WebKit-https.git
6 years ago[GTK] MiniBrowser crashes when opening several urls passed as command line options
carlosgc@webkit.org [Thu, 6 Mar 2014 12:06:35 +0000 (12:06 +0000)]
[GTK] MiniBrowser crashes when opening several urls passed as command line options
https://bugs.webkit.org/show_bug.cgi?id=129738

Reviewed by Sergio Villar Senin.

The problem is that we are calling g_object_unref() for the
WebKitWebSettings everytime we set it to a WebKitWebView, but the
view only increases the reference counter when the settings is not
the same it currently has. We should release our reference once.

* MiniBrowser/gtk/main.c:
(createBrowserWindow):
(main):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165181 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUse the LLVM disassembler on ARM64 if we are enabling the FTL
fpizlo@apple.com [Thu, 6 Mar 2014 09:17:18 +0000 (09:17 +0000)]
Use the LLVM disassembler on ARM64 if we are enabling the FTL
https://bugs.webkit.org/show_bug.cgi?id=129785

Source/JavaScriptCore:

Reviewed by Geoffrey Garen.

Our disassembler can't handle some of the code sequences that LLVM emits. LLVM's disassembler
is strictly more capable at this point. Use it if it's available.

* disassembler/ARM64Disassembler.cpp:
(JSC::tryToDisassemble):

Source/WTF:

Reviewed by Geoffrey Garen.

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165180 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMove Source/WebCore/html/canvas/ code to std::unique_ptr
zandobersek@gmail.com [Thu, 6 Mar 2014 09:14:58 +0000 (09:14 +0000)]
Move Source/WebCore/html/canvas/ code to std::unique_ptr
https://bugs.webkit.org/show_bug.cgi?id=129668

Reviewed by Anders Carlsson.

Replace uses of OwnPtr and PassOwnPtr in code under Source/WebCore/html/canvas/ to std::unique_ptr.

* html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::~HTMLCanvasElement):
(WebCore::HTMLCanvasElement::getContext):
* html/HTMLCanvasElement.h:
* html/canvas/ANGLEInstancedArrays.cpp:
* html/canvas/ANGLEInstancedArrays.h:
* html/canvas/CanvasRenderingContext2D.h:
* html/canvas/EXTTextureFilterAnisotropic.cpp:
* html/canvas/EXTTextureFilterAnisotropic.h:
* html/canvas/OESElementIndexUint.cpp:
* html/canvas/OESElementIndexUint.h:
* html/canvas/OESStandardDerivatives.cpp:
* html/canvas/OESStandardDerivatives.h:
* html/canvas/OESTextureFloat.cpp:
* html/canvas/OESTextureFloat.h:
* html/canvas/OESTextureFloatLinear.cpp:
* html/canvas/OESTextureFloatLinear.h:
* html/canvas/OESTextureHalfFloat.cpp:
* html/canvas/OESTextureHalfFloat.h:
* html/canvas/OESTextureHalfFloatLinear.cpp:
* html/canvas/OESTextureHalfFloatLinear.h:
* html/canvas/OESVertexArrayObject.cpp:
* html/canvas/OESVertexArrayObject.h:
* html/canvas/WebGLCompressedTextureATC.cpp:
* html/canvas/WebGLCompressedTextureATC.h:
* html/canvas/WebGLCompressedTexturePVRTC.cpp:
* html/canvas/WebGLCompressedTexturePVRTC.h:
* html/canvas/WebGLCompressedTextureS3TC.cpp:
* html/canvas/WebGLCompressedTextureS3TC.h:
* html/canvas/WebGLDebugRendererInfo.cpp:
* html/canvas/WebGLDebugRendererInfo.h:
* html/canvas/WebGLDebugShaders.cpp:
* html/canvas/WebGLDebugShaders.h:
* html/canvas/WebGLDepthTexture.cpp:
* html/canvas/WebGLDepthTexture.h:
* html/canvas/WebGLDrawBuffers.cpp:
* html/canvas/WebGLDrawBuffers.h:
* html/canvas/WebGLLoseContext.cpp:
* html/canvas/WebGLLoseContext.h:
* html/canvas/WebGLRenderingContext.cpp:
(WebCore::WebGLRenderingContext::create):
(WebCore::WebGLRenderingContext::getExtension):
* html/canvas/WebGLRenderingContext.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165179 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMove Source/WebCore/editing/ code to std::unique_ptr
zandobersek@gmail.com [Thu, 6 Mar 2014 09:04:38 +0000 (09:04 +0000)]
Move Source/WebCore/editing/ code to std::unique_ptr
https://bugs.webkit.org/show_bug.cgi?id=129665

Reviewed by Anders Carlsson.

Replace uses of OwnPtr and PassOwnPtr in code under Source/WebCore/editing/ with std::unique_ptr.

* editing/EditingStyle.cpp:
(WebCore::htmlElementEquivalents):
(WebCore::EditingStyle::conflictsWithImplicitStyleOfElement):
(WebCore::htmlAttributeEquivalents):
(WebCore::EditingStyle::conflictsWithImplicitStyleOfAttributes):
(WebCore::EditingStyle::extractConflictingImplicitStyleOfAttributes):
(WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
(WebCore::EditingStyle::mergeInlineAndImplicitStyleOfElement):
* editing/Editor.cpp:
(WebCore::Editor::Editor):
(WebCore::Editor::clear):
* editing/Editor.h:
* page/Frame.cpp:
(WebCore::Frame::Frame):
* page/Frame.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165178 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMove to using std::unique_ptr for KeyboardEvent, ScriptExecutionContext::PendingException
zandobersek@gmail.com [Thu, 6 Mar 2014 09:02:33 +0000 (09:02 +0000)]
Move to using std::unique_ptr for KeyboardEvent, ScriptExecutionContext::PendingException
https://bugs.webkit.org/show_bug.cgi?id=129061

Reviewed by Eric Carlson.

Replace uses of OwnPtr and PassOwnPtr for KeyboardEvent and ScriptExecutionContext::PendingException
classes with std::unique_ptr. ScriptExecutionContext::Task objects are still handled through OwnPtr,
but this will be addressed later.

* dom/KeyboardEvent.cpp:
(WebCore::KeyboardEvent::KeyboardEvent):
* dom/KeyboardEvent.h:
* dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::reportException):
* dom/ScriptExecutionContext.h:
* dom/ScriptRunner.h: Remove an unnecessary PassOwnPtr header inclusion.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165177 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed, rolling out r165175.
commit-queue@webkit.org [Thu, 6 Mar 2014 08:55:09 +0000 (08:55 +0000)]
Unreviewed, rolling out r165175.
http://trac.webkit.org/changeset/165175
https://bugs.webkit.org/show_bug.cgi?id=129788

Linking failures on GTK, EFL due to missing gstreamer-tag-1.0
dependency (Requested by zdobersek on #webkit).

* platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
(WebCore::TrackPrivateBaseGStreamer::notifyTrackOfTagsChanged):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165176 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GStreamer] human readable language code for tracks
b.long@cablelabs.com [Thu, 6 Mar 2014 08:02:53 +0000 (08:02 +0000)]
[GStreamer] human readable language code for tracks
https://bugs.webkit.org/show_bug.cgi?id=124514

Reviewed by Philippe Normand.

* platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
(WebCore::TrackPrivateBaseGStreamer::notifyTrackOfTagsChanged): Run language codes though gst_tag_get_language_code_iso_639_1() to make sure they're valid.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165175 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK][CMake] Tarball is created with wrong tarball paths
mrobinson@webkit.org [Thu, 6 Mar 2014 06:46:53 +0000 (06:46 +0000)]
[GTK][CMake] Tarball is created with wrong tarball paths
https://bugs.webkit.org/show_bug.cgi?id=129496

Reviewed by Daniel Bates.

* gtk/make-dist.py:
(Manifest.__init__): I inadvertently inverted the logic of these checks when
landing the original patch with some suggestions from the reviewer. With the
checks corrected, the tarball path is constructed properly.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165174 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[CMake] Ninja generator builds fail with "Argument list too long"
mrobinson@webkit.org [Thu, 6 Mar 2014 06:46:23 +0000 (06:46 +0000)]
[CMake] Ninja generator builds fail with "Argument list too long"
https://bugs.webkit.org/show_bug.cgi?id=129771

Reviewed by Daniel Bates.

* Source/cmake/OptionsCommon.cmake: Work around a bug in the Ninja CMake generator,
by forcing the use of response files.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165173 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoVersioning.
lforschler@apple.com [Thu, 6 Mar 2014 05:45:41 +0000 (05:45 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165172 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed EFL gardening.
jinwoo7.song@samsung.com [Thu, 6 Mar 2014 05:07:14 +0000 (05:07 +0000)]
Unreviewed EFL gardening.
Mofify the TestExpectaions according to the renamed file name in r164299.

* platform/efl/TestExpectations: copy-paste-converts-sticky-and-fixed.html is renamed
to copy-paste-wraps-position-absolute.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165171 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAX: Support IOS Accessibility in WK2
cfleizach@apple.com [Thu, 6 Mar 2014 04:59:22 +0000 (04:59 +0000)]
AX: Support IOS Accessibility in WK2
https://bugs.webkit.org/show_bug.cgi?id=129527

Unreviewed build fix.

* WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.mm:
(-[WKAccessibilityWebPageObject accessibilityHitTest:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165170 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Reduce RWI message frequency
commit-queue@webkit.org [Thu, 6 Mar 2014 04:27:31 +0000 (04:27 +0000)]
Web Inspector: Reduce RWI message frequency
https://bugs.webkit.org/show_bug.cgi?id=129767

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-03-05
Reviewed by Timothy Hatcher.

This used to be 0.2s and changed by accident to 0.02s.

* inspector/remote/RemoteInspector.mm:
(Inspector::RemoteInspector::pushListingSoon):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165169 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoRemove unused method from Vibration
ryuan.choi@samsung.com [Thu, 6 Mar 2014 04:15:51 +0000 (04:15 +0000)]
Remove unused method from Vibration
https://bugs.webkit.org/show_bug.cgi?id=129732

Reviewed by Gyuyoung Kim.

* Modules/vibration/Vibration.cpp:
Removed isActive(), which is never called since r152441.
* Modules/vibration/Vibration.h: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165168 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed, rolling out r165141, r165157, and r165158.
commit-queue@webkit.org [Thu, 6 Mar 2014 03:43:37 +0000 (03:43 +0000)]
Unreviewed, rolling out r165141, r165157, and r165158.
http://trac.webkit.org/changeset/165141
http://trac.webkit.org/changeset/165157
http://trac.webkit.org/changeset/165158
https://bugs.webkit.org/show_bug.cgi?id=129772

"broke ftl" (Requested by olliej_ on #webkit).

Source/JavaScriptCore:

* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/PolymorphicPutByIdList.cpp:
(JSC::PutByIdAccess::visitWeak):
(JSC::PolymorphicPutByIdList::PolymorphicPutByIdList):
(JSC::PolymorphicPutByIdList::from):
* bytecode/PolymorphicPutByIdList.h:
(JSC::PutByIdAccess::transition):
(JSC::PutByIdAccess::replace):
(JSC::PutByIdAccess::oldStructure):
(JSC::PutByIdAccess::chain):
(JSC::PutByIdAccess::stubRoutine):
* bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeForStubInfo):
(JSC::PutByIdStatus::computeFor):
(JSC::PutByIdStatus::dump):
* bytecode/PutByIdStatus.h:
(JSC::PutByIdStatus::PutByIdStatus):
(JSC::PutByIdStatus::takesSlowPath):
* bytecode/StructureStubInfo.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::emitPutById):
(JSC::DFG::ByteCodeParser::handlePutById):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGCommon.h:
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasIdentifier):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileIn):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCompile.cpp:
(JSC::FTL::fixFunctionBasedOnStackMaps):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::setupArgumentsWithExecState):
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):
* jit/JITInlineCacheGenerator.h:
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
* jit/Repatch.cpp:
(JSC::tryCacheGetByID):
(JSC::tryBuildGetByIDList):
(JSC::tryCachePutByID):
(JSC::tryBuildPutByIdList):
* jit/SpillRegistersMode.h: Removed.
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/Lookup.h:
(JSC::putEntry):
* runtime/PutPropertySlot.h:
(JSC::PutPropertySlot::isCacheable):
(JSC::PutPropertySlot::cachedOffset):

Source/WebCore:

* ForwardingHeaders/jit/SpillRegistersMode.h: Removed.

LayoutTests:

* js/regress/assign-custom-setter-expected.txt: Removed.
* js/regress/assign-custom-setter-polymorphic-expected.txt: Removed.
* js/regress/assign-custom-setter-polymorphic.html: Removed.
* js/regress/assign-custom-setter.html: Removed.
* js/regress/script-tests/assign-custom-setter-polymorphic.js: Removed.
* js/regress/script-tests/assign-custom-setter.js: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165167 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK][CMake] The GObject DOM bindings should always be built
mrobinson@webkit.org [Thu, 6 Mar 2014 03:34:17 +0000 (03:34 +0000)]
[GTK][CMake] The GObject DOM bindings should always be built
https://bugs.webkit.org/show_bug.cgi?id=127963

Reviewed by Ryosuke Niwa.

* PlatformGTK.cmake: Make compilation of the WebKitGTK+ GObject DOM bindings
unconditional, instead of conditional on the WebKit2 build.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165166 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Prevent possible deadlock in view indication
commit-queue@webkit.org [Thu, 6 Mar 2014 03:29:04 +0000 (03:29 +0000)]
Web Inspector: Prevent possible deadlock in view indication
https://bugs.webkit.org/show_bug.cgi?id=129766

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-03-05
Reviewed by Geoffrey Garen.

* inspector/remote/RemoteInspector.mm:
(Inspector::RemoteInspector::receivedIndicateMessage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165165 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoJSObject::fastGetOwnPropertySlot does a slow check for OverridesGetOwnPropertySlot
mhahnenberg@apple.com [Thu, 6 Mar 2014 03:20:37 +0000 (03:20 +0000)]
JSObject::fastGetOwnPropertySlot does a slow check for OverridesGetOwnPropertySlot
https://bugs.webkit.org/show_bug.cgi?id=129754

Reviewed by Geoffrey Garen.

InlineTypeFlags are stored in JSCell, so we can just load those instead of going through the TypeInfo.

* runtime/JSCell.h:
(JSC::JSCell::inlineTypeFlags):
* runtime/JSObject.h:
(JSC::JSObject::fastGetOwnPropertySlot):
* runtime/JSTypeInfo.h:
(JSC::TypeInfo::TypeInfo):
(JSC::TypeInfo::overridesGetOwnPropertySlot):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165164 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: ASSERTION FAILED: m_javaScriptBreakpoints.isEmpty()
commit-queue@webkit.org [Thu, 6 Mar 2014 03:19:49 +0000 (03:19 +0000)]
Web Inspector: ASSERTION FAILED: m_javaScriptBreakpoints.isEmpty()
https://bugs.webkit.org/show_bug.cgi?id=129763

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-03-05
Reviewed by Geoffrey Garen.

Clear the list of all breakpoints, including unresolved breakpoints.

* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::clearInspectorBreakpointState):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165163 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agollint_slow_path_check_has_instance() should not adjust PC before accessing operands.
mark.lam@apple.com [Thu, 6 Mar 2014 03:17:28 +0000 (03:17 +0000)]
llint_slow_path_check_has_instance() should not adjust PC before accessing operands.
<https://webkit.org/b/129768>

Reviewed by Mark Hahnenberg.

Source/JavaScriptCore:

When evaluating "a instanceof b" where b is an object that ImplementsHasInstance
and OverridesHasInstance (e.g. a bound function), the LLINT will take the slow
path llint_slow_path_check_has_instance(), and execute a code path that does the
following:
1. Adjusts the byte code PC to the jump target PC.
2. For the purpose of storing the result, get the result registerIndex from the
   1st operand using the PC as if the PC is still pointing to op_check_has_instance
   bytecode.

The result is that whatever value resides after where the jump target PC is will
be used as a result register value.  Depending on what that value is, the result
can be:
1. the code coincidently works correctly
2. memory corruption
3. crashes

The fix is to only adjust the byte code PC after we have stored the result.

* llint/LLIntSlowPaths.cpp:
(llint_slow_path_check_has_instance):

LayoutTests:

* js/instanceof-operator-expected.txt:
* js/script-tests/instanceof-operator.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165162 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed. Update my email in contributors.json
jaepark@webkit.org [Thu, 6 Mar 2014 03:06:37 +0000 (03:06 +0000)]
Unreviewed. Update my email in contributors.json

* Scripts/webkitpy/common/config/contributors.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165161 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[MSE] Crash in SourceBuffer::sourceBufferPrivateDidReceiveSample() - received samples...
jer.noble@apple.com [Thu, 6 Mar 2014 02:56:34 +0000 (02:56 +0000)]
[MSE] Crash in SourceBuffer::sourceBufferPrivateDidReceiveSample() - received samples after SourceBuffer was removed.
https://bugs.webkit.org/show_bug.cgi?id=129761

Reviewed by Eric Carlson.

Guard against the possibility that SourceBufferPrivates will continue to generate samples even after
a parse error. Bail out early from sourceBufferPrivateDidReceiveInitializationSegment and
sourceBufferPrivateDidReceiveSample if the SourceBuffer has been removed.

* Modules/mediasource/SourceBuffer.cpp:
(WebCore::SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment):
(WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165160 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAX: Support IOS Accessibility in WK2
cfleizach@apple.com [Thu, 6 Mar 2014 02:51:55 +0000 (02:51 +0000)]
AX: Support IOS Accessibility in WK2
https://bugs.webkit.org/show_bug.cgi?id=129527

Address review comments from Simon noted in bug.

* UIProcess/ios/WKContentView.mm:
(-[WKContentView _accessibilityRegisterUIProcessTokens]):
* WebProcess/WebPage/WKAccessibilityWebPageObjectIOS.mm:
(-[WKAccessibilityWebPageObject init]):
(-[WKAccessibilityWebPageObject dealloc]):
* WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.h:
* WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.mm:
(-[WKAccessibilityWebPageObject accessibilityAttributeNames]):
(-[WKAccessibilityWebPageObject accessibilitySetValue:forAttribute:]):
(-[WKAccessibilityWebPageObject accessibilityAttributeValue:]):
(-[WKAccessibilityWebPageObject accessibilityAttributeValue:forParameter:]):
(-[WKAccessibilityWebPageObject accessibilityHitTest:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165159 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAnother build fix attempt after r165141.
rniwa@webkit.org [Thu, 6 Mar 2014 02:30:51 +0000 (02:30 +0000)]
Another build fix attempt after r165141.

* ftl/FTLCompile.cpp:
(JSC::FTL::fixFunctionBasedOnStackMaps):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165158 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoFTL build fix attempt after r165141.
rniwa@webkit.org [Thu, 6 Mar 2014 02:26:28 +0000 (02:26 +0000)]
FTL build fix attempt after r165141.

* ftl/FTLCompile.cpp:
(JSC::FTL::fixFunctionBasedOnStackMaps):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165157 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoBuild fix, take 2.
enrica@apple.com [Thu, 6 Mar 2014 02:23:07 +0000 (02:23 +0000)]
Build fix, take 2.

* platform/mac/HTMLConverter.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165156 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoBuild fix.
enrica@apple.com [Thu, 6 Mar 2014 02:20:08 +0000 (02:20 +0000)]
Build fix.

* platform/mac/HTMLConverter.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165155 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoCrash when copying content that contains <sup>.
enrica@apple.com [Thu, 6 Mar 2014 01:52:02 +0000 (01:52 +0000)]
Crash when copying content that contains <sup>.
https://bugs.webkit.org/show_bug.cgi?id=129765
<rdar://problem/16139498>

Reviewed by Benjamin Poulain.

Adding static definition of NSAttributeSuperscriptName.

* platform/mac/HTMLConverter.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165154 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSource/JavaScriptCore: https://bugs.webkit.org/show_bug.cgi?id=128625
barraclough@apple.com [Thu, 6 Mar 2014 01:46:21 +0000 (01:46 +0000)]
Source/JavaScriptCore: https://bugs.webkit.org/show_bug.cgi?id=128625
Add fast mapping from StringImpl to JSString

Unreviewed roll-out.

Reverting r164347, r165054, r165066 - not clear the performance tradeoff was right.

* runtime/JSString.cpp:
* runtime/JSString.h:
* runtime/VM.cpp:
(JSC::VM::createLeaked):
* runtime/VM.h:

Source/WebCore: https://bugs.webkit.org/show_bug.cgi?id=128625
Add fast mapping from StringImpl to JSString

Unreviewed roll-out.

Reverting r164347, r165054, r165066 - not clear the performance tradeoff was right.

* bindings/js/DOMWrapperWorld.cpp:
(WebCore::DOMWrapperWorld::clearWrappers):
* bindings/js/DOMWrapperWorld.h:
* bindings/js/JSDOMBinding.h:
(WebCore::jsStringWithCache):
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::commonVM):
* bindings/scripts/StaticString.pm:
(GenerateStrings):

Source/WTF: [Win32][LLINT] Crash when running JSC stress tests.
https://bugs.webkit.org/show_bug.cgi?id=129429

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-03-05
Reviewed by Geoffrey Garen.

* wtf/Platform.h: Enable LLINT on Win32.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165152 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agohttps://bugs.webkit.org/show_bug.cgi?id=129722
dino@apple.com [Thu, 6 Mar 2014 01:37:15 +0000 (01:37 +0000)]
https://bugs.webkit.org/show_bug.cgi?id=129722
Update WKSI, again, to fix the build.

* libWebKitSystemInterfaceLion.a:
* libWebKitSystemInterfaceMavericks.a:
* libWebKitSystemInterfaceMountainLion.a:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165151 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[CMake] Use thin archives if building on Linux for non-shared-core debug builds
ryuan.choi@samsung.com [Thu, 6 Mar 2014 01:28:19 +0000 (01:28 +0000)]
[CMake] Use thin archives if building on Linux for non-shared-core debug builds
https://bugs.webkit.org/show_bug.cgi?id=108330

Reviewed by Martin Robinson.

In order to get non-shared debug builds, this patch applied T option for
thin archives to the flags passed to ar when cmake based ports build on linux.
In addition, applied u option which avoids adding a file twice.

* Source/cmake/OptionsCommon.cmake: Moved archive options from OptionsGTK.cmake.
* Source/cmake/OptionsEfl.cmake:
Removed error messages for non-shared-core debug builds.
* Source/cmake/OptionsGTK.cmake: Moved archive options to OptionsCommon.cmake.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165149 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[WebGL] Use WKSI to see what the system policy for WebGL is
dino@apple.com [Thu, 6 Mar 2014 01:21:38 +0000 (01:21 +0000)]
[WebGL] Use WKSI to see what the system policy for WebGL is
https://bugs.webkit.org/show_bug.cgi?id=129722
<rdar://problem/15790542>

Reviewed by Tim Horton.

Source/WebKit2:

Use the WebKitSystemInterface methods WKShouldBlockWebGL
and WKShouldSuggestBlockingWebGL to query what the host
system thinks about the hardware. Tell the client about
the result in a new WebPage method setSystemWebGLPolicy.

* UIProcess/API/APILoaderClient.h:
(API::LoaderClient::setSystemWebGLLoadPolicy): New empty definition.
* UIProcess/API/C/WKAPICast.h:
(WebKit::toAPI): Convert a WebGLLoadPolicy into a WKWebGLLoadPolicy.
* UIProcess/API/C/WKPage.cpp: Call setSystemWebGLLoadPolicy.
(WKPageSetPageLoaderClient):
* UIProcess/API/C/WKPageLoaderClient.h: New typedef and entry in client structure.
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::setSystemWebGLPolicy):
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in: Add SetSystemWebGLPolicy.
* Source/WebKit2/Configurations/WebKit2.xcconfig: We have to link against OpenGL now, because WKSI
uses it for hardware detection.
* WebProcess/WebPage/WebPage.cpp: Remove the implementation here, but leave
empty methods for non-Apple platforms.
(WebKit::WebPage::WebPage):
(WebKit::WebPage::webGLPolicyForURL):
(WebKit::WebPage::resolveWebGLPolicyForURL):
* WebProcess/WebPage/WebPage.h: Add m_systemWebGLPolicy.
* WebProcess/WebPage/mac/WebPageMac.mm:
(WebKit::WebPage::webGLPolicyForURL): Moved in from WebPage, but now they call
into WKSI and send the result to the client if necessary.
(WebKit::WebPage::resolveWebGLPolicyForURL):

Tools:

Dummy entry for setSystemWebGLLoadPolicy.

* WebKitTestRunner/TestController.cpp:
(WTR::TestController::createWebViewWithOptions):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165148 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agohttps://bugs.webkit.org/show_bug.cgi?id=129722
dino@apple.com [Thu, 6 Mar 2014 01:20:05 +0000 (01:20 +0000)]
https://bugs.webkit.org/show_bug.cgi?id=129722

And remember to copy the header file!

* WebKitSystemInterface.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165146 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago And Alexey Proskuryakov <ap@apple.com>
dbates@webkit.org [Thu, 6 Mar 2014 01:02:45 +0000 (01:02 +0000)]
And Alexey Proskuryakov  <ap@apple.com>

ASSERT(newestManifest) fails in WebCore::ApplicationCacheGroup::didFinishLoadingManifest()
https://bugs.webkit.org/show_bug.cgi?id=129753
<rdar://problem/12069835>

Reviewed by Alexey Proskuryakov.

Fixes an issue where an assertion failure would occur when visiting a web site whose on-disk
app cache doesn't contain a manifest resource.

For some reason an app cache for a web site may be partially written to disk. In particular, the
app cache may only contain a CacheGroups entry. That is, the manifest resource and origin records
may not be persisted to disk. From looking over the code, we're unclear how such a situation can occur
and hence have been unable to create such an app cache. We were able to reproduce this issue using
an app cache database file that was provided by a person that was affected by this issue.

No test included because it's not straightforward to write a test for this change.

* loader/appcache/ApplicationCacheGroup.cpp:
(WebCore::ApplicationCacheGroup::checkIfLoadIsComplete): Assert that m_cacheBeingUpdated->manifestResource()
is non-null. Currently we only document this assumption in a code comment. Also separated a single assertion
expression into two assertion expressions to make it straightforward to identify the failing sub-expression
on failure.
* loader/appcache/ApplicationCacheStorage.cpp:
(WebCore::ApplicationCacheStorage::store): Modified to call ApplicationCacheStorage::deleteCacheGroupRecord()
to remove a cache group and associated cache records (if applicable) before inserting a cache group entry.
This replacement approach will ultimately repair incomplete app cache data for people affected by this bug.
(WebCore::ApplicationCacheStorage::loadCache): Log an error and return nullptr if the cache we loaded doesn't
have a manifest resource.
(WebCore::ApplicationCacheStorage::deleteCacheGroupRecord): Added.
(WebCore::ApplicationCacheStorage::deleteCacheGroup): Extracted deletion logic for cache group record into
ApplicationCacheStorage::deleteCacheGroupRecord().
* loader/appcache/ApplicationCacheStorage.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165145 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agohttps://bugs.webkit.org/show_bug.cgi?id=129722
dino@apple.com [Thu, 6 Mar 2014 00:34:52 +0000 (00:34 +0000)]
https://bugs.webkit.org/show_bug.cgi?id=129722
Update WKSI.

* libWebKitSystemInterfaceLion.a:
* libWebKitSystemInterfaceMavericks.a:
* libWebKitSystemInterfaceMountainLion.a:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165143 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSupport caching of custom setters
oliver@apple.com [Thu, 6 Mar 2014 00:29:17 +0000 (00:29 +0000)]
Support caching of custom setters
https://bugs.webkit.org/show_bug.cgi?id=129519

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch adds caching of assignment to properties that
are backed by C functions. This provides most of the leg
work required to start supporting setters, and resolves
the remaining regressions from moving DOM properties up
the prototype chain.

* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/PolymorphicPutByIdList.cpp:
(JSC::PutByIdAccess::visitWeak):
(JSC::PolymorphicPutByIdList::PolymorphicPutByIdList):
(JSC::PolymorphicPutByIdList::from):
* bytecode/PolymorphicPutByIdList.h:
(JSC::PutByIdAccess::transition):
(JSC::PutByIdAccess::replace):
(JSC::PutByIdAccess::customSetter):
(JSC::PutByIdAccess::isCustom):
(JSC::PutByIdAccess::oldStructure):
(JSC::PutByIdAccess::chain):
(JSC::PutByIdAccess::stubRoutine):
* bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeForStubInfo):
(JSC::PutByIdStatus::computeFor):
(JSC::PutByIdStatus::dump):
* bytecode/PutByIdStatus.h:
(JSC::PutByIdStatus::PutByIdStatus):
(JSC::PutByIdStatus::takesSlowPath):
(JSC::PutByIdStatus::makesCalls):
* bytecode/StructureStubInfo.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::emitPutById):
(JSC::DFG::ByteCodeParser::handlePutById):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGCommon.h:
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasIdentifier):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileIn):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compile):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::setupArgumentsWithExecState):
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):
* jit/JITInlineCacheGenerator.h:
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
* jit/Repatch.cpp:
(JSC::tryCacheGetByID):
(JSC::tryBuildGetByIDList):
(JSC::emitCustomSetterStub):
(JSC::tryCachePutByID):
(JSC::tryBuildPutByIdList):
* jit/SpillRegistersMode.h: Added.
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/Lookup.h:
(JSC::putEntry):
* runtime/PutPropertySlot.h:
(JSC::PutPropertySlot::setCacheableCustomProperty):
(JSC::PutPropertySlot::customSetter):
(JSC::PutPropertySlot::isCacheablePut):
(JSC::PutPropertySlot::isCacheableCustomProperty):
(JSC::PutPropertySlot::cachedOffset):

Source/WebCore:

Add forwarding header

Tests: js/regress/assign-custom-setter-polymorphic.html
       js/regress/assign-custom-setter.html

* ForwardingHeaders/jit/SpillRegistersMode.h: Added.

LayoutTests:

Add test cases.

* js/regress/assign-custom-setter-expected.txt: Added.
* js/regress/assign-custom-setter-polymorphic-expected.txt: Added.
* js/regress/assign-custom-setter-polymorphic.html: Added.
* js/regress/assign-custom-setter.html: Added.
* js/regress/script-tests/assign-custom-setter-polymorphic.js: Added.
(test):
* js/regress/script-tests/assign-custom-setter.js: Added.
(test):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165141 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoFix crash in CompositeEditCommand::cloneParagraphUnderNewElement()
ddkilzer@apple.com [Thu, 6 Mar 2014 00:05:55 +0000 (00:05 +0000)]
Fix crash in CompositeEditCommand::cloneParagraphUnderNewElement()
<http://webkit.org/b/129751>
<rdar://problem/16237965>

Reviewed by Jon Honeycutt.

Merged from Blink (patch by Yuta Kitamura):
https://src.chromium.org/viewvc/blink?revision=168160&view=revision
http://crbug.com/345005

    The root cause is CompositeEditCommand::moveParagraphWithClones() passing
    two positions |start| and |end| which do not follow the document order,
    i.e. in some situations |start| is located after |end| because of
    the difference in affinity.

    This patch fixes this crash by normalizing |end| to |start| in such situations.
    It also adds an ASSERT that checks the relationship between |start| and |end|.

Source/WebCore:

Test: editing/execCommand/format-block-crash.html

* editing/CompositeEditCommand.cpp:
(WebCore::CompositeEditCommand::cloneParagraphUnderNewElement):
(WebCore::CompositeEditCommand::moveParagraphWithClones):
* editing/CompositeEditCommand.h:

LayoutTests:

* editing/execCommand/format-block-crash-expected.txt: Added.
* editing/execCommand/format-block-crash.html: Added.
* editing/execCommand/resources/format-block-crash-iframe.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165138 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoJSCell::m_gcData should encode its information differently
mhahnenberg@apple.com [Wed, 5 Mar 2014 23:33:21 +0000 (23:33 +0000)]
JSCell::m_gcData should encode its information differently
https://bugs.webkit.org/show_bug.cgi?id=129741

Reviewed by Geoffrey Garen.

We want to keep track of three GC states for an object:

1. Not marked (which implies not in the remembered set)
2. Marked but not in the remembered set
3. Marked and in the remembered set

Currently we only indicate marked vs. not marked in JSCell::m_gcData. During a write
barrier, we only want to take the slow path if the object being stored to is in state #2.
We'd like to make the test for state #2 as fast as possible, which means making it a
compare against 0.

* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::osrWriteBarrier):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::checkMarkByte):
(JSC::DFG::SpeculativeJIT::writeBarrier):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::writeBarrier):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::writeBarrier):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::allocateCell):
(JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
* heap/Heap.cpp:
(JSC::Heap::clearRememberedSet):
(JSC::Heap::addToRememberedSet):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::checkMarkByte):
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::checkMarkByte):
(JSC::JIT::emitWriteBarrier):
* jit/Repatch.cpp:
(JSC::writeBarrier):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/JSCell.h:
(JSC::JSCell::mark):
(JSC::JSCell::remember):
(JSC::JSCell::forget):
(JSC::JSCell::isMarked):
(JSC::JSCell::isRemembered):
* runtime/JSCellInlines.h:
(JSC::JSCell::JSCell):
* runtime/StructureIDBlob.h:
(JSC::StructureIDBlob::StructureIDBlob):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165135 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[CSS Regions] Scrollable regions
stavila@adobe.com [Wed, 5 Mar 2014 22:02:55 +0000 (22:02 +0000)]
[CSS Regions] Scrollable regions
https://bugs.webkit.org/show_bug.cgi?id=129301

Reviewed by David Hyatt.

Source/WebCore:

Named flow fragments do not inherit the overflow property from the fragment container.
When asked if the flow thread content should be clipped, the named flow fragments
will respond using the overflow property of the named flow fragment container.

When painting the flow thread layer inside the region, the scrolled content offset of
the region must be used to offset the flow thread's layer.

Tests: fast/regions/scrollable-last-region.html
       fast/regions/scrollable-single-region-bt.html
       fast/regions/scrollable-single-region-lr.html
       fast/regions/scrollable-single-region-relative-element.html
       fast/regions/scrollable-single-region-rl.html
       fast/regions/scrollable-single-region.html

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::mapLayerClipRectsToFragmentationLayer):
(WebCore::RenderLayer::calculateClipRects):
* rendering/RenderNamedFlowFragment.cpp:
(WebCore::RenderNamedFlowFragment::createStyle):
(WebCore::RenderNamedFlowFragment::shouldClipFlowThreadContent):
* rendering/RenderNamedFlowFragment.h:
* rendering/RenderNamedFlowThread.cpp:
(WebCore::RenderNamedFlowThread::decorationsClipRectForBoxInNamedFlowFragment):
* rendering/RenderRegion.cpp:
(WebCore::RenderRegion::shouldClipFlowThreadContent):
* rendering/RenderRegion.h:

LayoutTests:

Added tests for scrolling elements flowed into regions.

* fast/regions/scrollable-last-region-expected.html: Added.
* fast/regions/scrollable-last-region.html: Added.
* fast/regions/scrollable-single-region-bt-expected.html: Added.
* fast/regions/scrollable-single-region-bt.html: Added.
* fast/regions/scrollable-single-region-expected.html: Added.
* fast/regions/scrollable-single-region-lr-expected.html: Added.
* fast/regions/scrollable-single-region-lr.html: Added.
* fast/regions/scrollable-single-region-relative-element-expected.html: Added.
* fast/regions/scrollable-single-region-relative-element.html: Added.
* fast/regions/scrollable-single-region-rl-expected.html: Added.
* fast/regions/scrollable-single-region-rl.html: Added.
* fast/regions/scrollable-single-region.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165130 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMore FTL ARM fixes
fpizlo@apple.com [Wed, 5 Mar 2014 22:01:57 +0000 (22:01 +0000)]
More FTL ARM fixes
https://bugs.webkit.org/show_bug.cgi?id=129755

Reviewed by Geoffrey Garen.

- Be more defensive about inline caches that have degenerate chains.

- Temporarily switch to allocating all MCJIT memory in the executable pool on non-x86
  platforms. The bug tracking the real fix is: https://bugs.webkit.org/show_bug.cgi?id=129756

- Don't even emit intrinsic declarations on non-x86 platforms.

- More debug printing support.

- Don't use vmCall() in the prologue. This should have crashed on all platforms all the time
  but somehow it gets lucky on x86.

* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::appendVariant):
(JSC::GetByIdStatus::computeForChain):
(JSC::GetByIdStatus::computeForStubInfo):
* bytecode/GetByIdStatus.h:
* bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::appendVariant):
(JSC::PutByIdStatus::computeForStubInfo):
* bytecode/PutByIdStatus.h:
* bytecode/StructureSet.h:
(JSC::StructureSet::overlaps):
* ftl/FTLCompile.cpp:
(JSC::FTL::mmAllocateDataSection):
* ftl/FTLDataSection.cpp:
(JSC::FTL::DataSection::DataSection):
(JSC::FTL::DataSection::~DataSection):
* ftl/FTLDataSection.h:
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::lower):
* ftl/FTLOutput.h:
(JSC::FTL::Output::doubleSin):
(JSC::FTL::Output::doubleCos):
* runtime/JSCJSValue.cpp:
(JSC::JSValue::dumpInContext):
* runtime/JSCell.h:
(JSC::JSCell::structureID):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165129 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[Win32][LLINT] Crash when running JSC stress tests.
commit-queue@webkit.org [Wed, 5 Mar 2014 21:57:26 +0000 (21:57 +0000)]
[Win32][LLINT] Crash when running JSC stress tests.
https://bugs.webkit.org/show_bug.cgi?id=129429

Source/JavaScriptCore:

On Windows the reserved stack space consists of committed memory, a guard page, and uncommitted memory,
where the guard page is a barrier between committed and uncommitted memory.
When data from the guard page is read or written, the guard page is moved, and memory is committed.
This is how the system grows the stack.
When using the C stack on Windows we need to precommit the needed stack space.
Otherwise we might crash later if we access uncommitted stack memory.
This can happen if we allocate stack space larger than the page guard size (4K).
The system does not get the chance to move the guard page, and commit more memory,
and we crash if uncommitted memory is accessed.
The MSVC compiler fixes this by inserting a call to the _chkstk() function,
when needed, see http://support.microsoft.com/kb/100775.

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-03-05
Reviewed by Geoffrey Garen.

* JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh: Enable LLINT.
* jit/Repatch.cpp:
(JSC::writeBarrier): Compile fix when DFG_JIT is not enabled.
* offlineasm/x86.rb: Compile fix, and small simplification.
* runtime/VM.cpp:
(JSC::preCommitStackMemory): Added function to precommit stack memory.
(JSC::VM::updateStackLimit): Call function to precommit stack memory when stack limit is updated.

Source/WTF:

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-03-05
Reviewed by Geoffrey Garen.

* wtf/Platform.h: Enable LLINT on Win32.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165128 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSubpixel rendering: Device pixel round accumulated subpixel value when the RenderLaye...
zalan@apple.com [Wed, 5 Mar 2014 21:56:51 +0000 (21:56 +0000)]
Subpixel rendering: Device pixel round accumulated subpixel value when the RenderLayer with transform paints its content.
https://bugs.webkit.org/show_bug.cgi?id=129079

Reviewed by Simon Fraser.

Snap the content to the device pixel position (as opposed to integral position) before
applying the transform. Recalculate the remaining subpixels that need offsetting at painting time.

Source/WebCore:

Test: compositing/hidpi-absolute-subpixel-positioned-transformed-elements.html

* platform/graphics/LayoutPoint.h:
(WebCore::roundedForPainting):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::paintLayerByApplyingTransform):

LayoutTests:

* compositing/hidpi-absolute-subpixel-positioned-transformed-elements-expected.html: Added.
* compositing/hidpi-absolute-subpixel-positioned-transformed-elements.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165127 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoFix a stupid error in r165118 that caused userVisibleString()
simon.fraser@apple.com [Wed, 5 Mar 2014 21:40:30 +0000 (21:40 +0000)]
Fix a stupid error in r165118 that caused userVisibleString()
to call itself recursively.

* WebProcess/WebCoreSupport/mac/WebEditorClientMac.mm:
(WebKit::WebEditorClient::userVisibleString):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165126 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS] Show external device name/type in placeholder
eric.carlson@apple.com [Wed, 5 Mar 2014 21:37:38 +0000 (21:37 +0000)]
[iOS] Show external device name/type in placeholder
https://bugs.webkit.org/show_bug.cgi?id=129723

Reviewed by Jer Noble.

Source/WebCore:

Make the name and type of the external device available to the JS based controls.
* Modules/mediacontrols/MediaControlsHost.cpp:
(WebCore::MediaControlsHost::externalDeviceDisplayName):
(WebCore::MediaControlsHost::externalDeviceType):
* Modules/mediacontrols/MediaControlsHost.h:
* Modules/mediacontrols/MediaControlsHost.idl:

* Modules/mediacontrols/mediaControlsiOS.js:
(ControllerIOS.prototype.updateWirelessPlaybackStatus): Display device type-specific infomation
    in the placeholder image.

* WebCore.exp.in: Export new WebKitSystemInterface functions.

* platform/graphics/MediaPlayer.cpp:
(WebCore::MediaPlayer::wirelessPlaybackTargetName): Added.
(WebCore::MediaPlayer::wirelessPlaybackTargetType): Ditto.
* platform/graphics/MediaPlayer.h:
* platform/graphics/MediaPlayerPrivate.h:

* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::wirelessPlaybackTargetType): Added.
(WebCore::MediaPlayerPrivateAVFoundationObjC::wirelessPlaybackTargetName): Ditto.

* platform/ios/WebCoreSystemInterfaceIOS.mm:
* platform/mac/WebCoreSystemInterface.h:
* platform/mac/WebCoreSystemInterface.mm:

Source/WebKit/mac:

* WebCoreSupport/WebSystemInterface.mm:
(InitWebCoreSystemInterface):

WebKitLibraries:

* WebKitSystemInterface.h:
* libWebKitSystemInterfaceLion.a:
* libWebKitSystemInterfaceMavericks.a:
* libWebKitSystemInterfaceMountainLion.a:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165125 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS] Rename the various VisibleExtent variations to exposedContentRect
benjamin@webkit.org [Wed, 5 Mar 2014 21:30:08 +0000 (21:30 +0000)]
[iOS] Rename the various VisibleExtent variations to exposedContentRect
https://bugs.webkit.org/show_bug.cgi?id=129728

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-03-05
Reviewed by Simon Fraser.

Source/WebCore:

Rename DocumentVisibleExtent and VisibleExtentContentRect to ExposedContentRect in a desperate
attempt to make things a tiny little bit less confusing.

The name is ExposedContentRect and not ExposedRect as that rect is exposed on ScrollView, while the
rect is in document coordinates (which does not make any difference on WebKit1...).

* WebCore.exp.in:
* platform/ScrollView.h:
* platform/ios/ScrollViewIOS.mm:
(WebCore::ScrollView::exposedContentRect):
(WebCore::ScrollView::setExposedContentRect):
* platform/ios/wak/WAKScrollView.h:
* platform/ios/wak/WAKScrollView.mm:
(-[WAKScrollView exposedContentRect]):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::flushPendingLayerChanges):
(WebCore::RenderLayerCompositor::didChangeVisibleRect):

Source/WebKit2:

* WebProcess/WebPage/DrawingArea.h:
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::updateVisibleContentRects):
* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h:
* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:
(WebKit::RemoteLayerTreeDrawingArea::setExposedContentRect):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165124 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed. Fix the Apple-internal builds.
dino@apple.com [Wed, 5 Mar 2014 21:13:56 +0000 (21:13 +0000)]
Unreviewed. Fix the Apple-internal builds.

* Configurations/WebKit2.xcconfig: Add -framework OpenGL.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165122 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoJSDataViewPrototype::getData() and setData() crash on platforms that don't allow...
msaboff@apple.com [Wed, 5 Mar 2014 21:01:35 +0000 (21:01 +0000)]
JSDataViewPrototype::getData() and setData() crash on platforms that don't allow unaligned accesses
https://bugs.webkit.org/show_bug.cgi?id=129746

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Changed to use a union to manually assemble or disassemble the various types
from / to the corresponding bytes.  All memory access is now done using
byte accesses.

* runtime/JSDataViewPrototype.cpp:
(JSC::getData):
(JSC::setData):

LayoutTests:

New test to validate proper operation of DataView operations at
various byte offsets using both little and big endian.

* js/arraybuffer-dataview-expected.txt: Added.
* js/arraybuffer-dataview.html: Added.
* js/script-tests/arraybuffer-dataview.js: Added.
(paddedHex):
(byteString):
(clearView):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165121 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoFTL loadStructure always generates invalid IR
fpizlo@apple.com [Wed, 5 Mar 2014 20:26:58 +0000 (20:26 +0000)]
FTL loadStructure always generates invalid IR
https://bugs.webkit.org/show_bug.cgi?id=129747

Reviewed by Mark Hahnenberg.

As the comment at the top of FTL::Output states, the FTL doesn't use LLVM's notion
of pointers. LLVM's notion of pointers tries to model C, in the sense that you have
to have a pointer to a type, and you can only load things of that type from that
pointer. Pointer arithmetic is basically not possible except through the bizarre
getelementptr operator. This doesn't fit with how the JS object model works since
the JS object model doesn't consist of nice and tidy C types placed in C arrays.
Also, it would be impossible to use getelementptr and LLVM pointers for accessing
any of JSC's C or C++ objects unless we went through the exercise of redeclaring
all of our fundamental data structures in LLVM IR as LLVM types. Clang could do
this for us, but that would require that to use the FTL, JSC itself would have to
be compiled with clang. Worse, it would have to be compiled with a clang that uses
a version of LLVM that is compatible with the one against which the FTL is linked.
Yuck!

The solution is to NEVER use LLVM pointers. This has always been the case in the
FTL. But it causes some confusion.

Not using LLVM pointers means that if the FTL has a "pointer", it's actually a
pointer-wide integer (m_out.intPtr in FTL-speak). The act of "loading" and
"storing" from or to a pointer involves first bitcasting the intPtr to a real LLVM
pointer that has the type that we want. The load and store operations over pointers
are called Output::load* and Output::store*, where * is one of "8", "16", "32",
"64", "Ptr", "Float", or "Double.

There is unavoidable confusion here. It would be bizarre for the FTL to call its
"pointer-wide integers" anything other than "pointers", since they are, in all
respects that we care about, simply pointers. But they are *not* LLVM pointers and
they never will be that.

There is one exception to this "no pointers" rule. The FTL does use actual LLVM
pointers for refering to LLVM alloca's - i.e. local variables. To try to reduce
confusion, we call these "references". So an "FTL reference" is actually an "LLVM
pointer", while an "FTL pointer" is actually an "LLVM integer". FTL references have
methods for access called Output::get and Output::set. These lower to LLVM load
and store, since FTL references are just LLVM pointers.

This confusion appears to have led to incorrect code in loadStructure().
loadStructure() was using get() and set() to access FTL pointers. But those methods
don't work on FTL pointers and never will, since they are for FTL references.

The worst part of this is that it was previously impossible to have test coverage
for the relevant path (MasqueradesAsUndefined) without writing a DRT test. This
patch fixes this by introducing a Masquerader object to jsc.cpp.

* ftl/FTLAbstractHeapRepository.h: Add an abstract heap for the structure table.
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::loadStructure): This was wrong.
* ftl/FTLOutput.h: Add a comment to disuade people from using get() and set().
* jsc.cpp: Give us the power to test for MasqueradesAsUndefined.
(WTF::Masquerader::Masquerader):
(WTF::Masquerader::create):
(WTF::Masquerader::createStructure):
(GlobalObject::finishCreation):
(functionMakeMasquerader):
* tests/stress/equals-masquerader.js: Added.
(foo):
(test):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165119 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoObjC exception when dropping files into a WKView: drag and drop uses code from WebKit...
simon.fraser@apple.com [Wed, 5 Mar 2014 20:16:10 +0000 (20:16 +0000)]
ObjC exception when dropping files into a WKView: drag and drop uses code from WebKit.framework
https://bugs.webkit.org/show_bug.cgi?id=129752

Source/WebCore:

Reviewed by Enrica Casucci.

Add C functions for NSURL-related functionality required by WebKit2

* WebCore.exp.in:
* platform/mac/WebCoreNSURLExtras.h:
* platform/mac/WebCoreNSURLExtras.mm:
(WebCore::URLByCanonicalizingURL):
(WebCore::rangeOfURLScheme):
(WebCore::looksLikeAbsoluteURL):

Source/WebKit/mac:

Reviewed by Enrica Casucci.

Call URLByCanonicalizingURL() which is implemented in WebCore.

* Misc/WebNSURLExtras.mm:
(-[NSURL _webkit_canonicalize]):

Source/WebKit2:

Reviewed by Enrica Casucci.

Get WebDragClientMac off of all WebKit headers, and WebEditorClientMac off
all but one by using C functions from WebCoreNSURLExtras.h rather than
the NSURL category.

* WebProcess/WebCoreSupport/mac/WebDragClientMac.mm:
(WebKit::WebDragClient::declareAndWriteDragImage):
* WebProcess/WebCoreSupport/mac/WebEditorClientMac.mm:
(WebKit::WebEditorClient::userVisibleString):
(WebKit::WebEditorClient::canonicalizeURL):
(WebKit::WebEditorClient::canonicalizeURLString):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165118 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAdd support for sessions to MemoryCache.
commit-queue@webkit.org [Wed, 5 Mar 2014 20:11:03 +0000 (20:11 +0000)]
Add support for sessions to MemoryCache.
https://bugs.webkit.org/show_bug.cgi?id=127794

Patch by Martin Hock <mhock@apple.com> on 2014-03-05
Reviewed by Sam Weinig.

Source/WebCore:

* WebCore.exp.in:
* editing/DeleteButtonController.cpp:
(WebCore::DeleteButtonController::createDeletionUI): Initialize CachedImage with sessionID.
* html/DOMURL.cpp:
(WebCore::DOMURL::revokeObjectURL): Remove URL from MemoryCache for all sessions.
* inspector/InspectorPageAgent.cpp:
(WebCore::InspectorPageAgent::cachedResource): Pass sessionID to MemoryCache.
* inspector/InspectorResourceAgent.cpp:
(WebCore::InspectorResourceAgent::replayXHR): Ditto.
* loader/DocumentLoader.cpp:
(WebCore::areAllLoadersPageCacheAcceptable): Ditto.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::tellClientAboutPastMemoryCacheLoads): Ditto.
* loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement): Initialize CachedImage with sessionID.
* loader/archive/cf/LegacyWebArchive.cpp:
(WebCore::LegacyWebArchive::create): Pass sessionID to MemoryCache.
* loader/cache/CachedCSSStyleSheet.cpp:
(WebCore::CachedCSSStyleSheet::CachedCSSStyleSheet): Constructor takes sessionID.
* loader/cache/CachedCSSStyleSheet.h:
* loader/cache/CachedFont.cpp: Ditto.
(WebCore::CachedFont::CachedFont):
* loader/cache/CachedFont.h:
* loader/cache/CachedImage.cpp: Ditto.
(WebCore::CachedImage::CachedImage):
* loader/cache/CachedImage.h:
* loader/cache/CachedRawResource.cpp: Ditto.
(WebCore::CachedRawResource::CachedRawResource):
* loader/cache/CachedRawResource.h:
* loader/cache/CachedResource.cpp: Ditto.
(WebCore::CachedResource::CachedResource):
(WebCore::CachedResource::~CachedResource): Pass sessionID to MemoryCache.
* loader/cache/CachedResource.h:
(WebCore::CachedResource::sessionID):
* loader/cache/CachedResourceLoader.cpp:
(WebCore::createResource): Constructors take sessionID.
(WebCore::CachedResourceLoader::sessionID): Retrieve sessionID from page.
(WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Pass sessionID to MemoryCache.
(WebCore::CachedResourceLoader::requestResource): Initialize CachedCSSStyleSheet with sessionID.
(WebCore::CachedResourceLoader::revalidateResource): Initialize cached resource with sessionID.
(WebCore::CachedResourceLoader::loadResource): Pass sessionID to MemoryCache and initialize cached resource with sessionID.
* loader/cache/CachedResourceLoader.h:
* loader/cache/CachedSVGDocument.cpp: Constructor takes sessionID.
(WebCore::CachedSVGDocument::CachedSVGDocument):
* loader/cache/CachedSVGDocument.h:
* loader/cache/CachedScript.cpp: Ditto.
(WebCore::CachedScript::CachedScript):
* loader/cache/CachedScript.h:
* loader/cache/CachedTextTrack.cpp: Ditto.
(WebCore::CachedTextTrack::CachedTextTrack):
* loader/cache/CachedTextTrack.h:
* loader/cache/CachedXSLStyleSheet.cpp: Ditto.
(WebCore::CachedXSLStyleSheet::CachedXSLStyleSheet):
* loader/cache/CachedXSLStyleSheet.h:
* loader/cache/MemoryCache.cpp:
(WebCore::MemoryCache::getSessionMap): Retrieve CachedResourceMap based on sessionID.
(WebCore::MemoryCache::add): Use sessionID from CachedResource parameter.
(WebCore::MemoryCache::revalidationSucceeded): Add sessionID parameter.
(WebCore::MemoryCache::resourceForURL): Ditto.
(WebCore::MemoryCache::resourceForRequest): Ditto, also move impl into impl method.
(WebCore::MemoryCache::resourceForRequestImpl): Add CachedResourceMap parameter.
(WebCore::MemoryCache::addImageToCache): Use default sessionID.
(WebCore::MemoryCache::removeImageFromCache): Ditto.
(WebCore::MemoryCache::evict): Use sessionID from CachedResource parameter.
(WebCore::MemoryCache::removeResourcesWithOrigin): Iterate through all CachedResourceMaps.
(WebCore::MemoryCache::getOriginsWithCache): Ditto.
(WebCore::MemoryCache::removeUrlFromCache): Add sessionID parameter.
(WebCore::MemoryCache::removeRequestFromCache): Ditto.
(WebCore::MemoryCache::removeRequestFromSessionCaches): Remove request from all CachedResourceMaps, with multithread support.
(WebCore::MemoryCache::removeRequestFromCacheImpl): Add sessionID parameter.
(WebCore::MemoryCache::removeRequestFromSessionCachesImpl): Iterate through all CachedResourceMaps.
(WebCore::MemoryCache::crossThreadRemoveRequestFromCache): Add sessionID parameter.
(WebCore::MemoryCache::crossThreadRemoveRequestFromSessionCaches): Pass on request to removeRequestFromSessionCachesImpl.
(WebCore::MemoryCache::getStatistics): Iterate through all CachedResourceMaps.
(WebCore::MemoryCache::setDisabled): Ditto.
* loader/cache/MemoryCache.h: Create another level for cache.
* platform/CrossThreadCopier.cpp: Allow copying SessionIDs across threads.
(WebCore::SessionID>::copy):
* platform/CrossThreadCopier.h:
* platform/network/cf/ResourceRequest.h:
(WebCore::ResourceRequest::ResourceRequest): Remove trailing whitespace.
* rendering/RenderSnapshottedPlugIn.cpp:
(WebCore::RenderSnapshottedPlugIn::updateSnapshot): Initialize CachedImage with sessionID.
* testing/Internals.cpp:
(WebCore::Internals::isLoadingFromMemoryCache): Pass sessionID to MemoryCache.

Source/WebKit:

* WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in:

Source/WebKit2:

* NetworkProcess/NetworkResourceLoader.h: Add sessionID() method.
(WebKit::NetworkResourceLoader::sessionID):
* NetworkProcess/mac/DiskCacheMonitor.h: Add sessionID member.
* NetworkProcess/mac/DiskCacheMonitor.mm:
(WebKit::DiskCacheMonitor::DiskCacheMonitor): Send sessionID to NetworkProcessConnection::DidCacheResource.
* WebProcess/Network/NetworkProcessConnection.cpp: Add sessionID parameter to didCacheResource and pass to MemoryCache.
(WebKit::NetworkProcessConnection::didCacheResource):
* WebProcess/Network/NetworkProcessConnection.h: Ditto.
* WebProcess/Network/NetworkProcessConnection.messages.in: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165117 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS WebKit2] support multi-select and select with groups for iPhone.
enrica@apple.com [Wed, 5 Mar 2014 19:48:32 +0000 (19:48 +0000)]
[iOS WebKit2] support multi-select and select with groups for iPhone.
https://bugs.webkit.org/show_bug.cgi?id=129344
<rdar://problem/16206928>

Reviewed by Simon Fraser.

This is the remaining work on select element support on iOS.
This adds multi-select and select with group support with UI
for iPhone that uses UIPickerView.

* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView resignFirstResponder]):
(-[WKContentView inputAccessoryView]): Removed incorrect early return.
(-[WKContentView _stopAssistingNode]):
* UIProcess/ios/forms/WKFormSelectControl.h:
* UIProcess/ios/forms/WKFormSelectControl.mm:
(adjustedFontSize): Moved here to make it available to both picker and
popover based implementations.
(-[WKFormSelectControl initWithView:]):
* UIProcess/ios/forms/WKFormSelectPicker.mm:
(-[WKOptionPickerCell _isSelectable]):
(-[WKOptionPickerCell initCommon]):
(-[WKOptionPickerCell initWithOptionItem:]):
(-[WKOptionGroupPickerCell initWithOptionItem:]):
(-[WKOptionGroupPickerCell labelWidthForBounds:]):
(-[WKOptionGroupPickerCell layoutSubviews]):
(-[WKMultipleSelectPicker initWithView:]):
(-[WKMultipleSelectPicker dealloc]):
(-[WKMultipleSelectPicker controlView]):
(-[WKMultipleSelectPicker controlBeginEditing]):
(-[WKMultipleSelectPicker controlEndEditing]):
(-[WKMultipleSelectPicker layoutSubviews]):
(-[WKMultipleSelectPicker pickerView:viewForRow:forComponent:reusingView:]):
(-[WKMultipleSelectPicker numberOfComponentsInPickerView:]):
(-[WKMultipleSelectPicker pickerView:numberOfRowsInComponent:]):
(-[WKMultipleSelectPicker findItemIndexAt:]):
(-[WKMultipleSelectPicker pickerView:row:column:checked:]):
(-[WKSelectSinglePicker initWithView:]):
(-[WKSelectSinglePicker controlEndEditing]):
* UIProcess/ios/forms/WKFormSelectPopover.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165116 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoTweak after r165109 to avoid extra copies
andersca@apple.com [Wed, 5 Mar 2014 18:59:58 +0000 (18:59 +0000)]
Tweak after r165109 to avoid extra copies
https://bugs.webkit.org/show_bug.cgi?id=129745

Reviewed by Geoffrey Garen.

* heap/Heap.cpp:
(JSC::Heap::visitProtectedObjects):
(JSC::Heap::visitTempSortVectors):
(JSC::Heap::clearRememberedSet):
* heap/Heap.h:
(JSC::Heap::forEachProtectedCell):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165115 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK][CMake] Generate documentation for the DOM bindings
mrobinson@webkit.org [Wed, 5 Mar 2014 18:37:59 +0000 (18:37 +0000)]
[GTK][CMake] Generate documentation for the DOM bindings
https://bugs.webkit.org/show_bug.cgi?id=126211

Reviewed by Carlos Garcia Campos.

Source/WebCore:

* PlatformGTK.cmake: Add some files to the GObjectDOMBindings build, so that the
doc generation succeeds. Have the GObjectDOMBindings_INSTALLED_HEADERS variable contain
all installed headers and use another variable for GIR generation. Create the configuration
file for the gtkdoc generation.

Source/WebKit:

* PlatformGTK.cmake: The list of headers for GIR generation has a better name
now.

Source/WebKit2:

* PlatformGTK.cmake: The list of headers for GIR generation has a better name now.

Tools:

* gtk/GNUmakefile.am: No longer generation sections and SGML files in the makefile.
* gtk/generate-gtkdoc: Call the code from webkitdom.py to generate sections and SGML files.
* gtk/generate-webkitdom-doc-files: Removed.
* gtk/webkitdom.py: Moved WebKit GObject DOM bindings doc generation code here, so
that it can be called by generate-gtkdoc.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165114 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSubpixel rendering: Wrong cliprect on absolute positioned elements.
zalan@apple.com [Wed, 5 Mar 2014 18:11:50 +0000 (18:11 +0000)]
Subpixel rendering: Wrong cliprect on absolute positioned elements.
https://bugs.webkit.org/show_bug.cgi?id=129656

Reviewed by Simon Fraser.

outlineBoundsForRepaint() is expected to return the outline repaint rect. Using enclosingIntRect()
to calculate the outline boundaries breaks repaint logic in RenderElement::repaintAfterLayoutIfNeeded().
Since enclosingIntRect() can return bigger rect than repaint rect, the old/new bounds' dimensions could end up
being different which triggers the size change repaint code path.

Source/WebCore:

Test: fast/repaint/hidpi-absolute-positioned-element-wrong-cliprect-after-move.html

* rendering/RenderBox.cpp:
(WebCore::RenderBox::outlineBoundsForRepaint):
* rendering/RenderElement.cpp:
(WebCore::RenderElement::repaintAfterLayoutIfNeeded):
* rendering/svg/RenderSVGModelObject.cpp:
(WebCore::RenderSVGModelObject::outlineBoundsForRepaint):

LayoutTests:

* fast/repaint/hidpi-absolute-positioned-element-wrong-cliprect-after-move-expected.txt: Added.
* fast/repaint/hidpi-absolute-positioned-element-wrong-cliprect-after-move.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165113 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoDFGStoreBarrierElisionPhase should should GCState directly instead of m_gcClobberSet...
mhahnenberg@apple.com [Wed, 5 Mar 2014 17:43:57 +0000 (17:43 +0000)]
DFGStoreBarrierElisionPhase should should GCState directly instead of m_gcClobberSet when calling writesOverlap()
https://bugs.webkit.org/show_bug.cgi?id=129717

Reviewed by Filip Pizlo.

* dfg/DFGStoreBarrierElisionPhase.cpp:
(JSC::DFG::StoreBarrierElisionPhase::StoreBarrierElisionPhase):
(JSC::DFG::StoreBarrierElisionPhase::couldCauseGC):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165112 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK][CMake] build-webkit should rerun cmake if the Makefile is missing
mrobinson@webkit.org [Wed, 5 Mar 2014 16:52:29 +0000 (16:52 +0000)]
[GTK][CMake] build-webkit should rerun cmake if the Makefile is missing
https://bugs.webkit.org/show_bug.cgi?id=129380

Reviewed by Philippe Normand.

* Scripts/webkitdirs.pm:
(generateBuildSystemFromCMakeProject): Check for the existence of the Makefile before
skipping CMake execution.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165111 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] The jhbuild environment should have the latest stable release of gtk-doc
mrobinson@webkit.org [Wed, 5 Mar 2014 16:46:53 +0000 (16:46 +0000)]
[GTK] The jhbuild environment should have the latest stable release of gtk-doc
https://bugs.webkit.org/show_bug.cgi?id=129651

Reviewed by Philippe Normand.

* gtk/jhbuild.modules: Add gtk-doc to the list of modules.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165110 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUse range-based loops where possible in Heap methods
mhahnenberg@apple.com [Wed, 5 Mar 2014 16:46:23 +0000 (16:46 +0000)]
Use range-based loops where possible in Heap methods
https://bugs.webkit.org/show_bug.cgi?id=129513

Reviewed by Mark Lam.

Replace old school iterator based loops with the new range-based loop hotness
for a better tomorrow.

* heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::~CodeBlockSet):
(JSC::CodeBlockSet::clearMarks):
(JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
(JSC::CodeBlockSet::traceMarked):
* heap/Heap.cpp:
(JSC::Heap::visitProtectedObjects):
(JSC::Heap::visitTempSortVectors):
(JSC::Heap::clearRememberedSet):
* heap/Heap.h:
(JSC::Heap::forEachProtectedCell):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165109 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] Give the WebKit GObject DOM bindings API break detection it's own buildbot...
mrobinson@webkit.org [Wed, 5 Mar 2014 15:48:29 +0000 (15:48 +0000)]
[GTK] Give the WebKit GObject DOM bindings API break detection it's own buildbot bubble
https://bugs.webkit.org/show_bug.cgi?id=129637

Reviewed by Carlos Garcia Campos.

* BuildSlaveSupport/build.webkit.org-config/master.cfg:
(RunGtkWebKitGObjectDOMBindingsAPIBreakTests): Added this test runner.
(RunGtkWebKitGObjectDOMBindingsAPIBreakTests.commandComplete): Run the breakage test command and scan the output.
(RunGtkWebKitGObjectDOMBindingsAPIBreakTests.evaluateCommand): Return failure if there is missing API (an API break).
New API typically just requires a rebaseline and isn't necessarily a faiulre.
(TestFactory.__init__): Add the test for GTK+.
* BuildSlaveSupport/build.webkit.org-config/mastercfg_unittest.py: Add a unit test for the new bubble.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165108 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSource/WebCore: [ATK] Expose missing functionalities of AtkTableCell to AT.
k.czech@samsung.com [Wed, 5 Mar 2014 15:16:08 +0000 (15:16 +0000)]
Source/WebCore: [ATK] Expose missing functionalities of AtkTableCell to AT.
https://bugs.webkit.org/show_bug.cgi?id=129492

Reviewed by Mario Sanchez Prada.

Implemented missing API of AtkTableCell.

No new tests. Covered by existing ones.

* accessibility/atk/WebKitAccessibleInterfaceTableCell.cpp:
(webkitAccessibleTableCellGetColumnSpan):
(webkitAccessibleTableCellGetRowSpan):
(webkitAccessibleTableCellGetPosition):
(webkitAccessibleTableCellGetTable):
(webkitAccessibleTableCellInterfaceInit):

Tools: [ATK] Expose missing functionalities of AtkTableCell to AT
https://bugs.webkit.org/show_bug.cgi?id=129492

Reviewed by Mario Sanchez Prada.

Reducing some code by using new API of AtkTableCell.

* DumpRenderTree/atk/AccessibilityUIElementAtk.cpp:
* WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165107 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GStreamer] WebSource doesn't need the "iradio-mode" property
agomez@igalia.com [Wed, 5 Mar 2014 14:49:04 +0000 (14:49 +0000)]
[GStreamer] WebSource doesn't need the "iradio-mode" property
https://bugs.webkit.org/show_bug.cgi?id=129685

Reviewed by Philippe Normand.

Removed the "iradio-mode" property from the WK source element
since this was only available for its modification from
playbin/uridecodebin and, as discussed in GStreamer bug #725383,
it was not being set and now is going to be removed.

It is safe just to send always the "icy-metadata" header set and
deal with returning "icy" headers as we were already doing.

* platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
(webKitWebSrcSetProperty):
(webKitWebSrcGetProperty):
(webKitWebSrcStart):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165106 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoCopying wrapping text results in multiple spaces between wrapped lines stripped.
commit-queue@webkit.org [Wed, 5 Mar 2014 14:02:06 +0000 (14:02 +0000)]
Copying wrapping text results in multiple spaces between wrapped lines stripped.
https://bugs.webkit.org/show_bug.cgi?id=129609.

Patch by Chang Shu <cshu@webkit.org> on 2014-03-05
Reviewed by Ryosuke Niwa.

Source/WebCore:

While checking the condition of restoring the missing space, the collapsed spaces
may not be exactly one.

editing/pasteboard/copy-text-with-wrapped-tag.html is enhanced to test this case.

* editing/TextIterator.cpp:
(WebCore::TextIterator::handleTextBox):

LayoutTests:

* editing/pasteboard/copy-text-with-wrapped-tag-expected.txt:
* editing/pasteboard/copy-text-with-wrapped-tag.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165105 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[EFL] Update baselines and test expectations
commit-queue@webkit.org [Wed, 5 Mar 2014 13:26:53 +0000 (13:26 +0000)]
[EFL] Update baselines and test expectations
https://bugs.webkit.org/show_bug.cgi?id=129737

Unreviewed EFL gardening.

Patch by Krzysztof Wolanski <k.wolanski@samsung.com> on 2014-03-05

* TestExpectations:
* platform/efl-wk2/TestExpectations:
* platform/efl/fast/table/col-and-colgroup-offsets-expected.txt: Added.
Test was failing due to platform-specific numeric differences in the computed offsetHeight of the table cells.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165104 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoappendChild shouldn't invalidate LiveNodeLists and HTMLCollections if they don't...
rniwa@webkit.org [Wed, 5 Mar 2014 10:41:48 +0000 (10:41 +0000)]
appendChild shouldn't invalidate LiveNodeLists and HTMLCollections if they don't have valid caches
https://bugs.webkit.org/show_bug.cgi?id=129727

Reviewed by Andreas Kling.

Before this patch, invalidateNodeListAndCollectionCachesInAncestors invalidated node lists and HTML
collections on ancestors of a node whenever we're inserting or removing a child node. This patch
makes HTMLCollections and LiveNodeLists register themselves with Document only when they have valid
caches.

Each user of CollectionIndexCache now implements willValidateIndexCache member function that gets
called when CollectionIndexCache caches any state and necessitates the registration with document.

* dom/ChildNodeList.h: Added an empty willValidateIndexCache since child node lists are never
registered with document.

* dom/CollectionIndexCache.h:
(WebCore::CollectionIndexCache::hasValidCache): Added.
(WebCore::CollectionIndexCache::nodeCount): Calls willValidateIndexCache when caching node count.
(WebCore::CollectionIndexCache::nodeAfterCached): Ditto. Also assert that hasValidCache() true in
the cases where we're simply updating our caches or adding more caches.
(WebCore::CollectionIndexCache::nodeAt): Ditto. Also added a code to set the length cache when
we've reached the end of the list. This should be a slight speed up on some cases.

* dom/Document.cpp:
(WebCore::Document::Document): Initializes a variable used by assertions.
(WebCore::Document::unregisterNodeList): Added an early exit for when m_listsInvalidatedAtDocument
is empty since invalidateNodeListAndCollectionCaches swaps out the list.
(WebCore::Document::registerCollection): Removed the boolean hasIdNameMap since we now explicitly
call collectionCachedIdNameMap in HTMLCollection.
(WebCore::Document::unregisterCollection): Ditto. Exit early if m_collectionsInvalidatedAtDocument
is empty since invalidateNodeListAndCollectionCaches swaps out the list.
* dom/Document.h:

* dom/LiveNodeList.cpp:
(WebCore::LiveNodeList::invalidateCache): Unregister the node list with document if we had caches.
* dom/LiveNodeList.h:
(WebCore::LiveNodeList::LiveNodeList):
(WebCore::LiveNodeList::~LiveNodeList): Ditto.
(WebCore::LiveNodeList::invalidateCache): Pass around document. This is necessary since document()
had already moved to the new document inside NodeListsNodeData::invalidateCaches.
(WebCore::LiveNodeList::willValidateIndexCache): Added. Registers itself with document.

* dom/Node.cpp:
(WebCore::Document::invalidateNodeListAndCollectionCaches): Swap the lists since invalidateCache
tries to unregister node lists and HTML collections with document. Since this is the only case in
which node lists and HTML collections being removed may not be in the lists in unregisterNodeList
and unregisterCollection, assert this condition via m_inInvalidateNodeListAndCollectionCaches.
(WebCore::NodeListsNodeData::invalidateCaches):

* dom/NodeRareData.h:
(WebCore::NodeListsNodeData::adoptDocument): Unregister node lists and HTML collections from old
document via invalidateCache. We need to explicitly pass in oldDocument here since owner node's
document had already been changed to newDocument at this point. Since we're invalidating caches,
there is no need to register node lists and HTML collections with newDocument.

* html/HTMLCollection.cpp:
(WebCore::HTMLCollection::HTMLCollection):
(WebCore::HTMLCollection::~HTMLCollection): Unregister the node list with document if we had caches.
(WebCore::HTMLCollection::invalidateCache): Ditto.
(WebCore::HTMLCollection::invalidateNamedElementCache):
* html/HTMLCollection.h:
(WebCore::HTMLCollection::invalidateCache): Pass around document as done in LiveNodeList.
(WebCore::HTMLCollection::willValidateIndexCache): Ditto.

* html/HTMLFormControlsCollection.cpp:
(WebCore::HTMLFormControlsCollection::invalidateCache): Ditto.
* html/HTMLFormControlsCollection.h:

* html/HTMLSelectElement.cpp:
(WebCore::HTMLSelectElement::invalidateSelectedItems): Ditto.
(WebCore::HTMLSelectElement::setRecalcListItems): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165103 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoRemove unsupported spelling tests.
g.czajkowski@samsung.com [Wed, 5 Mar 2014 10:35:14 +0000 (10:35 +0000)]
Remove unsupported spelling tests.
https://bugs.webkit.org/show_bug.cgi?id=129482

Reviewed by Ryosuke Niwa.

Remove two spelling tests that require spellchecking of multiple words.
Currently, neither WebKit port is supporting this feature.
Those tests were added by Chromium at r141354.

* editing/spelling/spelling-exactly-selected-multiple-words-expected.txt: Removed.
* editing/spelling/spelling-exactly-selected-multiple-words.html: Removed.
* editing/spelling/spelling-should-select-multiple-words-expected.txt: Removed.
* editing/spelling/spelling-should-select-multiple-words.html: Removed.

* platform/efl-wk2/TestExpectations:
* platform/gtk/TestExpectations:
* platform/mac-wk2/TestExpectations:
* platform/mac/TestExpectations:
* platform/win/TestExpectations:
* platform/wincairo/TestExpectations:
Clear TestExpectations.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165102 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoRefactoring spelling-insert-html.html to use asynchronous spellchecking
g.czajkowski@samsung.com [Wed, 5 Mar 2014 10:20:23 +0000 (10:20 +0000)]
Refactoring spelling-insert-html.html to use asynchronous spellchecking
https://bugs.webkit.org/show_bug.cgi?id=129422

Reviewed by Ryosuke Niwa.

Use asynchronous text checking in spelling-insert-html.html.
Add more logs to the test expectation so that it becomes
more descriptive.

Additionally, the word "foo" was changed to "moo" due to
only Mac had recognized this word as spelled correctly.

* editing/spelling/spelling-insert-html-expected.txt:
* editing/spelling/spelling-insert-html.html:

* platform/efl/TestExpectations:
Remove failing expectation for EFL.

* platform/gtk-wk2/TestExpectations:
* platform/gtk/TestExpectations:
Skip the tests for GTK+ because of missing asynchronous spellchecking.

* platform/mac-wk2/TestExpectations:
Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165101 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoFix linker error after r165087
jonlee@apple.com [Wed, 5 Mar 2014 09:13:24 +0000 (09:13 +0000)]
Fix linker error after r165087
https://bugs.webkit.org/show_bug.cgi?id=129730

Reviewed by Csaba Osztrogon√°c.

* WebCore.exp.in: Remove undefined symbol __ZN7WebCore32WebVideoFullscreenChangeObserverD2Ev.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165100 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoDFG and FTL should specialize for and support CompareStrictEq over Misc (i.e. boolean...
fpizlo@apple.com [Wed, 5 Mar 2014 07:41:03 +0000 (07:41 +0000)]
DFG and FTL should specialize for and support CompareStrictEq over Misc (i.e. boolean, undefined, or null)
https://bugs.webkit.org/show_bug.cgi?id=129563

Source/JavaScriptCore:

Reviewed by Geoffrey Garen.

Rolling this back in after fixing an assertion failure. speculateMisc() should have
said DFG_TYPE_CHECK instead of typeCheck.

This adds a specialization of CompareStrictEq over Misc. I noticed the need for this
when I saw that we didn't support CompareStrictEq(Untyped) in FTL but that the main
user of this was EarleyBoyer, and in that benchmark what it was really doing was
comparing undefined, null, and booleans to each other.

This also adds support for miscellaneous things that I needed to make my various test
cases work. This includes comparison over booleans and the various Throw-related node
types.

This also improves constant folding of CompareStrictEq and CompareEq.

Also found a bug where we were claiming that GetByVals on typed arrays are OutOfBounds
based on profiling, which caused some downstream badness. We don't actually support
compiling OutOfBounds GetByVals on typed arrays. The DFG would ignore the flag and just
emit a bounds check, but in the FTL path, the SSA lowering phase would assume that it
shouldn't factor out the bounds check since the access is not InBounds but then the
backend would ignore the flag and assume that the bounds check was already emitted.
This showed up on an existing test but I added a test for this explicitly to have more
certain coverage. The fix is to not mark something as OutOfBounds if the semantics are
that we'll have a bounds check anyway.

This is a 1% speed-up on Octane mostly because of raytrace, but also because of just
general progressions across the board. No speed-up yet on EarleyBoyer, since there is
still a lot more coverage work to be done there.

* bytecode/SpeculatedType.cpp:
(JSC::speculationToAbbreviatedString):
(JSC::leastUpperBoundOfStrictlyEquivalentSpeculations):
(JSC::valuesCouldBeEqual):
* bytecode/SpeculatedType.h:
(JSC::isMiscSpeculation):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::refine):
* dfg/DFGArrayMode.h:
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::attemptToMakeGetArrayLength):
* dfg/DFGNode.h:
(JSC::DFG::Node::shouldSpeculateMisc):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::SafeToExecuteEdge::operator()):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileStrictEq):
(JSC::DFG::SpeculativeJIT::speculateMisc):
(JSC::DFG::SpeculativeJIT::speculate):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileMiscStrictEq):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileMiscStrictEq):
* dfg/DFGUseKind.cpp:
(WTF::printInternal):
* dfg/DFGUseKind.h:
(JSC::DFG::typeFilterFor):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileCompareEq):
(JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
(JSC::FTL::LowerDFGToLLVM::compileThrow):
(JSC::FTL::LowerDFGToLLVM::isNotMisc):
(JSC::FTL::LowerDFGToLLVM::isMisc):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::speculateMisc):
* tests/stress/float32-array-out-of-bounds.js: Added.
* tests/stress/weird-equality-folding-cases.js: Added.

LayoutTests:

Reviewed by Geoffrey Garen.

* js/regress/fold-strict-eq-expected.txt: Added.
* js/regress/fold-strict-eq.html: Added.
* js/regress/misc-strict-eq-expected.txt: Added.
* js/regress/misc-strict-eq.html: Added.
* js/regress/script-tests/fold-strict-eq.js: Added.
(foo):
(test):
* js/regress/script-tests/misc-strict-eq.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165099 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed, rolling out r165085.
commit-queue@webkit.org [Wed, 5 Mar 2014 07:25:02 +0000 (07:25 +0000)]
Unreviewed, rolling out r165085.
http://trac.webkit.org/changeset/165085
https://bugs.webkit.org/show_bug.cgi?id=129729

Broke imported/w3c/html-templates/template-element/template-
content.html (Requested by ap on #webkit).

Source/JavaScriptCore:

* bytecode/SpeculatedType.cpp:
(JSC::speculationToAbbreviatedString):
* bytecode/SpeculatedType.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::refine):
* dfg/DFGArrayMode.h:
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::attemptToMakeGetArrayLength):
* dfg/DFGNode.h:
(JSC::DFG::Node::shouldSpeculateBoolean):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::SafeToExecuteEdge::operator()):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileStrictEq):
(JSC::DFG::SpeculativeJIT::speculate):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
* dfg/DFGSpeculativeJIT64.cpp:
* dfg/DFGUseKind.cpp:
(WTF::printInternal):
* dfg/DFGUseKind.h:
(JSC::DFG::typeFilterFor):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileCompareEq):
(JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
(JSC::FTL::LowerDFGToLLVM::speculate):
* tests/stress/float32-array-out-of-bounds.js: Removed.
* tests/stress/weird-equality-folding-cases.js: Removed.

LayoutTests:

* js/regress/fold-strict-eq-expected.txt: Removed.
* js/regress/fold-strict-eq.html: Removed.
* js/regress/misc-strict-eq-expected.txt: Removed.
* js/regress/misc-strict-eq.html: Removed.
* js/regress/script-tests/fold-strict-eq.js: Removed.
* js/regress/script-tests/misc-strict-eq.js: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165098 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoPreparing to run layout tests on Wincairo.
commit-queue@webkit.org [Wed, 5 Mar 2014 06:24:23 +0000 (06:24 +0000)]
Preparing to run layout tests on Wincairo.
https://bugs.webkit.org/show_bug.cgi?id=129709

Patch by Alex Christensen <achristensen@webkit.org> on 2014-03-04
Reviewed by Brent Fulgham.

* Scripts/webkitdirs.pm:
(setPathForRunningWebKitApp):
Add GStreamer directory for WinCairo running layout tests.
* win/DLLLauncher/DLLLauncherMain.cpp:
(modifyPath):
Added the WinCairo bin32 or bin64 directory for running WinLauncher.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165097 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoFix the build after r165095
benjamin@webkit.org [Wed, 5 Mar 2014 05:55:28 +0000 (05:55 +0000)]
Fix the build after r165095

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-03-04

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _keyboardChangedWithInfo:adjustScrollView:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165096 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS][WK2] Account for the keyboard when computing the unobscuredRect
benjamin@webkit.org [Wed, 5 Mar 2014 05:37:40 +0000 (05:37 +0000)]
[iOS][WK2] Account for the keyboard when computing the unobscuredRect
https://bugs.webkit.org/show_bug.cgi?id=129660

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-03-04
Reviewed by Enrica Casucci.

Adjust the unobscuredRect when a docked keyboard is on screen.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _updateVisibleContentRectsWithStableState:]):
(-[WKWebView _keyboardChangedWithInfo:adjustScrollView:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165095 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoEnable device pixel repaint rect tracking.
zalan@apple.com [Wed, 5 Mar 2014 05:30:25 +0000 (05:30 +0000)]
Enable device pixel repaint rect tracking.
https://bugs.webkit.org/show_bug.cgi?id=129712

Reviewed by Simon Fraser.

Tracked repaint rects are device pixel snapped now to support hiDPI test cases.

Source/WebCore:

Test: fast/repaint/hidpi-device-pixel-based-repaint-rect-tracking.html

* WebCore.exp.in:
* page/FrameView.cpp:
(WebCore::FrameView::addTrackedRepaintRect):
(WebCore::FrameView::trackedRepaintRectsAsText): Print them as LayoutUnits to get
trailing zeros cut off.
* page/FrameView.h:
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::calculateClipRects):
* rendering/RenderLayer.h:
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::setContentsNeedDisplay):
(WebCore::RenderLayerBacking::setContentsNeedDisplayInRect):
* rendering/RenderView.cpp:
(WebCore::RenderView::repaintViewRectangle):

Source/WebKit/efl:

* WebCoreSupport/DumpRenderTreeSupportEfl.cpp:
(DumpRenderTreeSupportEfl::trackedRepaintRects):

Source/WebKit/gtk:

* WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
(DumpRenderTreeSupportGtk::trackedRepaintRects):

Source/WebKit/mac:

* WebView/WebView.mm:
(-[WebView trackedRepaintRects]): Keep existing behavior for now.

LayoutTests:

* fast/repaint/hidpi-device-pixel-based-repaint-rect-tracking-expected.txt: Added.
* fast/repaint/hidpi-device-pixel-based-repaint-rect-tracking.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165094 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoInspector does not restore breakpoints after a page reload
bburg@apple.com [Wed, 5 Mar 2014 04:44:15 +0000 (04:44 +0000)]
Inspector does not restore breakpoints after a page reload
https://bugs.webkit.org/show_bug.cgi?id=129655

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

Fix a regression introduced by r162096 that erroneously removed
the inspector backend's mapping of files to breakpoints whenever the
global object was cleared.

The inspector's breakpoint mappings should only be cleared when the
debugger agent is disabled or destroyed. We should only clear the
debugger's breakpoint state when the global object is cleared.

To make it clearer what state is being cleared, the two cases have
been split into separate methods.

* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::disable):
(Inspector::InspectorDebuggerAgent::clearInspectorBreakpointState):
(Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
(Inspector::InspectorDebuggerAgent::didClearGlobalObject):
* inspector/agents/InspectorDebuggerAgent.h:

Source/WebInspectorUI:

Fix some console asserts that fire when breakpoints resolve.

* UserInterface/Controllers/DebuggerManager.js:
(WebInspector.DebuggerManager.prototype.breakpointResolved):
This had a typo, it should be `breakpoint.identifier`.
(WebInspector.DebuggerManager.prototype.scriptDidParse):
Sometimes the `url` parameter is empty instead of null.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165093 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS][WebKit2] Exclude plug-in sandbox profiles from the build
aestes@apple.com [Wed, 5 Mar 2014 03:48:33 +0000 (03:48 +0000)]
[iOS][WebKit2] Exclude plug-in sandbox profiles from the build
https://bugs.webkit.org/show_bug.cgi?id=129719

Reviewed by Simon Fraser.

* Configurations/WebKit2.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165092 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoDon't clamp scrolling node offsets when the offset is changed by delegated scrolling
simon.fraser@apple.com [Wed, 5 Mar 2014 02:54:31 +0000 (02:54 +0000)]
Don't clamp scrolling node offsets when the offset is changed by delegated scrolling
https://bugs.webkit.org/show_bug.cgi?id=129724

Reviewed by Sam Weinig.

Call setScrollPositionWithoutContentEdgeConstraints() from
ScrollingTree::scrollPositionChangedViaDelegatedScrolling() so that
layers are not clamped during rubber-banding.

This requires making setScrollPositionWithoutContentEdgeConstraints()
a pure virtual function on the base class.

* page/scrolling/ScrollingTree.cpp:
(WebCore::ScrollingTree::scrollPositionChangedViaDelegatedScrolling):
* page/scrolling/ScrollingTreeScrollingNode.h:
* page/scrolling/ios/ScrollingTreeScrollingNodeIOS.h:
* page/scrolling/mac/ScrollingTreeScrollingNodeMac.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165091 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoStreamline JSValue::get().
akling@apple.com [Wed, 5 Mar 2014 02:35:18 +0000 (02:35 +0000)]
Streamline JSValue::get().
<https://webkit.org/b/129720>

Fetch each Structure and VM only once when walking the prototype chain
in JSObject::getPropertySlot(), then pass it along to the functions
we call from there, so they don't have to re-fetch it.

Reviewed by Geoff Garen.

* runtime/JSObject.h:
(JSC::JSObject::inlineGetOwnPropertySlot):
(JSC::JSObject::fastGetOwnPropertySlot):
(JSC::JSObject::getPropertySlot):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165090 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS][WK2] WKScrollView should be able to cancel touches in content view
benjamin@webkit.org [Wed, 5 Mar 2014 02:14:35 +0000 (02:14 +0000)]
[iOS][WK2] WKScrollView should be able to cancel touches in content view
https://bugs.webkit.org/show_bug.cgi?id=129711

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-03-04
Reviewed by Simon Fraser.

* UIProcess/ios/WKScrollView.mm:
We should not override UIWebScrollView behavior regarding touch cancellation otherwise we force
other gesture recognizers to fail if delayed touches have been dispatched.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165089 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS][WK2] Consider the entire view state on update to find if a change is stable...
benjamin@webkit.org [Wed, 5 Mar 2014 02:13:16 +0000 (02:13 +0000)]
[iOS][WK2] Consider the entire view state on update to find if a change is stable or not
https://bugs.webkit.org/show_bug.cgi?id=129721

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-03-04
Reviewed by Simon Fraser.

Changes in scroll, zoom and obscuredRect can happen simultaneously. To compute if the current state
is stable or not, we should consider the complete picture from all the type of updates.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _didFinishScrolling]):
(-[WKWebView scrollViewDidScroll:]):
(-[WKWebView scrollViewDidZoom:]):
(-[WKWebView scrollViewDidEndZooming:withView:atScale:]):
(-[WKWebView _frameOrBoundsChanged]):
(-[WKWebView _updateVisibleContentRects]):
(-[WKWebView _setObscuredInsets:]):
(-[WKWebView _endInteractiveObscuredInsetsChange]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165088 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWebVideoFullscreen, should make the hand off of the video layer explicit.
commit-queue@webkit.org [Wed, 5 Mar 2014 01:51:53 +0000 (01:51 +0000)]
WebVideoFullscreen, should make the hand off of the video layer explicit.
https://bugs.webkit.org/show_bug.cgi?id=128844

Patch by Jeremy Jones <jeremyj@apple.com> on 2014-03-04
Reviewed by Simon Fraser.

Source/WebCore:

This change introduces a more explicit hand-off of the video layer.
This describes the interactions between WebVideoFullscreenInterface and WebVideoFullscreenModel
WebVideoFullscreenModel <-> WebVideoFullscreenInterface
      enterFullScreen(*) ->
                        <- borrowVideoLayer
      willLendVideoLayer ->
       didLendVideoLayer ->
                        <- didEnterFullscreen
                        ...
                        <- requestExitFullscreen
          exitFullscreen ->
                        <- returnVideoLayer
                        <- didExitFullscreen
(*) enterFullScreen actually comes from WebVideoFullscreenControllerAVKit.

* WebCore.exp.in:
Export new functions in WebVideoFullscreenInterfaceAVKit, WebVideoFullscreenModelMediaElement, etc.

* platform/ios/WebVideoFullscreenControllerAVKit.mm:
Add WebVideoFullscreenControllerChangeObserver to forward fullscreen callbacks to WebVideoFullscreenController

(WebVideoFullscreenControllerChangeObserver::setTarget):
Sets obj-c target of fullscreen change callbacks.

(-[WebVideoFullscreenController init]):
Point _changeObserver's target at self.

(-[WebVideoFullscreenController dealloc]):
Clear _changeObserver's target.

(-[WebVideoFullscreenController enterFullscreen:]):
Retain self to prevent dealloc during animation or while fullscreen.
Connect _interface to _changeObserver.

(-[WebVideoFullscreenController exitFullscreen]):
Remove use of completion move cleanup to -didExitFullscreen.

(-[WebVideoFullscreenController didEnterFullscreen]):
Nothing to see here.

(-[WebVideoFullscreenController didExitFullscreen]):
Move clean up code that was in a completion to here.

* platform/ios/WebVideoFullscreenInterface.h:
Add delarations for more explicit hand-off of video layer.

* platform/ios/WebVideoFullscreenInterfaceAVKit.h:
Add WebVideoFullscreenChangeObserver to notify when fullscreen animations complete.
Add declarations for more explicit hand-off of video layer.
Add WebAVPlayerLayer now always wraps the m_videoLayer to prevent default behavior
of AVPlayerLayer.

(WebCore::WebVideoFullscreenChangeObserver::~WebVideoFullscreenChangeObserver):
Add empty virtual destructor.

* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
Include AVKit headers instead of declaring everything locally.
AVPlayerLayer protocol renamed to AVVideoLayer per AVKit.

(-[WebAVPlayerController dealloc]):
Don't refer to self.

(-[WebAVPlayerController playerViewController:shouldDismissWithReason:]):
Pause before requesting exit fullscreen.

(-[WebAVPlayerLayer setPlayerController:]):
This is required by AVVideoLayer, but we don't need it.

(WebVideoFullscreenInterfaceAVKit::playerController):
White space.

(WebVideoFullscreenInterfaceAVKit::setWebVideoFullscreenChangeObserver):
Set observer to forward fullscreen changes to.

(WebVideoFullscreenInterfaceAVKit::enterFullscreen):
Use more explicit video layer hand-off.

(WebVideoFullscreenInterfaceAVKit::doEnterFullscreen):
Move enterFullscreen logic here.
AVPlayerViewController now takes the video layer at init time.
Always provide a video layer wrapped in a WebAVPlayerLayer.

(WebVideoFullscreenInterfaceAVKit::willLendVideoLayer):
Use more explicit video layer hand-off.

(WebVideoFullscreenInterfaceAVKit::didLendVideoLayer):
Use more explicit video layer hand-off.

(WebVideoFullscreenInterfaceAVKit::exitFullscreen):
Use more explicit video layer hand-off.

* platform/ios/WebVideoFullscreenModel.h:
Add functions for more explicit video layer hand-off.

* platform/ios/WebVideoFullscreenModelMediaElement.h:
Mark virtual functions as virtual.
Add changes for WebVideoFullscreenModel.

* platform/ios/WebVideoFullscreenModelMediaElement.mm:
Use more explicit video layer hand-off.

(WebVideoFullscreenModelMediaElement::setMediaElement):
Don't push the video layer. Wait for a request for it.

(WebVideoFullscreenModelMediaElement::handleEvent):
Make sure m_videoFullscreenInterface is valid.

(WebVideoFullscreenModelMediaElement::borrowVideoLayer):
Use more explicit video layer hand-off.
Lend videoLayer in request to a request to borrow the videoLayer.
Make sure to retain the video layer before it is removed from the layer tree.

(WebVideoFullscreenModelMediaElement::returnVideoLayer):
Use more explicit video layer hand-off.

(WebVideoFullscreenModelMediaElement::requestExitFullscreen):
Don't clear the mediaElement reference until completely exited from fullscreen.

Source/WebKit2:

This change introduces a more explicit hand-off of the video layer and fullscreen transition.
This describes the interactions between WebVideoFullscreenInterface and WebVideoFullscreenModel
WebVideoFullscreenModel <-> WebVideoFullscreenInterface
      enterFullScreen(*) ->
                        <- borrowVideoLayer
      willLendVideoLayer ->
       didLendVideoLayer ->
                        <- didEnterFullscreen
                        ...
                        <- requestExitFullscreen
          exitFullscreen ->
                        <- returnVideoLayer
                        <- didExitFullscreen
(*) enterFullScreen actually comes from WebVideoFullscreenControllerAVKit.

* UIProcess/ios/WebVideoFullscreenManagerProxy.h:
Implement WebVideoFullscreenChangeObserver.
Add support for explicit video layer hand-off.
Add m_videoView to retain the videoLayer's UIView.

* UIProcess/ios/WebVideoFullscreenManagerProxy.messages.in:
WillLendVideoLayerWithID replaces SetVideoLayerID

* UIProcess/ios/WebVideoFullscreenManagerProxy.mm:
Adopt new methods for explicit video layer hand-off.

(WebKit::WebVideoFullscreenManagerProxy::WebVideoFullscreenManagerProxy):
Observe fullscreen changes.

(WebKit::WebVideoFullscreenManagerProxy::didCommitLayerTree):
Pending fullscreen transition now does didLendVideoLayer instead of calling enter fullscreen.
It also removes the videoView from it's super view now that it is safe to do so.

(WebKit::WebVideoFullscreenManagerProxy::willLendVideoLayerWithID):
This replaces setVideoLayerID. It retains the UIView for the layer to keep it alive before it is unparented.

(WebKit::WebVideoFullscreenManagerProxy::requestExitFullscreen):
Adopt more explicit fullscreen transition.

(WebKit::WebVideoFullscreenManagerProxy::didExitFullscreen):
Adopt more explicit fullscreen transition.

(WebKit::WebVideoFullscreenManagerProxy::didEnterFullscreen):
Adopt more explicit fullscreen transition.

(WebKit::WebVideoFullscreenManagerProxy::borrowVideoLayer):
Adopt more explicit video layer hand-off.

(WebKit::WebVideoFullscreenManagerProxy::returnVideoLayer):
Adopt more explicit video layer hand-off.

* WebProcess/ios/WebVideoFullscreenManager.cpp:
Manage state of fullscreen transition more competently. Wait till an animation is complete to begin the next one.

(WebKit::WebVideoFullscreenManager::WebVideoFullscreenManager):
Init three new state members.

(WebKit::WebVideoFullscreenManager::enterFullscreenForNode):
Update animation state. Don't procede if animation is in progress.

(WebKit::WebVideoFullscreenManager::exitFullscreenForNode):
Update animation state. Don't procede if animation is in progress.

(WebKit::WebVideoFullscreenManager::willLendVideoLayer):
Adopt more explicit video layer hand-off.
This replaces SetVideoLayer.

(WebKit::WebVideoFullscreenManager::didLendVideoLayer):
This is a no-op as this will be sent through a RemoteLayerTreeTransaction.

(WebKit::WebVideoFullscreenManager::didEnterFullscreen):
Adopt more explicit fullscreen transition.

(WebKit::WebVideoFullscreenManager::didExitFullscreen):
Adopt more explicit fullscreen transition.

* WebProcess/ios/WebVideoFullscreenManager.h:
Adopt more explicit fullscreen transition.

* WebProcess/ios/WebVideoFullscreenManager.messages.in:
Adopt more explicit fullscreen/video layer transition.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165087 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSource/WebCore: Get position:fixed working slightly better on iOS
simon.fraser@apple.com [Wed, 5 Mar 2014 01:24:05 +0000 (01:24 +0000)]
Source/WebCore: Get position:fixed working slightly better on iOS
https://bugs.webkit.org/show_bug.cgi?id=129714

Reviewed by Benjamin Poulain.

Send the scroll position as a FloatPoint, rather than an IntPoint.

* WebCore.exp.in:
* page/scrolling/ScrollingTree.cpp:
(WebCore::ScrollingTree::scrollPositionChangedViaDelegatedScrolling):
* page/scrolling/ScrollingTree.h:

Source/WebKit2: Get position:fixed working slightly better on iOS WK2
https://bugs.webkit.org/show_bug.cgi?id=129714

Reviewed by Benjamin Poulain.

Start telling the RemoteScrollingCoordinatorProxy about scroll position changes
again, so it can update fixed and sticky layers.

Send the scroll position as a FloatPoint, rather than an IntPoint.

* UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.cpp:
(WebKit::RemoteScrollingCoordinatorProxy::scrollPositionChangedViaDelegatedScrolling):
(WebKit::RemoteScrollingCoordinatorProxy::scrollPositionChanged):
* UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.h:
* UIProcess/WebPageProxy.h:
* UIProcess/ios/WKContentView.mm:
(-[WKContentView didUpdateVisibleRect:unobscuredRect:scale:inStableState:]):
Tell the RemoteScrollingCoordinatorProxy about the scroll update.
Only update the customFixedPositionRect if we've finished scrolling or zooming.
* UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::updateVisibleContentRects): Return a bool indicating
whether the visible rects changed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165086 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoDFG and FTL should specialize for and support CompareStrictEq over Misc (i.e. boolean...
fpizlo@apple.com [Wed, 5 Mar 2014 01:03:55 +0000 (01:03 +0000)]
DFG and FTL should specialize for and support CompareStrictEq over Misc (i.e. boolean, undefined, or null)
https://bugs.webkit.org/show_bug.cgi?id=129563

Source/JavaScriptCore:

Reviewed by Geoffrey Garen.

This adds a specialization of CompareStrictEq over Misc. I noticed the need for this
when I saw that we didn't support CompareStrictEq(Untyped) in FTL but that the main
user of this was EarleyBoyer, and in that benchmark what it was really doing was
comparing undefined, null, and booleans to each other.

This also adds support for miscellaneous things that I needed to make my various test
cases work. This includes comparison over booleans and the various Throw-related node
types.

This also improves constant folding of CompareStrictEq and CompareEq.

Also found a bug where we were claiming that GetByVals on typed arrays are OutOfBounds
based on profiling, which caused some downstream badness. We don't actually support
compiling OutOfBounds GetByVals on typed arrays. The DFG would ignore the flag and just
emit a bounds check, but in the FTL path, the SSA lowering phase would assume that it
shouldn't factor out the bounds check since the access is not InBounds but then the
backend would ignore the flag and assume that the bounds check was already emitted.
This showed up on an existing test but I added a test for this explicitly to have more
certain coverage. The fix is to not mark something as OutOfBounds if the semantics are
that we'll have a bounds check anyway.

This is a 1% speed-up on Octane mostly because of raytrace, but also because of just
general progressions across the board. No speed-up yet on EarleyBoyer, since there is
still a lot more coverage work to be done there.

* bytecode/SpeculatedType.cpp:
(JSC::speculationToAbbreviatedString):
(JSC::leastUpperBoundOfStrictlyEquivalentSpeculations):
(JSC::valuesCouldBeEqual):
* bytecode/SpeculatedType.h:
(JSC::isMiscSpeculation):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::shouldSpeculateMisc):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::SafeToExecuteEdge::operator()):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileStrictEq):
(JSC::DFG::SpeculativeJIT::speculateMisc):
(JSC::DFG::SpeculativeJIT::speculate):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileMiscStrictEq):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileMiscStrictEq):
* dfg/DFGUseKind.cpp:
(WTF::printInternal):
* dfg/DFGUseKind.h:
(JSC::DFG::typeFilterFor):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileCompareEq):
(JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
(JSC::FTL::LowerDFGToLLVM::compileThrow):
(JSC::FTL::LowerDFGToLLVM::isNotMisc):
(JSC::FTL::LowerDFGToLLVM::isMisc):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::speculateMisc):
* tests/stress/float32-array-out-of-bounds.js: Added.
* tests/stress/weird-equality-folding-cases.js: Added.

LayoutTests:

Reviewed by Geoffrey Garen.

* js/regress/fold-strict-eq-expected.txt: Added.
* js/regress/fold-strict-eq.html: Added.
* js/regress/misc-strict-eq-expected.txt: Added.
* js/regress/misc-strict-eq.html: Added.
* js/regress/script-tests/fold-strict-eq.js: Added.
(foo):
(test):
* js/regress/script-tests/misc-strict-eq.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165085 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoFixed Windows build without MEDIA_CONTROLS_SCRIPT enabled.
commit-queue@webkit.org [Wed, 5 Mar 2014 00:33:54 +0000 (00:33 +0000)]
Fixed Windows build without MEDIA_CONTROLS_SCRIPT enabled.
https://bugs.webkit.org/show_bug.cgi?id=129701

Patch by Alex Christensen <achristensen@webkit.org> on 2014-03-04
Reviewed by Jer Noble.

* WebCore.vcxproj/WebCore.vcxproj:
* DerivedSources.cpp:
Moved UserAgentScriptsData.cpp to DerivedSources.cpp to only be built if MEDIA_CONTROLS_SCRIPT is enabled.
* DerivedSources.make:
Only generate UserAgentScripts.cpp/h when USER_AGENT_SCRIPTS is non-empty.
* rendering/RenderThemeWin.cpp:
Only include UserAgentScripts.h when MEDIA_CONTROLS_SCRIPT is enabled.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165084 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWKPage's pageExtendedBackgroundColor API exposed through WKView/WKWebView should...
commit-queue@webkit.org [Wed, 5 Mar 2014 00:26:54 +0000 (00:26 +0000)]
WKPage's pageExtendedBackgroundColor API exposed through WKView/WKWebView should support NSColor
https://bugs.webkit.org/show_bug.cgi?id=129704

Patch by Conrad Shultz <conrad_shultz@apple.com> on 2014-03-04
Reviewed by Beth Dakin.

Add NSColor-returning methods to complement the existing UIColor-returning methods.

* UIProcess/API/Cocoa/WKViewPrivate.h:
Declare _pageExtendedBackgroundColor for non-TARGET_OS_IPHONE.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _pageExtendedBackgroundColor]):
Return an NSColor created from the pageExtendedBackgroundColor.

* UIProcess/API/Cocoa/WKWebViewPrivate.h:
Declare _pageExtendedBackgroundColor for non-TARGET_OS_IPHONE.

* UIProcess/API/mac/WKView.mm:
(-[WKView _pageExtendedBackgroundColor]):
Return an NSColor created from the pageExtendedBackgroundColor.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165083 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Give WebProcess private RWI entitlement
commit-queue@webkit.org [Wed, 5 Mar 2014 00:07:38 +0000 (00:07 +0000)]
Web Inspector: Give WebProcess private RWI entitlement
https://bugs.webkit.org/show_bug.cgi?id=129710

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-03-04
Reviewed by Timothy Hatcher.

* Configurations/WebContent-iOS.entitlements:
Add entitlements to "WebProcess" when code signing.

* Configurations/WebContentProcess.xcconfig:
Add the private RWI entitlement.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165082 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS WebKit2]: Next/Prev button in the accessory bar do not work.
enrica@apple.com [Tue, 4 Mar 2014 22:52:56 +0000 (22:52 +0000)]
[iOS WebKit2]: Next/Prev button in the accessory bar do not work.
https://bugs.webkit.org/show_bug.cgi?id=129690
<rdar://problem/16073569>

Reviewed by Simon Fraser.

Adding support for Next and Previous buttons in the accessory bar.
When the request is processed by the WebProcess, we identify the next
focusable node that needs to be assisted and we call focus() on the element
letting the focus changing machinery take care of updating the assisted node.
This change also add support for the Clear button, when appropriate and hooks up
the call to the WebProcess.

* UIProcess/WebPageProxy.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView accessoryTab:]):
(-[WKContentView accessoryClear]):
(-[WKContentView _updateAccessory]):
* UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::focusNextAssistedNode):
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/WebPage.messages.in:
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::nextFocusableElement):
(WebKit::hasFocusableElement):
(WebKit::WebPage::focusNextAssistedNode):
(WebKit::WebPage::getAssistedNodeInformation):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165081 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAllow iOS DumpRenderTree crashes to show application-specific information
simon.fraser@apple.com [Tue, 4 Mar 2014 22:48:30 +0000 (22:48 +0000)]
Allow iOS DumpRenderTree crashes to show application-specific information
https://bugs.webkit.org/show_bug.cgi?id=129705

Source/WebCore:

Reviewed by David Kilzer.

Make the WKSI function SetCrashReportApplicationSpecificInformation available
in iOS simulator builds.

* WebCore.exp.in:
* platform/ios/WebCoreSystemInterfaceIOS.mm:
* platform/mac/WebCoreSystemInterface.h:

Source/WebKit/mac:

Reviewed by David Kilzer.

Make the WKSI function SetCrashReportApplicationSpecificInformation available
in iOS simulator builds.

* WebCoreSupport/WebSystemInterface.mm:
(InitWebCoreSystemInterface):

Source/WebKit2:

Reviewed by David Kilzer.

Make the WKSI function SetCrashReportApplicationSpecificInformation available
in iOS simulator builds.

* WebProcess/WebCoreSupport/mac/WebSystemInterface.mm:
(InitWebCoreSystemInterface):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165080 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSpam static branch prediction hints on JS bindings.
akling@apple.com [Tue, 4 Mar 2014 22:42:53 +0000 (22:42 +0000)]
Spam static branch prediction hints on JS bindings.
<https://webkit.org/b/129703>

Source/JavaScriptCore:

Add LIKELY hint to jsDynamicCast since it's always used in a context
where we expect it to succeed and takes an error path when it doesn't.

Reviewed by Geoff Garen.

* runtime/JSCell.h:
(JSC::jsDynamicCast):

Source/WebCore:

Add UNLIKELY hints to all !castedThis and exec->hadException() paths
in the JS bindings since they are almost always going to get skipped.

Reviewed by Geoff Garen.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
(GenerateParametersCheck):
(GenerateImplementationFunctionCall):
(GenerateConstructorDefinition):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165079 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoGet to Structures more efficiently in JSCell::methodTable().
akling@apple.com [Tue, 4 Mar 2014 22:40:50 +0000 (22:40 +0000)]
Get to Structures more efficiently in JSCell::methodTable().
<https://webkit.org/b/129702>

In JSCell::methodTable(), get the VM once and pass that along to
structure(VM&) instead of using the heavier structure().

In JSCell::methodTable(VM&), replace calls to structure() with
calls to structure(VM&).

Reviewed by Mark Hahnenberg.

* runtime/JSCellInlines.h:
(JSC::JSCell::methodTable):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165078 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoRemove unused StdDeviation from Gaussian Blur effect
cavalcantii@gmail.com [Tue, 4 Mar 2014 22:40:46 +0000 (22:40 +0000)]
Remove unused StdDeviation from Gaussian Blur effect
https://bugs.webkit.org/show_bug.cgi?id=129693

Reviewed by Simon Fraser.

No new tests, no change on behavior.

* platform/graphics/filters/FEGaussianBlur.cpp:
* platform/graphics/filters/FEGaussianBlur.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165077 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAdd a Document::updateStyleIfNeededForNode(Node&).
akling@apple.com [Tue, 4 Mar 2014 22:23:13 +0000 (22:23 +0000)]
Add a Document::updateStyleIfNeededForNode(Node&).
<https://webkit.org/b/129689>

Generalize the mechanism that computed style uses to avoid doing full
style updates when the node we're interested in isn't actually dirty.

Reviewed by Antti Koivisto.

* css/CSSComputedStyleDeclaration.cpp:
(WebCore::ComputedStyleExtractor::propertyValue):
* dom/Document.cpp:
(WebCore::nodeOrItsAncestorNeedsStyleRecalc):
(WebCore::Document::updateStyleIfNeededForNode):
* dom/Document.h:
* editing/htmlediting.cpp:
(WebCore::isEditablePosition):
* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::defaultEventHandler):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165076 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Listen for the XPC_ERROR_CONNECTION_INVALID event to deref
commit-queue@webkit.org [Tue, 4 Mar 2014 22:15:16 +0000 (22:15 +0000)]
Web Inspector: Listen for the XPC_ERROR_CONNECTION_INVALID event to deref
https://bugs.webkit.org/show_bug.cgi?id=129697

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-03-04
Reviewed by Timothy Hatcher.

* inspector/remote/RemoteInspectorXPCConnection.mm:
(Inspector::RemoteInspectorXPCConnection::RemoteInspectorXPCConnection):
(Inspector::RemoteInspectorXPCConnection::handleEvent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165075 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMerge API shims and JSLock
mhahnenberg@apple.com [Tue, 4 Mar 2014 21:38:05 +0000 (21:38 +0000)]
Merge API shims and JSLock
https://bugs.webkit.org/show_bug.cgi?id=129650

Reviewed by Mark Lam.

Source/JavaScriptCore:

JSLock is now taking on all of APIEntryShim's responsibilities since there is never a reason
to take just the JSLock. Ditto for DropAllLocks and APICallbackShim.

* API/APICallbackFunction.h:
(JSC::APICallbackFunction::call):
(JSC::APICallbackFunction::construct):
* API/APIShims.h: Removed.
* API/JSBase.cpp:
(JSEvaluateScript):
(JSCheckScriptSyntax):
(JSGarbageCollect):
(JSReportExtraMemoryCost):
(JSSynchronousGarbageCollectForDebugging):
* API/JSCallbackConstructor.cpp:
* API/JSCallbackFunction.cpp:
* API/JSCallbackObjectFunctions.h:
(JSC::JSCallbackObject<Parent>::init):
(JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
(JSC::JSCallbackObject<Parent>::put):
(JSC::JSCallbackObject<Parent>::putByIndex):
(JSC::JSCallbackObject<Parent>::deleteProperty):
(JSC::JSCallbackObject<Parent>::construct):
(JSC::JSCallbackObject<Parent>::customHasInstance):
(JSC::JSCallbackObject<Parent>::call):
(JSC::JSCallbackObject<Parent>::getOwnNonIndexPropertyNames):
(JSC::JSCallbackObject<Parent>::getStaticValue):
(JSC::JSCallbackObject<Parent>::callbackGetter):
* API/JSContext.mm:
(-[JSContext setException:]):
(-[JSContext wrapperForObjCObject:]):
(-[JSContext wrapperForJSObject:]):
* API/JSContextRef.cpp:
(JSContextGroupRelease):
(JSContextGroupSetExecutionTimeLimit):
(JSContextGroupClearExecutionTimeLimit):
(JSGlobalContextCreateInGroup):
(JSGlobalContextRetain):
(JSGlobalContextRelease):
(JSContextGetGlobalObject):
(JSContextGetGlobalContext):
(JSGlobalContextCopyName):
(JSGlobalContextSetName):
* API/JSManagedValue.mm:
(-[JSManagedValue value]):
* API/JSObjectRef.cpp:
(JSObjectMake):
(JSObjectMakeFunctionWithCallback):
(JSObjectMakeConstructor):
(JSObjectMakeFunction):
(JSObjectMakeArray):
(JSObjectMakeDate):
(JSObjectMakeError):
(JSObjectMakeRegExp):
(JSObjectGetPrototype):
(JSObjectSetPrototype):
(JSObjectHasProperty):
(JSObjectGetProperty):
(JSObjectSetProperty):
(JSObjectGetPropertyAtIndex):
(JSObjectSetPropertyAtIndex):
(JSObjectDeleteProperty):
(JSObjectGetPrivateProperty):
(JSObjectSetPrivateProperty):
(JSObjectDeletePrivateProperty):
(JSObjectIsFunction):
(JSObjectCallAsFunction):
(JSObjectCallAsConstructor):
(JSObjectCopyPropertyNames):
(JSPropertyNameArrayRelease):
(JSPropertyNameAccumulatorAddName):
* API/JSScriptRef.cpp:
* API/JSValue.mm:
(isDate):
(isArray):
(containerValueToObject):
(valueToArray):
(valueToDictionary):
(objectToValue):
* API/JSValueRef.cpp:
(JSValueGetType):
(JSValueIsUndefined):
(JSValueIsNull):
(JSValueIsBoolean):
(JSValueIsNumber):
(JSValueIsString):
(JSValueIsObject):
(JSValueIsObjectOfClass):
(JSValueIsEqual):
(JSValueIsStrictEqual):
(JSValueIsInstanceOfConstructor):
(JSValueMakeUndefined):
(JSValueMakeNull):
(JSValueMakeBoolean):
(JSValueMakeNumber):
(JSValueMakeString):
(JSValueMakeFromJSONString):
(JSValueCreateJSONString):
(JSValueToBoolean):
(JSValueToNumber):
(JSValueToStringCopy):
(JSValueToObject):
(JSValueProtect):
(JSValueUnprotect):
* API/JSVirtualMachine.mm:
(-[JSVirtualMachine addManagedReference:withOwner:]):
(-[JSVirtualMachine removeManagedReference:withOwner:]):
* API/JSWeakObjectMapRefPrivate.cpp:
* API/JSWrapperMap.mm:
(constructorHasInstance):
(makeWrapper):
(tryUnwrapObjcObject):
* API/ObjCCallbackFunction.mm:
(JSC::objCCallbackFunctionCallAsFunction):
(JSC::objCCallbackFunctionCallAsConstructor):
(objCCallbackFunctionForInvocation):
* CMakeLists.txt:
* ForwardingHeaders/JavaScriptCore/APIShims.h: Removed.
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGWorklist.cpp:
* heap/DelayedReleaseScope.h:
(JSC::DelayedReleaseScope::~DelayedReleaseScope):
* heap/HeapTimer.cpp:
(JSC::HeapTimer::timerDidFire):
(JSC::HeapTimer::timerEvent):
* heap/IncrementalSweeper.cpp:
* inspector/InjectedScriptModule.cpp:
(Inspector::InjectedScriptModule::ensureInjected):
* jsc.cpp:
(jscmain):
* runtime/GCActivityCallback.cpp:
(JSC::DefaultGCActivityCallback::doWork):
* runtime/JSGlobalObjectDebuggable.cpp:
(JSC::JSGlobalObjectDebuggable::connect):
(JSC::JSGlobalObjectDebuggable::disconnect):
(JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemoteFrontend):
* runtime/JSLock.cpp:
(JSC::JSLock::lock):
(JSC::JSLock::didAcquireLock):
(JSC::JSLock::unlock):
(JSC::JSLock::willReleaseLock):
(JSC::JSLock::DropAllLocks::DropAllLocks):
(JSC::JSLock::DropAllLocks::~DropAllLocks):
* runtime/JSLock.h:
* testRegExp.cpp:
(realMain):

Source/WebCore:

No new tests.

JSLock is now taking on all of APIEntryShim's responsibilities since there is never a reason
to take just the JSLock. Ditto for DropAllLocks and APICallbackShim.

* bindings/js/DOMRequestState.h:
(WebCore::DOMRequestState::Scope::Scope):
* bindings/js/JSDOMPromise.h:
(WebCore::DeferredWrapper::resolve):
(WebCore::DeferredWrapper::reject):
(WebCore::DeferredWrapper::resolve<String>):
(WebCore::DeferredWrapper::resolve<bool>):
(WebCore::char>>):
(WebCore::DeferredWrapper::reject<String>):
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::evaluateInWorld):
* bindings/js/SerializedScriptValue.cpp:
(WebCore::SerializedScriptValue::create):
(WebCore::SerializedScriptValue::deserialize):

Source/WebKit/mac:

JSLock is now taking on all of APIEntryShim's responsibilities since there is never a reason
to take just the JSLock. Ditto for DropAllLocks and APICallbackShim.

* WebView/WebFrame.mm:
(-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):

Source/WebKit2:

JSLock is now taking on all of APIEntryShim's responsibilities since there is never a reason
to take just the JSLock. Ditto for DropAllLocks and APICallbackShim.

* DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.cpp:
(WebKit::UniqueIDBDatabaseBackingStoreSQLite::~UniqueIDBDatabaseBackingStoreSQLite):
(WebKit::UniqueIDBDatabaseBackingStoreSQLite::createIndex):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165074 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed, rolling out r164812.
commit-queue@webkit.org [Tue, 4 Mar 2014 21:30:59 +0000 (21:30 +0000)]
Unreviewed, rolling out r164812.
http://trac.webkit.org/changeset/164812
https://bugs.webkit.org/show_bug.cgi?id=129699

it made things run slower (Requested by pizlo on #webkit).

* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
* jsc.cpp:
(GlobalObject::finishCreation):
* runtime/BatchedTransitionOptimizer.h:
(JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
(JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165073 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoGetMyArgumentByVal in FTL
fpizlo@apple.com [Tue, 4 Mar 2014 21:27:37 +0000 (21:27 +0000)]
GetMyArgumentByVal in FTL
https://bugs.webkit.org/show_bug.cgi?id=128850

Reviewed by Oliver Hunt.

This would have been easy if the OSR exit compiler's arity checks hadn't been wrong.
They checked arity by doing "exec->argumentCount == codeBlock->numParameters", which
caused it to think that the arity check had failed if the caller had passed more
arguments than needed. This would cause the call frame copying to sort of go into
reverse (because the amount-by-which-we-failed-arity would have opposite sign,
throwing off a bunch of math) and the stack would end up being corrupted.

The bug was revealed by two existing tests although as far as I could tell, neither
test was intending to cover this case directly. So, I added a new test.

* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength):
(JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentByVal):
(JSC::FTL::LowerDFGToLLVM::compileCheckArgumentsNotCreated):
(JSC::FTL::LowerDFGToLLVM::checkArgumentsNotCreated):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
* ftl/FTLState.h:
* tests/stress/exit-from-ftl-when-caller-passed-extra-args-then-use-function-dot-arguments.js: Added.
* tests/stress/ftl-get-my-argument-by-val-inlined-and-not-inlined.js: Added.
* tests/stress/ftl-get-my-argument-by-val-inlined.js: Added.
* tests/stress/ftl-get-my-argument-by-val.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165072 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoREGRESSION: Overlay scrollbars that have grown are sometimes askew in the track
bdakin@apple.com [Tue, 4 Mar 2014 20:22:03 +0000 (20:22 +0000)]
REGRESSION: Overlay scrollbars that have grown are sometimes askew in the track
https://bugs.webkit.org/show_bug.cgi?id=129691
-and corresponding-
<rdar://problem/15666846>

Reviewed by Simon Fraser.

This regression started happening after we adopted the setPresentationValue
ScrollbarPainter API which allows us to update the position of the scrollbar knob
from our secondary scrolling thread. The bug occurs when the scrollbar grows while
it still thinks it is in presentation-value mode. Whenever the scrollbar grows, it
should be in non-presentation value mode.

If the wheel event has ended or been cancelled, we can switch out of presentation
value mode.
* page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
(WebCore::ScrollingTreeScrollingNodeMac::handleWheelEvent):

Sometimes we will grow the scrollbar before we have received a wheel event with
the end or cancelled phase, and so automatically switch out of presentation-value
mode whenever we start one of these animations.
* platform/mac/ScrollAnimatorMac.mm:
(-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165069 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMove Source/WebCore/html/track/ code to std::unique_ptr
zandobersek@gmail.com [Tue, 4 Mar 2014 20:15:38 +0000 (20:15 +0000)]
Move Source/WebCore/html/track/ code to std::unique_ptr
https://bugs.webkit.org/show_bug.cgi?id=129666

Reviewed by Eric Carlson.

Replace uses of OwnPtr and PassOwnPtr in code under Source/WebCore/html/track/ with std::unique_ptr.

* html/track/AudioTrack.h:
* html/track/InbandWebVTTTextTrack.cpp:
(WebCore::InbandWebVTTTextTrack::parseWebVTTCueData):
* html/track/InbandWebVTTTextTrack.h:
* html/track/LoadableTextTrack.cpp:
(WebCore::LoadableTextTrack::loadTimerFired):
(WebCore::LoadableTextTrack::newCuesAvailable):
(WebCore::LoadableTextTrack::cueLoadingCompleted):
(WebCore::LoadableTextTrack::newRegionsAvailable):
* html/track/LoadableTextTrack.h:
* html/track/TextTrack.h:
* html/track/TextTrackCue.h:
* html/track/TextTrackRegion.h:
* html/track/VTTCue.cpp:
(WebCore::VTTCue::createWebVTTNodeTree):
(WebCore::VTTCue::markFutureAndPastNodes):
* html/track/VTTCue.h:
* html/track/VideoTrack.h:
* html/track/WebVTTParser.cpp:
(WebCore::WebVTTParser::WebVTTParser):
* html/track/WebVTTParser.h:
* html/track/WebVTTTokenizer.h:
* loader/TextTrackLoader.cpp:
(WebCore::TextTrackLoader::processNewCueData):
* loader/TextTrackLoader.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165068 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] Build the Udis86 disassembler
zandobersek@gmail.com [Tue, 4 Mar 2014 20:12:01 +0000 (20:12 +0000)]
[GTK] Build the Udis86 disassembler
https://bugs.webkit.org/show_bug.cgi?id=129679

Reviewed by Michael Saboff.

.:

* GNUmakefile.am: Add the Udis86_nosources variable.
* Source/cmake/OptionsGTK.cmake: Enable the Udis86 disassembler.

Source/JavaScriptCore:

* GNUmakefile.am: Generate the Udis86-related derived sources. Distribute the required files.
* GNUmakefile.list.am: Add the Udis86 disassembler files to the build.

Source/WTF:

* wtf/Platform.h: Also enable the Udis86 disassembler for the GTK port on Linux.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165067 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoFix too-narrow assertion I added in r165054.
akling@apple.com [Tue, 4 Mar 2014 19:56:01 +0000 (19:56 +0000)]
Fix too-narrow assertion I added in r165054.

It's okay for a 1-character string to come in here. This will happen
if the VM small string optimization doesn't apply (ch > 0xFF)

* runtime/JSString.h:
(JSC::jsStringWithWeakOwner):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165066 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSubpixel rendering: Make border-radius painting device pixel aware.
zalan@apple.com [Tue, 4 Mar 2014 19:53:26 +0000 (19:53 +0000)]
Subpixel rendering: Make border-radius painting device pixel aware.
https://bugs.webkit.org/show_bug.cgi?id=129558

Reviewed by Simon Fraser.

Snap rounded rects to device pixels right before passing them to GraphicsContext.

* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::clipRoundedInnerRect):
(WebCore::RenderBoxModelObject::paintFillLayerExtended):
(WebCore::RenderBoxModelObject::paintBorder):
* rendering/RenderBoxModelObject.h:
* rendering/RenderReplaced.cpp:
(WebCore::RenderReplaced::paint):
* rendering/RenderWidget.cpp:
(WebCore::RenderWidget::paint):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@165065 268f45cc-cd09-0410-ab3c-d52691b4dbfc