[WebKit-https.git] / Source / WebCore / ChangeLog

2015-02-18  Chris Dumez  <cdumez@apple.com>

        Evict dead resources in MemoryCache in MemoryPressureHandler::releaseNoncriticalMemory()
        https://bugs.webkit.org/show_bug.cgi?id=141723

        Reviewed by Andreas Kling.

        Evict dead resources from the MemoryCache on non-critical memory
        pressure. On critical memory pressure, we already evict ALL resources
        from the MemoryCache. It is a good idea to start by evicting resources
        we care less about on non-critical warning to decrease the chances of
        getting a critical warning and thus having to clear the whole
        MemoryCache.

        * loader/cache/MemoryCache.h:
        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseNoncriticalMemory):
        (WebCore::MemoryPressureHandler::releaseCriticalMemory):
        (WebCore::MemoryPressureHandler::releaseMemory):
        Call releaseCriticalMemory() before releaseNoncriticalMemory()
        as releaseCriticalMemory() is more aggressive. Doing it the
        other way around would mean that on critical warning, we would
        first evict dead resources, then evict all resources. It is
        more efficient to evict all resources first, as it makes the
        non-critical operation (evict dead resources) a no-op.

2015-02-18  Eric Carlson  <eric.carlson@apple.com>

        [iOS] pause video when a tab moves to the background on some devices
        https://bugs.webkit.org/show_bug.cgi?id=141753
        <rdar://problem/19814562>

        Reviewed by Jer Noble.

        Test: media/video-background-tab-playback.html

        * platform/audio/MediaSession.cpp:
        (WebCore::MediaSession::clientDataBufferingTimerFired): Pause video when the element becomes
            hidden if the BackgroundTabPlaybackRestricted is set.

        * platform/audio/MediaSessionManager.cpp:
        (WebCore::MediaSessionManager::applicationWillEnterBackground): Rename BackgroundPlaybackNotPermitted
             to BackgroundProcessPlaybackRestricted.
        (WebCore::MediaSessionManager::applicationWillEnterForeground): Ditto.
        * platform/audio/MediaSessionManager.h:

        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (WebCore::MediaSessionManageriOS::resetRestrictions): Set BackgroundTabPlaybackRestricted on
            devices with restricted memory. BackgroundPlaybackNotPermitted -> BackgroundProcessPlaybackRestricted.

        * testing/Internals.cpp:
        (WebCore::Internals::setMediaSessionRestrictions): Add support for BackgroundTabPlaybackRestricted.
            BackgroundPlaybackNotPermitted -> BackgroundProcessPlaybackRestricted.

2015-02-16  David Hyatt  <hyatt@apple.com>

        Wrong element's style is used for text-decoration-style.
        https://bugs.webkit.org/show_bug.cgi?id=141673
        <rdar://problem/19876774>

        Reviewed by Dean Jackson.

        Added fast/text/text-underline-style.html

        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (AXAttributeStringSetStyle):
        Add arguments for fetching styles.

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paint):
        (WebCore::InlineTextBox::paintDecoration):
        * rendering/InlineTextBox.h:
        Remove the passed in TextDecorationStyle and instead patch the code to fetch the styles in the same
        way it fetches the colors.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::getTextDecorationColorsAndStyles):
        (WebCore::RenderObject::getTextDecorationColors): Deleted.
        * rendering/RenderObject.h:
        Add style fetching to the same function that fetches colors and rename it.

2015-02-18  David Kilzer  <ddkilzer@apple.com>

        REGRESSION (r180260): Try to fix incremental builds by changing UserContentController.cpp

        Attempt to fix this linker error by making a non-coding change:

            Undefined symbols for architecture i386:
              "__ZN7WebCore17ContentExtensions24ContentExtensionsBackendC1Ev", referenced from:
                  __ZN7WebCore21UserContentController20addUserContentFilterERKN3WTF6StringES4_ in UserContentController.o
            ld: symbol(s) not found for architecture i386

        This should have been fixed by r180266, but perhaps Xcode didn't
        recognize that it needed to rebuild this source file.

        * page/UserContentController.cpp: Update copyright.

2015-02-18  Andreas Kling  <akling@apple.com>

        Purge PassRefPtr from CanvasRenderingContext2D.
        <https://webkit.org/b/141749>

        Reviewed by Gyuyoung Kim.

        Switch from using PassRefPtr to RefPtr/Ref in CanvasRenderingContext2D.

        * html/TextMetrics.h:
        (WebCore::TextMetrics::create): Changed create() helper to return Ref.

        * html/canvas/CanvasRenderingContext2D.h:
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::prepareGradientForDashboard): Changed to take a reference.

        (WebCore::CanvasRenderingContext2D::createLinearGradient):
        (WebCore::CanvasRenderingContext2D::createRadialGradient):
        (WebCore::CanvasRenderingContext2D::createPattern):
        (WebCore::createEmptyImageData):
        (WebCore::CanvasRenderingContext2D::createImageData):
        (WebCore::CanvasRenderingContext2D::getImageData):
        (WebCore::CanvasRenderingContext2D::webkitGetImageDataHD): Made these return RefPtr. Also did
        a bunch of 0 -> nullptr conversion, removed a bunch of unnecessary RefPtr::release() calls,
        and changed a PassRefPtr argument to RefPtr&&.

        (WebCore::CanvasRenderingContext2D::measureText): Made this return Ref.

2015-02-18  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r180260.
        https://bugs.webkit.org/show_bug.cgi?id=141757

        Broke the 32-bit builders (Requested by jessieberlin on
        #webkit).

        Reverted changeset:

        "Add a trivial code generator for the DFA"
        https://bugs.webkit.org/show_bug.cgi?id=141017
        http://trac.webkit.org/changeset/180260

2015-02-17  Anders Carlsson  <andersca@apple.com>

        Add API for clearing in-memory caches to WKWebsiteDataStore
        https://bugs.webkit.org/show_bug.cgi?id=141724

        Reviewed by Tim Horton.

        Add a version of evictResources that takes a session id.

        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::evictResources):

2015-02-18  Timothy Horton  <timothy_horton@apple.com>

        Remove more references to WebCore.exp.in
        https://bugs.webkit.org/show_bug.cgi?id=141747

        Reviewed by Alexey Proskuryakov.

        * WebCore.xcodeproj/project.pbxproj:

2015-02-17  Benjamin Poulain  <benjamin@webkit.org>

        Add a trivial code generator for the DFA
        https://bugs.webkit.org/show_bug.cgi?id=141017

        Reviewed by Andreas Kling.

        Nothing fancy yet, this is just doing a literal translation from the DFA
        to machine code. It is extremely inefficient at the moment.

        * WebCore.xcodeproj/project.pbxproj:
        * contentextensions/ContentExtensionsBackend.cpp:
        (WebCore::ContentExtensions::ContentExtensionsBackend::ContentExtensionsBackend):
        (WebCore::ContentExtensions::ContentExtensionsBackend::setRuleList):
        (WebCore::ContentExtensions::addActionToHashSet):
        (WebCore::ContentExtensions::ContentExtensionsBackend::shouldBlockURL):
        * contentextensions/ContentExtensionsBackend.h:
        * contentextensions/DFA.cpp:
        (WebCore::ContentExtensions::DFA::nextState): Deleted.
        (WebCore::ContentExtensions::DFA::actions): Deleted.
        * contentextensions/DFA.h:
        (WebCore::ContentExtensions::DFA::size):
        (WebCore::ContentExtensions::DFA::nodeAt):
        * contentextensions/DFACompiler.cpp: Added.
        (WebCore::ContentExtensions::compileDFA):
        (WebCore::ContentExtensions::DFACodeGenerator::DFACodeGenerator):
        (WebCore::ContentExtensions::DFACodeGenerator::compile):
        (WebCore::ContentExtensions::DFACodeGenerator::lowerStateMachine):
        (WebCore::ContentExtensions::DFACodeGenerator::lowerNode):
        (WebCore::ContentExtensions::DFACodeGenerator::getNextCharacter):
        (WebCore::ContentExtensions::DFACodeGenerator::callAddActionFunction):
        * contentextensions/DFACompiler.h: Copied from Source/WebCore/contentextensions/DFA.h.

2015-02-17  Chris Dumez  <cdumez@apple.com>

        Rename ScopedEventQueue::instance() to singleton()
        https://bugs.webkit.org/show_bug.cgi?id=141738

        Reviewed by Daniel Bates.

        Rename ScopedEventQueue::instance() to singleton(), as per coding
        style. Also modernize the code a little bit.

        * dom/EventDispatcher.cpp:
        (WebCore::EventDispatcher::dispatchScopedEvent):
        * dom/ScopedEventQueue.cpp:
        (WebCore::ScopedEventQueue::singleton):
        (WebCore::ScopedEventQueue::dispatchAllEvents):
        (WebCore::ScopedEventQueue::incrementScopingLevel):
        (WebCore::ScopedEventQueue::decrementScopingLevel):
        (WebCore::ScopedEventQueue::ScopedEventQueue): Deleted.
        (WebCore::ScopedEventQueue::~ScopedEventQueue): Deleted.
        (WebCore::ScopedEventQueue::instance): Deleted.
        * dom/ScopedEventQueue.h:
        (WebCore::EventQueueScope::EventQueueScope):
        (WebCore::EventQueueScope::~EventQueueScope):

2015-02-17  Chris Dumez  <cdumez@apple.com>

        Remove dead code from FontCache
        https://bugs.webkit.org/show_bug.cgi?id=141741

        Reviewed by Daniel Bates.

        Remove dead code from FontCache:
        - getFontFamilyForCharacters() has no implementation.
        - SimpleFontFamily is unused.

        * platform/graphics/FontCache.h:

2015-02-17  Chris Dumez  <cdumez@apple.com>

        Rename CSSPropertyAnimationWrapperMap::instance() to singleton()
        https://bugs.webkit.org/show_bug.cgi?id=141739

        Reviewed by Simon Fraser.

        Rename CSSPropertyAnimationWrapperMap::instance() to singleton(), as
        per coding style.

        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::CSSPropertyAnimationWrapperMap::singleton):
        (WebCore::CSSPropertyAnimation::blendProperties):
        (WebCore::CSSPropertyAnimation::animationOfPropertyIsAccelerated):
        (WebCore::CSSPropertyAnimation::animatableShorthandsAffectingProperty):
        (WebCore::CSSPropertyAnimation::propertiesEqual):
        (WebCore::CSSPropertyAnimation::getPropertyAtIndex):
        (WebCore::CSSPropertyAnimation::getNumProperties):
        (WebCore::CSSPropertyAnimationWrapperMap::instance): Deleted.

2015-02-17  David Kilzer  <ddkilzer@apple.com>

        REGRESSION (r180224): Remove unused generate-export-file script
        <http://webkit.org/b/141491>

        * generate-export-file: Removed.  This was the script used to
        create WebCore.exp files for iOS since we couldn't compile a
        host-side tool to run like we did on Mac OS X.  Dont't tell
        anyone, but this was an epic hack I created while merging open
        source changes to the internal iOS WebKit repository around the
        time that the WebCore.exp.in file was created.  End of an era.

2015-02-17  David Kilzer  <ddkilzer@apple.com>

        SoftLinking.h: Update copyright and license; clean up whitespace

        * platform/win/SoftLinking.h:

2015-02-17  Chris Dumez  <cdumez@apple.com>

        Slight CachedPage class clean up
        https://bugs.webkit.org/show_bug.cgi?id=141693

        Reviewed by Andreas Kling.

        Slight CachedPage class clean up:
        - Drop unnecessary m_timeStamp data member
        - Protect m_needsCaptionPreferencesChanged data member with
          #if ENABLE(VIDEO_TRACK)
        - Merge destroy() method into the destructor as this is the
          only caller
        - Update clear() to reset 2 data members that were missing

2015-02-17  Anders Carlsson  <andersca@apple.com>

        Silence two -Wcast-qual warnings.
        rdar://problem/19758266

        * platform/ios/wak/WKUtilities.c:
        (WKRetain):
        (WKRelease):

2015-02-17  Zalan Bujtas  <zalan@apple.com>

        Minor RenderTable* class cleanups.
        https://bugs.webkit.org/show_bug.cgi?id=141707

        Reviewed by Andreas Kling.

        Use in-class initializer where possible.
        Remove redundant code.
        Move multiline implementations out of class declaration.

        No change in functionality.

        * rendering/RenderTableCaption.cpp:
        (WebCore::RenderTableCaption::insertedIntoTree):
        (WebCore::RenderTableCaption::willBeRemovedFromTree):
        (WebCore::RenderTableCaption::containingBlockLogicalWidthForContent): Deleted.
        * rendering/RenderTableCaption.h:
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::RenderTableCell):
        * rendering/RenderTableCell.h:
        (WebCore::RenderTableCell::colSpan):
        (WebCore::RenderTableCell::rowSpan):
        (WebCore::RenderTableCell::setCol):
        (WebCore::RenderTableCell::col):
        (WebCore::RenderTableCell::section):
        (WebCore::RenderTableCell::table):
        (WebCore::RenderTableCell::rowIndex):
        (WebCore::RenderTableCell::styleOrColLogicalWidth):
        (WebCore::RenderTableCell::logicalHeightForRowSizing):
        (WebCore::RenderTableCell::isBaselineAligned):
        (WebCore::RenderTableCell::borderAdjoiningTableStart):
        (WebCore::RenderTableCell::borderAdjoiningTableEnd):
        (WebCore::RenderTableCell::borderAdjoiningCellBefore):
        (WebCore::RenderTableCell::borderAdjoiningCellAfter):
        * rendering/RenderTableCol.cpp:
        (WebCore::RenderTableCol::RenderTableCol):
        * rendering/RenderTableCol.h:
        (WebCore::RenderTableCol::enclosingColumnGroupIfAdjacentBefore):
        (WebCore::RenderTableCol::enclosingColumnGroupIfAdjacentAfter):
        * rendering/RenderTableRow.h:
        (WebCore::RenderTableRow::setRowIndex):
        (WebCore::RenderTableRow::rowIndex):
        (WebCore::RenderTableRow::borderAdjoiningTableStart):
        (WebCore::RenderTableRow::borderAdjoiningTableEnd):
        (WebCore::RenderTableRow::table):
        (WebCore::RenderTableSection::firstRow):
        (WebCore::RenderTableSection::lastRow):
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::RenderTableSection):
        (WebCore::RenderTableSection::dirtiedRows):
        (WebCore::RenderTableSection::dirtiedColumns):
        (WebCore::RenderTableSection::paintObject):
        (WebCore::RenderTableSection::nodeAtPoint):
        * rendering/RenderTableSection.h:
        (WebCore::CellSpan::CellSpan):
        (WebCore::RenderTableSection::borderAdjoiningTableStart):
        (WebCore::RenderTableSection::borderAdjoiningTableEnd):
        (WebCore::RenderTableSection::cellAt):
        (WebCore::RenderTableSection::primaryCellAt):
        (WebCore::RenderTableSection::rowRendererAt):
        (WebCore::RenderTableSection::outerBorderLeft):
        (WebCore::RenderTableSection::outerBorderRight):
        (WebCore::RenderTableSection::outerBorderTop):
        (WebCore::RenderTableSection::outerBorderBottom):
        (WebCore::RenderTableSection::numRows):
        (WebCore::RenderTableSection::recalcCellsIfNeeded):
        (WebCore::RenderTableSection::rowBaseline):
        (WebCore::RenderTableSection::fullTableRowSpan):
        (WebCore::CellSpan::start): Deleted.
        (WebCore::CellSpan::end): Deleted.

2015-02-16  Dean Jackson  <dino@apple.com>

        REGRESSION: Video control fails to hide after playback begins in reflowable EPUB files
        https://bugs.webkit.org/show_bug.cgi?id=141689
        <rdar://problem/19689286>

        Reviewed by Eric Carlson.

        The iBooks app turns off the requirement for a user gesture
        before triggering playback. When we moved to script-based
        media controls there were a few regressions in this setup.
        This makes them behave a lot more like iOS 7.

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.setPlaying): We don't want to hide the controls
        yet, just start a hiding timer.
        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.shouldHaveStartPlaybackButton): If we've ever
        played before, we don't want to show the big start button. If we
        are in the middle of construction, we do want to show it. We no
        longer care about the case where you're not in setup and have
        the relaxed restrictions (we still want to show the start button
        in that case).
        (ControllerIOS.prototype.showControls): When we show the controls,
        make sure our timeline is up to date. This is necessary for the
        cases where we automatically show the controls, such as when we hit
        the end of a video.
        (ControllerIOS.prototype.updateTime): Make sure to pass the forceUpdate
        parameter on to the super-method.
        (ControllerIOS.prototype.setPlaying):
        (ControllerIOS.prototype.progressFillStyle): Deleted.

2015-02-17  Chris Dumez  <cdumez@apple.com>

        Access MemoryPressureHandler global instance via a singleton() static member function
        https://bugs.webkit.org/show_bug.cgi?id=141691

        Reviewed by Andreas Kling.

        Access MemoryPressureHandler global instance via a singleton() static
        member function as per coding style. Also make all other member
        functions non-static as callers can just use singleton() to get the
        instance and access methods. This avoid having to call
        MemoryPressureHandler::singleton() from member functions.

        * bindings/js/ScriptController.cpp:
        (WebCore::collectGarbageAfterWindowShellDestruction):
        * history/PageCache.cpp:
        (WebCore::PageCache::canCache):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad):
        * page/FrameView.cpp:
        (WebCore::FrameView::willPaintContents):
        (WebCore::FrameView::didPaintContents):
        (WebCore::FrameView::computeCoverageRect):
        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::singleton):
        (WebCore::MemoryPressureHandler::MemoryPressureHandler):
        (WebCore::MemoryPressureHandler::releaseCriticalMemory):
        (WebCore::memoryPressureHandler): Deleted.
        * platform/MemoryPressureHandler.h:
        (WebCore::MemoryPressureHandler::setLowMemoryHandler):
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::platformReleaseMemory):
        (WebCore::MemoryPressureHandler::install):
        (WebCore::MemoryPressureHandler::holdOff):
        (WebCore::respondToMemoryPressureCallback):
        * platform/graphics/FontCache.cpp:
        (WebCore::FontCache::purgeInactiveFontDataIfNeeded):
        * platform/ios/LegacyTileCache.mm:
        (WebCore::LegacyTileCache::createTilesInActiveGrid):
        * platform/ios/LegacyTileGrid.mm:
        (WebCore::LegacyTileGrid::shouldUseMinimalTileCoverage):
        * platform/ios/LegacyTileLayerPool.mm:
        (WebCore::LegacyTileLayerPool::addLayer):
        * platform/ios/TileControllerMemoryHandlerIOS.cpp:
        (WebCore::TileControllerMemoryHandler::tileControllerGainedUnparentedTiles):
        * platform/linux/MemoryPressureHandlerLinux.cpp:
        (WebCore::MemoryPressureHandler::waitForMemoryPressureEvent):

2015-02-17  Alex Christensen  <achristensen@webkit.org>

        Remove WebCore.exp.in and clean up.
        https://bugs.webkit.org/show_bug.cgi?id=141491

        Reviewed by Andreas Kling.

        * Configurations/WebCore.xcconfig:
        Don't use exported symbols files.
        * DerivedSources.make:
        Don't generate export files.
        * WebCore.exp.in: Removed.
        * WebCore.xcodeproj/project.pbxproj:
        Removed WebCoreExportFileGenerator targets.
        * make-export-file-generator: Removed.

2015-02-17  Carlos Garcia Campos  <cgarcia@igalia.com>

        Use HashMap::add instead of get/contains + set in DOMObjectCache
        https://bugs.webkit.org/show_bug.cgi?id=141558

        Rubber-stamped by Žan Doberšek.

        * bindings/gobject/DOMObjectCache.cpp:
        (WebKit::getOrCreateDOMObjectCacheFrameObserver):
        (WebKit::DOMObjectCache::put):

2015-02-17  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] GObject DOM bindings object are cached forever
        https://bugs.webkit.org/show_bug.cgi?id=141558

        Reviewed by Sergio Villar Senin.

        Rework the DOMObjectCache to avoid having to manually clear the
        objects when the frame is destroyed, using a FrameDestructionObserver
        instead. When a new object associated to a Frame is added to the
        cache, a FrameDestructionObserver is created for the frame if
        needed, and the DOM object is tracked by the observer too. When
        the frame is detached from the page all its objects are cleared,
        and if the aren't additional references, the object is finalized
        and removed from the cache normally.
        This patch also simplifies and modernizes the code to make it
        easier to read an maintain.

        * bindings/gobject/DOMObjectCache.cpp:
        (WebKit::DOMObjectCacheData::DOMObjectCacheData): Add constructor
        to initialize its members and simplify the callers.
        (WebKit::DOMObjectCacheData::clearObject): Remove the references
        added by the cache, ensuring the GObject is not finalized until
        the method returns.
        (WebKit::DOMObjectCacheData::refObject): Adds a reference owned by
        the cache.
        (WebKit::domObjectCacheFrameObservers): Map a frame to a FrameDestructionObserver.
        (WebKit::getOrCreateDOMObjectCacheFrameObserver): Create a new
        FrameDestructionObserver for the given Frame or return the
        existing one.
        (WebKit::domObjects): Map wrapped object to wrapper object.
        (WebKit::DOMObjectCache::forget): Remove the wrapped object from
        the cache.
        (WebKit::DOMObjectCache::get): Return the wrapped object if it is
        in the cache, increasing the cache references.
        (WebKit::DOMObjectCache::put): Add the wrapper object to the cache
        for the given wrapped object. If it's a Node and has a frame add
        the node to the FrameDestructionObserver corresponding to the frame.
        (WebKit::getFrameFromHandle): Deleted.
        (WebKit::weakRefNotify): Deleted.
        (WebKit::DOMObjectCache::clearByFrame): Deleted.
        (WebKit::DOMObjectCache::~DOMObjectCache): Deleted.
        * bindings/gobject/DOMObjectCache.h:

2015-02-17  ChangSeok Oh  <changseok.oh@collabora.com>

        REGRESSION(r180050): It broke the !ENABLE(CSS_GRID_LAYOUT) build
        https://bugs.webkit.org/show_bug.cgi?id=141647

        Reviewed by Csaba Osztrogonác.

        No new tests since this just fixes a build break.

        * dom/Position.cpp: Add a build guard ENABLE(CSS_GRID_LAYOUT) for RenderGrid.
        (WebCore::Position::isCandidate):

2015-02-16  Chris Dumez  <cdumez@apple.com>

        Keep all memory cache resources in ListHashSets
        https://bugs.webkit.org/show_bug.cgi?id=141667

        Reviewed by Andreas Kling.

        Keep all memory cache resources in ListHashSets instead of manual linked
        lists. This simplifies the code a lot and is also more efficient for
        retrieving / removing particular CachedResources.

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        * loader/cache/CachedResource.h:
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::pruneDeadResourcesToSize):
        (WebCore::MemoryCache::removeFromLRUList):
        (WebCore::MemoryCache::insertInLRUList):
        (WebCore::MemoryCache::dumpLRULists):
        (WebCore::MemoryCache::lruListFor): Deleted.
        * loader/cache/MemoryCache.h:

2015-02-16  Benjamin Poulain  <benjamin@webkit.org>

        CSS JIT: finish :nth-last-child()
        https://bugs.webkit.org/show_bug.cgi?id=141629

        Reviewed by Andreas Kling.

        This patch adds the matcher for :nth-child(An+B of selector list) and
        fix a small bug I discovered while working on it.

        The matcher is straightforward: count the next siblings matching the selector,
        nothing fancy.

        While working on it I noticed I forgot the test for IsParsingChildrenFinished
        on the simple version of :nth-last-child(). I add it in both matcher, write
        a couple of tests, the first part of the tests now succeed, but the second part
        fails...

        What happened is:
        1) We interupt the parsing to execute the JavaScript.
           From there, we force the style resolution to get the computed style.
        2) When resolving the style, the early check for isFinishedParsingChildren()
           quits the function early. This is done *before* we marked the parent
           for :nth-last-child() style resolution.
        3) After the script, parsing resume and the following elements are added.
        4) When resolving the style, only the new elements are marked dirty,
           the elements pending their :nth-last-child() style never get udpated.

        To fix the problem, I moved the test for FinishedParsingChildren after
        the parent marking.

        Honestly, those early return for FinishedParsingChildren need to be refined
        and they should be tested properly. We should not do this kind of things
        for Query for example.

        Tests: fast/selectors/nth-last-child-cannot-match-during-parsing-1.html
               fast/selectors/nth-last-child-cannot-match-during-parsing-2.html
               fast/selectors/nth-last-child-of-cannot-match-during-parsing-1.html
               fast/selectors/nth-last-child-of-cannot-match-during-parsing-2.html
               fast/selectors/nth-last-child-of-register-requirement.html

        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::checkOne):
        Fix the tree marking.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoClassType):
        The fragment creation was already done, all I had to do was
        accept the compile.

        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        :nth-child() and :nth-last-child() with a selector list are heavier than :not()
        and :matches(), move them accordingly.

        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChild):
        More the early return after the tree marking.

        (WebCore::SelectorCompiler::setParentAffectedByLastChildOf):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChildOf):
        New matcher, nothing optimized yet.

2015-02-16  Tim Horton  <timothy_horton@apple.com>

        Adopt CAMachPort-as-layer-contents
        https://bugs.webkit.org/show_bug.cgi?id=141687
        <rdar://problem/19393233>

        Reviewed by Simon Fraser.

        No new tests, just a performance bump.

        * platform/cocoa/MachSendRight.h:
        (WebCore::MachSendRight::operator bool):
        Add an operator bool() that checks if the underlying port is nonnull.

        * platform/spi/cocoa/QuartzCoreSPI.h:
        Add some SPI.

2015-02-15  Sam Weinig  <sam@webkit.org>

        Add experimental <attachment> element support
        https://bugs.webkit.org/show_bug.cgi?id=141626

        Reviewed by Tim Horton.

        Adds scaffolding for an experimental implementation of an <attachment> element
        which can represent a file attachment (e.g. NSTextAttachment in NSAttributedString
        parlance).

        The implementation is guarded by both an #ifdef (ENABLE(ATTACHMENT_ELEMENT)) and 
        a setting (Settings::attachmentElementEnabled()).

        Tests: fast/attachment/attachment-disabled-dom.html
               fast/attachment/attachment-disabled-rendering.html
               fast/attachment/attachment-dom.html
               fast/attachment/attachment-rendering.html

        * Configurations/FeatureDefines.xcconfig:
        Add new ENABLE_ATTACHMENT_ELEMENT macro.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:
        Add new files.

        * dom/make_names.pl:
        Add support for checking a setting to determine if a particular tag should be exposed.

        * html/HTMLAttachmentElement.cpp: Added.
        * html/HTMLAttachmentElement.h: Added.
        Stub out the basics of the new element.

        * html/HTMLElementsAllInOne.cpp:
        Add HTMLAttachmentElement.cpp.

        * html/HTMLTagNames.in:
        Add 'attachment'.

        * page/Settings.in:
        Add attachmentElementEnabled setting.

        * rendering/RenderAttachment.cpp: Added.
        * rendering/RenderAttachment.h: Added.
        Stub out the basics of the new render. We will probably want to replace this with
        a non-replaced render, but this will do as a placeholder for now.

        * rendering/RenderObject.h:
        (WebCore::RenderObject::isAttachment):
        Add predicate for type casting.

        * rendering/RenderingAllInOne.cpp:
        Add RenderAttachment.cpp.

2015-02-16  Andreas Kling  <akling@apple.com>

        GC (almost) immediately when navigating under memory pressure.
        <https://webkit.org/b/141663>

        Reviewed by Geoffrey Garen.

        Since the PageCache is already disabled in memory pressure situations,
        we know that detaching the old window shell on navigation is basically
        guaranteed to generate a bunch of garbage, we can soften the memory
        peak a bit by doing a GC right away instead of scheduling one for soon(tm).

        * bindings/js/GCController.cpp:
        (WebCore::GCController::GCController):
        (WebCore::GCController::garbageCollectSoon):
        (WebCore::GCController::garbageCollectOnNextRunLoop):
        (WebCore::GCController::gcTimerFired):
        * bindings/js/GCController.h:

            Add a GCController::garbageCollectOnNextRunLoop() complement to the
            "soon" and "now" options. There was already a zero timer in here for
            non-CF builds, so I just used that same timer to implement this
            and have the non-CF code path call garbageCollectOnNextRunLoop().

        * bindings/js/ScriptController.cpp:
        (WebCore::collectGarbageAfterWindowShellDestruction):
        (WebCore::ScriptController::~ScriptController):
        (WebCore::ScriptController::clearWindowShell):

            Under system memory pressure conditions, schedule a full GC on next
            runloop iteration instead of just asking for it to happen soon.
            We do it on next runloop to ensure that there's no pointer to the
            window object on the stack.

2015-02-16  Enrica Casucci  <enrica@apple.com>

        Emoji sequences do not render properly.
        https://bugs.webkit.org/show_bug.cgi?id=141661
        rdar://problem/19820463

        Reviewed by Sam Weinig.

        Emoji sequences and emoji with variations should be rendered
        using the Complex code path and should be treated as graphemes.
        This change modifies advanceByCombiningCharacterSequence to add
        this logic.

        Test: fast/text/emoji.html

        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::characterRangeCodePath):
        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::advanceByCombiningCharacterSequence): Implements a simple
        logic to treat emoji sequences and emoji with variations as graphemes.
        * platform/text/CharacterProperties.h: Added.
        (WebCore::isEmojiGroupCandidate):
        (WebCore::isEmojiModifier):
        (WebCore::isVariationSelector):
        * rendering/RenderText.cpp:
        (WebCore::isEmojiGroupCandidate): Deleted.
        (WebCore::isEmojiModifier): Deleted.

2015-02-16  Zalan Bujtas  <zalan@apple.com>

        RenderTableRow should check if it has access to its ancestor chain.
        https://bugs.webkit.org/show_bug.cgi?id=141668

        Reviewed by Andreas Kling.

        Preventive fix.

        * rendering/RenderTableRow.cpp:
        (WebCore::RenderTableRow::styleDidChange):
        (WebCore::RenderTableRow::addChild):
        * rendering/RenderTableRow.h:

2015-02-16  Jer Noble  <jer.noble@apple.com>

        [iOS] Build fix: declare undeclared identifier 'credential'.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::receivedCredential):

2015-02-16  Jer Noble  <jer.noble@apple.com>

        [iOS] Unable to play .mp4 file over http with basic http authentication
        https://bugs.webkit.org/show_bug.cgi?id=141503
        rdar://problem/15799844

        Reviewed by Alexey Proskuryakov.

        On iOS, CFNetwork is used for authentication, so the NSURLAuthenticationChallenge
        provided by AVAssetResourceLoader needs to be shoehorned into a AuthenticationChallenge
        object by way of CFURLAuthChallengeRef.

        Create a new class, WebCoreNSURLAuthenticationChallengeClient, whose sole purpose
        is to take AuthenticationChallengeClient callbacks and pass them along to a
        NSURLAuthenticationChallenge sender.

        Create a NSURLAuthenticationChallenge out of the CF version through an SPI, and add
        that SPI to a new header. Drive-by fix: take two of our existing SPI calls and move
        them into that same header.

        * WebCore.xcodeproj/project.pbxproj: Add CFNSURLConnectionSPI.h to project.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::create): Factory.
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::WebCoreNSURLAuthenticationChallengeClient): Simple constructor.
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::receivedCredential): Pass to m_challenge.
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::receivedRequestToContinueWithoutCredential): Ditto.
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::receivedCancellation): Ditto.
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::receivedRequestToPerformDefaultHandling): Ditto.
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::receivedChallengeRejection): Ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForResponseToAuthenticationChallenge):
            Create an AuthenticationChallenge out of the nsChallenge and client and pass it up
            to the HTMLMediaElement.
        * platform/network/mac/AuthenticationMac.mm:
        * platform/spi/cocoa/CFNSURLConnectionSPI.h: Added.

2015-02-16  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Revert a change in SVGRenderSupport::mapLocalToContainer committed for fixing <https://bugs.webkit.org/show_bug.cgi?id=119626>.
        https://bugs.webkit.org/show_bug.cgi?id=138439

        Reviewed by Darin Adler.

        The change http://trac.webkit.org/changeset/164861 was ported from Blink
        but it was was revert later because it broke Chrome SVG rendering. It also
        broke the WebKit SVG text search highlighting.
        
        Tests: svg/transforms/svg-geometry-crash.html: This test was added by the
        blamed change. A new but correct solution is required to fix the assertion.

        * rendering/svg/SVGRenderSupport.h:
        * rendering/svg/SVGRenderSupport.cpp:
        Notice that TransformState.applyTransform() does matrix-left-multiplication,
        i.e. state = transform * state. But operator*() of AffineTransform and
        MatrixTransform  does right multiply, i.e. this = this * transform.
        
        (WebCore::SVGRenderSupport::localToParentTransform): Have the calculation
        of the SVG localToParentTransform in one shared function.
        
        (WebCore::SVGRenderSupport::mapLocalToContainer): Revert the Blink change.
        If the parent is the SVG root, the transform state should be equal to
        transform = svg_to_css_mapping * local_to_parent_mapping * transform.
        
        (WebCore::SVGRenderSupport::pushMappingToContainer): Get the localToParent
        transform to be pushed in the geometryMap. If the parent is the SVG root,
        localToParent = svg_to_css_mapping * local_to_parent_mapping. The original
        code was doing the opposite and this is the cause of the assertion which 
        was fixed wrongly by reversing the correct multiplication order in 
        SVGRenderSupport::mapLocalToContainer().

2015-02-16  Zalan Bujtas  <zalan@apple.com>

        RenderTableCell can't access its parent while in detached state.
        https://bugs.webkit.org/show_bug.cgi?id=141639
        rdar://problem/19850760

        Reviewed by Simon Fraser.

        Null check against ancestor chain so that certain methods in RenderTableCell can
        be called even if the renderer is not yet attached.

        Test: fast/table/table-cell-crash-when-detached-state.html

        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::borderLeft):
        (WebCore::RenderTableCell::borderRight):
        (WebCore::RenderTableCell::borderTop):
        (WebCore::RenderTableCell::borderBottom):
        (WebCore::RenderTableCell::borderStart):
        (WebCore::RenderTableCell::borderEnd):
        (WebCore::RenderTableCell::borderBefore):
        (WebCore::RenderTableCell::borderAfter):
        * rendering/RenderTableCell.h:

2015-02-16  David Hyatt  <hyatt@apple.com>

        Add ifdefs to avoid adjusting Ruby selection rects to avoid overlap on iOS.
        https://bugs.webkit.org/show_bug.cgi?id=141651
        <rdar://problem/19182526>
        
        Reviewed by Simon Fraser.

        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::selectionTop):
        (WebCore::RootInlineBox::selectionBottom):

2015-02-16  David Kilzer  <ddkilzer@apple.com>

        SoftLinking.h: Update copyright and license; clean up whitespace

        * platform/mac/SoftLinking.h:

2015-02-12  David Hyatt  <hyatt@apple.com>

        text-underline-position:under has multiple correctness issues
        https://bugs.webkit.org/show_bug.cgi?id=141528

        Reviewed by Dean Jackson.

        Added a bunch of new tests in fast/text

        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::maxLogicalBottomForTextDecorationLine):
        (WebCore::InlineFlowBox::minLogicalTopForTextDecorationLine):
        (WebCore::InlineFlowBox::computeMaxLogicalBottom): Deleted.
        * rendering/InlineFlowBox.h:
        These functions have been re-written to take an enclosing renderer that specified the
        decoration. This way they can properly limit the bottom/top computation to only line boxes
        that are contained inside the renderer.

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paintDecoration):
        Tweak the call to get the decoration colors now that quirks mode has been removed.

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::enclosingRendererWithTextDecoration):
        * rendering/RenderElement.h:
        New function that finds the enclosing renderer that specified a text decoration. For now
        this is only used in the "under" position computation, but soon we'll be using it
        everywhere.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::getTextDecorationColors):
        * rendering/RenderObject.h:
        Remove the quirks mode argument, since we were always passing true anyway (making the argument dead).

        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::maxLogicalBottom): Deleted.
        * rendering/RootInlineBox.h:
        Get rid of these functions and just have InlineTextBoxStyle's computeUnderLineOffset function call
        the InlineFlowBox functions directly.

        * style/InlineTextBoxStyle.cpp:
        (WebCore::computeUnderlineOffset):
        Re-written to fetch the enclosingRendererWithTextDecoration so that it can be passed to the logical top/bottom
        computation to limit which line boxes get included.

2015-02-16  Brent Fulgham  <bfulgham@apple.com>

        FEGaussianBlur::calculateUnscaledKernelSize does unspeakable things with signed and unsigned values
        https://bugs.webkit.org/show_bug.cgi?id=141596
        <rdar://problem/19837103>

        Reviewed by Zalan Bujtas.

        No new tests. Covered by css3/filters/huge-blur-value.html

        Avoid overflowing the signed integer values by not converting from unsigned
        until the maximum size has been clamped to the expected max.

        * platform/graphics/filters/FEGaussianBlur.cpp:
        (WebCore::FEGaussianBlur::calculateUnscaledKernelSize):

2015-02-13  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] Invalid initialization of track sizes with non spanning grid items
        https://bugs.webkit.org/show_bug.cgi?id=140763

        Reviewed by Antti Koivisto.

        Content sized tracks with non-spanning grid items were not
        properly sized because the growth limit was sometimes infinity
        (-1) after calling resolveContentBasedTrackSizingFunctions() when
        it should not. This patch adds an special initialization phase for
        non-spanning grid items as the new track sizing algorithm
        describes.

        Granted, that was handled in the old algorithm in
        distributeSpaceToTracks() as a special case. The problem is that
        it regressed after the optimization added in r173868 because that
        method is no longer called when the space to distribute is 0.

        That's why we could fix this by allowing calls to
        distributeSpaceToTracks() with spaceToDistribute>=0 but by fixing
        it with an explicit initialization our implementation becomes
        closer to the new algorithm and the initialization is now explicit
        in the code instead of a side effect of calling
        distributeSpaceToTracks() with no space to be distributed. It also
        brings a slight performance improvement as we save sorts and hash
        lookups.

        I also took the change to add caching to several GridTrackSize
        methods that were hot on the profiler (each one accounted for ~1%
        of the total time, now they account for ~0.3% each).

        Test: fast/css-grid-layout/grid-initialize-span-one-items.html

        * rendering/RenderGrid.cpp:
        (WebCore::GridItemWithSpan::span): New helper method for ASSERTs.
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
        Exclude non spanning grid items from the calls to
        resolveContentBasedTrackSizingFunctionsForItems().
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
        New method to resolve track sizes only using non-spanning grid
        items.
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
        Ensure that it isn't called for non-spanning grid items.
        * rendering/RenderGrid.h:
        * rendering/style/GridTrackSize.h:
        (WebCore::GridTrackSize::GridTrackSize): Cache return values.
        (WebCore::GridTrackSize::setLength): Ditto.
        (WebCore::GridTrackSize::setMinMax): Ditto.
        (WebCore::GridTrackSize::cacheMinMaxTrackBreadthTypes): New method
        that caches the return values for hasXXXTrackBreadth() methods.
        (WebCore::GridTrackSize::hasMinOrMaxContentMinTrackBreadth): Use
        the cached return value.
        (WebCore::GridTrackSize::hasMaxContentMaxTrackBreadth): Ditto.
        (WebCore::GridTrackSize::hasMinContentMaxTrackBreadth): Ditto.
        (WebCore::GridTrackSize::hasMinOrMaxContentMaxTrackBreadth): Ditto.
        (WebCore::GridTrackSize::hasMaxContentMinTrackBreadth): Ditto.
        (WebCore::GridTrackSize::hasMinContentMinTrackBreadth): Ditto.
        (WebCore::GridTrackSize::hasMinContentMinTrackBreadthAndMinOrMaxContentMaxTrackBreadth):
        Ditto.
        (WebCore::GridTrackSize::hasMaxContentMinTrackBreadthAndMaxContentMaxTrackBreadth):
        Ditto.

2015-02-16  Milan Crha  <mcrha@redhat.com>

        [GTK] Loading page into WebView shows g_closure_unref warning
        https://bugs.webkit.org/show_bug.cgi?id=127474

        Reviewed by Carlos Garcia Campos.

        * bindings/gobject/GObjectEventListener.cpp:
        (WebCore::GObjectEventListener::gobjectDestroyed):

2015-02-13  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] Remove the usage of Length(Undefined) in GridLength
        https://bugs.webkit.org/show_bug.cgi?id=141562

        Reviewed by Chris Dumez.

        From Blink r164154 by <timloh@chromium.org>

        The patch simplifies some of the logic in creating and applying
        GridLength and GridTrackSize values to RenderStyles by using the
        constructors for initialisation instead of deferring to setters.

        The rationale behind this change is that neither of
        createGridTrackSize() nor createGridTrackBreadth() should be able
        to fail, so these are changed to return objects directly instead
        of taking an out reference (note that in general failing in
        applying properties is incorrect and we should catch these in the
        parser).

        The quirk value across to the Lengths was also removed because it
        doesn't apply to Grid.

        * css/CSSPropertyNames.in:
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::createGridTrackBreadth): Return a
        GridLength instead of a bool.
        (WebCore::StyleBuilderConverter::createGridTrackSize): Return a
        GridTrackSize instead of a bool.
        (WebCore::StyleBuilderConverter::createGridTrackList): Do not
        create temporary GridTrackSizes with undefined Lengths.
        (WebCore::StyleBuilderConverter::convertGridTrackSize): Ditto.
        * rendering/style/GridLength.h:
        (WebCore::GridLength::GridLength): It now requires a mandatory
        Length argument.
        (WebCore::GridLength::length): Deleted.
        (WebCore::GridLength::setFlex): Deleted.
        * rendering/style/GridTrackSize.h:
        (WebCore::GridTrackSize::GridTrackSize): It now requires a
        mandatory GridLength argument.
        (WebCore::GridTrackSize::length): Removed no longer valid ASSERTs.
        (WebCore::GridTrackSize::minTrackBreadth): Ditto.
        (WebCore::GridTrackSize::maxTrackBreadth): Ditto.
        (WebCore::GridTrackSize::setLength): Deleted.
        (WebCore::GridTrackSize::setMinMax): Deleted.
        * rendering/style/RenderStyle.h:

2015-02-13  Grzegorz Czajkowski  <g.czajkowski@samsung.com>

        Removing text node does not remove its associated markers
        https://bugs.webkit.org/show_bug.cgi?id=140999

        Reviewed by Ryosuke Niwa.

        Removing text node via script does not remove its markers.
        For example, running the following script:

        <script>
            var div = document.getElementById("testElement");
            div.focus();
            document.execCommand("InsertText", false, "welllcome ");

            // Give a time async spellchecker to show its markers and
            // remove the node.
            setTimeout(function() { div.removeChild(div.firstChild); }, 100);
        </script>

        will cause that DocumentMarkerController still stores the markers for
        detached node.

        The same issue occurs when the text gets cleared, for example,
        <script>
            input.value = ""; // for HTMLTextAreaElement, HTMLInputElement
            // or
            div.innerHTML = ""; // for content editable
        </script>

        No new tests. Internals marker APIs operate on text node attached
        to the element. To test it we could expose document().markers().hasMarkers()
        but there is no more useful cases where it could be used.
        Another obstacle is that we are in isInShadowTree() so that there is
        no possible to register on "DOMSubtreeModified" event.
        Test cases attached to the bug:
        1. input.value = ""  https://bug-140999-attachments.webkit.org/attachment.cgi?id=245704
        2. elem.removeChild(textNode) https://bug-140999-attachments.webkit.org/attachment.cgi?id=246515

        Remove markers when text nodes are about to remove.
        * dom/Document.cpp:
        (WebCore::Document::nodeChildrenWillBeRemoved):
        Fixes input.value = ""
        (WebCore::Document::nodeWillBeRemoved):
        Fixes elem.removeChild(textNode)

2015-02-15  David Kilzer  <ddkilzer@apple.com>

        REGRESSION (r180082): WebCore Debug builds fail on Mavericks due to weak export symbols
        <http://webkit.org/b/141607>

        This should fix the build, but leaves a FIXME list in
        WebCore.unexp.

        * Configurations/WebCore.unexp: Add weak externals with a FIXME
        statement so they can be removed later.  It's more important to
        fix the build first.

        * Configurations/WebCore.xcconfig: Change XCODE_VERSION_MINOR to
        XCODE_VERSION_MAJOR since the internal bots use version 5.1.1
        which still has the error.

2015-02-15  Brian J. Burg  <burg@cs.washington.edu>

        Web Inspector: remove unused XHR replay code
        https://bugs.webkit.org/show_bug.cgi?id=141622

        Reviewed by Timothy Hatcher.

        XHR Replay functionality became unused with the last frontend rewrite.
        Remove instrumentation and data storage classes only used by this feature.

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::documentThreadableLoaderStartedLoadingForClientImpl): Deleted.
        (WebCore::InspectorInstrumentation::willLoadXHRImpl): Deleted.
        (WebCore::InspectorInstrumentation::didFailXHRLoadingImpl): Deleted.
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::documentThreadableLoaderStartedLoadingForClient): Deleted.
        (WebCore::InspectorInstrumentation::willLoadXHR): Deleted.
        (WebCore::InspectorInstrumentation::didFailXHRLoading): Deleted.
        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::didLoadResourceFromMemoryCache):
        (WebCore::InspectorResourceAgent::didFinishXHRLoading):
        (WebCore::InspectorResourceAgent::documentThreadableLoaderStartedLoadingForClient): Deleted.
        (WebCore::InspectorResourceAgent::willLoadXHR): Deleted.
        (WebCore::InspectorResourceAgent::didFailXHRLoading): Deleted.
        (WebCore::InspectorResourceAgent::replayXHR): Deleted.
        * inspector/InspectorResourceAgent.h:
        * inspector/NetworkResourcesData.cpp:
        (WebCore::NetworkResourcesData::clear):
        (WebCore::XHRReplayData::create): Deleted.
        (WebCore::XHRReplayData::XHRReplayData): Deleted.
        (WebCore::NetworkResourcesData::xhrReplayData): Deleted.
        (WebCore::NetworkResourcesData::setXHRReplayData): Deleted.
        (WebCore::NetworkResourcesData::reuseXHRReplayData): Deleted.
        * inspector/NetworkResourcesData.h:
        (WebCore::XHRReplayData::method): Deleted.
        (WebCore::XHRReplayData::url): Deleted.
        (WebCore::XHRReplayData::async): Deleted.
        (WebCore::XHRReplayData::formData): Deleted.
        (WebCore::XHRReplayData::headers): Deleted.
        (WebCore::XHRReplayData::includeCredentials): Deleted.
        (WebCore::NetworkResourcesData::ResourceData::xhrReplayData): Deleted.
        (WebCore::NetworkResourcesData::ResourceData::setXHRReplayData): Deleted.
        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::loadRequest):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest):
        (WebCore::XMLHttpRequest::internalAbort):
        (WebCore::XMLHttpRequest::sendForInspectorXHRReplay): Deleted.
        * xml/XMLHttpRequest.h:

2015-02-15  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Crash when accessing an item in SVGTransformList and then removing a previous item from this list.
        https://bugs.webkit.org/show_bug.cgi?id=141550.

        Reviewed by David Kilzer.

        * svg/properties/SVGMatrixTearOff.h:
        (WebCore::SVGMatrixTearOff::create): Fix a compilation error on the release build.
        The ASSERT() here references a parameter which is not used anywhere else. We need 
        to change it to ASSERT_UNUSED(). 

2015-02-15  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Crash when accessing an item in SVGTransformList and then removing a previous item from this list.
        https://bugs.webkit.org/show_bug.cgi?id=141550.

        Reviewed by Darin Adler.

        Tests: LayoutTests/svg/dom/SVGTransformList-basics.xhtml: This test is modified to
        include a new test case.

        * svg/properties/SVGMatrixTearOff.h: m_value of SVGMatrixTearOff will be a null
        pointer. There is no point in having SVGMatrixTearOff points to the parent and
        the property of the parent at the same time.
        
        (WebCore::SVGMatrixTearOff::create): SVGMatrixTearOff will hold a pointer to
        the parent SVGPropertyTearOff<SVGTransform>. But it should overrides setValue()
        and propertyReference() so it can set and get the SVGMatrix from the SVGTransform
        parent.
        
        (WebCore::SVGMatrixTearOff::SVGMatrixTearOff): Pass a nullptr to the base class.
        SVGMatrixTearOff will act as a proxy of the parent. It does not hold any data by
        itself but it knows what property to set and get from the parent.
        
        * svg/properties/SVGPropertyTearOff.h:
        (WebCore::SVGPropertyTearOff::create): Add a create method which can take a pointer value.
        
        (WebCore::SVGPropertyTearOff::propertyReference):
        (WebCore::SVGPropertyTearOff::setValue): Make these functions virtual so concrete classes
        like SVGMatrixTearOff can override them.
        
        (WebCore::SVGPropertyTearOff::SVGPropertyTearOff): Add a new constructor.

2015-02-15  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Crash when accessing an item in SVGLengthList and then replacing it with a previous item in the list.
        https://bugs.webkit.org/show_bug.cgi?id=141552.

        Reviewed by Darin Adler.

        Tests: LayoutTests/svg/dom/SVGLengthList-basics.xhtml: This test is modified to
        include a new test case.

        * svg/properties/SVGListPropertyTearOff.h: Commit the removal of the replacing item
        before trying to detach the wrapper of the item which going to be replaced.

2015-02-15  David Kilzer  <ddkilzer@apple.com>

        CoreText only needs to be soft-linked on Windows

        More work towards the Maverick Debug build fix:

        REGRESSION (r180082): WebCore Debug builds fail on Mavericks due to weak export symbols
        <http://webkit.org/b/141607>

        * page/CaptionUserPreferencesMediaAF.cpp:

2015-02-15  Alexey Proskuryakov  <ap@apple.com>

        More build fixing.

        * platform/cocoa/TelephoneNumberDetectorCocoa.cpp:

2015-02-14  Alexey Proskuryakov  <ap@apple.com>

        More internal build fixing.

        DDDFACache.h is not an actual private header, so we were using open source
        redeclaration of DDDFACacheRef with an internal function prototype from DDDFAScanner.h.

        * platform/cocoa/TelephoneNumberDetectorCocoa.cpp:
        (WebCore::TelephoneNumberDetector::phoneNumbersScanner):

2015-02-14  Benjamin Poulain  <benjamin@webkit.org>

        Add the initial matching implementation for attribute selectors with case-insensitive value
        https://bugs.webkit.org/show_bug.cgi?id=141615

        Reviewed by Andreas Kling.

        Tests: fast/css/case-insensitive-attribute-selector-specificity.html
               fast/css/case-insensitive-attribute-selector-styling-html-1.html
               fast/css/case-insensitive-attribute-selector-styling-html-2.html
               fast/css/case-insensitive-attribute-selector-styling-html-3.html
               fast/css/case-insensitive-attribute-selector-styling-xhtml-1.xhtml
               fast/css/case-insensitive-attribute-selector-styling-xhtml-2.xhtml
               fast/css/case-insensitive-attribute-selector-styling-xhtml-3.xhtml
               fast/selectors/case-insensitive-attribute-bascis.html
               fast/selectors/case-insensitive-attribute-matching-style-attribute.html
               fast/selectors/case-insensitive-attribute-style-update.html
               fast/selectors/case-insensitive-attribute-with-case-sensitive-name.html

        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::checkOne):
        We already had case-insensitive value matching due to some legacy HTML
        behaviors where some attribute values would be matched case-insensitively
        depending on the attribute name.

        For this patch, I just re-use the same mechanism. I used branches to try
        to convey the idea that matching is case sensitive by default unless
        the selector has a flag or we are in the weird HTML exception.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::constructFragmentsInternal):
        Disable that case in the CSS JIT for now, I'll implement it later.

2015-02-14  David Kilzer  <ddkilzer@apple.com>

        Declare soft-linked functions with extern "C" linkage

        More work towards the Maverick Debug build fix:

        REGRESSION (r180082): WebCore Debug builds fail on Mavericks due to weak export symbols
        <http://webkit.org/b/141607>

        * platform/mac/SoftLinking.h: Try declaring soft-linked
        functions with extern "C" linkage to see if they stop appearing
        as weak externals.  This has the added benefit that if the
        function signature changes, we'll get a build failure.

2015-02-14  Joseph Pecoraro  <pecoraro@apple.com>

        [Mac] RetainPtr member cleanup, possible leaks
        https://bugs.webkit.org/show_bug.cgi?id=141616

        Reviewed by Andreas Kling.

        * platform/mac/PlatformSpeechSynthesizerMac.mm:
        (-[WebSpeechSynthesisWrapper speakUtterance:]):
        Adopt the allocated object to avoid a possible leak.

        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
        Adopt to avoid unnecessary retain/autorelease.

2015-02-14  Joseph Pecoraro  <pecoraro@apple.com>

        IncompleteMetaDataCue leak seen on leaks bot
        https://bugs.webkit.org/show_bug.cgi?id=141611

        Reviewed by Eric Carlson.        

        * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.h:
        (WebCore::IncompleteMetaDataCue::IncompleteMetaDataCue): Deleted.
        (WebCore::IncompleteMetaDataCue::~IncompleteMetaDataCue): Deleted.
        (WebCore::IncompleteMetaDataCue::cueData): Deleted.
        (WebCore::IncompleteMetaDataCue::startTime): Deleted.
        Convert to a struct and hold a list of structs instead of pointers.

        * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.cpp:
        (WebCore::InbandMetadataTextTrackPrivateAVF::addDataCue):
        (WebCore::InbandMetadataTextTrackPrivateAVF::updatePendingCueEndTimes):
        (WebCore::InbandMetadataTextTrackPrivateAVF::flushPartialCues):
        Update use of IncompleteMetaDataCue and modernize related code.

2015-02-09  Brian J. Burg  <burg@cs.washington.edu>

        Web Inspector: remove some unnecessary Inspector prefixes from class names in Inspector namespace
        https://bugs.webkit.org/show_bug.cgi?id=141372

        Reviewed by Joseph Pecoraro.

        * WebCore.exp.in:
        * inspector/InspectorApplicationCacheAgent.cpp:
        (WebCore::InspectorApplicationCacheAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorApplicationCacheAgent::willDestroyFrontendAndBackend):
        * inspector/InspectorApplicationCacheAgent.h:
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorCSSAgent::willDestroyFrontendAndBackend):
        * inspector/InspectorCSSAgent.h:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        (WebCore::InspectorController::inspectedPageDestroyed):
        (WebCore::InspectorController::connectFrontend):
        (WebCore::InspectorController::disconnectFrontend):
        (WebCore::InspectorController::show):
        (WebCore::InspectorController::close):
        (WebCore::InspectorController::dispatchMessageFromFrontend):
        * inspector/InspectorController.h:
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorDOMAgent::willDestroyFrontendAndBackend):
        * inspector/InspectorDOMAgent.h:
        * inspector/InspectorDOMDebuggerAgent.cpp:
        (WebCore::InspectorDOMDebuggerAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorDOMDebuggerAgent::willDestroyFrontendAndBackend):
        (WebCore::InspectorDOMDebuggerAgent::didInvalidateStyleAttr):
        (WebCore::InspectorDOMDebuggerAgent::willInsertDOMNode):
        (WebCore::InspectorDOMDebuggerAgent::willRemoveDOMNode):
        (WebCore::InspectorDOMDebuggerAgent::willModifyDOMAttr):
        (WebCore::InspectorDOMDebuggerAgent::pauseOnNativeEventIfNeeded):
        (WebCore::InspectorDOMDebuggerAgent::willSendXMLHttpRequest):
        * inspector/InspectorDOMDebuggerAgent.h:
        * inspector/InspectorDOMStorageAgent.cpp:
        (WebCore::InspectorDOMStorageAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorDOMStorageAgent::willDestroyFrontendAndBackend):
        * inspector/InspectorDOMStorageAgent.h:
        * inspector/InspectorDatabaseAgent.cpp:
        (WebCore::InspectorDatabaseAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorDatabaseAgent::willDestroyFrontendAndBackend):
        * inspector/InspectorDatabaseAgent.h:
        * inspector/InspectorDatabaseResource.cpp:
        (WebCore::InspectorDatabaseResource::bind):
        * inspector/InspectorDatabaseResource.h:
        * inspector/InspectorForwarding.h:
        * inspector/InspectorIndexedDBAgent.cpp:
        (WebCore::InspectorIndexedDBAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorIndexedDBAgent::willDestroyFrontendAndBackend):
        * inspector/InspectorIndexedDBAgent.h:
        * inspector/InspectorLayerTreeAgent.cpp:
        (WebCore::InspectorLayerTreeAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorLayerTreeAgent::willDestroyFrontendAndBackend):
        * inspector/InspectorLayerTreeAgent.h:
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorPageAgent::willDestroyFrontendAndBackend):
        (WebCore::InspectorPageAgent::getScriptExecutionStatus):
        * inspector/InspectorPageAgent.h:
        * inspector/InspectorReplayAgent.cpp:
        (WebCore::InspectorReplayAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorReplayAgent::willDestroyFrontendAndBackend):
        * inspector/InspectorReplayAgent.h:
        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorResourceAgent::willDestroyFrontendAndBackend):
        * inspector/InspectorResourceAgent.h:
        * inspector/InspectorStyleSheet.cpp:
        (WebCore::InspectorStyle::styleWithProperties):
        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorTimelineAgent::willDestroyFrontendAndBackend):
        * inspector/InspectorTimelineAgent.h:
        * inspector/InspectorWorkerAgent.cpp:
        (WebCore::InspectorWorkerAgent::WorkerFrontendChannel::WorkerFrontendChannel):
        (WebCore::InspectorWorkerAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorWorkerAgent::willDestroyFrontendAndBackend):
        * inspector/InspectorWorkerAgent.h:
        * inspector/PageRuntimeAgent.cpp:
        (WebCore::PageRuntimeAgent::didCreateFrontendAndBackend):
        (WebCore::PageRuntimeAgent::willDestroyFrontendAndBackend):
        * inspector/PageRuntimeAgent.h:
        * inspector/WorkerInspectorController.cpp:
        (WebCore::WorkerInspectorController::~WorkerInspectorController):
        (WebCore::WorkerInspectorController::connectFrontend):
        (WebCore::WorkerInspectorController::disconnectFrontend):
        * inspector/WorkerInspectorController.h:
        * inspector/WorkerRuntimeAgent.cpp:
        (WebCore::WorkerRuntimeAgent::didCreateFrontendAndBackend):
        (WebCore::WorkerRuntimeAgent::willDestroyFrontendAndBackend):
        * inspector/WorkerRuntimeAgent.h:
        * loader/EmptyClients.h:
        * page/PageDebuggable.cpp:
        (WebCore::PageDebuggable::connect):
        (WebCore::PageDebuggable::disconnect):
        * page/PageDebuggable.h:
        * testing/Internals.cpp:
        (WebCore::Internals::closeDummyInspectorFrontend):
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::disconnectFromInspector):

2015-02-14  David Kilzer  <ddkilzer@apple.com>

        REGRESSION (r180082): WebCore Debug builds fail on Mavericks due to weak export symbols
        <http://webkit.org/b/141607>

        Work towards fixing the Mavericks Debug build.

        * dom/Document.h:
        (WebCore::Document::setAnnotatedRegionsDirty):
        * dom/Event.h:
        (WebCore::Event::create):
        * dom/Node.h:
        (WebCore::Node::hasEditableStyle):
        * dom/Position.h:
        (WebCore::Position::Position):
        * editing/FrameSelection.h:
        (WebCore::DragCaretController::clear):
        * loader/ResourceLoader.h:
        (WebCore::ResourceLoader::originalRequest):
        - Do not mark inline methods for export.

2015-02-14  Alexey Proskuryakov  <ap@apple.com>

        rel="noreferrer" should make window.opener null
        https://bugs.webkit.org/show_bug.cgi?id=141579

        Reviewed by Darin Adler.

        Tests: http/tests/navigation/target-blank-opener-post.html
               http/tests/navigation/target-blank-opener.html

        We used to avoid passing window.opener policy by temporarily storing it in a FrameLoader
        member variable. This works for some clients - ones that invoke delegate callbacks
        synchronously - but not in the general case.

        So, changed to passing the policy explicitly.

        * WebCore.exp.in:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::FrameLoader):
        (WebCore::FrameLoader::urlSelected):
        (WebCore::FrameLoader::loadURLIntoChildFrame):
        (WebCore::FrameLoader::loadFrameRequest):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::load):
        (WebCore::FrameLoader::loadPostRequest):
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
        * loader/FrameLoader.h:
        (WebCore::FrameLoader::suppressOpenerInNewFrame): Deleted.
        * loader/FrameLoaderTypes.h:
        * loader/NavigationScheduler.cpp:
        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow):
        (WebCore::ContextMenuController::contextMenuItemSelected):

2015-02-14  David Kilzer  <ddkilzer@apple.com>

        REGRESSION (r180082): WebCore build on Mountain Lion fails due to weak export for i386
        <rdar://problem/19838127>

        * Configurations/WebCore.unexp: Add missing symbol.

2015-02-13  Chris Dumez  <cdumez@apple.com>

        RenderListItem resets its marker's style on style change even if the diff is StyleDifferenceEqual
        https://bugs.webkit.org/show_bug.cgi?id=141572
        <rdar://problem/19759818>

        Reviewed by Simon Fraser.

        Do not unnecessarily update the marker's style in RenderListItem::styleDidChange()
        if the RenderStyle diff is StyleDifferenceEqual. Doing so can cause unnecessary
        layouts.

        This was causing high cpu usage on
        http://www.nokogiri.org/tutorials/searching_a_xml_html_document.html because there
        is an animation that changes the style every second (but the diff is equal) and the
        RenderListItem keeps resetting its marker's margin, which triggers a layout and the
        RenderListMarker re-computes its margin during layout and updates its style again.

        With this change, CPU usage on the page goes from 150% to 20%. There is only a style
        recalc happening every second, no more relayouts and repaints.

        Test: fast/repaint/list-item-equal-style-change-no-repaint.html

        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::styleDidChange):

2015-02-13  Timothy Horton  <timothy_horton@apple.com>

        Make WebCore::IOSurface have single ownership instead of refcounting
        https://bugs.webkit.org/show_bug.cgi?id=141578

        Reviewed by Anders Carlsson.

        In the interests of making it harder to misuse and to make it more like
        ImageBuffer, our IOSurface wrapper should have single ownership.

        This will also allow future changes which depend on temporarily
        consuming an IOSurface to more easily enforce correct usage.

        * WebCore.exp.in:
        * platform/graphics/cg/IOSurfacePool.cpp:
        (WebCore::IOSurfacePool::takeSurface):
        (WebCore::IOSurfacePool::addSurface):
        (WebCore::IOSurfacePool::insertSurfaceIntoPool):
        (WebCore::IOSurfacePool::tryEvictInUseSurface):
        (WebCore::IOSurfacePool::tryEvictOldestCachedSurface):
        (WebCore::IOSurfacePool::collectInUseSurfaces):
        * platform/graphics/cg/IOSurfacePool.h:
        * platform/graphics/cocoa/IOSurface.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::create):
        (IOSurface::createFromSendRight):
        (IOSurface::createFromSurface):
        (IOSurface::createFromImage):
        Make IOSurface::create()s return a unique_ptr, and adjust everywhere.

2015-02-12  Enrica Casucci  <enrica@apple.com>

        Additional emoji group support.
        https://bugs.webkit.org/show_bug.cgi?id=141539
        rdar://problem/19727527

        Reviewed by Sam Weinig.

        Adding some new emoji ligatures.
        Updated existing test to include the new sequences.

        * platform/text/TextBreakIterator.cpp:
        (WebCore::cursorMovementIterator):
        * rendering/RenderText.cpp:
        (WebCore::isEmojiGroupCandidate):

2015-02-13  Alex Christensen  <achristensen@webkit.org>

        Really stop using export files.
        https://bugs.webkit.org/show_bug.cgi?id=141521

        Reviewed by Mark Rowe.

        * Configurations/WebCore.xcconfig:
        Don't use exported symbols files.
        * Configurations/WebCore.unexp:
        Added list of symbols not to export (needed by Xcode 5.0.2).

2015-02-13  Zalan Bujtas  <zalan@apple.com>

        Simplify ASSERT in lastRubyRun().
        https://bugs.webkit.org/show_bug.cgi?id=141574

        Reviewed by Daniel Bates.

        r180064 made some of the conditions in the ASSERT redundant.

        Covered by existing tests.

        * rendering/RenderRuby.cpp:
        (WebCore::lastRubyRun):

2015-02-13  Brent Fulgham  <bfulgham@apple.com>

        [Mac, iOS] Adjust pagination behavior for Mail.app printing use
        https://bugs.webkit.org/show_bug.cgi?id=141569
        <rdar://problem/14912763>

        Reviewed by Anders Carlsson.

        * page/Settings.in: Add new pagination setting flag.
        * rendering/RenderBlockFlow.cpp:
        (WebCore::messageContainerName): Added.
        (WebCore::needsPaginationQuirk): Added.
        (WebCore::RenderBlockFlow::adjustLinePositionForPagination): Don't move the message content
        div to a new page when using this special printing mode.

2015-02-13  Daniel Bates  <dabates@apple.com>

        [iOS] DumpRenderTree.app fails to link due to undefined classes
        <rdar://problem/19831228>

        Following r179945, DumpRenderTree.app fails to link due to undefined symbols:

        Undefined symbols for architecture x86_64:
          "_OBJC_CLASS_$_WebEvent", referenced from:
              objc-class-ref in libDumpRenderTree.a(EventSendingController.o)
          "_OBJC_CLASS_$_WebUndefined", referenced from:
              objc-class-ref in libDumpRenderTree.a(ObjCController.o)

        We need to export the classes WebScriptObject and WebEvent.

        * bindings/objc/WebScriptObject.h:
        * platform/ios/WebEvent.h:

2015-02-13  Andreas Kling  <akling@apple.com>

        CachedResource::clearLoader() should self-destruct if nothing else retains the CachedResource.
        <https://webkit.org/b/141568>
        <rdar://problem/19800310>

        Reviewed by Antti Koivisto.

        Anything that may cause CachedResource::canDelete() to return true must also make sure
        to call CachedResource::deleteIfPossible(), or we risk leaking the CachedResource.
        This is because CachedResource employs an extremely convoluted lifetime mechanism that
        depends on its presence in a number of collections, as well as internal counters and
        state.

        This is a speculative fix for a potential CachedResource leak that I'm not sure exists
        in practice, but let's be good citizens here.

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::clearLoader):

2015-02-13  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] Crash at WebCore::SourceBufferPrivateAVFObjC::didParseStreamDataAsAsset + 2357
        https://bugs.webkit.org/show_bug.cgi?id=141566
        rdar://problem/19826075

        Reviewed by Andreas Kling.

        Null check m_mediaSource before dereferencing.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::didParseStreamDataAsAsset):

2015-02-13  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r174761): Invalid cast in WebCore::lastRubyRun / WebCore::RenderRubyAsBlock::addChild
        https://bugs.webkit.org/show_bug.cgi?id=137929
        rdar://problem/18723492

        Reviewed by Chris Dumez.

        Ensure that the child renderer is a RenderRubyRun.

        Test: fast/ruby/crash-with-before-after-on-ruby.html

        * rendering/RenderRuby.cpp:
        (WebCore::lastRubyRun):

2015-02-13  Simon Fraser  <simon.fraser@apple.com>

        Crashes under RenderLayer::hitTestLayer under determinePrimarySnapshottedPlugIn()
        https://bugs.webkit.org/show_bug.cgi?id=141551

        Reviewed by Zalan Bujtas.
        
        It's possible for a layout to dirty the parent frame's state, via the calls to
        ownerElement()->scheduleSetNeedsStyleRecalc() that RenderLayerCompositor does when
        iframes toggle their compositing mode.
        
        That could cause FrameView::updateLayoutAndStyleIfNeededRecursive() to fail to 
        leave all the frames in a clean state. Later on, we could enter hit testing,
        which calls document().updateLayout() on each frame's document. Document::updateLayout()
        does layout on all ancestor documents, so in the middle of hit testing, we could
        layout a subframe (dirtying an ancestor frame), then layout another frame, which
        would forcing that ancestor to be laid out while we're hit testing it, thus
        corrupting the RenderLayer tree while it's being iterated over.
        
        Fix by having FrameView::updateLayoutAndStyleIfNeededRecursive() do a second
        layout after laying out subframes, which most of the time will be a no-op.
        
        Also add a stronger assertion, that this frame and all subframes are clean
        at the end of FrameView::updateLayoutAndStyleIfNeededRecursive() for the
        main frame.

        Various existing frames tests hit the new assertion if the code change is removed,
        so this is covered by existing tests.

        * page/FrameView.cpp:
        (WebCore::FrameView::needsStyleRecalcOrLayout):
        (WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive):
        * page/FrameView.h:
        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::willBeDestroyed):

2015-02-12  Simon Fraser  <simon.fraser@apple.com>

        determinePrimarySnapshottedPlugIn() should only traverse visible Frames
        https://bugs.webkit.org/show_bug.cgi?id=141547
        Part of rdar://problem/18445733.

        Reviewed by Anders Carlsson.

        There's an expectation from clients that FrameView::updateLayoutAndStyleIfNeededRecursive()
        updates layout in all frames, but it uses the widget tree, so only hits frames
        that are parented via renderers (i.e. not display:none frames or their descendants).
        
        Moving towards a future where we remove Widgets, fix by adding a FrameTree 
        traversal function that only finds rendered frames (those with an ownerRenderer).
        
        Not testable.

        * page/FrameTree.cpp:
        (WebCore::FrameTree::firstRenderedChild):
        (WebCore::FrameTree::nextRenderedSibling):
        (WebCore::FrameTree::traverseNextRendered):
        (printFrames):
        * page/FrameTree.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive):

2015-02-13  Alexey Proskuryakov  <ap@apple.com>

        TimerBase::m_heapInsertionOrder calculation is racy
        https://bugs.webkit.org/show_bug.cgi?id=141554

        Reviewed by Anders Carlsson.

        Use an atomic increment.

        * platform/Timer.cpp: (WebCore::TimerBase::setNextFireTime):

2015-02-13  Andreas Kling  <akling@apple.com>

        [iOS] Refine GC behavior in response to process suspension and memory pressure.
        <https://webkit.org/b/141543>
        <rdar://problem/19738024>

        Reviewed by Geoffrey Garen.

        Do an immediate full garbage collection when the web process is about to
        be suspended (when another tab is moving to the foreground on iOS.)
        This ensures that we make a best effort to reduce the process footprint
        before we lose the ability to execute code.

        When receiving a memory pressure warning, tell the garbage collector to
        accelerate its next collection (by calling garbageCollectSoon().)
        This gives us some confidence that a collection will happen within a
        reasonable timeframe, but doesn't risk dooming us to a loop of endless
        garbage collections.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::platformReleaseMemory):

2015-02-13  Antti Koivisto  <antti@apple.com>

        Add some RELEASE_ASSERTs to try to catch crashes in StyleResolver::loadPendingImages
        https://bugs.webkit.org/show_bug.cgi?id=141561

        Reviewed by Simon Fraser.

        One possibility is that loads triggered by loadPendingImages end up synchronously destroying or re-entering
        style resolver. Try to catch these in release builds.

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::~StyleResolver):
        (WebCore::StyleResolver::styleForElement):
        (WebCore::StyleResolver::styleForKeyframe):
        (WebCore::StyleResolver::styleForPage):
        (WebCore::StyleResolver::loadPendingImages):
        * css/StyleResolver.h:

2015-02-13  ChangSeok Oh  <changseok.oh@collabora.com>

        Div having contentEditable and display:grid cannot be edited if it is empty.
        https://bugs.webkit.org/show_bug.cgi?id=141465

        Reviewed by Ryosuke Niwa.

        This bug is quite similar to webkit.org/b/141218. RenderGrid should be also treated as a candidate
        for visible position as like RenderFlexibleBox. The only different situation between them is
        that RenderGrid has a bug setting "0px" for logicalHeight when it is empty. RenderGrid should also have
        a minimum height of a single line if it is editable as well as RenderFlexibleBox does.

        Test: fast/events/key-events-in-editable-gridbox.html

        * dom/Position.cpp:
        (WebCore::Position::isCandidate):
        (WebCore::Position::isRenderedCharacter):
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::layoutGridItems):

2015-02-12  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r176262): Invalid cast in WebCore`WebCore::RootInlineBox::selectionTop
        https://bugs.webkit.org/show_bug.cgi?id=138992

        Reviewed by Dave Hyatt.

        RenderRubyText requires the ancestor chain to be (RenderRubyAsInline | RenderRubyAsBlock) -> RenderRubyRun -> RenderRubyText.
        This patch ensures that we create RenderRubyText for an <rt> element only when
        the expected ancestor chain is guaranteed.

        Test: fast/ruby/crash-when-ruby-is-set-to-inline-block.html

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::createFor): treat inline-block <ruby> as block.
        * rendering/RenderObject.h:
        (WebCore::RenderObject::isRubyInline):
        (WebCore::RenderObject::isRubyBlock):
        (WebCore::RenderObject::isRuby): Deleted.
        * rendering/RenderRuby.cpp:
        (WebCore::isAnonymousRubyInlineBlock):
        * rendering/RenderRuby.h: add support for is<RenderRubyAsBlock>(renderer) and for is<RenderRubyAsInline>(renderer)
        The isRuby() method does not follow the is*() -> maps to one class pattern.
        (WebCore::isRuby):
        * rendering/RenderRubyRun.cpp:
        (WebCore::RenderRubyRun::addChild):
        (WebCore::RenderRubyRun::staticCreateRubyRun):

2015-02-13  Csaba Osztrogonac  <ossy@webkit.org>

        Fix the gperf related build issue on the WinCairo bot
        https://bugs.webkit.org/show_bug.cgi?id=141507

        Reviewed by Alex Christensen.

        * platform/ColorData.gperf: Modified property svn:eol-style.

2015-02-13  Csaba Osztrogonác  <ossy@webkit.org>

        Unreviewed, remove empty directories.

        * loader/icon/wince: Removed.
        * platform/graphics/wince: Removed.
        * storage/wince: Removed.

2015-02-12  Timothy Horton  <timothy_horton@apple.com>

        Crashes under detectItemAroundHitTestResult when DataDetectors is not available
        https://bugs.webkit.org/show_bug.cgi?id=141549
        <rdar://problem/19180955>

        Reviewed by Dan Bernstein.

        * editing/mac/DataDetection.mm:
        (WebCore::DataDetection::detectItemAroundHitTestResult):
        Bail out from data detection if either of the relevant frameworks aren't loaded.

2015-02-12  Dean Jackson  <dino@apple.com>

        [iOS Media] Audio should hide timeline scrubber until playback starts
        https://bugs.webkit.org/show_bug.cgi?id=141542
        <rdar://problem/19820685>

        Reviewed by Eric Carlson.

        We regressed from the system behaviour in iOS 7, where the timeline
        scrubber for an audio element is not shown until the user starts
        playback.

        * Modules/mediacontrols/mediaControlsiOS.css:
        (video::-webkit-media-controls-panel): Fix the alignment of the flexbox.
        (audio::-webkit-media-controls-status-display): Add the style for the status display.
        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.configureInlineControls): Start hidden if we are an <audio>.
        (ControllerIOS.prototype.configureFullScreenControls): Drive by comment change.
        (ControllerIOS.prototype.setPlaying): Unhide the timeline.

2015-02-12  Chris Dumez  <cdumez@apple.com>

        Drop the quirks-mode exception for CSS MIME types
        https://bugs.webkit.org/show_bug.cgi?id=141501

        Reviewed by Alexey Proskuryakov.

        Drop the quirks-mode exception for CSS MIME types.
        This matches Firefox's behavior.

        This patch is based on the following Blink revision:
        http://src.chromium.org/viewvc/blink?view=revision&revision=189669

        Tests:
        - http/tests/misc/css-accept-any-type.html
        - http/tests/security/cross-origin-css.html

        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::parseAuthorStyleSheet):
        * dom/ProcessingInstruction.cpp:
        (WebCore::ProcessingInstruction::setCSSStyleSheet):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::cachedResourceContent):
        * loader/cache/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::sheetText):
        (WebCore::CachedCSSStyleSheet::canUseSheet):
        * loader/cache/CachedCSSStyleSheet.h:

2015-02-12  Beth Dakin  <bdakin@apple.com>

        REGRESSION: Should not send wheel events with a delta of 0
        https://bugs.webkit.org/show_bug.cgi?id=141537
        -and corresponding-
        rdar://problem/18903118

        Reviewed by Simon Fraser.

        This code should not have been removed entirely to accommodate rubber-banding, it 
        just needs to return false instead of true in order to allow the MayBegin and 
        Ended phases to be handled by the ElasticityController.
        * dom/Element.cpp:
        (WebCore::Element::dispatchWheelEvent):

2015-02-12  Dean Jackson  <dino@apple.com>

        [iOS Media] Implement 3-style media timeline (buffered, played, unavailable)
        https://bugs.webkit.org/show_bug.cgi?id=141526
        <rdar://problem/19603337>

        Reviewed by Eric Carlson and Antoine Quint.

        Implement a 3-style media scrubber for iOS. This draws white for
        the region that has been played (before the playhead), black
        for the region that is buffered, and is hollow for the rest.

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.updateProgress): Update progress is now completely
        shared between OS X and iOS. This calls the implementation specific
        drawTimelineBackground.
        (Controller.prototype.drawTimelineBackground): Move the OS X code to here.
        * Modules/mediacontrols/mediaControlsiOS.css:
        (audio::-webkit-media-controls-timeline): New styles for the timeline. Updated thumb image, etc.
        (video::-webkit-media-controls-timeline::-webkit-slider-runnable-track):
        (audio::-webkit-media-controls-timeline::-webkit-slider-thumb):
        (audio::-webkit-media-controls-timeline::-webkit-slider-thumb:active):
        (video::-webkit-media-controls-time-remaining-display):
        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS): Create a globally unique canvas context name in the constructor.
        (ControllerIOS.prototype.createControls): Set the background of the timeline to a canvas.
        (ControllerIOS.prototype.addRoundedRect): Helper function.
        (ControllerIOS.prototype.drawTimelineBackground): Draw the 3-style content.
        (ControllerIOS.prototype.updateProgress): Deleted.

2015-02-12  Daniel Bates  <dabates@apple.com>

        Fix some Mac linker warnings
        https://bugs.webkit.org/show_bug.cgi?id=141522

        Reviewed by Alex Christensen.

        Following <https://trac.webkit.org/changeset/179945>, the linker warns about the following hidden WebCore symbols:
        
        ld: warning: cannot export hidden symbol __ZN7WebCore20LogNotYetImplementedE from /.../OpenSource/WebKitBuild/WebCore.build/Debug/WebCore.build/Objects-normal/x86_64/Logging.o
        ld: warning: cannot export hidden symbol _wkCreateURLPasteboardFlavorTypeName from /.../OpenSource/WebKitBuild/WebCore.build/Debug/WebCore.build/Objects-normal/x86_64/WebCoreSystemInterface.o
        ld: warning: cannot export hidden symbol _wkCreateURLNPasteboardFlavorTypeName from /.../OpenSource/WebKitBuild/WebCore.build/Debug/WebCore.build/Objects-normal/x86_64/WebCoreSystemInterface.o

        * WebCore.exp.in: Remove symbols for functions wkCreateURLPasteboardFlavorTypeName and wkCreateURLNPasteboardFlavorTypeName.
        * platform/Logging.h: Export WTFLogChannel for LogNotYetImplemented, which is referenced from
        notImplementedLoggingChannel() in file NotImplemented.cpp. We make use of the associated
        header, NotImplemented.h, in both WebKit and WebKit2.
        * platform/mac/WebCoreSystemInterface.mm: Remove declarations for functions
        wkCreateURLPasteboardFlavorTypeName and wkCreateURLNPasteboardFlavorTypeName that
        were inadvertently not removed in r25494.

2015-02-12  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Crash inspecting styles of element with mutated stylesheet
        https://bugs.webkit.org/show_bug.cgi?id=141451

        Reviewed by Timothy Hatcher.

        Test: inspector/css/stylesheet-with-mutations.html

        * css/CSSStyleSheet.h:
        * css/CSSStyleSheet.cpp:
        (WebCore::CSSStyleSheet::CSSStyleSheet):
        (WebCore::CSSStyleSheet::didMutateRules):
        Keep a flag on the CSSStyleSheet to know when it has had a rule
        mutation from the contents.

        * inspector/InspectorStyleSheet.h:
        * inspector/InspectorStyleSheet.cpp:
        (WebCore::InspectorStyleSheet::reparseStyleSheet):
        When completely replacing the stylesheet's contents, we will have
        destroyed any previous rules, so clear the has mutations flag.

        (WebCore::selectorsFromSource):
        Previously there was a mismatch between the rules the parsed
        SourceData had, and the actual CSSSelectors we were iterating.
        We use the SourceData so we can get the exact user authored
        text instead of generated longhands from actualy selector objects.
        Add an ASSERT and bail to catch and more gracefully handle
        any possible mismatches in the future.

        (WebCore::InspectorStyleSheet::styleSheetMutated):
        (WebCore::InspectorStyleSheet::ensureParsedDataReady):
        When a CSSStyleSheet has been mutated beyond the inspector's
        knowledge right now, fall back to readonly generated selectors.
        We should better handle this in the future:
        <https://webkit.org/b/141450> Web Inspector: Better support for CSSOM StyleSheet mutations (insertRule/deleteRule)

2015-02-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r179987.
        https://bugs.webkit.org/show_bug.cgi?id=141525

        caused debug tests to fail (Requested by alexchristensen on
        #webkit).

        Reverted changeset:

        "[CSS Grid Layout] Invalid initialization of track sizes with
        non spanning grid items"
        https://bugs.webkit.org/show_bug.cgi?id=140763
        http://trac.webkit.org/changeset/179987

2015-02-12  Brian J. Burg  <burg@cs.washington.edu>

        REGRESSION(r178060): empty arguments are passed when logging to system console
        https://bugs.webkit.org/show_bug.cgi?id=141511

        Reviewed by Timothy Hatcher.

        * page/PageConsoleClient.cpp:
        (WebCore::PageConsoleClient::messageWithTypeAndLevel): Change premature move to copyRef.

2015-02-12  Alex Christensen  <achristensen@webkit.org>

        [Win] Unreviewed debug build fix after r179980.

        * svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::currentViewportSize):
        Explicitly call constructor.

2015-01-23  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] Invalid initialization of track sizes with non spanning grid items
        https://bugs.webkit.org/show_bug.cgi?id=140763

        Reviewed by Antti Koivisto.

        Content sized tracks with non-spanning grid items were not
        properly sized because the growth limit was sometimes infinity
        (-1) after calling resolveContentBasedTrackSizingFunctions() when
        it should not. This patch adds an special initialization phase for
        non-spanning grid items as the new track sizing algorithm
        describes.

        Granted, that was handled in the old algorithm in
        distributeSpaceToTracks() as a special case. The problem is that
        it regressed after the optimization added in r173868 because that
        method is no longer called when the space to distribute is 0.

        That's why we could fix this by allowing calls to
        distributeSpaceToTracks() with spaceToDistribute>=0 but by fixing
        it with an explicit initialization our implementation becomes
        closer to the new algorithm and the initialization is now explicit
        in the code instead of a side effect of calling
        distributeSpaceToTracks() with no space to be distributed. It also
        brings a slight performance improvement as we save sorts and hash
        lookups.

        I also took the change to add caching to several GridTrackSize
        methods that were hot on the profiler (each one accounted for ~1%
        of the total time, now they account for ~0.3% each).

        Test: fast/css-grid-layout/grid-initialize-span-one-items.html

        * rendering/RenderGrid.cpp:
        (WebCore::GridItemWithSpan::span): New helper method for ASSERTs.
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
        Exclude non spanning grid items from the calls to
        resolveContentBasedTrackSizingFunctionsForItems().
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
        New method to resolve track sizes only using non-spanning grid
        items.
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
        Ensure that it isn't called for non-spanning grid items.
        * rendering/RenderGrid.h:
        * rendering/style/GridTrackSize.h:
        (WebCore::GridTrackSize::GridTrackSize): Cache return values.
        (WebCore::GridTrackSize::setLength): Ditto.
        (WebCore::GridTrackSize::setMinMax): Ditto.
        (WebCore::GridTrackSize::cacheMinMaxTrackBreadthTypes): New method
        that caches the return values for hasXXXTrackBreadth() methods.
        (WebCore::GridTrackSize::hasMinOrMaxContentMinTrackBreadth): Use
        the cached return value.
        (WebCore::GridTrackSize::hasMaxContentMaxTrackBreadth): Ditto.
        (WebCore::GridTrackSize::hasMinContentMaxTrackBreadth): Ditto.
        (WebCore::GridTrackSize::hasMinOrMaxContentMaxTrackBreadth): Ditto.
        (WebCore::GridTrackSize::hasMaxContentMinTrackBreadth): Ditto.
        (WebCore::GridTrackSize::hasMinContentMinTrackBreadth): Ditto.
        (WebCore::GridTrackSize::hasMinContentMinTrackBreadthAndMinOrMaxContentMaxTrackBreadth):
        Ditto.
        (WebCore::GridTrackSize::hasMaxContentMinTrackBreadthAndMaxContentMaxTrackBreadth):
        Ditto.

2015-02-12  Zan Dobersek  <zdobersek@igalia.com>

        Remove the USE(ACCELERATED_COMPOSITING) guard from the
        MediaPlayerPrivateGStreamerBase destructor.

        The guard was removed in r163079. It was still defined through CMake
        for the EFL and GTK ports when the guarded code was introduced in
        r172828. In r171741 the macro was finally removed for the GTK and EFL
        ports as well, but the guards for the affected code weren't updated
        so TextureMapperPlatformLayer::Client::platformLayerWillBeDestroyed()
        wasn't being called anymore.

        Rubber-stamped by Philippe Normand.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):

2015-02-11  Darin Adler  <darin@apple.com>

        Streamline and simplify SVGSVGElement and related classes
        https://bugs.webkit.org/show_bug.cgi?id=141463

        Reviewed by Antti Koivisto.

        * dom/Document.cpp: Removed unneeded include of SVGSVGElement.h.
        * loader/FrameLoader.cpp: Ditto.
        * rendering/RenderBoxModelObject.cpp: Ditto.
        * rendering/svg/RenderSVGForeignObject.cpp: Ditto.
        * svg/SVGImageElement.cpp: Ditto.
        * svg/SVGMarkerElement.cpp: Ditto.
        * svg/SVGPathElement.cpp: Ditto.
        * svg/SVGPatternElement.cpp: Ditto.
        * svg/SVGTransform.cpp: Ditto.

        * page/FrameView.cpp:
        (WebCore::FrameView::scrollToAnchor): Updated to call the SVGSVGElement function
        named scrollToAnchor (was setupInitialView). Also refactored to avoid repeating
        the expression frame().document() so often.

        * platform/graphics/FloatSize.h: Added operator/.

        * svg/SVGDocument.cpp:
        (WebCore::SVGDocument::rootElement): Rearranged to use early return.
        (WebCore::SVGDocument::zoomAndPanEnabled): Ditto.
        (WebCore::SVGDocument::startPan): Ditto. Also used FloatPoint math instead
        of breaking things apart into x and y.
        (WebCore::SVGDocument::updatePan): Ditto.

        * svg/SVGDocument.h: Removed some unneeded includes and forward declarations.
        Moved function bodies out of the class to make it more readable. Renamed
        m_translate to m_panningOffset and made it a FloatSize instead of FloatPoint.

        * svg/SVGDocumentExtensions.cpp:
        (WebCore::SVGDocumentExtensions::startAnimations): Use a modern for loop
        and update since timeContainer() now returns a reference.

        * svg/SVGSVGElement.cpp: Removed many unneeded includes.
        (WebCore::SVGSVGElement::SVGSVGElement): Moved initialization of scalars to
        the class definition. Updated since m_timerContainer is a Ref (later should
        change it to be a std::unique_ptr or just directly contained in SVGSVGElement).
        (WebCore::SVGSVGElement::~SVGSVGElement): Removed comment that doesn't say much,
        but is worded in a confusing way.
        (WebCore::SVGSVGElement::contentScriptType): Use NeverDestroyed instead of
        DEPRECATED_DEFINE_STATIC_LOCAL.
        (WebCore::SVGSVGElement::contentStyleType): Ditto.
        (WebCore::SVGSVGElement::viewport): Streamlined a bit.
        (WebCore::SVGSVGElement::pixelUnitToMillimeterX): Ditto.
        (WebCore::SVGSVGElement::pixelUnitToMillimeterY): Ditto.
        (WebCore::SVGSVGElement::currentView): Changed to return a reference.
        (WebCore::SVGSVGElement::frameForCurrentScale): Added. Helper for the two
        functions below.
        (WebCore::SVGSVGElement::currentScale): Updated to use frameForCurrentScale.
        (WebCore::SVGSVGElement::setCurrentScale): Ditto.
        (WebCore::SVGSVGElement::setCurrentTranslate): Optimized the case where there
        is no change to the translation. Also changed the data member's name to
        m_currentTranslate to more directly match the DOM API naming.
        (WebCore::SVGSVGElement::parseAttribute): Simplified the parsing a bit, and
        changed to pass a reference to SVGZoomAndPan::parseAttribute.
        (WebCore::SVGSVGElement::svgAttributeChanged): Tweaked formatting and removed
        code that converts the renderer pointer to a RenderObject* unnecessarily.
        (WebCore::SVGSVGElement::suspendRedraw): Removed FIXME about implementing this,
        since we don't really plan to do that.
        (WebCore::SVGSVGElement::unsuspendRedraw): Ditto.
        (WebCore::SVGSVGElement::unsuspendRedrawAll): Ditto.
        (WebCore::SVGSVGElement::forceRedraw): Ditto.
        (WebCore::SVGSVGElement::collectIntersectionOrEnclosureList): Changed return
        type to Ref, and pass in a function instead of an enumeration value.
        (WebCore::SVGSVGElement::getIntersectionList): Updated for above.
        (WebCore::SVGSVGElement::getEnclosureList): Ditto.
        (WebCore::SVGSVGElement::checkIntersection): Use && instead of early return
        for the null check.
        (WebCore::SVGSVGElement::checkEnclosure): Ditto.
        (WebCore::SVGSVGElement::createSVGLength): Use initialization list syntax
        for greater brevity.
        (WebCore::SVGSVGElement::createSVGAngle): Ditto.
        (WebCore::SVGSVGElement::createSVGPoint): Ditto.
        (WebCore::SVGSVGElement::createSVGMatrix): Ditto.
        (WebCore::SVGSVGElement::createSVGRect): Ditto.
        (WebCore::SVGSVGElement::createSVGTransform): Removed unneeded explicit
        constructor invocation.
        (WebCore::SVGSVGElement::createSVGTransformFromMatrix): Removed unneeded cast.
        (WebCore::SVGSVGElement::insertedInto): Updated since timeContainer() now
        returns a reference.
        (WebCore::SVGSVGElement::setCurrentTime): Use isfinite instead of isnan, so
        we won't store infinity as the current time.
        (WebCore::SVGSVGElement::currentViewBoxRect): Renamed locals and changed
        to use initializer lists for brevity.
        (WebCore::SVGSVGElement::currentViewportSize): Streamlined code by using
        initializer lists, using local variables only for things used more than once,
        and using the / operator defined above.
        (WebCore::SVGSVGElement::viewBoxToViewTransform): Use the concatenate function
        in a way that is more straightforward, rather than doing it with a temporary.
        (WebCore::SVGSVGElement::scrollToAnchor): Renamed this from
        setupInitialView.
        (WebCore::SVGSVGElement::inheritViewAttributes): Changed this to work with
        references rather than pointers.
        (WebCore::SVGSVGElement::getElementById): Use getAllElementsById as the
        FIXME comment suggested for better efficiency when there are a lot of descendants
        of the <svg> element at the cost of making it less efficient if there are
        a lot of elements all with the desired ID, but not inside the <svg> element.
        (WebCore::SVGSVGElement::isValid): Moved here from the header.

        * svg/SVGSVGElement.h: Removed unneeded forward declarations. Moved the
        animated properties to the top of the file, then other DOM, the other
        public members. Changed return types to references and Ref. Moved
        function bodies out of the class definition. Made createSVGNumber inline.

        * svg/SVGViewElement.cpp: Removed unneeded includes.
        (WebCore::SVGViewElement::isSupportedAttribute): Deleted.
        (WebCore::SVGViewElement::parseAttribute): Changed to not rely on
        isSupportedAttribute. Eventually I will do this in all the SVG classes.

        * svg/SVGViewSpec.cpp: Removed unneeded include of SVGSVGElement.h.
        (WebCore::SVGViewSpec::parseViewSpec): Updated for change in the name
        of the parse function in the SVGZoomAndPan class.

        * svg/SVGZoomAndPan.cpp:
        (WebCore::SVGZoomAndPan::isKnownAttribute): Deleted.
        (WebCore::SVGZoomAndPan::addSupportedAttributes): Deleted.
        (WebCore::SVGZoomAndPan::parse): Renamed from parseZoomAndPan since
        this is a member of the SVGZoomAndPan class and also has an argument
        of SVGZoomAndPanType.
        (WebCore::SVGZoomAndPan::parseAttributeValue): Added. Helper so the
        template function is not so big. Also write it in a simpler way.
        (WebCore::SVGZoomAndPan::ref): Deleted.
        (WebCore::SVGZoomAndPan::deref): Deleted.
        (WebCore::SVGZoomAndPan::setZoomAndPan): Deleted.

        * svg/SVGZoomAndPan.h: Removed unneeded includes. Reformatted the enum.
        Moved function bodies out of the class definition. Removed many unneeded
        functions.

        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::insertedInto): Updated since timeContainer
        now returns a reference rather than a pointer.

2015-02-11  Darin Adler  <darin@apple.com>

        SVGUseElement follow-up improvements
        https://bugs.webkit.org/show_bug.cgi?id=141382

        Reviewed by Antti Koivisto.

        * loader/cache/CachedSVGDocumentClient.h: Removed unneeded forward declaration.

        * page/EventHandler.cpp: Removed unneeded include of SVGUseElement.h.
        * rendering/svg/RenderSVGViewportContainer.cpp: Ditto.

        * svg/SVGDocumentExtensions.cpp:
        (WebCore::SVGDocumentExtensions::clearTargetDependencies): Removed too-specific
        check that assumed that SVG elements in shadow trees are always for <use> elements.
        This amounted to an unneeded optimization that could be removed with no bad effect.

        * svg/SVGElement.cpp:
        (WebCore::SVGElement::correspondingElement): Removed the assertions so this could
        be used more freely outside of cases where the shadow tree state is fully consistent.
        It's fine to have this just be a mechanical getter; there's nothing super-tricky
        here that needs to be caught by the assertion.
        (WebCore::SVGElement::title): Removed unneeded special handling for titles inside
        the shadow tree.

        * svg/SVGGElement.cpp:
        (WebCore::SVGGElement::create): Added an overload that doesn't require explicitly
        passing in the tag name.
        * svg/SVGGElement.h: Ditto.
        * svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::create): Ditto.
        * svg/SVGSVGElement.h: Ditto.

        * svg/SVGUseElement.cpp: Removed a lot of unneeded includes.
        (WebCore::SVGUseElement::SVGUseElement): Removed code to initialize some booleans.
        We do that in the class definition now.
        (WebCore::SVGUseElement::create): Removed the code that calls the
        ensureUserAgentShadowRoot function unconditionally. That's properly done when
        needed; no need to do it here.
        (WebCore::SVGUseElement::~SVGUseElement): Removed unneeded code to destroy the
        shadow tree (that happens automatically) and simplified the code to stop loading
        the external document.
        (WebCore::SVGUseElement::isSupportedAttribute): Deleted.
        (WebCore::SVGUseElement::parseAttribute): Simplified this. Removed assumptions
        about the intersection of various sets of attributes, and also removed the
        isSupportedAttribute function. This seems to serve no purpose here, or in any
        other SVG element class. I plan to remove it everywhere over time.
        (WebCore::isWellFormedDocument): Deleted.
        (WebCore::SVGUseElement::insertedInto): Simplified code by removing all the
        special cases during initial parsing, and did the invalidation here rather than
        deferring it to didNotifySubtreeInsertions. Added a call to the new function,
        updateExternalDocument, since that won't do anything when the element is not
        in a document.
        (WebCore::SVGUseElement::didNotifySubtreeInsertions): Deleted.
        (WebCore::SVGUseElement::removedFrom): Added code to call clearShadowTree and
        updateExternalDocument. Both are efficient when doing nothing, and both are
        appropriate since the element is no longer in a document.
        (WebCore::SVGUseElement::referencedDocument): Deleted. No longer needed.
        (WebCore::SVGUseElement::externalDocument): Streamlined the logic here, removing
        multiple unneeded checks.
        (WebCore::SVGUseElement::transferSizeAttributesToTargetClone): Renamed since
        "target clone" is clear enough within this class, without explicitly stating
        "shadow tree". All the clones are in the shadow tree.
        (WebCore::SVGUseElement::svgAttributeChanged): Removed unneeded code calling
        isSupportedAttribute. Changed the code that detects changes in href to just
        call updateExternalDocument (for the document URL) and invalidateShadowTree
        (for the fragment). Also updated the transferSizeAttributesToTargetClone logic
        to only trigger on width and height and updated names.
        (WebCore::SVGUseElement::willAttachRenderers): Updated for the new name of
        m_shouldRebuildShadowTree and added a call through to the base class.
        (WebCore::createAllowedElementSet): Added. A more efficient way to implement
        the initialization of the set for isDisallowedElement.
        (WebCore::isDisallowedElement): Simplified this by using the function above,
        and also overloaded for both SVGElement and Element for a tiny efficiency boost.
        (WebCore::SVGUseElement::clearShadowTree): Renamed form clearResourceReferences.
        This is a much more straightforward name. Also deleted the code that sets the
        m_needsShadowTreeRecreation flag to false. That should be done by the build
        function, not here.
        (WebCore::SVGUseElement::buildPendingResource): Made this just invalidate the
        shadow tree now instead of explicitly building it.
        (WebCore::SVGUseElement::updateShadowTree): Moved the code to create a shadow
        tree here from buildPendingResource. ALso changed the logic so that we
        always blow away the old shadow tree. Moved the comment about rebuilding things
        every time here. Updated the code to use the findTarget and cloneTarget functions,
        eliminating the buildShadowTree function entirely. Moved the call to
        transferSizeAttributesToShadowTreeTargetClone inside cloneTarget. Also updated
        for the name change for m_shouldRebuildShadowTree.
        (WebCore::SVGUseElement::targetClone): Renamed from shadowTreeTargetClone.
        No need to emphasize "shadow tree" since that's where all clones are.
        (WebCore::isDirectReference): Streamlined a bit using "using namespace".
        (WebCore::SVGUseElement::toClipPath): Rewrote to use early return and updated
        for name changes. Also used ASCIILiteral.
        (WebCore::SVGUseElement::rendererClipChild): Changed local variable names.
        (WebCore::removeDisallowedElementsFromSubtree): Wrote the iteration in a
        slightly more idiomatic style.
        (WebCore::SVGUseElement::findTarget): Added. This new function implements
        the rule for finding a valid target for a use element. This replaces logic
        that was duplicated in two different places and it also includes all the
        rules that were formerly in the isValidTarget function. Also, this implements
        a correct check for a cycle that handles cases the code in isValidTarget did not.
        (WebCore::SVGUseElement::isValidTarget): Deleted.
        (WebCore::SVGUseElement::cloneTarget): Added. Helper function used both when
        cloning the target of the top level <use> elements and for other <use> elements
        inside the shadow tree.
        (WebCore::cloneDataAndChildren): Added. Helper function that allows both the
        <use> and <symbol> element expanding functions to be shorter and share more code.
        (WebCore::SVGUseElement::expandUseElementsInShadowTree): Removed unneeded checks
        of cachedDocumentIsStillLoading. Used the new findTarget function, which handles
        finding the target cross-document correctly. Removed the incorrect use of
        referencedDocument when creating new elements and finding targets. Refactored
        to use the new cloneDataAndChildren function and also moved the code that removes
        the special attributes here, replacing the transferAttributesToShadowTreeReplacement
        function. Made a few other simplifications.
        (WebCore::SVGUseElement::expandSymbolElementsInShadowTree): Ditto, just like the
        <use> changes only simpler.
        (WebCore::SVGUseElement::transferEventListenersToShadowTree): Made this const.
        Removed unneeded assertions.
        (WebCore::SVGUseElement::invalidateShadowTree): Updated for name change.
        (WebCore::SVGUseElement::invalidateDependentShadowTrees): Removed assertion.
        (WebCore::SVGUseElement::transferAttributesToShadowTreeReplacement): Deleted.
        (WebCore::SVGUseElement::selfHasRelativeLengths): Tweaked names.
        (WebCore::SVGUseElement::notifyFinished): Removed the inDocument check, since
        this function will only be called for elements that are in a document.
        (WebCore::SVGUseElement::cachedDocumentIsStillLoading): Deleted.
        (WebCore::SVGUseElement::finishParsingChildren): Removed the code that calls
        buildPendingResource here. Shadow tree updating is driven solely by renderer
        generation now.
        (WebCore::SVGUseElement::updateExternalDocument): Replaced setCachedDocument
        with this. This function knows how to load a different document if the URL
        has changed, or leave it alone if not, and also stop the load if it should.
        (WebCore::SVGUseElement::isValid): Moved this here from the header, since it's
        always being called virtually.
        (WebCore::SVGUseElement::haveLoadedRequiredResources): Ditto.
        (WebCore::SVGUseElement::setHaveFiredLoadEvent): Ditto.
        (WebCore::SVGUseElement::haveFiredLoadEvent): Ditto.
        (WebCore::SVGUseElement::svgLoadEventTimer): Ditto.

        * svg/SVGUseElement.h: Removed unneeded include. Moved the animated properties
        to the top of the class because they are public DOM API and so are logical to
        list first. I'd like to do that for other classes too over time. Changed to
        derive privately from CachedSVGDocumentClient. Made the function
        invalidateDependentShadowTrees private. Removed didNotifySubtreeInsertions,
        isSupportedAttribute, clearResourceReferences, buildShadowTree,
        transferAttributesToShadowTreeReplacement, isParserInserted, and
        m_wasInsertedByParser. Added updateExternalDocument, cloneTarget, targetClone,
        updateShadowTree, and clearShadowTree. Also did a couple other renames,
        including renaming m_cachedDocument to m_externalDocument.

        * svg/svgtags.in: Removed constructorNeedsCreatedByParser from the <use>
        element since we don't have to handle constructing by the parser specially.

2015-02-11  Dhi Aurrahman  <diorahman@rockybars.com>

        CSS selector JIT compilation support for :lang()
        https://bugs.webkit.org/show_bug.cgi?id=140818

        Reviewed by Benjamin Poulain.

        Add the JIT support for :lang(), to ensure :lang() no longer force the engine to
        the slow path.

        Test: fast/selectors/lang-chained-multiple.html

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoClassType):
        Get rid of the FunctionType::CannotCompile
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsInLanguage):

2015-02-11  Alex Christensen  <achristensen@webkit.org>

        Fix more weak external symbol errors.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        * page/make_settings.pl:
        (printGetterAndSetter):
        Remove some WEBCORE_EXPORT macros.

2015-02-11  Alex Christensen  <achristensen@webkit.org>

        Do not export functions defined in headers.
        This prevents weak external symbol errors in some configurations.

        * dom/Range.h:
        (WebCore::Range::startContainer):
        (WebCore::Range::startOffset):
        (WebCore::Range::endContainer):
        (WebCore::Range::endOffset):
        * inspector/InspectorController.h:
        * page/Settings.h:
        (WebCore::Settings::setMediaKeysStorageDirectory):
        * page/make_settings.pl:
        (printGetterAndSetter):
        * platform/network/cocoa/ProtectionSpaceCocoa.h:
        (WebCore::ProtectionSpace::encodingRequiresPlatformData):
        * platform/text/TextEncoding.h:
        (WebCore::TextEncoding::decode):
        Removed WEBCORE_EXPORT macros.

2015-02-11  Chris Dumez  <cdumez@apple.com>

        [WK2] Add logging to validate the network cache efficacy (Part 2)
        https://bugs.webkit.org/show_bug.cgi?id=141345
        <rdar://problem/19632080>

        Reviewed by Sam Weinig.

        Add a few more diagnostic logging keys for the network cache efficacy
        logging.

2015-02-11  Sam Weinig  <sam@webkit.org>

        REGRESSION(r179166): Crash when accessing document.dir on a document with no elements
        <rdar://problem/19804351>
        https://bugs.webkit.org/show_bug.cgi?id=141480

        Reviewed by Chris Dumez.

        Test: fast/dom/document-dir-empty-document-crash.html

        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::dir):
        Don't unnecessarily dereference the documentElement. is<HTMLHtmlElement>() will handle null just fine.

2015-02-11  Mark Rowe  <mrowe@apple.com>

        <https://webkit.org/b/141492> extract-localizable-strings.pl shouldn't update the target file if the contents haven't changed

        Avoid updating the target file if the contents haven't changed. This prevents Xcode from copying the identical
        file into the framework and resigning it, which avoids the resulting relinking of all targets that depend on
        the framework.

        Reviewed by Dan Bernstein.

        * extract-localizable-strings.pl: Write our output to a temporary file. If the output differs from the
        existing contents of the target file, move the temporary file over the target file. Otherwise, delete
        the temporary file.

2015-02-11  Chris Dumez  <cdumez@apple.com>

        Turn recent assertions into release assertions to help track down crash in DocumentLoader::stopLoadingForPolicyChange()
        https://bugs.webkit.org/show_bug.cgi?id=141484
        <rdar://problem/13811738>

        Reviewed by Andy Estes.

        Turn recent assertions into release assertions to help track down crash in
        DocumentLoader::stopLoadingForPolicyChange(). This should increase the
        likelyhood of tripping them so that we better understand why this happens.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::~DocumentLoader):
        (WebCore::DocumentLoader::detachFromFrame):

2015-02-11  Jer Noble  <jer.noble@apple.com>

        [MSE] SampleMap::addRange() returns an inverted iterator_range, possibly causing a crash when that iterator_range is traversed.
        https://bugs.webkit.org/show_bug.cgi?id=141479
        rdar://problem/19067597

        Reviewed by Chris Dumez.

        When looking backwards through a presentationOrder map to find samples, we then reverse our iterators
        and put them in an iterator_range to return to the caller. But in addition to reversing the iterators
        themselves, we also need to put them in the iterator_range in reverse order, so that when the caller
        iterates from iterator_range.first -> iterator_range.second, they don't end up off the end of the
        the underlying storage.

        * Modules/mediasource/SampleMap.cpp:
        (WebCore::PresentationOrderSampleMap::findSamplesWithinPresentationRangeFromEnd):

2015-02-11  Simon Fraser  <simon.fraser@apple.com>

        Improve the showFrameTree() output slightly
        https://bugs.webkit.org/show_bug.cgi?id=141482

        Reviewed by Zalan Bujtas.

        Have showFrameTree() show the Frame's RenderView so it can be correlated with
        layer dumps, and show styleRecalc and needsLayout state.

        * page/FrameTree.cpp:
        (printFrames):
        * page/FrameView.cpp:
        (WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive): Add an explanatory
        comment about why we don't walk the Frame tree.

2015-02-11  Alex Christensen  <achristensen@webkit.org>

        Stop using WebCore.exp.in on Mac and iOS.
        https://bugs.webkit.org/show_bug.cgi?id=141413

        Reviewed by Dan Bates.

        * Configurations/Base.xcconfig:
        Make symbols hidden by default unless exported by WEBCORE_EXPORT macros.
        * platform/PlatformExportMacros.h:
        Start using WEBCORE_EXPORT on Mac and iOS (but not Windows yet).

2015-02-11  ChangSeok Oh  <changseok.oh@collabora.com>

        Div having contentEditable and display:flex cannot be edited if it is empty.
        https://bugs.webkit.org/show_bug.cgi?id=141218

        Reviewed by Ryosuke Niwa.

        RenderFlexibleBox should be treated as a candidate for visible position. Visible selection
        in an editable area is recalculated whenever an inner value of div is changed. If the inner value
        is empty, the visible selection recalculated with DeleteSelectionCommand::m_endingPostion
        is not correct. Because RenderBlockFlow is only considered but not RenderFlexibleBox
        in Position::isCandidate so that a calculated ending VisiblePosition for an editable div
        having "display : flex" goes weird and VisibleSelection is empty accordingly.

        Test: fast/events/key-events-in-editable-flexbox.html

        * dom/Position.cpp:
        (WebCore::Position::isCandidate):

2015-02-11  ChangSeok Oh  <changseok.oh@collabora.com>

        Activate ReliefLogger of a memory pressure handler for linux system.
        https://bugs.webkit.org/show_bug.cgi?id=123611

        Reviewed by Anders Carlsson.

        Put more logs for the time when a system goes under memory pressure or viceversa.

        No new tests since no engine behavior changed.

        * platform/linux/MemoryPressureHandlerLinux.cpp:
        (WebCore::MemoryPressureHandler::waitForMemoryPressureEvent): Wait a memory pressure event
        from cgroup in a seperated thread. Once a pressure event happens, respondToMemoryPressure()
        would be called to get back some resources.
        (WebCore::MemoryPressureHandler::install): Install memoryPressureHandler module
        to make it work.

2015-02-11  Alex Christensen  <achristensen@webkit.org>

        Final preparations to switch to WEBCORE_EXPORT.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        Export the vtable and a function.

2015-02-11  Sam Weinig  <sam@webkit.org>

        performance.now can crash if accessed from a window that has navigated
        <rdar://problem/16892506>
        https://bugs.webkit.org/show_bug.cgi?id=141478

        Reviewed by Alexey Proskuryakov.

        Test: fast/performance/performance-now-crash-on-navigated-window.html

        * page/Performance.cpp:
        (WebCore::Performance::now):
        Check for a null frame, which can happen when the window has been navigated.

2015-02-10  Alexey Proskuryakov  <ap@apple.com>

        URL::setUser and URL::setPass don't percent encode
        https://bugs.webkit.org/show_bug.cgi?id=141453
        rdar://problem/14844503&16551802&19623145

        Reviewed by Darin Adler.

        Tests: fast/url/url-credentials-escaping.html
               http/tests/xmlhttprequest/basic-auth-credentials-escaping.html

        Start adding some code that performs escaping in a way that matches the URL Standard.
        Right now, it's only used where we failed to do any escaping at all, and over time,
        we'll be moving towards a new implementation.

        * html/URLUtils.h:
        (WebCore::URLUtils<T>::username):
        (WebCore::URLUtils<T>::password):
        * platform/URL.cpp:
        (WebCore::isSchemeFirstChar):
        (WebCore::URL::user):
        (WebCore::URL::pass):
        (WebCore::URL::encodedUser):
        (WebCore::URL::encodedPass):
        (WebCore::URL::setUser):
        (WebCore::URL::setPass):
        (WebCore::encodeWithURLEscapeSequences):
        * platform/URL.h:

2015-02-11  Alex Christensen  <achristensen@webkit.org>

        Add a few more WEBCORE_EXPORT macros for debug and iOS builds.

        * page/EventHandler.h:
        * page/ios/WebEventRegion.h:
        * platform/sql/SQLiteDatabaseTracker.h:

2015-02-11  Darin Adler  <darin@apple.com>

        REGRESSION(r179476): It broke the !ENABLE(PICTURE_SIZES) build
        https://bugs.webkit.org/show_bug.cgi?id=141327

        Reviewed by Csaba Osztrogonác.

        * html/parser/HTMLPreloadScanner.cpp:
        (WebCore::TokenPreloadScanner::StartTagScanner::processAttributes):
        Put #if around use of m_sizesAttribute.

2015-02-11  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r179921.
        https://bugs.webkit.org/show_bug.cgi?id=141473

        caused about 30 test failures on yosemite and mavericks
        (Requested by alexchristensen on #webkit).

        Reverted changeset:

        "Div having contentEditable and display:flex cannot be edited
        if it is empty."
        https://bugs.webkit.org/show_bug.cgi?id=141218
        http://trac.webkit.org/changeset/179921

2015-02-11  ChangSeok Oh  <changseok.oh@collabora.com>

        Div having contentEditable and display:flex cannot be edited if it is empty.
        https://bugs.webkit.org/show_bug.cgi?id=141218

        Reviewed by Ryosuke Niwa.

        RenderFlexibleBox should be treated as a candidate for visible position. Visible selection
        in an editable area is recalculated whenever an inner value of div is changed. If the inner value
        is empty, the visible selection recalculated with DeleteSelectionCommand::m_endingPostion
        is not correct. Because RenderBlockFlow is only considered but not RenderFlexibleBox
        in Position::isCandidate so that a calculated ending VisiblePosition for an editable div
        having "display : flex" goes weird and VisibleSelection is empty accordingly.

        Test: fast/events/key-events-in-editable-flexbox.html

        * dom/Position.cpp:
        (WebCore::Position::isCandidate):

2015-02-11  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r179910.
        https://bugs.webkit.org/show_bug.cgi?id=141464

        Caused assertions on debug bots (Requested by ap on #webkit).

        Reverted changeset:

        "[WK2] Add logging to validate the network cache efficacy
        (Part 2)"
        https://bugs.webkit.org/show_bug.cgi?id=141345
        http://trac.webkit.org/changeset/179910

2015-02-10  Chris Dumez  <cdumez@apple.com>

        Optimize MutableStyleProperties::removePropertiesInSet()
        https://bugs.webkit.org/show_bug.cgi?id=141460

        Reviewed by Andreas Kling.

        Optimize MutableStyleProperties::removePropertiesInSet() by doing an
        in-place removal of the vector properties, using the new and efficient
        Vector::removalAllMatching().

        I see a ~11% speed-up on CSS/CSSPropertySetterGetter.html performance
        test.

        This change was inspired by the following Blink revision:
        https://src.chromium.org/viewvc/blink?view=rev&revision=189387

        Test: PerformanceTests/CSS/CSSPropertySetterGetter.html

        * css/StyleProperties.cpp:
        (WebCore::MutableStyleProperties::removePropertiesInSet):

2015-02-10  Alex Christensen  <achristensen@webkit.org>

        [Win] Fix debug build after r179807.
        https://bugs.webkit.org/show_bug.cgi?id=141461

        Reviewed by Benjamin Poulain.

        * dom/TypedElementDescendantIterator.h:
        Explicitly call Iterator constructor to reduce complexity when iterating descendantsOfType.

2015-02-10  Chris Dumez  <cdumez@apple.com>

        [WK2] Add logging to validate the network cache efficacy (Part 2)
        https://bugs.webkit.org/show_bug.cgi?id=141345

        Reviewed by Antti Koivisto.

        Add a few more diagnostic logging keys for the network cache efficacy
        logging.

2015-02-10  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r179896.
        https://bugs.webkit.org/show_bug.cgi?id=141452

        broke linking debug builds (Requested by thorton on #webkit).

        Reverted changeset:

        "Stop using WebCore.exp.in on Mac and iOS."
        https://bugs.webkit.org/show_bug.cgi?id=141413
        http://trac.webkit.org/changeset/179896

2015-02-10  Alex Christensen  <achristensen@webkit.org>

        Fix bindings tests after r179886.

        * bindings/scripts/test/ObjC/DOMFloat64Array.h:
        * bindings/scripts/test/ObjC/DOMTestActiveDOMObject.h:
        * bindings/scripts/test/ObjC/DOMTestCallback.h:
        * bindings/scripts/test/ObjC/DOMTestCustomNamedGetter.h:
        * bindings/scripts/test/ObjC/DOMTestEventConstructor.h:
        * bindings/scripts/test/ObjC/DOMTestEventTarget.h:
        * bindings/scripts/test/ObjC/DOMTestException.h:
        * bindings/scripts/test/ObjC/DOMTestGenerateIsReachable.h:
        * bindings/scripts/test/ObjC/DOMTestInterface.h:
        * bindings/scripts/test/ObjC/DOMTestMediaQueryListListener.h:
        * bindings/scripts/test/ObjC/DOMTestNamedConstructor.h:
        * bindings/scripts/test/ObjC/DOMTestNode.h:
        * bindings/scripts/test/ObjC/DOMTestNondeterministic.h:
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestOverloadedConstructors.h:
        * bindings/scripts/test/ObjC/DOMTestSerializedScriptValueInterface.h:
        * bindings/scripts/test/ObjC/DOMTestTypedefs.h:
        * bindings/scripts/test/ObjC/DOMattribute.h:
        * bindings/scripts/test/ObjC/DOMreadonly.h:

2015-02-10  Alex Christensen  <achristensen@webkit.org>

        Stop using WebCore.exp.in on Mac and iOS.
        https://bugs.webkit.org/show_bug.cgi?id=141413

        Reviewed by Dan Bates.

        * Configurations/Base.xcconfig:
        Make symbols hidden by default unless exported by WEBCORE_EXPORT macros.
        * platform/PlatformExportMacros.h:
        Start using WEBCORE_EXPORT on Mac and iOS (but not Windows yet).

2015-02-10  Chris Dumez  <cdumez@apple.com>

        Add another assertion to help track down crash in DocumentLoader::stopLoadingForPolicyChange()
        https://bugs.webkit.org/show_bug.cgi?id=141447
        <rdar://problem/13811738>

        Reviewed by Alexey Proskuryakov.

        Add another assertion to help track down crash in
        DocumentLoader::stopLoadingForPolicyChange().

        The trace seems to hint that frameLoader() returns null when
        stopLoadingForPolicyChange() is called. frameLoader() can only return
        null after DocumentLoader::detachFromFrame() has been called.
        Also, stopLoadingForPolicyChange() here is called from the
        DocumentLoader::continueAfterContentPolicy() policy callback which
        requires m_waitingForContentPolicy to be true. Therefore, we should
        assert that m_waitingForContentPolicy is false when m_frame is cleared
        in DocumentLoader::detachFromFrame().

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::detachFromFrame):

2015-02-10  Alex Christensen  <achristensen@webkit.org>

        Stop using WebCore.exp.in on Mac and iOS.
        https://bugs.webkit.org/show_bug.cgi?id=141413

        Reviewed by Dan Bates.

        * Configurations/Base.xcconfig:
        Make symbols hidden by default unless exported by WEBCORE_EXPORT macros.
        * platform/PlatformExportMacros.h:
        Start using WEBCORE_EXPORT on Mac and iOS (but not Windows yet).

2015-02-10  Alex Christensen  <achristensen@webkit.org>

        Add more WEBCORE_EXPORT macros for iOS.
        https://bugs.webkit.org/show_bug.cgi?id=141430

        Reviewed by Tim Horton.

        * bindings/objc/WebScriptObject.h:
        * bindings/scripts/CodeGeneratorObjC.pm:
        (GenerateHeader):
        * dom/Event.h:
        * dom/Node.h:
        * editing/FrameSelection.h:
        * html/HTMLFormControlElement.h:
        * html/HTMLMediaSession.h:
        * page/Frame.h:
        * page/FrameView.h:
        * platform/ScrollView.h:
        * platform/ios/PasteboardIOS.mm:
        * platform/ios/wak/WAKAppKitStubs.h:
        * platform/ios/wak/WAKClipView.h:
        * platform/ios/wak/WAKScrollView.h:
        * platform/ios/wak/WAKView.h:
        * platform/ios/wak/WAKWindow.h:
        * platform/ios/wak/WAKWindow.mm:
        * platform/ios/wak/WKContentObservation.h:
        * platform/ios/wak/WKGraphics.h:
        * platform/ios/wak/WebCoreThread.h:
        * platform/ios/wak/WebCoreThread.mm:
        * platform/ios/wak/WebCoreThreadRun.h:
        * platform/ios/wak/WebCoreThreadSystemInterface.h:
        * platform/network/ios/QuickLook.h:
        * platform/text/TextBreakIterator.h:

2015-02-09  David Hyatt  <hyatt@apple.com>

        text-underline-position: under is broken
        https://bugs.webkit.org/show_bug.cgi?id=141400
        <rdar://problem/18569583>

        Reviewed by Simon Fraser.

        Added fast/text/text-underline-position-under.html

        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::computeMaxLogicalBottom):
        (WebCore::InlineFlowBox::computeMaxLogicalTop): Deleted.
        * rendering/InlineFlowBox.h:
        Switch to using the bottom to compute the offset. Using the top is incorrect, since
        the heights of boxes can vary.

        Fix a bug where the y() of the box was being used instead of the logical value, making the result
        wrong for vertical text.

        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::maxLogicalBottom):
        (WebCore::RootInlineBox::maxLogicalTop): Deleted.
        Switch to using the bottom instead of the top. Make sure the root box contributes its own bottom,
        since the old code just ignored the root's placement.

        * rendering/RootInlineBox.h:
        * style/InlineTextBoxStyle.cpp:
        (WebCore::computeUnderlineOffset):
        Call the bottom function now instead of the top.

2015-02-10  Chris Dumez  <cdumez@apple.com>

        Add assertion to help track down WebCore::DocumentLoader::stopLoadingForPolicyChange() crash
        https://bugs.webkit.org/show_bug.cgi?id=141441
        <rdar://problem/13811738>

        Reviewed by Alexey Proskuryakov.

        Add assertion to help track down a crash in
        WebCore::DocumentLoader::stopLoadingForPolicyChange().

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::~DocumentLoader):
        Make sure the DocumentLoader is not waiting for a content policy
        response when it is destroyed. If this were to happen, then the
        lambda function passed to PolicyChecker::checkContentPolicy()
        would outlive the DocumentLoader. This is an issue because
        that lambda function captures [this], which is the DocumentLoader.
        This would cause DocumentLoader::continueAfterContentPolicy() to
        be called after the DocumentLoader has been destroyed, which would
        explain the crash.

2015-02-07  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r168046): Crash in WebCore::InlineBox::renderer / WebCore::RenderFlowThread::checkLinesConsistency
        https://bugs.webkit.org/show_bug.cgi?id=133462

        Reviewed by David Hyatt.

        RenderFlowThread::m_lineToRegionMap stores pointers to the root inlineboxes in the block flow.
        Normally root inlineboxes remove themselves from this map in their dtors. However when collapsing an anonymous block,
        we detach the inline tree first and destroy them after. The detached root boxes can't access
        the flowthread containing block and we end up with dangling pointers in this map.
        Call removeFlowChildInfo() before detaching the subtree to ensure proper pointer removal.

        Test: fast/multicol/newmulticol/crash-when-switching-to-floating.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::collapseAnonymousBoxChild):

2015-02-10  Julien Isorce  <j.isorce@samsung.com>

        Render: properly update body's background image
        https://bugs.webkit.org/show_bug.cgi?id=140183

        When HTML and BODY renderers are both composited the
        skipBodyBackground condition should also take into account
        if the HTML's layer can draw its contents.

        Reviewed by Darin Adler.

        Test: animations/animation-background-image.html

        * rendering/RenderBox.cpp:
        (WebCore::skipBodyBackground): Do not skip
        if document's layer cannot draw its content.
        Previously both body and html did not paint the background
        when they are both composited.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::contentChanged): Also redisplay
        the content.

2015-02-10  Eric Carlson  <eric.carlson@apple.com>

        [iOS] don't get out of sync when interrupt/resume calls are not balanced
        https://bugs.webkit.org/show_bug.cgi?id=141310

        Reviewed by Jer Noble.

        No new tests, updated media/video-interruption-with-resume-allowing-play.html.

        * platform/audio/MediaSession.cpp:
        (WebCore::MediaSession::beginInterruption): Count interruptions.
        (WebCore::MediaSession::endInterruption): Ignore calls when m_interruptionCount is already zero.
        * platform/audio/MediaSession.h:

2015-02-10  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] GMutexLocker build issue
        https://bugs.webkit.org/show_bug.cgi?id=141381

        Reviewed by Žan Doberšek.

        Use always WTF::GMutexLocker because newer glib versions have a
        GMutexLocker in the public API.

        * platform/audio/gstreamer/AudioSourceProviderGStreamer.cpp:
        (WebCore::AudioSourceProviderGStreamer::provideInput):
        (WebCore::AudioSourceProviderGStreamer::handleAudioBuffer):
        (WebCore::AudioSourceProviderGStreamer::clearAdapters):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::naturalSize):
        (WebCore::MediaPlayerPrivateGStreamerBase::updateTexture):
        (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
        (WebCore::MediaPlayerPrivateGStreamerBase::paint):
        * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
        (webkitVideoSinkTimeoutCallback):
        (webkitVideoSinkRender):
        (unlockSampleMutex):
        (webkitVideoSinkUnlockStop):
        (webkitVideoSinkStart):
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcGetProperty):
        (webKitWebSrcStop):
        (webKitWebSrcStart):
        (webKitWebSrcChangeState):
        (webKitWebSrcQueryWithParent):
        (webKitWebSrcGetUri):
        (webKitWebSrcSetUri):
        (webKitWebSrcNeedDataMainCb):
        (webKitWebSrcNeedDataCb):
        (webKitWebSrcEnoughDataMainCb):
        (webKitWebSrcEnoughDataCb):
        (webKitWebSrcSeekDataCb):
        (webKitWebSrcSetMediaPlayer):
        (StreamingClient::createReadBuffer):
        (StreamingClient::handleResponseReceived):
        (StreamingClient::handleDataReceived):
        (StreamingClient::handleNotifyFinished):
        (ResourceHandleStreamingClient::wasBlocked):
        (ResourceHandleStreamingClient::cannotShowURL):

2015-02-09  Alex Christensen  <achristensen@webkit.org>

        Update WEBCORE_EXPORT to prepare to start using it.
        https://bugs.webkit.org/show_bug.cgi?id=141409

        Reviewed by Tim Horton.

        * bindings/js/JSDOMGlobalObject.h:
        * bindings/objc/DOMInternal.h:
        * bindings/objc/ExceptionHandlers.mm:
        * bindings/objc/WebScriptObjectPrivate.h:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
        * bindings/scripts/test/JS/JSTestEventConstructor.h:
        * bindings/scripts/test/JS/JSTestEventTarget.h:
        * bindings/scripts/test/JS/JSTestException.h:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
        * bindings/scripts/test/JS/JSTestInterface.h:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
        * bindings/scripts/test/JS/JSTestNamedConstructor.h:
        * bindings/scripts/test/JS/JSTestNondeterministic.h:
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
        * bindings/scripts/test/JS/JSTestTypedefs.h:
        * bindings/scripts/test/JS/JSattribute.h:
        * bindings/scripts/test/JS/JSreadonly.h:
        * css/StyleProperties.h:
        * dom/DeviceMotionData.h:
        * dom/Node.h:
        * dom/Position.h:
        * dom/ScriptExecutionContext.h:
        * editing/Editor.h:
        * editing/htmlediting.h:
        * html/HTMLInputElement.h:
        * html/TimeRanges.h:
        * loader/FrameLoader.h:
        * loader/cache/CacheValidation.h:
        * loader/cache/MemoryCache.h:
        * loader/icon/IconDatabase.h:
        * page/DatabaseProvider.h:
        * page/DiagnosticLoggingKeys.h:
        * page/EventHandler.h:
        * page/FrameSnapshotting.h:
        * page/MainFrame.h:
        * page/PageConsoleClient.h:
        * page/PageOverlay.h:
        * platform/CrossThreadCopier.h:
        * platform/FileSystem.h:
        * platform/PlatformSpeechSynthesizer.h:
        * platform/RemoteCommandListener.h:
        * platform/RuntimeApplicationChecks.h:
        * platform/graphics/Font.h:
        * platform/graphics/FontCache.h:
        * platform/graphics/FontGlyphs.h:
        * platform/graphics/FontRanges.h:
        * platform/graphics/GeometryUtilities.h:
        * platform/graphics/GlyphPage.h:
        * platform/graphics/Region.h:
        * platform/graphics/ca/PlatformCALayer.h:
        * platform/graphics/ca/TileController.h:
        * platform/graphics/transforms/TransformationMatrix.h:
        * platform/mac/WebCoreFullScreenWarningView.h:
        * platform/network/BlobDataFileReference.h:
        * platform/network/ResourceRequestBase.h:
        * platform/network/ResourceResponseBase.h:
        * platform/network/create-http-header-name-table:
        * platform/network/mac/WebCoreURLResponse.h:
        * platform/sql/SQLiteDatabaseTracker.h:
        * platform/sql/SQLiteStatement.h:
        * rendering/HitTestLocation.h:
        * rendering/HitTestResult.h:
        * storage/StorageEventDispatcher.h:
        Added WEBCORE_EXPORT macros.

2015-02-09  Chris Dumez  <cdumez@apple.com>

        Check for self-assignment in Length::operator=(const Length&)
        https://bugs.webkit.org/show_bug.cgi?id=141402

        Reviewed by Andreas Kling.

        Check for self-assignment in Length::operator=(const Length&) as
        calling memcpy() with the same source and destination addresses has
        undefined behavior.

        * platform/Length.h:
        (WebCore::Length::operator=):

2015-02-09  Roger Fong  <roger_fong@apple.com>

        WebGL: Update 1.0.2 conformance layout tests and address new failure.
        https://bugs.webkit.org/show_bug.cgi?id=141408.
        <rdar://problem/19773236>

        Reviewed by Dean Jackson.

        Tests covered by updated 1.0.2 conformance tests.

        * html/canvas/WebGLRenderingContextBase.cpp: 
        Return null string instead of empty string if parameter validation fails.
        (WebCore::WebGLRenderingContextBase::getProgramInfoLog):
        (WebCore::WebGLRenderingContextBase::getShaderInfoLog):
        (WebCore::WebGLRenderingContextBase::getShaderSource):

2015-02-09  Timothy Horton  <timothy_horton@apple.com>

        Avoid using a HashMap for DisplayRefreshMonitorManager, which rarely has more than one item
        https://bugs.webkit.org/show_bug.cgi?id=141353

        Reviewed by Anders Carlsson.

        No new tests, because there's no behavior change.

        * platform/graphics/DisplayRefreshMonitorManager.cpp:
        (WebCore::DisplayRefreshMonitorManager::ensureMonitorForClient):
        (WebCore::DisplayRefreshMonitorManager::unregisterClient):
        (WebCore::DisplayRefreshMonitorManager::displayDidRefresh):
        * platform/graphics/DisplayRefreshMonitorManager.h:
        Use a Vector of RefPtr<DisplayRefreshMonitor> instead of a HashMap
        from uint64_t to RefPtr<DisplayRefreshMonitor>. There's usually only one
        display, so there's usually only one DisplayRefreshMonitor. Linear search
        on the Vector will be faster than the hash lookup in all conceivable cases.
        This also avoids the situation mentioned in the comments in DisplayRefreshMonitorManager.h
        where we don't know enough about PlatformDisplayID to safely hash it.

2015-02-09  Jer Noble  <jer.noble@apple.com>

        [Mac] Disable the currentTime estimation code in HTMLMediaElement for Yosemite+
        https://bugs.webkit.org/show_bug.cgi?id=141399

        Reviewed by Eric Carlson.

        Apparenty -[AVPlayer rate] means different things for HLS and progressive content; for progressive,
        the -rate is the actual rate of playback. For HLS, the -rate is the requested rate, and will return
        the requested value even if time is not progressing.

        We added the currentTime estimation engine because asking AVFoundation for its -currentTime used to
        be expensive, but we've been assured that in recent iOS and OS X releases, -currentTime should be
        very fast. That, in combination with the HLS behavior of -rate and how it breaks the currentTime
        estimation, means we should probably turn it off for iOS and Yosemite.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::maximumDurationToCacheMediaTime): Move implementation to .mm.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::maximumDurationToCacheMediaTime): Disable on iOS and >=10.10.

2015-02-07  Roger Fong  <roger_fong@apple.com>

        WebGL 2: Texture call format, internal format, and type validation.
        https://bugs.webkit.org/show_bug.cgi?id=141318.
        <rdar://problem/19733828>

        Reviewed by Brent Fulgham.

        Tests will be covered by WebGL2 conformance tests.

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::getFramebufferAttachmentParameter): Add missing ExceptionCode argument.
        (WebCore::WebGL2RenderingContext::copyTexImage2D): Validate texture formats based on GLES3 spec.
        (WebCore::WebGL2RenderingContext::texSubImage2DBase): Validate using internal format from texture target.
        (WebCore::WebGL2RenderingContext::texSubImage2DImpl): Validate using internal format from texture target.
        (WebCore::WebGL2RenderingContext::texSubImage2D): Validate using internal format from texture target.
        (WebCore::WebGL2RenderingContext::validateTexFuncParameters): Do extra validation for copyTexImage2D.
        (WebCore::WebGL2RenderingContext::validateTexFuncFormatAndType): Validate internal format, format and type combination.
        (WebCore::WebGL2RenderingContext::validateTexFuncData): Validate new data types.
        This method now accepts an internal format argument.
        (WebCore::WebGL2RenderingContext::baseInternalFormatFromInternalFormat):
        Helper method to convert internal format to base internal format.
        * html/canvas/WebGL2RenderingContext.h:

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::copyTexImage2D): Moved from WebGLRenderingContextBase.
        (WebCore::WebGLRenderingContext::texSubImage2DBase): Ditto.
        (WebCore::WebGLRenderingContext::texSubImage2DImpl): Ditto.
        (WebCore::WebGLRenderingContext::texSubImage2D): Ditto.
        (WebCore::WebGLRenderingContext::validateTexFuncParameters): Ditto.
        (WebCore::WebGLRenderingContext::validateTexFuncFormatAndType): Ditto.
        (WebCore::WebGLRenderingContext::validateTexFuncData): Ditto.
        * html/canvas/WebGLRenderingContext.h:

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::texImage2DBase):
        (WebCore::WebGLRenderingContextBase::validateTexFunc):
        (WebCore::WebGLRenderingContextBase::texImage2D):
        (WebCore::WebGLRenderingContextBase::copyTexImage2D): Deleted.
        (WebCore::WebGLRenderingContextBase::texSubImage2DBase): Deleted.
        (WebCore::WebGLRenderingContextBase::texSubImage2DImpl): Deleted.
        (WebCore::WebGLRenderingContextBase::texSubImage2D): Deleted.
        (WebCore::WebGLRenderingContextBase::validateTexFuncFormatAndType): Deleted.
        (WebCore::WebGLRenderingContextBase::validateTexFuncParameters): Deleted.
        (WebCore::WebGLRenderingContextBase::validateTexFuncData): Deleted.
        * html/canvas/WebGLRenderingContextBase.h: Modify validation type enums to differentiate between CopyImage, TexImage and TexSubImage calls.
        (WebCore::ScopedDrawingBufferBinder::ScopedDrawingBufferBinder):  Moved from WebGLRenderingContextBase.
        (WebCore::ScopedDrawingBufferBinder::~ScopedDrawingBufferBinder): Ditto.
        (WebCore::clip1D): Ditto.
        (WebCore::clip2D): Ditto.
        * platform/graphics/GraphicsContext3D.h: Rename a typo'ed enum.

2015-02-09  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r179494.
        https://bugs.webkit.org/show_bug.cgi?id=141395

        Caused slowdown in a WebKit client test scenario (Requested by
        kling on #webkit).

        Reverted changeset:

        "[Cocoa] Make decoded image data purgeable ASAP."
        https://bugs.webkit.org/show_bug.cgi?id=140298
        http://trac.webkit.org/changeset/179494

2015-02-09  Jer Noble  <jer.noble@apple.com>

        [WebAudio] AudioBufferSourceNodes should accurately play backwards if given a negative playbackRate.
        https://bugs.webkit.org/show_bug.cgi?id=140955

        Reviewed by Eric Carlson.

        Tests: webaudio/audiobuffersource-negative-playbackrate-interpolated.html
               webaudio/audiobuffersource-negative-playbackrate.html

        Add support for playing an AudioBufferSourceNode at a negative playbackRate. Change the meaning of
        start() to set the initial playback position at the end of the play range if the rate of playback
        is negtive.

        * Modules/webaudio/AudioBufferSourceNode.cpp:
        (WebCore::AudioBufferSourceNode::AudioBufferSourceNode): Allow the playbackRate AudioParam to range from [-32, 32].
        (WebCore::AudioBufferSourceNode::renderFromBuffer): Change variable names from "start" and "end" to "min" and "max"
            for clarity. Add a non-interpolated and interpolated render step for negative playback.
        (WebCore::AudioBufferSourceNode::start): Drive-by fix: default value of grainDuration is not 0.02.
        (WebCore::AudioBufferSourceNode::startPlaying): Start playing at the end of the buffer for negative playback.
        (WebCore::AudioBufferSourceNode::totalPitchRate): Allow the pitch to be negative.

2015-02-09  Darin Adler  <darin@apple.com>

        Try to fix build on platforms that use SVG "all in one" file (Windows).

        * svg/SVGAElement.cpp: Don't do "using namespace HTMLNames;" outside of
        function boundaries, because that will be inherited by other files.
        (WebCore::SVGAElement::isURLAttribute): Use XLinkNames directly here
        instead of using HTMLNames implicitly.

        * svg/SVGElement.cpp: Don't do "using namespace HTMLNames;" outside of
        function boundaries, because that will be inherited by other files.
        (WebCore::populateAttributeNameToCSSPropertyIDMap): Instead do it in here.
        (WebCore::populateAttributeNameToAnimatedPropertyTypeMap): And here.
        (WebCore::populateCSSPropertyWithSVGDOMNameToAnimatedPropertyTypeMap): And here.
        (WebCore::SVGElement::parseAttribute): And use HTMLNames directly here
        instead of implicitly.

2015-02-09  Eric Carlson  <eric.carlson@apple.com>

        [iOS] exit from fullscreen when player view controller calls delegate
        https://bugs.webkit.org/show_bug.cgi?id=141350

        Reviewed by Jer Noble.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerController playerViewControllerWillCancelOptimizedFullscree:]): New, ask delegate
            to exit from fullscreen.

2015-02-06  Sergio Villar Senin  <svillar@igalia.com>

        ASSERTION FAILED: resolvedInitialPosition <= resolvedFinalPosition in WebCore::GridSpan::GridSpan
        https://bugs.webkit.org/show_bug.cgi?id=141328

        Reviewed by Darin Adler.

        Whenever
        GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition()
        was trying to place an item with span, it was completely ignoring
        the resolvedInitialPosition returned by
        GridResolvedPosition::resolveGridPositionAgainstOppositePosition()
        and only using the finalResolvedPosition. This works with an
        unlimited grid which can indefinitely grow. But if the item spans
        over the grid track limits, then it might happen that the final
        resolved position is placed before the initial resolved position,
        something that is forbidden.

        The solution is to directly use the GridSpan returned by
        GridResolvedPosition::resolveGridPositionAgainstOppositePosition(), if the item
        does not surpass the track limits then the returned initialResolvedPosition
        is identical to the provided one, otherwise it's properly corrected to respect
        track boundaries.

        * rendering/style/GridResolvedPosition.cpp:
        (WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):

2015-01-22  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] Tracks' growth limits must be >= base sizes
        https://bugs.webkit.org/show_bug.cgi?id=140540

        Reviewed by Antti Koivisto.

        The track sizing algorithm is supposed to avoid those situations
        but they easily (specially when we mix absolute lengths and
        intrinsic lengths in min and max track sizing functions) and
        frequently appear. In those cases the outcome from the algorithm
        is wrong, tracks are not correctly sized.

        In order to fulfill the restriction, m_usedBreadth and
        m_maxBreadth are now private members of GridTrack and the class
        now provides a couple of methods to modify them respecting the
        growthLimit >= baseSize precondition.

        Apart from that, the members and methods of GridTrack were also
        renamed to match the ones used in the recent algorithm rewrite:
        usedBreadth became baseSize and maxBreadth is now growthLimit.

        Although the algorithm was not modified at all, this change
        detected and fixed several invalid results (tracks and/or grids
        bigger than expected).

        * rendering/RenderGrid.cpp:
        (WebCore::GridTrack::GridTrack): Renamed fields and methods. Added
        assertions.
        (WebCore::GridTrack::baseSize): Renamed from usedBreadth.
        (WebCore::GridTrack::growthLimit): Renamed from maxBreadth.
        (WebCore::GridTrack::setBaseSize):
        (WebCore::GridTrack::setGrowthLimit):
        (WebCore::GridTrack::growBaseSize): Renamed from growUsedBreadth.
        (WebCore::GridTrack::growGrowthLimit): Renamed from growMaxBreadth.
        (WebCore::GridTrack::growthLimitIsInfinite): New helper method.
        (WebCore::GridTrack::growthLimitIfNotInfinite): Renamed from
        maxBreadthIfNotInfinite.
        (WebCore::GridTrack::isGrowthLimitBiggerThanBaseSize): New helper
        method to verify ASSERTs are true.
        (WebCore::GridTrack::ensureGrowthLimitIsBiggerThanBaseSize): Ditto.
        (WebCore::GridTrackForNormalization::GridTrackForNormalization):
        (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
        (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
        (WebCore::RenderGrid::computeNormalizedFractionBreadth):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
        (WebCore::sortByGridTrackGrowthPotential):
        (WebCore::RenderGrid::distributeSpaceToTracks):
        (WebCore::RenderGrid::tracksAreWiderThanMinTrackBreadth):
        (WebCore::RenderGrid::layoutGridItems):
        (WebCore::RenderGrid::gridAreaBreadthForChild):
        (WebCore::RenderGrid::populateGridPositions):
        (WebCore::GridTrack::growUsedBreadth): Renamed to growBaseSize.
        (WebCore::GridTrack::usedBreadth): Renamed to baseSize.
        (WebCore::GridTrack::growMaxBreadth): Renamed to growGrowthLimit.
        (WebCore::GridTrack::maxBreadthIfNotInfinite): Renamed to
        growthLimitIfNotInfinite.
        * rendering/RenderGrid.h:

2015-02-08  Chris Fleizach  <cfleizach@apple.com>

        AX: VoiceOver appears unresponsive when JavaScript alerts are triggered via focus or blur events
        https://bugs.webkit.org/show_bug.cgi?id=140485

        Reviewed by Anders Carlsson.

        If setting an accessibility attribute results in a modal alert being displayed, it can cause VoiceOver
        to hang. A simple solution is perform the actual work after a short delay, which will ensure the call
        returns without hanging.

        Test: platform/mac/accessibility/setting-attributes-is-asynchronous.html

        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper accessibilitySetValue:forAttribute:]):
        (-[WebAccessibilityObjectWrapper _accessibilitySetValue:forAttribute:]):