WebKit-https.git
8 years agoUpdate LLVM binary drops for Mountain Lion to LLVM r206312.
fpizlo@apple.com [Wed, 16 Apr 2014 00:01:06 +0000 (00:01 +0000)]
Update LLVM binary drops for Mountain Lion to LLVM r206312.

Rubber stamped by Geoffrey Garen.

* LLVMIncludesMountainLion.tar.bz2:
* LLVMLibrariesMountainLion.tar.bz2:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167337 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agocompileMakeRope does not emit necessary bounds checks
fpizlo@apple.com [Tue, 15 Apr 2014 23:33:11 +0000 (23:33 +0000)]
compileMakeRope does not emit necessary bounds checks
https://bugs.webkit.org/show_bug.cgi?id=130684
<rdar://problem/16398388>

Reviewed by Oliver Hunt.

Add string length bounds checks in a bunch of places. We should never allow a string
to have a length greater than 2^31-1 because it's not clear that the language has
semantics for it and because there is code that assumes that this cannot happen.

Also add a bunch of tests to that effect to cover the various ways in which this was
previously allowed to happen.

* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileMakeRope):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileMakeRope):
* runtime/JSString.cpp:
(JSC::JSRopeString::RopeBuilder::expand):
* runtime/JSString.h:
(JSC::JSString::create):
(JSC::JSRopeString::RopeBuilder::append):
(JSC::JSRopeString::RopeBuilder::release):
(JSC::JSRopeString::append):
* runtime/Operations.h:
(JSC::jsString):
(JSC::jsStringFromRegisterArray):
(JSC::jsStringFromArguments):
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncIndexOf):
(JSC::stringProtoFuncSlice):
(JSC::stringProtoFuncSubstring):
(JSC::stringProtoFuncToLowerCase):
* tests/stress/make-large-string-jit-strcat.js: Added.
(foo):
* tests/stress/make-large-string-jit.js: Added.
(foo):
* tests/stress/make-large-string-strcat.js: Added.
* tests/stress/make-large-string.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167336 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[New Multicolumn] Add support for column-span:all
hyatt@apple.com [Tue, 15 Apr 2014 23:25:58 +0000 (23:25 +0000)]
[New Multicolumn] Add support for column-span:all
https://bugs.webkit.org/show_bug.cgi?id=129330

Patch by Morten Stenshorne <mstensho@opera.com> on 2014-04-14
Reviewed by Dave Hyatt.

Source/WebCore:
Column spanners are implemented as siblings of RenderMultiColumnSet
objects (i.e. the regions for the column rows). This means that they
are pulled out from the flow thread tree where they would otherwise
live. This causes some complexity, most of which is contained within
the multicol code.

A placeholder is put in the flow thread tree where the spanner's
renderer would otherwise live. This is needed in order make sure that
we interrupt line layout before after the spanner. We also need this
to be able to switch from one multicol set to the next.

Some extra logic is required when dynamically inserting and removing
flow thread descendants now, because we need to figure out if the
renderer added should trigger creation of new multi column sets. If
a spanner is inserted in the middle of a multi column set, we need to
detect this, split the set and put the spanner in the middle.

Wrote a bunch of tests. A few of the tests were copied from existing
(old-impl) tests and put in a separate directory. That directory can
be wiped when we turn on the new multicol implementation by default.

Tests: fast/multicol/newmulticol/adjacent-spanners.html
       fast/multicol/newmulticol/block-becomes-spanner.html
       fast/multicol/newmulticol/change-spanner-display.html
       fast/multicol/newmulticol/change-spanner-parent-display.html
       fast/multicol/newmulticol/compare-with-old-impl/anonymous-block-split-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/before-child-anonymous-column-block.html
       fast/multicol/newmulticol/compare-with-old-impl/clone-before-after-content-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/clone-block-children-inline-mismatch-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/clone-flexbox.html
       fast/multicol/newmulticol/compare-with-old-impl/clone-summary.html
       fast/multicol/newmulticol/compare-with-old-impl/column-span-inside-multicol-webkit-box.html
       fast/multicol/newmulticol/compare-with-old-impl/continuation-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/double-merge-anonymous-block-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/empty-anonymous-block-split-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/float-not-removed-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/list-multi-column-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/positioned-child-not-removed-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/positioned-objects-not-removed-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/recursive-split-flow-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/removal-of-multicol-span-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/remove-child-split-flow-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/runin-continuation-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/span-as-immediate-child-complex-splitting.html
       fast/multicol/newmulticol/compare-with-old-impl/span-as-nested-inline-block-child.html
       fast/multicol/newmulticol/compare-with-old-impl/split-flow-anonymous-wrapper-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/split-inline-wrong-post-block-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/table-multi-column-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/textbox-not-removed-crash.html
       fast/multicol/newmulticol/compare-with-old-impl/update-after-content-before-child-crash.html
       fast/multicol/newmulticol/insert-row-content1.html
       fast/multicol/newmulticol/insert-row-content2.html
       fast/multicol/newmulticol/insert-row-content3.html
       fast/multicol/newmulticol/insert-row-content4.html
       fast/multicol/newmulticol/insert-row-content5.html
       fast/multicol/newmulticol/insert-row-content6.html
       fast/multicol/newmulticol/insert-row-content7.html
       fast/multicol/newmulticol/insert-row-content8.html
       fast/multicol/newmulticol/insert-row-content9.html
       fast/multicol/newmulticol/insert-spanner-child1.html
       fast/multicol/newmulticol/insert-spanner-child2.html
       fast/multicol/newmulticol/insert-spanner-child3.html
       fast/multicol/newmulticol/insert-spanner1.html
       fast/multicol/newmulticol/insert-spanner2.html
       fast/multicol/newmulticol/insert-spanner3.html
       fast/multicol/newmulticol/insert-spanner4.html
       fast/multicol/newmulticol/insert-spanner5.html
       fast/multicol/newmulticol/insert-spanner6.html
       fast/multicol/newmulticol/insert-spanner7.html
       fast/multicol/newmulticol/insert-spanner8.html
       fast/multicol/newmulticol/multicol-with-spanner-becomes-regular-block.html
       fast/multicol/newmulticol/remove-row-content1.html
       fast/multicol/newmulticol/remove-row-content2.html
       fast/multicol/newmulticol/remove-row-content3.html
       fast/multicol/newmulticol/remove-row-content4.html
       fast/multicol/newmulticol/remove-row-content5.html
       fast/multicol/newmulticol/remove-row-content6.html
       fast/multicol/newmulticol/remove-row-content7.html
       fast/multicol/newmulticol/remove-row-content8.html
       fast/multicol/newmulticol/remove-row-content9.html
       fast/multicol/newmulticol/remove-spanner1.html
       fast/multicol/newmulticol/remove-spanner2.html
       fast/multicol/newmulticol/remove-spanner3.html
       fast/multicol/newmulticol/remove-spanner4.html
       fast/multicol/newmulticol/remove-spanner5.html
       fast/multicol/newmulticol/remove-spanner6.html
       fast/multicol/newmulticol/sole-spanner.html
       fast/multicol/newmulticol/span-between-text.html
       fast/multicol/newmulticol/spanner-becomes-regular-block.html
       fast/multicol/newmulticol/spanner-first.html
       fast/multicol/newmulticol/spanner-img.html
       fast/multicol/newmulticol/spanner-inline-block.html
       fast/multicol/newmulticol/spanner-last.html
       fast/multicol/newmulticol/spanner-nested-dynamic.html
       fast/multicol/newmulticol/spanner-nested.html
       fast/multicol/newmulticol/spanner-pseudo-after1.html
       fast/multicol/newmulticol/spanner-pseudo-after2.html
       fast/multicol/newmulticol/spanner-pseudo-after3.html
       fast/multicol/newmulticol/spanner-pseudo-after4.html
       fast/multicol/newmulticol/spanner-pseudo-before-after1.html
       fast/multicol/newmulticol/spanner-pseudo-before-after2.html
       fast/multicol/newmulticol/spanner-pseudo-before-after3.html
       fast/multicol/newmulticol/spanner-pseudo-before-after4.html
       fast/multicol/newmulticol/spanner-pseudo-before1.html
       fast/multicol/newmulticol/spanner-pseudo-before2.html
       fast/multicol/newmulticol/spanner-pseudo-before3.html
       fast/multicol/newmulticol/spanner-pseudo-before4.html
       fast/multicol/newmulticol/spanner-table.html
       fast/multicol/newmulticol/spanner-with-margin.html
       fast/multicol/newmulticol/spanner1.html
       fast/multicol/newmulticol/spanner2.html
       fast/multicol/newmulticol/spanner3.html
       fast/multicol/newmulticol/spanner4.html
       fast/multicol/newmulticol/spanner5.html
       fast/multicol/newmulticol/spanner6.html
       fast/multicol/newmulticol/spanner7.html
       fast/multicol/newmulticol/spanner8.html
       fast/multicol/newmulticol/spanner9.html
       fast/multicol/newmulticol/trailing-margin-with-spanner.html
       fast/multicol/newmulticol/trailing-margin-with-spanner2.html

* CMakeLists.txt:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks):
Disable the old anonymous multicol container and spanner anonymous
block generation machinery when the new multicol implementation is
enabled.
* rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::createMultiColumnFlowThread):
(WebCore::RenderBlockFlow::destroyMultiColumnFlowThread):
(WebCore::RenderBlockFlow::layoutBlockChild): Need to notify the
flow thread when a descendant's final position is known. Spanner
placeholders need to know where to terminate the column set that
it follows.
(WebCore::RenderBlockFlow::styleDidChange): Remove old code that
isn't needed anymore. The renderers in question (flow thread and
column sets) set display:block on themselves already. This code
caused problems for spanners, which got all their style wiped.
(WebCore::RenderBlockFlow::setMultiColumnFlowThread): If setting
the flow thread to nullptr, there's no need to create the "rare
data" structure.
(WebCore::RenderBlockFlow::relayoutForPagination):
(WebCore::RenderBlockFlow::layoutSpecialExcludedChild):
(WebCore::RenderBlockFlow::addChild): beforeChild is retrieved via
the DOM. If it is a spanner, we need to locate the placeholder
here, because that's the correct location to insert siblings,
DOM-wise.
(WebCore::RenderBlockFlow::removeChild): The multicol flow thread
needs to know when children disappear.
(WebCore::RenderBlockFlow::checkForPaginationLogicalHeightChange):
Don't modify the height back and forth when calculating the
multicol container's final height, as that messes up balancing.
(WebCore::RenderBlockFlow::insertedIntoTree): Deleted.
(WebCore::RenderBlockFlow::willBeDestroyed): Deleted.
(WebCore::RenderBlockFlow::styleWillChange): Deleted.
(WebCore::RenderBlockFlow::lineAtIndex): Deleted.
* rendering/RenderBlockFlow.h:
* rendering/RenderElement.cpp:
(WebCore::RenderElement::insertedIntoTree): Set up an element's
layer before notifying the flow thread. The multicol flow thread
may decide to move the element (if it's a spanner), which may
involve re-insertion of layers.  Calling
RenderObject::insertedIntoTree() last instead of first also better
matches the order we used to have prior to the introduction of
RenderElement, FWIW.
* rendering/RenderFlowThread.cpp:
(WebCore::RenderFlowThread::layout):
(WebCore::RenderFlowThread::removeRegionFromThread): Deleted.
(WebCore::RenderFlowThread::invalidateRegions): Deleted.
* rendering/RenderFlowThread.h:
* rendering/RenderMultiColumnFlowThread.cpp:
(WebCore::RenderMultiColumnFlowThread::RenderMultiColumnFlowThread):
(WebCore::RenderMultiColumnFlowThread::removeFlowChildInfo): When
a flow thread descendant is inserted, the multicol flow thread
needs to be notified.
(WebCore::RenderMultiColumnFlowThread::firstMultiColumnSet):
(WebCore::RenderMultiColumnFlowThread::lastMultiColumnSet):
(WebCore::RenderMultiColumnFlowThread::firstColumnSetOrSpanner):
(WebCore::RenderMultiColumnFlowThread::nextColumnSetOrSpannerSiblingOf):
(WebCore::RenderMultiColumnFlowThread::previousColumnSetOrSpannerSiblingOf):
(WebCore::RenderMultiColumnFlowThread::layout):
(WebCore::RenderMultiColumnFlowThread::findSetRendering):
(WebCore::RenderMultiColumnFlowThread::populate):
(WebCore::RenderMultiColumnFlowThread::evacuateAndDestroy):
(WebCore::RenderMultiColumnFlowThread::addRegionToThread):
(WebCore::RenderMultiColumnFlowThread::willBeRemovedFromTree):
Need to detach column sets here, since they have pointers to their
flow thread.
(WebCore::RenderMultiColumnFlowThread::resolveMovedChild):
(WebCore::isValidColumnSpanner):
(WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted):
(WebCore::RenderMultiColumnFlowThread::flowThreadRelativeWillBeRemoved):
(WebCore::RenderMultiColumnFlowThread::flowThreadDescendantBoxLaidOut):
(WebCore::RenderMultiColumnFlowThread::autoGenerateRegionsToBlockOffset):
Nothing to be done here for the time being. Column sets are now
created during box creation. We are going to need to add some code
here again once multicol properly supports nested fragmentation
contexts (and you get adjacent column rows because of that).
(WebCore::RenderMultiColumnFlowThread::regionAtBlockOffset):
During layout, don't trust the region interval tree, as that one
depends on the resulting layout.
(WebCore::RenderMultiColumnFlowThread::setRegionRangeForBox): With
a convenience method to get the last column set, and column sets
now being created during normal box creation, this young method
needs an overhaul.
(WebCore::RenderMultiColumnFlowThread::setRegionRangeForBox):
(WebCore::RenderMultiColumnFlowThread::isPageLogicalHeightKnown):
* rendering/RenderMultiColumnFlowThread.h:
* rendering/RenderMultiColumnSet.cpp:
(WebCore::RenderMultiColumnSet::nextSiblingMultiColumnSet):
(WebCore::RenderMultiColumnSet::previousSiblingMultiColumnSet):
(WebCore::RenderMultiColumnSet::firstRendererInFlowThread):
(WebCore::RenderMultiColumnSet::lastRendererInFlowThread):
(WebCore::precedesRenderer):
(WebCore::RenderMultiColumnSet::containsRendererInFlowThread):
(WebCore::RenderMultiColumnSet::setLogicalTopInFlowThread):
(WebCore::RenderMultiColumnSet::setLogicalBottomInFlowThread):
(WebCore::RenderMultiColumnSet::pageLogicalTopForOffset):
(WebCore::RenderMultiColumnSet::distributeImplicitBreaks):
(WebCore::RenderMultiColumnSet::calculateBalancedHeight):
(WebCore::RenderMultiColumnSet::addForcedBreak):
(WebCore::RenderMultiColumnSet::recalculateColumnHeight):
Previously only needed if columns were to be balanced, now it's
also needed when not balancing.
(WebCore::RenderMultiColumnSet::recordSpaceShortage): Some layout
elements actually have 0 height. Skip them, since they're not
taking us anywhere.
(WebCore::RenderMultiColumnSet::updateLogicalWidth):
(WebCore::RenderMultiColumnSet::requiresBalancing): Column sets
now have individual balancing needs. If they precede a spanner,
they must always be balanced. For the last column set, see if
height is unspecified or column-fill is 'balance' (like before).
(WebCore::RenderMultiColumnSet::prepareForLayout):
(WebCore::RenderMultiColumnSet::beginFlow):
(WebCore::RenderMultiColumnSet::endFlow):
(WebCore::RenderMultiColumnSet::layout):
(WebCore::RenderMultiColumnSet::calculateMaxColumnHeight):
(WebCore::RenderMultiColumnSet::columnRectAt):
(WebCore::RenderMultiColumnSet::flowThreadPortionOverflowRect):
(WebCore::RenderMultiColumnSet::paintColumnRules):
(WebCore::RenderMultiColumnSet::initialBlockOffsetForPainting):
(WebCore::RenderMultiColumnSet::collectLayerFragments):
(WebCore::RenderMultiColumnSet::columnTranslationForOffset):
(WebCore::RenderMultiColumnSet::setAndConstrainColumnHeight): Deleted.
(WebCore::RenderMultiColumnSet::findRunWithTallestColumns): Deleted.
(WebCore::RenderMultiColumnSet::clearForcedBreaks): Deleted.
(WebCore::RenderMultiColumnSet::repaintFlowThreadContent): Deleted.
* rendering/RenderMultiColumnSet.h:
* rendering/RenderMultiColumnSpannerPlaceholder.cpp: Added.
(WebCore::RenderMultiColumnSpannerPlaceholder::createAnonymous):
(WebCore::RenderMultiColumnSpannerPlaceholder::RenderMultiColumnSpannerPlaceholder):
(WebCore::RenderMultiColumnSpannerPlaceholder::renderName):
* rendering/RenderMultiColumnSpannerPlaceholder.h: Added.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::insertedIntoTree): Need to notify the
multicol flow thread when descendants are inserted. That may
trigger insertion of column sets, or, in the case of spanners,
they need to be moved out from the flow thread.
* rendering/RenderObject.h:
(WebCore::RenderObject::isRenderMultiColumnSpannerPlaceholder):
(WebCore::RenderObject::isAnonymousBlock): Exclude column sets
here, so that they don't get involved in anonymous block merging
and other kinds of fun.
* rendering/RenderRegion.h:
* rendering/RenderRegionSet.h:

LayoutTests:
Wrote a bunch of tests. A few of the tests were copied from existing
(old-impl) tests and put in a separate directory. That directory can
be wiped when we turn on the new multicol implementation by default.

* fast/multicol/newmulticol/adjacent-spanners-expected.html: Added.
* fast/multicol/newmulticol/adjacent-spanners.html: Added.
* fast/multicol/newmulticol/block-becomes-spanner-expected.html: Added.
* fast/multicol/newmulticol/block-becomes-spanner.html: Added.
* fast/multicol/newmulticol/change-spanner-display-expected.html: Added.
* fast/multicol/newmulticol/change-spanner-display.html: Added.
* fast/multicol/newmulticol/change-spanner-parent-display-expected.html: Added.
* fast/multicol/newmulticol/change-spanner-parent-display.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/anonymous-block-split-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/anonymous-block-split-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/before-child-anonymous-column-block-expected.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/before-child-anonymous-column-block.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/clone-before-after-content-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/clone-before-after-content-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/clone-block-children-inline-mismatch-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/clone-block-children-inline-mismatch-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/clone-flexbox-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/clone-flexbox.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/clone-summary-expected.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/clone-summary.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/column-span-inside-multicol-webkit-box-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/column-span-inside-multicol-webkit-box.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/continuation-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/continuation-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/double-merge-anonymous-block-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/double-merge-anonymous-block-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/empty-anonymous-block-split-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/empty-anonymous-block-split-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/float-not-removed-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/float-not-removed-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/list-multi-column-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/list-multi-column-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/positioned-child-not-removed-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/positioned-child-not-removed-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/positioned-objects-not-removed-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/positioned-objects-not-removed-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/recursive-split-flow-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/recursive-split-flow-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/removal-of-multicol-span-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/removal-of-multicol-span-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/remove-child-split-flow-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/remove-child-split-flow-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/runin-continuation-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/runin-continuation-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/span-as-immediate-child-complex-splitting-expected.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/span-as-immediate-child-complex-splitting.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/span-as-nested-inline-block-child-expected.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/span-as-nested-inline-block-child.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/split-flow-anonymous-wrapper-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/split-flow-anonymous-wrapper-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/split-inline-wrong-post-block-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/split-inline-wrong-post-block-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/table-multi-column-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/table-multi-column-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/textbox-not-removed-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/textbox-not-removed-crash.html: Added.
* fast/multicol/newmulticol/compare-with-old-impl/update-after-content-before-child-crash-expected.txt: Added.
* fast/multicol/newmulticol/compare-with-old-impl/update-after-content-before-child-crash.html: Added.
* fast/multicol/newmulticol/insert-row-content1-expected.html: Added.
* fast/multicol/newmulticol/insert-row-content1.html: Added.
* fast/multicol/newmulticol/insert-row-content2-expected.html: Added.
* fast/multicol/newmulticol/insert-row-content2.html: Added.
* fast/multicol/newmulticol/insert-row-content3-expected.html: Added.
* fast/multicol/newmulticol/insert-row-content3.html: Added.
* fast/multicol/newmulticol/insert-row-content4-expected.html: Added.
* fast/multicol/newmulticol/insert-row-content4.html: Added.
* fast/multicol/newmulticol/insert-row-content5-expected.html: Added.
* fast/multicol/newmulticol/insert-row-content5.html: Added.
* fast/multicol/newmulticol/insert-row-content6-expected.html: Added.
* fast/multicol/newmulticol/insert-row-content6.html: Added.
* fast/multicol/newmulticol/insert-row-content7-expected.html: Added.
* fast/multicol/newmulticol/insert-row-content7.html: Added.
* fast/multicol/newmulticol/insert-row-content8-expected.html: Added.
* fast/multicol/newmulticol/insert-row-content8.html: Added.
* fast/multicol/newmulticol/insert-row-content9-expected.html: Added.
* fast/multicol/newmulticol/insert-row-content9.html: Added.
* fast/multicol/newmulticol/insert-spanner-child1-expected.html: Added.
* fast/multicol/newmulticol/insert-spanner-child1.html: Added.
* fast/multicol/newmulticol/insert-spanner-child2-expected.html: Added.
* fast/multicol/newmulticol/insert-spanner-child2.html: Added.
* fast/multicol/newmulticol/insert-spanner-child3-expected.html: Added.
* fast/multicol/newmulticol/insert-spanner-child3.html: Added.
* fast/multicol/newmulticol/insert-spanner1-expected.html: Added.
* fast/multicol/newmulticol/insert-spanner1.html: Added.
* fast/multicol/newmulticol/insert-spanner2-expected.html: Added.
* fast/multicol/newmulticol/insert-spanner2.html: Added.
* fast/multicol/newmulticol/insert-spanner3-expected.html: Added.
* fast/multicol/newmulticol/insert-spanner3.html: Added.
* fast/multicol/newmulticol/insert-spanner4-expected.html: Added.
* fast/multicol/newmulticol/insert-spanner4.html: Added.
* fast/multicol/newmulticol/insert-spanner5-expected.html: Added.
* fast/multicol/newmulticol/insert-spanner5.html: Added.
* fast/multicol/newmulticol/insert-spanner6-expected.html: Added.
* fast/multicol/newmulticol/insert-spanner6.html: Added.
* fast/multicol/newmulticol/insert-spanner7-expected.html: Added.
* fast/multicol/newmulticol/insert-spanner7.html: Added.
* fast/multicol/newmulticol/insert-spanner8-expected.html: Added.
* fast/multicol/newmulticol/insert-spanner8.html: Added.
* fast/multicol/newmulticol/multicol-with-spanner-becomes-regular-block-expected.html: Added.
* fast/multicol/newmulticol/multicol-with-spanner-becomes-regular-block.html: Added.
* fast/multicol/newmulticol/remove-row-content1-expected.html: Added.
* fast/multicol/newmulticol/remove-row-content1.html: Added.
* fast/multicol/newmulticol/remove-row-content2-expected.html: Added.
* fast/multicol/newmulticol/remove-row-content2.html: Added.
* fast/multicol/newmulticol/remove-row-content3-expected.html: Added.
* fast/multicol/newmulticol/remove-row-content3.html: Added.
* fast/multicol/newmulticol/remove-row-content4-expected.html: Added.
* fast/multicol/newmulticol/remove-row-content4.html: Added.
* fast/multicol/newmulticol/remove-row-content5-expected.html: Added.
* fast/multicol/newmulticol/remove-row-content5.html: Added.
* fast/multicol/newmulticol/remove-row-content6-expected.html: Added.
* fast/multicol/newmulticol/remove-row-content6.html: Added.
* fast/multicol/newmulticol/remove-row-content7-expected.html: Added.
* fast/multicol/newmulticol/remove-row-content7.html: Added.
* fast/multicol/newmulticol/remove-row-content8-expected.html: Added.
* fast/multicol/newmulticol/remove-row-content8.html: Added.
* fast/multicol/newmulticol/remove-row-content9-expected.html: Added.
* fast/multicol/newmulticol/remove-row-content9.html: Added.
* fast/multicol/newmulticol/remove-spanner1-expected.html: Added.
* fast/multicol/newmulticol/remove-spanner1.html: Added.
* fast/multicol/newmulticol/remove-spanner2-expected.html: Added.
* fast/multicol/newmulticol/remove-spanner2.html: Added.
* fast/multicol/newmulticol/remove-spanner3-expected.html: Added.
* fast/multicol/newmulticol/remove-spanner3.html: Added.
* fast/multicol/newmulticol/remove-spanner4-expected.html: Added.
* fast/multicol/newmulticol/remove-spanner4.html: Added.
* fast/multicol/newmulticol/remove-spanner5-expected.html: Added.
* fast/multicol/newmulticol/remove-spanner5.html: Added.
* fast/multicol/newmulticol/remove-spanner6-expected.html: Added.
* fast/multicol/newmulticol/remove-spanner6.html: Added.
* fast/multicol/newmulticol/sole-spanner-expected.html: Added.
* fast/multicol/newmulticol/sole-spanner.html: Added.
* fast/multicol/newmulticol/span-between-text-expected.html: Added.
* fast/multicol/newmulticol/span-between-text.html: Added.
* fast/multicol/newmulticol/spanner-becomes-regular-block-expected.html: Added.
* fast/multicol/newmulticol/spanner-becomes-regular-block.html: Added.
* fast/multicol/newmulticol/spanner-first-expected.html: Added.
* fast/multicol/newmulticol/spanner-first.html: Added.
* fast/multicol/newmulticol/spanner-img-expected.html: Added.
* fast/multicol/newmulticol/spanner-img.html: Added.
* fast/multicol/newmulticol/spanner-inline-block-expected.html: Added.
* fast/multicol/newmulticol/spanner-inline-block.html: Added.
* fast/multicol/newmulticol/spanner-last-expected.html: Added.
* fast/multicol/newmulticol/spanner-last.html: Added.
* fast/multicol/newmulticol/spanner-nested-dynamic-expected.html: Added.
* fast/multicol/newmulticol/spanner-nested-dynamic.html: Added.
* fast/multicol/newmulticol/spanner-nested-expected.html: Added.
* fast/multicol/newmulticol/spanner-nested.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-after1-expected.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-after1.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-after2-expected.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-after2.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-after3-expected.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-after3.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-after4-expected.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-after4.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before-after1-expected.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before-after1.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before-after2-expected.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before-after2.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before-after3-expected.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before-after3.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before-after4-expected.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before-after4.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before1-expected.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before1.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before2-expected.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before2.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before3-expected.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before3.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before4-expected.html: Added.
* fast/multicol/newmulticol/spanner-pseudo-before4.html: Added.
* fast/multicol/newmulticol/spanner-table-expected.html: Added.
* fast/multicol/newmulticol/spanner-table.html: Added.
* fast/multicol/newmulticol/spanner-with-margin-expected.html: Added.
* fast/multicol/newmulticol/spanner-with-margin.html: Added.
* fast/multicol/newmulticol/spanner1-expected.html: Added.
* fast/multicol/newmulticol/spanner1.html: Added.
* fast/multicol/newmulticol/spanner2-expected.html: Added.
* fast/multicol/newmulticol/spanner2.html: Added.
* fast/multicol/newmulticol/spanner3-expected.html: Added.
* fast/multicol/newmulticol/spanner3.html: Added.
* fast/multicol/newmulticol/spanner4-expected.html: Added.
* fast/multicol/newmulticol/spanner4.html: Added.
* fast/multicol/newmulticol/spanner5-expected.html: Added.
* fast/multicol/newmulticol/spanner5.html: Added.
* fast/multicol/newmulticol/spanner6-expected.html: Added.
* fast/multicol/newmulticol/spanner6.html: Added.
* fast/multicol/newmulticol/spanner7-expected.html: Added.
* fast/multicol/newmulticol/spanner7.html: Added.
* fast/multicol/newmulticol/spanner8-expected.html: Added.
* fast/multicol/newmulticol/spanner8.html: Added.
* fast/multicol/newmulticol/spanner9-expected.html: Added.
* fast/multicol/newmulticol/spanner9.html: Added.
* fast/multicol/newmulticol/trailing-margin-with-spanner-expected.html: Added.
* fast/multicol/newmulticol/trailing-margin-with-spanner.html: Added.
* fast/multicol/newmulticol/trailing-margin-with-spanner2-expected.html: Added.
* fast/multicol/newmulticol/trailing-margin-with-spanner2.html: Added.
* platform/gtk/fast/multicol/newmulticol/client-rects-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167335 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoTools: Update LLVM export scrpt to handle the build directory being different from the
fpizlo@apple.com [Tue, 15 Apr 2014 23:25:38 +0000 (23:25 +0000)]
Tools: Update LLVM export scrpt to handle the build directory being different from the
source directory.

Rubber stamped by Geoffrey Garen.

* Scripts/export-llvm-build:

WebKitLibraries: Add LLVM binary drops for Mavericks using LLVM r206312.

Rubber stamped by Geoffrey Garen.

* LLVMIncludesMavericks.tar.bz2: Added.
* LLVMLibrariesMavericks.tar.bz2: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167334 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUpdate bug number in TestExpectations file.
ap@apple.com [Tue, 15 Apr 2014 23:21:07 +0000 (23:21 +0000)]
Update bug number in TestExpectations file.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167333 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agohttp/tests/websocket/tests/hybi/workers/close.html is flaky
ap@apple.com [Tue, 15 Apr 2014 23:19:03 +0000 (23:19 +0000)]
http/tests/websocket/tests/hybi/workers/close.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=131716

* platform/mac/TestExpectations: Marking as such.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167332 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agotransitions/cancel-transition.html is very flaky on Mac
ap@apple.com [Tue, 15 Apr 2014 23:15:24 +0000 (23:15 +0000)]
transitions/cancel-transition.html is very flaky on Mac
https://bugs.webkit.org/show_bug.cgi?id=131715

* platform/mac/TestExpectations: Marking as such.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167331 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoIntroduce API::FormClient
mitz@apple.com [Tue, 15 Apr 2014 23:05:28 +0000 (23:05 +0000)]
Introduce API::FormClient
https://bugs.webkit.org/show_bug.cgi?id=131714

Reviewed by Tim Horton.

* UIProcess/API/APIFormClient.h: Added.
(API::FormClient::~FormClient):
(API::FormClient::willSubmitForm):

* UIProcess/API/C/WKPage.cpp:
(WKPageSetPageFormClient): Changed to create a WebFormClient and call
WebPageProxy::setFormClient.

* UIProcess/WebFormClient.cpp:
(WebKit::WebFormClient::WebFormClient): Added a constructor from WKPageFormClientBase.
* UIProcess/WebFormClient.h: Added inheritance from API::FormClient, marked overrides as
such.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::WebPageProxy): Initialize m_formClient member.
(WebKit::WebPageProxy::setFormClient): Added. Updates m_formClient.
(WebKit::WebPageProxy::close): Updated code to clear m_formClient.
(WebKit::WebPageProxy::willSubmitForm): Updated for type change.
(WebKit::WebPageProxy::initializeFormClient): Deleted.
* UIProcess/WebPageProxy.h:

* WebKit2.xcodeproj/project.pbxproj: Added reference to new file.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167330 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoRemove invalid sh4 specific code in JITInlines header.
commit-queue@webkit.org [Tue, 15 Apr 2014 22:36:30 +0000 (22:36 +0000)]
Remove invalid sh4 specific code in JITInlines header.
https://bugs.webkit.org/show_bug.cgi?id=131692

Patch by Julien Brianceau <jbriance@cisco.com> on 2014-04-15
Reviewed by Geoffrey Garen.

* jit/JITInlines.h:
(JSC::JIT::callOperation): Prototype is not F_JITOperation_EJJZ
anymore since r160244, so the sh4 specific code is invalid now
and has to be removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167329 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoFix precedence issue in JSCell:setRemembered
mhahnenberg@apple.com [Tue, 15 Apr 2014 21:50:38 +0000 (21:50 +0000)]
Fix precedence issue in JSCell:setRemembered

Rubber stamped by Filip Pizlo.

* runtime/JSCell.h:
(JSC::JSCell::setRemembered):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167328 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUpdate the hyperlink to waterfall views of perf bots on build.webkit.org
rniwa@webkit.org [Tue, 15 Apr 2014 21:37:36 +0000 (21:37 +0000)]
Update the hyperlink to waterfall views of perf bots on build.webkit.org
https://bugs.webkit.org/show_bug.cgi?id=131695

Reviewed by Antti Koivisto.

Updated.

* BuildSlaveSupport/build.webkit.org-config/templates/root.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167327 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoObjective-C API external object graphs don't handle generational collection properly
mhahnenberg@apple.com [Tue, 15 Apr 2014 21:05:09 +0000 (21:05 +0000)]
Objective-C API external object graphs don't handle generational collection properly
https://bugs.webkit.org/show_bug.cgi?id=131634

Reviewed by Geoffrey Garen.

If the set of Objective-C objects transitively reachable through an object changes, we
need to update the set of opaque roots accordingly. If we don't, the next EdenCollection
won't rescan the external object graph, which would lead us to consider a newly allocated
JSManagedValue to be dead.

* API/JSBase.cpp:
(JSSynchronousEdenCollectForDebugging):
* API/JSVirtualMachine.mm:
(-[JSVirtualMachine initWithContextGroupRef:]):
(-[JSVirtualMachine dealloc]):
(-[JSVirtualMachine isOldExternalObject:]):
(-[JSVirtualMachine addExternalRememberedObject:]):
(-[JSVirtualMachine addManagedReference:withOwner:]):
(-[JSVirtualMachine removeManagedReference:withOwner:]):
(-[JSVirtualMachine externalRememberedSet]):
(scanExternalObjectGraph):
(scanExternalRememberedSet):
* API/JSVirtualMachineInternal.h:
* API/tests/testapi.mm:
* heap/Heap.cpp:
(JSC::Heap::markRoots):
* heap/Heap.h:
(JSC::Heap::slotVisitor):
* heap/SlotVisitor.h:
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::containsOpaqueRoot):
(JSC::SlotVisitor::containsOpaqueRootTriState):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167326 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoDFG IR should keep the data flow of doubles and int52's separate from the data flow...
fpizlo@apple.com [Tue, 15 Apr 2014 20:26:16 +0000 (20:26 +0000)]
DFG IR should keep the data flow of doubles and int52's separate from the data flow of JSValue's
https://bugs.webkit.org/show_bug.cgi?id=131423

Reviewed by Geoffrey Garen.

This introduces more static typing into DFG IR. Previously we just had the notion of
JSValues and Storage. This was weird because doubles weren't always convertible to
JSValues, and Int52s weren't always convertible to either doubles or JSValues. We would
sort of insert explicit conversion nodes just for the places where we knew that an
implicit conversion wouldn't have been possible -- but there was no hard and fast rule so
we'd get bugs from forgetting to do the right conversion.

This patch introduces a hard and fast rule: doubles can never be implicitly converted to
anything but doubles, and likewise Int52's can never be implicitly converted. Conversion
nodes are used for all of the conversions. Int52Rep, DoubleRep, and ValueRep are the
conversions. They are like Identity but return the same value using a different
representation. Likewise, constants may now be represented using either JSConstant,
Int52Constant, or DoubleConstant. UseKinds have been adjusted accordingly, as well.
Int52RepUse and DoubleRepUse are node uses that mean "the node must be of Int52 (or
Double) type". They don't imply checks. There is also DoubleRepRealUse, which means that
we speculate DoubleReal and expect Double representation.

In addition to simplifying a bunch of rules in the IR and making the IR more verifiable,
this also makes it easier to introduce optimizations in the future. It's now possible for
AI to model when/how conversion take place. For example if doing a conversion results in
NaN sanitization, then AI can model this and can allow us to sink sanitizations. That's
what https://bugs.webkit.org/show_bug.cgi?id=131419 will be all about.

This was a big change, so I had to do some interesting things, like finally get rid of
the DFG's weird variadic template macro hacks and use real C++11 variadic templates. Also
the ByteCodeParser no longer emits Identity nodes since that was always pointless.

No performance change because this mostly just rationalizes preexisting behavior.

* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssemblerX86.h:
* bytecode/CodeBlock.cpp:
* bytecode/CodeBlock.h:
* dfg/DFGAbstractInterpreter.h:
(JSC::DFG::AbstractInterpreter::setBuiltInConstant):
(JSC::DFG::AbstractInterpreter::setConstant):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::set):
(JSC::DFG::AbstractValue::fixTypeForRepresentation):
(JSC::DFG::AbstractValue::checkConsistency):
* dfg/DFGAbstractValue.h:
* dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
* dfg/DFGBasicBlock.h:
* dfg/DFGBasicBlockInlines.h:
(JSC::DFG::BasicBlock::appendNode):
(JSC::DFG::BasicBlock::appendNonTerminal):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::constantCSE):
(JSC::DFG::CSEPhase::performNodeCSE):
(JSC::DFG::CSEPhase::int32ToDoubleCSE): Deleted.
* dfg/DFGCapabilities.h:
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGDCEPhase.cpp:
(JSC::DFG::DCEPhase::fixupBlock):
* dfg/DFGEdge.h:
(JSC::DFG::Edge::willNotHaveCheck):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::run):
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::fixupGetAndSetLocalsInBlock):
(JSC::DFG::FixupPhase::observeUseKindOnNode):
(JSC::DFG::FixupPhase::fixIntEdge):
(JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
(JSC::DFG::FixupPhase::injectTypeConversionsInBlock):
(JSC::DFG::FixupPhase::tryToRelaxRepresentation):
(JSC::DFG::FixupPhase::fixEdgeRepresentation):
(JSC::DFG::FixupPhase::injectTypeConversionsForEdge):
(JSC::DFG::FixupPhase::addRequiredPhantom):
(JSC::DFG::FixupPhase::addPhantomsIfNecessary):
(JSC::DFG::FixupPhase::clearPhantomsAtEnd):
(JSC::DFG::FixupPhase::fixupSetLocalsInBlock): Deleted.
* dfg/DFGFlushFormat.h:
(JSC::DFG::resultFor):
(JSC::DFG::useKindFor):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::addNode):
* dfg/DFGInPlaceAbstractState.cpp:
(JSC::DFG::InPlaceAbstractState::initialize):
* dfg/DFGInsertionSet.h:
(JSC::DFG::InsertionSet::insertNode):
(JSC::DFG::InsertionSet::insertConstant):
(JSC::DFG::InsertionSet::insertConstantForUse):
* dfg/DFGIntegerCheckCombiningPhase.cpp:
(JSC::DFG::IntegerCheckCombiningPhase::insertAdd):
(JSC::DFG::IntegerCheckCombiningPhase::insertMustAdd):
* dfg/DFGNode.cpp:
(JSC::DFG::Node::convertToIdentity):
(WTF::printInternal):
* dfg/DFGNode.h:
(JSC::DFG::Node::Node):
(JSC::DFG::Node::setResult):
(JSC::DFG::Node::result):
(JSC::DFG::Node::isConstant):
(JSC::DFG::Node::hasConstant):
(JSC::DFG::Node::convertToConstant):
(JSC::DFG::Node::valueOfJSConstant):
(JSC::DFG::Node::hasResult):
(JSC::DFG::Node::hasInt32Result):
(JSC::DFG::Node::hasInt52Result):
(JSC::DFG::Node::hasNumberResult):
(JSC::DFG::Node::hasDoubleResult):
(JSC::DFG::Node::hasJSResult):
(JSC::DFG::Node::hasBooleanResult):
(JSC::DFG::Node::hasStorageResult):
(JSC::DFG::Node::defaultUseKind):
(JSC::DFG::Node::defaultEdge):
(JSC::DFG::Node::convertToIdentity): Deleted.
* dfg/DFGNodeFlags.cpp:
(JSC::DFG::dumpNodeFlags):
* dfg/DFGNodeFlags.h:
(JSC::DFG::canonicalResultRepresentation):
* dfg/DFGNodeType.h:
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGResurrectionForValidationPhase.cpp:
(JSC::DFG::ResurrectionForValidationPhase::run):
* dfg/DFGSSAConversionPhase.cpp:
(JSC::DFG::SSAConversionPhase::run):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::SafeToExecuteEdge::operator()):
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
(JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
(JSC::DFG::SpeculativeJIT::silentFill):
(JSC::DFG::JSValueRegsTemporary::JSValueRegsTemporary):
(JSC::DFG::JSValueRegsTemporary::~JSValueRegsTemporary):
(JSC::DFG::JSValueRegsTemporary::regs):
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
(JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
(JSC::DFG::SpeculativeJIT::compileValueToInt32):
(JSC::DFG::SpeculativeJIT::compileDoubleRep):
(JSC::DFG::SpeculativeJIT::compileValueRep):
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compileAdd):
(JSC::DFG::SpeculativeJIT::compileArithSub):
(JSC::DFG::SpeculativeJIT::compileArithNegate):
(JSC::DFG::SpeculativeJIT::compileArithMul):
(JSC::DFG::SpeculativeJIT::compileArithDiv):
(JSC::DFG::SpeculativeJIT::compileArithMod):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileStrictEq):
(JSC::DFG::SpeculativeJIT::speculateNumber):
(JSC::DFG::SpeculativeJIT::speculateDoubleReal):
(JSC::DFG::SpeculativeJIT::speculate):
(JSC::DFG::SpeculativeJIT::compileInt32ToDouble): Deleted.
(JSC::DFG::SpeculativeJIT::speculateMachineInt): Deleted.
(JSC::DFG::SpeculativeJIT::speculateRealNumber): Deleted.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::allocate):
(JSC::DFG::SpeculativeJIT::use):
(JSC::DFG::SpeculativeJIT::boxDouble):
(JSC::DFG::SpeculativeJIT::spill):
(JSC::DFG::SpeculativeJIT::jsValueResult):
(JSC::DFG::SpeculateInt52Operand::SpeculateInt52Operand):
(JSC::DFG::SpeculateStrictInt52Operand::SpeculateStrictInt52Operand):
(JSC::DFG::SpeculateWhicheverInt52Operand::SpeculateWhicheverInt52Operand):
(JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillJSValue):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::convertToDouble): Deleted.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillJSValue):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::convertToDouble): Deleted.
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* dfg/DFGUseKind.cpp:
(WTF::printInternal):
* dfg/DFGUseKind.h:
(JSC::DFG::typeFilterFor):
(JSC::DFG::shouldNotHaveTypeCheck):
(JSC::DFG::mayHaveTypeCheck):
(JSC::DFG::isNumerical):
(JSC::DFG::isDouble):
(JSC::DFG::isCell):
(JSC::DFG::usesStructure):
(JSC::DFG::useKindForResult):
* dfg/DFGValidate.cpp:
(JSC::DFG::Validate::validate):
* dfg/DFGVariadicFunction.h: Removed.
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::createPhiVariables):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileUpsilon):
(JSC::FTL::LowerDFGToLLVM::compilePhi):
(JSC::FTL::LowerDFGToLLVM::compileDoubleConstant):
(JSC::FTL::LowerDFGToLLVM::compileInt52Constant):
(JSC::FTL::LowerDFGToLLVM::compileWeakJSConstant):
(JSC::FTL::LowerDFGToLLVM::compileDoubleRep):
(JSC::FTL::LowerDFGToLLVM::compileValueRep):
(JSC::FTL::LowerDFGToLLVM::compileInt52Rep):
(JSC::FTL::LowerDFGToLLVM::compileValueToInt32):
(JSC::FTL::LowerDFGToLLVM::compileArithAddOrSub):
(JSC::FTL::LowerDFGToLLVM::compileArithMul):
(JSC::FTL::LowerDFGToLLVM::compileArithDiv):
(JSC::FTL::LowerDFGToLLVM::compileArithMod):
(JSC::FTL::LowerDFGToLLVM::compileArithMinOrMax):
(JSC::FTL::LowerDFGToLLVM::compileArithAbs):
(JSC::FTL::LowerDFGToLLVM::compileArithNegate):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::compileCompareEq):
(JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
(JSC::FTL::LowerDFGToLLVM::compare):
(JSC::FTL::LowerDFGToLLVM::boolify):
(JSC::FTL::LowerDFGToLLVM::lowInt52):
(JSC::FTL::LowerDFGToLLVM::lowStrictInt52):
(JSC::FTL::LowerDFGToLLVM::lowWhicheverInt52):
(JSC::FTL::LowerDFGToLLVM::lowDouble):
(JSC::FTL::LowerDFGToLLVM::lowJSValue):
(JSC::FTL::LowerDFGToLLVM::strictInt52ToDouble):
(JSC::FTL::LowerDFGToLLVM::jsValueToDouble):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::speculateNumber):
(JSC::FTL::LowerDFGToLLVM::speculateDoubleReal):
(JSC::FTL::LowerDFGToLLVM::compileInt52ToValue): Deleted.
(JSC::FTL::LowerDFGToLLVM::compileInt32ToDouble): Deleted.
(JSC::FTL::LowerDFGToLLVM::setInt52WithStrictValue): Deleted.
(JSC::FTL::LowerDFGToLLVM::speculateRealNumber): Deleted.
(JSC::FTL::LowerDFGToLLVM::speculateMachineInt): Deleted.
* ftl/FTLValueFormat.cpp:
(JSC::FTL::reboxAccordingToFormat):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::sanitizeDouble):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::boxDouble):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167325 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUnreviewed gardening.
commit-queue@webkit.org [Tue, 15 Apr 2014 19:49:23 +0000 (19:49 +0000)]
Unreviewed gardening.

Patch by Lorenzo Tilve <ltilve@igalia.com> on 2014-04-15

* TestExpectations:
Corrected wrong js/regress/ path for js/slow-stress/emscripten-memops.html
* platform/gtk/TestExpectations:
Updated expectation for passing on Release plugins/unavailable-plugin-indicator-obscurity.html

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167322 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoLayerTreeAsTextBehavior should be in the WebCore namespace
simon.fraser@apple.com [Tue, 15 Apr 2014 18:53:48 +0000 (18:53 +0000)]
LayerTreeAsTextBehavior should be in the WebCore namespace
https://bugs.webkit.org/show_bug.cgi?id=131683

Reviewed by Andrei Bucur.

Move LayerTreeAsTextBehavior and the bit flags into the WebCore namespace.

* platform/graphics/GraphicsLayer.cpp:
(showGraphicsLayerTree):
* platform/graphics/GraphicsLayer.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167319 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoViewportConfiguration handles userZoom incorrectly
benjamin@webkit.org [Tue, 15 Apr 2014 18:42:14 +0000 (18:42 +0000)]
ViewportConfiguration handles userZoom incorrectly
https://bugs.webkit.org/show_bug.cgi?id=131657

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-04-15
Reviewed by Darin Adler.

* page/ViewportConfiguration.cpp:
(WebCore::viewportArgumentUserZoomIsSet):
(WebCore::ViewportConfiguration::updateConfiguration):
The other viewport values must be strictly positive, userZoom is always either zero, one or minus one.
As a result, the value zero was never set.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167318 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[iOS WK2] Pages often blank on first load if page loaded by typing the URL
simon.fraser@apple.com [Tue, 15 Apr 2014 17:53:23 +0000 (17:53 +0000)]
[iOS WK2] Pages often blank on first load if page loaded by typing the URL
https://bugs.webkit.org/show_bug.cgi?id=131665

Reviewed by Tim Horton.

The document overlay-related code in RemoteLayerTreeDrawingArea::setRootCompositingLayer()
was triggering a compositing layer flush when called with a null rootLayer, which happens
for pages going into the page cache. This would trigger a layer flush that would clobber
the root layer for the visible page, resulting in missing content.

Also, rebuildCompositingLayerTree() is called recursively and the m_documentOverlayRootLayer
was being added to (and then removed from) every single compositing layers.

Fix both these by changing to a pull model, where RenderLayerCompositor requests
the overlay layer via ChromeClient, and gets it at the end of every flush,
adding to the children of the root layer.

Source/WebCore:
* WebCore.exp.in:
* page/ChromeClient.h:
(WebCore::ChromeClient::documentOverlayLayerForFrame):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::RenderLayerCompositor):
(WebCore::RenderLayerCompositor::flushPendingLayerChanges): Put visibleRect
into a variable for ease of debugging.
(WebCore::RenderLayerCompositor::updateCompositingLayers): Asser
that we're not in the page cache (this would have caught the bug).
(WebCore::RenderLayerCompositor::appendOverlayLayers):
(WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
(WebCore::RenderLayerCompositor::setDocumentOverlayRootLayer): Deleted.
* rendering/RenderLayerCompositor.h:

Source/WebKit2:
* WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::documentOverlayLayerForFrame):
* WebProcess/WebCoreSupport/WebChromeClient.h:
* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:
(WebKit::RemoteLayerTreeDrawingArea::setRootCompositingLayer):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167316 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[CSS Shapes] Linking stylesheet instead of inline style definition has ruined ShapesR...
zoltan@webkit.org [Tue, 15 Apr 2014 17:52:10 +0000 (17:52 +0000)]
[CSS Shapes] Linking stylesheet instead of inline style definition has ruined ShapesRegions test
https://bugs.webkit.org/show_bug.cgi?id=131572

Reviewed by Rob Buis.

In r167022 I moved the common CSS selectors into RegionsShapes.css, then I linked it into the perf test
files, but the measurement results dropped down from about 400ms to 10ms. I realized it's caused by the
linked css rule, so I've put the selectors back into every test case, which fixes the test measurements.

* Layout/Shapes/resources/RegionsShapes.css: Removed.
* Layout/Shapes/resources/RegionsShapesContent.html:
* Layout/Shapes/resources/RegionsShapesContentNoRegionsWidth400.html:
* Layout/Shapes/resources/RegionsShapesContentNoRegionsWidth600.html:
* Layout/Shapes/resources/RegionsShapesContentNoRegionsWidth800.html:
* Layout/Shapes/resources/RegionsShapesContentNoShapes.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167315 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUnreviewed, rolling out r167199 and r167251.
commit-queue@webkit.org [Tue, 15 Apr 2014 17:46:42 +0000 (17:46 +0000)]
Unreviewed, rolling out r167199 and r167251.
https://bugs.webkit.org/show_bug.cgi?id=131678

Caused a DYEBench regression and does not seem to improve perf
on relevant websites (Requested by rniwa on #webkit).

Reverted changesets:

"Rewrite Function.bind as a builtin"
https://bugs.webkit.org/show_bug.cgi?id=131083
http://trac.webkit.org/changeset/167199

"Update test result"
http://trac.webkit.org/changeset/167251

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167313 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoinspector/dom/content-flow-list.html and inspector/dom/content-flow-content-removal...
ap@apple.com [Tue, 15 Apr 2014 16:40:39 +0000 (16:40 +0000)]
inspector/dom/content-flow-list.html and inspector/dom/content-flow-content-removal.html
flakily fail and assert
https://bugs.webkit.org/show_bug.cgi?id=131679

* TestExpectations: This one, too.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167311 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoinspector/dom/content-flow-list.html is flakily failing and asserting
ap@apple.com [Tue, 15 Apr 2014 16:37:29 +0000 (16:37 +0000)]
inspector/dom/content-flow-list.html is flakily failing and asserting
https://bugs.webkit.org/show_bug.cgi?id=131679

* TestExpectations: Skip the test, it fails or asserts most of the time.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167310 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoScriptProcessorNode is garbage collected while still active if unreachable (breaks...
ap@apple.com [Tue, 15 Apr 2014 16:29:16 +0000 (16:29 +0000)]
ScriptProcessorNode is garbage collected while still active if unreachable (breaks multiple webaudio test)
https://bugs.webkit.org/show_bug.cgi?id=112521

* TestExpectations: Updated bug number, added webaudio/audioprocessingevent.html,
and removed a spurious additional webaudio/javascriptaudionode-downmix8-2channel-input.html line.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167309 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoRemove unnecessary null checking in NavigatorContentUtils
gyuyoung.kim@samsung.com [Tue, 15 Apr 2014 16:19:08 +0000 (16:19 +0000)]
Remove unnecessary null checking in NavigatorContentUtils
https://bugs.webkit.org/show_bug.cgi?id=131652

Reviewed by Darin Adler.

Some functions have checked if document is null. However, document is always not
null when frame is existed.

No new tests, no behavior changes.

* Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
(WebCore::NavigatorContentUtils::registerProtocolHandler):
(WebCore::NavigatorContentUtils::isProtocolHandlerRegistered):
(WebCore::NavigatorContentUtils::unregisterProtocolHandler):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167308 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoWeb Inspector: CodeMirror LICENSE is not properly added to combined files
timothy@apple.com [Tue, 15 Apr 2014 16:16:28 +0000 (16:16 +0000)]
Web Inspector: CodeMirror LICENSE is not properly added to combined files
https://bugs.webkit.org/show_bug.cgi?id=131674

Reviewed by Darin Adler.

* Scripts/copy-user-interface-resources.pl: Use $CODE_MIRROR_LICENSE instead
for CodeMirror.css and CodeMirror.js.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167307 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[GTK] Reduce the binary size by compressing the text based web inspector resources
carlosgc@webkit.org [Tue, 15 Apr 2014 13:13:42 +0000 (13:13 +0000)]
[GTK] Reduce the binary size by compressing the text based web inspector resources
https://bugs.webkit.org/show_bug.cgi?id=121545

Reviewed by Gustavo Noronha Silva.

Compress text based files when compiling inspector resources. It
reduces the binary size in 3MB.

* gtk/generate-inspector-gresource-manifest.py:
(find_all_files_in_directory):
(is_compressible):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167306 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[EFL][WK2] Pass Mouse movement data to WebMouseEvent
jinwoo7.song@samsung.com [Tue, 15 Apr 2014 13:01:01 +0000 (13:01 +0000)]
[EFL][WK2] Pass Mouse movement data to WebMouseEvent
https://bugs.webkit.org/show_bug.cgi?id=131663

Reviewed by Gyuyoung Kim.

Currently mouse movement data are not passed to WebMouseEvent. Instead, they are set to 0 as default.
EFL port needs to send the deltaX and deltaY for PointerLock API which will be implemented later.

* Shared/efl/WebEventFactory.cpp:
(WebKit::WebEventFactory::createWebMouseEvent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167305 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[Mac] compositing/repaint/positioned-movement.html flaky, missing repaint
ap@apple.com [Tue, 15 Apr 2014 07:40:30 +0000 (07:40 +0000)]
[Mac] compositing/repaint/positioned-movement.html flaky, missing repaint
https://bugs.webkit.org/show_bug.cgi?id=118153

* platform/mac-wk2/TestExpectations:
* platform/mac/TestExpectations:
Moved the flaky expectation to also apply to WebKit1.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167304 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUnreviewed, rolling out r167298.
commit-queue@webkit.org [Tue, 15 Apr 2014 07:32:10 +0000 (07:32 +0000)]
Unreviewed, rolling out r167298.
https://bugs.webkit.org/show_bug.cgi?id=131670

Broke CSS filters (17 test crashes) (Requested by ap on
#webkit).

Reverted changeset:

"[iOS WK2] Pages often blank on first load if page loaded by
typing the URL"
https://bugs.webkit.org/show_bug.cgi?id=131665
http://trac.webkit.org/changeset/167298

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167303 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUnreviewed. Attempt to fix Windows build after r167277.
psolanki@apple.com [Tue, 15 Apr 2014 06:57:02 +0000 (06:57 +0000)]
Unreviewed. Attempt to fix Windows build after r167277.

* page/FrameView.cpp:
(WebCore::FrameView::willPaintContents):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167302 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoRemove Gtk WebKit1 tester.
ap@apple.com [Tue, 15 Apr 2014 06:51:53 +0000 (06:51 +0000)]
Remove Gtk WebKit1 tester.

Gtk WebKit1 port no longer exists, and dashboard was trying to load its tester
results over and over as fast as it could.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/WebKitBuildbot.js:
(WebKitBuildbot):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167301 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoWrong link for webkitpy tests results in dashboard popover
ap@apple.com [Tue, 15 Apr 2014 06:40:39 +0000 (06:40 +0000)]
Wrong link for webkitpy tests results in dashboard popover
https://bugs.webkit.org/show_bug.cgi?id=131664

Reviewed by Timothy Hatcher.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTesterQueueView.js:
(BuildbotTesterQueueView.prototype._presentPopoverForMultipleFailureKinds):
Use a correct link.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167300 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUnreviewed, rolling out r167261.
commit-queue@webkit.org [Tue, 15 Apr 2014 06:24:42 +0000 (06:24 +0000)]
Unreviewed, rolling out r167261.
https://bugs.webkit.org/show_bug.cgi?id=131667

broke many navigation tests (Requested by ap on #webkit).

Reverted changeset:

"Web Replay: memoize fallback time values for
document.lastModified"
https://bugs.webkit.org/show_bug.cgi?id=131318
http://trac.webkit.org/changeset/167261

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167299 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[iOS WK2] Pages often blank on first load if page loaded by typing the URL
simon.fraser@apple.com [Tue, 15 Apr 2014 06:13:58 +0000 (06:13 +0000)]
[iOS WK2] Pages often blank on first load if page loaded by typing the URL
https://bugs.webkit.org/show_bug.cgi?id=131665

Reviewed by Tim Horton.

The document overlay-related code in RemoteLayerTreeDrawingArea::setRootCompositingLayer()
was triggering a compositing layer flush when called with a null rootLayer, which happens
for pages going into the page cache. This would trigger a layer flush that would clobber
the root layer for the visible page, resulting in missing content.

Also, rebuildCompositingLayerTree() is called recursively and the m_documentOverlayRootLayer
was being added to (and then removed from) every single compositing layers.

Fix both these by changing to a pull model, where RenderLayerCompositor requests
the overlay layer via ChromeClient, and gets it at the end of every flush,
adding to the children of the root layer.

Source/WebCore:
* WebCore.exp.in:
* page/ChromeClient.h:
(WebCore::ChromeClient::documentOverlayLayerForFrame):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::RenderLayerCompositor):
(WebCore::RenderLayerCompositor::flushPendingLayerChanges): Put visibleRect
into a variable for ease of debugging.
(WebCore::RenderLayerCompositor::updateCompositingLayers): Asser
that we're not in the page cache (this would have caught the bug).
(WebCore::RenderLayerCompositor::appendOverlayLayers):
(WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
(WebCore::RenderLayerCompositor::setDocumentOverlayRootLayer): Deleted.
* rendering/RenderLayerCompositor.h:

Source/WebKit2:
* WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::documentOverlayLayerForFrame):
* WebProcess/WebCoreSupport/WebChromeClient.h:
* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:
(WebKit::RemoteLayerTreeDrawingArea::setRootCompositingLayer):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167298 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUnreviewed, rolling out r167272.
commit-queue@webkit.org [Tue, 15 Apr 2014 06:13:17 +0000 (06:13 +0000)]
Unreviewed, rolling out r167272.
https://bugs.webkit.org/show_bug.cgi?id=131666

Broke multiple tests (Requested by ap on #webkit).

Reverted changeset:

"Function.bind itself is too slow"
https://bugs.webkit.org/show_bug.cgi?id=131636
http://trac.webkit.org/changeset/167272

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167297 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUpdate webkitpy regression test result that started to fail after http://trac.webkit...
ap@apple.com [Tue, 15 Apr 2014 05:47:22 +0000 (05:47 +0000)]
Update webkitpy regression test result that started to fail after trac.webkit.org/r167243

I'm not sure whether the changes are desirable, but am not suspicious enough to roll out.

* Scripts/webkitpy/common/checkout/checkout_unittest.py:
(CommitMessageForThisCommitTest):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167296 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoAssertion failure under FEImage::determineAbsolutePaintRect()
jhoneycutt@apple.com [Tue, 15 Apr 2014 05:23:07 +0000 (05:23 +0000)]
Assertion failure under FEImage::determineAbsolutePaintRect()

<https://bugs.webkit.org/show_bug.cgi?id=131660>
<rdar://problem/15669294>

Source/WebCore:
This patch merges Chromium r149536 (see
<https://chromiumcodereview.appspot.com/14701012>), which moves
m_absoluteTransform out of SVGFilter and into the base Filter class, so
that it isn't necessary to cast a Filter to SVGFilter to get the
absolute transform.

Reviewed by Geoffrey Garen.

Test: svg/filters/feImage-filter-assertion.html

* platform/graphics/filters/Filter.h:
(WebCore::Filter::Filter):
Changed to take the absolute transform.
(WebCore::Filter::absoluteTransform):
Moved from SVGFilter.
(WebCore::Filter::mapAbsolutePointToLocalPoint):
Ditto.

* rendering/FilterEffectRenderer.cpp:
(WebCore::FilterEffectRenderer::FilterEffectRenderer):
Pass a default AffineTransform() to the Filter base class.

* svg/graphics/filters/SVGFEImage.cpp:
(WebCore::FEImage::determineAbsolutePaintRect):
Use the Filter without casting it to SVGFilter.
(WebCore::FEImage::platformApplySoftware):
Ditto.

* svg/graphics/filters/SVGFilter.cpp:
(WebCore::SVGFilter::SVGFilter):
Pass the transform to the base class, and remove initialization of a
removed member var.

* svg/graphics/filters/SVGFilter.h:
Member var moved to Filter.h.

LayoutTests:
Reviewed by Geoffrey Garen.

* svg/filters/feImage-filter-assertion-expected.txt: Added.
* svg/filters/feImage-filter-assertion.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167295 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUpdate to CodeMirror 4.0.
commit-queue@webkit.org [Tue, 15 Apr 2014 04:31:41 +0000 (04:31 +0000)]
Update to CodeMirror 4.0.
https://bugs.webkit.org/show_bug.cgi?id=130019

The CodeMirror 4.0 library adds multiple selections and the ability to
undo/redo selections. Selections are made by holding the Command (Cmd) key
and clicking into an editor, or by holding Option (Alt) and making a block
selection followed by entering a character or moving the cursor.

Patch by Jono Wells <jonowells@apple.com> on 2014-04-14
Reviewed by Timothy Hatcher.

* Scripts/update-codemirror-resources.rb:
* Scripts/update-pretty-printer.rb:
Update scripts to reflect updated locations for CodeMirror files.
No longer copies LESS mode file as this has been integrated into CSS mode
in CodeMirror 4.0.

* Tools/PrettyPrinting/codemirror.css:
* Tools/PrettyPrinting/codemirror.js:
* Tools/PrettyPrinting/css.js:
* Tools/PrettyPrinting/javascript.js:
* UserInterface/External/CodeMirror/clojure.js:
* UserInterface/External/CodeMirror/closebrackets.js:
* UserInterface/External/CodeMirror/codemirror.css:
* UserInterface/External/CodeMirror/codemirror.js:
* UserInterface/External/CodeMirror/coffeescript.js:
* UserInterface/External/CodeMirror/comment.js:
* UserInterface/External/CodeMirror/css.js:
* UserInterface/External/CodeMirror/htmlmixed.js:
* UserInterface/External/CodeMirror/javascript.js:
* UserInterface/External/CodeMirror/livescript.js:
* UserInterface/External/CodeMirror/matchbrackets.js:
* UserInterface/External/CodeMirror/overlay.js:
* UserInterface/External/CodeMirror/placeholder.js:
* UserInterface/External/CodeMirror/runmode.js:
* UserInterface/External/CodeMirror/sass.js:
* UserInterface/External/CodeMirror/searchcursor.js:
* UserInterface/External/CodeMirror/sql.js:
* UserInterface/External/CodeMirror/xml.js:
Update to CodeMirror 4.0.

* UserInterface/Main.html: Remove less.js which is now part of css.js.

* UserInterface/Views/CSSStyleDeclarationTextEditor.css:
* UserInterface/Views/CSSStyleDeclarationTextEditor.js:
(WebInspector.CSSStyleDeclarationTextEditor.prototype.):
(WebInspector.CSSStyleDeclarationTextEditor.prototype._createColorSwatches):
(WebInspector.CSSStyleDeclarationTextEditor.prototype._updateJumpToSymbolTrackingMode):
* UserInterface/Views/SyntaxHighlightingDefaultTheme.css:
Update styles to match CodeMirror changes. Update CSSStyleDeclarationTextEditor.js
to match CodeMirror API updates (doc.removeLine() has been removed, so
replaceRange() is used instead). Also the tokenTrackingController is now enabled in the
CSSStyleDeclarationTextEditor and SourceCodeTextEditor when the Option (Alt) key
is pressed instead of the Command (Cmd) key so as not to conflict with multiple
cursor placement in the CodeMirror update.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167294 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoASSERT when firing low memory warning
ggaren@apple.com [Tue, 15 Apr 2014 03:53:47 +0000 (03:53 +0000)]
ASSERT when firing low memory warning
https://bugs.webkit.org/show_bug.cgi?id=131659

Reviewed by Mark Hahnenberg.

* heap/Heap.cpp:
(JSC::Heap::deleteAllCompiledCode): Allow deleteAllCompiledCode to be
called when no GC is happening because that is what we do when a low
memory warning fires, and it is harmless.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167293 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoMallocBench should scavenge explicitly instead of waiting
ggaren@apple.com [Tue, 15 Apr 2014 03:52:39 +0000 (03:52 +0000)]
MallocBench should scavenge explicitly instead of waiting
https://bugs.webkit.org/show_bug.cgi?id=131661

Reviewed by Andreas Kling.

PerformanceTests:
* MallocBench/MallocBench.xcodeproj/project.pbxproj: Don't build mbmalloc
by default because it will overwrite any other mbmalloc you're working
with in the WebKitBuild directory.

* MallocBench/MallocBench/Benchmark.cpp:
(Benchmark::run): Scavenge explicitly instead of waiting. This is faster,
and it's the only way to get FastMalloc to scavenge. (That's a bug in
FastMalloc, but we don't want it to interfere with broader testing.)

* MallocBench/MallocBench/mbmalloc.cpp:
* MallocBench/MallocBench/mbmalloc.h: Added a scavenge implementation
for system malloc.

Source/bmalloc:
Added explicit scavenge support to bmalloc. This isn't a memory win,
since bmalloc's per-thread cache is so small. But it makes testing
simpler.

* bmalloc/Allocator.cpp:
(bmalloc::Allocator::~Allocator):
(bmalloc::Allocator::scavenge):
* bmalloc/Allocator.h:
* bmalloc/Cache.cpp:
(bmalloc::Cache::operator new):
(bmalloc::Cache::operator delete):
(bmalloc::Cache::Cache):
(bmalloc::Cache::scavenge):
* bmalloc/Cache.h:
* bmalloc/Deallocator.cpp:
(bmalloc::Deallocator::~Deallocator):
(bmalloc::Deallocator::scavenge):
* bmalloc/Deallocator.h: Factored existing scavenging code into helper
functions, for reuse.

* bmalloc/Heap.cpp:
(bmalloc::sleep):
(bmalloc::Heap::concurrentScavenge):
(bmalloc::Heap::scavenge):
(bmalloc::Heap::scavengeSmallPages):
(bmalloc::Heap::scavengeMediumPages):
(bmalloc::Heap::scavengeLargeRanges):
* bmalloc/Heap.h: Made scavenge sleep duration a parameter. Forced
scavenging -- in response to a benchmark or a low memory warning --
wants to complete as soon as possible, so its sleep duration is 0.

* bmalloc/bmalloc.h:
(bmalloc::api::scavenge):
* bmalloc/mbmalloc.cpp: Exported the scavenge API for MallocBench's use.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167292 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoREGRESSION (r158617): Find on Page can get stuck in a loop when the search string...
darin@apple.com [Tue, 15 Apr 2014 03:06:21 +0000 (03:06 +0000)]
REGRESSION (r158617): Find on Page can get stuck in a loop when the search string occurs in an <input> in a <fieldset>
https://bugs.webkit.org/show_bug.cgi?id=126322

Reviewed by Ryosuke Niwa.

One additional tweak to the fix for the bug above.
Fixes crash in editing/editability/ignored-content.html test.

* html/HTMLObjectElement.cpp:
(WebCore::HTMLObjectElement::canContainRangeEndPoint): Call through to
HTMLElement::canContainRangeEndPoint, bypassing HTMLPlugInElement override
that always returns false. Without this change, this function was always
returning false.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167291 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoCrash in TileController::tileRevalidationTimerFired
simon.fraser@apple.com [Tue, 15 Apr 2014 02:54:13 +0000 (02:54 +0000)]
Crash in TileController::tileRevalidationTimerFired
https://bugs.webkit.org/show_bug.cgi?id=131656
<rdar://problem/16583166>

Reviewed by Sam Weinig.

It's possible for the TileController revalidation timer to fire after
the GraphicsLayer has been destroyed, so the PlatformCALayer no longer
has an owningGraphicsLayer.

Bail from the timer callback if owningGraphicsLayer() is null.

Also some drive-by 0 -> nullptr changes.

* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::willBeDestroyed):
* platform/graphics/ca/PlatformCALayer.cpp:
(WebCore::PlatformCALayer::~PlatformCALayer):
* platform/graphics/ca/mac/TileController.mm:
(WebCore::TileController::tileRevalidationTimerFired):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167290 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUse 4kB pages on Mac
ggaren@apple.com [Tue, 15 Apr 2014 02:44:09 +0000 (02:44 +0000)]
Use 4kB pages on Mac
https://bugs.webkit.org/show_bug.cgi?id=131658

Reviewed by Sam Weinig.

This reduces memory use a lot on Membuster:

                                                          base                      patch                                Δ
        Execution Time:
            reddit_memory_warning                         18ms                       17ms                   ^ 1.06x faster
            flickr_memory_warning                         34ms                       36ms                   ! 1.06x slower
            theverge_memory_warning                       39ms                       41ms                   ! 1.05x slower

            <geometric mean>                              29ms                       29ms                   ! 1.02x slower
            <arithmetic mean>                             30ms                       31ms                   ! 1.03x slower
            <harmonic mean>                               27ms                       27ms                    ^ 1.0x faster

        Peak Memory:
            reddit_memory_warning                     16,412kB                   16,436kB                    ! 1.0x bigger
            flickr_memory_warning                     30,120kB                   30,184kB                    ! 1.0x bigger
            theverge_memory_warning                   33,408kB                   33,420kB                    ! 1.0x bigger

            <geometric mean>                          25,466kB                   25,499kB                    ! 1.0x bigger
            <arithmetic mean>                         26,647kB                   26,680kB                    ! 1.0x bigger
            <harmonic mean>                           24,181kB                   24,214kB                    ! 1.0x bigger

        Memory at End:
            reddit_memory_warning                      2,404kB                    1,920kB                  ^ 1.25x smaller
            flickr_memory_warning                      3,764kB                    3,072kB                  ^ 1.23x smaller
            theverge_memory_warning                    3,648kB                    3,132kB                  ^ 1.16x smaller

            <geometric mean>                           3,208kB                    2,644kB                  ^ 1.21x smaller
            <arithmetic mean>                          3,272kB                    2,708kB                  ^ 1.21x smaller
            <harmonic mean>                            3,139kB                    2,574kB                  ^ 1.22x smaller

* bmalloc.xcodeproj/project.pbxproj:
* bmalloc/BPlatform.h: Added.
* bmalloc/VMAllocate.h: Only use 16kB pages on iOS because the page size
is 4kB on Mac.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167289 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoemit_op_put_by_id should not emit a write barrier that filters on value
mhahnenberg@apple.com [Tue, 15 Apr 2014 02:20:17 +0000 (02:20 +0000)]
emit_op_put_by_id should not emit a write barrier that filters on value
https://bugs.webkit.org/show_bug.cgi?id=131654

Reviewed by Filip Pizlo.

The 32-bit implementation does this, and it can cause crashes if we later repatch the
code to allocate and store new Butterflies.

* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitWriteBarrier): We also weren't verifying that the base was a cell on
32-bit if we were passed ShouldFilterBase. I also took the liberty of sinking the tag
load down into the if statement so that we don't do it if we're not filtering on the value.
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_put_by_id):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167288 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoFix the 32-bit build.
timothy_horton@apple.com [Tue, 15 Apr 2014 00:55:15 +0000 (00:55 +0000)]
Fix the 32-bit build.

* UIProcess/mac/ViewGestureControllerMac.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167287 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoREGRESSION (WebKit2): Programmatic scrolls in overflow-scrolling:touch don't work
simon.fraser@apple.com [Tue, 15 Apr 2014 00:47:46 +0000 (00:47 +0000)]
REGRESSION (WebKit2): Programmatic scrolls in overflow-scrolling:touch don't work
https://bugs.webkit.org/show_bug.cgi?id=131649

Reviewed by Tim Horton.

Update the UIScrollView's contentOffset when we're told that the scroll position
changed.

Also refactor slightly to have a single exception-protected block.

* UIProcess/Scrolling/ios/ScrollingTreeOverflowScrollingNodeIOS.mm:
(WebKit::ScrollingTreeOverflowScrollingNodeIOS::updateAfterChildren):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167286 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoFix the 32-bit build.
timothy_horton@apple.com [Tue, 15 Apr 2014 00:47:28 +0000 (00:47 +0000)]
Fix the 32-bit build.

* UIProcess/mac/ViewGestureControllerMac.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167285 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoSometimes-crash under handleSwipeGesture after closing a window or quitting
timothy_horton@apple.com [Tue, 15 Apr 2014 00:41:37 +0000 (00:41 +0000)]
Sometimes-crash under handleSwipeGesture after closing a window or quitting
https://bugs.webkit.org/show_bug.cgi?id=131648
<rdar://problem/15966106>

Reviewed by Simon Fraser.

* UIProcess/mac/ViewGestureController.h:
* UIProcess/mac/ViewGestureControllerMac.mm:
(WebKit::ViewGestureController::~ViewGestureController):
(WebKit::ViewGestureController::trackSwipeGesture):
Keep a Objective C object with a single boolean property, isCancelled, on
the ViewGestureController, and also retained by the swipe-tracking block.
When the ViewGestureController is destroyed, we set isCancelled to YES,
and the next time the block is invoked, we will cancel the swipe without
touching the destroyed ViewGestureController.

(WebKit::ViewGestureController::handleSwipeGesture):
Don't try to handle a swipe gesture if the drawing area is missing.

(WebKit::ViewGestureController::endSwipeGesture):
Clear the swipe cancellation tracker when the gesture completes.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167284 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[CSS Shapes] Remove some leftover shape-inside code
bjonesbe@adobe.com [Tue, 15 Apr 2014 00:27:13 +0000 (00:27 +0000)]
[CSS Shapes] Remove some leftover shape-inside code
https://bugs.webkit.org/show_bug.cgi?id=131641

Reviewed by Dean Jackson.

I discovered that some code had been leftover from the shape-inside
removal. This removes that leftover code.

No new tests, no behavior change.

* platform/text/BidiResolver.h:
* rendering/BidiRun.cpp:
(WebCore::BidiRun::BidiRun):
* rendering/RenderBlockFlow.h:
* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlockFlow::createLineBoxes):
(WebCore::RenderBlockFlow::constructLine):
(WebCore::computeExpansionForJustifiedText):
(WebCore::RenderBlockFlow::computeInlineDirectionPositionsForSegment):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167283 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[MSE][Mac] video.currentTime is sometimes negative.
jer.noble@apple.com [Tue, 15 Apr 2014 00:14:59 +0000 (00:14 +0000)]
[MSE][Mac] video.currentTime is sometimes negative.
https://bugs.webkit.org/show_bug.cgi?id=131644

Reviewed by Eric Carlson.

AVSampleBufferRenderSynchronizer will occasionally return slightly negative values
when beginning playback. Clamp the return value to 0.

* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::currentTimeDouble):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167282 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[CSSExclusions] Remove FIXME referencing closed bug
bjonesbe@adobe.com [Tue, 15 Apr 2014 00:07:15 +0000 (00:07 +0000)]
[CSSExclusions] Remove FIXME referencing closed bug
https://bugs.webkit.org/show_bug.cgi?id=131645

Reviewed by Dean Jackson.

This is silly, but the comment is really confusing as it's entirely
wrong now.

No new tests, no behavior change.

* rendering/style/RenderStyle.cpp:
(WebCore::RenderStyle::changeRequiresRepaint):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167281 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoREGRESSION(r166027) Menu is shown and immediately hidden after doubletap gesture.
enrica@apple.com [Mon, 14 Apr 2014 23:47:33 +0000 (23:47 +0000)]
REGRESSION(r166027) Menu is shown and immediately hidden after doubletap gesture.
https://bugs.webkit.org/show_bug.cgi?id=131646
<rdar://problem/16614374>

Reviewed by Benjamin Poulain.

This is a problem with every gesture that changes the selection
We don't need to delay updating the selection if the selection is
being changed with a gesture.

* UIProcess/ios/WKContentViewInteraction.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _didUpdateBlockSelectionWithTouch:withFlags:growThreshold:shrinkThreshold:]):
(-[WKContentView changeSelectionWithGestureAt:withGesture:withState:]):
(-[WKContentView changeSelectionWithTouchAt:withSelectionTouch:baseIsStart:]):
(-[WKContentView changeSelectionWithTouchesFrom:to:withGesture:withState:]):
(-[WKContentView changeBlockSelectionWithTouchAt:withSelectionTouch:forHandle:]):
(-[WKContentView _selectionChanged]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167280 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoBuild fixage.
akling@apple.com [Mon, 14 Apr 2014 23:22:16 +0000 (23:22 +0000)]
Build fixage.

* page/FrameView.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167279 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoAssertion failure !node || node->isElementNode() in
jhoneycutt@apple.com [Mon, 14 Apr 2014 23:08:51 +0000 (23:08 +0000)]
Assertion failure !node || node->isElementNode() in
WebCore::RenderBlock::inlineElementContinuation

https://bugs.webkit.org/show_bug.cgi?id=108829
<rdar://problem/13666405>

I can't reproduce this assertion failure, but there seems to be an
invalid assumption in RenderBlock::inlineElementContinuation() that
anything with the "isInline()" bit set is a RenderInline.

No new test because the test case in the bug does not repro for me.

Reviewed by Brent Fulgham.

* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::inlineElementContinuation):
Dave Hyatt says that this function should only return RenderInline
objects (not non-RenderInline inline objects), so update the checks
from isInline() to isRenderInline() before casting with
toRenderInline().

* rendering/RenderInline.cpp:
(WebCore::RenderInline::inlineElementContinuation):
Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167278 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoDo more things under memory pressure on non-iOS platforms.
akling@apple.com [Mon, 14 Apr 2014 23:03:54 +0000 (23:03 +0000)]
Do more things under memory pressure on non-iOS platforms.
<https://webkit.org/b/131625>

Reviewed by Antti Koivisto.

Rename hasReceivedMemoryPressure() to isUnderMemoryPressure() and
make it use std::atomic<bool> instead of OSAtomic primitives.

Unmask most of the PLATFORM(IOS) blocks so all platforms can take
advantage of optimizations done while under pressure. Note that
isUnderMemoryPressure() will still always return false on platforms
other than iOS/WK1, but this will change soon.

* history/PageCache.cpp:
(WebCore::PageCache::canCache):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::commitProvisionalLoad):
* page/FrameView.cpp:
(WebCore::FrameView::willPaintContents):
(WebCore::FrameView::didPaintContents):
* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::MemoryPressureHandler):
* platform/MemoryPressureHandler.h:
(WebCore::MemoryPressureHandler::isUnderMemoryPressure):
* platform/cocoa/MemoryPressureHandlerCocoa.mm:
(WebCore::MemoryPressureHandler::setReceivedMemoryPressure):
(WebCore::MemoryPressureHandler::clearMemoryPressure):
(WebCore::MemoryPressureHandler::respondToMemoryPressureIfNeeded):
(WebCore::MemoryPressureHandler::hasReceivedMemoryPressure): Deleted.
* platform/graphics/FontCache.cpp:
(WebCore::FontCache::purgeInactiveFontDataIfNeeded):
* platform/ios/LegacyTileCache.mm:
(WebCore::LegacyTileCache::createTilesInActiveGrid):
* platform/ios/LegacyTileGrid.mm:
(WebCore::LegacyTileGrid::shouldUseMinimalTileCoverage):
* platform/ios/LegacyTileLayerPool.mm:
(WebCore::LegacyTileLayerPool::addLayer):
* platform/ios/TileControllerMemoryHandlerIOS.cpp:
(WebCore::TileControllerMemoryHandler::tileControllerGainedUnparentedTiles):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167277 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoLet the bundle form client know whether a change in a text field was initiated by...
mitz@apple.com [Mon, 14 Apr 2014 22:46:22 +0000 (22:46 +0000)]
Let the bundle form client know whether a change in a text field was initiated by user typing
https://bugs.webkit.org/show_bug.cgi?id=131643

Reviewed by Sam Weinig.

* WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFormDelegatePrivate.h: Added
initiatedByUserTyping parameter to the delegate method.

* WebProcess/InjectedBundle/API/mac/WKWebProcessPlugInBrowserContextController.mm:
(-[WKWebProcessPlugInBrowserContextController _setFormDelegate:]): Updated overload of
textDidChangeInTextField to take the initiatedByUserTyping parameter and pass it along to
the delegate.

* WebProcess/InjectedBundle/APIInjectedBundleFormClient.h:
(API::InjectedBundle::FormClient::textDidChangeInTextField): Added initiatedByUserTyping
parameter.

* WebProcess/InjectedBundle/InjectedBundlePageFormClient.cpp:
(WebKit::InjectedBundlePageFormClient::textDidChangeInTextField): Maintained the existing
behavior of not calling the C SPI client if the change was not initiated by user typing.
* WebProcess/InjectedBundle/InjectedBundlePageFormClient.h: Updated for added parameter.

* WebProcess/WebCoreSupport/WebEditorClient.cpp:
(WebKit::WebEditorClient::textDidChangeInTextField): Changed to call the bundle client
function unconditionally, but pass along whether the change was initiated by user typing.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167276 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[Cocoa] Add a WKWebProcessPlugInFormDelegate method corresponding to willSendSubmitEvent
mitz@apple.com [Mon, 14 Apr 2014 22:44:57 +0000 (22:44 +0000)]
[Cocoa] Add a WKWebProcessPlugInFormDelegate method corresponding to willSendSubmitEvent
https://bugs.webkit.org/show_bug.cgi?id=131639

Reviewed by Tim Horton.

* WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFormDelegatePrivate.h: Declared
new delegate method.
* WebProcess/InjectedBundle/API/mac/WKWebProcessPlugInBrowserContextController.mm:
(-[WKWebProcessPlugInBrowserContextController _setFormDelegate:]): Added an override
of API::InjectedBundle::FormClient::willSendSubmitEvent which calls the new delegate
method.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167275 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[iOS][WK2] Change the SPI used when starting the rotation animation
benjamin@webkit.org [Mon, 14 Apr 2014 22:39:18 +0000 (22:39 +0000)]
[iOS][WK2] Change the SPI used when starting the rotation animation
https://bugs.webkit.org/show_bug.cgi?id=131638

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-04-14
Reviewed by Tim Horton.

Having an update block where all the properties are changed is more convenient for Safari.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _beginAnimatedResizeWithUpdates:]):
(-[WKWebView _beginAnimatedResizeToSize:obscuredInsets:minimumLayoutSizeOverride:]): Deleted.
* UIProcess/API/Cocoa/WKWebViewPrivate.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167274 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[iOS WK2] Hash table assertion closing a tab
simon.fraser@apple.com [Mon, 14 Apr 2014 22:37:07 +0000 (22:37 +0000)]
[iOS WK2] Hash table assertion closing a tab
https://bugs.webkit.org/show_bug.cgi?id=131640

Reviewed by Tim Horton.

Have RemoteLayerTreeContext keep track of all PlatformCALayerRemotes,
and clear their context pointer when it is being destroyed to avoid
calling into a deleted object later.

* WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:
(WebKit::PlatformCALayerRemote::~PlatformCALayerRemote):
(WebKit::PlatformCALayerRemote::addAnimationForKey):
* WebProcess/WebPage/mac/PlatformCALayerRemote.h:
(WebKit::PlatformCALayerRemote::clearContext):
* WebProcess/WebPage/mac/RemoteLayerTreeContext.h:
* WebProcess/WebPage/mac/RemoteLayerTreeContext.mm:
(WebKit::RemoteLayerTreeContext::~RemoteLayerTreeContext):
(WebKit::RemoteLayerTreeContext::layerWasCreated):
(WebKit::RemoteLayerTreeContext::layerWillBeDestroyed):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167273 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoFunction.bind itself is too slow
oliver@apple.com [Mon, 14 Apr 2014 22:05:44 +0000 (22:05 +0000)]
Function.bind itself is too slow
https://bugs.webkit.org/show_bug.cgi?id=131636

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:
Rather than forcing creation of an activation, we now store
bound function properties directly on the returned closure.
This is necessary to deal with code that creates many function
bindings, but does not call them very often.

This is a 60% speed up in the included js/regress test.

* builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::createBuiltinExecutable):
* builtins/Function.prototype.js:
(bind.bindingFunction):
(bind.else.switch.case.1.bindingFunction.bindingFunction.bindingFunction.boundOversizedCallThunk):
(bind.else.switch.case.1.bindingFunction):
(bind.else.switch.case.2.bindingFunction.bindingFunction.bindingFunction.boundOversizedCallThunk):
(bind.else.switch.case.2.bindingFunction):
(bind.else.switch.case.3.bindingFunction.bindingFunction.bindingFunction.boundOversizedCallThunk):
(bind.else.switch.case.3.bindingFunction):
(bind.else.switch.bindingFunction):
(bind):
(bind.else.switch.case.1.bindingFunction.oversizedCall): Deleted.
(bind.else.switch.case.2.bindingFunction.oversizedCall): Deleted.
(bind.else.switch.case.3.bindingFunction.oversizedCall): Deleted.
* runtime/CommonIdentifiers.h:

LayoutTests:
New test, and fix bogus log in old one

* js/regress/function-bind-create-expected.html: Added.
* js/regress/function-bind-create.html: Added.
* js/regress/script-tests/function-bind-create.js: Added.
(test):
* js/regress/script-tests/function-bind.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167272 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoAllow dynamic changes of WKThumbnailView snapshot scale
timothy_horton@apple.com [Mon, 14 Apr 2014 21:51:17 +0000 (21:51 +0000)]
Allow dynamic changes of WKThumbnailView snapshot scale
https://bugs.webkit.org/show_bug.cgi?id=131628
<rdar://problem/16584156>

Reviewed by Beth Dakin.

* UIProcess/API/Cocoa/_WKThumbnailView.mm:
(-[_WKThumbnailView _requestSnapshotIfNeeded]):
Don't bail from requesting a snapshot just because we already had one; we want to resnapshot.
Keep track of when we bail from requesting a snapshot because we have one in-flight, so we can request it later.

(-[_WKThumbnailView _didTakeSnapshot:]):
Apply the scale to the bitmap size (whoops!).
Make CA always resize the content to fill the thumbnail view's layer, respecting aspect ratio.
Re-snapshot if we previously deferred a snapshot.

(-[_WKThumbnailView setScale:]):
If we get a scale change, request a new snapshot.

(-[_WKThumbnailView setUsesSnapshot:]):
Never apply thumbnail scale to the page if we're using snapshots. It's unnecessary,
because scale will be applied simply when painting the software snapshot.
Apply the thumbnail scale if we're going from usesSnapshot -> !usesSnapshot.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::snapshotAtSize):
Snapshots should use the greater of the two scales, so as to never leave a portion of the snapshot unpainted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167271 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoRenderLayerCompositor's m_layerForOverhangAreas should be offset by the
bdakin@apple.com [Mon, 14 Apr 2014 21:48:13 +0000 (21:48 +0000)]
RenderLayerCompositor's m_layerForOverhangAreas should be offset by the
topContentInset
https://bugs.webkit.org/show_bug.cgi?id=131632
-and corresponding-
<rdar://problem/16609602>

Reviewed by Tim Horton.

Offset m_layerForOverhangAreas by the topContentInset.
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::updateOverflowControlsLayers):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167270 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[sh4] Allow use of SubImmediates in LLINT.
julien.brianceau@gmail.com [Mon, 14 Apr 2014 21:46:18 +0000 (21:46 +0000)]
[sh4] Allow use of SubImmediates in LLINT.
https://bugs.webkit.org/show_bug.cgi?id=131608

Reviewed by Mark Lam.

Allow use of SubImmediates with const pool so the sh4 architecture can
share the arm path for setEntryAddress macro. It reduces architecture
specific code and lead to a more optimal generated code for sh4.

* llint/LowLevelInterpreter.asm:
* offlineasm/sh4.rb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167269 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoREGRESSION (WebKit2 View Gestures): Double-tap doesn't work properly when there's...
timothy_horton@apple.com [Mon, 14 Apr 2014 21:38:00 +0000 (21:38 +0000)]
REGRESSION (WebKit2 View Gestures): Double-tap doesn't work properly when there's no element underneath the cursor
https://bugs.webkit.org/show_bug.cgi?id=131629
<rdar://problem/16192821>

Reviewed by Dan Bernstein.

* UIProcess/mac/ViewGestureControllerMac.mm:
(WebKit::ViewGestureController::didCollectGeometryForSmartMagnificationGesture):
If there's nothing under the cursor, zoom towards the cursor instead of towards 0,0.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167268 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoEliminate CachedFrame::m_mousePressNode
ap@apple.com [Mon, 14 Apr 2014 21:24:04 +0000 (21:24 +0000)]
Eliminate CachedFrame::m_mousePressNode
https://bugs.webkit.org/show_bug.cgi?id=131626

Reviewed by Brady Eidson.

I couldn't find any observable effect of this change.

* history/CachedFrame.cpp:
(WebCore::CachedFrameBase::CachedFrameBase):
(WebCore::CachedFrameBase::restore):
(WebCore::CachedFrame::clear):
* history/CachedFrame.h:
(WebCore::CachedFrame::documentLoader):
(WebCore::CachedFrame::mousePressNode): Deleted.
Eliminated m_mousePressNode, accessor, and code that reached out to EventHandler.

* page/EventHandler.cpp:
(WebCore::EventHandler::mousePressNode): Deleted.
(WebCore::EventHandler::setMousePressNode): Deleted.
* page/EventHandler.h:
(WebCore::EventHandler::setMousePressed): Deleted. This function was already unused.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167267 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoRun filter animations in the UI process with UI-side compositing
simon.fraser@apple.com [Mon, 14 Apr 2014 20:46:26 +0000 (20:46 +0000)]
Run filter animations in the UI process with UI-side compositing
https://bugs.webkit.org/show_bug.cgi?id=131199
<rdar://problem/16479487>

Source/WebCore:

Reviewed by Sam Weinig.

Add FilterOperation::clone() which is used during decoding.
Export some things.

* WebCore.exp.in:
* platform/graphics/filters/FilterOperation.h:

Source/WebKit2:

Reviewed by Sam Weinig.

* Shared/WebCoreArgumentCoders.cpp: Removed lots of WebCore::
(IPC::ArgumentCoder<SelectionRect>::decode):
(IPC::ArgumentCoder<PasteboardWebContent>::encode):
(IPC::ArgumentCoder<PasteboardWebContent>::decode):
(IPC::ArgumentCoder<PasteboardImage>::encode):
(IPC::ArgumentCoder<PasteboardImage>::decode):
(IPC::ArgumentCoder<URL>::decode):
(IPC::ArgumentCoder<UserStyleSheet>::encode):
(IPC::ArgumentCoder<UserStyleSheet>::decode):
(IPC::ArgumentCoder<UserScript>::encode):
(IPC::ArgumentCoder<UserScript>::decode):
(IPC::ArgumentCoder<ScrollableAreaParameters>::encode):
(IPC::ArgumentCoder<ScrollableAreaParameters>::decode):
(IPC::ArgumentCoder<FixedPositionViewportConstraints>::encode):
(IPC::ArgumentCoder<FixedPositionViewportConstraints>::decode):
(IPC::ArgumentCoder<StickyPositionViewportConstraints>::encode):
(IPC::ArgumentCoder<StickyPositionViewportConstraints>::decode):
(IPC::ArgumentCoder<FilterOperation>::encode):
(IPC::decodeFilterOperation):
(IPC::ArgumentCoder<FilterOperations>::encode):
(IPC::ArgumentCoder<WebCore::UserStyleSheet>::encode): Deleted.
(IPC::ArgumentCoder<WebCore::UserStyleSheet>::decode): Deleted.
(IPC::ArgumentCoder<WebCore::UserScript>::encode): Deleted.
(IPC::ArgumentCoder<WebCore::UserScript>::decode): Deleted.
(IPC::ArgumentCoder<WebCore::ScrollableAreaParameters>::encode): Deleted.
(IPC::ArgumentCoder<WebCore::ScrollableAreaParameters>::decode): Deleted.
(IPC::ArgumentCoder<WebCore::FixedPositionViewportConstraints>::encode): Deleted.
(IPC::ArgumentCoder<WebCore::FixedPositionViewportConstraints>::decode): Deleted.
(IPC::ArgumentCoder<WebCore::StickyPositionViewportConstraints>::encode): Deleted.
(IPC::ArgumentCoder<WebCore::StickyPositionViewportConstraints>::decode): Deleted.
(IPC::encodeFilterOperation): Deleted.
Add encoding/decoding support for FilterOperation.
decodeFilterOperation() has to be a bare function because of the RefPtr
out parameter.
REFERENCE filters should never be encoded, since they have CachedSVGDocumentReferences.

* Shared/WebCoreArgumentCoders.h:

* Shared/mac/RemoteLayerTreeTransaction.mm:
(WebKit::RemoteLayerTreeTextStream::operator<<):
Add logging for filter animations to the RemoteLayerTree log output.

* WebProcess/WebPage/mac/GraphicsLayerCARemote.h:
* WebProcess/WebPage/mac/GraphicsLayerCARemote.cpp:
(WebKit::GraphicsLayerCARemote::addAnimation): Deleted. We can run
filter animations now.

* WebProcess/WebPage/mac/PlatformCAAnimationRemote.h:
KeyValues have a RefPtr<WebCore::FilterOperation> now (which can't be part of
the union because we need its constructor to get called).
* WebProcess/WebPage/mac/PlatformCAAnimationRemote.mm:
(WebKit::PlatformCAAnimationRemote::KeyframeValue::encode): Encode the filter.
(WebKit::PlatformCAAnimationRemote::KeyframeValue::decode): Decode the filter.
(WebKit::PlatformCAAnimationRemote::setFromValue): Implement.
(WebKit::PlatformCAAnimationRemote::setToValue): Implement.
(WebKit::PlatformCAAnimationRemote::setValues): Implement.
(WebKit::animationValueFromKeyframeValue): Handle filters.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167266 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoFix the build.
simon.fraser@apple.com [Mon, 14 Apr 2014 20:38:26 +0000 (20:38 +0000)]
Fix the build.

* UIProcess/mac/PageClientImpl.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167265 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUse after free in WebCore::CachedResourceHandleBase::~CachedResourceHandleBase /...
jer.noble@apple.com [Mon, 14 Apr 2014 20:37:52 +0000 (20:37 +0000)]
Use after free in WebCore::CachedResourceHandleBase::~CachedResourceHandleBase / WebCore::removeDetachedChildrenInContainer
https://bugs.webkit.org/show_bug.cgi?id=131169

Reviewed by Eric Carlson.

Invalidate the WebCoreAVFResourceLoader owned by MediaPlayerPrivateAVFoundationObjC
in its destructor, to prevent a private function being called in response to the
WebCoreAVFResourceLoader being stopped.

* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC):
* platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.h:
* platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
(WebCore::WebCoreAVFResourceLoader::invalidate):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167264 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agomonotonicallyIncreasingTime() should only initialize its static timebaseInfo once.
mark.lam@apple.com [Mon, 14 Apr 2014 20:31:45 +0000 (20:31 +0000)]
monotonicallyIncreasingTime() should only initialize its static timebaseInfo once.
<https://webkit.org/b/131630>

Reviewed by Filip Pizlo.

The current initialization of the static field is not thread safe.

* wtf/CurrentTime.cpp:
(WTF::monotonicallyIncreasingTime):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167263 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[WK2 iOS] Scrolling to anchor links is broken
simon.fraser@apple.com [Mon, 14 Apr 2014 19:49:37 +0000 (19:49 +0000)]
[WK2 iOS] Scrolling to anchor links is broken
https://bugs.webkit.org/show_bug.cgi?id=131618
<rdar://problem/16599144>

Source/WebCore:

Reviewed by Tim Horton.

Have ScrollingTreeScrollingNode pass RequestedScrollPosition updates
to the scrolling tree, so that the scrolling tree can have custom behavior
for them if necessary.

* page/scrolling/ScrollingTree.h:
(WebCore::ScrollingTree::scrollingTreeNodeRequestsScroll):
* page/scrolling/ScrollingTreeScrollingNode.cpp:
(WebCore::ScrollingTreeScrollingNode::updateAfterChildren):
* page/scrolling/ScrollingTreeScrollingNode.h:

Source/WebKit2:

Reviewed by Tim Horton.

The RemoteScrollingTree implements scrollingTreeNodeRequestsScroll
to get informed about requested scroll position updates, and passes
them along via the RemoteScrollingCoordinatorProxy, WebPageProxy and PageClient
to the WKWebView, which performs a scroll.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _scrollToContentOffset:WebCore::]): Scroll to content offset,
taking page scale and insets into account.
* UIProcess/API/Cocoa/WKWebViewInternal.h:
* UIProcess/CoordinatedGraphics/WebView.cpp:
(WebKit::WebView::requestScroll):
* UIProcess/CoordinatedGraphics/WebView.h:
* UIProcess/PageClient.h:
* UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.cpp:
(WebKit::RemoteScrollingCoordinatorProxy::scrollingTreeNodeRequestsScroll):
Pass scrolls along to the WebPageProxy for the root node. We will also need
to handle programmatic scrolls for overflow soon.
* UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.h:
* UIProcess/Scrolling/RemoteScrollingTree.cpp:
(WebKit::RemoteScrollingTree::scrollingTreeNodeRequestsScroll):
* UIProcess/Scrolling/RemoteScrollingTree.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::requestScroll):
* UIProcess/WebPageProxy.h:
* UIProcess/ios/PageClientImplIOS.h:
* UIProcess/ios/PageClientImplIOS.mm:
(WebKit::PageClientImpl::canScrollView):
(WebKit::PageClientImpl::requestScroll):
* UIProcess/mac/PageClientImpl.mm:
(WebKit::PageClientImpl::requestScroll):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167262 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoWeb Replay: memoize fallback time values for document.lastModified
burg@cs.washington.edu [Mon, 14 Apr 2014 19:45:24 +0000 (19:45 +0000)]
Web Replay: memoize fallback time values for document.lastModified
https://bugs.webkit.org/show_bug.cgi?id=131318

Reviewed by Joseph Pecoraro.

Source/WebCore:
If a document's Last-Modified header can't be found or used, then
document.lastModified is derived from the current system time or
from filesystem data, which is obviously nondeterministic.

It's better to handle this inside Document::lastModified rather than using
MemoizedDOMResult, because only the fallback case is nondeterministic.

Test: http/tests/inspector/replay/document-last-modified-fallback-value.html

* dom/Document.cpp:
(WebCore::Document::lastModified): Save or reuse memoized fallback value.
* replay/WebInputs.json: Add input DocumentLastModifiedDate.

LayoutTests:
* http/tests/inspector/replay/document-last-modified-fallback-value.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167261 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoA few MallocBench record/replay fixes
ggaren@apple.com [Mon, 14 Apr 2014 19:11:50 +0000 (19:11 +0000)]
A few MallocBench record/replay fixes
https://bugs.webkit.org/show_bug.cgi?id=131627

Reviewed by Andreas Kling.

* MallocBench/MallocBench/Interpreter.cpp:
(Interpreter::run): Accept 0-sized allocations without asserting because
WebKit does that sometimes.

* MallocBench/MallocBench/flickr.ops:
* MallocBench/MallocBench/flickr_memory_warning.ops:
* MallocBench/MallocBench/reddit.ops:
* MallocBench/MallocBench/reddit_memory_warning.ops:
* MallocBench/MallocBench/theverge.ops:
* MallocBench/MallocBench/theverge_memory_warning.ops: Updated these
recordings because a bug in the recording mechanism caused one out of
every few thousand slot values to be bogus.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167260 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[GTK] Unreviewed GTK gardening.
commit-queue@webkit.org [Mon, 14 Apr 2014 19:02:26 +0000 (19:02 +0000)]
[GTK] Unreviewed GTK gardening.

Patch by Eduardo Lima Mitev <elima@igalia.com> on 2014-04-14

* platform/gtk/TestExpectations: Update test expectations for new failing test 'editing/editability/ignored-content.html'.
* platform/gtk/inspector-protocol/dom/getAccessibilityPropertiesForNode-expected.txt: Rebaselined.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167259 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoVersioning.
bshafiei@apple.com [Mon, 14 Apr 2014 19:00:23 +0000 (19:00 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167258 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoKeep secondary tile grid for zoomed-out scale
antti@apple.com [Mon, 14 Apr 2014 18:40:04 +0000 (18:40 +0000)]
Keep secondary tile grid for zoomed-out scale
https://bugs.webkit.org/show_bug.cgi?id=131586

Reviewed by Darin Adler.

Source/WebCore:
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::updateContentsScale):

    Don't repaint tiled backing with setNeedsDisplay, it invalidates itself correctly in setContentsScale.
    Update custom child layers when tiled backing scale changes.

* platform/graphics/ca/mac/TileController.h:
* platform/graphics/ca/mac/TileController.mm:
(WebCore::TileController::TileController):
(WebCore::TileController::setNeedsDisplay):

    Drop the whole zoomed-out grid on full repaint.

(WebCore::TileController::setNeedsDisplayInRect):

    Drop changed zoomed-out tiles. A more sophisticated strategy is possible.

(WebCore::TileController::setContentsScale):

    Swap the zoomed-out grid in and out as needed.
    Repaint the active grid after scale change so the client does not have to.

(WebCore::TileController::contentsScale):

    Get the content scale from the tile grid so it is not kept in two places.

(WebCore::TileController::zoomedOutContentsScale):
(WebCore::TileController::setZoomedOutContentsScale):

    Drop the zoomed-out grid if it no longer matches the zoomed-out scale.

(WebCore::TileController::tileRevalidationTimerFired):
(WebCore::TileController::retainedTileBackingStoreMemory):
(WebCore::TileController::containerLayers):

    Return both zoomed-out tiles and the active tiles. Active tiles are on top.

(WebCore::TileController::numberOfUnparentedTiles):
(WebCore::TileController::removeUnparentedTilesNow):
* platform/graphics/ca/mac/TileGrid.h:
* platform/graphics/ca/mac/TileGrid.mm:
(WebCore::TileGrid::dropTilesInRect):

    Add a function for dropping tiles.

(WebCore::TileGrid::revalidateTiles):

Source/WebKit2:
* WebProcess/WebPage/mac/PlatformCALayerRemoteTiledBacking.cpp:
(WebKit::PlatformCALayerRemoteTiledBacking::PlatformCALayerRemoteTiledBacking):
(WebKit::PlatformCALayerRemoteTiledBacking::customSublayers):

    Always request new sublayer list from tile controller.

* WebProcess/WebPage/mac/PlatformCALayerRemoteTiledBacking.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167256 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoArray.prototype.concat should allocate output storage only once.
akling@apple.com [Mon, 14 Apr 2014 18:04:20 +0000 (18:04 +0000)]
Array.prototype.concat should allocate output storage only once.
<https://webkit.org/b/131609>

Do a first pass across 'this' and any arguments to compute the
final size of the resulting array from Array.prototype.concat.
This avoids having to grow the output incrementally as we go.

This also includes two other micro-optimizations:

- Mark getProperty() with ALWAYS_INLINE.

- Use JSArray::length() instead of taking the generic property
  lookup path when we know an argument is an Array.

My MBP says ~3% progression on Dromaeo/jslib-traverse-jquery.

Reviewed by Oliver & Darin.

* runtime/ArrayPrototype.cpp:
(JSC::getProperty):
(JSC::arrayProtoFuncConcat):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167255 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoFixed svn:ignore on bmalloc.xcodeproj, it had erroneous leading spaces.
ap@apple.com [Mon, 14 Apr 2014 17:33:20 +0000 (17:33 +0000)]
Fixed svn:ignore on bmalloc.xcodeproj, it had erroneous leading spaces.

* bmalloc.xcodeproj: Modified property svn:ignore.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167254 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoMake WK(Web)View magnification setters actually use view-relative positions
timothy_horton@apple.com [Mon, 14 Apr 2014 17:27:59 +0000 (17:27 +0000)]
Make WK(Web)View magnification setters actually use view-relative positions
https://bugs.webkit.org/show_bug.cgi?id=131611
<rdar://problem/15965239>

Reviewed by Darin Adler.

* UIProcess/API/mac/WKView.mm:
(-[WKView setMagnification:centeredAtPoint:]):
(-[WKView setMagnification:]):
Use scalePageInViewCoordinates instead.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::scalePageInViewCoordinates):
* UIProcess/WebPageProxy.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::scalePageInViewCoordinates):
(WebKit::WebPage::pageScaleFactor):
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/WebPage.messages.in:
Add scalePageInViewCoordinates, which turns the scale centerpoint within the view
into what scalePage expects: a post-scale scroll offset.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167253 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUnreviewed, rolling out r167249.
akling@apple.com [Mon, 14 Apr 2014 17:26:28 +0000 (17:26 +0000)]
Unreviewed, rolling out r167249.
https://bugs.webkit.org/show_bug.cgi?id=131621

broke 3 tests on cloop (Requested by kling on #webkit).

Reverted changeset:

"Array.prototype.concat should allocate output storage only
once."
https://bugs.webkit.org/show_bug.cgi?id=131609
http://trac.webkit.org/changeset/167249

Patch by Commit Queue <commit-queue@webkit.org> on 2014-04-14

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167252 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUpdate test result
oliver@apple.com [Mon, 14 Apr 2014 17:17:20 +0000 (17:17 +0000)]
Update test result

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167251 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoFixed potential integer truncation.
commit-queue@webkit.org [Mon, 14 Apr 2014 16:31:43 +0000 (16:31 +0000)]
Fixed potential integer truncation.
https://bugs.webkit.org/show_bug.cgi?id=131615

Patch by Alex Christensen <achristensen@webkit.org> on 2014-04-14
Reviewed by Darin Adler.

* assembler/X86Assembler.h:
(JSC::X86Assembler::fillNops):
Truncate the size_t to an unsigned after it is limited to 15 instead of before.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167250 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoArray.prototype.concat should allocate output storage only once.
akling@apple.com [Mon, 14 Apr 2014 16:19:58 +0000 (16:19 +0000)]
Array.prototype.concat should allocate output storage only once.
<https://webkit.org/b/131609>

Do a first pass across 'this' and any arguments to compute the
final size of the resulting array from Array.prototype.concat.
This avoids having to grow the output incrementally as we go.

This also includes two other micro-optimizations:

- Mark getProperty() with ALWAYS_INLINE.

- Use JSArray::length() instead of taking the generic property
  lookup path when we know an argument is an Array.

My MBP says ~3% progression on Dromaeo/jslib-traverse-jquery.

Reviewed by Darin Adler.

* runtime/ArrayPrototype.cpp:
(JSC::getProperty):
(JSC::arrayProtoFuncConcat):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167249 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoOptimize Canvas fill and drawImage with SourceIn, DestinationIn, SourceOut, and Desti...
krit@webkit.org [Mon, 14 Apr 2014 16:02:03 +0000 (16:02 +0000)]
Optimize Canvas fill and drawImage with SourceIn, DestinationIn, SourceOut, and DestinationAtop using transparencyLayer.
https://bugs.webkit.org/show_bug.cgi?id=79659

Reviewed by Darin Adler.

Source/WebCore:
Optimize fill() and fillRect() operations in Canvas on composited contexts by
10 to 20 times on CG.

Replacing the ImageBuffer code by transparency layers allows the
graphics library to optimize the drawing.

Doing the same for drawImage() would give performance regressions.

An inline function will create a transparency layer for CG. Cairo graphics
does not composite correctly when a transparency layer gets created.
The inline function is just a NOOP for Cairo.

This fixes bug 131303 as well.

Added performance tests with r167124 already.

* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::CanvasRenderingContext2D::fillInternal):
(WebCore::CanvasRenderingContext2D::strokeInternal):
(WebCore::CanvasRenderingContext2D::beginCompositeLayer):
(WebCore::CanvasRenderingContext2D::endCompositeLayer):
(WebCore::CanvasRenderingContext2D::fillRect):
(WebCore::CanvasRenderingContext2D::strokeRect):
(WebCore::CanvasRenderingContext2D::drawTextInternal):
(WebCore::CanvasRenderingContext2D::fullCanvasCompositedFill): Deleted.
* html/canvas/CanvasRenderingContext2D.h:

LayoutTests:
Unskip previously failing tests.

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167248 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoLots of compositing test failures after r167152
timothy_horton@apple.com [Mon, 14 Apr 2014 15:42:28 +0000 (15:42 +0000)]
Lots of compositing test failures after r167152
https://bugs.webkit.org/show_bug.cgi?id=131574

Reviewed by Darin Adler.

* platform/graphics/GraphicsLayer.cpp:
(WebCore::dumpChildren):
(WebCore::GraphicsLayer::dumpProperties):
Make child-dumping recursive so that we can easily skip layers up to any depth.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167246 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoFix incorrect indentations in CodeGeneratorJS.pm introduced in r165521
pmolnar.u-szeged@partner.samsung.com [Mon, 14 Apr 2014 12:45:01 +0000 (12:45 +0000)]
Fix incorrect indentations in CodeGeneratorJS.pm introduced in r165521
https://bugs.webkit.org/show_bug.cgi?id=131613

Reviewed by Csaba Osztrogonác.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
Fixed 5-space indentation.
* bindings/scripts/test/JS/JSTestNondeterministic.cpp:
Updated the tests accordingly.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167244 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoFix commit-log-editor bug revealed by r165447
commit-queue@webkit.org [Mon, 14 Apr 2014 12:24:23 +0000 (12:24 +0000)]
Fix commit-log-editor bug revealed by r165447
https://bugs.webkit.org/show_bug.cgi?id=130676

Patch by Jozsef Berta <jberta.u-szeged@partner.samsung.com> on 2014-04-14
Reviewed by Csaba Osztrogonác.

* Scripts/commit-log-editor:
(createCommitMessage): Omitting empty Source/JavaScriptCore:... blocks.
Add \n before the first block too, because the longest common prefix now ends with only one newline.
(removeLongestCommonPrefixEndingInNewline): The longest common prefix ends with only one newline,
now the last block of the common prefix isn't duplicated below. Changing the function name accordingly.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167243 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[JSC] CSSStyleDeclaration report incorrect descriptor
rego@igalia.com [Mon, 14 Apr 2014 11:21:49 +0000 (11:21 +0000)]
[JSC] CSSStyleDeclaration report incorrect descriptor
https://bugs.webkit.org/show_bug.cgi?id=89697

Reviewed by Benjamin Poulain.

Source/WebCore:

Change descriptor of CSSStyleDeclaration properties in order to have
writable and enumerable attributes set to true. Configurable is kept to
false since the property is not deleteable.

Test: fast/dom/CSSStyleDeclaration/cssstyledeclaration-properties-descriptor.html

* bindings/js/JSCSSStyleDeclarationCustom.cpp:
(WebCore::JSCSSStyleDeclaration::getOwnPropertySlotDelegate): Only set
DontDelete attribute when creating the descriptor for
CSSStyleDeclaration properties.

LayoutTests:

Add new test to check the descriptor of CSSStyleDeclaration properties.

* fast/dom/CSSStyleDeclaration/cssstyledeclaration-properties-descriptor-expected.txt: Added.
* fast/dom/CSSStyleDeclaration/cssstyledeclaration-properties-descriptor.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167240 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[JSC] Improve the call site of string comparison in some hot path
benjamin@webkit.org [Mon, 14 Apr 2014 08:46:27 +0000 (08:46 +0000)]
[JSC] Improve the call site of string comparison in some hot path
https://bugs.webkit.org/show_bug.cgi?id=131605

Reviewed by Darin Adler.

Source/JavaScriptCore:

When resolved, the String of a JSString is never null. It can be empty but not null.
The null value is reserved for ropes but those would be resolved when getting the value.

Consequently, we should use the equal() operation that do not handle null values.
Using the StringImpl directly is already common in StringPrototype but it was not used here for some reason.

* jit/JITOperations.cpp:
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::equalSlowCaseInline):
(JSC::JSValue::strictEqualSlowCaseInline):
(JSC::JSValue::pureStrictEqual):

Source/WebCore:

* dom/NodeRareData.h:
(WebCore::NodeListsNodeData::NodeListCacheMapEntryHash::equal):
We should use the right comparison operation depending on the Hash Traits.

Source/WTF:

* wtf/text/StringImpl.cpp:
(WTF::stringImplContentEqual):
Inline that function to reduce the call overhead for JSC.
This is only inlined twice, it is not catastrophic for our binary.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167220 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoMerge MemoryPressureHandler{Mac,IOS}.mm
akling@apple.com [Mon, 14 Apr 2014 08:45:23 +0000 (08:45 +0000)]
Merge MemoryPressureHandler{Mac,IOS}.mm
<https://webkit.org/b/131603>

Join the iOS and Mac platform implementations of MemoryPressureHandler
under the shared Cocoa banner. Each platform still has its own quirky
behavior, but this puts them in the same file so we can start sharing.

Reviewed by Darin Adler.

* WebCore.xcodeproj/project.pbxproj:
* platform/cocoa/MemoryPressureHandlerCocoa.mm: Renamed from Source/WebCore/platform/mac/MemoryPressureHandlerMac.mm.
(WebCore::MemoryPressureHandler::platformReleaseMemory):
(WebCore::MemoryPressureHandler::install):
(WebCore::MemoryPressureHandler::uninstall):
(WebCore::MemoryPressureHandler::holdOff):
(WebCore::MemoryPressureHandler::respondToMemoryPressure):
(WebCore::respondToMemoryPressureCallback):
(WebCore::MemoryPressureHandler::installMemoryReleaseBlock):
(WebCore::MemoryPressureHandler::setReceivedMemoryPressure):
(WebCore::MemoryPressureHandler::hasReceivedMemoryPressure):
(WebCore::MemoryPressureHandler::clearMemoryPressure):
(WebCore::MemoryPressureHandler::shouldWaitForMemoryClearMessage):
(WebCore::MemoryPressureHandler::respondToMemoryPressureIfNeeded):
* platform/ios/MemoryPressureHandlerIOS.mm: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167219 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoCSS JIT: compile the :nth-child() pseudo class
benjamin@webkit.org [Mon, 14 Apr 2014 08:42:53 +0000 (08:42 +0000)]
CSS JIT: compile the :nth-child() pseudo class
https://bugs.webkit.org/show_bug.cgi?id=131602

Reviewed by Andreas Kling.

Source/WebCore:

Tests: fast/selectors/nth-child-bounds.html
       fast/selectors/nth-child-with-backtracking.html

Compile the :nth-child() pseudo class function + some related clean up.

* css/CSSSelector.cpp:
(WebCore::CSSSelector::nthA):
(WebCore::CSSSelector::nthB):
Expose the parsed value of an+b filters. Those values are used to compile
the selector.

(WebCore::CSSSelector::RareData::parseNth):
While working on the patch, I discovered some severe issues with the parsing of large
values of a and/or b. The problem comes from the way the CSS parser handle the values:
the values are parsed as a double then converted to an AtomicString for CSSSelector.

There are many problems related to large values but we never got bug reports because
they are very uncommon. Fixing those problem would require changing the parser.

Here, CSSSelector::RareData::parseNth() is hardened a little bit to avoid absurd values
of a and b.

* css/CSSSelector.h:
* cssjit/RegisterAllocator.h:
It looks like I forgot RDX in the list of register. Add it now since it is required
for SelectorCodeGenerator::modulo().

* cssjit/SelectorCompiler.cpp:
(WebCore::SelectorCompiler::addPseudoType):
(WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
(WebCore::SelectorCompiler::SelectorCodeGenerator::modulo):
(WebCore::SelectorCompiler::SelectorCodeGenerator::moduloIsZero):
There is no modulo() operation exposed on the macro assemblers. This is a basic
implementation on top of idiv for x86_64.

Since idiv works exclusively with RAX and RDX, most of the code is about getting
those registers efficiently.

(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
(WebCore::SelectorCompiler::setElementChildIndex):
(WebCore::SelectorCompiler::setElementChildIndexAndUpdateStyle):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
This is pretty much a straightforward implementation of :nth-child().
The first part counts the number of previous elements.
The second part updates the tree if this is style resolution.
The last part compares the number of previous siblings to an+b to find if the filter matches.

The only part that diverges from SelectorChecker is how childIndex is used. Instead of testing it
at every iteration, only the first iteration handle the cache.

* dom/ElementRareData.h:
(WebCore::ElementRareData::childIndexMemoryOffset):
* dom/Node.h:
(WebCore::Node::rareDataMemoryOffset):
(WebCore::Node::flagHasRareData):
* rendering/style/RenderStyle.h:

LayoutTests:

Add a couple of test for the new code:
-nth-child-with-backtracking tests the register pressure with backtracking.
-nth-child-bounds tests invalid selectors do not cause problems.

* fast/selectors/nth-child-bounds-expected.txt: Added.
* fast/selectors/nth-child-bounds.html: Added.
* fast/selectors/nth-child-with-backtracking-expected.txt: Added.
* fast/selectors/nth-child-with-backtracking.html: Added.

* http/tests/security/video-poster-cross-origin-crash.html:
Now that CSSSelector filters out ridiculously bad values, the pseudo class in this test
was no longer executed.
The particular value of nth-child is irrelevant for this test, all it needs it the tree marking
while not matching.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167218 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoSupport setting a background color on page overlays
timothy_horton@apple.com [Mon, 14 Apr 2014 08:10:22 +0000 (08:10 +0000)]
Support setting a background color on page overlays
https://bugs.webkit.org/show_bug.cgi?id=131600

Reviewed by Darin Adler.

* WebProcess/WebPage/PageOverlay.cpp:
(WebKit::PageOverlay::PageOverlay):
(WebKit::PageOverlay::bounds):
(WebKit::PageOverlay::startFadeInAnimation):
(WebKit::PageOverlay::startFadeOutAnimation):
(WebKit::PageOverlay::startFadeAnimation):
(WebKit::PageOverlay::fadeAnimationTimerFired):
Minor style adjustments.
Use more references everywhere.

(WebKit::PageOverlay::setBackgroundColor):
(WebKit::PageOverlay::setNeedsDisplay):
* WebProcess/WebPage/PageOverlay.h:
(WebKit::PageOverlay::backgroundColor):
Keep track of our background color, and push it down to the page overlay controller if we have one.

* WebProcess/WebPage/PageOverlayController.cpp:
(WebKit::updateOverlayGeometry):
(WebKit::PageOverlayController::clearPageOverlay):
Page overlays will always have the right size, and just use drawsContents to determine
whether or not they should tile/have backing store/etc.

(WebKit::PageOverlayController::installPageOverlay):
(WebKit::PageOverlayController::didChangeOverlayBackgroundColor):
Set the background color of the layer.

* WebProcess/WebPage/PageOverlayController.h:

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::WebPage):
References!

* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::setDocumentOverlayRootLayer):
Mark the compositing tree as needing a rebuild when we get a new document-relative
overlay layer; otherwise we were depending on something else coming along and
requiring a rebuild, which didn't always happen.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167216 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[CSS Regions] Hit testing doesn't work in video
mihnea@adobe.com [Mon, 14 Apr 2014 07:50:51 +0000 (07:50 +0000)]
[CSS Regions] Hit testing doesn't work in video
https://bugs.webkit.org/show_bug.cgi?id=131485

Reviewed by Andrei Bucur.

Source/WebCore:

When hit testing flow thread layer through the region layer,
we have to pass the depth sorting information and take that
into account for the situation in which an ancestor of the region
has preserve-3d transform style.

Test: fast/regions/hit-test-region-preserve3d-container.html

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::hitTestLayer):
(WebCore::RenderLayer::hitTestFlowThreadIfRegionForFragments):
* rendering/RenderLayer.h:

LayoutTests:

* fast/regions/hit-test-region-preserve3d-container-expected.txt: Added.
* fast/regions/hit-test-region-preserve3d-container.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167215 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUpdate html5lib test data to latest version
commit-queue@webkit.org [Mon, 14 Apr 2014 07:19:39 +0000 (07:19 +0000)]
Update html5lib test data to latest version
https://bugs.webkit.org/show_bug.cgi?id=131588

Patch by Koji Ishii <kojishi@gmail.com> on 2014-04-14
Reviewed by Darin Adler.

This patch imports the latest version of the "dat" files from
https://github.com/html5lib/html5lib-tests
Also updated expected files for failures of new tests.

* html5lib/generated/run-adoption01-data-expected.txt: Passes now as a bug in the test was fixed.
* html5lib/generated/run-adoption01-write-expected.txt: Supressed new failures.
* html5lib/generated/run-inbody01-data-expected.txt: Added.
* html5lib/generated/run-inbody01-data.html: Added.
* html5lib/generated/run-inbody01-write-expected.txt: Added.
* html5lib/generated/run-inbody01-write.html: Added.
* html5lib/generated/run-main-element-data-expected.txt: Added.
* html5lib/generated/run-main-element-data.html: Added.
* html5lib/generated/run-main-element-write-expected.txt: Added.
* html5lib/generated/run-main-element-write.html: Added.
* html5lib/generated/run-template-data-expected.txt: Supressed new failures.
* html5lib/generated/run-template-write-expected.txt: Supressed new failures.
* html5lib/generated/run-tests21-data-expected.txt: Supressed new failures.
* html5lib/generated/run-tests21-write-expected.txt: Supressed new failures.
* html5lib/generated/run-tests25-data-expected.txt: Supressed new failures.
* html5lib/generated/run-tests25-write-expected.txt: Supressed new failures.
* html5lib/resources/adoption01.dat:
* html5lib/resources/adoption02.dat:
* html5lib/resources/comments01.dat:
* html5lib/resources/doctype01.dat:
* html5lib/resources/domjs-unsafe.dat:
* html5lib/resources/entities01.dat:
* html5lib/resources/entities02.dat:
* html5lib/resources/html5test-com.dat:
* html5lib/resources/inbody01.dat:
* html5lib/resources/isindex.dat:
* html5lib/resources/main-element.dat: Added.
* html5lib/resources/pending-spec-changes-plain-text-unsafe.dat:
* html5lib/resources/pending-spec-changes.dat:
* html5lib/resources/plain-text-unsafe.dat:
* html5lib/resources/scriptdata01.dat:
* html5lib/resources/tables01.dat:
* html5lib/resources/template.dat:
* html5lib/resources/tests1.dat:
* html5lib/resources/tests10.dat:
* html5lib/resources/tests14.dat:
* html5lib/resources/tests15.dat:
* html5lib/resources/tests16.dat:
* html5lib/resources/tests17.dat:
* html5lib/resources/tests18.dat:
* html5lib/resources/tests19.dat:
* html5lib/resources/tests2.dat:
* html5lib/resources/tests20.dat:
* html5lib/resources/tests21.dat:
* html5lib/resources/tests22.dat:
* html5lib/resources/tests23.dat:
* html5lib/resources/tests25.dat:
* html5lib/resources/tests26.dat:
* html5lib/resources/tests3.dat:
* html5lib/resources/tests4.dat:
* html5lib/resources/tests5.dat:
* html5lib/resources/tests6.dat:
* html5lib/resources/tests7.dat:
* html5lib/resources/tests8.dat:
* html5lib/resources/tests9.dat:
* html5lib/resources/tests_innerHTML_1.dat:
* html5lib/resources/tricky01.dat:
* html5lib/resources/webkit01.dat:
* html5lib/resources/webkit02.dat:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167213 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agouserVisibleString should not try to "encode" host names
darin@apple.com [Mon, 14 Apr 2014 06:58:29 +0000 (06:58 +0000)]
userVisibleString should not try to "encode" host names
https://bugs.webkit.org/show_bug.cgi?id=131587
rdar://problem/14686849

Reviewed by Alexey Proskuryakov.

Source/WebCore:

* WebCore.exp.in: Updated for WebCoreNSURLExtras argument type changes.

* platform/mac/WebCoreNSURLExtras.h: Removed unneeded code to make this
Objective-C++ header compile in plain C++ files, which we never need to do.
Added missing argument name, baseURL, and changed mysterious CFIndex arguments
to the correct type, CFURLComponentType.

* platform/mac/WebCoreNSURLExtras.mm:
(WebCore::isLookalikeCharacter): Removed the inline keyword from this, and added
more lookalike characters from the Mozilla list referenced here.
(WebCore::URLByTruncatingOneCharacterBeforeComponent): Updated argument type.
(WebCore::dataForURLComponentType): Ditto.
(WebCore::userVisibleString): Only call mapHostNames if host name decoding is
needed; no encoding here.

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Added URLExtras.mm.

* TestWebKitAPI/Tests/mac/URLExtras.mm: Added. A few tests for WebCoreNSURLExtras.
Coverage is tiny at this point; we could add a lot more cases!

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167211 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoREGRESSION (r158617): Find on Page can get stuck in a loop when the search string...
darin@apple.com [Mon, 14 Apr 2014 06:55:15 +0000 (06:55 +0000)]
REGRESSION (r158617): Find on Page can get stuck in a loop when the search string occurs in an <input> in a <fieldset>
https://bugs.webkit.org/show_bug.cgi?id=126322

Reviewed by Ryosuke Niwa.

Source/WebCore:

* dom/Element.cpp:
(WebCore::Element::canContainRangeEndPoint): Now returns false when the role of the element
is "img". This is the same rule that's hard-coded in isRenderReplacedElement for the same
reason. Need more test coverage to make sure this role feature works consistently.

* dom/Element.h: Made canContainRangeEndPoint no longer inline since it's not just a
return statement any more.

* dom/Position.cpp:
(WebCore::Position::isCandidate): Took out code that calls isRendererReplacedElement
that was added in r158617; not needed now that we updated canContainRangeEndPoint.

* dom/Range.cpp:
(WebCore::Range::firstNode): Removed code here that called isRendererReplacedElement.
This was the wrong level to be adding editing logic, and there's a FIXME here to that
effect, which we are now deleting. This was the change that broke Find.

* editing/TextIterator.cpp: Added a comment about the redundancy between the
isRendererReplacedElement and editingIgnoresContent functions.

* html/HTMLHRElement.cpp:
(WebCore::HTMLHRElement::canContainRangeEndPoint): Call through to base class instead
of just returning true when we have child nodes. Lets Element::canContainRangeEndPoint
do its thing.
* html/HTMLHRElement.h: Ditto.

* html/HTMLObjectElement.cpp:
(WebCore::HTMLObjectElement::canContainRangeEndPoint): Call through to base class instead
of just returning true when we have fallback content. Lets Element::canContainRangeEndPoint
do its thing.
* html/HTMLObjectElement.h: Ditto.

* testing/Internals.cpp:
(WebCore::Internals::countMatchesForText): Set the limit to 1000 instead of infinite.

LayoutTests:

* editing/text-iterator/count-matches-in-form-expected.txt: Added.
* editing/text-iterator/count-matches-in-form.html: Added.

* fast/text/window-find.html: Tweaked the test a bit, making it a little easier to
see if the test hasn't even run.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167210 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUse #include instead of #import
ljaehun.lim@samsung.com [Mon, 14 Apr 2014 05:29:47 +0000 (05:29 +0000)]
Use #include instead of #import
https://bugs.webkit.org/show_bug.cgi?id=131604

Reviewed by Darin Adler.

Fix "warning: #import is a deprecated GCC extension [-Wdeprecated]".

* TestWebKitAPI/Tests/WTF/StringView.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167209 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoUse unique_ptr for FillLayer::m_next
darin@apple.com [Mon, 14 Apr 2014 04:28:25 +0000 (04:28 +0000)]
Use unique_ptr for FillLayer::m_next
https://bugs.webkit.org/show_bug.cgi?id=75222

Reviewed by Dan Bernstein.

* css/DeprecatedStyleBuilder.cpp:
(WebCore::ApplyPropertyFillLayer::applyInheritValue):
Renamed currChild to just child and prevChild to previousChild.
Changed code to pass ownership of the new FillLayer immediately.
Changed some loops to be for loops.
(WebCore::ApplyPropertyFillLayer::applyInitialValue): Ditto.
(WebCore::ApplyPropertyFillLayer::applyValue): Ditto.

* rendering/RenderBox.cpp:
(WebCore::RenderBox::backgroundHasOpaqueTopLayer): Use reference
instead of pointer.
(WebCore::RenderBox::paintFillLayers): Ditto.
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::paintFillLayerExtended): Ditto.

* rendering/style/FillLayer.cpp:
(WebCore::FillLayer::FillLayer): Removed m_next initializer since it is now an
OwnPtr and initializes automatically. In a couple other places, changed m_next
initializer to use make_unique.
(WebCore::FillLayer::~FillLayer): Wrote loop for deletion of m_next.
(WebCore::FillLayer::operator=): Removed unneeded explicit deletion of m_next.
(WebCore::FillLayer::cullEmptyLayers): Ditto.
(WebCore::clipMax): Marked inline.
(WebCore::FillLayer::computeClipMax): Rewrote to use a loop instead of recursion.
(WebCore::FillLayer::containsImage): Ditto.
(WebCore::FillLayer::imagesAreLoaded): Ditto.
(WebCore::FillLayer::hasOpaqueImage): Rewrote to use && instead of multiple if.
(WebCore::FillLayer::hasImage): Rewrote to use a loop instead of recursion.
(WebCore::FillLayer::hasFixedImage): Ditto.

* rendering/style/FillLayer.h: Changed m_next to be a unique_ptr.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167208 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years ago[QuickLook] Move file system-related code into WebKit
aestes@apple.com [Mon, 14 Apr 2014 02:57:33 +0000 (02:57 +0000)]
[QuickLook] Move file system-related code into WebKit
https://bugs.webkit.org/show_bug.cgi?id=131597

Reviewed by Dan Bernstein.

Source/WebCore:

QuickLookHandle should not be responsible for saving a copy of the
original document to disk as it might be running in a process that
either can't write to disk or can only write into a sandboxed
container. To account for this, we need to separate the concern of
quick look conversion from that of original document saving so that
each activity can run in the appropriate process.

Created a new interface between WebCore and WebKit by adding a client
(QuickLookHandleClient) to QuickLookHandle which is notified of incoming
bytes. A new function on FrameLoaderClient tells WebKit when a new
QuickLookHandle is created, giving WebKit the opportunity to register a
handle client. Moved the existing file system-related code as well as
code only needed by WebKit1 in QuickLookHandle into a new WebKit1
QuickLookHandleClient subclass.

* WebCore.exp.in:
* WebCore.xcodeproj/project.pbxproj: Made QuickLookHandleClient.h Private.
* loader/FrameLoaderClient.h:
(WebCore::FrameLoaderClient::didCreateQuickLookHandle): Added.
* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::didCreateQuickLookHandle): Called FrameLoaderClient::didCreateQuickLookHandle().
* loader/ResourceLoader.h:
* platform/network/ResourceHandle.h: Made m_quickLook a unique_ptr.
(WebCore::ResourceHandle::setQuickLookHandle): Changed to take a unique_ptr.
* platform/network/ResourceHandleClient.h:
(WebCore::ResourceHandleClient::didCreateQuickLookHandle): Added.
* platform/network/ios/QuickLook.h: Added m_client, gave m_converter a stronger type, and made m_nsResponse a RetainPtr.
(WebCore::QuickLookHandle::setClient): Added.
(WebCore::QuickLookHandle::firstRequestURL): Added.
(WebCore::QuickLookHandle::converter): Added.
* platform/network/ios/QuickLook.mm:
(WebCore::registerQLPreviewConverterIfNeeded):
(WebCore::createTemporaryFileForQuickLook): Made non-static.
(WebCore::emptyClient): Returned a shared empty QuickLookHandleClient.
(WebCore::QuickLookHandle::QuickLookHandle): Removed file system and WebKit1-only code.
(WebCore::QuickLookHandle::create): Changed to return a unique_ptr.
(WebCore::QuickLookHandle::nsResponse):
(WebCore::QuickLookHandle::didReceiveDataArray): Removed file system code and called QuickLookHandleClient::didReceiveDataArray() instead.
(WebCore::QuickLookHandle::didReceiveData): Removed file system code and called QuickLookHandleClient::didReceiveData() instead.
(WebCore::QuickLookHandle::didFinishLoading): Removed file system code and called QuickLookHandleClient::didFinishLoading() instead.
(WebCore::QuickLookHandle::didFail): Removed file system and WebKit1-only code, calling QuickLookHandleClient::didFail() instead.
(WebCore::QuickLookHandle::~QuickLookHandle): Removed file system and WebKit1-only code. Cleared our reference to m_client.
(WebCore::QuickLookHandle::previewFileName): Retrieved from m_converter.
(WebCore::QuickLookHandle::previewRequestURL): Ditto.
* platform/network/ios/QuickLookHandleClient.h: Added.
(WebCore::QuickLookHandleClient::~QuickLookHandleClient):
(WebCore::QuickLookHandleClient::didReceiveDataArray):
(WebCore::QuickLookHandleClient::didReceiveData):
(WebCore::QuickLookHandleClient::didFinishLoading):
(WebCore::QuickLookHandleClient::didFail):

Source/WebKit/mac:

Moved file system and WebKit1-only code from QuickLookHandle into a new
QuickLookHandleClient subclass.

* WebCoreSupport/WebFrameLoaderClient.h:
* WebCoreSupport/WebFrameLoaderClient.mm:

Source/WebKit2:

* WebProcess/Network/WebResourceLoader.h: Made m_quickLookHandle a unique_ptr.
* WebProcess/ios/WebResourceLoaderIOS.mm:
(WebKit::WebResourceLoader::setUpQuickLookHandleIfNeeded):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167207 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoRelax adoption requirements of RefCounted objects that are NeverDestroyed
aestes@apple.com [Mon, 14 Apr 2014 01:35:27 +0000 (01:35 +0000)]
Relax adoption requirements of RefCounted objects that are NeverDestroyed
https://bugs.webkit.org/show_bug.cgi?id=131593

Reviewed by Dan Bernstein.

RefCounted objects that are created by NeverDestroyed<> won't have a
RefPtr adopting them, so call relaxAdoptionRequirements().

* wtf/NeverDestroyed.h:
(WTF::NeverDestroyed::NeverDestroyed):
(WTF::NeverDestroyed::MaybeRelax::MaybeRelax):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167206 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoAdded some website recordings to MallocBench -- taken from Membuster
ggaren@apple.com [Mon, 14 Apr 2014 00:02:08 +0000 (00:02 +0000)]
Added some website recordings to MallocBench -- taken from Membuster
https://bugs.webkit.org/show_bug.cgi?id=131601

Reviewed by Ryosuke Niwa.

Added flickr, reddit, and theverge -- each recorded from Membuster's
cache, with and without sending Safari a low memory warning.

* MallocBench/MallocBench.xcodeproj/project.pbxproj:
* MallocBench/MallocBench/Benchmark.cpp:
* MallocBench/MallocBench/flickr.cpp: Added.
(benchmark_flickr):
(benchmark_flickr_memory_warning):
* MallocBench/MallocBench/flickr.h: Added.
* MallocBench/MallocBench/flickr.ops: Added.
* MallocBench/MallocBench/flickr_memory_warning.ops: Added.
* MallocBench/MallocBench/reddit.cpp: Added.
(benchmark_reddit):
(benchmark_reddit_memory_warning):
* MallocBench/MallocBench/reddit.h: Added.
* MallocBench/MallocBench/reddit.ops: Added.
* MallocBench/MallocBench/reddit_memory_warning.ops: Added.
* MallocBench/MallocBench/theverge.cpp: Added.
(benchmark_theverge):
(benchmark_theverge_memory_warning):
* MallocBench/MallocBench/theverge.h: Added.
* MallocBench/MallocBench/theverge.ops: Added.
* MallocBench/MallocBench/theverge_memory_warning.ops: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167205 268f45cc-cd09-0410-ab3c-d52691b4dbfc

8 years agoFixed some mbmalloc exports
ggaren@apple.com [Sun, 13 Apr 2014 23:28:59 +0000 (23:28 +0000)]
Fixed some mbmalloc exports
https://bugs.webkit.org/show_bug.cgi?id=131599

Reviewed by Ryosuke Niwa.

* bmalloc.xcodeproj/project.pbxproj: Made some headers a private part
of the project, so we can call them from API.

* bmalloc/mbmalloc.cpp: Marked the mbmalloc functions with default
visibility, so they show up as exported in the .dylib.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167204 268f45cc-cd09-0410-ab3c-d52691b4dbfc