1. 17 Sep, 2012 40 commits
    • mhahnenberg@apple.com's avatar
      Delayed structure sweep can leak structures without bound · 013fd88d
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96546
      
      Reviewed by Gavin Barraclough.
      
      This patch gets rid of the separate Structure allocator in the MarkedSpace and adds two new destructor-only
      allocators. We now have separate allocators for our three types of objects: those objects with no destructors,
      those objects with destructors and with immortal structures, and those objects with destructors that don't have 
      immortal structures. All of the objects of the third type (destructors without immortal structures) now 
      inherit from a new class named JSDestructibleObject (which in turn is a subclass of JSNonFinalObject), which stores 
      the ClassInfo for these classes at a fixed offset for safe retrieval during sweeping/destruction.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackConstructor.cpp: Use JSDestructibleObject for JSCallbackConstructor.
      (JSC):
      (JSC::JSCallbackConstructor::JSCallbackConstructor):
      * API/JSCallbackConstructor.h:
      (JSCallbackConstructor):
      * API/JSCallbackObject.cpp: Inherit from JSDestructibleObject for normal JSCallbackObjects and use a finalizer for 
      JSCallbackObject<JSGlobalObject>, since JSGlobalObject also uses a finalizer.
      (JSC):
      (JSC::::create): We need to move the create function for JSCallbackObject<JSGlobalObject> out of line so we can add 
      the finalizer for it. We don't want to add the finalizer is something like finishCreation in case somebody decides 
      to subclass this. We use this same technique for many other subclasses of JSGlobalObject.
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      (JSC):
      * API/JSClassRef.cpp: Change all the JSCallbackObject<JSNonFinalObject> to use JSDestructibleObject instead.
      (OpaqueJSClass::prototype):
      * API/JSObjectRef.cpp: Ditto.
      (JSObjectMake):
      (JSObjectGetPrivate):
      (JSObjectSetPrivate):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      * API/JSValueRef.cpp: Ditto.
      (JSValueIsObjectOfClass):
      * API/JSWeakObjectMapRefPrivate.cpp: Ditto.
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * dfg/DFGSpeculativeJIT.h: Use the proper allocator type when doing inline allocation in the DFG.
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
      * heap/Heap.cpp:
      (JSC):
      * heap/Heap.h: Add accessors for the various types of allocators now. Also remove the isSafeToSweepStructures function 
      since it's always safe to sweep Structures now.
      (JSC::Heap::allocatorForObjectWithNormalDestructor): 
      (JSC::Heap::allocatorForObjectWithImmortalStructureDestructor):
      (Heap):
      (JSC::Heap::allocateWithNormalDestructor):
      (JSC):
      (JSC::Heap::allocateWithImmortalStructureDestructor):
      * heap/IncrementalSweeper.cpp: Remove all the logic to detect when it's safe to sweep Structures from the 
      IncrementalSweeper since it's always safe to sweep Structures now.
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::sweepNextBlock):
      (JSC::IncrementalSweeper::startSweeping):
      (JSC::IncrementalSweeper::willFinishSweeping):
      (JSC):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp: Remove the logic that was preventing us from sweeping Structures if it wasn't safe. Add 
      tracking of the specific destructor type of allocator. 
      (JSC::MarkedAllocator::tryAllocateHelper):
      (JSC::MarkedAllocator::allocateBlock):
      * heap/MarkedAllocator.h:
      (JSC::MarkedAllocator::destructorType):
      (MarkedAllocator):
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC::MarkedAllocator::init):
      * heap/MarkedBlock.cpp: Add all the destructor type stuff to MarkedBlocks so that we do the right thing when sweeping. 
      We also use the stored destructor type to determine the right thing to do in all JSCell::classInfo() calls.
      (JSC::MarkedBlock::create):
      (JSC::MarkedBlock::MarkedBlock):
      (JSC):
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep):
      (JSC::MarkedBlock::sweepHelper):
      * heap/MarkedBlock.h:
      (JSC):
      (JSC::MarkedBlock::allocator):
      (JSC::MarkedBlock::destructorType):
      * heap/MarkedSpace.cpp: Add the new destructor allocators to MarkedSpace.
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      (JSC::MarkedSpace::canonicalizeCellLivenessData):
      (JSC::MarkedSpace::isPagedOut):
      (JSC::MarkedSpace::freeBlock):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (JSC::MarkedSpace::immortalStructureDestructorAllocatorFor):
      (JSC::MarkedSpace::normalDestructorAllocatorFor):
      (JSC::MarkedSpace::allocateWithImmortalStructureDestructor):
      (JSC::MarkedSpace::allocateWithNormalDestructor):
      (JSC::MarkedSpace::forEachBlock):
      * heap/SlotVisitor.cpp: Add include because the symbol was needed in an inlined function.
      * jit/JIT.h: Make sure we use the correct allocator when doing inline allocations in the baseline JIT.
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateJSFinalObject):
      (JSC::JIT::emitAllocateJSArray):
      * jsc.cpp: 
      (GlobalObject::create): Add finalizer here since JSGlobalObject needs to use a finalizer instead of inheriting from 
      JSDestructibleObject.
      * runtime/Arguments.cpp: Inherit from JSDestructibleObject.
      (JSC):
      * runtime/Arguments.h:
      (Arguments):
      (JSC::Arguments::Arguments):
      * runtime/ErrorPrototype.cpp: Added an assert to make sure we have a trivial destructor.
      (JSC):
      * runtime/Executable.h: Indicate that all of the Executable* classes have immortal Structures.
      (JSC):
      * runtime/InternalFunction.cpp: Inherit from JSDestructibleObject.
      (JSC):
      (JSC::InternalFunction::InternalFunction):
      * runtime/InternalFunction.h:
      (InternalFunction):
      * runtime/JSCell.h: Added the NEEDS_DESTRUCTOR  macro to make it easier for classes to indicate that instead of being 
      allocated in a destructor MarkedAllocator that they will handle their destruction themselves through the 
      use of a finalizer.
      (JSC):
      (HasImmortalStructure): New template to help us determine at compile-time if a particular class 
      should be allocated in the immortal structure MarkedAllocator. The default value is false. In order 
      to be allocated in the immortal structure allocator, classes must specialize this template. Also added 
      a macro to make it easier for classes to specialize the template.
      (JSC::allocateCell): Use the appropriate allocator depending on the destructor type.
      * runtime/JSDestructibleObject.h: Added. New class that stores the ClassInfo of any subclass so that it can be 
      accessed safely when the object is being destroyed.
      (JSC):
      (JSDestructibleObject):
      (JSC::JSDestructibleObject::classInfo):
      (JSC::JSDestructibleObject::JSDestructibleObject):
      (JSC::JSCell::classInfo): Checks the current MarkedBlock to see where it should get the ClassInfo from so that it's always safe.
      * runtime/JSGlobalObject.cpp: JSGlobalObject now uses a finalizer instead of a destructor so that it can avoid forcing all 
      of its relatives in the inheritance hierarchy (e.g. JSScope) to use destructors as well.
      (JSC::JSGlobalObject::reset):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::createRareDataIfNeeded): Since we always create a finalizer now, we don't have to worry about adding one 
      for the m_rareData field when it's created.
      (JSC::JSGlobalObject::create):
      (JSC):
      * runtime/JSGlobalThis.h: Inherit from JSDestructibleObject.
      (JSGlobalThis):
      (JSC::JSGlobalThis::JSGlobalThis):
      * runtime/JSPropertyNameIterator.h: Has an immortal Structure.
      (JSC):
      * runtime/JSScope.cpp:
      (JSC):
      * runtime/JSString.h: Has an immortal Structure.
      (JSC):
      * runtime/JSWrapperObject.h: Inherit from JSDestructibleObject.
      (JSWrapperObject):
      (JSC::JSWrapperObject::JSWrapperObject):
      * runtime/MathObject.cpp: Cleaning up some of the inheritance stuff.
      (JSC):
      * runtime/NameInstance.h: Inherit from JSDestructibleObject.
      (NameInstance):
      * runtime/RegExp.h: Has immortal Structure.
      (JSC):
      * runtime/RegExpObject.cpp: Inheritance cleanup.
      (JSC):
      * runtime/SparseArrayValueMap.h: Has immortal Structure.
      (JSC):
      * runtime/Structure.h: Has immortal Structure.
      (JSC):
      * runtime/StructureChain.h: Ditto.
      (JSC):
      * runtime/SymbolTable.h: Ditto.
      (SharedSymbolTable):
      (JSC):
      
      Source/WebCore: 
      
      No new tests.
      
      * ForwardingHeaders/runtime/JSDestructableObject.h: Added.
      * bindings/js/JSDOMWrapper.h: Inherits from JSDestructibleObject.
      (JSDOMWrapper):
      (WebCore::JSDOMWrapper::JSDOMWrapper):
      * bindings/scripts/CodeGeneratorJS.pm: Add finalizers to anything that inherits from JSGlobalObject,
      e.g. JSDOMWindow and JSWorkerContexts. For those classes we also need to use the NEEDS_DESTRUCTOR macro.
      (GenerateHeader):
      * bridge/objc/objc_runtime.h: Inherit from JSDestructibleObject.
      (ObjcFallbackObjectImp):
      * bridge/objc/objc_runtime.mm:
      (Bindings):
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      * bridge/runtime_array.cpp: Use a finalizer so that JSArray isn't forced to inherit from JSDestructibleObject.
      (JSC):
      (JSC::RuntimeArray::destroy):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      (JSC):
      * bridge/runtime_object.cpp: Inherit from JSDestructibleObject.
      (Bindings):
      (JSC::Bindings::RuntimeObject::RuntimeObject):
      * bridge/runtime_object.h:
      (RuntimeObject):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128813 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      013fd88d
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r128809. · 57d3cca3
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/128809
      https://bugs.webkit.org/show_bug.cgi?id=96958
      
      Broke the Windows build. (Requested by andersca on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2012-09-17
      
      Source/WebCore:
      
      * platform/win/BString.cpp:
      (WebCore::BString::~BString):
      (WebCore::BString::adoptBSTR):
      * platform/win/BString.h:
      (BString):
      
      Source/WebKit/win:
      
      * DefaultPolicyDelegate.cpp:
      (DefaultPolicyDelegate::decidePolicyForNavigationAction):
      (DefaultPolicyDelegate::decidePolicyForMIMEType):
      (DefaultPolicyDelegate::unableToImplementPolicyWithError):
      * MarshallingHelpers.cpp:
      (MarshallingHelpers::KURLToBSTR):
      (MarshallingHelpers::CFStringRefToBSTR):
      (MarshallingHelpers::stringArrayToSafeArray):
      (MarshallingHelpers::safeArrayToStringArray):
      * WebCoreSupport/WebChromeClient.cpp:
      (WebChromeClient::runJavaScriptPrompt):
      * WebCoreSupport/WebEditorClient.cpp:
      (WebEditorClient::checkGrammarOfString):
      (WebEditorClient::getGuessesForWord):
      * WebFrame.cpp:
      (WebFrame::canProvideDocumentSource):
      * WebHistory.cpp:
      (WebHistory::removeItem):
      (WebHistory::addItem):
      * WebIconDatabase.cpp:
      (WebIconDatabase::startUpIconDatabase):
      * WebNotificationCenter.cpp:
      (WebNotificationCenter::postNotification):
      * WebPreferences.cpp:
      (WebPreferences::setStringValue):
      * WebView.cpp:
      (PreferencesChangedOrRemovedObserver::onNotify):
      (WebView::close):
      (WebView::canShowMIMEType):
      (WebView::initWithFrame):
      (WebView::setApplicationNameForUserAgent):
      (WebView::setCustomUserAgent):
      (WebView::userAgentForURL):
      (WebView::setCustomTextEncodingName):
      (WebView::customTextEncodingName):
      (WebView::setPreferences):
      (WebView::searchFor):
      (WebView::executeCoreCommandByName):
      (WebView::markAllMatchesForText):
      (WebView::setGroupName):
      (WebView::registerURLSchemeAsLocal):
      (WebView::replaceSelectionWithText):
      (WebView::onNotify):
      (WebView::notifyPreferencesChanged):
      (WebView::MIMETypeForExtension):
      (WebView::standardUserAgentWithApplicationName):
      (WebView::addAdditionalPluginDirectory):
      (WebView::registerEmbeddedViewMIMEType):
      (toString):
      (toKURL):
      (WebView::addOriginAccessWhitelistEntry):
      (WebView::removeOriginAccessWhitelistEntry):
      (WebView::geolocationDidFailWithError):
      (WebView::setDomainRelaxationForbiddenForURLScheme):
      (WebView::setCompositionForTesting):
      (WebView::confirmCompositionForTesting):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128812 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      57d3cca3
    • bdakin@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=96945 · 02b30b04
      bdakin@apple.com authored
      REGRESSION (r128678): Several tests fail on WK2 bots 
      (compositing/rtl/rtl-fixed-overflow.html, 
      compositing/rtl/rtl-fixed.html, 
      fast/regions/float-pushed-width-change.html, 
      fast/repaint/fixed-move-after-keyboard-scroll.html)
      
      Reviewed by Tim Horton.
      
      These tests are failing after 
      https://bugs.webkit.org/show_bug.cgi?id=96688 They are failing on WK2 
      only because that change only forces compositing mode for fixed 
      position elements in WK2, not WK1. 
      
      This one is a ref test where the expectation used fixed positioning. 
      We can avoid using fixed pos and avoid that fact that that creates a 
      layer in WK2 and use absolute pos instead.
      * fast/regions/float-pushed-width-change-expected.html:
      
      These tests just need updated results in the mac-wk2 directory.
      * platform/mac-wk2/compositing/rtl: Added.
      * platform/mac-wk2/compositing/rtl/rtl-fixed-expected.txt: Added.
      * platform/mac-wk2/compositing/rtl/rtl-fixed-overflow-expected.txt: Added.
      * platform/mac-wk2/fast/repaint: Added.
      * platform/mac-wk2/fast/repaint/fixed-move-after-keyboard-scroll-expected.png: Added.
      * platform/mac-wk2/fast/repaint/fixed-move-after-keyboard-scroll-expected.txt: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128811 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      02b30b04
    • paroga@webkit.org's avatar
      [WIN] Use BString in favour of BSTR to improve memory management · 36cc2675
      paroga@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=93128
      
      Reviewed by Anders Carlsson.
      
      BString automatically calls SysFreeString() in its destructor which helps
      avoiding memory leaks. So it should be used instead of BSTR directly.
      Add operator& to BString to allow its usage for out parameters too (like COMPtr).
      This fixes already a few memory leaks in the existing code.
      
      * platform/win/BString.cpp:
      (WebCore::BString::~BString):
      (WebCore::BString::adoptBSTR):
      (WebCore::BString::clear):
      (WebCore):
      * platform/win/BString.h:
      (BString):
      (WebCore::BString::operator&):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128809 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      36cc2675
    • japhet@chromium.org's avatar
      2012-09-17 Nate Chapin <japhet@chromium.org> · 4fdae109
      japhet@chromium.org authored
              Unreviewed, test expectations update.
      
              * platform/chromium/TestExpectations: Mark http/tests/inspector/network/network-xhr-replay.html as timing out on chromium win.
      
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128808 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4fdae109
    • piman@chromium.org's avatar
      [chromium] Add onSendFrameToParentCompositorAck to WebCompositorOutputSurfaceClient · b98dd4ff
      piman@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96850
      
      Reviewed by James Robinson.
      
      Hook for the WebCompositorOutputSurface::sendFrameToParent ack.
      Also changes WebCompositorFrame from a class to a struct.
      
      * chromium/public/WebCompositorOutputSurface.h:
      (WebKit):
      * chromium/public/WebCompositorOutputSurfaceClient.h:
      (WebKit):
      (WebCompositorOutputSurfaceClient):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128806 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b98dd4ff
    • tony@chromium.org's avatar
      Make CSS.PrefixUsage histogram smaller to save memory · 66f6d6b4
      tony@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96941
      
      Reviewed by Ojan Vafai.
      
      Each bucket costs about 12 bytes. This reduces the size of the histogram
      from 600 to 384, which will save about 2.5k per renderer and browser
      process.
      
      In the long run, we could probably generate a table in makeprop.pl that
      only has the webkit prefix values to save even more memory (there are
      194 properties that start with -webkit).
      
      No new tests, just refactoring.
      
      * css/CSSParser.cpp:
      (WebCore::cssPropertyID):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128804 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      66f6d6b4
    • aelias@chromium.org's avatar
      [chromium] WebCompositorOutputSurface software API · 3c66e791
      aelias@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96851
      
      Reviewed by James Robinson.
      
      This adds a software-based output option to
      WebCompositorOutputSurface, for use with the new software compositor.
      If returns a "tear-off" which provides a WebImage object that can be
      written to or read.
      
      * Platform.gypi:
      * chromium/public/WebCompositorOutputSurface.h:
      (WebKit):
      (WebCompositorOutputSurface):
      (WebKit::WebCompositorOutputSurface::surfaceSoftware):
      * chromium/public/WebCompositorOutputSurfaceSoftware.h: Added.
      (WebKit):
      (WebCompositorOutputSurfaceSoftware):
      (WebKit::WebCompositorOutputSurfaceSoftware::~WebCompositorOutputSurfaceSoftware):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128803 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3c66e791
    • fpizlo@apple.com's avatar
      If a prototype has indexed setters and its instances have indexed storage,... · 1c4a32c9
      fpizlo@apple.com authored
      If a prototype has indexed setters and its instances have indexed storage, then all put_by_val's should have a bad time
      https://bugs.webkit.org/show_bug.cgi?id=96596
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      Added comprehensive support for accessors and read-only indexed properties on the
      prototype chain. This is done without any performance regression on benchmarks that
      we're aware of, by having the entire VM's strategy with respect to arrays tilted
      heavily in favor of:
              
      - The prototype chain of JSArrays never having any accessors or read-only indexed
        properties. If that changes, you're going to have a bad time.
              
      - Prototypes of non-JSArray objects either having no indexed accessors or read-only
        indexed properties, or, having those indexed accessor thingies inserted before
        any instance object (i.e. object with that prototype as its prototype) is created.
        If you add indexed accessors or read-only indexed properties to an object that is
        already used as a prototype, you're going to have a bad time.
              
      See below for the exact definition of having a bad time.
              
      Put another way, "fair" uses of indexed accessors and read-only indexed properties
      are:
              
      - Put indexed accessors and read-only indexed properties on an object that is never
        used as a prototype. This will slow down accesses to that object, but will not
        have any effect on any other object.
              
      - Put those indexed accessor thingies on an object before it is used as a prototype
        and then start instantiating objects that claim that object as their prototype.
        This will slightly slow down indexed stores to the instance objects, and greatly
        slow down all indexed accesses to the prototype, but will have no other effect.
              
      In short, "fair" uses only affect the object itself and any instance objects. But
      if you start using indexed accessors in more eclectic ways, you're going to have
      a bad time.
              
      Specifically, if an object that may be used as a prototype has an indexed accessor
      added, the VM performs a whole-heap scan to find all objects that belong to the
      same global object as the prototype you modified. If any of those objects has
      indexed storage, their indexed storage is put into slow-put mode, just as if their
      prototype chain had indexed accessors. This will happen even for objects that do
      not currently have indexed accessors in their prototype chain. As well, all JSArray
      allocations are caused to create arrays with slow-put storage, and all future
      allocations of indexed storage for non-JSArray objects are also flipped to slow-put
      mode. Note there are two aspects to having a bad time: (i) the whole-heap scan and
      (ii) the poisoning of all indexed storage in the entire global object. (i) is
      necessary for correctness. If we detect that an object that may be used as a
      prototype has had an indexed accessor or indexed read-only property inserted into
      it, then we need to ensure that henceforth all instances of that object inspect
      the prototype chain whenever an indexed hole is stored to. But by default, indexed
      stores do no such checking because doing so would be unnecessarily slow. So, we must
      find all instances of the affected object and flip them into a different array
      storage mode that omits all hole optimizations. Since prototypes never keep a list
      of instance objects, the only way to find those objects is a whole-heap scan. But
      (i) alone would be a potential disaster, if a program frequently allocated an
      object without indexed accessors, then allocated a bunch of objects that used that
      one as their prototype, and then added indexed accessors to the prototype. So, to
      prevent massive heap scan storms in such awkward programs, having a bad time also
      implies (ii): henceforth *all* objects belonging to that global object will use
      slow put indexed storage, so that we don't ever have to scan the heap again. Note
      that here we are using the global object as just an approximation of a program
      module; it may be worth investigating in the future if other approximations can be
      used instead.
      
      * bytecode/ArrayProfile.h:
      (JSC):
      (JSC::arrayModeFromStructure):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::isSlowPutAccess):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateJSArray):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::finishCreation):
      (JSC::arrayProtoFuncSort):
      * runtime/IndexingType.h:
      (JSC):
      (JSC::hasIndexedProperties):
      (JSC::hasIndexingHeader):
      (JSC::hasArrayStorage):
      (JSC::shouldUseSlowPut):
      * runtime/JSArray.cpp:
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      * runtime/JSArray.h:
      (JSC::JSArray::createStructure):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::haveABadTime):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::addressOfArrayStructure):
      (JSC::JSGlobalObject::havingABadTimeWatchpoint):
      (JSC::JSGlobalObject::isHavingABadTime):
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::notifyPresenceOfIndexedAccessors):
      (JSC):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::setPrototype):
      (JSC::JSObject::resetInheritorID):
      (JSC::JSObject::inheritorID):
      (JSC::JSObject::allowsAccessFrom):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::unwrappedGlobalObject):
      (JSC::JSObject::notifyUsedAsPrototype):
      (JSC::JSObject::createInheritorID):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::attemptToInterceptPutByIndexOnHoleForPrototype):
      (JSC::JSObject::attemptToInterceptPutByIndexOnHole):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::getOwnPropertyDescriptor):
      * runtime/JSObject.h:
      (JSC::JSObject::mayBeUsedAsPrototype):
      (JSObject):
      (JSC::JSObject::mayInterceptIndexedAccesses):
      (JSC::JSObject::getArrayLength):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::completeInitialization):
      (JSC::JSObject::inSparseIndexingMode):
      (JSC::JSObject::arrayStorage):
      (JSC::JSObject::arrayStorageOrNull):
      (JSC::JSObject::ensureArrayStorage):
      (JSC):
      (JSC::JSValue::putByIndex):
      * runtime/JSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      (JSC::JSValue::putToPrimitiveByIndex):
      (JSC):
      * runtime/JSValue.h:
      (JSValue):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::finishCreation):
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayValueMap::putEntry):
      (JSC::SparseArrayEntry::put):
      (JSC):
      * runtime/SparseArrayValueMap.h:
      (JSC):
      (SparseArrayEntry):
      * runtime/Structure.cpp:
      (JSC::Structure::anyObjectInChainMayInterceptIndexedAccesses):
      (JSC):
      (JSC::Structure::suggestedIndexingTransition):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::mayInterceptIndexedAccesses):
      * runtime/StructureTransitionTable.h:
      (JSC::newIndexingType):
      
      LayoutTests: 
      
      Removed failing expectation for primitive-property-access-edge-cases, and
      added more tests to cover the numerical-setter-on-prototype cases.
      
      * fast/js/array-bad-time-expected.txt: Added.
      * fast/js/array-bad-time.html: Added.
      * fast/js/array-slow-put-expected.txt: Added.
      * fast/js/array-slow-put.html: Added.
      * fast/js/cross-frame-bad-time-expected.txt: Added.
      * fast/js/cross-frame-bad-time.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/object-bad-time-expected.txt: Added.
      * fast/js/object-bad-time.html: Added.
      * fast/js/object-slow-put-expected.txt: Added.
      * fast/js/object-slow-put.html: Added.
      * fast/js/script-tests/array-bad-time.js: Added.
      * fast/js/script-tests/array-slow-put.js: Added.
      (foo):
      * fast/js/script-tests/cross-frame-bad-time.js: Added.
      (foo):
      * fast/js/script-tests/object-bad-time.js: Added.
      (Cons):
      * fast/js/script-tests/object-slow-put.js: Added.
      (Cons):
      (foo):
      * platform/mac/fast/js/primitive-property-access-edge-cases-expected.txt: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128802 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1c4a32c9
    • rwlbuis@webkit.org's avatar
      [BlackBerry] Enable VIDEO_TRACK · 9c82b2de
      rwlbuis@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96949
      
      Reviewed by Antonio Gomes.
      
      .:
      
      Turn on VIDEO_TRACK feature.
      
      * Source/cmake/OptionsBlackBerry.cmake:
      
      Source/WebCore:
      
      Turn on runtime feature for VIDEO_TRACK.
      
      * bindings/generic/RuntimeEnabledFeatures.cpp:
      (WebCore):
      
      Tools:
      
      * Scripts/webkitperl/FeatureList.pm:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128800 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9c82b2de
    • tony@chromium.org's avatar
      [chromium] Unreviewed, updating some bug numbers in TestExpectations. · 3b0f6e57
      tony@chromium.org authored
      * platform/chromium/TestExpectations:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128799 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3b0f6e57
    • abarth@webkit.org's avatar
      Measure the usage of window.webkitIndexedDB so we can measure the transition to webkit.indexedDB · bc08d1bd
      abarth@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96943
      
      Reviewed by Ojan Vafai.
      
      We don't yet support window.indexedDB but we will once
      https://bugs.webkit.org/show_bug.cgi?id=96548 lands. This metric will
      help us measure the transition from the prefixed to the unprefixed API.
      
      * Modules/indexeddb/DOMWindowIndexedDatabase.idl:
      * page/FeatureObserver.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128798 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bc08d1bd
    • abarth@webkit.org's avatar
      Measure usage of the legacy WebKitBlobBuilder API in the hopes of being able to remove it · 69daca49
      abarth@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96939
      
      Reviewed by Ojan Vafai.
      
      In the course of standardization, the BlobBuilder API was removed in
      favor of just using the Blob constructor. This patch adds some
      measurement to see how often this legacy API is used. If the API is not
      used very much, we might be able to remove it.
      
      * fileapi/WebKitBlobBuilder.cpp:
      (WebCore::WebKitBlobBuilder::create):
      * page/FeatureObserver.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128797 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      69daca49
    • commit-queue@webkit.org's avatar
      Implement uncommitted memory for Linux. · 5c48ba20
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=65766
      
      Patch by Uli Schlachter <psychon@znc.in> on 2012-09-17
      Reviewed by Gavin Barraclough.
      
      The old approach used MAP_NORESERVE to allocate address space without
      committing it. However, that flag gets ignored if
      /proc/sys/vm/overcommit_memory is set to 2. The new approach uses a
      mapping with PROT_NONE. This works because mappings which aren't even
      readable don't get accounted as committed on Linux.
      
      * wtf/OSAllocatorPosix.cpp:
      (WTF::OSAllocator::reserveUncommitted):
      (WTF::OSAllocator::reserveAndCommit):
      (WTF::OSAllocator::commit):
      (WTF::OSAllocator::decommit):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128796 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5c48ba20
    • jsbell@chromium.org's avatar
      IndexedDB: Result of IDBFactory.deleteDatabase() should be undefined, not null · 4d7a99dd
      jsbell@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96538
      
      Reviewed by Tony Chang.
      
      Source/WebCore:
      
      Trivial implementation change to match the spec.
      
      Tests: storage/indexeddb/factory-deletedatabase-expected.html
             storage/indexeddb/intversion-long-queue-expected.html
      
      * Modules/indexeddb/IDBDatabaseBackendImpl.cpp:
      (WebCore::IDBDatabaseBackendImpl::deleteDatabase):
      
      LayoutTests:
      
      Check result of IDBFactory.deleteDatabase() - one updated assertion, one added assertion.
      
      * storage/indexeddb/factory-deletedatabase-expected.txt:
      * storage/indexeddb/intversion-long-queue-expected.txt:
      * storage/indexeddb/resources/factory-deletedatabase.js: Add new assertion.
      (reopenDatabase):
      * storage/indexeddb/resources/intversion-long-queue.js: Update existing assertion.
      (deleteDatabaseSuccessCallback):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128795 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4d7a99dd
    • commit-queue@webkit.org's avatar
      Source/WebCore: Allow gesture events to set active/hover state. · d87e5bae
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96060
      
      Patch by Rick Byers <rbyers@chromium.org> on 2012-09-17
      Reviewed by Antonio Gomes.
      
      Adds GestureTapDownCancel as a new PlatformGestureEvent type.  On ports
      that support gesture events, use GestureTapDown to trigger active/hover
      states, and GestureTap/GestureTapDownCancel to clear them.  This is
      superior to using touch events for a number of reasons:
        1) some ports (chromium) avoid sending touch events unless absolutely
        necessary, since they hurt scroll performance by blocking threaded
        scrolling.
        2) with touch, and element really shouldn't be 'active' when the user
        happens to be touching it while scrolling.  In that case they aren't
        'manipulating the element', they're manipulating the page or div that
        is scrolling.
        3) similarly, there may be other gestures that involve touching the
        element which aren't really about manipulating that element (eg.
        pinch to zoom).
      
      Test: fast/events/touch/gesture/gesture-tap-active-state.html
      Test: fast/events/touch/gesture/gesture-tap-active-state-iframe.html
      * dom/GestureEvent.cpp:
      (WebCore::GestureEvent::create):
      * page/EventHandler.cpp:
      (WebCore::EventHandler::handleGestureEvent):
      (WebCore::EventHandler::handleTouchEvent):
      * platform/PlatformEvent.h:
      
      Source/WebKit/chromium: Send GestureTapDownCancel to WebCore
      https://bugs.webkit.org/show_bug.cgi?id=96060
      
      Patch by Rick Byers <rbyers@chromium.org> on 2012-09-17
      Reviewed by Antonio Gomes.
      
      Plumb WebInputEvent::GetsureTapCancel to
      PlatformInputEvent::GestureTapDownCancel.  After all the chromium code
      was landed, it was suggested that 'TapDownCancel' was a better name
      than 'TapCancel' since you can't cancel a Tap.  I'm not changing the
      WebInputEvent definition here because that would be a breaking change
      to chromium, but I can do that as a series of follow-up CLs.
      * src/WebInputEventConversion.cpp:
      (WebKit::PlatformGestureEventBuilder::PlatformGestureEventBuilder):
      * src/WebPopupMenuImpl.cpp:
      (WebKit::WebPopupMenuImpl::handleInputEvent):
      * src/WebViewImpl.cpp:
      (WebKit::WebViewImpl::handleGestureEvent):
      
      Tools: Add handling of new GestureTapCancel in DRT
      
      https://bugs.webkit.org/show_bug.cgi?id=96183
      
      Patch by Rick Byers <rbyers@chromium.org> on 2012-09-17
      Reviewed by Antonio Gomes.
      
      * DumpRenderTree/chromium/TestWebPlugin.cpp:
      (TestWebPlugin::handleInputEvent):
      * DumpRenderTree/chromium/EventSender.cpp:
      (EventSender::gestureTapCancel):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128794 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d87e5bae
    • ap@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=96942 · 8155f5fc
      ap@apple.com authored
              [Mac] Failing test http/tests/inspector/network/network-xhr-replay.html
      
              * platform/mac/Skipped: Skipping a test for the newly added feature.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128793 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8155f5fc
    • andersca@apple.com's avatar
      Crash if we fail to allocate memory for the argument encoder buffer. · 45959383
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88367
      
      Reviewed by Andreas Kling.
      <rdar://problem/11488239>
      
      Since there's no way to recover from malloc returning null here, just crash.
      
      * Platform/CoreIPC/ArgumentEncoder.cpp:
      (CoreIPC::ArgumentEncoder::grow):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128792 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      45959383
    • fpizlo@apple.com's avatar
      Array profiling has convergence issues · c7be5be0
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96891
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      Now each array profiling site merges in the indexing type it observed into
      the m_observedArrayModes bitset. The ArrayProfile also uses this to detect
      cases where the structure must have gone polymorphic (if the bitset is
      polymorphic then the structure must be). This achieves something like the
      best of both worlds: on the one hand, we get a probabilistic structure that
      we can use to optimize the monomorphic structure case, but on the other hand,
      we get an accurate view of the set of types that were encountered.
      
      * assembler/MacroAssemblerARMv7.h:
      (JSC::MacroAssemblerARMv7::or32):
      (MacroAssemblerARMv7):
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::or32):
      (MacroAssemblerX86):
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::or32):
      (MacroAssemblerX86_64):
      * assembler/X86Assembler.h:
      (X86Assembler):
      (JSC::X86Assembler::orl_rm):
      * bytecode/ArrayProfile.cpp:
      (JSC::ArrayProfile::computeUpdatedPrediction):
      * bytecode/ArrayProfile.h:
      (JSC::ArrayProfile::addressOfArrayModes):
      (JSC::ArrayProfile::structureIsPolymorphic):
      * jit/JIT.h:
      (JIT):
      * jit/JITInlineMethods.h:
      (JSC):
      (JSC::JIT::emitArrayProfilingSite):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      
      Source/WTF: 
      
      Added functions for testing if something is a power of 2.
      
      * wtf/MathExtras.h:
      (hasZeroOrOneBitsSet):
      (hasTwoOrMoreBitsSet):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128790 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c7be5be0
    • commit-queue@webkit.org's avatar
      IndexedDB: Use ScriptValue instead of SerializedScriptValue for get/openCursor · b90c8b80
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=95409
      
      Patch by Alec Flett <alecflett@chromium.org> on 2012-09-17
      Reviewed by Kentaro Hara.
      
      Source/WebCore:
      
      This reduces a bunch of serialization/deserialization when writing
      to objectstores with indexes.
      
      No new tests, as this covers core functionality of IndexedDB, and
      almost every test would fail. Some likely tests that would fail
      fundamentally include:
      
      storage/indexeddb/objectstore-basics.html
      storage/indexeddb/cursor-basics.html
      storage/indexeddb/index-basics.html
      
      * Modules/indexeddb/IDBAny.cpp:
      (WebCore::IDBAny::scriptValue):
      (WebCore::IDBAny::integer):
      (WebCore):
      (WebCore::IDBAny::set):
      * Modules/indexeddb/IDBAny.h:
      (WebCore):
      (IDBAny):
      (WebCore::IDBAny::create):
      * Modules/indexeddb/IDBCursor.cpp:
      (WebCore::IDBCursor::setValueReady):
      * Modules/indexeddb/IDBCursor.h:
      (WebCore):
      (IDBCursor):
      * Modules/indexeddb/IDBDatabase.cpp:
      (WebCore::IDBDatabase::version):
      * Modules/indexeddb/IDBObjectStore.cpp:
      (WebCore):
      * Modules/indexeddb/IDBRequest.cpp:
      (WebCore::IDBRequest::setResultCursor):
      (WebCore::IDBRequest::onSuccess):
      (WebCore):
      (WebCore::IDBRequest::onSuccessInternal):
      (WebCore::IDBRequest::dispatchEvent):
      * Modules/indexeddb/IDBRequest.h:
      (IDBRequest):
      * Modules/indexeddb/IDBTransactionCallbacks.h:
      * bindings/v8/IDBBindingUtilities.cpp:
      (WebCore::deserializeIDBValue):
      (WebCore::injectIDBKeyIntoScriptValue):
      * bindings/v8/IDBBindingUtilities.h:
      (WebCore):
      * bindings/v8/custom/V8IDBAnyCustom.cpp:
      (WebCore::toV8):
      
      Source/WebKit/chromium:
      
      This removes a bunch of tests that have been migrated to
      LayoutTests, in https://bugs.webkit.org/show_bug.cgi?id=96818.
      
      * tests/IDBBindingUtilitiesTest.cpp:
      (WebCore::checkKeyFromValueAndKeyPathInternal):
      (WebCore::checkKeyPathNullValue):
      (WebCore::injectKey):
      (WebCore::checkInjection):
      (WebCore::checkInjectionFails):
      (WebCore::checkKeyPathStringValue):
      (WebCore::checkKeyPathNumberValue):
      (WebCore::TEST):
      * tests/IDBKeyPathTest.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128789 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b90c8b80
    • abarth@webkit.org's avatar
      We should make collecting metrics easier by adding an IDL attribute · 23db5ebf
      abarth@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96837
      
      Reviewed by Kentaro Hara.
      
      Currently it is too hard to set up a good measurement experiment to see
      whether we can safely remove a feature (including vendor-prefixed
      features). This patch introduces the [V8MeasureAs] IDL attribute to make
      that process easier.
      
      When you add the [V8MeasureAs] IDL property to an API, we'll count what
      fraction of Page objects used that API.
      
      * Modules/notifications/DOMWindowNotifications.idl:
      * bindings/scripts/CodeGeneratorV8.pm:
      (GenerateFeatureObservation):
      (GenerateNormalAttrGetter):
      (GenerateReplaceableAttrSetter):
      (GenerateNormalAttrSetter):
      (GenerateOverloadedFunctionCallback):
      (GenerateFunctionCallback):
      (GenerateConstructorCallback):
      (GenerateNamedConstructorCallback):
      * bindings/scripts/IDLAttributes.txt:
      * bindings/scripts/test/TestObj.idl:
      * bindings/scripts/test/V8/V8TestObj.cpp:
      (WebCore::TestObjV8Internal::testObjAttrAttrGetter):
      (WebCore::TestObjV8Internal::testObjAttrAttrSetter):
      (WebCore::TestObjV8Internal::objMethodCallback):
      (WebCore):
      * page/Page.h:
      (WebCore::Page::featureObserver):
      (Page):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128788 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      23db5ebf
    • bdakin@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=96936 · 1b35d6e2
      bdakin@apple.com authored
      Opt into layers for fixed positioned elements for TiledDrawingArea
      
      Reviewed by Tim Horton.
      
      This code already exists in DrawingAreaImpl, and we need it for 
      TiledCoreAnimationDrawingArea as well.
      * WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:
      (WebKit::TiledCoreAnimationDrawingArea::updatePreferences):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128787 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1b35d6e2
    • commit-queue@webkit.org's avatar
      [CSS Exclusions] Enable shape-inside for percentage lengths based on logical height · db633633
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=93547
      
      Patch by Bear Travis <betravis@adobe.com> on 2012-09-17
      Reviewed by Levi Weintraub.
      
      Source/WebCore:
      
      Shape-inside needs to be passed the logical size to use when computing percentage
      based coordinates. The CSS Regions-specific method computeInitialRegionRangeForBlock
      has been generalized to updateRegionsAndExclusionsLogicalSize. This method takes
      the pre-child-layout logical width and height, and uses them to compute the logical
      width and height that regions and exclusions should use for layout. Regions use a
      block's maximum possible logical height to compute a region's maximum extent.
      Exclusions use a block's fixed logical width and height, or 0 if one does not exist,
      to resolve percentage-based shape lengths. The default logical size used for resolving
      percentage based coordinates is tested in shape-inside-percentage-auto.html.
      
      Test: fast/exclusions/shape-inside/shape-inside-percentage.html
      
      * rendering/RenderBlock.cpp:
      (WebCore::RenderBlock::updateRegionsAndExclusionsLogicalSize): Calculates the logical
      height regions and exclusions should use, and updates their layout sizes through
      computeExclusionShapeSize and computeRegionRangeForBlock.
      (WebCore):
      (WebCore::RenderBlock::computeExclusionShapeSize): Pass the appropriate logical size
      to exclusion shapes so they can resolve percentage based coordinates.
      (WebCore::RenderBlock::layoutBlock): Call the new updateRegionsAndExclusionsLogicalSize
      method.
      * rendering/RenderBlock.h:
      (RenderBlock):
      * rendering/RenderBox.cpp:
      (WebCore::percentageLogicalHeightIsResolvable): Determine if percentage lengths
      based on logical height can be resolved.
      (WebCore):
      (WebCore::RenderBox::percentageLogicalHeightIsResolvableFromBlock): Added declaration.
      * rendering/RenderBox.h:
      (RenderBox):
      * rendering/RenderDeprecatedFlexibleBox.cpp:
      (WebCore::RenderDeprecatedFlexibleBox::layoutBlock): Calling
      updateRegionsAndExclusionsLogicalSize rather than computeInitialRegionRangeForBlock.
      * rendering/RenderFlexibleBox.cpp:
      (WebCore::RenderFlexibleBox::layoutBlock): Ditto.
      * rendering/RenderGrid.cpp:
      (WebCore::RenderGrid::layoutBlock): Ditto.
      
      LayoutTests:
      
      Test that shape percentage-based measurements resolve correctly. Some testing is
      already covered by shape-inside-percentage-auto.html.
      
      * fast/exclusions/shape-inside/shape-inside-percentage-expected.html: Added.
      * fast/exclusions/shape-inside/shape-inside-percentage.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128786 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      db633633
    • vangelis@chromium.org's avatar
      [chromium] Add gpu_test trace events tracking the creation of a DrawingBuffer · 7dddb14b
      vangelis@chromium.org authored
      and Canvas2DLayerBridge. They will be used by browser tests to verify the
      existence of WebGL and accelerated canvas.
      https://bugs.webkit.org/show_bug.cgi?id=96871
      
      Reviewed by James Robinson.
      
      * platform/graphics/chromium/Canvas2DLayerBridge.cpp:
      (WebCore::Canvas2DLayerBridge::Canvas2DLayerBridge):
      * platform/graphics/chromium/DrawingBufferChromium.cpp:
      (WebCore::DrawingBuffer::DrawingBuffer):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128785 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7dddb14b
    • leandrogracia@chromium.org's avatar
      [Chromium] Fix cases where find-in-page doesn't send a final update · dd48edc5
      leandrogracia@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96402
      
      Fix some issues in the WebKit implementation that prevented to send a final
      reportFindInPageMatchCount message.
      
      Reviewed by Adam Barth.
      
      * src/WebFrameImpl.cpp:
      (WebKit::WebFrameImpl::scopeStringMatches):
      (WebKit):
      (WebKit::WebFrameImpl::finishCurrentScopingEffort):
      (WebKit::WebFrameImpl::cancelPendingScopingEffort):
      (WebKit::WebFrameImpl::WebFrameImpl):
      (WebKit::WebFrameImpl::shouldScopeMatches):
      * src/WebFrameImpl.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128784 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      dd48edc5
    • ojan@chromium.org's avatar
      Cleanup the final instance of BUGUSERNAME. · f93720b4
      ojan@chromium.org authored
      * platform/chromium/TestExpectations:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128783 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f93720b4
    • pdr@google.com's avatar
      Teach style checker about preprocessor directive indentation rules · d0936b70
      pdr@google.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96874
      
      Reviewed by Adam Barth.
      
      Preprocessor directives (#ifdef, #include, #define, etc.) should not be indented.
      This is not explicit in our style guide but is generally followed in our code.
      Searching for violations in our codebase shows these are rarely indented:
          #include - indented in 6 files
          #ifdef - indented in 0 files
          #ifndef - indented in 1 file
          #define - indented in 11 files
          #if - indented in 7 files
      
      * Scripts/webkitpy/style/checkers/cpp.py:
      (check_directive_indentation):
      
          This is the simple test where we look for spaces followed by a #.
      
      (check_style):
      * Scripts/webkitpy/style/checkers/cpp_unittest.py:
      
          A few tests needed to be modified because they had unintentionally indented
          preprocessor directives.
      
      (CppStyleTest.test_build_class.Foo):
      (CppStyleTest.test_build_class):
      (CppStyleTest.test_build_class.DERIVE_FROM_GOO):
      (WebKitStyleTest.test_line_breaking):
      (WebKitStyleTest.test_directive_indentation):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128782 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d0936b70
    • ossy@webkit.org's avatar
      [Qt] Unreviewed gardening, skip one more crashy test to paint the bot green. · b6211484
      ossy@webkit.org authored
      * platform/qt/Skipped:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128781 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b6211484
    • commit-queue@webkit.org's avatar
      Fix LoadImagesAutomatically cache behavior · d78a58f9
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96829
      
      Patch by Bo Liu <boliu@chromium.org> on 2012-09-17
      Reviewed by Adam Barth.
      
      I broke the caching behavior of LoadImagesAutomatically in
      http://trac.webkit.org/changeset/128645
      
      This restores the original behavior that AutoLoadImage does not block
      loads from memory cache.
      
      Source/WebCore:
      
      Test: fast/loader/display-image-unset-allows-cached-image-load.html
      
      * loader/cache/CachedResourceLoader.cpp:
      (WebCore::CachedResourceLoader::determineRevalidationPolicy):
      (WebCore::CachedResourceLoader::clientAllowsImage):
      (WebCore::CachedResourceLoader::shouldDeferImageLoad):
      * loader/cache/CachedResourceLoader.h:
      (CachedResourceLoader):
      
      LayoutTests:
      
      * fast/loader/display-image-unset-allows-cached-image-load-expected.txt: Added.
      * fast/loader/display-image-unset-allows-cached-image-load.html: Added.
      * fast/loader/resources/image1.html: Added.
      * fast/loader/resources/image2.html: Added.
      * platform/wk2/Skipped:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128780 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d78a58f9
    • rniwa@webkit.org's avatar
      Perf test results is incomprehensive · 3b6a0d8a
      rniwa@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=94668
      
      Reviewed by Eric Seidel.
      
      Overhauled the results page to have a tabular view. Clicking on each row shows a flot graph we used to have.
      For each run and test, we show the mean value with the standard deviation along with the percent difference
      against the reference run chosen by the user if the difference is statistically significant; it also indicates
      whether the new value is progression or not.
      
      The unit of each test is adjusted automatically using SI prefixes (Kilo, Mega, Milli), and rows can be sorted
      by each column. Time and memory results are separated into two tabs.
      
      * resources/jquery.tablesorter.min.js: Added.
      * resources/results-template.html:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128779 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3b6a0d8a
    • commit-queue@webkit.org's avatar
      Web Inspector: Display Named Flows in the Tabbed Pane of the "CSS Named Flows" Drawer · dcf76eea
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96733
      
      Patch by Andrei Poenaru <poenaru@adobe.com> on 2012-09-17
      Reviewed by Alexander Pavlov.
      
      Added functionality to the Tabbed Pane from the CSS Named Flows Drawer.
      
      * English.lproj/localizedStrings.js:
      * WebCore.gypi:
      * WebCore.vcproj/WebCore.vcproj:
      * inspector/compile-front-end.py:
      * inspector/front-end/CSSNamedFlowCollectionsView.js:
      (WebInspector.CSSNamedFlowCollectionsView.prototype._appendNamedFlow):
      (WebInspector.CSSNamedFlowCollectionsView.prototype._removeNamedFlow):
      (WebInspector.CSSNamedFlowCollectionsView.prototype._updateNamedFlow):
      (WebInspector.CSSNamedFlowCollectionsView.prototype._showNamedFlow):
      (WebInspector.CSSNamedFlowCollectionsView.prototype._selectNamedFlowInSidebar):
      (WebInspector.CSSNamedFlowCollectionsView.prototype._selectNamedFlowTab):
      (WebInspector.CSSNamedFlowCollectionsView.prototype._tabSelected):
      (WebInspector.CSSNamedFlowCollectionsView.prototype._tabClosed):
      (WebInspector.CSSNamedFlowCollectionsView.prototype.wasShown):
      (WebInspector.CSSNamedFlowCollectionsView.prototype.willHide):
      (WebInspector.FlowTreeElement):
      (WebInspector.FlowTreeElement.prototype.setOverset):
      * inspector/front-end/CSSNamedFlowView.js: Added.
      (WebInspector.CSSNamedFlowView):
      (WebInspector.CSSNamedFlowView.prototype._createFlowTreeOutline):
      (WebInspector.CSSNamedFlowView.prototype._insertContentNode):
      (WebInspector.CSSNamedFlowView.prototype._insertRegion):
      (WebInspector.CSSNamedFlowView.prototype.get flow):
      (WebInspector.CSSNamedFlowView.prototype.set flow):
      (WebInspector.CSSNamedFlowView.prototype._updateRegionOverset):
      (WebInspector.CSSNamedFlowView.prototype._mergeContentNodes):
      (WebInspector.CSSNamedFlowView.prototype._mergeRegions):
      (WebInspector.CSSNamedFlowView.prototype._update):
      * inspector/front-end/ElementsPanel.js:
      * inspector/front-end/Images/regionEmpty.png: Added.
      * inspector/front-end/Images/regionFit.png: Added.
      * inspector/front-end/Images/regionOverset.png: Added.
      * inspector/front-end/WebKit.qrc:
      * inspector/front-end/cssNamedFlows.css:
      (.css-named-flow-collections-view .split-view-sidebar-left .named-flow-overflow::before, .css-named-flow-collections-view .region-empty:before, .css-named-flow-collections-view .region-fit::before, .css-named-flow-collections-view .region-overset::before):
      (.css-named-flow-collections-view .split-view-sidebar-left .named-flow-overflow::before):
      (.css-named-flow-collections-view .region-empty::before):
      (.css-named-flow-collections-view .region-fit::before):
      (.css-named-flow-collections-view .region-overset::before):
      (.css-named-flow-collections-view .split-view-contents .named-flow-element):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128778 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      dcf76eea
    • mark.lam@apple.com's avatar
      Not reviewed. Added svn:eol-style native to unbreak some build bots. · e1673124
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96175.
      
      * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.vcproj: Added property svn:eol-style.
      * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcproj: Added property svn:eol-style.
      * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcproj: Added property svn:eol-style.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128777 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e1673124
    • zandobersek@gmail.com's avatar
      [Gtk] Remove configuration options for stable features that are currently enabled · b975a616
      zandobersek@gmail.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96621
      
      Reviewed by Martin Robinson.
      
      .: 
      
      Remove configuration flags that were used for either features that were enabled
      by default or were enabled only when unstable features support was enabled. In
      any case the feature was removed only if it does not introduce a dependency.
      
      * configure.ac:
      
      Source/WebCore: 
      
      Remove Automake conditional checking for features that are being removed in
      configure.ac. Unstable features that don't introduce dependencies are now
      disabled if necessary by being listed in the unstable feature defines overriding
      variable.
      
      No new tests - no new functionality.
      
      * GNUmakefile.am:
      * GNUmakefile.features.am:
      * bindings/gobject/GNUmakefile.am:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128776 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b975a616
    • commit-queue@webkit.org's avatar
      [Qt] Cleanup/refactor the user agent detection code · b4718afd
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96822
      
      Unreviewed build fix.
      
      Build fixes for Windows and Mac OS builds.
      
      Patch by Lauro Neto <lauro.neto@openbossa.org> on 2012-09-17
      
      * platform/qt/UserAgentQt.cpp:
      (WebCore::UserAgentQt::standardUserAgent):
      
          QLatin1String doesn't have a default contructor. Replaced #ifdef with #if.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128775 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b4718afd
    • andersca@apple.com's avatar
      Don't load a blocked plug-in if a non-blocked version of the same plug-in exists · 1ca22647
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96933
      <rdar://problem/12206720>
      
      Reviewed by Andreas Kling.
      
      If a plug-in with the same bundle identifier already exists and it's blocked, remove it and replace it
      with the other version.
      
      * UIProcess/Plugins/mac/PluginInfoStoreMac.mm:
      (WebKit::PluginInfoStore::shouldUsePlugin):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128774 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1ca22647
    • jsbell@chromium.org's avatar
      [Chromium] IndexedDB: Remove legacy two-phase open() API members · cd58f28e
      jsbell@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96802
      
      Reviewed by Tony Chang.
      
      Following http://webkit.org/b/90411 and subsequent cleanup on the Chromium side,
      these entry points are no longer needed.
      
      * public/WebIDBDatabase.h: Delete old second-phase open(db-callbacks)
      * public/WebIDBFactory.h: Delete old first-phase open() w/o db-callbacks
      * src/WebIDBDatabaseImpl.cpp: No longer need to account for a close between phases.
      (WebKit::WebIDBDatabaseImpl::WebIDBDatabaseImpl):
      (WebKit::WebIDBDatabaseImpl::close):
      (WebKit::WebIDBDatabaseImpl::forceClose):
      * src/WebIDBDatabaseImpl.h:
      (WebIDBDatabaseImpl):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128773 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cd58f28e
    • tonikitoo@webkit.org's avatar
      [BlackBerry] [FullScreen] entering/leaving fullscreen results in temporary glitches on the screen · f6b8ed13
      tonikitoo@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=96927
      PR #180866
      
      Reviewed by Yong Li.
      Patch by Antonio Gomes <agomes@rim.com>
      
      Suspend backing store and screen updates while entering fullscreen,
      and only resume at the end, when viewport is resized.
      
      * Api/WebPage.cpp:
      (BlackBerry::WebKit::WebPagePrivate::WebPagePrivate):
      (BlackBerry::WebKit::WebPagePrivate::setViewportSize):
      * Api/WebPage_p.h:
      (WebPagePrivate):
      * WebCoreSupport/ChromeClientBlackBerry.cpp:
      (WebCore::ChromeClientBlackBerry::enterFullScreenForElement):
      (WebCore::ChromeClientBlackBerry::exitFullScreenForElement):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128772 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f6b8ed13
    • mark.lam@apple.com's avatar
      Added MSVC project changes to enable building the llint. · 1a6f3764
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96175.
      
      Reviewed by Geoff Garen.
      
      This only adds the ability to build the llint, but currently, only the
      C++ backend is supported. By default, the Windows port will remain
      running with the baseline JIT.  The llint will not be enabled.
      
      Source/JavaScriptCore: 
      
      * JavaScriptCore.vcproj/JavaScriptCore.sln:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/LLIntAssembly: Added.
      * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.make: Added.
      * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.vcproj: Added.
      * JavaScriptCore.vcproj/LLIntAssembly/build-LLIntAssembly.sh: Added.
      * JavaScriptCore.vcproj/LLIntDesiredOffsets: Added.
      * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.make: Added.
      * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcproj: Added.
      * JavaScriptCore.vcproj/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: Added.
      * JavaScriptCore.vcproj/LLIntOffsetsExtractor: Added.
      * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcproj: Added.
      * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops: Added.
      * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.vsprops: Added.
      * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.vsprops: Added.
      
      Source/WebKit/win: 
      
      * WebKit.vcproj/WebKit.sln:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128771 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1a6f3764
    • commit-queue@webkit.org's avatar
      Updates to the useragent patch · 1647d45f
      commit-queue@webkit.org authored
      [Qt] Cleanup/refactor the user agent detection code
      https://bugs.webkit.org/show_bug.cgi?id=96822
      
      Patch by Lauro Neto <lauro.neto@openbossa.org> on 2012-09-17
      Reviewed by Simon Hausmann.
      
      Replaced Q_WS_*/Q_OS_* with WTF OS/CPU detection macros.
      Cleanup the check for unsupported OS.
      Replaced QString.arg() usage with simple string concatenation.
      
      * platform/qt/UserAgentQt.cpp:
      (WebCore::UserAgentQt::standardUserAgent):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128770 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1647d45f
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r128759. · aeea9832
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/128759
      https://bugs.webkit.org/show_bug.cgi?id=96929
      
      New assertion hit on multiple platforms (Requested by carewolf
      on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2012-09-17
      
      * dom/Document.cpp:
      (WebCore::Document::updateHoverActiveState):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128769 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      aeea9832