1. 24 Sep, 2011 9 commits
    • ggaren@apple.com's avatar
      Some Windows build fixage. · feddf01d
      ggaren@apple.com authored
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::sweep):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::isLive): Show the compiler that all control paths
      return a value. There, there, compiler. Everything's going to be OK.
      
      * runtime/JSCell.h:
      (JSC::JSCell::setVPtr): Oops! Unrename this function.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95914 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      feddf01d
    • mihaip@chromium.org's avatar
      Mark an svg/ test as slow, and remove incorrect baselines for another. · bf1ededb
      mihaip@chromium.org authored
      * platform/chromium-cg-mac-leopard/fast/ruby/ruby-text-before-after-content-expected.txt: Removed.
      * platform/chromium/test_expectations.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95913 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bf1ededb
    • ggaren@apple.com's avatar
      Allocate new objects unmarked · b94f6ba6
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68764
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      This is a pre-requisite to using the mark bit to determine object age.
      
      ~2% v8 speedup, mostly due to a 12% v8-splay speedup.
      
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::isLive):
      (JSC::MarkedBlock::isLiveCell): These two functions are the reason for
      this patch. They can now determine object liveness without relying on
      newly allocated objects having their mark bits set. Each MarkedBlock
      now has a state variable that tells us how to determine whether its
      cells are live. (This new state variable supercedes the old one about
      destructor state. The rest of this patch is just refactoring to support
      the invariants of this new state variable without introducing a
      performance regression.)
      
      (JSC::MarkedBlock::didConsumeFreeList): New function for updating interal
      state when a block becomes fully allocated.
      
      (JSC::MarkedBlock::clearMarks): Folded a state change to 'Marked' into
      this function because, logically, clearing all mark bits is the first
      step in saying "mark bits now exactly reflect object liveness".
      
      (JSC::MarkedBlock::markCountIsZero): Renamed from isEmpty() to clarify
      that this function only tells you about the mark bits, so it's only
      meaningful if you've put the mark bits into a meaningful state before
      calling it.
      
      (JSC::MarkedBlock::forEachCell): Changed to use isLive() helper function
      instead of testing mark bits, since mark bits are not always the right
      way to find out if an object is live anymore. (New objects are live, but
      not marked.)
      
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::recycle):
      (JSC::MarkedBlock::MarkedBlock): Folded all initialization -- even
      initialization when recycling an old block -- into the MarkedBlock
      constructor, for simplicity.
      
      (JSC::MarkedBlock::callDestructor): Inlined for speed. Always check for
      a zapped cell before running a destructor, and always zap after
      running a destructor. This does not seem to be expensive, and the
      alternative just creates a too-confusing matrix of possible cell states
      ((zombie undestructed cell + zombie destructed cell + zapped destructed
      cell) * 5! permutations for progressing through block states = "Oh my!").
      
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep): Maintained and expanded a pre-existing
      optimization to use template specialization to constant fold lots of
      branches and elide certain operations entirely during a sweep. Merged
      four or five functions that were logically about sweeping into this one
      function pair, so there's only one way to do things now, it's
      automatically correct, and it's always fast.
      
      (JSC::MarkedBlock::zapFreeList): Renamed this function to be more explicit
      about exactly what it does, and to honor the new block state system.
      
      * heap/AllocationSpace.cpp:
      (JSC::AllocationSpace::allocateBlock): Updated for rename.
      
      (JSC::AllocationSpace::freeBlocks): Updated for changed interface.
      
      (JSC::TakeIfUnmarked::TakeIfUnmarked):
      (JSC::TakeIfUnmarked::operator()):
      (JSC::TakeIfUnmarked::returnValue): Just like isEmpty() above, renamed
      to clarify that this functor only tests the mark bits, so it's only
      valid if you've put the mark bits into a meaningful state before
      calling it.
              
      (JSC::AllocationSpace::shrink): Updated for rename.
      
      * heap/AllocationSpace.h:
      (JSC::AllocationSpace::canonicalizeCellLivenessData): Renamed to be a
      little more specific about what we're making canonical.
      
      (JSC::AllocationSpace::forEachCell): Updated for rename.
      
      (JSC::AllocationSpace::forEachBlock): No need to canonicalize cell
      liveness data before iterating blocks -- clients that want iterated
      blocks to have valid cell lieveness data should make this call for
      themselves. (And not all clients want it.)
      
      * heap/ConservativeRoots.cpp:
      (JSC::ConservativeRoots::genericAddPointer): Updated for rename. Removed
      obsolete comment.
      
      * heap/Heap.cpp:
      (JSC::CountFunctor::ClearMarks::operator()): Removed call to notify...()
      because clearMarks() now does that implicitly.
      
      (JSC::Heap::destroy): Make sure to canonicalize before tear-down, since
      tear-down tests cell liveness when running destructors.
      
      (JSC::Heap::markRoots):
      (JSC::Heap::collect): Moved weak reference harvesting out of markRoots()
      and into collect, since it strictly depends on root marking, and does
      not contribute to root marking.
      
      (JSC::Heap::canonicalizeCellLivenessData): Renamed to be a little more
      specific about what we're making canonical.
      
      * heap/Heap.h:
      (JSC::Heap::forEachProtectedCell): No need to canonicalize cell liveness
      data before iterating protected cells, since we know they're all live,
      and don't need to test for it.
      
      * heap/Local.h:
      (JSC::::set): Can't make the same ASSERT we used to because we just don't
      have the mark bits for it anymore. Perhaps we can bring this ASSERT back
      in a weaker form in the future.
      
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::addBlock):
      (JSC::MarkedSpace::removeBlock): Updated for interface change.
      (JSC::MarkedSpace::canonicalizeCellLivenessData): Renamed to be a little more
      specific about what we're making canonical.
      
      * heap/MarkedSpace.h:
      (JSC::MarkedSpace::allocate):
      (JSC::MarkedSpace::SizeClass::SizeClass):
      (JSC::MarkedSpace::SizeClass::resetAllocator):
      (JSC::MarkedSpace::SizeClass::zapFreeList): Simplified this allocator
      functionality a bit. We now track only one block -- "currentBlock" --
      and rely on its internal state to know whether it has more cells to
      allocate.
      
      * heap/Weak.h:
      (JSC::Weak::set): Can't make the same ASSERT we used to because we just don't
      have the mark bits for it anymore. Perhaps we can bring this ASSERT back
      in a weaker form in the future.
      
      * runtime/JSCell.h:
      (JSC::JSCell::vptr):
      (JSC::JSCell::zap):
      (JSC::JSCell::isZapped):
      (JSC::isZapped): Made zapping a property of JSCell, for a little abstraction.
      In the future, exactly how a JSCell zaps itself will change, as the
      internal representation of JSCell changes.
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
              
      Made this flaky test less flaky. (Just enough to make my patch not fail.)
      
      * fast/dom/gc-10.html: Count objects immediately after GC to get an
      exact count. Call 'reload' a few times to improve test coverage. Preload
      properties in case they're lazily instantiated, which would change
      object count numbers. Also, use the 'var' keyword like a good little
      JavaScripter.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95912 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b94f6ba6
    • abarth@webkit.org's avatar
      Remove ENABLE(WCSS) and associated code · 546aea6d
      abarth@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68759
      
      Reviewed by Darin Adler.
      
      .:
      
      * configure.ac:
      
      Source/WebCore:
      
      As discussed on webkit-dev, we are removing this feature from trunk to
      reduce the number of different configurations.
      
      * CodeGenerators.pri:
      * GNUmakefile.am:
      * WebCore.pro:
      * css/CSSParser.cpp:
      (WebCore::CSSParser::parseValue):
      * css/CSSParser.h:
      * css/CSSPrimitiveValueMappings.h:
      (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
      * css/CSSStyleSelector.cpp:
      (WebCore::CSSStyleSelector::applyProperty):
      * css/WCSSPropertyNames.in: Removed.
      * css/WCSSValueKeywords.in: Removed.
      * features.pri:
      * html/HTMLInputElement.cpp:
      (WebCore::HTMLInputElement::HTMLInputElement):
      * html/HTMLInputElement.h:
      * html/TextFieldInputType.cpp:
      (WebCore::TextFieldInputType::sanitizeValue):
      (WebCore::TextFieldInputType::handleBeforeTextInsertedEvent):
      * rendering/RenderMarquee.cpp:
      (WebCore::RenderMarquee::start):
      * rendering/RenderObject.cpp:
      (WebCore::RenderObject::createObject):
      * rendering/style/RenderStyleConstants.h:
      
      Tools:
      
      * Scripts/build-webkit:
      * Scripts/old-run-webkit-tests:
      * Scripts/webkitperl/features.pm:
      (hasFeature):
      * Scripts/webkitpy/layout_tests/port/webkit.py:
      * Scripts/webkitpy/layout_tests/port/webkit_unittest.py:
      
      LayoutTests:
      
      * fast/wcss: Removed.
      * fast/wcss/wap-input-format-expected.txt: Removed.
      * fast/wcss/wap-input-format.xhtml: Removed.
      * fast/wcss/wap-input-required-expected.txt: Removed.
      * fast/wcss/wap-input-required.xhtml: Removed.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95911 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      546aea6d
    • fpizlo@apple.com's avatar
      DFG JIT should not eagerly initialize integer tags in the register file · e48133c7
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68763
      
      Reviewed by Oliver Hunt.
      
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::ValueRecovery::dump):
      (JSC::DFG::OSRExit::OSRExit):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
      (JSC::DFG::OSRExit::operandForArgument):
      (JSC::DFG::OSRExit::operandForIndex):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95910 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e48133c7
    • mitz@apple.com's avatar
      Added Snow Leopard-specific expected results. · 2ed3a9eb
      mitz@apple.com authored
      * platform/mac-snowleopard/platform/mac/fast/text/combining-character-sequence-fallback-expected.txt: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95909 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2ed3a9eb
    • alex@webkit.org's avatar
      2011-09-24 Alejandro G. Castro <alex@igalia.com> · 6fd1ddc9
      alex@webkit.org authored
              Fixed GTK compilation after r95878, the operator== was defined
              twice when USE_WEBPROCESS_EVENT_SIMULATION is defined.
      
              * WebKitTestRunner/InjectedBundle/EventSendingController.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95908 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6fd1ddc9
    • commit-queue@webkit.org's avatar
      SVGAnimation does not support 'values' for from-to animations · 56d0e548
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=64859
      
      Patch by Young Han Lee <joybro@company100.net> on 2011-09-24
      Reviewed by Dirk Schulze.
      
      If from-to animation have discrete calc-mode and have a 'keyTimes' list, values of
      the keyTimes indicate the begin and the end of the animation respectively.[1][2]
      
      When keyTimes is given, calculate the progress percentage of the animation with it
      even for from-to animation.
      
      [1] http://www.w3.org/TR/SVG/animate.html#ValueAttributes
      [2] http://www.w3.org/TR/2001/REC-smil-animation-20010904/#AnimFuncValues
      
      Source/WebCore:
      
      Test: svg/animations/animate-from-to-keyTimes.html
      
      * svg/SVGAnimationElement.cpp:
      (WebCore::SVGAnimationElement::calculatePercentForFromTo):
      (WebCore::SVGAnimationElement::updateAnimation):
      * svg/SVGAnimationElement.h:
      
      LayoutTests:
      
      * svg/animations/animate-from-to-keyTimes-expected.txt: Added.
      * svg/animations/animate-from-to-keyTimes.html: Added.
      * svg/animations/script-tests/animate-from-to-keyTimes.js: Added.
      (sample1):
      (sample2):
      (executeTest):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95907 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      56d0e548
    • cfleizach@apple.com's avatar
      WebKit does not expose AXPlaceholder value on password fields · d51019c1
      cfleizach@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68745
      
      Reviewed by Oliver Hunt.
      
      Source/WebCore: 
      
      * accessibility/mac/WebAccessibilityObjectWrapper.mm:
      (-[WebAccessibilityObjectWrapper accessibilityAttributeNames]):
      
      LayoutTests: 
      
      * accessibility/placeholder-expected.txt:
      * accessibility/placeholder.html:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95906 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d51019c1
  2. 23 Sep, 2011 31 commits
    • barraclough@apple.com's avatar
      Add JSVALUE32_64 support to DFG JIT · 87fa5eaa
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=67460
      
      Patch by Yuqiang Xian <yuqiang.xian@intel.com> on 2011-09-23
      Reviewed by Gavin Barraclough.
      
      Add cmake options to enable DFG JIT compilation for EFL port
      
      * Source/cmake/OptionsEfl.cmake:
      * Source/cmakeconfig.h.cmake:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95905 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      87fa5eaa
    • commit-queue@webkit.org's avatar
      [DRT] Include the right config file for EFL's DRT. · a8f3b643
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=67042
      
      Patch by Raphael Kubo da Costa <kubo@profusion.mobi> on 2011-09-23
      Reviewed by Martin Robinson.
      
      Ports which use CMake as their buildsystem (such as the EFL one) also
      have config.h files, but they are named differently, so include the
      right one depending on the buildsystem being used.
      
      * DumpRenderTree/config.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95904 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a8f3b643
    • mrowe@apple.com's avatar
      Fix the build. · b54f3cd3
      mrowe@apple.com authored
      * loader/CrossOriginAccessControl.cpp:
      (WebCore::passesAccessControlCheck): Get rid of the exit-time destructor.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95903 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b54f3cd3
    • barraclough@apple.com's avatar
      Add JSVALUE32_64 support to DFG JIT · d910c0d8
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=67460
      
      Patch by Yuqiang Xian <yuqiang.xian@intel.com> on 2011-09-23
      Reviewed by Gavin Barraclough.
      
      This is the initial attempt to add JSVALUE32_64 support to DFG JIT.
      It's tested on IA32 Linux EFL port currently. It still cannot run
      all the test cases and benchmarks so should be turned off now.
              
      The major work includes:
      1) dealing with JSVALUE32_64 data format in DFG JIT;
      2) bindings between 64-bit JS Value and 32-bit registers;
      3) handling of function calls. Currently for DFG operation function
      calls we follow the X86 cdecl calling convention on Linux, and the
      implementation is in a naive way by pushing the arguments into stack
      one by one.
              
      The known issues include:
      1) some code duplicates unnecessarily, especially in Speculative JIT
      code generation, where most of the operations on SpeculataInteger /
      SpeculateDouble should be identical to the JSVALUE64 code. Refactoring
      is needed in the future;
      2) lack of op_call and op_construct support, comparing to current
      JSVALUE64 DFG;
      3) currently integer speculations assume to be StrictInt32;
      4) lack of JSBoolean speculations;
      5) boxing and unboxing doubles could be improved;
      6) DFG X86 register description is different with the baseline JIT,
      the timeoutCheckRegister is used for general purpose usage;
      7) calls to runtime functions with primitive double parameters (e.g.
      fmod) don't work. Support needs to be added to the assembler to
      implement the mechanism of passing double parameters for X86 cdecl
      convention.
              
      And there should be many other hidden bugs which should be exposed and
      resolved in later debugging process.
      
      * CMakeListsEfl.txt:
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::loadDouble):
      (JSC::MacroAssemblerX86::storeDouble):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::movsd_rm):
      * bytecode/StructureStubInfo.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGFPRInfo.h:
      (JSC::DFG::FPRInfo::debugName):
      * dfg/DFGGPRInfo.h:
      (JSC::DFG::GPRInfo::toRegister):
      (JSC::DFG::GPRInfo::toIndex):
      (JSC::DFG::GPRInfo::debugName):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::needDataFormatConversion):
      (JSC::DFG::GenerationInfo::initJSValue):
      (JSC::DFG::GenerationInfo::initDouble):
      (JSC::DFG::GenerationInfo::gpr):
      (JSC::DFG::GenerationInfo::tagGPR):
      (JSC::DFG::GenerationInfo::payloadGPR):
      (JSC::DFG::GenerationInfo::fpr):
      (JSC::DFG::GenerationInfo::fillJSValue):
      (JSC::DFG::GenerationInfo::fillCell):
      (JSC::DFG::GenerationInfo::fillDouble):
      * dfg/DFGJITCodeGenerator.cpp:
      * dfg/DFGJITCodeGenerator.h:
      (JSC::DFG::JITCodeGenerator::allocate):
      (JSC::DFG::JITCodeGenerator::use):
      (JSC::DFG::JITCodeGenerator::registersMatched):
      (JSC::DFG::JITCodeGenerator::silentSpillGPR):
      (JSC::DFG::JITCodeGenerator::silentFillGPR):
      (JSC::DFG::JITCodeGenerator::silentFillFPR):
      (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
      (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
      (JSC::DFG::JITCodeGenerator::boxDouble):
      (JSC::DFG::JITCodeGenerator::unboxDouble):
      (JSC::DFG::JITCodeGenerator::spill):
      (JSC::DFG::addressOfDoubleConstant):
      (JSC::DFG::integerResult):
      (JSC::DFG::jsValueResult):
      (JSC::DFG::setupResults):
      (JSC::DFG::callOperation):
      (JSC::JSValueOperand::JSValueOperand):
      (JSC::JSValueOperand::~JSValueOperand):
      (JSC::JSValueOperand::isDouble):
      (JSC::JSValueOperand::fill):
      (JSC::JSValueOperand::tagGPR):
      (JSC::JSValueOperand::payloadGPR):
      (JSC::JSValueOperand::fpr):
      (JSC::GPRTemporary::~GPRTemporary):
      (JSC::GPRTemporary::gpr):
      (JSC::GPRResult2::GPRResult2):
      * dfg/DFGJITCodeGenerator32_64.cpp: Added.
      (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
      (JSC::DFG::JITCodeGenerator::fillInteger):
      (JSC::DFG::JITCodeGenerator::fillDouble):
      (JSC::DFG::JITCodeGenerator::fillJSValue):
      (JSC::DFG::JITCodeGenerator::fillStorage):
      (JSC::DFG::JITCodeGenerator::useChildren):
      (JSC::DFG::JITCodeGenerator::isStrictInt32):
      (JSC::DFG::JITCodeGenerator::isKnownInteger):
      (JSC::DFG::JITCodeGenerator::isKnownNumeric):
      (JSC::DFG::JITCodeGenerator::isKnownCell):
      (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
      (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
      (JSC::DFG::JITCodeGenerator::isKnownBoolean):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
      (JSC::DFG::JITCodeGenerator::cachedGetById):
      (JSC::DFG::JITCodeGenerator::writeBarrier):
      (JSC::DFG::JITCodeGenerator::cachedPutById):
      (JSC::DFG::JITCodeGenerator::cachedGetMethod):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
      (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
      (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
      (JSC::DFG::JITCodeGenerator::emitBranch):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
      (JSC::DFG::JITCodeGenerator::emitCall):
      (JSC::DFG::JITCodeGenerator::speculationCheck):
      (JSC::DFG::dataFormatString):
      (JSC::DFG::JITCodeGenerator::dump):
      (JSC::DFG::JITCodeGenerator::checkConsistency):
      (JSC::DFG::GPRTemporary::GPRTemporary):
      (JSC::DFG::FPRTemporary::FPRTemporary):
      * dfg/DFGJITCompiler.cpp:
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::tagForGlobalVar):
      (JSC::DFG::JITCompiler::payloadForGlobalVar):
      (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
      (JSC::DFG::JITCompiler::addressOfDoubleConstant):
      (JSC::DFG::JITCompiler::boxDouble):
      (JSC::DFG::JITCompiler::unboxDouble):
      (JSC::DFG::JITCompiler::addPropertyAccess):
      (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
      * dfg/DFGJITCompiler32_64.cpp: Added.
      (JSC::DFG::JITCompiler::fillNumericToDouble):
      (JSC::DFG::JITCompiler::fillInt32ToInteger):
      (JSC::DFG::JITCompiler::fillToJS):
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::compileEntry):
      (JSC::DFG::JITCompiler::compileBody):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      (JSC::DFG::JITCompiler::jitAssertIsInt32):
      (JSC::DFG::JITCompiler::jitAssertIsJSInt32):
      (JSC::DFG::JITCompiler::jitAssertIsJSNumber):
      (JSC::DFG::JITCompiler::jitAssertIsJSDouble):
      (JSC::DFG::JITCompiler::jitAssertIsCell):
      (JSC::DFG::JITCompiler::emitCount):
      (JSC::DFG::JITCompiler::setSamplingFlag):
      (JSC::DFG::JITCompiler::clearSamplingFlag):
      * dfg/DFGJITCompilerInlineMethods.h: Added.
      (JSC::DFG::JITCompiler::emitLoadTag):
      (JSC::DFG::JITCompiler::emitLoadPayload):
      (JSC::DFG::JITCompiler::emitLoad):
      (JSC::DFG::JITCompiler::emitLoad2):
      (JSC::DFG::JITCompiler::emitLoadDouble):
      (JSC::DFG::JITCompiler::emitLoadInt32ToDouble):
      (JSC::DFG::JITCompiler::emitStore):
      (JSC::DFG::JITCompiler::emitStoreInt32):
      (JSC::DFG::JITCompiler::emitStoreCell):
      (JSC::DFG::JITCompiler::emitStoreBool):
      (JSC::DFG::JITCompiler::emitStoreDouble):
      * dfg/DFGNode.h:
      * dfg/DFGOperations.cpp:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryCachePutByID):
      * dfg/DFGSpeculativeJIT.cpp:
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::ValueRecovery::inGPR):
      (JSC::DFG::ValueRecovery::inPair):
      (JSC::DFG::ValueRecovery::tagGPR):
      (JSC::DFG::ValueRecovery::payloadGPR):
      * dfg/DFGSpeculativeJIT32_64.cpp: Added.
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::ValueSource::dump):
      (JSC::DFG::ValueRecovery::dump):
      (JSC::DFG::OSRExit::OSRExit):
      (JSC::DFG::OSRExit::dump):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
      (JSC::DFG::SpeculativeJIT::convertToDouble):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::compileMovHint):
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * runtime/JSValue.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95902 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d910c0d8
    • darin@apple.com's avatar
      Set eol-style to native on many source files where it was unset. · 2919d671
      darin@apple.com authored
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95901 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2919d671
    • abarth@webkit.org's avatar
      Canvas security checks show up on HTML5GamingTest benchmark · 0e500df5
      abarth@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68743
      
      Reviewed by Oliver Hunt.
      
      Prior to this patch, the canvas security checks took as much as 4% of
      the time on the HTML5GamingTest benchmark:
      
      http://craftymind.com/factory/guimark2/HTML5GamingTest.html
      
      This patch uses a couple of AtomicStrings and shuffles around the order
      of the security check to take this down to around 0.1% (which is near
      the noise floor of what I can measure with my profiler).
      
      * html/canvas/CanvasRenderingContext.cpp:
      (WebCore::CanvasRenderingContext::wouldTaintOrigin):
      * loader/CrossOriginAccessControl.cpp:
      (WebCore::passesAccessControlCheck):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95900 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0e500df5
    • commit-queue@webkit.org's avatar
      Source/WebCore: Unwarranted DOM Exception when canvas2D drawImage is called with src · c60e76cc
      commit-queue@webkit.org authored
      rect out of bounds
      https://bugs.webkit.org/show_bug.cgi?id=65709
      
      Patch by Justin Novosad <junov@chromium.org> on 2011-09-23
      Reviewed by Oliver Hunt.
      
      * html/canvas/CanvasRenderingContext2D.cpp:
      (WebCore::CanvasRenderingContext2D::drawImage):
      Return early without throwing an exception if source rectangle is out of
      bounds to match the spec.
      
      LayoutTests: Unwarranted DOM Exception when canvas2D drawImage is called with src
      rect is out of bounds
      https://bugs.webkit.org/show_bug.cgi?id=65709
      
      Patch by Justin Novosad <junov@chromium.org> on 2011-09-23
      Reviewed by Oliver Hunt.
      
      * fast/canvas/drawImage-with-invalid-args-expected.txt:
      * fast/canvas/drawImage-with-invalid-args.html:
      This test covers (among other things) cases where the source rectangle is
      _completely_ outside the bounds of the source image.  It was modified to no
      longer expect DOM exceptions
      * platform/chromium/test_expectations.txt:
      Out-dated test canvas/philip/tests/2d.drawImage.outsidesource.html
      is now expected to fail
      * platform/mac/Skipped:
      Skipping canvas/philip/tests/2d.drawImage.outsidesource.html
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95899 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c60e76cc
    • commit-queue@webkit.org's avatar
      Printing of notImplemented() when logging enabled. · 09b5142d
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=64590
      
      Printing of notImplemented() method was enabled on Debug builds only.
      Now it is enabled when logging is enabled.
      
      Patch by Lukasz Slachciak <l.slachciak@samsung.com> on 2011-09-23
      Reviewed by Oliver Hunt.
      
      No new tests because there is no new functionality.
      
      * platform/NotImplemented.h: Non-debug mode replaced with non-logging mode.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95898 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      09b5142d
    • mihaip@chromium.org's avatar
      [Chromium] REGRESSION (r95725): Resizing a window doesn't resize the contents · 42c4da71
      mihaip@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68730
      
      Reviewed by James Robinson.
      
      Source/WebCore:
      
      Adds a missing contentsResized() call in ScrollView::setFrameRect.
      
      Test: fast/dom/Window/window-resize-contents.html
      
      * platform/ScrollView.cpp:
      (WebCore::ScrollView::setFrameRect):
      
      LayoutTests:
      
      Test for resizing of the window triggering resizing of contents.
      
      * fast/dom/Window/window-resize-contents-expected.txt: Added.
      * fast/dom/Window/window-resize-contents.html: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95897 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      42c4da71
    • commit-queue@webkit.org's avatar
      [CMake] Detect amd64 as a valid 64-bit architecture. · dca7a664
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=67481
      
      Patch by Raphael Kubo da Costa <kubo@profusion.mobi> on 2011-09-23
      Reviewed by Oliver Hunt.
      
      Some operating systems (generally the BSDs) use amd64 instead of x86_64
      to report they're running on 64 bits, so consider it a valid value.
      
      * Source/CMakeLists.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95896 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      dca7a664
    • fpizlo@apple.com's avatar
      wtf/BitVector.h has a variety of bugs which manifest when the · 61a4da4f
      fpizlo@apple.com authored
      vector grows beyond 63 bits
      https://bugs.webkit.org/show_bug.cgi?id=68746
      
      Reviewed by Oliver Hunt.
              
      Out-of-lined slow path code in BitVector so that not every user
      of CodeBlock ends up having to compile it. Fixed a variety of
      index computation and size computation bugs.
              
      I have not seen these issues manifest themselves, but they are
      blocking a patch that uses BitVector more aggressively.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/WTF/WTF.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * wtf/BitVector.cpp: Added.
      (BitVector::BitVector):
      (BitVector::operator=):
      (BitVector::resize):
      (BitVector::clearAll):
      (BitVector::OutOfLineBits::create):
      (BitVector::OutOfLineBits::destroy):
      (BitVector::resizeOutOfLine):
      * wtf/BitVector.h:
      (WTF::BitVector::ensureSize):
      (WTF::BitVector::get):
      (WTF::BitVector::set):
      (WTF::BitVector::clear):
      (WTF::BitVector::byteCount):
      (WTF::BitVector::OutOfLineBits::numWords):
      (WTF::BitVector::OutOfLineBits::bits):
      (WTF::BitVector::outOfLineBits):
      * wtf/CMakeLists.txt:
      * wtf/wtf.pri:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95895 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      61a4da4f
    • adamk@chromium.org's avatar
      Add ENABLE_MUTATION_OBSERVERS feature flag · 7476c5e7
      adamk@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68732
      
      Reviewed by Ojan Vafai.
      
      This flag will guard an implementation of the "Mutation Observers" proposed in
      http://lists.w3.org/Archives/Public/public-webapps/2011JulSep/1622.html
      
      .:
      
      * configure.ac:
      
      Source/JavaScriptCore:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebCore:
      
      * Configurations/FeatureDefines.xcconfig:
      * GNUmakefile.am:
      
      Source/WebKit/chromium:
      
      * features.gypi:
      
      Source/WebKit/mac:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Tools:
      
      * Scripts/build-webkit:
      
      WebKitLibraries:
      
      * win/tools/vsprops/FeatureDefines.vsprops:
      * win/tools/vsprops/FeatureDefinesCairo.vsprops:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95894 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7476c5e7
    • mhahnenberg@apple.com's avatar
      De-virtualize JSCell::getJSNumber · e5e24647
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68651
      
      Reviewed by Oliver Hunt.
      
      Added a new JSType to check whether or not something is a 
      NumberObject (which includes NumberPrototype) in TypeInfo::isNumberObject because there's not 
      currently a better way to determine whether something is indeed a NumberObject.
      Also de-virtualized JSCell::getJSNumber, having it check the TypeInfo 
      for whether the object is a NumberObject or not.  This patch is part of 
      the larger process of de-virtualizing JSCell.
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * runtime/JSCell.cpp:
      (JSC::JSCell::getJSNumber):
      * runtime/JSCell.h:
      (JSC::JSValue::getJSNumber):
      * runtime/JSType.h:
      * runtime/JSTypeInfo.h:
      (JSC::TypeInfo::isNumberObject):
      * runtime/JSValue.h:
      * runtime/NumberObject.cpp:
      (JSC::NumberObject::getJSNumber):
      * runtime/NumberObject.h:
      (JSC::NumberObject::createStructure):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95893 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e5e24647
    • mihaip@chromium.org's avatar
      Rebaseline fast/ruby/ruby-text-before-after-content.html for Chromium Mac. · 804807af
      mihaip@chromium.org authored
      Mark media/controls-right-click-on-timebar.html as flaky.
      
      * platform/chromium-cg-mac-leopard/fast/ruby/ruby-text-before-after-content-expected.png: Added.
      * platform/chromium-cg-mac-leopard/fast/ruby/ruby-text-before-after-content-expected.txt: Added.
      * platform/chromium-mac/fast/ruby/ruby-text-before-after-content-expected.png: Added.
      * platform/chromium/test_expectations.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95892 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      804807af
    • jcivelli@chromium.org's avatar
      Making some WebBlob methods exportable. · 34d121d3
      jcivelli@chromium.org authored
      This is needed by the shared lib chromium build.
      https://bugs.webkit.org/show_bug.cgi?id=68709
      
      Reviewed by Darin Fisher.
      
      * public/WebBlob.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95891 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      34d121d3
    • commit-queue@webkit.org's avatar
      .: Refactor WebViewImpl::scrollFocusedNodeIntoRect to a better place and add tests · 90680248
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68198
      
      Patch by Varun Jain <varunjain@google.com> on 2011-09-23
      Reviewed by Dimitri Glazkov.
      
      * Source/autotools/symbols.filter:
      
      Source/WebCore: Refactor WebViewImpl::scrollFocusedNodeIntoRect to a better place and add tests
      https://bugs.webkit.org/show_bug.cgi?id=68198
      
      Patch by Varun Jain <varunjain@google.com> on 2011-09-23
      Reviewed by Dimitri Glazkov.
      
      Tests: fast/dom/scroll-element-to-rect-centered.html
             fast/dom/scroll-element-to-rect.html
      
      * WebCore.exp.in:
      * page/FrameView.cpp:
      (WebCore::FrameView::scrollElementToRect):
      * page/FrameView.h:
      * testing/Internals.cpp:
      (WebCore::Internals::scrollElementToRect):
      * testing/Internals.h:
      * testing/Internals.idl:
      
      Source/WebKit/chromium: Refactor WebViewImpl::scrollFocusedNodeIntoRect to a better place and add tests
      https://bugs.webkit.org/show_bug.cgi?id=68198
      
      Patch by Varun Jain <varunjain@google.com> on 2011-09-23
      Reviewed by Dimitri Glazkov.
      
      * public/WebView.h:
      (WebKit::WebView::scrollFocusedNodeIntoRect):
      * src/WebViewImpl.cpp:
      (WebKit::WebViewImpl::scrollFocusedNodeIntoRect):
      
      Source/WebKit2: Refactor WebViewImpl::scrollFocusedNodeIntoRect to a better place and add tests
      https://bugs.webkit.org/show_bug.cgi?id=68198
      
      Patch by Varun Jain <varunjain@google.com> on 2011-09-23
      Reviewed by Dimitri Glazkov.
      
      * win/WebKit2.def:
      * win/WebKit2CFLite.def:
      
      LayoutTests: Refactor WebViewImpl::scrollFocusedNodeIntoRect to a better place and add tests
      https://bugs.webkit.org/show_bug.cgi?id=68198
      
      Patch by Varun Jain <varunjain@google.com> on 2011-09-23
      Reviewed by Dimitri Glazkov.
      
      * fast/dom/scroll-element-to-rect-centered-expected.txt: Added.
      * fast/dom/scroll-element-to-rect-centered.html: Added.
      * fast/dom/scroll-element-to-rect-expected.txt: Added.
      * fast/dom/scroll-element-to-rect.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95890 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      90680248
    • mihaip@chromium.org's avatar
      Unreviewed, rolling out r95860. · 54ffaf76
      mihaip@chromium.org authored
      http://trac.webkit.org/changeset/95860
      https://bugs.webkit.org/show_bug.cgi?id=68648
      
      Breaks overhang rendering on Chromium Mac
      
      Source/WebCore:
      
      * platform/chromium/ScrollbarThemeChromium.cpp:
      * platform/chromium/ScrollbarThemeChromium.h:
      * platform/chromium/ScrollbarThemeChromiumMac.h:
      * platform/chromium/ScrollbarThemeChromiumMac.mm:
      (WebCore::ScrollbarThemeChromiumMac::ScrollbarThemeChromiumMac):
      (WebCore::ScrollbarThemeChromiumMac::paintOverhangAreas):
      
      Source/WebKit/chromium:
      
      * features.gypi:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95889 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      54ffaf76
    • dino@apple.com's avatar
      Add -webkit-filter to CSSPropertyNames · 335772d5
      dino@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68675
      
      Reviewed by Simon Fraser.
      
      Add property and rudimentary parsing for -webkit-filter. The
      property value isn't preserved anywhere yet. Add
      stub definition for computed style.
      
      * css/CSSComputedStyleDeclaration.cpp:
      (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
      * css/CSSParser.cpp:
      (WebCore::CSSParser::parseValue):
      (WebCore::CSSParser::parseFilter):
      * css/CSSParser.h:
      * css/CSSPropertyNames.in:
      * css/CSSStyleSelector.cpp:
      (WebCore::CSSStyleSelector::applyProperty):
      
      New test for rudimentary parsing of -webkit-filter.
      Since currently only the Apple port enables the
      feature, add this new test to the platform skip lists
      for GTK, QT and Chromium.
      
      * css3/filters/filter-property-expected.txt: Added.
      * css3/filters/filter-property.html: Added.
      * css3/filters/script-tests/TEMPLATE.html: Added.
      * css3/filters/script-tests/filter-property.js: Added.
      * platform/chromium/test_expectations.txt:
      * platform/gtk/Skipped:
      * platform/qt/Skipped:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95888 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      335772d5
    • fpizlo@apple.com's avatar
      Resolve opcodes should have value profiling. · eaaa4081
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68723
      
      Reviewed by Oliver Hunt.
              
      This adds value profiling to all forms of op_resolve in the
      old JIT, and patches that information into the DFG along with
      performing the appropriate type propagation.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::predict):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasIdentifier):
      (JSC::DFG::Node::resolveGlobalDataIndex):
      (JSC::DFG::Node::hasPrediction):
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_resolve):
      (JSC::JIT::emit_op_resolve_base):
      (JSC::JIT::emit_op_resolve_skip):
      (JSC::JIT::emit_op_resolve_global):
      (JSC::JIT::emitSlow_op_resolve_global):
      (JSC::JIT::emit_op_resolve_with_base):
      (JSC::JIT::emit_op_resolve_with_this):
      (JSC::JIT::emitSlow_op_resolve_global_dynamic):
      * jit/JITStubCall.h:
      (JSC::JITStubCall::callWithValueProfiling):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95887 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      eaaa4081
    • commit-queue@webkit.org's avatar
      Remove preserves3D() from CCLayerDelegate, replacing it by setting the · 04f485d6
      commit-queue@webkit.org authored
      value explicitly after creating a layer, or setting its delegate.
      https://bugs.webkit.org/show_bug.cgi?id=68295
      
      Patch by Antoine Labour <piman@chromium.org> on 2011-09-23
      Reviewed by James Robinson.
      
      Covered by compositing/ layeout tests.
      
      * platform/graphics/chromium/GraphicsLayerChromium.cpp:
      (WebCore::GraphicsLayerChromium::setContentsToCanvas):
      (WebCore::GraphicsLayerChromium::setContentsToMedia):
      (WebCore::GraphicsLayerChromium::updateLayerPreserves3D):
      (WebCore::GraphicsLayerChromium::setupContentsLayer):
      * platform/graphics/chromium/GraphicsLayerChromium.h:
      * platform/graphics/chromium/LayerChromium.cpp:
      (WebCore::LayerChromium::LayerChromium):
      * platform/graphics/chromium/LayerChromium.h:
      (WebCore::LayerChromium::setPreserves3D):
      (WebCore::LayerChromium::preserves3D):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95886 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      04f485d6
    • commit-queue@webkit.org's avatar
      chrome.dll!WebCore::ApplyStyleCommand::applyBlockStyle ReadAV@NULL... · e70ec422
      commit-queue@webkit.org authored
      chrome.dll!WebCore::ApplyStyleCommand::applyBlockStyle ReadAV@NULL (64db547804532a84be2e53721e499e9e)
      https://bugs.webkit.org/show_bug.cgi?id=51639
      
      Patch by Jay Soffian <jaysoffian@gmail.com> on 2011-09-23
      Reviewed by Tony Chang.
      
      Add repro for a crash inside WebCore::ApplyStyleCommand::applyBlockStyle. Fixed by r94840.
      
      * editing/style/justify-without-enclosing-block-expected.txt: Added.
      * editing/style/justify-without-enclosing-block.xhtml: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95885 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e70ec422
    • oliver@apple.com's avatar
      Fix windows build. · 6af13a03
      oliver@apple.com authored
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95884 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6af13a03
    • abarth@webkit.org's avatar
      Note flaky test. · c85cd8a9
      abarth@webkit.org authored
      * platform/chromium/test_expectations.txt:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95883 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c85cd8a9
    • mrowe@apple.com's avatar
      Versioning. · 71e2a0a5
      mrowe@apple.com authored
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95882 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      71e2a0a5
    • commit-queue@webkit.org's avatar
      Add a few more possiblities to the test cases for xss denial. · 241463a5
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=47120
      
      Patch by Tom Sepez <tsepez@chromium.org> on 2011-09-23
      Reviewed by Adam Barth.
      
      * http/tests/security/xss-DENIED-document-baseURI-javascript-with-spaces-expected.txt: Added.
      * http/tests/security/xss-DENIED-document-baseURI-javascript-with-spaces.html: Added.
      * http/tests/security/xss-DENIED-window-open-javascript-url-with-spaces-expected.txt: Added.
      * http/tests/security/xss-DENIED-window-open-javascript-url-with-spaces.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95880 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      241463a5
    • jchaffraix@webkit.org's avatar
      Implicit conversion double to float in ShadowBlur::adjustBlurRadius · 18bc6bc8
      jchaffraix@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68722
      
      Reviewed by Simon Fraser.
      
      * platform/graphics/ShadowBlur.cpp:
      (WebCore::ShadowBlur::adjustBlurRadius): Added 2 explicit
      conversions.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95879 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      18bc6bc8
    • commit-queue@webkit.org's avatar
      [WK2] [Qt] Implement MouseDown/MouseUp/MouseMoveTo functions for WebKit2 EventSender · c5aed241
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68556
      
      Implement the MouseDown/MouseUp/MouseMoveTo functions on Qt platform.
      
      Source/WebKit2:
      
      Patch by Chang Shu <cshu@webkit.org> on 2011-09-23
      Reviewed by Darin Adler.
      
      * Shared/API/c/WKGeometry.h:
      (operator==):
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::mouseEventSyncForTesting): initialize "handled"
      
      Tools:
      
      Patch by Chang Shu <cshu@webkit.org> on 2011-09-23
      Reviewed by Darin Adler.
      
      * WebKitTestRunner/EventSenderProxy.h:
      * WebKitTestRunner/InjectedBundle/EventSendingController.h:
      * WebKitTestRunner/PlatformWebView.h:
      * WebKitTestRunner/mac/EventSenderProxy.mm:
      (WTR::EventSenderProxy::EventSenderProxy):
      (WTR::EventSenderProxy::leapForward):
      * WebKitTestRunner/qt/EventSenderProxyQt.cpp:
      (WTR::EventSenderProxy::EventSenderProxy):
      (WTR::getMouseButton):
      (WTR::getModifiers):
      (WTR::EventSenderProxy::updateClickCountForButton):
      (WTR::EventSenderProxy::createGraphicsSceneMouseEvent):
      (WTR::EventSenderProxy::mouseDown):
      (WTR::EventSenderProxy::mouseUp):
      (WTR::EventSenderProxy::mouseMoveTo):
      (WTR::EventSenderProxy::leapForward):
      (WTR::EventSenderProxy::sendOrQueueEvent):
      (WTR::EventSenderProxy::replaySavedEvents):
      * WebKitTestRunner/qt/PlatformWebViewQt.cpp:
      (WTR::PlatformWebView::postEvent):
      * WebKitTestRunner/qt/WebKitTestRunner.pro:
      
      LayoutTests:
      
      Unskip passed tests.
      
      Patch by Chang Shu <cshu@webkit.org> on 2011-09-23
      Reviewed by Darin Adler.
      
      * platform/qt-wk2/Skipped:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95878 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c5aed241
    • barraclough@apple.com's avatar
      Source/JavaScriptCore: Strict mode does not work in non-trivial nested functions. · 1440c07a
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68740
      
      Reviewed by Oliver Hunt.
      
      Function-info caching does not preserve all state that it should.
      
      * parser/JSParser.cpp:
      (JSC::JSParser::Scope::saveFunctionInfo):
      (JSC::JSParser::Scope::restoreFunctionInfo):
      (JSC::JSParser::parseFunctionInfo):
      * parser/SourceProviderCacheItem.h:
      
      LayoutTests: gh@apple.com>
      
      Strict mode does not work in non-trivial nested functions.
      https://bugs.webkit.org/show_bug.cgi?id=68740
      
      Reviewed by Oliver Hunt.
      
      Function-info caching does not preserve all state that it should.
      
      * fast/js/nested-functions-expected.txt: Added.
      * fast/js/nested-functions.html: Added.
      * fast/js/script-tests/nested-functions.js: Added.
      (runTests.test1):
      (runTests.test2):
      (runTests.test3):
      (runTests):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95877 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1440c07a
    • fpizlo@apple.com's avatar
      ValueToDouble handling in prediction propagation should be ASSERT_NOT_REACHED · c5e62973
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68724
      
      Reviewed by Oliver Hunt.
      
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95876 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c5e62973
    • commit-queue@webkit.org's avatar
      [chromium] Make the layout test script's kill timeout proportional to --time-out-ms · c679aa4f
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68026
      
      Patch by Lei Zhang <thestig@chromium.org> on 2011-09-23
      Reviewed by Dirk Pranke.
      
      * Scripts/webkitpy/layout_tests/port/chromium.py:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95875 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c679aa4f
    • mitz@apple.com's avatar
      <rdar://problem/10178576> REGRESSION (r95391): Crash in -[WebCascadeList... · 0190f2cc
      mitz@apple.com authored
      <rdar://problem/10178576> REGRESSION (r95391): Crash in -[WebCascadeList objectAtIndex:] when a font-family list contains missing fonts
      https://bugs.webkit.org/show_bug.cgi?id=68737
      
      Reviewed by Darin Adler.
      
      Source/WebCore: 
      
      Test: fast/text/combining-character-sequence-fallback-crash.html
      
      * platform/graphics/mac/ComplexTextControllerCoreText.mm:
      (-[WebCascadeList initWithFont:WebCore::character:]): Changed to intialize _count to the exact
      number of FontData instances in the fallback list rather than the number of font families in the
      font description.
      
      LayoutTests: 
      
      * fast/text/combining-character-sequence-fallback-crash-expected.txt: Added.
      * fast/text/combining-character-sequence-fallback-crash.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95874 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0190f2cc