REGRESSION (r90971): the cursor is painted “behind” the placeholder text
[WebKit.git] / Source / WebCore / ChangeLog
1 2012-05-29  Kent Tamura  <tkent@chromium.org>
2
3         REGRESSION (r90971): the cursor is painted “behind” the placeholder text
4         https://bugs.webkit.org/show_bug.cgi?id=87155
5
6         Reviewed by Hajime Morita.
7
8         This regression happened only on platforms on which
9         RenderTheme::shouldShowPlaceholderWhenFocused() returns true.
10
11         Because the order of renderers for the editable node and the placeholder
12         node was:
13          - A renderer for the editable node
14          - A renderer for the placeholder node,
15         The text caret was painted, then the palceholder was painted.
16
17         We should not use z-index in the built-in shadow nodes. So the patch
18         fixes this bug by re-ordering these renderers.
19
20         Tests: fast/forms/input-placeholder-paint-order-2.html
21                fast/forms/input-placeholder-paint-order.html
22                fast/forms/textarea/textarea-placeholder-paint-order-2.html
23                fast/forms/textarea/textarea-placeholder-paint-order.html
24
25         * html/HTMLTextFormControlElement.cpp:
26         (WebCore::HTMLTextFormControlElement::fixPlaceholderRenderer):
27         Added. Reorder the order of renderers so that the placeholder renderer
28         precedes the inner text renderer.
29         * html/HTMLTextFormControlElement.h: Add fixPlaceholderRenderer() declaration.
30
31         * html/HTMLTextAreaElement.cpp:
32         (WebCore::HTMLTextAreaElement::attach): Calls fixPlaceholderRenderer().
33         (WebCore::HTMLTextAreaElement::updatePlaceholderText):
34         ditto. Also, use innerTextElement() to improvde code readability.
35         * html/HTMLTextAreaElement.h:
36         (HTMLTextAreaElement): Overrides attach().
37
38         * html/TextFieldInputType.cpp:
39         (WebCore::TextFieldInputType::updatePlaceholderText):
40         Calls fixPlaceholderRenderer().
41         (WebCore::TextFieldInputType::attach): ditto.
42         * html/TextFieldInputType.h:
43         (TextFieldInputType): Overrides attach().
44
45 2012-05-28  Kentaro Hara  <haraken@chromium.org>
46
47         [V8] Implement V8Binding::v8Null(isolate) and use it in CodeGeneratorV8.pm
48         https://bugs.webkit.org/show_bug.cgi?id=87692
49
50         Reviewed by Adam Barth.
51
52         Since v8::Null(isolate) crashes if we pass a NULL isolate, we are planning
53         to pass Isolate to v8::Null() in the following steps:
54
55         [1] Implement V8Bindings::v8Null(isolate). v8Null(isolate) does the NULL check.
56         If isolate is NULL, v8Null(isolate) calls v8::Null(). Otherwise,
57         v8Null(isolate) calls v8::Null(isolate).
58
59         [2] In V8 bindings, we replace v8::Null() with v8::Null(isolate) for a non-optional
60         'isolate' parameter. (e.g. void foo(..., Isolate* isolate) { v8::Null(); } )
61
62         [3] In V8 bindings, we replace v8::Null() with v8Null(isolate) for an optional
63         'isolate' parameter. (e.g. void foo(..., Isolate* isolate = 0) { v8::Null(); } )
64
65         This bug fixes [1] by implementing V8Binding::v8Null(isolate). Also this patch uses
66         V8Binding::v8Null(isolate) in bindings/v8/*.{h,cpp}.
67
68         No tests. No behavior change.
69
70         * bindings/scripts/CodeGeneratorV8.pm:
71         (GenerateHeader):
72         (NativeToJSValue):
73         * bindings/scripts/test/V8/V8Float64Array.h:
74         * bindings/scripts/test/V8/V8TestActiveDOMObject.h:
75         (WebCore::toV8):
76         * bindings/scripts/test/V8/V8TestCustomNamedGetter.h:
77         (WebCore::toV8):
78         * bindings/scripts/test/V8/V8TestEventConstructor.h:
79         (WebCore::toV8):
80         * bindings/scripts/test/V8/V8TestEventTarget.h:
81         (WebCore::toV8):
82         * bindings/scripts/test/V8/V8TestException.h:
83         (WebCore::toV8):
84         * bindings/scripts/test/V8/V8TestInterface.h:
85         (WebCore::toV8):
86         * bindings/scripts/test/V8/V8TestMediaQueryListListener.h:
87         (WebCore::toV8):
88         * bindings/scripts/test/V8/V8TestNamedConstructor.h:
89         (WebCore::toV8):
90         * bindings/scripts/test/V8/V8TestNode.h:
91         (WebCore::toV8):
92         * bindings/scripts/test/V8/V8TestObj.h:
93         (WebCore::toV8):
94         * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp:
95         (WebCore::TestSerializedScriptValueInterfaceV8Internal::valueAttrGetter):
96         (WebCore::TestSerializedScriptValueInterfaceV8Internal::readonlyValueAttrGetter):
97         * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.h:
98         (WebCore::toV8):
99         * bindings/v8/V8Binding.h:
100         (WebCore::v8Null):
101         (WebCore):
102         (WebCore::v8DateOrNull):
103         * bindings/v8/V8DOMWrapper.cpp:
104         * bindings/v8/V8DOMWrapper.h:
105         (WebCore):
106
107 2012-05-28  Kent Tamura  <tkent@chromium.org>
108
109         Fix a crash in HTMLFormControlElement::disabled().
110         https://bugs.webkit.org/show_bug.cgi?id=86534
111
112         Reviewed by Ryosuke Niwa.
113
114         Stop to hold pointers of fildset and legend elements. We can avoid it by
115         holding ancestor's disabled state.
116
117         The ancesotr's disabled state should be invalidated when
118          - fieldset's disabled value is changed.
119          - fieldset's children is updated because a legend position might be changed.
120          - A form control is attached to or detached from a tree.
121
122         No new tests. It's almost impossible to make a reliable test.
123
124         * html/HTMLFieldSetElement.cpp:
125         (WebCore::HTMLFieldSetElement::invalidateDisabledStateUnder):
126         Added. Invalidate disabled state of form controls under the specified node.
127         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
128         Uses invalidateDisabledStateUnder().
129         (WebCore::HTMLFieldSetElement::childrenChanged):
130         Added new override function. We need invalidate disabled state of form
131         controls under legend elements.
132
133         * html/HTMLFieldSetElement.h:
134         (HTMLFieldSetElement): Add invalidateDisabledStateUnder() and childrenChanged().
135
136         * html/HTMLFormControlElement.cpp:
137         (WebCore::HTMLFormControlElement::HTMLFormControlElement):
138         Remove initialization of the removed data members.
139         Initialize m_ancestorDisabledState.
140         (WebCore::HTMLFormControlElement::updateAncestorDisabledState):
141         Update m_ancestorDisabledState. It should be
142         AncestorDisabledStateDisabled if the control is under a disabled
143         fieldset and not under the first legend child of the disabled filedset.
144         (WebCore::HTMLFormControlElement::ancestorDisabledStateWasChanged):
145         Invalidate m_ancestorDisabledState.
146         (WebCore::HTMLFormControlElement::insertedInto): ditto.
147         (WebCore::HTMLFormControlElement::removedFrom): ditto.
148         (WebCore::HTMLFormControlElement::disabled):
149         Calls updateAncestorDisabledState() if needed.
150         (WebCore::HTMLFormControlElement::recalcWillValidate):
151         Remove unnecessary check for m_legendAncestor.
152
153         * html/HTMLFormControlElement.h:
154         (HTMLFormControlElement):
155         - Rename updateFieldSetAndLegendAncestor() to updateAncestorDisabledState(), and make it private.
156         - Remove m_fieldSetAncestor, m_legendAncestor, and m_fieldSetAncestorValid.
157         - Add m_ancestorDisabledState.
158
159 2012-05-28  Takashi Toyoshima  <toyoshim@chromium.org>
160
161         [WebSocket] Receiving reserved close codes, 1005, 1006, and 1015 must appear as code=1006 and wasClean=false
162         https://bugs.webkit.org/show_bug.cgi?id=87084
163
164         Reviewed by Kent Tamura.
165
166         Status codes 1005, 1006, and 1015 are forbidden to be sent in actual close frames.
167         If a client received these frames, the client should handle them as broken.
168         Close frames containing invalid body size are the same as these forbidden cases.
169         Update close-code-and-reason tests to verify this patch.
170
171         * Modules/websockets/WebSocket.cpp: Handle AbnormalClosure as wasClean == false
172         (WebCore::WebSocket::didClose):
173         * Modules/websockets/WebSocketChannel.cpp: Handle close frames' status code carefully
174         (WebCore::WebSocketChannel::processFrame):
175         * Modules/websockets/WebSocketChannel.h: Update on newly defined close event codes
176
177 2012-05-28  Kentaro Hara  <haraken@chromium.org>
178
179         [V8] Avoid passing NULL to an 'isolate' parameter
180         https://bugs.webkit.org/show_bug.cgi?id=87689
181
182         Reviewed by Adam Barth.
183
184         v8::Null(isolate) crashes if we pass a NULL isolate.
185         Thus we are planning to replace v8::Null()s in a following way:
186
187         - Implement V8Bindings::v8Null(isolate). v8Null(isolate) does the NULL check.
188         If isolate is NULL, v8Null(isolate) calls v8::Null(). Otherwise,
189         v8Null(isolate) calls v8::Null(isolate).
190
191         - In V8 bindings, we replace v8::Null() with v8::Null(isolate) for a
192         non-optional 'isolate' parameter.
193         (e.g. void foo(..., Isolate* isolate) { v8::Null(); } )
194
195         - In V8 bindings, we replace v8::Null() with v8Null(isolate) for an
196         optional 'isolate' parameter.
197         (e.g. void foo(..., Isolate* isolate = 0) { v8::Null(); } )
198
199         However, currently we cannot do the replacement mechanically, since some code
200         pass NULL to a non-optional 'isolate' parameter. In other words, currently
201         "non-optional" does not guarantee that 'isolate' is not NULL.
202
203         This patch removes all the code that passes NULL to a non-optional 'isolate'
204         parameter. This will enable us to achieve the replacement mechanically.
205
206         No tests. No behavior change.
207
208         * bindings/scripts/CodeGeneratorV8.pm:
209         (GenerateCallbackImplementation):
210         (NativeToJSValue):
211         * bindings/scripts/test/V8/V8TestCallback.cpp:
212         (WebCore::V8TestCallback::callbackWithClass1Param):
213         (WebCore::V8TestCallback::callbackWithClass2Param):
214         (WebCore::V8TestCallback::callbackWithStringList):
215         (WebCore::V8TestCallback::callbackRequiresThisToPass):
216         * bindings/scripts/test/V8/V8TestObj.cpp:
217         (WebCore::V8TestObj::installPerContextProperties):
218         * bindings/v8/custom/V8CustomSQLStatementErrorCallback.cpp:
219         (WebCore::V8SQLStatementErrorCallback::handleEvent):
220         * bindings/v8/custom/V8MutationCallbackCustom.cpp:
221         (WebCore::V8MutationCallback::handleEvent):
222
223 2012-05-28  Kent Tamura  <tkent@chromium.org>
224
225         Form controls in <fieldset disabled> should not be validated.
226         https://bugs.webkit.org/show_bug.cgi?id=87381
227
228         Reviewed by Hajime Morita.
229
230         We need to use disabeld() instead of m_disabled to calculate
231         willValidate property. Also, we need to update willValidate if
232         necessary.
233
234         Test: fast/forms/fieldset/validation-in-fieldset.html
235
236         * html/HTMLFieldSetElement.cpp:
237         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
238          - Do not traverse this.
239          - Calls ancestorDisabledStateWasChanged() instead of
240           setNeedsStyleRecalc() because we'd like to do additional tasks.
241         * html/HTMLFormControlElement.cpp:
242         (WebCore::HTMLFormControlElement::ancestorDisabledStateWasChanged):
243         Added. Just calls disabledAttributeChanged().
244         (WebCore::HTMLFormControlElement::parseAttribute):
245         Do not call setNeedsWillValidateCheck() whenever an attribute is updated.
246         It should be called only if disabled or readonly attribute is updated.
247         (WebCore::HTMLFormControlElement::disabledAttributeChanged):
248         Add setNeedsWillValidateCheck(). It was moved from parseAttribute().
249         (WebCore::HTMLFormControlElement::insertedInto):
250         Invalidate ancestor information.
251         (WebCore::HTMLFormControlElement::recalcWillValidate):
252         Use disabled() instead of m_disabled. disabled() takes care of
253         ancestor's disabled state.
254         * html/HTMLFormControlElement.h:
255         (HTMLFormControlElement):
256
257 2012-05-28  Rakesh KN  <rakesh.kn@motorola.com>
258
259         [Forms] HTMLFieldSetElement.idl doesn't have elements attribute.
260         https://bugs.webkit.org/show_bug.cgi?id=80110
261
262         Reviewed by Kent Tamura.
263
264         Implemented elements attribute for HTMLFieldSetElement. This is spec'ed at
265         http://www.whatwg.org/specs/web-apps/current-work/multipage/forms.html#dom-fieldset-elements
266
267         Tests: fast/forms/fieldset/fieldset-elements.html
268                fast/forms/fieldset/fieldset-form-collection-radionode-list.html
269
270         * dom/Node.cpp:
271         (WebCore::Node::radioNodeList):
272         Extended ASSERT to assert if not HTMLFieldSetElement or HTMLFormElement.
273         * html/HTMLFieldSetElement.cpp:
274         (WebCore::HTMLFieldSetElement::elements):
275         Elements attribute implementation.
276         (WebCore::HTMLFieldSetElement::refreshElementsIfNeeded):
277         Update the formcontrol elements collections if dom tree got modified.
278         (WebCore::HTMLFieldSetElement::associatedElements):
279         FormControl elements collection accessor.
280         (WebCore::HTMLFieldSetElement::length):
281         Number of elements in the fieldset group.
282         * html/HTMLFieldSetElement.h:
283         Added elements collection member and form control collection members.
284         * html/HTMLFieldSetElement.idl:
285         Added elements attribute.
286         * html/HTMLFormCollection.cpp:
287         (WebCore::HTMLFormCollection::formControlElements):
288         Added support for HTMLFieldSetElement, based on base element type gets its associated elements.
289         (WebCore::HTMLFormCollection::numberOfFormControlElements): Ditto
290         (WebCore::HTMLFormCollection::getNamedFormItem): Process image elements only for form element.
291         (WebCore::HTMLFormCollection::updateNameCache): Ditto
292         * html/RadioNodeList.cpp:
293         (WebCore::RadioNodeList::RadioNodeList):
294         DynamicSubTree root element is decided based on the type whether base element is form or fieldset element.
295         Renamed m_formElement to m_baseElement.
296         (WebCore::RadioNodeList::~RadioNodeList):
297         Renamed m_formElement to m_baseElement.
298         (WebCore::RadioNodeList::checkElementMatchesRadioNodeListFilter):
299         Form element specific changes moved under form element check.
300         * html/RadioNodeList.h:
301         (WebCore::RadioNodeList::create):
302         (RadioNodeList):
303         Renamed m_formElement to m_baseElement.
304
305 2012-05-28  Jonathan Dong  <jonathan.dong@torchmobile.com.cn>
306
307         [BlackBerry] http authenticate dialog popup only once no matter authentication pass or fail
308         https://bugs.webkit.org/show_bug.cgi?id=80135
309
310         Reviewed by Rob Buis.
311
312         RIM PR: 145660
313         Fixed a regression introduced by r111810, we should cancel the new
314         request when user press cancel button in http authentication challenge
315         dialog, and we should also allow sending empty username and password
316         with the request.
317         Also removed redundant codes which checked the existence of the
318         FrameLoaderClient pointer, as we've already moved authenticationChallenge()
319         out of class FrameLoaderClient, it is not needed.
320
321         Manual test added. Testing http authentication dialog relies on user interaction.
322
323         Resubmit the patch reverted by r115104 after the digest infinite loop
324         issue for BlackBerry porting get identified and fixed.
325
326         Internally reviewed by Joe Mason <jmason@rim.com>
327
328         * platform/blackberry/PageClientBlackBerry.h:
329         * platform/network/blackberry/NetworkJob.cpp:
330         (WebCore::NetworkJob::sendRequestWithCredentials):
331
332 2012-05-28  Jonathan Dong  <jonathan.dong@torchmobile.com.cn>
333
334         [BlackBerry] http authentication challenge issue when loading favicon
335         https://bugs.webkit.org/show_bug.cgi?id=87665
336
337         Reviewed by Rob Buis.
338
339         Provide the TargetType when generating a favicon loading
340         request. Loading favicons is triggered after the main resource
341         has been loaded and parsed, so if we cancel the authentication
342         challenge when loading main resource, we should also cancel
343         loading the favicon when it starts to load. If not we will
344         receive another challenge after we canceled the main resource
345         loading, which may confuse the user.
346
347         Internally reviewed by Joe Mason <jmason@rim.com>
348
349         No new tests because of no behavior changes.
350
351         * loader/icon/IconLoader.cpp:
352         (WebCore::IconLoader::startLoading):
353         * platform/network/blackberry/NetworkJob.cpp:
354         (WebCore::NetworkJob::sendRequestWithCredentials):
355
356 2012-05-28  MORITA Hajime  <morrita@google.com>
357
358         Rename FrameLoaderClient::shadowDOMAllowed() to allowShadowDOM()
359         https://bugs.webkit.org/show_bug.cgi?id=87101
360
361         Reviewed by Kentaro Hara.
362
363         No new tests. No behavior change.
364
365         * bindings/generic/ContextEnabledFeatures.cpp:
366         (WebCore::ContextEnabledFeatures::shadowDOMEnabled):
367         * loader/FrameLoaderClient.h:
368         (WebCore::FrameLoaderClient::allowShadowDOM):
369
370 2012-05-28  David Barton  <dbarton@mathscribe.com>
371
372         mathml/presentation/mo-stretch.html and mroot-pref-width.html tests fail on Mac
373         https://bugs.webkit.org/show_bug.cgi?id=86786
374
375         Reviewed by Darin Adler.
376
377         The fix to https://bugs.webkit.org/show_bug.cgi?id=84167 changed inline-table baselines,
378         including for <mtable>. We therefore have to correct <mtable>'s vertical-align CSS
379         property.
380
381         Tested by existing tests mo-stretch.html, row-alignment.xhtml, and tables.xhtml.
382
383         * css/mathml.css:
384         (mtable):
385
386 2012-05-28  Luke Macpherson  <macpherson@chromium.org>
387
388         Make CSSParser::filteredProperties() O(n) instead of O(n^2) and improve readability.
389         https://bugs.webkit.org/show_bug.cgi?id=87078
390
391         Reviewed by Darin Adler.
392
393         This patch implements a number of improvements to filteredProperties:
394         1) Make the code more linearly readable by separating out handling of important and non-important properties.
395         2) Eliminate one BitArray instance (reduces hot memory so more cache friendly).
396         3) Remove O(n^2) behavior caused by scanning for and removing previously encountered definitions of each property.
397         The key algorithmic change is to add properties in decreasing precedence:
398         a) Iterating once per (important, !important) so that important properties are visited first.
399         b) Reverse iteration of m_parsedProperties visits the properties in decreasing precedence.
400
401         Covered by loads of existing tests - getting CSS property precedence wrong results in too many errors to list.
402         In particular fast/css contains test cases for important corner cases like duplicated important properties.
403
404         * css/CSSParser.cpp:
405         (WebCore::CSSParser::createStylePropertySet):
406         * css/CSSProperty.h:
407         Add vector traits so that CSSProperty can just be memset by vector without calling constructor.
408
409 2012-05-28  MORITA Hajime  <morrita@google.com>
410
411         Can't edit <input> elements with :first-letter
412         https://bugs.webkit.org/show_bug.cgi?id=87615
413
414         Reviewed by Kent Tamura.
415
416         A check using canHaveGeneratedChildren() should cover not only
417         button and menulist, but also RenderTextControl.
418         This change pulles canHaveGeneratedChildren() up
419         from RenderDeprecatedFlexibleBox to RenderObject,
420         and lets RenderTextControl override it.
421
422         Test: fast/forms/input-first-letter-edit.html
423
424         * rendering/RenderBlock.cpp:
425         (WebCore):
426         (WebCore::RenderBlock::styleDidChange):
427         (WebCore::RenderBlock::updateFirstLetter):
428         * rendering/RenderBlock.h: Removed a static function canHaveGeneratedChildren()
429         (RenderBlock):
430         * rendering/RenderDeprecatedFlexibleBox.h:
431         * rendering/RenderObject.cpp:
432         (WebCore):
433         (WebCore::RenderObject::canHaveGeneratedChildren): Added.
434         * rendering/RenderObject.h:
435         (RenderObject):
436         * rendering/RenderTextControl.h:
437
438 2012-05-28  Arvid Nilsson  <anilsson@rim.com>
439
440         [BlackBerry] Add support for layers with scale invariant size
441         https://bugs.webkit.org/show_bug.cgi?id=87601
442
443         Reviewed by Rob Buis.
444
445         To support layers that have a "floating" appearance, i.e. don't change size
446         when the web page is drawn at a different scale, we add a new layer property
447         named "sizeIsScaleInvariant".
448
449         The anchor position will still be given in document coordinates for these
450         "floating" layers, so this is well suited for interface elements like selection
451         handles whose size is always the same but move with the web page contents.
452
453         PR #156812
454
455         * platform/graphics/blackberry/LayerCompositingThread.cpp:
456         (WebCore::LayerCompositingThread::setDrawTransform):
457         (WebCore::LayerCompositingThread::drawTextures):
458         (WebCore::LayerCompositingThread::drawMissingTextures):
459         * platform/graphics/blackberry/LayerCompositingThread.h:
460         (LayerCompositingThread):
461         * platform/graphics/blackberry/LayerCompositingThreadClient.h:
462         (LayerCompositingThreadClient):
463         (WebCore::LayerCompositingThreadClient::drawMissingTextures):
464         * platform/graphics/blackberry/LayerData.h:
465         (WebCore::LayerData::LayerData):
466         (WebCore::LayerData::sizeIsScaleInvariant):
467         (LayerData):
468         * platform/graphics/blackberry/LayerRenderer.cpp:
469         (WebCore::LayerRenderer::LayerRenderer):
470         (WebCore::LayerRenderer::compositeLayers):
471         (WebCore::LayerRenderer::updateLayersRecursive):
472         (WebCore::LayerRenderer::compositeLayersRecursive):
473         * platform/graphics/blackberry/LayerRenderer.h:
474         (LayerRenderer):
475         * platform/graphics/blackberry/LayerTiler.cpp:
476         (WebCore::LayerTiler::updateTextureContentsIfNeeded):
477         (WebCore::LayerTiler::drawTextures):
478         (WebCore::LayerTiler::drawMissingTextures):
479         (WebCore::LayerTiler::drawTexturesInternal):
480         * platform/graphics/blackberry/LayerTiler.h:
481         (LayerTiler):
482         * platform/graphics/blackberry/LayerWebKitThread.h:
483         (WebCore::LayerWebKitThread::setSizeIsScaleInvariant):
484         (LayerWebKitThread):
485
486 2012-05-28  Arvid Nilsson  <anilsson@rim.com>
487
488         [BlackBerry] Make it possible to manipulate layers on the compositing thread
489         https://bugs.webkit.org/show_bug.cgi?id=87602
490
491         Reviewed by Rob Buis.
492
493         Normally, layers are manipulated on the WebKit thread, and the changes are
494         synced to the compositing thread during the next accelerated compositing commit
495         operation.
496
497         However, for overlay layers the ability to manipulate layers on the compositing
498         thread is necessary for adequate user interface responsiveness.
499
500         Two mechanisms are added:
501         1. For a layer with a WebKit-thread counterpart, you can temporarily override
502         attributes or add animations whose output override attributes.
503         2. For a layer with no WebKit-thread counterpart, you can now directly set the
504         compositing thread values for attributes. If you attempt to do this for layers
505         that do have a WebKit-thread counterpart, the compositing thread values will
506         be overwritten at the time of the next commit, which makes the override
507         mechanism more useful there.
508
509         PR #156812
510
511         * platform/graphics/blackberry/LayerCompositingThread.cpp:
512         (WebCore::LayerCompositingThread::addSublayer):
513         (WebCore):
514         (WebCore::LayerCompositingThread::updateAnimations):
515         (WebCore::LayerCompositingThread::removeAnimation):
516         (WebCore::LayerCompositingThread::override):
517         (WebCore::LayerCompositingThread::clearOverride):
518         * platform/graphics/blackberry/LayerCompositingThread.h:
519         (LayerOverride):
520         (WebCore::LayerOverride::create):
521         (WebCore::LayerOverride::setPosition):
522         (WebCore::LayerOverride::setAnchorPoint):
523         (WebCore::LayerOverride::setBounds):
524         (WebCore::LayerOverride::setTransform):
525         (WebCore::LayerOverride::setOpacity):
526         (WebCore::LayerOverride::addAnimation):
527         (WebCore::LayerOverride::LayerOverride):
528         (WebCore):
529         (LayerCompositingThread):
530         (WebCore::LayerCompositingThread::setPosition):
531         (WebCore::LayerCompositingThread::setAnchorPoint):
532         (WebCore::LayerCompositingThread::setBounds):
533         (WebCore::LayerCompositingThread::setSizeIsScaleInvariant):
534         (WebCore::LayerCompositingThread::setTransform):
535         (WebCore::LayerCompositingThread::setOpacity):
536         (WebCore::LayerCompositingThread::setNeedsTexture):
537         * platform/graphics/blackberry/LayerWebKitThread.cpp:
538         (WebCore::LayerWebKitThread::LayerWebKitThread):
539         (WebCore::LayerWebKitThread::commitOnCompositingThread):
540         * platform/graphics/blackberry/LayerWebKitThread.h:
541         (LayerWebKitThread):
542         (WebCore::LayerWebKitThread::clearOverride):
543
544 2012-05-28  Rob Flack  <flackr@chromium.org>
545
546         [chromium] Only increase size of Combo Box Options when displayed on touch screen
547         https://bugs.webkit.org/show_bug.cgi?id=85921
548
549         Reviewed by Adam Barth.
550
551         Adds a flag to set whether the current device is a touch screen, independent of whether touch events are supported and use this for the combo box sizing.
552
553         No new tests as this is a flag change and covered by existing tests: WebKit/chromium/tests/PopupMenuTest.cpp
554
555         * page/Settings.cpp:
556         (WebCore::Settings::Settings):
557         * page/Settings.h:
558         (WebCore::Settings::setDeviceSupportsTouch):
559         (WebCore::Settings::deviceSupportsTouch):
560         (Settings):
561         * platform/chromium/PopupListBox.cpp:
562         (WebCore::PopupListBox::getRowHeight):
563         * platform/chromium/PopupListBox.h:
564         (PopupContainerSettings):
565         * platform/chromium/PopupMenuChromium.cpp:
566         (WebCore::PopupMenuChromium::show):
567
568 2012-05-28  Arvid Nilsson  <anilsson@rim.com>
569
570         [BlackBerry] Make custom compositing thread layers more flexible
571         https://bugs.webkit.org/show_bug.cgi?id=87600
572
573         Reviewed by Rob Buis.
574
575         Introduce a LayerCompositingThreadClient that's used to fine tune the
576         behaviour of custom layers. Let the LayerTiler be a
577         LayerCompositingThreadClient and thus decouple it from
578         LayerCompositingThread. Adjust method signatures to allow a one-to-many
579         relationship between Client and Layer.
580
581         Remove the old LayerCompositingThread::drawCustom() in favour of this new
582         Client interface.
583
584         PR #156812
585
586         * platform/graphics/blackberry/LayerCompositingThread.cpp:
587         (WebCore::LayerCompositingThread::create):
588         (WebCore::LayerCompositingThread::LayerCompositingThread):
589         (WebCore::LayerCompositingThread::~LayerCompositingThread):
590         (WebCore::LayerCompositingThread::deleteTextures):
591         (WebCore::LayerCompositingThread::drawTextures):
592         (WebCore::LayerCompositingThread::hasMissingTextures):
593         (WebCore::LayerCompositingThread::drawMissingTextures):
594         (WebCore::LayerCompositingThread::updateTextureContentsIfNeeded):
595         (WebCore::LayerCompositingThread::bindContentsTexture):
596         (WebCore::LayerCompositingThread::setVisible):
597         (WebCore::LayerCompositingThread::scheduleCommit):
598         * platform/graphics/blackberry/LayerCompositingThread.h:
599         (WebCore):
600         (LayerCompositingThread):
601         * platform/graphics/blackberry/LayerCompositingThreadClient.h: Added.
602         (WebCore):
603         (LayerCompositingThreadClient):
604         (WebCore::LayerCompositingThreadClient::~LayerCompositingThreadClient):
605         (WebCore::LayerCompositingThreadClient::bindContentsTexture):
606         (WebCore::LayerCompositingThreadClient::hasMissingTextures):
607         (WebCore::LayerCompositingThreadClient::drawMissingTextures):
608         (WebCore::LayerCompositingThreadClient::scheduleCommit):
609         * platform/graphics/blackberry/LayerRenderer.cpp:
610         (WebCore::LayerRenderer::drawDebugBorder):
611         * platform/graphics/blackberry/LayerTiler.cpp:
612         (WebCore::LayerTiler::LayerTiler):
613         (WebCore::LayerTiler::layerCompositingThreadDestroyed):
614         (WebCore::LayerTiler::layerVisibilityChanged):
615         (WebCore::LayerTiler::uploadTexturesIfNeeded):
616         (WebCore::LayerTiler::deleteTextures):
617         (WebCore::LayerTiler::scheduleCommit):
618         (WebCore):
619         (WebCore::LayerTiler::bindContentsTexture):
620         * platform/graphics/blackberry/LayerTiler.h:
621         (LayerTiler):
622         (WebCore::LayerTiler::hasMissingTextures):
623         * platform/graphics/blackberry/LayerWebKitThread.cpp:
624         (WebCore::LayerWebKitThread::LayerWebKitThread):
625         * platform/graphics/blackberry/LayerWebKitThread.h:
626         (LayerWebKitThread):
627
628 2012-05-25  Jesus Sanchez-Palencia  <jesus.palencia@openbossa.org>
629
630         WebKitTestRunner needs to support layoutTestController.setJavaScriptProfilingEnabled
631         https://bugs.webkit.org/show_bug.cgi?id=42328
632
633         Reviewed by Eric Seidel.
634
635         Add setJavaScriptProfilingEnabled() to window.internals.settings. No new tests, but this
636         change will allow more tests to run in WebKitTestRunner and DRT for ports that weren't
637         implementing this function before.
638         This patch also refactors InspectorController::enableProfiler() and
639         InspectorController::disableProfiler() to InspectorController::setProfilerEnabled(bool).
640
641         * WebCore.exp.in:
642         * inspector/InspectorController.cpp:
643         (WebCore::InspectorController::profilerEnabled):
644         (WebCore::InspectorController::setProfilerEnabled):
645         * inspector/InspectorController.h:
646         (InspectorController):
647         * testing/InternalSettings.cpp:
648         (WebCore::InternalSettings::InternalSettings):
649         (WebCore::InternalSettings::restoreTo):
650         (WebCore::InternalSettings::setJavaScriptProfilingEnabled):
651         (WebCore):
652         * testing/InternalSettings.h:
653         (InternalSettings):
654         * testing/InternalSettings.idl:
655
656 2012-05-28  Yong Li  <yoli@rim.com>
657
658         Crash on incomplete :not().
659         https://bugs.webkit.org/show_bug.cgi?id=86673
660
661         Reviewed by Antti Koivisto.
662
663         Add back null-checks for incomplete :not() class
664         which were dropped by r81845.
665
666         * css/CSSSelector.cpp:
667         (WebCore::CSSSelector::specificityForOneSelector):
668         (WebCore::CSSSelector::selectorText):
669         * css/SelectorChecker.cpp:
670         (WebCore::SelectorChecker::checkOneSelector):
671         (WebCore::SelectorChecker::determineLinkMatchType):
672
673 2012-05-28  Leo Yang  <leo.yang@torchmobile.com.cn>
674
675         FileWriterSync binding should have no static table
676         https://bugs.webkit.org/show_bug.cgi?id=87645
677
678         Reviewed by George Staikos.
679
680         FileWriterSync could be used in filesystem FileWriter in worker thread, so we should add ProgressEvent in idl file.
681
682         Covered by existing test: fast/filesystem/workers/sync-operations.html.
683
684         * Modules/filesystem/FileWriterSync.idl:
685
686 2012-05-28  Arvid Nilsson  <anilsson@rim.com>
687
688         [BlackBerry] Add an overlay layer
689         https://bugs.webkit.org/show_bug.cgi?id=87567
690
691         Reviewed by Antonio Gomes.
692
693         The overlay layer allows us to have compositing layers even though the
694         web page is not currently using accelerated compositing.
695
696         These layers can be used to implement tap highlight, inspector overlay
697         and more.
698
699         The WebCore changes support the overlay layer functionality in WebKit
700         by making it possible to add animations from the compositing thread
701         without them being instantly overwritten during the next commit.
702
703         Also a new custom layer type is added, which allow an overlay layer to
704         draw itself using raw OpenGL calls. An instance of a custom subclass of
705         LayerCompositingThread must be provided when creating the
706         LayerWebKitThread. Then, the custom layer can be used as the content
707         layer of a GraphicsLayer, or by itself.
708
709         Reviewed internally by Filip Spacek.
710
711         PR #154335
712
713         * platform/graphics/blackberry/LayerCompositingThread.cpp:
714         (WebCore::LayerCompositingThread::~LayerCompositingThread):
715         (WebCore::LayerCompositingThread::deleteTextures):
716         (WebCore::LayerCompositingThread::drawTextures):
717         (WebCore::LayerCompositingThread::drawMissingTextures):
718         (WebCore::LayerCompositingThread::updateTextureContentsIfNeeded):
719         (WebCore::LayerCompositingThread::setVisible):
720         (WebCore::LayerCompositingThread::scheduleCommit):
721         * platform/graphics/blackberry/LayerCompositingThread.h:
722         (WebCore::LayerCompositingThread::addAnimation):
723         (WebCore::LayerCompositingThread::setRunningAnimations):
724         (WebCore::LayerCompositingThread::setSuspendedAnimations):
725         (LayerCompositingThread):
726         (WebCore::LayerCompositingThread::drawCustom):
727         * platform/graphics/blackberry/LayerData.h:
728         (LayerData):
729         * platform/graphics/blackberry/LayerWebKitThread.cpp:
730         (WebCore::LayerWebKitThread::LayerWebKitThread):
731         (WebCore):
732         (WebCore::LayerWebKitThread::~LayerWebKitThread):
733         (WebCore::LayerWebKitThread::updateTextureContentsIfNeeded):
734         (WebCore::LayerWebKitThread::startAnimations):
735         (WebCore::LayerWebKitThread::commitOnCompositingThread):
736         (WebCore::LayerWebKitThread::setNeedsDisplayInRect):
737         (WebCore::LayerWebKitThread::setNeedsDisplay):
738         (WebCore::LayerWebKitThread::setIsMask):
739         (WebCore::LayerWebKitThread::setRunningAnimations):
740         (WebCore::LayerWebKitThread::setSuspendedAnimations):
741         * platform/graphics/blackberry/LayerWebKitThread.h:
742         (LayerWebKitThread):
743
744 2012-05-28  Leo Yang  <leo.yang@torchmobile.com.cn>
745
746         ProgressEvent JSC binding should have no static table
747         https://bugs.webkit.org/show_bug.cgi?id=87365
748
749         Reviewed by George Staikos.
750
751         ProgressEvent could be used in filesystem FileWriter in worker thread, so we should add ProgressEvent in idl file.
752
753         Covered by existing test: fast/filesystem/workers/file-writer-events.html.
754
755         * dom/ProgressEvent.idl:
756
757 2012-05-28  Arvid Nilsson  <anilsson@rim.com>
758
759         [BlackBerry] Update WebPageCompositor::render() API
760         https://bugs.webkit.org/show_bug.cgi?id=87565
761
762         Reviewed by Rob Buis.
763
764         The new API allows the embedder to specify the root transform and many
765         OpenGL related parameters.
766
767         Also refactor the code to allow several sets of layers to be rendered,
768         and to allow interleaving the rendering of layers with rendering of
769         buffers and checkerboard.
770
771         Reviewed internally by Filip Spacek.
772
773         PR #154334
774
775         * platform/graphics/blackberry/LayerCompositingThread.cpp:
776         (WebCore::LayerCompositingThread::drawTextures):
777         (WebCore::LayerCompositingThread::drawSurface):
778         * platform/graphics/blackberry/LayerRenderer.cpp:
779         (WebCore::LayerRenderer::orthoMatrix):
780         (WebCore::LayerRenderer::LayerRenderer):
781         (WebCore::LayerRenderer::prepareFrame):
782         (WebCore):
783         (WebCore::LayerRenderer::setViewport):
784         (WebCore::LayerRenderer::compositeLayers):
785         (WebCore::LayerRenderer::compositeBuffer):
786         (WebCore::LayerRenderer::drawCheckerboardPattern):
787         (WebCore::LayerRenderer::drawLayersOnSurfaces):
788         (WebCore::LayerRenderer::prepareFrameRecursive):
789         (WebCore::LayerRenderer::updateLayersRecursive):
790         (WebCore::LayerRenderer::compositeLayersRecursive):
791         (WebCore::LayerRenderer::updateScissorIfNeeded):
792         (WebCore::LayerRenderingResults::addHolePunchRect):
793         * platform/graphics/blackberry/LayerRenderer.h:
794         (LayerRenderer):
795
796 2012-05-28  Antti Koivisto  <antti@apple.com>
797
798         REGRESSION(r96517): Attribute selector fails to match dynamically modified style attribute
799         https://bugs.webkit.org/show_bug.cgi?id=87349
800
801         Reviewed by Andreas Kling.
802         
803         Selector fast path does not trigger lazy style attribute generation. Since attribute selectors matching
804         style attribute are rare, disallow them from the fast path rather than making it more branchy.
805
806         Test: fast/css/dynamic-style-attribute-query.html
807
808         * css/SelectorChecker.cpp:
809         (WebCore::isFastCheckableMatch):
810
811 2012-05-28  Peter Rybin  <peter.rybin@gmail.com>
812
813         Web Inspector: Expose function (closure) scopes in remote protocol
814         https://bugs.webkit.org/show_bug.cgi?id=86861
815
816         Reviewed by Yury Semikhatsky.
817
818         A data transfer from V8's FunctionMirror via DebuggerScript.js via InjectedScriptHost is built.
819         Scope field is added to protocol declaration similar to scopes of stack call frame.
820         Test for function details is extended.
821         JSC code binging got fixme for implemting the corresponding feature.
822
823         * bindings/js/JSInjectedScriptHostCustom.cpp:
824         (WebCore::JSInjectedScriptHost::functionDetails):
825         * bindings/v8/DebuggerScript.js:
826         * bindings/v8/ScriptDebugServer.cpp:
827         (WebCore::ScriptDebugServer::functionScopes):
828         (WebCore):
829         * bindings/v8/ScriptDebugServer.h:
830         (ScriptDebugServer):
831         * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
832         (WebCore::V8InjectedScriptHost::functionDetailsCallback):
833         * inspector/InjectedScriptHost.cpp:
834         (WebCore):
835         (WebCore::InjectedScriptHost::scriptDebugServer):
836         * inspector/InjectedScriptHost.h:
837         (WebCore):
838         (WebCore::InjectedScriptHost::init):
839         (InjectedScriptHost):
840         * inspector/InjectedScriptSource.js:
841         (.):
842         * inspector/Inspector.json:
843         * inspector/InspectorController.cpp:
844         (WebCore::InspectorController::InspectorController):
845         * inspector/WorkerInspectorController.cpp:
846         (WebCore::WorkerInspectorController::WorkerInspectorController):
847
848 2012-05-28  Arvid Nilsson  <anilsson@rim.com>
849
850         [BlackBerry] Add a constructor to create a Path from an SkPath
851         https://bugs.webkit.org/show_bug.cgi?id=87566
852
853         Reviewed by Antonio Gomes.
854
855         Skia allows the creation of more complex paths than WebCore would
856         allow. This will be used in the BlackBerry port to implement a default
857         tap highlight appearance.
858
859         Reviewed internally by Mike Lattanzio.
860
861         PR #154329
862
863         * platform/graphics/Path.h:
864         (Path):
865         * platform/graphics/skia/PathSkia.cpp:
866         (WebCore):
867         (WebCore::Path::Path):
868
869 2012-05-28  Alexis Menard  <alexis.menard@openbossa.org>
870
871         Unreviewed build fix for Mac on Lion.
872
873         * inspector/CodeGeneratorInspector.py:
874
875 2012-05-28  Keishi Hattori  <keishi@webkit.org>
876
877         Expose value localization function of HTMLInputElement
878         https://bugs.webkit.org/show_bug.cgi?id=84356
879
880         Reviewed by Kent Tamura.
881
882         No new tests.
883
884         We want to localize the values that are defined in the datalist element.
885         This adds HTMLInputElement::localizeValue() which will localize a given
886         value.
887
888         * html/BaseDateAndTimeInputType.cpp:
889         (WebCore::BaseDateAndTimeInputType::localizeValue):
890         (WebCore):
891         (WebCore::BaseDateAndTimeInputType::visibleValue):
892         * html/BaseDateAndTimeInputType.h:
893         (BaseDateAndTimeInputType):
894         * html/HTMLInputElement.cpp:
895         (WebCore::HTMLInputElement::localizeValue):
896         (WebCore):
897         * html/HTMLInputElement.h:
898         (HTMLInputElement):
899         * html/InputType.cpp:
900         (WebCore::InputType::localizeValue):
901         (WebCore):
902         * html/InputType.h:
903         (InputType):
904         * html/NumberInputType.cpp:
905         (WebCore::NumberInputType::localizeValue):
906         (WebCore):
907         (WebCore::NumberInputType::visibleValue):
908         * html/NumberInputType.h:
909         (NumberInputType):
910
911 2012-05-28  Yury Semikhatsky  <yurys@chromium.org>
912
913         Unreviewed. Test fix after r118670: saved timeline data may
914         not have DOM counters data and MemoryStatistics object should
915         take this into account.
916
917         * inspector/front-end/MemoryStatistics.js:
918         (WebInspector.MemoryStatistics.prototype._onRecordAdded):
919
920 2012-05-28  Sheriff Bot  <webkit.review.bot@gmail.com>
921
922         Unreviewed, rolling out r118580.
923         http://trac.webkit.org/changeset/118580
924         https://bugs.webkit.org/show_bug.cgi?id=87647
925
926         Caused webkit_unit_tests to crash on chromium. (Requested by
927         bulach on #webkit).
928
929         * platform/graphics/chromium/ContentLayerChromium.cpp:
930         (WebCore::ContentLayerPainter::create):
931         (WebCore::ContentLayerPainter::paint):
932         (WebCore::ContentLayerPainter::ContentLayerPainter):
933         (ContentLayerPainter):
934         (WebCore::ContentLayerChromium::createTextureUpdaterIfNeeded):
935         * platform/graphics/chromium/TiledLayerChromium.cpp:
936         (UpdatableTile):
937         (WebCore::UpdatableTile::UpdatableTile):
938         (WebCore::TiledLayerChromium::updateTiles):
939         * platform/graphics/chromium/TiledLayerChromium.h:
940         (TiledLayerChromium):
941         * platform/graphics/chromium/cc/CCLayerTreeHost.h:
942         (WebCore::CCSettings::CCSettings):
943         (CCSettings):
944
945 2012-05-28  Peter Beverloo  <peter@chromium.org>
946
947         &AElig doesn't get rendered as U+00C6
948         https://bugs.webkit.org/show_bug.cgi?id=87465
949
950         Reviewed by Adam Barth.
951
952         The if-statement to check whether the first entry of a certain letter
953         already exists in the index used .get(). The very first alphabetical
954         entry is in position "0", which evaluates to false, causing the first
955         entry to be ignored. Instead, use a "x not in y" check here.
956
957         Also update WebCore.gyp to list the create-html-entity-table script as
958         an input for the action, to make sure the table will be recreated.
959
960         Test: html5lib/resources/entities02.dat
961
962         * WebCore.gyp/WebCore.gyp:
963         * html/parser/create-html-entity-table:
964
965 2012-05-28  Yury Semikhatsky  <yurys@chromium.org>
966
967         Web Inspector: dom counters graphs vanish on switching between timeline views
968         https://bugs.webkit.org/show_bug.cgi?id=87628
969
970         Reviewed by Vsevolod Vlasov.
971
972         MemoryStatistics object now listens to the TimelineModel events instead of being
973         populated by timeline panel. This behavior mathes that of the overview pane.
974
975         * inspector/front-end/MemoryStatistics.js:
976         (WebInspector.MemoryStatistics.prototype.addTimlineEvent):
977         * inspector/front-end/TimelinePanel.js:
978         (WebInspector.TimelinePanel.prototype._onTimelineEventRecorded):
979         (WebInspector.TimelinePanel.prototype._innerAddRecordToTimeline):
980
981 2012-05-28  Marcus Bulach  <bulach@chromium.org>
982
983         [chromium] Buildfix: remove obsolete file from gypi.
984         https://bugs.webkit.org/show_bug.cgi?id=87643
985
986         Reviewed by no-reviewer.
987
988         Following http://trac.webkit.org/changeset/118610.
989         Removes reference to platform/graphics/gstreamer/ImageGStreamerCG.mm
990
991         * WebCore.gypi:
992
993 2012-05-28  MORITA Hajime  <morrita@google.com>
994
995         HTMLFormControlElement::m_validationMessage shouldn't be cleared on detach()
996         https://bugs.webkit.org/show_bug.cgi?id=87608
997
998         Reviewed by Kent Tamura.
999
1000         Moved m_validationMessage clearance from detach() to removedFrom() and
1001         remove detach().
1002
1003         No new tests. This change has no visible difference. Upcoming changes rely on this though.
1004
1005         * html/HTMLFormControlElement.cpp:
1006         (WebCore::HTMLFormControlElement::removedFrom):
1007
1008 2012-05-28  Yury Semikhatsky  <yurys@chromium.org>
1009
1010         Web Inspector: "Record CPU profile" button doesn't change its state after finishing profiling
1011         https://bugs.webkit.org/show_bug.cgi?id=87624
1012
1013         Reviewed by Vsevolod Vlasov.
1014
1015         Keep record button state in sync with the current profiling state.
1016
1017         * inspector/front-end/ProfilesPanel.js:
1018         (WebInspector.ProfilesPanel.prototype.toggleRecordButton):
1019
1020 2012-05-28  Sheriff Bot  <webkit.review.bot@gmail.com>
1021
1022         Unreviewed, rolling out r118650.
1023         http://trac.webkit.org/changeset/118650
1024         https://bugs.webkit.org/show_bug.cgi?id=87639
1025
1026         Patch caused massive failures throughout the builders
1027         (Requested by zdobersek on #webkit).
1028
1029         * css/MediaQuery.cpp:
1030         (WebCore):
1031         (WebCore::MediaQuery::serialize):
1032         (WebCore::MediaQuery::MediaQuery):
1033         (WebCore::MediaQuery::cssText):
1034         * css/MediaQuery.h:
1035         (WebCore::MediaQuery::expressions):
1036         (WebCore::MediaQuery::mediaType):
1037         (MediaQuery):
1038         (WebCore::MediaQuery::copy):
1039         * css/MediaQueryEvaluator.cpp:
1040         (WebCore::MediaQueryEvaluator::MediaQueryEvaluator):
1041         (WebCore::MediaQueryEvaluator):
1042         (WebCore::MediaQueryEvaluator::eval):
1043         (WebCore::aspect_ratioMediaFeatureEval):
1044         (WebCore::device_aspect_ratioMediaFeatureEval):
1045         (WebCore::transform_3dMediaFeatureEval):
1046         (WebCore::view_modeMediaFeatureEval):
1047         (WebCore::createFunctionMap):
1048         * css/MediaQueryEvaluator.h:
1049         (WebCore):
1050         (MediaQueryEvaluator):
1051         * css/StyleResolver.cpp:
1052         (WebCore):
1053         (WebCore::StyleResolver::collectMatchingRulesForList):
1054         * css/StyleResolver.h:
1055         (MediaQueryResult):
1056         (WebCore::MediaQueryResult::MediaQueryResult):
1057         (WebCore):
1058         (StyleResolver):
1059
1060 2012-05-28  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1061
1062         Move allowRoundingHacks to Internals interface
1063         https://bugs.webkit.org/show_bug.cgi?id=87328
1064
1065         Reviewed by Hajime Morita.
1066
1067         Add allowRoundingHacks function, because it is able to work in the
1068         cross-port way by means of the Internals interface.
1069
1070         In addition, a function is added in order to restore default setting values.
1071
1072         No new tests, since we are improving here the infra-structure for testing
1073         a specific method.
1074
1075         * testing/Internals.cpp:
1076         (WebCore::Internals::reset):
1077         (WebCore):
1078         (WebCore::Internals::resetDefaultsToConsistentValues):
1079         (WebCore::Internals::allowRoundingHacks):
1080         * testing/Internals.h:
1081         (Internals):
1082         * testing/Internals.idl:
1083
1084 2012-05-28  Jonathan Dong  <jonathan.dong@torchmobile.com.cn>
1085
1086         [BlackBerry] http authentication crash the browser when user commit or cancel the http authentication dialog
1087         https://bugs.webkit.org/show_bug.cgi?id=87579
1088
1089         Reviewed by George Staikos.
1090
1091         In function NetworkJob::startNewJobWithRequest, We should cancel the
1092         NetworkJob first before we start a new NetworkJob which reuses the
1093         resource handle of the old one. If we only set the m_handle = 0 of the
1094         old NetworkJob without cancelling itself, it will still receives data
1095         notification from network thread and handles the received data with
1096         the released resource handler, which will cause the crash.
1097
1098         No new tests because no behavior has changed.
1099
1100         * platform/network/blackberry/NetworkJob.cpp:
1101         (WebCore::NetworkJob::startNewJobWithRequest):
1102
1103 2012-05-27  MORITA Hajime  <morrita@google.com>
1104
1105         [Refactoring][ShadowDOM] Some ElementShadow methods can be inlined.
1106         https://bugs.webkit.org/show_bug.cgi?id=87617
1107
1108         Reviewed by Kentaro Hara.
1109
1110         Inlined ElementShadow::attachHost(), ElementShadow::detachHost() and
1111         ElementShadow::reattach()
1112
1113         No new tests. No behavior change.
1114
1115         * dom/Element.cpp:
1116         (WebCore::Element::attach):
1117         (WebCore::Element::detach):
1118         * dom/ElementShadow.cpp:
1119         (WebCore::ElememtnShadow::reattachHostChildrenAndShadow):
1120         * dom/ElementShadow.h:
1121         (ElementShadow):
1122
1123 2012-05-28  Peter Rybin  <peter.rybin@gmail.com>
1124
1125         Web Inspector: CodeGeneratorInspector.py: protect typed API from C++ implicit float to int cast
1126         https://bugs.webkit.org/show_bug.cgi?id=87183
1127
1128         Reviewed by Yury Semikhatsky.
1129
1130         An intermediate C++ class is introduced that uses C++ template technique to control actual type
1131         of its constructor argument.
1132         All input parameters of type "int" now have type ExactlyInt. 
1133         All usage sites are fixed accordingly.
1134
1135         * inspector/CodeGeneratorInspector.py:
1136         (TypeModel.RefPtrBased):
1137         (TypeModel.Enum):
1138         (TypeModel.ValueType):
1139         (TypeModel.ValueType.get_opt_output_type_):
1140         (TypeModel.ValueType.ValueOptional.get_command_return_pass_model):
1141         (TypeModel.ExactlyInt):
1142         (TypeModel.ExactlyInt.__init__):
1143         (TypeModel.ExactlyInt.get_input_param_type_text):
1144         (TypeModel.ExactlyInt.get_opt_output_type_):
1145         (TypeModel.init_class):
1146         (ExactlyInt):
1147         * inspector/InspectorAgent.cpp:
1148         (WebCore::InspectorAgent::enable):
1149         (WebCore::InspectorAgent::didCreateWorker):
1150         (WebCore::InspectorAgent::didDestroyWorker):
1151         (WebCore::InspectorAgent::evaluateForTestInFrontend):
1152         * inspector/InspectorApplicationCacheAgent.cpp:
1153         (WebCore::InspectorApplicationCacheAgent::updateApplicationCacheStatus):
1154         (WebCore::InspectorApplicationCacheAgent::getFramesWithManifests):
1155         * inspector/InspectorDOMAgent.cpp:
1156         (WebCore::InspectorDOMAgent::buildObjectForNode):
1157         * inspector/InspectorMemoryAgent.cpp:
1158         (WebCore::jsHeapInfo):
1159         (WebCore::InspectorMemoryAgent::getProcessMemoryDistribution):
1160         * inspector/PageRuntimeAgent.cpp:
1161         (WebCore::PageRuntimeAgent::notifyContextCreated):
1162
1163 2012-05-28  Kentaro Hara  <haraken@chromium.org>
1164
1165         Unreviewed. Rebaselined run-binding-tests results.
1166
1167         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
1168         (WebCore::JSTestActiveDOMObjectOwner::finalize):
1169         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
1170         (WebCore::JSTestCustomNamedGetterOwner::finalize):
1171         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
1172         (WebCore::JSTestEventConstructorOwner::finalize):
1173         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
1174         (WebCore::JSTestEventTargetOwner::finalize):
1175         * bindings/scripts/test/JS/JSTestException.cpp:
1176         (WebCore::JSTestExceptionOwner::finalize):
1177         * bindings/scripts/test/JS/JSTestInterface.cpp:
1178         (WebCore::JSTestInterfaceOwner::finalize):
1179         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
1180         (WebCore::JSTestMediaQueryListListenerOwner::finalize):
1181         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
1182         (WebCore::JSTestNamedConstructorOwner::finalize):
1183         * bindings/scripts/test/JS/JSTestObj.cpp:
1184         (WebCore::JSTestObjOwner::finalize):
1185         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
1186         (WebCore::JSTestSerializedScriptValueInterfaceOwner::finalize):
1187         * bindings/scripts/test/V8/V8TestObj.cpp:
1188         (WebCore::V8TestObj::installPerContextProperties):
1189
1190 2012-05-28  Darin Adler  <darin@apple.com>
1191
1192         StyleResolver need not allocate each MediaQueryResult on the heap
1193         https://bugs.webkit.org/show_bug.cgi?id=75223
1194
1195         Reviewed by Daniel Bates.
1196
1197         * css/MediaQuery.cpp: Removed some comments that pointed to CSS documents.
1198         There is no guarantee these links will be valid over time.
1199         (WebCore::MediaQuery::MediaQuery): Rewrote for clarity, conventional WebKit coding
1200         style, and simplicity.
1201         (WebCore::MediaQuery::copy): Moved out of line; not performance critical, and this
1202         allows us to cut down header dependencies.
1203         (WebCore::MediaQuery::cssText): Updated for change to data member name.
1204
1205         * css/MediaQuery.h: Removed unneeded includes. Removed non-helpful argument name
1206         "exprs". Changed expressions function to return a reference instead of
1207         a pointer. Changed mediaType and cssText functions to return a reference. Renamed
1208         m_serializationCache to m_serializedQuery. Moved copy function out of header.
1209
1210         * css/MediaQueryEvaluator.cpp: Renamed EvalFunc to MediaFeatureEvaluationFunction.
1211         Broke a FIXME into three and reworded for clarity.
1212         (WebCore::MediaQueryEvaluator): Updated for name changes.
1213         (WebCore::MediaQueryEvaluator::eval): Rewrote this for clarity and to regularize
1214         the logic a bit.
1215         (WebCore::aspect_ratioMediaFeatureEval): Got rid of a != 0 that is contrary to the
1216         normal WebKit style.
1217         (WebCore::device_aspect_ratioMediaFeatureEval): Ditto.
1218         (WebCore::transform_3dMediaFeatureEval): Fixed mangled #if that was here.
1219         (WebCore::view_modeMediaFeatureEval): Replaced UNUSED_PARAM usage with ASSERT_UNUSED.
1220         (WebCore::createFunctionMap): Changed this so it returns the map so we can use a
1221         cleaner style in the caller.
1222         (WebCore::MediaQueryEvaluator::eval): Updated to take a reference and improved the
1223         comments and coding style a bit.
1224
1225         * css/MediaQueryEvaluator.h: Updated comment style. Removed unused constructor.
1226         Removed unneeded destructor declaration. Renamed m_expResult to m_mediaFeatureResult.
1227
1228         * css/StyleResolver.cpp: Moved the MediaQueryResult class into this file
1229         and made it a structure rather than a class.
1230         (WebCore::StyleResolver::addViewportDependentMediaQueryResult): Updated to take
1231         a reference argument instead of a pointer and for the new vector type.
1232         (WebCore::StyleResolver::affectedByViewportChange): Updated for above changes.
1233
1234         * css/StyleResolver.h: Removed many unneeded includes and forward declarations of
1235         classes, including now-unneeded include of MediaQueryExp.h. Replaced MediaQueryResult
1236         definition with a forward declaration. Changed addViewportDependentMediaQueryResult
1237         to take a reference instead of a pointer. Changed m_viewportDependentMediaQueryResults
1238         to be a vector of values rather than of pointers.
1239
1240 2012-05-27  Shinya Kawanaka  <shinyak@chromium.org>
1241
1242         cut, copy or paste event won't be fired in Shadow DOM.
1243         https://bugs.webkit.org/show_bug.cgi?id=87352
1244
1245         Reviewed by Dimitri Glazkov.
1246
1247         cut, copy or paste event was not fired in Shadow DOM.
1248         Since event re-targeting has been implemented, it should be safe to fire them in Shadow DOM now.
1249
1250         Tests: fast/dom/shadow/cppevent-in-shadow.html
1251                fast/dom/shadow/cppevent-input-in-shadow.html
1252
1253         * editing/Editor.cpp:
1254         (WebCore::Editor::findEventTargetFrom):
1255
1256 2012-05-27  Hayato Ito  <hayato@chromium.org>
1257
1258         Support multiple shadow roots in event dispatching.
1259         https://bugs.webkit.org/show_bug.cgi?id=87470
1260
1261         Reviewed by Dimitri Glazkov.
1262
1263         The current implementation does not set event's target correctly
1264         if an event happens on DOM tree with multiple shadow roots.  So
1265         this patch updates an event re-targeting algorithm so that it
1266         works even if it is applied to multiple shadow roots.
1267
1268         Tests: fast/dom/shadow/shadow-dom-event-dispatching.html
1269
1270         * dom/ComposedShadowTreeWalker.cpp:
1271         (WebCore::ComposedShadowTreeWalker::traverseParentIncludingInsertionPointAndShadowRoot):
1272         * dom/EventDispatcher.cpp:
1273         (WebCore::EventDispatcher::ensureEventAncestors):
1274
1275 2012-05-27  Benjamin Poulain  <benjamin@webkit.org>
1276
1277         Minor code cleaning for the interface of MainResourceLoader
1278         https://bugs.webkit.org/show_bug.cgi?id=87607
1279
1280         Reviewed by Darin Adler.
1281
1282         * loader/MainResourceLoader.cpp:
1283         (WebCore::MainResourceLoader::MainResourceLoader):
1284         (WebCore::MainResourceLoader::handleSubstituteDataLoadNow):
1285         (WebCore::MainResourceLoader::handleSubstituteDataLoadSoon):
1286         * loader/MainResourceLoader.h:
1287         (MainResourceLoader):
1288         -Add the OVERRIDE keyword for the methods inherited from ResourceLoader.
1289         -Remove the useless declaration of handleDataLoad(ResourceRequest&), this method does not exist.
1290         -Rename handleDataLoadNow() to handleSubstituteDataLoadNow() and make the method private. This should
1291          only be used by handleSubstituteDataLoadSoon() and indirectly through the timer.
1292
1293 2012-05-27  Yoshifumi Inoue  <yosin@chromium.org>
1294
1295         [WTF] Introduce UINT64_C to MathExtras.h
1296         https://bugs.webkit.org/show_bug.cgi?id=87485
1297
1298         Reviewed by Kent Tamura.
1299
1300         This patch introduces UINT64_C for all platforms to avoid using
1301         conditional compilation.
1302
1303         No new tests. This patch doesn't change behavior.
1304
1305         * Modules/websockets/WebSocketFrame.cpp:
1306         (WebCore::WebSocketFrame::parseFrame): Replace conditional compilation with UINT64_C.
1307
1308 2012-05-27  Luke Macpherson  <macpherson@chromium.org>
1309
1310         Use StringBuilder in WebKitCSSTransformValue::customCssText() to allow code reuse with CSS Variables.
1311         https://bugs.webkit.org/show_bug.cgi?id=87462
1312
1313         Reviewed by Dimitri Glazkov.
1314
1315         Factor out strings into a const char* array, and use a StringBuilder instead of String concatenation.
1316         This will allow future code to re-use the array of transform names, and StringBuilder is generally faster.
1317
1318         Covered by existing CSS transform tests.
1319
1320         * css/WebKitCSSTransformValue.cpp:
1321         (WebCore):
1322         (WebCore::WebKitCSSTransformValue::customCssText):
1323
1324 2012-05-27  Arvid Nilsson  <anilsson@rim.com>
1325
1326         [BlackBerry] Update color for tap highlight and selection
1327         https://bugs.webkit.org/show_bug.cgi?id=87606
1328
1329         Reviewed by Antonio Gomes.
1330
1331         PR #154813
1332
1333         * platform/blackberry/RenderThemeBlackBerry.cpp:
1334         (WebCore::RenderThemeBlackBerry::platformTapHighlightColor):
1335         (WebCore::RenderThemeBlackBerry::platformActiveSelectionBackgroundColor):
1336
1337 2012-05-27  Benjamin Poulain  <bpoulain@apple.com>
1338
1339         When pages are loaded from AppCache with DeferredLoading, willSendRequest() is never called
1340         https://bugs.webkit.org/show_bug.cgi?id=87582
1341
1342         Reviewed by Darin Adler.
1343
1344         Previously, there was a shortcut when a deferred MainResourceLoader is resumed: If the data
1345         was coming from AppCache we could jump directly to startDataLoadTimer().
1346
1347         The problem with the shortcut is willSendRequest() is never called in that particular case
1348         (substituteData + deferred-resume). The imbalance between willSendRequest() and didReceiveResponse()
1349         causes problems.
1350
1351         This patch removes the shortcut so that MainResourceLoader::loadNow() is used regardless of
1352         the deferred loading. The method MainResourceLoader::loadNow() handle the substituteData as if the loading
1353         was not deferred.
1354
1355         Test: http/tests/appcache/load-from-appcache-defer-resume-crash.html
1356
1357         * loader/MainResourceLoader.cpp:
1358         (WebCore::MainResourceLoader::continueAfterNavigationPolicy):
1359         (WebCore::MainResourceLoader::handleSubstituteDataLoadSoon):
1360         Rename the method to be consistent with the attribute it uses, making the naming more explicit.
1361         (WebCore::MainResourceLoader::loadNow):
1362         (WebCore::MainResourceLoader::setDefersLoading):
1363         * loader/MainResourceLoader.h:
1364         (MainResourceLoader):
1365
1366 2012-05-27  David Kilzer  <ddkilzer@apple.com>
1367
1368         Use xcrun to find gperf path on platforms that use Xcode
1369         <http://webkit.org/b/87587>
1370
1371         Reviewed by Dan Bernstein.
1372
1373         * WebCore.xcodeproj/project.pbxproj:
1374         (Generate Derived Sources): Set GPERF environment variable using
1375         xcrun.
1376         * css/makeprop.pl: Use GPERF environment variable if set, else
1377         "gperf".
1378         * css/makevalues.pl: Ditto.
1379         * make-hash-tools.pl: Ditto.
1380
1381 2012-05-27  Li Yin  <li.yin@intel.com>
1382
1383         [FileAPI] FileReader should fire progress event when blob has been completely read into memory
1384         https://bugs.webkit.org/show_bug.cgi?id=87585
1385
1386         Reviewed by Kentaro Hara.
1387
1388         From Spec: http://www.w3.org/TR/FileAPI/#dfn-progress-event
1389         One progress event will fire when blob has been completely read into memory.
1390         Firefox, Opera and IE follows the spec.
1391         Webkit based browser doesn't do that, it only fires progress event at interval of 50ms.
1392         WebKit should add the behavior to make the conformance with the spec.
1393
1394         Tests: fast/files/file-reader-event-listener.html
1395
1396         * fileapi/FileReader.cpp:
1397         (WebCore::FileReader::didFinishLoading):
1398
1399 2012-05-26  Li Yin  <li.yin@intel.com>
1400
1401         [FileAPI] The result attribute of FileReader shuold use null to replace empty string
1402         https://bugs.webkit.org/show_bug.cgi?id=87578
1403
1404         Reviewed by Kentaro Hara.
1405
1406         From Spec: http://www.w3.org/TR/FileAPI/#filedata-attr
1407         Before read method has been called or an error in reading has occurred,
1408         the result attribute should be null, not empty string.
1409
1410         Currently, Firefox, Opera and IE 10 follows the spec, but Webkit based 
1411         browser don't.
1412         WebKit should change the returned value empty string into null to keep 
1413         conformance with the spec.
1414
1415         Tests: fast/files/read-file-async.html
1416                fast/files/blob-slice-test.html
1417                fast/files/read-blob-async.html
1418                fast/files/workers/worker-read-blob-async.html
1419                fast/files/workers/worker-read-file-async.html
1420
1421         * fileapi/FileReader.cpp:
1422         (WebCore::FileReader::stringResult):
1423
1424 2012-05-26  Andy Estes  <aestes@apple.com>
1425
1426         Fix the build when NETSCAPE_PLUGIN_API is disabled by marking a
1427         parameter as unused.
1428
1429         * plugins/PluginData.cpp:
1430         (WebCore::PluginData::initPlugins):
1431
1432 2012-05-26  Nate Chapin  <japhet@chromium.org>
1433
1434         Cancel CachedResource loads when the last client is removed.
1435         https://bugs.webkit.org/show_bug.cgi?id=35377
1436
1437         Reviewed by Darin Adler.
1438
1439         Test: http/tests/cache/cancel-in-progress-load.html
1440
1441         * loader/SubresourceLoader.cpp:
1442         (WebCore::SubresourceLoader::errorLoadingResource):
1443         * loader/cache/CachedCSSStyleSheet.cpp:
1444         (WebCore::CachedCSSStyleSheet::allClientsRemoved):
1445         * loader/cache/CachedFont.cpp:
1446         (WebCore::CachedFont::allClientsRemoved):
1447         * loader/cache/CachedImage.cpp:
1448         (WebCore::CachedImage::allClientsRemoved):
1449         * loader/cache/CachedRawResource.cpp:
1450         (WebCore):
1451         * loader/cache/CachedRawResource.h:
1452         (WebCore::CachedRawResource::shouldIgnoreHTTPStatusCodeErrors):
1453         * loader/cache/CachedResource.cpp:
1454         (WebCore::CachedResource::allClientsRemoved):
1455         (WebCore):
1456         * loader/cache/CachedResource.h:
1457         (CachedResource):
1458         * loader/cache/CachedScript.cpp:
1459         (WebCore::CachedScript::allClientsRemoved):
1460
1461 2012-05-26  Simon Fraser  <simon.fraser@apple.com>
1462
1463         fast/block/inline-children-root-linebox-crash.html asserts after r118567
1464         https://bugs.webkit.org/show_bug.cgi?id=87544
1465
1466         Reviewed by Darin Adler.
1467         
1468         RenderInline::offsetFromContainer() set offsetDependsOnPoint to true based
1469         on the container's flipped writing mode. However, offsetFromContainer() would
1470         then overwrite that, since it only checked for columns.
1471         
1472         Fix by having RenderInline::offsetFromContainer() check for flipping on
1473         the container. This fixes the assertion.
1474         
1475         The new testcase exercises fixes another issue; unlike mapLocalToAbsolute(),
1476         RenderGeometryMap::absoluteRect() didn't pass the rect center point through
1477         the mapping, which resulted in a different result in some flipping cases.
1478
1479         Test: compositing/geometry/flipped-blocks-inline-mapping.html
1480
1481         * rendering/RenderGeometryMap.cpp:
1482         (WebCore::RenderGeometryMap::absoluteRect):
1483         * rendering/RenderInline.cpp:
1484         (WebCore::RenderInline::offsetFromContainer):
1485         (WebCore::RenderInline::pushMappingToContainer):
1486
1487 2012-05-26  Geoffrey Garen  <ggaren@apple.com>
1488
1489         WebKit should be lazy-finalization-safe (esp. the DOM) v2
1490         https://bugs.webkit.org/show_bug.cgi?id=87581
1491
1492         Reviewed by Oliver Hunt.
1493
1494         * bindings/js/JSDOMGlobalObject.cpp:
1495         (WebCore::JSDOMGlobalObject::destroy):
1496         * bindings/js/JSDOMWindowBase.cpp:
1497         (WebCore::JSDOMWindowBase::destroy):
1498         * bindings/js/JSDOMWindowShell.cpp:
1499         (WebCore::JSDOMWindowShell::destroy):
1500         * bindings/js/JSNodeCustom.cpp:
1501         (WebCore::JSNodeOwner::finalize):
1502         * bindings/js/JSWorkerContextBase.cpp:
1503         (WebCore::JSWorkerContextBase::destroy):
1504         * bindings/scripts/CodeGeneratorJS.pm:
1505         (GenerateImplementation):
1506         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
1507         (WebCore::JSTestActiveDOMObject::destroy):
1508         (WebCore::JSTestActiveDOMObjectOwner::finalize):
1509         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
1510         (WebCore::JSTestCustomNamedGetter::destroy):
1511         (WebCore::JSTestCustomNamedGetterOwner::finalize):
1512         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
1513         (WebCore::JSTestEventConstructor::destroy):
1514         (WebCore::JSTestEventConstructorOwner::finalize):
1515         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
1516         (WebCore::JSTestEventTarget::destroy):
1517         (WebCore::JSTestEventTargetOwner::finalize):
1518         * bindings/scripts/test/JS/JSTestException.cpp:
1519         (WebCore::JSTestException::destroy):
1520         (WebCore::JSTestExceptionOwner::finalize):
1521         * bindings/scripts/test/JS/JSTestInterface.cpp:
1522         (WebCore::JSTestInterface::destroy):
1523         (WebCore::JSTestInterfaceOwner::finalize):
1524         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
1525         (WebCore::JSTestMediaQueryListListener::destroy):
1526         (WebCore::JSTestMediaQueryListListenerOwner::finalize):
1527         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
1528         (WebCore::JSTestNamedConstructor::destroy):
1529         (WebCore::JSTestNamedConstructorOwner::finalize):
1530         * bindings/scripts/test/JS/JSTestObj.cpp:
1531         (WebCore::JSTestObj::destroy):
1532         (WebCore::JSTestObjOwner::finalize):
1533         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
1534         (WebCore::JSTestSerializedScriptValueInterface::destroy):
1535         (WebCore::JSTestSerializedScriptValueInterfaceOwner::finalize):
1536         * bridge/objc/objc_runtime.mm:
1537         (JSC::Bindings::ObjcFallbackObjectImp::destroy):
1538         * bridge/qt/qt_runtime.cpp:
1539         (JSC::Bindings::QtRuntimeMethod::destroy):
1540         * bridge/qt/qt_runtime_qt4.cpp:
1541         (JSC::Bindings::QtRuntimeMethod::destroy):
1542         * bridge/runtime_array.cpp:
1543         (JSC::RuntimeArray::destroy):
1544         * bridge/runtime_method.cpp:
1545         (JSC::RuntimeMethod::destroy):
1546         * bridge/runtime_object.cpp:
1547         (JSC::Bindings::RuntimeObject::destroy):
1548         * bridge/runtime_root.cpp:
1549         (JSC::Bindings::RootObject::finalize): Use static_cast instead of jsCast because
1550         jsCast does Structure-based validation, and our Structure is not guaranteed
1551         to be alive when we get finalized.
1552
1553 2012-05-26  Simon Fraser  <simon.fraser@apple.com>
1554
1555         Clip rects assertion when hovering div with transform
1556         https://bugs.webkit.org/show_bug.cgi?id=87580
1557
1558         Reviewed by Eric Seidel.
1559         
1560         Hit testing used to use temporary clip rects in composited documents,
1561         until r118562. Now that we cache clip rects for hit testing, we need
1562         to clear the cache on descendant layers when a layer gains or loses
1563         a transform.
1564
1565         Test: fast/layers/clip-rects-assertion.html
1566
1567         * rendering/RenderLayer.cpp:
1568         (WebCore::RenderLayer::updateTransform):
1569
1570 2012-05-25  Dan Bernstein  <mitz@apple.com>
1571
1572         <rdar://problem/11439771> WebProcess sends many synchronous messages to the UI process while scrolling beneath ScrollView::contentsToScreen()
1573         https://bugs.webkit.org/show_bug.cgi?id=87571
1574
1575         Reviewed by Anders Carlsson.
1576
1577         fakeMouseEventTimerFired() uses the last known mouse position for the fake mouse event, but
1578         calls contentsToScreen() to compute a corresponding position in screen coordinates. Avoid
1579         this by also recording the last known mouse position in screen coordinates, and using that
1580         value.
1581
1582         * page/EventHandler.cpp:
1583         (WebCore::EventHandler::clear): Added resetting m_currentMouseGlobalPosition.
1584         (WebCore::EventHandler::handleMousePressEvent): Added updating m_currentMouseGlobalPosition
1585         when updating m_currentMousePosition.
1586         (WebCore::EventHandler::handleMouseDoubleClickEvent): Ditto.
1587         (WebCore::EventHandler::handleMouseMoveEvent): Ditto.
1588         (WebCore::EventHandler::handleMouseReleaseEvent): Ditto.
1589         (WebCore::EventHandler::fakeMouseMoveEventTimerFired): Changed to use m_currentMouseGlobalPosition
1590         in the fake event instead of calling contentsToScreen().
1591         * page/EventHandler.h: Added m_currentMouseGlobalPosition data member.
1592
1593 2012-05-25  Philippe Normand  <pnormand@igalia.com>
1594
1595         [GStreamer] Remove ImageGStreamerCG implementation
1596         https://bugs.webkit.org/show_bug.cgi?id=87559
1597
1598         The ImageGStreamerCG abstraction is being removed until I manage to
1599         port my gst-mac WebKit branch over to the WebKit2 mac port. No
1600         need to update the XCode project because this file is not
1601         referenced there anyway.
1602
1603         Reviewed by Martin Robinson.
1604
1605         * platform/graphics/gstreamer/ImageGStreamer.h:
1606         (ImageGStreamer):
1607         * platform/graphics/gstreamer/ImageGStreamerCG.mm: Removed.
1608
1609 2012-05-26  Rob Buis  <rwlbuis@webkit.org>
1610
1611         Bug 15799: textPath element does not re-render when referenced path changes
1612         https://bugs.webkit.org/show_bug.cgi?id=15799
1613
1614         Reviewed by Nikolas Zimmermann.
1615
1616         Support textPath updating to changes on the referenced path. To make this possible
1617         use the target reference functionality also used by SVGFEImageElement.
1618
1619         Tests: svg/custom/textPath-change-id-expected.svg
1620                svg/custom/textPath-change-id-pattern-expected.svg
1621                svg/custom/textPath-change-id-pattern.svg
1622                svg/custom/textPath-change-id.svg
1623                svg/custom/textPath-change-id2-expected.svg
1624                svg/custom/textPath-change-id2-pattern-expected.svg
1625                svg/custom/textPath-change-id2-pattern.svg
1626                svg/custom/textPath-change-id2.svg
1627                svg/custom/textPath-change-reference-expected.svg
1628                svg/custom/textPath-change-reference-pattern-expected.svg
1629                svg/custom/textPath-change-reference-pattern.svg
1630                svg/custom/textPath-change-reference-using-baseval-expected.svg
1631                svg/custom/textPath-change-reference-using-baseval-pattern-expected.svg
1632                svg/custom/textPath-change-reference-using-baseval-pattern.svg
1633                svg/custom/textPath-change-reference-using-baseval.svg
1634                svg/custom/textPath-change-reference.svg
1635                svg/custom/textPath-change-reference2-expected.svg
1636                svg/custom/textPath-change-reference2-pattern-expected.svg
1637                svg/custom/textPath-change-reference2-pattern.svg
1638                svg/custom/textPath-change-reference2-using-baseval-expected.svg
1639                svg/custom/textPath-change-reference2-using-baseval-pattern-expected.svg
1640                svg/custom/textPath-change-reference2-using-baseval-pattern.svg
1641                svg/custom/textPath-change-reference2-using-baseval.svg
1642                svg/custom/textPath-change-reference2.svg
1643                svg/custom/textPath-insert-path-expected.svg
1644                svg/custom/textPath-insert-path-pattern-expected.svg
1645                svg/custom/textPath-insert-path-pattern.svg
1646                svg/custom/textPath-insert-path.svg
1647                svg/custom/textPath-modify-child-expected.svg
1648                svg/custom/textPath-modify-child-pattern-expected.svg
1649                svg/custom/textPath-modify-child-pattern.svg
1650                svg/custom/textPath-modify-child.svg
1651                svg/custom/textPath-path-change-expected.svg
1652                svg/custom/textPath-path-change-pattern-expected.svg
1653                svg/custom/textPath-path-change-pattern.svg
1654                svg/custom/textPath-path-change-using-svg-dom-expected.svg
1655                svg/custom/textPath-path-change-using-svg-dom-pattern-expected.svg
1656                svg/custom/textPath-path-change-using-svg-dom-pattern.svg
1657                svg/custom/textPath-path-change-using-svg-dom.svg
1658                svg/custom/textPath-path-change.svg
1659                svg/custom/textPath-path-change2-expected.svg
1660                svg/custom/textPath-path-change2-pattern-expected.svg
1661                svg/custom/textPath-path-change2-pattern.svg
1662                svg/custom/textPath-path-change2.svg
1663                svg/custom/textPath-remove-path-expected.svg
1664                svg/custom/textPath-remove-path-pattern-expected.svg
1665                svg/custom/textPath-remove-path-pattern.svg
1666                svg/custom/textPath-remove-path.svg
1667                svg/custom/textPath-set-id-expected.svg
1668                svg/custom/textPath-set-id.svg
1669                svg/custom/textPath-startoffset-expected.svg
1670                svg/custom/textPath-startoffset-pattern-expected.svg
1671                svg/custom/textPath-startoffset-pattern.svg
1672                svg/custom/textPath-startoffset.svg
1673
1674         * svg/SVGTextPathElement.cpp:
1675         (WebCore::SVGTextPathElement::~SVGTextPathElement):
1676         (WebCore):
1677         (WebCore::SVGTextPathElement::clearResourceReferences):
1678         (WebCore::SVGTextPathElement::svgAttributeChanged):
1679         (WebCore::SVGTextPathElement::buildPendingResource):
1680         (WebCore::SVGTextPathElement::insertedInto):
1681         (WebCore::SVGTextPathElement::removedFrom):
1682         * svg/SVGTextPathElement.h:
1683
1684 2012-05-26  Nikolas Zimmermann  <nzimmermann@rim.com>
1685
1686         Avoid updateFromElement() usage in SVG
1687         https://bugs.webkit.org/show_bug.cgi?id=87573
1688
1689         Stop relying on updateFromElement() - instead rely on addChild/removeChild, which
1690         allows us to optimize the resources re-fetching. When a child is added to the tree
1691         we don't need to remove existing resources from the SVGResourcesCache - the renderer
1692         can't be in the cache yet. Similary, remove the entry from the cache earlier: as soon
1693         as the renderer is removed from the tree, instead of waiting for willBeDestroyed().
1694
1695         No new tests, refactoring only.
1696
1697         * rendering/svg/RenderSVGBlock.cpp:
1698         * rendering/svg/RenderSVGBlock.h:
1699         (RenderSVGBlock):
1700         * rendering/svg/RenderSVGContainer.cpp:
1701         (WebCore::RenderSVGContainer::addChild):
1702         (WebCore):
1703         (WebCore::RenderSVGContainer::removeChild):
1704         * rendering/svg/RenderSVGContainer.h:
1705         (RenderSVGContainer):
1706         * rendering/svg/RenderSVGInline.cpp:
1707         (WebCore::RenderSVGInline::addChild):
1708         (WebCore::RenderSVGInline::removeChild):
1709         * rendering/svg/RenderSVGInline.h:
1710         (RenderSVGInline):
1711         * rendering/svg/RenderSVGModelObject.cpp:
1712         * rendering/svg/RenderSVGModelObject.h:
1713         (RenderSVGModelObject):
1714         * rendering/svg/RenderSVGResourceContainer.cpp:
1715         (WebCore::RenderSVGResourceContainer::registerResource):
1716         * rendering/svg/RenderSVGRoot.cpp:
1717         (WebCore::RenderSVGRoot::addChild):
1718         (WebCore):
1719         (WebCore::RenderSVGRoot::removeChild):
1720         * rendering/svg/RenderSVGRoot.h:
1721         (RenderSVGRoot):
1722         * rendering/svg/RenderSVGText.cpp:
1723         (WebCore::RenderSVGText::addChild):
1724         (WebCore::RenderSVGText::removeChild):
1725         * rendering/svg/SVGResourcesCache.cpp:
1726         (WebCore::SVGResourcesCache::clientStyleChanged):
1727         (WebCore::rendererCanHaveResources):
1728         (WebCore):
1729         (WebCore::SVGResourcesCache::clientWasAddedToTree):
1730         (WebCore::SVGResourcesCache::clientWillBeRemovedFromTree):
1731         * rendering/svg/SVGResourcesCache.h:
1732         (SVGResourcesCache):
1733         * svg/SVGStyledElement.cpp:
1734         * svg/SVGStyledElement.h:
1735         (SVGStyledElement):
1736
1737 2012-05-25  Nat Duca  <nduca@chromium.org>
1738
1739         [chromium] Instrument V8 GC with TraceEvent
1740         https://bugs.webkit.org/show_bug.cgi?id=87530
1741
1742         Reviewed by Kentaro Hara.
1743
1744         We sometimes get performance issues where performance stalls can
1745         be attributed to badly timed GC operations, especially ones that
1746         happen just before a frame running. This adds tracing calls around
1747         GC so that we can better understand these kinds of hangs.
1748
1749         * bindings/v8/V8GCController.cpp:
1750         (WebCore::V8GCController::gcPrologue):
1751         (WebCore::V8GCController::gcEpilogue):
1752
1753 2012-05-25  Garrett Casto  <gcasto@chromium.org>
1754
1755         Allow WebTextFieldDecoratorClient to see applied decorations.
1756         https://bugs.webkit.org/show_bug.cgi?id=86557
1757
1758         Reviewed by Kent Tamura.
1759
1760         * html/shadow/TextFieldDecorationElement.cpp:
1761         (WebCore::TextFieldDecorationElement::fromShadowRoot): A function
1762         that will extract a TextFielDecorationElement from a ShadowRoot, if
1763         there is one.
1764         * html/shadow/TextFieldDecorationElement.h:
1765         (WebCore):
1766         (TextFieldDecorator):
1767
1768 2012-05-25  Tony Chang  <tony@chromium.org>
1769
1770         implement new negative flexing algorithm
1771         https://bugs.webkit.org/show_bug.cgi?id=86528
1772
1773         Reviewed by Ojan Vafai.
1774
1775         Rather than just scale by the negative flexibility, we also take the
1776         flex-basis (preferred size) into consideration.  That means items with
1777         a larger preferred size will shrink faster.
1778
1779         Test: css3/flexbox/flex-algorithm.html (new test cases added)
1780
1781         * rendering/RenderFlexibleBox.cpp:
1782         (WebCore::RenderFlexibleBox::preferredMainAxisContentExtentForChild): Handle overflow.
1783         (WebCore::RenderFlexibleBox::layoutFlexItems):
1784         (WebCore::RenderFlexibleBox::computeNextFlexLine): Sum weighted negative flex.
1785         (WebCore::RenderFlexibleBox::freezeViolations):
1786         (WebCore::RenderFlexibleBox::resolveFlexibleLengths): Shrink by weighted amount.
1787         Also handle large values by making sure the flex values are finite.
1788         * rendering/RenderFlexibleBox.h:
1789
1790 2012-05-25  Mihai Parparita  <mihaip@chromium.org>
1791
1792         Allow synchronous XHRs to be disabled in documents
1793         https://bugs.webkit.org/show_bug.cgi?id=87540
1794
1795         Reviewed by Eric Seidel.
1796
1797         Test: fast/xmlhttprequest/xmlhttprequest-sync-disabled.html
1798
1799         Synchronous XMLHttpRequests are a problematic API, since they result
1800         in blocked UI threads. Some clients may wish to always disable them;
1801         give them a setting to do so (see also r103629 for other cases where
1802         synchronous XHRs are disabled).
1803
1804         * page/Settings.cpp:
1805         (WebCore):
1806         (WebCore::Settings::Settings):
1807         * page/Settings.h:
1808         (Settings):
1809         (WebCore::Settings::setSyncXHRInDocumentsEnabled):
1810         (WebCore::Settings::syncXHRInDocumentsEnabled):
1811         * testing/InternalSettings.cpp:
1812         (WebCore::InternalSettings::InternalSettings):
1813         (WebCore::InternalSettings::restoreTo):
1814         (WebCore::InternalSettings::setSyncXHRInDocumentsEnabled):
1815         (WebCore):
1816         * testing/InternalSettings.h:
1817         (InternalSettings):
1818         * testing/InternalSettings.idl:
1819         * xml/XMLHttpRequest.cpp:
1820         (WebCore::XMLHttpRequest::open):
1821
1822 2012-05-25  Kinuko Yasuda  <kinuko@chromium.org>
1823
1824         [chromium] Deprecate FileUtilities::getFileSize and getFileModifiedTime in favor of getFileMetadata
1825         https://bugs.webkit.org/show_bug.cgi?id=87492
1826
1827         Reviewed by Adam Barth.
1828
1829         No new tests: existing tests (http/tests/local/fileapi/* and fast/files/*) should pass.
1830
1831         * platform/chromium/FileSystemChromium.cpp:
1832         (WebCore::getFileSize):
1833         (WebCore::getFileModificationTime):
1834         (WebCore::getFileMetadata):
1835         * platform/chromium/PlatformSupport.h:
1836         (PlatformSupport):
1837
1838 2012-05-25  Abhishek Arya  <inferno@chromium.org>
1839
1840         Crash in RenderTableSection::paintCell.
1841         https://bugs.webkit.org/show_bug.cgi?id=87445
1842
1843         Reviewed by Eric Seidel and Julien Chaffraix.
1844
1845         Fix the crash by preventing table parts from being set
1846         as layout root. This prevents us from accessing removed
1847         table cells which can happen if RenderTableSection::layout
1848         is called directly without calling RenderTable::layout first
1849         (in case of cell recalc).
1850
1851         Add ASSERTs to RenderTableSection::layout to prevent
1852         layout to happen when we are already pending cell recalc
1853         or our table is pending section recalc. In those cases,
1854         RenderTable::layout should be called first to relayout
1855         the entire table.
1856
1857         Test: tables/table-section-overflow-clip-crash.html
1858
1859         * rendering/RenderObject.cpp:
1860         (WebCore::objectIsRelayoutBoundary):
1861         * rendering/RenderTableSection.cpp:
1862         (WebCore::RenderTableSection::layout):
1863
1864 2012-05-25  Philip Rogers  <pdr@google.com>
1865
1866         Fix for self-closing <use> tags
1867         https://bugs.webkit.org/show_bug.cgi?id=87504
1868
1869         Reviewed by Adam Barth.
1870
1871         This change causes self-closing non-html tags to behave the same
1872         as tags immediately followed by the closing tag.
1873
1874         Test: svg/custom/svg-self-closing-use.html
1875
1876         * html/parser/HTMLConstructionSite.cpp:
1877         (WebCore::HTMLConstructionSite::attachLater):
1878         (WebCore::HTMLConstructionSite::insertSelfClosingHTMLElement):
1879         (WebCore::HTMLConstructionSite::insertForeignElement):
1880         * html/parser/HTMLConstructionSite.h:
1881         (HTMLConstructionSite):
1882
1883 2012-05-25  Dan Bernstein  <mitz@apple.com>
1884
1885         Make the ICU-based implementation of NonSharedCharacterBreakIterator work in configurations
1886         that do not have COMPARE_AND_SWAP enabled.
1887
1888         Reviewed by Jessie Berlin.
1889
1890         * platform/text/TextBreakIteratorICU.cpp:
1891         (WebCore::compareAndSwapNonSharedCharacterBreakIterator): Added this helper. It uses
1892         weakCompareAndSwap when COMPARE_AND_SWAP is enabled, and uses a mutex to do the atomic
1893         compare and swap otherwise.
1894         (WebCore::NonSharedCharacterBreakIterator::NonSharedCharacterBreakIterator): Changed to use
1895         compareAndSwapNonSharedCharacterBreakIterator().
1896         (WebCore::NonSharedCharacterBreakIterator::~NonSharedCharacterBreakIterator): Ditto.
1897
1898 2012-05-25  Tommy Widenflycht  <tommyw@google.com>
1899
1900         MediaStream API: Make sure IceCallback is valid for PeerConnection00
1901         https://bugs.webkit.org/show_bug.cgi?id=87480
1902
1903         Reviewed by Adam Barth.
1904
1905         Existing tests have been extended to cover this change.
1906
1907         * Modules/mediastream/PeerConnection00.cpp:
1908         (WebCore::PeerConnection00::create):
1909         * Modules/mediastream/PeerConnection00.h:
1910         * Modules/mediastream/PeerConnection00.idl:
1911
1912 2012-05-25  Mike West  <mkwst@chromium.org>
1913
1914         Inline script and style blocked by Content Security Policy should provide more detailed console errors.
1915         https://bugs.webkit.org/show_bug.cgi?id=86848
1916
1917         Reviewed by Adam Barth.
1918
1919         This change adds a URL and line number for context to each call to
1920         `ContentSecurityPolicy::allowInline*`, and pipes it through to the
1921         console message generation in `CSPDirectiveList::reportViolation`.
1922
1923         Line numbers are not added for injected scripts (`document.write(...)`,
1924         `document.body.appendChild`, and etc.).
1925
1926         Tests: http/tests/security/contentSecurityPolicy/injected-inline-script-allowed.html
1927                http/tests/security/contentSecurityPolicy/injected-inline-script-blocked.html
1928                http/tests/security/contentSecurityPolicy/injected-inline-style-allowed.html
1929                http/tests/security/contentSecurityPolicy/injected-inline-style-blocked.html
1930
1931         * bindings/ScriptControllerBase.cpp:
1932         (WebCore::ScriptController::executeIfJavaScriptURL):
1933         * bindings/js/JSLazyEventListener.cpp:
1934         (WebCore::JSLazyEventListener::initializeJSFunction):
1935         * bindings/v8/V8LazyEventListener.cpp:
1936         (WebCore::V8LazyEventListener::prepareListenerObject):
1937         * dom/ScriptElement.cpp:
1938         (WebCore::ScriptElement::ScriptElement):
1939         (WebCore::ScriptElement::executeScript):
1940         * dom/ScriptElement.h:
1941         (ScriptElement):
1942         * dom/StyleElement.cpp:
1943         (WebCore::StyleElement::StyleElement):
1944         (WebCore::StyleElement::createSheet):
1945         * dom/StyleElement.h:
1946         (StyleElement):
1947         * dom/StyledElement.cpp:
1948         (WebCore::StyledElement::StyledElement):
1949         (WebCore):
1950         (WebCore::StyledElement::style):
1951         (WebCore::StyledElement::styleAttributeChanged):
1952         * dom/StyledElement.h:
1953         (StyledElement):
1954         * page/ContentSecurityPolicy.cpp:
1955         (CSPDirectiveList):
1956         (WebCore::CSPDirectiveList::reportViolation):
1957         (WebCore::CSPDirectiveList::checkInlineAndReportViolation):
1958         (WebCore::CSPDirectiveList::checkEvalAndReportViolation):
1959         (WebCore::CSPDirectiveList::allowJavaScriptURLs):
1960         (WebCore::CSPDirectiveList::allowInlineEventHandlers):
1961         (WebCore::CSPDirectiveList::allowInlineScript):
1962         (WebCore::CSPDirectiveList::allowInlineStyle):
1963         (WebCore::CSPDirectiveList::allowEval):
1964         (WebCore):
1965         (WebCore::isAllowedByAllWithCallStack):
1966         (WebCore::isAllowedByAllWithContext):
1967         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs):
1968         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers):
1969         (WebCore::ContentSecurityPolicy::allowInlineScript):
1970         (WebCore::ContentSecurityPolicy::allowInlineStyle):
1971         * page/ContentSecurityPolicy.h:
1972         (WTF):
1973
1974 2012-05-25  Tim Horton  <timothy_horton@apple.com>
1975
1976         ENABLE_CSS3_FLEXBOX is insufficient to disable all web-facing bits of the feature
1977         https://bugs.webkit.org/show_bug.cgi?id=87537
1978         <rdar://problem/11524921>
1979
1980         Reviewed by Simon Fraser.
1981
1982         Allow the feature flag to disable more web-facing parts of the CSS3 flexbox
1983         implementation (primarily fallout from hiding it from computed style).
1984
1985         * css/CSSComputedStyleDeclaration.cpp:
1986         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
1987         * css/CSSParser.cpp:
1988         (WebCore::isValidKeywordPropertyAndValue):
1989         (WebCore::isKeywordPropertyID):
1990         (WebCore::CSSParser::parseValue):
1991         * css/CSSPrimitiveValueMappings.h:
1992         (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
1993         * css/CSSProperty.cpp:
1994         (WebCore::CSSProperty::isInheritedProperty):
1995         * css/CSSPropertyNames.in:
1996         * css/CSSValueKeywords.in:
1997         * css/StyleBuilder.cpp:
1998         (WebCore::StyleBuilder::StyleBuilder):
1999         * css/StylePropertySet.cpp:
2000         (WebCore::StylePropertySet::getPropertyValue):
2001         (WebCore::StylePropertySet::asText):
2002         * css/StylePropertyShorthand.cpp:
2003         (WebCore::shorthandForProperty):
2004         * css/StylePropertyShorthand.h:
2005         * css/StyleResolver.cpp:
2006         (WebCore::StyleResolver::collectMatchingRulesForList):
2007         * page/animation/CSSPropertyAnimation.cpp:
2008         (WebCore::CSSPropertyAnimation::ensurePropertyMap):
2009         * rendering/RenderObject.cpp:
2010         (WebCore::RenderObject::createObject):
2011         * rendering/style/RenderStyleConstants.h:
2012
2013 2012-05-25  Adrienne Walker  <enne@google.com>
2014
2015         [chromium] Add setting for painting debug info onto tiles
2016         https://bugs.webkit.org/show_bug.cgi?id=75763
2017
2018         Reviewed by James Robinson.
2019
2020         Add a compile-time CCSetting to paint debug information onto tiles. This
2021         can help to understand paint counts and layer indices. This setting is
2022         off by default.
2023
2024         * platform/graphics/chromium/ContentLayerChromium.cpp:
2025         (WebCore::ContentLayerPainter::create):
2026         (WebCore::ContentLayerPainter::paint):
2027         (WebCore::ContentLayerPainter::ContentLayerPainter):
2028         (WebCore::ContentLayerChromium::createTextureUpdater):
2029         * platform/graphics/chromium/TiledLayerChromium.cpp:
2030         (WebCore::UpdatableTile::UpdatableTile):
2031         (WebCore::UpdatableTile::setUpdateFrame):
2032         (WebCore::UpdatableTile::incrementPaintCount):
2033         (WebCore::UpdatableTile::updateFrame):
2034         (WebCore::UpdatableTile::paintCount):
2035         (WebCore::TiledLayerChromium::TiledLayerChromium):
2036         (WebCore::TiledLayerChromium::prepareToUpdateTiles):
2037         (WebCore::TiledLayerChromium::paintDebugTileInfo):
2038         * platform/graphics/chromium/TiledLayerChromium.h:
2039         * platform/graphics/chromium/cc/CCLayerTreeHost.h:
2040         (WebCore::CCSettings::CCSettings):
2041
2042 2012-05-25  Ami Fischman  <fischman@chromium.org>
2043
2044         [chromium] Default media controls should render only the currentTime-containing buffered range
2045         https://bugs.webkit.org/show_bug.cgi?id=85925
2046
2047         Reviewed by Eric Carlson.
2048
2049         Test: http/tests/media/video-buffered-range-contains-currentTime.html
2050
2051         * rendering/RenderMediaControlsChromium.cpp:
2052         (WebCore::paintMediaSlider):
2053
2054 2012-05-25  Simon Fraser  <simon.fraser@apple.com>
2055
2056         Build fix: add TransformationMatrix ctor from an AffineTransform.
2057
2058         * platform/graphics/transforms/TransformationMatrix.cpp:
2059         (WebCore::TransformationMatrix::TransformationMatrix):
2060         (WebCore):
2061         * platform/graphics/transforms/TransformationMatrix.h:
2062         (TransformationMatrix):
2063
2064 2012-05-24  Ryosuke Niwa  <rniwa@webkit.org>
2065
2066         createContextualFragment and insertAdjacentHTML should throw syntax error
2067         https://bugs.webkit.org/show_bug.cgi?id=87454
2068
2069         Reviewed by Darin Adler.
2070
2071         Before this patch, createContextualFragment threw NOT_SUPPORTED_ERR and insertAdjacentHTML didn't throw any errors.
2072         Make them throw SYNTAX_ERR to be consistent with the spec and Firefox:
2073         http://html5.org/specs/dom-parsing.html#parsing
2074         http://www.whatwg.org/specs/web-apps/current-work/multipage/the-xhtml-syntax.html#xml-fragment-parsing-algorithm
2075
2076         Also reduced the code duplication.
2077
2078         Test: fast/dom/xhtml-fragment-parsing-exceptions.xhtml
2079
2080         * dom/Range.cpp:
2081         (WebCore::Range::createContextualFragment):
2082         * dom/ShadowRoot.cpp:
2083         (WebCore::ShadowRoot::setInnerHTML): Explicitly pass AllowScriptingContent. 
2084         * editing/markup.cpp:
2085         (WebCore::createFragmentFromMarkup):
2086         (WebCore::createFragmentForInnerOuterHTML): Takes ExceptionCode now.
2087         (WebCore::createContextualFragment): Share code with createFragmentForInnerOuterHTML
2088         and propagate the exception code.
2089         * editing/markup.h:
2090         * html/HTMLElement.cpp:
2091         (WebCore::HTMLElement::setInnerHTML): Explicitly pass AllowScriptingContent.
2092         (WebCore::HTMLElement::setOuterHTML): Ditto.
2093         (WebCore::HTMLElement::insertAdjacentHTML): Ditto; also rename ignoredEc to ignoredEC
2094         per Darin's comment on the bug 87339.
2095
2096 2012-05-25  John Knottenbelt  <jknotten@chromium.org>
2097
2098         Body scrollWidth() and scrollHeight() should be page scale-invariant
2099         https://bugs.webkit.org/show_bug.cgi?id=87494
2100
2101         RenderView::documentRect() is calculating the "scaled" document rect by applying
2102         the current transformation matrix to the unscaledDocumentRect() and then
2103         returning the rounded-out IntRect result.
2104
2105         This rounding out is incorrect because it allows the scaled rectangle to
2106         represent an area that is not actually covered by the document.
2107
2108         We fix this by applying the current transform to the document rect
2109         as a FloatRect and then explicitly converting to IntRect, which
2110         takes the floor of the resulting rectangle coordinates instead of
2111         rounding them out.
2112
2113         This is evidenced by the document.body.scrollWidth() and
2114         document.body.scrollHeight() changing under page scale factor when
2115         they are expected to remain invariant.
2116
2117         Reviewed by James Robinson.
2118
2119         Test: fast/dom/window-scroll-scaling.html
2120
2121         * rendering/RenderView.cpp:
2122         (WebCore::RenderView::documentRect):
2123
2124 2012-05-25  Dan Bernstein  <mitz@apple.com>
2125
2126         characterBreakIterator() is not safe to use reentrantly or from multiple threads
2127         https://bugs.webkit.org/show_bug.cgi?id=87521
2128
2129         Reviewed by Darin Adler.
2130
2131         Replaced characterBreakIterator() with a NonSharedCharacterBreakIterator class, which
2132         obtains a unique TextBreakIterator. Replaced the global shared instance with a single-entry
2133         cache.
2134
2135         * dom/CharacterData.cpp:
2136         (WebCore::CharacterData::parserAppendData): Changed to use NonSharedCharacterBreakIterator.
2137
2138         * platform/graphics/StringTruncator.cpp:
2139         (WebCore::centerTruncateToBuffer): Ditto.
2140         (WebCore::rightTruncateToBuffer): Ditto.
2141
2142         * platform/text/String.cpp:
2143         (WebCore::numGraphemeClusters): Ditto.
2144         (WebCore::numCharactersInGraphemeClusters): Ditto.
2145
2146         * platform/text/TextBreakIterator.h: Removed the declaration of characterBreakIterator().
2147         (NonSharedCharacterBreakIterator): Added. An instance of this class has a character break
2148         iterator instance that is unique to it for the lifetime of the instance.
2149         (WebCore::NonSharedCharacterBreakIterator::operator TextBreakIterator*): Added.
2150
2151         * platform/text/TextBreakIteratorICU.cpp:
2152         (WebCore::NonSharedCharacterBreakIterator::NonSharedCharacterBreakIterator): Added. Tries
2153         to swap the m_iterator member variable with the cached instance. If that fails, initializes
2154         m_iterator to a new character break iterator.
2155         (WebCore::NonSharedCharacterBreakIterator::~NonSharedCharacterBreakIterator): Added. Tries
2156         to put the m_iterator member variable back in the cache. If that fails, meaning there is
2157         already something in the cache, destroys m_iterator.
2158
2159         * platform/text/gtk/TextBreakIteratorGtk.cpp:
2160         (WebCore::NonSharedCharacterBreakIterator::NonSharedCharacterBreakIterator): Same as in
2161         TextBreakIteratorICU.cpp.
2162         (WebCore::NonSharedCharacterBreakIterator::~NonSharedCharacterBreakIterator): Ditto.
2163         (WebCore::cursorMovementIterator): Moved the old implementation of characterBreakIterator()
2164         here.
2165
2166         * platform/text/qt/TextBreakIteratorQt.cpp:
2167         (WebCore::NonSharedCharacterBreakIterator::NonSharedCharacterBreakIterator): Same as in
2168         TextBreakIteratorICU.cpp.
2169         (WebCore::NonSharedCharacterBreakIterator::~NonSharedCharacterBreakIterator): Ditto.
2170         (WebCore::cursorMovementIterator): Moved the old implementation of characterBreakIterator()
2171         here.
2172
2173         * platform/text/wince/TextBreakIteratorWinCE.cpp:
2174         (WebCore::NonSharedCharacterBreakIterator::NonSharedCharacterBreakIterator): Same as in
2175         TextBreakIteratorICU.cpp.
2176         (WebCore::NonSharedCharacterBreakIterator::~NonSharedCharacterBreakIterator): Ditto.
2177         (WebCore::cursorMovementIterator): Moved the old implementation of characterBreakIterator()
2178         here.
2179
2180 2012-05-25  Simon Fraser  <simon.fraser@apple.com>
2181
2182         Terrible performance on http://alliances.commandandconquer.com/ and http://www.lordofultima.com/
2183         https://bugs.webkit.org/show_bug.cgi?id=84410
2184
2185         Reviewed by Dave Hyatt.
2186         
2187         First part of fixing O(N^2) issues when walking the RenderLayer tree
2188         for computeCompositingRequirements().
2189         
2190         For each layer that goes into the OverlapMap, we were computing an absolute
2191         layer bounds, which requires walking back to the root of the tree.
2192         Optimize this when possible by storing a stack of offsets as we walk
2193         the tree, and using this stack to do the mapping.
2194         
2195         The stack of offsets and transforms is managed by RenderGeometryMap.
2196         When visiting a RenderLayer, RenderLayerCompositor pushes onto
2197         the geometry map stack data about offsets and transforms between
2198         the current layer and its stacking-parent. RenderGeometryMap handles
2199         the case where the previous renderer pushed is between the current
2200         renderer and its container. RenderGeometryMap can also handle callers
2201         pushing renderers with multiple containers between them.
2202         
2203         RenderGeometryMap stores some flags about whether the set of mapping
2204         steps in the stack involve transforms, fixed position, or special non-uniform
2205         mappings like CSS columns. In some cases, it falls back to mapping via
2206         renderers.
2207
2208         Once constructed, the RenderGeometryMap stack can be used to map multiple
2209         rects or points efficiently. Stacks consisting of simple offsets are
2210         collapsed to a single offset.
2211         
2212         Mappings between renderers and their containers are pushed by pushMappingToContainer()
2213         methods, which are similar to mapLocalToContainer() methods. Having this code
2214         in RenderObjects was deemed preferable to handling columns, transforms etc. all in
2215         RenderLayer code.
2216
2217         Tested by assertions in RenderGeometryMap code that its mapping matches
2218         mapping via localToAbsolute() calls.
2219         
2220         RenderLayerCompositor::updateCompositingLayers() creates a RenderGeometryMap,
2221         and pushes and pops layer renderers as it visits them. The geometry map is used
2222         by RenderLayerCompositor::addToOverlapMap() when computing absolute layer bounds.
2223         
2224         Futher optimizations in RenderGeometryMap are possible, especially with stacks that
2225         have many offsets and a few transforms.
2226
2227         Tests: compositing/geometry/composited-in-columns.html
2228                compositing/geometry/flipped-writing-mode.html
2229
2230         * CMakeLists.txt: Add RenderGeometryMap
2231         * GNUmakefile.list.am: Ditt
2232         * Target.pri: Ditto
2233         * WebCore.gypi: Ditto
2234         * WebCore.vcproj/WebCore.vcproj: Ditto
2235         * WebCore.xcodeproj/project.pbxproj: Ditto
2236         * rendering/RenderBox.cpp:
2237         (WebCore::RenderBox::absoluteContentBox):
2238         (WebCore::RenderBox::pushMappingToContainer):
2239         (WebCore::RenderBox::offsetFromContainer):
2240         * rendering/RenderBox.h:
2241         * rendering/RenderGeometryMap.cpp: Added.
2242         (RenderGeometryMapStep):
2243         (WebCore::RenderGeometryMapStep::RenderGeometryMapStep):
2244         (WebCore::RenderGeometryMapStep::mapPoint):
2245         (WebCore::RenderGeometryMapStep::mapQuad):
2246         (WebCore::RenderGeometryMap::RenderGeometryMap):
2247         (WebCore::RenderGeometryMap::~RenderGeometryMap):
2248         (WebCore::RenderGeometryMap::absolutePoint):
2249         (WebCore::RenderGeometryMap::absoluteRect):
2250         (WebCore::RenderGeometryMap::mapToAbsolute):
2251         (WebCore::RenderGeometryMap::pushMappingsToAncestor):
2252         (WebCore::RenderGeometryMap::push):
2253         (WebCore::RenderGeometryMap::pushView):
2254         (WebCore::RenderGeometryMap::popMappingsToAncestor):
2255         (WebCore::RenderGeometryMap::stepInserted):
2256         (WebCore::RenderGeometryMap::stepRemoved):
2257         * rendering/RenderGeometryMap.h: Added.
2258         (RenderGeometryMap):
2259         (WebCore::RenderGeometryMap::hasNonUniformStep):
2260         (WebCore::RenderGeometryMap::hasTransformStep):
2261         (WebCore::RenderGeometryMap::hasFixedPositionStep):
2262         * rendering/RenderInline.cpp:
2263         (WebCore::RenderInline::offsetFromContainer):
2264         (WebCore::RenderInline::pushMappingToContainer):
2265         * rendering/RenderInline.h:
2266         (RenderInline):
2267         * rendering/RenderLayerCompositor.cpp:
2268         (WebCore::RenderLayerCompositor::updateCompositingLayers):
2269         (WebCore::RenderLayerCompositor::addToOverlapMap):
2270         (WebCore::RenderLayerCompositor::addToOverlapMapRecursive):
2271         (WebCore::RenderLayerCompositor::computeCompositingRequirements):
2272         * rendering/RenderLayerCompositor.h:
2273         (RenderLayerCompositor):
2274         * rendering/RenderObject.cpp:
2275         (WebCore::RenderObject::mapLocalToContainer):
2276         (WebCore::RenderObject::pushMappingToContainer):
2277         (WebCore::RenderObject::offsetFromContainer):
2278         (WebCore::RenderObject::container):
2279         * rendering/RenderObject.h:
2280         * rendering/RenderTableCell.cpp:
2281         (WebCore::RenderTableCell::offsetFromContainer):
2282         * rendering/RenderTableCell.h:
2283         (RenderTableCell):
2284         * rendering/RenderView.cpp:
2285         (WebCore::RenderView::pushMappingToContainer):
2286         * rendering/RenderView.h:
2287         * rendering/svg/RenderSVGForeignObject.cpp:
2288         (WebCore::RenderSVGForeignObject::pushMappingToContainer):
2289         * rendering/svg/RenderSVGForeignObject.h:
2290         (RenderSVGForeignObject):
2291         * rendering/svg/RenderSVGInline.cpp:
2292         (WebCore::RenderSVGInline::pushMappingToContainer):
2293         * rendering/svg/RenderSVGInline.h:
2294         (RenderSVGInline):
2295         * rendering/svg/RenderSVGModelObject.cpp:
2296         (WebCore::RenderSVGModelObject::pushMappingToContainer):
2297         * rendering/svg/RenderSVGModelObject.h:
2298         (RenderSVGModelObject):
2299         * rendering/svg/RenderSVGRoot.cpp:
2300         (WebCore::RenderSVGRoot::pushMappingToContainer):
2301         * rendering/svg/RenderSVGRoot.h:
2302         (RenderSVGRoot):
2303         * rendering/svg/RenderSVGText.cpp:
2304         (WebCore::RenderSVGText::pushMappingToContainer):
2305         * rendering/svg/RenderSVGText.h:
2306         (RenderSVGText):
2307         * rendering/svg/SVGRenderSupport.cpp:
2308         (WebCore::SVGRenderSupport::pushMappingToContainer):
2309         * rendering/svg/SVGRenderSupport.h:
2310         (SVGRenderSupport):
2311
2312 2012-05-25  Simon Fraser  <simon.fraser@apple.com>
2313
2314         Cache absolute clip rects on RenderLayer for compositing overlap testing
2315         https://bugs.webkit.org/show_bug.cgi?id=87212
2316
2317         Reviewed by Dave Hyatt.
2318         
2319         Enhance the cache of ClipRects on RenderLayers to store three
2320         different types of ClipRects, rather than just one.
2321         
2322         We need to compute clip rects relative to different layers
2323         for different purposes. For painting, we compute relative to
2324         the compositing layer which is acting as a painting root.
2325         For hit testing, we compute relative to the root, except
2326         for transformed layers. For composting overlap testing, we
2327         compute relative to the root ("absolute"). At other times, we do one-off
2328         computation which we never want to cache ("temporary clip rects").
2329         
2330         This change allows us to cache rects for hit testing, and for
2331         compositing overlap testing. This has huge performance benefits
2332         on some pages (bug 84410).
2333         
2334         This change also makes ClipRects not arena-allocated, so we
2335         can use RefPtr<ClipRect>.
2336
2337         No testable behavior change.
2338
2339         * rendering/RenderBoxModelObject.cpp:
2340         (WebCore::RenderBoxModelObject::willBeDestroyed): No need for the
2341         explicit clipRects teardown, since clipRects don't need a live
2342         RenderObject for arena-based destruction.
2343
2344         * rendering/RenderLayer.cpp: Remove arena-related new and delete.
2345         (WebCore::RenderLayer::RenderLayer): No need to explicitly initialize m_clipRects,
2346         since it's an OwnPtr now.
2347         (WebCore::RenderLayer::~RenderLayer): No explicit clipRect teardown required.
2348         (WebCore::RenderLayer::clippingRootForPainting): Renamed to make its purpose
2349         more obvious.
2350         (WebCore::RenderLayer::paintLayer): Use the TemporaryClipRects type when necessary.
2351         (WebCore::RenderLayer::paintLayerContents): Ditto
2352         (WebCore::RenderLayer::hitTestLayer): No longer need to use temporary clipRects when
2353         hit testing since we cache clip rects for hit testing.
2354         (WebCore::RenderLayer::updateClipRects): Take a ClipRectsType and pass it through.
2355         (WebCore::RenderLayer::calculateClipRects): Ditto
2356         (WebCore::RenderLayer::parentClipRects): Ditto
2357         (WebCore::RenderLayer::backgroundClipRect): Ditto
2358         (WebCore::RenderLayer::calculateRects): Take ClipRectsType, which obviates temporaryClipRects.
2359         (WebCore::RenderLayer::childrenClipRect): Use clippingRootForPainting().
2360         (WebCore::RenderLayer::selfClipRect): Ditto
2361         (WebCore::RenderLayer::localClipRect): Ditto
2362         (WebCore::RenderLayer::clearClipRectsIncludingDescendants): Take a type of clip rect to clear
2363         (include all). Allows us to just clear painting clip rects.
2364         (WebCore::RenderLayer::clearClipRects):
2365
2366         * rendering/RenderLayer.h:
2367         (WebCore::ClipRects::create): We don't use RefCounted<> in order to use a bit in
2368         the refCount for a flag. Add create() method.
2369         (WebCore::ClipRects::deref): No longer arena-allocated.
2370         (WebCore::ClipRectsCache::ClipRectsCache): Struct that holds a small
2371         array of the 3 types of clipRects (and, in debug, the layer relative
2372         to which they were computed).
2373         (WebCore::RenderLayer::clipRects):
2374
2375         * rendering/RenderLayerBacking.cpp:
2376         (WebCore::RenderLayerBacking::updateCompositedBounds): Use AbsoluteClipRects; rootLayer
2377         is always the RenderView's layer here.
2378         (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry): Use TemporaryClipRects.
2379         (WebCore::RenderLayerBacking::setRequiresOwnBackingStore): When this variable changes,
2380         we need to invalidate painting clipRects, since it affects the ancestor relative to which
2381         those rects are computed.
2382
2383         * rendering/RenderLayerBacking.h:
2384         * rendering/RenderLayerCompositor.cpp:
2385         (WebCore::RenderLayerCompositor::updateBacking): When the composited state
2386         of a layer changes, we have to clear all descendant clip rects, since this
2387         can affect the layers relative to which clip rects are computed.
2388         (WebCore::RenderLayerCompositor::addToOverlapMap): Use AbsoluteClipRects.
2389         (WebCore::RenderLayerCompositor::computeCompositingRequirements): No need
2390         to call updateLayerPosition(), since that should have always happened after
2391         layout. That call cleared clip rects, so removing it is very beneficial.
2392         (WebCore::RenderLayerCompositor::clippedByAncestor): Use TemporaryClipRects.
2393
2394         * rendering/RenderTreeAsText.cpp:
2395         (WebCore::writeLayers): Use TemporaryClipRects.
2396
2397 2012-05-25  Dean Jackson  <dino@apple.com>
2398
2399         Unreviewed, rolling out r112155.
2400         http://trac.webkit.org/changeset/112155
2401         https://bugs.webkit.org/show_bug.cgi?id=79389
2402         Hitch (due to style recalc?) when starting CSS3 animation
2403
2404         This caused a number of issues, including:
2405         https://bugs.webkit.org/show_bug.cgi?id=87146
2406         https://bugs.webkit.org/show_bug.cgi?id=84194
2407         <rdar://problem/11506629>
2408         <rdar://problem/11267408>
2409         <rdar://problem/11531859>
2410
2411         * dom/Element.cpp:
2412         (WebCore::Element::recalcStyle):
2413
2414 2012-05-25  David Hyatt  <hyatt@apple.com>
2415
2416         https://bugs.webkit.org/show_bug.cgi?id=87525
2417         
2418         For the new multi-column layout, create a flow thread and make sure the children get put inside it.
2419
2420         Reviewed by Eric Seidel.
2421
2422         * rendering/RenderMultiColumnBlock.cpp:
2423         (WebCore::RenderMultiColumnBlock::RenderMultiColumnBlock):
2424         (WebCore::RenderMultiColumnBlock::addChild):
2425         (WebCore):
2426         * rendering/RenderMultiColumnBlock.h:
2427         (WebCore):
2428         (RenderMultiColumnBlock):
2429         (WebCore::RenderMultiColumnBlock::flowThread):
2430         * rendering/RenderMultiColumnFlowThread.cpp:
2431         (WebCore::RenderMultiColumnFlowThread::~RenderMultiColumnFlowThread):
2432         (WebCore):
2433         * rendering/RenderMultiColumnFlowThread.h:
2434         (RenderMultiColumnFlowThread):
2435         * rendering/RenderMultiColumnSet.h:
2436         * rendering/RenderObject.h:
2437         (RenderObject):
2438         (WebCore::RenderObject::isRenderMultiColumnSet):
2439
2440 2012-05-25  Emil A Eklund  <eae@chromium.org>
2441
2442         Change RenderBoxModelObject to compute relativePositionOffset as size
2443         https://bugs.webkit.org/show_bug.cgi?id=87447
2444
2445         Reviewed by Eric Seidel.
2446
2447         Compute relativePositionOffset as size instead of doing one axis at a
2448         time as all call sites uses the size version of the method. This avoids
2449         having to walk the DOM twice to accumulate the offsets.
2450
2451         Also remove the relativePositionOffsetX and Y methods as they are no
2452         longer used.
2453
2454         No new tests, covered by existing tests.
2455
2456         * rendering/RenderBox.cpp:
2457         (WebCore::RenderBox::layoutOverflowRectForPropagation):
2458         * rendering/RenderBoxModelObject.cpp:
2459         (WebCore::accumulateRelativePositionOffsets):
2460         (WebCore::RenderBoxModelObject::relativePositionOffset):
2461         * rendering/RenderBoxModelObject.h:
2462         (RenderBoxModelObject):
2463
2464 2012-05-25  Sheriff Bot  <webkit.review.bot@gmail.com>
2465
2466         Unreviewed, rolling out r118395.
2467         http://trac.webkit.org/changeset/118395
2468         https://bugs.webkit.org/show_bug.cgi?id=87526
2469
2470         Breaking sites including GMail and Yahoo mail (Requested by
2471         jsbell on #webkit).
2472
2473         * rendering/RenderBlock.cpp:
2474         (WebCore::RenderBlock::collapseMargins):
2475
2476 2012-05-25  Ken Buchanan  <kenrb@chromium.org>
2477
2478         Layout root not getting cleared for anonymous renderers geting destroyed
2479         https://bugs.webkit.org/show_bug.cgi?id=84002
2480
2481         Reviewed by Abhishek Arya.
2482
2483         This is a follow-up to r109406, which added a check to clear layout
2484         roots when they point to a renderer that is being destroyed. The
2485         thinking was that layout roots would never be anonymous renderers,
2486         but there are some cases where this is not true (in particular,
2487         generated content containers with overflow clips can be layout roots).
2488
2489         As in r109406, this patch has no layout test. This is because any test
2490         that exercises this behavior is caused by an existing layout bug where
2491         a child is not properly getting layout (or a renderer is getting dirtied
2492         out of order during layout) and will fail multiple ASSERTs:
2493         in particular, ASSERT(!m_layoutRoot->container() || !m_layoutRoot->
2494         container()->needsLayout()) in FrameView::scheduleRelayoutOfSubtree(),
2495         and ASSERT_NOT_REACHED() in RenderObject::clearLayoutRootIfNeeded().
2496         We are preventing those bugs from manifesting as security issues with
2497         this patch.
2498
2499         This also removes an ASSERT from the RenderObject destructor. This is
2500         redundant with the condition in RenderObject::clearLayoutRootIfNeeded()
2501         which is always called in RenderObject::willBeDestroyed(), so the check 
2502         is not needed. It had to be removed because it fails when I try to
2503         adjust the ASSERT condition by removing the !node()
2504         check, due to RenderWidget clearing its node() during destruction.
2505
2506         * rendering/RenderObject.cpp:
2507         (WebCore::RenderObject::~RenderObject):
2508         (WebCore::RenderObject::willBeDestroyed):
2509
2510 2012-05-25  Alexander Pavlov  <apavlov@chromium.org>
2511
2512         Web Inspector: Hangup when continuously changing a css width value in Inspector
2513         https://bugs.webkit.org/show_bug.cgi?id=85802
2514
2515         Reviewed by Vsevolod Vlasov.
2516
2517         An error in the property whitespace prefix detection algorithm would append the previous line trailing whitespace,
2518         thereby enormously increasing the actual prefix during multiple incremental property changes.
2519
2520         * inspector/InspectorStyleSheet.cpp:
2521         (WebCore::InspectorStyle::newLineAndWhitespaceDelimiters):
2522
2523 2012-05-25  Alexander Pavlov  <apavlov@chromium.org>
2524
2525         Web Inspector: Clean up Inspector.json after r118367
2526         https://bugs.webkit.org/show_bug.cgi?id=87499
2527
2528         Reviewed by Yury Semikhatsky.
2529
2530         This cleans up the semantic inconsistencies introduced into type/field names r118367.
2531
2532         No new tests, as this is a refactoring.
2533
2534         * inspector/Inspector.json:
2535         * inspector/InspectorCSSAgent.cpp:
2536         (WebCore::InspectorCSSAgent::asInspectorStyleSheet):
2537         (WebCore::InspectorCSSAgent::viaInspectorStyleSheet):
2538         (WebCore::InspectorCSSAgent::detectOrigin):
2539         * inspector/InspectorCSSAgent.h:
2540         (InspectorCSSAgent):
2541         * inspector/InspectorStyleSheet.cpp:
2542         (WebCore::InspectorStyleSheet::create):
2543         (WebCore::InspectorStyleSheet::InspectorStyleSheet):
2544         (WebCore::InspectorStyleSheet::buildObjectForRule):
2545         (WebCore::InspectorStyleSheet::resourceStyleSheetText):
2546         (WebCore::InspectorStyleSheetForInlineStyle::create):
2547         (WebCore::InspectorStyleSheetForInlineStyle::InspectorStyleSheetForInlineStyle):
2548         * inspector/InspectorStyleSheet.h:
2549         (InspectorStyleSheet):
2550         (WebCore::InspectorStyleSheet::canBind):
2551         (InspectorStyleSheetForInlineStyle):
2552
2553 2012-05-25  Ilya Tikhonovsky  <loislo@chromium.org>
2554
2555         Web Inspector: speed-up HeapSnapshot._bfs method.
2556         https://bugs.webkit.org/show_bug.cgi?id=87502
2557
2558         It had containmentEdges.length call in the loop that forced deoptimization.
2559
2560         Reviewed by Yury Semikhatsky.
2561
2562         * inspector/front-end/HeapSnapshot.js:
2563         (WebInspector.HeapSnapshot.prototype._calculateObjectToWindowDistance):
2564         (WebInspector.HeapSnapshot.prototype._bfs):
2565
2566 2012-05-25  Alexei Filippov  <alexeif@chromium.org>
2567
2568         Web Inspector: Speed up edges iteration in heap profiler
2569         https://bugs.webkit.org/show_bug.cgi?id=87286
2570
2571         Add an extra node to nodes array that points to the end of edges array.
2572         It allows to eliminate a check for the last node in iteration code.
2573
2574         Reviewed by Yury Semikhatsky.
2575
2576         * inspector/front-end/HeapSnapshot.js:
2577         (WebInspector.HeapSnapshotNode.prototype._edgeIndexesStart):
2578         (WebInspector.HeapSnapshotNode.prototype._edgeIndexesEnd):
2579         (WebInspector.HeapSnapshotNodeIterator):
2580         (WebInspector.HeapSnapshot.prototype._buildRetainers):
2581         (WebInspector.HeapSnapshot.prototype._bfs):
2582         (WebInspector.HeapSnapshot.prototype._buildAggregates):
2583         (WebInspector.HeapSnapshot.prototype._buildPostOrderIndex):
2584         (WebInspector.HeapSnapshot.prototype._buildDominatorTree):
2585         (WebInspector.HeapSnapshot.prototype._markQueriableHeapObjects):
2586
2587 2012-05-25  Andrey Kosyakov  <caseq@chromium.org>
2588
2589         Web Inspector: put paint and compositing timeline events in a new category of their own
2590         https://bugs.webkit.org/show_bug.cgi?id=86852
2591
2592         Reviewed by Pavel Feldman.
2593
2594         - add forth timeline category, "Painting"; make it light-purple;
2595         - assign paint and compositing events to Painting category;
2596
2597         * WebCore.gypi: added timelineBarLightPurple.png;
2598         * inspector/front-end/Images/timelineBarLightPurple.png: Added.
2599         * inspector/front-end/Images/timelineCheckmarks.png: added light-purple icon;
2600         * inspector/front-end/Images/timelineDots.png: ditto.
2601         * inspector/front-end/TimelineOverviewPane.js:
2602         (WebInspector.TimelineCategoryStrips.prototype.update.appendRecord): do not merge bars in same raw if these are from different categories;
2603         (WebInspector.TimelineCategoryStrips.prototype.update):
2604         * inspector/front-end/TimelinePresentationModel.js:
2605         (WebInspector.TimelinePresentationModel.categories):
2606         (WebInspector.TimelinePresentationModel.recordStyle):
2607         * inspector/front-end/WebKit.qrc: added timelineBarLightPurple.png;
2608         * inspector/front-end/timelinePanel.css: added styles for painting category;
2609         (.timeline-category-statusbar-item.timeline-category-painting .timeline-category-checkbox):
2610         (.timeline-category-painting .timeline-graph-bar):
2611         (.popover .timeline-painting):
2612         (.timeline-category-scripting .timeline-tree-icon):
2613         (.timeline-category-rendering .timeline-tree-icon):
2614         (.timeline-category-painting .timeline-tree-icon):
2615
2616 2012-05-25  W. James MacLean  <wjmaclean@chromium.org>
2617
2618         [chromium] LayerChromium should recognise existing layer active animations when the layer is added.
2619         https://bugs.webkit.org/show_bug.cgi?id=87166
2620
2621         Reviewed by Adrienne Walker.
2622
2623         Unit test added.
2624
2625         LayerChromium needs to correctly recognize if a newly added layer has an existing
2626         active animation.
2627
2628         * platform/graphics/chromium/LayerChromium.cpp:
2629         (WebCore::LayerChromium::setLayerTreeHost):
2630         (WebCore::LayerChromium::notifyAnimationFinished):
2631         * platform/graphics/chromium/cc/CCLayerTreeHost.h:
2632         (CCLayerTreeHost):
2633
2634 2012-05-25  Ilya Tikhonovsky  <loislo@chromium.org>
2635
2636         Web Inspector: HeapSnapshot: introduce performance counter for HeapSnapshotConstructorsDataGrid._aggregatesReceived method.
2637         https://bugs.webkit.org/show_bug.cgi?id=87393
2638
2639         Reviewed by Yury Semikhatsky.
2640
2641         * inspector/front-end/HeapSnapshotDataGrids.js:
2642         (WebInspector.HeapSnapshotConstructorsDataGrid.prototype._aggregatesReceived):
2643         (WebInspector.HeapSnapshotConstructorsDataGrid.prototype._populateChildren):
2644
2645 2012-05-25  Ilya Tikhonovsky  <loislo@chromium.org>
2646
2647         Web Inspector: drop obsolete WebInspector.Uint32Array and adjust snapshot chunk size for better transfer-snapshot metric.
2648         https://bugs.webkit.org/show_bug.cgi?id=87490
2649
2650         Originally WebInspector.Uint32Array was used for dynamic array
2651         reallocation because we had no information about expected arrays sizes.
2652         Now we have these sizes and allocates array precisely.
2653
2654         Reviewed by Yury Semikhatsky.
2655
2656         * bindings/v8/ScriptHeapSnapshot.cpp:
2657         (WebCore):
2658         * inspector/front-end/HeapSnapshot.js:
2659         * inspector/front-end/HeapSnapshotLoader.js:
2660         (WebInspector.HeapSnapshotLoader.prototype._parseUintArray):
2661         (WebInspector.HeapSnapshotLoader.prototype.pushJSONChunk):
2662
2663 2012-05-25  Ilya Tikhonovsky  <loislo@chromium.org>
2664
2665         Web Inspector: drop obsolete WebInspector.Uint32Array and adjust snapshot chunk size for better transfer-snapshot metric.
2666         https://bugs.webkit.org/show_bug.cgi?id=87490
2667
2668         Originally WebInspector.Uint32Array was used for dynamic array
2669         reallocation because we had no information about expected arrays sizes.
2670         Now we have these sizes and allocates array precisely.
2671
2672         Reviewed by Yury Semikhatsky.
2673
2674         * bindings/v8/ScriptHeapSnapshot.cpp:
2675         (WebCore):
2676         * inspector/front-end/HeapSnapshot.js:
2677         * inspector/front-end/HeapSnapshotLoader.js:
2678         (WebInspector.HeapSnapshotLoader.prototype._parseUintArray):
2679         (WebInspector.HeapSnapshotLoader.prototype.pushJSONChunk):
2680
2681 2012-05-25  Alexander Pavlov  <apavlov@chromium.org>
2682
2683         Web Inspector: cmd-[ shortcut navigates page and is fr-keyboard incompatible
2684         https://bugs.webkit.org/show_bug.cgi?id=85312
2685
2686         Reviewed by Vsevolod Vlasov.
2687
2688         Suppress the handling of panel history navigation events if the corresponding keyboard activities produce
2689         the "keypress" event (which is the case on French keyboards, where AltGr+[ is translated into Ctrl+Alt+[ on Windows).
2690         The event is also told to preventDefault() to avoid browser history navigation on Mac while traversing the Inspector panel history.
2691
2692         * inspector/front-end/InspectorView.js:
2693         (WebInspector.InspectorView):
2694         (WebInspector.InspectorView.prototype._keyPress):
2695         (WebInspector.InspectorView.prototype._keyDown):
2696         (WebInspector.InspectorView.prototype._keyDownInternal):
2697         * inspector/front-end/UIUtils.js:
2698         (WebInspector.isWin):
2699
2700 2012-05-25  Yury Semikhatsky  <yurys@google.com>
2701
2702         Unreviewed. Fixed closure compiler warnings.
2703
2704         * inspector/front-end/NativeMemorySnapshotView.js:
2705         (WebInspector.NativeMemoryProfileType.prototype.buttonClicked):
2706         (WebInspector.NativeMemoryProfileHeader.prototype.createView):
2707
2708 2012-05-25  Lu Guanqun  <guanqun.lu@intel.com>
2709
2710         [GTK] fix compilation warning in GtkInputMethodFilter.cpp
2711         https://bugs.webkit.org/show_bug.cgi?id=87475
2712
2713         Reviewed by Martin Robinson.
2714
2715         * platform/gtk/GtkInputMethodFilter.cpp:
2716         (WebCore::GtkInputMethodFilter::setWidget):
2717
2718 2012-05-25  Zalan Bujtas  <zbujtas@gmail.com>
2719
2720         [Qt] Broken controls rendering when transform is applied.
2721         https://bugs.webkit.org/show_bug.cgi?id=87483
2722
2723         Reviewed by Simon Hausmann.
2724
2725         Use only the scaling transform value to determine the size of
2726         the control to be drawn. When other transforms present such as
2727         rotate or skew, ignore them, unless scaling also involved. In
2728         that case, calculate the scaling value out of the transformation.
2729
2730         * ManualTests/qt/control_paiting_with_transforms.html: Added.
2731
2732         * platform/qt/RenderThemeQtMobile.cpp:
2733         (WebCore::painterScale):
2734         (WebCore):
2735         (WebCore::StylePainterMobile::sizeForPainterScale):
2736
2737 2012-05-17  Andrey Kosyakov  <caseq@chromium.org>
2738
2739         [chromium] add instrumentation for compositing
2740         https://bugs.webkit.org/show_bug.cgi?id=83928
2741
2742         Reviewed by James Robinson.
2743
2744         - plumb willCommit() and didBeginFrame() from CCSingleThreadProxy and CCThreadProxy to inspector instrumentation;
2745         - note for threaded case, didBeginFrame() is invoked upon unblocking of main thread;
2746
2747         * platform/graphics/chromium/cc/CCLayerTreeHost.h:
2748         (CCLayerTreeHostClient):
2749         (WebCore::CCLayerTreeHost::didBeginFrame):
2750         (WebCore::CCLayerTreeHost::willCommit):
2751         * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
2752         (WebCore::CCSingleThreadProxy::commitAndComposite):
2753         * platform/graphics/chromium/cc/CCThreadProxy.cpp:
2754         (WebCore::CCThreadProxy::beginFrame):
2755
2756 2012-05-25  Taiju Tsuiki  <tzik@chromium.org>
2757
2758         Web Inspector: Drop InspectorFileSystemInstrumentation
2759         https://bugs.webkit.org/show_bug.cgi?id=87460
2760
2761         Inspector does not need to track DOMFileSystem object now. So we can
2762         drop InspectorFileSystemInstrumentation.
2763
2764         Reviewed by Vsevolod Vlasov.
2765
2766         * GNUmakefile.list.am:
2767         * Modules/filesystem/DOMFileSystem.cpp:
2768         (WebCore::DOMFileSystem::create):
2769         * WebCore.gypi:
2770         * WebCore.vcproj/WebCore.vcproj:
2771         * WebCore.xcodeproj/project.pbxproj:
2772         * inspector/InspectorFileSystemAgent.cpp:
2773         (WebCore::InspectorFileSystemAgent::enable):
2774         * inspector/InspectorFileSystemAgent.h:
2775         (InspectorFileSystemAgent):
2776         * inspector/InspectorFileSystemInstrumentation.h: Removed.
2777         * inspector/InspectorInstrumentation.cpp:
2778         (WebCore):
2779         * inspector/InspectorInstrumentation.h:
2780         (WebCore):
2781         (InspectorInstrumentation):
2782
2783 2012-05-25  Ilya Tikhonovsky  <loislo@chromium.org>
2784
2785         Web Inspector: HeapProfiler: speed-up _calculateClassesRetainedSize and _buildAggregates.
2786         https://bugs.webkit.org/show_bug.cgi?id=87482
2787
2788         Engine didn't inline node's classIndex method because the switch statement in it wasn't inlineable.
2789
2790         Reviewed by Yury Semikhatsky.
2791
2792         * inspector/front-end/HeapSnapshot.js:
2793         (WebInspector.HeapSnapshotNode.prototype.classIndex):
2794
2795 2012-05-24  Andreas Kling  <kling@webkit.org>
2796
2797         Dodge style recalc when id attribute is overwritten with same value.
2798         <http://webkit.org/b/87211>
2799
2800         Reviewed by Eric Seidel.
2801
2802         Don't force style recalc when the id attribute is set to the same value it already had.
2803         ~3.5% improvement on Dromaeo's "dom-attr" locally.
2804
2805         * dom/Element.cpp:
2806         (WebCore::Element::attributeChanged):
2807
2808 2012-05-24  Yury Semikhatsky  <yurys@chromium.org>
2809
2810         Web Inspector: add profile type for native memory snapshots
2811         https://bugs.webkit.org/show_bug.cgi?id=87400
2812
2813         Reviewed by Vsevolod Vlasov.
2814
2815         Introduced new profile type and view classes for native memory snapshots.
2816         All the stuff is hidden behind an experimental setting.
2817
2818         * WebCore.gypi:
2819         * WebCore.vcproj/WebCore.vcproj:
2820         * inspector/compile-front-end.py:
2821         * inspector/front-end/NativeMemorySnapshotView.js: Added.
2822         (WebInspector.NativeMemorySnapshotView):
2823         (WebInspector.NativeMemorySnapshotView.prototype.dispose):
2824         (WebInspector.NativeMemorySnapshotView.prototype.get statusBarItems):
2825         (WebInspector.NativeMemorySnapshotView.prototype.get profile):
2826         (WebInspector.NativeMemoryProfileType):
2827         (WebInspector.NativeMemoryProfileType.prototype.get buttonTooltip):
2828         (WebInspector.NativeMemoryProfileType.prototype.buttonClicked):
2829         (WebInspector.NativeMemoryProfileType.prototype.get treeItemTitle):
2830         (WebInspector.NativeMemoryProfileType.prototype.get description):
2831         (WebInspector.NativeMemoryProfileType.prototype.createTemporaryProfile):
2832         (WebInspector.NativeMemoryProfileType.prototype.createProfile):
2833         (WebInspector.NativeMemoryProfileHeader):
2834         (WebInspector.NativeMemoryProfileHeader.prototype.createSidebarTreeElement):
2835         (WebInspector.NativeMemoryProfileHeader.prototype.createView):
2836         * inspector/front-end/ProfilesPanel.js:
2837         * inspector/front-end/Settings.js:
2838         (WebInspector.ExperimentsSettings):
2839         * inspector/front-end/WebKit.qrc:
2840         * inspector/front-end/inspector.html:
2841
2842 2012-05-25  Yury Semikhatsky  <yurys@chromium.org>
2843
2844         Web Inspector: make some profiler methods private
2845         https://bugs.webkit.org/show_bug.cgi?id=87479
2846
2847         Reviewed by Vsevolod Vlasov.
2848
2849         - Removed unused methods.
2850         - Renamed private methods so that their names start with underscore. 
2851         - ProfileLauncherView methods are called directly from ProfilesPanel instead
2852           of sending events.
2853
2854         * inspector/front-end/CPUProfileView.js:
2855         * inspector/front-end/CSSSelectorProfileView.js:
2856         (WebInspector.CSSSelectorProfileType.prototype.buttonClicked):
2857         (WebInspector.CSSSelectorProfileType.prototype._startRecordingProfile):
2858         (WebInspector.CSSSelectorProfileType.prototype.createTemporaryProfile):
2859         * inspector/front-end/ProfileLauncherView.js:
2860         (WebInspector.ProfileLauncherView.prototype.profileStarted):
2861         (WebInspector.ProfileLauncherView.prototype.profileFinished):
2862         * inspector/front-end/ProfilesPanel.js:
2863         (WebInspector.ProfileType.prototype.createProfile):
2864         (WebInspector.ProfilesPanel.prototype.toggleRecordButton):
2865         (WebInspector.ProfilesPanel.prototype._reset):
2866         (WebInspector.ProfilesPanel.prototype._populateProfiles.populateCallback.var):
2867         (WebInspector.ProfilesPanel.prototype._populateProfiles.populateCallback):
2868         (WebInspector.ProfilesPanel.prototype._populateProfiles):
2869         (WebInspector.ProfilesPanel.prototype.setRecordingProfile):
2870         (WebInspector.ProfilesPanel.prototype.takeHeapSnapshot.done):
2871         (WebInspector.ProfilesPanel.prototype.takeHeapSnapshot):
2872
2873 2012-05-25  Keishi Hattori  <keishi@webkit.org>
2874
2875         Bad checkValidity result on recently "enabled" form fields
2876         https://bugs.webkit.org/show_bug.cgi?id=85704
2877
2878         Reviewed by Kent Tamura.
2879
2880         Test: fast/forms/disabled-attr-checkvalidity.html
2881
2882         We were tripping on the assertion m_isValid == validity()->valid()
2883         inside HTMLFormControlElement::isValidFormControlElement.
2884         m_isValid was becoming stale because setNeedsValidityCheck wasn't called
2885         after m_willValidate changed.
2886
2887         * html/HTMLFormControlElement.cpp:
2888         (WebCore::HTMLFormControlElement::willValidate): We used const_cast
2889         because it was too difficult to remove const. We are checking if the
2890         value from willValidate has changed to avoid an infinite loop.
2891         (WebCore::HTMLFormControlElement::setNeedsWillValidateCheck):
2892
2893 2012-05-24  Kinuko Yasuda  <kinuko@chromium.org>
2894
2895         [chromium] DataTransferItem.webkitGetAsEntry() shouldn't be exposed without flag yet
2896         https://bugs.webkit.org/show_bug.cgi?id=87457
2897
2898         Reviewed by Kent Tamura.
2899
2900         No new tests, marking some tests SKIP as we stop exposing this by default.
2901
2902         * Modules/filesystem/DataTransferItemFileSystem.idl: Removed webkitGetAsEntry
2903
2904 2012-05-25  Rakesh KN  <rakesh.kn@motorola.com>
2905
2906         RadioNodeList does not include a object element
2907         https://bugs.webkit.org/show_bug.cgi?id=87371
2908
2909         Reviewed by Kent Tamura.
2910
2911         As per spec http://www.whatwg.org/specs/web-apps/current-work/multipage/forms.html#category-listed
2912         Object element should also be listed in RadioNodeList object.
2913
2914         Updated existing test.
2915
2916         * html/RadioNodeList.cpp:
2917         (WebCore::RadioNodeList::checkElementMatchesRadioNodeListFilter):
2918         Compares if test element's name/id  and form matches that of the RadioNodeList filter.
2919         (WebCore::RadioNodeList::nodeMatches):
2920         Added support for Object element, check if object elements name/id matches the RadioNodeList filter.
2921         * html/RadioNodeList.h:
2922         (RadioNodeList): Ditto
2923
2924 2012-05-25  Jan Keromnes  <janx@linux.com>
2925
2926         Web Inspector: Resource object has no methods getContent and setContent
2927         https://bugs.webkit.org/show_bug.cgi?id=87424
2928
2929         This fixes the extension API so that it uses the `new Resource()`
2930         constructor, which adds the missing `getContent` and `setContent`
2931         methods to a `Resource` object.
2932
2933         Reviewed by Vsevolod Vlasov.
2934
2935         The tests were fixed accordingly in:
2936         LayoutTests/inspector/extensions/extensions-resources-expected.txt
2937
2938         * inspector/front-end/ExtensionAPI.js:
2939         (injectedExtensionAPI.Panels.prototype.setOpenResourceHandler.else.callbackWrapper):
2940         (injectedExtensionAPI.Panels.prototype.setOpenResourceHandler):
2941
2942 2012-05-24  Tim Horton  <timothy_horton@apple.com>
2943
2944         Add feature defines for web-facing parts of CSS Regions and Exclusions
2945         https://bugs.webkit.org/show_bug.cgi?id=87442
2946         <rdar://problem/10887709>
2947
2948         Reviewed by Dan Bernstein.
2949
2950         * Configurations/FeatureDefines.xcconfig:
2951         * GNUmakefile.am:
2952         * bindings/generic/RuntimeEnabledFeatures.cpp:
2953         * bindings/generic/RuntimeEnabledFeatures.h:
2954         (RuntimeEnabledFeatures):
2955         (WebCore::RuntimeEnabledFeatures::setCSSExclusionsEnabled):
2956         (WebCore::RuntimeEnabledFeatures::cssExclusionsEnabled):
2957         * bindings/js/JSCSSRuleCustom.cpp:
2958         (WebCore::toJS):
2959         * bindings/objc/DOMCSS.mm:
2960         (kitClass):
2961         * css/CSSComputedStyleDeclaration.cpp:
2962         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
2963         * css/CSSParser.cpp:
2964         (WebCore::isSimpleLengthPropertyID):
2965         (WebCore::isValidKeywordPropertyAndValue):
2966         (WebCore::isKeywordPropertyID):
2967         (WebCore::CSSParser::parseValue):
2968         (WebCore::CSSParser::detectAtToken):
2969         * css/CSSProperty.cpp:
2970         (WebCore::CSSProperty::isInheritedProperty):
2971         * css/CSSPropertyNames.in:
2972         * css/CSSRule.cpp:
2973         (WebCore::CSSRule::cssText):
2974         (WebCore::CSSRule::destroy):
2975         (WebCore::CSSRule::reattach):
2976         * css/CSSRule.h:
2977         (WebCore::CSSRule::isRegionRule):
2978         * css/CSSRule.idl:
2979         * css/StyleBuilder.cpp:
2980         (WebCore::StyleBuilder::StyleBuilder):
2981         * css/StylePropertySet.cpp:
2982         (WebCore::StylePropertySet::getPropertyValue):
2983         (WebCore::StylePropertySet::asText):
2984         * css/StylePropertyShorthand.cpp:
2985         (WebCore::shorthandForProperty):
2986         * css/StylePropertyShorthand.h:
2987         * css/StyleResolver.cpp:
2988         (WebCore::StyleResolver::collectMatchingRulesForList):
2989         * css/StyleRule.cpp:
2990         (WebCore::StyleRuleBase::destroy):
2991         (WebCore::StyleRuleBase::copy):
2992         (WebCore::StyleRuleBase::createCSSOMWrapper):
2993         * css/WebKitCSSRegionRule.cpp:
2994         * css/WebKitCSSRegionRule.h:
2995         * css/WebKitCSSRegionRule.idl:
2996         * dom/Document.cpp:
2997         * dom/Document.h:
2998         * dom/Document.idl:
2999         * page/DOMWindow.idl:
3000         * page/Settings.cpp:
3001         (WebCore::Settings::Settings):
3002         * page/Settings.h:
3003         (WebCore::Settings::setCSSRegionsEnabled):
3004         (WebCore::Settings::cssRegionsEnabled):
3005
3006 2012-05-24  Geoffrey Garen  <ggaren@apple.com>
3007
3008         WebKit should be lazy-finalization-safe (esp. the DOM)
3009         https://bugs.webkit.org/show_bug.cgi?id=87456
3010
3011         Reviewed by Filip Pizlo.
3012
3013         * bindings/js/DOMWrapperWorld.cpp:
3014         (WebCore::JSStringOwner::finalize):
3015         * bindings/js/JSDOMBinding.cpp:
3016         (WebCore::jsStringSlowCase):
3017         * bindings/js/JSDOMBinding.h:
3018         (WebCore::cacheWrapper):
3019         (WebCore::uncacheWrapper): Use the new idioms.
3020
3021         (WebCore::jsString): Use get instead of find because get is simpler in
3022         the case of entries that are logically null.
3023
3024         (WebCore::domObjectWrapperMapFor): Removed, since it was unused.
3025
3026         * bindings/js/ScriptWrappable.h:
3027         (WebCore::ScriptWrappable::clearWrapper): Use the new idioms.
3028
3029         * bridge/runtime_root.cpp:
3030         (JSC::Bindings::RootObject::invalidate): Check for null while iterating,
3031         since that's possible now.
3032
3033         (JSC::Bindings::RootObject::addRuntimeObject):
3034         (JSC::Bindings::RootObject::removeRuntimeObject):
3035         (JSC::Bindings::RootObject::finalize): Use the new idioms.
3036
3037         * bridge/runtime_root.h:
3038         (RootObject): Clarified the word "need".
3039
3040 2012-05-24  Kent Tamura  <tkent@chromium.org>
3041
3042         PAGE_POPUP: window.setValueAndClosePopup should be moved to a
3043         per-context property of DOMWindow.
3044         https://bugs.webkit.org/show_bug.cgi?id=87086
3045
3046         Reviewed by Adam Barth.
3047
3048         - Introduce window.pagePagePopupController property as V8EnabledPerContext.
3049         - Move window.setValueAndClosePopup() to window.pagePopupController.
3050         So, we can remove ad-hoc ScriptController::installFunctionsForPagePopup().
3051
3052         No behavior change.
3053
3054         Test: fast/forms/date/no-page-popup-controller.html
3055
3056         * Resources/calendarPicker.js:
3057         (submitValue): Use window.pagePopupController.
3058         (handleCancel): ditto.
3059         * WebCore.gypi: Add new files.
3060         * bindings/generic/ContextEnabledFeatures.cpp:
3061         (WebCore::ContextEnabledFeatures::pagePopupEnabled): Added.
3062         * bindings/generic/ContextEnabledFeatures.h:
3063         (ContextEnabledFeatures): Added.
3064         * bindings/v8/ScriptController.cpp: Remove installFunctionsForPagePopup().
3065         * bindings/v8/ScriptController.h: ditto.
3066         * loader/FrameLoaderClient.h:
3067         (WebCore::FrameLoaderClient::allowPagePopup): Added.
3068         * page/DOMWindowPagePopup.cpp:
3069         (WebCore::DOMWindowPagePopup::DOMWindowPagePopup):
3070         Creates a PagePopupController object for the specified PagePopupClient.
3071         (WebCore::DOMWindowPagePopup::~DOMWindowPagePopup):
3072         Empty destructor to generate the RefPtr<PagePopupController> destructor.
3073         (WebCore::DOMWindowPagePopup::pagePopupController):
3074         * page/DOMWindowPagePopup.h:
3075         (DOMWindowPagePopup):
3076          - Remove setValueAndClosePopup()
3077          - Add pagePopupController()
3078          - Change the data member from PagePopupClient to PagePopupController.
3079         * page/DOMWindowPagePopup.idl: Supply per-context window.pagePopupController.
3080         * page/PagePopupController.cpp: Added. This object is attached to window.
3081         * page/PagePopupController.h: ditto.
3082         * page/PagePopupController.idl: ditto.
3083
3084 2012-05-21  Kinuko Yasuda  <kinuko@chromium.org>
3085
3086         Cleanup: add a file system call which captures the file metadata at once.
3087         https://bugs.webkit.org/show_bug.cgi?id=86995
3088
3089         Reviewed by David Levin.
3090
3091         Current File.slice() (webkitSlice()) implementation calls two separate platform calls,
3092         getFileSize() and getFileModificationTime() [both are defined in platform/FileSystem.h],
3093         to capture the file metadata, but we should have a single file system call to get them at once
3094         for two reasons: 1. save additional system call costs, and 2.  atomically obtain the file metadata.
3095
3096         No new tests: existing tests (http/tests/local/fileapi/* and fast/files/*) should pass.
3097
3098         * fileapi/File.cpp:
3099         (WebCore::File::captureSnapshot):
3100         * platform/FileMetadata.h:
3101         * platform/FileSystem.h:
3102         * platform/chromium/FileSystemChromium.cpp:
3103         (WebCore::getFileMetadata): Added.
3104         * platform/chromium/PlatformSupport.h:
3105         (PlatformSupport):
3106         * platform/gtk/FileSystemGtk.cpp:
3107         (WebCore::getFileMetadata): Added.
3108         * platform/posix/FileSystemPOSIX.cpp:
3109         (WebCore::getFileMetadata): Added.
3110         * platform/qt/FileSystemQt.cpp:
3111         (WebCore::getFileMetadata): Added.
3112         * platform/win/FileSystemWin.cpp:
3113         (WebCore::getFileSizeFromFindData):
3114         (WebCore::getFileModificationTimeFromFindData):
3115         (WebCore::getFileSize):
3116         (WebCore::getFileModificationTime):
3117         (WebCore::getFileMetadata): Added.
3118         * platform/wince/FileSystemWinCE.cpp:
3119         (WebCore::getFileSizeFromFileInfo):
3120         (WebCore::getFileModificationTimeFromFileInfo):
3121         (WebCore::getFileSize):
3122         (WebCore::getFileModificationTime):
3123         (WebCore::getFileMetadata): Added.
3124         * platform/wx/FileSystemWx.cpp:
3125         (WebCore::getFileMetadata): Added.
3126         (WebCore):
3127
3128 2012-05-24  Hironori Bono  <hbono@chromium.org>
3129
3130         Enable grammar checking on Chromium when we paste text (Take 2)
3131         https://bugs.webkit.org/show_bug.cgi?id=74393
3132
3133         Reviewed by Ryosuke Niwa.
3134
3135         This change enables grammar checking on Chromium and implements a mock grammar
3136         checker to fix a failing test.
3137
3138         Test: editing/spelling/grammar-markers.html
3139
3140         * platform/graphics/skia/GraphicsContextSkia.cpp:
3141         (WebCore::GraphicsContext::drawLineForDocumentMarker): render grammar markers in gray on Windows and Linux or in green on Mac.
3142
3143 2012-05-24  Dominic Mazzoni  <dmazzoni@google.com>
3144
3145         Crash in WebCore::AccessibilityTable::isDataTable
3146         https://bugs.webkit.org/show_bug.cgi?id=87409
3147
3148         Reviewed by Abhishek Arya.
3149
3150         Use Node::rendererIsEditable everywhere rather than
3151         Node::isContentEditable because the latter can trigger a layout
3152         and destroy the renderer. New test covers the change to
3153         AccessibilityTable.cpp, changes to AccessibilityRenderObject.cpp
3154         are covered by existing tests.
3155
3156         Test: accessibility/contenteditable-table-check-causes-crash.html
3157
3158         * accessibility/AccessibilityRenderObject.cpp:
3159         (WebCore::AccessibilityRenderObject::isReadOnly):
3160         (WebCore::AccessibilityRenderObject::contentChanged):
3161         * accessibility/AccessibilityTable.cpp:
3162         (WebCore::AccessibilityTable::isDataTable):
3163
3164 2012-05-24  Yoshifumi Inoue  <yosin@chromium.org>
3165
3166         [Forms][TextArea] Too long validation message doesn't count LF as CRLF
3167         https://bugs.webkit.org/show_bug.cgi?id=87458
3168
3169         Reviewed by Kent Tamura.
3170
3171         This patch changes current number of characters in "too long" validation message
3172         parameter to counting newline as 2 characters (CR and LF) as submission data.
3173
3174         No new tests. To have test for this change, we need to change localization
3175         text handling during DRT. We'll try.
3176
3177         * html/HTMLTextAreaElement.cpp:
3178         (WebCore::HTMLTextAreaElement::validationMessage): Use computeLengthForSubmission instead of numGraphmeClusters.
3179
3180 2012-05-24  Hayato Ito  <hayato@chromium.org>
3181
3182         Fix crashes caused by a DOMCharacterDataModified event on a text node.
3183         https://bugs.webkit.org/show_bug.cgi?id=86953
3184
3185         Reviewed by Dimitri Glazkov.
3186
3187         TextNode can be released while CharacterData::setData() will dispatch a mutation event.
3188         So protect it.
3189
3190         Mutation event itself should not be dispatched on the test case.
3191         This is being tracked by webkit bug https://bugs.webkit.org/show_bug.cgi?id=87372.
3192
3193         Test: fast/events/dom-character-data-modified-textarea-crash.html
3194
3195         * dom/CharacterData.cpp:
3196         (WebCore::CharacterData::setData):
3197
3198 2012-05-24  Philippe Normand  <pnormand@igalia.com>
3199
3200         [GTK] Add --enable-css3-flexbox configure option after r118304.
3201         https://bugs.webkit.org/show_bug.cgi?id=87455
3202
3203         Reviewed by Xan Lopez.
3204
3205         * GNUmakefile.am:
3206
3207 2012-05-24  MORITA Hajime  <morrita@google.com>
3208
3209         Scoped stylesheet should be per-document-configurable.
3210         https://bugs.webkit.org/show_bug.cgi?id=86985
3211
3212         Reviewed by Kent Tamura.
3213
3214         This change replaced RuntimeEnabledFeatures::styleScopedEnabled() callsites
3215         with newly introduced ContextEnabledFeatures::styleScopedEnabled().
3216         Clients can override the decision by implementing FrameLoaderClient::allowStyleScoped().
3217
3218         No new tests. This isn't testable on DRT.
3219
3220         * bindings/generic/ContextEnabledFeatures.cpp:
3221         (WebCore):
3222         (WebCore::ContextEnabledFeatures::styleScopedEnabled):
3223         * bindings/generic/ContextEnabledFeatures.h:
3224         (WebCore):
3225         (ContextEnabledFeatures):
3226         * css/StyleResolver.cpp:
3227         (WebCore::StyleResolver::determineScope):
3228         * css/StyleResolver.h:
3229         (StyleResolver):
3230         * html/HTMLStyleElement.cpp:
3231         (WebCore::HTMLStyleElement::registerWithScopingNode):
3232         (WebCore::HTMLStyleElement::unregisterWithScopingNode):
3233         * loader/FrameLoaderClient.h:
3234         (WebCore::FrameLoaderClient::allowStyleScoped):
3235
3236 2012-05-24  Sheriff Bot  <webkit.review.bot@gmail.com>
3237
3238         Unreviewed, rolling out r118452.
3239         http://trac.webkit.org/changeset/118452
3240         https://bugs.webkit.org/show_bug.cgi?id=87446
3241
3242         Causes many tests to assert on Mac, NRWT bails out (Requested
3243         by sundiamonde on #webkit).
3244
3245         * rendering/RenderObject.cpp:
3246         (WebCore::RenderObject::~RenderObject):
3247         (WebCore::RenderObject::clearLayoutRootIfNeeded):
3248
3249 2012-05-24  Kevin Ollivier  <kevino@theolliviers.com>
3250
3251         [wx] Unreviewed build fix. Add contextMenuItemVector stub.
3252
3253         * platform/wx/ContextMenuWx.cpp:
3254         (WebCore):
3255         (WebCore::contextMenuItemVector):
3256
3257 2012-05-24  Raymond Toy  <rtoy@google.com>
3258
3259         Use 32-byte alignment in AudioArray if using WEBAUDIO_FFMPEG
3260         https://bugs.webkit.org/show_bug.cgi?id=87430
3261
3262         Reviewed by Chris Rogers.
3263
3264         Covered by existing tests.
3265
3266         * platform/audio/AudioArray.h:
3267         (WebCore::AudioArray::allocate):
3268
3269 2012-05-24  Antoine Labour  <piman@chromium.org>
3270
3271         [chromium] Add a setForceRenderSurface to WebLayer for test/bench purpose
3272         https://bugs.webkit.org/show_bug.cgi?id=87436
3273
3274         Reviewed by James Robinson.
3275
3276         Tested by CCLayerTreeHostCommonTest.verifyForceRenderSurface
3277
3278         * platform/graphics/chromium/LayerChromium.cpp:
3279         (WebCore::LayerChromium::LayerChromium):
3280         (WebCore::LayerChromium::setForceRenderSurface):
3281         (WebCore):
3282         (WebCore::LayerChromium::pushPropertiesTo):
3283         * platform/graphics/chromium/LayerChromium.h:
3284         (WebCore::LayerChromium::forceRenderSurface):
3285         (LayerChromium):
3286         * platform/graphics/chromium/cc/CCLayerImpl.cpp:
3287         (WebCore::CCLayerImpl::CCLayerImpl):
3288         * platform/graphics/chromium/cc/CCLayerImpl.h:
3289         (WebCore::CCLayerImpl::forceRenderSurface):
3290         (WebCore::CCLayerImpl::setForceRenderSurface):
3291         (CCLayerImpl):
3292         * platform/graphics/chromium/cc/CCLayerTreeHostCommon.cpp:
3293         (WebCore::subtreeShouldRenderToSeparateSurface):
3294
3295 2012-05-24  Ken Buchanan  <kenrb@chromium.org>
3296
3297         Layout root not getting cleared for anonymous renderers geting destroyed
3298         https://bugs.webkit.org/show_bug.cgi?id=84002
3299
3300         Reviewed by Abhishek Arya.
3301
3302         This is a follow-up to r109406, which added a check to clear layout
3303         roots when they point to a renderer that is being destroyed. The
3304         thinking was that layout roots would never be anonymous renderers,
3305         but there are some cases where this is not true (in particular,
3306         generated content containers with overflow clips can be layout roots).
3307
3308         As in r109406, this patch has no layout test. This is because any test
3309         that exercises this behavior is caused by an existing layout bug where
3310         a child is not properly getting layout (or a renderer is getting dirtied
3311         out of order during layout) and will fail multiple ASSERTs:
3312         in particular, ASSERT(!m_layoutRoot->container() || !m_layoutRoot->
3313         container()->needsLayout()) in FrameView::scheduleRelayoutOfSubtree(),
3314         and ASSERT_NOT_REACHED() in RenderObject::clearLayoutRootIfNeeded().
3315         We are preventing those bugs from manifesting as security issues with
3316         this patch.
3317
3318         * rendering/RenderObject.cpp:
3319         (WebCore::RenderObject::~RenderObject):
3320         (WebCore::RenderObject::willBeDestroyed):
3321
3322 2012-05-24  Anders Carlsson  <andersca@apple.com>
3323
3324         Corrupted pages rendering when images are zoomed on Google+
3325         https://bugs.webkit.org/show_bug.cgi?id=87439
3326         <rdar://problem/11503078>
3327
3328         Reviewed by Beth Dakin.
3329
3330         The rect that's given to scrollContentsSlowPath is in frame view coordinates, but if we end up
3331         passing them to RenderLayer::setBackingNeedsRepaintInRect we need to account for the frame scale factor.
3332
3333         * page/FrameView.cpp:
3334         (WebCore::FrameView::scrollContentsSlowPath):
3335
3336 2012-05-24  Ryosuke Niwa  <rniwa@webkit.org>
3337
3338         REGRESSION (r112399): insertHTML doesn't respect current selection range and inserts HTML to incorrect position
3339         https://bugs.webkit.org/show_bug.cgi?id=87195
3340
3341         Reviewed by Darin Adler.
3342
3343         The bug was caused by our passing insertionPos.anchorNode() to splitTreeToNode's start node even when
3344         the position's type was an offset in a container. Fixed the bug by passing the node after the insert position
3345         or the container node if the position is at the end of the container.
3346
3347         Test: editing/pasteboard/paste-at-end-of-node-followed-by-inline-element.html
3348
3349         * editing/ReplaceSelectionCommand.cpp:
3350         (WebCore::ReplaceSelectionCommand::doApply):
3351
3352 2012-05-24  Emil A Eklund  <eae@chromium.org>
3353
3354         REGRESSION (115573): Incorrect rounding of margins for floats
3355         https://bugs.webkit.org/show_bug.cgi?id=87319
3356
3357         Reviewed by Eric Seidel.
3358
3359         In RenderBlock::computeInlinePreferredLogicalWidths we used a float to
3360         accumulate margins for floating children while the children themselves
3361         represent their margins as LayoutUnits. Due to lack of rounding this can
3362         cause the block to be too small at certain certain zoom levels, causing
3363         unwanted wrapping. 
3364
3365         This patch changes computeInlinePreferredLogicalWidths to use a
3366         LayoutUnit to accumulate the margins and thus ensures that the margin
3367         values are rounded the same way.
3368
3369         Test: fast/block/float/floats-with-margin-should-not-wrap.html
3370
3371         * rendering/RenderBlock.cpp:
3372         (WebCore::RenderBlock::computeInlinePreferredLogicalWidths):
3373
3374 2012-05-24  Christophe Dumez  <christophe.dumez@intel.com>
3375
3376         postMessage and webkitPostMessage should behave the same way
3377         https://bugs.webkit.org/show_bug.cgi?id=87384
3378
3379         Reviewed by Adam Barth.
3380
3381         Make postMessage behave the same way as webkitPostMessage, meaning
3382         that it supports transfer of MessagePorts and ArrayBuffers as per
3383         the spec. Both V8 and JSC implementations have been updated.
3384
3385         Test: fast/dom/Window/window-postmessage-args.html
3386
3387         * bindings/js/JSDOMWindowCustom.cpp:
3388         (WebCore::handlePostMessage):
3389         (WebCore::JSDOMWindow::postMessage):
3390         (WebCore::JSDOMWindow::webkitPostMessage):
3391         * bindings/v8/custom/V8DOMWindowCustom.cpp:
3392         (WebCore::handlePostMessageCallback):
3393         (WebCore::V8DOMWindow::postMessageCallback):
3394         (WebCore::V8DOMWindow::webkitPostMessageCallback):
3395         * bindings/v8/custom/V8DedicatedWorkerContextCustom.cpp:
3396         (WebCore::handlePostMessageCallback):
3397         (WebCore::V8DedicatedWorkerContext::postMessageCallback):
3398         (WebCore::V8DedicatedWorkerContext::webkitPostMessageCallback):
3399         * bindings/v8/custom/V8MessagePortCustom.cpp:
3400         (WebCore::handlePostMessageCallback):
3401         (WebCore::V8MessagePort::postMessageCallback):
3402         (WebCore::V8MessagePort::webkitPostMessageCallback):
3403         * bindings/v8/custom/V8WorkerCustom.cpp:
3404         (WebCore::handlePostMessageCallback):
3405         (WebCore::V8Worker::postMessageCallback):
3406         (WebCore::V8Worker::webkitPostMessageCallback):
3407
3408 2012-05-24  Pablo Flouret  <pablof@motorola.com>
3409
3410         Submit button doesn't submit the form if the form is wrapped by an anchor tag
3411         https://bugs.webkit.org/show_bug.cgi?id=86719
3412
3413         Reviewed by Ryosuke Niwa.
3414
3415         When a form's button is clicked or activated with the keyboard a
3416         DOMActivate event is dispatched internally and the default handler for
3417         it takes care of processing the form submission, but the underlying
3418         event that prompted it is not set as handled and so it ends up
3419         navigating the anchor, thereby cancelling the form submission.
3420
3421         This patch sets the original click event as handled if the DOMActivate
3422         event was handled. This matches the rest of the browsers for form
3423         controls that submit a form (input type=submit, button type=submit,
3424         input type=image, etc), and matches IE for the rest of the controls
3425         (basically, IE never activates the anchor when clicking on form
3426         controls, Presto and Gecko mostly don't either, except in a few cases.
3427
3428         Test: fast/forms/form-in-anchor-controls-activation.html
3429
3430         * dom/Node.cpp:
3431         (WebCore::Node::dispatchDOMActivateEvent):
3432         (WebCore::Node::defaultEventHandler):
3433         * dom/Node.h:
3434         (Node):
3435         * html/HTMLButtonElement.cpp:
3436         (WebCore::HTMLButtonElement::defaultEventHandler):
3437
3438 2012-05-24  Crystal Zhang  <haizhang@rim.com>
3439
3440         [BlackBerry] Implement select popup and remove old hook to air popup
3441         https://bugs.webkit.org/show_bug.cgi?id=87419
3442
3443         Reviewed by Rob Buis.
3444
3445         Add new files to make file, add css file for select popup.
3446
3447         * PlatformBlackBerry.cmake:
3448         * Resources/blackberry/popupControlBlackBerry.css: Added.
3449         (html):
3450         (body):
3451         (.bottombuttonOK):
3452         (.bottombuttonCancel):
3453         (.tablebutton):
3454
3455 2012-05-24  Levi Weintraub  <leviw@chromium.org>
3456
3457         Avoid creating InlineBoxes for floating and positioned objects in isolates.
3458         https://bugs.webkit.org/show_bug.cgi?id=87277
3459
3460         Reviewed by Eric Seidel.
3461
3462         We currently will create a placeholder run for the first object we encounter inside an isolate. Then
3463         in RenderBlockLineLayout's constructBidiRuns, we replace that run with the contents of the Isolate.
3464         We run into problems when there are no valid contents in the Isolate. We can't simply remove the
3465         placeholder if there's nothing to replace it with since it may be the logically last run, which we
3466         track but can't rebuild by the time we're handling isolates (we've already shuffled the BidiRuns around).
3467
3468         With this change, we avoid creating a placeholder altogether until we hit contents in the isolate
3469         that would warrant a BidiRun in the first place.
3470
3471         Test: fast/text/international/float-as-only-child-of-isolate-crash.html
3472
3473         * rendering/InlineIterator.h:
3474         (WebCore::IsolateTracker::addFakeRunIfNecessary):
3475         * rendering/RenderBlock.h:
3476         (RenderBlock):
3477         (WebCore::RenderBlock::shouldSkipCreatingRunsForObject):
3478         * rendering/RenderBlockLineLayout.cpp:
3479         (WebCore::RenderBlock::appendRunsForObject):
3480
3481 2012-05-24  Ryosuke Niwa  <rniwa@webkit.org>
3482
3483         There are too many poorly named functions to create a fragment from markup
3484         https://bugs.webkit.org/show_bug.cgi?id=87339
3485
3486         Reviewed by Eric Seidel.
3487
3488         Moved all functions that create a fragment from markup to markup.h/cpp.
3489         There should be no behavioral change.
3490
3491         * dom/Range.cpp:
3492         (WebCore::Range::createContextualFragment):
3493         * dom/Range.h: Removed createDocumentFragmentForElement.
3494         * dom/ShadowRoot.cpp:
3495         (WebCore::ShadowRoot::setInnerHTML):
3496         * editing/markup.cpp:
3497         (WebCore::createFragmentFromMarkup):
3498         (WebCore::createFragmentForInnerOuterHTML): Renamed from createFragmentFromSource.
3499         (WebCore::createFragmentForTransformToFragment): Moved from XSLTProcessor.
3500         (WebCore::removeElementPreservingChildren): Moved from Range.
3501         (WebCore::createContextualFragment): Ditto.
3502         * editing/markup.h:
3503         * html/HTMLElement.cpp:
3504         (WebCore::HTMLElement::setInnerHTML):
3505         (WebCore::HTMLElement::setOuterHTML):
3506         (WebCore::HTMLElement::insertAdjacentHTML):
3507         * inspector/DOMPatchSupport.cpp:
3508         (WebCore::DOMPatchSupport::patchNode): Added a FIXME since this code should be using
3509         one of the functions listed in markup.h
3510         * xml/XSLTProcessor.cpp:
3511         (WebCore::XSLTProcessor::transformToFragment):
3512
3513 2012-05-24  Jer Noble  <jer.noble@apple.com>
3514
3515         MediaControlTimelineElement is adjusting time 3 times per click
3516         https://bugs.webkit.org/show_bug.cgi?id=58160
3517
3518         Reviewed by Eric Carlson.
3519
3520         No new tests; we intentionally throttle timeupdate events for the same
3521         movie time, so there is no way to write a layout test for this case.
3522
3523         Only call setCurrentTime() on mousedown or mousemove events.
3524
3525         * html/shadow/MediaControlElements.cpp:
3526         (WebCore::MediaControlTimelineElement::defaultEventHandler):
3527
3528 2012-05-24  John Mellor  <johnme@chromium.org>
3529
3530         Font Boosting: Add compile flag and runtime setti