore:

The pseudo-class ":indeterminate" is supposed to match radio buttons
for which the entire group has no checked button.
Spec: https://html.spec.whatwg.org/#pseudo-classes:selector-indeterminate

The change is straightforward with one non-obvious choice:
I added matchesIndeterminatePseudoClass() in addition to shouldAppearIndeterminate().

The reason is shouldAppearIndeterminate() is used for styling and AX of elements
with an indeterminate states (check boxes and progress element). There is no such
UI for radio boxes.
I could have extended shouldAppearIndeterminate() to radio box
then filter out this case in RenderTheme. The problem is doing that would also requires
changes to the repaint logic to match :indeterminate. It seemed overkill to me to
change repaint() for a case that is never used in practice.

Tests: fast/css/pseudo-indeterminate-radio-buttons-basics.html
       fast/css/pseudo-indeterminate-with-radio-buttons-style-invalidation.html
       fast/selectors/detached-radio-button-checked-and-indeterminate-states.html
       fast/selectors/pseudo-indeterminate-with-radio-buttons-style-update.html

* css/SelectorCheckerTestFunctions.h:
(WebCore::shouldAppearIndeterminate):
* dom/Element.cpp:
(WebCore::Element::matchesIndeterminatePseudoClass):
* dom/Element.h:
* dom/RadioButtonGroups.cpp:
(WebCore::RadioButtonGroup::setCheckedButton):
(WebCore::RadioButtonGroup::updateCheckedState):
(WebCore::RadioButtonGroup::remove):
(WebCore::RadioButtonGroup::setNeedsStyleRecalcForAllButtons):
(WebCore::RadioButtonGroups::hasCheckedButton):
* dom/RadioButtonGroups.h:
* html/CheckboxInputType.cpp:
(WebCore::CheckboxInputType::matchesIndeterminatePseudoClass):
(WebCore::CheckboxInputType::shouldAppearIndeterminate):
(WebCore::CheckboxInputType::supportsIndeterminateAppearance): Deleted.
* html/CheckboxInputType.h:
* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::setChecked):
(WebCore::HTMLInputElement::matchesIndeterminatePseudoClass):
(WebCore::HTMLInputElement::shouldAppearIndeterminate):
(WebCore::HTMLInputElement::radioButtonGroups):
* html/HTMLInputElement.h:
* html/InputType.cpp:
(WebCore::InputType::matchesIndeterminatePseudoClass):
(WebCore::InputType::shouldAppearIndeterminate):
(WebCore::InputType::supportsIndeterminateAppearance): Deleted.
* html/InputType.h:
* html/RadioInputType.cpp:
(WebCore::RadioInputType::matchesIndeterminatePseudoClass):
(WebCore::RadioInputType::willDispatchClick): Deleted.
(WebCore::RadioInputType::didDispatchClick): Deleted.
(WebCore::RadioInputType::supportsIndeterminateAppearance): Deleted.
The iOS specific code is just plain wrong.
It was changing the indeterminate state of the input element.
The spec clearly says that state is only used by checkbox:
https://html.spec.whatwg.org/#dom-input-indeterminate

Moreover, the style update would not change the indeterminate state
of other buttons in the Button Group, which is just bizarre.
RenderThemeIOS does not make use of any of this with the current style.

* html/RadioInputType.h:
* style/StyleSharingResolver.cpp:
(WebCore::Style::SharingResolver::canShareStyleWithElement):
(WebCore::Style::canShareStyleWithControl): Deleted.
(WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes): Deleted.
Style sharing is unified behind the selector matching which is neat.

LayoutTests:

There are two important aspect to cover for this change:
1) The style is updated correctly when a Button Group composition change.
2) When the checkness changes for a Button Group, all its elements
   are invalidated to match :indeterminate.

* fast/forms/radio/indeterminate-radio.html:
This test was verifying that the property "indeterminate" of the input element
is not reflected to the style through :indeterminate.
I updated the test to still verify that except that we now match :indeterminate
before changing the property.

* fast/css/pseudo-indeterminate-radio-buttons-basics-expected.html: Added.
* fast/css/pseudo-indeterminate-radio-buttons-basics.html: Added.

* fast/css/pseudo-indeterminate-with-radio-buttons-style-invalidation-expected.txt: Added.
* fast/css/pseudo-indeterminate-with-radio-buttons-style-invalidation.html: Added.
Verify that we don't invalidate everything when the checked button changes.
We only need to invalidate everything if the checked state of the whole group changes.

* fast/selectors/detached-radio-button-checked-and-indeterminate-states-expected.txt: Added.
* fast/selectors/detached-radio-button-checked-and-indeterminate-states.html: Added.
* fast/selectors/pseudo-indeterminate-with-radio-buttons-style-update-expected.txt: Added.
* fast/selectors/pseudo-indeterminate-with-radio-buttons-style-update.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202197 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r202152.
commit-queue@webkit.org [Sat, 18 Jun 2016 03:33:19 +0000 (03:33 +0000)]
Unreviewed, rolling out r202152.
https://bugs.webkit.org/show_bug.cgi?id=158897

The new test is very unstable, timing out frequently
(Requested by ap on #webkit).

Reverted changeset:

"Web Inspector: console.profile should use the new Sampling
Profiler"
https://bugs.webkit.org/show_bug.cgi?id=153499
http://trac.webkit.org/changeset/202152

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202196 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r202068, r202115, and r202128.
commit-queue@webkit.org [Sat, 18 Jun 2016 03:29:49 +0000 (03:29 +0000)]
Unreviewed, rolling out r202068, r202115, and r202128.
https://bugs.webkit.org/show_bug.cgi?id=158896

The new test is very unstable, timing out frequently
(Requested by ap on #webkit).

Reverted changesets:

"decompose4 return value is unchecked, leading to potentially
uninitialized data."
https://bugs.webkit.org/show_bug.cgi?id=158761
http://trac.webkit.org/changeset/202068

"[mac] LayoutTest transforms/undecomposable.html is a flaky
timeout"
https://bugs.webkit.org/show_bug.cgi?id=158816
http://trac.webkit.org/changeset/202115

"[mac] LayoutTest transforms/undecomposable.html is a flaky
timeout"
https://bugs.webkit.org/show_bug.cgi?id=158816
http://trac.webkit.org/changeset/202128

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202195 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAX: HTML indeterminate IDL attribute not mapped to checkbox value=2 for native checkboxes
cfleizach@apple.com [Sat, 18 Jun 2016 01:19:13 +0000 (01:19 +0000)]
AX: HTML indeterminate IDL attribute not mapped to checkbox value=2 for native checkboxes
https://bugs.webkit.org/show_bug.cgi?id=158876
<rdar://problem/26842619>

Reviewed by Joanmarie Diggs.

Source/WebCore:

The indeterminate state was not being reported for native checkboxes.

Also the isIndeterminate() method was relying on whether the appearance changed, which does not happen on Mac, so that
was not being reported correctly. Changed that to check the actual attribute.

Test: accessibility/checkbox-mixed-value.html

* accessibility/AccessibilityNodeObject.cpp:
(WebCore::AccessibilityNodeObject::isIndeterminate):
(WebCore::AccessibilityNodeObject::isPressed):
(WebCore::AccessibilityNodeObject::checkboxOrRadioValue):
* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::checkboxOrRadioValue):

LayoutTests:

* accessibility/checkbox-mixed-value-expected.txt: Added.
* accessibility/checkbox-mixed-value.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202194 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r199819): CrashTracer: [GraphicsContext3D::getInternalFramebufferSize
dino@apple.com [Sat, 18 Jun 2016 01:06:45 +0000 (01:06 +0000)]
REGRESSION (r199819): CrashTracer: [GraphicsContext3D::getInternalFramebufferSize
https://bugs.webkit.org/show_bug.cgi?id=158895
<rdar://problem/26423617>

Reviewed by Zalan Bujtas.

Source/WebCore:

In r199819 we started resetting contexts if the page had too
many. Unfortunately there were entry points in the WebGL context
that didn't check for the validity of the object before trying
to access the lower level objects.

Test: webgl/many-contexts-access-after-loss.html

* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::drawingBufferWidth): Return 0 if we're lost.
(WebCore::WebGLRenderingContextBase::drawingBufferHeight): Ditto.

LayoutTests:

New test to access the contexts after loss. Also cleaned
up the JavaScript code in the existing test (and made sure
it ran outside of the test system).

* webgl/many-contexts-access-after-loss-expected.txt: Added.
* webgl/many-contexts-access-after-loss.html: Added.
* webgl/many-contexts.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202192 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r202186.
dbates@webkit.org [Sat, 18 Jun 2016 01:03:35 +0000 (01:03 +0000)]
Unreviewed, rolling out r202186.

Broke the Apple Windows, Apple Yosemite, GTK, and WinCairo
builds.

Reverted changeset:

"File scheme should not allow access of a resource on a
different volume."
https://bugs.webkit.org/show_bug.cgi?id=158552
http://trac.webkit.org/changeset/202186

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202190 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r202187.
dbates@webkit.org [Sat, 18 Jun 2016 01:02:43 +0000 (01:02 +0000)]
Unreviewed, rolling out r202187.

202186

Reverted changeset:

"Unreviewed clean-up after r202186."
http://trac.webkit.org/changeset/202187

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202189 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoOptimize parseCacheHeader() by using StringView
cdumez@apple.com [Sat, 18 Jun 2016 00:25:44 +0000 (00:25 +0000)]
Optimize parseCacheHeader() by using StringView
https://bugs.webkit.org/show_bug.cgi?id=158891

Reviewed by Darin Adler.

Source/WebCore:

Optimize parseCacheHeader() and avoid some temporary String allocations
by using StringView. We now strip the whitespaces in the input string
at the beginning of the function, at the same as as we strip the
control characters. We are then able to leverage StringView in the
rest of the function to get substrings without the need for extra
String allocations.

* platform/network/CacheValidation.cpp:
(WebCore::isControlCharacterOrSpace):
(WebCore::trimToNextSeparator):
(WebCore::parseCacheHeader):

Source/WTF:

Add a StringView::find() overload which takes a CharacterMatchFunction
to match the one on String.

* wtf/text/StringView.h:
(WTF::StringView::find):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202188 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed clean-up after r202186.
bfulgham@apple.com [Sat, 18 Jun 2016 00:09:12 +0000 (00:09 +0000)]
Unreviewed clean-up after r202186.

* platform/FileSystem.cpp:
(WebCore::filesHaveSameVolume): Don't use C-style formatting.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202187 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFile scheme should not allow access of a resource on a different volume.
bfulgham@apple.com [Sat, 18 Jun 2016 00:03:04 +0000 (00:03 +0000)]
File scheme should not allow access of a resource on a different volume.
https://bugs.webkit.org/show_bug.cgi?id=158552
<rdar://problem/15307582>

Patch by Pranjal Jumde <pjumde@apple.com> on 2016-06-17
Reviewed by Brent Fulgham.

Source/WebCore:

Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm

* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canDisplay):
* platform/FileSystem.cpp:
(WebCore::platformFileStat):
(WebCore::filesHaveSameVolume):
Returns true if the files are on the same volume
* platform/FileSystem.h:

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.html: Added.
* TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm: Added.
(-[CrossPartitionFileSchemeAccessNavigationDelegate webView:didFinishNavigation:]):
When the main page load is complete fetch the contents of the document to check if iframe was loaded
(createPartition):
Create a disk image and load the contents of the file.
(cleanUp):
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202186 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSupport configurable autocapitalization.
enrica@apple.com [Fri, 17 Jun 2016 23:31:42 +0000 (23:31 +0000)]
Support configurable autocapitalization.
https://bugs.webkit.org/show_bug.cgi?id=158860
rdar://problem/26231403

Reviewed by Tim Horton.

The behavior of spellchecker should be configurable to avoid
unwanted autocapitalization.

* UIProcess/API/APIPageConfiguration.cpp:
(API::PageConfiguration::copy):
* UIProcess/API/APIPageConfiguration.h:
(API::PageConfiguration::initialCapitalizationEnabled):
(API::PageConfiguration::setInitialCapitalizationEnabled):
* UIProcess/API/C/WKPageConfigurationRef.cpp:
(WKPageConfigurationSetIntialCapitalizationEnabled):
* UIProcess/API/C/WKPageConfigurationRef.h:
* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _initializeWithConfiguration:]):
* UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
(-[WKWebViewConfiguration copyWithZone:]):
(-[WKWebViewConfiguration _initialCapitalizationEnabled]):
(-[WKWebViewConfiguration _setInitialCapitalizationEnabled:]):
* UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
* UIProcess/TextChecker.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::checkTextOfParagraph):
(WebKit::WebPageProxy::getGuessesForWord):
* UIProcess/WebPageProxy.h:
* UIProcess/efl/TextCheckerEfl.cpp:
(WebKit::TextChecker::checkTextOfParagraph):
(WebKit::TextChecker::getGuessesForWord):
* UIProcess/gtk/TextCheckerGtk.cpp:
(WebKit::TextChecker::getGuessesForWord):
(WebKit::TextChecker::checkTextOfParagraph):
* UIProcess/ios/TextCheckerIOS.mm:
(WebKit::TextChecker::checkTextOfParagraph):
(WebKit::TextChecker::getGuessesForWord):
* UIProcess/mac/TextCheckerMac.mm:
(WebKit::TextChecker::checkTextOfParagraph):
(WebKit::TextChecker::getGuessesForWord):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202185 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse WTF::NoncopyableFunction in NetworkDataTaskClient
cdumez@apple.com [Fri, 17 Jun 2016 23:27:28 +0000 (23:27 +0000)]
Use WTF::NoncopyableFunction in NetworkDataTaskClient
https://bugs.webkit.org/show_bug.cgi?id=158887

Reviewed by Alex Christensen.

Use WTF::NoncopyableFunction in NetworkDataTaskClient instead of std::function
and consistently move it around. This avoids some unnecessary copying.

* NetworkProcess/Downloads/DownloadManager.cpp:
(WebKit::DownloadManager::willDecidePendingDownloadDestination):
(WebKit::DownloadManager::continueDecidePendingDownloadDestination):
* NetworkProcess/Downloads/DownloadManager.h:
* NetworkProcess/NetworkDataTask.h:
* NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::willPerformHTTPRedirection):
(WebKit::NetworkLoad::didReceiveChallenge):
(WebKit::NetworkLoad::didReceiveResponseNetworkSession):
(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
* NetworkProcess/NetworkLoad.h:
* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::findPendingDownloadLocation):
* NetworkProcess/NetworkProcess.h:
* NetworkProcess/PingLoad.h:
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTask::didReceiveChallenge):
(WebKit::NetworkDataTask::didReceiveResponse):
(WebKit::NetworkDataTask::willPerformHTTPRedirection):
(WebKit::NetworkDataTask::tryPasswordBasedAuthentication):
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
* Shared/Authentication/AuthenticationManager.cpp:
(WebKit::AuthenticationManager::addChallengeToChallengeMap):
(WebKit::AuthenticationManager::coalesceChallengesMatching):
(WebKit::AuthenticationManager::didReceiveAuthenticationChallenge):
(WebKit::AuthenticationManager::tryUseCertificateInfoForChallenge):
(WebKit::AuthenticationManager::useCredentialForSingleChallenge):
* Shared/Authentication/AuthenticationManager.h:
* Shared/Authentication/mac/AuthenticationManager.mac.mm:
(WebKit::AuthenticationManager::tryUseCertificateInfoForChallenge):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202184 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb video playback controls should have RTL volume slider
commit-queue@webkit.org [Fri, 17 Jun 2016 22:24:52 +0000 (22:24 +0000)]
Web video playback controls should have RTL volume slider
https://bugs.webkit.org/show_bug.cgi?id=158856
<rdar://problem/25971769>

Patch by Antoine Quint <graouts@apple.com> on 2016-06-17
Reviewed by Tim Horton.

Source/WebCore:

We reproduce the system used to propagate the page scale factor from the WebPage to the media controls to
propagate the user interface layout direction.

The Page exposes a new setUserInterfaceLayoutDirection() method which is set by the WebPage. The Page
then notifies the Document of a change, which propagates down to registered media elements, and finally sets
the usesLTRUserInterfaceLayoutDirection property on the media controller object in the injected JavaScript.
Based on the value of that property we toggle a new .uses-ltr-user-interface-layout-direction CSS class on the
.volume-box which applies a translate to the right and flips the volume controls on the x axis.

Since we're setting a new JS property from HTMLMediaController, we refactor much of the code out of the existing
pageScaleFactorChanged() and setPageScaleFactorProperty() into the new setControllerJSProperty() method so that
can easily set a named JS property with a given JSValue.

For testing purposes, we expose the WebCore::Page::setUserInterfaceLayoutDirection() method through Internals.

Test: fullscreen/video-controls-rtl.html

* Modules/mediacontrols/mediaControlsApple.css:
(video:-webkit-full-screen::-webkit-media-controls-panel .volume-box:not(.uses-ltr-user-interface-layout-direction)):
* Modules/mediacontrols/mediaControlsApple.js:
(Controller.prototype.set usesLTRUserInterfaceLayoutDirection):
* WebCore.xcodeproj/project.pbxproj:
* dom/Document.cpp:
(WebCore::Document::registerForUserInterfaceLayoutDirectionChangedCallbacks):
(WebCore::Document::unregisterForUserInterfaceLayoutDirectionChangedCallbacks):
(WebCore::Document::userInterfaceLayoutDirectionChanged):
* dom/Document.h:
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::registerWithDocument):
(WebCore::HTMLMediaElement::unregisterWithDocument):
(WebCore::HTMLMediaElement::updatePageScaleFactorJSProperty):
(WebCore::HTMLMediaElement::updateUsesLTRUserInterfaceLayoutDirectionJSProperty):
(WebCore::HTMLMediaElement::setControllerJSProperty):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::pageScaleFactorChanged):
(WebCore::HTMLMediaElement::userInterfaceLayoutDirectionChanged):
(WebCore::setPageScaleFactorProperty): Deleted.
* html/HTMLMediaElement.h:
* page/Page.cpp:
(WebCore::Page::setUserInterfaceLayoutDirection):
* page/Page.h:
(WebCore::Page::userInterfaceLayoutDirection):
* platform/UserInterfaceLayoutDirection.h: Renamed from Source/WebKit2/UIProcess/UserInterfaceLayoutDirection.h.
* testing/Internals.cpp:
(WebCore::Internals::setUserInterfaceLayoutDirection):
* testing/Internals.h:
* testing/Internals.idl:

Source/WebKit2:

We now call setUserInterfaceLayoutDirection() on WebCore::Page to propagate
the user interface layout direction down to the Web content. To facilitate this,
the UserInterfaceLayoutDirection enum is now defined in WebCore.

* Shared/WebPageCreationParameters.h:
* UIProcess/API/Cocoa/WKWebView.mm:
(convertSystemLayoutDirection):
(toUserInterfaceLayoutDirection):
* UIProcess/API/gtk/PageClientImpl.h:
* UIProcess/Cocoa/WebViewImpl.h:
* UIProcess/Cocoa/WebViewImpl.mm:
(WebKit::toUserInterfaceLayoutDirection):
(WebKit::WebViewImpl::userInterfaceLayoutDirection):
* UIProcess/PageClient.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::userInterfaceLayoutDirection):
(WebKit::WebPageProxy::setUserInterfaceLayoutDirection):
* UIProcess/WebPageProxy.h:
* UIProcess/efl/WebView.h:
* UIProcess/ios/PageClientImplIOS.h:
* UIProcess/ios/PageClientImplIOS.mm:
(WebKit::PageClientImpl::userInterfaceLayoutDirection):
* UIProcess/mac/PageClientImpl.h:
* UIProcess/mac/PageClientImpl.mm:
(WebKit::PageClientImpl::userInterfaceLayoutDirection):
* UIProcess/mac/ViewGestureControllerMac.mm:
(WebKit::ViewGestureController::PendingSwipeTracker::scrollEventCanBecomeSwipe):
(WebKit::ViewGestureController::isPhysicallySwipingLeft):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::m_userInterfaceLayoutDirection):
(WebKit::WebPage::setUserInterfaceLayoutDirection):
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/mac/WebPageMac.mm:
(WebKit::WebPage::performNonEditingBehaviorForSelector):

LayoutTests:

New test that checks that the volume box has the correct CSS class name and the expected
CSS transform value applied to it when the user interface layout direction is right-to-left
and that changing the user interface layout direction dynamically update the media element
shadow tree as expected.

* fullscreen/video-controls-rtl-expected.txt: Added.
* fullscreen/video-controls-rtl.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202183 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdate LayoutTest fast/canvas/canvas-composite-text-alpha.html
ryanhaddad@apple.com [Fri, 17 Jun 2016 21:46:20 +0000 (21:46 +0000)]
Update LayoutTest fast/canvas/canvas-composite-text-alpha.html
https://bugs.webkit.org/show_bug.cgi?id=158710

Reviewed by Alexey Proskuryakov.

Though this test passes, opening the test file directly reports multiple failures. Updating the
readback locations to get the correct results.

* fast/canvas/canvas-composite-text-alpha.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202182 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking media/video-controls-show-on-kb-or-ax-event.html as flaky on Mac
ryanhaddad@apple.com [Fri, 17 Jun 2016 21:46:00 +0000 (21:46 +0000)]
Marking media/video-controls-show-on-kb-or-ax-event.html as flaky on Mac
https://bugs.webkit.org/show_bug.cgi?id=158889

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202181 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkip security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star...
ryanhaddad@apple.com [Fri, 17 Jun 2016 21:30:17 +0000 (21:30 +0000)]
Skip security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html on Mac
https://bugs.webkit.org/show_bug.cgi?id=155196

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202180 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION: Double tap to zoom does not work on yahoo finance
dino@apple.com [Fri, 17 Jun 2016 21:21:52 +0000 (21:21 +0000)]
REGRESSION: Double tap to zoom does not work on yahoo finance
https://bugs.webkit.org/show_bug.cgi?id=158886
<rdar://problem/24917760>

Reviewed by Simon Fraser.

Source/WebKit2:

We shouldn't enable fast click on pages that have
had to shrink to fit. In other words, we should enable
double-tap-to-zoom if the page has already zoomed.

Test: fast/events/ios/viewport-shrink-to-fit-allows-double-tap.html

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _allowsDoubleTapGestures]):

LayoutTests:

* fast/events/ios/viewport-shrink-to-fit-allows-double-tap-expected.txt: Added.
* fast/events/ios/viewport-shrink-to-fit-allows-double-tap.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202179 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTouchEvent should have a constructor
cdumez@apple.com [Fri, 17 Jun 2016 20:51:11 +0000 (20:51 +0000)]
TouchEvent should have a constructor
https://bugs.webkit.org/show_bug.cgi?id=158883
<rdar://problem/26063585>

Reviewed by Benjamin Poulain.

Source/WebCore:

TouchEvent should have a constructor:
- https://w3c.github.io/touch-events/#touchevent-interface

Chrome already ships this:
- https://bugs.chromium.org/p/chromium/issues/detail?id=508675

Test: fast/events/touch/touch-event-constructor.html

* bindings/js/JSDictionary.cpp:
(WebCore::JSDictionary::convertValue):
* bindings/js/JSDictionary.h:
* dom/TouchEvent.cpp:
(WebCore::TouchEvent::TouchEvent):
* dom/TouchEvent.h:
* dom/TouchEvent.idl:

LayoutTests:

Add layout test coverage for the TouchEvent constructor.

* fast/events/touch/touch-event-constructor-expected.txt: Added.
* fast/events/touch/touch-event-constructor.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202178 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoPotential null dereferencing on a detached positioned renderer.
zalan@apple.com [Fri, 17 Jun 2016 20:21:17 +0000 (20:21 +0000)]
Potential null dereferencing on a detached positioned renderer.
https://bugs.webkit.org/show_bug.cgi?id=158879

Reviewed by Simon Fraser.

This patch fixes the case when the while loop to search for the absolute positioned ancestor
returns null (it happens when positioned renderer has been detached from the render tree).

Speculative fix.

* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded):
* rendering/RenderBlock.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202177 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoURL hash setter does not remove fragment identifier if argument is an empty string
cdumez@apple.com [Fri, 17 Jun 2016 20:18:54 +0000 (20:18 +0000)]
URL hash setter does not remove fragment identifier if argument is an empty string
https://bugs.webkit.org/show_bug.cgi?id=158869
<rdar://problem/26863430>

Reviewed by Darin Adler.

Source/WebCore:

URL hash setter and URLUtils hash setter should remove the fragment identifier
if set to "#" or "":
- https://url.spec.whatwg.org/#dom-url-hash
- https://html.spec.whatwg.org/multipage/semantics.html#dom-hyperlink-hash

This patch aligns our behavior with the specification and with other browsers
(tested Firefox and Chrome).

This patch also updates HTMLAnchorElement to inherit URLUtils to avoid code
duplication. HTMLAnchorElement already implements URLUtils in the IDL, as per
the specification:
- https://html.spec.whatwg.org/multipage/semantics.html#htmlanchorelement

No new tests, rebaselined existing tests.

* html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::origin): Deleted.
(WebCore::HTMLAnchorElement::text): Deleted.
(WebCore::HTMLAnchorElement::setText): Deleted.
(WebCore::HTMLAnchorElement::toString): Deleted.
(WebCore::HTMLAnchorElement::isLiveLink): Deleted.
(WebCore::HTMLAnchorElement::sendPings): Deleted.
(WebCore::HTMLAnchorElement::handleClick): Deleted.
(WebCore::HTMLAnchorElement::eventType): Deleted.
(WebCore::HTMLAnchorElement::treatLinkAsLiveForEventType): Deleted.
(WebCore::isEnterKeyKeydownEvent): Deleted.
(WebCore::shouldProhibitLinks): Deleted.
(WebCore::HTMLAnchorElement::willRespondToMouseClickEvents): Deleted.
(WebCore::rootEditableElementMap): Deleted.
(WebCore::HTMLAnchorElement::rootEditableElementForSelectionOnMouseDown): Deleted.
(WebCore::HTMLAnchorElement::clearRootEditableElementForSelectionOnMouseDown): Deleted.
(WebCore::HTMLAnchorElement::setRootEditableElementForSelectionOnMouseDown): Deleted.
* html/HTMLAnchorElement.h:
(WebCore::HTMLAnchorElement::invalidateCachedVisitedLinkHash): Deleted.
* html/URLUtils.h:
(WebCore::URLUtils<T>::setHash):

LayoutTests:

Update existing layout tests now that setting hash to "" or "#" clears
the fragment identifier.

* fast/dom/DOMURL/set-href-attribute-hash-expected.txt:
* fast/dom/DOMURL/set-href-attribute-hash.html:
* fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-hash.js:
* fast/dom/HTMLAnchorElement/set-href-attribute-hash-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202176 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoIgnore case in the check for security origin inheritance
wilander@apple.com [Fri, 17 Jun 2016 19:50:45 +0000 (19:50 +0000)]
Ignore case in the check for security origin inheritance
https://bugs.webkit.org/show_bug.cgi?id=158878

Reviewed by Alex Christensen.

Source/WebCore:

Darin Adler commented in https://bugs.webkit.org/show_bug.cgi?id=158855:
"Are these comparisons intentionally case sensitive? Shouldn’t they ignore ASCII
case? We could use equalIgnoringASCIICase and equalLettersIgnoringASCIICase for
those two lines instead of using ==. URL::parse normalizes letters in the scheme
and host by using toASCIILower, but does not normalize letters elsewhere in the
URL, such as in the "blank" or "srcdoc" in the above URLs."

Test: http/tests/dom/window-open-about-uppercase-blank-and-access-document.html

* platform/URL.cpp:
(WebCore::URL::shouldInheritSecurityOriginFromOwner):

LayoutTests:

* http/tests/dom/window-open-about-uppercase-blank-and-access-document-expected.txt: Added.
* http/tests/dom/window-open-about-uppercase-blank-and-access-document.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202174 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoOOM Assertion failure in JSON.stringify.
mark.lam@apple.com [Fri, 17 Jun 2016 19:22:02 +0000 (19:22 +0000)]
OOM Assertion failure in JSON.stringify.
https://bugs.webkit.org/show_bug.cgi?id=158794
<rdar://problem/26826254>

Reviewed by Saam Barati.

The bug was actually in StringBuilder::appendQuotedJSONString() where it failed
to detect an imminent unsigned int overflow.  The fix is to use Checked<unsigned>
for the needed math, and RELEASE_ASSERT afterwards that we did not overflow.

I also added more assertions to detect sooner if any there are any problems with
StringBuilder's m_buffer or m_length being incorrectly sized.  These assertions
have been run on the JSC and layout tests without any issue.

* wtf/text/StringBuilder.cpp:
(WTF::StringBuilder::resize):
(WTF::StringBuilder::allocateBuffer):
(WTF::StringBuilder::allocateBufferUpConvert):
(WTF::StringBuilder::reallocateBuffer<LChar>):
(WTF::StringBuilder::reallocateBuffer<UChar>):
(WTF::StringBuilder::reserveCapacity):
(WTF::StringBuilder::appendUninitializedSlow):
(WTF::StringBuilder::append):
(WTF::StringBuilder::appendQuotedJSONString):
* wtf/text/StringBuilder.h:
(WTF::StringBuilder::swap):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202173 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix compilation errors when we enable DUMP_NODE_STATISTICS in Node.h
hyungwook.lee@navercorp.com [Fri, 17 Jun 2016 19:10:28 +0000 (19:10 +0000)]
Fix compilation errors when we enable DUMP_NODE_STATISTICS in Node.h
https://bugs.webkit.org/show_bug.cgi?id=158868

Reviewed by Alex Christensen.

Fix compilation errors in Node.cpp when we enable DUMP_NODE_STATISTICS

* dom/Node.cpp:
(WebCore::Node::dumpStatistics):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202172 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkipping two new LayoutTests that rely on mouse events on ios-simulator.
ryanhaddad@apple.com [Fri, 17 Jun 2016 17:24:39 +0000 (17:24 +0000)]
Skipping two new LayoutTests that rely on mouse events on ios-simulator.
https://bugs.webkit.org/show_bug.cgi?id=158855

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202170 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Win] Scrolling in popup menu scrolls past last entry.
pvollan@apple.com [Fri, 17 Jun 2016 17:20:11 +0000 (17:20 +0000)]
[Win] Scrolling in popup menu scrolls past last entry.
https://bugs.webkit.org/show_bug.cgi?id=158870

Reviewed by Brent Fulgham.

When the popup has a scrollbar, the content size is not equal to the popup window size.

* platform/win/PopupMenuWin.cpp:
(WebCore::PopupMenuWin::contentsSize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202169 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRefactor RenderMathMLRoot layout function to avoid using flexbox
fred.wang@free.fr [Fri, 17 Jun 2016 16:30:03 +0000 (16:30 +0000)]
Refactor RenderMathMLRoot layout function to avoid using flexbox
https://bugs.webkit.org/show_bug.cgi?id=153987

Patch by Frederic Wang <fwang@igalia.com> on 2016-06-17
Reviewed by Brent Fulgham.

Source/WebCore:

No new tests, already covered by existing tests.
A case for RTL root has been added to roots.xhtml.

We reimplement RenderMathMLRoot without any flexbox or anonymous.
The anonymous RenderMathMLRadicalOperator used to draw the radical sign is replaced with
the MathOperator class introduced in bug 152244.
msqrt (row of children under a square root) is now implemented directly in RenderMathMLRoot,
so RenderMathMLSquareRoot is removed and RenderMathMLRoot now inherits from RenderMathMLRow.

* CMakeLists.txt: Remove files for RenderMathMLRadicalOperator and RenderMathMLSquareRoot.
* WebCore.xcodeproj/project.pbxproj: ditto.
* accessibility/AccessibilityRenderObject.cpp: Update code now that we do not use any
radical wrappers.
(WebCore::AccessibilityRenderObject::isMathRow): Now that RenderMathMLRoot inherits from
RenderMathMLRow, we must exclude MathRoot or otherwise some accessibility code may treat
roots as rows.
(WebCore::AccessibilityRenderObject::mathRadicandObject): Return the first child for
Root/SquareRoot or nullptr.
(WebCore::AccessibilityRenderObject::mathRootIndexObject): Return the second child for
Root and nullptr for SquareRoot.
* mathml/MathMLInlineContainerElement.cpp:
(WebCore::MathMLInlineContainerElement::childrenChanged): We no longer need a special case
for msqrt, it is treated as a normal RenderMathMLRow.
(WebCore::MathMLInlineContainerElement::createElementRenderer): Make msqrt create a
RenderMathMLRoot object.
* rendering/RenderObject.h:
(WebCore::RenderObject::isRenderMathMLRadicalOperator): Deleted.
* rendering/mathml/RenderMathMLBlock.cpp:
(WebCore::RenderMathMLBlock::mirrorIfNeeded): New function to mirror a child horizontal
offset according to the parent width.
(WebCore::RenderMathMLBlock::renderName):
* rendering/mathml/RenderMathMLBlock.h:
(WebCore::RenderMathMLBlock::mirrorIfNeeded): Moved from RenderMathMLScripts, just forward
call to the other mirrorIfNeeded function.
* rendering/mathml/RenderMathMLOperator.cpp: We no longer need this trailingSpaceError hack.
(WebCore::RenderMathMLOperator::trailingSpaceError): Deleted.
* rendering/mathml/RenderMathMLOperator.h: ditto.
* rendering/mathml/RenderMathMLRadicalOperator.cpp: Removed. The radical sign is now drawn
with a MathOperator.
* rendering/mathml/RenderMathMLRadicalOperator.h: Removed.
* rendering/mathml/RenderMathMLRoot.cpp: Complete refactoring to avoid using flexbox and
anonymous wrappers.
(WebCore::RenderMathMLRoot::RenderMathMLRoot): Set m_kind parameters to distinguish between
square root and general root and set the MathOperator member to draw the radical sign.
(WebCore::RenderMathMLRoot::isValid): Helper function to verify whether the child list is valid.
(WebCore::RenderMathMLRoot::getBase): Get the base of an mroot.
(WebCore::RenderMathMLRoot::getIndex): Get the index of an mroot.
(WebCore::RenderMathMLRoot::styleDidChange): Be sure to keep the style of the
MathOperator in sync with ours ; no need to skip empty roots.
(WebCore::RenderMathMLRoot::updateFromElement): Call the function from the new parent class ;
no need to skip empty roots.
(WebCore::RenderMathMLRoot::updateStyle): Remove the isEmpty ASSERT as it is valid to have
empty square root. Set the m_kernBeforeDegree, m_kernBeforeDegree members.
No need to set style for anonymous.
(WebCore::RenderMathMLRoot::computePreferredLogicalWidths): Implement this function.
(WebCore::RenderMathMLRoot::layoutBlock): Implement this function.
(WebCore::RenderMathMLRoot::paintChildren): Implement this function.
(WebCore::RenderMathMLRoot::paint): Remove the trailingSpaceError hack ;
paint the radical sign via MathOperator::paint
(WebCore::RenderMathMLRoot::baseWrapper): Deleted.
(WebCore::RenderMathMLRoot::radicalWrapper): Deleted.
(WebCore::RenderMathMLRoot::indexWrapper): Deleted.
(WebCore::RenderMathMLRoot::radicalOperator): Deleted.
(WebCore::RenderMathMLRoot::restructureWrappers): Deleted.
(WebCore::RenderMathMLRoot::addChild): Deleted.
(WebCore::RenderMathMLRoot::firstLineBaseline): Deleted.
(WebCore::RenderMathMLRoot::layout): Deleted.
(WebCore::RenderMathMLRootWrapper::createAnonymousWrapper): Deleted.
(WebCore::RenderMathMLRootWrapper::removeChildWithoutRestructuring): Deleted.
(WebCore::RenderMathMLRootWrapper::removeChild): Deleted.
* rendering/mathml/RenderMathMLRoot.h: Make RenderMathMLRoot inherit from RenderMathMLRow.
Make RenderMathMLRoot support <msqrt>.
Remove all the anonymous wrapper stuff and instead use a MathOperator for the radical symbol.
Update function declaration to implement layout without flexbox and add some helper functions.
* rendering/mathml/RenderMathMLRow.cpp: Allow to get the exact metrics of the chid row,
for use in RenderMathMLRoot.
(WebCore::RenderMathMLRow::computeLineVerticalStretch): rename parameters.
(WebCore::RenderMathMLRow::layoutRowItems): Set parameters to the final ascent, descent and
logical width of the chid row. Set the temporary logical width for RenderMathRoot before
laying the children out.
(WebCore::RenderMathMLRow::layoutBlock): Rename parameters ; add a dummy logicalWidth
parameter.
* rendering/mathml/RenderMathMLRow.h: Make some functions accessible or overridable by
RenderMathMLRoot. Make layoutRowItems return the final ascent, descent and logical width
after the chid row is laid out.
* rendering/mathml/RenderMathMLScripts.cpp: Move mirrorIfNeeded to RenderMathMLBlock.
(WebCore::RenderMathMLScripts::mirrorIfNeeded): Deleted.
* rendering/mathml/RenderMathMLScripts.h: Move mirrorIfNeeded to RenderMathMLBlock.
* rendering/mathml/RenderMathMLSquareRoot.cpp: Removed.
* rendering/mathml/RenderMathMLSquareRoot.h: Removed.
* rendering/mathml/MathOperator.cpp:
(WebCore::MathOperator::paint): Apply a mirroring scale transform to radical symbol
in RTL direction.

LayoutTests:

Update expectations for some MathML tests containing radical operators.

* TestExpectations: mathml/roots-removeChild.html works as expected now
that we do not manage anonymous wrappers anymore.
* mathml/presentation/roots.xhtml: Add one test for RTL roots.
* platform/gtk/mathml/presentation/mo-stretch-expected.txt: Update expectation to
take into change in the render tree.
* platform/gtk/mathml/presentation/roots-expected.txt: Ditto.
* platform/gtk/mathml/presentation/roots-expected.png: Update expectation to take
into account small rendering changes.
* platform/ios-simulator/mathml/presentation/roots-expected.txt: Ditto.
* platform/gtk/mathml/radical-fallback-expected.txt: Ditto.
* platform/gtk/mathml/radical-fallback-expected.png: Ditto.
* platform/mac/mathml/radical-fallback-expected.txt: Ditto.
* platform/mac/mathml/radical-fallback-expected.png: Ditto.
* platform/ios-simulator/mathml/radical-fallback-expected.txt: Ditto.
* platform/ios-simulator/mathml/radical-fallback-expected.png: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202168 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDrop some unnecessary header includes
cdumez@apple.com [Fri, 17 Jun 2016 15:43:14 +0000 (15:43 +0000)]
Drop some unnecessary header includes
https://bugs.webkit.org/show_bug.cgi?id=158864

Reviewed by Alexey Proskuryakov.

Drop some unnecessary header includes to try and reduce build times.

* WebCore.xcodeproj/project.pbxproj:
* accessibility/AccessibilityList.cpp:
* css/CSSComputedStyleDeclaration.cpp:
* css/MediaQueryMatcher.cpp:
* css/StyleMedia.cpp:
* css/TransformFunctions.cpp:
* dom/NodeRenderStyle.h:
* dom/PseudoElement.h:
(isType): Deleted.
* html/HTMLTitleElement.cpp:
* html/shadow/MediaControlElementTypes.h:
* html/shadow/MediaControls.cpp:
* inspector/InspectorDOMAgent.h:
* inspector/InspectorLayerTreeAgent.h:
* inspector/InspectorPageAgent.cpp:
* page/scrolling/AsyncScrollingCoordinator.cpp:
* page/scrolling/ScrollingCoordinator.h:
* rendering/BidiRun.h:
* rendering/BorderEdge.h:
* rendering/RenderElement.h:
* rendering/RenderObject.h:
(WebCore::AnnotatedRegionValue::operator==): Deleted.
(WebCore::AnnotatedRegionValue::operator!=): Deleted.
* rendering/RenderObjectEnums.h: Added.
* rendering/RenderTheme.h:
* rendering/SimpleLineLayoutFlowContents.h:
* rendering/SimpleLineLayoutTextFragmentIterator.h:
* rendering/TextPainter.h:
* rendering/style/RenderStyle.h:
(WebCore::pseudoElementRendererIsNeeded):
* rendering/style/ShapeValue.cpp:
* rendering/style/ShapeValue.h:
* style/ClassChangeInvalidation.cpp:
* style/ClassChangeInvalidation.h:
* style/InlineTextBoxStyle.h:
* style/StyleUpdate.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202167 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Throw away linked code when navigating to a new page.
akling@apple.com [Fri, 17 Jun 2016 13:35:32 +0000 (13:35 +0000)]
[iOS] Throw away linked code when navigating to a new page.
<https://webkit.org/b/153851>

Reviewed by Antti Koivisto.

When navigating to a new page, tell JSC to throw out any linked code it has lying around.
Linked code is tied to a specific global object, and as we're creating a new one for the
new page, none of it is useful to us here.

In the event that the user navigates back, the cost of relinking some code will be far
lower than the memory cost of keeping all of it around.

This was in-tree before but was rolled out due to regressing JSBench. It was a slowdown
due to the benchmark harness using top-level navigations to drive the tests.
This new version avoids that problem by only throwing out code if we haven't navigated
in the last 2 seconds. This also prevents excessive work in response to redirects.

I've also moved this into MemoryPressureHandler so we don't make a mess in FrameLoader.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::commitProvisionalLoad):
* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::jettisonExpensiveObjectsOnTopLevelNavigation):
* platform/MemoryPressureHandler.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202166 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed. Added myself to the list of committers.
eocanha@igalia.com [Fri, 17 Jun 2016 11:50:53 +0000 (11:50 +0000)]
Unreviewed. Added myself to the list of committers.

* Scripts/webkitpy/common/config/contributors.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202165 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdate test-expected file for failing fullscreen test
commit-queue@webkit.org [Fri, 17 Jun 2016 11:46:14 +0000 (11:46 +0000)]
Update test-expected file for failing fullscreen test
https://bugs.webkit.org/show_bug.cgi?id=158838

Patch by Romain Bellessort <romain.bellessort@crf.canon.fr> on 2016-06-17
Reviewed by Carlos Garcia Campos.

Used MAC version of the test as the default version since only MAC and
GTK do not skip this test and expect the same result. Removed
test-expected files specific to each port when there was one. Prior to
this patch, GTK test was failing unexpectedly.

* fullscreen/video-controls-override-expected.txt:
* platform/efl/fullscreen/video-controls-override-expected.txt: Removed.
* platform/gtk/fullscreen/video-controls-override-expected.txt: Removed.
* platform/mac/fullscreen/video-controls-override-expected.txt: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202164 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Win] Rendering is not scaled correctly if process is DPI aware.
pvollan@apple.com [Fri, 17 Jun 2016 11:19:32 +0000 (11:19 +0000)]
[Win] Rendering is not scaled correctly if process is DPI aware.
https://bugs.webkit.org/show_bug.cgi?id=158781

Reviewed by Brent Fulgham.

Scale the root graphics layer with the device scale factor.

* WebView.cpp:
(WebView::setAcceleratedCompositing):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202163 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCORS preflight with a non-200 response should be a preflight failure
youenn.fablet@crf.canon.fr [Fri, 17 Jun 2016 10:34:02 +0000 (10:34 +0000)]
CORS preflight with a non-200 response should be a preflight failure
https://bugs.webkit.org/show_bug.cgi?id=111008

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

* web-platform-tests/XMLHttpRequest/data-uri-expected.txt:

Source/WebCore:

Covered by rebased tests.

* Modules/fetch/FetchResponse.h: Making use of ResourceResponse::isSuccessful.
* loader/CrossOriginPreflightChecker.cpp:
(WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Checking that response status is code is
successful. If not, calling preflight failure callback.
(WebCore::CrossOriginPreflightChecker::startPreflight): Putting in manual redirection mode so that redirection
responses are processed as other responses.
* loader/ResourceLoaderOptions.h:
(WebCore::ResourceLoaderOptions::fetchOptions): Adding a non-const getter and fixing const getter to return a
const reference.
(WebCore::ResourceLoaderOptions::setFetchOptions): Passing options by reference.
* platform/network/ResourceResponseBase.cpp:
(WebCore::ResourceResponseBase::isSuccessful): Utility function.
* platform/network/ResourceResponseBase.h:

LayoutTests:

* http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt:
* http/tests/xmlhttprequest/access-control-and-redirects-async.html:
* http/tests/xmlhttprequest/access-control-basic-get-fail-non-simple-expected.txt:
* http/tests/xmlhttprequest/workers/access-control-basic-get-fail-non-simple-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202162 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMathOperator: Add fallback mechanisms for stretching and mirroring radical symbols
fred.wang@free.fr [Fri, 17 Jun 2016 09:24:49 +0000 (09:24 +0000)]
MathOperator: Add fallback mechanisms for stretching and mirroring radical symbols
https://bugs.webkit.org/show_bug.cgi?id=156836

Source/WebCore:

Patch by Frederic Wang <fwang@igalia.com> on 2016-06-17
Reviewed by Sergio Villar Senin.

Some platforms do not have OpenType MATH fonts pre-installed and thus can not draw stretchy
operators using size variants or glyph assembly. This is especially problematic for the
radical symbol which is used to write roots. Currently, we have some fallback code to draw
that symbol using graphical primitives but it is a bit complex and makes the style of radical
inconsistent with the font used. We solve these issues by just scaling the base glyph via a
scale transform. Such scale transform is also used to mirror the radical symbol so that we
have some support for right-to-left roots until we can do glyph-level mirroring
via the OpenType rtlm feature.

Test: mathml/radical-fallback.html

* rendering/mathml/MathOperator.cpp: Add a constant for the code point U+221A of the radical.
(WebCore::MathOperator::reset): In general, we don't need any vertical scaling for radical
symbols so m_radicalVerticalScale is initialized to 1.
(WebCore::MathOperator::calculateStretchyData): If we don't have a font with a MATH table and we
try streching a radical, then we update the vertical metrics to match the target size and
set m_radicalVerticalScale to the value necessary to make the base glyph scaled to that size.
(WebCore::MathOperator::paint): For a radical operator, we may apply a scale transform of
parameters (radicalHorizontalScale, m_radicalVerticalScale) in order to support RTL
mirroring or vertical stretching.
* rendering/mathml/MathOperator.h: We add a m_radicalVerticalScale member to indicate the
scaling to apply to the base radical glyph when the stretchy fallback is necessary.
(WebCore::MathOperator::isStretched): The operator is also considered stretched when the
m_radicalVerticalScale is applied to the base size.
* rendering/mathml/RenderMathMLRadicalOperator.cpp: Remove code specific to the old fallback mechanism.
* rendering/mathml/RenderMathMLRadicalOperator.h: Ditto.

LayoutTests:

Reviewed by Sergio Villar Senin.

We add a pixel test to verify the result of stretching a radical operator.
We test RTL/LTR direction as well as default/sans-serif font in order to check the fallback code.

* mathml/radical-fallback.html: Added.
* platform/gtk/mathml/radical-fallback-expected.png: Added.
* platform/gtk/mathml/radical-fallback-expected.txt: Added.
* platform/ios-simulator/mathml/radical-fallback-expected.txt: Added.
* platform/mac/mathml/radical-fallback-expected.png: Added.
* platform/mac/mathml/radical-fallback-expected.txt: Added.
* platform/ios-simulator/mathml/presentation/roots.txt: Updated.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202161 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r202147.
commit-queue@webkit.org [Fri, 17 Jun 2016 06:23:26 +0000 (06:23 +0000)]
Unreviewed, rolling out r202147.
https://bugs.webkit.org/show_bug.cgi?id=158867

Broke scrolling tests on iOS Simulator (Requested by ap on
#webkit).

Reverted changeset:

"Focus event dispatched in iframe causes parent document to
scroll incorrectly"
https://bugs.webkit.org/show_bug.cgi?id=158629
http://trac.webkit.org/changeset/202147

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202160 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago:in-range & :out-of-range CSS pseudo-classes shouldn't match disabled or readonly...
commit-queue@webkit.org [Fri, 17 Jun 2016 05:19:29 +0000 (05:19 +0000)]
:in-range & :out-of-range CSS pseudo-classes shouldn't match disabled or readonly inputs
https://bugs.webkit.org/show_bug.cgi?id=156530

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-06-16
Reviewed by Simon Fraser.

LayoutTests/imported/w3c:

* web-platform-tests/html/semantics/selectors/pseudo-classes/inrange-outofrange-expected.txt:

Source/WebCore:

Elements should only match :in-range and :out-of-range
when they are candidate for constraint validation.

Tests: fast/css/pseudo-in-range-on-disabled-input-basics.html
       fast/css/pseudo-in-range-on-readonly-input-basics.html
       fast/css/pseudo-in-range-out-of-range-on-disabled-input-trivial.html
       fast/css/pseudo-out-of-range-on-disabled-input-basics.html
       fast/css/pseudo-out-of-range-on-readonly-input-basics.html
       fast/selectors/in-range-out-of-range-style-update.html

* html/BaseDateAndTimeInputType.cpp:
(WebCore::BaseDateAndTimeInputType::minOrMaxAttributeChanged):
* html/NumberInputType.cpp:
(WebCore::NumberInputType::minOrMaxAttributeChanged):
I forgot to handle style update in r202143.
This is covered by the new style invalidation test.

* html/BaseDateAndTimeInputType.h:
* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::isInRange):
(WebCore::HTMLInputElement::isOutOfRange):

LayoutTests:

* fast/css/pseudo-in-range-on-disabled-input-basics-expected.html: Added.
* fast/css/pseudo-in-range-on-disabled-input-basics.html: Added.
* fast/css/pseudo-in-range-on-readonly-input-basics-expected.html: Added.
* fast/css/pseudo-in-range-on-readonly-input-basics.html: Added.
* fast/css/pseudo-in-range-out-of-range-on-disabled-input-trivial-expected.html: Added.
* fast/css/pseudo-in-range-out-of-range-on-disabled-input-trivial.html: Added.
* fast/css/pseudo-out-of-range-on-disabled-input-basics-expected.html: Added.
* fast/css/pseudo-out-of-range-on-disabled-input-basics.html: Added.
* fast/css/pseudo-out-of-range-on-readonly-input-basics-expected.html: Added.
* fast/css/pseudo-out-of-range-on-readonly-input-basics.html: Added.
* fast/selectors/in-range-out-of-range-style-update-expected.txt: Added.
* fast/selectors/in-range-out-of-range-style-update.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202159 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[EFL][GTK] LayoutTest doesn't run on Ubuntu 16.04
gyuyoung.kim@webkit.org [Fri, 17 Jun 2016 04:56:57 +0000 (04:56 +0000)]
[EFL][GTK] LayoutTest doesn't run on Ubuntu 16.04
https://bugs.webkit.org/show_bug.cgi?id=158141

Reviewed by Michael Catanzaro.

Tools:

* Scripts/webkitpy/port/base.py: Detect php version in system, then use it.
(Port._is_debian_php_version_7):
(Port._debian_php_version):
(Port._apache_config_file_name_for_platform):
* efl/install-dependencies:
* gtk/install-dependencies:

LayoutTests:

* http/conf/debian-httpd-2.4-php7.conf: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202158 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBaseline JIT should be concurrent
fpizlo@apple.com [Fri, 17 Jun 2016 04:48:47 +0000 (04:48 +0000)]
Baseline JIT should be concurrent
https://bugs.webkit.org/show_bug.cgi?id=158755

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

This makes the baseline JIT concurrent. We want it to be concurrent because it takes up
about 1% of PLT3 and 10% of JSBench (though the JSBench number might be down from recent
optimizations).

The idea is really simple: I separated the compile and link phases of JIT::privateCompile(),
and arranged to call the compile phase from another thread. This doesn't reuse the old
DFG::Worklist code, because that code does things we don't need (like compilation plan
cancellation to allow GC to interleave with compilations) and is structured in a way that
would have required more changes to the baseline JIT. Also, I think that code uses the wrong
API, and as a result, clients of that API have a bad time. For example, it's never clear who
has the responsibility of setting the JIT thresholds and the DFG::Worklist goes to great
lengths to try to help its client set those things correctly, but since it doesn't set them
directly, the client then has to have additional complex logic to combine what it learned
from the Worklist and what it knows to set the thresholds. This patch takes a simpler
approach: the JITWorklist takes complete control over scheduling compilations. It's like a
combination of DFG::Worklist and operationOptimize().

Because the baseline JIT runs quickly, we can take some shortcuts. The JITWorklist requires
that all of its plans complete before a GC begins. This ensures that we don't have to worry
about interactions between the concurrent baseline JIT and the GC.

I needed to do a bunch of minor changes to the JIT to handle the races that emerged. For
example, I needed to do things to opcodes that read profiling both in the main path code
generator and the slow path one. One trick I used was to create a copy of the instruction
stream and provide that for anyone interested in the original value of the profiles. Most
code still uses the CodeBlock's instruction stream because it may emit JIT code that points
at the stream.

This also fixes a LLInt bug in prototype caching. This bug was revealed by this change
because more of our LayoutTests now run in LLInt.

This looks like it might be a ~1% Octane speed-up (on command line) and a ~0.7% PLT3
speed-up. This also looks like a ~2% JSBench speed-up.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* debugger/Debugger.cpp:
(JSC::Debugger::setSteppingMode):
(JSC::Debugger::toggleBreakpoint):
(JSC::Debugger::clearBreakpoints):
(JSC::Debugger::clearDebuggerRequests):
* dfg/DFGOSRExitPreparation.cpp:
(JSC::DFG::prepareCodeOriginForOSRExit):
* heap/Heap.cpp:
(JSC::Heap::didFinishIterating):
(JSC::Heap::completeAllJITPlans):
(JSC::Heap::deleteAllCodeBlocks):
(JSC::Heap::collectImpl):
(JSC::Heap::completeAllDFGPlans): Deleted.
* heap/Heap.h:
* heap/HeapInlines.h:
(JSC::Heap::forEachCodeBlock):
* jit/JIT.cpp:
(JSC::JIT::emitNotifyWrite):
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::compileWithoutLinking):
(JSC::JIT::link):
(JSC::JIT::privateCompile):
(JSC::JIT::privateCompileExceptionHandlers):
* jit/JIT.h:
(JSC::JIT::compile):
(JSC::JIT::getSlowCase):
(JSC::JIT::linkSlowCase):
(JSC::JIT::linkDummySlowCase):
* jit/JITInlines.h:
(JSC::JIT::emitTagBool):
(JSC::JIT::originalInstruction):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitSlow_op_put_to_scope):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emitSlow_op_resolve_scope):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):
* jit/JITWorklist.cpp: Added.
(JSC::JITWorklist::Plan::Plan):
(JSC::JITWorklist::Plan::compileInThread):
(JSC::JITWorklist::Plan::finalize):
(JSC::JITWorklist::Plan::codeBlock):
(JSC::JITWorklist::Plan::vm):
(JSC::JITWorklist::Plan::isFinishedCompiling):
(JSC::JITWorklist::Plan::isFinalized):
(JSC::JITWorklist::JITWorklist):
(JSC::JITWorklist::~JITWorklist):
(JSC::JITWorklist::completeAllForVM):
(JSC::JITWorklist::poll):
(JSC::JITWorklist::compileLater):
(JSC::JITWorklist::compileNow):
(JSC::JITWorklist::runThread):
(JSC::JITWorklist::finalizePlans):
(JSC::JITWorklist::instance):
* jit/JITWorklist.h: Added.
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
(JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
* runtime/VM.cpp:
(JSC::VM::~VM):

Source/WTF:

The concurrent baseline JIT needs to be able to clone bytecode to get a consistent snapshot.
So, this adds such a method.

* wtf/RefCountedArray.h:
(WTF::RefCountedArray::RefCountedArray):
(WTF::RefCountedArray::clone):

Tools:

Need to disable concurrent JIT when running profiler tests. We should have been doing this
all along.

* Scripts/run-jsc-stress-tests:

LayoutTests:

This change revealed a latent bug in the LLInt.  The non-llint version of this new test
would usually fail because it was still in LLInt.  This new test always fails.

* js/dom/prototype-chain-caching-with-impure-get-own-property-slot-traps-llint.html: Added.
* js/dom/prototype-chain-caching-with-impure-get-own-property-slot-traps-llint-expected.txt: Added.
* js/dom/script-tests/prototype-chain-caching-with-impure-get-own-property-slot-traps-llint.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202157 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd separate MathOperator for selection/measuring/drawing of stretchy operators
fred.wang@free.fr [Fri, 17 Jun 2016 04:34:24 +0000 (04:34 +0000)]
Add separate MathOperator for selection/measuring/drawing of stretchy operators
https://bugs.webkit.org/show_bug.cgi?id=152244

Patch by Frederic Wang <fwang@igalia.com> on 2016-06-16
Reviewed by Brent Fulgham.

Source/WebCore:

We complete the class to select, measure and draw stretchy operators that is independent
from RenderMathMLOperator. That way, we will be able use stretchy operator without having
to introduce & manage anonymous RenderMathMLOperator's
(e.g for <mroot>, <msqrt> and <mfenced>).

No new tests, already covered by existing tests.

* rendering/mathml/MathOperator.cpp:
(WebCore::ascentForGlyph): Add this helper function to get glyph ascent.
(WebCore::descentForGlyph): Add this helper function to get glyph descent.
(WebCore::MathOperator::reset): Initialize all the data and calculate ascent/descent of the
base glyph.
(WebCore::MathOperator::setSizeVariant): Set the width/ascent/descent.
(WebCore::MathOperator::setGlyphAssembly): Ditto.
(WebCore::MathOperator::calculateDisplayStyleLargeOperator): Remove the STIX Word hack and
change m_maxPreferredWidth to use the actual width instead.
(WebCore::MathOperator::stretchTo): New functions to execute the actual operator streching.
(WebCore::MathOperator::fillWithVerticalExtensionGlyph): Add a FIXME for bug 155434.
(WebCore::MathOperator::fillWithHorizontalExtensionGlyph): Align all the glyph baselines on
the same axis, given by m_ascent.
Add a FIXME for bug 155434.
(WebCore::MathOperator::paintHorizontalGlyphAssembly): Ditto.
(WebCore::MathOperator::paint): Public function to do the painting.
(WebCore::MathOperator::paintVerticalGlyphAssembly): Deleted.
* rendering/mathml/MathOperator.h: Update declarations and make most of the members private.
(WebCore::MathOperator::ascent): Function to expose m_ascent.
(WebCore::MathOperator::descent): Function to expose m_descent.
* rendering/mathml/RenderMathMLOperator.cpp:
(WebCore::RenderMathMLOperator::stretchTo): Forward the stretching call to MathOperator.
(WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Unfold advanceForGlyph
since we delete RenderMathMLOperator::advanceForGlyph. Just rely on
MathOperator::maxPreferredWidth to determine the preferred width of stretchy operators.
For horizontal operators, we just use the width of the base glyph.
Finally, we remove the dirty flag on preferred logical width.
(WebCore::RenderMathMLOperator::rebuildTokenContent): Reinit the MathOperator instance.
(WebCore::RenderMathMLOperator::updateFromElement): Force more updates of
RenderMathMLOperator to avoid test breakage.
(WebCore::RenderMathMLOperator::styleDidChange): Call MathOperator::reset to take into
account style change.
(WebCore::RenderMathMLOperator::updateStyle): Remove unused code.
(WebCore::RenderMathMLOperator::firstLineBaseline): Use MathOperator::ascent() function.
(WebCore::RenderMathMLOperator::computeLogicalHeight): Use MathOperator::ascent() and
MathOperator::descent() functions to calculate the height.
(WebCore::RenderMathMLOperator::paint): Only stretched operators are treated specially.
We center horizontal operator and forward the paint() call to MathOperator.
(WebCore::RenderMathMLOperator::trailingSpaceError): The error is now just the difference
between the values returned by MathOperator::maxPreferredWidth() and
MathOperator::width().
(WebCore::boundsForGlyph): Deleted.
(WebCore::heightForGlyph): Deleted.
(WebCore::advanceWidthForGlyph): Deleted.
(WebCore::RenderMathMLOperator::updateStyle): Deleted.

LayoutTests:

Update expectations for some MathML tests containing operators/radicals
to take into account small rendering changes.

* platform/gtk/mathml/opentype/horizontal-expected.png:
* platform/gtk/mathml/opentype/horizontal-expected.txt:
* platform/gtk/mathml/opentype/horizontal-munderover-expected.txt:
* platform/gtk/mathml/opentype/large-operators-expected.png:
* platform/gtk/mathml/opentype/large-operators-expected.txt:
* platform/gtk/mathml/opentype/opentype-stretchy-expected.png:
* platform/gtk/mathml/opentype/opentype-stretchy-expected.txt:
* platform/gtk/mathml/opentype/opentype-stretchy-horizontal-expected.png:
* platform/gtk/mathml/opentype/opentype-stretchy-horizontal-expected.txt:
* platform/gtk/mathml/opentype/vertical-expected.png:
* platform/gtk/mathml/opentype/vertical-expected.txt:
* platform/gtk/mathml/presentation/mo-stretch-expected.png:
* platform/gtk/mathml/presentation/mo-stretch-expected.txt:
* platform/gtk/mathml/presentation/roots-expected.txt:
* platform/ios-simulator/mathml/opentype/horizontal-munderover-expected.txt:
* platform/mac/mathml/opentype/opentype-stretchy-horizontal-expected.png:
* platform/mac/mathml/opentype/opentype-stretchy-horizontal-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202156 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCSP: Content Security Policy should allow '*' to match the originating page's scheme
jiewen_tan@apple.com [Fri, 17 Jun 2016 03:51:00 +0000 (03:51 +0000)]
CSP: Content Security Policy should allow '*' to match the originating page's scheme
https://bugs.webkit.org/show_bug.cgi?id=158811
<rdar://problem/26819568>

Reviewed by Daniel Bates.

Source/WebCore:

Tests: security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star.html
       security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star.html
       security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star.html
       security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html

* page/csp/ContentSecurityPolicySourceList.cpp:
(WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):

LayoutTests:

* security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star-expected.html: Added.
* security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star.html: Added.
* security/contentSecurityPolicy/image-with-file-url-blocked-by-img-src-star-expected.html: Removed.
* security/contentSecurityPolicy/image-with-file-url-blocked-by-img-src-star.html: Removed.
* security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star-expected.html: Added.
* security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star.html: Added.
* security/contentSecurityPolicy/link-with-file-url-blocked-by-style-src-star-expected.html: Removed.
* security/contentSecurityPolicy/link-with-file-url-blocked-by-style-src-star.html: Removed.
* security/contentSecurityPolicy/resources/alert-pass.js: Added.
* security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star-expected.txt: Added.
* security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star.html: Added.
* security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star-expected.html: Copied from LayoutTests/security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star.html.
* security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html: Renamed from LayoutTests/security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star.html.
* security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star-expected.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202155 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoNo need to ref connection in lambda inside NetworkResourceLoader::tryStoreAsCacheEntry()
cdumez@apple.com [Fri, 17 Jun 2016 02:50:30 +0000 (02:50 +0000)]
No need to ref connection in lambda inside NetworkResourceLoader::tryStoreAsCacheEntry()
https://bugs.webkit.org/show_bug.cgi?id=158862

Reviewed by Darin Adler.

Source/WebKit2:

No need to ref connection in lambda inside NetworkResourceLoader::tryStoreAsCacheEntry().
We already ref the NetworkResourceLoader which hold a ref to the connection. Also update
the lambda capture to use Ref<> for the NetworkResourceLoader instead of RefPtr<>.
Switch callback type from std::function to WTF::NoncopyableFunction so we can capture a
Ref<>.

* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::tryStoreAsCacheEntry):
* NetworkProcess/cache/NetworkCache.cpp:
(WebKit::NetworkCache::Cache::store):
* NetworkProcess/cache/NetworkCache.h:
* NetworkProcess/cache/NetworkCacheStorage.cpp:
(WebKit::NetworkCache::Storage::WriteOperation::WriteOperation):
* NetworkProcess/cache/NetworkCacheStorage.h:

Source/WTF:

Add NoncopyableFunction constructor that takes a nullptr_t in, in order
to match the std::function API and make porting from one to the other
easier.

* wtf/NoncopyableFunction.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202154 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd HTTPHeaderMap::set() overload taking a NSString*
cdumez@apple.com [Fri, 17 Jun 2016 02:30:43 +0000 (02:30 +0000)]
Add HTTPHeaderMap::set() overload taking a NSString*
https://bugs.webkit.org/show_bug.cgi?id=158857

Reviewed by Darin Adler.

Add HTTPHeaderMap::set() overloading taking a NSString* in addition to
the one taking a CFStringRef. It is useful for the Cocoa implementation
of ResourceRequest::doUpdateResourceRequest().

* platform/network/HTTPHeaderMap.h:
(WebCore::HTTPHeaderMap::set):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202153 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: console.profile should use the new Sampling Profiler
commit-queue@webkit.org [Fri, 17 Jun 2016 02:26:47 +0000 (02:26 +0000)]
Web Inspector: console.profile should use the new Sampling Profiler
https://bugs.webkit.org/show_bug.cgi?id=153499
<rdar://problem/24352431>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-06-16
Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

Currently console.profile/profileEnd behave slightly differently
between JSContext and Web inspection. Unifying will be part of:
<https://webkit.org/b/158753> Generalize the concept of Instruments on the backend

Both JSContext and Web inspection keep track of active
profiles started and stopped via console.profile/profileEnd.

JSContext inspection sends its programmatic start/stop
via the ScriptProfiler domain.

Web inspection sends its programmatic start/stop
via the Timeline domain, and also will start/stop backend
list of Instruments.

The functional differences between these is that for JSContext
inspection, console.profile only starts/stops the ScriptProfiler
domain, and does not auto-start other instruments. This isn't really
a problem right now given the instruments available for JSContext
inspection; but it will be nice to unify as we add more instruments.
Also, JSContext inspection won't have "Profile (name)" records in
its Events view, since those are currently generated only by the
Web's Timeline domain.

* inspector/protocol/ScriptProfiler.json:
* inspector/protocol/Timeline.json:
Events to inform the frontend of programmatic start/stop.

* debugger/Debugger.h:
* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::breakpointsActive):
(Inspector::InspectorDebuggerAgent::isPaused):
* inspector/agents/InspectorDebuggerAgent.h:
Expose breakpoints active state, since programmatic recording
will temporarily disabled breakpoints if needed.

* inspector/JSGlobalObjectConsoleClient.cpp:
(Inspector::JSGlobalObjectConsoleClient::JSGlobalObjectConsoleClient):
(Inspector::JSGlobalObjectConsoleClient::profile):
(Inspector::JSGlobalObjectConsoleClient::profileEnd):
(Inspector::JSGlobalObjectConsoleClient::startConsoleProfile):
(Inspector::JSGlobalObjectConsoleClient::stopConsoleProfile):
* inspector/JSGlobalObjectConsoleClient.h:
* inspector/JSGlobalObjectInspectorController.cpp:
(Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
* inspector/agents/InspectorScriptProfilerAgent.cpp:
(Inspector::InspectorScriptProfilerAgent::programmaticCaptureStarted):
(Inspector::InspectorScriptProfilerAgent::programmaticCaptureStopped):
* inspector/agents/InspectorScriptProfilerAgent.h:
JSContext implementation of console.profile/profileEnd.

Source/WebCore:

Test: inspector/timeline/setInstruments-programmatic-capture.html

* inspector/InspectorTimelineAgent.cpp:
(WebCore::InspectorTimelineAgent::startFromConsole):
(WebCore::InspectorTimelineAgent::stopFromConsole):
(WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
(WebCore::InspectorTimelineAgent::startProgrammaticCapture):
(WebCore::InspectorTimelineAgent::stopProgrammaticCapture):
(WebCore::InspectorTimelineAgent::toggleInstruments):
(WebCore::InspectorTimelineAgent::toggleScriptProfilerInstrument):
(WebCore::InspectorTimelineAgent::toggleHeapInstrument):
(WebCore::InspectorTimelineAgent::toggleMemoryInstrument):
(WebCore::InspectorTimelineAgent::toggleTimelineInstrument):
* inspector/InspectorTimelineAgent.h:
Web implementation of console.profile/profileEnd.
Make helpers for startings / stopping instruments.

Source/WebInspectorUI:

* UserInterface/Controllers/TimelineManager.js:
(WebInspector.TimelineManager.prototype.programmaticCaptureStarted):
(WebInspector.TimelineManager.prototype.programmaticCaptureStopped):
(WebInspector.TimelineManager.prototype.scriptProfilerProgrammaticCaptureStarted):
(WebInspector.TimelineManager.prototype.scriptProfilerProgrammaticCaptureStopped):
For programmatic captures, automatically show the Script Timeline, since
that is guarenteed to have been started by the backend. Start capturing
without creating a new recording.

* UserInterface/Models/TimelineRecording.js:
(WebInspector.TimelineRecording.prototype.stop):
(WebInspector.TimelineRecording.prototype.addScriptInstrumentForProgrammaticCapture):
When stopping for programmatic capture we don't need to disable
instruments, the backend would have already done this.

* UserInterface/Protocol/ScriptProfilerObserver.js:
(WebInspector.ScriptProfilerObserver.prototype.programmaticCaptureStarted):
(WebInspector.ScriptProfilerObserver.prototype.programmaticCaptureStopped):
(WebInspector.ScriptProfilerObserver):
* UserInterface/Protocol/TimelineObserver.js:
(WebInspector.TimelineObserver.prototype.programmaticCaptureStarted):
(WebInspector.TimelineObserver.prototype.programmaticCaptureStopped):
(WebInspector.TimelineObserver):
Pass through Web and JSContext programmatic capture events.

LayoutTests:

* inspector/timeline/setInstruments-programmatic-capture-expected.txt: Added.
* inspector/timeline/setInstruments-programmatic-capture.html: Added.
New test that the backend auto-starts instruments during programmatic capture.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202152 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRestrict security origin inheritance to empty, about:blank, and about:srcdoc URLs
wilander@apple.com [Fri, 17 Jun 2016 01:10:08 +0000 (01:10 +0000)]
Restrict security origin inheritance to empty, about:blank, and about:srcdoc URLs
https://bugs.webkit.org/show_bug.cgi?id=158855
<rdar://problem/26142632>

Reviewed by Alex Christensen.

Source/WebCore:

Tests: http/tests/dom/window-open-about-blank-and-access-document.html
       http/tests/dom/window-open-about-webkit-org-and-access-document.html

Document.cpp previously checked whether a document should inherit its owner's
security origin by checking if the URL is either empty or blank. URL.cpp in
turn only checks if the protocol is "about:" in the isBlankURL() function.
Thus all about:* URLs inherited security origin. This patch restricts
security origin inheritance to empty, about:blank, and about:srcdoc URLs.

Quotes and links from the WHATWG spec regarding about:srcdoc:

7.1 Browsing contexts
A browsing context can have a creator browsing context, the browsing context
that was responsible for its creation. If a browsing context has a parent
browsing context, then that is its creator browsing context. Otherwise, if the
browsing context has an opener browsing context, then that is its creator
browsing context. Otherwise, the browsing context has no creator browsing
context.
https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc

7.1.1 Nested browsing contexts
Certain elements (for example, iframe elements) can instantiate further
browsing contexts. These are called nested browsing contexts. If a browsing
context P has a Document D with an element E that nests another browsing
context C inside it, then C is said to be nested through D, and E is said to
be the browsing context container of C. If the browsing context container
element E is in the Document D, then P is said to be the parent browsing
context of C and C is said to be a child browsing context of P. Otherwise,
the nested browsing context C has no parent browsing context.
https://html.spec.whatwg.org/multipage/browsers.html#nested-browsing-context

4.8.5 The iframe element
The iframe element represents a nested browsing context.
...
If the srcdoc attribute is specified
    Navigate the element's child browsing context to a new response whose
    url list consists of about:srcdoc ...
https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-srcdoc

* dom/Document.cpp:
(WebCore::Document::initSecurityContext):
    Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
(WebCore::Document::initContentSecurityPolicy):
    Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
(WebCore::shouldInheritSecurityOriginFromOwner): Deleted.
    Moved to URL::shouldInheritSecurityOriginFromOwner() and restricted the check.
* platform/URL.cpp:
(WebCore::URL::shouldInheritSecurityOriginFromOwner):
* platform/URL.h:
    Moved the function from Document and restricted the check to only allow
    security origin inheritance for empty, about:blank, and about:srcdoc URLs.

LayoutTests:

* http/tests/dom/window-open-about-blank-and-access-document-expected.txt: Added.
* http/tests/dom/window-open-about-blank-and-access-document.html: Added.
* http/tests/dom/window-open-about-webkit-org-and-access-document-expected.txt: Added.
* http/tests/dom/window-open-about-webkit-org-and-access-document.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202151 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMove most of CSP tests into security/contentSecurityPolicy/
jiewen_tan@apple.com [Fri, 17 Jun 2016 00:45:42 +0000 (00:45 +0000)]
Move most of CSP tests into security/contentSecurityPolicy/
https://bugs.webkit.org/show_bug.cgi?id=158859

Reviewed by Daniel Bates.

* platform/mac-wk1/TestExpectations:
* platform/mac/TestExpectations:
* platform/wk2/TestExpectations:
* security/contentSecurityPolicy/blocks-video-expected.txt: Renamed from LayoutTests/media/csp-blocks-video-expected.txt.
* security/contentSecurityPolicy/blocks-video.html: Renamed from LayoutTests/media/csp-blocks-video.html.
* security/contentSecurityPolicy/font-loading-block-all-expected.txt: Renamed from LayoutTests/fast/text/font-loading-csp-block-all-expected.txt.
* security/contentSecurityPolicy/font-loading-block-all.html: Renamed from LayoutTests/fast/text/font-loading-csp-block-all.html.
* security/contentSecurityPolicy/image-with-blob-url-allowed-by-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html.
* security/contentSecurityPolicy/image-with-blob-url-allowed-by-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html.
* security/contentSecurityPolicy/image-with-blob-url-blocked-by-img-src-star-expected.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star-expected.html.
* security/contentSecurityPolicy/image-with-blob-url-blocked-by-img-src-star.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html.
* security/contentSecurityPolicy/image-with-data-url-allowed-by-img-src-star-expected.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star-expected.html.
* security/contentSecurityPolicy/image-with-data-url-allowed-by-img-src-star.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star.html.
* security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html.
* security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html.
* security/contentSecurityPolicy/image-with-file-url-blocked-by-img-src-star-expected.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star-expected.html.
* security/contentSecurityPolicy/image-with-file-url-blocked-by-img-src-star.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star.html.
* security/contentSecurityPolicy/link-with-blob-url-allowed-by-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html.
* security/contentSecurityPolicy/link-with-blob-url-allowed-by-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html.
* security/contentSecurityPolicy/link-with-blob-url-blocked-by-style-src-star-expected.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star-expected.html.
* security/contentSecurityPolicy/link-with-blob-url-blocked-by-style-src-star.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star.html.
* security/contentSecurityPolicy/link-with-data-url-allowed-by-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html.
* security/contentSecurityPolicy/link-with-data-url-allowed-by-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html.
* security/contentSecurityPolicy/link-with-data-url-blocked-by-style-src-star-expected.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star-expected.html.
* security/contentSecurityPolicy/link-with-data-url-blocked-by-style-src-star.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star.html.
* security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html.
* security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html.
* security/contentSecurityPolicy/link-with-file-url-blocked-by-style-src-star-expected.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star-expected.html.
* security/contentSecurityPolicy/link-with-file-url-blocked-by-style-src-star.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star.html.
* security/contentSecurityPolicy/resources/worker-inherits-blocks-eval.js: Renamed from LayoutTests/fast/workers/resources/worker-inherits-csp-blocks-eval.js.
(catch):
* security/contentSecurityPolicy/resources/worker-inherits-blocks-xhr.js: Renamed from LayoutTests/fast/workers/resources/worker-inherits-csp-blocks-xhr.js.
(catch):
* security/contentSecurityPolicy/video-with-blob-url-allowed-by-media-src-star-expected.html: Renamed from LayoutTests/media/video-with-blob-url-allowed-by-csp-media-src-star-expected.html.
* security/contentSecurityPolicy/video-with-blob-url-allowed-by-media-src-star.html: Renamed from LayoutTests/media/video-with-blob-url-allowed-by-csp-media-src-star.html.
* security/contentSecurityPolicy/video-with-data-url-allowed-by-media-src-star-expected.html: Renamed from LayoutTests/media/video-with-data-url-allowed-by-csp-media-src-star-expected.html.
* security/contentSecurityPolicy/video-with-data-url-allowed-by-media-src-star.html: Renamed from LayoutTests/media/video-with-data-url-allowed-by-csp-media-src-star.html.
* security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Renamed from LayoutTests/media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html.
* security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Renamed from LayoutTests/media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html.
* security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star-expected.html: Renamed from LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star-expected.html.
* security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star.html: Renamed from LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star.html.
* security/contentSecurityPolicy/worker-inherits-blocks-eval-expected.txt: Renamed from LayoutTests/fast/workers/worker-inherits-csp-blocks-eval-expected.txt.
* security/contentSecurityPolicy/worker-inherits-blocks-eval.html: Renamed from LayoutTests/fast/workers/worker-inherits-csp-blocks-eval.html.
* security/contentSecurityPolicy/worker-inherits-blocks-xhr-expected.txt: Renamed from LayoutTests/fast/workers/worker-inherits-csp-blocks-xhr-expected.txt.
* security/contentSecurityPolicy/worker-inherits-blocks-xhr.html: Renamed from LayoutTests/fast/workers/worker-inherits-csp-blocks-xhr.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202150 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Win] Accessibility implementation unable to recurse through document (sometimes...
pvollan@apple.com [Fri, 17 Jun 2016 00:00:40 +0000 (00:00 +0000)]
[Win] Accessibility implementation unable to recurse through document (sometimes) to find named elements
https://bugs.webkit.org/show_bug.cgi?id=140798

Reviewed by Brent Fulgham.

Make sure layout is up-to-date before trying to find named elements.

* DumpRenderTree/win/AccessibilityControllerWin.cpp:
(AccessibilityController::rootElement):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202149 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[WK2] Improve serialization of SubresourcesEntry to network disk cache
cdumez@apple.com [Thu, 16 Jun 2016 23:39:29 +0000 (23:39 +0000)]
[WK2] Improve serialization of SubresourcesEntry to network disk cache
https://bugs.webkit.org/show_bug.cgi?id=158851

Reviewed by Antti Koivisto.

Improve serialization of SubresourcesEntry to network disk cache:
- Do not bother serializing SubresourceInfo's first party for cookies
  and HTTP headers data members if the resource is transient. This is
  because those are never used for transient resources. This patch also
  makes it so that we do not even bother initializing those data members
  if the transient flag is set.
- Update SubresourceInfo::encode() / decode() to encode and decode
  the HTTPHeaderMap data member with the right NetworkCache::Coder
  template specialization instead of using directly HTTPHeaderMap::decode()
  and HTTPHeaderMap::encode(). HTTPHeaderMap::decode() / encode() is
  unsafe in the disk cache case (see r200394).

Also update entry types as so:
- "resource" -> "Resource"
- "subresources" -> "SubResources"

These entry types are used a folder names in the disk cache and other
folder names were capitalized. Antti suggested this was a good time
to harmonize since we're bumping the cache version.

* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:
(WebKit::NetworkCache::constructRevalidationRequest):
(WebKit::NetworkCache::SpeculativeLoadManager::startSpeculativeRevalidation):
* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.h:
* NetworkProcess/cache/NetworkCacheStorage.h:
* NetworkProcess/cache/NetworkCacheSubresourcesEntry.cpp:
(WebKit::NetworkCache::SubresourceInfo::encode):
(WebKit::NetworkCache::SubresourceInfo::decode):
* NetworkProcess/cache/NetworkCacheSubresourcesEntry.h:
(WebKit::NetworkCache::SubresourceInfo::SubresourceInfo):
(WebKit::NetworkCache::SubresourceInfo::isTransient):
(WebKit::NetworkCache::SubresourceInfo::firstPartyForCookies):
(WebKit::NetworkCache::SubresourceInfo::requestHeaders):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202148 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSource/WebCore:
simon.fraser@apple.com [Thu, 16 Jun 2016 23:34:17 +0000 (23:34 +0000)]
Source/WebCore:
[iOS] Focus event dispatched in iframe causes parent document to scroll incorrectly
https://bugs.webkit.org/show_bug.cgi?id=158629
rdar://problem/26521616

Reviewed by Enrica Casucci.

When focussing elements in iframes, the page could scroll to an incorrect location.
This happened because code in Element::focus() tried to disable scrolling on focus,
but did so only for the current frame, so ancestor frames got programmatically scrolled.
On iOS we handle the scrolling in the UI process, so never want the web process to
do programmatic scrolling.

Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
rather than manually prohibiting frame scrolling.

Tests: fast/forms/ios/focus-input-in-iframe.html
       fast/forms/ios/programmatic-focus-input-in-iframe.html

* dom/Element.cpp:
(WebCore::Element::focus):
* history/CachedPage.cpp:
(WebCore::CachedPage::restore):

LayoutTests:
Focus event dispatched in iframe causes parent document to scroll incorrectly
https://bugs.webkit.org/show_bug.cgi?id=158629
rdar://problem/26521616

Reviewed by Enrica Casucci.

Tests for user-initiated and programmatic focus in frames.

* fast/forms/ios/focus-input-in-iframe-expected.txt: Added.
* fast/forms/ios/focus-input-in-iframe.html: Added.
* fast/forms/ios/programmatic-focus-input-in-iframe.html: Added.
* fast/forms/ios/programmatic-focus-input-in-iframe-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202147 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[New Block-Inside-Inline Model] Do not attempt to re-run margin collapsing on the...
zalan@apple.com [Thu, 16 Jun 2016 23:27:46 +0000 (23:27 +0000)]
[New Block-Inside-Inline Model] Do not attempt to re-run margin collapsing on the block sequence.
https://bugs.webkit.org/show_bug.cgi?id=158854

Reviewed by David Hyatt.

Source/WebCore:

Test: fast/block/inside-inlines/crash-on-first-line-change.html

* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlockFlow::marginCollapseLinesFromStart):

LayoutTests:

* fast/block/inside-inlines/crash-on-first-line-change-expected.txt: Added.
* fast/block/inside-inlines/crash-on-first-line-change.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202146 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoInclude cstdlib before using std::atexit
commit-queue@webkit.org [Thu, 16 Jun 2016 23:03:01 +0000 (23:03 +0000)]
Include cstdlib before using std::atexit
https://bugs.webkit.org/show_bug.cgi?id=158681

Patch by Ting-Wei Lan <lantw44@gmail.com> on 2016-06-16
Reviewed by Brent Fulgham.

* platform/graphics/PlatformDisplay.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202145 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse StringView::toAtomicString() in HTMLImageElement::setBestFitURLAndDPRFromImageCan...
cdumez@apple.com [Thu, 16 Jun 2016 22:55:53 +0000 (22:55 +0000)]
Use StringView::toAtomicString() in HTMLImageElement::setBestFitURLAndDPRFromImageCandidate()
https://bugs.webkit.org/show_bug.cgi?id=158853

Reviewed by Brent Fulgham.

Use StringView::toAtomicString() in HTMLImageElement::setBestFitURLAndDPRFromImageCandidate()
as m_bestFitImageURL data member is an AtomicString. This avoids constructing a String and
then atomizing it.

* html/HTMLImageElement.cpp:
(WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202144 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago:in-range & :out-of-range CSS pseudo-classes shouldn't match inputs without range...
commit-queue@webkit.org [Thu, 16 Jun 2016 22:47:02 +0000 (22:47 +0000)]
:in-range & :out-of-range CSS pseudo-classes shouldn't match inputs without range limitations
https://bugs.webkit.org/show_bug.cgi?id=156558

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-06-16
Reviewed by Simon Fraser.

LayoutTests/imported/w3c:

* web-platform-tests/html/semantics/selectors/pseudo-classes/inrange-outofrange-expected.txt:
One of the previous match was erroneous.
Our results are still very far from being correct. There are several
bugs affecting our range validation.

Source/WebCore:

The pseudo selectors :in-range and :out-of-range should only
apply if:
-minimum/maximum are defined for the input type
-the input value is/is-not suffering from underflow/overflow.

Only certain types have a valid minimum and maximum:
-number
-range
-date
-month
-week
-time
-datetime-local

Of those, only one has a default minimum and maximum: range.
For all the others, the minimum or maximum is only defined
if the min/max attribute is defined and valid.

This patch addresses these constraints for number and range.
The date types range validation is severely broken and is
left untouched. It really needs a clean rewrite.

Tests: fast/css/pseudo-in-range-basics.html
       fast/css/pseudo-in-range-out-of-range-trivial.html
       fast/css/pseudo-out-of-range-basics.html

* html/DateInputType.cpp:
(WebCore::DateInputType::createStepRange):
* html/DateTimeInputType.cpp:
(WebCore::DateTimeInputType::createStepRange):
* html/DateTimeLocalInputType.cpp:
(WebCore::DateTimeLocalInputType::createStepRange):
* html/InputType.cpp:
(WebCore::InputType::isInRange):
(WebCore::InputType::isOutOfRange):
Notice the isEmpty() shortcut.
A value can only overflow/underflow if it is not empty.

* html/MonthInputType.cpp:
(WebCore::MonthInputType::createStepRange):
* html/NumberInputType.cpp:
(WebCore::NumberInputType::createStepRange):
* html/RangeInputType.cpp:
(WebCore::RangeInputType::createStepRange):
* html/StepRange.cpp:
(WebCore::StepRange::StepRange):
* html/StepRange.h:
(WebCore::StepRange::hasRangeLimitations):
* html/WeekInputType.cpp:
(WebCore::WeekInputType::createStepRange):

LayoutTests:

* fast/css/pseudo-in-range-basics-expected.html: Added.
* fast/css/pseudo-in-range-basics.html: Added.
* fast/css/pseudo-in-range-out-of-range-trivial-expected.html: Added.
* fast/css/pseudo-in-range-out-of-range-trivial.html: Added.
* fast/css/pseudo-out-of-range-basics-expected.html: Added.
* fast/css/pseudo-out-of-range-basics.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202143 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix macOS Sierra build
andersca@apple.com [Thu, 16 Jun 2016 22:44:32 +0000 (22:44 +0000)]
Fix macOS Sierra build
https://bugs.webkit.org/show_bug.cgi?id=158849

Reviewed by Tim Horton.

Source/WebCore:

Add WebCore:: qualifiers for IOSurface, to avoid conflicts with the IOSurface Objective-C class.

Also, add an asLayerContents() getter that will return an id that's suitable for setting
as the contents of a CALayer.

* platform/graphics/cocoa/IOSurface.h:
* platform/graphics/cocoa/IOSurface.mm:

Source/WebKit2:

Add WebCore:: qualifiers for IOSurface, to avoid conflicts with the IOSurface Objective-C class
and adopt IOSurface::asLayerContents().

* Shared/mac/RemoteLayerBackingStore.mm:
(WebKit::RemoteLayerBackingStore::decode):
(WebKit::RemoteLayerBackingStore::bytesPerPixel):
(WebKit::RemoteLayerBackingStore::swapToValidFrontBuffer):
(WebKit::RemoteLayerBackingStore::applyBackingStoreToLayer):
(WebKit::RemoteLayerBackingStore::setBufferVolatility):
(WebKit::RemoteLayerBackingStore::Buffer::discard):
* UIProcess/mac/ViewSnapshotStore.mm:
(WebKit::ViewSnapshot::create):
(WebKit::ViewSnapshot::ViewSnapshot):
(WebKit::ViewSnapshot::asLayerContents):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202142 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoKraken/stanford-crypto-pbkdf2.js sometimes crashes with an OSR assertion in FTL
fpizlo@apple.com [Thu, 16 Jun 2016 22:18:06 +0000 (22:18 +0000)]
Kraken/stanford-crypto-pbkdf2.js sometimes crashes with an OSR assertion in FTL
https://bugs.webkit.org/show_bug.cgi?id=158850

Reviewed by Keith Miller.

Bytecode liveness was incorrectly claiming that all tail-deleted locals are live! That's
crazy! We never noticed this because extending OSR liveness is usually not a showstopper and
until recently we didn't have a lot of tail-call test cases to play with. Well, we do now,
thanks to the increasing reliance on tail calls in our builtins.

* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::localsLiveInBytecode): Fix the bug and add some optional tracing. Also restructure the code so that we don't break to return true, since that's counterintuitive.
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::buildExitArguments): Make this assertion print more useful information.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202141 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWhen a WebsiteDataStore finds no ProcessPools and creates one from scratch, it should...
beidson@apple.com [Thu, 16 Jun 2016 22:06:57 +0000 (22:06 +0000)]
When a WebsiteDataStore finds no ProcessPools and creates one from scratch, it should represent the data store's config.
rdar://problem/26586991 and https://bugs.webkit.org/show_bug.cgi?id=158844

Reviewed by Anders Carlsson.

* UIProcess/API/APIProcessPoolConfiguration.cpp:
(API::ProcessPoolConfiguration::createWithWebsiteDataStoreConfiguration):
* UIProcess/API/APIProcessPoolConfiguration.h:

* UIProcess/WebsiteData/WebsiteDataStore.cpp:
(WebKit::WebsiteDataStore::WebsiteDataStore):
(WebKit::WebsiteDataStore::fetchData):
(WebKit::WebsiteDataStore::removeData):
(WebKit::WebsiteDataStore::processPools):
* UIProcess/WebsiteData/WebsiteDataStore.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202140 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r196217): 3% JSBench regression on iPhone 5.
akling@apple.com [Thu, 16 Jun 2016 21:47:06 +0000 (21:47 +0000)]
REGRESSION(r196217): 3% JSBench regression on iPhone 5.
<https://webkit.org/b/158848>
<rdar://problem/26609622>

Unreviewed rollout.

Don't jettison linked code on every top-level navigation as that was hurting JSBench on iPhone 5.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::commitProvisionalLoad):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202139 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r201538): Web Inspector: Border over Allocations Views is too thick
commit-queue@webkit.org [Thu, 16 Jun 2016 21:35:48 +0000 (21:35 +0000)]
REGRESSION (r201538): Web Inspector: Border over Allocations Views is too thick
https://bugs.webkit.org/show_bug.cgi?id=158846

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-06-16
Reviewed by Timothy Hatcher.

* UserInterface/Views/HeapAllocationsTimelineView.css:
(.timeline-view.heap-allocations > .content-view-container > .content-view): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202138 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r202002 and r202111.
cdumez@apple.com [Thu, 16 Jun 2016 20:39:45 +0000 (20:39 +0000)]
Unreviewed, rolling out r202002 and r202111.

Ryosuke says this was a JSBench regression on iOS

Reverted changesets:

"Make HashMap and HashSet work with Refs"
https://bugs.webkit.org/show_bug.cgi?id=158638
http://trac.webkit.org/changeset/202002

"Improve HashMap and HashSet support for Ref"
https://bugs.webkit.org/show_bug.cgi?id=158789
http://trac.webkit.org/changeset/202111

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202136 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoVersioning.
bshafiei@apple.com [Thu, 16 Jun 2016 20:39:44 +0000 (20:39 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202135 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed build fix.
mattbaker@apple.com [Thu, 16 Jun 2016 19:50:32 +0000 (19:50 +0000)]
Unreviewed build fix.

* UserInterface/Views/DataGrid.js:
(WebInspector.DataGrid.prototype.createSettings):
"showColumn" -> "setColumnVisible".

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202134 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: DataGrid should manage its own settings
mattbaker@apple.com [Thu, 16 Jun 2016 19:39:10 +0000 (19:39 +0000)]
Web Inspector: DataGrid should manage its own settings
https://bugs.webkit.org/show_bug.cgi?id=158675
<rdar://problem/26761338>

Reviewed by Timothy Hatcher.

Move grid sorting settings (sort order, column identifier) into DataGrid,
removing duplicated code from various views. A new grid method, "createSettings",
takes an identifier which is used as a prefix for naming the grid's settings.

So that the new behavior is easy to use and hard to misuse, default values
for each setting are set to the current value of the associated property.
The result is that:

    grid.sortColumnIdentifier = "columnA";
    grid.createSettings("myGrid");

will use "columnA" as the default value the first time the setting is created.

* UserInterface/Views/ApplicationCacheFrameContentView.js:
(WebInspector.ApplicationCacheFrameContentView.prototype._createDataGrid):
* UserInterface/Views/CookieStorageContentView.js:
(WebInspector.CookieStorageContentView.prototype._rebuildTable):
* UserInterface/Views/DOMStorageContentView.js:
(WebInspector.DOMStorageContentView):
* UserInterface/Views/DataGrid.js:
(WebInspector.DataGrid):
(WebInspector.DataGrid.prototype.createSettings):
(WebInspector.DataGrid.prototype.get identifier): Deleted.
(WebInspector.DataGrid.prototype.set identifier): Deleted.
(WebInspector.DataGrid.prototype.set sortOrderSetting): Deleted.
(WebInspector.DataGrid.prototype.set sortColumnIdentifierSetting): Deleted.
* UserInterface/Views/HeapAllocationsTimelineView.js:
(WebInspector.HeapAllocationsTimelineView):
* UserInterface/Views/HeapSnapshotContentView.js:
(WebInspector.HeapSnapshotContentView):
* UserInterface/Views/LayerTreeDetailsSidebarPanel.js:
(WebInspector.LayerTreeDetailsSidebarPanel.prototype._buildDataGridSection):
* UserInterface/Views/LayoutTimelineView.js:
(WebInspector.LayoutTimelineView):
* UserInterface/Views/NetworkGridContentView.js:
(WebInspector.NetworkGridContentView):
* UserInterface/Views/NetworkTimelineView.js:
(WebInspector.NetworkTimelineView):
* UserInterface/Views/ProfileView.js:
(WebInspector.ProfileView):
* UserInterface/Views/RenderingFrameTimelineView.js:
(WebInspector.RenderingFrameTimelineView):
* UserInterface/Views/ScriptDetailsTimelineView.js:
(WebInspector.ScriptDetailsTimelineView):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202133 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS WK2] On iPad, indirect focussing of a text field doesn't always scroll to the...
simon.fraser@apple.com [Thu, 16 Jun 2016 18:49:14 +0000 (18:49 +0000)]
[iOS WK2] On iPad, indirect focussing of a text field doesn't always scroll to the correct location
https://bugs.webkit.org/show_bug.cgi?id=158828

Reviewed by Enrica Casucci.

Source/WebKit2:

WebPage::getAssistedNodeInformation() unconditionally set information.selectionRect()
to a 1x1 rect at the last interaction location. This caused -[WKWebView _zoomToFocusRect:...]
to early return under the !forceScroll clause if the last interaction rect was visible, but
the elementRect was not. This would happen, for example, if a click in a <button> focussed
an input on some other portion of the page. This behavior is iPad-only, because forceScroll
is only NO there.

Fix by making getAssistedNodeInformation() only set the selectionRect to the last interaction
location if that is inside of the elementRect (this caters to the case where a tap is inside
an input which is larger than the screen). Otherwise, set it to the empty rect.

Make this testable by allowing a test to opt into the iPad-style scrolling/zooming behavior
in this code path (essentially, making forceScroll NO for testing), via testing SPI on WKWebView,
plumbed through to WKContentView.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView forceIPadStyleZoomOnInputFocus]):
(-[WKWebView setForceIPadStyleZoomOnInputFocus:]):
* UIProcess/API/Cocoa/WKWebViewPrivate.h:
* UIProcess/ios/WKContentViewInteraction.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _displayFormNodeInputView]):
(-[WKContentView requiresAccessoryView:]):
(-[WKContentView inputAccessoryView]):
(-[WKContentView forceIPadStyleZoomOnInputFocus]):
(-[WKContentView setForceIPadStyleZoomOnInputFocus:]):
(-[WKContentView requiresAccessoryView]): Remove redundant returns, and allow testing to
override the "isIPad" condition.
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::getAssistedNodeInformation):

Tools:

Expose "forceIPadStyleZoomOnInputFocus" on UIScriptController, which allows iPad-style
zooming behavior on <input> focus in the iPhone simulator, which is used for testing.

* WebKitTestRunner/UIScriptContext/Bindings/UIScriptController.idl:
* WebKitTestRunner/UIScriptContext/UIScriptController.cpp:
(WTR::UIScriptController::forceIPadStyleZoomOnInputFocus):
(WTR::UIScriptController::setForceIPadStyleZoomOnInputFocus):
* WebKitTestRunner/UIScriptContext/UIScriptController.h:
* WebKitTestRunner/ios/TestControllerIOS.mm:
(WTR::TestController::platformResetStateToConsistentValues):
* WebKitTestRunner/ios/UIScriptControllerIOS.mm:
(WTR::UIScriptController::forceIPadStyleZoomOnInputFocus):
(WTR::UIScriptController::setForceIPadStyleZoomOnInputFocus):

LayoutTests:

Add various tests for focusing form fields. focus-input-via-button-ipad.html tests
the change in the current patch.

* fast/forms/ios/focus-input-in-fixed-expected.txt: Added.
* fast/forms/ios/focus-input-in-fixed.html: Added.
* fast/forms/ios/focus-input-via-button-ipad-expected.txt: Added.
* fast/forms/ios/focus-input-via-button-ipad.html: Added.
* fast/forms/ios/focus-long-textarea-expected.txt: Added.
* fast/forms/ios/focus-long-textarea.html: Added.
* fast/forms/ios/resources/zooming-test-utils.js:
(testZoomAfterTap):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202132 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd collecting of LLINT slow path stats.
mark.lam@apple.com [Thu, 16 Jun 2016 18:25:54 +0000 (18:25 +0000)]
Add collecting of LLINT slow path stats.
https://bugs.webkit.org/show_bug.cgi?id=158829

Reviewed by Keith Miller.

* llint/LLIntData.cpp:
(JSC::LLInt::Data::dumpStats):
* llint/LLIntData.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202131 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWebRTC: Check type of this in RTCPeerConnection JS built-in functions
adam.bergkvist@ericsson.com [Thu, 16 Jun 2016 18:12:41 +0000 (18:12 +0000)]
WebRTC: Check type of this in RTCPeerConnection JS built-in functions
https://bugs.webkit.org/show_bug.cgi?id=151303

Reviewed by Youenn Fablet.

Source/WebCore:

Check type of 'this' in RTCPeerConnection JS built-in functions.

Test: fast/mediastream/RTCPeerConnection-js-built-ins-check-this.html

* Modules/mediastream/RTCPeerConnection.js:
(createOffer):
(createAnswer):
(setLocalDescription):
(setRemoteDescription):
(addIceCandidate):
(getStats):
Reject if 'this' isn't of type RTCPeerConnection.
* Modules/mediastream/RTCPeerConnectionInternals.js:
(isRTCPeerConnection):
Add helper function to perform type check. Needs further robustifying.

LayoutTests:

Verify that the RTCPeerConnection JS built-in methods checks 'this'. The test has expected
failures (bug: http://webkit.org/b/158831).

* fast/mediastream/RTCPeerConnection-js-built-ins-check-this-expected.txt: Added.
* fast/mediastream/RTCPeerConnection-js-built-ins-check-this.html: Added.
* platform/mac/TestExpectations:
The mac port does not build with WEB_RTC enabled yet.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202130 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoForward/Back keyboard shortcuts need to flip for RTL
weinig@apple.com [Thu, 16 Jun 2016 17:54:33 +0000 (17:54 +0000)]
Forward/Back keyboard shortcuts need to flip for RTL
https://bugs.webkit.org/show_bug.cgi?id=158823
<rdar://problem/25975359>

Reviewed by Darin Adler.

Source/WebKit2:

Pipe the UserInterfaceLayoutDirection down to the WebContentProcess on initialization
and when it changes, and use it to flip the behavior of command-left and command-right
when in RTL mode.

Tests:
    WebKit2_CommandBackForwardTestWKView.LTR
    WebKit2_CommandBackForwardTestWKView.RTL
    WebKit2_CommandBackForwardTestWKWebView.LTR
    WebKit2_CommandBackForwardTestWKWebView.RTL

* Shared/WebPageCreationParameters.cpp:
(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):
* Shared/WebPageCreationParameters.h:
* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _webViewPrintFormatter]):
(-[WKWebView setSemanticContentAttribute:]):
(-[WKWebView _printOperationWithPrintInfo:forFrame:]):
(-[WKWebView setUserInterfaceLayoutDirection:]):
* UIProcess/API/mac/WKView.mm:
(-[WKView setUserInterfaceLayoutDirection:]):
* UIProcess/Cocoa/WebViewImpl.h:
* UIProcess/Cocoa/WebViewImpl.mm:
(WebKit::WebViewImpl::windowIsFrontWindowUnderMouse):
(WebKit::toUserInterfaceLayoutDirection):
(WebKit::WebViewImpl::userInterfaceLayoutDirection):
(WebKit::WebViewImpl::setUserInterfaceLayoutDirection):
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::creationParameters):
(WebKit::WebPageProxy::userInterfaceLayoutDirection):
(WebKit::WebPageProxy::setUserInterfaceLayoutDirection):
* UIProcess/WebPageProxy.h:
(WebKit::WebPageProxy::hasHadSelectionChangesFromUserInteraction):
* UIProcess/ios/WKContentView.mm:
(-[WKContentView _commonInitializationWithProcessPool:configuration:]):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::m_userInterfaceLayoutDirection):
(WebKit::WebPage::setResourceCachingDisabled):
(WebKit::WebPage::setUserInterfaceLayoutDirection):
(WebKit::m_shouldDispatchFakeMouseMoveEvents): Deleted.
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/WebPage.messages.in:
* WebProcess/WebPage/mac/WebPageMac.mm:
(WebKit::WebPage::performNonEditingBehaviorForSelector):

Tools:

Add tests for flipping the behavior of command-left and command-right
under RTL mode.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2Cocoa/CommandBackForward.mm: Added.
(-[CommandBackForwardOffscreenWindow isKeyWindow]):
(-[CommandBackForwardOffscreenWindow isVisible]):
(simulateCommandArrow):
(WebKit2_CommandBackForwardTest::SetUp):
(WebKit2_CommandBackForwardTestWKView::didFinishLoadForFrame):
(WebKit2_CommandBackForwardTestWKView::SetUp):
(WebKit2_CommandBackForwardTestWKView::loadFiles):
(-[CommandBackForwardNavigationDelegate webView:didFinishNavigation:]):
(WebKit2_CommandBackForwardTestWKWebView::SetUp):
(WebKit2_CommandBackForwardTestWKWebView::loadFiles):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202129 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[mac] LayoutTest transforms/undecomposable.html is a flaky timeout
dino@apple.com [Thu, 16 Jun 2016 17:43:43 +0000 (17:43 +0000)]
[mac] LayoutTest transforms/undecomposable.html is a flaky timeout
https://bugs.webkit.org/show_bug.cgi?id=158816

Another attempt to deflake this test. Or is it unflake? I don't know.

* transforms/undecomposable.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202128 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSporadic crash in HashTableAddResult following CSSValuePool::createFontFamilyValue
mmaxfield@apple.com [Thu, 16 Jun 2016 17:10:38 +0000 (17:10 +0000)]
Sporadic crash in HashTableAddResult following CSSValuePool::createFontFamilyValue
https://bugs.webkit.org/show_bug.cgi?id=158297

Reviewed by Darin Adler.

Source/WebCore:

In an effort to reduce the flash of unstyled content, we force all elements
to have display: none during an external stylesheet load. We do this by
ignoring the CSS cascade and forcing all elements to have a placeholder style
which hardcodes display: none. (This is necessary to make elements created by
script during the stylesheet load not flash.)

This style is exposed to web content via getComputedStyle(), which means it
needs to maintain the invariant that font-families can never be null strings.
We enforce this by forcing the font-family to be the standard font name.

Test: fast/text/placeholder-renderstyle-null-font.html

* style/StyleTreeResolver.cpp:
(WebCore::Style::ensurePlaceholderStyle):

LayoutTests:

* fast/text/placeholder-renderstyle-null-font-expected.txt: Added.
* fast/text/placeholder-renderstyle-null-font.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202127 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAvoid some temporary String allocations for common HTTP headers in ResourceResponse...
cdumez@apple.com [Thu, 16 Jun 2016 16:32:04 +0000 (16:32 +0000)]
Avoid some temporary String allocations for common HTTP headers in ResourceResponse::platformLazyInit()
https://bugs.webkit.org/show_bug.cgi?id=158827

Reviewed by Darin Adler.

Add a HTTPHeaderMap::set() overload taking in a CFStringRef. The
implementation has a fast path which gets the internal characters
of the CFStringRef when possible and constructs a StringView for
it in order to call findHTTPHeaderName(). As a result, we avoid
allocating a temporary String when findHTTPHeaderName() succeeds.

This new HTTPHeaderMap::set() overload is called from both the
CF and Cocoa implementations of ResourceResponse::platformLazyInit().

I have confirmed locally on both Mac and iOS that the fast path
is used ~93% of the time. CFStringGetCStringPtr() returns null in
rare cases, causing the regular code path to be used.

* platform/network/HTTPHeaderMap.cpp:
(WebCore::HTTPHeaderMap::set):
* platform/network/HTTPHeaderMap.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202126 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd support for Symbol.isConcatSpreadable (round 2)
keith_miller@apple.com [Thu, 16 Jun 2016 06:01:47 +0000 (06:01 +0000)]
Add support for Symbol.isConcatSpreadable (round 2)
https://bugs.webkit.org/show_bug.cgi?id=158769

Reviewed by Mark Lam.

Source/JavaScriptCore:

This patch adds support for Symbol.isConcatSpreadable. In order to
do so, it was necessary to move the Array.prototype.concat function
to JS. A number of different optimizations were needed to make
such the move to a builtin performant. First, this patch adds a
new Bytecode intrinsic, isJSArray, that checks if the value is a
JSArray object. Specifically, isJSArray checks that the array
object is a normal instance of JSArray and not a RuntimeArray or
Array.prototype. isJSArray can also be converted into a constant
by the DFG if we are able to prove that the incomming value is
already a JSArray.

In order to further improve the perfomance we also now cover more
indexing types in our fast path memcpy code. Before we would only
memcpy Arrays if they had the same indexing type and did not have
Array storage or were undecided. Now the memcpy code covers the
following additional three cases:

1) One array is undecided and the other does not have array storage

2) One array is Int32 and the other is contiguous (we map this
into a contiguous array).

3) The this value is an array and first argument is a non-array
that does not have Symbol.isConcatSpreadable set.

This patch also adds a new fast path for concat with more than one
array argument by using memcpy to append values onto the result
array. This works roughly the same as the two array fast path
using the same methodology to decide if we can memcpy the other
butterfly into the result butterfly.

* JavaScriptCore.xcodeproj/project.pbxproj:
* builtins/ArrayPrototype.js:
(concatSlowPath):
(concat):
* bytecode/BytecodeIntrinsicRegistry.cpp:
(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
* bytecode/BytecodeIntrinsicRegistry.h:
* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::emitIsJSArray):
* bytecompiler/NodesCodegen.cpp:
(JSC::BytecodeIntrinsicNode::emit_intrinsic_isJSArray):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::compileIsJSArray):
(JSC::DFG::SpeculativeJIT::compileCallObjectConstructor):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCallObjectConstructor):
(JSC::FTL::DFG::LowerDFGToB3::compileIsJSArray):
(JSC::FTL::DFG::LowerDFGToB3::isArray):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_is_jsarray):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_is_jsarray):
* jit/JITOperations.h:
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/ArrayConstructor.h:
(JSC::isArrayConstructor):
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::finishCreation):
(JSC::speciesWatchpointsValid):
(JSC::speciesConstructArray):
(JSC::moveElements):
(JSC::concatAppendOne):
(JSC::arrayProtoFuncConcat): Deleted.
* runtime/ArrayPrototype.h:
* runtime/CommonIdentifiers.h:
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/IndexingType.h:
(JSC::indexingTypeForValue):
* runtime/JSArray.cpp:
(JSC::JSArray::appendMemcpy):
(JSC::JSArray::fastConcatWith): Deleted.
* runtime/JSArray.h:
(JSC::JSArray::createStructure):
(JSC::isJSArray):
(JSC::JSArray::fastConcatType): Deleted.
* runtime/JSArrayInlines.h: Added.
(JSC::JSArray::mergeIndexingTypeForCopying):
(JSC::JSArray::canFastCopy):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/JSObject.cpp:
(JSC::JSObject::convertUndecidedForValue):
* runtime/JSType.h:
* runtime/ObjectConstructor.h:
(JSC::constructObject):
* tests/es6.yaml:
* tests/stress/array-concat-spread-object.js: Added.
(arrayEq):
* tests/stress/array-concat-spread-proxy-exception-check.js: Added.
(arrayEq):
* tests/stress/array-concat-spread-proxy.js: Added.
(arrayEq):
* tests/stress/array-concat-with-slow-indexingtypes.js: Added.
(arrayEq):
* tests/stress/array-species-config-array-constructor.js:

LayoutTests:

Fix tests for Symbol.isConcatSpreadable. Also, add new test that
the array species construction does not use the callees' global
object's Array[Symbol.species] when given an array from another
global object.

* js/Object-getOwnPropertyNames-expected.txt:
* js/array-species-different-globalobjects.html:
* js/dom/array-prototype-properties-expected.txt:
* js/script-tests/Object-getOwnPropertyNames.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202125 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAssertion failure when returning incomplete property descriptor from proxy trap.
mark.lam@apple.com [Thu, 16 Jun 2016 04:41:18 +0000 (04:41 +0000)]
Assertion failure when returning incomplete property descriptor from proxy trap.
https://bugs.webkit.org/show_bug.cgi?id=157078

Reviewed by Saam Barati.

If the proxy returns a descriptor that expects a value but does not specify one,
we should use undefined for the value.

* runtime/ProxyObject.cpp:
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
* tests/stress/proxy-returning-incomplete-property-descriptor.js: Added.
(truthiness):
(compare):
(shouldBe):
(test):
(get test):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202124 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDecouple the percent height and positioned descendants maps.
zalan@apple.com [Thu, 16 Jun 2016 03:30:22 +0000 (03:30 +0000)]
Decouple the percent height and positioned descendants maps.
https://bugs.webkit.org/show_bug.cgi?id=158773

Reviewed by David Hyatt and Chris Dumez.

Source/WebCore:

We track renderers with percent height across multiple containers using
HashMap<const RenderBox*, std::unique_ptr<HashSet<const RenderBlock*>>>.
We also use the same data structure to track positioned descendants.
However a positioned renderer can have only one containing block so tracking it
with a 1:many type is defective.
It allows multiple inserts for positioned descendants, which could lead to
inconsistent layout state as the rendering logic expects these type of renderers
with only one containing block.
This patch decouples percent height and positioned tracking by introducing
the PositionedDescendantsMap class. This class is responsible for tracking
the positioned descendants inbetween layouts.

No change in functionality.

Tests: fast/block/positioning/change-containing-block-for-absolute-positioned.html
       fast/block/positioning/change-containing-block-for-fixed-positioned.html

* rendering/RenderBlock.cpp:
(WebCore::insertIntoTrackedRendererMaps):
(WebCore::removeFromTrackedRendererMaps):
(WebCore::PositionedDescendantsMap::addDescendant): Add more defensive ASSERT_NOT_REACHED
to the double insert branch when webkit.org/b/158772 gets fixed.
(WebCore::PositionedDescendantsMap::removeDescendant):
(WebCore::PositionedDescendantsMap::removeContainingBlock):
(WebCore::PositionedDescendantsMap::positionedRenderers):
(WebCore::positionedDescendantsMap):
(WebCore::removeBlockFromPercentageDescendantAndContainerMaps):
(WebCore::RenderBlock::~RenderBlock):
(WebCore::RenderBlock::positionedObjects):
(WebCore::RenderBlock::insertPositionedObject):
(WebCore::RenderBlock::removePositionedObject):
(WebCore::RenderBlock::addPercentHeightDescendant):
(WebCore::RenderBlock::removePercentHeightDescendant):
(WebCore::RenderBlock::percentHeightDescendants):
(WebCore::RenderBlock::checkPositionedObjectsNeedLayout):
(WebCore::removeBlockFromDescendantAndContainerMaps): Deleted.
* rendering/RenderBlock.h:

LayoutTests:

Various dynamic containing block changing tests.

* fast/block/fixed-position-reparent-when-transition-is-removed.html:
* fast/block/positioning/change-containing-block-for-absolute-positioned-expected.txt: Added.
* fast/block/positioning/change-containing-block-for-absolute-positioned.html: Added.
* fast/block/positioning/change-containing-block-for-fixed-positioned-expected.txt: Added.
* fast/block/positioning/change-containing-block-for-fixed-positioned.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202123 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMove SoftLinking.h to platform/cococa from platform/mac
ddkilzer@apple.com [Thu, 16 Jun 2016 03:22:07 +0000 (03:22 +0000)]
Move SoftLinking.h to platform/cococa from platform/mac
<https://webkit.org/b/158825>

Reviewed by Andy Estes.

* PlatformMac.cmake: Update for new directory.
* WebCore.xcodeproj/project.pbxproj: Ditto.
* platform/cocoa/SoftLinking.h: Renamed from Source/WebCore/platform/mac/SoftLinking.h.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202122 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Cocoa] Clean up / optimize ResourceResponse::platformLazyInit(InitLevel)
cdumez@apple.com [Thu, 16 Jun 2016 02:59:54 +0000 (02:59 +0000)]
[Cocoa] Clean up / optimize ResourceResponse::platformLazyInit(InitLevel)
https://bugs.webkit.org/show_bug.cgi?id=158809

Reviewed by Darin Adler.

Source/WebCore:

Clean up / optimize ResourceResponse::platformLazyInit(InitLevel).

* platform/network/HTTPParsers.cpp:
(WebCore::extractReasonPhraseFromHTTPStatusLine):
* platform/network/HTTPParsers.h:
Have extractReasonPhraseFromHTTPStatusLine() return an AtomicString as the
Reason is stored as an AtomicString on ResourceResponse. Have the
implementation use StringView::subString()::toAtomicString().

* platform/network/cocoa/ResourceResponseCocoa.mm:
(WebCore::stripLeadingAndTrailingDoubleQuote):
Move the stripLeadingAndTrailingDoubleQuote logic from platformLazyInit()
to its own function. Have it use StringView::subString()::toAtomicString()
to avoid unnecessarily atomizing the textEncodingName that has surrounding
double-quotes.

(WebCore::initializeHTTPHeaders):
Move HTTP headers initialization to its own function for clarity.

(WebCore::extractHTTPStatusText):
Move HTTP status Text extraction to its own function for clarity.

(WebCore::ResourceResponse::platformLazyInit):
- The function is streamlined a bit because most of the logic was moved
  into separate functions.
- Drop unnecessary (initLevel >= CommonFieldsOnly) check in the first
  if case and replace with an assertion. This function is always called
  with CommonFieldsOnly or above (AllFields).
- Drop unnecessary (m_initLevel < AllFields) check in the second if
  case as this is always true. If not, we would have returned early
  at the beginning of the function when checking
  m_initLevel >= initLevel.
- Use AutodrainedPool instead of NSAutoreleasePool for convenience and have
  only 1 pool instead of 2.
- Drop unnecessary copyNSURLResponseStatusLine() function and call directly
  CFHTTPMessageCopyResponseStatusLine() since we already have a
  CFHTTPMessageRef at the call site.

Source/WTF:

Add toAtomicString() method to StringView to avoid having to call toString()
and then atomizing the String at call sites.

* wtf/text/StringView.h:
(WTF::StringView::toAtomicString):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202121 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoExpose _shouldExpandContentToViewHeightForAutoLayout SPI on WKWebView
timothy_horton@apple.com [Thu, 16 Jun 2016 02:20:04 +0000 (02:20 +0000)]
Expose _shouldExpandContentToViewHeightForAutoLayout SPI on WKWebView
https://bugs.webkit.org/show_bug.cgi?id=158824
<rdar://problem/23713857>

Reviewed by Simon Fraser.

Test: TestWebKitAPI/WebKit2.AutoLayoutIntegration

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _shouldExpandContentToViewHeightForAutoLayout]):
(-[WKWebView _setShouldExpandContentToViewHeightForAutoLayout:]):
* UIProcess/API/Cocoa/WKWebViewPrivate.h:
This property exists on WKView; expose it on WKWebView.

* TestWebKitAPI/Tests/WebKit2Cocoa/AutoLayoutIntegration.mm:
(-[AutoLayoutWKWebView load:withWidth:expectingContentSize:]):
(-[AutoLayoutWKWebView load:withWidth:expectingContentSize:resettingWidth:]):
(-[AutoLayoutWKWebView layoutAtMinimumWidth:andExpectContentSizeChange:resettingWidth:]):
(TEST):
Add a test for _shouldExpandContentToViewHeightForAutoLayout.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202120 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRevert part of r196034
achristensen@apple.com [Thu, 16 Jun 2016 01:28:54 +0000 (01:28 +0000)]
Revert part of r196034
https://bugs.webkit.org/show_bug.cgi?id=158805
rdar://problem/26788138

Reviewed by Dan Bernstein.

* NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::~NetworkLoad):
If the WebResourceLoader was destroyed and received a canAuthenticateAgainstProtectionSpace
but did not send a continueCanAuthenticateAgainstProtectionSpace answer because there's no
core loader, then the NetworkLoad will be destroyed.  When this happens, we still need to call
the callback for the challenge.
* WebProcess/Network/WebResourceLoader.cpp:
(WebKit::WebResourceLoader::canAuthenticateAgainstProtectionSpace):
If there's no core loader, we can't send IPC.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202119 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago+[WebHTMLRepresentation supportedMIMETypes] leaks
ap@apple.com [Thu, 16 Jun 2016 01:22:54 +0000 (01:22 +0000)]
+[WebHTMLRepresentation supportedMIMETypes] leaks
https://bugs.webkit.org/show_bug.cgi?id=158683

Reviewed by Darin Adler.

The problem occurred when chaining newArrayByConcatenatingArrays calls.

Also refactored the code to avoid returning NSMutableArrays disguised as NSArrays,
and removed __unsafe_unretained modifiers that were added in http://trac.webkit.org/r149453
for no apparent reason.

* WebView/WebHTMLRepresentation.mm:
(newArrayWithStrings):
(+[WebHTMLRepresentation supportedMIMETypes]):
(+[WebHTMLRepresentation supportedMediaMIMETypes]):
(+[WebHTMLRepresentation supportedNonImageMIMETypes]):
(+[WebHTMLRepresentation supportedImageMIMETypes]):
(+[WebHTMLRepresentation unsupportedTextMIMETypes]):
(newArrayByConcatenatingArrays): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202118 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago<attachment> elements jump around a lot around when subtitle text changes slightly
timothy_horton@apple.com [Thu, 16 Jun 2016 01:14:02 +0000 (01:14 +0000)]
<attachment> elements jump around a lot around when subtitle text changes slightly
https://bugs.webkit.org/show_bug.cgi?id=158818
<rdar://problem/24450270>

Reviewed by Simon Fraser.

Test: fast/attachment/attachment-subtitle-resize.html

* rendering/RenderAttachment.cpp:
(WebCore::RenderAttachment::layout):
* rendering/RenderAttachment.h:
* rendering/RenderThemeMac.mm:
(WebCore::AttachmentLayout::AttachmentLayout):
(WebCore::RenderThemeMac::paintAttachment):
In order to avoid changes to the centered subtitle text causing the whole
attachment to bounce around a lot, make it so that attachment width can only
increase, never decrease, and round the subtitle's width up to the nearest
increment of 10px when determining its affect on the whole element's width.
Also, center the attachment in its element, instead of left-aligning it,
so that the extra width we may have is evenly distributed between the two sides.

* fast/attachment/attachment-subtitle-resize-expected.txt: Added.
* fast/attachment/attachment-subtitle-resize.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202117 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS WK2] Make it possible to test the Next/Previous buttons in the keyboard accessor...
simon.fraser@apple.com [Wed, 15 Jun 2016 23:44:57 +0000 (23:44 +0000)]
[iOS WK2] Make it possible to test the Next/Previous buttons in the keyboard accessory bar
https://bugs.webkit.org/show_bug.cgi?id=158714

Reviewed by Enrica Casucci.

Add UIScriptController.keyboardAccessoryBar{Next,Previous} and hook it up to the WKContentView
method that gets called from UIKit.

Add a test that exercises it.

Source/WebKit2:

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView keyboardAssistantBarNext]):
(-[WKWebView keyboardAssistantBarPrevious]):
* UIProcess/API/Cocoa/WKWebViewPrivate.h:

Tools:

* WebKitTestRunner/UIScriptContext/Bindings/UIScriptController.idl:
* WebKitTestRunner/UIScriptContext/UIScriptController.cpp:
(WTR::UIScriptController::keyboardAccessoryBarNext):
(WTR::UIScriptController::keyboardAccessoryBarPrevious):
* WebKitTestRunner/UIScriptContext/UIScriptController.h:
* WebKitTestRunner/ios/UIScriptControllerIOS.mm:
(WTR::UIScriptController::keyboardAccessoryBarNext):
(WTR::UIScriptController::keyboardAccessoryBarPrevious):

LayoutTests:

* TestExpectations:
* fast/forms/ios/accessory-bar-navigation-expected.txt: Added.
* fast/forms/ios/accessory-bar-navigation.html: Added.
* fast/forms/ios/resources/zooming-test-utils.js: Added.
(testZoomAfterTap):
(tableFromJSON):
* platform/ios-simulator-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202116 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[mac] LayoutTest transforms/undecomposable.html is a flaky timeout
dino@apple.com [Wed, 15 Jun 2016 23:34:07 +0000 (23:34 +0000)]
[mac] LayoutTest transforms/undecomposable.html is a flaky timeout
https://bugs.webkit.org/show_bug.cgi?id=158816

Unflakify this test by putting the script in a place that
will execute it before the load event (by which time the animation
may have started).

* transforms/undecomposable.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202115 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS WK2] Add tests for zooming to text fields on focus
simon.fraser@apple.com [Wed, 15 Jun 2016 23:07:42 +0000 (23:07 +0000)]
[iOS WK2] Add tests for zooming to text fields on focus
https://bugs.webkit.org/show_bug.cgi?id=158786

Reviewed by Enrica Casucci.

Add tests that focus form controls, and test the resulting scroll position and zoom level.

* TestExpectations:
* fast/forms/ios/focus-input-via-button-expected.txt: Added.
* fast/forms/ios/focus-input-via-button-no-scaling-expected.txt: Added.
* fast/forms/ios/focus-input-via-button-no-scaling.html: Added.
* fast/forms/ios/focus-input-via-button.html: Added.
* fast/forms/ios/resources/zooming-test-utils.js: Added.
(testZoomAfterTap):
(tableFromJSON):
* fast/forms/ios/zoom-after-input-tap-expected.txt: Added.
* fast/forms/ios/zoom-after-input-tap-wide-input-expected.txt: Added.
* fast/forms/ios/zoom-after-input-tap-wide-input.html: Added.
* fast/forms/ios/zoom-after-input-tap.html: Added.
* platform/ios-simulator-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202114 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, fix typo in test and move tests to the correct files.
keith_miller@apple.com [Wed, 15 Jun 2016 22:37:03 +0000 (22:37 +0000)]
Unreviewed, fix typo in test and move tests to the correct files.

* tests/stress/multi-get-by-offset-proto-or-unset.js:
* tests/stress/multi-get-by-offset-proto-self-or-unset.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202113 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRTL <select> forms are misplaced
dino@apple.com [Wed, 15 Jun 2016 22:14:09 +0000 (22:14 +0000)]
RTL <select> forms are misplaced
https://bugs.webkit.org/show_bug.cgi?id=158810
<rdar://problem/24847541>

Reviewed by Eric Carlson.

AppKit made a change in Sierra that causes popup menus
to snap to a different point when the system language is RTL.
We need to be more explicit about what directionality
we want, and override the location of the popup based
on the text direction.

I also made a small tweak to the fudge offsets we use
in order to make button text and menu text to be
more consistent.

Unfortunately since this is just about the location
of the popup menu, it's unable to be tested in our
current infrastructure.

Source/WebKit/mac:

* WebCoreSupport/PopupMenuMac.mm:
(PopupMenuMac::show):

Source/WebKit2:

* UIProcess/mac/WebPopupMenuProxyMac.mm:
(WebKit::WebPopupMenuProxyMac::showPopupMenu):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202112 268f45cc-cd09-0410-ab3c-d52691b4dbfc