WebKit.git
10 months agoAnalysis task page should show build request author and creation time.
dewei_zhu@apple.com [Wed, 31 Jul 2019 16:28:02 +0000 (16:28 +0000)]
Analysis task page should show build request author and creation time.
https://bugs.webkit.org/show_bug.cgi?id=200274

Reviewed by Ryosuke Niwa.

Author and creation time of a build request should be visible in analysis task page.

* public/v3/pages/analysis-task-page.js: Added UI to show build request creation time and author.
(AnalysisTaskTestGroupPane.prototype._renderCurrentTestGroup):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248045 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoFix 64-bit vs 32-bit mismatch in PersistentCoders.h
krollin@apple.com [Wed, 31 Jul 2019 16:26:57 +0000 (16:26 +0000)]
Fix 64-bit vs 32-bit mismatch in PersistentCoders.h
https://bugs.webkit.org/show_bug.cgi?id=200288
<rdar://problem/53734203>

Reviewed by Chris Dumez.

hashMapSize is declared as a uint64_t. It is passed to
HashMapType::reserveInitialCapacity, which takes an unsigned int. This
is a 32-bit value on 32-bit platforms, leading to a compile time
error. Fix his by casting hashMapSize to the expected type.

* wtf/persistence/PersistentCoders.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248044 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoFix 64-bit vs 32-bit mismatch in LogArgument
krollin@apple.com [Wed, 31 Jul 2019 16:13:33 +0000 (16:13 +0000)]
Fix 64-bit vs 32-bit mismatch in LogArgument
https://bugs.webkit.org/show_bug.cgi?id=200286
<rdar://problem/53733671>

Reviewed by Darin Adler.

LogArgument is a utility for converting scalars into strings. It has a
number of versions of a toString() method that is specialized for each
type and converts the value to a string in a manner appropriate for
that type. However, the versions of toString() for "long long" and
"unsigned long long" are actually declared to take an "long" or
"unsigned long" as a parameter. This difference leads to a 64-bit vs
32-bit build error on 32-bit systems. Fix this by specifying
correct/matching types.

* wtf/Logger.h:
(WTF::LogArgument::toString):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248043 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoElement.outerHTML is missing attribute prefixes in some cases in HTML documents
cdumez@apple.com [Wed, 31 Jul 2019 15:12:41 +0000 (15:12 +0000)]
Element.outerHTML is missing attribute prefixes in some cases in HTML documents
https://bugs.webkit.org/show_bug.cgi?id=200283

Reviewed by Ryosuke Niwa.

Source/WebCore:

When HTML serializing a prefixed element attribute, we should always serialize the
prefix as per [1]. However, our code was only serializing the well-known ones (xml,
xmlns & xlink).

[1] https://html.spec.whatwg.org/#attribute's-serialised-name

Test: fast/dom/Element/outerHTML-prefixed-attribute.html

* editing/MarkupAccumulator.cpp:
(WebCore::htmlAttributeSerialization):
(WebCore::MarkupAccumulator::xmlAttributeSerialization):
(WebCore::MarkupAccumulator::appendAttribute):
* editing/MarkupAccumulator.h:

LayoutTests:

Add layout test coverage.

* fast/dom/Element/outerHTML-prefixed-attribute-expected.txt: Added.
* fast/dom/Element/outerHTML-prefixed-attribute.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248042 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoUnreviewed WPE and GTK gardening. Adding some failure expectations as
zandobersek@gmail.com [Wed, 31 Jul 2019 14:54:08 +0000 (14:54 +0000)]
Unreviewed WPE and GTK gardening. Adding some failure expectations as
well as updating baselines for WPT tests where the behavior improved or
has just changed in the type of error(s) reported.

* platform/gtk/TestExpectations:
* platform/wpe/TestExpectations:
* platform/wpe/imported/w3c/web-platform-tests/html/semantics/interactive-elements/the-dialog-element/dialog-showModal-expected.txt:
* platform/wpe/imported/w3c/web-platform-tests/resource-timing/resource-timing-level1.sub-expected.txt: Added.
* platform/wpe/imported/w3c/web-platform-tests/service-workers/service-worker/ready.https-expected.txt: Added.
* platform/wpe/imported/w3c/web-platform-tests/service-workers/service-worker/windowclient-navigate.https-expected.txt: Added.
* platform/wpe/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/addition-per-property-expected.txt:
* platform/wpe/imported/w3c/web-platform-tests/websockets: Added.
* platform/wpe/imported/w3c/web-platform-tests/websockets/bufferedAmount-unchanged-by-sync-xhr.any.worker-expected.txt: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248041 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[GStreamer] Fix printf format warnings for 32-bit build in GST traces
commit-queue@webkit.org [Wed, 31 Jul 2019 14:47:32 +0000 (14:47 +0000)]
[GStreamer] Fix printf format warnings for 32-bit build in GST traces
https://bugs.webkit.org/show_bug.cgi?id=200299

Patch by Lo├»c Yhuel <loic.yhuel@softathome.com> on 2019-07-31
Reviewed by Xabier Rodriguez-Calvar.

* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
(WebCore::MediaPlayerPrivateGStreamerBase::handleSyncMessage): %zu for size_t
(WebCore::MediaPlayerPrivateGStreamerBase::initializationDataEncountered): Ditto
* platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
(webKitWebSrcCreate): G_GUINT64_FORMAT for uint64_t
* platform/mediastream/libwebrtc/GStreamerVideoDecoderFactory.cpp: G_GINT64_FORMAT for int64_t
* platform/mediastream/libwebrtc/GStreamerVideoEncoderFactory.cpp: Ditto

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248040 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[iOS 13] Safari crashes when closing a tab with a focused element if the unified...
wenson_hsieh@apple.com [Wed, 31 Jul 2019 14:41:16 +0000 (14:41 +0000)]
[iOS 13] Safari crashes when closing a tab with a focused element if the unified field has focus
https://bugs.webkit.org/show_bug.cgi?id=200291
<rdar://problem/53717946>

Reviewed by Megan Gardner.

Source/WebKit:

Makes -requestAutocorrectionContextWithCompletionHandler: robust in the case where the web page has been closed,
and there is no Connection object to use when waiting for a sync IPC response.

Test: AutocorrectionTests.RequestAutocorrectionContextAfterClosingPage

* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView requestAutocorrectionContextWithCompletionHandler:]):

Tools:

Add an API test to exercise the scenario of synchronously requesting the autocorrection context immediately
after closing the web view, while the web view's content view isn't the first responder.

* TestWebKitAPI/Tests/ios/AutocorrectionTestsIOS.mm:
* TestWebKitAPI/ios/UIKitSPI.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248039 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoAX: com.apple.WebKit.WebContent at com.apple.WebKit: -[WKAccessibilityWebPageObject...
cfleizach@apple.com [Wed, 31 Jul 2019 14:38:42 +0000 (14:38 +0000)]
AX: com.apple.WebKit.WebContent at com.apple.WebKit: -[WKAccessibilityWebPageObject accessibilityParameterizedAttributeNames]
https://bugs.webkit.org/show_bug.cgi?id=200277
<rdar://problem/49475009>

Reviewed by Per Arne Vollan.

Verify Page is available before calling into it.

* WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.mm:
(-[WKAccessibilityWebPageObject ALLOW_DEPRECATED_IMPLEMENTATIONS_END]):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248038 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoAX: Re-enable accessibility/set-selected-text-range-after-newline.html test.
commit-queue@webkit.org [Wed, 31 Jul 2019 14:36:06 +0000 (14:36 +0000)]
AX: Re-enable accessibility/set-selected-text-range-after-newline.html test.
https://bugs.webkit.org/show_bug.cgi?id=199431
<rdar://problem/52563340>

Patch by Andres Gonzalez <andresg_22@apple.com> on 2019-07-31
Reviewed by Chris Fleizach.

Source/WebCore:

- Re-enabled LayoutTests/accessibility/set-selected-text-range-after-newline.html.
- Put back workaround in visiblePositionForIndexUsingCharacterIterator
that is needed for several accessibility issues.
- This workaround was rolled back because it was thought the cause of:
https://bugs.webkit.org/show_bug.cgi?id=199434
It turned out that the actual cause of that hang was unrelated and was
fixed in:
https://bugs.webkit.org/show_bug.cgi?id=199845

* editing/Editing.cpp:
(WebCore::visiblePositionForIndexUsingCharacterIterator):

LayoutTests:

* TestExpectations:
* accessibility/ios-simulator/set-selected-text-range-after-newline.html: Removed because it was the same as the one in the parent accessibility directory, so enabling it for iOS in ios-wk2/TestExpectations.
* platform/ios-wk2/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248037 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoUnreviewed GTK gardening. Update expectations after r248033.
carlosgc@webkit.org [Wed, 31 Jul 2019 13:22:45 +0000 (13:22 +0000)]
Unreviewed GTK gardening. Update expectations after r248033.

* platform/gtk/TestExpectations:
* platform/gtk/fast/forms/datalist/datalist-searchinput-appearance-expected.png: Added.
* platform/gtk/fast/forms/datalist/datalist-searchinput-appearance-expected.txt: Added.
* platform/gtk/fast/forms/datalist/datalist-textinput-appearance-expected.png: Added.
* platform/gtk/fast/forms/datalist/datalist-textinput-appearance-expected.txt: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248036 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoUnreviewed WPE gardening. Rebaselining the straightforward cases.
zandobersek@gmail.com [Wed, 31 Jul 2019 13:08:28 +0000 (13:08 +0000)]
Unreviewed WPE gardening. Rebaselining the straightforward cases.

* platform/wpe/css3/flexbox/flexbox-baseline-margins-expected.txt:
* platform/wpe/fast/dom/Window/window-properties-geolocation-expected.txt:
* platform/wpe/fast/xsl/sort-locale-expected.txt:
* platform/wpe/http/tests/dom/same-origin-detached-window-properties-expected.txt:
* platform/wpe/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args-expected.txt:
* platform/wpe/imported/w3c/web-platform-tests/fetch/api/basic/request-headers-case.any-expected.txt:
* platform/wpe/imported/w3c/web-platform-tests/fetch/api/basic/request-headers-case.any.worker-expected.txt:
* platform/wpe/imported/w3c/web-platform-tests/service-workers/service-worker/websocket-in-service-worker.https-expected.txt:
* platform/wpe/js/dom/dom-static-property-for-in-iteration-expected.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248035 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoWeb Inspector: Second call to setAttributeNS creates non-prefixed attribute
drousso@apple.com [Wed, 31 Jul 2019 08:53:39 +0000 (08:53 +0000)]
Web Inspector: Second call to setAttributeNS creates non-prefixed attribute
https://bugs.webkit.org/show_bug.cgi?id=200230
<rdar://problem/53712672>

Reviewed by Joseph Pecoraro.

Source/WebCore:

Original patch by Chris Dumez <cdumez@apple.com>.

Test: inspector/dom/attributeModified.html

* dom/Element.cpp:
(WebCore::Element::didAddAttribute):
(WebCore::Element::didModifyAttribute):
(WebCore::Element::didRemoveAttribute):
Use the fully qualified name, not just the local name, when notifying the inspector frontend
about changes to attributes.

LayoutTests:

* inspector/dom/attributeModified.html: Added.
* inspector/dom/attributeModified-expected.txt: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248034 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[GTK] Datalist element support for TextFieldInputType
carlosgc@webkit.org [Wed, 31 Jul 2019 08:02:09 +0000 (08:02 +0000)]
[GTK] Datalist element support for TextFieldInputType
https://bugs.webkit.org/show_bug.cgi?id=98934

Reviewed by Michael Catanzaro.

.:

Enable DATALIST_ELEMENT.

* Source/cmake/OptionsGTK.cmake:

Source/WebCore:

Add support for rendering the arrow indicator of text fields having data list.

* rendering/RenderThemeGtk.cpp:
(WebCore::RenderThemeGtk::paintTextField):
(WebCore::RenderThemeGtk::adjustListButtonStyle const):
(WebCore::RenderThemeGtk::paintListButtonForInput):
(WebCore::RenderThemeGtk::adjustSearchFieldStyle const):
* rendering/RenderThemeGtk.h:

Source/WebKit:

Add a WebDataListSuggestionsDropdown implementation for the GTK port using a popup window with a tree view list.

* Sources.txt:
* SourcesGTK.txt:
* UIProcess/API/gtk/PageClientImpl.cpp:
(WebKit::PageClientImpl::createDataListSuggestionsDropdown):
* UIProcess/API/gtk/PageClientImpl.h:
* UIProcess/gtk/WebDataListSuggestionsDropdownGtk.cpp: Added.
(WebKit::firstTimeItemSelectedCallback):
(WebKit::WebDataListSuggestionsDropdownGtk::WebDataListSuggestionsDropdownGtk):
(WebKit::WebDataListSuggestionsDropdownGtk::~WebDataListSuggestionsDropdownGtk):
(WebKit::WebDataListSuggestionsDropdownGtk::treeViewRowActivatedCallback):
(WebKit::WebDataListSuggestionsDropdownGtk::didSelectOption):
(WebKit::WebDataListSuggestionsDropdownGtk::show):
(WebKit::WebDataListSuggestionsDropdownGtk::handleKeydownWithIdentifier):
(WebKit::WebDataListSuggestionsDropdownGtk::close):
* UIProcess/gtk/WebDataListSuggestionsDropdownGtk.h: Copied from Tools/WebKitTestRunner/gtk/UIScriptControllerGtk.h.

Tools:

Implement UIScriptControllerGtk::isShowingDataListSuggestions.

* WebKitTestRunner/gtk/UIScriptControllerGtk.cpp:
(WTR::UIScriptControllerGtk::isShowingDataListSuggestions const):
* WebKitTestRunner/gtk/UIScriptControllerGtk.h:

LayoutTests:

Unskip datalist tests for GTK port.

* platform/gtk/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248033 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoRemove WebKit2 Makefile guards for pre-Snow Leopard macOS
timothy_horton@apple.com [Wed, 31 Jul 2019 07:37:47 +0000 (07:37 +0000)]
Remove WebKit2 Makefile guards for pre-Snow Leopard macOS
https://bugs.webkit.org/show_bug.cgi?id=200294

Reviewed by Dan Bernstein.

* Makefile:
It seems ... unlikely ... that anyone is trying to build
trunk WebKit for Leopard or prior.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248032 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoUnreviewed WPE gardening.
zandobersek@gmail.com [Wed, 31 Jul 2019 07:07:28 +0000 (07:07 +0000)]
Unreviewed WPE gardening.

* platform/wpe/TestExpectations:
Skip tests invoking the UIScriptController interface for which WPE
doesn't yet provide an implementation, resulting in crashes.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248031 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoRemove some needless comments that snuck into the tree
timothy_horton@apple.com [Wed, 31 Jul 2019 05:18:12 +0000 (05:18 +0000)]
Remove some needless comments that snuck into the tree

* TestRunnerShared/UIScriptContext/UIScriptController.h:
(WTR::UIScriptController::setHardwareKeyboardAttached):
(WTR::UIScriptController::playBackEventStream):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248030 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[WebKit] Add PageLoadState::Observer C API
Hironori.Fujii@sony.com [Wed, 31 Jul 2019 05:13:18 +0000 (05:13 +0000)]
[WebKit] Add PageLoadState::Observer C API
https://bugs.webkit.org/show_bug.cgi?id=199848

Reviewed by Alex Christensen.

Source/WebKit:

There is no WebKit C API to get the timing of title changed since
WKPageLoaderClientV0::didReceiveTitleForFrame has been removed in
r235398. Cocoa and glib WebKit API exist.

* PlatformWin.cmake:
* UIProcess/API/C/WKPage.cpp:
(WKPageSetPageStateClient):
* UIProcess/API/C/WKPage.h: Added WKPageSetPageStateClient.
* UIProcess/API/C/WKPageStateClient.h: Added.
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::setPageLoadStateObserver):
* UIProcess/WebPageProxy.h:
* WebKit.xcodeproj/project.pbxproj:

Tools:

* MiniBrowser/win/WebKitBrowserWindow.cpp:
(WebKitBrowserWindow::WebKitBrowserWindow):
(WebKitBrowserWindow::didChangeTitle):
(WebKitBrowserWindow::didFinishNavigation): Deleted.
* MiniBrowser/win/WebKitBrowserWindow.h:
* TestWebKitAPI/CMakeLists.txt:
* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit/PageLoadState.cpp: Added.
(TestWebKitAPI::PageLoadTestState::PageLoadTestState):
(TestWebKitAPI::didChangeActiveURL):
(TestWebKitAPI::didChangeCanGoBack):
(TestWebKitAPI::didChangeCanGoForward):
(TestWebKitAPI::didChangeCertificateInfo):
(TestWebKitAPI::didChangeEstimatedProgress):
(TestWebKitAPI::didChangeHasOnlySecureContent):
(TestWebKitAPI::didChangeIsLoading):
(TestWebKitAPI::didChangeNetworkRequestsInProgress):
(TestWebKitAPI::didChangeTitle):
(TestWebKitAPI::didChangeWebProcessIsResponsive):
(TestWebKitAPI::didSwapWebProcesses):
(TestWebKitAPI::willChangeActiveURL):
(TestWebKitAPI::willChangeCanGoBack):
(TestWebKitAPI::willChangeCanGoForward):
(TestWebKitAPI::willChangeCertificateInfo):
(TestWebKitAPI::willChangeEstimatedProgress):
(TestWebKitAPI::willChangeHasOnlySecureContent):
(TestWebKitAPI::willChangeIsLoading):
(TestWebKitAPI::willChangeNetworkRequestsInProgress):
(TestWebKitAPI::willChangeTitle):
(TestWebKitAPI::willChangeWebProcessIsResponsive):
(TestWebKitAPI::didFinishNavigation):
(TestWebKitAPI::TEST):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248029 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoASSERTion failure under takeSnapshot after r247846
timothy_horton@apple.com [Wed, 31 Jul 2019 05:01:42 +0000 (05:01 +0000)]
ASSERTion failure under takeSnapshot after r247846

* page/TextIndicator.cpp:
(WebCore::takeSnapshots):
We now sometimes inflate the scale factor; allow this.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248028 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[JSC] Emit write barrier after storing instead of before storing
ysuzuki@apple.com [Wed, 31 Jul 2019 01:35:40 +0000 (01:35 +0000)]
[JSC] Emit write barrier after storing instead of before storing
https://bugs.webkit.org/show_bug.cgi?id=200193

Reviewed by Saam Barati.

I reviewed tricky GC-related code including visitChildren and manual writeBarrier, and I found that we have several problems with write-barriers.

1. Some write-barriers are emitted before stores happen

    Some code like LazyProperty emits write-barrier before we store the value. This is wrong since JSC has concurrent collector. Let's consider the situation like this.

        1. Cell "A" is not marked yet
        2. Write-barrier is emitted onto "A"
        3. Concurrent collector scans "A"
        4. Store to "A"'s field happens
        5. (4)'s field is not rescaned

    We should emit write-barrier after stores. This patch places write-barriers after stores happen.

2. Should emit write-barrier after the stored fields are reachable from the owner.

    We have code that is logically the same to the following.

        ```
        auto data = std::make_unique<XXX>();
        data->m_field.set(vm, owner, value);

        storeStoreBarrier();
        owner->m_data = WTFMove(data);
        ```

    This is not correct. When write-barrier is emitted, the owner cannot reach to the field that is stored.
    The actual example is AccessCase. We are emitting write-barriers with owner when creating AccessCase, but this is not
    effective until this AccessCase is chained to StructureStubInfo, which is reachable from CodeBlock.

    I don't think this is actually an issue because currently AccessCase generation is guarded by CodeBlock->m_lock. And CodeBlock::visitChildren takes this lock.
    But emitting a write-barrier at the right place is still better. This patch places write-barriers when StructureStubInfo::addAccessCase is called.

Speculative GC fix, it was hard to reproduce the crash since we need to control concurrent collector and main thread's scheduling in an instruction-level.

* bytecode/BytecodeList.rb:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::addAccessCase):
* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::considerCaching):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
* jit/JITOperations.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::setupGetByIdPrototypeCache):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/LazyPropertyInlines.h:
(JSC::ElementType>::setMayBeNull):
* runtime/RegExpCachedResult.h:
(JSC::RegExpCachedResult::record):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248027 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[JSC] Make StructureChain less-tricky by using Auxiliary Buffer
ysuzuki@apple.com [Wed, 31 Jul 2019 01:22:20 +0000 (01:22 +0000)]
[JSC] Make StructureChain less-tricky by using Auxiliary Buffer
https://bugs.webkit.org/show_bug.cgi?id=200192

Reviewed by Saam Barati.

JSTests:

* stress/structure-chain-stress.js: Added.
(keys):

Source/JavaScriptCore:

StructureChain has a bit tricky write barrier / mutator fence to use UniqueArray for its underlying storage.
But, since the size of StructureChain is fixed at initialization, we should allocate an underlying storage from auxiliary memory and
set it in its constructor instead of finishCreation. We can store values in the finishCreation so that we do not need to have
a hacky write-barrier and mutator fence. Furthermore, we can make StructureChain non-destructible.

This patch leverages auxiliary buffer for the implementation of StructureChain. And it also adds a test that stresses StructureChain creation.

* runtime/StructureChain.cpp:
(JSC::StructureChain::StructureChain):
(JSC::StructureChain::create):
(JSC::StructureChain::finishCreation):
(JSC::StructureChain::visitChildren):
(JSC::StructureChain::destroy): Deleted.
* runtime/StructureChain.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248026 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[WHLSL] Add a fast path for TypeNamer::insert where we've already seen the type
sbarati@apple.com [Wed, 31 Jul 2019 00:31:43 +0000 (00:31 +0000)]
[WHLSL] Add a fast path for TypeNamer::insert where we've already seen the type
https://bugs.webkit.org/show_bug.cgi?id=200284

Reviewed by Myles C. Maxfield.

This is a ~27% speedup in the WHLSL::prepare for the compute_boids test.
This optimization makes sense since my previous patch to make UnnamedType
ref counted was also a huge speedup. So the TypeNamer is seeing many
UnnamedTypes which are the same pointer value. On compute_boids, this
makes generateMetalCode ~40ms faster.

* Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.cpp:
(WebCore::WHLSL::Metal::TypeNamer::insert):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248025 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoWorkerGlobalScope::wrapCryptoKey/unwrapCryptoKey should use local heap objects for...
rniwa@webkit.org [Tue, 30 Jul 2019 23:52:55 +0000 (23:52 +0000)]
WorkerGlobalScope::wrapCryptoKey/unwrapCryptoKey should use local heap objects for replies
https://bugs.webkit.org/show_bug.cgi?id=200179
<rdar://problem/52334658>

Reviewed by Brent Fulgham.

Based on the patch by Jiewen Tan.

WorkerGlobalScope::wrapCryptoKey and WorkerGlobalScope::unwrapCryptoKey had a bug that they could exit
the function before the main thread had finished writing to the result vector passed in to these functions
when the worker's runloop receives MessageQueueTerminated before the main thread finishes writing.

Fixed the bug by creating a new temporary Vector inside a ThreadSafeRefCounted object shared between
the main thread and the worker thread, which extends the lifetime of the Vector until when the worker thread
receives the result or when the main thread finishes writing to the Vector, whichever happens last.

Unfortunately no new tests since there is no reproducible test case, and this crash is highly racy.

* workers/WorkerGlobalScope.cpp:
(WebCore::CryptoBufferContainer): Added.
(WebCore::CryptoBufferContainer::create): Added.
(WebCore::CryptoBufferContainer::buffer): Added.
(WebCore::WorkerGlobalScope::wrapCryptoKey):
(WebCore::WorkerGlobalScope::unwrapCryptoKey):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248024 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[WHLSL] Checker sets wrong type for property access instruction with an ander
sbarati@apple.com [Tue, 30 Jul 2019 23:42:30 +0000 (23:42 +0000)]
[WHLSL] Checker sets wrong type for property access instruction with an ander
https://bugs.webkit.org/show_bug.cgi?id=200282

Reviewed by Myles C. Maxfield.

Source/WebCore:

We were assigning resulting type based on the base value instead of the ander
of the base value. For example, consider:
```
struct Point { float x; float y; }
compute main(device Point[] buffer) { buffer[0]; }
```

The local variable "buffer" is in the "thread" address space. So we would end up
trying to use the thread address space for "buffer[0]". This caused us to
generate invalid Metal code because we would call a "thread" ander with a
"device" pointer. The fix is to use the "device" address space, which is
the type of the ander we were already setting on this property access instruction.

Test: webgpu/whlsl/device-proper-type-checker.html

* Modules/webgpu/WHLSL/WHLSLChecker.cpp:
(WebCore::WHLSL::Checker::finishVisiting):

LayoutTests:

* webgpu/whlsl/device-proper-type-checker-expected.txt: Added.
* webgpu/whlsl/device-proper-type-checker.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248022 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[WHLSL] Make ASTDumper dump types and address spaces
sbarati@apple.com [Tue, 30 Jul 2019 23:41:04 +0000 (23:41 +0000)]
[WHLSL] Make ASTDumper dump types and address spaces
https://bugs.webkit.org/show_bug.cgi?id=200281

Reviewed by Robin Morisset.

This makes it much easier to gain insight into what type resolution
the checker does. I used this logging to debug https://bugs.webkit.org/show_bug.cgi?id=200282

* Modules/webgpu/WHLSL/AST/WHLSLAddressSpace.h:
(WebCore::WHLSL::AST::TypeAnnotation::isAbstractLeftValue const):
* Modules/webgpu/WHLSL/AST/WHLSLArrayReferenceType.h:
* Modules/webgpu/WHLSL/AST/WHLSLArrayType.h:
* Modules/webgpu/WHLSL/AST/WHLSLPointerType.h:
* Modules/webgpu/WHLSL/AST/WHLSLTypeReference.h:
* Modules/webgpu/WHLSL/AST/WHLSLUnnamedType.h:
* Modules/webgpu/WHLSL/WHLSLASTDumper.cpp:
(WebCore::WHLSL::ASTDumper::visit):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248021 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[FTW] Refactor Direct2D code to follow Cairo's model to support modern WebKit
bfulgham@apple.com [Tue, 30 Jul 2019 22:36:14 +0000 (22:36 +0000)]
[FTW] Refactor Direct2D code to follow Cairo's model to support modern WebKit
https://bugs.webkit.org/show_bug.cgi?id=200270

Reviewed by Dean Jackson.

Refactor the Direct2D code in WebCore so that the core routines can be shared
between GraphicsContext and GraphicsContextImpl. Implement PlatformContext,
BackingStoreBackend, and GraphicsContextImpl for the Direct2D engine.

This patch effectively just moves code around.

* PlatformFTW.cmake:
* platform/graphics/GraphicsContext.h:
* platform/graphics/GraphicsContextImpl.h:
* platform/graphics/ImageSource.cpp:
* platform/graphics/Pattern.h:
* platform/graphics/displaylists/DisplayListRecorder.cpp:
* platform/graphics/displaylists/DisplayListRecorder.h:
* platform/graphics/win/BackingStoreBackendDirect2D.h: Added.
* platform/graphics/win/BackingStoreBackendDirect2DImpl.cpp: Added.
* platform/graphics/win/BackingStoreBackendDirect2DImpl.h: Added.
* platform/graphics/win/Direct2DOperations.cpp: Added.
* platform/graphics/win/Direct2DOperations.h: Added.
* platform/graphics/win/Direct2DUtilities.cpp: Added.
* platform/graphics/win/Direct2DUtilities.h: Added.
* platform/graphics/win/FontCascadeDirect2D.cpp:
* platform/graphics/win/GradientDirect2D.cpp:
* platform/graphics/win/GraphicsContextDirect2D.cpp:
* platform/graphics/win/GraphicsContextImplDirect2D.cpp: Added.
* platform/graphics/win/GraphicsContextImplDirect2D.h: Added.
* platform/graphics/win/GraphicsContextPlatformPrivateDirect2D.h:
* platform/graphics/win/ImageBufferDataDirect2D.h:
* platform/graphics/win/ImageBufferDirect2D.cpp:
* platform/graphics/win/NativeImageDirect2D.cpp:
* platform/graphics/win/PathDirect2D.cpp:
* platform/graphics/win/PatternDirect2D.cpp:
* platform/graphics/win/PlatformContextDirect2D.cpp: Added.
* platform/graphics/win/PlatformContextDirect2D.h: Added.
* platform/win/DragImageWin.cpp:
* svg/graphics/SVGImage.cpp:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248020 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoWeb Inspector: Resources: Display outline around images when viewing image collections
nvasilyev@apple.com [Tue, 30 Jul 2019 22:25:14 +0000 (22:25 +0000)]
Web Inspector: Resources: Display outline around images when viewing image collections
https://bugs.webkit.org/show_bug.cgi?id=200212

Reviewed by Devin Rousso.

* UserInterface/Views/CollectionContentView.css:
(.content-view.collection .resource.image img):
(.content-view.collection .resource.image img:hover):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248019 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoREGRESSION(r241288): Text on Yahoo Japan mobile looks too bold
mmaxfield@apple.com [Tue, 30 Jul 2019 21:48:27 +0000 (21:48 +0000)]
REGRESSION(r241288): Text on Yahoo Japan mobile looks too bold
https://bugs.webkit.org/show_bug.cgi?id=200065
<rdar://problem/50912757>

Reviewed by Simon Fraser.

Source/WebCore:

Before r241288, we were mapping Japanese sans-serif to Hiragino Kaku Gothic ProN, which
has a 300 weight and a 600 weight. However, we can't use that font because it's user-installed,
so in r241288 we switched to using Hiragino Sans, which has a 300 weight, a 600 weight, and an
800 weight. According to the CSS font selection algorithm, sites that request a weight of 700
would get the 800 weight instead of the 600 weight, which caused the text to look too heavy.
Therefore, the apparent visual change is from a weight change from 600 to 800.

In general, this is working as intended. However, text on Yahoo Japan looks too heavy in weight
800. Instead, this patch adds a quirk specific to Yahoo Japan that overwrites any font requests
to give them a weight of 600 instead of 700. This way, the lighter font will be used.

No new tests because quirks cannot be tested.

* css/CSSFontSelector.cpp:
(WebCore::resolveGenericFamily):
(WebCore::CSSFontSelector::fontRangesForFamily):
* page/Quirks.cpp:
(WebCore::Quirks::shouldLightenJapaneseBoldSansSerif const):
* page/Quirks.h:

Source/WTF:

* wtf/Platform.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248018 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoAdd test expectations and baselines for iPad
ryanhaddad@apple.com [Tue, 30 Jul 2019 21:04:54 +0000 (21:04 +0000)]
Add test expectations and baselines for iPad
https://bugs.webkit.org/show_bug.cgi?id=199711

Unreviewed test gardening.

* platform/ipad-12/TestExpectations: Added.
* platform/ipad-12/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt.
* platform/ipad-12/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt.
* platform/ipad-12/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt.
* platform/ipad-12/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt: Copied from LayoutTests/platform/ipad/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt.
* platform/ipad-12/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt: Copied from LayoutTests/platform/ipad/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt.
* platform/ipad-12/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt: Copied from LayoutTests/platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt.
* platform/ipad/compositing/overflow/scrolling-content-clip-to-viewport-expected.txt: Added.
* platform/ipad/compositing/rtl/rtl-scrolling-with-transformed-descendants-expected.txt: Added.
* platform/ipad/editing/caret/ios/fixed-caret-position-after-scroll-expected.txt: Added.
* platform/ipad/editing/selection/ios/do-not-hide-selection-in-visible-container-expected.txt: Added.
* platform/ipad/fast/dom/navigator-iOS-userAgent-expected.txt: Added.
* platform/ipad/fast/scrolling/ios/change-scrollability-on-content-resize-nested-expected.txt: Added.
* platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt:
* platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt:
* platform/ipad/fast/scrolling/ios/reconcile-layer-position-recursive-expected.txt: Added.
* platform/ipad/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt:
* platform/ipad/fast/viewport/ios/shrink-to-fit-for-page-without-viewport-meta-expected.txt: Added.
* platform/ipad/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt:
* platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-height-expected.txt: Added.
* platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-innerheight-expected.txt: Added.
* platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-innerwidth-expected.txt: Added.
* platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-width-expected.txt: Added.
* platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-tokenization-innerheight-innerwidth-expected.txt: Added.
* platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-tokenization-width-height-expected.txt: Added.
* platform/ipad/imported/w3c/web-platform-tests/workers/WorkerNavigator_platform-expected.txt: Added.
* platform/ipad/imported/w3c/web-platform-tests/workers/interfaces/WorkerUtils/navigator/004-expected.txt: Added.
* platform/ipad/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt:
* platform/ipad/scrollingcoordinator/ios/fixed-in-frame-layer-reconcile-layer-position-expected.txt: Added.
* platform/ipad/scrollingcoordinator/ios/fixed-in-overflow-scroll-scrolling-tree-expected.txt: Added.
* platform/ipad/scrollingcoordinator/ios/fixed-scrolling-with-keyboard-expected.txt: Copied from LayoutTests/platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt.
* platform/ipad/scrollingcoordinator/ios/non-stable-viewport-scroll-expected.txt: Added.
* platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248017 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoDumpRenderTree.app: Add CFBundleShortVersionString
jbedard@apple.com [Tue, 30 Jul 2019 21:01:39 +0000 (21:01 +0000)]
DumpRenderTree.app: Add CFBundleShortVersionString
https://bugs.webkit.org/show_bug.cgi?id=200269
<rdar://problem/53412596>

Rubber-stamped by Aakash Jain.

* DumpRenderTree/ios/Info.plist:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248016 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoCan't scroll on yummly.co.uk recipe (scale(0) div covers the content and hit-tests)
simon.fraser@apple.com [Tue, 30 Jul 2019 20:21:25 +0000 (20:21 +0000)]
Can't scroll on yummly.co.uk recipe (scale(0) div covers the content and hit-tests)
https://bugs.webkit.org/show_bug.cgi?id=200263
rdar://problem/53679408

Reviewed by Antti Koivisto.

Source/WebKit:

The content on this page had a scale(0) div overlaying an overflow:scroll element,
and our UI-side hit-testing code would find this scale(0) element, because apparently
-[UIView convertPoint:fromView:] will happily work with non-invertible matrices, and
-[UIView pointInside:withEvent:] just compares the point with the view bounds.

Since the view frame takes the transform into account, we can look for an empty frame
to detect these non-invertible transforms.

* UIProcess/RemoteLayerTree/ios/RemoteLayerTreeViews.mm:
(WebKit::collectDescendantViewsAtPoint):

LayoutTests:

* fast/scrolling/ios/non-invertible-transformed-over-scroller-expected.txt: Added.
* fast/scrolling/ios/non-invertible-transformed-over-scroller.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248015 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoFix non-thread safe use of WeakPtr under sendSecItemRequest()
cdumez@apple.com [Tue, 30 Jul 2019 19:54:27 +0000 (19:54 +0000)]
Fix non-thread safe use of WeakPtr under sendSecItemRequest()
https://bugs.webkit.org/show_bug.cgi?id=200249

Reviewed by Alex Christensen.

The function was calling globalNetworkProcess() from a background thread. This is not safe because
globalNetworkProcess() deferences a WeakPtr<NetworkProcess> internally and the NetworkProcess object
gets destroyed on the main thread.

* Shared/mac/SecItemShim.cpp:
(WebKit::sendSecItemRequest):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248014 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoUnreviewed, fix GTK build after SoupNetworkSession ownership rework.
mcatanzaro@igalia.com [Tue, 30 Jul 2019 18:41:44 +0000 (18:41 +0000)]
Unreviewed, fix GTK build after SoupNetworkSession ownership rework.

* platform/network/soup/SocketStreamHandleImplSoup.cpp:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248013 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[GTK] Compilation errors when GL is disabled
mcatanzaro@igalia.com [Tue, 30 Jul 2019 17:28:57 +0000 (17:28 +0000)]
[GTK] Compilation errors when GL is disabled
https://bugs.webkit.org/show_bug.cgi?id=200223

Unreviewed, keep trying to fix build with -DENABLE_OPENGL=OFF.

The previous commit was sufficient for the 2.24 branch, but on trunk there are more
problems. This doesn't solve all of them, but it gets us closer.

* SourcesGTK.txt:
* platform/graphics/GLContext.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248012 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agopicture-in-picture.html fails because webkitpresentationmodechanged sometimes dispatc...
dbates@webkit.org [Tue, 30 Jul 2019 17:23:09 +0000 (17:23 +0000)]
picture-in-picture.html fails because webkitpresentationmodechanged sometimes dispatched multiple times
using Apple Internal build
<rdar://problem/36455352>

Workaround by only listening for the first webkitpresentationmodechanged event dispatched. This test
is the canary in the coal mine that revealed that multiple webkitpresentationmodechanged events are
dispatched when one is expected. However this was not the primary purpose of the test and in absence
of a timeframe for a fix for <rdar://problem/36455352> work around this bug to avoid losing test coverage
when using an Apple Internal build.

* platform/ipad/media/controls/resources/picture-in-picture.html:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248011 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[SOUP] Move SoupNetworkSession ownership from NetworkStorageSession to NetworkSession
carlosgc@webkit.org [Tue, 30 Jul 2019 16:31:05 +0000 (16:31 +0000)]
[SOUP] Move SoupNetworkSession ownership from NetworkStorageSession to NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=200076

Reviewed by Michael Catanzaro.

Source/WebCore:

Remove the SoupNetworkSession from NetworkStorageSession.

* platform/network/NetworkStorageSession.h:
(WebCore::NetworkStorageSession::cookieStorage const): Return the cookie jar.
* platform/network/StorageSessionProvider.h:
(WebCore::StorageSessionProvider::soupSession const): Temporary add this virtual method that is required by
SocketStreamHandleImplSoup. It will be removed once we switch to libsoup WebSockets API soon.
* platform/network/soup/DNSResolveQueueSoup.cpp:
(WebCore::globalDefaultSoupSessionAccessor): Rework the accessor to return the SoupSession directly since
that's what we really want.
(WebCore::DNSResolveQueueSoup::setGlobalDefaultSoupSessionAccessor):
(WebCore::DNSResolveQueueSoup::updateIsUsingProxy):
(WebCore::DNSResolveQueueSoup::platformResolve):
(WebCore::DNSResolveQueueSoup::resolve):
* platform/network/soup/DNSResolveQueueSoup.h:
* platform/network/soup/NetworkStorageSessionSoup.cpp:
(WebCore::NetworkStorageSession::NetworkStorageSession): Create and setup the default cookie jar.
(WebCore::NetworkStorageSession::~NetworkStorageSession): Only disconnect the cookie jar signals.
(WebCore::NetworkStorageSession::setCookieStorage): Update the cookie jar, now we know it's always a new one.
* platform/network/soup/SocketStreamHandleImplSoup.cpp:
(WebCore::SocketStreamHandleImpl::create): Use the new virtual method from StorageSessionProvider to get the SoupSession.
* platform/network/soup/SoupNetworkSession.cpp:
(WebCore::SoupNetworkSession::SoupNetworkSession): Remove the SoupCookieJar parameter.
* platform/network/soup/SoupNetworkSession.h:

Source/WebKit:

NetworkStorageSession should only own the cookie jar, since it's the only thing it handles from the session.

* NetworkProcess/Cookies/soup/WebCookieManagerSoup.cpp:
(WebKit::WebCookieManager::setCookiePersistentStorage): Use the network session instead of the storage session
to set the peristent cookie storage.
* NetworkProcess/CustomProtocols/soup/LegacyCustomProtocolManagerSoup.cpp:
(WebKit::LegacyCustomProtocolManager::registerScheme): Iterate network sessions instead of storage sessions to
access the SoupNetworkSession.
* NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::resourceLoadStatisticsUpdated): Use
NetworkProcess::forEachNetworkSession() to iterate network sessions.
* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::lowMemoryHandler): Ditto.
(WebKit::NetworkProcess::forEachNetworkSession): Added to iterate network sessions intead of exposing the map
that is always used to iterate the sessions.
(WebKit::NetworkProcess::switchToNewTestingSession): Use the new NetworkStorageSession constructor API.
(WebKit::NetworkProcess::ensureSession): Ditto.
(WebKit::NetworkProcess::destroySession): Allow to destroy the default session for soup based ports. This is
only called right before process exit to ensure we don't leak network resources like the cookies database.
(WebKit::NetworkProcess::setResourceLoadStatisticsEnabled): Use NetworkProcess::forEachNetworkSession() to
iterate network sessions.
(WebKit::NetworkProcess::fetchWebsiteData): Ditto.
(WebKit::NetworkProcess::deleteWebsiteDataForOrigins): Ditto.
(WebKit::NetworkProcess::deleteWebsiteDataForRegistrableDomains): Ditto.
(WebKit::NetworkProcess::registrableDomainsWithWebsiteData): Ditto.
(WebKit::NetworkProcess::setCacheModel): Ditto.
(WebKit::NetworkProcess::actualPrepareToSuspend): Ditto.
(WebKit::NetworkProcess::resume): Ditto.
* NetworkProcess/NetworkProcess.h:
* NetworkProcess/NetworkStorageSessionProvider.h:
* NetworkProcess/cocoa/NetworkProcessCocoa.mm:
(WebKit::NetworkProcess::clearDiskCache): Ditto.
* NetworkProcess/ios/NetworkProcessIOS.mm:
(WebKit::NetworkProcess::clearCacheForAllOrigins): Ditto.
* NetworkProcess/soup/NetworkProcessMainSoup.cpp: Destroy the default session before process exists.
* NetworkProcess/soup/NetworkProcessSoup.cpp:
(WebKit::NetworkProcess::userPreferredLanguagesChanged): Iterate network sessions instead of storage sessions to
access the SoupNetworkSession.
(WebKit::NetworkProcess::platformCreateDefaultStorageSession const): Use the new NetworkStorageSession constructor API.
(WebKit::NetworkProcess::clearDiskCache): Use NetworkProcess::forEachNetworkSession() to iterate network sessions.
(WebKit::NetworkProcess::setNetworkProxySettings): Iterate network sessions instead of storage sessions to
access the SoupNetworkSession.
* NetworkProcess/soup/NetworkSessionSoup.cpp:
(WebKit::NetworkSessionSoup::NetworkSessionSoup): Create the SoupNetworkSession and setup cookies.
(WebKit::NetworkSessionSoup::soupSession const): Return the SoupSession of SoupNetworkSession.
(WebKit::NetworkSessionSoup::setCookiePersistentStorage): Setup a new cookie jar.
* NetworkProcess/soup/NetworkSessionSoup.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248010 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[GTK] Compilation errors when GL is disabled
mcatanzaro@igalia.com [Tue, 30 Jul 2019 16:17:38 +0000 (16:17 +0000)]
[GTK] Compilation errors when GL is disabled
https://bugs.webkit.org/show_bug.cgi?id=200223

Unreviewed, fix build with -DENABLE_OPENGL=OFF.

* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
(WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248009 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoFix CRASH_WITH_INFO() so that it doesn't complain about unused parameters on non...
mcatanzaro@igalia.com [Tue, 30 Jul 2019 16:04:44 +0000 (16:04 +0000)]
Fix CRASH_WITH_INFO() so that it doesn't complain about unused parameters on non Clang / MSVC compilers.
https://bugs.webkit.org/show_bug.cgi?id=200243

Reviewed by Mark Lam.

For GCC, we'll implement WTFCrashWithInfo as a function rather than a macro. To use
##__VA_ARGS we would need to enable GNU extensions, and don't want to do that. The proper
solution, format __VA_OPT__(,) __VA_ARGS__, requires C++20. So just use an inline function
for now as a workaround.

* wtf/Assertions.h:
(CRASH_WITH_INFO):
(CRASH_WITH_SECURITY_IMPLICATION_AND_INFO):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248008 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoShould not render latest build information if there is no data points for a config.
dewei_zhu@apple.com [Tue, 30 Jul 2019 16:04:23 +0000 (16:04 +0000)]
Should not render latest build information if there is no data points for a config.
https://bugs.webkit.org/show_bug.cgi?id=200250

Reviewed by Ryosuke Niwa.

Fix a bug test freshness page that tooltip cannot be rendered when a cell does not have
a data point.

* public/v3/pages/test-freshness-page.js: Added a null check on commit set before rendering
latest build informaiton.
(TestFreshnessPage.prototype._renderTooltip):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248007 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoUnreviewed, rolling out r247932.
tsavell@apple.com [Tue, 30 Jul 2019 15:40:01 +0000 (15:40 +0000)]
Unreviewed, rolling out r247932.

Broke 8 API tests across all platforms.

Reverted changeset:

"Fix non-thread safe use of WeakPtr under
sendSecItemRequest()"
https://bugs.webkit.org/show_bug.cgi?id=200249
https://trac.webkit.org/changeset/247932

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248006 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago(r247440) imported/w3c/web-platform-tests/wasm/jsapi/interface.any.worker.html is...
tsavell@apple.com [Tue, 30 Jul 2019 15:24:04 +0000 (15:24 +0000)]
(r247440) imported/w3c/web-platform-tests/wasm/jsapi/interface.any.worker.html is a flakey failure
https://bugs.webkit.org/show_bug.cgi?id=200258

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248005 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoWeb Inspector: Resources: add a "Show Grid" navigation item for the Images collection
drousso@apple.com [Tue, 30 Jul 2019 05:29:59 +0000 (05:29 +0000)]
Web Inspector: Resources: add a "Show Grid" navigation item for the Images collection
https://bugs.webkit.org/show_bug.cgi?id=200260

Reviewed by Joseph Pecoraro.

Each subview `WI.ImageResourceContentView` already listens for changes to the underlying
`WI.settings.showImageGrid` and adds the `.show-grid` class if enabled. As such, this change
just adds a `WI.ButtonNavigationItem` for toggling `WI.settings.showImageGrid` from the
Images "folder".

* UserInterface/Views/ResourceCollectionContentView.js:
(WI.ResourceCollectionContentView):
(WI.ResourceCollectionContentView.prototype.get navigationItems):
(WI.ResourceCollectionContentView.prototype.attached): Added.
(WI.ResourceCollectionContentView.prototype.detached): Added.
(WI.ResourceCollectionContentView.prototype._updateImageTypeScopeBar):
Drive-by: hide the image type `WI.ScopeBar` if there's only one type of image.
(WI.ResourceCollectionContentView.prototype._handleShowGridButtonClicked): Added.
(WI.ResourceCollectionContentView.prototype._handleShowImageGridSettingChanged): Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248004 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoAdd layout test coverage for <https://webkit.org/b/200215>
wenson_hsieh@apple.com [Tue, 30 Jul 2019 03:44:01 +0000 (03:44 +0000)]
Add layout test coverage for <https://webkit.org/b/200215>
https://bugs.webkit.org/show_bug.cgi?id=200245
<rdar://problem/52976965>

Reviewed by Tim Horton.

Tools:

Add new testing infrastructure. See below for more details.

* TestRunnerShared/UIScriptContext/Bindings/UIScriptController.idl:
* TestRunnerShared/UIScriptContext/UIScriptContext.h:
* TestRunnerShared/UIScriptContext/UIScriptController.cpp:
(WTR::UIScriptController::setWillCreateNewPageCallback):
(WTR::UIScriptController::willCreateNewPageCallback const):

Add platform-agnostic UIScriptController callback hooks to notify a test when a new page is being created. The
new test in this patch uses this opportunity to remove and reinsert the web view into the window's hierarchy.

* TestRunnerShared/UIScriptContext/UIScriptController.h:
(WTR::UIScriptController::becomeFirstResponder):

Add and implement a Cocoa platform hook to make the web view first responder.

* WebKitTestRunner/TestController.cpp:
(WTR::TestController::createOtherPage):
* WebKitTestRunner/TestInvocation.cpp:
(WTR::TestInvocation::willCreateNewPage):
* WebKitTestRunner/TestInvocation.h:
* WebKitTestRunner/cocoa/UIScriptControllerCocoa.h:
* WebKitTestRunner/cocoa/UIScriptControllerCocoa.mm:
(WTR::UIScriptControllerCocoa::becomeFirstResponder):

LayoutTests:

Add a new layout test to exercise a scenario where the web view is removed from the view hierarchy, added back
into the view hierarchy, and then made first responder all under the scope of a synchronous autocorrection
context request. See <https://trac.webkit.org/changeset/247914> for more details.

The test here involves two parts: first, we attempt to interact with an input field which, when focused, will
try to open a new window, which then triggers code in the UI process that reinserts the web view in the view
hierarchy. Before r247345, this would result in a crash.

The second part involves tapping an input field on the page. Without the fix in r247914, this would result in a
permanent hang in the UI process, due to the keyboard task queue being unable to dequeue and handle any further
tasks.

* fast/forms/ios/remove-and-add-view-during-focus-expected.txt: Added.
* fast/forms/ios/remove-and-add-view-during-focus.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247941 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[Win][MiniBrowser] Add 'reload' menu item and 'reload' toolbar button
Hironori.Fujii@sony.com [Tue, 30 Jul 2019 01:53:27 +0000 (01:53 +0000)]
[Win][MiniBrowser] Add 'reload' menu item and 'reload' toolbar button
https://bugs.webkit.org/show_bug.cgi?id=200217

Reviewed by Alex Christensen.

* MiniBrowser/win/BrowserWindow.h:
* MiniBrowser/win/MainWindow.cpp:
(MainWindow::init):
(MainWindow::resizeSubViews):
(MainWindow::WndProc):
* MiniBrowser/win/MainWindow.h: Added m_hReloadButtonWnd.
* MiniBrowser/win/MiniBrowserLib.rc:
* MiniBrowser/win/MiniBrowserLibResource.h: Added IDM_RELOAD.
* MiniBrowser/win/WebKitBrowserWindow.cpp:
(WebKitBrowserWindow::reload):
* MiniBrowser/win/WebKitBrowserWindow.h: Added reload() interface.
* MiniBrowser/win/WebKitLegacyBrowserWindow.cpp:
(WebKitLegacyBrowserWindow::reload):
* MiniBrowser/win/WebKitLegacyBrowserWindow.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247938 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoYouTube search field shows RTL text outside its border on iPadOS
wenson_hsieh@apple.com [Tue, 30 Jul 2019 01:50:58 +0000 (01:50 +0000)]
YouTube search field shows RTL text outside its border on iPadOS
https://bugs.webkit.org/show_bug.cgi?id=200253
<rdar://problem/53680603>

Reviewed by Beth Dakin.

Source/WebKit:

Limits code added in r238939 to respect the current keyboard's writing mode to only editable web views. This
behavior was only intended for Mail, and isn't generally compatible with web content.

While the call to -setInitialDirection is correctly gated on an web view editability check, it appears that
other changes in iOS 13 now cause -setBaseWritingDirection:forRange: to be invoked directly from keyboards code.
This means that -setBaseWritingDirection:forRange: should additionally be guarded with the same check.

* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView setBaseWritingDirection:forRange:]):

LayoutTests:

* editing/input/ios/rtl-keyboard-input-on-focus-in-editable-page-expected.txt: Renamed from LayoutTests/editing/input/ios/rtl-keyboard-input-on-focus-expected.txt.
* editing/input/ios/rtl-keyboard-input-on-focus-in-editable-page.html: Renamed from LayoutTests/editing/input/ios/rtl-keyboard-input-on-focus.html.

Rename an existing test, rtl-keyboard-input-on-focus.html, to rtl-keyboard-input-on-focus-in-editable-page.html
to emphasize the fact that it requires an editable web view.

* editing/input/ios/rtl-keyboard-input-on-focus-in-non-editable-page-expected.txt: Added.
* editing/input/ios/rtl-keyboard-input-on-focus-in-non-editable-page.html: Added.

Add a new layout test to ensure that we don't automatically apply an RTL attribute when focusing fields in a
non-editable web view.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247936 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[Win][MiniBrowser][WK2] Automatically supplement "file://" or "http://" for an input...
Hironori.Fujii@sony.com [Tue, 30 Jul 2019 01:46:19 +0000 (01:46 +0000)]
[Win][MiniBrowser][WK2] Automatically supplement "file://" or "" for an input URL as well as WK1 browser window
https://bugs.webkit.org/show_bug.cgi?id=200218

Reviewed by Alex Christensen.

Moved the scheme supplementing logic from
WebKitLegacyBrowserWindow::loadURL to MainWindow::loadURL.

* MiniBrowser/win/MainWindow.cpp:
(MainWindow::loadURL):
(MainWindow::onURLBarEnter):
* MiniBrowser/win/MainWindow.h:
* MiniBrowser/win/WebKitLegacyBrowserWindow.cpp:
(WebKitLegacyBrowserWindow::loadURL):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247935 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoMediaSource.isTypeSupported claims FLAC-in-MP4 support on iOS and macOS, but plays...
eric.carlson@apple.com [Tue, 30 Jul 2019 01:24:53 +0000 (01:24 +0000)]
MediaSource.isTypeSupported claims FLAC-in-MP4 support on iOS and macOS, but plays silence
https://bugs.webkit.org/show_bug.cgi?id=198583
<rdar://problem/51487853>

Reviewed by Maciej Stachowiak.

* platform/graphics/avfoundation/objc/AVStreamDataParserMIMETypeCache.h:
(WebCore::AVStreamDataParserMIMETypeCache::canDecodeType): Use anParseExtendedMIMEType:
when it is available.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247934 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoTry fixing crash at com.apple.WebKit.Networking: NetworkProcess::setSharedHTTPCookieS...
sihui_liu@apple.com [Tue, 30 Jul 2019 00:21:44 +0000 (00:21 +0000)]
Try fixing crash at com.apple.WebKit.Networking: NetworkProcess::setSharedHTTPCookieStorage
https://bugs.webkit.org/show_bug.cgi?id=200189
<rdar://problem/41325767>

Reviewed by Chris Dumez.

The crash indicates that sharedCookieStorage is accessed before being set in network process.
sharedCookieStorage is set during the processing of InitializeNetworkProcess message, and access to
sharedCookieStorage is supposed to happen after that. Therefore, it is likely some message is received and
handled before InitializeNetworkProcess.

One possible explanation is WebKit APIs get called on different threads. Because of the race in checking and
setting m_networkProcess, some message is sent between network process gets launched (m_networkProcess is set)
and InitializeNetworkProcess message is sent. To mitigate this issue, we make sure m_networkProcess is set only
in the main runloop and only after InitializeNetworkProcess is sent.

* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::ensureNetworkProcess):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247933 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoFix non-thread safe use of WeakPtr under sendSecItemRequest()
cdumez@apple.com [Tue, 30 Jul 2019 00:20:11 +0000 (00:20 +0000)]
Fix non-thread safe use of WeakPtr under sendSecItemRequest()
https://bugs.webkit.org/show_bug.cgi?id=200249

Reviewed by Alex Christensen.

The function was calling globalNetworkProcess() from a background thread. This is not safe because
globalNetworkProcess() deferences a WeakPtr<NetworkProcess> internally and the NetworkProcess object
gets destroyed on the main thread.

* Shared/mac/SecItemShim.cpp:
(WebKit::sendSecItemRequest):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247932 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[LFC][TFC] <table> initiates a principal block container box called table wrapper...
zalan@apple.com [Tue, 30 Jul 2019 00:17:16 +0000 (00:17 +0000)]
[LFC][TFC] <table> initiates a principal block container box called table wrapper box.
https://bugs.webkit.org/show_bug.cgi?id=200198
<rdar://problem/53623803>

Reviewed by Antti Koivisto.

The table wrapper box contains the table box itself and any caption boxes.

* layout/layouttree/LayoutBox.cpp:
(WebCore::Layout::Box::isBlockContainerBox const):
* layout/layouttree/LayoutBox.h:
(WebCore::Layout::Box::isTableCaption const):
(WebCore::Layout::Box::isTableRow const):
(WebCore::Layout::Box::isTableCell const):
* layout/layouttree/LayoutContainer.h:
* layout/layouttree/LayoutTreeBuilder.cpp:
(WebCore::Layout::appendChild):
(WebCore::Layout::TreeBuilder::createLayoutBox):
(WebCore::Layout::TreeBuilder::createTableStructure):
(WebCore::Layout::TreeBuilder::createSubTree):
(WebCore::Layout::outputLayoutBox):
* layout/layouttree/LayoutTreeBuilder.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247931 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[WebGPU] Replace Vectors with HashSets for tracking resources used by GPUCommandBuffer
justin_fan@apple.com [Tue, 30 Jul 2019 00:06:31 +0000 (00:06 +0000)]
[WebGPU] Replace Vectors with HashSets for tracking resources used by GPUCommandBuffer
https://bugs.webkit.org/show_bug.cgi?id=200200

Reviewed by Myles C. Maxfield.

Resources bound to a command buffer or bind group only need be tracked once rather than once per sub-view.
This patch cuts GPUQueue.submit validation from 2-12 ms down to ~0 when drawing 12000 triangles in Animometer.

Covered by existing tests; no behavior change expected.

* Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.cpp: Removed unused variable.
* platform/graphics/gpu/GPUBindGroup.h:
(WebCore::GPUBindGroup::boundBuffers const):
(WebCore::GPUBindGroup::boundTextures const):
* platform/graphics/gpu/GPUCommandBuffer.h:
(WebCore::GPUCommandBuffer::usedBuffers const):
(WebCore::GPUCommandBuffer::usedTextures const):
(WebCore::GPUCommandBuffer::useBuffer):
(WebCore::GPUCommandBuffer::useTexture):
* platform/graphics/gpu/cocoa/GPUBindGroupMetal.mm:
(WebCore::GPUBindGroup::tryCreate):
(WebCore::GPUBindGroup::GPUBindGroup):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247930 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoDisable Flaky API Test TestWebKitAPI.WKWebView.LocalStorageProcessSuspends
aakash_jain@apple.com [Mon, 29 Jul 2019 23:23:29 +0000 (23:23 +0000)]
Disable Flaky API Test TestWebKitAPI.WKWebView.LocalStorageProcessSuspends
https://bugs.webkit.org/show_bug.cgi?id=200254

Unreviewed infrastructure fix.

* TestWebKitAPI/Tests/WebKitCocoa/LocalStoragePersistence.mm: Disabled the test.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247929 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoWeb Inspector: add -webkit-* keywords for *-height CSS properties
drousso@apple.com [Mon, 29 Jul 2019 23:06:25 +0000 (23:06 +0000)]
Web Inspector: add -webkit-* keywords for *-height CSS properties
https://bugs.webkit.org/show_bug.cgi?id=200240

Reviewed by Joseph Pecoraro.

* UserInterface/Models/CSSKeywordCompletions.js:

* UserInterface/Views/Main.css:
(.message-text-view):
* UserInterface/Views/Toolbar.css:
(.toolbar .control-section):
(.toolbar .item-section):
Replace `-webkit-min-content` with `min-content`.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247928 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[LFC][TFC] Introduce Box::establishesTableFormattingContext
zalan@apple.com [Mon, 29 Jul 2019 23:04:43 +0000 (23:04 +0000)]
[LFC][TFC] Introduce Box::establishesTableFormattingContext
https://bugs.webkit.org/show_bug.cgi?id=200060

Reviewed by Antti Koivisto.

https://www.w3.org/TR/CSS22/tables.html

The table generates a principal block container box called the table wrapper box that contains the table box itself and any caption boxes.
The table box is a block-level box that contains the table's internal table boxes.
The table wrapper box is block-level for 'display: table', and inline-level; for 'display: inline-table'. The table wrapper box establishes a block
formatting context, and the table box establishes a table formatting context."

* layout/layouttree/LayoutBox.cpp:
(WebCore::Layout::Box::establishesFormattingContext const):
(WebCore::Layout::Box::establishesTableFormattingContext const):
(WebCore::Layout::Box::isBlockLevelBox const):
(WebCore::Layout::Box::isInlineLevelBox const):
(WebCore::Layout::Box::isBlockContainerBox const):
* layout/layouttree/LayoutBox.h:
(WebCore::Layout::Box::isTableWrapperBox const):
(WebCore::Layout::Box::isTableBox const):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247927 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[ContentChangeObserver] didFinishContentChangeObserving should include the type of...
zalan@apple.com [Mon, 29 Jul 2019 22:48:30 +0000 (22:48 +0000)]
[ContentChangeObserver] didFinishContentChangeObserving should include the type of content change.
https://bugs.webkit.org/show_bug.cgi?id=200247
<rdar://problem/53681149>

Reviewed by Simon Fraser.

Source/WebCore:

Now we don't have to query the content change observer for the type of the change in the callback.

* loader/EmptyClients.h:
* page/ChromeClient.h:
* page/ios/ContentChangeObserver.cpp:
(WebCore::ContentChangeObserver::adjustObservedState):
* page/ios/EventHandlerIOS.mm:
(WebCore::EventHandler::mouseMoved):

Source/WebKit:

* WebProcess/WebCoreSupport/WebChromeClient.h:
* WebProcess/WebCoreSupport/ios/WebChromeClientIOS.mm:
(WebKit::WebChromeClient::didFinishContentChangeObserving):
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::didFinishContentChangeObserving):

Source/WebKitLegacy/ios:

* WebCoreSupport/WebChromeClientIOS.h:
* WebCoreSupport/WebChromeClientIOS.mm:
(WebChromeClientIOS::didFinishContentChangeObserving):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247926 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[JSC] Increment bytecode age only when SlotVisitor is first-visit
ysuzuki@apple.com [Mon, 29 Jul 2019 22:26:58 +0000 (22:26 +0000)]
[JSC] Increment bytecode age only when SlotVisitor is first-visit
https://bugs.webkit.org/show_bug.cgi?id=200196

Reviewed by Robin Morisset.

JSTests:

* stress/reparsing-unlinked-codeblock.js:

Source/JavaScriptCore:

WriteBarrier can cause multiple visits for the same UnlinkedCodeBlock. But this does not mean that we are having multiple cycles of GC.
We should increment the age of the UnlinkedCodeBlock only when the SlotVisitor is saying that this is the first visit.

In practice,this almost never happens. Multiple visits can happen only when the marked UnlinkedCodeBlock gets a write-barrier. But, mutation
of UnlinkedCodeBlock is rare or none after it is initialized. I ran all the JSTests and I cannot find any tests that get re-visiting of UnlinkedCodeBlock.
This patch extends JSTests/stress/reparsing-unlinked-codeblock.js to ensure that UnlinkedCodeBlockJettisoning feature is working after this change.

* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::visitChildren):
* heap/SlotVisitor.h:
(JSC::SlotVisitor::isFirstVisit const):
* parser/Parser.cpp:
* parser/Parser.h:
(JSC::parse):
(JSC::parseFunctionForFunctionConstructor):
* runtime/Options.h:
* tools/JSDollarVM.cpp:
(JSC::functionParseCount):
(JSC::JSDollarVM::finishCreation):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247925 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoThe maximum subframe count check should not be skipped for empty URLs.
rniwa@webkit.org [Mon, 29 Jul 2019 21:57:39 +0000 (21:57 +0000)]
The maximum subframe count check should not be skipped for empty URLs.
https://bugs.webkit.org/show_bug.cgi?id=200032

Patch by Sergei Glazunov <glazunov@google.com> on 2019-07-29
Reviewed by Ryosuke Niwa.

Source/WebCore:

Move the check closer to the actual frame creation code in `loadSubframe`.

Test: fast/dom/connected-subframe-counter-overflow.html

* dom/Document.cpp:
(WebCore::Document::prepareForDestruction): Assert that all child frames have been detached.
* html/HTMLFrameElementBase.cpp:
(WebCore::HTMLFrameElementBase::canLoad const):
(WebCore::HTMLFrameElementBase::canLoadURL const):
* html/HTMLFrameOwnerElement.cpp:
(WebCore::HTMLFrameOwnerElement::canAddSubframe const): Deleted.
* html/HTMLFrameOwnerElement.h:
* html/HTMLPlugInImageElement.cpp:
(WebCore::HTMLPlugInImageElement::canLoadURL const):
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadSubframe):

LayoutTests:

* fast/dom/connected-subframe-counter-overflow-expected.txt: Added.
* fast/dom/connected-subframe-counter-overflow.html: Added.
* fast/frames/lots-of-iframes-expected.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247924 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoREGRESSION: WebSockets no longer work in Service Workers
youenn@apple.com [Mon, 29 Jul 2019 21:43:42 +0000 (21:43 +0000)]
REGRESSION: WebSockets no longer work in Service Workers
https://bugs.webkit.org/show_bug.cgi?id=199906
<rdar://problem/53516732>

Reviewed by Geoffrey Garen.

Source/WebKit:

Use WebSocketProvider so that network calls are done in the network process.

* WebProcess/Storage/WebSWContextManagerConnection.cpp:
(WebKit::WebSWContextManagerConnection::installServiceWorker):

LayoutTests:

Fix test and make sure messages are exchanged for the test to succeed.

* http/tests/workers/service/resources/serviceworker-websocket-worker.js:
(async.doTest):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247923 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[ContentChangeObserver] ChromeClient::observedContentChange() name is misleading
zalan@apple.com [Mon, 29 Jul 2019 21:32:16 +0000 (21:32 +0000)]
[ContentChangeObserver] ChromeClient::observedContentChange() name is misleading
https://bugs.webkit.org/show_bug.cgi?id=200238
<rdar://problem/53677038>

Reviewed by Simon Fraser.

Source/WebCore:

This function indicates that we've finished observing content changes.

* loader/EmptyClients.h:
* page/ChromeClient.h:
* page/ios/ContentChangeObserver.cpp:
(WebCore::ContentChangeObserver::adjustObservedState):
* page/ios/EventHandlerIOS.mm:
(WebCore::EventHandler::mouseMoved):

Source/WebKit:

* WebProcess/WebCoreSupport/WebChromeClient.h:
* WebProcess/WebCoreSupport/ios/WebChromeClientIOS.mm:
(WebKit::WebChromeClient::didFinishContentChangeObserving):
(WebKit::WebChromeClient::observedContentChange): Deleted.
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::didFinishContentChangeObserving):
(WebKit::WebPage::completePendingSyntheticClickForContentChangeObserver): Deleted.

Source/WebKitLegacy/ios:

* WebCoreSupport/WebChromeClientIOS.h:
* WebCoreSupport/WebChromeClientIOS.mm:
(WebChromeClientIOS::didFinishContentChangeObserving):
(WebChromeClientIOS::observedContentChange): Deleted.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247922 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoShareableBitmap::createGraphicsContext() should return nullptr when CGBitmapContextCr...
rniwa@webkit.org [Mon, 29 Jul 2019 21:21:54 +0000 (21:21 +0000)]
ShareableBitmap::createGraphicsContext() should return nullptr when CGBitmapContextCreateWithData returns nil
https://bugs.webkit.org/show_bug.cgi?id=200185

Reviewed by Simon Fraser.

We should not be creating GraphicsContext with nil CGContextRef in ShareableBitmap::createGraphicsContext()
as such a GraphicsContext is only used for specific purposes.

This patch adds an early return to ShareableBitmap::createGraphicsContext() when CGBitmapContextCreateWithData
returns nil CGContextRef.

* PluginProcess/PluginControllerProxy.cpp:
(WebKit::PluginControllerProxy::paint):
* Shared/API/c/cg/WKImageCG.cpp:
(WKImageCreateFromCGImage):
* Shared/ContextMenuContextData.cpp:
(WebKit::ContextMenuContextData::ContextMenuContextData):
* Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:
(WebKit::RemoteLayerBackingStore::display):
* Shared/WebCoreArgumentCoders.cpp:
(IPC::encodeImage):
* Shared/cg/ShareableBitmapCG.cpp:
(WebKit::ShareableBitmap::createGraphicsContext):
(WebKit::ShareableBitmap::makeCGImageCopy):
* WebProcess/InjectedBundle/DOM/InjectedBundleNodeHandle.cpp:
(WebKit::imageForRect):
* WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp:
(WebKit::InjectedBundleRangeHandle::renderedImage):
* WebProcess/InjectedBundle/InjectedBundleHitTestResult.cpp:
(WebKit::InjectedBundleHitTestResult::image const):
* WebProcess/Plugins/Netscape/NetscapePlugin.cpp:
(WebKit::NetscapePlugin::snapshot):
* WebProcess/Plugins/PDF/PDFPlugin.mm:
(WebKit::PDFPlugin::snapshot):
* WebProcess/Plugins/PluginProxy.cpp:
(WebKit::PluginProxy::paint):
(WebKit::PluginProxy::update):
* WebProcess/WebCoreSupport/mac/WebDragClientMac.mm:
(WebKit::convertCGImageToBitmap):
* WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp:
(WebKit::DrawingAreaCoordinatedGraphics::display):
* WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::createSelectionSnapshot const):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::snapshotAtSize):
(WebKit::WebPage::snapshotNode):
(WebKit::WebPage::drawRectToImage):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247921 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoContextual menu does not present when holding an embedded photo but works with link...
dino@apple.com [Mon, 29 Jul 2019 21:19:41 +0000 (21:19 +0000)]
Contextual menu does not present when holding an embedded photo but works with link and attachments
https://bugs.webkit.org/show_bug.cgi?id=200239
<rdar://problem/53318733>

Reviewed by Tim Horton.

If the user long-pressed on an image, and the client implemented the new API but did
not provide a configuration, we were not falling back to the default behaviour of
giving a menu allowing the user to copy/share/save the image.

* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView continueContextMenuInteraction:]): If we get through the delegates,
and the element is an image, return the default configuration.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247920 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoUnreviewed test gardening, update expectations for rdar://problem/48616298.
ryanhaddad@apple.com [Mon, 29 Jul 2019 20:30:41 +0000 (20:30 +0000)]
Unreviewed test gardening, update expectations for rdar://problem/48616298.

* platform/ios-wk2/TestExpectations:
The fast/viewport/ios directory is marked as passing in this file, which was overriding the entries in the 'ios' file.
* platform/ios/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247919 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoRemove unnecessary null check under WebResourceLoadStatisticsStore::hasStorageAccess()
cdumez@apple.com [Mon, 29 Jul 2019 20:15:43 +0000 (20:15 +0000)]
Remove unnecessary null check under WebResourceLoadStatisticsStore::hasStorageAccess()
https://bugs.webkit.org/show_bug.cgi?id=200229

Reviewed by Alex Christensen.

Remove unnecessary null check under WebResourceLoadStatisticsStore::hasStorageAccess().
There is already a null check with an early return a few lines above.

* NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:
(WebKit::WebResourceLoadStatisticsStore::hasStorageAccess):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247918 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoStringBuilder::append(makeString(...)) is inefficient
weinig@apple.com [Mon, 29 Jul 2019 20:12:25 +0000 (20:12 +0000)]
StringBuilder::append(makeString(...)) is inefficient
https://bugs.webkit.org/show_bug.cgi?id=200034

Reviewed by Saam Barati.

Replace uses of StringBuilder::append(makeString(...)) with StringBuilder::flexiblAppend(...).
Where possible, also merged consecutive calls to StringBuilder::append(...) into a single call
to StringBuilder::flexiblAppend(...) to avoid unnecessary additional overflow checks and resizes.
Also where possible, replaced StringBuilder with makeString() if no branching was used during
construction.

A lot more can be done to improve the efficiency of StringBuilder use in the WHLSL code including:
- Using StringView more prevelently, especially when passing a substring to the StringBuilder.
- Passing existing StringBuilders to functions for them to use rather than returning a String and
  then appending that to another StringBuilder.
- Using custom StringTypeAdapters for generated names, rather than storing them as Strings.

* Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.cpp:
(WebCore::WHLSL::Metal::EntryPointScaffolding::resourceHelperTypes):
(WebCore::WHLSL::Metal::EntryPointScaffolding::resourceSignature):
(WebCore::WHLSL::Metal::EntryPointScaffolding::builtInsSignature):
(WebCore::WHLSL::Metal::EntryPointScaffolding::mangledInputPath):
(WebCore::WHLSL::Metal::EntryPointScaffolding::mangledOutputPath):
(WebCore::WHLSL::Metal::EntryPointScaffolding::unpackResourcesAndNamedBuiltIns):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::helperTypes):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::signature):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::unpack):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::pack):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::helperTypes):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::signature):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::unpack):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::pack):
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::signature):
* Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp:
(WebCore::WHLSL::Metal::FunctionDeclarationWriter::visit):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::FunctionDefinitionWriter):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::emitLoop):
* Modules/webgpu/WHLSL/Metal/WHLSLMetalCodeGenerator.cpp:
(WebCore::WHLSL::Metal::generateMetalCodeShared):
* Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp:
(WebCore::WHLSL::Metal::writeNativeFunction):
* Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.cpp:
(WebCore::WHLSL::Metal::MetalTypeDeclarationWriter::visit):
(WebCore::WHLSL::Metal::TypeNamer::emitUnnamedTypeDefinition):
(WebCore::WHLSL::Metal::TypeNamer::emitNamedTypeDefinition):
(WebCore::WHLSL::Metal::TypeNamer::metalTypes):
* Modules/webgpu/WHLSL/WHLSLParser.cpp:
(WebCore::WHLSL::Types::appendNameTo):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::logLayerInfo):
* testing/Internals.cpp:
(WebCore::Internals::ongoingLoadsDescriptions const):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247917 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoREGRESSION (r247891): Layout Test accessibility/ios-simulator/video-elements-ios...
commit-queue@webkit.org [Mon, 29 Jul 2019 19:56:55 +0000 (19:56 +0000)]
REGRESSION (r247891): Layout Test accessibility/ios-simulator/video-elements-ios.html is failing
https://bugs.webkit.org/show_bug.cgi?id=200231
<rdar://problem/53666599>

Patch by Andres Gonzalez <andresg_22@apple.com> on 2019-07-29
Reviewed by Chris Fleizach.

We now expose <video> elements when they have controls.
* accessibility/ios-simulator/video-elements-ios-expected.txt:
* accessibility/ios-simulator/video-elements-ios.html:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247916 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoForce Reveal to always lookup from menu
megan_gardner@apple.com [Mon, 29 Jul 2019 19:20:17 +0000 (19:20 +0000)]
Force Reveal to always lookup from menu
https://bugs.webkit.org/show_bug.cgi?id=200186
<rdar://problem/52967940>

Reviewed by Tim Horton.

We currently only have the 'lookup' menu item, so we should always force the 'lookup' action from it.

Reveal is not currently testable.

* editing/cocoa/DictionaryLookup.mm:
(WebCore::showPopupOrCreateAnimationController):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247915 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoUI process occasionally hangs in -[UIKeyboardTaskQueue lockWhenReadyForMainThread]
wenson_hsieh@apple.com [Mon, 29 Jul 2019 19:12:40 +0000 (19:12 +0000)]
UI process occasionally hangs in -[UIKeyboardTaskQueue lockWhenReadyForMainThread]
https://bugs.webkit.org/show_bug.cgi?id=200215
<rdar://problem/52976965>

Reviewed by Tim Horton.

To implement autocorrection on iOS, UIKit sometimes needs to request contextual information from WebKit. This is
handled as a sync IPC message in WebKit, since UIKit would otherwise proceed to block the main thread after
sending the request, preventing WebKit from handling any IPC responses in the UI process (potentially resulting
in deadlock if any other sync IPC messages were to arrive in the UI process during this time).

The synchronous nature of this autocorrection request means that if any sync IPC message were to be
simultaneously dispatched in the opposite direction (i.e. web to UI process), we need to immediately handle the
incoming sync message in the UI process (otherwise, we'd end up deadlocking for 1 second until the
autocorrection context request hits a 1-second IPC timeout).

One such synchronous message from the web process to the UI process is WebPageProxy::CreateNewPage, triggered as
a result of synchronously opening a new window. Due to Safari changes in iOS 13 (<rdar://problem/51755088>),
this message now calls into code which then causes UIKit to call *back into* -[WKContentView
requestAutocorrectionContextWithCompletionHandler:] for the newly opened web view, under the scope of the call
to -requestAutocorrectionContextWithCompletionHandler: in the original web view.

This caused a crash, which was tracked in <rdar://problem/52590170>. There was an attempt to fix this in r247345
by invoking the existing handler well before storing the new one; while this avoided the crash, it didn't solve
the root problem, which was that keyboard task queues would get into a bad state after this scenario; this would
manifest in a UI process hang under -[UIKeyboardTaskQueue lockWhenReadyForMainThread] during the next user
gesture, which is tracked by this bug (<rdar://problem/52976965>).

As it turns out, the keyboard task queue gets into a bad state because it is architected in such a way that
tasks added to the queue under the scope of parent task must be finished executing before their parents;
otherwise, the call to -[UIKeyboardTaskExecutionContext returnExecutionToParentWithInfo:] never happens when
handling the child task. This has the effect of causing the keyboard task queue to end up with a
UIKeyboardTaskExecutionContext that can never return execution to its parent context, such that if the task
queue is then told to wait until any future task is finished executing, it will hang forever, waiting for these
stuck tasks to finish executing (which never happens, because they're all waiting to return execution to their
parents which are already done executing!)

To fix this hang and avoid ever getting into this bad state, we need to invoke the autocorrection request
handlers in this order:

(1) Receive outer autocorrection context request.
(2) Receive inner autocorrection context request.
(3) Invoke inner autocorrection context request completion handler.
(4) Invoke outer autocorrection context request completion handler.

...instead of swapping (3) and (4), like we do currently.

* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView resignFirstResponderForWebView]):

Remove the hack added in r247345 to try and avoid reentrant autocorrection context requests; we don't need this
anymore, since we should now be able to handle these reentrant requests in the way UIKit expects.

(-[WKContentView requestAutocorrectionContextWithCompletionHandler:]):

Add an early return in the case where the request is synchronous and there's already a pending autocorrection
context to ensure that the completion handler for the nested request is invoked before the outer request is
finished.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247914 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[X86] Emit BT instruction for shift + mask in B3
justin_michaud@apple.com [Mon, 29 Jul 2019 18:54:46 +0000 (18:54 +0000)]
[X86] Emit BT instruction for shift + mask in B3
https://bugs.webkit.org/show_bug.cgi?id=199891

Reviewed by Robin Morisset.

Lower the number of iterations to fix debug timeouts.

* microbenchmarks/bit-test-load.js:
(i):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247913 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoREGRESSION (r246899): Subtitles show twice when controls show/hide on hulu.com
simon.fraser@apple.com [Mon, 29 Jul 2019 18:37:50 +0000 (18:37 +0000)]
REGRESSION (r246899): Subtitles show twice when controls show/hide on hulu.com
https://bugs.webkit.org/show_bug.cgi?id=200187
rdar://problem/53511121

Reviewed by Zalan Bujtas.

Source/WebCore:

When a layer that painted into shared backing moved, we'd fail to repaint its old position
because the RenderLayer's repaint rects are cleared via BackingSharingState::updateBeforeDescendantTraversal().

Recomputing repaint rects is expensive, so we only want to do it when necessary, which is for
layers that start and stop sharing (going into and out of compositing already recomputes them).
So add logic to RenderLayerBacking::setBackingSharingLayers() that recomputes repaint rects
on layers that will no longer use shared backing, and those that are newly using shared
backing.

Test: compositing/shared-backing/backing-sharing-repaint.html

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::setBackingProviderLayer):
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::setBackingSharingLayers):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::BackingSharingState::appendSharingLayer):
(WebCore::RenderLayerCompositor::updateBacking):

LayoutTests:

* compositing/shared-backing/backing-sharing-repaint-expected.html: Added.
* compositing/shared-backing/backing-sharing-repaint.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247912 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoThe touch-action property was ignored on replaced elements (canvas, img etc)
simon.fraser@apple.com [Mon, 29 Jul 2019 18:31:04 +0000 (18:31 +0000)]
The touch-action property was ignored on replaced elements (canvas, img etc)
https://bugs.webkit.org/show_bug.cgi?id=200205
rdar://problem/53331224

Reviewed by Antti Koivisto.

Source/WebCore:

The event region painting code didn't handle replaced elements correctly,
causing touch-action to get ignored for <canvas>, <img> etc. Fix by handling
region painting in RenderReplaced.

This still doesn't fix <iframe> but I'm not sure what the correct behavior is there
(webkit.org/b/200204).

Test: pointerevents/ios/touch-action-region-replaced-elements.html

* rendering/RenderReplaced.cpp:
(WebCore::RenderReplaced::paint):
(WebCore::RenderReplaced::shouldPaint):

LayoutTests:

* pointerevents/ios/touch-action-region-replaced-elements-expected.txt: Added.
* pointerevents/ios/touch-action-region-replaced-elements.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247909 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoNetworkProcess clear and fetch of cache entries might move the callback aggregator...
youenn@apple.com [Mon, 29 Jul 2019 18:28:04 +0000 (18:28 +0000)]
NetworkProcess clear and fetch of cache entries might move the callback aggregator more than once
https://bugs.webkit.org/show_bug.cgi?id=200228

Reviewed by Alex Christensen.

copyRef the callback aggregator instead of moving it.

* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::fetchWebsiteData):
(WebKit::NetworkProcess::deleteWebsiteDataForOrigins):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247908 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoREGRESSION (r247898): Multiple Layout Tests in http/tests/contentdispositionattachmen...
timothy_horton@apple.com [Mon, 29 Jul 2019 17:15:24 +0000 (17:15 +0000)]
REGRESSION (r247898): Multiple Layout Tests in http/tests/contentdispositionattachmentsandbox/* are timing out on iOS
<rdar://problem/53664817>

* http/tests/contentdispositionattachmentsandbox/resources/referer-header-stripped.js:
(onload):
iOS has eventSender, so this reorganizing didn't work (well, it worked for macOS...).
Instead, check which platform we're on and use touch vs. mouse events by
platform instead of by available API.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247906 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoPossible use-after-move under NetworkConnectionToWebProcess::resourceLoadStatisticsUp...
cdumez@apple.com [Mon, 29 Jul 2019 16:42:23 +0000 (16:42 +0000)]
Possible use-after-move under NetworkConnectionToWebProcess::resourceLoadStatisticsUpdated()
https://bugs.webkit.org/show_bug.cgi?id=200225

Reviewed by Brent Fulgham.

The code was WTFMove()-ing the method parameter inside of a loop, which means that it could
move it several times. Instead of copying the parameters, I opted into sending the statistics
only to the network session that matches this WebProcess connection.

* NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::resourceLoadStatisticsUpdated):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247905 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[Canvas Timeline] Compact canvas timeline
commit-queue@webkit.org [Mon, 29 Jul 2019 14:40:16 +0000 (14:40 +0000)]
[Canvas Timeline] Compact canvas timeline
https://bugs.webkit.org/show_bug.cgi?id=200177

Patch by Zhifei Fang <zhifei_fang@apple.com> on 2019-07-29
Reviewed by Jonathan Bedard.

* resultsdbpy/resultsdbpy/view/static/library/js/components/BaseComponents.js:
* resultsdbpy/resultsdbpy/view/static/library/js/components/TimelineComponents.js:
(Timeline.CanvasSeriesComponent):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247904 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoREGRESSION(r243058): [GStreamer] WebKitWebSrc's internal queue can exhaust the WebPro...
philn@webkit.org [Mon, 29 Jul 2019 14:33:57 +0000 (14:33 +0000)]
REGRESSION(r243058): [GStreamer] WebKitWebSrc's internal queue can exhaust the WebProcess memory
https://bugs.webkit.org/show_bug.cgi?id=199998

Reviewed by Xabier Rodriguez-Calvar.

With the webkitwebsrc rewrite the element lost its ability to tell
the resource loader when to pause and resume downloading because
we don't use appsrc and its enough-data/need-data signals anymore.
So new heuristics are introduced with this patch. Downloading of
resources bigger than 2MiB might pause when the internal adapter
has enough data (2% of the full resource) and resume when the
adapter size goes below 20% of those 2%.

No new tests, the media element spec doesn't clearly mandate how
the resource loading should behave when the element is paused or
how aggressively the resource should be downloaded during
playback.

This patch was functionally tested with a 1.3GiB resource loaded
over the local network, the resource was downloaded in ~30MiB
chunks, stopping and resuming every 20 seconds, approximately.

* platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
(webkit_web_src_class_init):
(webKitWebSrcCreate):
(CachedResourceStreamingClient::responseReceived):
(CachedResourceStreamingClient::dataReceived):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247903 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoWebSockets: workers never use the platform WebSockets path
carlosgc@webkit.org [Mon, 29 Jul 2019 09:11:31 +0000 (09:11 +0000)]
WebSockets: workers never use the platform WebSockets path
https://bugs.webkit.org/show_bug.cgi?id=200161

Reviewed by Michael Catanzaro.

A WebCore::WebSocketChannel is created unconditionally in WorkerThreadableWebSocketChannel::Peer.

* Modules/websockets/ThreadableWebSocketChannel.cpp:
(WebCore::ThreadableWebSocketChannel::create): New create method that receives a Document& and creates the
WebSocket channel checking the runtime enabled features to decide.
* Modules/websockets/ThreadableWebSocketChannel.h:
* Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
(WebCore::WorkerThreadableWebSocketChannel::Peer::Peer): Use ThreadableWebSocketChannel::create().

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247902 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoMultiple context menu actions broken for YouTube videos
carlosgc@webkit.org [Mon, 29 Jul 2019 09:07:26 +0000 (09:07 +0000)]
Multiple context menu actions broken for YouTube videos
https://bugs.webkit.org/show_bug.cgi?id=199999

Reviewed by Eric Carlson.

Source/WebCore:

Do not include CopyMediaLinkItem and OpenMediaInNewWindowItem to the context menu when media URL is not
downloadable or the request can't be handled.

* page/ContextMenuController.cpp:
(WebCore::ContextMenuController::populate):

Tools:

Add a test case to check copy link address, open in new window and download options are not included in the
context menu for non-downloadable media.

* TestWebKitAPI/Tests/WebKitGtk/TestContextMenu.cpp:
(writeNextChunk):
(serverCallback):
(testContextMenuLiveStream):
(beforeAll):
(afterAll):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247901 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoUnreviewed, rolling out r247886.
commit-queue@webkit.org [Mon, 29 Jul 2019 04:31:04 +0000 (04:31 +0000)]
Unreviewed, rolling out r247886.
https://bugs.webkit.org/show_bug.cgi?id=200214

"Causes PLT5 regression on some machines" (Requested by mlam|a
on #webkit).

Reverted changeset:

"Add crash diagnostics for debugging unexpected zapped cells."
https://bugs.webkit.org/show_bug.cgi?id=200149
https://trac.webkit.org/changeset/247886

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247900 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoFix the release build
timothy_horton@apple.com [Mon, 29 Jul 2019 02:27:28 +0000 (02:27 +0000)]
Fix the release build

* Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.cpp:
(WebCore::WHLSL::Metal::TypeNamer::insert):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247899 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoReorganize UIScriptController into platform-specific subclasses
timothy_horton@apple.com [Mon, 29 Jul 2019 02:10:56 +0000 (02:10 +0000)]
Reorganize UIScriptController into platform-specific subclasses
https://bugs.webkit.org/show_bug.cgi?id=200027

Reviewed by Simon Fraser.

Instead of a mishmash of #ifdefs and extraneous empty functions,
reorganize UIScriptController so that we have a base class
with functions that assert if called (to make it harder to
accidentally write a test that depends on unimplemented
functionality), and override them in platform specific subclasses
as functionality is added.

* DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:
* DumpRenderTree/ios/UIScriptControllerIOS.h: Added.
* DumpRenderTree/ios/UIScriptControllerIOS.mm:
* DumpRenderTree/mac/UIScriptControllerMac.h: Added.
* DumpRenderTree/mac/UIScriptControllerMac.mm:
* TestRunnerShared/UIScriptContext/UIScriptController.cpp:
* TestRunnerShared/UIScriptContext/UIScriptController.h:
* WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj:
* WebKitTestRunner/cocoa/UIScriptControllerCocoa.h: Added.
* WebKitTestRunner/cocoa/UIScriptControllerCocoa.mm: Added.
* WebKitTestRunner/gtk/UIScriptControllerGtk.cpp:
* WebKitTestRunner/gtk/UIScriptControllerGtk.h: Added.
* WebKitTestRunner/ios/UIScriptControllerIOS.h: Added.
* WebKitTestRunner/ios/UIScriptControllerIOS.mm:
* WebKitTestRunner/mac/UIScriptControllerMac.h: Added.
* WebKitTestRunner/mac/UIScriptControllerMac.mm:

* http/tests/contentdispositionattachmentsandbox/resources/referer-header-stripped.js:
(onload):
This test both uses event sender to click, and UIScriptController to "tap".
Since singleTapAtPoint is unimplemented on macOS, it really just ended
up doing nothing, but now it asserts. Only click or tap, but not both.

* platform/mac/TestExpectations:
* platform/win/TestExpectations:
Skip some tests for unimplemented or unsupported features.

* platform/mac/fast/events/autoscroll-when-input-is-offscreen-expected.txt: Removed.
* platform/mac/fast/events/autoscroll-with-software-keyboard-expected.txt: Removed.
Remove unneeded test results.

* swipe/resources/swipe-test.js:
(playEventStream):
playBackEventStream is unimplemented on iOS. Also, it's not necessary
for simulated swipe to send events at all on iOS, so just bail, which
is equivalent to what used to happen.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247898 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[Win][WK1] Can't change Web Inspector frontend height in high DPI
Hironori.Fujii@sony.com [Mon, 29 Jul 2019 02:07:18 +0000 (02:07 +0000)]
[Win][WK1] Can't change Web Inspector frontend height in high DPI
https://bugs.webkit.org/show_bug.cgi?id=200153

Reviewed by Don Olmstead.

* WebCoreSupport/WebInspectorClient.cpp:
(WebInspectorFrontendClient::setAttachedWindowHeight):
Applied deviceScaleFactor to the argument height.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247897 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[Win][MiniBrowser] Remove PageLoadTestClient
Hironori.Fujii@sony.com [Mon, 29 Jul 2019 02:03:32 +0000 (02:03 +0000)]
[Win][MiniBrowser] Remove PageLoadTestClient
https://bugs.webkit.org/show_bug.cgi?id=200155

Reviewed by Brent Fulgham.

It is not used nowadays.

* MiniBrowser/win/CMakeLists.txt:
* MiniBrowser/win/Common.cpp:
(parseCommandLine):
* MiniBrowser/win/Common.h:
* MiniBrowser/win/MainWindow.cpp:
(MainWindow::init):
* MiniBrowser/win/MainWindow.h:
* MiniBrowser/win/MiniBrowserWebHost.cpp:
(MiniBrowserWebHost::updateAddressBar):
(MiniBrowserWebHost::didFinishLoadForFrame):
(MiniBrowserWebHost::didStartProvisionalLoadForFrame):
(MiniBrowserWebHost::didFailLoadWithError):
(MiniBrowserWebHost::didHandleOnloadEventsForFrame):
(MiniBrowserWebHost::didFirstLayoutInFrame):
* MiniBrowser/win/PageLoadTestClient.cpp: Removed.
* MiniBrowser/win/PageLoadTestClient.h: Removed.
* MiniBrowser/win/ResourceLoadDelegate.cpp:
(ResourceLoadDelegate::identifierForInitialRequest):
(ResourceLoadDelegate::willSendRequest):
(ResourceLoadDelegate::didFinishLoadingFromDataSource):
(ResourceLoadDelegate::didFailLoadingWithError):
* MiniBrowser/win/WebKitBrowserWindow.cpp:
(WebKitBrowserWindow::create):
(WebKitBrowserWindow::createNewPage):
* MiniBrowser/win/WebKitBrowserWindow.h:
* MiniBrowser/win/WebKitLegacyBrowserWindow.cpp:
(WebKitLegacyBrowserWindow::create):
(WebKitLegacyBrowserWindow::WebKitLegacyBrowserWindow):
(WebKitLegacyBrowserWindow::exitProgram): Deleted.
* MiniBrowser/win/WebKitLegacyBrowserWindow.h:
(WebKitLegacyBrowserWindow::pageLoadTestClient): Deleted.
* MiniBrowser/win/WinMain.cpp:
(wWinMain):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247896 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoFix static analyzer build
ap@apple.com [Sun, 28 Jul 2019 21:28:24 +0000 (21:28 +0000)]
Fix static analyzer build
https://bugs.webkit.org/show_bug.cgi?id=200201

Reviewed by Anders Carlsson.

* Makefile: Add an analyze target, as this makefile is now used for full builds,
including static analyzer ones.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247895 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[iOS] Touch regions overlay needs to show touch-action:none
simon.fraser@apple.com [Sun, 28 Jul 2019 21:23:51 +0000 (21:23 +0000)]
[iOS] Touch regions overlay needs to show touch-action:none
https://bugs.webkit.org/show_bug.cgi?id=200203

Reviewed by Wenson Hsieh.

When I added touch-action overlay painting, I didn't realize that touch-action:none
was an important value to display. But it is, so fix that.

* rendering/RenderLayerBacking.cpp:
(WebCore::patternForTouchAction):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247894 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[WHLSL] Remove UnnamedType copy/move constructors and mark classes as final
sbarati@apple.com [Sun, 28 Jul 2019 01:31:48 +0000 (01:31 +0000)]
[WHLSL] Remove UnnamedType copy/move constructors and mark classes as final
https://bugs.webkit.org/show_bug.cgi?id=200188

Reviewed by Myles C. Maxfield.

Since they are ref counted, you should make taking a ref to them
instead of moving or copying them. This patch encodes that by deleting
the relevant copy/move constructors and assignment operators.

* Modules/webgpu/WHLSL/AST/WHLSLArrayReferenceType.h:
* Modules/webgpu/WHLSL/AST/WHLSLArrayType.h:
(WebCore::WHLSL::AST::ArrayType::ArrayType): Deleted.
(WebCore::WHLSL::AST::ArrayType::create): Deleted.
(WebCore::WHLSL::AST::ArrayType::type const): Deleted.
(WebCore::WHLSL::AST::ArrayType::type): Deleted.
(WebCore::WHLSL::AST::ArrayType::numElements const): Deleted.
* Modules/webgpu/WHLSL/AST/WHLSLPointerType.h:
(WebCore::WHLSL::AST::PointerType::PointerType): Deleted.
(WebCore::WHLSL::AST::PointerType::create): Deleted.
* Modules/webgpu/WHLSL/AST/WHLSLReferenceType.h:
* Modules/webgpu/WHLSL/AST/WHLSLTypeReference.h:
(WebCore::WHLSL::AST::TypeReference::TypeReference): Deleted.
(WebCore::WHLSL::AST::TypeReference::create): Deleted.
(WebCore::WHLSL::AST::TypeReference::name): Deleted.
(WebCore::WHLSL::AST::TypeReference::typeArguments): Deleted.
(WebCore::WHLSL::AST::TypeReference::maybeResolvedType const): Deleted.
(WebCore::WHLSL::AST::TypeReference::resolvedType const): Deleted.
(WebCore::WHLSL::AST::TypeReference::setResolvedType): Deleted.
* Modules/webgpu/WHLSL/AST/WHLSLUnnamedType.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247893 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[WebGPU] Update GPUComputePipeline errors to match GPURenderPipeline implementation
justin_fan@apple.com [Sun, 28 Jul 2019 00:47:00 +0000 (00:47 +0000)]
[WebGPU] Update GPUComputePipeline errors to match GPURenderPipeline implementation
https://bugs.webkit.org/show_bug.cgi?id=200097

Reviewed by Myles C. Maxfield.

Remove passing around a functionName in GPUComputePipeline creation in favor of setting it on the GPUErrorScopes.
Also, WebGPU objects no longer create new Ref<>s unless object creation succeeds.

No new tests. Covered by existing tests.

* Modules/webgpu/WebGPUDevice.cpp:
(WebCore::WebGPUDevice::createBuffer const):
(WebCore::WebGPUDevice::createBufferMapped const):
(WebCore::WebGPUDevice::createComputePipeline const):
* platform/graphics/gpu/GPUBuffer.h:
* platform/graphics/gpu/GPUComputePipeline.h:
* platform/graphics/gpu/GPUDevice.cpp:
(WebCore::GPUDevice::tryCreateBuffer):
(WebCore::GPUDevice::tryCreateComputePipeline const):
* platform/graphics/gpu/GPUDevice.h:
* platform/graphics/gpu/GPUErrorScopes.cpp:
(WebCore::GPUErrorScopes::generatePrefixedError): Only validaton errors have messages right now.
* platform/graphics/gpu/GPUErrorScopes.h:
* platform/graphics/gpu/cocoa/GPUBufferMetal.mm:
(WebCore::GPUBuffer::validateBufferUsage):
(WebCore::GPUBuffer::tryCreate):
(WebCore::GPUBuffer::GPUBuffer):
* platform/graphics/gpu/cocoa/GPUComputePipelineMetal.mm:
(WebCore::trySetMetalFunctions):
(WebCore::trySetFunctions):
(WebCore::convertComputePipelineDescriptor):
(WebCore::tryCreateMTLComputePipelineState):
(WebCore::GPUComputePipeline::tryCreate):
(WebCore::GPUComputePipeline::GPUComputePipeline):
* platform/graphics/gpu/cocoa/GPURenderPipelineMetal.mm:
(WebCore::trySetMetalFunctions):
(WebCore::trySetFunctions):

These classes were made RefCounted in a previous patch; remove their move ctors to fix build.
* Modules/webgpu/WHLSL/AST/WHLSLArrayReferenceType.h:
* Modules/webgpu/WHLSL/AST/WHLSLArrayType.h:
* Modules/webgpu/WHLSL/AST/WHLSLPointerType.h:
* Modules/webgpu/WHLSL/AST/WHLSLReferenceType.h:
* Modules/webgpu/WHLSL/AST/WHLSLTypeReference.h:
* Modules/webgpu/WHLSL/AST/WHLSLUnnamedType.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247892 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoExpose the aria-label attribute for <video> elements.
commit-queue@webkit.org [Sun, 28 Jul 2019 00:42:36 +0000 (00:42 +0000)]
Expose the aria-label attribute for <video> elements.
https://bugs.webkit.org/show_bug.cgi?id=200169
<rdar://problem/51754558>

Patch by Andres Gonzalez <andresg_22@apple.com> on 2019-07-27
Reviewed by Chris Fleizach.

Source/WebCore:

Tests: accessibility/ios-simulator/media-with-aria-label.html
       accessibility/media-with-aria-label.html

We now expose the <video> element to accessibility clients as long as auto-play is not enabled.
* accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
(-[WebAccessibilityObjectWrapper accessibilityIsWebInteractiveVideo]):

LayoutTests:

* accessibility/ios-simulator/media-with-aria-label-expected.txt: Added.
* accessibility/ios-simulator/media-with-aria-label.html: Added.
* accessibility/media-with-aria-label-expected.txt: Added.
* accessibility/media-with-aria-label.html: Added.
* platform/win/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247891 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoAllow more syscalls in the WebContent process' sandbox profile
cdumez@apple.com [Sat, 27 Jul 2019 13:41:51 +0000 (13:41 +0000)]
Allow more syscalls in the WebContent process' sandbox profile
https://bugs.webkit.org/show_bug.cgi?id=200182
<rdar://problem/53594973>

Reviewed by Geoffrey Garen.

I reviewed all crash traces attached to the radar and found the following
syscalls that we not yet allowed by the WebContent process's sandbox
profile.

* WebProcess/com.apple.WebProcess.sb.in:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247890 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[X86] Emit BT instruction for shift + mask in B3
justin_michaud@apple.com [Sat, 27 Jul 2019 07:08:01 +0000 (07:08 +0000)]
[X86] Emit BT instruction for shift + mask in B3
https://bugs.webkit.org/show_bug.cgi?id=199891

Reviewed by Keith Miller.

JSTests:

* microbenchmarks/bit-test-constant.js: Added.
(let.glob.0.doTest):
* microbenchmarks/bit-test-load.js: Added.
(let.glob.0.let.arr.new.Int32Array.8.doTest):
(i):
* microbenchmarks/bit-test-nonconstant.js: Added.
(let.glob.0.doTest):

Source/JavaScriptCore:

- Add a new BranchTestBit air opcode, matching the intel bt instruction
- Select this instruction for the following patterns:
  if (a & (1<<b))
  if ((a>>b)&1)
  if ((~a>>b)&1)
  if (~a & (1<<b))
- 15% perf progression on the nonconstant microbenchmark, neutral otherwise.
- Note: we cannot fuse loads when we have bitBase=Load, bitOffset=Tmp, since the X86 instruction has
  different behaviour in this mode. It will read past the current dword/qword instead of wrapping around.

* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::branchTestBit32):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::branchTestBit64):
* assembler/X86Assembler.h:
(JSC::X86Assembler::bt_ir):
(JSC::X86Assembler::bt_im):
(JSC::X86Assembler::btw_ir):
(JSC::X86Assembler::btw_im):
* assembler/testmasm.cpp:
(JSC::int64Operands):
(JSC::testBranchTestBit32RegReg):
(JSC::testBranchTestBit32RegImm):
(JSC::testBranchTestBit32AddrImm):
(JSC::testBranchTestBit64RegReg):
(JSC::testBranchTestBit64RegImm):
(JSC::testBranchTestBit64AddrImm):
(JSC::run):
* b3/B3LowerToAir.cpp:
* b3/air/AirOpcode.opcodes:
* b3/testb3.cpp:
(JSC::B3::testBranchBitTest32TmpImm):
(JSC::B3::testBranchBitTest32AddrImm):
(JSC::B3::testBranchBitTest32TmpTmp):
(JSC::B3::testBranchBitTest64TmpTmp):
(JSC::B3::testBranchBitTest64AddrTmp):
(JSC::B3::run):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247889 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[JSC] Potential GC fix for JSPropertyNameEnumerator
ysuzuki@apple.com [Sat, 27 Jul 2019 04:55:11 +0000 (04:55 +0000)]
[JSC] Potential GC fix for JSPropertyNameEnumerator
https://bugs.webkit.org/show_bug.cgi?id=200151

Reviewed by Mark Lam.

JSTests:

* stress/for-in-stress.js: Added.
(keys):

Source/JavaScriptCore:

We have been seeing some JSPropertyNameEnumerator::visitChildren crashes for a long time. The crash frequency itself is not high, but it has existed for a long time.
The crash happens when visiting m_propertyNames. It is also possible that this crash is caused by random corruption somewhere, but JSPropertyNameEnumerator
has some tricky (and potentially dangerous) implementations anyway.

1. JSPropertyNameEnumerator have Vector<WriteBarrier<JSString>> and it is extended in finishCreation with a lock.
   We should use Auxiliary memory for this use case. And we should set this memory in the constructor so that
   we do not extend it in finishCreation, and we do not need a lock.
2. JSPropertyNameEnumerator gets StructureID before allocating JSPropertyNameEnumerator. This is potentially dangerous because the conservative scan
   cannot find the Structure* since we could only have StructureID. Since allocation code happens after StructureID is retrieved, it is possible that
   the allocation causes GC and Structure* is collected.

In this patch, we align JSPropertyNameEnumerator implementation to the modern one to avoid using Vector<WriteBarrier<JSString>>. And we can make JSPropertyNameEnumerator
a non-destructible cell. Since JSCell's destructor is one of the cause of various issues, we should avoid it if we can.

No behavior change. This patch adds a test stressing JSPropertyNameEnumerator.

* dfg/DFGOperations.cpp:
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/JSPropertyNameEnumerator.cpp:
(JSC::JSPropertyNameEnumerator::create):
(JSC::JSPropertyNameEnumerator::JSPropertyNameEnumerator):
(JSC::JSPropertyNameEnumerator::finishCreation):
(JSC::JSPropertyNameEnumerator::visitChildren):
(JSC::JSPropertyNameEnumerator::destroy): Deleted.
* runtime/JSPropertyNameEnumerator.h:
* runtime/VM.cpp:
(JSC::VM::emptyPropertyNameEnumeratorSlow):
* runtime/VM.h:
(JSC::VM::emptyPropertyNameEnumerator):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247888 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoUnreviewed. Remove invalid assertion after r247878.
sbarati@apple.com [Sat, 27 Jul 2019 02:18:41 +0000 (02:18 +0000)]
Unreviewed. Remove invalid assertion after r247878.
We were essentially asserting all UnnamedType* were
unique. But my patch made this no longer the case by
design to make things faster.

* Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.cpp:
(WebCore::WHLSL::Metal::TypeNamer::insert):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247887 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoAdd crash diagnostics for debugging unexpected zapped cells.
mark.lam@apple.com [Sat, 27 Jul 2019 00:43:54 +0000 (00:43 +0000)]
Add crash diagnostics for debugging unexpected zapped cells.
https://bugs.webkit.org/show_bug.cgi?id=200149
<rdar://problem/53570112>

Reviewed by Yusuke Suzuki, Saam Barati, and Michael Saboff.

Source/JavaScriptCore:

Add a check for zapped cells in SlotVisitor::appendToMarkStack() and
SlotVisitor::visitChildren().  If a zapped cell is detected, we will crash with
some diagnostic info.

To facilitate this, we've made the following changes:
1. Changed FreeCell to preserve the 1st 8 bytes.  This is fine to do because all
   cells are at least 16 bytes long.
2. Changed HeapCell::zap() to only zap the structureID.  Leave the rest of the
   cell header info intact (including the cell JSType).
3. Changed HeapCell::zap() to record the reason for zapping the cell.  We stash
   the reason immediately after the first 8 bytes.  This is the same location as
   FreeCell::scrambledNext.  However, since a cell is not expected to be zapped
   and on the free list at the same time, it is also fine to do this.
4. Added a few utility functions to MarkedBlock for checking if a cell points
   into the block.
5. Added VMInspector and JSDollarVM utilities to dump in-use subspace hashes.
6. Added some comments to document the hashes of known subspaces.

* heap/FreeList.h:
(JSC::FreeCell::offsetOfScrambledNext):
* heap/HeapCell.h:
(JSC::HeapCell::zap):
(JSC::HeapCell::isZapped const):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::Handle::stopAllocating):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::Handle::start const):
(JSC::MarkedBlock::Handle::end const):
(JSC::MarkedBlock::Handle::contains const):
* heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::Handle::specializedSweep):
* heap/MarkedSpace.h:
(JSC::MarkedSpace::forEachSubspace):
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::appendToMarkStack):
(JSC::SlotVisitor::visitChildren):
(JSC::SlotVisitor::reportZappedCellAndCrash):
* heap/SlotVisitor.h:
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
* runtime/VM.cpp:
(JSC::VM::VM):
* tools/JSDollarVM.cpp:
(JSC::functionDumpSubspaceHashes):
(JSC::JSDollarVM::finishCreation):
* tools/VMInspector.cpp:
(JSC::VMInspector::dumpSubspaceHashes):
* tools/VMInspector.h:

Source/WebCore:

No new tests because this is a feature for debugging crashes.  It has been tested
manually by modifying the code to force a crash at the point of interest.

Added some comments to document the hashes of known subspaces.

* bindings/js/WebCoreJSClientData.cpp:
(WebCore::JSVMClientData::JSVMClientData):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247886 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoNavigationSOAuthorizationSession should check the active URL of the responding page...
jiewen_tan@apple.com [Sat, 27 Jul 2019 00:03:45 +0000 (00:03 +0000)]
NavigationSOAuthorizationSession should check the active URL of the responding page after waking up from waiting
https://bugs.webkit.org/show_bug.cgi?id=200150
<rdar://problem/53280170>

Reviewed by Brent Fulgham.

Source/WebKit:

NavigationSOAuthorizationSession should check the active URL of the responding page after waking up from waiting
as the page might have already changed the location.

* UIProcess/Cocoa/SOAuthorization/NavigationSOAuthorizationSession.h:
* UIProcess/Cocoa/SOAuthorization/NavigationSOAuthorizationSession.mm:
(WebKit::NavigationSOAuthorizationSession::shouldStartInternal):
(WebKit::NavigationSOAuthorizationSession::webViewDidMoveToWindow):
(WebKit::NavigationSOAuthorizationSession::pageActiveURLDidChangeDuringWaiting const):
* UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.mm:
(WebKit::SubFrameSOAuthorizationSession::abortInternal):

Tools:

* TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:
(TestWebKitAPI::TEST):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247885 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoFollow-up fix: results.webkit.org: Suite results shouldn't be the landing page
jbedard@apple.com [Fri, 26 Jul 2019 23:58:59 +0000 (23:58 +0000)]
Follow-up fix: results.webkit.org: Suite results shouldn't be the landing page
https://bugs.webkit.org/show_bug.cgi?id=200090

Unreviewed follow-up fix.

* resultsdbpy/resultsdbpy/view/view_routes.py:
(ViewRoutes.__init__): Keep /search endpoint for existing links

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247884 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[Win] Remove unused methods from WebPluginInfoProvider
annulen@yandex.ru [Fri, 26 Jul 2019 23:48:33 +0000 (23:48 +0000)]
[Win] Remove unused methods from WebPluginInfoProvider
https://bugs.webkit.org/show_bug.cgi?id=200178

Reviewed by Brent Fulgham.

These methods are guarded with PLATFORM(MAC) and have no definitions.
Also remove unused friend declaration.

* WebCoreSupport/WebPluginInfoProvider.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247883 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoMoving right by word boundary right before an object element followed by a br element...
rniwa@webkit.org [Fri, 26 Jul 2019 23:38:16 +0000 (23:38 +0000)]
Moving right by word boundary right before an object element followed by a br element hangs
https://bugs.webkit.org/show_bug.cgi?id=200144

Reviewed by Simon Fraser.

Source/WebCore:

The bug was caused by an infinite loop inside wordBreakIteratorForMinOffsetBoundary when it's trying to
find the previous word boundary at the beginning of a word after the object element and the br element.
In this case, previousBox is at the br element after the object element in the preceding line, and
logicallyPreviousBox ends up returning the same inline box (that of the br element), causing a hang.

Here's how. In logicallyPreviousBox, previousRootInlineBoxCandidatePosition returns a legacy position
immediately after the object element. The root inline box for this position (previousRoot) is the one
that contains the object element and the br element. However, when previousTextOrLineBreakBox is called
on this root inline box, "box" argument of the function is set to nullptr, and as a result, the function
finds and returns the same inline box of the br element that was passed to logicallyPreviousBox.

Fixed the bug by passing the starting inline box to previousRootInlineBoxCandidatePosition when its
root inline box is the previous root inline box (previousRoot). Also applied the same fix to
logicallyNextBox even though we don't have a reproduction for that case for now (RTL test case is
unaffected by nextRootInlineBoxCandidatePosition).

Tests: editing/selection/move-by-word-visually-across-object-element-1.html
       editing/selection/move-by-word-visually-across-object-element-2.html
       editing/selection/move-by-word-visually-across-object-element-3.html

* editing/VisibleUnits.cpp:
(WebCore::logicallyPreviousBox): Fixed the bug.
(WebCore::logicallyNextBox): Ditto.

LayoutTests:

Added regression tests. The second test case involes non-word characters "%)" which are skipped like whitespaces
for the purposes of moving right or left by word granularity. The third test case involves RTL text.

* editing/selection/move-by-word-visually-across-object-element-1-expected.txt: Added.
* editing/selection/move-by-word-visually-across-object-element-1.html: Added.
* editing/selection/move-by-word-visually-across-object-element-2-expected.txt: Added.
* editing/selection/move-by-word-visually-across-object-element-2.html: Added.
* editing/selection/move-by-word-visually-across-object-element-3-expected.txt: Added.
* editing/selection/move-by-word-visually-across-object-element-3.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247881 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoDo not fire readystatechange events at documents about to get replaced by javascript...
beidson@apple.com [Fri, 26 Jul 2019 22:53:47 +0000 (22:53 +0000)]
Do not fire readystatechange events at documents about to get replaced by javascript URLs.
<rdar://problem/51665406> and https://bugs.webkit.org/show_bug.cgi?id=198786

Reviewed by Ryosuke Niwa.

Source/WebCore:

Test: http/tests/dom/ready-state-on-javascript-replace.html

We were firing too many readystatechange events, more than other browsers.
Our behavior on this test with this patch now matches Chrome.

(There was even an ancient FIXME alluding to this referencing a spec issue, and that issues has long been resolvedv)

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::stopLoading):

LayoutTests:

* http/tests/dom/ready-state-on-javascript-replace-expected.txt: Added.
* http/tests/dom/ready-state-on-javascript-replace.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247880 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[iPadOS] wix.com cannot select a template to edit or view
zalan@apple.com [Fri, 26 Jul 2019 21:27:38 +0000 (21:27 +0000)]
[iPadOS] wix.com cannot select a template to edit or view
https://bugs.webkit.org/show_bug.cgi?id=200174
<rdar://problem/53281296>

Reviewed by Simon Fraser.

Opt out of simulated mouse event sending for template selection on wix.com.
When wix.com receives a simulated mouse event during the touch events, it calls preventDefault() which prevents us from running the hover heuristics -> no click.

* page/Quirks.cpp:
(WebCore::Quirks::shouldDispatchSimulatedMouseEvents const):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247879 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months ago[WHLSL] UnnamedType should be reference counted
sbarati@apple.com [Fri, 26 Jul 2019 21:26:12 +0000 (21:26 +0000)]
[WHLSL] UnnamedType should be reference counted
https://bugs.webkit.org/show_bug.cgi?id=200098

Reviewed by Dean Jackson.

This patch makes UnnamedType reference counted. The motivation for doing this
is I measured how many times we were cloning UnnamedTypes, and I found we were
doing it ~433,000 times in some of Justin's demos. This is hugely wasteful,
given that an UnnamedType is immutable in the sense that once the type is
resolved, it will never change. So instead of repeatedly cloning the same
type, and having Expression point to a UniqueRef of UnnamedType, we should
instead make UnnamedType reference counted, and have expressions point to a
potentially shared UnnamedType.

Doing this is hugely beneficial to WHLSL compile times. On Justin's demos,
these are the results I'm getting:

hello-triangle: neutral
hello-cube: 55% faster
compute-blur: 35% faster
textured-cube: 49% faster

* Modules/webgpu/WHLSL/AST/WHLSLArrayReferenceType.h:
(WebCore::WHLSL::AST::ArrayReferenceType::ArrayReferenceType):
(WebCore::WHLSL::AST::ArrayReferenceType::create):
* Modules/webgpu/WHLSL/AST/WHLSLArrayType.h:
(WebCore::WHLSL::AST::ArrayType::ArrayType):
(WebCore::WHLSL::AST::ArrayType::create):
* Modules/webgpu/WHLSL/AST/WHLSLEnumerationDefinition.h:
(WebCore::WHLSL::AST::EnumerationDefinition::EnumerationDefinition):
* Modules/webgpu/WHLSL/AST/WHLSLExpression.h:
(WebCore::WHLSL::AST::Expression::setType):
(WebCore::WHLSL::AST::Expression::copyTypeTo const):
* Modules/webgpu/WHLSL/AST/WHLSLFloatLiteral.h:
(WebCore::WHLSL::AST::FloatLiteral::clone const):
* Modules/webgpu/WHLSL/AST/WHLSLFloatLiteralType.cpp:
(WebCore::WHLSL::AST::FloatLiteralType::FloatLiteralType):
(WebCore::WHLSL::AST::FloatLiteralType::clone const):
* Modules/webgpu/WHLSL/AST/WHLSLFloatLiteralType.h:
* Modules/webgpu/WHLSL/AST/WHLSLFunctionDeclaration.h:
(WebCore::WHLSL::AST::FunctionDeclaration::FunctionDeclaration):
* Modules/webgpu/WHLSL/AST/WHLSLIntegerLiteral.h:
(WebCore::WHLSL::AST::IntegerLiteral::clone const):
* Modules/webgpu/WHLSL/AST/WHLSLIntegerLiteralType.cpp:
(WebCore::WHLSL::AST::IntegerLiteralType::IntegerLiteralType):
(WebCore::WHLSL::AST::IntegerLiteralType::clone const):
* Modules/webgpu/WHLSL/AST/WHLSLIntegerLiteralType.h:
* Modules/webgpu/WHLSL/AST/WHLSLNullLiteral.h:
(WebCore::WHLSL::AST::NullLiteral::clone const):
* Modules/webgpu/WHLSL/AST/WHLSLPointerType.h:
(WebCore::WHLSL::AST::PointerType::PointerType):
(WebCore::WHLSL::AST::PointerType::create):
* Modules/webgpu/WHLSL/AST/WHLSLReadModifyWriteExpression.h:
(WebCore::WHLSL::AST::ReadModifyWriteExpression::ReadModifyWriteExpression):
* Modules/webgpu/WHLSL/AST/WHLSLReferenceType.h:
(WebCore::WHLSL::AST::ReferenceType::ReferenceType):
* Modules/webgpu/WHLSL/AST/WHLSLResolvableType.h:
(WebCore::WHLSL::AST::ResolvableType::resolve):
* Modules/webgpu/WHLSL/AST/WHLSLStructureElement.h:
(WebCore::WHLSL::AST::StructureElement::StructureElement):
* Modules/webgpu/WHLSL/AST/WHLSLTypeArgument.cpp:
(WebCore::WHLSL::AST::clone):
* Modules/webgpu/WHLSL/AST/WHLSLTypeArgument.h:
* Modules/webgpu/WHLSL/AST/WHLSLTypeDefinition.h:
(WebCore::WHLSL::AST::TypeDefinition::TypeDefinition):
* Modules/webgpu/WHLSL/AST/WHLSLTypeReference.cpp:
(WebCore::WHLSL::AST::TypeReference::wrap):
* Modules/webgpu/WHLSL/AST/WHLSLTypeReference.h:
(WebCore::WHLSL::AST::TypeReference::create):
(WebCore::WHLSL::AST::TypeReference::cloneTypeReference const): Deleted.
* Modules/webgpu/WHLSL/AST/WHLSLUnnamedType.h:
* Modules/webgpu/WHLSL/AST/WHLSLUnsignedIntegerLiteral.h:
(WebCore::WHLSL::AST::UnsignedIntegerLiteral::clone const):
* Modules/webgpu/WHLSL/AST/WHLSLUnsignedIntegerLiteralType.cpp:
(WebCore::WHLSL::AST::UnsignedIntegerLiteralType::UnsignedIntegerLiteralType):
(WebCore::WHLSL::AST::UnsignedIntegerLiteralType::clone const):
* Modules/webgpu/WHLSL/AST/WHLSLUnsignedIntegerLiteralType.h:
* Modules/webgpu/WHLSL/AST/WHLSLVariableDeclaration.h:
* Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp:
(WebCore::WHLSL::Metal::vectorInnerType):
* Modules/webgpu/WHLSL/Metal/WHLSLNativeTypeWriter.cpp:
(WebCore::WHLSL::Metal::writeNativeType):
* Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.cpp:
(WebCore::WHLSL::AutoInitialize::visit):
* Modules/webgpu/WHLSL/WHLSLCheckDuplicateFunctions.cpp:
(WebCore::WHLSL::DuplicateFunctionKey::hash const):
* Modules/webgpu/WHLSL/WHLSLChecker.cpp:
(WebCore::WHLSL::resolveWithOperatorAnderIndexer):
(WebCore::WHLSL::resolveWithOperatorLength):
(WebCore::WHLSL::resolveWithReferenceComparator):
(WebCore::WHLSL::resolveByInstantiation):
(WebCore::WHLSL::checkOperatorOverload):
(WebCore::WHLSL::Checker::assignTypes):
(WebCore::WHLSL::matchAndCommit):
(WebCore::WHLSL::commit):
(WebCore::WHLSL::Checker::assignConcreteType):
(WebCore::WHLSL::Checker::assignType):
(WebCore::WHLSL::Checker::forwardType):
(WebCore::WHLSL::Checker::visit):
(WebCore::WHLSL::getUnnamedType):
(WebCore::WHLSL::argumentTypeForAndOverload):
(WebCore::WHLSL::Checker::finishVisiting):
(WebCore::WHLSL::Checker::isBoolType):
* Modules/webgpu/WHLSL/WHLSLInferTypes.cpp:
(WebCore::WHLSL::matchAndCommit):
(WebCore::WHLSL::commit):
(WebCore::WHLSL::inferTypesForTypeArguments):
(WebCore::WHLSL::inferTypesForCallImpl):
* Modules/webgpu/WHLSL/WHLSLInferTypes.h:
* Modules/webgpu/WHLSL/WHLSLIntrinsics.cpp:
(WebCore::WHLSL::Intrinsics::addVector):
(WebCore::WHLSL::Intrinsics::addMatrix):
(WebCore::WHLSL::Intrinsics::addTexture):
* Modules/webgpu/WHLSL/WHLSLParser.cpp:
(WebCore::WHLSL::Parser::parseTypeArgument):
(WebCore::WHLSL::Parser::parseType):
(WebCore::WHLSL::Parser::parseEnumerationDefinition):
(WebCore::WHLSL::Parser::parseVariableDeclaration):
(WebCore::WHLSL::Parser::parseVariableDeclarations):
* Modules/webgpu/WHLSL/WHLSLParser.h:
* Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp:
(WebCore::WHLSL::PreserveLifetimes::PreserveLifetimes):
(WebCore::WHLSL::PreserveLifetimes::makeStructVariableReference):
(WebCore::WHLSL::PreserveLifetimes::assignVariableIntoStruct):
(WebCore::WHLSL::preserveVariableLifetimes):
* Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp:
(WebCore::WHLSL::wrapAnderCallArgument):
(WebCore::WHLSL::anderCallArgument):
(WebCore::WHLSL::setterCall):
(WebCore::WHLSL::getterCall):
(WebCore::WHLSL::modify):
(WebCore::WHLSL::PropertyResolver::visit):
(WebCore::WHLSL::PropertyResolver::simplifyRightValue):
(WebCore::WHLSL::LeftValueSimplifier::finishVisiting):
* Modules/webgpu/WHLSL/WHLSLResolveOverloadImpl.cpp:
(WebCore::WHLSL::conversionCost):
* Modules/webgpu/WHLSL/WHLSLResolvingType.h:
(WebCore::WHLSL::ResolvingType::ResolvingType):
(WebCore::WHLSL::ResolvingType::getUnnamedType):
(WebCore::WHLSL::ResolvingType::visit):
* Modules/webgpu/WHLSL/WHLSLSynthesizeArrayOperatorLength.cpp:
(WebCore::WHLSL::synthesizeArrayOperatorLength):
* Modules/webgpu/WHLSL/WHLSLSynthesizeConstructors.cpp:
(WebCore::WHLSL::synthesizeConstructors):
* Modules/webgpu/WHLSL/WHLSLSynthesizeEnumerationFunctions.cpp:
(WebCore::WHLSL::synthesizeEnumerationFunctions):
* Modules/webgpu/WHLSL/WHLSLSynthesizeStructureAccessors.cpp:
(WebCore::WHLSL::synthesizeStructureAccessors):
* Modules/webgpu/WHLSL/WHLSLVisitor.cpp:
(WebCore::WHLSL::Visitor::visit):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247878 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoresults.webkit.org: Add switch to filter results by expectation
jbedard@apple.com [Fri, 26 Jul 2019 21:23:32 +0000 (21:23 +0000)]
results.webkit.org: Add switch to filter results by expectation
https://bugs.webkit.org/show_bug.cgi?id=200134

Rubber-stamped by Aakash Jain.

Users of the results database should be able to easily differentiate tests which are expected
to fail verse tests which are unexpectedly failing.

* resultsdbpy/resultsdbpy/view/static/js/timeline.js:
(Timeline.render): Respect the willFilterExpected variable.
(LegendLabel): Generates html for label in the legend.
(Legend): Add switch for filter results.
* resultsdbpy/resultsdbpy/view/templates/search.html: GIve Legend callback to re-render timelines.
* resultsdbpy/resultsdbpy/view/templates/suite_results.html:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247877 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10 months agoCrashes under XPCServiceMain() / mach_msg_trap() due to sandboxing
cdumez@apple.com [Fri, 26 Jul 2019 21:08:46 +0000 (21:08 +0000)]
Crashes under XPCServiceMain() / mach_msg_trap() due to sandboxing
https://bugs.webkit.org/show_bug.cgi?id=200173
<rdar://problem/53594973>

Reviewed by Per Arne Vollan.

Allow a few more syscalls as they appear to be needed by mach_msg_trap().

* WebProcess/com.apple.WebProcess.sb.in:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247876 268f45cc-cd09-0410-ab3c-d52691b4dbfc