date:20170403

[webkit-changes] [214759] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

2017-04-03 Thread carlosgc

Title: [214759] releases/WebKitGTK/webkit-2.16/Source/_javascript_Core








Revision 214759
Author carlo...@webkit.org
Date 2017-04-03 03:11:25 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214071 - The new array with spread operation needs to check for length overflows.
https://bugs.webkit.org/show_bug.cgi?id=169780


Reviewed by Filip Pizlo.

* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileNewArrayWithSpread):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSpread):
* ftl/FTLOperations.cpp:
(JSC::FTL::operationMaterializeObjectInOSR):
* llint/LLIntSlowPaths.cpp:
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/JSGlobalObject.cpp:

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGOperations.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ftl/FTLOperations.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/llint/LLIntSlowPaths.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/CommonSlowPaths.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/JSGlobalObject.cpp




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog (214758 => 214759)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 10:08:40 UTC (rev 214758)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 10:11:25 UTC (rev 214759)
@@ -1,3 +1,23 @@
+2017-03-16  Mark Lam  
+
+The new array with spread operation needs to check for length overflows.
+https://bugs.webkit.org/show_bug.cgi?id=169780
+
+
+Reviewed by Filip Pizlo.
+
+* dfg/DFGOperations.cpp:
+* dfg/DFGSpeculativeJIT.cpp:
+(JSC::DFG::SpeculativeJIT::compileNewArrayWithSpread):
+* ftl/FTLLowerDFGToB3.cpp:
+(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSpread):
+* ftl/FTLOperations.cpp:
+(JSC::FTL::operationMaterializeObjectInOSR):
+* llint/LLIntSlowPaths.cpp:
+* runtime/CommonSlowPaths.cpp:
+(JSC::SLOW_PATH_DECL):
+* runtime/JSGlobalObject.cpp:
+
 2017-03-16  Yusuke Suzuki  
 
 Unreviewed, copy m_numberOfArgumentsToSkip


Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGOperations.cpp (214758 => 214759)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGOperations.cpp	2017-04-03 10:08:40 UTC (rev 214758)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGOperations.cpp	2017-04-03 10:11:25 UTC (rev 214759)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011, 2013-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -1943,16 +1943,21 @@
 auto scope = DECLARE_THROW_SCOPE(vm);
 
 EncodedJSValue* values = static_cast(buffer);
-unsigned length = 0;
+Checked checkedLength = 0;
 for (unsigned i = 0; i < numItems; i++) {
 JSValue value = JSValue::decode(values[i]);
 if (JSFixedArray* array = jsDynamicCast(vm, value))
-length += array->size();
+checkedLength += array->size();
 else
-++length;
+++checkedLength;
 }
 
+if (UNLIKELY(checkedLength.hasOverflowed())) {
+throwOutOfMemoryError(exec, scope);
+return nullptr;
+}
 
+unsigned length = checkedLength.unsafeGet();
 JSGlobalObject* globalObject = exec->lexicalGlobalObject();
 Structure* structure = globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithContiguous);
 


Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (214758 => 214759)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2017-04-03 10:08:40 UTC (rev 214758)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2017-04-03 10:11:25 UTC (rev 214759)
@@ -7054,7 +7054,7 @@
 Edge use = m_jit.graph().varArgChild(node, i);
 SpeculateCellOperand fixedArray(this, use);
 GPRReg fixedArrayGPR = fixedArray.gpr();
-m_jit.add32(MacroAssembler::Address(fixedArrayGPR, JSFixedArray::offsetOfSize()), lengthGPR);
+speculationCheck(Overflow, JSValueRegs(), nullptr, m_jit.branchAdd32(MacroAssembler::Overflow, MacroAssembler::Address(fixedArrayGPR, JSFixedArray::offsetOfSize()), lengthGPR));
 }
 }

[webkit-changes] [214758] releases/WebKitGTK/webkit-2.16

2017-04-03 Thread carlosgc

Title: [214758] releases/WebKitGTK/webkit-2.16








Revision 214758
Author carlo...@webkit.org
Date 2017-04-03 03:08:40 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214059 - Stay inside the continuation while searching for a candidate ancestor for insertion.
https://bugs.webkit.org/show_bug.cgi?id=169768


Reviewed by David Hyatt.

Source/WebCore:

Test: fast/inline/continuation-crash-with-anon-ancestors.html

* rendering/RenderInline.cpp:
(WebCore::RenderInline::addChildToContinuation):

LayoutTests:

* fast/inline/continuation-crash-with-anon-ancestors-expected.txt: Added.
* fast/inline/continuation-crash-with-anon-ancestors.html: Added.

Modified Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderInline.cpp


Added Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/fast/inline/continuation-crash-with-anon-ancestors-expected.txt
releases/WebKitGTK/webkit-2.16/LayoutTests/fast/inline/continuation-crash-with-anon-ancestors.html




Diff

Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog (214757 => 214758)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 10:06:57 UTC (rev 214757)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 10:08:40 UTC (rev 214758)
@@ -1,3 +1,14 @@
+2017-03-16  Zalan Bujtas  
+
+Stay inside the continuation while searching for a candidate ancestor for insertion.
+https://bugs.webkit.org/show_bug.cgi?id=169768
+
+
+Reviewed by David Hyatt.
+
+* fast/inline/continuation-crash-with-anon-ancestors-expected.txt: Added.
+* fast/inline/continuation-crash-with-anon-ancestors.html: Added.
+
 2017-03-16  Manuel Rego Casasnovas  
 
 [css-grid] Crash on debug removing a positioned child


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/fast/inline/continuation-crash-with-anon-ancestors-expected.txt (0 => 214758)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/fast/inline/continuation-crash-with-anon-ancestors-expected.txt	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/fast/inline/continuation-crash-with-anon-ancestors-expected.txt	2017-04-03 10:08:40 UTC (rev 214758)
@@ -0,0 +1,2 @@
+PASS if no crash or assert.
+ 


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/fast/inline/continuation-crash-with-anon-ancestors.html (0 => 214758)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/fast/inline/continuation-crash-with-anon-ancestors.html	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/fast/inline/continuation-crash-with-anon-ancestors.html	2017-04-03 10:08:40 UTC (rev 214758)
@@ -0,0 +1,32 @@
+
+
+
+This tests 
+
+function swapElements(element1, element2) {
+var parent1 = element1.parentElement;
+var previousSibling1 = element1.previousSibling;
+element2.parentElement.insertBefore(element1, element2);
+parent1.insertBefore(element2, previousSibling1);
+}
+
+function runTest() {
+var tr = document.createElement("tr");
+div2.parentElement.insertBefore(tr, div2);
+document.body.offsetHeight;
+div1.style.display = "inline";
+document.body.offsetHeight;
+swapElements(div2, span1);
+swapElements(tr, span2);
+document.body.offsetHeight;
+}
+
+if (window.testRunner)
+testRunner.dumpAsText();
+
+
+
+PASS if no crash or assert.
+
+
+


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214757 => 214758)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 10:06:57 UTC (rev 214757)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 10:08:40 UTC (rev 214758)
@@ -1,3 +1,16 @@
+2017-03-16  Zalan Bujtas  
+
+Stay inside the continuation while searching for a candidate ancestor for insertion.
+https://bugs.webkit.org/show_bug.cgi?id=169768
+
+
+Reviewed by David Hyatt.
+
+Test: fast/inline/continuation-crash-with-anon-ancestors.html
+
+* rendering/RenderInline.cpp:
+(WebCore::RenderInline::addChildToContinuation):
+
 2017-03-16  Manuel Rego Casasnovas  
 
 [css-grid] Crash on debug removing a positioned child


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderInline.cpp (214757 => 214758)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderInline.cpp	2017-04-03 10:06:57 UTC (rev 214757)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderInline.cpp	2017-04-03 10:08:40 UTC (rev 214758)
@@ -621,7 +621,6 @@
 auto* flow = continuationBefore(beforeChild);
 // It may or may not be the direct parent of the beforeChild.
 RenderBoxModelObject* beforeChildAncestor = nullptr;
-// In case of anonymous wrappers, the parent of the beforeChild is mostly irrelevant. What we need is the topmost wrapper.
 if (!beforeChild) {

[webkit-changes] [214757] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

2017-04-03 Thread carlosgc

Title: [214757] releases/WebKitGTK/webkit-2.16/Source/_javascript_Core








Revision 214757
Author carlo...@webkit.org
Date 2017-04-03 03:06:57 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214041 - Unreviewed, copy m_numberOfArgumentsToSkip
https://bugs.webkit.org/show_bug.cgi?id=164582

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/CodeBlock.cpp




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog (214756 => 214757)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 10:05:29 UTC (rev 214756)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 10:06:57 UTC (rev 214757)
@@ -1,5 +1,13 @@
 2017-03-16  Yusuke Suzuki  
 
+Unreviewed, copy m_numberOfArgumentsToSkip
+https://bugs.webkit.org/show_bug.cgi?id=164582
+
+* bytecode/CodeBlock.cpp:
+(JSC::CodeBlock::CodeBlock):
+
+2017-03-16  Yusuke Suzuki  
+
 Unreviewed, fix numParameter() - 1 OSRExit materialization
 https://bugs.webkit.org/show_bug.cgi?id=164582
 


Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/CodeBlock.cpp (214756 => 214757)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/CodeBlock.cpp	2017-04-03 10:05:29 UTC (rev 214756)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/CodeBlock.cpp	2017-04-03 10:06:57 UTC (rev 214757)
@@ -1840,6 +1840,7 @@
 , m_isStrictMode(other.m_isStrictMode)
 , m_codeType(other.m_codeType)
 , m_unlinkedCode(*other.m_vm, this, other.m_unlinkedCode.get())
+, m_numberOfArgumentsToSkip(other.m_numberOfArgumentsToSkip)
 , m_hasDebuggerStatement(false)
 , m_steppingMode(SteppingModeDisabled)
 , m_numBreakpoints(0)






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [214756] releases/WebKitGTK/webkit-2.16

2017-04-03 Thread carlosgc

Title: [214756] releases/WebKitGTK/webkit-2.16








Revision 214756
Author carlo...@webkit.org
Date 2017-04-03 03:05:29 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214039 - [css-grid] Crash on debug removing a positioned child
https://bugs.webkit.org/show_bug.cgi?id=169739

Reviewed by Sergio Villar Senin.

Source/WebCore:

When we add or remove a positioned item we don't need to mark
the grid as dirty, because positioned items do not affect the layout
of the grid at all.

This was causing a crash when a positioned item was removed
after a layout. As after the positioned item was removed,
the method RenderGrid::layoutBlock() was not called,
so when the grid was repainted we got a crash.

Test: fast/css-grid-layout/grid-crash-remove-positioned-item.html

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::addChild): Add early return to avoid marking
the grid as dirty for positioned grid items.
(WebCore::RenderGrid::removeChild): Ditto.

LayoutTests:

Add new test that checks that adding and removing a positioned grid item
doesn't cause any crashes.

* fast/css-grid-layout/grid-crash-remove-positioned-item-expected.txt: Added.
* fast/css-grid-layout/grid-crash-remove-positioned-item.html: Added.

Modified Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderGrid.cpp


Added Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/fast/css-grid-layout/grid-crash-remove-positioned-item-expected.txt
releases/WebKitGTK/webkit-2.16/LayoutTests/fast/css-grid-layout/grid-crash-remove-positioned-item.html




Diff

Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog (214755 => 214756)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 09:59:57 UTC (rev 214755)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 10:05:29 UTC (rev 214756)
@@ -1,3 +1,16 @@
+2017-03-16  Manuel Rego Casasnovas  
+
+[css-grid] Crash on debug removing a positioned child
+https://bugs.webkit.org/show_bug.cgi?id=169739
+
+Reviewed by Sergio Villar Senin.
+
+Add new test that checks that adding and removing a positioned grid item
+doesn't cause any crashes.
+
+* fast/css-grid-layout/grid-crash-remove-positioned-item-expected.txt: Added.
+* fast/css-grid-layout/grid-crash-remove-positioned-item.html: Added.
+
 2017-03-15  Zalan Bujtas  
 
 Do not reparent floating object until after intruding/overhanging dependency is cleared.


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/fast/css-grid-layout/grid-crash-remove-positioned-item-expected.txt (0 => 214756)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/fast/css-grid-layout/grid-crash-remove-positioned-item-expected.txt	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/fast/css-grid-layout/grid-crash-remove-positioned-item-expected.txt	2017-04-03 10:05:29 UTC (rev 214756)
@@ -0,0 +1,5 @@
+webkit.org/b/169739 - [css-grid] Crash on debug removing a positioned child
+
+This test has PASSED if it does not CRASH on debug.
+
+item


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/fast/css-grid-layout/grid-crash-remove-positioned-item.html (0 => 214756)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/fast/css-grid-layout/grid-crash-remove-positioned-item.html	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/fast/css-grid-layout/grid-crash-remove-positioned-item.html	2017-04-03 10:05:29 UTC (rev 214756)
@@ -0,0 +1,20 @@
+
+
+  if (window.testRunner)
+testRunner.dumpAsText();
+
+webkit.org/b/169739 - [css-grid] Crash on debug removing a positioned child
+This test has PASSED if it does not CRASH on debug.
+
+  
+  item
+
+
+  var abspositem = document.createElement("div");
+  abspositem.style.position = "absolute";
+  var grid = document.getElementById("grid");
+  grid.appendChild(abspositem);
+  document.body.offsetLeft;
+  grid.removeChild(abspositem);
+


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214755 => 214756)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 09:59:57 UTC (rev 214755)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 10:05:29 UTC (rev 214756)
@@ -1,3 +1,26 @@
+2017-03-16  Manuel Rego Casasnovas  
+
+[css-grid] Crash on debug removing a positioned child
+https://bugs.webkit.org/show_bug.cgi?id=169739
+
+Reviewed by Sergio Villar Senin.
+
+When we add or remove a positioned item we don't need to mark
+the grid as dirty, because positioned items do not affect the layout
+of the grid at all.
+
+This was causing a crash when a positioned item was removed
+after a layout. As after the positioned item was removed,
+the method RenderGrid::layoutBlock() was not called,
+so when the grid was repainted

[webkit-changes] [214755] releases/WebKitGTK/webkit-2.16/Source/WTF

2017-04-03 Thread carlosgc

Title: [214755] releases/WebKitGTK/webkit-2.16/Source/WTF








Revision 214755
Author carlo...@webkit.org
Date 2017-04-03 02:59:57 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214036 - [UNIX] Implement currentSearchLocaleID() and currentTextBreakLocaleID()
https://bugs.webkit.org/show_bug.cgi?id=169745

Reviewed by Yusuke Suzuki.

Add a common implementation for Unix based ports using setlocale.

* wtf/PlatformGTK.cmake:
* wtf/PlatformJSCOnly.cmake:
* wtf/text/gtk/TextBreakIteratorInternalICUGtk.cpp: Removed.
* wtf/text/unix/TextBreakIteratorInternalICUUnix.cpp: Renamed from Source/WTF/wtf/text/jsconly/TextBreakIteratorInternalICUJSCOnly.cpp.
(WTF::currentSearchLocaleID):
(WTF::currentTextBreakLocaleID):

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/WTF/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/PlatformGTK.cmake


Added Paths

releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/text/unix/
releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/text/unix/TextBreakIteratorInternalICUUnix.cpp


Removed Paths

releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/text/gtk/TextBreakIteratorInternalICUGtk.cpp
releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/text/jsconly/TextBreakIteratorInternalICUJSCOnly.cpp




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/WTF/ChangeLog (214754 => 214755)

--- releases/WebKitGTK/webkit-2.16/Source/WTF/ChangeLog	2017-04-03 09:59:48 UTC (rev 214754)
+++ releases/WebKitGTK/webkit-2.16/Source/WTF/ChangeLog	2017-04-03 09:59:57 UTC (rev 214755)
@@ -1,3 +1,19 @@
+2017-03-16  Carlos Garcia Campos  
+
+[UNIX] Implement currentSearchLocaleID() and currentTextBreakLocaleID()
+https://bugs.webkit.org/show_bug.cgi?id=169745
+
+Reviewed by Yusuke Suzuki.
+
+Add a common implementation for Unix based ports using setlocale.
+
+* wtf/PlatformGTK.cmake:
+* wtf/PlatformJSCOnly.cmake:
+* wtf/text/gtk/TextBreakIteratorInternalICUGtk.cpp: Removed.
+* wtf/text/unix/TextBreakIteratorInternalICUUnix.cpp: Renamed from Source/WTF/wtf/text/jsconly/TextBreakIteratorInternalICUJSCOnly.cpp.
+(WTF::currentSearchLocaleID):
+(WTF::currentTextBreakLocaleID):
+
 2017-03-01  Tomas Popela  
 
 [WTF] va_list is not ended in StringPrintStream


Modified: releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/PlatformGTK.cmake (214754 => 214755)

--- releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/PlatformGTK.cmake	2017-04-03 09:59:48 UTC (rev 214754)
+++ releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/PlatformGTK.cmake	2017-04-03 09:59:57 UTC (rev 214755)
@@ -10,7 +10,7 @@
 PlatformUserPreferredLanguagesUnix.cpp
 UniStdExtras.cpp
 
-text/gtk/TextBreakIteratorInternalICUGtk.cpp
+text/unix/TextBreakIteratorInternalICUUnix.cpp
 )
 
 list(APPEND WTF_LIBRARIES


Deleted: releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/text/gtk/TextBreakIteratorInternalICUGtk.cpp (214754 => 214755)

--- releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/text/gtk/TextBreakIteratorInternalICUGtk.cpp	2017-04-03 09:59:48 UTC (rev 214754)
+++ releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/text/gtk/TextBreakIteratorInternalICUGtk.cpp	2017-04-03 09:59:57 UTC (rev 214755)
@@ -1,37 +0,0 @@
-/*
- * Copyright (C) 2007 Alp Toker 
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Library General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Library General Public License for more details.
- *
- * You should have received a copy of the GNU Library General Public License
- * along with this library; see the file COPYING.LIB.  If not, write to
- * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
- * Boston, MA 02110-1301, USA.
- */
-
-#include "config.h"
-#include "TextBreakIteratorInternalICU.h"
-
-namespace WTF {
-
-const char* currentSearchLocaleID()
-{
-// FIXME: Should use system locale.
-return "";
-}
-
-const char* currentTextBreakLocaleID()
-{
-// FIXME: Should use system locale.
-return "en_us";
-}
-
-}


Deleted: releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/text/jsconly/TextBreakIteratorInternalICUJSCOnly.cpp (214754 => 214755)

--- releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/text/jsconly/TextBreakIteratorInternalICUJSCOnly.cpp	2017-04-03 09:59:48 UTC (rev 214754)
+++ releases/WebKitGTK/webkit-2.16/Source/WTF/wtf/text/jsconly/TextBreakIteratorInternalICUJSCOnly.cpp	2017-04-03 09:59:57 UTC (rev 214755)
@@ -1,37 +0,0 @@
-/*
- * Copyright (C) 2007 Alp Toker 
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Library General

[webkit-changes] [214754] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

2017-04-03 Thread carlosgc

Title: [214754] releases/WebKitGTK/webkit-2.16/Source/_javascript_Core








Revision 214754
Author carlo...@webkit.org
Date 2017-04-03 02:59:48 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214040 - Unreviewed, fix numParameter() - 1 OSRExit materialization
https://bugs.webkit.org/show_bug.cgi?id=164582

When materializing rest parameters, we rely on that numParameter() - 1 equals to
the numberOfArgumentsToSkip. But this assumption is broken in r214029.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::numberOfArgumentsToSkip):
* ftl/FTLOperations.cpp:
(JSC::FTL::operationMaterializeObjectInOSR):

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/CodeBlock.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/CodeBlock.h
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ftl/FTLOperations.cpp




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog (214753 => 214754)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 09:59:33 UTC (rev 214753)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 09:59:48 UTC (rev 214754)
@@ -1,3 +1,18 @@
+2017-03-16  Yusuke Suzuki  
+
+Unreviewed, fix numParameter() - 1 OSRExit materialization
+https://bugs.webkit.org/show_bug.cgi?id=164582
+
+When materializing rest parameters, we rely on that numParameter() - 1 equals to
+the numberOfArgumentsToSkip. But this assumption is broken in r214029.
+
+* bytecode/CodeBlock.cpp:
+(JSC::CodeBlock::finishCreation):
+* bytecode/CodeBlock.h:
+(JSC::CodeBlock::numberOfArgumentsToSkip):
+* ftl/FTLOperations.cpp:
+(JSC::FTL::operationMaterializeObjectInOSR):
+
 2017-03-15  Yusuke Suzuki  
 
 [JSC] Default parameter part should be retrieved by op_get_argument opcode instead of changing arity


Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/CodeBlock.cpp (214753 => 214754)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/CodeBlock.cpp	2017-04-03 09:59:33 UTC (rev 214753)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/CodeBlock.cpp	2017-04-03 09:59:48 UTC (rev 214754)
@@ -2327,7 +2327,8 @@
 case op_create_rest: {
 int numberOfArgumentsToSkip = instructions[i + 3].u.operand;
 ASSERT_UNUSED(numberOfArgumentsToSkip, numberOfArgumentsToSkip >= 0);
-ASSERT_WITH_MESSAGE(numberOfArgumentsToSkip == numParameters() - 1, "We assume that this is true when rematerializing the rest parameter during OSR exit in the FTL JIT.");
+// This is used when rematerializing the rest parameter during OSR exit in the FTL JIT.");
+m_numberOfArgumentsToSkip = numberOfArgumentsToSkip;
 break;
 }
 


Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/CodeBlock.h (214753 => 214754)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/CodeBlock.h	2017-04-03 09:59:33 UTC (rev 214753)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/CodeBlock.h	2017-04-03 09:59:48 UTC (rev 214754)
@@ -143,6 +143,8 @@
 int numParameters() const { return m_numParameters; }
 void setNumParameters(int newValue);
 
+int numberOfArgumentsToSkip() const { return m_numberOfArgumentsToSkip; }
+
 int numCalleeLocals() const { return m_numCalleeLocals; }
 
 int* addressOfNumParameters() { return _numParameters; }
@@ -968,6 +970,7 @@
 
 WriteBarrier m_unlinkedCode;
 int m_numParameters;
+int m_numberOfArgumentsToSkip { 0 };
 union {
 unsigned m_debuggerRequests;
 struct {


Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ftl/FTLOperations.cpp (214753 => 214754)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ftl/FTLOperations.cpp	2017-04-03 09:59:33 UTC (rev 214753)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ftl/FTLOperations.cpp	2017-04-03 09:59:48 UTC (rev 214754)
@@ -264,7 +264,7 @@
 CodeBlock* codeBlock = baselineCodeBlockForOriginAndBaselineCodeBlock(
 materialization->origin(), exec->codeBlock());
 
-unsigned numberOfArgumentsToSkip = codeBlock->numParameters() - 1;
+unsigned numberOfArgumentsToSkip = codeBlock->numberOfArgumentsToSkip();
 JSGlobalObject* globalObject = codeBlock->globalObject();
 Structure* structure = globalObject->restParameterStructure();
 JSValue* argumentsToCopyRegion = exec->addressOfArgumentsStart() + numberOfArgumentsToSkip;
@@ -358,7 +358,7 @@
 return result;
 }
 case PhantomCreateRest: {
-unsigned numberOfArgumentsToSkip =

[webkit-changes] [214753] releases/WebKitGTK/webkit-2.16

2017-04-03 Thread carlosgc

Title: [214753] releases/WebKitGTK/webkit-2.16








Revision 214753
Author carlo...@webkit.org
Date 2017-04-03 02:59:33 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214029 - [JSC] Default parameter part should be retrieved by op_get_argument opcode instead of changing arity
https://bugs.webkit.org/show_bug.cgi?id=164582

Reviewed by Saam Barati.

JSTests:

* stress/function-with-defaults-inlining.js: Added.
(shouldBe):
(ok):
(a):
* stress/function-with-defaults-non-inlining.js: Added.
(shouldBe):
(ok):
(a):

Source/_javascript_Core:

Previously we implement the default parameters as follows.

1. We count the default parameters as the usual parameters.
2. We just get the argument register.
3. Check it with op_is_undefined.
4. And fill the binding with either the argument register or default value.

The above is simple. However, it has the side effect that it always increase the arity of the function.
While `function.length` does not increase, internally, the number of parameters of CodeBlock increases.
This effectively prevent our DFG / FTL to perform inlining: currently we only allows DFG to inline
the function with the arity less than or equal the number of passing arguments. It is OK. But when using
default parameters, we frequently do not pass the argument for the parameter with the default value.
Thus, in our current implementation, we frequently need to fixup the arity. And we frequently fail
to inline the function.

This patch fixes the above problem by not increasing the arity of the function. When we encounter the
parameter with the default value, we use `op_argument` to get the argument instead of using the argument
registers.

This improves six-speed defaults.es6 performance by 4.45x.

defaults.es6968.4126+-101.2350   ^217.6602+-14.8831   ^ definitely 4.4492x faster

* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
* bytecode/UnlinkedFunctionExecutable.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
(JSC::BytecodeGenerator::initializeNextParameter):
(JSC::BytecodeGenerator::initializeParameters):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::FunctionNode::emitBytecode):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::inliningCost):
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createFunctionMetadata):
* parser/Nodes.cpp:
(JSC::FunctionMetadataNode::FunctionMetadataNode):
* parser/Nodes.h:
(JSC::FunctionParameters::size):
(JSC::FunctionParameters::at):
(JSC::FunctionParameters::append):
(JSC::FunctionParameters::isSimpleParameterList):
* parser/Parser.cpp:
(JSC::Parser::isArrowFunctionParameters):
(JSC::Parser::parseGeneratorFunctionSourceElements):
(JSC::Parser::parseAsyncFunctionSourceElements):
(JSC::Parser::parseFormalParameters):
(JSC::Parser::parseFunctionBody):
(JSC::Parser::parseFunctionParameters):
(JSC::Parser::parseFunctionInfo):
* parser/Parser.h:
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::createFunctionMetadata):
* runtime/FunctionExecutable.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::createBuiltinFunction):
(JSC::JSFunction::reifyLength):

Modified Paths

releases/WebKitGTK/webkit-2.16/JSTests/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/UnlinkedFunctionExecutable.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecode/UnlinkedFunctionExecutable.h
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/parser/ASTBuilder.h
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/parser/Nodes.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/parser/Nodes.h
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/parser/Parser.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/parser/Parser.h
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/parser/SyntaxChecker.h
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/FunctionExecutable.h
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/JSFunction.cpp


Added Paths

releases/WebKitGTK/webkit-2.16/JSTests/stress/function-with-defaults-inlining.js
releases/WebKitGTK/webkit-2.16/JSTests/stress/function-with-defaults-non-inlining.js




Diff

Modified: releases/WebKitGTK/webkit-2.16/JSTests/ChangeLog (214752 => 214753)

--- releases/WebKitGTK/webkit-2.16/JSTests/ChangeLog	2017-04-03 08:15:27 UTC (rev 214752)
+++ releases/WebKitGTK/webkit-2.16/JSTests/ChangeLog	2017-04-03 09:59:33 UTC (rev 214753)
@@ -1,5

[webkit-changes] [214752] releases/WebKitGTK/webkit-2.16

2017-04-03 Thread carlosgc

Title: [214752] releases/WebKitGTK/webkit-2.16








Revision 214752
Author carlo...@webkit.org
Date 2017-04-03 01:15:27 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214028 - [DFG] ToString operation should have fixup for primitives to say this node does not have side effects
https://bugs.webkit.org/show_bug.cgi?id=169544

Reviewed by Saam Barati.

JSTests:

* microbenchmarks/template-string-array.js: Added.
(test):
* stress/to-string-non-cell-use.js: Added.
(shouldBe):
(shouldThrow):

Source/_javascript_Core:

Our DFG ToString only considers well about String operands. While ToString(non cell operand) does not have
any side effect, it is not modeled well in DFG.

This patch introduces a fixup for ToString with NonCellUse edge. If this edge is set, ToString does not
clobber things (like ToLowerCase, producing String). And ToString(NonCellUse) allows us to perform CSE!

Our microbenchmark shows 32.9% improvement due to dropped GetButterfly and CSE for ToString().

baseline  patched

template-string-array   12.6284+-0.2766 ^  9.4998+-0.2295^ definitely 1.3293x faster

And SixSpeed template_string.es6 shows 16.68x performance improvement due to LICM onto this non-side-effectful ToString().

  baseline  patched

template_string.es6 3229.7343+-40.5705^193.6077+-36.3349   ^ definitely 16.6818x faster

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupToStringOrCallStringConstructor):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileToStringOrCallStringConstructorOnCell):
(JSC::DFG::SpeculativeJIT::speculateNotCell):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileToStringOrCallStringConstructor):
(JSC::FTL::DFG::LowerDFGToB3::lowNotCell):
(JSC::FTL::DFG::LowerDFGToB3::speculateNotCell):

Modified Paths

releases/WebKitGTK/webkit-2.16/JSTests/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGClobberize.h
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGFixupPhase.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp


Added Paths

releases/WebKitGTK/webkit-2.16/JSTests/microbenchmarks/template-string-array.js
releases/WebKitGTK/webkit-2.16/JSTests/stress/to-string-non-cell-use.js




Diff

Modified: releases/WebKitGTK/webkit-2.16/JSTests/ChangeLog (214751 => 214752)

--- releases/WebKitGTK/webkit-2.16/JSTests/ChangeLog	2017-04-03 08:03:33 UTC (rev 214751)
+++ releases/WebKitGTK/webkit-2.16/JSTests/ChangeLog	2017-04-03 08:15:27 UTC (rev 214752)
@@ -1,3 +1,16 @@
+2017-03-15  Yusuke Suzuki  
+
+[DFG] ToString operation should have fixup for primitives to say this node does not have side effects
+https://bugs.webkit.org/show_bug.cgi?id=169544
+
+Reviewed by Saam Barati.
+
+* microbenchmarks/template-string-array.js: Added.
+(test):
+* stress/to-string-non-cell-use.js: Added.
+(shouldBe):
+(shouldThrow):
+
 2017-03-13  Caio Lima  
 
 [JSC] It should be possible create a label named let when parsing Statement in non strict mode


Added: releases/WebKitGTK/webkit-2.16/JSTests/microbenchmarks/template-string-array.js (0 => 214752)

--- releases/WebKitGTK/webkit-2.16/JSTests/microbenchmarks/template-string-array.js	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/JSTests/microbenchmarks/template-string-array.js	2017-04-03 08:15:27 UTC (rev 214752)
@@ -0,0 +1,9 @@
+var array = [1, 2, 3];
+function test()
+{
+return `${array[0]}, ${array[1]}, ${array[2]}, ${array[0]}, ${array[1]}, ${array[2]}`;
+}
+noInline(test);
+
+for (var i = 0; i < 1e5; ++i)
+test();


Added: releases/WebKitGTK/webkit-2.16/JSTests/stress/to-string-non-cell-use.js (0 => 214752)

--- releases/WebKitGTK/webkit-2.16/JSTests/stress/to-string-non-cell-use.js	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/JSTests/stress/to-string-non-cell-use.js	2017-04-03 08:15:27 UTC (rev 214752)
@@ -0,0 +1,43 @@
+function shouldBe(actual, expected)
+{
+if (actual !== expected)
+throw new

[webkit-changes] [214751] releases/WebKitGTK/webkit-2.16

2017-04-03 Thread carlosgc

Title: [214751] releases/WebKitGTK/webkit-2.16








Revision 214751
Author carlo...@webkit.org
Date 2017-04-03 01:03:33 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214023 - Do not reparent floating object until after intruding/overhanging dependency is cleared.
https://bugs.webkit.org/show_bug.cgi?id=169711


Reviewed by Simon Fraser.

Source/WebCore:

This patch ensures that we cleanup the m_floatingObjects for siblings before reparenting the fresh float.

Test: fast/block/float/inline-becomes-float-and-moves-around.html

* rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::styleDidChange):
* rendering/RenderElement.cpp:
(WebCore::RenderElement::styleDidChange):
* rendering/RenderElement.h:
(WebCore::RenderElement::noLongerAffectsParentBlock):

LayoutTests:

* fast/block/float/inline-becomes-float-and-moves-around-expected.txt: Added.
* fast/block/float/inline-becomes-float-and-moves-around.html: Added.

Modified Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderBlockFlow.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderElement.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderElement.h


Added Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around-expected.txt
releases/WebKitGTK/webkit-2.16/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around.html




Diff

Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog (214750 => 214751)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 07:58:53 UTC (rev 214750)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 08:03:33 UTC (rev 214751)
@@ -1,3 +1,14 @@
+2017-03-15  Zalan Bujtas  
+
+Do not reparent floating object until after intruding/overhanging dependency is cleared.
+https://bugs.webkit.org/show_bug.cgi?id=169711
+
+
+Reviewed by Simon Fraser.
+
+* fast/block/float/inline-becomes-float-and-moves-around-expected.txt: Added.
+* fast/block/float/inline-becomes-float-and-moves-around.html: Added.
+
 2017-03-15  Dave Hyatt  
 
 Positioned SVG not sized correctly


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around-expected.txt (0 => 214751)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around-expected.txt	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around-expected.txt	2017-04-03 08:03:33 UTC (rev 214751)
@@ -0,0 +1,2 @@
+
+PASS if no crash or assert.


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around.html (0 => 214751)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around.html	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around.html	2017-04-03 08:03:33 UTC (rev 214751)
@@ -0,0 +1,20 @@
+
+
+
+This tests that we don't crash while moving floats around.
+
+function runTest() {
+	document.body.offsetHeight
+	div0.style.float = "right"
+	window.getSelection().addRange(document.createRange());
+	div0.parentElement.removeChild(div0)
+	document.body.offsetHeight
+if (window.testRunner)
+testRunner.dumpAsText();
+}
+
+
+
+PASS if no crash or assert.
+
+


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214750 => 214751)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:58:53 UTC (rev 214750)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 08:03:33 UTC (rev 214751)
@@ -1,3 +1,22 @@
+2017-03-15  Zalan Bujtas  
+
+Do not reparent floating object until after intruding/overhanging dependency is cleared.
+https://bugs.webkit.org/show_bug.cgi?id=169711
+
+
+Reviewed by Simon Fraser.
+
+This patch ensures that we cleanup the m_floatingObjects for siblings before reparenting the fresh float.  
+
+Test: fast/block/float/inline-becomes-float-and-moves-around.html
+
+* rendering/RenderBlockFlow.cpp:
+(WebCore::RenderBlockFlow::styleDidChange):
+* rendering/RenderElement.cpp:
+(WebCore::RenderElement::styleDidChange):
+* rendering/RenderElement.h:
+(WebCore::RenderElement::noLongerAffectsParentBlock):
+
 2017-03-24  Daniel Bates  
 
 media/restore-from-page-cache.html causes NoEventDispatchAssertion::isEventAllowedInMainThread() assertion failure


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderBlockFlow.cpp (214750 => 214751)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderBlockFlow.cpp

[webkit-changes] [214750] trunk/Source/JavaScriptCore

2017-04-03 Thread commit-queue

Title: [214750] trunk/Source/_javascript_Core








Revision 214750
Author commit-qu...@webkit.org
Date 2017-04-03 00:58:53 -0700 (Mon, 03 Apr 2017)


Log Message
[jsc] Add patchableJumpSize() for MIPS
https://bugs.webkit.org/show_bug.cgi?id=169716

Patch by Zan Dobersek  on 2017-04-03
Reviewed by Yusuke Suzuki.

* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::patchableJumpSize): Added.
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::patchableJumpSize): Added.

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/assembler/MIPSAssembler.h
trunk/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h




Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (214749 => 214750)

--- trunk/Source/_javascript_Core/ChangeLog	2017-04-03 07:51:08 UTC (rev 214749)
+++ trunk/Source/_javascript_Core/ChangeLog	2017-04-03 07:58:53 UTC (rev 214750)
@@ -1,3 +1,15 @@
+2017-04-03  Zan Dobersek  
+
+[jsc] Add patchableJumpSize() for MIPS
+https://bugs.webkit.org/show_bug.cgi?id=169716
+
+Reviewed by Yusuke Suzuki.
+
+* assembler/MIPSAssembler.h:
+(JSC::MIPSAssembler::patchableJumpSize): Added.
+* assembler/MacroAssemblerMIPS.h:
+(JSC::MacroAssemblerMIPS::patchableJumpSize): Added.
+
 2017-04-03  Guillaume Emont  
 
 [jsc] implement MIPSAssembler::relinkJumpToNop()


Modified: trunk/Source/_javascript_Core/assembler/MIPSAssembler.h (214749 => 214750)

--- trunk/Source/_javascript_Core/assembler/MIPSAssembler.h	2017-04-03 07:51:08 UTC (rev 214749)
+++ trunk/Source/_javascript_Core/assembler/MIPSAssembler.h	2017-04-03 07:58:53 UTC (rev 214750)
@@ -917,6 +917,11 @@
 return sizeof(MIPSWord) * 4;
 }
 
+static constexpr ptrdiff_t patchableJumpSize()
+{
+return sizeof(MIPSWord) * 8;
+}
+
 static void revertJumpToMove(void* instructionStart, RegisterID rt, int imm)
 {
 MIPSWord* insn = static_cast(instructionStart);


Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h (214749 => 214750)

--- trunk/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h	2017-04-03 07:51:08 UTC (rev 214749)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h	2017-04-03 07:58:53 UTC (rev 214750)
@@ -3007,6 +3007,11 @@
 return 0;
 }
 
+static ptrdiff_t patchableJumpSize()
+{
+return MIPSAssembler::patchableJumpSize();
+}
+
 static bool canJumpReplacePatchableBranchPtrWithPatch() { return false; }
 static bool canJumpReplacePatchableBranch32WithPatch() { return false; }
 






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [214747] releases/WebKitGTK/webkit-2.16/Source/WebCore

2017-04-03 Thread carlosgc

Title: [214747] releases/WebKitGTK/webkit-2.16/Source/WebCore








Revision 214747
Author carlo...@webkit.org
Date 2017-04-03 00:46:26 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214392 - media/restore-from-page-cache.html causes NoEventDispatchAssertion::isEventAllowedInMainThread() assertion failure
https://bugs.webkit.org/show_bug.cgi?id=170087


Reviewed by Simon Fraser.

Reduce the scope of code that should never dispatch DOM events so as to allow updating contents size
after restoring a page from the page cache.

In r214014 we instantiate a NoEventDispatchAssertion in FrameLoader::commitProvisionalLoad()
around the call to CachedPage::restore() to assert when a DOM event is dispatched during
page restoration as such events can cause re-entrancy into the page cache. As it turns out
it is sufficient to ensure that no DOM events are dispatched after restoring all cached frames
as opposed to after CachedPage::restore() returns.

Also rename Document::enqueue{Pageshow, Popstate}Event() to dispatch{Pageshow, Popstate}Event(),
respectively, since they synchronously dispatch events :(. We hope in the future to make them
asynchronously dispatch events.

* dom/Document.cpp:
(WebCore::Document::implicitClose): Update for renaming.
(WebCore::Document::statePopped): Ditto.
(WebCore::Document::dispatchPageshowEvent): Renamed; formerly named enqueuePageshowEvent().
(WebCore::Document::dispatchPopstateEvent): Renamed; formerly named enqueuePopstateEvent().
(WebCore::Document::enqueuePageshowEvent): Deleted.
(WebCore::Document::enqueuePopstateEvent): Deleted.
* dom/Document.h:
* history/CachedPage.cpp:
(WebCore::firePageShowAndPopStateEvents): Moved logic from FrameLoader::didRestoreFromCachedPage() to here.
(WebCore::CachedPage::restore): Modified to call firePageShowAndPopStateEvents().
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::commitProvisionalLoad): Removed use of NoEventDispatchAssertion RAII object. We
will instantiate it in CachedPage::restore() with a smaller scope.
(WebCore::FrameLoader::didRestoreFromCachedPage): Deleted; moved logic from here to WebCore::firePageShowAndPopStateEvents().
* loader/FrameLoader.h:

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/dom/Document.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/dom/Document.h
releases/WebKitGTK/webkit-2.16/Source/WebCore/history/CachedPage.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/FrameLoader.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/FrameLoader.h




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214746 => 214747)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:46:13 UTC (rev 214746)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:46:26 UTC (rev 214747)
@@ -1,3 +1,41 @@
+2017-03-24  Daniel Bates  
+
+media/restore-from-page-cache.html causes NoEventDispatchAssertion::isEventAllowedInMainThread() assertion failure
+https://bugs.webkit.org/show_bug.cgi?id=170087
+
+
+Reviewed by Simon Fraser.
+
+Reduce the scope of code that should never dispatch DOM events so as to allow updating contents size
+after restoring a page from the page cache.
+
+In r214014 we instantiate a NoEventDispatchAssertion in FrameLoader::commitProvisionalLoad()
+around the call to CachedPage::restore() to assert when a DOM event is dispatched during
+page restoration as such events can cause re-entrancy into the page cache. As it turns out
+it is sufficient to ensure that no DOM events are dispatched after restoring all cached frames
+as opposed to after CachedPage::restore() returns.
+
+Also rename Document::enqueue{Pageshow, Popstate}Event() to dispatch{Pageshow, Popstate}Event(),
+respectively, since they synchronously dispatch events :(. We hope in the future to make them
+asynchronously dispatch events.
+
+* dom/Document.cpp:
+(WebCore::Document::implicitClose): Update for renaming.
+(WebCore::Document::statePopped): Ditto.
+(WebCore::Document::dispatchPageshowEvent): Renamed; formerly named enqueuePageshowEvent().
+(WebCore::Document::dispatchPopstateEvent): Renamed; formerly named enqueuePopstateEvent().
+(WebCore::Document::enqueuePageshowEvent): Deleted.
+(WebCore::Document::enqueuePopstateEvent): Deleted.
+* dom/Document.h:
+* history/CachedPage.cpp:
+(WebCore::firePageShowAndPopStateEvents): Moved logic from FrameLoader::didRestoreFromCachedPage() to here.
+(WebCore::CachedPage::restore): Modified to call firePageShowAndPopStateEvents().
+* loader/FrameLoader.cpp:
+(WebCore::FrameLoader::commitProvisionalLoad): Removed use of NoEventDispatchAssertion RAII object. We
+will instantiate it in CachedPage::restore() with a smaller scope.
+

[webkit-changes] [214749] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

2017-04-03 Thread carlosgc

Title: [214749] releases/WebKitGTK/webkit-2.16/Source/_javascript_Core








Revision 214749
Author carlo...@webkit.org
Date 2017-04-03 00:51:08 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214020 - Switch back to ISO 4217 for Intl CurrencyDigits data
https://bugs.webkit.org/show_bug.cgi?id=169182

Previously, a patch switched Intl.NumberFormat to use CLDR data through
ICU to get the default number of decimal digits for a currency.
However, that change actually violated the ECMA 402 specification,
which references ISO 4217 as the data source. This patch reverts to
an in-line implementation of that data.

Patch by Daniel Ehrenberg  on 2017-03-15
Reviewed by Saam Barati.

* runtime/IntlNumberFormat.cpp:
(JSC::computeCurrencySortKey):
(JSC::extractCurrencySortKey):
(JSC::computeCurrencyDigits):

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/IntlNumberFormat.cpp




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog (214748 => 214749)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 07:50:18 UTC (rev 214748)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 07:51:08 UTC (rev 214749)
@@ -1,3 +1,21 @@
+2017-03-15  Daniel Ehrenberg  
+
+Switch back to ISO 4217 for Intl CurrencyDigits data
+https://bugs.webkit.org/show_bug.cgi?id=169182
+
+Previously, a patch switched Intl.NumberFormat to use CLDR data through
+ICU to get the default number of decimal digits for a currency.
+However, that change actually violated the ECMA 402 specification,
+which references ISO 4217 as the data source. This patch reverts to
+an in-line implementation of that data.
+
+Reviewed by Saam Barati.
+
+* runtime/IntlNumberFormat.cpp:
+(JSC::computeCurrencySortKey):
+(JSC::extractCurrencySortKey):
+(JSC::computeCurrencyDigits):
+
 2017-03-15  Mark Lam  
 
 Fix missing exception checks in Interpreter.cpp.


Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/IntlNumberFormat.cpp (214748 => 214749)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/IntlNumberFormat.cpp	2017-04-03 07:50:18 UTC (rev 214748)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/IntlNumberFormat.cpp	2017-04-03 07:51:08 UTC (rev 214749)
@@ -36,7 +36,6 @@
 #include "JSBoundFunction.h"
 #include "JSCInlines.h"
 #include "ObjectConstructor.h"
-#include 
 
 namespace JSC {
 
@@ -95,17 +94,62 @@
 return numberingSystemsForLocale(locale);
 }
 
+static inline unsigned computeCurrencySortKey(const String& currency)
+{
+ASSERT(currency.length() == 3);
+ASSERT(currency.isAllSpecialCharacters());
+return (currency[0] << 16) + (currency[1] << 8) + currency[2];
+}
+
+static inline unsigned computeCurrencySortKey(const char* currency)
+{
+ASSERT(strlen(currency) == 3);
+ASSERT(isAllSpecialCharacters(currency, 3));
+return (currency[0] << 16) + (currency[1] << 8) + currency[2];
+}
+
+static unsigned extractCurrencySortKey(std::pair* currencyMinorUnit)
+{
+return computeCurrencySortKey(currencyMinorUnit->first);
+}
+
 static unsigned computeCurrencyDigits(const String& currency)
 {
 // 11.1.1 The abstract operation CurrencyDigits (currency)
 // "If the ISO 4217 currency and funds code list contains currency as an alphabetic code,
 // then return the minor unit value corresponding to the currency from the list; else return 2.
-Vector chars = currency.charactersWithNullTermination();
-UErrorCode status = U_ZERO_ERROR;
-uint32_t result = ucurr_getDefaultFractionDigits(chars.data(), );
-if (U_FAILURE(status))
-result = 2;
-return result;
+std::pair currencyMinorUnits[] = {
+{ "BHD", 3 },
+{ "BIF", 0 },
+{ "BYR", 0 },
+{ "CLF", 4 },
+{ "CLP", 0 },
+{ "DJF", 0 },
+{ "GNF", 0 },
+{ "IQD", 3 },
+{ "ISK", 0 },
+{ "JOD", 3 },
+{ "JPY", 0 },
+{ "KMF", 0 },
+{ "KRW", 0 },
+{ "KWD", 3 },
+{ "LYD", 3 },
+{ "OMR", 3 },
+{ "PYG", 0 },
+{ "RWF", 0 },
+{ "TND", 3 },
+{ "UGX", 0 },
+{ "UYI", 0 },
+{ "VND", 0 },
+{ "VUV", 0 },
+{ "XAF", 0 },
+{ "XOF", 0 },
+{ "XPF", 0 }
+};
+auto* currencyMinorUnit = tryBinarySearch(currencyMinorUnits, WTF_ARRAY_LENGTH(currencyMinorUnits), computeCurrencySortKey(currency), extractCurrencySortKey);
+if (currencyMinorUnit)
+return currencyMinorUnit->second;
+return 2;
 }
 
 void IntlNumberFormat::initializeNumberFormat(ExecState& state, JSValue locales, JSValue optionsValue)






___

[webkit-changes] [214748] releases/WebKitGTK/webkit-2.16

2017-04-03 Thread carlosgc

Title: [214748] releases/WebKitGTK/webkit-2.16








Revision 214748
Author carlo...@webkit.org
Date 2017-04-03 00:50:18 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214019 - Null deref under callAfterNextPresentationUpdate
https://bugs.webkit.org/show_bug.cgi?id=169710


Patch by Tim Horton  on 2017-03-15
Reviewed by Simon Fraser.

Source/WebKit2:

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::callAfterNextPresentationUpdate):
Call the callback with an error if we don't have a web process or drawing area.

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2Cocoa/DoAfterNextPresentationUpdateAfterCrash.mm: Added.
(TEST):

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/WebKit2/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebKit2/UIProcess/WebPageProxy.cpp
releases/WebKitGTK/webkit-2.16/Tools/ChangeLog


Added Paths

releases/WebKitGTK/webkit-2.16/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/DoAfterNextPresentationUpdateAfterCrash.mm




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/WebKit2/ChangeLog (214747 => 214748)

--- releases/WebKitGTK/webkit-2.16/Source/WebKit2/ChangeLog	2017-04-03 07:46:26 UTC (rev 214747)
+++ releases/WebKitGTK/webkit-2.16/Source/WebKit2/ChangeLog	2017-04-03 07:50:18 UTC (rev 214748)
@@ -1,3 +1,15 @@
+2017-03-15  Tim Horton  
+
+Null deref under callAfterNextPresentationUpdate
+https://bugs.webkit.org/show_bug.cgi?id=169710
+
+
+Reviewed by Simon Fraser.
+
+* UIProcess/WebPageProxy.cpp:
+(WebKit::WebPageProxy::callAfterNextPresentationUpdate):
+Call the callback with an error if we don't have a web process or drawing area.
+
 2017-03-20  Carlos Garcia Campos  
 
 Unreviewed. Update OptionsGTK.cmake and NEWS for 2.16.0 release.


Modified: releases/WebKitGTK/webkit-2.16/Source/WebKit2/UIProcess/WebPageProxy.cpp (214747 => 214748)

--- releases/WebKitGTK/webkit-2.16/Source/WebKit2/UIProcess/WebPageProxy.cpp	2017-04-03 07:46:26 UTC (rev 214747)
+++ releases/WebKitGTK/webkit-2.16/Source/WebKit2/UIProcess/WebPageProxy.cpp	2017-04-03 07:50:18 UTC (rev 214748)
@@ -6708,6 +6708,11 @@
 
 void WebPageProxy::callAfterNextPresentationUpdate(std::function callback)
 {
+if (!isValid() || !m_drawingArea) {
+callback(CallbackBase::Error::OwnerWasInvalidated);
+return;
+}
+
 m_drawingArea->dispatchAfterEnsuringDrawing(callback);
 }
 


Modified: releases/WebKitGTK/webkit-2.16/Tools/ChangeLog (214747 => 214748)

--- releases/WebKitGTK/webkit-2.16/Tools/ChangeLog	2017-04-03 07:46:26 UTC (rev 214747)
+++ releases/WebKitGTK/webkit-2.16/Tools/ChangeLog	2017-04-03 07:50:18 UTC (rev 214748)
@@ -1,3 +1,15 @@
+2017-03-15  Tim Horton  
+
+Null deref under callAfterNextPresentationUpdate
+https://bugs.webkit.org/show_bug.cgi?id=169710
+
+
+Reviewed by Simon Fraser.
+
+* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+* TestWebKitAPI/Tests/WebKit2Cocoa/DoAfterNextPresentationUpdateAfterCrash.mm: Added.
+(TEST):
+
 2017-03-13  Carlos Garcia Campos  
 
 MiniBrowser: a tab closed from _javascript_ always closes the window


Added: releases/WebKitGTK/webkit-2.16/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/DoAfterNextPresentationUpdateAfterCrash.mm (0 => 214748)

--- releases/WebKitGTK/webkit-2.16/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/DoAfterNextPresentationUpdateAfterCrash.mm	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/DoAfterNextPresentationUpdateAfterCrash.mm	2017-04-03 07:50:18 UTC (rev 214748)
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR

[webkit-changes] [214746] releases/WebKitGTK/webkit-2.16/Source/WebCore

2017-04-03 Thread carlosgc

Title: [214746] releases/WebKitGTK/webkit-2.16/Source/WebCore








Revision 214746
Author carlo...@webkit.org
Date 2017-04-03 00:46:13 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214014 - Iteratively dispatch DOM events after restoring a cached page
https://bugs.webkit.org/show_bug.cgi?id=169703


Reviewed by Brady Eidson.

Make dispatching of DOM events when restoring a page from the page cache symmetric with
dispatching of events when saving a page to the page cache.

* history/CachedFrame.cpp:
(WebCore::CachedFrameBase::restore): Move code to dispatch events from here to FrameLoader::didRestoreFromCachedPage().
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::commitProvisionalLoad): Ensure that no DOM events are dispatched during
restoration of a cached page. Call didRestoreFromCachedPage() after restoring the page to
dispatch DOM events on the restored frames.
(WebCore::FrameLoader::willRestoreFromCachedPage): Renamed; formerly named prepareForCachedPageRestore().
(WebCore::FrameLoader::didRestoreFromCachedPage): Added.
(WebCore::FrameLoader::prepareForCachedPageRestore): Renamed to willRestoreFromCachedPage().
* loader/FrameLoader.h:
* page/FrameTree.cpp:
(WebCore::FrameTree::traverseNextInPostOrderWithWrap): Returns the next Frame* in a post-order
traversal of the frame tree optionally wrapping around to the deepest first child in the tree.
(WebCore::FrameTree::deepFirstChild): Added.
* page/FrameTree.h:

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/history/CachedFrame.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/FrameLoader.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/FrameLoader.h
releases/WebKitGTK/webkit-2.16/Source/WebCore/page/FrameTree.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/page/FrameTree.h




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214745 => 214746)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:43:16 UTC (rev 214745)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:46:13 UTC (rev 214746)
@@ -1,3 +1,30 @@
+2017-03-15  Daniel Bates  
+
+Iteratively dispatch DOM events after restoring a cached page
+https://bugs.webkit.org/show_bug.cgi?id=169703
+
+
+Reviewed by Brady Eidson.
+
+Make dispatching of DOM events when restoring a page from the page cache symmetric with
+dispatching of events when saving a page to the page cache.
+
+* history/CachedFrame.cpp:
+(WebCore::CachedFrameBase::restore): Move code to dispatch events from here to FrameLoader::didRestoreFromCachedPage().
+* loader/FrameLoader.cpp:
+(WebCore::FrameLoader::commitProvisionalLoad): Ensure that no DOM events are dispatched during
+restoration of a cached page. Call didRestoreFromCachedPage() after restoring the page to
+dispatch DOM events on the restored frames.
+(WebCore::FrameLoader::willRestoreFromCachedPage): Renamed; formerly named prepareForCachedPageRestore().
+(WebCore::FrameLoader::didRestoreFromCachedPage): Added.
+(WebCore::FrameLoader::prepareForCachedPageRestore): Renamed to willRestoreFromCachedPage().
+* loader/FrameLoader.h:
+* page/FrameTree.cpp:
+(WebCore::FrameTree::traverseNextInPostOrderWithWrap): Returns the next Frame* in a post-order
+traversal of the frame tree optionally wrapping around to the deepest first child in the tree.
+(WebCore::FrameTree::deepFirstChild): Added.
+* page/FrameTree.h:
+
 2017-03-15  Dave Hyatt  
 
 Positioned SVG not sized correctly


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/history/CachedFrame.cpp (214745 => 214746)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/history/CachedFrame.cpp	2017-04-03 07:43:16 UTC (rev 214745)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/history/CachedFrame.cpp	2017-04-03 07:46:13 UTC (rev 214746)
@@ -35,13 +35,10 @@
 #include "FrameLoader.h"
 #include "FrameLoaderClient.h"
 #include "FrameView.h"
-#include "HistoryController.h"
-#include "HistoryItem.h"
 #include "Logging.h"
 #include "MainFrame.h"
 #include "Page.h"
 #include "PageCache.h"
-#include "PageTransitionEvent.h"
 #include "SVGDocumentExtensions.h"
 #include "ScriptController.h"
 #include "SerializedScriptValue.h"
@@ -116,6 +113,7 @@
 ASSERT(childFrame->view()->frame().page());
 frame.tree().appendChild(childFrame->view()->frame());
 childFrame->open();
+ASSERT_WITH_SECURITY_IMPLICATION(m_document == frame.document());
 }
 
 #if PLATFORM(IOS)
@@ -131,14 +129,6 @@
 }
 #endif
 
-// FIXME: update Page Visibility state here.
-// https://bugs.webkit.org/show_bug.cgi?id=116770
-m_document->enqueuePageshowEvent(PageshowEventPersisted);
-
-HistoryItem* historyItem = frame.loader().history().currentItem();
-if

[webkit-changes] [214745] trunk/Source/JavaScriptCore

2017-04-03 Thread commit-queue

Title: [214745] trunk/Source/_javascript_Core








Revision 214745
Author commit-qu...@webkit.org
Date 2017-04-03 00:43:16 -0700 (Mon, 03 Apr 2017)


Log Message
[jsc] implement MIPSAssembler::relinkJumpToNop()
https://bugs.webkit.org/show_bug.cgi?id=169720

Patch by Guillaume Emont  on 2017-04-03
Reviewed by Yusuke Suzuki.

* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::relinkJumpToNop): Added.

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/assembler/MIPSAssembler.h




Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (214744 => 214745)

--- trunk/Source/_javascript_Core/ChangeLog	2017-04-03 07:29:27 UTC (rev 214744)
+++ trunk/Source/_javascript_Core/ChangeLog	2017-04-03 07:43:16 UTC (rev 214745)
@@ -1,3 +1,13 @@
+2017-04-03  Guillaume Emont  
+
+[jsc] implement MIPSAssembler::relinkJumpToNop()
+https://bugs.webkit.org/show_bug.cgi?id=169720
+
+Reviewed by Yusuke Suzuki.
+
+* assembler/MIPSAssembler.h:
+(JSC::MIPSAssembler::relinkJumpToNop): Added.
+
 2017-04-02  Carlos Garcia Campos  
 
 Share implementation of JSRunLoopTimer::timerDidFire


Modified: trunk/Source/_javascript_Core/assembler/MIPSAssembler.h (214744 => 214745)

--- trunk/Source/_javascript_Core/assembler/MIPSAssembler.h	2017-04-03 07:29:27 UTC (rev 214744)
+++ trunk/Source/_javascript_Core/assembler/MIPSAssembler.h	2017-04-03 07:43:16 UTC (rev 214745)
@@ -839,6 +839,11 @@
 cacheFlush(insn, flushSize);
 }
 
+static void relinkJumpToNop(void* from)
+{
+relinkJump(from, from);
+}
+
 static void relinkCall(void* from, void* to)
 {
 void* start;






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [214744] releases/WebKitGTK/webkit-2.16

2017-04-03 Thread carlosgc

Title: [214744] releases/WebKitGTK/webkit-2.16








Revision 214744
Author carlo...@webkit.org
Date 2017-04-03 00:29:27 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214010 - Positioned SVG not sized correctly
https://bugs.webkit.org/show_bug.cgi?id=169693


Reviewed by Zalan Bujtas.

Source/WebCore:

Test: svg/in-html/rect-positioned.html

Change computeReplacedLogicalHeight to take an estimatedUsedWidth. This
value is used instead of the available logical width to resolve replaced
elements without intrinsic sizes but with aspect ratios set.

* rendering/RenderBox.cpp:
(WebCore::RenderBox::computeReplacedLogicalHeight):
* rendering/RenderBox.h:
* rendering/RenderReplaced.cpp:
(WebCore::RenderReplaced::computeConstrainedLogicalWidth):
(WebCore::RenderReplaced::computeReplacedLogicalWidth):
(WebCore::RenderReplaced::computeReplacedLogicalHeight):
* rendering/RenderReplaced.h:
* rendering/RenderVideo.cpp:
(WebCore::RenderVideo::computeReplacedLogicalHeight): Deleted.
* rendering/RenderVideo.h:
* rendering/svg/RenderSVGRoot.cpp:
(WebCore::RenderSVGRoot::computeReplacedLogicalWidth):
(WebCore::RenderSVGRoot::computeReplacedLogicalHeight):
* rendering/svg/RenderSVGRoot.h:

LayoutTests:

* svg/in-html/rect-positioned-expected.html: Added.
* svg/in-html/rect-positioned.html: Added.

Modified Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderBox.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderBox.h
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderReplaced.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderReplaced.h
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderVideo.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderVideo.h
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/svg/RenderSVGRoot.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/svg/RenderSVGRoot.h


Added Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/svg/in-html/rect-positioned-expected.html
releases/WebKitGTK/webkit-2.16/LayoutTests/svg/in-html/rect-positioned.html




Diff

Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog (214743 => 214744)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 07:23:50 UTC (rev 214743)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 07:29:27 UTC (rev 214744)
@@ -1,3 +1,14 @@
+2017-03-15  Dave Hyatt  
+
+Positioned SVG not sized correctly
+https://bugs.webkit.org/show_bug.cgi?id=169693
+
+
+Reviewed by Zalan Bujtas.
+
+* svg/in-html/rect-positioned-expected.html: Added.
+* svg/in-html/rect-positioned.html: Added.
+
 2017-03-14  Wenson Hsieh  
 
 RenderElements should unregister for viewport visibility callbacks when they are destroyed


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/svg/in-html/rect-positioned-expected.html (0 => 214744)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/svg/in-html/rect-positioned-expected.html	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/svg/in-html/rect-positioned-expected.html	2017-04-03 07:29:27 UTC (rev 214744)
@@ -0,0 +1,10 @@
+
+
+
+This blue rectangle is drawn via SVG.
+
+
+
+<
+
+


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/svg/in-html/rect-positioned.html (0 => 214744)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/svg/in-html/rect-positioned.html	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/svg/in-html/rect-positioned.html	2017-04-03 07:29:27 UTC (rev 214744)
@@ -0,0 +1,10 @@
+
+
+
+This blue rectangle is drawn via SVG.
+
+
+
+<
+
+


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214743 => 214744)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:23:50 UTC (rev 214743)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:29:27 UTC (rev 214744)
@@ -1,3 +1,33 @@
+2017-03-15  Dave Hyatt  
+
+Positioned SVG not sized correctly
+https://bugs.webkit.org/show_bug.cgi?id=169693
+
+
+Reviewed by Zalan Bujtas.
+
+Test: svg/in-html/rect-positioned.html
+
+Change computeReplacedLogicalHeight to take an estimatedUsedWidth. This
+value is used instead of the available logical width to resolve replaced
+elements without intrinsic sizes but with aspect ratios set.
+
+* rendering/RenderBox.cpp:
+(WebCore::RenderBox::computeReplacedLogicalHeight):
+* rendering/RenderBox.h:
+* rendering/RenderReplaced.cpp:
+(WebCore::RenderReplaced::computeConstrainedLogicalWidth):
+

[webkit-changes] [214743] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

2017-04-03 Thread carlosgc

Title: [214743] releases/WebKitGTK/webkit-2.16/Source/_javascript_Core








Revision 214743
Author carlo...@webkit.org
Date 2017-04-03 00:23:50 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r214005 - Fix missing exception checks in Interpreter.cpp.
https://bugs.webkit.org/show_bug.cgi?id=164964

Reviewed by Saam Barati.

* interpreter/Interpreter.cpp:
(JSC::eval):
(JSC::sizeOfVarargs):
(JSC::sizeFrameForVarargs):
(JSC::Interpreter::executeProgram):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
(JSC::Interpreter::execute):

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/interpreter/Interpreter.cpp




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog (214742 => 214743)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 07:21:54 UTC (rev 214742)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 07:23:50 UTC (rev 214743)
@@ -1,3 +1,20 @@
+2017-03-15  Mark Lam  
+
+Fix missing exception checks in Interpreter.cpp.
+https://bugs.webkit.org/show_bug.cgi?id=164964
+
+Reviewed by Saam Barati.
+
+* interpreter/Interpreter.cpp:
+(JSC::eval):
+(JSC::sizeOfVarargs):
+(JSC::sizeFrameForVarargs):
+(JSC::Interpreter::executeProgram):
+(JSC::Interpreter::executeCall):
+(JSC::Interpreter::executeConstruct):
+(JSC::Interpreter::prepareForRepeatCall):
+(JSC::Interpreter::execute):
+
 2017-03-14  Tomas Popela  
 
 Wrong condition in offlineasm/risc.rb


Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/interpreter/Interpreter.cpp (214742 => 214743)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/interpreter/Interpreter.cpp	2017-04-03 07:21:54 UTC (rev 214742)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/interpreter/Interpreter.cpp	2017-04-03 07:23:50 UTC (rev 214743)
@@ -137,12 +137,16 @@
 if (!callerCodeBlock->isStrictMode()) {
 if (programSource.is8Bit()) {
 LiteralParser preparser(callFrame, programSource.characters8(), programSource.length(), NonStrictJSON);
-if (JSValue parsedObject = preparser.tryLiteralParse())
+if (JSValue parsedObject = preparser.tryLiteralParse()) {
+scope.release();
 return parsedObject;
+}
 } else {
 LiteralParser preparser(callFrame, programSource.characters16(), programSource.length(), NonStrictJSON);
-if (JSValue parsedObject = preparser.tryLiteralParse())
-return parsedObject;
+if (JSValue parsedObject = preparser.tryLiteralParse()) {
+scope.release();
+return parsedObject;
+}
 }
 }
 
@@ -152,6 +156,7 @@
 VariableEnvironment variablesUnderTDZ;
 JSScope::collectClosureVariablesUnderTDZ(callerScopeChain, variablesUnderTDZ);
 eval = DirectEvalExecutable::create(callFrame, makeSource(programSource, callerCodeBlock->source()->sourceOrigin()), callerCodeBlock->isStrictMode(), derivedContextType, isArrowFunctionContext, evalContextType, );
+ASSERT(!!scope.exception() == !eval);
 if (!eval)
 return jsUndefined();
 
@@ -160,6 +165,7 @@
 
 JSValue thisValue = callerFrame->thisValue();
 Interpreter* interpreter = vm.interpreter;
+scope.release();
 return interpreter->execute(eval, callFrame, thisValue, callerScopeChain);
 }
 
@@ -193,10 +199,9 @@
 default:
 RELEASE_ASSERT(arguments.isObject());
 length = getLength(callFrame, jsCast(cell));
-RETURN_IF_EXCEPTION(scope, 0);
 break;
 }
-
+RETURN_IF_EXCEPTION(scope, 0);
 
 if (length >= firstVarArgOffset)
 length -= firstVarArgOffset;
@@ -223,7 +228,8 @@
 auto scope = DECLARE_THROW_SCOPE(vm);
 
 unsigned length = sizeOfVarargs(callFrame, arguments, firstVarArgOffset);
-
+RETURN_IF_EXCEPTION(scope, 0);
+
 CallFrame* calleeFrame = calleeFrameForVarargs(callFrame, numUsedStackSlots, length + 1);
 if (UNLIKELY(length > maxArguments || !vm.ensureStackCapacityFor(calleeFrame->registers( {
 throwStackOverflowError(callFrame, scope);
@@ -763,6 +769,7 @@
 parseResult = literalParser.tryJSONPParse(JSONPData, scope->globalObject()->globalObjectMethodTable()->supportsRichSourceInfo(scope->globalObject()));
 }
 
+RETURN_IF_EXCEPTION(throwScope, { });
 if (parseResult) {
 JSGlobalObject* globalObject = scope->globalObject();
 JSValue result;
@@ -847,7 +854,9 @@
 VMEntryScope entryScope(vm, scope->globalObject());
 
 // Compile source

[webkit-changes] [214742] releases/WebKitGTK/webkit-2.16/Source/WebCore

2017-04-03 Thread carlosgc

Title: [214742] releases/WebKitGTK/webkit-2.16/Source/WebCore








Revision 214742
Author carlo...@webkit.org
Date 2017-04-03 00:21:54 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r213990 - [GTK] Initialize m_button, m_clickCount members in PlatformMouseEvent constructors
https://bugs.webkit.org/show_bug.cgi?id=169666

Reviewed by Michael Catanzaro.

Initialize the m_button and m_clickCount class members in the GTK+-specific
implementation of PlatformMouseEvent constructors to NoButton and 0,
respectively. The constructors expect to operate on passed-in GTK+ events
that will be able to initialize those two members to some valid values, but
this is not guaranteed.

* platform/gtk/PlatformMouseEventGtk.cpp:
(WebCore::PlatformMouseEvent::PlatformMouseEvent):

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/gtk/PlatformMouseEventGtk.cpp




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214741 => 214742)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:20:54 UTC (rev 214741)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:21:54 UTC (rev 214742)
@@ -1,5 +1,21 @@
 2017-03-15  Zan Dobersek  
 
+[GTK] Initialize m_button, m_clickCount members in PlatformMouseEvent constructors
+https://bugs.webkit.org/show_bug.cgi?id=169666
+
+Reviewed by Michael Catanzaro.
+
+Initialize the m_button and m_clickCount class members in the GTK+-specific
+implementation of PlatformMouseEvent constructors to NoButton and 0,
+respectively. The constructors expect to operate on passed-in GTK+ events
+that will be able to initialize those two members to some valid values, but
+this is not guaranteed.
+
+* platform/gtk/PlatformMouseEventGtk.cpp:
+(WebCore::PlatformMouseEvent::PlatformMouseEvent):
+
+2017-03-15  Zan Dobersek  
+
 [TexMap] Add missing class member initializations
 https://bugs.webkit.org/show_bug.cgi?id=169665
 


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/gtk/PlatformMouseEventGtk.cpp (214741 => 214742)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/gtk/PlatformMouseEventGtk.cpp	2017-04-03 07:20:54 UTC (rev 214741)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/gtk/PlatformMouseEventGtk.cpp	2017-04-03 07:21:54 UTC (rev 214742)
@@ -41,6 +41,8 @@
 m_timestamp = event->time;
 m_position = IntPoint((int)event->x, (int)event->y);
 m_globalPosition = IntPoint((int)event->x_root, (int)event->y_root);
+m_button = NoButton;
+m_clickCount = 0;
 m_modifierFlags = 0;
 
 if (event->state & GDK_SHIFT_MASK)
@@ -88,6 +90,8 @@
 m_timestamp = motion->time;
 m_position = IntPoint((int)motion->x, (int)motion->y);
 m_globalPosition = IntPoint((int)motion->x_root, (int)motion->y_root);
+m_button = NoButton;
+m_clickCount = 0;
 m_modifierFlags = 0;
 
 if (motion->state & GDK_SHIFT_MASK)






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [214741] releases/WebKitGTK/webkit-2.16/Source/WebCore

2017-04-03 Thread carlosgc

Title: [214741] releases/WebKitGTK/webkit-2.16/Source/WebCore








Revision 214741
Author carlo...@webkit.org
Date 2017-04-03 00:20:54 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r213989 - [TexMap] Add missing class member initializations
https://bugs.webkit.org/show_bug.cgi?id=169665

Reviewed by Michael Catanzaro.

Zero-initialize the members in various TextureMapper classes
that are missing the proper initialization, as reported by
the Coverity tool.

* platform/graphics/texmap/BitmapTexturePool.h:
* platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
* platform/graphics/texmap/coordinated/CoordinatedGraphicsState.h:
(WebCore::CoordinatedGraphicsLayerState::CoordinatedGraphicsLayerState):
* platform/graphics/texmap/coordinated/SurfaceUpdateInfo.h:

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/BitmapTexturePool.h
releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h
releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsState.h
releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/coordinated/SurfaceUpdateInfo.h




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214740 => 214741)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:18:58 UTC (rev 214740)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:20:54 UTC (rev 214741)
@@ -1,3 +1,20 @@
+2017-03-15  Zan Dobersek  
+
+[TexMap] Add missing class member initializations
+https://bugs.webkit.org/show_bug.cgi?id=169665
+
+Reviewed by Michael Catanzaro.
+
+Zero-initialize the members in various TextureMapper classes
+that are missing the proper initialization, as reported by
+the Coverity tool.
+
+* platform/graphics/texmap/BitmapTexturePool.h:
+* platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
+* platform/graphics/texmap/coordinated/CoordinatedGraphicsState.h:
+(WebCore::CoordinatedGraphicsLayerState::CoordinatedGraphicsLayerState):
+* platform/graphics/texmap/coordinated/SurfaceUpdateInfo.h:
+
 2017-03-14  Wenson Hsieh  
 
 RenderElements should unregister for viewport visibility callbacks when they are destroyed


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/BitmapTexturePool.h (214740 => 214741)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/BitmapTexturePool.h	2017-04-03 07:18:58 UTC (rev 214740)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/BitmapTexturePool.h	2017-04-03 07:20:54 UTC (rev 214741)
@@ -59,7 +59,7 @@
 void markIsInUse() { m_lastUsedTime = monotonicallyIncreasingTime(); }
 
 RefPtr m_texture;
-double m_lastUsedTime;
+double m_lastUsedTime { 0.0 };
 };
 
 void scheduleReleaseUnusedTextures();


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h (214740 => 214741)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h	2017-04-03 07:18:58 UTC (rev 214740)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h	2017-04-03 07:20:54 UTC (rev 214741)
@@ -232,7 +232,7 @@
 PlatformLayer* m_platformLayer;
 Timer m_animationStartedTimer;
 TextureMapperAnimations m_animations;
-double m_lastAnimationStartTime;
+double m_lastAnimationStartTime { 0.0 };
 
 ScrollableArea* m_scrollableArea;
 };


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsState.h (214740 => 214741)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsState.h	2017-04-03 07:18:58 UTC (rev 214740)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsState.h	2017-04-03 07:20:54 UTC (rev 214741)
@@ -126,6 +126,7 @@
 , replica(InvalidCoordinatedLayerID)
 , mask(InvalidCoordinatedLayerID)
 , imageID(InvalidCoordinatedImageBackingID)
+, repaintCount(0)
 #if USE(COORDINATED_GRAPHICS_THREADED)
 , platformLayerProxy(0)
 #endif


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/coordinated/SurfaceUpdateInfo.h (214740 => 214741)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/coordinated/SurfaceUpdateInfo.h	2017-04-03 07:18:58 UTC (rev 214740)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/graphics/texmap/coordinated/SurfaceUpdateInfo.h	2017-04-03 07:20:54 UTC (rev 214741)
@@ -35,7 +35,7 @@
 IntRect updateRect;

[webkit-changes] [214740] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

2017-04-03 Thread carlosgc

Title: [214740] releases/WebKitGTK/webkit-2.16/Source/_javascript_Core








Revision 214740
Author carlo...@webkit.org
Date 2017-04-03 00:18:58 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r213973 - Wrong condition in offlineasm/risc.rb
https://bugs.webkit.org/show_bug.cgi?id=169597

Reviewed by Mark Lam.

It's missing the 'and' operator between the conditions.

* offlineasm/risc.rb:

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/offlineasm/risc.rb




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog (214739 => 214740)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 07:17:43 UTC (rev 214739)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 07:18:58 UTC (rev 214740)
@@ -1,3 +1,14 @@
+2017-03-14  Tomas Popela  
+
+Wrong condition in offlineasm/risc.rb
+https://bugs.webkit.org/show_bug.cgi?id=169597
+
+Reviewed by Mark Lam.
+
+It's missing the 'and' operator between the conditions.
+
+* offlineasm/risc.rb:
+
 2017-03-14  Mark Lam  
 
 BytecodeGenerator should use the same function to determine if it needs to store the DerivedConstructor in an ArrowFunction lexical environment.


Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/offlineasm/risc.rb (214739 => 214740)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/offlineasm/risc.rb	2017-04-03 07:17:43 UTC (rev 214739)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/offlineasm/risc.rb	2017-04-03 07:18:58 UTC (rev 214740)
@@ -374,7 +374,7 @@
 when "addi", "addp", "addq", "addis", "subi", "subp", "subq", "subis"
 if node.operands[0].is_a? Immediate and
 (not validImmediates.include? node.operands[0].value) and
-validImmediates.include? -node.operands[0].value
+validImmediates.include? -node.operands[0].value and
 node.operands.size == 2
 if node.opcode =~ /add/
 newOpcode = "sub" + $~.post_match






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [214739] releases/WebKitGTK/webkit-2.16

2017-04-03 Thread carlosgc

Title: [214739] releases/WebKitGTK/webkit-2.16








Revision 214739
Author carlo...@webkit.org
Date 2017-04-03 00:17:43 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r213967 - RenderElements should unregister for viewport visibility callbacks when they are destroyed
https://bugs.webkit.org/show_bug.cgi?id=169521


Reviewed by Simon Fraser.

Source/WebCore:

When registering a RenderElement for viewport visibility callbacks, we always need to make sure that it is unregistered
before it is destroyed. While we account for this in the destructor of RenderElement, we only unregister in the destructor
if we are already registered for visibility callbacks. In the call to RenderObject::willBeDestroyed(), we clear out rare
data, which holds RenderElement's viewport callback registration state, so upon entering the destructor of RenderElement,
we skip unregistration because RenderElement thinks that it is not registered.

We can mitigate this by unregistering the RenderElement earlier, in RenderElement::willBeDestroyed, prior to clearing out
the rare data. However, we'd ideally want to move the cleanup logic out of the destructor altogether and into willBeDestroyed
(see https://bugs.webkit.org/show_bug.cgi?id=169650).

Test: fast/media/video-element-in-details-collapse.html

* rendering/RenderElement.cpp:
(WebCore::RenderElement::willBeDestroyed):

LayoutTests:

Adds a new layout test covering this regression. See WebCore ChangeLog for more details.

* fast/media/video-element-in-details-collapse-expected.txt: Added.
* fast/media/video-element-in-details-collapse.html: Added.

Modified Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderElement.cpp


Added Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/fast/media/video-element-in-details-collapse-expected.txt
releases/WebKitGTK/webkit-2.16/LayoutTests/fast/media/video-element-in-details-collapse.html




Diff

Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog (214738 => 214739)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 07:16:48 UTC (rev 214738)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 07:17:43 UTC (rev 214739)
@@ -1,3 +1,16 @@
+2017-03-14  Wenson Hsieh  
+
+RenderElements should unregister for viewport visibility callbacks when they are destroyed
+https://bugs.webkit.org/show_bug.cgi?id=169521
+
+
+Reviewed by Simon Fraser.
+
+Adds a new layout test covering this regression. See WebCore ChangeLog for more details.
+
+* fast/media/video-element-in-details-collapse-expected.txt: Added.
+* fast/media/video-element-in-details-collapse.html: Added.
+
 2017-03-14  Zalan Bujtas  
 
 Simple line layout: Adjust hyphenation constrains based on the normal line layout line-breaking logic.


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/fast/media/video-element-in-details-collapse-expected.txt (0 => 214739)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/fast/media/video-element-in-details-collapse-expected.txt	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/fast/media/video-element-in-details-collapse-expected.txt	2017-04-03 07:17:43 UTC (rev 214739)
@@ -0,0 +1 @@
+hi


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/fast/media/video-element-in-details-collapse.html (0 => 214739)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/fast/media/video-element-in-details-collapse.html	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/fast/media/video-element-in-details-collapse.html	2017-04-03 07:17:43 UTC (rev 214739)
@@ -0,0 +1,14 @@
+hi
+
+details.focus();
+details.open = false;
+window._onclick_ = () => {
+details.open = true;
+}
+if (window.testRunner && window.eventSender) {
+testRunner.dumpAsText();
+eventSender.mouseMoveTo(innerWidth / 2, innerHeight / 2);
+eventSender.mouseDown();
+eventSender.mouseUp();
+}
+


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214738 => 214739)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:16:48 UTC (rev 214738)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:17:43 UTC (rev 214739)
@@ -1,3 +1,26 @@
+2017-03-14  Wenson Hsieh  
+
+RenderElements should unregister for viewport visibility callbacks when they are destroyed
+https://bugs.webkit.org/show_bug.cgi?id=169521
+
+
+Reviewed by Simon Fraser.
+
+When registering a RenderElement for viewport visibility callbacks, we always need to make sure that it is unregistered
+before it is destroyed. While we account for this in the destructor of RenderElement, we only unregister in the destructor
+if we are already registered for visibility callbacks. In the call to

[webkit-changes] [214738] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

2017-04-03 Thread carlosgc

Title: [214738] releases/WebKitGTK/webkit-2.16/Source/_javascript_Core








Revision 214738
Author carlo...@webkit.org
Date 2017-04-03 00:16:48 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r213966 - BytecodeGenerator should use the same function to determine if it needs to store the DerivedConstructor in an ArrowFunction lexical environment.
https://bugs.webkit.org/show_bug.cgi?id=169647


Reviewed by Michael Saboff.

* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::usesDerivedConstructorInArrowFunctionLexicalEnvironment):
(JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
(JSC::BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope):
* bytecompiler/BytecodeGenerator.h:

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog (214737 => 214738)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 07:15:11 UTC (rev 214737)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 07:16:48 UTC (rev 214738)
@@ -1,3 +1,17 @@
+2017-03-14  Mark Lam  
+
+BytecodeGenerator should use the same function to determine if it needs to store the DerivedConstructor in an ArrowFunction lexical environment.
+https://bugs.webkit.org/show_bug.cgi?id=169647
+
+
+Reviewed by Michael Saboff.
+
+* bytecompiler/BytecodeGenerator.cpp:
+(JSC::BytecodeGenerator::usesDerivedConstructorInArrowFunctionLexicalEnvironment):
+(JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
+(JSC::BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope):
+* bytecompiler/BytecodeGenerator.h:
+
 2017-03-13  Filip Pizlo  
 
 FTL should not flush strict arguments unless it really needs to


Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (214737 => 214738)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp	2017-04-03 07:15:11 UTC (rev 214737)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp	2017-04-03 07:16:48 UTC (rev 214738)
@@ -1031,6 +1031,15 @@
 }
 }
 
+bool BytecodeGenerator::needsDerivedConstructorInArrowFunctionLexicalEnvironment()
+{
+if ((isConstructor() && constructorKind() == ConstructorKind::Extends) || m_codeBlock->isClassContext()) {
+if (isSuperUsedInInnerArrowFunction())
+return true;
+}
+return false;
+}
+
 void BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded(SymbolTable* functionSymbolTable, bool canReuseLexicalEnvironment)
 {
 ASSERT(!m_arrowFunctionContextLexicalEnvironmentRegister);
@@ -1053,7 +1062,7 @@
 functionSymbolTable->set(NoLockingNecessary, propertyNames().builtinNames().newTargetLocalPrivateName().impl(), SymbolTableEntry(VarOffset(offset)));
 }
 
-if (isConstructor() && constructorKind() == ConstructorKind::Extends && isSuperUsedInInnerArrowFunction()) {
+if (needsDerivedConstructorInArrowFunctionLexicalEnvironment()) {
 offset = functionSymbolTable->takeNextScopeOffset(NoLockingNecessary);
 functionSymbolTable->set(NoLockingNecessary, propertyNames().builtinNames().derivedConstructorPrivateName().impl(), SymbolTableEntry(VarOffset(offset)));
 }
@@ -1075,7 +1084,7 @@
 addTarget.iterator->value.setIsLet();
 }
 
-if (isConstructor() && constructorKind() == ConstructorKind::Extends && isSuperUsedInInnerArrowFunction()) {
+if (needsDerivedConstructorInArrowFunctionLexicalEnvironment()) {
 auto derivedConstructor = environment.add(propertyNames().builtinNames().derivedConstructorPrivateName());
 derivedConstructor.iterator->value.setIsCaptured();
 derivedConstructor.iterator->value.setIsLet();
@@ -4550,13 +4559,11 @@
 
 void BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope()
 {
-if ((isConstructor() && constructorKind() == ConstructorKind::Extends) || m_codeBlock->isClassContext()) {
-if (isSuperUsedInInnerArrowFunction()) {
-ASSERT(m_arrowFunctionContextLexicalEnvironmentRegister);
-
-Variable protoScope = variable(propertyNames().builtinNames().derivedConstructorPrivateName());
-emitPutToScope(m_arrowFunctionContextLexicalEnvironmentRegister, protoScope, _calleeRegister, DoNotThrowIfNotFound, InitializationMode::Initialization);
-}
+if (needsDerivedConstructorInArrowFunctionLexicalEnvironment()) {
+ASSERT(m_arrowFunctionContextLexicalEnvironmentRegister);
+
+Variable

[webkit-changes] [214737] releases/WebKitGTK/webkit-2.16

2017-04-03 Thread carlosgc

Title: [214737] releases/WebKitGTK/webkit-2.16








Revision 214737
Author carlo...@webkit.org
Date 2017-04-03 00:15:11 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r213944 - Simple line layout: Adjust hyphenation constrains based on the normal line layout line-breaking logic.
https://bugs.webkit.org/show_bug.cgi?id=169617

Source/WebCore:

Reviewed by Antti Koivisto.

This patch ensures that simple line layout ends up with the same hyphenation context as normal line layout.

Test: fast/text/simple-line-layout-hyphenation-constrains.html

* rendering/SimpleLineLayout.cpp:
(WebCore::SimpleLineLayout::hyphenPositionForFragment): see webkit.org/b/169613
(WebCore::SimpleLineLayout::splitFragmentToFitLine):
* rendering/line/BreakingContext.h: Integral -> fractional.
(WebCore::tryHyphenating):

LayoutTests:

Reviewed by Antti Koivisto.

* fast/text/simple-line-layout-hyphenation-constrains-expected.html: Added.
* fast/text/simple-line-layout-hyphenation-constrains.html: Added.

Modified Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/SimpleLineLayout.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/line/BreakingContext.h


Added Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/fast/text/simple-line-layout-hyphenation-constrains-expected.html
releases/WebKitGTK/webkit-2.16/LayoutTests/fast/text/simple-line-layout-hyphenation-constrains.html




Diff

Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog (214736 => 214737)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 07:12:28 UTC (rev 214736)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 07:15:11 UTC (rev 214737)
@@ -1,3 +1,13 @@
+2017-03-14  Zalan Bujtas  
+
+Simple line layout: Adjust hyphenation constrains based on the normal line layout line-breaking logic.
+https://bugs.webkit.org/show_bug.cgi?id=169617
+
+Reviewed by Antti Koivisto.
+
+* fast/text/simple-line-layout-hyphenation-constrains-expected.html: Added.
+* fast/text/simple-line-layout-hyphenation-constrains.html: Added.
+
 2017-03-13  Wenson Hsieh  
 
 Make RepaintRegionAccumulator hold a WeakPtr to its root RenderView


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/fast/text/simple-line-layout-hyphenation-constrains-expected.html (0 => 214737)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/fast/text/simple-line-layout-hyphenation-constrains-expected.html	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/fast/text/simple-line-layout-hyphenation-constrains-expected.html	2017-04-03 07:15:11 UTC (rev 214737)
@@ -0,0 +1,20 @@
+
+
+
+This tests that simple and normal line layout produce the same lines with hyphenation and enlarged font
+
+div {
+  display: inline-block;
+  width: 43px;
+  margin-right: 150px;
+  vertical-align: top;
+  font-size: 30px;
+}
+
+
+
+advantageous remunerative profitability
+saxicolous sesquipedalian superabundant
+unencumbered responsibilities unparagoned peerless
+
+


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/fast/text/simple-line-layout-hyphenation-constrains.html (0 => 214737)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/fast/text/simple-line-layout-hyphenation-constrains.html	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/fast/text/simple-line-layout-hyphenation-constrains.html	2017-04-03 07:15:11 UTC (rev 214737)
@@ -0,0 +1,21 @@
+
+
+
+This tests that simple and normal line layout produce the same lines with hyphenation and enlarged font
+
+div {
+  display: inline-block;
+  -webkit-hyphens: auto;
+  width: 43px;
+  margin-right: 150px;
+  vertical-align: top;
+  font-size: 30px;
+}
+
+
+
+advantageous remunerative profitability
+saxicolous sesquipedalian superabundant
+unencumbered responsibilities unparagoned peerless
+
+


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214736 => 214737)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:12:28 UTC (rev 214736)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:15:11 UTC (rev 214737)
@@ -1,3 +1,20 @@
+2017-03-14  Alan Kinsley  
+
+Simple line layout: Adjust hyphenation constrains based on the normal line layout line-breaking logic.
+https://bugs.webkit.org/show_bug.cgi?id=169617
+
+Reviewed by Antti Koivisto.
+
+This patch ensures that simple line layout ends up with the same hyphenation context as normal line layout. 
+
+Test: fast/text/simple-line-layout-hyphenation-constrains.html
+
+* rendering/SimpleLineLayout.cpp:
+(WebCore::SimpleLineLayout::hyphenPositionForFragment): see webkit.org/b/169613
+(WebCore::SimpleLineLayout::splitFragmentToFitLine):
+* rendering/line/BreakingContext.h: Integral -> fractional.

[webkit-changes] [214736] releases/WebKitGTK/webkit-2.16/Source/WebCore

2017-04-03 Thread carlosgc

Title: [214736] releases/WebKitGTK/webkit-2.16/Source/WebCore








Revision 214736
Author carlo...@webkit.org
Date 2017-04-03 00:12:28 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r213923 - Remove redundant check for "firstLine" in RenderBlock::lineHeight()
https://bugs.webkit.org/show_bug.cgi?id=169610

Patch by Adrian Perez de Castro  on 2017-03-14
Reviewed by Michael Catanzaro.

* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::lineHeight): Remove test of "firstLine" that
was already checked in the condition for the enclosing if-clause.

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderBlock.cpp




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214735 => 214736)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:09:59 UTC (rev 214735)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 07:12:28 UTC (rev 214736)
@@ -1,3 +1,14 @@
+2017-03-14  Adrian Perez de Castro  
+
+Remove redundant check for "firstLine" in RenderBlock::lineHeight()
+https://bugs.webkit.org/show_bug.cgi?id=169610
+
+Reviewed by Michael Catanzaro.
+
+* rendering/RenderBlock.cpp:
+(WebCore::RenderBlock::lineHeight): Remove test of "firstLine" that
+was already checked in the condition for the enclosing if-clause.
+
 2017-03-13  Wenson Hsieh  
 
 Make RepaintRegionAccumulator hold a WeakPtr to its root RenderView


Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderBlock.cpp (214735 => 214736)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderBlock.cpp	2017-04-03 07:09:59 UTC (rev 214735)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderBlock.cpp	2017-04-03 07:12:28 UTC (rev 214736)
@@ -2875,7 +2875,7 @@
 return RenderBox::lineHeight(firstLine, direction, linePositionMode);
 
 if (firstLine && view().usesFirstLineRules()) {
-auto& s = firstLine ? firstLineStyle() : style();
+auto& s = firstLineStyle();
 if ( != ())
 return s.computedLineHeight();
 }






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [214735] releases/WebKitGTK/webkit-2.16

2017-04-03 Thread carlosgc

Title: [214735] releases/WebKitGTK/webkit-2.16








Revision 214735
Author carlo...@webkit.org
Date 2017-04-03 00:09:59 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r213897 - Make RepaintRegionAccumulator hold a WeakPtr to its root RenderView
https://bugs.webkit.org/show_bug.cgi?id=168480


Reviewed by Antti Koivisto.

Source/WebCore:

Implements two mitigations to prevent the symptoms of the bug from occurring (see the bugzilla for more details).

Test: editing/execCommand/show-modal-dialog-during-execCommand.html

* editing/EditorCommand.cpp:
(WebCore::Editor::Command::execute):

Do not allow edit commands to execute if the frame's document before and after layout differ (that is, edit commands
triggered by a certain document should not run on a different document).

* rendering/RenderView.cpp:
(WebCore::RenderView::RenderView):
(WebCore::RenderView::RepaintRegionAccumulator::RepaintRegionAccumulator):

Turns RepaintRegionAccumulator's reference to its root RenderView into a WeakPtr to gracefully handle the case
where its RenderView is destroyed before RepaintRegionAccumulator's destructor gets a chance to flush the
RenderView's repaint regions.

* rendering/RenderView.h:

LayoutTests:

Introduces a new layout test. See WebCore ChangeLog for more details.

* TestExpectations:
* editing/execCommand/show-modal-dialog-during-execCommand-expected.txt: Added.
* editing/execCommand/show-modal-dialog-during-execCommand.html: Added.
* editing/execCommand/resources/self-closing-modal-dialog.html: Added.
* platform/mac-wk1/TestExpectations:

Modified Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-2.16/LayoutTests/TestExpectations
releases/WebKitGTK/webkit-2.16/LayoutTests/platform/mac-wk1/TestExpectations
releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/WebCore/editing/EditorCommand.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderView.cpp
releases/WebKitGTK/webkit-2.16/Source/WebCore/rendering/RenderView.h


Added Paths

releases/WebKitGTK/webkit-2.16/LayoutTests/editing/execCommand/resources/self-closing-modal-dialog.html
releases/WebKitGTK/webkit-2.16/LayoutTests/editing/execCommand/show-modal-dialog-during-execCommand-expected.txt
releases/WebKitGTK/webkit-2.16/LayoutTests/editing/execCommand/show-modal-dialog-during-execCommand.html




Diff

Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog (214734 => 214735)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 07:03:52 UTC (rev 214734)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 07:09:59 UTC (rev 214735)
@@ -1,3 +1,19 @@
+2017-03-13  Wenson Hsieh  
+
+Make RepaintRegionAccumulator hold a WeakPtr to its root RenderView
+https://bugs.webkit.org/show_bug.cgi?id=168480
+
+
+Reviewed by Antti Koivisto.
+
+Introduces a new layout test. See WebCore ChangeLog for more details.
+
+* TestExpectations:
+* editing/execCommand/show-modal-dialog-during-execCommand-expected.txt: Added.
+* editing/execCommand/show-modal-dialog-during-execCommand.html: Added.
+* editing/execCommand/resources/self-closing-modal-dialog.html: Added.
+* platform/mac-wk1/TestExpectations:
+
 2017-03-13  Caio Lima  
 
 [JSC] It should be possible create a label named let when parsing Statement in non strict mode


Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/TestExpectations (214734 => 214735)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/TestExpectations	2017-04-03 07:03:52 UTC (rev 214734)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/TestExpectations	2017-04-03 07:09:59 UTC (rev 214735)
@@ -33,6 +33,9 @@
 media/controls/ipad [ Skip ]
 fast/text-autosizing [ Skip ]
 
+# window.showModalDialog is only tested in DumpRenderTree on Mac.
+editing/execCommand/show-modal-dialog-during-execCommand.html [ Skip ]
+
 fast/shadow-dom/touch-event-on-text-assigned-to-slot.html [ Skip ]
 
 fast/forms/attributed-strings.html [ Skip ]


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/editing/execCommand/resources/self-closing-modal-dialog.html (0 => 214735)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/editing/execCommand/resources/self-closing-modal-dialog.html	(rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/editing/execCommand/resources/self-closing-modal-dialog.html	2017-04-03 07:09:59 UTC (rev 214735)
@@ -0,0 +1,9 @@
+
+setTimeout(() => {
+window.close();
+if (window.testRunner) {
+testRunner.notifyDone();
+testRunner.abortModal();
+}
+}, 1000);
+


Added: releases/WebKitGTK/webkit-2.16/LayoutTests/editing/execCommand/show-modal-dialog-during-execCommand-expected.txt (0 => 214735)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/editing/execCommand/show-modal-dialog-during-execCommand-expected.txt	(rev 0)
+++

[webkit-changes] [214734] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

2017-04-03 Thread carlosgc

Title: [214734] releases/WebKitGTK/webkit-2.16/Source/_javascript_Core








Revision 214734
Author carlo...@webkit.org
Date 2017-04-03 00:03:52 -0700 (Mon, 03 Apr 2017)


Log Message
Merge r213876 - FTL should not flush strict arguments unless it really needs to
https://bugs.webkit.org/show_bug.cgi?id=169519

Reviewed by Mark Lam.

This is a refinement that we should have done ages ago. This kills some pointless PutStacks
in DFG SSA IR. It can sometimes unlock other optimizations.

Relanding after I fixed the special cases for CreateArguments-style nodes.

* dfg/DFGPreciseLocalClobberize.h:
(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):

Modified Paths

releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGPreciseLocalClobberize.h




Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog (214733 => 214734)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 06:51:57 UTC (rev 214733)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 07:03:52 UTC (rev 214734)
@@ -1,3 +1,18 @@
+2017-03-13  Filip Pizlo  
+
+FTL should not flush strict arguments unless it really needs to
+https://bugs.webkit.org/show_bug.cgi?id=169519
+
+Reviewed by Mark Lam.
+
+This is a refinement that we should have done ages ago. This kills some pointless PutStacks
+in DFG SSA IR. It can sometimes unlock other optimizations.
+
+Relanding after I fixed the special cases for CreateArguments-style nodes. 
+
+* dfg/DFGPreciseLocalClobberize.h:
+(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
+
 2017-03-13  Caio Lima  
 
 [JSC] It should be possible create a label named let when parsing Statement in non strict mode


Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGPreciseLocalClobberize.h (214733 => 214734)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGPreciseLocalClobberize.h	2017-04-03 06:51:57 UTC (rev 214733)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/dfg/DFGPreciseLocalClobberize.h	2017-04-03 07:03:52 UTC (rev 214734)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -137,7 +137,6 @@
 }
 };
 
-bool isForwardingNode = false;
 switch (m_node->op()) {
 case ForwardVarargs:
 case CallForwardVarargs:
@@ -144,11 +143,36 @@
 case ConstructForwardVarargs:
 case TailCallForwardVarargs:
 case TailCallForwardVarargsInlinedCaller:
-isForwardingNode = true;
-FALLTHROUGH;
 case GetMyArgumentByVal:
-case GetMyArgumentByValOutOfBounds: {
-
+case GetMyArgumentByValOutOfBounds:
+case CreateDirectArguments:
+case CreateScopedArguments:
+case CreateClonedArguments:
+case PhantomDirectArguments:
+case PhantomClonedArguments:
+case GetRestLength:
+case CreateRest: {
+bool isForwardingNode = false;
+bool isPhantomNode = false;
+switch (m_node->op()) {
+case ForwardVarargs:
+case CallForwardVarargs:
+case ConstructForwardVarargs:
+case TailCallForwardVarargs:
+case TailCallForwardVarargsInlinedCaller:
+isForwardingNode = true;
+break;
+case PhantomDirectArguments:
+case PhantomClonedArguments:
+isPhantomNode = true;
+break;
+default:
+break;
+}
+
+if (isPhantomNode && isFTL(m_graph.m_plan.mode))
+break;
+
 if (isForwardingNode && m_node->hasArgumentsChild() && m_node->argumentsChild() && m_node->argumentsChild()->op() == PhantomNewArrayWithSpread) {
 Node* arrayWithSpread = m_node->argumentsChild().node();
 readNewArrayWithSpreadNode(arrayWithSpread);
@@ -194,12 +218,13 @@
 m_read(VirtualRegister(inlineCallFrame->stackOffset + CallFrameSlot::argumentCount));
 break;
 }
-
 
 default: {
-// All of the outermost arguments, except this, are definitely read.
-for (unsigned i = m_graph.m_codeBlock->numParameters(); i-- > 1;)
-m_read(virtualRegisterForArgument(i));
+// All of the outermost arguments, except this, are read in sloppy mode.
+if (!m_graph.m_codeBlock->isStrictMode()) {
+for (unsigned i = m_graph.m_codeBlock->numParameters(); i-- > 1;)
+

[webkit-changes] [214733] releases/WebKitGTK/webkit-2.16

2017-04-03 Thread carlosgc

Title: [214733] releases/WebKitGTK/webkit-2.16








Revision 214733
Author carlo...@webkit.org
Date 2017-04-02 23:51:57 -0700 (Sun, 02 Apr 2017)


Log Message
Merge r213850 - [JSC] It should be possible create a label named let when parsing Statement in non strict mode
https://bugs.webkit.org/show_bug.cgi?id=168684

Patch by Caio Lima  on 2017-03-13
Reviewed by Saam Barati.

JSTests:

* ChakraCore/test/LetConst/DeclOutofBlock.baseline-jsc:

Source/_javascript_Core:

This patch is fixing a Parser bug to allow define a label named
```let``` in sloppy mode when parsing a Statement.

* parser/Parser.cpp:
(JSC::Parser::parseStatement):

LayoutTests:

* js/let-syntax-expected.txt:
* js/script-tests/let-syntax.js:
(shouldNotHaveSyntaxErrorSloopyOnly):

Modified Paths

releases/WebKitGTK/webkit-2.16/JSTests/ChakraCore/test/LetConst/DeclOutofBlock.baseline-jsc
releases/WebKitGTK/webkit-2.16/JSTests/ChangeLog
releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-2.16/LayoutTests/js/let-syntax-expected.txt
releases/WebKitGTK/webkit-2.16/LayoutTests/js/script-tests/let-syntax.js
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/parser/Parser.cpp




Diff

Modified: releases/WebKitGTK/webkit-2.16/JSTests/ChakraCore/test/LetConst/DeclOutofBlock.baseline-jsc (214732 => 214733)

--- releases/WebKitGTK/webkit-2.16/JSTests/ChakraCore/test/LetConst/DeclOutofBlock.baseline-jsc	2017-04-03 05:41:30 UTC (rev 214732)
+++ releases/WebKitGTK/webkit-2.16/JSTests/ChakraCore/test/LetConst/DeclOutofBlock.baseline-jsc	2017-04-03 06:51:57 UTC (rev 214733)
@@ -1,6 +1,6 @@
-SyntaxError: Unexpected identifier 'b'. Parse error.
+SyntaxError: Unexpected identifier 'b'
 SyntaxError: Unexpected keyword 'const'
-SyntaxError: Unexpected identifier 'd'. Parse error.
-SyntaxError: Unexpected identifier 'd'. Parse error.
-SyntaxError: Unexpected identifier 'f'. Parse error.
+SyntaxError: Unexpected identifier 'd'
+SyntaxError: Unexpected identifier 'd'
+SyntaxError: Unexpected identifier 'f'
 success


Modified: releases/WebKitGTK/webkit-2.16/JSTests/ChangeLog (214732 => 214733)

--- releases/WebKitGTK/webkit-2.16/JSTests/ChangeLog	2017-04-03 05:41:30 UTC (rev 214732)
+++ releases/WebKitGTK/webkit-2.16/JSTests/ChangeLog	2017-04-03 06:51:57 UTC (rev 214733)
@@ -1,3 +1,12 @@
+2017-03-13  Caio Lima  
+
+[JSC] It should be possible create a label named let when parsing Statement in non strict mode
+https://bugs.webkit.org/show_bug.cgi?id=168684
+
+Reviewed by Saam Barati.
+
+* ChakraCore/test/LetConst/DeclOutofBlock.baseline-jsc:
+
 2017-03-10  Mark Lam  
 
 JSC: BindingNode::bindValue doesn't increase the scope's reference count.


Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog (214732 => 214733)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 05:41:30 UTC (rev 214732)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 06:51:57 UTC (rev 214733)
@@ -1,3 +1,14 @@
+2017-03-13  Caio Lima  
+
+[JSC] It should be possible create a label named let when parsing Statement in non strict mode
+https://bugs.webkit.org/show_bug.cgi?id=168684
+
+Reviewed by Saam Barati.
+
+* js/let-syntax-expected.txt:
+* js/script-tests/let-syntax.js:
+(shouldNotHaveSyntaxErrorSloopyOnly):
+
 2017-03-09  Chris Dumez  
 
 Align Document.elementFromPoint() with the CSSOM specification


Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/js/let-syntax-expected.txt (214732 => 214733)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/js/let-syntax-expected.txt	2017-04-03 05:41:30 UTC (rev 214732)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/js/let-syntax-expected.txt	2017-04-03 06:51:57 UTC (rev 214733)
@@ -69,6 +69,7 @@
 PASS Does not have syntax error: ''use strict'; let x = { get foo() { let foo = 20; } };'
 PASS Does not have syntax error: 'let x = { get foo() { class foo { } } };'
 PASS Does not have syntax error: ''use strict'; let x = { get foo() { class foo { } } };'
+PASS Does not have syntax error: 'let x; with ({}) let: y = 3;'
 SyntaxError: Unexpected keyword 'let'. Can't use 'let' as an identifier name for a LexicalDeclaration.
 SyntaxError: Unexpected keyword 'let'. Can't use 'let' as an identifier name for a LexicalDeclaration.
 PASS Has syntax error: 'let let;'
@@ -189,8 +190,8 @@
 SyntaxError: Cannot declare a let variable twice: 'i'.
 SyntaxError: Cannot declare a let variable twice: 'i'.
 PASS Has syntax error: ''use strict'; for (let i = 20, j = 40, i = 10; i < 10; i++) {}'
-SyntaxError: Unexpected identifier 'x'. Parse error.
-SyntaxError: Unexpected identifier 'x'. Parse error.
+SyntaxError: Unexpected identifier 'x'
+SyntaxError: Unexpected identifier 'x'
 PASS Has syntax error: 'let x = 20; if (truth()) let x =

[webkit-changes] [214759] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

[webkit-changes] [214758] releases/WebKitGTK/webkit-2.16

[webkit-changes] [214757] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

[webkit-changes] [214756] releases/WebKitGTK/webkit-2.16

[webkit-changes] [214755] releases/WebKitGTK/webkit-2.16/Source/WTF

[webkit-changes] [214754] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

[webkit-changes] [214753] releases/WebKitGTK/webkit-2.16

[webkit-changes] [214752] releases/WebKitGTK/webkit-2.16

[webkit-changes] [214751] releases/WebKitGTK/webkit-2.16

[webkit-changes] [214750] trunk/Source/JavaScriptCore

[webkit-changes] [214747] releases/WebKitGTK/webkit-2.16/Source/WebCore

[webkit-changes] [214749] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

[webkit-changes] [214748] releases/WebKitGTK/webkit-2.16

[webkit-changes] [214746] releases/WebKitGTK/webkit-2.16/Source/WebCore

[webkit-changes] [214745] trunk/Source/JavaScriptCore

[webkit-changes] [214744] releases/WebKitGTK/webkit-2.16

[webkit-changes] [214743] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

[webkit-changes] [214742] releases/WebKitGTK/webkit-2.16/Source/WebCore

[webkit-changes] [214741] releases/WebKitGTK/webkit-2.16/Source/WebCore

[webkit-changes] [214740] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

[webkit-changes] [214739] releases/WebKitGTK/webkit-2.16

[webkit-changes] [214738] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

[webkit-changes] [214737] releases/WebKitGTK/webkit-2.16

[webkit-changes] [214736] releases/WebKitGTK/webkit-2.16/Source/WebCore

[webkit-changes] [214735] releases/WebKitGTK/webkit-2.16

[webkit-changes] [214734] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

[webkit-changes] [214733] releases/WebKitGTK/webkit-2.16

< 1 2

101 - 127 of 127 matches

Site Navigation

Mail list logo

Footer information