WebKit-https.git
9 years agoREGRESSION (r142549): Remove web intents code
commit-queue@webkit.org [Tue, 12 Feb 2013 04:22:34 +0000 (04:22 +0000)]
REGRESSION (r142549): Remove web intents code
https://bugs.webkit.org/show_bug.cgi?id=109532

Patch by KwangYong Choi <ky0.choi@samsung.com> on 2013-02-11
Reviewed by Nico Weber.

Remove remaning code related to web intents.

No new tests, no change on behavior.

* UseJSC.cmake:
* bindings/js/JSIntentConstructor.cpp: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142570 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed, rolling out r142568.
commit-queue@webkit.org [Tue, 12 Feb 2013 04:17:40 +0000 (04:17 +0000)]
Unreviewed, rolling out r142568.
http://trac.webkit.org/changeset/142568
https://bugs.webkit.org/show_bug.cgi?id=109541

Broke the build, won't compile. (Requested by alancutter on
#webkit).

Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2013-02-11

Source/Platform:

* chromium/public/WebCompositorSupport.h:
(WebCompositorSupport):
(WebKit::WebCompositorSupport::createLayerTreeView):
* chromium/public/WebUnitTestSupport.h:

Source/WebKit/chromium:

* tests/GraphicsLayerChromiumTest.cpp:
(WebKit::GraphicsLayerChromiumTest::GraphicsLayerChromiumTest):
* tests/ScrollingCoordinatorChromiumTest.cpp:
(WebKit::FakeWebViewClient::initializeLayerTreeView):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142569 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[chromium] Add WebUnitTestSupport::createLayerTreeViewForTesting for webkit_unit_tests
jamesr@google.com [Tue, 12 Feb 2013 02:50:58 +0000 (02:50 +0000)]
[chromium] Add WebUnitTestSupport::createLayerTreeViewForTesting for webkit_unit_tests
https://bugs.webkit.org/show_bug.cgi?id=109403

Reviewed by Adam Barth.

Source/Platform:

webkit_unit_tests that need compositing support need only a simple WebLayerTreeView implementation, not the full
thing.

* chromium/public/WebCompositorSupport.h:
(WebCompositorSupport):
(WebKit::WebCompositorSupport::createLayerTreeView):
* chromium/public/WebUnitTestSupport.h:
(WebKit):
(WebUnitTestSupport):
(WebKit::WebUnitTestSupport::createLayerTreeViewForTesting):

Source/WebKit/chromium:

* tests/GraphicsLayerChromiumTest.cpp:
(WebKit::GraphicsLayerChromiumTest::GraphicsLayerChromiumTest):
* tests/ScrollingCoordinatorChromiumTest.cpp:
(WebKit::FakeWebViewClient::initializeLayerTreeView):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142568 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoAdd temporary typedef to ANGLEWebKitBridge to support incompatible API upgrade
kbr@google.com [Tue, 12 Feb 2013 02:38:54 +0000 (02:38 +0000)]
Add temporary typedef to ANGLEWebKitBridge to support incompatible API upgrade
https://bugs.webkit.org/show_bug.cgi?id=109127

Reviewed by Dean Jackson.

No new tests. Built and tested WebKit and Chromium with this change.

* platform/graphics/ANGLEWebKitBridge.cpp:
(WebCore):
    Define temporary typedef spanning int -> size_t change.
(WebCore::getValidationResultValue):
(WebCore::getSymbolInfo):
    Use temporary typedef.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142567 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed. Rolled Chromium DEPS to r181817. Requested by
commit-queue@webkit.org [Tue, 12 Feb 2013 02:38:35 +0000 (02:38 +0000)]
Unreviewed.  Rolled Chromium DEPS to r181817.  Requested by
"James Robinson" <jamesr@chromium.org> via sheriffbot.

Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2013-02-11

* DEPS:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142566 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[V8] ScheduledAction::m_context can be empty, so we shouldn't
haraken@chromium.org [Tue, 12 Feb 2013 02:06:13 +0000 (02:06 +0000)]
[V8] ScheduledAction::m_context can be empty, so we shouldn't
retrieve an Isolate by using m_context->GetIsolate()
https://bugs.webkit.org/show_bug.cgi?id=109523

Reviewed by Adam Barth.

Chromium bug: https://code.google.com/p/chromium/issues/detail?id=175307#makechanges

Currently ScheduledAction is retrieving an Isolate by using m_context->GetIsolate().
This can crash because ScheduledAction::m_context can be empty. Specifically,
ScheduledAction::m_context is set to ScriptController::currentWorldContext(),
which can return an empty handle when a frame does not exist. In addition,
'if(context.IsEmpty())' in ScheduledAction.cpp implies that it can be empty.

Alternately, we should pass an Isolate explicitly when a ScheduledAction is instantiated.

No tests. The Chromium crash report doesn't provide enough information
to reproduce the bug.

* bindings/v8/ScheduledAction.cpp:
(WebCore::ScheduledAction::ScheduledAction):
(WebCore):
(WebCore::ScheduledAction::~ScheduledAction):
* bindings/v8/ScheduledAction.h:
(ScheduledAction):
* bindings/v8/custom/V8DOMWindowCustom.cpp:
(WebCore::WindowSetTimeoutImpl):
* bindings/v8/custom/V8WorkerContextCustom.cpp:
(WebCore::SetTimeoutOrInterval):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142565 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoIndexedDB: Add UnknownError to WebIDBDatabaseException
dgrogan@chromium.org [Tue, 12 Feb 2013 01:58:38 +0000 (01:58 +0000)]
IndexedDB: Add UnknownError to WebIDBDatabaseException
https://bugs.webkit.org/show_bug.cgi?id=109519

Reviewed by Adam Barth.

* public/WebIDBDatabaseException.h:
* src/AssertMatchingEnums.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142564 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoBuild fix: r142549 broke EFL build
commit-queue@webkit.org [Tue, 12 Feb 2013 01:52:19 +0000 (01:52 +0000)]
Build fix: r142549 broke EFL build
https://bugs.webkit.org/show_bug.cgi?id=109527

Patch by Adenilson Cavalcanti <cavalcantii@gmail.com> on 2013-02-11
Reviewed by Kentaro Hara.

Source/WebCore:

No new tests, no change on behavior.

* CMakeLists.txt:

Source/WebKit:

Build fix.

* CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142563 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[EFL] Build fix
commit-queue@webkit.org [Tue, 12 Feb 2013 01:42:24 +0000 (01:42 +0000)]
[EFL] Build fix
https://bugs.webkit.org/show_bug.cgi?id=109518

Patch by Jae Hyun Park <jae.park@company100.net> on 2013-02-11
Reviewed by Laszlo Gombos.

Fix EFL build by including PluginProcessConnectionManager.messages.in in
CMakeLists.txt

* CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142562 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoREGRESSION (r142520?): Space no longer scrolls the page
simon.fraser@apple.com [Tue, 12 Feb 2013 01:35:34 +0000 (01:35 +0000)]
REGRESSION (r142520?): Space no longer scrolls the page
https://bugs.webkit.org/show_bug.cgi?id=109526

Reviewed by Tim Horton.

ScrollingTree::updateTreeFromStateNode() used to bail early when it had
no children (no fixed or sticky elements), but that left updateAfterChildren()
uncalled. Fix by always calling updateAfterChildren(), which updates the scroll
position.

* page/scrolling/ScrollingTree.cpp:
(WebCore::ScrollingTree::updateTreeFromStateNode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142561 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoRemove extra early-return in FrameView::setScrollPosition
timothy_horton@apple.com [Tue, 12 Feb 2013 01:31:46 +0000 (01:31 +0000)]
Remove extra early-return in FrameView::setScrollPosition

Rubber-stamped by Simon Fraser.

* page/FrameView.cpp:
(WebCore::FrameView::setScrollPosition):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142560 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoMove deletionUI tests into platform/mac
rniwa@webkit.org [Tue, 12 Feb 2013 01:31:36 +0000 (01:31 +0000)]
Move deletionUI tests into platform/mac
https://bugs.webkit.org/show_bug.cgi?id=109517

Reviewed by Benjamin Poulain.

Moved deletionUI tests into platform/mac since Mac is the only port that ships this feature.

* editing/deleting/5408255-expected.txt: Removed.
* editing/deleting/5408255.html: Removed.
* editing/deleting/deletionUI-single-instance.html: Removed.
* platform/chromium/editing/deleting/deletionUI-single-instance-expected.png: Removed.
* platform/chromium/editing/deleting/deletionUI-single-instance-expected.txt: Removed.
* platform/efl/TestExpectations:
* platform/mac/editing/deleting/deletionUI-click-on-delete-button-expected.txt: Copied from LayoutTests/editing/deleting/5408255-expected.txt.
* platform/mac/editing/deleting/deletionUI-click-on-delete-button.html: Copied from LayoutTests/editing/deleting/5408255.html.
* platform/mac/editing/deleting/deletionUI-single-instance.html: Copied from LayoutTests/editing/deleting/deletionUI-single-instance.html.
* platform/qt-mac/TestExpectations:
* platform/qt/editing/deleting/deletionUI-single-instance-expected.png: Removed.
* platform/qt/editing/deleting/deletionUI-single-instance-expected.txt: Removed.
* platform/win/TestExpectations:
* platform/wincairo/TestExpectations:
* platform/wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142559 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[Microdata] Fix crash after r141034 in chromuim port
arko@motorola.com [Tue, 12 Feb 2013 01:29:07 +0000 (01:29 +0000)]
[Microdata] Fix crash after r141034 in chromuim port
https://bugs.webkit.org/show_bug.cgi?id=109514

Reviewed by Ryosuke Niwa.

Added V8SkipVTableValidation extended attribute to skip
VTable validation check for DOMSettableTokenList interface.

This patch fixes below test failures:
Tests: fast/dom/MicroData/domsettabletokenlist-attributes-add-token.html
       fast/dom/MicroData/domsettabletokenlist-attributes-out-of-range-index.html
       fast/dom/MicroData/element-with-empty-itemprop.html
       fast/dom/MicroData/itemprop-add-remove-tokens.html
       fast/dom/MicroData/itemprop-for-an-element-must-be-correct.html
       fast/dom/MicroData/itemprop-must-be-read-only.html
       fast/dom/MicroData/itemprop-reflected-by-itemProp-property.html
       fast/dom/MicroData/itemref-add-remove-tokens.html
       fast/dom/MicroData/itemref-attribute-reflected-by-itemRef-property.html
       fast/dom/MicroData/itemref-for-an-element-must-be-correct.html
       fast/dom/MicroData/itemref-must-be-read-only.html
       fast/dom/MicroData/itemtype-add-remove-tokens.html
       fast/dom/MicroData/itemtype-attribute-test.html
       fast/dom/MicroData/microdata-domtokenlist-attribute-add-remove-tokens.html
       fast/dom/MicroData/properties-collection-namedgetter-with-invalid-name.html
       fast/dom/MicroData/propertynodelist-add-remove-itemprop-tokens.html
       fast/dom/MicroData/propertynodelist-add-remove-itemref-tokens.html

* html/DOMSettableTokenList.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142558 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoMake JSC API more NULL tolerant
oliver@apple.com [Tue, 12 Feb 2013 01:20:57 +0000 (01:20 +0000)]
Make JSC API more NULL tolerant
https://bugs.webkit.org/show_bug.cgi?id=109515

Reviewed by Mark Hahnenberg.

We do so much marshalling for the C API these days anyway that a single null
check isn't a performance issue.  Yet the existing "null is unsafe" behaviour
leads to crashes in embedding applications whenever there's an untested code
path, so it seems having defined behaviour is superior.

* API/APICast.h:
(toJS):
(toJSForGC):
* API/JSObjectRef.cpp:
(JSObjectIsFunction):
(JSObjectCallAsFunction):
(JSObjectIsConstructor):
(JSObjectCallAsConstructor):
* API/tests/testapi.c:
(main):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142557 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoFix build.
andersca@apple.com [Tue, 12 Feb 2013 01:09:46 +0000 (01:09 +0000)]
Fix build.

* WebProcess/Plugins/PluginProcessConnectionManager.cpp:
(WebKit::PluginProcessConnectionManager::didReceiveMessageOnConnectionWorkQueue):
* WebProcess/WebProcess.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142556 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoLoad event fires too early with threaded HTML parser (take 2)
abarth@webkit.org [Tue, 12 Feb 2013 01:07:33 +0000 (01:07 +0000)]
Load event fires too early with threaded HTML parser (take 2)
https://bugs.webkit.org/show_bug.cgi?id=109485

Reviewed by Eric Seidel.

Source/WebCore:

This patch restores the code that was removed in
http://trac.webkit.org/changeset/142492 and adds code to
DocumentLoader.cpp to avoid the regression.

* dom/Document.cpp:
(WebCore::Document::hasActiveParser):
(WebCore::Document::decrementActiveParserCount):
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::isLoadingInAPISense):

LayoutTests:

This patch also fixes a bug whereby removing an iframe during the load
event would trigger DumpRenderTree to dump the test in the middle of
the load event. We now wait until the load event is over.

* compositing/iframes/remove-iframe-crash-expected.txt:
* fast/frames/iframe-access-screen-of-deleted-expected.txt:
* fast/frames/remove-frame-during-load-event-expected.txt: Added.
* fast/frames/remove-frame-during-load-event.html: Added.
* http/tests/misc/xslt-bad-import-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142555 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed, adding a FIXME to remind ourselves of a bug.
fpizlo@apple.com [Tue, 12 Feb 2013 01:05:39 +0000 (01:05 +0000)]
Unreviewed, adding a FIXME to remind ourselves of a bug.
https://bugs.webkit.org/show_bug.cgi?id=109487

* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142554 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[GTK] Build fix.
ossy@webkit.org [Tue, 12 Feb 2013 00:55:07 +0000 (00:55 +0000)]
[GTK] Build fix.
https://bugs.webkit.org/show_bug.cgi?id=109516

Patch by Seulgi Kim <seulgikim@company100.net> on 2013-02-11
Reviewed by Csaba Osztrogon√°c.

PluginProcessConnectionManagerMessages are omitted from messages list.

* GNUmakefile.list.am:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142553 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoFold HTMLTokenizerState back into HTMLTokenizer now that MarkupTokenizerBase is RFG
eric@webkit.org [Tue, 12 Feb 2013 00:53:45 +0000 (00:53 +0000)]
Fold HTMLTokenizerState back into HTMLTokenizer now that MarkupTokenizerBase is RFG
https://bugs.webkit.org/show_bug.cgi?id=109502

Reviewed by Tony Gentilcore.

Just a search replace of HTMLTokenizerState with HTMLTokenizer and moving the enum.
This restores us to the peacefull world pre-NEW_XML.

* html/parser/BackgroundHTMLParser.cpp:
(WebCore::BackgroundHTMLParser::forcePlaintextForTextDocument):
(WebCore::BackgroundHTMLParser::simulateTreeBuilder):
* html/parser/HTMLDocumentParser.cpp:
(WebCore::tokenizerStateForContextElement):
(WebCore::HTMLDocumentParser::forcePlaintextForTextDocument):
(WebCore::HTMLDocumentParser::pumpTokenizer):
* html/parser/HTMLTokenizer.cpp:
(WebCore::isEndTagBufferingState):
(WebCore):
(WebCore::HTMLTokenizer::reset):
(WebCore::HTMLTokenizer::flushEmitAndResumeIn):
(WebCore::HTMLTokenizer::nextToken):
(WebCore::HTMLTokenizer::updateStateFor):
* html/parser/HTMLTokenizer.h:
(HTMLTokenizer):
(WebCore::HTMLTokenizer::create):
(WebCore::HTMLTokenizer::shouldSkipNullCharacters):
(WebCore::HTMLTokenizer::emitEndOfFile):
* html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::processStartTagForInBody):
(WebCore::HTMLTreeBuilder::processEndTag):
(WebCore::HTMLTreeBuilder::processGenericRCDATAStartTag):
(WebCore::HTMLTreeBuilder::processGenericRawTextStartTag):
(WebCore::HTMLTreeBuilder::processScriptStartTag):
* html/parser/TextViewSourceParser.cpp:
(WebCore::TextViewSourceParser::TextViewSourceParser):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142552 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed. Rolled Chromium DEPS to r181787. Requested by
commit-queue@webkit.org [Tue, 12 Feb 2013 00:49:08 +0000 (00:49 +0000)]
Unreviewed.  Rolled Chromium DEPS to r181787.  Requested by
thakis_ via sheriffbot.

Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2013-02-11

* DEPS:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142551 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoBuild fix after r142528
haraken@chromium.org [Tue, 12 Feb 2013 00:46:58 +0000 (00:46 +0000)]
Build fix after r142528
https://bugs.webkit.org/show_bug.cgi?id=109520

Reviewed by Eric Seidel.

r142528 changed GIFImageReader from a struct to a class.
We also need to fix a forward declaration.

No tests.

* platform/image-decoders/gif/GIFImageDecoder.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142550 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoRemove web intents code
thakis@chromium.org [Tue, 12 Feb 2013 00:39:54 +0000 (00:39 +0000)]
Remove web intents code
https://bugs.webkit.org/show_bug.cgi?id=109501

Reviewed by Eric Seidel.

See thread "Removing ENABLE(WEB_INTENTS) code" on webkit-dev.

Source/WebCore:

* DerivedSources.make:
* Modules/intents/DOMWindowIntents.cpp: Removed.
* Modules/intents/DOMWindowIntents.h: Removed.
* Modules/intents/DOMWindowIntents.idl: Removed.
* Modules/intents/DeliveredIntent.cpp: Removed.
* Modules/intents/DeliveredIntent.h: Removed.
* Modules/intents/DeliveredIntent.idl: Removed.
* Modules/intents/Intent.cpp: Removed.
* Modules/intents/Intent.h: Removed.
* Modules/intents/Intent.idl: Removed.
* Modules/intents/IntentRequest.cpp: Removed.
* Modules/intents/IntentRequest.h: Removed.
* Modules/intents/IntentResultCallback.h: Removed.
* Modules/intents/IntentResultCallback.idl: Removed.
* Modules/intents/NavigatorIntents.cpp: Removed.
* Modules/intents/NavigatorIntents.h: Removed.
* Modules/intents/NavigatorIntents.idl: Removed.
* WebCore.gyp/WebCore.gyp:
* WebCore.gypi:
* bindings/generic/RuntimeEnabledFeatures.cpp:
(WebCore):
* bindings/generic/RuntimeEnabledFeatures.h:
(RuntimeEnabledFeatures):
* bindings/v8/custom/V8IntentCustom.cpp: Removed.
* html/HTMLElementsAllInOne.cpp:
* html/HTMLIntentElement.cpp: Removed.
* html/HTMLIntentElement.h: Removed.
* html/HTMLIntentElement.idl: Removed.
* loader/EmptyClients.cpp:
* loader/EmptyClients.h:
(EmptyFrameLoaderClient):
* loader/FrameLoaderClient.h:
(WebCore):
* page/DOMWindow.idl:

Source/WebKit/chromium:

* WebKit.gyp:
* features.gypi:
* public/WebDeliveredIntentClient.h: Removed.
* public/WebFrame.h:
(WebKit):
(WebFrame):
* public/WebFrameClient.h:
(WebKit):
* public/WebIntent.h: Removed.
* public/WebIntentRequest.h: Removed.
* public/WebIntentServiceInfo.h: Removed.
* public/WebRuntimeFeatures.h:
(WebRuntimeFeatures):
* src/DeliveredIntentClientImpl.cpp: Removed.
* src/DeliveredIntentClientImpl.h: Removed.
* src/FrameLoaderClientImpl.cpp:
* src/FrameLoaderClientImpl.h:
(FrameLoaderClientImpl):
* src/WebFrameImpl.cpp:
* src/WebFrameImpl.h:
(WebKit):
(WebFrameImpl):
* src/WebIntent.cpp: Removed.
* src/WebIntentRequest.cpp: Removed.
* src/WebIntentServiceInfo.cpp: Removed.
* src/WebRuntimeFeatures.cpp:

Tools:

* DumpRenderTree/TestRunner.cpp:
(TestRunner::staticFunctions):
* DumpRenderTree/TestRunner.h:
(TestRunner):
* DumpRenderTree/blackberry/TestRunnerBlackBerry.cpp:
* DumpRenderTree/chromium/TestRunner/public/WebTestDelegate.h:
(WebKit):
* DumpRenderTree/chromium/TestRunner/public/WebTestProxy.h:
(WebKit):
(WebTestRunner::WebTestProxy::didEndEditing):
* DumpRenderTree/chromium/TestRunner/src/TestRunner.cpp:
(WebTestRunner::TestRunner::TestRunner):
* DumpRenderTree/chromium/TestRunner/src/TestRunner.h:
(TestRunner):
* DumpRenderTree/chromium/TestRunner/src/WebTestProxy.cpp:
* DumpRenderTree/chromium/WebViewHost.cpp:
* DumpRenderTree/chromium/WebViewHost.h:
(WebViewHost):
* DumpRenderTree/efl/TestRunnerEfl.cpp:
* DumpRenderTree/gtk/TestRunnerGtk.cpp:
* DumpRenderTree/mac/TestRunnerMac.mm:
* DumpRenderTree/win/TestRunnerWin.cpp:
* DumpRenderTree/wx/TestRunnerWx.cpp:
* Scripts/webkitperl/FeatureList.pm:

LayoutTests:

* webintents/intent-tag-expected.txt: Removed.
* webintents/intent-tag.html: Removed.
* webintents/resources/pass.html: Removed.
* webintents/resources/web-intents-reload-orig.html: Removed.
* webintents/resources/web-intents-testing.js: Removed.
* webintents/web-intents-api-expected.txt: Removed.
* webintents/web-intents-api.html: Removed.
* webintents/web-intents-delivery-expected.txt: Removed.
* webintents/web-intents-delivery-reuse-expected.txt: Removed.
* webintents/web-intents-delivery-reuse.html: Removed.
* webintents/web-intents-delivery.html: Removed.
* webintents/web-intents-failure-expected.txt: Removed.
* webintents/web-intents-failure.html: Removed.
* webintents/web-intents-invoke-expected.txt: Removed.
* webintents/web-intents-invoke-port-expected.txt: Removed.
* webintents/web-intents-invoke-port.html: Removed.
* webintents/web-intents-invoke.html: Removed.
* webintents/web-intents-obj-constructor-expected.txt: Removed.
* webintents/web-intents-obj-constructor.html: Removed.
* webintents/web-intents-reload-expected.txt: Removed.
* webintents/web-intents-reload.html: Removed.
* webintents/web-intents-reply-expected.txt: Removed.
* webintents/web-intents-reply.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142549 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoSVG DOM manipulation crash
schenney@chromium.org [Tue, 12 Feb 2013 00:36:45 +0000 (00:36 +0000)]
SVG DOM manipulation crash
https://bugs.webkit.org/show_bug.cgi?id=108709

Reviewed by Eric Seidel.

Adding a test for the case where an SVG <use> tree is rebuild due to
one event listener and a subsequent listener tries to access it. This
does not crash in WebKit but has caused problems in browser code where
the listener tries to access and use toNode on the target of the
event. The test prevents regressions and gives automated security
tests something to work on.

* svg/custom/use-listener-append-crash-expected.txt: Added.
* svg/custom/use-listener-append-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142548 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoFix Mac build after http://trac.webkit.org/changeset/142535.
eric@webkit.org [Tue, 12 Feb 2013 00:33:32 +0000 (00:33 +0000)]
Fix Mac build after trac.webkit.org/changeset/142535.

Unreviewed build fix.

* html/parser/HTMLTokenizer.h:
(WebCore::HTMLTokenizer::emitAndReconsumeIn):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142547 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoMake WebCore Derived Sources work with SDK identifiers too
commit-queue@webkit.org [Tue, 12 Feb 2013 00:32:23 +0000 (00:32 +0000)]
Make WebCore Derived Sources work with SDK identifiers too
https://bugs.webkit.org/show_bug.cgi?id=109324

Patch by David Farler <dfarler@apple.com> on 2013-02-11
Reviewed by Sam Weinig.

* WebCore.xcodeproj/project.pbxproj: Pass SDKROOT to make for DerivedSources.make

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142546 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoWEBGL_compressed_texture_s3tc extension can be enabled even when not supported
zmo@google.com [Tue, 12 Feb 2013 00:31:15 +0000 (00:31 +0000)]
WEBGL_compressed_texture_s3tc extension can be enabled even when not supported
https://bugs.webkit.org/show_bug.cgi?id=109508

Reviewed by Kenneth Russell.

* html/canvas/WebGLRenderingContext.cpp:
(WebCore):
(WebCore::WebGLRenderingContext::getExtension): Check whether the extension support is there before returning the extension pointer.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142545 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoStrange bug in DFG OSR in JSC
fpizlo@apple.com [Tue, 12 Feb 2013 00:29:20 +0000 (00:29 +0000)]
Strange bug in DFG OSR in JSC
https://bugs.webkit.org/show_bug.cgi?id=109491

Source/JavaScriptCore:

Reviewed by Mark Hahnenberg.

Int32ToDouble was being injected after a side-effecting operation and before a SetLocal. Anytime we
inject something just before a SetLocal we should be aware that the previous operation may have been
a side-effect associated with the current code origin. Hence, we should use a forward exit.
Int32ToDouble does not do forward exits by default.

This patch adds a forward-exiting form of Int32ToDouble, for use in SetLocal Int32ToDouble injections.
Changed the CSE and other things to treat these nodes identically, but for the exit strategy to be
distinct (Int32ToDouble -> backward, ForwardInt32ToDouble -> forward). The use of the NodeType for
signaling exit direction is not "great" but it's what we use in other places already (like
ForwardCheckStructure).

* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::int32ToDoubleCSE):
(CSEPhase):
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGCommon.h:
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::fixDoubleEdge):
(JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::willHaveCodeGenOrOSR):
* dfg/DFGNodeType.h:
(DFG):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
(JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGVariableEventStream.cpp:
(JSC::DFG::VariableEventStream::reconstruct):

LayoutTests:

Reviewed by Mark Hahnenberg.

Added one version of the test (dfg-int32-to-double-on-set-local-and-exit) that is based
exactly on Gabor's original test, and another that ought to fail even if I fix other bugs
in the future (see https://bugs.webkit.org/show_bug.cgi?id=109511).

* fast/js/dfg-int32-to-double-on-set-local-and-exit-expected.txt: Added.
* fast/js/dfg-int32-to-double-on-set-local-and-exit.html: Added.
* fast/js/dfg-int32-to-double-on-set-local-and-sometimes-exit-expected.txt: Added.
* fast/js/dfg-int32-to-double-on-set-local-and-sometimes-exit.html: Added.
* fast/js/script-tests/dfg-int32-to-double-on-set-local-and-exit.js: Added.
(checkpoint):
(func1):
(func2):
(func3):
(test):
* fast/js/script-tests/dfg-int32-to-double-on-set-local-and-sometimes-exit.js: Added.
(checkpoint):
(func1):
(func2):
(func3):
(test):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142544 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[WK2] setMinimumLayoutWidth should bail if there's no WebProcess
timothy_horton@apple.com [Tue, 12 Feb 2013 00:21:17 +0000 (00:21 +0000)]
[WK2] setMinimumLayoutWidth should bail if there's no WebProcess
https://bugs.webkit.org/show_bug.cgi?id=109512
<rdar://problem/13093627>

Reviewed by Anders Carlsson.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::setMinimumLayoutWidth):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142542 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoPluginProcessConnectionManager should be a QueueClient
andersca@apple.com [Tue, 12 Feb 2013 00:08:15 +0000 (00:08 +0000)]
PluginProcessConnectionManager should be a QueueClient
https://bugs.webkit.org/show_bug.cgi?id=109496

Reviewed by Andreas Kling.

* WebProcess/Plugins/PluginProcessConnectionManager.cpp:
(WebKit::PluginProcessConnectionManager::didReceiveMessageOnConnectionWorkQueue):
(WebKit):
(WebKit::PluginProcessConnectionManager::didCloseOnConnectionWorkQueue):
* WebProcess/Plugins/PluginProcessConnectionManager.h:
(PluginProcessConnectionManager):
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeConnection):
* WebProcess/WebProcess.h:
(WebProcess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142540 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoChange RenderFrameSet::paint to use m-rows/m_cols directly.
eae@chromium.org [Tue, 12 Feb 2013 00:07:35 +0000 (00:07 +0000)]
Change RenderFrameSet::paint to use m-rows/m_cols directly.
https://bugs.webkit.org/show_bug.cgi?id=108503

Source/WebCore:

Reviewed by Eric Seidel.

Test: fast/frames/invalid-frameset.html

* rendering/RenderFrameSet.cpp:
(WebCore::RenderFrameSet::paint):

LayoutTests:

Reviewed by Eric Seidel.

Add test for how we render an invalid frameset.

* fast/frames/invalid-frameset-expected.html: Added.
* fast/frames/invalid-frameset.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142539 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoXMLHttpRequestProgressEventThrottle::resume() always schedules timer even when unnece...
yoli@rim.com [Tue, 12 Feb 2013 00:01:36 +0000 (00:01 +0000)]
XMLHttpRequestProgressEventThrottle::resume() always schedules timer even when unnecessary
https://bugs.webkit.org/show_bug.cgi?id=105348

Reviewed by Alexey Proskuryakov.

Let resume() clear the defer flag and return if there is deferred events to dispatch.

No new tests as this should not affect existing cross-platform behavior. It should be
OK as long as it doesn't break anything.

* xml/XMLHttpRequestProgressEventThrottle.cpp:
(WebCore::XMLHttpRequestProgressEventThrottle::resume):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142538 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[iOS] Upstream changes to Platform.h
ddkilzer@apple.com [Mon, 11 Feb 2013 23:54:55 +0000 (23:54 +0000)]
[iOS] Upstream changes to Platform.h
<http://webkit.org/b/109459>

Reviewed by Benjamin Poulain.

* wtf/Platform.h:
- Changes for armv7s.
- Add ENABLE() definitions for DASHBOARD_SUPPORT and WEBGL.
- Re-sort USE() macros.
- Remove ENABLE() macros for JIT, LLINT and YARR_JIT to enable
  on iOS Simulator.  They are already defined below.
- Turn off HAVE(HOSTED_CORE_ANIMATION) for iOS.
- Turn on USE(COREMEDIA) for iOS 6.0 and later.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142537 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoHarden FastMalloc (again)
oliver@apple.com [Mon, 11 Feb 2013 23:53:22 +0000 (23:53 +0000)]
Harden FastMalloc (again)
https://bugs.webkit.org/show_bug.cgi?id=109334

Reviewed by Mark Hahnenberg.

Re-implement hardening of linked lists in TCMalloc.

In order to keep heap introspection working, we need to thread the
heap entropy manually as the introspection process can't use the
address of a global in determining the mask.  Given we now have to
thread a value through anyway, I've stopped relying on ASLR for entropy
and am simply using arc4random() on darwin, and time + ASLR everywhere
else.

I've also made an explicit struct type for the FastMalloc singly linked
lists, as it seemed like the only way to reliably distinguish between
void*'s that were lists vs. void* that were not.  This also made it
somewhat easier to reason about things across processes.

Verified that all the introspection tools work as expected.

* wtf/FastMalloc.cpp:
(WTF::internalEntropyValue):
(WTF):
(HardenedSLL):
(WTF::HardenedSLL::create):
(WTF::HardenedSLL::null):
(WTF::HardenedSLL::setValue):
(WTF::HardenedSLL::value):
(WTF::HardenedSLL::operator!):
(WTF::HardenedSLL::operator UnspecifiedBoolType):
(TCEntry):
(WTF::SLL_Next):
(WTF::SLL_SetNext):
(WTF::SLL_Push):
(WTF::SLL_Pop):
(WTF::SLL_PopRange):
(WTF::SLL_PushRange):
(WTF::SLL_Size):
(PageHeapAllocator):
(WTF::PageHeapAllocator::Init):
(WTF::PageHeapAllocator::New):
(WTF::PageHeapAllocator::Delete):
(WTF::PageHeapAllocator::recordAdministrativeRegions):
(WTF::Span::next):
(WTF::Span::remoteNext):
(WTF::Span::prev):
(WTF::Span::setNext):
(WTF::Span::setPrev):
(Span):
(WTF::DLL_Init):
(WTF::DLL_Remove):
(WTF::DLL_IsEmpty):
(WTF::DLL_Length):
(WTF::DLL_Prepend):
(TCMalloc_Central_FreeList):
(WTF::TCMalloc_Central_FreeList::enumerateFreeObjects):
(WTF::TCMalloc_Central_FreeList::entropy):
(TCMalloc_PageHeap):
(WTF::TCMalloc_PageHeap::init):
(WTF::TCMalloc_PageHeap::scavenge):
(WTF::TCMalloc_PageHeap::New):
(WTF::TCMalloc_PageHeap::AllocLarge):
(WTF::TCMalloc_PageHeap::Carve):
(WTF::TCMalloc_PageHeap::Delete):
(WTF::TCMalloc_PageHeap::ReturnedBytes):
(WTF::TCMalloc_PageHeap::Check):
(WTF::TCMalloc_PageHeap::CheckList):
(WTF::TCMalloc_PageHeap::ReleaseFreeList):
(TCMalloc_ThreadCache_FreeList):
(WTF::TCMalloc_ThreadCache_FreeList::Init):
(WTF::TCMalloc_ThreadCache_FreeList::empty):
(WTF::TCMalloc_ThreadCache_FreeList::Push):
(WTF::TCMalloc_ThreadCache_FreeList::PushRange):
(WTF::TCMalloc_ThreadCache_FreeList::PopRange):
(WTF::TCMalloc_ThreadCache_FreeList::Pop):
(WTF::TCMalloc_ThreadCache_FreeList::enumerateFreeObjects):
(TCMalloc_ThreadCache):
(WTF::TCMalloc_Central_FreeList::Init):
(WTF::TCMalloc_Central_FreeList::ReleaseListToSpans):
(WTF::TCMalloc_Central_FreeList::ReleaseToSpans):
(WTF::TCMalloc_Central_FreeList::InsertRange):
(WTF::TCMalloc_Central_FreeList::RemoveRange):
(WTF::TCMalloc_Central_FreeList::FetchFromSpansSafe):
(WTF::TCMalloc_Central_FreeList::FetchFromSpans):
(WTF::TCMalloc_Central_FreeList::Populate):
(WTF::TCMalloc_ThreadCache::Init):
(WTF::TCMalloc_ThreadCache::Deallocate):
(WTF::TCMalloc_ThreadCache::FetchFromCentralCache):
(WTF::TCMalloc_ThreadCache::ReleaseToCentralCache):
(WTF::TCMalloc_ThreadCache::InitModule):
(WTF::TCMalloc_ThreadCache::NewHeap):
(WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
* wtf/MallocZoneSupport.h:
(RemoteMemoryReader):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142536 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoFold MarkupTokenizerBase into HTMLTokenizer now that it is the only subclass
eric@webkit.org [Mon, 11 Feb 2013 23:52:39 +0000 (23:52 +0000)]
Fold MarkupTokenizerBase into HTMLTokenizer now that it is the only subclass
https://bugs.webkit.org/show_bug.cgi?id=109499

Reviewed by Adam Barth.

For great justice.  And sanity.
Epic amount of template code deleted.

* GNUmakefile.list.am:
* Target.pri:
* WebCore.gypi:
* WebCore.vcproj/WebCore.vcproj:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* html/parser/HTMLTokenizer.cpp:
(WebCore::HTMLTokenizer::HTMLTokenizer):
* html/parser/HTMLTokenizer.h:
(HTMLTokenizer):
(Checkpoint):
(WebCore::HTMLTokenizer::state):
(WebCore::HTMLTokenizer::setState):
(WebCore::HTMLTokenizer::shouldSkipNullCharacters):
(WebCore::HTMLTokenizer::bufferCharacter):
(WebCore::HTMLTokenizer::emitAndResumeIn):
(WebCore::HTMLTokenizer::emitAndReconsumeIn):
(WebCore::HTMLTokenizer::emitEndOfFile):
(WebCore::HTMLTokenizer::haveBufferedCharacterToken):
* xml/parser/MarkupTokenizerBase.h: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142535 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[Text Autosizing] Collect narrow descendants and process them separately. Refactoring for
commit-queue@webkit.org [Mon, 11 Feb 2013 23:48:51 +0000 (23:48 +0000)]
[Text Autosizing] Collect narrow descendants and process them separately. Refactoring for
a change to follow.
https://bugs.webkit.org/show_bug.cgi?id=109054

Preparational change to combine narrow descendants of the same autosizing cluster into
groups by the width difference between the descendant and the block containing all text of
the parent autosizing cluster. The groups will be autosized with the same multiplier.

For example, on sites with a sidebar, sometimes the paragraphs next to the sidebar will have
a large margin individually applied (via a CSS selector), causing them all to individually
appear narrower than their enclosing blockContainingAllText. Rather than making each of
these paragraphs into a separate cluster, we eventually want to be able to merge them back
together into one (or a few) descendant clusters.

Patch by Anton Vayvod <avayvod@chromium.org> on 2013-02-11
Reviewed by Julien Chaffraix.

No behavioral changes thus no new tests or test changes.

* rendering/TextAutosizer.cpp:
(TextAutosizingClusterInfo): Vector of narrow descendants.
(WebCore::TextAutosizer::processCluster): Process narrow descendants separately.
(WebCore::TextAutosizer::processContainer):

    Remember narrow descendants of the parent cluster for later processing.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142534 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoSource/WebCore: Add ENABLE_DELETION_UI to control the use of the deletion UI.
enrica@apple.com [Mon, 11 Feb 2013 23:47:41 +0000 (23:47 +0000)]
Source/WebCore: Add ENABLE_DELETION_UI to control the use of the deletion UI.
https://bugs.webkit.org/show_bug.cgi?id=109463.

Reviewed by Ryosuke Niwa.

This patch adds #if ENABLE(DELETION_UI) in every spot where
DeleteButtonController is used. This class is now only instantiated
if the feature is enabled. I've also done some cleanup in the
DeleteButtonController class, removing unused methods and making
private some methods only used internally to the class.
Both DeleteButtonController and DeleteButton classes are now excluded
from the compilation if the feature is not enabled.

No new tests, no change of functionality.

* dom/ContainerNode.cpp:
(WebCore::ContainerNode::cloneChildNodes):
* editing/CompositeEditCommand.cpp:
(WebCore::EditCommandComposition::unapply):
(WebCore::EditCommandComposition::reapply):
(WebCore::CompositeEditCommand::apply):
* editing/DeleteButton.cpp:
* editing/DeleteButtonController.cpp:
* editing/DeleteButtonController.h: Some cleanup.
(WebCore::DeleteButtonController::enabled): Made private.
* editing/EditCommand.cpp:
(WebCore::EditCommand::EditCommand):
* editing/Editor.cpp:
(WebCore::Editor::notifyComponentsOnChangedSelection):
(WebCore::Editor::Editor):
(WebCore::Editor::rangeForPoint):
(WebCore::Editor::deviceScaleFactorChanged):
* editing/Editor.h:
* editing/htmlediting.cpp: avoidIntersectionWithNode is
used only if the feature is enabled.
* editing/htmlediting.h:
* editing/markup.cpp:
(WebCore::createMarkup):
(WebCore::createFragmentFromNodes):
* rendering/RenderTable.cpp: Removed unnecessary include
fo DeleteButtonController.h

Source/WTF: Add ENABLE_DELETION_UI to control the use of the deletion UI.
https://bugs.webkit.org/show_bug.cgi?id=109463.

ENABLE_DELETION_UI is set to 1 by default for
all ports. It is explicitly enabled for MAC and disabled for iOS.

Reviewed by Ryosuke Niwa.

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142533 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed WK2 buildfix after r142518.
ossy@webkit.org [Mon, 11 Feb 2013 23:42:27 +0000 (23:42 +0000)]
Unreviewed WK2 buildfix after r142518.

* DerivedSources.pri:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142532 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[HTMLTemplateElement] <template> inside of <head> may not create <body> if EOF is hit
rafaelw@chromium.org [Mon, 11 Feb 2013 23:34:55 +0000 (23:34 +0000)]
[HTMLTemplateElement] <template> inside of <head> may not create <body> if EOF is hit
https://bugs.webkit.org/show_bug.cgi?id=109338

Reviewed by Adam Barth.

Source/WebCore:

This patch adds the logic to clear the stack of open elements back to the first <template> when EOF
is hit. This allows a <body> to be generated if the initial <template> was opened inside of <head>.

Tests added to html5lib.

* html/parser/HTMLTreeBuilder.cpp:
(WebCore):
(WebCore::HTMLTreeBuilder::popAllTemplates):
(WebCore::HTMLTreeBuilder::processEndTag):
(WebCore::HTMLTreeBuilder::processEndOfFile):
* html/parser/HTMLTreeBuilder.h:
(HTMLTreeBuilder):

LayoutTests:

* html5lib/resources/template.dat:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142531 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoNonStringCell and Object are practically the same thing for the purpose of speculation
fpizlo@apple.com [Mon, 11 Feb 2013 23:34:05 +0000 (23:34 +0000)]
NonStringCell and Object are practically the same thing for the purpose of speculation
https://bugs.webkit.org/show_bug.cgi?id=109492

Reviewed by Mark Hahnenberg.

Removed isNonStringCellSpeculation, and made all callers use isObjectSpeculation.

Changed isNonStringCellOrOtherSpeculation to be isObjectOrOtherSpeculation.

I believe this is correct because even weird object types like JSNotAnObject end up
being "objects" from the standpoint of our typesystem. Anyway, the assumption that
"is cell but not a string" equates to "object" is an assumption that is already made
in other places in the system so there's little value in being paranoid about it.

* bytecode/SpeculatedType.h:
(JSC::isObjectSpeculation):
(JSC::isObjectOrOtherSpeculation):
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGNode.h:
(Node):
(JSC::DFG::Node::shouldSpeculateObjectOrOther):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileStrictEq):
* dfg/DFGSpeculativeJIT.h:
(SpeculativeJIT):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142530 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoRenderText::isAllCollapsibleWhitespace() shouldn't upconvert string to 16-bit.
akling@apple.com [Mon, 11 Feb 2013 23:28:41 +0000 (23:28 +0000)]
RenderText::isAllCollapsibleWhitespace() shouldn't upconvert string to 16-bit.
<http://webkit.org/b/109354>

Reviewed by Eric Seidel.

254 KB progression on Membuster3.

* rendering/RenderText.cpp:
(WebCore::RenderText::isAllCollapsibleWhitespace):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142529 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoFix code style violations in GIFImageReader.{cc|h}
hclam@chromium.org [Mon, 11 Feb 2013 23:21:32 +0000 (23:21 +0000)]
Fix code style violations in GIFImageReader.{cc|h}
https://bugs.webkit.org/show_bug.cgi?id=109007

Reviewed by Stephen White.

This is just a style clean up for GIFImageReader.{cc|h}.

There's going to be a lot changes in these two files and style check
will add a lot of noise in later reviews. Fix style problems first.

There is no change in logic at all. Just style fixes.

No new tests.

* platform/image-decoders/gif/GIFImageDecoder.cpp:
(WebCore::GIFImageDecoder::frameCount):
(WebCore::GIFImageDecoder::repetitionCount):
(WebCore::GIFImageDecoder::haveDecodedRow):
(WebCore::GIFImageDecoder::initFrameBuffer):
* platform/image-decoders/gif/GIFImageReader.cpp:
(GIFImageReader::outputRow):
(GIFImageReader::doLZW):
(GIFImageReader::read):
* platform/image-decoders/gif/GIFImageReader.h:
(GIFFrameContext):
(GIFFrameContext::GIFFrameContext):
(GIFFrameContext::~GIFFrameContext):
(GIFImageReader::GIFImageReader):
(GIFImageReader::~GIFImageReader):
(GIFImageReader):
(GIFImageReader::imagesCount):
(GIFImageReader::loopCount):
(GIFImageReader::globalColormap):
(GIFImageReader::globalColormapSize):
(GIFImageReader::frameContext):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142528 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[CSS Exclusions] Handle shape-outside changing a float's overhang behavior
commit-queue@webkit.org [Mon, 11 Feb 2013 23:17:12 +0000 (23:17 +0000)]
[CSS Exclusions] Handle shape-outside changing a float's overhang behavior
https://bugs.webkit.org/show_bug.cgi?id=106927

Patch by Bem Jones-Bey <bjonesbe@adobe.com> on 2013-02-11
Reviewed by Julien Chaffraix.

Source/WebCore:

When the position on a shape outside causes a float to spill out into
another block than it's container, it was not being drawn correctly. It
became apparent that in order to fix this properly, the approach to
positioning shape outsides and floats needed to be changed. The new
approach also fixes some other outstanding issues, like hit detection.

When a float has a shape outside, inline and float layout happens
using the exclusion shape bounds instead of the float's box.  The
effect of this is that the float itself no longer has any effect on
layout, both with respect to positioning of the float's siblings as
well as positioning the float's box. This means that when the float is
positioned, it is the shape's box that must obey the positioning rules
for floats. When the shape is given a position relative to the float's
box, the rules for float positioning determine where the shape sits
in the parent, causing the float's box to be offset by the position of
the shape. Since the float's box does not affect layout (due to the
shape), this is similar to relative positioning in that the offset is
a paint time occurrence.

So the new approach is to implement positioning of shape outside on
floats similar to how relative positioning is implemented, using a
RenderLayer.

This is also tested by the existing tests for shape outside on floats positioning.

Test: fast/exclusions/shape-outside-floats/shape-outside-floats-overhang.html

* rendering/ExclusionShapeOutsideInfo.h:
(WebCore::ExclusionShapeOutsideInfo::shapeLogicalOffset): Utility method to create a LayoutSize for computing the layer offset.
(ExclusionShapeOutsideInfo):
* rendering/LayoutState.cpp:
(WebCore::LayoutState::LayoutState): Check for floats with shape outside as well as in flow positioning.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::flipFloatForWritingModeForChild): Remove old positioning implementation.
(WebCore::RenderBlock::paintFloats): Remove old positioning implementation.
(WebCore::RenderBlock::blockSelectionGaps): Check for floats with shape outside as well as in flow positioning.
(WebCore::RenderBlock::positionNewFloats): Remove old positioning implementation.
(WebCore::RenderBlock::addOverhangingFloats): Remove FIXME.
(WebCore::positionForPointRespectingEditingBoundaries): Check for floats with shape outside as well as in flow positioning.
* rendering/RenderBlock.h:
(RenderBlock): Remove old positioning implementation.
(WebCore::RenderBlock::xPositionForFloatIncludingMargin): Remove old positioning implementation.
(WebCore::RenderBlock::yPositionForFloatIncludingMargin): Remove old positioning implementation.
* rendering/RenderBox.cpp:
(WebCore::RenderBox::mapLocalToContainer): Check for floats with shape outside as well as in flow positioning.
(WebCore::RenderBox::offsetFromContainer): Check for floats with shape outside as well as in flow positioning.
(WebCore::RenderBox::computeRectForRepaint): Check for floats with shape outside as well as in flow positioning.
(WebCore::RenderBox::layoutOverflowRectForPropagation): Check for floats with shape outside as well as in flow positioning.
* rendering/RenderBox.h: Make floats with shape outside get a layer.
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::paintOffset): Method to return in flow
    positioning offset + offset from shape outside on floats.
* rendering/RenderBoxModelObject.h:
(RenderBoxModelObject): Add paintOffset method.
* rendering/RenderInline.cpp:
(WebCore::RenderInline::clippedOverflowRectForRepaint): Check for floats with shape outside as well as in flow positioning.
(WebCore::RenderInline::computeRectForRepaint): Check for floats with shape outside as well as in flow positioning.
(WebCore::RenderInline::mapLocalToContainer): Check for floats with shape outside as well as in flow positioning.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::updateLayerPosition): Check for floats with shape outside as well as in flow positioning.
(WebCore::RenderLayer::calculateClipRects): Check for floats with shape outside as well as in flow positioning.
* rendering/RenderLayer.h:
(WebCore::RenderLayer::paintOffset): Rename offsetForInFlowPosition to reflect that it's not just for
    in flow positioning, it also reflects shape outside position on floats.
(RenderLayer):
* rendering/RenderObject.h:
(WebCore::RenderObject::hasPaintOffset): Determines if this object is in flow positioined or is a float with shape outside.
* rendering/style/RenderStyle.h: Add hasPaintOffset method, analagous to method with same name on RenderObject.

LayoutTests:

This is also tested by the existing tests for shape outside on floats positioning.

* fast/exclusions/shape-outside-floats/shape-outside-floats-overhang-expected.html: Added.
* fast/exclusions/shape-outside-floats/shape-outside-floats-overhang.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142527 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoFrameView::setScrollPosition should clamp scroll position before handing it to
timothy_horton@apple.com [Mon, 11 Feb 2013 23:13:40 +0000 (23:13 +0000)]
FrameView::setScrollPosition should clamp scroll position before handing it to
ScrollingCoordinator instead of depending on ScrollView to do this
https://bugs.webkit.org/show_bug.cgi?id=109497
<rdar://problem/12631789>

Reviewed by Simon Fraser.

Clamp scroll position before handing it to ScrollingCoordinator. Also, like ScrollView does,
bail out if we've already scrolled to the clamped scroll position.

Test: platform/mac-wk2/tiled-drawing/clamp-out-of-bounds-scrolls.html

* page/FrameView.cpp:
(WebCore::FrameView::setScrollPosition):

Adjust some test results which previously expected out-of-bounds scrolling to happen.

Add a test that ensures that out-of-bounds scrolling doesn't happen.

* platform/mac-wk2/tiled-drawing/clamp-out-of-bounds-scrolls-expected.txt: Added.
* platform/mac-wk2/tiled-drawing/clamp-out-of-bounds-scrolls.html: Added.
* platform/mac-wk2/tiled-drawing/fixed/negative-scroll-offset-expected.txt:
* platform/mac-wk2/tiled-drawing/fixed/negative-scroll-offset-in-view-expected.txt:
* platform/mac-wk2/tiled-drawing/sticky/negative-scroll-offset-expected.txt:
* platform/mac-wk2/tiled-drawing/tile-coverage-scroll-to-bottom-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142526 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoThe threaded HTML parser should pass all the fast/parser tests
abarth@webkit.org [Mon, 11 Feb 2013 23:11:24 +0000 (23:11 +0000)]
The threaded HTML parser should pass all the fast/parser tests
https://bugs.webkit.org/show_bug.cgi?id=109486

Reviewed by Tony Gentilcore.

Source/WebCore:

This patch fixes the last two test failures in fast/parser, which were
crashes caused by not having a tokenizer when document.close() was
called. (The tokenizer is created lazily by calls to document.write,
which might not happen before document.close).

fast/parser/document-close-iframe-load.html
fast/parser/document-close-nested-iframe-load.html

In addition, I've added a new test to make sure we flush the tokenizer
properly in these cases.

Test: fast/parser/document-close-iframe-load-partial-entity.html

* html/parser/HTMLDocumentParser.cpp:
(WebCore::HTMLDocumentParser::prepareToStopParsing):
(WebCore::HTMLDocumentParser::pumpTokenizer):

LayoutTests:

* fast/parser/document-close-iframe-load-partial-entity-expected.txt: Added.
* fast/parser/document-close-iframe-load-partial-entity.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142525 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[texmap] Implement frames-per-second debug counter
bruno.abinader@basyskom.com [Mon, 11 Feb 2013 23:07:43 +0000 (23:07 +0000)]
[texmap] Implement frames-per-second debug counter
https://bugs.webkit.org/show_bug.cgi?id=107942

Reviewed by Noam Rosenthal.

Adds FPS counter via WEBKIT_SHOW_FPS=<interval> environment variable,
where <interval> is the period in seconds (i.e. =1.5) between FPS
updates on screen. It is measured by counting
CoordinatedGraphicsScene::paintTo* calls and is painted using
drawRepaintCounter() after TextureMapperLayer has finished painting its
contents.

Visual debugging feature, no need for new tests.

* platform/graphics/texmap/coordinated/CoordinatedGraphicsScene.cpp:
(WebCore::CoordinatedGraphicsScene::CoordinatedGraphicsScene):
(WebCore::CoordinatedGraphicsScene::paintToCurrentGLContext):
(WebCore::CoordinatedGraphicsScene::paintToGraphicsContext):
(WebCore::CoordinatedGraphicsScene::updateFPS):
* platform/graphics/texmap/coordinated/CoordinatedGraphicsScene.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142524 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed Chromium rebaselining after r142500.
jchaffraix@webkit.org [Mon, 11 Feb 2013 23:00:43 +0000 (23:00 +0000)]
Unreviewed Chromium rebaselining after r142500.

* platform/chromium-linux/fast/repaint/selection-after-remove-expected.png:
* platform/chromium-mac-lion/fast/repaint/selection-after-remove-expected.png:
* platform/chromium-mac-snowleopard/fast/repaint/selection-after-remove-expected.png:
* platform/chromium-mac/fast/repaint/selection-after-remove-expected.png:
* platform/chromium-win/fast/repaint/selection-after-remove-expected.png:
Slight painting regression that brings us back to pre-r132591 baselines.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142523 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoFold MarkupTokenBase into HTMLToken now that it has no other subclasses
eric@webkit.org [Mon, 11 Feb 2013 23:00:36 +0000 (23:00 +0000)]
Fold MarkupTokenBase into HTMLToken now that it has no other subclasses
https://bugs.webkit.org/show_bug.cgi?id=109483

Reviewed by Adam Barth.

This deletes an epic amount of template yuck, as well as removes
a vtable !?! from HTMLToken.

This paves the way for further cleanup of HTMLToken now that we
can see the whole object at once.
We'll also probably re-create an HTMLToken.cpp again, now that we're
free from the chains of template nonsense.

* GNUmakefile.list.am:
* Target.pri:
* WebCore.gypi:
* WebCore.vcproj/WebCore.vcproj:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* html/parser/HTMLToken.h:
(WebCore::findAttributeInVector):
(WebCore):
(HTMLToken):
(Attribute):
(Range):
(WebCore::HTMLToken::HTMLToken):
(WebCore::HTMLToken::clear):
(WebCore::HTMLToken::isUninitialized):
(WebCore::HTMLToken::type):
(WebCore::HTMLToken::makeEndOfFile):
(WebCore::HTMLToken::startIndex):
(WebCore::HTMLToken::endIndex):
(WebCore::HTMLToken::setBaseOffset):
(WebCore::HTMLToken::end):
(WebCore::HTMLToken::data):
(WebCore::HTMLToken::isAll8BitData):
(WebCore::HTMLToken::name):
(WebCore::HTMLToken::appendToName):
(WebCore::HTMLToken::nameString):
(WebCore::HTMLToken::selfClosing):
(WebCore::HTMLToken::setSelfClosing):
(WebCore::HTMLToken::beginStartTag):
(WebCore::HTMLToken::beginEndTag):
(WebCore::HTMLToken::addNewAttribute):
(WebCore::HTMLToken::beginAttributeName):
(WebCore::HTMLToken::endAttributeName):
(WebCore::HTMLToken::beginAttributeValue):
(WebCore::HTMLToken::endAttributeValue):
(WebCore::HTMLToken::appendToAttributeName):
(WebCore::HTMLToken::appendToAttributeValue):
(WebCore::HTMLToken::attributes):
(WebCore::HTMLToken::eraseValueOfAttribute):
(WebCore::HTMLToken::ensureIsCharacterToken):
(WebCore::HTMLToken::characters):
(WebCore::HTMLToken::appendToCharacter):
(WebCore::HTMLToken::comment):
(WebCore::HTMLToken::beginComment):
(WebCore::HTMLToken::appendToComment):
(WebCore::HTMLToken::eraseCharacters):
* html/parser/HTMLTokenTypes.h:
* html/parser/XSSAuditor.h:
* xml/parser/MarkupTokenBase.h: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142522 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoPluginProcess should quit immediately if idle in response to low-memory notifications
barraclough@apple.com [Mon, 11 Feb 2013 22:58:03 +0000 (22:58 +0000)]
PluginProcess should quit immediately if idle in response to low-memory notifications
https://bugs.webkit.org/show_bug.cgi?id=109103
<rdar://problem/12679827>

Reviewed by Brady Eidson.

Source/WebCore:

This patch allows a process to set a custom callback for low memory warnings
(defaulting to the current behaviour, as implemented in releaseMemory).

* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::MemoryPressureHandler):
    - Initialize m_lowMemoryHandler to releaseMemory.
(WebCore::MemoryPressureHandler::install):
(WebCore::MemoryPressureHandler::uninstall):
(WebCore::MemoryPressureHandler::holdOff):
    - Cleaned up spacing.
(WebCore::MemoryPressureHandler::releaseMemory):
    - Added null implementation for non-Mac builds.
* platform/MemoryPressureHandler.h:
(WebCore::MemoryPressureHandler::setLowMemoryHandler):
    - Added method to set m_lowMemoryHandler.
* platform/mac/MemoryPressureHandlerMac.mm:
(WebCore::MemoryPressureHandler::respondToMemoryPressure):
    - Changed to call releaseMemory via m_lowMemoryHandler.

Source/WebKit2:

PluginProcess now installs a MemoryPressureHandler for the process, providing
a custom callback which will call terminate if appropriate (if the plugin is not
currently in use).

* PluginProcess/PluginProcess.cpp:
(WebKit::PluginProcess::lowMemoryHandler):
    - Custom callback to terminate if appropriate.
(WebKit::PluginProcess::initializeProcess):
    - Install the MemoryPressureHandler.
(WebKit::PluginProcess::shouldTerminate):
    - This method now also needs to be callable in situations where it might return false.
* PluginProcess/PluginProcess.h:
(PluginProcess):
    - Added declaration for lowMemoryHandler.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142521 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoREGRESSION (r133807): Sticky-position review bar on bugzilla review page is jumpy
simon.fraser@apple.com [Mon, 11 Feb 2013 22:57:36 +0000 (22:57 +0000)]
REGRESSION (r133807): Sticky-position review bar on bugzilla review page is jumpy
https://bugs.webkit.org/show_bug.cgi?id=104276
<rdar://problem/12827187>

Reviewed by Tim Horton.

When committing new scrolling tree state, if the root node has a scroll
position update, we would handle that before updating the state of child
nodes (with possibly new viewport constraints). That would cause incorrect
child layer updates.

Fix by adding a second 'update' phase that happens after child nodes,
and moving the scroll position update into that.

Scrolling tests only dump the state tree, so cannot test the bug.

* page/FrameView.cpp:
(WebCore::FrameView::setScrollPosition): If the scroll position didn't
actually change, don't request a scroll position update from the ScrollingCoordinator.
* page/scrolling/ScrollingTree.cpp:
(WebCore::ScrollingTree::updateTreeFromStateNode): Keep track of the scrolling node so
that we can call updateAfterChildren() on it.
* page/scrolling/ScrollingTreeNode.h:
(ScrollingTreeNode):
(WebCore::ScrollingTreeNode::updateAfterChildren):
* page/scrolling/ScrollingTreeScrollingNode.cpp:
(WebCore::ScrollingTreeScrollingNode::updateBeforeChildren):
* page/scrolling/ScrollingTreeScrollingNode.h:
(ScrollingTreeScrollingNode):
* page/scrolling/mac/ScrollingCoordinatorMac.mm:
(WebCore::ScrollingCoordinatorMac::updateViewportConstrainedNode):
In the current bug the scrolling tree was scheduled for commit because of a
scroll position request, but if only the viewport constraints change, we also need
to commit the tree.
* page/scrolling/mac/ScrollingTreeFixedNode.h:
(ScrollingTreeFixedNode):
* page/scrolling/mac/ScrollingTreeFixedNode.mm:
(WebCore::ScrollingTreeFixedNode::updateBeforeChildren):
* page/scrolling/mac/ScrollingTreeScrollingNodeMac.h:
(ScrollingTreeScrollingNodeMac):
* page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
(WebCore::ScrollingTreeScrollingNodeMac::updateBeforeChildren):
(WebCore::ScrollingTreeScrollingNodeMac::updateAfterChildren): Move code here
that updates things that have to happen after children.
* page/scrolling/mac/ScrollingTreeStickyNode.h:
(ScrollingTreeStickyNode):
* page/scrolling/mac/ScrollingTreeStickyNode.mm:
(WebCore::ScrollingTreeStickyNode::updateBeforeChildren):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142520 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoBuild fix for Windows after r142509
benjamin@webkit.org [Mon, 11 Feb 2013 22:47:44 +0000 (22:47 +0000)]
Build fix for Windows after r142509

* WebKit.vcproj/WebKitExports.def.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142519 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoMove the PluginProcessCrashed message to PluginProcessConnectionManager
andersca@apple.com [Mon, 11 Feb 2013 22:40:11 +0000 (22:40 +0000)]
Move the PluginProcessCrashed message to PluginProcessConnectionManager
https://bugs.webkit.org/show_bug.cgi?id=109493

Reviewed by Andreas Kling.

This is in preparation for making PluginProcessConnectionManager a connection queue client.

* DerivedSources.make:
* UIProcess/Plugins/PluginProcessProxy.cpp:
(WebKit::PluginProcessProxy::didClose):
* WebKit2.xcodeproj/project.pbxproj:
* WebProcess/Plugins/PluginProcessConnectionManager.cpp:
(WebKit::PluginProcessConnectionManager::pluginProcessCrashed):
* WebProcess/Plugins/PluginProcessConnectionManager.h:
(PluginProcessConnectionManager):
* WebProcess/Plugins/PluginProcessConnectionManager.messages.in: Added.
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::didReceiveMessageOnConnectionWorkQueue):
(WebKit::WebProcess::webResourceLoadScheduler):
* WebProcess/WebProcess.h:
(WebProcess):
* WebProcess/WebProcess.messages.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142518 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed. Build fix for Win7 Release.
roger_fong@apple.com [Mon, 11 Feb 2013 22:33:19 +0000 (22:33 +0000)]
Unreviewed. Build fix for Win7 Release.
Because of InspectorAllInOne.cpp static globals must be named differently in files included by InspectorAllInOne.
This was the case for UserInitiatedProfileName. Also removed the repeated HeapProfileType definition in
InspectorHeapProfilerAgent.cpp since it wasn't being used anyways.

* inspector/InspectorHeapProfilerAgent.cpp:
(WebCore):
(WebCore::InspectorHeapProfilerAgent::takeHeapSnapshot):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142517 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed. Rolled Chromium DEPS to r181770.
fmalita@chromium.org [Mon, 11 Feb 2013 22:24:17 +0000 (22:24 +0000)]
Unreviewed.  Rolled Chromium DEPS to r181770.

* DEPS:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142516 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoDFG CompareEq(a, null) and CompareStrictEq(a, const) are unsound with respect to...
fpizlo@apple.com [Mon, 11 Feb 2013 22:23:08 +0000 (22:23 +0000)]
DFG CompareEq(a, null) and CompareStrictEq(a, const) are unsound with respect to constant folding
https://bugs.webkit.org/show_bug.cgi?id=109387

Reviewed by Oliver Hunt and Mark Hahnenberg.

Lock in the decision to use a non-speculative constant comparison as early as possible
and don't let the CFA change it by folding constants. This might be a performance
penalty on some really weird code (FWIW, I haven't seen this on benchmarks), but on
the other hand it completely side-steps the unsoundness that the bug speaks of.

Rolling back in after adding 32-bit path.

* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::isConstantForCompareStrictEq):
(ByteCodeParser):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGNodeType.h:
(DFG):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileStrictEq):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142515 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoSegmentedString's copy ctor should copy all fields
tonyg@chromium.org [Mon, 11 Feb 2013 22:22:48 +0000 (22:22 +0000)]
SegmentedString's copy ctor should copy all fields
https://bugs.webkit.org/show_bug.cgi?id=109477

Reviewed by Adam Barth.

This fixes http/tests/inspector-enabled/document-write.html (and likely others) for the threaded HTML parser.

No new tests because covered by existing tests.

* platform/text/SegmentedString.cpp:
(WebCore::SegmentedString::SegmentedString):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142514 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoIndexedDB: database connections don't close after versionchange transaction aborts
jsbell@chromium.org [Mon, 11 Feb 2013 22:13:19 +0000 (22:13 +0000)]
IndexedDB: database connections don't close after versionchange transaction aborts
https://bugs.webkit.org/show_bug.cgi?id=102298

Reviewed by Tony Chang.

Source/WebCore:

Per spec, close the database if the "versionchange" transaction aborts.

Tests: storage/indexeddb/aborted-versionchange-closes.html
       storage/indexeddb/lazy-index-population.html
       storage/objectstore-basics.html

* Modules/indexeddb/IDBTransaction.cpp:
(WebCore::IDBTransaction::onAbort): Tell the IDBDatabase (connection) to close if
this was a "versionchange" transaction.

LayoutTests:

Added dedicated test, updated tests dependent on buggy behavior.

* storage/indexeddb/aborted-versionchange-closes-expected.txt: Added.
* storage/indexeddb/aborted-versionchange-closes.html: Added.
* storage/indexeddb/lazy-index-population-expected.txt:
* storage/indexeddb/lazy-index-population.html: Remove manual closing.
* storage/indexeddb/objectstore-basics-expected.txt:
* storage/indexeddb/objectstore-basics-workers-expected.txt:
* storage/indexeddb/resources/aborted-versionchange-closes.js: Added.
* storage/indexeddb/resources/objectstore-basics.js: Removed dependency on bug.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142513 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[EFL] fast/forms/number/number-l10n-input.html is failing
ch.dumez@sisa.samsung.com [Mon, 11 Feb 2013 21:59:31 +0000 (21:59 +0000)]
[EFL] fast/forms/number/number-l10n-input.html is failing
https://bugs.webkit.org/show_bug.cgi?id=109440

Reviewed by Laszlo Gombos.

Source/WebCore:

Use LocaleICU instead of LocaleNone on EFL port. The EFL
port already depends on ICU library and we get additional
functionality this way.

No new tests, already covered by existing tests.

* CMakeLists.txt:
* PlatformBlackBerry.cmake:
* PlatformEfl.cmake:
* PlatformWinCE.cmake:

LayoutTests:

Unskip fast/forms/number/number-l10n-input.html on EFL port
now that it passes.

* platform/efl/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142512 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoRename Visual Studio solution folders to avoid conflicts with project names
bfulgham@webkit.org [Mon, 11 Feb 2013 21:48:36 +0000 (21:48 +0000)]
Rename Visual Studio solution folders to avoid conflicts with project names
https://bugs.webkit.org/show_bug.cgi?id=109484

Reviewed by Tim Horton.

* WebKit.vcxproj/WebKit.sln: Rename several solution folders (e.g.,
WTF, WebCore, WebKit, JavaScriptCore) so that they do not conflict
with projects using the same name.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142511 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoRemove failure expectation now that this test is passing.
abarth@webkit.org [Mon, 11 Feb 2013 21:48:33 +0000 (21:48 +0000)]
Remove failure expectation now that this test is passing.

* platform/chromium/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142510 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoKill TestRunner::setMinimumTimerInterval; implement the feature with InternalSettings
benjamin@webkit.org [Mon, 11 Feb 2013 21:41:01 +0000 (21:41 +0000)]
Kill TestRunner::setMinimumTimerInterval; implement the feature with InternalSettings
https://bugs.webkit.org/show_bug.cgi?id=109349

Reviewed by Sam Weinig.

.:

* Source/autotools/symbols.filter:

Source/WebCore:

Expose setMinimumTimerInterval() and implement the backup/restore to keep
a consistent state between tests.

* testing/InternalSettings.cpp:
(WebCore::InternalSettings::Backup::Backup):
(WebCore::InternalSettings::Backup::restoreTo):
(WebCore::InternalSettings::setMinimumTimerInterval):
(WebCore):
* testing/InternalSettings.h:
(Backup):
(InternalSettings):
* testing/InternalSettings.idl:

Source/WebKit/gtk:

* WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
* WebCoreSupport/DumpRenderTreeSupportGtk.h:
(DumpRenderTreeSupportGtk):

Source/WebKit/mac:

* WebView/WebView.mm:
* WebView/WebViewPrivate.h:

Source/WebKit/qt:

* WebCoreSupport/DumpRenderTreeSupportQt.cpp:
* WebCoreSupport/DumpRenderTreeSupportQt.h:

Source/WebKit2:

* WebProcess/InjectedBundle/API/c/WKBundle.cpp:
* WebProcess/InjectedBundle/API/c/WKBundlePrivate.h:
* WebProcess/InjectedBundle/InjectedBundle.cpp:
* WebProcess/InjectedBundle/InjectedBundle.h:
(InjectedBundle):

Tools:

Get rid of TestRunner's setMinimumTimerInterval and all the related functions.

This also fixes an oddity:
TestRunners were initialized with a minimum timer interval of 10 milliseconds instead
of using the default value. All with the same copy of an outdated comment.

* DumpRenderTree/TestRunner.cpp:
(TestRunner::staticFunctions):
* DumpRenderTree/TestRunner.h:
(TestRunner):
* DumpRenderTree/blackberry/TestRunnerBlackBerry.cpp:
* DumpRenderTree/chromium/TestRunner/public/WebPreferences.h:
* DumpRenderTree/chromium/TestRunner/src/TestRunner.cpp:
(WebTestRunner::TestRunner::TestRunner):
* DumpRenderTree/chromium/TestRunner/src/TestRunner.h:
(TestRunner):
* DumpRenderTree/chromium/TestRunner/src/WebPreferences.cpp:
(WebTestRunner::WebPreferences::reset):
(WebTestRunner::WebPreferences::applyTo):
* DumpRenderTree/chromium/WebViewHost.cpp:
(WebViewHost::reset):
* DumpRenderTree/efl/DumpRenderTreeChrome.cpp:
(DumpRenderTreeChrome::resetDefaultsToConsistentValues):
* DumpRenderTree/efl/TestRunnerEfl.cpp:
* DumpRenderTree/gtk/DumpRenderTree.cpp:
(resetDefaultsToConsistentValues):
* DumpRenderTree/gtk/TestRunnerGtk.cpp:
* DumpRenderTree/mac/DumpRenderTree.mm:
(resetWebViewToConsistentStateBeforeTesting):
* DumpRenderTree/mac/TestRunnerMac.mm:
* DumpRenderTree/qt/DumpRenderTreeQt.cpp:
(WebCore::WebPage::resetSettings):
* DumpRenderTree/qt/TestRunnerQt.cpp:
* DumpRenderTree/qt/TestRunnerQt.h:
(TestRunner):
* DumpRenderTree/win/DumpRenderTree.cpp:
(resetWebViewToConsistentStateBeforeTesting):
* DumpRenderTree/win/TestRunnerWin.cpp:
* DumpRenderTree/wx/TestRunnerWx.cpp:
* WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
* WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
(WTR::InjectedBundle::beginTesting):
* WebKitTestRunner/InjectedBundle/TestRunner.cpp:
* WebKitTestRunner/InjectedBundle/TestRunner.h:
(TestRunner):

LayoutTests:

Update the tests to use InternalSettings.

* fast/dom/timer-increase-min-interval-and-reset-part-1.html:
* fast/dom/timer-increase-min-interval-repeating.html:
* fast/dom/timer-increase-min-interval.html:
* fast/dom/timer-increase-then-decrease-min-interval-repeating.html:
* fast/dom/timer-increase-then-decrease-min-interval.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142509 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoDFG TypeOf implementation should have its backend code aligned to what the CFA does
fpizlo@apple.com [Mon, 11 Feb 2013 21:39:35 +0000 (21:39 +0000)]
DFG TypeOf implementation should have its backend code aligned to what the CFA does
https://bugs.webkit.org/show_bug.cgi?id=109385

Reviewed by Sam Weinig.

The problem was that if we ended up trying to constant fold, but didn't succeed
because of prediction mismatches, then we would also fail to do filtration.

Rearranged the control flow in the CFA to fix that.

As far as I know, this is asymptomatic - it's sort of OK for the CFA to prove less
things, which is what the bug was.

* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142508 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoSource/WebCore: Source/WebCore: Snapshotted plug-in should use shadow root
dino@apple.com [Mon, 11 Feb 2013 21:34:50 +0000 (21:34 +0000)]
Source/WebCore: Source/WebCore: Snapshotted plug-in should use shadow root
https://bugs.webkit.org/show_bug.cgi?id=108284

Reviewed by Simon Fraser.

Take three - relanding after rollout in r142400 that was caused by a global
selector interfering with CSS Instrumentation in the Inspector.

A snapshotted plugin needs to indicate to the user that it can be clicked
to be restarted. Previously this was done with an image that had embedded
text. Instead, we now use an internal shadow root to embed some markup that
will display instructions that can be localised.

The UA stylesheet for plug-ins provides a default styling for the label, which
can be overridden by ports.

In the process, RenderSnapshottedPlugIn no longer inherits from RenderEmbeddedObject,
since it is only responsible for drawing a paused plug-in. The snapshot creation
can work with the default renderer, but a shadow root requires something like
RenderBlock in order to draw its children. We swap from one renderer to another when
necessary either by creating the shadow root or by explicitly detaching and attaching
the plugin element.

Unfortunately this is difficult to test, because the snapshotting requires
time to execute, and also a PluginView to be instantiated.

* css/plugIns.css:
(object::-webkit-snapshotted-plugin-content): New rules for a default label style.

* platform/LocalizedStrings.cpp: Make sure all ports have plugin strings, now it is called.
* platform/LocalizedStrings.h:
* platform/blackberry/LocalizedStringsBlackBerry.cpp:
* platform/chromium/LocalizedStringsChromium.cpp:
* platform/efl/LocalizedStringsEfl.cpp:
* platform/gtk/LocalizedStringsGtk.cpp:
* platform/qt/LocalizedStringsQt.cpp:

* html/HTMLPlugInElement.cpp:
(WebCore::HTMLPlugInElement::defaultEventHandler): Take into account the fact
that RenderSnapshottedPlugIn no longer is an embedded object.

* html/HTMLPlugInImageElement.cpp:
(WebCore::HTMLPlugInImageElement::HTMLPlugInImageElement): New default values in constructor.
(WebCore::HTMLPlugInElement::defaultEventHandler): Make sure to call base class.
(WebCore::HTMLPlugInElement::willRecalcStyle): No need to reattach if we're a snapshot.
(WebCore::HTMLPlugInImageElement::createRenderer): If we're showing a snapshot, create such
    a renderer, otherwise use the typical plug-in path.
(WebCore::HTMLPlugInImageElement::updateSnapshot): Keep a record of the snapshot, since we'll
    need to give it to the renderer.
(WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot): Build a subtree that will display a label.
* html/HTMLPlugInImageElement.h:
(HTMLPlugInImageElement): New member variable to record the snapshot image and whether the label
    should show immediately.
(WebCore::HTMLPlugInImageElement::swapRendererTimerFired): The callback function triggered when we need
    to swap to the Shadow Root.
(WebCore::HTMLPlugInImageElement::userDidClickSnapshot): The user has tapped on the snapshot so the plugin
    in being recreated. Make sure we reattach so that a plugin renderer will be created.
(WebCore::HTMLPlugInImageElement::subframeLoaderWillCreatePlugIn): Make sure we set the right
    displayState for snapshots.
* html/HTMLPlugInImageElement.h:
(HTMLPlugInImageElement): The new methods listed above.
(WebCore::HTMLPlugInImageElement::setShouldShowSnapshotLabelAutomatically): Indicates whether or not
    a snapshot should be immediately labeled.

* page/ChromeClient.h: No need for plugInStartLabelImage any more.

* rendering/RenderSnapshottedPlugIn.cpp:
(WebCore::RenderSnapshottedPlugIn::RenderSnapshottedPlugIn): New inheritance.
(WebCore::RenderSnapshottedPlugIn::paint): If we're in the background paint phase, render the snapshot image.
(WebCore::RenderSnapshottedPlugIn::paintSnapshotImage): Rename.
(WebCore::RenderSnapshottedPlugIn::paintSnapshot): Rename.
(WebCore::RenderSnapshottedPlugIn::paintSnapshotWithLabel): Rename. No need for label sizes.
(WebCore::RenderSnapshottedPlugIn::getCursor):
(WebCore::RenderSnapshottedPlugIn::handleEvent): The renderer doesn't restart the plug-in any more. Tell the element and it will do it.
* rendering/RenderSnapshottedPlugIn.h:
(RenderSnapshottedPlugIn): New inheritance. Some method renaming.

Source/WebKit2: Snapshotted plug-in should use shadow root
https://bugs.webkit.org/show_bug.cgi?id=108284

Reviewed by Simon Fraser.

Take three of this commit - after rollout in r142400 and r142405.
We no longer have any need for plugInStartLabelImage.

* WebProcess/InjectedBundle/InjectedBundlePageUIClient.cpp: Remove plugInStartLabelImage.
* WebProcess/InjectedBundle/InjectedBundlePageUIClient.h: Ditto.
* WebProcess/WebCoreSupport/WebChromeClient.cpp: Ditto.
* WebProcess/WebCoreSupport/WebChromeClient.h: Ditto.

Tools: Remove use of plugInStartLabelImage
https://bugs.webkit.org/show_bug.cgi?id=108273

Reviewed by Simon Fraser.

Take two - after rollout in r142405.
Removed plugInStartLabelImage entry from client structure.

* WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:
(WTR::InjectedBundlePage::InjectedBundlePage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142507 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoCSP reports for blocked 'data:' URLs should report the scheme only.
mkwst@chromium.org [Mon, 11 Feb 2013 21:29:46 +0000 (21:29 +0000)]
CSP reports for blocked 'data:' URLs should report the scheme only.
https://bugs.webkit.org/show_bug.cgi?id=109429

Reviewed by Adam Barth.

Source/WebCore:

https://dvcs.w3.org/hg/content-security-policy/rev/001dc8e8bcc3 changed
the CSP 1.1 spec to require that blocked URLs that don't refer to
generally resolvable schemes (e.g. 'data:', 'javascript:', etc.) be
stripped down to their scheme in violation reports.

Test: http/tests/security/contentSecurityPolicy/report-blocked-data-uri.html

* page/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::reportViolation):
    If the blocked URL is a web-resolvable scheme, apply the current
    stripping logic to it, otherwise, strip it to the scheme only.
* platform/KURL.h:
(KURL):
    Move KURL::isHierarchical() out into KURL's public API.

LayoutTests:

* http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/report-blocked-data-uri.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142506 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoScrollingTree node maps keep getting larger
simon.fraser@apple.com [Mon, 11 Feb 2013 21:28:18 +0000 (21:28 +0000)]
ScrollingTree node maps keep getting larger
https://bugs.webkit.org/show_bug.cgi?id=109348

Reviewed by Sam Weinig.

When navigating between pages, nodes would get left in the ScrollingTree's
node map, and the ScrollingStateTree's node map, so these would get larger
and larger as you browse.

Simplify map maintenance by clearing the map when setting a new root node
(which happens on the first commit of a new page). Also, don't keep root nodes
around, but create them afresh for each page, which simplifies their ID
management.

This is closer to the original behavior; keeping the root nodes around was
a fix for bug 99668, but we avoid regressing that fix by bailing early
from frameViewLayoutUpdated() if there is no root state node (we'll get
called again anyway).

This now allows state nodeIDs to be purely read-only.

* page/scrolling/ScrollingStateNode.h:
* page/scrolling/ScrollingStateTree.cpp:
(WebCore::ScrollingStateTree::ScrollingStateTree):
(WebCore::ScrollingStateTree::attachNode):
(WebCore::ScrollingStateTree::clear):
(WebCore::ScrollingStateTree::removeNode):
* page/scrolling/ScrollingTree.cpp:
(WebCore::ScrollingTree::updateTreeFromStateNode):
* page/scrolling/mac/ScrollingCoordinatorMac.mm:
(WebCore::ScrollingCoordinatorMac::frameViewLayoutUpdated):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142505 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoMove m_stateNodeMap from ScrollingCoordinatorMac to ScrollingStateTree
simon.fraser@apple.com [Mon, 11 Feb 2013 21:28:12 +0000 (21:28 +0000)]
Move m_stateNodeMap from ScrollingCoordinatorMac to ScrollingStateTree
https://bugs.webkit.org/show_bug.cgi?id=109361

Reviewed by Sam Weinig.

The map of scrolling node IDs to ScollingStateNodes was maintained by
ScrollingCoordinatorMac, rather than ScrollingStateTree. This is different
from the ScrollingTree (which owns its node map), and added some amount
of to-and-fro between ScrollingStateTree and ScrollingCoordinatorMac.

Having ScrollingCoordinatorMac maintain the map of IDs to state nodes
simplifies things.

No behavior change.

* page/scrolling/ScrollingStateTree.cpp:
(WebCore::ScrollingStateTree::attachNode):
(WebCore::ScrollingStateTree::detachNode):
(WebCore::ScrollingStateTree::clear):
(WebCore::ScrollingStateTree::removeNode):
(WebCore::ScrollingStateTree::stateNodeForID):
* page/scrolling/ScrollingStateTree.h:
(ScrollingStateTree): Remove some stale comments.
(WebCore::ScrollingStateTree::removedNodes):
* page/scrolling/mac/ScrollingCoordinatorMac.h:
(ScrollingCoordinatorMac):
* page/scrolling/mac/ScrollingCoordinatorMac.mm:
(WebCore::ScrollingCoordinatorMac::frameViewLayoutUpdated):
(WebCore::ScrollingCoordinatorMac::recomputeWheelEventHandlerCountForFrameView):
(WebCore::ScrollingCoordinatorMac::frameViewRootLayerDidChange):
(WebCore::ScrollingCoordinatorMac::requestScrollPositionUpdate):
(WebCore::ScrollingCoordinatorMac::attachToStateTree):
(WebCore::ScrollingCoordinatorMac::detachFromStateTree):
(WebCore::ScrollingCoordinatorMac::clearStateTree):
(WebCore::ScrollingCoordinatorMac::updateScrollingNode):
(WebCore::ScrollingCoordinatorMac::updateViewportConstrainedNode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142504 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoBuild fix.
mrowe@apple.com [Mon, 11 Feb 2013 21:26:48 +0000 (21:26 +0000)]
Build fix.

* platform/mac/PlatformSpeechSynthesizerMac.mm: Fix the case in the include.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142503 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoThe plug-in process connection manager doesn't need to be heap allocated
andersca@apple.com [Mon, 11 Feb 2013 21:26:00 +0000 (21:26 +0000)]
The plug-in process connection manager doesn't need to be heap allocated
https://bugs.webkit.org/show_bug.cgi?id=109479

Reviewed by Andreas Kling.

* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::WebProcess):
(WebKit::WebProcess::pluginProcessConnectionManager):
(WebKit::WebProcess::pluginProcessCrashed):
* WebProcess/WebProcess.h:
(WebKit):
(WebProcess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142502 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed. Rolled Chromium DEPS to r181742. Requested by
commit-queue@webkit.org [Mon, 11 Feb 2013 21:24:03 +0000 (21:24 +0000)]
Unreviewed.  Rolled Chromium DEPS to r181742.  Requested by
fmalita_ via sheriffbot.

Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2013-02-11

* DEPS:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142501 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoRegression(r131539): Heap-use-after-free in WebCore::RenderBlock::willBeDestroyed
jchaffraix@webkit.org [Mon, 11 Feb 2013 21:11:11 +0000 (21:11 +0000)]
Regression(r131539): Heap-use-after-free in WebCore::RenderBlock::willBeDestroyed
https://bugs.webkit.org/show_bug.cgi?id=107189

Reviewed by Abhishek Arya.

Source/WebCore:

Test: fast/dynamic/continuation-detach-crash.html

This patch reverts r131539 and the following changes (r132591 and r139664).
This means we redo detaching from the bottom-up which solves the regression.
It fixes the attached test case as we re-attach child nodes before detaching
the parent. It seems wrong to do but this avoid a stale continuation.

* dom/ContainerNode.cpp:
(WebCore::ContainerNode::detach): Detach the children first, then ourself.
* dom/Node.cpp:
(WebCore::Node::detach): Clear the renderer instead of ASSERT'ing.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::willBeDestroyed): Removed the code to clear the associated node's renderer.
(WebCore::RenderObject::destroyAndCleanupAnonymousWrappers):
* rendering/RenderObjectChildList.cpp:
(WebCore::RenderObjectChildList::removeChildNode):
Moved the repainting logic back into removeChildNode from destroyAndCleanupAnonymousWrappers.
(WebCore::RenderObjectChildList::destroyLeftoverChildren): Re-added the code to clear the associated node's
renderer.
* rendering/RenderTextFragment.cpp:
(WebCore::RenderTextFragment::setText): Re-added the code to set the associated node's renderer.

* dom/ContainerNode.cpp:
(WebCore::ContainerNode::detach):
* dom/Node.cpp:
(WebCore::Node::detach):
* rendering/RenderObject.cpp:
(WebCore::RenderObject::willBeDestroyed):
(WebCore::RenderObject::destroyAndCleanupAnonymousWrappers):
* rendering/RenderObjectChildList.cpp:
(WebCore::RenderObjectChildList::destroyLeftoverChildren):
(WebCore::RenderObjectChildList::removeChildNode):
* rendering/RenderTextFragment.cpp:
(WebCore::RenderTextFragment::setText):

LayoutTests:

* fast/dynamic/continuation-detach-crash-expected.txt: Added.
* fast/dynamic/continuation-detach-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142500 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoMove setFrameFlatteningEnabled from layoutTestController to window.internals.settings
tony@chromium.org [Mon, 11 Feb 2013 21:04:50 +0000 (21:04 +0000)]
Move setFrameFlatteningEnabled from layoutTestController to window.internals.settings
https://bugs.webkit.org/show_bug.cgi?id=87149

Reviewed by Simon Fraser.

Source/WebKit2:

* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::overrideBoolPreferenceForTestRunner): Add setFrameFlatteningEnabled to the list of overridable values.

Tools:

Remove testRunner.setFrameFlatteningEnabled from DRT and WTR. WebKit API
methods are left because there may be users of it. Add a test for Apple Mac
to ensure that the API for the preference still works using overridePreference.

* DumpRenderTree/TestRunner.cpp:
(TestRunner::staticFunctions):
* DumpRenderTree/TestRunner.h:
(TestRunner):
* DumpRenderTree/blackberry/DumpRenderTree.cpp:
(BlackBerry::WebKit::DumpRenderTree::resetToConsistentStateBeforeTesting):
* DumpRenderTree/blackberry/TestRunnerBlackBerry.cpp:
* DumpRenderTree/efl/TestRunnerEfl.cpp:
* DumpRenderTree/gtk/DumpRenderTree.cpp:
(resetDefaultsToConsistentValues):
* DumpRenderTree/gtk/TestRunnerGtk.cpp:
* DumpRenderTree/mac/TestRunnerMac.mm:
* DumpRenderTree/qt/DumpRenderTreeQt.cpp:
(WebCore::WebPage::resetSettings):
* DumpRenderTree/qt/TestRunnerQt.cpp:
* DumpRenderTree/qt/TestRunnerQt.h:
(TestRunner):
* DumpRenderTree/win/DumpRenderTree.cpp:
(resetDefaultsToConsistentValues):
* DumpRenderTree/win/TestRunnerWin.cpp:
* DumpRenderTree/wx/TestRunnerWx.cpp:
* WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
* WebKitTestRunner/InjectedBundle/TestRunner.cpp:
* WebKitTestRunner/InjectedBundle/TestRunner.h:
(TestRunner):

LayoutTests:

Update tests to use internal.settings.setFrameFlatteningEnabled, which is automatically
generated from Settings.in.
Add a Mac only test that uses overridePreference to test the API.

* fast/frames/flattening/crash-svg-document.html:
* fast/frames/flattening/frameset-flattening-advanced.html:
* fast/frames/flattening/frameset-flattening-grid.html:
* fast/frames/flattening/frameset-flattening-simple.html:
* fast/frames/flattening/frameset-flattening-subframe-resize.html:
* fast/frames/flattening/frameset-flattening-subframesets.html:
* fast/frames/flattening/iframe-flattening-crash.html:
* fast/frames/flattening/iframe-flattening-fixed-height.html:
* fast/frames/flattening/iframe-flattening-fixed-width-and-height-no-scrolling-with-js-forced-layout.html:
* fast/frames/flattening/iframe-flattening-fixed-width-and-height-no-scrolling.html:
* fast/frames/flattening/iframe-flattening-fixed-width-and-height-zero-size.html:
* fast/frames/flattening/iframe-flattening-fixed-width-and-height.html:
* fast/frames/flattening/iframe-flattening-fixed-width.html:
* fast/frames/flattening/iframe-flattening-nested.html:
* fast/frames/flattening/iframe-flattening-offscreen.html:
* fast/frames/flattening/iframe-flattening-out-of-view-and-scroll.html:
* fast/frames/flattening/iframe-flattening-out-of-view-scroll-and-relayout.html:
* fast/frames/flattening/iframe-flattening-out-of-view.html:
* fast/frames/flattening/iframe-flattening-selection-crash.html:
* fast/frames/flattening/iframe-flattening-simple.html:
* fast/frames/flattening/iframe-tiny.html:
* fast/spatial-navigation/snav-iframe-flattening-simple.html:
* fast/text-autosizing/narrow-iframe-flattened.html:
* http/tests/misc/iframe-flattening-3level-nesting-with-blocking-resource.html:
* platform/chromium/TestExpectations: Chromium doesn't use frame flattening on mobile either.
* plugins/frameset-with-plugin-frame.html:
* fast/frames/flattening/crash-svg-document.html:
* fast/frames/flattening/frameset-flattening-advanced.html:
* fast/frames/flattening/frameset-flattening-grid.html:
* fast/frames/flattening/frameset-flattening-simple.html:
* fast/frames/flattening/frameset-flattening-subframe-resize.html:
* fast/frames/flattening/frameset-flattening-subframesets.html:
* fast/frames/flattening/iframe-flattening-crash.html:
* fast/frames/flattening/iframe-flattening-fixed-height.html:
* fast/frames/flattening/iframe-flattening-fixed-width-and-height-no-scrolling-with-js-forced-layout.html:
* fast/frames/flattening/iframe-flattening-fixed-width-and-height-no-scrolling.html:
* fast/frames/flattening/iframe-flattening-fixed-width-and-height-zero-size.html:
* fast/frames/flattening/iframe-flattening-fixed-width-and-height.html:
* fast/frames/flattening/iframe-flattening-fixed-width.html:
* fast/frames/flattening/iframe-flattening-nested.html:
* fast/frames/flattening/iframe-flattening-offscreen.html:
* fast/frames/flattening/iframe-flattening-out-of-view-and-scroll.html:
* fast/frames/flattening/iframe-flattening-out-of-view-scroll-and-relayout.html:
* fast/frames/flattening/iframe-flattening-out-of-view.html:
* fast/frames/flattening/iframe-flattening-selection-crash.html:
* fast/frames/flattening/iframe-flattening-simple.html:
* fast/frames/flattening/iframe-tiny.html:
* fast/spatial-navigation/snav-iframe-flattening-simple.html:
* fast/text-autosizing/narrow-iframe-flattened.html:
* http/tests/misc/iframe-flattening-3level-nesting-with-blocking-resource.html:
* platform/chromium/TestExpectations:
* platform/mac/fast/frames/flattening/set-preference-expected.txt: Added.
* platform/mac/fast/frames/flattening/set-preference.html: Added.
* plugins/frameset-with-plugin-frame.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142499 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed, rolling out r142491.
commit-queue@webkit.org [Mon, 11 Feb 2013 20:43:37 +0000 (20:43 +0000)]
Unreviewed, rolling out r142491.
http://trac.webkit.org/changeset/142491
https://bugs.webkit.org/show_bug.cgi?id=109470

broke the 32 bit build (Requested by jessieberlin on #webkit).

Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2013-02-11

* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGNodeType.h:
(DFG):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileStrictEq):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142498 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoMake WebVTTTokenizer stop inheriting from MarkupTokenizerBase
eric@webkit.org [Mon, 11 Feb 2013 20:41:49 +0000 (20:41 +0000)]
Make WebVTTTokenizer stop inheriting from MarkupTokenizerBase
https://bugs.webkit.org/show_bug.cgi?id=109411

Reviewed by Adam Barth.

Moved InputStreamPreprocessor into its own header file so it can be
used by both WebVTTTokenizer and HTMLTokenizer.

Also split out kEndOfFileMarker from InputStreamPreprocessor<T> so that
it can be used w/o a specific instantiation of the template class.
This also made it possible to fix three old fixmes about wanting to share
that constant.

Again, separating WebVTT code from Markup* base classes made it simpler
at the cost of a little copy/paste code.  WebVTT tokenization is remarkably
simple compared to HTML.

This will make it immediately possible to pull MarkupTokenizerBase up into
HTMLTokenizer and further simplify the code.

* GNUmakefile.list.am:
* Target.pri:
* WebCore.gypi:
* WebCore.vcproj/WebCore.vcproj:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* html/parser/BackgroundHTMLParser.cpp:
(WebCore::BackgroundHTMLParser::markEndOfFile):
* html/parser/HTMLInputStream.h:
(WebCore::HTMLInputStream::markEndOfFile):
* html/parser/HTMLTokenizer.cpp:
(WebCore::HTMLTokenizer::nextToken):
* html/parser/InputStreamPreprocessor.h: Added.
(WebCore):
(InputStreamPreprocessor):
(WebCore::InputStreamPreprocessor::InputStreamPreprocessor):
(WebCore::InputStreamPreprocessor::nextInputCharacter):
(WebCore::InputStreamPreprocessor::peek):
(WebCore::InputStreamPreprocessor::advance):
(WebCore::InputStreamPreprocessor::skipNextNewLine):
(WebCore::InputStreamPreprocessor::reset):
(WebCore::InputStreamPreprocessor::shouldTreatNullAsEndOfFileMarker):
* html/track/WebVTTTokenizer.cpp:
(WebCore::WebVTTTokenizer::WebVTTTokenizer):
(WebCore::WebVTTTokenizer::nextToken):
* html/track/WebVTTTokenizer.h:
(WebVTTTokenizer):
(WebCore::WebVTTTokenizer::haveBufferedCharacterToken):
(WebCore::WebVTTTokenizer::bufferCharacter):
(WebCore::WebVTTTokenizer::emitAndResumeIn):
(WebCore::WebVTTTokenizer::emitEndOfFile):
(WebCore::WebVTTTokenizer::shouldSkipNullCharacters):
* xml/parser/MarkupTokenizerBase.h:
(MarkupTokenizerBase):
(WebCore::MarkupTokenizerBase::bufferCharacter):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142497 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[Chromium] FilterTypeSaturatingBrightness enum
fmalita@chromium.org [Mon, 11 Feb 2013 20:37:51 +0000 (20:37 +0000)]
[Chromium] FilterTypeSaturatingBrightness enum
https://bugs.webkit.org/show_bug.cgi?id=109380

Introduce a new WebFilterOperation::FilterType enum (FilterTypeSaturatingBrightness)
to support existing interntal clients which rely on the current saturating brightness
behavior (in preparation of switching to the new brightness implementation).

Reviewed by James Robinson.

* chromium/public/WebFilterOperation.h:
(WebKit::WebFilterOperation::amount):
(WebKit::WebFilterOperation::createSaturatingBrightnessFilter):
(WebKit::WebFilterOperation::setAmount):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142496 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed. Windows 7 Debug mode build fix.
roger_fong@apple.com [Mon, 11 Feb 2013 20:36:32 +0000 (20:36 +0000)]
Unreviewed. Windows 7 Debug mode build fix.

* DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142495 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[Chromium] Replace correct misspelled range in WebKit::WebFrameImpl::replaceMisspelle...
commit-queue@webkit.org [Mon, 11 Feb 2013 20:23:48 +0000 (20:23 +0000)]
[Chromium] Replace correct misspelled range in WebKit::WebFrameImpl::replaceMisspelledRange
https://bugs.webkit.org/show_bug.cgi?id=108513

Patch by Rouslan Solomakhin <rouslan@chromium.org> on 2013-02-11
Reviewed by Tony Chang.

WebKit::WebFrameImpl::replaceMisspelledRange is going to be used by Chromium instead of
WebKit::WebFrameImpl::replaceSelection for correcting misspellings. The current implementation
of WebKit::WebFrameImpl::replaceMisspelledRange sometimes replaces the wrong range. This change
uses Range::create instead of TextIterator::rangeFromLocationAndLength to select the correct
range. This change also disables smart replace in WebKit::WebFrameImpl::replaceMisspelledRange
to avoid introducing spaces around misspellings.

* src/WebFrameImpl.cpp:
(WebKit::WebFrameImpl::replaceMisspelledRange): Replace correct misspelled range.
* tests/WebFrameTest.cpp: Add unit test for WebKit::WebFrameImpl::replaceMisspelledRange method.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142494 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[WK2][Notifications] Missing early return in populateCopyOfNotificationPermissions
commit-queue@webkit.org [Mon, 11 Feb 2013 19:53:23 +0000 (19:53 +0000)]
[WK2][Notifications] Missing early return in populateCopyOfNotificationPermissions
https://bugs.webkit.org/show_bug.cgi?id=108459

Patch by Claudio Saavedra <csaavedra@igalia.com> on 2013-02-11
Reviewed by Alexey Proskuryakov.

* UIProcess/Notifications/WebNotificationManagerProxy.cpp:
(WebKit::WebNotificationManagerProxy::populateCopyOfNotificationPermissions):
Providers might return 0 and we will end up with a null-pointer dereference.
Early check against this.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142493 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agodocument.write during window.onload can trigger DumpRenderTree to dump the render...
abarth@webkit.org [Mon, 11 Feb 2013 19:48:56 +0000 (19:48 +0000)]
document.write during window.onload can trigger DumpRenderTree to dump the render tree
https://bugs.webkit.org/show_bug.cgi?id=109465

Reviewed by Eric Seidel.

Source/WebCore:

This patch is a partial revert of
http://trac.webkit.org/changeset/142378. It's not safe to call
checkComplete during the load event. We'll need to find another way of
calling checkComplete at the right time.

Test: fast/parser/document-write-during-load.html

* dom/Document.cpp:
(WebCore::Document::decrementActiveParserCount):

LayoutTests:

* fast/parser/document-write-during-load-expected.txt: Added.
* fast/parser/document-write-during-load.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142492 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoDFG CompareEq(a, null) and CompareStrictEq(a, const) are unsound with respect to...
fpizlo@apple.com [Mon, 11 Feb 2013 19:21:10 +0000 (19:21 +0000)]
DFG CompareEq(a, null) and CompareStrictEq(a, const) are unsound with respect to constant folding
https://bugs.webkit.org/show_bug.cgi?id=109387

Reviewed by Oliver Hunt.

Lock in the decision to use a non-speculative constant comparison as early as possible
and don't let the CFA change it by folding constants. This might be a performance
penalty on some really weird code (FWIW, I haven't seen this on benchmarks), but on
the other hand it completely side-steps the unsoundness that the bug speaks of.

* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::isConstantForCompareStrictEq):
(ByteCodeParser):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGNodeType.h:
(DFG):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileStrictEq):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142491 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed EFL gardening.
ch.dumez@sisa.samsung.com [Mon, 11 Feb 2013 19:13:38 +0000 (19:13 +0000)]
Unreviewed EFL gardening.

Mark fast/flexbox/line-clamp-link-after-ellipsis.html as failing
on EFL port. This test was introduced in r142335.

* platform/efl/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142490 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed fix after r13954 for !ENABLE(JIT) builds.
ossy@webkit.org [Mon, 11 Feb 2013 18:16:40 +0000 (18:16 +0000)]
Unreviewed fix after r13954 for !ENABLE(JIT) builds.

* llint/LowLevelInterpreter.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142489 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoWeb Inspector: Timeline: invalidate and force locations are same for Layout records...
caseq@chromium.org [Mon, 11 Feb 2013 18:15:24 +0000 (18:15 +0000)]
Web Inspector: Timeline: invalidate and force locations are same for Layout records caused by style recalculaiton
https://bugs.webkit.org/show_bug.cgi?id=109294

Reviewed by Pavel Feldman.

Source/WebCore:

Use the stack that caused style recalculation as a cause for relayout performed due to
layout invalidation caused by style recalculation.

* inspector/front-end/TimelinePresentationModel.js:
(WebInspector.TimelinePresentationModel.prototype.reset):
(WebInspector.TimelinePresentationModel.Record):

LayoutTests:

* inspector/timeline/timeline-layout-reason-expected.txt: Added.
* inspector/timeline/timeline-layout-reason.html: Added.
* inspector/timeline/timeline-test.js:
(initialize_Timeline.step2):
(initialize_Timeline.InspectorTest.evaluateWithTimeline): Extracted "performActions" step from performActionsAndPrint()
(initialize_Timeline.):
(initialize_Timeline.InspectorTest.performActionsAndPrint):
(initialize_Timeline.InspectorTest.findPresentationRecord.findByType):
(initialize_Timeline.InspectorTest.findPresentationRecord):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142488 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[BlackBerry] Set mouse document position for mouse event in DRT.
commit-queue@webkit.org [Mon, 11 Feb 2013 18:11:32 +0000 (18:11 +0000)]
[BlackBerry] Set mouse document position for mouse event in DRT.
https://bugs.webkit.org/show_bug.cgi?id=109094.

Patch by Tiancheng Jiang <tijiang@rim.com> on 2013-02-11
Reviewed by Rob Buis.

RIM PR 246976.
Internally Reviewed by Nima Ghanavatian & Genevieve Mak.

Set mouse document position when we create mouse event in DRT.

* DumpRenderTree/blackberry/EventSender.cpp:
(setMouseEventDocumentPos):
(mouseDownCallback):
(mouseUpCallback):
(mouseMoveToCallback):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142487 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoWeb Inspector: [Extension API] adjust inspectedWindow.eval() callback parameters...
caseq@chromium.org [Mon, 11 Feb 2013 18:05:33 +0000 (18:05 +0000)]
Web Inspector: [Extension API] adjust inspectedWindow.eval() callback parameters to expose non-exceptional error
https://bugs.webkit.org/show_bug.cgi?id=108640

Reviewed by Vsevolod Vlasov.

Source/WebCore:

- only set first parameter to eval() callback iff expression successfully evaluates;
- use object, not bool as second parameter;
- pass exceptions and extension errors as second parameter if evaluate failed;
- minor drive-by changes in ExtensionAPI utilities.

* inspector/front-end/ExtensionAPI.js:
(injectedExtensionAPI.ExtensionSidebarPaneImpl.prototype.setExpression):
(injectedExtensionAPI.InspectedWindow.prototype.):
(injectedExtensionAPI.InspectedWindow.prototype.eval):
(injectedExtensionAPI.extractCallbackArgument):
* inspector/front-end/ExtensionServer.js:
(WebInspector.ExtensionServer.prototype.):
(WebInspector.ExtensionServer.prototype._onEvaluateOnInspectedPage):
(WebInspector.ExtensionStatus):

LayoutTests:

Rebase tests following change in exception parameter to inspectedWindow.eval() callback.

* inspector/extensions/extensions-eval-expected.txt:
* inspector/extensions/extensions-eval.html:
* inspector/extensions/extensions-sidebar-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142486 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoWeb Inspector: [Extensions API] expose ExtensionServerClient to tests so tests use...
caseq@chromium.org [Mon, 11 Feb 2013 18:01:01 +0000 (18:01 +0000)]
Web Inspector: [Extensions API] expose ExtensionServerClient to tests so tests use same port as extensions API
https://bugs.webkit.org/show_bug.cgi?id=109443

Reviewed by Vsevolod Vlasov.

Source/WebCore:

Promote extensionServer var to the outer closure, so it may be accessed by platform-specific (or test) code.

* inspector/front-end/ExtensionAPI.js:
(buildExtensionAPIInjectedScript):

LayoutTests:

- replace additional message ports used for evaluating code in front-end with normal extension transport.

* http/tests/inspector/extensions-test.js:
(initialize_ExtensionsTest.window.buildPlatformExtensionAPI):
(initialize_ExtensionsTest.InspectorTest._replyToExtension):
(initialize_ExtensionsTest.onEvaluate):
* http/tests/inspector/resources/extension-main.js:
* inspector/extensions/extensions-audits.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142485 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoMove WebVTTToken off of MarkupTokenBase
eric@webkit.org [Mon, 11 Feb 2013 17:54:50 +0000 (17:54 +0000)]
Move WebVTTToken off of MarkupTokenBase
https://bugs.webkit.org/show_bug.cgi?id=109410

Reviewed by Tony Gentilcore.

This introduces a small amount of "copy/paste" code
but actually makes WebVTTToken much smaller and simpler!
This also frees the HTMLParser to have its Token class
back to itself so we can tune it to make HTML faster.

* html/track/WebVTTToken.h:
(WebVTTToken):
(WebCore::WebVTTToken::WebVTTToken):
(WebCore::WebVTTToken::appendToName):
(WebCore::WebVTTToken::type):
(WebCore::WebVTTToken::name):
(WebCore::WebVTTToken::ensureIsCharacterToken):
(WebCore::WebVTTToken::appendToCharacter):
(WebCore::WebVTTToken::beginEmptyStartTag):
(WebCore::WebVTTToken::beginStartTag):
(WebCore::WebVTTToken::beginEndTag):
(WebCore::WebVTTToken::beginTimestampTag):
(WebCore::WebVTTToken::makeEndOfFile):
(WebCore::WebVTTToken::clear):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142484 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[V8] IndexedDB: Minor GC can collect IDBDatabase wrapper with versionchange handler
jsbell@chromium.org [Mon, 11 Feb 2013 17:28:22 +0000 (17:28 +0000)]
[V8] IndexedDB: Minor GC can collect IDBDatabase wrapper with versionchange handler
https://bugs.webkit.org/show_bug.cgi?id=108670

Reviewed by Kentaro Hara.

Source/WebCore:

Prevent IDBDatabase's wrapper from being GC'd while the database is open if it has
listeners, as those listeners may close the database in response to events.

Also, removed extraneous super-calls from hasPendingActivity() overrides.

Test: storage/indexeddb/database-wrapper.html

* Modules/indexeddb/IDBDatabase.cpp:
(WebCore::IDBDatabase::hasPendingActivity): Implemented.
* Modules/indexeddb/IDBDatabase.h: Declared.
* Modules/indexeddb/IDBRequest.cpp:
(WebCore::IDBRequest::hasPendingActivity): Simplified.
* Modules/indexeddb/IDBTransaction.cpp:
(WebCore::IDBTransaction::hasPendingActivity): Simplified.

LayoutTests:

* storage/indexeddb/database-wrapper-expected.txt: Added.
* storage/indexeddb/database-wrapper.html: Added.
* storage/indexeddb/resources/database-wrapper.js: Added.
(test):
(openDB):
(onUpgradeNeeded):
(openSuccess.get request.onsuccess):
(onVersionChange):
(collectGarbage):
(openAgain):
(onBlocked):
(openAgainSuccess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142483 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[BlackBerry] Add form navigation control state tracking.
mifenton@rim.com [Mon, 11 Feb 2013 17:17:45 +0000 (17:17 +0000)]
[BlackBerry] Add form navigation control state tracking.
https://bugs.webkit.org/show_bug.cgi?id=109300

Reviewed by Rob Buis.

Add form navigation control state tracking.

* Api/WebPage.cpp:
(BlackBerry::WebKit::WebPage::focusNextField):
(WebKit):
(BlackBerry::WebKit::WebPage::focusPreviousField):
(BlackBerry::WebKit::WebPage::submitForm):
* Api/WebPage.h:
* Api/WebPageClient.h:
* WebKitSupport/InputHandler.cpp:
(BlackBerry::WebKit::InputHandler::InputHandler):
(BlackBerry::WebKit::InputHandler::setElementUnfocused):
(BlackBerry::WebKit::InputHandler::updateFormState):
* WebKitSupport/InputHandler.h:
(InputHandler):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142482 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoJSC build failing with verbose debug mode
rgabor@webkit.org [Mon, 11 Feb 2013 17:01:06 +0000 (17:01 +0000)]
JSC build failing with verbose debug mode
https://bugs.webkit.org/show_bug.cgi?id=109441

Reviewed by Darin Adler.

Fixing some verbose messages which caused build errors.

* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::mergeToSuccessors):
* dfg/DFGCFAPhase.cpp:
(JSC::DFG::CFAPhase::performBlockCFA):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::setReplacement):
(JSC::DFG::CSEPhase::eliminate):
* dfg/DFGPredictionInjectionPhase.cpp:
(JSC::DFG::PredictionInjectionPhase::run):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142481 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoRemove AttributeBase now that NEW_XML is gone
eric@webkit.org [Mon, 11 Feb 2013 16:52:27 +0000 (16:52 +0000)]
Remove AttributeBase now that NEW_XML is gone
https://bugs.webkit.org/show_bug.cgi?id=109408

Reviewed by Adam Barth.

Just deleting code.  HTMLToken::Attribute is now just
the real class and not a typedef.

* html/parser/CompactHTMLToken.cpp:
(WebCore::CompactHTMLToken::CompactHTMLToken):
* html/parser/HTMLTokenizer.cpp:
(WebCore::AtomicHTMLToken::nameForAttribute):
* xml/parser/MarkupTokenBase.h:
(WebCore):
(MarkupTokenBase):
(Attribute):
(Range):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142480 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[BlackBerry] Add graphics subdirectory to include path.
commit-queue@webkit.org [Mon, 11 Feb 2013 16:24:09 +0000 (16:24 +0000)]
[BlackBerry] Add graphics subdirectory to include path.
https://bugs.webkit.org/show_bug.cgi?id=109437

Patch by Mike Lattanzio <mlattanzio@rim.com> on 2013-02-11
Reviewed by Rob Buis.

Add browser/platform/graphics to include path.

Internal review by Jeff Rogers.

* Scripts/webkitdirs.pm:
(blackberryCMakeArguments):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142479 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed EFL gardening.
ch.dumez@sisa.samsung.com [Mon, 11 Feb 2013 16:19:59 +0000 (16:19 +0000)]
Unreviewed EFL gardening.

Skip fast/forms/number/number-l10n-input.html that was added in r142122
but fails on EFL port.

* platform/efl/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142478 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[EFL][WKTR] Regression(r141836) fast/dom/Window/mozilla-focus-blur.html started failing
ch.dumez@sisa.samsung.com [Mon, 11 Feb 2013 16:06:58 +0000 (16:06 +0000)]
[EFL][WKTR] Regression(r141836) fast/dom/Window/mozilla-focus-blur.html started failing
https://bugs.webkit.org/show_bug.cgi?id=109438

Reviewed by Kenneth Rohde Christiansen.

Some refactoring in r141836 caused the view not to get focus if the focused
frame is not the main one. The idea of the code was to remove focus from the
view if the focused frame was not the main one, and then focus the view again.
However, after the refactoring, the second step never happened: Focus was
removed but not given again.

* WebKitTestRunner/efl/PlatformWebViewEfl.cpp:
(WTR::PlatformWebView::focus):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142477 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed revert test fix attempt and skip it.
vsevik@chromium.org [Mon, 11 Feb 2013 16:00:21 +0000 (16:00 +0000)]
Unreviewed revert test fix attempt and skip it.

* inspector/editor/text-editor-home-button.html:
* platform/chromium/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142476 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoRename PreloadTask to StartTagScanner to match its purpose
eric@webkit.org [Mon, 11 Feb 2013 15:58:46 +0000 (15:58 +0000)]
Rename PreloadTask to StartTagScanner to match its purpose
https://bugs.webkit.org/show_bug.cgi?id=109406

Reviewed by Sam Weinig.

As discussed in bug 107807.

* html/parser/HTMLPreloadScanner.cpp:
(WebCore::StartTagScanner::StartTagScanner):
(WebCore::StartTagScanner::processAttributes):
(WebCore::HTMLPreloadScanner::processToken):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142475 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoWeb Inspector: WebInspector.Project refactorings.
vsevik@chromium.org [Mon, 11 Feb 2013 15:50:38 +0000 (15:50 +0000)]
Web Inspector: WebInspector.Project refactorings.
https://bugs.webkit.org/show_bug.cgi?id=109433

Reviewed by Alexander Pavlov.

Source/WebCore:

This change prepares Workspace and Project to migration to project-per-domain mode for network based projects.
Renamed WebInspector.WorkspaceProvider to WebInspector.ProjectDelegate.
Renamed Project.name() to Project.id() and delegated it to project delegate.
Added Project.displayName() method that is delegated to project delegate.
SimpleWorkspaceProvider is now responsible for creation of SimpleWorkspaceDelegates and
isolates various mappings from Project/ProjectDelegate concept.
UISourceCode is now created based on path in the project.
UISourceCode uri is now calculated based on project and path (right now uri is equal to path).

* WebCore.gypi:
* WebCore.vcproj/WebCore.vcproj:
* inspector/compile-front-end.py:
* inspector/front-end/FileSystemProjectDelegate.js: Renamed from Source/WebCore/inspector/front-end/FileSystemWorkspaceProvider.js.
(WebInspector.FileSystemProjectDelegate):
(WebInspector.FileSystemProjectDelegate.prototype.id):
(WebInspector.FileSystemProjectDelegate.prototype.type):
(WebInspector.FileSystemProjectDelegate.prototype.displayName):
(WebInspector.FileSystemProjectDelegate.prototype.innerCallback):
(WebInspector.FileSystemProjectDelegate.prototype.requestFileContent):
(WebInspector.FileSystemProjectDelegate.prototype.setFileContent):
(WebInspector.FileSystemProjectDelegate.prototype.contentCallback):
(WebInspector.FileSystemProjectDelegate.prototype.searchInFileContent):
(WebInspector.FileSystemProjectDelegate.prototype._contentTypeForPath):
(WebInspector.FileSystemProjectDelegate.prototype._populate.filesLoaded):
(WebInspector.FileSystemProjectDelegate.prototype._populate):
(WebInspector.FileSystemProjectDelegate.prototype._addFile):
(WebInspector.FileSystemProjectDelegate.prototype._removeFile):
(WebInspector.FileSystemProjectDelegate.prototype.reset):
(WebInspector.FileSystemUtils):
(WebInspector.FileSystemUtils.errorHandler):
(WebInspector.FileSystemUtils.requestFileSystem):
(.fileSystemLoaded):
(.innerCallback):
(WebInspector.FileSystemUtils.requestFilesRecursive):
(.fileEntryLoaded):
(.fileLoaded):
(.readerLoadEnd):
(WebInspector.FileSystemUtils.requestFileContent):
(.fileWriterCreated.fileTruncated):
(.fileWriterCreated):
(.writerEnd):
(WebInspector.FileSystemUtils.setFileContent):
(WebInspector.FileSystemUtils._getDirectory):
(.toArray):
(WebInspector.FileSystemUtils._readDirectory):
(WebInspector.FileSystemUtils._requestEntries):
* inspector/front-end/IsolatedFileSystemModel.js:
(WebInspector.IsolatedFileSystemModel.prototype._innerAddFileSystem):
* inspector/front-end/SimpleWorkspaceProvider.js:
(WebInspector.SimpleProjectDelegate):
(WebInspector.SimpleProjectDelegate.prototype.id):
(WebInspector.SimpleProjectDelegate.prototype.displayName):
(WebInspector.SimpleProjectDelegate.prototype.requestFileContent):
(WebInspector.SimpleProjectDelegate.prototype.setFileContent):
(WebInspector.SimpleProjectDelegate.prototype.searchInFileContent):
(WebInspector.SimpleProjectDelegate.prototype.addFile):
(WebInspector.SimpleProjectDelegate.prototype._uniquePath):
(WebInspector.SimpleProjectDelegate.prototype.removeFile):
(WebInspector.SimpleProjectDelegate.prototype.reset):
(WebInspector.SimpleWorkspaceProvider):
(WebInspector.SimpleWorkspaceProvider.uriForURL):
(WebInspector.SimpleWorkspaceProvider.prototype.addFileForURL):
(WebInspector.SimpleWorkspaceProvider.prototype.addUniqueFileForURL):
(WebInspector.SimpleWorkspaceProvider.prototype._innerAddFileForURL):
(WebInspector.SimpleWorkspaceProvider.prototype.removeFile):
(WebInspector.SimpleWorkspaceProvider.prototype.reset):
* inspector/front-end/UISourceCode.js:
(WebInspector.UISourceCode):
(WebInspector.UISourceCode.prototype.path):
(WebInspector.UISourceCode.prototype.uri):
* inspector/front-end/WebKit.qrc:
* inspector/front-end/Workspace.js:
(WebInspector.FileDescriptor):
(WebInspector.ProjectDelegate):
(WebInspector.ProjectDelegate.prototype.id):
(WebInspector.ProjectDelegate.prototype.displayName):
(WebInspector.ProjectDelegate.prototype.requestFileContent):
(WebInspector.ProjectDelegate.prototype.setFileContent):
(WebInspector.ProjectDelegate.prototype.searchInFileContent):
(WebInspector.Project):
(WebInspector.Project.prototype.id):
(WebInspector.Project.prototype.type):
(WebInspector.Project.prototype.displayName):
(WebInspector.Project.prototype.isServiceProject):
(WebInspector.Project.prototype._fileAdded):
(WebInspector.Project.prototype._fileRemoved):
(WebInspector.Project.prototype._reset):
(WebInspector.Project.prototype.uiSourceCode):
(WebInspector.Project.prototype.uiSourceCodeForOriginURL):
(WebInspector.Project.prototype.uiSourceCodeForURI):
(WebInspector.Project.prototype.uiSourceCodes):
(WebInspector.Project.prototype.requestFileContent):
(WebInspector.Project.prototype.setFileContent):
(WebInspector.Project.prototype.searchInFileContent):
(WebInspector.Project.prototype.dispose):
(WebInspector.Workspace.prototype.uiSourceCode):
(WebInspector.Workspace.prototype.uiSourceCodeForURI):
(WebInspector.Workspace.prototype.addProject):
(WebInspector.Workspace.prototype.removeProject):
(WebInspector.Workspace.prototype.project):
(WebInspector.Workspace.prototype.uiSourceCodes):
(WebInspector.Workspace.prototype.projectForUISourceCode):
* inspector/front-end/inspector.html:

LayoutTests:

* inspector/debugger/live-edit-breakpoints.html:
* inspector/uisourcecode-revisions.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142474 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoWeb Inspector: fix closure compiler warnings in the profiler code
yurys@chromium.org [Mon, 11 Feb 2013 15:45:46 +0000 (15:45 +0000)]
Web Inspector: fix closure compiler warnings in the profiler code
https://bugs.webkit.org/show_bug.cgi?id=109432

Reviewed by Pavel Feldman.

Updated type annotations to match the code.

* inspector/front-end/NativeMemorySnapshotView.js:
* inspector/front-end/ProfilesPanel.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142473 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[QT] Regression (r142444): Broke qt linux minimal build
commit-queue@webkit.org [Mon, 11 Feb 2013 15:44:27 +0000 (15:44 +0000)]
[QT] Regression (r142444): Broke qt linux minimal build
https://bugs.webkit.org/show_bug.cgi?id=109423

Patch by Alexander Shalamov <alexander.shalamov@intel.com> on 2013-02-11
Reviewed by Kenneth Rohde Christiansen.

Test: cssom/cssvalue-comparison.html

* css/CSSValue.cpp:
(WebCore::CSSValue::equals):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142472 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoWeb Inspector: introduce WebInspector.TextUtils
commit-queue@webkit.org [Mon, 11 Feb 2013 15:40:18 +0000 (15:40 +0000)]
Web Inspector: introduce WebInspector.TextUtils
https://bugs.webkit.org/show_bug.cgi?id=109289

Patch by Andrey Lushnikov <lushnikov@chromium.org> on 2013-02-11
Reviewed by Pavel Feldman.

Add new WebInspector.TextUtils file and extract commonly used
text-operation subroutines from DefaultTextEditor into it.

No new tests: no change in behaviour.

* WebCore.gypi:
* WebCore.vcproj/WebCore.vcproj:
* inspector/compile-front-end.py:
* inspector/front-end/DefaultTextEditor.js:
(WebInspector.TextEditorMainPanel.TokenHighlighter.prototype._isWord):
(WebInspector.DefaultTextEditor.WordMovementController.prototype._rangeForCtrlArrowMove):
(WebInspector.TextEditorMainPanel.BraceHighlightController.prototype.handleSelectionChange):
* inspector/front-end/TextUtils.js: Added.
(WebInspector.TextUtils.isStopChar):
(WebInspector.TextUtils.isWordChar):
(WebInspector.TextUtils.isSpaceChar):
(WebInspector.TextUtils.isWord):
(WebInspector.TextUtils.isBraceChar):
* inspector/front-end/WebKit.qrc:
* inspector/front-end/inspector.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142471 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed EFL gardening.
ch.dumez@sisa.samsung.com [Mon, 11 Feb 2013 15:26:44 +0000 (15:26 +0000)]
Unreviewed EFL gardening.

- Rebaseline fast/dynamic/002.html on EFL port after r142015.
- Skip several compositing test cases that started failing after r142112.
- Skip several new Kronos WebGL conformance tests that are failing on EFL WK2.

* platform/efl-wk2/TestExpectations:
* platform/efl/fast/dynamic/002-expected.png:
* platform/efl/fast/dynamic/002-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142470 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoAdd basysKom to domainAffiliations in team.html
bruno.abinader@basyskom.com [Mon, 11 Feb 2013 15:12:34 +0000 (15:12 +0000)]
Add basysKom to domainAffiliations in team.html
https://bugs.webkit.org/show_bug.cgi?id=109306

Reviewed by Laszlo Gombos.

Register basysKom as contributing company in
http://www.webkit.org/team.html.

* team.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142469 268f45cc-cd09-0410-ab3c-d52691b4dbfc