1. 23 Sep, 2011 40 commits
    • mrowe@apple.com's avatar
      Fix the build. · b54f3cd3
      mrowe@apple.com authored
      * loader/CrossOriginAccessControl.cpp:
      (WebCore::passesAccessControlCheck): Get rid of the exit-time destructor.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95903 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b54f3cd3
    • barraclough@apple.com's avatar
      Add JSVALUE32_64 support to DFG JIT · d910c0d8
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=67460
      
      Patch by Yuqiang Xian <yuqiang.xian@intel.com> on 2011-09-23
      Reviewed by Gavin Barraclough.
      
      This is the initial attempt to add JSVALUE32_64 support to DFG JIT.
      It's tested on IA32 Linux EFL port currently. It still cannot run
      all the test cases and benchmarks so should be turned off now.
              
      The major work includes:
      1) dealing with JSVALUE32_64 data format in DFG JIT;
      2) bindings between 64-bit JS Value and 32-bit registers;
      3) handling of function calls. Currently for DFG operation function
      calls we follow the X86 cdecl calling convention on Linux, and the
      implementation is in a naive way by pushing the arguments into stack
      one by one.
              
      The known issues include:
      1) some code duplicates unnecessarily, especially in Speculative JIT
      code generation, where most of the operations on SpeculataInteger /
      SpeculateDouble should be identical to the JSVALUE64 code. Refactoring
      is needed in the future;
      2) lack of op_call and op_construct support, comparing to current
      JSVALUE64 DFG;
      3) currently integer speculations assume to be StrictInt32;
      4) lack of JSBoolean speculations;
      5) boxing and unboxing doubles could be improved;
      6) DFG X86 register description is different with the baseline JIT,
      the timeoutCheckRegister is used for general purpose usage;
      7) calls to runtime functions with primitive double parameters (e.g.
      fmod) don't work. Support needs to be added to the assembler to
      implement the mechanism of passing double parameters for X86 cdecl
      convention.
              
      And there should be many other hidden bugs which should be exposed and
      resolved in later debugging process.
      
      * CMakeListsEfl.txt:
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::loadDouble):
      (JSC::MacroAssemblerX86::storeDouble):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::movsd_rm):
      * bytecode/StructureStubInfo.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGFPRInfo.h:
      (JSC::DFG::FPRInfo::debugName):
      * dfg/DFGGPRInfo.h:
      (JSC::DFG::GPRInfo::toRegister):
      (JSC::DFG::GPRInfo::toIndex):
      (JSC::DFG::GPRInfo::debugName):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::needDataFormatConversion):
      (JSC::DFG::GenerationInfo::initJSValue):
      (JSC::DFG::GenerationInfo::initDouble):
      (JSC::DFG::GenerationInfo::gpr):
      (JSC::DFG::GenerationInfo::tagGPR):
      (JSC::DFG::GenerationInfo::payloadGPR):
      (JSC::DFG::GenerationInfo::fpr):
      (JSC::DFG::GenerationInfo::fillJSValue):
      (JSC::DFG::GenerationInfo::fillCell):
      (JSC::DFG::GenerationInfo::fillDouble):
      * dfg/DFGJITCodeGenerator.cpp:
      * dfg/DFGJITCodeGenerator.h:
      (JSC::DFG::JITCodeGenerator::allocate):
      (JSC::DFG::JITCodeGenerator::use):
      (JSC::DFG::JITCodeGenerator::registersMatched):
      (JSC::DFG::JITCodeGenerator::silentSpillGPR):
      (JSC::DFG::JITCodeGenerator::silentFillGPR):
      (JSC::DFG::JITCodeGenerator::silentFillFPR):
      (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
      (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
      (JSC::DFG::JITCodeGenerator::boxDouble):
      (JSC::DFG::JITCodeGenerator::unboxDouble):
      (JSC::DFG::JITCodeGenerator::spill):
      (JSC::DFG::addressOfDoubleConstant):
      (JSC::DFG::integerResult):
      (JSC::DFG::jsValueResult):
      (JSC::DFG::setupResults):
      (JSC::DFG::callOperation):
      (JSC::JSValueOperand::JSValueOperand):
      (JSC::JSValueOperand::~JSValueOperand):
      (JSC::JSValueOperand::isDouble):
      (JSC::JSValueOperand::fill):
      (JSC::JSValueOperand::tagGPR):
      (JSC::JSValueOperand::payloadGPR):
      (JSC::JSValueOperand::fpr):
      (JSC::GPRTemporary::~GPRTemporary):
      (JSC::GPRTemporary::gpr):
      (JSC::GPRResult2::GPRResult2):
      * dfg/DFGJITCodeGenerator32_64.cpp: Added.
      (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
      (JSC::DFG::JITCodeGenerator::fillInteger):
      (JSC::DFG::JITCodeGenerator::fillDouble):
      (JSC::DFG::JITCodeGenerator::fillJSValue):
      (JSC::DFG::JITCodeGenerator::fillStorage):
      (JSC::DFG::JITCodeGenerator::useChildren):
      (JSC::DFG::JITCodeGenerator::isStrictInt32):
      (JSC::DFG::JITCodeGenerator::isKnownInteger):
      (JSC::DFG::JITCodeGenerator::isKnownNumeric):
      (JSC::DFG::JITCodeGenerator::isKnownCell):
      (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
      (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
      (JSC::DFG::JITCodeGenerator::isKnownBoolean):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
      (JSC::DFG::JITCodeGenerator::cachedGetById):
      (JSC::DFG::JITCodeGenerator::writeBarrier):
      (JSC::DFG::JITCodeGenerator::cachedPutById):
      (JSC::DFG::JITCodeGenerator::cachedGetMethod):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
      (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
      (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
      (JSC::DFG::JITCodeGenerator::emitBranch):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
      (JSC::DFG::JITCodeGenerator::emitCall):
      (JSC::DFG::JITCodeGenerator::speculationCheck):
      (JSC::DFG::dataFormatString):
      (JSC::DFG::JITCodeGenerator::dump):
      (JSC::DFG::JITCodeGenerator::checkConsistency):
      (JSC::DFG::GPRTemporary::GPRTemporary):
      (JSC::DFG::FPRTemporary::FPRTemporary):
      * dfg/DFGJITCompiler.cpp:
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::tagForGlobalVar):
      (JSC::DFG::JITCompiler::payloadForGlobalVar):
      (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
      (JSC::DFG::JITCompiler::addressOfDoubleConstant):
      (JSC::DFG::JITCompiler::boxDouble):
      (JSC::DFG::JITCompiler::unboxDouble):
      (JSC::DFG::JITCompiler::addPropertyAccess):
      (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
      * dfg/DFGJITCompiler32_64.cpp: Added.
      (JSC::DFG::JITCompiler::fillNumericToDouble):
      (JSC::DFG::JITCompiler::fillInt32ToInteger):
      (JSC::DFG::JITCompiler::fillToJS):
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::compileEntry):
      (JSC::DFG::JITCompiler::compileBody):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      (JSC::DFG::JITCompiler::jitAssertIsInt32):
      (JSC::DFG::JITCompiler::jitAssertIsJSInt32):
      (JSC::DFG::JITCompiler::jitAssertIsJSNumber):
      (JSC::DFG::JITCompiler::jitAssertIsJSDouble):
      (JSC::DFG::JITCompiler::jitAssertIsCell):
      (JSC::DFG::JITCompiler::emitCount):
      (JSC::DFG::JITCompiler::setSamplingFlag):
      (JSC::DFG::JITCompiler::clearSamplingFlag):
      * dfg/DFGJITCompilerInlineMethods.h: Added.
      (JSC::DFG::JITCompiler::emitLoadTag):
      (JSC::DFG::JITCompiler::emitLoadPayload):
      (JSC::DFG::JITCompiler::emitLoad):
      (JSC::DFG::JITCompiler::emitLoad2):
      (JSC::DFG::JITCompiler::emitLoadDouble):
      (JSC::DFG::JITCompiler::emitLoadInt32ToDouble):
      (JSC::DFG::JITCompiler::emitStore):
      (JSC::DFG::JITCompiler::emitStoreInt32):
      (JSC::DFG::JITCompiler::emitStoreCell):
      (JSC::DFG::JITCompiler::emitStoreBool):
      (JSC::DFG::JITCompiler::emitStoreDouble):
      * dfg/DFGNode.h:
      * dfg/DFGOperations.cpp:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryCachePutByID):
      * dfg/DFGSpeculativeJIT.cpp:
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::ValueRecovery::inGPR):
      (JSC::DFG::ValueRecovery::inPair):
      (JSC::DFG::ValueRecovery::tagGPR):
      (JSC::DFG::ValueRecovery::payloadGPR):
      * dfg/DFGSpeculativeJIT32_64.cpp: Added.
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::ValueSource::dump):
      (JSC::DFG::ValueRecovery::dump):
      (JSC::DFG::OSRExit::OSRExit):
      (JSC::DFG::OSRExit::dump):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
      (JSC::DFG::SpeculativeJIT::convertToDouble):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::compileMovHint):
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * runtime/JSValue.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95902 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d910c0d8
    • darin@apple.com's avatar
      Set eol-style to native on many source files where it was unset. · 2919d671
      darin@apple.com authored
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95901 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2919d671
    • abarth@webkit.org's avatar
      Canvas security checks show up on HTML5GamingTest benchmark · 0e500df5
      abarth@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68743
      
      Reviewed by Oliver Hunt.
      
      Prior to this patch, the canvas security checks took as much as 4% of
      the time on the HTML5GamingTest benchmark:
      
      http://craftymind.com/factory/guimark2/HTML5GamingTest.html
      
      This patch uses a couple of AtomicStrings and shuffles around the order
      of the security check to take this down to around 0.1% (which is near
      the noise floor of what I can measure with my profiler).
      
      * html/canvas/CanvasRenderingContext.cpp:
      (WebCore::CanvasRenderingContext::wouldTaintOrigin):
      * loader/CrossOriginAccessControl.cpp:
      (WebCore::passesAccessControlCheck):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95900 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0e500df5
    • commit-queue@webkit.org's avatar
      Source/WebCore: Unwarranted DOM Exception when canvas2D drawImage is called with src · c60e76cc
      commit-queue@webkit.org authored
      rect out of bounds
      https://bugs.webkit.org/show_bug.cgi?id=65709
      
      Patch by Justin Novosad <junov@chromium.org> on 2011-09-23
      Reviewed by Oliver Hunt.
      
      * html/canvas/CanvasRenderingContext2D.cpp:
      (WebCore::CanvasRenderingContext2D::drawImage):
      Return early without throwing an exception if source rectangle is out of
      bounds to match the spec.
      
      LayoutTests: Unwarranted DOM Exception when canvas2D drawImage is called with src
      rect is out of bounds
      https://bugs.webkit.org/show_bug.cgi?id=65709
      
      Patch by Justin Novosad <junov@chromium.org> on 2011-09-23
      Reviewed by Oliver Hunt.
      
      * fast/canvas/drawImage-with-invalid-args-expected.txt:
      * fast/canvas/drawImage-with-invalid-args.html:
      This test covers (among other things) cases where the source rectangle is
      _completely_ outside the bounds of the source image.  It was modified to no
      longer expect DOM exceptions
      * platform/chromium/test_expectations.txt:
      Out-dated test canvas/philip/tests/2d.drawImage.outsidesource.html
      is now expected to fail
      * platform/mac/Skipped:
      Skipping canvas/philip/tests/2d.drawImage.outsidesource.html
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95899 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c60e76cc
    • commit-queue@webkit.org's avatar
      Printing of notImplemented() when logging enabled. · 09b5142d
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=64590
      
      Printing of notImplemented() method was enabled on Debug builds only.
      Now it is enabled when logging is enabled.
      
      Patch by Lukasz Slachciak <l.slachciak@samsung.com> on 2011-09-23
      Reviewed by Oliver Hunt.
      
      No new tests because there is no new functionality.
      
      * platform/NotImplemented.h: Non-debug mode replaced with non-logging mode.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95898 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      09b5142d
    • mihaip@chromium.org's avatar
      [Chromium] REGRESSION (r95725): Resizing a window doesn't resize the contents · 42c4da71
      mihaip@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68730
      
      Reviewed by James Robinson.
      
      Source/WebCore:
      
      Adds a missing contentsResized() call in ScrollView::setFrameRect.
      
      Test: fast/dom/Window/window-resize-contents.html
      
      * platform/ScrollView.cpp:
      (WebCore::ScrollView::setFrameRect):
      
      LayoutTests:
      
      Test for resizing of the window triggering resizing of contents.
      
      * fast/dom/Window/window-resize-contents-expected.txt: Added.
      * fast/dom/Window/window-resize-contents.html: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95897 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      42c4da71
    • commit-queue@webkit.org's avatar
      [CMake] Detect amd64 as a valid 64-bit architecture. · dca7a664
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=67481
      
      Patch by Raphael Kubo da Costa <kubo@profusion.mobi> on 2011-09-23
      Reviewed by Oliver Hunt.
      
      Some operating systems (generally the BSDs) use amd64 instead of x86_64
      to report they're running on 64 bits, so consider it a valid value.
      
      * Source/CMakeLists.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95896 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      dca7a664
    • fpizlo@apple.com's avatar
      wtf/BitVector.h has a variety of bugs which manifest when the · 61a4da4f
      fpizlo@apple.com authored
      vector grows beyond 63 bits
      https://bugs.webkit.org/show_bug.cgi?id=68746
      
      Reviewed by Oliver Hunt.
              
      Out-of-lined slow path code in BitVector so that not every user
      of CodeBlock ends up having to compile it. Fixed a variety of
      index computation and size computation bugs.
              
      I have not seen these issues manifest themselves, but they are
      blocking a patch that uses BitVector more aggressively.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/WTF/WTF.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * wtf/BitVector.cpp: Added.
      (BitVector::BitVector):
      (BitVector::operator=):
      (BitVector::resize):
      (BitVector::clearAll):
      (BitVector::OutOfLineBits::create):
      (BitVector::OutOfLineBits::destroy):
      (BitVector::resizeOutOfLine):
      * wtf/BitVector.h:
      (WTF::BitVector::ensureSize):
      (WTF::BitVector::get):
      (WTF::BitVector::set):
      (WTF::BitVector::clear):
      (WTF::BitVector::byteCount):
      (WTF::BitVector::OutOfLineBits::numWords):
      (WTF::BitVector::OutOfLineBits::bits):
      (WTF::BitVector::outOfLineBits):
      * wtf/CMakeLists.txt:
      * wtf/wtf.pri:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95895 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      61a4da4f
    • adamk@chromium.org's avatar
      Add ENABLE_MUTATION_OBSERVERS feature flag · 7476c5e7
      adamk@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68732
      
      Reviewed by Ojan Vafai.
      
      This flag will guard an implementation of the "Mutation Observers" proposed in
      http://lists.w3.org/Archives/Public/public-webapps/2011JulSep/1622.html
      
      .:
      
      * configure.ac:
      
      Source/JavaScriptCore:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebCore:
      
      * Configurations/FeatureDefines.xcconfig:
      * GNUmakefile.am:
      
      Source/WebKit/chromium:
      
      * features.gypi:
      
      Source/WebKit/mac:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Tools:
      
      * Scripts/build-webkit:
      
      WebKitLibraries:
      
      * win/tools/vsprops/FeatureDefines.vsprops:
      * win/tools/vsprops/FeatureDefinesCairo.vsprops:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95894 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7476c5e7
    • mhahnenberg@apple.com's avatar
      De-virtualize JSCell::getJSNumber · e5e24647
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68651
      
      Reviewed by Oliver Hunt.
      
      Added a new JSType to check whether or not something is a 
      NumberObject (which includes NumberPrototype) in TypeInfo::isNumberObject because there's not 
      currently a better way to determine whether something is indeed a NumberObject.
      Also de-virtualized JSCell::getJSNumber, having it check the TypeInfo 
      for whether the object is a NumberObject or not.  This patch is part of 
      the larger process of de-virtualizing JSCell.
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * runtime/JSCell.cpp:
      (JSC::JSCell::getJSNumber):
      * runtime/JSCell.h:
      (JSC::JSValue::getJSNumber):
      * runtime/JSType.h:
      * runtime/JSTypeInfo.h:
      (JSC::TypeInfo::isNumberObject):
      * runtime/JSValue.h:
      * runtime/NumberObject.cpp:
      (JSC::NumberObject::getJSNumber):
      * runtime/NumberObject.h:
      (JSC::NumberObject::createStructure):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95893 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e5e24647
    • mihaip@chromium.org's avatar
      Rebaseline fast/ruby/ruby-text-before-after-content.html for Chromium Mac. · 804807af
      mihaip@chromium.org authored
      Mark media/controls-right-click-on-timebar.html as flaky.
      
      * platform/chromium-cg-mac-leopard/fast/ruby/ruby-text-before-after-content-expected.png: Added.
      * platform/chromium-cg-mac-leopard/fast/ruby/ruby-text-before-after-content-expected.txt: Added.
      * platform/chromium-mac/fast/ruby/ruby-text-before-after-content-expected.png: Added.
      * platform/chromium/test_expectations.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95892 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      804807af
    • jcivelli@chromium.org's avatar
      Making some WebBlob methods exportable. · 34d121d3
      jcivelli@chromium.org authored
      This is needed by the shared lib chromium build.
      https://bugs.webkit.org/show_bug.cgi?id=68709
      
      Reviewed by Darin Fisher.
      
      * public/WebBlob.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95891 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      34d121d3
    • commit-queue@webkit.org's avatar
      .: Refactor WebViewImpl::scrollFocusedNodeIntoRect to a better place and add tests · 90680248
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68198
      
      Patch by Varun Jain <varunjain@google.com> on 2011-09-23
      Reviewed by Dimitri Glazkov.
      
      * Source/autotools/symbols.filter:
      
      Source/WebCore: Refactor WebViewImpl::scrollFocusedNodeIntoRect to a better place and add tests
      https://bugs.webkit.org/show_bug.cgi?id=68198
      
      Patch by Varun Jain <varunjain@google.com> on 2011-09-23
      Reviewed by Dimitri Glazkov.
      
      Tests: fast/dom/scroll-element-to-rect-centered.html
             fast/dom/scroll-element-to-rect.html
      
      * WebCore.exp.in:
      * page/FrameView.cpp:
      (WebCore::FrameView::scrollElementToRect):
      * page/FrameView.h:
      * testing/Internals.cpp:
      (WebCore::Internals::scrollElementToRect):
      * testing/Internals.h:
      * testing/Internals.idl:
      
      Source/WebKit/chromium: Refactor WebViewImpl::scrollFocusedNodeIntoRect to a better place and add tests
      https://bugs.webkit.org/show_bug.cgi?id=68198
      
      Patch by Varun Jain <varunjain@google.com> on 2011-09-23
      Reviewed by Dimitri Glazkov.
      
      * public/WebView.h:
      (WebKit::WebView::scrollFocusedNodeIntoRect):
      * src/WebViewImpl.cpp:
      (WebKit::WebViewImpl::scrollFocusedNodeIntoRect):
      
      Source/WebKit2: Refactor WebViewImpl::scrollFocusedNodeIntoRect to a better place and add tests
      https://bugs.webkit.org/show_bug.cgi?id=68198
      
      Patch by Varun Jain <varunjain@google.com> on 2011-09-23
      Reviewed by Dimitri Glazkov.
      
      * win/WebKit2.def:
      * win/WebKit2CFLite.def:
      
      LayoutTests: Refactor WebViewImpl::scrollFocusedNodeIntoRect to a better place and add tests
      https://bugs.webkit.org/show_bug.cgi?id=68198
      
      Patch by Varun Jain <varunjain@google.com> on 2011-09-23
      Reviewed by Dimitri Glazkov.
      
      * fast/dom/scroll-element-to-rect-centered-expected.txt: Added.
      * fast/dom/scroll-element-to-rect-centered.html: Added.
      * fast/dom/scroll-element-to-rect-expected.txt: Added.
      * fast/dom/scroll-element-to-rect.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95890 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      90680248
    • mihaip@chromium.org's avatar
      Unreviewed, rolling out r95860. · 54ffaf76
      mihaip@chromium.org authored
      http://trac.webkit.org/changeset/95860
      https://bugs.webkit.org/show_bug.cgi?id=68648
      
      Breaks overhang rendering on Chromium Mac
      
      Source/WebCore:
      
      * platform/chromium/ScrollbarThemeChromium.cpp:
      * platform/chromium/ScrollbarThemeChromium.h:
      * platform/chromium/ScrollbarThemeChromiumMac.h:
      * platform/chromium/ScrollbarThemeChromiumMac.mm:
      (WebCore::ScrollbarThemeChromiumMac::ScrollbarThemeChromiumMac):
      (WebCore::ScrollbarThemeChromiumMac::paintOverhangAreas):
      
      Source/WebKit/chromium:
      
      * features.gypi:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95889 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      54ffaf76
    • dino@apple.com's avatar
      Add -webkit-filter to CSSPropertyNames · 335772d5
      dino@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68675
      
      Reviewed by Simon Fraser.
      
      Add property and rudimentary parsing for -webkit-filter. The
      property value isn't preserved anywhere yet. Add
      stub definition for computed style.
      
      * css/CSSComputedStyleDeclaration.cpp:
      (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
      * css/CSSParser.cpp:
      (WebCore::CSSParser::parseValue):
      (WebCore::CSSParser::parseFilter):
      * css/CSSParser.h:
      * css/CSSPropertyNames.in:
      * css/CSSStyleSelector.cpp:
      (WebCore::CSSStyleSelector::applyProperty):
      
      New test for rudimentary parsing of -webkit-filter.
      Since currently only the Apple port enables the
      feature, add this new test to the platform skip lists
      for GTK, QT and Chromium.
      
      * css3/filters/filter-property-expected.txt: Added.
      * css3/filters/filter-property.html: Added.
      * css3/filters/script-tests/TEMPLATE.html: Added.
      * css3/filters/script-tests/filter-property.js: Added.
      * platform/chromium/test_expectations.txt:
      * platform/gtk/Skipped:
      * platform/qt/Skipped:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95888 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      335772d5
    • fpizlo@apple.com's avatar
      Resolve opcodes should have value profiling. · eaaa4081
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68723
      
      Reviewed by Oliver Hunt.
              
      This adds value profiling to all forms of op_resolve in the
      old JIT, and patches that information into the DFG along with
      performing the appropriate type propagation.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::predict):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasIdentifier):
      (JSC::DFG::Node::resolveGlobalDataIndex):
      (JSC::DFG::Node::hasPrediction):
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_resolve):
      (JSC::JIT::emit_op_resolve_base):
      (JSC::JIT::emit_op_resolve_skip):
      (JSC::JIT::emit_op_resolve_global):
      (JSC::JIT::emitSlow_op_resolve_global):
      (JSC::JIT::emit_op_resolve_with_base):
      (JSC::JIT::emit_op_resolve_with_this):
      (JSC::JIT::emitSlow_op_resolve_global_dynamic):
      * jit/JITStubCall.h:
      (JSC::JITStubCall::callWithValueProfiling):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95887 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      eaaa4081
    • commit-queue@webkit.org's avatar
      Remove preserves3D() from CCLayerDelegate, replacing it by setting the · 04f485d6
      commit-queue@webkit.org authored
      value explicitly after creating a layer, or setting its delegate.
      https://bugs.webkit.org/show_bug.cgi?id=68295
      
      Patch by Antoine Labour <piman@chromium.org> on 2011-09-23
      Reviewed by James Robinson.
      
      Covered by compositing/ layeout tests.
      
      * platform/graphics/chromium/GraphicsLayerChromium.cpp:
      (WebCore::GraphicsLayerChromium::setContentsToCanvas):
      (WebCore::GraphicsLayerChromium::setContentsToMedia):
      (WebCore::GraphicsLayerChromium::updateLayerPreserves3D):
      (WebCore::GraphicsLayerChromium::setupContentsLayer):
      * platform/graphics/chromium/GraphicsLayerChromium.h:
      * platform/graphics/chromium/LayerChromium.cpp:
      (WebCore::LayerChromium::LayerChromium):
      * platform/graphics/chromium/LayerChromium.h:
      (WebCore::LayerChromium::setPreserves3D):
      (WebCore::LayerChromium::preserves3D):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95886 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      04f485d6
    • commit-queue@webkit.org's avatar
      chrome.dll!WebCore::ApplyStyleCommand::applyBlockStyle ReadAV@NULL... · e70ec422
      commit-queue@webkit.org authored
      chrome.dll!WebCore::ApplyStyleCommand::applyBlockStyle ReadAV@NULL (64db547804532a84be2e53721e499e9e)
      https://bugs.webkit.org/show_bug.cgi?id=51639
      
      Patch by Jay Soffian <jaysoffian@gmail.com> on 2011-09-23
      Reviewed by Tony Chang.
      
      Add repro for a crash inside WebCore::ApplyStyleCommand::applyBlockStyle. Fixed by r94840.
      
      * editing/style/justify-without-enclosing-block-expected.txt: Added.
      * editing/style/justify-without-enclosing-block.xhtml: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95885 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e70ec422
    • oliver@apple.com's avatar
      Fix windows build. · 6af13a03
      oliver@apple.com authored
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95884 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6af13a03
    • abarth@webkit.org's avatar
      Note flaky test. · c85cd8a9
      abarth@webkit.org authored
      * platform/chromium/test_expectations.txt:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95883 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c85cd8a9
    • mrowe@apple.com's avatar
      Versioning. · 71e2a0a5
      mrowe@apple.com authored
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95882 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      71e2a0a5
    • commit-queue@webkit.org's avatar
      Add a few more possiblities to the test cases for xss denial. · 241463a5
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=47120
      
      Patch by Tom Sepez <tsepez@chromium.org> on 2011-09-23
      Reviewed by Adam Barth.
      
      * http/tests/security/xss-DENIED-document-baseURI-javascript-with-spaces-expected.txt: Added.
      * http/tests/security/xss-DENIED-document-baseURI-javascript-with-spaces.html: Added.
      * http/tests/security/xss-DENIED-window-open-javascript-url-with-spaces-expected.txt: Added.
      * http/tests/security/xss-DENIED-window-open-javascript-url-with-spaces.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95880 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      241463a5
    • jchaffraix@webkit.org's avatar
      Implicit conversion double to float in ShadowBlur::adjustBlurRadius · 18bc6bc8
      jchaffraix@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68722
      
      Reviewed by Simon Fraser.
      
      * platform/graphics/ShadowBlur.cpp:
      (WebCore::ShadowBlur::adjustBlurRadius): Added 2 explicit
      conversions.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95879 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      18bc6bc8
    • commit-queue@webkit.org's avatar
      [WK2] [Qt] Implement MouseDown/MouseUp/MouseMoveTo functions for WebKit2 EventSender · c5aed241
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68556
      
      Implement the MouseDown/MouseUp/MouseMoveTo functions on Qt platform.
      
      Source/WebKit2:
      
      Patch by Chang Shu <cshu@webkit.org> on 2011-09-23
      Reviewed by Darin Adler.
      
      * Shared/API/c/WKGeometry.h:
      (operator==):
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::mouseEventSyncForTesting): initialize "handled"
      
      Tools:
      
      Patch by Chang Shu <cshu@webkit.org> on 2011-09-23
      Reviewed by Darin Adler.
      
      * WebKitTestRunner/EventSenderProxy.h:
      * WebKitTestRunner/InjectedBundle/EventSendingController.h:
      * WebKitTestRunner/PlatformWebView.h:
      * WebKitTestRunner/mac/EventSenderProxy.mm:
      (WTR::EventSenderProxy::EventSenderProxy):
      (WTR::EventSenderProxy::leapForward):
      * WebKitTestRunner/qt/EventSenderProxyQt.cpp:
      (WTR::EventSenderProxy::EventSenderProxy):
      (WTR::getMouseButton):
      (WTR::getModifiers):
      (WTR::EventSenderProxy::updateClickCountForButton):
      (WTR::EventSenderProxy::createGraphicsSceneMouseEvent):
      (WTR::EventSenderProxy::mouseDown):
      (WTR::EventSenderProxy::mouseUp):
      (WTR::EventSenderProxy::mouseMoveTo):
      (WTR::EventSenderProxy::leapForward):
      (WTR::EventSenderProxy::sendOrQueueEvent):
      (WTR::EventSenderProxy::replaySavedEvents):
      * WebKitTestRunner/qt/PlatformWebViewQt.cpp:
      (WTR::PlatformWebView::postEvent):
      * WebKitTestRunner/qt/WebKitTestRunner.pro:
      
      LayoutTests:
      
      Unskip passed tests.
      
      Patch by Chang Shu <cshu@webkit.org> on 2011-09-23
      Reviewed by Darin Adler.
      
      * platform/qt-wk2/Skipped:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95878 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c5aed241
    • barraclough@apple.com's avatar
      Source/JavaScriptCore: Strict mode does not work in non-trivial nested functions. · 1440c07a
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68740
      
      Reviewed by Oliver Hunt.
      
      Function-info caching does not preserve all state that it should.
      
      * parser/JSParser.cpp:
      (JSC::JSParser::Scope::saveFunctionInfo):
      (JSC::JSParser::Scope::restoreFunctionInfo):
      (JSC::JSParser::parseFunctionInfo):
      * parser/SourceProviderCacheItem.h:
      
      LayoutTests: gh@apple.com>
      
      Strict mode does not work in non-trivial nested functions.
      https://bugs.webkit.org/show_bug.cgi?id=68740
      
      Reviewed by Oliver Hunt.
      
      Function-info caching does not preserve all state that it should.
      
      * fast/js/nested-functions-expected.txt: Added.
      * fast/js/nested-functions.html: Added.
      * fast/js/script-tests/nested-functions.js: Added.
      (runTests.test1):
      (runTests.test2):
      (runTests.test3):
      (runTests):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95877 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1440c07a
    • fpizlo@apple.com's avatar
      ValueToDouble handling in prediction propagation should be ASSERT_NOT_REACHED · c5e62973
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68724
      
      Reviewed by Oliver Hunt.
      
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95876 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c5e62973
    • commit-queue@webkit.org's avatar
      [chromium] Make the layout test script's kill timeout proportional to --time-out-ms · c679aa4f
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68026
      
      Patch by Lei Zhang <thestig@chromium.org> on 2011-09-23
      Reviewed by Dirk Pranke.
      
      * Scripts/webkitpy/layout_tests/port/chromium.py:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95875 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c679aa4f
    • mitz@apple.com's avatar
      <rdar://problem/10178576> REGRESSION (r95391): Crash in -[WebCascadeList... · 0190f2cc
      mitz@apple.com authored
      <rdar://problem/10178576> REGRESSION (r95391): Crash in -[WebCascadeList objectAtIndex:] when a font-family list contains missing fonts
      https://bugs.webkit.org/show_bug.cgi?id=68737
      
      Reviewed by Darin Adler.
      
      Source/WebCore: 
      
      Test: fast/text/combining-character-sequence-fallback-crash.html
      
      * platform/graphics/mac/ComplexTextControllerCoreText.mm:
      (-[WebCascadeList initWithFont:WebCore::character:]): Changed to intialize _count to the exact
      number of FontData instances in the fallback list rather than the number of font families in the
      font description.
      
      LayoutTests: 
      
      * fast/text/combining-character-sequence-fallback-crash-expected.txt: Added.
      * fast/text/combining-character-sequence-fallback-crash.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95874 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0190f2cc
    • adamk@chromium.org's avatar
      [chromium] Remove WEBWIDGET_HAS_ANIMATE_CHANGES #define · f77f1222
      adamk@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68720
      
      Reviewed by James Robinson.
      
      References to this macro were removed in http://crrev.com/102314.
      
      * public/WebWidget.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95873 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f77f1222
    • oliver@apple.com's avatar
      Build fix. · f18cd993
      oliver@apple.com authored
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95872 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f18cd993
    • commit-queue@webkit.org's avatar
      [Chromium] Crash in WebCore::DatabaseObserver · 9925d300
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=67805
      
      Patch by Stephen Chenney <schenney@chromium.org> on 2011-09-23
      Reviewed by David Levin.
      
      * src/DatabaseObserver.cpp:
      (WebCore::DatabaseObserver::canEstablishDatabase): Added a check for a
      null frame or page, and return false if null. Investigated
      changing the fall-through return value to false but decided against
      it given the way the code is used and existing default values for
      related code. Reproduction and testing depends on having a document
      with no frame or no page, which sometimes happens in practice but is
      hard to construct explicitly.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95871 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9925d300
    • commit-queue@webkit.org's avatar
      [Chromium] Fix CSS 3D corner anti-aliasing. · 8aaef514
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68087
      
      Patch by David Reveman <reveman@chromium.org> on 2011-09-23
      Reviewed by James Robinson.
      
      Source/WebCore:
      
      Render sharp corners more correctly by adding bounding box
      edges to anti-aliasing shaders.
      
      Test: platform/chromium/compositing/3d-corners.html
      
      * platform/graphics/chromium/ShaderChromium.cpp:
      (WebCore::FragmentShaderRGBATexAlphaAA::getShaderString):
      (WebCore::FragmentShaderRGBATexClampAlphaAA::getShaderString):
      (WebCore::FragmentShaderRGBATexClampSwizzleAlphaAA::getShaderString):
      (WebCore::FragmentShaderRGBATexAlphaMaskAA::getShaderString):
      * platform/graphics/chromium/cc/CCRenderSurface.cpp:
      (WebCore::CCRenderSurface::drawLayer):
      (WebCore::CCRenderSurface::drawSurface):
      * platform/graphics/chromium/cc/CCRenderSurface.h:
      * platform/graphics/chromium/cc/CCTiledLayerImpl.cpp:
      (WebCore::CCTiledLayerImpl::draw):
      (WebCore::CCTiledLayerImpl::drawTiles):
      * platform/graphics/chromium/cc/CCTiledLayerImpl.h:
      
      LayoutTests:
      
      Add a test to check sharp corner rendering of CSS 3D transformed
      elements.
      
      * platform/chromium-gpu-linux/compositing/flat-with-transformed-child-expected.checksum: Removed.
      * platform/chromium-gpu-linux/compositing/flat-with-transformed-child-expected.png: Added.
      * platform/chromium-gpu-linux/platform/chromium/compositing/3d-corners-expected.png: Added.
      * platform/chromium-gpu-linux/platform/chromium/compositing/backface-visibility-transformed-expected.png:
      * platform/chromium-gpu-linux/platform/chromium/compositing/perpendicular-layer-sorting-expected.png:
      * platform/chromium/compositing/3d-corners-expected.txt: Added.
      * platform/chromium/compositing/3d-corners.html: Added.
      * platform/chromium/test_expectations.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95870 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8aaef514
    • mihaip@chromium.org's avatar
      Add failing expectations for tests added by r95852. · b41f7079
      mihaip@chromium.org authored
      * platform/chromium/test_expectations.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95869 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b41f7079
    • oliver@apple.com's avatar
      DFG implementation of PutScopedVar corrupts register allocation · e0dfbb10
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68735
      
      Patch by Filip Pizlo <fpizlo@apple.com> on 2011-09-23
      Reviewed by Oliver Hunt.
      
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95868 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e0dfbb10
    • barraclough@apple.com's avatar
      Updating now-passing Layout test. · 12ab4878
      barraclough@apple.com authored
      Rubber stamped by geoff garen
      
      * fast/js/Object-getOwnPropertyNames-expected.txt:
      * fast/js/script-tests/Object-getOwnPropertyNames.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95867 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      12ab4878
    • oliver@apple.com's avatar
      Make write barriers actually do something when enabled · 0cae6935
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68717
      
      Reviewed by Geoffrey Garen.
      
      ../../../../Volumes/Data/git/WebKit/OpenSource/Source/JavaScriptCore:
      
      Add a basic card marking style write barrier to JSC (currently
      turned off).  This requires two scratch registers in the JIT
      so there was some register re-arranging to satisfy that requirement.
      Happily this produced a minor perf bump in sunspider (~0.5%).
      
      Turning the barriers on causes an overall regression of around 1.5%
      
      * JavaScriptCore.exp:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::store8):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::movb_i8m):
      * dfg/DFGJITCodeGenerator.cpp:
      (JSC::DFG::JITCodeGenerator::isKnownNotCell):
      (JSC::DFG::JITCodeGenerator::writeBarrier):
      (JSC::DFG::JITCodeGenerator::markCellCard):
      (JSC::DFG::JITCodeGenerator::cachedPutById):
      * dfg/DFGJITCodeGenerator.h:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCachePutByID):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * heap/CardSet.h: Added.
      (JSC::CardSet::CardSet):
      (JSC::::cardForAtom):
      (JSC::::cardMarkedForAtom):
      (JSC::::markCardForAtom):
      * heap/Heap.cpp:
      * heap/Heap.h:
      (JSC::Heap::addressOfCardFor):
      (JSC::Heap::writeBarrierFastCase):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::setDirtyObject):
      (JSC::MarkedBlock::addressOfCardFor):
      (JSC::MarkedBlock::offsetOfCards):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::emit_op_put_scoped_var):
      (JSC::JIT::emit_op_put_global_var):
      (JSC::JIT::emitWriteBarrier):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::emitSlow_op_put_by_id):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::emit_op_put_scoped_var):
      (JSC::JIT::emit_op_put_global_var):
      
      ../../../../Volumes/Data/git/WebKit/OpenSource/Source/WebCore:
      
      Add a forwarding header, and fix an evaluation ordering
      issue that shows up if you try to use write barriers.
      
      * ForwardingHeaders/heap/CardSet.h: Added.
      * bindings/js/JSEventListener.h:
      (WebCore::JSEventListener::jsFunction):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95865 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0cae6935
    • commit-queue@webkit.org's avatar
      https://bugs.webkit.org/show_bug.cgi?id=68077 · 82c90401
      commit-queue@webkit.org authored
      SH4 assemblers doesn't refer to executable memory handle.
      
      Patch by Thouraya ANDOLSI <thouraya.andolsi@st.com> on 2011-09-23
      Reviewed by Gavin Barraclough.
      
      * assembler/MacroAssemblerSH4.h:
      (JSC::MacroAssemblerSH4::branch8):
      * assembler/SH4Assembler.h:
      (JSC::SH4Assembler::executableCopy):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95864 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      82c90401
    • jamesr@google.com's avatar
      Avoid updating compositing state during paint · ef5cfe20
      jamesr@google.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68727
      
      Reviewed by Simon Fraser.
      
      We shouldn't update our compositing state in the middle of a paint. The call to
      updateCompositingAndLayerListsIfNeeded() was added to RenderLayer::paintLayer in r45715, which was intended to
      fix this exact issue. Based off the ChangeLog entries, I think that this was just a typo.
      
      * rendering/RenderLayer.cpp:
      (WebCore::RenderLayer::paintLayer):
      (WebCore::RenderLayer::updateCompositingAndLayerListsIfNeeded):
      * rendering/RenderLayerCompositor.cpp:
      (WebCore::RenderLayerCompositor::updateCompositingLayers):
      * rendering/RenderLayerCompositor.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95863 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ef5cfe20
    • inferno@chromium.org's avatar
      Unreviewed. Chromium rebaselines for r95857. · 66af5675
      inferno@chromium.org authored
      * platform/chromium-linux/fast/ruby/ruby-text-before-after-content-expected.png: Added.
      * platform/chromium-win/fast/ruby/ruby-text-before-after-content-expected.png: Added.
      * platform/chromium-win/fast/ruby/ruby-text-before-after-content-expected.txt: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95862 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      66af5675