WebKit.git
4 years agoDOMTokenList update steps for classList don't follow the spec
cdumez@apple.com [Fri, 11 Sep 2015 21:33:16 +0000 (21:33 +0000)]
DOMTokenList update steps for classList don't follow the spec
https://bugs.webkit.org/show_bug.cgi?id=148589
<rdar://problem/22547443>

Reviewed by Ryosuke Niwa and Darin Adler.

LayoutTests/imported/w3c:

Rebaseline W3C tests for DOMTokenList now that more checks are passing.

* web-platform-tests/dom/lists/DOMTokenList-stringifier-expected.txt:
* web-platform-tests/dom/nodes/Element-classlist-expected.txt:

Source/WebCore:

Update our DOMTokenList implementation to behave according to
the latest DOM specification:
https://dom.spec.whatwg.org/#interface-domtokenlist

In particular, the following changes were made:
- The stringifier now returns the result of the ordered set serializer
  for tokens. This means that we drop duplicate spaces and extra spaces
  [1][2][3].
- DOMSettableTokenList.value now returns the result of the ordered set
  serializer for tokens [4] as well.
- When the DOMTokenList's tokens are updated and there is an associated
  Element attribute, we set the attribute value to be the the ordered
  set serializer for tokens. This is according to the DOMTokenList
  update steps in the specification [6]. Chrome does not match the
  specification either.

Edge browser behaves according to the specification already. Firefox was
implementing this via [7] but no recent progress. This makes the JS API
nicer to use and interest was shown by jQuery Team.

The following refactoring was done:
- Merge ClassList / RelList into a single AttributeDOMTokenList class
  as their code is mostly duplicated and the only thing that changes
  is which attribute is associated (class vs rel). AttributeDOMTokenList
  now keeps the attribute name as a member so it could be used for any
  attribute. AttributeDOMTokenList overrides DOMTokenList's
  updateAfterTokenChange() to do update the attribute's value as per
  [6].
- We no longer use a SpaceSplitString for the internal representation
  as we need to sanitize the tokens (drop duplicates and extra spaces).
  DOMTokenList now has an internal Vector<AtomicString> containing the
  tokens that is constructed from the algorithm in [2]. As a result,
  most of the logic is now in DOMTokenList instead of its subclasses
  which means that most methods are no longer virtual. We only have
  one virtual function named updateAfterTokenChange() to do the update
  steps as AttributeDOMTokenList needs to update the associated
  attribute.

This change does not seem to impact Dromaeo.

[1] https://dom.spec.whatwg.org/#concept-ordered-set-serializer
[2] https://dom.spec.whatwg.org/#ordered%20sets
[3] https://dom.spec.whatwg.org/#stringification-behavior
[4] https://dom.spec.whatwg.org/#dom-domsettabletokenlist-value
[5] https://dom.spec.whatwg.org/#dom-domtokenlist-contains (step 2)
[6] https://dom.spec.whatwg.org/#concept-DTL-update
[7] https://bugzilla.mozilla.org/show_bug.cgi?id=869788

No new tests, already covered by existing tests.

* dom/Element.cpp:
(WebCore::Element::classAttributeChanged):
When the class attribute changes, make sure to update the associated
classList if there is one. We could do this lazily if it turns out
to be a performance problem. However, chances are this is not as
classList is rarely used and we only need to update the classList if
it was ever accessed by JS for this Element.

(WebCore::Element::insertedInto):
Drop call to clearClassListValueForQuirksMode() as we no longer need
to maintain a separate SpaceSplitString for classes when in quirks
mode. This is because AttributeDOMTokenList now has its own Vector
of classes in their original cases. It therefore no longer relies on
Element::classNames() which has its case folded when in quirks mode.

(WebCore::Element::classList):
Return a AttributeDOMTokenList instead of a ClassList.

* html/AttributeDOMTokenList.h: Added.
* html/AttributeDOMTokenList.cpp: Added.
(WebCore::AttributeDOMTokenList::AttributeDOMTokenList):
Call DOMTokenList::setValue() using the attribute's value so that
DOMTokenList can initialize its token Vector.

(WebCore::AttributeDOMTokenList::attributeValueChanged):
If the attribute value was changed by somebody else that the
AttributeDOMTokenList, call DOMTokenList::setValue() so that it
can update its token Vector.

(WebCore::AttributeDOMTokenList::updateAfterTokenChange):
This is called whenever the token Vector is changed via JS. In
this case, we update the associated attribute's value.

* html/ClassList.cpp: Removed.
* html/ClassList.h: Removed.
Now merged into AttributeDOMTokenList.

* html/DOMSettableTokenList.cpp:
* html/DOMSettableTokenList.h:
Get rid of most of the code as most of the logic is now in
DOMTokenList parent class.

* html/DOMTokenList.cpp:
(WebCore::DOMTokenList::validateToken):
Use a String parameter instead of an AtomicString as this method does
not need the input the be an AtomicString. This avoid atomizing
String unnecessarily.

(WebCore::DOMTokenList::validateTokens):
Use a modern loop.

(WebCore::DOMTokenList::contains):
No longer use containsInternal() virtual function. We can now check
the internal token Vector.

(WebCore::DOMTokenList::add):
Now update the internal Vector. Use a modern loop and try to minimize
Vector capacity reallocation.

(WebCore::DOMTokenList::remove):
Now update the internal Vector.

(WebCore::DOMTokenList::toggle):
Now update the internal Vector and refactor the code so that it is
structured exactly as the algorithm in the specification for
clarity.

(WebCore::DOMTokenList::value):
Now return the result of the ordered set serializer for tokens. This
method is used for:
- The DOMSettableTokenList.value() getter
- The DOMTokenList stringifier
- As attribute value when updating the associated attribute in
  AttributeDOMTokenList.

(WebCore::DOMTokenList::setValue):
Update the internal Vector using the algorithm in [2].

* html/DOMTokenList.h:
(WebCore::DOMTokenList::length):
No longer virtual, now returns the size of the internal token Vector.

(WebCore::DOMTokenList::item):
No longer virtual, now returns the token at the given index in the
internal Vector.

* html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::relList):
Now return a AttributeDOMTokenList.

* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::relList):
Now return a AttributeDOMTokenList.

* html/RelList.cpp: Removed.
* html/RelList.h: Removed.
Now merged into AttributeDOMTokenList.

LayoutTests:

Update / rebaseline existing tests as our behavior changed.

* fast/dom/HTMLElement/class-list-expected.txt:
* fast/dom/HTMLElement/class-list-quirks-expected.txt:
* fast/dom/HTMLElement/script-tests/class-list.js:
* fast/dom/HTMLOutputElement/dom-settable-token-list-expected.txt:
* fast/dom/HTMLOutputElement/htmloutputelement-expected.txt:
* fast/dom/HTMLOutputElement/htmloutputelement.html:
* fast/dom/HTMLOutputElement/script-tests/dom-settable-token-list.js:
* fast/dom/rel-list-expected.txt:
* fast/dom/rel-list.html:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189632 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed gardening to make Windows bot green.
achristensen@apple.com [Fri, 11 Sep 2015 21:28:19 +0000 (21:28 +0000)]
Unreviewed gardening to make Windows bot green.

* platform/win/TestExpectations:
imported/w3c/web-platform-tests/html/dom/interfaces.html is newly imported and fails on Windows.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189631 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBuild fix
bdakin@apple.com [Fri, 11 Sep 2015 21:28:10 +0000 (21:28 +0000)]
Build fix

* UIProcess/mac/ViewGestureControllerMac.mm:
(WebKit::ViewGestureController::beginSwipeGesture):
(WebKit::ViewGestureController::removeSwipeSnapshot):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189630 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMark svg/animations/svgboolean-animation-1 as flaky for
ap@apple.com [Fri, 11 Sep 2015 21:26:39 +0000 (21:26 +0000)]
Mark svg/animations/svgboolean-animation-1 as flaky for
https://bugs.webkit.org/show_bug.cgi?id=149072

* TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189629 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoShould use CARenderServerRenderLayerWithTransform for snapshots on iOS
bdakin@apple.com [Fri, 11 Sep 2015 21:24:01 +0000 (21:24 +0000)]
Should use CARenderServerRenderLayerWithTransform for snapshots on iOS
https://bugs.webkit.org/show_bug.cgi?id=149069
-and corresponding-
rdar://problem/19726953

Reviewed by Tim Horton.

This will let us own the backing IOSurface, which will let us share more code
with Mac.

Use CARenderServerRenderLayerWithTransform
* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _takeViewSnapshot]):
(-[WKWebView _zoomToPoint:atScale:animated:]):

We can eliminate things needed for the slot-based API.
* UIProcess/mac/ViewSnapshotStore.h:
(WebKit::ViewSnapshot::setDeviceScaleFactor):
(WebKit::ViewSnapshot::deviceScaleFactor):
(WebKit::ViewSnapshot::surface):
(WebKit::ViewSnapshot::imageSizeInBytes):
(WebKit::ViewSnapshot::size):
* UIProcess/mac/ViewSnapshotStore.mm:
(WebKit::ViewSnapshotStore::singleton):
(WebKit::ViewSnapshotStore::didAddImageToSnapshot):
(WebKit::ViewSnapshotStore::discardSnapshotImages):
(WebKit::ViewSnapshot::create):
(WebKit::ViewSnapshot::ViewSnapshot):
(WebKit::ViewSnapshot::~ViewSnapshot):
(WebKit::ViewSnapshot::setSurface):
(WebKit::ViewSnapshot::hasImage):
(WebKit::ViewSnapshot::clearImage):
(WebKit::ViewSnapshot::asLayerContents):
(WebKit::ViewSnapshotStore::snapshottingContext): Deleted.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189628 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, added myself to the list of contributors.
ssakshuwong@apple.com [Fri, 11 Sep 2015 21:23:45 +0000 (21:23 +0000)]
Unreviewed, added myself to the list of contributors.

* Scripts/webkitpy/common/config/contributors.json:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189627 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agofast/hidpi/image-set-without-specified-width.html flakily tries to install multiple...
timothy_horton@apple.com [Fri, 11 Sep 2015 18:59:12 +0000 (18:59 +0000)]
fast/hidpi/image-set-without-specified-width.html flakily tries to install multiple callbacks for the same event
https://bugs.webkit.org/show_bug.cgi?id=149067

Reviewed by Alexey Proskuryakov.

* fast/hidpi/image-set-without-specified-width.html:
Wait until we've successfully set the deviceScaleFactor
before reloading the page; otherwise, we can end up trying to set it
again after the reload (and depending on how long it takes the callback
to return, again, and again, and again...)

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189626 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoThere should be a defaultSpotCheck-like mode that doesn't run the MaximalFlushInserti...
commit-queue@webkit.org [Fri, 11 Sep 2015 18:44:47 +0000 (18:44 +0000)]
There should be a defaultSpotCheck-like mode that doesn't run the MaximalFlushInsertionPhase in run-jsc-stress-tests
https://bugs.webkit.org/show_bug.cgi?id=149058

Patch by Saam barati <sbarati@apple.com> on 2015-09-11
Reviewed by Geoffrey Garen.

* Scripts/run-jsc-stress-tests:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189625 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd initial support for floats in WebAsssembly
commit-queue@webkit.org [Fri, 11 Sep 2015 18:40:53 +0000 (18:40 +0000)]
Add initial support for floats in WebAsssembly
https://bugs.webkit.org/show_bug.cgi?id=149062

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-11
Reviewed by Geoffrey Garen.

Implement the ConstantPoolIndex, Immediate, GetLocal, and GetGlobal
instructions for floats (float32) in WebAssembly.

* tests/stress/wasm-arithmetic-float32.js: Added.
(shouldBe):
* tests/stress/wasm-globals.js:
* tests/stress/wasm-type-conversion.js:
* tests/stress/wasm/arithmetic-float32.wasm: Added.
* tests/stress/wasm/globals.wasm:
* tests/stress/wasm/type-conversion.wasm:
* wasm/WASMConstants.h:
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::buildSetLocal):
(JSC::WASMFunctionCompiler::buildReturn):
(JSC::WASMFunctionCompiler::buildImmediateF32):
(JSC::WASMFunctionCompiler::buildGetLocal):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::parseExpression):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseConstantPoolIndexExpressionF32):
(JSC::WASMFunctionParser::parseImmediateExpressionF32):
(JSC::WASMFunctionParser::parseGetLocalExpressionF32):
(JSC::WASMFunctionParser::parseGetGlobalExpressionF32):
* wasm/WASMFunctionParser.h:
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::buildImmediateF32):
* wasm/WASMReader.cpp:
(JSC::WASMReader::readOpExpressionF32):
* wasm/WASMReader.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189624 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago2015-09-11 Geoffrey Garen <ggaren@apple.com>
ggaren@apple.com [Fri, 11 Sep 2015 17:35:59 +0000 (17:35 +0000)]
2015-09-11  Geoffrey Garen  <ggaren@apple.com>

        Try to fix the CLOOP build.

        Unreviewed.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::finalizeBaselineJITInlineCaches):
        (JSC::CodeBlock::finalizeUnconditionally):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189623 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[EFL] Fix WASM build
ossy@webkit.org [Fri, 11 Sep 2015 16:56:19 +0000 (16:56 +0000)]
[EFL] Fix WASM build
https://bugs.webkit.org/show_bug.cgi?id=149065

Reviewed by Darin Adler.

* wasm/WASMFunctionParser.cpp:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189622 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoEl Capitan test result gardening.
ap@apple.com [Fri, 11 Sep 2015 16:21:46 +0000 (16:21 +0000)]
El Capitan test result gardening.

* platform/mac/TestExpectations: Remove a test that should pass now.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189621 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoJavaScriptCore should discard optimized code after some time
ggaren@apple.com [Fri, 11 Sep 2015 16:08:39 +0000 (16:08 +0000)]
JavaScriptCore should discard optimized code after some time
https://bugs.webkit.org/show_bug.cgi?id=149048

Reviewed by Michael Saboff.

This patch adds a new jettison type -- JettisonDueToOldAge -- and starts
using it for DFG and FTL code. Baseline and LLInt code will come in a
follow-up patch.

The primary goal is to save memory. Some popular websites leave about 10MB
of dead code sitting around immediately after they finish loading.

Throwing away code periodically might also save us from profiling
pathologies that lead to performance dead ends.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate): Updated for rename, and removed a
stale comment.

(JSC::CodeBlock::shouldVisitStrongly): Renamed to shouldVisitStrongly
because the practical effect of this function is to trigger a call to
visitStrongly.

(JSC::CodeBlock::isKnownToBeLiveDuringGC): Check the
m_visitStronglyHasBeenCalled flag instead of
shouldImmediatelyAssumeLivenessDuringScan / shouldVisitStrongly because
m_visitStronglyHasBeenCalled can be set by anybody even if the CodeBlock
would not otherwise visit itself strongly.

(JSC::CodeBlock::shouldJettisonDueToWeakReference): New helper function
for readability.

(JSC::CodeBlock::shouldJettisonDueToOldAge): New helper function that
tells if a CodeBlock is old enough for deletion.

(JSC::CodeBlock::determineLiveness): There's no need to check
shouldImmediatelyAssumeLivenessDuringScan here because we will not call
this function if shouldImmediatelyAssumeLivenessDuringScan is true.
Also, it's just not clear -- if someone chooses to call this function --
that it would be safe to ignore them simply because
shouldImmediatelyAssumeLivenessDuringScan was true.

(JSC::CodeBlock::finalizeLLIntInlineCaches): Moved code out into a helper
function to make the main function more readable.

(JSC::CodeBlock::finalizeBaselineJITInlineCaches): Ditto.

(JSC::CodeBlock::finalizeUnconditionally): Added code for jettisoning a
CodeBlock if it is too old. Moved large sections of code into helper
functions to aid readability in this function.

(JSC::CodeBlock::jettison): Account for the fact that we might jettison
a CodeBlock without OSR exit and without requiring a stack shoot-down.

* bytecode/CodeBlock.h:
(JSC::CodeBlock::setInstallTime):
(JSC::CodeBlock::timeSinceInstall): Track CodeBlock age to help us
decide when to delete.

* jit/JITCode.h:
(JSC::JITCode::timeToLive): Static limits on CodeBlock lifetime. I got
these numbers from the place where numbers come from.

* profiler/ProfilerJettisonReason.cpp:
(WTF::printInternal):
* profiler/ProfilerJettisonReason.h: Updated for new jettison type.

* runtime/Executable.cpp:
(JSC::ScriptExecutable::installCode): Record install time so that we
can measure how old a CodeBlock is.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189620 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoElement.tagName should be upper-case for HTML elements in HTML documents
cdumez@apple.com [Fri, 11 Sep 2015 14:51:32 +0000 (14:51 +0000)]
Element.tagName should be upper-case for HTML elements in HTML documents
https://bugs.webkit.org/show_bug.cgi?id=148843
<rdar://problem/22559081>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more checks are passing.

* web-platform-tests/dom/nodes/Document-createElementNS-expected.txt:
* web-platform-tests/dom/nodes/Element-tagName-expected.txt:
* web-platform-tests/dom/nodes/Node-nodeName-expected.txt:
* web-platform-tests/html/semantics/tabular-data/the-table-element/table-insertRow-expected.txt:

Source/WebCore:

Element.tagName should be upper-case for HTML elements in HTML documents,
as per the DOM specification:
https://dom.spec.whatwg.org/#dom-element-tagname

Previously, WebKit would fail to upper-case the tagname if the element's
tag had a prefix. This patch corrects this. This aligns our behavior with
Firefox, Chrome and IE.

No new tests, already covered by existing tests.

* html/HTMLElement.cpp:
(WebCore::HTMLElement::nodeName):

LayoutTests:

Update / rebaseline test now that our behavior has changed.

* fast/dom/Node/initial-values-expected.txt:
* fast/dom/Node/script-tests/initial-values.js:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189618 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agodocument.body = "text" should throw a TypeError, not a HierarchyRequestError
cdumez@apple.com [Fri, 11 Sep 2015 14:50:37 +0000 (14:50 +0000)]
document.body = "text" should throw a TypeError, not a HierarchyRequestError
https://bugs.webkit.org/show_bug.cgi?id=149057
<rdar://problem/22567157>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline test now that a new check is passing.

* web-platform-tests/html/dom/documents/dom-tree-accessors/document.body-setter-01-expected.txt:

Source/WebCore:

document.body = "text" should throw a TypeError, not a
HierarchyRequestError:
https://html.spec.whatwg.org/multipage/dom.html#dom-document-body

This is because "text" is a DOMString and it cannot be converted into an
HTMLElement?. Therefore, the WebIDL specification says we should throw a
TypeError in this case.

Chrome and Firefox throw the right exception.

No new tests, already covered by existing test.

* dom/Document.idl:

LayoutTests:

Rebaseline test as we now throw a different exception.

* fast/dom/setter-type-enforcement-expected.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189617 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] Weak should only accept cell pointees.
akling@apple.com [Fri, 11 Sep 2015 09:16:37 +0000 (09:16 +0000)]
[JSC] Weak should only accept cell pointees.
<https://webkit.org/b/148955>

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Since WeakImpls only support pointing to JSCell derived objects,
enforce that at compile time by having the API use JSCell* instead of JSValue.

WeakHandleOwner callbacks now get JSCell& and JSCell*& respectively instead
of wrapping the cell pointer in a Handle<Unknown>.

Also added a static_assert so Weak<T> can't be instantiated with a T that's
not convertible to JSCell.

* API/JSAPIWrapperObject.mm:
(JSAPIWrapperObjectHandleOwner::finalize):
(JSAPIWrapperObjectHandleOwner::isReachableFromOpaqueRoots):
(JSC::JSAPIWrapperObject::finishCreation):
* API/JSManagedValue.mm:
(JSManagedValueHandleOwner::isReachableFromOpaqueRoots):
(JSManagedValueHandleOwner::finalize):
* builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::finalize):
* builtins/BuiltinExecutables.h:
* heap/Heap.cpp:
(JSC::Heap::addFinalizer):
(JSC::Heap::FinalizerOwner::finalize):
* heap/Heap.h:
* heap/WeakBlock.cpp:
(JSC::WeakBlock::visit):
(JSC::WeakBlock::reap):
* heap/WeakHandleOwner.cpp:
(JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
(JSC::WeakHandleOwner::finalize):
* heap/WeakHandleOwner.h:
* heap/WeakImpl.h:
(JSC::WeakImpl::WeakImpl):
(JSC::WeakImpl::state):
(JSC::WeakImpl::cell):
(JSC::WeakImpl::asWeakImpl):
(JSC::WeakImpl::jsValue): Deleted.
* heap/WeakInlines.h:
(JSC::Weak<T>::Weak):
(JSC::>):
(JSC::Weak<T>::operator):
(JSC::Weak<T>::get):
(JSC::Weak<T>::was):
* heap/WeakSet.h:
* heap/WeakSetInlines.h:
(JSC::WeakSet::allocate):
(JSC::WeakBlock::finalize):
* jit/JITThunks.cpp:
(JSC::JITThunks::finalize):
* jit/JITThunks.h:
* jsc.cpp:
(WTF::ElementHandleOwner::isReachableFromOpaqueRoots): Deleted.
* runtime/JSCell.h:
(JSC::jsCast):
* runtime/RegExpCache.cpp:
(JSC::RegExpCache::finalize):
* runtime/RegExpCache.h:
* runtime/Structure.cpp:
(JSC::StructureTransitionTable::singleTransition):
(JSC::StructureTransitionTable::setSingleTransition):

Source/WebCore:

Update WebCore bindings for the new Weak and Weak-related signatures.

* bindings/js/JSCSSRuleListCustom.cpp:
(WebCore::JSCSSRuleListOwner::isReachableFromOpaqueRoots):
* bindings/js/JSCSSValueCustom.cpp:
(WebCore::JSCSSValueOwner::isReachableFromOpaqueRoots):
(WebCore::JSCSSValueOwner::finalize):
* bindings/js/JSCallbackData.cpp:
(WebCore::JSCallbackDataWeak::WeakOwner::isReachableFromOpaqueRoots):
* bindings/js/JSCallbackData.h:
* bindings/js/JSMutationObserverCustom.cpp:
(WebCore::JSMutationObserverOwner::isReachableFromOpaqueRoots):
* bindings/js/JSNodeCustom.cpp:
(WebCore::isReachableFromDOM):
(WebCore::JSNodeOwner::isReachableFromOpaqueRoots):
* bindings/js/JSNodeListCustom.cpp:
(WebCore::JSNodeListOwner::isReachableFromOpaqueRoots):
* bindings/js/JSTextTrackCueCustom.cpp:
(WebCore::JSTextTrackCueOwner::isReachableFromOpaqueRoots):
* bindings/js/WebCoreTypedArrayController.cpp:
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots):
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize):
* bindings/js/WebCoreTypedArrayController.h:
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
(WebCore::JSTestActiveDOMObjectOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestActiveDOMObjectOwner::finalize):
* bindings/scripts/test/JS/JSTestActiveDOMObject.h:
* bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
(WebCore::JSTestCustomConstructorWithNoInterfaceObjectOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestCustomConstructorWithNoInterfaceObjectOwner::finalize):
* bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
(WebCore::JSTestCustomNamedGetterOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestCustomNamedGetterOwner::finalize):
* bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
(WebCore::JSTestEventConstructorOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestEventConstructorOwner::finalize):
* bindings/scripts/test/JS/JSTestEventConstructor.h:
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
(WebCore::JSTestEventTargetOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestEventTargetOwner::finalize):
* bindings/scripts/test/JS/JSTestEventTarget.h:
* bindings/scripts/test/JS/JSTestException.cpp:
(WebCore::JSTestExceptionOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestExceptionOwner::finalize):
* bindings/scripts/test/JS/JSTestException.h:
* bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
(WebCore::JSTestGenerateIsReachableOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestGenerateIsReachableOwner::finalize):
* bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterfaceOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestInterfaceOwner::finalize):
* bindings/scripts/test/JS/JSTestInterface.h:
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::JSTestMediaQueryListListenerOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestMediaQueryListListenerOwner::finalize):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
(WebCore::JSTestNamedConstructorOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestNamedConstructorOwner::finalize):
* bindings/scripts/test/JS/JSTestNamedConstructor.h:
* bindings/scripts/test/JS/JSTestNondeterministic.cpp:
(WebCore::JSTestNondeterministicOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestNondeterministicOwner::finalize):
* bindings/scripts/test/JS/JSTestNondeterministic.h:
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::JSTestObjOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestObjOwner::finalize):
* bindings/scripts/test/JS/JSTestObj.h:
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
(WebCore::JSTestOverloadedConstructorsOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestOverloadedConstructorsOwner::finalize):
* bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
* bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
(WebCore::JSTestOverrideBuiltinsOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestOverrideBuiltinsOwner::finalize):
* bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
(WebCore::JSTestSerializedScriptValueInterfaceOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestSerializedScriptValueInterfaceOwner::finalize):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
(WebCore::JSTestTypedefsOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestTypedefsOwner::finalize):
* bindings/scripts/test/JS/JSTestTypedefs.h:
* bindings/scripts/test/JS/JSattribute.cpp:
(WebCore::JSattributeOwner::isReachableFromOpaqueRoots):
(WebCore::JSattributeOwner::finalize):
* bindings/scripts/test/JS/JSattribute.h:
* bindings/scripts/test/JS/JSreadonly.cpp:
(WebCore::JSreadonlyOwner::isReachableFromOpaqueRoots):
(WebCore::JSreadonlyOwner::finalize):
* bindings/scripts/test/JS/JSreadonly.h:
* bridge/runtime_root.cpp:
(JSC::Bindings::RootObject::finalize):
* bridge/runtime_root.h:

Source/WebKit2:

* WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
(WebKit::NPRuntimeObjectMap::finalize):
* WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189616 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Remove unused files
commit-queue@webkit.org [Fri, 11 Sep 2015 01:43:07 +0000 (01:43 +0000)]
Web Inspector: Remove unused files
https://bugs.webkit.org/show_bug.cgi?id=149049

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-10
Reviewed by Brian Burg.

* WebProcess/WebPage/efl/WebInspectorEfl.cpp: Removed.
* WebProcess/WebPage/gtk/WebInspectorGtk.cpp: Removed.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189602 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWebInspectorUI should have a WebPage reference
commit-queue@webkit.org [Fri, 11 Sep 2015 01:42:09 +0000 (01:42 +0000)]
WebInspectorUI should have a WebPage reference
https://bugs.webkit.org/show_bug.cgi?id=149046

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-10
Reviewed by Geoffrey Garen.

* WebProcess/WebPage/WebInspectorUI.cpp:
* WebProcess/WebPage/WebInspectorUI.h:
(WebKit::WebInspectorUI::page): Deleted.
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::inspectorUI):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189601 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r189595.
commit-queue@webkit.org [Fri, 11 Sep 2015 01:39:37 +0000 (01:39 +0000)]
Unreviewed, rolling out r189595.
https://bugs.webkit.org/show_bug.cgi?id=149052

The tests still fail (Requested by ap on #webkit).

Reverted changeset:

"Spurious output on Windows tests: AQMEIOManager::FindIOUnit:
error -1"
https://bugs.webkit.org/show_bug.cgi?id=142929
http://trac.webkit.org/changeset/189595

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189600 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement switch statements in WebAssembly
commit-queue@webkit.org [Fri, 11 Sep 2015 01:37:09 +0000 (01:37 +0000)]
Implement switch statements in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149051

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-10
Reviewed by Geoffrey Garen.

This patch implements switch statements in WebAssembly using the
JSC::BinarySwitch class.

* tests/stress/wasm-control-flow.js:
* tests/stress/wasm/control-flow.wasm:
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::buildSwitch):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::parseSwitchStatement):
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::buildSwitch):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189599 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAX: Mavericks: Text cursor does not move along with VoiceOver cursor for text fields
cfleizach@apple.com [Fri, 11 Sep 2015 00:55:14 +0000 (00:55 +0000)]
AX: Mavericks: Text cursor does not move along with VoiceOver cursor for text fields
https://bugs.webkit.org/show_bug.cgi?id=148891

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Asychronous focus setting DOES work on Yosemite, just not Mavericks.

* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(-[WebAccessibilityObjectWrapper accessibilitySetValue:forAttribute:]):
(-[WebAccessibilityObjectWrapper _accessibilitySetValue:forAttribute:]):

LayoutTests:

Mark accessibility focus tests as passing on Yosemite.

* platform/mac/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189598 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStructure should be able to tell you if it had ever been a dictionary
fpizlo@apple.com [Thu, 10 Sep 2015 23:07:08 +0000 (23:07 +0000)]
Structure should be able to tell you if it had ever been a dictionary
https://bugs.webkit.org/show_bug.cgi?id=149047

Reviewed by Mark Lam.

Introduces the hasBeenDictionary flag to Structure, which tells you if this structure or
any of its ancestors is a dictionary. We already implicitly tracked this for DFG
watchpoint optimizations, so this is mainly just decoupling that existing logic from
watchpoints. Having Structure::hasBeenDictionary() enables some of the heuristics in the
property type inference work (https://bugs.webkit.org/show_bug.cgi?id=148610).

* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::dump):
* runtime/Structure.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189596 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSpurious output on Windows tests: AQMEIOManager::FindIOUnit: error -1
ap@apple.com [Thu, 10 Sep 2015 22:59:08 +0000 (22:59 +0000)]
Spurious output on Windows tests: AQMEIOManager::FindIOUnit: error -1
https://bugs.webkit.org/show_bug.cgi?id=142929

Reviewed by Brent Fulgham.

Tools:

Silence the logging. We'll track fixing the root cause in Radar.

* Scripts/webkitpy/port/mac.py:
(MacPort.stderr_patterns_to_strip): Added a FIXME.

* Scripts/webkitpy/port/win.py:
(WinPort.logging_patterns_to_strip): Added.

LayoutTests:

* platform/win/TestExpectations: Unskip some newly added tests that are affected.
We still skip the whole media directory - updating the results and unskipping those
tests would be a separate project.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189595 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[New Block-Inside-Inline Model] Self-collapsing block check needs to account for...
hyatt@apple.com [Thu, 10 Sep 2015 22:15:46 +0000 (22:15 +0000)]
[New Block-Inside-Inline Model] Self-collapsing block check needs to account for anonymous inline blocks
https://bugs.webkit.org/show_bug.cgi?id=149042

Reviewed by Dean Jackson.

Source/WebCore:

Added new tests in fast/block/inside-inlines/

* rendering/InlineFlowBox.cpp:
* rendering/InlineFlowBox.h:
(WebCore::InlineFlowBox::anonymousInlineBlock):
Add a new accessor to get the anonymousInlineBlock() for lines that wrap them.

* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::childrenPreventSelfCollapsing):
(WebCore::RenderBlock::isSelfCollapsingBlock):
isSelfCollapsingBlock() now calls a virtual method that checks lines/children called childrenPreventSelfCollapsing.
This lets us farm out the lines check to the derived RenderBlockFlow class.

* rendering/RenderBlock.h:
(WebCore::RenderBlock::childrenPreventSelfCollapsing):
Added new virtual method for checking children.

* rendering/RenderBlockFlow.cpp:
* rendering/RenderBlockFlow.h:
(WebCore::RenderBlockFlow::childrenPreventSelfCollapsing):
Overridden to ensure that blocks can still be self-collapsing if they only contain anonymous inline-block lines that
are also self-collapsing.

LayoutTests:

* fast/block/inside-inlines/new-model/self-collapsing-test-expected.html: Added.
* fast/block/inside-inlines/new-model/self-collapsing-test.html: Added.
* fast/block/inside-inlines/self-collapsing-test-expected.html: Added.
* fast/block/inside-inlines/self-collapsing-test.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189594 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Styles sidebar says Media: all when it should say Media: screen
commit-queue@webkit.org [Thu, 10 Sep 2015 21:54:31 +0000 (21:54 +0000)]
Web Inspector: Styles sidebar says Media: all when it should say Media: screen
https://bugs.webkit.org/show_bug.cgi?id=148436

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2015-09-10
Reviewed by Timothy Hatcher.

Removed filter that prevented "Media: screen" from being displayed.

* UserInterface/Views/RulesStyleDetailsPanel.js:
(WebInspector.RulesStyleDetailsPanel.prototype.refresh.insertMediaOrInheritanceLabel):
(WebInspector.RulesStyleDetailsPanel.prototype.refresh.filteredMediaList): Deleted.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189593 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: WebInspectorUI does not need to be an API::Object
commit-queue@webkit.org [Thu, 10 Sep 2015 21:28:27 +0000 (21:28 +0000)]
Web Inspector: WebInspectorUI does not need to be an API::Object
https://bugs.webkit.org/show_bug.cgi?id=149045

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-10
Reviewed by Timothy Hatcher.

* Shared/API/APIObject.h:
* WebProcess/WebPage/WebInspectorUI.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189592 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, fix Windows file loading in JSC shell after r189583
utatane.tea@gmail.com [Thu, 10 Sep 2015 21:24:53 +0000 (21:24 +0000)]
Unreviewed, fix Windows file loading in JSC shell after r189583
https://bugs.webkit.org/show_bug.cgi?id=148917

Should load the script files with the binary mode.
Since these loading functions are only used for the simple test scripts,
we just use ftell / fseek now.

* jsc.cpp:
(fillBufferWithContentsOfFile):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189591 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Prefer calling ContentViewContainer.updateLayout directly
mattbaker@apple.com [Thu, 10 Sep 2015 21:13:24 +0000 (21:13 +0000)]
Web Inspector: Prefer calling ContentViewContainer.updateLayout directly
https://bugs.webkit.org/show_bug.cgi?id=149041

Reviewed by Timothy Hatcher.

Cleaned up two places where a parent view duplicated logic encapsulated by ContentViewContainer.

* UserInterface/Views/ClusterContentView.js:
(WebInspector.ClusterContentView.prototype.updateLayout):
* UserInterface/Views/TimelineRecordingContentView.js:
(WebInspector.TimelineRecordingContentView.prototype.updateLayout):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189590 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Remove unused member in WebPage
commit-queue@webkit.org [Thu, 10 Sep 2015 21:06:01 +0000 (21:06 +0000)]
Web Inspector: Remove unused member in WebPage
https://bugs.webkit.org/show_bug.cgi?id=149040

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-10
Reviewed by Brian Burg.

* WebProcess/WebPage/WebPage.cpp:
* WebProcess/WebPage/WebPage.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189589 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r189575): Appears to break ARM64 linux builds
msaboff@apple.com [Thu, 10 Sep 2015 20:50:33 +0000 (20:50 +0000)]
REGRESSION(r189575): Appears to break ARM64 linux builds
https://bugs.webkit.org/show_bug.cgi?id=149044

Reviewed by Filip Pizlo.

Changed the use of the ARM64 "fp", a register alias, to be "x29", the real register name.

* llint/LowLevelInterpreter.asm:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189588 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agosendProcessWillSuspendImminently uses a wrong message flag
dbates@webkit.org [Thu, 10 Sep 2015 20:13:52 +0000 (20:13 +0000)]
sendProcessWillSuspendImminently uses a wrong message flag
https://bugs.webkit.org/show_bug.cgi?id=148995

Reviewed by Alexey Proskuryakov.

Remove use of flag IPC::InterruptWaitingIfSyncMessageArrives as it does not make
sense when sending a sync message.

* UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::sendProcessWillSuspendImminently):
* UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::sendProcessWillSuspendImminently):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189587 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoThere should be one stub hanging off an inline cache that contains code for all of...
fpizlo@apple.com [Thu, 10 Sep 2015 19:49:36 +0000 (19:49 +0000)]
There should be one stub hanging off an inline cache that contains code for all of the cases, rather than forming a linked list consisting of one stub per case
https://bugs.webkit.org/show_bug.cgi?id=148717

Reviewed by Michael Saboff.

Source/JavaScriptCore:

This is a major rewrite of the JSC get/put/in inline caches (ICs), motivated by the need to add
fancy new kinds of inline caches for property type inference (https://webkit.org/b/148610).

Previously, our inline caches had some problems that made them difficult to work with. It was
impossible to change any code that was previously generated by the IC except by blowing the
whole IC away, the ICs scaled poorly if there were many cases, and there was a lot of duplicate
and ad hoc code.

Impossible to regenerate a previously generated stub: Say that some access (o.f = v) causes our
IC code to emit some stub; let's call it stub1. Then later we find that we need to emit a
different stub, stub2, where we think that stub2 might subsume stub1. We say that stub2
subsumes stub1 if failing to execute stub2 to completion means that we are guaranteed to fail
to execute stub1 to completion. This could happen in trunk if stub2 has the same base structure
as stub1 but different prototype conditions. It could happen with property type inference if
stub2 has a looser type check on v than stub1 did. Currently, if this happened, we would emit
stub2 and have its slow path jump to stub1. Hence, we would still end up executing the checks
of stub1 before falling through to the slow path. This gets bad when there are many stubs.
Stub1 might be in front of a bunch of other stubs, so when we add stub2, we will end up
executing both stub2's and stub1's checks before falling through to the other stubs. It would
be better if we could remove stub1 from the list at this point. But since stub1 could be linked
to from a different stub that we had already generated, we'd have to have a way of patching
stubs or regenerating them from scratch. This is currenty impossible because we just don't keep
around enough meta-data to mess with a stub after it's generated. After this change, we never
link new stubs onto a linked list of pre-existing stubs; instead each IC will have one stub
hanging off of it and we always regenerate that one stub from scratch. That one stub contains
either a BinarySwitch or a branch cascade to select one of the AccessCases. Each AccessCase is
an object that describes everything we need to regenerate it in the future. This means that
when we add a new case to an IC stub, we can figure out which previous cases this one subsumes.

Poor scalability when there are many cases: Previously, the cases of a polymorphic inline cache
formed a linked list of branches. This meant that the complexity of an inline cache grew
linearly with the number of cases. This change turns this into a BinarySwitch in most cases,
leading to logarithmic scaling.

Duplicate code between get, put, and in: The code for op_get_by_id, op_put_by_id, and op_in
inline caches grew independently and ended up having a lot of duplicate code. We had the worst
kinds of duplicate code. In some cases, the code was copy-pasted. In other cases, we wrote code
that felt like it was new despite the fact that it was logically identical to code that was
already written elsewhere. The main sources of duplication were in selecting a scratch
register, checking all of the ObjectPropertyConditions and the base structure, the pro forma
involved in generating a stub, and the data structures needed to describe all of the access
cases. This change deduplicates all of that code. Now, all of those ICs use the same classes:
the PolymorphicAccess and AccessCase. There is code in those classes that handles all of the
common things, and for the most part the only code that actually specializes for the kind of
access is in some switch statement in AccessCase::generate().

Special-casing of array length and string length: Previously, array.length and string.length
were handled in an ad hoc manner in the get_by_id repatching code. The handling was separate
from the polymorphic get_by_id handling, which meant that we could not handle polymorphic
length accesses if one of the length cases was either array or string length. For example, if
you had "o.length" where the length was either array length or a vanilla length property, then
the get_by_id inline cache would either emit a monomorphic stub for array length, or a
monomorphic stub for the vanilla length property, but never a polymorphic stub (or list) that
could do both. This change addresses this problem by folding array length and string length
into the polymorphic get_by_id code.

This was meant to be a perf-neutral change to enable property type inference, but it ended up
being a 1% Octane speed-up, mainly because of a 14% speed-up in raytrace. This isn't too
surprising, since that test does use inline caches a lot and this change makes inline caches
more scalable.

This also fixes and adds a test for a BinarySwitch bug. BinarySwitch had an optimization for
consecutive integer cases. Using it on typed array structures triggers this bug. It's a hard
bug to trigger any other way because our other switch optimizations will usually use a jump
table in case of consecutive integers.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssemblerCodeRef.h:
(JSC::MacroAssemblerCodePtr::dumpWithName):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printGetByIdCacheStatus):
(JSC::CodeBlock::printPutByIdCacheStatus):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::getByValInfoMap):
(JSC::CodeBlock::addStubInfo):
(JSC::CodeBlock::findStubInfo):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::stubInfoBegin):
(JSC::CodeBlock::stubInfoEnd):
* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
* bytecode/PolymorphicAccess.cpp: Copied from Source/JavaScriptCore/bytecode/PolymorphicGetByIdList.cpp.
(JSC::AccessGenerationState::addWatchpoint):
(JSC::AccessGenerationState::restoreScratch):
(JSC::AccessGenerationState::succeed):
(JSC::AccessCase::AccessCase):
(JSC::AccessCase::get):
(JSC::AccessCase::replace):
(JSC::AccessCase::transition):
(JSC::AccessCase::setter):
(JSC::AccessCase::in):
(JSC::AccessCase::getLength):
(JSC::AccessCase::~AccessCase):
(JSC::AccessCase::fromStructureStubInfo):
(JSC::AccessCase::clone):
(JSC::AccessCase::guardedByStructureCheck):
(JSC::AccessCase::alternateBase):
(JSC::AccessCase::canReplace):
(JSC::AccessCase::dump):
(JSC::AccessCase::visitWeak):
(JSC::AccessCase::generateWithGuard):
(JSC::AccessCase::generate):
(JSC::PolymorphicAccess::PolymorphicAccess):
(JSC::PolymorphicAccess::~PolymorphicAccess):
(JSC::PolymorphicAccess::regenerateWithCases):
(JSC::PolymorphicAccess::regenerateWithCase):
(JSC::PolymorphicAccess::visitWeak):
(JSC::PolymorphicAccess::dump):
(JSC::PolymorphicAccess::regenerate):
(WTF::printInternal):
(JSC::GetByIdAccess::GetByIdAccess): Deleted.
(JSC::GetByIdAccess::~GetByIdAccess): Deleted.
(JSC::GetByIdAccess::fromStructureStubInfo): Deleted.
(JSC::GetByIdAccess::visitWeak): Deleted.
(JSC::PolymorphicGetByIdList::PolymorphicGetByIdList): Deleted.
(JSC::PolymorphicGetByIdList::from): Deleted.
(JSC::PolymorphicGetByIdList::~PolymorphicGetByIdList): Deleted.
(JSC::PolymorphicGetByIdList::currentSlowPathTarget): Deleted.
(JSC::PolymorphicGetByIdList::addAccess): Deleted.
(JSC::PolymorphicGetByIdList::isFull): Deleted.
(JSC::PolymorphicGetByIdList::isAlmostFull): Deleted.
(JSC::PolymorphicGetByIdList::didSelfPatching): Deleted.
(JSC::PolymorphicGetByIdList::visitWeak): Deleted.
* bytecode/PolymorphicAccess.h: Copied from Source/JavaScriptCore/bytecode/PolymorphicGetByIdList.h.
(JSC::AccessCase::isGet):
(JSC::AccessCase::isPut):
(JSC::AccessCase::isIn):
(JSC::AccessCase::type):
(JSC::AccessCase::offset):
(JSC::AccessCase::viaProxy):
(JSC::AccessCase::structure):
(JSC::AccessCase::newStructure):
(JSC::AccessCase::conditionSet):
(JSC::AccessCase::additionalSet):
(JSC::AccessCase::customSlotBase):
(JSC::AccessCase::doesCalls):
(JSC::AccessCase::callLinkInfo):
(JSC::AccessCase::RareData::RareData):
(JSC::PolymorphicAccess::isEmpty):
(JSC::PolymorphicAccess::size):
(JSC::PolymorphicAccess::at):
(JSC::PolymorphicAccess::operator[]):
(JSC::GetByIdAccess::GetByIdAccess): Deleted.
(JSC::GetByIdAccess::isSet): Deleted.
(JSC::GetByIdAccess::operator!): Deleted.
(JSC::GetByIdAccess::type): Deleted.
(JSC::GetByIdAccess::structure): Deleted.
(JSC::GetByIdAccess::conditionSet): Deleted.
(JSC::GetByIdAccess::stubRoutine): Deleted.
(JSC::GetByIdAccess::doesCalls): Deleted.
(JSC::PolymorphicGetByIdList::isEmpty): Deleted.
(JSC::PolymorphicGetByIdList::size): Deleted.
(JSC::PolymorphicGetByIdList::at): Deleted.
(JSC::PolymorphicGetByIdList::operator[]): Deleted.
* bytecode/PolymorphicAccessStructureList.h: Removed.
* bytecode/PolymorphicGetByIdList.cpp: Removed.
* bytecode/PolymorphicGetByIdList.h: Removed.
* bytecode/PolymorphicPutByIdList.cpp: Removed.
* bytecode/PolymorphicPutByIdList.h: Removed.
* bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeForStubInfo):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::deref):
(JSC::StructureStubInfo::addAccessCase):
(JSC::StructureStubInfo::reset):
(JSC::StructureStubInfo::visitWeakReferences):
* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::StructureStubInfo):
(JSC::StructureStubInfo::initGetByIdSelf):
(JSC::StructureStubInfo::initPutByIdReplace):
(JSC::StructureStubInfo::initStub):
(JSC::StructureStubInfo::setSeen):
(JSC::getStructureStubInfoCodeOrigin):
(JSC::isGetByIdAccess): Deleted.
(JSC::isPutByIdAccess): Deleted.
(JSC::isInAccess): Deleted.
(JSC::StructureStubInfo::initGetByIdList): Deleted.
(JSC::StructureStubInfo::initPutByIdTransition): Deleted.
(JSC::StructureStubInfo::initPutByIdList): Deleted.
(JSC::StructureStubInfo::initInList): Deleted.
(JSC::StructureStubInfo::addWatchpoint): Deleted.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileIn):
* ftl/FTLCompile.cpp:
(JSC::FTL::mmAllocateDataSection):
* jit/AccessorCallJITStubRoutine.cpp: Removed.
* jit/AccessorCallJITStubRoutine.h: Removed.
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::branchIfEmpty):
(JSC::AssemblyHelpers::branchStructure):
(JSC::AssemblyHelpers::boxBooleanPayload):
(JSC::AssemblyHelpers::boxBoolean):
(JSC::AssemblyHelpers::boxInt32):
* jit/BinarySwitch.cpp:
(JSC::BinarySwitch::BinarySwitch):
(JSC::BinarySwitch::build):
(JSC::BinarySwitch::Case::dump):
(JSC::BinarySwitch::BranchCode::dump):
* jit/BinarySwitch.h:
(JSC::BinarySwitch::Case::operator<):
(JSC::BinarySwitch::BranchCode::BranchCode):
* jit/JIT.h:
* jit/JITInlineCacheGenerator.cpp:
(JSC::garbageStubInfo):
(JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):
* jit/JITInlineCacheGenerator.h:
(JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
(JSC::JITInlineCacheGenerator::stubInfo):
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITByIdGenerator::reportSlowPathCall):
* jit/JITOperations.cpp:
* jit/Repatch.cpp:
(JSC::repatchCall):
(JSC::repatchByIdSelfAccess):
(JSC::resetGetByIDCheckAndLoad):
(JSC::resetPutByIDCheckAndLoad):
(JSC::replaceWithJump):
(JSC::tryCacheGetByID):
(JSC::repatchGetByID):
(JSC::appropriateGenericPutByIdFunction):
(JSC::appropriateOptimizingPutByIdFunction):
(JSC::tryCachePutByID):
(JSC::repatchPutByID):
(JSC::tryRepatchIn):
(JSC::repatchIn):
(JSC::resetGetByID):
(JSC::resetPutByID):
(JSC::checkObjectPropertyCondition): Deleted.
(JSC::checkObjectPropertyConditions): Deleted.
(JSC::emitRestoreScratch): Deleted.
(JSC::linkRestoreScratch): Deleted.
(JSC::toString): Deleted.
(JSC::kindFor): Deleted.
(JSC::customFor): Deleted.
(JSC::generateByIdStub): Deleted.
(JSC::patchJumpToGetByIdStub): Deleted.
(JSC::tryBuildGetByIDList): Deleted.
(JSC::buildGetByIDList): Deleted.
(JSC::appropriateListBuildingPutByIdFunction): Deleted.
(JSC::emitPutReplaceStub): Deleted.
(JSC::emitPutTransitionStub): Deleted.
(JSC::tryBuildPutByIdList): Deleted.
(JSC::buildPutByIdList): Deleted.
* jit/ScratchRegisterAllocator.cpp:
(JSC::ScratchRegisterAllocator::lock):
(JSC::ScratchRegisterAllocator::allocateScratch):
* jit/ScratchRegisterAllocator.h:
(JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
* jsc.cpp:
(GlobalObject::finishCreation):
(functionQuit):
(functionAbort):
(functionFalse1):
(functionFalse2):
* runtime/Options.h:
* tests/stress/array-message-passing.js: Added.
(window.addEventListener):
(window.postMessage):
(window._handleEvents):
(testPassed):
(testFailed):
(classCompare):
(bufferCompare):
(viewCompare):
(typedArrayCompare):
(dataViewCompare):
(dataViewCompare2):
(dataViewCompare3):
(createBuffer):
(createTypedArray):
(createTypedArrayOverBuffer):
(new.DataView):
(testList.testList.concat.basicBufferTypes.map):
(doneTest):

Source/WTF:

Beef up dumping a bit.

* wtf/PrintStream.h:
(WTF::pointerDump):
(WTF::printInternal):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189586 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCodeBlock::codeType() doesn't need to compute anything
ggaren@apple.com [Thu, 10 Sep 2015 19:36:42 +0000 (19:36 +0000)]
CodeBlock::codeType() doesn't need to compute anything
https://bugs.webkit.org/show_bug.cgi?id=149039

Reviewed by Michael Saboff.

CodeBlock already has an m_codeType data member.

* bytecode/CodeBlock.h:
(JSC::CodeBlock::codeType):
(JSC::CodeBlock::putByIdContext):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189585 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement global variables in WebAssembly
commit-queue@webkit.org [Thu, 10 Sep 2015 19:34:40 +0000 (19:34 +0000)]
Implement global variables in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149031

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-10
Reviewed by Geoffrey Garen.

This patch implements global variables in WebAssembly. There are two
types of global variables in the current format that we use (the format
used by <https://github.com/WebAssembly/polyfill-prototype-1>): internal
global variables and imported global variables. This patch does not yet
import values for imported global variables. It will be done in a
subsequent patch.

* tests/stress/wasm-globals.js: Added.
(shouldBe):
* tests/stress/wasm/globals.wasm: Added.
* wasm/JSWASMModule.h:
(JSC::JSWASMModule::globalVariables):
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::buildSetGlobal):
(JSC::WASMFunctionCompiler::buildGetGlobal):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::parseStatement):
(JSC::WASMFunctionParser::parseSetGlobalStatement):
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseGetGlobalExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseGetGlobalExpressionF64):
* wasm/WASMFunctionParser.h:
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::buildSetGlobal):
(JSC::WASMFunctionSyntaxChecker::buildGetGlobal):
* wasm/WASMModuleParser.cpp:
(JSC::WASMModuleParser::parseGlobalSection):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189584 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoConsider long module path name case in Windows
utatane.tea@gmail.com [Thu, 10 Sep 2015 19:19:15 +0000 (19:19 +0000)]
Consider long module path name case in Windows
https://bugs.webkit.org/show_bug.cgi?id=148917

Reviewed by Alex Christensen.

The local file system module loader in the JSC shell manages the module files by the absolute path.
However, in Windows, _MAX_PATH is defined as 260. So if the path like the current working directory or the path to the module is long,
it will be truncated by the API and it fail to open the file.
In JSC tests in Apple Windows buildbot, since the current working directory is long enough, the tests failed.

This patch introduces the following 3 tweaks.

1. When retrieving the current working path, we use GetCurrentDirectoryW instead of _getcwd.
   GetCurrentDirectoryW allows the long path while _getcwd automatically truncate the result by the _MAX_PATH.

2. Before opening the module file, we prepend "\\?\" to the path. It converts the local file path to the long UNC path
   which allows longer path names.

3. Since Windows ASCII API accepts the characters in the current code page, we use the Unicode APIs like _wfopen instead.

And enable the once disabled module tests in Windows.

Since this functionality is the part of the JSC shell to run the module tests, it is now implemented in jsc.cpp.

* jsc.cpp:
(stringFromUTF):
(jscSource):
(extractDirectoryName):
(currentWorkingDirectory):
(convertShebangToJSComment):
(fillBufferWithContentsOfFile):
(fetchScriptFromLocalFileSystem):
(fetchModuleFromLocalFileSystem):
(GlobalObject::moduleLoaderFetch):
(functionRun):
(functionLoad):
(functionReadFile):
(functionCheckSyntax):
(functionLoadModule):
(runWithScripts):
(runInteractive):
* tests/modules.yaml:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189583 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoConvert arguments to WebAssembly functions to the declared types
commit-queue@webkit.org [Thu, 10 Sep 2015 19:01:47 +0000 (19:01 +0000)]
Convert arguments to WebAssembly functions to the declared types
https://bugs.webkit.org/show_bug.cgi?id=149033

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-10
Reviewed by Geoffrey Garen.

This patch checks the types of arguments to WebAssembly functions and
converts them to the declared types. This is necessary because:
- For example, if a function expects an argument of type double and we
  pass 1.0 to it, it will get a JSValue of an integer, not a double.
- We should follow asm.js's behavior for now, because we want to be able
  to test WebAssembly apps against asm.js apps. asm.js does type
  coercion on arguments by using int|0, Math.fround(float), and +double.

* jit/JITOperations.h:
* tests/stress/wasm-type-conversion.js: Added.
(shouldBe):
(two.valueOf):
* tests/stress/wasm/type-conversion.wasm: Added.
* wasm/WASMFunctionCompiler.h:
(JSC::operationConvertJSValueToInt32):
(JSC::operationConvertJSValueToDouble):
(JSC::WASMFunctionCompiler::startFunction):
(JSC::WASMFunctionCompiler::appendCallSetResult):
(JSC::WASMFunctionCompiler::callOperation):
(JSC::WASMFunctionCompiler::loadValueAndConvertToInt32):
(JSC::WASMFunctionCompiler::loadValueAndConvertToDouble):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189582 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[WebGL][GLES] bad shaders should not be linked not only for GL but also for GL ES
commit-queue@webkit.org [Thu, 10 Sep 2015 18:57:01 +0000 (18:57 +0000)]
[WebGL][GLES] bad shaders should not be linked not only for GL but also for GL ES
https://bugs.webkit.org/show_bug.cgi?id=148794

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-09-10
Reviewed by Dean Jackson.

Checking bad shaders, precision matching and varyings packing are all valid for GL ES too.

Test: webgl/1.0.2/conformance/programs/program-test.html

* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::linkProgram):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189581 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStatic variables in GraphicsContext3DOpenGLCommon should be avoided because of the...
commit-queue@webkit.org [Thu, 10 Sep 2015 18:47:56 +0000 (18:47 +0000)]
Static variables in GraphicsContext3DOpenGLCommon should be avoided because of the race condition
https://bugs.webkit.org/show_bug.cgi?id=148957

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-09-10
Reviewed by Dean Jackson.

There is no guarantee that only one thread calls GraphicsContext3D::compileShader() at a time so it would be
better to use a thread local storage variable rather than use a static variable.

No new tests. No behavioural changes.

* platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
(WebCore::getCurrentNameHashMapForShader):
(WebCore::setCurrentNameHashMapForShader):
(WebCore::nameHashForShader):
(WebCore::GraphicsContext3D::compileShader):
(WebCore::GraphicsContext3D::mappedSymbolName):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189580 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdate windows platform expected results for bug 148810.
dewei_zhu@apple.com [Thu, 10 Sep 2015 18:15:45 +0000 (18:15 +0000)]
Update windows platform expected results for bug 148810.
https://bugs.webkit.org/show_bug.cgi?id=149038

Reviewed by Alexey Proskuryakov.

* platform/win/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt: Updated.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189579 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed build fix after r189572.
joepeck@webkit.org [Thu, 10 Sep 2015 18:08:23 +0000 (18:08 +0000)]
Unreviewed build fix after r189572.

* UIProcess/WebInspectorProxy.cpp:
(WebKit::WebInspectorProxy::inspectorPageURL):
(WebKit::WebInspectorProxy::inspectorTestPageURL):
(WebKit::WebInspectorProxy::inspectorBaseURL):
Remove the const on the now static methods.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189578 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoJSInternalPromiseDeferred should inherit JSPromiseDeferred
utatane.tea@gmail.com [Thu, 10 Sep 2015 18:04:58 +0000 (18:04 +0000)]
JSInternalPromiseDeferred should inherit JSPromiseDeferred
https://bugs.webkit.org/show_bug.cgi?id=149027

Reviewed by Darin Adler.

JSInternalPromiseDeferred is constructed by using JSPromiseDeferred implementation.
So the class info of JSInternalPromiseDeferred should inherit JSPromiseDeferred.

* runtime/JSInternalPromiseDeferred.cpp:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189577 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoNode.appendChild(null) / replaceChild(null, null) / removeChild(null) / insertBefore...
cdumez@apple.com [Thu, 10 Sep 2015 18:02:15 +0000 (18:02 +0000)]
Node.appendChild(null) / replaceChild(null, null) / removeChild(null) / insertBefore(null, ref) should throw a TypeError
https://bugs.webkit.org/show_bug.cgi?id=148971
<rdar://problem/22560883>
<rdar://problem/22559225>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C tests now that more checks are passing.

* web-platform-tests/dom/interfaces-expected.txt:
* web-platform-tests/dom/nodes/Node-appendChild-expected.txt:
* web-platform-tests/dom/nodes/Node-insertBefore-expected.txt:
* web-platform-tests/dom/nodes/Node-removeChild-expected.txt:
* web-platform-tests/dom/nodes/Node-replaceChild-expected.txt:
* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Node.appendChild(null) / replaceChild(null, null) / removeChild(null)
and insertBefore(null, ref) should throw a TypeError instead of a
NotFoundError, as per the specification:
https://dom.spec.whatwg.org/#node

The parameters are not nullable so the Web IDL specification says
we should throw a TypeError in this case.

This patch moves the null-checking from ContainerNode to the methods
on Node. The null-checking is supposed to be done by the bindings code
but our generator currently does not support this so we do the null
checking as close to the bindings as possible. The bindings code is
calling the methods on Node. This also makes sure we throw a TypeError
for null-argument when the Node is not a ContainerNode. For e.g.
Text.appendChild(null) should throw a TypeError too.

The methods on ContainerNode now take references insteaad of pointer
parameters now that the null-checking is done at the call site in
Node. This lead to a lot of code update as those methods are used
a lot throughout the code base.

No new tests, already covered by pre-existing layout tests.

Source/WebKit/mac:

ContainerNode::appendChild() now takes a Ref<Node>&& parameter so we
need to update the call site.

* WebView/WebFrame.mm:
(-[WebFrame _documentFragmentWithNodesAsParagraphs:]):

Source/WebKit2:

ContainerNode::appendChild() now takes a Ref<Node>&& parameter so we
need to update the call sites.

* WebProcess/Plugins/PDF/PDFPlugin.mm:
(WebKit::PDFPlugin::PDFPlugin):
* WebProcess/Plugins/PDF/PDFPluginAnnotation.mm:
(WebKit::PDFPluginAnnotation::attach):
(WebKit::PDFPluginAnnotation::~PDFPluginAnnotation):
* WebProcess/Plugins/PDF/PDFPluginChoiceAnnotation.mm:
(WebKit::PDFPluginChoiceAnnotation::createAnnotationElement):

LayoutTests:

Update / rebaseline tests now that we throw a different exception type.

* fast/dom/Document/replaceChild-null-oldChild-expected.txt:
* fast/dom/Document/script-tests/replaceChild-null-oldChild.js:
* fast/dom/Node/fragment-mutation-expected.txt:
* fast/dom/Node/fragment-mutation.html:
* fast/dom/incompatible-operations-expected.txt:
* fast/dom/incompatible-operations.html:
* fast/dom/move-nodes-across-documents.html:
* fast/dom/processing-instruction-appendChild-exceptions-expected.txt:
* fast/dom/processing-instruction-appendChild-exceptions.xhtml:
* fast/dom/setter-type-enforcement-expected.txt:
* fast/dom/timer-clear-interval-in-handler-and-generate-error-expected.txt:
* fast/inspector-support/uncaught-dom8-exception.html:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189576 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd support for Callee-Saves registers
msaboff@apple.com [Thu, 10 Sep 2015 17:47:16 +0000 (17:47 +0000)]
Add support for Callee-Saves registers
https://bugs.webkit.org/show_bug.cgi?id=148666

Reviewed by Filip Pizlo.

We save platform callee save registers right below the call frame header,
in the location(s) starting with VirtualRegister 0.  This local space is
allocated in the bytecode compiler.  This space is the maximum space
needed for the callee registers that the LLInt and baseline JIT use,
rounded up to a stack aligned number of VirtualRegisters.
The LLInt explicitly saves and restores the registers in the macros
preserveCalleeSavesUsedByLLInt and restoreCalleeSavesUsedByLLInt.
The JITs saves and restores callee saves registers by what registers
are included in m_calleeSaveRegisters in the code block.

Added handling of callee save register restoration to exception handling.
The basic flow is when an exception is thrown or one is recognized to
have been generated in C++ code, we save the current state of all
callee save registers to VM::calleeSaveRegistersBuffer.  As we unwind
looking for the corresponding catch, we copy the callee saves from call
frames to the same VM::calleeSaveRegistersBuffer.  This is done for all
call frames on the stack up to but not including the call frame that has
the corresponding catch block.  When we process the catch, we restore
the callee save registers with the contents of VM::calleeSaveRegistersBuffer.
If there isn't a catch, then handleUncaughtException will restore callee
saves before it returns back to the calling C++.

Eliminated callee saves registers as free registers for various thunk
generators as the callee saves may not have been saved by the function
calling the thunk.

Added code to transition callee saves from one VM's format to the another
as part of OSR entry and OSR exit.

Cleaned up the static RegisterSet's including adding one for LLInt and
baseline JIT callee saves and one to be used to allocate local registers
not including the callee saves or other special registers.

Moved ftl/FTLRegisterAtOffset.{cpp,h} to jit/RegisterAtOffset.{cpp,h}.
Factored out the vector of RegisterAtOffsets in ftl/FTLUnwindInfo.{cpp,h}
into a new class in jit/RegisterAtOffsetList.{cpp,h}.
Eliminted UnwindInfo and changed UnwindInfo::parse() into a standalone
function named parseUnwindInfo.  That standalone function now returns
the callee saves RegisterAtOffsetList.  This is stored in the CodeBlock
and used instead of UnwindInfo.

Turned off register preservation thunks for outgoing calls from FTL
generated code.  THey'll be removed in a subsequent patch.

Changed specialized thinks to save and restore the contents of
tagTypeNumberRegister and tagMaskRegister as they can be called by FTL
compiled functions.  We materialize those tag registers for the thunk's
use and then restore the prior contents on function exit.

Also removed the arity check fail return thunk since it is now the
caller's responsibility to restore the stack pointer.

Removed saving of callee save registers and materialization of special
tag registers for 64 bit platforms from vmEntryToJavaScript and
vmEntryToNative.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* ftl/FTLJITCode.h:
* ftl/FTLRegisterAtOffset.cpp: Removed.
* ftl/FTLRegisterAtOffset.h: Removed.
* ftl/FTLUnwindInfo.cpp:
(JSC::FTL::parseUnwindInfo):
(JSC::FTL::UnwindInfo::UnwindInfo): Deleted.
(JSC::FTL::UnwindInfo::~UnwindInfo): Deleted.
(JSC::FTL::UnwindInfo::parse): Deleted.
(JSC::FTL::UnwindInfo::dump): Deleted.
(JSC::FTL::UnwindInfo::find): Deleted.
(JSC::FTL::UnwindInfo::indexOf): Deleted.
* ftl/FTLUnwindInfo.h:
(JSC::RegisterAtOffset::dump):
* jit/RegisterAtOffset.cpp: Added.
* jit/RegisterAtOffset.h: Added.
(JSC::RegisterAtOffset::RegisterAtOffset):
(JSC::RegisterAtOffset::operator!):
(JSC::RegisterAtOffset::reg):
(JSC::RegisterAtOffset::offset):
(JSC::RegisterAtOffset::offsetAsIndex):
(JSC::RegisterAtOffset::operator==):
(JSC::RegisterAtOffset::operator<):
(JSC::RegisterAtOffset::getReg):
* jit/RegisterAtOffsetList.cpp: Added.
(JSC::RegisterAtOffsetList::RegisterAtOffsetList):
(JSC::RegisterAtOffsetList::sort):
(JSC::RegisterAtOffsetList::dump):
(JSC::RegisterAtOffsetList::find):
(JSC::RegisterAtOffsetList::indexOf):
* jit/RegisterAtOffsetList.h: Added.
(JSC::RegisterAtOffsetList::clear):
(JSC::RegisterAtOffsetList::size):
(JSC::RegisterAtOffsetList::at):
(JSC::RegisterAtOffsetList::append):
Move and refactored use of FTLRegisterAtOffset to RegisterAtOffset.
Added RegisterAtOffset and RegisterAtOffsetList to build configurations.
Remove FTLRegisterAtOffset files.

* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::setUpCallFromFTL):
Turned off FTL register preservation thunks.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::setCalleeSaveRegisters):
(JSC::roundCalleeSaveSpaceAsVirtualRegisters):
(JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
(JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
(JSC::CodeBlock::calleeSaveRegisters):
(JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
(JSC::CodeBlock::optimizeAfterWarmUp):
(JSC::CodeBlock::numberOfDFGCompiles):
Methods to manage a set of callee save registers.  Also to allocate the appropriate
number of VirtualRegisters for callee saves.

* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::allocateCalleeSaveSpace):
* bytecompiler/BytecodeGenerator.h:
Allocate the appropriate number of VirtualRegisters for callee saves needed by LLInt or baseline JIT.

* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileSetupRegistersForEntry):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::compileExceptionHandlers):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
* interpreter/Interpreter.cpp:
(JSC::UnwindFunctor::operator()):
(JSC::UnwindFunctor::copyCalleeSavesToVMCalleeSavesBuffer):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::usedRegisters):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStackLayoutPhase.cpp:
(JSC::DFG::StackLayoutPhase::run):
* ftl/FTLCompile.cpp:
(JSC::FTL::fixFunctionBasedOnStackMaps):
(JSC::FTL::compile):
* ftl/FTLLink.cpp:
(JSC::FTL::link):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
* ftl/FTLThunks.cpp:
(JSC::FTL::osrExitGenerationThunkGenerator):
* jit/ArityCheckFailReturnThunks.cpp: Removed.
* jit/ArityCheckFailReturnThunks.h: Removed.
* jit/JIT.cpp:
(JSC::JIT::emitEnterOptimizationCheck):
(JSC::JIT::privateCompile):
(JSC::JIT::privateCompileExceptionHandlers):
* jit/JITCall32_64.cpp:
(JSC::JIT::emit_op_ret):
* jit/JITExceptions.cpp:
(JSC::genericUnwind):
* jit/JITExceptions.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_end):
(JSC::JIT::emit_op_ret):
(JSC::JIT::emit_op_throw):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_enter):
(JSC::JIT::emitSlow_op_loop_hint):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_end):
(JSC::JIT::emit_op_throw):
(JSC::JIT::emit_op_catch):
* jit/JITOperations.cpp:
* jit/Repatch.cpp:
(JSC::generateByIdStub):
* jit/ThunkGenerators.cpp:
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
(JSC::throwExceptionFromCallSlowPathGenerator):
(JSC::arityFixupGenerator):
* runtime/CommonSlowPaths.cpp:
(JSC::setupArityCheckData):
* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::arityCheckFor):
Emit code to save and restore callee save registers and materialize tagTypeNumberRegister
and tagMaskRegister.
Handle callee saves when tiering up.
Copy callee saves register contents to VM::calleeSaveRegistersBuffer at beginning of
exception processing.
Process callee save registers in frames when unwinding from an exception.
Restore callee saves register contents from VM::calleeSaveRegistersBuffer on catch.
Use appropriate register set to make sure we don't allocate a callee save register when
compiling a thunk.
Helper to populate tagTypeNumberRegister and tagMaskRegister with the appropriate
constants.
Removed arity fixup return thunks.

* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
(JSC::DFG::adjustAndJumpToTarget):
Restore callee saves from the DFG and save the appropriate ones for the baseline JIT.
Materialize the tag registers on 64 bit platforms.

* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitSaveCalleeSavesFor):
(JSC::AssemblyHelpers::emitRestoreCalleeSavesFor):
(JSC::AssemblyHelpers::emitSaveCalleeSaves):
(JSC::AssemblyHelpers::emitRestoreCalleeSaves):
(JSC::AssemblyHelpers::copyCalleeSavesToVMCalleeSavesBuffer):
(JSC::AssemblyHelpers::restoreCalleeSavesFromVMCalleeSavesBuffer):
(JSC::AssemblyHelpers::copyCalleeSavesFromFrameOrRegisterToVMCalleeSavesBuffer):
(JSC::AssemblyHelpers::emitMaterializeTagCheckRegisters):
New helpers to save and restore callee saves as well as materialize the tag registers
contents.

* jit/FPRInfo.h:
* jit/GPRInfo.h:
(JSC::GPRInfo::toRegister):
Updated to include FP callee save registers.  Added number of callee saves registers and
cleanup register aliases that collide with callee save registers.

* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emitPutByValWithCachedId):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emitPutByValWithCachedId):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
Uses new stubUnavailableRegisters register set to limit what registers are available for
temporaries.

* jit/RegisterSet.cpp:
(JSC::RegisterSet::stubUnavailableRegisters):
(JSC::RegisterSet::calleeSaveRegisters):
(JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
(JSC::RegisterSet::dfgCalleeSaveRegisters):
(JSC::RegisterSet::ftlCalleeSaveRegisters):
* jit/RegisterSet.h:
New register sets with the callee saves used by various tiers as well as one listing registers
not availble to stub code.

* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::SpecializedThunkJIT):
(JSC::SpecializedThunkJIT::loadDoubleArgument):
(JSC::SpecializedThunkJIT::returnJSValue):
(JSC::SpecializedThunkJIT::returnDouble):
(JSC::SpecializedThunkJIT::returnInt32):
(JSC::SpecializedThunkJIT::returnJSCell):
(JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
(JSC::SpecializedThunkJIT::emitSaveThenMaterializeTagRegisters):
(JSC::SpecializedThunkJIT::emitRestoreSavedTagRegisters):
(JSC::SpecializedThunkJIT::tagReturnAsInt32):
* jit/ThunkGenerators.cpp:
(JSC::nativeForGenerator):
Changed to save and restore existing tag register contents as the may contain other values.
After saving the existing values, we materialize the tag constants.

* jit/TempRegisterSet.h:
(JSC::TempRegisterSet::getFPRByIndex):
(JSC::TempRegisterSet::getFreeFPR):
(JSC::TempRegisterSet::setByIndex):
* offlineasm/arm64.rb:
* offlineasm/registers.rb:
Added methods for floating point registers to support callee save FP registers.

* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emit_op_mod):
Removed unnecessary #if CPU(X86_64) check to this 32 bit only file.

* offlineasm/x86.rb:
Fixed Windows callee saves naming.

* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
(JSC::VM::calleeSaveRegistersBufferOffset):
(JSC::VM::getAllCalleeSaveRegistersMap):
Provide a RegisterSaveMap that has all registers that might be saved.  Added a callee save buffer to be
used for OSR exit and for exception processing in a future patch.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189575 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Teach run-webkit-tests how to parse simulator runtimes when version numbers...
aestes@apple.com [Thu, 10 Sep 2015 17:30:20 +0000 (17:30 +0000)]
[iOS] Teach run-webkit-tests how to parse simulator runtimes when version numbers contain a revision
https://bugs.webkit.org/show_bug.cgi?id=149022

Reviewed by Daniel Bates.

Simulator runtime versions can contain a revision number (e.g. 8.4.1), but the regex for matching runtimes
did not account for this.

* Scripts/webkitpy/xcode/simulator.py:
(Simulator): Optionally matched a revision at the end of a runtime version number.
* Scripts/webkitpy/xcode/simulator_unittest.py: Added a test.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189573 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Make WebInspectorProxy inspectorURL path methods static
commit-queue@webkit.org [Thu, 10 Sep 2015 17:27:46 +0000 (17:27 +0000)]
Web Inspector: Make WebInspectorProxy inspectorURL path methods static
https://bugs.webkit.org/show_bug.cgi?id=149021

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-10
Reviewed by Brian Burg.

* UIProcess/WebInspectorProxy.cpp:
(WebKit::WebInspectorProxy::didRelaunchInspectorPageProcess):
(WebKit::isMainOrTestInspectorPage):
(WebKit::decidePolicyForNavigationAction):
(WebKit::WebInspectorProxy::eagerlyCreateInspectorPage):
(WebKit::WebInspectorProxy::createInspectorPage):
* UIProcess/WebInspectorProxy.h:
* UIProcess/efl/WebInspectorProxyEfl.cpp:
(WebKit::WebInspectorProxy::inspectorPageURL):
(WebKit::WebInspectorProxy::inspectorTestPageURL):
(WebKit::WebInspectorProxy::inspectorBaseURL):
* UIProcess/gtk/WebInspectorProxyGtk.cpp:
(WebKit::WebInspectorProxy::inspectorPageURL):
(WebKit::WebInspectorProxy::inspectorTestPageURL):
(WebKit::WebInspectorProxy::inspectorBaseURL):
* UIProcess/mac/WebInspectorProxyMac.mm:
(WebKit::WebInspectorProxy::inspectorPageURL):
(WebKit::WebInspectorProxy::inspectorTestPageURL):
(WebKit::WebInspectorProxy::inspectorBaseURL):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189572 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModuleProgramExecutable should provide CodeBlock to ScriptExecutable::forEachCodeBlock
utatane.tea@gmail.com [Thu, 10 Sep 2015 17:11:35 +0000 (17:11 +0000)]
ModuleProgramExecutable should provide CodeBlock to ScriptExecutable::forEachCodeBlock
https://bugs.webkit.org/show_bug.cgi?id=149028

Reviewed by Michael Saboff.

ModuleProgramExecutable should provide CodeBlock since ModuleProgramExecutable inherits
ScriptExecutable.

* bytecode/CodeBlock.h:
(JSC::ScriptExecutable::forEachCodeBlock):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189571 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Teach run-webkit-tests how to parse `simctl list` when a tvOS SDK is installed
aestes@apple.com [Thu, 10 Sep 2015 17:08:07 +0000 (17:08 +0000)]
[iOS] Teach run-webkit-tests how to parse `simctl list` when a tvOS SDK is installed
https://bugs.webkit.org/show_bug.cgi?id=149029
<rdar://problem/22432624>

Reviewed by Daniel Bates.

* Scripts/webkitpy/xcode/simulator.py:
(Simulator): Taught to parse tvOS runtimes.
* Scripts/webkitpy/xcode/simulator_unittest.py: Added tests.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189570 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMark some more W3C IDB tests as flaky.
beidson@apple.com [Thu, 10 Sep 2015 16:26:44 +0000 (16:26 +0000)]
Mark some more W3C IDB tests as flaky.
https://bugs.webkit.org/show_bug.cgi?id=148713

Reviewed by NOBODY.

* platform/wk2/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189569 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWrite a test to ensure we don't regress processing of tasks when page defers loading
dbates@webkit.org [Thu, 10 Sep 2015 15:50:58 +0000 (15:50 +0000)]
Write a test to ensure we don't regress processing of tasks when page defers loading
https://bugs.webkit.org/show_bug.cgi?id=135882
<rdar://problem/22550497>

Reviewed by Darin Adler.

Source/WebCore:

Towards adding a test for <https://bugs.webkit.org/show_bug.cgi?id=135688>, add a window.internals
function, setPageDefersLoading, to enable and disable whether the page defers loading.

Test: storage/websql/success-callback-when-page-defers-loading.html

* testing/Internals.cpp:
(WebCore::Internals::resetToConsistentState): Reset defers loading for the page to false.
(WebCore::Internals::setPageDefersLoading): Added.
* testing/Internals.h:
* testing/Internals.idl: Added IDL declaration setPageDefersLoading.

LayoutTests:

Add a test to ensure we do not regress <https://bugs.webkit.org/show_bug.cgi?id=135688>.

* storage/websql/success-callback-when-page-defers-loading-expected.txt: Added.
* storage/websql/success-callback-when-page-defers-loading.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189568 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agomin-width/height should default to auto for flexbox items
svillar@igalia.com [Thu, 10 Sep 2015 11:58:24 +0000 (11:58 +0000)]
min-width/height should default to auto for flexbox items
https://bugs.webkit.org/show_bug.cgi?id=146020

Reviewed by David Hyatt.

Based on Blink's r193665, r194062, r194887 and r195930 by <cbiesinger@chromium.org>.

Source/WebCore:

As specified here
http://dev.w3.org/csswg/css-flexbox/#min-size-auto the default
value of min-{width|height} is auto for flex items.

In case this patch breaks any website (as it's changing the
default value of those properties) the fix is likely to add:

min-width: 0;
min-height: 0;

to any relevant flexitems.

Test: css3/flexbox/min-size-auto.html

* css/CSSComputedStyleDeclaration.cpp:
(WebCore::isFlexOrGrid): New helper method to identify grids and flexs.
(WebCore::ComputedStyleExtractor::propertyValue): Return auto
for flex items if min-width/height is auto.
* css/CSSParser.cpp:
(WebCore::CSSParser::parseValue):
* html/shadow/SliderThumbElement.cpp:
* rendering/RenderBox.cpp:
(WebCore::RenderBox::constrainLogicalHeightByMinMax):
(WebCore::RenderBox::constrainContentBoxLogicalHeightByMinMax):
(WebCore::RenderBox::computeLogicalWidthInRegionUsing):
(WebCore::RenderBox::computeLogicalHeight):
(WebCore::RenderBox::computeLogicalHeightUsing):
(WebCore::RenderBox::computeContentLogicalHeight):
(WebCore::RenderBox::computeContentAndScrollbarLogicalHeightUsing):
(WebCore::RenderBox::computeReplacedLogicalWidth):
(WebCore::RenderBox::computeReplacedLogicalWidthRespectingMinMaxWidth):
(WebCore::RenderBox::computeReplacedLogicalWidthUsing):
(WebCore::RenderBox::computeReplacedLogicalHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightRespectingMinMaxHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightUsing):
(WebCore::RenderBox::availableLogicalHeightUsing):
(WebCore::RenderBox::computePositionedLogicalWidth):
(WebCore::RenderBox::computePositionedLogicalWidthUsing):
(WebCore::RenderBox::computePositionedLogicalHeight):
(WebCore::RenderBox::computePositionedLogicalHeightUsing):
* rendering/RenderBox.h:
* rendering/RenderButton.h:
* rendering/RenderFlexibleBox.cpp:
(WebCore::RenderFlexibleBox::computeMainAxisExtentForChild):
(WebCore::RenderFlexibleBox::mainAxisExtentIsDefinite):
(WebCore::RenderFlexibleBox::mainAxisLengthIsIndefinite):
(WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax):
(WebCore::RenderFlexibleBox::mainAxisOverflowForChild):
* rendering/RenderFlexibleBox.h:
(WebCore::RenderFlexibleBox::isFlexibleBoxImpl):
* rendering/RenderFullScreen.h:
* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeUsedBreadthOfSpecifiedLength):
* rendering/RenderMediaControlElements.h:
* rendering/RenderMenuList.cpp:
(WebCore::RenderMenuList::adjustInnerStyle): Do not longer set
the min-width explicitly.
* rendering/RenderMenuList.h:
* rendering/RenderMultiColumnSet.cpp:
(WebCore::RenderMultiColumnSet::calculateMaxColumnHeight):
* rendering/RenderNamedFlowFragment.cpp:
(WebCore::RenderNamedFlowFragment::maxPageLogicalHeight):
* rendering/RenderReplaced.cpp:
(WebCore::RenderReplaced::computeReplacedLogicalWidth):
(WebCore::RenderReplaced::computeReplacedLogicalHeight):
* rendering/RenderSlider.h:
* rendering/RenderTextControl.h:
* rendering/RenderTextControlSingleLine.cpp:
(WebCore::RenderTextControlSingleLine::createInnerBlockStyle): Do not longer set
the min-width explicitly.
* rendering/mathml/RenderMathMLBlock.h:
* rendering/style/RenderStyle.h:

LayoutTests:

* TestExpectations: Removed passing flexbox tests.
* css3/flexbox/csswg/flex-flow-007.html: Added min-height: 0px.
* css3/flexbox/flexbox-baseline.html: Ditto.
* css3/flexbox/min-size-auto-expected.txt: Added.
* css3/flexbox/min-size-auto.html: Added.
* css3/flexbox/preferred-widths-orthogonal.html: Added min-height: 0px.
* fast/css/auto-min-size-expected.txt: Check default computed
styles for min-width/height for flex items.
* fast/css/auto-min-size.html: Ditto.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189567 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Volume bar is broken
changseok.oh@collabora.com [Thu, 10 Sep 2015 09:10:11 +0000 (09:10 +0000)]
[GTK] Volume bar is broken
https://bugs.webkit.org/show_bug.cgi?id=145639

Reviewed by Philippe Normand.

Source/WebCore:

The ControlPart enum values' order has mismatched the one of values in CSSValueKeywords.in
after r180965. The MediaVolumeSliderPart should be prior to the MediaVolumeSliderContainerpart.

Tests: media/click-volume-bar-not-pausing.html
       media/volume-bar-empty-when-muted.html

* platform/ThemeTypes.h:

LayoutTests:

Unblock relevant tests. media/click-volume-bar-not-pausing.html, media/volume-bar-empty-when-muted.html

* platform/gtk/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189566 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove all uses of PassRefPtr in WebCore/svg
gyuyoung.kim@webkit.org [Thu, 10 Sep 2015 02:16:22 +0000 (02:16 +0000)]
Remove all uses of PassRefPtr in WebCore/svg
https://bugs.webkit.org/show_bug.cgi?id=148472

Reviewed by Darin Adler.

Clean up all uses of PassRefPtr in WebCore/svg.

* Modules/webaudio/AudioScheduledSourceNode.cpp:
(WebCore::AudioScheduledSourceNode::addEventListener):
* Modules/webaudio/AudioScheduledSourceNode.h:
* Modules/webaudio/ScriptProcessorNode.cpp:
(WebCore::ScriptProcessorNode::addEventListener):
* Modules/webaudio/ScriptProcessorNode.h:
* dom/EventListenerMap.cpp:
(WebCore::copyListenersNotCreatedFromMarkupToTarget):
* dom/EventTarget.cpp:
(WebCore::EventTarget::addEventListener):
* dom/EventTarget.h:
* dom/MessagePort.cpp:
(WebCore::MessagePort::addEventListener):
* dom/MessagePort.h:
* dom/Node.cpp:
(WebCore::tryAddEventListener):
(WebCore::Node::addEventListener):
* dom/Node.h:
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::addEventListener):
* html/HTMLMediaElement.h:
* html/ImageDocument.cpp:
(WebCore::ImageDocument::createDocumentStructure):
* html/shadow/MediaControlsApple.cpp:
(WebCore::MediaControlsApple::showClosedCaptionTrackList):
* page/DOMWindow.cpp:
(WebCore::DOMWindow::addEventListener):
* page/DOMWindow.h:
* rendering/svg/RenderSVGResourceFilter.cpp:
(WebCore::RenderSVGResourceFilter::buildPrimitives):
* svg/SVGElement.cpp:
(WebCore::SVGElement::addEventListener):
* svg/SVGElement.h:
* svg/SVGPathElement.cpp:
(WebCore::SVGPathElement::pathSegListChanged):
* svg/SVGPathUtilities.cpp:
(WebCore::appendSVGPathByteStreamFromSVGPathSeg):
* svg/SVGPathUtilities.h:
* svg/SVGTRefElement.cpp:
(WebCore::SVGTRefTargetEventListener::attach):
(WebCore::SVGTRefElement::buildPendingResource):
* svg/graphics/filters/SVGFilterBuilder.cpp:
(WebCore::SVGFilterBuilder::appendEffectToEffectReferences):
* svg/graphics/filters/SVGFilterBuilder.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189565 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoLayoutTests/imported/w3c:
dewei_zhu@apple.com [Thu, 10 Sep 2015 02:04:02 +0000 (02:04 +0000)]
LayoutTests/imported/w3c:
Document.characterSet should return "UTF-8" by default.
https://bugs.webkit.org/show_bug.cgi?id=148810
<rdar://problem/22548727>

Reviewed by Ryosuke Niwa.

Update the tests which test the default encoding of document.

* web-platform-tests/dom/interfaces-expected.txt:
* web-platform-tests/dom/nodes/DOMImplementation-createDocument-expected.txt:
* web-platform-tests/dom/nodes/Node-properties-expected.txt:
* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:
Document.characterSet should return "UTF-8" instead of null by default.
https://bugs.webkit.org/show_bug.cgi?id=148810
<rdar://problem/22548727>

Reviewed by Ryosuke Niwa.

Document encoding should default to "UTF-8" as is specified in
https://dom.spec.whatwg.org/#concept-document-encoding. This behavior
is consistent with Firefox and Chrome.

* dom/Document.cpp:
(WebCore::Document::encoding): Returns nullAtom according to declearation.
(WebCore::Document::characterSetForBindings): Returns "UTF-8" by default instead of null String.
* dom/Document.h:
(WebCore::Document::charset):
(WebCore::Document::inputEncoding): Deleted.
(WebCore::Document::characterSet): Deleted.
* dom/Document.idl:
* dom/InlineStyleSheetOwner.cpp:
(WebCore::InlineStyleSheetOwner::createSheet):
* inspector/InspectorPageAgent.cpp:
(WebCore::InspectorPageAgent::mainResourceContent):
* inspector/InspectorResourceAgent.cpp:
(WebCore::InspectorResourceAgent::didFinishLoading):
(WebCore::InspectorResourceAgent::didFailLoading):
* loader/DocumentWriter.cpp:
(WebCore::DocumentWriter::createDecoderIfNeeded):
* loader/FormSubmission.cpp:
(WebCore::encodingFromAcceptCharset):

LayoutTests:
Document.characterSet should return "UTF-8" by default.
https://bugs.webkit.org/show_bug.cgi?id=148810
<rdar://problem/22548727>

Reviewed by Ryosuke Niwa.

Update the tests which test the default encoding of document.

* dom/xhtml/level3/core/documentgetinputencoding02-expected.txt: Obsolete test.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189564 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement internal calls in WebAssembly
commit-queue@webkit.org [Thu, 10 Sep 2015 01:43:20 +0000 (01:43 +0000)]
Implement internal calls in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=148998

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-09
Reviewed by Filip Pizlo.

This patch implements internal calls to functions that return a 32-bit
integer in WebAssembly.

* tests/stress/wasm-calls.js: Added.
(shouldBe):
* tests/stress/wasm/calls.wasm: Added.
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::WASMFunctionCompiler):
(JSC::WASMFunctionCompiler::endFunction):
(JSC::WASMFunctionCompiler::buildCallInternal):
(JSC::WASMFunctionCompiler::appendExpressionList):
(JSC::WASMFunctionCompiler::emitNakedCall):
(JSC::WASMFunctionCompiler::boxArgumentsAndAdjustStackPointer):
(JSC::WASMFunctionCompiler::callAndUnboxResult):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::compile):
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseCallInternalExpressionI32):
(JSC::WASMFunctionParser::parseCallArguments):
(JSC::WASMFunctionParser::parseCallInternal):
* wasm/WASMFunctionParser.h:
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::buildCallInternal):
(JSC::WASMFunctionSyntaxChecker::appendExpressionList):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189563 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Remove dead WebInspectorProxy related code
commit-queue@webkit.org [Thu, 10 Sep 2015 01:38:34 +0000 (01:38 +0000)]
Web Inspector: Remove dead WebInspectorProxy related code
https://bugs.webkit.org/show_bug.cgi?id=149019

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-09
Reviewed by Timothy Hatcher.

* UIProcess/API/C/mac/WKInspectorPrivateMac.h:
* UIProcess/WebInspectorProxy.cpp:
* UIProcess/WebInspectorProxy.h:
* UIProcess/mac/WebInspectorProxyMac.mm:
(-[WKWebInspectorProxyObjCAdapter attachRight:]): Deleted.
(-[WKWebInspectorProxyObjCAdapter attachBottom:]): Deleted.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189562 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r189522.
cdumez@apple.com [Thu, 10 Sep 2015 00:27:32 +0000 (00:27 +0000)]
Unreviewed, rolling out r189522.
https://bugs.webkit.org/show_bug.cgi?id=149020

"Caused a ~4% Speedometer regression" (Requested by cdumez on
#webkit).

Reverted changeset:

"Function.prototype.bind: Bound functions must use the
[[Prototype]] of their target function instead of
Function.prototype"
https://bugs.webkit.org/show_bug.cgi?id=145605
http://trac.webkit.org/changeset/189522

Patch by Commit Queue <commit-queue@webkit.org> on 2015-09-09

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189561 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCSS general sibling selectors does not work without CSS JIT
benjamin@webkit.org [Wed, 9 Sep 2015 23:40:55 +0000 (23:40 +0000)]
CSS general sibling selectors does not work without CSS JIT
https://bugs.webkit.org/show_bug.cgi?id=148987
rdar://problem/22559860

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-09-09
Reviewed by Andreas Kling.

Source/WebCore:

When traversing with the indirect adjacent combinator, SelectorChecker
was not setting the style invalidation flag on the right element.

Tests: fast/css/indirect-adjacent-style-invalidation-1.html
       fast/css/indirect-adjacent-style-invalidation-2.html
       fast/css/indirect-adjacent-style-invalidation-3.html

* css/SelectorChecker.cpp:
(WebCore::SelectorChecker::matchRecursively):

LayoutTests:

There are multiple variations of the same tests to test
cases where we JIT and cases without JIT.

* fast/css/indirect-adjacent-style-invalidation-1-expected.txt: Added.
* fast/css/indirect-adjacent-style-invalidation-1.html: Added.
* fast/css/indirect-adjacent-style-invalidation-2-expected.txt: Added.
* fast/css/indirect-adjacent-style-invalidation-2.html: Added.
* fast/css/indirect-adjacent-style-invalidation-3-expected.txt: Added.
* fast/css/indirect-adjacent-style-invalidation-3.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189560 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix bit rot on bot watcher's dashboard page
ap@apple.com [Wed, 9 Sep 2015 23:31:32 +0000 (23:31 +0000)]
Fix bit rot on bot watcher's dashboard page
https://bugs.webkit.org/show_bug.cgi?id=149012

Reviewed by Tim Horton.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotIteration.js:
The code path used by the metrics page was trying to add properties to an undefined.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTestResults.js:
Silence an expection that would occur when the step has no logs. This should never
happen, but it did (perhaps buildbot was misconfigured for a while).

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189559 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Remove unused InspectorFrontendHost methods
commit-queue@webkit.org [Wed, 9 Sep 2015 23:16:26 +0000 (23:16 +0000)]
Web Inspector: Remove unused InspectorFrontendHost methods
https://bugs.webkit.org/show_bug.cgi?id=149013

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-09
Reviewed by Brian Burg.

* inspector/InspectorFrontendHost.cpp:
(WebCore::InspectorFrontendHost::canSaveAs): Deleted.
(WebCore::InspectorFrontendHost::canInspectWorkers): Deleted.
* inspector/InspectorFrontendHost.h:
* inspector/InspectorFrontendHost.idl:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189558 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoASSERTION FAILED: typesettingFeatures & (Kerning | Ligatures) in WebCore::applyFontTr...
mmaxfield@apple.com [Wed, 9 Sep 2015 22:42:50 +0000 (22:42 +0000)]
ASSERTION FAILED: typesettingFeatures & (Kerning | Ligatures) in WebCore::applyFontTransforms
https://bugs.webkit.org/show_bug.cgi?id=146194

Reviewed by Dean Jackson.

Source/WebCore:

We might trigger shaping even if the author hasn't specified kerning or ligatures.

Test: fast/text/softbank-emoji-no-ligatures-nor-kerning.html

* platform/graphics/WidthIterator.cpp:
(WebCore::isSoftBankEmoji):
(WebCore::WidthIterator::applyFontTransforms):
(WebCore::WidthIterator::advanceInternal):
(WebCore::applyFontTransforms): Deleted.
* platform/graphics/WidthIterator.h:

LayoutTests:

* fast/text/softbank-emoji-no-ligatures-nor-kerning-expected.html: Added
* fast/text/softbank-emoji-no-ligatures-nor-kerning.html: Added

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189557 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago2015-09-09 Geoffrey Garen <ggaren@apple.com>
ggaren@apple.com [Wed, 9 Sep 2015 22:26:16 +0000 (22:26 +0000)]
2015-09-09  Geoffrey Garen  <ggaren@apple.com>

        Fix the no-DFG build.

        Unreviewed.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::visitOSRExitTargets):
        (JSC::CodeBlock::stronglyVisitStrongReferences):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189556 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSetting document.title when there is no title and no head element should no nothing
cdumez@apple.com [Wed, 9 Sep 2015 22:11:44 +0000 (22:11 +0000)]
Setting document.title when there is no title and no head element should no nothing
https://bugs.webkit.org/show_bug.cgi?id=149005
<rdar://problem/22567524>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline tests now that more checks are passing.

* web-platform-tests/html/dom/documents/dom-tree-accessors/document.title-01-expected.txt:
* web-platform-tests/html/dom/documents/dom-tree-accessors/document.title-02-expected.txt:

Source/WebCore:

Setting document.title when there is no title element and no head
element should no nothing:
- https://html.spec.whatwg.org/multipage/dom.html#document.title

Firefox and Chrome comply with the specification. However, WebKit
was returning the updated title when querying document.title after
setting it.

No new tests, covered by existing tests.

* dom/Document.cpp:
(WebCore::Document::setTitle):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189555 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCodeBlocks should strongly visit their OSR exit targets
ggaren@apple.com [Wed, 9 Sep 2015 22:06:49 +0000 (22:06 +0000)]
CodeBlocks should strongly visit their OSR exit targets
https://bugs.webkit.org/show_bug.cgi?id=148988

Reviewed by Saam Barati.

CodeBlocks jump to their OSR exit targets, so we need to keep them alive
explicitly.

This is a step toward throwing away CodeBlocks, which is only safe
if we keep alive logically in-use CodeBlocks.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::visitStrongly): Added a flag to indicate if visit
strongly had been performed yet, since we are likely to revisit
the same CodeBlock many times now.

(JSC::CodeBlock::visitOSRExitTargets):
(JSC::CodeBlock::stronglyVisitStrongReferences): Do the visiting.

* bytecode/CodeBlock.h:
(JSC::CodeBlock::clearMarks):
(JSC::CodeBlockSet::mark): Added a helper function for clearing out
two flags.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189554 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago2015-09-09 Geoffrey Garen <ggaren@apple.com>
ggaren@apple.com [Wed, 9 Sep 2015 22:00:58 +0000 (22:00 +0000)]
2015-09-09  Geoffrey Garen  <ggaren@apple.com>

        Unreviewed, rolling back in r189516.
        https://bugs.webkit.org/show_bug.cgi?id=148989

        Restored changeset:

        "GC should be able to discover new strong CodeBlock references
        during marking"
        https://bugs.webkit.org/show_bug.cgi?id=148981
        http://trac.webkit.org/changeset/189516

        This patch caused infinite recursion on Windows because of a pre-existing
        logical error in the non-parallel GC configuration. Even in non-parallel
        GC, we must set the mark bit on a CodeBlock to avoid marking it twice
        (or, in the case of our crash, infinitely recursively).

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189553 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdate LayoutTestRelay xcconfig file.
ap@apple.com [Wed, 9 Sep 2015 21:35:56 +0000 (21:35 +0000)]
Update LayoutTestRelay xcconfig file.

Rubber-stamped by Dan Bernstein.

* LayoutTestRelay/Configurations/DebugRelease.xcconfig:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189552 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove an unused NSString SPI constant
andersca@apple.com [Wed, 9 Sep 2015 21:15:07 +0000 (21:15 +0000)]
Remove an unused NSString SPI constant
https://bugs.webkit.org/show_bug.cgi?id=149009

Reviewed by Dan Bernstein.

* UIProcess/API/Cocoa/WKWebView.mm:
* UIProcess/API/Cocoa/WKWebViewPrivate.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189551 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Percentage columns shouldn't include border and padding
rego@igalia.com [Wed, 9 Sep 2015 21:11:02 +0000 (21:11 +0000)]
[css-grid] Percentage columns shouldn't include border and padding
https://bugs.webkit.org/show_bug.cgi?id=148978

Reviewed by Sergio Villar Senin.

Source/WebCore:

Subtract border and padding when we're calculating the breadth of the
columns in LayoutGrid::computeUsedBreadthOfSpecifiedLength().

Added test to check the behavior for both columns and rows.

Test: fast/css-grid-layout/grid-percent-track-margin-border-padding.html

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeUsedBreadthOfSpecifiedLength):

LayoutTests:

* fast/css-grid-layout/grid-percent-track-margin-border-padding-expected.txt: Added.
* fast/css-grid-layout/grid-percent-track-margin-border-padding.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189550 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement the relational instructions for doubles in WebAssembly
commit-queue@webkit.org [Wed, 9 Sep 2015 21:01:03 +0000 (21:01 +0000)]
Implement the relational instructions for doubles in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=148999

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-09
Reviewed by Filip Pizlo.

Implements the relational instructions for doubles (float64) in
WebAssembly. Also pass the values into the test functions as Mark Lam
suggested in https://bugs.webkit.org/show_bug.cgi?id=148882#c3

* tests/stress/wasm-relational.js:
* tests/stress/wasm/relational.wasm:
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::buildRelationalF64):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseRelationalF64ExpressionI32):
* wasm/WASMFunctionParser.h:
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::buildRelationalI32):
(JSC::WASMFunctionSyntaxChecker::buildRelationalF64):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189549 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMark http/tests/css/link-css-disabled-value-with-slow-loading-sheet.html as flaky...
said@apple.com [Wed, 9 Sep 2015 20:58:44 +0000 (20:58 +0000)]
Mark http/tests/css/link-css-disabled-value-with-slow-loading-sheet.html as flaky on Windows

This test is marked as flaky on gtk and mak-wk2. It fails on Windows more
than it fails on any other platform.

* platform/win/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189548 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdated availability annotations for iOS 9 and OS X El Capitan.
mitz@apple.com [Wed, 9 Sep 2015 20:57:22 +0000 (20:57 +0000)]
Updated availability annotations for iOS 9 and OS X El Capitan.

Rubber-stamped by Anders Carlsson.

* Shared/API/Cocoa/_WKRenderingProgressEvents.h:
* UIProcess/API/Cocoa/WKError.h:
* UIProcess/API/Cocoa/WKErrorPrivate.h:
* UIProcess/API/Cocoa/WKFrameInfo.h:
* UIProcess/API/Cocoa/WKNavigationActionPrivate.h:
* UIProcess/API/Cocoa/WKNavigationDelegate.h:
* UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
* UIProcess/API/Cocoa/WKPreferencesPrivate.h:
* UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
* UIProcess/API/Cocoa/WKSecurityOrigin.h:
* UIProcess/API/Cocoa/WKUIDelegate.h:
* UIProcess/API/Cocoa/WKUIDelegatePrivate.h:
* UIProcess/API/Cocoa/WKUserContentControllerPrivate.h:
* UIProcess/API/Cocoa/WKViewPrivate.h:
* UIProcess/API/Cocoa/WKWebView.h:
* UIProcess/API/Cocoa/WKWebViewConfiguration.h:
* UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
* UIProcess/API/Cocoa/WKWebViewPrivate.h:
* UIProcess/API/Cocoa/WKWebsiteDataRecord.h:
* UIProcess/API/Cocoa/WKWebsiteDataRecordPrivate.h:
* UIProcess/API/Cocoa/WKWebsiteDataStore.h:
* UIProcess/API/Cocoa/_WKDiagnosticLoggingDelegate.h:
* UIProcess/API/Cocoa/_WKElementAction.h:
* UIProcess/API/Cocoa/_WKLayoutMode.h:
* UIProcess/API/Cocoa/_WKOverlayScrollbarStyle.h:
* UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h:
* UIProcess/API/Cocoa/_WKUserContentExtensionStore.h:
* UIProcess/API/Cocoa/_WKUserContentFilter.h:
* UIProcess/API/Cocoa/_WKWebsiteDataRecord.h:
* UIProcess/API/Cocoa/_WKWebsiteDataStore.h:
* WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInNodeHandle.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189547 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agofast/dom/rtl-scroll-to-leftmost-and-resize.html is a flaky timeout - IPC drops messages
ap@apple.com [Wed, 9 Sep 2015 20:39:32 +0000 (20:39 +0000)]
fast/dom/rtl-scroll-to-leftmost-and-resize.html is a flaky timeout - IPC drops messages
https://bugs.webkit.org/show_bug.cgi?id=148951

Reviewed by Anders Carlsson.

Source/WebKit2:

* Platform/IPC/Connection.cpp:
(IPC::Connection::waitForMessage): Don't modify m_waitingForMessage without holding
a lock. This is not part of this fix, but seems necessary for correctness.
(IPC::Connection::processIncomingMessage): Don't interrupt a wait that has already succeeded.

LayoutTests:

* platform/mac-wk2/TestExpectations: Unmark the test (it still fails per platform/mac
expectations, which is unrelated).

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189546 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agohttp/tests/xmlhttprequest/ontimeout-response-getters.html is flaky
youenn.fablet@crf.canon.fr [Wed, 9 Sep 2015 20:29:16 +0000 (20:29 +0000)]
http/tests/xmlhttprequest/ontimeout-response-getters.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=148997

Reviewed by Alexey Proskuryakov.

* http/tests/xmlhttprequest/ontimeout-response-getters.html: Augmenting http response delay to trigger XHR timeout.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189545 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDFG should have a debugging option that runs a phase that flushes all locals
saambarati1@gmail.com [Wed, 9 Sep 2015 20:18:57 +0000 (20:18 +0000)]
DFG should have a debugging option that runs a phase that flushes all locals
https://bugs.webkit.org/show_bug.cgi?id=148916

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

There is now an option to enable the DFG's new MaximalFlushInsertionPhase
phase to run. This phase ensures that we keep all locals and arguments flushed
to the stack at all places in the CFG. This phase is helpful for finding
a class of bugs where enabling this phase to run removes the bug.
This may also be useful in the development of a faster debugger
that doesn't capture all variables.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGMaximalFlushInsertionPhase.cpp: Added.
(JSC::DFG::MaximalFlushInsertionPhase::MaximalFlushInsertionPhase):
(JSC::DFG::MaximalFlushInsertionPhase::run):
(JSC::DFG::MaximalFlushInsertionPhase::treatRegularBlock):
(JSC::DFG::MaximalFlushInsertionPhase::treatRootBlock):
(JSC::DFG::MaximalFlushInsertionPhase::newVariableAccessData):
(JSC::DFG::performMaximalFlushInsertion):
* dfg/DFGMaximalFlushInsertionPhase.h: Added.
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* runtime/Options.cpp:
(JSC::recomputeDependentOptions):
* runtime/Options.h:

Tools:

* Scripts/run-jsc-stress-tests:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189544 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoVersioning.
bshafiei@apple.com [Wed, 9 Sep 2015 18:42:03 +0000 (18:42 +0000)]
Versioning.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189543 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Add layout tests for QuickLook
aestes@apple.com [Wed, 9 Sep 2015 16:56:14 +0000 (16:56 +0000)]
[iOS] Add layout tests for QuickLook
https://bugs.webkit.org/show_bug.cgi?id=148994

Reviewed by Daniel Bates.

Add tests that verify WebKit's ability to preview certain document types on iOS using QuickLook.framework.
These tests do not cover every document type supported by QuickLook, but they do cover common types like .pages,
.numbers, .key, .doc(x), .xls(x), and .ppt(x). These tests should detect regressions in WebKit's conversion code,
as well as regressions in QuickLook itself. The expected results might need to be occasionally updated if QuickLook
changes its preview markup.

These files contain text and images from webkit.org.

* TestExpectations: Skipped quicklook tests on all platforms.
* platform/ios-simulator/TestExpectations: Enabled quicklook tests on iOS.
* quicklook/excel-expected.html: Added.
* quicklook/excel-legacy-expected.html: Added.
* quicklook/excel-legacy.html: Added.
* quicklook/excel.html: Added.
* quicklook/keynote-09-expected.html: Added.
* quicklook/keynote-09.html: Added.
* quicklook/keynote-expected.html: Added.
* quicklook/keynote.html: Added.
* quicklook/numbers-09-expected.html: Added.
* quicklook/numbers-09.html: Added.
* quicklook/numbers-expected.html: Added.
* quicklook/numbers.html: Added.
* quicklook/pages-09-expected.html: Added.
* quicklook/pages-09.html: Added.
* quicklook/pages-expected.html: Added.
* quicklook/pages.html: Added.
* quicklook/powerpoint-expected.html: Added.
* quicklook/powerpoint-legacy-expected.html: Added.
* quicklook/powerpoint-legacy.html: Added.
* quicklook/powerpoint.html: Added.
* quicklook/resources/excel-expected.html: Added.
* quicklook/resources/excel-legacy-expected.html: Added.
* quicklook/resources/excel-legacy.xls: Added.
* quicklook/resources/excel.xlsx: Added.
* quicklook/resources/keynote-09-expected/index.css: Added.
* quicklook/resources/keynote-09-expected/index.html: Added.
* quicklook/resources/keynote-09-expected/index.js: Added.
* quicklook/resources/keynote-09.key: Added.
* quicklook/resources/keynote-expected.pdf: Added.
* quicklook/resources/keynote.key: Added.
* quicklook/resources/numbers-09-expected/canvas.js: Added.
* quicklook/resources/numbers-09-expected/index.html: Added.
* quicklook/resources/numbers-09-expected/navigation.css: Added.
* quicklook/resources/numbers-09-expected/navigation.html: Added.
* quicklook/resources/numbers-09-expected/sheet_1.html: Added.
* quicklook/resources/numbers-09.numbers: Added.
* quicklook/resources/numbers-expected.pdf: Added.
* quicklook/resources/numbers.numbers: Added.
* quicklook/resources/pages-09-expected/index.css: Added.
* quicklook/resources/pages-09-expected/index.html: Added.
* quicklook/resources/pages-09.pages: Added.
* quicklook/resources/pages-expected.pdf: Added.
* quicklook/resources/pages.pages: Added.
* quicklook/resources/powerpoint-expected.html: Added.
* quicklook/resources/powerpoint-legacy-expected.html: Added.
* quicklook/resources/powerpoint-legacy.ppt: Added.
* quicklook/resources/powerpoint.pptx: Added.
* quicklook/resources/webkit-icon.pdf: Added.
* quicklook/resources/webkit-icon.png: Added.
* quicklook/resources/webkit-icon.tiff: Added.
* quicklook/resources/word-expected.html: Added.
* quicklook/resources/word-legacy-expected.html: Added.
* quicklook/resources/word-legacy.doc: Added.
* quicklook/resources/word.docx: Added.
* quicklook/word-expected.html: Added.
* quicklook/word-legacy-expected.html: Added.
* quicklook/word-legacy.html: Added.
* quicklook/word.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189542 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r189536 and r189538.
commit-queue@webkit.org [Wed, 9 Sep 2015 15:43:03 +0000 (15:43 +0000)]
Unreviewed, rolling out r189536 and r189538.
https://bugs.webkit.org/show_bug.cgi?id=149002

broke tests on mac (Requested by alexchristensen on #webkit).

Reverted changesets:

"min-width/height should default to auto for flexbox items"
https://bugs.webkit.org/show_bug.cgi?id=146020
http://trac.webkit.org/changeset/189536

"[css-grid] Percentage columns shouldn't include border and
padding"
https://bugs.webkit.org/show_bug.cgi?id=148978
http://trac.webkit.org/changeset/189538

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189541 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION: Inline-block baseline is wrong when zero-width replaced child is present
hyatt@apple.com [Wed, 9 Sep 2015 14:42:44 +0000 (14:42 +0000)]
REGRESSION: Inline-block baseline is wrong when zero-width replaced child is present
https://bugs.webkit.org/show_bug.cgi?id=147452
rdar://problem/21943074

Reviewed by Myles Maxfield.

Source/WebCore:

Added new test in fast/inline-block

Treat zero width replaced elements the same as replaced elements with width. Instead of
clearing floats based off having no committed width, we instead track both committed
width and committed replaced objects. We do this with two new booleans in LineWidth
so that we know when we have uncomitted and committed replaced objects.

* rendering/line/BreakingContext.h:
(WebCore::BreakingContext::handleReplaced):
(WebCore::BreakingContext::handleText):
(WebCore::BreakingContext::canBreakAtThisPosition):
(WebCore::BreakingContext::commitAndUpdateLineBreakIfNeeded):
* rendering/line/LineWidth.cpp:
(WebCore::LineWidth::LineWidth):
(WebCore::LineWidth::commit):
(WebCore::LineWidth::applyOverhang):
* rendering/line/LineWidth.h:
(WebCore::LineWidth::committedWidth):
(WebCore::LineWidth::availableWidth):
(WebCore::LineWidth::logicalLeftOffset):
(WebCore::LineWidth::hasCommitted):
(WebCore::LineWidth::addUncommittedWidth):
(WebCore::LineWidth::addUncommittedReplacedWidth):

LayoutTests:

* fast/inline-block/baseline-with-zero-width-replaced-child-expected.html: Added.
* fast/inline-block/baseline-with-zero-width-replaced-child.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189540 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSplit mixed font GlyphPage functionality to separate class
antti@apple.com [Wed, 9 Sep 2015 12:26:08 +0000 (12:26 +0000)]
Split mixed font GlyphPage functionality to separate class
https://bugs.webkit.org/show_bug.cgi?id=148965

Reviewed by Myles Maxfield.

Currently GlyphPage class is used for both immutable single font case (in Font) and
for caching mixed font mappings (in FontCascadeFonts). It is cleaner to use separate
classed for these cases. This will also make future improvements easier.

* platform/graphics/Font.cpp:
(WebCore::Font::~Font):
(WebCore::fillGlyphPage):
(WebCore::createAndFillGlyphPage):
(WebCore::Font::glyphPage):
(WebCore::Font::glyphForCharacter):
(WebCore::Font::glyphDataForCharacter):
* platform/graphics/Font.h:
* platform/graphics/FontCascadeFonts.cpp:
(WebCore::MixedFontGlyphPage::MixedFontGlyphPage):
(WebCore::MixedFontGlyphPage::glyphDataForCharacter):
(WebCore::MixedFontGlyphPage::setGlyphDataForCharacter):
(WebCore::MixedFontGlyphPage::setGlyphDataForIndex):

    Mixed font pages are now an implementation detail of FontCascadeFonts.

(WebCore::FontCascadeFonts::GlyphPageCacheEntry::glyphDataForCharacter):
(WebCore::FontCascadeFonts::GlyphPageCacheEntry::setGlyphDataForCharacter):
(WebCore::FontCascadeFonts::GlyphPageCacheEntry::setSingleFontPage):

    Cache entry is either shared single font GlyphPage or mutable MixedFontGlyphPage.

(WebCore::FontCascadeFonts::FontCascadeFonts):
(WebCore::FontCascadeFonts::glyphDataForCharacter):
(WebCore::FontCascadeFonts::pruneSystemFallbacks):
* platform/graphics/FontCascadeFonts.h:
(WebCore::FontCascadeFonts::GlyphPageCacheEntry::isNull):
(WebCore::FontCascadeFonts::GlyphPageCacheEntry::isMixedFont):
* platform/graphics/GlyphPage.h:

    GlyphPage is now for single font mappings only.
    Use regular allocation instead of variable size tricks.
    It is always immutable after initialization (though currently a setter is still needed).

(WebCore::GlyphPage::create):
(WebCore::GlyphPage::~GlyphPage):
(WebCore::GlyphPage::count):
(WebCore::GlyphPage::indexForCharacter):
(WebCore::GlyphPage::glyphDataForCharacter):
(WebCore::GlyphPage::glyphForCharacter):
(WebCore::GlyphPage::glyphDataForIndex):
(WebCore::GlyphPage::glyphForIndex):
(WebCore::GlyphPage::setGlyphForIndex):
(WebCore::GlyphPage::font):
(WebCore::GlyphPage::GlyphPage):
(WebCore::GlyphPage::createForMixedFonts): Deleted.
(WebCore::GlyphPage::createCopyForMixedFonts): Deleted.
(WebCore::GlyphPage::createForSingleFont): Deleted.
(WebCore::GlyphPage::isImmutable): Deleted.
(WebCore::GlyphPage::setImmutable): Deleted.
(WebCore::GlyphPage::glyphAt): Deleted.
(WebCore::GlyphPage::fontForCharacter): Deleted.
(WebCore::GlyphPage::setGlyphDataForCharacter): Deleted.
(WebCore::GlyphPage::setGlyphDataForIndex): Deleted.
(WebCore::GlyphPage::hasPerGlyphFontData): Deleted.
* platform/graphics/freetype/GlyphPageTreeNodeFreeType.cpp:
(WebCore::GlyphPage::fill):
* platform/graphics/mac/GlyphPageMac.cpp:
(WebCore::GlyphPage::fill):
* platform/graphics/opentype/OpenTypeVerticalData.cpp:
(WebCore::OpenTypeVerticalData::substituteWithVerticalGlyphs):
* platform/graphics/win/GlyphPageTreeNodeCGWin.cpp:
(WebCore::GlyphPage::fill):
* platform/graphics/win/GlyphPageTreeNodeCairoWin.cpp:
(WebCore::GlyphPage::fill):
* svg/SVGFontData.cpp:
(WebCore::SVGFontData::applySVGGlyphSelection):
(WebCore::SVGFontData::fillSVGGlyphPage):
(WebCore::SVGFontData::fillBMPGlyphs):
(WebCore::SVGFontData::fillNonBMPGlyphs):
* svg/SVGFontData.h:
(WebCore::SVGFontData::verticalAdvanceY):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189539 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Percentage columns shouldn't include border and padding
rego@igalia.com [Wed, 9 Sep 2015 11:23:07 +0000 (11:23 +0000)]
[css-grid] Percentage columns shouldn't include border and padding
https://bugs.webkit.org/show_bug.cgi?id=148978

Reviewed by Sergio Villar Senin.

Source/WebCore:

Subtract border and padding when we're calculating the breadth of the
columns in LayoutGrid::computeUsedBreadthOfSpecifiedLength().

Added test to check the behavior for both columns and rows.

Test: fast/css-grid-layout/grid-percent-track-margin-border-padding.html

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeUsedBreadthOfSpecifiedLength):

LayoutTests:

* fast/css-grid-layout/grid-percent-track-margin-border-padding-expected.txt: Added.
* fast/css-grid-layout/grid-percent-track-margin-border-padding.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189538 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoHTMLTableElement.tHead / tFoot / caption should be nullable
cdumez@apple.com [Wed, 9 Sep 2015 08:49:19 +0000 (08:49 +0000)]
HTMLTableElement.tHead / tFoot / caption should be nullable
https://bugs.webkit.org/show_bug.cgi?id=148991

Reviewed by Ryosuke Niwa.

Source/WebCore:

According to the specification, HTMLTableElement.tHead / tFoot / caption
should be nullable:
https://html.spec.whatwg.org/multipage/tables.html#htmltableelement

Upon assigning null, we are supposed to remove the existing tHead / tFoot
/ caption element. However, we had a bug causing us to throw an exception
after removing the element. This is because we would try to insert a null
element and ContainerNode::insertBefore() throws when doing so.

Also, as per the specification, setting tHead / tFoot to something else
than a thead / tfoot element should throw a HierarchyRequestError:
https://html.spec.whatwg.org/multipage/tables.html#dom-table-thead
https://html.spec.whatwg.org/multipage/tables.html#dom-table-tfoot

Previously, WebKit did not check the tag and was happy inserting the
element as long as it was an HTMLTableSectionElement. This means that
you could set a tfoot by assigning table.tHead.

This patch corrects both bugs and adds test coverage for it.

Test: fast/dom/HTMLTableElement/nullable-attributes.html

* html/HTMLTableElement.cpp:
(WebCore::HTMLTableElement::setCaption):
Only call insertBefore() if newCaption is not null as insertBefore()
will throw an exception otherwise.

(WebCore::HTMLTableElement::setTHead):
- Throw a HierarchyRequestError if the HTMLTableSectionElement is not
  null or a <thead> element, as per the specification.
- Only call insertBefore() if newHead is not null as insertBefore()
  will throw an exception otherwise.

(WebCore::HTMLTableElement::setTFoot):
- Throw a HierarchyRequestError if the HTMLTableSectionElement is not
  null or a <tfoot> element, as per the specification.
- Only call insertBefore() if newFoot is not null as insertBefore()
  will throw an exception otherwise.

* html/HTMLTableElement.idl:
Use [StrictTypeChecking] for these 3 attributes so that the bindings
will throw a TypeError if the JS tries to assign a value with the
wrong type. When the implementation is called with null, we now know
this is because the JS assigned null (and not an invalid value).
This is important as assigning null is valid since those attributes
are nullable.

LayoutTests:

Add new test that covers the behavior of the following HTMLTableElement
attributes: caption / tHead / tFoot.

* fast/dom/HTMLTableElement/nullable-attributes-expected.txt: Added.
* fast/dom/HTMLTableElement/nullable-attributes.html: Added.
* fast/dom/setter-type-enforcement-expected.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189537 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agomin-width/height should default to auto for flexbox items
svillar@igalia.com [Wed, 9 Sep 2015 07:37:14 +0000 (07:37 +0000)]
min-width/height should default to auto for flexbox items
https://bugs.webkit.org/show_bug.cgi?id=146020

Reviewed by David Hyatt.

Based on Blink's r193665, r194062, r194887 and r195930 by <cbiesinger@chromium.org>.

Source/WebCore:

As specified here
http://dev.w3.org/csswg/css-flexbox/#min-size-auto the default
value of min-{width|height} is auto for flex items.

In case this patch breaks any website (as it's changing the
default value of those properties) the fix is likely to add:

min-width: 0;
min-height: 0;

to any relevant flexitems.

Test: css3/flexbox/min-size-auto.html

* css/CSSComputedStyleDeclaration.cpp:
(WebCore::isFlexOrGrid): New helper method to identify grids and flexs.
(WebCore::ComputedStyleExtractor::propertyValue): Return auto
for flex items if min-width/height is auto.
* css/CSSParser.cpp:
(WebCore::CSSParser::parseValue):
* html/shadow/SliderThumbElement.cpp:
* rendering/RenderBox.cpp:
(WebCore::RenderBox::constrainLogicalHeightByMinMax):
(WebCore::RenderBox::constrainContentBoxLogicalHeightByMinMax):
(WebCore::RenderBox::computeLogicalWidthInRegionUsing):
(WebCore::RenderBox::computeLogicalHeight):
(WebCore::RenderBox::computeLogicalHeightUsing):
(WebCore::RenderBox::computeContentLogicalHeight):
(WebCore::RenderBox::computeContentAndScrollbarLogicalHeightUsing):
(WebCore::RenderBox::computeReplacedLogicalWidth):
(WebCore::RenderBox::computeReplacedLogicalWidthRespectingMinMaxWidth):
(WebCore::RenderBox::computeReplacedLogicalWidthUsing):
(WebCore::RenderBox::computeReplacedLogicalHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightRespectingMinMaxHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightUsing):
(WebCore::RenderBox::availableLogicalHeightUsing):
(WebCore::RenderBox::computePositionedLogicalWidth):
(WebCore::RenderBox::computePositionedLogicalWidthUsing):
(WebCore::RenderBox::computePositionedLogicalHeight):
(WebCore::RenderBox::computePositionedLogicalHeightUsing):
* rendering/RenderBox.h:
* rendering/RenderButton.h:
* rendering/RenderFlexibleBox.cpp:
(WebCore::RenderFlexibleBox::computeMainAxisExtentForChild):
(WebCore::RenderFlexibleBox::mainAxisExtentIsDefinite):
(WebCore::RenderFlexibleBox::mainAxisLengthIsIndefinite):
(WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax):
(WebCore::RenderFlexibleBox::mainAxisOverflowForChild):
* rendering/RenderFlexibleBox.h:
(WebCore::RenderFlexibleBox::isFlexibleBoxImpl):
* rendering/RenderFullScreen.h:
* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeUsedBreadthOfSpecifiedLength):
* rendering/RenderMediaControlElements.h:
* rendering/RenderMenuList.cpp:
(WebCore::RenderMenuList::adjustInnerStyle): Do not longer set
the min-width explicitly.
* rendering/RenderMenuList.h:
* rendering/RenderMultiColumnSet.cpp:
(WebCore::RenderMultiColumnSet::calculateMaxColumnHeight):
* rendering/RenderNamedFlowFragment.cpp:
(WebCore::RenderNamedFlowFragment::maxPageLogicalHeight):
* rendering/RenderReplaced.cpp:
(WebCore::RenderReplaced::computeReplacedLogicalWidth):
(WebCore::RenderReplaced::computeReplacedLogicalHeight):
* rendering/RenderSlider.h:
* rendering/RenderTextControl.h:
* rendering/RenderTextControlSingleLine.cpp:
(WebCore::RenderTextControlSingleLine::createInnerBlockStyle): Do not longer set
the min-width explicitly.
* rendering/mathml/RenderMathMLBlock.h:
* rendering/style/RenderStyle.h:

LayoutTests:

* TestExpectations: Removed passing flexbox tests.
* css3/flexbox/csswg/flex-flow-007.html: Added min-height: 0px.
* css3/flexbox/flexbox-baseline.html: Ditto.
* css3/flexbox/min-size-auto-expected.txt: Added.
* css3/flexbox/min-size-auto.html: Added.
* css3/flexbox/preferred-widths-orthogonal.html: Added min-height: 0px.
* fast/css/auto-min-size-expected.txt: Check default computed
styles for min-width/height for flex items.
* fast/css/auto-min-size.html: Ditto.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189536 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r189530 and r189534.
mmaxfield@apple.com [Wed, 9 Sep 2015 07:02:28 +0000 (07:02 +0000)]
Unreviewed, rolling out r189530 and r189534.
https://bugs.webkit.org/show_bug.cgi?id=148996

Caused assertion failures on Yosemite (Requested by litherum
on #webkit).

Reverted changesets:

"[WKTR] Allow changing the WKContextConfiguration between
successive tests"
https://bugs.webkit.org/show_bug.cgi?id=148833
http://trac.webkit.org/changeset/189530

"[Cocoa] Fix the tests after r189530"
http://trac.webkit.org/changeset/189534

Patch by Commit Queue <commit-queue@webkit.org> on 2015-09-09

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189535 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Cocoa] Fix the tests after r189530
mmaxfield@apple.com [Wed, 9 Sep 2015 05:12:37 +0000 (05:12 +0000)]
[Cocoa] Fix the tests after r189530

Unreviewed.

* WebKitTestRunner/cocoa/TestControllerCocoa.mm:
(WTR::initializeWebViewConfiguration):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189534 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r189407 and r189424.
commit-queue@webkit.org [Wed, 9 Sep 2015 04:59:47 +0000 (04:59 +0000)]
Unreviewed, rolling out r189407 and r189424.
https://bugs.webkit.org/show_bug.cgi?id=148993

Broke some tests, and made others flakily time out (Requested
by ap on #webkit).

Reverted changesets:

"[WebGL] Update WebGL 1.0.3 conformance tests"
https://bugs.webkit.org/show_bug.cgi?id=148858
http://trac.webkit.org/changeset/189407

"REGRESSION (r189407): webgl/1.0.3/conformance/extensions
/webgl-draw-buffers.html"
http://trac.webkit.org/changeset/189424

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189533 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRefactor the test for the arithmetic instructions in WebAssembly
commit-queue@webkit.org [Wed, 9 Sep 2015 04:19:01 +0000 (04:19 +0000)]
Refactor the test for the arithmetic instructions in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=148983

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-08
Reviewed by Mark Lam.

Pass the values into the test functions as Mark Lam suggested in
https://bugs.webkit.org/show_bug.cgi?id=148882#c3

* tests/stress/wasm-arithmetic-int32.js: Added.
(shouldBe):
(shouldThrow):
* tests/stress/wasm-arithmetic.js: Removed.
(shouldBe): Deleted.
(shouldThrow): Deleted.
* tests/stress/wasm/arithmetic-int32.wasm: Added.
* tests/stress/wasm/arithmetic.wasm: Removed.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189532 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] reduce the amount of memory access needed for LivenessAnalysisPhase
benjamin@webkit.org [Wed, 9 Sep 2015 04:02:24 +0000 (04:02 +0000)]
[JSC] reduce the amount of memory access needed for LivenessAnalysisPhase
https://bugs.webkit.org/show_bug.cgi?id=148414

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-09-08
Reviewed by Mark Lam.

LivenessAnalysisPhase still causes a huge number of cache miss.
This patch reduces the amount of accesses needed by the HashTables.

* dfg/DFGBasicBlock.h:
* dfg/DFGLivenessAnalysisPhase.cpp:
(JSC::DFG::LivenessAnalysisPhase::run):
(JSC::DFG::LivenessAnalysisPhase::process):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189531 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[WKTR] Allow changing the WKContextConfiguration between successive tests
mmaxfield@apple.com [Wed, 9 Sep 2015 03:27:48 +0000 (03:27 +0000)]
[WKTR] Allow changing the WKContextConfiguration between successive tests
https://bugs.webkit.org/show_bug.cgi?id=148833

Reviewed by Tim Horton.

Previously, we were creating a single WKContext and it lived for the life of the entire test runner.
However, there are certain tests which require specifying options in this object. This patch makes
our existing code for recreating the test runner web view also recreate the WKContext.

As such, our options to the view are now options to the WKContextConfiguration. This patch renames the
class.

* WebKitTestRunner/ContextConfigurationOptions.h: Renamed from Tools/WebKitTestRunner/ViewOptions.h.
* WebKitTestRunner/PlatformWebView.h:
(WTR::PlatformWebView::options):
* WebKitTestRunner/TestController.cpp:
(WTR::TestController::initialize):
(WTR::TestController::generateContextConfiguration):
(WTR::TestController::generatePageConfiguration):
(WTR::TestController::createWebViewWithOptions):
(WTR::TestController::ensureViewSupportsOptionsForTest):
(WTR::updateContextConfigurationOptionsFromTestHeader):
(WTR::TestController::contextConfigurationOptionsForTest):
(WTR::TestController::platformCreateWebView):
(WTR::TestController::platformCreateOtherPage):
(WTR::updateViewOptionsFromTestHeader): Deleted.
(WTR::TestController::viewOptionsForTest): Deleted.
* WebKitTestRunner/TestController.h:
(WTR::TestController::injectedBundlePath):
(WTR::TestController::testPluginDirectory):
* WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj:
* WebKitTestRunner/cocoa/TestControllerCocoa.mm:
(WTR::TestController::platformCreateWebView):
(WTR::TestController::platformCreateOtherPage):
* WebKitTestRunner/efl/PlatformWebViewEfl.cpp:
(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::viewSupportsOptions):
* WebKitTestRunner/efl/TestControllerEfl.cpp:
(WTR::TestController::updatePlatformSpecificContextConfigurationOptionsForTest):
(WTR::TestController::updatePlatformSpecificViewOptionsForTest): Deleted.
* WebKitTestRunner/gtk/PlatformWebViewGtk.cpp:
(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::viewSupportsOptions):
* WebKitTestRunner/gtk/TestControllerGtk.cpp:
(WTR::TestController::updatePlatformSpecificContextConfigurationOptionsForTest):
(WTR::TestController::updatePlatformSpecificViewOptionsForTest): Deleted.
* WebKitTestRunner/ios/PlatformWebViewIOS.mm:
(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::viewSupportsOptions):
* WebKitTestRunner/ios/TestControllerIOS.mm:
(WTR::TestController::updatePlatformSpecificContextConfigurationOptionsForTest):
(WTR::TestController::updatePlatformSpecificViewOptionsForTest): Deleted.
* WebKitTestRunner/mac/PlatformWebViewMac.mm:
(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::viewSupportsOptions):
* WebKitTestRunner/mac/TestControllerMac.mm:
(WTR::TestController::updatePlatformSpecificContextConfigurationOptionsForTest):
(WTR::TestController::updatePlatformSpecificViewOptionsForTest): Deleted.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189530 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoProspective build fix after r189517
mmaxfield@apple.com [Wed, 9 Sep 2015 03:01:39 +0000 (03:01 +0000)]
Prospective build fix after r189517

Unreviewed.

* heap/MachineStackMarker.cpp:
(JSC::MachineThreads::Thread::captureStack):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189529 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: No need for [Custom] Implementation of some InspectorFrontendHost...
commit-queue@webkit.org [Wed, 9 Sep 2015 02:40:40 +0000 (02:40 +0000)]
Web Inspector: No need for [Custom] Implementation of some InspectorFrontendHost methods
https://bugs.webkit.org/show_bug.cgi?id=148990

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-08
Reviewed by Timothy Hatcher.

* bindings/js/JSInspectorFrontendHostCustom.cpp:
(WebCore::JSInspectorFrontendHost::platform): Deleted.
(WebCore::JSInspectorFrontendHost::port): Deleted.
* inspector/InspectorFrontendHost.cpp:
(WebCore::InspectorFrontendHost::platform):
(WebCore::InspectorFrontendHost::port):
* inspector/InspectorFrontendHost.h:
* inspector/InspectorFrontendHost.idl:
Uncustomize a few basic functions.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189528 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCrash when WebCore::SQLiteFileSystem::openDatabase is called from multiple threads
mcatanzaro@igalia.com [Wed, 9 Sep 2015 01:38:32 +0000 (01:38 +0000)]
Crash when WebCore::SQLiteFileSystem::openDatabase is called from multiple threads
https://bugs.webkit.org/show_bug.cgi?id=143245

Reviewed by Darin Adler.

sqlite3_initialize is documented to be thread-safe, and to be called automatically by the
library when needed, so applications should never need to call it directly. The problem is,
it's not thread-safe: we have documented instances of GNOME Builder, Devhelp, Epiphany, and
cinnamon-screensaver crashing when sqlite3_initialize is called simultaneously in separate
threads (usually inside sqlite3_open). So call it manually, guarded using std::call_once, to
make sure that the library is fully initialized before the first call to sqlite3_open. It's
a good idea to do this regardless, because the documentation says it could be required in
a future release of SQLite. (Though the use of std::call_once should not be needed, and is
only used to attempt to work around the crashes.)

This is a workaround for an SQLite bug that might have been fixed upstream, but the SQLite
developers are not really confident in the thread-safety of this function, and have advised
that we carry the workaround. Seems like a good idea.

* platform/sql/SQLiteDatabase.cpp:
(WebCore::SQLiteDatabase::SQLiteDatabase):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189526 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSource/JavaScriptCore:
utatane.tea@gmail.com [Wed, 9 Sep 2015 01:32:51 +0000 (01:32 +0000)]
Source/JavaScriptCore:
Unify symbolTableGet and Put in JSLexicalEnvironment and JSSymbolTableObject
https://bugs.webkit.org/show_bug.cgi?id=148783

Reviewed by Geoffrey Garen.

Unify the symbolTableGet and symbolTablePut into JSSymbolTableObject's one.
Since symbolTablePutWithAttributes in JSLexicalEnvironment is not used, we drop that function.

* runtime/JSEnvironmentRecord.h:
(JSC::JSEnvironmentRecord::isValidScopeOffset):
(JSC::JSEnvironmentRecord::variableAt):
(JSC::JSEnvironmentRecord::isValid): Deleted.
* runtime/JSGlobalLexicalEnvironment.cpp:
(JSC::JSGlobalLexicalEnvironment::put):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::put):
* runtime/JSLexicalEnvironment.cpp:
(JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
(JSC::JSLexicalEnvironment::getOwnPropertySlot):
(JSC::JSLexicalEnvironment::put):
(JSC::JSLexicalEnvironment::symbolTableGet): Deleted.
(JSC::JSLexicalEnvironment::symbolTablePut): Deleted.
(JSC::JSLexicalEnvironment::symbolTablePutWithAttributes): Deleted.
* runtime/JSLexicalEnvironment.h:
* runtime/JSModuleRecord.cpp:
(JSC::JSModuleRecord::instantiateDeclarations):
* runtime/JSSegmentedVariableObject.h:
(JSC::JSSegmentedVariableObject::isValidScopeOffset):
* runtime/JSSymbolTableObject.h:
(JSC::symbolTableGet):
(JSC::symbolTablePut):
(JSC::symbolTablePutTouchWatchpointSet):
(JSC::symbolTablePutInvalidateWatchpointSet):
(JSC::symbolTablePutWithAttributesTouchWatchpointSet):
(JSC::symbolTablePutWithAttributes): Deleted.

Source/WebCore:
Unify symbolTablePut in JSLexicalEnvironment and JSSymbolTableObject
https://bugs.webkit.org/show_bug.cgi?id=148783

Reviewed by Geoffrey Garen.

No behavior change.

* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::updateDocument):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189525 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r189516.
commit-queue@webkit.org [Wed, 9 Sep 2015 01:28:22 +0000 (01:28 +0000)]
Unreviewed, rolling out r189516.
https://bugs.webkit.org/show_bug.cgi?id=148989

broke tests on windows (Requested by alexchristensen on
#webkit).

Reverted changeset:

"GC should be able to discover new strong CodeBlock references
during marking"
https://bugs.webkit.org/show_bug.cgi?id=148981
http://trac.webkit.org/changeset/189516

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189524 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove unused DFG::dfgConvertJSValueToInt32()
commit-queue@webkit.org [Wed, 9 Sep 2015 01:03:18 +0000 (01:03 +0000)]
Remove unused DFG::dfgConvertJSValueToInt32()
https://bugs.webkit.org/show_bug.cgi?id=148986

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-08
Reviewed by Geoffrey Garen.

Remove unused DFG::dfgConvertJSValueToInt32() and also remove
DFG::JITCompiler::callOperation(D_JITOperation_EJ operation, ...) which
was introduced in Bug 69806 for dfgConvertJSValueToNumber() and is no
longer used.

* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation): Deleted.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189523 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFunction.prototype.bind: Bound functions must use the [[Prototype]] of their target...
commit-queue@webkit.org [Wed, 9 Sep 2015 01:01:06 +0000 (01:01 +0000)]
Function.prototype.bind: Bound functions must use the [[Prototype]] of their target function instead of Function.prototype
https://bugs.webkit.org/show_bug.cgi?id=145605

Patch by Matthew Hill <matthew.jh@outlook.com> on 2015-09-08
Reviewed by Geoffrey Garen.

* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::create):
* tests/es6.yaml:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189522 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Unreviewed iOS gardening.
said@apple.com [Wed, 9 Sep 2015 00:46:30 +0000 (00:46 +0000)]
[iOS] Unreviewed iOS gardening.

* platform/ios-simulator/css3/filters/backdrop: Added.
* platform/ios-simulator/css3/filters/backdrop/blur-input-bounds-expected.txt: Added.
* platform/ios-simulator/css3/font-feature-settings-preinstalled-fonts-expected.txt: Added.
* platform/ios-simulator/fast/css/named-images-expected.txt: Added.
* platform/ios-simulator/fast/forms/select-element-focus-ring-expected.txt: Added.
* platform/ios-simulator/fast/text/font-weights-expected.txt: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189521 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFixed a bad comment r189517.
mark.lam@apple.com [Wed, 9 Sep 2015 00:26:16 +0000 (00:26 +0000)]
Fixed a bad comment r189517.

Not reviewed.

* heap/MachineStackMarker.cpp:
(JSC::osRedZoneAdjustment):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189520 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, drop imported/w3c/web-platform-tests/html/semantics/embedded-content...
cdumez@apple.com [Wed, 9 Sep 2015 00:20:16 +0000 (00:20 +0000)]
Unreviewed, drop imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/location-of-the-media-resource/currentSrc.html.

This recently imported test is flaky.

* web-platform-tests/html/semantics/embedded-content/media-elements/location-of-the-media-resource/currentSrc-expected.txt: Removed.
* web-platform-tests/html/semantics/embedded-content/media-elements/location-of-the-media-resource/currentSrc.html: Removed.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189519 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoInlineCallFrames shouldn't be strongly marked by CodeBlock
ggaren@apple.com [Wed, 9 Sep 2015 00:20:12 +0000 (00:20 +0000)]
InlineCallFrames shouldn't be strongly marked by CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=146613

Reviewed by Saam Barati.

This code was vestigial an unnecessary, so I removed it.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::stronglyVisitStrongReferences):
* bytecode/InlineCallFrame.cpp:
(JSC::InlineCallFrame::calleeConstant):
(JSC::InlineCallFrame::calleeForCallFrame):
(JSC::InlineCallFrame::visitAggregate): Deleted.
* bytecode/InlineCallFrame.h:
(JSC::InlineCallFrame::specializationKind):
* bytecode/InlineCallFrameSet.cpp:
(JSC::InlineCallFrameSet::add):
(JSC::InlineCallFrameSet::visitAggregate): Deleted.
* bytecode/InlineCallFrameSet.h:
(JSC::InlineCallFrameSet::begin):
(JSC::InlineCallFrameSet::end):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189518 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoGC stack scan should include ABI red zone.
mark.lam@apple.com [Wed, 9 Sep 2015 00:19:15 +0000 (00:19 +0000)]
GC stack scan should include ABI red zone.
https://bugs.webkit.org/show_bug.cgi?id=148976

Reviewed by Geoffrey Garen and Benjamin Poulain.

Source/JavaScriptCore:

The x86_64 ABI section 3.2.2[1] and ARM64 ABI[2] both state that there is a
128 byte red zone below the stack pointer (reserved by the OS), and that
"functions may use this area for temporary data that is not needed across
function calls".

Hence, it is possible for a thread to store JSCell pointers in the red zone
area, and the conservative GC thread scanner needs to scan that area as well.

Note: the red zone should not be scanned for the GC thread itself (in
gatherFromCurrentThread()).  This because we're guaranteed that there will
be GC frames below the lowest (top of stack) frame that we need to scan.
Hence, we are guaranteed that there are no red zone areas there containing
JSObject pointers of relevance.

No test added for this issue because the issue relies on:
1. the compiler tool chain generating code that stores local variables
   containing the sole reference to a JS object (that needs to be kept
   alive) in the stack red zone, and
2. GC has to run on another thread while that red zone containing the
   JS object reference is in use.

These conditions require a race that cannot be reliably reproduced.

[1]: http://people.freebsd.org/~obrien/amd64-elf-abi.pdf
[2]: https://developer.apple.com/library/ios/documentation/Xcode/Conceptual/iPhoneOSABIReference/Articles/ARM64FunctionCallingConventions.html#//apple_ref/doc/uid/TP40013702-SW7

* heap/MachineStackMarker.cpp:
(JSC::MachineThreads::Thread::Thread):
(JSC::MachineThreads::Thread::createForCurrentThread):
(JSC::MachineThreads::Thread::freeRegisters):
(JSC::osRedZoneAdjustment):
(JSC::MachineThreads::Thread::captureStack):

Source/WTF:

* wtf/StackBounds.h:
(WTF::StackBounds::origin):
(WTF::StackBounds::end):
(WTF::StackBounds::size):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189517 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoGC should be able to discover new strong CodeBlock references during marking
ggaren@apple.com [Wed, 9 Sep 2015 00:07:51 +0000 (00:07 +0000)]
GC should be able to discover new strong CodeBlock references during marking
https://bugs.webkit.org/show_bug.cgi?id=148981

Reviewed by Mark Lam.

Previously, we required a strong reference to register itself before the
first visit to a CodeBlock. Now, we can discover a strong reference at
any time during the marking phase.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock): Remove the two strong reference state
variables from CodeBlock. Now, a strong reference immediately marks
the CodeBlock and its references at the moment of its discovery, and no
separate state is required.

(JSC::CodeBlock::visitStrongly): New helper function for establishing
a strong reference to a CodeBlock.

(JSC::CodeBlock::visitAggregate): Adopt helper function above.

(JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan): Updated
for state removal.

(JSC::CodeBlock::isKnownToBeLiveDuringGC): Ditto.

(JSC::CodeBlock::stronglyVisitWeakReferences): Be sure to record that
we have proven liveness (by virtue of marking all the references the
proof would check). This is required so that the CodeBlock knows itself
to be live, and it is also an optimization to avoid testing weak references
after we have already visited them.

* bytecode/CodeBlock.h:
(JSC::CodeBlock::clearMarks):
(JSC::CodeBlockSet::mark):
(JSC::CodeBlockSet::clearMarks): Deleted. Updated for state removal.

* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::clearCodeBlockMarks):
(JSC::DFG::Plan::checkLivenessAndVisitChildren):
* dfg/DFGPlan.h: No need to use a CodeBlockSet in order to mark anymore.

* dfg/DFGWorklist.cpp:
(JSC::DFG::Worklist::completeAllPlansForVM):
(JSC::DFG::Worklist::clearCodeBlockMarks):
(JSC::DFG::Worklist::resumeAllThreads):
(JSC::DFG::Worklist::visitWeakReferences):
(JSC::DFG::completeAllPlansForVM):
(JSC::DFG::clearCodeBlockMarks):
* dfg/DFGWorklist.h:
(JSC::DFG::worklistForIndexOrNull): No need to use a CodeBlockSet in order
to mark anymore.

* heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::clearMarksForFullCollection):
(JSC::CodeBlockSet::clearMarksForEdenCollection):
(JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
(JSC::CodeBlockSet::traceMarked):
(JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
(JSC::CodeBlockSet::dump):
* heap/CodeBlockSet.h: Keep the currently executing CodeBlocks in RefPtrs
since we can no longer rely on the m_currentlyExecuting bit to keep them
alive. (A currently executing CodeBlock may not be referenced by its
Executable because it may since have been replaced by another CodeBlock.
This is common in the cases of OSR entry and exit.)

* heap/Heap.cpp:
(JSC::Heap::markRoots):
(JSC::Heap::visitCompilerWorklistWeakReferences):
(JSC::Heap::visitWeakHandles): No need to trace the list of CodeBlocks
on the stack in the weak reference fixpoint because we no longer overload
"on the stack" to include CodeBlocks referenced by the compiler.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189516 268f45cc-cd09-0410-ab3c-d52691b4dbfc