1. 15 Sep, 2011 40 commits
    • mhahnenberg@apple.com's avatar
      Unzip initialization lists and constructors in JSCell hierarchy (7/7) · 16e0df51
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68122
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore:
      
      Completed the seventh and final level of the refactoring to add finishCreation()
      methods to all classes within the JSCell hierarchy with non-trivial
      constructor bodies.
      
      JSCallbackObject was missed in previous patches due to the fact that
      it's non-obvious (at least to my script) that it is in the JSCell hierarchy, so
      this is just a bit of retroactive cleanup.
      
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObject::create):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::JSCallbackObject):
      
      Source/WebCore:
      
      No new tests.
      
      Completed the seventh and final level of the refactoring to add finishCreation()
      methods to all classes within the JSCell hierarchy with non-trivial
      constructor bodies.
      
      This consists of moving the finishCreation() method call into the create methods
      of the sixth level of the hierarchy as was done in previous patches.
      
      The special cases for JSAudioConstructor, JSOptionConstructor, and JSImageConstructor
      were also lumped in and given finishCreation() methods that are called in their
      create methods because we are at the end and want to avoid a trivial patch just
      for moving their finishCreation() methods from their constructor to their create method.
      
      * bindings/js/JSAudioConstructor.cpp:
      (WebCore::JSAudioConstructor::JSAudioConstructor):
      (WebCore::JSAudioConstructor::finishCreation):
      * bindings/js/JSAudioConstructor.h:
      (WebCore::JSAudioConstructor::create):
      * bindings/js/JSDOMBinding.h:
      (WebCore::DOMConstructorWithDocument::DOMConstructorWithDocument):
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::JSDOMWindowBase):
      * bindings/js/JSImageConstructor.cpp:
      (WebCore::JSImageConstructor::JSImageConstructor):
      (WebCore::JSImageConstructor::finishCreation):
      * bindings/js/JSImageConstructor.h:
      (WebCore::JSImageConstructor::create):
      * bindings/js/JSOptionConstructor.cpp:
      (WebCore::JSOptionConstructor::JSOptionConstructor):
      (WebCore::JSOptionConstructor::finishCreation):
      * bindings/js/JSOptionConstructor.h:
      (WebCore::JSOptionConstructor::create):
      * bindings/js/JSWorkerContextBase.cpp:
      (WebCore::JSWorkerContextBase::JSWorkerContextBase):
      
      The bindings generation script was also changed to move the finishCreation() call into the
      create methods for descendants of JSWorkerContextBase and JSDOMWindowBase because those base
      classes had it removed from their constructors.
      
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::create):
      (JSC::Bindings::CRuntimeMethod::CRuntimeMethod):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaRuntimeMethod::create):
      (JavaRuntimeMethod::JavaRuntimeMethod):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::create):
      (ObjCRuntimeMethod::ObjCRuntimeMethod):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
      (JSC::Bindings::QtRuntimeConnectionMethod::QtRuntimeConnectionMethod):
      * bridge/qt/qt_runtime.h:
      (JSC::Bindings::QtRuntimeMetaMethod::create):
      (JSC::Bindings::QtRuntimeConnectionMethod::create):
      
      Source/WebKit/mac:
      
      Completed the seventh and final level of the refactoring to add finishCreation()
      methods to all classes within the JSCell hierarchy with non-trivial
      constructor bodies.
      
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyRuntimeMethod::create):
      (WebKit::ProxyRuntimeMethod::ProxyRuntimeMethod):
      * Plugins/Hosted/ProxyRuntimeObject.h:
      (WebKit::ProxyRuntimeObject::create):
      * Plugins/Hosted/ProxyRuntimeObject.mm:
      (WebKit::ProxyRuntimeObject::ProxyRuntimeObject):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95250 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      16e0df51
    • haraken@google.com's avatar
      A single line must not be split into two pages. · 89fcc858
      haraken@google.com authored
      https://bugs.webkit.org/show_bug.cgi?id=65005
      
      Reviewed by David Hyatt.
      
      When the document width of a page is overflowed, the last line of the page can be
      split into the next page. This is the regression caused by r88737. r88737 tried to
      fix rounding errors in rendering calculations by expanding and shrinking a page
      using one common method, resizePageRectsKeepingRatio(), but overlooked the case where
      a document width gets overflowed.
      
      Source/WebCore:
      
      This patch fixes the problem by also using resizePageRectsKeepingRatio() for the case
      where the document width gets overflowed.
      
      Test: printing/single-line-must-not-be-split-into-two-pages.html
      
      * WebCore.exp.in: Updated the signature of forceLayoutForPagination().
      * page/Frame.cpp:
      (WebCore::Frame::setPrinting): Added a new argument |originalPageSize|, which is an original page size before being expanded or shrunk.
      * page/Frame.h:
      * page/FrameView.cpp:
      (WebCore::FrameView::forceLayoutForPagination): Uses resizePageRectsKeepingRatio() in the case where the document width gets overflowed.
      * page/FrameView.h:
      * page/PrintContext.cpp:
      (WebCore::PrintContext::begin): Passes an original page size to setPrinting().
      (WebCore::PrintContext::end): Ditto.
      
      Source/WebKit/mac:
      
      Test: printing/single-line-must-not-be-split-into-two-pages.html
      
      * WebView/WebHTMLView.mm:
      (-[WebHTMLView _web_setPrintingModeRecursive]): Passes an original page size to setPrinting().
      (-[WebHTMLView _web_clearPrintingModeRecursive]): Ditto.
      (-[WebHTMLView _web_setPrintingModeRecursiveAndAdjustViewSize]): Ditto.
      (-[WebHTMLView _beginPrintModeWithMinimumPageWidth:height:maximumPageWidth:]): Ditto.
      (-[WebHTMLView _beginPrintModeWithPageWidth:height:shrinkToFit:]): Ditto.
      (-[WebHTMLView _endPrintMode]): Ditto.
      (-[WebHTMLView _beginScreenPaginationModeWithPageSize:shrinkToFit:]): Ditto.
      (-[WebHTMLView _endScreenPaginationMode]): Ditto.
      (-[WebHTMLView layoutToMinimumPageWidth:height:originalPageWidth:originalPageHeight:maximumShrinkRatio:adjustingViewSize:]): Ditto.
      (-[WebHTMLView layout]): Ditto.
      (-[WebHTMLView _setPrinting:minimumPageLogicalWidth:logicalHeight:originalPageWidth:originalPageHeight:maximumShrinkRatio:adjustViewSize:paginateScreenContent:]): Ditto.
      (-[WebHTMLView adjustPageHeightNew:top:bottom:limit:]): Ditto.
      (-[WebHTMLView setPageWidthForPrinting:]): Ditto.
      
      Source/WebKit/win:
      
      Test: printing/single-line-must-not-be-split-into-two-pages.html
      
      * WebFrame.cpp:
      (WebFrame::setPrinting): Passes an original page size to setPrinting().
      (WebFrame::setInPrintingMode): Ditto.
      * WebFrame.h:
      
      LayoutTests:
      
      The added test checks if the last line does not split across pages.
      
      * platform/chromium/test_expectations.txt: Skipped the added test since setPrinting() is not yet implemented.
      * platform/gtk/Skipped: Ditto.
      * platform/mac/printing/single-line-must-not-be-split-into-two-pages-expected.txt: Added.
      * platform/qt/Skipped: Ditto.
      * platform/win/Skipped: Ditto.
      * platform/wk2/Skipped: Ditto.
      * printing/single-line-must-not-be-split-into-two-pages.html: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95249 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      89fcc858
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r95243 and r95246. · e5837576
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/95243
      http://trac.webkit.org/changeset/95246
      https://bugs.webkit.org/show_bug.cgi?id=68202
      
      Broke the Windows build (Requested by smfr on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2011-09-15
      
      * WebCore.vcproj/WebCore.vcproj:
      * platform/graphics/ca/win/LayerChangesFlusher.cpp:
      (WebCore::LayerChangesFlusher::hookCallback):
      * platform/graphics/ca/win/PlatformCAAnimationWin.cpp:
      (PlatformCAAnimation::copy):
      * platform/win/StructuredExceptionHandlerSupressor.h: Removed.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95248 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e5837576
    • commit-queue@webkit.org's avatar
      Python version check is confusing in test-webkitpy · 052a028e
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68004
      
      Patch by Tom Zakrajsek <tomz@codeaurora.org> on 2011-09-15
      Reviewed by Adam Barth.
      
      * Scripts/test-webkitpy:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95247 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      052a028e
    • simon.fraser@apple.com's avatar
      Attempt to fix Windows build after r95243. · c3f6303c
      simon.fraser@apple.com authored
      * WebCore.vcproj/WebCore.vcproj:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95246 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c3f6303c
    • simon.fraser@apple.com's avatar
      Make custom scrollbar theme for use in DRT, to reduce pixel differences between platforms · 00bb3b6c
      simon.fraser@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68134
      
      Reviewed by James Robinson.
      
      Add new scrollbar theme, called ScrollbarThemeMock, for use in layout
      tests. The mock scrollbar simply draws a light gray box in the track,
      with a dark gray box for the thumb.
      
      Add ScrollbarThemeMock files to the build on all platforms. It isn't hooked up yet.
      
      * CMakeLists.txt:
      * CMakeListsEfl.txt:
      * CMakeListsWinCE.txt:
      * GNUmakefile.list.am:
      * WebCore.gypi:
      * WebCore.pro:
      * WebCore.vcproj/WebCore.vcproj:
      * WebCore.xcodeproj/project.pbxproj:
      * platform/mac/ScrollbarThemeMac.mm:
      (WebCore::ScrollbarTheme::nativeTheme):
      * platform/mock/ScrollbarThemeMock.cpp: Added.
      (WebCore::ScrollbarThemeMock::trackRect):
      (WebCore::ScrollbarThemeMock::scrollbarThickness):
      (WebCore::ScrollbarThemeMock::paintTrackBackground):
      (WebCore::ScrollbarThemeMock::paintThumb):
      * platform/mock/ScrollbarThemeMock.h: Added.
      (WebCore::ScrollbarThemeMock::hasButtons):
      (WebCore::ScrollbarThemeMock::hasThumb):
      (WebCore::ScrollbarThemeMock::backButtonRect):
      (WebCore::ScrollbarThemeMock::forwardButtonRect):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95245 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      00bb3b6c
    • bdakin@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=67884 · fad0426a
      bdakin@apple.com authored
      Delete button icon does not properly update when the device resolution changes 
      dynamically
      -and corresponding-
      <rdar://problem/10104632>
      
      Reviewed by Darin Adler.
      
      In DeleteButtonController::deviceScaleFactorChanged(), if the delete button is 
      currently showing, hide it and re-show it, forcing it to re-create the deletion 
      UI.
      * editing/DeleteButtonController.cpp:
      (WebCore::DeleteButtonController::deviceScaleFactorChanged):
      * editing/DeleteButtonController.h:
      * editing/Editor.cpp:
      (WebCore::Editor::deviceScaleFactorChanged):
      * editing/Editor.h:
      
      Iterate through all of the frames and propagate the deviceScaleFactorChange() 
      message to Editor.
      * page/Page.cpp:
      (WebCore::Page::setDeviceScaleFactor):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95244 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fad0426a
    • cmarrin@apple.com's avatar
      2011-09-15 Chris Marrin <cmarrin@apple.com> · 2172adae
      cmarrin@apple.com authored
              Crash can occur when doing a PlatformCAAnimation::copy() with no valueFunction
              https://bugs.webkit.org/show_bug.cgi?id=67510
      
              Reviewed by Adam Roben.
              
              Another fix to take care of one last crash when running pause-crash.html.
              CACF can't deal with null valueFunctions, so avoid setting it when it doesn't 
              exist.
              
              This also adds logic to the Windows Hook in LayerChangesFlusher to prevent it
              from catching the null pointer exception generated by the pause-crash.html test
              before this bug was fixed. Windows was ignoring the exception, so the testcase
              would appear to succeed, even though it should have crashed.
      
              * WebCore.vcproj/WebCore.vcproj:
              * platform/graphics/ca/win/LayerChangesFlusher.cpp:
              (WebCore::LayerChangesFlusher::hookCallback):
              * platform/graphics/ca/win/PlatformCAAnimationWin.cpp:
              (PlatformCAAnimation::copy):
              * platform\win\StructuredExceptionHandlerSupressor.h: New file to encapsulate the exception handling supression.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95243 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2172adae
    • hyatt@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=27579 · 218bf7d9
      hyatt@apple.com authored
              
      Make sure that the border shorthand also resets border-image.
      
      Reviewed by Beth Dakin.
      
      Source/WebCore: 
      
      Added fast/borders/border-image-reset-by-border-shorthand.html.
      
      * css/CSSParser.cpp:
      (WebCore::CSSParser::parseValue):
      
      LayoutTests: 
      
      * fast/borders/border-image-reset-by-border-shorthand-expected.txt: Added.
      * fast/borders/border-image-reset-by-border-shorthand.html: Added.
      * fast/borders/border-image-scaled-gradient.html:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95242 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      218bf7d9
    • levin@chromium.org's avatar
      [chromium] Rebaselines due to r95203 and r95207. · 7eb283a8
      levin@chromium.org authored
      Also misc test_expectations additions.
      
      * platform/chromium-cg-mac/fast/box-shadow/no-blur-multiple-offsets-expected.png: Added.
      * platform/chromium-linux/fast/box-shadow/no-blur-multiple-offsets-expected.png: Added.
      * platform/chromium-mac/fast/box-shadow/no-blur-multiple-offsets-expected.png: Added.
      * platform/chromium-win/fast/box-shadow/no-blur-multiple-offsets-expected.png: Added.
      * platform/chromium/fast/dom/NodeList/nodelist-item-call-as-function-expected.txt: Added.
      * platform/chromium/test_expectations.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95241 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7eb283a8
    • fpizlo@apple.com's avatar
      The DFG non-speculative JIT is no longer used and should be removed. · 903c378f
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68177
      
      Reviewed by Geoffrey Garen.
              
      This removes the non-speculative JIT and everything that relied on it,
      including the ability to turn on DFG but not tiered compilation the,
      ability to perform speculation failure into non-speculative JIT code,
      and the ability to statically terminate speculation.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.pro:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.h:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitLoopHint):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::getStrongPrediction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGenerationInfo.h:
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::predictArgumentTypes):
      * dfg/DFGJITCodeGenerator.cpp:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::compileBody):
      * dfg/DFGJITCompiler.h:
      * dfg/DFGNode.h:
      * dfg/DFGNonSpeculativeJIT.cpp: Removed.
      * dfg/DFGNonSpeculativeJIT.h: Removed.
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGPropagator.cpp:
      * dfg/DFGPropagator.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::osrExits):
      (JSC::DFG::SpeculativeJIT::speculationRecovery):
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      * jit/JITCode.h:
      (JSC::JITCode::bottomTierJIT):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      * wtf/Platform.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95240 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      903c378f
    • hyatt@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=50072 · d85d33e4
      hyatt@apple.com authored
              
      Make overflow clipping to border-radius work across layers. This patch makes painting
      work but does not attempt to fix hit testing. It also doesn't work when a composited
      layer is clipped by a non-composited ancestor.
      
      Add a new ClipRect class (used by ClipRects and RenderLayer) that is basically just tracking
      a rect and a border radius taint. At the time we set a clip, if the rectangle is listed
      as also being clipped by a radius, then we walk up the layer tree and push those inner border
      rounded rect clips for any overflow areas in the containing block chain.
      
      Reviewed by Beth Dakin.
      
      Source/WebCore: 
      
      Added new tests in fast/clip.
      
      * rendering/RenderBox.cpp:
      (WebCore::RenderBox::pushContentsClip):
      * rendering/RenderLayer.cpp:
      (WebCore::inContainingBlockChain):
      (WebCore::RenderLayer::clipToRect):
      (WebCore::RenderLayer::restoreClip):
      (WebCore::RenderLayer::paintLayer):
      (WebCore::RenderLayer::hitTestLayer):
      (WebCore::RenderLayer::calculateClipRects):
      (WebCore::RenderLayer::backgroundClipRect):
      (WebCore::RenderLayer::calculateRects):
      (WebCore::RenderLayer::childrenClipRect):
      (WebCore::RenderLayer::selfClipRect):
      * rendering/RenderLayer.h:
      (WebCore::ClipRect::ClipRect):
      (WebCore::ClipRect::rect):
      (WebCore::ClipRect::setRect):
      (WebCore::ClipRect::hasRadius):
      (WebCore::ClipRect::setHasRadius):
      (WebCore::ClipRect::operator==):
      (WebCore::ClipRect::intersect):
      (WebCore::ClipRect::move):
      (WebCore::ClipRect::isEmpty):
      (WebCore::ClipRect::intersects):
      (WebCore::intersection):
      (WebCore::ClipRects::overflowClipRect):
      (WebCore::ClipRects::setOverflowClipRect):
      (WebCore::ClipRects::fixedClipRect):
      (WebCore::ClipRects::setFixedClipRect):
      (WebCore::ClipRects::posClipRect):
      (WebCore::ClipRects::setPosClipRect):
      * rendering/RenderLayerBacking.cpp:
      (WebCore::RenderLayerBacking::updateCompositedBounds):
      (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
      (WebCore::RenderLayerBacking::paintIntoLayer):
      * rendering/RenderLayerCompositor.cpp:
      (WebCore::RenderLayerCompositor::addToOverlapMap):
      (WebCore::RenderLayerCompositor::clippedByAncestor):
      * rendering/RenderTreeAsText.cpp:
      (WebCore::writeLayers):
      
      LayoutTests: 
      
      * fast/clip/overflow-border-radius-combinations.html: Added.
      * fast/clip/overflow-border-radius-composited.html: Added.
      * fast/clip/overflow-border-radius-transformed.html: Added.
      * platform/mac/fast/clip/overflow-border-radius-combinations-expected.png: Added.
      * platform/mac/fast/clip/overflow-border-radius-combinations-expected.txt: Added.
      * platform/mac/fast/clip/overflow-border-radius-composited-expected.png: Added.
      * platform/mac/fast/clip/overflow-border-radius-composited-expected.txt: Added.
      * platform/mac/fast/clip/overflow-border-radius-transformed-expected.png: Added.
      * platform/mac/fast/clip/overflow-border-radius-transformed-expected.txt: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95239 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d85d33e4
    • eric@webkit.org's avatar
      Reviewed by Adam Barth. · 5e37ada8
      eric@webkit.org authored
      webkit-patch should be able to find users and add them to bugzilla groups
      https://bugs.webkit.org/show_bug.cgi?id=63351
      
      These are both very basic commands.  But it's now possible to find
      all users matching a regexp, as well as add all users matching a regexp
      to a set of groups.
      
      bugzilla.py already knew how to find users (for validate-committer-lists)
      but now it has the ability to modify the user records.
      
      I split some of the logic out into a new EditUsersParser class
      to try and reduce the amount of code in Bugzilla/BugzillaQueries.
      
      * Scripts/webkitpy/common/net/bugzilla/bugzilla.py:
      * Scripts/webkitpy/common/net/bugzilla/bugzilla_unittest.py:
      * Scripts/webkitpy/tool/commands/__init__.py:
      * Scripts/webkitpy/tool/commands/adduserstogroups.py: Added.
      * Scripts/webkitpy/tool/commands/findusers.py: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95238 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5e37ada8
    • jchaffraix@webkit.org's avatar
      Source/WebCore: Crash in RenderBox::paintMaskImages due to a mask without an associated image · e3cc0336
      jchaffraix@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=50151
      
      Reviewed by Simon Fraser.
      
      Test: fast/css/empty-webkit-mask-crash.html
      
      The crash stems from the fact that FillLayer::hasImage would walk over the linked list
      of FillLayers and return true if one had an image. This means that hasImage() is true
      does not mean that image() is non-NULL on all FillLayers.
      
      * rendering/RenderBox.cpp:
      (WebCore::RenderBox::paintMaskImages): Simplify the logic by doing the hasImage() check up-front
      and properly check image() for each FillLayers. This has the nice benefit of changing the complexity
      from O(n^2) to O(n), which was what the code expected anyway.
      
      LayoutTests: Test for: Crash in RenderBox::paintMaskImages due to a mask without an associated image
      https://bugs.webkit.org/show_bug.cgi?id=50151
      
      Reviewed by Simon Fraser.
      
      * fast/css/empty-webkit-mask-crash-expected.png: Added.
      * fast/css/empty-webkit-mask-crash-expected.txt: Added.
      * fast/css/empty-webkit-mask-crash.html: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95235 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e3cc0336
    • eric@webkit.org's avatar
      Remove ENABLE(SVG_AS_IMAGE) since all major ports have it on by default · 7aeb4bb9
      eric@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68182
      
      Reviewed by Adam Barth.
      
      .:
      
      * configure.ac:
      
      Source/JavaScriptCore:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebCore:
      
      * Configurations/FeatureDefines.xcconfig:
      * DerivedSources.make:
      * GNUmakefile.am:
      * features.pri:
      * loader/cache/CachedImage.cpp:
      (WebCore::CachedImage::createImage):
      
      Source/WebKit/chromium:
      
      * features.gypi:
      
      Source/WebKit/mac:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Tools:
      
      * Scripts/build-webkit:
      * waf/build/settings.py:
      
      WebKitLibraries:
      
      * win/tools/vsprops/FeatureDefines.vsprops:
      * win/tools/vsprops/FeatureDefinesCairo.vsprops:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95234 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7aeb4bb9
    • fpizlo@apple.com's avatar
      DFG speculative JIT sometimes asserts that a value is not a number · 48964c9e
      fpizlo@apple.com authored
      even when it doesn't know anything about the number
      https://bugs.webkit.org/show_bug.cgi?id=68189
      
      Reviewed by Oliver Hunt.
      
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::GenerationInfo::isUnknownJS):
      * dfg/DFGJITCodeGenerator.cpp:
      (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95233 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      48964c9e
    • eric@webkit.org's avatar
      Unreviewed. Make contributor email look-up case-insensitive. · fa46c06d
      eric@webkit.org authored
      validate-committer-list was incorrectly reporting that "chang.shu@nokia.com"
      was missing from committers.py due to case sensitivity.
      
      This also includes a test expectations update to committers_unittest.py
      after my previous change.
      
      * Scripts/webkitpy/common/config/committers.py:
      * Scripts/webkitpy/common/config/committers_unittest.py:
      * Scripts/webkitpy/tool/bot/irc_command_unittest.py:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95232 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fa46c06d
    • eric@webkit.org's avatar
      Unreviewed. Updated this based on webkit-patch suggest-nominations and... · fad70139
      eric@webkit.org authored
      Unreviewed.  Updated this based on webkit-patch suggest-nominations and validate-committer-list output.
      
      Add a bunch of email aliases to committers.py for regular contributors
      who are committing using other email addresses than they have listed in the file.
      
      * Scripts/webkitpy/common/config/committers.py:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95231 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fad70139
    • fpizlo@apple.com's avatar
      All of the functionality in the non-speculative JIT should be · 94250362
      fpizlo@apple.com authored
      available to the speculative JIT via helper methods
      https://bugs.webkit.org/show_bug.cgi?id=68186
      
      Reviewed by Oliver Hunt.
              
      Stole all of the goodness from NonSpeculativeJIT and placed it
      in JITCodeGenerator.  Left all of the badness (i.e. subtle code
      duplication with SpeculativeJIT, etc).  This is in preparation
      for removing the NonSpeculativeJIT entirely, but having its
      goodness available for reuse in the SpeculativeJIT if necessary.
      
      * dfg/DFGJITCodeGenerator.cpp:
      (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
      * dfg/DFGJITCodeGenerator.h:
      (JSC::DFG::JITCodeGenerator::nonSpeculativeAdd):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeArithSub):
      * dfg/DFGNonSpeculativeJIT.cpp:
      (JSC::DFG::NonSpeculativeJIT::compile):
      * dfg/DFGNonSpeculativeJIT.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95230 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      94250362
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r95167. · aaa09121
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/95167
      https://bugs.webkit.org/show_bug.cgi?id=68191
      
      Patch needs further work. (Requested by mhahnenberg on
      #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2011-09-15
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * runtime/JSCell.cpp:
      (JSC::JSCell::toBoolean):
      * runtime/JSCell.h:
      (JSC::JSCell::JSValue::toBoolean):
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::toBoolean):
      * runtime/JSNotAnObject.h:
      * runtime/JSObject.h:
      * runtime/JSString.h:
      * runtime/StringObjectThatMasqueradesAsUndefined.h:
      (JSC::StringObjectThatMasqueradesAsUndefined::toBoolean):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95229 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      aaa09121
    • aestes@apple.com's avatar
      Having an empty listener to beforeload events changes the behavior of other scripts · 04a34e62
      aestes@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=45586
      
      Reviewed by Darin Adler.
      
      Source/WebCore:
      
      Test: fast/dom/beforeload/cached-image-before-load.html
      
      When loading a cached image after a beforeload handler has been
      installed on the document, ImageLoader would dispatch both the
      beforeload and load events asynchronously in such a way that caused
      load to fire first. Since a side effect of firing the beforeload event
      is to wire up the CachedImage to its associated RenderImage object,
      this work was not done by the time load fired, and scripts that queried
      renderer-dependent attributes of the image in an onload handler would
      get bogus values in return.
      
      Fix this by ensuring load fires after beforeload in the cached image case.
      
      * loader/ImageLoader.cpp:
      (WebCore::ImageLoader::updateFromElement): Call setClient() after
      dispatching beforeload, since setClient() will dispatch the load event
      if the image is cached.
      
      LayoutTests:
      
      * fast/dom/beforeload/cached-image-before-load-expected.txt: Added.
      * fast/dom/beforeload/cached-image-before-load.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95228 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      04a34e62
    • andersca@apple.com's avatar
      Remove ScrollView::platformContentsSize · 4974c517
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68188
      
      Reviewed by Darin Adler.
      
      Since ScrollView keeps track of the contents size in ScrollView::m_contentsSize, we never
      have to ask the underlying platform scroll view for contents size since it should always just
      be equal to m_contentsSize.
      
      * platform/ScrollView.cpp:
      (WebCore::ScrollView::contentsSize):
      (WebCore::ScrollView::wheelEvent):
      * platform/ScrollView.h:
      * platform/mac/ScrollViewMac.mm:
      * platform/wx/ScrollViewWx.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95227 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4974c517
    • jonlee@apple.com's avatar
      Submitting a form with target=_blank works only once · 3d7196a2
      jonlee@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=28633
      <rdar://problem/7357787>
      
      Reviewed by Andy Estes.
      
      Source/WebCore:
      
      Test: fast/forms/submit-to-blank-multiple-times.html
      
      The call to reset the multiple form submission bool is pushed down from the mouseDown handler to
      handleMousePressEvent(), to include WK2 coverage, similar to keyEvent.
      
      * page/EventHandler.cpp:
      (WebCore::EventHandler::handleMousePressEvent):
      (WebCore::EventHandler::keyEvent): clarified old FIXME comment. Both key events and mouse events
      may submit a form multiple times, but the call to reset the handler should probably be in another
      abstraction layer.
      * page/mac/EventHandlerMac.mm:
      (WebCore::EventHandler::mouseDown):
      
      Source/WebKit/chromium:
      
      * src/WebViewImpl.cpp:
      (WebKit::WebViewImpl::mouseDown): Remove call to resetMultipleFormSubmissionProtection() since
      it will be made in platform-independent function EventHandler::handleMousePressEvent().
      
      LayoutTests:
      
      New test that simulates mouse clicking submit button twice (which didn't work), as well as using the keyboard twice (which did work).
      
      * fast/forms/resources/submit-to-blank-multiple-times-form-action.html: Added.
      * fast/forms/submit-to-blank-multiple-times-expected.txt: Added.
      * fast/forms/submit-to-blank-multiple-times.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95226 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3d7196a2
    • fpizlo@apple.com's avatar
      Unreviewed build fix for platforms that expect a linkable symbol · 72c1a21d
      fpizlo@apple.com authored
      for primitive static const's.
      
      * bytecode/CodeBlock.h:
      * jit/JIT.cpp:
      (JSC::JIT::emitOptimizationCheck):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95225 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      72c1a21d
    • levin@chromium.org's avatar
      [chromium] Add missing GPU-CG to one of the expectations. · 465c6dd5
      levin@chromium.org authored
      * platform/chromium/test_expectations.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95224 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      465c6dd5
    • commit-queue@webkit.org's avatar
      XMLDocumentParserQt.cpp incorrectly converts 0-based number into 1-based number · 54d1f172
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=63540
      
      Source/WebCore:
      
      ZeroBasedNumber/OneBasedNumber are used in more places, inconsistency
      in xml parser is fixed.
      
      Patch by Peter Rybin <peter.rybin@gmail.com> on 2011-09-15
      Reviewed by Adam Barth.
      
      * bindings/js/ScriptController.cpp:
      (WebCore::ScriptController::eventHandlerLineNumber):
      * dom/ScriptableDocumentParser.h:
      * dom/StyleElement.cpp:
      (WebCore::StyleElement::StyleElement):
      * dom/ViewportArguments.cpp:
      (WebCore::parserLineNumber):
      * html/parser/HTMLDocumentParser.cpp:
      (WebCore::HTMLDocumentParser::lineNumber):
      * html/parser/HTMLDocumentParser.h:
      * inspector/InspectorResourceAgent.cpp:
      (WebCore::InspectorResourceAgent::buildInitiatorObject):
      * svg/SVGDocumentExtensions.cpp:
      (WebCore::parserLineNumber):
      * xml/parser/NewXMLDocumentParser.cpp:
      (WebCore::NewXMLDocumentParser::lineNumber):
      * xml/parser/NewXMLDocumentParser.h:
      * xml/parser/XMLDocumentParser.cpp:
      (WebCore::XMLDocumentParser::pushCurrentNode):
      * xml/parser/XMLDocumentParser.h:
      * xml/parser/XMLDocumentParserLibxml2.cpp:
      (WebCore::PendingCallbacks::appendErrorCallback):
      (WebCore::XMLDocumentParser::doWrite):
      (WebCore::XMLDocumentParser::startElementNs):
      (WebCore::XMLDocumentParser::error):
      (WebCore::XMLDocumentParser::lineNumber):
      (WebCore::XMLDocumentParser::columnNumber):
      (WebCore::XMLDocumentParser::textPosition):
      * xml/parser/XMLDocumentParserQt.cpp:
      (WebCore::XMLDocumentParser::doWrite):
      (WebCore::XMLDocumentParser::doEnd):
      (WebCore::XMLDocumentParser::lineNumber):
      (WebCore::XMLDocumentParser::columnNumber):
      (WebCore::XMLDocumentParser::textPosition):
      (WebCore::XMLDocumentParser::parse):
      (WebCore::XMLDocumentParser::parseStartElement):
      
      LayoutTests:
      
      Bug is fixed, incorrect test expectations are properly fixed (line
      number '0' is reported no more).
      
      Patch by Peter Rybin <peter.rybin@gmail.com> on 2011-09-15
      Reviewed by Adam Barth.
      
      * fast/parser/changing-attrbutes-crash-expected.txt:
      * html5lib/runner-expected.txt:
      * platform/chromium/html5lib/runner-expected.txt:
      * svg/custom/invalid-length-units-expected.txt:
      * svg/custom/poly-parsing-error-expected.txt:
      * svg/custom/svg-parse-overflow-1-expected.txt:
      * svg/custom/svg-parse-overflow-2-expected.txt:
      * svg/custom/svg-parse-overflow-3-expected.txt:
      * svg/custom/svg-parse-overflow-4-expected.txt:
      * svg/custom/svg-parse-overflow-5-expected.txt:
      * svg/dom/fuzz-path-parser-expected.txt:
      * svg/dom/path-parser-expected.txt:
      * svg/dom/points-parser-expected.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95223 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      54d1f172
    • pkasting@chromium.org's avatar
      Fix WebCore.gypi after r95130. · 45cfba36
      pkasting@chromium.org authored
      Unreviewed, build fix.
      
      * WebCore.gypi:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95222 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      45cfba36
    • fpizlo@apple.com's avatar
      Unreviewed build fix for assertion on existence of alternative · 53aeecc3
      fpizlo@apple.com authored
      CodeBlock.
      
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::predictArgumentTypes):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95221 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      53aeecc3
    • fpizlo@apple.com's avatar
      Value profiles collect no information for global variables · 60831dde
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68143
      
      Reviewed by Geoffrey Garen.
              
      17% speed-up on string-fasta.  Neutral elsewhere.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getStrongPrediction):
      (JSC::DFG::ByteCodeParser::stronglyPredict):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_global_var):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95219 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      60831dde
    • levin@chromium.org's avatar
      [chromium] Add temporary exception while bots catch up to r95203. · 21ed77e1
      levin@chromium.org authored
      * platform/chromium/test_expectations.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95218 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      21ed77e1
    • eric@webkit.org's avatar
      Remove ENABLE_SVG_ANIMATION as all major ports have it on by default · bb92e948
      eric@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68022
      
      Reviewed by Ryosuke Niwa.
      
      .:
      
      * Source/cmake/OptionsEfl.cmake:
      * Source/cmake/OptionsWinCE.cmake:
      * Source/cmakeconfig.h.cmake:
      * configure.ac:
      
      Source/JavaScriptCore:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebCore:
      
      * Configurations/FeatureDefines.xcconfig:
      * DerivedSources.make:
      * GNUmakefile.am:
      * features.pri:
      * page/DOMWindow.idl:
      * svg/svgtags.in:
      
      Source/WebKit/chromium:
      
      * features.gypi:
      
      Source/WebKit/mac:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Tools:
      
      * Scripts/build-webkit:
      * waf/build/settings.py:
      
      WebKitLibraries:
      
      * win/tools/vsprops/FeatureDefines.vsprops:
      * win/tools/vsprops/FeatureDefinesCairo.vsprops:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95216 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bb92e948
    • barraclough@apple.com's avatar
      Ooops, revert accidentally commited unreviewed changes. · 11bb59c5
      barraclough@apple.com authored
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_jfalse):
      (JSC::JIT::emit_op_jtrue):
      * jit/JSInterfaceJIT.h:
      * runtime/JSValue.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95214 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      11bb59c5
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r95163. · d0d44b72
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/95163
      https://bugs.webkit.org/show_bug.cgi?id=68180
      
      [Qt] The QT_GCC_X variables were removed in Qt5 by accident.
      (Requested by darktears on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2011-09-15
      
      .:
      
      * Source/WebKit.pri:
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.pro:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95212 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d0d44b72
    • barraclough@apple.com's avatar
      Windows build fix p1. · 399acfea
      barraclough@apple.com authored
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_jfalse):
      (JSC::JIT::emit_op_jtrue):
      * jit/JSInterfaceJIT.h:
      * runtime/JSValue.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95208 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      399acfea
    • mdelaney@apple.com's avatar
      REGRESSION (Safari 5.1-r95043): Incorrect box-shadow offset · bf7350ca
      mdelaney@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68041
      
      Reviewed by Dan Bernstein.
      
      Source/WebCore: 
      
      Test: fast/box-shadow/no-blur-multiple-offsets.html
      
      * platform/graphics/cg/GraphicsContextCG.cpp:
      (WebCore::GraphicsContext::setPlatformShadow): Add hack back in for Lion if
      context is not accelerated.
      
      LayoutTests: 
      
      * fast/box-shadow/no-blur-multiple-offsets-expected.txt: Added.
      * fast/box-shadow/no-blur-multiple-offsets.html: Added.
      * platform/mac/fast/box-shadow/no-blur-multiple-offsets-expected.png: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95207 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bf7350ca
    • fpizlo@apple.com's avatar
      Tiered compilation should be enabled by default on platforms · 48b64ec1
      fpizlo@apple.com authored
      that support the DFG JIT
      https://bugs.webkit.org/show_bug.cgi?id=68136
      
      Reviewed by Sam Weinig.
              
      Neutral on SunSpider, 4% speed-up on V8, and 19% speed-up on
      Kraken.  Large progressions on some benchmarks, including
      3x on imaging-desaturate.
      
      * wtf/Platform.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95206 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      48b64ec1
    • barraclough@apple.com's avatar
      devirtualize preventExtensions · 00d4c0e2
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68176
      
      Reviewed by Oliver Hunt.
      
      This is virtual due to problems in JSFunction putting the prototype
      property, but we can fix this problem a different way, just setting
      the checkReadOnly flag to false in the put.
      
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getOwnPropertySlot):
      * runtime/JSFunction.h:
      * runtime/JSObject.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95205 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      00d4c0e2
    • simonjam@chromium.org's avatar
      2011-09-15 James Simonsen <simonjam@chromium.org> · 0730df50
      simonjam@chromium.org authored
              Ref protect HTMLObjectElement and HTMLEmbedElement while requesting plugins
              https://bugs.webkit.org/show_bug.cgi?id=68014
      
              Reviewed by Adam Barth.
      
              * plugins/destroy-during-npp-new-object-with-fallback-content-expected.txt: Added.
              * plugins/destroy-during-npp-new-object-with-fallback-content.html: Added. Derivative of destroy-during-npp-new.html.
      2011-09-15  James Simonsen  <simonjam@chromium.org>
      
              Ref protect HTMLObjectElement and HTMLEmbedElement while requesting plugins
              https://bugs.webkit.org/show_bug.cgi?id=68014
      
              Reviewed by Adam Barth.
      
              Test: plugins/destroy-during-npp-new.html under valgrind
                    plugins/destroy-during-npp-new-object-with-fallback-content.html under valgrind
      
              * html/HTMLEmbedElement.cpp:
              (WebCore::HTMLEmbedElement::updateWidget):
              * html/HTMLObjectElement.cpp:
              (WebCore::HTMLObjectElement::updateWidget):
      2011-09-15  James Simonsen  <simonjam@chromium.org>
      
              Ref protect HTMLObjectElement and HTMLEmbedElement while requesting plugins
              https://bugs.webkit.org/show_bug.cgi?id=68014
      
              Reviewed by Adam Barth.
      
              * src/FrameLoaderClientImpl.cpp:
              (WebKit::FrameLoaderClientImpl::createPlugin): Moved protection up to HTMLObjectElement and HTMLEmbedElement.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95204 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0730df50
    • weinig@apple.com's avatar
      Experiment with removing ability to call a collection (except document.all) · 45da0c9e
      weinig@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=67579
      
      Reviewed by Anders Carlsson.
      
      Source/WebCore: 
      
      At the request of the public-script-coord mailing list (specifically Brendan Eich, see
      http://lists.w3.org/Archives/Public/public-script-coord/2011JulSep/0360.html), this
      patch removes the ability to call a collection (either a NodeList or HTMLCollection,
      but not an HTMLAllCollection) as function, a syntax that we adopted to emulate IE.
      It is being landed to find out if there are any sites relying on this behavior of WebKit,
      or, if it is only used in IE only paths.  If we find sites are breaking, it should be rolled
      out and we should inform the public-script-coord mailing list.
      
      * bindings/js/JSHTMLAllCollectionCustom.cpp:
      Update comment.
      
      * bindings/js/JSHTMLCollectionCustom.cpp:
      * bindings/js/JSNodeListCustom.cpp:
      Remove custom call code.
      
      * bindings/scripts/CodeGeneratorV8.pm:
      Add support for V8CustomCall.
      
      * dom/NodeList.idl:
      * html/HTMLCollection.idl:
      Remove CustomCall.
      
      LayoutTests: 
      
      * fast/dom/Element/id-in-formcollection-expected.txt:
      * fast/dom/Element/id-in-formcollection.html:
      * fast/dom/HTMLOptionElement/collection-setter-getter-expected.txt:
      * fast/dom/HTMLOptionElement/collection-setter-getter.html:
      Don't use call syntax for tests that aren't explicitly testing it.
      
      * fast/dom/NodeList/nodelist-item-call-as-function-expected.txt:
      * fast/dom/NodeList/script-tests/nodelist-item-call-as-function.js:
      Update test to show that we throw on call.
      
      * fast/profiler/call-nodelist-as-function-expected.txt: Removed.
      * fast/profiler/call-nodelist-as-function.html: Removed.
      Remove test of removed feature.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95203 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      45da0c9e
    • levin@chromium.org's avatar
      [chromium] Attempt to fix the shared build after r95188. · f9c9df7c
      levin@chromium.org authored
      * WebKit.gyp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95202 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f9c9df7c