WebKit-https.git
3 years ago[INTL] Implement String.prototype.localeCompare in ECMA-402
fpizlo@apple.com [Sun, 24 Apr 2016 17:05:51 +0000 (17:05 +0000)]
[INTL] Implement String.prototype.localeCompare in ECMA-402
https://bugs.webkit.org/show_bug.cgi?id=147607

Patch by Filip Pizlo <fpizlo@apple.com> and Andy VanWagoner <thetalecrafter@gmail.com> on 2016-04-24
Reviewed by Darin Adler.
Source/JavaScriptCore:

Part of this change is just rolling 194394 back in.

The other part is making that not a regression on CDjs. Other than the fact that it uses
bound functions, the problem with this new localeCompare implementation is that it uses
the arguments object. It uses it in a way that *seems* like ArgumentsEliminationPhase
ought to handle, but to my surprise it didn't:

- If we have a ForceExit GetByVal on the arguments object, we would previously assume that
  it escaped. That's false since we just exit at ForceExit. On the other hand we probably
  should be pruning unreachable paths before we get here, but that's a separate issue. I
  don't want to play with phase order right now.

- If we have a OutOfBounds GetByVal on the arguments object, then the best that would
  previously happen is that we'd compile it into an in-bounds arguments access. That's quite
  bad, as Andy's localeCompare illustrates: it uses out-of-bounds access on the arguments
  object to detect if an argument was passed. This change introduces an OutOfBounds version
  of GetMyArgumentByVal for this purpose.

This change required registering sane chain watchpoints. In the process, I noticed that the
old way of doing it had a race condition: we might register watchpoints for the structure
that had become insane. This change introduces a double-checking idiom that I believe works
because once the structure becomes insane it can't go back to sane and watchpoints
registration already involves executing the hardest possible fences.

* builtins/StringPrototype.js:
(repeat):
(localeCompare):
(search):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGArgumentsEliminationPhase.cpp:
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::refine):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGPreciseLocalClobberize.h:
(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGValidate.cpp:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileGetMyArgumentByVal):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharAt):
* ftl/FTLTypedPointer.h:
(JSC::FTL::TypedPointer::TypedPointer):
(JSC::FTL::TypedPointer::operator bool):
(JSC::FTL::TypedPointer::heap):
(JSC::FTL::TypedPointer::operator!): Deleted.
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::finishCreation):

LayoutTests:

* js/dom/script-tests/string-prototype-properties.js:
* js/dom/string-prototype-properties-expected.txt:
* js/regress/locale-compare.html: Added.
* js/regress/locale-compare-expected.txt: Added.
* js/regress/scripts-tests/locale-compare.js: Added.
* js/script-tests/string-localeCompare.js:
* js/string-localeCompare-expected.txt:
* js/string-localeCompare.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199967 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRenderStyle should not be reference counted
antti@apple.com [Sun, 24 Apr 2016 13:54:59 +0000 (13:54 +0000)]
RenderStyle should not be reference counted
https://bugs.webkit.org/show_bug.cgi?id=156846

Reviewed by Andreas Kling.

RenderStyle reference counts its substructures. We no longer share RenderStyle objects between normal renderers
so there is no reason to refcount the RenderStyles themselves too. Making it a non-refcounted type clarifies
ownership relations, reduces branchiness and saves some memory.

This patches switches mostly mechanically from Ref/RefPtr<RenderStyle> to std::unique_ptr<RenderStyle>. In
the future RenderStyle can be given regular value semantics.

* Modules/plugins/PluginReplacement.h:
(WebCore::PluginReplacement::scriptObject):
(WebCore::PluginReplacement::willCreateRenderer):
* Modules/plugins/QuickTimePluginReplacement.h:
* Modules/plugins/QuickTimePluginReplacement.mm:
(WebCore::QuickTimePluginReplacement::~QuickTimePluginReplacement):
(WebCore::QuickTimePluginReplacement::createElementRenderer):
* Modules/plugins/YouTubePluginReplacement.cpp:
(WebCore::YouTubePluginReplacement::YouTubePluginReplacement):
(WebCore::YouTubePluginReplacement::createElementRenderer):
* Modules/plugins/YouTubePluginReplacement.h:
* css/CSSComputedStyleDeclaration.cpp:
(WebCore::ComputedStyleExtractor::getFontSizeCSSValuePreferringKeyword):
(WebCore::ComputedStyleExtractor::useFixedFontDefaultSize):
(WebCore::updateStyleIfNeededForNode):
(WebCore::computeRenderStyleForProperty):
(WebCore::ComputedStyleExtractor::customPropertyValue):
(WebCore::ComputedStyleExtractor::propertyValue):
* css/MediaQueryEvaluator.cpp:
(WebCore::MediaQueryEvaluator::MediaQueryEvaluator):
(WebCore::MediaQueryEvaluator::eval):
* css/MediaQueryEvaluator.h:

    Clarify in code that MediaQueryEvaluator does not own the style.

* css/MediaQueryMatcher.cpp:
(WebCore::MediaQueryMatcher::mediaType):
(WebCore::MediaQueryMatcher::documentElementUserAgentStyle):
(WebCore::MediaQueryMatcher::evaluate):
(WebCore::MediaQueryMatcher::matchMedia):
(WebCore::MediaQueryMatcher::styleResolverChanged):
(WebCore::MediaQueryMatcher::prepareEvaluator): Deleted.
* css/MediaQueryMatcher.h:
* css/StyleMedia.cpp:
(WebCore::StyleMedia::matchMedium):
* css/StyleResolver.cpp:
(WebCore::StyleResolver::State::clear):
(WebCore::StyleResolver::State::updateConversionData):
(WebCore::StyleResolver::State::setStyle):
(WebCore::StyleResolver::State::setParentStyle):

    State owns the style explicitly set by setParentStyle but not the one given via constructor.

(WebCore::isAtShadowBoundary):
(WebCore::StyleResolver::styleForElement):
(WebCore::StyleResolver::styleForKeyframe):
(WebCore::StyleResolver::keyframeStylesForAnimation):
(WebCore::StyleResolver::pseudoStyleForElement):
(WebCore::StyleResolver::styleForPage):
(WebCore::StyleResolver::defaultStyleForElement):
(WebCore::StyleResolver::applyMatchedProperties):
(WebCore::StyleResolver::applyPropertyToStyle):
* css/StyleResolver.h:
(WebCore::ElementStyle::ElementStyle):
(WebCore::StyleResolver::style):
(WebCore::StyleResolver::parentStyle):
(WebCore::StyleResolver::setOverrideDocumentElementStyle):
(WebCore::StyleResolver::State::document):
(WebCore::StyleResolver::State::element):
(WebCore::StyleResolver::State::style):
(WebCore::StyleResolver::State::takeStyle):
(WebCore::StyleResolver::State::parentStyle):
(WebCore::StyleResolver::State::rootElementStyle):
(WebCore::StyleResolver::State::regionForStyling):
(WebCore::StyleResolver::State::setParentStyle): Deleted.
* dom/Document.cpp:
(WebCore::Document::recalcStyle):
(WebCore::Document::updateLayoutIgnorePendingStylesheets):
(WebCore::Document::styleForElementIgnoringPendingStylesheets):
(WebCore::Document::isPageBoxVisible):
(WebCore::Document::pageSizeAndMarginsInPixels):
(WebCore::Document::addAutoSizingNode):
(WebCore::Document::validateAutoSizingNodes):
(WebCore::Document::resetAutoSizingNodes):
(WebCore::Document::setFullScreenRenderer):
* dom/Document.h:
* dom/Element.cpp:
(WebCore::Element::rendererIsNeeded):
(WebCore::Element::createElementRenderer):
(WebCore::Element::resolveComputedStyle):
* dom/Element.h:
(WebCore::Element::copyNonAttributePropertiesFromElement):
* dom/ElementRareData.h:

...

* page/animation/AnimationBase.h:
* page/animation/AnimationController.cpp:
(WebCore::AnimationControllerPrivate::receivedStartTimeResponse):
(WebCore::AnimationControllerPrivate::getAnimatedStyleForRenderer):
(WebCore::AnimationControllerPrivate::computeExtentOfAnimation):
(WebCore::AnimationController::cancelAnimations):
(WebCore::AnimationController::updateAnimations):

    std::unique_ptr<RenderStyle& animatedStyle argument is now expected no be initially null and
    is only set if a new style is created.

(WebCore::AnimationController::getAnimatedStyleForRenderer):
* page/animation/AnimationController.h:
* page/animation/AnimationControllerPrivate.h:
* page/animation/CompositeAnimation.cpp:
(WebCore::CompositeAnimation::updateTransitions):
(WebCore::CompositeAnimation::updateKeyframeAnimations):
(WebCore::CompositeAnimation::animate):
(WebCore::CompositeAnimation::getAnimatedStyle):
* page/animation/CompositeAnimation.h:
* page/animation/ImplicitAnimation.cpp:
(WebCore::ImplicitAnimation::ImplicitAnimation):
(WebCore::ImplicitAnimation::shouldSendEventForListener):
(WebCore::ImplicitAnimation::animate):
(WebCore::ImplicitAnimation::getAnimatedStyle):
(WebCore::ImplicitAnimation::onAnimationEnd):
(WebCore::ImplicitAnimation::reset):
* page/animation/ImplicitAnimation.h:
* page/animation/KeyframeAnimation.cpp:
(WebCore::KeyframeAnimation::KeyframeAnimation):
(WebCore::KeyframeAnimation::fetchIntervalEndpointsForProperty):
(WebCore::KeyframeAnimation::animate):
(WebCore::KeyframeAnimation::getAnimatedStyle):
* page/animation/KeyframeAnimation.h:
* rendering/RenderAttachment.cpp:
(WebCore::RenderAttachment::RenderAttachment):
* rendering/RenderAttachment.h:
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::RenderBlock):
(WebCore::RenderBlock::styleDidChange):
(WebCore::RenderBlock::clone):
(WebCore::RenderBlock::updateFirstLetterStyle):
(WebCore::RenderBlock::createFirstLetterRenderer):
* rendering/RenderBlock.h:
* rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::MarginInfo::MarginInfo):
(WebCore::RenderBlockFlow::RenderBlockFlow):
* rendering/RenderBlockFlow.h:
* rendering/RenderBox.cpp:
(WebCore::skipBodyBackground):
(WebCore::RenderBox::RenderBox):
* rendering/RenderBox.h:
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::suspendAnimations):
(WebCore::RenderBoxModelObject::RenderBoxModelObject):
* rendering/RenderBoxModelObject.h:
* rendering/RenderButton.cpp:
(WebCore::RenderButton::RenderButton):
(WebCore::RenderButton::setupInnerStyle):
* rendering/RenderButton.h:
* rendering/RenderCombineText.h:
* rendering/RenderDeprecatedFlexibleBox.cpp:
(WebCore::RenderDeprecatedFlexibleBox::RenderDeprecatedFlexibleBox):
* rendering/RenderDeprecatedFlexibleBox.h:
* rendering/RenderDetailsMarker.cpp:
(WebCore::RenderDetailsMarker::RenderDetailsMarker):
* rendering/RenderDetailsMarker.h:
* rendering/RenderElement.cpp:
(WebCore::controlStatesRendererMap):
(WebCore::RenderElement::RenderElement):
(WebCore::RenderElement::~RenderElement):
(WebCore::RenderElement::createFor):
(WebCore::firstLineStyleForCachedUncachedType):
(WebCore::RenderElement::uncachedFirstLineStyle):
(WebCore::RenderElement::cachedFirstLineStyle):
(WebCore::RenderElement::initializeStyle):
(WebCore::RenderElement::setStyle):
(WebCore::RenderElement::propagateStyleToAnonymousChildren):
(WebCore::RenderElement::styleDidChange):
(WebCore::RenderElement::getCachedPseudoStyle):

    Return plain pointer as the cache owns the style.

(WebCore::RenderElement::getUncachedPseudoStyle):

    return std::unique_ptr<RenderStyle>

(WebCore::RenderElement::selectionColor):
(WebCore::RenderElement::selectionPseudoStyle):
(WebCore::RenderElement::selectionBackgroundColor):
* rendering/RenderElement.h:
(WebCore::RenderElement::hasInitializedStyle):
(WebCore::RenderElement::style):
(WebCore::RenderElement::element):
(WebCore::RenderElement::setStyleInternal):
* rendering/RenderEmbeddedObject.cpp:

...

(WebCore::RenderImage::imageResource):
* rendering/RenderInline.cpp:
(WebCore::RenderInline::RenderInline):
(WebCore::updateStyleOfAnonymousBlockContinuations):
(WebCore::RenderInline::styleDidChange):

    Continuations now get their own RenderStyles.

(WebCore::RenderInline::addChildIgnoringContinuation):
(WebCore::RenderInline::clone):
* rendering/RenderInline.h:
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::currentTransform):
(WebCore::RenderLayer::calculateClipRects):
* rendering/RenderLayer.h:

...

* rendering/style/KeyframeList.cpp:
(WebCore::KeyframeList::operator==):
(WebCore::KeyframeList::insert):

    KeyframeValue is now movable but not copyable type. Adjust accordingly.

* rendering/style/KeyframeList.h:
(WebCore::KeyframeValue::KeyframeValue):
(WebCore::KeyframeValue::setKey):
(WebCore::KeyframeValue::style):
(WebCore::KeyframeValue::setStyle):
(WebCore::KeyframeList::animationName):
(WebCore::KeyframeList::addProperty):
(WebCore::KeyframeList::containsProperty):
* rendering/style/RenderStyle.cpp:
(WebCore::defaultStyle):
(WebCore::RenderStyle::create):
(WebCore::RenderStyle::createDefaultStyle):
(WebCore::RenderStyle::createAnonymousStyleWithDisplay):
(WebCore::RenderStyle::clone):
(WebCore::RenderStyle::createStyleInheritingFromPseudoStyle):

    Return std::unique_ptr<RenderStyle> instead of Ref<RenderStyle>.

(WebCore::RenderStyle::RenderStyle):
(WebCore::RenderStyle::~RenderStyle):
(WebCore::resolveAlignmentData):
(WebCore::RenderStyle::operator==):
(WebCore::RenderStyle::hasUniquePseudoStyle):
(WebCore::RenderStyle::getCachedPseudoStyle):
(WebCore::RenderStyle::addCachedPseudoStyle):
(WebCore::RenderStyle::isStyleAvailable): Deleted.
* rendering/style/RenderStyle.h:
(WebCore::RenderStyle::setStyleType):
(WebCore::RenderStyle::cachedPseudoStyles):
(WebCore::RenderStyle::initialIsolation):
(WebCore::RenderStyle::isPlaceholderStyle):
(WebCore::RenderStyle::setIsPlaceholderStyle):

    Add placeholder style bit to rareNonInheritedData. We no longer rely on RenderStyle identity for this test.

(WebCore::RenderStyle::noninheritedFlagsMemoryOffset):
* rendering/style/SVGRenderStyle.cpp:
(WebCore::defaultSVGStyle):
(WebCore::SVGRenderStyle::createDefaultStyle):
* rendering/style/StyleRareNonInheritedData.cpp:
(WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
(WebCore::StyleRareNonInheritedData::operator==):
(WebCore::StyleRareNonInheritedData::contentDataEquivalent):
* rendering/style/StyleRareNonInheritedData.h:

...

(WebCore::findRenderingRoot):
(WebCore::findRenderingRoots):
(WebCore::RenderTreeUpdater::commit):

    Style::Update is no longer const as we move the styles from it to the render tree.

(WebCore::pseudoStyleCacheIsInvalid):
(WebCore::RenderTreeUpdater::updateElementRenderer):
(WebCore::moveToFlowThreadIfNeeded):
(WebCore::RenderTreeUpdater::createRenderer):
(WebCore::RenderTreeUpdater::updateBeforeOrAfterPseudoElement):
* style/RenderTreeUpdater.h:
* style/StyleResolveForDocument.cpp:
(WebCore::Style::resolveForDocument):
* style/StyleResolveForDocument.h:
* style/StyleSharingResolver.cpp:
(WebCore::Style::elementHasDirectionAuto):
(WebCore::Style::SharingResolver::resolve):
* style/StyleSharingResolver.h:
* style/StyleTreeResolver.cpp:
(WebCore::Style::ensurePlaceholderStyle):

    Set the placeholder.

(WebCore::Style::TreeResolver::Parent::Parent):
(WebCore::Style::TreeResolver::pushScope):
(WebCore::Style::TreeResolver::pushEnclosingScope):
(WebCore::Style::TreeResolver::popScope):

    Set and clear StyleResolver overrideDocumentElementStyle as needed. It is owned by the TreeResolver.

(WebCore::Style::TreeResolver::styleForElement):

    Clone the placeholder style.

(WebCore::Style::TreeResolver::resolveElement):
(WebCore::Style::TreeResolver::pushParent):
(WebCore::Style::TreeResolver::resolveComposedTree):
(WebCore::Style::TreeResolver::resolve):

    Adopt to the std::unique_ptr and ElementStyle move semantics.

* style/StyleTreeResolver.h:
(WebCore::Style::TreeResolver::scope):
* style/StyleUpdate.cpp:
(WebCore::Style::Update::elementUpdate):
(WebCore::Style::Update::textUpdate):
(WebCore::Style::Update::elementStyle):
(WebCore::Style::Update::addElement):
(WebCore::Style::Update::addText):
* style/StyleUpdate.h:
(WebCore::Style::Update::roots):
(WebCore::Style::Update::document):
* svg/SVGAElement.cpp:
(WebCore::SVGAElement::svgAttributeChanged):
(WebCore::SVGAElement::createElementRenderer):

...

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199964 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDrop [UsePointersEvenForNonNullableObjectArguments] from MediaControlsHost
youenn.fablet@crf.canon.fr [Sun, 24 Apr 2016 12:45:44 +0000 (12:45 +0000)]
Drop [UsePointersEvenForNonNullableObjectArguments] from MediaControlsHost
https://bugs.webkit.org/show_bug.cgi?id=156903

Reviewed by Chris Dumez.

No change of behavior.

* Modules/mediacontrols/MediaControlsHost.idl: Marking some parameters as nullable.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199963 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDrop [UsePointersEvenForNonNullableObjectArguments] from WebGLRenderingContext
youenn.fablet@crf.canon.fr [Sun, 24 Apr 2016 12:45:06 +0000 (12:45 +0000)]
Drop [UsePointersEvenForNonNullableObjectArguments] from WebGLRenderingContext
https://bugs.webkit.org/show_bug.cgi?id=156909

Reviewed by Chris Dumez.

No change of behavior.

Marking a lot of method parameters as nullable.

* html/canvas/WebGLRenderingContextBase.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199962 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDrop [UsePointersEvenForNonNullableObjectArguments] from WebSocket
youenn.fablet@crf.canon.fr [Sun, 24 Apr 2016 12:37:43 +0000 (12:37 +0000)]
Drop [UsePointersEvenForNonNullableObjectArguments] from WebSocket
https://bugs.webkit.org/show_bug.cgi?id=156897

Reviewed by Chris Dumez.

No change of behavior.

Updating WebSocket::send methods to take references, except for ArrayBufferView, which is not yet supported by the binding generator.

* Modules/websockets/WebSocket.cpp:
(WebCore::WebSocket::send):
* Modules/websockets/WebSocket.h:
* Modules/websockets/WebSocket.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199961 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix issues found by the clang static analyzer
aestes@apple.com [Sun, 24 Apr 2016 02:49:49 +0000 (02:49 +0000)]
Fix issues found by the clang static analyzer
https://bugs.webkit.org/show_bug.cgi?id=156956

Reviewed by Alexey Proskuryakov.

Source/WebCore:

* editing/cocoa/DataDetection.mm:
(WebCore::DataDetection::detectContentInRange): Stored tz in a RetainPtr.
* platform/cf/KeyedDecoderCF.cpp:
(WebCore::KeyedDecoderCF::KeyedDecoderCF): If dynamic_cf_cast returned nullptr, the result of
CFPropertyListCreateWithData would leak. Stored the CFPropertyListRef in a RetainPtr, then leaked/adopted it
into m_rootDictionary (to avoid retain count churn) if it is a CFDictionary.
* platform/ios/WebAVPlayerController.mm:
(-[WebAVPlayerController dealloc]): Released _externalPlaybackAirPlayDeviceLocalizedName.
(-[WebAVMediaSelectionOption dealloc]): Added to release _localizedDisplayName.
* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(-[WebAVPlayerLayer dealloc]): Released _pixelBufferAttributes.
* platform/network/cocoa/WebCoreNSURLSession.h: Removed the readwrite attributes from properties, since
properties are readwrite by default.
* platform/network/cocoa/WebCoreNSURLSession.mm: Removed @dynamic, which isn't necessary just for defining a custom getter.
(-[WebCoreNSURLSessionDataTask dealloc]): Added to release copied ivars.

Source/WebKit/mac:

* WebView/WebDeviceOrientationProviderMock.mm:
(-[WebDeviceOrientationProviderMock dealloc]): [super dealloc] should be called last.

Source/WebKit2:

* UIProcess/API/Cocoa/WKPreviewActionItem.mm:
(-[WKPreviewAction dealloc]): Added to release _identifier.
* UIProcess/_WKWebViewPrintFormatter.mm:
(-[_WKWebViewPrintFormatter dealloc]): Released _frameToPrint.
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView inputView]): -createPeripheralWithView: returned a retained object, but the method name did not
match Cocoa conventions. Called -initWithView: instead.
(-[WKContentView _showAttachmentSheet]): Stored the _WKActivatedElementInfo in a RetainPtr.
(-[WKContentView _dataForPreviewItemController:atPosition:type:]): Ditto.
(+[WKAutocorrectionContext autocorrectionContextWithData:markedText:selectedText:afterText:selectedRangeInMarkedText:]):
The properties contextBeforeSelection, selectedText, markedText, and contextAfterSelection have the 'copy'
annotation in UIWKAutocorrectionContext, so the additional copy made here would be leaked. Removed the extra copy.
(-[WKAutocorrectionContext dealloc]): Deleted.
* UIProcess/ios/forms/WKFormInputControl.h: Removed -createPeripheralWithView: and declared -initWithView:.
* UIProcess/ios/forms/WKFormInputControl.mm:
(-[WKFormInputControl initWithView:]): Changed to return instancetype.
(+[WKFormInputControl createPeripheralWithView:]): Deleted.
* UIProcess/ios/forms/WKFormSelectControl.h: Removed -createPeripheralWithView: and declared -initWithView:.
* UIProcess/ios/forms/WKFormSelectControl.mm:
(+[WKFormSelectControl createPeripheralWithView:]): Deleted.
* UIProcess/mac/LegacySessionStateCoding.cpp:
(WebKit::decodeLegacySessionState): If dynamic_cf_cast returned nullptr, the result of
CFPropertyListCreateWithData would leak. Stored the CFPropertyListRef in a RetainPtr before calling dynamic_cf_cast.
* UIProcess/mac/ServicesController.mm:
(WebKit::ServicesController::refreshExistingServices): Used a RetainPtr for attachment and cell.
* UIProcess/mac/WebContextMenuProxyMac.mm:
(WebKit::WebContextMenuProxyMac::setupServicesMenu): Used a RetainPtr for groupEntry.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199960 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoReally enable INDEXED_DATABASE on Apple Mac cmake build
ossy@webkit.org [Sun, 24 Apr 2016 02:27:34 +0000 (02:27 +0000)]
Really enable INDEXED_DATABASE on Apple Mac cmake build
https://bugs.webkit.org/show_bug.cgi?id=156902

Reviewed by Michael Catanzaro.

* Scripts/webkitperl/FeatureList.pm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199959 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agocheck-webkit-style: fix false-positive warnings about @synchronized
aestes@apple.com [Sun, 24 Apr 2016 02:25:46 +0000 (02:25 +0000)]
check-webkit-style: fix false-positive warnings about @synchronized
https://bugs.webkit.org/show_bug.cgi?id=156957

Reviewed by Dan Bernstein.

* Scripts/webkitpy/style/checkers/cpp.py:
(check_spacing_for_function_call): Ignore @synchronized lines.
(check_braces): Ditto.
* Scripts/webkitpy/style/checkers/cpp_unittest.py:
(CppStyleTest.test_brace_at_begin_of_line): Added a test case.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199958 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago<rdar://problem/25894586> A project has failed to build because WTF_MAKE_FAST_ALLOCAT...
mitz@apple.com [Sat, 23 Apr 2016 23:51:21 +0000 (23:51 +0000)]
<rdar://problem/25894586> A project has failed to build because WTF_MAKE_FAST_ALLOCATED was not defined

Rubber-stamped by Chris Dumez.

Reverted the IntSize part of r199735, to let IntSize.h keep being used in another project.

* platform/graphics/IntSize.h:
(WebCore::IntSize::IntSize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199956 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTie the DiagnosticLoggingClient's lifetime to the Page
cdumez@apple.com [Sat, 23 Apr 2016 21:33:49 +0000 (21:33 +0000)]
Tie the DiagnosticLoggingClient's lifetime to the Page
https://bugs.webkit.org/show_bug.cgi?id=156938
<rdar://problem/25851499>

Reviewed by Antti Koivisto.

Source/WebCore:

Tie the DiagnosticLoggingClient's lifetime to the Page rather than to the
MainFrame. The diagnostic logging client in WebKit2 requires the WebPage
to be alive in order to send IPC to the UIProcess. The WebPage owns the
Page and Page is not refCounted so the lifetime of the
DiagnosticLoggingClient should now be tied to the one of the WebPage as
well.

Previously, the DiagnosticLoggingClient would stay alive as long as the
MainFrame and could apparently in rare cases outlive the WebPage, thus
crashing when trying to send the IPC.

* history/PageCache.cpp:
(WebCore::logPageCacheFailureDiagnosticMessage):
(WebCore::canCachePage):
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::loadResource):
(WebCore::logMediaLoadRequest):
(WebCore::HTMLMediaElement::updatePlayState):
(WebCore::HTMLMediaElement::mediaPlayerEngineFailedToLoad):
* loader/EmptyClients.h:
* loader/FrameLoader.cpp:
(WebCore::logNavigation):
(WebCore::FrameLoader::checkLoadCompleteForThisFrame):
(WebCore::FrameLoader::continueLoadAfterNavigationPolicy):
* loader/ResourceLoader.cpp:
(WebCore::logResourceResponseSource):
* loader/SubframeLoader.cpp:
(WebCore::logPluginRequest):
* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::willSendRequestInternal):
(WebCore::SubresourceLoader::didReceiveResponse):
(WebCore::logResourceLoaded):
* loader/cache/CachedResourceLoader.cpp:
(WebCore::logMemoryCacheResourceRequest):
(WebCore::logResourceRevalidationDecision):
* page/DiagnosticLoggingClient.h:
* page/MainFrame.cpp:
(WebCore::MainFrame::MainFrame): Deleted.
(WebCore::MainFrame::~MainFrame): Deleted.
(WebCore::MainFrame::diagnosticLoggingClient): Deleted.
* page/MainFrame.h:
* page/Page.cpp:
(WebCore::Page::Page):
(WebCore::Page::~Page):
(WebCore::Page::diagnosticLoggingClient):
* page/Page.h:

Source/WebKit2:

* WebProcess/WebCoreSupport/WebDiagnosticLoggingClient.cpp:
(WebKit::WebDiagnosticLoggingClient::pageDestroyed):
(WebKit::WebDiagnosticLoggingClient::mainFrameDestroyed): Deleted.
* WebProcess/WebCoreSupport/WebDiagnosticLoggingClient.h:
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::willStartUserTriggeredZooming):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199955 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago<rdar://problem/25893246> WebKit2 has failed to build: error: use of undeclared ident...
mitz@apple.com [Sat, 23 Apr 2016 17:37:24 +0000 (17:37 +0000)]
<rdar://problem/25893246> WebKit2 has failed to build: error: use of undeclared identifier 'm_playbackSessionManager'

Fixed the non-AVKit build.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _isShowingVideoPictureInPicture]):
(-[WKWebView _mayAutomaticallyShowVideoPictureInPicture]):
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::fullScreenManager):
(WebKit::WebPageProxy::playbackSessionManager):
* UIProcess/WebPageProxy.h:
* UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::applicationDidBecomeActive):
* WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::createScrollingCoordinator):
(WebKit::WebChromeClient::supportsVideoFullscreen):
* WebProcess/WebCoreSupport/WebChromeClient.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::inspectorUI):
(WebKit::WebPage::playbackSessionManager):
* WebProcess/WebPage/WebPage.h:
* WebProcess/cocoa/WebVideoFullscreenManager.h:
* WebProcess/cocoa/WebVideoFullscreenManager.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199951 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agobmalloc: vm allocations should plant guard pages
barraclough@apple.com [Sat, 23 Apr 2016 17:05:54 +0000 (17:05 +0000)]
bmalloc: vm allocations should plant guard pages
https://bugs.webkit.org/show_bug.cgi?id=156937

Rolling out - looks like this is memory regression.

* bmalloc/Object.h:
(bmalloc::Object::operator+):
(bmalloc::Object::operator<=):
(bmalloc::Object::operator-): Deleted.
* bmalloc/VMAllocate.h:
(bmalloc::vmDeallocate):
(bmalloc::vmRevokePermissions): Deleted.
* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::allocateSmallChunk):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199950 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, unbreak cloop.
fpizlo@apple.com [Sat, 23 Apr 2016 16:38:23 +0000 (16:38 +0000)]
Unreviewed, unbreak cloop.

* runtime/VM.cpp:
(JSC::VM::getHostFunction):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199949 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdated Hungarian translation
mcatanzaro@igalia.com [Sat, 23 Apr 2016 15:18:08 +0000 (15:18 +0000)]
Updated Hungarian translation
https://bugs.webkit.org/show_bug.cgi?id=156952

Patch by Gabor Kelemen <kelemeng@ubuntu.com> on 2016-04-23
Rubber-stamped by Michael Catanzaro.

* hu.po:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199948 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: HeapAllocationsTimeline grid should use built-in grid column icons
mattbaker@apple.com [Sat, 23 Apr 2016 02:49:40 +0000 (02:49 +0000)]
Web Inspector: HeapAllocationsTimeline grid should use built-in grid column icons
https://bugs.webkit.org/show_bug.cgi?id=156934

Reviewed by Timothy Hatcher.

* UserInterface/Views/HeapAllocationsTimelineDataGridNode.js:
(WebInspector.HeapAllocationsTimelineDataGridNode):
Use existing base class helper function to create main title text.
(WebInspector.HeapAllocationsTimelineDataGridNode.prototype.createCellContent):
Add icon class names to cell, remove icon element.

* UserInterface/Views/HeapAllocationsTimelineView.js:
(WebInspector.HeapAllocationsTimelineView):
Turn on icons for the column.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199947 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSpeed up bound functions a bit
fpizlo@apple.com [Sat, 23 Apr 2016 02:00:38 +0000 (02:00 +0000)]
Speed up bound functions a bit
https://bugs.webkit.org/show_bug.cgi?id=156889

Reviewed by Saam Barati.
Source/JavaScriptCore:

Bound functions are hard to optimize because JSC doesn't have a good notion of non-JS code
that does JS-ey things like make JS calls. What I mean by "non-JS code" is code that did not
originate from JS source. A bound function does a highly polymorphic call to the target
stored in the JSBoundFunction. Prior to this change, we represented it as native code that
used the generic native->JS call API. That's not cheap.

We could model bound functions using a builtin, but it's not clear that this would be easy
to grok, since so much of the code would have to access special parts of the JSBoundFunction
type. Doing it that way might solve the performance problems but it would mean extra work to
arrange for the builtin to have speedy access to the call target, the bound this, and the
bound arguments. Also, optimizing bound functions that way would mean that bound function
performance would be gated on the performance of a bunch of other things in our system. For
example, we'd want this polymorphic call to be handled like the funnel that it is: if we're
compiling the bound function's outgoing call with no context then we should compile it as
fully polymorphic but we can let it assume basic sanity like that the callee is a real
function; but if we're compiling the call with any amount of calling context then we want to
use normal call IC's.

Since the builtin path wouldn't lead to a simpler patch and since I think that the VM will
benefit in the long run from using custom handling for bound functions, I kept the native
code and just added Intrinsic/thunk support.

This just adds an Intrinsic for bound function calls where the JSBoundFunction targets a
JSFunction instance and has no bound arguments (only bound this). This intrinsic is
currently only implemented as a thunk and not yet recognized by the DFG bytecode parser.

I needed to loosen some restrictions to do this. For one, I was really tired of our bad use
of ENABLE(JIT) conditionals, which made it so that any serious client of Intrinsics would
have to have #ifdefs. Really what should happen is that if the JIT is not enabled then we
just ignore intrinsics. Also, the code was previously assuming that having a native
constructor and knowing the Intrinsic for your native call were mutually exclusive. This
change makes it possible to have a native executable that has a custom function, custom
constructor, and an Intrinsic.

This is a >4x speed-up on bound function calls with no bound arguments.

In the future, we should teach the DFG Intrinsic handling to deal with bound functions and
we should teach the inliner (and ByteCodeParser::handleCall() in general) how to deal with
the function call inside the bound function. That would be super awesome.

* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::timesPtr):
(JSC::AbstractMacroAssembler::Address::withOffset):
(JSC::AbstractMacroAssembler::BaseIndex::BaseIndex):
(JSC::MacroAssemblerType>::Address::indexedBy):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::storeCell):
(JSC::AssemblyHelpers::loadCell):
(JSC::AssemblyHelpers::storeValue):
(JSC::AssemblyHelpers::emitSaveCalleeSaves):
(JSC::AssemblyHelpers::emitSaveThenMaterializeTagRegisters):
(JSC::AssemblyHelpers::emitRestoreCalleeSaves):
(JSC::AssemblyHelpers::emitRestoreSavedTagRegisters):
(JSC::AssemblyHelpers::copyCalleeSavesToVMCalleeSavesBuffer):
* jit/JITThunks.cpp:
(JSC::JITThunks::ctiNativeTailCall):
(JSC::JITThunks::ctiNativeTailCallWithoutSavedTags):
(JSC::JITThunks::ctiStub):
(JSC::JITThunks::hostFunctionStub):
(JSC::JITThunks::clearHostFunctionStubs):
* jit/JITThunks.h:
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
(JSC::SpecializedThunkJIT::tagReturnAsInt32):
(JSC::SpecializedThunkJIT::emitSaveThenMaterializeTagRegisters): Deleted.
(JSC::SpecializedThunkJIT::emitRestoreSavedTagRegisters): Deleted.
* jit/ThunkGenerators.cpp:
(JSC::virtualThunkFor):
(JSC::nativeForGenerator):
(JSC::nativeCallGenerator):
(JSC::nativeTailCallGenerator):
(JSC::nativeTailCallWithoutSavedTagsGenerator):
(JSC::nativeConstructGenerator):
(JSC::randomThunkGenerator):
(JSC::boundThisNoArgsFunctionCallGenerator):
* jit/ThunkGenerators.h:
* runtime/Executable.cpp:
(JSC::NativeExecutable::create):
(JSC::NativeExecutable::destroy):
(JSC::NativeExecutable::createStructure):
(JSC::NativeExecutable::finishCreation):
(JSC::NativeExecutable::NativeExecutable):
(JSC::ScriptExecutable::ScriptExecutable):
* runtime/Executable.h:
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncBind):
* runtime/IntlCollatorPrototype.cpp:
(JSC::IntlCollatorPrototypeGetterCompare):
* runtime/Intrinsic.h:
* runtime/JSBoundFunction.cpp:
(JSC::boundThisNoArgsFunctionCall):
(JSC::boundFunctionCall):
(JSC::boundThisNoArgsFunctionConstruct):
(JSC::boundFunctionConstruct):
(JSC::getBoundFunctionStructure):
(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::customHasInstance):
(JSC::JSBoundFunction::JSBoundFunction):
* runtime/JSBoundFunction.h:
(JSC::JSBoundFunction::targetFunction):
(JSC::JSBoundFunction::boundThis):
(JSC::JSBoundFunction::boundArgs):
(JSC::JSBoundFunction::createStructure):
(JSC::JSBoundFunction::offsetOfTargetFunction):
(JSC::JSBoundFunction::offsetOfBoundThis):
* runtime/JSFunction.cpp:
(JSC::JSFunction::lookUpOrCreateNativeExecutable):
(JSC::JSFunction::create):
* runtime/VM.cpp:
(JSC::thunkGeneratorForIntrinsic):
(JSC::VM::getHostFunction):
* runtime/VM.h:
(JSC::VM::getCTIStub):
(JSC::VM::exceptionOffset):

LayoutTests:

This microbenchmark speeds up by >4x with this change.

* js/regress/bound-function-call-expected.txt: Added.
* js/regress/bound-function-call.html: Added.
* js/regress/script-tests/bound-function-call.js: Added.
(foo):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199946 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] Fix build break since r199866
jh718.park@samsung.com [Sat, 23 Apr 2016 01:11:43 +0000 (01:11 +0000)]
[JSC] Fix build break since r199866
https://bugs.webkit.org/show_bug.cgi?id=156892

Reviewed by Darin Adler.

* runtime/MathCommon.cpp: Follow up to r199913. Remove 'include cmath' in cpp file.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199943 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCannot access the SQLTransaction.constructor.prototype
cdumez@apple.com [Sat, 23 Apr 2016 00:58:01 +0000 (00:58 +0000)]
Cannot access the SQLTransaction.constructor.prototype
https://bugs.webkit.org/show_bug.cgi?id=156613

Reviewed by Darin Adler.

Source/WebCore:

Drop [NoInterfaceObject] from the following SQL interfaces:
Database, SQLError, SQLResultSet, SQLResultSetRowList and SQLTransaction.

This matches the specification:
https://dev.w3.org/html5/webdatabase/

This was causing the 'constructor' property to be wrong for these
interfaces as it would be a generic Object.

Test: storage/websql/transaction-prototype.html

* Modules/webdatabase/Database.idl:
* Modules/webdatabase/SQLError.idl:
* Modules/webdatabase/SQLResultSet.idl:
* Modules/webdatabase/SQLResultSetRowList.idl:
* Modules/webdatabase/SQLTransaction.idl:

LayoutTests:

Rebaseline existing test now that more SQL constructors are exposed on the
global Window object. Also add a test to confirm that it is possible to
access SQLTransaction.constructor.prototype and that it seems correct.

* js/dom/global-constructors-attributes-expected.txt:
* platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
* platform/mac/js/dom/global-constructors-attributes-expected.txt:
* storage/websql/transaction-prototype-expected.txt: Added.
* storage/websql/transaction-prototype.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199942 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] Optimize number parsing and string parsing in LiteralParser
utatane.tea@gmail.com [Sat, 23 Apr 2016 00:45:27 +0000 (00:45 +0000)]
[JSC] Optimize number parsing and string parsing in LiteralParser
https://bugs.webkit.org/show_bug.cgi?id=156896

Reviewed by Mark Lam.

This patch aim to improve JSON.parse performance. Major 2 optimizations are included.

1. Change `double result` to `int32_t result` in integer parsing case.
We already have the optimized path for integer parsing, when it's digits are less than 10.
At that case, the maximum number is 999999999, and the minimum number is -99999999.
The both are in range of Int32. So We can use int32_t for accumulation instead of double.

2. Add the string parsing fast / slow cases.
We add the fast case for string parsing, which does not include any escape sequences.

Both optimizations improve Kraken json-parse-financial, roughly 3.5 - 4.5%.

json-parse-financial        49.128+-1.589             46.979+-0.912           might be 1.0457x faster

* runtime/LiteralParser.cpp:
(JSC::isJSONWhiteSpace):
(JSC::isSafeStringCharacter):
(JSC::LiteralParser<CharType>::Lexer::lexString):
(JSC::LiteralParser<CharType>::Lexer::lexStringSlow):
(JSC::LiteralParser<CharType>::Lexer::lexNumber):
* runtime/LiteralParser.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199941 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Include columnNumber in event listener locations
commit-queue@webkit.org [Sat, 23 Apr 2016 00:44:45 +0000 (00:44 +0000)]
Web Inspector: Include columnNumber in event listener locations
https://bugs.webkit.org/show_bug.cgi?id=156927
<rdar://problem/25884584>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-04-22
Reviewed by Brian Burg.

* inspector/InspectorDOMAgent.cpp:
(WebCore::InspectorDOMAgent::buildObjectForEventListener):
Include the column number in the location as well.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199940 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Source directives lost when using Function constructor repeatedly
commit-queue@webkit.org [Sat, 23 Apr 2016 00:40:43 +0000 (00:40 +0000)]
Web Inspector: Source directives lost when using Function constructor repeatedly
https://bugs.webkit.org/show_bug.cgi?id=156863
<rdar://problem/25861064>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-04-22
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Source directives (sourceURL and sourceMappingURL) are normally accessed through
the SourceProvider and normally set when the script is parsed. However, when a
CodeCache lookup skips parsing, the new SourceProvider never gets the directives
(sourceURL/sourceMappingURL). This patch stores the directives on the UnlinkedCodeBlock
and UnlinkedFunctionExecutable when entering the cache, and copies to the new providers
when the cache is used.

* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::sourceURLDirective):
(JSC::UnlinkedCodeBlock::sourceMappingURLDirective):
(JSC::UnlinkedCodeBlock::setSourceURLDirective):
(JSC::UnlinkedCodeBlock::setSourceMappingURLDirective):
* bytecode/UnlinkedFunctionExecutable.h:
* parser/SourceProvider.h:
* runtime/CodeCache.cpp:
(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):
* runtime/CodeCache.h:
Store directives on the unlinked code block / executable when adding
to the cache, so they can be used to update new providers when the
cache gets used.

* runtime/JSGlobalObject.cpp:
Add needed header after CodeCache header cleanup.

LayoutTests:

* inspector/debugger/sourceURL-repeated-identical-executions-expected.txt: Added.
* inspector/debugger/sourceURL-repeated-identical-executions.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199939 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agobmalloc: vm allocations should plant guard pages
ggaren@apple.com [Fri, 22 Apr 2016 23:56:53 +0000 (23:56 +0000)]
bmalloc: vm allocations should plant guard pages
https://bugs.webkit.org/show_bug.cgi?id=156937

Reviewed by Michael Saboff.

* bmalloc/Object.h:
(bmalloc::Object::operator-): Added a - helper.

* bmalloc/VMAllocate.h:
(bmalloc::vmRevokePermissions): Added a helper to revoke permissions on
a VM region. We use this for guard pages.

* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::allocateSmallChunk): Add guard pages to the start and
end of the chunk.

Note that we don't guard large chunks becuase we need to be able to merge
them. Otherwise, we will run out of virtual addresses.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199936 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agojavascript jit bug affecting Google Maps.
mark.lam@apple.com [Fri, 22 Apr 2016 23:48:44 +0000 (23:48 +0000)]
javascript jit bug affecting Google Maps.
https://bugs.webkit.org/show_bug.cgi?id=153431

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

The issue was due to the abstract interpreter wrongly marking the type of the
value read from the Uint3Array as SpecInt52, which precludes it from being an
Int32.  This proves to be false, and the generated code failed to handle the case
where the read value is actually an Int32.

The fix is to have the abstract interpreter use SpecMachineInt instead of
SpecInt52.

* bytecode/SpeculatedType.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

LayoutTests:

* js/regress/bug-153431-expected.txt: Added.
* js/regress/bug-153431.html: Added.
* js/regress/script-tests/bug-153431.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199935 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agobmalloc: Constify introspect function pointer table
ggaren@apple.com [Fri, 22 Apr 2016 23:25:54 +0000 (23:25 +0000)]
bmalloc: Constify introspect function pointer table
https://bugs.webkit.org/show_bug.cgi?id=156936

Reviewed by Michael Saboff.

* bmalloc/Zone.cpp:
(bmalloc::Zone::Zone): Declaring this function pointer table const puts
it in the read-only section of the binary, providing a little hardening
against overwriting the function pointers at runtime. (We have to
const_cast when assigning because the API declares a pointer to non-const,
but we happen to know it will never try to write through that pointer.
This is not my favorite API.)

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199934 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] PredictionPropagation should not be in the top 5 heaviest phases
commit-queue@webkit.org [Fri, 22 Apr 2016 23:10:27 +0000 (23:10 +0000)]
[JSC] PredictionPropagation should not be in the top 5 heaviest phases
https://bugs.webkit.org/show_bug.cgi?id=156891

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-04-22
Reviewed by Mark Lam.

In DFG, PredictionPropagation is often way too high in profiles.
It is a simple phase, it should not be that hot.

Most of the time is spent accessing memory. This patch attempts
to reduce that.

First, propagate() is split in processInvariants() and propagates().
The step processInvariants() sets all the types for nodes for which
the type does not depends on other nodes.

Adding processInvariants() lowers two hotspot inside PredictionPropagation:
speculationFromValue() and setPrediction().

Next, to avoid touching all the nodes at every operation, we keep
track of the nodes that actually need propagate().
The vector m_dependentNodes keeps the list of those nodes and propagate()
only need to process them at each phase.

This is a smaller gain because growing m_dependentNodes negates
some of the gains.

On 3d-cube, this moves PredictionPropagation from fifth position
to ninth. A lot of the remaining overhead is caused by double-voting
and cannot be fixed by moving stuff around.

* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagateToFixpoint): Deleted.
(JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
(JSC::DFG::PredictionPropagationPhase::propagateForward): Deleted.
(JSC::DFG::PredictionPropagationPhase::propagateBackward): Deleted.
(JSC::DFG::PredictionPropagationPhase::doDoubleVoting): Deleted.
(JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): Deleted.
(JSC::DFG::PredictionPropagationPhase::propagateThroughArgumentPositions): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199933 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agosuper should be available in object literals
ggaren@apple.com [Fri, 22 Apr 2016 23:04:55 +0000 (23:04 +0000)]
super should be available in object literals
https://bugs.webkit.org/show_bug.cgi?id=156933

Reviewed by Saam Barati.

Source/JavaScriptCore:

When we originally implemented classes, super seemed to be a class-only
feature. But the final spec says it's available in object literals too.

* bytecompiler/NodesCodegen.cpp:
(JSC::PropertyListNode::emitBytecode): Having 'super' and being a class
property are no longer synonymous, so we track two separate variables.

(JSC::PropertyListNode::emitPutConstantProperty): Being inside the super
branch no longer guarantees that you're a class property, so we decide
our attributes and our function name dynamically.

* parser/ASTBuilder.h:
(JSC::ASTBuilder::createArrowFunctionExpr):
(JSC::ASTBuilder::createGetterOrSetterProperty):
(JSC::ASTBuilder::createArguments):
(JSC::ASTBuilder::createArgumentsList):
(JSC::ASTBuilder::createProperty):
(JSC::ASTBuilder::createPropertyList): Pass through state to indicate
whether we're a class property, since we can't infer it from 'super'
anymore.

* parser/NodeConstructors.h:
(JSC::PropertyNode::PropertyNode): See ASTBuilder.h.

* parser/Nodes.h:
(JSC::PropertyNode::expressionName):
(JSC::PropertyNode::name):
(JSC::PropertyNode::type):
(JSC::PropertyNode::needsSuperBinding):
(JSC::PropertyNode::isClassProperty):
(JSC::PropertyNode::putType): See ASTBuilder.h.

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseProperty):
(JSC::Parser<LexerType>::parsePropertyMethod):
(JSC::Parser<LexerType>::parseGetterSetter):
(JSC::Parser<LexerType>::parseMemberExpression): I made these error
messages generic because it is no longer practical to say concise things
about the list of places you can use super.

* parser/Parser.h:

* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::createArgumentsList):
(JSC::SyntaxChecker::createProperty):
(JSC::SyntaxChecker::appendExportSpecifier):
(JSC::SyntaxChecker::appendConstDecl):
(JSC::SyntaxChecker::createGetterOrSetterProperty): Updated for
interface change.

* tests/stress/generator-with-super.js:
(test):
* tests/stress/modules-syntax-error.js:
* tests/stress/super-in-lexical-scope.js:
(testSyntaxError):
(testSyntaxError.test):
* tests/stress/tagged-templates-syntax.js: Updated for error message
changes. See Parser.cpp.

LayoutTests:

Updated expected results and added a few new tests.

* js/arrowfunction-syntax-errors-expected.txt:
* js/class-syntax-super-expected.txt:
* js/object-literal-methods-expected.txt:
* js/script-tests/arrowfunction-syntax-errors.js:
* js/script-tests/class-syntax-super.js:
* js/script-tests/object-literal-methods.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199927 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFixing a typo in my last commit.
ryanhaddad@apple.com [Fri, 22 Apr 2016 22:46:54 +0000 (22:46 +0000)]
Fixing a typo in my last commit.

Unreviewed build fix.

* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.messages.in:
* WebProcess/cocoa/WebVideoFullscreenManager.messages.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199919 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoASSERT(m_stack.last().isTailDeleted) at ShadowChicken.cpp:127 inspecting the inspector
fpizlo@apple.com [Fri, 22 Apr 2016 22:46:18 +0000 (22:46 +0000)]
ASSERT(m_stack.last().isTailDeleted) at ShadowChicken.cpp:127 inspecting the inspector
https://bugs.webkit.org/show_bug.cgi?id=156930

Reviewed by Joseph Pecoraro.

The loop that prunes the stack from the top should preserve the invariant that the top frame
cannot be tail-deleted.

* interpreter/ShadowChicken.cpp:
(JSC::ShadowChicken::update):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199918 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMissed some macros to fix builds that do not support AVKit.
ryanhaddad@apple.com [Fri, 22 Apr 2016 22:41:49 +0000 (22:41 +0000)]
Missed some macros to fix builds that do not support AVKit.

Unreviewed build fix.

* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.messages.in:
* WebProcess/cocoa/WebVideoFullscreenManager.messages.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199917 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd JSC test results in json format to a buildbot log
commit-queue@webkit.org [Fri, 22 Apr 2016 22:38:54 +0000 (22:38 +0000)]
Add JSC test results in json format to a buildbot log
https://bugs.webkit.org/show_bug.cgi?id=156920

Patch by Srinivasan Vijayaraghavan <svijayaraghavan@apple.com> on 2016-04-22
Reviewed by Alexey Proskuryakov.

* BuildSlaveSupport/build.webkit.org-config/master.cfg:
(RunJavaScriptCoreTests):
Add runtime flag to output json into buildbot
* Scripts/run-javascriptcore-tests:
(runJSCStressTests):
Change key names and remove redundant count key

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199916 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Unreviewed build fix.
bfulgham@apple.com [Fri, 22 Apr 2016 22:30:00 +0000 (22:30 +0000)]
[Win] Unreviewed build fix.

* platform/graphics/ca/win/PlatformCALayerWin.cpp:
(PlatformCALayerWin::isHidden):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199915 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix builds that do not support AVKit
ryanhaddad@apple.com [Fri, 22 Apr 2016 22:05:36 +0000 (22:05 +0000)]
Fix builds that do not support AVKit

Unreviewed build fix.

* UIProcess/WebPageProxy.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199914 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAttempt to fix the CLoop after r199866
benjamin@webkit.org [Fri, 22 Apr 2016 22:02:13 +0000 (22:02 +0000)]
Attempt to fix the CLoop after r199866

* runtime/MathCommon.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199913 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] Crash at -[WebAVPlayerLayer resolveBounds]
jer.noble@apple.com [Fri, 22 Apr 2016 21:48:39 +0000 (21:48 +0000)]
[iOS] Crash at -[WebAVPlayerLayer resolveBounds]
https://bugs.webkit.org/show_bug.cgi?id=156931
<rdar://problem/25865315>

Reviewed by Eric Carlson.

When cloning the WebAVPlayerLayer, we must copy over the fullscreenInterface to the cloned layer.

* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(WebAVPlayerLayerView_startRoutingVideoToPictureInPicturePlayerLayerView):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199912 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCrash under WebCore::DataDetection::detectContentInRange()
cdumez@apple.com [Fri, 22 Apr 2016 21:32:25 +0000 (21:32 +0000)]
Crash under WebCore::DataDetection::detectContentInRange()
https://bugs.webkit.org/show_bug.cgi?id=156880
<rdar://problem/25622631>

Reviewed by Darin Adler.

We would sometimes crash under WebCore::DataDetection::detectContentInRange()
when dereferencing a null parentNode pointer. This patch adds a null check
for parentNode in the for() loop. It also does some clean up and optimization
since I was passing by.

* editing/cocoa/DataDetection.mm:
(WebCore::DataDetection::detectContentInRange):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199910 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSource/WebKit:
bfulgham@apple.com [Fri, 22 Apr 2016 21:27:14 +0000 (21:27 +0000)]
Source/WebKit:
Unreviewed build fix after r199841.

* PlatformWin.cmake: Add missing WebApplicationCache.cpp buid directive.

Source/WebKit/win:
Unreviewed build fix after 4199841.

* WebApplicationCache.cpp:
(WebApplicationCache::WebApplicationCache): Provide missing preference key definition.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199908 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRebaselining inspector/model/stack-trace.html after r199897
ryanhaddad@apple.com [Fri, 22 Apr 2016 21:26:46 +0000 (21:26 +0000)]
Rebaselining inspector/model/stack-trace.html after r199897

Unreviewed test gardening.

* inspector/model/stack-trace-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199907 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSkip two content animation tests which are only meant for iOS testing.
simon.fraser@apple.com [Fri, 22 Apr 2016 21:25:37 +0000 (21:25 +0000)]
Skip two content animation tests which are only meant for iOS testing.

* Animation/css-animation.html: Added.
* Animation/raf-animation.html: Added.

* Skipped:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199906 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agobuildObjectForEventListener should not call into JSC with a null ExecState
keith_miller@apple.com [Fri, 22 Apr 2016 21:24:27 +0000 (21:24 +0000)]
buildObjectForEventListener should not call into JSC with a null ExecState
https://bugs.webkit.org/show_bug.cgi?id=156923

Reviewed by Joseph Pecoraro.

If a user had disabled JavaScript on their page then the inspector tried to
add an event listener we would fail to create an ExecState. Since we didn't
check this ExecState was valid we would then attempt to stringify the value,
which would cause JSC to crash.

* inspector/InspectorDOMAgent.cpp:
(WebCore::InspectorDOMAgent::buildObjectForEventListener):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199905 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoYet another attempt at fixing Windows.
dino@apple.com [Fri, 22 Apr 2016 21:22:52 +0000 (21:22 +0000)]
Yet another attempt at fixing Windows.

* platform/graphics/ca/win/PlatformCALayerWin.cpp:
(PlatformCALayerWin::isHidden):
* platform/graphics/ca/win/PlatformCALayerWin.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199904 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTake 2 for fixing builds that do not support AVKit
ryanhaddad@apple.com [Fri, 22 Apr 2016 21:07:45 +0000 (21:07 +0000)]
Take 2 for fixing builds that do not support AVKit

Unreviewed build fix.

* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::resetState):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199903 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAttempt to fix Windows build after r199862
ryanhaddad@apple.com [Fri, 22 Apr 2016 21:07:42 +0000 (21:07 +0000)]
Attempt to fix Windows build after r199862

Unreviewed build fix.

* platform/graphics/ca/win/PlatformCALayerWin.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199902 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWKWebView WebSQL is not enabled
andersca@apple.com [Fri, 22 Apr 2016 21:06:50 +0000 (21:06 +0000)]
WKWebView WebSQL is not enabled
https://bugs.webkit.org/show_bug.cgi?id=156928
rdar://problem/19029603

Reviewed by Beth Dakin.

Give databases a default quota of 50 MB, matching what we have in UIWebView.

* UIProcess/Cocoa/UIDelegate.mm:
(WebKit::UIDelegate::UIClient::exceededDatabaseQuota):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199901 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAnchor element 'ping' property should only apply to http/https destinations
bfulgham@apple.com [Fri, 22 Apr 2016 20:57:26 +0000 (20:57 +0000)]
Anchor element 'ping' property should only apply to http/https destinations
https://bugs.webkit.org/show_bug.cgi?id=156801
<rdar://problem/25834419>

Reviewed by Chris Dumez.

Take advantage of the hyperlink auditing language "UAs may either ignore the
ping attribute altogether, or selectively ignore URLs in the list (e.g. ignoring
any third-party URLs)" to restrict pings to http/https targets. For details, see
<https://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing>.

Tested by http/tests/navigation/ping-attribute tests.

* loader/PingLoader.cpp:
(WebCore::PingLoader::sendPing): Ignore requests to ping anything outside the
family of HTTP protocols (http/https).

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199900 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoChange an assert to a warn based on post review feedback.
timothy@apple.com [Fri, 22 Apr 2016 20:28:44 +0000 (20:28 +0000)]
Change an assert to a warn based on post review feedback.

https://bugs.webkit.org/show_bug.cgi?id=156919
rdar://problem/25857118

Rubber-stamped by Joseph Pecoraro.

* UserInterface/Controllers/DebuggerManager.js:
(WebInspector.DebuggerManager.prototype.debuggerDidPause):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199899 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Debugger statement in console does not provide any call frames and...
timothy@apple.com [Fri, 22 Apr 2016 19:53:37 +0000 (19:53 +0000)]
Web Inspector: Debugger statement in console does not provide any call frames and debugger UI is confused

https://bugs.webkit.org/show_bug.cgi?id=156919
rdar://problem/25857118

This makes console expressions show up in the Debugger tab sidebar if a ScriptContentView is shown for them.
We now also show call frames that originate from a console expression, so the call frames in the sidebar is not empty.
Also fix a bug where when there are no call frames we auto resume the debugger and don't leave it in a broken state.

Reviewed by Joseph Pecoraro.

* Localizations/en.lproj/localizedStrings.js: Updated.

* UserInterface/Base/Utilities.js:
(appendWebInspectorSourceURL): Don't append if another sourceURL is already added.
(appendWebInspectorConsoleEvaluationSourceURL): Added.
(isWebInspectorConsoleEvaluationScript): Added.
(isWebKitInternalScript): Return false for isWebInspectorConsoleEvaluationScript().

* UserInterface/Controllers/DebuggerManager.js:
(WebInspector.DebuggerManager.prototype.debuggerDidPause): Resume if call frames is empty. This is not as common now
since console expression call frames are not skipped.
(WebInspector.DebuggerManager.prototype.scriptDidParse): Change an early return for isWebInspectorInternalScript() that
was skipping adding internal scripts to the known script lists, but it should only do that when the debug UI is disabled.

* UserInterface/Controllers/JavaScriptLogViewController.js:
(WebInspector.JavaScriptLogViewController.prototype.consolePromptTextCommitted):
Call appendWebInspectorConsoleEvaluationSourceURL so the console expressions are tagged before evaluateInInspectedWindow
added the internal sourceURL name.

* UserInterface/Models/Script.js:
(WebInspector.Script): Assign unique identifiers to console scripts so they are named correctly.
(WebInspector.Script.resetUniqueDisplayNameNumbers): Reset _nextUniqueConsoleDisplayNameNumber.
(WebInspector.Script.prototype.get displayName): Special case console expressions with a better name.

* UserInterface/Views/DebuggerSidebarPanel.js:
(WebInspector.DebuggerSidebarPanel.prototype.treeElementForRepresentedObject): Add a script tree element on demand
like the ResourceSidebarPanel does for anonymous scripts.
(WebInspector.DebuggerSidebarPanel.prototype._addScript): Return treeElement so treeElementForRepresentedObject can use it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199897 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix builds that do not support AVKit
ryanhaddad@apple.com [Fri, 22 Apr 2016 19:44:08 +0000 (19:44 +0000)]
Fix builds that do not support AVKit

Unreviewed build fix.

* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.h:
* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.mm:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::reattachToWebProcess):
(WebKit::WebPageProxy::viewDidLeaveWindow):
* UIProcess/ios/WebPageProxyIOS.mm:
* platform/ios/WebAVPlayerController.h:
* platform/ios/WebAVPlayerController.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199896 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r189567): The top of Facebook's messenger.com looks visually broken
hyatt@apple.com [Fri, 22 Apr 2016 19:42:24 +0000 (19:42 +0000)]
REGRESSION (r189567): The top of Facebook's messenger.com looks visually broken
https://bugs.webkit.org/show_bug.cgi?id=156869
<rdar://problem/23204668>

Reviewed by Zalan Bujtas.

Source/WebCore:

Added fast/block/min-content-with-box-sizing.html

* rendering/RenderBox.cpp:
(WebCore::RenderBox::computeIntrinsicLogicalContentHeightUsing):

LayoutTests:

* fast/block/min-content-box-sizing-expected.html: Added.
* fast/block/min-content-box-sizing.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199895 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] Integer Multiply of a number by itself does not need negative zero support
commit-queue@webkit.org [Fri, 22 Apr 2016 19:27:57 +0000 (19:27 +0000)]
[JSC] Integer Multiply of a number by itself does not need negative zero support
https://bugs.webkit.org/show_bug.cgi?id=156895

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-04-22
Reviewed by Saam Barati.

You cannot produce negative zero by squaring an integer.

* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileArithMul):
Minor codegen fixes:
-Use the right form of multiply for ARM.
-Use a sign-extended 32bit immediates, that's the one with fast forms
 in the MacroAssembler.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199894 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTextAutoSizingKey should use normal refcounting
antti@apple.com [Fri, 22 Apr 2016 19:25:40 +0000 (19:25 +0000)]
TextAutoSizingKey should use normal refcounting
https://bugs.webkit.org/show_bug.cgi?id=156893

Reviewed by Andreas Kling.

Get rid of special refcounting of style in favor of RefPtr. It also becomes a move-only type
to support future switch to non-refcounted RenderStyle.

Also general cleanups and modernization.

* dom/Document.cpp:
(WebCore::TextAutoSizingTraits::constructDeletedValue):
(WebCore::TextAutoSizingTraits::isDeletedValue):
(WebCore::Document::addAutoSizingNode):
(WebCore::Document::validateAutoSizingNodes):
(WebCore::Document::resetAutoSizingNodes):

    Adopt to being move-only.

* rendering/TextAutoSizing.cpp:
(WebCore::cloneRenderStyleWithState):
(WebCore::TextAutoSizingKey::TextAutoSizingKey):

    Clone the style for safety against mutations. Cloning is cheap.

(WebCore::TextAutoSizingValue::numNodes):
(WebCore::TextAutoSizingValue::adjustNodeSizes):
(WebCore::TextAutoSizingValue::reset):
(WebCore::TextAutoSizingKey::~TextAutoSizingKey): Deleted.
(WebCore::TextAutoSizingKey::operator=): Deleted.
(WebCore::TextAutoSizingKey::ref): Deleted.
(WebCore::TextAutoSizingKey::deref): Deleted.
* rendering/TextAutoSizing.h:
(WebCore::TextAutoSizingKey::TextAutoSizingKey):
(WebCore::TextAutoSizingKey::style):
(WebCore::TextAutoSizingKey::isDeleted):
(WebCore::operator==):
(WebCore::TextAutoSizingKey::doc): Deleted.
(WebCore::TextAutoSizingKey::isValidDoc): Deleted.
(WebCore::TextAutoSizingKey::isValidStyle): Deleted.
(WebCore::TextAutoSizingKey::deletedKeyDoc): Deleted.
(WebCore::TextAutoSizingKey::deletedKeyStyle): Deleted.

    m_doc member is not used for anything except deleted value comparisons. Replace it with a bit.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199893 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCrash under FontCache::purgeInactiveFontData()
cdumez@apple.com [Fri, 22 Apr 2016 19:24:42 +0000 (19:24 +0000)]
Crash under FontCache::purgeInactiveFontData()
https://bugs.webkit.org/show_bug.cgi?id=156822
<rdar://problem/25373970>

Reviewed by Darin Adler.

In some rare cases, the Font constructor would mutate the FontPlatformData
that is being passed in. This is an issue because because our FontCache
uses the FontPlatformData as key for the cached fonts. This could lead to
crashes because the WTFMove() in FontCache::purgeInactiveFontData() would
nullify values in our HashMap but we would then fail to remove them from
the HashMap (because the key did not match). We would then reference the
null font when looping again when doing font->hasOneRef().

This patch marks Font::m_platformData member as const to avoid such issues
in the future and moves the code altering the FontPlatformData from the
Font constructor into the FontPlatformData constructor. The purpose of
that code was to initialize FontPlatformData::m_cgFont in case the CGFont
passed in the constructor was null.

* platform/graphics/Font.h:
* platform/graphics/FontCache.cpp:
(WebCore::FontCache::fontForPlatformData):
(WebCore::FontCache::purgeInactiveFontData):
* platform/graphics/FontPlatformData.cpp:
(WebCore::FontPlatformData::FontPlatformData):
* platform/graphics/FontPlatformData.h:
* platform/graphics/cocoa/FontCocoa.mm:
(WebCore::webFallbackFontFamily): Deleted.
(WebCore::Font::platformInit): Deleted.
* platform/graphics/cocoa/FontPlatformDataCocoa.mm:
(WebCore::webFallbackFontFamily):
(WebCore::FontPlatformData::setFallbackCGFont):
* platform/graphics/win/FontPlatformDataCGWin.cpp:
(WebCore::FontPlatformData::setFallbackCGFont):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199890 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSupport disabling at runtime IndexedDB constructors exposed to workers
cdumez@apple.com [Fri, 22 Apr 2016 19:22:54 +0000 (19:22 +0000)]
Support disabling at runtime IndexedDB constructors exposed to workers
https://bugs.webkit.org/show_bug.cgi?id=156883

Reviewed by Darin Adler.

Source/WebCore:

Support disabling at runtime IndexedDB constructors exposed to workers.
Previously, constructors visibility to workers and window was constrolled
by the same runtime flag.

* Modules/indexeddb/IDBCursor.idl:
* Modules/indexeddb/IDBCursorWithValue.idl:
* Modules/indexeddb/IDBDatabase.idl:
* Modules/indexeddb/IDBFactory.idl:
* Modules/indexeddb/IDBIndex.idl:
* Modules/indexeddb/IDBKeyRange.idl:
* Modules/indexeddb/IDBObjectStore.idl:
* Modules/indexeddb/IDBOpenDBRequest.idl:
* Modules/indexeddb/IDBRequest.idl:
* Modules/indexeddb/IDBTransaction.idl:
* Modules/indexeddb/IDBVersionChangeEvent.idl:
* workers/WorkerGlobalScope.idl:

LayoutTests:

Add layout test coverage.

* storage/indexeddb/modern/resources/workers-disabled.js:
* storage/indexeddb/modern/resources/workers-enable.js:
* storage/indexeddb/modern/workers-disabled-expected.txt:
* storage/indexeddb/modern/workers-enable-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199889 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoVersioning.
bshafiei@apple.com [Fri, 22 Apr 2016 19:14:50 +0000 (19:14 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199888 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAttempting to fix Windows build. Add isHidden implementation.
dino@apple.com [Fri, 22 Apr 2016 19:01:06 +0000 (19:01 +0000)]
Attempting to fix Windows build. Add isHidden implementation.

* platform/graphics/ca/win/PlatformCALayerWin.cpp:
(PlatformCALayerWin::isHidden):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199886 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAttempt at a Windows build fix.
beidson@apple.com [Fri, 22 Apr 2016 18:59:28 +0000 (18:59 +0000)]
Attempt at a Windows build fix.

* workers/WorkerMessagingProxy.cpp:
(WebCore::WorkerMessagingProxy::startWorkerGlobalScope):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199885 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSource/WebCore:
hyatt@apple.com [Fri, 22 Apr 2016 18:27:23 +0000 (18:27 +0000)]
Source/WebCore:
 -webkit-image-set doesn't work inside CSS variables
https://bugs.webkit.org/show_bug.cgi?id=156915
<rdar://problem/25473972>

Reviewed by Zalan Bujtas.

Added new tests in fast/hidpi.

* css/CSSPrimitiveValue.cpp:
(WebCore::CSSPrimitiveValue::equals):
(WebCore::CSSPrimitiveValue::buildParserValue):

LayoutTests:
-webkit-image-set doesn't work inside CSS variables
https://bugs.webkit.org/show_bug.cgi?id=156915
<rdar://problem/25473972>

Reviewed by Zalan Bujtas.

* fast/hidpi/image-srcset-simple-in-variable-1x-expected.txt: Added.
* fast/hidpi/image-srcset-simple-in-variable-1x.html: Added.
* fast/hidpi/image-srcset-simple-in-variable-2x-expected.txt: Added.
* fast/hidpi/image-srcset-simple-in-variable-2x.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199884 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r199877.
ryanhaddad@apple.com [Fri, 22 Apr 2016 18:17:32 +0000 (18:17 +0000)]
Unreviewed, rolling out r199877.
https://bugs.webkit.org/show_bug.cgi?id=156918

The LayoutTest added with this change is failing on all
platforms. (Requested by ryanhaddad on #webkit).

Reverted changeset:

"REGRESSION (r189567): The top of Facebook's messenger.com
looks visually broken"
https://bugs.webkit.org/show_bug.cgi?id=156869
http://trac.webkit.org/changeset/199877

Patch by Commit Queue <commit-queue@webkit.org> on 2016-04-22

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199883 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModern IDB: Rework the ownership/RefCounting model of IDBConnectionToServer and IDBCo...
beidson@apple.com [Fri, 22 Apr 2016 18:06:04 +0000 (18:06 +0000)]
Modern IDB: Rework the ownership/RefCounting model of IDBConnectionToServer and IDBConnectionProxy.
https://bugs.webkit.org/show_bug.cgi?id=156916

Reviewed by Tim Horton.

Source/WebCore:

No new tests (No behavior change).

* Modules/indexeddb/IDBFactory.cpp: Remove unneeded include.

* Modules/indexeddb/client/IDBConnectionProxy.cpp:
(WebCore::IDBClient::IDBConnectionProxy::ref): Ref the ConnectionToServer.
(WebCore::IDBClient::IDBConnectionProxy::deref): Deref it.
(WebCore::IDBClient::IDBConnectionProxy::connectionToServer):
(WebCore::IDBClient::IDBConnectionProxy::openDatabase):
(WebCore::IDBClient::IDBConnectionProxy::deleteDatabase):
(WebCore::IDBClient::IDBConnectionProxy::create): Deleted.
* Modules/indexeddb/client/IDBConnectionProxy.h:

* Modules/indexeddb/client/IDBConnectionToServer.cpp:
(WebCore::IDBClient::IDBConnectionToServer::IDBConnectionToServer): Create a proxy owned by this.
(WebCore::IDBClient::IDBConnectionToServer::proxy): Expose it.
* Modules/indexeddb/client/IDBConnectionToServer.h:

* dom/Document.cpp:
(WebCore::Document::idbConnectionProxy):

* WebCore.xcodeproj/project.pbxproj:

Source/WebKit2:

* WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:
(WebKit::WebIDBConnectionToServer::WebIDBConnectionToServer):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199882 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r194898): Multi download of external SVG defs file by <use> xlinks:href...
antti@apple.com [Fri, 22 Apr 2016 17:37:09 +0000 (17:37 +0000)]
REGRESSION (r194898): Multi download of external SVG defs file by <use> xlinks:href (caching)
https://bugs.webkit.org/show_bug.cgi?id=156368
<rdar://problem/25611746>

Reviewed by Simon Fraser.

Source/WebCore:

We would load svg resources with fragment identifier again because the encoding never matched.

Test: http/tests/svg/svg-use-external.html

* loader/TextResourceDecoder.cpp:
(WebCore::TextResourceDecoder::setEncoding):
(WebCore::TextResourceDecoder::hasEqualEncodingForCharset):

    Encoding can depend on mime type. Add a comparison function that takes this into account.

(WebCore::findXMLEncoding):
* loader/TextResourceDecoder.h:
(WebCore::TextResourceDecoder::encoding):
* loader/cache/CachedCSSStyleSheet.h:
* loader/cache/CachedResource.h:
(WebCore::CachedResource::textResourceDecoder):

    Add a way to get the TextResourceDecoder from a cached resource.

* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::determineRevalidationPolicy):

    Use the new comparison function.

* loader/cache/CachedSVGDocument.h:
* loader/cache/CachedScript.h:
* loader/cache/CachedXSLStyleSheet.h:

LayoutTests:

* http/tests/svg/resources/symbol-defs.svg: Added.
* http/tests/svg/svg-use-external-expected.txt: Added.
* http/tests/svg/svg-use-external.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199881 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate expected result for WKPreferencesGetOfflineWebApplicationCacheEnabled after...
ryanhaddad@apple.com [Fri, 22 Apr 2016 17:18:40 +0000 (17:18 +0000)]
Update expected result for WKPreferencesGetOfflineWebApplicationCacheEnabled after r199854

Unreviewed test gardening.

* TestWebKitAPI/Tests/WebKit2/WKPreferences.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199880 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDrop [UsePointersEvenForNonNullableObjectArguments] from InspectorFrontendHost
youenn.fablet@crf.canon.fr [Fri, 22 Apr 2016 16:13:05 +0000 (16:13 +0000)]
Drop [UsePointersEvenForNonNullableObjectArguments] from InspectorFrontendHost
https://bugs.webkit.org/show_bug.cgi?id=156908

Reviewed by Timothy Hatcher.

No change of behavior.

* inspector/InspectorFrontendHost.idl: Marking event parameter as nullable to keep compatibility.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199879 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDrop [UsePointersEvenForNonNullableObjectArguments] from MutationObserver
cdumez@apple.com [Fri, 22 Apr 2016 15:59:10 +0000 (15:59 +0000)]
Drop [UsePointersEvenForNonNullableObjectArguments] from MutationObserver
https://bugs.webkit.org/show_bug.cgi?id=156890

Reviewed by Darin Adler.

Source/WebCore:

Drop [UsePointersEvenForNonNullableObjectArguments] from MutationObserver
and clean up / modernize the code a bit. There is not significant Web-
exposed behavior change except that MutationObserver.observe() now throws
a different kind of exception (a TypeError as per Web IDL) when passed in
a null Node.

No new tests, rebaselined existing test.

* bindings/js/JSMutationCallback.cpp:
(WebCore::JSMutationCallback::call):
* bindings/js/JSMutationCallback.h:
* bindings/js/JSMutationObserverCustom.cpp:
(WebCore::constructJSMutationObserver):
* css/PropertySetCSSStyleDeclaration.cpp:
* dom/ChildListMutationScope.cpp:
(WebCore::ChildListMutationAccumulator::enqueueMutationRecord):
* dom/MutationCallback.h:
* dom/MutationObserver.cpp:
(WebCore::MutationObserver::create):
(WebCore::MutationObserver::MutationObserver):
(WebCore::MutationObserver::observe):
(WebCore::MutationObserver::takeRecords):
(WebCore::MutationObserver::enqueueMutationRecord):
(WebCore::MutationObserver::deliver):
(WebCore::MutationObserver::disconnect): Deleted.
* dom/MutationObserver.h:
* dom/MutationObserver.idl:
* dom/MutationObserverInterestGroup.cpp:
(WebCore::MutationObserverInterestGroup::enqueueMutationRecord):
* dom/MutationObserverInterestGroup.h:
* dom/MutationRecord.cpp:
(WebCore::MutationRecord::createChildList):
* dom/MutationRecord.h:

LayoutTests:

Rebaseline now that MutationObserver.observe() throws a TypeError instead
of a NOT_FOUND_ERR when passed a null Node.

* fast/dom/MutationObserver/observe-exceptions-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199878 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r189567): The top of Facebook's messenger.com looks visually broken
hyatt@apple.com [Fri, 22 Apr 2016 15:58:02 +0000 (15:58 +0000)]
REGRESSION (r189567): The top of Facebook's messenger.com looks visually broken
https://bugs.webkit.org/show_bug.cgi?id=156869
<rdar://problem/23204668>

Reviewed by Zalan Bujtas.

Source/WebCore:

Added fast/block/min-content-with-box-sizing.html

* rendering/RenderBox.cpp:
(WebCore::RenderBox::computeContentLogicalHeight):

LayoutTests:

* fast/block/min-content-with-box-sizing-expected.html: Added.
* fast/block/min-content-with-box-sizing.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199877 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Enable the download attribute support
carlosgc@webkit.org [Fri, 22 Apr 2016 12:49:03 +0000 (12:49 +0000)]
[GTK] Enable the download attribute support
https://bugs.webkit.org/show_bug.cgi?id=99025

Reviewed by Žan Doberšek.

.:

* Source/cmake/OptionsGTK.cmake:

Tools:

* Scripts/webkitperl/FeatureList.pm:

LayoutTests:

Unskip tests that should pass now.

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199876 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoNetworkCacheIOChannelSoup: detach the newly-created IOChannel::readSync thread
zandobersek@gmail.com [Fri, 22 Apr 2016 12:21:21 +0000 (12:21 +0000)]
NetworkCacheIOChannelSoup: detach the newly-created IOChannel::readSync thread
https://bugs.webkit.org/show_bug.cgi?id=156907

Reviewed by Carlos Garcia Campos.

* NetworkProcess/cache/NetworkCacheIOChannelSoup.cpp:
(WebKit::NetworkCache::IOChannel::readSyncInThread): Detach the new thread,
ensuring the resources are released after the thread exits. Next step is
to set up a thread pool and use that, avoiding thread re-creation.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199875 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[css-grid] Fix bug with positioned items in vertical writing mode
rego@igalia.com [Fri, 22 Apr 2016 07:54:22 +0000 (07:54 +0000)]
[css-grid] Fix bug with positioned items in vertical writing mode
https://bugs.webkit.org/show_bug.cgi?id=156870

Reviewed by Darin Adler.

Source/WebCore:

In RenderGrid::offsetAndBreadthForPositionedChild() we were using
directly borderLeft(), which is wrong in vertical writing modes.

To fix it we just need to use borderLogicalLeft() which is aware of
the current writing mode.

Test: fast/css-grid-layout/grid-positioned-children-writing-modes.html

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):

LayoutTests:

Add new test to check positioned items in different writing modes
and direction combinations.

* fast/css-grid-layout/grid-positioned-children-writing-modes-expected.html: Added.
* fast/css-grid-layout/grid-positioned-children-writing-modes.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199874 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[ANGLE] Remove deprecated auto_ptr warning. Unreviewed.
jh718.park@samsung.com [Fri, 22 Apr 2016 07:09:12 +0000 (07:09 +0000)]
[ANGLE] Remove deprecated auto_ptr warning. Unreviewed.
https://bugs.webkit.org/show_bug.cgi?id=156894

* src/compiler/preprocessor/MacroExpander.h: Use std::unique_ptr instead of std::auto_ptr.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199873 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r199738): The ANGLE update broke accelerated compositing in GTK+ port
zandobersek@gmail.com [Fri, 22 Apr 2016 06:58:41 +0000 (06:58 +0000)]
REGRESSION(r199738): The ANGLE update broke accelerated compositing in GTK+ port
https://bugs.webkit.org/show_bug.cgi?id=156789

Reviewed by Carlos Garcia Campos.

After the update, the ANGLE library has to be built with
ANGLE_ENABLE_ESSL and ANGLE_ENABLE_GLSL definitions in order
to compile in the support for the two translators that Linux-based
ports using OpenGL ES or OpenGL require. Missing files are also added.

* CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199872 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDrop [UsePointersEvenForNonNullableObjectArguments] from Document
cdumez@apple.com [Fri, 22 Apr 2016 06:19:41 +0000 (06:19 +0000)]
Drop [UsePointersEvenForNonNullableObjectArguments] from Document
https://bugs.webkit.org/show_bug.cgi?id=156881

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/dom/interfaces-expected.txt:
* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Drop [UsePointersEvenForNonNullableObjectArguments] from Document. There
is no major Web-exposed behavior change but the type of the exception
being thrown when passing null or not enough parameters has changed for
some of the API (It is now always a TypeError as per the Web IDL
specification).

Tests: fast/dom/Document/adoptNode-null.html
       fast/dom/Document/importNode-null.html

* dom/ContainerNode.cpp:
(WebCore::ContainerNode::takeAllChildrenFrom):
(WebCore::ContainerNode::parserInsertBefore):
(WebCore::ContainerNode::parserAppendChild):
* dom/Document.cpp:
(WebCore::Document::importNode):
(WebCore::Document::adoptNode):
(WebCore::Document::createNodeIterator):
(WebCore::Document::createTreeWalker):
(WebCore::Document::setBodyOrFrameset):
(WebCore::Document::hasValidNamespaceForElements): Deleted.
(WebCore::Document::scheduleForcedStyleRecalc): Deleted.
(WebCore::Document::scheduleStyleRecalc): Deleted.
(WebCore::Document::unscheduleStyleRecalc): Deleted.
(WebCore::Document::hasPendingStyleRecalc): Deleted.
(WebCore::Document::hasPendingForcedStyleRecalc): Deleted.
(WebCore::Document::recalcStyle): Deleted.
(WebCore::Document::explicitClose): Deleted.
* dom/Document.h:
(WebCore::Document::importNode):
* dom/Document.idl:
* dom/NodeIterator.cpp:
(WebCore::NodeIterator::NodeIterator):
* dom/NodeIterator.h:
(WebCore::NodeIterator::create):

LayoutTests:

Add test cases for cases where the type of the exception being thrown
has changed.

* fast/dom/Document/adoptNode-null-expected.txt: Added.
* fast/dom/Document/adoptNode-null.html: Added.
* fast/dom/Document/importNode-null-expected.txt: Added.
* fast/dom/Document/importNode-null.html: Added.
* fast/dom/importNode-null-expected.txt: Removed.
* fast/dom/importNode-null.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199871 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFollow-on to the build fix.
darin@apple.com [Fri, 22 Apr 2016 06:07:32 +0000 (06:07 +0000)]
Follow-on to the build fix.

* runtime/MathCommon.h: Use the C++ std namespace version of the
frexp function too.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199870 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMore improvements and explanations regarding resetting CSS properties on the <math...
fred.wang@free.fr [Fri, 22 Apr 2016 05:56:39 +0000 (05:56 +0000)]
More improvements and explanations regarding resetting CSS properties on the <math> element
https://bugs.webkit.org/show_bug.cgi?id=156840

Patch by Frederic Wang <fwang@igalia.com> on 2016-04-21
Reviewed by Darin Adler.

We some follow-up improvements regarding CSS rules on the <math> element, after bug 133603:
- We fix indenting to use 4 spaces.
- We explain why we set -webkit-line-box-contain and add references to related bugs.
- We explain why we reset some CSS spacing rules.
- We explain why the direction is set to ltr.
- We explain why font-family is set to a list of known math fonts and add reference
  to the wiki.
- We mention the need to customize math fonts to get consistent style and add references to
  a bug report and to the wiki.
- We described each of the math font listed and add some justification about their orders.
- We better explain the section about fonts that do not satisfy the requirements for good
  mathematical rendering, reformulate why we still need them for iOS/Mac and we add some
  references to a bug report and to the wiki. Some fonts that not pre-installed were removed
  in r199773.
- We add a FIXME comments for potential changes of CSS properties on the <math> tag.

We make the following changes to the lists of font-family:
- We move "TeX Gyre Termes Math" into the Times group.
- We move "Asana Math" into the Palatino group.
- We remove iOS conditionals on "Symbol" and "Times New Roman".

No new tests, only order of math fonts that are not used by test framework is changed.

* css/mathml.css:
(math): We merge the two math selectors, reorder some font-families, remove iOS ifdef and
add more description.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199869 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] Fix build break since r199866. Unreviewed.
jh718.park@samsung.com [Fri, 22 Apr 2016 05:56:36 +0000 (05:56 +0000)]
[JSC] Fix build break since r199866. Unreviewed.
https://bugs.webkit.org/show_bug.cgi?id=156892

* runtime/MathCommon.h: Add namespace std to isnormal invoking.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199868 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] Add primitive String support to compare operators
commit-queue@webkit.org [Fri, 22 Apr 2016 05:08:28 +0000 (05:08 +0000)]
[JSC] Add primitive String support to compare operators
https://bugs.webkit.org/show_bug.cgi?id=156783

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-04-21
Reviewed by Geoffrey Garen.

Just the basics.
We should eventually inline some of the simplest cases.

This is a 2% improvement on Longspider. It is unfortunately neutral
for Sunspider on my machine because most of the comparison are from
baseline.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileStringCompare):
(JSC::DFG::SpeculativeJIT::compileStringIdentCompare):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareLess):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareLessEq):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareGreater):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareGreaterEq):
(JSC::FTL::DFG::LowerDFGToB3::compare):
* ftl/FTLOutput.h:
(JSC::FTL::Output::callWithoutSideEffects):
* jit/JITOperations.h:
* tests/stress/string-compare.js: Added.
(makeRope):
(makeString):
(let.operator.of.operators.eval.compareStringIdent):
(let.operator.of.operators.compareStringString):
(let.operator.of.operators.compareStringIdentString):
(let.operator.of.operators.compareStringStringIdent):
(let.operator.of.operators.let.left.of.typeCases.let.right.of.typeCases.eval):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199867 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] Commute FDiv-by-constant into FMul-by-reciprocal when it is safe
commit-queue@webkit.org [Fri, 22 Apr 2016 04:46:53 +0000 (04:46 +0000)]
[JSC] Commute FDiv-by-constant into FMul-by-reciprocal when it is safe
https://bugs.webkit.org/show_bug.cgi?id=156871

Patch by Benjamin Poulain <bpoulain@webkit.org> on 2016-04-21
Reviewed by Filip Pizlo.

FMul is significantly faster than FDiv.
For example, on Haswell, FMul has a latency of 5, a throughput of 1
while FDiv has latency 10-24, throughput 8-18.

Fortunately for us, Sunspider and Kraken have plenty of division
by a simple power of 2 constant. Those are just exponent operations
and can be easily reversed to use FMul instead of FDiv.

LLVM does something similar in InstCombine.

* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* jit/JITDivGenerator.cpp:
(JSC::JITDivGenerator::loadOperand):
(JSC::JITDivGenerator::generateFastPath):
* jit/SnippetOperand.h:
(JSC::SnippetOperand::asConstNumber):
* runtime/MathCommon.h:
(JSC::safeReciprocalForDivByConst):
* tests/stress/floating-point-div-to-mul.js: Added.
(opaqueDivBy2):
(opaqueDivBy3):
(opaqueDivBy4):
(opaqueDivBySafeMaxMinusOne):
(opaqueDivBySafeMax):
(opaqueDivBySafeMaxPlusOne):
(opaqueDivBySafeMin):
(opaqueDivBySafeMinMinusOne):
(i.catch):
(i.result.opaqueDivBySafeMin.valueOf):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199866 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] Improve the absThunkGenerator() for 64bit
benjamin@webkit.org [Fri, 22 Apr 2016 04:29:02 +0000 (04:29 +0000)]
[JSC] Improve the absThunkGenerator() for 64bit
https://bugs.webkit.org/show_bug.cgi?id=156888

Reviewed by Michael Saboff.

A few tests spend a lot of time in this abs() with double argument.

This patch adds custom handling for the JSValue64 representation.
In particular:
-Do not load the value twice. Unbox the GPR if it is not an Int32.
-Deal with IntMin inline instead of falling back to the C function call.
-Box the values ourself to avoid a duplicate function tail and return.

* jit/ThunkGenerators.cpp:
(JSC::absThunkGenerator):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199865 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoLLInt CallSiteIndex off by 1
sbarati@apple.com [Fri, 22 Apr 2016 04:26:09 +0000 (04:26 +0000)]
LLInt CallSiteIndex off by 1
https://bugs.webkit.org/show_bug.cgi?id=156886

Reviewed by Benjamin Poulain.

I think was done for historical reasons but isn't needed anymore.

* llint/LLIntSlowPaths.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199864 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFTL should handle exceptions in operationInOptimize
keith_miller@apple.com [Fri, 22 Apr 2016 02:28:00 +0000 (02:28 +0000)]
FTL should handle exceptions in operationInOptimize
https://bugs.webkit.org/show_bug.cgi?id=156885

Reviewed by Michael Saboff.

For some reasone we didn't handle any exceptions in "in" when we called
operationInOptimize in the FTL.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpAssumingJITType):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileIn):
* ftl/FTLPatchpointExceptionHandle.h: Add comments explaining which
function to use for different exception types.

* jsc.cpp:
(GlobalObject::finishCreation):
(functionNoFTL):
* runtime/Executable.cpp:
(JSC::ScriptExecutable::ScriptExecutable):
* runtime/Executable.h:
(JSC::ScriptExecutable::setNeverFTLOptimize):
(JSC::ScriptExecutable::neverFTLOptimize):
* tests/stress/in-ftl-exception-check.js: Added.
(foo):
(bar):
(catch):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199863 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoBackdrop Filter should not be visible if element has visibility:hidden
dino@apple.com [Fri, 22 Apr 2016 01:48:41 +0000 (01:48 +0000)]
Backdrop Filter should not be visible if element has visibility:hidden
https://bugs.webkit.org/show_bug.cgi?id=149318
<rdar://problem/22749780>

Reviewed by Simon Fraser.

Source/WebCore:

Make sure that backdrop filter layers take note of when
the contents are visible or not.

Tests: css3/filters/backdrop/backdrop-with-visibility-hidden-changing.html
       css3/filters/backdrop/backdrop-with-visibility-hidden.html
       css3/filters/backdrop/backdrop-with-visibility-hidden-2.html

* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::updateContentsVisibility): Tell the backdrop layer about the
change if there is one.
(WebCore::GraphicsLayerCA::updateBackdropFilters): When we update filters, make
sure to check the contents visibility.
(WebCore::dumpInnerLayer): Output "hidden" if the layer is set as such.
* platform/graphics/ca/PlatformCALayer.h: Add an isHidden method.
* platform/graphics/ca/cocoa/PlatformCALayerCocoa.h:
* platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
(PlatformCALayerCocoa::isHidden): Call into CALayer isHidden.

Source/WebKit2:

Add the isHidden method to PlatformCALayerRemote.

* WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:
(WebKit::PlatformCALayerRemote::isHidden):
* WebProcess/WebPage/mac/PlatformCALayerRemote.h:

LayoutTests:

Three tests that check if a backdrop filter should be visible when
its owning element is visibility hidden.

* css3/filters/backdrop/backdrop-with-visibility-hidden-changing-expected.txt: Added.
* css3/filters/backdrop/backdrop-with-visibility-hidden-changing.html: Added.
* css3/filters/backdrop/backdrop-with-visibility-hidden-expected.txt: Added.
* css3/filters/backdrop/backdrop-with-visibility-hidden.html: Added.
* css3/filters/backdrop/backdrop-with-visibility-hidden-2.html: Added.
* css3/filters/backdrop/backdrop-with-visibility-hidden-2-expected.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199862 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoJSC virtual call thunk shouldn't do a structure->classInfo lookup
fpizlo@apple.com [Fri, 22 Apr 2016 01:25:50 +0000 (01:25 +0000)]
JSC virtual call thunk shouldn't do a structure->classInfo lookup
https://bugs.webkit.org/show_bug.cgi?id=156874

Reviewed by Keith Miller.

This lookup was unnecessary because we can just test the inlined type field.

But also, this meant that we were exempting JSBoundFunction from the virtual call optimization.
That's pretty bad.

* jit/ThunkGenerators.cpp:
(JSC::virtualThunkFor):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199861 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRenderVideo should always update the intrinsic size before layout.
zalan@apple.com [Fri, 22 Apr 2016 01:13:33 +0000 (01:13 +0000)]
RenderVideo should always update the intrinsic size before layout.
https://bugs.webkit.org/show_bug.cgi?id=156878

Reviewed by Simon Fraser.

In order to layout video element properly we need to know the correct intrinsic size.
This patch also asserts if we end up updating the intrinsic size right after finishing video renderer layout.

This issues was discovered as part of webkit.org/b/156245. (hence covered by existing tests)

* rendering/RenderVideo.cpp:
(WebCore::RenderVideo::updateIntrinsicSize):
(WebCore::RenderVideo::layout):
(WebCore::RenderVideo::updatePlayer):
* rendering/RenderVideo.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199856 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWKWebView HTML5 AppCache not working
andersca@apple.com [Fri, 22 Apr 2016 01:05:53 +0000 (01:05 +0000)]
WKWebView HTML5 AppCache not working
https://bugs.webkit.org/show_bug.cgi?id=156887
rdar://problem/17944162

Reviewed by Tim Horton.

* Shared/WebPreferencesDefinitions.h:
Set the offlineWebApplicationCacheEnabled property to true by default.

* UIProcess/API/Cocoa/APIWebsiteDataStoreCocoa.mm:
(API::WebsiteDataStore::defaultDataStoreConfiguration):
Set the default applicationCacheFlatFileSubdirectoryName to "Files".

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199854 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModern IDB (Workers): Get the IDBConnectionProxy from the Document to the WorkerGloba...
beidson@apple.com [Fri, 22 Apr 2016 01:03:39 +0000 (01:03 +0000)]
Modern IDB (Workers): Get the IDBConnectionProxy from the Document to the WorkerGlobalScope.
https://bugs.webkit.org/show_bug.cgi?id=156877

Reviewed by Tim Horton.

Source/WebCore:

No new tests (Covered by changes to existing tests).

* workers/WorkerMessagingProxy.cpp:
(WebCore::WorkerMessagingProxy::startWorkerGlobalScope): This is the point on the main thread
  where we can get the IDBConnectionProxy from the Document and pass it down through Worker
  machinery so it can end up at the WorkerGlobalScope.

Everything else is this patch is just passing it along as needed.

And cleaning up header style for neglected headers.

* workers/DedicatedWorkerGlobalScope.cpp:
(WebCore::DedicatedWorkerGlobalScope::create):
(WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope):
* workers/DedicatedWorkerGlobalScope.h:

* workers/DedicatedWorkerThread.cpp:
(WebCore::DedicatedWorkerThread::DedicatedWorkerThread):
(WebCore::DedicatedWorkerThread::createWorkerGlobalScope):
* workers/DedicatedWorkerThread.h:
(WebCore::DedicatedWorkerThread::create):
(WebCore::DedicatedWorkerThread::workerObjectProxy):

* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::WorkerGlobalScope):
(WebCore::WorkerGlobalScope::idbConnectionProxy):
* workers/WorkerGlobalScope.h:

* workers/WorkerThread.cpp:
(WebCore::WorkerThread::WorkerThread):
(WebCore::WorkerThread::idbConnectionProxy):
* workers/WorkerThread.h:
(WebCore::WorkerThread::threadID):
(WebCore::WorkerThread::runLoop):
(WebCore::WorkerThread::workerLoaderProxy):
(WebCore::WorkerThread::workerReportingProxy):
(WebCore::WorkerThread::getNotificationClient):
(WebCore::WorkerThread::setNotificationClient):
(WebCore::WorkerThread::workerGlobalScope):

LayoutTests:

* storage/indexeddb/modern/workers-enable-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199853 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: sourceMappingURL not loaded in generated script
commit-queue@webkit.org [Fri, 22 Apr 2016 00:50:09 +0000 (00:50 +0000)]
Web Inspector: sourceMappingURL not loaded in generated script
https://bugs.webkit.org/show_bug.cgi?id=156022
<rdar://problem/25438595>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-04-21
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

* inspector/JSGlobalObjectInspectorController.cpp:
(Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
Synthetic CallFrames for native code will not have script identifiers.

* inspector/ScriptCallFrame.cpp:
(Inspector::ScriptCallFrame::ScriptCallFrame):
(Inspector::ScriptCallFrame::isEqual):
(Inspector::ScriptCallFrame::buildInspectorObject):
* inspector/ScriptCallFrame.h:
* inspector/protocol/Console.json:
Include the script identifier in ScriptCallFrame so we can correlate this
to the exactly script, even if there isn't a URL. The Script may have a
sourceURL, so the Web Inspector frontend may decide to show / link to it.

* inspector/ScriptCallStackFactory.cpp:
(Inspector::CreateScriptCallStackFunctor::operator()):
(Inspector::createScriptCallStackFromException):
Include SourceID when we have it.

* interpreter/Interpreter.cpp:
(JSC::GetStackTraceFunctor::operator()):
* interpreter/Interpreter.h:
* interpreter/StackVisitor.cpp:
(JSC::StackVisitor::Frame::sourceID):
* interpreter/StackVisitor.h:
Access the SourceID when we have it.

Source/WebInspectorUI:

* UserInterface/Controllers/SourceMapManager.js:
(WebInspector.SourceMapManager.prototype.downloadSourceMap):
If the sourceMapURL is a dataURL at this point, we can just pass it on,
otherwise we would have returned and skipped it.

* UserInterface/Models/CallFrame.js:
(WebInspector.CallFrame.fromPayload):
Add handling for "scriptId" if it is available in the Console.CallFrame.
Don't automatically mark CallFrames that didn't have a "url" as native,
instead try to get a SourceCode.

* UserInterface/Models/Script.js:
(WebInspector.Script.prototype.get displayURL):
Used by SourceCodeLocation formatting, so behave more like Resources
when we have only have a sourceURL name. This produces output like:
"foo.js:#:#" instead of "foo.js (line #:#)"

(WebInspector.Script.prototype.get anonymous):
Easy accessor to see if this would be treated as anonymous or not.

* UserInterface/Models/SourceMap.js:
(WebInspector.SourceMap.prototype.get sourceMappingBasePathURLComponents):
Gracefully handle no path.

* UserInterface/Models/StackTrace.js:
(WebInspector.StackTrace.prototype.get firstNonNativeCallFrame):
(WebInspector.StackTrace.prototype.get firstNonNativeNonAnonymousCallFrame):
* UserInterface/Views/ConsoleMessageView.js:
(WebInspector.ConsoleMessageView.prototype._appendLocationLink):
Now that "Eval Code" with a sourceURL is no longer native, we still don't
want to show it in the Web Inspector if it is anonymous. So include a stricter
version that skips native and anonymous call frames.

LayoutTests:

* inspector/console/messageAdded-from-named-evaluations-expected.txt: Added.
* inspector/console/messageAdded-from-named-evaluations.html: Added.
* inspector/debugger/js-stacktrace-expected.txt:
* inspector/model/stack-trace-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199852 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix crashes when loading SVG images.
andersca@apple.com [Fri, 22 Apr 2016 00:33:32 +0000 (00:33 +0000)]
Fix crashes when loading SVG images.

* loader/EmptyClients.cpp:
(WebCore::fillWithEmptyClients):
Give the SVG page its own application cache storage.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199851 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix the iOS build: WAKView may not respond to drawLayer:inContext:
timothy_horton@apple.com [Fri, 22 Apr 2016 00:27:25 +0000 (00:27 +0000)]
Fix the iOS build: WAKView may not respond to drawLayer:inContext:
https://bugs.webkit.org/show_bug.cgi?id=156879
<rdar://problem/25772661>

Reviewed by Beth Dakin.

* WebView/WebHTMLView.mm:
WebHTMLView on iOS never uses drawLayer:inContext:, and WAKView
doesn't implement it, so this would have thrown an exception
if called, anyway. Fix the build with stricter CA protocols.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199850 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoGet rid of ApplicationCacheStorage::singleton
andersca@apple.com [Fri, 22 Apr 2016 00:18:48 +0000 (00:18 +0000)]
Get rid of ApplicationCacheStorage::singleton
https://bugs.webkit.org/show_bug.cgi?id=156882

Reviewed by Tim Horton.

* loader/appcache/ApplicationCacheStorage.cpp:
(WebCore::ApplicationCacheStorage::setCacheDirectory): Deleted.
(WebCore::ApplicationCacheStorage::singleton): Deleted.
* loader/appcache/ApplicationCacheStorage.h:
* page/Page.cpp:
(WebCore::Page::Page):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199849 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoLets do less locking of symbol tables in the BytecodeGenerator where we don't have...
sbarati@apple.com [Fri, 22 Apr 2016 00:09:36 +0000 (00:09 +0000)]
Lets do less locking of symbol tables in the BytecodeGenerator where we don't have race conditions
https://bugs.webkit.org/show_bug.cgi?id=156821

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

The BytecodeGenerator allocates all the SymbolTables that it uses.
This is before any concurrent compiler thread can use that SymbolTable.
This means we don't actually need to lock for any operations of the
SymbolTable. This patch makes this change by removing all locking.
To do this, I've introduced a new constructor for ConcurrentJITLocker
which implies no locking is necessary. You instantiate such a ConcurrentJITLocker like so:
`ConcurrentJITLocker locker(ConcurrentJITLocker::NoLockingNecessary);`

This patch also removes all uses of Strong<SymbolTable> from the bytecode
generator and instead wraps bytecode generation in a DeferGC.

* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::generateUnlinkedFunctionCodeBlock):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
(JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
(JSC::BytecodeGenerator::instantiateLexicalVariables):
(JSC::BytecodeGenerator::emitPrefillStackTDZVariables):
(JSC::BytecodeGenerator::pushLexicalScopeInternal):
(JSC::BytecodeGenerator::initializeBlockScopedFunctions):
(JSC::BytecodeGenerator::hoistSloppyModeFunctionIfNecessary):
(JSC::BytecodeGenerator::popLexicalScopeInternal):
(JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
(JSC::BytecodeGenerator::variable):
(JSC::BytecodeGenerator::createVariable):
(JSC::BytecodeGenerator::emitResolveScope):
(JSC::BytecodeGenerator::emitPushWithScope):
(JSC::BytecodeGenerator::emitPushFunctionNameScope):
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::constructorKind):
(JSC::BytecodeGenerator::superBinding):
(JSC::BytecodeGenerator::generate):
* runtime/CodeCache.cpp:
(JSC::CodeCache::getGlobalCodeBlock):
* runtime/ConcurrentJITLock.h:
(JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
(JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
(JSC::ConcurrentJITLocker::ConcurrentJITLocker):

Source/WTF:

This patch introduces a new constructor for Locker which implies no
locking is necessary. You instantiate such a locker like so:
`Locker<Lock> locker(Locker<Lock>::NoLockingNecessary);`

This is useful to for very specific places when it is not yet
required to engage in a specified locking protocol. As an example,
we use this in JSC when we allocate a particular object that
engages in a locking protocol with the concurrent compiler thread,
but before a concurrent compiler thread that could have access
to the object exists.

* wtf/Locker.h:
(WTF::Locker::Locker):
(WTF::Locker::~Locker):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199848 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoASSERTION FAILED: accumulation == TransformState::FlattenTransform in WebCore::Graphi...
simon.fraser@apple.com [Fri, 22 Apr 2016 00:08:28 +0000 (00:08 +0000)]
ASSERTION FAILED: accumulation == TransformState::FlattenTransform in WebCore::GraphicsLayerCA::computeVisibleAndCoverageRect
https://bugs.webkit.org/show_bug.cgi?id=155362

Reviewed by Zalan Bujtas.

Source/WebCore:

A particular configuration of composited RenderLayers with preserve-3d and clipping
caused assertions because an ancestor clipping layer had masksToBounds() set, but
a preserves3D() parent, triggering an assertion in GraphicsLayerCA::computeVisibleAndCoverageRect().
Make two changes to address this:

First, CSS clip: and clip-path: should force flattening and override preserve-3d in
the RenderStyle.

Second, don't accumulate transforms in GraphicsLayerCA through layers with masksToBounds().

Tests: compositing/clipping/preserve3d-flatten-assertion-nested.html
       compositing/clipping/preserve3d-flatten-assertion.html

* css/StyleResolver.cpp:
(WebCore::StyleResolver::adjustRenderStyle):
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::accumulatesTransform):

LayoutTests:

Test cases that should not assert in debug builds.

* compositing/clipping/preserve3d-flatten-assertion-nested.html: Added.
* compositing/clipping/preserve3d-flatten-assertion.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199847 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[WK1] Add WebPlaybackSession support to WebKit
jer.noble@apple.com [Thu, 21 Apr 2016 23:56:03 +0000 (23:56 +0000)]
[WK1] Add WebPlaybackSession support to WebKit
https://bugs.webkit.org/show_bug.cgi?id=156854

Reviewed by Beth Dakin.

Add support for WebPlaybackSession and the ChromeClient methods setUpPlaybackControlsManager() and
clearPlaybackControlsManager() to WebKit.

* WebCoreSupport/WebChromeClient.h:
* WebCoreSupport/WebChromeClient.mm:
(WebChromeClient::setUpPlaybackControlsManager):
(WebChromeClient::clearPlaybackControlsManager):
* WebView/WebView.mm:
(-[WebView _hasActiveVideoForControlsInterface]):
(-[WebView _setUpPlaybackControlsManagerForMediaElement:]):
(-[WebView _clearPlaybackControlsManagerForMediaElement:]):
* WebView/WebViewData.h:
* WebView/WebViewData.mm:
* WebView/WebViewInternal.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199846 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove some unnecessary RefPtrs in the parser
sbarati@apple.com [Thu, 21 Apr 2016 23:30:36 +0000 (23:30 +0000)]
Remove some unnecessary RefPtrs in the parser
https://bugs.webkit.org/show_bug.cgi?id=156865

Reviewed by Filip Pizlo.

The IdentifierArena or the SourceProviderCacheItem will own these UniquedStringImpls
while we are using them. There is no need for us to reference count them.

This might be a 0.5% speedup on octane code-load.

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseInner):
* parser/Parser.h:
(JSC::Scope::setIsLexicalScope):
(JSC::Scope::isLexicalScope):
(JSC::Scope::closedVariableCandidates):
(JSC::Scope::declaredVariables):
(JSC::Scope::lexicalVariables):
(JSC::Scope::finalizeLexicalEnvironment):
(JSC::Scope::computeLexicallyCapturedVariablesAndPurgeCandidates):
(JSC::Scope::collectFreeVariables):
(JSC::Scope::getCapturedVars):
(JSC::Scope::setStrictMode):
(JSC::Scope::isValidStrictMode):
(JSC::Scope::shadowsArguments):
(JSC::Scope::copyCapturedVariablesToVector):
* parser/SourceProviderCacheItem.h:
(JSC::SourceProviderCacheItem::usedVariables):
(JSC::SourceProviderCacheItem::~SourceProviderCacheItem):
(JSC::SourceProviderCacheItem::create):
(JSC::SourceProviderCacheItem::SourceProviderCacheItem):
(JSC::SourceProviderCacheItem::writtenVariables): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199845 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoElement::idForStyleResolution() is a foot-gun
cdumez@apple.com [Thu, 21 Apr 2016 23:28:48 +0000 (23:28 +0000)]
Element::idForStyleResolution() is a foot-gun
https://bugs.webkit.org/show_bug.cgi?id=156852

Reviewed by Darin Adler.

Element::idForStyleResolution() is a foot-gun. It requires the caller to check
Element::hasID() first or it may end up crashing when dereferencing elementData()
(e.g. see Bug 156806).

This patch updates Element::idForStyleResolution() to return nullAtom is the
Element does not have an ID. I did not see a performance impact on Speedometer,
Dromaeo DOM Core, Dromaeo CSS Selectors and our local performanceTests/.

* css/ElementRuleCollector.cpp:
(WebCore::ElementRuleCollector::collectMatchingRules):
* css/SelectorChecker.cpp:
(WebCore::SelectorChecker::checkOne):
* css/SelectorFilter.cpp:
(WebCore::collectElementIdentifierHashes):
* dom/Element.h:
(WebCore::Element::idForStyleResolution):
* rendering/RenderBlockFlow.cpp:
(WebCore::needsAppleMailPaginationQuirk):
* rendering/RenderTreeAsText.cpp:
(WebCore::writeRenderRegionList):
* style/StyleSharingResolver.cpp:
(WebCore::Style::SharingResolver::canShareStyleWithElement):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199844 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModern IDB (Workers): Move IDBConnectionProxy into IDBRequest and IDBDatabase.
beidson@apple.com [Thu, 21 Apr 2016 23:25:10 +0000 (23:25 +0000)]
Modern IDB (Workers): Move IDBConnectionProxy into IDBRequest and IDBDatabase.
https://bugs.webkit.org/show_bug.cgi?id=156868

Reviewed by Tim Horton.

No new tests (No behavior change).

* Modules/indexeddb/IDBDatabase.cpp:
(WebCore::IDBDatabase::create):
(WebCore::IDBDatabase::IDBDatabase):
(WebCore::IDBDatabase::~IDBDatabase):
(WebCore::IDBDatabase::transaction):
(WebCore::IDBDatabase::maybeCloseInServer):
* Modules/indexeddb/IDBDatabase.h:
(WebCore::IDBDatabase::connectionProxy):
(WebCore::IDBDatabase::serverConnection):

* Modules/indexeddb/IDBOpenDBRequest.cpp:
(WebCore::IDBOpenDBRequest::createDeleteRequest):
(WebCore::IDBOpenDBRequest::createOpenRequest):
(WebCore::IDBOpenDBRequest::IDBOpenDBRequest):
(WebCore::IDBOpenDBRequest::onSuccess):
(WebCore::IDBOpenDBRequest::onUpgradeNeeded):
(WebCore::IDBOpenDBRequest::requestCompleted):
(WebCore::IDBOpenDBRequest::maybeCreateDeleteRequest): Deleted.
(WebCore::IDBOpenDBRequest::maybeCreateOpenRequest): Deleted.
* Modules/indexeddb/IDBOpenDBRequest.h:

* Modules/indexeddb/IDBRequest.cpp:
(WebCore::IDBRequest::IDBRequest):
(WebCore::IDBRequest::connectionToServer): Deleted.
* Modules/indexeddb/IDBRequest.h:
(WebCore::IDBRequest::connectionProxy):

* Modules/indexeddb/IDBTransaction.h:

* Modules/indexeddb/client/IDBConnectionProxy.cpp:
(WebCore::IDBClient::IDBConnectionProxy::openDatabase):
(WebCore::IDBClient::IDBConnectionProxy::deleteDatabase):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199843 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoGet rid of the last uses of ApplicationCacheStorage::singleton() from WebKit2
andersca@apple.com [Thu, 21 Apr 2016 23:06:41 +0000 (23:06 +0000)]
Get rid of the last uses of ApplicationCacheStorage::singleton() from WebKit2
https://bugs.webkit.org/show_bug.cgi?id=156876

Reviewed by Tim Horton.

* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode):
(WebKit::WebProcessCreationParameters::decode):
* Shared/WebProcessCreationParameters.h:
Add and encode and decode a applicationCacheFlatFileSubdirectoryName.

* UIProcess/API/APIProcessPoolConfiguration.cpp:
(API::ProcessPoolConfiguration::createWithLegacyOptions):
Set m_applicationCacheFlatFileSubdirectoryName to "ApplicationCache".

(API::ProcessPoolConfiguration::ProcessPoolConfiguration):
Set m_applicationCacheFlatFileSubdirectoryName to "Files".

(API::ProcessPoolConfiguration::copy):
Copy m_applicationCacheFlatFileSubdirectoryName.

* UIProcess/API/APIProcessPoolConfiguration.h:
Add getter for applicationCacheFlatFileSubdirectoryName.

* UIProcess/WebProcessPool.cpp:
(WebKit::legacyWebsiteDataStoreConfiguration):
Initialize applicationCacheFlatFileSubdirectoryName from the process pool configuration.

(WebKit::WebProcessPool::createNewWebProcess):
Initialize parameters.applicationCacheFlatFileSubdirectoryName. Remove a call to
ApplicationCacheStorage::singleton().setDefaultOriginQuota since it had no effect (it was called in the UI process).

* UIProcess/WebsiteData/WebsiteDataStore.cpp:
(WebKit::WebsiteDataStore::WebsiteDataStore):
Initialize m_applicationCacheFlatFileSubdirectoryName.

(WebKit::WebsiteDataStore::fetchData):
(WebKit::WebsiteDataStore::removeData):
Pass m_applicationCacheFlatFileSubdirectoryName when creating the application cache storage.

* UIProcess/WebsiteData/WebsiteDataStore.h:
Add new members.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::WebPage):
Set the application cache storage.

* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeWebProcess):
Initialize the application cache storage.

* WebProcess/WebProcess.h:
(WebKit::WebProcess::applicationCacheStorage):
Add new getter.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199842 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd a missing space, as noticed by Darin.
andersca@apple.com [Thu, 21 Apr 2016 23:03:27 +0000 (23:03 +0000)]
Add a missing space, as noticed by Darin.

* WebApplicationCache.cpp:
(applicationCachePath):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199841 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] DumpRenderTree crashed in com.apple.WebCore: WebCore::ResourceLoadNotifier...
jiewen_tan@apple.com [Thu, 21 Apr 2016 22:50:50 +0000 (22:50 +0000)]
[iOS] DumpRenderTree crashed in com.apple.WebCore: WebCore::ResourceLoadNotifier::didFailToLoad
https://bugs.webkit.org/show_bug.cgi?id=156829
<rdar://problem/23348217>

Reviewed by Daniel Bates.

Source/WebCore:

Ensure that the frame associated with the ResourceLoadNotifier is kept alive when notifying the Web Inspector.

Covered by existing tests.

* loader/ResourceLoadNotifier.cpp:
(WebCore::ResourceLoadNotifier::didFailToLoad):
(WebCore::ResourceLoadNotifier::dispatchWillSendRequest):
(WebCore::ResourceLoadNotifier::dispatchDidReceiveResponse):
(WebCore::ResourceLoadNotifier::dispatchDidReceiveData):
(WebCore::ResourceLoadNotifier::dispatchDidFinishLoading):
(WebCore::ResourceLoadNotifier::dispatchDidFailLoading):

LayoutTests:

Unmark imported/blink/http/tests/css/remove-placeholder-styles.html as flaky because of bug fix.

* platform/ios-simulator-wk1/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199840 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove two uses of ApplicationCacheStorage::singleton() from WebKit2
andersca@apple.com [Thu, 21 Apr 2016 22:24:36 +0000 (22:24 +0000)]
Remove two uses of ApplicationCacheStorage::singleton() from WebKit2
https://bugs.webkit.org/show_bug.cgi?id=156873

Reviewed by Beth Dakin.

* WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::reachedApplicationCacheOriginQuota):
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::clearApplicationCache): Deleted.
* WebProcess/WebProcess.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199839 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Debugger statement gets a space after it when pretty printed
commit-queue@webkit.org [Thu, 21 Apr 2016 22:24:17 +0000 (22:24 +0000)]
Web Inspector: Debugger statement gets a space after it when pretty printed
https://bugs.webkit.org/show_bug.cgi?id=156867
<rdar://problem/25862308>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-04-21
Reviewed by Geoffrey Garen.

Source/WebInspectorUI:

* Tools/Formatting/index.html:
* UserInterface/Workers/Formatter/EsprimaFormatter.js:
(EsprimaFormatter.prototype._handleTokenAtNode):
Handle the unhandled DebuggerStatement node type.

LayoutTests:

* inspector/formatting/formatting-javascript-expected.txt:
* inspector/formatting/formatting-javascript.html:
* inspector/formatting/resources/javascript-tests/other-statements-expected.js: Renamed from LayoutTests/inspector/formatting/resources/javascript-tests/throw-statement-expected.js.
* inspector/formatting/resources/javascript-tests/other-statements.js: Renamed from LayoutTests/inspector/formatting/resources/javascript-tests/throw-statement.js.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199838 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoPolymorphicAccess adds sizeof(CallerFrameAndPC) rather than subtracting it when calcu...
fpizlo@apple.com [Thu, 21 Apr 2016 22:11:38 +0000 (22:11 +0000)]
PolymorphicAccess adds sizeof(CallerFrameAndPC) rather than subtracting it when calculating stack height
https://bugs.webkit.org/show_bug.cgi?id=156872

Reviewed by Geoffrey Garen.

The code that added sizeof(CallerFrameAndPC) emerged from a bad copy-paste in r189586. That was
the revision that created the PolymorphicAccess class. It moved code for generating a
getter/setter call from Repatch.cpp to PolymorphicAccess.cpp. You can see the code doing a
subtraction here:

    http://trac.webkit.org/changeset/189586/trunk/Source/JavaScriptCore/jit/Repatch.cpp

This makes the world right again.

* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::generateImpl):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199837 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoStop using ApplicationCacheStorage::singleton() on Windows
andersca@apple.com [Thu, 21 Apr 2016 21:16:54 +0000 (21:16 +0000)]
Stop using ApplicationCacheStorage::singleton() on Windows
https://bugs.webkit.org/show_bug.cgi?id=156861

Reviewed by Darin Adler.

* WebApplicationCache.cpp:
(applicationCachePath):
(WebApplicationCache::storage):
* WebApplicationCache.h:
* WebCache.cpp:
(WebCache::empty):
* WebView.cpp:
(WebView::initWithFrame):
(WebKitSetApplicationCachePathIfNecessary): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199836 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModern IDB (Workers): More IDBConnectionProxy refactoring.
beidson@apple.com [Thu, 21 Apr 2016 21:08:20 +0000 (21:08 +0000)]
Modern IDB (Workers): More IDBConnectionProxy refactoring.
https://bugs.webkit.org/show_bug.cgi?id=156855

Reviewed by Darin Adler.

Source/WebCore:

No new tests (Covered by changes to existing tests).

* Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
(WebCore::DOMWindowIndexedDatabase::indexedDB):

Hang on to the IDBConnectionProxy passed in at creation time, as it should never change:
* Modules/indexeddb/IDBFactory.cpp:
(WebCore::IDBFactory::create):
(WebCore::IDBFactory::IDBFactory):
(WebCore::IDBFactory::openInternal):
(WebCore::IDBFactory::deleteDatabase):
* Modules/indexeddb/IDBFactory.h:

Hang on to the IDBConnectionProxy passed in at creation time, as it should never change:
* Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.cpp:
(WebCore::WorkerGlobalScopeIndexedDatabase::WorkerGlobalScopeIndexedDatabase):
(WebCore::WorkerGlobalScopeIndexedDatabase::from):
(WebCore::WorkerGlobalScopeIndexedDatabase::indexedDB):
* Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.h:

Make IDBConnectionProxy ThreadSafeRefCounted:
* Modules/indexeddb/client/IDBConnectionProxy.cpp:
(WebCore::IDBClient::IDBConnectionProxy::create):
* Modules/indexeddb/client/IDBConnectionProxy.h:

* dom/Document.cpp:
(WebCore::Document::idbConnectionProxy):
* dom/Document.h:

LayoutTests:

* storage/indexeddb/modern/workers-enable-expected.txt: Revert some of the PASS expectations to FAIL, just for now.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199835 268f45cc-cd09-0410-ab3c-d52691b4dbfc