WebKit-https.git
4 years agoRelease JSC test test-observegc.js.layout failing.
beidson@apple.com [Thu, 26 May 2016 19:06:06 +0000 (19:06 +0000)]
Release JSC test test-observegc.js.layout failing.
https://bugs.webkit.org/show_bug.cgi?id=158126

Unreviewed.

Move this test to a directory that is less... "special"

* fast/misc/resources/test-observegc.js: Renamed from LayoutTests/js/script-tests/test-observegc.js.
* fast/misc/test-observegc-expected.txt: Renamed from LayoutTests/js/test-observegc-expected.txt.
* fast/misc/test-observegc.html: Added.
* js/test-observegc.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201425 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBitmapImage::checkForSolidColor() cleanup
commit-queue@webkit.org [Thu, 26 May 2016 18:46:02 +0000 (18:46 +0000)]
BitmapImage::checkForSolidColor() cleanup
https://bugs.webkit.org/show_bug.cgi?id=157750

Patch by Said Abou-Hallawa <sabouhallawa@apple,com> on 2016-05-26
Reviewed by Darin Adler.

Have a single implementation for BitmapImage::checkForSolidColor(). Create
a new function named NativeImage::solidColor() and call it from the former
one. The goal is to have the platform files contain only the platform dependent
code rather than repeating the platform independent code multiple times.

* platform/graphics/BitmapImage.cpp:
(WebCore::BitmapImage::destroyMetadataAndNotify): Invalidate m_solidColor.
(WebCore::BitmapImage::singlePixelSolidColor): Combine mayFillWithSolidColor(),
checkForSolidColor() and solidColor() in one function to guarantee the validity
of the returned value. Before, if solidColor() is called without calling
mayFillWithSolidColor() or checkForSolidColor(), the returned value would be
incorrect.

(WebCore::BitmapImage::dump): Use the m_solidColor Optional and Color states.
(WebCore::BitmapImage::mayFillWithSolidColor): Deleted.
(WebCore::BitmapImage::solidColor): Deleted.

* platform/graphics/BitmapImage.h: Delete m_checkedForSolidColor and
m_isSolidColor and change m_solidColor to be Optional<Color>.

* platform/graphics/Image.cpp:
(WebCore::Image::drawTiled): Use singlePixelSolidColor() and check the returned
value to know whether the singe pixel solid color optimization applies or not.

* platform/graphics/Image.h:
(WebCore::Image::singlePixelSolidColor):
(WebCore::Image::mayFillWithSolidColor): Deleted.
(WebCore::Image::solidColor): Deleted.
Replace mayFillWithSolidColor() and solidColor() with a single function named
singlePixelSolidColor(). isValid() of the returned Color can be used to tell
whether the singe pixel solid color optimization applies or not.

* platform/graphics/cairo/BitmapImageCairo.cpp:
(WebCore::NativeImage::singlePixelSolidColor):
(WebCore::BitmapImage::draw):
(WebCore::BitmapImage::checkForSolidColor): Deleted.
Delete the platform dependent BitmapImage::checkForSolidColor() and add
the new platform dependent function NativeImage::singlePixelSolidColor() and
use to know whether the singe pixel solid color optimization applies or not.

* platform/graphics/cg/BitmapImageCG.cpp:
(WebCore::NativeImage::singlePixelSolidColor):
(WebCore::BitmapImage::draw):
(WebCore::BitmapImage::checkForSolidColor): Deleted.
Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201424 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSites served over insecure connections should not be allowed to use geolocation.
bfulgham@apple.com [Thu, 26 May 2016 18:19:30 +0000 (18:19 +0000)]
Sites served over insecure connections should not be allowed to use geolocation.
https://bugs.webkit.org/show_bug.cgi?id=157423
<rdar://problem/23751632>

Patch by Pranjal Jumde <pjumde@apple.com> on 2016-05-26
Reviewed by Brent Fulgham.

Source/WebCore:

Tests: http/tests/security/insecure-geolocation.html
       http/tests/security/mixedcontent-geolocation-block-insecure-content.html
       http/tests/security/mixedcontent-geolocation.html

* Modules/geolocation/Geolocation.cpp:
(WebCore::logError):
Logs an error to the console if geolocation is blocked.
(WebCore::Geolocation::startRequest):
Access to Geolocation will be blocked if site is not secure. An error will be logged when access to Geolocation is blocked.
(WebCore::Geolocation::shouldBlockGeolocationRequests)
Returns true if the access to geolocation should be blocked.
* Modules/geolocation/Geolocation.h:
* dom/SecurityContext.h:
(WebCore::SecurityContext::foundMixedContent):
Returns true if insecure content was accessed over secure connection.
(WebCore::SecurityContext::setFoundMixedContent):
Sets m_foundMixedContent to true if insecure content is accessed over secure connection.
(WebCore::SecurityContext::geolocationAccessed):
Returns true if geolocation was accessed
(WebCore::SecurityContext::setGeolocationAccessed):
Sets m_geolocationAccessed to true if geolocation was accessed.
* loader/MixedContentChecker.cpp:
(WebCore::MixedContentChecker::canDisplayInsecureContent):
Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.
(WebCore::MixedContentChecker::canRunInsecureContent):
Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.

LayoutTests:

* http/tests/security/geolocation-over-insecure-content.html: Added.
* http/tests/security/geolocation-over-mixed-content-block.html: Added.
* http/tests/security/geolocation-over-mixed-content.html: Added.
* http/tests/security/insecure-geolocation-expected.txt: Added.
* http/tests/security/insecure-geolocation.html: Added.
* http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt: Added.
* http/tests/security/mixedcontent-geolocation-block-insecure-content.html: Added.
* http/tests/security/mixedcontent-geolocation-expected.txt: Added.
* http/tests/security/mixedcontent-geolocation.html: Added.
* http/tests/security/sandboxed-iframe-geolocation-watchPosition.html:
  iframe is loaded over secure connection to avoid geolocation failures
* http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition.html:
  iframe is loaded over secure connection to avoid geolocation failures

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201423 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement internals.observeGC to get called back when a Javascript object is GC'ed.
beidson@apple.com [Thu, 26 May 2016 17:23:02 +0000 (17:23 +0000)]
Implement internals.observeGC to get called back when a Javascript object is GC'ed.
https://bugs.webkit.org/show_bug.cgi?id=158093

Reviewed by Geoffrey Garen.

Source/WebCore:

Test: js/test-observegc.html

* CMakeLists.txt:
* DerivedSources.make:
* WebCore.xcodeproj/project.pbxproj:

* testing/GCObservation.cpp: Added.
(WebCore::GCObservation::GCObservation):
* testing/GCObservation.h: Added.
* testing/GCObservation.idl: Added.

* testing/Internals.cpp:
(WebCore::Internals::observeGC):
* testing/Internals.h:
* testing/Internals.idl:

LayoutTests:

* js/script-tests/test-observegc.js: Added.
* js/test-observegc-expected.txt: Added.
* js/test-observegc.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201422 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Font Loading] Allow empty strings in FontFace constructor
mmaxfield@apple.com [Thu, 26 May 2016 17:08:17 +0000 (17:08 +0000)]
[Font Loading] Allow empty strings in FontFace constructor
https://bugs.webkit.org/show_bug.cgi?id=158112

Reviewed by Darin Adler.

Source/WebCore:

Other browsers accept empty strings and parse them as if they are omitted.
We should do the same. However, this is only true for the constructor. Setting
an attribute to an empty string should still throw an exception.

Test: fast/text/font-face-empty-string.html

* css/FontFace.cpp:
(WebCore::FontFace::create):
(WebCore::FontFace::setFamily):
(WebCore::FontFace::setStyle):
(WebCore::FontFace::setWeight):
(WebCore::FontFace::setUnicodeRange):
(WebCore::FontFace::setVariant):
(WebCore::FontFace::setFeatureSettings):

LayoutTests:

* fast/text/font-face-empty-string-expected.txt: Added.
* fast/text/font-face-empty-string.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201421 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWebRTC: RTCSessionDescription: Make attributes readonly (and remove custom binding)
adam.bergkvist@ericsson.com [Thu, 26 May 2016 16:24:42 +0000 (16:24 +0000)]
WebRTC: RTCSessionDescription: Make attributes readonly (and remove custom binding)
https://bugs.webkit.org/show_bug.cgi?id=157858

Reviewed by Eric Carlson.

Source/WebCore:

Align RTCSessionDescription type with WebRTC 1.0 specification [1].
- Make constructor dictionary member mandatory
- Align constructor dictionary argument (RTCSessionDescriptionInit) with [1]
- Use RTCSdpType enum for the type attribute
- Remove custom binding

[1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html

Updated existing test.

* CMakeLists.txt:
* Modules/mediastream/MediaEndpointPeerConnection.cpp:
(WebCore::MediaEndpointPeerConnection::createOfferTask):
* Modules/mediastream/RTCSessionDescription.cpp:
(WebCore::parseTypeString):
(WebCore::RTCSessionDescription::create):
(WebCore::RTCSessionDescription::RTCSessionDescription):
(WebCore::verifyType): Deleted.
(WebCore::RTCSessionDescription::setType): Deleted.
* Modules/mediastream/RTCSessionDescription.h:
(WebCore::RTCSessionDescription::type):
* Modules/mediastream/RTCSessionDescription.idl:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSRTCSessionDescriptionCustom.cpp: Removed.
(WebCore::constructJSRTCSessionDescription): Deleted.

LayoutTests:

* fast/mediastream/RTCSessionDescription-expected.txt:
* fast/mediastream/RTCSessionDescription.html:
Add tests for mandatory constructor dictionary argument and required 'type' member (also
check its value). Verify that attributes are read-only.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201420 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoNativeToJSValue is harcoding the $thisValue in some strings
commit-queue@webkit.org [Thu, 26 May 2016 16:10:33 +0000 (16:10 +0000)]
NativeToJSValue is harcoding the $thisValue in some strings
https://bugs.webkit.org/show_bug.cgi?id=158113

Patch by Alejandro G. Castro <alex@igalia.com> on 2016-05-26
Reviewed by Darin Adler.

Replaced the string with the variable value.

Updated the tests results in the bindings.

* bindings/scripts/CodeGeneratorJS.pm:
(NativeToJSValue): Replaced the hardcoded string with the variable
value.
* bindings/scripts/test/JS/JSTestCallback.cpp:
(WebCore::JSTestCallback::callbackWithSerializedScriptValueParam):
* bindings/scripts/test/JS/JSTestCallbackFunction.cpp:
(WebCore::JSTestCallbackFunction::callbackWithSerializedScriptValueParam):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201419 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSmall improvements to RenderBox/LayoutUnit casting in MathML
fred.wang@free.fr [Thu, 26 May 2016 09:14:20 +0000 (09:14 +0000)]
Small improvements to RenderBox/LayoutUnit casting in MathML
https://bugs.webkit.org/show_bug.cgi?id=157943

Patch by Frederic Wang <fwang@igalia.com> on 2016-05-26
Reviewed by Darin Adler.

This is a small follow-up of the RenderMathMLRow/RenderMathMLUnderOver/RenderMathMLFraction
refactoring. Since these MathML renderers can only contain other MathML renderers, we can
just considerer RenderBox children and avoid unnecessary casts. Similarly, when the two
arguments of std::max are LayoutUnit's, we do not need to specialize to std::max<LayoutUnit>.

No new tests, behavior is not changed.

* rendering/mathml/RenderMathMLFraction.cpp:
(WebCore::RenderMathMLFraction::layoutBlock): Do not to specialize to std::max<LayoutUnit>.
* rendering/mathml/RenderMathMLRow.cpp:
(WebCore::RenderMathMLRow::updateOperatorProperties): Browse the list of RenderBox children
and use auto*.
(WebCore::RenderMathMLRow::computeLineVerticalStretch): Do not to specialize to std::max<LayoutUnit>.
* rendering/mathml/RenderMathMLUnderOver.cpp:
(WebCore::RenderMathMLUnderOver::unembellishedOperator): Get the RenderBox child and use auto*.
(WebCore::RenderMathMLUnderOver::computeOperatorsHorizontalStretch): Browse the list of
RenderBox children, use auto* and remove unnecessary casts. Do not to specialize to
std::max<LayoutUnit>.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201418 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAX: crash at AccessibilityRenderObject::remoteSVGRootElement const
cfleizach@apple.com [Thu, 26 May 2016 07:54:41 +0000 (07:54 +0000)]
AX: crash at AccessibilityRenderObject::remoteSVGRootElement const
https://bugs.webkit.org/show_bug.cgi?id=158098

Reviewed by Joanmarie Diggs.

What looks like happens here is that when a document is torn down and we try to detach, we end up creating an accessibility element during detachment phase.
So instead of just clearing the callback pointer on an existing AXObject, we make a new object and access properties of an object being deallocated.

I tried very hard to make a test but it looks like this can really only be triggered during document tear down which also tears down the AXObjectCache. I didn't
have luck reproducing because of that.

* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::remoteSVGElementHitTest):
(WebCore::AccessibilityRenderObject::isSVGImage):
(WebCore::AccessibilityRenderObject::detachRemoteSVGRoot):
(WebCore::AccessibilityRenderObject::remoteSVGRootElement):
(WebCore::AccessibilityRenderObject::addRemoteSVGChildren):
* accessibility/AccessibilityRenderObject.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201417 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoInvalidate style for newly added nodes in Node::insertedInto
antti@apple.com [Thu, 26 May 2016 06:50:26 +0000 (06:50 +0000)]
Invalidate style for newly added nodes in Node::insertedInto
https://bugs.webkit.org/show_bug.cgi?id=158088

Reviewed by Darin Adler.

* dom/ContainerNode.cpp:
(WebCore::ContainerNode::parserInsertBefore):
(WebCore::ContainerNode::replaceChild):
(WebCore::ContainerNode::parserAppendChild):
(WebCore::ContainerNode::childrenChanged):
(WebCore::ContainerNode::updateTreeAfterInsertion):
* dom/Node.cpp:
(WebCore::Node::insertedInto):

Consolidate setNeedsStyleRecalc(ReconstructRenderTree) here.

This also now happens earliest possible time, right after inserting the node and can avoid
some unneeded style invalidation work in subclass insertion handlers.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201416 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix ResourceTiming multiple entries per resource and test initiator
yoav@yoav.ws [Thu, 26 May 2016 05:34:27 +0000 (05:34 +0000)]
Fix ResourceTiming multiple entries per resource and test initiator
https://bugs.webkit.org/show_bug.cgi?id=158094

Reviewed by Alex Christensen.

Make sure that CachedResource that was needed by two different elements only adds one entry, with the right (first) initiatorType.

Source/WebCore:

Tests: http/tests/performance/performance-resource-timing-initiator-css.html
       http/tests/performance/performance-resource-timing-initiator-no-override.html

* loader/ResourceTimingInformation.cpp:
(WebCore::ResourceTimingInformation::addResourceTiming): Don't remove CachedResource when entry is added, but
mark it as added. Only add new entries for non-added resources.
(WebCore::ResourceTimingInformation::storeResourceTimingInitiatorInformation): Initialize initiator info as NotYetAdded.
* loader/ResourceTimingInformation.h:

LayoutTests:

* http/tests/performance/performance-resource-timing-initiator-css.html: Added. Makes sure css has the right initiator type.
* http/tests/performance/performance-resource-timing-initiator-css-expected.txt: Added.
* http/tests/performance/performance-resource-timing-initiator-no-override.html: Added. Makes sure that only one entry is added and
that its initiator info doesn't get overriden.
* http/tests/performance/performance-resource-timing-initiator-no-override-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201415 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix ResourceTiming XHR flakiness
yoav@yoav.ws [Thu, 26 May 2016 05:33:58 +0000 (05:33 +0000)]
Fix ResourceTiming XHR flakiness
https://bugs.webkit.org/show_bug.cgi?id=158019

Reviewed by Alex Christensen.

Source/WebCore:

Remove XHR specific ResourceTiming information store and addition as it is not needed.

Test: http/tests/performance/performance-resource-timing-xhr-single-entry.html

* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::loadRequest): Removed XHR-specific initiator info storage.
(WebCore::DocumentThreadableLoader::didFinishLoading): Removed XHR-specific RT entry addition.
* loader/DocumentThreadableLoader.h:

LayoutTests:

Test fixes and additions that make sure XHR tests are not run as part of XHR's onload event, as ResourceTiming entries are added
after it.

* TestExpectations:
* http/tests/performance/performance-resource-timing-cached-entries.html: Avoid running the tests as part of the XHR's load event.
* http/tests/performance/performance-resource-timing-xhr-single-entry-expected.txt: Added.
* http/tests/performance/performance-resource-timing-xhr-single-entry.html: Test that XHR fetch adds a single entry with correct initiatorType.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201414 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[cmake] Deduplicate make-js-file-arrays usage and make it work on Windows.
annulen@yandex.ru [Thu, 26 May 2016 05:31:43 +0000 (05:31 +0000)]
[cmake] Deduplicate make-js-file-arrays usage and make it work on Windows.
https://bugs.webkit.org/show_bug.cgi?id=157997

Reviewed by Alex Christensen.

.:

* Source/cmake/WebKitMacros.cmake: Added MAKE_JS_FILE_ARRAYS macro.

Source/WebCore:

No new tests needed.

* CMakeLists.txt: Use new MAKE_JS_FILE_ARRAYS macro.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201413 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] RegExp with deeply nested subexpressions overflow the stack in Yarr
benjamin@webkit.org [Thu, 26 May 2016 03:19:06 +0000 (03:19 +0000)]
[JSC] RegExp with deeply nested subexpressions overflow the stack in Yarr
https://bugs.webkit.org/show_bug.cgi?id=158011
rdar://problem/25946592

Reviewed by Saam Barati.

Source/JavaScriptCore:

When generating the meta-data required for compilation,
Yarr uses a recursive function over the various expression in the pattern.

If you have many nested expressions, you can run out of stack
and crash the WebProcess.
This patch changes that into a soft failure. The expression is just
considered invalid.

* runtime/RegExp.cpp:
(JSC::RegExp::finishCreation):
(JSC::RegExp::compile):
(JSC::RegExp::compileMatchOnly):
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
(JSC::Yarr::YarrPatternConstructor::setupOffsets):
(JSC::Yarr::YarrPatternConstructor::isSafeToRecurse):
(JSC::Yarr::YarrPattern::compile):
(JSC::Yarr::YarrPattern::YarrPattern):
(JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets): Deleted.
(JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets): Deleted.
* yarr/YarrPattern.h:

LayoutTests:

* js/script-tests/stack-overflow-arrity-catch.js:
With the new failure, this test can fail on allocating
the RegExp for a valid reason.

The new expression should not have this issue.
* js/script-tests/stack-overflow-regexp.js: Added.
(shouldThrow.recursiveCall):
(shouldThrow):
(recursiveCall):
* js/stack-overflow-regexp-expected.txt: Added.
* js/stack-overflow-regexp.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201412 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking imported/blink/http/tests/plugins/get-url-notify-on-removal.html as a flaky...
ryanhaddad@apple.com [Thu, 26 May 2016 00:08:48 +0000 (00:08 +0000)]
Marking imported/blink/http/tests/plugins/get-url-notify-on-removal.html as a flaky timeout
https://bugs.webkit.org/show_bug.cgi?id=158101

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201411 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse HashMap::add() instead of HashMap::set() in Node::ensureEventTargetData()
cdumez@apple.com [Wed, 25 May 2016 23:35:00 +0000 (23:35 +0000)]
Use HashMap::add() instead of HashMap::set() in Node::ensureEventTargetData()
https://bugs.webkit.org/show_bug.cgi?id=158092

Reviewed by Ryosuke Niwa.

Use HashMap::add() instead of HashMap::set() in Node::ensureEventTargetData()
as we already checked that the key is not present in the HashMap.

* dom/Node.cpp:
(WebCore::Node::ensureEventTargetData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201410 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r191531): Web Inspector: WebSQL databases are no longer shown when first...
commit-queue@webkit.org [Wed, 25 May 2016 23:18:29 +0000 (23:18 +0000)]
REGRESSION (r191531): Web Inspector: WebSQL databases are no longer shown when first opening Web Inspector
https://bugs.webkit.org/show_bug.cgi?id=158096
<rdar://problem/26454671>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-25
Reviewed by Brian Burg.

* inspector/InspectorInstrumentation.h:
(WebCore::InspectorInstrumentation::didOpenDatabase):
Remove the fast return errantly added in r191531. InspectorDatabaseAgent
wants to track databases, even before a frontend may be open, so that
on first open it can inform the frontend about open databases.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201409 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Uncaught Exception: TypeError: undefined is not an object (evaluating...
commit-queue@webkit.org [Wed, 25 May 2016 23:11:56 +0000 (23:11 +0000)]
Web Inspector: Uncaught Exception: TypeError: undefined is not an object (evaluating 'collectionData.affectedSnapshots')
https://bugs.webkit.org/show_bug.cgi?id=158051

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-25
Reviewed by Brian Burg.

* UserInterface/Workers/HeapSnapshot/HeapSnapshot.js:
(HeapSnapshot.prototype.updateDeadNodesAndGatherCollectionData):
* UserInterface/Workers/HeapSnapshot/HeapSnapshotWorker.js:
(HeapSnapshotWorker.prototype.createSnapshot):
If by the time the timeout fires we had cleared our snapshot list, then
updateDeadNodesAndGatherCollectionData could bail. Handle gracefully.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201408 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSetting overflow:hidden does not always repaint clipped content.
zalan@apple.com [Wed, 25 May 2016 23:01:51 +0000 (23:01 +0000)]
Setting overflow:hidden does not always repaint clipped content.
https://bugs.webkit.org/show_bug.cgi?id=116994
rdar://problem/26476697

Issue repaint for both layout and visual overflow rects when the container starts
clipping overflow content.

Reviewed by David Hyatt.

Source/WebCore:

Test: fast/repaint/overflow-hidden-repaint.html

* rendering/RenderBox.cpp:
(WebCore::RenderBox::updateFromStyle):

LayoutTests:

* fast/repaint/overflow-hidden-repaint-expected.html: Added.
* fast/repaint/overflow-hidden-repaint.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201407 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoGet rid of WTF/Functional.h
andersca@apple.com [Wed, 25 May 2016 22:56:58 +0000 (22:56 +0000)]
Get rid of WTF/Functional.h
https://bugs.webkit.org/show_bug.cgi?id=158081

Reviewed by Chris Dumez.

Source/WebCore:

* Modules/mediastream/MediaStreamTrack.cpp:

Source/WTF:

This is no longer used, and removing it will free up the name for a new Functional.h implementation.

* WTF.xcodeproj/project.pbxproj:
* wtf/Functional.h: Removed.
(WTF::RefAndDeref::ref): Deleted.
(WTF::RefAndDeref::deref): Deleted.
(WTF::ParamStorageTraits::wrap): Deleted.
(WTF::ParamStorageTraits::unwrap): Deleted.
(WTF::ParamStorageTraits<PassRefPtr<T>>::wrap): Deleted.
(WTF::ParamStorageTraits<PassRefPtr<T>>::unwrap): Deleted.
(WTF::ParamStorageTraits<RefPtr<T>>::wrap): Deleted.
(WTF::ParamStorageTraits<RefPtr<T>>::unwrap): Deleted.
(WTF::ParamStorageTraits<RetainPtr<T>>::wrap): Deleted.
(WTF::ParamStorageTraits<RetainPtr<T>>::unwrap): Deleted.
(WTF::FunctionImplBase::~FunctionImplBase): Deleted.
(WTF::FunctionBase::isNull): Deleted.
(WTF::FunctionBase::FunctionBase): Deleted.
(WTF::FunctionBase::impl): Deleted.
(WTF::bind): Deleted.
* wtf/mac/DeprecatedSymbolsUsedBySafari.mm:

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WTF/Functional.cpp: Removed.
(TestWebKitAPI::returnFortyTwo): Deleted.
(TestWebKitAPI::TEST): Deleted.
(TestWebKitAPI::multiplyByTwo): Deleted.
(TestWebKitAPI::multiplyByOneAndAHalf): Deleted.
(TestWebKitAPI::multiply): Deleted.
(TestWebKitAPI::subtract): Deleted.
(TestWebKitAPI::A::A): Deleted.
(TestWebKitAPI::A::f): Deleted.
(TestWebKitAPI::A::addF): Deleted.
(TestWebKitAPI::B::B): Deleted.
(TestWebKitAPI::B::~B): Deleted.
(TestWebKitAPI::B::ref): Deleted.
(TestWebKitAPI::B::deref): Deleted.
(TestWebKitAPI::B::f): Deleted.
(TestWebKitAPI::B::g): Deleted.
(TestWebKitAPI::Number::create): Deleted.
(TestWebKitAPI::Number::~Number): Deleted.
(TestWebKitAPI::Number::value): Deleted.
(TestWebKitAPI::Number::Number): Deleted.
(TestWebKitAPI::multiplyNumberByTwo): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201406 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFlashiness and jumpiness when entering fullscreen
jer.noble@apple.com [Wed, 25 May 2016 22:07:17 +0000 (22:07 +0000)]
Flashiness and jumpiness when entering fullscreen
https://bugs.webkit.org/show_bug.cgi?id=158087

Reviewed by Beth Dakin.

Multiple independant sources of jumpiness and flashiness are addressed here:

- Setting the top content inset on the WKView cause a vertical jump during fullscreen
transition. Instead of setting the content inset to 0, take the existing inset into account
when placing the WKView in the NSWindow.

- The enter fullscreen transition causes a white flash due to the NSWindow needing
display before ordering onscreen. Ensure the window has a backing by calling -displayIfNeeded
before entering fullscreen mode.

- The exit fullscreen transition causes a white background color flash for an unknown
reason, but is solved by not making the window's content view layer-backed. Rather than
directly animating the contentView's background color, create a specific background view
and animate it's background color instead.

* UIProcess/mac/WKFullScreenWindowController.h:
* UIProcess/mac/WKFullScreenWindowController.mm:
(-[WKFullScreenWindowController initWithWindow:webView:page:]):
(-[WKFullScreenWindowController enterFullScreen:]):
(-[WKFullScreenWindowController finishedEnterFullScreenAnimation:]):
(-[WKFullScreenWindowController finishedExitFullScreenAnimation:]):
(-[WKFullScreenWindowController _startEnterFullScreenAnimationWithDuration:]):
(-[WKFullScreenWindowController _startExitFullScreenAnimationWithDuration:]):
* WebProcess/FullScreen/WebFullScreenManager.cpp:
(WebKit::WebFullScreenManager::saveScrollPosition): Deleted.
(WebKit::WebFullScreenManager::restoreScrollPosition): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201405 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[WebSockets] No infrastructure for testing secure web sockets (wss)
bfulgham@apple.com [Wed, 25 May 2016 21:58:08 +0000 (21:58 +0000)]
[WebSockets] No infrastructure for testing secure web sockets (wss)
https://bugs.webkit.org/show_bug.cgi?id=157884
<rdar://problem/26477197>

Reviewed by Andy Estes.

Source/WebCore:

Add a new test-only flag used to tell CFNetwork that we do not wish to
validate the SLL certificate chain. This allows us to use self-signed
certificates in test cases.

Tests: http/tests/websocket/tests/hybi/simple-wss.html

* page/Settings.cpp:
(WebCore::Settings::setAllowsAnySSLCertificate): Added.
(WebCore::Settings::allowsAnySSLCertificate): Added. This defaults
to False.
* page/Settings.h:
* platform/network/cf/SocketStreamHandleCFNet.cpp:
(WebCore::SocketStreamHandle::createStreams): When running under our
testing infrastructure, do not require full certificate validation.
* testing/js/WebCoreTestSupport.cpp:
(WebCoreTestSupport::setAllowsAnySSLCertificate): Added.
* testing/js/WebCoreTestSupport.h:
* testing/InternalSettings.cpp:
(WebCore::InternalSettings::setAllowsAnySSLCertificate): Added.
* testing/InternalSettings.h:

Tools:

Add support to webkitpy to start and stop a secure Web Socket server running on port 9323
using the certificate, private-key from file LayoutTests/http/conf/webkit-httpd.pem. Also
teaches run-webkit-httpd to start and stop the Web Socket servers.

Modify DumpRenderTree and WebKitTestRunner to understand a new testRunner method,
'setAllowsAnySSLCertificate', which allows us to use the same self-signed test certificate
we do for our HTTPS tests.

* DumpRenderTree/TestRunner.cpp:
(setAllowsAnySSLCertificateCallback):
(TestRunner::setAllowsAnySSLCertificate):
* DumpRenderTree/TestRunner.h:
* DumpRenderTree/mac/DumpRenderTree.mm:
(resetWebViewToConsistentStateBeforeTesting): Make sure we turn off the new flag between tests.
* Scripts/run-webkit-httpd:
(main): Start the websocket server at launch.
* Scripts/webkitpy/layout_tests/controllers/manager.py:
(Manager.__init__): Remove dead code.
* Scripts/webkitpy/layout_tests/servers/websocket_server.py:
(PyWebSocket.__init__): Cleanup code.
(PyWebSocket): Pass '--tls-client-ca' to start command.
(PyWebSocket._prepare_config): Cleanups.
* Scripts/webkitpy/port/base.py:
(Port.to.start_http_server):
(Port.to):
(Port.to._extract_certificate_from_pem): Added.
(Port.to._extract_private_key_from_pem): Added.
(Port.to.start_websocket_server): Start secure socket server.
(Port.to.stop_websocket_server): Stop secure socket server.
* WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl: Add new API.
* WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
(WTR::InjectedBundle::setAllowsAnySSLCertificate): Added.
* WebKitTestRunner/InjectedBundle/InjectedBundle.h:
* WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::setAllowsAnySSLCertificate): Added.
* WebKitTestRunner/InjectedBundle/TestRunner.h:

LayoutTests:

* http/tests/websocket/tests/hybi/simple-wss-expected.txt: Added.
* http/tests/websocket/tests/hybi/simple-wss.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201404 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCRASH at WebCore::WebPlaybackSessionModelMediaElement::selectAudioMediaOption() ...
jer.noble@apple.com [Wed, 25 May 2016 21:57:03 +0000 (21:57 +0000)]
CRASH at WebCore::WebPlaybackSessionModelMediaElement::selectAudioMediaOption() + 104
https://bugs.webkit.org/show_bug.cgi?id=158090
<rdar://problem/26388936>

Reviewed by Eric Carlson.

Null-check m_mediaElement before using.

* platform/cocoa/WebPlaybackSessionModelMediaElement.mm:
(WebPlaybackSessionModelMediaElement::selectAudioMediaOption):
(WebPlaybackSessionModelMediaElement::selectLegibleMediaOption):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201403 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRace condition calling back to an IDBOpenDBRequest during WorkerThread shutdown.
beidson@apple.com [Wed, 25 May 2016 21:19:09 +0000 (21:19 +0000)]
Race condition calling back to an IDBOpenDBRequest during WorkerThread shutdown.
https://bugs.webkit.org/show_bug.cgi?id=158089

Reviewed by Alex Christensen.

No new tests (Only seen randomly under GuardMalloc).

Crash was seen once running under GuardMalloc. The error is obvious.

* Modules/indexeddb/client/IDBConnectionProxy.cpp:
(WebCore::IDBClient::IDBConnectionProxy::completeOpenDBRequest): Don't get a raw pointer out of the map.
  Instead store off as a RefPtr, as the map might be cleared out from the worker thread.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201402 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSimplify and inline minimumValueForLength()
cdumez@apple.com [Wed, 25 May 2016 21:13:22 +0000 (21:13 +0000)]
Simplify and inline minimumValueForLength()
https://bugs.webkit.org/show_bug.cgi?id=158084

Reviewed by Zalan Bujtas.

Simplify and inline minimumValueForLength(). Based on iOS PLT profiles,
we spend up to 0.7% of CPU time during page loads in this function.

The roundPercentages parameter has been dropped because it was false
for all call sites.

* css/LengthFunctions.cpp:
(WebCore::minimumIntValueForLength): Deleted.
(WebCore::minimumValueForLength): Deleted.
* css/LengthFunctions.h:
(WebCore::minimumValueForLength):
(WebCore::minimumIntValueForLength):
* rendering/RenderBoxModelObject.cpp:
(WebCore::resolveEdgeRelativeLength):
(WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):
* rendering/RenderElement.h:
(WebCore::RenderElement::minimumValueForLength):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201401 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking http/tests/css/shared-stylesheet-mutation.html as flaky
ryanhaddad@apple.com [Wed, 25 May 2016 21:02:11 +0000 (21:02 +0000)]
Marking http/tests/css/shared-stylesheet-mutation.html as flaky
https://bugs.webkit.org/show_bug.cgi?id=158085

Unreviewed test gardening.

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201400 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Update <fixed-size> syntax
rego@igalia.com [Wed, 25 May 2016 19:52:53 +0000 (19:52 +0000)]
[css-grid] Update <fixed-size> syntax
https://bugs.webkit.org/show_bug.cgi?id=158063

Reviewed by Darin Adler.

Source/WebCore:

The syntax for <fixed-size> has been updated on the spec:
https://drafts.csswg.org/css-grid/#typedef-fixed-size

New syntax is:
  <fixed-size> =
    <fixed-breadth> |
    minmax( <fixed-breadth> , <track-breadth> ) |
    minmax( <inflexible-breadth> , <fixed-breadth> )

This means that it's enough to have one <fixed-breadth>,
it doesn't matter if it's as minimum or maximum.
Before it was required that the minimum was fixed.

* css/CSSParser.cpp:
(WebCore::isGridTrackFixedSized):
* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeAutoRepeatTracksCount):

LayoutTests:

Updated test to check the new expected behavior.

* fast/css-grid-layout/grid-element-auto-repeat-get-set-expected.txt:
* fast/css-grid-layout/grid-element-auto-repeat-get-set.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201399 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix CMake build.
achristensen@apple.com [Wed, 25 May 2016 19:49:46 +0000 (19:49 +0000)]
Fix CMake build.

* PlatformMac.cmake:
Source/WebCore:

c++14 is needed since r201255.
ColorSync (in ApplicationServices) is needed since r201065.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201398 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSwap search field's cancel and result button for RTL content.
zalan@apple.com [Wed, 25 May 2016 19:41:34 +0000 (19:41 +0000)]
Swap search field's cancel and result button for RTL content.
https://bugs.webkit.org/show_bug.cgi?id=158007

Reviewed by Dean Jackson.

Source/WebCore:

Test: fast/forms/search-input-rtl.html

* css/html.css:
(input[type="search"]::-webkit-textfield-decoration-container): Deleted.
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::paintSearchFieldCancelButton):
(WebCore::RenderThemeMac::paintSearchFieldResultsButton):

LayoutTests:

* fast/forms/resources/common.js:
(searchCancelButtonPositionRTL):
(searchCancelButtonPosition):
* fast/forms/search-input-rtl.html: Added.
* fast/forms/search-rtl.html:
* platform/ios-simulator-wk2/fast/forms/search-rtl-expected.txt:
* platform/ios-simulator/fast/css/text-overflow-input-expected.txt:
* platform/ios-simulator/fast/forms/search-input-rtl-expected.txt: Added.
* platform/mac/fast/css/text-overflow-input-expected.txt:
* platform/mac/fast/forms/placeholder-position-expected.txt:
* platform/mac/fast/forms/search-input-rtl-expected.png: Added.
* platform/mac/fast/forms/search-input-rtl-expected.txt: Added.
* platform/mac/fast/forms/search-rtl-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201397 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Turn on ENABLE_CSS_GRID_LAYOUT by default
rego@igalia.com [Wed, 25 May 2016 19:39:46 +0000 (19:39 +0000)]
[css-grid] Turn on ENABLE_CSS_GRID_LAYOUT by default
https://bugs.webkit.org/show_bug.cgi?id=158060

Reviewed by Darin Adler.

The runtime flag is disabled by default,
but we want to build CSS Grid Layout by default.
Otherwise the runtime flag would be useless.

* Source/cmake/WebKitFeatures.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201396 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSimplify a few lambda captures in the network cache code
cdumez@apple.com [Wed, 25 May 2016 19:17:57 +0000 (19:17 +0000)]
Simplify a few lambda captures in the network cache code
https://bugs.webkit.org/show_bug.cgi?id=158076

Reviewed by Antti Koivisto.

Simplify a few lambda captures in the network cache code by WTFMoving
upon capture.

* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:
(WebKit::NetworkCache::SpeculativeLoadManager::retrieve):
(WebKit::NetworkCache::SpeculativeLoadManager::retrieveEntryFromStorage):
(WebKit::NetworkCache::SpeculativeLoadManager::retrieveSubresourcesEntry):
* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.h:
* NetworkProcess/cache/NetworkCacheStatistics.cpp:
(WebKit::NetworkCache::Statistics::bootstrapFromNetworkCache):
(WebKit::NetworkCache::Statistics::recordNotUsingCacheForRequest):
(WebKit::NetworkCache::Statistics::recordRetrievalFailure):
(WebKit::NetworkCache::Statistics::writeTimerFired):
(WebKit::NetworkCache::Statistics::addHashesToDatabase):
(WebKit::NetworkCache::Statistics::addStoreDecisionsToDatabase):
* NetworkProcess/cache/NetworkCacheStatistics.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201395 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Font Loading] ASSERT if calling FontFace.loaded twice with a garbage collection...
mmaxfield@apple.com [Wed, 25 May 2016 19:08:02 +0000 (19:08 +0000)]
[Font Loading] ASSERT if calling FontFace.loaded twice with a garbage collection between them
https://bugs.webkit.org/show_bug.cgi?id=158015

Reviewed by Darin Adler.

Source/WebCore:

The following scenario may occur:

1. We create a FontFace object
2. We create an associated JSFontFace object
3. We start loading the FontFace, which causes an extra ref to hang around until loading finishes
4. Javascript calls the "loaded" attribute on the FontFace, which saves a promise inside the FontFace
5. The FontFace goes out of scope in Javascript
6. A garbage collection occurs, causing us to delete the JSFontFace object
7. Javascript then encounters the FontFace object without first going through a reference to a JSFontFace.
It can do this via iterating through a FontFaceSet. We respond to this situation by creating a new
JSFontFace object and associating it with the existing FontFace.
8. Javascript calls the "loaded" attribute

In this situation, the newer JSFontFace object is out of sync with the older FontFace object. In
particular, the FontFace has a saved promise, but the JSFontFace doesn't know about it. Therefore,
the JSFontFace should be flexible to the presence of this member.

Test: fast/text/font-face-crash-2.html

* bindings/js/JSDOMPromise.h:
(WebCore::DOMPromise::deferredWrapper):
* bindings/js/JSFontFaceCustom.cpp:
(WebCore::JSFontFace::loaded):
* css/FontFace.h:

LayoutTests:

* fast/text/font-face-crash-2-expected.txt: Added.
* fast/text/font-face-crash-2.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201394 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSource/WebCore:
antti@apple.com [Wed, 25 May 2016 19:04:47 +0000 (19:04 +0000)]
Source/WebCore:
Shadow DOM: RenderTreePosition miscomputed when display:contents value changes
https://bugs.webkit.org/show_bug.cgi?id=158072
rdar://problem/25766333

Reviewed by Darin Adler.

Test: fast/shadow-dom/slot-crash.html

* style/RenderTreePosition.h:
(WebCore::RenderTreePosition::invalidateNextSibling):

    Add unconditional invalidation function.

* style/RenderTreeUpdater.cpp:
(WebCore::RenderTreeUpdater::updateElementRenderer):

    With display:contents rendering siblings may be found from the subtree and the existing cached
    position may become invalid.
    If the display:contents value changes invalidate the current render tree position.

LayoutTests:
Shadow DOM: RenderTreePosition should determine if element has display:contents from new style
https://bugs.webkit.org/show_bug.cgi?id=158072

Reviewed by Darin Adler.

* fast/shadow-dom/slot-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201393 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix Win64 build after r201335
achristensen@apple.com [Wed, 25 May 2016 18:59:40 +0000 (18:59 +0000)]
Fix Win64 build after r201335
https://bugs.webkit.org/show_bug.cgi?id=158078

Reviewed by Mark Lam.

* offlineasm/x86.rb:
Add intel implementations for loadbs and loadhs

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201392 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agorun-jsc-benchmarks should use the new JSBench rather than look for it in the config...
keith_miller@apple.com [Wed, 25 May 2016 18:31:39 +0000 (18:31 +0000)]
run-jsc-benchmarks should use the new JSBench rather than look for it in the config file.
https://bugs.webkit.org/show_bug.cgi?id=158077

Reviewed by Mark Lam.

Since we didn't have JSBench in the tree before we needed to lookup the path to it from
benchmark config file. That's no longer the case so we should just fix it in the script.

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201391 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModern IDB: IDB objects from a worker thread might be destroyed on the main thread.
beidson@apple.com [Wed, 25 May 2016 18:20:26 +0000 (18:20 +0000)]
Modern IDB: IDB objects from a worker thread might be destroyed on the main thread.
https://bugs.webkit.org/show_bug.cgi?id=158004

Reviewed by Alex Christensen.

No new tests (Spuriously reproduces on the bots, but I've been unable to construct a reliable test).

* Modules/indexeddb/client/IDBConnectionProxy.cpp:
(WebCore::IDBClient::IDBConnectionProxy::completeOpenDBRequest):
(WebCore::IDBClient::IDBConnectionProxy::notifyOpenDBRequestBlocked):
(WebCore::IDBClient::IDBConnectionProxy::didCommitTransaction):
(WebCore::IDBClient::IDBConnectionProxy::didAbortTransaction):
(WebCore::IDBClient::IDBConnectionProxy::unregisterDatabaseConnection):
(WebCore::IDBClient::removeItemsMatchingCurrentThread):
(WebCore::IDBClient::IDBConnectionProxy::forgetActivityForCurrentThread): Clear out all objects that originated on this thread.
(WebCore::IDBClient::IDBConnectionProxy::takeIDBOpenDBRequest): Deleted.
* Modules/indexeddb/client/IDBConnectionProxy.h:

* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::stopIndexedDatabase):
* workers/WorkerGlobalScope.h:

* workers/WorkerThread.cpp:
(WebCore::WorkerThread::stop):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201390 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoVersioning.
bshafiei@apple.com [Wed, 25 May 2016 18:02:13 +0000 (18:02 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201389 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove unused slotBase parameter in bindings generator
commit-queue@webkit.org [Wed, 25 May 2016 16:43:43 +0000 (16:43 +0000)]
Remove unused slotBase parameter in bindings generator
https://bugs.webkit.org/show_bug.cgi?id=158068

Patch by Nael Ouedraogo <nael.ouedraogo@crf.canon.fr> on 2016-05-25
Reviewed by Darin Adler.

Remove unused slotBase parameter from attribute Getter functions.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestNondeterministic.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
* bindings/scripts/test/JS/JSattribute.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201387 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoInclude fewer headers from headers
commit-queue@webkit.org [Wed, 25 May 2016 16:39:11 +0000 (16:39 +0000)]
Include fewer headers from headers
https://bugs.webkit.org/show_bug.cgi?id=158043

Patch by Alex Christensen <achristensen@webkit.org> on 2016-05-25
Reviewed by Brady Eidson.

* platform/graphics/GraphicsContext.h:
* rendering/svg/RenderSVGResourceClipper.h:
(isType):
* rendering/svg/RenderSVGResourceMasker.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201386 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoASSERT in WebCore::TextTrackList::remove when running media/track/track-remove-track...
eric.carlson@apple.com [Wed, 25 May 2016 16:19:52 +0000 (16:19 +0000)]
ASSERT in WebCore::TextTrackList::remove when running media/track/track-remove-track.html
https://bugs.webkit.org/show_bug.cgi?id=158071
<rdar://problem/26432041>

Reviewed by Chris Dumez.

No new tests, this prevents media/track/track-remove-track.html from crashing.

* html/track/TextTrackList.cpp:
(TextTrackList::remove): Don't assert when the media element has  been set to null.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201385 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAddressing post-review comments on r200971.
zalan@apple.com [Wed, 25 May 2016 16:01:12 +0000 (16:01 +0000)]
Addressing post-review comments on r200971.

Reviewed by Darin Adler.

* page/EventHandler.cpp:
(WebCore::EventHandler::hitTestResultAtPoint):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201384 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r201066): [GTK] Several intl tests started to fail in GTK+ bot after r201066
carlosgc@webkit.org [Wed, 25 May 2016 15:23:36 +0000 (15:23 +0000)]
REGRESSION(r201066): [GTK] Several intl tests started to fail in GTK+ bot after r201066
https://bugs.webkit.org/show_bug.cgi?id=158066

Reviewed by Darin Adler.

run-javascriptcore-tests does $ENV{LANG}="en_US.UTF-8"; but we are not actually honoring the environment
variables at all when using jsc binary. We are using setlocale() with a nullptr locale to get the current one, but
the current one is always "C", because to set the locale according to the environment variables we need to call
setlocale with an empty string as locale. That's done by gtk_init(), which is called by all our binaries (web
process, network process, etc.), but not by jsc (because jsc doesn't depend on GTK+). The reason why it has
always worked for EFL is because they call ecore_init() in jsc that calls setlocale.

* jsc.cpp:
(main): Call setlocale(LC_ALL, "") on GTK+.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201383 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Simplify grid track sizes parsing
rego@igalia.com [Wed, 25 May 2016 14:44:48 +0000 (14:44 +0000)]
[css-grid] Simplify grid track sizes parsing
https://bugs.webkit.org/show_bug.cgi?id=158021

Reviewed by Sergio Villar Senin.

Previously once we saw an auto-repeat function,
we passed the "FixedSizeOnly" restriction to the rest of methods.
That way we were sure that all the tracks after the auto-repeat
had fixed sizes.
But we needed to call allTracksAreFixedSized() to be sure that
the tracks before the auto-repeat had fixed sizes too.

Now we're introducing a new boolean |allTracksAreFixedSized|,
to check in advance if the declaration contains any track not fixed.
If that's the case and we found an auto-repeat method,
we consider it invalid.
With this approach we avoid the loop to verify
that all the tracks (before and after the auto-repeat) are fixed.
It also allows us to simplify the code and avoid passing
the restriction to all the methods parsing the track size.

No new tests, no change of behavior.

* css/CSSParser.cpp:
(WebCore::isGridTrackFixedSized): New method to check if a grid track
size is fixed or not (based on old allTracksAreFixedSized()).
(WebCore::CSSParser::parseGridTrackList): Add new boolean to detect
if any track has not a fixed size.
(WebCore::CSSParser::parseGridTrackRepeatFunction): Ditto.
(WebCore::CSSParser::parseGridTrackSize): Remove usage of
TrackSizeRestriction enum.
Check here if |minTrackBreadth| is a flexible size.
(WebCore::CSSParser::parseGridBreadth): Remove usage of
TrackSizeRestriction enum.
(WebCore::allTracksAreFixedSized): Deleted.
* css/CSSParser.h: Remove TrackSizeRestriction enum and update headers.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201382 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Unix] Potential buffer overrun of m_fileDescriptors in readBytesFromSocket of Connec...
carlosgc@webkit.org [Wed, 25 May 2016 13:18:26 +0000 (13:18 +0000)]
[Unix] Potential buffer overrun of m_fileDescriptors in readBytesFromSocket of ConnectionUnix.cpp
https://bugs.webkit.org/show_bug.cgi?id=158058

Patch by Fujii Hironori <Hironori.Fujii@sony.com> on 2016-05-25
Reviewed by Carlos Garcia Campos.

Memcpy does not check the boundary of m_fileDescriptors in
readBytesFromSocket of ConnectionUnix.cpp.  This is not a problem
in normal cases, but in the case when Web process is hijacked and
malicious IPC packets were sent.  WTF::Vector already has two
members m_capacity and m_size.  There is no need to have a
separate member m_fileDescriptorsSize to remember the number of
remaining data.

* Platform/IPC/Connection.h: Remove members m_readBufferSize and
m_fileDescriptorsSize.
* Platform/IPC/unix/ConnectionUnix.cpp:
(IPC::Connection::platformInitialize): Removed initialization of
m_readBufferSize and m_fileDescriptorsSize.  Reserve initial
capacity for m_readBuffer and m_fileDescriptors.
(IPC::Connection::processMessage): Replace m_readBufferSize and
m_fileDescriptorsSize with m_readBuffer.size() and
m_fileDescriptors.size().  Use Vector::shrink() to reset the
number of remaining data in the buffers.
(IPC::readBytesFromSocket) : Change argument types to WTF::Vector
instead of pointers and sizes.
(IPC::Connection::readyReadHandler): Call new readBytesFromSocket

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201381 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ARM] Fix the Wcast-align warning in LinkBuffer.cpp
ossy@webkit.org [Wed, 25 May 2016 13:03:24 +0000 (13:03 +0000)]
[ARM] Fix the Wcast-align warning in LinkBuffer.cpp
https://bugs.webkit.org/show_bug.cgi?id=157889

Reviewed by Darin Adler.

* assembler/LinkBuffer.cpp:
(JSC::recordLinkOffsets):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201380 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Refactor populateGridPositions()
svillar@igalia.com [Wed, 25 May 2016 11:32:30 +0000 (11:32 +0000)]
[css-grid] Refactor populateGridPositions()
https://bugs.webkit.org/show_bug.cgi?id=158065

Reviewed by Carlos Garcia Campos.

RenderGrid::populateGridPositions() was doing exactly the same thing for columns and rows
but using different data structures. That lead to a lot of duplicated code. It's easy to
refactor it in a new function that properly select the data structures to operate on based
on the direction.

No new tests as there is no change in behaviour.

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::layoutGridItems):
(WebCore::RenderGrid::populateGridPositionsForDirection): Refactored from
populateGridPositions().
(WebCore::RenderGrid::populateGridPositions): Deleted.
* rendering/RenderGrid.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201379 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r201373.
commit-queue@webkit.org [Wed, 25 May 2016 11:17:38 +0000 (11:17 +0000)]
Unreviewed, rolling out r201373.
https://bugs.webkit.org/show_bug.cgi?id=158064

Several tests are hitting the ASSERT (Requested by rego on
#webkit).

Reverted changeset:

"[css-grid] Simplify grid track sizes parsing"
https://bugs.webkit.org/show_bug.cgi?id=158021
http://trac.webkit.org/changeset/201373

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201378 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoPurge PassRefPtr from TouchList
commit-queue@webkit.org [Wed, 25 May 2016 11:13:32 +0000 (11:13 +0000)]
Purge PassRefPtr from TouchList
https://bugs.webkit.org/show_bug.cgi?id=157985

Patch by Nael Ouedraogo <nael.ouedraogo@crf.canon.fr> on 2016-05-25
Reviewed by Darin Adler.

Use RefPtr&& argument instead of PassRefPtr in append()

* dom/TouchList.h:
(WebCore::TouchList::append):
* page/EventHandler.cpp:
(WebCore::EventHandler::handleTouchEvent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201377 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdate constructRevalidationRequest() to stop returning a unique_ptr<ResourceRequest>
cdumez@apple.com [Wed, 25 May 2016 10:59:06 +0000 (10:59 +0000)]
Update constructRevalidationRequest() to stop returning a unique_ptr<ResourceRequest>
https://bugs.webkit.org/show_bug.cgi?id=158046

Reviewed by Darin Adler.

Update constructRevalidationRequest() to stop returning a unique_ptr<ResourceRequest>
and to return a ResourceRequest instead. There is no reason for it to return a
pointer.

* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:
(WebKit::NetworkCache::constructRevalidationRequest):
(WebKit::NetworkCache::SpeculativeLoadManager::PreloadedEntry::PreloadedEntry):
(WebKit::NetworkCache::SpeculativeLoadManager::PreloadedEntry::revalidationRequest):
(WebKit::NetworkCache::SpeculativeLoadManager::addPreloadedEntry):
(WebKit::NetworkCache::SpeculativeLoadManager::revalidateEntry):
* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201376 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdate dom/Window/messageevent-source-postmessage-reified.html after r201315
cdumez@apple.com [Wed, 25 May 2016 10:58:30 +0000 (10:58 +0000)]
Update dom/Window/messageevent-source-postmessage-reified.html after r201315
https://bugs.webkit.org/show_bug.cgi?id=158048

Reviewed by Darin Adler.

We need to delete a property that is part of the Window's static table
now in order to force the reification.

* fast/dom/Window/messageevent-source-postmessage-reified.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201375 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoElements with backdrop-filter cannot be clipped with clip-path or mask
commit-queue@webkit.org [Wed, 25 May 2016 09:49:32 +0000 (09:49 +0000)]
Elements with backdrop-filter cannot be clipped with clip-path or mask
https://bugs.webkit.org/show_bug.cgi?id=142662
<rdar://problem/20150192>

Patch by Antoine Quint <graouts@apple.com> on 2016-05-25
Reviewed by Dean Jackson.

Source/WebCore:

We used to only apply the mask to the layer contents but did not account
for the fact that a layer backdrop may exist. We now correctly mask the
backdrop layer as well as the layer contents.

Test: css3/filters/backdrop/backdrop-filter-with-clip-path.html

* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::updateShape):
Ensure clones of a layer use the same shape path.

(WebCore::GraphicsLayerCA::updateMaskLayer):
If we have a backdrop layer, ensure that we apply a clone of the mask layer applied to
the layer contents.

Source/WebKit2:

Ensure layer clones are set up with the same shape path as their original layer.

* WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:
(WebKit::PlatformCALayerRemote::updateClonedLayerProperties):

LayoutTests:

New test that checks that applying a backdrop-filter and a clip-path on a single
element has the same effect as applying a clip-path on a parent of a child with
a backdrop-filter.

* css3/filters/backdrop/backdrop-filter-with-clip-path-expected.txt: Added.
* css3/filters/backdrop/backdrop-filter-with-clip-path.html: Added.
* platform/ios-simulator/css3/filters/backdrop/backdrop-filter-with-clip-path-expected.html: Added.
* platform/mac/css3/filters/backdrop/backdrop-filter-with-clip-path-expected.png: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201374 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Simplify grid track sizes parsing
rego@igalia.com [Wed, 25 May 2016 09:22:37 +0000 (09:22 +0000)]
[css-grid] Simplify grid track sizes parsing
https://bugs.webkit.org/show_bug.cgi?id=158021

Reviewed by Sergio Villar Senin.

Previously once we saw an auto-repeat function,
we passed the "FixedSizeOnly" restriction to the rest of methods.
That way we were sure that all the tracks after the auto-repeat
had fixed sizes.
But we needed to call allTracksAreFixedSized() to be sure that
the tracks before the auto-repeat had fixed sizes too.

Now we're introducing a new boolean |allTracksAreFixedSized|,
to check in advance if the declaration contains any track not fixed.
If that's the case and we found an auto-repeat method,
we consider it invalid.
With this approach we avoid the loop to verify
that all the tracks (before and after the auto-repeat) are fixed.
It also allows us to simplify the code and avoid passing
the restriction to all the methods parsing the track size.

No new tests, no change of behavior.

* css/CSSParser.cpp:
(WebCore::isGridTrackFixedSized): New method to check if a grid track
size is fixed or not (based on old allTracksAreFixedSized()).
(WebCore::CSSParser::parseGridTrackList): Add new boolean to detect
if any track has not a fixed size.
(WebCore::CSSParser::parseGridTrackRepeatFunction): Ditto.
(WebCore::CSSParser::parseGridTrackSize): Remove usage of
TrackSizeRestriction enum.
Check here if |minTrackBreadth| is a flexible size.
(WebCore::CSSParser::parseGridBreadth): Remove usage of
TrackSizeRestriction enum.
(WebCore::allTracksAreFixedSized): Deleted.
* css/CSSParser.h: Remove TrackSizeRestriction enum and update headers.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201373 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, add JSBench to the skipped list for now since it doesn't
keith_miller@apple.com [Wed, 25 May 2016 09:05:26 +0000 (09:05 +0000)]
Unreviewed, add JSBench to the skipped list for now since it doesn't
work currently.

* Skipped:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201372 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSimplify a couple of lambda captures in the network cache code
cdumez@apple.com [Wed, 25 May 2016 05:18:00 +0000 (05:18 +0000)]
Simplify a couple of lambda captures in the network cache code
https://bugs.webkit.org/show_bug.cgi?id=158053

Reviewed by Brady Eidson.

* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:
(WebKit::NetworkCache::SpeculativeLoadManager::preloadEntry):
Just capture subResourceInfo instead of allocating a new copy
on the heap. There is no reason we cannot simply capture
subResourceInfo here.

* NetworkProcess/cache/NetworkCacheStorage.cpp:
(WebKit::NetworkCache::Storage::clear):
Use new C++14 capture with initialization to make the code a
bit nicer.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201371 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoReorganize dashboard code: move code from _timeIntervalString to base class
aakash_jain@apple.com [Wed, 25 May 2016 01:21:45 +0000 (01:21 +0000)]
Reorganize dashboard code: move code from _timeIntervalString to base class
https://bugs.webkit.org/show_bug.cgi?id=158047
rdar://problem/26457274

Reviewed by Alexey Proskuryakov and Dean Johnson.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BubbleQueueView.js:
(BubbleQueueView.prototype._timeIntervalString): Moved core logic to base class so as to make it re-usable.
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/QueueView.js:
(QueueView.prototype._readableTimeString): Same.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201370 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago_WKThumbnailView should expose its snapshot size
conrad_shultz@apple.com [Wed, 25 May 2016 00:46:20 +0000 (00:46 +0000)]
_WKThumbnailView should expose its snapshot size
https://bugs.webkit.org/show_bug.cgi?id=158049

Reviewed by Tim Horton.

* UIProcess/API/Cocoa/_WKThumbnailView.h:
* UIProcess/API/Cocoa/_WKThumbnailView.mm:
(-[_WKThumbnailView _didTakeSnapshot:]):
Update the new snapshotSize property in a KVO-compliant manner.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201366 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC][GTK][EFL] Allow run-jsc-benchmark to use WebKitTestRunner in EFL / GTK ports
utatane.tea@gmail.com [Wed, 25 May 2016 00:45:14 +0000 (00:45 +0000)]
[JSC][GTK][EFL] Allow run-jsc-benchmark to use WebKitTestRunner in EFL / GTK ports
https://bugs.webkit.org/show_bug.cgi?id=158016

Reviewed by Darin Adler.

This patch easily allows run-jsc-benchmark to run WebKitTestRunner-based tests in GTK / EFL ports.
This change encourages us to run tests with the browser-heap in nix environments.
Two things are modified.

1. Add a fall-back to look up the library path in GTK / EFL / JSCOnly environment.

    In GTK / EFL / JSCOnly ports, the hierarchy of the build directory is slightly different from Apple port.
    For example, the jsc bin locate at "WebKitBuild/XXX/Release/bin/jsc" and the lib path is "WebKitBuild/XXX/Release/lib"
    while the one of Apple port is "WebKitBuild/XXX/Release/jsc" and "WebKitBuild/XXX/Release/lib".
    And based on this library path, we configure the required environment variables to run WebKitTestRunner in GTK / EFL ports.

2. Add --dependencies option to add dependent library paths.

    While Apple ports does not require any additional dependent library path, GTK and EFL ports require this path,
    typically WebKitBuild/DependenciesGTK and WebKitBuild/DependenciesEFL respectively. So we need to add such paths to LD_LIBRARY_PATH.
    Instead of adding platform options like --gtk / --efl, we add --dependencies option to add the additional dependent library paths.
    The platform options still require the build path to look up the dependent library directory. So we pass it directly through --dependencies.
    Multiple additional dependent library paths can be added by using --dependencies multiple times.

By using these change, we can run benchmarks that require WebKitTestRunner in GTK / EFL ports (If you would like to run them in a headless manner, you can use xvbuf.).
Example:
    `Tools/Scripts/run-jsc-benchmarks baseline:WebKitBuild/baseline/Release/bin/WebKitTestRunner patched:WebKitBuild/patched/Release/bin/WebKitTestRunner --dependencies WebKitBuild/DependenciesGTK/Root/lib --js-bench`

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201365 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTypedArray.prototype.slice should not throw if no arguments are provided
keith_miller@apple.com [Wed, 25 May 2016 00:12:37 +0000 (00:12 +0000)]
TypedArray.prototype.slice should not throw if no arguments are provided
https://bugs.webkit.org/show_bug.cgi?id=158044
<rdar://problem/26433280>

Reviewed by Geoffrey Garen.

We were throwing an exception if the TypedArray.prototype.slice function
was not provided arguments. This was wrong. Instead we should just assume
the first argument was 0.

* runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::genericTypedArrayViewProtoFuncSlice): Deleted.
* tests/stress/typedarray-slice.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201364 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoLLInt should be able to cache prototype loads for values in GetById
keith_miller@apple.com [Tue, 24 May 2016 23:49:57 +0000 (23:49 +0000)]
LLInt should be able to cache prototype loads for values in GetById
https://bugs.webkit.org/show_bug.cgi?id=158032

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch adds prototype value caching to the LLInt for op_get_by_id.
Two previously unused words in the op_get_by_id bytecode have been
repurposed to hold extra information for the cache. The first is a
counter that records the number of get_by_ids that hit a cacheable value
on a prototype. When the counter is decremented from one to zero we
attempt to cache the prototype load, which will be discussed further
below. The second word is used to hold the prototype object when we have
started caching.

When the counter is decremented to zero we first attempt to generate and
watch the property conditions needed to ensure the validity of prototype
load. If the watchpoints are successfully created and installed we
replace the op_get_by_id opcode with the new op_get_by_id_proto_load
opcode, which tells the LLInt to use the cache prototype object for the
load rather than the base value.

Prior to this patch there was not LLInt specific data onCodeBlocks.
Since the CodeBlock needs to own the Watchpoints for the cache, a weak
map from each base structure to a bag of Watchpoints created for that
structure by some op_get_by_id has been added to the CodeBlock. During
GC, if we find that the a structure in the map has not been marked we
free the associated bag on the CodeBlock.

* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printGetByIdOp):
(JSC::CodeBlock::printGetByIdCacheStatus):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::finalizeLLIntInlineCaches):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::llintGetByIdWatchpointMap):
(JSC::clearLLIntGetByIdCache):
* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFromLLInt):
* bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp: Added.
(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::install):
(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
* bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h: Added.
* bytecode/ObjectPropertyConditionSet.cpp:
(JSC::ObjectPropertyConditionSet::isValidAndWatchable):
* bytecode/ObjectPropertyConditionSet.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitGetById):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setupGetByIdPrototypeCache):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/Options.h:
* tests/stress/llint-get-by-id-cache-prototype-load-from-dictionary.js: Added.
(test):

Source/WTF:

Add move constructors/initializers to Bags.

* wtf/Bag.h:
(WTF::Bag::Bag):
(WTF::Bag::operator=):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201363 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWe should be able to use the sampling profiler with DRT/WTR.
keith_miller@apple.com [Tue, 24 May 2016 23:03:09 +0000 (23:03 +0000)]
We should be able to use the sampling profiler with DRT/WTR.
https://bugs.webkit.org/show_bug.cgi?id=158041

Reviewed by Saam Barati.

This patch makes the sampling profiler use a new option, samplingProfilerPath, which
specifies the path to a directory to output sampling profiler data when the program
terminates or the VM is destroyed. Additionally, it fixes some other issues with the
bytecode profiler that would cause crashes on debug builds.

* profiler/ProfilerDatabase.cpp:
(JSC::Profiler::Database::ensureBytecodesFor):
(JSC::Profiler::Database::performAtExitSave):
* runtime/Options.h:
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::registerForReportAtExit):
(JSC::SamplingProfiler::reportDataToOptionFile):
(JSC::SamplingProfiler::reportTopFunctions):
(JSC::SamplingProfiler::reportTopBytecodes):
* runtime/SamplingProfiler.h:
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::~VM):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201361 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCandidates should work with input methods
bdakin@apple.com [Tue, 24 May 2016 23:02:14 +0000 (23:02 +0000)]
Candidates should work with input methods
https://bugs.webkit.org/show_bug.cgi?id=158042
-and corresponding-
rdar://problem/26205228

Reviewed by Tim Horton.

* WebView/WebHTMLView.mm:
* WebView/WebView.mm:
(-[WebView candidateList]):
* WebView/WebViewInternal.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201360 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWe can cache lookups to JSScope::abstractResolve inside CodeBlock::finishCreation
sbarati@apple.com [Tue, 24 May 2016 22:28:20 +0000 (22:28 +0000)]
We can cache lookups to JSScope::abstractResolve inside CodeBlock::finishCreation
https://bugs.webkit.org/show_bug.cgi?id=158036

Reviewed by Geoffrey Garen.

This patch implements a 1 item cache for JSScope::abstractResolve. I also tried
implementing the cache as a HashMap, but it seemed either less profitable on some
benchmarks or just as profitable on others. Therefore, it's cleaner to just
use a 1 item cache.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::AbstractResolveKey::AbstractResolveKey):
(JSC::AbstractResolveKey::operator==):
(JSC::AbstractResolveKey::isEmptyValue):
(JSC::CodeBlock::finishCreation):
* runtime/GetPutInfo.h:
(JSC::needsVarInjectionChecks):
(JSC::ResolveOp::ResolveOp):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201359 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Font Loading] Crash during font download failure after garbage collection
mmaxfield@apple.com [Tue, 24 May 2016 22:04:07 +0000 (22:04 +0000)]
[Font Loading] Crash during font download failure after garbage collection
https://bugs.webkit.org/show_bug.cgi?id=158013
<rdar://problem/25148032>

Reviewed by Darin Adler.

Source/WebCore:

Usually, ownership during font loading is top-down - JavaScript owns a JSFontFace,
which owns a FontFace, which owns a CSSFontFace. However, when we receive the
asynchronous callback that a font finished loading, the call comes in from the
bottom - it is delivered from the CSSFontFaceSource to the CSSFontFace, and then
to the FontFace. If a garbage collection had previously run, we might remove
the last reference to ourself during this asynchronous callback. A simple guard
makes sure this doesn't happen.

Test: fast/text/font-face-crash.html

* css/CSSFontFace.cpp:
(WebCore::CSSFontFace::fontLoaded):

LayoutTests:

* fast/text/font-face-crash-expected.txt: Added.
* fast/text/font-face-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201358 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSource/WebCore:
ryanhaddad@apple.com [Tue, 24 May 2016 22:03:30 +0000 (22:03 +0000)]
Source/WebCore:
Unreviewed, rolling out r201349.

This change caused compositing tests to assert on iOS
simulator

Reverted changeset:

"Elements with backdrop-filter cannot be clipped with clip-
path or mask"
https://bugs.webkit.org/show_bug.cgi?id=142662
http://trac.webkit.org/changeset/201349

Source/WebKit2:
Unreviewed, rolling out r201349.

This change caused compositing tests to assert on iOS
simulator

Reverted changeset:

"Elements with backdrop-filter cannot be clipped with clip-
path or mask"
https://bugs.webkit.org/show_bug.cgi?id=142662
http://trac.webkit.org/changeset/201349

LayoutTests:
201-05-24  Ryan Haddad  <ryanhaddad@apple.com>

Unreviewed, rolling out r201349.

This change caused compositing tests to assert on iOS
simulator

Reverted changeset:

"Elements with backdrop-filter cannot be clipped with clip-
path or mask"
https://bugs.webkit.org/show_bug.cgi?id=142662
http://trac.webkit.org/changeset/201349

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201357 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModern IDB: (Workers) Eliminate race in getting the ScriptExecutionContext and using it.
beidson@apple.com [Tue, 24 May 2016 21:57:56 +0000 (21:57 +0000)]
Modern IDB: (Workers) Eliminate race in getting the ScriptExecutionContext and using it.
https://bugs.webkit.org/show_bug.cgi?id=158038

Reviewed by Alex Christensen.

No new tests (Resolves potential flakes in existing tests).

When the main thread is trying to post a task to a worker thread's ScriptExecutionContext, there is a race
between checking that the context still exists and actually using it.

The solution is to add a new class - IDBActiveDOMObject - which does a few things things:
1 - Remembers its origin thread.
2 - Guards clearing its ScriptExecutionContext with a Lock.
3 - Adds a templated "performCallbackOnOriginThread" that uses the same Lock to make sure posting the task to
    the ScriptExecutionContext's RunLoop is safe.

Also, tons of ASSERTions are updated because each object with an originThread no longer keeps its idea in an
accessible member variable.

* Modules/indexeddb/IDBActiveDOMObject.h:
(WebCore::IDBActiveDOMObject::originThreadID):
(WebCore::IDBActiveDOMObject::performCallbackOnOriginThread):
(WebCore::IDBActiveDOMObject::IDBActiveDOMObject):

* Modules/indexeddb/IDBDatabase.cpp:
(WebCore::IDBDatabase::IDBDatabase):
(WebCore::IDBDatabase::~IDBDatabase):
(WebCore::IDBDatabase::hasPendingActivity):
(WebCore::IDBDatabase::name):
(WebCore::IDBDatabase::version):
(WebCore::IDBDatabase::objectStoreNames):
(WebCore::IDBDatabase::createObjectStore):
(WebCore::IDBDatabase::transaction):
(WebCore::IDBDatabase::deleteObjectStore):
(WebCore::IDBDatabase::close):
(WebCore::IDBDatabase::didCloseFromServer):
(WebCore::IDBDatabase::maybeCloseInServer):
(WebCore::IDBDatabase::activeDOMObjectName):
(WebCore::IDBDatabase::canSuspendForDocumentSuspension):
(WebCore::IDBDatabase::stop):
(WebCore::IDBDatabase::startVersionChangeTransaction):
(WebCore::IDBDatabase::didStartTransaction):
(WebCore::IDBDatabase::willCommitTransaction):
(WebCore::IDBDatabase::didCommitTransaction):
(WebCore::IDBDatabase::willAbortTransaction):
(WebCore::IDBDatabase::didAbortTransaction):
(WebCore::IDBDatabase::didCommitOrAbortTransaction):
(WebCore::IDBDatabase::fireVersionChangeEvent):
(WebCore::IDBDatabase::dispatchEvent):
(WebCore::IDBDatabase::didCreateIndexInfo):
(WebCore::IDBDatabase::didDeleteIndexInfo):
* Modules/indexeddb/IDBDatabase.h:
(WebCore::IDBDatabase::originThreadID): Deleted.

* Modules/indexeddb/IDBRequest.cpp:
(WebCore::IDBRequest::IDBRequest):
(WebCore::IDBRequest::~IDBRequest):
(WebCore::IDBRequest::errorCode):
(WebCore::IDBRequest::error):
(WebCore::IDBRequest::setSource):
(WebCore::IDBRequest::setVersionChangeTransaction):
(WebCore::IDBRequest::transaction):
(WebCore::IDBRequest::readyState):
(WebCore::IDBRequest::sourceObjectStoreIdentifier):
(WebCore::IDBRequest::sourceIndexIdentifier):
(WebCore::IDBRequest::requestedIndexRecordType):
(WebCore::IDBRequest::eventTargetInterface):
(WebCore::IDBRequest::activeDOMObjectName):
(WebCore::IDBRequest::canSuspendForDocumentSuspension):
(WebCore::IDBRequest::hasPendingActivity):
(WebCore::IDBRequest::stop):
(WebCore::IDBRequest::enqueueEvent):
(WebCore::IDBRequest::dispatchEvent):
(WebCore::IDBRequest::uncaughtExceptionInEventHandler):
(WebCore::IDBRequest::setResult):
(WebCore::IDBRequest::setResultToStructuredClone):
(WebCore::IDBRequest::clearResult):
(WebCore::IDBRequest::setResultToUndefined):
(WebCore::IDBRequest::resultCursor):
(WebCore::IDBRequest::willIterateCursor):
(WebCore::IDBRequest::didOpenOrIterateCursor):
(WebCore::IDBRequest::requestCompleted):
(WebCore::IDBRequest::onError):
(WebCore::IDBRequest::onSuccess):
* Modules/indexeddb/IDBRequest.h:
(WebCore::IDBRequest::originThreadID): Deleted.

* Modules/indexeddb/IDBTransaction.cpp:
(WebCore::IDBTransaction::IDBTransaction):
(WebCore::IDBTransaction::originThreadID): Deleted.
* Modules/indexeddb/IDBTransaction.h:

* Modules/indexeddb/client/IDBConnectionProxy.cpp:
(WebCore::IDBClient::IDBConnectionProxy::completeOpenDBRequest):
(WebCore::IDBClient::IDBConnectionProxy::completeOperation):
(WebCore::IDBClient::IDBConnectionProxy::fireVersionChangeEvent):
(WebCore::IDBClient::IDBConnectionProxy::notifyOpenDBRequestBlocked):
(WebCore::IDBClient::IDBConnectionProxy::didStartTransaction):
(WebCore::IDBClient::IDBConnectionProxy::didCommitTransaction):
(WebCore::IDBClient::IDBConnectionProxy::didAbortTransaction):
(WebCore::IDBClient::IDBConnectionProxy::didCloseFromServer):
(WebCore::IDBClient::performCallbackOnCorrectThread): Deleted.

* Modules/indexeddb/client/TransactionOperation.cpp:
(WebCore::IDBClient::TransactionOperation::scriptExecutionContext): Deleted.
* Modules/indexeddb/client/TransactionOperation.h:
(WebCore::IDBClient::TransactionOperation::performCompleteOnOriginThread):

* WebCore.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201356 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoOnly set overflow:hidden on -webkit-media-controls when the placeholder is showing.
adachan@apple.com [Tue, 24 May 2016 21:48:20 +0000 (21:48 +0000)]
Only set overflow:hidden on -webkit-media-controls when the placeholder is showing.
https://bugs.webkit.org/show_bug.cgi?id=157975

Reviewed by Eric Carlson.

Source/WebCore:

Test: media/mac/controls-panel-not-clipped-out.html

overflow:hidden was added to clip out content contained in -webkit-media-controls
that sticks out of the bounds of that container when the inlinePlaybackPlaceholder
is showing. However, that style also clips out things that we want to show when the
inlinePlaybackPlaceholder is not showing. For example, the volume slider or the
controls panel when the video element's height is too short.

To fix that, we only set overflow:hidden on -webkit-media-controls when the
inlinePlaybackPlaceholder is visible.

* Modules/mediacontrols/mediaControlsApple.css:
(::-webkit-media-controls):
(::-webkit-media-controls.placeholder-showing):
Set overflow:hidden only when the placeholder is showing.

* Modules/mediacontrols/mediaControlsApple.js:
(Controller.prototype.handlePresentationModeChange):
Add the placeholderShowing class to -webkit-media-controls only when the
inlinePlaybackPlaceholder is not hidden.

LayoutTests:

This is a Mac only test. The media controls panel should still be visible
even if the media element's height is very short.

* TestExpectations:
* media/mac/controls-panel-not-clipped-out-expected.html: Added.
* media/mac/controls-panel-not-clipped-out.html: Added.
* platform/mac/TestExpectations:

* platform/mac/media/media-document-audio-repaint-expected.txt:
* platform/mac/media/video-zoom-controls-expected.txt:
Rebaseline tests.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201355 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r201341.
ryanhaddad@apple.com [Tue, 24 May 2016 21:38:50 +0000 (21:38 +0000)]
Unreviewed, rolling out r201341.

This change may have caused LayoutTests to crash on Mac and
iOS

Reverted changeset:

"Use lambda capture with initializer instead of StringCapture"
https://bugs.webkit.org/show_bug.cgi?id=158010
http://trac.webkit.org/changeset/201341

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201354 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix null pointer dereferencing in WebViewImpl::inputContext
commit-queue@webkit.org [Tue, 24 May 2016 21:12:33 +0000 (21:12 +0000)]
Fix null pointer dereferencing in WebViewImpl::inputContext
https://bugs.webkit.org/show_bug.cgi?id=158026
rdar://problem/25994093

Patch by Alex Christensen <achristensen@webkit.org> on 2016-05-24
Reviewed by Tim Horton.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView inputContext]):
this was null sometimes in WebViewImpl::inputContext.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201351 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWebRTC: RTCIceCandidate: Make attributes readonly (and update constructor arg)
adam.bergkvist@ericsson.com [Tue, 24 May 2016 21:03:51 +0000 (21:03 +0000)]
WebRTC: RTCIceCandidate: Make attributes readonly (and update constructor arg)
https://bugs.webkit.org/show_bug.cgi?id=157859

Reviewed by Eric Carlson.

Source/WebCore:

Make the RTCIceCandidate constructor argument mandatory and the attributes
read-only (in accordance with the WebRTC 1.0 specification [1]).

[1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#rtcicecandidate-interface

Updated existing test.

* Modules/mediastream/RTCIceCandidate.h:
(WebCore::RTCIceCandidate::setCandidate): Deleted.
(WebCore::RTCIceCandidate::setSdpMid): Deleted.
(WebCore::RTCIceCandidate::setSdpMLineIndex): Deleted.
* Modules/mediastream/RTCIceCandidate.idl:

LayoutTests:

* fast/mediastream/RTCIceCandidate-expected.txt:
Small unrelated fix: s/a argument/an argument/ (test was previously broken).
* fast/mediastream/RTCIceCandidate.html:
Test without constructor arguments and writing to the read-only attributes.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201350 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoElements with backdrop-filter cannot be clipped with clip-path or mask
commit-queue@webkit.org [Tue, 24 May 2016 21:02:13 +0000 (21:02 +0000)]
Elements with backdrop-filter cannot be clipped with clip-path or mask
https://bugs.webkit.org/show_bug.cgi?id=142662
<rdar://problem/20150192>

Patch by Antoine Quint <graouts@apple.com> on 2016-05-24
Reviewed by Dean Jackson.

Source/WebCore:

We used to only apply the mask to the layer contents but did not account
for the fact that a layer backdrop may exist. We now correctly mask the
backdrop layer as well as the layer contents.

Test: css3/filters/backdrop/backdrop-filter-with-clip-path.html

* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::updateShape):
Ensure clones of a layer use the same shape path.

(WebCore::GraphicsLayerCA::updateMaskLayer):
If we have a backdrop layer, ensure that we apply a clone of the mask layer applied to
the layer contents.

Source/WebKit2:

Ensure layer clones are set up with the same shape path as their original layer.

* WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:
(WebKit::PlatformCALayerRemote::updateClonedLayerProperties):

LayoutTests:

New test that checks that applying a backdrop-filter and a clip-path on a single
element has the same effect as applying a clip-path on a parent of a child with
a backdrop-filter.

* css3/filters/backdrop/backdrop-filter-with-clip-path-expected.txt: Added.
* css3/filters/backdrop/backdrop-filter-with-clip-path.html: Added.
* platform/ios-simulator/css3/filters/backdrop/backdrop-filter-with-clip-path-expected.html: Added.
* platform/mac/css3/filters/backdrop/backdrop-filter-with-clip-path-expected.png: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201349 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWebRTC: Update failing RTCPeerConnection and RTCRtpSender tests
adam.bergkvist@ericsson.com [Tue, 24 May 2016 21:01:10 +0000 (21:01 +0000)]
WebRTC: Update failing RTCPeerConnection and RTCRtpSender tests
https://bugs.webkit.org/show_bug.cgi?id=158023

Reviewed by Eric Carlson.

* fast/mediastream/RTCPeerConnection-add-removeTrack-expected.txt:
Update results with more specific TypeError.
* fast/mediastream/RTCRtpSender-replaceTrack-expected.txt:
Update test to match Promise rejections introduce in r201080.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201348 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Allow clients to override the type of an input field
commit-queue@webkit.org [Tue, 24 May 2016 20:22:17 +0000 (20:22 +0000)]
[iOS] Allow clients to override the type of an input field
https://bugs.webkit.org/show_bug.cgi?id=157995

Patch by Chelsea Pugh <cpugh@apple.com> on 2016-05-24
Reviewed by Dan Bernstein.

* UIProcess/API/Cocoa/_WKFormInputSession.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKFormInputSession textContentType]): Getter for textContentType.
(-[WKFormInputSession setTextContentType:]): Set the textContentType and reload
input views.
(contentTypeFromFieldName): Factor out switch statement to get text content type
from autofill field name into its own function.
(-[WKContentView textInputTraits]): If the client has set a text content type,
set the traits' content type to that. Otherwise, set the text content type if
there is one based on the assisted node information's autofill field name. If
neither the form input session nor the assisted node info yields a text content
type, set the text content type to nil, its default value.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201347 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agofast/table/neighboring-cells-when-collapsed-border-changes.html is flaky.
zalan@apple.com [Tue, 24 May 2016 20:02:31 +0000 (20:02 +0000)]
fast/table/neighboring-cells-when-collapsed-border-changes.html is flaky.
https://bugs.webkit.org/show_bug.cgi?id=158009

Reviewed by David Hyatt.

RenderTable::invalidateCollapsedBorders() early returns on m_collapsedEmptyBorderIsPresent
which prevents us from marking neighboring cells dirty when style changes.
Decouple the "invalidate the collapsed borders" and the "mark the neighboring cells dirty" logic.

Source/WebCore:

Covered by existing tests. (and now we agree with FF on cached-change-cell-border-width.html)

* rendering/RenderTable.cpp:
(WebCore::RenderTable::invalidateCollapsedBorders):
(WebCore::markCellDirtyWhenCollapsedBorderChanges): Deleted.
* rendering/RenderTableCell.cpp:
(WebCore::markCellDirtyWhenCollapsedBorderChanges):
(WebCore::RenderTableCell::styleDidChange):

LayoutTests:

* fast/table/border-collapsing/cached-change-cell-border-width-expected.txt: Progression. FF agrees.
* fast/table/neighboring-cells-when-collapsed-border-changes.html:
* platform/ios-simulator-wk1/fast/table/border-collapsing/cached-change-cell-border-width-expected.txt:
* platform/mac-wk1/TestExpectations:
* platform/mac/fast/table/border-collapsing/cached-change-cell-border-width-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201346 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix use-after-free after r201318
achristensen@apple.com [Tue, 24 May 2016 20:01:50 +0000 (20:01 +0000)]
Fix use-after-free after r201318
https://bugs.webkit.org/show_bug.cgi?id=158037
rdar://problem/26446729

Reviewed by Brady Eidson.

This fixes a crash when running fast/dom/navigation-with-sideeffects.html with GuardMalloc.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::setJSTestObjPutForwardsNullableAttribute):
Changing RefPtr<${type}> to auto caused the type to sometimes be a raw pointer, which does not keep the object alive.
In the case of JSDocument.cpp, forwardedImpl was what Document::location returned, which is a Location* and not a RefPtr<Location>.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201345 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking mathml/wbr-in-mroot-crash.html as flaky on ios-simulator-wk2
ryanhaddad@apple.com [Tue, 24 May 2016 19:56:15 +0000 (19:56 +0000)]
Marking mathml/wbr-in-mroot-crash.html as flaky on ios-simulator-wk2
https://bugs.webkit.org/show_bug.cgi?id=157990

Unreviewed test gardening.

* platform/ios-simulator-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201344 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r201323.
ryanhaddad@apple.com [Tue, 24 May 2016 19:48:58 +0000 (19:48 +0000)]
Unreviewed, rolling out r201323.

One of the LayoutTests added with this change fails on all
platforms. Rolling out until ResourceTiming flakiness fix is
landed

Reverted changeset:

"Add a few initiator tests to resource timing."
https://bugs.webkit.org/show_bug.cgi?id=157986
http://trac.webkit.org/changeset/201323

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201343 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviwed, add a comment to describe the test's failure mode. Suggested by mlam.
fpizlo@apple.com [Tue, 24 May 2016 19:04:24 +0000 (19:04 +0000)]
Unreviwed, add a comment to describe the test's failure mode. Suggested by mlam.

* tests/stress/override-map-constructor.js:
(Map):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201342 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse lambda capture with initializer instead of StringCapture
cdumez@apple.com [Tue, 24 May 2016 19:03:42 +0000 (19:03 +0000)]
Use lambda capture with initializer instead of StringCapture
https://bugs.webkit.org/show_bug.cgi?id=158010

Reviewed by Antti Koivisto.

Source/WebCore:

Use lambda capture with initializer instead of StringCapture now that
we support C++14.

* fileapi/AsyncFileStream.cpp:
(WebCore::AsyncFileStream::getSize):
(WebCore::AsyncFileStream::openForRead):
(WebCore::AsyncFileStream::openForWrite):
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::installContentFilterUnblockHandler):
* loader/WorkerThreadableLoader.cpp:
(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
* platform/ios/WebVideoFullscreenControllerAVKit.mm:
(WebVideoFullscreenControllerContext::setExternalPlayback):
* platform/network/curl/CurlDownload.cpp:
(WebCore::CurlDownload::didReceiveHeader):
* workers/WorkerMessagingProxy.cpp:
(WebCore::WorkerMessagingProxy::postExceptionToWorkerObject):
(WebCore::WorkerMessagingProxy::postConsoleMessageToWorkerObject):

Source/WebKit2:

Use lambda capture with initializer instead of StringCapture now that
we support C++14.

* NetworkProcess/cache/NetworkCache.cpp:
(WebKit::NetworkCache::Cache::deleteDumpFile):
* NetworkProcess/cache/NetworkCacheStatistics.cpp:
(WebKit::NetworkCache::Statistics::initialize):
(WebKit::NetworkCache::Statistics::shrinkIfNeeded):
* NetworkProcess/cache/NetworkCacheStorage.cpp:
(WebKit::NetworkCache::Storage::updateFileModificationTime):
(WebKit::NetworkCache::Storage::clear):
* UIProcess/API/APIUserContentExtensionStore.cpp:
(API::UserContentExtensionStore::lookupContentExtension):
(API::UserContentExtensionStore::compileContentExtension):
(API::UserContentExtensionStore::removeContentExtension):
* UIProcess/WebsiteData/WebsiteDataStore.cpp:
(WebKit::WebsiteDataStore::fetchData):
(WebKit::WebsiteDataStore::removeData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201341 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMap should not be in JSGlobalObject's static hashtable because it's initialized eager...
fpizlo@apple.com [Tue, 24 May 2016 19:01:35 +0000 (19:01 +0000)]
Map should not be in JSGlobalObject's static hashtable because it's initialized eagerly via FOR_EACH_SIMPLE_BUILTIN_TYPE_WITH_CONSTRUCTOR
https://bugs.webkit.org/show_bug.cgi?id=158031
rdar://problem/26353661

Reviewed by Geoffrey Garen.

We were listing Map as being a lazy class structure. It's not. m_mapStructure is a WriteBarrier<>
not a LazyClassStructure<> and there is nothing lazy about it.

* runtime/JSGlobalObject.cpp: The fix is to remove Map here.
* runtime/Lookup.cpp: Add some dumping on the assert path.
(JSC::setUpStaticFunctionSlot):
* tests/stress/override-map-constructor.js: Added. This test used to crash.
(Map):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201340 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWe should have JSBench in PerformanceTests
keith_miller@apple.com [Tue, 24 May 2016 19:00:51 +0000 (19:00 +0000)]
We should have JSBench in PerformanceTests
https://bugs.webkit.org/show_bug.cgi?id=157952

Rubber-stamped by Saam Barati.

PerformanceTests:

There are some slight changes to the layout of the test directory
to make it work nicely with run-jsc-benchmarks. Before JSBench
had each of the browser specific sub-tests in a sub-directory.
These have been flattened e.g. amazon/safari/ has become
amazon-safari/.

* JSBench/amazon-chrome-win/urem.html: Added.
* JSBench/amazon-chrome-win/urem.js: Added.
* JSBench/amazon-chrome/urem.html: Added.
* JSBench/amazon-chrome/urem.js: Added.
* JSBench/amazon-firefox-win/urm.html: Added.
* JSBench/amazon-firefox-win/urm.js: Added.
* JSBench/amazon-firefox/urm.html: Added.
* JSBench/amazon-firefox/urm.js: Added.
* JSBench/amazon-safari/urem.html: Added.
* JSBench/amazon-safari/urem.js: Added.
* JSBench/browsercheck.js: Added.
* JSBench/facebook-chrome-win/urem.html: Added.
* JSBench/facebook-chrome-win/urem.js: Added.
* JSBench/facebook-chrome/urem.html: Added.
* JSBench/facebook-chrome/urem.js: Added.
* JSBench/facebook-firefox-win/urem.html: Added.
* JSBench/facebook-firefox-win/urem.js: Added.
* JSBench/facebook-firefox/urem.html: Added.
* JSBench/facebook-firefox/urem.js: Added.
* JSBench/facebook-safari/urem.html: Added.
* JSBench/facebook-safari/urem.js: Added.
* JSBench/google-chrome-win/urem.html: Added.
* JSBench/google-chrome-win/urem.js: Added.
* JSBench/google-chrome/urem.html: Added.
* JSBench/google-chrome/urem.js: Added.
* JSBench/google-firefox-win/urem.html: Added.
* JSBench/google-firefox-win/urem.js: Added.
* JSBench/google-firefox/uem.html: Added.
* JSBench/google-firefox/uem.js: Added.
* JSBench/google-safari/urem.html: Added.
* JSBench/google-safari/urem.js: Added.
* JSBench/harness.html: Added.
* JSBench/harness.js: Added.
* JSBench/harness.py: Added.
* JSBench/index.html: Added.
* JSBench/reload.html: Added.
* JSBench/twitter-chrome-win/rem.html: Added.
* JSBench/twitter-chrome-win/rem.js: Added.
* JSBench/twitter-chrome/urem.html: Added.
* JSBench/twitter-chrome/urem.js: Added.
* JSBench/twitter-firefox-win/urem.html: Added.
* JSBench/twitter-firefox-win/urem.js: Added.
* JSBench/twitter-firefox/urem.html: Added.
* JSBench/twitter-firefox/urem.js: Added.
* JSBench/twitter-safari/urem.html: Added.
* JSBench/twitter-safari/urem.js: Added.
* JSBench/yahoo-chrome-win/urem.html: Added.
* JSBench/yahoo-chrome-win/urem.js: Added.
* JSBench/yahoo-chrome/urem.html: Added.
* JSBench/yahoo-chrome/urem.js: Added.
* JSBench/yahoo-firefox-win/urem.html: Added.
* JSBench/yahoo-firefox-win/urem.js: Added.
* JSBench/yahoo-firefox/urem.html: Added.
* JSBench/yahoo-firefox/urem.js: Added.
* JSBench/yahoo-safari/urem.html: Added.
* JSBench/yahoo-safari/urem.js: Added.

Tools:

This changes the runner to use the layout of the newest version of JSBench.

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201339 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnskip passing test after r201336
achristensen@apple.com [Tue, 24 May 2016 18:45:21 +0000 (18:45 +0000)]
Unskip passing test after r201336
https://bugs.webkit.org/show_bug.cgi?id=156812

* platform/ios-simulator/TestExpectations:
compositing/webgl/webgl-reflection.html passes now.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201338 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAnother build fix after r201307.
rniwa@webkit.org [Tue, 24 May 2016 18:04:03 +0000 (18:04 +0000)]
Another build fix after r201307.

* public/v3/pages/page-router.js:
(PageRouter.prototype._deserializeHashQueryValue):
(PageRouter.prototype._countOccurrences): Moved from _deserializeHashQueryValue.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201337 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix iOS WebGL after r199738
achristensen@apple.com [Tue, 24 May 2016 17:36:05 +0000 (17:36 +0000)]
Fix iOS WebGL after r199738
https://bugs.webkit.org/show_bug.cgi?id=158024
rdar://problem/26446679

Reviewed by Myles Maxfield.

* ANGLE.xcodeproj/project.pbxproj:
iOS needs the ESSL translator.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201336 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoLLInt64 should have typed array fast paths for get_by_val
fpizlo@apple.com [Tue, 24 May 2016 17:08:45 +0000 (17:08 +0000)]
LLInt64 should have typed array fast paths for get_by_val
https://bugs.webkit.org/show_bug.cgi?id=157931

Reviewed by Keith Miller.

Source/JavaScriptCore:

I think that the LLInt should be able to access typed arrays more quickly than it does now.
Ideally we would have fast paths for every major typed array operation and we would use
inline cache optimizations. I don't want to do this all in one go, so my plan is to
incrementally add support for this as time allows.

This change just adds the easy typed array fast paths for get_by_val in the 64-bit version
of LLInt.

Another bug, https://bugs.webkit.org/show_bug.cgi?id=157922, tracks the overall task of
adding all typed array fast paths to both versions of the LLInt.

This is a 30% speed-up on typed array benchmarks in LLInt. This is not a speed-up when the
JITs are enabled.

* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LLIntOffsetsExtractor.cpp:
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter64.asm:
* offlineasm/backends.rb:
* runtime/JSArrayBufferView.h:
* runtime/JSType.h:

LayoutTests:

* js/regress/get_by_val-Int32Array-expected.txt: Added.
* js/regress/get_by_val-Int32Array.html: Added.
* js/regress/script-tests/get_by_val-Int32Array.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201335 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoIn accelerated drawing mode, ImageBuffer::putByteArray() should copy the bytes direct...
commit-queue@webkit.org [Tue, 24 May 2016 16:59:13 +0000 (16:59 +0000)]
In accelerated drawing mode, ImageBuffer::putByteArray() should copy the bytes directly to the IOSurface backing store
https://bugs.webkit.org/show_bug.cgi?id=157966

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-05-24
Reviewed by Dean Jackson.

Roll out the the change of r106836 in ImageBuffer::putByteArray(). r106836
was using CG to draw the image data as a native image in the accelerated
drawing mode just to force invalidating the IOSurface cached image. Instead
of doing that, we can use a light-weight fix, for now, to force recreating
the IOSurface image if it is requested through CGIOSurfaceContextCreateImage().

* platform/graphics/cg/ImageBufferCG.cpp:
(WebCore::ImageBuffer::putByteArray):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201334 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse auto for some of our lambda function parameters
cdumez@apple.com [Tue, 24 May 2016 16:50:26 +0000 (16:50 +0000)]
Use auto for some of our lambda function parameters
https://bugs.webkit.org/show_bug.cgi?id=158001

Reviewed by Darin Adler.

Use auto for some of our lambda function parameters now that we build with c++14.

Source/WebCore:

* Modules/mediasource/MediaSource.cpp:
(WebCore::MediaSource::buffered):
(WebCore::MediaSource::monitorSourceBuffers):
(WebCore::MediaSource::endOfStream):
* Modules/mediasource/SampleMap.cpp:
(WebCore::PresentationOrderSampleMap::findSamplesWithinPresentationRangeFromEnd):
* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::ariaSelectedRows):
* bindings/js/SerializedScriptValue.cpp:
(WebCore::SerializedScriptValue::writeBlobsToDiskForIndexedDB):
* css/CSSValueList.cpp:
(WebCore::CSSValueList::removeAll):
* css/MediaList.cpp:
(WebCore::MediaQuerySet::remove):
* css/MediaQuery.cpp:
(WebCore::MediaQuery::MediaQuery):
* css/MediaQueryMatcher.cpp:
(WebCore::MediaQueryMatcher::removeListener):
* dom/Document.cpp:
(WebCore::Document::validateAutoSizingNodes):
* dom/Element.cpp:
(WebCore::Element::detachAttrNodeFromElementWithValue):
* dom/MutationObserver.cpp:
(WebCore::MutationObserver::deliverAllMutations):
* dom/Node.cpp:
(WebCore::Node::unregisterMutationObserver):
* html/LinkIconCollector.cpp:
* inspector/InspectorIndexedDBAgent.cpp:
(WebCore::InspectorIndexedDBAgent::requestDatabaseNames):
* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::loadDataURL):
* page/CaptionUserPreferences.cpp:
(WebCore::CaptionUserPreferences::sortedTrackListForMenu):
* page/CaptionUserPreferencesMediaAF.cpp:
(WebCore::CaptionUserPreferencesMediaAF::sortedTrackListForMenu):
* page/animation/AnimationController.cpp:
(WebCore::AnimationControllerPrivate::clear):
* platform/graphics/FontCascade.cpp:
(WebCore::pruneUnreferencedEntriesFromFontCascadeCache):
* platform/graphics/FontCascadeFonts.cpp:
(WebCore::FontCascadeFonts::pruneSystemFallbacks):
* platform/graphics/PathUtilities.cpp:
(WebCore::addIntersectionPoints):
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks):
* platform/graphics/texmap/TextureMapperGL.cpp:
(WebCore::TextureMapperGLData::SharedGLData::~SharedGLData):
* platform/mac/HIDGamepad.cpp:
(WebCore::HIDGamepad::initElements):
* svg/SVGToOTFFontConversion.cpp:
(WebCore::SVGToOTFFontConverter::appendLigatureSubtable):
(WebCore::SVGToOTFFontConverter::finishAppendingKERNSubtable):

Source/WebKit2:

* DatabaseProcess/IndexedDB/WebIDBConnectionToClient.cpp:
(WebKit::WebIDBConnectionToClient::didGetRecord):
* NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::writeBlobsToTemporaryFiles):
* NetworkProcess/NetworkProcess.cpp:
(WebKit::fetchDiskCacheEntries):
(WebKit::NetworkProcess::fetchWebsiteData):
(WebKit::clearDiskCacheEntries):
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::retrieveCacheEntry):
(WebKit::NetworkResourceLoader::tryStoreAsCacheEntry):
* NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:
(WebKit::NetworkCache::SpeculativeLoad::didFinishLoading):
* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:
(WebKit::NetworkCache::SpeculativeLoadManager::registerLoad):
(WebKit::NetworkCache::SpeculativeLoadManager::retrieveEntryFromStorage):
(WebKit::NetworkCache::SpeculativeLoadManager::revalidateEntry):
(WebKit::NetworkCache::SpeculativeLoadManager::preloadEntry):
(WebKit::NetworkCache::SpeculativeLoadManager::retrieveSubresourcesEntry):
* NetworkProcess/cache/NetworkCacheStorage.cpp:
(WebKit::NetworkCache::Storage::removeFromPendingWriteOperations):
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:task:_schemeUpgraded:completionHandler:]):
* Shared/API/Cocoa/_WKRemoteObjectInterface.mm:
(-[_WKRemoteObjectInterface debugDescription]):
* UIProcess/API/C/WKApplicationCacheManager.cpp:
(WKApplicationCacheManagerGetApplicationCacheOrigins):
* UIProcess/API/C/WKKeyValueStorageManager.cpp:
(WKKeyValueStorageManagerGetKeyValueStorageOrigins):
(WKKeyValueStorageManagerGetStorageDetailsByOrigin):
* UIProcess/API/C/WKResourceCacheManager.cpp:
(WKResourceCacheManagerGetCacheOrigins):
* UIProcess/API/Cocoa/WKWebsiteDataStore.mm:
(-[WKWebsiteDataStore _fetchDataRecordsOfTypes:withOptions:completionHandler:]):
* UIProcess/UserContent/WebUserContentControllerProxy.cpp:
(WebKit::WebUserContentControllerProxy::removeAllUserScripts):
(WebKit::WebUserContentControllerProxy::removeAllUserStyleSheets):
(WebKit::WebUserContentControllerProxy::removeAllUserMessageHandlers):
* WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:
(WebKit::PlatformCALayerRemote::removeAnimationForKey):

Source/WTF:

* wtf/BubbleSort.h:
(WTF::bubbleSort):

Tools:

* WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
(WTR::InjectedBundle::willDestroyPage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201333 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r196629): Safari can get into a state where switching Reader theme doesn...
antti@apple.com [Tue, 24 May 2016 16:46:44 +0000 (16:46 +0000)]
REGRESSION (r196629): Safari can get into a state where switching Reader theme doesn't apply to the webpage
https://bugs.webkit.org/show_bug.cgi?id=158018
<rdar://problem/24732776>

Reviewed by Darin Adler.

When a tab goes to background we clear the style resolver. It is recreated lazily when the tab is again active.
However style invalidation code tests if the style resolver exists and skips the invalidation if it doesn't.
With sufficiently simple document (like in Reader) we may never create one for other reasons and so style
invalidation doesn't work.

No test, don't know how to make one.

* dom/Element.cpp:
(WebCore::Element::needsStyleInvalidation):

    Remove styleResolverIfExists() check and do the invalidation normally.
    Instead check for forced style recalc. If there is one pending we don't need to bother with invalidation.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201332 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, updating binding test results
utatane.tea@gmail.com [Tue, 24 May 2016 14:33:53 +0000 (14:33 +0000)]
Unreviewed, updating binding test results
https://bugs.webkit.org/show_bug.cgi?id=157080

* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
(WebCore::jsTestActiveDOMObjectExcitingAttr):
(WebCore::jsTestActiveDOMObjectConstructor):
* bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
(WebCore::jsTestClassWithJSBuiltinConstructorConstructor):
* bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
(WebCore::jsTestCustomConstructorWithNoInterfaceObjectConstructor):
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
(WebCore::jsTestCustomNamedGetterConstructor):
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
(WebCore::jsTestEventConstructorAttr1):
(WebCore::jsTestEventConstructorAttr2):
(WebCore::jsTestEventConstructorAttr3):
(WebCore::jsTestEventConstructorConstructor):
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
(WebCore::jsTestEventTargetConstructor):
* bindings/scripts/test/JS/JSTestException.cpp:
(WebCore::jsTestExceptionName):
(WebCore::jsTestExceptionConstructor):
* bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
(WebCore::jsTestGenerateIsReachableConstructor):
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
(WebCore::jsTestGlobalObjectRegularAttribute):
(WebCore::jsTestGlobalObjectEnabledAtRuntimeAttribute):
(WebCore::jsTestGlobalObjectConstructor):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::jsTestInterfaceConstructorImplementsStaticReadOnlyAttr):
(WebCore::jsTestInterfaceConstructorImplementsStaticAttr):
(WebCore::jsTestInterfaceImplementsStr1):
(WebCore::jsTestInterfaceImplementsStr2):
(WebCore::jsTestInterfaceImplementsStr3):
(WebCore::jsTestInterfaceImplementsNode):
(WebCore::jsTestInterfaceConstructorSupplementalStaticReadOnlyAttr):
(WebCore::jsTestInterfaceConstructorSupplementalStaticAttr):
(WebCore::jsTestInterfaceSupplementalStr1):
(WebCore::jsTestInterfaceSupplementalStr2):
(WebCore::jsTestInterfaceSupplementalStr3):
(WebCore::jsTestInterfaceSupplementalNode):
(WebCore::jsTestInterfaceConstructor):
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
(WebCore::jsTestJSBuiltinConstructorTestAttributeCustom):
(WebCore::jsTestJSBuiltinConstructorTestAttributeRWCustom):
(WebCore::jsTestJSBuiltinConstructorConstructor):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::jsTestMediaQueryListListenerConstructor):
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
(WebCore::jsTestNamedConstructorConstructor):
* bindings/scripts/test/JS/JSTestNode.cpp:
(WebCore::jsTestNodeName):
(WebCore::jsTestNodeConstructor):
* bindings/scripts/test/JS/JSTestNondeterministic.cpp:
(WebCore::jsTestNondeterministicNondeterministicReadonlyAttr):
(WebCore::jsTestNondeterministicNondeterministicWriteableAttr):
(WebCore::jsTestNondeterministicNondeterministicExceptionAttr):
(WebCore::jsTestNondeterministicNondeterministicGetterExceptionAttr):
(WebCore::jsTestNondeterministicNondeterministicSetterExceptionAttr):
(WebCore::jsTestNondeterministicConstructor):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::jsTestObjReadOnlyLongAttr):
(WebCore::jsTestObjReadOnlyStringAttr):
(WebCore::jsTestObjReadOnlyTestObjAttr):
(WebCore::jsTestObjConstructorStaticReadOnlyLongAttr):
(WebCore::jsTestObjConstructorStaticStringAttr):
(WebCore::jsTestObjConstructorTestSubObj):
(WebCore::jsTestObjTestSubObjEnabledBySettingConstructor):
(WebCore::jsTestObjEnumAttr):
(WebCore::jsTestObjByteAttr):
(WebCore::jsTestObjOctetAttr):
(WebCore::jsTestObjShortAttr):
(WebCore::jsTestObjClampedShortAttr):
(WebCore::jsTestObjEnforceRangeShortAttr):
(WebCore::jsTestObjUnsignedShortAttr):
(WebCore::jsTestObjLongAttr):
(WebCore::jsTestObjLongLongAttr):
(WebCore::jsTestObjUnsignedLongLongAttr):
(WebCore::jsTestObjStringAttr):
(WebCore::jsTestObjTestObjAttr):
(WebCore::jsTestObjTestNullableObjAttr):
(WebCore::jsTestObjLenientTestObjAttr):
(WebCore::jsTestObjUnforgeableAttr):
(WebCore::jsTestObjStringAttrTreatingNullAsEmptyString):
(WebCore::jsTestObjXMLObjAttr):
(WebCore::jsTestObjCreate):
(WebCore::jsTestObjReflectedStringAttr):
(WebCore::jsTestObjReflectedIntegralAttr):
(WebCore::jsTestObjReflectedUnsignedIntegralAttr):
(WebCore::jsTestObjReflectedBooleanAttr):
(WebCore::jsTestObjReflectedURLAttr):
(WebCore::jsTestObjReflectedCustomIntegralAttr):
(WebCore::jsTestObjReflectedCustomBooleanAttr):
(WebCore::jsTestObjReflectedCustomURLAttr):
(WebCore::jsTestObjEnabledAtRuntimeAttribute):
(WebCore::jsTestObjTypedArrayAttr):
(WebCore::jsTestObjAttrWithGetterException):
(WebCore::jsTestObjAttrWithGetterExceptionWithMessage):
(WebCore::jsTestObjAttrWithSetterException):
(WebCore::jsTestObjAttrWithSetterExceptionWithMessage):
(WebCore::jsTestObjStringAttrWithGetterException):
(WebCore::jsTestObjStringAttrWithSetterException):
(WebCore::jsTestObjStrictTypeCheckingAttribute):
(WebCore::jsTestObjCustomAttr):
(WebCore::jsTestObjOnfoo):
(WebCore::jsTestObjOnwebkitfoo):
(WebCore::jsTestObjWithScriptStateAttribute):
(WebCore::jsTestObjWithCallWithAndSetterCallWithAttribute):
(WebCore::jsTestObjWithScriptExecutionContextAttribute):
(WebCore::jsTestObjWithScriptStateAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttribute):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):
(WebCore::jsTestObjWithScriptArgumentsAndCallStackAttribute):
(WebCore::jsTestObjConditionalAttr1):
(WebCore::jsTestObjConditionalAttr2):
(WebCore::jsTestObjConditionalAttr3):
(WebCore::jsTestObjConditionalAttr4Constructor):
(WebCore::jsTestObjConditionalAttr5Constructor):
(WebCore::jsTestObjConditionalAttr6Constructor):
(WebCore::jsTestObjCachedAttribute1):
(WebCore::jsTestObjCachedAttribute2):
(WebCore::jsTestObjAnyAttribute):
(WebCore::jsTestObjContentDocument):
(WebCore::jsTestObjMutablePoint):
(WebCore::jsTestObjImmutablePoint):
(WebCore::jsTestObjStrawberry):
(WebCore::jsTestObjStrictFloat):
(WebCore::jsTestObjDescription):
(WebCore::jsTestObjId):
(WebCore::jsTestObjHash):
(WebCore::jsTestObjReplaceableAttribute):
(WebCore::jsTestObjNullableDoubleAttribute):
(WebCore::jsTestObjNullableLongAttribute):
(WebCore::jsTestObjNullableBooleanAttribute):
(WebCore::jsTestObjNullableStringAttribute):
(WebCore::jsTestObjNullableLongSettableAttribute):
(WebCore::jsTestObjNullableStringSettableAttribute):
(WebCore::jsTestObjNullableStringValue):
(WebCore::jsTestObjAttribute):
(WebCore::jsTestObjAttributeWithReservedEnumType):
(WebCore::jsTestObjPutForwardsAttribute):
(WebCore::jsTestObjPutForwardsNullableAttribute):
(WebCore::jsTestObjConstructor):
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
(WebCore::jsTestOverloadedConstructorsConstructor):
* bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
(WebCore::jsTestOverrideBuiltinsConstructor):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
(WebCore::jsTestSerializedScriptValueInterfaceValue):
(WebCore::jsTestSerializedScriptValueInterfaceReadonlyValue):
(WebCore::jsTestSerializedScriptValueInterfaceCachedValue):
(WebCore::jsTestSerializedScriptValueInterfacePorts):
(WebCore::jsTestSerializedScriptValueInterfaceCachedReadonlyValue):
(WebCore::jsTestSerializedScriptValueInterfaceConstructor):
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
(WebCore::jsTestTypedefsUnsignedLongLongAttr):
(WebCore::jsTestTypedefsImmutableSerializedScriptValue):
(WebCore::jsTestTypedefsConstructorTestSubObj):
(WebCore::jsTestTypedefsAttrWithGetterException):
(WebCore::jsTestTypedefsAttrWithSetterException):
(WebCore::jsTestTypedefsStringAttrWithGetterException):
(WebCore::jsTestTypedefsStringAttrWithSetterException):
(WebCore::jsTestTypedefsConstructor):
* bindings/scripts/test/JS/JSattribute.cpp:
(WebCore::jsattributeReadonly):
(WebCore::jsattributeConstructor):
* bindings/scripts/test/JS/JSreadonly.cpp:
(WebCore::jsreadonlyConstructor):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201331 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed GTK+ gardening. Rebaseline several tests after r200116.
carlosgc@webkit.org [Tue, 24 May 2016 13:12:47 +0000 (13:12 +0000)]
Unreviewed GTK+ gardening. Rebaseline several tests after r200116.

We are now correctly positioning RTL scrollbars.

* platform/gtk/fast/block/float/026-expected.png:
* platform/gtk/fast/block/float/026-expected.txt:
* platform/gtk/fast/block/float/028-expected.png:
* platform/gtk/fast/block/float/028-expected.txt:
* platform/gtk/fast/overflow/unreachable-overflow-rtl-bug-expected.png:
* platform/gtk/fast/overflow/unreachable-overflow-rtl-bug-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201330 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed GTK+ gardening. Fix wrong expectations of fast/harness/sample-fail-mismatc...
carlosgc@webkit.org [Tue, 24 May 2016 12:58:41 +0000 (12:58 +0000)]
Unreviewed GTK+ gardening. Fix wrong expectations of fast/harness/sample-fail-mismatch-reftest.html.

The test is flaky, but in this case  Pass means it failed and ImageOnlyFailure that it passed.

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201329 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoThisTDZMode is no longer needed
utatane.tea@gmail.com [Tue, 24 May 2016 12:04:35 +0000 (12:04 +0000)]
ThisTDZMode is no longer needed
https://bugs.webkit.org/show_bug.cgi?id=157209

Reviewed by Saam Barati.

ThisTDZMode is no longer needed because we have ConstructorKind
and DerivedContextType. The value of ThisTDZMode is strictly less
expressive than the combination of those two values. We were
using those values anyways, and this patch just makes it official
by removing ThisTDZMode.

This patch also cleans up caching keys. We extract SourceCodeFlags
from SourceCodeKey and use it in EvalCodeCache. It correctly
contains needed cache attributes: EvalContextType, DerivedContextType,
etc. Here, we still use specialized keys for EvalCodeCache instead
of SourceCodeKey for performance; it does not include name String and
does not allocate SourceCode.

* bytecode/EvalCodeCache.h:
(JSC::EvalCodeCache::CacheKey::CacheKey):
(JSC::EvalCodeCache::CacheKey::operator==):
(JSC::EvalCodeCache::CacheKey::Hash::equal):
(JSC::EvalCodeCache::tryGet):
(JSC::EvalCodeCache::getSlow):
* bytecompiler/NodesCodegen.cpp:
(JSC::ThisNode::emitBytecode): Deleted.
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::evaluateWithScopeExtension):
* interpreter/Interpreter.cpp:
(JSC::eval):
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createThisExpr):
* parser/NodeConstructors.h:
(JSC::ThisNode::ThisNode):
* parser/Nodes.h:
* parser/Parser.cpp:
(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::parsePrimaryExpression):
* parser/Parser.h:
(JSC::parse):
* parser/ParserModes.h:
* parser/SourceCodeKey.h:
(JSC::SourceCodeFlags::SourceCodeFlags):
(JSC::SourceCodeFlags::operator==):
(JSC::SourceCodeKey::SourceCodeKey):
(JSC::SourceCodeKey::Hash::hash):
(JSC::SourceCodeKey::Hash::equal):
(JSC::SourceCodeKey::HashTraits::isEmptyValue):
(JSC::SourceCodeKeyHash::hash): Deleted.
(JSC::SourceCodeKeyHash::equal): Deleted.
(JSC::SourceCodeKeyHashTraits::isEmptyValue): Deleted.
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::createThisExpr):
* runtime/CodeCache.cpp:
(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getProgramCodeBlock):
(JSC::CodeCache::getEvalCodeBlock):
(JSC::CodeCache::getModuleProgramCodeBlock):
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):
* runtime/CodeCache.h:
* runtime/Executable.cpp:
(JSC::EvalExecutable::create):
* runtime/Executable.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::createEvalCodeBlock):
* runtime/JSGlobalObject.h:
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncEval):
* tests/stress/code-cache-incorrect-caching.js: Added.
(shouldBe):
(hello):
(catch):
(shouldBe.test.hello):
(globalEval.ok):
(global.hello.hello):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201328 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Fix behavior of flexible track breadths
rego@igalia.com [Tue, 24 May 2016 08:55:13 +0000 (08:55 +0000)]
[css-grid] Fix behavior of flexible track breadths
https://bugs.webkit.org/show_bug.cgi?id=157834

Reviewed by Sergio Villar Senin.

This patch is fixing 2 issues that are interrelated:
Source/WebCore:

1) Flex sizes are invalid as min track sizing function.

  The syntax has been recently updated on the spec:
    <track-size> =
      <track-breadth> |
      minmax( <inflexible-breadth> , <track-breadth> )

2) Flex sizes outside minmax() behave as auto minimum.

  Flex sizes outside minmax() were previously behaving like
  minimum and maximum (e.g. 1fr => minmax(1fr, 1fr)).
  However the spec changed and now this would be invalid,
  so they should behave like auto minimum (e.g. minmax(auto, 1fr)).

* css/CSSParser.cpp:
(WebCore::CSSParser::parseGridTrackSize): Call parseGridBreadth()
for min sizing function using "InflexibleSizeOnly" restriction
when needed.
(WebCore::CSSParser::parseGridBreadth): Add check for
"InflexibleSizeOnly" resctriction.
* css/CSSParser.h: Add new type of restriction "InflexibleSizeOnly".
* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::gridTrackSize): Add new condition to make
|minTrackBreadth| auto if it was a flex size.

LayoutTests:

1) Flex sizes are invalid as min track sizing function.
2) Flex sizes outside minmax() behave as auto minimum.

The patch includes new test cases checking specifically these 2 issues.
In addition several tests results have been updated to reflect
the new behavior. Also, some cases that are now invalid and
were not testing anything new have been removed.

* fast/css-grid-layout/flex-and-content-sized-resolution-columns-expected.txt:
* fast/css-grid-layout/flex-and-content-sized-resolution-columns.html:
* fast/css-grid-layout/flex-content-resolution-columns-expected.txt:
* fast/css-grid-layout/flex-content-resolution-columns.html:
* fast/css-grid-layout/flex-content-resolution-rows-expected.txt:
* fast/css-grid-layout/flex-content-resolution-rows.html:
* fast/css-grid-layout/grid-columns-rows-get-set-expected.txt:
* fast/css-grid-layout/grid-gutters-and-flex-content-expected.txt:
* fast/css-grid-layout/grid-gutters-and-flex-content.html:
* fast/css-grid-layout/grid-preferred-logical-widths.html:
* fast/css-grid-layout/non-grid-columns-rows-get-set-expected.txt:
* fast/css-grid-layout/resources/grid-columns-rows-get-set.js:
* fast/css-grid-layout/resources/non-grid-columns-rows-get-set.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201325 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Fetch API] Implement Fetch redirect mode
youenn.fablet@crf.canon.fr [Tue, 24 May 2016 07:35:09 +0000 (07:35 +0000)]
[Fetch API] Implement Fetch redirect mode
https://bugs.webkit.org/show_bug.cgi?id=157837

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

* web-platform-tests/fetch/api/redirect/redirect-location-expected.txt:
* web-platform-tests/fetch/api/redirect/redirect-location.js:
* web-platform-tests/fetch/api/redirect/redirect-method.js:
* web-platform-tests/fetch/api/redirect/redirect-method-expected.txt:
* web-platform-tests/fetch/api/redirect/redirect-mode-expected.txt:

Source/WebCore:

Implementing step 5 of https://fetch.spec.whatwg.org/#http-fetch.
Making ResourceLoaderOptions include FetchOptions.
This allows SubresourceLoader to follow or not redirections based on that option.
CachedResource is made responsible to handle the type of the response (opaqueredirect, opaque, cors, basic...).
If redirection is not to be followed, either an error is returned or an empty response is returned.

Moved Response type and redirected flag from FetchResponse to ResourceResponse.
This allows CachedResource to easily communicate that information to FetchResponse.

Made some clean-up refactoring in ThreadableLoaderOptions.

http/tests/fetch/caching-with-different-options.html ensures that
caching at CachedResourceLoader will not have bad effects on fetch.
Covered by updated and rebased tests.

* Modules/fetch/FetchLoader.cpp:
(WebCore::FetchLoader::start):
* Modules/fetch/FetchResponse.cpp:
(WebCore::FetchResponse::error):
(WebCore::FetchResponse::redirect):
(WebCore::FetchResponse::FetchResponse):
(WebCore::FetchResponse::clone):
(WebCore::FetchResponse::startFetching):
* Modules/fetch/FetchResponse.h:
* WebCore.xcodeproj/project.pbxproj:
* loader/FetchOptions.h: Moved from Source/WebCore/Modules/fetch/FetchOptions.h.
* loader/ResourceLoaderOptions.h:
(WebCore::ResourceLoaderOptions::fetchOptions):
(WebCore::ResourceLoaderOptions::setFetchOptions):
* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::willSendRequestInternal):
* loader/ThreadableLoader.cpp:
* loader/ThreadableLoader.h:
* loader/cache/CachedResource.cpp:
(WebCore::CachedResource::setResponse):
* loader/cache/CachedResource.h:
(WebCore::CachedResource::setOpaqueRedirect):
* platform/network/ResourceResponseBase.cpp:
(WebCore::ResourceResponseBase::adopt):
(WebCore::ResourceResponseBase::copyData):
* platform/network/ResourceResponseBase.h:
(WebCore::ResourceResponseBase::type):
(WebCore::ResourceResponseBase::setType):
(WebCore::ResourceResponseBase::encode):
(WebCore::ResourceResponseBase::decode):

LayoutTests:

* http/tests/fetch/caching-with-different-options-expected.txt: Added.
* http/tests/fetch/caching-with-different-options.html: Added.
* http/tests/fetch/resources/redirect-with-cache.php: Added.
* platform/gtk/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-location-expected.txt:
* platform/gtk/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-method-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201324 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd a few initiator tests to resource timing.
yoav@yoav.ws [Tue, 24 May 2016 06:29:58 +0000 (06:29 +0000)]
Add a few initiator tests to resource timing.
https://bugs.webkit.org/show_bug.cgi?id=157986

Reviewed by Darin Adler.

Adds tests that make sure that when a resource is requested multiple times by different
elements, its initiator type remain the first one that triggered the fetch.

* http/tests/performance/performance-resource-timing-initiator-css-expected.txt: Added.
* http/tests/performance/performance-resource-timing-initiator-css.html: Added.
* http/tests/performance/performance-resource-timing-initiator-no-override-expected.txt: Added.
* http/tests/performance/performance-resource-timing-initiator-no-override.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201323 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAssertion failure for Reflect.get with Proxy and primitive value as explicit receiver
utatane.tea@gmail.com [Tue, 24 May 2016 06:24:44 +0000 (06:24 +0000)]
Assertion failure for Reflect.get with Proxy and primitive value as explicit receiver
https://bugs.webkit.org/show_bug.cgi?id=157080

Reviewed by Saam Barati.

Source/JavaScriptCore:

In custom accessor getter, the argument "thisValue" can be altered by using `Reflect.get`.
In this patch, we add a new parameter, "slotBase". This represents the base value offering
this custom getter. And use it in ProxyObject's performGet custom accessor getter.

* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::JSCallbackObject<Parent>::staticFunctionGetter):
(JSC::JSCallbackObject<Parent>::callbackGetter):
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::generateImpl):
In PolymorphicAccess case, the thisValue and the slotBase are always cells.
This is because IC is enabled in the case that the base value is a cell.
And slotBase is always on the prototype chain from this base value.

* jit/CCallHelpers.h:
(JSC::CCallHelpers::setupArgumentsWithExecState):
* jsc.cpp:
(WTF::CustomGetter::customGetter):
(WTF::RuntimeArray::lengthGetter):
* runtime/CustomGetterSetter.cpp:
(JSC::callCustomSetter):
* runtime/JSBoundSlotBaseFunction.cpp:
(JSC::boundSlotBaseFunctionCall):
* runtime/JSFunction.cpp:
(JSC::JSFunction::argumentsGetter):
(JSC::JSFunction::callerGetter):
* runtime/JSFunction.h:
* runtime/JSModuleNamespaceObject.cpp:
(JSC::callbackGetter):
* runtime/PropertySlot.cpp:
(JSC::PropertySlot::customGetter):
* runtime/PropertySlot.h:
* runtime/ProxyObject.cpp:
(JSC::performProxyGet):
* runtime/RegExpConstructor.cpp:
(JSC::regExpConstructorDollar):
(JSC::regExpConstructorInput):
(JSC::regExpConstructorMultiline):
(JSC::regExpConstructorLastMatch):
(JSC::regExpConstructorLastParen):
(JSC::regExpConstructorLeftContext):
(JSC::regExpConstructorRightContext):
(JSC::regExpConstructorDollar1): Deleted.
(JSC::regExpConstructorDollar2): Deleted.
(JSC::regExpConstructorDollar3): Deleted.
(JSC::regExpConstructorDollar4): Deleted.
(JSC::regExpConstructorDollar5): Deleted.
(JSC::regExpConstructorDollar6): Deleted.
(JSC::regExpConstructorDollar7): Deleted.
(JSC::regExpConstructorDollar8): Deleted.
(JSC::regExpConstructorDollar9): Deleted.
* tests/stress/proxy-get-with-primitive-receiver.js: Added.
(shouldBe):

Source/WebCore:

* bindings/js/JSDOMBinding.h:
(WebCore::nonCachingStaticFunctionGetter):
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::jsDOMWindowWebKit):
* bindings/js/JSPluginElementFunctions.cpp:
(WebCore::pluginElementPropertyGetter):
* bindings/js/JSPluginElementFunctions.h:
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
* bridge/runtime_array.cpp:
(JSC::RuntimeArray::lengthGetter):
* bridge/runtime_array.h:
* bridge/runtime_method.cpp:
(JSC::RuntimeMethod::lengthGetter):
* bridge/runtime_method.h:
* bridge/runtime_object.cpp:
(JSC::Bindings::RuntimeObject::fallbackObjectGetter):
(JSC::Bindings::RuntimeObject::fieldGetter):
(JSC::Bindings::RuntimeObject::methodGetter):
* bridge/runtime_object.h:

Source/WebKit2:

* WebProcess/Plugins/Netscape/JSNPObject.cpp:
(WebKit::JSNPObject::propertyGetter):
(WebKit::JSNPObject::methodGetter):
* WebProcess/Plugins/Netscape/JSNPObject.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201322 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModernize CSS code
achristensen@apple.com [Tue, 24 May 2016 05:34:49 +0000 (05:34 +0000)]
Modernize CSS code
https://bugs.webkit.org/show_bug.cgi?id=157875

Reviewed by Chris Dumez.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
(GenerateParametersCheck):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::JSTestObjConstructor::construct):
(WebCore::setJSTestObjPutForwardsNullableAttribute):
(WebCore::jsTestObjPrototypeFunctionMethodWithCallbackArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithNonCallbackArgAndCallbackArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithCallbackFunctionArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithNonCallbackArgAndCallbackFunctionArg):
(WebCore::jsTestObjConstructorFunctionStaticMethodWithCallbackArg):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod5):
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
(WebCore::JSTestTypedefsConstructor::construct):
* css/CSSBasicShapes.cpp:
(WebCore::serializePositionOffset):
(WebCore::buildSerializablePositionOffset):
(WebCore::CSSBasicShapeCircle::cssText):
(WebCore::CSSBasicShapeEllipse::cssText):
* css/CSSCalculationValue.cpp:
(WebCore::determineCategory):
(WebCore::CSSCalcExpressionNodeParser::parseValue):
* css/CSSMediaRule.cpp:
(WebCore::CSSMediaRule::media):
* css/CSSMediaRule.h:
* css/CSSOMUtils.h:
* css/CSSParser.cpp:
(WebCore::CSSParser::createImportRule):
(WebCore::CSSParser::createMediaRule):
* css/CSSReflectValue.h:
* css/CSSStyleSheet.cpp:
(WebCore::CSSStyleSheet::setDisabled):
(WebCore::CSSStyleSheet::setMediaQueries):
(WebCore::CSSStyleSheet::insertRule):
(WebCore::CSSStyleSheet::deleteRule):
(WebCore::CSSStyleSheet::isLoading):
(WebCore::CSSStyleSheet::media):
(WebCore::CSSStyleSheet::parentStyleSheet):
(WebCore::CSSStyleSheet::ownerDocument):
(WebCore::CSSStyleSheet::clearChildRuleCSSOMWrappers):
(WebCore::CSSStyleSheet::RuleMutationScope::RuleMutationScope):
* css/CSSStyleSheet.h:
* css/PropertySetCSSStyleDeclaration.cpp:
* css/StyleRule.cpp:
(WebCore::StyleRuleBase::createCSSOMWrapper):
(WebCore::StyleRuleBase::destroy):
(WebCore::StyleRuleGroup::wrapperRemoveRule):
(WebCore::StyleRuleMedia::StyleRuleMedia):
* css/StyleRule.h:
(WebCore::StyleRuleBase::deref):
(WebCore::StyleRuleBase::StyleRuleBase):
(WebCore::StyleRuleMedia::create):
(WebCore::StyleRuleMedia::mediaQueries):
(WebCore::StyleRuleMedia::copy):
(isType):
* css/StyleRuleImport.cpp:
(WebCore::StyleRuleImport::create):
(WebCore::StyleRuleImport::StyleRuleImport):
* css/StyleRuleImport.h:
* css/StyleSheetContents.cpp:
(WebCore::StyleSheetContents::isCacheable):
(WebCore::StyleSheetContents::parserAppendRule):
(WebCore::StyleSheetContents::ruleAt):
(WebCore::StyleSheetContents::parserSetEncodingFromCharsetRule):
(WebCore::StyleSheetContents::wrapperInsertRule):
* css/StyleSheetContents.h:
(WebCore::StyleSheetContents::hasSyntacticallyValidCSSHeader):
(WebCore::StyleSheetContents::parserSetUsesRemUnits):
(WebCore::StyleSheetContents::parserSetUsesStyleBasedEditability):
(WebCore::StyleSheetContents::copy):
* dom/InlineStyleSheetOwner.cpp:
(WebCore::InlineStyleSheetOwner::createSheet):
* inspector/InspectorStyleSheet.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201318 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkip fast/table/neighboring-cells-when-collapsed-border-changes on WK1 for now.
zalan@apple.com [Tue, 24 May 2016 03:41:50 +0000 (03:41 +0000)]
Skip fast/table/neighboring-cells-when-collapsed-border-changes on WK1 for now.

Unreviewed.

* platform/mac-wk1/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201316 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (196374): deleting a global property is expensive
ggaren@apple.com [Tue, 24 May 2016 03:27:45 +0000 (03:27 +0000)]
REGRESSION (196374): deleting a global property is expensive
https://bugs.webkit.org/show_bug.cgi?id=158005

Reviewed by Chris Dumez.

* runtime/JSObject.cpp:
(JSC::JSObject::deleteProperty): We only need to reify static properties
if the name being deleted matches a static property. Otherwise, we can
be sure that delete won't observe any static properties.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201315 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSpeed up move of vectors of POD types that have an inline buffer
cdumez@apple.com [Tue, 24 May 2016 02:10:16 +0000 (02:10 +0000)]
Speed up move of vectors of POD types that have an inline buffer
https://bugs.webkit.org/show_bug.cgi?id=158003

Reviewed by Benjamin Poulain.

When moving a vector of POD types that have an inline buffer, we would
call std::swap() on the inline buffers. This unnecessarily slow because:
1. It does not consider the vector size, and therefore may end up doing
   more work than necessary when the inline buffer is not full.
2. In the "move" case, the destination buffer is completely empty so
   we don't really want a swap. We merely want the move the content of
   the source's inline buffer into the destination's one.

Instead of calling std::swap(), we now call swapInlineBuffers() which
was already used for non-POD types. swapInlineBuffers() will do just
what we want in the "move" case because swapBound is going to be 0.
As a result, we will only move the content of the source buffer into
the destination one. Also swapInlineBuffers() is aware of the source
vector's size so it will only move what's strictly needed.

This seems to be a 2% progression on Dromaeo DOM attributes test.

* wtf/Vector.h:
(WTF::VectorBuffer::swapInlineBuffer):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201314 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agowoff2_dec.cc triggers -Wsign-compare, -Wunused-but-set-variable
mcatanzaro@igalia.com [Tue, 24 May 2016 01:54:51 +0000 (01:54 +0000)]
woff2_dec.cc triggers -Wsign-compare, -Wunused-but-set-variable
https://bugs.webkit.org/show_bug.cgi?id=157732

Reviewed by Darin Adler.

* woff2/CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201313 268f45cc-cd09-0410-ab3c-d52691b4dbfc