2013-01-29 Patrick Gansterer Rename TextBreakIteratorWinCE to TextBreakIteratorWchar https://bugs.webkit.org/show_bug.cgi?id=108094 Reviewed by Ryosuke Niwa. TextBreakIteratorWinCE does not contain any Windows CE specific code. Rename it to TextBreakIteratorWchar to match the name in wtf/unicode. * platform/text/wchar/TextBreakIteratorWchar.cpp: Renamed from Source/WebCore/platform/text/wince/TextBreakIteratorWinCE.cpp. 2013-01-29 Tommy Widenflycht MediaStream API: A MediaStreamComponent should be able to return the MediaStreamDescriptor it belongs to https://bugs.webkit.org/show_bug.cgi?id=108173 Reviewed by Adam Barth. To be able to return the MediaStreamDescriptor a MediaStreamComponent belongs to the "ownership" of the MediaStreamDescriptor needed to move from a MediaStreamTrack to the MediaStreamComponent. This is also better from an architectonic view as well. Patch covered by existing tests. * Modules/mediastream/MediaStream.cpp: (WebCore::MediaStream::MediaStream): (WebCore::MediaStream::addTrack): (WebCore::MediaStream::addRemoteTrack): * Modules/mediastream/MediaStreamTrack.cpp: (WebCore::MediaStreamTrack::create): (WebCore::MediaStreamTrack::MediaStreamTrack): (WebCore::MediaStreamTrack::setEnabled): * Modules/mediastream/MediaStreamTrack.h: (MediaStreamTrack): * Modules/mediastream/RTCStatsRequestImpl.cpp: (WebCore::RTCStatsRequestImpl::RTCStatsRequestImpl): * platform/chromium/support/WebMediaStreamComponent.cpp: (WebKit::WebMediaStreamComponent::stream): (WebKit): * platform/mediastream/MediaStreamComponent.h: (WebCore): (WebCore::MediaStreamComponent::create): (MediaStreamComponent): (WebCore::MediaStreamComponent::stream): (WebCore::MediaStreamComponent::setStream): (WebCore::MediaStreamComponent::MediaStreamComponent): * platform/mediastream/MediaStreamDescriptor.h: (WebCore::MediaStreamDescriptor::MediaStreamDescriptor): 2013-01-29 Alec Flett IndexedDB: Pass metadata in to IDBOpenDBRequest.onUpgradeNeeded/onSuccess https://bugs.webkit.org/show_bug.cgi?id=103920 Reviewed by Dimitri Glazkov. Update IDBCallbacks::onSuccess and IDBCallbacks::onUpgradeNeeded to pass through a metadata parameter. While there, remove the unused IDBTransactionBackendInterface parameter to onUpgradeNeeded. As this is another step in the IDB refactor, I've simplified future cleanup work by making the WebKit API code still use the old API. This will make it possible to outright remove code on the chromium side rather than another three-step checkin. No new tests, as this is more refactoring. * Modules/indexeddb/IDBCallbacks.h: (WebCore::IDBCallbacks::onUpgradeNeeded): new method signature. (WebCore::IDBCallbacks::onSuccess): new method signature. * Modules/indexeddb/IDBDatabaseBackendImpl.cpp: (WebCore::IDBDatabaseBackendImpl::VersionChangeOperation::perform): (WebCore::IDBDatabaseBackendImpl::processPendingCalls): (WebCore::IDBDatabaseBackendImpl::openConnection): * Modules/indexeddb/IDBOpenDBRequest.cpp: (WebCore::IDBOpenDBRequest::onUpgradeNeeded): use passed-in metadata. (WebCore::IDBOpenDBRequest::onSuccess): use passed-in metadata. * Modules/indexeddb/IDBOpenDBRequest.h: (IDBOpenDBRequest): 2013-01-29 Dirk Schulze Canvas support for isPointInStroke https://bugs.webkit.org/show_bug.cgi?id=108185 Reviewed by Dean Jackson. isPointInStroke(x,y) returns true if a point hits the stroke with applied stroke styles like dashArray, lineCap, lineJoin, lineWidth. The syntax is similar to isPointInPath, which returns true if a point hits the fill area of a path. Firefox implemented isPointInStroke originally and unprefixed it recently: https://bugzilla.mozilla.org/show_bug.cgi?id=803124 Test: fast/canvas/canvas-isPointInStroke.html * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasStrokeStyleApplier::strokeStyle): Take dashArray and lineDashOffset into account. (WebCore): (WebCore::CanvasRenderingContext2D::isPointInStroke): The implementation of the function. * html/canvas/CanvasRenderingContext2D.h: (CanvasRenderingContext2D): * html/canvas/CanvasRenderingContext2D.idl: Added operation to interface. 2013-01-29 Nate Chapin Enable reuse of cached main resources https://bugs.webkit.org/show_bug.cgi?id=105667 Reviewed by Adam Barth. Test: http/tests/cache/cached-main-resource.html * WebCore.exp.in: * dom/Document.cpp: (WebCore::Document::hasManifest): Returns true if the element has a non-empty manifest attribute. (WebCore): * dom/Document.h: (Document): * loader/FrameLoader.cpp: (WebCore::FrameLoader::loadedResourceFromMemoryCache): Don't send delegate callbacks for cache hit here, since MainResourceLoader will take care of it. * loader/MainResourceLoader.cpp: (WebCore::MainResourceLoader::MainResourceLoader): (WebCore::MainResourceLoader::receivedError): (WebCore::MainResourceLoader::willSendRequest): (WebCore::MainResourceLoader::responseReceived): Don't try to cache loads from the application cache. (WebCore::MainResourceLoader::didFinishLoading): Don't try to cache loads from the application cache. (WebCore::MainResourceLoader::load): Ensure we create a resource load identifier for cache hits. Also, ensure we correctly popualate fragment identifiers in the ResourceRequest reported to DocumentLoader. (WebCore::MainResourceLoader::identifier): * loader/MainResourceLoader.h: Rename m_substituteDataLoadIdentifier to m_identifierForLoadWithoutResourceLoader to better describe when it is used. * loader/cache/CachedRawResource.cpp: (WebCore::CachedRawResource::didAddClient): Synthesize redirect notifications for cache hits if necessary. (WebCore::CachedRawResource::willSendRequest): Note the redirects we received. (WebCore::CachedRawResource::canReuse): Don't reuse a resource if the redirect chain included a "Cache-control: no-store". * loader/cache/CachedRawResource.h: (CachedRawResource): (RedirectPair): (WebCore::CachedRawResource::RedirectPair::RedirectPair): * loader/cache/CachedResource.cpp: (WebCore::CachedResource::addClientToSet): Don't return cached data for a main resource synchronously * loader/cache/CachedResource.h: (WebCore::CachedResource::canReuse): (CachedResource): * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::requestResource): Leave cahce reuse of main resources off for chromium for now. (WebCore::CachedResourceLoader::determineRevalidationPolicy): Permit cache reuse for main resources. * testing/Internals.cpp: (WebCore::Internals::isPreloaded): (WebCore): (WebCore::Internals::isLoadingFromMemoryCache): * testing/Internals.h: (Internals): * testing/Internals.idl: 2013-01-29 Min Qin Fix a problem that deferred image decoding is enabled for multiframe images https://bugs.webkit.org/show_bug.cgi?id=108152 Reviewed by Stephen White. Deferred image decoding should only work for single frame images now. However, using ImageDecoder::repetitionCount() does not capture all the cases. Enforce the rule using ImageDecoder::frameCount()==1. Fixing a failing layout test: platform/chromium/virtual/deferred/fast/images/icon-0colors.html * platform/graphics/chromium/DeferredImageDecoder.cpp: (WebCore::DeferredImageDecoder::frameBufferAtIndex): 2013-01-29 Elliott Sprehn Move ElementShadow creation to ElementRareData https://bugs.webkit.org/show_bug.cgi?id=108195 Reviewed by Dimitri Glazkov. Move the creation of ElementShadow to ElementRareData for better encapsulation, and get rid of ElementRareData::setShadow. No new tests, just refactoring. * dom/Element.cpp: (WebCore::Element::~Element): Use clearShadow() instead of setShadow which is removed. (WebCore::Element::shadow): (WebCore::Element::ensureShadow): Use ElementRareData::ensureShadow(). * dom/ElementRareData.h: (WebCore::ElementRareData::clearShadow): Added. (WebCore::ElementRareData::ensureShadow): Added. 2013-01-29 Alpha Lam [chromium] Unreviewed build fix. Revert my revert at 141033 which can cause deadlock. * platform/graphics/chromium/DiscardablePixelRef.cpp: (WebCore::DiscardablePixelRefAllocator::allocPixelRef): (WebCore::DiscardablePixelRef::DiscardablePixelRef): * platform/graphics/chromium/DiscardablePixelRef.h: (DiscardablePixelRef): 2013-01-29 Joshua Bell [Chromium] IndexedDB: Let callers specify reason (error) for aborting transaction https://bugs.webkit.org/show_bug.cgi?id=107851 Reviewed by Tony Chang. Internal to the back-end, callers are able to abort transactions and specify a reason as an IDBDatabaseError, e.g. ConstraintError. Expose this to the WebKit/chromium/public API so that intermediate layers can specify reasons as well, e.g. QuotaExceededError. Test will land in Chromium as fix for crbug.com/113118 * Modules/indexeddb/IDBDatabaseBackendImpl.cpp: (WebCore::IDBDatabaseBackendImpl::abort): Added overload that takes error. * Modules/indexeddb/IDBDatabaseBackendImpl.h: Ditto. * Modules/indexeddb/IDBDatabaseBackendInterface.h: Ditto. 2013-01-29 Victor Carbune Heap-use-after-free in WebCore::RenderTextTrackCue::layout https://bugs.webkit.org/show_bug.cgi?id=108197 Reviewed by Eric Carlson. Test: media/track/track-cue-rendering-tree-is-removed-properly.html * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::textTrackRemoveCue): Ensure the display tree is removed when the cue is removed from the list of cues. * html/track/TextTrackCue.cpp: (WebCore::TextTrackCue::~TextTrackCue): Enfore display tree removal. 2013-01-29 Eli Fidler On HarfbuzzNG ports, Arabic TATWEEL is not joined. https://bugs.webkit.org/show_bug.cgi?id=108037 Reviewed by Tony Chang. The tatweel (U+0640) is being split into a separate run, because its script is USCRIPT_COMMON. It has script extensions for USCRIPT_ARABIC, so I think it shouldn't trigger a new run. Test: fast/text/international/arabic-tatweel-join.html * platform/graphics/harfbuzz/ng/HarfBuzzShaper.cpp: (WebCore::HarfBuzzShaper::collectHarfBuzzRuns): 2013-01-29 Martin Robinson [Freetype] Cannot use characters outside the BMP https://bugs.webkit.org/show_bug.cgi?id=108102 Reviewed by Carlos Garcia Campos. Test: platform/gtk/fonts/non-bmp-characters.html Instead of never handling surrogate pairs when dealing with UChar arrays, abstract way the logic for this into UTF16UChar32Iterator and use it everywhere in Freetype. This allows the Freetype backend to render non-BMP characters which are always represented as surrogate pairs in UTF-16. * GNUmakefile.list.am: Added UTF16UChar32Iterator to the source list. * platform/graphics/freetype/FontCacheFreeType.cpp: (WebCore::createFontConfigPatternForCharacters): Use the new iterator. (WebCore::FontCache::getFontDataForCharacters): Ditto. * platform/graphics/freetype/GlyphPageTreeNodeFreeType.cpp: (WebCore::GlyphPage::fill): Ditto. Remove the early return when dealing with non-BMP data. * platform/graphics/freetype/SimpleFontDataFreeType.cpp: (WebCore::SimpleFontData::containsCharacters): Use the new iterator. * platform/graphics/freetype/UTF16UChar32Iterator.h: Added. An iterator that extracts UChar32 from UTF-16 UChar arrays. * GNUmakefile.list.am: * platform/graphics/freetype/FontCacheFreeType.cpp: (WebCore::createFontConfigPatternForCharacters): (WebCore::FontCache::getFontDataForCharacters): * platform/graphics/freetype/GlyphPageTreeNodeFreeType.cpp: (WebCore::GlyphPage::fill): * platform/graphics/freetype/SimpleFontDataFreeType.cpp: (WebCore::SimpleFontData::containsCharacters): * platform/graphics/freetype/UTF16UChar32Iterator.h: Added. (WebCore): (UTF16UChar32Iterator): (WebCore::UTF16UChar32Iterator::UTF16UChar32Iterator): (WebCore::UTF16UChar32Iterator::end): (WebCore::UTF16UChar32Iterator::next): * GNUmakefile.list.am: * platform/graphics/freetype/FontCacheFreeType.cpp: (WebCore::createFontConfigPatternForCharacters): * platform/graphics/freetype/GlyphPageTreeNodeFreeType.cpp: (WebCore::GlyphPage::fill): * platform/graphics/freetype/SimpleFontDataFreeType.cpp: (WebCore::SimpleFontData::containsCharacters): * platform/graphics/freetype/UTF16UChar32Iterator.h: Added. (WebCore): (UTF16UChar32Iterator): (WebCore::UTF16UChar32Iterator::UTF16UChar32Iterator): (WebCore::UTF16UChar32Iterator::end): (WebCore::UTF16UChar32Iterator::next): 2013-01-29 Glenn Hartmann Don't overlap test for composited scroll DIVs after scroll https://bugs.webkit.org/show_bug.cgi?id=107471 Reviewed by Simon Fraser. We don't need to test for overlap after scroll when both usesCompositedScrolling and !hasOutOfFlowPositionedDescendant because: a) Since we're using composited-scrolling, the composited region presented by the composited-scrolling element to other non-descendant layers doesn't change during composited scrolling (it's always the entire scroll layer), and b) Since we have no out of flow positioned descendants, the scrolling descendants all move together, so their overlap with respect to each other cannot change. So no descendants nor any non-descendants can have their overlap affected, so it's safe to skip testing. No new tests (no change in behaviour). * rendering/RenderLayer.cpp: (WebCore::RenderLayer::updateCompositingLayersAfterScroll): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::updateCompositingLayers): * rendering/RenderLayerCompositor.h: 2013-01-29 Alexis Menard Implement pseudoElement attribute on transition DOM events. https://bugs.webkit.org/show_bug.cgi?id=107986 Reviewed by Julien Chaffraix. Implement the pseudoElement attribute documented here : http://dev.w3.org/csswg/css3-transitions/#transition-events. This add a new attribute to the transition DOM event useful when animating pseudo elements. As they are not accessible in JS, it's very useful to get on which pseudo element the transition just ended. This patch adds the new attribute on the IDLs of DOM transition events as well as adding it to the C++ classes representing them. The event dispatching code have been patched to change the target of the event (we can't send the current target as it is the actual DOM representation of the pseudo element). Test: fast/css-generated-content/pseudo-transition-event.html * dom/EventDispatcher.cpp: (WebCore::eventTargetRespectingTargetRules): Change the target of the event in the case of a pseudo element. We can't expose them through the public interface so the target is the node they belong to. (WebCore::EventDispatcher::ensureEventAncestors): (WebCore::EventDispatcher::dispatchScopedEvent): (WebCore::EventDispatcher::dispatchEvent): (WebCore::EventDispatcher::dispatchEventPostProcess): * dom/EventTarget.cpp: (WebCore::createMatchingPrefixedEvent): * dom/PseudoElement.cpp: (WebCore::PseudoElement::pseudoElementNameForEvents): (WebCore): * dom/PseudoElement.h: * dom/TransitionEvent.cpp: (WebCore::TransitionEventInit::TransitionEventInit): (WebCore::TransitionEvent::TransitionEvent): (WebCore::TransitionEvent::pseudoElement): (WebCore): * dom/TransitionEvent.h: (TransitionEventInit): (WebCore::TransitionEvent::create): (TransitionEvent): * dom/TransitionEvent.idl: * dom/WebKitTransitionEvent.cpp: (WebCore::WebKitTransitionEventInit::WebKitTransitionEventInit): (WebCore::WebKitTransitionEvent::WebKitTransitionEvent): (WebCore::WebKitTransitionEvent::pseudoElement): (WebCore): * dom/WebKitTransitionEvent.h: (WebKitTransitionEventInit): (WebCore::WebKitTransitionEvent::create): (WebKitTransitionEvent): * dom/WebKitTransitionEvent.idl: * page/animation/AnimationController.cpp: (WebCore::AnimationControllerPrivate::fireEventsAndUpdateStyle): Pass the pseudo element name when creating the Event objects. If the element is not a pseudo element then the name will be empty which is what the spec is telling to do. If the element is a pseudo element then the name will be the pseudo element's name with "::" as a prefix. 2013-01-29 Allan Sandfeld Jensen [Qt] Implement GCActivityCallback https://bugs.webkit.org/show_bug.cgi?id=103998 Reviewed by Simon Hausmann. Implements the activity triggered garbage collector, and disables the timer based fallback. * bindings/js/GCController.cpp: (WebCore::GCController::GCController): (WebCore::GCController::garbageCollectSoon): * bindings/js/GCController.h: (GCController): 2013-01-29 Andrey Lushnikov Web Inspector: fix bottom span in token highlight in DTE https://bugs.webkit.org/show_bug.cgi?id=108194 Reviewed by Pavel Feldman. Change css style for token highlight from "border" to "outline" to avoid border included in box dimensions. No new tests: no change in behaviour. * inspector/front-end/textEditor.css: (.text-editor-token-highlight): 2013-01-29 Andrey Lushnikov Web Inspector: introduce HighlightDescriptor interface in DTE. https://bugs.webkit.org/show_bug.cgi?id=108161 Reviewed by Pavel Feldman. Introduce new HighlightDescriptor interface and its RegexHighlightDescriptor implementation and use it in DTE to support overlay highlight. No new tests: no change in behaviour. * inspector/front-end/DefaultTextEditor.js: (WebInspector.DefaultTextEditor.prototype.highlightRegex): (WebInspector.DefaultTextEditor.prototype.removeRegexHighlight): (WebInspector.TextEditorMainPanel): (WebInspector.TextEditorMainPanel.prototype.highlightRegex): (WebInspector.TextEditorMainPanel.prototype.removeRegexHighlight): (WebInspector.TextEditorMainPanel.prototype._paintLines): (WebInspector.TextEditorMainPanel.prototype._measureHighlightDescriptor): (WebInspector.TextEditorMainPanel.HighlightDescriptor): Added. (WebInspector.TextEditorMainPanel.HighlightDescriptor.prototype.affectsLine): (WebInspector.TextEditorMainPanel.HighlightDescriptor.prototype.rangesForLine): (WebInspector.TextEditorMainPanel.HighlightDescriptor.prototype.cssClass): (WebInspector.TextEditorMainPanel.RegexHighlightDescriptor): Added. (WebInspector.TextEditorMainPanel.RegexHighlightDescriptor.prototype.affectsLine): (WebInspector.TextEditorMainPanel.RegexHighlightDescriptor.prototype.rangesForLine): (WebInspector.TextEditorMainPanel.RegexHighlightDescriptor.prototype.cssClass): (WebInspector.TextEditorMainPanel.TokenHighlighter.prototype._highlight): (WebInspector.TextEditorMainPanel.TokenHighlighter.prototype._removeHighlight): * inspector/front-end/TextEditor.js: (WebInspector.TextEditor.prototype.removeRegexHighlight): 2013-01-29 Grzegorz Czajkowski [EFL] Unified text checker implementation. https://bugs.webkit.org/show_bug.cgi?id=107682 Reviewed by Anders Carlsson. No new tests, covered by editing/spelling tests. * platform/text/TextChecking.h: (WebCore): Enabling unified text checker feature for WebKit-EFL. 2013-01-29 Vladislav Kaznacheev Web Inspector: Wrong indent in Styles sidebar pane https://bugs.webkit.org/show_bug.cgi?id=108186 Reviewed by Alexander Pavlov. Added an extra selector to prevent a conflict with a rule in elementsPanel.css. No new tests. * inspector/front-end/inspector.css: (.pane.expanded .section .properties, .event-bar .event-properties): 2013-01-29 Florin Malita [Chromium] Unreviewed gardening. Update bindings-tests results after http://trac.webkit.org/changeset/141034. * bindings/scripts/test/V8/V8Float64Array.cpp: (WebCore): (WebCore::checkTypeOrDieTrying): (WebCore::V8Float64Array::createWrapper): * bindings/scripts/test/V8/V8TestActiveDOMObject.cpp: (WebCore): (WebCore::checkTypeOrDieTrying): (WebCore::V8TestActiveDOMObject::createWrapper): * bindings/scripts/test/V8/V8TestCustomNamedGetter.cpp: (WebCore): (WebCore::checkTypeOrDieTrying): (WebCore::V8TestCustomNamedGetter::createWrapper): * bindings/scripts/test/V8/V8TestEventConstructor.cpp: (WebCore): (WebCore::checkTypeOrDieTrying): (WebCore::V8TestEventConstructor::createWrapper): * bindings/scripts/test/V8/V8TestEventTarget.cpp: (WebCore): (WebCore::checkTypeOrDieTrying): (WebCore::V8TestEventTarget::createWrapper): * bindings/scripts/test/V8/V8TestException.cpp: (WebCore): (WebCore::checkTypeOrDieTrying): (WebCore::V8TestException::createWrapper): * bindings/scripts/test/V8/V8TestInterface.cpp: (WebCore): (WebCore::checkTypeOrDieTrying): (WebCore::V8TestInterface::createWrapper): * bindings/scripts/test/V8/V8TestMediaQueryListListener.cpp: (WebCore): (WebCore::checkTypeOrDieTrying): (WebCore::V8TestMediaQueryListListener::createWrapper): * bindings/scripts/test/V8/V8TestNamedConstructor.cpp: (WebCore): (WebCore::checkTypeOrDieTrying): (WebCore::V8TestNamedConstructor::createWrapper): * bindings/scripts/test/V8/V8TestNode.cpp: (WebCore): (WebCore::checkTypeOrDieTrying): (WebCore::V8TestNode::createWrapper): * bindings/scripts/test/V8/V8TestObj.cpp: (WebCore): (WebCore::checkTypeOrDieTrying): (WebCore::V8TestObj::createWrapper): * bindings/scripts/test/V8/V8TestOverloadedConstructors.cpp: (WebCore): (WebCore::checkTypeOrDieTrying): (WebCore::V8TestOverloadedConstructors::createWrapper): * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp: (WebCore): (WebCore::checkTypeOrDieTrying): (WebCore::V8TestSerializedScriptValueInterface::createWrapper): 2013-01-29 Andrey Adaikin Web Inspector: [Canvas] support instrumenting canvases in iframes (backend side) https://bugs.webkit.org/show_bug.cgi?id=107951 Reviewed by Pavel Feldman. Accept optional FrameId argument for captureFrame and startCapturing commands. Add event to the protocol to inform about instrumented canvas context creation. * inspector/Inspector.json: * inspector/InspectorCanvasAgent.cpp: (WebCore::InspectorCanvasAgent::InspectorCanvasAgent): (WebCore::InspectorCanvasAgent::hasUninstrumentedCanvases): (WebCore::InspectorCanvasAgent::captureFrame): (WebCore::InspectorCanvasAgent::startCapturing): (WebCore::InspectorCanvasAgent::getTraceLog): (WebCore::InspectorCanvasAgent::replayTraceLog): (WebCore::InspectorCanvasAgent::getResourceInfo): (WebCore::InspectorCanvasAgent::getResourceState): (WebCore::InspectorCanvasAgent::wrapCanvas2DRenderingContextForInstrumentation): (WebCore::InspectorCanvasAgent::wrapWebGLRenderingContextForInstrumentation): (WebCore::InspectorCanvasAgent::notifyRenderingContextWasWrapped): (WebCore): (WebCore::InspectorCanvasAgent::findFramesWithUninstrumentedCanvases): (WebCore::InspectorCanvasAgent::frameNavigated): (WebCore::InspectorCanvasAgent::frameDetached): * inspector/InspectorCanvasAgent.h: (WebCore): (WebCore::InspectorCanvasAgent::create): (InspectorCanvasAgent): * inspector/InspectorController.cpp: (WebCore::InspectorController::InspectorController): * inspector/InspectorInstrumentation.cpp: (WebCore): (WebCore::InspectorInstrumentation::frameDetachedFromParentImpl): (WebCore::InspectorInstrumentation::didCommitLoadImpl): 2013-01-29 Eugene Klyuchnikov Web Inspector: [CPU Profile] Taking profile crashes renderer. https://bugs.webkit.org/show_bug.cgi?id=108072 Reviewed by Yury Semikhatsky. Test: inspector/profiler/cpu-profiler-agent-crash-on-start.html Fixed null-pointer access. * bindings/v8/ScriptProfiler.cpp: (WebCore::ScriptProfiler::start): Fixed null-pointer access. (WebCore::ScriptProfiler::stop): Ditto. 2013-01-29 Allan Sandfeld Jensen REGRESSION: ChildrenAffectedBy flags lost between siblings which have child elements sharing style https://bugs.webkit.org/show_bug.cgi?id=105672 Reviewed by Andreas Kling. Change in how childrenAffectedBy bits were stored made it easier to trigger an issue where childrenAffectedBy bits were not set due to sharing of styles between cousin elements. This patch fixes the issue by not sharing styles from children with parents who prevent sharing. Tests: fast/selectors/cousin-stylesharing-adjacent-selector.html fast/selectors/cousin-stylesharing-last-child-selector.html * css/StyleResolver.cpp: (WebCore::parentElementPreventsSharing): (WebCore::StyleResolver::locateCousinList): * dom/Element.cpp: (WebCore::Element::hasFlagsSetDuringStylingOfChildren): * dom/Element.h: (Element): 2013-01-29 Vsevolod Vlasov Web Inspector: [Regression] Search across all sources is broken. https://bugs.webkit.org/show_bug.cgi?id=108157 Reviewed by Pavel Feldman. Test: http/tests/inspector/search/scripts-search-scope.html * inspector/front-end/ScriptsSearchScope.js: (WebInspector.ScriptsSearchScope.prototype._sortedUISourceCodes): 2013-01-29 Mike West IDBFactory::webkitGetDatabaseNames should raise DOMExceptions. https://bugs.webkit.org/show_bug.cgi?id=108154 Reviewed by Jochen Eisinger. In order to properly support blocking third-party IndexedDB usage, open(), getDatabaseNames(), and deleteDatabase() should all throw SECURITY_ERR when used in a blocked third-party context. That's possible now for open() and deleteDatabase(), but getDatabaseNames() can't currently raise exceptions. This patch adjusts the IDL file and implementation. No exceptions are currently thrown, but that will change as soon as wkbug.com/94171 lands. * Modules/indexeddb/IDBFactory.cpp: (WebCore::IDBFactory::getDatabaseNames): * Modules/indexeddb/IDBFactory.h: (IDBFactory): * Modules/indexeddb/IDBFactory.idl: Add "raises (DOMException)" to getDatabaseNames, and adjust the implementation to match. * inspector/InspectorIndexedDBAgent.cpp: (WebCore::InspectorIndexedDBAgent::requestDatabaseNamesForFrame): Pass in an ExceptionCode when calling getDatabaseNames, and handle possible exceptions. 2013-01-29 Hayato Ito Revert an accidentally changed line of EventHander::handleMousePressEvent(PlatformMouseEvent&) in r135650. https://bugs.webkit.org/show_bug.cgi?id=108165 Reviewed by Hajime Morita. No new tests. * page/EventHandler.cpp: (WebCore::EventHandler::handleMousePressEvent): 2013-01-29 Kent Tamura FeatureObserver: Input types are counted unexpectedly in a page with Modernizr https://bugs.webkit.org/show_bug.cgi?id=108141 Reviewed by Kentaro Hara. We don't want to record input type instantiation by Modernizr. Modernizr creates input elements with these types, append it to document.body, and render it with visibility:hidden. So, we record input types only when they are attached without visibility:hidden. No new tests. FeatureObserver is not testable by layout test. * html/InputType.cpp: (WebCore::InputType::create): Remove FeatureObserver::observe callsites. They are moved to TextInputType::attach. (WebCore::InputType::observeFeatureIfVisible): Added. A helper for attach(). * html/InputType.h: (InputType): Add observeFeatureIfVisible. * html/ColorInputType.cpp: (WebCore::ColorInputType::create): Remove a FeatureObserver::observe callsite. (WebCore::ColorInputType::attach): Calls FetureObserver through InputType::observeFeatureIfVisible. * html/ColorInputType.h: (ColorInputType): Declare attach. * html/DateInputType.cpp: Ditto. * html/DateInputType.h: Ditto. * html/DateTimeInputType.cpp: Ditto. * html/DateTimeInputType.h: Ditto. * html/DateTimeLocalInputType.cpp: Ditto. * html/DateTimeLocalInputType.h: Ditto. * html/MonthInputType.cpp: Ditto. * html/MonthInputType.h: Ditto. * html/RangeInputType.cpp: Ditt * html/RangeInputType.h: Ditto. * html/TimeInputType.cpp: Ditto. * html/TimeInputType.h: Ditto. * html/WeekInputType.cpp: Ditto. * html/WeekInputType.h: Ditto. * html/TextFieldInputType.h: (TextFieldInputType): Make attach protected in order that sub classes can call it. * html/EmailInputType.cpp: (WebCore::EmailInputType::create): Remove a FeatureObserver::observe callsite. (WebCore::EmailInputType::attach): Calls FetureObserver through InputType::observeFeatureIfVisible after TextFieldInptuType::attach. * html/EmailInputType.h: (EmailInputType):Declare attach. * html/NumberInputType.cpp: Ditto. * html/NumberInputType.h: Ditto. * html/SearchInputType.cpp: Ditto. * html/SearchInputType.h: Ditto. * html/TelephoneInputType.cpp: Ditto. * html/TelephoneInputType.h: Ditto. * html/URLInputType.cpp: Ditto. * html/URLInputType.h: Ditto. * html/TextInputType.cpp: (WebCore::TextInputType::attach): Move the code for type fallback from InputType::create. * html/TextInputType.h: (TextInputType): Declare attach. 2013-01-29 Michael Brüning [Qt][WK1] Reflect recursion limit and loop checks also for list conversions. https://bugs.webkit.org/show_bug.cgi?id=107950 Reviewed by Allan Sandfeld Jensen. No new tests, bugfix, no behavioral change. Make conversions from Javascript values to QLists take the maximum recursion depth into consideration and check for objects that were already visited. Otherwise, the conversion may recurse until the stack is full and then cause a segmentation fault. * bridge/qt/qt_runtime.cpp: (JSC::Bindings::convertToList): (JSC::Bindings::convertValueToQVariant): 2013-01-29 Elliott Sprehn Clean up interface to ElementShadow https://bugs.webkit.org/show_bug.cgi?id=108158 Reviewed by Hajime Morita. Lots of general clean up to ElementShadow removing unused headers, adding a create() method that returns a PassOwnPtr, adding missing const, and moving short inline methods into the class definition so it's easier to understand what methods do what. No new tests, just refactoring. * dom/Element.cpp: (WebCore::Element::ensureShadow): * dom/ElementShadow.cpp: (WebCore::ElementShadow::childNeedsStyleRecalc): (WebCore::ElementShadow::needsStyleRecalc): * dom/ElementShadow.h: (WebCore::ElementShadow::create): (ElementShadow): (WebCore::ElementShadow::~ElementShadow): (WebCore::ElementShadow::youngestShadowRoot): (WebCore::ElementShadow::oldestShadowRoot): (WebCore::ElementShadow::distributor): (WebCore::ElementShadow::ElementShadow): (WebCore::ElementShadow::containingShadow): 2013-01-29 Elliott Sprehn Store ShadowRootType inside the bitfield https://bugs.webkit.org/show_bug.cgi?id=108147 Reviewed by Dimitri Glazkov. We can simplify the interface to ShadowRoot by storing the enum value of ShadowRootType inside the bitfield like we do in the rest of WebCore. No new tests, just refactoring. * dom/ShadowRoot.cpp: (WebCore::ShadowRoot::ShadowRoot): (WebCore::ShadowRoot::create): * dom/ShadowRoot.h: (WebCore::ShadowRoot::type): (ShadowRoot): 2013-01-29 Jochen Eisinger REGRESSION(r141070): Broke debug build https://bugs.webkit.org/show_bug.cgi?id=108159 Unreviewed build fix. * html/parser/HTMLDocumentParser.cpp: (WebCore::HTMLDocumentParser::pumpTokenizer): 2013-01-28 Adam Barth HTMLDocumentParser should hold the HTMLToken using an OwnPtr https://bugs.webkit.org/show_bug.cgi?id=107762 Reviewed by Eric Seidel. Using an OwnPtr will let us detach the HTMLToken from the HTMLDocumentParser and send it to the BackgroundHTMLParser for further processing. * html/parser/BackgroundHTMLParser.cpp: (WebCore::BackgroundHTMLParser::BackgroundHTMLParser): (WebCore::BackgroundHTMLParser::pumpTokenizer): * html/parser/BackgroundHTMLParser.h: (BackgroundHTMLParser): * html/parser/CompactHTMLToken.cpp: (WebCore::CompactHTMLToken::CompactHTMLToken): * html/parser/CompactHTMLToken.h: (CompactHTMLToken): * html/parser/HTMLDocumentParser.cpp: (WebCore::HTMLDocumentParser::HTMLDocumentParser): (WebCore::HTMLDocumentParser::pumpTokenizer): * html/parser/HTMLDocumentParser.h: (HTMLDocumentParser): 2013-01-28 Huang Dongsung [Texmap] Refactor code related to debug border and repaint count. https://bugs.webkit.org/show_bug.cgi?id=105787 Reviewed by Noam Rosenthal. It is a follow-up patch not to change layout test results. The previous patch sets GraphicsLayer::m_usingTiledLayer to true when using a backing store. When the variable is true, dumpLayer() adds (usingTiledLayer 1), but most of ports don't set m_usingTiledLayer to true. So we don't use m_usingTiledLayer to match the test results of other ports. After this patch, Texture Mapper draws debug visuals for a tiled backing with different color from safari. No new tests. Debug feature, not covered in tests. * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp: (WebCore::GraphicsLayerTextureMapper::updateDebugBorderAndRepaintCountIfNeeded): 2013-01-28 Elliott Sprehn Handle createShadowSubtree inside of ensureUserAgentShadowRoot https://bugs.webkit.org/show_bug.cgi?id=108116 Reviewed by Dimitri Glazkov. Instead of making everyone create the UserAgentShadowRoot manually all over, centralize it in ensureUserAgentShadowRoot() and add a notification Element::didAddUserAgentShadowRoot that lets elements fill in the subtree. This lets us get rid of lots of code duplication. No new tests, just refactoring. * dom/Element.cpp: (WebCore::Element::ensureUserAgentShadowRoot): * dom/Element.h: (WebCore::Element::didAddUserAgentShadowRoot): (Element): * html/HTMLDetailsElement.cpp: (WebCore::DetailsSummaryElement::create): (WebCore::HTMLDetailsElement::create): (WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot): * html/HTMLDetailsElement.h: (HTMLDetailsElement): * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::create): (WebCore::HTMLInputElement::didAddUserAgentShadowRoot): * html/HTMLInputElement.h: (HTMLInputElement): * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::willAddAuthorShadowRoot): (WebCore::HTMLMediaElement::createMediaControls): * html/HTMLMediaElement.h: * html/HTMLMeterElement.cpp: (WebCore::HTMLMeterElement::create): (WebCore::HTMLMeterElement::didAddUserAgentShadowRoot): * html/HTMLMeterElement.h: (HTMLMeterElement): * html/HTMLProgressElement.cpp: (WebCore::HTMLProgressElement::create): (WebCore::HTMLProgressElement::didAddUserAgentShadowRoot): * html/HTMLProgressElement.h: * html/HTMLSummaryElement.cpp: (WebCore::HTMLSummaryElement::create): (WebCore::HTMLSummaryElement::didAddUserAgentShadowRoot): * html/HTMLSummaryElement.h: (HTMLSummaryElement): * html/HTMLTextAreaElement.cpp: (WebCore::HTMLTextAreaElement::create): (WebCore::HTMLTextAreaElement::didAddUserAgentShadowRoot): * html/HTMLTextAreaElement.h: * html/shadow/MediaControlElements.cpp: (WebCore::MediaControlPanelMuteButtonElement::create): (WebCore::MediaControlVolumeSliderMuteButtonElement::create): (WebCore::MediaControlPlayButtonElement::create): (WebCore::MediaControlOverlayPlayButtonElement::create): (WebCore::MediaControlSeekForwardButtonElement::create): (WebCore::MediaControlSeekBackButtonElement::create): (WebCore::MediaControlRewindButtonElement::create): (WebCore::MediaControlReturnToRealtimeButtonElement::create): (WebCore::MediaControlToggleClosedCaptionsButtonElement::create): (WebCore::MediaControlTimelineElement::create): (WebCore::MediaControlPanelVolumeSliderElement::create): (WebCore::MediaControlFullscreenVolumeSliderElement::create): (WebCore::MediaControlFullscreenButtonElement::create): (WebCore::MediaControlFullscreenVolumeMinButtonElement::create): (WebCore::MediaControlFullscreenVolumeMaxButtonElement::create): * html/shadow/MediaControlsBlackBerry.cpp: (WebCore::MediaControlFullscreenPlayButtonElement::create): (WebCore::MediaControlFullscreenFullscreenButtonElement::create): (WebCore::MediaControlFullscreenTimelineElement::create): (WebCore::MediaControlAudioMuteButtonElement::create): * svg/SVGTRefElement.cpp: (WebCore::SVGTRefElement::create): * svg/SVGTRefElement.h: (SVGTRefElement): * svg/SVGUseElement.cpp: (WebCore::SVGUseElement::create): * svg/SVGUseElement.h: (SVGUseElement): 2013-01-28 Vineet Chaudhary HTMLOutputElement::htmlFor should be readonly https://bugs.webkit.org/show_bug.cgi?id=101898 Reviewed by Kentaro Hara. The spec says htmlFor should be readonly, but WebKit implements it as no-readonly. Spec: http://dev.w3.org/html5/spec-preview/the-output-element.html No new tests. Modified existing test fast/dom/HTMLOutputElement/dom-settable-token-list.html to work as expected. * GNUmakefile.list.am: Removed JSHTMLOutputElementCustom.cpp * Target.pri: Ditto * UseJSC.cmake: Ditto * UseV8.cmake: Removed V8HTMLOutputElementCustom.cpp * WebCore.gypi: Removed V8HTMLOutputElementCustom.cpp * WebCore.vcproj/WebCore.vcproj: Removed JSHTMLOutputElementCustom.cpp * WebCore.vcxproj/WebCore.vcxproj: Ditto * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto * WebCore.xcodeproj/project.pbxproj: Ditto * bindings/js/JSBindingsAllInOne.cpp: Ditto * bindings/js/JSHTMLOutputElementCustom.cpp: Removed. * bindings/v8/custom/V8HTMLOutputElementCustom.cpp: Removed. * html/HTMLOutputElement.idl: Made htmlFor attribute readonly. 2013-01-28 Tien-Ren Chen Fix disambiguation popup for new-style page scale https://bugs.webkit.org/show_bug.cgi?id=107391 Reviewed by Adam Barth. This patch corrects various coordinate conversion for disambiguation popup for the new-style page scale mode. New unit test: WebFrameTest.DisambiguationPopupPageScale * page/TouchDisambiguation.cpp: (WebCore::findGoodTouchTargets): * page/TouchDisambiguation.h: (WebCore): 2013-01-28 Sheriff Bot Unreviewed, rolling out r141049. http://trac.webkit.org/changeset/141049 https://bugs.webkit.org/show_bug.cgi?id=108151 Caused some indexed tests to crash. (Requested by keishi on #webkit). * Modules/indexeddb/IDBCallbacks.h: (WebCore::IDBCallbacks::onUpgradeNeeded): (WebCore::IDBCallbacks::onSuccess): * Modules/indexeddb/IDBDatabaseBackendImpl.cpp: (WebCore::IDBDatabaseBackendImpl::VersionChangeOperation::perform): (WebCore::IDBDatabaseBackendImpl::processPendingCalls): (WebCore::IDBDatabaseBackendImpl::openConnection): * Modules/indexeddb/IDBOpenDBRequest.cpp: (WebCore::IDBOpenDBRequest::onUpgradeNeeded): (WebCore::IDBOpenDBRequest::onSuccess): * Modules/indexeddb/IDBOpenDBRequest.h: (IDBOpenDBRequest): 2013-01-28 Adam Barth Layout Test http/tests/workers/terminate-during-sync-operation.html is flaky https://bugs.webkit.org/show_bug.cgi?id=79013 Reviewed by David Levin. We need to use an isolated copy because we're going to use it on a different thread. * Modules/webdatabase/AbstractDatabase.cpp: (WebCore::AbstractDatabase::AbstractDatabase): 2013-01-28 Shinya Kawanaka [Shadow] Gesture event is not fired in ShadowDOM https://bugs.webkit.org/show_bug.cgi?id=107797 Reviewed by Dimitri Glazkov. Gesture event (e.g. touchstart) is not fired in ShadowDOM. We have to run event retargetting algorithm to retarget touchTarget, however it is not implemented yet (Bug 107800). Until it's implemented, we use the shadow ancestor node of touchTarget in Document treescope as touchTarget for backward compatibility. If a touch event is fired in nested ShadowDOM, touchTarget will be always element in document tree, so an event listener in ShadowDOM will get a wrong touchTarget. However we prioritized the correctness of document tree. Test: fast/dom/shadow/touch-event.html * page/EventHandler.cpp: (WebCore::EventHandler::handleTouchEvent): Allows us to take elements in ShadowDOM. 2013-01-28 Alexandre Elias Make page scale shrink FrameView in applyPageScaleInCompositor mode https://bugs.webkit.org/show_bug.cgi?id=107424 Reviewed by Levi Weintraub. If applyPageScaleFactorInCompositor is enabled (Chromium-only setting), instead of the entire document expanding as the user pinch zooms, the viewport shrinks instead. This patch applies the pageScaleFactor to visibleContentRect to get this behavior, and simplifies Chromium's resize logic to stop hiding the true viewport size from WebCore. I verified that the scaling makes sense for all the callers of visibleContentRect. The exceptions are clip-layer size, layout size in non-fixed-layout mode, and text autosizing, which need the original unscaled size. Therefore I added a new method unscaledVisibleContentSize() to ScrollView/FrameView. This patch also modifies Page::setPageScaleFactor to perform no invalidates or layout when applyPageScaleFactorInCompositor is true, and also writes pageScaleFactor into HistoryItems instead of using frameScaleFactor. Since all behavior changes are tied to applyPageScaleFactorInCompositor, this patch should be a no-op for non-Chromium ports. New unit tests in WebFrameTest.cpp. * loader/HistoryController.cpp: (WebCore::HistoryController::saveScrollPositionAndViewStateToItem): Use pageScaleFactor here because frameScaleFactor always returns 1 with our setting. * page/FrameView.cpp: (WebCore::FrameView::visibleContentScaleFactor): (WebCore): * page/FrameView.h: (FrameView): * page/Page.cpp: (WebCore::Page::setPageScaleFactor): Make setPageScaleFactor stop invalidating/layouting as this is handled by our compositor. * platform/ScrollView.cpp: (WebCore::ScrollView::unscaledVisibleContentSize): This new method just returns the original visible rect without pageScaleFactor being applied. (WebCore): (WebCore::ScrollView::visibleContentRect): This now is divided by pageScaleFactor if our setting is active. (WebCore::ScrollView::layoutSize): * platform/ScrollView.h: (WebCore::ScrollView::visibleContentScaleFactor): Returns pageScaleFactor if the visible rect is scaled, 1 normally. (ScrollView): (WebCore::ScrollView::layoutWidth): (WebCore::ScrollView::layoutHeight): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::frameViewDidChangeSize): (WebCore::RenderLayerCompositor::updateRootLayerPosition): Clip layer should use unscaled size, because it's above the root scroll layer on the layer tree (i.e. page scale isn't applied on it). * rendering/TextAutosizer.cpp: (WebCore::TextAutosizer::processSubtree): Text autosizer should use unscaled size, because it cares about physical screen size. 2013-01-28 Geoffrey Garen Static size inference for JavaScript objects https://bugs.webkit.org/show_bug.cgi?id=108093 Reviewed by Phil Pizlo. * ForwardingHeaders/runtime/ObjectConstructor.h: Added. * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSSQLResultSetRowListCustom.cpp: Include ObjectConstructor.h because that's where createEmptyObject() is located now. * bindings/js/SerializedScriptValue.cpp: (WebCore::CloneDeserializer::deserialize): Updated for interface change. 2013-01-28 Alec Flett IndexedDB: Pass metadata in to IDBOpenDBRequest.onUpgradeNeeded/onSuccess https://bugs.webkit.org/show_bug.cgi?id=103920 Reviewed by Dimitri Glazkov. Update IDBCallbacks::onSuccess and IDBCallbacks::onUpgradeNeeded to pass through a metadata parameter. While there, remove the unused IDBTransactionBackendInterface parameter to onUpgradeNeeded. As this is another step in the IDB refactor, I've simplified future cleanup work by making the WebKit API code still use the old API. This will make it possible to outright remove code on the chromium side rather than another three-step checkin. No new tests, as this is more refactoring. * Modules/indexeddb/IDBCallbacks.h: (WebCore::IDBCallbacks::onUpgradeNeeded): new method signature. (WebCore::IDBCallbacks::onSuccess): new method signature. * Modules/indexeddb/IDBDatabaseBackendImpl.cpp: (WebCore::IDBDatabaseBackendImpl::VersionChangeOperation::perform): (WebCore::IDBDatabaseBackendImpl::processPendingCalls): (WebCore::IDBDatabaseBackendImpl::openConnection): * Modules/indexeddb/IDBOpenDBRequest.cpp: (WebCore::IDBOpenDBRequest::onUpgradeNeeded): use passed-in metadata. (WebCore::IDBOpenDBRequest::onSuccess): use passed-in metadata. * Modules/indexeddb/IDBOpenDBRequest.h: (IDBOpenDBRequest): 2013-01-28 Simon Fraser position:fixed that doesn't render any content should not force compositing https://bugs.webkit.org/show_bug.cgi?id=108112 Reviewed by Beth Dakin. It's not uncommon for pages to have position:fixed elements with no content. When these are behind other elements, they can cause those other elements to become composited, using lots of backing store memory. Optimize for the case where the position:fixed element has no rendered content and no children by not making it composited in that case. Test: compositing/layer-creation/fixed-position-no-content.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::hasNonEmptyChildRenderers): Moved from RenderLayerBacking.cpp. (WebCore::hasBoxDecorations): Ditto. (WebCore::RenderLayer::hasBoxDecorationsOrBackground): Ditto. (WebCore::RenderLayer::hasVisibleBoxDecorations): Check for visibility:visible, box decorations and overflow controls. (WebCore::RenderLayer::isVisuallyNonEmpty): Returns true if this layer has some visible representation. * rendering/RenderLayer.h: * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateGraphicsLayerConfiguration): Need to call updateDescendantDependentFlags() to ensure that the visibility flags are up to date. (WebCore::RenderLayerBacking::updateDrawsContent): Call RenderLayer::hasBoxDecorationsOrBackground() now. (WebCore::RenderLayerBacking::paintsBoxDecorations): Call RenderLayer::hasVisibleBoxDecorations() now. (WebCore::RenderLayerBacking::paintsChildren): Call RenderLayer::hasNonEmptyChildRenderers(). (WebCore::RenderLayerBacking::isSimpleContainerCompositingLayer): Whitespace. (WebCore::RenderLayerBacking::containsPaintedContent): Call RenderLayer::hasBoxDecorationsOrBackground(). (WebCore::RenderLayerBacking::isDirectlyCompositedImage): Ditto. * rendering/RenderLayerBacking.h: (RenderLayerBacking): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::requiresCompositingForPosition): If the layer has no content to paint, or visible descendant layers, then don't make it composited. 2013-01-28 Simon Fraser Avoid doing work at 60fps for tiled layers when not necessary https://bugs.webkit.org/show_bug.cgi?id=108135 Reviewed by Dean Jackson. When there were any tiled layers on the page, we would run a CVDisplayLink to cause GraphicsLayerCA to flush, in order to update tiled layer visible rects. This is overkill; we should only do this if the tiled layer is affected by an accelerated animation. Fix by tracking whether an ancestor has a running animation when committing GraphicsLayerCAs. * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::flushCompositingState): Start with an empty CommitState. (WebCore::GraphicsLayerCA::recursiveCommitChanges): Push CommitState for each layer, which tracks whether an ancestor has a running transform animation. (WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers): updateLayerAnimations() renamed. (WebCore::GraphicsLayerCA::updateAnimations): Renamed from updateLayerAnimations(). (WebCore::GraphicsLayerCA::isRunningTransformAnimation): Look in the map of running animations for one affecting transform. This list is normally small (one item). * platform/graphics/ca/GraphicsLayerCA.h: (WebCore::GraphicsLayerCA::CommitState::CommitState): 2013-01-28 Simon Fraser compositing/reflections/become-simple-composited-reflection.html pixel result shows bug https://bugs.webkit.org/show_bug.cgi?id=107174 Reviewed by Dean Jackson. When we have a content layer for solid color, we need to update reflection clones when that color changes. Tested by the pixel test for compositing/reflections/become-simple-composited-reflection.html. * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::updateContentsColorLayer): 2013-01-28 Tom Sepez [v8] Security feature: JavaScript Bindings hardening https://bugs.webkit.org/show_bug.cgi?id=106608 The patch adds a check at wrapper creation time to enuse that the object being wrapped is not already free, to the extent that we know the information about the type of the object as provided in the IDL. Reviewed by Adam Barth. Patch is correct if existing tests pass without new crashes. * bindings/scripts/CodeGeneratorV8.pm: (GenerateImplementation): (GenerateToV8Converters): (GetNativeTypeForConversions): (GetGnuVTableRefForInterface): (GetGnuVTableNameForInterface): (GetGnuMangledNameForInterface): (GetGnuVTableOffsetForType): (GetWinVTableRefForInterface): (GetWinVTableNameForInterface): (GetWinMangledNameForInterface): (GetNamespaceForInterface): (GetImplementationLacksVTableForInterface): (GetV8SkipVTableValidationForInterface): Update code generation to add object validity tests under the control of the ENABLE_BINDING_INTEGRITY option. * Modules/filesystem/DirectoryReader.idl: * Modules/filesystem/DirectoryReaderSync.idl: * Modules/filesystem/EntryArray.idl: * Modules/filesystem/EntryArraySync.idl: * Modules/filesystem/Metadata.idl: * Modules/gamepad/Gamepad.idl: * Modules/gamepad/GamepadList.idl: * Modules/geolocation/Geoposition.idl: * Modules/geolocation/PositionError.idl: * Modules/indexeddb/IDBFactory.idl: * Modules/indexeddb/IDBIndex.idl: * Modules/indexeddb/IDBKeyRange.idl: * Modules/indexeddb/IDBObjectStore.idl: * Modules/mediastream/RTCStatsElement.idl: * Modules/mediastream/RTCStatsReport.idl: * Modules/quota/StorageInfo.idl: * Modules/speech/SpeechGrammar.idl: * Modules/speech/SpeechGrammarList.idl: * Modules/speech/SpeechRecognitionAlternative.idl: * Modules/speech/SpeechRecognitionResult.idl: * Modules/speech/SpeechRecognitionResultList.idl: * Modules/webaudio/AudioBuffer.idl: * Modules/webaudio/AudioDestinationNode.idl: * Modules/webaudio/AudioListener.idl: * Modules/webaudio/AudioSourceNode.idl: * Modules/webaudio/WaveTable.idl: * Modules/webdatabase/SQLError.idl: * Modules/webdatabase/SQLException.idl: * Modules/webdatabase/SQLResultSet.idl: * Modules/webdatabase/SQLResultSetRowList.idl: * Modules/webdatabase/SQLTransaction.idl: * Modules/webdatabase/SQLTransactionSync.idl: * bindings/scripts/IDLAttributes.txt: * css/CSSPrimitiveValue.idl: * css/CSSRule.idl: * css/CSSRuleList.idl: * css/CSSStyleDeclaration.idl: * css/CSSValue.idl: * css/CSSValueList.idl: * css/Counter.idl: * css/MediaList.idl: * css/MediaQueryList.idl: * css/RGBColor.idl: * css/Rect.idl: * css/StyleSheetList.idl: * css/WebKitCSSFilterValue.idl: * css/WebKitCSSMixFunctionValue.idl: * css/WebKitCSSTransformValue.idl: * dom/ClientRect.idl: * dom/ClientRectList.idl: * dom/Clipboard.idl: * dom/DOMCoreException.idl: * dom/DOMError.idl: * dom/DOMImplementation.idl: * dom/DOMNamedFlowCollection.idl: * dom/DOMStringList.idl: * dom/DOMStringMap.idl: * dom/DataTransferItem.idl: * dom/DataTransferItemList.idl: * dom/DocumentFragment.idl: * dom/Element.idl: * dom/Entity.idl: * dom/Event.idl: * dom/EventException.idl: * dom/MessageChannel.idl: * dom/MouseEvent.idl: * dom/MutationObserver.idl: * dom/MutationRecord.idl: * dom/NamedNodeMap.idl: * dom/NodeFilter.idl: * dom/NodeIterator.idl: * dom/NodeList.idl: * dom/Range.idl: * dom/RangeException.idl: * dom/Touch.idl: * dom/TouchList.idl: * dom/TreeWalker.idl: * fileapi/FileError.idl: * fileapi/FileException.idl: * fileapi/FileList.idl: * html/DOMFormData.idl: * html/DOMTokenList.idl: * html/DOMURL.idl: * html/HTMLAllCollection.idl: * html/HTMLCollection.idl: * html/HTMLDialogElement.idl: * html/HTMLDivElement.idl: * html/HTMLDocument.idl: * html/HTMLElement.idl: * html/HTMLImageElement.idl: * html/HTMLInputElement.idl: * html/HTMLSelectElement.idl: * html/HTMLSpanElement.idl: * html/HTMLUnknownElement.idl: * html/ImageData.idl: * html/MediaError.idl: * html/MediaKeyError.idl: * html/TimeRanges.idl: * html/ValidityState.idl: * html/canvas/ArrayBuffer.idl: * html/canvas/ArrayBufferView.idl: * html/canvas/CanvasGradient.idl: * html/canvas/CanvasPattern.idl: * html/canvas/Float32Array.idl: * html/canvas/Float64Array.idl: * html/canvas/Int16Array.idl: * html/canvas/Int32Array.idl: * html/canvas/Int8Array.idl: * html/canvas/Uint16Array.idl: * html/canvas/Uint32Array.idl: * html/canvas/Uint8Array.idl: * html/canvas/Uint8ClampedArray.idl: * html/canvas/WebGLActiveInfo.idl: * html/canvas/WebGLShaderPrecisionFormat.idl: * html/track/TextTrack.idl: * html/track/TextTrackCue.idl: * html/track/TextTrackCueList.idl: * inspector/InjectedScriptHost.idl: * inspector/InspectorFrontendHost.idl: * inspector/JavaScriptCallFrame.idl: * page/Coordinates.idl: * page/Crypto.idl: * page/MemoryInfo.idl: * page/PagePopupController.idl: * page/PerformanceEntryList.idl: * page/SpeechInputResult.idl: * page/SpeechInputResultList.idl: * page/WebKitPoint.idl: * svg/SVGAnimatedAngle.idl: * svg/SVGAnimatedBoolean.idl: * svg/SVGAnimatedEnumeration.idl: * svg/SVGAnimatedInteger.idl: * svg/SVGAnimatedLength.idl: * svg/SVGAnimatedLengthList.idl: * svg/SVGAnimatedNumber.idl: * svg/SVGAnimatedNumberList.idl: * svg/SVGAnimatedPreserveAspectRatio.idl: * svg/SVGAnimatedRect.idl: * svg/SVGAnimatedString.idl: * svg/SVGAnimatedTransformList.idl: * svg/SVGColor.idl: * svg/SVGException.idl: * svg/SVGPaint.idl: * svg/SVGPathSeg.idl: * svg/SVGRenderingIntent.idl: * svg/SVGUnitTypes.idl: * svg/SVGZoomAndPan.idl: * testing/MallocStatistics.idl: * testing/TypeConversions.idl: * workers/WorkerLocation.idl: * xml/DOMParser.idl: * xml/XMLHttpRequestException.idl: * xml/XMLSerializer.idl: * xml/XPathEvaluator.idl: * xml/XPathException.idl: * xml/XPathExpression.idl: * xml/XPathNSResolver.idl: * xml/XPathResult.idl: * xml/XSLTProcessor.idl: Add exceptions to binding integrity checks to IDL. 2013-01-28 Benjamin Poulain String constructed from Literals should be non-empty https://bugs.webkit.org/show_bug.cgi?id=108103 Reviewed by Eric Carlson. Strings from literal should not be constructed from empty strings. Use emptyString() instead. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::canPlayType): 2013-01-27 Kentaro Hara Implement CompositionEvent constructor https://bugs.webkit.org/show_bug.cgi?id=107919 Reviewed by Sam Weinig. This patch implements a CompositionEvent constructor under a DOM4_EVENTS_CONSTRUCTOR flag. Spec: https://dvcs.w3.org/hg/d4e/raw-file/tip/source_respec.htm Test: fast/events/constructors/composition-event-constructor.html * dom/CompositionEvent.cpp: (WebCore::CompositionEventInit::CompositionEventInit): (WebCore): (WebCore::CompositionEvent::CompositionEvent): * dom/CompositionEvent.h: (CompositionEventInit): (WebCore): (CompositionEvent): (WebCore::CompositionEvent::create): (WebCore::CompositionEvent::data): * dom/CompositionEvent.idl: 2013-01-28 Pratik Solanki PLATFORM(IOS) should come before __MAC_OS_X_VERSION_MIN_REQUIRED https://bugs.webkit.org/show_bug.cgi?id=108101 Reviewed by Benjamin Poulain. Since iOS does not define __MAC_OS_X_VERSION_MIN_REQUIRED, any usage of __MAC_OS_X_VERSION_MIN_REQUIRED should be after a PLATFORM(IOS) check. * platform/mac/WebCoreSystemInterface.h: * platform/mac/WebCoreSystemInterface.mm: 2013-01-28 Kalev Lember [GTK] Pass ICU cppflags to libWebCoreSVG.la build https://bugs.webkit.org/show_bug.cgi?id=108032 Reviewed by Martin Robinson. Fixes a linking error with new libicu 50 on Fedora rawhide. * GNUmakefile.am: 2013-01-28 Min Qin adding support for DiscardablePixelRef for caching lazily decoded images https://bugs.webkit.org/show_bug.cgi?id=106842 Reviewed by Stephen White. This change allows using discardable memory in the deferred image decoding path. Fully decoded images are unpinned and stored in ImageDecodingStore. Partially decoded images are pinned and stored in ImageDecodingStore. Discardable memory allocation could fail. Fall back to heap allocation in that case. There is a separate size limit for heap entries and no limit on discardable entries. New tests are added to ImageDecodingStoreTests * WebCore.gypi: * platform/graphics/chromium/DiscardablePixelRef.cpp: Added. Added implementation of the DiscardablePixelRef object that is backed by discardable memory. Memory allocated to the DiscardablePixelRef can be purged when it is unlocked. (WebCore::DiscardablePixelRefAllocator::allocPixelRef): (WebCore): (WebCore::DiscardablePixelRef::DiscardablePixelRef): (WebCore::DiscardablePixelRef::~DiscardablePixelRef): (WebCore::DiscardablePixelRef::allocAndLockDiscardableMemory): (WebCore::DiscardablePixelRef::onLockPixels): (WebCore::DiscardablePixelRef::onUnlockPixels): (WebCore::DiscardablePixelRef::isDiscardable): * platform/graphics/chromium/DiscardablePixelRef.h: Added. Added class definition of the DiscardablePixelRef. (WebCore): (DiscardablePixelRefAllocator): (DiscardablePixelRef): * platform/graphics/chromium/ImageDecodingStore.cpp: Added new cache replacement strategy for DiscardablePixelRef. (WebCore::ImageDecodingStore::lockCache): (WebCore::ImageDecodingStore::overwriteAndLockCache): (WebCore::ImageDecodingStore::prune): (WebCore::ImageDecodingStore::insertCacheInternal): (WebCore::ImageDecodingStore::removeFromCacheInternal): * platform/graphics/chromium/ImageDecodingStore.h: Added isDiscardable() calls to check if a cache entry is discardable. (WebCore::ImageDecodingStore::CacheEntry::CacheEntry): (WebCore::ImageDecodingStore::CacheEntry::overwriteCachedImage): (WebCore::ImageDecodingStore::CacheEntry::isDiscardable): (CacheEntry): * platform/graphics/chromium/ImageFrameGenerator.cpp: Added some code to pass DiscardableMemoryAllocator to the image decoder. (WebCore::ImageFrameGenerator::tryToScale): (WebCore::ImageFrameGenerator::decode): * platform/graphics/chromium/ImageFrameGenerator.h: Added a new member variable of type DiscardableMemoryAllocator. (ImageFrameGenerator): * platform/image-decoders/ImageDecoder.h: Added methods to pass Allocator to ImageFrame. (ImageFrame): (WebCore::ImageFrame::setMemoryAllocator): (WebCore::ImageFrame::allocator): (ImageDecoder): (WebCore::ImageDecoder::setMemoryAllocator): * platform/image-decoders/skia/ImageDecoderSkia.cpp: Added code to allocate pixel memory using the allocator passed from the caller. (WebCore::ImageFrame::ImageFrame): (WebCore::ImageFrame::operator=): (WebCore::ImageFrame::setSize): 2013-01-28 Sheriff Bot Unreviewed, rolling out r140869. http://trac.webkit.org/changeset/140869 https://bugs.webkit.org/show_bug.cgi?id=108120 "Crashes on http://en.wikipedia.org/wiki/Wikipedia" (Requested by tonyg-cr on #webkit). * page/FrameView.cpp: (WebCore::FrameView::visibleContentsResized): * platform/ScrollView.cpp: (WebCore::ScrollView::setFixedLayoutSize): (WebCore::ScrollView::setUseFixedLayout): 2013-01-28 Sheriff Bot Unreviewed, rolling out r140934, r140935, and r140937. http://trac.webkit.org/changeset/140934 http://trac.webkit.org/changeset/140935 http://trac.webkit.org/changeset/140937 https://bugs.webkit.org/show_bug.cgi?id=108117 Re-land some speculative rollouts - see wkbug.com/108048 for context (Requested by jsbell on #webkit). * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * Modules/indexeddb/IDBCallbacks.h: (IDBCallbacks): * Modules/indexeddb/IDBCursorBackendImpl.cpp: (WebCore::IDBCursorBackendImpl::IDBCursorBackendImpl): * Modules/indexeddb/IDBCursorBackendImpl.h: (WebCore::IDBCursorBackendImpl::create): (IDBCursorBackendImpl): * Modules/indexeddb/IDBDatabase.cpp: (WebCore::IDBDatabase::onVersionChange): * Modules/indexeddb/IDBDatabase.h: * Modules/indexeddb/IDBDatabaseBackendImpl.cpp: (WebCore::IDBDatabaseBackendImpl::setIndexesReady): (WebCore::OpenCursorOperation::perform): (WebCore::IDBDatabaseBackendImpl::deleteDatabase): * Modules/indexeddb/IDBFactory.cpp: (WebCore::IDBFactory::openInternal): (WebCore::IDBFactory::deleteDatabase): * Modules/indexeddb/IDBFactory.h: (WebCore): (IDBFactory): * Modules/indexeddb/IDBFactory.idl: * Modules/indexeddb/IDBObjectStore.cpp: (WebCore::IDBObjectStore::createIndex): (WebCore::IDBObjectStore::openCursor): * Modules/indexeddb/IDBObjectStore.h: (WebCore::IDBObjectStore::openCursor): (IDBObjectStore): * Modules/indexeddb/IDBOpenDBRequest.cpp: (WebCore::IDBOpenDBRequest::create): (WebCore::IDBOpenDBRequest::IDBOpenDBRequest): (WebCore::IDBOpenDBRequest::onBlocked): (WebCore::IDBOpenDBRequest::onUpgradeNeeded): (WebCore::IDBOpenDBRequest::dispatchEvent): * Modules/indexeddb/IDBOpenDBRequest.h: (IDBOpenDBRequest): * Modules/indexeddb/IDBRequest.cpp: (WebCore::IDBRequest::create): (WebCore::IDBRequest::IDBRequest): * Modules/indexeddb/IDBRequest.h: (IDBRequest): (WebCore::IDBRequest::taskType): * Modules/indexeddb/IDBTransactionBackendImpl.cpp: (WebCore::IDBTransactionBackendImpl::scheduleTask): * Modules/indexeddb/IDBTransactionBackendImpl.h: (WebCore::IDBTransactionBackendImpl::scheduleTask): (IDBTransactionBackendImpl): * Modules/indexeddb/IDBTransactionBackendInterface.h: * Modules/indexeddb/IDBUpgradeNeededEvent.cpp: Removed. * Modules/indexeddb/IDBUpgradeNeededEvent.h: Removed. * Modules/indexeddb/IDBUpgradeNeededEvent.idl: Removed. * Modules/indexeddb/IDBVersionChangeEvent.cpp: (WebCore::IDBVersionChangeEvent::create): (WebCore::IDBVersionChangeEvent::IDBVersionChangeEvent): * Modules/indexeddb/IDBVersionChangeEvent.h: (IDBVersionChangeEvent): (WebCore::IDBVersionChangeEvent::oldVersion): (WebCore::IDBVersionChangeEvent::newVersion): * Modules/indexeddb/IDBVersionChangeEvent.idl: * Modules/indexeddb/IDBVersionChangeRequest.cpp: Removed. * Modules/indexeddb/IDBVersionChangeRequest.h: Removed. * Modules/indexeddb/IDBVersionChangeRequest.idl: Removed. * WebCore.gypi: * WebCore.xcodeproj/project.pbxproj: * dom/EventNames.in: * dom/EventTarget.h: (WebCore): * dom/EventTargetFactory.in: 2013-01-28 Joseph Pecoraro Unreviewed Mac build fix. Add an export for a function that may be accessed outside of WebCore (RenderLayer::needsCompositedScrolling). * WebCore.exp.in: 2013-01-28 Julien Chaffraix Crash inside RenderBlock::layoutRunsAndFloatsInRange in the widow code https://bugs.webkit.org/show_bug.cgi?id=108084 Reviewed by Dean Jackson. This is a blind fix based on the code and Chromium's stack-traces. Unfortunately no new test as I couldn't get a local reproduction. * rendering/RenderBlockLineLayout.cpp: (WebCore::RenderBlock::layoutRunsAndFloatsInRange): Added a missing NULL-check: the previous 'while' finish if |lineBox| is NULL and we don't want to crash in this case. 2013-01-28 Tony Chang "clang: warning: not using the clang compiler for C++ inputs" due to hard-coding of /usr/bin/clang in WebCore.gyp https://bugs.webkit.org/show_bug.cgi?id=108089 Reviewed by Ojan Vafai. Use gcc since older versions of clang (with Xcode 3.2) warn that they are going to use gcc anyway. These warnings are showing up on the main Chromium waterfall too: http://build.chromium.org/p/chromium/builders/Mac/builds/19113/steps/compile/logs/stdio No new tests, this is a build change. * WebCore.gyp/WebCore.gyp: 2013-01-28 Elliott Sprehn Move hasAuthorShadowRoot to Element https://bugs.webkit.org/show_bug.cgi?id=108071 Reviewed by Dimitri Glazkov. Move hasAuthorShadowRoot to Element and get rid of unneccesary booleans in HTMLProgressElement and HTMLMeterElement. Also get rid of ShadowRoot::isAccessible since it obfuscates what's actually happening inside of Element::shadowRoot(). No new tests, just refactoring. * dom/Element.cpp: (WebCore::Element::shadowRoot): (WebCore::Element::hasAuthorShadowRoot): * dom/Element.h: (Element): * dom/ShadowRoot.h: * html/HTMLMeterElement.cpp: (WebCore::HTMLMeterElement::HTMLMeterElement): * html/HTMLMeterElement.h: (HTMLMeterElement): * html/HTMLProgressElement.cpp: (WebCore::HTMLProgressElement::HTMLProgressElement): * html/HTMLProgressElement.h: (HTMLProgressElement): 2013-01-28 Elliott Sprehn Move ensureUserAgentShadowRoot to Element https://bugs.webkit.org/show_bug.cgi?id=108070 Reviewed by Dimitri Glazkov. Move ensureUserAgentShadowRoot to Element where the other methods related to shadow roots are and get rid of the unnecessarily specific cast to HTMLElement. No new tests, just refactoring. * dom/Element.cpp: (WebCore::Element::ensureUserAgentShadowRoot): Moved from FormAssociatedElement. * dom/Element.h: (Element): * html/FormAssociatedElement.cpp: * html/FormAssociatedElement.h: (FormAssociatedElement): 2013-01-28 Ian Vollick Promote composited-scrolling layers to stacking containers. https://bugs.webkit.org/show_bug.cgi?id=106142 Reviewed by Simon Fraser. With this patch, RenderLayers that use composited scrolling are treated as stacking contexts. Since isStackingContainer now depends on the value of m_needsCompositedScrolling, special care needed to be taken to ensure that the value of isStackingContainer is not used when updating m_needsCompositedScrolling. In particular, the code for rebuilding the layer lists needed to be generalized so that we could build the layer lists using the value of isStackingContext rather than isStackingContainer when building the layer lists used to determine if the descendants are contiguous in stacking order. Also, updating m_needsCompositedScrolling can now affect stacking container status and can therefore dirty layer lists. Test: compositing/overflow/composited-scrolling-creates-a-stacking-container.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::updateDescendantsAreContiguousInStackingOrder): Modified to use layer lists built based on isStackingContext rather than isStackingContainer. (WebCore::RenderLayer::updateNeedsCompositedScrolling): This function can now affect stacking container status and layer lists. (WebCore::RenderLayer::rebuildZOrderLists): Refactored to generalize layer list building. (WebCore::RenderLayer::collectLayers): This function can now stop at either stacking containers or contexts. (WebCore::RenderLayer::updateLayerListsIfNeeded): Layer lists may need to be built a 2nd time if we opt into composited scrolling. * rendering/RenderLayer.h: (RenderLayer): (WebCore::RenderLayer::isStackingContainer): Returns true if we use composited scrolling. 2013-01-28 Max Vujovic [CSS Shaders] Parse @-webkit-filter https://bugs.webkit.org/show_bug.cgi?id=106837 Reviewed by Dean Jackson. The new CSS Custom Filters syntax includes an @filter rule: @filter IDENT { } IDENT is the filter name. For example: @filter my-filter { ... } is a set of CSS properties, which are still under discussion in the CSSWG. This patch adds parsing and JS bindings for the prefixed at-rule. It does not add parsing for any of the at-rule's internal properties. Spec: https://dvcs.w3.org/hg/FXTF/raw-file/tip/filters/index.html#the-atfilter-rule Tests: css3/filters/custom/custom-filter-parsing-at-rule-invalid.html css3/filters/custom/custom-filter-parsing-at-rule-valid.html * CMakeLists.txt: * DerivedSources.cpp: * DerivedSources.make: * DerivedSources.pri: * GNUmakefile.list.am: * Target.pri: * WebCore.gypi: * WebCore.xcodeproj/project.pbxproj: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/objc/DOMCSS.mm: (kitClass): * bindings/v8/custom/V8CSSRuleCustom.cpp: (WebCore::wrap): * css/CSSGrammar.y.in: * css/CSSParser.cpp: (WebCore::CSSParser::createFilterRule): (WebCore::CSSParser::detectAtToken): * css/CSSParser.h: * css/CSSPropertySourceData.h: * css/CSSRule.h: * css/CSSRule.idl: Only contains a CSSStyleDeclaration "style" property, like the other at-rules that are supposed to contain properties (e.g. CSSStyleRule, CSSFontFaceRule, CSSPageRule). Eventually, when it's specified, we should expose the filter name as well. Other at-rules IDL Spec: http://www.w3.org/TR/DOM-Level-2-Style/idl-definitions.html * css/StyleRule.cpp: (WebCore::StyleRuleBase::reportMemoryUsage): (WebCore::StyleRuleBase::destroy): (WebCore::StyleRuleBase::copy): (WebCore::StyleRuleBase::createCSSOMWrapper): (WebCore::StyleRuleFilter::StyleRuleFilter): (WebCore::StyleRuleFilter::~StyleRuleFilter): (WebCore::StyleRuleFilter::mutableProperties): (WebCore::StyleRuleFilter::setProperties): (WebCore::StyleRuleFilter::reportDescendantMemoryUsage): * css/StyleRule.h: (StyleRuleBase): (WebCore::StyleRuleBase::isFilterRule): (StyleRuleFilter): (WebCore::StyleRuleFilter::create): (WebCore::StyleRuleFilter::filterName): (WebCore::StyleRuleFilter::properties): (WebCore::StyleRuleFilter::copy): * css/StyleSheetContents.cpp: (WebCore::childRulesHaveFailedOrCanceledSubresources): * css/WebKitCSSFilterRule.cpp: Added. WebKitCSSFilterRule is implemented similar to CSSFontFaceRule. (WebCore::WebKitCSSFilterRule::WebKitCSSFilterRule): (WebCore::WebKitCSSFilterRule::~WebKitCSSFilterRule): (WebCore::WebKitCSSFilterRule::style): (WebCore::WebKitCSSFilterRule::cssText): The CSS text implementation for WebKitCSSFilterRule is almost the same as CSSFontFaceRule. WebKitCSSFilterRule additionally needs to output the filter name in its syntax (e.g. @-webkit-filter my-filter { }). (WebCore::WebKitCSSFilterRule::reattach): (WebCore::WebKitCSSFilterRule::reportMemoryUsage): * css/WebKitCSSFilterRule.h: Added. (WebKitCSSFilterRule): (WebCore::WebKitCSSFilterRule::create): * css/WebKitCSSFilterRule.idl: Added. 2013-01-28 Anders Carlsson Add StorageStrategy member functions to WebKit2 https://bugs.webkit.org/show_bug.cgi?id=108105 Reviewed by Tim Horton. StorageStrategy::sessionStorageNamespace should be virtual, not static... * WebCore.exp.in: * storage/StorageStrategy.h: (StorageStrategy): 2013-01-28 Uday Kiran getComputedStyle returns "left" instead of "none" for "float" on abspos elements https://bugs.webkit.org/show_bug.cgi?id=105836 Reviewed by Tony Chang. If 'position' has the value absolute, page or fixed, and the value of float is left or right, the box is absolutely positioned and the computed value of float is none. http://www.w3.org/TR/css3-positioning/#dis-pos-flo This matches behavior of Firefox 18, Opera 12 and IE9. Test: fast/css/position-absolute-float.html * css/CSSComputedStyleDeclaration.cpp: (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue): 2013-01-28 Tony Gentilcore Don't use threaded HTML parser for data: URLs https://bugs.webkit.org/show_bug.cgi?id=108096 Reviewed by Eric Seidel. data: URLs are currently loaded synchronously. Using the main thread parser for them preserves this behavior. This fixes fast/dom/HTMLDocument/document-open-return-value.html and probably others. No new tests because covered by existing tests. * html/parser/HTMLParserOptions.cpp: (WebCore::HTMLParserOptions::HTMLParserOptions): 2013-01-28 Tony Gentilcore Don't use the threaded HTML parser for javascript: URLs https://bugs.webkit.org/show_bug.cgi?id=107975 Reviewed by Adam Barth. Several layout tests depend on javascript: URL iframes loading synchronously including fast/loader/javascript-url-encoding.html. This patch avoids using the threaded parser for those URLs so they will continue to be synchronous. No new tests because covered by existing tests. * html/parser/HTMLParserOptions.cpp: (WebCore::HTMLParserOptions::HTMLParserOptions): 2013-01-27 Sam Weinig SVGPathStringSource should not up-convert 8-bit strings to UTF-16 https://bugs.webkit.org/show_bug.cgi?id=108050 Reviewed by Anders Carlsson. Should save around ~400k on Membuster3. * svg/SVGParserUtilities.cpp: (WebCore::parseNumber): (WebCore::genericParseArcFlag): (WebCore::parseArcFlag): * svg/SVGParserUtilities.h: Add LChar variants of parseNumber and parseArcFlag. * svg/SVGPathSource.h: (WebCore): Move forward declaration of FloatPoint here, where it belongs. * svg/SVGPathStringSource.cpp: (WebCore::parseFloatPoint): (WebCore::parseFloatPoint2): (WebCore::parseFloatPoint3): Add helpers for parsing float points. (WebCore::SVGPathStringSource::SVGPathStringSource): (WebCore::SVGPathStringSource::hasMoreData): (WebCore::SVGPathStringSource::moveToNextToken): (WebCore::parseSVGSegmentTypeHelper): (WebCore::SVGPathStringSource::parseSVGSegmentType): (WebCore::nextCommandHelper): (WebCore::SVGPathStringSource::nextCommand): (WebCore::SVGPathStringSource::parseMoveToSegment): (WebCore::SVGPathStringSource::parseLineToSegment): (WebCore::SVGPathStringSource::parseLineToHorizontalSegment): (WebCore::SVGPathStringSource::parseLineToVerticalSegment): (WebCore::SVGPathStringSource::parseCurveToCubicSegment): (WebCore::SVGPathStringSource::parseCurveToCubicSmoothSegment): (WebCore::SVGPathStringSource::parseCurveToQuadraticSegment): (WebCore::SVGPathStringSource::parseCurveToQuadraticSmoothSegment): (WebCore::parseArcToSegmentHelper): (WebCore::SVGPathStringSource::parseArcToSegment): * svg/SVGPathStringSource.h: (SVGPathStringSource): Make 8-bit aware. 2013-01-28 Simon Fraser Repaint issues in background tabs after r138858 https://bugs.webkit.org/show_bug.cgi?id=108092 Reviewed by Tim Horton. In r138858, we unparented all tiles in the tile caches of background tabs. That broke repaints in background tabs; when bringing that tab back to the foreground, we would call -setNeedsDisplayInRect:, and then reparent the tiles on a zero-delay timer. Those repaints would then be flipped (possibly because CA can't look up the layer tree to check for flipped geometry). Fix by revalidating tiles (which reparents the tiles) at the time we're told we're moving into the window, which happens before repaints are flushed. * platform/graphics/ca/mac/TileCache.mm: (WebCore::TileCache::setIsInWindow): 2013-01-28 Adam Barth Remove webkitNotifications.createHTMLNotification https://bugs.webkit.org/show_bug.cgi?id=107598 Reviewed by Benjamin Poulain. As discussed in http://lists.webkit.org/pipermail/webkit-dev/2012-February/019354.html, we've been slowly deprecating HTML notificiations for about a year. FeatureObserver says that HTML notifications are used by 0.0008% of web pages, which means we should be able to remove them without causing too much trouble. * Configurations/FeatureDefines.xcconfig: * Modules/notifications/Notification.cpp: (WebCore): (WebCore::Notification::Notification): * Modules/notifications/Notification.h: (Notification): * Modules/notifications/NotificationCenter.h: (NotificationCenter): * Modules/notifications/NotificationCenter.idl: 2013-01-28 Bear Travis [CSS Exclusions] Refactor ExclusionShapeInsideInfo to more general ExclusionShapeInfo https://bugs.webkit.org/show_bug.cgi?id=100766 Reviewed by Dirk Schulze. Refactoring, covered by existing tests. Factoring out code common to ExclusionShapeInsideInfo and ExclusionShapeOutsideInfo into common classes in ExclusionShapeInfo.h. Since the ExclusionShapeInsideInfo and ExclusionShapeOutsideInfo share almost all of their code, save the RenderObject type they work with and the specific shapeInside/Outside methods they call on RenderStyle and ExclusionShape, the code has been templated. The code responsible for maintaining global maps has also been factored out into a MappedInfo class. * CMakeLists.txt: Adding ExclusionShapeInfo files. * GNUmakefile.list.am: Ditto. * Target.pri: Ditto. * WebCore.gypi: Ditto. * WebCore.vcproj/WebCore.vcproj: Ditto. * WebCore.xcodeproj/project.pbxproj: Ditto. * rendering/ExclusionShapeInfo.cpp: Added. (WebCore::::computedShape): Determine the shape based on the current logical dimensions. Call this method rather than accessing m_shape directly. * rendering/ExclusionShapeInfo.h: Added. (MappedInfo): Helper class that maintains a global info map. (WebCore::MappedInfo::ensureInfo): Look up the info for a key and add it if not present. (WebCore::MappedInfo::removeInfo): Remove the info associated with a key. (WebCore::MappedInfo::info): Look up the info associated with a key. (WebCore::MappedInfo::infoMap): The map used to store key/info pairs. (ExclusionShapeInfo): A common parent class for ExclusionShapeInside/OutsideInfos. The methods were factored out of the code common to ExclusionShapeInside/OutsideInfo. (WebCore::ExclusionShapeInfo::~ExclusionShapeInfo): Destructor. (WebCore::ExclusionShapeInfo::setShapeSize): Sets the shape's logical size. (WebCore::ExclusionShapeInfo::shapeLogicalTop/Bottom/Left/Right/Width/Height): Returns the shape's logical dimensions. (WebCore::ExclusionShapeInfo::dirtyShapeSize): Mark the shape for recomputation. (WebCore::ExclusionShapeInfo::owner): The renderer to which this info belongs. (WebCore::ExclusionShapeInfo::ExclusionShapeInfo): Constructor. (WebCore::ExclusionShapeInfo::floatLogicalTopToLayoutUnit/floatLogicalBottomToLayoutUnit): Helper methods that round float units from ExclusionShapes to LayoutUnits for layout. * rendering/ExclusionShapeInsideInfo.cpp: (WebCore::ExclusionShapeInsideInfo::computeSegmentsForLine): Modified to use computedShape() rather than m_shape. (WebCore::ExclusionShapeInsideInfo::adjustLogicalLineTop): Ditto. * rendering/ExclusionShapeInsideInfo.h: (WebCore::ExclusionShapeInsideInfo::createInfo): Renamed to match MappedInfo. (WebCore::ExclusionShapeInsideInfo::isEnabledFor): Renamed to match shorter naming. (WebCore::ExclusionShapeInsideInfo::lineOverlapsShapeBounds): Modified to use computedShape(). * rendering/ExclusionShapeOutsideInfo.cpp: (WebCore::ExclusionShapeOutsideInfo::isEnabledFor): Renamed to match shorter naming. * rendering/ExclusionShapeOutsideInfo.h: (WebCore::ExclusionShapeOutsideInfo::createInfo): Renamed to match MappedInfo. (WebCore::ExclusionShapeOutsideInfo::ExclusionShapeOutsideInfo): Constructor. * rendering/RenderBlock.cpp: (WebCore::RenderBlock::willBeDestroyed): Use shortened MappedInfo names for looking up infos. (WebCore::RenderBlock::exclusionShapeInsideInfo): Ditto. (WebCore::RenderBlock::updateExclusionShapeInsideInfoAfterStyleChange): Ditto. (WebCore::RenderBlock::computeExclusionShapeSize): Ditto. * rendering/RenderBox.cpp: (WebCore::RenderBox::willBeDestroyed): Ditto. (WebCore::RenderBox::updateExclusionShapeOutsideInfoAfterStyleChange): Ditto. * rendering/RenderBox.h: (WebCore): (WebCore::RenderBox::exclusionShapeOutsideInfo): Ditto. 2013-01-28 Stephen Chenney SVGViewSpec fails when corresponding element has been removed https://bugs.webkit.org/show_bug.cgi?id=106957 Reviewed by Dirk Schulze. When JS holds an SVGViewSpec object while deleting the object that defines the spec (an SVGSVGElement, or one of a few others) the pointer to the target is cleared in the SVGViewSpec but the methods that serve JS queries do not check and try to access the now null target. This patch fixes the prooblem, returning null when the corresponding object has been deleted. Also removing SVGViewSpec::setPreserveAspectRatioString, which is no longer used by any callers. Test: svg/dom/SVGViewSpec-invalid-ref-crash.html * svg/SVGViewSpec.cpp: (WebCore): (WebCore::SVGViewSpec::viewTarget): Check for null target and return null. (WebCore::SVGViewSpec::transform): Check for null target and return null.. (WebCore::SVGViewSpec::viewBoxAnimated): Check for null target and return null. (WebCore::SVGViewSpec::preserveAspectRatioAnimated): Check for null target and return null. (WebCore::SVGViewSpec::lookupOrCreateViewBoxWrapper): ASSERT non-null target. (WebCore::SVGViewSpec::lookupOrCreatePreserveAspectRatioWrapper): ASSERT non-null target. (WebCore::SVGViewSpec::lookupOrCreateTransformWrapper): ASSERT non-null target. * svg/SVGViewSpec.h: (SVGViewSpec): Move some methods out of the header and into the implementation file. * svg/SVGViewSpec.cpp: (WebCore): (WebCore::SVGViewSpec::transform): (WebCore::SVGViewSpec::viewBoxAnimated): (WebCore::SVGViewSpec::preserveAspectRatioAnimated): (WebCore::SVGViewSpec::lookupOrCreateViewBoxWrapper): (WebCore::SVGViewSpec::lookupOrCreatePreserveAspectRatioWrapper): (WebCore::SVGViewSpec::lookupOrCreateTransformWrapper): * svg/SVGViewSpec.h: (SVGViewSpec): 2013-01-28 James Craig HTML5 promotes DL from specific 'definition list' to superset 'description list'; accessibility strings and accessors should be updated to match. https://bugs.webkit.org/show_bug.cgi?id=107650 Reviewed by Chris Fleizach. Updating accessibility strings and accessors for DL/DT/DD; new one for [role="definition"] (previously it reused the role/desc for DD). Test: platform/mac/accessibility/definition-list-term.html: Test: accessibility/lists.html * English.lproj/Localizable.strings: * accessibility/AccessibilityList.cpp: (WebCore::AccessibilityList::isDescriptionList): * accessibility/AccessibilityList.h: (AccessibilityList): * accessibility/AccessibilityObject.cpp: (WebCore::createARIARoleMap): * accessibility/AccessibilityObject.h: * accessibility/AccessibilityRenderObject.cpp: (WebCore::AccessibilityRenderObject::determineAccessibilityRole): * accessibility/mac/WebAccessibilityObjectWrapper.mm: (createAccessibilityRoleMap): (-[WebAccessibilityObjectWrapper subrole]): (-[WebAccessibilityObjectWrapper roleDescription]): * platform/LocalizedStrings.cpp: (WebCore::AXDefinitionText): (WebCore::AXDescriptionListTermText): (WebCore): (WebCore::AXDescriptionListDetailText): * platform/LocalizedStrings.h: (WebCore): * platform/blackberry/LocalizedStringsBlackBerry.cpp: (WebCore::AXDefinitionText): (WebCore::AXDescriptionListDetailText): (WebCore): (WebCore::AXDescriptionListTermText): * platform/efl/LocalizedStringsEfl.cpp: (WebCore::AXDefinitionText): (WebCore): (WebCore::AXDescriptionListTermText): (WebCore::AXDescriptionListDetailText): * platform/gtk/LocalizedStringsGtk.cpp: (WebCore::AXDefinitionText): (WebCore): (WebCore::AXDescriptionListTermText): (WebCore::AXDescriptionListDetailText): * platform/qt/LocalizedStringsQt.cpp: (WebCore::AXDefinitionText): (WebCore::AXDescriptionListTermText): (WebCore): (WebCore::AXDescriptionListDetailText): 2013-01-28 Vladislav Kaznacheev Web Inspector: Inherit SidebarPane from View. https://bugs.webkit.org/show_bug.cgi?id=108075 Reviewed by Pavel Feldman. Inherited WebInspector.SidebarPane from WebInspector.View to streamlines the code and simplify further enhancements to sidebar panes. Got rid of obsolete onattach calls. No new tests. * inspector/front-end/AuditResultView.js: (WebInspector.AuditResultView): * inspector/front-end/ElementsPanel.js: (WebInspector.ElementsPanel): (WebInspector.ElementsPanel.prototype.wasShown): (WebInspector.ElementsPanel.prototype.willHide): * inspector/front-end/ExtensionServer.js: (WebInspector.ExtensionServer.prototype._onCreateSidebarPane): * inspector/front-end/ScriptsPanel.js: (WebInspector.ScriptsPanel): (WebInspector.ScriptsPanel.prototype.wasShown): * inspector/front-end/SidebarPane.js: (WebInspector.SidebarPane): * inspector/front-end/WatchExpressionsSidebarPane.js: (WebInspector.WatchExpressionsSidebarPane.prototype._refreshExpressionsIfNeeded): 2013-01-28 Martin Robinson [Freetype] Synthetic bold not applied to fallback fonts properly https://bugs.webkit.org/show_bug.cgi?id=107733 Reviewed by Gustavo Noronha Silva. No new tests. This is covered by existing pixel tests. * platform/graphics/freetype/FontPlatformDataFreeType.cpp: (WebCore::FontPlatformData::FontPlatformData): When we detect a situation in which we are a bold font, but the Fontconfig pattern does not describe the font as bold, we should activate synthetic bolding. 2013-01-28 Vsevolod Vlasov Web Inspector: [Regression] Search all sources should not search across service projects. https://bugs.webkit.org/show_bug.cgi?id=108068 Reviewed by Pavel Feldman. * inspector/front-end/ScriptsSearchScope.js: (WebInspector.ScriptsSearchScope): (WebInspector.ScriptsSearchScope.prototype._sortedUISourceCodes): 2013-01-28 Pavel Feldman Web Inspector: SourceURL and SourceMappingURL together in evalled code https://bugs.webkit.org/show_bug.cgi?id=107939 Reviewed by Vsevolod Vlasov. Resolve map's sources URLs wrt script URL in case sourceMap is defined as data:. * inspector/front-end/CompilerScriptMapping.js: (WebInspector.CompilerScriptMapping.prototype.loadSourceMapForScript): * inspector/front-end/ParsedURL.js: (WebInspector.ParsedURL.completeURL): * inspector/front-end/SourceMap.js: (WebInspector.SourceMap.prototype._parseMap): 2013-01-28 Andrey Adaikin Web Inspector: [Canvas] refactoring in CanvasAgent to reduce code dups https://bugs.webkit.org/show_bug.cgi?id=108064 Reviewed by Pavel Feldman. Introduce private methods injectedScriptCanvasModule() in InspectorCanvasAgent to reduce much of code duplication. Drive-by: in InspectorPageAgent.assertFrame convert "String" argument to "const String&". * inspector/InspectorCanvasAgent.cpp: (WebCore::InspectorCanvasAgent::dropTraceLog): (WebCore::InspectorCanvasAgent::captureFrame): (WebCore::InspectorCanvasAgent::startCapturing): (WebCore::InspectorCanvasAgent::stopCapturing): (WebCore::InspectorCanvasAgent::getTraceLog): (WebCore::InspectorCanvasAgent::replayTraceLog): (WebCore::InspectorCanvasAgent::getResourceInfo): (WebCore::InspectorCanvasAgent::getResourceState): (WebCore::InspectorCanvasAgent::wrapCanvas2DRenderingContextForInstrumentation): (WebCore::InspectorCanvasAgent::wrapWebGLRenderingContextForInstrumentation): (WebCore::InspectorCanvasAgent::injectedScriptCanvasModule): (WebCore): (WebCore::InspectorCanvasAgent::findFramesWithUninstrumentedCanvases): * inspector/InspectorCanvasAgent.h: (InspectorCanvasAgent): * inspector/InspectorPageAgent.cpp: (WebCore::InspectorPageAgent::assertFrame): (WebCore::InspectorPageAgent::assertDocumentLoader): * inspector/InspectorPageAgent.h: (InspectorPageAgent): 2013-01-28 Kihong Kwon Replace the type of Proximity's supplementName for char* https://bugs.webkit.org/show_bug.cgi?id=108049 Reviewed by Benjamin Poulain. There are some changes for supplementName by Bug 107535. It makes build break when PROXIMITY_EVENT feature is enabled. Therefore ProximityController need to change the type of supplementName for char* also. No new tests. Functionality is not changed. * Modules/proximity/DeviceProximityController.cpp: (WebCore::DeviceProximityController::supplementName): * Modules/proximity/DeviceProximityController.h: (DeviceProximityController): 2013-01-28 Keishi Hattori [REGRESSION] Calendar Picker focus ring is gone https://bugs.webkit.org/show_bug.cgi?id=108055 Reviewed by Kent Tamura. The focus ring wasn't visible because -webkit-focus-ring-color value only works for outline property in strict mode. Using fixed color instead. No new tests. Can't reproduce in layout test because mock popup writes a script tag in front of the doctype. * Resources/pagepopups/chromium/calendarPickerChromium.css: (.days-area-container:focus): * Resources/pagepopups/chromium/pickerCommonChromium.css: (:enabled:focus:-webkit-any(button, input[type='button'])): 2013-01-25 Yury Semikhatsky Web Inspector: remove unused isElement and similar methods from HeapProfiler https://bugs.webkit.org/show_bug.cgi?id=107940 Reviewed by Vsevolod Vlasov. - Removed some unused methods. - Moved JS specific edge filters to JSHeapSnapshot. * inspector/front-end/HeapSnapshot.js: (WebInspector.HeapSnapshot.prototype.createEdgesProvider): (WebInspector.HeapSnapshot.prototype.createEdgesProviderForTest): (WebInspector.HeapSnapshot.prototype.retainingEdgesFilter): (WebInspector.HeapSnapshot.prototype.containmentEdgesFilter): (WebInspector.HeapSnapshot.prototype.createRetainingEdgesProvider): (WebInspector.HeapSnapshot.prototype.classNodesFilter): (WebInspector.HeapSnapshot.prototype.createNodesProviderForClass): * inspector/front-end/HeapSnapshotGridNodes.js: (WebInspector.HeapSnapshotGenericObjectNode): * inspector/front-end/HeapSnapshotProxy.js: (WebInspector.HeapSnapshotProxy.prototype.createEdgesProvider): (WebInspector.HeapSnapshotProxy.prototype.createRetainingEdgesProvider): * inspector/front-end/JSHeapSnapshot.js: (WebInspector.JSHeapSnapshot.prototype.classNodesFilter): (WebInspector.JSHeapSnapshot.prototype._markDetachedDOMTreeNodes): * inspector/front-end/NativeHeapSnapshot.js: 2013-01-28 Sheriff Bot Unreviewed, rolling out r140554. http://trac.webkit.org/changeset/140554 https://bugs.webkit.org/show_bug.cgi?id=108057 Caused tables/table-section-overflow-clip-crash.html and bug2479-5.html to crash. (Requested by keishi on #webkit). * rendering/RenderBox.cpp: (WebCore::RenderBox::minPreferredLogicalWidth): (WebCore::RenderBox::maxPreferredLogicalWidth): * rendering/mathml/RenderMathMLOperator.cpp: (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): * rendering/mathml/RenderMathMLRoot.cpp: (WebCore::RenderMathMLRoot::computePreferredLogicalWidths): * rendering/mathml/RenderMathMLRow.cpp: (WebCore::RenderMathMLRow::computePreferredLogicalWidths): 2013-01-24 Yury Semikhatsky Web Inspector: each node in a detached DOM tree is shown in its own "detached DOM tree" entry in heap profiler https://bugs.webkit.org/show_bug.cgi?id=107819 Reviewed by Adam Barth. Provide single RetainedDOMInfo for each group of DOM Node wrappers reported to GC. Otherwise we have unequal RetainedDOMInfo groups for each wrapped node. * bindings/v8/V8GCController.cpp: (WebCore::ImplicitConnection::ImplicitConnection): (WebCore::ImplicitConnection::retainedObjectInfo): (ImplicitConnection): (WebCore::WrapperGrouper::addObjectToGroup): (WrapperGrouper): (WebCore::WrapperGrouper::addNodeToGroup): (WebCore::WrapperGrouper::apply): (WebCore::V8GCController::opaqueRootForGC): * bindings/v8/V8GCController.h: (V8GCController): 2013-01-27 Mihnea Ovidenie [CSSRegions] RenderFlowThread should keep a count of auto height regions https://bugs.webkit.org/show_bug.cgi?id=105185 Reviewed by Julien Chaffraix. Keep the count of auto height regions on the flow thread instead of flow thread controller. This way, we can streamline the operations associated with the two-pass layout only to those flow threads that have auto height regions associated. The flow thread controller will keep a count of flow thread with auto height regions instead. This is a performance refactoring without an expected change in behavior, therefore no new tests were added. * rendering/FlowThreadController.cpp: Keep a count of flow threads with auto logical height regions. (WebCore::FlowThreadController::FlowThreadController): (WebCore::FlowThreadController::layoutRenderNamedFlowThreads): Check the count of auto height regions for all the flow threads. (WebCore::FlowThreadController::isAutoLogicalHeightRegionsCountConsistent): Make sure that we call these methods only when we have auto logical height regions. (WebCore::FlowThreadController::resetRegionsOverrideLogicalContentHeight): (WebCore::FlowThreadController::markAutoLogicalHeightRegionsForLayout): * rendering/FlowThreadController.h: (WebCore::FlowThreadController::hasFlowThreadsWithAutoLogicalHeightRegions): (WebCore::FlowThreadController::incrementFlowThreadsWithAutoLogicalHeightRegions): (WebCore::FlowThreadController::decrementFlowThreadsWithAutoLogicalHeightRegions): * rendering/RenderFlowThread.cpp: Keep a count of auto logical height regions. (WebCore::RenderFlowThread::RenderFlowThread): (WebCore::RenderFlowThread::isAutoLogicalHeightRegionsCountConsistent): (WebCore::RenderFlowThread::resetRegionsOverrideLogicalContentHeight): Iterate the region chain only if the region chain has auto height regions. (WebCore::RenderFlowThread::initializeRegionsOverrideLogicalContentHeight): Ditto. (WebCore::RenderFlowThread::markAutoLogicalHeightRegionsForLayout): Ditto. (WebCore::RenderFlowThread::incrementAutoLogicalHeightRegions): (WebCore::RenderFlowThread::decrementAutoLogicalHeightRegions): * rendering/RenderFlowThread.h: * rendering/RenderRegion.cpp: Add increment/decrementAutoLogicalHeightCount to increase/decrease the counter inside the flow thread and use them throughout the code as needed. (WebCore::RenderRegion::incrementAutoLogicalHeightCount): (WebCore::RenderRegion::decrementAutoLogicalHeightCount): (WebCore::RenderRegion::updateRegionHasAutoLogicalHeightFlag): (WebCore::RenderRegion::attachRegion): (WebCore::RenderRegion::detachRegion): * rendering/RenderRegion.h: * rendering/RenderView.cpp: (WebCore::RenderView::checkTwoPassLayoutForAutoHeightRegions): Use the count of flow threads with auto height regions instead of the count of auto height regions when deciding whether we should attempt the 2 pass layout for auto height regions. 2013-01-27 Shinya Kawanaka [Shadow DOM] Selecting a node to another node in ShadowDOM fires 'click' event unexpectedly https://bugs.webkit.org/show_bug.cgi?id=107233 Reviewed by Dimitri Glazkov. When selecting from a node to another node in ShadowDOM, 'click' event is unexpectedly fired. The root cause of the bug is using shadow ancestor nodes for checking the node mouse is pressed on and the node mouse is released on is the same. This was introduced to fire a click event for a slider in or etc. However, we don't need to check shadow ancestor if we're in Author ShadowDOM. Test: fast/dom/shadow/selecting-anchor.html * page/EventHandler.cpp: (WebCore::mouseIsReleasedOnPressedElement): (WebCore): (WebCore::EventHandler::handleMouseReleaseEvent): 2013-01-27 Kentaro Hara An [ActiveDOMObject] IDL attribute should be inherited https://bugs.webkit.org/show_bug.cgi?id=107877 Reviewed by Adam Barth. Now we support IDL attribute inheritance. We can remove [ActiveDOMObject] from subclasses. No tests. No change in behavior. * Modules/indexeddb/IDBOpenDBRequest.idl: * Modules/webaudio/OfflineAudioContext.idl: * bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader): (GenerateImplementation): * bindings/scripts/CodeGeneratorV8.pm: (GenerateHeader): (GenerateNamedConstructorCallback): (GenerateImplementation): * workers/SharedWorker.idl: * workers/Worker.idl: 2013-01-27 Sheriff Bot Unreviewed, rolling out r140602. http://trac.webkit.org/changeset/140602 https://bugs.webkit.org/show_bug.cgi?id=108045 Caused 8 indexed tests to crash. (Requested by keishi on #webkit). * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * Modules/indexeddb/IDBCallbacks.h: (WebCore::IDBCallbacks::onBlocked): * Modules/indexeddb/IDBDatabase.cpp: * Modules/indexeddb/IDBDatabase.h: (WebCore): * Modules/indexeddb/IDBDatabaseBackendImpl.cpp: (WebCore::IDBDatabaseBackendImpl::deleteDatabase): * Modules/indexeddb/IDBFactory.cpp: (WebCore::IDBFactory::openInternal): (WebCore::IDBFactory::deleteDatabase): * Modules/indexeddb/IDBFactory.h: (WebCore): (IDBFactory): * Modules/indexeddb/IDBFactory.idl: * Modules/indexeddb/IDBOpenDBRequest.cpp: (WebCore::IDBOpenDBRequest::create): (WebCore::IDBOpenDBRequest::IDBOpenDBRequest): (WebCore::IDBOpenDBRequest::dispatchEvent): * Modules/indexeddb/IDBOpenDBRequest.h: (IDBOpenDBRequest): * Modules/indexeddb/IDBVersionChangeRequest.cpp: Copied from Source/WebKit/chromium/src/WebIDBCallbacksImpl.h. (WebCore): (WebCore::IDBVersionChangeRequest::create): (WebCore::IDBVersionChangeRequest::IDBVersionChangeRequest): (WebCore::IDBVersionChangeRequest::~IDBVersionChangeRequest): (WebCore::IDBVersionChangeRequest::interfaceName): (WebCore::IDBVersionChangeRequest::onBlocked): * Modules/indexeddb/IDBVersionChangeRequest.h: Copied from Source/WebCore/Modules/indexeddb/IDBFactory.idl. (WebCore): (IDBVersionChangeRequest): * Modules/indexeddb/IDBVersionChangeRequest.idl: Copied from Source/WebCore/Modules/indexeddb/IDBFactory.idl. * WebCore.gypi: * WebCore.xcodeproj/project.pbxproj: * dom/EventTarget.h: (WebCore): * dom/EventTargetFactory.in: 2013-01-27 Shinya Kawanaka Disabled input/textarea doesn't trigger selection change https://bugs.webkit.org/show_bug.cgi?id=85244 Reviewed by Ryosuke Niwa. Only rootEditableNode is there in or