regExpProtoFuncSplitFast should OOM before it swaps
https://bugs.webkit.org/show_bug.cgi?id=158157

Reviewed by Mark Lam.

This is a huge speed-up on some jsfunfuzz test cases because it makes us realize much
sooner that running a regexp split will result in swapping. It uses the same basic
approach as http://trac.webkit.org/changeset/201451: if the result array crosses a certain
size threshold, we proceed with a dry run to see how big the array will get before
allocating anything else. This way, bogus uses of split that would have OOMed only after
killing the user's machine will now OOM before killing the user's machine.

This is an enormous speed-up on some jsfunfuzz tests: they go from running for a long
time to running instantly.

* runtime/RegExpPrototype.cpp:
(JSC::advanceStringIndex):
(JSC::genericSplit):
(JSC::regExpProtoFuncSplitFast):
* runtime/StringObject.h:
(JSC::jsStringWithReuse):
(JSC::jsSubstring):
* tests/stress/big-split-captures.js: Added.
* tests/stress/big-split.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201467 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Document abandons its EventTargetData.
<https://webkit.org/b/158158>

Reviewed by Darin Adler.

Node::willBeDeletedFrom() is called when destroying all Node types *except* Document.
If a Document had an associated EventTargetData, it would not get cleaned up.

This patch moves the EventTargetData cleanup to ~Node() where it's guaranteed to run.

* dom/Node.cpp:
(WebCore::Node::~Node):
(WebCore::Node::willBeDeletedFrom):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201466 268f45cc-cd09-0410-ab3c-d52691b4dbfc

ShadowChicken/DebuggerCallFrame don't properly handle when the entry stack frame is a tail deleted frame
https://bugs.webkit.org/show_bug.cgi?id=158131

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

There were bugs both in DebuggerCallFrame and ShadowChicken when the entry stack
frame(s) are tail deleted.

DebuggerCallFrame had an assertion saying that the entry frame shouldn't be
tail deleted. This is clearly wrong. The following program proves that this assertion
was misguided:
```
"use strict";
setTimeout(function foo() { return bar(); }, 0);
```

ShadowChicken had a very subtle bug when creating the shadow stack when
the entry frames of the stack were tail deleted. Because it places frames into its shadow
stack by walking the machine frame and looking up entries in the log,
the machine frame doesn't have any notion of those tail deleted frames
at the entry of execution. ShadowChicken would never find those frames
because it would look for tail deleted frames *before* consulting the
current machine frame. This is wrong because if the entry frames
are tail deleted, then there is no machine frame for them because there
is no machine frame before them! Therefore, we must search for tail deleted
frames *after* consulting a machine frame. This is sound because we will always
have at least one machine frame on the stack (when we are using StackVisitor on a valid ExecState).
So when we consult the machine frame that is the entry frame on the machine stack,
we will search for tail deleted frames that come before it in the shadow stack.
This will allow us to find those tail deleted frames that are the entry frames
for the shadow stack.

* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::create):
* interpreter/ShadowChicken.cpp:
(JSC::ShadowChicken::Packet::dump):
(JSC::ShadowChicken::update):
(JSC::ShadowChicken::dump):

LayoutTests:

* inspector/debugger/resources/tail-deleted-frames-from-vm-entry.js: Added.
(timeout):
(bar):
* inspector/debugger/tail-deleted-frames-from-vm-entry-expected.txt: Added.
* inspector/debugger/tail-deleted-frames-from-vm-entry.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201465 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WorkQueue::dispatch() / RunLoop::dispatch() should not copy captured lambda variables
https://bugs.webkit.org/show_bug.cgi?id=158111

Reviewed by Darin Adler.

WorkQueue::dispatch() / RunLoop::dispatch() should not copy captured lambda variables.
These are often used cross-thread and copying the captured lambda variables can be
dangerous (e.g. we do not want to copy a String after calling isolatedCopy() upon
capture).

Source/JavaScriptCore:

* runtime/Watchdog.cpp:
(JSC::Watchdog::startTimer):
(JSC::Watchdog::Watchdog): Deleted.
(JSC::Watchdog::setTimeLimit): Deleted.
* runtime/Watchdog.h:

Source/WebKit2:

* NetworkProcess/NetworkProcess.cpp:
(WebKit::clearDiskCacheEntries):
* NetworkProcess/cache/NetworkCache.cpp:
(WebKit::NetworkCache::Cache::clear):
* NetworkProcess/cache/NetworkCacheIOChannelSoup.cpp:
(WebKit::NetworkCache::runTaskInQueue):
* Platform/IPC/Connection.cpp:
(IPC::Connection::processIncomingMessage):
* UIProcess/Storage/StorageManager.cpp:
(WebKit::StorageManager::getSessionStorageOrigins):
(WebKit::StorageManager::deleteSessionStorageOrigins):
(WebKit::StorageManager::deleteSessionStorageEntriesForOrigins):
(WebKit::StorageManager::getLocalStorageOrigins):
(WebKit::StorageManager::getLocalStorageOriginDetails):
(WebKit::StorageManager::deleteLocalStorageOriginsModifiedSince):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):
* UIProcess/Storage/StorageManager.h:

Source/WTF:

This patch introduces a new NoncopyableFunction type that behaves similarly to
std::function but guarantees that the passed-in lambda (and its captured variables)
cannot be copied. This new NoncopyableFunction type is now used for
WorkQueue / RunLoop's dispatch() / dispatchAfter() which are commonly used
cross-thread. This should now allow us to call WorkQueue::dispatch() with a lambda
that captures a String like so:
[str = str.isolatedCopy()]() { }

Also note that even though this is not leveraged in this patch, NoncopyableFunction
would allow us to capture move-only types such as std::unique_ptr as so:
[p = WTFMove(p)]() { }
This does not work if we convert the lambda into an std::function because
std::function requires the lambda to be copyable, NoncopyableFunction does not.

* wtf/FunctionDispatcher.h:
(WTF::CallableWrapperBase::~CallableWrapperBase):
(WTF::NoncopyableFunction::NoncopyableFunction):
(WTF::NoncopyableFunction::operator()):
(WTF::NoncopyableFunction::operator bool):
(WTF::NoncopyableFunction::operator=):
* wtf/RunLoop.cpp:
(WTF::RunLoop::performWork):
(WTF::RunLoop::dispatch):
* wtf/RunLoop.h:
* wtf/WorkQueue.h:
* wtf/cocoa/WorkQueueCocoa.cpp:
(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::dispatchAfter):
* wtf/efl/DispatchQueueWorkItemEfl.h:
(WorkItem::WorkItem):
(TimerWorkItem::create):
(TimerWorkItem::TimerWorkItem):
* wtf/efl/WorkQueueEfl.cpp:
(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::dispatchAfter):
* wtf/generic/RunLoopGeneric.cpp:
(WTF::RunLoop::dispatchAfter):
* wtf/generic/WorkQueueGeneric.cpp:
(WorkQueue::dispatch):
(WorkQueue::dispatchAfter):
* wtf/glib/RunLoopGLib.cpp:
(WTF::DispatchAfterContext::DispatchAfterContext):
(WTF::RunLoop::dispatchAfter):
* wtf/win/WorkItemWin.cpp:
(WTF::WorkItemWin::WorkItemWin):
(WTF::WorkItemWin::create):
(WTF::HandleWorkItem::HandleWorkItem):
(WTF::HandleWorkItem::createByAdoptingHandle):
* wtf/win/WorkItemWin.h:
(WTF::WorkItemWin::function):
* wtf/win/WorkQueueWin.cpp:
(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::timerCallback):
(WTF::WorkQueue::dispatchAfter):

Tools:

* WebKitTestRunner/TestController.cpp:
(WTR::TestController::decidePolicyForNavigationAction):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201464 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Attempt to fix the iOS build.

Unreviewed build fix.

* platform/graphics/cocoa/TextTrackRepresentationCocoa.mm:
* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(-[WebAVPlayerLayer layoutSublayers]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201463 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Removed unused headers from ExecutableAllocatorFixedVMPool.cpp.
https://bugs.webkit.org/show_bug.cgi?id=158159

Reviewed by Darin Adler.

* jit/ExecutableAllocatorFixedVMPool.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201462 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modern IDB: After closing a Netflix video, trying to watch it again fails.
<rdar://problem/25092473> and https://bugs.webkit.org/show_bug.cgi?id=158160

Reviewed by Alex Christensen.

Source/WebCore:

New APITest: IndexedDB.WebProcessKillIDBCleanup

* Modules/indexeddb/IDBTransaction.cpp:
(WebCore::IDBTransaction::stop):

* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient): All active transactions need to be aborted
  (without callback, since there's no connection to callback to).
(WebCore::IDBServer::UniqueIDBDatabase::takeNextRunnableTransaction):

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2Cocoa/WebProcessKillIDBCleanup-1.html: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/WebProcessKillIDBCleanup-2.html: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/WebProcessKillIDBCleanup.mm: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201461 268f45cc-cd09-0410-ab3c-d52691b4dbfc

AX: [ATK] accessibility/gtk/no-notification-for-unrendered-iframe-children.html began failing after r201416
https://bugs.webkit.org/show_bug.cgi?id=158152

Reviewed by Chris Fleizach.

The failure is actually a bug fix because only one child is being added, but two
notifications were being emitted. Now there is only one notification. To verify
this was the case, we really should examine the child reportedly being added. That
child is the ATK event's any_data, so pass along that child to the listener.

Tools:

* WebKitTestRunner/InjectedBundle/atk/AccessibilityNotificationHandlerAtk.cpp:

LayoutTests:

The failing test and associated expectations were modified to remove the duplicate
notification and include the title of the added child for the notification we get.

* accessibility/gtk/no-notification-for-unrendered-iframe-children.html: Updated.
* accessibility/gtk/no-notification-for-unrendered-iframe-children-expected.txt: Updated.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201458 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Expose content extension failure error codes in SPI
https://bugs.webkit.org/show_bug.cgi?id=158095
rdar://problem/26475651

Reviewed by Anders Carlsson.

Source/WebKit2:

* UIProcess/API/APIUserContentExtensionStore.cpp:
(API::UserContentExtensionStore::synchronousRemoveAllContentExtensions):
(API::UserContentExtensionStore::invalidateContentExtensionVersion):
Added for testing.
(API::userContentExtensionStoreErrorCategory):
* UIProcess/API/APIUserContentExtensionStore.h:
* UIProcess/API/Cocoa/_WKUserContentExtensionStore.h:
Added the new enum, _WKUserContentExtensionStoreErrorCode.
* UIProcess/API/Cocoa/_WKUserContentExtensionStore.mm:
(-[_WKUserContentExtensionStore compileContentExtensionForIdentifier:encodedContentExtension:completionHandler:]):
Sometimes the error code returned by UserContentExtensionStore::compileContentExtension has the error code from compileRuleList.
When this happens, we want to get the message from the internal compiler error, but we want the NSError's code to always be CompileFailed.
(-[_WKUserContentExtensionStore lookupContentExtensionForIdentifier:completionHandler:]):
(-[_WKUserContentExtensionStore removeContentExtensionForIdentifier:completionHandler:]):
(-[_WKUserContentExtensionStore _removeAllContentExtensions]):
(-[_WKUserContentExtensionStore _invalidateContentExtensionVersionForIdentifier:]):
* UIProcess/API/Cocoa/_WKUserContentExtensionStorePrivate.h:
Added new invalidator for testing.

Tools:

* TestWebKitAPI/Tests/WebKit2Cocoa/_WKUserContentExtensionStore.mm:
(checkDomain):
(TEST_F):
Add tests that use the new enum.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201457 268f45cc-cd09-0410-ab3c-d52691b4dbfc

get_by_id should support caching unset properties in the LLInt
https://bugs.webkit.org/show_bug.cgi?id=158136

Reviewed by Benjamin Poulain.

Recently, we started supporting prototype load caching for get_by_id
in the LLInt. This patch extends that to caching unset properties.
While it is uncommon in general for a program to see a single structure
without a given property, the Array.prototype.concat function needs to
lookup the Symbol.isConcatSpreadable property. For any existing code
That property will never be set as it did not exist prior to ES6.

Similarly to the get_by_id_proto_load bytecode, this patch adds a new
bytecode, get_by_id_unset that checks the structureID of the base and
assigns undefined to the result.

There are no new tests here since we already have many tests that
incidentally cover this change.

* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printGetByIdOp):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::finalizeLLIntInlineCaches):
* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFromLLInt):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setupGetByIdPrototypeCache):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201456 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebRTC: Update RTCPeerConnection overloaded legacy operations to return a Promise
https://bugs.webkit.org/show_bug.cgi?id=158114

Reviewed by Eric Carlson.

Source/WebCore:

Update overloaded operations so that the legacy callback versions also return a promise
and never throw [1].

[1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#legacy-interface-extensions

Updated existing tests.
- fast/mediastream/RTCPeerConnection-overloaded-operations-params.html
- fast/mediastream/RTCPeerConnection-overloaded-operations.html

* Modules/mediastream/RTCPeerConnection.idl:
Updated legacy signatures (just for documentation purposes)
* Modules/mediastream/RTCPeerConnection.js:
Implements the promise overload and the legacy callbacks overload (using the promise version)
as specified in [1] (above).
(createOffer):
(createAnswer):
(setLocalDescription):
(setRemoteDescription):
(addIceCandidate):
(getStats):
* Modules/mediastream/RTCPeerConnectionInternals.js:
Added helper functions objectAndCallbacksOverload and callbacksAndDictionaryOverload that
process an argument list and determine which overloaded version to use.
(callbacksAndDictionaryOverload):
(setLocalOrRemoteDescription): Deleted.
(extractCallbackArg): Deleted.

LayoutTests:

Updated existing tests (see below).

* fast/mediastream/RTCPeerConnection-overloaded-operations-expected.txt:
* fast/mediastream/RTCPeerConnection-overloaded-operations-params-expected.txt:
* fast/mediastream/RTCPeerConnection-overloaded-operations-params.html:
Test various combinations of good and bad arguments and verify that no errors are thrown.
* fast/mediastream/RTCPeerConnection-overloaded-operations.html:
Test that all overloaded versions return a promise.
* fast/mediastream/resources/promise-utils.js: Added.
Shared utils to make it easier to test async promise APIs.
(ensurePromise):
(promiseShouldReject):
(promiseShouldNotRejectWithTypeError.):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201455 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Web Inspector: Add indicators to show nesting levels inside DOM Tree
https://bugs.webkit.org/show_bug.cgi?id=157468
<rdar://problem/26162640>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-05-27
Reviewed by Timothy Hatcher.

Add CSS rules to give all expanded node children lists a small line on the
left border indicating that all items under the line are descendants.

* UserInterface/Views/DOMTreeOutline.css:
(.tree-outline.dom li .selection):
(.tree-outline.dom li > span):
(.tree-outline.dom ol):
(.tree-outline.dom .tree-outline.dom li:matches(.hovered, .selected) + ol.children.expanded):
(.tree-outline.dom li.selected + ol.children.expanded):
(.tree-outline.dom li.parent::before):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201454 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Regression(r200972): Webcore::Range::collectSelectionsRects() asserts in startContainer() while selecting text.
https://bugs.webkit.org/show_bug.cgi?id=158155
<rdar://problem/26502712>

Reviewed by Chris Dumez.

This patch ensures that we still have a valid paragraphRange after returning from enclosingTextUnitOfGranularity().

* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::selectTextWithGranularityAtPoint):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201453 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[cmake] Deduplicated bmalloc/Zone.cpp handling.
https://bugs.webkit.org/show_bug.cgi?id=158154

Reviewed by Alex Christensen.

File bmalloc/Zone.cpp is required on Darwin irrespectively from what
port is being built.

Also I removed WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS() because it's
unlikely that bmalloc will ever need port-specific customizations (as
opposed to OS-specific customizations which should be done in
CMakeLists.txt).

* CMakeLists.txt: Added bmalloc/Zone.cpp for Darwin.
* PlatformGTK.cmake: Removed.
* PlatformMac.cmake: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201452 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Bogus uses of regexp matching should realize that they will OOM before they start swapping
https://bugs.webkit.org/show_bug.cgi?id=158142

Reviewed by Michael Saboff.

Refactored the RegExpObject::matchGlobal() code so that there is less duplication. Took
advantage of this to make the code more resilient in case of absurd situations: if the
result array gets large, it proceeds with a dry run to detect how many matches there will
be. This allows it to OOM before it starts swapping.

This also improves the overall performance of the code by using lightweight substrings and
skipping the whole intermediate argument array.

This makes some jsfunfuzz tests run a lot faster and use a lot less memory.

* builtins/RegExpPrototype.js:
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/MatchResult.cpp: Added.
(JSC::MatchResult::dump):
* runtime/MatchResult.h:
(JSC::MatchResult::empty):
(MatchResult::empty): Deleted.
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::match):
(JSC::collectMatches):
(JSC::RegExpObject::matchGlobal):
* runtime/StringObject.h:
(JSC::jsStringWithReuse):
(JSC::jsSubstring):
* tests/stress/big-match.js: Added. Make sure that this optimization doesn't break big matches.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201451 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Video play glyph not visible if initially invisible when contained in a "-webkit-overflow-scrolling: touch" container
https://bugs.webkit.org/show_bug.cgi?id=158146
<rdar://problem/25816307>

Patch by Antoine Quint <graouts@apple.com> on 2016-05-27
Reviewed by Dean Jackson.

Source/WebCore:

We now force the <video> controls play glyph into being composited due to webkit.org/b/158147. In most scenarios,
this element gets composited anyway, this is just to ensure that this happens in all cases until we get the
general fix for webkit.org/b/158147.

Test: platform/ios-simulator/media/video-play-glyph-composited-outside-overflow-scrolling-touch-container.html

* Modules/mediacontrols/mediaControlsiOS.css:
(video::-webkit-media-controls-start-playback-button .webkit-media-controls-start-playback-glyph):

LayoutTests:

Testing that on iOS the play glyph for <video> controls when play button would be initially invisible when contained
in a scrollable container is indeed composited.

* platform/ios-simulator/media/video-play-glyph-composited-outside-overflow-scrolling-touch-container-expected.txt: Added.
* platform/ios-simulator/media/video-play-glyph-composited-outside-overflow-scrolling-touch-container.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201450 268f45cc-cd09-0410-ab3c-d52691b4dbfc

New intl-numberformat.js test fails on many Linux platforms
https://bugs.webkit.org/show_bug.cgi?id=154530

Reviewed by Darin Adler.

The test is actually failing because of a bug in the icu version installed in the bots, using a newer version of
icu makes the tests pass and explains why it worked for some people. So, let's add icu 55.1 to the internal
jhbuild to ensure JSC tests pass in the bots no matter what the icu version installed is.

* gtk/jhbuild.modules:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201449 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Static table property lookup should not require getOwnPropertySlot override.
https://bugs.webkit.org/show_bug.cgi?id=158059

Reviewed by Darin Adler.

Currently JSObject does not handle property lookup of entries in the static
table. Each subclass with static properties mut override getOwnPropertySlot,
and explicitly call the lookup functions. This has the following drawbacks:

- Performance: for any class with static properties, property acces becomes
  virtual (via method table).
- Poor encapsulation: implementation detail of static property access is
  spread throughout & cross projects, rather than being contained in JSObject.
- Code size: this results in a great many additional functions.
- Inconsistency: static table presence has to be be taken into account in many
  other operations, e.g. presence of read-only properties for put.
- Memory: in order to avoid the virtual lookup, DOM prototypes eagerly reify
  all properties. This is likely suboptimal.

Instead, JSObject::getPropertySlot / JSObject::getOwnPropertySlot should be
able to handle static properties.

This is actually a fairly small & simple change.

The common pattern is for subclasses of JObject to override getOwnPropertySlot
to first defer to JSObject for property storage lookup, and only if this fails
consult the static table. They just want the static tables to be consulted after
regular property storgae lookup. So just add a fast flag in TypeInfo for JSObject
to check, and where it is set, do so. Then it's just a question of switching
classes over to start setting this flag, and drop the override.

The new mechanism does change static table lookup order from oldest-ancestor
first to most-derived first. The new ordering makes more sense (means derived
class static tables can now override entries from parents), and shoudn't affect
any existing code (since overriding didn't previously work, there likely aren't
shadowing properties in more derived types).

This patch changes all classes in JavaScriptCore over to using the new mechanism,
except JSGlobalObject. I'll move classes in WebCore over as a separate patch
(this is also why I've not moved JSGlobalObject in this patch - doing so would
move JSDOMWindow, and I'd rather handle that separately).

* runtime/JSTypeInfo.h:
(JSC::TypeInfo::hasStaticPropertyTable):
    - Add HasStaticPropertyTable flag.
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
    - Change setUpStaticFunctionSlot to take a VM&.
* runtime/Lookup.h:
(JSC::getStaticPropertySlotFromTable):
    - Added helper function to perform static lookup alone.
(JSC::getStaticPropertySlot):
(JSC::getStaticFunctionSlot):
    - setUpStaticFunctionSlot changed to take a VM&.
* runtime/JSObject.cpp:
(JSC::JSObject::getOwnStaticPropertySlot):
    - Added, walks ClassInfo chain looking for static properties.
* runtime/JSObject.h:
(JSC::JSObject::getOwnNonIndexPropertySlot):
    - getOwnNonIndexPropertySlot is used internally by getPropertySlot
      & getOwnPropertySlot. If property is not present in storage array
      then check the static table.
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::finishCreation):
(JSC::constructArrayWithSizeQuirk):
(JSC::ArrayConstructor::getOwnPropertySlot): Deleted.
* runtime/ArrayConstructor.h:
(JSC::ArrayConstructor::create):
* runtime/ArrayIteratorPrototype.cpp:
(JSC::ArrayIteratorPrototype::finishCreation):
(JSC::ArrayIteratorPrototype::getOwnPropertySlot): Deleted.
* runtime/ArrayIteratorPrototype.h:
(JSC::ArrayIteratorPrototype::create):
(JSC::ArrayIteratorPrototype::ArrayIteratorPrototype):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::finishCreation):
(JSC::booleanProtoFuncToString):
(JSC::BooleanPrototype::getOwnPropertySlot): Deleted.
* runtime/BooleanPrototype.h:
(JSC::BooleanPrototype::create):
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::finishCreation):
(JSC::millisecondsFromComponents):
(JSC::DateConstructor::getOwnPropertySlot): Deleted.
* runtime/DateConstructor.h:
(JSC::DateConstructor::create):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::finishCreation):
(JSC::dateProtoFuncToString):
(JSC::DatePrototype::getOwnPropertySlot): Deleted.
* runtime/DatePrototype.h:
(JSC::DatePrototype::create):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::finishCreation):
(JSC::ErrorPrototype::getOwnPropertySlot): Deleted.
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::create):
* runtime/GeneratorPrototype.cpp:
(JSC::GeneratorPrototype::finishCreation):
(JSC::GeneratorPrototype::getOwnPropertySlot): Deleted.
* runtime/GeneratorPrototype.h:
(JSC::GeneratorPrototype::create):
(JSC::GeneratorPrototype::createStructure):
(JSC::GeneratorPrototype::GeneratorPrototype):
* runtime/InspectorInstrumentationObject.cpp:
(JSC::InspectorInstrumentationObject::finishCreation):
(JSC::InspectorInstrumentationObject::isEnabled):
(JSC::InspectorInstrumentationObject::getOwnPropertySlot): Deleted.
* runtime/InspectorInstrumentationObject.h:
(JSC::InspectorInstrumentationObject::create):
(JSC::InspectorInstrumentationObject::createStructure):
* runtime/IntlCollatorConstructor.cpp:
(JSC::IntlCollatorConstructor::getCallData):
(JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
(JSC::IntlCollatorConstructor::getOwnPropertySlot): Deleted.
* runtime/IntlCollatorConstructor.h:
* runtime/IntlCollatorPrototype.cpp:
(JSC::IntlCollatorPrototype::finishCreation):
(JSC::IntlCollatorFuncCompare):
(JSC::IntlCollatorPrototype::getOwnPropertySlot): Deleted.
* runtime/IntlCollatorPrototype.h:
* runtime/IntlDateTimeFormatConstructor.cpp:
(JSC::IntlDateTimeFormatConstructor::getCallData):
(JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
(JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot): Deleted.
* runtime/IntlDateTimeFormatConstructor.h:
* runtime/IntlDateTimeFormatPrototype.cpp:
(JSC::IntlDateTimeFormatPrototype::finishCreation):
(JSC::IntlDateTimeFormatFuncFormatDateTime):
(JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot): Deleted.
* runtime/IntlDateTimeFormatPrototype.h:
* runtime/IntlNumberFormatConstructor.cpp:
(JSC::IntlNumberFormatConstructor::getCallData):
(JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
(JSC::IntlNumberFormatConstructor::getOwnPropertySlot): Deleted.
* runtime/IntlNumberFormatConstructor.h:
* runtime/IntlNumberFormatPrototype.cpp:
(JSC::IntlNumberFormatPrototype::finishCreation):
(JSC::IntlNumberFormatFuncFormatNumber):
(JSC::IntlNumberFormatPrototype::getOwnPropertySlot): Deleted.
* runtime/IntlNumberFormatPrototype.h:
* runtime/JSDataViewPrototype.cpp:
(JSC::JSDataViewPrototype::createStructure):
(JSC::getData):
(JSC::JSDataViewPrototype::getOwnPropertySlot): Deleted.
* runtime/JSDataViewPrototype.h:
* runtime/JSInternalPromiseConstructor.cpp:
(JSC::JSInternalPromiseConstructor::getCallData):
(JSC::JSInternalPromiseConstructor::getOwnPropertySlot): Deleted.
* runtime/JSInternalPromiseConstructor.h:
* runtime/JSONObject.cpp:
(JSC::Walker::Walker):
(JSC::JSONObject::getOwnPropertySlot): Deleted.
* runtime/JSONObject.h:
(JSC::JSONObject::create):
* runtime/JSPromiseConstructor.cpp:
(JSC::JSPromiseConstructor::getCallData):
(JSC::JSPromiseConstructor::getOwnPropertySlot): Deleted.
* runtime/JSPromiseConstructor.h:
* runtime/JSPromisePrototype.cpp:
(JSC::JSPromisePrototype::addOwnInternalSlots):
(JSC::JSPromisePrototype::getOwnPropertySlot): Deleted.
* runtime/JSPromisePrototype.h:
* runtime/MapPrototype.cpp:
(JSC::MapPrototype::finishCreation):
(JSC::getMap):
(JSC::MapPrototype::getOwnPropertySlot): Deleted.
* runtime/MapPrototype.h:
(JSC::MapPrototype::create):
(JSC::MapPrototype::MapPrototype):
* runtime/ModuleLoaderObject.cpp:
(JSC::ModuleLoaderObject::finishCreation):
(JSC::printableModuleKey):
(JSC::ModuleLoaderObject::getOwnPropertySlot): Deleted.
* runtime/ModuleLoaderObject.h:
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::finishCreation):
(JSC::toThisNumber):
(JSC::NumberPrototype::getOwnPropertySlot): Deleted.
* runtime/NumberPrototype.h:
(JSC::NumberPrototype::create):
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::addDefineProperty):
(JSC::constructObject):
(JSC::ObjectConstructor::getOwnPropertySlot): Deleted.
* runtime/ObjectConstructor.h:
(JSC::ObjectConstructor::create):
(JSC::ObjectConstructor::createStructure):
* runtime/ReflectObject.cpp:
(JSC::ReflectObject::finishCreation):
(JSC::ReflectObject::getOwnPropertySlot): Deleted.
* runtime/ReflectObject.h:
(JSC::ReflectObject::create):
(JSC::ReflectObject::createStructure):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::getRightContext):
(JSC::regExpConstructorDollar):
(JSC::RegExpConstructor::getOwnPropertySlot): Deleted.
* runtime/RegExpConstructor.h:
(JSC::RegExpConstructor::create):
(JSC::RegExpConstructor::createStructure):
* runtime/SetPrototype.cpp:
(JSC::SetPrototype::finishCreation):
(JSC::getSet):
(JSC::SetPrototype::getOwnPropertySlot): Deleted.
* runtime/SetPrototype.h:
(JSC::SetPrototype::create):
(JSC::SetPrototype::SetPrototype):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::finishCreation):
(JSC::stringFromCharCodeSlowCase):
(JSC::StringConstructor::getOwnPropertySlot): Deleted.
* runtime/StringConstructor.h:
(JSC::StringConstructor::create):
* runtime/StringIteratorPrototype.cpp:
(JSC::StringIteratorPrototype::finishCreation):
(JSC::StringIteratorPrototype::getOwnPropertySlot): Deleted.
* runtime/StringIteratorPrototype.h:
(JSC::StringIteratorPrototype::create):
(JSC::StringIteratorPrototype::StringIteratorPrototype):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::create):
(JSC::substituteBackreferencesSlow):
(JSC::StringPrototype::getOwnPropertySlot): Deleted.
* runtime/StringPrototype.h:
* runtime/SymbolConstructor.cpp:
(JSC::SymbolConstructor::finishCreation):
(JSC::callSymbol):
(JSC::SymbolConstructor::getOwnPropertySlot): Deleted.
* runtime/SymbolConstructor.h:
(JSC::SymbolConstructor::create):
* runtime/SymbolPrototype.cpp:
(JSC::SymbolPrototype::finishCreation):
(JSC::SymbolPrototype::getOwnPropertySlot): Deleted.
* runtime/SymbolPrototype.h:
(JSC::SymbolPrototype::create):
    - remove getOwnPropertySlot, replace OverridesGetOwnPropertySlot flag with HasStaticPropertyTable.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201448 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Preload single download tests.
https://bugs.webkit.org/show_bug.cgi?id=157988

Reviewed by Alex Christensen.

Source/WebCore:

ResourceTiming entries for some subresource weren't registered as resource->response().isHTTP() was false, since
resource->response().url() was empty. I switched the check to use resource->resourceRequest().url() directly instead.

Test: http/tests/preload/single_download_preload_runner.html

* loader/ResourceTimingInformation.cpp:
(WebCore::ResourceTimingInformation::addResourceTiming):

LayoutTests:

Make sure preload is only downloading a single resource, which is properly reused.

* http/tests/preload/resources/single_download_preload.html: Added.
* http/tests/preload/single_download_preload_runner-expected.txt: Added.
* http/tests/preload/single_download_preload_runner.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201447 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed EFL gardening.
Release some passing tests which have been marked to Crash, Failure.

* platform/efl/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201446 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed, rolling out r201436.
https://bugs.webkit.org/show_bug.cgi?id=158143

Caused 30% regression on Dromaeo DOM core tests (Requested by
rniwa on #webkit).

Reverted changeset:

"REGRESSION: JSBench spends a lot of time transitioning
to/from dictionary"
https://bugs.webkit.org/show_bug.cgi?id=158045
http://trac.webkit.org/changeset/201436

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201445 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Certain NetworkResourceLoader callbacks can deref a null m_networkLoad.
https://bugs.webkit.org/show_bug.cgi?id=158134

Reviewed by Alex Christensen.

It's legit for m_networkLoad to be null in these callbacks.

We need null checks, just like we have in many other callbacks in this class.

* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::continueWillSendRequest):
(WebKit::NetworkResourceLoader::continueCanAuthenticateAgainstProtectionSpace):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201444 268f45cc-cd09-0410-ab3c-d52691b4dbfc

AX: Wrong CharacterOffset from VisiblePosition with composed characters
https://bugs.webkit.org/show_bug.cgi?id=158138

Reviewed by Chris Fleizach.

Source/WebCore:

The conversion logic is not correct when the text node contains composed characters.
We should use VisiblePosition's offset directly for text nodes so we won't mess things up.

Test: accessibility/mac/character-offset-visible-position-conversion-with-emoji.html

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
(WebCore::AXObjectCache::characterOffsetFromVisiblePosition):

LayoutTests:

* accessibility/mac/character-offset-visible-position-conversion-with-emoji-expected.txt: Added.
* accessibility/mac/character-offset-visible-position-conversion-with-emoji.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201443 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[JSC] Allow JSBench to use precise time
https://bugs.webkit.org/show_bug.cgi?id=158050

Reviewed by Geoffrey Garen.

PerformanceTests:

* JSBench/amazon-chrome-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/amazon-chrome/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/amazon-firefox-win/urm.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/amazon-firefox/urm.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/amazon-safari/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/facebook-chrome-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/facebook-chrome/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/facebook-firefox-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/facebook-firefox/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/facebook-safari/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/google-chrome-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/google-chrome/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/google-firefox-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/google-firefox/uem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/google-safari/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/harness.js:
(runBenchmark.window.currentTimeInMS):
(runBenchmark.else.window.currentTimeInMS):
* JSBench/twitter-chrome-win/rem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/twitter-chrome/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/twitter-firefox-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/twitter-firefox/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/twitter-safari/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/yahoo-chrome-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/yahoo-chrome/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/yahoo-firefox-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/yahoo-firefox/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/yahoo-safari/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

Tools:

JSBench use `new Date().getTime()` without options and there is no way to use precise time.
This patch modifies the JSBench code to inject the code taking the precise time.
`currentTimeInMS` is given by the benchmerk harness and JSBench uses it.
run-jsc-benchmark switches this function's implementation between `Date.now()` and
testRunner's precise time one.

While this patch modifies the code of JSBench, the last release of JSBench is Jan 2013 and
the contents are not changed for a long time. As described in the original paper[1], the
tests can be generated by using JSBench's record & replay system, but in that case, we can
adopt this modification by changing the tool side.

We also add currentTimeInMS implementation in harness.js and u?rem.js directly.
u?rem.js implementation is required when it is executed in u?rem.html without harness.
And harness.js implementation is required when it is executed in the JSBench's harness.
In these implementation, we follow the JetStream's time measuring function: performance.now(),
preciseTime(), or Date.now().

[1]: http://dl.acm.org/citation.cfm?id=2048119

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201442 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Media queries and platform screen modernization and streamlining
https://bugs.webkit.org/show_bug.cgi?id=158067

Reviewed by Alex Christensen.

Source/WebCore:

* bindings/objc/DOM.mm:
(-[DOMHTMLLinkElement _mediaQueryMatches]): Use references, use fastGetAttribute,
pass a document instead of a frame to the media query evaluator and a reference instead
of a pointer.

* css/CSSGrammar.y.in: Use "expression" instead of "exp" for media query expressions.
Update vectors and arguments to move media query expressions instead of using unique_ptr.

* css/CSSImportRule.h: Use pragma once. Removed unneeded forward declarations.
Made more overrides private and marked them final.

* css/CSSParser.cpp:
(WebCore::CSSParser::SourceSize::SourceSize): Added missing WTFMove to avoid reference
count churn. Changed type of expression to no longer use unique_ptr.
(WebCore::CSSParser::sourceSize): Ditto.

* css/CSSParser.h: Changed SourceSize::expression to no longer use unique_ptr.
Also changed SourceSize::length to be Ref instead of RefPtr.

* css/DocumentRuleSets.cpp:
(WebCore::DocumentRuleSets::appendAuthorStyleSheets): Updated for changes to
MediaQueryEvaluator.

* css/MediaFeatureNames.cpp:
(WebCore::MediaFeatureNames::init): Streamlined a bit. Removed "MediaFeature" suffix from
names of media feature strings.

* css/MediaFeatureNames.h: Use pragma once. Changed media feature name globals
to use normal WebKit naming style instead of all lowercase with underscores.
Sorted alphabetically. Removed "MediaFeature" suffix from names of media feature strings.

* css/MediaList.cpp:
(WebCore::MediaQuerySet::MediaQuerySet): Simplified copy constructor since the queries
vector can now be copied normally.
(WebCore::parseMediaDescriptor): Normalized types and changed to use isASCIIAlphanumeric.
The old code was not handling '0' the way the comment said it did.
(WebCore::MediaQuerySet::internalParse): Added. Helper function to cut down on redundant
code in functions below.
(WebCore::MediaQuerySet::parse): Use stripLeadingAndTrailingHTMLSpaces instead of
stripWhiteSpace. Streamlined logic using helper function. Updated to use a vector of
queries instead of a vector of unique_ptr.
(WebCore::MediaQuerySet::add): Use internalParse.
(WebCore::MediaQuerySet::remove): Ditto.
(WebCore::MediaQuerySet::addMediaQuery): Changed argument type to not be unique_ptr.
(WebCore::MediaQuerySet::mediaText): Use modern for loop.
(WebCore::MediaList::MediaList): Initialize pointers to null in the class definition
rather than in these constructors.
(WebCore::MediaList::setMediaText): Removed unhelpful local variable.
(WebCore::MediaList::item): Updated since queries no longer use unique_ptr.
(WebCore::addResolutionWarningMessageToConsole): Changed argument types to references
instead of pointers with assertions.
(WebCore::reportMediaQueryWarningIfNeeded): Updated to modernize.

* css/MediaList.h: Use pragma once. Removed unneeded includes and forward declarations.
Changed vector to contain media queries instead of unique_ptr. Use nullptr instead of 0.
Initialize pointers to null here.

* css/MediaQuery.cpp: Deleted now-unneeded copy constructor and destructor. Both are
correctly generated without us writing them explicitly.
(WebCore::MediaQuery::serialize): Rewrote to streamline.
(WebCore::MediaQuery::MediaQuery): Updates since expressions are no longer unique_ptr.
(WebCore::MediaQuery::cssText): Changed return type to reference.

* css/MediaQuery.h: Use pragma once. Added include since this now includes media query
expressions, not just unique_ptr. Deleted the unneeded copy function.

* css/MediaQueryEvaluator.cpp:
(WebCore::isViewportDependent): Moved this here. It used to be a member function of
MediaQueryExp, but this file has a lot more functions about specific features and how
they are evaluated, so it really belongs here.
(WebCore::MediaQueryEvaluator::MediaQueryEvaluator): Changed constructor to take a
document instead of a frame. Initialize the fallback result in the class definition.
(WebCore::MediaQueryEvaluator::evaluate): Changed the argument type to a reference.
(WebCore::compareValue): Made both of the arguments separate template types. This
helps us compare an integer to a double without lots of type casts.
(WebCore::compareAspectRatioValue): Changed to use early return style and got rid of
the casts to int so we will do the work in double instead.
(WebCore::doubleValue): Replaced the old numberValue function with this. Since values
are stored as doubles, it's much better to use double rather than float.
(WebCore::zeroEvaluate): Added. Helpful for the many functions that just need to
evaluate as 0.
(WebCore::oneEvaluate): Ditto.
(WebCore::colorEvaluate): Renamed this and all the functions below. Simplified the logic
to use the new doubleValue function.
(WebCore::colorIndexEvaluate): Use zeroEvaluate.
(WebCore::colorGamutEvaluate): No longer use page just to get from the frame to the
main frame.
(WebCore::monochromeEvaluate): Simplify logic using zeroEvaluate.
(WebCore::invertedColorsEvaluate): Use auto for the keyword; easier to read.
(WebCore::orientationEvaluate): Use early return style.
(WebCore::aspectRatioEvaluate): Ditto.
(WebCore::deviceAspectRatioEvaluate): Simplified logic and removed type casts.
(WebCore::evaluateResolution): Added a couple null checks.
(WebCore::devicePixelRatioEvaluate): Renamed. Added missing type check.
(WebCore::resolutionEvaluate): Ditto.
(WebCore::gridEvaluate): Use zeroEvaluate.
(WebCore::computeLength): Added a null check.
(WebCore::deviceHeightEvaluate): Use early return.
(WebCore::deviceWidthEvaluate): Ditto.
(WebCore::heightEvaluate): Ditto.
(WebCore::widthEvaluate): Ditto.
(WebCore::minColorEvaluate): Updated name only.
(WebCore::maxColorEvaluate): Ditto.
(WebCore::minColorIndexEvaluate): Ditto.
(WebCore::maxColorIndexEvaluate): Ditto.
(WebCore::minMonochromeEvaluate): Ditto.
(WebCore::maxMonochromeEvaluate): Ditto.
(WebCore::minAspectRatioEvaluate): Ditto.
(WebCore::maxAspectRatioEvaluate): Ditto.
(WebCore::minDeviceAspectRatioEvaluate): Ditto.
(WebCore::maxDeviceAspectRatioEvaluate): Ditto.
(WebCore::minDevicePixelRatioEvaluate): Ditto.
(WebCore::maxDevicePixelRatioEvaluate): Ditto.
(WebCore::minHeightEvaluate): Ditto.
(WebCore::maxHeightEvaluate): Ditto.
(WebCore::minWidthEvaluate): Ditto.
(WebCore::maxWidthEvaluate): Ditto.
(WebCore::minDeviceHeightEvaluate): Ditto.
(WebCore::maxDeviceHeightEvaluate): Ditto.
(WebCore::minDeviceWidthEvaluate): Ditto.
(WebCore::maxDeviceWidthEvaluate): Ditto.
(WebCore::minResolutionEvaluate): Ditto.
(WebCore::maxResolutionEvaluate): Ditto.
(WebCore::animationEvaluate): Use oneEvaluate.
(WebCore::transitionEvaluate): Ditto.
(WebCore::transform2dEvaluate): Ditto.
(WebCore::transform3dEvaluate): Simplify using zeroEvaluate and oneEvaluate.
(WebCore::viewModeEvaluate): Simplified logic with fewer local variables and the name "keyword".
(WebCore::videoPlayableInlineEvaluate): Use reference.
(WebCore::hoverEvaluate): Simplify using keyword.
(WebCore::anyHoverEvaluate): Just updated name.
(WebCore::pointerEvaluate): Simplify using keyword.
(WebCore::anyPointerEvaluate): Just updated name.
(WebCore::add): Added. Helper for building up the media query function map.
(WebCore::MediaQueryEvaluator::evaluate): Moved code to build the function map in here in
a lambda, rather than having it in a separate global function.

* css/MediaQueryEvaluator.h: Use pragma once. Removed uneeded includes. Simplified comments and
modernized their style.

* css/MediaQueryExp.cpp:
(WebCore::isFeatureValidWithIdentifier): Renamed to make it clearer what this does. Updated
to take a reference and use te new feature names.
(WebCore::isFeatureValidWithNonNegativeLengthOrNumber): Ditto.
(WebCore::isFeatureValidWithDensity): Ditto.
(WebCore::isFeatureValidWithNonNegativeInteger): Ditto.
(WebCore::isFeatureValidWithNonNegativeNumber): Ditto.
(WebCore::isFeatureValidWithZeroOrOne): Ditto.
(WebCore::isAspectRatioFeature): Ditto.
(WebCore::isFeatureValidWithoutValue): Ditto.
(WebCore::isFeatureValidWithNumberWithUnit): Added. Helper that calls multiple functions above.
(WebCore::isFeatureValidWithNumber): Ditto.
(WebCore::isSlash): Added. Helper to make aspect ratio code below easier to read.
(WebCore::isPositiveIntegerValue): Ditto.
(WebCore::MediaQueryExpression::MediaQueryExpression): Rearranged code to be much less wordy and
to not use current/next.

* css/MediaQueryExp.h: Use pragma once. Renamed class to MediaQueryExpression. Removed
the isViewportDependent function, now part of MediaQueryEvaluator. Removed unneeded includes.

* css/MediaQueryList.cpp:
(WebCore::MediaQueryList::MediaQueryList): Marked this inline. Use a reference and a Ref&&
instead of PassRefPtr.
(WebCore::MediaQueryList::create): Updated argument types.
(WebCore::MediaQueryList::addListener): Updated argument type and use releaseNonNull.
(WebCore::MediaQueryList::removeListener): Updated argument types.
(WebCore::MediaQueryList::evaluate): Ditto.
(WebCore::MediaQueryList::matches): More of the same.

* css/MediaQueryList.h: Use pragma once. Changed types to use references, RefPtr&& and Ref&&.

* css/MediaQueryMatcher.cpp:
(WebCore::MediaQueryMatcher::MediaQueryMatcher): Take a reference.
(WebCore::MediaQueryMatcher::documentDestroyed): Use nullptr.
(WebCore::MediaQueryMatcher::documentElementUserAgentStyle): Use auto.
(WebCore::MediaQueryMatcher::evaluate): Take a reference. Updated for changes to MediaQueryEvaluator.
(WebCore::MediaQueryMatcher::matchMedia): Updated for above changes.
(WebCore::MediaQueryMatcher::addListener): Use Ref&& and reference for arguments. Simplify code.
(WebCore::MediaQueryMatcher::removeListener): Ditto.
(WebCore::MediaQueryMatcher::styleResolverChanged): Moved the logic for evaluating each query here.
Updated for changes to MediaQueryEvaluator.

* css/MediaQueryMatcher.h: Use pragma once. Changed create to take a reference. Tightened argument
types for addListener and removeListener. Made the private Listener a simple struct rather than a
class. Initialized m_evaluationRound.

* css/RuleSet.cpp:
(WebCore::RuleSet::addChildRules): Updated for changes to MediaQueryEvaluator.
(WebCore::RuleSet::addRulesFromSheet): Ditto.

* css/SourceSizeList.cpp:
(WebCore::match): Updated to use MediaQueryEvaluator in a simpler way.
(WebCore::defaultLength): Use a reference and simpler syntax.
(WebCore::computeLength): Ditto.
(WebCore::parseSizesAttribute): Changed arguments to take a Document instead of both a
RenderView and a Frame.

* css/SourceSizeList.h: Use #pragma once. Change parseSizesAttribute to take a Document.

* css/StyleMedia.cpp:
(WebCore::StyleMedia::matchMedium): Update for changes to MediaQueryEvaluator.

* css/StyleResolver.cpp:
(WebCore::StyleResolver::StyleResolver): Use a MediaQueryEvaluator instead of a unique_ptr
to one.
(WebCore::StyleResolver::appendAuthorStyleSheets): Ditto.
(WebCore::StyleResolver::styleForElement): Ditto.
(WebCore::StyleResolver::pseudoStyleForElement): Ditto.
(WebCore::StyleResolver::pseudoStyleRulesForElement): Ditto.
(WebCore::StyleResolver::addViewportDependentMediaQueryResult): Use references instead of
ponters, and use a vector of MediaQueryResult instead of unique_ptr.
(WebCore::StyleResolver::hasMediaQueriesAffectedByViewportChange): Use a modern for loop.

* css/StyleResolver.h: Use a MediaQueryEvaluator instead of a unique_ptr to one.
Use a vector of MediaQueryResult instead of a vector of unique_ptr.

* dom/Document.cpp:
(WebCore::Document::mediaQueryMatcher): Pass a reference instead of a pointer.

* dom/InlineStyleSheetOwner.cpp:
(WebCore::InlineStyleSheetOwner::createSheet): Updated for changes to MediaQueryEvaluator.

* editing/TextIterator.cpp:
(WebCore::SimplifiedBackwardsTextIterator::advance): Removed a stray space (unrelated to
the rest of the patch).

* html/HTMLImageElement.cpp:
(WebCore::HTMLImageElement::bestFitSourceFromPictureElement): Updated for changes to the
MediaQueryEvaluator class. Also use auto a bit more and eliminated a double hash table
lookup in code that used hasAttribute followed by fastGetAttribute.
(WebCore::HTMLImageElement::selectImageSource): Updated for changes to parseSizesAttribute.

* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::process): Updated for changes to MediaQueryEvaluator.
(WebCore::HTMLLinkElement::setCSSStyleSheet): Use auto.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::selectNextSourceChild): Updated for changes to MediaQueryEvaluator.

* html/HTMLPictureElement.cpp:
(WebCore::HTMLPictureElement::viewportChangeAffectedPicture): Updated for changes to
MediaQueryEvaluator.

* html/HTMLPictureElement.h: Use #pragma once. Changed viewport dependent media query results
vector to be a vector of results, not of unique_ptr.

* html/parser/HTMLPreloadScanner.cpp:
(WebCore::TokenPreloadScanner::StartTagScanner::processAttributes): Updated for changes to
parseSizesAttribute.
(WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): Updated for changes to
MediaQueryEvaluator.

* html/parser/HTMLResourcePreloader.cpp:
(WebCore::mediaAttributeMatches): Updated for changes to MediaQueryEvaluator.
(WebCore::HTMLResourcePreloader::preload): Ditto.

* page/DOMWindow.cpp: Removed unneeded include of PlatformScreen.h.

* page/mac/EventHandlerMac.mm:
(WebCore::EventHandler::effectiveMousePositionForSelectionAutoscroll): Simplified code and
updated for changes to PlatformScreenMac functions.

* platform/PlatformScreen.h: Use #pragma once. Use using instad of typedef. Put the typedef
for PlatformDisplayID inside the WebCore namespace. Removed the typedef for ColorProfile.
Renamed the functions that find a screen to just "screen".

* platform/graphics/DisplayRefreshMonitorClient.cpp:
(WebCore::DisplayRefreshMonitorClient::DisplayRefreshMonitorClient): Moved initialization
of booleans to the class definition.

* platform/graphics/DisplayRefreshMonitorClient.h: Use pragma once. Removed unneeded
forward declarations. Changed display ID data member to be an Optional instead of a boolean
paired with another data member.

* platform/graphics/GraphicsLayerUpdater.h: Use pragma once. Removed unneeded include of
PlatformScreen.h.

* platform/image-decoders/ImageDecoder.h: Use pragma once. Moved ColorProfile here from
PlatformScreen.h, since it's not used there. and is used here.

* platform/mac/PlatformEventFactoryMac.h: Use parma once. Changed reutrn type of the
globalPoint function to NSPoint. Tweaked comments and formatting a bit.

* platform/mac/PlatformEventFactoryMac.mm:
(WebCore::globalPoint): Changed return type to NSPoint and so removed the explicit
conversion to IntPoint.
(WebCore::globalPointForEvent): Changed return type to NSPoint.
(WebCore::PlatformMouseEventBuilder::PlatformMouseEventBuilder): Moved conversion to
IntPoint in here. Also got rid of special indenting style and just indented normally.
(WebCore::PlatformWheelEventBuilder::PlatformWheelEventBuilder): Ditto.
(WebCore::PlatformKeyboardEventBuilder::PlatformKeyboardEventBuilder): Ditto.

* platform/mac/PlatformScreenMac.mm:
(WebCore::displayID): Renamed from displayIDFromScreen and displayFromWidget since this
is C++ and we have overloading to determine the types of arguments. Added a null check
of the how dinwo pointer.
(WebCore::firstScreen): Added. Helper used below.
(WebCore::window): Added. Helper used below.
(WebCore::screen): Renamed from screenForWidget and screenFromWindow and removed the
unneeded window argument from the widget version.
(WebCore::screenDepth): Simplified, using new helpers.
(WebCore::screenDepthPerComponent): Ditto.
(WebCore::screenIsMonochrome): Tweaked comment.
(WebCore::screenHasInvertedColors): Ditto.
(WebCore::screenRect): Simplified using new elpers.
(WebCore::screenAvailableRect): Ditto.
(WebCore::screenSupportsExtendedColor): Streamlined using fewer local variables and
using auto for types of the results of adoptCF.
(WebCore::toUserSpace): Updated for function name changes.
(WebCore::toDeviceSpace): Ditto.

Source/WebKit/mac:

* WebView/WebFrame.mm:
(-[WebFrame _dragSourceEndedAt:operation:]): Updated to use the new version of
globalPoint, which returns an NSPoint.

Source/WebKit2:

* Shared/mac/WebEventFactory.mm:
(WebKit::screenForWindow): Deleted.
(WebKit::flipScreenPoint): Deleted.
(WebKit::globalPoint): Deleted.
(WebKit::globalPointForEvent): Use globalPoint function from WebCore so we don't need
copies of everything in here.

* UIProcess/Cocoa/WebViewImpl.mm:
(WebKit::WebViewImpl::windowDidChangeScreen): Removed unneeded type cast.
(WebKit::WebViewImpl::draggedImage): Added type cast since globalPoint now returns an
NSPoint rather than an IntPoint.

* UIProcess/WebPageProxy.h: Use pragma once. Add a WebCore prefix to a use of
PlatformDisplayID, since that is now inside the WebCore namespace.
* WebProcess/WebCoreSupport/WebChromeClient.h: Ditto.
* WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.h: Ditto.
* WebProcess/WebPage/DrawingArea.h: Ditto.
* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201441 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Purge PassRefPtr in Modules/battery
https://bugs.webkit.org/show_bug.cgi?id=157062

Reviewed by Darin Adler.

Use RefPtr<>& to reduce uses of PassRefPtr in WebKit.

Source/WebCore:

* Modules/battery/BatteryClient.h:
* Modules/battery/BatteryController.cpp:
(WebCore::BatteryController::BatteryController):
(WebCore::BatteryController::~BatteryController):
(WebCore::BatteryController::addListener):
(WebCore::BatteryController::removeListener):
(WebCore::BatteryController::updateBatteryStatus):
(WebCore::BatteryController::didChangeBatteryStatus):
(WebCore::provideBatteryTo):
* Modules/battery/BatteryController.h:
* Modules/battery/BatteryManager.cpp:
(WebCore::BatteryManager::didChangeBatteryStatus):
(WebCore::BatteryManager::updateBatteryStatus):
* Modules/battery/BatteryManager.h:
* Modules/battery/BatteryStatus.h:
* testing/Internals.cpp:
(WebCore::Internals::setBatteryStatus):

Source/WebKit2:

* WebProcess/Battery/WebBatteryManager.cpp:
(WebKit::WebBatteryManager::didChangeBatteryStatus):
(WebKit::WebBatteryManager::updateBatteryStatus):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::m_shouldDispatchFakeMouseMoveEvents):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201440 268f45cc-cd09-0410-ab3c-d52691b4dbfc

DOM mutation methods fail to re-check validity of node insertion after removing nodes from old parent
https://bugs.webkit.org/show_bug.cgi?id=81991
<rdar://problem/11120506>

Reviewed by Chris Dumez.

Add a test case for an old DOM mutation bug that was fixed long ago.

* fast/dom/circular-dom-tree-crash-expected.txt: Added.
* fast/dom/circular-dom-tree-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201439 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Uncaught Exception: TypeError: undefined is not an object (evaluating 'records[endIndex].endTime')
https://bugs.webkit.org/show_bug.cgi?id=158057

Reviewed by Timothy Hatcher.

* UserInterface/Views/TimelineRecordingContentView.js:
(WebInspector.TimelineRecordingContentView.prototype._updateTimelineViewTimes):
When the entire recording is selected, rendering frames should use the
record count as its end time instead of the recording's end time.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201438 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Marking js/function-apply.html as a flaky timeout on mac debug wk2
https://bugs.webkit.org/show_bug.cgi?id=158133

Unreviewed test gardening.

* platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201437 268f45cc-cd09-0410-ab3c-d52691b4dbfc

REGRESSION: JSBench spends a lot of time transitioning to/from dictionary
https://bugs.webkit.org/show_bug.cgi?id=158045

Reviewed by Saam Barati.

15% speedup on jsbench-amazon-firefox, possibly 5% speedup overall on jsbench.

This regression seems to have two parts:

(1) Transitioning the window object to/from dictionary is more expensive
than it used to be to because the window object has lots more properties.
The window object has more properties because, for WebIDL compatibility,
we reify DOM APIs as properties when you delete.

(2) DOM prototypes transition to/from dictionary upon creation
because, once again for WebIDL compatibility, we reify their static
APIs eagerly.

The solution is to chill out a bit on dictionary transitions.

* bytecode/ObjectPropertyConditionSet.cpp: Don't flatten a dictionary
if we've already done so before. This avoids pathological churn, and it
is our idiom in other places.

* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute): Do flatten the global object unconditionally
if it is an uncacheable dictionary because the global object is super
important.

* runtime/BatchedTransitionOptimizer.h:
(JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
(JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer): Deleted.
Don't transition away from dictionary after a batched set of property
puts because normal dictionaries are cacheable and that's a perfectly
fine state to be in -- and the transition is expensive.

* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init): Do start the global object out as a cacheable
dictionary because it will inevitably have enough properties to become
a dictionary.

* runtime/Operations.h:
(JSC::normalizePrototypeChain): Same as ObjectPropertyConditionSet.cpp.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201436 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Add WebKitAdditions extension point in HTMLMediaElement.
https://bugs.webkit.org/show_bug.cgi?id=158097

Reviewed by Eric Carlson.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::shouldOverrideBackgroundLoadingRestriction):
We need to load data in the background if playing to wireless playback target.
(WebCore::HTMLMediaElement::fullscreenModeChanged):
Moved from header file.
* html/HTMLMediaElement.h:

* platform/audio/PlatformMediaSession.cpp:
(WebCore::PlatformMediaSession::clientWillPausePlayback):
The code to start m_clientDataBufferingTimer is also in visibilityChanged().
Moved that code to PlatformMediaSession::scheduleClientDataBufferingCheck() and call
that method here.
(WebCore::PlatformMediaSession::visibilityChanged):
Call PlatformMediaSession::scheduleClientDataBufferingCheck().
(WebCore::PlatformMediaSession::scheduleClientDataBufferingCheck):
Start m_clientDataBufferingTimer if it's not already active.
(WebCore::PlatformMediaSession::shouldOverrideBackgroundLoadingRestriction):
Call the client.

* platform/audio/PlatformMediaSession.h:
(WebCore::PlatformMediaSessionClient::shouldOverrideBackgroundLoadingRestriction):

* platform/audio/PlatformMediaSessionManager.cpp:
(WebCore::PlatformMediaSessionManager::sessionCanLoadMedia):
Call the new PlatformMediaSession::shouldOverrideBackgroundLoadingRestriction().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201435 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed test fix after r201427.
https://bugs.webkit.org/show_bug.cgi?id=157423
<rdar://problem/23751632>

A debug assertion was firing during some test runs due to the Geolocation permission
being turned off during the test. The timer logic was originally written to assert
if the timer fired when permissions were disabled. But this is no longer valid,
because we expect the Geolocation system to be active and become deactivated if the
browsing context violates one of the security criteria.

* DumpRenderTree/mac/UIDelegate.mm:
(-[UIDelegate timerFired]): Remove invalid assertion.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201434 268f45cc-cd09-0410-ab3c-d52691b4dbfc

ScopedLambda should have a lifetime story that makes sense to the compiler
https://bugs.webkit.org/show_bug.cgi?id=158118

Reviewed by Mark Lam.
Source/WTF:

Prior to this change, there were two lifetime bugs in ScopedLambda:

- scopedLambda(Functor&&) would bind Functor to const lambda&, so the resulting ScopedLambdaFunctor
  would hold a reference to the original lambda. This would have surprising behavior; for example
  it meant that this code was wrong:

  auto l = scopedLambda<things>([&] ...);

  The solution is to have explicit copy/move versions of scopedLambda() rather than rely on perfect
  forwarding.

- ScopedLambdaFunctor did not override its copy or move operations, so if the compiler did not RVO
  scopedLambda(), it would return a ScopedLambdaFunctor whose m_arg points to a dead temporary
  ScopedLambdaFunctor instance. The solution is to have explicit copy/move constructors and
  operators, which preserve the invariant that ScopedLambda::m_arg points to this.

One nice side-effect of all of these constructors and operators being explicit is that we can rely
on WTFMove's excellent assertions, which helped catch the first issue.

This reverts ParkingLot to use ScopedLambda again.

* wtf/ParkingLot.cpp:
(WTF::ParkingLot::parkConditionallyImpl):
(WTF::ParkingLot::unparkOne):
(WTF::ParkingLot::unparkOneImpl):
* wtf/ParkingLot.h:
(WTF::ParkingLot::parkConditionally):
(WTF::ParkingLot::unparkOne):
* wtf/ScopedLambda.h:
(WTF::scopedLambda):

Tools:

Added a test case. This test crashes before the fix and now it passes.

* TestWebKitAPI/CMakeLists.txt:
* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WTF/ScopedLambda.cpp: Added.
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201433 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Use std::atomic<> rather than OSAtomicIncrement in CARingBuffer.cpp
https://bugs.webkit.org/show_bug.cgi?id=158129

Reviewed by Eric Carlson.

std::atomic is a more portable atomic primitive than OSAtomicIncrement.

* platform/audio/mac/CARingBuffer.cpp:
(WebCore::CARingBuffer::setCurrentFrameBounds):
(WebCore::CARingBuffer::getCurrentFrameBounds):
(WebCore::CARingBuffer::currentStartFrame):
(WebCore::CARingBuffer::currentEndFrame):
* platform/audio/mac/CARingBuffer.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201432 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Build fix

Rubber stamped by Lucas Forschler.

* DumpRenderTree/mac/Configurations/DebugRelease.xcconfig:
* WebKitTestRunner/Configurations/DebugRelease.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201431 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Build fix

Rubber stamped by Lucas Forschler.

* Configurations/DebugRelease.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201430 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Rebaseline bindings tests after r201428

Unreviewed test gardening.

* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::setJSTestObjReplaceableAttribute):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201429 268f45cc-cd09-0410-ab3c-d52691b4dbfc

replaceable own properties seem to ignore replacement after property caching
https://bugs.webkit.org/show_bug.cgi?id=158091

Reviewed by Darin Adler.

PerformanceTests:

* MallocBench/MallocBench.xcodeproj/project.pbxproj:
* MallocBench/MallocBench/Benchmark.cpp:
* MallocBench/MallocBench/Interpreter.cpp:
(Interpreter::doMallocOp):
* MallocBench/MallocBench/Interpreter.h:
* MallocBench/MallocBench/fastMallocLog.63316.ops: Added.
* MallocBench/MallocBench/jetstream.cpp: Added.
(benchmark_jetstream):
* MallocBench/MallocBench/jetstream.h: Added.

Source/JavaScriptCore:

* runtime/Lookup.h:
(JSC::replaceStaticPropertySlot): New helper function for replacing a
static property with a direct property. We need to do an attribute changed
transition because client code might have cached our static property.

Source/WebCore:

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation): Use our new replacement helper if we're replacing
an own static property with an own direct property. Because we advertise
that our own static properties are cacheable, we need to do a structure
transition to indicate when they change. (Only own properties need this
special treatment because JSC considers it normal to shadow a prototype
property with an own property.)

LayoutTests:

* js/cached-window-properties.html: Augmneted this test to enter cacheable
dictionary mode in order to demonstrate a bug that is not visible otherwise.

Factored out a helper test function.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201428 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Sites served over insecure connections should not be allowed to use geolocation.
https://bugs.webkit.org/show_bug.cgi?id=157423
<rdar://problem/23751632>

Patch by Pranjal Jumde <pjumde@apple.com> on 2016-05-26
Reviewed by Brent Fulgham.

Add missing test content from r201423.

* http/tests/security/resources/geolocation-over-insecure-content.html: Added.
* http/tests/security/resources/geolocation-over-mixed-content-block.html: Added.
* http/tests/security/resources/geolocation-over-mixed-content.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201427 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[Win] Update test expectation for imported blink test.
https://bugs.webkit.org/show_bug.cgi?id=158122

Patch by Per Arne Vollan <pvollan@apple.com> on 2016-05-26
Reviewed by Alex Christensen.

The crash on imported/blink/compositing/perspective-origin-overflow-hidden.html
was fixed in https://trac.webkit.org/changeset/192166.

* platform/win/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201426 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Release JSC test test-observegc.js.layout failing.
https://bugs.webkit.org/show_bug.cgi?id=158126

Unreviewed.

Move this test to a directory that is less... "special"

* fast/misc/resources/test-observegc.js: Renamed from LayoutTests/js/script-tests/test-observegc.js.
* fast/misc/test-observegc-expected.txt: Renamed from LayoutTests/js/test-observegc-expected.txt.
* fast/misc/test-observegc.html: Added.
* js/test-observegc.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201425 268f45cc-cd09-0410-ab3c-d52691b4dbfc

BitmapImage::checkForSolidColor() cleanup
https://bugs.webkit.org/show_bug.cgi?id=157750

Patch by Said Abou-Hallawa <sabouhallawa@apple,com> on 2016-05-26
Reviewed by Darin Adler.

Have a single implementation for BitmapImage::checkForSolidColor(). Create
a new function named NativeImage::solidColor() and call it from the former
one. The goal is to have the platform files contain only the platform dependent
code rather than repeating the platform independent code multiple times.

* platform/graphics/BitmapImage.cpp:
(WebCore::BitmapImage::destroyMetadataAndNotify): Invalidate m_solidColor.
(WebCore::BitmapImage::singlePixelSolidColor): Combine mayFillWithSolidColor(),
checkForSolidColor() and solidColor() in one function to guarantee the validity
of the returned value. Before, if solidColor() is called without calling
mayFillWithSolidColor() or checkForSolidColor(), the returned value would be
incorrect.

(WebCore::BitmapImage::dump): Use the m_solidColor Optional and Color states.
(WebCore::BitmapImage::mayFillWithSolidColor): Deleted.
(WebCore::BitmapImage::solidColor): Deleted.

* platform/graphics/BitmapImage.h: Delete m_checkedForSolidColor and
m_isSolidColor and change m_solidColor to be Optional<Color>.

* platform/graphics/Image.cpp:
(WebCore::Image::drawTiled): Use singlePixelSolidColor() and check the returned
value to know whether the singe pixel solid color optimization applies or not.

* platform/graphics/Image.h:
(WebCore::Image::singlePixelSolidColor):
(WebCore::Image::mayFillWithSolidColor): Deleted.
(WebCore::Image::solidColor): Deleted.
Replace mayFillWithSolidColor() and solidColor() with a single function named
singlePixelSolidColor(). isValid() of the returned Color can be used to tell
whether the singe pixel solid color optimization applies or not.

* platform/graphics/cairo/BitmapImageCairo.cpp:
(WebCore::NativeImage::singlePixelSolidColor):
(WebCore::BitmapImage::draw):
(WebCore::BitmapImage::checkForSolidColor): Deleted.
Delete the platform dependent BitmapImage::checkForSolidColor() and add
the new platform dependent function NativeImage::singlePixelSolidColor() and
use to know whether the singe pixel solid color optimization applies or not.

* platform/graphics/cg/BitmapImageCG.cpp:
(WebCore::NativeImage::singlePixelSolidColor):
(WebCore::BitmapImage::draw):
(WebCore::BitmapImage::checkForSolidColor): Deleted.
Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201424 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Sites served over insecure connections should not be allowed to use geolocation.
https://bugs.webkit.org/show_bug.cgi?id=157423
<rdar://problem/23751632>

Patch by Pranjal Jumde <pjumde@apple.com> on 2016-05-26
Reviewed by Brent Fulgham.

Source/WebCore:

Tests: http/tests/security/insecure-geolocation.html
       http/tests/security/mixedcontent-geolocation-block-insecure-content.html
       http/tests/security/mixedcontent-geolocation.html

* Modules/geolocation/Geolocation.cpp:
(WebCore::logError):
Logs an error to the console if geolocation is blocked.
(WebCore::Geolocation::startRequest):
Access to Geolocation will be blocked if site is not secure. An error will be logged when access to Geolocation is blocked.
(WebCore::Geolocation::shouldBlockGeolocationRequests)
Returns true if the access to geolocation should be blocked.
* Modules/geolocation/Geolocation.h:
* dom/SecurityContext.h:
(WebCore::SecurityContext::foundMixedContent):
Returns true if insecure content was accessed over secure connection.
(WebCore::SecurityContext::setFoundMixedContent):
Sets m_foundMixedContent to true if insecure content is accessed over secure connection.
(WebCore::SecurityContext::geolocationAccessed):
Returns true if geolocation was accessed
(WebCore::SecurityContext::setGeolocationAccessed):
Sets m_geolocationAccessed to true if geolocation was accessed.
* loader/MixedContentChecker.cpp:
(WebCore::MixedContentChecker::canDisplayInsecureContent):
Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.
(WebCore::MixedContentChecker::canRunInsecureContent):
Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.

LayoutTests:

* http/tests/security/geolocation-over-insecure-content.html: Added.
* http/tests/security/geolocation-over-mixed-content-block.html: Added.
* http/tests/security/geolocation-over-mixed-content.html: Added.
* http/tests/security/insecure-geolocation-expected.txt: Added.
* http/tests/security/insecure-geolocation.html: Added.
* http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt: Added.
* http/tests/security/mixedcontent-geolocation-block-insecure-content.html: Added.
* http/tests/security/mixedcontent-geolocation-expected.txt: Added.
* http/tests/security/mixedcontent-geolocation.html: Added.
* http/tests/security/sandboxed-iframe-geolocation-watchPosition.html:
  iframe is loaded over secure connection to avoid geolocation failures
* http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition.html:
  iframe is loaded over secure connection to avoid geolocation failures

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201423 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Implement internals.observeGC to get called back when a Javascript object is GC'ed.
https://bugs.webkit.org/show_bug.cgi?id=158093

Reviewed by Geoffrey Garen.

Source/WebCore:

Test: js/test-observegc.html

* CMakeLists.txt:
* DerivedSources.make:
* WebCore.xcodeproj/project.pbxproj:

* testing/GCObservation.cpp: Added.
(WebCore::GCObservation::GCObservation):
* testing/GCObservation.h: Added.
* testing/GCObservation.idl: Added.

* testing/Internals.cpp:
(WebCore::Internals::observeGC):
* testing/Internals.h:
* testing/Internals.idl:

LayoutTests:

* js/script-tests/test-observegc.js: Added.
* js/test-observegc-expected.txt: Added.
* js/test-observegc.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201422 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[Font Loading] Allow empty strings in FontFace constructor
https://bugs.webkit.org/show_bug.cgi?id=158112

Reviewed by Darin Adler.

Source/WebCore:

Other browsers accept empty strings and parse them as if they are omitted.
We should do the same. However, this is only true for the constructor. Setting
an attribute to an empty string should still throw an exception.

Test: fast/text/font-face-empty-string.html

* css/FontFace.cpp:
(WebCore::FontFace::create):
(WebCore::FontFace::setFamily):
(WebCore::FontFace::setStyle):
(WebCore::FontFace::setWeight):
(WebCore::FontFace::setUnicodeRange):
(WebCore::FontFace::setVariant):
(WebCore::FontFace::setFeatureSettings):

LayoutTests:

* fast/text/font-face-empty-string-expected.txt: Added.
* fast/text/font-face-empty-string.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201421 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebRTC: RTCSessionDescription: Make attributes readonly (and remove custom binding)
https://bugs.webkit.org/show_bug.cgi?id=157858

Reviewed by Eric Carlson.

Source/WebCore:

Align RTCSessionDescription type with WebRTC 1.0 specification [1].
- Make constructor dictionary member mandatory
- Align constructor dictionary argument (RTCSessionDescriptionInit) with [1]
- Use RTCSdpType enum for the type attribute
- Remove custom binding

[1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html

Updated existing test.

* CMakeLists.txt:
* Modules/mediastream/MediaEndpointPeerConnection.cpp:
(WebCore::MediaEndpointPeerConnection::createOfferTask):
* Modules/mediastream/RTCSessionDescription.cpp:
(WebCore::parseTypeString):
(WebCore::RTCSessionDescription::create):
(WebCore::RTCSessionDescription::RTCSessionDescription):
(WebCore::verifyType): Deleted.
(WebCore::RTCSessionDescription::setType): Deleted.
* Modules/mediastream/RTCSessionDescription.h:
(WebCore::RTCSessionDescription::type):
* Modules/mediastream/RTCSessionDescription.idl:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSRTCSessionDescriptionCustom.cpp: Removed.
(WebCore::constructJSRTCSessionDescription): Deleted.

LayoutTests:

* fast/mediastream/RTCSessionDescription-expected.txt:
* fast/mediastream/RTCSessionDescription.html:
Add tests for mandatory constructor dictionary argument and required 'type' member (also
check its value). Verify that attributes are read-only.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201420 268f45cc-cd09-0410-ab3c-d52691b4dbfc

NativeToJSValue is harcoding the $thisValue in some strings
https://bugs.webkit.org/show_bug.cgi?id=158113

Patch by Alejandro G. Castro <alex@igalia.com> on 2016-05-26
Reviewed by Darin Adler.

Replaced the string with the variable value.

Updated the tests results in the bindings.

* bindings/scripts/CodeGeneratorJS.pm:
(NativeToJSValue): Replaced the hardcoded string with the variable
value.
* bindings/scripts/test/JS/JSTestCallback.cpp:
(WebCore::JSTestCallback::callbackWithSerializedScriptValueParam):
* bindings/scripts/test/JS/JSTestCallbackFunction.cpp:
(WebCore::JSTestCallbackFunction::callbackWithSerializedScriptValueParam):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201419 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Small improvements to RenderBox/LayoutUnit casting in MathML
https://bugs.webkit.org/show_bug.cgi?id=157943

Patch by Frederic Wang <fwang@igalia.com> on 2016-05-26
Reviewed by Darin Adler.

This is a small follow-up of the RenderMathMLRow/RenderMathMLUnderOver/RenderMathMLFraction
refactoring. Since these MathML renderers can only contain other MathML renderers, we can
just considerer RenderBox children and avoid unnecessary casts. Similarly, when the two
arguments of std::max are LayoutUnit's, we do not need to specialize to std::max<LayoutUnit>.

No new tests, behavior is not changed.

* rendering/mathml/RenderMathMLFraction.cpp:
(WebCore::RenderMathMLFraction::layoutBlock): Do not to specialize to std::max<LayoutUnit>.
* rendering/mathml/RenderMathMLRow.cpp:
(WebCore::RenderMathMLRow::updateOperatorProperties): Browse the list of RenderBox children
and use auto*.
(WebCore::RenderMathMLRow::computeLineVerticalStretch): Do not to specialize to std::max<LayoutUnit>.
* rendering/mathml/RenderMathMLUnderOver.cpp:
(WebCore::RenderMathMLUnderOver::unembellishedOperator): Get the RenderBox child and use auto*.
(WebCore::RenderMathMLUnderOver::computeOperatorsHorizontalStretch): Browse the list of
RenderBox children, use auto* and remove unnecessary casts. Do not to specialize to
std::max<LayoutUnit>.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201418 268f45cc-cd09-0410-ab3c-d52691b4dbfc

AX: crash at AccessibilityRenderObject::remoteSVGRootElement const
https://bugs.webkit.org/show_bug.cgi?id=158098

Reviewed by Joanmarie Diggs.

What looks like happens here is that when a document is torn down and we try to detach, we end up creating an accessibility element during detachment phase.
So instead of just clearing the callback pointer on an existing AXObject, we make a new object and access properties of an object being deallocated.

I tried very hard to make a test but it looks like this can really only be triggered during document tear down which also tears down the AXObjectCache. I didn't
have luck reproducing because of that.

* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::remoteSVGElementHitTest):
(WebCore::AccessibilityRenderObject::isSVGImage):
(WebCore::AccessibilityRenderObject::detachRemoteSVGRoot):
(WebCore::AccessibilityRenderObject::remoteSVGRootElement):
(WebCore::AccessibilityRenderObject::addRemoteSVGChildren):
* accessibility/AccessibilityRenderObject.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201417 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Invalidate style for newly added nodes in Node::insertedInto
https://bugs.webkit.org/show_bug.cgi?id=158088

Reviewed by Darin Adler.

* dom/ContainerNode.cpp:
(WebCore::ContainerNode::parserInsertBefore):
(WebCore::ContainerNode::replaceChild):
(WebCore::ContainerNode::parserAppendChild):
(WebCore::ContainerNode::childrenChanged):
(WebCore::ContainerNode::updateTreeAfterInsertion):
* dom/Node.cpp:
(WebCore::Node::insertedInto):

Consolidate setNeedsStyleRecalc(ReconstructRenderTree) here.

This also now happens earliest possible time, right after inserting the node and can avoid
some unneeded style invalidation work in subclass insertion handlers.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201416 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Fix ResourceTiming multiple entries per resource and test initiator
https://bugs.webkit.org/show_bug.cgi?id=158094

Reviewed by Alex Christensen.

Make sure that CachedResource that was needed by two different elements only adds one entry, with the right (first) initiatorType.

Source/WebCore:

Tests: http/tests/performance/performance-resource-timing-initiator-css.html
       http/tests/performance/performance-resource-timing-initiator-no-override.html

* loader/ResourceTimingInformation.cpp:
(WebCore::ResourceTimingInformation::addResourceTiming): Don't remove CachedResource when entry is added, but
mark it as added. Only add new entries for non-added resources.
(WebCore::ResourceTimingInformation::storeResourceTimingInitiatorInformation): Initialize initiator info as NotYetAdded.
* loader/ResourceTimingInformation.h:

LayoutTests:

* http/tests/performance/performance-resource-timing-initiator-css.html: Added. Makes sure css has the right initiator type.
* http/tests/performance/performance-resource-timing-initiator-css-expected.txt: Added.
* http/tests/performance/performance-resource-timing-initiator-no-override.html: Added. Makes sure that only one entry is added and
that its initiator info doesn't get overriden.
* http/tests/performance/performance-resource-timing-initiator-no-override-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201415 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Fix ResourceTiming XHR flakiness
https://bugs.webkit.org/show_bug.cgi?id=158019

Reviewed by Alex Christensen.

Source/WebCore:

Remove XHR specific ResourceTiming information store and addition as it is not needed.

Test: http/tests/performance/performance-resource-timing-xhr-single-entry.html

* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::loadRequest): Removed XHR-specific initiator info storage.
(WebCore::DocumentThreadableLoader::didFinishLoading): Removed XHR-specific RT entry addition.
* loader/DocumentThreadableLoader.h:

LayoutTests:

Test fixes and additions that make sure XHR tests are not run as part of XHR's onload event, as ResourceTiming entries are added
after it.

* TestExpectations:
* http/tests/performance/performance-resource-timing-cached-entries.html: Avoid running the tests as part of the XHR's load event.
* http/tests/performance/performance-resource-timing-xhr-single-entry-expected.txt: Added.
* http/tests/performance/performance-resource-timing-xhr-single-entry.html: Test that XHR fetch adds a single entry with correct initiatorType.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201414 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[cmake] Deduplicate make-js-file-arrays usage and make it work on Windows.
https://bugs.webkit.org/show_bug.cgi?id=157997

Reviewed by Alex Christensen.

.:

* Source/cmake/WebKitMacros.cmake: Added MAKE_JS_FILE_ARRAYS macro.

Source/WebCore:

No new tests needed.

* CMakeLists.txt: Use new MAKE_JS_FILE_ARRAYS macro.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201413 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[JSC] RegExp with deeply nested subexpressions overflow the stack in Yarr
https://bugs.webkit.org/show_bug.cgi?id=158011
rdar://problem/25946592

Reviewed by Saam Barati.

Source/JavaScriptCore:

When generating the meta-data required for compilation,
Yarr uses a recursive function over the various expression in the pattern.

If you have many nested expressions, you can run out of stack
and crash the WebProcess.
This patch changes that into a soft failure. The expression is just
considered invalid.

* runtime/RegExp.cpp:
(JSC::RegExp::finishCreation):
(JSC::RegExp::compile):
(JSC::RegExp::compileMatchOnly):
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
(JSC::Yarr::YarrPatternConstructor::setupOffsets):
(JSC::Yarr::YarrPatternConstructor::isSafeToRecurse):
(JSC::Yarr::YarrPattern::compile):
(JSC::Yarr::YarrPattern::YarrPattern):
(JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets): Deleted.
(JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets): Deleted.
* yarr/YarrPattern.h:

LayoutTests:

* js/script-tests/stack-overflow-arrity-catch.js:
With the new failure, this test can fail on allocating
the RegExp for a valid reason.

The new expression should not have this issue.
* js/script-tests/stack-overflow-regexp.js: Added.
(shouldThrow.recursiveCall):
(shouldThrow):
(recursiveCall):
* js/stack-overflow-regexp-expected.txt: Added.
* js/stack-overflow-regexp.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201412 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Marking imported/blink/http/tests/plugins/get-url-notify-on-removal.html as a flaky timeout
https://bugs.webkit.org/show_bug.cgi?id=158101

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201411 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Use HashMap::add() instead of HashMap::set() in Node::ensureEventTargetData()
https://bugs.webkit.org/show_bug.cgi?id=158092

Reviewed by Ryosuke Niwa.

Use HashMap::add() instead of HashMap::set() in Node::ensureEventTargetData()
as we already checked that the key is not present in the HashMap.

* dom/Node.cpp:
(WebCore::Node::ensureEventTargetData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201410 268f45cc-cd09-0410-ab3c-d52691b4dbfc

REGRESSION (r191531): Web Inspector: WebSQL databases are no longer shown when first opening Web Inspector
https://bugs.webkit.org/show_bug.cgi?id=158096
<rdar://problem/26454671>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-25
Reviewed by Brian Burg.

* inspector/InspectorInstrumentation.h:
(WebCore::InspectorInstrumentation::didOpenDatabase):
Remove the fast return errantly added in r191531. InspectorDatabaseAgent
wants to track databases, even before a frontend may be open, so that
on first open it can inform the frontend about open databases.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201409 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Web Inspector: Uncaught Exception: TypeError: undefined is not an object (evaluating 'collectionData.affectedSnapshots')
https://bugs.webkit.org/show_bug.cgi?id=158051

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-25
Reviewed by Brian Burg.

* UserInterface/Workers/HeapSnapshot/HeapSnapshot.js:
(HeapSnapshot.prototype.updateDeadNodesAndGatherCollectionData):
* UserInterface/Workers/HeapSnapshot/HeapSnapshotWorker.js:
(HeapSnapshotWorker.prototype.createSnapshot):
If by the time the timeout fires we had cleared our snapshot list, then
updateDeadNodesAndGatherCollectionData could bail. Handle gracefully.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201408 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Setting overflow:hidden does not always repaint clipped content.
https://bugs.webkit.org/show_bug.cgi?id=116994
rdar://problem/26476697

Issue repaint for both layout and visual overflow rects when the container starts
clipping overflow content.

Reviewed by David Hyatt.

Source/WebCore:

Test: fast/repaint/overflow-hidden-repaint.html

* rendering/RenderBox.cpp:
(WebCore::RenderBox::updateFromStyle):

LayoutTests:

* fast/repaint/overflow-hidden-repaint-expected.html: Added.
* fast/repaint/overflow-hidden-repaint.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201407 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Get rid of WTF/Functional.h
https://bugs.webkit.org/show_bug.cgi?id=158081

Reviewed by Chris Dumez.

Source/WebCore:

* Modules/mediastream/MediaStreamTrack.cpp:

Source/WTF:

This is no longer used, and removing it will free up the name for a new Functional.h implementation.

* WTF.xcodeproj/project.pbxproj:
* wtf/Functional.h: Removed.
(WTF::RefAndDeref::ref): Deleted.
(WTF::RefAndDeref::deref): Deleted.
(WTF::ParamStorageTraits::wrap): Deleted.
(WTF::ParamStorageTraits::unwrap): Deleted.
(WTF::ParamStorageTraits<PassRefPtr<T>>::wrap): Deleted.
(WTF::ParamStorageTraits<PassRefPtr<T>>::unwrap): Deleted.
(WTF::ParamStorageTraits<RefPtr<T>>::wrap): Deleted.
(WTF::ParamStorageTraits<RefPtr<T>>::unwrap): Deleted.
(WTF::ParamStorageTraits<RetainPtr<T>>::wrap): Deleted.
(WTF::ParamStorageTraits<RetainPtr<T>>::unwrap): Deleted.
(WTF::FunctionImplBase::~FunctionImplBase): Deleted.
(WTF::FunctionBase::isNull): Deleted.
(WTF::FunctionBase::FunctionBase): Deleted.
(WTF::FunctionBase::impl): Deleted.
(WTF::bind): Deleted.
* wtf/mac/DeprecatedSymbolsUsedBySafari.mm:

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WTF/Functional.cpp: Removed.
(TestWebKitAPI::returnFortyTwo): Deleted.
(TestWebKitAPI::TEST): Deleted.
(TestWebKitAPI::multiplyByTwo): Deleted.
(TestWebKitAPI::multiplyByOneAndAHalf): Deleted.
(TestWebKitAPI::multiply): Deleted.
(TestWebKitAPI::subtract): Deleted.
(TestWebKitAPI::A::A): Deleted.
(TestWebKitAPI::A::f): Deleted.
(TestWebKitAPI::A::addF): Deleted.
(TestWebKitAPI::B::B): Deleted.
(TestWebKitAPI::B::~B): Deleted.
(TestWebKitAPI::B::ref): Deleted.
(TestWebKitAPI::B::deref): Deleted.
(TestWebKitAPI::B::f): Deleted.
(TestWebKitAPI::B::g): Deleted.
(TestWebKitAPI::Number::create): Deleted.
(TestWebKitAPI::Number::~Number): Deleted.
(TestWebKitAPI::Number::value): Deleted.
(TestWebKitAPI::Number::Number): Deleted.
(TestWebKitAPI::multiplyNumberByTwo): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201406 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Flashiness and jumpiness when entering fullscreen
https://bugs.webkit.org/show_bug.cgi?id=158087

Reviewed by Beth Dakin.

Multiple independant sources of jumpiness and flashiness are addressed here:

- Setting the top content inset on the WKView cause a vertical jump during fullscreen
transition. Instead of setting the content inset to 0, take the existing inset into account
when placing the WKView in the NSWindow.

- The enter fullscreen transition causes a white flash due to the NSWindow needing
display before ordering onscreen. Ensure the window has a backing by calling -displayIfNeeded
before entering fullscreen mode.

- The exit fullscreen transition causes a white background color flash for an unknown
reason, but is solved by not making the window's content view layer-backed. Rather than
directly animating the contentView's background color, create a specific background view
and animate it's background color instead.

* UIProcess/mac/WKFullScreenWindowController.h:
* UIProcess/mac/WKFullScreenWindowController.mm:
(-[WKFullScreenWindowController initWithWindow:webView:page:]):
(-[WKFullScreenWindowController enterFullScreen:]):
(-[WKFullScreenWindowController finishedEnterFullScreenAnimation:]):
(-[WKFullScreenWindowController finishedExitFullScreenAnimation:]):
(-[WKFullScreenWindowController _startEnterFullScreenAnimationWithDuration:]):
(-[WKFullScreenWindowController _startExitFullScreenAnimationWithDuration:]):
* WebProcess/FullScreen/WebFullScreenManager.cpp:
(WebKit::WebFullScreenManager::saveScrollPosition): Deleted.
(WebKit::WebFullScreenManager::restoreScrollPosition): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201405 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[WebSockets] No infrastructure for testing secure web sockets (wss)
https://bugs.webkit.org/show_bug.cgi?id=157884
<rdar://problem/26477197>

Reviewed by Andy Estes.

Source/WebCore:

Add a new test-only flag used to tell CFNetwork that we do not wish to
validate the SLL certificate chain. This allows us to use self-signed
certificates in test cases.

Tests: http/tests/websocket/tests/hybi/simple-wss.html

* page/Settings.cpp:
(WebCore::Settings::setAllowsAnySSLCertificate): Added.
(WebCore::Settings::allowsAnySSLCertificate): Added. This defaults
to False.
* page/Settings.h:
* platform/network/cf/SocketStreamHandleCFNet.cpp:
(WebCore::SocketStreamHandle::createStreams): When running under our
testing infrastructure, do not require full certificate validation.
* testing/js/WebCoreTestSupport.cpp:
(WebCoreTestSupport::setAllowsAnySSLCertificate): Added.
* testing/js/WebCoreTestSupport.h:
* testing/InternalSettings.cpp:
(WebCore::InternalSettings::setAllowsAnySSLCertificate): Added.
* testing/InternalSettings.h:

Tools:

Add support to webkitpy to start and stop a secure Web Socket server running on port 9323
using the certificate, private-key from file LayoutTests/http/conf/webkit-httpd.pem. Also
teaches run-webkit-httpd to start and stop the Web Socket servers.

Modify DumpRenderTree and WebKitTestRunner to understand a new testRunner method,
'setAllowsAnySSLCertificate', which allows us to use the same self-signed test certificate
we do for our HTTPS tests.

* DumpRenderTree/TestRunner.cpp:
(setAllowsAnySSLCertificateCallback):
(TestRunner::setAllowsAnySSLCertificate):
* DumpRenderTree/TestRunner.h:
* DumpRenderTree/mac/DumpRenderTree.mm:
(resetWebViewToConsistentStateBeforeTesting): Make sure we turn off the new flag between tests.
* Scripts/run-webkit-httpd:
(main): Start the websocket server at launch.
* Scripts/webkitpy/layout_tests/controllers/manager.py:
(Manager.__init__): Remove dead code.
* Scripts/webkitpy/layout_tests/servers/websocket_server.py:
(PyWebSocket.__init__): Cleanup code.
(PyWebSocket): Pass '--tls-client-ca' to start command.
(PyWebSocket._prepare_config): Cleanups.
* Scripts/webkitpy/port/base.py:
(Port.to.start_http_server):
(Port.to):
(Port.to._extract_certificate_from_pem): Added.
(Port.to._extract_private_key_from_pem): Added.
(Port.to.start_websocket_server): Start secure socket server.
(Port.to.stop_websocket_server): Stop secure socket server.
* WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl: Add new API.
* WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
(WTR::InjectedBundle::setAllowsAnySSLCertificate): Added.
* WebKitTestRunner/InjectedBundle/InjectedBundle.h:
* WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::setAllowsAnySSLCertificate): Added.
* WebKitTestRunner/InjectedBundle/TestRunner.h:

LayoutTests:

* http/tests/websocket/tests/hybi/simple-wss-expected.txt: Added.
* http/tests/websocket/tests/hybi/simple-wss.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201404 268f45cc-cd09-0410-ab3c-d52691b4dbfc

CRASH at WebCore::WebPlaybackSessionModelMediaElement::selectAudioMediaOption() + 104
https://bugs.webkit.org/show_bug.cgi?id=158090
<rdar://problem/26388936>

Reviewed by Eric Carlson.

Null-check m_mediaElement before using.

* platform/cocoa/WebPlaybackSessionModelMediaElement.mm:
(WebPlaybackSessionModelMediaElement::selectAudioMediaOption):
(WebPlaybackSessionModelMediaElement::selectLegibleMediaOption):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201403 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Race condition calling back to an IDBOpenDBRequest during WorkerThread shutdown.
https://bugs.webkit.org/show_bug.cgi?id=158089

Reviewed by Alex Christensen.

No new tests (Only seen randomly under GuardMalloc).

Crash was seen once running under GuardMalloc. The error is obvious.

* Modules/indexeddb/client/IDBConnectionProxy.cpp:
(WebCore::IDBClient::IDBConnectionProxy::completeOpenDBRequest): Don't get a raw pointer out of the map.
  Instead store off as a RefPtr, as the map might be cleared out from the worker thread.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201402 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Simplify and inline minimumValueForLength()
https://bugs.webkit.org/show_bug.cgi?id=158084

Reviewed by Zalan Bujtas.

Simplify and inline minimumValueForLength(). Based on iOS PLT profiles,
we spend up to 0.7% of CPU time during page loads in this function.

The roundPercentages parameter has been dropped because it was false
for all call sites.

* css/LengthFunctions.cpp:
(WebCore::minimumIntValueForLength): Deleted.
(WebCore::minimumValueForLength): Deleted.
* css/LengthFunctions.h:
(WebCore::minimumValueForLength):
(WebCore::minimumIntValueForLength):
* rendering/RenderBoxModelObject.cpp:
(WebCore::resolveEdgeRelativeLength):
(WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):
* rendering/RenderElement.h:
(WebCore::RenderElement::minimumValueForLength):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201401 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Marking http/tests/css/shared-stylesheet-mutation.html as flaky
https://bugs.webkit.org/show_bug.cgi?id=158085

Unreviewed test gardening.

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201400 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[css-grid] Update <fixed-size> syntax
https://bugs.webkit.org/show_bug.cgi?id=158063

Reviewed by Darin Adler.

Source/WebCore:

The syntax for <fixed-size> has been updated on the spec:
https://drafts.csswg.org/css-grid/#typedef-fixed-size

New syntax is:
  <fixed-size> =
    <fixed-breadth> |
    minmax( <fixed-breadth> , <track-breadth> ) |
    minmax( <inflexible-breadth> , <fixed-breadth> )

This means that it's enough to have one <fixed-breadth>,
it doesn't matter if it's as minimum or maximum.
Before it was required that the minimum was fixed.

* css/CSSParser.cpp:
(WebCore::isGridTrackFixedSized):
* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeAutoRepeatTracksCount):

LayoutTests:

Updated test to check the new expected behavior.

* fast/css-grid-layout/grid-element-auto-repeat-get-set-expected.txt:
* fast/css-grid-layout/grid-element-auto-repeat-get-set.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201399 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Fix CMake build.

* PlatformMac.cmake:
Source/WebCore:

c++14 is needed since r201255.
ColorSync (in ApplicationServices) is needed since r201065.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201398 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Swap search field's cancel and result button for RTL content.
https://bugs.webkit.org/show_bug.cgi?id=158007

Reviewed by Dean Jackson.

Source/WebCore:

Test: fast/forms/search-input-rtl.html

* css/html.css:
(input[type="search"]::-webkit-textfield-decoration-container): Deleted.
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::paintSearchFieldCancelButton):
(WebCore::RenderThemeMac::paintSearchFieldResultsButton):

LayoutTests:

* fast/forms/resources/common.js:
(searchCancelButtonPositionRTL):
(searchCancelButtonPosition):
* fast/forms/search-input-rtl.html: Added.
* fast/forms/search-rtl.html:
* platform/ios-simulator-wk2/fast/forms/search-rtl-expected.txt:
* platform/ios-simulator/fast/css/text-overflow-input-expected.txt:
* platform/ios-simulator/fast/forms/search-input-rtl-expected.txt: Added.
* platform/mac/fast/css/text-overflow-input-expected.txt:
* platform/mac/fast/forms/placeholder-position-expected.txt:
* platform/mac/fast/forms/search-input-rtl-expected.png: Added.
* platform/mac/fast/forms/search-input-rtl-expected.txt: Added.
* platform/mac/fast/forms/search-rtl-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201397 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[css-grid] Turn on ENABLE_CSS_GRID_LAYOUT by default
https://bugs.webkit.org/show_bug.cgi?id=158060

Reviewed by Darin Adler.

The runtime flag is disabled by default,
but we want to build CSS Grid Layout by default.
Otherwise the runtime flag would be useless.

* Source/cmake/WebKitFeatures.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201396 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Simplify a few lambda captures in the network cache code
https://bugs.webkit.org/show_bug.cgi?id=158076

Reviewed by Antti Koivisto.

Simplify a few lambda captures in the network cache code by WTFMoving
upon capture.

* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:
(WebKit::NetworkCache::SpeculativeLoadManager::retrieve):
(WebKit::NetworkCache::SpeculativeLoadManager::retrieveEntryFromStorage):
(WebKit::NetworkCache::SpeculativeLoadManager::retrieveSubresourcesEntry):
* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.h:
* NetworkProcess/cache/NetworkCacheStatistics.cpp:
(WebKit::NetworkCache::Statistics::bootstrapFromNetworkCache):
(WebKit::NetworkCache::Statistics::recordNotUsingCacheForRequest):
(WebKit::NetworkCache::Statistics::recordRetrievalFailure):
(WebKit::NetworkCache::Statistics::writeTimerFired):
(WebKit::NetworkCache::Statistics::addHashesToDatabase):
(WebKit::NetworkCache::Statistics::addStoreDecisionsToDatabase):
* NetworkProcess/cache/NetworkCacheStatistics.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201395 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[Font Loading] ASSERT if calling FontFace.loaded twice with a garbage collection between them
https://bugs.webkit.org/show_bug.cgi?id=158015

Reviewed by Darin Adler.

Source/WebCore:

The following scenario may occur:

1. We create a FontFace object
2. We create an associated JSFontFace object
3. We start loading the FontFace, which causes an extra ref to hang around until loading finishes
4. Javascript calls the "loaded" attribute on the FontFace, which saves a promise inside the FontFace
5. The FontFace goes out of scope in Javascript
6. A garbage collection occurs, causing us to delete the JSFontFace object
7. Javascript then encounters the FontFace object without first going through a reference to a JSFontFace.
It can do this via iterating through a FontFaceSet. We respond to this situation by creating a new
JSFontFace object and associating it with the existing FontFace.
8. Javascript calls the "loaded" attribute

In this situation, the newer JSFontFace object is out of sync with the older FontFace object. In
particular, the FontFace has a saved promise, but the JSFontFace doesn't know about it. Therefore,
the JSFontFace should be flexible to the presence of this member.

Test: fast/text/font-face-crash-2.html

* bindings/js/JSDOMPromise.h:
(WebCore::DOMPromise::deferredWrapper):
* bindings/js/JSFontFaceCustom.cpp:
(WebCore::JSFontFace::loaded):
* css/FontFace.h:

LayoutTests:

* fast/text/font-face-crash-2-expected.txt: Added.
* fast/text/font-face-crash-2.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201394 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore:
Shadow DOM: RenderTreePosition miscomputed when display:contents value changes
https://bugs.webkit.org/show_bug.cgi?id=158072
rdar://problem/25766333

Reviewed by Darin Adler.

Test: fast/shadow-dom/slot-crash.html

* style/RenderTreePosition.h:
(WebCore::RenderTreePosition::invalidateNextSibling):

    Add unconditional invalidation function.

* style/RenderTreeUpdater.cpp:
(WebCore::RenderTreeUpdater::updateElementRenderer):

    With display:contents rendering siblings may be found from the subtree and the existing cached
    position may become invalid.
    If the display:contents value changes invalidate the current render tree position.

LayoutTests:
Shadow DOM: RenderTreePosition should determine if element has display:contents from new style
https://bugs.webkit.org/show_bug.cgi?id=158072

Reviewed by Darin Adler.

* fast/shadow-dom/slot-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201393 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Fix Win64 build after r201335
https://bugs.webkit.org/show_bug.cgi?id=158078

Reviewed by Mark Lam.

* offlineasm/x86.rb:
Add intel implementations for loadbs and loadhs

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201392 268f45cc-cd09-0410-ab3c-d52691b4dbfc

run-jsc-benchmarks should use the new JSBench rather than look for it in the config file.
https://bugs.webkit.org/show_bug.cgi?id=158077

Reviewed by Mark Lam.

Since we didn't have JSBench in the tree before we needed to lookup the path to it from
benchmark config file. That's no longer the case so we should just fix it in the script.

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201391 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modern IDB: IDB objects from a worker thread might be destroyed on the main thread.
https://bugs.webkit.org/show_bug.cgi?id=158004

Reviewed by Alex Christensen.

No new tests (Spuriously reproduces on the bots, but I've been unable to construct a reliable test).

* Modules/indexeddb/client/IDBConnectionProxy.cpp:
(WebCore::IDBClient::IDBConnectionProxy::completeOpenDBRequest):
(WebCore::IDBClient::IDBConnectionProxy::notifyOpenDBRequestBlocked):
(WebCore::IDBClient::IDBConnectionProxy::didCommitTransaction):
(WebCore::IDBClient::IDBConnectionProxy::didAbortTransaction):
(WebCore::IDBClient::IDBConnectionProxy::unregisterDatabaseConnection):
(WebCore::IDBClient::removeItemsMatchingCurrentThread):
(WebCore::IDBClient::IDBConnectionProxy::forgetActivityForCurrentThread): Clear out all objects that originated on this thread.
(WebCore::IDBClient::IDBConnectionProxy::takeIDBOpenDBRequest): Deleted.
* Modules/indexeddb/client/IDBConnectionProxy.h:

* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::stopIndexedDatabase):
* workers/WorkerGlobalScope.h:

* workers/WorkerThread.cpp:
(WebCore::WorkerThread::stop):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201390 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201389 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Remove unused slotBase parameter in bindings generator
https://bugs.webkit.org/show_bug.cgi?id=158068

Patch by Nael Ouedraogo <nael.ouedraogo@crf.canon.fr> on 2016-05-25
Reviewed by Darin Adler.

Remove unused slotBase parameter from attribute Getter functions.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestNondeterministic.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
* bindings/scripts/test/JS/JSattribute.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201387 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Include fewer headers from headers
https://bugs.webkit.org/show_bug.cgi?id=158043

Patch by Alex Christensen <achristensen@webkit.org> on 2016-05-25
Reviewed by Brady Eidson.

* platform/graphics/GraphicsContext.h:
* rendering/svg/RenderSVGResourceClipper.h:
(isType):
* rendering/svg/RenderSVGResourceMasker.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201386 268f45cc-cd09-0410-ab3c-d52691b4dbfc

ASSERT in WebCore::TextTrackList::remove when running media/track/track-remove-track.html
https://bugs.webkit.org/show_bug.cgi?id=158071
<rdar://problem/26432041>

Reviewed by Chris Dumez.

No new tests, this prevents media/track/track-remove-track.html from crashing.

* html/track/TextTrackList.cpp:
(TextTrackList::remove): Don't assert when the media element has  been set to null.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201385 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Addressing post-review comments on r200971.

Reviewed by Darin Adler.

* page/EventHandler.cpp:
(WebCore::EventHandler::hitTestResultAtPoint):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201384 268f45cc-cd09-0410-ab3c-d52691b4dbfc

REGRESSION(r201066): [GTK] Several intl tests started to fail in GTK+ bot after r201066
https://bugs.webkit.org/show_bug.cgi?id=158066

Reviewed by Darin Adler.

run-javascriptcore-tests does $ENV{LANG}="en_US.UTF-8"; but we are not actually honoring the environment
variables at all when using jsc binary. We are using setlocale() with a nullptr locale to get the current one, but
the current one is always "C", because to set the locale according to the environment variables we need to call
setlocale with an empty string as locale. That's done by gtk_init(), which is called by all our binaries (web
process, network process, etc.), but not by jsc (because jsc doesn't depend on GTK+). The reason why it has
always worked for EFL is because they call ecore_init() in jsc that calls setlocale.

* jsc.cpp:
(main): Call setlocale(LC_ALL, "") on GTK+.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201383 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[css-grid] Simplify grid track sizes parsing
https://bugs.webkit.org/show_bug.cgi?id=158021

Reviewed by Sergio Villar Senin.

Previously once we saw an auto-repeat function,
we passed the "FixedSizeOnly" restriction to the rest of methods.
That way we were sure that all the tracks after the auto-repeat
had fixed sizes.
But we needed to call allTracksAreFixedSized() to be sure that
the tracks before the auto-repeat had fixed sizes too.

Now we're introducing a new boolean |allTracksAreFixedSized|,
to check in advance if the declaration contains any track not fixed.
If that's the case and we found an auto-repeat method,
we consider it invalid.
With this approach we avoid the loop to verify
that all the tracks (before and after the auto-repeat) are fixed.
It also allows us to simplify the code and avoid passing
the restriction to all the methods parsing the track size.

No new tests, no change of behavior.

* css/CSSParser.cpp:
(WebCore::isGridTrackFixedSized): New method to check if a grid track
size is fixed or not (based on old allTracksAreFixedSized()).
(WebCore::CSSParser::parseGridTrackList): Add new boolean to detect
if any track has not a fixed size.
(WebCore::CSSParser::parseGridTrackRepeatFunction): Ditto.
(WebCore::CSSParser::parseGridTrackSize): Remove usage of
TrackSizeRestriction enum.
Check here if |minTrackBreadth| is a flexible size.
(WebCore::CSSParser::parseGridBreadth): Remove usage of
TrackSizeRestriction enum.
(WebCore::allTracksAreFixedSized): Deleted.
* css/CSSParser.h: Remove TrackSizeRestriction enum and update headers.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201382 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[Unix] Potential buffer overrun of m_fileDescriptors in readBytesFromSocket of ConnectionUnix.cpp
https://bugs.webkit.org/show_bug.cgi?id=158058

Patch by Fujii Hironori <Hironori.Fujii@sony.com> on 2016-05-25
Reviewed by Carlos Garcia Campos.

Memcpy does not check the boundary of m_fileDescriptors in
readBytesFromSocket of ConnectionUnix.cpp.  This is not a problem
in normal cases, but in the case when Web process is hijacked and
malicious IPC packets were sent.  WTF::Vector already has two
members m_capacity and m_size.  There is no need to have a
separate member m_fileDescriptorsSize to remember the number of
remaining data.

* Platform/IPC/Connection.h: Remove members m_readBufferSize and
m_fileDescriptorsSize.
* Platform/IPC/unix/ConnectionUnix.cpp:
(IPC::Connection::platformInitialize): Removed initialization of
m_readBufferSize and m_fileDescriptorsSize.  Reserve initial
capacity for m_readBuffer and m_fileDescriptors.
(IPC::Connection::processMessage): Replace m_readBufferSize and
m_fileDescriptorsSize with m_readBuffer.size() and
m_fileDescriptors.size().  Use Vector::shrink() to reset the
number of remaining data in the buffers.
(IPC::readBytesFromSocket) : Change argument types to WTF::Vector
instead of pointers and sizes.
(IPC::Connection::readyReadHandler): Call new readBytesFromSocket

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201381 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[ARM] Fix the Wcast-align warning in LinkBuffer.cpp
https://bugs.webkit.org/show_bug.cgi?id=157889

Reviewed by Darin Adler.

* assembler/LinkBuffer.cpp:
(JSC::recordLinkOffsets):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201380 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[css-grid] Refactor populateGridPositions()
https://bugs.webkit.org/show_bug.cgi?id=158065

Reviewed by Carlos Garcia Campos.

RenderGrid::populateGridPositions() was doing exactly the same thing for columns and rows
but using different data structures. That lead to a lot of duplicated code. It's easy to
refactor it in a new function that properly select the data structures to operate on based
on the direction.

No new tests as there is no change in behaviour.

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::layoutGridItems):
(WebCore::RenderGrid::populateGridPositionsForDirection): Refactored from
populateGridPositions().
(WebCore::RenderGrid::populateGridPositions): Deleted.
* rendering/RenderGrid.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201379 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed, rolling out r201373.
https://bugs.webkit.org/show_bug.cgi?id=158064

Several tests are hitting the ASSERT (Requested by rego on
#webkit).

Reverted changeset:

"[css-grid] Simplify grid track sizes parsing"
https://bugs.webkit.org/show_bug.cgi?id=158021
http://trac.webkit.org/changeset/201373

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201378 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Purge PassRefPtr from TouchList
https://bugs.webkit.org/show_bug.cgi?id=157985

Patch by Nael Ouedraogo <nael.ouedraogo@crf.canon.fr> on 2016-05-25
Reviewed by Darin Adler.

Use RefPtr&& argument instead of PassRefPtr in append()

* dom/TouchList.h:
(WebCore::TouchList::append):
* page/EventHandler.cpp:
(WebCore::EventHandler::handleTouchEvent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201377 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Update constructRevalidationRequest() to stop returning a unique_ptr<ResourceRequest>
https://bugs.webkit.org/show_bug.cgi?id=158046

Reviewed by Darin Adler.

Update constructRevalidationRequest() to stop returning a unique_ptr<ResourceRequest>
and to return a ResourceRequest instead. There is no reason for it to return a
pointer.

* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:
(WebKit::NetworkCache::constructRevalidationRequest):
(WebKit::NetworkCache::SpeculativeLoadManager::PreloadedEntry::PreloadedEntry):
(WebKit::NetworkCache::SpeculativeLoadManager::PreloadedEntry::revalidationRequest):
(WebKit::NetworkCache::SpeculativeLoadManager::addPreloadedEntry):
(WebKit::NetworkCache::SpeculativeLoadManager::revalidateEntry):
* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201376 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Update dom/Window/messageevent-source-postmessage-reified.html after r201315
https://bugs.webkit.org/show_bug.cgi?id=158048

Reviewed by Darin Adler.

We need to delete a property that is part of the Window's static table
now in order to force the reification.

* fast/dom/Window/messageevent-source-postmessage-reified.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201375 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Elements with backdrop-filter cannot be clipped with clip-path or mask
https://bugs.webkit.org/show_bug.cgi?id=142662
<rdar://problem/20150192>

Patch by Antoine Quint <graouts@apple.com> on 2016-05-25
Reviewed by Dean Jackson.

Source/WebCore:

We used to only apply the mask to the layer contents but did not account
for the fact that a layer backdrop may exist. We now correctly mask the
backdrop layer as well as the layer contents.

Test: css3/filters/backdrop/backdrop-filter-with-clip-path.html

* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::updateShape):
Ensure clones of a layer use the same shape path.

(WebCore::GraphicsLayerCA::updateMaskLayer):
If we have a backdrop layer, ensure that we apply a clone of the mask layer applied to
the layer contents.

Source/WebKit2:

Ensure layer clones are set up with the same shape path as their original layer.

* WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:
(WebKit::PlatformCALayerRemote::updateClonedLayerProperties):

LayoutTests:

New test that checks that applying a backdrop-filter and a clip-path on a single
element has the same effect as applying a clip-path on a parent of a child with
a backdrop-filter.

* css3/filters/backdrop/backdrop-filter-with-clip-path-expected.txt: Added.
* css3/filters/backdrop/backdrop-filter-with-clip-path.html: Added.
* platform/ios-simulator/css3/filters/backdrop/backdrop-filter-with-clip-path-expected.html: Added.
* platform/mac/css3/filters/backdrop/backdrop-filter-with-clip-path-expected.png: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201374 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[css-grid] Simplify grid track sizes parsing
https://bugs.webkit.org/show_bug.cgi?id=158021

Reviewed by Sergio Villar Senin.

Previously once we saw an auto-repeat function,
we passed the "FixedSizeOnly" restriction to the rest of methods.
That way we were sure that all the tracks after the auto-repeat
had fixed sizes.
But we needed to call allTracksAreFixedSized() to be sure that
the tracks before the auto-repeat had fixed sizes too.

Now we're introducing a new boolean |allTracksAreFixedSized|,
to check in advance if the declaration contains any track not fixed.
If that's the case and we found an auto-repeat method,
we consider it invalid.
With this approach we avoid the loop to verify
that all the tracks (before and after the auto-repeat) are fixed.
It also allows us to simplify the code and avoid passing
the restriction to all the methods parsing the track size.

No new tests, no change of behavior.

* css/CSSParser.cpp:
(WebCore::isGridTrackFixedSized): New method to check if a grid track
size is fixed or not (based on old allTracksAreFixedSized()).
(WebCore::CSSParser::parseGridTrackList): Add new boolean to detect
if any track has not a fixed size.
(WebCore::CSSParser::parseGridTrackRepeatFunction): Ditto.
(WebCore::CSSParser::parseGridTrackSize): Remove usage of
TrackSizeRestriction enum.
Check here if |minTrackBreadth| is a flexible size.
(WebCore::CSSParser::parseGridBreadth): Remove usage of
TrackSizeRestriction enum.
(WebCore::allTracksAreFixedSized): Deleted.
* css/CSSParser.h: Remove TrackSizeRestriction enum and update headers.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201373 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed, add JSBench to the skipped list for now since it doesn't
work currently.

* Skipped:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201372 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Simplify a couple of lambda captures in the network cache code
https://bugs.webkit.org/show_bug.cgi?id=158053

Reviewed by Brady Eidson.

* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:
(WebKit::NetworkCache::SpeculativeLoadManager::preloadEntry):
Just capture subResourceInfo instead of allocating a new copy
on the heap. There is no reason we cannot simply capture
subResourceInfo here.

* NetworkProcess/cache/NetworkCacheStorage.cpp:
(WebKit::NetworkCache::Storage::clear):
Use new C++14 capture with initialization to make the code a
bit nicer.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201371 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Reorganize dashboard code: move code from _timeIntervalString to base class
https://bugs.webkit.org/show_bug.cgi?id=158047
rdar://problem/26457274

Reviewed by Alexey Proskuryakov and Dean Johnson.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BubbleQueueView.js:
(BubbleQueueView.prototype._timeIntervalString): Moved core logic to base class so as to make it re-usable.
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/QueueView.js:
(QueueView.prototype._readableTimeString): Same.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201370 268f45cc-cd09-0410-ab3c-d52691b4dbfc

_WKThumbnailView should expose its snapshot size
https://bugs.webkit.org/show_bug.cgi?id=158049

Reviewed by Tim Horton.

* UIProcess/API/Cocoa/_WKThumbnailView.h:
* UIProcess/API/Cocoa/_WKThumbnailView.mm:
(-[_WKThumbnailView _didTakeSnapshot:]):
Update the new snapshotSize property in a KVO-compliant manner.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201366 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[JSC][GTK][EFL] Allow run-jsc-benchmark to use WebKitTestRunner in EFL / GTK ports
https://bugs.webkit.org/show_bug.cgi?id=158016

Reviewed by Darin Adler.

This patch easily allows run-jsc-benchmark to run WebKitTestRunner-based tests in GTK / EFL ports.
This change encourages us to run tests with the browser-heap in nix environments.
Two things are modified.

1. Add a fall-back to look up the library path in GTK / EFL / JSCOnly environment.

    In GTK / EFL / JSCOnly ports, the hierarchy of the build directory is slightly different from Apple port.
    For example, the jsc bin locate at "WebKitBuild/XXX/Release/bin/jsc" and the lib path is "WebKitBuild/XXX/Release/lib"
    while the one of Apple port is "WebKitBuild/XXX/Release/jsc" and "WebKitBuild/XXX/Release/lib".
    And based on this library path, we configure the required environment variables to run WebKitTestRunner in GTK / EFL ports.

2. Add --dependencies option to add dependent library paths.

    While Apple ports does not require any additional dependent library path, GTK and EFL ports require this path,
    typically WebKitBuild/DependenciesGTK and WebKitBuild/DependenciesEFL respectively. So we need to add such paths to LD_LIBRARY_PATH.
    Instead of adding platform options like --gtk / --efl, we add --dependencies option to add the additional dependent library paths.
    The platform options still require the build path to look up the dependent library directory. So we pass it directly through --dependencies.
    Multiple additional dependent library paths can be added by using --dependencies multiple times.

By using these change, we can run benchmarks that require WebKitTestRunner in GTK / EFL ports (If you would like to run them in a headless manner, you can use xvbuf.).
Example:
    `Tools/Scripts/run-jsc-benchmarks baseline:WebKitBuild/baseline/Release/bin/WebKitTestRunner patched:WebKitBuild/patched/Release/bin/WebKitTestRunner --dependencies WebKitBuild/DependenciesGTK/Root/lib --js-bench`

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201365 268f45cc-cd09-0410-ab3c-d52691b4dbfc

TypedArray.prototype.slice should not throw if no arguments are provided
https://bugs.webkit.org/show_bug.cgi?id=158044
<rdar://problem/26433280>

Reviewed by Geoffrey Garen.

We were throwing an exception if the TypedArray.prototype.slice function
was not provided arguments. This was wrong. Instead we should just assume
the first argument was 0.

* runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::genericTypedArrayViewProtoFuncSlice): Deleted.
* tests/stress/typedarray-slice.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201364 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LLInt should be able to cache prototype loads for values in GetById
https://bugs.webkit.org/show_bug.cgi?id=158032

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch adds prototype value caching to the LLInt for op_get_by_id.
Two previously unused words in the op_get_by_id bytecode have been
repurposed to hold extra information for the cache. The first is a
counter that records the number of get_by_ids that hit a cacheable value
on a prototype. When the counter is decremented from one to zero we
attempt to cache the prototype load, which will be discussed further
below. The second word is used to hold the prototype object when we have
started caching.

When the counter is decremented to zero we first attempt to generate and
watch the property conditions needed to ensure the validity of prototype
load. If the watchpoints are successfully created and installed we
replace the op_get_by_id opcode with the new op_get_by_id_proto_load
opcode, which tells the LLInt to use the cache prototype object for the
load rather than the base value.

Prior to this patch there was not LLInt specific data onCodeBlocks.
Since the CodeBlock needs to own the Watchpoints for the cache, a weak
map from each base structure to a bag of Watchpoints created for that
structure by some op_get_by_id has been added to the CodeBlock. During
GC, if we find that the a structure in the map has not been marked we
free the associated bag on the CodeBlock.

* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printGetByIdOp):
(JSC::CodeBlock::printGetByIdCacheStatus):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::finalizeLLIntInlineCaches):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::llintGetByIdWatchpointMap):
(JSC::clearLLIntGetByIdCache):
* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFromLLInt):
* bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp: Added.
(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::install):
(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
* bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h: Added.
* bytecode/ObjectPropertyConditionSet.cpp:
(JSC::ObjectPropertyConditionSet::isValidAndWatchable):
* bytecode/ObjectPropertyConditionSet.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitGetById):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setupGetByIdPrototypeCache):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/Options.h:
* tests/stress/llint-get-by-id-cache-prototype-load-from-dictionary.js: Added.
(test):

Source/WTF:

Add move constructors/initializers to Bags.

* wtf/Bag.h:
(WTF::Bag::Bag):
(WTF::Bag::operator=):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201363 268f45cc-cd09-0410-ab3c-d52691b4dbfc

We should be able to use the sampling profiler with DRT/WTR.
https://bugs.webkit.org/show_bug.cgi?id=158041

Reviewed by Saam Barati.

This patch makes the sampling profiler use a new option, samplingProfilerPath, which
specifies the path to a directory to output sampling profiler data when the program
terminates or the VM is destroyed. Additionally, it fixes some other issues with the
bytecode profiler that would cause crashes on debug builds.

* profiler/ProfilerDatabase.cpp:
(JSC::Profiler::Database::ensureBytecodesFor):
(JSC::Profiler::Database::performAtExitSave):
* runtime/Options.h:
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::registerForReportAtExit):
(JSC::SamplingProfiler::reportDataToOptionFile):
(JSC::SamplingProfiler::reportTopFunctions):
(JSC::SamplingProfiler::reportTopBytecodes):
* runtime/SamplingProfiler.h:
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::~VM):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201361 268f45cc-cd09-0410-ab3c-d52691b4dbfc