WebKit.git
4 years agobmalloc: Misc improvements to MallocBench
ggaren@apple.com [Mon, 25 Apr 2016 23:50:25 +0000 (23:50 +0000)]
bmalloc: Misc improvements to MallocBench
https://bugs.webkit.org/show_bug.cgi?id=157004

Reviewed by Darin Adler.

* MallocBench/run-malloc-benchmarks: Added --memory and --memory_warning
modes for focused memory testing.

* MallocBench/MallocBench/Benchmark.cpp:
(Benchmark::printReport): Clarified output.

(Benchmark::currentMemoryBytes): Added compressed memory because top
does the same. (It always happens to zero in the benchmarks we run. But
this is good for sanity.)

* MallocBench/MallocBench/CommandLine.cpp: Moved up to 8 runs to reduce
variance.

* MallocBench/MallocBench/alloc_free.cpp:
(benchmark_alloc_free): Cycle a single allocation in order to stress
the effect of merging on calls to madvise.

* MallocBench/MallocBench/big.cpp:
(benchmark_big): Graduated to 8kB-128kB because medium tests up to 8 and
our large allocator doesn't kick in until 64kB.

* MallocBench/MallocBench/medium.cpp:
(benchmark_medium): Test all the way down to 1kB because our large
allocator used to service 1kB allocations and 1kB is an interesting
middle size where memory is unusually large but allocation throughput
still matters.

* MallocBench/MallocBench/stress.cpp:
(benchmark_stress): Reduced the churn count to match stress_aligned
because this test was taking too long to complete.

* MallocBench/MallocBench/stress_aligned.cpp:
(benchmark_stress_aligned): Our new large allocator can handle even
more absurdly large values.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200060 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Tools] whitelist all-uppercase JSTokenType enum in JavaScriptCore
commit-queue@webkit.org [Mon, 25 Apr 2016 23:41:51 +0000 (23:41 +0000)]
[Tools] whitelist all-uppercase JSTokenType enum in JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=156976

Patch by Caitlin Potter <caitp@igalia.com> on 2016-04-25
Reviewed by Darin Adler.

Mitigate style-checker spam on bugs which introduce new JavaScript
token types.

* Scripts/webkitpy/style/checkers/cpp.py:
(_EnumState.__init__):
(_EnumState.process_clean_line):
* Scripts/webkitpy/style/checkers/cpp_unittest.py:
(NoNonVirtualDestructorsTest.test_enum_casing):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200059 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Web IDL] Specify default values for optional parameters of type 'float' / 'unrestric...
cdumez@apple.com [Mon, 25 Apr 2016 23:39:01 +0000 (23:39 +0000)]
[Web IDL] Specify default values for optional parameters of type 'float' / 'unrestricted float'
https://bugs.webkit.org/show_bug.cgi?id=156995

Reviewed by Darin Adler.

Specify default values for optional parameters of type 'float' / 'unrestricted float'
and let the bindings generator use WTF::Optional<> for the ones that do not have a
default value.

* bindings/scripts/CodeGeneratorJS.pm:
(CanUseWTFOptionalForParameter): Deleted.
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
(WebCore::jsTestTypedefsPrototypeFunctionSetShadow):
* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::CanvasRenderingContext2D::setStrokeColor):
(WebCore::CanvasRenderingContext2D::setFillColor):
(WebCore::CanvasRenderingContext2D::setShadow):
(WebCore::CanvasRenderingContext2D::fillText):
(WebCore::CanvasRenderingContext2D::strokeText):
(WebCore::CanvasRenderingContext2D::drawTextInternal):
(WebCore::CanvasRenderingContext2D::clearShadow): Deleted.
(WebCore::normalizeSpaces): Deleted.
(WebCore::CanvasRenderingContext2D::measureText): Deleted.
* html/canvas/CanvasRenderingContext2D.h:
* html/canvas/CanvasRenderingContext2D.idl:
* testing/Internals.idl:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200058 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWebEditorClient should properly write to m_rangeForCandidates
bdakin@apple.com [Mon, 25 Apr 2016 23:34:06 +0000 (23:34 +0000)]
WebEditorClient should properly write to m_rangeForCandidates
https://bugs.webkit.org/show_bug.cgi?id=157003
-and corresponding-
rdar://problem/25910418

Reviewed by Tim Horton.

Actually write to m_rangeForCandidates instead of declaring a local variable
of the same name. :-/
* WebCoreSupport/WebEditorClient.mm:
(WebEditorClient::requestCandidatesForSelection):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200057 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd port 4190 (managesieve) to port blacklist
bfulgham@apple.com [Mon, 25 Apr 2016 23:13:54 +0000 (23:13 +0000)]
Add port 4190 (managesieve) to port blacklist
https://bugs.webkit.org/show_bug.cgi?id=156986
<rdar://problem/9119470>

Reviewed by Daniel Bates.

Source/WebCore:

Tested by security/block-test.html.

* platform/URL.cpp:
(WebCore::portAllowed): Add 4190 to the port blacklist.

LayoutTests:

* platform/mac/security/block-test-expected.txt
* security/block-test-expected.txt:
* security/block-test.html:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200056 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaseline editing tests for ios-simulator-wk1
ryanhaddad@apple.com [Mon, 25 Apr 2016 23:04:18 +0000 (23:04 +0000)]
Rebaseline editing tests for ios-simulator-wk1

Unreviewed test gardening

* platform/ios-simulator-wk1/editing/deleting/delete-at-paragraph-boundaries-002-expected.txt:
* +71 more

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200055 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAX: Crash at -[WebAccessibilityObjectWrapper accessibilityAttributeValue:] + 4391
n_wang@apple.com [Mon, 25 Apr 2016 22:40:45 +0000 (22:40 +0000)]
AX: Crash at -[WebAccessibilityObjectWrapper accessibilityAttributeValue:] + 4391
https://bugs.webkit.org/show_bug.cgi?id=156987

Reviewed by Chris Fleizach.

Source/WebCore:

When we hit test on a slider indicator asking for the value when the parent slider's
accessibility object is not created or the parent slider has been removed, it will cause
crash. Fixed it by adding a check to see if the object is detached from the parent.

Test: accessibility/mac/slider-thumb-value-crash.html

* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

LayoutTests:

* accessibility/mac/slider-thumb-value-crash-expected.txt: Added.
* accessibility/mac/slider-thumb-value-crash.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200054 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix issues with content-animation performance tests
simon.fraser@apple.com [Mon, 25 Apr 2016 22:40:24 +0000 (22:40 +0000)]
Fix issues with content-animation performance tests
https://bugs.webkit.org/show_bug.cgi?id=157001

Reviewed by Sam Weinig.

Add patch content for svg-animation.html, and fix the paths in the patch so
it applies correctly.

Add the patch file to the .plan file.

* Scripts/webkitpy/benchmark_runner/data/patches/ContentAnimation.patch:
* Scripts/webkitpy/benchmark_runner/data/plans/content-animation.plan:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200053 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWebKitPlaybackSessionModelMediaElement should initialize the interface added by setWe...
jer.noble@apple.com [Mon, 25 Apr 2016 21:58:11 +0000 (21:58 +0000)]
WebKitPlaybackSessionModelMediaElement should initialize the interface added by setWebPlaybackSessionInterface() with initial data
https://bugs.webkit.org/show_bug.cgi?id=156996

Reviewed by Beth Dakin.

Notify the interface of the current values in the media element when the model is given an interface.

* platform/cocoa/WebPlaybackSessionModelMediaElement.mm:
(WebPlaybackSessionModelMediaElement::setWebPlaybackSessionInterface):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200052 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAttempt to fix a flaky test after r200032
beidson@apple.com [Mon, 25 Apr 2016 21:38:19 +0000 (21:38 +0000)]
Attempt to fix a flaky test after r200032
https://bugs.webkit.org/show_bug.cgi?id=156994

* http/tests/local/fileapi/script-tests/file-last-modified-after-delete.js: Missed renaming this along with all the others.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200051 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCrash under -[WKWebView _mayAutomaticallyShowVideoPictureInPicture] + 32 (WKWebView...
cdumez@apple.com [Mon, 25 Apr 2016 21:13:23 +0000 (21:13 +0000)]
Crash under -[WKWebView _mayAutomaticallyShowVideoPictureInPicture] + 32 (WKWebView.mm:309)
https://bugs.webkit.org/show_bug.cgi?id=156990
<rdar://problem/25904376>

Reviewed by Jer Noble.

In case of WebProcess crash, WebPageProxy::processDidCrash() will call resetState() which
will nullify WebPageProxy::m_videoFullscreenManager. In WebPageProxy::reattachToWebProcess(),
we then call updateViewState() before re-initializing m_videoFullscreenManager, and
updateViewState() ends up calling [WKWebView _mayAutomaticallyShowVideoPictureInPicture]
which dereferences WebPageProxy::m_videoFullscreenManager without null check. This patch
adds a null check for m_videoFullscreenManager in _mayAutomaticallyShowVideoPictureInPicture.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _mayAutomaticallyShowVideoPictureInPicture]):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200050 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd a content animation test that uses SVG animation.
simon.fraser@apple.com [Mon, 25 Apr 2016 21:07:32 +0000 (21:07 +0000)]
Add a content animation test that uses SVG animation.
https://bugs.webkit.org/show_bug.cgi?id=156827

* Animation/svg-animation.html: Added.
* Skipped:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200049 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCrash using @tryGetById in DFG
msaboff@apple.com [Mon, 25 Apr 2016 20:59:39 +0000 (20:59 +0000)]
Crash using @tryGetById in DFG
https://bugs.webkit.org/show_bug.cgi?id=156992

Reviewed by Filip Pizlo.

We need to spill live registers when compiling TryGetById in DFG.

* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileTryGetById):
* tests/stress/regress-156992.js: New test.
(tryMultipleGetByIds):
(test):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200048 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoToggling animation-play-state can re-start a finished animation
simon.fraser@apple.com [Mon, 25 Apr 2016 20:56:47 +0000 (20:56 +0000)]
Toggling animation-play-state can re-start a finished animation
https://bugs.webkit.org/show_bug.cgi?id=156731

Reviewed by Dean Jackson.

Source/WebCore:

After an animation completed, CompositeAnimation::updateKeyframeAnimations() cleared
all state that the animation had run on the element, so changing the value of some
animation property triggered the animation to run again. This is wrong, since animation-name
still applied to the element.

Fix by keeping state for keyframe animations in the Done state in the m_keyframeAnimations
map. This allows for the removal of the index property on KeyframeAnimation.

Tests: animations/change-completed-animation-transform.html
       animations/change-completed-animation.html

* page/animation/AnimationBase.cpp:
(WebCore::AnimationBase::timeToNextService):
* page/animation/AnimationBase.h:
(WebCore::AnimationBase::isAnimatingProperty):
* page/animation/CompositeAnimation.cpp: Add animations that should stick around to AnimationNameMap,
and swap with m_keyframeAnimations at the end.
(WebCore::CompositeAnimation::updateKeyframeAnimations):
* page/animation/KeyframeAnimation.cpp:
(WebCore::KeyframeAnimation::KeyframeAnimation):
(WebCore::KeyframeAnimation::getAnimatedStyle):
* page/animation/KeyframeAnimation.h:

LayoutTests:

* animations/animation-direction-reverse-expected.txt:
* animations/animation-direction-reverse.html: This is a progression. The test was detecting a
restarted animation.
* animations/change-completed-animation-expected.txt: Added.
* animations/change-completed-animation-transform-expected.html: Added.
* animations/change-completed-animation-transform.html: Added. Ref test that ensures that the final
state for normal and accelerated animations is correct.
* animations/change-completed-animation.html: Added. Tests that changing a property doesn't trigger
another animation, by detecting a second animationstart event.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200047 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Crashes if DISPLAY is unset
berto@igalia.com [Mon, 25 Apr 2016 20:48:04 +0000 (20:48 +0000)]
[GTK] Crashes if DISPLAY is unset
https://bugs.webkit.org/show_bug.cgi?id=156972

Reviewed by Carlos Garcia Campos.

If DISPLAY is unset then m_display will be NULL, crashing WebKit
when XCloseDisplay is called in the PlatformDisplayX11 destructor.

* platform/graphics/x11/PlatformDisplayX11.cpp:
(WebCore::PlatformDisplayX11::~PlatformDisplayX11):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200046 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTweaking IndexedDB watchlist and adding myself to it.
beidson@apple.com [Mon, 25 Apr 2016 20:33:09 +0000 (20:33 +0000)]
Tweaking IndexedDB watchlist and adding myself to it.

* Scripts/webkitpy/common/config/watchlist:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200045 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdate JS bindings test results after r200037
ryanhaddad@apple.com [Mon, 25 Apr 2016 20:07:40 +0000 (20:07 +0000)]
Update JS bindings test results after r200037

Unreviewed test gardening.

* bindings/scripts/test/JS/JSTestTypedefs.cpp:
(WebCore::jsTestTypedefsPrototypeFunctionFuncWithClamp):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200044 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoplay-state not parsed as part of animation shorthand
simon.fraser@apple.com [Mon, 25 Apr 2016 20:06:09 +0000 (20:06 +0000)]
play-state not parsed as part of animation shorthand
https://bugs.webkit.org/show_bug.cgi?id=156959

Reviewed by Darin Adler.

Source/WebCore:

We failed to parse animation-play-state as part of the animation shorthand, contrary
to the spec and other browsers.

Fix for both the prefixed and unprefixed properties. There is some compat risk here,
but only changing unprefixed behavior will probably lead to more author confusion.

Test: animations/play-state-in-shorthand.html

* css/CSSParser.cpp:
(WebCore::CSSParser::parseAnimationShorthand):
* css/CSSPropertyNames.in:
* css/StylePropertyShorthand.cpp:
(WebCore::animationShorthandForParsing): Remove the long comment which is no longer relevant
now that the behavior has been written into the spec.

LayoutTests:

* animations/animation-shorthand-expected.txt:
* animations/animation-shorthand.html:
* animations/play-state-in-shorthand-expected.txt: Added.
* animations/play-state-in-shorthand.html: Added.
* animations/resources/animation-test-helpers.js:
(getPropertyValue):
(comparePropertyValue):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200043 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoNegative animation-delay is treated as 0s
simon.fraser@apple.com [Mon, 25 Apr 2016 20:06:04 +0000 (20:06 +0000)]
Negative animation-delay is treated as 0s
https://bugs.webkit.org/show_bug.cgi?id=141008

Reviewed by Daniel Bates.

Source/WebCore:

Fix keyframe animations which start in the paused state.

Explicitly move such animations from the new to the paused state, and
set m_pauseTime to 0, rather than leaving it at -1. Fix getElapsedTime()
to compute a correct time elapsed time for such animations, which takes
negative delay into account correctly.

Fix assertions which need to account for the new transition of New -> PlayStatePaused.

Test: animations/play-state-start-paused.html

* page/animation/AnimationBase.cpp:
(WebCore::AnimationBase::updateStateMachine):
(WebCore::AnimationBase::getElapsedTime):
* page/animation/KeyframeAnimation.cpp:
(WebCore::KeyframeAnimation::animate):

LayoutTests:

Ref test that has an initially-paused animation on 'left' and with a
3d transform.

* animations/play-state-start-paused-expected.html: Added.
* animations/play-state-start-paused.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200042 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoInline RenderStyle into RenderElement
antti@apple.com [Mon, 25 Apr 2016 19:49:23 +0000 (19:49 +0000)]
Inline RenderStyle into RenderElement
https://bugs.webkit.org/show_bug.cgi?id=156981

Reviewed by Andreas Kling.

We can save memory and reduce indirection of style access by inlining RenderStyle to RenderElement.

This patch also makes RenderStyle moveable and switches from std::unique_ptr<RenderStyle> to RenderStyle&&
in many places where ownership is passed.

* Modules/plugins/PluginReplacement.h:
(WebCore::PluginReplacement::scriptObject):
(WebCore::PluginReplacement::willCreateRenderer):
* Modules/plugins/QuickTimePluginReplacement.h:
* Modules/plugins/QuickTimePluginReplacement.mm:
(WebCore::QuickTimePluginReplacement::~QuickTimePluginReplacement):
(WebCore::QuickTimePluginReplacement::createElementRenderer):
* Modules/plugins/YouTubePluginReplacement.cpp:
(WebCore::YouTubePluginReplacement::YouTubePluginReplacement):
(WebCore::YouTubePluginReplacement::createElementRenderer):
* Modules/plugins/YouTubePluginReplacement.h:
* css/StyleResolver.cpp:
(WebCore::StyleResolver::styleForElement):
(WebCore::StyleResolver::styleForKeyframe):
(WebCore::StyleResolver::pseudoStyleForElement):
(WebCore::StyleResolver::styleForPage):
(WebCore::StyleResolver::defaultStyleForElement):
(WebCore::StyleResolver::addToMatchedPropertiesCache):
(WebCore::StyleResolver::applyPropertyToStyle):
* dom/Document.cpp:
(WebCore::Document::recalcStyle):
(WebCore::Document::webkitWillEnterFullScreenForElement):
(WebCore::Document::setFullScreenRenderer):
* dom/Element.cpp:
(WebCore::Element::rendererIsNeeded):
(WebCore::Element::createElementRenderer):
* dom/Element.h:
(WebCore::Element::copyNonAttributePropertiesFromElement):
* dom/PseudoElement.cpp:
(WebCore::PseudoElement::resolveCustomStyle):
(WebCore::PseudoElement::didAttachRenderers):
(WebCore::PseudoElement::didRecalcStyle):
* html/BaseButtonInputType.cpp:
(WebCore::BaseButtonInputType::appendFormData):
(WebCore::BaseButtonInputType::createInputRenderer):
* html/BaseButtonInputType.h:
* html/FileInputType.cpp:
(WebCore::FileInputType::handleDOMActivateEvent):
(WebCore::FileInputType::createInputRenderer):
* html/FileInputType.h:
* html/HTMLAppletElement.cpp:
(WebCore::HTMLAppletElement::rendererIsNeeded):
(WebCore::HTMLAppletElement::createElementRenderer):

...

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200041 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r199916.
dbates@webkit.org [Mon, 25 Apr 2016 19:43:55 +0000 (19:43 +0000)]
Unreviewed, rolling out r199916.
https://bugs.webkit.org/show_bug.cgi?id=156989

Might break buildbot when master is restarted (Requested by
Srinivasan Vijayaraghava, Guest100, on #webkit).

Reverted changeset:

"Add JSC test results in json format to a buildbot log"
https://bugs.webkit.org/show_bug.cgi?id=156920
http://trac.webkit.org/changeset/199916

Patch by Commit Queue <commit-queue@webkit.org> on 2016-04-25

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200040 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStop listening for "media can start" notifications when media player is cleared
eric.carlson@apple.com [Mon, 25 Apr 2016 19:37:17 +0000 (19:37 +0000)]
Stop listening for "media can start" notifications when media player is cleared
https://bugs.webkit.org/show_bug.cgi?id=156985
<rdar://problem/23158505>

Reviewed by Jer Noble.

No new tests, I have not been able to create a test that reliably reproduces this.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::loadInternal): Add logging.
(WebCore::HTMLMediaElement::selectMediaResource): Assert and return early if there is
  no media player.
(WebCore::HTMLMediaElement::clearMediaPlayer): Stop listening for can start notifications.
(WebCore::HTMLMediaElement::visibilityStateChanged): Add logging.
(WebCore::HTMLMediaElement::mediaCanStart): Ditto.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200039 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWe don't have to parse a function's parameters every time if the function is in the...
sbarati@apple.com [Mon, 25 Apr 2016 19:08:53 +0000 (19:08 +0000)]
We don't have to parse a function's parameters every time if the function is in the source provider cache
https://bugs.webkit.org/show_bug.cgi?id=156943

Reviewed by Filip Pizlo.

This patch makes a few changes to make parsing inner functions
faster.

First, we were always parsing an inner function's parameter
list using the templatized TreeBuiler. This means if our parent scope
was building an AST, we ended up building AST nodes for the inner
function's parameter list even though these nodes would go unused.
This patch fixes that to *always* build an inner function's parameter
list using the SyntaxChecker. (Note that this is consistent now with
always building an inner function's body with a SyntaxChecker.)

Second, we were always parsing an inner function's parameter list
even if we had that function saved in the source provider cache.
I've fixed that bug and made it so that we skip over the parsing
of a function's parameter list when it's in the source provider
cache. We could probably enhance this in the future to skip
over the entirety of a function starting at the "function"
keyword or any other start of the function (depending on
the function type: arrow function, method, etc).

This patch also renames a few fields. First, I fixed a typo
from "tocken" => "token" for a few field names. Secondly,
I renamed a field that was called 'bodyStartColumn' to
'parametersStartColumn' because the field really held the
parameter list's start column.

I'm benchmarking this as a 1.5-2% octane/jquery speedup
on a 15" MBP.

* parser/ASTBuilder.h:
(JSC::ASTBuilder::createFunctionExpr):
(JSC::ASTBuilder::createMethodDefinition):
(JSC::ASTBuilder::createArrowFunctionExpr):
(JSC::ASTBuilder::createGetterOrSetterProperty):
(JSC::ASTBuilder::createFuncDeclStatement):
* parser/Lexer.cpp:
(JSC::Lexer<T>::lex):
* parser/Lexer.h:
(JSC::Lexer::currentPosition):
(JSC::Lexer::positionBeforeLastNewline):
(JSC::Lexer::lastTokenLocation):
(JSC::Lexer::setLastLineNumber):
(JSC::Lexer::lastLineNumber):
(JSC::Lexer::prevTerminator):
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::parseGeneratorFunctionSourceElements):
(JSC::Parser<LexerType>::parseFunctionBody):
(JSC::stringForFunctionMode):
(JSC::Parser<LexerType>::parseFunctionParameters):
(JSC::Parser<LexerType>::parseFunctionInfo):
* parser/Parser.h:
(JSC::Scope::usedVariablesContains):
(JSC::Scope::forEachUsedVariable):
(JSC::Scope::useVariable):
(JSC::Scope::copyCapturedVariablesToVector):
(JSC::Scope::fillParametersForSourceProviderCache):
(JSC::Scope::restoreFromSourceProviderCache):
* parser/ParserFunctionInfo.h:
* parser/SourceProviderCacheItem.h:
(JSC::SourceProviderCacheItem::endFunctionToken):
(JSC::SourceProviderCacheItem::usedVariables):
(JSC::SourceProviderCacheItem::SourceProviderCacheItem):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200038 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Web IDL] Specify default values for parameters of type 'unsigned short'
cdumez@apple.com [Mon, 25 Apr 2016 18:38:56 +0000 (18:38 +0000)]
[Web IDL] Specify default values for parameters of type 'unsigned short'
https://bugs.webkit.org/show_bug.cgi?id=156967

Reviewed by Darin Adler.

Specify default values for parameters of type 'unsigned short' and let
the bindings generator use WTF::Optional<> for the ones without a
default value.

* bindings/scripts/CodeGeneratorJS.pm:
(CanUseWTFOptionalForParameter):
(GenerateParametersCheck):
* testing/Internals.cpp:
(WebCore::Internals::layerTreeAsText): Deleted.
(WebCore::Internals::displayListForElement): Deleted.
(WebCore::Internals::replayDisplayListForElement): Deleted.
* testing/Internals.h:
* testing/Internals.idl:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200037 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Win][IndexedDB] Fix build errors.
peavo@outlook.com [Mon, 25 Apr 2016 18:38:20 +0000 (18:38 +0000)]
[Win][IndexedDB] Fix build errors.
https://bugs.webkit.org/show_bug.cgi?id=156713

Reviewed by Alex Christensen.

Fix compile and link errors when building with IndexedDB enabled.

Source/WebCore:

* Modules/indexeddb/IDBCursor.h:
* Modules/indexeddb/IDBTransaction.cpp:
* Modules/indexeddb/server/MemoryBackingStoreTransaction.h:
* Modules/indexeddb/server/MemoryIDBBackingStore.h:
* PlatformWin.cmake:
* platform/win/FileSystemWin.cpp:
(WebCore::hardLinkOrCopyFile):

Source/WebKit:

* PlatformWin.cmake:

Source/WebKit/win:

* WebView.cpp:
(WebView::notifyPreferencesChanged):
* storage: Added.
* storage/WebDatabaseProvider.cpp: Added.
(WebDatabaseProvider::indexedDatabaseDirectoryPath):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200036 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago2016-04-25 Geoffrey Garen <ggaren@apple.com>
ggaren@apple.com [Mon, 25 Apr 2016 18:20:58 +0000 (18:20 +0000)]
2016-04-25  Geoffrey Garen  <ggaren@apple.com>

        bmalloc: vm allocations should plant guard pages
        https://bugs.webkit.org/show_bug.cgi?id=156937

        Rolling back in r199936 with a fix for the memory regression.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200035 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRenaming SpecInt32, SpecInt52, MachineInt to SpecInt32Only, SpecInt52Only, AnyInt.
mark.lam@apple.com [Mon, 25 Apr 2016 17:48:46 +0000 (17:48 +0000)]
Renaming SpecInt32, SpecInt52, MachineInt to SpecInt32Only, SpecInt52Only, AnyInt.
https://bugs.webkit.org/show_bug.cgi?id=156941

Reviewed by Filip Pizlo.

While looking at https://bugs.webkit.org/show_bug.cgi?id=153431, it was decided
that SpecInt32Only, SpecInt52Only, and AnyInt would be better names for
SpecInt32, SpecInt52, and MachineInt.  Let's do a bulk rename.

This is only a renaming patch, and deletion of a piece of unused code.  There are
no semantic changes.

* bindings/ScriptValue.cpp:
(Inspector::jsToInspectorValue):
* bytecode/SpeculatedType.cpp:
(JSC::dumpSpeculation):
(JSC::speculationToAbbreviatedString):
(JSC::speculationFromValue):
(JSC::leastUpperBoundOfStrictlyEquivalentSpeculations):
(JSC::typeOfDoubleNegation):
(JSC::typeOfDoubleRounding):
* bytecode/SpeculatedType.h:
(JSC::isInt32Speculation):
(JSC::isInt32OrBooleanSpeculation):
(JSC::isInt32SpeculationForArithmetic):
(JSC::isInt32OrBooleanSpeculationForArithmetic):
(JSC::isInt32OrBooleanSpeculationExpectingDefined):
(JSC::isInt52Speculation):
(JSC::isAnyIntSpeculation):
(JSC::isAnyIntAsDoubleSpeculation):
(JSC::isDoubleRealSpeculation):
(JSC::isMachineIntSpeculation): Deleted.
(JSC::isInt52AsDoubleSpeculation): Deleted.
(JSC::isIntegerSpeculation): Deleted.
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::set):
(JSC::DFG::AbstractValue::fixTypeForRepresentation):
(JSC::DFG::AbstractValue::checkConsistency):
(JSC::DFG::AbstractValue::resultType):
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::validateType):
* dfg/DFGArgumentsUtilities.cpp:
(JSC::DFG::emitCodeToGetArgumentsArrayLength):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::fixupToThis):
(JSC::DFG::FixupPhase::observeUseKindOnNode):
(JSC::DFG::FixupPhase::fixIntConvertingEdge):
(JSC::DFG::FixupPhase::fixIntOrBooleanEdge):
(JSC::DFG::FixupPhase::fixDoubleOrBooleanEdge):
(JSC::DFG::FixupPhase::truncateConstantToInt32):
(JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
(JSC::DFG::FixupPhase::prependGetArrayLength):
(JSC::DFG::FixupPhase::fixupChecksInBlock):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::addShouldSpeculateInt32):
(JSC::DFG::Graph::addShouldSpeculateAnyInt):
(JSC::DFG::Graph::binaryArithShouldSpeculateInt32):
(JSC::DFG::Graph::binaryArithShouldSpeculateAnyInt):
(JSC::DFG::Graph::unaryArithShouldSpeculateInt32):
(JSC::DFG::Graph::unaryArithShouldSpeculateAnyInt):
(JSC::DFG::Graph::addShouldSpeculateMachineInt): Deleted.
(JSC::DFG::Graph::binaryArithShouldSpeculateMachineInt): Deleted.
(JSC::DFG::Graph::unaryArithShouldSpeculateMachineInt): Deleted.
* dfg/DFGInPlaceAbstractState.cpp:
(JSC::DFG::InPlaceAbstractState::initialize):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::noticeOSREntry):
* dfg/DFGNode.cpp:
(JSC::DFG::Node::convertToIdentityOn):
* dfg/DFGNode.h:
(JSC::DFG::Node::asNumber):
(JSC::DFG::Node::isAnyIntConstant):
(JSC::DFG::Node::asAnyInt):
(JSC::DFG::Node::isBooleanConstant):
(JSC::DFG::Node::shouldSpeculateInt32OrBooleanExpectingDefined):
(JSC::DFG::Node::shouldSpeculateAnyInt):
(JSC::DFG::Node::shouldSpeculateDouble):
(JSC::DFG::Node::shouldSpeculateNumber):
(JSC::DFG::Node::isMachineIntConstant): Deleted.
(JSC::DFG::Node::asMachineInt): Deleted.
(JSC::DFG::Node::shouldSpeculateMachineInt): Deleted.
* dfg/DFGOSREntry.cpp:
(JSC::DFG::OSREntryData::dumpInContext):
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSREntry.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSSALoweringPhase.cpp:
(JSC::DFG::SSALoweringPhase::handleNode):
(JSC::DFG::SSALoweringPhase::lowerBoundsCheck):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::SafeToExecuteEdge::operator()):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::silentFill):
(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileArithAdd):
(JSC::DFG::SpeculativeJIT::compileArithSub):
(JSC::DFG::SpeculativeJIT::compileArithNegate):
(JSC::DFG::SpeculativeJIT::speculateInt32):
(JSC::DFG::SpeculativeJIT::speculateNumber):
(JSC::DFG::SpeculativeJIT::speculateMisc):
(JSC::DFG::SpeculativeJIT::speculate):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::spill):
(JSC::DFG::SpeculativeJIT::isKnownInteger):
(JSC::DFG::SpeculativeJIT::isKnownCell):
(JSC::DFG::SpeculativeJIT::isKnownNotInteger):
(JSC::DFG::SpeculativeJIT::isKnownNotNumber):
(JSC::DFG::SpeculativeJIT::isKnownNotCell):
(JSC::DFG::SpeculativeJIT::isKnownNotOther):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::blessBoolean):
(JSC::DFG::SpeculativeJIT::convertAnyInt):
(JSC::DFG::SpeculativeJIT::speculateAnyInt):
(JSC::DFG::SpeculativeJIT::speculateDoubleRepAnyInt):
(JSC::DFG::SpeculativeJIT::convertMachineInt): Deleted.
(JSC::DFG::SpeculativeJIT::speculateMachineInt): Deleted.
(JSC::DFG::SpeculativeJIT::speculateDoubleRepMachineInt): Deleted.
* dfg/DFGUseKind.cpp:
(WTF::printInternal):
* dfg/DFGUseKind.h:
(JSC::DFG::typeFilterFor):
(JSC::DFG::isNumerical):
(JSC::DFG::isDouble):
* dfg/DFGValidate.cpp:
* dfg/DFGVariableAccessData.cpp:
(JSC::DFG::VariableAccessData::makePredictionForDoubleFormat):
(JSC::DFG::VariableAccessData::couldRepresentInt52Impl):
(JSC::DFG::VariableAccessData::flushFormat):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileInt52Constant):
(JSC::FTL::DFG::LowerDFGToB3::compileInt52Rep):
(JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
(JSC::FTL::DFG::LowerDFGToB3::compileArithNegate):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileArrayPush):
(JSC::FTL::DFG::LowerDFGToB3::lowInt32):
(JSC::FTL::DFG::LowerDFGToB3::strictInt52ToInt32):
(JSC::FTL::DFG::LowerDFGToB3::isInt32):
(JSC::FTL::DFG::LowerDFGToB3::isNotInt32):
(JSC::FTL::DFG::LowerDFGToB3::jsValueToStrictInt52):
(JSC::FTL::DFG::LowerDFGToB3::doubleToStrictInt52):
(JSC::FTL::DFG::LowerDFGToB3::speculate):
(JSC::FTL::DFG::LowerDFGToB3::speculateCellOrOther):
(JSC::FTL::DFG::LowerDFGToB3::speculateAnyInt):
(JSC::FTL::DFG::LowerDFGToB3::speculateDoubleRepReal):
(JSC::FTL::DFG::LowerDFGToB3::speculateDoubleRepAnyInt):
(JSC::FTL::DFG::LowerDFGToB3::speculateMachineInt): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::speculateDoubleRepMachineInt): Deleted.
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_profile_type):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_profile_type):
* runtime/JSCJSValue.h:
* runtime/JSCJSValueInlines.h:
(JSC::isInt52):
(JSC::JSValue::isAnyInt):
(JSC::JSValue::asAnyInt):
(JSC::JSValue::isMachineInt): Deleted.
(JSC::JSValue::asMachineInt): Deleted.
* runtime/RuntimeType.cpp:
(JSC::runtimeTypeForValue):
(JSC::runtimeTypeAsString):
* runtime/RuntimeType.h:
* runtime/TypeSet.cpp:
(JSC::TypeSet::dumpTypes):
(JSC::TypeSet::displayName):
(JSC::TypeSet::inspectorTypeSet):
(JSC::TypeSet::toJSONString):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200034 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix a couple of mistakes from r199700.
mitz@apple.com [Mon, 25 Apr 2016 17:33:08 +0000 (17:33 +0000)]
Fix a couple of mistakes from r199700.

Rubber-stamped by Anders Carlsson.

* UIProcess/API/Cocoa/WKPreferencesPrivate.h: Added availability attributes to new properties.
* WebKit2.xcodeproj/project.pbxproj: Demoted _WKExperimentalFeatureInternal.h from Private to Project.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200033 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement latest File object spec (including its constructor).
beidson@apple.com [Mon, 25 Apr 2016 17:31:29 +0000 (17:31 +0000)]
Implement latest File object spec (including its constructor).
https://bugs.webkit.org/show_bug.cgi?id=156511

Reviewed by Darin Adler.

Source/WebCore:

Test: fast/files/file-constructor.html

* CMakeLists.txt:
* WebCore.xcodeproj/project.pbxproj:

* bindings/js/JSDictionary.cpp:
(WebCore::JSDictionary::convertValue):
* bindings/js/JSDictionary.h:

* bindings/js/JSFileCustom.cpp: Added.
(WebCore::constructJSFile):

* fileapi/File.cpp:
(WebCore::File::File):
(WebCore::File::lastModified):
(WebCore::File::lastModifiedDate): Deleted.
* fileapi/File.h:
* fileapi/File.idl:

LayoutTests:

* fast/files/file-constructor-expected.txt: Added.
* fast/files/file-constructor.html: Added.

* http/tests/local/fileapi/file-last-modified-after-delete-expected.txt:
* http/tests/local/fileapi/script-tests/file-last-modified-after-delete.js:

* http/tests/local/fileapi/file-last-modified-expected.txt:
* http/tests/local/fileapi/script-tests/file-last-modified.js:

* imported/blink/storage/indexeddb/blob-basics-metadata-expected.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200032 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r156846): Crashes with guard malloc
antti@apple.com [Mon, 25 Apr 2016 17:03:04 +0000 (17:03 +0000)]
REGRESSION(r156846): Crashes with guard malloc
https://bugs.webkit.org/show_bug.cgi?id=156984

Reviewed by Andreas Kling.

RenderElement::cachedFirstLineStyle() returns pointer to local std::unique_ptr.

* rendering/RenderElement.cpp:
(WebCore::RenderElement::uncachedFirstLineStyle):
(WebCore::RenderElement::cachedFirstLineStyle):
(WebCore::RenderElement::firstLineStyle):
(WebCore::firstLineStyleForCachedUncachedType): Deleted.

    Don't try to use a single function for the cached and uncached cases. Separate the cases into the calling functions.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200031 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r196012): Subresource may be blocked by Content Security Policy if it...
dbates@webkit.org [Mon, 25 Apr 2016 16:27:34 +0000 (16:27 +0000)]
REGRESSION (r196012): Subresource may be blocked by Content Security Policy if it only matches 'self'
https://bugs.webkit.org/show_bug.cgi?id=156935
<rdar://problem/25351286>

Reviewed by Darin Adler.

Source/WebCore:

Fixes an issue where subresource load may be blocked by the Content Security Policy (CSP) if its URL only
matched 'self'. In particular, the load would be blocked if initiated from a document that inherited the
origin of its owner document (e.g. the document contained in <iframe src="about:blank"></iframe>).

Following r196012 we compute and cache 'self' and its protocol on instantiation of a ContentSecurityPolicy
object for use when matching a URL against it. These cached values become out-of-date if the document
subsequently inherits the origin of its owner document. Therefore matches against 'self' will fail and
CSP will block a load if its not otherwise allowed by the policy. Previously we would compute 'self' when
parsing the definition of a source list and compute the protocol for 'self' each time we tried to match a
URL against 'self'. So, 'self' would always be up-to-date with respect to the origin of the document.

Tests: http/tests/security/contentSecurityPolicy/iframe-blank-url-programmatically-add-external-script.html
       http/tests/security/contentSecurityPolicy/iframe-srcdoc-external-script.html

* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::ContentSecurityPolicy): Extract out logic for computing and caching
'self' and its protocol into ContentSecurityPolicy::updateSourceSelf() and make use of this function.
(WebCore::ContentSecurityPolicy::updateSourceSelf): Computes and caches 'self' and its protocol with
respect to the specified SecurityOrigin.
(WebCore::ContentSecurityPolicy::applyPolicyToScriptExecutionContext): Call ContentSecurityPolicy::updateSourceSelf()
to ensure that we have an up-to-date representation for 'self' and the protocol of 'self' which can
become out-of-date if the document inherited the origin of its owner document.
* page/csp/ContentSecurityPolicy.h:

LayoutTests:

Add tests to ensure that we match 'self' correctly in an iframe with an about:blank document.

* http/tests/security/contentSecurityPolicy/iframe-blank-url-programmatically-add-external-script-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/iframe-blank-url-programmatically-add-external-script.html: Added.
* http/tests/security/contentSecurityPolicy/iframe-srcdoc-external-script-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/iframe-srcdoc-external-script.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200030 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking media/video-fullscreen-restriction-removed.html as flaky on Mac
ryanhaddad@apple.com [Mon, 25 Apr 2016 16:26:30 +0000 (16:26 +0000)]
Marking media/video-fullscreen-restriction-removed.html as flaky on Mac
https://bugs.webkit.org/show_bug.cgi?id=156983

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200029 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDrop [UsePointersEvenForNonNullableObjectArguments] from TextTrack
youenn.fablet@crf.canon.fr [Mon, 25 Apr 2016 10:26:53 +0000 (10:26 +0000)]
Drop [UsePointersEvenForNonNullableObjectArguments] from TextTrack
https://bugs.webkit.org/show_bug.cgi?id=156899

Reviewed by Chris Dumez.

No behavior changes.

* html/track/TextTrack.idl: Marking cue and region parameter as nullable.
Also marking cues and activeCues as nullable attributes.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199986 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDrop [UsePointersEvenForNonNullableObjectArguments] from File API interfaces
youenn.fablet@crf.canon.fr [Mon, 25 Apr 2016 10:23:41 +0000 (10:23 +0000)]
Drop [UsePointersEvenForNonNullableObjectArguments] from File API interfaces
https://bugs.webkit.org/show_bug.cgi?id=156898

Reviewed by Chris Dumez.

Source/WebCore:

Making FileReaderSync API API throwing a TypeError in case of null parameters, in lieu of a NOT_FOUND_ERR.
Making FileReader API taking nullable parameters as a temporary fix.

Test: fast/files/workers/worker-file-reader-sync-bad-parameter.html

* Modules/websockets/WebSocketChannel.cpp:
(WebCore::WebSocketChannel::processOutgoingFrameQueue): Updated to cope with FileReaderLoader::start taking a Blob&.
* fileapi/FileReader.cpp:
(WebCore::FileReader::readAsArrayBuffer): Updated to cope with readInternal taking a Blob&.
(WebCore::FileReader::readAsBinaryString): Ditto.
(WebCore::FileReader::readAsText): Ditto.
(WebCore::FileReader::readAsDataURL): Ditto.
(WebCore::FileReader::readInternal):  Updated to cope with FileReaderLoader::start taking a Blob&.
* fileapi/FileReader.h:
* fileapi/FileReader.idl: Marking the readXX methods as taking a nullable blob parameter to keep compatibility, at least temporarily.
* fileapi/FileReaderLoader.cpp:
(WebCore::FileReaderLoader::start): It now takes a Blob& as input.
* fileapi/FileReaderLoader.h:
* fileapi/FileReaderSync.cpp:
(WebCore::FileReaderSync::readAsArrayBuffer): Taking a Blob& as input.
(WebCore::FileReaderSync::readAsBinaryString): Ditto.
(WebCore::FileReaderSync::readAsText): Ditto.
(WebCore::FileReaderSync::readAsDataURL): Ditto.
(WebCore::FileReaderSync::startLoading) Ditto.
* fileapi/FileReaderSync.h:
(WebCore::FileReaderSync::readAsText): Ditto.
* fileapi/FileReaderSync.idl:

LayoutTests:

Checking FileReaderSync send method in case of null or undefined blob parameter.
worker-read-blob-sync.html and worker-read-file-sync check the case of badly typed parameters.
In all cases, TypeError is thrown.

* fast/files/workers/resources/worker-file-reader-sync-bad-parameter.js: Added.
(test):
* fast/files/workers/worker-file-reader-sync-bad-parameter-expected.txt: Added.
* fast/files/workers/worker-file-reader-sync-bad-parameter.html: Added.
* fast/files/workers/worker-read-blob-sync-expected.txt: Rebasing expectation.
* fast/files/workers/worker-read-file-sync-expected.txt: Ditto.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199985 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Fix grid-template-columns|rows computed style with content alignment
rego@igalia.com [Mon, 25 Apr 2016 09:54:48 +0000 (09:54 +0000)]
[css-grid] Fix grid-template-columns|rows computed style with content alignment
https://bugs.webkit.org/show_bug.cgi?id=156793

Reviewed by Darin Adler.

Source/WebCore:

Computed style of grid-template-columns and grid-template-rows properties
was including the distribution offset because of content alignment.
We should subtract that offset, like we do for the case of gaps,
when we're calculating the computed style.

Test: fast/css-grid-layout/grid-template-columns-rows-computed-style-gaps-content-alignment.html

* css/CSSComputedStyleDeclaration.cpp:
(WebCore::valueForGridTrackList):
* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::offsetBetweenTracks):
(WebCore::RenderGrid::populateGridPositions): Deleted FIXME.
* rendering/RenderGrid.h:

LayoutTests:

* fast/css-grid-layout/grid-template-columns-rows-computed-style-gaps-content-alignment-expected.txt: Added.
* fast/css-grid-layout/grid-template-columns-rows-computed-style-gaps-content-alignment.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199981 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRefactor RenderMathMLMenclose.
fred.wang@free.fr [Mon, 25 Apr 2016 09:46:31 +0000 (09:46 +0000)]
Refactor RenderMathMLMenclose.
https://bugs.webkit.org/show_bug.cgi?id=155019

Patch by Frederic Wang <fwang@igalia.com> on 2016-04-25
Reviewed by Sergio Villar Senin.

Source/WebCore:

Tests: mathml/presentation/menclose-notation-equivalence.html
       mathml/presentation/menclose-notation-values.html

We rewrite RenderMathMLMenclose so that layout functions correctly override the
behavior of RenderMathMLRow. We try and rely on the draft  of the MathML in HTML5
implementation note, to make easier to get consistency with other rendering engines
in the future. All notations are now drawn with GraphicContext functions instead of
mixing them with CSS style. To save memory space, the list of known notations are
now saved on a short integer using bit masks instead of a vector of string names.
Finally, we remove support for the radical notation so that we no longer need to
create an anonymous RenderMathMLRoot.

* mathml/MathMLMencloseElement.cpp: Remove code for some special notations and just
reimplement parsing of the notation attribute.
(WebCore::MathMLMencloseElement::MathMLMencloseElement): By default, the notation is longdiv.
(WebCore::MathMLMencloseElement::parseAttribute): By default, the list of notation is empty.
If there is no notation attribute, the default value longdiv is used.
Otherwise, we parse the notation attribute and add each notation, using some equivalences
for box, actuarial and madruwb.
(WebCore::MathMLMencloseElement::isPresentationAttribute): Deleted. No need to define
specific style for some notation.
(WebCore::MathMLMencloseElement::finishParsingChildren): Deleted. No need to add an
anonymous square root.
(WebCore::MathMLMencloseElement::collectStyleForPresentationAttribute): Deleted. No need to
define specific style for some notation.
(WebCore::MathMLMencloseElement::longDivLeftPadding): Deleted. RenderMathMLMenclose uses an
arbitrary size instead of measure a glyph.
* mathml/MathMLMencloseElement.h: Define simple bit mask for each notation, add a short
integer to store the list of notations together with helper functions. Remove old code.
* rendering/mathml/RenderMathMLMenclose.cpp: Rewrite RenderMathMLMenclose so that layout
functions correctly override the behavior of RenderMathMLRow.
(WebCore::RenderMathMLMenclose::RenderMathMLMenclose): Init m_ascent to 0.
(WebCore::RenderMathMLMenclose::ruleThickness): For now, we use the fallback value used by
for other bars. We may refine that in the future.
(WebCore::RenderMathMLMenclose::getSpaceAroundContent): Helper function to retrieve the
space to add around the content, depending on the notations specified. Note that for
notation circle, this spacing depends on the content size.
(WebCore::RenderMathMLMenclose::computePreferredLogicalWidths): Reimplement this function.
This is just adding left/right spacing around the content.
(WebCore::RenderMathMLMenclose::layoutBlock): Reimplement this function. We do the normal
RenderMathMLRow layout, adjust spacing and child position and
calculate m_ascent and m_contentRect.
(WebCore::RenderMathMLMenclose::firstLineBaseline): Implement this function.
We just return m_ascent.
(WebCore::drawLine): Helper function to draw a line using strokePath.
(WebCore::RenderMathMLMenclose::paint): We reimplement this function to draw
all notations using GraphicContext.
(WebCore::RenderMathMLMenclose::addChild): Deleted. No need to manage anonymous renderers.
(WebCore::RenderMathMLMenclose::updateLogicalHeight): Deleted. Height is now calculated
in layoutBlock.
(WebCore::RenderMathMLMenclose::checkNotationalValuesValidity): Deleted.
* rendering/mathml/RenderMathMLMenclose.h: Update member definitions.
* rendering/mathml/RenderMathMLRoot.cpp: We no longer need anonymous roots.
(WebCore::RenderMathMLRoot::RenderMathMLRoot): Deleted.
* rendering/mathml/RenderMathMLRoot.h: We no longer need anonymous roots.
* rendering/mathml/RenderMathMLRow.cpp: Allow to get the exact metrics of the chid row,
for use in RenderMathMLRoot.
(WebCore::RenderMathMLRow::computeLineVerticalStretch): rename parameters.
(WebCore::RenderMathMLRow::layoutRowItems): Set parameters to the final ascent, descent and
logical width of the chid row. Set the temporary logical width for RenderMathMenclose before
laying the children out.
(WebCore::RenderMathMLRow::layoutBlock): Rename parameters ; add a dummy logicalWidth
parameter.
* rendering/mathml/RenderMathMLRow.h: Make some functions accessible or overridable by
RenderMathMLRoot. Make layoutRowItems return the final ascent, descent and logical width
after the chid row is laid out.
* rendering/mathml/RenderMathMLSquareRoot.cpp: We no longer need anonymous roots.
(WebCore::RenderMathMLSquareRoot::RenderMathMLSquareRoot): Deleted.
(WebCore::RenderMathMLSquareRoot::createAnonymousWithParentRenderer): Deleted.
* rendering/mathml/RenderMathMLSquareRoot.h: We no longer need anonymous roots.

LayoutTests:

* mathml/presentation/menclose-notation-attribute-set1.html: Removed.
This is replaced with menclose-notation-values.
* mathml/presentation/menclose-notation-attribute-set1-expected.txt: Removed.
This is replaced with menclose-notation-values.
* mathml/presentation/menclose-notation-attribute-set2-expected-mismatch.html: Removed.
This is replaced with menclose-notation-values.
* mathml/presentation/menclose-notation-attribute-set2.html: Removed.
This is replaced with menclose-notation-values.
* mathml/presentation/menclose-notation-values.html: Added.
This test verifies the rendering of various menclose notations.
* mathml/presentation/menclose-notation-equivalence.html: Added.
This test verifies some equivalence for the notation attribute value.
* mathml/presentation/menclose-notation-equivalence-expected.html: Added.
* mathml/presentation/menclose-notation-radical.html: Update the test now that support for
the radical notation is removed.
* mathml/presentation/menclose-notation-radical-expected.html: ditto.
* platform/gtk/mathml/presentation/menclose-notation-default-longdiv-expected.png: Update
reference due to small changes in longdiv implementation.
* platform/gtk/mathml/presentation/menclose-notation-default-longdiv-expected.txt: ditto.
* platform/mac/mathml/presentation/menclose-notation-default-longdiv-expected.png: ditto.
* platform/mac/mathml/presentation/menclose-notation-default-longdiv-expected.txt: ditto.
* platform/ios-simulator/mathml/presentation/menclose-notation-default-longdiv-expected.txt: ditto
* platform/gtk/mathml/presentation/menclose-notation-values-expected.png: Added.
* platform/gtk/mathml/presentation/menclose-notation-values-expected.txt: Added.
* platform/mac/mathml/presentation/menclose-notation-values-expected.png: Added.
* platform/mac/mathml/presentation/menclose-notation-values-expected.txt: Added.
* platform/ios-simulator/mathml/presentation/menclose-notation-values-expected.txt: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199980 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMinor refactoring in RenderMathMLOperator
fred.wang@free.fr [Mon, 25 Apr 2016 07:04:46 +0000 (07:04 +0000)]
Minor refactoring in RenderMathMLOperator
https://bugs.webkit.org/show_bug.cgi?id=156906

Patch by Frederic Wang <fwang@igalia.com> on 2016-04-25
Reviewed by Martin Robinson.

No new tests, this is only minor refactoring that does not change the behavior.

* rendering/mathml/RenderMathMLOperator.cpp:
(WebCore::RenderMathMLOperator::getGlyphAssemblyFallBack):
We rename the "state" integer to an "expected" enum indicating the next expected part.
(WebCore::RenderMathMLOperator::paintGlyph): We add a missing dot at the end of a sequence.
We also replace ceil(x+1) with ceil(x)+1 to get rid of the temporary variable.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199978 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[EFL] Update the ewk_settings_offline_web_application_cache_enabled_get() expected...
hs85.jeong@samsung.com [Mon, 25 Apr 2016 06:34:48 +0000 (06:34 +0000)]
[EFL] Update the ewk_settings_offline_web_application_cache_enabled_get() expected value after r199854.
https://bugs.webkit.org/show_bug.cgi?id=156968

Reviewed by Gyuyoung Kim.

* UIProcess/API/C/WKPreferencesRef.h: Update the comment.
* UIProcess/API/efl/tests/test_ewk2_settings.cpp:
(TEST_F):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199977 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Web IDL] Specify default values for boolean parameters
cdumez@apple.com [Mon, 25 Apr 2016 05:59:04 +0000 (05:59 +0000)]
[Web IDL] Specify default values for boolean parameters
https://bugs.webkit.org/show_bug.cgi?id=156964

Reviewed by Darin Adler.

Specify default values for boolean parameters in our IDL files and
let the bindings generator use WTF::Optional<> for the ones without
a default value.

* CMakeLists.txt:
* Modules/indexeddb/IDBKeyRange.cpp:
* Modules/indexeddb/IDBKeyRange.h:
* Modules/indexeddb/IDBKeyRange.idl:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSBindingsAllInOne.cpp:

* bindings/js/JSDOMTokenListCustom.cpp: Removed.
We no longer need these custom bindings as the bindings generator
will now provide the implementation with an Optional<bool>, given
that the parameter has no default value.

* bindings/scripts/CodeGeneratorJS.pm:
(CanUseWTFOptionalForParameterType): Deleted.
* bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
(webkit_dom_test_obj_method_with_optional_boolean):
(webkit_dom_test_obj_method_with_optional_boolean_is_false):
* bindings/scripts/test/GObject/WebKitDOMTestObj.h:
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalBoolean):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalBooleanIsFalse):
* bindings/scripts/test/ObjC/DOMTestObj.h:
* bindings/scripts/test/ObjC/DOMTestObj.mm:
(-[DOMTestObj methodWithOptionalBoolean:]):
(-[DOMTestObj methodWithOptionalBooleanIsFalse:]):
* bindings/scripts/test/TestObj.idl:
* dom/Document.h:
* dom/Document.idl:
* dom/Element.idl:
* dom/EventTarget.idl:
* html/DOMTokenList.idl:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199976 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[EFL] Some media tests have been failed after bumping gstreamer ver.
gyuyoung.kim@webkit.org [Mon, 25 Apr 2016 05:56:09 +0000 (05:56 +0000)]
[EFL] Some media tests have been failed after bumping gstreamer ver.

Unreviewed EFL gardening. Mark failing tests to timeout or failure.

* platform/efl/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199975 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Can't sort by name/source code location columns in Timeline data grids
mattbaker@apple.com [Mon, 25 Apr 2016 03:09:18 +0000 (03:09 +0000)]
Web Inspector: Can't sort by name/source code location columns in Timeline data grids
https://bugs.webkit.org/show_bug.cgi?id=156965
<rdar://problem/25898716>

Reviewed by Timothy Hatcher.

Add support for sorting SourceCodeLocation objects to TimelineDataGrid,
and include a grid delegate so that views can extend sorting logic for
other document fragment columns.

* UserInterface/Views/NetworkTimelineView.js:
(WebInspector.NetworkTimelineView):
(WebInspector.NetworkTimelineView.prototype.dataGridSortComparator):
Sort "name" column by display name first, then resource URL.

* UserInterface/Views/ScriptDetailsTimelineView.js:
(WebInspector.ScriptDetailsTimelineView):
(WebInspector.ScriptDetailsTimelineView.prototype.dataGridSortComparator):
Sort "name" column by display name first, then subtitle.

* UserInterface/Views/ScriptTimelineDataGridNode.js:
(WebInspector.ScriptTimelineDataGridNode.prototype.get subtitle):
Make subtitle accessible externally for sorting.
(WebInspector.ScriptTimelineDataGridNode.prototype._createNameCellDocumentFragment):
(WebInspector.ScriptTimelineDataGridNode):

* UserInterface/Views/TimelineDataGrid.js:
(WebInspector.TimelineDataGrid):
(WebInspector.TimelineDataGrid.prototype.get sortDelegate):
(WebInspector.TimelineDataGrid.prototype.set sortDelegate):
Fire a SortChanged event if the delegate changed and the grid is sorted.
(WebInspector.TimelineDataGrid.prototype._sort):
If a sort delegate exists, and it returns a numeric value, skip the
default compare.

(WebInspector.TimelineDataGrid.prototype._sortComparator):
Add support for sorting SourceCodeLocation columns.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199974 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, revert part of r199970 that shouldn't have been committed.
cdumez@apple.com [Mon, 25 Apr 2016 01:40:20 +0000 (01:40 +0000)]
Unreviewed, revert part of r199970 that shouldn't have been committed.

* web-platform-tests/IndexedDB/idbfactory_open9.htm:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199973 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Error when selecting a bar in the Frames timeline
mattbaker@apple.com [Mon, 25 Apr 2016 01:03:22 +0000 (01:03 +0000)]
Web Inspector: Error when selecting a bar in the Frames timeline
https://bugs.webkit.org/show_bug.cgi?id=156960
<rdar://problem/25897955>

Reviewed by Timothy Hatcher.

Fixes timeline grid node selection when record selected in the overview.
Adds general purpose `findNode` method to DataGrid.

* UserInterface/Views/DataGrid.js:
(WebInspector.DataGrid.prototype.findNode):
Basic find function for locating a grid node in linear time.

* UserInterface/Views/TimelineRecordingContentView.js:
(WebInspector.TimelineRecordingContentView.prototype._recordSelected):
Remove tree outline references, call generic select method.

* UserInterface/Views/TimelineView.js:
(WebInspector.TimelineView.prototype.selectRecord):
If a data grid was set, deselect current selection and select the node
associated with the timeline record.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199972 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Events in JavaScript & Events timeline have no profile children
mattbaker@apple.com [Mon, 25 Apr 2016 00:59:48 +0000 (00:59 +0000)]
Web Inspector: Events in JavaScript & Events timeline have no profile children
https://bugs.webkit.org/show_bug.cgi?id=156627
<rdar://problem/25749740>

Reviewed by Timothy Hatcher.

ProfileNodeDataGridNode should handle `populate` events when expanded.
This was previously done by ProfileNodeTreeElement, which is no longer
used in the Timelines tab.

* UserInterface/Views/ProfileDataGridNode.js:
(WebInspector.ProfileDataGridNode.prototype._updateChildrenForModifiers):
(WebInspector.ProfileDataGridNode.prototype._populate):
(WebInspector.ProfileDataGridNode):
DataGridNode sets `shouldRefreshChildren` to false after populating
child nodes. No need to track with a separate flag.

* UserInterface/Views/ProfileNodeDataGridNode.js:
(WebInspector.ProfileNodeDataGridNode):
(WebInspector.ProfileNodeDataGridNode.prototype._populate):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199971 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAutogenerated IDBFactory.open() does the wrong thing if you pass an explicit 'undefin...
cdumez@apple.com [Mon, 25 Apr 2016 00:27:30 +0000 (00:27 +0000)]
Autogenerated IDBFactory.open() does the wrong thing if you pass an explicit 'undefined' as the second argument
https://bugs.webkit.org/show_bug.cgi?id=156939

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Re-sync tests from upstream b1818929.

* IndexedDB-private-browsing/idbfactory_open9-expected.txt:
* IndexedDB-private-browsing/idbfactory_open9.html:
* web-platform-tests/IndexedDB/idbfactory_open9-expected.txt:
* web-platform-tests/IndexedDB/idbfactory_open9.htm:

Source/WebCore:

As per WebIDL, if undefined is passed by JS for an optional parameter then
we should use its default value if it has one, or use the special value
"missing":
http://heycam.github.io/webidl/#es-overloads (step 10.4)

Our bindings generator was already mapping undefined to the parameter's
default value when present. However, it was missing the notion of
"missing" value when there no default value. This patch adds supports
for its by passing Optional<>(Nullopt) to the implementation in such
case. This means that the implementation will need to use WTF::Optional<>
type for parameters that do not have a default value. Thankfully though,
in most cases, we will be able to specify a default value in the IDL
so cases where we will need to use WTF::Optional<> will actually be
rare.

To avoid having to do too much refactoring in this patch, the support
for WTF::Optional is currently blacklisted for most IDL types. I will
gradually stop blacklisting each type in follow-up patches, as I either:
- Add default parameter values in our IDL (preferred)
- Use WTF::Optional<> in our implementation (when we cannot specify a
  default value).

This patch fixes a bug with IDBFactory.open()'s second parameter (version)
for which undefined should not throw and indicate that the version
should not be changed. We now use WTF::Optional in the implementation to
distinguish this case and not throw.

No new tests, existing tests were updated / rebaselined.

* Modules/indexeddb/IDBFactory.cpp:
(WebCore::IDBFactory::open):
(WebCore::IDBFactory::openInternal): Deleted.
* Modules/indexeddb/IDBFactory.h:
* bindings/scripts/CodeGeneratorJS.pm:
(ShouldUseWTFOptionalForParameterType):
(GenerateParametersCheck):
* fileapi/Blob.idl:
* inspector/InspectorIndexedDBAgent.cpp:

LayoutTests:

Update / rebaseline existing test now that passing undefined as second parameter to
IDBFactory.open() no longer throws.

* storage/indexeddb/intversion-bad-parameters-expected.txt:
* storage/indexeddb/intversion-bad-parameters-private-expected.txt:
* storage/indexeddb/resources/intversion-bad-parameters.js:
(deleteSuccess):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199970 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[WebIDL] Drop [Default] WebKit-IDL extended attribute
cdumez@apple.com [Sun, 24 Apr 2016 17:23:41 +0000 (17:23 +0000)]
[WebIDL] Drop [Default] WebKit-IDL extended attribute
https://bugs.webkit.org/show_bug.cgi?id=156955

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline some tests now that a different exception type is thrown
for some of our APIs when passing null.

* web-platform-tests/dom/interfaces-expected.txt:
* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Drop [Default] WebKit-IDL extended attribute in favor of the standard
WebIDL syntax for parameters' default value.

Here is what it looks like:
[Default=NullString] optional DOMString a -> optional DOMString a = null
[Default=NullString] optional DOMString? a -> optional DOMString? a = null
[Default=Undefined] optional DOMString a -> optional DOMString a = "undefined"
[Default=Undefined] optional DOMString? a -> optional DOMString? a = null
[Default=Undefined] optional long a -> optional long a = 0
[Default=Undefined] optional bool a -> optional bool a = false
[Default=Undefined] optional unrestricted double a -> optional unrestricted double a = NaN
[Default=Undefined] optional unrestricted float a -> optional unrestricted float a = NaN
[Default=Undefined] optional sequence<DOMString> a -> optional sequence<DOMString> a = []

These do not cause any Web-Exposed behavior change. However, when getting
rid of [Default] started passing more parameters by derefence instead of
pointer (as is expected for parameters not marked as nullable). As a result,
I had to mark a few parameters as nullable in the IDL to maintain the
previous behavior. In some cases, the implementation was already throwing
when passing null. In such cases, I have not marked the type as nullable
so that the generated bindings now throw the exception instead of our
implementation code. In some cases, the exception being thrown is now
different. This is why some of the layout tests had to be rebaselined.

No new tests, existing tests have been rebaselined. No significant Web
exposed behavior change is expected from this patch, beside exceptions
type sometimes being different.

* Modules/encryptedmedia/MediaKeys.idl:
* Modules/fetch/FetchRequest.idl:
* Modules/gamepad/deprecated/GamepadList.idl:
* Modules/indexeddb/IDBDatabase.idl:
* Modules/mediastream/RTCStatsResponse.idl:
* Modules/notifications/Notification.idl:
* Modules/speech/SpeechSynthesisUtterance.idl:
* Modules/webaudio/AudioNode.idl:
* Modules/websockets/WebSocket.idl:
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateParametersCheck):
* bindings/scripts/IDLAttributes.txt:
* bindings/scripts/IDLParser.pm:
(parseDefault):
(parseDefaultValue):
* bindings/scripts/test/TestInterface.idl:
* bindings/scripts/test/TestNamedConstructor.idl:
* bindings/scripts/test/TestObj.idl:
* bindings/scripts/test/TestOverrideBuiltins.idl:
* css/CSSKeyframesRule.idl:
* css/CSSMediaRule.idl:
* css/CSSPrimitiveValue.idl:
* css/CSSRuleList.idl:
* css/CSSStyleDeclaration.idl:
* css/CSSStyleSheet.idl:
* css/CSSSupportsRule.idl:
* css/CSSValueList.idl:
* css/MediaList.idl:
* css/MediaQueryList.idl:
* css/MediaQueryListListener.idl:
* css/StyleMedia.idl:
* css/StyleSheetList.idl:
* css/WebKitCSSFilterValue.idl:
* css/WebKitCSSMatrix.idl:
* css/WebKitCSSTransformValue.idl:
* dom/ClientRectList.idl:
* dom/Comment.idl:
* dom/CompositionEvent.idl:
* dom/CustomEvent.h:
* dom/CustomEvent.idl:
* dom/DOMImplementation.idl:
* dom/DOMStringList.idl:
* dom/DataTransferItem.idl:
* dom/DataTransferItemList.idl:
* dom/DeviceMotionEvent.idl:
* dom/DeviceOrientationEvent.idl:
* dom/Document.cpp:
(WebCore::Document::adoptNode):
* dom/Document.idl:
* dom/Element.cpp:
(WebCore::Element::setAttributeNode):
(WebCore::Element::setAttributeNodeNS):
(WebCore::Element::removeAttributeNode):
(WebCore::Element::parseAttributeName): Deleted.
* dom/Element.h:
* dom/Element.idl:
* dom/Event.idl:
* dom/HashChangeEvent.idl:
* dom/KeyboardEvent.idl:
* dom/MessageEvent.idl:
* dom/MouseEvent.idl:
* dom/MutationEvent.idl:
* dom/NamedNodeMap.cpp:
(WebCore::NamedNodeMap::setNamedItem):
(WebCore::NamedNodeMap::setNamedItemNS):
(WebCore::NamedNodeMap::item): Deleted.
* dom/NamedNodeMap.h:
* dom/NamedNodeMap.idl:
* dom/Node.idl:
* dom/NodeFilter.idl:
* dom/NonElementParentNode.idl:
* dom/OverflowEvent.idl:
* dom/Range.idl:
* dom/Text.idl:
* dom/TextEvent.idl:
* dom/TouchEvent.idl:
* dom/UIEvent.idl:
* dom/WheelEvent.idl:
* html/DOMFormData.idl:
* html/HTMLAllCollection.idl:
* html/HTMLAudioElement.idl:
* html/HTMLCanvasElement.idl:
* html/HTMLCollection.idl:
* html/HTMLDocument.idl:
* html/HTMLElement.cpp:
(WebCore::HTMLElement::insertAdjacentElement):
(WebCore::contextElementForInsertion): Deleted.
* html/HTMLElement.h:
* html/HTMLElement.idl:
* html/HTMLFormControlsCollection.idl:
* html/HTMLInputElement.idl:
* html/HTMLMediaElement.idl:
* html/HTMLOptionElement.idl:
* html/HTMLOptionsCollection.idl:
* html/HTMLSelectElement.idl:
* html/HTMLTableElement.idl:
* html/HTMLTableRowElement.idl:
* html/HTMLTableSectionElement.idl:
* html/HTMLTextAreaElement.idl:
* html/ImageData.idl:
* html/canvas/CanvasGradient.idl:
* html/canvas/CanvasRenderingContext2D.idl:
* html/canvas/DOMPath.idl:
* html/canvas/OESVertexArrayObject.idl:
* page/DOMSelection.cpp:
(WebCore::DOMSelection::extend):
(WebCore::DOMSelection::getRangeAt): Deleted.
* page/DOMSelection.h:
* page/DOMSelection.idl:
* page/DOMWindow.idl:
* page/History.idl:
* page/Performance.idl:
* page/WindowTimers.idl:
* plugins/DOMMimeTypeArray.idl:
* plugins/DOMPlugin.idl:
* plugins/DOMPluginArray.idl:
* storage/StorageEvent.idl:
* svg/SVGAnimationElement.idl:
* svg/SVGDocument.idl:
* svg/SVGElement.idl:
* svg/SVGFEDropShadowElement.idl:
* svg/SVGFEGaussianBlurElement.idl:
* svg/SVGFEMorphologyElement.idl:
* svg/SVGFilterElement.idl:
* svg/SVGGraphicsElement.idl:
* svg/SVGMarkerElement.idl:
* svg/SVGPathElement.idl:
* svg/SVGSVGElement.idl:
* svg/SVGTests.idl:
* svg/SVGTextContentElement.idl:
* xml/DOMParser.idl:
* xml/XMLSerializer.cpp:
(WebCore::XMLSerializer::serializeToString):
* xml/XMLSerializer.h:
* xml/XMLSerializer.idl:
* xml/XPathEvaluator.idl:
* xml/XPathExpression.idl:
* xml/XPathNSResolver.idl:
* xml/XPathResult.idl:
* xml/XSLTProcessor.idl:

Tools:

* WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:

LayoutTests:

Rebaseline some tests now that a different exception type is thrown
for some of our APIs when passing null.

* editing/selection/extend-expected.txt:
* fast/dom/Element/attr-param-typechecking-expected.txt:
* fast/dom/NamedNodeMap-setNamedItem-crash-expected.txt:
* fast/dynamic/insertAdjacentElement-expected.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199969 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] Optimize JSON.parse string fast path
utatane.tea@gmail.com [Sun, 24 Apr 2016 17:07:22 +0000 (17:07 +0000)]
[JSC] Optimize JSON.parse string fast path
https://bugs.webkit.org/show_bug.cgi?id=156953

Reviewed by Mark Lam.

This patch further optimizes the string parsing fast path.
Previously, we generated the WTF::String to hold the ownership of the token's string.
And always copied the token in LiteralParser side.
Instead, we hold the ownership of the token String by the StringBuilder in LiteralParser::Lexer,
and remove the processing in the string parsing fast path.
This patch gives us stable 1 - 2.5% improvement in Kraken json-parse-financial.

                               Baseline                  Modified

json-parse-financial        41.383+-0.248      ^      40.894+-0.189         ^ definitely 1.0120x faster

* runtime/LiteralParser.cpp:
(JSC::LiteralParser<CharType>::tryJSONPParse):
(JSC::LiteralParser<CharType>::Lexer::lex):
(JSC::LiteralParser<CharType>::Lexer::lexStringSlow):
(JSC::LiteralParser<CharType>::parse):
(JSC::LiteralParser<CharType>::Lexer::lexString): Deleted.
* runtime/LiteralParser.h:
(JSC::LiteralParser::tryLiteralParse):
(JSC::LiteralParser::Lexer::currentToken):
(JSC::LiteralParser::Lexer::LiteralParserTokenPtr::LiteralParserTokenPtr):
(JSC::LiteralParser::Lexer::LiteralParserTokenPtr::operator->):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199968 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[INTL] Implement String.prototype.localeCompare in ECMA-402
fpizlo@apple.com [Sun, 24 Apr 2016 17:05:51 +0000 (17:05 +0000)]
[INTL] Implement String.prototype.localeCompare in ECMA-402
https://bugs.webkit.org/show_bug.cgi?id=147607

Patch by Filip Pizlo <fpizlo@apple.com> and Andy VanWagoner <thetalecrafter@gmail.com> on 2016-04-24
Reviewed by Darin Adler.
Source/JavaScriptCore:

Part of this change is just rolling 194394 back in.

The other part is making that not a regression on CDjs. Other than the fact that it uses
bound functions, the problem with this new localeCompare implementation is that it uses
the arguments object. It uses it in a way that *seems* like ArgumentsEliminationPhase
ought to handle, but to my surprise it didn't:

- If we have a ForceExit GetByVal on the arguments object, we would previously assume that
  it escaped. That's false since we just exit at ForceExit. On the other hand we probably
  should be pruning unreachable paths before we get here, but that's a separate issue. I
  don't want to play with phase order right now.

- If we have a OutOfBounds GetByVal on the arguments object, then the best that would
  previously happen is that we'd compile it into an in-bounds arguments access. That's quite
  bad, as Andy's localeCompare illustrates: it uses out-of-bounds access on the arguments
  object to detect if an argument was passed. This change introduces an OutOfBounds version
  of GetMyArgumentByVal for this purpose.

This change required registering sane chain watchpoints. In the process, I noticed that the
old way of doing it had a race condition: we might register watchpoints for the structure
that had become insane. This change introduces a double-checking idiom that I believe works
because once the structure becomes insane it can't go back to sane and watchpoints
registration already involves executing the hardest possible fences.

* builtins/StringPrototype.js:
(repeat):
(localeCompare):
(search):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGArgumentsEliminationPhase.cpp:
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::refine):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGPreciseLocalClobberize.h:
(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGValidate.cpp:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileGetMyArgumentByVal):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharAt):
* ftl/FTLTypedPointer.h:
(JSC::FTL::TypedPointer::TypedPointer):
(JSC::FTL::TypedPointer::operator bool):
(JSC::FTL::TypedPointer::heap):
(JSC::FTL::TypedPointer::operator!): Deleted.
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::finishCreation):

LayoutTests:

* js/dom/script-tests/string-prototype-properties.js:
* js/dom/string-prototype-properties-expected.txt:
* js/regress/locale-compare.html: Added.
* js/regress/locale-compare-expected.txt: Added.
* js/regress/scripts-tests/locale-compare.js: Added.
* js/script-tests/string-localeCompare.js:
* js/string-localeCompare-expected.txt:
* js/string-localeCompare.html:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199967 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRenderStyle should not be reference counted
antti@apple.com [Sun, 24 Apr 2016 13:54:59 +0000 (13:54 +0000)]
RenderStyle should not be reference counted
https://bugs.webkit.org/show_bug.cgi?id=156846

Reviewed by Andreas Kling.

RenderStyle reference counts its substructures. We no longer share RenderStyle objects between normal renderers
so there is no reason to refcount the RenderStyles themselves too. Making it a non-refcounted type clarifies
ownership relations, reduces branchiness and saves some memory.

This patches switches mostly mechanically from Ref/RefPtr<RenderStyle> to std::unique_ptr<RenderStyle>. In
the future RenderStyle can be given regular value semantics.

* Modules/plugins/PluginReplacement.h:
(WebCore::PluginReplacement::scriptObject):
(WebCore::PluginReplacement::willCreateRenderer):
* Modules/plugins/QuickTimePluginReplacement.h:
* Modules/plugins/QuickTimePluginReplacement.mm:
(WebCore::QuickTimePluginReplacement::~QuickTimePluginReplacement):
(WebCore::QuickTimePluginReplacement::createElementRenderer):
* Modules/plugins/YouTubePluginReplacement.cpp:
(WebCore::YouTubePluginReplacement::YouTubePluginReplacement):
(WebCore::YouTubePluginReplacement::createElementRenderer):
* Modules/plugins/YouTubePluginReplacement.h:
* css/CSSComputedStyleDeclaration.cpp:
(WebCore::ComputedStyleExtractor::getFontSizeCSSValuePreferringKeyword):
(WebCore::ComputedStyleExtractor::useFixedFontDefaultSize):
(WebCore::updateStyleIfNeededForNode):
(WebCore::computeRenderStyleForProperty):
(WebCore::ComputedStyleExtractor::customPropertyValue):
(WebCore::ComputedStyleExtractor::propertyValue):
* css/MediaQueryEvaluator.cpp:
(WebCore::MediaQueryEvaluator::MediaQueryEvaluator):
(WebCore::MediaQueryEvaluator::eval):
* css/MediaQueryEvaluator.h:

    Clarify in code that MediaQueryEvaluator does not own the style.

* css/MediaQueryMatcher.cpp:
(WebCore::MediaQueryMatcher::mediaType):
(WebCore::MediaQueryMatcher::documentElementUserAgentStyle):
(WebCore::MediaQueryMatcher::evaluate):
(WebCore::MediaQueryMatcher::matchMedia):
(WebCore::MediaQueryMatcher::styleResolverChanged):
(WebCore::MediaQueryMatcher::prepareEvaluator): Deleted.
* css/MediaQueryMatcher.h:
* css/StyleMedia.cpp:
(WebCore::StyleMedia::matchMedium):
* css/StyleResolver.cpp:
(WebCore::StyleResolver::State::clear):
(WebCore::StyleResolver::State::updateConversionData):
(WebCore::StyleResolver::State::setStyle):
(WebCore::StyleResolver::State::setParentStyle):

    State owns the style explicitly set by setParentStyle but not the one given via constructor.

(WebCore::isAtShadowBoundary):
(WebCore::StyleResolver::styleForElement):
(WebCore::StyleResolver::styleForKeyframe):
(WebCore::StyleResolver::keyframeStylesForAnimation):
(WebCore::StyleResolver::pseudoStyleForElement):
(WebCore::StyleResolver::styleForPage):
(WebCore::StyleResolver::defaultStyleForElement):
(WebCore::StyleResolver::applyMatchedProperties):
(WebCore::StyleResolver::applyPropertyToStyle):
* css/StyleResolver.h:
(WebCore::ElementStyle::ElementStyle):
(WebCore::StyleResolver::style):
(WebCore::StyleResolver::parentStyle):
(WebCore::StyleResolver::setOverrideDocumentElementStyle):
(WebCore::StyleResolver::State::document):
(WebCore::StyleResolver::State::element):
(WebCore::StyleResolver::State::style):
(WebCore::StyleResolver::State::takeStyle):
(WebCore::StyleResolver::State::parentStyle):
(WebCore::StyleResolver::State::rootElementStyle):
(WebCore::StyleResolver::State::regionForStyling):
(WebCore::StyleResolver::State::setParentStyle): Deleted.
* dom/Document.cpp:
(WebCore::Document::recalcStyle):
(WebCore::Document::updateLayoutIgnorePendingStylesheets):
(WebCore::Document::styleForElementIgnoringPendingStylesheets):
(WebCore::Document::isPageBoxVisible):
(WebCore::Document::pageSizeAndMarginsInPixels):
(WebCore::Document::addAutoSizingNode):
(WebCore::Document::validateAutoSizingNodes):
(WebCore::Document::resetAutoSizingNodes):
(WebCore::Document::setFullScreenRenderer):
* dom/Document.h:
* dom/Element.cpp:
(WebCore::Element::rendererIsNeeded):
(WebCore::Element::createElementRenderer):
(WebCore::Element::resolveComputedStyle):
* dom/Element.h:
(WebCore::Element::copyNonAttributePropertiesFromElement):
* dom/ElementRareData.h:

...

* page/animation/AnimationBase.h:
* page/animation/AnimationController.cpp:
(WebCore::AnimationControllerPrivate::receivedStartTimeResponse):
(WebCore::AnimationControllerPrivate::getAnimatedStyleForRenderer):
(WebCore::AnimationControllerPrivate::computeExtentOfAnimation):
(WebCore::AnimationController::cancelAnimations):
(WebCore::AnimationController::updateAnimations):

    std::unique_ptr<RenderStyle& animatedStyle argument is now expected no be initially null and
    is only set if a new style is created.

(WebCore::AnimationController::getAnimatedStyleForRenderer):
* page/animation/AnimationController.h:
* page/animation/AnimationControllerPrivate.h:
* page/animation/CompositeAnimation.cpp:
(WebCore::CompositeAnimation::updateTransitions):
(WebCore::CompositeAnimation::updateKeyframeAnimations):
(WebCore::CompositeAnimation::animate):
(WebCore::CompositeAnimation::getAnimatedStyle):
* page/animation/CompositeAnimation.h:
* page/animation/ImplicitAnimation.cpp:
(WebCore::ImplicitAnimation::ImplicitAnimation):
(WebCore::ImplicitAnimation::shouldSendEventForListener):
(WebCore::ImplicitAnimation::animate):
(WebCore::ImplicitAnimation::getAnimatedStyle):
(WebCore::ImplicitAnimation::onAnimationEnd):
(WebCore::ImplicitAnimation::reset):
* page/animation/ImplicitAnimation.h:
* page/animation/KeyframeAnimation.cpp:
(WebCore::KeyframeAnimation::KeyframeAnimation):
(WebCore::KeyframeAnimation::fetchIntervalEndpointsForProperty):
(WebCore::KeyframeAnimation::animate):
(WebCore::KeyframeAnimation::getAnimatedStyle):
* page/animation/KeyframeAnimation.h:
* rendering/RenderAttachment.cpp:
(WebCore::RenderAttachment::RenderAttachment):
* rendering/RenderAttachment.h:
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::RenderBlock):
(WebCore::RenderBlock::styleDidChange):
(WebCore::RenderBlock::clone):
(WebCore::RenderBlock::updateFirstLetterStyle):
(WebCore::RenderBlock::createFirstLetterRenderer):
* rendering/RenderBlock.h:
* rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::MarginInfo::MarginInfo):
(WebCore::RenderBlockFlow::RenderBlockFlow):
* rendering/RenderBlockFlow.h:
* rendering/RenderBox.cpp:
(WebCore::skipBodyBackground):
(WebCore::RenderBox::RenderBox):
* rendering/RenderBox.h:
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::suspendAnimations):
(WebCore::RenderBoxModelObject::RenderBoxModelObject):
* rendering/RenderBoxModelObject.h:
* rendering/RenderButton.cpp:
(WebCore::RenderButton::RenderButton):
(WebCore::RenderButton::setupInnerStyle):
* rendering/RenderButton.h:
* rendering/RenderCombineText.h:
* rendering/RenderDeprecatedFlexibleBox.cpp:
(WebCore::RenderDeprecatedFlexibleBox::RenderDeprecatedFlexibleBox):
* rendering/RenderDeprecatedFlexibleBox.h:
* rendering/RenderDetailsMarker.cpp:
(WebCore::RenderDetailsMarker::RenderDetailsMarker):
* rendering/RenderDetailsMarker.h:
* rendering/RenderElement.cpp:
(WebCore::controlStatesRendererMap):
(WebCore::RenderElement::RenderElement):
(WebCore::RenderElement::~RenderElement):
(WebCore::RenderElement::createFor):
(WebCore::firstLineStyleForCachedUncachedType):
(WebCore::RenderElement::uncachedFirstLineStyle):
(WebCore::RenderElement::cachedFirstLineStyle):
(WebCore::RenderElement::initializeStyle):
(WebCore::RenderElement::setStyle):
(WebCore::RenderElement::propagateStyleToAnonymousChildren):
(WebCore::RenderElement::styleDidChange):
(WebCore::RenderElement::getCachedPseudoStyle):

    Return plain pointer as the cache owns the style.

(WebCore::RenderElement::getUncachedPseudoStyle):

    return std::unique_ptr<RenderStyle>

(WebCore::RenderElement::selectionColor):
(WebCore::RenderElement::selectionPseudoStyle):
(WebCore::RenderElement::selectionBackgroundColor):
* rendering/RenderElement.h:
(WebCore::RenderElement::hasInitializedStyle):
(WebCore::RenderElement::style):
(WebCore::RenderElement::element):
(WebCore::RenderElement::setStyleInternal):
* rendering/RenderEmbeddedObject.cpp:

...

(WebCore::RenderImage::imageResource):
* rendering/RenderInline.cpp:
(WebCore::RenderInline::RenderInline):
(WebCore::updateStyleOfAnonymousBlockContinuations):
(WebCore::RenderInline::styleDidChange):

    Continuations now get their own RenderStyles.

(WebCore::RenderInline::addChildIgnoringContinuation):
(WebCore::RenderInline::clone):
* rendering/RenderInline.h:
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::currentTransform):
(WebCore::RenderLayer::calculateClipRects):
* rendering/RenderLayer.h:

...

* rendering/style/KeyframeList.cpp:
(WebCore::KeyframeList::operator==):
(WebCore::KeyframeList::insert):

    KeyframeValue is now movable but not copyable type. Adjust accordingly.

* rendering/style/KeyframeList.h:
(WebCore::KeyframeValue::KeyframeValue):
(WebCore::KeyframeValue::setKey):
(WebCore::KeyframeValue::style):
(WebCore::KeyframeValue::setStyle):
(WebCore::KeyframeList::animationName):
(WebCore::KeyframeList::addProperty):
(WebCore::KeyframeList::containsProperty):
* rendering/style/RenderStyle.cpp:
(WebCore::defaultStyle):
(WebCore::RenderStyle::create):
(WebCore::RenderStyle::createDefaultStyle):
(WebCore::RenderStyle::createAnonymousStyleWithDisplay):
(WebCore::RenderStyle::clone):
(WebCore::RenderStyle::createStyleInheritingFromPseudoStyle):

    Return std::unique_ptr<RenderStyle> instead of Ref<RenderStyle>.

(WebCore::RenderStyle::RenderStyle):
(WebCore::RenderStyle::~RenderStyle):
(WebCore::resolveAlignmentData):
(WebCore::RenderStyle::operator==):
(WebCore::RenderStyle::hasUniquePseudoStyle):
(WebCore::RenderStyle::getCachedPseudoStyle):
(WebCore::RenderStyle::addCachedPseudoStyle):
(WebCore::RenderStyle::isStyleAvailable): Deleted.
* rendering/style/RenderStyle.h:
(WebCore::RenderStyle::setStyleType):
(WebCore::RenderStyle::cachedPseudoStyles):
(WebCore::RenderStyle::initialIsolation):
(WebCore::RenderStyle::isPlaceholderStyle):
(WebCore::RenderStyle::setIsPlaceholderStyle):

    Add placeholder style bit to rareNonInheritedData. We no longer rely on RenderStyle identity for this test.

(WebCore::RenderStyle::noninheritedFlagsMemoryOffset):
* rendering/style/SVGRenderStyle.cpp:
(WebCore::defaultSVGStyle):
(WebCore::SVGRenderStyle::createDefaultStyle):
* rendering/style/StyleRareNonInheritedData.cpp:
(WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
(WebCore::StyleRareNonInheritedData::operator==):
(WebCore::StyleRareNonInheritedData::contentDataEquivalent):
* rendering/style/StyleRareNonInheritedData.h:

...

(WebCore::findRenderingRoot):
(WebCore::findRenderingRoots):
(WebCore::RenderTreeUpdater::commit):

    Style::Update is no longer const as we move the styles from it to the render tree.

(WebCore::pseudoStyleCacheIsInvalid):
(WebCore::RenderTreeUpdater::updateElementRenderer):
(WebCore::moveToFlowThreadIfNeeded):
(WebCore::RenderTreeUpdater::createRenderer):
(WebCore::RenderTreeUpdater::updateBeforeOrAfterPseudoElement):
* style/RenderTreeUpdater.h:
* style/StyleResolveForDocument.cpp:
(WebCore::Style::resolveForDocument):
* style/StyleResolveForDocument.h:
* style/StyleSharingResolver.cpp:
(WebCore::Style::elementHasDirectionAuto):
(WebCore::Style::SharingResolver::resolve):
* style/StyleSharingResolver.h:
* style/StyleTreeResolver.cpp:
(WebCore::Style::ensurePlaceholderStyle):

    Set the placeholder.

(WebCore::Style::TreeResolver::Parent::Parent):
(WebCore::Style::TreeResolver::pushScope):
(WebCore::Style::TreeResolver::pushEnclosingScope):
(WebCore::Style::TreeResolver::popScope):

    Set and clear StyleResolver overrideDocumentElementStyle as needed. It is owned by the TreeResolver.

(WebCore::Style::TreeResolver::styleForElement):

    Clone the placeholder style.

(WebCore::Style::TreeResolver::resolveElement):
(WebCore::Style::TreeResolver::pushParent):
(WebCore::Style::TreeResolver::resolveComposedTree):
(WebCore::Style::TreeResolver::resolve):

    Adopt to the std::unique_ptr and ElementStyle move semantics.

* style/StyleTreeResolver.h:
(WebCore::Style::TreeResolver::scope):
* style/StyleUpdate.cpp:
(WebCore::Style::Update::elementUpdate):
(WebCore::Style::Update::textUpdate):
(WebCore::Style::Update::elementStyle):
(WebCore::Style::Update::addElement):
(WebCore::Style::Update::addText):
* style/StyleUpdate.h:
(WebCore::Style::Update::roots):
(WebCore::Style::Update::document):
* svg/SVGAElement.cpp:
(WebCore::SVGAElement::svgAttributeChanged):
(WebCore::SVGAElement::createElementRenderer):

...

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199964 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDrop [UsePointersEvenForNonNullableObjectArguments] from MediaControlsHost
youenn.fablet@crf.canon.fr [Sun, 24 Apr 2016 12:45:44 +0000 (12:45 +0000)]
Drop [UsePointersEvenForNonNullableObjectArguments] from MediaControlsHost
https://bugs.webkit.org/show_bug.cgi?id=156903

Reviewed by Chris Dumez.

No change of behavior.

* Modules/mediacontrols/MediaControlsHost.idl: Marking some parameters as nullable.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199963 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDrop [UsePointersEvenForNonNullableObjectArguments] from WebGLRenderingContext
youenn.fablet@crf.canon.fr [Sun, 24 Apr 2016 12:45:06 +0000 (12:45 +0000)]
Drop [UsePointersEvenForNonNullableObjectArguments] from WebGLRenderingContext
https://bugs.webkit.org/show_bug.cgi?id=156909

Reviewed by Chris Dumez.

No change of behavior.

Marking a lot of method parameters as nullable.

* html/canvas/WebGLRenderingContextBase.idl:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199962 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDrop [UsePointersEvenForNonNullableObjectArguments] from WebSocket
youenn.fablet@crf.canon.fr [Sun, 24 Apr 2016 12:37:43 +0000 (12:37 +0000)]
Drop [UsePointersEvenForNonNullableObjectArguments] from WebSocket
https://bugs.webkit.org/show_bug.cgi?id=156897

Reviewed by Chris Dumez.

No change of behavior.

Updating WebSocket::send methods to take references, except for ArrayBufferView, which is not yet supported by the binding generator.

* Modules/websockets/WebSocket.cpp:
(WebCore::WebSocket::send):
* Modules/websockets/WebSocket.h:
* Modules/websockets/WebSocket.idl:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199961 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix issues found by the clang static analyzer
aestes@apple.com [Sun, 24 Apr 2016 02:49:49 +0000 (02:49 +0000)]
Fix issues found by the clang static analyzer
https://bugs.webkit.org/show_bug.cgi?id=156956

Reviewed by Alexey Proskuryakov.

Source/WebCore:

* editing/cocoa/DataDetection.mm:
(WebCore::DataDetection::detectContentInRange): Stored tz in a RetainPtr.
* platform/cf/KeyedDecoderCF.cpp:
(WebCore::KeyedDecoderCF::KeyedDecoderCF): If dynamic_cf_cast returned nullptr, the result of
CFPropertyListCreateWithData would leak. Stored the CFPropertyListRef in a RetainPtr, then leaked/adopted it
into m_rootDictionary (to avoid retain count churn) if it is a CFDictionary.
* platform/ios/WebAVPlayerController.mm:
(-[WebAVPlayerController dealloc]): Released _externalPlaybackAirPlayDeviceLocalizedName.
(-[WebAVMediaSelectionOption dealloc]): Added to release _localizedDisplayName.
* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(-[WebAVPlayerLayer dealloc]): Released _pixelBufferAttributes.
* platform/network/cocoa/WebCoreNSURLSession.h: Removed the readwrite attributes from properties, since
properties are readwrite by default.
* platform/network/cocoa/WebCoreNSURLSession.mm: Removed @dynamic, which isn't necessary just for defining a custom getter.
(-[WebCoreNSURLSessionDataTask dealloc]): Added to release copied ivars.

Source/WebKit/mac:

* WebView/WebDeviceOrientationProviderMock.mm:
(-[WebDeviceOrientationProviderMock dealloc]): [super dealloc] should be called last.

Source/WebKit2:

* UIProcess/API/Cocoa/WKPreviewActionItem.mm:
(-[WKPreviewAction dealloc]): Added to release _identifier.
* UIProcess/_WKWebViewPrintFormatter.mm:
(-[_WKWebViewPrintFormatter dealloc]): Released _frameToPrint.
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView inputView]): -createPeripheralWithView: returned a retained object, but the method name did not
match Cocoa conventions. Called -initWithView: instead.
(-[WKContentView _showAttachmentSheet]): Stored the _WKActivatedElementInfo in a RetainPtr.
(-[WKContentView _dataForPreviewItemController:atPosition:type:]): Ditto.
(+[WKAutocorrectionContext autocorrectionContextWithData:markedText:selectedText:afterText:selectedRangeInMarkedText:]):
The properties contextBeforeSelection, selectedText, markedText, and contextAfterSelection have the 'copy'
annotation in UIWKAutocorrectionContext, so the additional copy made here would be leaked. Removed the extra copy.
(-[WKAutocorrectionContext dealloc]): Deleted.
* UIProcess/ios/forms/WKFormInputControl.h: Removed -createPeripheralWithView: and declared -initWithView:.
* UIProcess/ios/forms/WKFormInputControl.mm:
(-[WKFormInputControl initWithView:]): Changed to return instancetype.
(+[WKFormInputControl createPeripheralWithView:]): Deleted.
* UIProcess/ios/forms/WKFormSelectControl.h: Removed -createPeripheralWithView: and declared -initWithView:.
* UIProcess/ios/forms/WKFormSelectControl.mm:
(+[WKFormSelectControl createPeripheralWithView:]): Deleted.
* UIProcess/mac/LegacySessionStateCoding.cpp:
(WebKit::decodeLegacySessionState): If dynamic_cf_cast returned nullptr, the result of
CFPropertyListCreateWithData would leak. Stored the CFPropertyListRef in a RetainPtr before calling dynamic_cf_cast.
* UIProcess/mac/ServicesController.mm:
(WebKit::ServicesController::refreshExistingServices): Used a RetainPtr for attachment and cell.
* UIProcess/mac/WebContextMenuProxyMac.mm:
(WebKit::WebContextMenuProxyMac::setupServicesMenu): Used a RetainPtr for groupEntry.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199960 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoReally enable INDEXED_DATABASE on Apple Mac cmake build
ossy@webkit.org [Sun, 24 Apr 2016 02:27:34 +0000 (02:27 +0000)]
Really enable INDEXED_DATABASE on Apple Mac cmake build
https://bugs.webkit.org/show_bug.cgi?id=156902

Reviewed by Michael Catanzaro.

* Scripts/webkitperl/FeatureList.pm:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199959 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agocheck-webkit-style: fix false-positive warnings about @synchronized
aestes@apple.com [Sun, 24 Apr 2016 02:25:46 +0000 (02:25 +0000)]
check-webkit-style: fix false-positive warnings about @synchronized
https://bugs.webkit.org/show_bug.cgi?id=156957

Reviewed by Dan Bernstein.

* Scripts/webkitpy/style/checkers/cpp.py:
(check_spacing_for_function_call): Ignore @synchronized lines.
(check_braces): Ditto.
* Scripts/webkitpy/style/checkers/cpp_unittest.py:
(CppStyleTest.test_brace_at_begin_of_line): Added a test case.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199958 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago<rdar://problem/25894586> A project has failed to build because WTF_MAKE_FAST_ALLOCAT...
mitz@apple.com [Sat, 23 Apr 2016 23:51:21 +0000 (23:51 +0000)]
<rdar://problem/25894586> A project has failed to build because WTF_MAKE_FAST_ALLOCATED was not defined

Rubber-stamped by Chris Dumez.

Reverted the IntSize part of r199735, to let IntSize.h keep being used in another project.

* platform/graphics/IntSize.h:
(WebCore::IntSize::IntSize):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199956 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTie the DiagnosticLoggingClient's lifetime to the Page
cdumez@apple.com [Sat, 23 Apr 2016 21:33:49 +0000 (21:33 +0000)]
Tie the DiagnosticLoggingClient's lifetime to the Page
https://bugs.webkit.org/show_bug.cgi?id=156938
<rdar://problem/25851499>

Reviewed by Antti Koivisto.

Source/WebCore:

Tie the DiagnosticLoggingClient's lifetime to the Page rather than to the
MainFrame. The diagnostic logging client in WebKit2 requires the WebPage
to be alive in order to send IPC to the UIProcess. The WebPage owns the
Page and Page is not refCounted so the lifetime of the
DiagnosticLoggingClient should now be tied to the one of the WebPage as
well.

Previously, the DiagnosticLoggingClient would stay alive as long as the
MainFrame and could apparently in rare cases outlive the WebPage, thus
crashing when trying to send the IPC.

* history/PageCache.cpp:
(WebCore::logPageCacheFailureDiagnosticMessage):
(WebCore::canCachePage):
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::loadResource):
(WebCore::logMediaLoadRequest):
(WebCore::HTMLMediaElement::updatePlayState):
(WebCore::HTMLMediaElement::mediaPlayerEngineFailedToLoad):
* loader/EmptyClients.h:
* loader/FrameLoader.cpp:
(WebCore::logNavigation):
(WebCore::FrameLoader::checkLoadCompleteForThisFrame):
(WebCore::FrameLoader::continueLoadAfterNavigationPolicy):
* loader/ResourceLoader.cpp:
(WebCore::logResourceResponseSource):
* loader/SubframeLoader.cpp:
(WebCore::logPluginRequest):
* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::willSendRequestInternal):
(WebCore::SubresourceLoader::didReceiveResponse):
(WebCore::logResourceLoaded):
* loader/cache/CachedResourceLoader.cpp:
(WebCore::logMemoryCacheResourceRequest):
(WebCore::logResourceRevalidationDecision):
* page/DiagnosticLoggingClient.h:
* page/MainFrame.cpp:
(WebCore::MainFrame::MainFrame): Deleted.
(WebCore::MainFrame::~MainFrame): Deleted.
(WebCore::MainFrame::diagnosticLoggingClient): Deleted.
* page/MainFrame.h:
* page/Page.cpp:
(WebCore::Page::Page):
(WebCore::Page::~Page):
(WebCore::Page::diagnosticLoggingClient):
* page/Page.h:

Source/WebKit2:

* WebProcess/WebCoreSupport/WebDiagnosticLoggingClient.cpp:
(WebKit::WebDiagnosticLoggingClient::pageDestroyed):
(WebKit::WebDiagnosticLoggingClient::mainFrameDestroyed): Deleted.
* WebProcess/WebCoreSupport/WebDiagnosticLoggingClient.h:
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::willStartUserTriggeredZooming):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199955 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago<rdar://problem/25893246> WebKit2 has failed to build: error: use of undeclared ident...
mitz@apple.com [Sat, 23 Apr 2016 17:37:24 +0000 (17:37 +0000)]
<rdar://problem/25893246> WebKit2 has failed to build: error: use of undeclared identifier 'm_playbackSessionManager'

Fixed the non-AVKit build.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _isShowingVideoPictureInPicture]):
(-[WKWebView _mayAutomaticallyShowVideoPictureInPicture]):
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::fullScreenManager):
(WebKit::WebPageProxy::playbackSessionManager):
* UIProcess/WebPageProxy.h:
* UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::applicationDidBecomeActive):
* WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::createScrollingCoordinator):
(WebKit::WebChromeClient::supportsVideoFullscreen):
* WebProcess/WebCoreSupport/WebChromeClient.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::inspectorUI):
(WebKit::WebPage::playbackSessionManager):
* WebProcess/WebPage/WebPage.h:
* WebProcess/cocoa/WebVideoFullscreenManager.h:
* WebProcess/cocoa/WebVideoFullscreenManager.mm:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199951 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agobmalloc: vm allocations should plant guard pages
barraclough@apple.com [Sat, 23 Apr 2016 17:05:54 +0000 (17:05 +0000)]
bmalloc: vm allocations should plant guard pages
https://bugs.webkit.org/show_bug.cgi?id=156937

Rolling out - looks like this is memory regression.

* bmalloc/Object.h:
(bmalloc::Object::operator+):
(bmalloc::Object::operator<=):
(bmalloc::Object::operator-): Deleted.
* bmalloc/VMAllocate.h:
(bmalloc::vmDeallocate):
(bmalloc::vmRevokePermissions): Deleted.
* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::allocateSmallChunk):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199950 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, unbreak cloop.
fpizlo@apple.com [Sat, 23 Apr 2016 16:38:23 +0000 (16:38 +0000)]
Unreviewed, unbreak cloop.

* runtime/VM.cpp:
(JSC::VM::getHostFunction):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199949 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdated Hungarian translation
mcatanzaro@igalia.com [Sat, 23 Apr 2016 15:18:08 +0000 (15:18 +0000)]
Updated Hungarian translation
https://bugs.webkit.org/show_bug.cgi?id=156952

Patch by Gabor Kelemen <kelemeng@ubuntu.com> on 2016-04-23
Rubber-stamped by Michael Catanzaro.

* hu.po:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199948 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: HeapAllocationsTimeline grid should use built-in grid column icons
mattbaker@apple.com [Sat, 23 Apr 2016 02:49:40 +0000 (02:49 +0000)]
Web Inspector: HeapAllocationsTimeline grid should use built-in grid column icons
https://bugs.webkit.org/show_bug.cgi?id=156934

Reviewed by Timothy Hatcher.

* UserInterface/Views/HeapAllocationsTimelineDataGridNode.js:
(WebInspector.HeapAllocationsTimelineDataGridNode):
Use existing base class helper function to create main title text.
(WebInspector.HeapAllocationsTimelineDataGridNode.prototype.createCellContent):
Add icon class names to cell, remove icon element.

* UserInterface/Views/HeapAllocationsTimelineView.js:
(WebInspector.HeapAllocationsTimelineView):
Turn on icons for the column.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199947 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSpeed up bound functions a bit
fpizlo@apple.com [Sat, 23 Apr 2016 02:00:38 +0000 (02:00 +0000)]
Speed up bound functions a bit
https://bugs.webkit.org/show_bug.cgi?id=156889

Reviewed by Saam Barati.
Source/JavaScriptCore:

Bound functions are hard to optimize because JSC doesn't have a good notion of non-JS code
that does JS-ey things like make JS calls. What I mean by "non-JS code" is code that did not
originate from JS source. A bound function does a highly polymorphic call to the target
stored in the JSBoundFunction. Prior to this change, we represented it as native code that
used the generic native->JS call API. That's not cheap.

We could model bound functions using a builtin, but it's not clear that this would be easy
to grok, since so much of the code would have to access special parts of the JSBoundFunction
type. Doing it that way might solve the performance problems but it would mean extra work to
arrange for the builtin to have speedy access to the call target, the bound this, and the
bound arguments. Also, optimizing bound functions that way would mean that bound function
performance would be gated on the performance of a bunch of other things in our system. For
example, we'd want this polymorphic call to be handled like the funnel that it is: if we're
compiling the bound function's outgoing call with no context then we should compile it as
fully polymorphic but we can let it assume basic sanity like that the callee is a real
function; but if we're compiling the call with any amount of calling context then we want to
use normal call IC's.

Since the builtin path wouldn't lead to a simpler patch and since I think that the VM will
benefit in the long run from using custom handling for bound functions, I kept the native
code and just added Intrinsic/thunk support.

This just adds an Intrinsic for bound function calls where the JSBoundFunction targets a
JSFunction instance and has no bound arguments (only bound this). This intrinsic is
currently only implemented as a thunk and not yet recognized by the DFG bytecode parser.

I needed to loosen some restrictions to do this. For one, I was really tired of our bad use
of ENABLE(JIT) conditionals, which made it so that any serious client of Intrinsics would
have to have #ifdefs. Really what should happen is that if the JIT is not enabled then we
just ignore intrinsics. Also, the code was previously assuming that having a native
constructor and knowing the Intrinsic for your native call were mutually exclusive. This
change makes it possible to have a native executable that has a custom function, custom
constructor, and an Intrinsic.

This is a >4x speed-up on bound function calls with no bound arguments.

In the future, we should teach the DFG Intrinsic handling to deal with bound functions and
we should teach the inliner (and ByteCodeParser::handleCall() in general) how to deal with
the function call inside the bound function. That would be super awesome.

* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::timesPtr):
(JSC::AbstractMacroAssembler::Address::withOffset):
(JSC::AbstractMacroAssembler::BaseIndex::BaseIndex):
(JSC::MacroAssemblerType>::Address::indexedBy):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::storeCell):
(JSC::AssemblyHelpers::loadCell):
(JSC::AssemblyHelpers::storeValue):
(JSC::AssemblyHelpers::emitSaveCalleeSaves):
(JSC::AssemblyHelpers::emitSaveThenMaterializeTagRegisters):
(JSC::AssemblyHelpers::emitRestoreCalleeSaves):
(JSC::AssemblyHelpers::emitRestoreSavedTagRegisters):
(JSC::AssemblyHelpers::copyCalleeSavesToVMCalleeSavesBuffer):
* jit/JITThunks.cpp:
(JSC::JITThunks::ctiNativeTailCall):
(JSC::JITThunks::ctiNativeTailCallWithoutSavedTags):
(JSC::JITThunks::ctiStub):
(JSC::JITThunks::hostFunctionStub):
(JSC::JITThunks::clearHostFunctionStubs):
* jit/JITThunks.h:
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
(JSC::SpecializedThunkJIT::tagReturnAsInt32):
(JSC::SpecializedThunkJIT::emitSaveThenMaterializeTagRegisters): Deleted.
(JSC::SpecializedThunkJIT::emitRestoreSavedTagRegisters): Deleted.
* jit/ThunkGenerators.cpp:
(JSC::virtualThunkFor):
(JSC::nativeForGenerator):
(JSC::nativeCallGenerator):
(JSC::nativeTailCallGenerator):
(JSC::nativeTailCallWithoutSavedTagsGenerator):
(JSC::nativeConstructGenerator):
(JSC::randomThunkGenerator):
(JSC::boundThisNoArgsFunctionCallGenerator):
* jit/ThunkGenerators.h:
* runtime/Executable.cpp:
(JSC::NativeExecutable::create):
(JSC::NativeExecutable::destroy):
(JSC::NativeExecutable::createStructure):
(JSC::NativeExecutable::finishCreation):
(JSC::NativeExecutable::NativeExecutable):
(JSC::ScriptExecutable::ScriptExecutable):
* runtime/Executable.h:
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncBind):
* runtime/IntlCollatorPrototype.cpp:
(JSC::IntlCollatorPrototypeGetterCompare):
* runtime/Intrinsic.h:
* runtime/JSBoundFunction.cpp:
(JSC::boundThisNoArgsFunctionCall):
(JSC::boundFunctionCall):
(JSC::boundThisNoArgsFunctionConstruct):
(JSC::boundFunctionConstruct):
(JSC::getBoundFunctionStructure):
(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::customHasInstance):
(JSC::JSBoundFunction::JSBoundFunction):
* runtime/JSBoundFunction.h:
(JSC::JSBoundFunction::targetFunction):
(JSC::JSBoundFunction::boundThis):
(JSC::JSBoundFunction::boundArgs):
(JSC::JSBoundFunction::createStructure):
(JSC::JSBoundFunction::offsetOfTargetFunction):
(JSC::JSBoundFunction::offsetOfBoundThis):
* runtime/JSFunction.cpp:
(JSC::JSFunction::lookUpOrCreateNativeExecutable):
(JSC::JSFunction::create):
* runtime/VM.cpp:
(JSC::thunkGeneratorForIntrinsic):
(JSC::VM::getHostFunction):
* runtime/VM.h:
(JSC::VM::getCTIStub):
(JSC::VM::exceptionOffset):

LayoutTests:

This microbenchmark speeds up by >4x with this change.

* js/regress/bound-function-call-expected.txt: Added.
* js/regress/bound-function-call.html: Added.
* js/regress/script-tests/bound-function-call.js: Added.
(foo):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199946 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] Fix build break since r199866
jh718.park@samsung.com [Sat, 23 Apr 2016 01:11:43 +0000 (01:11 +0000)]
[JSC] Fix build break since r199866
https://bugs.webkit.org/show_bug.cgi?id=156892

Reviewed by Darin Adler.

* runtime/MathCommon.cpp: Follow up to r199913. Remove 'include cmath' in cpp file.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199943 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCannot access the SQLTransaction.constructor.prototype
cdumez@apple.com [Sat, 23 Apr 2016 00:58:01 +0000 (00:58 +0000)]
Cannot access the SQLTransaction.constructor.prototype
https://bugs.webkit.org/show_bug.cgi?id=156613

Reviewed by Darin Adler.

Source/WebCore:

Drop [NoInterfaceObject] from the following SQL interfaces:
Database, SQLError, SQLResultSet, SQLResultSetRowList and SQLTransaction.

This matches the specification:
https://dev.w3.org/html5/webdatabase/

This was causing the 'constructor' property to be wrong for these
interfaces as it would be a generic Object.

Test: storage/websql/transaction-prototype.html

* Modules/webdatabase/Database.idl:
* Modules/webdatabase/SQLError.idl:
* Modules/webdatabase/SQLResultSet.idl:
* Modules/webdatabase/SQLResultSetRowList.idl:
* Modules/webdatabase/SQLTransaction.idl:

LayoutTests:

Rebaseline existing test now that more SQL constructors are exposed on the
global Window object. Also add a test to confirm that it is possible to
access SQLTransaction.constructor.prototype and that it seems correct.

* js/dom/global-constructors-attributes-expected.txt:
* platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
* platform/mac/js/dom/global-constructors-attributes-expected.txt:
* storage/websql/transaction-prototype-expected.txt: Added.
* storage/websql/transaction-prototype.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199942 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] Optimize number parsing and string parsing in LiteralParser
utatane.tea@gmail.com [Sat, 23 Apr 2016 00:45:27 +0000 (00:45 +0000)]
[JSC] Optimize number parsing and string parsing in LiteralParser
https://bugs.webkit.org/show_bug.cgi?id=156896

Reviewed by Mark Lam.

This patch aim to improve JSON.parse performance. Major 2 optimizations are included.

1. Change `double result` to `int32_t result` in integer parsing case.
We already have the optimized path for integer parsing, when it's digits are less than 10.
At that case, the maximum number is 999999999, and the minimum number is -99999999.
The both are in range of Int32. So We can use int32_t for accumulation instead of double.

2. Add the string parsing fast / slow cases.
We add the fast case for string parsing, which does not include any escape sequences.

Both optimizations improve Kraken json-parse-financial, roughly 3.5 - 4.5%.

json-parse-financial        49.128+-1.589             46.979+-0.912           might be 1.0457x faster

* runtime/LiteralParser.cpp:
(JSC::isJSONWhiteSpace):
(JSC::isSafeStringCharacter):
(JSC::LiteralParser<CharType>::Lexer::lexString):
(JSC::LiteralParser<CharType>::Lexer::lexStringSlow):
(JSC::LiteralParser<CharType>::Lexer::lexNumber):
* runtime/LiteralParser.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199941 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Include columnNumber in event listener locations
commit-queue@webkit.org [Sat, 23 Apr 2016 00:44:45 +0000 (00:44 +0000)]
Web Inspector: Include columnNumber in event listener locations
https://bugs.webkit.org/show_bug.cgi?id=156927
<rdar://problem/25884584>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-04-22
Reviewed by Brian Burg.

* inspector/InspectorDOMAgent.cpp:
(WebCore::InspectorDOMAgent::buildObjectForEventListener):
Include the column number in the location as well.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199940 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Source directives lost when using Function constructor repeatedly
commit-queue@webkit.org [Sat, 23 Apr 2016 00:40:43 +0000 (00:40 +0000)]
Web Inspector: Source directives lost when using Function constructor repeatedly
https://bugs.webkit.org/show_bug.cgi?id=156863
<rdar://problem/25861064>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-04-22
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Source directives (sourceURL and sourceMappingURL) are normally accessed through
the SourceProvider and normally set when the script is parsed. However, when a
CodeCache lookup skips parsing, the new SourceProvider never gets the directives
(sourceURL/sourceMappingURL). This patch stores the directives on the UnlinkedCodeBlock
and UnlinkedFunctionExecutable when entering the cache, and copies to the new providers
when the cache is used.

* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::sourceURLDirective):
(JSC::UnlinkedCodeBlock::sourceMappingURLDirective):
(JSC::UnlinkedCodeBlock::setSourceURLDirective):
(JSC::UnlinkedCodeBlock::setSourceMappingURLDirective):
* bytecode/UnlinkedFunctionExecutable.h:
* parser/SourceProvider.h:
* runtime/CodeCache.cpp:
(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):
* runtime/CodeCache.h:
Store directives on the unlinked code block / executable when adding
to the cache, so they can be used to update new providers when the
cache gets used.

* runtime/JSGlobalObject.cpp:
Add needed header after CodeCache header cleanup.

LayoutTests:

* inspector/debugger/sourceURL-repeated-identical-executions-expected.txt: Added.
* inspector/debugger/sourceURL-repeated-identical-executions.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199939 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agobmalloc: vm allocations should plant guard pages
ggaren@apple.com [Fri, 22 Apr 2016 23:56:53 +0000 (23:56 +0000)]
bmalloc: vm allocations should plant guard pages
https://bugs.webkit.org/show_bug.cgi?id=156937

Reviewed by Michael Saboff.

* bmalloc/Object.h:
(bmalloc::Object::operator-): Added a - helper.

* bmalloc/VMAllocate.h:
(bmalloc::vmRevokePermissions): Added a helper to revoke permissions on
a VM region. We use this for guard pages.

* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::allocateSmallChunk): Add guard pages to the start and
end of the chunk.

Note that we don't guard large chunks becuase we need to be able to merge
them. Otherwise, we will run out of virtual addresses.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199936 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agojavascript jit bug affecting Google Maps.
mark.lam@apple.com [Fri, 22 Apr 2016 23:48:44 +0000 (23:48 +0000)]
javascript jit bug affecting Google Maps.
https://bugs.webkit.org/show_bug.cgi?id=153431

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

The issue was due to the abstract interpreter wrongly marking the type of the
value read from the Uint3Array as SpecInt52, which precludes it from being an
Int32.  This proves to be false, and the generated code failed to handle the case
where the read value is actually an Int32.

The fix is to have the abstract interpreter use SpecMachineInt instead of
SpecInt52.

* bytecode/SpeculatedType.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

LayoutTests:

* js/regress/bug-153431-expected.txt: Added.
* js/regress/bug-153431.html: Added.
* js/regress/script-tests/bug-153431.js: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199935 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agobmalloc: Constify introspect function pointer table
ggaren@apple.com [Fri, 22 Apr 2016 23:25:54 +0000 (23:25 +0000)]
bmalloc: Constify introspect function pointer table
https://bugs.webkit.org/show_bug.cgi?id=156936

Reviewed by Michael Saboff.

* bmalloc/Zone.cpp:
(bmalloc::Zone::Zone): Declaring this function pointer table const puts
it in the read-only section of the binary, providing a little hardening
against overwriting the function pointers at runtime. (We have to
const_cast when assigning because the API declares a pointer to non-const,
but we happen to know it will never try to write through that pointer.
This is not my favorite API.)

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199934 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] PredictionPropagation should not be in the top 5 heaviest phases
commit-queue@webkit.org [Fri, 22 Apr 2016 23:10:27 +0000 (23:10 +0000)]
[JSC] PredictionPropagation should not be in the top 5 heaviest phases
https://bugs.webkit.org/show_bug.cgi?id=156891

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-04-22
Reviewed by Mark Lam.

In DFG, PredictionPropagation is often way too high in profiles.
It is a simple phase, it should not be that hot.

Most of the time is spent accessing memory. This patch attempts
to reduce that.

First, propagate() is split in processInvariants() and propagates().
The step processInvariants() sets all the types for nodes for which
the type does not depends on other nodes.

Adding processInvariants() lowers two hotspot inside PredictionPropagation:
speculationFromValue() and setPrediction().

Next, to avoid touching all the nodes at every operation, we keep
track of the nodes that actually need propagate().
The vector m_dependentNodes keeps the list of those nodes and propagate()
only need to process them at each phase.

This is a smaller gain because growing m_dependentNodes negates
some of the gains.

On 3d-cube, this moves PredictionPropagation from fifth position
to ninth. A lot of the remaining overhead is caused by double-voting
and cannot be fixed by moving stuff around.

* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagateToFixpoint): Deleted.
(JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
(JSC::DFG::PredictionPropagationPhase::propagateForward): Deleted.
(JSC::DFG::PredictionPropagationPhase::propagateBackward): Deleted.
(JSC::DFG::PredictionPropagationPhase::doDoubleVoting): Deleted.
(JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): Deleted.
(JSC::DFG::PredictionPropagationPhase::propagateThroughArgumentPositions): Deleted.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199933 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agosuper should be available in object literals
ggaren@apple.com [Fri, 22 Apr 2016 23:04:55 +0000 (23:04 +0000)]
super should be available in object literals
https://bugs.webkit.org/show_bug.cgi?id=156933

Reviewed by Saam Barati.

Source/JavaScriptCore:

When we originally implemented classes, super seemed to be a class-only
feature. But the final spec says it's available in object literals too.

* bytecompiler/NodesCodegen.cpp:
(JSC::PropertyListNode::emitBytecode): Having 'super' and being a class
property are no longer synonymous, so we track two separate variables.

(JSC::PropertyListNode::emitPutConstantProperty): Being inside the super
branch no longer guarantees that you're a class property, so we decide
our attributes and our function name dynamically.

* parser/ASTBuilder.h:
(JSC::ASTBuilder::createArrowFunctionExpr):
(JSC::ASTBuilder::createGetterOrSetterProperty):
(JSC::ASTBuilder::createArguments):
(JSC::ASTBuilder::createArgumentsList):
(JSC::ASTBuilder::createProperty):
(JSC::ASTBuilder::createPropertyList): Pass through state to indicate
whether we're a class property, since we can't infer it from 'super'
anymore.

* parser/NodeConstructors.h:
(JSC::PropertyNode::PropertyNode): See ASTBuilder.h.

* parser/Nodes.h:
(JSC::PropertyNode::expressionName):
(JSC::PropertyNode::name):
(JSC::PropertyNode::type):
(JSC::PropertyNode::needsSuperBinding):
(JSC::PropertyNode::isClassProperty):
(JSC::PropertyNode::putType): See ASTBuilder.h.

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseProperty):
(JSC::Parser<LexerType>::parsePropertyMethod):
(JSC::Parser<LexerType>::parseGetterSetter):
(JSC::Parser<LexerType>::parseMemberExpression): I made these error
messages generic because it is no longer practical to say concise things
about the list of places you can use super.

* parser/Parser.h:

* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::createArgumentsList):
(JSC::SyntaxChecker::createProperty):
(JSC::SyntaxChecker::appendExportSpecifier):
(JSC::SyntaxChecker::appendConstDecl):
(JSC::SyntaxChecker::createGetterOrSetterProperty): Updated for
interface change.

* tests/stress/generator-with-super.js:
(test):
* tests/stress/modules-syntax-error.js:
* tests/stress/super-in-lexical-scope.js:
(testSyntaxError):
(testSyntaxError.test):
* tests/stress/tagged-templates-syntax.js: Updated for error message
changes. See Parser.cpp.

LayoutTests:

Updated expected results and added a few new tests.

* js/arrowfunction-syntax-errors-expected.txt:
* js/class-syntax-super-expected.txt:
* js/object-literal-methods-expected.txt:
* js/script-tests/arrowfunction-syntax-errors.js:
* js/script-tests/class-syntax-super.js:
* js/script-tests/object-literal-methods.js:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199927 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFixing a typo in my last commit.
ryanhaddad@apple.com [Fri, 22 Apr 2016 22:46:54 +0000 (22:46 +0000)]
Fixing a typo in my last commit.

Unreviewed build fix.

* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.messages.in:
* WebProcess/cocoa/WebVideoFullscreenManager.messages.in:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199919 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoASSERT(m_stack.last().isTailDeleted) at ShadowChicken.cpp:127 inspecting the inspector
fpizlo@apple.com [Fri, 22 Apr 2016 22:46:18 +0000 (22:46 +0000)]
ASSERT(m_stack.last().isTailDeleted) at ShadowChicken.cpp:127 inspecting the inspector
https://bugs.webkit.org/show_bug.cgi?id=156930

Reviewed by Joseph Pecoraro.

The loop that prunes the stack from the top should preserve the invariant that the top frame
cannot be tail-deleted.

* interpreter/ShadowChicken.cpp:
(JSC::ShadowChicken::update):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199918 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMissed some macros to fix builds that do not support AVKit.
ryanhaddad@apple.com [Fri, 22 Apr 2016 22:41:49 +0000 (22:41 +0000)]
Missed some macros to fix builds that do not support AVKit.

Unreviewed build fix.

* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.messages.in:
* WebProcess/cocoa/WebVideoFullscreenManager.messages.in:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199917 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd JSC test results in json format to a buildbot log
commit-queue@webkit.org [Fri, 22 Apr 2016 22:38:54 +0000 (22:38 +0000)]
Add JSC test results in json format to a buildbot log
https://bugs.webkit.org/show_bug.cgi?id=156920

Patch by Srinivasan Vijayaraghavan <svijayaraghavan@apple.com> on 2016-04-22
Reviewed by Alexey Proskuryakov.

* BuildSlaveSupport/build.webkit.org-config/master.cfg:
(RunJavaScriptCoreTests):
Add runtime flag to output json into buildbot
* Scripts/run-javascriptcore-tests:
(runJSCStressTests):
Change key names and remove redundant count key

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199916 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Win] Unreviewed build fix.
bfulgham@apple.com [Fri, 22 Apr 2016 22:30:00 +0000 (22:30 +0000)]
[Win] Unreviewed build fix.

* platform/graphics/ca/win/PlatformCALayerWin.cpp:
(PlatformCALayerWin::isHidden):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199915 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix builds that do not support AVKit
ryanhaddad@apple.com [Fri, 22 Apr 2016 22:05:36 +0000 (22:05 +0000)]
Fix builds that do not support AVKit

Unreviewed build fix.

* UIProcess/WebPageProxy.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199914 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAttempt to fix the CLoop after r199866
benjamin@webkit.org [Fri, 22 Apr 2016 22:02:13 +0000 (22:02 +0000)]
Attempt to fix the CLoop after r199866

* runtime/MathCommon.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199913 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Crash at -[WebAVPlayerLayer resolveBounds]
jer.noble@apple.com [Fri, 22 Apr 2016 21:48:39 +0000 (21:48 +0000)]
[iOS] Crash at -[WebAVPlayerLayer resolveBounds]
https://bugs.webkit.org/show_bug.cgi?id=156931
<rdar://problem/25865315>

Reviewed by Eric Carlson.

When cloning the WebAVPlayerLayer, we must copy over the fullscreenInterface to the cloned layer.

* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(WebAVPlayerLayerView_startRoutingVideoToPictureInPicturePlayerLayerView):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199912 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCrash under WebCore::DataDetection::detectContentInRange()
cdumez@apple.com [Fri, 22 Apr 2016 21:32:25 +0000 (21:32 +0000)]
Crash under WebCore::DataDetection::detectContentInRange()
https://bugs.webkit.org/show_bug.cgi?id=156880
<rdar://problem/25622631>

Reviewed by Darin Adler.

We would sometimes crash under WebCore::DataDetection::detectContentInRange()
when dereferencing a null parentNode pointer. This patch adds a null check
for parentNode in the for() loop. It also does some clean up and optimization
since I was passing by.

* editing/cocoa/DataDetection.mm:
(WebCore::DataDetection::detectContentInRange):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199910 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSource/WebKit:
bfulgham@apple.com [Fri, 22 Apr 2016 21:27:14 +0000 (21:27 +0000)]
Source/WebKit:
Unreviewed build fix after r199841.

* PlatformWin.cmake: Add missing WebApplicationCache.cpp buid directive.

Source/WebKit/win:
Unreviewed build fix after 4199841.

* WebApplicationCache.cpp:
(WebApplicationCache::WebApplicationCache): Provide missing preference key definition.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199908 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaselining inspector/model/stack-trace.html after r199897
ryanhaddad@apple.com [Fri, 22 Apr 2016 21:26:46 +0000 (21:26 +0000)]
Rebaselining inspector/model/stack-trace.html after r199897

Unreviewed test gardening.

* inspector/model/stack-trace-expected.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199907 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkip two content animation tests which are only meant for iOS testing.
simon.fraser@apple.com [Fri, 22 Apr 2016 21:25:37 +0000 (21:25 +0000)]
Skip two content animation tests which are only meant for iOS testing.

* Animation/css-animation.html: Added.
* Animation/raf-animation.html: Added.

* Skipped:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199906 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agobuildObjectForEventListener should not call into JSC with a null ExecState
keith_miller@apple.com [Fri, 22 Apr 2016 21:24:27 +0000 (21:24 +0000)]
buildObjectForEventListener should not call into JSC with a null ExecState
https://bugs.webkit.org/show_bug.cgi?id=156923

Reviewed by Joseph Pecoraro.

If a user had disabled JavaScript on their page then the inspector tried to
add an event listener we would fail to create an ExecState. Since we didn't
check this ExecState was valid we would then attempt to stringify the value,
which would cause JSC to crash.

* inspector/InspectorDOMAgent.cpp:
(WebCore::InspectorDOMAgent::buildObjectForEventListener):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199905 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoYet another attempt at fixing Windows.
dino@apple.com [Fri, 22 Apr 2016 21:22:52 +0000 (21:22 +0000)]
Yet another attempt at fixing Windows.

* platform/graphics/ca/win/PlatformCALayerWin.cpp:
(PlatformCALayerWin::isHidden):
* platform/graphics/ca/win/PlatformCALayerWin.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199904 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTake 2 for fixing builds that do not support AVKit
ryanhaddad@apple.com [Fri, 22 Apr 2016 21:07:45 +0000 (21:07 +0000)]
Take 2 for fixing builds that do not support AVKit

Unreviewed build fix.

* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::resetState):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199903 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAttempt to fix Windows build after r199862
ryanhaddad@apple.com [Fri, 22 Apr 2016 21:07:42 +0000 (21:07 +0000)]
Attempt to fix Windows build after r199862

Unreviewed build fix.

* platform/graphics/ca/win/PlatformCALayerWin.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199902 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWKWebView WebSQL is not enabled
andersca@apple.com [Fri, 22 Apr 2016 21:06:50 +0000 (21:06 +0000)]
WKWebView WebSQL is not enabled
https://bugs.webkit.org/show_bug.cgi?id=156928
rdar://problem/19029603

Reviewed by Beth Dakin.

Give databases a default quota of 50 MB, matching what we have in UIWebView.

* UIProcess/Cocoa/UIDelegate.mm:
(WebKit::UIDelegate::UIClient::exceededDatabaseQuota):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199901 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAnchor element 'ping' property should only apply to http/https destinations
bfulgham@apple.com [Fri, 22 Apr 2016 20:57:26 +0000 (20:57 +0000)]
Anchor element 'ping' property should only apply to http/https destinations
https://bugs.webkit.org/show_bug.cgi?id=156801
<rdar://problem/25834419>

Reviewed by Chris Dumez.

Take advantage of the hyperlink auditing language "UAs may either ignore the
ping attribute altogether, or selectively ignore URLs in the list (e.g. ignoring
any third-party URLs)" to restrict pings to http/https targets. For details, see
<https://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing>.

Tested by http/tests/navigation/ping-attribute tests.

* loader/PingLoader.cpp:
(WebCore::PingLoader::sendPing): Ignore requests to ping anything outside the
family of HTTP protocols (http/https).

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199900 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoChange an assert to a warn based on post review feedback.
timothy@apple.com [Fri, 22 Apr 2016 20:28:44 +0000 (20:28 +0000)]
Change an assert to a warn based on post review feedback.

https://bugs.webkit.org/show_bug.cgi?id=156919
rdar://problem/25857118

Rubber-stamped by Joseph Pecoraro.

* UserInterface/Controllers/DebuggerManager.js:
(WebInspector.DebuggerManager.prototype.debuggerDidPause):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199899 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Debugger statement in console does not provide any call frames and...
timothy@apple.com [Fri, 22 Apr 2016 19:53:37 +0000 (19:53 +0000)]
Web Inspector: Debugger statement in console does not provide any call frames and debugger UI is confused

https://bugs.webkit.org/show_bug.cgi?id=156919
rdar://problem/25857118

This makes console expressions show up in the Debugger tab sidebar if a ScriptContentView is shown for them.
We now also show call frames that originate from a console expression, so the call frames in the sidebar is not empty.
Also fix a bug where when there are no call frames we auto resume the debugger and don't leave it in a broken state.

Reviewed by Joseph Pecoraro.

* Localizations/en.lproj/localizedStrings.js: Updated.

* UserInterface/Base/Utilities.js:
(appendWebInspectorSourceURL): Don't append if another sourceURL is already added.
(appendWebInspectorConsoleEvaluationSourceURL): Added.
(isWebInspectorConsoleEvaluationScript): Added.
(isWebKitInternalScript): Return false for isWebInspectorConsoleEvaluationScript().

* UserInterface/Controllers/DebuggerManager.js:
(WebInspector.DebuggerManager.prototype.debuggerDidPause): Resume if call frames is empty. This is not as common now
since console expression call frames are not skipped.
(WebInspector.DebuggerManager.prototype.scriptDidParse): Change an early return for isWebInspectorInternalScript() that
was skipping adding internal scripts to the known script lists, but it should only do that when the debug UI is disabled.

* UserInterface/Controllers/JavaScriptLogViewController.js:
(WebInspector.JavaScriptLogViewController.prototype.consolePromptTextCommitted):
Call appendWebInspectorConsoleEvaluationSourceURL so the console expressions are tagged before evaluateInInspectedWindow
added the internal sourceURL name.

* UserInterface/Models/Script.js:
(WebInspector.Script): Assign unique identifiers to console scripts so they are named correctly.
(WebInspector.Script.resetUniqueDisplayNameNumbers): Reset _nextUniqueConsoleDisplayNameNumber.
(WebInspector.Script.prototype.get displayName): Special case console expressions with a better name.

* UserInterface/Views/DebuggerSidebarPanel.js:
(WebInspector.DebuggerSidebarPanel.prototype.treeElementForRepresentedObject): Add a script tree element on demand
like the ResourceSidebarPanel does for anonymous scripts.
(WebInspector.DebuggerSidebarPanel.prototype._addScript): Return treeElement so treeElementForRepresentedObject can use it.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199897 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix builds that do not support AVKit
ryanhaddad@apple.com [Fri, 22 Apr 2016 19:44:08 +0000 (19:44 +0000)]
Fix builds that do not support AVKit

Unreviewed build fix.

* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.h:
* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.mm:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::reattachToWebProcess):
(WebKit::WebPageProxy::viewDidLeaveWindow):
* UIProcess/ios/WebPageProxyIOS.mm:
* platform/ios/WebAVPlayerController.h:
* platform/ios/WebAVPlayerController.mm:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199896 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r189567): The top of Facebook's messenger.com looks visually broken
hyatt@apple.com [Fri, 22 Apr 2016 19:42:24 +0000 (19:42 +0000)]
REGRESSION (r189567): The top of Facebook's messenger.com looks visually broken
https://bugs.webkit.org/show_bug.cgi?id=156869
<rdar://problem/23204668>

Reviewed by Zalan Bujtas.

Source/WebCore:

Added fast/block/min-content-with-box-sizing.html

* rendering/RenderBox.cpp:
(WebCore::RenderBox::computeIntrinsicLogicalContentHeightUsing):

LayoutTests:

* fast/block/min-content-box-sizing-expected.html: Added.
* fast/block/min-content-box-sizing.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199895 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] Integer Multiply of a number by itself does not need negative zero support
commit-queue@webkit.org [Fri, 22 Apr 2016 19:27:57 +0000 (19:27 +0000)]
[JSC] Integer Multiply of a number by itself does not need negative zero support
https://bugs.webkit.org/show_bug.cgi?id=156895

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-04-22
Reviewed by Saam Barati.

You cannot produce negative zero by squaring an integer.

* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileArithMul):
Minor codegen fixes:
-Use the right form of multiply for ARM.
-Use a sign-extended 32bit immediates, that's the one with fast forms
 in the MacroAssembler.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199894 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTextAutoSizingKey should use normal refcounting
antti@apple.com [Fri, 22 Apr 2016 19:25:40 +0000 (19:25 +0000)]
TextAutoSizingKey should use normal refcounting
https://bugs.webkit.org/show_bug.cgi?id=156893

Reviewed by Andreas Kling.

Get rid of special refcounting of style in favor of RefPtr. It also becomes a move-only type
to support future switch to non-refcounted RenderStyle.

Also general cleanups and modernization.

* dom/Document.cpp:
(WebCore::TextAutoSizingTraits::constructDeletedValue):
(WebCore::TextAutoSizingTraits::isDeletedValue):
(WebCore::Document::addAutoSizingNode):
(WebCore::Document::validateAutoSizingNodes):
(WebCore::Document::resetAutoSizingNodes):

    Adopt to being move-only.

* rendering/TextAutoSizing.cpp:
(WebCore::cloneRenderStyleWithState):
(WebCore::TextAutoSizingKey::TextAutoSizingKey):

    Clone the style for safety against mutations. Cloning is cheap.

(WebCore::TextAutoSizingValue::numNodes):
(WebCore::TextAutoSizingValue::adjustNodeSizes):
(WebCore::TextAutoSizingValue::reset):
(WebCore::TextAutoSizingKey::~TextAutoSizingKey): Deleted.
(WebCore::TextAutoSizingKey::operator=): Deleted.
(WebCore::TextAutoSizingKey::ref): Deleted.
(WebCore::TextAutoSizingKey::deref): Deleted.
* rendering/TextAutoSizing.h:
(WebCore::TextAutoSizingKey::TextAutoSizingKey):
(WebCore::TextAutoSizingKey::style):
(WebCore::TextAutoSizingKey::isDeleted):
(WebCore::operator==):
(WebCore::TextAutoSizingKey::doc): Deleted.
(WebCore::TextAutoSizingKey::isValidDoc): Deleted.
(WebCore::TextAutoSizingKey::isValidStyle): Deleted.
(WebCore::TextAutoSizingKey::deletedKeyDoc): Deleted.
(WebCore::TextAutoSizingKey::deletedKeyStyle): Deleted.

    m_doc member is not used for anything except deleted value comparisons. Replace it with a bit.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199893 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCrash under FontCache::purgeInactiveFontData()
cdumez@apple.com [Fri, 22 Apr 2016 19:24:42 +0000 (19:24 +0000)]
Crash under FontCache::purgeInactiveFontData()
https://bugs.webkit.org/show_bug.cgi?id=156822
<rdar://problem/25373970>

Reviewed by Darin Adler.

In some rare cases, the Font constructor would mutate the FontPlatformData
that is being passed in. This is an issue because because our FontCache
uses the FontPlatformData as key for the cached fonts. This could lead to
crashes because the WTFMove() in FontCache::purgeInactiveFontData() would
nullify values in our HashMap but we would then fail to remove them from
the HashMap (because the key did not match). We would then reference the
null font when looping again when doing font->hasOneRef().

This patch marks Font::m_platformData member as const to avoid such issues
in the future and moves the code altering the FontPlatformData from the
Font constructor into the FontPlatformData constructor. The purpose of
that code was to initialize FontPlatformData::m_cgFont in case the CGFont
passed in the constructor was null.

* platform/graphics/Font.h:
* platform/graphics/FontCache.cpp:
(WebCore::FontCache::fontForPlatformData):
(WebCore::FontCache::purgeInactiveFontData):
* platform/graphics/FontPlatformData.cpp:
(WebCore::FontPlatformData::FontPlatformData):
* platform/graphics/FontPlatformData.h:
* platform/graphics/cocoa/FontCocoa.mm:
(WebCore::webFallbackFontFamily): Deleted.
(WebCore::Font::platformInit): Deleted.
* platform/graphics/cocoa/FontPlatformDataCocoa.mm:
(WebCore::webFallbackFontFamily):
(WebCore::FontPlatformData::setFallbackCGFont):
* platform/graphics/win/FontPlatformDataCGWin.cpp:
(WebCore::FontPlatformData::setFallbackCGFont):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199890 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSupport disabling at runtime IndexedDB constructors exposed to workers
cdumez@apple.com [Fri, 22 Apr 2016 19:22:54 +0000 (19:22 +0000)]
Support disabling at runtime IndexedDB constructors exposed to workers
https://bugs.webkit.org/show_bug.cgi?id=156883

Reviewed by Darin Adler.

Source/WebCore:

Support disabling at runtime IndexedDB constructors exposed to workers.
Previously, constructors visibility to workers and window was constrolled
by the same runtime flag.

* Modules/indexeddb/IDBCursor.idl:
* Modules/indexeddb/IDBCursorWithValue.idl:
* Modules/indexeddb/IDBDatabase.idl:
* Modules/indexeddb/IDBFactory.idl:
* Modules/indexeddb/IDBIndex.idl:
* Modules/indexeddb/IDBKeyRange.idl:
* Modules/indexeddb/IDBObjectStore.idl:
* Modules/indexeddb/IDBOpenDBRequest.idl:
* Modules/indexeddb/IDBRequest.idl:
* Modules/indexeddb/IDBTransaction.idl:
* Modules/indexeddb/IDBVersionChangeEvent.idl:
* workers/WorkerGlobalScope.idl:

LayoutTests:

Add layout test coverage.

* storage/indexeddb/modern/resources/workers-disabled.js:
* storage/indexeddb/modern/resources/workers-enable.js:
* storage/indexeddb/modern/workers-disabled-expected.txt:
* storage/indexeddb/modern/workers-enable-expected.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199889 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoVersioning.
bshafiei@apple.com [Fri, 22 Apr 2016 19:14:50 +0000 (19:14 +0000)]
Versioning.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199888 268f45cc-cd09-0410-ab3c-d52691b4dbfc