GitLab

https://bugs.webkit.org/show_bug.cgi?id=97358

Reviewed by Oliver Hunt.

Source/JavaScriptCore: 

Previously, the activation object was responsible for capturing all
arguments in a way that was convenient for the arguments object. Now,
we move all captured variables into a contiguous region in the stack,
allocate an activation for exactly that size, and make the arguments
object responsible for knowing all the places to which arguments could
have moved.

This seems like the right tradeoff because

    (a) Closures are common and long-lived, so we want them to be small.

    (b) Our primary strategy for optimizing the arguments object is to make
    it go away. If you're allocating arguments objects, you're already having
    a bad time.

    (c) It's common to use either the arguments object or named argument
    closure, but not both.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
(JSC::CodeBlock::CodeBlock):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::argumentsRegister):
(JSC::CodeBlock::activationRegister):
(JSC::CodeBlock::isCaptured):
(JSC::CodeBlock::argumentIndexAfterCapture): m_numCapturedVars is gone
now -- we have an explicit range instead.

* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator): Move captured arguments
into the captured region of local variables for space efficiency. Record
precise data about where they moved for the sake of the arguments object.

Some of this data was previously wrong, but it didn't cause any problems
because the arguments weren't actually moving.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::flushArgumentsAndCapturedVariables): Don't
assume that captured vars are in any particular location -- always ask
the CodeBlock. This is better encapsulation.

(JSC::DFG::ByteCodeParser::parseCodeBlock):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile): I rename things sometimes.

* runtime/Arguments.cpp:
(JSC::Arguments::tearOff): Account for a particularly nasty edge case.

(JSC::Arguments::didTearOffActivation): Don't allocate our slow arguments
data on tear-off. We need to allocate it eagerly instead, since we need
to know about displaced, captured arguments during access before tear-off.

* runtime/Arguments.h:
(JSC::Arguments::allocateSlowArguments):
(JSC::Arguments::argument): Tell our slow arguments array where all arguments
are, even if they are not captured. This simplifies some things, so we don't
have to account explicitly for the full matrix of (not torn off, torn off)
* (captured, not captured).

(JSC::Arguments::finishCreation): Allocate our slow arguments array eagerly
because we need to know about displaced, captured arguments during access
before tear-off.

* runtime/Executable.cpp:
(JSC::FunctionExecutable::FunctionExecutable):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
* runtime/Executable.h:
(JSC::FunctionExecutable::parameterCount):
(FunctionExecutable):
* runtime/JSActivation.cpp:
(JSC::JSActivation::visitChildren):
* runtime/JSActivation.h:
(JSActivation):
(JSC::JSActivation::create):
(JSC::JSActivation::JSActivation):
(JSC::JSActivation::registerOffset):
(JSC::JSActivation::tearOff):
(JSC::JSActivation::allocationSize):
(JSC::JSActivation::isValid): This is really the point of the patch. All
the pointer math in Activations basically boils away, since we always
copy a contiguous region of captured variables now.

* runtime/SymbolTable.h:
(JSC::SlowArgument::SlowArgument):
(SlowArgument):
(SharedSymbolTable):
(JSC::SharedSymbolTable::captureCount):
(JSC::SharedSymbolTable::SharedSymbolTable): AllOfTheThings capture mode
is gone now -- that's the point of the patch. indexIfCaptured gets renamed
to index because we always have an index, even if not captured. (The only
time when the index is meaningless is when we're Deleted.)

LayoutTests: 

* fast/js/dfg-arguments-alias-activation-expected.txt:
* fast/js/dfg-arguments-alias-activation.html:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129297 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97020

Reviewed by Eric Carlson.

.:

Manual test added: ManualTests/audio-freed-during-reload.html

* ManualTests/audio-freed-during-reload.html:

Source/WebCore:

JS-created (as opposed to DOM-created) Audio nodes never got collected, because they
appear to always hasPendingActivity(), because m_playing is never set to false.

Manual test added: ManualTests/audio-freed-during-reload.html

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::stop): set m_playing = false; explicitly.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129296 268f45cc-cd09-0410-ab3c-d52691b4dbfc

* UIProcess/Launcher/mac/ProcessLauncherMac.mm:
(WebKit::connectToWebProcessServiceForWebKitDevelopment):
(WebKit::createWebProcessServiceForWebKitDevelopment):
(WebKit::createWebProcessService):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129295 268f45cc-cd09-0410-ab3c-d52691b4dbfc

RenderMarquee causes ASSERTION FAILED: enclosingIntRect(rendererMappedResult) == enclosingIntRect(FloatQuad(result).boundingBox()) : WebCore::FloatRect WebCore::RenderGeometryMap::absoluteRect(const WebCore::FloatRect &) const
https://bugs.webkit.org/show_bug.cgi?id=92464

Reviewed by Sam Weinig.

Marquees could cause an updateCompositingLayersAfterScroll() to be called when
we're in the middle of updating layer positions. updateCompositingLayersAfterScroll()
does a full RenderLayer tree walk, but its use of RenderGeomeryMap reveals that
it's using layers whose positions haven't been updated yet.

Fix by avoiding the updateCompositingLayersAfterScroll() if we're in the process
of updating a marquee when updating layer positions. We'll do a compositing update
soon anyway.

Tested by fast/events/tabindex-focus-blur-all.html

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::RenderLayer):
(WebCore::RenderLayer::updateLayerPositions):
(WebCore::RenderLayer::updateLayerPositionsAfterScroll):
(WebCore::RenderLayer::scrollTo):
* rendering/RenderLayer.h:
(RenderLayer):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129294 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=95161

Reviewed by Anders Carlsson.

Source/WebKit2:

Replace the WebKit2Service with two new XPC services, the WebProcessService, which is only used
when installed on the system, and the WebProcessServiceForWebKitDevelopment which is used at all
other times. We need both services because XPC can't in general be configured to have a custom
environment at runtime, and thus WebProcessServiceForWebKitDevelopment has the ability to re-exec
itself into a desired state. That capability is rather undesirable for installed usage, where we
don't want to allow arbitrary changes to the environment of the service, which would allow breaking
the App Sandbox.

* Configurations/WebProcessService.xcconfig: Copied from Source/WebKit2/Configurations/WebKit2Service.xcconfig.
* Configurations/WebProcessServiceForWebKitDevelopment.xcconfig: Renamed from Source/WebKit2/Configurations/WebKit2Service.xcconfig.
Add new configuration files.

* Platform/mac/WorkQueueMac.cpp:
(WorkQueue::registerMachPortEventHandler):
(WorkQueue::unregisterMachPortEventHandler):
Add helpful assertions. Without them, we confusingly crash a bit later in HashTable code.

* UIProcess/Launcher/mac/ProcessLauncherMac.mm:
(WebKit::addDYLDEnvironmentAdditions):
Factor out environment additions to this helper function.

(WebKit::connectToWebProcessServiceForWebKitDevelopment):
(WebKit::createWebProcessServiceForWebKitDevelopment):
Add functionality to setup the webkit development service via re-exec.

(WebKit::createWebProcessService):
Add functionality to connect to the installed WebProcess service.

(WebKit::createProcess):
Factor out posix_spawn based launching into this helper function.

(WebKit::ProcessLauncher::launchProcess):
Call the correct process creation function based on launch data and install state.

* WebKit2.xcodeproj/project.pbxproj:
Add new files to the project.

* WebProcess/mac/WebProcessServiceEntryPoints.h: Renamed from Source/WebKit2/WebProcess/mac/WebProcessXPCServiceMain.h.
* WebProcess/mac/WebProcessServiceEntryPoints.mm: Renamed from Source/WebKit2/WebProcess/mac/WebProcessXPCServiceMain.mm.
(WebKit::WebProcessServiceEventHandler):
(WebProcessServiceMain):
(InitializeWebProcessForWebProcessServiceForWebKitDevelopment):
Rename to WebProcessServiceEntryPoints since this is now used for both the WebProcessService and the
WebProcessServiceForWebKitDevelopment.

* WebProcessService/Info.plist: Copied from Source/WebKit2/WebKit2Service/Info.plist.
* WebProcessService/WebProcessServiceMain.mm: Renamed from Source/WebKit2/WebKit2Service/MainMacService.mm.
Add main for the WebProcessService which just calls into the WebProcessServiceEntryPoints in WebKit2.framework.

* WebProcessServiceForWebKitDevelopment/Info.plist: Renamed from Source/WebKit2/WebKit2Service/Info.plist.
* WebProcessServiceForWebKitDevelopment/WebProcessServiceForWebKitDevelopmentMain.mm: Added.
Add main for the WebProcessServiceForWebKitDevelopment, which can't just call directly into WebProcessServiceEntryPoints
as the framework path might not be set up correctly. This is also where we re-exec ourselves when required.

Tools:

Remove setting the __XPC_* environment variables.

* Scripts/webkitdirs.pm:
(setUpGuardMallocIfNeeded):
(runMacWebKitApp):
(execMacWebKitAppForDebugging):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129293 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97383

Rubber stamped by Sam Weinig.

missed a child3 -> child2!

* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileInstanceOf):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129292 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97380

Unreviewed, build fix.

* Scripts/webkitpy/layout_tests/port/base.py:
(Port.relative_test_filename):
(Port.relative_perf_test_filename):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129291 268f45cc-cd09-0410-ab3c-d52691b4dbfc

* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129290 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=27219

Reviewed by Sam Weinig.

These tests are just wrong.
See ECMA 262 A.5, FunctionDelcaration does not require a semicolon.

* tests/mozilla/expected.html:
* tests/mozilla/js1_2/function/function-001-n.js:
* tests/mozilla/js1_3/Script/function-001-n.js:
* tests/mozilla/js1_3/regress/function-001-n.js:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129289 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97372

Reviewed by Ryosuke Niwa.

Source/WebCore:

Some asserts (and their accompanying comment) were trying to enforce
proper usage of ChildListMutationScope from WebCore, but in the
presence of MutationEvents they could fail due to arbitrary script
execution.

This change gets rid of those asserts and adds tests exercising
the (pre-existing) codepaths for handling these out-of-order cases.
Without this patch, these tests ASSERT in debug builds.

Tests: fast/mutation/added-out-of-order.html
       fast/mutation/removed-out-of-order.html

* dom/ChildListMutationScope.cpp:
(WebCore::ChildListMutationAccumulator::childAdded):
(WebCore::ChildListMutationAccumulator::willRemoveChild):
* dom/ChildListMutationScope.h:
(WebCore):

LayoutTests:

* fast/mutation/added-out-of-order-expected.txt: Added.
* fast/mutation/added-out-of-order.html: Added.
* fast/mutation/removed-out-of-order-expected.txt: Added.
* fast/mutation/removed-out-of-order.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129288 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97382

Reviewed by Geoff Garen.

No longer needed after my last change.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
* bytecode/Opcode.h:
(JSC):
(JSC::padOpcodeName):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitInstanceOf):
* bytecompiler/BytecodeGenerator.h:
(BytecodeGenerator):
* bytecompiler/NodesCodegen.cpp:
(JSC::InstanceOfNode::emitBytecode):
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileInstanceOf):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129287 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Instead of using #pragmas, just disable all warnings in DerivedSources.make. I suspect
that passing -traditional to the preprocessor disables support for #pragmas but I'm afraid
to change it to something else.

* DerivedSources.make:
* WebProcess/com.apple.WebProcess.sb.in:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129286 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97380

Reviewed by Ojan Vafai.

There doesn't seem to be a good reason for this restriction and
it's useful to be able to point to directories outside the
checkout for results (e.g., for local failures due to a 10.7.4
install ;).

* Scripts/webkitpy/layout_tests/port/base.py:
(Port.relative_test_filename):
(Port.relative_perf_test_filename):
* Scripts/webkitpy/layout_tests/port/chromium_android.py:
(ChromiumAndroidDriver._command_from_driver_input):
* Scripts/webkitpy/layout_tests/run_webkit_tests.py:
(_set_up_derived_options):
* Scripts/webkitpy/layout_tests/run_webkit_tests_integrationtest.py:
(MainTest.test_additional_platform_directory):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129285 268f45cc-cd09-0410-ab3c-d52691b4dbfc

REGRESSION (r129176): Incorrect line breaking when kerning occurs between a space and the following character
https://bugs.webkit.org/show_bug.cgi?id=97377

Reviewed by Enrica Casucci.

Source/WebCore: 

Test: fast/text/kerning-with-TextLayout.html

When kerning is enabled, the last character in a word may have its advance shortened because
of its trailing space. To account for that, words are measured along with the trailing space,
then the width of a space is subtracted from the result. This doesn’t work when the trailing
space itself has its advance shortened due to the character following it, which can happen
when using the TextLayout optimization. However, when the optimization is used, the advance
of the last character of the word is already adjusted for the trailing space, so there is no
need to measure with that space and subtract its advance.

* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlock::LineBreaker::nextLineBreak): Changed to not use the trailingSpaceWidth
mechanism when TextLayout is being used.

LayoutTests: 

* fast/text/kerning-with-TextLayout-expected.html: Added.
* fast/text/kerning-with-TextLayout.html: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129284 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97381

Reviewed by James Robinson.

The mismatched "class" forward-declaration for WebSize in this file
will cause a Clang error when it's included in Chromium.

* chromium/public/WebCompositorSoftwareOutputDevice.h:
(WebKit):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129283 268f45cc-cd09-0410-ab3c-d52691b4dbfc

* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129282 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=68656

Reviewed by Oliver Hunt.

Source/JavaScriptCore: 

Instanceof is currently implemented as a sequance of three opcodes:
    check_has_instance
    get_by_id(prototype)
    op_instanceof
There are three interesting types of base value that instanceof can be applied to:
    (A) Objects supporting default instanceof behaviour (functions, other than those created with bind)
    (B) Objects overriding the default instancecof behaviour with a custom one (API objects, bound functions)
    (C) Values that do not respond to the [[HasInstance]] trap.
Currently check_has_instance handles case (C), leaving the op_instanceof opcode to handle (A) & (B). There are
two problems with this apporach. Firstly, this is suboptimal for case (A), since we have to check for
hasInstance support twice (once in check_has_instance, then for default behaviour in op_instanceof). Secondly,
this means that in cases (B) we also perform the get_by_id, which is both suboptimal and an observable spec
violation.

The fix here is to move handing of non-default instanceof (cases (B)) to the check_has_instance op, leaving
op_instanceof to handle only cases (A).

* API/JSCallbackObject.h:
(JSCallbackObject):
* API/JSCallbackObjectFunctions.h:
(JSC::::customHasInstance):
* API/JSValueRef.cpp:
(JSValueIsInstanceOfConstructor):
    - renamed hasInstance to customHasInstance
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
    - added additional parameters to check_has_instance opcode
* bytecode/Opcode.h:
(JSC):
(JSC::padOpcodeName):
    - added additional parameters to check_has_instance opcode
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCheckHasInstance):
    - added additional parameters to check_has_instance opcode
* bytecompiler/BytecodeGenerator.h:
(BytecodeGenerator):
    - added additional parameters to check_has_instance opcode
* bytecompiler/NodesCodegen.cpp:
(JSC::InstanceOfNode::emitBytecode):
    - added additional parameters to check_has_instance opcode
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
    - added additional parameters to check_has_instance opcode
* interpreter/Interpreter.cpp:
(JSC::isInvalidParamForIn):
(JSC::Interpreter::privateExecute):
    - Add handling for non-default instanceof to op_check_has_instance
* jit/JITInlineMethods.h:
(JSC::JIT::emitArrayProfilingSiteForBytecodeIndex):
    - Fixed no-LLInt no_DFG build
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_check_has_instance):
(JSC::JIT::emitSlow_op_check_has_instance):
    - check for ImplementsDefaultHasInstance, handle additional arguments to op_check_has_instance.
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof):
    - no need to check for ImplementsDefaultHasInstance.
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_check_has_instance):
(JSC::JIT::emitSlow_op_check_has_instance):
    - check for ImplementsDefaultHasInstance, handle additional arguments to op_check_has_instance.
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof):
    - no need to check for ImplementsDefaultHasInstance.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jit/JITStubs.h:
    - Add handling for non-default instanceof to op_check_has_instance
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
    - move check for ImplementsDefaultHasInstance, handle additional arguments to op_check_has_instance.
* runtime/ClassInfo.h:
(MethodTable):
(JSC):
    - renamed hasInstance to customHasInstance
* runtime/CommonSlowPaths.h:
(CommonSlowPaths):
    - removed opInstanceOfSlow (this was whittled down to one function call!)
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::customHasInstance):
* runtime/JSBoundFunction.h:
(JSBoundFunction):
    - renamed hasInstance to customHasInstance, reimplemented.
* runtime/JSCell.cpp:
(JSC::JSCell::customHasInstance):
* runtime/JSCell.h:
(JSCell):
* runtime/JSObject.cpp:
(JSC::JSObject::hasInstance):
(JSC):
(JSC::JSObject::defaultHasInstance):
* runtime/JSObject.h:
(JSObject):

LayoutTests: 

* fast/js/function-bind-expected.txt:
    - check in passing result.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129281 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97352

Reviewed by Ryosuke Niwa.

ChildListMutationScope is one of the most complicated bits of
MutationObserver implementation. This patch aims to simplify it for
clarity and improve its performance (mostly by just doing less).

The big change is to remove the MutationAccumulatorRouter class,
replacing it with lifetime-management logic in ChildListMutationAccumulator
ChildListMutationScope is expected to call getOrCreate() in
its constructor, and each scope holds a RefPtr to the accumulator.
When the last scope holding such a RefPtr is destroyed,
ChildListMutationAccumulator's destructor enqueues the accumulated record.

This greatly reduces the number of lines of code, and condenses
two HashMaps into one. It also reduces hash lookups, which now
occur only on scope creation and when the refcount for a given
accumulator reaches 0 (previously, each childAdded and willRemoveChild
call could result in two hash lookups each).

There are some minor changes as well: the ChildListMutationAccumulator::clear()
method is gone, as it was doing more work than necessary;
DEFINE_STATIC_LOCAL is now used instead of hand-rolled static-management
code; ChildListMutationAccumulator::m_lastAdded is no longer a RefPtr, since it
always points at a Node that's already being ref'd by the accumulator.
Also various minor syntactic cleanups.

No new tests, no change in behavior.

* dom/ChildListMutationScope.cpp:
(WebCore::accumulatorMap): Reduced two maps to one, and manage its lifetime with DEFINE_STATIC_LOCAL.
(WebCore::ChildListMutationAccumulator::ChildListMutationAccumulator): Remove unnecessary call to clear() (which itself has been removed).
(WebCore::ChildListMutationAccumulator::~ChildListMutationAccumulator): Enqueue record if not empty at destruction, and have the accumulator
remove itself from the map.
(WebCore::ChildListMutationAccumulator::getOrCreate): Replaces half of MutationAccumulatorRouter's job.
(WebCore::ChildListMutationAccumulator::childAdded): Minor RefPtr usage improvements.
(WebCore::ChildListMutationAccumulator::isRemovedNodeInOrder): Simplify RefPtr syntax.
(WebCore::ChildListMutationAccumulator::willRemoveChild): Minor RefPtr usage improvements.
(WebCore::ChildListMutationAccumulator::enqueueMutationRecord): Replace call to clear() with clearing m_lastAdded,
since it's the only bit not cleared by the MutationRecord creation call. Also remove
isEmpty check and replace with asserts now that it's a private method.
(WebCore::ChildListMutationAccumulator::isEmpty): Added more assertions about emptiness.
* dom/ChildListMutationScope.h:
(WebCore):
(ChildListMutationAccumulator): Extract the inner class to make everything easier to read.
(WebCore::ChildListMutationScope::ChildListMutationScope): Store m_accumulator rather than m_target.
(WebCore::ChildListMutationScope::~ChildListMutationScope): ditto
(WebCore::ChildListMutationScope::childAdded): ditto
(WebCore::ChildListMutationScope::willRemoveChild): ditto
(ChildListMutationScope):
* html/HTMLElement.cpp: Remove unused ChildListMutationScope.h #include.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129280 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed. Skip this test because it relies on sandboxed-iframe-origin-add.html which was removed in http://trac.webkit.org/changeset/129262.

* platform/win/Skipped:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129279 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97376

Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-09-21
Reviewed by Alexey Proskuryakov.

Source/WebKit2: 

In GeolocationPermissionRequestManager::cancelRequestForGeolocation, we access an iterator
after its value has been removed from the table.
There are two problems with that:
-The iterator is no longer valid after the container has been modified.
-If it was the last element, the table has been freed and the iterator points to deleted memory.

We solve the issue by keeping a copy of the ID. We could have inverted the order of the calls
but that would make the issue less visible for future change.

Testing covered by fast/dom/Geolocation/disconnected-frame.html.

* WebProcess/Geolocation/GeolocationPermissionRequestManager.cpp:
(WebKit::GeolocationPermissionRequestManager::cancelRequestForGeolocation):

LayoutTests: 

* platform/wk2/Skipped:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129278 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97369

Reviewed by Kenneth Russell.

BiquadFilterNode is currently ignoring any timeline or audio-rate changes to its parameters.
We now check if any of its parameters have timeline or audio-rate changes and, if so, take
them into account.  Otherwise, we use ordinary parameter smoothing/de-zippering which is
the case when the parameters are adjusted, for example, from a knob or slider in the UI.

* Modules/webaudio/BiquadDSPKernel.cpp:
(WebCore::BiquadDSPKernel::updateCoefficientsIfNecessary):
* Modules/webaudio/BiquadProcessor.cpp:
(WebCore::BiquadProcessor::checkForDirtyCoefficients):
* Modules/webaudio/BiquadProcessor.h:
(WebCore::BiquadProcessor::hasSampleAccurateValues):
(BiquadProcessor):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129277 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Missed some new lines in http://trac.webkit.org/changeset/129255.

* platform/win/accessibility/aria-toggle-button-with-title-expected.txt:
* platform/win/accessibility/canvas-fallback-content-2-expected.txt:
* platform/win/accessibility/img-fallsback-to-title-expected.txt:
* platform/win/accessibility/svg-image-expected.txt:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129276 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=96578

Patch by Brandon Jones <bajones@google.com> on 2012-09-21
Reviewed by Kenneth Russell.

Source/Platform:

Added code to allow calls to the OES_vertex_array_object extension to interface
properly with the chromium WebGL implementation.

* chromium/public/WebGraphicsContext3D.h:
(WebGraphicsContext3D):
(WebKit::WebGraphicsContext3D::createVertexArrayOES):
(WebKit::WebGraphicsContext3D::deleteVertexArrayOES):
(WebKit::WebGraphicsContext3D::isVertexArrayOES):
(WebKit::WebGraphicsContext3D::bindVertexArrayOES):

Source/WebCore:

Adding basic reference counting to WebGLBuffer objects to satisfy spec requirements
for the OES_vertex_array_object extension. Added code to allow calls to the
OES_vertex_array_object extension to interface properly with the chromium WebGL
implementation.

Test: fast/canvas/webgl/oes-vertex-array-object.html

* html/canvas/WebGLRenderingContext.cpp:
(WebCore):
(WebCore::WebGLRenderingContext::deleteBuffer):
(WebCore::WebGLRenderingContext::vertexAttribPointer):
* html/canvas/WebGLVertexArrayObjectOES.cpp:
(WebCore::WebGLVertexArrayObjectOES::setElementArrayBuffer):
(WebCore):
* html/canvas/WebGLVertexArrayObjectOES.h:
(WebGLVertexArrayObjectOES):
(WebCore::WebGLVertexArrayObjectOES::getVertexAttribStateSize):
* platform/chromium/support/Extensions3DChromium.cpp:
(WebCore::Extensions3DChromium::createVertexArrayOES):
(WebCore::Extensions3DChromium::deleteVertexArrayOES):
(WebCore::Extensions3DChromium::isVertexArrayOES):
(WebCore::Extensions3DChromium::bindVertexArrayOES):

LayoutTests:

Brought over KHRONOS conformance test for OES_vertex_array_object

* fast/canvas/webgl/oes-vertex-array-object-expected.txt: Added.
* fast/canvas/webgl/oes-vertex-array-object.html: Added.
* platform/efl/Skipped:
* platform/gtk-wk2/Skipped:
* platform/mac/Skipped:
* platform/wk2/Skipped:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129275 268f45cc-cd09-0410-ab3c-d52691b4dbfc

* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::store8):
(MacroAssemblerARMv7):
* offlineasm/armv7.rb:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129274 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97277

Reviewed by Tony Chang.

Source/WebCore:

Remove HarfBuzz dependency from GlyphPageTreeNodeSkia. Use OpenTypeVerticalData instead.

No new tests. Rebaselined existing tests.

* WebCore.gyp/WebCore.gyp: Added OpenTypeTypes.h and OpenTypeVerticalData.(cpp|h) for linux and android.
* platform/graphics/FontCache.cpp:
Inserted a space between > and > in typedef of FontVerticalDataCache so that making some compilers happy.
(WebCore):
* platform/graphics/SimpleFontData.h:
(SimpleFontData): Moved declaration of m_verticalData to avoid compile warnings.
* platform/graphics/harfbuzz/FontPlatformDataHarfBuzz.cpp:
(WebCore):
(WebCore::FontPlatformData::verticalData): Added.
(WebCore::FontPlatformData::openTypeTable): Added.
* platform/graphics/harfbuzz/FontPlatformDataHarfBuzz.h:
(WebCore):
(FontPlatformData):
* platform/graphics/skia/GlyphPageTreeNodeSkia.cpp: Removed substituteWithVerticalGlyphs().
(WebCore::GlyphPage::fill):

Source/WebKit/chromium:

* features.gypi: Enable OPENTYPE_VERTICAL on linux and android.

LayoutTests:

Rebaselined vertical writing test expectations.

* platform/chromium-linux/editing/selection/vertical-lr-ltr-extend-line-backward-br-expected.png:
* platform/chromium-linux/editing/selection/vertical-lr-ltr-extend-line-forward-br-expected.png:
* platform/chromium-linux/editing/selection/vertical-rl-ltr-extend-line-backward-br-expected.png:
* platform/chromium-linux/editing/selection/vertical-rl-ltr-extend-line-backward-p-expected.png:
* platform/chromium-linux/editing/selection/vertical-rl-ltr-extend-line-backward-wrap-expected.png:
* platform/chromium-linux/editing/selection/vertical-rl-ltr-extend-line-forward-br-expected.png:
* platform/chromium-linux/editing/selection/vertical-rl-ltr-extend-line-forward-p-expected.png:
* platform/chromium-linux/editing/selection/vertical-rl-ltr-extend-line-forward-wrap-expected.png:
* platform/chromium-linux/fast/dynamic/text-combine-expected.png:
* platform/chromium-linux/fast/repaint/japanese-rl-selection-repaint-expected.png:
* platform/chromium-linux/fast/text/international/text-spliced-font-expected.png:
* platform/chromium-linux/fast/writing-mode/Kusa-Makura-background-canvas-expected.png:
* platform/chromium-linux/fast/writing-mode/border-vertical-lr-expected.png:
* platform/chromium-linux/fast/writing-mode/japanese-lr-selection-expected.png:
* platform/chromium-linux/fast/writing-mode/japanese-lr-text-expected.png:
* platform/chromium-linux/fast/writing-mode/japanese-rl-selection-expected.png:
* platform/chromium-linux/fast/writing-mode/japanese-rl-text-expected.png:
* platform/chromium-linux/fast/writing-mode/japanese-rl-text-with-broken-font-expected.png:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129273 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97328

Reviewed by Mark Hahnenberg.

It's a bad idea to emit stub code that reallocates property storage when we're in indexed
storage mode. DFGRepatch.cpp knew this and had the appropriate check in one of the places,
but it didn't have it in all of the places.
        
This change also adds some more handy disassembly support, which I used to find the bug.

* assembler/LinkBuffer.h:
(JSC):
* dfg/DFGRepatch.cpp:
(JSC::DFG::generateProtoChainAccessStub):
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::tryBuildGetByIDList):
(JSC::DFG::emitPutReplaceStub):
(JSC::DFG::emitPutTransitionStub):
(JSC::DFG::tryCachePutByID):
* jit/JITStubRoutine.h:
(JSC):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129272 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97367

Patch by Jeremy Apthorp <jeremya@chromium.org> on 2012-09-21
Reviewed by Abhishek Arya.

The document could be destroyed during the processing of the
fullscreenchange event, if the document was destroyed as a result of
one of the dispatchEvent calls.

This bug isn't reliably reproducible, so no new tests.

* dom/Document.cpp:
(WebCore::Document::fullScreenChangeDelayTimerFired):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129270 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=91079
<rdar://problem/12332660>

Reviewed by Anders Carlsson.

* WebProcess/com.apple.WebProcess.sb.in:
Add pragma to ignore the invalid preprocessor warnings.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129269 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed. The test assert in Debug, skip it until this has been fixed.

Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-09-21

* platform/wk2/Skipped:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129268 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97363

Reviewed by David Kilzer.

No new tests because no functional change.

* Configurations/WebCoreTestSupport.xcconfig:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129267 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97373

Reviewed by Mark Hahnenberg.

Source/JavaScriptCore: 

* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::pureCSE):
(JSC::DFG::CSEPhase::getArrayLengthElimination):
(JSC::DFG::CSEPhase::putStructureStoreElimination):
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGGraph.h:
(Graph):

LayoutTests: 

* fast/js/dfg-holy-put-by-val-interferes-with-get-array-length-expected.txt: Added.
* fast/js/dfg-holy-put-by-val-interferes-with-get-array-length.html: Added.
* fast/js/jsc-test-list:
* fast/js/script-tests/dfg-holy-put-by-val-interferes-with-get-array-length.js: Added.
(foo):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129266 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97364

Reviewed by Ryosuke Niwa.

* Scripts/webkitpy/layout_tests/models/test_expectations.py:
(TestExpectationParser._collect_matching_tests):
(TestExpectationParser):
(TestExpectationParser._tokenize_line):
* Scripts/webkitpy/layout_tests/models/test_expectations_unittest.py:
(SkippedTests.test_skipped_entry_dont_exist):
(ExpectationSyntaxTests.assert_tokenize_exp):
(ExpectationSyntaxTests.test_bare_name):
(ExpectationSyntaxTests.test_bare_name_and_bugs):
(ExpectationSyntaxTests.test_comments):
(ExpectationSyntaxTests.test_config_modifiers):
(ExpectationSyntaxTests.test_unknown_config):
(ExpectationSyntaxTests.test_unknown_expectation):
(ExpectationSyntaxTests.test_skip):
(ExpectationSyntaxTests.test_slow):
(ExpectationSyntaxTests.test_wontfix):
(ExpectationSyntaxTests.test_blank_line):
(ExpectationSyntaxTests.test_warnings):
(RebaseliningTest.test_no_get_rebaselining_failures):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129265 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97370

Reviewed by Timothy Horton.

Distinguish between conditions that already set the errorMessage,
and unresponsiveness due to slow about:blank loads when WTR
reports unresponsiveness.

* WebKitTestRunner/TestInvocation.cpp:
(WTR::TestInvocation::invoke):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129264 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed, rolled DEPS.

* DEPS:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129263 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97271

* platform/win/Skipped:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129262 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed, rolled DEPS.

* DEPS:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129261 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97050

Reviewed by Eric Carlson.

.:

* Source/cmake/WebKitFeatures.cmake:

Source/JavaScriptCore:

* Configurations/FeatureDefines.xcconfig:

Source/WebCore:

The Web Audio API specification has undergone much review and some small API changes
have been made (mostly naming-related changes).  This patch adds an ENABLE_LEGACY_WEB_AUDIO
build option to allow ports to support the old names.

Tests changed:
audiobuffersource-playbackrate.html
audiobuffersource.html
note-grain-on-testing.js
oscillator-testing.js

* Configurations/FeatureDefines.xcconfig:
* GNUmakefile.features.am:
* Modules/webaudio/AudioBufferSourceNode.cpp:
(WebCore::AudioBufferSourceNode::startGrain):
(WebCore):
(WebCore::AudioBufferSourceNode::noteGrainOn):
* Modules/webaudio/AudioBufferSourceNode.h:
(AudioBufferSourceNode):
* Modules/webaudio/AudioBufferSourceNode.idl:
* Modules/webaudio/AudioScheduledSourceNode.cpp:
(WebCore::AudioScheduledSourceNode::start):
(WebCore::AudioScheduledSourceNode::stop):
(WebCore):
(WebCore::AudioScheduledSourceNode::noteOn):
(WebCore::AudioScheduledSourceNode::noteOff):
* Modules/webaudio/AudioScheduledSourceNode.h:
* Modules/webaudio/Oscillator.idl:
* page/FeatureObserver.h:

Source/WebKit/chromium:

* features.gypi:

Source/WebKit/mac:

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

* Configurations/FeatureDefines.xcconfig:

Tools:

* Scripts/webkitperl/FeatureList.pm:

LayoutTests:

* webaudio/audiobuffersource-playbackrate.html:
* webaudio/audiobuffersource.html:
* webaudio/resources/note-grain-on-testing.js:
(playGrain):
* webaudio/resources/oscillator-testing.js:
(generateExponentialOscillatorSweep):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129260 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=97362

Reviewed by Ojan Vafai.

This patch updates all the unit tests that were still using the
old TestExpectations syntax to use the new syntax *except* for
the tests that were specifically testing that we parsed the old
syntax correctly.

Also, a block of tests for the new syntax were duplicated, so
I've deleted the duplicate.

Note that the old syntax is still supported so this change should
produce no visible changes.

* Scripts/webkitpy/layout_tests/models/test_expectations_unittest.py:
(MiscTests.test_multiple_results):
(MiscTests.test_category_expectations):
(MiscTests.test_error_on_different_platform):
(MiscTests.test_error_on_different_build_type):
(MiscTests.test_overrides):
(MiscTests.test_overrides__directory):
(MiscTests.test_overrides__duplicate):
(MiscTests.test_more_specific_override_resets_skip):
(SkippedTests.check):
(SkippedTests.test_duplicate_skipped_test_fails_lint):
(SkippedTests.test_skipped_file_overrides_expectations):
(SkippedTests.test_skipped_dir_overrides_expectations):
(SkippedTests.test_skipped_file_overrides_overrides):
(SkippedTests.test_skipped_dir_overrides_overrides):
(ExpectationSyntaxTests.disabled_test_missing_expectation):
(ExpectationSyntaxTests.disabled_test_missing_colon):
(ExpectationSyntaxTests.disabled_test_too_many_colons):
(ExpectationSyntaxTests.disabled_test_too_many_equals_signs):
(ExpectationSyntaxTests):
(ExpectationSyntaxTests.test_unrecognized_expectation):
(ExpectationSyntaxTests.test_macro):
(SemanticTests.test_bug_format):
(SemanticTests.test_bad_bugid):
(SemanticTests.test_missing_bugid):
(SemanticTests.test_slow_and_timeout):
(SemanticTests.test_rebaseline):
(test_missing_file):
(test_ambiguous):
(test_more_modifiers):
(test_order_in_file):
(test_macro_overrides):
(OldExpectationParserTests):
(OldExpectationParserTests._tokenize):
(OldExpectationParserTests.test_tokenize_extra_colon):
(OldExpectationParserTests.test_tokenize_missing_equal):
(OldExpectationParserTests.test_tokenize_extra_equal):
* Scripts/webkitpy/layout_tests/run_webkit_tests_integrationtest.py:
(MainTest.test_skip_failing_tests):
(MainTest.test_additional_expectations):
* Scripts/webkitpy/style/checkers/test_expectations_unittest.py:
(TestExpectationsTestCase.test_valid_expectations):
(TestExpectationsTestCase.test_invalid_expectations):
(TestExpectationsTestCase.test_tab):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129259 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Unreviewed. As in https://bugs.webkit.org/show_bug.cgi?id=92916, Windows specific results need to be added for various accessibility tests.

* platform/win/accessibility/aria-toggle-button-with-title-expected.txt: Added.
* platform/win/accessibility/canvas-fallback-content-2-expected.txt: Added.
* platform/win/accessibility/img-fallsback-to-title-expected.txt: Added.
* platform/win/accessibility/svg-image-expected.txt: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129258 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=96282

Reviewed by Tony Chang.

Migrating away from PlatformSupport. getFontFamilyForCharacters is
moved to FontCache.h and overridden by the two platforms that
need it (Chromium Linux and Blackberry). New files for the overrides.
Part of a larger refactoring series. See tracking bug 82948.

Source/WebCore:

* PlatformBlackBerry.cmake:
* WebCore.gypi:
* platform/chromium/PlatformSupport.h:
(PlatformSupport):
* platform/graphics/FontCache.h:
(SimpleFontFamily):
(FontCache):
* platform/graphics/blackberry/FontCacheBlackberry.cpp: Added.
(WebCore):
(WebCore::FontCache::getFontFamilyForCharacters):
* platform/graphics/blackberry/skia/PlatformSupport.cpp:
(WebCore):
* platform/graphics/blackberry/skia/PlatformSupport.h:
(PlatformSupport):
* platform/graphics/chromium/FontCacheAndroid.cpp:
(WebCore::FontCache::getFontDataForCharacters):
* platform/graphics/chromium/FontCacheChromiumLinux.cpp: Added.
(WebCore):
(WebCore::FontCache::getFontFamilyForCharacters):
* platform/graphics/skia/FontCacheSkia.cpp:
(WebCore::FontCache::getFontDataForCharacters):

Source/WebKit/chromium:

* src/PlatformSupport.cpp:
(WebCore):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129257 268f45cc-cd09-0410-ab3c-d52691b4dbfc