[webkit-changes] [232953] trunk/Source/JavaScriptCore
Title: [232953] trunk/Source/_javascript_Core Revision 232953 Author keith_mil...@apple.com Date 2018-06-18 18:34:11 -0700 (Mon, 18 Jun 2018) Log Message Unreviewed, fix the build... * runtime/JSArray.cpp: (JSC::JSArray::tryCreateUninitializedRestricted): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/runtime/JSArray.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (232952 => 232953) --- trunk/Source/_javascript_Core/ChangeLog 2018-06-19 01:27:11 UTC (rev 232952) +++ trunk/Source/_javascript_Core/ChangeLog 2018-06-19 01:34:11 UTC (rev 232953) @@ -1,5 +1,12 @@ 2018-06-18 Keith Miller +Unreviewed, fix the build... + +* runtime/JSArray.cpp: +(JSC::JSArray::tryCreateUninitializedRestricted): + +2018-06-18 Keith Miller + Unreviewed, remove bad assertion. * runtime/JSArray.cpp: Modified: trunk/Source/_javascript_Core/runtime/JSArray.cpp (232952 => 232953) --- trunk/Source/_javascript_Core/runtime/JSArray.cpp 2018-06-19 01:27:11 UTC (rev 232952) +++ trunk/Source/_javascript_Core/runtime/JSArray.cpp 2018-06-19 01:34:11 UTC (rev 232953) @@ -51,8 +51,6 @@ return 0; unsigned outOfLineStorage = structure->outOfLineCapacity(); -JSGlobalObject* globalObject = structure->globalObject(); - Butterfly* butterfly; IndexingType indexingType = structure->indexingType(); if (LIKELY(!hasAnyArrayStorage(indexingType))) { ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [232952] trunk/Source/JavaScriptCore
Title: [232952] trunk/Source/_javascript_Core Revision 232952 Author keith_mil...@apple.com Date 2018-06-18 18:27:11 -0700 (Mon, 18 Jun 2018) Log Message Unreviewed, remove bad assertion. * runtime/JSArray.cpp: (JSC::JSArray::tryCreateUninitializedRestricted): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/runtime/JSArray.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (232951 => 232952) --- trunk/Source/_javascript_Core/ChangeLog 2018-06-18 23:53:27 UTC (rev 232951) +++ trunk/Source/_javascript_Core/ChangeLog 2018-06-19 01:27:11 UTC (rev 232952) @@ -1,5 +1,12 @@ 2018-06-18 Keith Miller +Unreviewed, remove bad assertion. + +* runtime/JSArray.cpp: +(JSC::JSArray::tryCreateUninitializedRestricted): + +2018-06-18 Keith Miller + Properly zero unused property storage offsets https://bugs.webkit.org/show_bug.cgi?id=186692 Modified: trunk/Source/_javascript_Core/runtime/JSArray.cpp (232951 => 232952) --- trunk/Source/_javascript_Core/runtime/JSArray.cpp 2018-06-18 23:53:27 UTC (rev 232951) +++ trunk/Source/_javascript_Core/runtime/JSArray.cpp 2018-06-19 01:27:11 UTC (rev 232952) @@ -52,7 +52,6 @@ unsigned outOfLineStorage = structure->outOfLineCapacity(); JSGlobalObject* globalObject = structure->globalObject(); -ASSERT_UNUSED(globalObject, globalObject->isOriginalArrayStructure(structure) || structure == globalObject->regExpMatchesArrayStructure() || structure == globalObject->regExpMatchesArrayWithGroupsStructure()); Butterfly* butterfly; IndexingType indexingType = structure->indexingType(); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [232951] trunk
Title: [232951] trunk Revision 232951 Author keith_mil...@apple.com Date 2018-06-18 16:53:27 -0700 (Mon, 18 Jun 2018) Log Message Properly zero unused property storage offsets https://bugs.webkit.org/show_bug.cgi?id=186692 Reviewed by Filip Pizlo. JSTests: * stress/butterfly-zero-unused-butterfly-properties.js: Added. Source/_javascript_Core: Since the concurrent GC might see a property slot before the mutator has actually stored the value there, we need to ensure that slot doesn't have garbage in it. Right now when calling constructConvertedArrayStorageWithoutCopyingElements or creating a RegExp matches array, we never cleared the unused property storage. ObjectIntializationScope has also been upgraded to look for our invariants around property storage. Additionally, a new assertion has been added to check for JSValue() when adding a new property. We used to put undefined into deleted property offsets. To make things simpler, this patch causes us to store JSValue() there instead. Lastly, this patch fixes an issue where we would initialize the array storage of RegExpMatchesArray twice. First with 0 and secondly with the actual result. Now we only zero memory between vector length and public length. * runtime/Butterfly.h: (JSC::Butterfly::offsetOfVectorLength): * runtime/ButterflyInlines.h: (JSC::Butterfly::tryCreateUninitialized): (JSC::Butterfly::createUninitialized): (JSC::Butterfly::tryCreate): (JSC::Butterfly::create): (JSC::Butterfly::createOrGrowPropertyStorage): (JSC::Butterfly::createOrGrowArrayRight): (JSC::Butterfly::growArrayRight): (JSC::Butterfly::resizeArray): * runtime/JSArray.cpp: (JSC::JSArray::tryCreateUninitializedRestricted): (JSC::createArrayButterflyInDictionaryIndexingMode): Deleted. * runtime/JSArray.h: (JSC::tryCreateArrayButterfly): * runtime/JSObject.cpp: (JSC::JSObject::createArrayStorageButterfly): (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements): (JSC::JSObject::deleteProperty): (JSC::JSObject::shiftButterflyAfterFlattening): * runtime/JSObject.h: * runtime/JSObjectInlines.h: (JSC::JSObject::prepareToPutDirectWithoutTransition): * runtime/ObjectInitializationScope.cpp: (JSC::ObjectInitializationScope::verifyPropertiesAreInitialized): * runtime/ObjectInitializationScope.h: (JSC::ObjectInitializationScope::release): * runtime/RegExpMatchesArray.h: (JSC::tryCreateUninitializedRegExpMatchesArray): (JSC::createRegExpMatchesArray): * runtime/Butterfly.h: (JSC::Butterfly::offsetOfVectorLength): * runtime/ButterflyInlines.h: (JSC::Butterfly::tryCreateUninitialized): (JSC::Butterfly::createUninitialized): (JSC::Butterfly::tryCreate): (JSC::Butterfly::create): (JSC::Butterfly::createOrGrowPropertyStorage): (JSC::Butterfly::createOrGrowArrayRight): (JSC::Butterfly::growArrayRight): (JSC::Butterfly::resizeArray): * runtime/JSArray.cpp: (JSC::JSArray::tryCreateUninitializedRestricted): (JSC::createArrayButterflyInDictionaryIndexingMode): Deleted. * runtime/JSArray.h: (JSC::tryCreateArrayButterfly): * runtime/JSObject.cpp: (JSC::JSObject::createArrayStorageButterfly): (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements): (JSC::JSObject::deleteProperty): (JSC::JSObject::shiftButterflyAfterFlattening): * runtime/JSObject.h: * runtime/JSObjectInlines.h: (JSC::JSObject::prepareToPutDirectWithoutTransition): * runtime/ObjectInitializationScope.cpp: (JSC::ObjectInitializationScope::verifyPropertiesAreInitialized): * runtime/RegExpMatchesArray.cpp: (JSC::createEmptyRegExpMatchesArray): * runtime/RegExpMatchesArray.h: (JSC::tryCreateUninitializedRegExpMatchesArray): (JSC::createRegExpMatchesArray): Modified Paths trunk/JSTests/ChangeLog trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/runtime/Butterfly.h trunk/Source/_javascript_Core/runtime/ButterflyInlines.h trunk/Source/_javascript_Core/runtime/JSArray.cpp trunk/Source/_javascript_Core/runtime/JSArray.h trunk/Source/_javascript_Core/runtime/JSObject.cpp trunk/Source/_javascript_Core/runtime/JSObject.h trunk/Source/_javascript_Core/runtime/JSObjectInlines.h trunk/Source/_javascript_Core/runtime/ObjectInitializationScope.cpp trunk/Source/_javascript_Core/runtime/RegExpMatchesArray.cpp trunk/Source/_javascript_Core/runtime/RegExpMatchesArray.h Added Paths trunk/JSTests/stress/butterfly-zero-unused-butterfly-properties.js Diff Modified: trunk/JSTests/ChangeLog (232950 => 232951) --- trunk/JSTests/ChangeLog 2018-06-18 22:26:58 UTC (rev 232950) +++ trunk/JSTests/ChangeLog 2018-06-18 23:53:27 UTC (rev 232951) @@ -1,3 +1,12 @@ +2018-06-18 Keith Miller + +Properly zero unused property storage offsets +https://bugs.webkit.org/show_bug.cgi?id=186692 + +Reviewed by Filip Pizlo. + +* stress/butterfly-zero-unused-butterfly-properties.js: Added. + 2018-06-18 Michael Saboff Support Unicode 11 in RegExp Added: trunk/JSTests/stress/butterfly-zero-unused-butterfly-properties.js (0 => 232951) ---
[webkit-changes] [232950] trunk/Source/WebKit
Title: [232950] trunk/Source/WebKit Revision 232950 Author wilan...@apple.com Date 2018-06-18 15:26:58 -0700 (Mon, 18 Jun 2018) Log Message Resource Load Statistics: Make sure to call callbacks even if there is no store (test infrastructure) https://bugs.webkit.org/show_bug.cgi?id=186777 Reviewed by Chris Dumez. * UIProcess/API/C/WKWebsiteDataStoreRef.cpp: (WKWebsiteDataStoreStatisticsUpdateCookiePartitioning): (WKWebsiteDataStoreSetStatisticsShouldPartitionCookiesForHost): (WKWebsiteDataStoreStatisticsClearInMemoryAndPersistentStore): (WKWebsiteDataStoreStatisticsClearInMemoryAndPersistentStoreModifiedSinceHours): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.cpp Diff Modified: trunk/Source/WebKit/ChangeLog (232949 => 232950) --- trunk/Source/WebKit/ChangeLog 2018-06-18 22:14:32 UTC (rev 232949) +++ trunk/Source/WebKit/ChangeLog 2018-06-18 22:26:58 UTC (rev 232950) @@ -1,3 +1,17 @@ +2018-06-18 John Wilander + +Resource Load Statistics: Make sure to call callbacks even if there is no store (test infrastructure) +https://bugs.webkit.org/show_bug.cgi?id=186777 + + +Reviewed by Chris Dumez. + +* UIProcess/API/C/WKWebsiteDataStoreRef.cpp: +(WKWebsiteDataStoreStatisticsUpdateCookiePartitioning): +(WKWebsiteDataStoreSetStatisticsShouldPartitionCookiesForHost): +(WKWebsiteDataStoreStatisticsClearInMemoryAndPersistentStore): +(WKWebsiteDataStoreStatisticsClearInMemoryAndPersistentStoreModifiedSinceHours): + 2018-06-18 Chris Dumez Crash under WebProcessPool::networkProcessFailedToLaunch(): Modified: trunk/Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.cpp (232949 => 232950) --- trunk/Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.cpp 2018-06-18 22:14:32 UTC (rev 232949) +++ trunk/Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.cpp 2018-06-18 22:26:58 UTC (rev 232950) @@ -293,8 +293,10 @@ void WKWebsiteDataStoreStatisticsUpdateCookiePartitioning(WKWebsiteDataStoreRef dataStoreRef, void* context, WKWebsiteDataStoreStatisticsUpdateCookiePartitioningFunction callback) { auto* store = WebKit::toImpl(dataStoreRef)->websiteDataStore().resourceLoadStatistics(); -if (!store) +if (!store) { +callback(context); return; +} store->scheduleCookiePartitioningUpdate([context, callback]() { callback(context); @@ -304,8 +306,10 @@ void WKWebsiteDataStoreSetStatisticsShouldPartitionCookiesForHost(WKWebsiteDataStoreRef dataStoreRef, WKStringRef host, bool value, void* context, WKWebsiteDataStoreSetStatisticsShouldPartitionCookiesForHostFunction callback) { auto* store = WebKit::toImpl(dataStoreRef)->websiteDataStore().resourceLoadStatistics(); -if (!store) +if (!store) { +callback(context); return; +} if (value) store->scheduleCookiePartitioningUpdateForDomains({ WebKit::toImpl(host)->string() }, { }, { }, WebKit::ShouldClearFirst::No, [context, callback]() { @@ -388,8 +392,10 @@ void WKWebsiteDataStoreStatisticsClearInMemoryAndPersistentStore(WKWebsiteDataStoreRef dataStoreRef, void* context, WKWebsiteDataStoreStatisticsClearInMemoryAndPersistentStoreFunction callback) { auto* store = WebKit::toImpl(dataStoreRef)->websiteDataStore().resourceLoadStatistics(); -if (!store) +if (!store) { +callback(context); return; +} store->scheduleClearInMemoryAndPersistent(WebKit::WebResourceLoadStatisticsStore::ShouldGrandfather::Yes, [context, callback]() { callback(context); @@ -399,8 +405,10 @@ void WKWebsiteDataStoreStatisticsClearInMemoryAndPersistentStoreModifiedSinceHours(WKWebsiteDataStoreRef dataStoreRef, unsigned hours, void* context, WKWebsiteDataStoreStatisticsClearInMemoryAndPersistentStoreModifiedSinceHoursFunction callback) { auto* store = WebKit::toImpl(dataStoreRef)->websiteDataStore().resourceLoadStatistics(); -if (!store) +if (!store) { +callback(context); return; +} store->scheduleClearInMemoryAndPersistent(WallTime::now() - Seconds::fromHours(hours), WebKit::WebResourceLoadStatisticsStore::ShouldGrandfather::Yes, [context, callback]() { callback(context); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [232949] trunk/Source/WebCore
Title: [232949] trunk/Source/WebCore Revision 232949 Author cdu...@apple.com Date 2018-06-18 15:14:32 -0700 (Mon, 18 Jun 2018) Log Message Better pack ResourceRequest https://bugs.webkit.org/show_bug.cgi?id=186717 Reviewed by Darin Adler. Better pack ResourceRequest to reduce its size from 240 to 232 bytes on Mac. * platform/network/ResourceRequestBase.h: Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/platform/network/ResourceRequestBase.h Diff Modified: trunk/Source/WebCore/ChangeLog (232948 => 232949) --- trunk/Source/WebCore/ChangeLog 2018-06-18 21:46:58 UTC (rev 232948) +++ trunk/Source/WebCore/ChangeLog 2018-06-18 22:14:32 UTC (rev 232949) @@ -1,3 +1,15 @@ +2018-06-18 Chris Dumez + +Better pack ResourceRequest +https://bugs.webkit.org/show_bug.cgi?id=186717 + +Reviewed by Darin Adler. + +Better pack ResourceRequest to reduce its size from 240 to 232 bytes +on Mac. + +* platform/network/ResourceRequestBase.h: + 2018-06-18 Antoine Quint [Web Animations] Implement "Starting of transitions" section from CSS Transitions Modified: trunk/Source/WebCore/platform/network/ResourceRequestBase.h (232948 => 232949) --- trunk/Source/WebCore/platform/network/ResourceRequestBase.h 2018-06-18 21:46:58 UTC (rev 232948) +++ trunk/Source/WebCore/platform/network/ResourceRequestBase.h 2018-06-18 22:14:32 UTC (rev 232949) @@ -223,10 +223,15 @@ double m_timeoutInterval; // 0 is a magic value for platform default on platforms that have one. URL m_firstPartyForCookies; String m_httpMethod; +String m_initiatorIdentifier; +String m_cachePartition { emptyString() }; HTTPHeaderMap m_httpHeaderFields; Vector m_responseContentDispositionEncodingFallbackArray; RefPtr m_httpBody; ResourceRequestCachePolicy m_cachePolicy { UseProtocolCachePolicy }; +SameSiteDisposition m_sameSiteDisposition { SameSiteDisposition::Unspecified }; +ResourceLoadPriority m_priority { ResourceLoadPriority::Low }; +Requester m_requester { Requester::Unspecified }; bool m_allowCookies { false }; mutable bool m_resourceRequestUpdated { false }; mutable bool m_platformRequestUpdated { false }; @@ -233,12 +238,7 @@ mutable bool m_resourceRequestBodyUpdated { false }; mutable bool m_platformRequestBodyUpdated { false }; bool m_hiddenFromInspector { false }; -SameSiteDisposition m_sameSiteDisposition { SameSiteDisposition::Unspecified }; bool m_isTopSite { false }; -ResourceLoadPriority m_priority { ResourceLoadPriority::Low }; -Requester m_requester { Requester::Unspecified }; -String m_initiatorIdentifier; -String m_cachePartition { emptyString() }; #if USE(SYSTEM_PREVIEW) bool m_isSystemPreview { false }; IntRect m_systemPreviewRect; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [232948] trunk
Title: [232948] trunk Revision 232948 Author cdu...@apple.com Date 2018-06-18 14:46:58 -0700 (Mon, 18 Jun 2018) Log Message Crash under WebProcessPool::networkProcessFailedToLaunch(): https://bugs.webkit.org/show_bug.cgi?id=186784 Reviewed by Brady Eidson. Source/WebKit: * UIProcess/API/Cocoa/WKProcessPool.mm: (+[WKProcessPool _allProcessPoolsForTesting]): Add SPI to retrieve all WebProcessPool for testing purposes. * UIProcess/API/Cocoa/WKProcessPoolPrivate.h: * UIProcess/Network/NetworkProcessProxy.cpp: (WebKit::NetworkProcessProxy::clearCallbackStates): Make iteration over completion handlers robust against completion handlers getting removed while we iterate. (WebKit::NetworkProcessProxy::didClose): Ref the WebProcessPool (which keeps the NetworkProcessProxy alive too) as several calls within this method might cause the WebProcessPool / NetworkProcessProxy to get destroyed. Tools: Add API test coverage. * TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm: (TEST): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm Diff Modified: trunk/Source/WebKit/ChangeLog (232947 => 232948) --- trunk/Source/WebKit/ChangeLog 2018-06-18 21:45:23 UTC (rev 232947) +++ trunk/Source/WebKit/ChangeLog 2018-06-18 21:46:58 UTC (rev 232948) @@ -1,5 +1,28 @@ 2018-06-18 Chris Dumez +Crash under WebProcessPool::networkProcessFailedToLaunch(): +https://bugs.webkit.org/show_bug.cgi?id=186784 + + +Reviewed by Brady Eidson. + +* UIProcess/API/Cocoa/WKProcessPool.mm: +(+[WKProcessPool _allProcessPoolsForTesting]): +Add SPI to retrieve all WebProcessPool for testing purposes. + +* UIProcess/API/Cocoa/WKProcessPoolPrivate.h: +* UIProcess/Network/NetworkProcessProxy.cpp: +(WebKit::NetworkProcessProxy::clearCallbackStates): +Make iteration over completion handlers robust against completion handlers +getting removed while we iterate. + +(WebKit::NetworkProcessProxy::didClose): +Ref the WebProcessPool (which keeps the NetworkProcessProxy alive too) +as several calls within this method might cause the WebProcessPool / +NetworkProcessProxy to get destroyed. + +2018-06-18 Chris Dumez + Implement IPC throttling to keep the main thread responsive when a process misbehaves https://bugs.webkit.org/show_bug.cgi?id=186607 Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm (232947 => 232948) --- trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm 2018-06-18 21:45:23 UTC (rev 232947) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm 2018-06-18 21:46:58 UTC (rev 232948) @@ -161,6 +161,15 @@ return sharedProcessPool; } ++ (NSArray *)_allProcessPoolsForTesting +{ +auto& allPools = WebKit::WebProcessPool::allProcessPools(); +auto nsAllPools = adoptNS([[NSMutableArray alloc] initWithCapacity:allPools.size()]); +for (auto* pool : allPools) +[nsAllPools addObject:wrapper(*pool)]; +return nsAllPools.autorelease(); +} + + (NSURL *)_websiteDataURLForContainerWithURL:(NSURL *)containerURL { return [WKProcessPool _websiteDataURLForContainerWithURL:containerURL bundleIdentifierIfNotInContainer:nil]; Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h (232947 => 232948) --- trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h 2018-06-18 21:45:23 UTC (rev 232947) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h 2018-06-18 21:46:58 UTC (rev 232948) @@ -42,6 +42,8 @@ + (WKProcessPool *)_sharedProcessPool; ++ (NSArray *)_allProcessPoolsForTesting WK_API_AVAILABLE(macosx(WK_MAC_TBA), ios(WK_IOS_TBA)); + @property (nonatomic, readonly) _WKProcessPoolConfiguration *_configuration; - (void)_setAllowsSpecificHTTPSCertificate:(NSArray *)certificateChain forHost:(NSString *)host; Modified: trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp (232947 => 232948) --- trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp 2018-06-18 21:45:23 UTC (rev 232947) +++ trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp 2018-06-18 21:46:58 UTC (rev 232948) @@ -223,17 +223,14 @@ void NetworkProcessProxy::clearCallbackStates() { -for (const auto& callback : m_pendingFetchWebsiteDataCallbacks.values()) -callback(WebsiteData()); -m_pendingFetchWebsiteDataCallbacks.clear(); +while (!m_pendingFetchWebsiteDataCallbacks.isEmpty()) +m_pendingFetchWebsiteDataCallbacks.take(m_pendingFetchWebsiteDataCallbacks.begin()->key)(WebsiteData { }); -for (const auto& callback : m_pendingDeleteWebsiteDataCallbacks.values()) -callback(); -
[webkit-changes] [232947] trunk/Source/WebKit
Title: [232947] trunk/Source/WebKit Revision 232947 Author cdu...@apple.com Date 2018-06-18 14:45:23 -0700 (Mon, 18 Jun 2018) Log Message Implement IPC throttling to keep the main thread responsive when a process misbehaves https://bugs.webkit.org/show_bug.cgi?id=186607 Reviewed by Geoffrey Garen. Implement IPC throttling to keep the main thread responsive when a process misbehaves. Instead of doing one main runloop dispatch per incoming message, we now do a single runloop dispatch and process incoming messages in batch. We put a limit on the number of messages to be processed in a batch (600). If the queue is larger that this limit, we'll schedule a 0-timer to process remaining messages, giving the main runloop a chance to process other events. Additionally, if an IPC connection keeps hitting this maximum batch size limit, we implement back off and we'll further decrease the number of messages we process in each batch (going as low as 60). This keeps Safari responsive enough to allow the user to close the bad tab (even on older devices such as iPhone 5s). Finally, if the incoming message queue becomes too large (5), we go one step further and kill the IPC connection in order to maintain performance / battery life. Every time we apply throttling or terminate a connection due to throttling, we do a RELEASE_LOG_ERROR() with useful information in order to help diagnose potential issues in the future. * Platform/IPC/Connection.cpp: (IPC::Connection::Connection): (IPC::Connection::enqueueIncomingMessage): (IPC::Connection::MessagesThrottler::MessagesThrottler): (IPC::Connection::MessagesThrottler::scheduleMessagesDispatch): (IPC::Connection::MessagesThrottler::numberOfMessagesToProcess): (IPC::Connection::dispatchIncomingMessages): * Platform/IPC/Connection.h: * Platform/IPC/mac/ConnectionMac.mm: (IPC::Connection::kill): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/IPC/Connection.cpp trunk/Source/WebKit/Platform/IPC/Connection.h trunk/Source/WebKit/Platform/IPC/mac/ConnectionMac.mm Diff Modified: trunk/Source/WebKit/ChangeLog (232946 => 232947) --- trunk/Source/WebKit/ChangeLog 2018-06-18 21:20:47 UTC (rev 232946) +++ trunk/Source/WebKit/ChangeLog 2018-06-18 21:45:23 UTC (rev 232947) @@ -1,3 +1,38 @@ +2018-06-18 Chris Dumez + +Implement IPC throttling to keep the main thread responsive when a process misbehaves +https://bugs.webkit.org/show_bug.cgi?id=186607 + +Reviewed by Geoffrey Garen. + +Implement IPC throttling to keep the main thread responsive when a process misbehaves. +Instead of doing one main runloop dispatch per incoming message, we now do a single +runloop dispatch and process incoming messages in batch. We put a limit on the number +of messages to be processed in a batch (600). If the queue is larger that this limit, +we'll schedule a 0-timer to process remaining messages, giving the main runloop a chance +to process other events. Additionally, if an IPC connection keeps hitting this maximum +batch size limit, we implement back off and we'll further decrease the number of messages +we process in each batch (going as low as 60). This keeps Safari responsive enough to +allow the user to close the bad tab (even on older devices such as iPhone 5s). + +Finally, if the incoming message queue becomes too large (5), we go one step further +and kill the IPC connection in order to maintain performance / battery life. + +Every time we apply throttling or terminate a connection due to throttling, we do a +RELEASE_LOG_ERROR() with useful information in order to help diagnose potential issues +in the future. + +* Platform/IPC/Connection.cpp: +(IPC::Connection::Connection): +(IPC::Connection::enqueueIncomingMessage): +(IPC::Connection::MessagesThrottler::MessagesThrottler): +(IPC::Connection::MessagesThrottler::scheduleMessagesDispatch): +(IPC::Connection::MessagesThrottler::numberOfMessagesToProcess): +(IPC::Connection::dispatchIncomingMessages): +* Platform/IPC/Connection.h: +* Platform/IPC/mac/ConnectionMac.mm: +(IPC::Connection::kill): + 2018-06-18 Jiewen Tan Add a graceful exit for AuthenticationManager::initializeConnection Modified: trunk/Source/WebKit/Platform/IPC/Connection.cpp (232946 => 232947) --- trunk/Source/WebKit/Platform/IPC/Connection.cpp 2018-06-18 21:20:47 UTC (rev 232946) +++ trunk/Source/WebKit/Platform/IPC/Connection.cpp 2018-06-18 21:45:23 UTC (rev 232947) @@ -44,6 +44,11 @@ namespace IPC { +#if PLATFORM(COCOA) +// The IPC connection gets killed if the incoming message queue reaches 5 messages before the main thread has a chance to dispatch them. +const size_t maxPendingIncomingMessagesKillingThreshold { 5 }; +#endif + struct Connection::ReplyHandler { RefPtr dispatcher;
[webkit-changes] [232946] trunk
Title: [232946] trunk Revision 232946 Author grao...@webkit.org Date 2018-06-18 14:20:47 -0700 (Mon, 18 Jun 2018) Log Message [Web Animations] Implement "Starting of transitions" section from CSS Transitions https://bugs.webkit.org/show_bug.cgi?id=186517 Reviewed by Dean Jackson. LayoutTests/imported/mozilla: Mark some progressions in the Mozilla CSS Animations and CSS Transitions tests. * css-transitions/test_animation-cancel-expected.txt: * css-transitions/test_animation-ready-expected.txt: Source/WebCore: We implement the whole section at https://drafts.csswg.org/css-transitions-1/#starting so that we have spec-compliant starting of CSS Transitions. To correctly implement this we now maintain two maps of transitions for a given property, a set of running transitions (m_elementToRunningCSSTransitionByCSSPropertyID) and a set of completed transition (m_elementToCompletedCSSTransitionByCSSPropertyID). * animation/AnimationTimeline.cpp: (WebCore::removeCSSTransitionFromMap): Add a utility to remove a CSSTransition from one of the two HashMap>> managed by AnimationTimeline (m_elementToRunningCSSTransitionByCSSPropertyID and m_elementToCompletedCSSTransitionByCSSPropertyID). (WebCore::AnimationTimeline::animationWasRemovedFromElement): Use the new removeCSSTransitionFromMap() utility. (WebCore::AnimationTimeline::updateCSSAnimationsForElement): We rename "oldStyle" to "currentStyle" to align with the naming used by updateCSSAnimationsForElement(). We also remove an initial check that has been pushed up to Style::TreeResolver::createAnimatedElementUpdate(). (WebCore::propertyInStyleMatchesValueForTransitionInMap): When running the steps mandated by the spec we often need to check whether a given property has a transition in an AnimationList that matches the value used in a given RenderStyle. (WebCore::transitionCombinedDuration): We need to compute the combined duration twice while running the steps mandated by the spec, so we have a dedicated utility. (WebCore::transitionMatchesProperty): New utility that indicates whether a WebCore::Animation matches a given property, by virtue of targeting it directly, targeting a shorthand for which this property is a longhand, or targeting "all". (WebCore::AnimationTimeline::updateCSSTransitionsForElement): This is where all of the new implementation for starting transitions happens. We implement the steps as they appear in the spec. (WebCore::shouldBackingAnimationBeConsideredForCSSTransition): Deleted. * animation/AnimationTimeline.h: * animation/CSSAnimation.cpp: (WebCore::CSSAnimation::syncPropertiesWithBackingAnimation): Since only CSS Animations respect the delay and duration values as parsed directly in a WebCore:Animation object, we move code that was previously in DeclarativeAnimation::syncPropertiesWithBackingAnimation to this method. CSS Transitions set those values based on the delay and duration parameters passed to CSSTransition::create() and computed in AnimationTimeline::updateCSSTransitionsForElement(). * animation/CSSTransition.cpp: (WebCore::CSSTransition::create): Since the transition's delay and duration is computed in AnimationTimeline::updateCSSTransitionsForElement(), we now require them to be passed when creating a CSSTransition and pass those to the new setTimingProperties() function. We also expect a target style and reversing-adjusted start style, as well as a reversing-shortening factor. (WebCore::CSSTransition::CSSTransition): (WebCore::CSSTransition::resolve): We need to be able to query the last style computed by a call to resolve() from AnimationTimeline::updateCSSTransitionsForElement(), we subclass this newly-virtual WebAnimation method and clone the style after we blended the property targeted by this transition. (WebCore::CSSTransition::setTimingProperties): Set the transition delay and duration as provided in the call to create(). (WebCore::CSSTransition::canBeListed const): Fix a crash that was found while working on this bug where we could access a null effect. (WebCore::CSSTransition::initialize): Deleted. (WebCore::CSSTransition::matchesBackingAnimationAndStyles const): Deleted. * animation/CSSTransition.h: * animation/DeclarativeAnimation.cpp: (WebCore::DeclarativeAnimation::syncPropertiesWithBackingAnimation): This virtual method now has an empty definition since the timing properties are now only set for CSSAnimation. * animation/KeyframeEffectReadOnly.cpp: (WebCore::KeyframeEffectReadOnly::stylesWouldYieldNewCSSTransitionsBlendingKeyframes const): Deleted. * animation/KeyframeEffectReadOnly.h: * animation/WebAnimation.h: * page/animation/CSSPropertyAnimation.cpp: (WebCore::AnimationPropertyWrapperBase::canInterpolate const): Since we need to be able to determine whether some property values can be interpolated, we add a new canInterpolate() method to the base wrapper class so the cases where we can't interpolate values (length with an "auto" type) may return false.
[webkit-changes] [232945] trunk/Source/WebInspectorUI
Title: [232945] trunk/Source/WebInspectorUI Revision 232945 Author bb...@apple.com Date 2018-06-18 14:14:40 -0700 (Mon, 18 Jun 2018) Log Message Web Inspector: TypeError: Array.prototype.sort passed bad value in NetworkTableContentView _updateSortAndFilteredEntries https://bugs.webkit.org/show_bug.cgi?id=186787 Reviewed by Timothy Hatcher. * UserInterface/Views/NetworkTableContentView.js: (WI.NetworkTableContentView.prototype._updateSortAndFilteredEntries): Modified Paths trunk/Source/WebInspectorUI/ChangeLog trunk/Source/WebInspectorUI/UserInterface/Views/NetworkTableContentView.js Diff Modified: trunk/Source/WebInspectorUI/ChangeLog (232944 => 232945) --- trunk/Source/WebInspectorUI/ChangeLog 2018-06-18 21:04:52 UTC (rev 232944) +++ trunk/Source/WebInspectorUI/ChangeLog 2018-06-18 21:14:40 UTC (rev 232945) @@ -1,3 +1,14 @@ +2018-06-18 Brian Burg + +Web Inspector: TypeError: Array.prototype.sort passed bad value in NetworkTableContentView _updateSortAndFilteredEntries +https://bugs.webkit.org/show_bug.cgi?id=186787 + + +Reviewed by Timothy Hatcher. + +* UserInterface/Views/NetworkTableContentView.js: +(WI.NetworkTableContentView.prototype._updateSortAndFilteredEntries): + 2018-06-13 Nikita Vasilyev Web Inspector: open source Dark Mode Modified: trunk/Source/WebInspectorUI/UserInterface/Views/NetworkTableContentView.js (232944 => 232945) --- trunk/Source/WebInspectorUI/UserInterface/Views/NetworkTableContentView.js 2018-06-18 21:04:52 UTC (rev 232944) +++ trunk/Source/WebInspectorUI/UserInterface/Views/NetworkTableContentView.js 2018-06-18 21:14:40 UTC (rev 232945) @@ -1243,7 +1243,9 @@ _updateSortAndFilteredEntries() { -this._entries = this._entries.sort(this._entriesSortComparator); +if (this._entriesSortComparator) +this._entries = this._entries.sort(this._entriesSortComparator); + this._updateFilteredEntries(); } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [232944] trunk/Source/WebCore
Title: [232944] trunk/Source/WebCore Revision 232944 Author n_w...@apple.com Date 2018-06-18 14:04:52 -0700 (Mon, 18 Jun 2018) Log Message AX: [macOS] When zoom is enabled, focus doesn't follow text cursor https://bugs.webkit.org/show_bug.cgi?id=186697 Reviewed by Darin Adler. Now that web process doesn't have access to NSScreen. The conversion of the rects is wrong. Fixed this by using the right function that's available in WebCore to get the rects. * editing/mac/FrameSelectionMac.mm: (WebCore::accessibilityConvertScreenRect): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/editing/mac/FrameSelectionMac.mm Diff Modified: trunk/Source/WebCore/ChangeLog (232943 => 232944) --- trunk/Source/WebCore/ChangeLog 2018-06-18 20:48:07 UTC (rev 232943) +++ trunk/Source/WebCore/ChangeLog 2018-06-18 21:04:52 UTC (rev 232944) @@ -1,3 +1,17 @@ +2018-06-18 Nan Wang + +AX: [macOS] When zoom is enabled, focus doesn't follow text cursor +https://bugs.webkit.org/show_bug.cgi?id=186697 + +Reviewed by Darin Adler. + +Now that web process doesn't have access to NSScreen. The conversion of the +rects is wrong. Fixed this by using the right function that's available in +WebCore to get the rects. + +* editing/mac/FrameSelectionMac.mm: +(WebCore::accessibilityConvertScreenRect): + 2018-06-18 Youenn Fablet Expose RTCPeerConnectionIceEventInit constructor Modified: trunk/Source/WebCore/editing/mac/FrameSelectionMac.mm (232943 => 232944) --- trunk/Source/WebCore/editing/mac/FrameSelectionMac.mm 2018-06-18 20:48:07 UTC (rev 232943) +++ trunk/Source/WebCore/editing/mac/FrameSelectionMac.mm 2018-06-18 21:04:52 UTC (rev 232944) @@ -32,21 +32,6 @@ namespace WebCore { -#if !PLATFORM(IOS) -static CGRect accessibilityConvertScreenRect(CGRect bounds) -{ -NSArray *screens = [NSScreen screens]; -if ([screens count]) { -CGFloat screenHeight = NSHeight([(NSScreen *)[screens objectAtIndex:0] frame]); -bounds.origin.y = (screenHeight - (bounds.origin.y + bounds.size.height)); -} else -bounds = CGRectZero; - -return bounds; -} -#endif // !PLATFORM(IOS) - - void FrameSelection::notifyAccessibilityForSelectionChange(const AXTextStateChangeIntent& intent) { Document* document = m_frame->document(); @@ -73,10 +58,12 @@ selectionRect = frameView->contentsToScreen(selectionRect); viewRect = frameView->contentsToScreen(viewRect); -CGRect cgCaretRect = CGRectMake(selectionRect.x(), selectionRect.y(), selectionRect.width(), selectionRect.height()); -CGRect cgViewRect = CGRectMake(viewRect.x(), viewRect.y(), viewRect.width(), viewRect.height()); -cgCaretRect = accessibilityConvertScreenRect(cgCaretRect); -cgViewRect = accessibilityConvertScreenRect(cgViewRect); +NSRect nsCaretRect = NSMakeRect(selectionRect.x(), selectionRect.y(), selectionRect.width(), selectionRect.height()); +NSRect nsViewRect = NSMakeRect(viewRect.x(), viewRect.y(), viewRect.width(), viewRect.height()); +nsCaretRect = toUserSpaceForPrimaryScreen(nsCaretRect); +nsViewRect = toUserSpaceForPrimaryScreen(nsViewRect); +CGRect cgCaretRect = NSRectToCGRect(nsCaretRect); +CGRect cgViewRect = NSRectToCGRect(nsViewRect); UAZoomChangeFocus(, , kUAZoomFocusTypeInsertionPoint); #endif // !PLATFORM(IOS) ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [232943] trunk
Title: [232943] trunk Revision 232943 Author you...@apple.com Date 2018-06-18 13:48:07 -0700 (Mon, 18 Jun 2018) Log Message Expose RTCPeerConnectionIceEventInit constructor https://bugs.webkit.org/show_bug.cgi?id=186770 Reviewed by Alex Christensen. LayoutTests/imported/w3c: * web-platform-tests/webrtc/RTCPeerConnectionIceEvent-constructor-expected.txt: Updated expectation as per patch. * web-platform-tests/webrtc/rtcpeerconnection/rtcpeerconnection-idl-expected.txt: Rebasing this file, changes are unrelated but test is marked as flaky. Source/WebCore: Add event constructor as per specification. Add support for the url attribute. For that purpose, we need to pipe that information from LibWebRTCMediaEndpoint up to RTCPeerConnectionIceEvent. Covered by rebased test. * Modules/mediastream/PeerConnectionBackend.cpp: (WebCore::PeerConnectionBackend::fireICECandidateEvent): (WebCore::PeerConnectionBackend::disableICECandidateFiltering): (WebCore::PeerConnectionBackend::newICECandidate): (WebCore::PeerConnectionBackend::doneGatheringCandidates): (WebCore::PeerConnectionBackend::finishedRegisteringMDNSName): * Modules/mediastream/PeerConnectionBackend.h: * Modules/mediastream/RTCPeerConnectionIceEvent.cpp: (WebCore::RTCPeerConnectionIceEvent::create): (WebCore::RTCPeerConnectionIceEvent::RTCPeerConnectionIceEvent): * Modules/mediastream/RTCPeerConnectionIceEvent.h: (WebCore::RTCPeerConnectionIceEvent::url const): * Modules/mediastream/RTCPeerConnectionIceEvent.idl: * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp: (WebCore::LibWebRTCMediaEndpoint::OnIceCandidate): * bindings/js/WebCoreBuiltinNames.h: * dom/EventNames.in: Modified Paths trunk/LayoutTests/imported/w3c/ChangeLog trunk/LayoutTests/imported/w3c/web-platform-tests/webrtc/RTCPeerConnectionIceEvent-constructor-expected.txt trunk/LayoutTests/imported/w3c/web-platform-tests/webrtc/rtcpeerconnection/rtcpeerconnection-idl-expected.txt trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/mediastream/PeerConnectionBackend.cpp trunk/Source/WebCore/Modules/mediastream/PeerConnectionBackend.h trunk/Source/WebCore/Modules/mediastream/RTCPeerConnectionIceEvent.cpp trunk/Source/WebCore/Modules/mediastream/RTCPeerConnectionIceEvent.h trunk/Source/WebCore/Modules/mediastream/RTCPeerConnectionIceEvent.idl trunk/Source/WebCore/Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp trunk/Source/WebCore/bindings/js/WebCoreBuiltinNames.h trunk/Source/WebCore/dom/EventNames.in Diff Modified: trunk/LayoutTests/imported/w3c/ChangeLog (232942 => 232943) --- trunk/LayoutTests/imported/w3c/ChangeLog 2018-06-18 20:11:01 UTC (rev 232942) +++ trunk/LayoutTests/imported/w3c/ChangeLog 2018-06-18 20:48:07 UTC (rev 232943) @@ -1,3 +1,15 @@ +2018-06-18 Youenn Fablet + +Expose RTCPeerConnectionIceEventInit constructor +https://bugs.webkit.org/show_bug.cgi?id=186770 + +Reviewed by Alex Christensen. + +* web-platform-tests/webrtc/RTCPeerConnectionIceEvent-constructor-expected.txt: +Updated expectation as per patch. +* web-platform-tests/webrtc/rtcpeerconnection/rtcpeerconnection-idl-expected.txt: +Rebasing this file, changes are unrelated but test is marked as flaky. + 2018-06-16 Brendan McLoughlin Sync additional web-platform-tests directories up to 197cdad Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/webrtc/RTCPeerConnectionIceEvent-constructor-expected.txt (232942 => 232943) --- trunk/LayoutTests/imported/w3c/web-platform-tests/webrtc/RTCPeerConnectionIceEvent-constructor-expected.txt 2018-06-18 20:11:01 UTC (rev 232942) +++ trunk/LayoutTests/imported/w3c/web-platform-tests/webrtc/RTCPeerConnectionIceEvent-constructor-expected.txt 2018-06-18 20:48:07 UTC (rev 232943) @@ -1,12 +1,10 @@ -FAIL RTCPeerConnectionIceEvent with no arguments throws TypeError assert_throws: function "() => { -new RTCPeerConnectionIceEvent(); - }" threw object "ReferenceError: Can't find variable: RTCPeerConnectionIceEvent" ("ReferenceError") expected object "TypeError" ("TypeError") -FAIL RTCPeerConnectionIceEvent with no eventInitDict (default) Can't find variable: RTCPeerConnectionIceEvent -FAIL RTCPeerConnectionIceEvent with empty object as eventInitDict (default) Can't find variable: RTCPeerConnectionIceEvent -FAIL RTCPeerConnectionIceEvent.candidate is null when constructed with { candidate: null } Can't find variable: RTCPeerConnectionIceEvent -FAIL RTCPeerConnectionIceEvent.candidate is null when constructed with { candidate: undefined } Can't find variable: RTCPeerConnectionIceEvent -FAIL RTCPeerConnectionIceEvent with RTCIceCandidate Can't find variable: RTCPeerConnectionIceEvent -FAIL RTCPeerConnectionIceEvent with non RTCIceCandidate object throws assert_throws: function "() => new RTCPeerConnectionIceEvent("type", { candidate: plain })" threw object "ReferenceError: Can't find variable: RTCPeerConnectionIceEvent" ("ReferenceError") expected object "TypeError"
[webkit-changes] [232942] trunk/Source/WebCore
Title: [232942] trunk/Source/WebCore Revision 232942 Author simon.fra...@apple.com Date 2018-06-18 13:11:01 -0700 (Mon, 18 Jun 2018) Log Message SVGTransformListValues wastes 127KB of Vector capacity on nytimes.com https://bugs.webkit.org/show_bug.cgi?id=186704 Reviewed by Said Abou-Hallawa. SVGTransformListValues has inline capacity 1, and every SVGGraphicsElement has a SVGSynchronizableAnimatedProperty, so the inline capacity wastes space for every SVGGraphicsElement that doesn't have a transform (i.e. most of them). So make SVGTransformListValues have zero inline capacity, and set its min capacity to 2, rather than the default 16, since most transform lists are short. * svg/SVGTransformListValues.h: Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/svg/SVGTransformListValues.h Diff Modified: trunk/Source/WebCore/ChangeLog (232941 => 232942) --- trunk/Source/WebCore/ChangeLog 2018-06-18 19:28:33 UTC (rev 232941) +++ trunk/Source/WebCore/ChangeLog 2018-06-18 20:11:01 UTC (rev 232942) @@ -1,3 +1,20 @@ +2018-06-18 Simon Fraser + +SVGTransformListValues wastes 127KB of Vector capacity on nytimes.com +https://bugs.webkit.org/show_bug.cgi?id=186704 + +Reviewed by Said Abou-Hallawa. + +SVGTransformListValues has inline capacity 1, and every SVGGraphicsElement has +a SVGSynchronizableAnimatedProperty, so the inline +capacity wastes space for every SVGGraphicsElement that doesn't have a transform (i.e. +most of them). + +So make SVGTransformListValues have zero inline capacity, and set its min capacity to +2, rather than the default 16, since most transform lists are short. + +* svg/SVGTransformListValues.h: + 2018-06-18 Said Abou-Hallawa Document should not be mutated under SMILTimeContainer::updateAnimations() Modified: trunk/Source/WebCore/svg/SVGTransformListValues.h (232941 => 232942) --- trunk/Source/WebCore/svg/SVGTransformListValues.h 2018-06-18 19:28:33 UTC (rev 232941) +++ trunk/Source/WebCore/svg/SVGTransformListValues.h 2018-06-18 20:11:01 UTC (rev 232942) @@ -31,7 +31,7 @@ class SVGTransformList; -class SVGTransformListValues final : public Vector { +class SVGTransformListValues final : public Vector { public: Ref createSVGTransformFromMatrix(SVGMatrix&) const; Ref consolidate(); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [232941] trunk
Title: [232941] trunk Revision 232941 Author s...@apple.com Date 2018-06-18 12:28:33 -0700 (Mon, 18 Jun 2018) Log Message Document should not be mutated under SMILTimeContainer::updateAnimations() https://bugs.webkit.org/show_bug.cgi?id=186658 Reviewed by Simon Fraser. Source/WebCore: To update the animation of an SVG element, we call SVGAnimateElementBase::resetAnimatedType(). It ensures the pointer m_animator is valid. If it animates a css property, it calls computeCSSPropertyValue() which calls resolveStyle() via other calls. resolveStyle() may call delayed callbacks through the destructor of PostResolutionCallbackDisabler. These callbacks may fire events. These events may execute JS event handlers. If one of these event handlers deletes the same SVG we animate, we will end up calling SVGAnimateElementBase::resetAnimatedPropertyType() of the same element. This function will delete the same m_animator which resetAnimatedType() still holds and will use later. This code re-entrance is unexpected and unwanted. The fix is to disable mutating the DOM while updating the SVG animations. Test: svg/dom/css-animate-input-foucs-crash.html * svg/animation/SMILTimeContainer.cpp: (WebCore::SMILTimeContainer::updateAnimations): LayoutTests: * svg/dom/css-animate-input-foucs-crash-expected.txt: Added. * svg/dom/css-animate-input-foucs-crash.html: Added. Modified Paths trunk/LayoutTests/ChangeLog trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/svg/animation/SMILTimeContainer.cpp Added Paths trunk/LayoutTests/svg/dom/css-animate-input-foucs-crash-expected.txt trunk/LayoutTests/svg/dom/css-animate-input-foucs-crash.html Diff Modified: trunk/LayoutTests/ChangeLog (232940 => 232941) --- trunk/LayoutTests/ChangeLog 2018-06-18 19:13:19 UTC (rev 232940) +++ trunk/LayoutTests/ChangeLog 2018-06-18 19:28:33 UTC (rev 232941) @@ -1,3 +1,13 @@ +2018-06-18 Said Abou-Hallawa + +Document should not be mutated under SMILTimeContainer::updateAnimations() +https://bugs.webkit.org/show_bug.cgi?id=186658 + +Reviewed by Simon Fraser. + +* svg/dom/css-animate-input-foucs-crash-expected.txt: Added. +* svg/dom/css-animate-input-foucs-crash.html: Added. + 2018-06-18 Wenson Hsieh fast/forms/button-set-display-flex-justifyContent-center.html is failing on macOS Mojave Added: trunk/LayoutTests/svg/dom/css-animate-input-foucs-crash-expected.txt (0 => 232941) --- trunk/LayoutTests/svg/dom/css-animate-input-foucs-crash-expected.txt (rev 0) +++ trunk/LayoutTests/svg/dom/css-animate-input-foucs-crash-expected.txt 2018-06-18 19:28:33 UTC (rev 232941) @@ -0,0 +1,4 @@ +This test passes if it doesn't crash. + + + Added: trunk/LayoutTests/svg/dom/css-animate-input-foucs-crash.html (0 => 232941) --- trunk/LayoutTests/svg/dom/css-animate-input-foucs-crash.html (rev 0) +++ trunk/LayoutTests/svg/dom/css-animate-input-foucs-crash.html 2018-06-18 19:28:33 UTC (rev 232941) @@ -0,0 +1,23 @@ + +This test passes if it doesn't crash. + + + + + + + + +if (window.testRunner) +testRunner.dumpAsText(); + +function onFoucsIn() { +svgRoot.remove(); +} + +function onToggle() { +input.autofocus = true; +inputParent.after(inputParent); +} + + Modified: trunk/Source/WebCore/ChangeLog (232940 => 232941) --- trunk/Source/WebCore/ChangeLog 2018-06-18 19:13:19 UTC (rev 232940) +++ trunk/Source/WebCore/ChangeLog 2018-06-18 19:28:33 UTC (rev 232941) @@ -1,3 +1,29 @@ +2018-06-18 Said Abou-Hallawa + +Document should not be mutated under SMILTimeContainer::updateAnimations() +https://bugs.webkit.org/show_bug.cgi?id=186658 + +Reviewed by Simon Fraser. + +To update the animation of an SVG element, we call +SVGAnimateElementBase::resetAnimatedType(). It ensures the pointer m_animator +is valid. If it animates a css property, it calls computeCSSPropertyValue() +which calls resolveStyle() via other calls. resolveStyle() may call delayed +callbacks through the destructor of PostResolutionCallbackDisabler. These +callbacks may fire events. These events may execute JS event handlers. +If one of these event handlers deletes the same SVG we animate, +we will end up calling SVGAnimateElementBase::resetAnimatedPropertyType() +of the same element. This function will delete the same m_animator +which resetAnimatedType() still holds and will use later. This code +re-entrance is unexpected and unwanted. + +The fix is to disable mutating the DOM while updating the SVG animations. + +Test: svg/dom/css-animate-input-foucs-crash.html + +* svg/animation/SMILTimeContainer.cpp: +(WebCore::SMILTimeContainer::updateAnimations): + 2018-06-18 Commit Queue Unreviewed,
[webkit-changes] [232940] trunk/LayoutTests
Title: [232940] trunk/LayoutTests Revision 232940 Author wenson_hs...@apple.com Date 2018-06-18 12:13:19 -0700 (Mon, 18 Jun 2018) Log Message fast/forms/button-set-display-flex-justifyContent-center.html is failing on macOS Mojave https://bugs.webkit.org/show_bug.cgi?id=186776 Fix a failing layout test by making the reference markup robust for changes to system button text color. This system color is different in macOS Mojave, which causes this layout test to fail. Reviewed by Beth Dakin. * fast/forms/button-set-display-flex-justifyContent-center-expected.html: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/fast/forms/button-set-display-flex-justifyContent-center-expected.html Diff Modified: trunk/LayoutTests/ChangeLog (232939 => 232940) --- trunk/LayoutTests/ChangeLog 2018-06-18 19:05:27 UTC (rev 232939) +++ trunk/LayoutTests/ChangeLog 2018-06-18 19:13:19 UTC (rev 232940) @@ -1,3 +1,16 @@ +2018-06-18 Wenson Hsieh + +fast/forms/button-set-display-flex-justifyContent-center.html is failing on macOS Mojave +https://bugs.webkit.org/show_bug.cgi?id=186776 + + +Fix a failing layout test by making the reference markup robust for changes to system button text color. This +system color is different in macOS Mojave, which causes this layout test to fail. + +Reviewed by Beth Dakin. + +* fast/forms/button-set-display-flex-justifyContent-center-expected.html: + 2018-06-18 Michael Catanzaro Unreviewed GTK test gardening Modified: trunk/LayoutTests/fast/forms/button-set-display-flex-justifyContent-center-expected.html (232939 => 232940) --- trunk/LayoutTests/fast/forms/button-set-display-flex-justifyContent-center-expected.html 2018-06-18 19:05:27 UTC (rev 232939) +++ trunk/LayoutTests/fast/forms/button-set-display-flex-justifyContent-center-expected.html 2018-06-18 19:13:19 UTC (rev 232940) @@ -6,6 +6,7 @@ width: 300px; display: flex; justify-content: center; +color: buttontext; } Test for centering text inside a button set to display flex and justify-content: center is impossible ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [232939] trunk/LayoutTests
Title: [232939] trunk/LayoutTests Revision 232939 Author mcatanz...@igalia.com Date 2018-06-18 12:05:27 -0700 (Mon, 18 Jun 2018) Log Message Unreviewed GTK test gardening * TestExpectations: * platform/gtk/TestExpectations: * platform/gtk/imported/w3c/web-platform-tests/css/WOFF2/directory-knowntags-001-expected.png: Renamed from LayoutTests/platform/gtk/imported/w3c/web-platform-tests/css/woff2/directory-knowntags-001-expected.png. * platform/gtk/imported/w3c/web-platform-tests/css/WOFF2/tabledata-glyf-origlength-003-expected.png: Renamed from LayoutTests/platform/gtk/imported/w3c/web-platform-tests/css/woff2/tabledata-glyf-origlength-003-expected.png. Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/TestExpectations trunk/LayoutTests/platform/gtk/TestExpectations Added Paths trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/css/WOFF2/ trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/css/WOFF2/directory-knowntags-001-expected.png trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/css/WOFF2/tabledata-glyf-origlength-003-expected.png Removed Paths trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/css/woff2/ Diff Modified: trunk/LayoutTests/ChangeLog (232938 => 232939) --- trunk/LayoutTests/ChangeLog 2018-06-18 19:01:57 UTC (rev 232938) +++ trunk/LayoutTests/ChangeLog 2018-06-18 19:05:27 UTC (rev 232939) @@ -1,3 +1,12 @@ +2018-06-18 Michael Catanzaro + +Unreviewed GTK test gardening + +* TestExpectations: +* platform/gtk/TestExpectations: +* platform/gtk/imported/w3c/web-platform-tests/css/WOFF2/directory-knowntags-001-expected.png: Renamed from LayoutTests/platform/gtk/imported/w3c/web-platform-tests/css/woff2/directory-knowntags-001-expected.png. +* platform/gtk/imported/w3c/web-platform-tests/css/WOFF2/tabledata-glyf-origlength-003-expected.png: Renamed from LayoutTests/platform/gtk/imported/w3c/web-platform-tests/css/woff2/tabledata-glyf-origlength-003-expected.png. + 2018-06-18 Youenn Fablet Validate Cross-Origin-Resource-Policy for resources cached in the MemoryCache Modified: trunk/LayoutTests/TestExpectations (232938 => 232939) --- trunk/LayoutTests/TestExpectations 2018-06-18 19:01:57 UTC (rev 232938) +++ trunk/LayoutTests/TestExpectations 2018-06-18 19:05:27 UTC (rev 232939) @@ -2146,3 +2146,5 @@ imported/w3c/web-platform-tests/css/css-pseudo/first-letter-property-whitelist.html [ Pass Failure ] imported/w3c/web-platform-tests/WebCryptoAPI/generateKey/successes_RSA-OAEP.https.any.html [ Pass Failure ] imported/w3c/web-platform-tests/WebCryptoAPI/generateKey/successes_RSA-OAEP.https.any.worker.html [ Pass Failure ] + +webkit.org/b/175609 imported/w3c/web-platform-tests/IndexedDB/idbobjectstore_getAll.html [ Pass Failure ] Modified: trunk/LayoutTests/platform/gtk/TestExpectations (232938 => 232939) --- trunk/LayoutTests/platform/gtk/TestExpectations 2018-06-18 19:01:57 UTC (rev 232938) +++ trunk/LayoutTests/platform/gtk/TestExpectations 2018-06-18 19:05:27 UTC (rev 232939) @@ -583,7 +583,7 @@ webkit.org/b/79203 fast/mediastream/RTCPeerConnection-dtmf.html [ Timeout ] webkit.org/b/79203 fast/mediastream/RTCPeerConnection-icecandidate-event.html [ Failure Crash ] webkit.org/b/79203 fast/mediastream/RTCPeerConnection-media-setup-two-dialogs.html [ Pass Failure Crash ] -webkit.org/b/79203 fast/mediastream/MediaStream-video-element.html [ Pass Crash ] +webkit.org/b/79203 fast/mediastream/MediaStream-video-element.html [ Pass Crash Failure ] webkit.org/b/79203 fast/mediastream/RTCRtpSender-replaceTrack.html [ Failure Crash ] # Crash is webkit.org/b/184292 webkit.org/b/79203 fast/mediastream/RTCPeerConnection-addIceCandidate.html [ Failure Pass Crash ] @@ -1248,7 +1248,7 @@ webkit.org/b/131546 media/track/track-in-band.html [ Crash Timeout Failure ] -webkit.org/b/163782 media/video-played-ranges-1.html [ Crash Pass ] +webkit.org/b/163782 media/video-played-ranges-1.html [ Crash Pass Failure ] webkit.org/b/172281 accessibility/insert-children-assert.html [ Crash ] @@ -1293,6 +1293,14 @@ webkit.org/b/180253 [ Debug ] fullscreen/video-controls-timeline.html [ Crash ] webkit.org/b/180253 [ Debug ] http/tests/appcache/video.html [ Crash ] +# Crashes only when GNOME icon theme is not installed +webkit.org/b/186767 fast/hidpi/broken-image-icon-very-hidpi.html [ Crash Pass ] + +# This one crashes only on EWS. +webkit.org/b/186778 http/tests/misc/cached-scripts.html [ Crash Pass ] + +webkit.org/b/186779 http/tests/security/sandboxed-iframe-DENIED-modals.html [ Crash Pass ] + # # End of Crashing tests # @@ -1619,7 +1627,8 @@ webkit.org/b/133865 media/W3C/video/networkState/networkState_during_progress.html [ Failure Pass ] webkit.org/b/133866
[webkit-changes] [232938] trunk/Source/WebCore
Title: [232938] trunk/Source/WebCore Revision 232938 Author commit-qu...@webkit.org Date 2018-06-18 12:01:57 -0700 (Mon, 18 Jun 2018) Log Message Unreviewed, rolling out r232935. https://bugs.webkit.org/show_bug.cgi?id=186783 This patch broke macOS 32-bit build (Requested by n_wang on #webkit). Reverted changeset: "AX: [macOS] When zoom is enabled, focus doesn't follow text cursor" https://bugs.webkit.org/show_bug.cgi?id=186697 https://trac.webkit.org/changeset/232935 Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/editing/mac/FrameSelectionMac.mm Diff Modified: trunk/Source/WebCore/ChangeLog (232937 => 232938) --- trunk/Source/WebCore/ChangeLog 2018-06-18 18:54:49 UTC (rev 232937) +++ trunk/Source/WebCore/ChangeLog 2018-06-18 19:01:57 UTC (rev 232938) @@ -1,3 +1,18 @@ +2018-06-18 Commit Queue + +Unreviewed, rolling out r232935. +https://bugs.webkit.org/show_bug.cgi?id=186783 + +This patch broke macOS 32-bit build (Requested by n_wang on +#webkit). + +Reverted changeset: + +"AX: [macOS] When zoom is enabled, focus doesn't follow text +cursor" +https://bugs.webkit.org/show_bug.cgi?id=186697 +https://trac.webkit.org/changeset/232935 + 2018-06-18 Nan Wang AX: [macOS] When zoom is enabled, focus doesn't follow text cursor Modified: trunk/Source/WebCore/editing/mac/FrameSelectionMac.mm (232937 => 232938) --- trunk/Source/WebCore/editing/mac/FrameSelectionMac.mm 2018-06-18 18:54:49 UTC (rev 232937) +++ trunk/Source/WebCore/editing/mac/FrameSelectionMac.mm 2018-06-18 19:01:57 UTC (rev 232938) @@ -32,6 +32,21 @@ namespace WebCore { +#if !PLATFORM(IOS) +static CGRect accessibilityConvertScreenRect(CGRect bounds) +{ +NSArray *screens = [NSScreen screens]; +if ([screens count]) { +CGFloat screenHeight = NSHeight([(NSScreen *)[screens objectAtIndex:0] frame]); +bounds.origin.y = (screenHeight - (bounds.origin.y + bounds.size.height)); +} else +bounds = CGRectZero; + +return bounds; +} +#endif // !PLATFORM(IOS) + + void FrameSelection::notifyAccessibilityForSelectionChange(const AXTextStateChangeIntent& intent) { Document* document = m_frame->document(); @@ -60,8 +75,8 @@ viewRect = frameView->contentsToScreen(viewRect); CGRect cgCaretRect = CGRectMake(selectionRect.x(), selectionRect.y(), selectionRect.width(), selectionRect.height()); CGRect cgViewRect = CGRectMake(viewRect.x(), viewRect.y(), viewRect.width(), viewRect.height()); -cgCaretRect = toUserSpaceForPrimaryScreen(cgCaretRect); -cgViewRect = toUserSpaceForPrimaryScreen(cgViewRect); +cgCaretRect = accessibilityConvertScreenRect(cgCaretRect); +cgViewRect = accessibilityConvertScreenRect(cgViewRect); UAZoomChangeFocus(, , kUAZoomFocusTypeInsertionPoint); #endif // !PLATFORM(IOS) ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [232937] trunk/Source
Title: [232937] trunk/Source Revision 232937 Author jiewen_...@apple.com Date 2018-06-18 11:54:49 -0700 (Mon, 18 Jun 2018) Log Message Add a graceful exit for AuthenticationManager::initializeConnection https://bugs.webkit.org/show_bug.cgi?id=186632 Reviewed by Brent Fulgham. Source/WebKit: Add a graceful exit for AuthenticationManager::initializeConnection when the provided IPC connection is null or the underlying xpc connection is null. * Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm: (WebKit::AuthenticationManager::initializeConnection): Source/WTF: * wtf/spi/darwin/XPCSPI.h: Modified Paths trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/spi/darwin/XPCSPI.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm Diff Modified: trunk/Source/WTF/ChangeLog (232936 => 232937) --- trunk/Source/WTF/ChangeLog 2018-06-18 18:49:01 UTC (rev 232936) +++ trunk/Source/WTF/ChangeLog 2018-06-18 18:54:49 UTC (rev 232937) @@ -1,3 +1,13 @@ +2018-06-18 Jiewen Tan + +Add a graceful exit for AuthenticationManager::initializeConnection +https://bugs.webkit.org/show_bug.cgi?id=186632 + + +Reviewed by Brent Fulgham. + +* wtf/spi/darwin/XPCSPI.h: + 2018-06-18 Carlos Alberto Lopez Perez [WTF] Remove workarounds needed to support libstdc++-4 Modified: trunk/Source/WTF/wtf/spi/darwin/XPCSPI.h (232936 => 232937) --- trunk/Source/WTF/wtf/spi/darwin/XPCSPI.h 2018-06-18 18:49:01 UTC (rev 232936) +++ trunk/Source/WTF/wtf/spi/darwin/XPCSPI.h 2018-06-18 18:54:49 UTC (rev 232937) @@ -72,6 +72,7 @@ #define XPC_ERROR_TERMINATION_IMMINENT XPC_GLOBAL_OBJECT(_xpc_error_termination_imminent) #define XPC_TYPE_ARRAY (&_xpc_type_array) #define XPC_TYPE_BOOL (&_xpc_type_bool) +#define XPC_TYPE_CONNECTION (&_xpc_type_connection) #define XPC_TYPE_DICTIONARY (&_xpc_type_dictionary) #define XPC_TYPE_ERROR (&_xpc_type_error) #define XPC_TYPE_STRING (&_xpc_type_string) Modified: trunk/Source/WebKit/ChangeLog (232936 => 232937) --- trunk/Source/WebKit/ChangeLog 2018-06-18 18:49:01 UTC (rev 232936) +++ trunk/Source/WebKit/ChangeLog 2018-06-18 18:54:49 UTC (rev 232937) @@ -1,3 +1,17 @@ +2018-06-18 Jiewen Tan + +Add a graceful exit for AuthenticationManager::initializeConnection +https://bugs.webkit.org/show_bug.cgi?id=186632 + + +Reviewed by Brent Fulgham. + +Add a graceful exit for AuthenticationManager::initializeConnection when the provided IPC connection +is null or the underlying xpc connection is null. + +* Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm: +(WebKit::AuthenticationManager::initializeConnection): + 2018-06-18 Youenn Fablet Validate Cross-Origin-Resource-Policy for resources cached in the MemoryCache Modified: trunk/Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm (232936 => 232937) --- trunk/Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm 2018-06-18 18:49:01 UTC (rev 232936) +++ trunk/Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm 2018-06-18 18:54:49 UTC (rev 232937) @@ -40,6 +40,11 @@ { ASSERT(isMainThread()); +if (!connection || xpc_get_type(connection->xpcConnection()) != XPC_TYPE_CONNECTION) { +ASSERT_NOT_REACHED(); +return; +} + auto weakThis = makeWeakPtr(*this); // The following xpc event handler overwrites the boostrap event handler and is only used // to capture client certificate credential. ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [232936] trunk/Source/JavaScriptCore
Title: [232936] trunk/Source/_javascript_Core Revision 232936 Author commit-qu...@webkit.org Date 2018-06-18 11:49:01 -0700 (Mon, 18 Jun 2018) Log Message Share structure across instances of classes exported through the ObjC API https://bugs.webkit.org/show_bug.cgi?id=186579 Patch by Tadeu Zagallo on 2018-06-18 Reviewed by Saam Barati. A new structure was being created for each instance of exported ObjC classes due to setting the prototype in the structure for every object, since prototype transitions are not cached by the structure. Cache the Structure in the JSObjcClassInfo to avoid the transition. * API/JSWrapperMap.mm: (-[JSObjCClassInfo wrapperForObject:inContext:]): (-[JSObjCClassInfo structureInContext:]): * API/tests/JSWrapperMapTests.h: Added. * API/tests/JSWrapperMapTests.mm: Added. (+[JSWrapperMapTests testStructureIdentity]): (runJSWrapperMapTests): * API/tests/testapi.mm: (testObjectiveCAPIMain): * _javascript_Core.xcodeproj/project.pbxproj: Modified Paths trunk/Source/_javascript_Core/API/JSWrapperMap.mm trunk/Source/_javascript_Core/API/tests/testapi.mm trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj Added Paths trunk/Source/_javascript_Core/API/tests/JSWrapperMapTests.h trunk/Source/_javascript_Core/API/tests/JSWrapperMapTests.mm Diff Modified: trunk/Source/_javascript_Core/API/JSWrapperMap.mm (232935 => 232936) --- trunk/Source/_javascript_Core/API/JSWrapperMap.mm 2018-06-18 18:31:06 UTC (rev 232935) +++ trunk/Source/_javascript_Core/API/JSWrapperMap.mm 2018-06-18 18:49:01 UTC (rev 232936) @@ -367,6 +367,7 @@ JSClassRef m_classRef; JSC::Weak m_prototype; JSC::Weak m_constructor; +JSC::Weak m_structure; } - (instancetype)initForClass:(Class)cls; @@ -517,10 +518,14 @@ } } -JSC::JSObject* prototype = [self prototypeInContext:context]; +JSC::Structure* structure = [self structureInContext:context]; -JSC::JSObject* wrapper = makeWrapper([context JSGlobalContextRef], m_classRef, object); -JSObjectSetPrototype([context JSGlobalContextRef], toRef(wrapper), toRef(prototype)); +JSC::ExecState* exec = toJS([context JSGlobalContextRef]); +JSC::VM& vm = exec->vm(); +JSC::JSLockHolder locker(vm); + +JSC::JSCallbackObject* wrapper = JSC::JSCallbackObject::create(exec, exec->lexicalGlobalObject(), structure, m_classRef, 0); +wrapper->setWrappedObject(object); return wrapper; } @@ -542,6 +547,20 @@ return prototype; } +- (JSC::Structure*)structureInContext:(JSContext *)context +{ +JSC::Structure* structure = m_structure.get(); +if (structure) +return structure; + +JSC::ExecState* exec = toJS([context JSGlobalContextRef]); +JSC::JSGlobalObject* globalObject = toJSGlobalObject([context JSGlobalContextRef]); +JSC::JSObject* prototype = [self prototypeInContext:context]; +m_structure = JSC::JSCallbackObject::createStructure(exec->vm(), globalObject, prototype); + +return m_structure.get(); +} + @end @implementation JSWrapperMap { Added: trunk/Source/_javascript_Core/API/tests/JSWrapperMapTests.h (0 => 232936) --- trunk/Source/_javascript_Core/API/tests/JSWrapperMapTests.h (rev 0) +++ trunk/Source/_javascript_Core/API/tests/JSWrapperMapTests.h 2018-06-18 18:49:01 UTC (rev 232936) @@ -0,0 +1,34 @@ +/* + * Copyright (C) 2018 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +#import +#import <_javascript_Core/_javascript_Core.h> + +#if JSC_OBJC_API_ENABLED + +void runJSWrapperMapTests(); + +#endif // JSC_OBJC_API_ENABLED + Added:
[webkit-changes] [232935] trunk/Source/WebCore
Title: [232935] trunk/Source/WebCore Revision 232935 Author n_w...@apple.com Date 2018-06-18 11:31:06 -0700 (Mon, 18 Jun 2018) Log Message AX: [macOS] When zoom is enabled, focus doesn't follow text cursor https://bugs.webkit.org/show_bug.cgi?id=186697 Reviewed by Darin Adler. Now that web process doesn't have access to NSScreen. The conversion of the rects is wrong. Fixed this by using the right function that's available in WebCore to convert the rects. * editing/mac/FrameSelectionMac.mm: (WebCore::accessibilityConvertScreenRect): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/editing/mac/FrameSelectionMac.mm Diff Modified: trunk/Source/WebCore/ChangeLog (232934 => 232935) --- trunk/Source/WebCore/ChangeLog 2018-06-18 17:55:58 UTC (rev 232934) +++ trunk/Source/WebCore/ChangeLog 2018-06-18 18:31:06 UTC (rev 232935) @@ -1,3 +1,17 @@ +2018-06-18 Nan Wang + +AX: [macOS] When zoom is enabled, focus doesn't follow text cursor +https://bugs.webkit.org/show_bug.cgi?id=186697 + +Reviewed by Darin Adler. + +Now that web process doesn't have access to NSScreen. The conversion of the +rects is wrong. Fixed this by using the right function that's available in +WebCore to convert the rects. + +* editing/mac/FrameSelectionMac.mm: +(WebCore::accessibilityConvertScreenRect): + 2018-06-18 Youenn Fablet Validate Cross-Origin-Resource-Policy for resources cached in the MemoryCache Modified: trunk/Source/WebCore/editing/mac/FrameSelectionMac.mm (232934 => 232935) --- trunk/Source/WebCore/editing/mac/FrameSelectionMac.mm 2018-06-18 17:55:58 UTC (rev 232934) +++ trunk/Source/WebCore/editing/mac/FrameSelectionMac.mm 2018-06-18 18:31:06 UTC (rev 232935) @@ -32,21 +32,6 @@ namespace WebCore { -#if !PLATFORM(IOS) -static CGRect accessibilityConvertScreenRect(CGRect bounds) -{ -NSArray *screens = [NSScreen screens]; -if ([screens count]) { -CGFloat screenHeight = NSHeight([(NSScreen *)[screens objectAtIndex:0] frame]); -bounds.origin.y = (screenHeight - (bounds.origin.y + bounds.size.height)); -} else -bounds = CGRectZero; - -return bounds; -} -#endif // !PLATFORM(IOS) - - void FrameSelection::notifyAccessibilityForSelectionChange(const AXTextStateChangeIntent& intent) { Document* document = m_frame->document(); @@ -75,8 +60,8 @@ viewRect = frameView->contentsToScreen(viewRect); CGRect cgCaretRect = CGRectMake(selectionRect.x(), selectionRect.y(), selectionRect.width(), selectionRect.height()); CGRect cgViewRect = CGRectMake(viewRect.x(), viewRect.y(), viewRect.width(), viewRect.height()); -cgCaretRect = accessibilityConvertScreenRect(cgCaretRect); -cgViewRect = accessibilityConvertScreenRect(cgViewRect); +cgCaretRect = toUserSpaceForPrimaryScreen(cgCaretRect); +cgViewRect = toUserSpaceForPrimaryScreen(cgViewRect); UAZoomChangeFocus(, , kUAZoomFocusTypeInsertionPoint); #endif // !PLATFORM(IOS) ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [232933] trunk
Title: [232933] trunk Revision 232933 Author you...@apple.com Date 2018-06-18 10:30:02 -0700 (Mon, 18 Jun 2018) Log Message Validate Cross-Origin-Resource-Policy for resources cached in the MemoryCache https://bugs.webkit.org/show_bug.cgi?id=186639 Reviewed by Geoffrey Garen. Source/WebCore: Add a method to check CORP. Make use of it to validate any memory cached resource. Whitelist CORP header so that it is not filtered out by Network Process. Test: http/wpt/cross-origin-resource-policy/image-in-iframe-loads.html * loader/CrossOriginAccessControl.cpp: (WebCore::shouldCrossOriginResourcePolicyCancelLoad): (WebCore::validateCrossOriginResourcePolicy): * loader/CrossOriginAccessControl.h: * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::requestResource): * platform/network/ResourceResponseBase.cpp: (WebCore::isSafeRedirectionResponseHeader): (WebCore::isSafeCrossOriginResponseHeader): Source/WebKit: Make use of WebCore method to check CORP. * NetworkProcess/NetworkLoadChecker.cpp: (WebKit::NetworkLoadChecker::validateResponse): * NetworkProcess/NetworkLoadChecker.h: LayoutTests: * http/wpt/cross-origin-resource-policy/image-in-iframe-loads-expected.txt: Added. * http/wpt/cross-origin-resource-policy/image-in-iframe-loads.html: Added. * http/wpt/cross-origin-resource-policy/resources/iframeImage.html: Added. * http/wpt/cross-origin-resource-policy/resources/image.py: (main): Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/image.py trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp trunk/Source/WebCore/loader/CrossOriginAccessControl.h trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.h Added Paths trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-in-iframe-loads-expected.txt trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-in-iframe-loads.html trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframeImage.html Diff Modified: trunk/LayoutTests/ChangeLog (232932 => 232933) --- trunk/LayoutTests/ChangeLog 2018-06-18 15:55:43 UTC (rev 232932) +++ trunk/LayoutTests/ChangeLog 2018-06-18 17:30:02 UTC (rev 232933) @@ -1,3 +1,17 @@ +2018-06-18 Youenn Fablet + +Validate Cross-Origin-Resource-Policy for resources cached in the MemoryCache +https://bugs.webkit.org/show_bug.cgi?id=186639 + + +Reviewed by Geoffrey Garen. + +* http/wpt/cross-origin-resource-policy/image-in-iframe-loads-expected.txt: Added. +* http/wpt/cross-origin-resource-policy/image-in-iframe-loads.html: Added. +* http/wpt/cross-origin-resource-policy/resources/iframeImage.html: Added. +* http/wpt/cross-origin-resource-policy/resources/image.py: +(main): + 2018-06-18 Zan Dobersek Unreviewed WPE gardening. Manage the current set of CSS3 Filters and Added: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-in-iframe-loads-expected.txt (0 => 232933) --- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-in-iframe-loads-expected.txt (rev 0) +++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-in-iframe-loads-expected.txt 2018-06-18 17:30:02 UTC (rev 232933) @@ -0,0 +1,4 @@ + + +PASS Ensure CORP checks in case image is cached + Added: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-in-iframe-loads.html (0 => 232933) --- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-in-iframe-loads.html (rev 0) +++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-in-iframe-loads.html 2018-06-18 17:30:02 UTC (rev 232933) @@ -0,0 +1,38 @@ + + + + + +