[Font Loading] Crash when a single load request causes multiple fonts to fail loading
https://bugs.webkit.org/show_bug.cgi?id=155009

Reviewed by Simon Fraser.

Source/WebCore:

In JavaScript, the first promise fulfillment/failure wins. However, in C++, any
subsequent fulfillments/failures cause a crash.

Test: fast/text/font-face-set-document-multiple-failure.html

* css/CSSFontFace.cpp:
(WebCore::iterateClients): Notifying a client may cause some other client
to be destroyed, thereby modifying the clients set. This function allows
for notifying clients in a resilient manner.
(WebCore::CSSFontFace::setStyle): Update to use iterateClients().
(WebCore::CSSFontFace::setWeight): Ditto.
(WebCore::CSSFontFace::setUnicodeRange): Ditto.
(WebCore::CSSFontFace::setVariantLigatures): Ditto.
(WebCore::CSSFontFace::setVariantPosition): Ditto.
(WebCore::CSSFontFace::setVariantCaps): Ditto.
(WebCore::CSSFontFace::setVariantNumeric): Ditto.
(WebCore::CSSFontFace::setVariantAlternates): Ditto.
(WebCore::CSSFontFace::setVariantEastAsian): Ditto.
(WebCore::CSSFontFace::setFeatureSettings): Ditto.
(WebCore::CSSFontFace::setStatus): Ditto.
(WebCore::CSSFontFace::notifyClientsOfFontPropertyChange): Deleted.
* css/CSSFontFace.h: Adding a way for clients to make sure they don't register
or deregister another client.
* css/CSSFontFaceSet.cpp:
(WebCore::CSSFontFaceSet::guardAgainstClientRegistrationChanges): Simple
ref()/deref() pair.
(WebCore::CSSFontFaceSet::stopGuardingAgainstClientRegistrationChanges):
* css/CSSFontFaceSet.h:
* css/FontFace.cpp: Ditto.
(WebCore::FontFace::guardAgainstClientRegistrationChanges):
(WebCore::FontFace::stopGuardingAgainstClientRegistrationChanges):
* css/FontFace.h:
* css/FontFaceSet.cpp:
(WebCore::FontFaceSet::faceFinished): Make sure that we only fulfil or reject
a promise once.
* css/FontFaceSet.h:
* dom/Document.cpp:
(WebCore::Document::fonts): The CSSFontFaces inside the CSSFontSelector get
created during style recalc. We may be in a state where there is a style
recalc pending. In order to make sure the Javascript API sees the current
state of the world, force a style recalc here (but only if one is pending).

LayoutTests:

* fast/text/font-face-set-document-multiple-failure-expected.txt: Added.
* fast/text/font-face-set-document-multiple-failure.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197804 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed, rolling out r197793 and r197799.
https://bugs.webkit.org/show_bug.cgi?id=155195

something weird happened while landing this and everything
broke (Requested by olliej on #webkit).

Reverted changesets:

"Start moving to separated writable and executable mappings in
the JIT"
https://bugs.webkit.org/show_bug.cgi?id=155178
http://trac.webkit.org/changeset/197793

"arm64 build fix after r197793."
http://trac.webkit.org/changeset/197799

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197803 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Web Inspector: Images being blocked by CSP 2.0
https://bugs.webkit.org/show_bug.cgi?id=155182
<rdar://problem/25040640>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-08
Reviewed by Daniel Bates.

* UserInterface/Main.html:
Allow Web Inspector to load file: and blob: image resources.
Also blob: media and font resources.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197802 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[WK2] Grant explicit read access to ManagedPreferences
https://bugs.webkit.org/show_bug.cgi?id=155173
<rdar://problem/24910550>

Reviewed by Alexey Proskuryakov.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Add new
read permission.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197801 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Skip fast/events/prevent-default-prevents-interaction-with-scrollbars.html on ios-simulator

Unreviewed test gardening.

The test relies on mouse events, which are unsupported on ios-simulator.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197800 268f45cc-cd09-0410-ab3c-d52691b4dbfc

arm64 build fix after r197793.

* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeBulletproofJIT):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
Use consistent ENABLE macro.  It looks like it was partially renamed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197799 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Skip css3/filters tests that seem to cause a crash on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=153933

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197798 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed, rolling in r197722.
https://bugs.webkit.org/show_bug.cgi?id=155171

The right calculation for our static_assert is actually:

    sizeof(SmallChunk) % vmPageSize + 2 * smallMax <= vmPageSize

instead of:

    sizeof(SmallChunk) % vmPageSize + smallMax <= vmPageSize

smallMax is not enough because line metadata might require us to begin
allocation at an offset as large as smallMax, so we need 2 * smallMax.

Once correct, this static_assert fires, and we fix it by increasing
the alignment of SmallChunk.

Restored changeset:

"bmalloc: Use List<T> instead of Vector<T> in some places"
https://bugs.webkit.org/show_bug.cgi?id=155150
http://trac.webkit.org/changeset/197722

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197797 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Regexp matching should incur less call overhead
https://bugs.webkit.org/show_bug.cgi?id=155181

Reviewed by Geoffrey Garen.

Previously we had DFG/FTL code call into the DFGOperation, which then called in to
RegExpObject, which then called into createRegExpMatchesArray, which then called into
RegExp, which then called the code generated by Yarr.

Now we have DFG/FTL code call into the DFGOperation, which does all of the things and calls
into code generated by Yarr.

This is another tiny Octane/regexp speed-up.

* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGOperations.cpp:
* runtime/RegExp.cpp:
(JSC::regExpFlags):
(JSC::RegExp::compile):
(JSC::RegExp::match):
(JSC::RegExp::compileMatchOnly):
(JSC::RegExp::deleteCode):
(JSC::RegExpFunctionalTestCollector::clearRegExp): Deleted.
(JSC::RegExp::compileIfNecessary): Deleted.
(JSC::RegExp::compileIfNecessaryMatchOnly): Deleted.
* runtime/RegExp.h:
* runtime/RegExpInlines.h: Added.
(JSC::RegExpFunctionalTestCollector::clearRegExp):
(JSC::RegExp::compileIfNecessary):
(JSC::RegExp::matchInline):
(JSC::RegExp::compileIfNecessaryMatchOnly):
* runtime/RegExpMatchesArray.cpp:
(JSC::createEmptyRegExpMatchesArray):
(JSC::createStructureImpl):
(JSC::tryCreateUninitializedRegExpMatchesArray): Deleted.
(JSC::createRegExpMatchesArray): Deleted.
* runtime/RegExpMatchesArray.h:
(JSC::tryCreateUninitializedRegExpMatchesArray):
(JSC::createRegExpMatchesArray):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::put):
(JSC::RegExpObject::exec):
(JSC::RegExpObject::match):
(JSC::getLastIndexAsUnsigned): Deleted.
* runtime/RegExpObject.h:
(JSC::RegExpObject::getLastIndex):
(JSC::RegExpObject::test):
(JSC::RegExpObject::testInline):
* runtime/RegExpObjectInlines.h: Added.
(JSC::getRegExpObjectLastIndexAsUnsigned):
(JSC::RegExpObject::execInline):
(JSC::RegExpObject::matchInline):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197796 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Ignore deprecation warnings.

* Shared/mac/ChildProcessMac.mm:
(WebKit::ChildProcess::stopNSAppRunLoop):
* Shared/mac/WebEventFactory.mm:
(WebKit::mouseButtonForEvent):
(WebKit::mouseEventTypeForEvent):
(WebKit::clickCountForEvent):
(WebKit::globalPointForEvent):
(WebKit::pointForEvent):
(WebKit::textFromEvent):
(WebKit::unmodifiedTextFromEvent):
(WebKit::isKeypadEvent):
(WebKit::isKeyUpEvent):
(WebKit::modifiersForEvent):
(WebKit::WebEventFactory::createWebKeyboardEvent):
* UIProcess/API/Cocoa/WKNavigationAction.mm:
(toNSEventModifierFlags):
* UIProcess/Cocoa/WebViewImpl.mm:
(WebKit::WebViewImpl::becomeFirstResponder):
(WebKit::WebViewImpl::updateContentInsetsIfAutomatic):
(WebKit::WebViewImpl::viewDidMoveToWindow):
(WebKit::WebViewImpl::postFakeMouseMovedEventForFlagsChangedEvent):
(WebKit::WebViewImpl::createFullScreenWindow):
(WebKit::WebViewImpl::sendToolTipMouseExited):
(WebKit::WebViewImpl::sendToolTipMouseEntered):
(WebKit::applicationFlagsForDrag):
(WebKit::WebViewImpl::setLastMouseDownEvent):
(WebKit::WebViewImpl::doneWithKeyEvent):
(WebKit::WebViewImpl::collectKeyboardLayoutCommandsForEvent):
(WebKit::WebViewImpl::performKeyEquivalent):
* UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
(WebKit::PluginProcessProxy::beginModal):
* UIProcess/mac/WebContextMenuProxyMac.mm:
(WebKit::WebContextMenuProxyMac::showContextMenu):
* UIProcess/mac/WebInspectorProxyMac.mm:
(WebKit::WebInspectorProxy::platformCanAttach):
* UIProcess/mac/WebPopupMenuProxyMac.mm:
(WebKit::WebPopupMenuProxyMac::populate):
(WebKit::WebPopupMenuProxyMac::showPopupMenu):
* WebProcess/Plugins/PDF/DeprecatedPDFPlugin.mm:
(WebKit::modifierFlagsFromWebEvent):
(WebKit::getEventTypeFromWebEvent):
* WebProcess/Plugins/PDF/PDFPluginTextAnnotation.mm:
(WebKit::cssAlignmentValueForNSTextAlignment):
* WebProcess/WebCoreSupport/mac/WebDragClientMac.mm:
(WebKit::convertImageToBitmap):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197795 268f45cc-cd09-0410-ab3c-d52691b4dbfc

synthesizePrototype() and friends need to be followed by exception checks (or equivalent).
https://bugs.webkit.org/show_bug.cgi?id=155169

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

With the exception checks, we may end up throwing new exceptions over an existing
one that has been thrown but not handled yet, thereby obscuring it.  It may also
mean that the VM will continue running on potentially unstable state, which may
have undesirable consequences.

I first observed this in some failed assertion while running tests on a patch for
https://bugs.webkit.org/show_bug.cgi?id=154865.

Performance is neutral with this patch (tested on x86_64).

1. Deleted JSNotAnObject, and removed all uses of it.

2. Added exception checks, when needed, following calls to synthesizePrototype()
   and JSValue::toObject().

   The cases that do not need an exception check are the ones that already ensures
   that JSValue::toObject() is only called on a value that is convertible to an
   object.  In those cases, I added an assertion that no exception was thrown
   after the call.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* inspector/ScriptCallStackFactory.cpp:
(Inspector::createScriptCallStackFromException):
* interpreter/Interpreter.cpp:
* jit/JITOperations.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):
(JSC::arrayProtoFuncValues):
(JSC::arrayProtoFuncEntries):
(JSC::arrayProtoFuncKeys):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/ExceptionHelpers.cpp:
* runtime/JSCJSValue.cpp:
(JSC::JSValue::toObjectSlowCase):
(JSC::JSValue::toThisSlowCase):
(JSC::JSValue::synthesizePrototype):
(JSC::JSValue::putToPrimitive):
(JSC::JSValue::putToPrimitiveByIndex):
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::getPropertySlot):
(JSC::JSValue::get):
* runtime/JSFunction.cpp:
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncProtoGetter):
* runtime/JSNotAnObject.cpp: Removed.
* runtime/JSNotAnObject.h: Removed.
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorDefineProperties):
(JSC::objectConstructorCreate):
* runtime/ObjectPrototype.cpp:
(JSC::objectProtoFuncValueOf):
(JSC::objectProtoFuncHasOwnProperty):
(JSC::objectProtoFuncIsPrototypeOf):
(JSC::objectProtoFuncToString):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:

Source/WebCore:

No new tests because this issue is covered by existing tests when the fix for
https://bugs.webkit.org/show_bug.cgi?id=154865 lands.  That patch is waiting for
this patch to land first so as to not introduce test failures.

* Modules/plugins/QuickTimePluginReplacement.mm:
(WebCore::QuickTimePluginReplacement::installReplacement):
* bindings/js/JSDeviceMotionEventCustom.cpp:
(WebCore::readAccelerationArgument):
(WebCore::readRotationRateArgument):
* bindings/js/JSGeolocationCustom.cpp:
(WebCore::createPositionOptions):
* bindings/js/JSHTMLCanvasElementCustom.cpp:
(WebCore::get3DContextAttributes):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateConstructorDefinition):
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
(WebCore::JSTestEventConstructorConstructor::construct):
* contentextensions/ContentExtensionParser.cpp:
(WebCore::ContentExtensions::getTypeFlags):
* html/HTMLMediaElement.cpp:
(WebCore::setPageScaleFactorProperty):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
* html/HTMLPlugInImageElement.cpp:
(WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197794 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Start moving to separated writable and executable mappings in the JIT
https://bugs.webkit.org/show_bug.cgi?id=155178

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Start moving to a separate writable and executable heap for the various
JITs.

As part of our work to harden the JIT against various attacks, we're
moving away from our current RWX heap and on to using separate RW and X
mappings. This means that simply leaking the location of the executable
mapping is not sufficient to compromise JSC, so we can continue to
use direct executable pointers in our GC objects (which we need for
performance), but keep the writable pointer in only a single location
so that we are less likely to leak the address. To further obscure the
address of the writable region we place it in an execute only region
of memory so that it is not possible to read the location from
anywhere. That means an attacker must have at least partial control
of PC (to call jitMemCopy) before they can start to attack the JIT.

This work is initially ARM64 only, as we use as the jitMemCopy is
currently specific to that platform's calling conventions and layout.
We're just landing it in the current form so that we can at least
ensure it doesn't regress.

* Configurations/FeatureDefines.xcconfig:
* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::ldp):
(JSC::ARM64Assembler::ldnp):
(JSC::ARM64Assembler::fillNops):
(JSC::ARM64Assembler::stp):
(JSC::ARM64Assembler::stnp):
(JSC::ARM64Assembler::replaceWithJump):
(JSC::ARM64Assembler::replaceWithLoad):
(JSC::ARM64Assembler::replaceWithAddressComputation):
(JSC::ARM64Assembler::setPointer):
(JSC::ARM64Assembler::repatchInt32):
(JSC::ARM64Assembler::repatchCompact):
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::linkCompareAndBranch):
(JSC::ARM64Assembler::linkConditionalBranch):
(JSC::ARM64Assembler::linkTestAndBranch):
(JSC::ARM64Assembler::loadStoreRegisterPairOffset):
(JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal):
* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::copyCompactAndLinkCode):
(JSC::LinkBuffer::allocate):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::LinkBuffer):
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::sub64):
(JSC::MacroAssemblerARM64::load64):
(JSC::MacroAssemblerARM64::loadPair64):
(JSC::MacroAssemblerARM64::loadPair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::load8):
(JSC::MacroAssemblerARM64::store64):
(JSC::MacroAssemblerARM64::storePair64):
(JSC::MacroAssemblerARM64::storePair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::store8):
(JSC::MacroAssemblerARM64::branchAdd64):
(JSC::MacroAssemblerARM64::branchSub64):
* jit/ExecutableAllocator.h:
(JSC::performJITMemcpy):
* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeBulletproofJIT):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
* runtime/Options.cpp:
(JSC::recomputeDependentOptions):
* runtime/Options.h:

Source/WebCore:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WTF:

Update feature defines.

* wtf/FeatureDefines.h:
* wtf/Platform.h: ARM64 for now.

Tools:

Making run-jsc-benchmarks slightly happier on my machine.

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197793 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed, rolling out r197766.
https://bugs.webkit.org/show_bug.cgi?id=155183

Has platform-specific code in non-platform files (Requested by
smfr on #webkit).

Reverted changeset:

"AX: Force allow user zoom"
https://bugs.webkit.org/show_bug.cgi?id=155056
http://trac.webkit.org/changeset/197766

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197792 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Ignore deprecation warnings.

* Misc/WebNSEventExtras.m:
(-[NSEvent _web_isKeyEvent:]):
(-[NSEvent _web_isOptionTabKeyEvent]):
* Misc/WebNSViewExtras.m:
(-[NSView _web_dragShouldBeginFromMouseDown:withExpiration:xHysteresis:yHysteresis:]):
* Plugins/Hosted/NetscapePluginHostProxy.mm:
(WebKit::NetscapePluginHostProxy::beginModal):
* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
(WebKit::NetscapePluginInstanceProxy::syntheticKeyDownWithCommandModifier):
* Plugins/Hosted/WebHostedNetscapePluginView.mm:
(-[WebHostedNetscapePluginView drawRect:]):
* Plugins/WebNetscapePluginEventHandlerCocoa.mm:
(WebNetscapePluginEventHandlerCocoa::syntheticKeyDownWithCommandModifier):
* WebCoreSupport/PopupMenuMac.mm:
(PopupMenuMac::populate):
(PopupMenuMac::show):
* WebCoreSupport/WebContextMenuClient.mm:
(WebContextMenuClient::showContextMenu):
* WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::actionDictionary):
* WebCoreSupport/WebInspectorClient.mm:
(WebInspectorFrontendClient::canAttach):
(-[WebInspectorWindowController window]):
* WebInspector/WebNodeHighlight.mm:
(-[WebNodeHighlight initWithTargetView:inspectorController:]):
* WebView/WebFrameView.mm:
(-[WebFrameView keyDown:keyDown:]):
* WebView/WebFullScreenController.mm:
(-[WebFullScreenController init]):
(createBackgroundFullscreenWindow):
* WebView/WebHTMLView.mm:
(-[WebHTMLView _postFakeMouseMovedEventForFlagsChangedEvent:]):
(-[WebHTMLView _setMouseDownEvent:_setMouseDownEvent:]):
(isQuickLookEvent):
(-[WebHTMLView hitTest:]):
(-[WebHTMLView _sendToolTipMouseExited]):
(-[WebHTMLView _sendToolTipMouseEntered]):
(mouseEventIsPartOfClickOrDrag):
(-[WebHTMLView _updateMouseoverWithEvent:]):
(-[WebHTMLView acceptsFirstResponder]):
(-[WebHTMLView viewDidMoveToWindow]):
(currentKeyboardEvent):
(-[WebHTMLView _handleStyleKeyEquivalent:]):
(-[WebHTMLView _interpretKeyEvent:savingCommands:]):
* WebView/WebPDFView.mm:
(-[WebPDFView hitTest:]):
(-[WebPDFView PDFViewWillClickOnLink:withURL:]):
(-[WebPDFView _fakeKeyEventWithFunctionKey:]):
* WebView/WebTextCompletionController.mm:
(-[WebTextCompletionController _buildUI]):
(-[WebTextCompletionController _placePopupWindow:]):
* WebView/WebView.mm:
(-[WebView applicationFlags:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197791 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Add an event for when touch force changes
https://bugs.webkit.org/show_bug.cgi?id=155143
-and corresponding-
rdar://problem/24068726

Reviewed by Darin Adler.

We will be able to test this once we fix the iOS touch tests.

This patch adds touchforcechange which is a lot like the iOS equivalent of
webkitmouseforcechanged. We had originally hoped to use touchmove to dispatch
force changes, but that turned out to be a compatibility nightmare.

* dom/EventNames.h:
(WebCore::EventNames::isTouchEventType):
(WebCore::EventNames::isWheelEventType):
(WebCore::EventNames::touchEventNames):
* dom/GlobalEventHandlers.idl:
* html/HTMLAttributeNames.in:
* html/HTMLElement.cpp:
(WebCore::HTMLElement::createEventHandlerNameMap):
* platform/PlatformEvent.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197790 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Ignore deprecation warnings.

* editing/cocoa/HTMLConverter.mm:
(HTMLConverter::computedAttributesForElement):
(HTMLConverter::_addMarkersToList):
* page/mac/EventHandlerMac.mm:
(WebCore::EventHandler::keyEvent):
(WebCore::lastEventIsMouseUp):
(WebCore::EventHandler::passSubframeEventToSubframe):
(WebCore::EventHandler::passWheelEventToWidget):
(WebCore::EventHandler::sendFakeEventsAfterWidgetTracking):
* page/mac/TextIndicatorWindow.mm:
(WebCore::TextIndicatorWindow::setTextIndicator):
* platform/graphics/mac/IconMac.mm:
(WebCore::Icon::paint):
* platform/mac/CursorMac.mm:
(WebCore::createCustomCursor):
* platform/mac/DragImageMac.mm:
(WebCore::dissolveDragImageToFraction):
(WebCore::createDragImageFromImage):
* platform/mac/EventLoopMac.mm:
(WebCore::EventLoop::cycle):
* platform/mac/PasteboardMac.mm:
(WebCore::Pasteboard::setDragImage):
* platform/mac/PlatformEventFactoryMac.mm:
(WebCore::globalPointForEvent):
(WebCore::pointForEvent):
(WebCore::mouseButtonForEvent):
(WebCore::mouseEventTypeForEvent):
(WebCore::clickCountForEvent):
(WebCore::textFromEvent):
(WebCore::unmodifiedTextFromEvent):
(WebCore::keyIdentifierForKeyEvent):
(WebCore::isKeypadEvent):
(WebCore::windowsKeyCodeForKeyEvent):
(WebCore::isKeyUpEvent):
(WebCore::modifiersForEvent):
(WebCore::PlatformKeyboardEventBuilder::PlatformKeyboardEventBuilder):
* platform/mac/ScrollbarThemeMac.mm:
(WebCore::scrollbarControlSizeToNSControlSize):
* platform/mac/ThemeMac.mm:
(-[WebCoreThemeView window]):
(WebCore::controlSizeForFont):
(WebCore::controlSizeFromPixelSize):
(WebCore::setUpButtonCell):
(WebCore::stepperControlSizeForFont):
(WebCore::paintStepper):
(WebCore::ThemeMac::minimumControlSize):
* platform/mac/WebVideoFullscreenHUDWindowController.mm:
(-[WebVideoFullscreenHUDWindow initWithContentRect:styleMask:backing:defer:]):
(-[WebVideoFullscreenHUDWindow performKeyEquivalent:]):
(-[WebVideoFullscreenHUDWindowController init]):
(-[WebVideoFullscreenHUDWindowController keyDown:]):
(-[WebVideoFullscreenHUDWindowController windowDidLoad]):
* platform/mac/WebWindowAnimation.mm:
(WebWindowAnimationDurationFromDuration):
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::updateCachedSystemFontDescription):
(WebCore::RenderThemeMac::controlSizeForFont):
(WebCore::RenderThemeMac::controlSizeForCell):
(WebCore::RenderThemeMac::controlSizeForSystemFont):
(WebCore::RenderThemeMac::paintProgressBar):
(WebCore::RenderThemeMac::popupMenuSize):
(WebCore::RenderThemeMac::sliderThumbHorizontal):
(WebCore::RenderThemeMac::sliderThumbVertical):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197789 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Support iterating over an OptionSet and checking if it is empty
https://bugs.webkit.org/show_bug.cgi?id=154941
<rdar://problem/24964187>

Reviewed by Darin Adler.

Source/WTF:

Implements support for iterating over the enumerators in an OptionSet as well as
determining if the set is empty.

Iterating over an OptionSet is in Big Theta(N) where N is the number of items in
the set. More precisely, it is in Big Theta(log M) where M is the bitmask represented
by the bitwise OR-ing of all enumerators in the set.

* wtf/OptionSet.h: Added comment to describe the purpose of this class and its invariant -
the enumerators must be positive powers of two.
(WTF::OptionSet::Iterator::operator*): Returns the enumerator pointed to by the iterator.
(WTF::OptionSet::Iterator::operator++): Advance to the next smallest enumerator in the set.
(WTF::OptionSet::Iterator::operator==): Returns whether the iterator is equal to the specified iterator.
(WTF::OptionSet::Iterator::operator!=): Returns whether the iterator is not equal to the specified iterator.
(WTF::OptionSet::Iterator::Iterator): Added.
(WTF::OptionSet::fromRaw): Instantiate using specialized private constructor to allow
instantiation with a raw value of 0.
(WTF::OptionSet::OptionSet): Specialized constructor that asserts that the specified value
is a positive power of two. This variant is only compiled when assertions are enabled (i.e. !ASSERT_DISABLED).
(WTF::OptionSet::isEmpty): Returns whether the set is empty.
(WTF::OptionSet::begin): Returns an iterator to the enumerator with the smallest value in the set.
(WTF::OptionSet::end): Returns an iterator that represents the end sentinel of the set.

Tools:

Add tests to ensure that we do not regression both iteration of an OptionSet and
determining whether an OptionSet is empty.

* TestWebKitAPI/Test.h:
(TestWebKitAPI::Util::assertStrongEnum): Helper function to assert two strong enum type for equality.
* TestWebKitAPI/Tests/WTF/OptionSet.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197788 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Fix lifetime issues regarding WebVideoFullscreenInterfaceMac
https://bugs.webkit.org/show_bug.cgi?id=155130

Reviewed by Beth Dakin.

Now that both fullscreen and video controls manager rely on WebVideoFullscreenInterface,
we now keep track of a "client count" for each context ID so we'll only remove it
from the context map after all the "clients" are done with it.

Before this change, every time WebVideoFullscreenManager::setUpVideoControlsManager()
is called, the existing interface is cleared and a new one is created even when there's
an existing interface for that. With this change, we reuse the existing interface for
the video element.

* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.h:
* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.mm:
(WebKit::WebVideoFullscreenManagerProxy::invalidate):
Also clear out m_clientCounts.
(WebKit::WebVideoFullscreenManagerProxy::addClientForContext):
If the context ID is not in m_clientCounts yet, add the count of 1 to
that table for that ID. Otherwise, increment the count by 1.
(WebKit::WebVideoFullscreenManagerProxy::removeClientForContext):
Assert that we have added this context id to m_clientCounts before.
Decrement the count. If it reaches 0, remove this context ID from both
m_clientCounts and m_contextMap.
(WebKit::WebVideoFullscreenManagerProxy::setupFullscreenWithID):
We have started a new fullscreen session using this interface. Call
addClientForContext() to update the client count.
(WebKit::WebVideoFullscreenManagerProxy::setUpVideoControlsManagerWithID):
If the current controls manager set up has the same context ID as the one
passed in, we don't have to do anything. Otherwise, if we have set up
the video controls manager with a different ID before, call removeClientForContext()
on the old ID to decrement its client count. Set m_controlsManagerContextId
to the new value and call addClientForContext() with it.
(WebKit::WebVideoFullscreenManagerProxy::didCleanupFullscreen):
Instead of removing the mapping from m_contextMap directly, reset the fullscreen
mode on the interface and call removeClientForContext(), which removes the mapping
only if there's no more client using the interface.
* WebProcess/cocoa/WebVideoFullscreenManager.h:
* WebProcess/cocoa/WebVideoFullscreenManager.mm:
(WebKit::WebVideoFullscreenManager::~WebVideoFullscreenManager):
Clear m_clientCounts.
(WebKit::WebVideoFullscreenManager::removeContext):
Add a helper method for removing the context.
(WebKit::WebVideoFullscreenManager::addClientForContext):
If the context ID is not in m_clientCounts yet, add the count of 1 to
that table for that ID. Otherwise, increment the count by 1.
(WebKit::WebVideoFullscreenManager::removeClientForContext):
Assert that we have added this context id to m_clientCounts before.
Decrement the count. If it reaches 0, remove this context ID from
m_clientCounts and call removeContext() to clean up this context.
(WebKit::WebVideoFullscreenManager::enterVideoFullscreenForVideoElement):
We have started a new fullscreen session using this interface. Call
addClientForContext() to update the client count. Create a layer hosting
context if it's not there.
(WebKit::WebVideoFullscreenManager::setUpVideoControlsManager):
If we have set up a context for this video element before, see if it's
the one we are currently managing video controls for. If it is, return early.
Otherwise, call removeClientForContext() on the previous m_controlsManagerContextId
and update m_controlsManagerContextId to the context ID of this video element.
If there's no context created for this video element yet, set one up.
Send a SetUpVideoControlsManagerWithID message to the proxy object in the UI process
so it'll update its controls manager context ID. Also, conditionalize all of this
under PLATFORM(MAC) to be consistent with WebVideoFullscreenManagerProxy.
(WebKit::WebVideoFullscreenManager::didCleanupFullscreen):
Just reset the fullscreen mode on the interface and call removeClientForContext() which
only cleans up the context if there's no more client using it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197787 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Skip svg/animations/animate-marker-orient-from-angle-to-autostartreverse.html on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=155174

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197786 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed attempt to fix the 32bit build after r197782.

* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::ReliefLogger::logMemoryUsageChange):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197785 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Scrolling does not work when the mouse down is handled by a node
https://bugs.webkit.org/show_bug.cgi?id=19033

Reviewed by Simon Fraser.

Source/WebCore:

Test: fast/events/prevent-default-prevents-interaction-with-scrollbars-.html

When a mouse press/down event happens on a scrollbar area, but event
is default prevented in the document level**, for example, event does not get
properly passed to scrollbars, although it should.

Problem started long ago with r17770, and was improved with r19596.
However, years later, the way Scrollbar* is obtained is still currently different
weither event is default prevented or not.

Patch uniforms the logic for both cases, and fixes the bug.

Note: code before used to look like

if (swallowEvent) {
    <code>
} else {
    <bleh>
    <foo>
}

.. and now looks like

if (!swallowEvent)
    <bleh>

<code>

if (!swallowEvent)
    <foo>

** e.g. document.addEventListener('mousedown', function (e) { e.preventDefault(); });

* page/EventHandler.cpp:
(WebCore::scrollbarForMouseEvent):
(WebCore::EventHandler::handleMousePressEvent):

LayoutTests:

* fast/events/prevent-default-prevents-interaction-with-scrollbars-expected.txt: Added.
* fast/events/prevent-default-prevents-interaction-with-scrollbars.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197784 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed. Move myself to the reviewers list.

* Scripts/webkitpy/common/config/contributors.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197783 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed Windows build fix after r197728.

* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::ReliefLogger::logMemoryUsageChange):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197782 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[ES6] Regular Expression canonicalization tables for Unicode need to be updated to use Unicode CaseFolding.txt
https://bugs.webkit.org/show_bug.cgi?id=155114

Reviewed by Darin Adler.

Source/JavaScriptCore:

Extracted out the Unicode canonicalization table creation from
YarrCanonicalizeUnicode.js into a new Python script, generateYarrCanonicalizeUnicode.
That script generates the Unicode tables as the file YarrCanonicalizeUnicode.cpp in
DerivedSources/JavaScriptCore.

Updated the processing of ignore case to make the ASCII short cuts dependent on whether
or not we are a Unicode pattern.

Renamed yarr/YarrCanonicalizeUnicode.{cpp,js} back to their prior names,
YarrCanonicalizeUCS2.{cpp,js}.
Renamed yarr/YarrCanonicalizeUnicode.h to YarrCanonicalize.h as it declares both the
legacy UCS2 and Unicode tables.

* CMakeLists.txt:
* DerivedSources.make:
* JavaScriptCore.xcodeproj/project.pbxproj:
* generateYarrCanonicalizeUnicode: Added.
* ucd: Added.
* ucd/CaseFolding.txt: Added.  The current verion, 8.0, of the Unicode CaseFolding table.
* yarr/YarrCanonicalizeUCS2.cpp: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUnicode.cpp.
* yarr/YarrCanonicalize.h: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUnicode.h.
* yarr/YarrCanonicalizeUCS2.js: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUnicode.js.
(printHeader):
* yarr/YarrCanonicalizeUnicode.cpp: Removed.
* yarr/YarrCanonicalizeUnicode.h: Removed.
* yarr/YarrCanonicalizeUnicode.js: Removed.
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::tryConsumeBackReference):
* yarr/YarrJIT.cpp:
* yarr/YarrPattern.cpp:
(JSC::Yarr::CharacterClassConstructor::putChar):

LayoutTests:

Updated test cases.

* js/regexp-unicode-expected.txt:
* js/script-tests/regexp-unicode.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197781 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed, rolling out r197765.
https://bugs.webkit.org/show_bug.cgi?id=155172

The test added with this change is failing on all platforms.
(Requested by ryanhaddad on #webkit).

Reverted changeset:

"ImageDocuments leak their world."
https://bugs.webkit.org/show_bug.cgi?id=155167
http://trac.webkit.org/changeset/197765

Patch by Commit Queue <commit-queue@webkit.org> on 2016-03-08

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197780 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Make Element const in ElementRuleCollector
https://bugs.webkit.org/show_bug.cgi?id=155170

Reviewed by Andreas Kling.

More const.

* css/ElementRuleCollector.cpp:
(WebCore::ElementRuleCollector::ElementRuleCollector):
(WebCore::ElementRuleCollector::matchAllRules):
* css/ElementRuleCollector.h:
* css/SelectorChecker.cpp:
(WebCore::SelectorChecker::checkOne):
(WebCore::SelectorChecker::matchesFocusPseudoClass):
* cssjit/SelectorCompiler.cpp:
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelationIfResolvingStyle):
(WebCore::SelectorCompiler::addStyleRelationFunction):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateContextFunctionCallTest):
(WebCore::SelectorCompiler::elementIsActive):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
(WebCore::SelectorCompiler::elementIsHovered):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsOnlyChild):
(WebCore::SelectorCompiler::makeContextStyleUniqueIfNecessaryAndTestIsPlaceholderShown):
(WebCore::SelectorCompiler::isPlaceholderShown):
* cssjit/SelectorCompiler.h:
* dom/StyledElement.h:
(WebCore::StyledElement::additionalPresentationAttributeStyle):
(WebCore::StyledElement::inlineStyle):
(WebCore::StyledElement::collectStyleForPresentationAttribute):
(WebCore::StyledElement::invalidateStyleAttribute):
(WebCore::StyledElement::presentationAttributeStyle):
* html/HTMLTableCellElement.cpp:
(WebCore::HTMLTableCellElement::parseAttribute):
(WebCore::HTMLTableCellElement::additionalPresentationAttributeStyle):
* html/HTMLTableCellElement.h:
* html/HTMLTableColElement.cpp:
(WebCore::HTMLTableColElement::parseAttribute):
(WebCore::HTMLTableColElement::additionalPresentationAttributeStyle):
* html/HTMLTableColElement.h:
* html/HTMLTableElement.cpp:
(WebCore::leakBorderStyle):
(WebCore::HTMLTableElement::additionalPresentationAttributeStyle):
* html/HTMLTableElement.h:
* html/HTMLTableSectionElement.cpp:
(WebCore::HTMLTableSectionElement::create):
(WebCore::HTMLTableSectionElement::additionalPresentationAttributeStyle):
* html/HTMLTableSectionElement.h:
* inspector/InspectorCSSAgent.cpp:
(WebCore::InspectorCSSAgent::didUnregisterNamedFlowContentElement):
(WebCore::InspectorCSSAgent::forcePseudoState):
* inspector/InspectorCSSAgent.h:
* inspector/InspectorDOMAgent.cpp:
(WebCore::InspectorDOMAgent::pushNodePathToFrontend):
(WebCore::InspectorDOMAgent::boundNodeId):
(WebCore::InspectorDOMAgent::backendNodeIdForNode):
* inspector/InspectorDOMAgent.h:
* inspector/InspectorInstrumentation.cpp:
(WebCore::InspectorInstrumentation::handleMousePressImpl):
(WebCore::InspectorInstrumentation::forcePseudoStateImpl):
* inspector/InspectorInstrumentation.h:
(WebCore::InspectorInstrumentation::handleMousePress):
(WebCore::InspectorInstrumentation::forcePseudoState):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197779 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[Fetch API] Commonalize handling of FetchBody by FetchRequest and FetchResponse
https://bugs.webkit.org/show_bug.cgi?id=154959

Reviewed by Darin Adler.

Introducing FetchBodyOwner class as base class of FetchRequest and FetchResponse.
This class is an ActiveDOMObject and is responsible of handling the Body API implemented by Request and Response.

Covered by existing tests.

* Modules/fetch/FetchBodyOwner.h: Added.
(WebCore::FetchBodyOwner::isDisturbed):
(WebCore::FetchBodyOwner::arrayBuffer):
(WebCore::FetchBodyOwner::formData):
(WebCore::FetchBodyOwner::blob):
(WebCore::FetchBodyOwner::json):
(WebCore::FetchBodyOwner::text):
(WebCore::FetchBodyOwner::body):
(WebCore::FetchBodyOwner::FetchBodyOwner):
* Modules/fetch/FetchRequest.h:
(WebCore::FetchRequest::FetchRequest):
* Modules/fetch/FetchResponse.cpp:
(WebCore::FetchResponse::FetchResponse):
* Modules/fetch/FetchResponse.h:
* WebCore.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197778 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed, fix 32-bit build after r197726.

Also, re-enable static_assert to check the ElementRareData size.

* dom/ElementRareData.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197777 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Rebaseline WPT reflection tests for ios-simulator after r197726

Unreviewed test gardening.

* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-embedded-expected.txt:
* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-forms-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197776 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Add debug iOS Simulator bots to the dashboard
https://bugs.webkit.org/show_bug.cgi?id=155157

Reviewed by Darin Adler.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/WebKitBuildbot.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197775 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WeakBlock::visit() should check for a WeakHandleOwner before consulting mark bits.
<https://webkit.org/b/155154>

Reviewed by Darin Adler.

Reorder the checks in WeakBlock::visit() so we don't look at the mark bits in MarkedBlock
unless the current WeakImpl has a WeakHandleOwner we need to consult.

I was originally hoping to make an optimization that could skip over entire WeakBlocks
if they didn't have a single WeakHandleOwner, but it turns out that scenario is not as
common as I suspected.

* heap/WeakBlock.cpp:
(JSC::WeakBlock::visit):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197774 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Web Inspector: Add automation protocol methods for navigation

https://bugs.webkit.org/show_bug.cgi?id=155163
rdar://problem/25029054

Reviewed by Darin Adler.

* UIProcess/Automation/Automation.json:
* UIProcess/Automation/WebAutomationSession.cpp:
(WebKit::WebAutomationSession::getBrowsingContexts): Set url.
(WebKit::WebAutomationSession::getBrowsingContext): Added.
(WebKit::WebAutomationSession::navigateBrowsingContext): Added.
(WebKit::WebAutomationSession::goBackInBrowsingContext): Added.
(WebKit::WebAutomationSession::goForwardInBrowsingContext): Added.
(WebKit::WebAutomationSession::reloadBrowsingContext): Added.
* UIProcess/Automation/WebAutomationSession.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197773 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed, rolling out r197722.
https://bugs.webkit.org/show_bug.cgi?id=155171

This change caused 800+ JSC test failures (Requested by
ryanhaddad on #webkit).

Reverted changeset:

"bmalloc: Use List<T> instead of Vector<T> in some places"
https://bugs.webkit.org/show_bug.cgi?id=155150
http://trac.webkit.org/changeset/197722

Patch by Commit Queue <commit-queue@webkit.org> on 2016-03-08

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197772 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed test fix after r197721.
https://bugs.webkit.org/show_bug.cgi?id=155120
<rdar://problem/25010167>

If a WK1 client turns on the "Resource Load Statistics" debug flag, but
does not supply a data modification handler, we dereference a null function.

* loader/ResourceLoadStatisticsStore.cpp:
(WebCore::ResourceLoadStatisticsStore::fireDataModificationHandler): Check
for nullptr function before invoking it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197771 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed, temporarily comment out static_assert while I investigate.

It still did not build on some platforms.

* dom/ElementRareData.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197770 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed, another build fix after r197726.

* dom/ElementRareData.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197769 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed Windows build fix after r197728.

* platform/MemoryPressureHandler.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197768 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed build fix after r197726.

* dom/ElementRareData.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197767 268f45cc-cd09-0410-ab3c-d52691b4dbfc

AX: Force allow user zoom
https://bugs.webkit.org/show_bug.cgi?id=155056

Reviewed by Chris Fleizach.

Source/WebCore:

Override the maximum scale factor when forceAlwaysUserScalable is true.

Test: accessibility/ios-simulator/force-user-scalable.html

* page/ViewportConfiguration.h:
(WebCore::ViewportConfiguration::maximumScale):
* testing/Internals.cpp:
(WebCore::Internals::composedTreeAsText):
(WebCore::Internals::setViewportForceAlwaysUserScalable):
(WebCore::Internals::viewportConfigurationMaximumScale):
* testing/Internals.h:
* testing/Internals.idl:

Source/WebKit2:

Soft linked libAccessibility library so that we can observe the accessibility
setting change for the force always user scalable feature.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::forceAlwaysUserScalableChangedCallback):
(WebKit::WebPage::create):
(WebKit::m_shouldDispatchFakeMouseMoveEvents):
(WebKit::WebPage::~WebPage):
(WebKit::WebPage::preferencesDidChange):
(WebKit::WebPage::updateForceAlwaysUserScalable):
(WebKit::WebPage::updatePreferences):
* WebProcess/WebPage/WebPage.h:

LayoutTests:

* accessibility/ios-simulator/force-user-scalable-expected.txt: Added.
* accessibility/ios-simulator/force-user-scalable.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197766 268f45cc-cd09-0410-ab3c-d52691b4dbfc

ImageDocuments leak their world.
<https://webkit.org/b/155167>
<rdar://problem/24987363>

Reviewed by Antti Koivisto.

Source/WebCore:

ImageDocument uses a special code path in ImageLoader in order to manually
control how the image is loaded. It has to do this because the ImageDocument
is really just a synthetic wrapper around a main resource that's an image.

This custom loading code had a bug where it would create a new CachedImage
and neglect to set its CachedResource::m_state flag to Pending (which is
normally set by CachedResource::load(), but we don't call that for these.)

This meant that when ImageDocument called CachedImage::finishLoading() to
trigger the notifyFinished() callback path, the image would look at its
loading state and see that it was Unknown (not Pending), and conclude that
it hadn't loaded yet. So we never got the notifyFinished() signal.

The world leaks here because ImageLoader slaps a ref on its <img> element
while it waits for the loading operation to complete. Once finished, whether
successfully or with an error, it derefs the <img>.

Since we never fired notifyFinished(), we ended up with an extra ref on
these <img> forever, and then the element kept its document alive too.

Test: fast/dom/ImageDocument-world-leak.html

* loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement):

LayoutTests:

Made a little test that loads an image into an <iframe> 10 times and then
triggers a garbage collection and checks that all the documents got destroyed.

Prior to this change, all 10 ImageDocuments would remain alive at the end.

* fast/dom/ImageDocument-world-leak-expected.txt: Added.
* fast/dom/ImageDocument-world-leak.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197765 268f45cc-cd09-0410-ab3c-d52691b4dbfc

ElementRuleCollector should not mutate document and style
https://bugs.webkit.org/show_bug.cgi?id=155113

Reviewed by Andreas Kling.

Move applying of style relations out of ElementRuleCollector and StyleResolver.
This gets us closer to making StyleResolver const for Element.

* CMakeLists.txt:
* WebCore.xcodeproj/project.pbxproj:
* css/ElementRuleCollector.cpp:
(WebCore::ElementRuleCollector::ElementRuleCollector):

    No need for style parameter anymore.

(WebCore::ElementRuleCollector::collectMatchingRules):
(WebCore::ElementRuleCollector::sortAndTransferMatchedRules):
(WebCore::ElementRuleCollector::ruleMatches):

    Client will now do the style and element mutations. Just collect the data here.

(WebCore::ElementRuleCollector::collectMatchingRulesForList):
(WebCore::ElementRuleCollector::commitStyleRelations): Deleted.

    Moves to StyleRelations.cpp

* css/ElementRuleCollector.h:
(WebCore::ElementRuleCollector::hasMatchedRules):
(WebCore::ElementRuleCollector::matchedPseudoElementIds):
(WebCore::ElementRuleCollector::styleRelations):
(WebCore::ElementRuleCollector::didMatchUncommonAttributeSelector):
* css/MediaQueryMatcher.cpp:
(WebCore::MediaQueryMatcher::prepareEvaluator):
(WebCore::MediaQueryMatcher::evaluate):
* css/SelectorChecker.cpp:
(WebCore::addStyleRelation):
(WebCore::isFirstChildElement):
(WebCore::isFirstOfType):
(WebCore::countElementsBefore):
(WebCore::countElementsOfTypeBefore):
(WebCore::SelectorChecker::matchRecursively):
(WebCore::SelectorChecker::checkOne):
* css/SelectorChecker.h:
(WebCore::SelectorChecker::CheckingContext::CheckingContext):
* css/StyleMedia.cpp:
(WebCore::StyleMedia::matchMedium):
* css/StyleResolver.cpp:
(WebCore::StyleResolver::StyleResolver):
(WebCore::isAtShadowBoundary):
(WebCore::StyleResolver::styleForElement):

    Apply the style relations affecting current style immediately.
    Pass the rest to the client.

(WebCore::StyleResolver::styleForKeyframe):
(WebCore::StyleResolver::pseudoStyleForElement):
(WebCore::StyleResolver::pseudoStyleRulesForElement):
* css/StyleResolver.h:
(WebCore::ElementStyle::ElementStyle):
* cssjit/SelectorCompiler.cpp:
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelationIfResolvingStyle):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelation):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorCheckerExcludingPseudoElements):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateDirectAdjacentTreeWalker):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateIndirectAdjacentTreeWalker):
(WebCore::SelectorCompiler::addStyleRelationFunction):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsActive):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsEmpty):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsHovered):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsLastChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsOnlyChild):
(WebCore::SelectorCompiler::makeContextStyleUniqueIfNecessaryAndTestIsPlaceholderShown):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChildOf):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChildOf):
* dom/Document.cpp:
(WebCore::Document::styleForElementIgnoringPendingStylesheets):

    Apply style relations.

(WebCore::Document::updateLayoutIfDimensionsOutOfDate):
* dom/Element.cpp:
(WebCore::Element::styleResolver):
(WebCore::Element::resolveStyle):
(WebCore::Element::didDetachRenderers):
(WebCore::Element::resolveCustomStyle):

    Return ElementStyle (which contains style relations along with the render style).
    Rename for consistency.

(WebCore::Element::cloneAttributesFromElement):
(WebCore::Element::customStyleForRenderer): Deleted.
* dom/Element.h:
(WebCore::Element::isVisibleInViewportChanged):
* dom/PseudoElement.cpp:
(WebCore::PseudoElement::clearHostElement):
(WebCore::PseudoElement::resolveCustomStyle):
(WebCore::PseudoElement::didAttachRenderers):
(WebCore::PseudoElement::customStyleForRenderer): Deleted.
* dom/PseudoElement.h:
* html/HTMLTitleElement.cpp:
(WebCore::HTMLTitleElement::computedTextWithDirection):
* html/shadow/SliderThumbElement.cpp:
(WebCore::SliderThumbElement::hostInput):
(WebCore::SliderThumbElement::resolveCustomStyle):
(WebCore::SliderThumbElement::shadowPseudoId):
(WebCore::SliderContainerElement::createElementRenderer):
(WebCore::SliderContainerElement::resolveCustomStyle):
(WebCore::SliderContainerElement::shadowPseudoId):
(WebCore::SliderThumbElement::customStyleForRenderer): Deleted.
(WebCore::SliderContainerElement::customStyleForRenderer): Deleted.
* html/shadow/SliderThumbElement.h:
* html/shadow/TextControlInnerElements.cpp:
(WebCore::TextControlInnerElement::create):
(WebCore::TextControlInnerElement::resolveCustomStyle):
(WebCore::TextControlInnerTextElement::renderer):
(WebCore::TextControlInnerTextElement::resolveCustomStyle):
(WebCore::TextControlPlaceholderElement::TextControlPlaceholderElement):
(WebCore::TextControlPlaceholderElement::resolveCustomStyle):
(WebCore::TextControlInnerElement::customStyleForRenderer): Deleted.
(WebCore::TextControlInnerTextElement::customStyleForRenderer): Deleted.
(WebCore::TextControlPlaceholderElement::customStyleForRenderer): Deleted.
* html/shadow/TextControlInnerElements.h:
* rendering/RenderElement.cpp:
(WebCore::RenderElement::getUncachedPseudoStyle):
* rendering/RenderNamedFlowFragment.cpp:
(WebCore::RenderNamedFlowFragment::computeStyleInRegion):
(WebCore::RenderNamedFlowFragment::computeChildrenStyleInRegion):
* style/StyleRelations.cpp: Added.
(WebCore::Style::commitRelationsToRenderStyle):

    Commit relations affecting style that is being computed.

(WebCore::Style::commitRelationsToDocument):

    Commit relations that mutate document.

* style/StyleRelations.h: Added.

    Factor style relation data structures and functions to a file of their own.

(WebCore::Style::Relation::Relation):
* style/StyleSharingResolver.cpp:
(WebCore::Style::SharingResolver::styleSharingCandidateMatchesRuleSet):
* style/StyleTreeResolver.cpp:
(WebCore::Style::TreeResolver::styleForElement):

    Apply style relations.

* style/StyleTreeResolver.h:
* svg/SVGElement.cpp:
(WebCore::SVGElement::synchronizeSystemLanguage):
(WebCore::SVGElement::resolveCustomStyle):
(WebCore::SVGElement::customStyleForRenderer): Deleted.
* svg/SVGElement.h:
* svg/SVGElementRareData.h:
(WebCore::SVGElementRareData::overrideComputedStyle):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197764 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed EFL build fix after r197752.

Tools:

* Scripts/webkitperl/FeatureList.pm: Avoid MEDIA_STREAM
compilation by default until EFL bumps gstreamer to 1.6.

LayoutTests:

* platform/efl/TestExpectations: Avoid running the mediastream
tests until the support is implemented and compiled by default.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197754 268f45cc-cd09-0410-ab3c-d52691b4dbfc

One more unreviewed speculative buildfix after r197728.

* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::didFinishLoading):
(WebKit::NetworkResourceLoader::continueWillSendRequest):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197753 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[GTK] [EFL] Avoid running mediastream tests by default until we compile by default
https://bugs.webkit.org/show_bug.cgi?id=153540

Reviewed by Philippe Normand.

After bumping gstreamer to 1.6.3 in r196804 we can enable again
Tools:

compilation of mediastream and running the tests.

* Scripts/run-gtk-tests:
(TestRunner): Enable again the UserMedia API test.
* Scripts/webkitperl/FeatureList.pm: Enable the compilation of the
mediastream by default.
* gtk/jhbuild-webrtc.modules: Removed the specific jhbuild modules
file.
* gtk/jhbuild.modules: Bumped the openwebrtc version to the one we
are currently using.

LayoutTests:

compilation of mediastream and running the tests. We have updated
the expectations accordingly.

* platform/efl/TestExpectations:
* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197752 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed speculative buildfix after r197728.

* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoad):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197750 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[Fetch API] Implement fetch skeleton
https://bugs.webkit.org/show_bug.cgi?id=155111

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Importing basic fetch api tests.

* resources/ImportExpectations: Activating fetch/api/basic import.
* web-platform-tests/fetch/api/basic/accept-header-expected.txt: Added.
* web-platform-tests/fetch/api/basic/accept-header-worker-expected.txt: Added.
* web-platform-tests/fetch/api/basic/accept-header-worker.html: Added.
* web-platform-tests/fetch/api/basic/accept-header.html: Added.
* web-platform-tests/fetch/api/basic/accept-header.js: Added.
(promise_test):
* web-platform-tests/fetch/api/basic/integrity-expected.txt: Added.
* web-platform-tests/fetch/api/basic/integrity-worker-expected.txt: Added.
* web-platform-tests/fetch/api/basic/integrity-worker.html: Added.
* web-platform-tests/fetch/api/basic/integrity.html: Added.
* web-platform-tests/fetch/api/basic/integrity.js: Added.
(integrity):
* web-platform-tests/fetch/api/basic/mode-no-cors-expected.txt: Added.
* web-platform-tests/fetch/api/basic/mode-no-cors-worker-expected.txt: Added.
* web-platform-tests/fetch/api/basic/mode-no-cors-worker.html: Added.
* web-platform-tests/fetch/api/basic/mode-no-cors.html: Added.
* web-platform-tests/fetch/api/basic/mode-no-cors.js: Added.
(fetchNoCors):
* web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt: Added.
* web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt: Added.
* web-platform-tests/fetch/api/basic/mode-same-origin-worker.html: Added.
* web-platform-tests/fetch/api/basic/mode-same-origin.html: Added.
* web-platform-tests/fetch/api/basic/mode-same-origin.js: Added.
(fetchSameOrigin):
* web-platform-tests/fetch/api/basic/request-forbidden-headers-expected.txt: Added.
* web-platform-tests/fetch/api/basic/request-forbidden-headers-worker-expected.txt: Added.
* web-platform-tests/fetch/api/basic/request-forbidden-headers-worker.html: Added.
* web-platform-tests/fetch/api/basic/request-forbidden-headers.html: Added.
* web-platform-tests/fetch/api/basic/request-forbidden-headers.js: Added.
(requestForbiddenHeaders):
* web-platform-tests/fetch/api/basic/request-headers-expected.txt: Added.
* web-platform-tests/fetch/api/basic/request-headers-worker-expected.txt: Added.
* web-platform-tests/fetch/api/basic/request-headers-worker.html: Added.
* web-platform-tests/fetch/api/basic/request-headers.html: Added.
* web-platform-tests/fetch/api/basic/request-headers.js: Added.
(requestHeaders):
* web-platform-tests/fetch/api/basic/scheme-about-expected.txt: Added.
* web-platform-tests/fetch/api/basic/scheme-about-worker-expected.txt: Added.
* web-platform-tests/fetch/api/basic/scheme-about-worker.html: Added.
* web-platform-tests/fetch/api/basic/scheme-about.html: Added.
* web-platform-tests/fetch/api/basic/scheme-about.js: Added.
(checkFetchResponse):
(checkKoUrl):
* web-platform-tests/fetch/api/basic/scheme-blob-expected.txt: Added.
* web-platform-tests/fetch/api/basic/scheme-blob-worker-expected.txt: Added.
* web-platform-tests/fetch/api/basic/scheme-blob-worker.html: Added.
* web-platform-tests/fetch/api/basic/scheme-blob.html: Added.
* web-platform-tests/fetch/api/basic/scheme-blob.js: Added.
(checkFetchResponse):
(checkKoUrl):
* web-platform-tests/fetch/api/basic/scheme-data-expected.txt: Added.
* web-platform-tests/fetch/api/basic/scheme-data-worker-expected.txt: Added.
* web-platform-tests/fetch/api/basic/scheme-data-worker.html: Added.
* web-platform-tests/fetch/api/basic/scheme-data.html: Added.
* web-platform-tests/fetch/api/basic/scheme-data.js: Added.
(checkFetchResponse):
(checkKoUrl):
* web-platform-tests/fetch/api/basic/scheme-others-expected.txt: Added.
* web-platform-tests/fetch/api/basic/scheme-others-worker-expected.txt: Added.
* web-platform-tests/fetch/api/basic/scheme-others-worker.html: Added.
* web-platform-tests/fetch/api/basic/scheme-others.html: Added.
* web-platform-tests/fetch/api/basic/scheme-others.js: Added.
(checkKoUrl):
* web-platform-tests/fetch/api/basic/stream-response-expected.txt: Added.
* web-platform-tests/fetch/api/basic/stream-response-worker-expected.txt: Added.
* web-platform-tests/fetch/api/basic/stream-response-worker.html: Added.
* web-platform-tests/fetch/api/basic/stream-response.html: Added.
* web-platform-tests/fetch/api/basic/stream-response.js: Added.
(streamBody):
(promise_test.):
(promise_test):
* web-platform-tests/fetch/api/basic/w3c-import.log: Added.

Source/WebCore:

Adding skeleton code to call fetch API from normal and worker scopes.
Fetch API implementation is limited to reject the promise.

Updating the binding generator to fix the case of overloaded promise-returning functions.
Made overloaded utility functions "static inline".

Tests: imported/w3c/web-platform-tests/fetch/api/basic/accept-header-worker.html
       imported/w3c/web-platform-tests/fetch/api/basic/accept-header.html
       imported/w3c/web-platform-tests/fetch/api/basic/integrity-worker.html
       imported/w3c/web-platform-tests/fetch/api/basic/integrity.html
       imported/w3c/web-platform-tests/fetch/api/basic/mode-no-cors-worker.html
       imported/w3c/web-platform-tests/fetch/api/basic/mode-no-cors.html
       imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker.html
       imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin.html
       imported/w3c/web-platform-tests/fetch/api/basic/request-forbidden-headers-worker.html
       imported/w3c/web-platform-tests/fetch/api/basic/request-forbidden-headers.html
       imported/w3c/web-platform-tests/fetch/api/basic/request-headers-worker.html
       imported/w3c/web-platform-tests/fetch/api/basic/request-headers.html
       imported/w3c/web-platform-tests/fetch/api/basic/scheme-about-worker.html
       imported/w3c/web-platform-tests/fetch/api/basic/scheme-about.html
       imported/w3c/web-platform-tests/fetch/api/basic/scheme-blob-worker.html
       imported/w3c/web-platform-tests/fetch/api/basic/scheme-blob.html
       imported/w3c/web-platform-tests/fetch/api/basic/scheme-data-worker.html
       imported/w3c/web-platform-tests/fetch/api/basic/scheme-data.html
       imported/w3c/web-platform-tests/fetch/api/basic/scheme-others-worker.html
       imported/w3c/web-platform-tests/fetch/api/basic/scheme-others.html
       imported/w3c/web-platform-tests/fetch/api/basic/stream-response-worker.html
       imported/w3c/web-platform-tests/fetch/api/basic/stream-response.html

* CMakeLists.txt:
* DerivedSources.make:
* Modules/fetch/DOMWindowFetch.cpp: Added.
(WebCore::DOMWindowFetch::fetch):
* Modules/fetch/DOMWindowFetch.h: Added.
* Modules/fetch/DOMWindowFetch.idl: Added.
* Modules/fetch/WorkerGlobalScopeFetch.cpp: Added.
(WebCore::WorkerGlobalScopeFetch::fetch):
* Modules/fetch/WorkerGlobalScopeFetch.h: Added.
* Modules/fetch/WorkerGlobalScopeFetch.idl: Added.
* WebCore.xcodeproj/project.pbxproj:
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation): Fixing the case of overloaded promise-returning functions.
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod1):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod2):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod3):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod4):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod5):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod6):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod8):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod9):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod10):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod11):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod12):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithOptionalParameter1):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithOptionalParameter2):
(WebCore::jsTestObjConstructorFunctionOverloadedMethod11):
(WebCore::jsTestObjConstructorFunctionOverloadedMethod12):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction1):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction1Promise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction2):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction2Promise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod): Deleted.
(WebCore::jsTestObjConstructorFunctionClassMethod2): Deleted.
(WebCore::jsTestObjPrototypeFunctionAny): Deleted.
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionPromise): Deleted.
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithFloatArgumentPromise): Deleted.
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithExceptionPromise): Deleted.
* bindings/scripts/test/TestObj.idl:

LayoutTests:

* TestExpectations: Marking some tests as flaky.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197748 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[Fetch API] Make FetchRequest and FetchResponse ActiveDOMObject
https://bugs.webkit.org/show_bug.cgi?id=154729

Reviewed by Darin Adler.

Covered by existing tests.

Making FetchRequest and FetchResponse ActiveDOMObject.
Both objects can always be suspended now.
This might be updated when blob conversion is added or when fetching data to fill in FetchResponse.

* Modules/fetch/FetchRequest.cpp:
(WebCore::FetchRequest::create):
(WebCore::FetchRequest::clone):
(WebCore::FetchRequest::activeDOMObjectName):
(WebCore::FetchRequest::canSuspendForDocumentSuspension):
* Modules/fetch/FetchRequest.h:
(WebCore::FetchRequest::FetchRequest):
* Modules/fetch/FetchRequest.idl:
* Modules/fetch/FetchResponse.cpp:
(WebCore::FetchResponse::error):
(WebCore::FetchResponse::redirect):
(WebCore::FetchResponse::FetchResponse):
(WebCore::FetchResponse::clone):
(WebCore::FetchResponse::activeDOMObjectName):
(WebCore::FetchResponse::canSuspendForDocumentSuspension):
* Modules/fetch/FetchResponse.h:
(WebCore::FetchResponse::create):
* Modules/fetch/FetchResponse.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197744 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Web Inspector: Make WebAutomationSession::closeBrowsingContext work as expected

https://bugs.webkit.org/show_bug.cgi?id=155162
rdar://problem/25027191

Reviewed by Brian Burg.

* UIProcess/Automation/WebAutomationSession.cpp:
(WebKit::WebAutomationSession::closeBrowsingContext):
Call closePage, the same method ultimately used by window.close().

* UIProcess/WebPageProxy.h: Make closePage public.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197742 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[SVG2] Implement marker orient='auto-start-reverse'
https://bugs.webkit.org/show_bug.cgi?id=138456

Patch by Nikos Andronikos <nikos.andronikos-webkit@cisra.canon.com.au> on 2016-03-08
Reviewed by Darin Adler.

Source/WebCore:

https://www.w3.org/TR/SVG2/painting.html#OrientAttribute
marker-start markers must be oriented at 180 degrees to the direction of the path when
the orient attribute of the marker is set to 'auto-start-reverse'.

To acheive this the SVGMarkerData class which calculates the angles for each marker on
a path must know whether the orient type is set to reverse the start marker.

Tests: svg/animations/animate-marker-orient-from-angle-to-autostartreverse.html
       svg/animations/animate-marker-orienttype-4.html
       svg/custom/marker-auto-start-reverse.html

* rendering/svg/RenderSVGShape.cpp:
(WebCore::RenderSVGShape::processMarkerPositions):
  Create marker data, using animated value of orient to determine
  if first marker should be reversed.
* rendering/svg/SVGMarkerData.h:
(WebCore::SVGMarkerData::SVGMarkerData):
  Constructor now requires boolean indicating if start marker is
  reversed.
(WebCore::SVGMarkerData::currentAngle):
  Take into account whether start marker should be reversed.
* rendering/svg/SVGResources.cpp:
(WebCore::SVGResources::markerReverseStart):
  New function to query whether start marker should be reversed.
* rendering/svg/SVGResources.h:
  Add declaration for new function.
* svg/SVGAnimatedAngle.cpp:
(WebCore::SVGAnimatedAngleAnimator::calculateAnimatedValue):
  Support animation including the value auto-start-reverse.
* svg/SVGMarkerElement.cpp:
(WebCore::SVGMarkerElement::setOrient):
  Combine duplicated functionality into one private method
(WebCore::SVGMarkerElement::setOrientToAuto):
  Set orient type and angle correctly for orient=auto. Uses setOrient.
(WebCore::SVGMarkerElement::setOrientToAngle):
  Set orient type and angle correctly for orient=<angle>. Uses setOrient.
(WebCore::SVGMarkerElement::synchronizeOrientType):
  Support auto-start-reverse as a possible case.
* svg/SVGMarkerElement.h:
(WebCore::SVGIDLEnumLimits<SVGMarkerOrientType>::highestExposedEnumValue):
  Limit the orient DOM property so that the new enum value
  required for auto-start-reverse is not exposed.
(WebCore::SVGPropertyTraits<SVGMarkerOrientType>::highestEnumValue):
  Support auto-start-reverse.
(WebCore::SVGPropertyTraits<SVGMarkerOrientType>::fromString):
  Support auto-start-reverse.

LayoutTests:

* svg/animations/animate-marker-orient-from-angle-to-autostartreverse-expected.txt: Added.
* svg/animations/animate-marker-orient-from-angle-to-autostartreverse.html: Added.
* svg/animations/animate-marker-orienttype-4-expected.html: Added.
* svg/animations/animate-marker-orienttype-4.html: Added.
  Verify output after animation has run - ensure animation reflected in visual result.
* svg/animations/script-tests/animate-marker-orient-from-angle-to-autostartreverse.js: Added.
  Test DOM values at various snap-shot times throughout the animation.
(sample1):
(sample2):
(sample3):
(executeTest):
* svg/custom/marker-auto-start-reverse-expected.html: Added.
* svg/custom/marker-auto-start-reverse.html: Added.
  Verify static result - start marker is oriented at 180 degrees to direction of path.
* svg/dom/SVGAnimatedEnumeration-SVGMarkerElement-expected.txt:
* svg/dom/script-tests/SVGAnimatedEnumeration-SVGMarkerElement.js:
  Check attributes are treated as case sensitive.
  Check UNKNOWN is returned for enum value when auto-start-reverse set.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197738 268f45cc-cd09-0410-ab3c-d52691b4dbfc

REGRESSION(r197062): [GTK] Transparent backgrounds no longer work after r197062
https://bugs.webkit.org/show_bug.cgi?id=155119

Reviewed by Martin Robinson.

This is because after r197062 we are now realizing the view too
early, even before the toplevel window has been realized, forcing
the toplevel window to be realized. If the RGBA visual is set on
the window after it has been realzied it doesn't have any
effect. We should wait until the toplevel window is realized to
realize the web view, giving time to the application to set RGBA
visual and background color. If the toplevel window is already
realized we realize the web view immediately, so that this doesn't
affect the tearing problems fixed in r197062.

* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(toplevelWindowRealized):
(webkitWebViewBaseSetToplevelOnScreenWindow):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197733 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[ES6] Implement revocable proxies
https://bugs.webkit.org/show_bug.cgi?id=154321

Reviewed by Mark Lam.

This patch is a straight forward implementation of Proxy.revocable
with respect to section 26.2.2.1 of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy.revocable

This patch also fixes a bug in Proxy where we
were incorrectly caching "in", i.e, `"x" in proxy`.
We should never blatantly cache this because caching is observable
behavior by users of the language. We could come up with
a smarter caching scheme that caches only if the Proxy's
handler doesn't have a "has" property, i.e, we don't have
to call out to JS code. But for now, it's easiest to disable
caching.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::moduleRecordStructure):
(JSC::JSGlobalObject::moduleNamespaceObjectStructure):
(JSC::JSGlobalObject::proxyObjectStructure):
(JSC::JSGlobalObject::proxyRevokeStructure):
(JSC::JSGlobalObject::wasmModuleStructure):
* runtime/ProxyConstructor.cpp:
(JSC::ProxyConstructor::create):
(JSC::ProxyConstructor::ProxyConstructor):
(JSC::makeRevocableProxy):
(JSC::proxyRevocableConstructorThrowError):
(JSC::ProxyConstructor::finishCreation):
(JSC::constructProxyObject):
* runtime/ProxyConstructor.h:
(JSC::ProxyConstructor::createStructure):
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::finishCreation):
(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::performPut):
(JSC::performProxyCall):
(JSC::performProxyConstruct):
(JSC::ProxyObject::performDelete):
(JSC::ProxyObject::performPreventExtensions):
(JSC::ProxyObject::performIsExtensible):
(JSC::ProxyObject::performDefineOwnProperty):
(JSC::ProxyObject::performGetOwnPropertyNames):
(JSC::ProxyObject::performSetPrototype):
(JSC::ProxyObject::performGetPrototype):
(JSC::ProxyObject::getPrototype):
(JSC::ProxyObject::revoke):
(JSC::ProxyObject::visitChildren):
* runtime/ProxyObject.h:
(JSC::ProxyObject::create):
* runtime/ProxyRevoke.cpp: Added.
(JSC::ProxyRevoke::create):
(JSC::ProxyRevoke::ProxyRevoke):
(JSC::ProxyRevoke::finishCreation):
(JSC::performProxyRevoke):
(JSC::ProxyRevoke::getCallData):
(JSC::ProxyRevoke::visitChildren):
* runtime/ProxyRevoke.h: Added.
(JSC::ProxyRevoke::createStructure):
(JSC::ProxyRevoke::proxy):
(JSC::ProxyRevoke::setProxyToNull):
* tests/stress/proxy-has-property.js:
(assert):
(assert.let.handler.has):
(assert.let.foo):
* tests/stress/proxy-revoke.js: Added.
(assert):
(throw.new.Error.):
(throw.new.Error):
(callAllHandlers):
(shouldThrowNullHandler):
(allHandlersShouldThrow):
(i.let.trap.of.traps.trap.string_appeared_here.func):
(i.let.trap.of.traps.else.func):
(i.Proxy.revocable):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197732 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Fix the ARM build after r197687
https://bugs.webkit.org/show_bug.cgi?id=155128

Reviewed by Saam Barati.

* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::moveZeroToDouble):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197731 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Reduce the number of instructions needed to record the last regexp result
https://bugs.webkit.org/show_bug.cgi?id=155161

Reviewed by Sam Weinig.

This tightens up RegExpCachedResult::record(). My profiling shows that we spend just
over 1% of the time in Octane/regexp in this function. This function had two obvious
redundancies:

1) It executed the write barrier on owner twice. It only needs to execute it once. Since
   the same RegExpConstructor is likely to be used many times, it makes sense to do the
   barrier without looking at the 'to' objects at all. In steady state, this means that
   the RegExpConstructor will simply be OldGrey so this one barrier will always skip the
   slow path.

2) It cleared some fields that didn't need to be cleared, since we can just use
   m_reified to indicate that the fields are not meaningful anymore.

This is meant to be a microscopic regexp speed-up.

* runtime/RegExpCachedResult.cpp:
(JSC::RegExpCachedResult::visitChildren):
(JSC::RegExpCachedResult::lastResult):
* runtime/RegExpCachedResult.h:
(JSC::RegExpCachedResult::record):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197730 268f45cc-cd09-0410-ab3c-d52691b4dbfc

createRegExpMatchesArray should allocate substrings more quickly
https://bugs.webkit.org/show_bug.cgi?id=155160

Reviewed by Sam Weinig.

This was calling a version of jsSubstring() that isn't inlineable because it was doing a lot
of checks in finishCreation(). In particular, it was checking that the base string is not
itself a substring and that it's been resolved. We don't need those checks here, since the
string must have been resolved prior to regexp processing.

This patch is also smart about whether to do checks for the empty and full substrings. In
the matches array loop, these checks are super unlikely to be profitable, so we just
unconditionally allocate the substring.

This removes those checks and makes the allocation inlineable. It looks like a 1% speed-up
on Octane/regexp.

* runtime/JSString.h:
(JSC::jsSubstring):
(JSC::jsSubstringOfResolved):
* runtime/RegExpMatchesArray.cpp:
(JSC::createRegExpMatchesArray):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197729 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Enhance logging: Use "always on" macros
https://bugs.webkit.org/show_bug.cgi?id=154499
<rdar://problem/24757730>

Patch by Keith Rollin <krollin@apple.com> on 2016-03-07
Reviewed by Chris Dumez.

Source/WebCore:

Make use of new logging macros by reporting on frame and resource
load activity.

Add new logging to memory pressure handler to show when it's called
and its effectiveness. As part of this change, the various
platform-specific implementations have been unified.

No new tests. No new basic functionality has been added. Only new
logging has been added in release mode or has been enabled to execute
in release mode as well as debug mode.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::prepareForLoadStart):
(WebCore::FrameLoader::checkLoadCompleteForThisFrame):
(WebCore::FrameLoader::isAlwaysOnLoggingAllowed):
* loader/FrameLoader.h:
* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::isAlwaysOnLoggingAllowed):
* loader/ResourceLoader.h:
* page/Frame.cpp:
(WebCore::Frame::isAlwaysOnLoggingAllowed):
* page/Frame.h:
* page/Page.cpp:
(WebCore::Page::isAlwaysOnLoggingAllowed):
* page/Page.h:
* page/SessionID.h:
(WebCore::SessionID::isAlwaysOnLoggingAllowed):
* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::ReliefLogger::logMemoryUsageChange):
(WebCore::MemoryPressureHandler::ReliefLogger::platformLog): Deleted.
* platform/MemoryPressureHandler.h:
(WebCore::MemoryPressureHandler::ReliefLogger::ReliefLogger):
(WebCore::MemoryPressureHandler::ReliefLogger::~ReliefLogger):
* platform/cocoa/MemoryPressureHandlerCocoa.mm:
(WebCore::MemoryPressureHandler::ReliefLogger::platformLog): Deleted.
* platform/linux/MemoryPressureHandlerLinux.cpp:
(WebCore::MemoryPressureHandler::ReliefLogger::platformLog): Deleted.
* platform/win/MemoryPressureHandlerWin.cpp:
(WebCore::MemoryPressureHandler::ReliefLogger::platformLog): Deleted.

Source/WebKit2:

Make use of new logging macros by reporting on frame and resource
load activity.

Connection updated to report IPC errors, helping us identify when
messaging between processes breaks down.

ChildProcess updated to log if it is terminating early. Some
sysdiagnose logging from customers indicate that this is happening in
the wild.

* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::startNetworkLoad):
(WebKit::NetworkResourceLoader::didFinishLoading):
(WebKit::NetworkResourceLoader::didFailLoading):
(WebKit::NetworkResourceLoader::continueWillSendRequest):
(WebKit::NetworkResourceLoader::isAlwaysOnLoggingAllowed):
* NetworkProcess/NetworkResourceLoader.h:
* Platform/IPC/Connection.cpp:
(IPC::Connection::waitForSyncReply):
* Shared/ChildProcess.cpp:
(WebKit::didCloseOnConnectionWorkQueue):
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoad):
* WebProcess/Network/WebResourceLoader.cpp:
(WebKit::WebResourceLoader::willSendRequest):
(WebKit::WebResourceLoader::didReceiveResponse):
(WebKit::WebResourceLoader::didReceiveData):
(WebKit::WebResourceLoader::didFinishResourceLoad):
(WebKit::WebResourceLoader::didFailResourceLoad):
(WebKit::WebResourceLoader::didReceiveResource):
(WebKit::WebResourceLoader::isAlwaysOnLoggingAllowed):
* WebProcess/Network/WebResourceLoader.h:

Source/WTF:

Update LOG_ALWAYS and LOG_ALWAYS_ERROR macros to take an expression to
be evaluated. If the expression evaluates to True, the associated
message is logged. This facility is used to prevent logging from being
performed in private sessions, but it could be extended to prevent
logging under other circumstances as well.

* wtf/Assertions.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197728 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Align HTMLCanvasElement.width / height with the specification
https://bugs.webkit.org/show_bug.cgi?id=155156

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-embedded-expected.txt:

Source/WebCore:

Align HTMLCanvasElement.width / height with the specification:
- https://html.spec.whatwg.org/multipage/scripting.html#dom-canvas-width
- https://html.spec.whatwg.org/multipage/scripting.html#attr-canvas-width

In particular, the following changes were made:
1. The attributes are now 'unsigned long' instead of 'long'
2. The corresponding content attributes are parsed as per the HTML rules
   for passing non-negative integers.
3. Upon setting, if the value is out-of-range, the content attributes is
   set to its default value.

No new tests, already covered by existing test.

* html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::setHeight):
(WebCore::HTMLCanvasElement::setWidth):
(WebCore::HTMLCanvasElement::reset):
* html/HTMLCanvasElement.h:
* html/HTMLCanvasElement.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197727 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Stop clamping HTMLElement.tabIndex to the range of a short
https://bugs.webkit.org/show_bug.cgi?id=155159

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-embedded-expected.txt:
* web-platform-tests/html/dom/reflection-forms-expected.txt:
* web-platform-tests/html/dom/reflection-grouping-expected.txt:
* web-platform-tests/html/dom/reflection-metadata-expected.txt:
* web-platform-tests/html/dom/reflection-misc-expected.txt:
* web-platform-tests/html/dom/reflection-obsolete-expected.txt:
* web-platform-tests/html/dom/reflection-sections-expected.txt:
* web-platform-tests/html/dom/reflection-tabular-expected.txt:
* web-platform-tests/html/dom/reflection-text-expected.txt:

Source/WebCore:

Stop clamping HTMLElement.tabIndex to the range of a short. We
apparently did this to match Firefox. However, this no longer matches
Firefox's behavior nor the HTML specification:
- https://html.spec.whatwg.org/multipage/interaction.html#dom-tabindex

No new tests, already covered by existing test.

* dom/Element.cpp:
(WebCore::Element::setTabIndexExplicitly):
(WebCore::Element::tabIndex):
* dom/Element.h:
* dom/ElementRareData.h:
(WebCore::ElementRareData::tabIndex):
(WebCore::ElementRareData::setTabIndexExplicitly):
* html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::tabIndex):
* html/HTMLAnchorElement.h:
* html/HTMLElement.cpp:
(WebCore::HTMLElement::parseAttribute):
(WebCore::HTMLElement::tabIndex):
* html/HTMLElement.h:
* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::tabIndex):
* html/HTMLFormControlElement.h:
* page/FocusController.cpp:
(WebCore::nextElementWithGreaterTabIndex):
(WebCore::FocusController::previousFocusableElement):
* svg/SVGAElement.cpp:
(WebCore::SVGAElement::tabIndex):
* svg/SVGAElement.h:
* svg/SVGElement.cpp:
(WebCore::SVGElement::tabIndex):
(WebCore::SVGElement::parseAttribute):
* svg/SVGElement.h:

LayoutTests:

Drop outdated test.

* fast/dom/tabindex-clamp-expected.txt: Removed.
* fast/dom/tabindex-clamp.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197726 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[JSC] Small clean up of how we use SSA's valuesAtHead
https://bugs.webkit.org/show_bug.cgi?id=155152

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-07
Reviewed by Filip Pizlo.

liveAtHead and valuesAtHead contain the same nodes,
we do not need the extra look up.

This also opens the way to use the same kind of liveness
analysis as Air (where live values at head do not use a set).

* dfg/DFGInPlaceAbstractState.cpp:
(JSC::DFG::InPlaceAbstractState::beginBasicBlock):
(JSC::DFG::InPlaceAbstractState::merge):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197725 268f45cc-cd09-0410-ab3c-d52691b4dbfc

CSP: Source '*' should not match URLs with schemes blob, data, or filesystem
https://bugs.webkit.org/show_bug.cgi?id=154122
<rdar://problem/24613336>

Reviewed by Brent Fulgham.

Source/WebCore:

Restrict matching of source expression * to HTTP or HTTPS URLs for all directives except
img-src and media-src. This policy is more restrictive than the policy described in section
Matching Source Expressions of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721>,
which restricts matching * to schemes that are not blob, data, or filesystem.

For directive img-src we restrict matching of * to HTTP, HTTPS, and data URLs. For directive
media-src we restrict matching of * to HTTP, HTTPS, data URLs and blob URLs. We use a
more lenient interpretation of * for directives img-src and media-src than required by
the spec. to mitigate web compatibility issues.

Tests: fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html
       fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star.html
       fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star.html
       fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star.html
       fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star.html
       fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star.html
       http/tests/security/contentSecurityPolicy/image-with-http-url-allowed-by-csp-img-src-star.html
       http/tests/security/contentSecurityPolicy/image-with-https-url-allowed-by-csp-img-src-star.html
       http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star.html
       http/tests/security/contentSecurityPolicy/link-with-http-url-allowed-by-csp-style-src-star.html
       http/tests/security/contentSecurityPolicy/link-with-https-url-allowed-by-csp-style-src-star.html
       http/tests/security/contentSecurityPolicy/video-with-http-url-allowed-by-csp-media-src-star.html
       http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html
       media/video-with-blob-url-allowed-by-csp-media-src-star.html
       media/video-with-data-url-allowed-by-csp-media-src-star.html
       media/video-with-file-url-blocked-by-csp-media-src-star.html

* page/csp/ContentSecurityPolicySourceList.cpp:
(WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar): Added.
(WebCore::ContentSecurityPolicySourceList::matches): Modified to only match * if ContentSecurityPolicySourceList::isProtocolAllowedByStar().
evaluates to true.
* page/csp/ContentSecurityPolicySourceList.h:

LayoutTests:

Add tests to ensure that we do not regress our interpretation of * with respect to directives
img-src, media-src, style-src, and default-src.

When running in WebKitTestRunner, skip the tests fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html
and media/video-with-blob-url-allowed-by-csp-media-src-star.html as they make use of eventSender.beginDragWithFiles(),
which is not implement. We will need to fix <https://bugs.webkit.org/show_bug.cgi?id=64285>
before we can run these tests in WebKitTestRunner.

* TestExpectations:
* fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star-expected.html: Added.
* fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html: Added.
* fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star-expected.html: Added.
* fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star.html: Added.
* fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star-expected.html: Added.
* fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star.html: Added.
* fast/dom/HTMLImageElement/resources/green.png: Added.
* fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star-expected.html: Added.
* fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star.html: Added.
* fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star-expected.html: Added.
* fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star.html: Added.
* fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star-expected.html: Added.
* fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star.html: Added.
* fast/dom/HTMLLinkElement/resources/red-background-color.css: Added.
(#test):
* http/tests/security/contentSecurityPolicy/image-with-http-url-allowed-by-csp-img-src-star-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/image-with-http-url-allowed-by-csp-img-src-star.html: Added.
* http/tests/security/contentSecurityPolicy/image-with-https-url-allowed-by-csp-img-src-star-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/image-with-https-url-allowed-by-csp-img-src-star.html: Added.
* http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star.html: Added.
* http/tests/security/contentSecurityPolicy/link-with-http-url-allowed-by-csp-style-src-star-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/link-with-http-url-allowed-by-csp-style-src-star.html: Added.
* http/tests/security/contentSecurityPolicy/link-with-https-url-allowed-by-csp-style-src-star-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/link-with-https-url-allowed-by-csp-style-src-star.html: Added.
* http/tests/security/contentSecurityPolicy/video-with-http-url-allowed-by-csp-media-src-star-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/video-with-http-url-allowed-by-csp-media-src-star.html: Added.
* http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html: Added.
* media/video-with-blob-url-allowed-by-csp-media-src-star-expected.html: Added.
* media/video-with-blob-url-allowed-by-csp-media-src-star.html: Added.
* media/video-with-data-url-allowed-by-csp-media-src-star-expected.html: Added.
* media/video-with-data-url-allowed-by-csp-media-src-star.html: Added.
* media/video-with-file-url-blocked-by-csp-media-src-star-expected.html: Added.
* media/video-with-file-url-blocked-by-csp-media-src-star.html: Added.
* platform/wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197724 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Add ability to retrieve raw data from release harness
https://bugs.webkit.org/show_bug.cgi?id=155026

Reviewed by Simon Fraser.

* Animometer/developer.html: Remove the special UI in the debug
harness.
* Animometer/resources/runner/animometer.css: Add styles for the
overlay.
* Animometer/resources/runner/animometer.js: Let 'j' show the JSON
results, but only if the overlay doesn't exist. Add 'esc' key to dismiss
the overlay.
(window.benchmarkController.selectResults): Cycle the cases around
so that the first 's' press selects both the benchmark score and
the individual test scores.
* Animometer/resources/debug-runner/animometer.css: Remove
unneeded rules.
* Animometer/resources/debug-runner/animometer.js: Make the same
call to handleKeyPress.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197723 268f45cc-cd09-0410-ab3c-d52691b4dbfc

bmalloc: Use List<T> instead of Vector<T> in some places
https://bugs.webkit.org/show_bug.cgi?id=155150

Reviewed by Andreas Kling.

Vector<T> is expensive when you want a lot of them because our minimum
allocation size is the system page size.

* bmalloc.xcodeproj/project.pbxproj: Added a List<T> class.

* bmalloc/Heap.cpp:
(bmalloc::Heap::scavengeSmallPages):
(bmalloc::Heap::allocateSmallPage): Use the List<T> API. No need to check
for stale entries anymore because List<T> supports O(1) eager removal
and we remove eagerly now.

(bmalloc::Heap::deallocateSmallLine): Remove eagerly. This simplifies
the allocation code and it is also required for correctness since we
only have enough metadata to be in one list at a time.

* bmalloc/Heap.h: List!

* bmalloc/SmallChunk.h: Made this assert a little more precise since this
patch triggered the old version in a benign way.

(bmalloc::SmallChunk::SmallChunk): This code moved to the SmallPage
constructor.

* bmalloc/SmallPage.h:
(bmalloc::SmallPage::SmallPage): Accomodate the List<T> data structure.
This is a net memory savings on Mac for heaps smaller than ~128MB and on
iOS for heaps smaller than ~512MB. The maximum memory saved is 512kB on
Mac and 2MB on iOS. For larger heaps, there's a memory cost of 0.4% on
Mac and 0.1% on iOS.

* bmalloc/VMHeap.h:
(bmalloc::VMHeap::allocateSmallPage): Use List<T> API.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197722 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Reduce startup and shutdown cost of resource load statistics
https://bugs.webkit.org/show_bug.cgi?id=155120
<rdar://problem/25010167>

Reviewed by Andy Estes.

Source/WebCore:

Move all file-related code out of WebCore.

* loader/ResourceLoadStatisticsStore.cpp:
(WebCore::ResourceLoadStatisticsStore::create): Deleted path overload.
(WebCore::ResourceLoadStatisticsStore::createEncoderFromData): Added.
(WebCore::ResourceLoadStatisticsStore::readDataFromDecoder): Added.
(WebCore::ResourceLoadStatisticsStore::ResourceLoadStatisticsStore): Deleted.
(WebCore::ResourceLoadStatisticsStore::writeDataToDisk): Deleted.
(WebCore::ResourceLoadStatisticsStore::setStatisticsStorageDirectory): Deleted.
(WebCore::ResourceLoadStatisticsStore::persistentStoragePath): Deleted.
(WebCore::ResourceLoadStatisticsStore::readDataFromDiskIfNeeded): Deleted.
(WebCore::ResourceLoadStatisticsStore::createDecoderFromDisk): Deleted.
(WebCore::ResourceLoadStatisticsStore::writeEncoderToDisk): Deleted.
* loader/ResourceLoadStatisticsStore.h:
(WebCore::ResourceLoadStatisticsStore::clear): Added.

Source/WebKit/mac:

Remove the Resource Load Statistics stuff from WK1, now that it is up and
running in WK2.

* WebView/WebView.mm:
(-[WebView _preferencesChanged:]): Remove call to read resource load
statistics from disk.
(+[WebView _applicationWillTerminate]): Remove call to write resource load
statistics to disk.

Source/WebKit2:

Use a dedicated WorkQueue to process resource load statistics data. Allow
processing to load (and save) previously stored statistics asynchronously so
that it does not delay startup.

Now that we have a more rational storage situation, get rid of the 'writeToDisk'
method since it is no longer needed in the WK2 layer.

Move all of the Resource Load Statistics file handling code from WebCore to this
API layer.

* UIProcess/WebResourceLoadStatisticsStore.cpp:
(WebKit::WebResourceLoadStatisticsStore::WebResourceLoadStatisticsStore): Initialize
member variable with storage path, rather than passing to WebCore code.
(WebKit::WebResourceLoadStatisticsStore::resourceLoadStatisticsUpdated): Revised to
use the new WorkQueue code.
(WebKit::WebResourceLoadStatisticsStore::setResourceLoadStatisticsEnabled): When
activating the feature, purge any old statistics before loading from disk.
(WebKit::WebResourceLoadStatisticsStore::readDataFromDiskIfNeeded): Added.
(WebKit::WebResourceLoadStatisticsStore::processWillOpenConnection): Added.
(WebKit::WebResourceLoadStatisticsStore::processDidCloseConnection): Added.
(WebKit::WebResourceLoadStatisticsStore::applicationWillTerminate): Make sure all
of the WorkQueue tasks are done before terminating.
(WebKit::WebResourceLoadStatisticsStore::persistentStoragePath): Moved from WebCore.
(WebKit::WebResourceLoadStatisticsStore::writeEncoderToDisk): Ditto.
(WebKit::WebResourceLoadStatisticsStore::createDecoderFromDisk): Ditto.
(WebKit::WebResourceLoadStatisticsStore::writeToDisk): Deleted.
* UIProcess/WebResourceLoadStatisticsStore.h:
(WebKit::WebResourceLoadStatisticsStore::coreStore):
* UIProcess/WebsiteData/WebsiteDataStore.cpp:
(WebKit::WebsiteDataStore::webProcessWillOpenConnection): Call new WebResourceLoadStatisticsStore code.
(WebKit::WebsiteDataStore::webProcessDidCloseConnection): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197721 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Fix cookies with private browsing and NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=155147
rdar://problem/25018279

Reviewed by Brady Eidson.

Source/WebKit2:

In the NetworkSession constructor, we look for a NetworkStorageSession in the SessionTracker
and use that NetworkStorageSession's CFHTTPCookieStorageRef in the NSURLSessionConfiguration.
NetworkStorageSessions were being set in SessionTracker's storageSessionMap after NetworkSessions
were created, causing the NSHTTPCookieStorage of the NSURLSession to be different from the
CFHTTPCookieStorageRef used by document.cookie in newly created private browsing sessions.
This fixes that problem by passing the NetworkStorageSession as a constructor parameter to the
NetworkSession so it can use the correct CFHTTPCookieStorageRef in its NSURLSessionConfiguration
before it is in the storageSessionMap.

* NetworkProcess/NetworkSession.h:
(WebKit::NetworkSession::sessionID):
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(WebKit::NetworkSession::defaultSession):
(WebKit::NetworkSession::NetworkSession):
* NetworkProcess/mac/RemoteNetworkingContext.mm:
(WebKit::RemoteNetworkingContext::ensurePrivateBrowsingSession):
* WebProcess/WebCoreSupport/mac/WebFrameNetworkingContext.mm:
(WebKit::WebFrameNetworkingContext::ensurePrivateBrowsingSession):

LayoutTests:

* http/tests/cookies/private-cookie-storage-expected.txt: Added.
* http/tests/cookies/private-cookie-storage.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197720 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Update perf bot configuration for Animometer
https://bugs.webkit.org/show_bug.cgi?id=155134

Reviewed by Ryosuke Niwa.

* Scripts/webkitpy/benchmark_runner/data/patches/Animometer.patch: Refactor the patch
to work with the latest version of the harness.
* Scripts/webkitpy/benchmark_runner/data/plans/animometer.plan: Bump up the timeout,
and use the latest version of the harness.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197719 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Marking media/track/track-cues-pause-on-exit.html as flaky on ElCapitan Debug WK2
https://bugs.webkit.org/show_bug.cgi?id=155151

Unreviewed test gardening.

* platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197718 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Web Inspector: the protocol generator should generate factory method stubs for protocol types
https://bugs.webkit.org/show_bug.cgi?id=155103
<rdar://problem/25002772>

Reviewed by Timothy Hatcher.

Generate stubs with unique names so that parsing methods can be used
reflectively at runtime, based on the protocol version that's loaded.

* JavaScriptCore.xcodeproj/project.pbxproj:
* inspector/scripts/codegen/__init__.py:
* inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
Added. For each type in a domain, add a method of the form
-[ProtocolTypeConversions _parseXXX:fromPayload]. This is in a category
method, and the selector is only ever looked up at runtime.

(ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
* inspector/scripts/generate-inspector-protocol-bindings.py:
(generate_from_specification):

Rebaseline test results with new generator output.

* inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
* inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
* inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
* inspector/scripts/tests/expected/enum-values.json-result:
* inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
* inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
* inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
* inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
* inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
* inspector/scripts/tests/expected/type-declaration-array-type.json-result:
* inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
* inspector/scripts/tests/expected/type-declaration-object-type.json-result:
* inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197717 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Crash in WebCore::RenderElement::containingBlockForObjectInFlow
https://bugs.webkit.org/show_bug.cgi?id=155109

Reviewed by Simon Fraser.

It's unsafe to call containingBlock() on RenderView.

Unable to reproduce.

* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::styleWillChange):
(WebCore::RenderBlock::isSelfCollapsingBlock):
(WebCore::RenderBlock::selectionGaps):
* rendering/RenderBox.cpp:
(WebCore::RenderBox::borderBoxRectInRegion):
(WebCore::RenderBox::computePercentageLogicalHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightUsing):
(WebCore::logicalWidthIsResolvable):
(WebCore::RenderBox::percentageLogicalHeightIsResolvableFromBlock):
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::hasAutoHeightOrContainingBlockWithAutoHeight):
* rendering/RenderFlowThread.cpp:
(WebCore::RenderFlowThread::adjustedPositionRelativeToOffsetParent):
(WebCore::RenderFlowThread::offsetFromLogicalTopOfFirstRegion):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::hasCompositedLayerInEnclosingPaginationChain):
(WebCore::RenderLayer::updatePagination):
(WebCore::inContainingBlockChain):
* rendering/RenderMultiColumnFlowThread.cpp:
(WebCore::isValidColumnSpanner):
* rendering/RenderNamedFlowThread.cpp:
(WebCore::RenderNamedFlowThread::decorationsClipRectForBoxInNamedFlowFragment):
* rendering/RenderObject.cpp:
(WebCore::hasFixedPosInNamedFlowContainingBlock):
* rendering/RenderReplaced.cpp:
(WebCore::firstContainingBlockWithLogicalWidth):
* rendering/RenderView.cpp:
(WebCore::RenderView::subtreeSelectionBounds):
(WebCore::RenderView::repaintSubtreeSelection):
(WebCore::RenderView::clearSubtreeSelection):
(WebCore::RenderView::applySubtreeSelection):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197716 268f45cc-cd09-0410-ab3c-d52691b4dbfc

RegExp.prototype.exec() should call into Yarr at most once
https://bugs.webkit.org/show_bug.cgi?id=155139

Reviewed by Saam Barati.

For apparently no good reason, RegExp.prototype.match() was calling into Yarr twice, almost
as if it was hoping that the non-matching case was so common that it was best to have the
matching case do the work all over again.

This is a 4% speed-up on Octane/regexp. It's also a matter of common sense: we should not be
in the business of presuming whether someone's match will succeed or fail. The increased
cost of running Yarr twice is so much larger than whatever savings we were getting from
running a match-only regexp that this is just not a good overall deal for the engine.

Also, it's interesting that we are seeing a 4% speed-up on regexp despite the fact that a
majority (almost a supermajority, I think) of calls into RegExp.prototype.match() are failed
matches. So, this change is a 4% speed-up despite being a slow down on the common case. That
tells you just how bad the old behavior was on the uncommon case.

* runtime/MatchResult.h:
(MatchResult::MatchResult):
(MatchResult::failed):
(MatchResult::operator bool):
* runtime/RegExpCachedResult.cpp:
(JSC::RegExpCachedResult::lastResult):
* runtime/RegExpConstructor.h:
(JSC::RegExpConstructor::setMultiline):
(JSC::RegExpConstructor::multiline):
(JSC::RegExpConstructor::performMatch):
(JSC::RegExpConstructor::recordMatch):
* runtime/RegExpMatchesArray.cpp:
(JSC::createRegExpMatchesArray):
(JSC::createEmptyRegExpMatchesArray):
(JSC::createStructureImpl):
* runtime/RegExpMatchesArray.h:
(JSC::createRegExpMatchesArray):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::put):
(JSC::getLastIndexAsUnsigned):
(JSC::RegExpObject::exec):
(JSC::RegExpObject::match):
* runtime/RegExpObject.h:
(JSC::RegExpObject::getLastIndex):
(JSC::RegExpObject::test):
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncMatch):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197715 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Correct bug in resource load statistics debug flag for legacy clients
https://bugs.webkit.org/show_bug.cgi?id=155118
<rdar://problem/25020088>

Reviewed by Andy Estes.

Some clients launch WebKit2 using the "legacy" configuration for the website data store.
The Resource Load Statistics code was not added to this type of configuration, which
prevents various WebKit2 clients from using this code.

* UIProcess/WebProcessPool.cpp:
(WebKit::legacyWebsiteDataStoreConfiguration): Tell the legacy initializer where to
find the resource load statistics data.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197714 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[GTK][jhbuild] OpenWebRTC build fails with GCC 6.0
https://bugs.webkit.org/show_bug.cgi?id=154839

Reviewed by Michael Catanzaro.

Add '-Wno-error' to jhbuildrc; remove it from the module sets for macos.

* gtk/jhbuild-webrtc.modules:
* gtk/jhbuild.modules:
* gtk/jhbuildrc:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197713 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Heap Snapshot should include different Edge types and data (Property, Index, Variable)
https://bugs.webkit.org/show_bug.cgi?id=154937

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-07
Reviewed by Geoffrey Garen.

* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::appendHidden):
* heap/SlotVisitor.h:
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::appendHidden):
(JSC::SlotVisitor::appendValuesHidden):
Add new visit methods to visit a reference without snapshotting the edge.

* heap/Heap.cpp:
(JSC::AddExtraHeapSnapshotEdges::AddExtraHeapSnapshotEdges):
(JSC::AddExtraHeapSnapshotEdges::operator()):
(JSC::Heap::addHeapSnapshotEdges):
(JSC::Heap::removeDeadHeapSnapshotNodes):
(JSC::Heap::collectImpl):
* heap/Heap.h:
After marking, visit the live cells for a chance to record extra
heap snapshotting information about the cell.

* heap/HeapSnapshotBuilder.cpp:
(JSC::HeapSnapshotBuilder::appendNode):
(JSC::HeapSnapshotBuilder::appendEdge):
(JSC::HeapSnapshotBuilder::appendPropertyNameEdge):
(JSC::HeapSnapshotBuilder::appendVariableNameEdge):
(JSC::HeapSnapshotBuilder::appendIndexEdge):
(JSC::HeapSnapshotBuilder::json):
* heap/HeapSnapshotBuilder.h:
(JSC::HeapSnapshotEdge::HeapSnapshotEdge):
Construct edges with extra data.

* runtime/ClassInfo.h:
* runtime/JSCell.cpp:
(JSC::JSCell::heapSnapshot):
* runtime/JSCell.h:
Add a new method to provide cells with an opportunity to provide
extra heap snapshotting information.

* runtime/JSObject.cpp:
(JSC::JSObject::visitButterfly):
(JSC::JSObject::visitChildren):
(JSC::JSObject::heapSnapshot):
(JSC::JSFinalObject::visitChildren):
* runtime/JSObject.h:
Capture object property names and index names when heap snapshotting.
Do not include them as internal edges in normal visitChildren.

* runtime/JSEnvironmentRecord.cpp:
(JSC::JSEnvironmentRecord::visitChildren):
(JSC::JSEnvironmentRecord::heapSnapshot):
* runtime/JSEnvironmentRecord.h:
* runtime/JSSegmentedVariableObject.cpp:
(JSC::JSSegmentedVariableObject::visitChildren):
(JSC::JSSegmentedVariableObject::heapSnapshot):
* runtime/JSSegmentedVariableObject.h:
Capture scope variable names when heap snapshotting.

* runtime/Structure.cpp:
(JSC::Structure::visitChildren):
* runtime/Structure.h:
* runtime/StructureInlines.h:
(JSC::Structure::propertyTable):
When performing a heap snapshotting collection, don't clear the
property table so that accessing the table during this GC is okay.

* tests/heapProfiler/driver/driver.js:
* tests/heapProfiler/property-edge-types.js: Added.
* tests/heapProfiler/variable-edge-types.js: Added.
Tests covering the different edge types and data we capture.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197712 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[ES6] Implement Proxy.[[GetPrototypeOf]]
https://bugs.webkit.org/show_bug.cgi?id=155099

Reviewed by Mark Lam.

This patch is a straight forward implementation of Proxy.[[GetPrototypeOf]]
with respect to section 9.5.1 of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getprototypeof

* runtime/ProxyObject.cpp:
(JSC::performProxyGet):
(JSC::ProxyObject::setPrototype):
(JSC::ProxyObject::performGetPrototype):
(JSC::ProxyObject::getPrototype):
(JSC::ProxyObject::visitChildren):
* runtime/ProxyObject.h:
* tests/es6.yaml:
* tests/stress/proxy-get-prototype-of.js: Added.
(assert):
(throw.new.Error.let.handler.get getPrototypeOf):
(throw.new.Error.get let):
(throw.new.Error.get catch):
(throw.new.Error):
(assert.let.handler.getPrototypeOf):
(assert.get let):
(assert.get catch):
(assert.):
(let.handler.getPrototypeOf):
(get let):
(let.handler.has):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197711 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Marking imported/w3c/indexeddb/idbcursor-advance-continue-async.htm as flaky on Yosemite Release WK2
https://bugs.webkit.org/show_bug.cgi?id=154606

Unreviewed test gardening.

* platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197710 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Marking js/promises-tests/promises-tests-2-3-3.html as flaky on mac
https://bugs.webkit.org/show_bug.cgi?id=155140

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197709 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Marking inspector/console/addInspectedNode.html as flaky on Yosemite WK2
https://bugs.webkit.org/show_bug.cgi?id=155138

Unreviewed test gardening.

* platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197708 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Skipping css3/filters/huge-region-composited.html on ios-simulator in an
attempt to eliminate a flaky crash.
https://bugs.webkit.org/show_bug.cgi?id=153933

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197707 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Cleanup: Add convenience function URL::procotolIsBlob()
https://bugs.webkit.org/show_bug.cgi?id=155127
<rdar://problem/25016829>

Reviewed by Brent Fulgham.

Source/WebCore:

Similar to the class member function URL::protocolIsData(), add a class member function to
class URL to determine if a URL is a blob URL.

No functionality was changed. So, no new tests.

* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::shouldUseInnerURL): Modified to use URL::protocolIsBlob().
(WebCore::getCachedOrigin): Ditto.
* platform/URL.h:
(WebCore::URL::protocolIsBlob): Added.
* platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
(webKitWebSrcStart): Modified to use URL::protocolIsBlob().
(urlHasSupportedProtocol): Ditto.
* workers/Worker.cpp:
(WebCore::Worker::didReceiveResponse): Ditto.
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::createRequest): Ditto.

Source/WebKit2:

* NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::NetworkLoad): Modified to use URL::protocolIsBlob().
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::NetworkResourceLoader): Ditto.
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::canHandleRequest): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197706 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Skip unsupported plugin tests from r197697 on ios-simulator

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197705 268f45cc-cd09-0410-ab3c-d52691b4dbfc

webkitpy should verify timestamp from CrashLogs while collecting all crash logs
https://bugs.webkit.org/show_bug.cgi?id=155000
<rdar://problem/24860219>

Reviewed by Alexey Proskuryakov.

* Scripts/webkitpy/common/system/crashlogs.py:
(CrashLogs._find_all_logs_darwin): Make sure that crash log timestamp is within expected
time range, because file modification time is not always accurate.
(CrashLogs.get_timestamp_from_logs): Parse the timestamp from logs.
* Scripts/webkitpy/common/system/crashlogs_unittest.py:
(CrashLogsTest.test_get_timestamp_from_logs_darwin): Testcase for above function.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197704 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Skip storage/indexeddb/intversion-open-in-upgradeneeded.html on mac-wk2
https://bugs.webkit.org/show_bug.cgi?id=155050

Unreviewed test gardening.

* platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197703 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebRTC: Implement MediaEndpointPeerConnection::createOffer()
https://bugs.webkit.org/show_bug.cgi?id=154867

Reviewed by Eric Carlson and Jer Noble.

Source/WebCore:

- MediaEndpointPeerConnection: Initial implementation of createOffer()
added. createOffer() is split up into a synchronous part, and a
scheduled task. The task will be deferred until information, requiring
some amount of work, such as the DTLS fingerprint is available. Other
async API functions will also follow this pattern.

- SDPProcessor (added): The SDPProcessors parses SDP to a
MediaEndpointSessionConfiguration object and generates SDP in the
reverse direction. Any SDP string handling is confined to the
SDPProcessor and all configuration of the media session is done via the
MediaEndpointSessionConfiguration object.

The SDP parser and generator logic is implemented in JavaScript and
works with JSON (SDP->JSON, JSON->SDP). The SDPProcessor runs JS in an
isolated scope and converts JSON to a MediaEndpointSessionConfiguration
object and the reverse. Using JSON signaling (nonstandard) can be
helpful during debugging.

- MockMediaEndpoint (added): Mock MediaEndpoint implementation with
support for generating offers. DTLS information, such as fingerprint,
is hard coded to facilitate testing with expected values.

Test: fast/mediastream/RTCPeerConnection-inspect-offer.html

The test is currently skipped on the mac port until support to read the
SDPProcessor JavaScript resource is added.

* CMakeLists.txt:
* Modules/mediastream/MediaEndpointPeerConnection.cpp:
(WebCore::WrappedSessionDescriptionPromise::create):
(WebCore::WrappedSessionDescriptionPromise::promise):
(WebCore::WrappedSessionDescriptionPromise::WrappedSessionDescriptionPromise):
(WebCore::randomString):
(WebCore::MediaEndpointPeerConnection::MediaEndpointPeerConnection):
(WebCore::MediaEndpointPeerConnection::runTask):
(WebCore::MediaEndpointPeerConnection::startRunningTasks):
(WebCore::MediaEndpointPeerConnection::createOffer):
(WebCore::MediaEndpointPeerConnection::createOfferTask):
(WebCore::MediaEndpointPeerConnection::gotDtlsFingerprint):
* Modules/mediastream/MediaEndpointPeerConnection.h:
* Modules/mediastream/SDPProcessor.cpp: Added.
(WebCore::SDPProcessor::SDPProcessor):
(WebCore::createCandidateObject):
(WebCore::createCandidate):
(WebCore::configurationFromJSON):
(WebCore::iceCandidateFromJSON):
(WebCore::configurationToJSON):
(WebCore::iceCandidateToJSON):
(WebCore::SDPProcessor::generate):
(WebCore::SDPProcessor::parse):
(WebCore::SDPProcessor::generateCandidateLine):
(WebCore::SDPProcessor::parseCandidateLine):
(WebCore::SDPProcessor::callScript):
* Modules/mediastream/SDPProcessor.h: Added.
* Modules/mediastream/sdp.js: Added.
(match):
(addDefaults):
(fillTemplate):
(SDP.parse):
(SDP.generate):
(SDP.generateCandidateLine):
(hasAllProperties):
(SDP.verifyObject):
(generate):
(parse):
(generateCandidateLine):
(parseCandidateLine):
* PlatformGTK.cmake:
* WebCore.xcodeproj/project.pbxproj:
* platform/mediastream/MediaEndpoint.cpp:
(WebCore::createMediaEndpoint):
* platform/mediastream/MediaEndpoint.h:
* platform/mediastream/PeerMediaDescription.h:
* platform/mediastream/SDPProcessorScriptResource.cpp: Added.
(WebCore::SDPProcessorScriptResource::scriptString):
* platform/mediastream/SDPProcessorScriptResource.h: Added.
* platform/mediastream/gtk/SDPProcessorScriptResourceGtk.cpp: Added.
(WebCore::SDPProcessorScriptResource::scriptString):
* platform/mock/MockMediaEndpoint.cpp: Added.
(WebCore::MockMediaEndpoint::create):
(WebCore::MockMediaEndpoint::MockMediaEndpoint):
(WebCore::MockMediaEndpoint::~MockMediaEndpoint):
(WebCore::MockMediaEndpoint::setConfiguration):
(WebCore::MockMediaEndpoint::generateDtlsInfo):
(WebCore::MockMediaEndpoint::getDefaultAudioPayloads):
(WebCore::MockMediaEndpoint::getDefaultVideoPayloads):
(WebCore::MockMediaEndpoint::updateReceiveConfiguration):
(WebCore::MockMediaEndpoint::updateSendConfiguration):
(WebCore::MockMediaEndpoint::addRemoteCandidate):
(WebCore::MockMediaEndpoint::replaceSendSource):
(WebCore::MockMediaEndpoint::stop):
* platform/mock/MockMediaEndpoint.h: Added.
* testing/Internals.cpp:
(WebCore::Internals::Internals):
(WebCore::Internals::enableMockMediaEndpoint):
* testing/Internals.h:

LayoutTests:

The output SDP from createOffer() is processed by verifying all variable
identifiers, such as session and user id, and replacing them with
predefined values to make the SDP comparable with an expected result.

The test is currently skipped on the mac port until support to read the
SDPProcessor JavaScript resource is added.

* fast/mediastream/RTCPeerConnection-inspect-offer-expected.txt: Added.
* fast/mediastream/RTCPeerConnection-inspect-offer.html: Added.
* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197702 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Web Inspector: rename generated *EnumConversionHelpers.h to *TypeConversions.h
https://bugs.webkit.org/show_bug.cgi?id=155121
<rdar://problem/25010391>

Reviewed by Timothy Hatcher.

Split out this renaming from the work to generate factory method stubs for types.

* JavaScriptCore.xcodeproj/project.pbxproj:
* inspector/scripts/codegen/__init__.py:
* inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
(ObjCConfigurationImplementationGenerator.generate_output):
* inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
(ObjCFrontendDispatcherImplementationGenerator.generate_output):
* inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objc_conversion_helpers.py.
* inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
(ObjCProtocolTypesImplementationGenerator.generate_output):
* inspector/scripts/codegen/objc_generator_templates.py:
* inspector/scripts/generate-inspector-protocol-bindings.py:
(generate_from_specification):

Rebaseline tests after changing generator order.

* inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
* inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
* inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
* inspector/scripts/tests/expected/enum-values.json-result:
* inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
* inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
* inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
* inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
* inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
* inspector/scripts/tests/expected/type-declaration-array-type.json-result:
* inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
* inspector/scripts/tests/expected/type-declaration-object-type.json-result:
* inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197701 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Skip storage/indexeddb/modern/exceed-open-file-limit.html
https://bugs.webkit.org/show_bug.cgi?id=155091

Unreviewed test gardening.

* platform/wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197700 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Use CGColorSpaceCopyICCData instead of CGColorSpaceCopyICCProfile
https://bugs.webkit.org/show_bug.cgi?id=155123
rdar://problem/24990256

Reviewed by Tim Horton.

On newer OSes, use CGColorSpaceCopyICCData().

* Shared/mac/ColorSpaceData.mm:
(WebKit::ColorSpaceData::encode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197699 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Last opened tab does not receive SetHiddenPageTimerThrottlingIncreaseLimit message
https://bugs.webkit.org/show_bug.cgi?id=155126

Reviewed by Chris Dumez.

WebPageProxy will increment the hidden page throttling counter from within its constructor,
which currently causes the WebProcessPool to try to synchronously message all processes.
The web page triggering the increment then fails to receive the message, since it was
still being constructed. Make the update of the limit async, such that the page is fully
constructed before the WebProcessPool processes the update.

* UIProcess/WebProcessPool.cpp:
(WebKit::m_hiddenPageThrottlingAutoIncreasesCounter):
    - This now schedules a zero-delay timer to handle the update.
(WebKit::m_hiddenPageThrottlingTimer):
    - This is now responsible for calling updateHiddenPageThrottlingAutoIncreaseLimit.
* UIProcess/WebProcessPool.h:
    - Added m_hiddenPageThrottlingTimer.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197698 268f45cc-cd09-0410-ab3c-d52691b4dbfc

CSP: object-src directive should prohibit creation of nested browsing context
https://bugs.webkit.org/show_bug.cgi?id=153153
<rdar://problem/24383209>

Reviewed by Brent Fulgham.

Source/WebCore:

Enforce the Content Security Policy object-src directive when fetching a URL for content
that will cause an HTML object or HTML embed element to act as a nested browsing context
(i.e. behave as if the content was loaded in an HTML iframe element). This makes our
enforcement of the object-src directive match the behavior of the object-src directive
in the Content Security Policy 2.0 spec., <http://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Tests: http/tests/security/contentSecurityPolicy/embed-src-url-blocked.html
       http/tests/security/contentSecurityPolicy/embed-src-url-blocked2.html
       http/tests/security/contentSecurityPolicy/object-src-param-src-blocked2.html
       http/tests/security/contentSecurityPolicy/object-src-url-blocked2.html

* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Extracted from SubframeLoader::pluginIsLoadable().
Checks if the plugin element is allowed by the Content Security Policy to load the URL and MIME type.
(WebCore::SubframeLoader::pluginIsLoadable): Extract out the logic for determining if
the plugin content is allowed to load by the Content Security Policy into SubframeLoader::isPluginContentAllowedByContentSecurityPolicy()
and make use of this function.
(WebCore::SubframeLoader::requestObject): Modified to call SubframeLoader::isPluginContentAllowedByContentSecurityPolicy()
before loading plugin content into a sub frame. If the plugin content is not allowed to load then we
mark the plugin as unavailable with the reason being that it was blocked by the Content Security Policy.
* loader/SubframeLoader.h:

LayoutTests:

Add test to ensure that we enforce the Content Security Policy object-src directive
for HTML object and HTML embed elements that behave like an HTML iframe element.

* TestExpectations: Remove entries for tests that pass.
* http/tests/security/contentSecurityPolicy/embed-src-url-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/embed-src-url-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/embed-src-url-blocked2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/embed-src-url-blocked2.html: Added.

* http/tests/security/contentSecurityPolicy/object-src-param-code-blocked-expected.txt:
* http/tests/security/contentSecurityPolicy/object-src-param-movie-blocked-expected.txt:
* http/tests/security/contentSecurityPolicy/object-src-param-movie-blocked.html:
* http/tests/security/contentSecurityPolicy/object-src-param-src-blocked-expected.txt:
* http/tests/security/contentSecurityPolicy/object-src-param-src-blocked.html:
* http/tests/security/contentSecurityPolicy/object-src-param-src-blocked2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/object-src-param-src-blocked2.html: Added.
* http/tests/security/contentSecurityPolicy/object-src-param-url-blocked-expected.txt:
* http/tests/security/contentSecurityPolicy/object-src-param-url-blocked.html:
Simplify the code used in the above tests and update incorrect expected results.

* http/tests/security/contentSecurityPolicy/object-src-url-blocked2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/object-src-url-blocked2.html: Added.
* http/tests/security/contentSecurityPolicy/resources/object-src-param.js: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197697 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Marking js/arraybuffer-wrappers.html as a flaky timeout on Mac
https://bugs.webkit.org/show_bug.cgi?id=155092

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197696 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[JSC] Improve and64() and or64() with immediate on x86
https://bugs.webkit.org/show_bug.cgi?id=155104

Reviewed by Geoffrey Garen.

GetButterflyReadOnly was doing:
    movq 0x8(%rbx), %r9
    movq $0xfffffffffffffffc, %r11
    andq %r11, %r9
There is no need for the move to load the immediate,
andq sign extend its immediate.

With this patch, we have:
    movq 0x8(%rbx), %r9
    andq $0xfffffffffffffffc, %r9

* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::and64):
(JSC::MacroAssemblerX86_64::or64):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197695 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[WinCairo][AcceleratedCompositing] Rendering issues on bbc.com.
https://bugs.webkit.org/show_bug.cgi?id=154912

Reviewed by Michael Catanzaro.

If we have a scroll layer, we should not include the scroll position in the visible rectangle,
since the scroll position is already reflected in the position of the scroll layer.

* WebCoreSupport/AcceleratedCompositingContext.cpp:
(AcceleratedCompositingContext::flushPendingLayerChanges):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197693 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Rebaseline inspector/model/remote-object.html for mac after r197626
https://bugs.webkit.org/show_bug.cgi?id=155115

Unreviewed test gardening.

* platform/mac/inspector/model/remote-object-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197691 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Convert DOMTimer to std::chrono::milliseconds
https://bugs.webkit.org/show_bug.cgi?id=155085

Reviewed by Andreas Kling.

DOMTimer currently uses a mix of millisecond (was int, now std::chrono) and second (as double)
time values. Constant conversion back and forth is a complete mess. Stop that.

Source/WebCore:

* dom/Document.cpp:
(WebCore::Document::minimumTimerInterval):
(WebCore::Document::timerAlignmentInterval):
* dom/Document.h:
    - double -> std::chrono::milliseconds
* dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::adjustMinimumTimerInterval):
(WebCore::ScriptExecutionContext::minimumTimerInterval):
(WebCore::ScriptExecutionContext::timerAlignmentInterval):
* dom/ScriptExecutionContext.h:
    - double -> std::chrono::milliseconds
* page/DOMTimer.cpp:
(WebCore::DOMTimer::updateTimerIntervalIfNecessary):
(WebCore::DOMTimer::intervalClampedToMinimum):
(WebCore::DOMTimer::alignedFireTime):
* page/DOMTimer.h:
    - double -> std::chrono::milliseconds
* page/Page.cpp:
(WebCore::Page::setTimerThrottlingState):
(WebCore::Page::setTimerAlignmentIntervalIncreaseLimit):
(WebCore::Page::updateDOMTimerAlignmentInterval):
* page/Page.h:
    - double -> std::chrono::milliseconds
* page/Settings.cpp:
(WebCore::Settings::setNeedsAdobeFrameReloadingQuirk):
(WebCore::Settings::setMinimumDOMTimerInterval):
* page/Settings.h:
    - double -> std::chrono::milliseconds
* page/SuspendableTimer.h:
(WebCore::SuspendableTimer::startRepeating):
(WebCore::SuspendableTimer::startOneShot):
(WebCore::SuspendableTimer::repeatIntervalMS):
(WebCore::SuspendableTimer::augmentFireInterval):
(WebCore::SuspendableTimer::augmentRepeatInterval):
    - added std::chrono::milliseconds interface.
* platform/Timer.cpp:
(WebCore::TimerBase::setNextFireTime):
    - restructured for new alignedFireTime signatured, moved zero-delay handling to here.
      This change made because inside alignedFireTime fireTime will have already been truncated.
* platform/Timer.h:
(WebCore::TimerBase::msToSeconds):
(WebCore::TimerBase::secondsToMS):
    - internal helper functions to bridge std::chrono::milliseconds to internal double.
(WebCore::TimerBase::startRepeating):
(WebCore::TimerBase::startOneShot):
(WebCore::TimerBase::repeatIntervalMS):
(WebCore::TimerBase::augmentFireInterval):
(WebCore::TimerBase::augmentRepeatInterval):
    - expanded std::chrono::milliseconds interface.
(WebCore::TimerBase::alignedFireTime):
    - changed to std::chrono::milliseconds, made return value Optional (null means no alignment).
* testing/InternalSettings.cpp:
(WebCore::InternalSettings::setMinimumTimerInterval):
* testing/InternalSettings.h:
    - double -> std::chrono::milliseconds

Source/WebKit/win:

* WebView.cpp:
(WebView::setMinimumTimerInterval):
    - Convert double argument into std::chrono::milliseconds.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197690 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Web Inspector: It should be possible to initialize generated ObjC protocol types from an NSDictionary payload
https://bugs.webkit.org/show_bug.cgi?id=155102
<rdar://problem/25002015>

Reviewed by Timothy Hatcher.

In Objective-C code, we sometimes prefer to parse JSON using Cocoa rather
than the InspectorValue classes. Support initializing protocol objects
directly from an NSDictionary payload. This delegates validation of values to
the setter methods that already exist on the protocol object classes.

* inspector/scripts/codegen/generate_objc_header.py:
(ObjCHeaderGenerator._generate_type_interface):
* inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
(ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
(ObjCProtocolTypesImplementationGenerator._generate_init_method_for_payload):
* inspector/scripts/codegen/objc_generator.py:
(ObjCGenerator.payload_to_objc_expression_for_member):
Add a new helper method to generate an expression to unpack the value
from an NSDictionary. If it's not a primitive, the setter performs
validation of the value's kind using -[NSObject isKindOfClass:].

Rebaseline relevant tests.

* inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
* inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
* inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
* inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
* inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
* inspector/scripts/tests/expected/type-declaration-object-type.json-result:
* inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197689 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[JSC] Simplify the overflow check of ArithAbs
https://bugs.webkit.org/show_bug.cgi?id=155063

Reviewed by Geoffrey Garen.

The only integer that overflow abs(int32) is INT_MIN.
For some reason, our code testing for that case
was checking the top bit of the result specifically.

The code required a large immediate on x86 and an extra
register on ARM64.

This patch turns the overflow check into a branch on
the sign of the result.

* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileArithAbs):
* jit/ThunkGenerators.cpp:
(JSC::absThunkGenerator):
* tests/stress/arith-abs-overflow.js: Added.
(opaqueAbs):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197688 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[JSC] Improve how DFG zero Floating Point registers
https://bugs.webkit.org/show_bug.cgi?id=155096

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-07
Reviewed by Geoffrey Garen.

DFG had a weird way of zeroing a FPR:
    -zero a GP.
    -move that to a FP.

Filip added moveZeroToDouble() for B3. This patch
uses that in the lower tiers.

* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::moveZeroToDouble):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
* jit/ThunkGenerators.cpp:
(JSC::floorThunkGenerator):
(JSC::roundThunkGenerator):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197687 268f45cc-cd09-0410-ab3c-d52691b4dbfc

REGRESSION (r197303): Web Inspector crashes web process when inspecting an element on TOT
<https://webkit.org/b/154812>

Reviewed by Geoffrey Garen.

Guard against null pointer dereference for UnlinkedCodeBlocks that don't have any control flow
profiling data.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::hasOpProfileControlFlowBytecodeOffsets):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197686 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[JSC] Remove a useless "Move" from baseline-JIT op_mul's fast path
https://bugs.webkit.org/show_bug.cgi?id=155071

Reviewed by Geoffrey Garen.

We do not need to multiply to a scratch and then move the result
to the destination. We can just multiply to the destination.

* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_mul):
* jit/JITMulGenerator.cpp:
(JSC::JITMulGenerator::generateFastPath):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197685 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[JSC] StringObject.{put, defineOwnProperty} should realize indexed properties
https://bugs.webkit.org/show_bug.cgi?id=155089

Reviewed by Geoffrey Garen.

Through implementing Reflect.set[1], we found StringObject does not obey the spec.
StringObject::put should call putByIndex if the given propertyName is index.
And StringObject::defineOwnProperty should recognize indexed properties since
JSObject::defineOwnIndexedProperty is specialized to JSObject layout.
Before calling JSObject::defineOwnProperty,
StringObject should handle its special indexed own properties.
It is responsibility of StringObject::defineOwnProperty.

And the logic is cleaned up by using validateAndApplyPropertyDescriptor.

[1]: https://bugs.webkit.org/show_bug.cgi?id=155024

* runtime/StringObject.cpp:
(JSC::StringObject::put):
(JSC::StringObject::putByIndex):
(JSC::isStringOwnProperty):
(JSC::StringObject::defineOwnProperty):
(JSC::StringObject::deleteProperty):
* tests/stress/string-object-define-own-property.js: Added.
(shouldBe):
(shouldThrow):
* tests/stress/string-object-put-by-index.js: Added.
(shouldBe):
(shouldThrow):
(testSloppy):
(testStrict):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197684 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[iOS Simulator] Three object-position tests failing after r197618
https://bugs.webkit.org/show_bug.cgi?id=155116

Mark two tests as image failures, and add new results for a compositing test.

* platform/ios-simulator/TestExpectations:
* platform/ios-simulator/compositing/video/video-object-position-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197681 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Make RenderStyle copy-on-write a bit less.
<https://webkit.org/b/155106>

Reviewed by Antti Koivisto.

Add a cheesy SET_NESTED_VAR macro complement to SET_VAR so we can avoid copy-on-write
detachment of nested RenderStyle substructures when the leaf value doesn't change.

I spotted about 300kB of these mistakes being made during PLT on iOS, most of them
in the transformX setter.

* rendering/style/RenderStyle.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197680 268f45cc-cd09-0410-ab3c-d52691b4dbfc

[TextureMapper] [BitmapTexturePool] Use appropriate list size when freeing textures
https://bugs.webkit.org/show_bug.cgi?id=155105

Patch by Miguel Gomez <magomez@igalia.com> on 2016-03-07
Reviewed by Žan Doberšek.

Use appropriate list size when releasing the textures used as attachment.
This is a fix for the patch to https://bugs.webkit.org/show_bug.cgi?id=154965.

No new tests because no new functionality was added.

* platform/graphics/texmap/BitmapTexturePool.cpp:
(WebCore::BitmapTexturePool::releaseUnusedTexturesTimerFired):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197678 268f45cc-cd09-0410-ab3c-d52691b4dbfc