WebKit-https.git
7 years agoA few MallocBench record/replay fixes
ggaren@apple.com [Mon, 14 Apr 2014 19:11:50 +0000 (19:11 +0000)]
A few MallocBench record/replay fixes
https://bugs.webkit.org/show_bug.cgi?id=131627

Reviewed by Andreas Kling.

* MallocBench/MallocBench/Interpreter.cpp:
(Interpreter::run): Accept 0-sized allocations without asserting because
WebKit does that sometimes.

* MallocBench/MallocBench/flickr.ops:
* MallocBench/MallocBench/flickr_memory_warning.ops:
* MallocBench/MallocBench/reddit.ops:
* MallocBench/MallocBench/reddit_memory_warning.ops:
* MallocBench/MallocBench/theverge.ops:
* MallocBench/MallocBench/theverge_memory_warning.ops: Updated these
recordings because a bug in the recording mechanism caused one out of
every few thousand slot values to be bogus.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167260 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[GTK] Unreviewed GTK gardening.
commit-queue@webkit.org [Mon, 14 Apr 2014 19:02:26 +0000 (19:02 +0000)]
[GTK] Unreviewed GTK gardening.

Patch by Eduardo Lima Mitev <elima@igalia.com> on 2014-04-14

* platform/gtk/TestExpectations: Update test expectations for new failing test 'editing/editability/ignored-content.html'.
* platform/gtk/inspector-protocol/dom/getAccessibilityPropertiesForNode-expected.txt: Rebaselined.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167259 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoVersioning.
bshafiei@apple.com [Mon, 14 Apr 2014 19:00:23 +0000 (19:00 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167258 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoKeep secondary tile grid for zoomed-out scale
antti@apple.com [Mon, 14 Apr 2014 18:40:04 +0000 (18:40 +0000)]
Keep secondary tile grid for zoomed-out scale
https://bugs.webkit.org/show_bug.cgi?id=131586

Reviewed by Darin Adler.

Source/WebCore:
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::updateContentsScale):

    Don't repaint tiled backing with setNeedsDisplay, it invalidates itself correctly in setContentsScale.
    Update custom child layers when tiled backing scale changes.

* platform/graphics/ca/mac/TileController.h:
* platform/graphics/ca/mac/TileController.mm:
(WebCore::TileController::TileController):
(WebCore::TileController::setNeedsDisplay):

    Drop the whole zoomed-out grid on full repaint.

(WebCore::TileController::setNeedsDisplayInRect):

    Drop changed zoomed-out tiles. A more sophisticated strategy is possible.

(WebCore::TileController::setContentsScale):

    Swap the zoomed-out grid in and out as needed.
    Repaint the active grid after scale change so the client does not have to.

(WebCore::TileController::contentsScale):

    Get the content scale from the tile grid so it is not kept in two places.

(WebCore::TileController::zoomedOutContentsScale):
(WebCore::TileController::setZoomedOutContentsScale):

    Drop the zoomed-out grid if it no longer matches the zoomed-out scale.

(WebCore::TileController::tileRevalidationTimerFired):
(WebCore::TileController::retainedTileBackingStoreMemory):
(WebCore::TileController::containerLayers):

    Return both zoomed-out tiles and the active tiles. Active tiles are on top.

(WebCore::TileController::numberOfUnparentedTiles):
(WebCore::TileController::removeUnparentedTilesNow):
* platform/graphics/ca/mac/TileGrid.h:
* platform/graphics/ca/mac/TileGrid.mm:
(WebCore::TileGrid::dropTilesInRect):

    Add a function for dropping tiles.

(WebCore::TileGrid::revalidateTiles):

Source/WebKit2:
* WebProcess/WebPage/mac/PlatformCALayerRemoteTiledBacking.cpp:
(WebKit::PlatformCALayerRemoteTiledBacking::PlatformCALayerRemoteTiledBacking):
(WebKit::PlatformCALayerRemoteTiledBacking::customSublayers):

    Always request new sublayer list from tile controller.

* WebProcess/WebPage/mac/PlatformCALayerRemoteTiledBacking.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167256 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoArray.prototype.concat should allocate output storage only once.
akling@apple.com [Mon, 14 Apr 2014 18:04:20 +0000 (18:04 +0000)]
Array.prototype.concat should allocate output storage only once.
<https://webkit.org/b/131609>

Do a first pass across 'this' and any arguments to compute the
final size of the resulting array from Array.prototype.concat.
This avoids having to grow the output incrementally as we go.

This also includes two other micro-optimizations:

- Mark getProperty() with ALWAYS_INLINE.

- Use JSArray::length() instead of taking the generic property
  lookup path when we know an argument is an Array.

My MBP says ~3% progression on Dromaeo/jslib-traverse-jquery.

Reviewed by Oliver & Darin.

* runtime/ArrayPrototype.cpp:
(JSC::getProperty):
(JSC::arrayProtoFuncConcat):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167255 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFixed svn:ignore on bmalloc.xcodeproj, it had erroneous leading spaces.
ap@apple.com [Mon, 14 Apr 2014 17:33:20 +0000 (17:33 +0000)]
Fixed svn:ignore on bmalloc.xcodeproj, it had erroneous leading spaces.

* bmalloc.xcodeproj: Modified property svn:ignore.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167254 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoMake WK(Web)View magnification setters actually use view-relative positions
timothy_horton@apple.com [Mon, 14 Apr 2014 17:27:59 +0000 (17:27 +0000)]
Make WK(Web)View magnification setters actually use view-relative positions
https://bugs.webkit.org/show_bug.cgi?id=131611
<rdar://problem/15965239>

Reviewed by Darin Adler.

* UIProcess/API/mac/WKView.mm:
(-[WKView setMagnification:centeredAtPoint:]):
(-[WKView setMagnification:]):
Use scalePageInViewCoordinates instead.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::scalePageInViewCoordinates):
* UIProcess/WebPageProxy.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::scalePageInViewCoordinates):
(WebKit::WebPage::pageScaleFactor):
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/WebPage.messages.in:
Add scalePageInViewCoordinates, which turns the scale centerpoint within the view
into what scalePage expects: a post-scale scroll offset.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167253 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed, rolling out r167249.
akling@apple.com [Mon, 14 Apr 2014 17:26:28 +0000 (17:26 +0000)]
Unreviewed, rolling out r167249.
https://bugs.webkit.org/show_bug.cgi?id=131621

broke 3 tests on cloop (Requested by kling on #webkit).

Reverted changeset:

"Array.prototype.concat should allocate output storage only
once."
https://bugs.webkit.org/show_bug.cgi?id=131609
http://trac.webkit.org/changeset/167249

Patch by Commit Queue <commit-queue@webkit.org> on 2014-04-14

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167252 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUpdate test result
oliver@apple.com [Mon, 14 Apr 2014 17:17:20 +0000 (17:17 +0000)]
Update test result

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167251 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFixed potential integer truncation.
commit-queue@webkit.org [Mon, 14 Apr 2014 16:31:43 +0000 (16:31 +0000)]
Fixed potential integer truncation.
https://bugs.webkit.org/show_bug.cgi?id=131615

Patch by Alex Christensen <achristensen@webkit.org> on 2014-04-14
Reviewed by Darin Adler.

* assembler/X86Assembler.h:
(JSC::X86Assembler::fillNops):
Truncate the size_t to an unsigned after it is limited to 15 instead of before.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167250 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoArray.prototype.concat should allocate output storage only once.
akling@apple.com [Mon, 14 Apr 2014 16:19:58 +0000 (16:19 +0000)]
Array.prototype.concat should allocate output storage only once.
<https://webkit.org/b/131609>

Do a first pass across 'this' and any arguments to compute the
final size of the resulting array from Array.prototype.concat.
This avoids having to grow the output incrementally as we go.

This also includes two other micro-optimizations:

- Mark getProperty() with ALWAYS_INLINE.

- Use JSArray::length() instead of taking the generic property
  lookup path when we know an argument is an Array.

My MBP says ~3% progression on Dromaeo/jslib-traverse-jquery.

Reviewed by Darin Adler.

* runtime/ArrayPrototype.cpp:
(JSC::getProperty):
(JSC::arrayProtoFuncConcat):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167249 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoOptimize Canvas fill and drawImage with SourceIn, DestinationIn, SourceOut, and Desti...
krit@webkit.org [Mon, 14 Apr 2014 16:02:03 +0000 (16:02 +0000)]
Optimize Canvas fill and drawImage with SourceIn, DestinationIn, SourceOut, and DestinationAtop using transparencyLayer.
https://bugs.webkit.org/show_bug.cgi?id=79659

Reviewed by Darin Adler.

Source/WebCore:
Optimize fill() and fillRect() operations in Canvas on composited contexts by
10 to 20 times on CG.

Replacing the ImageBuffer code by transparency layers allows the
graphics library to optimize the drawing.

Doing the same for drawImage() would give performance regressions.

An inline function will create a transparency layer for CG. Cairo graphics
does not composite correctly when a transparency layer gets created.
The inline function is just a NOOP for Cairo.

This fixes bug 131303 as well.

Added performance tests with r167124 already.

* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::CanvasRenderingContext2D::fillInternal):
(WebCore::CanvasRenderingContext2D::strokeInternal):
(WebCore::CanvasRenderingContext2D::beginCompositeLayer):
(WebCore::CanvasRenderingContext2D::endCompositeLayer):
(WebCore::CanvasRenderingContext2D::fillRect):
(WebCore::CanvasRenderingContext2D::strokeRect):
(WebCore::CanvasRenderingContext2D::drawTextInternal):
(WebCore::CanvasRenderingContext2D::fullCanvasCompositedFill): Deleted.
* html/canvas/CanvasRenderingContext2D.h:

LayoutTests:
Unskip previously failing tests.

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167248 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoLots of compositing test failures after r167152
timothy_horton@apple.com [Mon, 14 Apr 2014 15:42:28 +0000 (15:42 +0000)]
Lots of compositing test failures after r167152
https://bugs.webkit.org/show_bug.cgi?id=131574

Reviewed by Darin Adler.

* platform/graphics/GraphicsLayer.cpp:
(WebCore::dumpChildren):
(WebCore::GraphicsLayer::dumpProperties):
Make child-dumping recursive so that we can easily skip layers up to any depth.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167246 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFix incorrect indentations in CodeGeneratorJS.pm introduced in r165521
pmolnar.u-szeged@partner.samsung.com [Mon, 14 Apr 2014 12:45:01 +0000 (12:45 +0000)]
Fix incorrect indentations in CodeGeneratorJS.pm introduced in r165521
https://bugs.webkit.org/show_bug.cgi?id=131613

Reviewed by Csaba Osztrogonác.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
Fixed 5-space indentation.
* bindings/scripts/test/JS/JSTestNondeterministic.cpp:
Updated the tests accordingly.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167244 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFix commit-log-editor bug revealed by r165447
commit-queue@webkit.org [Mon, 14 Apr 2014 12:24:23 +0000 (12:24 +0000)]
Fix commit-log-editor bug revealed by r165447
https://bugs.webkit.org/show_bug.cgi?id=130676

Patch by Jozsef Berta <jberta.u-szeged@partner.samsung.com> on 2014-04-14
Reviewed by Csaba Osztrogonác.

* Scripts/commit-log-editor:
(createCommitMessage): Omitting empty Source/JavaScriptCore:... blocks.
Add \n before the first block too, because the longest common prefix now ends with only one newline.
(removeLongestCommonPrefixEndingInNewline): The longest common prefix ends with only one newline,
now the last block of the common prefix isn't duplicated below. Changing the function name accordingly.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167243 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[JSC] CSSStyleDeclaration report incorrect descriptor
rego@igalia.com [Mon, 14 Apr 2014 11:21:49 +0000 (11:21 +0000)]
[JSC] CSSStyleDeclaration report incorrect descriptor
https://bugs.webkit.org/show_bug.cgi?id=89697

Reviewed by Benjamin Poulain.

Source/WebCore:

Change descriptor of CSSStyleDeclaration properties in order to have
writable and enumerable attributes set to true. Configurable is kept to
false since the property is not deleteable.

Test: fast/dom/CSSStyleDeclaration/cssstyledeclaration-properties-descriptor.html

* bindings/js/JSCSSStyleDeclarationCustom.cpp:
(WebCore::JSCSSStyleDeclaration::getOwnPropertySlotDelegate): Only set
DontDelete attribute when creating the descriptor for
CSSStyleDeclaration properties.

LayoutTests:

Add new test to check the descriptor of CSSStyleDeclaration properties.

* fast/dom/CSSStyleDeclaration/cssstyledeclaration-properties-descriptor-expected.txt: Added.
* fast/dom/CSSStyleDeclaration/cssstyledeclaration-properties-descriptor.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167240 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[JSC] Improve the call site of string comparison in some hot path
benjamin@webkit.org [Mon, 14 Apr 2014 08:46:27 +0000 (08:46 +0000)]
[JSC] Improve the call site of string comparison in some hot path
https://bugs.webkit.org/show_bug.cgi?id=131605

Reviewed by Darin Adler.

Source/JavaScriptCore:

When resolved, the String of a JSString is never null. It can be empty but not null.
The null value is reserved for ropes but those would be resolved when getting the value.

Consequently, we should use the equal() operation that do not handle null values.
Using the StringImpl directly is already common in StringPrototype but it was not used here for some reason.

* jit/JITOperations.cpp:
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::equalSlowCaseInline):
(JSC::JSValue::strictEqualSlowCaseInline):
(JSC::JSValue::pureStrictEqual):

Source/WebCore:

* dom/NodeRareData.h:
(WebCore::NodeListsNodeData::NodeListCacheMapEntryHash::equal):
We should use the right comparison operation depending on the Hash Traits.

Source/WTF:

* wtf/text/StringImpl.cpp:
(WTF::stringImplContentEqual):
Inline that function to reduce the call overhead for JSC.
This is only inlined twice, it is not catastrophic for our binary.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167220 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoMerge MemoryPressureHandler{Mac,IOS}.mm
akling@apple.com [Mon, 14 Apr 2014 08:45:23 +0000 (08:45 +0000)]
Merge MemoryPressureHandler{Mac,IOS}.mm
<https://webkit.org/b/131603>

Join the iOS and Mac platform implementations of MemoryPressureHandler
under the shared Cocoa banner. Each platform still has its own quirky
behavior, but this puts them in the same file so we can start sharing.

Reviewed by Darin Adler.

* WebCore.xcodeproj/project.pbxproj:
* platform/cocoa/MemoryPressureHandlerCocoa.mm: Renamed from Source/WebCore/platform/mac/MemoryPressureHandlerMac.mm.
(WebCore::MemoryPressureHandler::platformReleaseMemory):
(WebCore::MemoryPressureHandler::install):
(WebCore::MemoryPressureHandler::uninstall):
(WebCore::MemoryPressureHandler::holdOff):
(WebCore::MemoryPressureHandler::respondToMemoryPressure):
(WebCore::respondToMemoryPressureCallback):
(WebCore::MemoryPressureHandler::installMemoryReleaseBlock):
(WebCore::MemoryPressureHandler::setReceivedMemoryPressure):
(WebCore::MemoryPressureHandler::hasReceivedMemoryPressure):
(WebCore::MemoryPressureHandler::clearMemoryPressure):
(WebCore::MemoryPressureHandler::shouldWaitForMemoryClearMessage):
(WebCore::MemoryPressureHandler::respondToMemoryPressureIfNeeded):
* platform/ios/MemoryPressureHandlerIOS.mm: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167219 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoCSS JIT: compile the :nth-child() pseudo class
benjamin@webkit.org [Mon, 14 Apr 2014 08:42:53 +0000 (08:42 +0000)]
CSS JIT: compile the :nth-child() pseudo class
https://bugs.webkit.org/show_bug.cgi?id=131602

Reviewed by Andreas Kling.

Source/WebCore:

Tests: fast/selectors/nth-child-bounds.html
       fast/selectors/nth-child-with-backtracking.html

Compile the :nth-child() pseudo class function + some related clean up.

* css/CSSSelector.cpp:
(WebCore::CSSSelector::nthA):
(WebCore::CSSSelector::nthB):
Expose the parsed value of an+b filters. Those values are used to compile
the selector.

(WebCore::CSSSelector::RareData::parseNth):
While working on the patch, I discovered some severe issues with the parsing of large
values of a and/or b. The problem comes from the way the CSS parser handle the values:
the values are parsed as a double then converted to an AtomicString for CSSSelector.

There are many problems related to large values but we never got bug reports because
they are very uncommon. Fixing those problem would require changing the parser.

Here, CSSSelector::RareData::parseNth() is hardened a little bit to avoid absurd values
of a and b.

* css/CSSSelector.h:
* cssjit/RegisterAllocator.h:
It looks like I forgot RDX in the list of register. Add it now since it is required
for SelectorCodeGenerator::modulo().

* cssjit/SelectorCompiler.cpp:
(WebCore::SelectorCompiler::addPseudoType):
(WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
(WebCore::SelectorCompiler::SelectorCodeGenerator::modulo):
(WebCore::SelectorCompiler::SelectorCodeGenerator::moduloIsZero):
There is no modulo() operation exposed on the macro assemblers. This is a basic
implementation on top of idiv for x86_64.

Since idiv works exclusively with RAX and RDX, most of the code is about getting
those registers efficiently.

(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
(WebCore::SelectorCompiler::setElementChildIndex):
(WebCore::SelectorCompiler::setElementChildIndexAndUpdateStyle):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
This is pretty much a straightforward implementation of :nth-child().
The first part counts the number of previous elements.
The second part updates the tree if this is style resolution.
The last part compares the number of previous siblings to an+b to find if the filter matches.

The only part that diverges from SelectorChecker is how childIndex is used. Instead of testing it
at every iteration, only the first iteration handle the cache.

* dom/ElementRareData.h:
(WebCore::ElementRareData::childIndexMemoryOffset):
* dom/Node.h:
(WebCore::Node::rareDataMemoryOffset):
(WebCore::Node::flagHasRareData):
* rendering/style/RenderStyle.h:

LayoutTests:

Add a couple of test for the new code:
-nth-child-with-backtracking tests the register pressure with backtracking.
-nth-child-bounds tests invalid selectors do not cause problems.

* fast/selectors/nth-child-bounds-expected.txt: Added.
* fast/selectors/nth-child-bounds.html: Added.
* fast/selectors/nth-child-with-backtracking-expected.txt: Added.
* fast/selectors/nth-child-with-backtracking.html: Added.

* http/tests/security/video-poster-cross-origin-crash.html:
Now that CSSSelector filters out ridiculously bad values, the pseudo class in this test
was no longer executed.
The particular value of nth-child is irrelevant for this test, all it needs it the tree marking
while not matching.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167218 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoSupport setting a background color on page overlays
timothy_horton@apple.com [Mon, 14 Apr 2014 08:10:22 +0000 (08:10 +0000)]
Support setting a background color on page overlays
https://bugs.webkit.org/show_bug.cgi?id=131600

Reviewed by Darin Adler.

* WebProcess/WebPage/PageOverlay.cpp:
(WebKit::PageOverlay::PageOverlay):
(WebKit::PageOverlay::bounds):
(WebKit::PageOverlay::startFadeInAnimation):
(WebKit::PageOverlay::startFadeOutAnimation):
(WebKit::PageOverlay::startFadeAnimation):
(WebKit::PageOverlay::fadeAnimationTimerFired):
Minor style adjustments.
Use more references everywhere.

(WebKit::PageOverlay::setBackgroundColor):
(WebKit::PageOverlay::setNeedsDisplay):
* WebProcess/WebPage/PageOverlay.h:
(WebKit::PageOverlay::backgroundColor):
Keep track of our background color, and push it down to the page overlay controller if we have one.

* WebProcess/WebPage/PageOverlayController.cpp:
(WebKit::updateOverlayGeometry):
(WebKit::PageOverlayController::clearPageOverlay):
Page overlays will always have the right size, and just use drawsContents to determine
whether or not they should tile/have backing store/etc.

(WebKit::PageOverlayController::installPageOverlay):
(WebKit::PageOverlayController::didChangeOverlayBackgroundColor):
Set the background color of the layer.

* WebProcess/WebPage/PageOverlayController.h:

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::WebPage):
References!

* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::setDocumentOverlayRootLayer):
Mark the compositing tree as needing a rebuild when we get a new document-relative
overlay layer; otherwise we were depending on something else coming along and
requiring a rebuild, which didn't always happen.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167216 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[CSS Regions] Hit testing doesn't work in video
mihnea@adobe.com [Mon, 14 Apr 2014 07:50:51 +0000 (07:50 +0000)]
[CSS Regions] Hit testing doesn't work in video
https://bugs.webkit.org/show_bug.cgi?id=131485

Reviewed by Andrei Bucur.

Source/WebCore:

When hit testing flow thread layer through the region layer,
we have to pass the depth sorting information and take that
into account for the situation in which an ancestor of the region
has preserve-3d transform style.

Test: fast/regions/hit-test-region-preserve3d-container.html

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::hitTestLayer):
(WebCore::RenderLayer::hitTestFlowThreadIfRegionForFragments):
* rendering/RenderLayer.h:

LayoutTests:

* fast/regions/hit-test-region-preserve3d-container-expected.txt: Added.
* fast/regions/hit-test-region-preserve3d-container.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167215 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUpdate html5lib test data to latest version
commit-queue@webkit.org [Mon, 14 Apr 2014 07:19:39 +0000 (07:19 +0000)]
Update html5lib test data to latest version
https://bugs.webkit.org/show_bug.cgi?id=131588

Patch by Koji Ishii <kojishi@gmail.com> on 2014-04-14
Reviewed by Darin Adler.

This patch imports the latest version of the "dat" files from
https://github.com/html5lib/html5lib-tests
Also updated expected files for failures of new tests.

* html5lib/generated/run-adoption01-data-expected.txt: Passes now as a bug in the test was fixed.
* html5lib/generated/run-adoption01-write-expected.txt: Supressed new failures.
* html5lib/generated/run-inbody01-data-expected.txt: Added.
* html5lib/generated/run-inbody01-data.html: Added.
* html5lib/generated/run-inbody01-write-expected.txt: Added.
* html5lib/generated/run-inbody01-write.html: Added.
* html5lib/generated/run-main-element-data-expected.txt: Added.
* html5lib/generated/run-main-element-data.html: Added.
* html5lib/generated/run-main-element-write-expected.txt: Added.
* html5lib/generated/run-main-element-write.html: Added.
* html5lib/generated/run-template-data-expected.txt: Supressed new failures.
* html5lib/generated/run-template-write-expected.txt: Supressed new failures.
* html5lib/generated/run-tests21-data-expected.txt: Supressed new failures.
* html5lib/generated/run-tests21-write-expected.txt: Supressed new failures.
* html5lib/generated/run-tests25-data-expected.txt: Supressed new failures.
* html5lib/generated/run-tests25-write-expected.txt: Supressed new failures.
* html5lib/resources/adoption01.dat:
* html5lib/resources/adoption02.dat:
* html5lib/resources/comments01.dat:
* html5lib/resources/doctype01.dat:
* html5lib/resources/domjs-unsafe.dat:
* html5lib/resources/entities01.dat:
* html5lib/resources/entities02.dat:
* html5lib/resources/html5test-com.dat:
* html5lib/resources/inbody01.dat:
* html5lib/resources/isindex.dat:
* html5lib/resources/main-element.dat: Added.
* html5lib/resources/pending-spec-changes-plain-text-unsafe.dat:
* html5lib/resources/pending-spec-changes.dat:
* html5lib/resources/plain-text-unsafe.dat:
* html5lib/resources/scriptdata01.dat:
* html5lib/resources/tables01.dat:
* html5lib/resources/template.dat:
* html5lib/resources/tests1.dat:
* html5lib/resources/tests10.dat:
* html5lib/resources/tests14.dat:
* html5lib/resources/tests15.dat:
* html5lib/resources/tests16.dat:
* html5lib/resources/tests17.dat:
* html5lib/resources/tests18.dat:
* html5lib/resources/tests19.dat:
* html5lib/resources/tests2.dat:
* html5lib/resources/tests20.dat:
* html5lib/resources/tests21.dat:
* html5lib/resources/tests22.dat:
* html5lib/resources/tests23.dat:
* html5lib/resources/tests25.dat:
* html5lib/resources/tests26.dat:
* html5lib/resources/tests3.dat:
* html5lib/resources/tests4.dat:
* html5lib/resources/tests5.dat:
* html5lib/resources/tests6.dat:
* html5lib/resources/tests7.dat:
* html5lib/resources/tests8.dat:
* html5lib/resources/tests9.dat:
* html5lib/resources/tests_innerHTML_1.dat:
* html5lib/resources/tricky01.dat:
* html5lib/resources/webkit01.dat:
* html5lib/resources/webkit02.dat:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167213 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agouserVisibleString should not try to "encode" host names
darin@apple.com [Mon, 14 Apr 2014 06:58:29 +0000 (06:58 +0000)]
userVisibleString should not try to "encode" host names
https://bugs.webkit.org/show_bug.cgi?id=131587
rdar://problem/14686849

Reviewed by Alexey Proskuryakov.

Source/WebCore:

* WebCore.exp.in: Updated for WebCoreNSURLExtras argument type changes.

* platform/mac/WebCoreNSURLExtras.h: Removed unneeded code to make this
Objective-C++ header compile in plain C++ files, which we never need to do.
Added missing argument name, baseURL, and changed mysterious CFIndex arguments
to the correct type, CFURLComponentType.

* platform/mac/WebCoreNSURLExtras.mm:
(WebCore::isLookalikeCharacter): Removed the inline keyword from this, and added
more lookalike characters from the Mozilla list referenced here.
(WebCore::URLByTruncatingOneCharacterBeforeComponent): Updated argument type.
(WebCore::dataForURLComponentType): Ditto.
(WebCore::userVisibleString): Only call mapHostNames if host name decoding is
needed; no encoding here.

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Added URLExtras.mm.

* TestWebKitAPI/Tests/mac/URLExtras.mm: Added. A few tests for WebCoreNSURLExtras.
Coverage is tiny at this point; we could add a lot more cases!

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167211 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoREGRESSION (r158617): Find on Page can get stuck in a loop when the search string...
darin@apple.com [Mon, 14 Apr 2014 06:55:15 +0000 (06:55 +0000)]
REGRESSION (r158617): Find on Page can get stuck in a loop when the search string occurs in an <input> in a <fieldset>
https://bugs.webkit.org/show_bug.cgi?id=126322

Reviewed by Ryosuke Niwa.

Source/WebCore:

* dom/Element.cpp:
(WebCore::Element::canContainRangeEndPoint): Now returns false when the role of the element
is "img". This is the same rule that's hard-coded in isRenderReplacedElement for the same
reason. Need more test coverage to make sure this role feature works consistently.

* dom/Element.h: Made canContainRangeEndPoint no longer inline since it's not just a
return statement any more.

* dom/Position.cpp:
(WebCore::Position::isCandidate): Took out code that calls isRendererReplacedElement
that was added in r158617; not needed now that we updated canContainRangeEndPoint.

* dom/Range.cpp:
(WebCore::Range::firstNode): Removed code here that called isRendererReplacedElement.
This was the wrong level to be adding editing logic, and there's a FIXME here to that
effect, which we are now deleting. This was the change that broke Find.

* editing/TextIterator.cpp: Added a comment about the redundancy between the
isRendererReplacedElement and editingIgnoresContent functions.

* html/HTMLHRElement.cpp:
(WebCore::HTMLHRElement::canContainRangeEndPoint): Call through to base class instead
of just returning true when we have child nodes. Lets Element::canContainRangeEndPoint
do its thing.
* html/HTMLHRElement.h: Ditto.

* html/HTMLObjectElement.cpp:
(WebCore::HTMLObjectElement::canContainRangeEndPoint): Call through to base class instead
of just returning true when we have fallback content. Lets Element::canContainRangeEndPoint
do its thing.
* html/HTMLObjectElement.h: Ditto.

* testing/Internals.cpp:
(WebCore::Internals::countMatchesForText): Set the limit to 1000 instead of infinite.

LayoutTests:

* editing/text-iterator/count-matches-in-form-expected.txt: Added.
* editing/text-iterator/count-matches-in-form.html: Added.

* fast/text/window-find.html: Tweaked the test a bit, making it a little easier to
see if the test hasn't even run.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167210 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUse #include instead of #import
ljaehun.lim@samsung.com [Mon, 14 Apr 2014 05:29:47 +0000 (05:29 +0000)]
Use #include instead of #import
https://bugs.webkit.org/show_bug.cgi?id=131604

Reviewed by Darin Adler.

Fix "warning: #import is a deprecated GCC extension [-Wdeprecated]".

* TestWebKitAPI/Tests/WTF/StringView.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167209 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUse unique_ptr for FillLayer::m_next
darin@apple.com [Mon, 14 Apr 2014 04:28:25 +0000 (04:28 +0000)]
Use unique_ptr for FillLayer::m_next
https://bugs.webkit.org/show_bug.cgi?id=75222

Reviewed by Dan Bernstein.

* css/DeprecatedStyleBuilder.cpp:
(WebCore::ApplyPropertyFillLayer::applyInheritValue):
Renamed currChild to just child and prevChild to previousChild.
Changed code to pass ownership of the new FillLayer immediately.
Changed some loops to be for loops.
(WebCore::ApplyPropertyFillLayer::applyInitialValue): Ditto.
(WebCore::ApplyPropertyFillLayer::applyValue): Ditto.

* rendering/RenderBox.cpp:
(WebCore::RenderBox::backgroundHasOpaqueTopLayer): Use reference
instead of pointer.
(WebCore::RenderBox::paintFillLayers): Ditto.
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::paintFillLayerExtended): Ditto.

* rendering/style/FillLayer.cpp:
(WebCore::FillLayer::FillLayer): Removed m_next initializer since it is now an
OwnPtr and initializes automatically. In a couple other places, changed m_next
initializer to use make_unique.
(WebCore::FillLayer::~FillLayer): Wrote loop for deletion of m_next.
(WebCore::FillLayer::operator=): Removed unneeded explicit deletion of m_next.
(WebCore::FillLayer::cullEmptyLayers): Ditto.
(WebCore::clipMax): Marked inline.
(WebCore::FillLayer::computeClipMax): Rewrote to use a loop instead of recursion.
(WebCore::FillLayer::containsImage): Ditto.
(WebCore::FillLayer::imagesAreLoaded): Ditto.
(WebCore::FillLayer::hasOpaqueImage): Rewrote to use && instead of multiple if.
(WebCore::FillLayer::hasImage): Rewrote to use a loop instead of recursion.
(WebCore::FillLayer::hasFixedImage): Ditto.

* rendering/style/FillLayer.h: Changed m_next to be a unique_ptr.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167208 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[QuickLook] Move file system-related code into WebKit
aestes@apple.com [Mon, 14 Apr 2014 02:57:33 +0000 (02:57 +0000)]
[QuickLook] Move file system-related code into WebKit
https://bugs.webkit.org/show_bug.cgi?id=131597

Reviewed by Dan Bernstein.

Source/WebCore:

QuickLookHandle should not be responsible for saving a copy of the
original document to disk as it might be running in a process that
either can't write to disk or can only write into a sandboxed
container. To account for this, we need to separate the concern of
quick look conversion from that of original document saving so that
each activity can run in the appropriate process.

Created a new interface between WebCore and WebKit by adding a client
(QuickLookHandleClient) to QuickLookHandle which is notified of incoming
bytes. A new function on FrameLoaderClient tells WebKit when a new
QuickLookHandle is created, giving WebKit the opportunity to register a
handle client. Moved the existing file system-related code as well as
code only needed by WebKit1 in QuickLookHandle into a new WebKit1
QuickLookHandleClient subclass.

* WebCore.exp.in:
* WebCore.xcodeproj/project.pbxproj: Made QuickLookHandleClient.h Private.
* loader/FrameLoaderClient.h:
(WebCore::FrameLoaderClient::didCreateQuickLookHandle): Added.
* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::didCreateQuickLookHandle): Called FrameLoaderClient::didCreateQuickLookHandle().
* loader/ResourceLoader.h:
* platform/network/ResourceHandle.h: Made m_quickLook a unique_ptr.
(WebCore::ResourceHandle::setQuickLookHandle): Changed to take a unique_ptr.
* platform/network/ResourceHandleClient.h:
(WebCore::ResourceHandleClient::didCreateQuickLookHandle): Added.
* platform/network/ios/QuickLook.h: Added m_client, gave m_converter a stronger type, and made m_nsResponse a RetainPtr.
(WebCore::QuickLookHandle::setClient): Added.
(WebCore::QuickLookHandle::firstRequestURL): Added.
(WebCore::QuickLookHandle::converter): Added.
* platform/network/ios/QuickLook.mm:
(WebCore::registerQLPreviewConverterIfNeeded):
(WebCore::createTemporaryFileForQuickLook): Made non-static.
(WebCore::emptyClient): Returned a shared empty QuickLookHandleClient.
(WebCore::QuickLookHandle::QuickLookHandle): Removed file system and WebKit1-only code.
(WebCore::QuickLookHandle::create): Changed to return a unique_ptr.
(WebCore::QuickLookHandle::nsResponse):
(WebCore::QuickLookHandle::didReceiveDataArray): Removed file system code and called QuickLookHandleClient::didReceiveDataArray() instead.
(WebCore::QuickLookHandle::didReceiveData): Removed file system code and called QuickLookHandleClient::didReceiveData() instead.
(WebCore::QuickLookHandle::didFinishLoading): Removed file system code and called QuickLookHandleClient::didFinishLoading() instead.
(WebCore::QuickLookHandle::didFail): Removed file system and WebKit1-only code, calling QuickLookHandleClient::didFail() instead.
(WebCore::QuickLookHandle::~QuickLookHandle): Removed file system and WebKit1-only code. Cleared our reference to m_client.
(WebCore::QuickLookHandle::previewFileName): Retrieved from m_converter.
(WebCore::QuickLookHandle::previewRequestURL): Ditto.
* platform/network/ios/QuickLookHandleClient.h: Added.
(WebCore::QuickLookHandleClient::~QuickLookHandleClient):
(WebCore::QuickLookHandleClient::didReceiveDataArray):
(WebCore::QuickLookHandleClient::didReceiveData):
(WebCore::QuickLookHandleClient::didFinishLoading):
(WebCore::QuickLookHandleClient::didFail):

Source/WebKit/mac:

Moved file system and WebKit1-only code from QuickLookHandle into a new
QuickLookHandleClient subclass.

* WebCoreSupport/WebFrameLoaderClient.h:
* WebCoreSupport/WebFrameLoaderClient.mm:

Source/WebKit2:

* WebProcess/Network/WebResourceLoader.h: Made m_quickLookHandle a unique_ptr.
* WebProcess/ios/WebResourceLoaderIOS.mm:
(WebKit::WebResourceLoader::setUpQuickLookHandleIfNeeded):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167207 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoRelax adoption requirements of RefCounted objects that are NeverDestroyed
aestes@apple.com [Mon, 14 Apr 2014 01:35:27 +0000 (01:35 +0000)]
Relax adoption requirements of RefCounted objects that are NeverDestroyed
https://bugs.webkit.org/show_bug.cgi?id=131593

Reviewed by Dan Bernstein.

RefCounted objects that are created by NeverDestroyed<> won't have a
RefPtr adopting them, so call relaxAdoptionRequirements().

* wtf/NeverDestroyed.h:
(WTF::NeverDestroyed::NeverDestroyed):
(WTF::NeverDestroyed::MaybeRelax::MaybeRelax):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167206 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoAdded some website recordings to MallocBench -- taken from Membuster
ggaren@apple.com [Mon, 14 Apr 2014 00:02:08 +0000 (00:02 +0000)]
Added some website recordings to MallocBench -- taken from Membuster
https://bugs.webkit.org/show_bug.cgi?id=131601

Reviewed by Ryosuke Niwa.

Added flickr, reddit, and theverge -- each recorded from Membuster's
cache, with and without sending Safari a low memory warning.

* MallocBench/MallocBench.xcodeproj/project.pbxproj:
* MallocBench/MallocBench/Benchmark.cpp:
* MallocBench/MallocBench/flickr.cpp: Added.
(benchmark_flickr):
(benchmark_flickr_memory_warning):
* MallocBench/MallocBench/flickr.h: Added.
* MallocBench/MallocBench/flickr.ops: Added.
* MallocBench/MallocBench/flickr_memory_warning.ops: Added.
* MallocBench/MallocBench/reddit.cpp: Added.
(benchmark_reddit):
(benchmark_reddit_memory_warning):
* MallocBench/MallocBench/reddit.h: Added.
* MallocBench/MallocBench/reddit.ops: Added.
* MallocBench/MallocBench/reddit_memory_warning.ops: Added.
* MallocBench/MallocBench/theverge.cpp: Added.
(benchmark_theverge):
(benchmark_theverge_memory_warning):
* MallocBench/MallocBench/theverge.h: Added.
* MallocBench/MallocBench/theverge.ops: Added.
* MallocBench/MallocBench/theverge_memory_warning.ops: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167205 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFixed some mbmalloc exports
ggaren@apple.com [Sun, 13 Apr 2014 23:28:59 +0000 (23:28 +0000)]
Fixed some mbmalloc exports
https://bugs.webkit.org/show_bug.cgi?id=131599

Reviewed by Ryosuke Niwa.

* bmalloc.xcodeproj/project.pbxproj: Made some headers a private part
of the project, so we can call them from API.

* bmalloc/mbmalloc.cpp: Marked the mbmalloc functions with default
visibility, so they show up as exported in the .dylib.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167204 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoMallocBench record/replay should support realloc
ggaren@apple.com [Sun, 13 Apr 2014 23:21:20 +0000 (23:21 +0000)]
MallocBench record/replay should support realloc
https://bugs.webkit.org/show_bug.cgi?id=131598

Reviewed by Ryosuke Niwa.

* MallocBench/MallocBench.xcodeproj/project.pbxproj: Fixed some linkage
issues that caused us not to fully link to system malloc in the default
case. Also marked mbmalloc.dylib as required so the error message will
be clearer if we mess up.

* MallocBench/MallocBench/Interpreter.cpp:
(Interpreter::run):
* MallocBench/MallocBench/Interpreter.h: Added the realloc case, and
upgraded one-letter names to full words.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167203 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoREGRESSION (r167164): -[WKNSURLSessionLocal _getCookieHeadersForTask:completionHandle...
aestes@apple.com [Sun, 13 Apr 2014 20:02:13 +0000 (20:02 +0000)]
REGRESSION (r167164): -[WKNSURLSessionLocal _getCookieHeadersForTask:completionHandler:] _block_invoke can access a deallocated completionHandler
https://bugs.webkit.org/show_bug.cgi?id=131595

Reviewed by Dan Bernstein.

Make a copy of completionHandler and release it after we're done with it.

* Shared/mac/CookieStorageShim.mm:
(-[WKNSURLSessionLocal _getCookieHeadersForTask:completionHandler:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167202 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoDon't use ImportanceAssertion on iOS
psolanki@apple.com [Sun, 13 Apr 2014 19:23:43 +0000 (19:23 +0000)]
Don't use ImportanceAssertion on iOS
https://bugs.webkit.org/show_bug.cgi?id=131481
<rdar://problem/16575830>

Reviewed by Darin Adler.

We have other API to mark processes as being in use on iOS. No need to use ImportanceAssertion.

* Platform/IPC/MessageDecoder.cpp:
* Platform/IPC/MessageDecoder.h:
* Platform/IPC/mac/ConnectionMac.cpp:
(IPC::Connection::receiveSourceEventHandler):
* Platform/IPC/mac/ImportanceAssertion.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167201 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoMove early return out of dispatch_async() block so we can return from willSendRequest...
psolanki@apple.com [Sun, 13 Apr 2014 19:20:11 +0000 (19:20 +0000)]
Move early return out of dispatch_async() block so we can return from willSendRequest quickly
https://bugs.webkit.org/show_bug.cgi?id=131478
<rdar://problem/16575535>

Reviewed by Alexey Proskuryakov.

Do a quick check to see if we need to synthesize the redirect response on the dispatch queue
and return from willSendRequest callback quickly instead of always doing an effectively synchronous
call to the main thread. We can't call synthesizeRedirectResponseIfNecessary on the dispatch
queue since that accesses the ResourceRequest.

No new tests because no change in functionality.

* platform/network/cf/ResourceHandleCFURLConnectionDelegate.h:
* platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::setupRequest): Save the
request scheme to use later for early return from willSendRequest.
(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167200 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoRewrite Function.bind as a builtin
oliver@apple.com [Sun, 13 Apr 2014 18:01:54 +0000 (18:01 +0000)]
Rewrite Function.bind as a builtin
https://bugs.webkit.org/show_bug.cgi?id=131083

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

This change removes the existing function.bind implementation
entirely so JSBoundFunction is no more.

Instead we just return a regular JS closure with a few
private properties hanging off it that allow us to perform
the necessary bound function fakery.  While most of this is
simple, a couple of key changes:

- The parser and lexer now directly track whether they're
  parsing code for call or construct and convert the private
  name @IsConstructor into TRUETOK or FALSETOK as appropriate.
  This automatically gives us the ability to vary behaviour
  from within the builtin. It also leaves a lot of headroom
  for trivial future improvements.
- The instanceof operator now uses the prototypeForHasInstance
  private name, and we have a helper function to ensure that
  all objects that need to can update their magical 'prototype'
  property pair correctly.

* API/JSScriptRef.cpp:
(parseScript):
* JavaScriptCore.xcodeproj/project.pbxproj:
* builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::createBuiltinExecutable):
* builtins/Function.prototype.js:
(bind.bindingFunction):
(bind.else.bindingFunction):
(bind):
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::generateFunctionCodeBlock):
* bytecompiler/NodesCodegen.cpp:
(JSC::InstanceOfNode::emitBytecode):
* interpreter/Interpreter.cpp:
* parser/Lexer.cpp:
(JSC::Lexer<T>::Lexer):
(JSC::Lexer<LChar>::parseIdentifier):
(JSC::Lexer<UChar>::parseIdentifier):
* parser/Lexer.h:
* parser/Parser.cpp:
(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::parseInner):
* parser/Parser.h:
(JSC::parse):
* parser/ParserModes.h:
* runtime/CodeCache.cpp:
(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):
* runtime/CommonIdentifiers.h:
* runtime/Completion.cpp:
(JSC::checkSyntax):
* runtime/Executable.cpp:
(JSC::ProgramExecutable::checkSyntax):
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::addFunctionProperties):
(JSC::functionProtoFuncBind): Deleted.
* runtime/JSBoundFunction.cpp: Removed.
* runtime/JSBoundFunction.h: Removed.
* runtime/JSFunction.cpp:
(JSC::RetrieveCallerFunctionFunctor::RetrieveCallerFunctionFunctor):
(JSC::RetrieveCallerFunctionFunctor::operator()):
(JSC::retrieveCallerFunction):
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::defineOwnProperty):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncSetTypeErrorAccessor):
* runtime/JSGlobalObjectFunctions.h:
* runtime/JSObject.h:
(JSC::JSObject::inlineGetOwnPropertySlot):

Source/WebCore:

Switch WebCore to use the helper functions when defining the
prototype properties on DOM constructors, and update bindings
tests accordingly.

* bindings/js/JSImageConstructor.cpp:
(WebCore::JSImageConstructor::finishCreation):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateConstructorHelperMethods):
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
(WebCore::JSTestActiveDOMObjectConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
(WebCore::JSTestCustomNamedGetterConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
(WebCore::JSTestEventConstructorConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
(WebCore::JSTestEventTargetConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestException.cpp:
(WebCore::JSTestExceptionConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
(WebCore::JSTestGenerateIsReachableConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterfaceConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
(WebCore::JSTestNamedConstructorConstructor::finishCreation):
(WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestNode.cpp:
(WebCore::JSTestNodeConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::JSTestObjConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
(WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
(WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
(WebCore::JSTestTypedefsConstructor::finishCreation):
* bindings/scripts/test/JS/JSattribute.cpp:
(WebCore::JSattributeConstructor::finishCreation):
* bindings/scripts/test/JS/JSreadonly.cpp:
(WebCore::JSreadonlyConstructor::finishCreation):

LayoutTests:

Testing.

* js/dom/function-bind-expected.txt:
* js/regress/function-bind-expected.txt: Added.
* js/regress/function-bind.html: Added.
* js/regress/script-tests/function-bind.js: Added.
(foo):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167199 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS WK2] Hook up scrolling tree nodes when coming out of the page cache
simon.fraser@apple.com [Sun, 13 Apr 2014 16:41:29 +0000 (16:41 +0000)]
[iOS WK2] Hook up scrolling tree nodes when coming out of the page cache
https://bugs.webkit.org/show_bug.cgi?id=131577

Reviewed by Tim Horton.

The call to scrollingCoordinator->frameViewRootLayerDidChange() was inside
a #if !PLATFORM(IOS) block, but now that we use the ScrollingCoordinator
for WK2 we want to call this.

* loader/HistoryController.cpp:
(WebCore::HistoryController::restoreScrollPositionAndViewState):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167198 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed build fix after r167196.
zandobersek@gmail.com [Sun, 13 Apr 2014 14:59:41 +0000 (14:59 +0000)]
Unreviewed build fix after r167196.

* platform/RemoteCommandListener.cpp:
(WebCore::RemoteCommandListener::create): Fall back to using the new operator
for allocating RemoteCommandListener object. Using std::make_unique() requires
for the operator to be public, which doesn't work well with the static create()
method.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167197 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoRemove unnecessary uses of std::move() in return statements
zandobersek@gmail.com [Sun, 13 Apr 2014 14:18:48 +0000 (14:18 +0000)]
Remove unnecessary uses of std::move() in return statements
https://bugs.webkit.org/show_bug.cgi?id=131457

Reviewed by Darin Adler.

Don't use std::move() in return statements unless necessary as it inhibits
named return value optimizations as performed by compilers.

* Modules/battery/BatteryManager.cpp:
(WebCore::BatteryManager::create):
* html/FormController.cpp:
(WebCore::FormController::createSavedFormStateMap):
* html/canvas/WebGLRenderingContext.cpp:
(WebCore::WebGLRenderingContext::create):
* platform/RemoteCommandListener.cpp:
(WebCore::RemoteCommandListener::create):
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayer::create):
* platform/ios/RemoteCommandListenerIOS.mm:
(WebCore::RemoteCommandListener::create):
* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::setupFilters):
* rendering/style/CounterDirectives.cpp:
(WebCore::clone):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167196 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed, rolling out r167168 and r167194.
commit-queue@webkit.org [Sun, 13 Apr 2014 11:23:23 +0000 (11:23 +0000)]
Unreviewed, rolling out r167168 and r167194.
https://bugs.webkit.org/show_bug.cgi?id=131589

Caused massive ASSERTION failures on the GTK Debug bot
(Requested by philn on #webkit).

Reverted changesets:

"[GTK] Add HighDPI support for non-accelerated compositing
contents"
https://bugs.webkit.org/show_bug.cgi?id=131562
http://trac.webkit.org/changeset/167168

Source/WebCore:

"Unreviewed. Fix GTK+ build with recent cairo and GTK+ after
r167168."
http://trac.webkit.org/changeset/167194

Source/WebKit2:

"Unreviewed. Fix GTK+ build with recent cairo and GTK+ after
r167168."
http://trac.webkit.org/changeset/167194

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167195 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed. Fix GTK+ build with recent cairo and GTK+ after r167168.
carlosgc@webkit.org [Sun, 13 Apr 2014 09:46:34 +0000 (09:46 +0000)]
Unreviewed. Fix GTK+ build with recent cairo and GTK+ after r167168.

* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkitWebViewBaseCreateWebPage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167194 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[GStreamer] No CORS support for media elements
commit-queue@webkit.org [Sun, 13 Apr 2014 09:33:30 +0000 (09:33 +0000)]
[GStreamer] No CORS support for media elements
https://bugs.webkit.org/show_bug.cgi?id=99037

Patch by Youenn Fablet <youenn.fablet@crf.canon.fr> on 2014-04-13
Reviewed by Philippe Normand.

Source/WebCore:

Added CORS access control check to media sources when crossorigin attribute is set.

Added getter to CORS access control check status (used to compute whether the stream is tainted or not).
Related test is http/tests/security/video-cross-origin-readback.html.

Disabled access to cross-origin streams that fail CORS check when crossorigin attribute is set.
Related test is http/tests/security/video-cross-origin-accessfailure.html.

Tests: http/tests/security/video-cross-origin-accessfailure.html
       http/tests/security/video-cross-origin-accesssameorigin.html

* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
(WebCore::MediaPlayerPrivateGStreamer::didPassCORSAccessCheck): Return whether media is cross-origin (tainted) or not by querying the gstreamer source layer.
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Added MediaPlayerPrivateGStreamer::didPassCORSAccessCheck declaration.
* platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
(webKitWebSrcStart): Passed CORS mode parameter to the streaming client. In case of CORS check failure, stop the resource loading.
(webKitSrcPassedCORSAccessCheck): Return whether CORS access control check was done and successful.
(StreamingClient::handleResponseReceived): Take a parameter to assign the CORS access control check result.
(CachedResourceStreamingClient::CachedResourceStreamingClient): Updated setting of the ResourceLoaderOptions according CORS mode.
(CachedResourceStreamingClient::responseReceived): Check CORS and pass result to handleResponseReceived.
(ResourceHandleStreamingClient::didReceiveResponse): No CORS check.
* platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Added webKitSrcPassedCORSAccessCheck declaration.

LayoutTests:

http/tests/security/video-cross-origin-accessfailure.html verifies that cross-origin streams that fail CORS check
are not played when crossorigin attribute is set.
 http/tests/security/video-cross-origin-accesssameorigin.html verifies that access to same-origin streams
are played when crossorigin attribute is set.

* http/tests/security/video-cross-origin-accessfailure-expected.txt: Added.
* http/tests/security/video-cross-origin-accessfailure.html: Added.
* http/tests/security/video-cross-origin-accesssameorigin-expected.txt: Added.
* http/tests/security/video-cross-origin-accesssameorigin.html: Added.
* platform/efl/TestExpectations: Enabled http/tests/security/video-cross-origin-readback.html.
* platform/gtk/TestExpectations: Ditto.
* platform/mac/TestExpectations: Disabled http/tests/security/video-cross-origin-accessfailure.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167193 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoREGRESSION (r166860): ASSERTION FAILED: !isCalculated() on fast/css/image-set-value...
darin@apple.com [Sun, 13 Apr 2014 08:05:57 +0000 (08:05 +0000)]
REGRESSION (r166860): ASSERTION FAILED: !isCalculated() on fast/css/image-set-value-not-removed-crash.html
https://bugs.webkit.org/show_bug.cgi?id=131480

Reviewed by Andreas Kling.

Source/WebCore:

Fixes intermittent assertion failure in fast/css/image-set-value-not-removed-crash.html.

* css/CSSComputedStyleDeclaration.cpp:
(WebCore::valueForImageSliceSide): Added. Helper used below in valueForNinePieceImageSlice.
Handles calculated values by returning 0; incorrect but predictable.
(WebCore::valueForNinePieceImageSlice): Updated to call valueForImageSliceSide.
(WebCore::positionOffsetValue): Use nullptr.
(WebCore::ComputedStyleExtractor::propertyValue): Updated to call positionOffsetValue
by its new name. Removed "get" from the name.
(WebCore::positionOffsetValue): Renamed from getPositionOffsetValue.

* platform/Length.h: Made isCalculated public.

LayoutTests:

* platform/mac/TestExpectations: Unskip the test now that the assertion is fixed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167192 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoMake slow-stress tests run faster by running fewer VM variants.
fpizlo@apple.com [Sun, 13 Apr 2014 01:50:18 +0000 (01:50 +0000)]
Make slow-stress tests run faster by running fewer VM variants.

Rubber stamped by Geoffrey Garen.

Tools:

* Scripts/run-javascriptcore-tests:
* Scripts/run-jsc-stress-tests:

LayoutTests:

* jsc-layout-tests.yaml:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167191 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFix the iOS build after r167183.
aestes@apple.com [Sat, 12 Apr 2014 23:59:35 +0000 (23:59 +0000)]
Fix the iOS build after r167183.

* platform/network/ResourceHandle.h:
* platform/network/cf/ResourceHandleCFNet.cpp:
(WebCore::ResourceHandle::schedule):
(WebCore::ResourceHandle::unschedule):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167190 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoMath.fround() should be an intrinsic
fpizlo@apple.com [Sat, 12 Apr 2014 23:01:33 +0000 (23:01 +0000)]
Math.fround() should be an intrinsic
https://bugs.webkit.org/show_bug.cgi?id=131583

Source/JavaScriptCore:

Reviewed by Geoffrey Garen.

Makes programs that use Math.fround() run up to 6x faster.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsic):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileArithFRound):
* runtime/Intrinsic.h:
* runtime/MathObject.cpp:
(JSC::MathObject::finishCreation):

LayoutTests:

Reviewed by Geoffrey Garen.

This test runs 4.4635x faster with the intrinsic.

* js/regress/fround-expected.txt: Added.
* js/regress/fround.html: Added.
* js/regress/script-tests/fround.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167189 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS] Move QuickLookHandle from ResourceLoader to WebResourceLoader
aestes@apple.com [Sat, 12 Apr 2014 21:06:17 +0000 (21:06 +0000)]
[iOS] Move QuickLookHandle from ResourceLoader to WebResourceLoader
https://bugs.webkit.org/show_bug.cgi?id=131580

Reviewed by Darin Adler.

There's no need to bloat WebKit1's ResourceLoader with a pointer that
only WebKit2's WebResourceLoader cares about.

Source/WebCore:

* loader/ResourceLoader.h:
(WebCore::ResourceLoader::quickLookHandle): Deleted.
(WebCore::ResourceLoader::setQuickLookHandle): Deleted.

Source/WebKit2:

* WebProcess/Network/WebResourceLoader.cpp:
(WebKit::WebResourceLoader::didReceiveResponseWithCertificateInfo):
(WebKit::WebResourceLoader::didReceiveData):
(WebKit::WebResourceLoader::didFinishResourceLoad):
(WebKit::WebResourceLoader::didFailResourceLoad):
* WebProcess/Network/WebResourceLoader.h:
* WebProcess/ios/WebResourceLoaderIOS.mm:
(WebKit::WebResourceLoader::setUpQuickLookHandleIfNeeded):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167188 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFTL should use stackmap register liveness
fpizlo@apple.com [Sat, 12 Apr 2014 20:41:41 +0000 (20:41 +0000)]
FTL should use stackmap register liveness
https://bugs.webkit.org/show_bug.cgi?id=130791

Reviewed by Goeffrey Garen.

Enable the stackmap register liveness support by fixing the two last bugs:

- If everything is dead after the patchpoint - a good possibility for a put_by_id -
  then we shouldn't crash due to a null scratch buffer.

- Always consider callee-saves as if they were live. More precisely, we should
  consider those callee-saves that are not saved by the enclosing function to be live.
  For now we do the much simpler thing and consider callee-saves to be always live
  since it has minimal impact on the scratch register allocator. It will know not to
  preserve those for calls, anyway.

I tried writing a test for the null scratch buffer thing, but failed. I will land the
test anyway since it seems useful.

* ftl/FTLCompile.cpp:
(JSC::FTL::usedRegistersFor):
* jit/ScratchRegisterAllocator.cpp:
(JSC::ScratchRegisterAllocator::preserveUsedRegistersToScratchBufferForCall):
(JSC::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBufferForCall):
* runtime/Options.h:
* tests/stress/repeated-put-by-id-reallocating-transition.js: Added.
(foo):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167187 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoAX: Cleanup AccessibilityObject::getAttribute
cfleizach@apple.com [Sat, 12 Apr 2014 20:06:14 +0000 (20:06 +0000)]
AX: Cleanup AccessibilityObject::getAttribute
https://bugs.webkit.org/show_bug.cgi?id=131555

Reviewed by Darin Adler.

No new functionality.

* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::getAttribute):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167186 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[SOUP] Libsoup internal credential setting should be controlled by loader decision
commit-queue@webkit.org [Sat, 12 Apr 2014 20:01:45 +0000 (20:01 +0000)]
[SOUP] Libsoup internal credential setting should be controlled by loader decision
https://bugs.webkit.org/show_bug.cgi?id=130963

Patch by Youenn Fablet <youenn.fablet@crf.canon.fr> on 2014-04-12
Reviewed by Darin Adler.

Source/WebCore:

Disabled libsoup internal authentication manager for messages for which no credential is available and no stored credentials should be used.
Updated synchronous loader to return whether using credentials or not according StoredCredential loader option parameter.
Unskipped test http/tests/xmlhttprequest/cross-origin-no-authorization.html covers the patch.

* platform/network/ResourceHandleInternal.h:
(WebCore::ResourceHandleInternal::ResourceHandleInternal): Added m_useAuthenticationManager boolean to control whether disable authentication manager or not.
* platform/network/soup/ResourceHandleSoup.cpp:
(WebCore::WebCoreSynchronousLoader::WebCoreSynchronousLoader): Added m_storedCredentials member.
(WebCore::WebCoreSynchronousLoader::shouldUseCredentialStorage): Return true if stored credentials are allowed.
(WebCore::applyAuthenticationToRequest): Set m_useAuthenticationManager value to disable authentication manager if cannot use stored credentials and ResourceHandleInternal has no username and password.
(WebCore::createSoupMessageForHandleAndRequest): Disable authentication mananger according m_useAuthenticationManager value.
(WebCore::ResourceHandle::platformLoadResourceSynchronously): Added StoredCredentials loader option to the sync loader constructor.

Source/WebKit/efl:

* WebCoreSupport/FrameLoaderClientEfl.cpp:
(WebCore::FrameLoaderClientEfl::shouldUseCredentialStorage): Similarly to GTK, let soup/loader layer handle when to use credential storage. Return always true

LayoutTests:

* platform/efl/TestExpectations: Unskipped http/tests/xmlhttprequest/cross-origin-no-authorization.html.
* platform/gtk/TestExpectations: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167185 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago(before-mar-1-1000) In correct date creation prior to 1 Mar 1000
commit-queue@webkit.org [Sat, 12 Apr 2014 19:34:04 +0000 (19:34 +0000)]
(before-mar-1-1000) In correct date creation prior to 1 Mar 1000
https://bugs.webkit.org/show_bug.cgi?id=129308

Patch by Tibor Meszaros <tmeszaros.u-szeged@partner.samsung.com> on 2014-04-12
Reviewed by Darin Adler.

* js/date-constructor-expected.txt:
* js/script-tests/date-constructor.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167184 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoSome small loader refinements and refactoring
darin@apple.com [Sat, 12 Apr 2014 19:10:56 +0000 (19:10 +0000)]
Some small loader refinements and refactoring
https://bugs.webkit.org/show_bug.cgi?id=131541

Reviewed by Alexey Proskuryakov.

Cut down on use of ResourceLoader::handle, which always returns null when
using a network process. Also streamlined conditionals and did some other
small refactoring.

* loader/DocumentLoader.h: Use references rather than pointers for SchedulePair.

* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::didChangePriority): Use m_handle instead of handle(),
since we'd like to delete handle() entirely soon.
(WebCore::ResourceLoader::didReceiveAuthenticationChallenge): Ditto.
(WebCore::ResourceLoader::schedule): Added.
(WebCore::ResourceLoader::unschedule): Ditto.
* loader/ResourceLoader.h: Rearranged header to eliminate nested conditionals.
Added schedule and unschedule functions for Mac.

* loader/mac/DocumentLoaderMac.cpp:
(WebCore::scheduleAll): Changed to take a reference and call ResourceLoader::schedule.
(WebCore::unscheduleAll): Ditto.
(WebCore::DocumentLoader::schedule): Ditto.
(WebCore::DocumentLoader::unschedule): Ditto.

* page/mac/PageMac.cpp:
(WebCore::Page::addSchedulePair): Pass a reference rather than a pointer to schedule.
(WebCore::Page::removeSchedulePair): Ditto.

* platform/network/ResourceHandle.h: Did a bit of reformatting and reorganizing of
conditionals.

* platform/network/ResourceHandleInternal.h: Removed a tiny bit of unneeded declaration.

* platform/network/mac/ResourceHandleMac.mm:
(WebCore::ResourceHandle::schedule): Updated to take a reference rather than a pointer.
(WebCore::ResourceHandle::unschedule): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167183 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoDFG::FixupPhase should insert conversion nodes after the rest of fixup so that we...
fpizlo@apple.com [Sat, 12 Apr 2014 18:22:27 +0000 (18:22 +0000)]
DFG::FixupPhase should insert conversion nodes after the rest of fixup so that we know how the types settled
https://bugs.webkit.org/show_bug.cgi?id=131424

Reviewed by Geoffrey Garen.

This defers type conversion injection until we've decided on types. This makes the
process of deciding types a bit more flexible - for example we can naturally fixpoint
and change our minds. Only when things are settled do we actually insert conversions.

This is a necessary prerequisite for keeping double, int52, and JSValue data flow
separate. A SetLocal/GetLocal will appear to be JSValue until we fixpoint and realize
that there are typed uses. If we were eagerly inserting type conversions then we would
first insert a to/from-JSValue conversion in some cases only to then replace it by
the other conversions. It's probably trivial to remove those redundant conversions later
but I think it's better if we don't insert them to begin with.

* bytecode/CodeOrigin.h:
(JSC::CodeOrigin::operator!):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::run):
(JSC::DFG::FixupPhase::fixupBlock):
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
(JSC::DFG::FixupPhase::fixEdge):
(JSC::DFG::FixupPhase::fixIntEdge):
(JSC::DFG::FixupPhase::injectTypeConversionsInBlock):
(JSC::DFG::FixupPhase::injectTypeConversionsForEdge):
(JSC::DFG::FixupPhase::addRequiredPhantom):
(JSC::DFG::FixupPhase::addPhantomsIfNecessary):
(JSC::DFG::FixupPhase::clearPhantomsAtEnd):
(JSC::DFG::FixupPhase::observeUntypedEdge): Deleted.
(JSC::DFG::FixupPhase::fixupUntypedSetLocalsInBlock): Deleted.
(JSC::DFG::FixupPhase::injectInt32ToDoubleNode): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167182 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoMake NodeList.length inline-cacheable by JSC.
akling@apple.com [Sat, 12 Apr 2014 05:59:34 +0000 (05:59 +0000)]
Make NodeList.length inline-cacheable by JSC.
<https://webkit.org/b/131579>

For objects with custom index or name getters, we have to make sure
that builtin properties take precedence. We do this by scanning the
ancestor chain for a suitable property slot before moving on to
named items.

With this patch, we now mark such builtins as cacheable. This is
safe since the whole point of doing this before processing named
items is to ensure the same slot is returned consistently.

Reviewed by Benjamin Poulain.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateGetOwnPropertySlotBody):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167181 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[Mac] Crashes when copying or pasting huge images
ap@apple.com [Sat, 12 Apr 2014 03:09:38 +0000 (03:09 +0000)]
[Mac] Crashes when copying or pasting huge images
https://bugs.webkit.org/show_bug.cgi?id=131576
<rdar://problem/12131833>
<rdar://problem/14427398>

Reviewed by Darin Adler.

Added a few null checks for SharedMemory::create() return value in pasteboard code.
Error handling feels a bit sketchy, but
- I'm not sure what it should look like ideally;
- it matches the kind of error handling we already have in these functions;
- it appears to work reasonably well in practice. We get empty content, which
is not nice, but not particularly problematic either. When copying an animated GIF,
we also get the GIF in RTFD flavor, so even pasting into NSTextViews works!

* Platform/mac/SharedMemoryMac.cpp:
(WebKit::SharedMemory::createFromVMBuffer):
* UIProcess/mac/WebContextMac.mm:
(WebKit::WebContext::getPasteboardBufferForType):
(WebKit::WebContext::readBufferFromPasteboard):
* WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
(WebKit::WebPlatformStrategies::setBufferForType):

* WebProcess/WebCoreSupport/mac/WebDragClientMac.mm: (WebKit::WebDragClient::declareAndWriteDragImage):
Also renamed some variables to prevent name collisions with with nested scope.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167180 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed build fix on the EFL port after r167152
ryuan.choi@samsung.com [Sat, 12 Apr 2014 02:49:02 +0000 (02:49 +0000)]
Unreviewed build fix on the EFL port after r167152

* WebProcess/WebPage/PageOverlay.cpp:
(WebKit::PageOverlay::bounds):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167179 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[WK2] WebProcess crashes, when closing window after opening page by means of context...
commit-queue@webkit.org [Sat, 12 Apr 2014 01:56:06 +0000 (01:56 +0000)]
[WK2] WebProcess crashes, when closing window after opening page by means of context menu
https://bugs.webkit.org/show_bug.cgi?id=131439

Patch by Hyowon Kim <hw1008.kim@samsung.com> on 2014-04-11
Reviewed by Tim Horton.

CoordinatedGraphicsLayer calls notifyFlushRequired() through its client when destroyed.
When PageOverlayController::notifyFlushRequired() is called, the DrawingArea could be null
because it's destoryed in WebPage::close().

* WebProcess/WebPage/PageOverlayController.cpp:
(WebKit::PageOverlayController::notifyFlushRequired): Add null check of m_webPage->drawingArea().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167178 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoLots of compositing test failures after r167152
timothy_horton@apple.com [Sat, 12 Apr 2014 01:24:37 +0000 (01:24 +0000)]
Lots of compositing test failures after r167152
https://bugs.webkit.org/show_bug.cgi?id=131574

Reviewed by Simon Fraser.

* WebProcess/WebPage/PageOverlayController.h:
Skip page overlay layers in layer tree dumps, for consistency between platforms.

* platform/graphics/GraphicsLayer.cpp:
(WebCore::GraphicsLayer::dumpProperties):
We were asking the parent's client whether the child should be dumped,
but really the child's client is the one who should decide.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167177 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoViewportConfiguration::layoutWidth() compute the width incorrectly when initial-scale...
benjamin@webkit.org [Sat, 12 Apr 2014 00:43:37 +0000 (00:43 +0000)]
ViewportConfiguration::layoutWidth() compute the width incorrectly when initial-scale+width do not fit in view
https://bugs.webkit.org/show_bug.cgi?id=131575

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-04-11
Reviewed by Enrica Casucci.

I made a mistake when writing the new viewport code: ViewportConfiguration::layoutWidth() uses m_contentSize in one place.
That make no sense, contentSize depends on the layout width.

* page/ViewportConfiguration.cpp:
(WebCore::ViewportConfiguration::layoutWidth):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167176 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoRemove "numeric index getter" stuff from bindings code generator.
akling@apple.com [Sat, 12 Apr 2014 00:26:02 +0000 (00:26 +0000)]
Remove "numeric index getter" stuff from bindings code generator.
<https://webkit.org/b/131565>

This was used for an earlier generation of typed arrays. Now that JSC
has native typed array support, we're not using this functionality and
can just remove it.

Reviewed by Geoffrey Garen.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateGetOwnPropertySlotBody):
(HasComplexGetOwnProperty):
(InterfaceRequiresAttributesOnInstance):
(InstanceOverridesGetOwnPropertySlot):
(GenerateHeader):
(GenerateImplementation):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167175 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoWeb Replay: code generator should consider enclosing class when computing duplicate...
burg@cs.washington.edu [Sat, 12 Apr 2014 00:25:06 +0000 (00:25 +0000)]
Web Replay: code generator should consider enclosing class when computing duplicate type names
https://bugs.webkit.org/show_bug.cgi?id=131554

Reviewed by Timothy Hatcher.

We need to prepend an enum's enclosing class, if any, so that multiple enums with the same name
can coexist without triggering a "duplicate types" error. Now, such enums must be referenced
by the enclosing class and enum name.

Added tests for the new syntax, and rebaselined one test to reflect a previous patch's change.

* replay/scripts/CodeGeneratorReplayInputs.py:
(Type.type_name): Prepend the enclosing class name.
(Type.type_name.is):
* replay/scripts/tests/expected/fail-on-duplicate-enum-type.json-error: Added.
* replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp: Added.
* replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h: Added.
* replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h: Rebaseline.
* replay/scripts/tests/fail-on-duplicate-enum-type.json: Added.
* replay/scripts/tests/generate-enums-with-same-base-name.json: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167174 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoWeb Replay: consolidate decoding macros used in SerializationMethods
burg@cs.washington.edu [Sat, 12 Apr 2014 00:19:24 +0000 (00:19 +0000)]
Web Replay: consolidate decoding macros used in SerializationMethods
https://bugs.webkit.org/show_bug.cgi?id=131564

Reviewed by Timothy Hatcher.

We can use EncodingTraits<T>::DecodedType to create a local variable
with the appropriate decoded type, rather than special casing.

* replay/SerializationMethods.cpp:
(JSC::EncodingTraits<NondeterministicInputBase>::decodeValue):
(JSC::EncodingTraits<KeypressCommand>::decodeValue):
(JSC::EncodingTraits<PlatformKeyboardEvent>::decodeValue):
(JSC::EncodingTraits<PlatformMouseEvent>::decodeValue):
(JSC::EncodingTraits<PlatformWheelEvent>::decodeValue):
(JSC::EncodingTraits<PluginData>::decodeValue):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167173 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoNeed WK2 API to disable rubber-banding
bdakin@apple.com [Fri, 11 Apr 2014 23:51:36 +0000 (23:51 +0000)]
Need WK2 API to disable rubber-banding
https://bugs.webkit.org/show_bug.cgi?id=131567

Reviewed by Simon Fraser.

Source/WebCore:

Page will now store a vertical and horizontal ScrollElasticity in case the API has
been called before the FrameView even exists.

New Page functions.
* WebCore.exp.in:

Use Page’s cached ScrollElasticity.
* page/FrameView.cpp:
(WebCore::FrameView::FrameView):

If there is already a FrameView, then assign it the new ScrollElasticity.
* page/Page.cpp:
(WebCore::Page::Page):
(WebCore::Page::setVerticalScrollElasticity):
(WebCore::Page::setHorizontalScrollElasticity):
* page/Page.h:
(WebCore::Page::verticalScrollElasticity):
(WebCore::Page::horizontalScrollElasticity):

Source/WebKit2:

New API allows the client to enable/disable horizontal or vertical rubber-banding.
By default, rubber-banding is enabled.
* UIProcess/API/C/WKPage.cpp:
(WKPageVerticalRubberBandingIsEnabled):
(WKPageSetEnableVerticalRubberBanding):
(WKPageHorizontalRubberBandingIsEnabled):
(WKPageSetEnableHorizontalRubberBanding):
* UIProcess/API/C/WKPage.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::setEnableVerticalRubberBanding):
(WebKit::WebPageProxy::verticalRubberBandingIsEnabled):
(WebKit::WebPageProxy::setEnableHorizontalRubberBanding):
(WebKit::WebPageProxy::horizontalRubberBandingIsEnabled):
* UIProcess/WebPageProxy.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::setEnableVerticalRubberBanding):
(WebKit::WebPage::setEnableHorizontalRubberBanding):
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/WebPage.messages.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167172 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFix the Mac build.
timothy_horton@apple.com [Fri, 11 Apr 2014 23:50:03 +0000 (23:50 +0000)]
Fix the Mac build.

* WebProcess/WebPage/FindController.cpp:
(WebKit::FindController::updateFindIndicator):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167171 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoREGRESSION(167145): Many media tests fail
mrobinson@webkit.org [Fri, 11 Apr 2014 23:49:32 +0000 (23:49 +0000)]
REGRESSION(167145): Many media tests fail
https://bugs.webkit.org/show_bug.cgi?id=131569

Reviewed by Brent Fulgham.

* PlatformGTK.cmake: Add the localized strings file to the list of user agent scripts.
* platform/gtk/RenderThemeGtk.cpp:
(WebCore::RenderThemeGtk::mediaControlsScript): Include the localized strings file in the script body.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167170 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS WebKit2] Find-in-page indicator
timothy_horton@apple.com [Fri, 11 Apr 2014 23:31:27 +0000 (23:31 +0000)]
[iOS WebKit2] Find-in-page indicator
https://bugs.webkit.org/show_bug.cgi?id=131510
<rdar://problem/16547777>

Reviewed by Simon Fraser and Enrica Casucci.

* WebKit2.xcodeproj/project.pbxproj:
* WebProcess/WebPage/FindController.cpp:
(WebKit::FindController::updateFindUIAfterPageScroll):
WebKit2 will clear the selection if we reveal it while not enabling selection painting.
So, avoid revealing it.

(WebKit::FindController::findString):
(WebKit::FindController::hideFindIndicator):
(WebKit::FindController::willFindString):
(WebKit::FindController::didFailToFindString):
(WebKit::FindController::didHideFindIndicator):
#if out the cross-platform find indicator code on iOS; it will be replaced
by the code in FindControllerIOS.

* WebProcess/WebPage/FindController.h:

* WebProcess/WebPage/ios/FindControllerIOS.mm: Added.
(highlightColor):
(WebKit::FindIndicatorOverlayClientIOS::drawRect):
Paint the selection (with black text forced on), and the yellow rounded rect
into the indicator page overlay.

(WebKit::FindController::updateFindIndicator):
Create or update a small document-relative page overlay in the selection rect.

(WebKit::FindController::hideFindIndicator):
(WebKit::FindController::willFindString):
(WebKit::FindController::didFailToFindString):
(WebKit::FindController::didHideFindIndicator):
Add willFindString, didFailToFindString, and didHideFindIndicator functions.
They do nothing, except on iOS where they are used to prevent selection change
messages from being dispatched while using find-in-page, and to force
WebCore to compute a selection rect (via updateAppearance) despite the selection not being painted.

* WebProcess/WebPage/ios/FindIndicatorOverlayClientIOS.h:
(WebKit::FindIndicatorOverlayClientIOS::setFrame):

* editing/Editor.cpp:
(WebCore::Editor::findString):
* editing/FindOptions.h:
Add a find option which prevents WebCore from revealing the selection
after selecting a successful find match.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167169 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[GTK] Add HighDPI support for non-accelerated compositing contents
commit-queue@webkit.org [Fri, 11 Apr 2014 23:20:27 +0000 (23:20 +0000)]
[GTK] Add HighDPI support for non-accelerated compositing contents
https://bugs.webkit.org/show_bug.cgi?id=131562

Patch by Owen Taylor <otaylor@redhat.com> on 2014-04-11
Reviewed by Martin Robinson.

Source/WebCore:

No new tests. This will be tested once we have the proper dependencies in the WebKit testing
JHBuild.

* platform/cairo/WidgetBackingStore.h:
(WebCore::WidgetBackingStore::WidgetBackingStore): Accept a device scale argument.
* platform/cairo/WidgetBackingStoreCairo.cpp: Use the device scale argument to make the surface the proper size and set the surface device scale.
* platform/cairo/WidgetBackingStoreCairo.h: Accept a device scale argument.
* platform/graphics/cairo/CairoUtilities.cpp: Add a new helper to set the device scale if Cairo built against is new enough.
* platform/graphics/cairo/CairoUtilities.h:
* platform/gtk/GtkVersioning.h: Add the HAVE_GTK_SCALE_FACTOR macro.
* platform/gtk/WidgetBackingStoreGtkX11.cpp: Use the device scale argument to make the surface the proper size and set the surface device scale.
* platform/gtk/WidgetBackingStoreGtkX11.h: Accept a device scale argument.

Source/WebKit2:

* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(scaleFactorChanged): Added this callback to pass scale changes to the page proxy.
(webkitWebViewBaseCreateWebPage): Attach the callback to the notify signal.
* UIProcess/cairo/BackingStoreCairo.cpp:
(WebKit::createBackingStoreForGTK): Pass the scale factor to the WebCore backing store.
(WebKit::BackingStore::incorporateUpdate): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167168 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoAssertion failure changing select element size during focus event
jhoneycutt@apple.com [Fri, 11 Apr 2014 23:09:39 +0000 (23:09 +0000)]
Assertion failure changing select element size during focus event
dispatch
<https://bugs.webkit.org/show_bug.cgi?id=131566>
<rdar://problem/16400735>

Reviewed by Andy Estes.

Source/WebCore:

Test: fast/forms/select-change-size-during-focus.html

* html/HTMLSelectElement.cpp:
(WebCore::HTMLSelectElement::listBoxDefaultEventHandler):
Adopt the fix from Chromium r171216; check that the renderer is still
of the expected type, and return early if it is not.

LayoutTests:

* fast/forms/select-change-size-during-focus-expected.txt: Added.
* fast/forms/select-change-size-during-focus.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167167 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoClear sibling floats while splitting inline flow
bjonesbe@adobe.com [Fri, 11 Apr 2014 22:46:02 +0000 (22:46 +0000)]
Clear sibling floats while splitting inline flow
https://bugs.webkit.org/show_bug.cgi?id=130905

Reviewed by David Hyatt.

Source/WebCore:

This is a port of a Blink patch by kenrb@chromium.org.
(https://src.chromium.org/viewvc/blink?revision=169658&view=revision)

During RenderInline::splitFlow(), floats are cleared on an anonymous
containingBlock() for the inline being split. This is a problem if
siblings of the block contain references to the same floats, since the
float removal code in markSiblingsWithFloatsForLayout() will not later
find them.

This change also affects RenderBlock::splitFlow() and
RenderBoxModelObject::moveChildrenTo, since those are called in
similar situations as RenderInline::splitFlow().

Test: fast/block/float/split-inline-sibling-of-float-crash.html

* rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::removeFloatingObjects): Add call to
    markSiblingsWithFloatsForLayout() before removing floats.

LayoutTests:

This test will only crash if run with Address Sanitizer or some other
address checking tool.

* fast/block/float/split-inline-sibling-of-float-crash-expected.txt: Added.
* fast/block/float/split-inline-sibling-of-float-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167166 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoRollout - Rewrite Function.bind as a builtin
barraclough@apple.com [Fri, 11 Apr 2014 22:38:22 +0000 (22:38 +0000)]
Rollout - Rewrite Function.bind as a builtin
https://bugs.webkit.org/show_bug.cgi?id=131083

Unreviewed.

Rolling out r167020 while investigating a performance regression.

Source/JavaScriptCore:

* API/JSObjectRef.cpp:
(JSObjectMakeConstructor):
* API/JSScriptRef.cpp:
(parseScript):
* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::createBuiltinExecutable):
* builtins/Function.prototype.js:
(apply):
(bind.bindingFunction): Deleted.
(bind.else.bindingFunction): Deleted.
(bind): Deleted.
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::generateFunctionCodeBlock):
* bytecompiler/NodesCodegen.cpp:
(JSC::InstanceOfNode::emitBytecode):
* interpreter/Interpreter.cpp:
* parser/Lexer.cpp:
(JSC::Lexer<T>::Lexer):
(JSC::Lexer<LChar>::parseIdentifier):
(JSC::Lexer<UChar>::parseIdentifier):
* parser/Lexer.h:
* parser/Parser.cpp:
(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::parseInner):
* parser/Parser.h:
(JSC::parse):
* parser/ParserModes.h:
* runtime/ArgumentsIteratorConstructor.cpp:
(JSC::ArgumentsIteratorConstructor::finishCreation):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::finishCreation):
* runtime/BooleanConstructor.cpp:
(JSC::BooleanConstructor::finishCreation):
* runtime/CodeCache.cpp:
(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):
* runtime/CommonIdentifiers.h:
* runtime/Completion.cpp:
(JSC::checkSyntax):
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::finishCreation):
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::finishCreation):
* runtime/Executable.cpp:
(JSC::ProgramExecutable::checkSyntax):
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::finishCreation):
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::addFunctionProperties):
(JSC::functionProtoFuncBind):
* runtime/JSArrayBufferConstructor.cpp:
(JSC::JSArrayBufferConstructor::finishCreation):
* runtime/JSBoundFunction.cpp: Added.
(JSC::boundFunctionCall):
(JSC::boundFunctionConstruct):
(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::destroy):
(JSC::JSBoundFunction::customHasInstance):
(JSC::JSBoundFunction::JSBoundFunction):
(JSC::JSBoundFunction::finishCreation):
(JSC::JSBoundFunction::visitChildren):
* runtime/JSBoundFunction.h: Added.
(JSC::JSBoundFunction::targetFunction):
(JSC::JSBoundFunction::boundThis):
(JSC::JSBoundFunction::boundArgs):
(JSC::JSBoundFunction::createStructure):
* runtime/JSFunction.cpp:
(JSC::RetrieveCallerFunctionFunctor::RetrieveCallerFunctionFunctor):
(JSC::RetrieveCallerFunctionFunctor::operator()):
(JSC::retrieveCallerFunction):
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::getOwnNonIndexPropertyNames):
(JSC::JSFunction::put):
(JSC::JSFunction::defineOwnProperty):
* runtime/JSGenericTypedArrayViewConstructorInlines.h:
(JSC::JSGenericTypedArrayViewConstructor<ViewClass>::finishCreation):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncSetTypeErrorAccessor): Deleted.
* runtime/JSGlobalObjectFunctions.h:
* runtime/JSObject.cpp:
(JSC::JSObject::putDirectPrototypeProperty): Deleted.
(JSC::JSObject::putDirectPrototypePropertyWithoutTransitions): Deleted.
* runtime/JSObject.h:
* runtime/JSPromiseConstructor.cpp:
(JSC::JSPromiseConstructor::finishCreation):
* runtime/MapConstructor.cpp:
(JSC::MapConstructor::finishCreation):
* runtime/MapIteratorConstructor.cpp:
(JSC::MapIteratorConstructor::finishCreation):
* runtime/NameConstructor.cpp:
(JSC::NameConstructor::finishCreation):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::finishCreation):
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::finishCreation):
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::finishCreation):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::finishCreation):
* runtime/SetConstructor.cpp:
(JSC::SetConstructor::finishCreation):
* runtime/SetIteratorConstructor.cpp:
(JSC::SetIteratorConstructor::finishCreation):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::finishCreation):
* runtime/WeakMapConstructor.cpp:
(JSC::WeakMapConstructor::finishCreation):

Source/WebCore:

* bindings/js/JSImageConstructor.cpp:
(WebCore::JSImageConstructor::finishCreation):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateConstructorHelperMethods):
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
(WebCore::JSTestActiveDOMObjectConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
(WebCore::JSTestCustomNamedGetterConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
(WebCore::JSTestEventConstructorConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
(WebCore::JSTestEventTargetConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestException.cpp:
(WebCore::JSTestExceptionConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
(WebCore::JSTestGenerateIsReachableConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterfaceConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
(WebCore::JSTestNamedConstructorConstructor::finishCreation):
(WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestNode.cpp:
(WebCore::JSTestNodeConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::JSTestObjConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
(WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
(WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
(WebCore::JSTestTypedefsConstructor::finishCreation):
* bindings/scripts/test/JS/JSattribute.cpp:
(WebCore::JSattributeConstructor::finishCreation):
* bindings/scripts/test/JS/JSreadonly.cpp:
(WebCore::JSreadonlyConstructor::finishCreation):

LayoutTests:

* js/dom/function-bind-expected.txt:
* js/regress/function-bind-expected.txt: Removed.
* js/regress/function-bind.html: Removed.
* js/regress/script-tests/function-bind.js: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167165 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[WK2] Dispatch to main thread's run loop to handle cookie requests.
jer.noble@apple.com [Fri, 11 Apr 2014 22:36:37 +0000 (22:36 +0000)]
[WK2] Dispatch to main thread's run loop to handle cookie requests.
https://bugs.webkit.org/show_bug.cgi?id=131524

Reviewed by Brady Eidson.

When using synchronous network APIs from the main thread (e.g., -[NSImage
initWithContentsOfURL:]) our cookie shim would attempt to dispath_async
to the main thread to handle the cookie request, and block against the original
request. CFNetwork is still servicing the run loop however, so rather than
dispatch_async to the main queue, use the RunLoop to dispatch to the main thread.

* Shared/mac/CookieStorageShim.mm:
(-[WKNSURLSessionLocal _getCookieHeadersForTask:completionHandler:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167164 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoBuild Fix after r167151.
mmaxfield@apple.com [Fri, 11 Apr 2014 22:23:38 +0000 (22:23 +0000)]
Build Fix after r167151.

Unreviewed.

* editing/AlternativeTextController.cpp:
(WebCore::AlternativeTextController::applyAlternativeTextToRange):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167162 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[EME][Mac] Using KeySession.update([renew]) should trigger KeyMessage event instead...
jer.noble@apple.com [Fri, 11 Apr 2014 22:17:52 +0000 (22:17 +0000)]
[EME][Mac] Using KeySession.update([renew]) should trigger KeyMessage event instead of NeedKey event
https://bugs.webkit.org/show_bug.cgi?id=131527

Reviewed by Eric Carlson.

Rather than triggering a needKey() event, necessatating the creation
of an entirely new MediaKeySession, cause a new key request to be
created by sending the same initData back into the AVSampleDataParser.

Also, do some drive-by clean up suggested by Darin in the review for
r166509.

* platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm:
(WebCore::isEqual): Support an alloc-free equality check between
    Uint8Array and static strings.
(WebCore::CDMSessionMediaSourceAVFObjC::update):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167161 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoBuild fix (r167151): Do not dereference Node::document() before passing to Range...
ddkilzer@apple.com [Fri, 11 Apr 2014 22:13:46 +0000 (22:13 +0000)]
Build fix (r167151): Do not dereference Node::document() before passing to Range::create()
<https://webkit.org/b/131475>

Fixes the following build failure:

    WebCore/editing/AlternativeTextController.cpp:275:71: error: indirection requires pointer operand ('WebCore::Document' invalid)
        int paragraphStartIndex = TextIterator::rangeLength(Range::create(*rootNode.document(), &rootNode, 0, paragraphRangeContainingCorrection.get()->startContainer(), paragraphRangeContainingCorrection.get()->startOffset()).get());
                                                                          ^~~~~~~~~~~~~~~~~~~~

* editing/AlternativeTextController.cpp:
(WebCore::AlternativeTextController::applyAlternativeTextToRange):
Remove unneeded '*' operator since Node::document() returns a
Document& and Range::create() accepts a Document& for its first
argument.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167160 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoWeb Replay: memoize nondeterministic attributes of the Navigator interface
burg@cs.washington.edu [Fri, 11 Apr 2014 22:01:04 +0000 (22:01 +0000)]
Web Replay: memoize nondeterministic attributes of the Navigator interface
https://bugs.webkit.org/show_bug.cgi?id=131340

Reviewed by Timothy Hatcher.

.:

* ManualTests/inspector/replay-window-navigator-basic.html: Added.

Source/WebCore:

Most attributes of window.navigator do not change very often, but they
could be easily changed by the user or embedder. So, memoize attribute values.

This change does not include navigator.mimeTypes and navigator.plugins,
which will be handled at a different level. <https://webkit.org/b/131341>

Test: ManualTests/inspector/replay-window-navigator-basic.html

* page/Navigator.idl: Add Nondeterministic attribute.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167157 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoMake the stylebot happier with r167154.
timothy_horton@apple.com [Fri, 11 Apr 2014 21:56:45 +0000 (21:56 +0000)]
Make the stylebot happier with r167154.

* UIProcess/PageClient.h:
* UIProcess/WebPageProxy.h:
* UIProcess/ios/PageClientImplIOS.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167155 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS WebKit2] Expose a simplified zoom-to-rect to the WebProcess
timothy_horton@apple.com [Fri, 11 Apr 2014 21:55:04 +0000 (21:55 +0000)]
[iOS WebKit2] Expose a simplified zoom-to-rect to the WebProcess
https://bugs.webkit.org/show_bug.cgi?id=131563

Reviewed by Simon Fraser.

* UIProcess/PageClient.h:
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in:
* UIProcess/ios/PageClientImplIOS.h:
* UIProcess/ios/PageClientImplIOS.mm:
(WebKit::PageClientImpl::zoomToRect):
* UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::zoomToRect):
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::zoomToRect):
Add a simple message that calls WKContentView's zoom-to-rect code given just a rect and min/max scale.
We will use the center of the rect as the zoom origin, and will try to show the whole rect.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167154 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS][WK2] Videos should animate into and out of fullscreen.
jer.noble@apple.com [Fri, 11 Apr 2014 21:50:42 +0000 (21:50 +0000)]
[iOS][WK2] Videos should animate into and out of fullscreen.
https://bugs.webkit.org/show_bug.cgi?id=131497

Reviewed by Simon Fraser.

Source/WebCore:

Use AVPlayerViewController's new enterFullScreenWithCompletionHandler: and exitFullScreenWithCompletionHandler:
methods to animate into and out of full screen. To do so, use the provided initialFrame and finalFrame screen
rects to correctly place the AVPlayerViewController's view before entering or exiting fullscreen.

* platform/ios/WebVideoFullscreenControllerAVKit.mm:
(-[WebVideoFullscreenController enterFullscreen:]): Pass the media element's screen rect.
(-[WebVideoFullscreenController exitFullscreen]): Ditto.
* platform/ios/WebVideoFullscreenInterfaceAVKit.h:
* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(-[WebAVPlayerController playerViewController:shouldExitFullScreenWithReason:]): Renamed from shouldDismissWithReason.
(WebVideoFullscreenInterfaceAVKit::enterFullscreen): Use the new AVKit APIs.
(WebVideoFullscreenInterfaceAVKit::exitFullscreen): Ditto.
* WebCore.exp.in: Modify the exported symbols for enter and exitFullscreen.

Source/WebKit2:

Pass a starting rect for the enterFullscreen animation and an ending rect
for the exitFullscreen animation.

* UIProcess/ios/WebVideoFullscreenManagerProxy.h:
* UIProcess/ios/WebVideoFullscreenManagerProxy.messages.in:
* UIProcess/ios/WebVideoFullscreenManagerProxy.mm:
(WebKit::WebVideoFullscreenManagerProxy::enterFullscreenWithID): Pass initialFrame.
* WebProcess/ios/WebVideoFullscreenManager.mm:
(WebKit::screenRectOfContents): Casts node -> element and returns its screenRect().
(WebKit::WebVideoFullscreenManager::enterFullscreenForNode): Pass initialFrame.
(WebKit::WebVideoFullscreenManager::exitFullscreenForNode): Pass finalFrame.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167153 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoSupport document-relative and custom-frame page overlays
timothy_horton@apple.com [Fri, 11 Apr 2014 21:41:28 +0000 (21:41 +0000)]
Support document-relative and custom-frame page overlays
https://bugs.webkit.org/show_bug.cgi?id=131560
<rdar://problem/16595556>

Reviewed by Simon Fraser.

Add "document-relative" overlays, which attach to (and scroll with) the document,
and can be given a frame rect within the document to avoid overallocation of backing store.

* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::didChangeScrollOffset):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::mainFrame):
(WebKit::WebPage::mainFrameView):
(WebKit::WebPage::didChangeScrollOffsetForFrame):
* WebProcess/WebPage/WebPage.h:
Let the PageOverlayController know *which* frame scrolled, instead of "any frame".

* WebProcess/WebPage/FindController.cpp:
(WebKit::FindController::updateFindUIAfterPageScroll):
Factor out shared code.

(WebKit::FindController::willMoveToWebPage):
(WebKit::FindController::drawRect):
We can use clearRect() instead of a transparency layer and fillRect().
I've looked through all the other overlay clients I know of and none of them
depend on having a transparency layer at the overlay level.

* WebProcess/WebPage/PageOverlay.cpp:
(WebKit::PageOverlay::create):
(WebKit::PageOverlay::PageOverlay):
(WebKit::PageOverlay::bounds):
(WebKit::PageOverlay::frame):
(WebKit::PageOverlay::setFrame):
(WebKit::PageOverlay::drawRect):
Add OverlayType, which allows creation of Document or View relative overlays.
All overlays up to this point are View relative, so we default to that.
Document-relative overlays scroll with the page instead of repainting as
the page scrolls. They can also be given an explicit frame, allowing them
to be smaller than the entire document.

* WebProcess/WebPage/PageOverlay.h:
(WebKit::PageOverlay::overlayType):
(WebKit::PageOverlay::webPage):
(WebKit::PageOverlay::client): Deleted.
* WebProcess/WebPage/PageOverlayController.cpp:
(WebKit::PageOverlayController::initialize):
(WebKit::PageOverlayController::installPageOverlay):
(WebKit::PageOverlayController::uninstallPageOverlay):
(WebKit::PageOverlayController::updateForceSynchronousScrollLayerPositionUpdates):
(WebKit::updateOverlayGeometry):
(WebKit::PageOverlayController::setPageOverlayNeedsDisplay):
(WebKit::PageOverlayController::didChangeViewSize):
(WebKit::PageOverlayController::didChangeDocumentSize):
(WebKit::PageOverlayController::didChangeDeviceScaleFactor):
(WebKit::PageOverlayController::didScrollFrame):
(WebKit::PageOverlayController::flushPageOverlayLayers):
(WebKit::PageOverlayController::didChangeOverlayFrame):
Keep two overlay root layers - one for view-relative
and one for document-relative overlays.
Don't force synchronous scrolling if we only have document-relative overlays.
Update the overlay's position as well as its size whenever necessary.
Update document-relative overlay geometry when the document size changes.
Only explicitly flush view-relative overlays; document-relative ones
are plugged into the WebCore layer tree and flushed along with the page.

* WebProcess/WebPage/PageOverlayController.h:
(WebKit::PageOverlayController::documentOverlayRootLayer):
(WebKit::PageOverlayController::viewOverlayRootLayer):
* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h:
* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:
(WebKit::RemoteLayerTreeDrawingArea::setRootCompositingLayer):
(WebKit::RemoteLayerTreeDrawingArea::mainFrameContentSizeChanged):
* WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:
(WebKit::TiledCoreAnimationDrawingArea::mainFrameContentSizeChanged):
(WebKit::TiledCoreAnimationDrawingArea::setRootCompositingLayer):
Let the PageOverlay controller know when the document size changes.
When we set up compositing, push the document overlay root layer
down into WebCore.

* WebCore.exp.in:
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::RenderLayerCompositor):
(WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
(WebCore::RenderLayerCompositor::setDocumentOverlayRootLayer):
* rendering/RenderLayerCompositor.h:
Add the concept of a document overlay layer, which is plugged in as the
last child of the root content layer. Expose it to WebKit2.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167152 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoAutocorrection causes ASSERT when replacing alternative string
mmaxfield@apple.com [Fri, 11 Apr 2014 21:35:17 +0000 (21:35 +0000)]
Autocorrection causes ASSERT when replacing alternative string
https://bugs.webkit.org/show_bug.cgi?id=131475

Reviewed by Ryosuke Niwa.

In AlternativeTextController::applyAlternativeTextToRange(), we attempt to create
a Range that crosses from outside of a shadow root to inside of one. Instead,
we should keep the Range entirely within the shadow root.

Test: ManualTests/autocorrection/autocorrection-accept-crash.html

* editing/AlternativeTextController.cpp:
(WebCore::AlternativeTextController::applyAlternativeTextToRange):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167151 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[CSS Shapes] shape-outside from image doesn't load properly
hmuller@adobe.com [Fri, 11 Apr 2014 21:27:10 +0000 (21:27 +0000)]
[CSS Shapes] shape-outside from image doesn't load properly
https://bugs.webkit.org/show_bug.cgi?id=131491

Reviewed by Bem Jones-Bey.

Source/WebCore:

Make RenderImage::imageChanged() call super if there's a shape-outside
image because the shape-outside imageChanged() logic is in RenderBox.

Test: http/tests/css/shape-image-file.html

* rendering/RenderElement.h:
(WebCore::RenderElement::hasShapeOutside):
* rendering/RenderImage.cpp:
(WebCore::RenderImage::imageChanged):

LayoutTests:

* http/tests/css/shape-image-file-expected.html: Added.
* http/tests/css/shape-image-file.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167150 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[ASan] Build broke because libCompileRuntimeToLLVMIR.a links to libclang_rt.asan_osx_...
ddkilzer@apple.com [Fri, 11 Apr 2014 21:11:29 +0000 (21:11 +0000)]
[ASan] Build broke because libCompileRuntimeToLLVMIR.a links to libclang_rt.asan_osx_dynamic.dylib
<http://webkit.org/b/131556>
<rdar://problem/16591856>

Reviewed by Brent Fulgham.

* Configurations/CompileRuntimeToLLVMIR.xcconfig: Clear
OTHER_LDFLAGS so the ASan build does not try to link to
libclang_rt.asan_osx_dynamic.dylib.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167149 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoAggregate multiple "respondToChangedSelection" calls to one scan for telephone numbers
beidson@apple.com [Fri, 11 Apr 2014 21:09:13 +0000 (21:09 +0000)]
Aggregate multiple "respondToChangedSelection" calls to one scan for telephone numbers
https://bugs.webkit.org/show_bug.cgi?id=131559

Reviewed by Gavin Barraclough.

No new tests (Perf-only change to an untested feature)

* editing/Editor.cpp:
(WebCore::Editor::Editor):
(WebCore::Editor::respondToChangedSelection): Start a one shot timer for scanSelectionForTelephoneNumbers
  instead of scanning synchronously.
(WebCore::Editor::scanSelectionForTelephoneNumbers):
* editing/Editor.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167148 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoTry to fix windows build.
bfulgham@apple.com [Fri, 11 Apr 2014 21:01:16 +0000 (21:01 +0000)]
Try to fix windows build.

Patch by Antti Koivisto <antti@apple.com> on 2014-04-11

* platform/graphics/ca/GraphicsLayerCA.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167147 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoTry to fix windows build.
antti@apple.com [Fri, 11 Apr 2014 20:58:08 +0000 (20:58 +0000)]
Try to fix windows build.

* platform/graphics/ca/GraphicsLayerCA.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167146 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoRegression: media controls and status messages are no longer localized.
bfulgham@apple.com [Fri, 11 Apr 2014 20:42:14 +0000 (20:42 +0000)]
Regression: media controls and status messages are no longer localized.
https://bugs.webkit.org/show_bug.cgi?id=120956

Reviewed by Jer Noble.

* English.lproj/mediaControlsLocalizedStrings.js: Added.
(mediaControlsLocalizedStrings): Moved from mediaControlsApple.js.
* English.lproj/mediaControlsLocalizedStringsiOS.js: Added.
(mediaControlsLocalizedStringsiOS): Moved from mediaControlsiOS.js.
* Modules/mediacontrols/mediaControlsApple.js:
(Controller.prototype.UIString): Get strings from external file.
* Modules/mediacontrols/mediaControlsiOS.js:
(ControllerIOS.prototype.UIString): Ditto.
* WebCore.vcxproj/copyWebCoreResourceFiles.cmd: Copy to Windows bundle.
* WebCore.xcodeproj/project.pbxproj: Copy new files to bundle.
* rendering/RenderThemeIOS.mm:
(WebCore::RenderThemeIOS::mediaControlsScript): Load the locale-specific
string resource when loading the media controls.
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::mediaControlsScript): Ditto.
* rendering/RenderThemeWin.cpp:
(WebCore::RenderThemeWin::mediaControlsScript): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167145 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[Win] Build fix after r167138
bfulgham@apple.com [Fri, 11 Apr 2014 20:36:20 +0000 (20:36 +0000)]
[Win] Build fix after r167138

* platform/graphics/ca/GraphicsLayerCA.h: The TileController is
only available on Mac/Cocoa builds.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167144 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS WebKit2]: Share NSURLCache directory for webkit processes
psolanki@apple.com [Fri, 11 Apr 2014 20:33:26 +0000 (20:33 +0000)]
[iOS WebKit2]: Share NSURLCache directory for webkit processes
https://bugs.webkit.org/show_bug.cgi?id=131513
<rdar://problem/16420859>

Reviewed by Alexey Proskuryakov.

Use iOS specific NSURLCache API to share the cache directory used by the networking process,
web process and Safari.

* NetworkProcess/cocoa/NetworkProcessCocoa.mm:
(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa):
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167143 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoJSMainThreadExecState::call() should clear exceptions before returning.
mark.lam@apple.com [Fri, 11 Apr 2014 20:24:56 +0000 (20:24 +0000)]
JSMainThreadExecState::call() should clear exceptions before returning.
<https://webkit.org/b/131530>

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Added a version of JSC::call() that return any uncaught exception instead
of leaving it pending in the VM.

As part of this change, I updated various parts of the code base to use the
new API as needed.

* bindings/ScriptFunctionCall.cpp:
(Deprecated::ScriptFunctionCall::call):
- ScriptFunctionCall::call() is only used by the inspector to inject scripts.
  The injected scripts that will include Inspector scripts that should catch
  and handle any exceptions that were thrown.  We should not be seeing any
  exceptions returned from this call.  However, we do have checks for
  exceptions in case there are bugs in the Inspector scripts which allowed
  the exception to leak through.  Hence, it is proper to clear the exception
  here, and only record the fact that an exception was seen (if present).

* bindings/ScriptFunctionCall.h:
* inspector/InspectorEnvironment.h:
* runtime/CallData.cpp:
(JSC::call):
* runtime/CallData.h:

Source/WebCore:

Test: fast/dom/regress-131530.html

Previously, JSMainThreadExecState::call() did not clear any pending
exceptions in the VM before returning.  On returning, the
JSMainThreadExecState destructor may re-enter the VM to notify
MutationObservers.  This may result in a crash because the VM expects
exceptions to be cleared at entry.

We now change JSMainThreadExecState::call() to return the exception
(if present) via an argument, and clear it from the VM before returning.

As part of this change, I updated various parts of the code base to use the
new API as needed.

* bindings/js/JSCallbackData.cpp:
(WebCore::JSCallbackData::invokeCallback):
* bindings/js/JSCustomXPathNSResolver.cpp:
(WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
* bindings/js/JSDOMGlobalObjectTask.cpp:
- Assert that there's no unhandled exception after the Microtask returns.
  See comment for WebCore::JSMainThreadExecState::runTask below for more
  details.

* bindings/js/JSErrorHandler.cpp:
(WebCore::JSErrorHandler::handleEvent):
* bindings/js/JSEventListener.cpp:
(WebCore::JSEventListener::handleEvent):
* bindings/js/JSHTMLDocumentCustom.cpp:
(WebCore::JSHTMLDocument::open):
- Document.open() cannot be the first function on the JS stack.  Hence,
  there is no need to use JSMainThreadExecState to call into the VM, as
  this is only needed to catch the event of returning from the first
  function for the purpose of notifying MutationObservers.  Change to
  call JSC::call() directly.

* bindings/js/JSMainThreadExecState.cpp:
(WebCore::functionCallHandlerFromAnyThread):
* bindings/js/JSMainThreadExecState.h:
(WebCore::JSMainThreadExecState::call):
(WebCore::JSMainThreadExecState::evaluate):
- Remove the explicitly acquisition of the JSLock here because we now
  acquire the JSLock as part of the JSMainThreadExecState instance.
(WebCore::JSMainThreadExecState::runTask):
- Added an assert to verify that the task does not return with an
  unhandled exception.  Currently, the only Microtask in use is for the
  Promise implementation, which will eat the exception before returning.
  This assertion is added here to verify that this contract does not
  inadvertantly change in the future.
(WebCore::JSMainThreadExecState::JSMainThreadExecState):
- Now acquires the JSLock as well since by definition, we're only
  instantiating the JSMainThreadExecState because we're about to enter
  the VM.

* bindings/js/JSMutationCallback.cpp:
(WebCore::JSMutationCallback::call):
* bindings/js/JSNodeFilterCondition.cpp:
(WebCore::JSNodeFilterCondition::acceptNode):
- acceptNode() is only used in the TreeWalker and NodeIterator APIs which
  cannot be the first function on the JS stack.  Hence, we should call
  JSC::call() directly instead of going through JSMainThreadExecState.

* bindings/js/ScheduledAction.cpp:
(WebCore::ScheduledAction::executeFunctionInContext):
* bindings/objc/WebScriptObject.mm:
(WebCore::addExceptionToConsole):
(-[WebScriptObject callWebScriptMethod:withArguments:]):

LayoutTests:

* fast/dom/regress-131530-expected.txt: Added.
* fast/dom/regress-131530.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167142 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[Mac] Add IconServices to WebProcess sandbox profile
ap@apple.com [Fri, 11 Apr 2014 20:22:17 +0000 (20:22 +0000)]
[Mac] Add IconServices to WebProcess sandbox profile
https://bugs.webkit.org/show_bug.cgi?id=131558
<rdar://problem/16552397>

Reviewed by Brady Eidson.

* WebProcess/com.apple.WebProcess.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167141 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoWeb Replay: CodeGeneratorJS should guard includes of replay-related headers
burg@cs.washington.edu [Fri, 11 Apr 2014 20:05:39 +0000 (20:05 +0000)]
Web Replay: CodeGeneratorJS should guard includes of replay-related headers
https://bugs.webkit.org/show_bug.cgi?id=131407

Reviewed by Timothy Hatcher.

This patch adds guards to headers that are only required by generated replay code
that is itself guarded. Other ports probably haven't added the headers to their
build files, so we don't want to emit the unused header includes.

This patch also converts generated uses of DEFINE_STATIC_LOCAL to NeverDestroyed<T>.
Finally, a new bindings test was added to document changes to generated replay code.

Test: Source/WebCore/bindings/scripts/test/TestNondeterministic.idl

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
(GenerateImplementationFunctionCall):

* bindings/scripts/test/GObject/WebKitDOMTestNondeterministic.cpp: Added.
* bindings/scripts/test/GObject/WebKitDOMTestNondeterministic.h: Added.
* bindings/scripts/test/GObject/WebKitDOMTestNondeterministic.symbols: Added.
* bindings/scripts/test/GObject/WebKitDOMTestNondeterministicPrivate.h: Added.
* bindings/scripts/test/JS/JSTestNondeterministic.cpp: Added.
* bindings/scripts/test/JS/JSTestNondeterministic.h: Added.
* bindings/scripts/test/ObjC/DOMTestNondeterministic.h: Added.
* bindings/scripts/test/ObjC/DOMTestNondeterministic.mm: Added.
* bindings/scripts/test/ObjC/DOMTestNondeterministicInternal.h: Added.
* bindings/scripts/test/TestNondeterministic.idl: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167140 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[GTK] Unreviewed GTK gardening.
commit-queue@webkit.org [Fri, 11 Apr 2014 19:04:44 +0000 (19:04 +0000)]
[GTK] Unreviewed GTK gardening.

Support for audio and video tracks was added on r158436. Stop skipping the following tests:
  media/track/audio-track.html
  media/track/video-track.html

Update bug number for media/track/track*in-band*.html tests

Report and update text expectations for new failing tests:
  media/track/track-remove-track.html
  fast/css3-text/css3-text-decoration/text-decoration-skip/text-decoration-skip-ink-svg.html
  media/media-event-listeners.html

Update timeout expectation for media/video-controls-captions.html

Patch by Carlos Alberto Lopez Perez <clopez@igalia.com> on 2014-04-11

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167139 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoPipe initial scale factor to TileController
antti@apple.com [Fri, 11 Apr 2014 18:58:07 +0000 (18:58 +0000)]
Pipe initial scale factor to TileController
https://bugs.webkit.org/show_bug.cgi?id=131521

Reviewed by Tim Horton.

Source/WebCore:

* WebCore.exp.in:
* page/Page.cpp:
(WebCore::Page::Page):
(WebCore::Page::setZoomedOutPageScaleFactor):
* page/Page.h:
(WebCore::Page::zoomedOutPageScaleFactor):
* platform/graphics/GraphicsLayerClient.h:
(WebCore::GraphicsLayerClient::zoomedOutPageScaleFactor):
* platform/graphics/TiledBacking.h:
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::updateContentsScale):
* platform/graphics/ca/GraphicsLayerCA.h:
* platform/graphics/ca/mac/TileController.h:
* platform/graphics/ca/mac/TileController.mm:
(WebCore::TileController::TileController):
(WebCore::TileController::setContentsScale):
(WebCore::TileController::setZoomedOutContentsScale):
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::zoomedOutPageScaleFactor):
* rendering/RenderLayerBacking.h:
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::zoomedOutPageScaleFactor):
* rendering/RenderLayerCompositor.h:

Source/WebKit2:

* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::viewportConfigurationChanged):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167138 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoAdd BuiltinLog function to make debugging builtins easier
oliver@apple.com [Fri, 11 Apr 2014 18:39:22 +0000 (18:39 +0000)]
Add BuiltinLog function to make debugging builtins easier
https://bugs.webkit.org/show_bug.cgi?id=131550

Reviewed by Andreas Kling.

Add a logging function that builtins can use for debugging.

* runtime/CommonIdentifiers.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncBuiltinLog):
* runtime/JSGlobalObjectFunctions.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167137 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoAX: WebProcess at com.apple.WebCore: WebCore::AXObjectCache::rootObject + 18
cfleizach@apple.com [Fri, 11 Apr 2014 18:23:31 +0000 (18:23 +0000)]
AX: WebProcess at com.apple.WebCore: WebCore::AXObjectCache::rootObject + 18
https://bugs.webkit.org/show_bug.cgi?id=131522

Reviewed by Anders Carlsson.

Protect against documents that have had their render tree destroyed, and no longer return a valid cache.

* WebProcess/WebPage/mac/WKAccessibilityWebPageObjectBase.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167136 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoHeap-use-after-free in WebCore::SpeechSynthesisUtterance::startTime
cfleizach@apple.com [Fri, 11 Apr 2014 18:18:40 +0000 (18:18 +0000)]
Heap-use-after-free in WebCore::SpeechSynthesisUtterance::startTime
https://bugs.webkit.org/show_bug.cgi?id=131482

Reviewed by David Kilzer.

Source/WebCore:

Hold onto the utterance until it has time to fire, in case other references have been removed.

Merged from Blink r171077 by <dmazzoni@chromium.org>

Test: platform/mac/fast/speechsynthesis/speech-synthesis-gc-utterance-crash.html

* Modules/speech/SpeechSynthesis.cpp:
(WebCore::SpeechSynthesis::handleSpeakingCompleted):

LayoutTests:

* platform/mac/fast/speechsynthesis/speech-synthesis-gc-utterance-crash-expected.txt: Added.
* platform/mac/fast/speechsynthesis/speech-synthesis-gc-utterance-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167135 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoAvoid Vector copies in RenderGrid::placeItemsOnGrid()
zandobersek@gmail.com [Fri, 11 Apr 2014 17:56:45 +0000 (17:56 +0000)]
Avoid Vector copies in RenderGrid::placeItemsOnGrid()
https://bugs.webkit.org/show_bug.cgi?id=131452

Reviewed by Sergio Villar Senin.

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid): Take in a const reference to the
Vector object. Make the for-loop that iterates through it range-based.
(WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Ditto.
* rendering/RenderGrid.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167134 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoWeb Inspector: Remove shared PageScriptDebugServer, create per-Page
commit-queue@webkit.org [Fri, 11 Apr 2014 17:48:21 +0000 (17:48 +0000)]
Web Inspector: Remove shared PageScriptDebugServer, create per-Page
https://bugs.webkit.org/show_bug.cgi?id=131523

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-04-11
Reviewed by Timothy Hatcher.

Having a shared PageScriptDebugServer was causing issues when we called
JSC::Debugger::clearBreakpoints() closing one inspector while another
is open for another WebCore::Page in the same process. Having the same
JSC::Debugger underlying multiple InspectorDebuggerAgent instances
means that when clearBreakpoints is called, the real JSC breakpoints
underlying other InspectorDebuggerAgent's get removed. When those
InspectorDebuggerAgents attempt to remove their breakpoints they
encounter unexpected issues.

This entirely rebuilds PageScriptDebugServer to be per-Page instead
of shared across all pages. So take this opportunity to move the
file from WebCore/bindings/js to WebCore/inspector.

* CMakeLists.txt:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSBindingsAllInOne.cpp:
* bindings/js/PageScriptDebugServer.h: Removed.
* inspector/InspectorAllInOne.cpp:
Move PageScriptDebugServer.

* inspector/InspectorController.h:
* inspector/InspectorController.cpp:
(WebCore::InspectorController::InspectorController):
Set the ScriptDebugServer directly on some other agents that
were previously using the global debug server.

* inspector/InspectorProfilerAgent.h:
(WebCore::InspectorProfilerAgent::scriptDebugServer):
* inspector/InspectorProfilerAgent.cpp:
(WebCore::InspectorProfilerAgent::InspectorProfilerAgent):
(WebCore::InspectorProfilerAgent::setScriptDebugServer):
(WebCore::InspectorProfilerAgent::start):
(WebCore::InspectorProfilerAgent::willDestroyFrontendAndBackend): Deleted.
* inspector/InspectorTimelineAgent.h:
* inspector/InspectorTimelineAgent.cpp:
(WebCore::InspectorTimelineAgent::start):
(WebCore::InspectorTimelineAgent::stop):
(WebCore::InspectorTimelineAgent::setPageScriptDebugServer):
(WebCore::InspectorTimelineAgent::InspectorTimelineAgent):
Refactor these two agents to take in a script debug server.
The server is expected to be set during initialization and
to always be valid (like debug server on RuntimeAgent).

* inspector/PageDebuggerAgent.h:
* inspector/PageDebuggerAgent.cpp:
(WebCore::PageDebuggerAgent::PageDebuggerAgent):
(WebCore::PageDebuggerAgent::startListeningScriptDebugServer):
(WebCore::PageDebuggerAgent::stopListeningScriptDebugServer):
(WebCore::PageDebuggerAgent::scriptDebugServer):
Have PageDebuggerAgent hold the PageScriptDebugServer.
Update for the simplified interfaces.

* inspector/PageScriptDebugServer.h: Added.
* inspector/PageScriptDebugServer.cpp: Renamed from Source/WebCore/bindings/js/PageScriptDebugServer.cpp.
(WebCore::PageScriptDebugServer::PageScriptDebugServer):
(WebCore::PageScriptDebugServer::addListener):
(WebCore::PageScriptDebugServer::removeListener):
(WebCore::PageScriptDebugServer::recompileAllJSFunctions):
(WebCore::PageScriptDebugServer::didPause):
(WebCore::PageScriptDebugServer::didContinue):
(WebCore::PageScriptDebugServer::runEventLoopWhilePaused):
(WebCore::PageScriptDebugServer::runEventLoopWhilePausedInternal):
(WebCore::PageScriptDebugServer::isContentScript):
(WebCore::PageScriptDebugServer::reportException):
(WebCore::PageScriptDebugServer::setJavaScriptPaused):
Model after JSGlobalObjectScriptDebugServer, the PageScriptDebugServer
holds a reference to a Page.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167133 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[CSS Shapes] inset args and radial args should serialize to the simplest form
betravis@adobe.com [Fri, 11 Apr 2014 17:09:19 +0000 (17:09 +0000)]
[CSS Shapes] inset args and radial args should serialize to the simplest form
https://bugs.webkit.org/show_bug.cgi?id=129825

Reviewed by Dirk Schulze.

Source/WebCore:

Modify inset serialization to omit components where possible. The insets simplify
according to the margin shorthand, while the corner radii simplify according to
the border-radius shorthand.

Modifying existing parsing tests.

* css/CSSBasicShapes.cpp:
(WebCore::buildInsetRadii): Add the necessary radii, omitting components where possible.
(WebCore::buildInsetString): Omit components where possible.

LayoutTests:

Modify tests to use the shortened inset serialization.

* animations/resources/animation-test-helpers.js: Accept shortened inset forms.
* css3/masking/clip-path-animation-expected.txt:
* css3/masking/clip-path-animation.html:
* fast/masking/parsing-clip-path-shape-expected.txt:
* fast/masking/parsing-clip-path-shape.html:
* fast/shapes/parsing/parsing-shape-lengths-expected.txt:
* fast/shapes/parsing/parsing-shape-lengths.html:
* fast/shapes/parsing/parsing-shape-outside-expected.txt:
* fast/shapes/parsing/parsing-test-utils.js:
* fast/shapes/shape-outside-floats/shape-outside-animation-expected.txt:
* fast/shapes/shape-outside-floats/shape-outside-animation.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167132 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago"playbackTime" parameter is not present in AudioProcessingEvent Interface as per...
commit-queue@webkit.org [Fri, 11 Apr 2014 16:52:38 +0000 (16:52 +0000)]
"playbackTime" parameter is not present in AudioProcessingEvent Interface as per W3C spec
https://bugs.webkit.org/show_bug.cgi?id=105518

Patch by Praveen R Jadhav <praveen.j@samsung.com> on 2014-04-11
Reviewed by Jer Noble.

Source/WebCore:

Attribute "playbackTime" in AudioProcessingEvent implemented to pass playback time of
audiobuffer associated with ScriptProcessorNode of the context.

Reference: https://codereview.chromium.org/210973002

Spec: http://www.w3.org/TR/webaudio/#AudioProcessingEvent

Test: webaudio/audioprocessingevent.html

* Modules/webaudio/AudioProcessingEvent.cpp:
(WebCore::AudioProcessingEvent::create):
(WebCore::AudioProcessingEvent::AudioProcessingEvent):
* Modules/webaudio/AudioProcessingEvent.h:
(WebCore::AudioProcessingEvent::playbackTime):
* Modules/webaudio/AudioProcessingEvent.idl:
* Modules/webaudio/ScriptProcessorNode.cpp:
(WebCore::ScriptProcessorNode::fireProcessEvent):

LayoutTests:

Test case added to check AudioProcessingEvent attributes.

* webaudio/audioprocessingevent-expected.txt: Added.
* webaudio/audioprocessingevent.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167131 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[Mac] Prevent crash when exiting fullscreen mode
bfulgham@apple.com [Fri, 11 Apr 2014 16:51:48 +0000 (16:51 +0000)]
[Mac] Prevent crash when exiting fullscreen mode
https://bugs.webkit.org/show_bug.cgi?id=131528

Reviewed by Jer Noble.

* UIProcess/mac/WKFullScreenWindowController.mm:
(-[WKFullScreenWindowController finishedExitFullScreenAnimation:]):
Clean up the _scaleAnimation controller, not just the _fadeAnimation controller.
(-[WKFullScreenWindowController close]): If we are doing an immediate
close of the view, we need to stop animations so we avoid any
final timer events from interacting with invalid window handles.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167130 268f45cc-cd09-0410-ab3c-d52691b4dbfc