[webkit-changes] [242011] trunk/Source/JavaScriptCore
Title: [242011] trunk/Source/_javascript_Core Revision 242011 Author rmoris...@apple.com Date 2019-02-23 19:18:33 -0800 (Sat, 23 Feb 2019) Log Message Remove dead code: AdjacencyList::justOneChild() https://bugs.webkit.org/show_bug.cgi?id=194965 Reviewed by Sam Weinig. * dfg/DFGAdjacencyList.h: (JSC::DFG::AdjacencyList::justOneChild const): Deleted. Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/dfg/DFGAdjacencyList.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (242010 => 242011) --- trunk/Source/_javascript_Core/ChangeLog 2019-02-24 03:03:10 UTC (rev 242010) +++ trunk/Source/_javascript_Core/ChangeLog 2019-02-24 03:18:33 UTC (rev 242011) @@ -1,3 +1,13 @@ +2019-02-23 Robin Morisset + +Remove dead code: AdjacencyList::justOneChild() +https://bugs.webkit.org/show_bug.cgi?id=194965 + +Reviewed by Sam Weinig. + +* dfg/DFGAdjacencyList.h: +(JSC::DFG::AdjacencyList::justOneChild const): Deleted. + 2019-02-23 Michael Catanzaro Unreviewed, fix -Wunused-param warning Modified: trunk/Source/_javascript_Core/dfg/DFGAdjacencyList.h (242010 => 242011) --- trunk/Source/_javascript_Core/dfg/DFGAdjacencyList.h 2019-02-24 03:03:10 UTC (rev 242010) +++ trunk/Source/_javascript_Core/dfg/DFGAdjacencyList.h 2019-02-24 03:18:33 UTC (rev 242011) @@ -100,15 +100,6 @@ Edge child1Unchecked() const { return m_words[0]; } -Edge justOneChild() const -{ -if (!!child1() && !child2()) { -ASSERT(!child3()); -return child1(); -} -return Edge(); -} - void initialize(Edge child1, Edge child2, Edge child3) { child(0) = child1; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [242010] trunk/Source/WebKit
Title: [242010] trunk/Source/WebKit Revision 242010 Author cdu...@apple.com Date 2019-02-23 19:03:10 -0800 (Sat, 23 Feb 2019) Log Message Give DrawingAreas their own identifiers https://bugs.webkit.org/show_bug.cgi?id=194969 Unreviewed, fix API test debug assertion failures after r241988. We do not support sending an ObjectIdentifier that is 0 via IPC so update WebPageProxy::CreateNewPage IPC to return an Optional instead of a WebPageCreationParameters. It returns nullopt when there this no UIClient or the client did not create the page, instead of returning a default-initialized WebPageCreationParameters. * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::createNewPage): * UIProcess/WebPageProxy.messages.in: * WebProcess/WebCoreSupport/WebChromeClient.cpp: (WebKit::WebChromeClient::createWindow): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebPageProxy.cpp trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in trunk/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp Diff Modified: trunk/Source/WebKit/ChangeLog (242009 => 242010) --- trunk/Source/WebKit/ChangeLog 2019-02-24 01:07:27 UTC (rev 242009) +++ trunk/Source/WebKit/ChangeLog 2019-02-24 03:03:10 UTC (rev 242010) @@ -1,3 +1,21 @@ +2019-02-23 Chris Dumez + +Give DrawingAreas their own identifiers +https://bugs.webkit.org/show_bug.cgi?id=194969 + + +Unreviewed, fix API test debug assertion failures after r241988. +We do not support sending an ObjectIdentifier that is 0 via IPC so update WebPageProxy::CreateNewPage +IPC to return an Optional instead of a WebPageCreationParameters. It returns +nullopt when there this no UIClient or the client did not create the page, instead of returning a +default-initialized WebPageCreationParameters. + +* UIProcess/WebPageProxy.cpp: +(WebKit::WebPageProxy::createNewPage): +* UIProcess/WebPageProxy.messages.in: +* WebProcess/WebCoreSupport/WebChromeClient.cpp: +(WebKit::WebChromeClient::createWindow): + 2019-02-23 Simon Fraser Remove remnants of iOS WK1 scrolling tree code Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (242009 => 242010) --- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-02-24 01:07:27 UTC (rev 242009) +++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-02-24 03:03:10 UTC (rev 242010) @@ -4872,7 +4872,7 @@ m_uiClient->createNewPage(*this, WTFMove(originatingFrameInfo), WTFMove(request), WTFMove(windowFeatures), WTFMove(navigationActionData), [this, protectedThis = makeRef(*this), mainFrameURL, request, reply = WTFMove(reply)] (RefPtr newPage) mutable { if (!newPage) { -reply(0, { }); +reply(0, WTF::nullopt); return; } Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in (242009 => 242010) --- trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in 2019-02-24 01:07:27 UTC (rev 242009) +++ trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in 2019-02-24 03:03:10 UTC (rev 242010) @@ -22,7 +22,7 @@ messages -> WebPageProxy { # UI messages -CreateNewPage(struct WebKit::FrameInfoData originatingFrameInfoData, uint64_t originatingPageID, WebCore::ResourceRequest request, struct WebCore::WindowFeatures windowFeatures, struct WebKit::NavigationActionData navigationActionData) -> (uint64_t newPageID, struct WebKit::WebPageCreationParameters newPageParameters) Delayed +CreateNewPage(struct WebKit::FrameInfoData originatingFrameInfoData, uint64_t originatingPageID, WebCore::ResourceRequest request, struct WebCore::WindowFeatures windowFeatures, struct WebKit::NavigationActionData navigationActionData) -> (uint64_t newPageID, Optional newPageParameters) Delayed ShowPage() ClosePage(bool stopResponsivenessTimer) RunJavaScriptAlert(uint64_t frameID, struct WebCore::SecurityOriginData frameSecurityOrigin, String message) -> () Delayed Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp (242009 => 242010) --- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp 2019-02-24 01:07:27 UTC (rev 242009) +++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp 2019-02-24 03:03:10 UTC (rev 242010) @@ -285,14 +285,15 @@ WebFrame* webFrame = WebFrame::fromCoreFrame(frame); uint64_t newPageID = 0; -WebPageCreationParameters parameters; +Optional parameters; if (!webProcess.parentProcessConnection()->sendSync(Messages::WebPageProxy::CreateNewPage(webFrame->info(), webFrame->page()->pageID(), request.resourceRequest(), windowFeatures, navigationActionData), Messages::WebPageProxy::CreateNewPage::Reply(newPageID, parameters), m_page.pageID())) return nullptr; if (!newPageID) return nullptr; +ASSERT(parameters); -webProcess.createWebPage(newPageID, WTFMove(parameters)); +webProcess.createWebPage(newPageID,
[webkit-changes] [242006] releases/WebKitGTK/webkit-2.22
Title: [242006] releases/WebKitGTK/webkit-2.22 Revision 242006 Author ape...@igalia.com Date 2019-02-23 17:07:02 -0800 (Sat, 23 Feb 2019) Log Message Merged r241613 - [JSC] CodeBlock::jettison should clear related watchpoints https://bugs.webkit.org/show_bug.cgi?id=194544 Reviewed by Mark Lam. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::jettison): * dfg/DFGCommonData.h: (JSC::DFG::CommonData::clearWatchpoints): Added. * dfg/CommonData.cpp: (JSC::DFG::CommonData::clearWatchpoints): Added. Modified Paths releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/bytecode/CodeBlock.cpp releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGCommonData.cpp releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGCommonData.h Added Paths releases/WebKitGTK/webkit-2.22/JSTests/stress/regexp-replace-double-watchpoint.js Diff Modified: releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog (242005 => 242006) --- releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog 2019-02-24 01:06:55 UTC (rev 242005) +++ releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog 2019-02-24 01:07:02 UTC (rev 242006) @@ -1,3 +1,12 @@ +2019-02-15 Robin Morisset +CodeBlock::jettison should clear related watchpoints +https://bugs.webkit.org/show_bug.cgi?id=194544 + +Reviewed by Mark Lam. + +* stress/regexp-replace-double-watchpoint.js: Added. +(foo): + 2019-02-08 Saam barati Nodes that rely on being dominated by CheckInBounds should have a child edge to it Added: releases/WebKitGTK/webkit-2.22/JSTests/stress/regexp-replace-double-watchpoint.js (0 => 242006) --- releases/WebKitGTK/webkit-2.22/JSTests/stress/regexp-replace-double-watchpoint.js (rev 0) +++ releases/WebKitGTK/webkit-2.22/JSTests/stress/regexp-replace-double-watchpoint.js 2019-02-24 01:07:02 UTC (rev 242006) @@ -0,0 +1,19 @@ +function foo() { +for (const x in []) { +new Float64Array(65493); +} + +const nullRegexp = RegExp(); + +for (let i = 0; i < 1; i++) { +function bar() { +nullRegexp.test("asdf"); +} +bar(); +} + +for (let j = 13.37; j < 1; j++) { +[].__proto__[j] = 0; +} +} +"ii".replace(/i/g, foo); Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog (242005 => 242006) --- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog 2019-02-24 01:06:55 UTC (rev 242005) +++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog 2019-02-24 01:07:02 UTC (rev 242006) @@ -1,3 +1,17 @@ +2019-02-15 Robin Morisset + +CodeBlock::jettison should clear related watchpoints +https://bugs.webkit.org/show_bug.cgi?id=194544 + +Reviewed by Mark Lam. + +* bytecode/CodeBlock.cpp: +(JSC::CodeBlock::jettison): +* dfg/DFGCommonData.h: +(JSC::DFG::CommonData::clearWatchpoints): Added. +* dfg/CommonData.cpp: +(JSC::DFG::CommonData::clearWatchpoints): Added. + 2019-02-08 Saam barati Nodes that rely on being dominated by CheckInBounds should have a child edge to it Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/bytecode/CodeBlock.cpp (242005 => 242006) --- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/bytecode/CodeBlock.cpp 2019-02-24 01:06:55 UTC (rev 242005) +++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/bytecode/CodeBlock.cpp 2019-02-24 01:07:02 UTC (rev 242006) @@ -1948,6 +1948,9 @@ // 2) Make sure that if we call the owner executable, then we shouldn't call this CodeBlock. #if ENABLE(DFG_JIT) +if (JITCode::isOptimizingJIT(jitType())) +jitCode()->dfgCommon()->clearWatchpoints(); + if (reason != Profiler::JettisonDueToOldAge) { Profiler::Compilation* compilation = jitCode()->dfgCommon()->compilation.get(); if (UNLIKELY(compilation)) Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGCommonData.cpp (242005 => 242006) --- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGCommonData.cpp 2019-02-24 01:06:55 UTC (rev 242005) +++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGCommonData.cpp 2019-02-24 01:07:02 UTC (rev 242006) @@ -205,6 +205,13 @@ #endif } +void CommonData::clearWatchpoints() +{ +watchpoints.clear(); +adaptiveStructureWatchpoints.clear(); +adaptiveInferredPropertyValueWatchpoints.clear(); +} + } } // namespace JSC::DFG #endif // ENABLE(DFG_JIT) Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGCommonData.h (242005 => 242006) --- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGCommonData.h 2019-02-24 01:06:55 UTC (rev 242005) +++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGCommonData.h 2019-02-24 01:07:02 UTC (rev 242006) @@ -114,6 +114,8 @@ void
[webkit-changes] [242009] releases/WebKitGTK/webkit-2.22
Title: [242009] releases/WebKitGTK/webkit-2.22 Revision 242009 Author ape...@igalia.com Date 2019-02-23 17:07:27 -0800 (Sat, 23 Feb 2019) Log Message Merged r241634 - RELEASE_ASSERT at com.apple._javascript_Core: JSC::jsSubstringOfResolved https://bugs.webkit.org/show_bug.cgi?id=194558 Reviewed by Saam Barati. JSTests: New regression test. * stress/regexp-unicode-within-string.js: Added. Source/_javascript_Core: Added an in bounds check before the read of the next character for Unicode regular expressions for pattern generation that didn't already have such checks. * yarr/YarrJIT.cpp: (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): (JSC::Yarr::YarrGenerator::generateCharacterClassOnce): (JSC::Yarr::YarrGenerator::generateCharacterClassFixed): Modified Paths releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/yarr/YarrJIT.cpp Added Paths releases/WebKitGTK/webkit-2.22/JSTests/stress/regexp-unicode-within-string.js Diff Modified: releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog (242008 => 242009) --- releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog 2019-02-24 01:07:20 UTC (rev 242008) +++ releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog 2019-02-24 01:07:27 UTC (rev 242009) @@ -1,3 +1,14 @@ +2019-02-15 Michael Saboff + +RELEASE_ASSERT at com.apple._javascript_Core: JSC::jsSubstringOfResolved +https://bugs.webkit.org/show_bug.cgi?id=194558 + +Reviewed by Saam Barati. + +New regression test. + +* stress/regexp-unicode-within-string.js: Added. + 2019-02-15 Mark Lam SamplingProfiler::stackTracesAsJSON() should escape strings. Added: releases/WebKitGTK/webkit-2.22/JSTests/stress/regexp-unicode-within-string.js (0 => 242009) --- releases/WebKitGTK/webkit-2.22/JSTests/stress/regexp-unicode-within-string.js (rev 0) +++ releases/WebKitGTK/webkit-2.22/JSTests/stress/regexp-unicode-within-string.js 2019-02-24 01:07:27 UTC (rev 242009) @@ -0,0 +1,26 @@ +// This test verifies that a Unicode regular _expression_ does not read past the end of a string. +// It should run without a crash or throwing an exception. + +function testRegExpInbounds(re, str, substrEnd) +{ +let subStr = str.substring(0, substrEnd); + +let match = subStr.match(re); + +if (match !== null && match[0] === str) +throw "Error: Read past end of a Unicode substring processing a Unicode RegExp"; +else if (match === null || match[0] !== subStr) { +print("Error: match[0].length = " + match[0].length + ", match[0] = \"" + match[0] + "\""); +throw "Error: Didn't properly match a Unicode substring with a matching Unicode RegExp"; +} +} + +testRegExpInbounds(/ab\u{10400}c\u{10a01}d|ab\u{10400}c\u{10a01}/iu, "ab\u{10428}c\u{10a01}d", 7); +testRegExpInbounds(/ab\u{10400}c\u{10a01}d|ab\u{10400}c\u{10a01}/iu, "ab\u{10428}c\u{10a01}d", 7); +testRegExpInbounds(/ab[\u{10428}x]c[\u{10a01}x]defg|ab\u{10428}c\u{10a01}def/u, "ab\u{10428}c\u{10a01}defg", 10); +testRegExpInbounds(/[\u{10428}x]abcd|\u{10428}abc/u, "\u{10428}abcdef", 5); +testRegExpInbounds(/ab\u{10400}c\u{10a01}[^d]|ab\u{10400}c\u{10a01}/iu, "ab\u{10428}c\u{10a01}X", 7); +testRegExpInbounds(/ab\u{10400}c\u{10a01}.|ab\u{10400}c\u{10a01}/iu, "ab\u{10428}c\u{10a01}d", 7); +testRegExpInbounds(/ab\u{10428}c\u{10a01}\u{1}|ab\u{10428}c\u{10a01}/iu, "ab\u{10428}c\u{10a01}\u{1}", 7); +testRegExpInbounds(/ab\u{10428}c\u{10a01}.|ab\u{10428}c\u{10a01}/u, "ab\u{10428}c\u{10a01}\u{1}", 7); +testRegExpInbounds(/ab\u{10428}c\u{10a01}[^x]|ab\u{10428}c\u{10a01}/u, "ab\u{10428}c\u{10a01}\u{1}", 7); Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog (242008 => 242009) --- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog 2019-02-24 01:07:20 UTC (rev 242008) +++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog 2019-02-24 01:07:27 UTC (rev 242009) @@ -1,3 +1,19 @@ +2019-02-15 Michael Saboff + +RELEASE_ASSERT at com.apple._javascript_Core: JSC::jsSubstringOfResolved +https://bugs.webkit.org/show_bug.cgi?id=194558 + +Reviewed by Saam Barati. + +Added an in bounds check before the read of the next character for Unicode regular expressions +for pattern generation that didn't already have such checks. + +* yarr/YarrJIT.cpp: +(JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): +(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): +(JSC::Yarr::YarrGenerator::generateCharacterClassOnce): +(JSC::Yarr::YarrGenerator::generateCharacterClassFixed): + 2019-02-15 Mark Lam SamplingProfiler::stackTracesAsJSON() should escape strings. Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/yarr/YarrJIT.cpp (242008 =>
[webkit-changes] [242008] releases/WebKitGTK/webkit-2.22
Title: [242008] releases/WebKitGTK/webkit-2.22 Revision 242008 Author ape...@igalia.com Date 2019-02-23 17:07:20 -0800 (Sat, 23 Feb 2019) Log Message Merged r241626 - Crash in the hit testing code via HTMLPlugInElement::isReplacementObscured() https://bugs.webkit.org/show_bug.cgi?id=194691 Reviewed by Simon Fraser. Source/WebCore: The crash was caused by HTMLPlugInElement::isReplacementObscured updating the document without updating the layout of ancestor documents (i.e. documents in which frame owner elements appear) even though it hit-tests against the top-level document's RenderView. Fixed the bug by updating the layout of the top-level document as needed. Test: plugins/unsupported-plugin-with-replacement-in-iframe-crash.html * html/HTMLPlugInElement.cpp: (WebCore::HTMLPlugInElement::isReplacementObscured): LayoutTests: Added a regression test. It hits the newly added debug assertion without the fix. * platform/mac-wk1/TestExpectations: Skip the test since DumpRenderTree doesn't support testRunner.setPluginSupportedMode. * plugins/unsupported-plugin-with-replacement-in-iframe-crash-expected.txt: Added. * plugins/unsupported-plugin-with-replacement-in-iframe-crash.html: Added. Modified Paths releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog releases/WebKitGTK/webkit-2.22/LayoutTests/platform/mac-wk1/TestExpectations releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.22/Source/WebCore/html/HTMLPlugInElement.cpp Added Paths releases/WebKitGTK/webkit-2.22/LayoutTests/plugins/unsupported-plugin-with-replacement-in-iframe-crash-expected.txt releases/WebKitGTK/webkit-2.22/LayoutTests/plugins/unsupported-plugin-with-replacement-in-iframe-crash.html Diff Modified: releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog (242007 => 242008) --- releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog 2019-02-24 01:07:11 UTC (rev 242007) +++ releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog 2019-02-24 01:07:20 UTC (rev 242008) @@ -1,3 +1,17 @@ +2019-02-15 Ryosuke Niwa + +Crash in the hit testing code via HTMLPlugInElement::isReplacementObscured() +https://bugs.webkit.org/show_bug.cgi?id=194691 + +Reviewed by Simon Fraser. + +Added a regression test. It hits the newly added debug assertion without the fix. + +* platform/mac-wk1/TestExpectations: Skip the test since DumpRenderTree doesn't support +testRunner.setPluginSupportedMode. +* plugins/unsupported-plugin-with-replacement-in-iframe-crash-expected.txt: Added. +* plugins/unsupported-plugin-with-replacement-in-iframe-crash.html: Added. + 2019-02-13 Ryosuke Niwa Crash in DOMTimer::fired Modified: releases/WebKitGTK/webkit-2.22/LayoutTests/platform/mac-wk1/TestExpectations (242007 => 242008) --- releases/WebKitGTK/webkit-2.22/LayoutTests/platform/mac-wk1/TestExpectations 2019-02-24 01:07:11 UTC (rev 242007) +++ releases/WebKitGTK/webkit-2.22/LayoutTests/platform/mac-wk1/TestExpectations 2019-02-24 01:07:20 UTC (rev 242008) @@ -121,6 +121,7 @@ http/tests/plugins/supported-plugin-on-specific-origin.html [ Skip ] http/tests/plugins/unsupported-plugin-on-specific-origin.html [ Skip ] plugins/unsupported-plugin.html [ Skip ] +plugins/unsupported-plugin-with-replacement-in-iframe-crash.html [ Skip ] # Color input is not yet implemented on Mac WK1. Currently, using it erroneously triggers an ASSERT_NOT_REACHED. webkit.org/b/119094 fast/forms/color/input-color-onchange-event.html [ Skip ] Added: releases/WebKitGTK/webkit-2.22/LayoutTests/plugins/unsupported-plugin-with-replacement-in-iframe-crash-expected.txt (0 => 242008) --- releases/WebKitGTK/webkit-2.22/LayoutTests/plugins/unsupported-plugin-with-replacement-in-iframe-crash-expected.txt (rev 0) +++ releases/WebKitGTK/webkit-2.22/LayoutTests/plugins/unsupported-plugin-with-replacement-in-iframe-crash-expected.txt 2019-02-24 01:07:20 UTC (rev 242008) @@ -0,0 +1,8 @@ +CONSOLE MESSAGE: line 28: 1. Updating the layout with an embed object inside an iframe +CONSOLE MESSAGE: line 22: 2. beforeload for the object fires and dirties the style tree +CONSOLE MESSAGE: line 29: Tried to use an unsupported plug-in. +CONSOLE MESSAGE: line 30: 3. Updated layout. The test passed. +This tests entering HTMLPlugInElement::isReplacementObscured() while the top document's style tree is dirty. +WebKit should update the layout of all documents and should not hit any debug assertions. + +PASS Added: releases/WebKitGTK/webkit-2.22/LayoutTests/plugins/unsupported-plugin-with-replacement-in-iframe-crash.html (0 => 242008) --- releases/WebKitGTK/webkit-2.22/LayoutTests/plugins/unsupported-plugin-with-replacement-in-iframe-crash.html (rev 0) +++ releases/WebKitGTK/webkit-2.22/LayoutTests/plugins/unsupported-plugin-with-replacement-in-iframe-crash.html 2019-02-24 01:07:20 UTC (rev 242008) @@ -0,0 +1,36 @@ + + + +This tests entering
[webkit-changes] [242007] releases/WebKitGTK/webkit-2.22
Title: [242007] releases/WebKitGTK/webkit-2.22 Revision 242007 Author ape...@igalia.com Date 2019-02-23 17:07:11 -0800 (Sat, 23 Feb 2019) Log Message Merged r241615 - SamplingProfiler::stackTracesAsJSON() should escape strings. https://bugs.webkit.org/show_bug.cgi?id=194649 Reviewed by Saam Barati. JSTests: * stress/sampling-profiler-stack-trace-with-double-quote-in-function-name.js: Added. * stress/type-profiler-with-double-quote-in-constructor-name.js: Added. * stress/type-profiler-with-double-quote-in-field-name.js: Added. * stress/type-profiler-with-double-quote-in-optional-field-name.js: Added. Source/_javascript_Core: Ditto for TypeSet::toJSONString() and TypeSet::toJSONString(). * runtime/SamplingProfiler.cpp: (JSC::SamplingProfiler::stackTracesAsJSON): * runtime/TypeSet.cpp: (JSC::TypeSet::toJSONString const): (JSC::StructureShape::toJSONString const): Modified Paths releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/runtime/SamplingProfiler.cpp releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/runtime/TypeSet.cpp Added Paths releases/WebKitGTK/webkit-2.22/JSTests/stress/sampling-profiler-stack-trace-with-double-quote-in-function-name.js releases/WebKitGTK/webkit-2.22/JSTests/stress/type-profiler-with-double-quote-in-constructor-name.js releases/WebKitGTK/webkit-2.22/JSTests/stress/type-profiler-with-double-quote-in-field-name.js releases/WebKitGTK/webkit-2.22/JSTests/stress/type-profiler-with-double-quote-in-optional-field-name.js Diff Modified: releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog (242006 => 242007) --- releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog 2019-02-24 01:07:02 UTC (rev 242006) +++ releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog 2019-02-24 01:07:11 UTC (rev 242007) @@ -1,3 +1,16 @@ +2019-02-15 Mark Lam + +SamplingProfiler::stackTracesAsJSON() should escape strings. +https://bugs.webkit.org/show_bug.cgi?id=194649 + + +Reviewed by Saam Barati. + +* stress/sampling-profiler-stack-trace-with-double-quote-in-function-name.js: Added. +* stress/type-profiler-with-double-quote-in-constructor-name.js: Added. +* stress/type-profiler-with-double-quote-in-field-name.js: Added. +* stress/type-profiler-with-double-quote-in-optional-field-name.js: Added. + 2019-02-15 Robin Morisset CodeBlock::jettison should clear related watchpoints https://bugs.webkit.org/show_bug.cgi?id=194544 Added: releases/WebKitGTK/webkit-2.22/JSTests/stress/sampling-profiler-stack-trace-with-double-quote-in-function-name.js (0 => 242007) --- releases/WebKitGTK/webkit-2.22/JSTests/stress/sampling-profiler-stack-trace-with-double-quote-in-function-name.js (rev 0) +++ releases/WebKitGTK/webkit-2.22/JSTests/stress/sampling-profiler-stack-trace-with-double-quote-in-function-name.js 2019-02-24 01:07:11 UTC (rev 242007) @@ -0,0 +1,20 @@ +//@ runDefault("--useConcurrentJIT=false") + +function foo() { +let obj = {}; +for (let i = 0; i < 10; ++i) + obj[i + 'p'] = i; +} +noInline(foo); + +function test() { +for (let i = 0; i < 1000; ++i) { +foo(); +let stacktraces = samplingProfilerStackTraces(); +for (let stackTrace of stacktraces) { } +} +} + +startSamplingProfiler(); +foo.displayName = '"'; +test(); Added: releases/WebKitGTK/webkit-2.22/JSTests/stress/type-profiler-with-double-quote-in-constructor-name.js (0 => 242007) --- releases/WebKitGTK/webkit-2.22/JSTests/stress/type-profiler-with-double-quote-in-constructor-name.js (rev 0) +++ releases/WebKitGTK/webkit-2.22/JSTests/stress/type-profiler-with-double-quote-in-constructor-name.js 2019-02-24 01:07:11 UTC (rev 242007) @@ -0,0 +1,17 @@ +//@ runDefault("--useTypeProfiler=true") + +var findTypeForExpression = $vm.findTypeForExpression; + +function wrapper(x) { +class Base { +constructor() { } +}; + +var baseInstance = new Base; +Base.displayName = '"'; +} +wrapper(); + +var types = findTypeForExpression(wrapper, "baseInstance = new Base"); +JSON.stringify(types) + Added: releases/WebKitGTK/webkit-2.22/JSTests/stress/type-profiler-with-double-quote-in-field-name.js (0 => 242007) --- releases/WebKitGTK/webkit-2.22/JSTests/stress/type-profiler-with-double-quote-in-field-name.js (rev 0) +++ releases/WebKitGTK/webkit-2.22/JSTests/stress/type-profiler-with-double-quote-in-field-name.js 2019-02-24 01:07:11 UTC (rev 242007) @@ -0,0 +1,17 @@ +//@ runDefault("--useTypeProfiler=true") + +var findTypeForExpression = $vm.findTypeForExpression; + +function wrapper(x) { +class Base { +constructor() { +this['"'] = true; +} +
[webkit-changes] [242002] releases/WebKitGTK/webkit-2.22/Source/WebCore
Title: [242002] releases/WebKitGTK/webkit-2.22/Source/WebCore Revision 242002 Author ape...@igalia.com Date 2019-02-23 17:06:34 -0800 (Sat, 23 Feb 2019) Log Message Merged r239814 - ThreadTimers should not store a raw pointer in its heap https://bugs.webkit.org/show_bug.cgi?id=192975 Reviewed by Geoffrey Garen. Right now, ThreadTimers's heap data structure stores a raw pointer to TimerBase. In order to harden the timer code, this patch replaces it with ThreadTimerHeapItem, a newly introduced struct, which effectively acks like WeakReference as the timer heap and TimerBase both store RefPtr to it, and TimerBase's destructor clears the raw pointer back to TimerBase*. This approach was taken instead of an out-right adoptation of WeakPtr since the heap data structure requires each node in the heap to have a fixed "priority" yet WeakPtr with no valid pointer back to TimerBase would effectively lose its "priority" thereby corrupting the heap data structure. That is, each item in the heap must remember its fire time and insertion order even when the underlying TimerBase had gone away (this should never happen but the whole point of this hardening is to make it work even in the precense of such a bug). This patch also moves the heap index in TimerBase to ThreadTimerHeapItem, and replaces the pointer to the heap vector in TimerBase by a reference to ThreadTimers in ThreadTimerHeapItem. Note that ThreadTimers is a per-thread singleton. The correctness of this hardening was tested by commenting out the call to stop() and !isInHeap() assertion in TimerBase::~TimerBase() as well as the !isInHeap() assertion in ThreadTimerHeapItem::clearTimer() and observing that layout tests run successfully without hitting any debug assertions. No new tests since there should be no observable behavior difference. * WebCore.xcodeproj/project.pbxproj: Export ThreadTimers.h as a private header since it's now included in Timer.h * platform/ThreadTimers.cpp: (WebCore::ThreadTimers::updateSharedTimer): Delete ThreadTimerHeapItem's with nullptr TimerBase* (TimerBase had already been deleted). This should only happen when TimerBase's destructor failed to remove itself from the timer heap, which should never happen. (WebCore::ThreadTimers::sharedTimerFiredInternal): Ditto. Also removed the redundant code which had removed the timer from the heap since setNextFireTime does the removal already. * platform/ThreadTimers.h: Outdented the whole file. (WebCore::ThreadTimers::timerHeap): We use Vector> instead of Vector> since Ref<~> doesn't have a copy constructor which is used by std::push_heap. (WebCore::ThreadTimerHeapItem): Added. (WebCore::ThreadTimerHeapItem::hasTimer const): Added. (WebCore::ThreadTimerHeapItem::setNotInHeap): Added. ThreadTimerHeapItem uses unsigned -1 as the single value which signifies the item not being in the heap instead of all negative values as in the old code in TimerBase. (WebCore::ThreadTimerHeapItem::isInHeap const): Added. (WebCore::ThreadTimerHeapItem::isFirstInHeap const): Added. (WebCore::ThreadTimerHeapItem::timer): Added. (WebCore::ThreadTimerHeapItem::clearTimer): Added. (WebCore::ThreadTimerHeapItem::heapIndex const): Added. (WebCore::ThreadTimerHeapItem::setHeapIndex): Added. (WebCore::ThreadTimerHeapItem::timerHeap const): Added. * platform/Timer.cpp: (WebCore::threadGlobalTimerHeap): This function is now only used in assertions. (WebCore::ThreadTimerHeapItem::ThreadTimerHeapItem): Added. (WebCore::ThreadTimerHeapItem::create): Added. (WebCore::TimerHeapPointer::TimerHeapPointer): (WebCore::TimerHeapPointer::operator-> const): (WebCore::TimerHeapReference::TimerHeapReference): Added a copy constructor. (WebCore::TimerHeapReference::copyRef const): Added. (WebCore::TimerHeapReference::operator RefPtr& const): (WebCore::TimerHeapPointer::operator* const): (WebCore::TimerHeapReference::operator=): Use move assignment operator. (WebCore::TimerHeapReference::swapWith): (WebCore::TimerHeapReference::updateHeapIndex): Extracted to share code between two verions of operator=. (WebCore::swap): (WebCore::TimerHeapIterator::TimerHeapIterator): (WebCore::TimerHeapIterator::operator-> const): (WebCore::TimerHeapLessThanFunction::compare): Added variants which take RefPtr. (WebCore::TimerHeapLessThanFunction::operator() const): (WebCore::TimerBase::TimerBase): (WebCore::TimerBase::~TimerBase):Clear the raw pointer in ThreadTimerHeapItem. (WebCore::TimerBase::stop): (WebCore::TimerBase::nextFireInterval const): (WebCore::TimerBase::checkHeapIndex const): Added the consistency check for other items in the heap. (WebCore::TimerBase::checkConsistency const): (WebCore::TimerBase::heapDecreaseKey): (WebCore::TimerBase::heapDelete): (WebCore::TimerBase::heapDeleteMin): (WebCore::TimerBase::heapIncreaseKey): (WebCore::TimerBase::heapInsert): (WebCore::TimerBase::heapPop): (WebCore::TimerBase::heapPopMin): (WebCore::TimerBase::heapDeleteNullMin): Added. Used to delete ThreadTimerHeapItem which no longer has a
[webkit-changes] [242001] releases/WebKitGTK/webkit-2.22
Title: [242001] releases/WebKitGTK/webkit-2.22 Revision 242001 Author ape...@igalia.com Date 2019-02-23 17:06:25 -0800 (Sat, 23 Feb 2019) Log Message Merged r241480 - Further restricting webarchive loads https://bugs.webkit.org/show_bug.cgi?id=194567 Reviewed by Youenn Fablet. Source/WebCore: This patch futher restricts main frame webarchive loads to the followings: 1) loaded by clients; 2) loaded by drag; 3) reloaded from any of the previous two. It moves setAlwaysAllowLocalWebarchive, which is used for testing only, from Document to FrameLoader such that the option is remembered during redirections. Covered by API tests. * dom/Document.h: (WebCore::Document::setAlwaysAllowLocalWebarchive): Deleted. (WebCore::Document::alwaysAllowLocalWebarchive const): Deleted. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::disallowWebArchive const): * loader/DocumentLoader.h: (WebCore::DocumentLoader::setAllowsWebArchiveForMainFrame): (WebCore::DocumentLoader::allowsWebArchiveForMainFrame): * loader/FrameLoadRequest.h: (WebCore::FrameLoadRequest::setIsRequestFromClientOrUserInput): (WebCore::FrameLoadRequest::isRequestFromClientOrUserInput): * loader/FrameLoader.cpp: (WebCore::FrameLoader::load): (WebCore::FrameLoader::reload): * loader/FrameLoader.h: (WebCore::FrameLoader::setAlwaysAllowLocalWebarchive): (WebCore::FrameLoader::alwaysAllowLocalWebarchive const): * page/DragController.cpp: (WebCore::DragController::performDragOperation): * testing/Internals.cpp: (WebCore::Internals::setAlwaysAllowLocalWebarchive const): * testing/Internals.h: * testing/Internals.idl: Source/WebKit: * WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::loadRequest): Set a flag to indicate a load is started from clients. Tools: Besides adding API tests, this patch also enhances DragAndDropSimulator to allow navigations on drop. * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/mac/LoadWebArchive.mm: Added. (-[TestLoadWebArchiveNavigationDelegate webView:didFinishNavigation:]): (-[TestLoadWebArchiveNavigationDelegate webView:didFailProvisionalNavigation:withError:]): (-[TestLoadWebArchiveNavigationDelegate webView:createWebViewWithConfiguration:forNavigationAction:windowFeatures:]): (TestWebKitAPI::TEST): * TestWebKitAPI/Tests/mac/helloworld.webarchive: Added. * TestWebKitAPI/Tests/mac/load-web-archive-1.html: Added. * TestWebKitAPI/Tests/mac/load-web-archive-2.html: Added. * TestWebKitAPI/cocoa/DragAndDropSimulator.h: * TestWebKitAPI/mac/DragAndDropSimulatorMac.mm: (-[DragAndDropSimulator initWithWebViewFrame:configuration:]): (-[DragAndDropSimulator _webView:dragDestinationActionMaskForDraggingInfo:]): LayoutTests: * platform/mac/fast/loader/webarchive-encoding-respected.html: * webarchive/loading/cache-expired-subresource.html: * webarchive/loading/_javascript_-url-iframe-crash.html: * webarchive/loading/mainresource-null-mimetype-crash.html: * webarchive/loading/missing-data.html: * webarchive/loading/object.html: * webarchive/loading/test-loading-archive-subresource-null-mimetype.html: * webarchive/loading/test-loading-archive-subresource.html: * webarchive/loading/test-loading-archive.html: * webarchive/loading/test-loading-top-archive.html: * webarchive/loading/video-in-webarchive.html: Modified Paths releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog releases/WebKitGTK/webkit-2.22/LayoutTests/platform/mac/fast/loader/webarchive-encoding-respected.html releases/WebKitGTK/webkit-2.22/LayoutTests/webarchive/loading/cache-expired-subresource.html releases/WebKitGTK/webkit-2.22/LayoutTests/webarchive/loading/_javascript_-url-iframe-crash.html releases/WebKitGTK/webkit-2.22/LayoutTests/webarchive/loading/mainresource-null-mimetype-crash.html releases/WebKitGTK/webkit-2.22/LayoutTests/webarchive/loading/missing-data.html releases/WebKitGTK/webkit-2.22/LayoutTests/webarchive/loading/object.html releases/WebKitGTK/webkit-2.22/LayoutTests/webarchive/loading/test-loading-archive-subresource-null-mimetype.html releases/WebKitGTK/webkit-2.22/LayoutTests/webarchive/loading/test-loading-archive-subresource.html releases/WebKitGTK/webkit-2.22/LayoutTests/webarchive/loading/test-loading-archive.html releases/WebKitGTK/webkit-2.22/LayoutTests/webarchive/loading/test-loading-top-archive.html releases/WebKitGTK/webkit-2.22/LayoutTests/webarchive/loading/video-in-webarchive.html releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.22/Source/WebCore/dom/Document.h releases/WebKitGTK/webkit-2.22/Source/WebCore/loader/DocumentLoader.cpp releases/WebKitGTK/webkit-2.22/Source/WebCore/loader/DocumentLoader.h releases/WebKitGTK/webkit-2.22/Source/WebCore/loader/FrameLoadRequest.h releases/WebKitGTK/webkit-2.22/Source/WebCore/loader/FrameLoader.cpp releases/WebKitGTK/webkit-2.22/Source/WebCore/loader/FrameLoader.h releases/WebKitGTK/webkit-2.22/Source/WebCore/page/DragController.cpp releases/WebKitGTK/webkit-2.22/Source/WebCore/testing/Internals.cpp
[webkit-changes] [242005] releases/WebKitGTK/webkit-2.22/Tools
Title: [242005] releases/WebKitGTK/webkit-2.22/Tools Revision 242005 Author ape...@igalia.com Date 2019-02-23 17:06:55 -0800 (Sat, 23 Feb 2019) Log Message Merged r241553 - Unreviewed, build fix after r241480 * TestWebKitAPI/ios/DragAndDropSimulatorIOS.mm: (-[DragAndDropSimulator initWithWebViewFrame:configuration:]): (-[DragAndDropSimulator initWithWebView:]): Modified Paths releases/WebKitGTK/webkit-2.22/Tools/ChangeLog releases/WebKitGTK/webkit-2.22/Tools/TestWebKitAPI/ios/DragAndDropSimulatorIOS.mm Diff Modified: releases/WebKitGTK/webkit-2.22/Tools/ChangeLog (242004 => 242005) --- releases/WebKitGTK/webkit-2.22/Tools/ChangeLog 2019-02-24 01:06:49 UTC (rev 242004) +++ releases/WebKitGTK/webkit-2.22/Tools/ChangeLog 2019-02-24 01:06:55 UTC (rev 242005) @@ -1,3 +1,11 @@ +2019-02-14 Jiewen Tan + +Unreviewed, build fix after r241480 + +* TestWebKitAPI/ios/DragAndDropSimulatorIOS.mm: +(-[DragAndDropSimulator initWithWebViewFrame:configuration:]): +(-[DragAndDropSimulator initWithWebView:]): + 2019-02-12 Jiewen Tan Further restricting webarchive loads Modified: releases/WebKitGTK/webkit-2.22/Tools/TestWebKitAPI/ios/DragAndDropSimulatorIOS.mm (242004 => 242005) --- releases/WebKitGTK/webkit-2.22/Tools/TestWebKitAPI/ios/DragAndDropSimulatorIOS.mm 2019-02-24 01:06:49 UTC (rev 242004) +++ releases/WebKitGTK/webkit-2.22/Tools/TestWebKitAPI/ios/DragAndDropSimulatorIOS.mm 2019-02-24 01:06:55 UTC (rev 242005) @@ -325,7 +325,6 @@ - (instancetype)initWithWebViewFrame:(CGRect)frame configuration:(WKWebViewConfiguration *)configuration { -self.dragDestinationAction = WKDragDestinationActionAny & ~WKDragDestinationActionLoad; if (configuration) return [self initWithWebView:[[[TestWKWebView alloc] initWithFrame:frame configuration:configuration] autorelease]]; @@ -341,6 +340,7 @@ _isDoneWaitingForInputSession = true; [_webView setUIDelegate:self]; [_webView _setInputDelegate:self]; +self.dragDestinationAction = WKDragDestinationActionAny & ~WKDragDestinationActionLoad; } return self; } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [242004] releases/WebKitGTK/webkit-2.22
Title: [242004] releases/WebKitGTK/webkit-2.22 Revision 242004 Author ape...@igalia.com Date 2019-02-23 17:06:49 -0800 (Sat, 23 Feb 2019) Log Message Merged r241499 - Crash in DOMTimer::fired https://bugs.webkit.org/show_bug.cgi?id=194638 Reviewed by Brent Fulgham. Source/WebCore: This patch continues the saga of hunting down timer related crashes after r239814, r225985, r227934. The crash was caused by the bug that we don't remove a DOMTimer from NestedTimersMap if a DOMTimer is created & installed inside another DOMTimer's callback (via execute call in DOMTimer::fired). Fixed the crash by using a Ref in NestedTimersMap. This will keep the timer alive until we exit from DOMTimer::fired. Because DOMTimer::fired always calls stopTracking() which clears the map we would not leak these DOM timers. We could, alternatively, use WeakPtr in NestedTimersMap but that would unnecessarily increase the size of DOMTimer for a very marginal benefit of DOMTimer objcets being deleted slightly earlier. Deleting itself in DOMTimer's destructor involves more logic & house keeping in the timer code, and is no longer the preferred approach when dealing with these classes of bugs in WebKit. Test: fast/dom/timer-destruction-during-firing.html * page/DOMTimer.cpp: (WebCore::NestedTimersMap::add): (WebCore::DOMTimer::install): (WebCore::DOMTimer::fired): LayoutTests: Added a regression test. It needs debug assertions without the fix. * fast/dom/timer-destruction-during-firing-expected.txt: Added. * fast/dom/timer-destruction-during-firing.html: Added. Modified Paths releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.22/Source/WebCore/page/DOMTimer.cpp Added Paths releases/WebKitGTK/webkit-2.22/LayoutTests/fast/dom/timer-destruction-during-firing-expected.txt releases/WebKitGTK/webkit-2.22/LayoutTests/fast/dom/timer-destruction-during-firing.html Diff Modified: releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog (242003 => 242004) --- releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog 2019-02-24 01:06:41 UTC (rev 242003) +++ releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog 2019-02-24 01:06:49 UTC (rev 242004) @@ -1,3 +1,15 @@ +2019-02-13 Ryosuke Niwa + +Crash in DOMTimer::fired +https://bugs.webkit.org/show_bug.cgi?id=194638 + +Reviewed by Brent Fulgham. + +Added a regression test. It needs debug assertions without the fix. + +* fast/dom/timer-destruction-during-firing-expected.txt: Added. +* fast/dom/timer-destruction-during-firing.html: Added. + 2019-02-12 Jiewen Tan Further restricting webarchive loads Added: releases/WebKitGTK/webkit-2.22/LayoutTests/fast/dom/timer-destruction-during-firing-expected.txt (0 => 242004) --- releases/WebKitGTK/webkit-2.22/LayoutTests/fast/dom/timer-destruction-during-firing-expected.txt (rev 0) +++ releases/WebKitGTK/webkit-2.22/LayoutTests/fast/dom/timer-destruction-during-firing-expected.txt 2019-02-24 01:06:49 UTC (rev 242004) @@ -0,0 +1,3 @@ +This tests deleting DOMTimer inside another DOMTimer. WebKit should not hit any debug assertions. + +PASS Added: releases/WebKitGTK/webkit-2.22/LayoutTests/fast/dom/timer-destruction-during-firing.html (0 => 242004) --- releases/WebKitGTK/webkit-2.22/LayoutTests/fast/dom/timer-destruction-during-firing.html (rev 0) +++ releases/WebKitGTK/webkit-2.22/LayoutTests/fast/dom/timer-destruction-during-firing.html 2019-02-24 01:06:49 UTC (rev 242004) @@ -0,0 +1,44 @@ + + + +This tests deleting DOMTimer inside another DOMTimer. WebKit should not hit any debug assertions. + + + +if (!window.testRunner) +document.getElementById('result').textContent = 'This test requires testRunner'; +else { +testRunner.dumpAsText(); +testRunner.waitUntilDone(); + +setTimeout(() => { +for (let k = 0; k < 50; k++) { +const frames = []; +for (let i = 0; i < 1; i++) +frames[i] = createTimerInNewFrame(); +for (const frame of frames) +frame.remove(); +frames.length = 0; +gc(); +} +self.postMessage('end', '*'); +}, 0); + +window._onmessage_ = () => { +document.getElementById('result').textContent = 'PASS'; +testRunner.notifyDone(); +} +} + +function createTimerInNewFrame() +{ +const frame = document.createElement('iframe'); +document.body.appendChild(frame); +frame.contentWindow.setTimeout(() => {}, 0); +return frame; +} + + + + Modified: releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog (242003 => 242004) --- releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog 2019-02-24 01:06:41 UTC (rev 242003) +++ releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog 2019-02-24 01:06:49 UTC (rev 242004) @@ -1,3 +1,31 @@ +2019-02-13 Ryosuke Niwa + +Crash in
[webkit-changes] [242000] releases/WebKitGTK/webkit-2.22
Title: [242000] releases/WebKitGTK/webkit-2.22 Revision 242000 Author ape...@igalia.com Date 2019-02-23 17:06:03 -0800 (Sat, 23 Feb 2019) Log Message Merged r241289 - AXObjectCache::childrenChanged shouldn't update layout or style during another style recalc https://bugs.webkit.org/show_bug.cgi?id=182280 Reviewed by Alan Bujtas. Source/WebCore: Remove the possibility that changing children calls back into updating layout by handling children changes in a deferred manner. This follows the same architecture as many other deferred changes, but also requires us to check deferred changes in updateBackingStore, because things like aria-hidden changes won't trigger a layout, but will require us to update children. A few tests had to be modified to no longer change the tree and then check the children immediately. * accessibility/AXObjectCache.cpp: (WebCore::AXObjectCache::remove): (WebCore::AXObjectCache::childrenChanged): (WebCore::AXObjectCache::prepareForDocumentDestruction): (WebCore::AXObjectCache::performDeferredCacheUpdate): * accessibility/AXObjectCache.h: * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::updateBackingStore): * accessibility/mac/WebAccessibilityObjectWrapperBase.mm: (convertToNSArray): (-[WebAccessibilityObjectWrapperBase updateObjectBackingStore]): LayoutTests: * accessibility/aria-hidden-update.html: * accessibility/aria-hidden-updates-alldescendants.html: * accessibility/image-load-on-delay.html: * accessibility/mac/aria-hidden-changes-for-non-ignored-elements.html: * accessibility/removed-anonymous-block-child-causes-crash.html: Modified Paths releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog releases/WebKitGTK/webkit-2.22/LayoutTests/accessibility/aria-hidden-update.html releases/WebKitGTK/webkit-2.22/LayoutTests/accessibility/aria-hidden-updates-alldescendants.html releases/WebKitGTK/webkit-2.22/LayoutTests/accessibility/image-load-on-delay.html releases/WebKitGTK/webkit-2.22/LayoutTests/accessibility/mac/aria-hidden-changes-for-non-ignored-elements.html releases/WebKitGTK/webkit-2.22/LayoutTests/accessibility/removed-anonymous-block-child-causes-crash.html releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.22/Source/WebCore/accessibility/AXObjectCache.cpp releases/WebKitGTK/webkit-2.22/Source/WebCore/accessibility/AXObjectCache.h releases/WebKitGTK/webkit-2.22/Source/WebCore/accessibility/AccessibilityObject.cpp releases/WebKitGTK/webkit-2.22/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperBase.mm Diff Modified: releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog (241999 => 242000) --- releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog 2019-02-24 01:05:52 UTC (rev 241999) +++ releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog 2019-02-24 01:06:03 UTC (rev 242000) @@ -1,3 +1,17 @@ +2019-02-08 Chris Fleizach + +AXObjectCache::childrenChanged shouldn't update layout or style during another style recalc +https://bugs.webkit.org/show_bug.cgi?id=182280 + + +Reviewed by Alan Bujtas. + +* accessibility/aria-hidden-update.html: +* accessibility/aria-hidden-updates-alldescendants.html: +* accessibility/image-load-on-delay.html: +* accessibility/mac/aria-hidden-changes-for-non-ignored-elements.html: +* accessibility/removed-anonymous-block-child-causes-crash.html: + 2019-01-18 Ali Juma FetchResponse::url should return the empty string for tainted responses Modified: releases/WebKitGTK/webkit-2.22/LayoutTests/accessibility/aria-hidden-update.html (241999 => 242000) --- releases/WebKitGTK/webkit-2.22/LayoutTests/accessibility/aria-hidden-update.html 2019-02-24 01:05:52 UTC (rev 241999) +++ releases/WebKitGTK/webkit-2.22/LayoutTests/accessibility/aria-hidden-update.html 2019-02-24 01:06:03 UTC (rev 242000) @@ -18,6 +18,7 @@if (window.accessibilityController) { +jsTestIsAsync = true; description("This test makes sure that when aria-hidden changes, the AX hierarchy is updated."); // Get the parent element. @@ -39,18 +40,24 @@ // Make the 2nd button hidden. Only 1 and 3 should be present. document.getElementById("button2").setAttribute("aria-hidden", "true");-shouldBeTrue("parent.childAtIndex(0).isEqual(button1)"); -shouldBeTrue("parent.childAtIndex(1).isEqual(button3)");+setTimeout(function() { +shouldBeTrue("parent.childAtIndex(0).isEqual(button1)"); +shouldBeTrue("parent.childAtIndex(1).isEqual(button3)");-// Make the 1st button hidden. Only 3 should be
[webkit-changes] [242003] releases/WebKitGTK/webkit-2.22/Source/WebCore
Title: [242003] releases/WebKitGTK/webkit-2.22/Source/WebCore Revision 242003 Author ape...@igalia.com Date 2019-02-23 17:06:41 -0800 (Sat, 23 Feb 2019) Log Message Merged r227934 - Add a release assertion to ensure timers are deleted in the right thread https://bugs.webkit.org/show_bug.cgi?id=182351 Reviewed by David Kilzer. Added a relese assertion in ~TimerBase that the current thread is the one in which the timer was created. We use canAccessThreadLocalDataForThread for this purpose since the condition is more complicated when WebThread is being used. * platform/Timer.cpp: (WebCore::TimerBase::~TimerBase): Added the assertion. * platform/Timer.h: (WebCore::TimerBase::m_thread): Always store the current thread in a timer. Modified Paths releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.22/Source/WebCore/platform/Timer.cpp Diff Modified: releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog (242002 => 242003) --- releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog 2019-02-24 01:06:34 UTC (rev 242002) +++ releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog 2019-02-24 01:06:41 UTC (rev 242003) @@ -1,3 +1,20 @@ +2018-01-31 Ryosuke Niwa + +Add a release assertion to ensure timers are deleted in the right thread +https://bugs.webkit.org/show_bug.cgi?id=182351 + +Reviewed by David Kilzer. + +Added a relese assertion in ~TimerBase that the current thread is the one in which the timer was created. + +We use canAccessThreadLocalDataForThread for this purpose since the condition is more complicated +when WebThread is being used. + +* platform/Timer.cpp: +(WebCore::TimerBase::~TimerBase): Added the assertion. +* platform/Timer.h: +(WebCore::TimerBase::m_thread): Always store the current thread in a timer. + 2019-01-09 Ryosuke Niwa ThreadTimers should not store a raw pointer in its heap Modified: releases/WebKitGTK/webkit-2.22/Source/WebCore/platform/Timer.cpp (242002 => 242003) --- releases/WebKitGTK/webkit-2.22/Source/WebCore/platform/Timer.cpp 2019-02-24 01:06:34 UTC (rev 242002) +++ releases/WebKitGTK/webkit-2.22/Source/WebCore/platform/Timer.cpp 2019-02-24 01:06:41 UTC (rev 242003) @@ -262,6 +262,7 @@ { ASSERT(canAccessThreadLocalDataForThread(m_thread.get())); RELEASE_ASSERT(canAccessThreadLocalDataForThread(m_thread.get()) || shouldSuppressThreadSafetyCheck()); +RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(canAccessThreadLocalDataForThread(m_thread.get())); stop(); ASSERT(!inHeap()); if (m_heapItem) { ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [241999] releases/WebKitGTK/webkit-2.22
Title: [241999] releases/WebKitGTK/webkit-2.22 Revision 241999 Author ape...@igalia.com Date 2019-02-23 17:05:52 -0800 (Sat, 23 Feb 2019) Log Message Merged r241228 - Nodes that rely on being dominated by CheckInBounds should have a child edge to it https://bugs.webkit.org/show_bug.cgi?id=194334 Reviewed by Mark Lam. JSTests: * stress/check-in-bounds-should-be-a-child-use.js: Added. (func): Source/_javascript_Core: * dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter::executeEffects): * dfg/DFGArgumentsEliminationPhase.cpp: * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGClobberize.h: (JSC::DFG::clobberize): * dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): (JSC::DFG::FixupPhase::convertToHasIndexedProperty): * dfg/DFGIntegerCheckCombiningPhase.cpp: (JSC::DFG::IntegerCheckCombiningPhase::handleBlock): * dfg/DFGIntegerRangeOptimizationPhase.cpp: * dfg/DFGNodeType.h: * dfg/DFGSSALoweringPhase.cpp: (JSC::DFG::SSALoweringPhase::lowerBoundsCheck): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty): * ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileCheckInBounds): (JSC::FTL::DFG::LowerDFGToB3::compileHasIndexedProperty): Modified Paths releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGArgumentsEliminationPhase.cpp releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGClobberize.h releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGFixupPhase.cpp releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGIntegerCheckCombiningPhase.cpp releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGIntegerRangeOptimizationPhase.cpp releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGNodeType.h releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGSSALoweringPhase.cpp releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp Added Paths releases/WebKitGTK/webkit-2.22/JSTests/stress/check-in-bounds-should-be-a-child-use.js Diff Modified: releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog (241998 => 241999) --- releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog 2019-02-24 00:57:25 UTC (rev 241998) +++ releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog 2019-02-24 01:05:52 UTC (rev 241999) @@ -1,3 +1,14 @@ +2019-02-08 Saam barati + +Nodes that rely on being dominated by CheckInBounds should have a child edge to it +https://bugs.webkit.org/show_bug.cgi?id=194334 + + +Reviewed by Mark Lam. + +* stress/check-in-bounds-should-be-a-child-use.js: Added. +(func): + 2018-12-19 Mark Lam JSPropertyNameEnumerator should cache the iterated object's structure only after getting its property names. Added: releases/WebKitGTK/webkit-2.22/JSTests/stress/check-in-bounds-should-be-a-child-use.js (0 => 241999) --- releases/WebKitGTK/webkit-2.22/JSTests/stress/check-in-bounds-should-be-a-child-use.js (rev 0) +++ releases/WebKitGTK/webkit-2.22/JSTests/stress/check-in-bounds-should-be-a-child-use.js 2019-02-24 01:05:52 UTC (rev 241999) @@ -0,0 +1,16 @@ +//@ runDefault("--useConcurrentJIT=0", "--thresholdForFTLOptimizeAfterWarmUp=100") + +const hello = [1337,1337,1337,1337]; +const arr = [1337,1337]; + +function func(arg) { +for (let p in arg) { +arg.a = 42; +const val = arg[-698666199]; +} +} + +for (let i = 0; i < 1; ++i) { +const a = func(arr); +const b = func(1337); +} Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog (241998 => 241999) --- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog 2019-02-24 00:57:25 UTC (rev 241998) +++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog 2019-02-24 01:05:52 UTC (rev 241999) @@ -1,3 +1,35 @@ +2019-02-08 Saam barati + +Nodes that rely on being dominated by CheckInBounds should have a child edge to it +https://bugs.webkit.org/show_bug.cgi?id=194334 + + +Reviewed by Mark Lam. + +* dfg/DFGAbstractInterpreterInlines.h: +(JSC::DFG::AbstractInterpreter::executeEffects): +* dfg/DFGArgumentsEliminationPhase.cpp: +* dfg/DFGByteCodeParser.cpp: +(JSC::DFG::ByteCodeParser::parseBlock): +* dfg/DFGClobberize.h: +(JSC::DFG::clobberize): +* dfg/DFGConstantFoldingPhase.cpp: +
[webkit-changes] [241998] trunk/Source/WTF
Title: [241998] trunk/Source/WTF Revision 241998 Author mcatanz...@igalia.com Date 2019-02-23 16:57:25 -0800 (Sat, 23 Feb 2019) Log Message Unreviewed, fix find/replace error from r232178 Looks like this was the only such error in that commit. * wtf/URLHelpers.cpp: (WTF::URLHelpers::isLookalikeCharacter): Modified Paths trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/URLHelpers.cpp Diff Modified: trunk/Source/WTF/ChangeLog (241997 => 241998) --- trunk/Source/WTF/ChangeLog 2019-02-24 00:03:37 UTC (rev 241997) +++ trunk/Source/WTF/ChangeLog 2019-02-24 00:57:25 UTC (rev 241998) @@ -1,3 +1,12 @@ +2019-02-23 Michael Catanzaro + +Unreviewed, fix find/replace error from r232178 + +Looks like this was the only such error in that commit. + +* wtf/URLHelpers.cpp: +(WTF::URLHelpers::isLookalikeCharacter): + 2019-02-23 Mark Lam Add an exception check and some assertions in StringPrototype.cpp. Modified: trunk/Source/WTF/wtf/URLHelpers.cpp (241997 => 241998) --- trunk/Source/WTF/wtf/URLHelpers.cpp 2019-02-24 00:03:37 UTC (rev 241997) +++ trunk/Source/WTF/wtf/URLHelpers.cpp 2019-02-24 00:57:25 UTC (rev 241998) @@ -180,8 +180,8 @@ case 0x233F: /* APL FUNCTIONAL SYMBOL SLASH BAR */ case 0x23AE: /* INTEGRAL EXTENSION */ case 0x244A: /* OCR DOUBLE BACKSLASH */ -case 0x2571: /* DisplayType::Box DRAWINGS LIGHT DIAGONAL UPPER RIGHT TO LOWER LEFT */ -case 0x2572: /* DisplayType::Box DRAWINGS LIGHT DIAGONAL UPPER LEFT TO LOWER RIGHT */ +case 0x2571: /* BOX DRAWINGS LIGHT DIAGONAL UPPER RIGHT TO LOWER LEFT */ +case 0x2572: /* BOX DRAWINGS LIGHT DIAGONAL UPPER LEFT TO LOWER RIGHT */ case 0x29F6: /* SOLIDUS WITH OVERBAR */ case 0x29F8: /* BIG SOLIDUS */ case 0x2AFB: /* TRIPLE SOLIDUS BINARY RELATION */ ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [241997] trunk/Source
Title: [241997] trunk/Source Revision 241997 Author simon.fra...@apple.com Date 2019-02-23 16:03:37 -0800 (Sat, 23 Feb 2019) Log Message Remove remnants of iOS WK1 scrolling tree code https://bugs.webkit.org/show_bug.cgi?id=194980 Reviewed by Sam Weinig. Source/WebCore: Remove ScrollingTreeIOS and ScrollingCoordinatorIOS which were never instantiated, to reduce maintenance costs and simplify. Merge ScrollingTreeFrameScrollingNodeIOS into ScrollingTreeFrameScrollingNodeRemoteIOS since that was the only concrete subclass, removing code which never applies to iOS WK2 (e.g. the synchronous scrolling code path). * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: * page/FrameView.h: * page/scrolling/ScrollingCoordinator.cpp: * page/scrolling/ScrollingTree.h: * page/scrolling/ScrollingTreeFrameScrollingNode.h: * page/scrolling/ScrollingTreeNode.h: * page/scrolling/ScrollingTreeScrollingNode.cpp: (WebCore::ScrollingTreeScrollingNode::handleWheelEvent): * page/scrolling/ScrollingTreeScrollingNode.h: (WebCore::ScrollingTreeScrollingNode::updateLayersAfterDelegatedScroll): Deleted. (WebCore::ScrollingTreeScrollingNode::scrollableAreaSize const): Deleted. (WebCore::ScrollingTreeScrollingNode::totalContentsSize const): Deleted. (WebCore::ScrollingTreeScrollingNode::horizontalSnapOffsets const): Deleted. (WebCore::ScrollingTreeScrollingNode::verticalSnapOffsets const): Deleted. (WebCore::ScrollingTreeScrollingNode::horizontalSnapOffsetRanges const): Deleted. (WebCore::ScrollingTreeScrollingNode::verticalSnapOffsetRanges const): Deleted. (WebCore::ScrollingTreeScrollingNode::currentHorizontalSnapPointIndex const): Deleted. (WebCore::ScrollingTreeScrollingNode::currentVerticalSnapPointIndex const): Deleted. (WebCore::ScrollingTreeScrollingNode::setCurrentHorizontalSnapPointIndex): Deleted. (WebCore::ScrollingTreeScrollingNode::setCurrentVerticalSnapPointIndex): Deleted. (WebCore::ScrollingTreeScrollingNode::useDarkAppearanceForScrollbars const): Deleted. (WebCore::ScrollingTreeScrollingNode::lastCommittedScrollPosition const): Deleted. (WebCore::ScrollingTreeScrollingNode::reachableContentsSize const): Deleted. (WebCore::ScrollingTreeScrollingNode::parentRelativeScrollableRect const): Deleted. (WebCore::ScrollingTreeScrollingNode::scrollOrigin const): Deleted. (WebCore::ScrollingTreeScrollingNode::totalContentsSizeForRubberBand const): Deleted. (WebCore::ScrollingTreeScrollingNode::setTotalContentsSizeForRubberBand): Deleted. (WebCore::ScrollingTreeScrollingNode::horizontalScrollElasticity const): Deleted. (WebCore::ScrollingTreeScrollingNode::verticalScrollElasticity const): Deleted. (WebCore::ScrollingTreeScrollingNode::hasEnabledHorizontalScrollbar const): Deleted. (WebCore::ScrollingTreeScrollingNode::hasEnabledVerticalScrollbar const): Deleted. (WebCore::ScrollingTreeScrollingNode::canHaveScrollbars const): Deleted. (WebCore::ScrollingTreeScrollingNode::expectsWheelEventTestTrigger const): Deleted. (WebCore::ScrollingTreeScrollingNode::scrollContainerLayer const): Deleted. (WebCore::ScrollingTreeScrollingNode::scrolledContentsLayer const): Deleted. * page/scrolling/ios/ScrollingCoordinatorIOS.h: Removed. * page/scrolling/ios/ScrollingCoordinatorIOS.mm: Removed. * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.h: Removed. * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.mm: Removed. * page/scrolling/ios/ScrollingTreeIOS.cpp: Removed. * page/scrolling/ios/ScrollingTreeIOS.h: Removed. * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm: (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollPosition): Source/WebKit: Remove ScrollingTreeIOS and ScrollingCoordinatorIOS which were never instantiated. Merge ScrollingTreeFrameScrollingNodeIOS into ScrollingTreeFrameScrollingNodeRemoteIOS, removing code which never applies to iOS WK2 (e.g. the synchronous scrolling code path). * UIProcess/RemoteLayerTree/RemoteScrollingTree.cpp: * UIProcess/RemoteLayerTree/ios/ScrollingTreeFrameScrollingNodeRemoteIOS.h: * UIProcess/RemoteLayerTree/ios/ScrollingTreeFrameScrollingNodeRemoteIOS.mm: (WebKit::ScrollingTreeFrameScrollingNodeRemoteIOS::ScrollingTreeFrameScrollingNodeRemoteIOS): (WebKit::ScrollingTreeFrameScrollingNodeRemoteIOS::commitStateBeforeChildren): (WebKit::ScrollingTreeFrameScrollingNodeRemoteIOS::commitStateAfterChildren): (WebKit::ScrollingTreeFrameScrollingNodeRemoteIOS::minimumScrollPosition const): (WebKit::ScrollingTreeFrameScrollingNodeRemoteIOS::maximumScrollPosition const): (WebKit::ScrollingTreeFrameScrollingNodeRemoteIOS::scrollPosition const): (WebKit::ScrollingTreeFrameScrollingNodeRemoteIOS::setScrollPosition): (WebKit::ScrollingTreeFrameScrollingNodeRemoteIOS::setScrollLayerPosition): (WebKit::ScrollingTreeFrameScrollingNodeRemoteIOS::updateChildNodesAfterScroll): (WebKit::ScrollingTreeFrameScrollingNodeRemoteIOS::updateLayersAfterDelegatedScroll): (WebKit::ScrollingTreeFrameScrollingNodeRemoteIOS::updateLayersAfterViewportChange):
[webkit-changes] [241996] trunk
Title: [241996] trunk Revision 241996 Author justin_...@apple.com Date 2019-02-23 15:24:27 -0800 (Sat, 23 Feb 2019) Log Message [WebGPU] Buffer updates part 1: async mapping functions, unmap, and destroy https://bugs.webkit.org/show_bug.cgi?id=194665 Reviewed by Dean Jackson. Source/WebCore: Test: map-write-buffers.html. Other tests updated to match new API. * Modules/webgpu/WebGPUBindGroupDescriptor.cpp: Added. (WebCore::validateBufferBindingType): Ensure buffer binding usages match the binding type. (WebCore::WebGPUBindGroupDescriptor::asGPUBindGroupDescriptor const): Logic moved out from WebGPUDevice.cpp. * Modules/webgpu/WebGPUBindGroupDescriptor.h: * Modules/webgpu/WebGPUBuffer.cpp: Added GPUBuffer functionality. (WebCore::WebGPUBuffer::create): (WebCore::WebGPUBuffer::WebGPUBuffer): (WebCore::WebGPUBuffer::mapReadAsync): (WebCore::WebGPUBuffer::mapWriteAsync): (WebCore::WebGPUBuffer::unmap): (WebCore::WebGPUBuffer::destroy): (WebCore::WebGPUBuffer::rejectOrRegisterPromiseCallback): Register a mapping request on the GPUBuffer, if valid. * Modules/webgpu/WebGPUBuffer.h: (WebCore::WebGPUBuffer::buffer const): (WebCore::WebGPUBuffer::mapping const): Deleted. * Modules/webgpu/WebGPUBuffer.idl: Update to latest API and enable every function except setSubData. * Modules/webgpu/WebGPUCommandBuffer.cpp: (WebCore::WebGPUCommandBuffer::beginRenderPass): Renamed descriptor conversion method. * Modules/webgpu/WebGPUDevice.cpp: (WebCore::WebGPUDevice::createBuffer const): Update to non-nullable return type. (WebCore::WebGPUDevice::createBindGroup const): Move descriptor validation logic to descriptor implementation. * Modules/webgpu/WebGPUDevice.h: * Modules/webgpu/WebGPURenderPassDescriptor.cpp: (WebCore::WebGPURenderPassDescriptor::asGPURenderPassDescriptor const): Renamed from validateAndConvertToGPUVersion. * Modules/webgpu/WebGPURenderPassEncoder.cpp: (WebCore::WebGPURenderPassEncoder::setVertexBuffers): Add validation for submitted buffers. * platform/graphics/gpu/GPUBuffer.cpp: Added. (WebCore::GPUBuffer::PendingMappingCallback::PendingMappingCallback): New struct for retaining a reference to mapping callbacks. * platform/graphics/gpu/GPUBuffer.h: Add functionality to retain callbacks and usage bits. (WebCore::GPUBuffer::isVertex const): (WebCore::GPUBuffer::isUniform const): (WebCore::GPUBuffer::isStorage const): (WebCore::GPUBuffer::isReadOnly const): (WebCore::GPUBuffer::PendingMapPromise::create): (WebCore::GPUBuffer::isMappable const): (WebCore::GPUBuffer::isMapWriteable const): (WebCore::GPUBuffer::isMapReadable const): (WebCore::GPUBuffer::mapping const): Deleted. * platform/graphics/gpu/GPUBufferUsage.h: enum class cannot be logical ORed together. * platform/graphics/gpu/GPUDevice.cpp: (WebCore::GPUDevice::tryCreateBuffer const): Renamed from createBuffer. (WebCore::GPUDevice::createBuffer const): Deleted. * platform/graphics/gpu/GPUDevice.h: * platform/graphics/gpu/cocoa/GPUBufferMetal.mm: (WebCore::GPUBuffer::tryCreateSharedBuffer): Attempt to create a MTLBuffer with shared memory. (WebCore::GPUBuffer::tryCreate): No longer use Gigacage-allocated memory for MTLBuffer. (WebCore::GPUBuffer::GPUBuffer): (WebCore::GPUBuffer::~GPUBuffer): (WebCore::GPUBuffer::registerMappingCallback): Register the provided callback to be executed when the staging buffer can be safely exposed. (WebCore::GPUBuffer::stagingBufferForRead): Prepare the arrayBuffer for reading and run the mapping callback. (WebCore::GPUBuffer::stagingBufferForWrite): Ditto, but for writing. (WebCore::GPUBuffer::unmap): If needed, copy the staging ArrayBuffer to the MTLBuffer. Unregister any mapping callback. (WebCore::GPUBuffer::destroy): Stub implementation for now. Frees the MTLBuffer as soon as possible. (WebCore::GPUBuffer::create): Deleted. * platform/graphics/gpu/cocoa/GPUProgrammablePassEncoderMetal.mm: (WebCore::GPUProgrammablePassEncoder::setResourceAsBufferOnEncoder): Ensure only read-only GPUBuffers are used as read-only on the GPU. Add symbols for new files: * Sources.txt: * WebCore.xcodeproj/project.pbxproj: LayoutTests: Rewrite buffers.html -> map-write-buffers.html to test new functionality. Rewrite other affected tests to use mapWriteAsync. * webgpu/buffer-resource-triangles.html: * webgpu/buffers-expected.txt: Renamed to map-write-buffers-expected.txt. * webgpu/buffers.html: Renamed to map-write-buffers.html. * webgpu/depth-enabled-triangle-strip.html: * webgpu/map-write-buffers-expected.txt: Renamed from buffers-expected.txt. * webgpu/map-write-buffers.html: Renamed from buffers.html. * webgpu/vertex-buffer-triangle-strip.html: * platform/mac/TestExpectations: Skip all webgpu tests on macOS 10.12 bots. Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/platform/mac/TestExpectations trunk/LayoutTests/webgpu/buffer-resource-triangles.html trunk/LayoutTests/webgpu/depth-enabled-triangle-strip.html trunk/LayoutTests/webgpu/vertex-buffer-triangle-strip.html trunk/Source/WebCore/ChangeLog
[webkit-changes] [241995] trunk/Source/JavaScriptCore
Title: [241995] trunk/Source/_javascript_Core Revision 241995 Author mcatanz...@igalia.com Date 2019-02-23 12:49:39 -0800 (Sat, 23 Feb 2019) Log Message Unreviewed, fix -Wunused-param warning * jsc.cpp: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/jsc.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (241994 => 241995) --- trunk/Source/_javascript_Core/ChangeLog 2019-02-23 19:11:50 UTC (rev 241994) +++ trunk/Source/_javascript_Core/ChangeLog 2019-02-23 20:49:39 UTC (rev 241995) @@ -1,3 +1,9 @@ +2019-02-23 Michael Catanzaro + +Unreviewed, fix -Wunused-param warning + +* jsc.cpp: + 2019-02-23 Mark Lam Add an exception check and some assertions in StringPrototype.cpp. Modified: trunk/Source/_javascript_Core/jsc.cpp (241994 => 241995) --- trunk/Source/_javascript_Core/jsc.cpp 2019-02-23 19:11:50 UTC (rev 241994) +++ trunk/Source/_javascript_Core/jsc.cpp 2019-02-23 20:49:39 UTC (rev 241995) @@ -989,6 +989,8 @@ CachedBytecode cachedBytecode = generator(); write(fd, cachedBytecode.data(), cachedBytecode.size()); close(fd); +#else +UNUSED_PARAM(generator); #endif } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [241994] tags/Safari-608.1.5.1.4/
Title: [241994] tags/Safari-608.1.5.1.4/ Revision 241994 Author bshaf...@apple.com Date 2019-02-23 11:11:50 -0800 (Sat, 23 Feb 2019) Log Message Tag Safari-608.1.5.1.4. Added Paths tags/Safari-608.1.5.1.4/ Diff ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [241993] branches/safari-607-branch/Source
Title: [241993] branches/safari-607-branch/Source Revision 241993 Author bshaf...@apple.com Date 2019-02-23 11:03:25 -0800 (Sat, 23 Feb 2019) Log Message Versioning. Modified Paths branches/safari-607-branch/Source/_javascript_Core/Configurations/Version.xcconfig branches/safari-607-branch/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig branches/safari-607-branch/Source/WebCore/Configurations/Version.xcconfig branches/safari-607-branch/Source/WebCore/PAL/Configurations/Version.xcconfig branches/safari-607-branch/Source/WebInspectorUI/Configurations/Version.xcconfig branches/safari-607-branch/Source/WebKit/Configurations/Version.xcconfig branches/safari-607-branch/Source/WebKitLegacy/mac/Configurations/Version.xcconfig Diff Modified: branches/safari-607-branch/Source/_javascript_Core/Configurations/Version.xcconfig (241992 => 241993) --- branches/safari-607-branch/Source/_javascript_Core/Configurations/Version.xcconfig 2019-02-23 19:01:18 UTC (rev 241992) +++ branches/safari-607-branch/Source/_javascript_Core/Configurations/Version.xcconfig 2019-02-23 19:03:25 UTC (rev 241993) @@ -23,7 +23,7 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; -TINY_VERSION = 37; +TINY_VERSION = 38; MICRO_VERSION = 0; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION); Modified: branches/safari-607-branch/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig (241992 => 241993) --- branches/safari-607-branch/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig 2019-02-23 19:01:18 UTC (rev 241992) +++ branches/safari-607-branch/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig 2019-02-23 19:03:25 UTC (rev 241993) @@ -23,7 +23,7 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; -TINY_VERSION = 37; +TINY_VERSION = 38; MICRO_VERSION = 0; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION); Modified: branches/safari-607-branch/Source/WebCore/Configurations/Version.xcconfig (241992 => 241993) --- branches/safari-607-branch/Source/WebCore/Configurations/Version.xcconfig 2019-02-23 19:01:18 UTC (rev 241992) +++ branches/safari-607-branch/Source/WebCore/Configurations/Version.xcconfig 2019-02-23 19:03:25 UTC (rev 241993) @@ -23,7 +23,7 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; -TINY_VERSION = 37; +TINY_VERSION = 38; MICRO_VERSION = 0; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION); Modified: branches/safari-607-branch/Source/WebCore/PAL/Configurations/Version.xcconfig (241992 => 241993) --- branches/safari-607-branch/Source/WebCore/PAL/Configurations/Version.xcconfig 2019-02-23 19:01:18 UTC (rev 241992) +++ branches/safari-607-branch/Source/WebCore/PAL/Configurations/Version.xcconfig 2019-02-23 19:03:25 UTC (rev 241993) @@ -23,7 +23,7 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; -TINY_VERSION = 37; +TINY_VERSION = 38; MICRO_VERSION = 0; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION); Modified: branches/safari-607-branch/Source/WebInspectorUI/Configurations/Version.xcconfig (241992 => 241993) --- branches/safari-607-branch/Source/WebInspectorUI/Configurations/Version.xcconfig 2019-02-23 19:01:18 UTC (rev 241992) +++ branches/safari-607-branch/Source/WebInspectorUI/Configurations/Version.xcconfig 2019-02-23 19:03:25 UTC (rev 241993) @@ -1,6 +1,6 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; -TINY_VERSION = 37; +TINY_VERSION = 38; MICRO_VERSION = 0; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION); Modified: branches/safari-607-branch/Source/WebKit/Configurations/Version.xcconfig (241992 => 241993) --- branches/safari-607-branch/Source/WebKit/Configurations/Version.xcconfig 2019-02-23 19:01:18 UTC (rev 241992) +++ branches/safari-607-branch/Source/WebKit/Configurations/Version.xcconfig 2019-02-23 19:03:25 UTC (rev 241993) @@ -23,7 +23,7 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; -TINY_VERSION = 37; +TINY_VERSION = 38; MICRO_VERSION = 0; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION); Modified: branches/safari-607-branch/Source/WebKitLegacy/mac/Configurations/Version.xcconfig (241992 => 241993) --- branches/safari-607-branch/Source/WebKitLegacy/mac/Configurations/Version.xcconfig 2019-02-23 19:01:18 UTC (rev 241992) +++ branches/safari-607-branch/Source/WebKitLegacy/mac/Configurations/Version.xcconfig 2019-02-23 19:03:25 UTC (rev 241993) @@ -23,7 +23,7 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; -TINY_VERSION = 37; +TINY_VERSION = 38; MICRO_VERSION = 0; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [241992] tags/Safari-607.1.37/
Title: [241992] tags/Safari-607.1.37/ Revision 241992 Author bshaf...@apple.com Date 2019-02-23 11:01:18 -0800 (Sat, 23 Feb 2019) Log Message Tag Safari-607.1.37. Added Paths tags/Safari-607.1.37/ Diff ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [241991] trunk/Source
Title: [241991] trunk/Source Revision 241991 Author mark@apple.com Date 2019-02-23 10:15:41 -0800 (Sat, 23 Feb 2019) Log Message Add an exception check and some assertions in StringPrototype.cpp. https://bugs.webkit.org/show_bug.cgi?id=194962 Reviewed by Yusuke Suzuki and Saam Barati. Source/_javascript_Core: * runtime/StringPrototype.cpp: (JSC::jsSpliceSubstrings): (JSC::jsSpliceSubstringsWithSeparators): (JSC::operationStringProtoFuncReplaceRegExpEmptyStr): Source/WTF: Add an AssertNoOverflow overflow handler which allows us to do CheckedArithmetic for assertion purpose only on debug builds but sacrifices no performance on release builds. * wtf/CheckedArithmetic.h: (WTF::AssertNoOverflow::overflowed): (WTF::AssertNoOverflow::clearOverflow): (WTF::AssertNoOverflow::crash): (WTF::AssertNoOverflow::hasOverflowed const): (WTF::observesOverflow): (WTF::observesOverflow): (WTF::safeAdd): (WTF::safeSub): (WTF::safeMultiply): (WTF::Checked::operator+=): (WTF::Checked::operator-=): (WTF::Checked::operator*=): (WTF::operator+): (WTF::operator-): (WTF::operator*): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/runtime/StringPrototype.cpp trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/CheckedArithmetic.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (241990 => 241991) --- trunk/Source/_javascript_Core/ChangeLog 2019-02-23 18:01:16 UTC (rev 241990) +++ trunk/Source/_javascript_Core/ChangeLog 2019-02-23 18:15:41 UTC (rev 241991) @@ -1,3 +1,16 @@ +2019-02-23 Mark Lam + +Add an exception check and some assertions in StringPrototype.cpp. +https://bugs.webkit.org/show_bug.cgi?id=194962 + + +Reviewed by Yusuke Suzuki and Saam Barati. + +* runtime/StringPrototype.cpp: +(JSC::jsSpliceSubstrings): +(JSC::jsSpliceSubstringsWithSeparators): +(JSC::operationStringProtoFuncReplaceRegExpEmptyStr): + 2019-02-23 Keith Miller Add new mac target numbers Modified: trunk/Source/_javascript_Core/runtime/StringPrototype.cpp (241990 => 241991) --- trunk/Source/_javascript_Core/runtime/StringPrototype.cpp 2019-02-23 18:01:16 UTC (rev 241990) +++ trunk/Source/_javascript_Core/runtime/StringPrototype.cpp 2019-02-23 18:15:41 UTC (rev 241991) @@ -1,6 +1,6 @@ /* * Copyright (C) 1999-2001 Harri Porten (por...@kde.org) - * Copyright (C) 2004-2017 Apple Inc. All rights reserved. + * Copyright (C) 2004-2019 Apple Inc. All rights reserved. * Copyright (C) 2009 Torch Mobile, Inc. * Copyright (C) 2015 Jordan Harband (ljh...@gmail.com) * @@ -324,9 +324,14 @@ RELEASE_AND_RETURN(scope, jsString(exec, StringImpl::createSubstringSharingImpl(*source.impl(), std::max(0, position), std::min(sourceSize, length; } -int totalLength = 0; +// We know that the sum of substringRanges lengths cannot exceed length of +// source because the substringRanges were computed from the source string +// in removeUsingRegExpSearch(). Hence, totalLength cannot exceed +// String::MaxLength, and therefore, cannot overflow. +Checked totalLength = 0; for (int i = 0; i < rangeCount; i++) totalLength += substringRanges[i].length; +ASSERT(totalLength <= String::MaxLength); if (!totalLength) return jsEmptyString(exec); @@ -334,16 +339,16 @@ if (source.is8Bit()) { LChar* buffer; const LChar* sourceData = source.characters8(); -auto impl = StringImpl::tryCreateUninitialized(totalLength, buffer); +auto impl = StringImpl::tryCreateUninitialized(totalLength.unsafeGet(), buffer); if (!impl) { throwOutOfMemoryError(exec, scope); return nullptr; } -int bufferPos = 0; +Checked bufferPos = 0; for (int i = 0; i < rangeCount; i++) { if (int srcLen = substringRanges[i].length) { -StringImpl::copyCharacters(buffer + bufferPos, sourceData + substringRanges[i].position, srcLen); +StringImpl::copyCharacters(buffer + bufferPos.unsafeGet(), sourceData + substringRanges[i].position, srcLen); bufferPos += srcLen; } } @@ -354,16 +359,16 @@ UChar* buffer; const UChar* sourceData = source.characters16(); -auto impl = StringImpl::tryCreateUninitialized(totalLength, buffer); +auto impl = StringImpl::tryCreateUninitialized(totalLength.unsafeGet(), buffer); if (!impl) { throwOutOfMemoryError(exec, scope); return nullptr; } -int bufferPos = 0; +Checked bufferPos = 0; for (int i = 0; i < rangeCount; i++) { if (int srcLen = substringRanges[i].length) { -StringImpl::copyCharacters(buffer + bufferPos, sourceData + substringRanges[i].position, srcLen); +StringImpl::copyCharacters(buffer + bufferPos.unsafeGet(), sourceData + substringRanges[i].position, srcLen); bufferPos
[webkit-changes] [241990] trunk
Title: [241990] trunk Revision 241990 Author keith_mil...@apple.com Date 2019-02-23 10:01:16 -0800 (Sat, 23 Feb 2019) Log Message Add new mac target numbers https://bugs.webkit.org/show_bug.cgi?id=194955 Reviewed by Tim Horton. Source/bmalloc: * Configurations/Base.xcconfig: * Configurations/DebugRelease.xcconfig: Source/_javascript_Core: * Configurations/Base.xcconfig: * Configurations/DebugRelease.xcconfig: Source/ThirdParty/ANGLE: * Configurations/Base.xcconfig: * Configurations/DebugRelease.xcconfig: Source/ThirdParty/libwebrtc: * Configurations/Base.xcconfig: * Configurations/DebugRelease.xcconfig: Source/WebCore: * Configurations/Base.xcconfig: * Configurations/DebugRelease.xcconfig: Source/WebCore/PAL: * Configurations/Base.xcconfig: * Configurations/DebugRelease.xcconfig: Source/WebInspectorUI: * Configurations/Base.xcconfig: * Configurations/DebugRelease.xcconfig: Source/WebKit: * Configurations/Base.xcconfig: * Configurations/DebugRelease.xcconfig: Source/WebKitLegacy/mac: * Configurations/Base.xcconfig: * Configurations/DebugRelease.xcconfig: Source/WTF: * Configurations/Base.xcconfig: * Configurations/DebugRelease.xcconfig: Tools: * DumpRenderTree/mac/Configurations/Base.xcconfig: * DumpRenderTree/mac/Configurations/DebugRelease.xcconfig: * MiniBrowser/Configurations/Base.xcconfig: * TestWebKitAPI/Configurations/Base.xcconfig: * WebKitTestRunner/Configurations/Base.xcconfig: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/Configurations/Base.xcconfig trunk/Source/_javascript_Core/Configurations/DebugRelease.xcconfig trunk/Source/ThirdParty/ANGLE/ChangeLog trunk/Source/ThirdParty/ANGLE/Configurations/Base.xcconfig trunk/Source/ThirdParty/ANGLE/Configurations/DebugRelease.xcconfig trunk/Source/ThirdParty/libwebrtc/ChangeLog trunk/Source/ThirdParty/libwebrtc/Configurations/Base.xcconfig trunk/Source/ThirdParty/libwebrtc/Configurations/DebugRelease.xcconfig trunk/Source/WTF/ChangeLog trunk/Source/WTF/Configurations/Base.xcconfig trunk/Source/WTF/Configurations/DebugRelease.xcconfig trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Configurations/Base.xcconfig trunk/Source/WebCore/Configurations/DebugRelease.xcconfig trunk/Source/WebCore/PAL/ChangeLog trunk/Source/WebCore/PAL/Configurations/Base.xcconfig trunk/Source/WebCore/PAL/Configurations/DebugRelease.xcconfig trunk/Source/WebInspectorUI/ChangeLog trunk/Source/WebInspectorUI/Configurations/Base.xcconfig trunk/Source/WebInspectorUI/Configurations/DebugRelease.xcconfig trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Configurations/Base.xcconfig trunk/Source/WebKit/Configurations/DebugRelease.xcconfig trunk/Source/WebKitLegacy/mac/ChangeLog trunk/Source/WebKitLegacy/mac/Configurations/Base.xcconfig trunk/Source/WebKitLegacy/mac/Configurations/DebugRelease.xcconfig trunk/Source/bmalloc/ChangeLog trunk/Source/bmalloc/Configurations/Base.xcconfig trunk/Source/bmalloc/Configurations/DebugRelease.xcconfig trunk/Tools/ChangeLog trunk/Tools/DumpRenderTree/mac/Configurations/Base.xcconfig trunk/Tools/DumpRenderTree/mac/Configurations/DebugRelease.xcconfig trunk/Tools/MiniBrowser/Configurations/Base.xcconfig trunk/Tools/TestWebKitAPI/Configurations/Base.xcconfig trunk/Tools/WebKitTestRunner/Configurations/Base.xcconfig Diff Modified: trunk/Source/_javascript_Core/ChangeLog (241989 => 241990) --- trunk/Source/_javascript_Core/ChangeLog 2019-02-23 16:11:41 UTC (rev 241989) +++ trunk/Source/_javascript_Core/ChangeLog 2019-02-23 18:01:16 UTC (rev 241990) @@ -1,3 +1,13 @@ +2019-02-23 Keith Miller + +Add new mac target numbers +https://bugs.webkit.org/show_bug.cgi?id=194955 + +Reviewed by Tim Horton. + +* Configurations/Base.xcconfig: +* Configurations/DebugRelease.xcconfig: + 2019-02-22 Robin Morisset DFGBytecodeParser should not declare that a node won't clobberExit if DFGFixupPhase can later declare it does clobberExit Modified: trunk/Source/_javascript_Core/Configurations/Base.xcconfig (241989 => 241990) --- trunk/Source/_javascript_Core/Configurations/Base.xcconfig 2019-02-23 16:11:41 UTC (rev 241989) +++ trunk/Source/_javascript_Core/Configurations/Base.xcconfig 2019-02-23 18:01:16 UTC (rev 241990) @@ -105,6 +105,7 @@ TARGET_MAC_OS_X_VERSION_MAJOR_13 = 101300; TARGET_MAC_OS_X_VERSION_MAJOR_14 = 101400; TARGET_MAC_OS_X_VERSION_MAJOR_15 = 101500; +TARGET_MAC_OS_X_VERSION_MAJOR_16 = 101600; AD_HOC_CODE_SIGNING_ALLOWED = YES; CODE_SIGN_IDENTITY = -; Modified: trunk/Source/_javascript_Core/Configurations/DebugRelease.xcconfig (241989 => 241990) --- trunk/Source/_javascript_Core/Configurations/DebugRelease.xcconfig 2019-02-23 16:11:41 UTC (rev 241989) +++ trunk/Source/_javascript_Core/Configurations/DebugRelease.xcconfig 2019-02-23 18:01:16 UTC (rev 241990) @@ -35,6 +35,7 @@ MACOSX_DEPLOYMENT_TARGET_macosx_101300 = 10.13; MACOSX_DEPLOYMENT_TARGET_macosx_101400 = 10.14; MACOSX_DEPLOYMENT_TARGET_macosx_101500
[webkit-changes] [241989] trunk
Title: [241989] trunk Revision 241989 Author cfleiz...@apple.com Date 2019-02-23 08:11:41 -0800 (Sat, 23 Feb 2019) Log Message AX: WebKit is incorrectly mapping the element to progressbar https://bugs.webkit.org/show_bug.cgi?id=164051 Reviewed by Joanmarie Diggs. Source/WebCore: Add a specific role for meter and map that to the appropriate mac role. * accessibility/AccessibilityNodeObject.cpp: (WebCore::AccessibilityNodeObject::canHaveChildren const): (WebCore::AccessibilityNodeObject::isProgressIndicator const): * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::accessibleNameDerivesFromContent const): (WebCore::AccessibilityObject::isRangeControl const): (WebCore::AccessibilityObject::computedRoleString const): * accessibility/AccessibilityObjectInterface.h: * accessibility/AccessibilityProgressIndicator.cpp: (WebCore::AccessibilityProgressIndicator::roleValue const): * accessibility/AccessibilityProgressIndicator.h: * accessibility/AccessibilityRenderObject.cpp: (WebCore::AccessibilityRenderObject::shouldFocusActiveDescendant const): * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (createAccessibilityRoleMap): LayoutTests: * platform/mac-wk2/accessibility/roles-exposed-expected.txt: * platform/mac/accessibility/meter-element-expected.txt: * platform/mac/accessibility/roles-exposed-expected.txt: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/platform/mac/accessibility/meter-element-expected.txt trunk/LayoutTests/platform/mac/accessibility/roles-exposed-expected.txt trunk/LayoutTests/platform/mac-wk2/accessibility/roles-exposed-expected.txt trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/accessibility/AccessibilityNodeObject.cpp trunk/Source/WebCore/accessibility/AccessibilityObject.cpp trunk/Source/WebCore/accessibility/AccessibilityObjectInterface.h trunk/Source/WebCore/accessibility/AccessibilityProgressIndicator.cpp trunk/Source/WebCore/accessibility/AccessibilityProgressIndicator.h trunk/Source/WebCore/accessibility/AccessibilityRenderObject.cpp trunk/Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm trunk/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm Diff Modified: trunk/LayoutTests/ChangeLog (241988 => 241989) --- trunk/LayoutTests/ChangeLog 2019-02-23 05:30:19 UTC (rev 241988) +++ trunk/LayoutTests/ChangeLog 2019-02-23 16:11:41 UTC (rev 241989) @@ -1,3 +1,15 @@ +2019-02-23 chris fleizach + +AX: WebKit is incorrectly mapping the element to progressbar +https://bugs.webkit.org/show_bug.cgi?id=164051 + + +Reviewed by Joanmarie Diggs. + +* platform/mac-wk2/accessibility/roles-exposed-expected.txt: +* platform/mac/accessibility/meter-element-expected.txt: +* platform/mac/accessibility/roles-exposed-expected.txt: + 2019-02-22 Simon Fraser Fix a legacy animation test. The was inside the