Heap-use-after-free in WebCore::RenderText::computePreferredLogicalWidths
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2013-01-11  Abhishek Arya  <inferno@chromium.org>
2
3         Heap-use-after-free in WebCore::RenderText::computePreferredLogicalWidths
4         https://bugs.webkit.org/show_bug.cgi?id=95901
5
6         Reviewed by Simon Fraser.
7
8         Prevent re-entrancy of view layout. Loading of SVG document during font load
9         causes it to re-enter layout and blowing the style away from underneath.
10         
11         Test: Go to http://www.speckproducts.com and make sure crash does not happen.
12
13         * dom/Document.cpp:
14         (WebCore::Document::updateLayout):
15
16 2013-01-11  Kentaro Hara  <haraken@chromium.org>
17
18         [V8] Do not create a local handle for a cached v8 string that is returned to V8 immediately
19         https://bugs.webkit.org/show_bug.cgi?id=106557
20
21         Reviewed by Adam Barth.
22
23         Currently we are always creating a local handle for a cached
24         V8 string returned to V8:
25
26           Handle<Value> v8String(StringImpl* impl, Isolate* isolate) {
27             ...;
28             return Local<String>::New(isolate, m_cachedString);
29           }
30
31         However, we don't need to create a local handle in a case
32         where it is guaranteed that no V8 object allocation is conducted
33         before a control flow returns back to V8. In particular, in a case
34         where a cached V8 string is immediately returned to V8, we don't
35         need to create a local handle:
36
37           Handle<Value> xxxxAttrGetter() {
38             ...;
39             return v8String(imp->xxxx(), isolate);  // This can return a persistent handle safely.
40           }
41
42         This patch improves performance of div.id by 9.2%.
43
44         No tests. No change in behavior.
45
46         * bindings/scripts/CodeGeneratorV8.pm:
47         (GenerateNormalAttrGetter):
48         (GenerateCallbackImplementation):
49         (GenerateFunctionCallString):
50         (NativeToJSValue):
51         * bindings/scripts/test/V8/V8TestEventConstructor.cpp:
52         (WebCore::TestEventConstructorV8Internal::attr1AttrGetter):
53         (WebCore::TestEventConstructorV8Internal::attr2AttrGetter):
54         * bindings/scripts/test/V8/V8TestException.cpp:
55         (WebCore::TestExceptionV8Internal::nameAttrGetter):
56         * bindings/scripts/test/V8/V8TestInterface.cpp:
57         (WebCore::TestInterfaceV8Internal::supplementalStaticAttrAttrGetter):
58         (WebCore::TestInterfaceV8Internal::supplementalStr1AttrGetter):
59         (WebCore::TestInterfaceV8Internal::supplementalStr2AttrGetter):
60         * bindings/scripts/test/V8/V8TestObj.cpp:
61         (WebCore::TestObjV8Internal::readOnlyStringAttrAttrGetter):
62         (WebCore::TestObjV8Internal::staticStringAttrAttrGetter):
63         (WebCore::TestObjV8Internal::stringAttrAttrGetter):
64         (WebCore::TestObjV8Internal::reflectedStringAttrAttrGetter):
65         (WebCore::TestObjV8Internal::reflectedURLAttrAttrGetter):
66         (WebCore::TestObjV8Internal::reflectedCustomURLAttrAttrGetter):
67         (WebCore::TestObjV8Internal::stringAttrWithGetterExceptionAttrGetter):
68         (WebCore::TestObjV8Internal::stringAttrWithSetterExceptionAttrGetter):
69         (WebCore::TestObjV8Internal::hashAttrGetter):
70         (WebCore::TestObjV8Internal::conditionalMethod1Callback):
71         * bindings/v8/V8Binding.h:
72         (WebCore::v8String):
73         (WebCore::v8StringOrNull):
74         (WebCore::v8StringOrUndefined):
75         * bindings/v8/V8ValueCache.cpp:
76         (WebCore::StringCache::v8ExternalStringSlow):
77         * bindings/v8/V8ValueCache.h:
78         (WebCore::StringCache::v8ExternalString):
79         (StringCache):
80
81 2013-01-11  Carlos Garcia Campos  <cgarcia@igalia.com>
82
83         Unreviewed. Fix make distcheck.
84
85         * GNUmakefile.list.am: Add missing header files.
86
87 2013-01-11  Xianzhu Wang  <wangxianzhu@chromium.org>
88
89         RenderLayerCompositor should let ScrollingCoordinator update main thread scrolling reasons after change of layers
90         https://bugs.webkit.org/show_bug.cgi?id=105652
91
92         Reviewed by Simon Fraser.
93
94         Let ScrollingCoordinator know the change of ViewportConstrainedNotCompositedReason in time.
95         By the way moved RenderLayerCompositor::FixedPositionLayerNotCompositedReason to RenderLayer::ViewportConstrainedNotCompositedReason.
96
97         Tests: compositing/layer-creation/fixed-position-in-view-dynamic.html
98                compositing/layer-creation/fixed-position-out-of-view-dynamic.html
99
100         * page/scrolling/ScrollingCoordinator.cpp:
101         (WebCore::ScrollingCoordinator::hasVisibleSlowRepaintViewportConstrainedObjects):
102         (WebCore::ScrollingCoordinator::mainThreadScrollingReasons):
103         (WebCore::ScrollingCoordinator::mainThreadScrollingReasonsAsText):
104         * page/scrolling/ScrollingCoordinator.h:
105         (ScrollingCoordinator):
106         * page/scrolling/mac/ScrollingCoordinatorMac.h:
107         (WebCore::ScrollingCoordinatorMac::hasVisibleSlowRepaintViewportConstrainedObjects):
108         * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
109         (WebCore::logThreadedScrollingMode):
110         * rendering/RenderLayer.cpp:
111         (WebCore::RenderLayer::RenderLayer):
112         (WebCore::RenderLayer::paintLayer):
113         * rendering/RenderLayer.h:
114         (RenderLayer): Moved RenderLayerCompositor::FixedPositionLayerNotCompositedReason to here and renamed it to ViewportConstrainedNotCompositedReason.
115         (WebCore::RenderLayer::setViewportConstrainedNotCompositedReason):
116         (WebCore::RenderLayer::viewportConstrainedNotCompositedReason):
117         * rendering/RenderLayerCompositor.cpp:
118         (WebCore::RenderLayerCompositor::updateCompositingLayers):
119         (WebCore::RenderLayerCompositor::updateBacking): Now updates ViewportConstrainedNotCompositedReason here instead of in computeCompositingRequirements before so that the reason is updated in time.
120         (WebCore::RenderLayerCompositor::computeCompositingRequirements):
121         (WebCore::RenderLayerCompositor::needsToBeComposited):
122         (WebCore::RenderLayerCompositor::requiresCompositingLayer):
123         (WebCore::RenderLayerCompositor::reasonForCompositing):
124         (WebCore::RenderLayerCompositor::requiresCompositingForPosition):
125         (WebCore::RenderLayerCompositor::reportMemoryUsage):
126         * rendering/RenderLayerCompositor.h:
127         (RenderLayerCompositor):
128
129 2013-01-11  Kenneth Russell  <kbr@google.com>
130
131         [Chromium] WebGL typed array constructor crashes on exception
132         https://bugs.webkit.org/show_bug.cgi?id=106308
133
134         Reviewed by Kentaro Hara.
135
136         Check for empty handles (indicating exception thrown) after calls
137         into V8 VM.
138
139         Added new case from Khronos typed array conformance tests to
140         fast/canvas/webgl/array-unit-tests.html.
141
142         * bindings/v8/custom/V8ArrayBufferViewCustom.h:
143         (WebCore::constructWebGLArray):
144             Check for empty handles after calls into V8 VM.
145
146 2013-01-11  Kentaro Hara  <haraken@chromium.org>
147
148         [V8] Slightly optimize getWrapperFast()
149         https://bugs.webkit.org/show_bug.cgi?id=106667
150
151         Reviewed by Adam Barth.
152
153         This patch improves an if condition in getWrapperFast(),
154         as commented in DOMDataStore.h.
155
156         This patch improves performance of div.firstChild from
157         15.1 ns to 14.0 ns (+7.8%), although I couldn't observe
158         performance improvement in Dromaeo/dom-traverse.
159
160         No tests. No change in behavior.
161
162         * bindings/v8/DOMDataStore.h:
163         (WebCore::DOMDataStore::getWrapperFast):
164
165 2013-01-11  Florin Malita  <fmalita@chromium.org>
166
167         [SVG] Suppress resource rebuilding for unattached and shadow elements
168         https://bugs.webkit.org/show_bug.cgi?id=106664
169
170         Reviewed by Dirk Schulze.
171
172         SVGStyledElement::buildPendingResourcesIfNeeded() can be called while cloning a subtree
173         (as nodes are inserted into the clone, while still detached) or when elements are inserted
174         into the shadow tree. Both of these cases are problematic for SVGUseElement and can trigger
175         indirect recursion in SVGUseElement::buildPendingResource.
176
177         Since shadow and !inDocument() nodes are of no interest to ID dependents (they cannot be
178         found by ID in the document), the patch short-circuits buildPendingResource() for these
179         cases.
180
181         Test: svg/custom/use-rebuild-resources-crash.svg
182
183         * svg/SVGStyledElement.cpp:
184         (WebCore::SVGStyledElement::buildPendingResourcesIfNeeded):
185
186 2013-01-11  Dominic Mazzoni  <dmazzoni@google.com>
187
188         AX: Computed hierarchical level is not consistent with aria-level
189         https://bugs.webkit.org/show_bug.cgi?id=106638
190
191         Reviewed by Chris Fleizach.
192
193         Make hierarchicalLevel computation 1-based to match the aria-level spec.
194
195         Extends an existing test: platform/mac/accessibility/aria-tree.html.
196
197         * accessibility/AccessibilityNodeObject.cpp:
198         (WebCore::AccessibilityNodeObject::hierarchicalLevel):
199         * accessibility/AccessibilityObject.h:
200         (AccessibilityObject):
201         * accessibility/mac/WebAccessibilityObjectWrapper.mm:
202         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):
203
204 2013-01-11  Vsevolod Vlasov  <vsevik@chromium.org>
205
206         Web Inspector: Workspace should support several projects and should not have temporary UISourceCodes.
207         https://bugs.webkit.org/show_bug.cgi?id=105856
208
209         Reviewed by Pavel Feldman.
210
211         Workspace now supports several projects with the networkProject being a main one.
212         Replaced temporary UISourceCodes with specific projects (debugger and liveedit).
213         The concept of workspace reset on navigation is now replaced with project reset concept instead.
214         Introduced snippets project (that is not reset on navigation).
215         Script mappings are now reset on GlobalObjectCleared event.
216
217         * inspector/front-end/BreakpointManager.js:
218         (WebInspector.BreakpointManager):
219         (WebInspector.BreakpointManager.prototype._innerSetBreakpoint):
220         (WebInspector.BreakpointManager.prototype._filteredBreakpointLocations):
221         (WebInspector.BreakpointManager.prototype.toggleAllBreakpoints):
222         (WebInspector.BreakpointManager.prototype.removeAllBreakpoints):
223         (WebInspector.BreakpointManager.prototype._projectWillReset.get for):
224         (WebInspector.BreakpointManager.prototype._projectWillReset):
225         * inspector/front-end/CSSStyleModel.js:
226         (WebInspector.CSSStyleModel):
227         (WebInspector.CSSStyleModel.prototype._inspectedURLChanged):
228         (WebInspector.CSSStyleModel.prototype._resetSourceMappings):
229         (WebInspector.CSSStyleModelResourceBinding):
230         (WebInspector.CSSStyleModelResourceBinding.prototype._viaInspectorResourceURL):
231         (WebInspector.CSSStyleModelResourceBinding.prototype._reset):
232         * inspector/front-end/CompilerScriptMapping.js:
233         (WebInspector.CompilerScriptMapping):
234         (WebInspector.CompilerScriptMapping.prototype._debuggerReset):
235         * inspector/front-end/DebuggerScriptMapping.js:
236         * inspector/front-end/DefaultScriptMapping.js:
237         (WebInspector.DefaultScriptMapping):
238         (WebInspector.DefaultScriptMapping.prototype.addScript):
239         (WebInspector.DefaultScriptMapping.prototype._debuggerReset):
240         * inspector/front-end/ExtensionServer.js:
241         (WebInspector.ExtensionServer.prototype._onGetPageResources):
242         * inspector/front-end/FilteredItemSelectionDialog.js:
243         (WebInspector.OpenResourceDialog.show):
244         * inspector/front-end/LiveEditSupport.js:
245         (WebInspector.LiveEditSupport):
246         (WebInspector.LiveEditSupport.prototype.uiSourceCodeForLiveEdit):
247         (WebInspector.LiveEditSupport.prototype._debuggerReset):
248         * inspector/front-end/NetworkUISourceCodeProvider.js:
249         (WebInspector.NetworkUISourceCodeProvider):
250         (WebInspector.NetworkUISourceCodeProvider.prototype._mainFrameNavigated):
251         (WebInspector.NetworkUISourceCodeProvider.prototype._addFile):
252         (WebInspector.NetworkUISourceCodeProvider.prototype._reset):
253         * inspector/front-end/ResourceScriptMapping.js:
254         (WebInspector.ResourceScriptMapping):
255         (WebInspector.ResourceScriptMapping.prototype._uiSourceCodeAddedToWorkspace):
256         (WebInspector.ResourceScriptMapping.prototype._debuggerReset):
257         * inspector/front-end/RevisionHistoryView.js:
258         (WebInspector.RevisionHistoryView):
259         (WebInspector.RevisionHistoryView.prototype._projectWillReset):
260         * inspector/front-end/SASSSourceMapping.js:
261         (_bindUISourceCode):
262         * inspector/front-end/ScriptSnippetModel.js:
263         (WebInspector.ScriptSnippetModel):
264         (WebInspector.ScriptSnippetModel.prototype._addScriptSnippet):
265         (WebInspector.ScriptSnippetModel.prototype.reset):
266         * inspector/front-end/ScriptsNavigator.js:
267         * inspector/front-end/ScriptsPanel.js:
268         (WebInspector.ScriptsPanel):
269         (WebInspector.ScriptsPanel.prototype._addUISourceCode):
270         (WebInspector.ScriptsPanel.prototype._uiSourceCodeRemoved):
271         (WebInspector.ScriptsPanel.prototype._removeUISourceCodes):
272         (WebInspector.ScriptsPanel.prototype._debuggerWasDisabled):
273         (WebInspector.ScriptsPanel.prototype._debuggerReset):
274         (WebInspector.ScriptsPanel.prototype._projectWillReset):
275         (WebInspector.ScriptsPanel.prototype.canShowAnchorLocation):
276         (WebInspector.ScriptsPanel.prototype._revealExecutionLine):
277         (WebInspector.ScriptsPanel.prototype.showGoToSourceDialog):
278         * inspector/front-end/SimpleWorkspaceProvider.js:
279         (WebInspector.SimpleWorkspaceProvider):
280         (WebInspector.SimpleWorkspaceProvider.prototype.addFile):
281         (WebInspector.SimpleWorkspaceProvider.prototype.addFileForURL):
282         (WebInspector.SimpleWorkspaceProvider.prototype.reset):
283         * inspector/front-end/StylesSourceMapping.js:
284         (WebInspector.StylesSourceMapping):
285         (WebInspector.StylesSourceMapping.prototype._projectWillReset):
286         * inspector/front-end/TabbedEditorContainer.js:
287         (WebInspector.TabbedEditorContainer.prototype.reset):
288         * inspector/front-end/UISourceCode.js:
289         (WebInspector.UISourceCode.prototype.project):
290         * inspector/front-end/Workspace.js:
291         (WebInspector.WorkspaceController):
292         (WebInspector.WorkspaceController.prototype._inspectedURLChanged):
293         (WebInspector.Project):
294         (WebInspector.Project.prototype.name):
295         (WebInspector.Project.prototype.isServiceProject):
296         (WebInspector.Project.prototype._reset):
297         (WebInspector.Workspace):
298         (WebInspector.Workspace.prototype.uiSourceCodeForURL):
299         (WebInspector.Workspace.prototype.uiSourceCodeForURI):
300         (WebInspector.Workspace.prototype.addProject):
301         (WebInspector.Workspace.prototype.project):
302         (WebInspector.Workspace.prototype.projects):
303         (WebInspector.Workspace.prototype.uiSourceCodes):
304         (WebInspector.Workspace.prototype.projectForUISourceCode):
305         (WebInspector.Workspace.prototype.requestFileContent):
306         (WebInspector.Workspace.prototype.setFileContent):
307         (WebInspector.Workspace.prototype.searchInFileContent):
308         * inspector/front-end/inspector.js:
309         * inspector/front-end/utilities.js:
310
311 2013-01-11  Eugene Klyuchnikov  <eustas@chromium.org>
312
313         Web Inspector: [Resources] Make grid columns set configurable.
314         https://bugs.webkit.org/show_bug.cgi?id=105739
315
316         Reviewed by Pavel Feldman.
317
318         Added context menu on grid header to hide/show grid columns.
319         Hidden columns set is persisted.
320
321         * inspector/front-end/DataGrid.js:
322         Fixed show/hide behavior, introduced weight control.
323         * inspector/front-end/NetworkPanel.js:
324         Added member to track visibility of columns in detailerd mode. Added
325         context menu for grid header.
326
327 2013-01-11  Andras Becsi  <andras.becsi@digia.com>
328
329         [Qt] Fix the build if libxslt is not available but libxml2 is
330         https://bugs.webkit.org/show_bug.cgi?id=106661
331
332         Reviewed by Simon Hausmann.
333
334         On Linux building the xml parser sources fails if the needed libxslt
335         dependencies are not installed but libxml2 is.
336
337         * WebCore.pri: add libxml2 to pkg-config if not on mac.
338
339 2013-01-11  Stephen Chenney  <schenney@chromium.org>
340         Objects can be re-added to the AXObjectCache during removal
341         https://bugs.webkit.org/show_bug.cgi?id=104171
342
343         The problem occurs when a label's corresponding element is a sibling
344         that precedes it in the render tree, and the corresponding element is
345         removed. The corresponding element's AX render object is removed, but
346         then recreated when accessibilityIsIgnored() invokes correspondingControl()
347         on the label. The corresponding renderer then has an AX render object
348         that survives beyond the deleted renderer, leading to invalid memory
349         accesses.
350
351         The solution is to rearrange the calls to delete the renderer's AX
352         render object only when we are sure it will no longer be required.
353
354         Reviewed by Simon Fraser.
355
356         Test: accessibility/corresponding-control-deleted-crash.html
357
358         * rendering/RenderObject.cpp:
359         (WebCore::RenderObject::willBeDestroyed): Move the call to remove the
360         renderer from the AXCache to after the renderer is removed from the
361         render tree. This means that the AXObject still exists during renderer
362         removal, as we require.
363
364 2013-01-11  Allan Sandfeld Jensen  <allan.jensen@digia.com>
365
366         [Qt][WK1] Web Audio support
367         https://bugs.webkit.org/show_bug.cgi?id=106651
368
369         Reviewed by Jocelyn Turcotte.
370
371         Convert JavaScript Uint8Array to QByteArray. This conversion is necessary to support testRunner.setAudioData().
372
373         * bridge/qt/qt_runtime.cpp:
374         (JSC::Bindings::isJSUint8Array):
375         (Bindings):
376         (JSC::Bindings::valueRealType):
377         (JSC::Bindings::convertValueToQVariant):
378
379 2013-01-11  Anton Vayvod  <avayvod@chromium.org>
380
381         Text Autosizing - elements much narrower than its parent autosizing clusters should be autosized separately.
382         https://bugs.webkit.org/show_bug.cgi?id=105188
383
384         Reviewed by Kenneth Rohde Christiansen.
385
386         Some blocks of text might be narrower than their parent clusters and should be autosized separately.
387         This helps with autosizing for the pages implementing the sidebars as a narrow blocks of text with wide margins and
388         the main content being positioned atop this margin (or vice versa).
389
390         * rendering/TextAutosizer.cpp:
391         (WebCore::TextAutosizer::isContainerAutosizingCluster):
392
393             Returns true if the container is more than 200 pixels narrower than its parent cluster's lowest common
394             ancestor of all the text nodes.
395
396 2013-01-11  Andreas Kling  <akling@apple.com>
397
398         Remove unused CSSSelector(QualifiedName) constructor.
399         <http://webkit.org/b/106652>
400
401         Reviewed by Antti Koivisto.
402
403         * css/CSSSelector.h:
404         (CSSSelector):
405
406 2013-01-11  Zan Dobersek  <zandobersek@gmail.com>
407
408         [GTK] Disable the ENABLE_LEGACY_WEB_AUDIO feature define in release builds
409         https://bugs.webkit.org/show_bug.cgi?id=106577
410
411         Reviewed by Philippe Normand.
412
413         The Web Audio feature is not enabled in the release builds, so there's
414         no need to enable the legacy Web Audio API either.
415
416         No new tests - no new functionality.
417
418         * GNUmakefile.features.am.in:
419
420 2013-01-11  Antoine Quint  <graouts@apple.com>
421
422         Web Inspector: Option+Click on Node Expander Doesn't Work the First Time
423         https://bugs.webkit.org/show_bug.cgi?id=66868
424
425         Up to now, the TreeElement.prototype.expandRecursively() method would correctly
426         expand children recursively based on the provided depth, but would not wait to
427         perform this task until all child nodes had been populated, which means that this
428         would only work incrementally with one additional level of child nodes being shown
429         expanded in the DOM tree upon alt+clicking a given node with a deep hierarchy.
430         
431         In order to fix this, this patch adds a new optional argument to the DOMAgent's
432         requestChildNodes() methods to provide the depth at which we want to retrieve children
433         of a given node. The DOMAgent provides a new .getSubtree() method that calls
434         requestChildNodes() with the provided depth.
435
436         Then in ElementsTreeOutline, we subclass .expandRecursively() to first call DOMAgent's
437         new .getSubtree() method and then call the default implementation when all nodes
438         have been retrieved from the backend.
439
440         Reviewed by Pavel Feldman.
441
442         Tests: inspector-protocol/dom-request-child-nodes-depth.html
443                inspector/elements/expand-recursively.html
444
445         * inspector/Inspector.json: Add the new `depth` parameter to DOM.requestChildNodes().
446         * inspector/InspectorDOMAgent.cpp:
447         (WebCore::InspectorDOMAgent::pushChildNodesToFrontend): Add a new optional `depth` parameter
448         which defaults to 1.
449         (WebCore::InspectorDOMAgent::requestChildNodes): Add a new optional `depth` parameter
450         which defaults to 1 and allows -1 as an unbound value.
451         * inspector/InspectorDOMAgent.h:
452         (InspectorDOMAgent):
453         * inspector/front-end/DOMAgent.js:
454         (WebInspector.DOMNode.prototype.):
455         (WebInspector.DOMNode.prototype.getSubtree): New method allowing to specify at what depth
456         we want to retrieve children of a given node from the backend.
457         * inspector/front-end/ElementsTreeOutline.js:
458         (WebInspector.ElementsTreeElement.prototype.expandRecursively): Override default implementation
459         to first obtain the deepest subtree for the current node so that deep expansion happens as expected.
460
461 2013-01-11  Alexander Pavlov  <apavlov@chromium.org>
462
463         Web Inspector: [Elements] Search in the DOM tree does not scroll horizontally
464         https://bugs.webkit.org/show_bug.cgi?id=106648
465
466         Reviewed by Vsevolod Vlasov.
467
468         Scroll into view the first match in every tree element, if needed.
469
470         * inspector/front-end/ElementsPanel.js:
471         (WebInspector.ElementsPanel.prototype._highlightCurrentSearchResult):
472
473 2013-01-11  Andrey Adaikin  <aandrey@chromium.org>
474
475         Web Inspector: [Canvas] a minor follow-up to r137262
476         https://bugs.webkit.org/show_bug.cgi?id=106644
477
478         Reviewed by Pavel Feldman.
479
480         * inspector/InjectedScriptCanvasModuleSource.js:
481         (.):
482
483 2013-01-11  Kent Tamura  <tkent@chromium.org>
484
485         BaseDateAndTimeInputType should not inherit from TextFieldInputType
486         https://bugs.webkit.org/show_bug.cgi?id=106306
487
488         Reviewed by Hajime Morita.
489
490         Date/time input types don't need text-field features at all.
491
492         No new tests. This should not make any behavior changes except reduction
493         of memory usage.
494
495         * html/BaseDateAndTimeInputType.h:
496         Inherit InputType instead of TextFieldInputType.
497         (WebCore::BaseDateAndTimeInputType::BaseDateAndTimeInputType):
498         (BaseDateAndTimeInputType): Update function declarations.
499         * html/BaseDateAndTimeInputType.cpp:
500         Remove handleKeydownEvent and convertFromVisibleValue, which are for
501         TextFieldInputType.
502         (WebCore::BaseDateAndTimeInputType::shouldRespectListAttribute):
503         Added. This is necessary for <datalist> support. TextFieldInputType has
504         the same code.
505         (WebCore::BaseDateAndTimeInputType::valueMissing):
506         Added. This is necessary for validity.valueMissing. TextFieldInputType
507         has the same code.
508
509         * html/BaseChooserOnlyDateAndTimeInputType.cpp:
510         Remove unnecessary functions which cancel TextFieldInputType behavior.
511         * html/BaseChooserOnlyDateAndTimeInputType.h:
512         (BaseChooserOnlyDateAndTimeInputType): Remove declarations for them.
513
514         * html/BaseMultipleFieldsDateAndTimeInputType.cpp:
515         Remove unnecessary functions which cancel TextFieldInputType behavior.
516         * html/BaseMultipleFieldsDateAndTimeInputType.h:
517         (BaseMultipleFieldsDateAndTimeInputType):
518         Add SpinButtonOwner interface. We didn't need it because
519         TextFieldInputType implements it.
520
521 2013-01-11  Mary Wu  <mary.wu@torchmobile.com.cn>
522
523         [BlackBerry] Enable concatenating headers with same field name
524         https://bugs.webkit.org/show_bug.cgi?id=106625
525
526         Reviewed by Rob Buis.
527
528         RFC 2616 specifies that headers could concatenate with comma if they have
529         same field name. We should enable this if the header allows multiple values.
530
531         RIM PR# 275508, internally reviewed by Joe Mason
532
533         (WebCore):
534         (WebCore::isAppendableHeader):
535         (WebCore::NetworkJob::handleNotifyHeaderReceived):
536
537 2013-01-11  Jochen Eisinger  <jochen@chromium.org>
538
539         Connect UserGestureIndicator for mousedown and mouseup events
540         https://bugs.webkit.org/show_bug.cgi?id=105138
541
542         Reviewed by Adam Barth.
543
544         Ports that consume user gestures to prevent certain types of pop-ups
545         need to be able to connect mousedown and mouseup events, otherwise, a
546         single mouse click will allow for opening multiple pop-ups.
547
548         Note that a mousedown is not always followed by a mouseup and vice
549         versa, e.g. when the mousedown results in a context menu being shown, or
550         something is dragged into the page.
551
552         Test: platform/chromium/fast/events/popup-allowed-from-gesture-only-once-two-events.html
553
554         * page/EventHandler.cpp:
555         (WebCore::EventHandler::clear):
556         (WebCore::EventHandler::handleMousePressEvent):
557         (WebCore::EventHandler::handleMouseReleaseEvent):
558         * page/EventHandler.h:
559
560 2013-01-11  Eugene Klyuchnikov  <eustas@chromium.org>
561
562         Web Inspector: [Resources] "Delete" cookie deletes all cookies with matching name.
563         https://bugs.webkit.org/show_bug.cgi?id=105633
564
565         Reviewed by Pavel Feldman.
566
567         "Delete" cookie deletes all cookies with matching name,
568         ignoring domain and path.
569
570         * inspector/Inspector.json: Change argument "domain" to "url"
571         * inspector/InspectorPageAgent.cpp:
572         (WebCore::InspectorPageAgent::deleteCookie): Use url to delte cookies.
573         * inspector/InspectorPageAgent.h: Adopt new signature.
574         * inspector/front-end/CookieItemsView.js:
575         (WebInspector.CookieItemsView.prototype._deleteCookie): Ditto.
576
577 2013-01-11  KwangYong Choi  <ky0.choi@samsung.com>
578
579         [EFL] Fix unused parameter build error
580         https://bugs.webkit.org/show_bug.cgi?id=106639
581
582         Reviewed by Kentaro Hara.
583
584         Use UNUSED_PARAM macro to fix build error.
585
586         No new tests, no behavior change.
587
588         * platform/efl/EflScreenUtilities.cpp:
589         (WebCore::isUsingEcoreX):
590         * platform/efl/RenderThemeEfl.cpp:
591         (WebCore::RenderThemeEfl::supportsDataListUI):
592
593 2013-01-11  Pavel Feldman  <pfeldman@chromium.org>
594
595         Web Inspector [chromium]: Debugger.globalObjectCleared is not dispatched on reload after renderer swap
596         https://bugs.webkit.org/show_bug.cgi?id=106555
597
598         Reviewed by Vsevolod Vlasov.
599
600         Wrong ::enable was made virtual in the InspectorDebuggerAgent.
601
602         Test: inspector/debugger/debugger-scripts-reload.html
603
604         * inspector/InspectorDebuggerAgent.h:
605         (InspectorDebuggerAgent):
606         * inspector/PageDebuggerAgent.cpp:
607         (WebCore::PageDebuggerAgent::enable):
608         (WebCore::PageDebuggerAgent::disable):
609         * inspector/PageDebuggerAgent.h:
610         (PageDebuggerAgent):
611
612 2013-01-11  Vsevolod Vlasov  <vsevik@chromium.org>
613
614         Web Inspector: Refactoring, move NetworkWorkspaceProvider to NetworkUISourceCodeProvider.js and rename its parent to SimpleWorkspaceProvider.
615         https://bugs.webkit.org/show_bug.cgi?id=106635
616
617         Reviewed by Pavel Feldman.
618
619         * WebCore.gypi:
620         * WebCore.vcproj/WebCore.vcproj:
621         * inspector/compile-front-end.py:
622         * inspector/front-end/DebuggerScriptMapping.js:
623         (WebInspector.DebuggerScriptMapping):
624         * inspector/front-end/DefaultScriptMapping.js:
625         (WebInspector.DefaultScriptMapping):
626         (WebInspector.DefaultScriptMapping.prototype.addScript):
627         (WebInspector.DebuggerWorkspaceProvider):
628         (WebInspector.DebuggerWorkspaceProvider.prototype.addDebuggerFile):
629         * inspector/front-end/LiveEditSupport.js:
630         (WebInspector.LiveEditSupport):
631         (WebInspector.LiveEditSupport.prototype.uiSourceCodeForLiveEdit):
632         (WebInspector.LiveEditWorkspaceProvider):
633         (WebInspector.LiveEditWorkspaceProvider.prototype.addLiveEditFile):
634         * inspector/front-end/NetworkUISourceCodeProvider.js:
635         (WebInspector.NetworkWorkspaceProvider):
636         (WebInspector.NetworkWorkspaceProvider.prototype.addNetworkFile):
637         * inspector/front-end/SimpleWorkspaceProvider.js: Renamed from Source/WebCore/inspector/front-end/NetworkWorkspaceProvider.js.
638         (WebInspector.SimpleWorkspaceProvider):
639         (WebInspector.SimpleWorkspaceProvider.uriForURL):
640         (WebInspector.SimpleWorkspaceProvider.prototype.requestFileContent):
641         (WebInspector.SimpleWorkspaceProvider.prototype.setFileContent):
642         (WebInspector.SimpleWorkspaceProvider.prototype.searchInFileContent):
643         (WebInspector.SimpleWorkspaceProvider.prototype.addFile):
644         (WebInspector.SimpleWorkspaceProvider.prototype.removeFile):
645         (WebInspector.SimpleWorkspaceProvider.prototype.uniqueURI):
646         (WebInspector.SimpleWorkspaceProvider.prototype.reset):
647         * inspector/front-end/WebKit.qrc:
648         * inspector/front-end/inspector.html:
649         * inspector/front-end/inspector.js:
650
651 2013-01-10  Grzegorz Czajkowski  <g.czajkowski@samsung.com>
652
653         On Linux, should be able to get spelling suggestions without selecting the misspelled word
654         https://bugs.webkit.org/show_bug.cgi?id=103520
655
656         Reviewed by Ryosuke Niwa.
657
658         Allow to get/insert spelling suggestions without selecting the misspelled word for
659         Linux WebKit ports. WebCore assumes that the misspelled word has to be selected
660         to get its suggestions.
661
662         In compliance with native application behaviour a new editing policy is introduced,
663         to do not highlight the misspelled word to just get its guesses.
664
665         No new tests, covered by context-menu-suggestions.html.
666
667         * WebCore.exp.in:
668         Remove _ZN7WebCore6Editor21isSelectionMisspelledEv symbol as Mac port doesn't
669         need it any longer.
670
671         * editing/EditingBehavior.h:
672         (EditingBehavior):
673         (WebCore::EditingBehavior::shouldAllowSpellingSuggestionsWithoutSelection):
674         Add a new behavior for Linux, to allow spelling suggestions without selecting
675         the misspelled word.
676
677         * editing/Editor.cpp:
678         (WebCore::Editor::isContinuousSpellCheckingEnabled):
679         Add missing const modifier, to use this method in 'misspelledWordAtCaretOrRange() const'.
680
681         (WebCore::Editor::misspelledWordAtCaretOrRange):
682         Allow to check spelling under the caret or selected word.
683         Does nothing for selection made on the multiple words.
684
685         (WebCore::Editor::misspelledSelectionString):
686         Return the misspelled selection.
687
688         (WebCore::Editor::guessesForMisspelledWord):
689         Remove 'Selection' from method name as it may return guesses without selection.
690
691         (WebCore::Editor::guessesForMisspelledOrUngrammatical):
692         Ditto.
693
694         * page/ContextMenuController.cpp:
695         (WebCore::ContextMenuController::contextMenuItemSelected):
696         Select the word under caret to meet the conditions from misspelledWordAtCaretOrRange.
697
698         (WebCore::ContextMenuController::populate):
699         Update guessesForMisspelledOrUngrammatical call.
700
701 2013-01-10  Hajime Morrita  <morrita@google.com>
702
703         https://bugs.webkit.org/show_bug.cgi?id=106283
704         [Shadow DOM] HTMLContentElement and HTMLShadowElement should be behind SHADOW_DOM
705
706         Reviewed by Kentaro Hara.
707
708         No new tests. Covered by existing tests.
709
710         This change moves <content> and <shadow> behind
711         ENABLE(SHADOW_DOM). Note that empty stub definitions are remaining
712         even after this change. They are for minimizing #if/#endif usage
713         and won't hurt code size.
714
715         * WebCore.exp.in:
716         * html/InputType.cpp:
717         (WebCore::InputType::destroyShadowSubtree):
718         * html/shadow/ContentDistributor.cpp:
719         (WebCore::ContentDistributor::distribute):
720         * html/shadow/HTMLContentElement.cpp:
721         (WebCore):
722         (WebCore::HTMLContentElement::create):
723         (WebCore::HTMLContentElement::HTMLContentElement):
724         * html/shadow/HTMLContentElement.h:
725         (WebCore):
726         (HTMLContentElement):
727         * html/shadow/HTMLShadowElement.cpp:
728         * html/shadow/HTMLShadowElement.h:
729         (WebCore):
730         (WebCore::isHTMLShadowElement):
731         (WebCore::toHTMLShadowElement):
732         * html/shadow/TextFieldDecorationElement.cpp:
733         (WebCore::TextFieldDecorationElement::decorate):
734         * testing/Internals.cpp:
735         (WebCore::Internals::createContentElement):
736         (WebCore::Internals::isValidContentSelect):
737
738 2013-01-10  Takashi Sakamoto  <tasak@google.com>
739
740         Implement CSSGroupingRule for @host @-rules and @supports.
741         https://bugs.webkit.org/show_bug.cgi?id=106418
742
743         Reviewed by Antti Koivisto.
744
745         CSSGroupingRule is to share code between CSSMediaRule, CSSSupportsRule
746         and CSSHostRule. @supports and @host @-rules are dervied from
747         CSSGroupingRule:
748         http://www.w3.org/TR/2012/WD-css3-conditional/#the-cssgroupingrule-interface
749         https://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/shadow/index.html#css-host-rule-interface
750         Since @media is also derived from CSSGroupingRule and @region has the
751         same interface as CSSGroupingRule, modify to use CSSGroupingRule:
752         http://dev.w3.org/csswg/css3-regions/#the-at-region-style-rule
753
754         No new tests, because no new feature is implemented.
755
756         * CMakeLists.txt:
757         * GNUmakefile.list.am:
758         * Target.pri:
759         * WebCore.gypi:
760         * WebCore.vcproj/WebCore.vcproj:
761         * WebCore.xcodeproj/project.pbxproj:
762         Added CSSGroupingRule.h and CSSGroupingRule.cpp.
763         * css/CSSAllInOne.cpp:
764         Modified to include CSSGroupingRule.cpp.
765         * css/CSSGroupingRule.cpp: Added.
766         (WebCore):
767         (WebCore::CSSGroupingRule::CSSGroupingRule):
768         (WebCore::CSSGroupingRule::~CSSGroupingRule):
769         (WebCore::CSSGroupingRule::insertRule):
770         (WebCore::CSSGroupingRule::deleteRule):
771         (WebCore::CSSGroupingRule::appendCssTextForItems):
772         (WebCore::CSSGroupingRule::length):
773         (WebCore::CSSGroupingRule::item):
774         (WebCore::CSSGroupingRule::cssRules):
775         (WebCore::CSSGroupingRule::reattach):
776         (WebCore::CSSGroupingRule::reportMemoryUsage):
777         These codes are moved from CSSMediaRule and WebKitCSSRegionRule.
778         * css/CSSGroupingRule.h:
779         (WebCore):
780         (CSSGroupingRule):
781         * css/CSSMediaRule.cpp:
782         (WebCore::CSSMediaRule::CSSMediaRule):
783         (WebCore::CSSMediaRule::~CSSMediaRule):
784         Make CSSMediaRule inherit CSSGroupingRule.
785         (WebCore::CSSMediaRule::media):
786         (WebCore::CSSMediaRule::reattach):
787         Keep the code for updating media queries' CSSOMWrapper.
788         (WebCore::CSSMediaRule::reportMemoryUsage):
789         We need to report media queries' CSSOMWrapper memory usage.
790         (WebCore::CSSMediaRule::mediaQueries):
791         (WebCore::CSSMediaRule::cssText):
792         * css/CSSMediaRule.h:
793         * css/WebKitCSSRegionRule.cpp:
794         Make WebKitCSSRegionRule inherit CSSGroupingRule.
795         (WebCore::WebKitCSSRegionRule::WebKitCSSRegionRule):
796         (WebCore::WebKitCSSRegionRule::cssText):
797         * css/WebKitCSSRegionRule.h:
798         * css/StyleRule.h:
799         Added inlined accessor to obtain StyleRuleMedia* and StyleRuleRegion*
800         from StyleRuleBlock*.
801
802 2012-12-28  Andrey Adaikin  <aandrey@chromium.org>
803
804         Web Inspector: [Canvas] add an option to reload the page if there is an uninstrumented canvas
805         https://bugs.webkit.org/show_bug.cgi?id=105822
806
807         Reviewed by Pavel Feldman.
808
809         Show in the front-end an option to reload the page if there is an uninstrumented canvas.
810
811         * inspector/front-end/CanvasProfileView.js:
812         (WebInspector.CanvasProfileType):
813         (WebInspector.CanvasProfileType.prototype.decorationElement):
814         (WebInspector.CanvasProfileType.prototype._updateDecorationElement):
815         (WebInspector.CanvasProfileType.prototype._onReloadPageButtonClick):
816         * inspector/front-end/ProfileLauncherView.js:
817         (WebInspector.ProfileLauncherView.prototype.addProfileType):
818         * inspector/front-end/ProfilesPanel.js:
819         (WebInspector.ProfileType.prototype.decorationElement):
820
821 2013-01-10  Dimitri Glazkov  <dglazkov@chromium.org>
822
823         The word "selector" is somewhat redundant redundantly used in SelectorChecker.
824         https://bugs.webkit.org/show_bug.cgi?id=106413
825
826         In https://bugs.webkit.org/show_bug.cgi?id=105864, Antti suggested reducing some of the redundant uses of the word
827         "selector" in SelectorChecker. Here's a start.
828
829         Reviewed by Antti Koivisto.
830
831         Simple renames, no change in behavior.
832
833         * css/SelectorChecker.cpp:
834         (WebCore::SelectorChecker::match): Renamed.
835         (WebCore):
836         (WebCore::SelectorChecker::fastCheck): Ditto,
837         (WebCore::SelectorChecker::checkOne): Ditto.
838         * css/SelectorChecker.h:
839         (SelectorChecker):
840         * css/StyleResolver.cpp:
841         (WebCore::StyleResolver::collectMatchingRulesForList): Changed to use new name.
842         (WebCore::StyleResolver::ruleMatches): Renamed from checkSelector to better match argument and return value.
843         (WebCore::StyleResolver::checkRegionSelector): Changed to use new names.
844         * css/StyleResolver.h:
845         (StyleResolver):
846         * dom/SelectorQuery.cpp:
847         (WebCore::SelectorDataList::matches): Ditto.
848         (WebCore::SelectorDataList::execute): Ditto.
849         * html/shadow/ContentSelectorQuery.cpp:
850         (WebCore::ContentSelectorChecker::checkContentSelector): Ditto.
851
852 2013-01-10  John J. Barton  <johnjbarton@chromium.org>
853
854         Web Inspector: Pass the script url to the script-preprocessor script
855         https://bugs.webkit.org/show_bug.cgi?id=104384
856
857         Reviewed by Pavel Feldman.
858
859         Add url argument to the script-preprocessor script in PageAgent.reload()
860
861         Test: inspector/debugger/debugger-script-preprocessor.html
862
863         * bindings/v8/DebuggerScript.js:
864         * bindings/v8/ScriptDebugServer.cpp:
865         (WebCore::ScriptDebugServer::ScriptPreprocessor::ScriptPreprocessor):
866         (WebCore::ScriptDebugServer::ScriptPreprocessor::preprocessSourceCode):
867         (WebCore::ScriptDebugServer::handleV8DebugEvent):
868         * bindings/v8/custom/V8InjectedScriptManager.cpp:
869         (WebCore::InjectedScriptManager::createInjectedScript):
870
871 2013-01-10  Eugene Klyuchnikov  <eustas@chromium.org>
872
873         Web Inspector: DataGrid refactoring: make cell editing more generic.
874         https://bugs.webkit.org/show_bug.cgi?id=105849
875
876         Reviewed by Pavel Feldman.
877
878         Editing feature has been added to DataGrid to edit localStorage.
879         Column numbers (0 and 1) are hardcoded.
880
881         This patch makes column editing feature more generic: remove hardcoded
882         colums, take "editable" column property into account.
883
884         This patch is a prerequisite for cookie editing.
885
886         * inspector/front-end/DOMStorageItemsView.js:
887         Use meaningful column names.
888         * inspector/front-end/DataGrid.js:
889         (WebInspector.DataGrid.prototype._ondblclick): Check column editability.
890         (WebInspector.DataGrid.prototype._contextMenuInDataTable): Ditto.
891         (WebInspector.DataGridNode.prototype.createCell):
892         Supply cell element with column id.
893         (WebInspector.DataGrid.prototype.columnIdentifierFromNode):
894         Added utility method.
895         (WebInspector.DataGrid.prototype._nextEditableColumn): Ditto.
896         (WebInspector.DataGrid.prototype._keyDown): Calculate editable column.
897         (WebInspector.DataGrid.prototype._editingCommitted): Ditto.
898         (WebInspector.DataGrid.prototype._startEditing): Ditto.
899         (WebInspector.DataGrid.prototype._startEditingColumnOfDataGridNode):
900         Refined parameter type / name.
901         (WebInspector.DataGrid.prototype._resizerDragging):
902         Fix resizer index property names.
903         (WebInspector.DataGrid.prototype._startResizerDragging): Ditto.
904         (WebInspector.DataGrid.prototype._positionResizers): Ditto.
905         * inspector/front-end/NetworkPanel.js:
906         (WebInspector.NetworkLogView.prototype._updateDividersIfNeeded): Ditto.
907
908 2013-01-10  Matt Falkenhagen  <falken@chromium.org>
909
910         Elements must be reattached when inserted/removed from top layer
911         https://bugs.webkit.org/show_bug.cgi?id=105489
912
913         Reviewed by Julien Chaffraix.
914
915         Ensure a reattach occurs when an element is inserted/removed from top layer, so its renderer can be inserted correctly:
916         as a child of RenderView in top layer sibling order if it's in the top layer, and in the usual place otherwise.
917
918         We previously relied on style recalc to catch when an element is inserted/removed from the top layer, because it
919         only happens on dialog.show/close which toggle display: none. But that is incorrect because, for example, close()
920         followed immediately by show() results in no style change.
921
922         Tests: fast/dom/HTMLDialogElement/removed-element-is-removed-from-top-layer.html
923                fast/dom/HTMLDialogElement/top-layer-stacking-correct-order-remove-readd.html
924
925         * dom/Element.cpp:
926         (WebCore::Element::removedFrom): Call Document::removeFromTopLayer to let the element be removed from the top layer vector.
927         removeFromTopLayer calls Element::setIsInTopLayer(false) itself if needed.
928         (WebCore::Element::setIsInTopLayer): Ensure a reattach occurs if the element is already attached.
929
930 2013-01-10  Shinya Kawanaka  <shinyak@chromium.org>
931
932         When a selected node in nested ShadowDOM is deleted, selection have wrong range.
933         https://bugs.webkit.org/show_bug.cgi?id=106526
934
935         Reviewed by Ryosuke Niwa.
936
937         Since FrameSelection and htmlediting did not consider nested Shadow DOM, the FrameSelection still selects
938         removed elements if selected nodes in nested Shadow DOM are removed.
939
940         We have to use containsIncludingShadowDOM to handle with nested Shadow DOM correctly.
941
942         Test: fast/dom/shadow/selection-in-nested-shadow.html
943
944         * editing/FrameSelection.cpp:
945         (WebCore::removingNodeRemovesPosition):
946         * editing/htmlediting.cpp:
947         (WebCore::updatePositionForNodeRemoval):
948
949 2013-01-10  Hajime Morrita  <morrita@google.com>
950
951         [Shadow DOM] Refactoring: InsertionPoint could simplify its subclass hooks
952         https://bugs.webkit.org/show_bug.cgi?id=106614
953
954         Reviewed by Dimitri Glazkov.
955
956         This change simplifies InsertionPoint overrides and give some flexibility to it.
957
958         The change
959
960         - Removes InsertionPoint::isSelectValid(). now ContentSelectorQuery parses given selector anyway.
961           Invalid select attribute is handled by newly introduced matchTypeFor() method.
962         - Introduces InsertionPoint::matchTypeFor() to give a chance each InsertionPoint to decide whether it
963           accepts the given node as its distribution. Then it lets DetailsSummaryElement adopt it.
964         - Pulls some HTMLShadowElement overrides up to InsertionPoint so that other upcoming InsertionPoint
965           subclasses don't need to override them.
966
967         No new tests. Refactoring.
968
969         * html/HTMLDetailsElement.cpp:
970         (WebCore::DetailsSummaryElement::DetailsSummaryElement):
971         - Implemented matchTypeFor() to get rid of HTMLContentElement machinery which is compiled out in the upcoming change.
972         (DetailsSummaryElement):
973         * html/shadow/ContentSelectorQuery.cpp:
974         (WebCore::ContentSelectorQuery::ContentSelectorQuery):
975         (WebCore::ContentSelectorQuery::matches):
976         * html/shadow/HTMLContentElement.cpp:
977         (WebCore::HTMLContentElement::matchTypeFor): Added.
978         (WebCore):
979         * html/shadow/HTMLContentElement.h:
980         (HTMLContentElement):
981         (WebCore::isHTMLContentElement):
982         * html/shadow/HTMLShadowElement.cpp:
983         * html/shadow/HTMLShadowElement.h:
984         (HTMLShadowElement):
985         * html/shadow/InsertionPoint.cpp:
986         (WebCore::InsertionPoint::emptySelectorList): Moved from HTMLShadowElement.
987         (WebCore):
988         * html/shadow/InsertionPoint.h:
989         (WebCore::InsertionPoint::matchTypeFor): Added.
990         (WebCore::InsertionPoint::selectorList): Moved from HTMLShadowElement.
991         (InsertionPoint):
992         * testing/Internals.cpp:
993         (WebCore::Internals::isValidContentSelect):
994
995 2013-01-10  Dean Jackson  <dino@apple.com>
996
997         Plugin snapshot label should take device resolution and inset into account
998         https://bugs.webkit.org/show_bug.cgi?id=106619
999
1000         Reviewed by Simon Fraser.
1001
1002         * rendering/RenderSnapshottedPlugIn.cpp:
1003         (WebCore::RenderSnapshottedPlugIn::paintLabel): Take into account the inset in the label image.
1004         (WebCore::RenderSnapshottedPlugIn::tryToFitStartLabel): Look at the page's device scale, and adjust the label image accordingly.
1005
1006 2013-01-10  James Robinson  <jamesr@chromium.org>
1007
1008         [chromium] Store scrollable layer's contents size for coordinated scrollable layers
1009         https://bugs.webkit.org/show_bug.cgi?id=106518
1010
1011         Reviewed by Adrienne Walker.
1012
1013         This stores a scrollable layer's contentsSize in the scroll layer's bounds, which is otherwise not useful. This
1014         value is currently calculated based on fragile knowledge of the tree structure immediately beneath a scrollable
1015         layer.
1016
1017         * page/scrolling/chromium/ScrollingCoordinatorChromium.cpp:
1018         (WebCore::ScrollingCoordinatorChromium::frameViewLayoutUpdated):
1019
1020 2013-01-10  Dan Beam  <dbeam@chromium.org>
1021
1022         Implement AutocompleteErrorEvent#reason
1023         https://bugs.webkit.org/show_bug.cgi?id=105568
1024
1025         Reviewed by Adam Barth.
1026
1027         Test: fast/events/constructors/autocomplete-error-event-constructor.html
1028
1029         * WebCore.gypi: Added AutocompleteErrorEvent.idl and AutocompleteErrorEvent.h for chromium port's build.
1030         * dom/AutocompleteErrorEvent.h: Added.
1031         (WebCore): Added new type of error named AutocompleteErrorEvent.
1032         (AutocompleteErrorEventInit): Added init params for AutocompleteErrorEvents (so initEvent() can be used).
1033         (AutocompleteErrorEvent): Added a new error event that inherits from Event but also has a reason for failure.
1034         (WebCore::AutocompleteErrorEvent::create): Factory function to create AutocompleteErrorEvents.
1035         (WebCore::AutocompleteErrorEvent::reason): The reason why a requestAutocomplete() invocation failed. Can be
1036                                                    "disabled", "cancel", or "invalid".
1037         (WebCore::AutocompleteErrorEvent::interfaceName): The name of the event's interface (for event.toString()).
1038         (WebCore::AutocompleteErrorEvent::AutocompleteErrorEvent): Various ways of constructing the error event.
1039         * dom/AutocompleteErrorEvent.idl: Added.
1040         * dom/EventNames.in: Added AutocompleteError to this list, based on REQUEST_AUTOCOMPLETE conditional.
1041         * html/HTMLFormElement.cpp: Updated form elements to dispatch AutocompleteErrorEvents on errors and to give
1042                                     more details (event.reason) when the request fails.
1043         (WebCore::HTMLFormElement::requestAutocomplete): Changed to newly added failure type "disabled".
1044         (WebCore::HTMLFormElement::finishRequestAutocomplete): Changed
1045         * html/HTMLFormElement.h: Added new results (ErrorDisabled, ErrorCancel, ErrorInvalid).
1046         * page/DOMWindow.idl: Added global event constructor for new AutocompleteErrorEvent() style event creation.
1047
1048 2013-01-10  Yong Li  <yoli@rim.com>
1049
1050         HTMLMediaElement::resume() should schedule a load rather than load immediately
1051         https://bugs.webkit.org/show_bug.cgi?id=106587
1052
1053         Reviewed by Eric Carlson.
1054
1055         It is not always safe to start the jobs at the time resume() is called. That is why the jobs are
1056         suspended. It can also be suspended again right after being resumed.
1057
1058         No new tests as there is no visible functional change, also it is a theoretically good-to-have change
1059         that doesn't fix any known cross-platform issue.
1060
1061         * html/HTMLMediaElement.cpp:
1062         (WebCore::HTMLMediaElement::resume): Replace load() with scheduleLoad().
1063
1064 2013-01-10  Adam Barth  <abarth@webkit.org>
1065
1066         Add an ENABLE macro and a WebCore::Setting for the threaded parser
1067         https://bugs.webkit.org/show_bug.cgi?id=106595
1068
1069         Reviewed by Benjamin Poulain.
1070
1071         This patch adds both a WebCore::Setting and an ENABLE macro for the
1072         threaded parser. We plan to keep the ENABLE macro off by default for a
1073         while. The runtime setting will let us more easily conduct A/B
1074         experiments when the time arises.
1075
1076         * page/Settings.in:
1077
1078 2013-01-10  Xianzhu Wang  <wangxianzhu@chromium.org>
1079
1080         Regression(r129944): Heap-use-after-free in WebCore::computeNonFastScrollableRegion
1081         https://bugs.webkit.org/show_bug.cgi?id=99515
1082
1083         Reviewed by Simon Fraser.
1084
1085         The object used-after-freed is a destructed FrameView that is still in the m_scrollableAreas set of the parent FrameView. Actually it has been removed from m_scrollableAreas when setParent(0), but then is added back in updateScrollableAreaSet() because its frameViewParent() is still not 0 (though parent() is already 0).
1086
1087         No new tests. The heap-use-after-free doesn't always cause crash so it can't be stably tested with a test case. Memory analysis tools like asan discovered the heap-use-after-free and verified that the patch can fix the issue.
1088
1089         * page/FrameView.cpp:
1090         (WebCore::FrameView::parentFrameView): Checks if the FrameView has been removed from the parent.
1091
1092 2013-01-10  John Mellor  <johnme@chromium.org>
1093
1094         Fix scale of screen.width, window.outerWidth and @media device-width when page scale not applied in compositor.
1095         https://bugs.webkit.org/show_bug.cgi?id=106460
1096
1097         Reviewed by Kenneth Rohde Christiansen.
1098
1099         screen.width, window.outerWidth and @media device-width should be in
1100         density independent (UI) pixels, not physical screen pixels.
1101
1102         This already works on most ports (including iOS). However Chrome for
1103         Android currently internally sizes its windows in physical screen pixels
1104         instead of density independent pixels, and this leaks through in the
1105         sizes provided to WebCore.
1106
1107         This patch scales these sizes appropriately before they reach JavaScript,
1108         on platforms where the applyPageScaleFactorInCompositor setting is false
1109         (i.e. just Chrome for Android). Once Chrome for Android switches over to
1110         the same coordinate space, the applyPageScaleFactorInCompositor setting
1111         will be removed, along with any code (such as this) that depends on it.
1112
1113         The effect of this patch on Chrome for Android when viewing a page with
1114         a width=device-width viewport on a Galaxy Nexus (720x1280 @ dPR 2) is:
1115             @media device-width      changes from 720 to 360
1116             screen.width             changes from 720 to 360
1117             screen.availWidth        changes from 720 to 360
1118             window.outerWidth        changes from 720 to 360
1119             window.innerWidth                    remains 360 (at overview zoom)
1120             @media width                         remains 360
1121             document.documentElement.clientWidth remains 360
1122             document.documentElement.offsetWidth remains 360
1123             document.documentElement.scrollWidth remains 360
1124             document.body.clientWidth            remains 360
1125             document.body.offsetWidth            remains 360
1126             document.body.scrollWidth            remains 360
1127         And similarly for heights (though they are slightly less than 640, since
1128         toolbars etc. get subtracted from the available height).
1129
1130         No new tests, as applyDeviceScaleFactorInCompositor appears to always be
1131         true in DumpRenderTree, so this situation cannot occur there.
1132
1133         * page/Settings.in:
1134             Added applyDeviceScaleFactorInCompositor setting, which allows
1135             detecting whether we need to normalize the scale.
1136         * platform/chromium/PlatformScreenChromium.cpp:
1137         (WebCore::toUserSpace):
1138             Static function for normalizing screen rect scale.
1139         (WebCore::screenRect):
1140             Uses toUserSpace.
1141         (WebCore::screenAvailableRect):
1142             Uses toUserSpace.
1143         * rendering/TextAutosizer.cpp:
1144         (WebCore::TextAutosizer::processSubtree):
1145             Use applyDeviceScaleFactorInCompositor instead of
1146             applyPageScaleFactorInCompositor, to scale the window rect correctly
1147             on platforms other than Chrome for Android.
1148
1149 2013-01-10  Florin Malita  <fmalita@chromium.org>
1150
1151         Rename GraphicsContext::addRoundedRectClip
1152         https://bugs.webkit.org/show_bug.cgi?id=106581
1153
1154         Reviewed by Simon Fraser.
1155
1156         This patch renames GraphicsContext::addRoundedRectClip to clipRoundedRect for consistency
1157         with the other GC clipping methods.
1158
1159         No new tests: no functional changes.
1160
1161         * WebCore.order:
1162         * platform/graphics/GraphicsContext.cpp:
1163         (WebCore::GraphicsContext::clipRoundedRect):
1164         * platform/graphics/GraphicsContext.h:
1165         (GraphicsContext):
1166         * platform/graphics/skia/GraphicsContextSkia.cpp:
1167         (WebCore::GraphicsContext::clipRoundedRect):
1168         * rendering/RenderBox.cpp:
1169         (WebCore::RenderBox::paintBoxDecorations):
1170         (WebCore::RenderBox::pushContentsClip):
1171         * rendering/RenderBoxModelObject.cpp:
1172         (WebCore::RenderBoxModelObject::clipRoundedInnerRect):
1173         (WebCore::RenderBoxModelObject::paintBorder):
1174         (WebCore::RenderBoxModelObject::drawBoxSideFromPath):
1175         * rendering/RenderLayer.cpp:
1176         (WebCore::RenderLayer::clipToRect):
1177         * rendering/RenderThemeChromiumWin.cpp:
1178         (WebCore):
1179         (WebCore::RenderThemeChromiumWin::paintTextFieldInternal):
1180         * rendering/RenderThemeMacShared.mm:
1181         (WebCore::RenderThemeMacShared::paintMenuListButtonGradients):
1182         (WebCore::RenderThemeMacShared::paintSliderTrack):
1183         * rendering/RenderThemeSafari.cpp:
1184         (WebCore::RenderThemeSafari::paintMenuListButtonGradients):
1185         (WebCore::RenderThemeSafari::paintSliderTrack):
1186         * rendering/RenderThemeWinCE.cpp:
1187         (WebCore::RenderThemeWinCE::paintSearchFieldCancelButton):
1188
1189 2013-01-10  Tommy Widenflycht  <tommyw@google.com>
1190
1191         MediaStream API: Adding the new id attribute to MediaStream and MediaStreamTrack
1192         https://bugs.webkit.org/show_bug.cgi?id=106564
1193
1194         Reviewed by Adam Barth.
1195
1196         Specification: http://dev.w3.org/2011/webrtc/editor/getusermedia.html
1197         MediaStream looses its label attribute and instead gets an id attribute.
1198         MediaStreamTrack gets an id attribute.
1199
1200         Not testable yet, will add tests in a followup patch.
1201
1202         * Modules/mediastream/MediaStream.h:
1203         (WebCore::MediaStream::label):
1204         (MediaStream):
1205         (WebCore::MediaStream::id):
1206         * Modules/mediastream/MediaStream.idl:
1207         * Modules/mediastream/MediaStreamTrack.cpp:
1208         (WebCore::MediaStreamTrack::id):
1209         (WebCore):
1210         * Modules/mediastream/MediaStreamTrack.h:
1211         * Modules/mediastream/MediaStreamTrack.idl:
1212         * platform/chromium/support/WebMediaStreamComponent.cpp:
1213         (WebKit::WebMediaStreamComponent::initialize):
1214         (WebKit):
1215         (WebKit::WebMediaStreamComponent::isEnabled):
1216         (WebKit::WebMediaStreamComponent::id):
1217         (WebKit::WebMediaStreamComponent::source):
1218         * platform/chromium/support/WebMediaStreamDescriptor.cpp:
1219         (WebKit::WebMediaStreamDescriptor::label):
1220         (WebKit):
1221         (WebKit::WebMediaStreamDescriptor::id):
1222         * platform/mediastream/MediaStreamComponent.h:
1223         (WebCore::MediaStreamComponent::id):
1224         (WebCore::MediaStreamComponent::MediaStreamComponent):
1225         (MediaStreamComponent):
1226         * platform/mediastream/MediaStreamDescriptor.h:
1227         (WebCore::MediaStreamDescriptor::create):
1228         (WebCore::MediaStreamDescriptor::id):
1229         (WebCore::MediaStreamDescriptor::MediaStreamDescriptor):
1230         (MediaStreamDescriptor):
1231
1232 2013-01-10  Ojan Vafai  <ojan@chromium.org>
1233
1234         Flexboxes incorrectly add the scrollbar width to the intrinsic width of fixed-width items
1235         https://bugs.webkit.org/show_bug.cgi?id=106591
1236
1237         Reviewed by Levi Weintraub.
1238
1239         The scrollbar width should only be added if the width of the flex item
1240         is not fixed.
1241
1242         Test: fast/css/fixed-width-intrinsic-width-excludes-scrollbars.html
1243
1244         * rendering/RenderBlock.cpp:
1245         (WebCore::RenderBlock::computePreferredLogicalWidths):
1246         Use shared helper method. This also happens to fix the vertical
1247         writing-mode case.
1248
1249         * rendering/RenderBox.cpp:
1250         (WebCore::RenderBox::instrinsicScrollbarLogicalWidth):
1251         (WebCore):
1252         * rendering/RenderBox.h:
1253         (RenderBox):
1254         Add a method for determining the scrollbar's contribution to the boxes
1255         intrinsic width.
1256
1257         * rendering/RenderDeprecatedFlexibleBox.cpp:
1258         (WebCore::RenderDeprecatedFlexibleBox::computePreferredLogicalWidths):
1259         * rendering/RenderFlexibleBox.cpp:
1260         (WebCore::RenderFlexibleBox::computePreferredLogicalWidths):
1261         Use shared code for determining the scrollbar width and only add the
1262         width when computing the intrinsic widths.
1263
1264         * rendering/RenderGrid.cpp:
1265         (WebCore::RenderGrid::computePreferredLogicalWidths):\
1266         Just adding a FIXME to account for scrollbar width.
1267
1268 2013-01-10  Nate Chapin  <japhet@chromium.org>
1269
1270         Replace unnecessary null-checks with an assert in MainResourceLoader::continueAfterNavigationPolicy.
1271         https://bugs.webkit.org/show_bug.cgi?id=106476
1272
1273         Reviewed by Alexey Proskuryakov.
1274
1275         * loader/MainResourceLoader.cpp:
1276         (WebCore::MainResourceLoader::continueAfterNavigationPolicy): Null-checks for resourceLoader were
1277             added in an abundance of caution in r139150. Given that we know the load hasn't been cancelled,
1278             resourceLoader can only be null if continueAfterNavigationPolicy() has already been called
1279             before when m_substituteData is valid. continueAfterNavigationPolicy() is only called for redirects,
1280             and SubstituteData doesn't support redirects, so it is correct to assert that resourceLoader is non-null.
1281
1282 2013-01-10  Levi Weintraub  <leviw@chromium.org>
1283
1284         ScrollingCoordinator touch event hit rects aren't converted to proper coordinates when in nested views
1285         https://bugs.webkit.org/show_bug.cgi?id=106383
1286
1287         Reviewed by James Robinson.
1288
1289         ScrollingCoordinator uses clippedOverflowRectForRepaint(0) to generate the bounds for a renderer's hit
1290         testing rect. The rect this returns is in the coordinates of its document. This change converts the
1291         rect to the outermost view's coordinate system using convertToContainingView.
1292
1293         Tests: platform/chromium/fast/events/touch/touch-hit-rects-in-iframe.html
1294
1295         * page/scrolling/ScrollingCoordinator.cpp:
1296         (WebCore::accumulateRendererTouchEventTargetRects):
1297
1298 2013-01-10  Levi Weintraub  <leviw@chromium.org>
1299
1300         Regression(r137939): Heap-use-after-free in WebCore::accumulateDocumentEventTargetRects
1301         https://bugs.webkit.org/show_bug.cgi?id=106454
1302
1303         Reviewed by James Robinson.
1304
1305         Correctly removing child Documents from their parent's tracked touch handler maps when detaching and
1306         when their last touch event handler is removed.
1307
1308         Test: fast/events/touch/nested-document-with-touch-handler-detached-crash.html
1309
1310         * dom/Document.cpp:
1311         (WebCore::Document::detach):
1312         (WebCore::Document::didRemoveEventTargetNode):
1313
1314 2013-01-10  Nate Chapin  <japhet@chromium.org>
1315
1316         REGRESSION(r138222): WebDocumentLoaderMac-related leaks seen on Leaks bot
1317         https://bugs.webkit.org/show_bug.cgi?id=106137
1318
1319         Reviewed by Brady Eidson.
1320
1321         Tested manually by comparing before and after leaks output for WK1-mac.
1322
1323         * loader/MainResourceLoader.cpp:
1324         (WebCore::MainResourceLoader::receivedError): Call dispatchDidFailLoading() if
1325             a SubstituteData load fails or is cancelled. Without this call, load counts
1326             are not balanced on WebDocumentLoaderMac and it is retained forever.
1327         (WebCore::MainResourceLoader::didFinishLoading):
1328
1329 2013-01-10  Robert Kroeger  <rjkroege@chromium.org>
1330
1331         Manually revert http://trac.webkit.org/changeset/136012
1332         https://bugs.webkit.org/show_bug.cgi?id=106580
1333
1334         Reviewed by Dimitri Glazkov.
1335
1336         136012 broke touch-scrolling of an overflow div in an iframe. Revert manually
1337         to work around conflicts.
1338
1339         * page/EventHandler.cpp:
1340         (WebCore::EventHandler::handleWheelEvent):
1341
1342 2013-01-10  Robert Hogan  <robert@webkit.org>
1343
1344         REGRESSION(r136967): margin-top + overflow:hidden causes incorrect layout for internal floated elements
1345         https://bugs.webkit.org/show_bug.cgi?id=106374
1346
1347         Reviewed by David Hyatt.
1348
1349         r136397 treated any self-collapsing block that had a clearance delta as though it was clearing a float, but
1350         blocks that avoid floats can get a clearance delta too. So just ensure there is clearance on the block when deciding
1351         whether we need to add the margin back in before placing the float.
1352
1353         Test: fast/block/margin-collapse/self-collapsing-block-with-overflow-hidden-and-float-child.html
1354
1355         * rendering/RenderBlockLineLayout.cpp:
1356         (WebCore::RenderBlock::LineBreaker::skipLeadingWhitespace):
1357
1358 2013-01-10  Alexander Pavlov  <apavlov@chromium.org>
1359
1360         Web Inspector: Color picker in Styles pane shows wrong initial color
1361         https://bugs.webkit.org/show_bug.cgi?id=106567
1362
1363         Reviewed by Pavel Feldman.
1364
1365         The RGB's G value for "crimson" was wrong.
1366
1367         * inspector/front-end/Color.js:
1368
1369 2013-01-10  Tony Chang  <tony@chromium.org>
1370
1371         Speed up supplemental dependency computation
1372         https://bugs.webkit.org/show_bug.cgi?id=106503
1373
1374         Reviewed by Adam Barth.
1375
1376         On my machine, generating supplemental IDL dependencies was taking about 18s
1377         because it has to run the C preprocessor on each IDL file. Avoid this by using
1378         a regular expression to find the Supplemental= value in each IDL file rather than
1379         doing a full parse. Now generating supplemental IDL dependencies is less than a
1380         second.
1381
1382         preprocess-idls.pl used to also check IDL attributes against IDLAttributes.txt.
1383         Move this code to run in generate-bindings.pl. This change revealed that
1384         TestRunner.idl uses PassContext so add that to IDLAttributes.txt.
1385
1386         No new tests, this is a build refactor. EWS bots should be green.
1387
1388         * DerivedSources.make: Remove --idlAttributesFile from preprocess-idls.pl and add it to generate-bindings.pl.
1389         * DerivedSources.pri: Remove --idlAttributesFile from preprocess-idls.pl and add it to generate-bindings.pl.
1390         * GNUmakefile.am: Remove --idlAttributesFile from preprocess-idls.pl and add it to generate-bindings.pl.
1391         * UseJSC.cmake: Remove --idlAttributesFile from preprocess-idls.pl and add it to generate-bindings.pl.
1392         * UseV8.cmake: Remove --idlAttributesFile from preprocess-idls.pl and add it to generate-bindings.pl.
1393         * WebCore.gyp/WebCore.gyp: Remove --idlAttributesFile from preprocess-idls.pl and add it to generate-bindings.pl.
1394         * bindings/scripts/IDLAttributes.txt: Add PassContext needed by TestRunner.idl.
1395         * bindings/scripts/generate-bindings.pl:
1396         (loadIDLAttributes): Moved from preprocess-idls.pl.
1397         (checkIDLAttributes): Moved from preprocess-idls.pl.
1398         (checkIfIDLAttributesExists): Moved from preprocess-idls.pl.
1399         * bindings/scripts/preprocess-idls.pl:
1400         (getSupplementalFromIDLFile): Helper method to get Supplemental=* quickly.
1401
1402 2013-01-10  Max Vujovic  <mvujovic@adobe.com>
1403
1404         [CSS Filters] RenderLayerCompositor::addToOverlapMap should take into account the filters outsets (ie. blur and drop-shadow)
1405         https://bugs.webkit.org/show_bug.cgi?id=94022
1406
1407         Reviewed by Simon Fraser.
1408
1409         When a layer has a filter that moves pixels, we need to add its entire bounds, including its
1410         outsets and children, to the overlap map. The filter can move the children's pixels
1411         anywhere in the layer, so we can't rely on the children's bounds.
1412
1413         Eventually, we should avoid adding children to the overlap map if the parent's bounds used
1414         for overlap testing already include the children. I've added a FIXME for this optimization.
1415
1416         Tests: compositing/filters/sw-layer-overlaps-hw-shadow.html
1417                compositing/filters/sw-nested-shadow-overlaps-hw-nested-shadow.html
1418                compositing/filters/sw-shadow-overlaps-hw-layer.html
1419                compositing/filters/sw-shadow-overlaps-hw-shadow.html
1420
1421         * rendering/RenderLayer.h:
1422         (WebCore::RenderLayer::overlapBounds):
1423             If necessary, return the calculated layer bounds, including the children. Otherwise,
1424             return the localBoundingBox.
1425         (RenderLayer):
1426         (WebCore::RenderLayer::overlapBoundsIncludeChildren):
1427             If the layer has a filter that moves pixels, return true.
1428         * rendering/RenderLayerCompositor.cpp:
1429         (WebCore::RenderLayerCompositor::addToOverlapMap):
1430             Add the overlapBounds instead of the localBoundingBox to the overlap map.
1431         (WebCore::RenderLayerCompositor::computeCompositingRequirements):
1432             Use the overlapBounds instead of the localBoundingBox for overlap testing.
1433
1434 2013-01-09  Ojan Vafai  <ojan@chromium.org>
1435
1436         intrinsic min-widths don't override width for file upload controls
1437         https://bugs.webkit.org/show_bug.cgi?id=106517
1438
1439         Reviewed by Tony Chang.
1440
1441         Separate out computing intrinsic width from perferred width so that
1442         we can use the intrinsic width correctly when applying min-width/max-width.
1443         The preferred width is the width used in its container's computation
1444         of its intrinsic width.
1445
1446         This is the first in a series of patches making this work across
1447         the render tree. 
1448
1449         Test: fast/forms/file/intrinsic-min-width-overrides-width.html
1450
1451         * rendering/RenderBox.cpp:
1452         (WebCore::RenderBox::minIntrinsicLogicalWidth):
1453         (WebCore):
1454         (WebCore::RenderBox::maxIntrinsicLogicalWidth):
1455         (WebCore::RenderBox::computeIntrinsicLogicalWidths):
1456         (WebCore::RenderBox::computeLogicalWidthInRegionUsing):
1457         * rendering/RenderBox.h:
1458         (RenderBox):
1459         * rendering/RenderFileUploadControl.cpp:
1460         (WebCore::RenderFileUploadControl::computeIntrinsicLogicalWidths):
1461         (WebCore):
1462         (WebCore::RenderFileUploadControl::computePreferredLogicalWidths):
1463         * rendering/RenderFileUploadControl.h:
1464         (RenderFileUploadControl):
1465
1466 2013-01-10  Victor Carbune  <victor@rosedu.org>
1467
1468         media/video-controls-captions.html fails after fixing https://bugs.webkit.org/show_bug.cgi?id=105536
1469         https://bugs.webkit.org/show_bug.cgi?id=106230
1470
1471         Reviewed by Eric Carlson.
1472
1473         Until Chromium has proper controls for lists of text tracks, the caption button
1474         needs to preserve its functionality.
1475
1476         Updated TestExpectations to reactivate test.
1477
1478         * html/HTMLMediaElement.cpp:
1479         (WebCore::HTMLMediaElement::setClosedCaptionsVisible): Added explicit call to updateTextTrackDisplay.
1480         This enables hiding the tracks immediately.
1481         * html/shadow/MediaControlElements.cpp:
1482         (WebCore::MediaControlTextTrackContainerElement::updateDisplay): Added extra check before rendering
1483         that captions should actually be displayed.
1484
1485 2013-01-10  Hajime Morrita  <morrita@google.com>
1486
1487         ComposedShadowTreeWalker shouldn't be exposed to non-ShadowDOM classes
1488         https://bugs.webkit.org/show_bug.cgi?id=106505
1489
1490         Reviewed by Dimitri Glazkov.
1491
1492         This change hides ComposedShadowTreeWalker from non-ShadowDOM classes by
1493
1494         - introducing thin wrapper functions on NodeRenderingTraversal and relacing
1495           CSTW callsites with it,
1496         - replacing ComposedShadowTreeWalker usage with AncestorChainWalker if possible and
1497         - moving AncestorChainWalker to its own file and including it on files
1498           which needs only AncestorChainWalker. This eliminates ComposedShadowTreeWalker.h inclusions.
1499
1500         No new tests. No behavior change.
1501
1502         * CMakeLists.txt:
1503         * GNUmakefile.list.am:
1504         * Target.pri:
1505         * WebCore.gypi:
1506         * WebCore.xcodeproj/project.pbxproj:
1507         * dom/AncestorChainWalker.cpp: Added. Extracted from ComposedShadowTreeWalker.cpp
1508         (WebCore):
1509         (WebCore::AncestorChainWalker::AncestorChainWalker):
1510         (WebCore::AncestorChainWalker::parent):
1511         * dom/AncestorChainWalker.h: Added. Extracted from ComposedShadowTreeWalker.h
1512         (WebCore):
1513         (AncestorChainWalker):
1514         (WebCore::AncestorChainWalker::get):
1515         (WebCore::AncestorChainWalker::crossingInsertionPoint):
1516         * dom/ComposedShadowTreeWalker.cpp:
1517         * dom/ComposedShadowTreeWalker.h:
1518         * dom/DOMAllInOne.cpp:
1519         * dom/ElementShadow.h:
1520         (WebCore::shadowOfParent):
1521         (WebCore):
1522         * dom/EventDispatcher.cpp:
1523         * dom/Node.cpp:
1524         * dom/NodeRenderingTraversal.cpp:
1525         (WebCore::NodeRenderingTraversal::nextInScope):
1526         (NodeRenderingTraversal):
1527         (WebCore::NodeRenderingTraversal::previousInScope): Added.
1528         (WebCore::NodeRenderingTraversal::parentInScope): Added.
1529         (WebCore::NodeRenderingTraversal::lastChildInScope): Added.
1530         * dom/NodeRenderingTraversal.h:
1531         (NodeRenderingTraversal):
1532         * dom/TreeScope.cpp:
1533         * html/HTMLLIElement.cpp:
1534         (WebCore::HTMLLIElement::attach):
1535         * page/EventHandler.cpp:
1536         * page/FocusController.cpp: Replacing CSTW with NRT
1537         (WebCore):
1538         (WebCore::FocusNavigationScope::focusNavigationScopeOf):
1539         (WebCore::FocusController::findNodeWithExactTabIndex):
1540         (WebCore::nextNodeWithGreaterTabIndex):
1541         (WebCore::previousNodeWithLowerTabIndex):
1542         (WebCore::FocusController::nextFocusableNode):
1543         (WebCore::FocusController::previousFocusableNode):
1544
1545 2013-01-10  Zan Dobersek  <zandobersek@gmail.com>
1546
1547         Remove the ENABLE_ANIMATION_API feature define occurences
1548         https://bugs.webkit.org/show_bug.cgi?id=106544
1549
1550         Reviewed by Simon Fraser.
1551
1552         The Animation API code was removed in r137243. The ENABLE_ANIMATION_API
1553         feature define handling still lingers in various build systems and configurations
1554         but is of no use, so it should be removed.
1555
1556         No new tests - no new functionality.
1557
1558         * Configurations/FeatureDefines.xcconfig:
1559         * GNUmakefile.features.am.in:
1560
1561 2013-01-10  Robert Phillips  <robertphillips@chromium.org>
1562
1563         Serialization of Gradients fails when PlatformContextSkia is not bitmap backed
1564         https://bugs.webkit.org/show_bug.cgi?id=106559
1565
1566         Reviewed by Stephen White.
1567
1568         This patch switches over from having platform/Skia improperly
1569         crack open the device to find the bitmap configuration to just
1570         specifying it directly.
1571
1572         No new tests. This bug is Chromium specific and only occurs in a
1573         debugging tool (when serializing to a Skia-specific file format).
1574
1575         * platform/graphics/skia/PlatformContextSkia.cpp:
1576         (WebCore::PlatformContextSkia::createCompatibleDevice):
1577
1578 2013-01-10  Alexander Pavlov  <apavlov@chromium.org>
1579
1580         The "outline-offset" property is not found in the computed style property list
1581         https://bugs.webkit.org/show_bug.cgi?id=106561
1582
1583         Reviewed by Alexis Menard.
1584
1585         Listed CSSPropertyOutlineOffset in the CSSComputedStyleDeclaration's computedProperties[].
1586
1587         Test: fast/css/getComputedStyle/getComputedStyle-outline-offset.html
1588
1589         * css/CSSComputedStyleDeclaration.cpp:
1590
1591 2013-01-10  David Faure  <faure@kde.org>
1592
1593         PluginPackage::freeLibraryTimerFired asserts if plugin got loaded again meanwhile
1594         https://bugs.webkit.org/show_bug.cgi?id=106463
1595
1596         Reviewed by Simon Hausmann.
1597
1598         No new tests, this code path will be tested by bug 106140.
1599
1600         * plugins/PluginPackage.cpp:
1601         (WebCore::PluginPackage::freeLibraryTimerFired): skip unloading if loaded again meanwhile.
1602
1603 2013-01-10  Alexander Pavlov  <apavlov@chromium.org>
1604
1605         CSSParser does not allow the absence of whitespace between "and" and "expression"
1606         https://bugs.webkit.org/show_bug.cgi?id=106458
1607
1608         Reviewed by Antti Koivisto.
1609
1610         The issue was that a construct similar to "and(max-width: 480px)" looks like a function call (token type FUNCTION), even though
1611         it is actually a MEDIA_AND followed by a parenthesized expression.
1612
1613         Test: fast/css/media-rule-no-whitespace.html
1614
1615         * css/CSSParser.cpp:
1616         (WebCore::CSSParser::detectFunctionTypeToken): Return if the detection has been successful.
1617         (WebCore::CSSParser::realLex): Test for media query tokens if function type detection has failed.
1618         * css/CSSParser.h:
1619
1620 2013-01-10  Alexis Menard  <alexis@webkit.org>
1621
1622         ASSERT_NOT_REACHED in StylePropertySet::fontValue when accessing font style property through JS after setting style font size.
1623         https://bugs.webkit.org/show_bug.cgi?id=88866
1624
1625         Reviewed by Alexander Pavlov.
1626
1627         StylePropertySet::fontValue always assumed that it was called using
1628         style.font after a subsequent call which set the shorthand font. The
1629         ASSERT_NOT_REACHED assumed that all longhands of the font shorthand not
1630         set by the shorthand itself were set to initial. While it's true when
1631         we set the font shorthand (i.e all longhands are set to implicit initial)
1632         it is not true when you set the longhands individually. For example setting
1633         font-size will not set other font properties to initial. It is the behavior of all
1634         other shorthands in WebKit. When reconstructing the shorthand other
1635         properties tests whether the value of each longhands is initial or not
1636         (if not then we omit the value, as we should always construct the
1637         shortest shorthand possible) or if the value is set or not (if set then
1638         we include it in the shorthand if not then we omit it). The comment
1639         removed was also talking about invalid font property potentially built
1640         by fontValue(). So far appendFontLonghandValueIfExplicit will always
1641         construct a valid value as it takes care of adding ' ' or '/' when
1642         needed, so the return value is parsable and correct.
1643
1644         Test: fast/css/font-shorthand-from-longhands.html
1645
1646         * css/StylePropertySet.cpp:
1647         (WebCore::StylePropertySet::appendFontLonghandValueIfExplicit):
1648         (WebCore::StylePropertySet::fontValue):
1649         * css/StylePropertySet.h:
1650
1651 2013-01-10  Sheriff Bot  <webkit.review.bot@gmail.com>
1652
1653         Unreviewed, rolling out r139306.
1654         http://trac.webkit.org/changeset/139306
1655         https://bugs.webkit.org/show_bug.cgi?id=106550
1656
1657         it broke inspector-protocol/nmi-webaudio-leak-test.html
1658         (Requested by loislo on #webkit).
1659
1660         * bindings/v8/V8PerIsolateData.cpp:
1661         (WebCore::V8PerIsolateData::reportMemoryUsage):
1662         * css/CSSMediaRule.cpp:
1663         (WebCore::CSSMediaRule::reportMemoryUsage):
1664         * css/CSSProperty.cpp:
1665         (WebCore::CSSProperty::reportMemoryUsage):
1666         * css/CSSStyleSheet.cpp:
1667         (WebCore::CSSStyleSheet::reportMemoryUsage):
1668         * css/MediaList.cpp:
1669         (WebCore::MediaList::reportMemoryUsage):
1670         * css/RuleSet.cpp:
1671         (WebCore::RuleData::reportMemoryUsage):
1672         (WebCore::RuleSet::reportMemoryUsage):
1673         (WebCore::RuleSet::RuleSetSelectorPair::reportMemoryUsage):
1674         * css/StyleResolver.cpp:
1675         (WebCore::StyleResolver::MatchedPropertiesCacheItem::reportMemoryUsage):
1676         (WebCore::StyleResolver::reportMemoryUsage):
1677         * css/StyleSheetContents.cpp:
1678         (WebCore::StyleSheetContents::reportMemoryUsage):
1679         * dom/TreeScope.cpp:
1680         (WebCore::TreeScope::reportMemoryUsage):
1681         * inspector/HeapGraphSerializer.cpp:
1682         (WebCore::HeapGraphSerializer::reportMemoryUsage):
1683         * inspector/InspectorMemoryAgent.cpp:
1684         * inspector/InspectorProfilerAgent.cpp:
1685         (WebCore::InspectorProfilerAgent::reportMemoryUsage):
1686         * inspector/MemoryInstrumentationImpl.cpp:
1687         (WebCore::MemoryInstrumentationClientImpl::reportMemoryUsage):
1688         * loader/DocumentLoader.cpp:
1689         (WebCore::DocumentLoader::reportMemoryUsage):
1690         * loader/FrameLoader.cpp:
1691         (WebCore::FrameLoader::reportMemoryUsage):
1692         * loader/MainResourceLoader.cpp:
1693         (WebCore::MainResourceLoader::reportMemoryUsage):
1694         * loader/Prerenderer.cpp:
1695         (WebCore::Prerenderer::reportMemoryUsage):
1696         * loader/ResourceLoader.cpp:
1697         (WebCore::ResourceLoader::reportMemoryUsage):
1698         * loader/cache/CachedImage.cpp:
1699         (WebCore::CachedImage::reportMemoryUsage):
1700         * page/Page.cpp:
1701         (WebCore::Page::reportMemoryUsage):
1702
1703 2013-01-10  Ilya Tikhonovsky  <loislo@chromium.org>
1704
1705         Web Inspector: Native Memory Instrumentation: fix instrumentation for already instrumented classes 2/N
1706         https://bugs.webkit.org/show_bug.cgi?id=106546
1707
1708         Reviewed by Vsevolod Vlasov.
1709
1710         Many nontrivial class members were instrumented in reportMemoryUsage methods.
1711
1712         * bindings/v8/V8PerIsolateData.cpp:
1713         (WebCore::V8PerIsolateData::reportMemoryUsage):
1714         * css/CSSMediaRule.cpp:
1715         (WebCore::CSSMediaRule::reportMemoryUsage):
1716         * css/CSSProperty.cpp:
1717         (WebCore::CSSProperty::reportMemoryUsage):
1718         * css/CSSStyleSheet.cpp:
1719         (WebCore::CSSStyleSheet::reportMemoryUsage):
1720         * css/MediaList.cpp:
1721         (WebCore::MediaList::reportMemoryUsage):
1722         * css/RuleSet.cpp:
1723         (WebCore::RuleData::reportMemoryUsage):
1724         (WebCore::RuleSet::reportMemoryUsage):
1725         (WebCore::RuleSet::RuleSetSelectorPair::reportMemoryUsage):
1726         * css/StyleResolver.cpp:
1727         (WebCore::StyleResolver::MatchedPropertiesCacheItem::reportMemoryUsage):
1728         (WebCore::StyleResolver::reportMemoryUsage):
1729         * css/StyleSheetContents.cpp:
1730         (WebCore::StyleSheetContents::reportMemoryUsage):
1731         * dom/TreeScope.cpp:
1732         (WebCore::TreeScope::reportMemoryUsage):
1733         * inspector/HeapGraphSerializer.cpp:
1734         (WebCore::HeapGraphSerializer::reportMemoryUsage):
1735         * inspector/InspectorMemoryAgent.cpp:
1736         * inspector/InspectorProfilerAgent.cpp:
1737         (WebCore::InspectorProfilerAgent::reportMemoryUsage):
1738         * inspector/MemoryInstrumentationImpl.cpp:
1739         (WebCore::MemoryInstrumentationClientImpl::reportMemoryUsage):
1740         * loader/DocumentLoader.cpp:
1741         (WebCore::DocumentLoader::reportMemoryUsage):
1742         * loader/FrameLoader.cpp:
1743         (WebCore::FrameLoader::reportMemoryUsage):
1744         * loader/MainResourceLoader.cpp:
1745         (WebCore::MainResourceLoader::reportMemoryUsage):
1746         * loader/Prerenderer.cpp:
1747         (WebCore::Prerenderer::reportMemoryUsage):
1748         * loader/ResourceLoader.cpp:
1749         (WebCore::ResourceLoader::reportMemoryUsage):
1750         * loader/cache/CachedImage.cpp:
1751         (WebCore::CachedImage::reportMemoryUsage):
1752         * page/Page.cpp:
1753         (WebCore::Page::reportMemoryUsage):
1754
1755 2013-01-10  Christophe Dumez  <christophe.dumez@intel.com>
1756
1757         [EFL] Add gstreamer 1.0.5 to jhbuild
1758         https://bugs.webkit.org/show_bug.cgi?id=106178
1759
1760         Reviewed by Laszlo Gombos.
1761
1762         Remove GSTREAMER_INTERFACES_LIBRARIES from EFL
1763         CMake configuration.
1764
1765         No new tests, no behavior change for layout tests.
1766
1767         * PlatformEfl.cmake:
1768
1769 2013-01-09  Christophe Dumez  <christophe.dumez@intel.com>
1770
1771         Unreviewed build fix after r139266.
1772
1773         r139266 broke the debug build of the gstreamer backend due
1774         to a missing header include.
1775
1776         No new tests, no behavior change.
1777
1778         * platform/audio/gstreamer/AudioDestinationGStreamer.cpp:
1779
1780 2013-01-09  Alec Flett  <alecflett@chromium.org>
1781
1782         IndexedDB: Allow createIndex/createObjectStore to be asynchronous
1783         https://bugs.webkit.org/show_bug.cgi?id=106377
1784
1785         Reviewed by Tony Chang.
1786
1787         Migrate implementations of createIndex/deleteIndex,
1788         createObjectStore/deleteObjectStore over to IDBDatabaseBackendImpl,
1789         so that they can be asynchronous in multi-process ports.
1790
1791         Has the side effect of removing the last consumers of
1792         IDBIndexBackendImpl and IDBObjectStoreBackendImpl. The former
1793         is removed complete and the latter becomes a temporary namespace
1794         pending a further more mechanical code shuffle.
1795
1796         A key refactoring effect is that the IDBDatabaseBackendImpl
1797         now contains the authoritative IDBDatabaseMetadata hierarchy,
1798         and updates to it are consolidated in one place rather than
1799         scattered across a parallel object tree.
1800
1801         No new tests as this is just refactoring.
1802
1803         * Modules/indexeddb/IDBBackingStore.cpp: Simplify objectstore/index loading and propagate errors.
1804         (WebCore::IDBBackingStore::getObjectStores):
1805         (WebCore::IDBBackingStore::getIndexes):
1806         * Modules/indexeddb/IDBBackingStore.h:
1807         (IDBBackingStore):
1808         * Modules/indexeddb/IDBCursorBackendImpl.cpp: Dependency cleanup.
1809         * Modules/indexeddb/IDBCursorBackendImpl.h: Dependency cleanup.
1810         (WebCore):
1811         * Modules/indexeddb/IDBDatabase.cpp: Frontend IDBObjectStores no longer hold onto backend objects.
1812         (WebCore::IDBDatabase::createObjectStore):
1813         (WebCore::IDBDatabase::deleteObjectStore):
1814         * Modules/indexeddb/IDBDatabaseBackendImpl.cpp: Add all create/deleteIndex operations from IDBIndexBackendImpl.
1815         (WebCore::CreateObjectStoreOperation::create):
1816         (WebCore::CreateObjectStoreOperation::CreateObjectStoreOperation):
1817         (CreateObjectStoreOperation):
1818         (WebCore::DeleteObjectStoreOperation::create):
1819         (WebCore::DeleteObjectStoreOperation::DeleteObjectStoreOperation):
1820         (DeleteObjectStoreOperation):
1821         (WebCore::CreateObjectStoreAbortOperation::create):
1822         (WebCore::CreateObjectStoreAbortOperation::CreateObjectStoreAbortOperation):
1823         (CreateObjectStoreAbortOperation):
1824         (WebCore::DeleteObjectStoreAbortOperation::create):
1825         (WebCore::DeleteObjectStoreAbortOperation::DeleteObjectStoreAbortOperation):
1826         (DeleteObjectStoreAbortOperation):
1827         (CreateIndexOperation):
1828         (WebCore::CreateIndexOperation::create):
1829         (WebCore::CreateIndexOperation::CreateIndexOperation):
1830         (WebCore):
1831         (DeleteIndexOperation):
1832         (WebCore::DeleteIndexOperation::create):
1833         (WebCore::DeleteIndexOperation::DeleteIndexOperation):
1834         (CreateIndexAbortOperation):
1835         (WebCore::CreateIndexAbortOperation::create):
1836         (WebCore::CreateIndexAbortOperation::CreateIndexAbortOperation):
1837         (DeleteIndexAbortOperation):
1838         (WebCore::DeleteIndexAbortOperation::create):
1839         (WebCore::DeleteIndexAbortOperation::DeleteIndexAbortOperation):
1840         (WebCore::GetOperation::GetOperation):
1841         (WebCore::IDBDatabaseBackendImpl::addObjectStore):
1842         (WebCore::IDBDatabaseBackendImpl::removeObjectStore):
1843         (WebCore::IDBDatabaseBackendImpl::addIndex):
1844         (WebCore::IDBDatabaseBackendImpl::removeIndex):
1845         (WebCore::IDBDatabaseBackendImpl::openInternal):
1846         (WebCore::IDBDatabaseBackendImpl::metadata):
1847         (WebCore::IDBDatabaseBackendImpl::createObjectStore):
1848         (WebCore::CreateObjectStoreOperation::perform):
1849         (WebCore::IDBDatabaseBackendImpl::deleteObjectStore):
1850         (WebCore::IDBDatabaseBackendImpl::createIndex):
1851         (WebCore::CreateIndexOperation::perform):
1852         (WebCore::CreateIndexAbortOperation::perform):
1853         (WebCore::IDBDatabaseBackendImpl::deleteIndex):
1854         (WebCore::DeleteIndexOperation::perform):
1855         (WebCore::DeleteIndexAbortOperation::perform):
1856         (WebCore::IDBDatabaseBackendImpl::get):
1857         (WebCore::IDBDatabaseBackendImpl::put):
1858         (WebCore::IDBDatabaseBackendImpl::setIndexKeys):
1859         (WebCore::IDBDatabaseBackendImpl::count):
1860         (WebCore::DeleteRangeOperation::perform):
1861         (WebCore::DeleteObjectStoreOperation::perform):
1862         (WebCore::IDBDatabaseBackendImpl::deleteDatabaseFinal):
1863         (WebCore::IDBDatabaseBackendImpl::loadObjectStores): Load directly into metadata from backing store.
1864         (WebCore::CreateObjectStoreAbortOperation::perform):
1865         (WebCore::DeleteObjectStoreAbortOperation::perform):
1866         (WebCore::IDBDatabaseBackendImpl::VersionChangeAbortOperation::perform):
1867         * Modules/indexeddb/IDBDatabaseBackendImpl.h:
1868         (WebCore):
1869         (IDBDatabaseBackendImpl):
1870         (WebCore::IDBDatabaseBackendImpl::createObjectStore):
1871         (WebCore::IDBDatabaseBackendImpl::deleteObjectStore):
1872         * Modules/indexeddb/IDBIndexBackendImpl.cpp: Removed.
1873         * Modules/indexeddb/IDBIndexBackendImpl.h: Removed.
1874         * Modules/indexeddb/IDBObjectStore.cpp:
1875         (WebCore::IDBObjectStore::IDBObjectStore): Frontend IDBIndex objects no longer hold onto backend.
1876         (WebCore::IDBObjectStore::createIndex): 
1877         (WebCore::IDBObjectStore::deleteIndex):
1878         * Modules/indexeddb/IDBObjectStore.h:
1879         (WebCore::IDBObjectStore::create):
1880         (IDBObjectStore):
1881         * Modules/indexeddb/IDBObjectStoreBackendImpl.cpp:
1882         * Modules/indexeddb/IDBObjectStoreBackendImpl.h:
1883         (WebCore):
1884         (IDBObjectStoreBackendImpl):
1885         * Modules/indexeddb/IDBTransaction.cpp:
1886         (WebCore::IDBTransaction::objectStore):
1887         * Modules/indexeddb/IDBTransaction.h:
1888         * Modules/indexeddb/IDBTransactionBackendImpl.cpp:
1889         * Modules/indexeddb/IDBTransactionBackendImpl.h:
1890         (WebCore::IDBTransactionBackendImpl::objectStore):
1891         * WebCore.gypi:
1892         * WebCore.vcproj/WebCore.vcproj:
1893         * WebCore.xcodeproj/project.pbxproj:
1894
1895 2013-01-09  John J. Barton  <johnjbarton@chromium.org>
1896
1897         Web Inspector: Don't throw exceptions when we don't have a callstack
1898         https://bugs.webkit.org/show_bug.cgi?id=104849
1899
1900         Reviewed by Pavel Feldman.
1901
1902         Check array details.callFrames.length before accessing array;
1903
1904         No new tests, but this fix may help us find the cause of 'other' reasons.
1905
1906         * inspector/front-end/ScriptsPanel.js:
1907         (WebInspector.ScriptsPanel.prototype._debuggerPaused):
1908
1909 2013-01-09  Eugene Klyuchnikov  <eustas@chromium.org>
1910
1911         Web Inspector: [Network] Data grid header and content cells are misaligned.
1912         https://bugs.webkit.org/show_bug.cgi?id=105795
1913
1914         Reviewed by Pavel Feldman.
1915
1916         Header and content tables have different width -> same percent values
1917         turn to different cell widths.
1918
1919         * inspector/front-end/DataGrid.js: Add "corner" cell to all rows.
1920         * inspector/front-end/dataGrid.css: Apply "corner" rules to "td" nodes.
1921         (.data-grid .data-container): Remove artificial padding.
1922
1923 2013-01-09  Tien-Ren Chen  <trchen@chromium.org>
1924
1925         Make caret repainting container-aware
1926         https://bugs.webkit.org/show_bug.cgi?id=103955
1927
1928         Reviewed by Simon Fraser.
1929
1930         Only invalidate local rects on the caret's repaint container,
1931         instead of invalidating an absolute rect on the whole view.
1932
1933         Test: fast/repaint/caret-with-transformation.html
1934
1935         * editing/FrameSelection.cpp:
1936         (WebCore::caretRendersInsideNode):
1937         (WebCore::caretRenderer):
1938         (WebCore::FrameSelection::caretRenderer):
1939         (WebCore::DragCaretController::caretRenderer):
1940         (WebCore::repaintCaretForLocalRect):
1941         (WebCore::FrameSelection::recomputeCaretRect):
1942         (WebCore::CaretBase::invalidateCaretRect):
1943         (WebCore::FrameSelection::focusedOrActiveStateChanged):
1944         * editing/FrameSelection.h:
1945         * rendering/RenderView.cpp:
1946         (WebCore::RenderView::repaintSelection):
1947         * rendering/RenderView.h:
1948
1949 2013-01-09  Ryosuke Niwa  <rniwa@webkit.org>
1950
1951         Rebaseline the binding test after r139278.
1952
1953         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
1954         (WebCore::JSTestEventTarget::getOwnPropertySlot):
1955
1956 2013-01-09  Ryosuke Niwa  <rniwa@webkit.org>
1957
1958         [JSC] REGRESSION(r135093): A form control with name=length overrides length property on form.elements
1959         https://bugs.webkit.org/show_bug.cgi?id=105775
1960
1961         Reviewed by Sam Weinig.
1962
1963         Fixed the bug by respecting properties on ancestor classes.
1964
1965         Test: fast/dom/collection-length-should-not-be-overridden.html
1966
1967         * bindings/js/JSDOMBinding.h:
1968         (WebCore::getStaticValueSlotEntryWithoutCaching): Added.
1969         * bindings/scripts/CodeGeneratorJS.pm:
1970         (GenerateGetOwnPropertySlotBody): Use getStaticValueSlotEntryWithoutCaching to climb up the class
1971         hierarchy.
1972
1973 2013-01-09  Kondapally Kalyan  <kalyan.kondapally@intel.com>
1974
1975         [EFL] [WebGL] Remove GLX dependencies from X11WindowResources..
1976         https://bugs.webkit.org/show_bug.cgi?id=106319
1977
1978         Reviewed by Kenneth Rohde Christiansen.
1979
1980         This patch removes GLX specific calls from X11WindowResources.
1981         This class is shared by both GLX and EGL implementations.
1982
1983         * platform/graphics/surfaces/glx/GLXSurface.cpp:
1984         (WebCore::GLXTransportSurface::setGeometry):
1985         * platform/graphics/surfaces/glx/X11WindowResources.cpp:
1986         (WebCore::X11OffScreenWindow::reSizeWindow):
1987
1988 2013-01-09  Huang Dongsung  <luxtella@company100.net>
1989
1990         Remove deviceScaleFactor argument in computeMinimumScaleFactorForContentContained().
1991         https://bugs.webkit.org/show_bug.cgi?id=106500
1992
1993         Reviewed by Kenneth Rohde Christiansen.
1994
1995         deviceScaleFactor argument is not used after r139189.
1996
1997         No new tests. Refactoring only.
1998
1999         * dom/ViewportArguments.cpp:
2000         (WebCore::computeMinimumScaleFactorForContentContained):
2001         * dom/ViewportArguments.h:
2002         (WebCore):
2003
2004 2013-01-09  Elliott Sprehn  <esprehn@gmail.com>
2005
2006         Node::containingShadowRoot should be constant time
2007         https://bugs.webkit.org/show_bug.cgi?id=106494
2008
2009         Reviewed by Dimitri Glazkov.
2010
2011         There's no reason to traverse up the tree to find the containing
2012         ShadowRoot when we already know if we're in a ShadowRoot by looking at
2013         the treeScope().
2014
2015         No new tests, just refactoring.
2016
2017         * dom/Node.cpp:
2018         (WebCore::Node::containingShadowRoot):
2019
2020 2013-01-09  Hajime Morrita  <morrita@google.com>
2021
2022         [Shadow DOM] Distribution related code on ElementShadow should be minimized.
2023         https://bugs.webkit.org/show_bug.cgi?id=106294
2024
2025         Reviewed by Dimitri Glazkov.
2026
2027         This change moves ElementShadow::m_selectFeatures,
2028         m_shouldCollectSelectFeatureSet and related methods to
2029         ContentDistributor.
2030
2031         There are also some renaming and small refactorings for better fit
2032         on new place:
2033
2034         - shouldCollectSelectFeatureSet is renamed needsSelectorRuleSet for conciseness.
2035         - setShouldCollectSelectFeatureSet() which used recursion morphed into
2036           iterative willAffectSelector().
2037         - ensureDistributionFromDocument() becomes a static method.
2038
2039         No new tests. Refactoring.
2040
2041         * WebCore.exp.in:
2042         * dom/Element.cpp:
2043         (WebCore::Element::shouldInvalidateDistributionWhenAttributeChanged):
2044         * dom/ElementShadow.cpp:
2045         (WebCore::ElementShadow::addShadowRoot):
2046         (WebCore::ElementShadow::removeAllShadowRoots):
2047         * dom/ElementShadow.h:
2048         (ElementShadow):
2049         (WebCore::ElementShadow::invalidateDistribution):
2050         (WebCore::ElementShadow::ensureDistribution):
2051         (WebCore::ElementShadow::didAffectSelector):
2052         (WebCore::ElementShadow::willAffectSelector):
2053         (WebCore::ElementShadow::containingShadow):
2054         (WebCore):
2055         * html/shadow/ContentDistributor.cpp:
2056         (WebCore::ScopeContentDistribution::registerInsertionPoint):
2057         (WebCore::ScopeContentDistribution::unregisterInsertionPoint):
2058         (WebCore::ContentDistributor::ContentDistributor):
2059         (WebCore::ContentDistributor::ensureDistribution):
2060         (WebCore):
2061         (WebCore::ContentDistributor::ensureDistributionFromDocument):
2062         (WebCore::ContentDistributor::invalidateDistribution):
2063         (WebCore::ContentDistributor::ensureSelectFeatureSet):
2064         (WebCore::ContentDistributor::collectSelectFeatureSetFrom):
2065         (WebCore::ContentDistributor::didAffectSelector):
2066         (WebCore::ContentDistributor::willAffectSelector):
2067         (WebCore::ContentDistributor::didShadowBoundaryChange):
2068         * html/shadow/ContentDistributor.h:
2069         (ScopeContentDistribution):
2070         (WebCore::ContentDistributor::needsSelectFeatureSet):
2071         (WebCore::ContentDistributor::setNeedsSelectFeatureSet):
2072         (ContentDistributor):
2073         (WebCore::ContentDistributor::setValidity):
2074         (WebCore::ContentDistributor::needsInvalidation):
2075         * html/shadow/HTMLContentElement.cpp:
2076         (WebCore::HTMLContentElement::parseAttribute):
2077         * html/shadow/HTMLContentElement.h:
2078         * html/shadow/HTMLShadowElement.cpp:
2079         (WebCore::HTMLShadowElement::olderShadowRoot):
2080         * html/shadow/InsertionPoint.cpp:
2081         (WebCore::InsertionPoint::getDistributedNodes):
2082         (WebCore::InsertionPoint::insertedInto):
2083         (WebCore::InsertionPoint::removedFrom):
2084         * html/shadow/InsertionPoint.h:
2085         (WebCore::InsertionPoint::canAffectSelector):
2086         * testing/Internals.cpp:
2087         (WebCore::Internals::hasSelectorForIdInShadow):
2088         (WebCore::Internals::hasSelectorForClassInShadow):
2089         (WebCore::Internals::hasSelectorForAttributeInShadow):
2090         (WebCore::Internals::hasSelectorForPseudoClassInShadow):
2091
2092 2013-01-09  Shinya Kawanaka  <shinyak@chromium.org>
2093
2094         Assert triggered in SelectorChecker::checkOneSelector when scrollbar (e.g. :horizontal) selector is specified.
2095         https://bugs.webkit.org/show_bug.cgi?id=106414
2096
2097         Reviewed by Dimitri Glazkov.
2098
2099         In SelectorChecker::checkOneSelector, scrollbar related pseudoType (e.g. :horizontal) is not handled anywhere.
2100         This caused ASSERT triggered. We have to check them.
2101
2102         Test: fast/css/scrollbar-crash.html
2103
2104         * css/SelectorChecker.cpp:
2105         (WebCore::SelectorChecker::checkOneSelector):
2106
2107 2013-01-09  Filip Pizlo  <fpizlo@apple.com>
2108
2109         Unreviewed, fix build after http://trac.webkit.org/changeset/139262
2110
2111         * Modules/webaudio/DefaultAudioDestinationNode.cpp:
2112
2113 2013-01-09  Chris Rogers  <crogers@google.com>
2114
2115         Allow live/local audio input to be enabled only when needed
2116         https://bugs.webkit.org/show_bug.cgi?id=106490
2117
2118         Reviewed by Kenneth Russell.
2119         
2120         WebAudio can process live/local audio input using a MediaStreamAudioSourceNode.
2121         But currently the audio back-end is not able to know when/if audio input will be
2122         needed, so it needs to assume the worst and initialize the system to support potential
2123         audio input in all cases.  For some audio back-ends this can end up being less efficient
2124         than initializing for audio output only.  This patch adds the ability for the audio back-end
2125         to be able to initialize itself for audio input later on, only when/if it's needed.
2126
2127         * Modules/webaudio/AudioContext.cpp:
2128         (WebCore::AudioContext::createMediaStreamSource):
2129         * Modules/webaudio/AudioDestinationNode.h:
2130         (AudioDestinationNode):
2131         * Modules/webaudio/DefaultAudioDestinationNode.cpp:
2132         (WebCore::DefaultAudioDestinationNode::DefaultAudioDestinationNode):
2133         (WebCore::DefaultAudioDestinationNode::initialize):
2134         (WebCore::DefaultAudioDestinationNode::uninitialize):
2135         (WebCore::DefaultAudioDestinationNode::createDestination):
2136         (WebCore):
2137         (WebCore::DefaultAudioDestinationNode::enableInput):
2138         * Modules/webaudio/DefaultAudioDestinationNode.h:
2139         (DefaultAudioDestinationNode):
2140         * Modules/webaudio/OfflineAudioDestinationNode.h:
2141         (OfflineAudioDestinationNode):
2142         (WebCore::OfflineAudioDestinationNode::sampleRate):
2143         * platform/audio/AudioDestination.h:
2144         (AudioDestination):
2145         * platform/audio/gstreamer/AudioDestinationGStreamer.cpp:
2146         (WebCore::AudioDestination::create):
2147         * platform/audio/mac/AudioDestinationMac.cpp:
2148         (WebCore::AudioDestination::create):
2149
2150 2013-01-09  Tim Horton  <timothy_horton@apple.com>
2151
2152         Don't drop to huge tile mode if we're only slow-scrolling because of a page overlay
2153         https://bugs.webkit.org/show_bug.cgi?id=106502
2154         <rdar://problem/12959143>
2155
2156         Reviewed by Simon Fraser.
2157
2158         We only use the MainThreadScrollingReason "ForcedOnMainThread" if WebKit2 installs
2159         a page overlay (TiledCoreAnimationDrawingArea::didInstallPageOverlay), which clients
2160         can cause arbitrarily.
2161
2162         We probably should still use default-sized tiles in this case (this will also
2163         prevent us from falling into gigantic tiles for WebKit2 find-in-page, among other things).
2164
2165         * rendering/RenderLayerBacking.cpp:
2166         (WebCore::RenderLayerBacking::adjustTileCacheCoverage):
2167
2168 2013-01-09  Takashi Sakamoto  <tasak@google.com>
2169
2170         border-radius with box-shadow is not rendered correctly
2171         https://bugs.webkit.org/show_bug.cgi?id=106404
2172
2173         Reviewed by Hajime Morita.
2174
2175         RoundedRect::isRenderable is wrong. So RoundedRect::adjustRadii
2176         is invoked for renderable RoundedRects.
2177
2178         Test: fast/borders/border-radius-with-box-shadow.html
2179
2180         * platform/graphics/RoundedRect.cpp:
2181         (WebCore::RoundedRect::isRenderable):
2182         Have to compare topLeft's height plus bottomLeft's height with
2183         rect's height and to compare topRight's height plus bottomRight's
2184         height with rect's height.
2185
2186 2013-01-09  Joanmarie Diggs  <jdiggs@igalia.com>
2187
2188         [GTK] accessibility/aria-labelledby-overrides-label.html requires a proper baseline
2189         https://bugs.webkit.org/show_bug.cgi?id=105638
2190
2191         Reviewed by Martin Robinson.
2192
2193         The test was failing for two reasons:
2194         - AccessibilityRenderObject::correspondingLabelForControlElement() was
2195           not ignoring the ARIA labelled-by property
2196         - AccessibilityController::accessibleElementById() was not implemented
2197
2198         Because getting an element by ID cannot be done in the UIProcess, the
2199         decision was made to expose the element's ID as an accessible attribute
2200         of the object.
2201
2202         In addition, fixing the bug in AccessibilityRenderObject made it possible
2203         to eliminate the Gtk platform-specific expectations for another test.
2204
2205         No new tests; instead, the failing test was unskipped and a proper baseline
2206         provided.
2207
2208         * accessibility/AccessibilityRenderObject.cpp:
2209         (WebCore::AccessibilityRenderObject::correspondingLabelForControlElement):
2210         Return null for objects where hasTextAlternative() is true.
2211         * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
2212         (webkitAccessibleGetAttributes): Expose the element's ID as an accessible
2213         attribute.
2214
2215 2013-01-09  Tony Gentilcore  <tonyg@chromium.org>
2216
2217         Remove unused includes from HTMLTreeBuilder
2218         https://bugs.webkit.org/show_bug.cgi?id=106496
2219
2220         Reviewed by Levi Weintraub.
2221
2222         Noticed these while searching HTMLTreeBuilder for non-thread friendly deps.
2223
2224         No new tests because no new functionality.
2225
2226         * html/parser/HTMLTreeBuilder.cpp:
2227
2228 2013-01-09  Max Vujovic  <mvujovic@adobe.com>
2229
2230         [CSS Shaders] Detached identifier after mesh box type is not applied
2231         https://bugs.webkit.org/show_bug.cgi?id=105321
2232
2233         Reviewed by Dean Jackson.
2234
2235         Before this patch, if a "detached" identifier followed a mesh box type identifier, the
2236         detached identifier was not applied. In other words, the mesh would still be attached.
2237
2238         For example:
2239         -webkit-filter: custom(url(...) mix(url(...) normal source-atop), 1 1 border-box detached);
2240
2241         Although the mesh box type is being removed from the Filter Effects spec, for now, we
2242         continue to accept the mesh box type in parsing because of existing content. Eventually,
2243         custom filters will transition to an at-rule syntax, once it is defined.
2244
2245         Test: css3/filters/custom/custom-filter-detached-mesh-with-mesh-box-type.html
2246
2247         * css/CSSParser.cpp:
2248         (WebCore::CSSParser::parseCustomFilter):
2249             In CSSParser, do not add the mesh box type identifier to the list that will be passed to
2250             StyleResolver. StyleResolver is expecting a "detached" identifier in that position and
2251             does not interpret mesh box types.
2252
2253 2013-01-09  Dan Winship  <danw@gnome.org>
2254
2255         [Soup] Handle redirection inside WebKit
2256         https://bugs.webkit.org/show_bug.cgi?id=61122
2257         https://bugs.webkit.org/show_bug.cgi?id=88961
2258
2259         Reviewed by Martin Robinson.
2260
2261         Rather than using libsoup's built-in redirection handling (which
2262         doesn't do everything exactly the way WebKit wants, and can't
2263         handle redirects to non-http URIs anyway), process redirections
2264         ourselves.
2265
2266         No new tests; unskips a few existing tests.
2267
2268         * platform/network/ResourceHandleInternal.h:
2269         (WebCore::ResourceHandleInternal::ResourceHandleInternal):
2270         (ResourceHandleInternal):
2271         * platform/network/soup/ResourceError.h:
2272         (ResourceError):
2273         * platform/network/soup/ResourceErrorSoup.cpp:
2274         (WebCore::ResourceError::transportError):
2275         (WebCore):
2276         (WebCore::ResourceError::httpError):
2277         * platform/network/soup/ResourceHandleSoup.cpp:
2278         (WebCore):
2279         (WebCore::gotHeadersCallback):
2280         (WebCore::restartedCallback):
2281         (WebCore::shouldRedirect):
2282         (WebCore::doRedirect):
2283         (WebCore::redirectCloseCallback):
2284         (WebCore::redirectSkipCallback):
2285         (WebCore::cleanupSoupRequestOperation):
2286         (WebCore::sendRequestCallback):
2287         (WebCore::createSoupMessageForHandleAndRequest):
2288         (WebCore::createSoupRequestAndMessageForHandle):
2289         (WebCore::ResourceHandle::start):
2290
2291 2013-01-09  Florin Malita  <fmalita@chromium.org>
2292
2293         [Skia] Implement GraphicsContext::addRoundedRectClip() using SkCanvas::clipRRect()
2294         https://bugs.webkit.org/show_bug.cgi?id=106461
2295
2296         Reviewed by Stephen White.
2297
2298         This patch adds a Skia-specific version of GraphicsContext::addRoundedRectClip() to take
2299         advantage of the SkCanvas::clipRRect() primitive.
2300
2301         As a minor cleanup, the anonymous namespace in GraphicsContextSkia.cpp is extended to cover
2302         all the local helper functions.
2303
2304         No new tests: coverage provided by existing tests.
2305
2306         * platform/graphics/GraphicsContext.cpp:
2307         (WebCore):
2308         * platform/graphics/skia/GraphicsContextSkia.cpp:
2309         (WebCore::GraphicsContext::addRoundedRectClip):
2310         (WebCore):
2311         (WebCore::GraphicsContext::fillRoundedRect):
2312         * platform/graphics/skia/PlatformContextSkia.h:
2313         (WebCore::PlatformContextSkia::clipRRect):
2314         (WebCore):
2315
2316 2013-01-09  Andreas Kling  <akling@apple.com>
2317
2318         SVG-as-image: Throw out cached bitmap renderings after they sit unused for some time.
2319         <http://webkit.org/b/106484>
2320         <rdar://problem/12983216>
2321
2322         Reviewed by Antti Koivisto.
2323
2324         Add a one-shot timer to SVGImageCache to self-clear the bitmap cache 30 seconds after last access.
2325         This prevents us from keeping huge ImageBuffers around in memory for the lifetime of the elements
2326         referencing that particular SVG file. (The ownership model is actually a bit more complicated
2327         but that's irrelevant to this issue.)
2328
2329         10234kB progression on Membuster3.
2330
2331         * svg/graphics/SVGImageCache.cpp:
2332         (WebCore::SVGImageCache::SVGImageCache):
2333         (WebCore::SVGImageCache::~SVGImageCache):
2334         (WebCore::SVGImageCache::clearBitmapCache):
2335         (WebCore::SVGImageCache::cacheClearTimerFired):
2336         (WebCore::SVGImageCache::lookupOrCreateBitmapImageForRenderer):
2337         * svg/graphics/SVGImageCache.h:
2338         (SVGImageCache):
2339
2340 2013-01-09  Alexey Proskuryakov  <ap@apple.com>
2341
2342         Assertion failure in SubresourceLoader::didFail when reloading
2343         https://bugs.webkit.org/show_bug.cgi?id=101416
2344
2345         Reviewed by Nate Chapin.
2346
2347         Test: http/tests/cache/network-error-during-revalidation.html
2348
2349         * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::didFail): Handle revalidation.
2350
2351 2013-01-09  Alexandru Chiculita  <achicu@adobe.com>
2352
2353         Assertion Failure in WebCore::RenderLayerCompositor::updateCompositingLayers
2354         https://bugs.webkit.org/show_bug.cgi?id=106419
2355
2356         Reviewed by Simon Fraser.
2357
2358         No new tests added, just un-skipped 3 existing tests.
2359
2360         RenderLayerCompositor::updateCompositingLayers is being called with a pending layout, so computing the
2361         layers at that point would be useless & error-prone as they will be using incorrect layout values. If a layout is pending it means that 
2362         RenderLayerCompositor::updateCompositingLayers would get called again after the pending layout ends, so any values calculated at that point would be
2363         overwritten immediately. This patch removes the old ASSERT and makes it a return instead.
2364
2365         * rendering/RenderLayerCompositor.cpp:
2366         (WebCore::RenderLayerCompositor::updateCompositingLayers):
2367
2368 2013-01-09  Robert Hogan  <robert@webkit.org>
2369
2370         REGRESSION(r111439): Focus ring is rendered incorrectly in fast/inline/continuation-outlines-with-layers.html
2371         https://bugs.webkit.org/show_bug.cgi?id=106064
2372
2373         Reviewed by David Hyatt.
2374
2375         * rendering/RenderBlock.cpp:
2376         (WebCore::RenderBlock::paintObject): 
2377
2378 2013-01-09  Gregg Tavares  <gman@google.com>
2379
2380         Add stub for CanvasProxy
2381         https://bugs.webkit.org/show_bug.cgi?id=106275
2382
2383         Reviewed by Dean Jackson.
2384
2385         No new tests as no new fuctionality exposed.
2386
2387         * CMakeLists.txt:
2388         * DerivedSources.make:
2389         * DerivedSources.pri:
2390         * GNUmakefile.list.am:
2391         * Target.pri:
2392         * WebCore.gypi:
2393         * WebCore.xcodeproj/project.pbxproj:
2394         * html/canvas/CanvasProxy.cpp: Added.
2395         * html/canvas/CanvasProxy.h: Added.
2396         * html/canvas/CanvasProxy.idl: Added.
2397
2398 2013-01-09  Antti Koivisto  <antti@apple.com>
2399
2400         Release FastMalloc thread caches on memory warning
2401         https://bugs.webkit.org/show_bug.cgi?id=106471
2402
2403         Reviewed by Geoff Garen.
2404         
2405         FastMalloc keeps some memory in per-thread caches (currently 2MB each). We currently flush these caches on memory warning 
2406         for the main thread only. We should do it for other WebKit threads that use FastMalloc too.
2407
2408         Call WTF::releaseFastMallocFreeMemory in a bunch of WebCore support threads on memory warning. Unfortunately we don't have 
2409         an uniform way of doing threads so this requires bunch of thread type specific code.
2410         
2411         Looks to be ~1% progression in membuster3 final and maximum numbers.
2412
2413         * platform/mac/MemoryPressureHandlerMac.mm:
2414         (WebCore::MemoryPressureHandler::releaseMemory):
2415         * storage/StorageTask.cpp:
2416         (WebCore::StorageTask::performTask):
2417         * storage/StorageTask.h:
2418         (WebCore::StorageTask::createReleaseFastMallocFreeMemory):
2419         * storage/StorageThread.cpp:
2420         (WebCore::storageThreads):
2421         (WebCore):
2422         (WebCore::StorageThread::StorageThread):
2423         (WebCore::StorageThread::~StorageThread):
2424         (WebCore::StorageThread::releaseFastMallocFreeMemoryInAllThread):
2425         * storage/StorageThread.h:
2426         (StorageThread):
2427         * workers/WorkerThread.cpp:
2428         (WebCore::threadSetMutex):
2429         (WebCore::workerThreads):
2430         (WebCore::WorkerThread::workerThreadCount):
2431         (WebCore::WorkerThread::WorkerThread):
2432         (WebCore::WorkerThread::~WorkerThread):
2433         (WebCore::WorkerThread::releaseFastMallocFreeMemoryInAllThread):
2434         (WebCore):
2435         * workers/WorkerThread.h:
2436         (WorkerThread):
2437
2438 2013-01-09  Tony Gentilcore  <tonyg@chromium.org>
2439
2440         REGRESSION(r139141): Assertion failure in WebCore::HTMLConstructionSite::HTMLConstructionSite
2441         https://bugs.webkit.org/show_bug.cgi?id=106412
2442
2443         Reviewed by Darin Adler.
2444
2445         This corrects the assertion added in r139141. The assertion was designed to make sure that we are using the
2446         HTMLDocument class. XHTML documents also use HTMLDocument.
2447
2448         No new tests because no new functionality.
2449
2450         * html/parser/HTMLConstructionSite.cpp:
2451         (WebCore::HTMLConstructionSite::HTMLConstructionSite):
2452
2453 2013-01-08  Ojan Vafai  <ojan@chromium.org>
2454
2455         min-content gets the wrong value if min-width is set on some form controls
2456         https://bugs.webkit.org/show_bug.cgi?id=106389
2457
2458         Reviewed by Tony Chang.
2459
2460         Simplify the logic. The only exposed change in behavior is that
2461         m_minPreferredLogicalWidth gets set to m_maxPreferredLogicalWidth
2462         instead of 0 when min-width is set.
2463
2464         Test: fast/forms/min-content-form-controls.html
2465
2466         * rendering/RenderFileUploadControl.cpp:
2467         (WebCore::RenderFileUploadControl::computePreferredLogicalWidths):
2468         * rendering/RenderListBox.cpp:
2469         (WebCore::RenderListBox::computePreferredLogicalWidths):
2470         * rendering/RenderMenuList.cpp:
2471         (WebCore::RenderMenuList::computePreferredLogicalWidths):
2472         * rendering/RenderSlider.cpp:
2473         (WebCore::RenderSlider::computePreferredLogicalWidths):
2474         * rendering/RenderTextControl.cpp:
2475         (WebCore::RenderTextControl::computePreferredLogicalWidths):
2476
2477 2013-01-09  Abhishek Arya  <inferno@chromium.org>
2478
2479         Mitigate out-of-bounds access in InlineIterator
2480         https://bugs.webkit.org/show_bug.cgi?id=104812
2481
2482         Reviewed by Levi Weintraub.
2483
2484         Share code between InlineIterator::current and InlineIterator::previousInSameNode,
2485         thereby checking for access outside text renderer's length.
2486
2487         * rendering/InlineIterator.h:
2488         (InlineIterator):
2489         (WebCore::InlineIterator::characterAt):
2490         (WebCore):
2491         (WebCore::InlineIterator::current):
2492         (WebCore::InlineIterator::previousInSameNode):
2493
2494 2013-01-09  Yongjun Zhang  <yongjun_zhang@apple.com>
2495
2496         If ImageLoader's loadEventSender or errorEventSender fires after document is detached, the document will be leaked.
2497
2498         https://bugs.webkit.org/show_bug.cgi?id=106394
2499
2500         Reviewed by Alexey Proskuryakov.
2501
2502         ImageLoader's loadEventSender and errorEventSender schedule event dispatching in separate timers and refs
2503         the Element in updatedHasPendingEvent.  If the Document is detached before either eventSender dispatches,
2504         we would leak the Document since we bail out early in dispatchPendingLoadEvent or dispatchPendingErrorEvent,
2505         without deref-ing the Element itself.
2506
2507         No new tests.  Verified manually by using heap tool to count the living HTMLDocuments.
2508
2509         * loader/ImageLoader.cpp:
2510         (WebCore::ImageLoader::dispatchPendingLoadEvent): also call updatedHasPendingEvent to deref the Element if
2511                     the document is detached.
2512         (WebCore::ImageLoader::dispatchPendingErrorEvent): ditto.
2513
2514 2013-01-09  Dimitri Glazkov  <dglazkov@chromium.org>
2515
2516         Unreviewed, rolling out r139143.
2517         http://trac.webkit.org/changeset/139143
2518         https://bugs.webkit.org/show_bug.cgi?id=106135
2519
2520         Broke Chromium content_browsertests.
2521
2522         * platform/leveldb/LevelDBDatabase.cpp:
2523         (WebCore::LevelDBDatabase::open):
2524         (WebCore::LevelDBDatabase::openInMemory):
2525
2526 2013-01-09  Sam Weinig  <sam@webkit.org>
2527
2528         Add Settings.in and make_settings.pl to the project.
2529
2530         Reviewed by Anders Carlsson.
2531
2532         * WebCore.xcodeproj/project.pbxproj:
2533
2534 2013-01-09  Ojan Vafai  <ojan@chromium.org>
2535
2536         marquee special-case in RenderBlock is not needed
2537         https://bugs.webkit.org/show_bug.cgi?id=106396
2538
2539         Reviewed by Simon Fraser.
2540
2541         This was added in http://trac.webkit.org/changeset/105772. The layout test
2542         in that patch (which is disabled) works and the original site that was broken
2543         also still works.
2544
2545         * rendering/RenderBlock.cpp:
2546         (WebCore::RenderBlock::computePreferredLogicalWidths):
2547
2548 2013-01-09  Tony Chang  <tony@chromium.org>
2549
2550         Automatically generate Settings::unifiedTextCheckerEnabled
2551         https://bugs.webkit.org/show_bug.cgi?id=106382
2552
2553         Reviewed by Adam Barth.
2554
2555         No new tests, no change in behavior. This is covered by existing editing/spelling tests.
2556
2557         * page/Settings.cpp:
2558         (WebCore): Move default value into a global so we can generate the initializer.
2559         (WebCore::Settings::Settings): Remove initializer code that is now generated.
2560         * page/Settings.h:
2561         (Settings): Remove getters and setters.
2562         * page/Settings.in: Add entry to be generated.
2563         * testing/InternalSettings.cpp:
2564         (WebCore::InternalSettings::Backup::Backup): Remove backup since the generated code does this.
2565         (WebCore::InternalSettings::Backup::restoreTo): Remove restore code since the generated code does this.
2566         * testing/InternalSettings.h:
2567         (InternalSettings): Remove member variable.
2568         * testing/InternalSettings.idl: The getter was unused so it's being removed. The setter is now generated.
2569
2570 2013-01-09  Alexis Menard  <alexis@webkit.org>
2571
2572         Implement CSS computed style value for transition shorthand
2573         https://bugs.webkit.org/show_bug.cgi?id=105035
2574
2575         Reviewed by Dean Jackson.
2576
2577         Implement support for query the transition and webkit-transition
2578         shorthand from the computed style.
2579
2580         Test: transitions/transitions-parsing.html
2581
2582         * css/CSSComputedStyleDeclaration.cpp:
2583         (WebCore::createTransitionPropertyValue): Factor the code to create the
2584         correct value into a function to reuse it for the shorthand.
2585         (WebCore::getTransitionPropertyValue):
2586         (WebCore::createTimingFunctionValue): Little refactor, the intermediate
2587         local variables are not needed.
2588         (WebCore::getTimingFunctionValue):
2589         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
2590
2591 2013-01-09  Hajime Morrita  <morrita@google.com>
2592
2593         Document::setActiveNode() should be Document::setActiveElement()
2594         https://bugs.webkit.org/show_bug.cgi?id=106437
2595
2596         Reviewed by Ojan Vafai.
2597
2598         No new tests. No functoinal change.
2599
2600         * dom/Document.cpp:
2601         (WebCore::Document::setActiveElement):
2602         (WebCore::Document::updateHoverActiveState):
2603         * dom/Document.h:
2604         (Document):
2605         * rendering/HitTestResult.cpp:
2606         (WebCore::HitTestResult::innerElement):
2607         (WebCore):
2608         * rendering/HitTestResult.h:
2609         (HitTestResult):
2610
2611 2013-01-09  Shinya Kawanaka  <shinyak@chromium.org>
2612
2613         [Shadow DOM]: ShadowRoot has wrong nodeName attribute
2614         https://bugs.webkit.org/show_bug.cgi?id=104995
2615
2616         Reviewed by Dimitri Glazkov.
2617
2618         According to the Shadow DOM spec, ShadowRoot.nodeName should return '#document-fragment' instead of '#shadow-root'.
2619         We remove ShadowRoot::nodeName.
2620
2621         No new tests, covered by existing tests.
2622
2623         * dom/ShadowRoot.cpp:
2624         * dom/ShadowRoot.h:
2625         (ShadowRoot):
2626
2627 2013-01-09  Zoltan Horvath  <zoltan@webkit.org>
2628
2629         [CSS Regions] Selecting text through nested regions causes weird and unclearable selection  
2630         https://bugs.webkit.org/show_bug.cgi?id=105641
2631
2632         Reviewed by David Hyatt.
2633
2634         If you have a region with a nested region inside what is rendered below the base region and you are trying select text
2635         starting from the base region and ending it in the nested region, firstly you got a weird selection, secondly you can't
2636         clear the selection. We could prevent this strange behavior by preventing the selection through different region flows.
2637
2638         Test: fast/regions/selecting-text-through-different-region-flows.html
2639
2640         * rendering/RenderView.cpp:
2641         (WebCore::RenderView::setSelection): Don't allow selection when trying to select different region flows.
2642
2643 2013-01-09  Hugo Parente Lima  <hugo.lima@openbossa.org>
2644
2645         Regression(r138681) : Add HAVE(ACCESSIBILITY) guard to atk files, fix for a fix.
2646         https://bugs.webkit.org/show_bug.cgi?id=106448
2647
2648         Reviewed by Gyuyoung Kim.
2649
2650         Some atk files don't use HAVE(ACCESSIBILITY). It might make build errors when
2651         the macro isn't enabled.
2652
2653         * accessibility/atk/WebKitAccessibleHyperlink.h:
2654         * accessibility/atk/WebKitAccessibleInterfaceAction.h:
2655         * accessibility/atk/WebKitAccessibleInterfaceComponent.h:
2656         * accessibility/atk/WebKitAccessibleInterfaceHypertext.h:
2657
2658 2013-01-09  Chris Fleizach  <cfleizach@apple.com>
2659
2660         AX: native popup buttons should not use textUnderElement for their title
2661         https://bugs.webkit.org/show_bug.cgi?id=106349
2662
2663         Reviewed by Ryosuke Niwa.
2664
2665         Chromium relies on the older title() method to return its title. As a result, we also
2666         need to handle the case of <select> element pop up buttons returning the textUnderElement().
2667
2668         No new tests. Fix existing break.
2669
2670         * accessibility/AccessibilityNodeObject.cpp:
2671         (WebCore::AccessibilityNodeObject::title):
2672
2673 2013-01-09  Jussi Kukkonen  <jussi.kukkonen@intel.com>
2674
2675         IndexedDB: Remove ASSERTs that can't assert but result in compiler warnings
2676         https://bugs.webkit.org/show_bug.cgi?id=106442
2677
2678         Reviewed by Kentaro Hara.
2679
2680         IDBLevelDBCoding::m_metaDataType has been changed to unsigned
2681         so ASSERT(m_metaDataType >= 0) is no longer useful: the compiler
2682         warnings however create build difficulties at least with EFL.
2683
2684         * Modules/indexeddb/IDBLevelDBCoding.cpp:
2685         (WebCore::IDBLevelDBCoding::ObjectStoreMetaDataKey::metaDataType):
2686         (WebCore::IDBLevelDBCoding::ObjectStoreMetaDataKey::compare):
2687
2688 2012-12-29  Ilya Tikhonovsky  <loislo@chromium.org>
2689
2690         Web Inspector: Native Memory Instrumentation: fix instrumentation for already instrumented classes 1/N
2691         https://bugs.webkit.org/show_bug.cgi?id=106445
2692
2693         Reviewed by Vsevolod Vlasov.
2694
2695         The patch has almost mechanical changes.
2696
2697         * bindings/v8/V8Binding.cpp:
2698         * bindings/v8/V8ValueCache.cpp:
2699         (WTF):
2700         (WebCore::StringCache::reportMemoryUsage):
2701         (WebCore):
2702         * dom/Document.cpp:
2703         (WebCore::Document::reportMemoryUsage):
2704         * dom/DocumentStyleSheetCollection.cpp:
2705         (WebCore::DocumentStyleSheetCollection::reportMemoryUsage):
2706         * dom/ElementRareData.cpp:
2707         (WebCore::ElementRareData::reportMemoryUsage):
2708         * loader/cache/CachedResource.cpp:
2709         (WebCore::CachedResource::reportMemoryUsage):
2710         * page/Frame.cpp:
2711         (WebCore::Frame::reportMemoryUsage):
2712         * page/Page.cpp:
2713         (WebCore::Page::reportMemoryUsage):
2714         * platform/graphics/skia/NativeImageSkia.cpp:
2715         (WebCore::NativeImageSkia::reportMemoryUsage):
2716         * platform/network/FormData.cpp:
2717         (WebCore::FormData::reportMemoryUsage):
2718         (WebCore):
2719         (WebCore::FormDataElement::reportMemoryUsage):
2720         * platform/network/FormData.h:
2721         (FormDataElement):
2722         * rendering/RenderView.cpp:
2723         (WebCore::RenderView::reportMemoryUsage):
2724         * rendering/style/StyleRareNonInheritedData.cpp:
2725         (WebCore::StyleRareNonInheritedData::reportMemoryUsage):
2726
2727 2013-01-09  Florin Malita  <fmalita@chromium.org>
2728
2729         [Skia] Implement GraphicsContext::fillRoundedRect() using SkCanvas::drawRRect()
2730         https://bugs.webkit.org/show_bug.cgi?id=106366
2731
2732         Reviewed by Stephen White.
2733
2734         Skia provides rounded-rect primitives, so we can avoid degrading fillRoundedRect() to
2735         drawPath().
2736
2737         Due to subtle pixel differences (not visually noticeable), switching from drawPath() to
2738         drawRRect() requires rebaselining some of the existing results.
2739
2740         No new tests: coverage provided by existing tests.
2741
2742         * platform/graphics/skia/GraphicsContextSkia.cpp:
2743         (WebCore::GraphicsContext::fillRoundedRect):
2744         * platform/graphics/skia/PlatformContextSkia.h:
2745         (WebCore::PlatformContextSkia::drawRRect):
2746         (WebCore):
2747
2748 2013-01-09  Arnaud Renevier  <a.renevier@sisa.samsung.com>
2749
2750         Web Inspector: cannot undock inspector when window size is too small
2751         https://bugs.webkit.org/show_bug.cgi?id=106054
2752
2753         Reviewed by Pavel Feldman.
2754
2755         Consider dockingUnavailable flag only when dockSide is in undocked
2756         state.
2757
2758         * inspector/front-end/DockController.js:
2759         (WebInspector.DockController.prototype._updateUI.get document):
2760
2761 2013-01-09  Zeno Albisser  <zeno@webkit.org>
2762
2763         [Qt] WebGL content is incomplete when using multiple canvas
2764         https://bugs.webkit.org/show_bug.cgi?id=106313
2765
2766         While we are using double buffering for WebGL,
2767         we do not use a drawable that implements a mechanism
2768         for swapping buffers.
2769         Therefore we have to make sure that all GL commands
2770         have been executed properly before copying the texture
2771         onto the GraphicsSurface.
2772
2773         Reviewed by Simon Hausmann.
2774
2775         * platform/graphics/qt/GraphicsContext3DQt.cpp:
2776         (WebCore::GraphicsContext3DPrivate::blitMultisampleFramebufferAndRestoreContext):
2777
2778 2013-01-09  Carlos Garcia Campos  <cgarcia@igalia.com>
2779
2780         Unreviewed. Fix make distcheck.
2781
2782         * GNUmakefile.list.am: Add missing headers.
2783
2784 2013-01-09  Zeno Albisser  <zeno@webkit.org>
2785
2786         [Qt][Mac] GraphicsSurface does not need glEnable/glDisable for texture targets.
2787         https://bugs.webkit.org/show_bug.cgi?id=106310
2788
2789         glEnable/glDisable for texture targets is only necessary
2790         when using the fixed function pipeline.
2791         Enabling or disabling the target might cause unexpected
2792         behavior to texture bindings and is therefore considered harmful.
2793
2794         Reviewed by Noam Rosenthal.
2795
2796         * platform/graphics/surfaces/mac/GraphicsSurfaceMac.cpp:
2797         (WebCore::createTexture):
2798         (WebCore::GraphicsSurfacePrivate::copyFromTexture):
2799         (WebCore::GraphicsSurface::platformCopyToGLTexture):
2800
2801 2013-01-09  Kunihiko Sakamoto  <ksakamoto@chromium.org>
2802
2803         INPUT_MULTIPLE_FIELDS_UI: min/max attributes should not make all fields read-only
2804         https://bugs.webkit.org/show_bug.cgi?id=106422
2805
2806         Reviewed by Kent Tamura.
2807
2808         Do not make day-field of date input and month-field of month input readonly
2809         even if min and max are the same.
2810
2811         Tests: fast/forms/date-multiple-fields/date-multiple-fields-readonly-subfield.html
2812                fast/forms/month-multiple-fields/month-multiple-fields-readonly-subfield.html
2813
2814         * html/shadow/DateTimeEditElement.cpp:
2815         (WebCore::DateTimeEditBuilder::visitField): Added check for date type.
2816
2817 2013-01-09  Kunihiko Sakamoto  <ksakamoto@chromium.org>
2818
2819         INPUT_MULTIPLE_FIELDS_UI: Step-up/-down of week field should respect min/max attributes
2820         https://bugs.webkit.org/show_bug.cgi?id=106416
2821
2822         Reviewed by Kent Tamura.
2823
2824         Make step-up/-down of the week field respect the min/max attributes of the element.
2825         Note that it still accepts any keyboard inputs (the element
2826         becomes 'invalid' state when out-of-range values entered).
2827
2828         Tests: fast/forms/week-multiple-fields/week-multiple-fields-readonly-subfield.html
2829                fast/forms/week-multiple-fields/week-multiple-fields-stepup-stepdown-from-renderer.html
2830
2831         * css/html.css: Add a CSS rule for week field.
2832         * html/shadow/DateTimeEditElement.cpp:
2833         (WebCore::DateTimeEditBuilder::visitField):
2834         Compute minimum/maximum values of week field from the min/max parameters of the element.
2835         * html/shadow/DateTimeFieldElements.cpp:
2836         (WebCore::DateTimeWeekFieldElement::DateTimeWeekFieldElement): Add mininum/maximum arguments.
2837         (WebCore::DateTimeWeekFieldElement::create): Ditto.
2838         (WebCore::DateTimeWeekFieldElement::clampValueForHardLimits): Added.
2839         * html/shadow/DateTimeFieldElements.h:
2840         (DateTimeWeekFieldElement): Add mininum/maximum arguments and declare clampValueForHardLimits.
2841
2842 2013-01-08  Arpita Bahuguna  <arpitabahuguna@gmail.com>
2843
2844         Caret is incorrectly painted for a contenteditable <div> containing a <br> in vertical writing mode
2845         https://bugs.webkit.org/show_bug.cgi?id=103621
2846
2847         Reviewed by Ryosuke Niwa.
2848
2849         While computing the caret rect for the given specific scenario, we
2850         canonicalize our position. For the upstream (or downstream) block flow
2851         candidates a check to ignore the nodes having renderers with zero height
2852         is carried out. This is where we fail our check in the vertical writing mode.
2853
2854         In the vertical writing mode, instead of verifying the height of the descendants
2855         of the candidate nodes, a check for their width should be carried out.
2856
2857         For our case, i.e. the <br> element contained inside the div, the bounding box
2858         in the vertical writing mode would have a width greater than zero and height
2859         equal to zero (as is to be expected in the vertical mode).
2860
2861         Thus, we need to make a check against the logical height. For the vertical
2862         writing mode, the logical height should return the width of the computed
2863         bounding box.
2864
2865         Test: editing/selection/caret-in-div-containing-br-in-vertical-mode.html
2866
2867         * dom/Position.cpp:
2868         (WebCore::Position::hasRenderedNonAnonymousDescendantsWithHeight):
2869         Have modified the code to verify against the logical height, instead
2870         of simply the height, both in case of RenderText and RenderBox.
2871         The logical height of the computed rects returns a value according
2872         to the writing mode.
2873
2874         For the RenderText a new function, linesLogicalBoundingBox() is called
2875         which returns the values depending on the writing mode.
2876         Similarly, on the RenderBox, pixelSnappedLogicalHeight() is called which
2877         too takes care of the writing mode internally. (borderBoundingBox()
2878         internally calls on the pixelSnappedRect).
2879
2880         * rendering/RenderText.cpp:
2881         (WebCore::RenderText::linesLogicalBoundingBox):
2882         (WebCore):
2883         * rendering/RenderText.h:
2884         (RenderText):
2885         New function is added to return the logical linesBoundingBox, i.e.,
2886         the width and height of the linesBoundingBox are set according to
2887         the writing mode.
2888
2889 2013-01-08  Tony Gentilcore  <tonyg@chromium.org>
2890
2891         Remove a few unused includes from HTMLTreeBuilder
2892         https://bugs.webkit.org/show_bug.cgi?id=106401
2893
2894         Reviewed by Adam Barth.
2895
2896         I happened to notice these while attempting to remove non-thread friendly deps from HTMLTreeBuilder.
2897
2898         No new tests because no new functionality.
2899
2900         * html/parser/HTMLTreeBuilder.cpp:
2901
2902 2013-01-08  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2903
2904         Regression(r138681): Add HAVE(ACCESSIBILITY) guard to atk files
2905         https://bugs.webkit.org/show_bug.cgi?id=106290
2906
2907         Reviewed by Martin Robinson.
2908
2909         Some atk files don't use HAVE(ACCESSIBILITY). It might make build errors when
2910         the macro isn't enabled.
2911
2912         * accessibility/atk/AXObjectCacheAtk.cpp:
2913         * accessibility/atk/WebKitAccessibleHyperlink.h:
2914         * accessibility/atk/WebKitAccessibleInterfaceAction.cpp:
2915         * accessibility/atk/WebKitAccessibleInterfaceAction.h:
2916         * accessibility/atk/WebKitAccessibleInterfaceComponent.cpp:
2917         * accessibility/atk/WebKitAccessibleInterfaceDocument.cpp:
2918         * accessibility/atk/WebKitAccessibleInterfaceDocument.h:
2919         * accessibility/atk/WebKitAccessibleInterfaceEditableText.cpp:
2920         * accessibility/atk/WebKitAccessibleInterfaceEditableText.h:
2921         * accessibility/atk/WebKitAccessibleInterfaceHyperlinkImpl.cpp:
2922         * accessibility/atk/WebKitAccessibleInterfaceHyperlinkImpl.h:
2923         * accessibility/atk/WebKitAccessibleInterfaceHypertext.cpp:
2924         * accessibility/atk/WebKitAccessibleInterfaceImage.cpp:
2925         * accessibility/atk/WebKitAccessibleInterfaceImage.h:
2926         * accessibility/atk/WebKitAccessibleInterfaceSelection.cpp:
2927         * accessibility/atk/WebKitAccessibleInterfaceSelection.h:
2928         * accessibility/atk/WebKitAccessibleInterfaceTable.cpp:
2929         * accessibility/atk/WebKitAccessibleInterfaceTable.h:
2930         * accessibility/atk/WebKitAccessibleInterfaceText.cpp:
2931         * accessibility/atk/WebKitAccessibleInterfaceText.h:
2932         * accessibility/atk/WebKitAccessibleInterfaceValue.cpp:
2933         * accessibility/atk/WebKitAccessibleInterfaceValue.h:
2934         * accessibility/atk/WebKitAccessibleUtil.cpp:
2935         * accessibility/atk/WebKitAccessibleUtil.h:
2936         * accessibility/atk/WebKitAccessibleWrapperAtk.h:
2937
2938 2013-01-08  Matt Falkenhagen  <falken@chromium.org>
2939
2940         Make NodeRenderingContext::parentRenderer and nextRenderer top layer aware
2941         https://bugs.webkit.org/show_bug.cgi?id=103477
2942
2943         Reviewed by Hajime Morita.
2944
2945         Original patch by Elliott Sprehn (minor code and layout tests added).
2946
2947         Instead of using adjustInsertionPointForTopLayerElement and reassigning
2948         pointers passed by reference we should just make nextRenderer and parentRenderer
2949         handle the top layer properly. Right now they would return the wrong values
2950         since we only correctly handle the top layer during renderer creation.
2951
2952         This makes handling of top layer elements consistent with handling of
2953         other special renderering systems like flow threads.
2954
2955         Tests: fast/dom/HTMLDialogElement/modal-dialog-in-replaced-renderer.html
2956                fast/dom/HTMLDialogElement/modal-dialog-in-table-column.html
2957                fast/dom/HTMLDialogElement/modal-dialog-sibling.html
2958
2959         * dom/NodeRenderingContext.cpp:
2960         (WebCore::isRendererReparented): Added this helper function. We must skip
2961         renderers that are reparented in nextRenderer and previousRenderer.
2962         (WebCore):
2963         (WebCore::adjustInsertionPointForTopLayerElement): Removed this method.
2964         (WebCore::NodeRenderingContext::nextRenderer):
2965         (WebCore::NodeRenderingContext::previousRenderer):
2966         (WebCore::NodeRenderingContext::parentRenderer):
2967         (WebCore::NodeRenderingContext::createRendererForElementIfNeeded):
2968
2969 2013-01-08  Kent Tamura  <tkent@chromium.org>
2970
2971         REGRESSION(r135836): Invalid user input for input[type=number] should be cleared by input.value=""
2972         https://bugs.webkit.org/show_bug.cgi?id=106284
2973
2974         Reviewed by Hajime Morita.
2975
2976         No new tests. Updates fast/forms/number/number/validity-badinput.html.
2977
2978         * html/NumberInputType.cpp:
2979         (WebCore::NumberInputType::setValue):
2980         If the new sanitized value is empty and innerTextValue is a bad input
2981         (it means !valueChanged && !innerTextValue().isEmpty() because the new
2982         sanitized value is empty), we need to update innerTextValue with the
2983         empty string.
2984         * html/NumberInputType.h:
2985         (NumberInputType): Declare setValue.
2986
2987 2013-01-08  Nate Chapin  <japhet@chromium.org>
2988
2989         REGRESSION(r138222?): [Mac WK1] http/tests/appcache/main-resource-redirect.html asserts in WebFrameLoaderClient::dispatchDidFinishLoading
2990         https://bugs.webkit.org/show_bug.cgi?id=106123
2991
2992         Reviewed by Alexey Proskuryakov.
2993
2994         No new tests, fixing an existing test.
2995
2996         * loader/MainResourceLoader.cpp:
2997         (WebCore::MainResourceLoader::continueAfterNavigationPolicy): Before calling m_resource->removeClient(this)
2998             and potentially canceling the ResourceLoader, ensure it won't send resource load callbacks.
2999         * loader/ResourceLoader.h:
3000         (WebCore::ResourceLoader::setSendCallbackPolicy):
3001
3002 2013-01-08  Alexandru Chiculita  <achicu@adobe.com>
3003
3004         Assert in RenderGeometryMap::mapToContainer
3005         https://bugs.webkit.org/show_bug.cgi?id=106068
3006
3007         Reviewed by Simon Fraser.
3008
3009         The assert was due to a pending layout, so the values used to compute the layer bounding boxes were incorrect.
3010         That was because of the Document::setVisualUpdatesAllowed mechanism, which triggers a compositor update
3011         and a repaint, but before this patch didn't check whether a layout was pending or not.
3012
3013         Added a check in Document::setVisualUpdatesAllowed for pending layouts and bailed when such case happened.
3014         A layout will come anyway and trigger the correct updates. Couldn't not force an inline layout at that time
3015         as this function is sometimes called really soon, when the WebKit parts are not fully created yet and updates were
3016         calling back into some client callbacks that were not ready.
3017
3018         Also added an assert in RenderLayerCompositor::updateCompositingLayers to check for other cases that might
3019         try to update the layers with a layout pending. That one led to finding an issue in the RenderMarquee, which
3020         was updating on a timer callback. It might happen that a layout is pending while this timer fires and it 
3021         tries to update the scroll position of the layers while a layout is still due.
3022
3023         There was already a protection to bail if a layout is pending in RenderMarquee::timerFired, so I've just broadened the scope
3024         to the whole RenderView to catch all the layout requests.
3025
3026         Tests: compositing/geometry/assert-layout-not-done.html
3027                compositing/geometry/assert-marquee-timer.html
3028
3029         * dom/Document.cpp:
3030         (WebCore::Document::setVisualUpdatesAllowed):
3031         * rendering/RenderLayerCompositor.cpp:
3032         (WebCore::RenderLayerCompositor::updateCompositingLayers):
3033         * rendering/RenderMarquee.cpp:
3034         (WebCore::RenderMarquee::timerFired):
3035
3036 2013-01-08  Justin Novosad  <junov@google.com>
3037
3038         CanvasRenderingContext2D::setFont argument may reference destroyed object
3039         https://bugs.webkit.org/show_bug.cgi?id=106385
3040
3041         Reviewed by Abhishek Arya.
3042
3043         No new tests: covered by fast/canvas/canvas-measureText.html
3044
3045         This is a re-write of r138994.  Fixing bug in setFont instead of
3046         workaround at call site. 
3047
3048         * html/canvas/CanvasRenderingContext2D.cpp:
3049         (WebCore::CanvasRenderingContext2D::setFont):
3050         (WebCore::CanvasRenderingContext2D::accessFont):
3051
3052 2013-01-08  David Grogan  <dgrogan@chromium.org>
3053
3054         IndexedDB: Provide LevelDB with IDBEnv instead of Env::Default
3055         https://bugs.webkit.org/show_bug.cgi?id=106135
3056
3057         Reviewed by Tony Chang.
3058
3059         IDBEnv only changes the name of the histogram where errors are logged.
3060
3061         * platform/leveldb/LevelDBDatabase.cpp:
3062         (WebCore::LevelDBDatabase::open):
3063         (WebCore::LevelDBDatabase::openInMemory):
3064
3065 2013-01-08  Brandon Jones  <bajones@chromium.org>
3066
3067         Make WebGLRenderingContext inherit from ActiveDOMObject
3068         https://bugs.webkit.org/show_bug.cgi?id=104733
3069
3070         Reviewed by Adam Barth.
3071
3072         When ActiveDOMObject::stop is called on the WebGLRenderingContext the
3073         DrawingBuffer and GraphicsContext3D instances are forcibly released in
3074         order to keep GPU memory utilization to a minimum.
3075
3076         Incorporated new layout test based on one just added to the WebGL
3077         conformance suite. Also tested manually by reloading and
3078         navigating between many WebGL apps.
3079
3080         Test: fast/canvas/webgl/context-release-upon-reload.html
3081
3082         * bindings/v8/custom/V8HTMLCanvasElementCustom.cpp:
3083         (WebCore::V8HTMLCanvasElement::getContextCallback):
3084             Removed garbage collection hack added in Bug 76255.
3085         * html/canvas/WebGLRenderingContext.cpp:
3086         (WebCore):
3087         (WebCore::WebGLRenderingContext::create):
3088             Call suspendIfNeeded per ActiveDOMObject contract.
3089         (WebCore::WebGLRenderingContext::WebGLRenderingContext):
3090             Call ActiveDOMObject constructor.
3091         (WebCore::WebGLRenderingContext::~WebGLRenderingContext):
3092             Call destroyGraphicsContext3D.
3093         (WebCore::WebGLRenderingContext::destroyGraphicsContext3D):
3094             Drop DrawingBuffer backing store and delete GraphicsContext3D.
3095         (WebCore::WebGLRenderingContext::hasPendingActivity):
3096             Always return false.
3097         (WebCore::WebGLRenderingContext::stop):
3098             Force lost context upon page reload or navigation.
3099         * html/canvas/WebGLRenderingContext.h:
3100         (WebGLRenderingContext):
3101             Inherit from ActiveDOMObject and override notifications.
3102         * platform/graphics/blackberry/DrawingBufferBlackBerry.cpp:
3103         (WebCore):
3104         (WebCore::DrawingBuffer::clearPlatformLayer):
3105             Add currently no-op implementation.
3106         * platform/graphics/cairo/DrawingBufferCairo.cpp:
3107         (WebCore):
3108         (WebCore::DrawingBuffer::clearPlatformLayer):
3109             Add currently no-op implementation.
3110         * platform/graphics/chromium/DrawingBufferChromium.cpp:
3111         (WebCore::DrawingBufferPrivate::clearTextureId):
3112             Clear texture ID from compositor's layer.
3113         (DrawingBufferPrivate):
3114         (WebCore::DrawingBuffer::framebuffer):
3115             Moved around to reduce number of #ifdefs.
3116         (WebCore):
3117         (WebCore::DrawingBuffer::platformLayer):
3118         (WebCore::DrawingBuffer::clearPlatformLayer):
3119             Tell compositor to stop referencing DrawingBuffer's texture.
3120         * platform/graphics/clutter/DrawingBufferClutter.cpp:
3121         (WebCore):
3122         (WebCore::DrawingBuffer::clearPlatformLayer):
3123             Add currently no-op implementation.
3124         * platform/graphics/gpu/DrawingBuffer.cpp:
3125         (WebCore::DrawingBuffer::clear):
3126             Call clearPlatformLayer before deleting OpenGL resources.
3127         * platform/graphics/gpu/DrawingBuffer.h:
3128         (DrawingBuffer):
3129             Add clearPlatformLayer.
3130         * platform/graphics/gpu/mac/DrawingBufferMac.mm:
3131         (WebCore):
3132         (WebCore::DrawingBuffer::clearPlatformLayer):
3133             Add currently no-op implementation.
3134         * platform/graphics/gpu/qt/DrawingBufferQt.cpp:
3135         (WebCore):
3136         (WebCore::DrawingBuffer::clearPlatformLayer):
3137             Add currently no-op implementation.
3138
3139 2013-01-08  Tony Gentilcore  <tonyg@chromium.org>
3140
3141         Remove dependency on Document from HTMLConstructionSite::inQuirksMode()
3142         https://bugs.webkit.org/show_bug.cgi?id=106375
3143
3144         Reviewed by Adam Barth.
3145
3146         This is another step towards removing main thread object dependencies
3147         from the parser.
3148
3149         No new tests because no new functionality.
3150
3151         * dom/Document.h:
3152         * html/HTMLDocument.cpp:
3153         * html/HTMLDocument.h:
3154         (HTMLDocument):
3155         * html/parser/HTMLConstructionSite.cpp:
3156         (WebCore::HTMLConstructionSite::HTMLConstructionSite):
3157         (WebCore::HTMLConstructionSite::setDefaultCompatibilityMode):
3158         (WebCore):
3159         (WebCore::HTMLConstructionSite::setCompatibilityMode):
3160         (WebCore::HTMLConstructionSite::setCompatibilityModeFromDoctype):
3161         (WebCore::HTMLConstructionSite::insertDoctype):
3162         (WebCore::HTMLConstructionSite::inQuirksMode):
3163         * html/parser/HTMLConstructionSite.h:
3164         (HTMLConstructionSite):
3165
3166 2013-01-08  Florin Malita  <fmalita@chromium.org>
3167
3168         Remove unused GraphicsContext::addInnerRoundedRectClip()
3169         https://bugs.webkit.org/show_bug.cgi?id=106376
3170
3171         Reviewed by Andreas Kling.
3172
3173         Since there don't seem to be any users left for it, remove addInnerRoundedRectClip().
3174
3175         No new tests: no functional changes.
3176
3177         * platform/graphics/GraphicsContext.h:
3178         (GraphicsContext):
3179         * platform/graphics/cairo/GraphicsContextCairo.cpp:
3180         * platform/graphics/cg/GraphicsContextCG.cpp:
3181         * platform/graphics/openvg/GraphicsContextOpenVG.cpp:
3182         * platform/graphics/qt/GraphicsContextQt.cpp:
3183         * platform/graphics/skia/GraphicsContextSkia.cpp:
3184         (WebCore):
3185         * platform/graphics/wince/GraphicsContextWinCE.cpp:
3186         * platform/graphics/wx/GraphicsContextWx.cpp:
3187
3188 2013-01-08  Justin Novosad  <junov@google.com>
3189
3190         Color bleeding with rounded rectangles on high dpi displays
3191         https://bugs.webkit.org/show_bug.cgi?id=106373
3192
3193         Reviewed by Simon Fraser.
3194
3195         Test: fast/backgrounds/gradient-background-leakage-hidpi.html
3196
3197         Avoid using the BackgroundBleedShrinkBackground draw strategy for
3198         RenderBox when border width is less than two layout units. This
3199         is because rounded rectangles are always snapped to integer layout
3200         coordinates, even with subpixel layout enabled.
3201
3202         * rendering/RenderBox.cpp:
3203         (WebCore::RenderBox::determineBackgroundBleedAvoidance):
3204
3205 2013-01-08  Elliott Sprehn  <esprehn@chromium.org>
3206
3207         Merge getLineAtIndex into RenderBlock::lineAtIndex
3208         https://bugs.webkit.org/show_bug.cgi?id=106379
3209
3210         Reviewed by Eric Seidel.
3211
3212         getLineAtIndex can be merged into lineAtIndex, which was it's only caller.
3213
3214         No new tests, just refactoring.
3215
3216         * rendering/RenderBlock.cpp:
3217         (WebCore::RenderBlock::lineAtIndex):
3218         (WebCore::RenderBlock::lineCount):
3219         * rendering/RenderBlock.h:
3220         (RenderBlock):
3221
3222 2013-01-08  Rafael Weinstein  <rafaelw@chromium.org>
3223
3224         [HTMLTemplateElement] Allow <template> content to be inspected
3225         https://bugs.webkit.org/show_bug.cgi?id=105839
3226
3227         Reviewed by Pavel Feldman.
3228
3229         In addition to the plumbing which allows template contents to be
3230         displayed within the inspector, this patch adds a manually-managed
3231         weakref from the template document back to its host document (typically
3232         the creator). This is required so that the inspector agent can be found
3233         for template elements.
3234
3235         * dom/Document.cpp:
3236         (WebCore::Document::~Document):
3237         (WebCore::Document::templateDocument):
3238         * dom/Document.h:
3239         (Document):
3240         (WebCore::Document::setTemplateDocumentHost):
3241         (WebCore::Document::templateDocumentHost):
3242         * editing/markup.cpp:
3243         (WebCore::createFragmentForInnerOuterHTML):
3244         * html/HTMLTemplateElement.cpp:
3245         (WebCore::HTMLTemplateElement::content):
3246         * inspector/Inspector.json:
3247         * inspector/InspectorDOMAgent.cpp:
3248         (WebCore::InspectorDOMAgent::buildObjectForNode):
3249         * inspector/InspectorInstrumentation.h:
3250         (WebCore::InspectorInstrumentation::instrumentingAgentsForDocument):
3251         * inspector/front-end/DOMAgent.js:
3252         (WebInspector.DOMNode):
3253         (WebInspector.DOMNode.prototype.hasChildNodes):
3254         (WebInspector.DOMNode.prototype._insertChild):
3255         (WebInspector.DOMNode.prototype._setChildrenPayload):
3256
3257 2013-01-08  Hajime Morrita  <morrita@google.com>
3258
3259         [Shadow DOM] Distribution related code on ShadowRoot should be minimized.
3260         https://bugs.webkit.org/show_bug.cgi?id=106282
3261
3262         Reviewed by Dimitri Glazkov.
3263
3264         ShadowRoot had a certain amount of logic which is dedicated for
3265         node distribution computation.  These code is going to be compiled
3266         out (Bug 103339) and better be part of the node distribution
3267         algorithm, which is ScopeContentDistribution class.
3268
3269         This change
3270
3271         - Renames ShadowRootContentDistributionData to
3272           ScopeContentDistribution.  New name is concise and a bit more
3273           meaningful: It owns per TreeScope distribution state.
3274         - Moves distribution related code from ShadowRoot to ScopeContentDistribution
3275
3276         No new tests. Refactoring.
3277
3278         * WebCore.exp.in:
3279         * css/StyleScopeResolver.cpp:
3280         (WebCore::StyleScopeResolver::styleSharingCandidateMatchesHostRules):
3281         (WebCore::StyleScopeResolver::matchHostRules):
3282         * dom/ComposedShadowTreeWalker.cpp:
3283         (WebCore::nodeCanBeDistributed):
3284         (WebCore::ComposedShadowTreeWalker::traverseBackToYoungerShadowRoot):
3285         (WebCore::ComposedShadowTreeWalker::traverseParentBackToYoungerShadowRootOrHost):
3286         (WebCore::AncestorChainWalker::parent):
3287         * dom/ElementShadow.cpp:
3288         (WebCore::ElementShadow::collectSelectFeatureSetFrom):
3289         * dom/ShadowRoot.cpp:
3290         (WebCore::ShadowRoot::insertedInto):
3291         (WebCore::ShadowRoot::removedFrom):
3292         (WebCore::ShadowRoot::ensureScopeDistribution):
3293         (WebCore::ShadowRoot::reportMemoryUsage):
3294         * dom/ShadowRoot.h:
3295         (WebCore):
3296         (ShadowRoot):
3297         (WebCore::ShadowRoot::scopeDistribution):
3298         * html/shadow/ContentDistributor.cpp:
3299         (WebCore::ScopeContentDistribution::ScopeContentDistribution):
3300         (WebCore::ScopeContentDistribution::invalidateInsertionPointList):
3301         (WebCore::ScopeContentDistribution::ensureInsertionPointList):
3302         (WebCore::ScopeContentDistribution::registerInsertionPoint):
3303         (WebCore::ScopeContentDistribution::unregisterInsertionPoint):
3304         (WebCore::ScopeContentDistribution::hasShadowElement):
3305         (WebCore):
3306         (WebCore::ScopeContentDistribution::hasContentElement):
3307         (WebCore::ScopeContentDistribution::countElementShadow):
3308         (WebCore::ScopeContentDistribution::hasInsertionPoint):
3309         (WebCore::ScopeContentDistribution::assignedTo):
3310         (WebCore::ContentDistributor::distribute):
3311         (WebCore::ContentDistributor::invalidate):
3312         * html/shadow/ContentDistributor.h:
3313         (ScopeContentDistribution):
3314         (WebCore::ScopeContentDistribution::registerElementShadow):
3315         (WebCore::ScopeContentDistribution::unregisterElementShadow):
3316         (WebCore::ScopeContentDistribution::hasElementShadow):
3317         * html/shadow/HTMLShadowElement.cpp:
3318         (WebCore::HTMLShadowElement::olderShadowRoot):
3319         * html/shadow/InsertionPoint.cpp:
3320         (WebCore::InsertionPoint::insertedInto):
3321         (WebCore::InsertionPoint::removedFrom):
3322         (WebCore::InsertionPoint::contains):
3323         (WebCore):
3324         (WebCore::resolveReprojection):
3325         * html/shadow/InsertionPoint.h:
3326         (InsertionPoint):
3327         (WebCore):
3328         * testing/Internals.cpp:
3329         (WebCore::Internals::hasShadowInsertionPoint):
3330         (WebCore::Internals::hasContentElement):
3331         (WebCore::Internals::countElementShadow):
3332
3333 2013-01-08  Tom Sepez  <tsepez@chromium.org>
3334
3335         Copy-paste preserves <embed> tags containing active content.
3336         https://bugs.webkit.org/show_bug.cgi?id=77625
3337
3338         Reviewed by Ryosuke Niwa.
3339
3340         Test: editing/pasteboard/paste-noplugin.html
3341
3342         * dom/FragmentScriptingPermission.h:
3343         (WebCore::scriptingContentIsAllowed):
3344         (WebCore::pluginContentIsAllowed):
3345         Add new permission to restrict plugin pasting.  Add inline functions to check
3346         the implications of each permission rather than having a list of raw comparisions
3347         sprinkled throughout the code. 
3348         
3349         * editing/markup.cpp:
3350         (WebCore::createFragmentFromMarkup):
3351         Revert back to unsafe plugin pasting regardless of caller's intentions when
3352         the settings allow it.
3353
3354         * dom/Element.cpp:
3355         (WebCore::Element::parserSetAttributes):
3356         * html/parser/HTMLConstructionSite.cpp:
3357         (WebCore::HTMLConstructionSite::insertScriptElement):
3358         * xml/parser/XMLDocumentParserLibxml2.cpp:
3359         (WebCore::XMLDocumentParser::endElementNs):
3360         * xml/parser/XMLDocumentParserQt.cpp:
3361         (WebCore::XMLDocumentParser::parseEndElement):
3362         Use new inline functions to check implications of permissions rather than raw
3363         comparisions.
3364         
3365         * html/parser/HTMLTreeBuilder.cpp:
3366         (WebCore::HTMLTreeBuilder::processStartTagForInBody):
3367         (WebCore::HTMLTreeBuilder::processEndTag):
3368         Check if plugin pasting is allowed before inserting applet/embed/oject elements.
3369
3370         * page/Settings.in:
3371         Declaration of new unsafePluginPastingEnabled setting.
3372
3373         * platform/mac/PasteboardMac.mm:
3374         (WebCore::Pasteboard::documentFragment):
3375         * platform/blackberry/PasteboardBlackBerry.cpp:
3376         (WebCore::Pasteboard::documentFragment):
3377         * platform/chromium/DragDataChromium.cpp:
3378         (WebCore::DragData::asFragment):
3379         * platform/chromium/PasteboardChromium.cpp:
3380         (WebCore::Pasteboard::documentFragment):
3381         * platform/gtk/PasteboardGtk.cpp:
3382         (WebCore::Pasteboard::documentFragment):
3383         * platform/qt/DragDataQt.cpp:
3384         (WebCore::DragData::asFragment):
3385         * platform/qt/PasteboardQt.cpp:
3386         (WebCore::Pasteboard::documentFragment):
3387         * platform/win/ClipboardUtilitiesWin.cpp:
3388         (WebCore::fragmentFromCFHTML):
3389         (WebCore::fragmentFromHTML):
3390         * platform/wx/PasteboardWx.cpp:
3391         (WebCore::Pasteboard::documentFragment):
3392         Pass DisallowScriptingAndPluginContent enum value.
3393         
3394 2013-01-08  Alexis Menard  <alexis@webkit.org>
3395
3396         WebKit does not reject some cubic-bezier form values for transition-timing-function.
3397         https://bugs.webkit.org/show_bug.cgi?id=106369
3398
3399         Reviewed by Dean Jackson.
3400
3401         http://www.w3.org/TR/css3-transitions/#transition-timing-function-property
3402         describes restricitions on cubic-bezier values where the x values of
3403         the curve should be between [0, 1] and y values can exceed this range.
3404         WebKit was not following the specification by allowing x values
3405         exceeding the range.
3406         The spec also says that we should reject the defintion if the condition
3407         is not respected which is what the new code does.
3408
3409         Test: transitions/transitions-parsing.html
3410
3411         * css/CSSParser.cpp:
3412         (WebCore::CSSParser::parseAnimationTimingFunction):
3413
3414 2013-01-08  Andreas Kling  <akling@apple.com>
3415
3416         Heap-use-after-free in bool WebCore::SelectorChecker::checkOneSelector.
3417         <http://webkit.org/b/105834>
3418
3419         Reviewed by Antti Koivisto.
3420
3421         Suppress the DOMSubtreeModified event when synchronizing the "style" attribute and we've
3422         instantiated an Attr node wrapper for the said attribute.
3423
3424         Also added an assertion that Document's StyleResolver isn't cleared during style recalc,
3425         which will help us catch this kind of bug in the future.
3426
3427         Test: fast/dom/mutation-event-listener-with-dirty-inline-style-crash.html
3428
3429         * dom/Document.cpp:
3430         (WebCore::Document::styleResolverThrowawayTimerFired):
3431         * dom/Element.cpp:
3432         (WebCore::Element::setAttributeInternal):
3433
3434 2013-01-08  Sheriff Bot  <webkit.review.bot@gmail.com>
3435
3436         Unreviewed, rolling out r139096.
3437         http://trac.webkit.org/changeset/139096
3438         https://bugs.webkit.org/show_bug.cgi?id=106367
3439
3440         not a complete fix (Requested by bweinstein on #webkit).
3441
3442         * html/HTMLPlugInImageElement.cpp:
3443         (WebCore::HTMLPlugInImageElement::userDidClickSnapshot):
3444
3445 2013-01-08  Brian Weinstein  <bweinstein@apple.com>
3446
3447         Plug-ins shouldn’t be added to list to autostart if you start a plugin in private browsing.
3448         https://bugs.webkit.org/show_bug.cgi?id=106348
3449         <rdar://problem/12968442>
3450
3451         Reviewed by Anders Carlsson.
3452
3453         * html/HTMLPlugInImageElement.cpp: