[webkit-changes] [236827] trunk/Source/JavaScriptCore

[ross . kirsling]

Title: [236827] trunk/Source/_javascript_Core








Revision 236827
Author ross.kirsl...@sony.com
Date 2018-10-03 22:12:19 -0700 (Wed, 03 Oct 2018)


Log Message
[JSC] print() changes CRLF to CRCRLF on Windows
https://bugs.webkit.org/show_bug.cgi?id=190228

Reviewed by Mark Lam.

* jsc.cpp:
(main):
Ultimately, this is just the normal behavior of printf in text mode on Windows.
Since we're reading in files as binary, we need to be printing out as binary too
(just as we do in DumpRenderTree and ImageDiff.)

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/jsc.cpp




Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (236826 => 236827)

--- trunk/Source/_javascript_Core/ChangeLog	2018-10-04 04:57:35 UTC (rev 236826)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-10-04 05:12:19 UTC (rev 236827)
@@ -1,3 +1,16 @@
+2018-10-03  Ross Kirsling  
+
+[JSC] print() changes CRLF to CRCRLF on Windows
+https://bugs.webkit.org/show_bug.cgi?id=190228
+
+Reviewed by Mark Lam.
+
+* jsc.cpp:
+(main):
+Ultimately, this is just the normal behavior of printf in text mode on Windows.
+Since we're reading in files as binary, we need to be printing out as binary too
+(just as we do in DumpRenderTree and ImageDiff.)
+
 2018-10-03  Saam barati  
 
 lowXYZ in FTLLower should always filter the type of the incoming edge


Modified: trunk/Source/_javascript_Core/jsc.cpp (236826 => 236827)

--- trunk/Source/_javascript_Core/jsc.cpp	2018-10-04 04:57:35 UTC (rev 236826)
+++ trunk/Source/_javascript_Core/jsc.cpp	2018-10-04 05:12:19 UTC (rev 236827)
@@ -90,6 +90,8 @@
 
 #if OS(WINDOWS)
 #include 
+#include 
+#include 
 #include 
 #else
 #include 
@@ -2231,6 +2233,9 @@
 // error mode here to work around Cygwin's behavior. See .
 ::SetErrorMode(0);
 
+_setmode(_fileno(stdout), _O_BINARY);
+_setmode(_fileno(stderr), _O_BINARY);
+
 #if defined(_DEBUG)
 _CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDERR);
 _CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_FILE);






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [236826] trunk/Source/WebKit

[mitz]

Title: [236826] trunk/Source/WebKit








Revision 236826
Author m...@apple.com
Date 2018-10-03 21:57:35 -0700 (Wed, 03 Oct 2018)


Log Message
Tried to fix non-Cocoa, ENABLE(ATTACHMENT_ELEMENT) builds after r236822.

* UIProcess/PageClient.h:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/UIProcess/PageClient.h




Diff

Modified: trunk/Source/WebKit/ChangeLog (236825 => 236826)

--- trunk/Source/WebKit/ChangeLog	2018-10-04 03:55:12 UTC (rev 236825)
+++ trunk/Source/WebKit/ChangeLog	2018-10-04 04:57:35 UTC (rev 236826)
@@ -1,5 +1,11 @@
 2018-10-03  Dan Bernstein  
 
+Tried to fix non-Cocoa, ENABLE(ATTACHMENT_ELEMENT) builds after r236822.
+
+* UIProcess/PageClient.h:
+
+2018-10-03  Dan Bernstein  
+
 [Cocoa] Let clients specify an NSFileWrapper subclassed to be used for _WKAttachment
 https://bugs.webkit.org/show_bug.cgi?id=190270
 


Modified: trunk/Source/WebKit/UIProcess/PageClient.h (236825 => 236826)

--- trunk/Source/WebKit/UIProcess/PageClient.h	2018-10-04 03:55:12 UTC (rev 236825)
+++ trunk/Source/WebKit/UIProcess/PageClient.h	2018-10-04 04:57:35 UTC (rev 236826)
@@ -444,8 +444,10 @@
 #if ENABLE(ATTACHMENT_ELEMENT)
 virtual void didInsertAttachment(API::Attachment&, const String& source) { }
 virtual void didRemoveAttachment(API::Attachment&) { }
+#if PLATFORM(COCOA)
 virtual NSFileWrapper *allocFileWrapperInstance() { return nullptr; }
 #endif
+#endif
 };
 
 } // namespace WebKit






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [236825] trunk/Source/WebCore

[rniwa]

Title: [236825] trunk/Source/WebCore








Revision 236825
Author rn...@webkit.org
Date 2018-10-03 20:55:12 -0700 (Wed, 03 Oct 2018)


Log Message
Clear m_pendingTargets in MutationObserver::takeRecords
https://bugs.webkit.org/show_bug.cgi?id=190240

Reviewed by Geoffrey Garen.

In r236781, we delayed the clearing of m_pendingTargets until the end of microtask to avoid a race between
mutation record's JS wrappers getting created and GC marking JS wrappers of elements in mutation records.

This patch shortens this delay to until mutation record's JS wrappers are created. Specifically, we make
MutationObserver::takeRecords() return a struct which has both pending targets hash set and the vector of
mutation records so that the hash set survives through the creation of JS wrappers for mutation records.

To do this, a new IDL extended attribute "ResultField" is introduced to specify the member variable in
which the result is stored.

No new tests. Unfortunately, this race condition appears to be impossible to capture in a regression test.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateOperationBodyDefinition):
* bindings/scripts/IDLAttributes.json:
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::jsTestInterfacePrototypeFunctionTakeNodesBody):
(WebCore::jsTestInterfacePrototypeFunctionTakeNodes):
* bindings/scripts/test/TestImplements.idl: Added a test case.
* dom/MutationObserver.cpp:
(WebCore::MutationObserver::takeRecords):
(WebCore::MutationObserver::deliver):
* dom/MutationObserver.h:
* dom/MutationObserver.idl:

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
trunk/Source/WebCore/bindings/scripts/IDLAttributes.json
trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp
trunk/Source/WebCore/bindings/scripts/test/TestImplements.idl
trunk/Source/WebCore/dom/MutationObserver.cpp
trunk/Source/WebCore/dom/MutationObserver.h
trunk/Source/WebCore/dom/MutationObserver.idl




Diff

Modified: trunk/Source/WebCore/ChangeLog (236824 => 236825)

--- trunk/Source/WebCore/ChangeLog	2018-10-04 03:29:57 UTC (rev 236824)
+++ trunk/Source/WebCore/ChangeLog	2018-10-04 03:55:12 UTC (rev 236825)
@@ -1,3 +1,35 @@
+2018-10-03  Ryosuke Niwa  
+
+Clear m_pendingTargets in MutationObserver::takeRecords
+https://bugs.webkit.org/show_bug.cgi?id=190240
+
+Reviewed by Geoffrey Garen.
+
+In r236781, we delayed the clearing of m_pendingTargets until the end of microtask to avoid a race between
+mutation record's JS wrappers getting created and GC marking JS wrappers of elements in mutation records.
+
+This patch shortens this delay to until mutation record's JS wrappers are created. Specifically, we make
+MutationObserver::takeRecords() return a struct which has both pending targets hash set and the vector of
+mutation records so that the hash set survives through the creation of JS wrappers for mutation records.
+
+To do this, a new IDL extended attribute "ResultField" is introduced to specify the member variable in
+which the result is stored.
+
+No new tests. Unfortunately, this race condition appears to be impossible to capture in a regression test.
+
+* bindings/scripts/CodeGeneratorJS.pm:
+(GenerateOperationBodyDefinition):
+* bindings/scripts/IDLAttributes.json:
+* bindings/scripts/test/JS/JSTestInterface.cpp:
+(WebCore::jsTestInterfacePrototypeFunctionTakeNodesBody):
+(WebCore::jsTestInterfacePrototypeFunctionTakeNodes):
+* bindings/scripts/test/TestImplements.idl: Added a test case.
+* dom/MutationObserver.cpp:
+(WebCore::MutationObserver::takeRecords):
+(WebCore::MutationObserver::deliver):
+* dom/MutationObserver.h:
+* dom/MutationObserver.idl:
+
 2018-10-03  Youenn Fablet  
 
 Add VP8 support to WebRTC


Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (236824 => 236825)

--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm	2018-10-04 03:29:57 UTC (rev 236824)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm	2018-10-04 03:55:12 UTC (rev 236825)
@@ -5151,7 +5151,14 @@
 
 GenerateArgumentsCountCheck($outputArray, $operation, $interface, $indent);
 my $functionString = GenerateParametersCheck($outputArray, $operation, $interface, $functionImplementationName, $indent);
-GenerateImplementationFunctionCall($outputArray, $operation, $interface, $functionString, $indent);
+
+if ($operation->extendedAttributes->{ResultField}) {
+my $resultName = $operation->extendedAttributes->{ResultField};
+push(@$outputArray, "auto implResult = $functionString;\n");
+GenerateImplementationFunctionCall($outputArray, $operation, $interface, "WTFMove(implResult.$resultName)", $indent);
+} else {
+GenerateImplementationFunctionCall($outputArray, $operation, 

[webkit-changes] [236824] trunk

[sbarati]

Title: [236824] trunk








Revision 236824
Author sbar...@apple.com
Date 2018-10-03 20:29:57 -0700 (Wed, 03 Oct 2018)


Log Message
lowXYZ in FTLLower should always filter the type of the incoming edge
https://bugs.webkit.org/show_bug.cgi?id=189939


Reviewed by Michael Saboff.

JSTests:

* stress/ftl-should-always-filter-for-low-type-check-functions.js: Added.
(foo):
(test):

Source/_javascript_Core:

For example, the FTL may know more about data flow than AI in certain programs,
and it needs to inform AI of these data flow properties to appease the assertion
we have in AI that a node must perform type checks on its child nodes.

For example, consider this program:

```
bb#1
a: Phi // Let's say it has an Int32 result, so it goes into the int32 hash table in FTLLower
Branch(...,  #2, #3)

bb#2
ArrayifyToStructure(Cell:@a) // This modifies @a to have the its previous type union the type of some structure set.
Jump(#3)

bb#3
c: Add(Int32:@something, Int32:@a)
```

When the Add node does lowInt32() for @a, FTL lower used to just grab it
from the int32 hash table without filtering the AbstractValue. However,
the parent node is asking for a type check to happen, so we must inform
AI of this "type check" if we want to appease the assertion that all nodes
perform type checks for their edges that semantically perform type checks.
This patch makes it so we filter the AbstractValue in the lowXYZ even
if FTLLower proved the value must be XYZ.

* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compilePhi):
(JSC::FTL::DFG::LowerDFGToB3::simulatedTypeCheck):
(JSC::FTL::DFG::LowerDFGToB3::lowInt32):
(JSC::FTL::DFG::LowerDFGToB3::lowCell):
(JSC::FTL::DFG::LowerDFGToB3::lowBoolean):

Modified Paths

trunk/JSTests/ChangeLog
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp


Added Paths

trunk/JSTests/stress/ftl-should-always-filter-for-low-type-check-functions.js




Diff

Modified: trunk/JSTests/ChangeLog (236823 => 236824)

--- trunk/JSTests/ChangeLog	2018-10-04 03:27:20 UTC (rev 236823)
+++ trunk/JSTests/ChangeLog	2018-10-04 03:29:57 UTC (rev 236824)
@@ -1,3 +1,15 @@
+2018-10-03  Saam barati  
+
+lowXYZ in FTLLower should always filter the type of the incoming edge
+https://bugs.webkit.org/show_bug.cgi?id=189939
+
+
+Reviewed by Michael Saboff.
+
+* stress/ftl-should-always-filter-for-low-type-check-functions.js: Added.
+(foo):
+(test):
+
 2018-10-03  Mark Lam  
 
 Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.


Added: trunk/JSTests/stress/ftl-should-always-filter-for-low-type-check-functions.js (0 => 236824)

--- trunk/JSTests/stress/ftl-should-always-filter-for-low-type-check-functions.js	(rev 0)
+++ trunk/JSTests/stress/ftl-should-always-filter-for-low-type-check-functions.js	2018-10-04 03:29:57 UTC (rev 236824)
@@ -0,0 +1,31 @@
+//@ runDefault("--useConcurrentJIT=0", "--jitPolicyScale=0", "--maximumInliningDepth=2")
+
+function foo(x, y) {
+var w = 0;
+for (var i = 0; i < x.length; ++i) {
+for (var j = 0; j < x.length; ++j)
+w += foo(j, i);
+y[i] = w;
+}
+}
+
+function test(x, a3) {
+  a1 = [];
+  a2 = [];
+
+for (i = 0; i < x; ++i)
+a1[i] = 0;
+
+for (i = 0; i < 10; ++i) {
+foo(a3, a2);
+foo(a3, a1);
+}
+}
+noDFG(test);
+
+a3 = [];
+for (var i = 0; i < 3; ++i)
+a3[i] = 0;
+
+for (var i = 3; i <= 12; i *= 2)
+test(i, a3);


Modified: trunk/Source/_javascript_Core/ChangeLog (236823 => 236824)

--- trunk/Source/_javascript_Core/ChangeLog	2018-10-04 03:27:20 UTC (rev 236823)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-10-04 03:29:57 UTC (rev 236824)
@@ -1,3 +1,45 @@
+2018-10-03  Saam barati  
+
+lowXYZ in FTLLower should always filter the type of the incoming edge
+https://bugs.webkit.org/show_bug.cgi?id=189939
+
+
+Reviewed by Michael Saboff.
+
+For example, the FTL may know more about data flow than AI in certain programs,
+and it needs to inform AI of these data flow properties to appease the assertion
+we have in AI that a node must perform type checks on its child nodes.
+
+For example, consider this program:
+
+```
+bb#1
+a: Phi // Let's say it has an Int32 result, so it goes into the int32 hash table in FTLLower
+Branch(...,  #2, #3)
+
+bb#2
+ArrayifyToStructure(Cell:@a) // This modifies @a to have the its previous type union the type of some structure set.
+Jump(#3)
+
+bb#3
+c: Add(Int32:@something, Int32:@a)
+```
+
+When the Add node does lowInt32() for @a, FTL lower used to just grab it
+from the int32 hash table without filtering the AbstractValue. However,
+the parent node is asking for a type check to happen, so we must inform
+  

[webkit-changes] [236823] trunk/Source/ThirdParty/libwebrtc

[mitz]

Title: [236823] trunk/Source/ThirdParty/libwebrtc








Revision 236823
Author m...@apple.com
Date 2018-10-03 20:27:20 -0700 (Wed, 03 Oct 2018)


Log Message
Addressed the warning “no rule to process file 'Source/ThirdParty/libwebrtc/Source/third_party/yasm-1.3.0/modules/objfmts/macho/Makefile.inc' of type sourcecode.pascal for architecture x86_64”

* libwebrtc.xcodeproj/project.pbxproj: Removed Makefile.inc from the yasm target’s Compile
  Sources build phase.

Modified Paths

trunk/Source/ThirdParty/libwebrtc/ChangeLog
trunk/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj




Diff

Modified: trunk/Source/ThirdParty/libwebrtc/ChangeLog (236822 => 236823)

--- trunk/Source/ThirdParty/libwebrtc/ChangeLog	2018-10-04 02:04:08 UTC (rev 236822)
+++ trunk/Source/ThirdParty/libwebrtc/ChangeLog	2018-10-04 03:27:20 UTC (rev 236823)
@@ -1,3 +1,10 @@
+2018-10-03  Dan Bernstein  
+
+Addressed the warning “no rule to process file 'Source/ThirdParty/libwebrtc/Source/third_party/yasm-1.3.0/modules/objfmts/macho/Makefile.inc' of type sourcecode.pascal for architecture x86_64”
+
+* libwebrtc.xcodeproj/project.pbxproj: Removed Makefile.inc from the yasm target’s Compile
+  Sources build phase.
+
 2018-10-03  Youenn Fablet  
 
 Add VP8 support to WebRTC


Modified: trunk/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj (236822 => 236823)

--- trunk/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj	2018-10-04 02:04:08 UTC (rev 236822)
+++ trunk/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj	2018-10-04 03:27:20 UTC (rev 236823)
@@ -971,7 +971,6 @@
 		419C84C11FE31A0B0040C30F /* encoder_vcp.h in Headers */ = {isa = PBXBuildFile; fileRef = 419C849C1FE2FEC00040C30F /* encoder_vcp.h */; };
 		419C84CB1FE3252E0040C30F /* curve25519.c in Sources */ = {isa = PBXBuildFile; fileRef = 419C847C1FE256B90040C30F /* curve25519.c */; };
 		419EA1F3215C48C70082BFD2 /* macho-objfmt.c in Sources */ = {isa = PBXBuildFile; fileRef = 419EA1F2215C48C70082BFD2 /* macho-objfmt.c */; };
-		419EA1F6215C49590082BFD2 /* Makefile.inc in Sources */ = {isa = PBXBuildFile; fileRef = 419EA1F4215C49580082BFD2 /* Makefile.inc */; };
 		419EA1F9215C4A9E0082BFD2 /* module.c in Sources */ = {isa = PBXBuildFile; fileRef = 419EA1F8215C4A9E0082BFD2 /* module.c */; };
 		419EA201215C4B270082BFD2 /* x86expr.c in Sources */ = {isa = PBXBuildFile; fileRef = 419EA1FD215C4B260082BFD2 /* x86expr.c */; };
 		419EA202215C4B270082BFD2 /* x86arch.c in Sources */ = {isa = PBXBuildFile; fileRef = 419EA1FE215C4B260082BFD2 /* x86arch.c */; };
@@ -15328,7 +15327,6 @@
 41BE717C215C459000A7B196 /* inttree.c in Sources */,
 41BE71CC215C464800A7B196 /* linemap.c in Sources */,
 419EA1F3215C48C70082BFD2 /* macho-objfmt.c in Sources */,
-419EA1F6215C49590082BFD2 /* Makefile.inc in Sources */,
 41BE717D215C459000A7B196 /* md5.c in Sources */,
 41BE717E215C459000A7B196 /* mergesort.c in Sources */,
 419EA1F9215C4A9E0082BFD2 /* module.c in Sources */,






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [236822] trunk

[mitz]

Title: [236822] trunk








Revision 236822
Author m...@apple.com
Date 2018-10-03 19:04:08 -0700 (Wed, 03 Oct 2018)


Log Message
[Cocoa] Let clients specify an NSFileWrapper subclassed to be used for _WKAttachment
https://bugs.webkit.org/show_bug.cgi?id=190270

Reviewed by Wenson Hsieh.

Source/WebKit:

* UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
(-[WKWebViewConfiguration copyWithZone:]): Copy new _attachmentFileWrapperClass ivar.
(-[WKWebViewConfiguration _attachmentFileWrapperClass]): Added this getter.
(-[WKWebViewConfiguration _setAttachmentFileWrapperClass:]): Added this setter, which raises
  an exception if the argument is not an NSFileWrapper subclass.

* UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h: Declared new property.

* UIProcess/Cocoa/PageClientImplCocoa.h:
* UIProcess/Cocoa/PageClientImplCocoa.mm:
(WebKit::PageClientImplCocoa::allocFileWrapperInstance): Added. Allocates an instance of
  the class specified in the configuration, or NSFileWrapper if no custom class is specified.

* UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::platformRegisterAttachment): Use PageClient::allocFileWrapperInstance
  instead of allocating an NSFileWrapper instance.

* UIProcess/PageClient.h:
(WebKit::PageClient::allocFileWrapperInstance): Defined new function. The default
  implementation returns nil.

Tools:

* TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm:
(TestWebKitAPI::TEST):

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm
trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h
trunk/Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h
trunk/Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm
trunk/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
trunk/Source/WebKit/UIProcess/PageClient.h
trunk/Tools/ChangeLog
trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm




Diff

Modified: trunk/Source/WebKit/ChangeLog (236821 => 236822)

--- trunk/Source/WebKit/ChangeLog	2018-10-04 01:53:27 UTC (rev 236821)
+++ trunk/Source/WebKit/ChangeLog	2018-10-04 02:04:08 UTC (rev 236822)
@@ -1,3 +1,31 @@
+2018-10-03  Dan Bernstein  
+
+[Cocoa] Let clients specify an NSFileWrapper subclassed to be used for _WKAttachment
+https://bugs.webkit.org/show_bug.cgi?id=190270
+
+Reviewed by Wenson Hsieh.
+
+* UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
+(-[WKWebViewConfiguration copyWithZone:]): Copy new _attachmentFileWrapperClass ivar.
+(-[WKWebViewConfiguration _attachmentFileWrapperClass]): Added this getter.
+(-[WKWebViewConfiguration _setAttachmentFileWrapperClass:]): Added this setter, which raises
+  an exception if the argument is not an NSFileWrapper subclass.
+
+* UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h: Declared new property.
+
+* UIProcess/Cocoa/PageClientImplCocoa.h:
+* UIProcess/Cocoa/PageClientImplCocoa.mm:
+(WebKit::PageClientImplCocoa::allocFileWrapperInstance): Added. Allocates an instance of
+  the class specified in the configuration, or NSFileWrapper if no custom class is specified.
+
+* UIProcess/Cocoa/WebPageProxyCocoa.mm:
+(WebKit::WebPageProxy::platformRegisterAttachment): Use PageClient::allocFileWrapperInstance
+  instead of allocating an NSFileWrapper instance.
+
+* UIProcess/PageClient.h:
+(WebKit::PageClient::allocFileWrapperInstance): Defined new function. The default
+  implementation returns nil.
+
 2018-10-03  Youenn Fablet  
 
 Add VP8 support to WebRTC


Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm (236821 => 236822)

--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm	2018-10-04 01:53:27 UTC (rev 236821)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm	2018-10-04 02:04:08 UTC (rev 236822)
@@ -136,6 +136,7 @@
 BOOL _invisibleAutoplayNotPermitted;
 BOOL _mediaDataLoadsAutomatically;
 BOOL _attachmentElementEnabled;
+Class _attachmentFileWrapperClass;
 BOOL _mainContentUserGestureOverrideEnabled;
 
 #if PLATFORM(MAC)
@@ -355,6 +356,7 @@
 configuration->_invisibleAutoplayNotPermitted = self->_invisibleAutoplayNotPermitted;
 configuration->_mediaDataLoadsAutomatically = self->_mediaDataLoadsAutomatically;
 configuration->_attachmentElementEnabled = self->_attachmentElementEnabled;
+configuration->_attachmentFileWrapperClass = self->_attachmentFileWrapperClass;
 configuration->_mediaTypesRequiringUserActionForPlayback = self->_mediaTypesRequiringUserActionForPlayback;
 configuration->_mainContentUserGestureOverrideEnabled = self->_mainContentUserGestureOverrideEnabled;
 configuration->_waitsForPaintAfterViewDidMoveToWindow = self->_waitsForPaintAfterViewDidMoveToWindow;
@@ -746,6 +748,19 @@
 _attachmentElementEnabled = attachmentElementEnabled;
 }
 
+- 

[webkit-changes] [236820] trunk

[jiewen_tan]

Title: [236820] trunk








Revision 236820
Author jiewen_...@apple.com
Date 2018-10-03 18:32:02 -0700 (Wed, 03 Oct 2018)


Log Message
[WebCrypto] ECDSA could not deal with invalid signature inputs
https://bugs.webkit.org/show_bug.cgi?id=189879


Reviewed by Brent Fulgham.

Source/WebCore:

Add some guards over detections of the start positions of r/s.

Covered by improved existing tests.

* crypto/mac/CryptoAlgorithmECDSAMac.cpp:
(WebCore::verifyECDSA):

LayoutTests:

* crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt:
* crypto/subtle/ecdsa-verify-malformed-parameters.html:

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt
trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/crypto/mac/CryptoAlgorithmECDSAMac.cpp




Diff

Modified: trunk/LayoutTests/ChangeLog (236819 => 236820)

--- trunk/LayoutTests/ChangeLog	2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/LayoutTests/ChangeLog	2018-10-04 01:32:02 UTC (rev 236820)
@@ -1,3 +1,14 @@
+2018-09-28  Jiewen Tan  
+
+[WebCrypto] ECDSA could not deal with invalid signature inputs
+https://bugs.webkit.org/show_bug.cgi?id=189879
+
+
+Reviewed by Brent Fulgham.
+
+* crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt:
+* crypto/subtle/ecdsa-verify-malformed-parameters.html:
+
 2018-10-03  Antoine Quint  
 
 [Web Animations] REGRESSION: setting 'animation-name: none' after a 'fill: forwards' animation has completed does not revert to the unanimated style


Modified: trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt (236819 => 236820)

--- trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt	2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt	2018-10-04 01:32:02 UTC (rev 236820)
@@ -5,6 +5,8 @@
 
 PASS verified is false
 PASS verified is false
+PASS verified is false
+PASS verified is false
 PASS successfullyParsed is true
 
 TEST COMPLETE


Modified: trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html (236819 => 236820)

--- trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html	2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html	2018-10-04 01:32:02 UTC (rev 236820)
@@ -27,6 +27,8 @@
 var data = "" World!");
 var corruptedSignature = hexStringToUint8Array("d60737267c707deb1f3547c85d3f49b167fb3b4fd7ed7d974c2adc4f89171f9884a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a1b");
 var shortenSignature = hexStringToUint8Array("d60737267c707deb1f3547c85d3f49b167fb3b4fd7ed7d974c2adc4f89171f9884a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a");
+var invalidSignature1 = hexStringToUint8Array("84a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a1b");
+var invalidSignature2 = hexStringToUint8Array("84a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a1b");
 
 crypto.subtle.importKey("jwk", jwkPublicKey, { name: "ECDSA", namedCurve: "P-256" }, extractable, ["verify"]).then(function(result) {
 key = result;
@@ -37,12 +39,24 @@
 
 shouldBeFalse("verified");
 
-return crypto.subtle.verify(ecdsaParams, key, corruptedSignature, data);
+return crypto.subtle.verify(ecdsaParams, key, shortenSignature, data);
 }).then(function(result) {
 verified = result;
 
 shouldBeFalse("verified");
 
+return crypto.subtle.verify(ecdsaParams, key, invalidSignature1, data);
+}).then(function(result) {
+verified = result;
+
+shouldBeFalse("verified");
+
+return crypto.subtle.verify(ecdsaParams, key, invalidSignature2, data);
+}).then(function(result) {
+verified = result;
+
+shouldBeFalse("verified");
+
 finishJSTest();
 }, failAndFinishJSTest);
 


Modified: trunk/Source/WebCore/ChangeLog (236819 => 236820)

--- trunk/Source/WebCore/ChangeLog	2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/Source/WebCore/ChangeLog	2018-10-04 01:32:02 UTC (rev 236820)
@@ -1,3 +1,18 @@
+2018-09-28  Jiewen Tan  
+
+[WebCrypto] ECDSA could not deal with invalid signature inputs
+https://bugs.webkit.org/show_bug.cgi?id=189879
+
+
+Reviewed by Brent Fulgham.
+
+Add some guards over detections of the start positions of r/s.
+
+Covered by improved existing tests.
+
+* crypto/mac/CryptoAlgorithmECDSAMac.cpp:
+(WebCore::verifyECDSA):
+
 2018-10-03  Jer Noble  
 
 Add a quirk to disable Modern EME for sites which are broken with it enabled


Modified: trunk/Source/WebCore/crypto/mac/CryptoAlgorithmECDSAMac.cpp (236819 => 236820)

--- trunk/Source/WebCore/crypto/mac/CryptoAlgorithmECDSAMac.cpp	2018-10-04 

[webkit-changes] [236819] branches/safari-606.2.104.2-branch/Source

[kocsen_chung]

Title: [236819] branches/safari-606.2.104.2-branch/Source








Revision 236819
Author kocsen_ch...@apple.com
Date 2018-10-03 18:17:20 -0700 (Wed, 03 Oct 2018)


Log Message
Versioning.

Modified Paths

branches/safari-606.2.104.2-branch/Source/_javascript_Core/Configurations/Version.xcconfig
branches/safari-606.2.104.2-branch/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
branches/safari-606.2.104.2-branch/Source/WebCore/Configurations/Version.xcconfig
branches/safari-606.2.104.2-branch/Source/WebCore/PAL/Configurations/Version.xcconfig
branches/safari-606.2.104.2-branch/Source/WebInspectorUI/Configurations/Version.xcconfig
branches/safari-606.2.104.2-branch/Source/WebKit/Configurations/Version.xcconfig
branches/safari-606.2.104.2-branch/Source/WebKitLegacy/mac/Configurations/Version.xcconfig




Diff

Modified: branches/safari-606.2.104.2-branch/Source/_javascript_Core/Configurations/Version.xcconfig (236818 => 236819)

--- branches/safari-606.2.104.2-branch/Source/_javascript_Core/Configurations/Version.xcconfig	2018-10-04 00:50:46 UTC (rev 236818)
+++ branches/safari-606.2.104.2-branch/Source/_javascript_Core/Configurations/Version.xcconfig	2018-10-04 01:17:20 UTC (rev 236819)
@@ -24,9 +24,9 @@
 MAJOR_VERSION = 606;
 MINOR_VERSION = 2;
 TINY_VERSION = 104;
-MICRO_VERSION = 0;
-NANO_VERSION = 0;
-FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION);
+MICRO_VERSION = 2;
+NANO_VERSION = 1;
+FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION).$(NANO_VERSION);
 
 // The bundle version and short version string are set based on the current build configuration, see below.
 BUNDLE_VERSION = $(BUNDLE_VERSION_$(CONFIGURATION));


Modified: branches/safari-606.2.104.2-branch/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig (236818 => 236819)

--- branches/safari-606.2.104.2-branch/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig	2018-10-04 00:50:46 UTC (rev 236818)
+++ branches/safari-606.2.104.2-branch/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig	2018-10-04 01:17:20 UTC (rev 236819)
@@ -24,9 +24,9 @@
 MAJOR_VERSION = 606;
 MINOR_VERSION = 2;
 TINY_VERSION = 104;
-MICRO_VERSION = 0;
-NANO_VERSION = 0;
-FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION);
+MICRO_VERSION = 2;
+NANO_VERSION = 1;
+FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION).$(NANO_VERSION);
 
 // The bundle version and short version string are set based on the current build configuration, see below.
 BUNDLE_VERSION = $(BUNDLE_VERSION_$(CONFIGURATION));


Modified: branches/safari-606.2.104.2-branch/Source/WebCore/Configurations/Version.xcconfig (236818 => 236819)

--- branches/safari-606.2.104.2-branch/Source/WebCore/Configurations/Version.xcconfig	2018-10-04 00:50:46 UTC (rev 236818)
+++ branches/safari-606.2.104.2-branch/Source/WebCore/Configurations/Version.xcconfig	2018-10-04 01:17:20 UTC (rev 236819)
@@ -24,9 +24,9 @@
 MAJOR_VERSION = 606;
 MINOR_VERSION = 2;
 TINY_VERSION = 104;
-MICRO_VERSION = 0;
-NANO_VERSION = 0;
-FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION);
+MICRO_VERSION = 2;
+NANO_VERSION = 1;
+FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION).$(NANO_VERSION);
 
 // The bundle version and short version string are set based on the current build configuration, see below.
 BUNDLE_VERSION = $(BUNDLE_VERSION_$(CONFIGURATION));


Modified: branches/safari-606.2.104.2-branch/Source/WebCore/PAL/Configurations/Version.xcconfig (236818 => 236819)

--- branches/safari-606.2.104.2-branch/Source/WebCore/PAL/Configurations/Version.xcconfig	2018-10-04 00:50:46 UTC (rev 236818)
+++ branches/safari-606.2.104.2-branch/Source/WebCore/PAL/Configurations/Version.xcconfig	2018-10-04 01:17:20 UTC (rev 236819)
@@ -24,9 +24,9 @@
 MAJOR_VERSION = 606;
 MINOR_VERSION = 2;
 TINY_VERSION = 104;
-MICRO_VERSION = 0;
-NANO_VERSION = 0;
-FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION);
+MICRO_VERSION = 2;
+NANO_VERSION = 1;
+FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION).$(NANO_VERSION);
 
 // The bundle version and short version string are set based on the current build configuration, see below.
 BUNDLE_VERSION = $(BUNDLE_VERSION_$(CONFIGURATION));


Modified: branches/safari-606.2.104.2-branch/Source/WebInspectorUI/Configurations/Version.xcconfig (236818 => 236819)

--- branches/safari-606.2.104.2-branch/Source/WebInspectorUI/Configurations/Version.xcconfig	2018-10-04 00:50:46 UTC (rev 236818)
+++ branches/safari-606.2.104.2-branch/Source/WebInspectorUI/Configurations/Version.xcconfig	2018-10-04 01:17:20 UTC (rev 236819)
@@ -1,9 +1,9 @@
 MAJOR_VERSION = 606;
 MINOR_VERSION = 2;
 TINY_VERSION = 104;
-MICRO_VERSION = 0;
-NANO_VERSION = 0;
-FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION);
+MICRO_VERSION = 2;
+NANO_VERSION = 1;
+FULL_VERSION = 

[webkit-changes] [236817] branches/safari-606.2.104.2-branch/

[kocsen_chung]

Title: [236817] branches/safari-606.2.104.2-branch/








Revision 236817
Author kocsen_ch...@apple.com
Date 2018-10-03 17:49:48 -0700 (Wed, 03 Oct 2018)


Log Message
New branch.

Added Paths

branches/safari-606.2.104.2-branch/




Diff




___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [236818] trunk/Source/WebCore

[jer . noble]

Title: [236818] trunk/Source/WebCore








Revision 236818
Author jer.no...@apple.com
Date 2018-10-03 17:50:46 -0700 (Wed, 03 Oct 2018)


Log Message
Add a quirk to disable Modern EME for sites which are broken with it enabled
https://bugs.webkit.org/show_bug.cgi?id=190051

Reviewed by Daniel Bates.

Add a new class, parallel to Settings, to track quirk behavior. Extend the bindings
generator to support a DisabledByQuirk attribute, and set this attribute for all
the Modern EME types. Check whether the quirk is set inside HTMLMediaElement in
addition to the existing Setting.

* Modules/encryptedmedia/MediaKeyMessageEvent.idl:
* Modules/encryptedmedia/MediaKeySession.idl:
* Modules/encryptedmedia/MediaKeyStatusMap.idl:
* Modules/encryptedmedia/MediaKeySystemAccess.idl:
* Modules/encryptedmedia/MediaKeys.idl:
* Modules/encryptedmedia/NavigatorEME.idl:
* Sources.txt:
* WebCore.xcodeproj/project.pbxproj:
* bindings/scripts/CodeGenerator.pm:
(WK_ucfirst):
* bindings/scripts/CodeGeneratorJS.pm:
(NeedsRuntimeCheck):
(GenerateRuntimeEnableConditionalString):
* bindings/scripts/IDLAttributes.json:
* bindings/scripts/preprocess-idls.pl:
(GenerateConstructorAttributes):
* dom/Document.cpp:
(WebCore::Document::Document):
* dom/Document.h:
(WebCore::Document::quirks const):
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::mediaPlayerKeyNeeded):
(WebCore::HTMLMediaElement::mediaPlayerInitializationDataEncountered):
* html/HTMLMediaElement.idl:
* page/Quirks.cpp: Added.
(Quirks::Quirks):
(Quirks::disableEncryptedMediaAPIQuirk const):
* page/Quirks.h: Added.

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/Modules/encryptedmedia/MediaKeyMessageEvent.idl
trunk/Source/WebCore/Modules/encryptedmedia/MediaKeySession.idl
trunk/Source/WebCore/Modules/encryptedmedia/MediaKeyStatusMap.idl
trunk/Source/WebCore/Modules/encryptedmedia/MediaKeySystemAccess.idl
trunk/Source/WebCore/Modules/encryptedmedia/MediaKeys.idl
trunk/Source/WebCore/Modules/encryptedmedia/NavigatorEME.idl
trunk/Source/WebCore/Sources.txt
trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj
trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
trunk/Source/WebCore/bindings/scripts/IDLAttributes.json
trunk/Source/WebCore/bindings/scripts/preprocess-idls.pl
trunk/Source/WebCore/dom/Document.cpp
trunk/Source/WebCore/dom/Document.h
trunk/Source/WebCore/html/HTMLMediaElement.cpp
trunk/Source/WebCore/html/HTMLMediaElement.idl
trunk/Source/WebCore/html/MediaEncryptedEvent.idl
trunk/Source/WebCore/page/csp/ContentSecurityPolicySource.cpp


Added Paths

trunk/Source/WebCore/page/Quirks.cpp
trunk/Source/WebCore/page/Quirks.h




Diff

Modified: trunk/Source/WebCore/ChangeLog (236817 => 236818)

--- trunk/Source/WebCore/ChangeLog	2018-10-04 00:49:48 UTC (rev 236817)
+++ trunk/Source/WebCore/ChangeLog	2018-10-04 00:50:46 UTC (rev 236818)
@@ -1,3 +1,44 @@
+2018-10-03  Jer Noble  
+
+Add a quirk to disable Modern EME for sites which are broken with it enabled
+https://bugs.webkit.org/show_bug.cgi?id=190051
+
+Reviewed by Daniel Bates.
+
+Add a new class, parallel to Settings, to track quirk behavior. Extend the bindings
+generator to support a DisabledByQuirk attribute, and set this attribute for all
+the Modern EME types. Check whether the quirk is set inside HTMLMediaElement in
+addition to the existing Setting.
+
+* Modules/encryptedmedia/MediaKeyMessageEvent.idl:
+* Modules/encryptedmedia/MediaKeySession.idl:
+* Modules/encryptedmedia/MediaKeyStatusMap.idl:
+* Modules/encryptedmedia/MediaKeySystemAccess.idl:
+* Modules/encryptedmedia/MediaKeys.idl:
+* Modules/encryptedmedia/NavigatorEME.idl:
+* Sources.txt:
+* WebCore.xcodeproj/project.pbxproj:
+* bindings/scripts/CodeGenerator.pm:
+(WK_ucfirst):
+* bindings/scripts/CodeGeneratorJS.pm:
+(NeedsRuntimeCheck):
+(GenerateRuntimeEnableConditionalString):
+* bindings/scripts/IDLAttributes.json:
+* bindings/scripts/preprocess-idls.pl:
+(GenerateConstructorAttributes):
+* dom/Document.cpp:
+(WebCore::Document::Document):
+* dom/Document.h:
+(WebCore::Document::quirks const):
+* html/HTMLMediaElement.cpp:
+(WebCore::HTMLMediaElement::mediaPlayerKeyNeeded):
+(WebCore::HTMLMediaElement::mediaPlayerInitializationDataEncountered):
+* html/HTMLMediaElement.idl:
+* page/Quirks.cpp: Added.
+(Quirks::Quirks):
+(Quirks::disableEncryptedMediaAPIQuirk const):
+* page/Quirks.h: Added.
+
 2018-10-03  Antoine Quint  
 
 [Web Animations] REGRESSION: setting 'animation-name: none' after a 'fill: forwards' animation has completed does not revert to the unanimated style


Modified: trunk/Source/WebCore/Modules/encryptedmedia/MediaKeyMessageEvent.idl (236817 => 236818)

--- 

[webkit-changes] [236816] tags/Safari-607.1.9/Source/WebCore

[kocsen_chung]

Title: [236816] tags/Safari-607.1.9/Source/WebCore








Revision 236816
Author kocsen_ch...@apple.com
Date 2018-10-03 17:13:40 -0700 (Wed, 03 Oct 2018)


Log Message
Cherry-pick r236796. rdar://problem/43949622

[macOS] Switching to discrete GPU should be done in the UI process
https://bugs.webkit.org/show_bug.cgi?id=189361


Try to fix the IOSMAC build.

* platform/graphics/GraphicsContext3D.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236796 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

tags/Safari-607.1.9/Source/WebCore/ChangeLog
tags/Safari-607.1.9/Source/WebCore/platform/graphics/GraphicsContext3D.h




Diff

Modified: tags/Safari-607.1.9/Source/WebCore/ChangeLog (236815 => 236816)

--- tags/Safari-607.1.9/Source/WebCore/ChangeLog	2018-10-03 23:34:25 UTC (rev 236815)
+++ tags/Safari-607.1.9/Source/WebCore/ChangeLog	2018-10-04 00:13:40 UTC (rev 236816)
@@ -1,3 +1,27 @@
+2018-10-03  Kocsen Chung  
+
+Cherry-pick r236796. rdar://problem/43949622
+
+[macOS] Switching to discrete GPU should be done in the UI process
+https://bugs.webkit.org/show_bug.cgi?id=189361
+
+
+Try to fix the IOSMAC build.
+
+* platform/graphics/GraphicsContext3D.h:
+
+git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236796 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+2018-10-03  Dean Jackson  
+
+[macOS] Switching to discrete GPU should be done in the UI process
+https://bugs.webkit.org/show_bug.cgi?id=189361
+
+
+Try to fix the IOSMAC build.
+
+* platform/graphics/GraphicsContext3D.h:
+
 2018-10-03  Youenn Fablet  
 
 Enable H264 simulcast


Modified: tags/Safari-607.1.9/Source/WebCore/platform/graphics/GraphicsContext3D.h (236815 => 236816)

--- tags/Safari-607.1.9/Source/WebCore/platform/graphics/GraphicsContext3D.h	2018-10-03 23:34:25 UTC (rev 236815)
+++ tags/Safari-607.1.9/Source/WebCore/platform/graphics/GraphicsContext3D.h	2018-10-04 00:13:40 UTC (rev 236816)
@@ -1520,7 +1520,7 @@
 Platform3DObject m_vao { 0 };
 #endif
 
-#if PLATFORM(MAC)
+#if PLATFORM(COCOA) && USE(OPENGL)
 bool m_hasSwitchedToHighPerformanceGPU { false };
 #endif
 };






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [236815] trunk/Source/WebKit

[commit-queue]

Title: [236815] trunk/Source/WebKit








Revision 236815
Author commit-qu...@webkit.org
Date 2018-10-03 16:34:25 -0700 (Wed, 03 Oct 2018)


Log Message
Search does not cancel after number of matching terms exceed set max limit
https://bugs.webkit.org/show_bug.cgi?id=190020


Patch by Zamiul Haque  on 2018-10-03
Reviewed by Andy Estes.

When searching a PDF document on MobileSafari, the maximum number of matching
terms are limited to a set constant. Beyond this limit, a PDF document should not
be searched, since the UI will not be updated correspondingly. To this effect,
a new SPI was made to cancel a search when the maximum limit of matching terms
is reached. This is done without clearing the highlighting for the all the terms
that were found under the limit. This bug was a result of not having implemented
the new SPI in WKPDFView.

This will be tested in a follow-up patch, after re-enabling WKPDFView tests
on iOS 12.

* UIProcess/ios/WKPDFView.mm:
(-[WKPDFView pdfHostViewController:findStringUpdate:done:]):

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/Platform/spi/ios/PDFKitSPI.h
trunk/Source/WebKit/UIProcess/ios/WKPDFView.mm




Diff

Modified: trunk/Source/WebKit/ChangeLog (236814 => 236815)

--- trunk/Source/WebKit/ChangeLog	2018-10-03 23:24:10 UTC (rev 236814)
+++ trunk/Source/WebKit/ChangeLog	2018-10-03 23:34:25 UTC (rev 236815)
@@ -1,3 +1,25 @@
+2018-10-03  Zamiul Haque  
+
+Search does not cancel after number of matching terms exceed set max limit
+https://bugs.webkit.org/show_bug.cgi?id=190020
+
+
+Reviewed by Andy Estes.
+
+When searching a PDF document on MobileSafari, the maximum number of matching
+terms are limited to a set constant. Beyond this limit, a PDF document should not
+be searched, since the UI will not be updated correspondingly. To this effect,
+a new SPI was made to cancel a search when the maximum limit of matching terms
+is reached. This is done without clearing the highlighting for the all the terms
+that were found under the limit. This bug was a result of not having implemented 
+the new SPI in WKPDFView.
+
+This will be tested in a follow-up patch, after re-enabling WKPDFView tests
+on iOS 12.
+
+* UIProcess/ios/WKPDFView.mm:
+(-[WKPDFView pdfHostViewController:findStringUpdate:done:]):
+
 2018-10-03  Brian Burg  
 
 [Cocoa] REGRESSION: web content process paused in debugger is considered to be unresponsive if WebKit client is sandboxed


Modified: trunk/Source/WebKit/Platform/spi/ios/PDFKitSPI.h (236814 => 236815)

--- trunk/Source/WebKit/Platform/spi/ios/PDFKitSPI.h	2018-10-03 23:24:10 UTC (rev 236814)
+++ trunk/Source/WebKit/Platform/spi/ios/PDFKitSPI.h	2018-10-03 23:34:25 UTC (rev 236815)
@@ -45,6 +45,7 @@
 
 - (void) findString:(NSString*) string withOptions:(NSStringCompareOptions) options;
 - (void) cancelFindString;
+- (void) cancelFindStringWithHighlightsCleared:(BOOL)cleared;
 - (void) focusOnSearchResultAtIndex:(NSUInteger) searchIndex;
 
 - (NSInteger) currentPageIndex;


Modified: trunk/Source/WebKit/UIProcess/ios/WKPDFView.mm (236814 => 236815)

--- trunk/Source/WebKit/UIProcess/ios/WKPDFView.mm	2018-10-03 23:24:10 UTC (rev 236814)
+++ trunk/Source/WebKit/UIProcess/ios/WKPDFView.mm	2018-10-03 23:34:25 UTC (rev 236815)
@@ -392,14 +392,18 @@
 
 - (void)pdfHostViewController:(PDFHostViewController *)controller findStringUpdate:(NSUInteger)numFound done:(BOOL)done
 {
-// FIXME: We should stop searching once numFound exceeds _findStringMaxCount, but PDFKit doesn't
-// allow us to stop the search without also clearing the search highlights. See .
+if (numFound > _findStringMaxCount && !done) {
+[controller cancelFindStringWithHighlightsCleared:NO];
+done = YES;
+}
+
 if (!done)
 return;
-
-_findStringCount = numFound;
-if (auto findCompletion = std::exchange(_findCompletion, nil))
+
+if (auto findCompletion = std::exchange(_findCompletion, nil)) {
+_findStringCount = numFound;
 findCompletion();
+}
 }
 
 - (NSURL *)_URLWithPageIndex:(NSInteger)pageIndex






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [236814] trunk/Source/JavaScriptCore

[msaboff]

Title: [236814] trunk/Source/_javascript_Core








Revision 236814
Author msab...@apple.com
Date 2018-10-03 16:24:10 -0700 (Wed, 03 Oct 2018)


Log Message
Command line jsc should report memory footprint in bytes
https://bugs.webkit.org/show_bug.cgi?id=190267

Reviewed by Mark Lam.

Change to leave the footprint values from the system unmodified.

* jsc.cpp:
(JSCMemoryFootprint::finishCreation):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/jsc.cpp




Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (236813 => 236814)

--- trunk/Source/_javascript_Core/ChangeLog	2018-10-03 22:02:44 UTC (rev 236813)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-10-03 23:24:10 UTC (rev 236814)
@@ -1,3 +1,15 @@
+2018-10-03  Michael Saboff  
+
+Command line jsc should report memory footprint in bytes
+https://bugs.webkit.org/show_bug.cgi?id=190267
+
+Reviewed by Mark Lam.
+
+Change to leave the footprint values from the system unmodified.
+
+* jsc.cpp:
+(JSCMemoryFootprint::finishCreation):
+
 2018-10-03  Mark Lam  
 
 Suppress unreachable code warning for LLIntAssembly.h code.


Modified: trunk/Source/_javascript_Core/jsc.cpp (236813 => 236814)

--- trunk/Source/_javascript_Core/jsc.cpp	2018-10-03 22:02:44 UTC (rev 236813)
+++ trunk/Source/_javascript_Core/jsc.cpp	2018-10-03 23:24:10 UTC (rev 236814)
@@ -1231,9 +1231,8 @@
 
 MemoryFootprint footprint = MemoryFootprint::now();
 
-// Report sizes in KBytes so that values up to GB are still integers.
-addProperty(vm, "current", jsNumber(footprint.current / 1024));
-addProperty(vm, "peak", jsNumber(footprint.peak / 1024));
+addProperty(vm, "current", jsNumber(footprint.current));
+addProperty(vm, "peak", jsNumber(footprint.peak));
 }
 
 DECLARE_INFO;






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [236813] trunk/Source/JavaScriptCore

[mark . lam]

Title: [236813] trunk/Source/_javascript_Core








Revision 236813
Author mark@apple.com
Date 2018-10-03 15:02:44 -0700 (Wed, 03 Oct 2018)


Log Message
Suppress unreachable code warning for LLIntAssembly.h code.
https://bugs.webkit.org/show_bug.cgi?id=190263


Reviewed by Saam Barati.

This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter
asm files, and may contain dead code which are harmless, but will trip up the warning.
We should suppress the warning so that it doesn't break builds.

* llint/LowLevelInterpreter.cpp:
(JSC::CLoop::execute):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/llint/LowLevelInterpreter.cpp




Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (236812 => 236813)

--- trunk/Source/_javascript_Core/ChangeLog	2018-10-03 21:09:42 UTC (rev 236812)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-10-03 22:02:44 UTC (rev 236813)
@@ -1,3 +1,18 @@
+2018-10-03  Mark Lam  
+
+Suppress unreachable code warning for LLIntAssembly.h code.
+https://bugs.webkit.org/show_bug.cgi?id=190263
+
+
+Reviewed by Saam Barati.
+
+This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter
+asm files, and may contain dead code which are harmless, but will trip up the warning.
+We should suppress the warning so that it doesn't break builds.
+
+* llint/LowLevelInterpreter.cpp:
+(JSC::CLoop::execute):
+
 2018-10-03  Dan Bernstein  
 
 _javascript_Core part of [Xcode] Update some build settings as recommended by Xcode 10


Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter.cpp (236812 => 236813)

--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter.cpp	2018-10-03 21:09:42 UTC (rev 236812)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter.cpp	2018-10-03 22:02:44 UTC (rev 236813)
@@ -446,7 +446,9 @@
 // bytecode handlers for the interpreter, as compiled from
 // LowLevelInterpreter.asm and its peers.
 
+IGNORE_CLANG_WARNINGS_BEGIN("unreachable-code")
 #include "LLIntAssembly.h"
+IGNORE_CLANG_WARNINGS_END
 
 OFFLINE_ASM_GLUE_LABEL(llint_return_to_host)
 {






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [236812] branches/safari-606.2.104.0-branch/Source/WebCore

[kocsen_chung]

Title: [236812] branches/safari-606.2.104.0-branch/Source/WebCore








Revision 236812
Author kocsen_ch...@apple.com
Date 2018-10-03 14:09:42 -0700 (Wed, 03 Oct 2018)


Log Message
Cherry-pick r236806. rdar://problem/44855484

CRASH in CVPixelBufferGetBytePointerCallback()
https://bugs.webkit.org/show_bug.cgi?id=190092

Reviewed by Eric Carlson.

Speculative fix for crash that occurs when callers of CVPixelBufferGetBytePointerCallback() attempt
to read the last byte of a CVPixelBuffer (as a pre-flight check) and crash due to a memory access
error. It's speculated that mismatching CVPixelBufferLockBytePointer / CVPixelBufferUnlockBytePointer
calls could result in an incorrect state inside the CVPixelBuffer. Add log count checks, locking, and
release logging to try to pinpoint if mismatch lock counts are occurring in this code path.

* platform/graphics/cv/PixelBufferConformerCV.cpp:
(WebCore::CVPixelBufferGetBytePointerCallback):
(WebCore::CVPixelBufferReleaseBytePointerCallback):
(WebCore::CVPixelBufferReleaseInfoCallback):
(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236806 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

branches/safari-606.2.104.0-branch/Source/WebCore/ChangeLog
branches/safari-606.2.104.0-branch/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp




Diff

Modified: branches/safari-606.2.104.0-branch/Source/WebCore/ChangeLog (236811 => 236812)

--- branches/safari-606.2.104.0-branch/Source/WebCore/ChangeLog	2018-10-03 21:08:53 UTC (rev 236811)
+++ branches/safari-606.2.104.0-branch/Source/WebCore/ChangeLog	2018-10-03 21:09:42 UTC (rev 236812)
@@ -1,3 +1,46 @@
+2018-10-03  Kocsen Chung  
+
+Cherry-pick r236806. rdar://problem/44855484
+
+CRASH in CVPixelBufferGetBytePointerCallback()
+https://bugs.webkit.org/show_bug.cgi?id=190092
+
+Reviewed by Eric Carlson.
+
+Speculative fix for crash that occurs when callers of CVPixelBufferGetBytePointerCallback() attempt
+to read the last byte of a CVPixelBuffer (as a pre-flight check) and crash due to a memory access
+error. It's speculated that mismatching CVPixelBufferLockBytePointer / CVPixelBufferUnlockBytePointer
+calls could result in an incorrect state inside the CVPixelBuffer. Add log count checks, locking, and
+release logging to try to pinpoint if mismatch lock counts are occurring in this code path.
+
+* platform/graphics/cv/PixelBufferConformerCV.cpp:
+(WebCore::CVPixelBufferGetBytePointerCallback):
+(WebCore::CVPixelBufferReleaseBytePointerCallback):
+(WebCore::CVPixelBufferReleaseInfoCallback):
+(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer):
+
+
+git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236806 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+2018-10-03  Jer Noble  
+
+CRASH in CVPixelBufferGetBytePointerCallback()
+https://bugs.webkit.org/show_bug.cgi?id=190092
+
+Reviewed by Eric Carlson.
+
+Speculative fix for crash that occurs when callers of CVPixelBufferGetBytePointerCallback() attempt
+to read the last byte of a CVPixelBuffer (as a pre-flight check) and crash due to a memory access
+error. It's speculated that mismatching CVPixelBufferLockBytePointer / CVPixelBufferUnlockBytePointer
+calls could result in an incorrect state inside the CVPixelBuffer. Add log count checks, locking, and
+release logging to try to pinpoint if mismatch lock counts are occurring in this code path.
+
+* platform/graphics/cv/PixelBufferConformerCV.cpp:
+(WebCore::CVPixelBufferGetBytePointerCallback):
+(WebCore::CVPixelBufferReleaseBytePointerCallback):
+(WebCore::CVPixelBufferReleaseInfoCallback):
+(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer):
+
 2018-09-28  Babak Shafiei  
 
 Cherry-pick r236615. rdar://problem/44883290


Modified: branches/safari-606.2.104.0-branch/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp (236811 => 236812)

--- branches/safari-606.2.104.0-branch/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp	2018-10-03 21:08:53 UTC (rev 236811)
+++ branches/safari-606.2.104.0-branch/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp	2018-10-03 21:09:42 UTC (rev 236812)
@@ -29,6 +29,7 @@
 #if HAVE(CORE_VIDEO)
 
 #include "GraphicsContextCG.h"
+#include "Logging.h"
 #include 
 
 #include "CoreVideoSoftLink.h"
@@ -55,23 +56,87 @@
 #endif
 }
 
-static const void* CVPixelBufferGetBytePointerCallback(void* info)
+struct CVPixelBufferInfo {
+RetainPtr pixelBuffer;
+int lockCount { 0 };
+};
+
+static const void* CVPixelBufferGetBytePointerCallback(void* refcon)
 {
-CVPixelBufferRef pixelBuffer = static_cast(info);
-

[webkit-changes] [236811] trunk/Source/ThirdParty

[mitz]

Title: [236811] trunk/Source/ThirdParty








Revision 236811
Author m...@apple.com
Date 2018-10-03 14:08:53 -0700 (Wed, 03 Oct 2018)


Log Message
ANGLE and libwebrtc parts of [Xcode] Update some build settings as recommended by Xcode 10
https://bugs.webkit.org/show_bug.cgi?id=190250

Reviewed by Andy Estes.

Source/ThirdParty/ANGLE:

* ANGLE.xcodeproj/project.pbxproj: Kept the unreachable code warning off for four files that
  were generated by tools: glslang_lex.cpp, glslang_tab.cpp, Tokenizer.cpp, and
  ExpressionParser.cpp. Let Xcode update LastUpgradeCheck.

* Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_INFINITE_RECURSION,
  CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_SUSPICIOUS_MOVE,
  CLANG_WARN_UNREACHABLE_CODE, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and
  CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED.

Source/ThirdParty/libwebrtc:

* Configurations/Base.xcconfig: Removed a duplicate reference to x_all.c and let Xcode
  update LastUpgradeCheck.

* libwebrtc.xcodeproj/project.pbxproj: Enabled CLANG_WARN_INFINITE_RECURSION,
  CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED, and
  CLANG_WARN_SUSPICIOUS_MOVE. Other warnings that Xcode 10 recommended were incompatible
  with one or more source files in the project.

Modified Paths

trunk/Source/ThirdParty/ANGLE/ANGLE.xcodeproj/project.pbxproj
trunk/Source/ThirdParty/ANGLE/ChangeLog
trunk/Source/ThirdParty/ANGLE/Configurations/Base.xcconfig
trunk/Source/ThirdParty/libwebrtc/ChangeLog
trunk/Source/ThirdParty/libwebrtc/Configurations/Base.xcconfig
trunk/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj




Diff

Modified: trunk/Source/ThirdParty/ANGLE/ANGLE.xcodeproj/project.pbxproj (236810 => 236811)

--- trunk/Source/ThirdParty/ANGLE/ANGLE.xcodeproj/project.pbxproj	2018-10-03 21:02:19 UTC (rev 236810)
+++ trunk/Source/ThirdParty/ANGLE/ANGLE.xcodeproj/project.pbxproj	2018-10-03 21:08:53 UTC (rev 236811)
@@ -20,8 +20,8 @@
 		31012E2918B97B9B0039062F /* DirectiveHandler.h in Headers */ = {isa = PBXBuildFile; fileRef = 31012DB818B97B9B0039062F /* DirectiveHandler.h */; };
 		31012E2A18B97B9B0039062F /* ExtensionBehavior.h in Headers */ = {isa = PBXBuildFile; fileRef = 31012DB918B97B9B0039062F /* ExtensionBehavior.h */; };
 		31012E2D18B97B9B0039062F /* glslang.h in Headers */ = {isa = PBXBuildFile; fileRef = 31012DBD18B97B9B0039062F /* glslang.h */; };
-		31012E3018B97B9B0039062F /* glslang_lex.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 31012DC018B97B9B0039062F /* glslang_lex.cpp */; };
-		31012E3118B97B9B0039062F /* glslang_tab.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 31012DC118B97B9B0039062F /* glslang_tab.cpp */; };
+		31012E3018B97B9B0039062F /* glslang_lex.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 31012DC018B97B9B0039062F /* glslang_lex.cpp */; settings = {COMPILER_FLAGS = "-Wno-unreachable-code"; }; };
+		31012E3118B97B9B0039062F /* glslang_tab.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 31012DC118B97B9B0039062F /* glslang_tab.cpp */; settings = {COMPILER_FLAGS = "-Wno-unreachable-code"; }; };
 		31012E3218B97B9B0039062F /* glslang_tab.h in Headers */ = {isa = PBXBuildFile; fileRef = 31012DC218B97B9B0039062F /* glslang_tab.h */; };
 		31012E3318B97B9B0039062F /* HashNames.h in Headers */ = {isa = PBXBuildFile; fileRef = 31012DC318B97B9B0039062F /* HashNames.h */; };
 		31012E3418B97B9B0039062F /* InfoSink.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 31012DC418B97B9B0039062F /* InfoSink.cpp */; };
@@ -516,8 +516,8 @@
 		5CCD81C01DBFEA5C006066B8 /* UseInterfaceBlockFields.h in Headers */ = {isa = PBXBuildFile; fileRef = 5CCD81A91DBFEA5C006066B8 /* UseInterfaceBlockFields.h */; };
 		5CCD81C31DBFEAD9006066B8 /* EmulateGLFragColorBroadcast.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5CCD81C11DBFEAD9006066B8 /* EmulateGLFragColorBroadcast.cpp */; };
 		5CCD81C41DBFEAD9006066B8 /* EmulateGLFragColorBroadcast.h in Headers */ = {isa = PBXBuildFile; fileRef = 5CCD81C21DBFEAD9006066B8 /* EmulateGLFragColorBroadcast.h */; };
-		72309A56183C27DE00370B93 /* Tokenizer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 72309A55183C27DB00370B93 /* Tokenizer.cpp */; };
-		72309A58183C27F300370B93 /* ExpressionParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 72309A57183C27F100370B93 /* ExpressionParser.cpp */; };
+		72309A56183C27DE00370B93 /* Tokenizer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 72309A55183C27DB00370B93 /* Tokenizer.cpp */; settings = {COMPILER_FLAGS = "-Wno-unreachable-code"; }; };
+		72309A58183C27F300370B93 /* ExpressionParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 72309A57183C27F100370B93 /* ExpressionParser.cpp */; settings = {COMPILER_FLAGS = "-Wno-unreachable-code"; }; };
 		A08C3CDC16D6CB61003F0B83 /* ArrayBoundsClamper.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A08C3CDA16D6CB61003F0B83 /* ArrayBoundsClamper.cpp */; };
 		A08C3CDD16D6CB61003F0B83 /* ArrayBoundsClamper.h in Headers */ 

[webkit-changes] [236810] trunk/Source/WebKit

[bburg]

Title: [236810] trunk/Source/WebKit








Revision 236810
Author bb...@apple.com
Date 2018-10-03 14:02:19 -0700 (Wed, 03 Oct 2018)


Log Message
[Cocoa] REGRESSION: web content process paused in debugger is considered to be unresponsive if WebKit client is sandboxed
https://bugs.webkit.org/show_bug.cgi?id=190256


Reviewed by Alexey Proskuryakov.

Instead of giving up when the client is sandboxed, check whether it has the
exception that's necessary to get process information. If it is possible,
proceed to check whether the web content process has a debugger attached.

* UIProcess/Cocoa/WebProcessProxyCocoa.mm:
(WebKit::WebProcessProxy::platformIsBeingDebugged const):
Check 'process-info-pidinfo' to see if the sysctl call would be allowed.

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm




Diff

Modified: trunk/Source/WebKit/ChangeLog (236809 => 236810)

--- trunk/Source/WebKit/ChangeLog	2018-10-03 20:54:17 UTC (rev 236809)
+++ trunk/Source/WebKit/ChangeLog	2018-10-03 21:02:19 UTC (rev 236810)
@@ -1,3 +1,19 @@
+2018-10-03  Brian Burg  
+
+[Cocoa] REGRESSION: web content process paused in debugger is considered to be unresponsive if WebKit client is sandboxed
+https://bugs.webkit.org/show_bug.cgi?id=190256
+
+
+Reviewed by Alexey Proskuryakov.
+
+Instead of giving up when the client is sandboxed, check whether it has the
+exception that's necessary to get process information. If it is possible,
+proceed to check whether the web content process has a debugger attached.
+
+* UIProcess/Cocoa/WebProcessProxyCocoa.mm:
+(WebKit::WebProcessProxy::platformIsBeingDebugged const):
+Check 'process-info-pidinfo' to see if the sysctl call would be allowed.
+
 2018-10-03  Michael Catanzaro  
 
 [WPE][GTK] Enable MSE by default


Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm (236809 => 236810)

--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm	2018-10-03 20:54:17 UTC (rev 236809)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm	2018-10-03 21:02:19 UTC (rev 236810)
@@ -37,6 +37,7 @@
 #import "WebProcessPool.h"
 #import 
 #import 
+#import 
 
 namespace WebKit {
 
@@ -135,8 +136,8 @@
 
 bool WebProcessProxy::platformIsBeingDebugged() const
 {
-// If the UI process is sandboxed, it cannot find out whether other processes are being debugged.
-if (currentProcessIsSandboxed())
+// If the UI process is sandboxed and lacks 'process-info-pidinfo', it cannot find out whether other processes are being debugged.
+if (currentProcessIsSandboxed() && !!sandbox_check(getpid(), "process-info-pidinfo", SANDBOX_CHECK_NO_REPORT))
 return false;
 
 struct kinfo_proc info;






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [236809] trunk

[graouts]

Title: [236809] trunk








Revision 236809
Author grao...@webkit.org
Date 2018-10-03 13:54:17 -0700 (Wed, 03 Oct 2018)


Log Message
[Web Animations] REGRESSION: setting 'animation-name: none' after a 'fill: forwards' animation has completed does not revert to the unanimated style
https://bugs.webkit.org/show_bug.cgi?id=190257


Reviewed by Dean Jackson.

Source/WebCore:

Test: animations/animation-fill-forwards-removal.html

While we removed a declarative animation that was no longer targetting its element, we were not removing it from the declarative animation maps
on the timeline, which means that the animation would still be picked up when resolving styles. We now notify the timeline that the animation
was detached from the element. This preserves the DeclarativeAnimation relationship returning the element as its effect's target and the document
timeline as its timeline, but the document timeline will no longer see this animation as targeting this element.

* animation/AnimationTimeline.cpp:
(WebCore::AnimationTimeline::cancelOrRemoveDeclarativeAnimation):
* animation/DeclarativeAnimation.h:
(WebCore::DeclarativeAnimation::target const):

LayoutTests:

Add a test that checks that an animation with fill: forwards no longer applies to an element once it's been removed.

* animations/animation-fill-forwards-removal-expected.txt: Added.
* animations/animation-fill-forwards-removal.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/animation/AnimationTimeline.cpp
trunk/Source/WebCore/animation/DeclarativeAnimation.h


Added Paths

trunk/LayoutTests/animations/animation-fill-forwards-removal-expected.txt
trunk/LayoutTests/animations/animation-fill-forwards-removal.html




Diff

Modified: trunk/LayoutTests/ChangeLog (236808 => 236809)

--- trunk/LayoutTests/ChangeLog	2018-10-03 20:19:37 UTC (rev 236808)
+++ trunk/LayoutTests/ChangeLog	2018-10-03 20:54:17 UTC (rev 236809)
@@ -1,3 +1,16 @@
+2018-10-03  Antoine Quint  
+
+[Web Animations] REGRESSION: setting 'animation-name: none' after a 'fill: forwards' animation has completed does not revert to the unanimated style
+https://bugs.webkit.org/show_bug.cgi?id=190257
+
+
+Reviewed by Dean Jackson.
+
+Add a test that checks that an animation with fill: forwards no longer applies to an element once it's been removed.
+
+* animations/animation-fill-forwards-removal-expected.txt: Added.
+* animations/animation-fill-forwards-removal.html: Added.
+
 2018-10-03  Chris Dumez  
 
 Regression(r236779): Crash when changing the input element type from inside an 'input' event listener


Added: trunk/LayoutTests/animations/animation-fill-forwards-removal-expected.txt (0 => 236809)

--- trunk/LayoutTests/animations/animation-fill-forwards-removal-expected.txt	(rev 0)
+++ trunk/LayoutTests/animations/animation-fill-forwards-removal-expected.txt	2018-10-03 20:54:17 UTC (rev 236809)
@@ -0,0 +1,3 @@
+
+PASS Setting 'animation-name: none' after a 'fill: forwards' animation has completed reverts to the unanimated style. 
+


Added: trunk/LayoutTests/animations/animation-fill-forwards-removal.html (0 => 236809)

--- trunk/LayoutTests/animations/animation-fill-forwards-removal.html	(rev 0)
+++ trunk/LayoutTests/animations/animation-fill-forwards-removal.html	2018-10-03 20:54:17 UTC (rev 236809)
@@ -0,0 +1,28 @@
+
+
+
+@keyframes animation {
+to { margin-left: 100px }
+}
+
+
+
+
+'use strict';
+
+async_test(t => {
+const target = document.body.appendChild(document.createElement("div"));
+target.style.animation = "animation 10ms forwards";
+
+target.addEventListener("animationend", () => {
+assert_equals(getComputedStyle(target).marginLeft, "100px", "The target element has style values from the final keyframe of its animation.");
+target.style.animation = "none";
+assert_equals(getComputedStyle(target).marginLeft, "0px", "The target element has no animation after setting 'animation-name: none'.");
+t.done();
+});
+}, "Setting 'animation-name: none' after a 'fill: forwards' animation has completed reverts to the unanimated style.");
+
+
+
\ No newline at end of file


Modified: trunk/Source/WebCore/ChangeLog (236808 => 236809)

--- trunk/Source/WebCore/ChangeLog	2018-10-03 20:19:37 UTC (rev 236808)
+++ trunk/Source/WebCore/ChangeLog	2018-10-03 20:54:17 UTC (rev 236809)
@@ -1,3 +1,23 @@
+2018-10-03  Antoine Quint  
+
+[Web Animations] REGRESSION: setting 'animation-name: none' after a 'fill: forwards' animation has completed does not revert to the unanimated style
+https://bugs.webkit.org/show_bug.cgi?id=190257
+
+
+Reviewed by Dean Jackson.
+
+Test: animations/animation-fill-forwards-removal.html
+
+While we removed a declarative animation that was no longer targetting its element, we were not removing it 

[webkit-changes] [236808] tags/Safari-607.1.8.2/Source

[kocsen_chung]

Title: [236808] tags/Safari-607.1.8.2/Source








Revision 236808
Author kocsen_ch...@apple.com
Date 2018-10-03 13:19:37 -0700 (Wed, 03 Oct 2018)


Log Message
Versioning.

Modified Paths

tags/Safari-607.1.8.2/Source/_javascript_Core/Configurations/Version.xcconfig
tags/Safari-607.1.8.2/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
tags/Safari-607.1.8.2/Source/WebCore/Configurations/Version.xcconfig
tags/Safari-607.1.8.2/Source/WebCore/PAL/Configurations/Version.xcconfig
tags/Safari-607.1.8.2/Source/WebInspectorUI/Configurations/Version.xcconfig
tags/Safari-607.1.8.2/Source/WebKit/Configurations/Version.xcconfig
tags/Safari-607.1.8.2/Source/WebKitLegacy/mac/Configurations/Version.xcconfig




Diff

Modified: tags/Safari-607.1.8.2/Source/_javascript_Core/Configurations/Version.xcconfig (236807 => 236808)

--- tags/Safari-607.1.8.2/Source/_javascript_Core/Configurations/Version.xcconfig	2018-10-03 20:13:30 UTC (rev 236807)
+++ tags/Safari-607.1.8.2/Source/_javascript_Core/Configurations/Version.xcconfig	2018-10-03 20:19:37 UTC (rev 236808)
@@ -24,7 +24,7 @@
 MAJOR_VERSION = 607;
 MINOR_VERSION = 1;
 TINY_VERSION = 8;
-MICRO_VERSION = 1;
+MICRO_VERSION = 2;
 NANO_VERSION = 0;
 FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION);
 


Modified: tags/Safari-607.1.8.2/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig (236807 => 236808)

--- tags/Safari-607.1.8.2/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig	2018-10-03 20:13:30 UTC (rev 236807)
+++ tags/Safari-607.1.8.2/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig	2018-10-03 20:19:37 UTC (rev 236808)
@@ -24,7 +24,7 @@
 MAJOR_VERSION = 607;
 MINOR_VERSION = 1;
 TINY_VERSION = 8;
-MICRO_VERSION = 1;
+MICRO_VERSION = 2;
 NANO_VERSION = 0;
 FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION);
 


Modified: tags/Safari-607.1.8.2/Source/WebCore/Configurations/Version.xcconfig (236807 => 236808)

--- tags/Safari-607.1.8.2/Source/WebCore/Configurations/Version.xcconfig	2018-10-03 20:13:30 UTC (rev 236807)
+++ tags/Safari-607.1.8.2/Source/WebCore/Configurations/Version.xcconfig	2018-10-03 20:19:37 UTC (rev 236808)
@@ -24,7 +24,7 @@
 MAJOR_VERSION = 607;
 MINOR_VERSION = 1;
 TINY_VERSION = 8;
-MICRO_VERSION = 1;
+MICRO_VERSION = 2;
 NANO_VERSION = 0;
 FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION);
 


Modified: tags/Safari-607.1.8.2/Source/WebCore/PAL/Configurations/Version.xcconfig (236807 => 236808)

--- tags/Safari-607.1.8.2/Source/WebCore/PAL/Configurations/Version.xcconfig	2018-10-03 20:13:30 UTC (rev 236807)
+++ tags/Safari-607.1.8.2/Source/WebCore/PAL/Configurations/Version.xcconfig	2018-10-03 20:19:37 UTC (rev 236808)
@@ -24,7 +24,7 @@
 MAJOR_VERSION = 607;
 MINOR_VERSION = 1;
 TINY_VERSION = 8;
-MICRO_VERSION = 1;
+MICRO_VERSION = 2;
 NANO_VERSION = 0;
 FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION);
 


Modified: tags/Safari-607.1.8.2/Source/WebInspectorUI/Configurations/Version.xcconfig (236807 => 236808)

--- tags/Safari-607.1.8.2/Source/WebInspectorUI/Configurations/Version.xcconfig	2018-10-03 20:13:30 UTC (rev 236807)
+++ tags/Safari-607.1.8.2/Source/WebInspectorUI/Configurations/Version.xcconfig	2018-10-03 20:19:37 UTC (rev 236808)
@@ -1,7 +1,7 @@
 MAJOR_VERSION = 607;
 MINOR_VERSION = 1;
 TINY_VERSION = 8;
-MICRO_VERSION = 1;
+MICRO_VERSION = 2;
 NANO_VERSION = 0;
 FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION);
 


Modified: tags/Safari-607.1.8.2/Source/WebKit/Configurations/Version.xcconfig (236807 => 236808)

--- tags/Safari-607.1.8.2/Source/WebKit/Configurations/Version.xcconfig	2018-10-03 20:13:30 UTC (rev 236807)
+++ tags/Safari-607.1.8.2/Source/WebKit/Configurations/Version.xcconfig	2018-10-03 20:19:37 UTC (rev 236808)
@@ -24,7 +24,7 @@
 MAJOR_VERSION = 607;
 MINOR_VERSION = 1;
 TINY_VERSION = 8;
-MICRO_VERSION = 1;
+MICRO_VERSION = 2;
 NANO_VERSION = 0;
 FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION);
 


Modified: tags/Safari-607.1.8.2/Source/WebKitLegacy/mac/Configurations/Version.xcconfig (236807 => 236808)

--- tags/Safari-607.1.8.2/Source/WebKitLegacy/mac/Configurations/Version.xcconfig	2018-10-03 20:13:30 UTC (rev 236807)
+++ tags/Safari-607.1.8.2/Source/WebKitLegacy/mac/Configurations/Version.xcconfig	2018-10-03 20:19:37 UTC (rev 236808)
@@ -24,7 +24,7 @@
 MAJOR_VERSION = 607;
 MINOR_VERSION = 1;
 TINY_VERSION = 8;
-MICRO_VERSION = 1;
+MICRO_VERSION = 2;
 NANO_VERSION = 0;
 FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION);
 






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [236807] tags/Safari-607.1.8.2/

[kocsen_chung]

Title: [236807] tags/Safari-607.1.8.2/








Revision 236807
Author kocsen_ch...@apple.com
Date 2018-10-03 13:13:30 -0700 (Wed, 03 Oct 2018)


Log Message
New tag.

Added Paths

tags/Safari-607.1.8.2/




Diff




___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [236806] trunk/Source/WebCore

[jer . noble]

Title: [236806] trunk/Source/WebCore








Revision 236806
Author jer.no...@apple.com
Date 2018-10-03 12:28:31 -0700 (Wed, 03 Oct 2018)


Log Message
CRASH in CVPixelBufferGetBytePointerCallback()
https://bugs.webkit.org/show_bug.cgi?id=190092

Reviewed by Eric Carlson.

Speculative fix for crash that occurs when callers of CVPixelBufferGetBytePointerCallback() attempt
to read the last byte of a CVPixelBuffer (as a pre-flight check) and crash due to a memory access
error. It's speculated that mismatching CVPixelBufferLockBytePointer / CVPixelBufferUnlockBytePointer
calls could result in an incorrect state inside the CVPixelBuffer. Add log count checks, locking, and
release logging to try to pinpoint if mismatch lock counts are occurring in this code path.

* platform/graphics/cv/PixelBufferConformerCV.cpp:
(WebCore::CVPixelBufferGetBytePointerCallback):
(WebCore::CVPixelBufferReleaseBytePointerCallback):
(WebCore::CVPixelBufferReleaseInfoCallback):
(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp




Diff

Modified: trunk/Source/WebCore/ChangeLog (236805 => 236806)

--- trunk/Source/WebCore/ChangeLog	2018-10-03 18:38:11 UTC (rev 236805)
+++ trunk/Source/WebCore/ChangeLog	2018-10-03 19:28:31 UTC (rev 236806)
@@ -1,3 +1,22 @@
+2018-10-03  Jer Noble  
+
+CRASH in CVPixelBufferGetBytePointerCallback()
+https://bugs.webkit.org/show_bug.cgi?id=190092
+
+Reviewed by Eric Carlson.
+
+Speculative fix for crash that occurs when callers of CVPixelBufferGetBytePointerCallback() attempt
+to read the last byte of a CVPixelBuffer (as a pre-flight check) and crash due to a memory access
+error. It's speculated that mismatching CVPixelBufferLockBytePointer / CVPixelBufferUnlockBytePointer
+calls could result in an incorrect state inside the CVPixelBuffer. Add log count checks, locking, and
+release logging to try to pinpoint if mismatch lock counts are occurring in this code path.
+
+* platform/graphics/cv/PixelBufferConformerCV.cpp:
+(WebCore::CVPixelBufferGetBytePointerCallback):
+(WebCore::CVPixelBufferReleaseBytePointerCallback):
+(WebCore::CVPixelBufferReleaseInfoCallback):
+(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer):
+
 2018-10-03  Chris Dumez  
 
 Regression(r236779): Crash when changing the input element type from inside an 'input' event listener


Modified: trunk/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp (236805 => 236806)

--- trunk/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp	2018-10-03 18:38:11 UTC (rev 236805)
+++ trunk/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp	2018-10-03 19:28:31 UTC (rev 236806)
@@ -29,6 +29,7 @@
 #if HAVE(CORE_VIDEO)
 
 #include "GraphicsContextCG.h"
+#include "Logging.h"
 #include 
 
 #include "CoreVideoSoftLink.h"
@@ -55,23 +56,87 @@
 #endif
 }
 
-static const void* CVPixelBufferGetBytePointerCallback(void* info)
+struct CVPixelBufferInfo {
+RetainPtr pixelBuffer;
+int lockCount { 0 };
+};
+
+static const void* CVPixelBufferGetBytePointerCallback(void* refcon)
 {
-CVPixelBufferRef pixelBuffer = static_cast(info);
-CVPixelBufferLockBaseAddress(pixelBuffer, kCVPixelBufferLock_ReadOnly);
-return CVPixelBufferGetBaseAddress(pixelBuffer);
+ASSERT(refcon);
+if (!refcon) {
+RELEASE_LOG_ERROR(Media, "CVPixelBufferGetBytePointerCallback() called with NULL refcon");
+RELEASE_LOG_STACKTRACE(Media);
+return nullptr;
+}
+auto info = static_cast(refcon);
+
+CVReturn result = CVPixelBufferLockBaseAddress(info->pixelBuffer.get(), kCVPixelBufferLock_ReadOnly);
+
+ASSERT(result == kCVReturnSuccess);
+if (result != kCVReturnSuccess) {
+RELEASE_LOG_ERROR(Media, "CVPixelBufferLockBaseAddress() returned error code %d", result);
+RELEASE_LOG_STACKTRACE(Media);
+return nullptr;
+}
+
+++info->lockCount;
+void* address = CVPixelBufferGetBaseAddress(info->pixelBuffer.get());
+RELEASE_LOG_INFO(Media, "CVPixelBufferGetBytePointerCallback() returning bytePointer: %p, size: %zu", address, CVPixelBufferGetDataSize(info->pixelBuffer.get()));
+return address;
 }
 
-static void CVPixelBufferReleaseBytePointerCallback(void* info, const void*)
+static void CVPixelBufferReleaseBytePointerCallback(void* refcon, const void*)
 {
-CVPixelBufferRef pixelBuffer = static_cast(info);
-CVPixelBufferUnlockBaseAddress(pixelBuffer, kCVPixelBufferLock_ReadOnly);
+ASSERT(refcon);
+if (!refcon) {
+RELEASE_LOG_ERROR(Media, "CVPixelBufferReleaseBytePointerCallback() called with NULL refcon");
+RELEASE_LOG_STACKTRACE(Media);
+return;
+}
+auto info = static_cast(refcon);
+
+CVReturn result = CVPixelBufferUnlockBaseAddress(info->pixelBuffer.get(), 

[webkit-changes] [236805] trunk

[mitz]

Title: [236805] trunk








Revision 236805
Author m...@apple.com
Date 2018-10-03 11:38:11 -0700 (Wed, 03 Oct 2018)


Log Message
bmalloc, WTF and _javascript_Core parts of [Xcode] Update some build settings as recommended by Xcode 10
https://bugs.webkit.org/show_bug.cgi?id=190250

Reviewed by Alex Christensen.

Source/bmalloc:

* Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS,
  and CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF.

* bmalloc.xcodeproj/project.pbxproj: Let Xcode update LastUpgradeCheck.

Source/_javascript_Core:

* API/tests/Regress141275.mm:
(-[JSTEvaluator _sourcePerform]): Addressed newly-enabled CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF
  by making the self-retaining explicit.

* API/tests/testapi.cpp:
(testCAPIViaCpp): Addressed newly-enabled CLANG_WARN_UNREACHABLE_CODE by breaking out of the
  loop instead of returning from the lambda.

* Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_UNREACHABLE_CODE,
  CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and
  CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED.

* _javascript_Core.xcodeproj/project.pbxproj: Removed a duplicate reference to
  UnlinkedFunctionExecutable.h, and let Xcode update the project file.

* assembler/MacroAssemblerPrinter.cpp:
(JSC::Printer::printAllRegisters): Addressed newly-enabled CLANG_WARN_COMMA by replacing
  some commas with semicolons.

Source/WTF:

* Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS,
  and CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF.

* WTF.xcodeproj/project.pbxproj: Let Xcode update LastUpgradeCheck.

* wtf/MathExtras.h:
(WTF::fastLog2): Addressed newly-enabled CLANG_WARN_COMMA by splitting some comma-separated
  expressions into individual statements.

Modified Paths

trunk/Source/_javascript_Core/API/tests/Regress141275.mm
trunk/Source/_javascript_Core/API/tests/testapi.cpp
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/Configurations/Base.xcconfig
trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj
trunk/Source/_javascript_Core/assembler/MacroAssemblerPrinter.cpp
trunk/Source/WTF/ChangeLog
trunk/Source/WTF/Configurations/Base.xcconfig
trunk/Source/WTF/WTF.xcodeproj/project.pbxproj
trunk/Source/WTF/wtf/MathExtras.h
trunk/Source/bmalloc/ChangeLog
trunk/Source/bmalloc/Configurations/Base.xcconfig
trunk/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj
trunk/Tools/MobileMiniBrowser/MobileMiniBrowser.xcodeproj/xcshareddata/xcschemes/MobileMiniBrowserUITests.xcscheme
trunk/WebKit.xcworkspace/xcshareddata/xcschemes/All Source.xcscheme
trunk/WebKit.xcworkspace/xcshareddata/xcschemes/All Tools.xcscheme




Diff

Modified: trunk/Source/_javascript_Core/API/tests/Regress141275.mm (236804 => 236805)

--- trunk/Source/_javascript_Core/API/tests/Regress141275.mm	2018-10-03 18:28:55 UTC (rev 236804)
+++ trunk/Source/_javascript_Core/API/tests/Regress141275.mm	2018-10-03 18:38:11 UTC (rev 236805)
@@ -306,12 +306,12 @@
 NSError* error = nil;
 if (task.evaluateBlock) {
 [self _setupEvaluatorThreadContextIfNeeded];
-task.evaluateBlock(_jsContext);
-if (_jsContext.exception) {
-NSLog(@"Did fail on JSContext: %@", _jsContext.name);
-NSDictionary* userInfo = @{ NSLocalizedDescriptionKey : [_jsContext.exception[@"message"] toString] };
+task.evaluateBlock(self->_jsContext);
+if (self->_jsContext.exception) {
+NSLog(@"Did fail on JSContext: %@", self->_jsContext.name);
+NSDictionary* userInfo = @{ NSLocalizedDescriptionKey : [self->_jsContext.exception[@"message"] toString] };
 error = [NSError errorWithDomain:@"JSTEvaluator" code:1 userInfo:userInfo];
-_jsContext.exception = nil;
+self->_jsContext.exception = nil;
 }
 }
 [self _callCompletionHandler:task.completionHandler ifNeededWithError:error];
@@ -324,8 +324,8 @@
 }
 
 dispatch_barrier_sync(_jsSourcePerformQueue, ^{
-if ([_jsContext[@"counter"] toInt32] == scriptToEvaluate)
-dispatch_semaphore_signal(_allScriptsDone);
+if ([self->_jsContext[@"counter"] toInt32] == scriptToEvaluate)
+dispatch_semaphore_signal(self->_allScriptsDone);
 });
 }
 }


Modified: trunk/Source/_javascript_Core/API/tests/testapi.cpp (236804 => 236805)

--- trunk/Source/_javascript_Core/API/tests/testapi.cpp	2018-10-03 18:28:55 UTC (rev 236804)
+++ trunk/Source/_javascript_Core/API/tests/testapi.cpp	2018-10-03 18:38:11 UTC (rev 236805)
@@ -520,7 +520,7 @@
 {
 LockHolder locker(lock);
 if (tasks.isEmpty())
-   

[webkit-changes] [236804] trunk

[mark . lam]

Title: [236804] trunk








Revision 236804
Author mark@apple.com
Date 2018-10-03 11:28:55 -0700 (Wed, 03 Oct 2018)


Log Message
Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
https://bugs.webkit.org/show_bug.cgi?id=190187


Reviewed by Michael Saboff.

JSTests:

* stress/regress-190187.js: Added.

Source/_javascript_Core:

Allowing different max string lengths at each level opens up opportunities for
bugs to creep in.  With 2 different max length values, it is more difficult to
keep the story straight on how we do overflow / bounds checks at each place in
the code.  It's also difficult to tell if a seemingly valid check at the WTF level
will have bad ramifications at the JSC level.  Also, it's also not meaningful to
support a max length > INT_MAX.  To eliminate this class of bugs, we'll
standardize on a MaxLength of INT_MAX at all levels.

We'll also standardize the way we do length overflow checks on using
CheckedArithmetic, and add some asserts to document the assumptions of the code.

* runtime/FunctionConstructor.cpp:
(JSC::constructFunctionSkippingEvalEnabledCheck):
- Fix OOM error handling which crashed a test after the new MaxLength was applied.
* runtime/JSString.h:
(JSC::JSString::finishCreation):
(JSC::JSString::createHasOtherOwner):
(JSC::JSString::setLength):
* runtime/JSStringInlines.h:
(JSC::jsMakeNontrivialString):
* runtime/Operations.h:
(JSC::jsString):

Source/WTF:

* wtf/text/StringConcatenate.h:
(WTF::tryMakeStringFromAdapters):
(WTF::sumWithOverflow): Deleted.
* wtf/text/StringImpl.h:
* wtf/text/WTFString.h:

Modified Paths

trunk/JSTests/ChangeLog
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/FunctionConstructor.cpp
trunk/Source/_javascript_Core/runtime/JSString.h
trunk/Source/_javascript_Core/runtime/JSStringInlines.h
trunk/Source/_javascript_Core/runtime/Operations.h
trunk/Source/WTF/ChangeLog
trunk/Source/WTF/wtf/text/StringConcatenate.h
trunk/Source/WTF/wtf/text/StringImpl.h
trunk/Source/WTF/wtf/text/WTFString.h


Added Paths

trunk/JSTests/stress/regress-190187.js




Diff

Modified: trunk/JSTests/ChangeLog (236803 => 236804)

--- trunk/JSTests/ChangeLog	2018-10-03 18:26:29 UTC (rev 236803)
+++ trunk/JSTests/ChangeLog	2018-10-03 18:28:55 UTC (rev 236804)
@@ -1,3 +1,13 @@
+2018-10-03  Mark Lam  
+
+Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
+https://bugs.webkit.org/show_bug.cgi?id=190187
+
+
+Reviewed by Michael Saboff.
+
+* stress/regress-190187.js: Added.
+
 2018-10-02  Caio Lima  
 
 [BigInt] BigInt.proptotype.toString is broken when radix is power of 2


Added: trunk/JSTests/stress/regress-190187.js (0 => 236804)

--- trunk/JSTests/stress/regress-190187.js	(rev 0)
+++ trunk/JSTests/stress/regress-190187.js	2018-10-03 18:28:55 UTC (rev 236804)
@@ -0,0 +1,18 @@
+//@ runDefault
+//@ skip if $memoryLimited or $buildType == "debug"
+//@ slow!
+
+try {
+var v1 = "AAA";
+for(var i = 0; i < 27; i++)
+  v1 = v1 + v1;
+var v2;
+var v3 = RegExp.prototype.toString.call({source:v1,flags:v1});
+v3 += v1;
+v2 += v3.localeCompare(v1);
+} catch (e) {
+exception = e;
+}
+
+if (exception != "Error: Out of memory")
+throw "FAILED";


Modified: trunk/Source/_javascript_Core/ChangeLog (236803 => 236804)

--- trunk/Source/_javascript_Core/ChangeLog	2018-10-03 18:26:29 UTC (rev 236803)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-10-03 18:28:55 UTC (rev 236804)
@@ -1,3 +1,34 @@
+2018-10-03  Mark Lam  
+
+Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
+https://bugs.webkit.org/show_bug.cgi?id=190187
+
+
+Reviewed by Michael Saboff.
+
+Allowing different max string lengths at each level opens up opportunities for
+bugs to creep in.  With 2 different max length values, it is more difficult to
+keep the story straight on how we do overflow / bounds checks at each place in
+the code.  It's also difficult to tell if a seemingly valid check at the WTF level
+will have bad ramifications at the JSC level.  Also, it's also not meaningful to
+support a max length > INT_MAX.  To eliminate this class of bugs, we'll
+standardize on a MaxLength of INT_MAX at all levels.
+
+We'll also standardize the way we do length overflow checks on using
+CheckedArithmetic, and add some asserts to document the assumptions of the code.
+
+* runtime/FunctionConstructor.cpp:
+(JSC::constructFunctionSkippingEvalEnabledCheck):
+- Fix OOM error handling which crashed a test after the new MaxLength was applied.
+* runtime/JSString.h:
+(JSC::JSString::finishCreation):
+(JSC::JSString::createHasOtherOwner):
+(JSC::JSString::setLength):
+* runtime/JSStringInlines.h:
+(JSC::jsMakeNontrivialString):
+* 

[webkit-changes] [236803] trunk

[cdumez]

Title: [236803] trunk








Revision 236803
Author cdu...@apple.com
Date 2018-10-03 11:26:29 -0700 (Wed, 03 Oct 2018)


Log Message
Regression(r236779): Crash when changing the input element type from inside an 'input' event listener
https://bugs.webkit.org/show_bug.cgi?id=190252

Reviewed by Alex Christensen.

Source/WebCore:

Add a null check for element() after firing the 'input' event and before firing the 'change' event
in case the input event listener changes the input type.

Tests: fast/dom/HTMLInputElement/change-type-in-click-event-listener.html
   fast/dom/HTMLInputElement/change-type-in-input-event-listener.html

* html/BaseCheckableInputType.cpp:
(WebCore::BaseCheckableInputType::fireInputAndChangeEvents):

LayoutTests:

Add layout test coverage.

* fast/dom/HTMLInputElement/change-type-in-click-event-listener-expected.txt: Added.
* fast/dom/HTMLInputElement/change-type-in-click-event-listener.html: Added.
* fast/dom/HTMLInputElement/change-type-in-input-event-listener-expected.txt: Added.
* fast/dom/HTMLInputElement/change-type-in-input-event-listener.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/html/BaseCheckableInputType.cpp


Added Paths

trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener-expected.txt
trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener.html
trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-input-event-listener-expected.txt
trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-input-event-listener.html




Diff

Modified: trunk/LayoutTests/ChangeLog (236802 => 236803)

--- trunk/LayoutTests/ChangeLog	2018-10-03 18:23:53 UTC (rev 236802)
+++ trunk/LayoutTests/ChangeLog	2018-10-03 18:26:29 UTC (rev 236803)
@@ -1,3 +1,17 @@
+2018-10-03  Chris Dumez  
+
+Regression(r236779): Crash when changing the input element type from inside an 'input' event listener
+https://bugs.webkit.org/show_bug.cgi?id=190252
+
+Reviewed by Alex Christensen.
+
+Add layout test coverage.
+
+* fast/dom/HTMLInputElement/change-type-in-click-event-listener-expected.txt: Added.
+* fast/dom/HTMLInputElement/change-type-in-click-event-listener.html: Added.
+* fast/dom/HTMLInputElement/change-type-in-input-event-listener-expected.txt: Added.
+* fast/dom/HTMLInputElement/change-type-in-input-event-listener.html: Added.
+
 2018-10-03  Matt Lewis  
 
 Unreviewed, rolling out r236781.


Added: trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener-expected.txt (0 => 236803)

--- trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener-expected.txt	(rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener-expected.txt	2018-10-03 18:26:29 UTC (rev 236803)
@@ -0,0 +1,10 @@
+Make sure we do not crash if the 'click' event listener changes the input type.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS Click event was fired
+PASS successfullyParsed is true
+
+TEST COMPLETE
+


Added: trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener.html (0 => 236803)

--- trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener.html	(rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener.html	2018-10-03 18:26:29 UTC (rev 236803)
@@ -0,0 +1,28 @@
+
+
+
+
+
+