WebKit-https.git
3 years ago[macOS] API tests ChangeAttachmentDataUpdatesWithInPlaceDisplay and InPlaceVideoAttac...
wenson_hsieh@apple.com [Sat, 13 Jan 2018 05:30:57 +0000 (05:30 +0000)]
[macOS] API tests ChangeAttachmentDataUpdatesWithInPlaceDisplay and InPlaceVideoAttachmentInsertionWithinList are failing
https://bugs.webkit.org/show_bug.cgi?id=181626

Reviewed by Joseph Pecoraro.

Make the web view for WKAttachmentTests slightly bigger to avoid size clamping behavior introduced in r226915.
Additionally, write a new API test covering the change in r226915.

* TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm:
(webViewForTestingAttachments):
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226935 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoASSERTION FAILED: registration || isTerminating() in WebCore::SWServerWorker::skipWai...
cdumez@apple.com [Sat, 13 Jan 2018 04:09:43 +0000 (04:09 +0000)]
ASSERTION FAILED: registration || isTerminating() in WebCore::SWServerWorker::skipWaiting()
https://bugs.webkit.org/show_bug.cgi?id=181603
<rdar://problem/36476050>

Reviewed by Youenn Fablet.

No new tests, covered by existing tests that crash flakily.

* workers/service/server/SWServer.cpp:
(WebCore::SWServer::terminateWorkerInternal):
If the connection to the context process is gone, make sure we make the worker as terminated
so that it does not stay in Running state and in SWServer::m_runningOrTerminatingWorkers.

* workers/service/server/SWServerRegistration.cpp:
(WebCore::SWServerRegistration::~SWServerRegistration):
Add assertions to make sure none of the registration's workers are still running when
the registration is destroyed.

(WebCore::SWServerRegistration::updateRegistrationState):
Make sure registration workers that are overwritten are not still running.

* workers/service/server/SWServerWorker.cpp:
(WebCore::SWServerWorker::setState):
If a worker's state is set to redundant, make sure we also terminate it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226934 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, speculative build fix after r226899.
wenson_hsieh@apple.com [Sat, 13 Jan 2018 01:11:34 +0000 (01:11 +0000)]
Unreviewed, speculative build fix after r226899.

Add an empty implementation for PageClient::startDrag.

* UIProcess/PageClient.h:
(WebKit::PageClient::startDrag):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226933 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTouch events not received with initial-scale=1 viewport
simon.fraser@apple.com [Sat, 13 Jan 2018 01:03:42 +0000 (01:03 +0000)]
Touch events not received with initial-scale=1 viewport
https://bugs.webkit.org/show_bug.cgi?id=181566
rdar://problem/36460221

Reviewed by Tim Horton.

Add a testcase for this touch event case.

* fast/events/touch/ios/target-taller-than-view-expected.txt: Added.
* fast/events/touch/ios/target-taller-than-view.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226932 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r226927.
commit-queue@webkit.org [Sat, 13 Jan 2018 00:46:06 +0000 (00:46 +0000)]
Unreviewed, rolling out r226927.
https://bugs.webkit.org/show_bug.cgi?id=181621

Breaks 32-bit and iOS release for some reason that i don't
understand yet (Requested by dino on #webkit).

Reverted changeset:

"Use a helper function for checked arithmetic in WebGL
validation"
https://bugs.webkit.org/show_bug.cgi?id=181620
https://trac.webkit.org/changeset/226927

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226931 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoData URL fonts split in the middle of an alphabet cause random letters to disappear
mmaxfield@apple.com [Sat, 13 Jan 2018 00:45:26 +0000 (00:45 +0000)]
Data URL fonts split in the middle of an alphabet cause random letters to disappear
https://bugs.webkit.org/show_bug.cgi?id=175845
<rdar://problem/33996578>

Reviewed by Brent Fulgham.

Source/WebCore:

It is fairly common practice for a font foundry to split a font up into two files such that a semi-random
half of the alphabet is present in one of the files, and the other half is present in the other file. This
practice involves representing the files as data URLs, so as to minimize the time it takes to load them.

Because resource loading is asynchronous (even for data URLs), it is possible today to get a paint after
the first file is loaded but before the second file is loaded. Indeed, because of the way font fallback
works, we will never start loading the second file until a layout has occurred with the first font.

Because a site usually only uses this pattern for a handful of fonts, and I've never seen this pattern
being used for CJK fonts, it isn't very expensive to opportunistically decode these data URLs eagerly.
Using this method doesn't actually guarantee that the two fonts will load in between successive paints,
but it at least makes this much more likely. This patch implements this strategy, along with a size
threshold to make sure that we won't decode any super large data URLs when it isn't necessary.

Test: fast/text/font-load-data-partitioned-alphabet.html

* css/CSSFontFace.cpp:
(WebCore::CSSFontFace::opportunisticallyStartFontDataURLLoading):
* css/CSSFontFace.h:
* css/CSSFontFaceSource.cpp:
(WebCore::CSSFontFaceSource::opportunisticallyStartFontDataURLLoading):
* css/CSSFontFaceSource.h:
* css/CSSFontSelector.cpp:
(WebCore::CSSFontSelector::opportunisticallyStartFontDataURLLoading):
* css/CSSFontSelector.h:
* platform/graphics/FontCascadeFonts.cpp:
(WebCore::opportunisticallyStartFontDataURLLoading):
(WebCore::FontCascadeFonts::glyphDataForVariant):
* platform/graphics/FontSelector.h:

LayoutTests:

Make sure that the requests for both fonts are sent before either of the responses are received.

* fast/text/font-load-data-partitioned-alphabet-expected.txt: Added.
* fast/text/font-load-data-partitioned-alphabet.html: Added.
* platform/mac-wk1/fast/text/font-load-data-partitioned-alphabet-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226930 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoHistory state should be updated during client redirects with asynchronous policy...
achristensen@apple.com [Sat, 13 Jan 2018 00:39:34 +0000 (00:39 +0000)]
History state should be updated during client redirects with asynchronous policy decisions
https://bugs.webkit.org/show_bug.cgi?id=181358
<rdar://problem/35547689>

Reviewed by Andy Estes.

Source/WebCore:

When decidePolicyForNavigationAction is responded to asynchronously during a client redirect,
HistoryController::updateForRedirectWithLockedBackForwardList does not update the history because
the document loader has not been marked as a client redirect because the FrameLoader only looks
at its provisional document loader to mark it as a client redirect.  When decidePolicyForNavigationAction
is responded to asynchronously, though, the FrameLoader's provisional document loader has moved to
its policy document loader.  To get both asynchronous and synchronous cases, let's just mark the document
loader as a client redirect whether it's the provisional or policy document loader.

Covered by a new API test.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadURL):
(WebCore::FrameLoader::loadPostRequest):

Tools:

* TestWebKitAPI/Tests/WebKit/WKBackForwardList.mm:
(-[AsyncPolicyDecisionDelegate webView:didFinishNavigation:]):
(-[AsyncPolicyDecisionDelegate webView:decidePolicyForNavigationAction:decisionHandler:]):
(TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226929 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMove ExitProfile to UnlinkedCodeBlock so it can be shared amongst CodeBlocks backed...
sbarati@apple.com [Sat, 13 Jan 2018 00:36:37 +0000 (00:36 +0000)]
Move ExitProfile to UnlinkedCodeBlock so it can be shared amongst CodeBlocks backed by the same UnlinkedCodeBlock
https://bugs.webkit.org/show_bug.cgi?id=181545

Reviewed by Michael Saboff.

This patch follows the theme of putting optimization profiling information on
UnlinkedCodeBlock. This allows the unlinked code cache to remember OSR exit data.
This often leads to the first compile of a CodeBlock, backed by an UnlinkedCodeBlock
pulled from the code cache, making better compilation decisions, usually
resulting in fewer exits, and fewer recompilations.

This is a 1% Speedometer progression in my testing.

* bytecode/BytecodeDumper.cpp:
(JSC::BytecodeDumper<CodeBlock>::dumpProfilesForBytecodeOffset):
* bytecode/CallLinkStatus.cpp:
(JSC::CallLinkStatus::computeFromLLInt):
(JSC::CallLinkStatus::computeFor):
(JSC::CallLinkStatus::computeExitSiteData):
(JSC::CallLinkStatus::computeDFGStatuses):
* bytecode/CallLinkStatus.h:
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addFrequentExitSite): Deleted.
(JSC::CodeBlock::hasExitSite const): Deleted.
(JSC::CodeBlock::exitProfile): Deleted.
* bytecode/DFGExitProfile.cpp:
(JSC::DFG::ExitProfile::add):
(JSC::DFG::QueryableExitProfile::initialize):
* bytecode/DFGExitProfile.h:
(JSC::DFG::ExitProfile::hasExitSite const):
* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::hasExitSite):
(JSC::GetByIdStatus::computeFor):
(JSC::GetByIdStatus::computeForStubInfo):
* bytecode/GetByIdStatus.h:
* bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::hasExitSite):
(JSC::PutByIdStatus::computeFor):
(JSC::PutByIdStatus::computeForStubInfo):
* bytecode/PutByIdStatus.h:
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::livenessAnalysisSlow):
* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::hasExitSite const):
(JSC::UnlinkedCodeBlock::hasExitSite):
(JSC::UnlinkedCodeBlock::exitProfile):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::hasGlobalExitSite):
(JSC::DFG::Graph::hasExitSite):
* dfg/DFGLICMPhase.cpp:
(JSC::DFG::LICMPhase::attemptHoist):
* dfg/DFGOSRExitBase.cpp:
(JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSiteSlow):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226928 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUse a helper function for checked arithmetic in WebGL validation
dino@apple.com [Sat, 13 Jan 2018 00:30:02 +0000 (00:30 +0000)]
Use a helper function for checked arithmetic in WebGL validation
https://bugs.webkit.org/show_bug.cgi?id=181620
<rdar://problem/36485879>

Reviewed by Eric Carlson.

Eric recommended using a templated helper function to do
a common arithmetic check in WebGL validation.

* html/canvas/WebGL2RenderingContext.cpp:
(WebCore::WebGL2RenderingContext::validateIndexArrayConservative):
* html/canvas/WebGLRenderingContext.cpp:
(WebCore::WebGLRenderingContext::validateIndexArrayConservative):
* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::checkedAddAndMultiply): New helper.
(WebCore::WebGLRenderingContextBase::validateIndexArrayPrecise):
(WebCore::WebGLRenderingContextBase::validateDrawArrays):
(WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0):
(WebCore::WebGLRenderingContextBase::simulateVertexAttrib0):
* html/canvas/WebGLRenderingContextBase.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226927 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] Remove unneeded accessibility-related sandbox rules
bfulgham@apple.com [Sat, 13 Jan 2018 00:28:11 +0000 (00:28 +0000)]
[iOS] Remove unneeded accessibility-related sandbox rules
https://bugs.webkit.org/show_bug.cgi?id=181619
<rdar://problem/36485356>

Reviewed by Eric Carlson.

Remove a number of sandbox exceptions that were in place for accessibility support. These are
not needed in the WebContent process, since Safari (not WebKit) handles the accessibility
interactions.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226926 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoPoisonedWriteBarrier
jfbastien@apple.com [Fri, 12 Jan 2018 23:47:58 +0000 (23:47 +0000)]
PoisonedWriteBarrier
https://bugs.webkit.org/show_bug.cgi?id=181599
<rdar://problem/36474351>

Reviewed by Mark Lam.

Source/JavaScriptCore:

Allow poisoning of WriteBarrier objects, and use this for
WebAssembly because it is perf-neutral, at least on WasmBench on
my MBP. If it indeed is perf-neutral according to the bots, start
using it in more performance-sensitive places.

* heap/HandleTypes.h:
* heap/SlotVisitor.h:
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::append):
(JSC::SlotVisitor::appendHidden):
* runtime/JSCJSValue.h:
* runtime/JSCPoison.h:
* runtime/Structure.h:
* runtime/StructureInlines.h:
(JSC::Structure::setPrototypeWithoutTransition):
(JSC::Structure::setGlobalObject):
(JSC::Structure::setPreviousID):
* runtime/WriteBarrier.h:
(JSC::WriteBarrierBase::copyFrom):
(JSC::WriteBarrierBase::get const):
(JSC::WriteBarrierBase::operator* const):
(JSC::WriteBarrierBase::operator-> const):
(JSC::WriteBarrierBase::clear):
(JSC::WriteBarrierBase::slot):
(JSC::WriteBarrierBase::operator bool const):
(JSC::WriteBarrierBase::setWithoutWriteBarrier):
(JSC::WriteBarrierBase::unvalidatedGet const):
(JSC::operator==):
* runtime/WriteBarrierInlines.h:
(JSC::Traits>::set):
(JSC::Traits>::setMayBeNull):
(JSC::Traits>::setEarlyValue):
(JSC::DumbValueTraits<Unknown>>::set):
* wasm/WasmInstance.h:
* wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
(JSC::JSWebAssemblyInstance::finishCreation):
(JSC::JSWebAssemblyInstance::visitChildren):
(JSC::JSWebAssemblyInstance::create):
* wasm/js/JSWebAssemblyInstance.h:
(JSC::JSWebAssemblyInstance::offsetOfPoisonedCallee):
* wasm/js/JSWebAssemblyMemory.h:
* wasm/js/JSWebAssemblyModule.h:
* wasm/js/JSWebAssemblyTable.cpp:
(JSC::JSWebAssemblyTable::JSWebAssemblyTable):
(JSC::JSWebAssemblyTable::grow):
(JSC::JSWebAssemblyTable::clearFunction):
* wasm/js/JSWebAssemblyTable.h:
* wasm/js/WasmToJS.cpp:
(JSC::Wasm::materializeImportJSCell):
(JSC::Wasm::handleBadI64Use):
(JSC::Wasm::wasmToJS):
* wasm/js/WebAssemblyFunctionBase.h:
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::link):
(JSC::WebAssemblyModuleRecord::evaluate):
* wasm/js/WebAssemblyModuleRecord.h:
* wasm/js/WebAssemblyToJSCallee.h:
* wasm/js/WebAssemblyWrapperFunction.h:

Source/WTF:

Supporting changes needed to allow poisoning of WriteBarrier
objects.

* WTF.xcodeproj/project.pbxproj:
* wtf/DumbPtrTraits.h:
* wtf/DumbValueTraits.h: Copied from Source/WTF/wtf/DumbPtrTraits.h.
(WTF::DumbValueTraits::exchange):
(WTF::DumbValueTraits::swap):
(WTF::DumbValueTraits::unwrap):
* wtf/Forward.h:
* wtf/Poisoned.h:
(WTF::ConstExprPoisonedValueTraits::exchange):
(WTF::ConstExprPoisonedValueTraits::swap):
(WTF::ConstExprPoisonedValueTraits::unwrap):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226920 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Cocoa] CTFontCopyDefaultCascadeListForLanguages() can return nullptr
mmaxfield@apple.com [Fri, 12 Jan 2018 23:35:55 +0000 (23:35 +0000)]
[Cocoa] CTFontCopyDefaultCascadeListForLanguages() can return nullptr
https://bugs.webkit.org/show_bug.cgi?id=181615
<rdar://problem/36334637>

Reviewed by Jon Lee.

Speculative fix. We are getting crash reports saying that this call can return nullptr, and we
don't check for it.

No new tests because I couldn't find the specific input that causes it to return nullptr. (I
tried running this code with every 0, 1, and 2 length locale string, every weight value, and
every italic value, and couldn't get it to crash. I also inspected the code to figure out what
values would cause it to return nullptr, and I couldn't find anything other than if the system
has a totally busted font setup.)

* platform/graphics/cocoa/FontDescriptionCocoa.cpp:
(WebCore::SystemFontDatabase::computeCascadeList):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226919 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agowebkitpy: Refactor simulator code (Part 4)
jbedard@apple.com [Fri, 12 Jan 2018 23:29:04 +0000 (23:29 +0000)]
webkitpy: Refactor simulator code (Part 4)
https://bugs.webkit.org/show_bug.cgi?id=180555
<rdar://problem/36131381>

Reviewed by Aakash Jain.

Move new_simulated_device.py to simulated_device.py.

* Scripts/webkitpy/port/ios_simulator.py: Update import statement.
* Scripts/webkitpy/xcode/new_simulated_device.py: Removed.
* Scripts/webkitpy/xcode/new_simulated_device_unittest.py: Removed.
* Scripts/webkitpy/xcode/simulated_device.py: Copied from Tools/Scripts/webkitpy/xcode/new_simulated_device.py.
* Scripts/webkitpy/xcode/simulated_device_unittest.py: Copied from Tools/Scripts/webkitpy/xcode/new_simulated_device_unittest.py.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226918 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[WebGL] Simulated vertexAttrib0 can sometimes cause OUT_OF_MEMORY errors
dino@apple.com [Fri, 12 Jan 2018 23:01:32 +0000 (23:01 +0000)]
[WebGL] Simulated vertexAttrib0 can sometimes cause OUT_OF_MEMORY errors
https://bugs.webkit.org/show_bug.cgi?id=181558
<rdar://problem/36189833>

Reviewed by Eric Carlson.

Source/WebCore:

Very large element indices in the ELEMENT_ARRAY_BUFFER meant that
our simulated vertexAttrib0 buffer might be too large. We need
to check for out-of-memory, but we can also detect some of the issues
earlier in our validation code. Additionally, make sure that we don't
accidentally cast an unsigned to a signed.

Test: fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies.html

* html/canvas/WebGL2RenderingContext.cpp:
(WebCore::WebGL2RenderingContext::validateIndexArrayConservative): Update validation
code to look for overflow, rather than relying on looking for sign changes.
* html/canvas/WebGLRenderingContext.cpp:
(WebCore::WebGLRenderingContext::validateIndexArrayConservative): Ditto.
* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::validateIndexArrayPrecise):
(WebCore::WebGLRenderingContextBase::drawArrays): Check that we were able to simulate.
(WebCore::WebGLRenderingContextBase::drawElements):
(WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0): Update validation code, and
use GC3Duint, since that's what the indicies are.
(WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): Ditto.
(WebCore::WebGLRenderingContextBase::drawArraysInstanced): Check that we were able to simulate.
(WebCore::WebGLRenderingContextBase::drawElementsInstanced):
* html/canvas/WebGLRenderingContextBase.h:

LayoutTests:

* fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies-expected.txt: Added.
* fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies.html: Added.
* platform/mac/TestExpectations: Test crashes on Sierra and earlier.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226916 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoLarge in-place attachment elements cause the document width to expand when inserted
wenson_hsieh@apple.com [Fri, 12 Jan 2018 22:00:52 +0000 (22:00 +0000)]
Large in-place attachment elements cause the document width to expand when inserted
https://bugs.webkit.org/show_bug.cgi?id=181614

Reviewed by Dan Bernstein.

Make in-place images and videos have a max-width of 100%, so that large attachments aren't inserted with full
display size, causing the document and viewport width to expand.

* html/HTMLAttachmentElement.cpp:
(WebCore::HTMLAttachmentElement::populateShadowRootIfNecessary):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226915 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Drop support for iOS 7 targets
commit-queue@webkit.org [Fri, 12 Jan 2018 21:47:07 +0000 (21:47 +0000)]
Web Inspector: Drop support for iOS 7 targets
https://bugs.webkit.org/show_bug.cgi?id=181549
<rdar://problem/36444813>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2018-01-12
Reviewed by Brian Burg.

* Versions/Inspector-iOS-7.0.json: Removed.
* UserInterface/Protocol/Legacy/7.0/InspectorBackendCommands.js: Removed.
Remove protocol snapshot and generated commands for iOS 7.

* UserInterface/Base/Main.js:
* UserInterface/Controllers/BreakpointPopoverController.js:
(WI.BreakpointPopoverController.prototype._createPopoverContent):
* UserInterface/Controllers/DebuggerManager.js:
(WI.DebuggerManager.prototype._setBreakpoint):
* UserInterface/Controllers/SourceMapManager.js:
(WI.SourceMapManager.prototype._loadAndParseSourceMap):
* UserInterface/Models/Instrument.js:
(WI.Instrument.startLegacyTimelineAgent):
* UserInterface/Models/ResourceTimingData.js:
* UserInterface/Models/ScriptTimelineRecord.js:
(WI.ScriptTimelineRecord.EventType.displayName):
* UserInterface/Models/SourceMapResource.js:
(WI.SourceMapResource.prototype.requestContentFromBackend):
* UserInterface/Protocol/CSSObserver.js:
(WI.CSSObserver.prototype.regionLayoutUpdated): Deleted.
* UserInterface/Protocol/RemoteObject.js:
(WI.RemoteObject.fromPayload):
Remove code that was only necessary to support iOS 7.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226914 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoLogged JSON should escape "'s and \'s in strings.
krollin@apple.com [Fri, 12 Jan 2018 21:39:02 +0000 (21:39 +0000)]
Logged JSON should escape "'s and \'s in strings.
https://bugs.webkit.org/show_bug.cgi?id=181608

Reviewed by Brent Fulgham.

Source/WebCore:

No new tests -- no new functionality, just changed logging. The
efficacy of the logging was verified by inspecting its output.

* loader/ResourceLoadObserver.cpp:
(WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):

Source/WebKit:

* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::logCookieInformation const):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226913 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, fixing error in UIKitSPI.h.
megan_gardner@apple.com [Fri, 12 Jan 2018 21:38:47 +0000 (21:38 +0000)]
Unreviewed, fixing error in UIKitSPI.h.

* Platform/spi/ios/UIKitSPI.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226912 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoImplement MultiDocument protocol for restoring focus to a WKWebView
megan_gardner@apple.com [Fri, 12 Jan 2018 21:32:17 +0000 (21:32 +0000)]
Implement MultiDocument protocol for restoring focus to a WKWebView
https://bugs.webkit.org/show_bug.cgi?id=181510

Reviewed by Dan Bernstein.

Support the UIKit protocol for restoring focus to a what previously had focus.
WebKit already knows what node was previously being focused by the DOM, we merely
need to be asked to turn the focus on again.
Resubmitting https://trac.webkit.org/changeset/226826 as it broke internal builds

* Platform/spi/ios/UIKitSPI.h:
* UIProcess/ios/WKContentViewInteraction.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _restoreFocusWithToken:]):
(-[WKContentView _preserveFocusWithToken:destructively:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226911 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Support JSX (React) syntax highlighting
commit-queue@webkit.org [Fri, 12 Jan 2018 21:03:22 +0000 (21:03 +0000)]
Web Inspector: Support JSX (React) syntax highlighting
https://bugs.webkit.org/show_bug.cgi?id=181607
<rdar://problem/36442564>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2018-01-12
Reviewed by Brian Burg.

* UserInterface/Base/MIMETypeUtilities.js:
(WI.mimeTypeForFileExtension):
(WI.fileExtensionForMIMEType):
* UserInterface/Models/Resource.js:
Support the jsx extension and mime types.

* UserInterface/Main.html:
* Scripts/update-codemirror-resources.rb:
* UserInterface/External/CodeMirror/jsx.js: Added.
Include new mode from CodeMirror@d8926768.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226909 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agodrawElements should be invalid if vertexAttrib0 doesn't have data
dino@apple.com [Fri, 12 Jan 2018 21:01:02 +0000 (21:01 +0000)]
drawElements should be invalid if vertexAttrib0 doesn't have data
https://bugs.webkit.org/show_bug.cgi?id=181609
<rdar://problem/36392883>

Reviewed by Antoine Quint.

Source/WebCore:

If a vertex attribute has been enabled, but no data provided, then
draw validation should fail.

Test: fast/canvas/webgl/drawElements-empty-vertex-data.html

* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::validateVertexAttributes): If there were
never any data in the vertex buffer, then we incorrectly compared with 0.

LayoutTests:

* fast/canvas/webgl/drawElements-empty-vertex-data-expected.txt: Added.
* fast/canvas/webgl/drawElements-empty-vertex-data.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226908 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCheckStructure can be incorrectly subsumed by CheckStructureOrEmpty
sbarati@apple.com [Fri, 12 Jan 2018 20:47:44 +0000 (20:47 +0000)]
CheckStructure can be incorrectly subsumed by CheckStructureOrEmpty
https://bugs.webkit.org/show_bug.cgi?id=181177
<rdar://problem/36205704>

Reviewed by Yusuke Suzuki.

JSTests:

* stress/check-structure-ir-ensures-empty-does-not-flow-through.js: Added.
(runNearStackLimit.t):
(runNearStackLimit):
(test.f):
(test):

Source/JavaScriptCore:

The semantics of CheckStructure are such that it does not allow the empty value to flow through it.
However, we may eliminate a CheckStructure if it's preceded by a CheckStructureOrEmpty. This doesn't
have semantic consequences when validation is turned off. However, with validation on, this trips up
our OSR exit machinery that says when an exit is allowed to happen.

Consider the following IR:

a: GetClosureVar // Or any other node that produces BytecodeTop
...
c: CheckStructure(Cell:@a, {s2})
d: PutByOffset(KnownCell:@a, KnownCell:@a, @value)

In the TypeCheckHoistingPhase, we may insert CheckStructureOrEmptys like this:
a: GetClosureVar
e: CheckStructureOrEmpty(@a, {s1})
...
f: CheckStructureOrEmpty(@a, {s2})
c: CheckStructure(Cell:@a, {s2})
d: PutByOffset(KnownCell:@a, KnownCell:@a, @value)

This will cause constant folding to change the IR to:
a: GetClosureVar
e: CheckStructureOrEmpty(@a, {s1})
...
f: CheckStructureOrEmpty(@a, {s2})
d: PutByOffset(KnownCell:@a, KnownCell:@a, @value)

Our mayExit analysis determines that the PutByOffset should not exit. Note
that AI will determine the only value the PutByOffset can see in @a is
the empty value. Because KnownCell filters SpecCell and not SpecCellCheck,
when lowering the PutByOffset, we reach a contradiction in AI and emit
an OSR exit. However, because mayExit said we couldn't exit, we assert.

Note that if we did not run the TypeCheckHoistingPhase on this IR, AI
would have determined we would OSR exit at the second CheckStructure.

This patch makes it so constant folding produces the following IR:
a: GetClosureVar
e: CheckStructureOrEmpty(@a, {s1})
g: AssertNotEmpty(@a)
...
f: CheckStructureOrEmpty(@a, {s2})
h: AssertNotEmpty(@a)
d: PutByOffset(KnownCell:@a, KnownCell:@a, @value)

This modification will cause AI to know we will OSR exit before even reaching
the PutByOffset. Note that in the original IR, the GetClosureVar won't
actually produce the TDZ value. If it did, bytecode would have caused us
to emit a CheckNotEmpty before the CheckStructure/PutByOffset combo. That's
why this bug is about IR bookkeeping and not an actual error in IR analysis.
This patch introduces AssertNotEmpty instead of using CheckNotEmpty to be
more congruous with CheckStructure's semantics of crashing on the empty value
as input (on 64 bit platforms).

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileAssertNotEmpty):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226907 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFormDataElement::lengthInBytes should use ThreadableBlobRegistry
commit-queue@webkit.org [Fri, 12 Jan 2018 20:41:55 +0000 (20:41 +0000)]
FormDataElement::lengthInBytes should use ThreadableBlobRegistry
https://bugs.webkit.org/show_bug.cgi?id=181554

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-12
Reviewed by Chris Dumez.

Source/WebCore:

Covered by updated test.

Fix blobRegistry() use and add support for creating a response that may trigger the issue.

* platform/network/FormData.cpp:
(WebCore::FormDataElement::lengthInBytes const): Was using directly blobRegistry() while ThreadableBlobRegistry is more appropriate
in case this is called from workers.
* Modules/fetch/FetchBody.h:
* Modules/fetch/FetchResponse.h:
* fileapi/Blob.h:
* testing/ServiceWorkerInternals.cpp:
(WebCore::ServiceWorkerInternals::createOpaqueWithBlobBodyResponse):
* testing/ServiceWorkerInternals.h:
* testing/ServiceWorkerInternals.idl:

LayoutTests:

* http/tests/workers/service/resources/service-worker-cache-api-worker.js:
(async):
(event.event.request.url.indexOf): Deleted.
(event.event.request.url.endsWith): Deleted.
(event.event.respondWith.promise.then): Deleted.
* http/tests/workers/service/service-worker-cache-api.https-expected.txt:
* http/tests/workers/service/service-worker-cache-api.https.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226906 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWrap CDMFairPlayStreaming and related classes in ENABLE(ENCRYPTED_MEDIA) checks
jer.noble@apple.com [Fri, 12 Jan 2018 20:01:02 +0000 (20:01 +0000)]
Wrap CDMFairPlayStreaming and related classes in ENABLE(ENCRYPTED_MEDIA) checks
https://bugs.webkit.org/show_bug.cgi?id=181602

Reviewed by Maciej Stachowiak.

* platform/graphics/avfoundation/CDMFairPlayStreaming.h:
* platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.h:
* platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226905 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWebProcess should pass the registration identifier and not the worker identifier...
commit-queue@webkit.org [Fri, 12 Jan 2018 19:43:35 +0000 (19:43 +0000)]
WebProcess should pass the registration identifier and not the worker identifier for fetch events
https://bugs.webkit.org/show_bug.cgi?id=181591

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-12
Reviewed by Chris Dumez.

Source/WebCore:

Test: http/wpt/service-workers/update-service-worker.https.html

Store service worker registration identifier in ResourceLoaderOptions instead of service worker identifier.

* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
(WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
* loader/ResourceLoaderOptions.h:
* loader/WorkerThreadableLoader.cpp:
(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::prepareFetch):
(WebCore::CachedResourceLoader::determineRevalidationPolicy const):
* loader/cache/CachedResourceRequest.cpp:
(WebCore::CachedResourceRequest::setSelectedServiceWorkerRegistrationIdentifierIfNeeded):
(WebCore::CachedResourceRequest::setNavigationServiceWorkerRegistrationData):
(WebCore::CachedResourceRequest::setSelectedServiceWorkerIdentifierIfNeeded): Deleted.
* loader/cache/CachedResourceRequest.h:
* workers/WorkerScriptLoader.cpp:
(WebCore::WorkerScriptLoader::loadSynchronously):
(WebCore::WorkerScriptLoader::loadAsynchronously):
* workers/service/server/SWServer.cpp:
(WebCore::SWServer::activeWorkerFromRegistrationID):
* workers/service/server/SWServer.h:

Source/WebKit:

Use service worker registration identifier to compute the active service worker identifier responsible to handle the fetch event.

* StorageProcess/ServiceWorker/WebSWServerConnection.cpp:
(WebKit::WebSWServerConnection::startFetch):
* StorageProcess/ServiceWorker/WebSWServerConnection.h:
* StorageProcess/ServiceWorker/WebSWServerConnection.messages.in:
* WebProcess/Storage/ServiceWorkerClientFetch.cpp:
(WebKit::ServiceWorkerClientFetch::start):
* WebProcess/Storage/WebSWClientConnection.cpp:
(WebKit::WebSWClientConnection::startFetch):
* WebProcess/Storage/WebSWClientConnection.h:
* WebProcess/Storage/WebServiceWorkerProvider.cpp:
(WebKit::shouldHandleFetch):

LayoutTests:

* http/wpt/service-workers/resources/empty.html: Added.
* http/wpt/service-workers/update-service-worker.https-expected.txt: Added.
* http/wpt/service-workers/update-service-worker.https.html: Added.
* http/wpt/service-workers/update-worker.py: Added.
(main):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226904 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r226826.
ryanhaddad@apple.com [Fri, 12 Jan 2018 19:21:00 +0000 (19:21 +0000)]
Unreviewed, rolling out r226826.

Breaks internal builds.

Reverted changeset:

"Implement MultiDocument protocol for restoring focus to a
WKWebView"
https://bugs.webkit.org/show_bug.cgi?id=181510
https://trac.webkit.org/changeset/226826

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226903 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agofast/events/ios/rotation/layout-viewport-during-safari-type-rotation.html is flakey
simon.fraser@apple.com [Fri, 12 Jan 2018 19:19:07 +0000 (19:19 +0000)]
fast/events/ios/rotation/layout-viewport-during-safari-type-rotation.html is flakey
https://bugs.webkit.org/show_bug.cgi?id=181569
rdar://problem/34117680

Reviewed by Zalan Bujtas.

Wait a tick before starting the rotation, otherwise -[WKWebView _beginAnimatedResizeWithUpdates:]
can bail because the unobscuredRect is empty.

Also wait for both the rotation UI script to complete, and the receipt of the
orientationchange event.

* fast/events/ios/rotation/layout-viewport-during-safari-type-rotation.html:
* fast/events/ios/rotation/resources/rotation-utils.js:
(doTest):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226902 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win][CMake] Remove all-in-one file for WebCore DerivedSources
commit-queue@webkit.org [Fri, 12 Jan 2018 19:05:43 +0000 (19:05 +0000)]
[Win][CMake] Remove all-in-one file for WebCore DerivedSources
https://bugs.webkit.org/show_bug.cgi?id=181582

Patch by Fujii Hironori <Hironori.Fujii@sony.com> on 2018-01-12
Reviewed by Alex Christensen.

Those source files are compiled in unified source build nowadays.

No new tests (No behavior change)

* CMakeLists.txt: Removed calling PROCESS_ALLINONE_FILE.
* DerivedSources.cpp: Removed.
* WebCoreMacros.cmake: Removed a macro PROCESS_ALLINONE_FILE.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226901 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[WinCairo][CMake] Use ${CURL_LIBRARY} instead of specifying the library name libcurl_...
commit-queue@webkit.org [Fri, 12 Jan 2018 18:52:26 +0000 (18:52 +0000)]
[WinCairo][CMake] Use ${CURL_LIBRARY} instead of specifying the library name libcurl_imp explicitly
https://bugs.webkit.org/show_bug.cgi?id=181578

Patch by Fujii Hironori <Hironori.Fujii@sony.com> on 2018-01-12
Reviewed by Alex Christensen.

vcpkg has libcurl.lib, not libcurl_imp.lib.

No new tests because no behavior change.

* PlatformWinCairo.cmake: Link ${CURL_LIBRARY} instead of libcurl_imp.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226900 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[WK2] Unify macOS and iOS codepaths in the UI process when starting a drag
wenson_hsieh@apple.com [Fri, 12 Jan 2018 18:49:11 +0000 (18:49 +0000)]
[WK2] Unify macOS and iOS codepaths in the UI process when starting a drag
https://bugs.webkit.org/show_bug.cgi?id=181574

Reviewed by Tim Horton.

Rearrange some macOS drag start logic in the UI process so that it uses the same codepaths in WebPageProxy as
iOS. Namely, startDrag should just forward the DragItem and drag image handle along to the appropriate views on
each platform (WKContentView and WebViewImpl).

There should be no change in behavior.

* UIProcess/Cocoa/WebPageProxyCocoa.mm:

Both macOS and iOS now funnel through this method.

* UIProcess/Cocoa/WebViewImpl.h:
* UIProcess/Cocoa/WebViewImpl.mm:
(WebKit::WebViewImpl::startDrag):
(WebKit::WebViewImpl::dragImageForView): Deleted.

Rename dragImageForView to startDrag. Move the call to didStartDrag() here, and call dragCancelled() in the
case where we bailed from starting the drag (due to failing to create a drag image).

* UIProcess/PageClient.h:
* UIProcess/ios/PageClientImplIOS.h:
* UIProcess/ios/PageClientImplIOS.mm:
(WebKit::PageClientImpl::setDragImage): Deleted.

Rename setDragImage to startDrag.

* UIProcess/mac/PageClientImplMac.h:
* UIProcess/mac/PageClientImplMac.mm:
(WebKit::PageClientImpl::startDrag):
(WebKit::PageClientImpl::setDragImage): Deleted.
* UIProcess/mac/WebPageProxyMac.mm:
(WebKit::WebPageProxy::startDrag): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226899 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWebGL video texture black in Safari 11.0.2 and wrong colored in Safari Preview 11.1
jer.noble@apple.com [Fri, 12 Jan 2018 18:30:06 +0000 (18:30 +0000)]
WebGL video texture black in Safari 11.0.2 and wrong colored in Safari Preview 11.1
https://bugs.webkit.org/show_bug.cgi?id=181445
<rdar://problem/36383183>

Reviewed by Dean Jackson.

Tests: added compile-time correctness tests for YCbCrMatrix values.

Perform the derivation from YCbCr coefficients into matrices in constexpr expressions
at compile-time. This allows us to also perform compile-time correctness checks to catch
regressions which may cause incorrect color conversions.

Since we now have general-purpose derivation of matrix values from coefficients,
adding missing specificed matrices is trivial, so add support for SMPTE 240M and BT.2020
matrices.

* platform/graphics/cv/VideoTextureCopierCV.cpp:
(WebCore::GLfloatColor::GLfloatColor):
(WebCore::GLfloatColor::abs):
(WebCore::GLfloatColor::isApproximatelyEqualTo const):
(WebCore::YCbCrMatrix::operator Vector<GLfloat> const):
(WebCore::YCbCrMatrix::YCbCrMatrix):
(WebCore::YCbCrMatrix::operator* const):
(WebCore::YCbCrToRGBMatrixForRangeAndTransferFunction):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226898 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r226818): API test WebKitLegacy.LoadInvalidURLRequest is failing
achristensen@apple.com [Fri, 12 Jan 2018 18:26:53 +0000 (18:26 +0000)]
REGRESSION (r226818): API test WebKitLegacy.LoadInvalidURLRequest is failing
https://bugs.webkit.org/show_bug.cgi?id=181595

This test was testing behavior of an invalid URL that WebCore parses but NSURL does not.
It was using example.com<> but after r226479 < and > are considered invalid by WebCore.
I change the < and > to $ to make this test pass and continue to test what it used to.

* TestWebKitAPI/Tests/mac/LoadInvalidURLRequest.html:
* TestWebKitAPI/Tests/mac/LoadInvalidURLRequest.mm:
(-[LoadInvalidURLWebFrameLoadDelegate webView:didFailProvisionalLoadWithError:forFrame:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226897 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSkipped http/tests/resourceLoadStatistics/grandfathering.html on macOS WK2.
jlewis3@apple.com [Fri, 12 Jan 2018 17:39:49 +0000 (17:39 +0000)]
Skipped http/tests/resourceLoadStatistics/grandfathering.html on macOS WK2.
https://bugs.webkit.org/show_bug.cgi?id=181482

Unreviewed test gardening.

* platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226896 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Remove unnecessary raw pointer in InspectorConsoleAgent
commit-queue@webkit.org [Fri, 12 Jan 2018 17:32:56 +0000 (17:32 +0000)]
Web Inspector: Remove unnecessary raw pointer in InspectorConsoleAgent
https://bugs.webkit.org/show_bug.cgi?id=181579
<rdar://problem/36193759>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2018-01-12
Reviewed by Brian Burg.

* inspector/agents/InspectorConsoleAgent.h:
* inspector/agents/InspectorConsoleAgent.cpp:
(Inspector::InspectorConsoleAgent::clearMessages):
(Inspector::InspectorConsoleAgent::addConsoleMessage):
Switch from a raw pointer to m_consoleMessages.last().
Also move the expiration check into the if block since it can only
happen inside here when the number of console messages changes.

(Inspector::InspectorConsoleAgent::discardValues):
Also clear the expired message count when messages are cleared.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226895 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd support for the frames() timing function
graouts@webkit.org [Fri, 12 Jan 2018 13:26:50 +0000 (13:26 +0000)]
Add support for the frames() timing function
https://bugs.webkit.org/show_bug.cgi?id=181585
<rdar://problem/36463317>

Reviewed by Dean.

Source/WebCore:

Implement the frames() timing function as specified in the CSS Timing Functions Level 1
specification, specifically https://www.w3.org/TR/css-timing-1/#frames-timing-functions.
A frames timing function is a type of timing function that divides the input time into a
specified number of intervals of equal length.

Test: transitions/frames-timing-function.html

* css/CSSComputedStyleDeclaration.cpp:
(WebCore::createTimingFunctionValue):
* css/CSSTimingFunctionValue.cpp:
(WebCore::CSSFramesTimingFunctionValue::customCSSText const):
(WebCore::CSSFramesTimingFunctionValue::equals const):
* css/CSSTimingFunctionValue.h:
* css/CSSToStyleMap.cpp:
(WebCore::CSSToStyleMap::mapAnimationTimingFunction):
* css/CSSValue.cpp:
(WebCore::CSSValue::equals const):
(WebCore::CSSValue::cssText const):
(WebCore::CSSValue::destroy):
* css/CSSValue.h:
(WebCore::CSSValue::isFramesTimingFunctionValue const):
* css/CSSValueKeywords.in:
* css/parser/CSSPropertyParser.cpp:
(WebCore::consumeSteps):
(WebCore::consumeFrames):
(WebCore::consumeAnimationTimingFunction):
* platform/animation/TimingFunction.cpp:
(WebCore::operator<<):
(WebCore::TimingFunction::transformTime const):
* platform/animation/TimingFunction.h:
(WebCore::TimingFunction::isFramesTimingFunction const):
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::animationHasFramesTimingFunction):
(WebCore::GraphicsLayerCA::animationCanBeAccelerated const):

Source/WebKit:

Add the ability to endode and decode the frames() timing function.

* Shared/WebCoreArgumentCoders.cpp:
(IPC::ArgumentCoder<FramesTimingFunction>::encode):
(IPC::ArgumentCoder<FramesTimingFunction>::decode):
* Shared/WebCoreArgumentCoders.h:
* WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemote.mm:
(WebKit::PlatformCAAnimationRemote::Properties::encode const):
(WebKit::PlatformCAAnimationRemote::Properties::decode):

LayoutTests:

Add a new test that checks that the frames() timing function applies as expected
and expand an existing test to check that the frames() timing function is parsed
correctly. We also mark progressions in imported WPT tests.

* imported/w3c/web-platform-tests/css-timing-1/frames-timing-functions-output-expected.txt:
* imported/w3c/web-platform-tests/css-timing-1/frames-timing-functions-syntax-expected.txt:
* transitions/frames-timing-function-expected.txt: Added.
* transitions/frames-timing-function.html: Added.
* transitions/transitions-parsing-expected.txt:
* transitions/transitions-parsing.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226886 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] Create parallel SlotVisitors apriori
utatane.tea@gmail.com [Fri, 12 Jan 2018 12:16:12 +0000 (12:16 +0000)]
[JSC] Create parallel SlotVisitors apriori
https://bugs.webkit.org/show_bug.cgi?id=180907

Reviewed by Saam Barati.

The number of SlotVisitors are capped with the number of HeapHelperPool's threads + 2.
If we create these SlotVisitors apropri, we do not need to create SlotVisitors dynamically.
Then we do not need to grab locks while iterating all the SlotVisitors.

In addition, we do not need to consider the case that the number of SlotVisitors increases
after setting up VisitCounters in MarkingConstraintSolver since the number of SlotVisitors
does not increase any more.

* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::runBeginPhase):
* heap/Heap.h:
* heap/HeapInlines.h:
(JSC::Heap::forEachSlotVisitor):
(JSC::Heap::numberOfSlotVisitors): Deleted.
* heap/MarkingConstraintSolver.cpp:
(JSC::MarkingConstraintSolver::didVisitSomething const):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226885 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoEach variant of a polymorphic inlined call should be exitOK at the top of the block
sbarati@apple.com [Fri, 12 Jan 2018 10:15:09 +0000 (10:15 +0000)]
Each variant of a polymorphic inlined call should be exitOK at the top of the block
https://bugs.webkit.org/show_bug.cgi?id=181562
<rdar://problem/36445624>

Reviewed by Yusuke Suzuki.

JSTests:

* stress/each-block-at-top-of-polymorphic-call-inlining-should-be-exitOK.js: Added.
(f):
(foo):

Source/JavaScriptCore:

Before this patch, the very first block in the switch for polymorphic call
inlining will have exitOK at the top. The others are not guaranteed to.
That was just a bug. They're all exitOK at the top. This will lead to crashes
in FixupPhase because we won't have a node in a block that has ExitOK, so
when we fixup various type checks, we assert out.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleInlining):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226881 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r226721.
commit-queue@webkit.org [Fri, 12 Jan 2018 08:39:54 +0000 (08:39 +0000)]
Unreviewed, rolling out r226721.
https://bugs.webkit.org/show_bug.cgi?id=181583

Lets do a slightly different fix (Requested by anttik on
#webkit).

Reverted changeset:

"REGRESSION(r225650): The scores of MotionMark tests Multiply
and Leaves dropped by 8%"
https://bugs.webkit.org/show_bug.cgi?id=181460
https://trac.webkit.org/changeset/226721

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226880 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRename ENABLE_ASYNC_ITERATION to ENABLE_JS_ASYNC_ITERATION
keith_miller@apple.com [Fri, 12 Jan 2018 07:59:30 +0000 (07:59 +0000)]
Rename ENABLE_ASYNC_ITERATION to ENABLE_JS_ASYNC_ITERATION
https://bugs.webkit.org/show_bug.cgi?id=181573

Reviewed by Simon Fraser.

.:

* Source/cmake/WebKitFeatures.cmake:

Source/JavaScriptCore:

* Configurations/FeatureDefines.xcconfig:
* runtime/Options.h:

Source/WebCore:

* Configurations/FeatureDefines.xcconfig:

Source/WebCore/PAL:

* Configurations/FeatureDefines.xcconfig:

Source/WebKit:

* Configurations/FeatureDefines.xcconfig:

Source/WebKitLegacy/mac:

* Configurations/FeatureDefines.xcconfig:

Tools:

* TestWebKitAPI/Configurations/FeatureDefines.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226879 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove noexcept from definition of std::tie()
commit-queue@webkit.org [Fri, 12 Jan 2018 06:53:51 +0000 (06:53 +0000)]
Remove noexcept from definition of std::tie()
https://bugs.webkit.org/show_bug.cgi?id=181577

Patch by Basuke Suzuki <Basuke.Suzuki@sony.com> on 2018-01-11
Reviewed by Yusuke Suzuki.

* wtf/StdLibExtras.h:
(WTF::tie):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226878 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[WebAuthN] Import a CBOR coder from Chromium
jiewen_tan@apple.com [Fri, 12 Jan 2018 05:29:01 +0000 (05:29 +0000)]
[WebAuthN] Import a CBOR coder from Chromium
https://bugs.webkit.org/show_bug.cgi?id=181522
<rdar://problem/36055729>

Reviewed by Brent Fulgham.

Source/WebCore:

This patch imports a CBOR coder including encoder and decoder from Chromium. CBOR encoder
is needed for WebAuthN to encode attestation object into binaries. When supporting extensions
in the future, CBOR encoder/decoder will be needed as well. Implementating and maintaining
a fully-fledged CBOR coder doesn't seem to align with WebKit's best interests. Therefore,
importing a most suitable third party implementation will be wise.

In this patch, it fully integrate the whole coder into our codebase. Those changes includes:
    1. Substitute data structures that enjoy a better WTF version.
    2. Replacing marcos.
    3. Implementating workarounds for some functionalities that we lack fundamental types' support.
    4. Changing the coding style to match ours.

This patch doesn't intend to improve the logic of the original codebase. Hence some of the
coding logic might not match what WebKit ususally has.

Here is a full list of Chromium changes that constructed this CBOR coder in chronological order:
6efcf495521d18d060027762f48bb292d6979136,
9eb43fd347890b4c6cf54c4bd7ec1bbb88e381e1,
31c85e74fd567772f18e0a41be468d04af721f21,
68672fdcad280a8ff69b91927d38d0eabf2c87f2,
0ca8667c0584fb21c0748ebd7468d32889759a07,
df763d790d7e45d70116bdefacbfd4f9faa8995e,
6d30c4a621c65314db63eb56e87c19ab75627b26,
50fe92953f4739f17a62303fedbf8db9234317c8,
47be22c3603424d1832d046a348ff3f982500288,
98a59e46948b2c71608926004fac8192b0ff2208,
07540c6d850ed6e0fa508d63c20a8ce96d751de6,
06ae32d640c8e4b86ea8914a80ee419ea16e56d8.

Covered by API tests.

* Modules/webauthn/cbor/CBORBinary.h: Added.
* Modules/webauthn/cbor/CBORReader.cpp: Added.
(cbor::CBORReader::CBORReader):
(cbor::CBORReader::~CBORReader):
(cbor::CBORReader::read):
(cbor::CBORReader::decodeCBOR):
(cbor::CBORReader::readVariadicLengthInteger):
(cbor::CBORReader::decodeValueToNegative):
(cbor::CBORReader::decodeValueToUnsigned):
(cbor::CBORReader::readSimpleValue):
(cbor::CBORReader::readString):
Workarounds applied.
(cbor::CBORReader::readBytes):
(cbor::CBORReader::readCBORArray):
(cbor::CBORReader::readCBORMap):
(cbor::CBORReader::canConsume):
(cbor::CBORReader::checkMinimalEncoding):
(cbor::CBORReader::checkExtraneousData):
(cbor::CBORReader::checkDuplicateKey):
(cbor::CBORReader::hasValidUTF8Format):
Workarounds applied.
(cbor::CBORReader::checkOutOfOrderKey):
(cbor::CBORReader::getErrorCode):
(cbor::CBORReader::errorCodeToString):
* Modules/webauthn/cbor/CBORReader.h: Added.
* Modules/webauthn/cbor/CBORValue.cpp: Added.
(cbor::CBORValue::CBORValue):
(cbor::CBORValue::operator=):
(cbor::CBORValue::~CBORValue):
(cbor::CBORValue::clone const):
(cbor::CBORValue::getInteger const):
(cbor::CBORValue::getUnsigned const):
(cbor::CBORValue::getNegative const):
(cbor::CBORValue::getString const):
(cbor::CBORValue::getByteString const):
(cbor::CBORValue::getArray const):
(cbor::CBORValue::getMap const):
(cbor::CBORValue::getSimpleValue const):
(cbor::CBORValue::internalMoveConstructFrom):
(cbor::CBORValue::internalCleanup):
* Modules/webauthn/cbor/CBORValue.h: Added.
* Modules/webauthn/cbor/CBORWriter.cpp: Added.
(cbor::CBORWriter::~CBORWriter):
(cbor::CBORWriter::write):
(cbor::CBORWriter::CBORWriter):
(cbor::CBORWriter::encodeCBOR):
Workarounds applied.
(cbor::CBORWriter::startItem):
(cbor::CBORWriter::setAdditionalInformation):
(cbor::CBORWriter::setUint):
(cbor::CBORWriter::getNumUintBytes):
* Modules/webauthn/cbor/CBORWriter.h: Added.
* Sources.txt:
* WebCore.xcodeproj/project.pbxproj:

Tools:

This patch also imports all unit tests into our API tests to ensure all
workarounds and modification against the original codebase doesn't change
any original functionalities.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebCore/CBORReaderTest.cpp: Added.
(TestWebKitAPI::TEST):
* TestWebKitAPI/Tests/WebCore/CBORValueTest.cpp: Added.
(TestWebKitAPI::TEST):
* TestWebKitAPI/Tests/WebCore/CBORWriterTest.cpp: Added.
(TestWebKitAPI::eq):
Workarounds applied.
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226862 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSetting Window.opener to null should disown its opener
cdumez@apple.com [Fri, 12 Jan 2018 04:47:31 +0000 (04:47 +0000)]
Setting Window.opener to null should disown its opener
https://bugs.webkit.org/show_bug.cgi?id=181505
<rdar://problem/36443151>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Setting Window.opener to null should disown its opener as per:
- https://html.spec.whatwg.org/#dom-opener

With this change, tabs opened by clicking link inside Gmail no
longer have the Gmail window as opener.

Tests: fast/dom/Window/window-opener-set-to-null.html
       fast/dom/Window/window-opener-shadowing.html

* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::setOpener):
* page/DOMWindow.cpp:
(WebCore::DOMWindow::disownOpener):
* page/DOMWindow.h:
* page/DOMWindow.idl:

LayoutTests:

Add layout test coverage.

* fast/dom/Window/window-opener-set-to-null-expected.txt: Added.
* fast/dom/Window/window-opener-set-to-null.html: Added.
* fast/dom/Window/window-opener-shadowing-expected.txt: Added.
* fast/dom/Window/window-opener-shadowing.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226842 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agowebkitpy: Use partially disambiguated type in SimulatedDeviceManager._disambiguate_de...
jbedard@apple.com [Fri, 12 Jan 2018 03:31:27 +0000 (03:31 +0000)]
webkitpy: Use partially disambiguated type in SimulatedDeviceManager._disambiguate_device_type
https://bugs.webkit.org/show_bug.cgi?id=181538
<rdar://problem/36440580>

Reviewed by Aakash Jain.

When disambiguating a device type, it is possible that the provided device type is sufficiently
ambiguous that the comparisons against complete device types without a disambiguated hardware_family
will result in a failure to disambiguate the type.

* Scripts/webkitpy/xcode/new_simulated_device.py:
(SimulatedDeviceManager._disambiguate_device_type):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226841 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(226788): AppStore Crashed @ JavaScriptCore: JSC::MacroAssemblerARM64:...
msaboff@apple.com [Fri, 12 Jan 2018 03:30:40 +0000 (03:30 +0000)]
REGRESSION(226788): AppStore Crashed @ JavaScriptCore: JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters
https://bugs.webkit.org/show_bug.cgi?id=181570

Reviewed by Keith Miller.

* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::abortWithReason):
Reverting these functions to use dataTempRegister and memoryTempRegister as they are
JIT release asserts that will crash the program.

(JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters):
Changed this so that it invalidates any cached dataTmpRegister contents if temp register
caching is enabled.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226840 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Cocoa] Star character disappears when bolded
mmaxfield@apple.com [Fri, 12 Jan 2018 03:16:52 +0000 (03:16 +0000)]
[Cocoa] Star character disappears when bolded
https://bugs.webkit.org/show_bug.cgi?id=181568
<rdar://problem/18755569>

Reviewed by Simon Fraser.

Source/WebCore:

We had some code in ComplexTextController to ask the FontCache for a font, given the name
of a particular font CoreText used inside a CTRun. This is wrong for two reasons: fonts
are not identifiable by PostScript name (in the general case), and because the lookup
procedure requires a FontDescription, the result may yield a font that is not the one
looked up. The goal of this code was simply to preserve the rendering mode of the font,
but we removed support for these rendering modes years ago. So the solution is to skip
that lookup and use the CoreText font directly.

Test: fast/text/unknown-font.html

* platform/graphics/mac/ComplexTextControllerCoreText.mm:
(WebCore::ComplexTextController::collectComplexTextRunsForCharacters):

LayoutTests:

* fast/text/unknown-font-expected-mismatch.html: Added.
* fast/text/unknown-font.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226839 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r219530): ResourceLoadStatisticsPersistentStorage should be read-only...
bfulgham@apple.com [Fri, 12 Jan 2018 03:13:05 +0000 (03:13 +0000)]
REGRESSION(r219530): ResourceLoadStatisticsPersistentStorage should be read-only in ephemeral sessions
https://bugs.webkit.org/show_bug.cgi?id=181136
<rdar://problem/36116604>

Reviewed by Chris Dumez.

Source/WebKit:

Some uses of WebKit involve running a UIProcess as an ephemeral session for the life of the process. In this
case, we do not initialize the data path for the set of load statistics triggering an assertion.

We actually intended ephemeral sessions to consume the existing resource load data (presumably captured during
non-ephemeral browsing). This would be a read-only mode, where it would not add new entries to the load
statistics, but would take advantage of existing observations. Currently that does not happen (for this type
of WebKit embed), which forces each run as an ephemeral session to build up in-memory browsing data until it has
enough observations to begin modifying loads.

We need to set the ResourceLoadStatisticsPersistentStorage object to a "read only" mode in this case, so
that it read (but does not write) from this database.

Tested by ephemeral website data TestWebKitAPI tests.

* UIProcess/ResourceLoadStatisticsPersistentStorage.cpp:
(WebKit::ResourceLoadStatisticsPersistentStorage::create): Added to allow creation of the right style of
Persistent Storage.
(WebKit::ResourceLoadStatisticsPersistentStorage::ResourceLoadStatisticsPersistentStorage): Initialize the
new data member.
(WebKit::ResourceLoadStatisticsPersistentStorage::asyncWriteTimerFired): RELEASE_ASSERT that we never run
this method when in "read only" mode.
(WebKit::ResourceLoadStatisticsPersistentStorage::writeMemoryStoreToDisk): Ditto.
(WebKit::ResourceLoadStatisticsPersistentStorage::scheduleOrWriteMemoryStore): Return early if asked to
schedule a write operation for a "read only" persistent store.
(WebKit::ResourceLoadStatisticsPersistentStorage::finishAllPendingWorkSynchronously): RELEASE_ASSERT if we
ever shut down in "read only" mode with an active write timer.
* UIProcess/ResourceLoadStatisticsPersistentStorage.h:
* UIProcess/WebResourceLoadStatisticsStore.cpp:
(WebKit::WebResourceLoadStatisticsStore::WebResourceLoadStatisticsStore): Pass a flag indicating whether the
storage session is ephemeral or not.
* UIProcess/WebResourceLoadStatisticsStore.h:

Tools:

Add a new API test to confirm that ResourceLoadStatistics can be turned on safely for ephemeral
browsing sessions.

* Scripts/run-gtk-tests:
(GtkTestRunner): Unskip test now that it passes.
* TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm:
(TEST): Add new WebsiteDataStoreEphemeral test.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226838 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r226816.
ryanhaddad@apple.com [Fri, 12 Jan 2018 02:19:25 +0000 (02:19 +0000)]
Unreviewed, rolling out r226816.

This change broke LayoutTests on the bots.

Reverted changeset:

"run-webkit-tests fails when there is a curly brace in Xcode
build output"
https://bugs.webkit.org/show_bug.cgi?id=181254
https://trac.webkit.org/changeset/226816

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226837 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCannot trigger Dromaeo tests on internal perf try bots
rniwa@webkit.org [Fri, 12 Jan 2018 02:13:53 +0000 (02:13 +0000)]
Cannot trigger Dromaeo tests on internal perf try bots
https://bugs.webkit.org/show_bug.cgi?id=179712

Reviewed by Chris Dumez.

The bug was caused by CustomAnalysisTaskConfigurator only showing the top-level tests that are triggerable
instead of the list of highest level tests that are triggerable.

* public/v3/components/custom-analysis-task-configurator.js:
(CustomAnalysisTaskConfigurator.prototype.selectTests): Update the test group name when a new test is picked.
(CustomAnalysisTaskConfigurator.prototype.selectPlatform):
(CustomAnalysisTaskConfigurator.prototype._didUpdateSelectedPlatforms): Extracted from selectPlatform.
(CustomAnalysisTaskConfigurator.prototype._renderTriggerableTests): Include the list of all highest-level tests
which are triggerable.
(CustomAnalysisTaskConfigurator.prototype._renderRadioButtonList): Added labelForObject which returns the label
to be used in the list items. For tests, we want to use the full name, not just its label.
* public/v3/models/analysis-task.js:
(AnalysisTask.fetchById):
* public/v3/models/triggerable.js:
(Triggerable.prototype.acceptedTests): Added.
(Triggerable.prototype.acceptsTest): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226836 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd optional logging of ITP-related user interaction information
krollin@apple.com [Fri, 12 Jan 2018 01:53:58 +0000 (01:53 +0000)]
Add optional logging of ITP-related user interaction information
https://bugs.webkit.org/show_bug.cgi?id=181556

Reviewed by Brent Fulgham.

In order to support the tracking of the efficacy of Intelligent
Tracking Protection, add some logging indicating when the user
interacts with a page in a way that affects cookie partitioning. This
logging is off by default, and is enabled with `defaults write -g
WebKitLogCookieInformation -bool true`.

Source/WebCore:

No new tests -- no changed functionality.

* loader/ResourceLoadObserver.cpp:
(WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
* loader/ResourceLoadObserver.h:
(WebCore::ResourceLoadObserver::shouldLogUserInteraction const):
(WebCore::ResourceLoadObserver::setShouldLogUserInteraction):

Source/WebKit:

* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode const):
(WebKit::WebProcessCreationParameters::decode):
* Shared/WebProcessCreationParameters.h:
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitializeWebProcess):
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeWebProcess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226835 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoImplement MultiDocument protocol for restoring focus to a WKWebView
megan_gardner@apple.com [Fri, 12 Jan 2018 01:43:06 +0000 (01:43 +0000)]
Implement MultiDocument protocol for restoring focus to a WKWebView
https://bugs.webkit.org/show_bug.cgi?id=181510

Reviewed by Dan Bernstein.

Support the UIKit protocol for restoring focus to a what previously had focus.
WebKit already has a method to silently remove and replace focus, without telling the
web process about the unfocus and refocusing, so we're just using that.

* Platform/spi/ios/UIKitSPI.h:
* UIProcess/ios/WKContentViewInteraction.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _restoreFocusWithToken:]):
(-[WKContentView _preserveFocusWithToken:destructively:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226826 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAX: when invert colors is on, double-invert video elements in UserAgentStyleSheet
jcraig@apple.com [Fri, 12 Jan 2018 01:16:59 +0000 (01:16 +0000)]
AX: when invert colors is on, double-invert video elements in UserAgentStyleSheet
https://bugs.webkit.org/show_bug.cgi?id=168447
<rdar://problem/30559874>

Reviewed by Simon Fraser.

Double-invert video when platform "invert colors" setting is enabled. Behavior matches
current "Smart Invert" feature of Safari Reader on macOS/iOS and other iOS native apps.

Source/WebCore:

Tests: accessibility/smart-invert-reference.html
       accessibility/smart-invert.html

* Modules/modern-media-controls/controls/media-controls.css:
(@media (inverted-colors)):
(:host):
(picture):
* css/html.css:
(@media (inverted-colors)):
(video):

LayoutTests:

* TestExpectations: Platform setting only available on Mac and iOS.
* accessibility/smart-invert-expected.txt: Added.
* accessibility/smart-invert-reference-expected.html: Added.
* accessibility/smart-invert-reference.html: Added. Ref to ensure invert and grayscale filters render as expected.
* accessibility/smart-invert.html: Added. Computed expectatons of filter property text values.
* platform/ios-wk2/TestExpectations: Runs on iOS WK2.
* platform/mac-wk2/TestExpectations: Runs on Mac WK2.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226825 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDon't load inline data when requesting info for an attachment element backed by a...
wenson_hsieh@apple.com [Fri, 12 Jan 2018 01:13:28 +0000 (01:13 +0000)]
Don't load inline data when requesting info for an attachment element backed by a file path
https://bugs.webkit.org/show_bug.cgi?id=181550

Source/WebCore:

Reviewed by Tim Horton.

When requesting data for an attachment element that is backed by a file path, we currently trigger a load in the
web process to fetch contents of the attachment data as inline data in the AttachmentInfo. This is unnecessary,
since the file path of the attachment element must have come from the UI process anyways, so it is sufficient to
simply send the file path to the UI process and have the UI process read the contents of the path as a memory-
mapped NSData.

This patch lets HTMLAttachmentElement skip over resource loading codepaths when creating an AttachmentInfo for
the client, and also teaches _WKAttachment to read a AttachmentInfo's filepath as memory-mapped data if a file
path is present, and no inline data was specified.

Covered by existing API tests.

* html/HTMLAttachmentElement.cpp:
(WebCore::HTMLAttachmentElement::requestInfo):

Source/WebKit:

Reviewed by Tim Horton

See WebCore/ChangeLog for more information.

* UIProcess/API/Cocoa/_WKAttachment.mm:
(-[_WKAttachmentInfo initWithInfo:]):
(-[_WKAttachmentInfo fileLoadingError]):
(-[_WKAttachment requestInfo:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226824 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMake elements of zero width or height focusable
rniwa@webkit.org [Fri, 12 Jan 2018 00:56:59 +0000 (00:56 +0000)]
Make elements of zero width or height focusable
https://bugs.webkit.org/show_bug.cgi?id=181516

Reviewed by Chris Dumez.

Source/WebCore:

Don't check render box's size or bounding rect when deciding whether an element is focusable.
New behavior matches that of Firefox and Chrome.

Test: fast/events/focus-zero-size-element.html

* dom/Element.cpp:
(WebCore::Element::isFocusable): Only update the style.
* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::isFocusable const): Deleted.
* html/HTMLFormControlElement.h:
* mathml/MathMLElement.cpp:
(WebCore::MathMLElement::isFocusable const): Deleted. As far as I can tell, no math ml element is focusable.
* mathml/MathMLElement.h:
* svg/SVGAElement.cpp:
(WebCore::SVGAElement::isFocusable const): Deleted.
* svg/SVGAElement.h:

LayoutTests:

Added a regression test.

* fast/events/focus-zero-size-element-expected.txt: Added.
* fast/events/focus-zero-size-element.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226823 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRename MarkedAllocator to BlockDirectory and AllocatorAttributes to CellAttributes
fpizlo@apple.com [Fri, 12 Jan 2018 00:32:33 +0000 (00:32 +0000)]
Rename MarkedAllocator to BlockDirectory and AllocatorAttributes to CellAttributes
https://bugs.webkit.org/show_bug.cgi?id=181543

Rubber stamped by Michael Saboff.
Source/JavaScriptCore:

In a world that has thread-local caches, the thing we now call the "MarkedAllocator" doesn't
really have anything to do with allocation anymore. The allocation will be done by something
in the TLC. When you move the allocation logic out of MarkedAllocator, it becomes just a
place to find blocks (a "block directory").

Once we do that renaming, the term "allocator attributes" becomes weird. Those are really the
attributes of the HeapCellType. So let's call them CellAttributes.

* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* bytecode/AccessCase.cpp:
(JSC::AccessCase::generateImpl):
* bytecode/ObjectAllocationProfile.h:
* bytecode/ObjectAllocationProfileInlines.h:
(JSC::ObjectAllocationProfile::initializeProfile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
(JSC::DFG::SpeculativeJIT::compileMakeRope):
(JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileNewObject):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
(JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
* ftl/FTLAbstractHeapRepository.h:
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
(JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
(JSC::FTL::DFG::LowerDFGToB3::allocateHeapCell):
(JSC::FTL::DFG::LowerDFGToB3::allocateObject):
(JSC::FTL::DFG::LowerDFGToB3::allocatorForSize):
* heap/AlignedMemoryAllocator.cpp:
(JSC::AlignedMemoryAllocator::registerDirectory):
(JSC::AlignedMemoryAllocator::registerAllocator): Deleted.
* heap/AlignedMemoryAllocator.h:
(JSC::AlignedMemoryAllocator::firstDirectory const):
(JSC::AlignedMemoryAllocator::firstAllocator const): Deleted.
* heap/AllocatorAttributes.cpp: Removed.
* heap/AllocatorAttributes.h: Removed.
* heap/BlockDirectory.cpp: Copied from Source/JavaScriptCore/heap/MarkedAllocator.cpp.
(JSC::BlockDirectory::BlockDirectory):
(JSC::BlockDirectory::setSubspace):
(JSC::BlockDirectory::isPagedOut):
(JSC::BlockDirectory::findEmptyBlockToSteal):
(JSC::BlockDirectory::didConsumeFreeList):
(JSC::BlockDirectory::tryAllocateWithoutCollecting):
(JSC::BlockDirectory::allocateIn):
(JSC::BlockDirectory::tryAllocateIn):
(JSC::BlockDirectory::doTestCollectionsIfNeeded):
(JSC::BlockDirectory::allocateSlowCase):
(JSC::BlockDirectory::blockSizeForBytes):
(JSC::BlockDirectory::tryAllocateBlock):
(JSC::BlockDirectory::addBlock):
(JSC::BlockDirectory::removeBlock):
(JSC::BlockDirectory::stopAllocating):
(JSC::BlockDirectory::prepareForAllocation):
(JSC::BlockDirectory::lastChanceToFinalize):
(JSC::BlockDirectory::resumeAllocating):
(JSC::BlockDirectory::beginMarkingForFullCollection):
(JSC::BlockDirectory::endMarking):
(JSC::BlockDirectory::snapshotUnsweptForEdenCollection):
(JSC::BlockDirectory::snapshotUnsweptForFullCollection):
(JSC::BlockDirectory::findBlockToSweep):
(JSC::BlockDirectory::sweep):
(JSC::BlockDirectory::shrink):
(JSC::BlockDirectory::assertNoUnswept):
(JSC::BlockDirectory::parallelNotEmptyBlockSource):
(JSC::BlockDirectory::dump const):
(JSC::BlockDirectory::dumpBits):
(JSC::BlockDirectory::markedSpace const):
(JSC::MarkedAllocator::MarkedAllocator): Deleted.
(JSC::MarkedAllocator::setSubspace): Deleted.
(JSC::MarkedAllocator::isPagedOut): Deleted.
(JSC::MarkedAllocator::findEmptyBlockToSteal): Deleted.
(JSC::MarkedAllocator::didConsumeFreeList): Deleted.
(JSC::MarkedAllocator::tryAllocateWithoutCollecting): Deleted.
(JSC::MarkedAllocator::allocateIn): Deleted.
(JSC::MarkedAllocator::tryAllocateIn): Deleted.
(JSC::MarkedAllocator::doTestCollectionsIfNeeded): Deleted.
(JSC::MarkedAllocator::allocateSlowCase): Deleted.
(JSC::MarkedAllocator::blockSizeForBytes): Deleted.
(JSC::MarkedAllocator::tryAllocateBlock): Deleted.
(JSC::MarkedAllocator::addBlock): Deleted.
(JSC::MarkedAllocator::removeBlock): Deleted.
(JSC::MarkedAllocator::stopAllocating): Deleted.
(JSC::MarkedAllocator::prepareForAllocation): Deleted.
(JSC::MarkedAllocator::lastChanceToFinalize): Deleted.
(JSC::MarkedAllocator::resumeAllocating): Deleted.
(JSC::MarkedAllocator::beginMarkingForFullCollection): Deleted.
(JSC::MarkedAllocator::endMarking): Deleted.
(JSC::MarkedAllocator::snapshotUnsweptForEdenCollection): Deleted.
(JSC::MarkedAllocator::snapshotUnsweptForFullCollection): Deleted.
(JSC::MarkedAllocator::findBlockToSweep): Deleted.
(JSC::MarkedAllocator::sweep): Deleted.
(JSC::MarkedAllocator::shrink): Deleted.
(JSC::MarkedAllocator::assertNoUnswept): Deleted.
(JSC::MarkedAllocator::parallelNotEmptyBlockSource): Deleted.
(JSC::MarkedAllocator::dump const): Deleted.
(JSC::MarkedAllocator::dumpBits): Deleted.
(JSC::MarkedAllocator::markedSpace const): Deleted.
* heap/BlockDirectory.h: Copied from Source/JavaScriptCore/heap/MarkedAllocator.h.
(JSC::BlockDirectory::attributes const):
(JSC::BlockDirectory::forEachBitVector):
(JSC::BlockDirectory::forEachBitVectorWithName):
(JSC::BlockDirectory::nextDirectory const):
(JSC::BlockDirectory::nextDirectoryInSubspace const):
(JSC::BlockDirectory::nextDirectoryInAlignedMemoryAllocator const):
(JSC::BlockDirectory::setNextDirectory):
(JSC::BlockDirectory::setNextDirectoryInSubspace):
(JSC::BlockDirectory::setNextDirectoryInAlignedMemoryAllocator):
(JSC::BlockDirectory::offsetOfFreeList):
(JSC::BlockDirectory::offsetOfCellSize):
(JSC::MarkedAllocator::cellSize const): Deleted.
(JSC::MarkedAllocator::attributes const): Deleted.
(JSC::MarkedAllocator::needsDestruction const): Deleted.
(JSC::MarkedAllocator::destruction const): Deleted.
(JSC::MarkedAllocator::cellKind const): Deleted.
(JSC::MarkedAllocator::heap): Deleted.
(JSC::MarkedAllocator::bitvectorLock): Deleted.
(JSC::MarkedAllocator::forEachBitVector): Deleted.
(JSC::MarkedAllocator::forEachBitVectorWithName): Deleted.
(JSC::MarkedAllocator::nextAllocator const): Deleted.
(JSC::MarkedAllocator::nextAllocatorInSubspace const): Deleted.
(JSC::MarkedAllocator::nextAllocatorInAlignedMemoryAllocator const): Deleted.
(JSC::MarkedAllocator::setNextAllocator): Deleted.
(JSC::MarkedAllocator::setNextAllocatorInSubspace): Deleted.
(JSC::MarkedAllocator::setNextAllocatorInAlignedMemoryAllocator): Deleted.
(JSC::MarkedAllocator::subspace const): Deleted.
(JSC::MarkedAllocator::freeList const): Deleted.
(JSC::MarkedAllocator::offsetOfFreeList): Deleted.
(JSC::MarkedAllocator::offsetOfCellSize): Deleted.
* heap/BlockDirectoryInlines.h: Copied from Source/JavaScriptCore/heap/MarkedAllocatorInlines.h.
(JSC::BlockDirectory::isFreeListedCell const):
(JSC::BlockDirectory::allocate):
(JSC::BlockDirectory::forEachBlock):
(JSC::BlockDirectory::forEachNotEmptyBlock):
(JSC::MarkedAllocator::isFreeListedCell const): Deleted.
(JSC::MarkedAllocator::allocate): Deleted.
(JSC::MarkedAllocator::forEachBlock): Deleted.
(JSC::MarkedAllocator::forEachNotEmptyBlock): Deleted.
* heap/CellAttributes.cpp: Copied from Source/JavaScriptCore/heap/AllocatorAttributes.cpp.
(JSC::CellAttributes::dump const):
(JSC::AllocatorAttributes::dump const): Deleted.
* heap/CellAttributes.h: Copied from Source/JavaScriptCore/heap/AllocatorAttributes.h.
(JSC::CellAttributes::CellAttributes):
(JSC::AllocatorAttributes::AllocatorAttributes): Deleted.
* heap/CompleteSubspace.cpp:
(JSC::CompleteSubspace::allocatorFor):
(JSC::CompleteSubspace::allocateNonVirtual):
(JSC::CompleteSubspace::allocatorForSlow):
(JSC::CompleteSubspace::tryAllocateSlow):
* heap/CompleteSubspace.h:
(JSC::CompleteSubspace::allocatorForSizeStep):
(JSC::CompleteSubspace::allocatorForNonVirtual):
* heap/GCDeferralContext.h:
* heap/Heap.cpp:
(JSC::Heap::updateAllocationLimits):
* heap/Heap.h:
* heap/HeapCell.h:
* heap/HeapCellInlines.h:
(JSC::HeapCell::cellAttributes const):
(JSC::HeapCell::destructionMode const):
(JSC::HeapCell::cellKind const):
(JSC::HeapCell::allocatorAttributes const): Deleted.
* heap/HeapCellType.cpp:
(JSC::HeapCellType::HeapCellType):
* heap/HeapCellType.h:
(JSC::HeapCellType::attributes const):
* heap/IncrementalSweeper.cpp:
(JSC::IncrementalSweeper::IncrementalSweeper):
(JSC::IncrementalSweeper::sweepNextBlock):
(JSC::IncrementalSweeper::startSweeping):
(JSC::IncrementalSweeper::stopSweeping):
* heap/IncrementalSweeper.h:
* heap/IsoCellSet.cpp:
(JSC::IsoCellSet::IsoCellSet):
(JSC::IsoCellSet::parallelNotEmptyMarkedBlockSource):
(JSC::IsoCellSet::addSlow):
(JSC::IsoCellSet::didRemoveBlock):
(JSC::IsoCellSet::sweepToFreeList):
* heap/IsoCellSetInlines.h:
(JSC::IsoCellSet::forEachMarkedCell):
(JSC::IsoCellSet::forEachLiveCell):
* heap/IsoSubspace.cpp:
(JSC::IsoSubspace::IsoSubspace):
(JSC::IsoSubspace::allocatorFor):
(JSC::IsoSubspace::allocateNonVirtual):
* heap/IsoSubspace.h:
(JSC::IsoSubspace::allocatorForNonVirtual):
* heap/LargeAllocation.h:
(JSC::LargeAllocation::attributes const):
* heap/MarkedAllocator.cpp: Removed.
* heap/MarkedAllocator.h: Removed.
* heap/MarkedAllocatorInlines.h: Removed.
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::Handle::~Handle):
(JSC::MarkedBlock::Handle::setIsFreeListed):
(JSC::MarkedBlock::Handle::stopAllocating):
(JSC::MarkedBlock::Handle::lastChanceToFinalize):
(JSC::MarkedBlock::Handle::resumeAllocating):
(JSC::MarkedBlock::aboutToMarkSlow):
(JSC::MarkedBlock::Handle::didConsumeFreeList):
(JSC::MarkedBlock::noteMarkedSlow):
(JSC::MarkedBlock::Handle::removeFromDirectory):
(JSC::MarkedBlock::Handle::didAddToDirectory):
(JSC::MarkedBlock::Handle::didRemoveFromDirectory):
(JSC::MarkedBlock::Handle::dumpState):
(JSC::MarkedBlock::Handle::subspace const):
(JSC::MarkedBlock::Handle::sweep):
(JSC::MarkedBlock::Handle::isFreeListedCell const):
(JSC::MarkedBlock::Handle::removeFromAllocator): Deleted.
(JSC::MarkedBlock::Handle::didAddToAllocator): Deleted.
(JSC::MarkedBlock::Handle::didRemoveFromAllocator): Deleted.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::Handle::directory const):
(JSC::MarkedBlock::Handle::attributes const):
(JSC::MarkedBlock::attributes const):
(JSC::MarkedBlock::Handle::allocator const): Deleted.
* heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::Handle::isAllocated):
(JSC::MarkedBlock::Handle::isLive):
(JSC::MarkedBlock::Handle::specializedSweep):
(JSC::MarkedBlock::Handle::isEmpty):
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::lastChanceToFinalize):
(JSC::MarkedSpace::sweep):
(JSC::MarkedSpace::stopAllocating):
(JSC::MarkedSpace::resumeAllocating):
(JSC::MarkedSpace::isPagedOut):
(JSC::MarkedSpace::freeBlock):
(JSC::MarkedSpace::shrink):
(JSC::MarkedSpace::beginMarking):
(JSC::MarkedSpace::endMarking):
(JSC::MarkedSpace::snapshotUnswept):
(JSC::MarkedSpace::assertNoUnswept):
(JSC::MarkedSpace::dumpBits):
(JSC::MarkedSpace::addBlockDirectory):
(JSC::MarkedSpace::addMarkedAllocator): Deleted.
* heap/MarkedSpace.h:
(JSC::MarkedSpace::firstDirectory const):
(JSC::MarkedSpace::directoryLock):
(JSC::MarkedSpace::forEachBlock):
(JSC::MarkedSpace::forEachDirectory):
(JSC::MarkedSpace::firstAllocator const): Deleted.
(JSC::MarkedSpace::allocatorLock): Deleted.
(JSC::MarkedSpace::forEachAllocator): Deleted.
* heap/MarkedSpaceInlines.h:
* heap/Subspace.cpp:
(JSC::Subspace::initialize):
(JSC::Subspace::prepareForAllocation):
(JSC::Subspace::findEmptyBlockToSteal):
(JSC::Subspace::parallelDirectorySource):
(JSC::Subspace::parallelNotEmptyMarkedBlockSource):
(JSC::Subspace::sweep):
(JSC::Subspace::parallelAllocatorSource): Deleted.
* heap/Subspace.h:
(JSC::Subspace::attributes const):
(JSC::Subspace::didCreateFirstDirectory):
(JSC::Subspace::didCreateFirstAllocator): Deleted.
* heap/SubspaceInlines.h:
(JSC::Subspace::forEachDirectory):
(JSC::Subspace::forEachMarkedBlock):
(JSC::Subspace::forEachNotEmptyMarkedBlock):
(JSC::Subspace::forEachAllocator): Deleted.
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
(JSC::AssemblyHelpers::emitAllocate):
(JSC::AssemblyHelpers::emitAllocateJSCell):
(JSC::AssemblyHelpers::emitAllocateJSObject):
(JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
* jit/JIT.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_new_object):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_new_object):
* runtime/JSDestructibleObjectHeapCellType.cpp:
(JSC::JSDestructibleObjectHeapCellType::JSDestructibleObjectHeapCellType):
* runtime/JSSegmentedVariableObjectHeapCellType.cpp:
(JSC::JSSegmentedVariableObjectHeapCellType::JSSegmentedVariableObjectHeapCellType):
* runtime/JSStringHeapCellType.cpp:
(JSC::JSStringHeapCellType::JSStringHeapCellType):
* runtime/VM.cpp:
(JSC::VM::VM):
* wasm/js/JSWebAssemblyCodeBlockHeapCellType.cpp:
(JSC::JSWebAssemblyCodeBlockHeapCellType::JSWebAssemblyCodeBlockHeapCellType):

Source/WebCore:

No new tests because I'm just renaming things.

* ForwardingHeaders/heap/BlockDirectoryInlines.h: Copied from Source/WebCore/ForwardingHeaders/heap/MarkedAllocatorInlines.h.
* ForwardingHeaders/heap/MarkedAllocatorInlines.h: Removed.
* bindings/js/DOMGCOutputConstraint.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226822 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Rename "Query String" section as "Query String Parameters" for clarity
commit-queue@webkit.org [Fri, 12 Jan 2018 00:30:45 +0000 (00:30 +0000)]
Web Inspector: Rename "Query String" section as "Query String Parameters" for clarity
https://bugs.webkit.org/show_bug.cgi?id=181464

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2018-01-11
Reviewed by Darin Adler.

* Localizations/en.lproj/localizedStrings.js:
* UserInterface/Views/ResourceHeadersContentView.js:
(WI.ResourceHeadersContentView.prototype.initialLayout):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226821 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agowebkitpy: Fix flakey webserver tests
jbedard@apple.com [Fri, 12 Jan 2018 00:23:55 +0000 (00:23 +0000)]
webkitpy: Fix flakey webserver tests
https://bugs.webkit.org/show_bug.cgi?id=181555
<rdar://problem/36448273>

Reviewed by Aakash Jain.

* Scripts/webkitpy/layout_tests/controllers/layout_test_runner_unittest.py:
(LayoutTestRunnerTests.test_servers_started): Add and bind custom checks to
determine if a specific server is running.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226820 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCommit queue failed to land a bug, 'NoneType' object has no attribute 'strip'
jbedard@apple.com [Fri, 12 Jan 2018 00:19:51 +0000 (00:19 +0000)]
Commit queue failed to land a bug, 'NoneType' object has no attribute 'strip'
https://bugs.webkit.org/show_bug.cgi?id=181561
<rdar://problem/36452652>

Reviewed by Aakash Jain.

BeautifulSoup.find may return None, this case should be gracefully handled.

* Scripts/webkitpy/common/net/bugzilla/bugzilla.py:
(BugzillaQueries._parse_result_count):
(BugzillaQueries._fetch_bugs_from_advanced_query): Added logging.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226819 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r225003): Loading hangs in environments where dispatch_async does not...
achristensen@apple.com [Fri, 12 Jan 2018 00:18:32 +0000 (00:18 +0000)]
REGRESSION(r225003): Loading hangs in environments where dispatch_async does not work
https://bugs.webkit.org/show_bug.cgi?id=181553
Source/WebCore:

<rdar://problem/35733938>

Reviewed by Eric Carlson.

There is an environment where dispatch_async does not work, but performSelectorOnMainThread works.
r225003 broke loading in this environment.  This fixes it and updates the test that r225003 fixed.
It failed sometimes because loading was happening in a different order than html parsing, so I made
the test not depend on html parsing timing by updating media/video-src-remove.html.

* platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
(-[WebCoreResourceHandleAsOperationQueueDelegate callFunctionOnMainThread:]):

LayoutTests:

Reviewed by Eric Carlson.

* media/video-src-remove.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226818 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r226789 and r226794.
commit-queue@webkit.org [Fri, 12 Jan 2018 00:15:54 +0000 (00:15 +0000)]
Unreviewed, rolling out r226789 and r226794.
https://bugs.webkit.org/show_bug.cgi?id=181564

broke API tests (Requested by alexchristensen on #webkit).

Reverted changesets:

"Merge sync and async code paths for getting context menus"
https://bugs.webkit.org/show_bug.cgi?id=181423
https://trac.webkit.org/changeset/226789

"Revert changes accidentally committed with r226789."
https://bugs.webkit.org/show_bug.cgi?id=181423
https://trac.webkit.org/changeset/226794

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226817 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agorun-webkit-tests fails when there is a curly brace in Xcode build output
ap@apple.com [Fri, 12 Jan 2018 00:15:13 +0000 (00:15 +0000)]
run-webkit-tests fails when there is a curly brace in Xcode build output
https://bugs.webkit.org/show_bug.cgi?id=181254

Reviewed by Daniel Bates.

* Scripts/webkitpy/layout_tests/views/metered_stream.py:
(MeteredStream.write):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226816 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRevert "[WebGL] Simulated vertexAttrib0 can sometimes cause OUT_OF_MEMORY errors"
dino@apple.com [Fri, 12 Jan 2018 00:03:23 +0000 (00:03 +0000)]
Revert "[WebGL] Simulated vertexAttrib0 can sometimes cause OUT_OF_MEMORY errors"

This reverts commit 4e43e4975b1c771ab7aac2ee15568ff4fadccc57.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226815 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[WebGL] Simulated vertexAttrib0 can sometimes cause OUT_OF_MEMORY errors
dino@apple.com [Thu, 11 Jan 2018 23:57:52 +0000 (23:57 +0000)]
[WebGL] Simulated vertexAttrib0 can sometimes cause OUT_OF_MEMORY errors
https://bugs.webkit.org/show_bug.cgi?id=181558
<rdar://problem/36189833>

Reviewed by Eric Carlson.

Source/WebCore:

Very large element indices in the ELEMENT_ARRAY_BUFFER meant that
our simulated vertexAttrib0 buffer might be too large. We need
to check for out-of-memory, but we can also detect some of the issues
earlier in our validation code. Additionally, make sure that we don't
accidentally cast an unsigned to a signed.

Test: fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies.html

* html/canvas/WebGL2RenderingContext.cpp:
(WebCore::WebGL2RenderingContext::validateIndexArrayConservative): Update validation
code to look for overflow, rather than relying on looking for sign changes.
* html/canvas/WebGLRenderingContext.cpp:
(WebCore::WebGLRenderingContext::validateIndexArrayConservative): Ditto.
* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::validateIndexArrayPrecise):
(WebCore::WebGLRenderingContextBase::drawArrays): Check that we were able to simulate.
(WebCore::WebGLRenderingContextBase::drawElements):
(WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0): Update validation code, and
use GC3Duint, since that's what the indicies are.
(WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): Ditto.
(WebCore::WebGLRenderingContextBase::drawArraysInstanced): Check that we were able to simulate.
(WebCore::WebGLRenderingContextBase::drawElementsInstanced):
* html/canvas/WebGLRenderingContextBase.h:

LayoutTests:

* fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies-expected.txt: Added.
* fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226814 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoASSERTION FAILED: registration in WebCore::SWServerWorker::skipWaiting()
cdumez@apple.com [Thu, 11 Jan 2018 23:41:31 +0000 (23:41 +0000)]
ASSERTION FAILED: registration in WebCore::SWServerWorker::skipWaiting()
https://bugs.webkit.org/show_bug.cgi?id=181222
<rdar://problem/36332686>

Reviewed by Youenn Fablet.

Source/WebCore:

Replace assertion in SWServerWorker::skipWaiting() that assumes the worker
has a registration. Nowadays, a SWServerWorker can stay alive for a short
period without having a registration, while it is terminating.

No new tests, unskipped existing test.

* workers/service/server/SWServerWorker.cpp:
(WebCore::SWServerWorker::skipWaiting):

LayoutTests:

Unskip test that is no longer flakily crashing.

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226813 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agowebkitpy: Reimplement simulator code (Part 3)
jbedard@apple.com [Thu, 11 Jan 2018 23:28:16 +0000 (23:28 +0000)]
webkitpy: Reimplement simulator code (Part 3)
https://bugs.webkit.org/show_bug.cgi?id=180555
<rdar://problem/36131381>

Reviewed by Aakash Jain.

Remove old simulator code.

* Scripts/webkitpy/xcode/__init__.py: Remove import statement.
* Scripts/webkitpy/xcode/simulated_device.py: Removed.
* Scripts/webkitpy/xcode/simulator.py: Removed.
* Scripts/webkitpy/xcode/simulator_unittest.py: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226812 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWhen inserting Unreachable in byte code parser we need to flush all the right things
sbarati@apple.com [Thu, 11 Jan 2018 23:21:18 +0000 (23:21 +0000)]
When inserting Unreachable in byte code parser we need to flush all the right things
https://bugs.webkit.org/show_bug.cgi?id=181509
<rdar://problem/36423110>

Reviewed by Mark Lam.

JSTests:

* stress/proper-flushing-when-we-insert-unreachable-after-force-exit-in-bytecode-parser.js: Added.

Source/JavaScriptCore:

I added code in r226655 that had its own mechanism for preserving liveness when
inserting Unreachable nodes after ForceOSRExit. There are two ways to preserve
liveness: PhantomLocal and Flush. Certain values *must* be flushed to the stack.
I got some of these values wrong, which was leading to a crash when recovering the
callee value from an inlined frame. Instead of making the same mistake and repeating
similar code again, this patch refactors this logic to be shared with the other
liveness preservation code in the DFG bytecode parser. This is what I should have
done in my initial patch.

* bytecode/InlineCallFrame.h:
(JSC::remapOperand):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::flushImpl):
(JSC::DFG::flushForTerminalImpl):
(JSC::DFG::ByteCodeParser::flush):
(JSC::DFG::ByteCodeParser::flushForTerminal):
(JSC::DFG::ByteCodeParser::parse):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226811 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDon't call RenderElement::setStyle when nothing changes
antti@apple.com [Thu, 11 Jan 2018 22:43:29 +0000 (22:43 +0000)]
Don't call RenderElement::setStyle when nothing changes
https://bugs.webkit.org/show_bug.cgi?id=181530

Reviewed by Zalan Bujtas.

* style/StyleChange.h:

Remove 'Force' value. This essentially meant 'compute style for all descendants and call setStyle unconditionally'.
Using this value lost information about whether anything actually changed in a particular style as it was automatically
inherited by all descendants. The 'compute all descendants' part of the behavior is what is actually needed.

Instead add separate DescendantsToResolve enum for communicating what else to compute.

* style/StyleTreeResolver.cpp:
(WebCore::Style::TreeResolver::Parent::Parent):
(WebCore::Style::computeDescendantsToResolve):

    Figure out which descendants will need resolving based on how the current elements style changed.

(WebCore::Style::TreeResolver::resolveElement):
(WebCore::Style::TreeResolver::createAnimatedElementUpdate):
(WebCore::Style::TreeResolver::pushParent):
(WebCore::Style::shouldResolveElement):

    Use DescendantsToResolve as input.

(WebCore::Style::TreeResolver::resolveComposedTree):
* style/StyleTreeResolver.h:
* style/StyleUpdate.h:
(WebCore::Style::ElementUpdates::ElementUpdates):

    Add DescendantsToResolve.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226809 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSend PromisedBlobInfo to the client through DragItem instead of DragClient::prepareTo...
wenson_hsieh@apple.com [Thu, 11 Jan 2018 22:32:43 +0000 (22:32 +0000)]
Send PromisedBlobInfo to the client through DragItem instead of DragClient::prepareToDragPromisedBlob
https://bugs.webkit.org/show_bug.cgi?id=181497

Reviewed by Tim Horton.

Source/WebCore:

Refactor drag initiation with DOMFile-backed attachment elements. See WebKit ChangeLog for more information. No
change in behavior; promised blob dragging covered by WKAttachment API tests.

* loader/EmptyClients.cpp:
* page/DragClient.h:
(WebCore::DragClient::prepareToDragPromisedBlob): Deleted.
* page/DragController.cpp:
(WebCore::DragController::startDrag):
(WebCore::DragController::doImageDrag):
(WebCore::DragController::doSystemDrag):
(WebCore::DragController::promisedBlobInfo):
(WebCore::DragController::dragAttachmentElement): Deleted.
* page/DragController.h:
* platform/DragItem.h:
(WebCore::DragItem::encode const):
(WebCore::DragItem::decode):

Source/WebKit:

Refactor drag and drop support for promised blob data, so that blob info is shipped across to the client layer
via DragItem in the DragClient::startDrag codepath, rather than via a separate prepareToDragPromisedBlob client
codepath that stages promised blob info.

* UIProcess/Cocoa/WebViewImpl.h:
* UIProcess/Cocoa/WebViewImpl.mm:
(WebKit::WebViewImpl::prepareToDragPromisedBlob): Deleted.
* UIProcess/PageClient.h:
(WebKit::PageClient::prepareToDragPromisedBlob): Deleted.
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::prepareToDragPromisedBlob): Deleted.
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in:
* UIProcess/ios/PageClientImplIOS.h:
* UIProcess/ios/PageClientImplIOS.mm:
(WebKit::PageClientImpl::prepareToDragPromisedBlob): Deleted.
* UIProcess/ios/WKContentViewInteraction.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _startDrag:item:]):
* UIProcess/mac/PageClientImplMac.h:
* UIProcess/mac/PageClientImplMac.mm:
(WebKit::PageClientImpl::prepareToDragPromisedBlob): Deleted.
* WebProcess/WebCoreSupport/WebDragClient.cpp:
(WebKit::WebDragClient::prepareToDragPromisedBlob): Deleted.
* WebProcess/WebCoreSupport/WebDragClient.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::prepareToDragPromisedBlob): Deleted.
* WebProcess/WebPage/WebPage.h:

Source/WebKitLegacy/mac:

See other ChangeLogs for more detail.

* WebCoreSupport/WebDragClient.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226808 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoVoiceOver does not work when the WebContent process is using NSRunLoop.
pvollan@apple.com [Thu, 11 Jan 2018 22:19:22 +0000 (22:19 +0000)]
VoiceOver does not work when the WebContent process is using NSRunLoop.
https://bugs.webkit.org/show_bug.cgi?id=181331
<rdar://problem/36408004>

Reviewed by Brent Fulgham.

Source/WebCore/PAL:

Add NSApplication class method to initialize accessibility.

* pal/spi/mac/NSApplicationSPI.h:

Source/WebKit:

When the WebContent process is using NSRunLoop instead of the NSApplication run loop,
accessibility must be initialized for VoiceOver to work. This patch also switches to
using NSRunLoop in the WebContent process.

* Configurations/WebContentService.xcconfig:
* Platform/IPC/mac/ConnectionMac.mm:
(IPC::AccessibilityProcessSuspendedNotification): Remove unneccessary workaround.
* WebProcess/EntryPoint/mac/XPCService/WebContentService/Info-OSX.plist: Switch to NSRunLoop.
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeProcess): Initialize accessibility.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226807 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoJITMathIC code in the FTL is wrong when code gets duplicated
sbarati@apple.com [Thu, 11 Jan 2018 22:18:17 +0000 (22:18 +0000)]
JITMathIC code in the FTL is wrong when code gets duplicated
https://bugs.webkit.org/show_bug.cgi?id=181525
<rdar://problem/36351993>

Reviewed by Michael Saboff and Keith Miller.

JSTests:

* stress/allow-math-ic-b3-code-duplication.js: Added.

Source/JavaScriptCore:

B3/Air may duplicate code for various reasons. Patchpoint generators inside
FTLLower must be aware that they can be called multiple times because of this.
The patchpoint for math ICs was not aware of this, and shared state amongst
all invocations of the patchpoint's generator. This patch fixes this bug so
that each invocation of the patchpoint's generator gets a unique math IC.

* bytecode/CodeBlock.h:
(JSC::CodeBlock::addMathIC):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
(JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
(JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
(JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
(JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
(JSC::FTL::DFG::LowerDFGToB3::compileArithNegate):
(JSC::FTL::DFG::LowerDFGToB3::compileMathIC): Deleted.
* jit/JITMathIC.h:
(JSC::isProfileEmpty):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226806 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWebContextMenuListenerProxy.cpp not including config on first line
don.olmstead@sony.com [Thu, 11 Jan 2018 22:14:38 +0000 (22:14 +0000)]
WebContextMenuListenerProxy.cpp not including config on first line
https://bugs.webkit.org/show_bug.cgi?id=181552

Reviewed by Alex Christensen.

* UIProcess/WebContextMenuListenerProxy.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226805 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRTCController should disable ICE candidate filtering in case of getUserMedia based...
commit-queue@webkit.org [Thu, 11 Jan 2018 21:54:23 +0000 (21:54 +0000)]
RTCController should disable ICE candidate filtering in case of getUserMedia based on the RTCPerrConnection origin
https://bugs.webkit.org/show_bug.cgi?id=180851

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-11
Reviewed by Eric Carlson.

Source/WebCore:

Test: http/wpt/webrtc/third-party-frame-ice-candidate-filtering.html

RTCController now stores all the client origins (top+frame origins) of frames that got access to camera/microphone access.
For any such client origin, PeerConnection objects ICE candidate filtering is disabled.
ICE candidate filtering is reset whenever navigating/reloading the page.

* Modules/mediastream/RTCController.cpp:
(WebCore::RTCController::reset):
(WebCore::matchDocumentOrigin):
(WebCore::RTCController::shouldDisableICECandidateFiltering):
(WebCore::RTCController::add):
(WebCore::RTCController::disableICECandidateFilteringForAllOrigins):
(WebCore::RTCController::disableICECandidateFiltering):
(WebCore::RTCController::enableICECandidateFiltering):
* Modules/mediastream/RTCController.h:
* Modules/mediastream/RTCPeerConnection.cpp:
(WebCore::RTCPeerConnection::create):
* Modules/mediastream/UserMediaRequest.cpp:
(WebCore::UserMediaRequest::allow):
* page/Page.cpp:
(WebCore::Page::disableICECandidateFiltering):
* testing/Internals.cpp:
(WebCore::Internals::setICECandidateFiltering):

LayoutTests:

* http/wpt/webrtc/resources/third-party-frame-ice-candidate-filtering-iframe.html: Added.
* http/wpt/webrtc/third-party-frame-ice-candidate-filtering-expected.txt: Added.
* http/wpt/webrtc/third-party-frame-ice-candidate-filtering.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226804 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agowindow.visualViewport should behave as [SameObject]
commit-queue@webkit.org [Thu, 11 Jan 2018 21:45:58 +0000 (21:45 +0000)]
window.visualViewport should behave as [SameObject]
https://bugs.webkit.org/show_bug.cgi?id=181548

Patch by Ali Juma <ajuma@chromium.org> on 2018-01-11
Reviewed by Chris Dumez.

Source/WebCore:

Add 'GenerateIsReachable' to VisualViewport so that window.visualViewport's
JS wrapper object doesn't get garbage collected too soon.

Test: fast/visual-viewport/visual-viewport-same-object.html

* page/VisualViewport.idl:

LayoutTests:

* fast/visual-viewport/visual-viewport-same-object-expected.txt: Added.
* fast/visual-viewport/visual-viewport-same-object.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226802 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoimported/w3c/web-platform-tests/service-workers/service-worker/multiple-update.https...
commit-queue@webkit.org [Thu, 11 Jan 2018 21:42:04 +0000 (21:42 +0000)]
imported/w3c/web-platform-tests/service-workers/service-worker/multiple-update.https.html is slow on Debug
https://bugs.webkit.org/show_bug.cgi?id=181541

Unreviewed.

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-11

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226801 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Curl] Extract multipart handling from ResourceHandle to CurlRequest.
don.olmstead@sony.com [Thu, 11 Jan 2018 21:36:28 +0000 (21:36 +0000)]
[Curl] Extract multipart handling from ResourceHandle to CurlRequest.
https://bugs.webkit.org/show_bug.cgi?id=181506

Patch by Basuke Suzuki <Basuke.Suzuki@sony.com> on 2018-01-11
Reviewed by Alex Christensen.

Rename old MultipartHandle class to CurlMultipartHandle and modernize it. Also move the responsibility
of handling multi part from ResourceHandle to CurlRequest. This is required for upcoming NetworkLoadTask.

No new tests because no new behavior.

* platform/Curl.cmake:
* platform/network/curl/CurlMultipartHandle.cpp: Renamed from Source/WebCore/platform/network/curl/MultipartHandle.cpp.
(WebCore::CurlMultipartHandle::createIfNeeded):
(WebCore::CurlMultipartHandle::extractBoundary):
(WebCore::CurlMultipartHandle::extractBoundaryFromContentType):
(WebCore::CurlMultipartHandle::CurlMultipartHandle):
(WebCore::CurlMultipartHandle::didReceiveData):
(WebCore::CurlMultipartHandle::didComplete):
(WebCore::CurlMultipartHandle::processContent):
(WebCore::CurlMultipartHandle::checkForBoundary):
(WebCore::CurlMultipartHandle::matchedLength):
(WebCore::CurlMultipartHandle::parseHeadersIfPossible):
* platform/network/curl/CurlMultipartHandle.h: Renamed from Source/WebCore/platform/network/curl/MultipartHandle.h.
(WebCore::CurlMultipartHandle::~CurlMultipartHandle):
* platform/network/curl/CurlMultipartHandleClient.h: Added.
(WebCore::CurlMultipartHandleClient::~CurlMultipartHandleClient):
* platform/network/curl/CurlRequest.cpp:
(WebCore::CurlRequest::CurlRequest):
(WebCore::CurlRequest::didReceiveHeader):
(WebCore::CurlRequest::didReceiveData):
(WebCore::CurlRequest::didReceiveHeaderFromMultipart):
(WebCore::CurlRequest::didReceiveDataFromMultipart):
(WebCore::CurlRequest::didCompleteTransfer):
(WebCore::CurlRequest::finalizeTransfer):
(WebCore::CurlRequest::invokeDidReceiveResponseForFile):
(WebCore::CurlRequest::invokeDidReceiveResponse):
(WebCore::CurlRequest::completeDidReceiveResponse):
* platform/network/curl/CurlRequest.h:
(WebCore::CurlRequest::create):
* platform/network/curl/ResourceHandleCurlDelegate.cpp:
(WebCore::ResourceHandleCurlDelegate::createCurlRequest):
(WebCore::ResourceHandleCurlDelegate::curlDidReceiveResponse):
(WebCore::ResourceHandleCurlDelegate::curlDidReceiveBuffer):
(WebCore::ResourceHandleCurlDelegate::curlDidComplete):
* platform/network/curl/ResourceHandleCurlDelegate.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226800 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRebaseline of media/event-queue-crash.html after r226785
jlewis3@apple.com [Thu, 11 Jan 2018 21:09:20 +0000 (21:09 +0000)]
Rebaseline of media/event-queue-crash.html after r226785

Unreviewed test gardening.

* media/event-queue-crash-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226798 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRenderTreeUpdater::current() returns null_ptr when mutation is done through Document...
zalan@apple.com [Thu, 11 Jan 2018 20:51:44 +0000 (20:51 +0000)]
RenderTreeUpdater::current() returns null_ptr when mutation is done through Document::resolveStyle.
https://bugs.webkit.org/show_bug.cgi?id=181513
<rdar://problem/36367085>

Reviewed by Antti Koivisto.

Source/WebCore:

This patch ensures that we use a valid RenderTreeBuilder even when
Document::resolveStyle (incorrectly) triggers tree mutation.
It can be reverted soon after the incorrect mutations are taken care of.

Test: fast/forms/button-set-text-crash.html

* rendering/RenderButton.cpp:
(WebCore::RenderButton::setText):
* rendering/RenderMenuList.cpp:
(RenderMenuList::setText):

LayoutTests:

* fast/forms/button-set-text-crash-expected.txt: Added.
* fast/forms/button-set-text-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226797 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoOnly listen to webkitplaybacktargetavailabilitychanged when media controls are visibl...
graouts@webkit.org [Thu, 11 Jan 2018 20:29:25 +0000 (20:29 +0000)]
Only listen to webkitplaybacktargetavailabilitychanged when media controls are visible to the user
https://bugs.webkit.org/show_bug.cgi?id=181547
<rdar://problem/35947650>

Reviewed by Eric Carlson.

Source/WebCore:

Because listening to "webkitplaybacktargetavailabilitychanged" events incurs some higher power usage on iOS,
we only listen to such events when controls are visible to the user. In other words, the MediaControls need to
have both "visible" set to "true" and "faded" set to "false". To support this, we add a delegate method on
MediaControls such that it can tell the MediaController that the "visible" property changed. With this message,
MediaController can inform its MediaControllerSupport objects that user visibility of the controls changed, which
lets AirplaySupport disable itself when controls are no longer visible.

Test: media/modern-media-controls/airplay-support/airplay-support-disable-event-listeners-with-hidden-controls.html

* Modules/modern-media-controls/controls/media-controls.js:
(MediaControls.prototype.set visible):
* Modules/modern-media-controls/media/airplay-support.js:
(AirplaySupport.prototype.controlsUserVisibilityDidChange):
* Modules/modern-media-controls/media/media-controller-support.js:
(MediaControllerSupport.prototype.controlsUserVisibilityDidChange):
* Modules/modern-media-controls/media/media-controller.js:
(MediaController.prototype.mediaControlsVisibilityDidChange):
(MediaController.prototype.mediaControlsFadedStateDidChange):
(MediaController.prototype._controlsUserVisibilityDidChange):

LayoutTests:

Add a test that checks that enabling AirPlay routes when the controls are not visible to the user
does not incur any change, and that making the controls visible again shows the controls in the
expected state.

* media/modern-media-controls/airplay-support/airplay-support-disable-event-listeners-with-hidden-controls-expected.txt: Added.
* media/modern-media-controls/airplay-support/airplay-support-disable-event-listeners-with-hidden-controls.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226796 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] There should be no controls markup generated in fullscreen
graouts@webkit.org [Thu, 11 Jan 2018 20:18:35 +0000 (20:18 +0000)]
[iOS] There should be no controls markup generated in fullscreen
https://bugs.webkit.org/show_bug.cgi?id=181540
<rdar://problem/35060379>

Reviewed by Eric Carlson.

Source/WebCore:

We completely forgo the display of any content when fullscreen on iOS by setting the
"visible" flag to "false" on the MediaControls, which will prevent any DOM content from
being added.

* Modules/modern-media-controls/media/media-controller.js:
(MediaController.prototype.handleEvent):
(MediaController.prototype._updateiOSFullscreenProperties):
(MediaController):
(MediaController.prototype._updateSupportingObjectsEnabledState): Deleted.

LayoutTests:

We update this test to simply check that we're removing all child nodes.

* media/modern-media-controls/media-controller/ios/media-controller-stop-updates-in-fullscreen-expected.txt:
* media/modern-media-controls/media-controller/ios/media-controller-stop-updates-in-fullscreen.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226795 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRevert changes accidentally committed with r226789.
achristensen@apple.com [Thu, 11 Jan 2018 20:11:13 +0000 (20:11 +0000)]
Revert changes accidentally committed with r226789.
https://bugs.webkit.org/show_bug.cgi?id=181423

I had some local changes I did not mean to commit.

* platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
(scheduledWithCustomRunLoopMode):
(-[WebCoreResourceHandleAsOperationQueueDelegate callFunctionOnMainThread:]):
(WebCore::if): Deleted.
(WebCore::>::fromCallable): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226794 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoNull deref in WebImmediateActionController _dictionaryPopupInfoForRange
timothy_horton@apple.com [Thu, 11 Jan 2018 19:58:12 +0000 (19:58 +0000)]
Null deref in WebImmediateActionController _dictionaryPopupInfoForRange
https://bugs.webkit.org/show_bug.cgi?id=181523
<rdar://problem/28959131>

Reviewed by Alex Christensen.

* WebView/WebImmediateActionController.mm:
(+[WebImmediateActionController _dictionaryPopupInfoForRange:inFrame:withLookupOptions:indicatorOptions:transition:]):
Apply the change made in r216652 to WebKit1's immediate action controller.

Speculative (but successful in WebKit2) fix for non-reproducible crash when
the startContainer of the range is in an anonymous node.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226793 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRedirected iframe loading with Request.redirect=follow should fail
commit-queue@webkit.org [Thu, 11 Jan 2018 19:54:59 +0000 (19:54 +0000)]
Redirected iframe loading with Request.redirect=follow should fail
https://bugs.webkit.org/show_bug.cgi?id=181491

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-11
Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Updated tests to output a more deterministic output, more debuggable.
Made use of media.js to allow loading either oga or mp3 when oga is not supported.

* web-platform-tests/service-workers/service-worker/fetch-request-redirect.https-expected.txt:
* web-platform-tests/service-workers/service-worker/fetch-request-redirect.https.html:

Source/WebKit:

* WebProcess/Storage/ServiceWorkerClientFetch.cpp:
(WebKit::ServiceWorkerClientFetch::validateResponse):

LayoutTests:

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226792 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoOn macOS, getBoundingClientRect gives incorrect values when pinch-zoomed
simon.fraser@apple.com [Thu, 11 Jan 2018 19:53:08 +0000 (19:53 +0000)]
On macOS, getBoundingClientRect gives incorrect values when pinch-zoomed
https://bugs.webkit.org/show_bug.cgi?id=181511
rdar://problem/33741427

Reviewed by Zalan Bujtas.
Source/WebCore:

When reverting "client coordinates are relative to layout viewport" in r219829
I broke documentToClientOffset() on macOS by failing to take pinch zoom scale into
account (frameScaleFactor() is always 1 on iOs, so this bug doesn't manifest there).

Covered by existing tests.

* page/FrameView.cpp:
(WebCore::FrameView::documentToClientOffset const):

LayoutTests:

New results in tests that get client coordinates after zooming.

* fast/visual-viewport/client-coordinates-relative-to-layout-viewport-expected.txt:
* fast/visual-viewport/client-rects-relative-to-layout-viewport-expected.txt:
* fast/visual-viewport/client-rects-relative-to-layout-viewport-zoomed.html:
* fast/visual-viewport/zoomed-fixed-expected.txt:
* fast/visual-viewport/zoomed-fixed-header-and-footer-expected.txt:
* fast/zooming/client-rect-in-fixed-zoomed-expected.txt:
* fast/zooming/client-rect-in-fixed-zoomed.html: Change the test to create passing results.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226791 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoReplace WebRTCLegacyAPIDisabled by WebRTCLegacyAPIEnabled and switch off WebRTC legac...
commit-queue@webkit.org [Thu, 11 Jan 2018 19:48:36 +0000 (19:48 +0000)]
Replace WebRTCLegacyAPIDisabled by WebRTCLegacyAPIEnabled and switch off WebRTC legacy flag by default
https://bugs.webkit.org/show_bug.cgi?id=181480

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-11
Reviewed by Eric Carlson.

Source/WebCore:

No change of behavior.

* page/RuntimeEnabledFeatures.h: Set default value to false.

Source/WebKit:

Renaming preference to WebRTCLegacyAPIEnabled for simplification and removing it from experimental feature.
Set it to off by default.

* Shared/WebPreferences.yaml:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetWebRTCLegacyAPIEnabled):
(WKPreferencesGetWebRTCLegacyAPIEnabled):
* UIProcess/API/Cocoa/WKPreferences.mm:
(-[WKPreferences _webRTCLegacyAPIEnabled]):
(-[WKPreferences _setWebRTCLegacyAPIEnabled:]):
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::ensureNetworkProcess):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):

Source/WebKitLegacy/mac:

* WebView/WebPreferences.mm:
(+[WebPreferences initialize]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226790 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMerge sync and async code paths for getting context menus
achristensen@apple.com [Thu, 11 Jan 2018 19:22:46 +0000 (19:22 +0000)]
Merge sync and async code paths for getting context menus
https://bugs.webkit.org/show_bug.cgi?id=181423

Reviewed by Joseph Pecoraro.

What a mess.  We had a code path for asynchronous context menu generation and a different one for synchronous context menu generation.
This makes it so there is just one.  At the API level we see if there is an asynchronous delegate to call, then synchronous.
There is a subtle theoretical change in behaviour because m_page.contextMenuClient().showContextMenu is now called for the asynchronous
case and it wasn't before, but the one C API client that uses this has nullptr as it's WKPageShowContextMenuCallback, so we won't break anything!

* UIProcess/API/APIContextMenuClient.h:
(API::ContextMenuClient::getContextMenuFromProposedMenu):
(API::ContextMenuClient::getContextMenuFromProposedMenuAsync): Deleted.
* UIProcess/API/C/WKPage.cpp:
(WKPageSetPageContextMenuClient):
* UIProcess/API/glib/WebKitContextMenuClient.cpp:
* UIProcess/WebContextMenuProxy.h:
* UIProcess/gtk/WebContextMenuProxyGtk.cpp:
(WebKit::WebContextMenuProxyGtk::show):
(WebKit::WebContextMenuProxyGtk::showContextMenuWithItems):
* UIProcess/gtk/WebContextMenuProxyGtk.h:
* UIProcess/mac/WebContextMenuProxyMac.h:
* UIProcess/mac/WebContextMenuProxyMac.mm:
(WebKit::WebContextMenuProxyMac::showContextMenuWithItems):
(WebKit::WebContextMenuProxyMac::showContextMenu):
* UIProcess/wpe/WebContextMenuProxyWPE.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226789 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoEnsure there are no unsafe uses of MacroAssemblerARM64::dataTempRegister
msaboff@apple.com [Thu, 11 Jan 2018 19:13:28 +0000 (19:13 +0000)]
Ensure there are no unsafe uses of MacroAssemblerARM64::dataTempRegister
https://bugs.webkit.org/show_bug.cgi?id=181512

Reviewed by Saam Barati.

* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::abortWithReason):
(JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters):
All current uses of dataTempRegister in these functions are safe, but it makes sense to
fix them in case they might be used elsewhere.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226788 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Attachment Support] Support moving attachment elements in editable areas using drag...
wenson_hsieh@apple.com [Thu, 11 Jan 2018 18:42:14 +0000 (18:42 +0000)]
[Attachment Support] Support moving attachment elements in editable areas using drag and drop
https://bugs.webkit.org/show_bug.cgi?id=181337
<rdar://problem/36324813>

Reviewed by Tim Horton.

Source/WebCore:

Makes slight adjustments to attachment-specific drag and drop logic to ensure that moving attachments via drag
and drop behaves correctly. See per-change comments for more detail.

Tests:  WKAttachmentTests.DragInPlaceVideoAttachmentElement
        WKAttachmentTests.MoveAttachmentElementAsIconByDragging
        WKAttachmentTests.MoveInPlaceAttachmentElementByDragging

* editing/cocoa/EditorCocoa.mm:
(WebCore::Editor::getPasteboardTypesAndDataForAttachment):

Stop vending the private web archive pasteboard type for attachments, for now. This works around issues where an
attachment element that is dragged and dropped within the same page may lose its blob backing data if we try to
remove and insert it as a fragment from the archive. Providing a web archive would allow us to avoid destroying
and recreating an attachment element when dragging within the same page, but this is a nice-to-have optimization
we can re-enable after investigation in a subsequent patch.

* html/HTMLAttachmentElement.cpp:
(WebCore::HTMLAttachmentElement::populateShadowRootIfNecessary):

Add `draggable=false` to the image element of an in-place attachment element.

* page/DragController.cpp:
(WebCore::enclosingAttachmentElement):
(WebCore::DragController::draggableElement const):

Tweak single-selected-attachment handling to account for in-place attachments. Since the hit-tested node is
inside the shadow subtree of the attachment element, the condition needs to check for the startElement as well
as the startElement's shadow host.

(WebCore::DragController::startDrag):

Make two tweaks here. First, don't require a RenderAttachment to drag an attachment element (this is required
for dragging in-place attachments). This was added in r217083 to address <rdar://problem/32282831>, but is no
longer correct, since attachments may now be displayed in-place.

Secondly, only restore the previous selection if the attachment is in a richly contenteditable area. This was
added to prevent the selection highlight from appearing in when dragging non-editable attachment elements in the
Mail viewer. However, to allow drag moves to occur, we need the selection to persist after drag start.

Tools:

Add 3 new API tests for attachment element dragging.

* TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm:
(-[TestWKWebView expectElementTag:toComeBefore:]):
(-[NSItemProvider expectType:withData:]):
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226787 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r225856): Incorrectly managing 'future' baseline_search_paths.
jbedard@apple.com [Thu, 11 Jan 2018 18:26:26 +0000 (18:26 +0000)]
REGRESSION(r225856): Incorrectly managing 'future' baseline_search_paths.
https://bugs.webkit.org/show_bug.cgi?id=179621
<rdar://problem/35589585>

Unreviewed infrastructure fix.

* Scripts/webkitpy/port/mac.py:
(MacPort.default_baseline_search_path): Include 'future' in the version_fallback
list if we are the VERSION_MAX, which usually corresponds with future.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226786 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoLayout Test media/event-queue-crash.html is flaky
eric.carlson@apple.com [Thu, 11 Jan 2018 18:20:14 +0000 (18:20 +0000)]
Layout Test media/event-queue-crash.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=180493
<rdar://problem/35914377>

Reviewed by Jer Noble.

* TestExpectations: Add DumpJSConsoleLogInStdErr.
* media/event-queue-crash.html: Increase the timeout from 10ms to 100ms.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226785 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoReserve a fast TLS key for GC TLC
fpizlo@apple.com [Thu, 11 Jan 2018 17:58:46 +0000 (17:58 +0000)]
Reserve a fast TLS key for GC TLC
https://bugs.webkit.org/show_bug.cgi?id=181539

Reviewed by Alexey Proskuryakov.

Who knew that thread-local caches would be a mitigation for timing attacks. Here's how it
works: if we have TLCs then we can "context switch" them when we "context switch" origins.
This allows us to put some minimal distance between objects from different origins, which
gives us the ability to allow small overflows when doing certain bounds checks without
creating a useful Spectre information leak.

So I think that means we have to implement thread-local caches (also known as thread-local
allocation buffers, but I prefer the TLC terminology).

* wtf/FastTLS.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226784 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCodeBlocks should be in IsoSubspaces
fpizlo@apple.com [Thu, 11 Jan 2018 16:43:07 +0000 (16:43 +0000)]
CodeBlocks should be in IsoSubspaces
https://bugs.webkit.org/show_bug.cgi?id=180884

Reviewed by Saam Barati.
Source/JavaScriptCore:

This moves CodeBlocks into IsoSubspaces. Doing so means that we no longer need to have the
special CodeBlockSet HashSets of new and old CodeBlocks. We also no longer use
WeakReferenceHarvester or UnconditionalFinalizer. Instead:

- Code block sweeping is now just eager sweeping. This means that it automatically takes
  advantage of our unswept set, which roughly corresponds to what CodeBlockSet used to use
  its eden set for.

- Those idea of Executable "weakly visiting" the CodeBlock is replaced by Executable
  marking a ExecutableToCodeBlockEdge object. That object being marked corresponds to what
  we used to call CodeBlock "having been weakly visited". This means that CodeBlockSet no
  longer has to clear the set of weakly visited code blocks. This also means that
  determining CodeBlock liveness, propagating CodeBlock transitions, and jettisoning
  CodeBlocks during GC are now the edge's job. The edge is also in an IsoSubspace and it
  has IsoCellSets to tell us which edges have output constraints (what we used to call
  CodeBlock's weak reference harvester) and which have unconditional finalizers.

- CodeBlock now uses an IsoCellSet to tell if it has an unconditional finalizer.

- CodeBlockSet still exists!  It has one unified HashSet of CodeBlocks that we use to
  handle requests from the sampler, debugger, and other facilities. They may want to ask
  if some pointer corresponds to a CodeBlock during stages of execution during which the
  GC is unable to answer isLive() queries. The trickiest is the sampling profiler thread.
  There is no way that the GC's isLive could tell us of a CodeBlock that had already been
  allocated has now been full constructed.

Rolling this back in because it was rolled out by mistake. There was a flaky crash that was
happening before and after this change, but we misread the revision numbers at first and
thought that this was the cause.

* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::finishCreationCommon):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::visitChildren):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::determineLiveness):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::stronglyVisitStrongReferences):
(JSC::CodeBlock::hasInstalledVMTrapBreakpoints const):
(JSC::CodeBlock::installVMTrapBreakpoints):
(JSC::CodeBlock::dumpMathICStats):
(JSC::CodeBlock::visitWeakly): Deleted.
(JSC::CodeBlock::WeakReferenceHarvester::visitWeakReferences): Deleted.
(JSC::CodeBlock::UnconditionalFinalizer::finalizeUnconditionally): Deleted.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::subspaceFor):
(JSC::CodeBlock::ownerEdge const):
(JSC::CodeBlock::clearVisitWeaklyHasBeenCalled): Deleted.
* bytecode/EvalCodeBlock.h:
(JSC::EvalCodeBlock::create): Deleted.
(JSC::EvalCodeBlock::createStructure): Deleted.
(JSC::EvalCodeBlock::variable): Deleted.
(JSC::EvalCodeBlock::numVariables): Deleted.
(JSC::EvalCodeBlock::functionHoistingCandidate): Deleted.
(JSC::EvalCodeBlock::numFunctionHoistingCandidates): Deleted.
(JSC::EvalCodeBlock::EvalCodeBlock): Deleted.
(JSC::EvalCodeBlock::unlinkedEvalCodeBlock const): Deleted.
* bytecode/ExecutableToCodeBlockEdge.cpp: Added.
(JSC::ExecutableToCodeBlockEdge::createStructure):
(JSC::ExecutableToCodeBlockEdge::create):
(JSC::ExecutableToCodeBlockEdge::visitChildren):
(JSC::ExecutableToCodeBlockEdge::visitOutputConstraints):
(JSC::ExecutableToCodeBlockEdge::finalizeUnconditionally):
(JSC::ExecutableToCodeBlockEdge::activate):
(JSC::ExecutableToCodeBlockEdge::deactivate):
(JSC::ExecutableToCodeBlockEdge::deactivateAndUnwrap):
(JSC::ExecutableToCodeBlockEdge::wrap):
(JSC::ExecutableToCodeBlockEdge::wrapAndActivate):
(JSC::ExecutableToCodeBlockEdge::ExecutableToCodeBlockEdge):
(JSC::ExecutableToCodeBlockEdge::runConstraint):
* bytecode/ExecutableToCodeBlockEdge.h: Added.
(JSC::ExecutableToCodeBlockEdge::subspaceFor):
(JSC::ExecutableToCodeBlockEdge::codeBlock const):
(JSC::ExecutableToCodeBlockEdge::unwrap):
* bytecode/FunctionCodeBlock.h:
(JSC::FunctionCodeBlock::subspaceFor):
(JSC::FunctionCodeBlock::createStructure):
* bytecode/ModuleProgramCodeBlock.h:
(JSC::ModuleProgramCodeBlock::create): Deleted.
(JSC::ModuleProgramCodeBlock::createStructure): Deleted.
(JSC::ModuleProgramCodeBlock::ModuleProgramCodeBlock): Deleted.
* bytecode/ProgramCodeBlock.h:
(JSC::ProgramCodeBlock::create): Deleted.
(JSC::ProgramCodeBlock::createStructure): Deleted.
(JSC::ProgramCodeBlock::ProgramCodeBlock): Deleted.
* debugger/Debugger.cpp:
(JSC::Debugger::SetSteppingModeFunctor::operator() const):
(JSC::Debugger::ToggleBreakpointFunctor::operator() const):
(JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::operator() const):
(JSC::Debugger::ClearDebuggerRequestsFunctor::operator() const):
* heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::contains):
(JSC::CodeBlockSet::dump const):
(JSC::CodeBlockSet::add):
(JSC::CodeBlockSet::remove):
(JSC::CodeBlockSet::promoteYoungCodeBlocks): Deleted.
(JSC::CodeBlockSet::clearMarksForFullCollection): Deleted.
(JSC::CodeBlockSet::lastChanceToFinalize): Deleted.
(JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced): Deleted.
* heap/CodeBlockSet.h:
* heap/CodeBlockSetInlines.h:
(JSC::CodeBlockSet::iterate):
(JSC::CodeBlockSet::iterateViaSubspaces):
* heap/ConservativeRoots.cpp:
(JSC::ConservativeRoots::genericAddPointer):
(JSC::DummyMarkHook::markKnownJSCell):
(JSC::CompositeMarkHook::mark):
(JSC::CompositeMarkHook::markKnownJSCell):
* heap/ConservativeRoots.h:
* heap/Heap.cpp:
(JSC::Heap::lastChanceToFinalize):
(JSC::Heap::finalizeMarkedUnconditionalFinalizers):
(JSC::Heap::finalizeUnconditionalFinalizers):
(JSC::Heap::beginMarking):
(JSC::Heap::deleteUnmarkedCompiledCode):
(JSC::Heap::sweepInFinalize):
(JSC::Heap::forEachCodeBlockImpl):
(JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
(JSC::Heap::addCoreConstraints):
(JSC::Heap::finalizeUnconditionalFinalizersInIsoSubspace): Deleted.
* heap/Heap.h:
* heap/HeapCell.h:
* heap/HeapCellInlines.h:
(JSC::HeapCell::subspace const):
* heap/HeapInlines.h:
(JSC::Heap::forEachCodeBlock):
(JSC::Heap::forEachCodeBlockIgnoringJITPlans):
* heap/HeapUtil.h:
(JSC::HeapUtil::findGCObjectPointersForMarking):
* heap/IsoCellSet.cpp:
(JSC::IsoCellSet::parallelNotEmptyMarkedBlockSource):
* heap/IsoCellSet.h:
* heap/IsoCellSetInlines.h:
(JSC::IsoCellSet::forEachMarkedCellInParallel):
(JSC::IsoCellSet::forEachLiveCell):
* heap/LargeAllocation.h:
(JSC::LargeAllocation::subspace const):
* heap/MarkStackMergingConstraint.cpp:
(JSC::MarkStackMergingConstraint::executeImpl):
* heap/MarkStackMergingConstraint.h:
* heap/MarkedAllocator.cpp:
(JSC::MarkedAllocator::parallelNotEmptyBlockSource):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::Handle::didAddToAllocator):
(JSC::MarkedBlock::Handle::didRemoveFromAllocator):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::subspace const):
* heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::Handle::forEachLiveCell):
* heap/MarkedSpaceInlines.h:
(JSC::MarkedSpace::forEachLiveCell):
* heap/MarkingConstraint.cpp:
(JSC::MarkingConstraint::execute):
(JSC::MarkingConstraint::doParallelWork):
(JSC::MarkingConstraint::finishParallelWork): Deleted.
(JSC::MarkingConstraint::doParallelWorkImpl): Deleted.
(JSC::MarkingConstraint::finishParallelWorkImpl): Deleted.
* heap/MarkingConstraint.h:
* heap/MarkingConstraintSet.cpp:
(JSC::MarkingConstraintSet::add):
* heap/MarkingConstraintSet.h:
(JSC::MarkingConstraintSet::add):
* heap/MarkingConstraintSolver.cpp:
(JSC::MarkingConstraintSolver::execute):
(JSC::MarkingConstraintSolver::addParallelTask):
(JSC::MarkingConstraintSolver::runExecutionThread):
(JSC::MarkingConstraintSolver::didExecute): Deleted.
* heap/MarkingConstraintSolver.h:
(JSC::MarkingConstraintSolver::TaskWithConstraint::TaskWithConstraint):
(JSC::MarkingConstraintSolver::TaskWithConstraint::operator== const):
* heap/SimpleMarkingConstraint.cpp:
(JSC::SimpleMarkingConstraint::SimpleMarkingConstraint):
(JSC::SimpleMarkingConstraint::executeImpl):
* heap/SimpleMarkingConstraint.h:
(JSC::SimpleMarkingConstraint::SimpleMarkingConstraint):
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::addParallelConstraintTask):
* heap/SlotVisitor.h:
* heap/Subspace.cpp:
(JSC::Subspace::sweep):
* heap/Subspace.h:
* heap/SubspaceInlines.h:
(JSC::Subspace::forEachLiveCell):
* llint/LowLevelInterpreter.asm:
* runtime/EvalExecutable.cpp:
(JSC::EvalExecutable::visitChildren):
* runtime/EvalExecutable.h:
(JSC::EvalExecutable::codeBlock):
* runtime/FunctionExecutable.cpp:
(JSC::FunctionExecutable::baselineCodeBlockFor):
(JSC::FunctionExecutable::visitChildren):
* runtime/FunctionExecutable.h:
* runtime/JSType.h:
* runtime/ModuleProgramExecutable.cpp:
(JSC::ModuleProgramExecutable::visitChildren):
* runtime/ModuleProgramExecutable.h:
* runtime/ProgramExecutable.cpp:
(JSC::ProgramExecutable::visitChildren):
* runtime/ProgramExecutable.h:
* runtime/ScriptExecutable.cpp:
(JSC::ScriptExecutable::installCode):
(JSC::ScriptExecutable::newReplacementCodeBlockFor):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
(JSC::VM::SpaceAndFinalizerSet::SpaceAndFinalizerSet):
(JSC::VM::SpaceAndFinalizerSet::finalizerSetFor):
(JSC::VM::forEachCodeBlockSpace):
* runtime/VMTraps.cpp:
(JSC::VMTraps::handleTraps):
* tools/VMInspector.cpp:
(JSC::VMInspector::codeBlockForMachinePC):
(JSC::VMInspector::isValidCodeBlock):

Source/WebCore:

No new tests because no new behavior.

Adopting new parallel constraint API, so that more of the logic of doing parallel
constraint solving is shared between the DOM's output constraints and JSC's output
constraints.

* bindings/js/DOMGCOutputConstraint.cpp:
(WebCore::DOMGCOutputConstraint::executeImpl):
(WebCore::DOMGCOutputConstraint::doParallelWorkImpl): Deleted.
(WebCore::DOMGCOutputConstraint::finishParallelWorkImpl): Deleted.
* bindings/js/DOMGCOutputConstraint.h:

Source/WTF:

Deque<>::contains() is helpful for a debug ASSERT.

* wtf/Deque.h:
(WTF::inlineCapacity>::contains):

Tools:

Remove some less important benchmarks from the default run. Doing run-jsc-benchmarks
shouldn't take a long time due to benchmarks we don't optimize for.

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226783 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTest gardening for GTK.
Ms2ger@igalia.com [Thu, 11 Jan 2018 16:23:53 +0000 (16:23 +0000)]
Test gardening for GTK.
https://bugs.webkit.org/show_bug.cgi?id=181477

Unreviewed test gardening.

Tools:

* TestWebKitAPI/Tests/WebKitGLib/TestAuthentication.cpp: Correct the file name.
* TestWebKitAPI/Tests/WebKitGLib/TestConsoleMessage.cpp: Adjust the expected console message.

LayoutTests:

* http/tests/performance/performance-resource-timing-cached-entries-expected.txt:
* http/tests/performance/performance-resource-timing-cached-entries.html:
  The code to debug this test's flakiness made it more flaky, as the
  resources are not logged in a consistent order. This ensures they are
  logged only in case of failure.
* platform/gtk/TestExpectations:
  - svg/custom/non-scaling-stroke.svg was fixed in r226443.
  - imported/w3c/web-platform-tests/css/css-shapes-1/shape-outside/values/shape-margin-001.html
    was fixed in r226404.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226782 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoNFC reorder headers
jfbastien@apple.com [Thu, 11 Jan 2018 15:54:43 +0000 (15:54 +0000)]
NFC reorder headers
https://bugs.webkit.org/show_bug.cgi?id=181521

Reviewed by Darin Adler.

Follow-up on r226752. I misunderstood the header include order
style. No functional change.

* wtf/Poisoned.h:
* wtf/PoisonedUniquePtr.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226781 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd the new JSCOnly bot to the scheduler.
clopez@igalia.com [Thu, 11 Jan 2018 15:42:54 +0000 (15:42 +0000)]
Add the new JSCOnly bot to the scheduler.
https://bugs.webkit.org/show_bug.cgi?id=181487

Unreviewed follow-up patch after r226729

On r226729 I missed to add the new JSCOnly bot the default scheduler.
This is needed to make the bot automatically pick each commit for testing.

* BuildSlaveSupport/build.webkit.org-config/config.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226780 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Attachment Support] Support dragging attachment elements out as files on iOS
wenson_hsieh@apple.com [Thu, 11 Jan 2018 15:41:39 +0000 (15:41 +0000)]
[Attachment Support] Support dragging attachment elements out as files on iOS
https://bugs.webkit.org/show_bug.cgi?id=181199
<rdar://problem/36299316>

Reviewed by Tim Horton, Andy Estes and Joseph Pecoraro.

Source/WebCore:

Adds support for dragging "files" (i.e. creating item providers with preferred attachment presentation styles)
from attachment elements on iOS for Mail. See below for more detail.

Tests:  WKAttachmentTestsIOS.DragAttachmentInsertedAsData
        WKAttachmentTestsIOS.DragAttachmentInsertedAsFile

* page/DragController.cpp:
(WebCore::DragController::platformContentTypeForBlobType const):
(WebCore::DragController::dragAttachmentElement):
* page/DragController.h:
* page/mac/DragControllerMac.mm:
(WebCore::DragController::platformContentTypeForBlobType const):

Add a private method to convert the type of a promised blob to a platform type. For Cocoa platforms, this
converts the blob type (either a UTI or a MIME type) to a UTI for the platform to consume.

* platform/ios/WebItemProviderPasteboard.h:
* platform/ios/WebItemProviderPasteboard.mm:

Refactor WebItemProviderRegistrationInfo. WebItemProviderRegistrationInfo currently encapsulates a single item
provider registration call, and contains either a type identifier and data buffer, or an NSItemProviderWriting-
conformant object. To register an item provider using a WebItemProviderRegistrationInfo, the item provider
pasteboard currently checks to see whether the info contains an object or a type and data.

This patch removes WebItemProviderRegistrationInfo and replaces it with WebItemProviderDataRegistrar. Objects
that implement this protocol know how to take an NSItemProvider and register data to it. So far, there are
three implementations below.

(-[WebItemProviderDataRegistrar initWithData:type:]):
(-[WebItemProviderDataRegistrar typeIdentifier]):
(-[WebItemProviderDataRegistrar data]):
(-[WebItemProviderDataRegistrar typeIdentifierForClient]):
(-[WebItemProviderDataRegistrar dataForClient]):
(-[WebItemProviderDataRegistrar registerItemProvider:]):
(-[WebItemProviderDataRegistrar description]):

A data registrar takes a UTI and data buffer, and registers the UTI to the data. This replaces a
WebItemProviderRegistrationInfo with both a type and data, but no representing object.

(-[WebItemProviderWritableObjectRegistrar initWithObject:]):
(-[WebItemProviderWritableObjectRegistrar representingObjectForClient]):
(-[WebItemProviderWritableObjectRegistrar registerItemProvider:]):
(-[WebItemProviderWritableObjectRegistrar description]):

The writable object registrar writes an NSItemProviderWriting-conformant object to an item provider. This
replaces a WebItemProviderRegistrationInfo with only a representing object.

(-[WebItemProviderPromisedFileRegistrar initWithType:callback:]):
(-[WebItemProviderPromisedFileRegistrar registerItemProvider:]):
(-[WebItemProviderPromisedFileRegistrar description]):
(-[WebItemProviderRegistrationInfoList addData:forType:]):
(-[WebItemProviderRegistrationInfoList addRepresentingObject:]):
(-[WebItemProviderRegistrationInfoList addPromisedType:fileCallback:]):

Helper methods to add new registrars to a registration info list.

(-[WebItemProviderRegistrationInfoList itemAtIndex:]):
(-[WebItemProviderRegistrationInfoList enumerateItems:]):
(-[WebItemProviderRegistrationInfoList itemProvider]):
(-[WebItemProviderRegistrationInfoList description]):
(-[WebItemProviderRegistrationInfo initWithRepresentingObject:typeIdentifier:data:]): Deleted.
(-[WebItemProviderRegistrationInfo representingObject]): Deleted.
(-[WebItemProviderRegistrationInfo typeIdentifier]): Deleted.

Source/WebKit:

Implement support for registering and beginning a drag with promised blob info. See below for more detail.

* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKDragSessionContext addTemporaryDirectory:]):
(-[WKDragSessionContext cleanUpTemporaryDirectories]):

Introduce WKDragSessionContext, which represents the localContext of a UIDragSession initiated in WebKit. The
blob promise dragging codepath uses this to register temporary directories when saving blob data to a location
on disk; when all data transfers are finished, or if the drag interaction is being reset, we then use
-cleanUpTemporaryDirectories to remove each temporary directory.

(existingLocalDragSessionContext):
(ensureLocalDragSessionContext):

Helper methods to set the UIDragSession's localContext to a WKDragSessionContext and query for any existing
context.

(-[WKContentView cleanupInteraction]):

Before the content view's UIDragInteraction goes away, clean up any temporary directories added to the
UIDragSession.

(-[WKContentView _prepareToDragPromisedBlob:]):

When dragging with a promised blob, register a new item provider on the pasteboard representing the blob data,
along with any additional metadata associated with the blob. For the promise callback, call out to the network
process to write the blob data to a temporary path; when done, call the NSItemProvider's completion handler with
the temporary blob data location.

(-[WKContentView _itemsForBeginningOrAddingToSessionWithRegistrationList:stagedDragSource:]):
(-[WKContentView dragInteraction:sessionDidTransferItems:]):

Use this delegate hook as an opportunity to remove any temporary directories created when promised blob data is
requested upon drop. Since we know the drag session that has finished transferring data, we simply ask its local
context (a WKDragSessionContext) to remove any temporary filepaths it has created.

Tools:

Add support in the drag and drop simulator for testing blob-backed attachment element dragging, and also add new
attachment API tests.

* TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm:
(-[NSItemProvider expectType:withData:]):
(TestWebKitAPI::TEST):

Add two new WKAttachmentTests to exercise dragging data- and file-backed blobs via attachment elements. These
tests first insert attachments via drop or WKWebView SPI, and then drag these attachments out and use the
-expectType:withData: helper to inspect the item providers created from the drag source.

* TestWebKitAPI/Tests/ios/DataInteractionTests.mm:
(TestWebKitAPI::TEST):
* TestWebKitAPI/ios/DataInteractionSimulator.h:
* TestWebKitAPI/ios/DataInteractionSimulator.mm:
(-[MockDragSession localContext]):
(-[MockDragSession setLocalContext:]):
(-[DataInteractionSimulator _resetSimulatedState]):
(-[DataInteractionSimulator simulateAllTouchesCanceled:]):
(-[DataInteractionSimulator _concludeDataInteractionAndPerformOperationIfNecessary]):
(-[DataInteractionSimulator _advanceProgress]):
(-[DataInteractionSimulator endDataTransfer]):

Make some tweaks to the iOS drag and drop simulator. In particular, this patch (1) adds a new hook to tell
WebKit that data transfers have been completed, (2) fixes incorrect drop proposal handling when returning
UIDropOperationForbidden by replacing _shouldPerformOperation with a UIDropProposal, and (3) teach the
MockDragSession to hold on to a localContext.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226779 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd a DOM gadget for Spectre testing
msaboff@apple.com [Thu, 11 Jan 2018 15:28:38 +0000 (15:28 +0000)]
Add a DOM gadget for Spectre testing
https://bugs.webkit.org/show_bug.cgi?id=181351

Reviewed by Ryosuke Niwa.

Source/JavaScriptCore:

* runtime/Options.h:

Source/WebCore:

This change is used to test Spectre mitigations.

Added a new DOM class to test for Spectre issues in the DOM layer.
This additional functionality is disabled by default and must be enabled
through the JSC option "enableSpectreGadgets".

* CMakeLists.txt:
* DerivedSources.make:
* Sources.txt:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/WebCoreBuiltinNames.h:
* dom/SpectreGadget.cpp: Added.
(WebCore::SpectreGadget::SpectreGadget):
(WebCore::SpectreGadget::create):
(WebCore::SpectreGadget::setReadLength):
(WebCore::SpectreGadget::charCodeAt):
(WebCore::SpectreGadget::clflushReadLength):
* dom/SpectreGadget.h: Added.
* dom/SpectreGadget.idl: Added.
* page/RuntimeEnabledFeatures.cpp:
(WebCore::RuntimeEnabledFeatures::spectreGadgetsEnabled const):
* page/RuntimeEnabledFeatures.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226778 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed GTK+ and WPE gardening after r226773.
magomez@igalia.com [Thu, 11 Jan 2018 15:21:05 +0000 (15:21 +0000)]
Unreviewed GTK+ and WPE gardening after r226773.

* platform/gtk/TestExpectations:
* platform/wpe/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226777 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed. Add Ali Juma as contributor
annulen@yandex.ru [Thu, 11 Jan 2018 14:47:38 +0000 (14:47 +0000)]
Unreviewed. Add Ali Juma as contributor

Patch by Ali Juma <ajuma@chromium.org> on 2018-01-11

* Scripts/webkitpy/common/config/contributors.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226776 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[DFG][FTL] regExpMatchFast should be handled
utatane.tea@gmail.com [Thu, 11 Jan 2018 14:20:40 +0000 (14:20 +0000)]
[DFG][FTL] regExpMatchFast should be handled
https://bugs.webkit.org/show_bug.cgi?id=180988

Reviewed by Mark Lam.

RegExp.prototype.@@match has a fast path, @regExpMatchFast. This patch annotates this function
with RegExpMatchFastIntrinsic, and introduces RegExpMatch DFG node. This paves the way to
make NewRegexp PhantomNewRegexp if it is not used except for setting/getting its lastIndex property.

To improve RegExp.prototype.@@match's performance more, we make this builtin function small by moving
slow path part to `@matchSlow()` private function.

It improves SixSpeed regex-u.{es5,es6} largely since they stress String.prototype.match, which calls
this regExpMatchFast function.

                         baseline                  patched

regex-u.es5          55.3835+-6.3002     ^     36.2431+-2.0797        ^ definitely 1.5281x faster
regex-u.es6         110.4624+-6.2896     ^     94.1012+-7.2433        ^ definitely 1.1739x faster

* builtins/RegExpPrototype.js:
(globalPrivate.matchSlow):
(overriddenName.string_appeared_here.match):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasHeapPrediction):
* dfg/DFGNodeType.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileRegExpMatch):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpMatch):
* runtime/Intrinsic.cpp:
(JSC::intrinsicName):
* runtime/Intrinsic.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncMatchFast):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226775 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Enable css2.1/20110323/vertical-align-boxes-001.htm.
Ms2ger@igalia.com [Thu, 11 Jan 2018 14:06:18 +0000 (14:06 +0000)]
[GTK] Enable css2.1/20110323/vertical-align-boxes-001.htm.
https://bugs.webkit.org/show_bug.cgi?id=91339

Unreviewed test gardening.

It was fixed in r226404.

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226774 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed. Update Selenium WebDriver imported tests.
carlosgc@webkit.org [Thu, 11 Jan 2018 12:13:40 +0000 (12:13 +0000)]
Unreviewed. Update Selenium WebDriver imported tests.

Tools:

New version of selenium uses command line options to pass driver and browser binaries to pytest instead of
environment variables.

* Scripts/webkitpy/webdriver_tests/pytest_runner.py:
(collect): Reorder the arguments to make pytest happy.
(run): Ditto.
* Scripts/webkitpy/webdriver_tests/webdriver_selenium_executor.py:
(WebDriverSeleniumExecutor.__init__): Add driver binary, browser binary and browser args as arguments.

WebDriverTests:

* imported/selenium/importer.json:
* imported/selenium/py/conftest.py:
* imported/selenium/py/selenium/__init__.py:
* imported/selenium/py/selenium/webdriver/__init__.py:
* imported/selenium/py/selenium/webdriver/common/action_chains.py:
* imported/selenium/py/selenium/webdriver/common/service.py:
* imported/selenium/py/selenium/webdriver/remote/remote_connection.py:
* imported/selenium/py/selenium/webdriver/remote/switch_to.py:
* imported/selenium/py/selenium/webdriver/remote/webdriver.py:
* imported/selenium/py/selenium/webdriver/remote/webelement.py:
* imported/selenium/py/selenium/webdriver/support/expected_conditions.py:
* imported/selenium/py/selenium/webdriver/webkitgtk/options.py:
* imported/selenium/py/test/selenium/webdriver/common/alerts_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/api_example_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/appcache_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/driver_element_finding_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/executing_async_javascript_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/frame_switching_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/interactions_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/page_load_timeout_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/position_and_size_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/rendered_webelement_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/select_class_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/visibility_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/w3c_interaction_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/webdriverwait_tests.py:
* imported/selenium/py/test/selenium/webdriver/common/window_tests.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226773 268f45cc-cd09-0410-ab3c-d52691b4dbfc