2012-08-29 Timothy Hatcher <timothy@apple.com> Merge r126921. 2012-08-29 Jer Noble <jer.noble@apple.com> Crash in WebCore::logPluginRequest + 183 https://bugs.webkit.org/show_bug.cgi?id=95218 Reviewed by Oliver Hunt. Crash is within findPluginMIMETypeFromURL, caused by a null-dereference of page()->pluginData(). Add a null-check and return an empty string. * loader/SubframeLoader.cpp: (WebCore::findPluginMIMETypeFromURL): 2012-08-20 Mark Rowe <mrowe@apple.com> Merge r122354. 2012-07-11 Dean Jackson <dino@apple.com> TileCache layers have wrong border debug color https://bugs.webkit.org/show_bug.cgi?id=90922 Reviewed by Simon Fraser. Commit r122152 updated the layer hierarchy when a tile cache is being used by the view. As part of that, GraphicsLayerClient::shouldUseTileCache() was changed to return false in some situations (the idea was that it should only be called from the createGraphicsLayer method). However there were two other call points: one that sets the debug colors on borders, the other was a call that keeps the document background in sync. Add a new method usingTileCache() that returns the current state. Also fix a FIXME where the debug code always called into the client rather than caching the value on the GraphicsLayer. Test: compositing/document-background-color.html * platform/graphics/GraphicsLayer.cpp: (WebCore::GraphicsLayer::GraphicsLayer): (WebCore::GraphicsLayer::updateDebugIndicators): check the local variable when setting the debug colors. * platform/graphics/GraphicsLayer.h: (GraphicsLayer): new bool member variable m_usingTileCache. * platform/graphics/GraphicsLayerClient.h: (WebCore::GraphicsLayerClient::usingTileCache): new virtual method to query if this client is actually using the tile cache. * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::GraphicsLayerCA): set the member variable m_usingTileCache if the GraphicsLayerClient says we are. * rendering/RenderLayerBacking.h: (WebCore::RenderLayerBacking::usingTileCache): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::documentBackgroundColorDidChange): call usingTileCache() rather than shouldUseTileCache(), because the latter's value might not always reflect the existence of a cache. 2012-08-14 Lucas Forschler <lforschler@apple.com> Merge r124268. 2012-07-31 Sam Weinig <sam@webkit.org> Stop masking 8 bits off of the visited link hash. We need all the bits! https://bugs.webkit.org/show_bug.cgi?id=92799 Reviewed by Anders Carlsson. * loader/appcache/ApplicationCacheStorage.cpp: (WebCore::urlHostHash): * platform/network/blackberry/CredentialBackingStore.cpp: (WebCore::hashCredentialInfo): * plugins/blackberry/PluginPackageBlackBerry.cpp: (WebCore::PluginPackage::hash): Update for new function names. 2012-08-13 Andy Estes <aestes@apple.com> <rdar://problem/12050793> Brahms: REGRESSION (r113584): Apple reseller website does not display correctly. (91452) Roll out <http://trac.webkit.org/changeset/94492>, <http://trac.webkit.org/changeset/103851>, and <http://trac.webkit.org/changeset/113584> from safari-536.26-branch. * rendering/RenderBlock.cpp: (WebCore::RenderBlock::layoutPositionedObjects): * rendering/RenderBlock.h: (RenderBlock): * rendering/RenderBlockLineLayout.cpp: (WebCore::LineInfo::LineInfo): (WebCore::LineInfo::floatPaginationStrut): (LineInfo): (WebCore::RenderBlock::constructLine): (WebCore): (WebCore::RenderBlock::computeInlineDirectionPositionsForLine): (WebCore::setStaticPositions): (WebCore::RenderBlock::layoutRunsAndFloatsInRange): (WebCore::RenderBlock::LineBreaker::skipLeadingWhitespace): 2012-08-13 Lucas Forschler <lforschler@apple.com> Merge r125104. 2012-08-08 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=93393 Overflow regions sometimes repaint incorrectly after going into or coming out of compositing mode -and corresponding- <rdar://problem/12006463> Reviewed by Simon Fraser. My first patch to fix this bug removed an if (parent()) check that is needed to prevent a table crash seen in fast/table/table-row-compositing-repaint-crash.html The parent() check was actually added originally to prevent this same crash. See http://trac.webkit.org/changeset/110456 This patch adds that check back, but really we should delay the computation of repaint rects if layout has not happened yet. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::updateBacking): 2012-08-13 Lucas Forschler <lforschler@apple.com> Merge r125086. 2012-08-08 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=93393 Overflow regions sometimes repaint incorrectly after going into or coming out of compositing mode -and corresponding- <rdar://problem/12006463> Reviewed by Simon Fraser. New RenderLayer function computeRepaintRectsIncludingDescendants() * rendering/RenderLayer.cpp: (WebCore): (WebCore::RenderLayer::computeRepaintRectsIncludingDescendants): * rendering/RenderLayer.h: (RenderLayer): It is not sufficient to compute repaint rects just for the current layer when compositing changes. They must be recomputed for all descendant layers as well. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::updateBacking): 2012-08-13 Lucas Forschler <lforschler@apple.com> Merge r123013. 2012-07-18 Oliver Hunt <oliver@apple.com> WebKit provides APIs that make it possible for JSC to attempt to initialise the heap without initialising threading https://bugs.webkit.org/show_bug.cgi?id=91663 Reviewed by Filip Pizlo. Initialising a JSGlobalData now requires us to have initialised JSC's threading logic, as that also initialises the JSC VM runtime options. WebKit provides a number of routines that make use of commonJSGlobalData() that can be used before webcore has called the appropriate initialisation routine. This patch makes the minimal change of ensuring that commonJSGlobalData initialises threading before attempting to create the common heap. * bindings/js/JSDOMWindowBase.cpp: (WebCore::JSDOMWindowBase::commonJSGlobalData): 2012-08-13 Lucas Forschler <lforschler@apple.com> Merge r118725. 2012-05-28 Kent Tamura <tkent@chromium.org> Fix a crash in HTMLFormControlElement::disabled(). https://bugs.webkit.org/show_bug.cgi?id=86534 Reviewed by Ryosuke Niwa. Stop to hold pointers of fildset and legend elements. We can avoid it by holding ancestor's disabled state. The ancesotr's disabled state should be invalidated when - fieldset's disabled value is changed. - fieldset's children is updated because a legend position might be changed. - A form control is attached to or detached from a tree. No new tests. It's almost impossible to make a reliable test. * html/HTMLFieldSetElement.cpp: (WebCore::HTMLFieldSetElement::invalidateDisabledStateUnder): Added. Invalidate disabled state of form controls under the specified node. (WebCore::HTMLFieldSetElement::disabledAttributeChanged): Uses invalidateDisabledStateUnder(). (WebCore::HTMLFieldSetElement::childrenChanged): Added new override function. We need invalidate disabled state of form controls under legend elements. * html/HTMLFieldSetElement.h: (HTMLFieldSetElement): Add invalidateDisabledStateUnder() and childrenChanged(). * html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::HTMLFormControlElement): Remove initialization of the removed data members. Initialize m_ancestorDisabledState. (WebCore::HTMLFormControlElement::updateAncestorDisabledState): Update m_ancestorDisabledState. It should be AncestorDisabledStateDisabled if the control is under a disabled fieldset and not under the first legend child of the disabled filedset. (WebCore::HTMLFormControlElement::ancestorDisabledStateWasChanged): Invalidate m_ancestorDisabledState. (WebCore::HTMLFormControlElement::insertedInto): ditto. (WebCore::HTMLFormControlElement::removedFrom): ditto. (WebCore::HTMLFormControlElement::disabled): Calls updateAncestorDisabledState() if needed. (WebCore::HTMLFormControlElement::recalcWillValidate): Remove unnecessary check for m_legendAncestor. * html/HTMLFormControlElement.h: (HTMLFormControlElement): - Rename updateFieldSetAndLegendAncestor() to updateAncestorDisabledState(), and make it private. - Remove m_fieldSetAncestor, m_legendAncestor, and m_fieldSetAncestorValid. - Add m_ancestorDisabledState. 2012-08-13 Lucas Forschler <lforschler@apple.com> Merge r118721 2012-05-28 Kent Tamura <tkent@chromium.org> Form controls in <fieldset disabled> should not be validated. https://bugs.webkit.org/show_bug.cgi?id=87381 Reviewed by Hajime Morita. We need to use disabeld() instead of m_disabled to calculate willValidate property. Also, we need to update willValidate if necessary. Test: fast/forms/fieldset/validation-in-fieldset.html * html/HTMLFieldSetElement.cpp: (WebCore::HTMLFieldSetElement::disabledAttributeChanged): - Do not traverse this. - Calls ancestorDisabledStateWasChanged() instead of setNeedsStyleRecalc() because we'd like to do additional tasks. * html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::ancestorDisabledStateWasChanged): Added. Just calls disabledAttributeChanged(). (WebCore::HTMLFormControlElement::parseAttribute): Do not call setNeedsWillValidateCheck() whenever an attribute is updated. It should be called only if disabled or readonly attribute is updated. (WebCore::HTMLFormControlElement::disabledAttributeChanged): Add setNeedsWillValidateCheck(). It was moved from parseAttribute(). (WebCore::HTMLFormControlElement::insertedInto): Invalidate ancestor information. (WebCore::HTMLFormControlElement::recalcWillValidate): Use disabled() instead of m_disabled. disabled() takes care of ancestor's disabled state. * html/HTMLFormControlElement.h: (HTMLFormControlElement): 2012-08-10 Lucas Forschler <lforschler@apple.com> Merge r125124. 2012-08-08 Brady Eidson <beidson@apple.com> Google search query text reverts to original search query after multiple searches <rdar://problem/10800686> and https://bugs.webkit.org/show_bug.cgi?id=93544 Reviewed by Darin Adler. For security sensitive fields we normally clear "autocomplete=off" form elements when restoring a page from the page cache. If the element is textual and has a defaultValue then "clearing" it actually restores the default value. There's no scenario we can imagine where that makes sense so we should not reset the value in such fields. Test: fast/forms/autocomplete-off-with-default-value-does-not-clear.html * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::parseAttribute): Update suspension callback registration as needed. (WebCore::HTMLInputElement::needsSuspensionCallback): Don't reset text fields with a non-empty default value. 2012-08-07 Lucas Forschler <lforschler@apple.com> Merge 123121 2012-07-19 James Simonsen <simonjam@chromium.org> Regression(120096): Protect the element used by ImageLoader until the end of notifyFinished(). https://bugs.webkit.org/show_bug.cgi?id=90471 Reviewed by Brady Eidson. Test: http/tests/security/video-poster-cross-origin-crash.html * html/HTMLImageLoader.cpp: (WebCore::HTMLImageLoader::notifyFinished): Hang on to the element until we're done. * loader/ImageLoader.cpp: (WebCore::ImageLoader::setImage): No behavior change. (WebCore): (WebCore::ImageLoader::setImageWithoutConsideringPendingLoadEvent): Split off from old setImage, minus calling updatedHasPendingLoadEvent(). (WebCore::ImageLoader::notifyFinished): Invoke updatedHasPendingLoadEvent when done with cross origin errors. * loader/ImageLoader.h: (ImageLoader): 2012-08-07 Lucas Forschler <lforschler@apple.com> Merge 120096 2012-06-12 Brady Eidson <beidson@apple.com> <rdar://problem/11593686> and https://bugs.webkit.org/show_bug.cgi?id=88683 Garbage collection of an <img> element can cause reentrant event dispatch. Reviewed by Darin Adler. The most straightforward solution is for ImageLoader to keep its Element alive with ref/deref any time the Image is actually loading. ImageLoader should always do this for all Elements, and if those Elements want/need different behavior for when they are detached then they need to manually stop their loads. Tests: http/tests/loading/embed-image-load-outlives-gc-without-crashing.html http/tests/loading/image-input-type-outlives-gc-without-crashing.html http/tests/loading/image-load-outlives-gc-without-crashing.html http/tests/loading/object-image-load-outlives-gc-without-crashing.html http/tests/loading/svg-image-load-outlives-gc-without-crashing.html http/tests/loading/video-poster-image-load-outlives-gc-without-crashing.html * loader/ImageLoader.cpp: (WebCore::ImageLoader::ImageLoader): (WebCore::ImageLoader::~ImageLoader): (WebCore::ImageLoader::setImage): (WebCore::ImageLoader::updateFromElement): (WebCore::ImageLoader::notifyFinished): (WebCore::ImageLoader::updatedHasPendingLoadEvent): (WebCore::ImageLoader::dispatchPendingBeforeLoadEvent): (WebCore::ImageLoader::dispatchPendingLoadEvent): * loader/ImageLoader.h: (ImageLoader): 2012-08-07 Lucas Forschler <lforschler@apple.com> Merge 123936 2012-07-27 Brady Eidson <beidson@apple.com> Plugins should not be allowed to override standard properties/attributes in non-standard worlds <rdar://problem/11975252> and https://bugs.webkit.org/show_bug.cgi?id=92519 Reviewed by Anders Carlsson. Change the 3 plugin-owning element's custom bindings to prefer built-in properties if they exist. When they do they don't give the plugin a chance to override. Test: plugins/npruntime/overrides-all-properties.html Add plugin custom functions to prefer built-in properties over plugin scriptable object properties: * bindings/js/JSPluginElementFunctions.h: (WebCore::pluginElementCustomGetOwnPropertySlot): (WebCore::pluginElementCustomGetOwnPropertyDescriptor): Use those new custom functions for getting properties: * bindings/js/JSHTMLAppletElementCustom.cpp: (WebCore::JSHTMLAppletElement::getOwnPropertySlotDelegate): (WebCore::JSHTMLAppletElement::getOwnPropertyDescriptorDelegate): * bindings/js/JSHTMLEmbedElementCustom.cpp: (WebCore::JSHTMLEmbedElement::getOwnPropertySlotDelegate): (WebCore::JSHTMLEmbedElement::getOwnPropertyDescriptorDelegate): * bindings/js/JSHTMLObjectElementCustom.cpp: (WebCore::JSHTMLObjectElement::getOwnPropertySlotDelegate): (WebCore::JSHTMLObjectElement::getOwnPropertyDescriptorDelegate): 2012-08-07 Lucas Forschler <lforschler@apple.com> Merge 120328 2012-06-13 Mark Hahnenberg <mhahnenberg@apple.com> Worker tear-down can re-enter JSC during GC finalization pt. 2 https://bugs.webkit.org/show_bug.cgi?id=88601 Reviewed by David Levin. No new tests. Current regression tests are sufficient. * workers/WorkerMessagingProxy.cpp: (WebCore::WorkerMessagingProxy::WorkerMessagingProxy): (WebCore::WorkerMessagingProxy::workerObjectDestroyed): We clear the m_workerObject here because we don't want anybody else trying to send messages to the Worker now that it has been destroyed. We also queue the asynchronous task for the various other cleanup that still needs to be done. This allows us to avoid the problem of re-entrant JS code execution during GC. (WebCore): (WebCore::WorkerMessagingProxy::workerObjectDestroyedInternal): Here we set m_mayBeDestroyed to true. This is the point after which deleting the WorkerMessagingProxy in workerContextDestroyedInternal() is okay. It could happen during this function call if the worker thread has been shutdown already, or it could be called later after we shut down the worker thread. (WebCore::WorkerMessagingProxy::workerContextDestroyedInternal): We check m_mayBeDestroyed here instead of checking m_workerObject. This change effectively orthogonalizes the roles that m_workerObject was filling. Since we were eagerly clearing m_workerObject, but we wanted to asynchronously call workerObjectDestroyed(), we needed to make sure we didn't accidentally try to delete the WorkerMessagingProxy twice (once from destroying the Worker and once from destroying the WorkerContext). This boolean field should fix that issue--we set it lazily like we wanted to do without being in danger of causing use-after-free issues with m_workerObject. * workers/WorkerMessagingProxy.h: Added the new field and function. (WorkerMessagingProxy): 2012-08-07 Lucas Forschler <lforschler@apple.com> Merge 119740 2012-06-07 Mark Hahnenberg <mhahnenberg@apple.com> Worker tear-down can re-enter JSC during GC finalization https://bugs.webkit.org/show_bug.cgi?id=88449 Reviewed by Geoffrey Garen. No new tests. This is the first of two patches to fix this issue with Workers. * workers/AbstractWorker.cpp: (WebCore::AbstractWorker::~AbstractWorker): We don't need to call onDestroyWorker() here, it will be called elsewhere in contextDestroyed(). 2012-08-07 Lucas Forschler <lforschler@apple.com> Merge 124811 2012-08-06 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=93199 REGRESSION (r124489): Crash in FrameView::scrollContentsFastPath when scrolling Facebook and Google image search -and corresponding- <rdar://problem/12035066> Reviewed by Anders Carlsson. As the comment in setShouldUpdateScrollLayerPositionOnMainThread() indicates, the goal of adding a call to updateMainFrameScrollPositionAndScrollLayerPosition() within that function was just to make sure the layer position was up-to-date since that is what is not kept up to date when scrolling is happening on the scrolling thread. So I'm fixing this crash by having that code ONLY update the layer position instead of also updating the scroll position, since it was updating the scroll position that led to this crash. New function updateMainFrameScrollLayerPosition() will update JUST the layer position. * page/scrolling/ScrollingCoordinator.h: (ScrollingCoordinator): * page/scrolling/ScrollingCoordinator.cpp: (WebCore::ScrollingCoordinator::updateMainFrameScrollLayerPosition): Update just the layer position here instead of the layer position and the scroll position. (WebCore):: (WebCore::ScrollingCoordinator::setShouldUpdateScrollLayerPositionOnMainThread): 2012-08-07 Lucas Forschler <lforschler@apple.com> Merge 124102 2012-07-30 Anders Carlsson <andersca@apple.com> Crash in logging code if MIME type is null https://bugs.webkit.org/show_bug.cgi?id=92683 <rdar://problem/11985295> Reviewed by Dan Bernstein. If the MIME type is null, try to figure it out from the URL extension. If this fails, return early instead of crashing trying to insert the null string into a hash set. * loader/SubframeLoader.cpp: (WebCore::logPluginRequest): 2012-08-08 Lucas Forschler <lforschler@apple.com> Merge 124720 2012-08-05 Antti Koivisto <antti@apple.com> Don't reuse cached stylesheet with failed or canceled resource loads https://bugs.webkit.org/show_bug.cgi?id=93203 Reviewed by Simon Fraser. 1) Go to apple.com 2) Reload repeatedly Eventually you can get into state where some images don't load. The problem is that a cached stylesheet may end up pointing to image resources that have been canceled (by the reload). If this happens they stay in the canceled state even when the stylesheet is applied to a new document. Fix by checking if all loads are complete (or pending) when restoring a cached stylesheet. The sheet is only used if there are no failed or canceled loads. There are potential more sophisticated fixes but this is simple and safe. Walking the sheet is fast and since it is only done on cache restore the cost is minimal. No regression test yet though the new code does get exercised by the existing tests. * css/CSSCrossfadeValue.cpp: (WebCore::CSSCrossfadeValue::hasFailedOrCanceledSubresources): (WebCore): * css/CSSCrossfadeValue.h: (CSSCrossfadeValue): * css/CSSFontFaceSrcValue.cpp: (WebCore::CSSFontFaceSrcValue::hasFailedOrCanceledSubresources): (WebCore): * css/CSSFontFaceSrcValue.h: (CSSFontFaceSrcValue): * css/CSSImageSetValue.cpp: (WebCore::CSSImageSetValue::hasFailedOrCanceledSubresources): (WebCore): * css/CSSImageSetValue.h: (CSSImageSetValue): * css/CSSImageValue.cpp: (WebCore::CSSImageValue::hasFailedOrCanceledSubresources): (WebCore): * css/CSSImageValue.h: (CSSImageValue): * css/CSSValue.cpp: (WebCore::CSSValue::hasFailedOrCanceledSubresources): (WebCore): * css/CSSValue.h: (CSSValue): * css/CSSValueList.cpp: (WebCore::CSSValueList::hasFailedOrCanceledSubresources): (WebCore): * css/CSSValueList.h: (CSSValueList): * css/StylePropertySet.cpp: (WebCore::StylePropertySet::hasFailedOrCanceledSubresources): (WebCore): * css/StylePropertySet.h: (StylePropertySet): * css/StyleSheetContents.cpp: (WebCore::childRulesHaveFailedOrCanceledSubresources): (WebCore): (WebCore::StyleSheetContents::hasFailedOrCanceledSubresources): * css/StyleSheetContents.h: (StyleSheetContents): * loader/cache/CachedCSSStyleSheet.cpp: (WebCore::CachedCSSStyleSheet::restoreParsedStyleSheet): * loader/cache/CachedResource.h: (WebCore::CachedResource::loadFailedOrCanceled): 2012-08-07 Lucas Forschler <lforschler@apple.com> Merge 116291 2012-05-07 Antti Koivisto <antti@apple.com> Share stylesheet data structures between documents https://bugs.webkit.org/show_bug.cgi?id=85598 Reviewed by Darin Adler. We currently make a copy of the data structures when restoring a cached stylesheet. This patch lets us share the data until someone uses a mutating CSSOM API to modify the sheet. The patch implements copy-on-write for the internal style sheet data structures. If any mutating CSSOM API is invoked, we check if the mutation is safe (there is only one client, the sheet is not cached). If not then the internal structures are copied and any existing CSSOM objects are re-attached to the new style tree. The copied tree is mutated while the other clients stay attached to the original tree. Sharing can save significant amount of memory on sites with large stylesheets. For example if you have multiple articles open on wsj.com this saves ~2.6MB per tab. Test: http/tests/css/shared-stylesheet-mutation.html http/tests/css/shared-stylesheet-mutation-preconstruct.html * css/CSSFontFaceRule.cpp: (WebCore::CSSFontFaceRule::reattach): (WebCore): * css/CSSFontFaceRule.h: (CSSFontFaceRule): * css/CSSMediaRule.cpp: (WebCore::CSSMediaRule::insertRule): (WebCore::CSSMediaRule::deleteRule): (WebCore::CSSMediaRule::reattach): (WebCore): * css/CSSMediaRule.h: (CSSMediaRule): * css/CSSPageRule.cpp: (WebCore::CSSPageRule::setSelectorText): (WebCore::CSSPageRule::reattach): (WebCore): * css/CSSPageRule.h: (CSSPageRule): * css/CSSRule.cpp: (WebCore::CSSRule::reattach): After the internal stylerule tree has been copied, the existing wrappers are re-attached using recursive reattach() function. * css/CSSRule.h: (WebCore): (CSSRule): * css/CSSStyleRule.cpp: (WebCore::CSSStyleRule::setSelectorText): (WebCore::CSSStyleRule::reattach): (WebCore): * css/CSSStyleRule.h: (CSSStyleRule): * css/CSSStyleSheet.cpp: (WebCore::StyleSheetInternal::StyleSheetInternal): (WebCore::StyleSheetInternal::isCacheable): (WebCore::StyleSheetInternal::ruleAt): Add ruleAt(), use it for both wrapper creation and reattaching. Remove createChildRuleCSSOMWrapper . (WebCore): (WebCore::StyleSheetInternal::wrapperInsertRule): (WebCore::StyleSheetInternal::wrapperDeleteRule): Invalidation moves to the calling wrapper. (WebCore::StyleSheetInternal::addedToMemoryCache): (WebCore::StyleSheetInternal::removedFromMemoryCache): (WebCore::CSSStyleSheet::willMutateRules): This is called whenever StyleSheetInternal is going to be mutated. It will do copy-on-write if needed. Usually invoked by CSSStyleSheet::RuleMutation RAII type. (WebCore::CSSStyleSheet::didMutateRules): This is called after the mutation is complete and will trigger the style recalc in the document. (WebCore::CSSStyleSheet::didMutate): This is called directly after mutations that don't change StyleSheetInternal so don't require copy-on-write. (WebCore::CSSStyleSheet::reattachChildRuleCSSOMWrappers): (WebCore::CSSStyleSheet::setDisabled): (WebCore::CSSStyleSheet::insertRule): (WebCore::CSSStyleSheet::deleteRule): * css/CSSStyleSheet.h: (StyleSheetInternal): (WebCore::StyleSheetInternal::hasOneClient): (WebCore::StyleSheetInternal::isMutable): (WebCore::StyleSheetInternal::setMutable): Track mutability. Mutation is allowed only after willMutate call. (WebCore::StyleSheetInternal::isInMemoryCache): Track if the object is in memory cache. (WebCore::CSSStyleSheet::clearOwnerRule): (CSSStyleSheet): * css/MediaList.cpp: (WebCore::MediaList::setMediaText): (WebCore::MediaList::deleteMedium): (WebCore::MediaList::appendMedium): (WebCore::MediaList::didMutate): (WebCore): (WebCore::MediaList::reattach): * css/MediaList.h: (MediaList): * css/PropertySetCSSStyleDeclaration.cpp: (WebCore::PropertySetCSSStyleDeclaration::setCssText): (WebCore::PropertySetCSSStyleDeclaration::setProperty): (WebCore::PropertySetCSSStyleDeclaration::removeProperty): (WebCore::PropertySetCSSStyleDeclaration::setPropertyInternal): (WebCore): (WebCore::StyleRuleCSSStyleDeclaration::willMutate): (WebCore::StyleRuleCSSStyleDeclaration::didMutate): (WebCore::StyleRuleCSSStyleDeclaration::reattach): (WebCore::InlineCSSStyleDeclaration::didMutate): * css/PropertySetCSSStyleDeclaration.h: (WebCore::PropertySetCSSStyleDeclaration::willMutate): (WebCore::PropertySetCSSStyleDeclaration::didMutate): (StyleRuleCSSStyleDeclaration): * css/WebKitCSSKeyframesRule.cpp: (WebCore::WebKitCSSKeyframesRule::setName): (WebCore::WebKitCSSKeyframesRule::insertRule): (WebCore::WebKitCSSKeyframesRule::deleteRule): (WebCore::WebKitCSSKeyframesRule::reattach): (WebCore): * css/WebKitCSSKeyframesRule.h: (WebKitCSSKeyframesRule): * css/WebKitCSSRegionRule.cpp: (WebCore::WebKitCSSRegionRule::reattach): * css/WebKitCSSRegionRule.h: (WebKitCSSRegionRule): * inspector/InspectorStyleSheet.cpp: (WebCore::InspectorStyleSheet::reparseStyleSheet): * loader/cache/CachedCSSStyleSheet.cpp: (WebCore::CachedCSSStyleSheet::~CachedCSSStyleSheet): (WebCore::CachedCSSStyleSheet::destroyDecodedData): (WebCore::CachedCSSStyleSheet::restoreParsedStyleSheet): Don't copy when restoring. It is no longer necessary. Set the cache bit on the stylesheet. (WebCore::CachedCSSStyleSheet::saveParsedStyleSheet): 2012-08-07 Lucas Forschler <lforschler@apple.com> Merge 124829 2012-08-06 Anders Carlsson <andersca@apple.com> Clear out the TileCache backpointer for all tile layers when the tile cache is destroyed https://bugs.webkit.org/show_bug.cgi?id=93317 <rdar://problem/11566543> Reviewed by Dean Jackson. It seems that in some rare cases, the tile cache layer can be destroyed in the same transaction as tile layers are being asked to paint. Make sure to null out the TileCache back pointer for all layers in the TileCache destructor. * platform/graphics/ca/mac/TileCache.mm: (WebCore::TileCache::~TileCache): 2012-08-07 Lucas Forschler <lforschler@apple.com> Merge 124714 2012-08-04 Dan Bernstein <mitz@apple.com> <rdar://problem/11875795> REGRESSION (tiled drawing): Page’s scroll bars flash with each character you type in a textarea (affects Wikipedia and YouTube) https://bugs.webkit.org/show_bug.cgi?id=91348 Reviewed by Andy Estes. * platform/ScrollableArea.cpp: (WebCore::ScrollableArea::scrollPositionChanged): Changed to call notifyContentAreaScrolled() only if the scroll position after the change differs from what it was before the change. * rendering/RenderListBox.cpp: (WebCore::RenderListBox::scrollPosition): Added an override of this ScrollableArea function. * rendering/RenderListBox.h: 2012-08-07 Lucas Forschler <lforschler@apple.com> Merge 124510 2012-08-02 Oliver Hunt <oliver@apple.com> A few objects aren't being safely protected from GC in all cases https://bugs.webkit.org/show_bug.cgi?id=93031 Reviewed by Filip Pizlo. I haven't seen evidence that anyone is hitting bugs due to this, but any GC error can lead to later -- hard to diagnose -- bugs if they result in resurrecting dead objects. * bindings/js/JSCustomXPathNSResolver.cpp: (WebCore::JSCustomXPathNSResolver::create): (WebCore::JSCustomXPathNSResolver::JSCustomXPathNSResolver): (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI): * bindings/js/JSCustomXPathNSResolver.h: (JSCustomXPathNSResolver): * bindings/js/JSDictionary.cpp: (WebCore::JSDictionary::tryGetProperty): * bindings/js/JSDictionary.h: (WebCore::JSDictionary::JSDictionary): (WebCore::JSDictionary::initializerObject): 2012-08-07 Lucas Forschler <lforschler@apple.com> Merge 124489 2012-08-02 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=93020 REGRESSION (tiled scrolling): Full-screen video is broken if page is scrolled -and corresponding- <rdar://problem/11629778> Reviewed by Anders Carlsson. The bug here is that ScrollingTreeNodeMac::setScrollLayerPosition() uses the CALayer (PlatformLayer) directly to set the position. That means that the GraphicsLayer that owns that PlatformLayer does not have updated position information. That results in this bug when we switch from fast scrolling to main thread scrolling, because at that point, the GraphicsLayer needs to have the correct information. So make sure to update the main thread scroll position and layer position before transitioning to main thread scrolling. * page/scrolling/ScrollingCoordinator.cpp: (WebCore::ScrollingCoordinator::setShouldUpdateScrollLayerPositionOnMainThread): 2012-08-07 Lucas Forschler <lforschler@apple.com> Merge 124463 2012-08-02 Antti Koivisto <antti@apple.com> Inline stylesheets can confuse style sharing https://bugs.webkit.org/show_bug.cgi?id=92970 Reviewed by Dan Bernstein. Consider document <div class="i30"></div> <style>.i30 { background-color:green; }</style> <div class="i30"></div> When processing the <style> element the scope optimization marks the first div as needing style recalc. Next the parser adds the second div to the tree and immediately calculates its style. Since it looks exactly like the first div the style sharing optimization copies the style from there. The pending recalc of the first div is resolved by a timer but the second div is left with the old style. Fix by disallowing style sharing from elements with pending style recalc. Test: fast/css/style-sharing-inline-stylesheet.html * css/StyleResolver.cpp: (WebCore::StyleResolver::canShareStyleWithElement): 2012-08-06 Lucas Forschler <lforschler@apple.com> Merge 123942 2012-07-27 Jer Noble <jer.noble@apple.com> Reset the set of "seen" plugins when the main frame load is committed. https://bugs.webkit.org/show_bug.cgi?id=92564 Reviewed by Anders Carlsson. Because the Page object is re-used across navigation and reload, reset the list of seen plugins when the main frame load commits. This gives a good baseline to compare against the number of pages loaded. No new tests; the "seen" plugin list is for diagnostic purposes only. * loader/FrameLoader.cpp: (WebCore::FrameLoader::dispatchDidCommitLoad): * page/Page.cpp: (WebCore::Page::resetSeenPlugins): * page/Page.h: 2012-08-06 Lucas Forschler <lforschler@apple.com> Merge 123930 2012-07-27 Jer Noble <jer.noble@apple.com> Add diagnostic logging for plugins-per-page. https://bugs.webkit.org/show_bug.cgi?id=92538 Reviewed by Anders Carlsson. Add some diagnostic logging for whether a page has seen a plugin, and whether a page has seen a plugin of a specific type. Move the diagnostic logging out of the elemements themselves: * html/HTMLEmbedElement.cpp: (WebCore::HTMLEmbedElement::updateWidget): * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::updateWidget): Instead, log when the plugin is requested, thereby catching plugins which are rejected because, e.g., Java is disabled or not installed: * loader/SubframeLoader.cpp: (WebCore::logPluginRequest): (WebCore::SubframeLoader::requestObject): (WebCore::SubframeLoader::createJavaAppletWidget): Add new diagnostic key values: * page/DiagnosticLoggingKeys.cpp: (WebCore::DiagnosticLoggingKeys::pageContainsPluginKey): (WebCore::DiagnosticLoggingKeys::pageContainsAtLeastOnePluginKey): * page/DiagnosticLoggingKeys.h: Add a map of plugin types seen per-page for diagnostic purposes: * page/Page.cpp: (WebCore::Page::hasSeenAnyPlugin): (WebCore::Page::hasSeenPlugin): (WebCore::Page::sawPlugin): * page/Page.h: 2012-08-06 Lucas Forschler <lforschler@apple.com> Merge 123907 2012-07-27 Anders Carlsson <andersca@apple.com> Show the unavailable plug-in indicator for Java applets as well https://bugs.webkit.org/show_bug.cgi?id=92521 Reviewed by Sam Weinig. Now that <applet> behaves more like <embed> and <object>, make sure that we show the unavailable plug-in indicator and call the correct error callbacks if we fail to instantiate the plug-in. * WebCore.exp.in: Export a symbol needed by WebKit2. * html/HTMLAppletElement.cpp: (WebCore::HTMLAppletElement::HTMLAppletElement): Set the correct service type. * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::createJavaAppletWidget): Enable the unavailable plug-in indicator if we fail to create the java applet widget. 2012-08-06 Lucas Forschler <lforschler@apple.com> Merge 123811 2012-07-26 Anders Carlsson <andersca@apple.com> HTMLAppletElement should inherit from HTMLPlugInImageElement https://bugs.webkit.org/show_bug.cgi?id=92320 Reviewed by Eric Seidel. In order to simplify the class hierarchy and eventually merge HTMLPlugInImageElement and HMTLPlugInElement, make HTMLAppletElement inherit from HTMLPlugInImageElement. While this does mean that HTMLAppletElement will grow by a couple of words, in practice it won't matter. Also, make RenderApplet inherit from RenderEmbeddedObject and move the plug-in instantiation to HTMLAppletElement which matches both HTMLEmbedElement and HTMLObjectElement. * html/HTMLAppletElement.cpp: (WebCore::HTMLAppletElement::HTMLAppletElement): (WebCore::HTMLAppletElement::create): (WebCore::HTMLAppletElement::parseAttribute): (WebCore::HTMLAppletElement::rendererIsNeeded): (WebCore::HTMLAppletElement::createRenderer): (WebCore): (WebCore::HTMLAppletElement::renderWidgetForJSBindings): (WebCore::HTMLAppletElement::updateWidget): * html/HTMLAppletElement.h: (HTMLAppletElement): * html/HTMLTagNames.in: * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::createJavaAppletWidget): * loader/SubframeLoader.h: (SubframeLoader): * page/FrameView.cpp: (WebCore::FrameView::updateWidget): * rendering/RenderApplet.cpp: (WebCore::RenderApplet::RenderApplet): * rendering/RenderApplet.h: (RenderApplet): * rendering/RenderEmbeddedObject.h: (WebCore::toRenderEmbeddedObject): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::shouldBeNormalFlowOnly): (WebCore::RenderLayer::shouldBeSelfPaintingLayer): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateGraphicsLayerConfiguration): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::requiresCompositingForPlugin): * rendering/RenderObject.cpp: (WebCore::RenderObject::setStyle): * rendering/RenderObject.h: 2012-08-06 Lucas Forschler <lforschler@apple.com> Merge 121929 2012-07-05 Benjamin Poulain <bpoulain@apple.com> Double release of resources if the load is canceled in a callback of ResourceLoader::didFinishLoading https://bugs.webkit.org/show_bug.cgi?id=90431 Reviewed by Anders Carlsson. In ResourceLoader::didFinishLoadingOnePart(), we invoke didFinishLoad() on the WebKit client. If WebKit causes the current frame to cancel the load synchronously, the resources are already freed when ResourceLoader::didFinishLoadingOnePart() ends. When ResourceLoader::didFinishLoading() subsequently invokes releaseResources(), we are releasing the resources a second time. This patch add a second check for cancellation after invoking ResourceLoader::didFinishLoadingOnePart() to avoid such issues. The previous check at the beginning of ResourceLoader::didFinishLoading() has been removed because it is redundant with ResourceLoader::didFinishLoadingOnePart(). * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::didFinishLoading): (WebCore::ResourceLoader::didFinishLoadingOnePart): 2012-08-06 Lucas Forschler <lforschler@apple.com> Merge 118236 2012-05-23 Abhishek Arya <inferno@chromium.org> ASSERT failure toRenderProgress in HTMLProgressElement::didElementStateChange https://bugs.webkit.org/show_bug.cgi?id=87274 Reviewed by Darin Adler. Progress bar can't run-in. Prevent it from becoming a run-in, leading to an unworkable RenderInline. Test: fast/runin/progress-run-in-crash.html * html/HTMLProgressElement.cpp: (WebCore::HTMLProgressElement::didElementStateChange): * rendering/RenderBlock.cpp: (WebCore::RenderBlock::moveRunInUnderSiblingBlockIfNeeded): 2012-08-06 Lucas Forschler <lforschler@apple.com> Merge 121803 2012-07-03 Nate Chapin <japhet@chromium.org> Protect this DocumentThreadableLoader in cancel() to handle reentrancy properly. https://bugs.webkit.org/show_bug.cgi?id=90483 Reviewed by Abhishek Arya. No new tests, covered by http/tests/xmlhttprequest/reentrant-cancel.html * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::cancel): 2012-08-06 Lucas Forschler <lforschler@apple.com> Merge 120845 2012-06-20 Nate Chapin <japhet@chromium.org> Don't re-enter CachedResource::removeClient() if an XHR is canceled and restarted multiple times. https://bugs.webkit.org/show_bug.cgi?id=89378 Reviewed by Eric Seidel. Test: http/tests/xmlhttprequest/reentrant-cancel.html * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::cancel): (WebCore::DocumentThreadableLoader::clearResource): Save off a copy of m_resource then clear it, so we don't call clearResource() multiple times for the same resource. 2012-08-06 Lucas Forschler <lforschler@apple.com> Revert 116203 2012-05-04 Julien Chaffraix <jchaffraix@webkit.org> Leaf non self-painting layers should bail out early in RenderLayer::paintLayer https://bugs.webkit.org/show_bug.cgi?id=85678 Reviewed by Darin Adler. Performance optimization, no expected change in behavior. The gist of the change is that leaf non self-painting layers don't need to be painted as their associated RenderBoxModelObject should properly paint itself without any help. For RenderLayer trees that have a large number of leafs nodes (like a table with a leaf RenderLayer for each cells), not bailing out is a big overhead as it ends up doing a lot of computation for no real painting. See http://dglazkov.github.com/performance-tests/biggrid.html for a benchmark for that. On my machine, it reduces the paint time when scrolling to 70ms from 120ms (45% speedup). * rendering/RenderLayer.cpp: (WebCore::RenderLayer::paintLayer): 2012-08-06 Lucas Forschler <lforschler@apple.com> Merge 123780 2012-07-25 Jer Noble <jer.noble@apple.com> Add diagnostic messages when media and plugins load or fail to load. https://bugs.webkit.org/show_bug.cgi?id=92341 Reviewed by Anders Carlsson. Send diagnostic messages when a media or plugin element loads or fails to load. Include in the trace the media engine description, error code, or plugin mime type. * html/HTMLEmbedElement.cpp: (WebCore::HTMLEmbedElement::updateWidget): Send a diagnostic message. * html/HTMLMediaElement.cpp: (WebCore::stringForNetworkState): Added convenience function to stringify network states. (WebCore::HTMLMediaElement::mediaLoadingFailed): Send a diagnostic message. (WebCore::HTMLMediaElement::setReadyState): Send a diagnostic message. * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::updateWidget): Send a diagnostic message. 2012-08-06 Lucas Forschler <lforschler@apple.com> Merge 123778 2012-07-26 Jer Noble <jer.noble@apple.com> Add a ChromeClient method to send diagnostic logging messages from WebCore to the client. https://bugs.webkit.org/show_bug.cgi?id=92340 Reviewed by Anders Carlsson. Add a new ChromeClient menthod, to be implemented by WebKit and WebKit2, which sends a diagnostic logging message up to the client. * page/ChromeClient.h: (WebCore::ChromeClient::logDiagnosticMessage): * page/ChromeClient.h: (WebCore::ChromeClient::logDiagnosticMessage): (ChromeClient): * page/DiagnosticLoggingKeys.cpp: Added. (WebCore::DiagnosticLoggingKeys::mediaLoadedKey): (WebCore::DiagnosticLoggingKeys::mediaLoadingFailedKey): (WebCore::DiagnosticLoggingKeys::pluginLoadedKey): (WebCore::DiagnosticLoggingKeys::pluginLoadingFailedKey): (WebCore::DiagnosticLoggingKeys::passKey): (WebCore::DiagnosticLoggingKeys::failKey): (WebCore::DiagnosticLoggingKeys::noopKey): * page/DiagnosticLoggingKeys.h: Added. (DiagnosticLoggingKeys): Add the new files DiagnosticLoggingKeys.cpp,h to the project: * CMakeLists.txt: * GNUmakefile.list.am: * Target.pri: * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: 2012-08-06 Lucas Forschler <lforschler@apple.com> Merge 123775 2012-07-25 Jer Noble <jer.noble@apple.com> Add setting to enable and disable diagnostic logging. https://bugs.webkit.org/show_bug.cgi?id=92337 Reviewed by Anders Carlsson. Add a new entry in Settings, defaulting to false. * page/Settings.cpp: (WebCore::Settings::Settings): Default the new setting to false. * page/Settings.h: (WebCore::Settings::setDiagnosticLoggingEnabled): Simple accessor. (WebCore::Settings::diagnosticLoggingEnabled): Ditto. 2012-08-06 Lucas Forschler <lforschler@apple.com> Merge 123747 2012-07-26 Jer Noble <jer.noble@apple.com> Add a MediaPlayer API to retrieve the description of the current media engine. https://bugs.webkit.org/show_bug.cgi?id=92336 Reviewed by Eric Carlson. Add a utility function which retrieves, for diagnostic purposes, a brief description of the current media engine. Stubs have been added for each of the MediaPlayerPrivate subclasses which return the name of the class. * platform/graphics/MediaPlayer.cpp: (WebCore::MediaPlayer::engineDescription): * platform/graphics/MediaPlayer.h: * platform/graphics/MediaPlayerPrivate.h: (WebCore::MediaPlayerPrivateInterface::engineDescription): * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h: (WebCore::MediaPlayerPrivateAVFoundation::engineDescription): * platform/graphics/blackberry/MediaPlayerPrivateBlackBerry.h: (WebCore::MediaPlayerPrivate::engineDescription): * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: (WebCore::MediaPlayerPrivateGStreamer::engineDescription): * platform/graphics/mac/MediaPlayerPrivateQTKit.h: (WebCore::MediaPlayerPrivateQTKit::engineDescription): * platform/graphics/qt/MediaPlayerPrivateQt.h: (WebCore::MediaPlayerPrivateQt::engineDescription): * platform/graphics/wince/MediaPlayerPrivateWinCE.h: (WebCore::MediaPlayerPrivate::engineDescription): * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.h: (WebCore::MediaPlayerPrivateQuickTimeVisualContext::engineDescription): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 122676 2012-07-14 Eric Carlson <eric.carlson@apple.com> Enable AVCF hardware video decoding https://bugs.webkit.org/show_bug.cgi?id=90015 <rdar://problem/10770317> Reviewed by Anders Carlsson. * html/HTMLMediaElement.cpp: (WebCore): (WebCore::HTMLMediaElement::mediaPlayerGraphicsDeviceAdapter): New, return the client's graphics device adapter. * html/HTMLMediaElement.h: * page/ChromeClient.h: (WebCore::ChromeClient::graphicsDeviceAdapter): New. * platform/graphics/MediaPlayer.cpp: (WebCore::MediaPlayer::graphicsDeviceAdapter): New, ask the media element for the graphics device adapter. * platform/graphics/MediaPlayer.h: * platform/graphics/avfoundation/cf/AVFoundationCFSoftLinking.h: Soft-link AVCFPlayerSetDirect3DDevice and AVCFPlayerEnableHardwareAcceleratedVideoDecoderKey. * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp: (WebCore::MediaPlayerPrivateAVFoundationCF::createAVAssetForURL): Pass the current d3d9 device interface to the AVFWrapper. (WebCore::AVFWrapper::createAssetForURL): If the d3d9 device implements IDirect3DDevice9Ex, tell the AVAsset to enable hardware video decoding. (WebCore::AVFWrapper::createPlayer): Pass the d3d9 device to the player if it implements IDirect3DDevice9Ex. * platform/graphics/ca/win/CACFLayerTreeHost.h: (WebCore::CACFLayerTreeHost::graphicsDeviceAdapter): New, default implementation. * platform/graphics/ca/win/LegacyCACFLayerTreeHost.h: (WebCore::LegacyCACFLayerTreeHost::graphicsDeviceAdapter): New, default implementation. * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp: (WebCore::WKCACFViewLayerTreeHost::graphicsDeviceAdapter): New. * platform/graphics/ca/win/WKCACFViewLayerTreeHost.h: * platform/win/SoftLinking.h: Define SOFT_LINK_DLL_IMPORT_OPTIONAL, SOFT_LINK_LOADED_LIBRARY, and SOFT_LINK_VARIABLE_DLL_IMPORT_OPTIONAL. 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 123912 2012-07-27 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=92327 -webkit-background-clip:text is blurry in WebKit 1 apps when deviceScaleFactor > 1 -and corresponding- <rdar://problem/11683788> Reviewed by Simon Fraser. The bug here is that the code to make createCompatibleBuffer() HiDPI-savvy assumed that the deviceScaleFactor would always be baked into the CTM of the GraphicsContext. But that is NOT the case in WebKit 1. createCompatibleBuffer() is used for clip text and gradients. Now getCTM() takes a parameter indicating whether the result should definitely include the device scale, or if it should possibly included the device scale, which is the option that matches old behavior. * platform/graphics/GraphicsContext.h: (GraphicsContext): * platform/graphics/cairo/GraphicsContextCairo.cpp: (WebCore::GraphicsContext::getCTM): * platform/graphics/openvg/GraphicsContextOpenVG.cpp: (WebCore::GraphicsContext::getCTM): * platform/graphics/qt/GraphicsContextQt.cpp: (WebCore::GraphicsContext::getCTM): * platform/graphics/skia/GraphicsContextSkia.cpp: (WebCore::GraphicsContext::getCTM): * platform/graphics/wince/GraphicsContextWinCE.cpp: (WebCore::GraphicsContext::getCTM): * platform/graphics/wx/GraphicsContextWx.cpp: (WebCore::GraphicsContext::getCTM): Actually use the new parameter in the CG implementation. Use CG API to get a matrix that definitely includes the device scale when that is required. * platform/graphics/cg/GraphicsContextCG.cpp: (WebCore::GraphicsContext::getCTM): Remove some symbol cruft that doesn't seem to require a replacement. * WebCore.exp.in: Use DefinitelyIncludeDeviceScale when getting the CTM in the buggy spot. * platform/graphics/GraphicsContext.cpp: (WebCore::GraphicsContext::createCompatibleBuffer): The ImageBuffer for gradients is created using createCompatibleBuffer(), and since createCompatibleBuffer() now uses getCTM(DefinitelyIncludeDeviceScale) to determine appropriate sizing, drawPattern() should use that same matrix to determine pattern sizing. * platform/graphics/GeneratorGeneratedImage.cpp: (WebCore::GeneratorGeneratedImage::drawPattern): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 122293 2012-07-10 Shinya Kawanaka <shinyak@chromium.org> Crash in nextLinePosition() due to accessing a removed root line box. https://bugs.webkit.org/show_bug.cgi?id=90484 Reviewed by Abhishek Arya. When <object> element is reattached, the 'content' style is compared to the old style. If it is not the same, a flag to recalc style is enabled. Because of this, the recalc style flag is not cleared in updateLayoutIgnorePendingStyleSheets() in nextLinePosition(), and it causes the second layout in isEditablePosition(p). Then 'RootInlineBox root' is invalidated, but it's used after that. When the content of the same <object> elements are compared, they should be the same. However, operator== for ContentData is not implemented correctly (it compares a pointer instead of content). So operator== does not hold for the content of the same <object> elements. Test: editing/execCommand/crash-extend-selection-forward.html * rendering/style/ContentData.cpp: (WebCore::operator==): Compares the instance of data instead of pointer. 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 122188 2012-07-09 Kent Tamura <tkent@chromium.org> REGRESSION(r114862-r114886): Fix a crash by switching the input type to hidden. https://bugs.webkit.org/show_bug.cgi?id=90774 Reviewed by Andreas Kling. Test: fast/forms/hidden/change-type-to-hidden-after-updating-value.html * dom/Element.cpp: (WebCore::Element::setAttributeInternal): Pass a copy of the existing Attribute object. 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 121388 2012-06-27 Daniel Cheng <dcheng@chromium.org> Fix crash in Frame::nodeImage. https://bugs.webkit.org/show_bug.cgi?id=89911 Reviewed by Abhishek Arya. We were caching a pointer to a RenderObject and then calling updateLayout(). Instead, we need to get a pointer to the RenderObject again after updateLayout(). Test: fast/events/drag-display-none-element.html * page/Frame.cpp: (WebCore::Frame::nodeImage): * page/mac/FrameMac.mm: (WebCore::Frame::snapshotDragImage): (WebCore::Frame::nodeImage): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 121279 2012-06-26 Julien Chaffraix <jchaffraix@webkit.org> Crash in FixedTableLayout::layout https://bugs.webkit.org/show_bug.cgi?id=88676 Unreviewed typo fix, pointed out by Darin Adler. * rendering/AutoTableLayout.cpp: (WebCore::AutoTableLayout::layout): * rendering/FixedTableLayout.cpp: (WebCore::FixedTableLayout::layout): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 121275 2012-06-26 Julien Chaffraix <jchaffraix@webkit.org> Crash in FixedTableLayout::layout https://bugs.webkit.org/show_bug.cgi?id=88676 Reviewed by Abhishek Arya. Tests: fast/table/auto-table-layout-colgroup-removal-crash.html fast/table/fixed-table-layout/colgroup-removal-crash.html fast/table/fixed-table-layout/prepend-in-fixed-table.html The issue comes from RenderTable not properly dirtying its preferred logical widths. As the table layout codes (both fixed and auto), recomputes their internal structures at computePreferredLogicalWidth, the internal structure doesn't match the table sizing and we crash. This fix adds a work-around in FixedTableLayout::layout (which matches AutoTableLayout). The long-term fix would be to properly fix the logic but this is a lot safer, especially since our logic is really not bullet-proof at the moment. * rendering/FixedTableLayout.cpp: (WebCore::FixedTableLayout::layout): Added an internal structure recomputation, if we have drifted from our table's structure. Also we need to update nEffCols if we call calcWidthArray. * rendering/AutoTableLayout.cpp: (WebCore::AutoTableLayout::layout): Added a comment matching FixedTableLayout. The nEffCols is unneeded but kept for consistency with FixedTableLayout. 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 121031 2012-06-22 Abhishek Arya <inferno@chromium.org> Crash in DragController::concludeEditDrag. https://bugs.webkit.org/show_bug.cgi?id=89762 Reviewed by Ryosuke Niwa. RefPtr the innerFrame since it can get destroyed due to mutation event fired in DragController::dispatchTextInputEventFor(). Test: editing/pasteboard/drop-text-events-sideeffect-crash.html * page/DragController.cpp: (WebCore::DragController::concludeEditDrag): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 120862 2012-06-20 Abhishek Arya <inferno@chromium.org> Crash on accessing a removed renderer from percent height descendant map. https://bugs.webkit.org/show_bug.cgi?id=88017 Reviewed by Eric Seidel. Test: fast/block/percent-height-descendant-not-removed-crash2.html * rendering/RenderBlock.cpp: (WebCore::RenderBlock::hasPercentHeightContainerMap): helper to tell if we have a height container map. (WebCore): (WebCore::RenderBlock::hasPercentHeightDescendant): change from a debug only function to a regular function for use. no need to null check for a percent height container map in this function. (WebCore::RenderBlock::clearPercentHeightDescendantsFrom): helper to clear all percent height descendants under us. (WebCore::RenderBlock::removePercentHeightDescendantIfNeeded): helper to clear the box if it exists in the percent height descendant map. * rendering/RenderBlock.h: (RenderBlock): * rendering/RenderBox.cpp: (WebCore::RenderBox::willBeDestroyed): remove the assert and change the percent height detection check to use removePercentHeightDescendantIfNeeded. We shouldn't rely on logicalHeight().isPercent() as it can change when our writing mode changes. Instead, just query the map directly to see if we exist. (WebCore::RenderBox::styleDidChange): when our writing mode changes from horizontal to vertical or vice versa, we clear all our descendants from the percent height descendant map. Cache the value of isHorizontalWritingMode() before it changes in styleDidChange and compare it with the new value (can't use oldStyle->isHorizontalWritingMode() since it can be inherited and already updated). 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 120801 2012-06-19 Cris Neckar <cdn@chromium.org> Fixes condition where inserting a CounterNode subtree which could result in incorrect placement. https://bugs.webkit.org/show_bug.cgi?id=88142 Reviewed by Adam Barth. Test: fast/css/counters/counter-reset-subtree-insert-crash.html * rendering/CounterNode.cpp: (WebCore::CounterNode::insertAfter): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 120761 2012-06-19 Ken Buchanan <kenrb@chromium.org> Absolute positioned objects should not be added to anonymous block lists https://bugs.webkit.org/show_bug.cgi?id=87768 Reviewed by Abhishek Arya. containingBlock() was returning an anonymous block for absolute positioned objects under a relative positioned inline in the case that the inline is split and the object is underneath the block continuation. Anonymous blocks should never have anything in their positioned object lists because they can be destroyed at any time for a different reasons such as anonymous block merging, which is a problem for layout if they have m_posChildNeedsLayout set. This patch adds a generic check for anonymous blocks in containingBlock() to correct this problem. * rendering/RenderObject.cpp: (WebCore::RenderObject::containingBlock): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 120731 2012-06-19 Abhishek Arya <inferno@chromium.org> Crash in WebCore::RenderSVGModelObject::checkIntersection https://bugs.webkit.org/show_bug.cgi?id=89059 Reviewed by Rob Buis. getElementCTM updates layout causing the renderer to be destroyed. We get the new renderer by storing the element pointer and later accessing it using the element pointer. Test: svg/custom/intersection-list-crash.svg * rendering/svg/RenderSVGModelObject.cpp: (WebCore::RenderSVGModelObject::checkIntersection): (WebCore::RenderSVGModelObject::checkEnclosure): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 120559 2012-06-17 Philip Rogers <pdr@google.com> Prevent crash in SVGDocumentExtensions::removeAllElementReferencesForTarget. https://bugs.webkit.org/show_bug.cgi?id=88144 Reviewed by Abhishek Arya. When iterating over referencing elements to rebuild after a reference change in SVGDocumentExtensions::removeAllElementReferencesForTarget, we can modify the underlying toBeNotified vector, invalidating it. This change checks that a vector element is valid before rebuilding, preventing a crash. Some definitions from SVGDocumentExtensions that may put this patch in context: An example of a "referenced elements" is a <path>. An example of a "referencing element" is a <textPath href='some_path_id'>. m_elementDependencies is a map from referenced elements (e.g., paths) to a set of referencing elements (e.g., textPaths). The check that the vector element is valid relies on checking if the referencing element is in m_elementDependencies. This check is allowed because in the destructor of SVGTextPathElement (and SVGFeImageElement), removeAllTargetReferencesForElement() is called, removing the referencing element from m_elementDependencies. Simply checking if the referencing element is anywhere in m_elementDependencies is enough to show it is valid, but that requires iterating over all referenced elements to see if the given referencing element is present. This change only checks if the textPath is still in the elements referencing the path being removed, and only removes the referenced element from m_elementDependencies after forcing the referencing elements to be rebuilt. Test: svg/text/textpath-reference-crash.html * svg/SVGDocumentExtensions.cpp: (WebCore::SVGDocumentExtensions::removeAllElementReferencesForTarget): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 120554 2012-06-15 Darin Adler <darin@apple.com> REGRESSION (r111041): Missing element type check in RenderThemeMac::paintMediaFullscreenButton https://bugs.webkit.org/show_bug.cgi?id=89270 Reviewed by Oliver Hunt. * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::paintMediaFullscreenButton): Use the proper idiom for getting a media control element's type. 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 119914 2012-06-09 Florin Malita <fmalita@chromium.org> Fixed-position foreignObject descendants should be relative to the foreignObject viewport https://bugs.webkit.org/show_bug.cgi?id=88547 Reviewed by Abhishek Arya. Tests: svg/foreignObject/fO-fixed-position-crash.html svg/foreignObject/fixed-position-expected.svg svg/foreignObject/fixed-position.svg Fixed position elements are currently registered with the top level RenderView even when embedded within an SVG foreignOject. This patch changes containingBlock() & container() to return the containing foreignObject renderer instead. The new foreignObject fixed position behavior matches that of current FireFox and Opera versions and is consistent with the spec: http://www.w3.org/TR/CSS2/visuren.html#fixed-positioning http://www.w3.org/TR/SVG/coords.html#EstablishingANewViewport * rendering/RenderObject.cpp: (WebCore::RenderObject::containingBlock): (WebCore::RenderObject::container): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 119911 2012-06-09 Pablo Flouret <pablof@motorola.com> The value in Access-Control-Allow-Origin is not being matched correctly for CORS-enabled requests https://bugs.webkit.org/show_bug.cgi?id=88139 Reviewed by Adam Barth. Compare a request's origin with the value given in any Access-Control-Allow-Origin headers in an exact, case-sensitive manner, instead of using SecurityOrigin::isSameSchemeHostPort(). Per step 3 of the resource sharing check algorithm in http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#resource-sharing-check Test: http/tests/xmlhttprequest/origin-exact-matching.html * loader/CrossOriginAccessControl.cpp: (WebCore::passesAccessControlCheck): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 119870 2012-06-08 Ryosuke Niwa <rniwa@webkit.org> Crash in WebCore::InsertParagraphSeparatorCommand::doApply https://bugs.webkit.org/show_bug.cgi?id=88108 Reviewed by Levi Weintraub. Use NodeVector instead of walking through siblings as we mutate the DOM. No new tests are added since there is no reliable reduction. * editing/BreakBlockquoteCommand.cpp: (WebCore::BreakBlockquoteCommand::doApply): * editing/CompositeEditCommand.cpp: (WebCore::CompositeEditCommand::moveRemainingSiblingsToNewParent): (WebCore): * editing/CompositeEditCommand.h: (CompositeEditCommand): * editing/InsertParagraphSeparatorCommand.cpp: (WebCore::InsertParagraphSeparatorCommand::doApply): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 119439 2012-06-04 Jeffrey Pfau <jpfau@apple.com> Document cleanup can get confused if parser still exists https://bugs.webkit.org/show_bug.cgi?id=88250 Reviewed by Geoffrey Garen. No new tests; no behavior changes. * dom/Document.cpp: (WebCore::Document::removedLastRef): Detach parser earlier 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 119050 2012-05-30 Abhishek Arya <inferno@chromium.org> Crash in ContainerNode::parserAddChild. https://bugs.webkit.org/show_bug.cgi?id=87903 Reviewed by Ryosuke Niwa. Call the ChildNodeInsertionNotifier.notify call at the end since it can destroy |this| and some of the local pointers like |last|. This also matches the order of calls - childrenChanged precedes ChildNodeInsertionNotifier.notify in updateTreeAfterInsertion and ContainerNode::parserInsertBefore. Also remove a FIXME since we use ChildNodeInsertionNotifier.notify instead of ChildNodeInsertionNotifier.notifyInsertedIntoDocument (as recommended in the FIXME). Test: fast/dom/child-insertion-notify-crash.html * dom/ContainerNode.cpp: (WebCore::ContainerNode::parserAddChild): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 118816 2012-05-29 Abhishek Arya <inferno@chromium.org> Crash due to text fragment destruction when updating first-letter block. https://bugs.webkit.org/show_bug.cgi?id=87751 Reviewed by Eric Seidel. Test: fast/text/text-fragment-first-letter-update-crash.html * rendering/RenderObject.cpp: (WebCore::RenderObject::setStyle): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 118703 2012-05-28 Yong Li <yoli@rim.com> Crash on incomplete :not(). https://bugs.webkit.org/show_bug.cgi?id=86673 Reviewed by Antti Koivisto. Add back null-checks for incomplete :not() class which were dropped by r81845. * css/CSSSelector.cpp: (WebCore::CSSSelector::specificityForOneSelector): (WebCore::CSSSelector::selectorText): * css/SelectorChecker.cpp: (WebCore::SelectorChecker::checkOneSelector): (WebCore::SelectorChecker::determineLinkMatchType): 2012-08-02 Lucas Forschler <lforschler@apple.com> Merge 118592 2012-05-25 Abhishek Arya <inferno@chromium.org> Crash in RenderTableSection::paintCell. https://bugs.webkit.org/show_bug.cgi?id=87445 Reviewed by Eric Seidel and Julien Chaffraix. Fix the crash by preventing table parts from being set as layout root. This prevents us from accessing removed table cells which can happen if RenderTableSection::layout is called directly without calling RenderTable::layout first (in case of cell recalc). Add ASSERTs to RenderTableSection::layout to prevent layout to happen when we are already pending cell recalc or our table is pending section recalc. In those cases, RenderTable::layout should be called first to relayout the entire table. Test: tables/table-section-overflow-clip-crash.html * rendering/RenderObject.cpp: (WebCore::objectIsRelayoutBoundary): * rendering/RenderTableSection.cpp: (WebCore::RenderTableSection::layout): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 123637 2012-07-25 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=89114 REGRESSION (r112919): Setting scrollTop after setting display from none to block fails -and corresponding- <rdar://problem/11656050> Reviewed by Simon Fraser. ScrollAnimatorMac::immediateScrollTo() and ScrollAnimatorMac::immediateScrollBy() both have an optimization in place so that they do not call notifyPositionChanged() if the new scroll offset matches the ScrollAnimator's cached m_currentPosX and m_currentPosY. So revision 112919 caused troubled with this optimization because it allowed RenderLayers to restore a scrollOffset from the Element if there is one cached there. This caused the RenderLayer to have a scrollOffset that is improperly out-of-synch with the ScrollAnimator's currentPosition (which will just be 0,0 since it is being re-created like the RenderLayer). This fix makes sure they are in synch by calling setCurrentPosition() on the ScrollAnimator when the cached position is non-zero. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::RenderLayer): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 123486 2012-07-24 Dan Bernstein <mitz@apple.com> <rdar://problem/11945102> REGRESSION (r109451): Overlay scrollbars always use the default style, regardless of background color https://bugs.webkit.org/show_bug.cgi?id=92115 Reviewed by Mark Rowe. * platform/Scrollbar.cpp: (WebCore::Scrollbar::scrollbarOverlayStyle): Reversed an incorrect null check. 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 123411 2012-07-23 Roger Fong <roger_fong@apple.com> On Windows, if select element is off screen horizontally, menu is either inappropriately resized or positioned offscreen. https://bugs.webkit.org/show_bug.cgi?id=91913 <rdar://problem/7611229> Reviewed by Tim Horton. If the select element is positioned off the edge of the screen to the left, the menu is resized. It should not be resized, just shifted to remain on the screen. If the select element is positioned off the edge of the screen to the right, the menu goes off screen instead of being shifted over to appear on screen. This problem only occurs on Windows. Test: ManualTests/win/select-menu-off-screen.html * platform/win/PopupMenuWin.cpp: (WebCore::PopupMenuWin::calculatePositionAndSize): Modified final horizontal position calculation code to position popup menu on screen if it would otherwise go off. 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 122271 2012-07-10 Dean Jackson <dino@apple.com> REGRESSION (r109610): Order of values in shorthand animation makes a difference https://bugs.webkit.org/show_bug.cgi?id=84533 <rdar://problem/11831924> <rdar://problem/11815787> Reviewed by Simon Fraser. A previous revision (r109610) updated the parsing of the animation shorthand to make sure that animation-name wouldn't clobber other styles. The side effect of this was that we'd no longer find animation-name if it wasn't first in the list. This commit reverts the change and fixes it in a different way, by always parsing animation-name as the last property in the shorthand. This means that keywords for timing functions, fill modes and iteration will match before animation name. In other words, if you want an animation called "forwards" you should use the longhand property, because the shorthand will first match that against animation-fill-mode. Test: animations/animation-shorthand-name-order.html * css/CSSParser.cpp: (WebCore::CSSParser::parseAnimationShorthand): make a new array of longhand properties to check for, with name as the last entry rather than the first. Use this array to test the properties in the shorthand. 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 122228 2012-07-10 Alice Cheng <alice_cheng@apple.com> Editing: Reproducible crasher when pasting a 0x0 image into Mail https://bugs.webkit.org/show_bug.cgi?id=90640 <rdar://problem/11141920> Reviewed by Brady Eidson. 0x0 images don't get a resource representation in the WebArchive, so we need a null check Test: TestWebKitAPI/Tests/mac/0.png TestWebKitAPI/Tests/mac/WebViewCanPasteZeroPng.mm * platform/mac/PasteboardMac.mm: (WebCore::documentFragmentWithImageResource): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 122152 2012-07-09 Dean Jackson <dino@apple.com> Tiled drawing means some elements can disappear behind the page https://bugs.webkit.org/show_bug.cgi?id=88906 Reviewed by Simon Fraser. The compositing layers in the tile cache could become siblings of the compositing layers for page elements. This meant that in some 3d transforms, the elements could disappear behind the page background (which is rendered into the tile cache) or intersect with the tile cache tiles. Fix this by inserting a flattening layer between the tile cache and the page, ensuring that the cache will always be rendered first. I was able to reuse the clipping layer for this, because the tile cache is attached to the RenderView, so there should never be a case where we have both a clipping layer and tiles. The unfortunate part of this code is the temporary state variable that wraps the call to GraphicsLayer::create. Because that method calls back into the object, we need to make sure we don't create another tile cache. Also added some obvious names to the tile cache layers to help with debugging. Test: compositing/tile-cache-must-flatten.html * platform/graphics/ca/mac/TileCache.mm: (WebCore::TileCache::TileCache): give the tile host layer a name. (WebCore::TileCache::createTileLayer): * platform/graphics/ca/mac/WebTileCacheLayer.mm: (WebCore): give each tile layer a name. * rendering/RenderLayerBacking.cpp: (WebCore): (WebCore::RenderLayerBacking::shouldUseTileCache): check if we're in the middle of creating the primary graphics layer before answering. (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): wrap our call to createGraphicsLayer with a message to indicate we are making the layer that should get a tile cache. (WebCore::RenderLayerBacking::destroyGraphicsLayers): (WebCore::RenderLayerBacking::updateGraphicsLayerConfiguration): needs to make sure the flattening layer is in the tree. (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry): (WebCore::RenderLayerBacking::updateInternalHierarchy): (WebCore::RenderLayerBacking::updateClippingLayers): (WebCore::RenderLayerBacking::backingStoreMemoryEstimate): * rendering/RenderLayerBacking.h: rename m_clippingLayer to m_containmentLayer because it can now either be the clip or the tile cache flattener. Also a new state property used when creating the main graphics layer. (WebCore::RenderLayerBacking::hasClippingLayer): (WebCore::RenderLayerBacking::clippingLayer): (WebCore::RenderLayerBacking::parentForSublayers): (WebCore::RenderLayerBacking::hasTileCacheFlatteningLayer): (WebCore::RenderLayerBacking::tileCacheFlatteningLayer): (RenderLayerBacking): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 122082 2012-07-05 MORITA Hajime <morrita@google.com> Heap-use-after-free in WebCore::RenderObject::destroyAndCleanupAnonymousWrappers https://bugs.webkit.org/show_bug.cgi?id=90480 Reviewed by Kent Tamura. If <select> has any insertion point, the attachment phase unpextedly creates a renderer for distributed node and added to the renderer of the <select>, which breaks an assumption and results the crash. This change tighten the childShouldCreateRenderer() to forbid child renderers even from distributed nodes. There is an exception as always: ValidationMessage can create a ShadowRoot to <select>, which generates usually-forbidden child renderers. This change introduces HTMLFormControlElement::validationMessageContains() to let these renderers in. Test: fast/dom/shadow/insertion-point-list-menu-crash.html * html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::validationMessageContains): (WebCore): * html/HTMLFormControlElement.h: (HTMLFormControlElement): * html/HTMLSelectElement.cpp: (WebCore::HTMLSelectElement::childShouldCreateRenderer): * html/ValidationMessage.cpp: (WebCore::ValidationMessage::contains): (WebCore): * html/ValidationMessage.h: (WebCore): (ValidationMessage): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 121912 2012-07-05 Nate Chapin <japhet@chromium.org> REGRESSION (r115654): Sometimes does not replace content for multipart/x-mixed-replace https://bugs.webkit.org/show_bug.cgi?id=88436 Reviewed by Brady Eidson. Test: http/tests/multipart/multipart-replace-non-html-content.php * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::commitData): We should only send receivedFirstData() once per main resource load, rather than multiple times in a multipart load. (WebCore::DocumentLoader::setupForReplaceByMIMEType): m_gotFirstByte isn't set to true until data is actually committed, and multipart data is often not committed until the part is finished. Check whether the SharedBuffer is non-null instead. * testing/js/WebCoreTestSupport.cpp: (WebCoreTestSupport::resetInternalsObject): The JSInternals object my have already been cleared if the window shell was cleared as part of creation of a new Document. Check it before using it. 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 121646 2012-07-01 Timothy Hatcher <timothy@apple.com> Make the "Inspect Element" context menu item appear in nightly builds again. rdar://problem/11702613 https://webkit.org/b/89323 Reviewed by Dan Bernstein. * platform/ContextMenuItem.h: Fix the order of the ContextMenuAction enum to be binary compatible with older versions of WebKit. 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 121645 2012-07-01 Dan Bernstein <mitz@apple.com> <rdar://problem/11785743> [mac] Non-BMP characters in vertical text appear as missing glyphs https://bugs.webkit.org/show_bug.cgi?id=90349 Reviewed by Dean Jackson. Test: platform/mac/fast/text/vertical-surrogate-pair.html * platform/graphics/mac/GlyphPageTreeNodeMac.cpp: (WebCore::GlyphPage::fill): When calling wkGetVerticalGlyphsForCharacters or CTFontGetGlyphsForCharacters with a buffer consisting of surrogate pair, account for those functions’ behavior of placing glyphs at indices corresponding to the first character of each pair. 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 121643 2012-07-01 Kenichi Ishibashi <bashi@chromium.org> Arabic shaping is incorrect if ZWNJ exist https://bugs.webkit.org/show_bug.cgi?id=89843 Reviewed by Dan Bernstein. mac port treats ZWJ (zero-width-joiner) and ZWNJ (zero-width-non-joiner) as a part of combining character sequence. This could cause a problem when the font doesn't have glyph mapping of ZWJ and ZWNJ. Suppose the text to be rendered is "U+0645(MEEM) U+06CC(FARSI YEH) U+200C(ZWNJ)". In this case, U+0645 and U+06CC are rendered in isolated form if the font doesn't have a glyph for ZWNJ. They should be joined. This patch changes handling of ZWJ and ZWNJ. Treats ZWJ and ZWNJ as base characters so that a complex text run isn't separate at the point of ZWJ and ZWNJ even the font doesn't contain glyphs for them. If ComplexTextController finds ZWJ, it doesn't split the current complex text run. Test: platform/mac/fast/text/arabic-zwj-and-zwnj.html * platform/graphics/mac/ComplexTextController.cpp: (WebCore::advanceByCombiningCharacterSequence): Don't treat ZWJ and ZWNJ as a part of combining character sequence. (WebCore::ComplexTextController::collectComplexTextRuns): Set fontData to nextFontData if the baseCharacter is ZWJ. 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 121299 2012-06-26 Alice Cheng <alice_cheng@apple.com> Crash at WebCore::TextIterator::handleTextBox https://bugs.webkit.org/show_bug.cgi?id=89526 <rdar://problem/10305315> Reviewed by Darin Adler. The range used for marking becomes invalid after SpellingCorrectionCommand, due to changes in the DOM made by ReplaceSelectionCommand. This invalid range caused marking to be incorrect, and Mail.app to crash when iterating through the invalid range. To fix this, recalculate the range for marking after SpellingCorrectionCommand. Test: platform/mac/editing/spelling/autocorrection-blockquote-crash.html * editing/AlternativeTextController.cpp: (WebCore::AlternativeTextController::applyAlternativeTextToRange): * editing/Editor.cpp: (WebCore::Editor::markAndReplaceFor): * testing/Internals.cpp: (WebCore): (WebCore::Internals::hasAutocorrectedMarker): * testing/Internals.h: (Internals): * testing/Internals.idl: 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 120954 2012-06-21 Brady Eidson <beidson@apple.com> <rdar://problem/11718988> and https://bugs.webkit.org/show_bug.cgi?id=89673 showModalDialog fix creates risk of never returning from RunLoop::performWork, potentially blocking other event sources In case handling a function on the queue places additional functions on the queue, we should limit the number of functions each invocation of performWork() performs so it can return and other event sources have a chance to spin. The showModalDialog fix in question is http://trac.webkit.org/changeset/120879 Reviewed by Darin Adler and Anders Carlson. * platform/RunLoop.cpp: (WebCore::RunLoop::performWork): If there are only N functions in the queue when performWork is called, only handle up to N functions before returning. Any additional functions will be handled the next time the runloop spins. 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 120662 2012-06-18 Mike Lawther <mikelawther@chromium.org> Crash when setting title dynamically https://bugs.webkit.org/show_bug.cgi?id=88083 Reviewed by Dan Bernstein. Test: fast/text/title-crash.html The crashing code takes a rare branch in StyleResolver::styleForElement() where m_parentStyle is set to point to m_style. Consequently, while applying properties to m_style we end up mutating m_parentStyle. In this situation, we clone style() and point m_parentStyle at the clone. The clone is destroyed at the end of StyleResolver::styleForElement(). * css/StyleResolver.cpp: (WebCore::StyleResolver::collectMatchingRulesForList): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 119409 2012-06-04 Abhishek Arya <inferno@chromium.org> Crash in multi-column layout. https://bugs.webkit.org/show_bug.cgi?id=88022 Reviewed by Ojan Vafai. The patch addresses two problems:: 1. |this| in RenderBlock::splitBlocks can get destroyed when we move its children to the clone and later call updateBeforeAfterContent on the parent. So, we stop accessing its member variables and cache it in a local. 2. Positioned objects were not getting cleared from our grand parents. This will happen if our immediate children got moved to a clone tree, however at our parent nothing was moved. So, we make sure to remove the positioned objects at every level while we are doing the cloning. Tests: fast/multicol/span/empty-anonymous-block-split-crash.html fast/multicol/span/positioned-objects-not-removed-crash.html * rendering/RenderBlock.cpp: (WebCore::RenderBlock::splitBlocks): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 119227 2012-06-01 Dan Bernstein <mitz@apple.com> Layout not updated after setting -webkit-line-clamp to none https://bugs.webkit.org/show_bug.cgi?id=88049 Reviewed by Abhishek Arya. Test: fast/flexbox/line-clamp-removed-dynamically.html * rendering/RenderDeprecatedFlexibleBox.cpp: (WebCore::RenderDeprecatedFlexibleBox::styleWillChange): Added. Calls clearLineClamp if line-clamp will change to none. (WebCore::RenderDeprecatedFlexibleBox::clearLineClamp): Added. Marks possibly-clamped children for layout and clears truncation from blocks. * rendering/RenderDeprecatedFlexibleBox.h: 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 119184 2012-05-31 Tom Sepez <tsepez@chromium.org> XSSAuditor bypass with leading /*///*/ comment https://bugs.webkit.org/show_bug.cgi?id=88002 Reviewed by Adam Barth. Fixes issue in xssauditor's parsing of /*/. Test: http/tests/security/xssAuditor/script-tag-with-trailing-comment4.html * html/parser/XSSAuditor.cpp: (WebCore::XSSAuditor::decodedSnippetForJavaScript): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 118542 2012-05-25 Ken Buchanan <kenrb@chromium.org> Layout root not getting cleared for anonymous renderers geting destroyed https://bugs.webkit.org/show_bug.cgi?id=84002 Reviewed by Abhishek Arya. This is a follow-up to r109406, which added a check to clear layout roots when they point to a renderer that is being destroyed. The thinking was that layout roots would never be anonymous renderers, but there are some cases where this is not true (in particular, generated content containers with overflow clips can be layout roots). As in r109406, this patch has no layout test. This is because any test that exercises this behavior is caused by an existing layout bug where a child is not properly getting layout (or a renderer is getting dirtied out of order during layout) and will fail multiple ASSERTs: in particular, ASSERT(!m_layoutRoot->container() || !m_layoutRoot-> container()->needsLayout()) in FrameView::scheduleRelayoutOfSubtree(), and ASSERT_NOT_REACHED() in RenderObject::clearLayoutRootIfNeeded(). We are preventing those bugs from manifesting as security issues with this patch. This also removes an ASSERT from the RenderObject destructor. This is redundant with the condition in RenderObject::clearLayoutRootIfNeeded() which is always called in RenderObject::willBeDestroyed(), so the check is not needed. It had to be removed because it fails when I try to adjust the ASSERT condition by removing the !node() check, due to RenderWidget clearing its node() during destruction. * rendering/RenderObject.cpp: (WebCore::RenderObject::~RenderObject): (WebCore::RenderObject::willBeDestroyed): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 118478 (required 118143) 2012-05-24 Dominic Mazzoni <dmazzoni@google.com> Crash in WebCore::AccessibilityTable::isDataTable https://bugs.webkit.org/show_bug.cgi?id=87409 Reviewed by Abhishek Arya. Use Node::rendererIsEditable everywhere rather than Node::isContentEditable because the latter can trigger a layout and destroy the renderer. New test covers the change to AccessibilityTable.cpp, changes to AccessibilityRenderObject.cpp are covered by existing tests. Test: accessibility/contenteditable-table-check-causes-crash.html * accessibility/AccessibilityRenderObject.cpp: (WebCore::AccessibilityRenderObject::isReadOnly): (WebCore::AccessibilityRenderObject::contentChanged): * accessibility/AccessibilityTable.cpp: (WebCore::AccessibilityTable::isDataTable): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 118471 2012-05-24 Hayato Ito <hayato@chromium.org> Fix crashes caused by a DOMCharacterDataModified event on a text node. https://bugs.webkit.org/show_bug.cgi?id=86953 Reviewed by Dimitri Glazkov. TextNode can be released while CharacterData::setData() will dispatch a mutation event. So protect it. Mutation event itself should not be dispatched on the test case. This is being tracked by webkit bug https://bugs.webkit.org/show_bug.cgi?id=87372. Test: fast/events/dom-character-data-modified-textarea-crash.html * dom/CharacterData.cpp: (WebCore::CharacterData::setData): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 118420 2012-05-24 Levi Weintraub <leviw@chromium.org> Avoid creating InlineBoxes for floating and positioned objects in isolates. https://bugs.webkit.org/show_bug.cgi?id=87277 Reviewed by Eric Seidel. We currently will create a placeholder run for the first object we encounter inside an isolate. Then in RenderBlockLineLayout's constructBidiRuns, we replace that run with the contents of the Isolate. We run into problems when there are no valid contents in the Isolate. We can't simply remove the placeholder if there's nothing to replace it with since it may be the logically last run, which we track but can't rebuild by the time we're handling isolates (we've already shuffled the BidiRuns around). With this change, we avoid creating a placeholder altogether until we hit contents in the isolate that would warrant a BidiRun in the first place. Test: fast/text/international/float-as-only-child-of-isolate-crash.html * rendering/InlineIterator.h: (WebCore::IsolateTracker::addFakeRunIfNecessary): * rendering/RenderBlock.h: (RenderBlock): (WebCore::RenderBlock::shouldSkipCreatingRunsForObject): * rendering/RenderBlockLineLayout.cpp: (WebCore::RenderBlock::appendRunsForObject): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 118316 2012-05-23 Julien Chaffraix <jchaffraix@webkit.org> Crash in RenderTableCol::nextColumn https://bugs.webkit.org/show_bug.cgi?id=87314 Reviewed by Abhishek Arya. Tests: fast/table/canvas-column-in-column-group.html fast/table/columngroup-inside-columngroup.html The issue comes from elements not abiding by the display property (e.g. canvas). This means that any renderer with display: table-column would pass the current isChildAllowed check and would confuse our algorithm to iterate. We were getting away with allowing those children as table columns or column groups don't paint themselves but it's better to just not allow such children in the first place. * rendering/RenderTableCol.cpp: (WebCore::RenderTableCol::isChildAllowed): Fixed the logic to only accept proper column renderer (RenderTableCol with display: column to ignore column-groups). Also removed an unneeded NULL-check. 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 118248 2012-05-23 Abhishek Arya <inferno@chromium.org> Crash in RenderInline::linesVisualOverflowBoundingBox. https://bugs.webkit.org/show_bug.cgi?id=85804 Reviewed by Dave Hyatt. Defer layout of replaced elements to the next line break function. We shouldn't do it while we are clearing our inline chilren lineboxes in full layout mode. Test: fast/block/inline-children-root-linebox-crash.html * rendering/RenderBlockLineLayout.cpp: (WebCore::RenderBlock::layoutInlineChildren): (WebCore::RenderBlock::LineBreaker::nextLineBreak): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 118213 2012-05-23 Chris Fleizach <cfleizach@apple.com> Regression(r112694): Crash in WebCore::AXObjectCache::postNotification https://bugs.webkit.org/show_bug.cgi?id=86029 Reviewed by Abhishek Arya. Test: accessibility/content-changed-notification-causes-crash.html * accessibility/AccessibilityObject.h: (WebCore::AccessibilityObject::isDetached): (AccessibilityObject): * accessibility/AccessibilityRenderObject.cpp: (WebCore::AccessibilityRenderObject::contentChanged): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 117792 2012-05-21 Stephen Chenney <schenney@chromium.org> SVGAnimatedPropertyTearOff does not clear a self pointer on deletion https://bugs.webkit.org/show_bug.cgi?id=86119 Reviewed by Nikolas Zimmermann. SVGAnimatedPropertyTearOff contains two SVGPropertyTearOff objects that have a pointer back to the SVGAnimatedPropertyTearOff. JS may also have a reference to these SVGPropertyTearOff objects. When the SVGAnimatedPropertyTearOff is deleted, the SVGPropertyTearOff objects may live on, but the pointer back to the deleted animated property tear off is left invalid. This patch clears the pointers on destruction of the SVGAnimatedPropertyTearOff. Test: svg/custom/bug86119.html * svg/properties/SVGAnimatedPropertyTearOff.h: (WebCore::SVGAnimatedPropertyTearOff::~SVGAnimatedPropertyTearOff): (SVGAnimatedPropertyTearOff): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 116653 2012-05-10 Abhishek Arya <inferno@chromium.org> Crash in InsertParagraphSeparatorCommand::doApply. https://bugs.webkit.org/show_bug.cgi?id=84995 Reviewed by Ryosuke Niwa. Test: editing/inserting/insert-paragraph-seperator-crash.html * editing/DeleteSelectionCommand.cpp: (WebCore::DeleteSelectionCommand::mergeParagraphs): no need of static cast, since type of enclosingBlock returned is already Element*. * editing/IndentOutdentCommand.cpp: (WebCore::IndentOutdentCommand::tryIndentingAsListItem): no need of static cast, since type of enclosingBlock returned is already Element*. * editing/InsertParagraphSeparatorCommand.cpp: (WebCore::InsertParagraphSeparatorCommand::doApply): RefPtr startBlock to guard against mutation events. * editing/htmlediting.cpp: (WebCore::enclosingBlock): make sure type of enclosingNode is an element before doing the static cast. This was already failing in a couple of layout tests. Also, isBlock check already exists in the function call to enclosingNodeOfType, so don't need it again on enclosingNode's renderer. * editing/htmlediting.h: (WebCore): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 118005 2012-05-22 Abhishek Arya <inferno@chromium.org> Assertion failure (toRenderBox() called on a RenderInline) beneath RenderBlock::blockBeforeWithinSelectionRoot() https://bugs.webkit.org/show_bug.cgi?id=86500 Reviewed by Ojan Vafai. Patch by Dan Bernstein<mitz@apple.com>. I just added the test. Test: fast/block/line-layout/selection-highlight-crash.html * rendering/RenderBlock.cpp: (WebCore::RenderBlock::blockBeforeWithinSelectionRoot): Demoted the object local variable to RenderObject, changed use of parentBox() to parent(), and added toRenderBlock() in two places. 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 117957 2012-05-22 Hayato Ito <hayato@chromium.org> Fix crashes when a mouse points a <svg> element in shadow DOM subtree. https://bugs.webkit.org/show_bug.cgi?id=86795 Reviewed by Nikolas Zimmermann. <svg> elements in shadow dom subtree are still not supported. This fixes only crashes. Test: fast/dom/shadow/shadow-dom-event-dispatching.html * dom/EventDispatcher.cpp: (WebCore::eventTargetRespectingSVGTargetRules): * page/EventHandler.cpp: (WebCore::instanceAssociatedWithShadowTreeElement): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 117376 2012-05-16 James Robinson <jamesr@chromium.org> CachedImage does not clear the ImageObserver pointer when dropping its Image ref https://bugs.webkit.org/show_bug.cgi?id=86689 Reviewed by Eric Seidel. Image instances keep a weak pointer to their ImageObserver, which may be null. CachedImage is an ImageObserver and holds a RefPtr<Image> m_image. When CachedImage initializes its m_image to either an SVGImage or BitmapImage, it sets itself as that Image's ImageObserver. However, CachedImage never clears the ImageObserver pointer, even when dropping its reference to the Image. This means if other code holds a RefPtr<Image> there is no promise that calls on that Image will be valid. This patch clears the CachedImage::m_image's ImageObserver pointer whenever the CachedImage drops its reference. Image already has null checks for its m_imageObserver so this is always a safe operation. * loader/cache/CachedImage.cpp: (WebCore::CachedImage::~CachedImage): (WebCore::CachedImage::clear): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 117309 2012-05-16 Ken Buchanan <kenrb@chromium.org> Crash due to first-letter not getting computed on RenderTableCell https://bugs.webkit.org/show_bug.cgi?id=86133 Reviewed by Abhishek Arya. RenderTableCell overrides RenderBlock::layout() but doesn't call updateFirstLetter() in it. This is normally not a problem because updateFirstLetter() gets called during preferred logical width computation, but there exist rare occasions when layout of the table cell happens without preferred logical widths being dirty, in which case the first-letter update can be skipped. This patch adds a call to updateFirstLetter() to RenderTableCell::layout(). This ensures that the first-letter is up to date before commencing block layout. * rendering/RenderTableCell.cpp: (WebCore::RenderTableCell::layout) 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 117304 2012-05-16 Abhishek Arya <inferno@chromium.org> Missing RenderApplet cast check in HTMLAppletElement::renderWidgetForJSBindings. https://bugs.webkit.org/show_bug.cgi?id=86627 Reviewed by Andreas Kling. Test: java/inline-applet-crash.html * html/HTMLAppletElement.cpp: (WebCore::HTMLAppletElement::renderWidgetForJSBindings): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 117289 2012-05-16 Rob Buis <rbuis@rim.com> SVGSVGElement checkIntersection and checkEnclosure Mem corruption https://bugs.webkit.org/show_bug.cgi?id=67923 Reviewed by Nikolas Zimmermann. Only call checkIntersection/checkEnclosure when we have a valid renderer. Test: svg/custom/intersection-list-null.svg * svg/SVGSVGElement.cpp: (WebCore::SVGSVGElement::checkIntersection): (WebCore::SVGSVGElement::checkEnclosure): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 117161 2012-05-15 Abhishek Arya <inferno@chromium.org> Crash due shadow tree parent confusion in SVG. https://bugs.webkit.org/show_bug.cgi?id=84248 Reviewed by Nikolas Zimmermann. Test: svg/foreignObject/viewport-foreignobject-crash.html When we try to make a decision on whether we need an outer SVGRoot container, we detect if we are in shadow tree or not. We also need to make sure that our parentOrHostElement is also an svg element. * svg/SVGElement.cpp: (WebCore::SVGElement::isOutermostSVGSVGElement): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 117007 2012-05-14 Takashi Sakamoto <tasak@google.com> Crash in WebCore::RenderObject::repaint https://bugs.webkit.org/show_bug.cgi?id=86162 Reviewed by Abhishek Arya. As RenderScrollbarPart has no parent renderer, we crash in WebCore::RenderBoxModelObject::paddingLeft when paddingLeft has percent value, e.g. 5%. However if we set the scrollbar's parent renderer to a renderer owning the scrollbar by using setParent method, RenderScrollbarPart::styleWillChange will invoke parent renderer's repaint. This causes crash in WebCore::RenderObject::repaint if the owning renderer is already destroyed. To fix the first crash without the second crash, modify RenderObject::containingBlock() to check isRenderScrollbarPart or not, if parent() is 0. If so, use scrollbar's owningRenderer from RenderScrollbarPart. Test: scrollbars/scrollbar-percent-padding-crash.html scrollbars/scrollbar-scrollbarparts-repaint-crash.html * rendering/RenderObject.cpp: (WebCore::RenderObject::containingBlock): Modifying containingBlock. If parent() is 0 and isRenderScrollbarPart() is true, use RenderScrollbarPart's m_scrollbar->owningRenderer() instead of parent(). * rendering/RenderObject.h: (WebCore::RenderObject::isRenderScrollbarPart): (RenderObject): Adding a new method, isRenderScrollbarPart. * rendering/RenderScrollbarPart.cpp: (WebCore::RenderScrollbarPart::rendererOwningScrollbar): (WebCore): Adding a new method, scrollbarOwningRenderer to obtain m_scrollar's owningRenderer. * rendering/RenderScrollbarPart.h: (RenderScrollbarPart): Removing "friend class RenderScrollbar". (WebCore::RenderScrollbarPart::isRenderScrollbarPart): (WebCore::toRenderScrollbarPart): (WebCore): Implementing isRenderScrollbarPart and toRenderScrollbarPart. 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 116860 2012-05-12 Philip Rogers <pdr@google.com> Cleanup before changing attributeName in SVG <animate> https://bugs.webkit.org/show_bug.cgi?id=86100 Reviewed by Nikolas Zimmermann. Changing attributeName caused a crash because references were not removed from the old target. This change simply cleans up before changing attributeName in SVG animation elements. Test: svg/animations/dynamic-modify-attributename-crash.svg * svg/animation/SVGSMILElement.cpp: (WebCore::SVGSMILElement::svgAttributeChanged): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 116827 2012-05-11 David Barton <dbarton@mathscribe.com> use after free in WebCore::RenderObject::document https://bugs.webkit.org/show_bug.cgi?id=84891 Reviewed by Julien Chaffraix. Change RenderMathMLFenced::addChild() to use the beforeChild parameter. When beforeChild is 0, insert child renderers before the closing fence, which might not be the same as this->lastChild(), e.g. possibly due to anonymous blocks or generated content. Tests: mathml/presentation/mfenced-add-child1-expected.html mathml/presentation/mfenced-add-child1.html mathml/presentation/mfenced-add-child2-expected.html mathml/presentation/mfenced-add-child2.html * rendering/mathml/RenderMathMLFenced.cpp: (WebCore::RenderMathMLFenced::RenderMathMLFenced): (WebCore::RenderMathMLFenced::makeFences): (WebCore::RenderMathMLFenced::addChild): * rendering/mathml/RenderMathMLFenced.h: (RenderMathMLFenced): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 116717 2012-05-10 Abhishek Arya <inferno@chromium.org> Crash in swapInNodePreservingAttributesAndChildren. https://bugs.webkit.org/show_bug.cgi?id=85197 Reviewed by Ryosuke Niwa. Keep the children in a ref vector before adding them to newNode. They can get destroyed due to mutation events. No new tests because we don't have a reduction. * editing/ReplaceNodeWithSpanCommand.cpp: (WebCore::swapInNodePreservingAttributesAndChildren): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 116698 2012-05-10 Abhishek Arya <inferno@chromium.org> Crash in FontCache::releaseFontData due to infinite float size. https://bugs.webkit.org/show_bug.cgi?id=86110 Reviewed by Andreas Kling. New callers always forget to clamp the font size, which overflows to infinity on multiplication. It is best to clamp it at the end to avoid getting greater than std::numeric_limits<float>::max(). Test: fast/css/large-font-size-crash.html * platform/graphics/FontDescription.h: (WebCore::FontDescription::setComputedSize): (WebCore::FontDescription::setSpecifiedSize): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 116683 2012-05-10 Abhishek Arya <inferno@chromium.org> Crash due to floats not removed from first-letter element. https://bugs.webkit.org/show_bug.cgi?id=86019 Reviewed by Julien Chaffraix. Move clearing logic of a floating/positioned object from removeChild to removeChildNode. There are lot of places which use removeChildNode directly and hence the object is not removed from the floating or positioned objects list. Test: fast/block/float/float-not-removed-from-first-letter.html * rendering/RenderObject.cpp: (WebCore::RenderObject::removeChild): * rendering/RenderObjectChildList.cpp: (WebCore::RenderObjectChildList::removeChildNode): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 116669 2012-05-10 Abhishek Arya <inferno@chromium.org> Crash in ApplyStyleCommand::joinChildTextNodes. https://bugs.webkit.org/show_bug.cgi?id=85939 Reviewed by Ryosuke Niwa. Test: editing/style/apply-style-join-child-text-nodes-crash.html * editing/ApplyStyleCommand.cpp: (WebCore::ApplyStyleCommand::applyRelativeFontStyleChange): add conditions to bail out if our start and end position nodes are removed due to mutation events in joinChildTextNodes. (WebCore::ApplyStyleCommand::applyInlineStyle): this executes after applyRelativeFontStyleChange in ApplyStyleCommand::doApply. So, need to bail out if our start and end position nodes are removed due to mutation events. (WebCore::ApplyStyleCommand::joinChildTextNodes): hold all the children in a ref vector to prevent them from getting destroyed due to mutation events. 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 116647 2012-05-10 Stephen Chenney <schenney@chromium.org> SVG Filters allow invalid elements as children https://bugs.webkit.org/show_bug.cgi?id=83979 Reviewed by Nikolas Zimmermann. According to the SVG spec, there are numerous restrictions on the content of nodes (that is, their children). Specific to this problem, SVGFilter elements may only contain SVGFilterPrimitive elements, and those may only contain animation related elements. This patch enforces the restriction on filters in the render tree, thus preventing us from having (for instance) content that is inside a filter yet filtered by the filter. Manual test: ManualTests/bugzilla-83979.svg * svg/SVGFilterElement.cpp: (WebCore::SVGFilterElement::childShouldCreateRenderer): Added to only allow renderers for fe* children (WebCore): * svg/SVGFilterElement.h: (SVGFilterElement): * svg/SVGFilterPrimitiveStandardAttributes.h: Do not allow any children at all for fe* elements. (SVGFilterPrimitiveStandardAttributes): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 116642 2012-05-10 Keishi Hattori <keishi@webkit.org> Crash in HTMLFormControlElement::m_fieldSetAncestor https://bugs.webkit.org/show_bug.cgi?id=86070 Reviewed by Kent Tamura. No new tests. The previous patch r115990 didn't completely resolve the crash (Bug 85453) We don't have a reproducible test case, so we are reverting to the old code for setting m_fieldSetAncestor. * html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::HTMLFormControlElement): (WebCore::HTMLFormControlElement::updateFieldSetAndLegendAncestor): (WebCore::HTMLFormControlElement::insertedInto): Set m_dataListAncestorState to Unknown because ancestor has changed. Call setNeedsWillValidateCheck because style might need to be updated. (WebCore::HTMLFormControlElement::removedFrom): (WebCore::HTMLFormControlElement::disabled): (WebCore::HTMLFormControlElement::recalcWillValidate): (WebCore::HTMLFormControlElement::willValidate): (WebCore::HTMLFormControlElement::setNeedsWillValidateCheck): * html/HTMLFormControlElement.h: (HTMLFormControlElement): Added m_dataListAncestorState. 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 116551 2012-05-09 Ken Buchanan <kenrb@chromium.org> Crash from removal of a line break object https://bugs.webkit.org/show_bug.cgi?id=85997 Reviewed by David Hyatt. Regression from r115343. That replaced a call to setNeedsLayout() with a separate call that used a different bit during linebox invalidation after renderer child removal. There are special cases where layout isn't marked on parent nodes just from the removal, so line dirtying needs to explicitly mark ancestors for layout. * rendering/RenderObject.h: (WebCore::RenderObject::setAncestorLineBoxDirty): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 116545 2012-05-09 Abhishek Arya <inferno@chromium.org> Crash in ReplaceSelectionCommand::performTrivialReplace https://bugs.webkit.org/show_bug.cgi?id=85943 Reviewed by Ryosuke Niwa. RefPtr nodeAfterInsertionPos to guard against mutation events. Test: editing/inserting/insert-html-crash.html * editing/ReplaceSelectionCommand.cpp: (WebCore::ReplaceSelectionCommand::performTrivialReplace): 2012-07-30 Lucas Forschler <lforschler@apple.com> Merge 116476 2012-05-08 Abhishek Arya <inferno@chromium.org> Crash due to owning renderer not removed from custom scrollbar. https://bugs.webkit.org/show_bug.cgi?id=80610 Reviewed by Eric Seidel. Test: scrollbars/scrollbar-owning-renderer-crash.html Changed RenderScrollbar to keep pointer to owning node, instead of the renderer. Renderer can get destroyed without informing the scrollbar, causing crashes later. Remove code from r94107 since it is not needed anymore and saves times when RenderBox is getting destroyed. * page/FrameView.cpp: (WebCore::FrameView::createScrollbar): pass renderer's node. * page/FrameView.h: * rendering/RenderBox.cpp: (WebCore::RenderBox::willBeDestroyed): no longer need this. came originally from r94107. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::createScrollbar): pass renderer's node. (WebCore::RenderLayer::destroyScrollbar): no longer need to clear owning renderer. * rendering/RenderListBox.cpp: (WebCore::RenderListBox::createScrollbar): pass renderer's node. * rendering/RenderMenuList.cpp: (WebCore::RenderMenuList::createScrollbar): pass renderer's node. * rendering/RenderScrollbar.cpp: (WebCore::RenderScrollbar::createCustomScrollbar): Store owner node instead of renderer. (WebCore::RenderScrollbar::RenderScrollbar): Store owner node instead of renderer. (WebCore::RenderScrollbar::owningRenderer): calculate owning renderer from owner node. * rendering/RenderScrollbar.h: (RenderScrollbar): * rendering/RenderTextControlSingleLine.cpp: (WebCore::RenderTextControlSingleLine::createScrollbar): pass renderer's node. 2012-07-27 Lucas Forschler <lforschler@apple.com> Merge 116357 2012-05-07 Ken Buchanan <kenrb@chromium.org> Crash due to positioned object list not being cleared during block flow split https://bugs.webkit.org/show_bug.cgi?id=85074 Reviewed by Abhishek Arya. When an element is being split due to a column span element being inserted, any of its ancestors that are underneath the column containing block also get split. If an ancestor has an object in its positioned object list from a previous layout, then the list will have to be cleared because the positioned object could have moved to be under the continuation. This patch causes the list to be cleared. * rendering/RenderBlock.cpp: (WebCore::RenderBlock::splitBlocks): 2012-07-26 Lucas Forschler <lforschler@apple.com> Merge 116325 2012-05-07 Abhishek Arya <inferno@chromium.org> Crash in RenderBlock::updateFirstLetterStyle. https://bugs.webkit.org/show_bug.cgi?id=85759 Reviewed by Julien Chaffraix. Test: fast/css-generated-content/first-letter-next-sibling-crash.html RenderBlock::removeChild can bring up the children from last single anonymous block, causing |nextSibling| in RenderBlock::updateFirstLetterStyle to go stale. We prevent this by removing the child safely using removeChildNode before destroying it. * rendering/RenderBlock.cpp: (WebCore::RenderBlock::updateFirstLetterStyle): 2012-06-22 Lucas Forschler <lforschler@apple.com> Rollout 121034 This was 120954 from trunk. 2012-06-22 Lucas Forschler <lforschler@apple.com> Merge 120954 2012-06-21 Brady Eidson <beidson@apple.com> <rdar://problem/11718988> and https://bugs.webkit.org/show_bug.cgi?id=89673 showModalDialog fix creates risk of never returning from RunLoop::performWork, potentially blocking other event sources In case handling a function on the queue places additional functions on the queue, we should limit the number of functions each invocation of performWork() performs so it can return and other event sources have a chance to spin. The showModalDialog fix in question is http://trac.webkit.org/changeset/120879 Reviewed by Darin Adler and Anders Carlson. * platform/RunLoop.cpp: (WebCore::RunLoop::performWork): If there are only N functions in the queue when performWork is called, only handle up to N functions before returning. Any additional functions will be handled the next time the runloop spins. 2012-06-20 Lucas Forschler <lforschler@apple.com> Merge 120879 2012-06-20 Brady Eidson <beidson@apple.com> <rdar://problem/11653784> and https://bugs.webkit.org/show_bug.cgi?id=89590 showModalDialog message handling is flaky in WebKit2 Because RunLoop::performWork() swaps the function queue to a temporary Vector before calling the functions an inner run-loop - such as we see with running a modal dialog - does not have a change to handle any of the functions that were queued after the WebPageProxy::RunModal message. By servicing the functions in the queue one at a time we can give the RunLoop a chance to pick up where it left off if RunLoop::performWork is re-entered. To guarantee RunLoop::performWork is re-entered to handle those functions we also need to signal its source before entering the modal run loop so our RunLoop is woken up. Reviewed by Darin Adler. * WebCore.exp.in: * platform/RunLoop.cpp: (WebCore::RunLoop::performWork): Take the first function off the queue one at a time so subsequent functions remain in the queue and can be handled by an inner modal run loop. * platform/RunLoop.h: (RunLoop): Change the function queue to be a Deque to efficiently support "takeFirst" 2012-06-12 Lucas Forschler <lforschler@apple.com> Merge 120364 2012-06-14 Andreas Kling <kling@webkit.org> Crashes below IconDatabase::performPendingRetainAndReleaseOperations(). <http://webkit.org/b/88846> <rdar://problem/11629106> Reviewed by Brady Eidson. Put isolatedCopy() strings in the retain/release operation queues to make sure it's safe for secondary threads to ref/deref them in performPendingRetainAndReleaseOperations(). Also added assertions as appropriate. * loader/icon/IconDatabase.cpp: (WebCore::IconDatabase::retainIconForPageURL): (WebCore::IconDatabase::releaseIconForPageURL): (WebCore::IconDatabase::performPendingRetainAndReleaseOperations): 2012-06-12 Lucas Forschler <lforschler@apple.com> Merge 120357 2012-06-14 Jia Pu <jpu@apple.com> Mark text with text alternative with blue underline. https://bugs.webkit.org/show_bug.cgi?id=83047 Reviewed by Enrica Casucci. Tests: platform/mac/editing/input/edit-dictated-text-with-alternative.html platform/mac/editing/input/insert-dictated-text.html This patch implements visual indication on dictated text with alternatives, and provides UI to show alternative text on OS X. Majority of the changes is for generalizing existing AlternativeTextController class to handle dictation alternatives. The two new classes, AlternativeTextUIController and TextAlternativeWithRange, are used by both WebKit and WK2. So WebCore seems to be the natural place for them. * WebCore.exp.in: * WebCore.xcodeproj/project.pbxproj: * editing/AlternativeTextController.cpp: Expanded exising class interface to support dictation alternatives. (DictationAlternativeDetails): Marker detail class for dictation alternative mark. (WebCore::DictationAlternativeDetails::create): (WebCore::DictationAlternativeDetails::dictationContext): (WebCore::DictationAlternativeDetails::DictationAlternativeDetails): (WebCore::markerTypesForAppliedDictationAlternative): (WebCore::AlternativeTextController::applyAlternativeTextToRange): Generalized existing applyAlternativeTextToRange() to handle dictation alternatives. (WebCore::AlternativeTextController::timerFired): Expanded existing code to handle dictation alternatives. (WebCore::AlternativeTextController::handleAlternativeTextUIResult): Expanded existing code to handle dictation alternatives. (WebCore::AlternativeTextController::respondToChangedSelection): Moved part of the function into respondToMarkerAtEndOfWord() to improve readability. (WebCore::AlternativeTextController::shouldStartTimerFor): (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord): (WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText): (WebCore::AlternativeTextController::removeDictationAlternativesForMarker): (WebCore::AlternativeTextController::dictationAlternativesForMarker): (WebCore::AlternativeTextController::applyDictationAlternative): * editing/AlternativeTextController.h: * editing/Editor.cpp: (WebCore::Editor::notifyComponentsOnChangedSelection): Renamed existing respondToChangedSelection() function to avoid naming collision. (WebCore::Editor::appliedEditing): (WebCore::Editor::unappliedEditing): (WebCore::Editor::reappliedEditing): (WebCore::Editor::updateMarkersForWordsAffectedByEditing): (WebCore::Editor::changeSelectionAfterCommand): (WebCore::Editor::respondToChangedSelection): (WebCore::Editor::dictationAlternativesForMarker): (WebCore::Editor::applyDictationAlternativelternative): * editing/Editor.h: * editing/FrameSelection.h: * editing/mac/AlternativeTextUIController.h: Added. WK1 and WK2 use this class to keep track of text alternatives objects. (AlternativeTextUIController): (WebCore::AlternativeTextUIController::AlternativeTextUIController): (AlernativeTextContextController): (WebCore::AlternativeTextUIController::AlernativeTextContextController::AlernativeTextContextController): * editing/mac/AlternativeTextUIController.mm: Added. (WebCore::AlternativeTextUIController::AlernativeTextContextController::addAlternatives): (WebCore::AlternativeTextUIController::AlernativeTextContextController::alternativesForContext): (WebCore::AlternativeTextUIController::AlernativeTextContextController::removeAlternativesForContext): (WebCore::AlternativeTextUIController::AlernativeTextContextController::clear): (WebCore::AlternativeTextUIController::addAlternatives): (WebCore::AlternativeTextUIController::alternativesForContext): (WebCore::AlternativeTextUIController::clear): (WebCore::AlternativeTextUIController::showAlternatives): (WebCore::AlternativeTextUIController::handleAcceptedAlternative): (WebCore::AlternativeTextUIController::dismissAlternatives): (WebCore::AlternativeTextUIController::removeAlternatives): * editing/mac/TextAlternativeWithRange.h: Added. A simple struct to make it easier to pass around a pair of text alternatives object and range. * editing/mac/TextAlternativeWithRange.mm: Added. (WebCore::TextAlternativeWithRange::TextAlternativeWithRange): (WebCore::collectDictationTextAlternatives): * page/AlternativeTextClient.h: * page/ContextMenuController.cpp: Added code to show alternative dictated text in context menu. (WebCore::ContextMenuController::contextMenuItemSelected): (WebCore::ContextMenuController::populate): (WebCore::ContextMenuController::checkOrEnableIfNeeded): * platform/ContextMenuItem.h: * rendering/HitTestResult.cpp: (WebCore::HitTestResult::dictationAlternatives): * rendering/HitTestResult.h: * rendering/InlineTextBox.cpp: (WebCore::InlineTextBox::paintDocumentMarker): 2012-06-12 Lucas Forschler <lforschler@apple.com> Merge 119739 2012-06-07 Jer Noble <jer.noble@apple.com> sometimes all slaved videos don't start playing https://bugs.webkit.org/show_bug.cgi?id=88553 Reviewed by Darin Adler. Test: media/media-controller-time-clamp.html Some PlatformClock classes will occasionally return times < 0 and will always return times slightly > duration() when playback has ended. Clamp the value of currentTime() to the specified [0..duration] range. * html/MediaController.cpp: (MediaController::currentTime): 2012-06-12 Lucas Forschler <lforschler@apple.com> Merge 119644 2012-06-06 Brady Eidson <beidson@apple.com> <rdar://problem/11575112> and https://bugs.webkit.org/show_bug.cgi?id=88428 REGRESSION (r115654): Opening many non-English WebArchives shows obvious encoding issues Reviewed by Nate Chapin. Test: fast/loader/webarchive-encoding-respected.html * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::commitData): Properly set the main resource encoding from the webarchive. 2012-06-06 Mark Rowe <mrowe@apple.com> Merge r119548. 2012-06-05 Vitaly Buka <vitalybuka@chromium.org> Special layout handler should be done on top frame being printed. https://bugs.webkit.org/show_bug.cgi?id=88201 Reviewed by Brady Eidson. No new tests. Root case is already covered by tests. Case described in the issue can be reproduced only by direct call to Frame::setPrinting of subframe. Probably it's not possible with layout tests. * page/Frame.cpp: (WebCore::Frame::setPrinting): Use shouldUsePrintingLayout to choose proper version of forceLayout(). (WebCore::Frame::shouldUsePrintingLayout): Checks if current frame is the top frame being printed. * rendering/RenderView.cpp: (WebCore::RenderView::shouldUsePrintingLayout): Forward to Frame. 2012-06-06 Mark Rowe <mrowe@apple.com> Merge r119136. 2012-05-31 Brady Eidson <beidson@apple.com> <rdar://problem/11544454> and https://bugs.webkit.org/show_bug.cgi?id=87990 Crashes unregistering DOMWindowProperties while releasing CachedPages Reviewed by Jessie Berlin. This patch rewrites DOMWindowProperty to always keep direct track of the DOMWindow it has registered with and to only ever unregister from that very same DOMWindow. No new tests. (While the direct cause of the crash is understood, reproducing it is not) * page/DOMWindowProperty.cpp: (WebCore::DOMWindowProperty::DOMWindowProperty): (WebCore::DOMWindowProperty::~DOMWindowProperty): (WebCore::DOMWindowProperty::disconnectFrameForPageCache): (WebCore::DOMWindowProperty::reconnectFrameFromPageCache): (WebCore::DOMWindowProperty::willDestroyGlobalObjectInCachedFrame): (WebCore::DOMWindowProperty::willDestroyGlobalObjectInFrame): (WebCore::DOMWindowProperty::willDetachGlobalObjectFromFrame): * page/DOMWindowProperty.h: (DOMWindowProperty): 2012-06-06 Mark Rowe <mrowe@apple.com> Merge r119274. 2012-06-01 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=87774 REGRESSION (r105515): reflection masks are truncated at zoom levels < 1 -and corresponding- <rdar://problem/11387506> Reviewed by Simon Fraser. paintNinePieceImage() expects un-zoomed results from calculateImageIntrinsicDimensions(). This was previously addressed by having paintNinePieceImage() divide the effective zoom out of the result from calculateImageIntrinsicDimensions(). However, that results in buggy behavior for generated images and images with percentage sizes. In the end it seems best to just send a parameter to calculateImageIntrinsicDimensions() indicating whether the caller wants the result to be scaled by the effective zoom when appropriate. * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::calculateImageIntrinsicDimensions): (WebCore::RenderBoxModelObject::calculateFillTileSize): (WebCore::RenderBoxModelObject::paintNinePieceImage): * rendering/RenderBoxModelObject.h: (RenderBoxModelObject): 2012-05-31 Tim Horton <timothy_horton@apple.com> Disable CSS regions and exclusions on the Ampere branch <rdar://problem/10887709> Reviewed by Alexey Proskuryakov. Fix mismerge of regions-disabling patch (broke -webkit-print-color-adjust) * css/CSSParser.cpp: (WebCore::isValidKeywordPropertyAndValue): * dom/Document.idl: 2012-05-31 Ojan Vafai <ojan@chromium.org> add back the ability to disable flexbox https://bugs.webkit.org/show_bug.cgi?id=87147 Reviewed by Tony Chang. * Configurations/FeatureDefines.xcconfig: * css/CSSParser.cpp: (WebCore::isValidKeywordPropertyAndValue): 2012-05-31 Tim Horton <timothy_horton@apple.com> Disable CSS3 flexbox <rdar://problem/11524921> Reviewed by John Sullivan. * Configurations/FeatureDefines.xcconfig: 2012-05-31 Tim Horton <timothy_horton@apple.com> ENABLE_CSS3_FLEXBOX is insufficient to disable all web-facing bits of the feature https://bugs.webkit.org/show_bug.cgi?id=87537 <rdar://problem/11524921> Reviewed by Simon Fraser. Allow the feature flag to disable more web-facing parts of the CSS3 flexbox implementation (primarily fallout from hiding it from computed style). * css/CSSComputedStyleDeclaration.cpp: (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue): * css/CSSParser.cpp: (WebCore::isValidKeywordPropertyAndValue): (WebCore::isKeywordPropertyID): (WebCore::CSSParser::parseValue): * css/CSSPrimitiveValueMappings.h: (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): * css/CSSProperty.cpp: (WebCore::CSSProperty::isInheritedProperty): * css/CSSPropertyNames.in: * css/CSSValueKeywords.in: * css/StyleBuilder.cpp: (WebCore::StyleBuilder::StyleBuilder): * css/StylePropertySet.cpp: (WebCore::StylePropertySet::getPropertyValue): (WebCore::StylePropertySet::asText): * css/StylePropertyShorthand.cpp: (WebCore::shorthandForProperty): * css/StylePropertyShorthand.h: * css/StyleResolver.cpp: (WebCore::StyleResolver::collectMatchingRulesForList): * page/animation/CSSPropertyAnimation.cpp: (WebCore::CSSPropertyAnimation::ensurePropertyMap): * rendering/RenderObject.cpp: (WebCore::RenderObject::createObject): * rendering/style/RenderStyleConstants.h: 2012-05-31 Tim Horton <timothy_horton@apple.com> Add feature defines for web-facing parts of CSS Regions and Exclusions https://bugs.webkit.org/show_bug.cgi?id=87442 <rdar://problem/10887709> Reviewed by Dan Bernstein. * Configurations/FeatureDefines.xcconfig: * GNUmakefile.am: * bindings/generic/RuntimeEnabledFeatures.cpp: * bindings/generic/RuntimeEnabledFeatures.h: (RuntimeEnabledFeatures): (WebCore::RuntimeEnabledFeatures::setCSSExclusionsEnabled): (WebCore::RuntimeEnabledFeatures::cssExclusionsEnabled): * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/objc/DOMCSS.mm: (kitClass): * css/CSSComputedStyleDeclaration.cpp: (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue): * css/CSSParser.cpp: (WebCore::isSimpleLengthPropertyID): (WebCore::isValidKeywordPropertyAndValue): (WebCore::isKeywordPropertyID): (WebCore::CSSParser::parseValue): (WebCore::CSSParser::detectAtToken): * css/CSSProperty.cpp: (WebCore::CSSProperty::isInheritedProperty): * css/CSSPropertyNames.in: * css/CSSRule.cpp: (WebCore::CSSRule::cssText): (WebCore::CSSRule::destroy): (WebCore::CSSRule::reattach): * css/CSSRule.h: (WebCore::CSSRule::isRegionRule): * css/CSSRule.idl: * css/StyleBuilder.cpp: (WebCore::StyleBuilder::StyleBuilder): * css/StylePropertySet.cpp: (WebCore::StylePropertySet::getPropertyValue): (WebCore::StylePropertySet::asText): * css/StylePropertyShorthand.cpp: (WebCore::shorthandForProperty): * css/StylePropertyShorthand.h: * css/StyleResolver.cpp: (WebCore::StyleResolver::collectMatchingRulesForList): * css/StyleRule.cpp: (WebCore::StyleRuleBase::destroy): (WebCore::StyleRuleBase::copy): (WebCore::StyleRuleBase::createCSSOMWrapper): * css/WebKitCSSRegionRule.cpp: * css/WebKitCSSRegionRule.h: * css/WebKitCSSRegionRule.idl: * dom/Document.cpp: * dom/Document.h: * dom/Document.idl: * page/DOMWindow.idl: * page/Settings.cpp: (WebCore::Settings::Settings): * page/Settings.h: (WebCore::Settings::setCSSRegionsEnabled): (WebCore::Settings::cssRegionsEnabled): 2012-05-30 Lucas Forschler <lforschler@apple.com> Merge 118891 2012-05-29 Yoshifumi Inoue <yosin@chromium.org> REGRESSION(r111497): The "option" element doesn't match CSS pseudo class :enabled https://bugs.webkit.org/show_bug.cgi?id=87719 Reviewed by Kent Tamura. This patch added checking of "option" element for CSS pseudo class :enabled as same as :disabled to selector checker. Before r111497, it was done by using isFormControlElement. After that revision, HTMLOptionElement was no longer derived from HTMLFormControlElement. Test: fast/form/select/optgroup-rendering.html * css/SelectorChecker.cpp: (WebCore::SelectorChecker::checkOneSelector): Checking element is option element as same as PseudoDisabled in PseudoEnabled case. 2012-05-30 Lucas Forschler <lforschler@apple.com> Merge 118883 2012-05-29 Eric Seidel <eric@webkit.org> Fix ENABLE_IFRAME_SEAMLESS to actually fully disable <iframe seamless> https://bugs.webkit.org/show_bug.cgi?id=87646 Reviewed by Adam Barth. In the process of moving the seamless feature out of github and into bugs.webkit.org multiple versions of the shouldDisplaySeamlessly function got written (and moved from HTMLIFrameElement to Document), but only one of them was wrapped in ENABLE_IFRAME_SEAMLESS. HTMLIFrameElement was checking mayDisplaySeamlessly directly (as was my original design), which got around the ENABLE_IFRAME_SEAMLESS check. I've fixed this oversight, and the feature is now off when we tell it to be off. This is covered by many existing tests. I've verified locally that all tests fail when ENABLE_IFRAME_SEAMLESS is disabled instead of only some of them. * dom/SecurityContext.h: (SecurityContext): * html/HTMLIFrameElement.cpp: (WebCore::HTMLIFrameElement::shouldDisplaySeamlessly): 2012-05-30 Lucas Forschler <lforschler@apple.com> Merge 118820 2012-05-29 John Sullivan <sullivan@apple.com> Update label for blacklisted plug-in https://bugs.webkit.org/show_bug.cgi?id=87767 rdar://problem/11550048 Reviewed by Kevin Decker. * English.lproj/Localizable.strings: Regenerated. * platform/LocalizedStrings.cpp: (WebCore::insecurePluginVersionText): Changed this string. 2012-05-30 Lucas Forschler <lforschler@apple.com> Merge 118553 2012-05-25 Dean Jackson <dino@apple.com> Unreviewed, rolling out r112155. http://trac.webkit.org/changeset/112155 https://bugs.webkit.org/show_bug.cgi?id=79389 Hitch (due to style recalc?) when starting CSS3 animation This caused a number of issues, including: https://bugs.webkit.org/show_bug.cgi?id=87146 https://bugs.webkit.org/show_bug.cgi?id=84194 <rdar://problem/11506629> <rdar://problem/11267408> <rdar://problem/11531859> 2012-05-30 Lucas Forschler <lforschler@apple.com> Merge 118450 2012-05-24 Anders Carlsson <andersca@apple.com> Corrupted pages rendering when images are zoomed on Google+ https://bugs.webkit.org/show_bug.cgi?id=87439 <rdar://problem/11503078> Reviewed by Beth Dakin. The rect that's given to scrollContentsSlowPath is in frame view coordinates, but if we end up passing them to RenderLayer::setBackingNeedsRepaintInRect we need to account for the frame scale factor. * page/FrameView.cpp: (WebCore::FrameView::scrollContentsSlowPath): 2012-05-30 Lucas Forschler <lforschler@apple.com> Merge 118411 2012-05-24 Jer Noble <jer.noble@apple.com> MediaControlTimelineElement is adjusting time 3 times per click https://bugs.webkit.org/show_bug.cgi?id=58160 Reviewed by Eric Carlson. No new tests; we intentionally throttle timeupdate events for the same movie time, so there is no way to write a layout test for this case. Only call setCurrentTime() on mousedown or mousemove events. * html/shadow/MediaControlElements.cpp: (WebCore::MediaControlTimelineElement::defaultEventHandler): 2012-05-30 Lucas Forschler <lforschler@apple.com> Merge 118314 2012-05-23 Jer Noble <jer.noble@apple.com> REGRESSION: compositing/video/video-poster.html fails on Mac https://bugs.webkit.org/show_bug.cgi?id=87199 Reviewed by Maciej Stachowiak. No new tests; fixes failing compositing/video/video-poster.html test. Instead of creating the video layer directly, simply allow the layer to be created in updateStates() by changing the definition of isReadyForVideoSetup() to bypass the m_isAllowedToRender check if the player reports a video track is present. This causes the video layer to be created and for future calls to prepareForRendering() to result in calls to mediaPlayerRenderingModeChanged(). * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp: (WebCore::MediaPlayerPrivateAVFoundation::isReadyForVideoSetup): (WebCore::MediaPlayerPrivateAVFoundation::metadataLoaded): 2012-05-30 Lucas Forschler <lforschler@apple.com> Merge 118087 2012-05-22 Jer Noble <jer.noble@apple.com> REGRESSION (r98359): Video does not render on http://panic.com/dietcoda/ https://bugs.webkit.org/show_bug.cgi?id=87171 Reviewed by Maciej Stachowiak. No new tests; behavior is very timing specific and only occurs on a subset of all platforms. Instead of calling prepareForRendering() from metadataLoaded(), which may fail and cause subsequent calls to prepareForRendering() to short circuit, call createVideoLayer() directly, which achieves the original goals of the fix for http://webkit.org/b/70448, but without breaking subsequent calls to prepareForRendering() if called at the wrong time. * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp: (WebCore::MediaPlayerPrivateAVFoundation::metadataLoaded): 2012-05-30 Lucas Forschler <lforschler@apple.com> Merge 116319 2012-05-07 Nat Duca <nduca@chromium.org> Unreviewed, rolling out r115525. http://trac.webkit.org/changeset/115525 https://bugs.webkit.org/show_bug.cgi?id=66683 Too many pages rely on DOMTimeStamp as first argument. Reverting while we consider next steps. * WebCore.exp.in: * bindings/js/JSRequestAnimationFrameCallbackCustom.cpp: (WebCore::JSRequestAnimationFrameCallback::handleEvent): * dom/Document.cpp: (WebCore::Document::serviceScriptedAnimations): * dom/Document.h: (Document): * dom/RequestAnimationFrameCallback.h: (RequestAnimationFrameCallback): * dom/RequestAnimationFrameCallback.idl: * dom/ScriptedAnimationController.cpp: (WebCore::ScriptedAnimationController::ScriptedAnimationController): (WebCore::ScriptedAnimationController::serviceScriptedAnimations): (WebCore): (WebCore::ScriptedAnimationController::windowScreenDidChange): (WebCore::ScriptedAnimationController::scheduleAnimation): (WebCore::ScriptedAnimationController::animationTimerFired): * dom/ScriptedAnimationController.h: (ScriptedAnimationController): (WebCore::ScriptedAnimationController::displayRefreshFired): * page/FrameView.cpp: (WebCore::FrameView::serviceScriptedAnimations): * page/FrameView.h: (FrameView): * platform/graphics/DisplayRefreshMonitor.cpp: (WebCore::DisplayRefreshMonitor::DisplayRefreshMonitor): (WebCore::DisplayRefreshMonitor::notifyClients): * platform/graphics/DisplayRefreshMonitor.h: (DisplayRefreshMonitor): * platform/graphics/blackberry/DisplayRefreshMonitorBlackBerry.cpp: (WebCore::DisplayRefreshMonitor::displayLinkFired): * platform/graphics/mac/DisplayRefreshMonitorMac.cpp: (WebCore): (WebCore::DisplayRefreshMonitor::requestRefreshCallback): (WebCore::DisplayRefreshMonitor::displayLinkFired): 2012-05-30 Lucas Forschler <lforschler@apple.com> Rollout 115573 2012-04-26 Emil A Eklund <eae@chromium.org> and Levi Weintraub <leviw@chromium.org> Move Length and CSS length computation to float https://bugs.webkit.org/show_bug.cgi?id=84801 Reviewed by Eric Seidel. Change Length and CSS length computation to floating point. This gets us closer to the goal of supporting subpixel layout and improves precision for SVG which already uses floating point for its layout. This change makes computedStyle return fractional values for pixel values if a fraction is specified. It also changes the result of computations where two or more values with fractional precision. Prior to this change the result of Length(2.9) + Length(2.9) would be 4 as each value would be floored. With this change the result is 5 as the addition is done with floating point precision and then the result will be floored. Once we enable subpixel layout the resulting value in this example would be 5.8. Updated existing layout tests. * css/CSSComputedStyleDeclaration.cpp: (WebCore::zoomAdjustedPixelValue): * css/CSSPrimitiveValue.cpp: (WebCore::CSSPrimitiveValue::computeLength): * css/CSSPrimitiveValue.h: (WebCore): (WebCore::roundForImpreciseConversion): Add specialized float version of roundForImpreciseConversion that matches the int versions rounding logic. If a value is sufficiently close to the next integer round it up to ensure that a style rule such as "width: 4.999px" evaluates to 5px instead of 4px. This is needed as, although Lengths are using floating point, the layout system still uses integer precision and floors the Length values. This will change once we move to FractionalLayoutUnits but for now this is needed to ensure compatibility with the existing system and tests. Without this specialized rounding logic we fail a handful of tests including acid3. * platform/Length.h: (WebCore::Length::value): (Length): (WebCore::Length::intValue): * rendering/RenderTableCell.cpp: (WebCore::RenderTableCell::styleOrColLogicalWidth): 2012-05-28 Lucas Forschler <lforschler@apple.com> Merge 118399 2012-05-24 Jessie Berlin <jberlin@apple.com> REGRESSION(r109663) All the the dom/html/level2/html/HTMLFrameElement* tests crash on Windows https://bugs.webkit.org/show_bug.cgi?id=87410 Reviewed by Anders Carlsson. Do not pass a reference type to va_start (see r75435). * platform/LocalizedStrings.cpp: (WebCore::formatLocalizedString): 2012-05-28 Lucas Forschler <lforschler@apple.com> Merge 118397 2012-05-24 Alexey Proskuryakov <ap@apple.com> [WK2] Let the client give local files universal access on a case by case basis https://bugs.webkit.org/show_bug.cgi?id=87174 <rdar://problem/11024330> Reviewed by Maciej Stachowiak. * dom/Document.cpp: (WebCore::Document::initSecurityContext): When settings->allowUniversalAccessFromFileURLs() is false, also try asking the client for an indulgence. * loader/FrameLoaderClient.h: (WebCore::FrameLoaderClient::shouldForceUniversalAccessFromLocalURL): Default implementation doesn't change anything. 2012-05-28 Lucas Forschler <lforschler@apple.com> Merge 118039 2012-05-22 Vitaly Buka <vitalybuka@chromium.org> Fix iframe printing. https://bugs.webkit.org/show_bug.cgi?id=85118 Reviewed by Darin Adler, Eric Seidel. Patch fixed two issues by disabling special handling of subframes for printing. 1. Regression. Division by zero when forceLayoutForPagination called for subframes and page sizes set to zero. 2. Old issue. RendererView adjusted layout of subframes for printing and set invalid dimensions. Sometimes it caused missing iframe when printed. Test: printing/iframe-print.html * page/Frame.cpp: (WebCore::Frame::setPrinting): Calls forceLayoutForPagination for root frames only. (WebCore::Frame::resizePageRectsKeepingRatio): Added ASSERTs to catch division by zero. * rendering/RenderView.cpp: Replaced printing() with shouldUsePrintingLayout() for most calls. (WebCore::RenderView::computeLogicalHeight): (WebCore::RenderView::computeLogicalWidth): (WebCore::RenderView::layout): (WebCore::RenderView::shouldUsePrintingLayout): Returns true only if printing enabled and it's a root frame. (WebCore::RenderView::viewRect): (WebCore::RenderView::viewHeight): (WebCore::RenderView::viewWidth): * rendering/RenderView.h: 2012-05-24 Lucas Forschler <lforschler@apple.com> Merge 118204 2012-05-22 Jer Noble <jer.noble@apple.com> PlatformClockCM has uninitialized m_rate member. https://bugs.webkit.org/show_bug.cgi?id=87217 Reviewed by Eric Carlson. Test: media/media-controller-time.html Initialize the m_rate member to a default of 1 (second-per-second), matching the implementation of ClockGeneric. * platform/mac/PlatformClockCM.mm: (PlatformClockCM::PlatformClockCM): 2012-05-24 Lucas Forschler <lforschler@apple.com> Merge 118086 2012-05-22 Tim Horton <timothy_horton@apple.com> Add a quirk for applications that depend on the relative ordering of progressCompleted/didFinishLoad https://bugs.webkit.org/show_bug.cgi?id=87178 <rdar://problem/11468434> Reviewed by Maciej Stachowiak. Some applications depend on the relative ordering of progressCompleted/didFinishLoad, which was changed to be more correct in http://trac.webkit.org/changeset/94105. For applications built before 94105, we can provide the old behavior. For the time being, this will only apply to Mail.app. No new tests, will not affect behavior for any application except Mail. * loader/FrameLoader.cpp: (WebCore::FrameLoader::checkLoadCompleteForThisFrame): * page/Settings.cpp: (WebCore::Settings::Settings): * page/Settings.h: (WebCore::Settings::setNeedsDidFinishLoadOrderQuirk): (WebCore::Settings::needsDidFinishLoadOrderQuirk): 2012-05-24 Lucas Forschler <lforschler@apple.com> Merge 117471 2012-05-16 Andreas Kling <kling@webkit.org> Make PluginInfoStore properly thread-safe. <http://webkit.org/b/86648> <rdar://problem/11451178> Reviewed by Darin Adler. * plugins/PluginData.h: (WebCore::MimeClassInfo::isolatedCopy): (WebCore::PluginInfo::isolatedCopy): 2012-05-23 Lucas Forschler <lforschler@apple.com> Merge 117744 2012-05-18 Andreas Kling <kling@webkit.org> REGRESSION(r117501): IconDatabase asserts on startup in synchronousIconForPageURL(). <http://webkit.org/b/86935> <rdar://problem/11480012> Reviewed by Anders Carlsson. - Correctly set m_retainOrReleaseIconRequested to true in retainIconForPageURL(). This was causing the assertions, as we would end up doing nothing until the first icon release request came in. - Require that m_urlsToRetainOrReleaseLock be held when accessing m_retainOrReleaseIconRequested. This removes a possible race condition in double checked locking. - Swap over the retain/release work queues while holding m_urlsToRetainOrReleaseLock and release it right away to avoid sitting on the lock while updating the database. * loader/icon/IconDatabase.cpp: (WebCore::IconDatabase::synchronousIconForPageURL): (WebCore::IconDatabase::retainIconForPageURL): (WebCore::IconDatabase::releaseIconForPageURL): (WebCore::IconDatabase::retainedPageURLCount): (WebCore::IconDatabase::performURLImport): (WebCore::IconDatabase::syncThreadMainLoop): (WebCore::IconDatabase::performPendingRetainAndReleaseOperations): * loader/icon/IconDatabase.h: (IconDatabase): 2012-05-23 Lucas Forschler <lforschler@apple.com> Merge 117625 2012-05-18 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com> [Qt] REGRESSION(r117501): It made almost all tests assert in debug mode https://bugs.webkit.org/show_bug.cgi?id=86854 Reviewed by Andreas Kling. Initialize boolean flag in constructor and recheck the flag which can be modified by another thread under mutex. No new tests, fixes regression that caused layout test crash. * loader/icon/IconDatabase.cpp: (WebCore::IconDatabase::IconDatabase): (WebCore::IconDatabase::syncThreadMainLoop): 2012-05-23 Lucas Forschler <lforschler@apple.com> Merge 117501 2012-05-15 Andreas Kling <kling@webkit.org> IconDatabase: Move icon retain/release off of the main thread. <http://webkit.org/b/85799> <rdar://problem/9507113> Reviewed by Brady Eidson. Batch up the retain/release operations and execute them as part of the sync thread loop. The batch execution is guarded by a new mutex (m_urlsToRetainOrReleaseLock.) This avoids blocking the main thread on m_urlAndIconLock for basic retain/release. There is one exception; if there are pending retain/release operations in synchronousIconForPageURL, it will acquire the lock and flush the operations. There should be no behavior change, this is only meant to reduce lock contention. * loader/icon/PageURLRecord.h: (WebCore::PageURLRecord::retain): (WebCore::PageURLRecord::release): Added a 'count' argument to these so we can batch up the operations in IconDatabase. * loader/icon/IconDatabase.h: * loader/icon/IconDatabase.cpp: (WebCore::IconDatabase::performScheduleOrDeferSyncTimer): (WebCore::IconDatabase::performScheduleOrDeferSyncTimerOnMainThread): (WebCore::IconDatabase::scheduleOrDeferSyncTimer): Perform the the timer scheduling on the main thread as it can be done on a different thread by way of retainIconForPageURL or releaseIconForPageURL. (WebCore::IconDatabase::synchronousIconForPageURL): (WebCore::IconDatabase::retainIconForPageURL): (WebCore::IconDatabase::performRetainIconForPageURL): (WebCore::IconDatabase::releaseIconForPageURL): (WebCore::IconDatabase::performReleaseIconForPageURL): (WebCore::IconDatabase::retainedPageURLCount): (WebCore::IconDatabase::IconDatabase): (WebCore::IconDatabase::performURLImport): (WebCore::IconDatabase::syncThreadMainLoop): (WebCore::IconDatabase::performPendingRetainAndReleaseOperations): 2012-05-23 Lucas Forschler <lforschler@apple.com> Merge 116543 2012-05-03 Shawn Singh <shawnsingh@chromium.org> Hit testing is incorrect in some cases with perspective transforms https://bugs.webkit.org/show_bug.cgi?id=79136 Reviewed by Simon Fraser. Tests: transforms/3d/hit-testing/coplanar-with-camera.html transforms/3d/hit-testing/perspective-clipped.html * platform/graphics/transforms/TransformationMatrix.cpp: (WebCore::TransformationMatrix::projectPoint): Fix a divide-by-zero error so that values do not become Inf or Nan. Also fix an overflow error by using a large, but not-too-large constant to represent infinity. (WebCore::TransformationMatrix::projectQuad): Fix an error where incorrect quads were being returned. Incorrect quads can occur when projectPoint clamped==true after returning. 2012-05-23 Lucas Forschler <lforschler@apple.com> Merge 116486 2012-05-08 Benjamin Poulain <bpoulain@apple.com> [JSC] Regression: addEventListener() and removeEventListener() raise an exception on missing args https://bugs.webkit.org/show_bug.cgi?id=85928 Reviewed by Geoffrey Garen. The functions addEventListener() and removeEventListener() raise an exception if there are missin arguments. This behavior breaks existing content. This patch change the code generator of JavaScript core to have an exception for addEventListener() and removeEventListener(). For those function, we do not raise an exception on missin argument. This patch does not modify the V8 code generator because such exceptions are already in place there. Tests: fast/dom/Window/window-legacy-event-listener.html fast/dom/XMLHttpRequest-legacy-event-listener.html fast/dom/node-legacy-event-listener.html * bindings/scripts/CodeGeneratorJS.pm: (GenerateImplementation): 2012-05-23 Lucas Forschler <lforschler@apple.com> Merge 116319 2012-05-07 Nat Duca <nduca@chromium.org> Unreviewed, rolling out r115525. http://trac.webkit.org/changeset/115525 https://bugs.webkit.org/show_bug.cgi?id=66683 Too many pages rely on DOMTimeStamp as first argument. Reverting while we consider next steps. * WebCore.exp.in: * bindings/js/JSRequestAnimationFrameCallbackCustom.cpp: (WebCore::JSRequestAnimationFrameCallback::handleEvent): * dom/Document.cpp: (WebCore::Document::serviceScriptedAnimations): * dom/Document.h: (Document): * dom/RequestAnimationFrameCallback.h: (RequestAnimationFrameCallback): * dom/RequestAnimationFrameCallback.idl: * dom/ScriptedAnimationController.cpp: (WebCore::ScriptedAnimationController::ScriptedAnimationController): (WebCore::ScriptedAnimationController::serviceScriptedAnimations): (WebCore): (WebCore::ScriptedAnimationController::windowScreenDidChange): (WebCore::ScriptedAnimationController::scheduleAnimation): (WebCore::ScriptedAnimationController::animationTimerFired): * dom/ScriptedAnimationController.h: (ScriptedAnimationController): (WebCore::ScriptedAnimationController::displayRefreshFired): * page/FrameView.cpp: (WebCore::FrameView::serviceScriptedAnimations): * page/FrameView.h: (FrameView): * platform/graphics/DisplayRefreshMonitor.cpp: (WebCore::DisplayRefreshMonitor::DisplayRefreshMonitor): (WebCore::DisplayRefreshMonitor::notifyClients): * platform/graphics/DisplayRefreshMonitor.h: (DisplayRefreshMonitor): * platform/graphics/blackberry/DisplayRefreshMonitorBlackBerry.cpp: (WebCore::DisplayRefreshMonitor::displayLinkFired): * platform/graphics/mac/DisplayRefreshMonitorMac.cpp: (WebCore): (WebCore::DisplayRefreshMonitor::requestRefreshCallback): (WebCore::DisplayRefreshMonitor::displayLinkFired): 2012-05-21 Lucas Forschler <lforschler@apple.com> Merge 117652 2012-05-18 Dan Bernstein <mitz@apple.com> Build fix after r117607. * platform/mac/WebCoreNSCellExtras.m: 2012-05-21 Lucas Forschler <lforschler@apple.com> Merge 117607 2012-05-18 Dan Bernstein <mitz@apple.com> <rdar://problem/11467250> No focus ring around popup buttons Reviewed by Anders Carlsson. The exact same issue was fixed for buttons drawn in ThemeMac.mm in <rdar://problem/10542095>. This change extends the fix to also cover buttons drawn in RenderThemeMac.mm. * WebCore.xcodeproj/project.pbxproj: Added WebCoreNSCellExtras.{h.m}. * platform/mac/ThemeMac.mm: Removed the definitions of BUTTON_CELL_DRAW_WITH_FRAME_DRAWS_FOCUS_RING and -[NSCell _web_drawFocusRingWithFrame:inView:] from here. They are now in WebCoreNSCellExtras. * platform/mac/WebCoreNSCellExtras.h: Added. * platform/mac/WebCoreNSCellExtras.m: Added. (-[NSCell _web_drawFocusRingWithFrame:inView:]): Moved from ThemeMac.mm here. * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::paintMenuList): Changed to use -_web_drawFocusRingWithFrame:inView:. (WebCore::RenderThemeMac::setPopupButtonCellState): Removed call to updateFocusedState() when the focus ring is drawn separately. 2012-05-21 Lucas Forschler <lforschler@apple.com> Merge 117537 2012-05-17 Dan Bernstein <mitz@apple.com> <rdar://problem/11419933> Problems with flipped writing modes and compositing https://bugs.webkit.org/show_bug.cgi?id=86032 Reviewed by Anders Carlsson. Test: compositing/bounds-in-flipped-writing-mode.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::calculateLayerBounds): Apply a writing-mode flip to the bounding box if needed. 2012-05-21 Lucas Forschler <lforschler@apple.com> Merge 117502 2012-05-17 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=86266 r112643/r116697 break Webview form input fields -and corresponding- <rdar://problem/11400430> Reviewed by Dan Bernstein. There is a recent history of changes in this are that seem worth documenting. First was the change to switch to using NSTextFieldCell to draw text fields: http://trac.webkit.org/changeset/104240 That led to problems because of the clear background that I thought at the time were specific to MountainLion. To fix that, I made this change: http://trac.webkit.org/changeset/110480 But that change resulted in styled text fields getting an un-themed border, which led to this change on the branch: http://trac.webkit.org/changeset/112643 and a change on TOT that was identical for Lion and SnowLeopard but introduced new behavior for MountainLion: http://trac.webkit.org/changeset/116697 And that brings us to this bug, where it turns out the clear background is a problem on Lion and SnowLeopard too. This patch fixes the bug by using the original WebCoreSystemInterface function to paint all text fields on Lion and SnowLeopard that are styled. This is what we used to paint all text fields before r104240, which is the first change listed above. Un-styled text fields will still use NSTextFieldCell on these platforms, but with a hardcoded white background. * rendering/RenderThemeMac.h: (RenderThemeMac): * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::paintTextField): (WebCore::RenderThemeMac::textField): 2012-05-21 Lucas Forschler <lforschler@apple.com> Merge 117366 2012-05-16 Jon Lee <jonlee@apple.com> Animated GIFs in page cache get updated https://bugs.webkit.org/show_bug.cgi?id=86668 <rdar://problem/11395549> Reviewed by Brady Eidson. Test: fast/loader/image-in-page-cache.html * rendering/RenderImage.cpp: (WebCore::RenderImage::imageChanged): When we are notified by the CachedImage that the image has changed, we check to see if the document is in the page cache. If so, we should not be updating, so we bail out early. 2012-05-21 Lucas Forschler <lforschler@apple.com> Merge 117365 2012-05-16 Tim Horton <timothy_horton@apple.com> Crash if SVG gradient stop has display: none set https://bugs.webkit.org/show_bug.cgi?id=86686 <rdar://problem/10751905> Reviewed by Dean Jackson. Create a renderer for SVGStopElement regardless of the "display" property. This matches the behavior of Opera and the SVG specification. Test: svg/custom/gradient-stop-display-none-crash.svg * svg/SVGStopElement.cpp: (WebCore::SVGStopElement::rendererIsNeeded): (WebCore): * svg/SVGStopElement.h: (SVGStopElement): 2012-05-21 Lucas Forschler <lforschler@apple.com> Merge 117326 2012-05-16 Jer Noble <jer.noble@apple.com> <video> elements with no video tracks report false for webkitSupportsFullscreen. https://bugs.webkit.org/show_bug.cgi?id=86650 Reviewed by Eric Carlson. No new tests; updated media/media-fullscreen-inline.html. With the new Full Screen API, the restriction that only video elements with video tracks can enter full screen seems arbitrary. Some media types will occasionally determine they have video tracks long after loadedmetadata, which breaks websites who check for webkitSupportsFullscreen(). Relax the restriction on webkitSupportsFullscreen() for ports where the Full Screen API is enabled and supported so as to no longer require hasVideo(). * html/HTMLVideoElement.cpp: (WebCore::HTMLVideoElement::supportsFullscreen): 2012-05-21 Lucas Forschler <lforschler@apple.com> Merge 117314 2012-05-16 Tim Horton <timothy_horton@apple.com> Scrollbar layers should respect accelerated drawing setting https://bugs.webkit.org/show_bug.cgi?id=86644 <rdar://problem/11462038> Reviewed by Simon Fraser. When creating scrollbar layers, pass through the accelerated drawing setting. No new tests. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::updateOverflowControlsLayers): 2012-05-21 Lucas Forschler <lforschler@apple.com> Merge 117313 2012-05-16 Tim Horton <timothy_horton@apple.com> FrameView::scrollContentsFastPath should use painted area to determine whether to drop out of the fast path https://bugs.webkit.org/show_bug.cgi?id=86651 <rdar://problem/11459243> Reviewed by Simon Fraser. Previously, we decided to fall out of the fast scrolling path by the number of fixed-position elements on the page. This was less than ideal if a single fixed position element took up a significant portion of the page, or if there were many small, cheap-to-paint fixed elements. Instead, we should use the fast path if less than 50% of the page will be repainted by fixed-position elements, and otherwise fall back to the slow path. I've tested a few different thresholds with an internal test; 50% seems to work relatively well, but the ideal value is hard to determine and likely depends on hardware. No new tests, performance improvement with few large fixed-position objects or many small ones. * page/FrameView.cpp: (WebCore::FrameView::scrollContentsFastPath): 2012-05-21 Lucas Forschler <lforschler@apple.com> Merge 117336 2012-05-16 Jeffrey Pfau <jpfau@apple.com> ImageLoader can still dispatch beforeload events for ImageDocuments https://bugs.webkit.org/show_bug.cgi?id=86658 <rdar://problem/11465863> Reviewed by Brady Eidson. Prevent flags regarding sending beforeload events from being set on ImageDocuments. No new tests; testing framework doesn't allow for testing ImageDocuments with injected JavaScript. * loader/ImageLoader.cpp: (WebCore::ImageLoader::updateFromElement): 2012-05-21 Lucas Forschler <lforschler@apple.com> Merge 117185 2012-05-15 Jeffrey Pfau <jpfau@apple.com> ImageDocuments erroneously trigger beforeload events for the main resource https://bugs.webkit.org/show_bug.cgi?id=86543 <rdar://problem/11309013> Reviewed by Brady Eidson. No new tests; testing framework doesn't allow for testing ImageDocuments with injected JavaScript. * loader/ImageLoader.cpp: (WebCore::ImageLoader::updateFromElement): 2012-05-21 Lucas Forschler <lforschler@apple.com> Merge 116864 2012-05-12 Abhishek Arya <inferno@chromium.org> Crash in HTMLSelectElement::setOption https://bugs.webkit.org/show_bug.cgi?id=85420 Reviewed by Eric Seidel RefPtr before option in HTMLSelectElement::setOption since it can get destroyed due to mutation events. Test: fast/dom/HTMLSelectElement/option-add-crash.html * html/HTMLSelectElement.cpp: (WebCore::HTMLSelectElement::setOption): 2012-05-16 Lucas Forschler <lforschler@apple.com> Merge 116595 2012-05-09 Jessie Berlin <jberlin@apple.com> Crash using the new WKBundleDOMWindowExtensions APIs. https://bugs.webkit.org/show_bug.cgi?id=85888 Reviewed by Brady Eidson. WKBundlePageWillDestroyGlobalObjectForDOMWindowExtensionCallback was only being invoked when the WKPage was destroyed, and then only for the child frames. In addition, the DOMWindowExtension was holding onto a destroyed DOMWindow and attempting to unregister from when the WK2 wrapper object was attempting to destroy the DOMWindowExtension. The underlying issue here was that the DOMWindowProperties were getting disconnectFrame and willDetachPage called on them at the wrong times. Rename DOMWindowProperty::disconnectFrame and reconnectFrame to disconnectFrameForPageCache and reconnectFrameFromPageCache for clarity. Only invoke DOMWindowProperty::disconnectFrameForPageCache when the frame is going into the page cache. In the cases where the DOMWindow is getting destroyed, the frame is being destroyed, or the DOMWindow is getting cleared because the frame is being navigated, invoke DOMWindowProperty::willDestroyGlobalObjectInFrame instead of disconnectFrame. Invoke DOMWindowProperty::willDetachGlobalObjectFromFrame when a document is being detached because the frame has been detached (e.g. fast/storage/storage-detached-iframe.html) and won't be immediately destroyed. Invoke DOMWindowProperty::willDestroyGlobalObjectInCachedFrame when a cached frame is being destroyed. New WK2 API Test: DOMWindowExtensionNoCache. * Modules/indexeddb/DOMWindowIndexedDatabase.cpp: (WebCore::DOMWindowIndexedDatabase::disconnectFrameForPageCache): Updated for disconnectFrame rename. (WebCore::DOMWindowIndexedDatabase::reconnectFrameFromPageCache): Updated for reconnectFrame rename. (WebCore::DOMWindowIndexedDatabase::willDestroyGlobalObjectInCachedFrame): Get rid of the suspended IDBFactory. (WebCore::DOMWindowIndexedDatabase::willDestroyGlobalObjectInFrame): Get rid of the IDBFactory. (WebCore::DOMWindowIndexedDatabase::willDetachGlobalObjectFromFrame): Ditto. * Modules/indexeddb/DOMWindowIndexedDatabase.h: * dom/Document.cpp: (WebCore::Document::prepareForDestruction): Tell the DOMWindow before detaching the Document. * dom/Document.h: * history/CachedFrame.cpp: (WebCore::CachedFrame::destroy): Tell the DOMWindow. * loader/FrameLoader.cpp: (WebCore::FrameLoader::clear): Use Document::prepareForDestruction so that the DOMWindow is told about the main frame navigation before detaching the Document. * loader/appcache/DOMApplicationCache.cpp: (WebCore::DOMApplicationCache::disconnectFrameForPageCache): Updated for the disconnectFrame rename. (WebCore::DOMApplicationCache::reconnectFrameFromPageCache): Updated for the reconnectFrame rename. (WebCore::DOMApplicationCache::willDestroyGlobalObjectInFrame): Cover the cases formerly covered by disconnectFrame (which was sometimes being called when called when the frame was destroyed). * loader/appcache/DOMApplicationCache.h: * notifications/DOMWindowNotifications.cpp: (WebCore::DOMWindowNotifications::disconnectFrameForPageCache): Updated for the disconnectFrame rename. (WebCore::DOMWindowNotifications::reconnectFrameFromPageCache): Updated for the reconnectFrame rename. (WebCore::DOMWindowNotifications::willDestroyGlobalObjectInCachedFrame): Get rid of the suspended notification center. (WebCore::DOMWindowNotifications::willDestroyGlobalObjectInFrame): Get rid of the notification center. (WebCore::DOMWindowNotifications::willDetachGlobalObjectFromFrame): Do not allow use of the notification center by detached frames. * notifications/DOMWindowNotifications.h: * page/DOMWindow.cpp: (WebCore::DOMWindow::clearDOMWindowProperties): Do not call disconnectDOMWindowProperties. It is now the responsibility of the callers to tell the DOMWindowProperties the correct cause of being cleared. (WebCore::DOMWindow::~DOMWindow): Make sure the DOMWindowProperties still know that the DOMWindow is going away. (WebCore::DOMWindow::frameDestroyed): Invoke willDestroyGlobalObjectInFrame on the DOMWindowProperties. (WebCore::DOMWindow::willDetachPage): It is no longer necessary to tell the DOMWindowProperties anything here. (WebCore::DOMWindow::willDestroyCachedFrame): Tell the DOMWindowProperties. (WebCore::DOMWindow::willDestroyDocumentInFrame): Ditto. (WebCore::DOMWindow::willDetachDocumentFromFrame): Ditto. (WebCore::DOMWindow::clear): Ditto. (WebCore::DOMWindow::disconnectDOMWindowProperties): Updated for the disconnectFrame rename. (WebCore::DOMWindow::reconnectDOMWindowProperties): Ditto. * page/DOMWindow.h: * page/DOMWindowExtension.cpp: (WebCore::DOMWindowExtension::DOMWindowExtension): Move the responsibility for tracking the disconnected DOMWindow to DOMWindowProperty, since DOMWindowProperty will need it to unregister the property when a cached frame is destroyed. (WebCore::DOMWindowExtension::disconnectFrameForPageCache): Remove the code to check for disconnectFrame being called twice - it is now only called when a frame goes into the page cache. Let the DOMWindowProperty keep track of the disconnected DOMWindow. (WebCore::DOMWindowExtension::reconnectFrameFromPageCache): Let the DOMWindowProperty keep track of the disconnected DOMWindow. (WebCore::DOMWindowExtension::willDestroyGlobalObjectInCachedFrame): Dispatch the willDestroyGlobalObjectForDOMWindowExtension callback. (WebCore::DOMWindowExtension::willDestroyGlobalObjectInFrame): Ditto, but only if the callback hasn't already been sent because the frame has been detached. (WebCore::DOMWindowExtension::willDetachGlobalObjectFromFrame): Send the callback because nothing interesting can be done in the frame once it has been detached. * page/DOMWindowExtension.h: * page/DOMWindowProperty.cpp: (WebCore::DOMWindowProperty::DOMWindowProperty): Keep track of the disconnected DOMWindow so it can be used to unregister the property when a cached frame is destroyed. (WebCore::DOMWindowProperty::~DOMWindowProperty): Also unregister the property when a DOMWindowProperty for a cached frame is destroyed. (WebCore::DOMWindowProperty::disconnectFrameForPageCache): Keep track of the disconnected DOMWindow. (WebCore::DOMWindowProperty::reconnectFrameFromPageCache): Ditto. (WebCore::DOMWindowProperty::willDestroyGlobalObjectInCachedFrame): Unregister the property from the disconnected DOMWindow. (WebCore::DOMWindowProperty::willDestroyGlobalObjectInFrame): Unregister the property from the DOMWindow and stop keeping track of the frame. (WebCore::DOMWindowProperty::willDetachGlobalObjectFromFrame): Do not set m_frame to 0 because detached frames still have access to the DOMWindow, even if they can't do anything meaningful with it. * page/DOMWindowProperty.h: * page/Frame.cpp: (WebCore::Frame::setView): Tell the DOMWindow that the Document is being detached so it can tell the DOMWindowProperties. * page/PointerLock.cpp: (WebCore::PointerLock::disconnectFrameForPageCache): Updated for disconnectFrame rename. (WebCore::PointerLock::willDestroyGlobalObjectInFrame): Cover the cases formerly covered by disconnectFrame (which was sometimes being called when called when the frame was destroyed). * page/PointerLock.h: 2012-05-16 Lucas Forschler <lforschler@apple.com> Merge 117196 2012-05-15 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=86549 Page Scale + Tiled Drawing: Twitter sign in page content disappears after typing into name and enabling password field -and corresponding- <rdar://problem/11415352> Reviewed by Oliver Hunt. The enormous rect we used to use would overflow in CA and do nothing when there was any scale > 1 on the context. Instead, just call setNeedsDisplay on each tile. * platform/graphics/ca/mac/TileCache.mm: (WebCore::TileCache::setNeedsDisplay): 2012-05-16 Lucas Forschler <lforschler@apple.com> Merge 117165 2012-05-15 Jer Noble <jer.noble@apple.com> r117147 causes a null-deref crash in DOMImplementation::createDocument() https://bugs.webkit.org/show_bug.cgi?id=86532 Reviewed by James Robinson. No new tests, but fixes many crashing tests. Protect against the possibility of being passed a NULL frame in DOMImplementation::createDocument(). * dom/DOMImplementation.cpp: (WebCore::DOMImplementation::createDocument): 2012-05-16 Lucas Forschler <lforschler@apple.com> Merge 117158 2012-05-15 Jer Noble <jer.noble@apple.com> Unreviewed build fix [Qt]. Protect the definition of DOMImplementationSupportsTypeClient class with #if ENABLE(VIDEO) so as not to cause compilation errors on ports with VIDEO disabled. * dom/DOMImplementation.cpp: 2012-05-16 Lucas Forschler <lforschler@apple.com> Merge 117147 2012-05-14 Jer Noble <jer.noble@apple.com> Site-specific hack: Disclaim WebM as a supported type on Mac for YouTube. https://bugs.webkit.org/show_bug.cgi?id=86409 Reviewed by Darin Adler. No new tests; site specific hack. Add a Mac-only site-specific hack which disclaims both video/webm and video/x-flv as supported types when the media element's document has a host of youtube.com. Add a new, pure-virtual prototype class for use by MediaPlayer::supportsType: * platform/graphics/MediaPlayer.h: (MediaPlayerSupportsTypeClient): (WebCore::MediaPlayerSupportsTypeClient::~MediaPlayerSupportsTypeClient): (WebCore::MediaPlayerSupportsTypeClient::mediaPlayerNeedsSiteSpecificHacks): (WebCore::MediaPlayerSupportsTypeClient::mediaPlayerDocumentHost): Use these new client calls to determine whether to apply the site-specific hack: * platform/graphics/MediaPlayer.cpp: (WebCore::MediaPlayer::supportsType): Add this prototype class as a superclass of HTMLMediaElement. Pass in the HTMLMediaElement's this pointer when calling MediaPlayer::supportsType(): * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::canPlayType): (WebCore::HTMLMediaElement::selectNextSourceChild): (WebCore::HTMLMediaElement::mediaPlayerNeedsSiteSpecificHacks): (WebCore::HTMLMediaElement::mediaPlayerDocumentHost): * html/HTMLMediaElement.h: As is HTMLMediaElement, a MediaPlayerSupportsTypeClient class is needed. Add a new class DOMImplementationSupportsTypeClient, an instance of which will be passed to MediaPlayer::supportsType(): * dom/DOMImplementation.cpp: (DOMImplementationSupportsTypeClient): (WebCore::DOMImplementationSupportsTypeClient::DOMImplementationSupportsTypeClient): (WebCore::DOMImplementation::createDocument): (WebCore::DOMImplementation::mediaPlayerNeedsSiteSpecificHacks): (WebCore::DOMImplementation::mediaPlayerDocumentHost): * dom/DOMImplementation.h: 2012-05-16 Lucas Forschler <lforschler@apple.com> Merge 117129 2012-05-15 Anders Carlsson <andersca@apple.com> Use unaccelerated scrolling deltas when rubber-banding https://bugs.webkit.org/show_bug.cgi?id=86503 <rdar://problem/11378742> Reviewed by Sam Weinig. * WebCore.exp.in: * platform/PlatformWheelEvent.h: (WebCore::PlatformWheelEvent::PlatformWheelEvent): (PlatformWheelEvent): (WebCore::PlatformWheelEvent::scrollCount): (WebCore::PlatformWheelEvent::unacceleratedScrollingDeltaX): (WebCore::PlatformWheelEvent::unacceleratedScrollingDeltaY): Add scroll count and unaccelerated scrolling deltas. * platform/mac/ScrollElasticityController.mm: (WebCore::elasticDeltaForTimeDelta): (WebCore::elasticDeltaForReboundDelta): (WebCore::reboundDeltaForElasticDelta): Call the new WKSI functions. (WebCore::ScrollElasticityController::handleWheelEvent): Use the unaccelerated scrolling deltas when needed. * platform/mac/WebCoreSystemInterface.h: * platform/mac/WebCoreSystemInterface.mm: Add new WKSI functions. 2012-05-16 Lucas Forschler <lforschler@apple.com> Merge 117113 2012-05-15 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=86506 REGRESSION (tiled drawing): No scrollbar while page is loading -and corresponding <rdar://problem/11444589> Reviewed by Anders Carlsson. We have always had a mechanism in place to suppress painting overlay scrollbars while the page is loading. However, that mechaism is overriden if the page has been scrolled. It should be, anyway. It was not being overriden when the scrolling was handled as a wheel event by the scrolling tree. This patch takes advantage of the fact that ScrollingTree::handleWheelEvent() already calls back to the main thread for handleWheelEventPhase() and just patches handleWheelEventPhase to mark m_haveScrolledSincePageLoad as true. * platform/mac/ScrollAnimatorMac.mm: (WebCore::ScrollAnimatorMac::handleWheelEventPhase): 2012-05-16 Lucas Forschler <lforschler@apple.com> Merge 117108 2012-05-15 Andreas Kling <kling@webkit.org> Deep copy PluginModuleInfo before passing across thread boundary. <http://webkit.org/b/86491> <rdar://problem/11451178> Reviewed by Anders Carlsson. * plugins/PluginData.h: (MimeClassInfo): (WebCore::MimeClassInfo::isolatedCopy): (PluginInfo): (WebCore::PluginInfo::isolatedCopy): 2012-05-16 Lucas Forschler <lforschler@apple.com> Merge 117032 2012-05-14 Tim Horton <timothy_horton@apple.com> RenderLayer::repaintRectIncludingDescendants shouldn't include repaint rects of composited descendants https://bugs.webkit.org/show_bug.cgi?id=86429 <rdar://problem/11445132> Reviewed by Simon Fraser. Change repaintRectIncludingDescendants to not include repaint rects for composited child layers, and rename the function to make it more clear that that's what it does now. No new tests, scrolling performance optimization. * page/FrameView.cpp: (WebCore::FrameView::scrollContentsFastPath): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::repaintRectIncludingNonCompositingDescendants): * rendering/RenderLayer.h: (RenderLayer): 2012-05-16 Lucas Forschler <lforschler@apple.com> Merge 117021 2012-05-14 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=86420 ScrollbarPainter should support expansionTransitionProgress Reviewed by Sam Weinig. expansionTransitionProgress works the same as uiStateTransitionProgress. This code just echoes that code, but for expansion instead of uiState. * platform/mac/NSScrollerImpDetails.h: * platform/mac/ScrollAnimatorMac.mm: (supportsExpansionTransitionProgress): (-[WebScrollbarPartAnimation setCurrentProgress:]): (-[WebScrollbarPainterDelegate cancelAnimations]): (-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]): (-[WebScrollbarPainterDelegate invalidate]): 2012-05-15 Lucas Forschler <lforschler@apple.com> rollout 116009 2012-05-15 Lucas Forschler <lforschler@apple.com> rollout 116013 2012-05-15 Sam Weinig <sam@webkit.org> <rdar://problem/11401642> ENABLE_IFRAME_SEAMLESS should be turned off on the branch Reviewed by Andy Estes. * Configurations/FeatureDefines.xcconfig: Disable ENABLE_IFRAME_SEAMLESS. 2012-05-15 Sam Weinig <sam@webkit.org> Disable CSS regions <rdar://problem/10887709> Reviewed by Anders Carlsson. * dom/Document.idl: #ifdef out webkitGetFlowByName. 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116960 2012-05-14 Eric Carlson <eric.carlson@apple.com> <video> won't load when URL ends with .php https://bugs.webkit.org/show_bug.cgi?id=86308 Reviewed by Darin Adler. Test: http/tests/media/video-query-url.html * platform/graphics/MediaPlayer.cpp: (WebCore::MediaPlayer::MediaPlayer): Initialize m_typeInferredFromExtension. (WebCore::MediaPlayer::load): Set m_typeInferredFromExtension appropriately. (WebCore::MediaPlayer::loadWithNextMediaEngine): If we don't find a media engine registered for a MIME type, and the type was inferred from the extension, give the first registered media engine a chance anwyay just as we do when there is no MIME type at all. * platform/graphics/MediaPlayer.h: Add m_typeInferredFromExtension. 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116831 2012-05-11 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=86278 Composited layers should only run the overlay scrollbars painting pass if necessary Reviewed by Dan Bernstein. It's not enough that the rootLayer has dirty scrollbars; we also have to actually be doing the overlay scrollbars painting pass to skip the early return. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::paintLayer): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116830 2012-05-11 Anders Carlsson <andersca@apple.com> Comcast website displays bottom of page when loaded https://bugs.webkit.org/show_bug.cgi?id=86277 <rdar://problem/11426887> Reviewed by Beth Dakin. There were two bugs here. The first bug was that FrameView::setScrollPosition didn't end up calling into the scrolling coordinator to update the scroll position. The second bug was that ScrollingTreeNodeMac::setScrollPosition didn't constrain the scroll position to the edge of the page. * page/FrameView.cpp: (WebCore::FrameView::setScrollPosition): Call requestScrollPositionUpdate. * page/scrolling/ScrollingTree.cpp: * page/scrolling/ScrollingTree.h: Remove setMainFrameScrollPosition, it is not called by anyone. * page/scrolling/mac/ScrollingTreeNodeMac.h: * page/scrolling/mac/ScrollingTreeNodeMac.mm: (WebCore::ScrollingTreeNodeMac::setScrollPosition): Clamp to the page size and call setScrollPositionWithoutContentEdgeConstraints. (WebCore::ScrollingTreeNodeMac::setScrollPositionWithoutContentEdgeConstraints): Update the scroll layer position and call back to the main thread. (WebCore::ScrollingTreeNodeMac::scrollBy): Call setScrollPosition. (WebCore::ScrollingTreeNodeMac::scrollByWithoutContentEdgeConstraints): Call setScrollPositionWithoutContentEdgeConstraints. 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116824 2012-05-11 Anders Carlsson <andersca@apple.com> Can't scroll on webpage after following links from Blogger https://bugs.webkit.org/show_bug.cgi?id=86274 <rdar://problem/11431352> Reviewed by Beth Dakin. When committing a new scroll layer, make sure to reset the scroll position. * page/scrolling/ScrollingTree.cpp: (WebCore::ScrollingTree::commitNewTreeState): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116821 2012-05-10 Timothy Hatcher <timothy@apple.com> Instrument timer function calls so they show up in the Web Inspector Timeline. https://webkit.org/b/86173 Reviewed by Pavel Feldman. Test: inspector/timeline/timeline-timer.html * bindings/js/ScheduledAction.cpp: (WebCore::ScheduledAction::executeFunctionInContext): Wrap the call with JSMainThreadExecState::instrumentFunctionCall and InspectorInstrumentation::didCallFunction. 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116799 2012-05-11 Tim Horton <timothy_horton@apple.com> FrameView->m_lastPaintTime is not updated in the tiled drawing case https://bugs.webkit.org/show_bug.cgi?id=86246 <rdar://problem/11248475> Reviewed by Simon Fraser. Update FrameView's m_lastPaintTime from RenderLayerBacking::paintContents if the RenderLayerBacking is backing a tiled drawing layer. In the future we might want to consider updating m_lastPaintTime when any compositing layer is painted into, but this change gets us on par with the non-tiled-drawing case as it stands now. No new tests. * page/FrameView.h: (WebCore::FrameView::setLastPaintTime): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::paintContents): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116832 2012-05-11 Jeffrey Pfau <jpfau@apple.com> REGRESSION (r114170): Scroll areas in nested frames improperly placed when tiled drawing is enabled https://bugs.webkit.org/show_bug.cgi?id=86239 Reviewed by Anders Carlsson. Fixes a regression introduced in r114170 by recursively adding positions of parent frames to placement of nested frame scroll areas. Manual tests: ManualTests/scrollable-positioned-frame.html ManualTests/scrollable-positioned-nested-frame.html * page/scrolling/ScrollingCoordinator.cpp: (WebCore::computeNonFastScrollableRegion): (WebCore::ScrollingCoordinator::frameViewLayoutUpdated): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116720 2012-05-10 Anders Carlsson <andersca@apple.com> PDF files won't scroll in Safari when using Adobe plug-in https://bugs.webkit.org/show_bug.cgi?id=86167 <rdar://problem/11389719> Reviewed by Sam Weinig. * page/scrolling/ScrollingCoordinator.cpp: (WebCore::computeNonFastScrollableRegion): Loop over the frame view children looking for plug-in views that want wheel events and add them to the non-fast scrollable region. Ideally, the plug-ins should be added to the set of scrollable areas, but PluginView in WebKit2 is not a ScrollableArea yet. * plugins/PluginViewBase.h: (PluginViewBase): (WebCore::PluginViewBase::wantsWheelEvents): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116720 2012-05-10 Anders Carlsson <andersca@apple.com> PDF files won't scroll in Safari when using Adobe plug-in https://bugs.webkit.org/show_bug.cgi?id=86167 <rdar://problem/11389719> Reviewed by Sam Weinig. * page/scrolling/ScrollingCoordinator.cpp: (WebCore::computeNonFastScrollableRegion): Loop over the frame view children looking for plug-in views that want wheel events and add them to the non-fast scrollable region. Ideally, the plug-ins should be added to the set of scrollable areas, but PluginView in WebKit2 is not a ScrollableArea yet. * plugins/PluginViewBase.h: (PluginViewBase): (WebCore::PluginViewBase::wantsWheelEvents): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116711 2012-05-10 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=86158 Overlay scrollbars without layers never paint in overflow regions in tiled drawing mode -and corresponding- <rdar://problem/11289546> Reviewed by Darin Adler. RenderLayers paint scrollbars that do not have their own layers by running a second pass through the layer tree after the layer tree has painted. This ensures that the scrollbars always paint on top of content. However, this mechanism was relying on FrameView::paintContents() as a choke-point for all painting to trigger the second painting pass. That is not a reasonable choke-point in tiled drawing, so this patch adds similar code to RenderLayerBacking. Only opt into the second painting pass for scrollbars that do not have their own layers. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::paintOverflowControls): A layer that paints into its backing cannot return early here if it has overlay scrollbars to paint. (WebCore::RenderLayer::paintLayer): This replicates code in FrameView::paintContents(). After painting the owning layer, do a second pass if there are overlay scrollbars to paint. * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::paintIntoLayer): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116697 2012-05-10 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=82131 [Mac] REGRESSION (r110480): Text field that specifies background-color (or is auto-filled) gets un-themed border -and corresponding- <rdar://problem/11115221> Reviewed by Maciej Stachowiak. This change rolls out r110480 which is what caused styled text fields to get the un-themed border, and it does a bunch of work to make sure we get the pretty, new version of the NSTextField art whenever possible. We do this differently for post-Lion OS's since there is now a way to opt into it all the time. Lion and SnowLeopard can only use the new art in HiDPI mode when the background color of the text field is just white. RenderThemeMac::textField() takes a boolean paramter used to determine if the new gradient will be used. * rendering/RenderThemeMac.h: (RenderThemeMac): This is the post-Lion workaround. This code has no effect on Lion and SnowLeopard. This allows up to opt into a version of [NSTextField drawWithFrame:] that will only draw the frame of the text field; without this, it will draw the frame and the background, which creates a number of problems with styled text fields and text fields in HiDPI. There is a less comprehesive workaround for Lion and SnowLeopard in place in RenderThemeMac::textField(). * rendering/RenderThemeMac.mm: (-[WebCoreTextFieldCell _coreUIDrawOptionsWithFrame:inView:includeFocus:]): This is the roll-out of r110480. (WebCore::RenderThemeMac::isControlStyled): See the comments for a full explanation, but this is mostly code for Lion and SnowLeopard to determine if we can opt into the new artwork. (WebCore::RenderThemeMac::paintTextField): (WebCore::RenderThemeMac::textField): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116794 2012-05-11 Anders Carlsson <andersca@apple.com> REGRESSION(r116687): [Chromium] plugins/embed-attributes-style.html shows a garbled string https://bugs.webkit.org/show_bug.cgi?id=86170 Reviewed by Andreas Kling. The string we are passing to the TextRun constructor needs to stay alive for longer so revert back to the old behavior where we store it as a member variable. * rendering/RenderEmbeddedObject.cpp: (WebCore::unavailablePluginReplacementText): (WebCore): (WebCore::RenderEmbeddedObject::setPluginUnavailabilityReason): (WebCore::RenderEmbeddedObject::getReplacementTextGeometry): * rendering/RenderEmbeddedObject.h: (RenderEmbeddedObject): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116695 2012-05-10 Anders Carlsson <andersca@apple.com> WebKit1: Add a way to blacklist specific plug-ins/plug-in versions https://bugs.webkit.org/show_bug.cgi?id=86150 <rdar://problem/9551196> Reviewed by Sam Weinig. * English.lproj/Localizable.strings: Update. * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::loadPlugin): It is possible that the client has already set the unavailability reason so don't try to set it twice. * platform/LocalizedStrings.cpp: (WebCore::insecurePluginVersionText): * platform/LocalizedStrings.h: Add insecure plug-in version text. * rendering/RenderEmbeddedObject.cpp: (WebCore::RenderEmbeddedObject::unavailablePluginReplacementText): * rendering/RenderEmbeddedObject.h: Add InsecurePluginVersion unavailability reason. 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116687 2012-05-10 Anders Carlsson <andersca@apple.com> Rename the missing plug-in indicator to the unavailable plug-in indicator https://bugs.webkit.org/show_bug.cgi?id=86136 Reviewed by Sam Weinig. Since the indicator is shown for more than just missing plug-ins, generalize it and use a plug-in unavailability reason enum to make it easier to extend. Also, pass the unavailability reason to the ChromeClient member functions. * WebCore.exp.in: * html/HTMLEmbedElement.cpp: (WebCore::HTMLEmbedElement::updateWidget): * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::updateWidget): * html/HTMLPlugInElement.cpp: (WebCore::HTMLPlugInElement::defaultEventHandler): * html/HTMLPlugInImageElement.cpp: (WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary): * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::loadPlugin): * page/ChromeClient.h: (WebCore::ChromeClient::shouldUnavailablePluginMessageBeButton): (WebCore::ChromeClient::unavailablePluginButtonClicked): * page/FrameView.cpp: (WebCore::FrameView::updateWidget): * rendering/RenderEmbeddedObject.cpp: (WebCore::RenderEmbeddedObject::RenderEmbeddedObject): (WebCore::RenderEmbeddedObject::setPluginUnavailabilityReason): (WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator): (WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsPressed): (WebCore::RenderEmbeddedObject::paint): (WebCore::RenderEmbeddedObject::paintReplaced): (WebCore::RenderEmbeddedObject::getReplacementTextGeometry): (WebCore::RenderEmbeddedObject::unavailablePluginReplacementText): (WebCore): (WebCore::RenderEmbeddedObject::isInUnavailablePluginIndicator): (WebCore::shouldUnavailablePluginMessageBeButton): (WebCore::RenderEmbeddedObject::handleUnavailablePluginIndicatorEvent): (WebCore::RenderEmbeddedObject::getCursor): * rendering/RenderEmbeddedObject.h: (RenderEmbeddedObject): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116685 2012-05-10 Brady Eidson <beidson@apple.com> <rdar://problem/10972577> and https://bugs.webkit.org/show_bug.cgi?id=80170 Contents of noscript elements turned into strings in WebArchives Reviewed by Andy Estes. There's a much deeper question about how innerHTML of <noscript> is expected to work in both a scripting and non-scripting environment that we should pursue separately. But for webarchives, we can solve this by filtering out the <noscript> elements completely if scripting is enabled. Test: webarchive/ignore-noscript-if-scripting-enabled.html * WebCore.exp.in: Add arguments to createMarkup and MarkupAccumulator methods to pass a Vector of QualifiedNames that should be filtered from the resulting markup: * editing/MarkupAccumulator.cpp: (WebCore::MarkupAccumulator::serializeNodes): (WebCore::MarkupAccumulator::serializeNodesWithNamespaces): * editing/MarkupAccumulator.h: * editing/markup.cpp: (WebCore::createMarkup): * editing/markup.h: If scripting is enabled, add the noscriptTag to the tag names to filter: * loader/archive/cf/LegacyWebArchive.cpp: (WebCore::LegacyWebArchive::create): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116579 2012-05-09 Anders Carlsson <andersca@apple.com> Speed up some parts of TileCache drawing https://bugs.webkit.org/show_bug.cgi?id=86033 <rdar://problem/10919373> Reviewed by Sam Weinig. * platform/graphics/ca/mac/TileCache.mm: (WebCore::TileCache::tileCoverageRect): If we can't have scrollbars, there's not much need to extend the tile coverage rect outside of the visible rect, since it's unlikely that we'll do any form of scrolling here. (WebCore::TileCache::revalidateTiles): Don't update the tile layer frame if it's big enough to contain the tile size. Also, if there are no new tiles created, don't call platformCALayerDidCreateTiles since that will trigger an extra layer flush. 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116570 2012-05-09 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=86025 RTL and vertical text documents do no scroll properly with the new tiled scrolling model -and corresponding- <rdar://problem/11077589> Reviewed by Dan Bernstein. Most of the fix here is just to teach the scrolling tree about the scroll origin. * page/scrolling/ScrollingCoordinator.cpp: (WebCore::ScrollingCoordinator::frameViewLayoutUpdated): (WebCore::ScrollingCoordinator::setScrollParameters): * page/scrolling/ScrollingCoordinator.h: (ScrollParameters): * page/scrolling/ScrollingTreeNode.cpp: (WebCore::ScrollingTreeNode::update): * page/scrolling/ScrollingTreeNode.h: (WebCore::ScrollingTreeNode::scrollOrigin): (ScrollingTreeNode): * page/scrolling/ScrollingTreeState.cpp: (WebCore::ScrollingTreeState::setScrollOrigin): (WebCore): * page/scrolling/ScrollingTreeState.h: (WebCore::ScrollingTreeState::scrollOrigin): (ScrollingTreeState): * page/scrolling/mac/ScrollingTreeNodeMac.mm: (WebCore::ScrollingTreeNodeMac::scrollPosition): (WebCore::ScrollingTreeNodeMac::setScrollLayerPosition): (WebCore::ScrollingTreeNodeMac::minimumScrollPosition): (WebCore::ScrollingTreeNodeMac::maximumScrollPosition): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::frameViewDidScroll): Teaching the scrolling tree about the scroll origin revealed this pre- existing bug. layoutOverflowRect() is not the right rect to use since it is not writing-mode savvy. unscaledDocumentRect() is the right rect for the view's bounds. * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateCompositedBounds): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116473 2012-05-08 Jon Lee <jonlee@apple.com> Safari warns that it needs to resend the form in an iFrame when going back https://bugs.webkit.org/show_bug.cgi?id=82658 <rdar://problem/11292558> Reviewed by Darin Adler. Test: http/tests/loading/post-in-iframe-with-back-navigation.html * WebCore.exp.in: Add _wkCFURLRequestAllowAllPostCaching. * platform/mac/WebCoreSystemInterface.h: Add wkCFURLRequestAllowAllPostCaching. * platform/mac/WebCoreSystemInterface.mm: Add wkCFURLRequestAllowAllPostCaching. * platform/network/cf/ResourceRequestCFNet.cpp: (WebCore::ResourceRequest::doUpdatePlatformRequest): Set the bit to cache all POST responses. * platform/network/mac/ResourceRequestMac.mm: (WebCore::ResourceRequest::doUpdatePlatformRequest): Set the bit to cache all POST responses. 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116458 2012-05-08 Philip Rogers <pdr@google.com> Prevent crash in animated lists https://bugs.webkit.org/show_bug.cgi?id=85382 Reviewed by Nikolas Zimmermann. Animated lists blindly assign the last list value to m_toAtEndOfDurationType in SVGAnimationElement::startedActiveInterval. If the last list value's length is larger or smaller than the animated "to" length, we crash. This change prevents accessing values off the end of toAtEndOfDuration by adding a check for this case. It may seem inefficient to perform this check on every animation update but the "to" value can change (in cardinality) while animating. I checked each of the other animation types (e.g., SVGAnimatedAngle, SVGAnimatedBoolean, etc.) and was only able to hit this style of crash in the three types modified in this change: SVGAnimatedLengthList, SVGAnimatedNumberList, and SVGAnimatedPointList. Tests: svg/animations/animate-linear-discrete-additive-b-expected.svg svg/animations/animate-linear-discrete-additive-b.svg svg/animations/animate-linear-discrete-additive-c-expected.svg svg/animations/animate-linear-discrete-additive-c.svg svg/animations/animate-linear-discrete-additive-expected.svg svg/animations/animate-linear-discrete-additive.svg svg/animations/animate-list-crash.svg * svg/SVGAnimatedLengthList.cpp: (WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumberList.cpp: (WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue): * svg/SVGAnimatedPointList.cpp: (WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116449 2012-05-08 Timothy Hatcher <timothy@apple.com> Fix the SOFT_LINK_STAGED_FRAMEWORK_OPTIONAL macro so it passes the full path to dlopen. dyld only considers libraries in the versioned framework path if their install name matches the library that it is attempting to load. The path we were passing to dlopen lacked the Versions/A component of the path so dyld did not recognize that we wanted it to use the staged version if it is newer. <rdar://problem/11406517> Reviewed by Mark Rowe. * platform/mac/SoftLinking.h: Have SOFT_LINK_STAGED_FRAMEWORK_OPTIONAL take the framework version as an argument and use it when constructing the path to dlopen. 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116427 2012-05-08 Stephen Chenney <schenney@chromium.org> Shrink ElementAttributeData by factoring out Attr object count. https://bugs.webkit.org/show_bug.cgi?id=85825 Unreviewed build fix. * dom/ElementAttributeData.cpp: (WebCore::attrListForElement): Was returning false instead of 0 for a pointer value. Now returns 0. 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116419 2012-05-08 Andreas Kling <kling@webkit.org> Shrink ElementAttributeData by factoring out Attr object count. <http://webkit.org/b/85825> Reviewed by Antti Koivisto. Stop tracking the number of Attr objects that point to a given Element on the Element itself and manage this by having a global hashmap of Element => AttrList, where AttrList is a vector of (pointers to) the associated Attr objects. This shrinks ElementAttributeData by one integer, effectively reducing memory consumption by ~530kB when viewing the full HTML5 spec at <http://whatwg.org/c>. * dom/ElementAttributeData.h: (ElementAttributeData): Remove m_attrCount... * dom/Node.h: (WebCore::Node::hasAttrList): (WebCore::Node::setHasAttrList): (WebCore::Node::clearHasAttrList): ...replacing it with a Node flag that tells us whether there's an Attr object map for this Node (only applies to Elements.) * dom/ElementAttributeData.cpp: (WebCore::attrListMap): (WebCore::attrListForElement): (WebCore::ensureAttrListForElement): (WebCore::removeAttrListForElement): (WebCore::ElementAttributeData::attrIfExists): (WebCore::ElementAttributeData::ensureAttr): (WebCore::ElementAttributeData::setAttr): (WebCore::ElementAttributeData::removeAttr): (WebCore::ElementAttributeData::detachAttributesFromElement): Map Element => per-Element AttrList in a global hash. 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116395 2012-05-07 Simon Fraser <simon.fraser@apple.com> Compositing layers with transformed children not large enough to show contents https://bugs.webkit.org/show_bug.cgi?id=85855 Reviewed by Dan Bernstein. r114518 added a code path to RenderLayer::calculateLayerBounds() which does an early return if the layer has clipping. However, this code path omitted to take local transforms into account. Fix is to handle transforms as we do in the non-clipped case. Test: compositing/geometry/bounds-clipped-composited-child.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::calculateLayerBounds): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116368 2012-05-07 Enrica Casucci <enrica@apple.com> REGRESSION (r101575): Chinese input is broken when composing mail in iCloud using Safari. https://bugs.webkit.org/show_bug.cgi?id=85840 <rdar://problem/11115520> Reviewed by Alexey Proskuryakov. The revision that broke this, introduced a way to sanitize the markup when deleting a range selection. iCloud listens for DOM modification events and clears the selection, altering the input method state. The fix consists in adding a paramenter to DeleteSelectionCommand to control when we sanitize the markup. * editing/CompositeEditCommand.cpp: (WebCore::CompositeEditCommand::deleteSelection): * editing/CompositeEditCommand.h: * editing/DeleteSelectionCommand.cpp: (WebCore::DeleteSelectionCommand::DeleteSelectionCommand): (WebCore::DeleteSelectionCommand::doApply): * editing/DeleteSelectionCommand.h: (WebCore::DeleteSelectionCommand::create): * editing/InsertTextCommand.cpp: (WebCore::InsertTextCommand::doApply): 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116367 2012-05-07 Andy Estes <aestes@apple.com> ENABLE_IFRAME_SEAMLESS should be part of FEATURE_DEFINES. * Configurations/FeatureDefines.xcconfig: 2012-05-15 Lucas Forschler <lforschler@apple.com> Merge 116356 2012-05-07 Eric Seidel <eric@webkit.org> Add ENABLE_IFRAME_SEAMLESS so Apple can turn off SEAMLESS if needed https://bugs.webkit.org/show_bug.cgi?id=85822 Reviewed by Adam Barth. * Configurations/FeatureDefines.xcconfig: * dom/Document.cpp: (WebCore::Document::shouldDisplaySeamlesslyWithParent): 2012-05-04 Ilya Tikhonovsky <loislo@chromium.org> Web Inspector: annotate ProfilerAgent. https://bugs.webkit.org/show_bug.cgi?id=85630 Reviewed by Pavel Feldman. * inspector/Inspector.json: * inspector/InspectorProfilerAgent.cpp: (WebCore::InspectorProfilerAgent::createProfileHeader): (WebCore::InspectorProfilerAgent::createSnapshotHeader): (WebCore::InspectorProfilerAgent::getProfileHeaders): (WebCore): (WebCore::InspectorProfilerAgent::getProfile): * inspector/InspectorProfilerAgent.h: (InspectorProfilerAgent): * inspector/front-end/CSSSelectorProfileView.js: * inspector/front-end/HeapSnapshotView.js: (WebInspector.HeapSnapshotProfileType.prototype.createProfile): * inspector/front-end/ProfileView.js: * inspector/front-end/ProfilesPanel.js: (WebInspector.ProfilesPanel.prototype.addProfileHeader): (WebInspector.ProfilesPanel.prototype._addHeapSnapshotChunk): (WebInspector.ProfilerDispatcher.prototype.resetProfiles): 2012-05-04 Gustavo Noronha Silva <gns@gnome.org> [GTK] Simplify how libWebCoreModules is linked in, and fix WebKit2 build https://bugs.webkit.org/show_bug.cgi?id=85691 * GNUmakefile.am: link libWebCoreModules into libWebCore. 2012-05-04 Kent Tamura <tkent@chromium.org> Rename ICULocale to LocaleICU, part 1 https://bugs.webkit.org/show_bug.cgi?id=85688 Reviewed by Kentaro Hara. Rename it for consistency. Our convention is Foo<Platform>.{cpp,h}. This patch changes only file names. We'll rename ICULocale class by a following patch. No behavior changes. * WebCore.gypi: * platform/text/LocaleICU.cpp: Renamed from Source/WebCore/platform/text/ICULocale.cpp. * platform/text/LocaleICU.h: Renamed from Source/WebCore/platform/text/ICULocale.h. * platform/text/LocalizedDateICU.cpp: Rename ICULocale.h to LocaleICU.h. * platform/text/LocalizedNumberICU.cpp: ditto. 2012-05-04 Julien Chaffraix <jchaffraix@webkit.org> Leaf non self-painting layers should bail out early in RenderLayer::paintLayer https://bugs.webkit.org/show_bug.cgi?id=85678 Reviewed by Darin Adler. Performance optimization, no expected change in behavior. The gist of the change is that leaf non self-painting layers don't need to be painted as their associated RenderBoxModelObject should properly paint itself without any help. For RenderLayer trees that have a large number of leafs nodes (like a table with a leaf RenderLayer for each cells), not bailing out is a big overhead as it ends up doing a lot of computation for no real painting. See http://dglazkov.github.com/performance-tests/biggrid.html for a benchmark for that. On my machine, it reduces the paint time when scrolling to 70ms from 120ms (45% speedup). * rendering/RenderLayer.cpp: (WebCore::RenderLayer::paintLayer): 2012-05-04 Rob Buis <rbuis@rim.com> Remove InlineBox::next() https://bugs.webkit.org/show_bug.cgi?id=85668 Reviewed by Nikolas Zimmermann. InlineBox::next() not needed since nextOnLine() does the same. * rendering/InlineBox.h: (InlineBox): * rendering/InlineFlowBox.h: (WebCore::InlineFlowBox::setConstructed): 2012-05-04 Chris Rogers <crogers@google.com> Oscillator must implement noteOn() and noteOff() https://bugs.webkit.org/show_bug.cgi?id=85236 Reviewed by Kenneth Russell. Test: webaudio/oscillator-scheduling.html to be landed separately to get proper platform baselines * Modules/webaudio/AudioBufferSourceNode.cpp: (WebCore::AudioBufferSourceNode::process): Simplify/remove zeroing-out silence at end of buffer, since it's now handled in the base-class AudioScheduledSourceNode::updateSchedulingInfo(). * Modules/webaudio/AudioContext.cpp: (WebCore::AudioContext::createBufferSource): Improve comment about ownership and dynamic-lifetime of AudioBufferSourceNode. (WebCore::AudioContext::createOscillator): AudioContext keeps a reference to the Oscillator and that reference is released in AudioScheduledSourceNode, when it has finished playing. * Modules/webaudio/AudioScheduledSourceNode.h: * Modules/webaudio/AudioScheduledSourceNode.cpp: (WebCore::AudioScheduledSourceNode::updateSchedulingInfo): updateSchedulingInfo() is now responsible for zeroing out the very start (before a note starts) and the very end (after note ends) of the output AudioBus. We've also simplified the number of arguments passed to this method, because of this. It now handles playbackState transition to FINISHED_STATE. * Modules/webaudio/Oscillator.cpp: (WebCore::Oscillator::Oscillator): (WebCore::Oscillator::calculateSampleAccuratePhaseIncrements): The frequency value needs to snap immediately to its correct value the very first time. This bug needs to be fixed here so that the Oscillator layout scheduling test works correctly. (WebCore::Oscillator::process): Since Oscillator in now changing to be a AudioScheduledSourceNode, we need to call AudioScheduledSourceNode::updateSchedulingInfo() to handle playbackState for us. (WebCore::Oscillator::propagatesSilence): Add scheduling logic for propagatesSilence(). (Oscillator): * Modules/webaudio/Oscillator.idl: Add noteOn(), noteOff() methods and playbackState according to specification. 2012-05-04 Andy Estes <aestes@apple.com> Remove uses of ASSERT(false) https://bugs.webkit.org/show_bug.cgi?id=85686 Reviewed by Dean Jackson. Replace uses of ASSERT(false) with ASSERT_NOT_REACHED(). Also, in two places, there was code structured like: if (expr) { // do something } else { ASSERT(false); } Replace this with: ASSERT(expr); if (!expr) return; // do something * Modules/webdatabase/DatabaseTracker.cpp: (WebCore::DatabaseTracker::deleteOrigin): (WebCore::DatabaseTracker::doneCreatingDatabase): (WebCore::DatabaseTracker::doneDeletingDatabase): (WebCore::DatabaseTracker::deleteDatabase): * bridge/objc/objc_instance.mm: (ObjcInstance::invokeObjcMethod): * bridge/objc/objc_utility.mm: (JSC::Bindings::convertObjcValueToValue): (JSC::Bindings::objcValueTypeForType): * dom/Node.cpp: (WebCore::Node::createRenderer): * loader/icon/IconDatabase.cpp: (WebCore::IconDatabase::setIconURLForPageURLInSQLDatabase): (WebCore::IconDatabase::setIconIDForPageURLInSQLDatabase): * platform/graphics/GraphicsContext3D.cpp: (WebCore::doPacking): * platform/text/BidiResolver.h: (WebCore::::createBidiRunsForLine): 2012-05-04 Noel Gordon <noel.gordon@gmail.com> [CG] Minor refactor of ImageBuffer::CGImageToDataURL and its callers https://bugs.webkit.org/show_bug.cgi?id=85280 Reviewed by Kenneth Russell. This patch means to simplify the diff of an upcoming patch. Refactoring here in preparation for that patch. No new tests. No behavioral change. Covered by canvas 2d and 3d tests: canvas/philip/tests/*toDataURL*.html fast/canvas/webgl/premultiplyalpha-test.html * platform/graphics/cg/ImageBufferCG.cpp: (WebCore::CGImageToDataURL): Move the invalid image (!image) test here. The comments are about JPEG images; say that. Rename out to base64Data. (WebCore::ImageBuffer::toDataURL): Remove the !image test. (WebCore::ImageDataToDataURL): Move and define variables where used and make the code flow read similarly to toDataURL. Remove the !image test. 2012-05-04 Shawn Singh <shawnsingh@chromium.org> [chromium] Changes to layer tree structure need to be tracked properly https://bugs.webkit.org/show_bug.cgi?id=85421 Reviewed by Adrienne Walker. Unit test added: TreeSynchronizerTest.syncSimpleTreeAndTrackStackingOrderChange Earlier, we were relying on WebCore behavior that always called setNeedsDisplay whenever the layer tree structure changed. However, in general it is more correct to consider layer tree changes even when things don't need repainting; for example Aura code is encountring this bug now. This patch corrects the compositor so that layer tree structural changes are considered property changes, without requiring that layers needed to be repainted. * platform/graphics/chromium/LayerChromium.cpp: (WebCore::LayerChromium::LayerChromium): (WebCore::LayerChromium::insertChild): (WebCore::LayerChromium::pushPropertiesTo): * platform/graphics/chromium/LayerChromium.h: (LayerChromium): * platform/graphics/chromium/cc/CCLayerImpl.cpp: (WebCore::CCLayerImpl::setStackingOrderChanged): (WebCore): * platform/graphics/chromium/cc/CCLayerImpl.h: (CCLayerImpl): 2012-05-04 Jeffrey Pfau <jpfau@apple.com> Unreviewed; build fix after r116191. * bindings/js/JSEventListener.h: 2012-05-04 Enrica Casucci <enrica@apple.com> REGRESSION: Cursor jumps to the first line after deleting the last word. https://bugs.webkit.org/show_bug.cgi?id=85334 <rdar://problem/11210059> Reviewed by Ryosuke Niwa. This regression was introduced with the work to remove redundant divs. When we decide to remove a DIV, we need to adjust the selection, if it is expressed in terms of the node being removed. The new position was computed using updatePositionForNodeRemoval that was not designed for the case where we remove preserving children. This patch adds a new method to CompositeEditCommand to do this properly. Test: editing/deleting/delete-word-from-unstyled-div.html * editing/CompositeEditCommand.cpp: (WebCore::CompositeEditCommand::isRemovableBlock): Code clenup. (WebCore::CompositeEditCommand::updatePositionForNodeRemovalPreservingChildren): Added. * editing/CompositeEditCommand.h: * editing/DeleteSelectionCommand.cpp: (WebCore::DeleteSelectionCommand::removeRedundantBlocks): Uses updatePositionForNodeRemovalPreservingChildren. 2012-05-04 Jeffrey Pfau <jpfau@apple.com> Prevent early EventListener deletion https://bugs.webkit.org/show_bug.cgi?id=73970 Reviewed by Oliver Hunt. Test: fast/events/attribute-listener-deletion-crash.html * bindings/js/JSEventListener.h: (WebCore::JSEventListener::jsFunction): 2012-05-04 Yongjun Zhang <yongjun_zhang@apple.com> Add "combining short stroke overlay character (u0335)" to lookalike characters blacklist. https://bugs.webkit.org/show_bug.cgi?id=85440 Reviewed by David Kilzer. We should add u0335 to the characters blacklist. * platform/mac/WebCoreNSURLExtras.mm: (WebCore::isLookalikeCharacter): 2012-05-04 Satoru Takabayashi <satorux@chromium.org> [chromium] Add plumbing for file display names for drag and drop https://bugs.webkit.org/show_bug.cgi?id=85673 Reviewed by Darin Fisher. No new tests: this change itself shouldn't change existing behavior. * platform/chromium/ChromiumDataObject.cpp: (WebCore::ChromiumDataObject::addFilename): * platform/chromium/ChromiumDataObject.h: (ChromiumDataObject): 2012-05-04 Levi Weintraub <leviw@chromium.org> Correct pixel snapping in RenderSVGRoot::paintReplaced https://bugs.webkit.org/show_bug.cgi?id=85671 Reviewed by Eric Seidel. SVG root elements are still painted on pixel boundaries, so their children should apply transforms based on their actual painted location, not their sub-pixel one. This corrects a clipping and painting issue where these sub-pixel units are incorrectly applied to the graphics context. Covered by existing tests when sub-pixel layout is enabled. * rendering/svg/RenderSVGRoot.cpp: (WebCore::RenderSVGRoot::paintReplaced): 2012-05-04 Adam Barth <abarth@webkit.org> Refactor CSP state to prepare for having both a ReportOnly and an Enforced policy https://bugs.webkit.org/show_bug.cgi?id=85662 Reviewed by Eric Seidel. This patch refactors the ContentSecurityPolicy state into a separate DirectiveList class to prepare for https://bugs.webkit.org/show_bug.cgi?id=85561, which will cause us to need two directive lists: one for enforcement and one for monitoring. This patch shouldn't cause any change in behavior. * page/ContentSecurityPolicy.cpp: (CSPDirectiveList): (WebCore::CSPDirectiveList::header): (WebCore::CSPDirectiveList::headerType): (WebCore::CSPDirectiveList::denyIfEnforcingPolicy): (WebCore): (WebCore::CSPDirectiveList::CSPDirectiveList): (WebCore::CSPDirectiveList::create): (WebCore::CSPDirectiveList::reportViolation): (WebCore::CSPDirectiveList::logUnrecognizedDirective): (WebCore::CSPDirectiveList::checkEval): (WebCore::CSPDirectiveList::operativeDirective): (WebCore::CSPDirectiveList::checkInlineAndReportViolation): (WebCore::CSPDirectiveList::checkEvalAndReportViolation): (WebCore::CSPDirectiveList::checkSourceAndReportViolation): (WebCore::CSPDirectiveList::allowJavaScriptURLs): (WebCore::CSPDirectiveList::allowInlineEventHandlers): (WebCore::CSPDirectiveList::allowInlineScript): (WebCore::CSPDirectiveList::allowInlineStyle): (WebCore::CSPDirectiveList::allowEval): (WebCore::CSPDirectiveList::allowScriptFromSource): (WebCore::CSPDirectiveList::allowObjectFromSource): (WebCore::CSPDirectiveList::allowChildFrameFromSource): (WebCore::CSPDirectiveList::allowImageFromSource): (WebCore::CSPDirectiveList::allowStyleFromSource): (WebCore::CSPDirectiveList::allowFontFromSource): (WebCore::CSPDirectiveList::allowMediaFromSource): (WebCore::CSPDirectiveList::allowConnectFromSource): (WebCore::CSPDirectiveList::parse): (WebCore::CSPDirectiveList::parseDirective): (WebCore::CSPDirectiveList::parseReportURI): (WebCore::CSPDirectiveList::createCSPDirective): (WebCore::CSPDirectiveList::applySandboxPolicy): (WebCore::CSPDirectiveList::addDirective): (WebCore::ContentSecurityPolicy::ContentSecurityPolicy): (WebCore::ContentSecurityPolicy::~ContentSecurityPolicy): (WebCore::ContentSecurityPolicy::copyStateFrom): (WebCore::ContentSecurityPolicy::didReceiveHeader): (WebCore::ContentSecurityPolicy::setOverrideAllowInlineStyle): (WebCore::ContentSecurityPolicy::header): (WebCore::ContentSecurityPolicy::headerType): (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): (WebCore::ContentSecurityPolicy::allowInlineScript): (WebCore::ContentSecurityPolicy::allowInlineStyle): (WebCore::ContentSecurityPolicy::allowEval): (WebCore::ContentSecurityPolicy::allowScriptFromSource): (WebCore::ContentSecurityPolicy::allowObjectFromSource): (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): (WebCore::ContentSecurityPolicy::allowImageFromSource): (WebCore::ContentSecurityPolicy::allowStyleFromSource): (WebCore::ContentSecurityPolicy::allowFontFromSource): (WebCore::ContentSecurityPolicy::allowMediaFromSource): (WebCore::ContentSecurityPolicy::allowConnectFromSource): * page/ContentSecurityPolicy.h: (WebCore): * workers/WorkerMessagingProxy.cpp: (WebCore::WorkerMessagingProxy::startWorkerContext): 2012-05-04 Abhishek Arya <inferno@chromium.org> ASSERT(beforeChildAnonymousContainer->isTable()); fails in RenderBlock::addChildIgnoringAnonymousColumnBlocks. https://bugs.webkit.org/show_bug.cgi?id=84606 Reviewed by Julien Chaffraix. RenderBlock::removeChild forgot to set display on the anonymous block, causing it to display as INLINE. To prevent this kind of failure in future, we replace createAnonymousStyle with createAnonymousStyleWithDisplay to make everyone explictly pass display as the argument. Test: fast/block/block-add-child-crash.html * rendering/RenderBlock.cpp: (WebCore::RenderBlock::removeChild): (WebCore::RenderBlock::createAnonymousWithParentRendererAndDisplay): (WebCore::RenderBlock::createAnonymousColumnsWithParentRenderer): (WebCore::RenderBlock::createAnonymousColumnSpanWithParentRenderer): * rendering/RenderInline.cpp: (WebCore::updateStyleOfAnonymousBlockContinuations): (WebCore::RenderInline::addChildIgnoringContinuation): * rendering/RenderObject.cpp: (WebCore::RenderObject::propagateStyleToAnonymousChildren): * rendering/RenderRuby.cpp: (WebCore::createAnonymousRubyInlineBlock): * rendering/RenderRubyRun.cpp: (WebCore::RenderRubyRun::createRubyBase): (WebCore::RenderRubyRun::staticCreateRubyRun): * rendering/RenderTable.cpp: (WebCore::RenderTable::createAnonymousWithParentRenderer): * rendering/RenderTableCell.cpp: (WebCore::RenderTableCell::createAnonymousWithParentRenderer): * rendering/RenderTableRow.cpp: (WebCore::RenderTableRow::createAnonymousWithParentRenderer): * rendering/RenderTableSection.cpp: (WebCore::RenderTableSection::createAnonymousWithParentRenderer): * rendering/mathml/RenderMathMLBlock.cpp: (WebCore::RenderMathMLBlock::createAlmostAnonymousBlock): * rendering/mathml/RenderMathMLRow.cpp: (WebCore::RenderMathMLRow::createAnonymousWithParentRenderer): * rendering/mathml/RenderMathMLSubSup.cpp: (WebCore::RenderMathMLSubSup::addChild): * rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::createAnonymousStyleWithDisplay): * rendering/style/RenderStyle.h: 2012-04-27 Erik Arvidsson <arv@chromium.org> WebKit IDL does not use exception syntax https://bugs.webkit.org/show_bug.cgi?id=85100 Reviewed by Dimitri Glazkov. This adds support for exception ExceptionName { ... } which currently sets a flag on the domClass. Binding tests updated. * Modules/indexeddb/IDBDatabaseException.idl: * Modules/webdatabase/SQLException.idl: * bindings/scripts/IDLParser.pm: (ParseInterface): (DetermineParseMode): (ProcessSection): * bindings/scripts/IDLStructure.pm: * bindings/scripts/test/CPP/WebDOMTestException.cpp: Added. (WebDOMTestException::WebDOMTestExceptionPrivate::WebDOMTestExceptionPrivate): (WebDOMTestException::WebDOMTestExceptionPrivate): (WebDOMTestException::WebDOMTestException): (WebDOMTestException::operator=): (WebDOMTestException::impl): (WebDOMTestException::~WebDOMTestException): (WebDOMTestException::name): (toWebCore): (toWebKit): * bindings/scripts/test/CPP/WebDOMTestException.h: Added. (WebCore): (WebDOMTestException): * bindings/scripts/test/GObject/WebKitDOMTestException.cpp: Added. (WebKit): (WebKit::kit): (WebKit::core): (WebKit::wrapTestException): (webkit_dom_test_exception_finalize): (webkit_dom_test_exception_set_property): (webkit_dom_test_exception_get_property): (webkit_dom_test_exception_constructed): (webkit_dom_test_exception_class_init): (webkit_dom_test_exception_init): (webkit_dom_test_exception_get_name): * bindings/scripts/test/GObject/WebKitDOMTestException.h: Added. (_WebKitDOMTestException): (_WebKitDOMTestExceptionClass): * bindings/scripts/test/GObject/WebKitDOMTestExceptionPrivate.h: Added. (WebKit): * bindings/scripts/test/JS/JSTestException.cpp: Added. (WebCore): (WebCore::JSTestExceptionConstructor::JSTestExceptionConstructor): (WebCore::JSTestExceptionConstructor::finishCreation): (WebCore::JSTestExceptionConstructor::getOwnPropertySlot): (WebCore::JSTestExceptionConstructor::getOwnPropertyDescriptor): (WebCore::JSTestExceptionPrototype::self): (WebCore::JSTestException::JSTestException): (WebCore::JSTestException::finishCreation): (WebCore::JSTestException::createPrototype): (WebCore::JSTestException::destroy): (WebCore::JSTestException::~JSTestException): (WebCore::JSTestException::getOwnPropertySlot): (WebCore::JSTestException::getOwnPropertyDescriptor): (WebCore::jsTestExceptionName): (WebCore::jsTestExceptionConstructor): (WebCore::JSTestException::getConstructor): (WebCore::isObservable): (WebCore::JSTestExceptionOwner::isReachableFromOpaqueRoots): (WebCore::JSTestExceptionOwner::finalize): (WebCore::toJS): (WebCore::toTestException): * bindings/scripts/test/JS/JSTestException.h: Added. (WebCore): (JSTestException): (WebCore::JSTestException::create): (WebCore::JSTestException::createStructure): (WebCore::JSTestException::impl): (WebCore::JSTestException::releaseImpl): (WebCore::JSTestException::releaseImplIfNotNull): (JSTestExceptionOwner): (WebCore::wrapperOwner): (WebCore::wrapperContext): (JSTestExceptionPrototype): (WebCore::JSTestExceptionPrototype::create): (WebCore::JSTestExceptionPrototype::createStructure): (WebCore::JSTestExceptionPrototype::JSTestExceptionPrototype): (JSTestExceptionConstructor): (WebCore::JSTestExceptionConstructor::create): (WebCore::JSTestExceptionConstructor::createStructure): * bindings/scripts/test/ObjC/DOMTestException.h: Added. * bindings/scripts/test/ObjC/DOMTestException.mm: Added. (-[DOMTestException dealloc]): (-[DOMTestException finalize]): (-[DOMTestException name]): (core): (kit): * bindings/scripts/test/ObjC/DOMTestExceptionInternal.h: Added. (WebCore): * bindings/scripts/test/TestException.idl: Copied from Source/WebCore/xml/XPathException.idl. * bindings/scripts/test/V8/V8TestException.cpp: Added. (WebCore): (TestExceptionV8Internal): (WebCore::TestExceptionV8Internal::V8_USE): (WebCore::TestExceptionV8Internal::nameAttrGetter): (WebCore::ConfigureV8TestExceptionTemplate): (WebCore::V8TestException::GetRawTemplate): (WebCore::V8TestException::GetTemplate): (WebCore::V8TestException::HasInstance): (WebCore::V8TestException::wrapSlow): (WebCore::V8TestException::derefObject): * bindings/scripts/test/V8/V8TestException.h: Added. (WebCore): (V8TestException): (WebCore::V8TestException::toNative): (WebCore::V8TestException::wrap): (WebCore::toV8): * dom/DOMCoreException.idl: * dom/EventException.idl: * dom/RangeException.idl: * fileapi/FileException.idl: * fileapi/OperationNotAllowedException.idl: * svg/SVGException.idl: * xml/XMLHttpRequestException.idl: * xml/XPathException.idl: 2012-05-04 Rafael Weinstein <rafaelw@chromium.org> V8RecursionScope not declared in V8Proxy::newInstance which causes ASSERT() failure from NPAPI https://bugs.webkit.org/show_bug.cgi?id=85659 Reviewed by Ojan Vafai. Added a stack-allocted V8RecursionScope to the newInstance call. No new tests. No change in observable behavior. * bindings/v8/V8Proxy.cpp: (WebCore::V8Proxy::newInstance): 2012-05-04 Joshua Bell <jsbell@chromium.org> IndexedDB: Remove all index metadata records when deleting an index https://bugs.webkit.org/show_bug.cgi?id=85557 Reviewed by Tony Chang. An assert is hit when re-loading database from backing store due to stale index metadata entry. Do a range delete to clear all metadata entries when deleting an index. Define metadata entries as enum and limits as consts instead of hardcoded ints. No new tests - issue does not repro as layout test. Will land test in Chromium. * Modules/indexeddb/IDBLevelDBBackingStore.cpp: (WebCore::getBool): Helper functions; replaces pattern of putInt()/read only lead byte. (WebCore): (WebCore::putBool): (WebCore::IDBLevelDBBackingStore::getObjectStores): Skip stale data. Use enums, helpers. (WebCore::IDBLevelDBBackingStore::createObjectStore): Use enums. (WebCore::IDBLevelDBBackingStore::deleteObjectStore): Use enums. (WebCore::getNewVersionNumber): Use enums. (WebCore::IDBLevelDBBackingStore::getIndexes): Skip stale data. Use enums, helpers. (WebCore::getNewIndexId): Use enums. (WebCore::IDBLevelDBBackingStore::createIndex): Use enums. (WebCore::IDBLevelDBBackingStore::deleteIndex): Delete metadata by range. * Modules/indexeddb/IDBLevelDBCoding.cpp: (IDBLevelDBCoding): Add constants for metadata maximum values. (WebCore::IDBLevelDBCoding::encodeBool): (WebCore::IDBLevelDBCoding::decodeBool): (WebCore::IDBLevelDBCoding::ObjectStoreMetaDataKey::encodeMaxKey): Use consts. (WebCore::IDBLevelDBCoding::IndexMetaDataKey::encodeMaxKey): Use consts. * Modules/indexeddb/IDBLevelDBCoding.h: (IDBLevelDBCoding): Expose enums for metadata types. 2012-05-04 Anders Carlsson <andersca@apple.com> Move markPagesForFullStyleRecalc to PageCache https://bugs.webkit.org/show_bug.cgi?id=85664 Reviewed by Dan Bernstein. Instead of going through all the history items in the back/forward list looking for cached pages, just iterate over the cached pages in the page. * history/BackForwardController.cpp: * history/BackForwardController.h: * history/HistoryItem.cpp: * history/HistoryItem.h: * history/PageCache.cpp: (WebCore::PageCache::markPagesForFullStyleRecalc): (WebCore): * history/PageCache.h: (PageCache): * page/Frame.cpp: (WebCore::Frame::setPageAndTextZoomFactors): * page/Page.cpp: (WebCore::Page::setDeviceScaleFactor): (WebCore::Page::setPagination): 2012-05-04 Tony Chang <tony@chromium.org> The computed style of flex-item-align should never be auto. https://bugs.webkit.org/show_bug.cgi?id=85656 Reviewed by Ojan Vafai. If the node lacks a parent and flex-item-align is auto, we should return stretch. This was recently clarified in the spec. New testcase in css3/flexbox/css-properties.html. * css/CSSComputedStyleDeclaration.cpp: (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue): 2012-05-04 Christophe Dumez <christophe.dumez@intel.com> [soup] URL of the ResourceResponse passed to willSendRequest is incorrect https://bugs.webkit.org/show_bug.cgi?id=85072 Reviewed by Gustavo Noronha Silva. Store the response message by catching the "got-headers" signal so that it can be passed later to willSendRequest() in case of redirection. This is required because the SoupMessage headers and URL have already been updated once restartedCallback() is called. * platform/network/soup/ResourceHandleSoup.cpp: (WebCore): (WebCore::gotHeadersCallback): (WebCore::restartedCallback): (WebCore::sendRequestCallback): (WebCore::startHTTPRequest): 2012-05-04 Ian Vollick <vollick@chromium.org> [chromium] CCProxy's shouldn't try to draw if there is no layer renderer https://bugs.webkit.org/show_bug.cgi?id=85218 Reviewed by Adrienne Walker. * platform/graphics/chromium/cc/CCThreadProxy.cpp: (WebCore::CCThreadProxy::scheduledActionDrawAndSwapInternal): 2012-05-04 Rob Buis <rbuis@rim.com> [BlackBerry] Rendering bmp file as text file when Content-Type:image/x-ms-bmp from apache web server. https://bugs.webkit.org/show_bug.cgi?id=85036 Reviewed by Antonio Gomes. Move getNormalizedMIMEType from WebKit into MIMETypeRegistry. This way we support uncommon mime types like image/pjpeg and image/x-ms-bmp out of the box since we map to the more common image/jpeg and image/bmp respectively. * platform/MIMETypeRegistry.cpp: (WebCore::initializeSupportedImageMIMETypes): (WebCore::MIMETypeRegistry::isSupportedImageMIMEType): (WebCore::MIMETypeRegistry::isSupportedImageResourceMIMEType): (WebCore): (WebCore::mimeTypeAssociationMap): (WebCore::MIMETypeRegistry::getNormalizedMIMEType): * platform/MIMETypeRegistry.h: (MIMETypeRegistry): 2012-05-04 Sami Kyostila <skyostil@chromium.org> [chromium] Revert compositor layer scrolling https://bugs.webkit.org/show_bug.cgi?id=85644 Reviewed by Steve Block. This patch reverts the following commits because they were found to trigger crashes. See discussion at http://code.google.com/p/chromium/issues/detail?id=124393. [chromium] Allow scrolling non-root layers in the compositor thread http://trac.webkit.org/changeset/114651 [chromium] Don't crash when scrolling empty layer tree http://trac.webkit.org/changeset/114761 [chromium] Don't keep pointers to released layer tree http://trac.webkit.org/changeset/115080 * platform/graphics/chromium/ContentLayerChromium.cpp: * platform/graphics/chromium/ContentLayerChromium.h: (ContentLayerChromium): * platform/graphics/chromium/GraphicsLayerChromium.h: (GraphicsLayerChromium): * platform/graphics/chromium/LayerChromium.cpp: (WebCore::LayerChromium::pushPropertiesTo): * platform/graphics/chromium/LayerChromium.h: (LayerChromium): * platform/graphics/chromium/cc/CCLayerImpl.cpp: * platform/graphics/chromium/cc/CCLayerImpl.h: * platform/graphics/chromium/cc/CCLayerTreeHost.cpp: (WebCore::CCLayerTreeHost::applyScrollAndScale): * platform/graphics/chromium/cc/CCLayerTreeHostCommon.h: (CCLayerTreeHostCommon): * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp: (WebCore::CCLayerTreeHostImpl::CCLayerTreeHostImpl): (WebCore::CCLayerTreeHostImpl::startPageScaleAnimation): (WebCore::CCLayerTreeHostImpl::calculateRenderSurfaceLayerList): (WebCore::CCLayerTreeHostImpl::contentSize): (WebCore::CCLayerTreeHostImpl::prepareToDraw): (WebCore::findScrollLayer): (WebCore::CCLayerTreeHostImpl::setRootLayer): (WebCore::CCLayerTreeHostImpl::setPageScaleFactorAndLimits): (WebCore): (WebCore::CCLayerTreeHostImpl::adjustScrollsForPageScaleChange): (WebCore::CCLayerTreeHostImpl::setPageScaleDelta): (WebCore::CCLayerTreeHostImpl::applyPageScaleDeltaToScrollLayer): (WebCore::CCLayerTreeHostImpl::updateMaxScrollPosition): (WebCore::CCLayerTreeHostImpl::scrollBegin): (WebCore::CCLayerTreeHostImpl::scrollBy): (WebCore::CCLayerTreeHostImpl::scrollEnd): (WebCore::CCLayerTreeHostImpl::pinchGestureUpdate): (WebCore::CCLayerTreeHostImpl::computePinchZoomDeltas): (WebCore::CCLayerTreeHostImpl::makeScrollAndScaleSet): (WebCore::CCLayerTreeHostImpl::processScrollDeltas): (WebCore::CCLayerTreeHostImpl::animatePageScale): * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h: (WebCore::CCLayerTreeHostImpl::releaseRootLayer): (WebCore::CCLayerTreeHostImpl::scrollLayer): (CCLayerTreeHostImpl): 2012-05-04 Ojan Vafai <ojan@chromium.org> Remove file that was deleted in http://trac.webkit.org/changeset/116085/. For some reason, this was breaking the chromium build (probably a gyp bug since chromium shouldn't be pulling in this file). * WebCore.gypi: 2012-05-04 Tony Chang <tony@chromium.org> fix bit packing in FillLayer on Windows https://bugs.webkit.org/show_bug.cgi?id=85636 Reviewed by Ryosuke Niwa. Use unsigned for all bit packed types. I manually verified that the current uses of these member variables always assign true or false. No new tests, adding a compile assert to verify bit packing. * rendering/style/FillLayer.cpp: (SameSizeAsFillLayer): Added compile assert. (WebCore): (WebCore::FillLayer::FillLayer): Reorder m_sizeLength so bit packed fields are adjacent. (WebCore::FillLayer::operator=): Ditto. * rendering/style/FillLayer.h: (FillLayer): Convert bools to unsigned to match other bit packed fields. 2012-05-04 Tommy Widenflycht <tommyw@google.com> MediaStream API: Make PeerConnection00's API fully compliant with the draft https://bugs.webkit.org/show_bug.cgi?id=85491 Reviewed by Adam Barth. Mainly making the relevant API's use objects (aka Dictionaries) instead of the temporary strings, but also making a few API's exception aware and changing the name of a flag. Test: fast/mediastream/peerconnection-iceoptions.html * Modules/mediastream/PeerConnection00.cpp: (WebCore::PeerConnection00::createMediaHints): (WebCore::PeerConnection00::createOffer): (WebCore): (WebCore::PeerConnection00::createAnswer): (WebCore::PeerConnection00::createIceOptions): (WebCore::PeerConnection00::createDefaultIceOptions): (WebCore::PeerConnection00::startIce): (WebCore::PeerConnection00::addStream): (WebCore::PeerConnection00::changeReadyState): * Modules/mediastream/PeerConnection00.h: (WebCore): (PeerConnection00): * Modules/mediastream/PeerConnection00.idl: * platform/mediastream/chromium/PeerConnection00HandlerInternal.cpp: (WebCore::PeerConnection00HandlerInternal::startIce): 2012-05-04 David Tseng <dtseng@google.com> Chromium should include MenuListPopups' and MenuListOptions' within the ax tree. https://bugs.webkit.org/show_bug.cgi?id=85541 Reviewed by Chris Fleizach. Covered by existing tests. LayoutTests/accessibility/menu-list-sends-change-notification.html * accessibility/AccessibilityMockObject.h: (WebCore::AccessibilityMockObject::accessibilityIsIgnored): * accessibility/chromium/AccessibilityObjectChromium.cpp: (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject): 2012-05-04 Levi Weintraub <leviw@chromium.org> Unreviewed. Fixing ChangeLog conflict markers after 116009. 2012-05-04 Dan Winship <danw@gnome.org> [GTK] ASSERTION FAILED: shouldLoadAsEmptyDocument(r.url()) || !defersLoading() in MainResourceLoader.cpp:382 Remove a soup_session_pause_message() call that got left behind, update the defersLoading stuff to handle this case. https://bugs.webkit.org/show_bug.cgi?id=85159 Reviewed by Martin Robinson. No new tests. Now passes loader/load-defer-resume-crash.html under debug build. * platform/network/soup/ResourceHandleSoup.cpp: (WebCore::sendRequestCallback): (WebCore::ResourceHandle::platformSetDefersLoading): 2012-05-03 Martin Robinson <mrobinson@igalia.com> [GTK] Rework IME handling to fix bugs and prepare for WebKit2 https://bugs.webkit.org/show_bug.cgi?id=84556 Reviewed by Gustavo Noronha Silva. No new tests. This change is already covered by a suite of keyboard handling unit tests in WebKitGTK+. There are some changes in behavior, but they are difficult to test without mocking out an entire GtkIMContext. Add a struct, CompositionResults, which is used by PlatformKeyboardEvent to package composition information with a keyboard event. Also add some logic to PlatformKeyboardEvent to give the right information when it has composition results. * GNUmakefile.list.am: Added new sources to the list. * platform/PlatformKeyboardEvent.h: Added a new CompositionResults member, getter, and argument to the constructor. * platform/gtk/CompositionResults.h: Added. * platform/gtk/GtkInputMethodFilter.cpp: Added. * platform/gtk/GtkInputMethodFilter.h: Added. * platform/gtk/PlatformKeyboardEventGtk.cpp: (WebCore::PlatformKeyboardEvent::windowsKeyCodeForGdkKeyCode): When the key value is void return the VK_PROCESS keycode, which is the keycode that web content expects with keystrokes that trigger composition events. (WebCore::eventTypeForGdkKeyEvent): Abstract out this helper. (WebCore::modifiersForGdkKeyEvent): Abstract out this helper. (WebCore::PlatformKeyboardEvent::PlatformKeyboardEvent): When a PlatformKeyEvent has composition results, use VK_PROCESS as the keycode for this event. (WebCore::PlatformKeyboardEvent::disambiguateKeyDownEvent): When this event is transformed into a Char event, the PlatformKeyboardEvent used for DOM keypress events, and it has composition results clear the text members. This forces the EventHandler code to drop the keypress event. Platform events that change the composition states do not have corresponding keypress DOM events (only keydown and keyup events), so this is necessary to ensure web compatibility. 2012-05-04 Jochen Eisinger <jochen@chromium.org> Correctly update the outgoing referrer when navigating back from an history item created by pushState/replaceState https://bugs.webkit.org/show_bug.cgi?id=85374 Reviewed by Nate Chapin. Test: http/tests/history/history-navigations-set-referrer.html * loader/FrameLoader.cpp: (WebCore::FrameLoader::loadInSameDocument): 2012-05-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com> [Qt] Clean up and split features.prf into a static list of defaults The static list of feature defaults is used as a fallback for any feature that's not dynamically detected or overriden on the command line (though build-webkit or passing DEFINES+= to qmake). The static list is complete, which allows for auto-generation based on Features.py (see bug https://bugs.webkit.org/show_bug.cgi?id=85456) https://bugs.webkit.org/show_bug.cgi?id=85611 Reviewed by Simon Hausmann. * Target.pri: 2012-05-04 Sheriff Bot <webkit.review.bot@gmail.com> Unreviewed, rolling out r116085, r116091, and r116095. http://trac.webkit.org/changeset/116085 http://trac.webkit.org/changeset/116091 http://trac.webkit.org/changeset/116095 https://bugs.webkit.org/show_bug.cgi?id=85628 We are not ready with dependencies on all platform yet (mac) + problems with debug builds. (Requested by Zoltan on #webkit). * Target.pri: * WebCore.pri: * platform/MIMETypeRegistry.cpp: (WebCore::initializeSupportedImageMIMETypes): (WebCore::initializeSupportedImageMIMETypesForEncoding): * platform/graphics/ImageSource.cpp: * platform/graphics/ImageSource.h: (WebCore): * platform/graphics/qt/ImageDecoderQt.cpp: (WebCore::ImageDecoder::create): (WebCore): (WebCore::ImageDecoderQt::filenameExtension): (WebCore::ImageDecoderQt::internalHandleCurrentImage): (WebCore::ImageDecoderQt::clearPointers): * platform/image-decoders/ImageDecoder.cpp: (WebCore::ImageDecoder::create): * platform/image-decoders/ImageDecoder.h: (WebCore::ImageFrame::getAddr): (ImageFrame): * platform/image-decoders/qt/ImageFrameQt.cpp: Added. (WebCore): (WebCore::ImageFrame::ImageFrame): (WebCore::ImageFrame::operator=): (WebCore::ImageFrame::clearPixelData): (WebCore::ImageFrame::zeroFillPixelData): (WebCore::ImageFrame::copyBitmapData): (WebCore::ImageFrame::setSize): (WebCore::ImageFrame::asNewNativeImage): (WebCore::ImageFrame::hasAlpha): (WebCore::ImageFrame::setHasAlpha): (WebCore::ImageFrame::setColorProfile): (WebCore::ImageFrame::setStatus): (WebCore::ImageFrame::setPixmap): (WebCore::ImageFrame::width): (WebCore::ImageFrame::height): 2012-05-04 Ilya Tikhonovsky <loislo@chromium.org> Web Inspector: eliminate temporaryProfile property from ProfilesPanel. https://bugs.webkit.org/show_bug.cgi?id=85623 We can run different profilers at the same time therefore we have to keep temorary profile per profiler type. Reviewed by Yury Semikhatsky. * inspector/front-end/CSSSelectorProfileView.js: (WebInspector.CSSSelectorProfileType.prototype.createView): (WebInspector.CSSSelectorProfileType.prototype.createTemporaryProfile): (WebInspector.CSSSelectorProfileType.prototype.createProfile): * inspector/front-end/HeapSnapshotView.js: (WebInspector.HeapSnapshotProfileType.prototype.createView): (WebInspector.HeapSnapshotProfileType.prototype.createTemporaryProfile): (WebInspector.HeapSnapshotProfileType.prototype.createProfile): * inspector/front-end/ProfileView.js: (WebInspector.CPUProfileType.prototype.startRecordingProfile): (WebInspector.CPUProfileType.prototype.createView): (WebInspector.CPUProfileType.prototype.createTemporaryProfile): (WebInspector.CPUProfileType.prototype.createProfile): * inspector/front-end/ProfilesPanel.js: (WebInspector.ProfileType.prototype.createSidebarTreeElementForProfile): (WebInspector.ProfileType.prototype.createTemporaryProfile): (WebInspector.ProfileType.prototype.createProfile): (WebInspector.ProfileHeader): (WebInspector.HeapProfileHeader): (WebInspector.ProfilesPanel.prototype.addProfileHeader): (WebInspector.ProfilesPanel.prototype.findTemporaryProfile): (WebInspector.ProfilesPanel.prototype._removeTemporaryProfile): (WebInspector.ProfilesPanel.prototype._populateProfiles.populateCallback.var): (WebInspector.ProfilesPanel.prototype._populateProfiles.populateCallback): (WebInspector.ProfilesPanel.prototype._populateProfiles): (WebInspector.ProfilesPanel.prototype.setRecordingProfile): (WebInspector.ProfilesPanel.prototype.takeHeapSnapshot): (WebInspector.ProfilesPanel.prototype._reportHeapSnapshotProgress): (WebInspector.ProfilerDispatcher.prototype.addProfileHeader): 2012-05-04 Ilya Tikhonovsky <loislo@chromium.org> Web Inspector: [chromium] ScriptGCEvent should not be static. https://bugs.webkit.org/show_bug.cgi?id=80788 The static members of ScriptGCEvent were moved into per isolate data structure. Drive by fix: Sometimes the used heap size after a GC is slightly more than it was before. Reviewed by Yury Semikhatsky. * bindings/v8/ScriptGCEvent.cpp: (WebCore::ScriptGCEvent::gcPrologueCallback): (WebCore::ScriptGCEvent::gcEpilogueCallback): * bindings/v8/V8Binding.h: (WebCore::GCEventData::GCEventData): (WebCore::GCEventData::clear): (GCEventData): (WebCore): (WebCore::V8BindingPerIsolateData::gcEventData): (V8BindingPerIsolateData): 2012-05-04 Kent Hansen <kent.hansen@nokia.com> [Qt] Update Qt bridge after changes to QMetaMethod https://bugs.webkit.org/show_bug.cgi?id=85478 Reviewed by Tor Arne Vestbø. QMetaMethod::signature() has been renamed to methodSignature() and returns a QByteArray. The new function QMetaMethod::name() gives direct access to a method's name. returnType(), parameterCount(), and parameterType() give direct access to type information. Ported the custom QtConnectionObject meta-object to revision 7; revision 6 and below aren't supported (and don't compile) with Qt5. * Target.pri: * bridge/qt/qt_class.cpp: (JSC::Bindings::QtClass::fallbackObject): * bridge/qt/qt_instance.cpp: (JSC::Bindings::QtInstance::getPropertyNames): * bridge/qt/qt_runtime.cpp: (JSC::Bindings::findMethodIndex): (Bindings): (qt_meta_stringdata_QtConnectionObject_t): (JSC::Bindings::QtConnectionObject::qt_static_metacall): (JSC::Bindings::QtConnectionObject::qt_metacast): (JSC::Bindings::QtConnectionObject::qt_metacall): (JSC::Bindings::QtConnectionObject::execute): * bridge/qt/qt_runtime.h: (QtConnectionObject): * bridge/qt/qt_runtime_qt4.cpp: Copied from Source/WebCore/bridge/qt/qt_runtime.cpp. (Bindings): (QWKNoDebug): (JSC::Bindings::QWKNoDebug::QWKNoDebug): (JSC::Bindings::QWKNoDebug::~QWKNoDebug): (JSC::Bindings::QWKNoDebug::operator<<): (JSC::Bindings::operator<<): (RuntimeConversion): (JSC::Bindings::registerCustomType): (JSC::Bindings::isJSUint8ClampedArray): (JSC::Bindings::valueRealType): (JSC::Bindings::convertValueToQVariantMap): (JSC::Bindings::convertValueToQVariant): (JSC::Bindings::convertQVariantToValue): (JSC::Bindings::QtRuntimeMethod::QtRuntimeMethod): (JSC::Bindings::QtRuntimeMethod::finishCreation): (JSC::Bindings::QtRuntimeMethod::~QtRuntimeMethod): (JSC::Bindings::QtRuntimeMethod::destroy): (JSC::Bindings::QtRuntimeMethodData::~QtRuntimeMethodData): (JSC::Bindings::QtRuntimeMethodData::finalize): (JSC::Bindings::QtRuntimeMetaMethodData::~QtRuntimeMetaMethodData): (JSC::Bindings::QtRuntimeConnectionMethodData::~QtRuntimeConnectionMethodData): (QtMethodMatchType): (JSC::Bindings::QtMethodMatchType::QtMethodMatchType): (JSC::Bindings::QtMethodMatchType::kind): (JSC::Bindings::QtMethodMatchType::isValid): (JSC::Bindings::QtMethodMatchType::isVariant): (JSC::Bindings::QtMethodMatchType::isMetaType): (JSC::Bindings::QtMethodMatchType::isUnresolved): (JSC::Bindings::QtMethodMatchType::isMetaEnum): (JSC::Bindings::QtMethodMatchType::enumeratorIndex): (JSC::Bindings::QtMethodMatchType::variant): (JSC::Bindings::QtMethodMatchType::metaType): (JSC::Bindings::QtMethodMatchType::metaEnum): (JSC::Bindings::QtMethodMatchType::unresolved): (JSC::Bindings::QtMethodMatchType::typeId): (JSC::Bindings::QtMethodMatchType::name): (QtMethodMatchData): (JSC::Bindings::QtMethodMatchData::QtMethodMatchData): (JSC::Bindings::QtMethodMatchData::isValid): (JSC::Bindings::QtMethodMatchData::firstUnresolvedIndex): (JSC::Bindings::indexOfMetaEnum): (JSC::Bindings::findMethodIndex): (JSC::Bindings::findSignalIndex): (JSC::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod): (JSC::Bindings::QtRuntimeMetaMethod::finishCreation): (JSC::Bindings::QtRuntimeMetaMethod::visitChildren): (JSC::Bindings::QtRuntimeMetaMethod::call): (JSC::Bindings::QtRuntimeMetaMethod::getCallData): (JSC::Bindings::QtRuntimeMetaMethod::getOwnPropertySlot): (JSC::Bindings::QtRuntimeMetaMethod::getOwnPropertyDescriptor): (JSC::Bindings::QtRuntimeMetaMethod::getOwnPropertyNames): (JSC::Bindings::QtRuntimeMetaMethod::lengthGetter): (JSC::Bindings::QtRuntimeMetaMethod::connectGetter): (JSC::Bindings::QtRuntimeMetaMethod::disconnectGetter): (JSC::Bindings::QtRuntimeConnectionMethod::QtRuntimeConnectionMethod): (JSC::Bindings::QtRuntimeConnectionMethod::finishCreation): (JSC::Bindings::QtRuntimeConnectionMethod::call): (JSC::Bindings::QtRuntimeConnectionMethod::getCallData): (JSC::Bindings::QtRuntimeConnectionMethod::getOwnPropertySlot): (JSC::Bindings::QtRuntimeConnectionMethod::getOwnPropertyDescriptor): (JSC::Bindings::QtRuntimeConnectionMethod::getOwnPropertyNames): (JSC::Bindings::QtRuntimeConnectionMethod::lengthGetter): (JSC::Bindings::QtConnectionObject::QtConnectionObject): (JSC::Bindings::QtConnectionObject::~QtConnectionObject): (JSC::Bindings::QtConnectionObject::metaObject): (JSC::Bindings::QtConnectionObject::qt_metacast): (JSC::Bindings::QtConnectionObject::qt_metacall): (JSC::Bindings::isJavaScriptFunction): (JSC::Bindings::QtConnectionObject::execute): (JSC::Bindings::QtConnectionObject::match): (JSC::Bindings::QtConnectionObject::createWithInternalJSC): (JSC::Bindings::::QtArray): (JSC::Bindings::::~QtArray): (JSC::Bindings::::rootObject): (JSC::Bindings::::setValueAt): (JSC::Bindings::::valueAt): 2012-05-04 Yury Semikhatsky <yurys@chromium.org> Web Inspector: use single method for retrieving evaluation context in the runtime agent https://bugs.webkit.org/show_bug.cgi?id=85621 Reviewed by Pavel Feldman. Merged two script state retrieval methods into one. Moved Page specific logic into PageRuntimeAgent. * inspector/InspectorRuntimeAgent.cpp: (WebCore::InspectorRuntimeAgent::evaluate): * inspector/InspectorRuntimeAgent.h: (InspectorRuntimeAgent): * inspector/PageRuntimeAgent.cpp: (WebCore::PageRuntimeAgent::scriptStateForEval): * inspector/PageRuntimeAgent.h: (PageRuntimeAgent): * inspector/WorkerRuntimeAgent.cpp: (WebCore::WorkerRuntimeAgent::scriptStateForEval): * inspector/WorkerRuntimeAgent.h: (WorkerRuntimeAgent): 2012-05-04 Jochen Eisinger <jochen@chromium.org> Unreviewed, rolling out r115549. http://trac.webkit.org/changeset/115549 https://bugs.webkit.org/show_bug.cgi?id=83894 The newly added CRASH() statements are triggered too often * loader/FrameLoader.cpp: (WebCore::FrameLoader::init): (WebCore::FrameLoader::setupForReplace): (WebCore::FrameLoader::stopAllLoaders): (WebCore::FrameLoader::clearProvisionalLoad): (WebCore::FrameLoader::continueFragmentScrollAfterNavigationPolicy): (WebCore::FrameLoader::continueLoadAfterNavigationPolicy): 2012-05-04 Zoltan Horvath <zoltan@webkit.org> [Qt] Error message fix after r116091 https://bugs.webkit.org/show_bug.cgi?id=85614 Reviewed by Alexis Menard. No new tests : error message fix. * WebCore.pri: 2012-05-04 Alexis Menard <alexis.menard@openbossa.org> [Qt] Build fix when using libpng version > 1.2. https://bugs.webkit.org/show_bug.cgi?id=85614 Reviewed by Tor Arne Vestbø. Don't enforce the version of libpng when passing the option to the linker. No new tests : build fix. * WebCore.pri: 2012-05-04 Simon Hausmann <simon.hausmann@nokia.com> [Qt] Images are scaled badly in WebKit2 https://bugs.webkit.org/show_bug.cgi?id=85610 Reviewed by Jocelyn Turcotte. Enable smooth pixmap transforms when rendering into the GraphicsSurface image. This class is only used in WK2. * platform/graphics/surfaces/qt/GraphicsSurfaceQt.cpp: (WebCore::GraphicsSurface::platformBeginPaint): 2012-05-04 Zoltan Horvath <zoltan@webkit.org> [Qt] Remove unnecessary executeable bits after r116085 No new tests. * Target.pri: * WebCore.pri: * platform/graphics/ImageSource.cpp: * platform/graphics/ImageSource.h: * platform/graphics/qt/ImageDecoderQt.cpp: * platform/graphics/qt/ImageDecoderQt.h: * platform/image-decoders/ImageDecoder.cpp: * platform/image-decoders/ImageDecoder.h: 2012-05-04 Zoltan Horvath <zoltan@webkit.org> [Qt] Set WebCore imagedecoders as default and add fallback to QImageDecoder https://bugs.webkit.org/show_bug.cgi?id=80400 This change modifies the default ImageDecoder for Qt-port from QImageDecoder to WebCore ImageDecoder. The new behavior is to use QImageDecoder only if WebCoreImageDecoder doesn't support the requested image type. The WTF_USE_QT_IMAGE_DECODER macro has been removed, since it is no longer needed. This change adds build depedency for libpng-dev and libjpeg-dev packages, becuase PNG and JPEG imagedecoders need not only these libraries, but their headers also. Qmake-config tests for these libraries were introduced in r110045. Reviewed by Simon Hausmann. No new tests needed. * Target.pri: Move WebCore ImageDecoder files out of guards. Remove ImageFrameQt.cpp from sources. * WebCore.pri: Move WebCore ImageDecoder include paths out of guards. * platform/MIMETypeRegistry.cpp: (WebCore::initializeSupportedImageMIMETypes): Add WebCore supported and Qt supported MIME types. (WebCore::initializeSupportedImageMIMETypesForEncoding): Use Qt supported MIME types. * platform/graphics/ImageSource.cpp: Remove unnecessary includes. * platform/graphics/ImageSource.h: Remove unnecessary typedefs. (WebCore): * platform/graphics/qt/ImageDecoderQt.cpp: (WebCore::ImageDecoderQt::filenameExtension): Remove unnecessary semicolon. (WebCore::ImageDecoderQt::internalHandleCurrentImage): Use QImage and ImageFrame instead of QPixmap. (WebCore): (WebCore::ImageFrame::asNewNativeImage): Moved here from removed ImageFrameQt.cpp. * platform/image-decoders/ImageDecoder.cpp: Reorganize the includes of the header. (WebCore::ImageDecoder::create): Add platform macro guarded fallback case for QImageDecoder. * platform/image-decoders/ImageDecoder.h: Remove Qt-specific codes. (WebCore::ImageFrame::getAddr): Remove Qt-specific case, since it is no longer needed. (ImageFrame): * platform/image-decoders/qt/ImageFrameQt.cpp: Removed. Dead code, other code has been moved to ImageDecoderQt.cpp. 2012-05-03 Ilya Tikhonovsky <loislo@chromium.org> Web Inspector: createRawLocationByURL is too slow if a big number of evals happen. https://bugs.webkit.org/show_bug.cgi?id=85477 It iterates through all the _scripts even they have no url. We can keep a separate map of scripts with url. Reviewed by Yury Semikhatsky. * inspector/front-end/DebuggerModel.js: (WebInspector.DebuggerModel): (WebInspector.DebuggerModel.prototype._globalObjectCleared): (WebInspector.DebuggerModel.prototype._resetScriptsMap): (WebInspector.DebuggerModel.prototype._parsedScriptSource): (WebInspector.DebuggerModel.prototype.createRawLocationByURL): 2012-05-03 David Barr <davidbarr@chromium.org> Antialias single-edge solid borders https://bugs.webkit.org/show_bug.cgi?id=85031 Reviewed by Simon Fraser. Antialiasing is avoided for adjacent edges due to artifacts at the seam. There are no such artifacts for single-edge borders so enable antialiasing. Test: fast/css/border-solid-single-edge-antialias.html * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::paintBorder): 2012-05-03 Adam Barth <abarth@webkit.org> CSP: Eval isn't blocked in about:blank subframes https://bugs.webkit.org/show_bug.cgi?id=85553 Reviewed by Eric Seidel. ContentSecurityPolicy has a back pointer to ScriptExecutionContext. That means we shouldn't share a single ContentSecurityPolicy object between multiple ScriptExecutionContexts. This patch copies the state from one ScriptExecutionContext to another rather than sharing the ContentSecurityPolicy object itself. This resulted in a subtle but w.r.t. blocking eval. Because we block eval by setting a bit in the JavaScript engine when enforcing the policy, that bit wasn't copied along with the rest of the state when we were sharing the ContentSecurityPolicy object. Now that we use the more robust ContentSecurityPolicy::copyStateFrom function, we don't have that bug. Test: http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe.html * dom/Document.cpp: (WebCore::Document::initSecurityContext): (WebCore): (WebCore::Document::initContentSecurityPolicy): * dom/Document.h: (Document): * dom/SecurityContext.cpp: (WebCore::SecurityContext::setContentSecurityPolicy): * dom/SecurityContext.h: (SecurityContext): * loader/FrameLoader.cpp: (WebCore::FrameLoader::didBeginDocument): * page/ContentSecurityPolicy.h: (WebCore::ContentSecurityPolicy::create): 2012-05-03 Abhishek Arya <inferno@chromium.org> Regression(r113769): Crash in AudioNodeOutput::disconnectAllParams. https://bugs.webkit.org/show_bug.cgi?id=85196 Reviewed by Chris Rogers. RefPtr the AudioParam hashset in AudioNodeOutput to prevent accessing destroyed entries. No new tests. Unable to reproduce it in DRT. * Modules/webaudio/AudioNodeOutput.cpp: (WebCore::AudioNodeOutput::disconnectAllParams): * Modules/webaudio/AudioNodeOutput.h: (AudioNodeOutput): 2012-05-03 Noel Gordon <noel.gordon@gmail.com> PNGImageDecoder: Clean up rowAvailable() some more https://bugs.webkit.org/show_bug.cgi?id=85464 Reviewed by Eric Seidel. No new tests. Covered by existing tests: fast/images/png-extra-row-crash.html in particular. * platform/image-decoders/png/PNGImageDecoder.cpp: (WebCore::PNGImageDecoder::rowAvailable): Use colorChannels consistently. Split the useful libpng comments in two, then place the early-out code and conditions inbetween. The png variable is only used in one place so move it there. 2012-05-03 Ojan Vafai <ojan@chromium.org> Histogram total allocated bytes in the arena in addition to the render tree size https://bugs.webkit.org/show_bug.cgi?id=85537 Reviewed by Eric Seidel. We only free bytes allocated to a RenderArena when destroying the Document. Histogram both the render tree size and the total bytes allocated. This gives a better sense of the overhead of RenderArena as well as giving a more accurate number for the amount of actual memory used by the render tree. No new tests. This is not webfacing, so this can't be tested without adding API to layout test controller, which doesn't seem worth it for this code. * page/Page.cpp: (WebCore::Page::renderTreeSize): (WebCore::Page::setVisibilityState): * page/Page.h: (Page): * platform/Arena.cpp: (WebCore::ArenaAllocate): * platform/Arena.h: (WebCore): * rendering/RenderArena.cpp: (WebCore::RenderArena::allocate): * rendering/RenderArena.h: (WebCore::RenderArena::totalRenderArenaAllocatedBytes): (RenderArena): 2012-05-03 Mary Wu <mary.wu@torchmobile.com.cn> [BlackBerry] Add missed member in CrossThreadResourceRequestData https://bugs.webkit.org/show_bug.cgi?id=85448 Reviewed by Antonio Gomes. * platform/network/blackberry/ResourceRequest.h: (CrossThreadResourceRequestData): * platform/network/blackberry/ResourceRequestBlackBerry.cpp: (WebCore::ResourceRequest::doPlatformCopyData): (WebCore::ResourceRequest::doPlatformAdopt): 2012-05-03 Adam Barth <abarth@webkit.org> CSP shouldn't block about:blank for iframes https://bugs.webkit.org/show_bug.cgi?id=85233 Reviewed by Eric Seidel. As discussed at the W3C WebAppSec face-to-face meeting, there's no point in blocking about:blank iframes or objects because blocking a frame or object just results in displaying about:blank anyway. This patch just removes the spurious console message and violation report. Test: http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-default.html * page/ContentSecurityPolicy.cpp: (WebCore::ContentSecurityPolicy::allowObjectFromSource): (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): 2012-05-03 Sheriff Bot <webkit.review.bot@gmail.com> Unreviewed, rolling out r116040. http://trac.webkit.org/changeset/116040 https://bugs.webkit.org/show_bug.cgi?id=85559 Broke a few IndexedDB browsertests (Requested by zhenyao on #webkit). * Modules/indexeddb/IDBCursor.cpp: (WebCore::IDBCursor::direction): * Modules/indexeddb/IDBCursor.h: (IDBCursor): * Modules/indexeddb/IDBCursor.idl: * Modules/indexeddb/IDBDatabase.cpp: (WebCore::IDBDatabase::transaction): (WebCore): * Modules/indexeddb/IDBDatabase.h: * Modules/indexeddb/IDBDatabase.idl: * Modules/indexeddb/IDBIndex.cpp: (WebCore::IDBIndex::openCursor): (WebCore::IDBIndex::openKeyCursor): * Modules/indexeddb/IDBIndex.h: (WebCore::IDBIndex::openCursor): (WebCore::IDBIndex::openKeyCursor): * Modules/indexeddb/IDBIndex.idl: * Modules/indexeddb/IDBObjectStore.cpp: (WebCore::IDBObjectStore::openCursor): * Modules/indexeddb/IDBObjectStore.h: (WebCore::IDBObjectStore::openCursor): (IDBObjectStore): * Modules/indexeddb/IDBObjectStore.idl: * Modules/indexeddb/IDBRequest.cpp: (WebCore::IDBRequest::IDBRequest): (WebCore::IDBRequest::readyState): (WebCore::IDBRequest::markEarlyDeath): (WebCore::IDBRequest::resetReadyState): (WebCore::IDBRequest::abort): (WebCore::IDBRequest::finishCursor): (WebCore::IDBRequest::onSuccess): (WebCore::IDBRequest::stop): * Modules/indexeddb/IDBRequest.h: * Modules/indexeddb/IDBRequest.idl: * Modules/indexeddb/IDBTransaction.cpp: (WebCore::IDBTransaction::mode): * Modules/indexeddb/IDBTransaction.h: (IDBTransaction): * Modules/indexeddb/IDBTransaction.idl: 2012-05-03 Raphael Kubo da Costa <rakuco@webkit.org> [CMake] Rewrite FindCairo.cmake. https://bugs.webkit.org/show_bug.cgi?id=84895 Reviewed by Daniel Bates. The old approach relied on pkg-config for finding Cairo (which introduced a dependency on pkg-config that could be avoided), used the LibFindMacros code that we should probably remove in the future and did not use the FindPackageHandleStandardArguments module. Change all that by rewriting the module. - Use the pkg-config output optionally instead of requiring it like LibFindMacros did. - Remove the implicit dependency on FreeType which often found it the wrong way via pkg-config and without considering CMAKE_PREFIX_PATH. - Retrieve the Cairo version by looking at cairo-version.h instead of relying on pkg-config. It requires some additional code for checking if the desired version has been found, but that will not be needed once we start depending on CMake 2.8.3 or later. The only downside is that FPHSA sets <UPPERCASED_NAME>_FOUND instead of <Name>_FOUND, and to keep things consistent Cairo_LIBRARIES and Cairo_INCLUDE_DIRS have become CAIRO_LIBRARIES and CAIRO_INCLUDE_DIRS. No new tests, build system change. * PlatformEfl.cmake: Use CAIRO_FOO instead of Cairo_FOO. 2012-05-03 Anders Carlsson <andersca@apple.com> Focus ring only appears in top-left tile https://bugs.webkit.org/show_bug.cgi?id=85556 <rdar://problem/11359656> Reviewed by Simon Fraser. It is sufficient to just apply the current CTM to the clip rect and set that as the focus ring clip rect. * platform/graphics/mac/WebLayer.mm: (drawLayerContents): 2012-05-03 Alec Flett <alecflett@chromium.org> IndexedDB: Replace numeric constants with strings https://bugs.webkit.org/show_bug.cgi?id=84894 Reviewed by Tony Chang. Test: storage/indexeddb/legacy-constants.html Update IDBObjectStore.openCursor, IDBIndex.openCursor, IDBIndex.openKeyCursor, IDBDatabase.transaction, IDBCursor.direction, IDBTransaction.mode, and IDBRequest.readyState to meet the latest spec. All of these APIs now support string-based values in addition to the legacy/deprecated enum-based values. * Modules/indexeddb/IDBCursor.cpp: (WebCore): (WebCore::IDBCursor::direction): (WebCore::IDBCursor::stringToDirection): (WebCore::IDBCursor::directionToString): * Modules/indexeddb/IDBCursor.h: (IDBCursor): * Modules/indexeddb/IDBCursor.idl: * Modules/indexeddb/IDBDatabase.cpp: (WebCore::IDBDatabase::transaction): (WebCore): * Modules/indexeddb/IDBDatabase.h: (IDBDatabase): * Modules/indexeddb/IDBDatabase.idl: * Modules/indexeddb/IDBIndex.cpp: (WebCore::IDBIndex::openCursor): (WebCore): (WebCore::IDBIndex::openKeyCursor): * Modules/indexeddb/IDBIndex.h: (WebCore::IDBIndex::openCursor): (IDBIndex): (WebCore::IDBIndex::openKeyCursor): * Modules/indexeddb/IDBIndex.idl: * Modules/indexeddb/IDBObjectStore.cpp: (WebCore::IDBObjectStore::openCursor): (WebCore): * Modules/indexeddb/IDBObjectStore.h: (WebCore::IDBObjectStore::openCursor): (IDBObjectStore): * Modules/indexeddb/IDBObjectStore.idl: * Modules/indexeddb/IDBRequest.cpp: (WebCore::IDBRequest::IDBRequest): (WebCore::IDBRequest::readyState): (WebCore::IDBRequest::markEarlyDeath): (WebCore::IDBRequest::resetReadyState): (WebCore::IDBRequest::abort): (WebCore::IDBRequest::finishCursor): (WebCore::IDBRequest::onSuccess): (WebCore::IDBRequest::stop): * Modules/indexeddb/IDBRequest.h: * Modules/indexeddb/IDBRequest.idl: * Modules/indexeddb/IDBTransaction.cpp: (WebCore): (WebCore::IDBTransaction::mode): (WebCore::IDBTransaction::stringToMode): (WebCore::IDBTransaction::modeToString): * Modules/indexeddb/IDBTransaction.h: (IDBTransaction): * Modules/indexeddb/IDBTransaction.idl: 2012-05-03 Sam Weinig <sam@webkit.org> Add an eventPhase NONE constant https://bugs.webkit.org/show_bug.cgi?id=85397 Reviewed by Anders Carlsson. Updates existing tests. * dom/Event.h: * dom/Event.idl: Add NONE constant. 2012-05-03 Tony Chang <tony@chromium.org> Height overflow when nesting multiple new Flexbox'es. https://bugs.webkit.org/show_bug.cgi?id=83572 Reviewed by Ojan Vafai. Test: css3/flexbox/nested-stretch.html * rendering/RenderFlexibleBox.cpp: (WebCore::RenderFlexibleBox::computeAvailableFreeSpace): 2012-05-03 Julien Chaffraix <jchaffraix@webkit.org> ASSERT(!m_zOrderListsDirty) is triggering in Safari https://bugs.webkit.org/show_bug.cgi?id=85512 Reviewed by Simon Fraser. Unfortunately no test as I don't think the 2 cases are testable reliably. A better fix would be to introduce some iterator that handle updating the lists for you. For now, just adding the missing updateLayerListsIfNeeded() calls. * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::hasVisibleNonCompositingDescendantLayers): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::layerHas3DContent): 2012-05-03 Philip Rogers <pdr@google.com> Fix numeric precision issue in SVG animations https://bugs.webkit.org/show_bug.cgi?id=85502 Reviewed by Dirk Schulze. r93938 had a bug where floating point numbers where compared exactly, exposing a bug when floating point precision was not sufficient. This change compares against an epsilon value to get around these precision issues. Test: svg/animations/animate-end-attribute-numeric-precision.html * svg/animation/SVGSMILElement.cpp: (WebCore::SVGSMILElement::calculateAnimationPercentAndRepeat): 2012-05-03 Joshua Bell <jsbell@chromium.org> Fix coding style issues in IDBLevelDBCoding.cpp https://bugs.webkit.org/show_bug.cgi?id=85536 Reviewed by Tony Chang. No tests - just code formatting changes. * Modules/indexeddb/IDBLevelDBCoding.cpp: (WebCore::IDBLevelDBCoding::encodeIDBKey): (WebCore::IDBLevelDBCoding::decodeIDBKey): (WebCore::IDBLevelDBCoding::extractEncodedIDBKey): (WebCore::IDBLevelDBCoding::compareEncodedIDBKeys): 2012-04-30 Filip Pizlo <fpizlo@apple.com> PageCache autorelease should not wait until 3 seconds and 42 pages https://bugs.webkit.org/show_bug.cgi?id=85254 <rdar://problem/11349613> Reviewed by Geoffrey Garen. No new tests, since there is no change in behavior. * history/PageCache.cpp: (WebCore): (WebCore::PageCache::PageCache): (WebCore::PageCache::releaseAutoreleasedPagesNowDueToTimer): * history/PageCache.h: (PageCache): 2012-05-03 Levi Weintraub <leviw@chromium.org> Unreviewed build fix for Mac WK2. Adding a mistakenly removed symbol back to WebCore.exp.in. * WebCore.exp.in: 2012-05-03 Levi Weintraub <leviw@chromium.org> Unreviewed build fix for Qt after 116009. No changes in behavior. * rendering/RenderTreeAsText.cpp: (WebCore::RenderTreeAsText::writeRenderObject): 2012-05-03 W. James MacLean <wjmaclean@chromium.org> [chromium] Revise touchpad fling curve to use exponential curve, to improve feel and small fling performance. https://bugs.webkit.org/show_bug.cgi?id=85530 Reviewed by Kenneth Russell. Existing unit tests updated for new curve. Modifies TouchpadFLingGestureCurve to use an exponential, rather than polynomial, curve. This change appears to improve the overall feel of touchpad fling, and substantially improves small-fling performance. * platform/TouchpadFlingPlatformGestureCurve.cpp: (WebCore::TouchpadFlingPlatformGestureCurve::create): (WebCore): (WebCore::position): (WebCore::velocity): (WebCore::TouchpadFlingPlatformGestureCurve::TouchpadFlingPlatformGestureCurve): 2012-04-23 Levi Weintraub <leviw@chromium.org> and Emil A Eklund <eae@chromium.org> [meta] Switch away from integers representing pixels for layout/event handling/rendering https://bugs.webkit.org/show_bug.cgi?id=60318 Reviewed by Eric Seidel. Swapping the LayoutUnit backend to FractionalLayoutUnit from int. FractionalLayoutUnit is a new type that uses an integer to represent a fraction of a pixel. We're also adding a feature flag -- ENABLE_SUBPIXEL_LAYOUT -- that toggles this fraction between 1/1 and 1/60. Initially, all platforms will default to subpixel layout being off, so FractionalLayoutUnits will effectively continue to act as integers. With ENABLE_SUBPIXEL_LAYOUT turned on, FractionalLayoutUnits accumulate error from sub-pixel CSS values and applied zooming, and painting uses pixel-snapping to align these values to pixels. See http://trac.webkit.org/wiki/LayoutUnit for details. In a number of previous patches, LayoutUnits were plumbed throughout the rendering tree to prepare for this change. This included a number of functions in LayoutTypes.h and the IntRect/Point/Size classes that were effectively no-ops while LayoutUnits were integers. Subsequent patches will remove unnecessary versions of these functions; see http://webkit.org/b/84616 for tracking these changes. Tests: fast/sub-pixel/client-width-height-snapping.html fast/sub-pixel/layout-boxes-with-zoom.html fast/sub-pixel/size-of-box-with-zoom.html * WebCore.exp.in: Updating function signatures that expose FractionalLayoutUnits. * WebCore.xcodeproj/project.pbxproj: Adding missing FractionalLayoutPoint.h header. * css/CSSComputedStyleDeclaration.cpp: (WebCore::zoomAdjustedPixelValue): Using adjustFloatForAbsoluteZoom instead of int to make use of extra precision before returning the pixel value. * css/CSSPrimitiveValue.cpp: (WebCore::CSSPrimitiveValue::computeLength): No longer rounds for imprecise conversion when sub-pixel layout is enabled. (WebCore::CSSPrimitiveValue::customCssText): Returning integer values for pixels. * dom/Element.cpp: (WebCore::adjustForLocalZoom): Using rounding instead of incrementing the value before adjusting to account for truncation when sub-pixel layout is enabled. * page/SpatialNavigation.cpp: (WebCore::distanceDataForNode): Using FractionalLayoutUnit::abs instead of std::abs. * platform/FractionalLayoutUnit.h: Adding some missing operators and a flag around the constant denominator to switch it between 1/1 and 1/60 depending on the feature flag. * platform/Length.h: Changing the default type for value to float, and adding intValue since this more closely matches usage in a sub-pixel layout world. * platform/win/PopupMenuWin.cpp: (WebCore::PopupMenuWin::paint): Using minimumIntValueForLength in this platform code instead of LayoutUnits. * rendering/InlineFlowBox.cpp: (WebCore::InlineFlowBox::placeBoxesInBlockDirection): * rendering/LayoutTypes.h: This file contains the actual switch for changing LayoutUnits to be FractionalLayoutUnits. Also updating stub methods with their proper implementations. * rendering/PaintInfo.h: (WebCore::PaintInfo::infiniteRect): Ensuring the infiniteRect doesn't overflow the FractionalLayoutUnit bounds. * rendering/RenderBlockLineLayout.cpp: (WebCore::RenderBlock::checkPaginationAndFloatsAtEndLine): Switch to FractionalLayoutUnit's abs function instead of std::abs. * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry): Add rounding for setting the phase of the background geometry before applying modulo from the tile size. * rendering/RenderDeprecatedFlexibleBox.cpp: (WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox): Stop applying flex when we have less than a pixel to distribute. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::backgroundClipRect): Replace PaintInfo::infiniteRect with the LayoutRect equivalent. * rendering/RenderLineBoxList.cpp: (WebCore::RenderLineBoxList::rangeIntersectsRect): Using FractionalLayoutUnit::abs instead of std::abs. * rendering/RenderObject.cpp: (WebCore::RenderObject::repaintAfterLayoutIfNeeded): Ditto. * rendering/RenderObject.h: (WebCore): Removing unnecessary adjustForAbsoluteZoom function. (WebCore::RenderObject::outlineSize): Outlines remain ints. * rendering/RenderTableCell.cpp: (WebCore::RenderTableCell::styleOrColLogicalWidth): Build fix. Using floats because colWidthSum is a Length which uses floats. * rendering/RenderThemeChromiumSkia.cpp: (WebCore::RenderThemeChromiumSkia::paintSearchFieldResultsButton): Explicit templatization for max. * rendering/RenderTreeAsText.cpp: Adding code to minimize test expectation churn. It may be worth outputting float values in test expectations, but this isn't done with the inline box tree yet, either. * rendering/RenderTreeAsText.h: (WebCore): Adding a FractionalLayoutPoint operator. * rendering/RenderWidget.cpp: (WebCore::RenderWidget::updateWidgetGeometry): Adding missing pixel snapping, and switching absoluteContentBox to an IntRect, as this is what boundingBox returns. * rendering/svg/SVGRenderTreeAsText.cpp: (WebCore::writePositionAndStyle): Adding an enclosingIntRect for consistency with old results. 2012-05-03 Levi Weintraub <leviw@chromium.org> and Emil A Eklund <eae@chromium.org> [meta] Switch away from integers representing pixels for layout/event handling/rendering https://bugs.webkit.org/show_bug.cgi?id=60318 Reviewed by Eric Seidel. Swapping the LayoutUnit backend to FractionalLayoutUnit from int. FractionalLayoutUnit is a new type that uses an integer that can represent a fraction of a pixel. The ENABLE_SUBPIXEL_LAYOUT feature flags toggles this fraction between 1/1 and 1/60. Initially, all platforms will default to subpixel layout being off, so FractionalLayoutUnits will effectively continue to act as integers. With ENABLE_SUBPIXEL_LAYOUT turned on, FractionalLayoutUnits accumulate error from sub-pixel CSS values and applied zooming, and painting uses pixel-snapping to align these values to pixels and prevent unwanted anti-aliasing. See http://trac.webkit.org/wiki/LayoutUnit for details. In a number of previous patches, LayoutUnits were plumbed throughout the rendering tree to prepare for this change. This included a number of functions in LayoutTypes.h and the IntRect/Point/Size classes that were effectively no-ops while LayoutUnits were integers. See http://webkit.org/b/60318 for the exhaustive list of changes that were done in preparation for this. Subsequent patches will remove unnecessary versions of these functions. http://webkit.org/b/84616 tracks these changes. Tests: fast/sub-pixel/client-width-height-snapping.html fast/sub-pixel/layout-boxes-with-zoom.html fast/sub-pixel/size-of-box-with-zoom.html * WebCore.exp.in: Updating function signatures that expose FractionalLayoutUnits. * WebCore.order: Ditto. * WebCore.xcodeproj/project.pbxproj: Adding missing FractionalLayoutPoint.h header. * css/CSSPrimitiveValue.cpp: (WebCore::CSSPrimitiveValue::computeLength): No longer rounds for imprecise conversion when sub-pixel layout is enabled. * dom/Element.cpp: (WebCore::adjustForLocalZoom): Using rounding instead of incrementing the value before adjusting to account for truncation when sub-pixel layout is enabled. * rendering/mathml/RenderMathMLBlock.cpp: (WebCore): Fixing a static initializer build error by moving an integer constant to be an int. * rendering/LayoutTypes.h: This file contains the actual switch for changing LayoutUnits to be FractionalLayoutUnits. Also updating stub methods with their proper implementations. * rendering/PaintInfo.h: (WebCore::PaintInfo::infiniteRect): Ensuring the infiniteRect doesn't overflow the FractionalLayoutUnit bounds. LayoutRect::infiniteRect() is the largest rectangle that can be represented using LayoutUnits. * rendering/RenderLayer.h: (WebCore::ClipRect::operator!=): Add overload of != to fix complaining compilers when * rendering/RenderTreeAsText.cpp: Adding code to minimize test expectation churn. It may be worth outputting float values in test expectations, but this isn't done with the inline box tree yet, either. * rendering/RenderTreeAsText.h: (WebCore): Adding a FractionalLayoutPoint operator. * rendering/svg/SVGRenderTreeAsText.cpp: (WebCore::writePositionAndStyle): (WebCore): Adding a FractionalLayoutPoint operator. 2012-05-03 Anders Carlsson <andersca@apple.com> Move repaint counter drawing code out into a separate function https://bugs.webkit.org/show_bug.cgi?id=85539 Reviewed by Simon Fraser. The majority of code in TileCache::drawLayer deals with drawing the repaint counter. Move this code out into a separate function to make it more clear what drawLayer does. * platform/graphics/ca/mac/TileCache.h: (TileCache): * platform/graphics/ca/mac/TileCache.mm: (WebCore::TileCache::drawLayer): (WebCore::TileCache::drawRepaintCounter): (WebCore): 2012-05-03 Simon Fraser <simon.fraser@apple.com> Compositing 'requiresOwnBackingStore' logic caused new clip rect assertions https://bugs.webkit.org/show_bug.cgi?id=85455 Reviewed by Dean Jackson. r114283 added logic that allows compositing layers to avoid allocating their own backing store and to paint into an ancestor instead. However, that caused assertions in RenderLayer::updateClipRects() about m_clipRectsRoot being incorrect, because clip rect code assumed that compositing layers always painted themselves. Fixed by calling paintsIntoCompositedAncestor() in RenderLayer::clippingRoot(), so that clip rect computation matches painting. I wasn't able to easily make a test that reproduces the assertion in DRT. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::clippingRoot): 2012-05-03 Tim Horton <timothy_horton@apple.com> REGRESSION(99539): SVG <img> disregards page scale and device scale https://bugs.webkit.org/show_bug.cgi?id=77237 <rdar://problem/10767413> Reviewed by Simon Fraser. Rename SVGImageCache::SizeAndZoom to SVGImageCache::SizeAndScales, as it carries more than just zoom now. Pass the product of the device and page scales through everything that takes a SVGImageCache::SizeAndScales, using it to inflate the size of the buffer created in lookupOrCreateBitmapImageForRenderer, and to inflate the destination rectangle passed to SVGImage::draw, which will cause a transformation on the context being drawn into. Invalidate the SVGImageCache entry on device/page scale changes in addition to zoom changes. This patch does not cause SVGImageCache to take into account scale caused by CSS transforms; that is tracked separately by https://bugs.webkit.org/show_bug.cgi?id=85335. Tests: svg/as-image/image-respects-deviceScaleFactor.html svg/as-image/image-respects-pageScaleFactor.html * loader/cache/CachedImage.cpp: (WebCore::CachedImage::setContainerSizeForRenderer): (WebCore::CachedImage::imageSizeForRenderer): * svg/graphics/SVGImage.cpp: (WebCore::SVGImage::drawSVGToImageBuffer): * svg/graphics/SVGImage.h: * svg/graphics/SVGImageCache.cpp: (WebCore::SVGImageCache::~SVGImageCache): (WebCore::SVGImageCache::removeRendererFromCache): (WebCore::SVGImageCache::setRequestedSizeAndScales): (WebCore::SVGImageCache::requestedSizeAndScales): (WebCore::SVGImageCache::redraw): (WebCore::SVGImageCache::lookupOrCreateBitmapImageForRenderer): * svg/graphics/SVGImageCache.h: (WebCore::SVGImageCache::SizeAndScales::SizeAndScales): (SizeAndScales): (SVGImageCache): (WebCore::SVGImageCache::ImageData::ImageData): (ImageData): 2012-05-03 Fady Samuel <fsamuel@chromium.org> Removing line in computeViewportAttributes that enforces a minimum scale factor to never allow zooming out more than viewport https://bugs.webkit.org/show_bug.cgi?id=70609 Reviewed by Kenneth Rohde Christiansen. Make Viewport Attributes' layoutSize be a FloatRect to avoid rounding too early, and the occasional off by one fixed layout dimensions. * dom/ViewportArguments.cpp: (WebCore::computeViewportAttributes): * dom/ViewportArguments.h: (ViewportAttributes): 2012-05-03 Joshua Bell <jsbell@chromium.org> IndexedDB: Handle generated keys up to 2^53 https://bugs.webkit.org/show_bug.cgi?id=85114 The spec defines the behavior for generated keys up to 2^53 (the maximum integer storable as an ECMAScript number) and the error case when going beyond that. Ensure that we can handle values up to that point and generate errors beyond. Reviewed by Tony Chang. Test: storage/indexeddb/key-generator.html * Modules/indexeddb/IDBBackingStore.h: (IDBBackingStore): * Modules/indexeddb/IDBLevelDBBackingStore.cpp: (WebCore::IDBLevelDBBackingStore::nextAutoIncrementNumber): * Modules/indexeddb/IDBLevelDBBackingStore.h: (IDBLevelDBBackingStore): * Modules/indexeddb/IDBObjectStoreBackendImpl.cpp: (WebCore::IDBObjectStoreBackendImpl::putInternal): (WebCore::IDBObjectStoreBackendImpl::genAutoIncrementKey): * Modules/indexeddb/IDBObjectStoreBackendImpl.h: (IDBObjectStoreBackendImpl): 2012-05-03 Simon Fraser <simon.fraser@apple.com> Remove RenderLayerCompositor::didStartAcceleratedAnimation() https://bugs.webkit.org/show_bug.cgi?id=85514 Reviewed by Antti Koivisto. Remove RenderLayerCompositor::didStartAcceleratedAnimation(), which is no longer needed. Code removal, no new tests. * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::startAnimation): (WebCore::RenderLayerBacking::startTransition): * rendering/RenderLayerCompositor.cpp: * rendering/RenderLayerCompositor.h: 2012-05-03 Andreas Kling <kling@webkit.org> REGRESSION(r111387): CSSOM representation of 'background-image' values should be CSSPrimitiveValue. <http://webkit.org/b/85500> Reviewed by Antti Koivisto. Use the cloneForCSSOM() mechanism in CSSValue to expose CSSImageValue to bindings as a URI primitive value. This matches the specced behavior of computed image values, and restores our previous behavior without having CSSImageValue subclass CSSPrimitiveValue. Also added a failsafe return after the isCSSOMSafe() assertion in the JSC bindings, since it's better to expose an incorrect return value than an insecurely shared one, should we have or add bugs in this code. * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * css/CSSImageValue.cpp: (WebCore::CSSImageValue::cloneForCSSOM): * css/CSSImageValue.h: * css/CSSValue.cpp: (WebCore::CSSValue::cloneForCSSOM): 2012-05-03 Keishi Hattori <keishi@webkit.org> Crash in HTMLFormControlElement::m_fieldSetAncestor https://bugs.webkit.org/show_bug.cgi?id=85453 Reviewed by Kent Tamura. Modified tests: fast/forms/datalist/datalist-child-validation.html fast/forms/form-control-element-crash.html * html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::removedFrom): Only set the invalid ancestor flag. The element will be detached from the document so there is no need to update the style. And the validation message will be hidden by the blur event. (WebCore::HTMLFormControlElement::willValidate): Because of the change to removedFrom, m_ancestorsValid may be false. 2012-05-03 Simon Fraser <simon.fraser@apple.com> Keep overlap testing for compositing on pages with 3d transforms when possible https://bugs.webkit.org/show_bug.cgi?id=62487 Reviewed by Antti Koivisto. Change RenderLayerCompositor to always use overlap testing when possible. Rather than turn off overlap testing wholesale when encountering a non-affine transform, or starting an accelerated transform animation, we constrain the disabling of overlap testing to within overflow:hidden areas when possible. Tests: compositing/layer-creation/overlap-animation.html compositing/layer-creation/overlap-transforms.html * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::setCompositedBounds): Whitespace fix. * rendering/RenderLayerCompositor.cpp: (WebCore::CompositingState::CompositingState): (CompositingState): Add a member boolean to track whether we're testing overlap. Add a copy constructor. (WebCore::RenderLayerCompositor::updateCompositingLayers): Initialize the 'testing overlap' setting based on m_compositingConsultsOverlap (though this will always be true until removed in a future commit). (WebCore::RenderLayerCompositor::updateBacking): No longer turn off overlap testing when we see a non-affine transform. (WebCore::RenderLayerCompositor::computeCompositingRequirements): No need for the 'struct' in the arguments. Consult compositingState.m_testingOverlap to see if we want to test overlap. Use the new CompositingState copy ctor for childState, but set m_subtreeIsCompositing to false as before. If this layer is composited, look to see if need to disable over lap testing based on the transform or an animation. Just as we propagate m_subtreeIsCompositing, we have to propagate m_testingOverlap=false for the rest of the traverse. If we've just processed a layer which clips compositing descendants, we can go back to testing for overlap. (WebCore::RenderLayerCompositor::didStartAcceleratedAnimation): No need to do anything here now. It will be removed in future. (WebCore::RenderLayerCompositor::hasNonAffineTransform): No longer check perspective here, since that doesn't affect whether _this_ layer should disable overlap testing. Checking for a non-affine transform is sufficient. (WebCore::RenderLayerCompositor::isRunningAcceleratedTransformAnimation): New method to check if AnimationController is running a transform animation. * rendering/RenderLayerCompositor.h: (RenderLayerCompositor): 2012-05-03 Chris Fleizach <cfleizach@apple.com> accessibility/misspelled-attributed-string.html test sometimes throws exceptions https://bugs.webkit.org/show_bug.cgi?id=85081 Reviewed by Darin Adler. Add in more range checking in case we get back ranges from spell checking that are wrong. * accessibility/mac/WebAccessibilityObjectWrapper.mm: (AXAttributeStringSetFont): (AXAttributeStringSetColor): (AXAttributeStringSetNumber): (AXAttributeStringSetBlockquoteLevel): (AXAttributeStringSetHeadingLevel): (AXAttributeStringSetElement): 2012-05-03 Pavel Feldman <pfeldman@chromium.org> Web Inspector: move canonical mime type calculation to Resource https://bugs.webkit.org/show_bug.cgi?id=85507 Reviewed by Yury Semikhatsky. Drive-by: small refactoring that prepares code for formatter extraction. * inspector/front-end/BreakpointsSidebarPane.js: * inspector/front-end/DebuggerModel.js: (WebInspector.DebuggerModel.prototype.createLiveLocation): (WebInspector.DebuggerModel.prototype.rawLocationToUILocation): * inspector/front-end/DebuggerPresentationModel.js: (WebInspector.DebuggerPresentationModelResourceBinding.prototype._uiSourceCodeForResource): * inspector/front-end/NetworkManager.js: (WebInspector.NetworkDispatcher.prototype._createNetworkRequest): (get WebInspector): * inspector/front-end/Resource.js: (WebInspector.Resource.prototype.requestContent): (WebInspector.Resource.prototype.canonicalMimeType): (WebInspector.Resource.prototype._innerRequestContent.callback): (WebInspector.Resource.prototype._innerRequestContent): * inspector/front-end/ResourceView.js: (WebInspector.ResourceSourceFrame.prototype.requestContent): (WebInspector.ResourceSourceFrame.prototype._contentChanged): 2012-05-03 Yury Semikhatsky <yurys@chromium.org> Web Inspector: 'expires' value is incorrect for cookies https://bugs.webkit.org/show_bug.cgi?id=85489 Reviewed by Pavel Feldman. Fixed cookie 'expires' property type from integer to number so that we don't lose precision when assembling Cookie parameter in InspectorResourceAgent. * inspector/Inspector.json: 2012-05-03 Dan Bernstein <mitz@apple.com> highlight for Ruby text is mispositioned in the Web Inspector https://bugs.webkit.org/show_bug.cgi?id=82684 Reviewed by Simon Fraser. Tests: fast/writing-mode/flipped-blocks-inline-map-local-to-container-expected.html fast/writing-mode/flipped-blocks-inline-map-local-to-container.html In flipped blocks writing modes, flipping was being applied twice to box descendants of inline children of the flipped block, once during RenderBox::mapLocalToContainer, and then again by RenderInline::mapLocalToContainer. The fix is to make the latter only apply the flip to local coordinates originating in the inline or a descendant inline. This is done by adding a parameter of type ApplyContainerFlipOrNot, which defaults to ApplyContainerFlip but is reset to DoNotApplyContainerFlip in recursive calls into mapLocalToContainer(). * rendering/RenderBox.cpp: (WebCore::RenderBox::mapLocalToContainer): Added ApplyContainerFlipOrNot parameter, passing DoNotApplyContainerFlip when recursing into the container. * rendering/RenderBox.h: * rendering/RenderInline.cpp: (WebCore::RenderInline::mapLocalToContainer): Added ApplyContainerFlipOrNot paramerer, and made the flipping conditional on its value. * rendering/RenderInline.h: * rendering/RenderObject.cpp: (WebCore::RenderObject::mapLocalToContainer): Added ApplyContainerFlipOrNot parameter, passing DoNotApplyContainerFlip when recursing into the container. (WebCore::RenderObject::localToContainerQuad): Pass ApplyContainerFlip. (WebCore::RenderObject::localToContainerPoint): Ditto. * rendering/RenderObject.h: * rendering/RenderView.cpp: (WebCore::RenderView::mapLocalToContainer): Added ApplyContainerFlipOrNot parameter. * rendering/RenderView.h: * rendering/svg/RenderSVGForeignObject.cpp: (WebCore::RenderSVGForeignObject::mapLocalToContainer): Ditto. * rendering/svg/RenderSVGForeignObject.h: * rendering/svg/RenderSVGInline.cpp: (WebCore::RenderSVGInline::mapLocalToContainer): Ditto. * rendering/svg/RenderSVGInline.h: * rendering/svg/RenderSVGModelObject.cpp: (WebCore::RenderSVGModelObject::mapLocalToContainer): Ditto. * rendering/svg/RenderSVGModelObject.h: * rendering/svg/RenderSVGRoot.cpp: (WebCore::RenderSVGRoot::mapLocalToContainer): Ditto. * rendering/svg/RenderSVGRoot.h: * rendering/svg/RenderSVGText.cpp: (WebCore::RenderSVGText::mapLocalToContainer): Ditto. * rendering/svg/RenderSVGText.h: * rendering/svg/SVGRenderSupport.cpp: (WebCore::SVGRenderSupport::mapLocalToContainer): Pass DoNotApplyContainerFlip when recursing into the parent. 2012-05-03 Pavel Feldman <pfeldman@chromium.org> Web Inspector: make Script a ContentProvider. https://bugs.webkit.org/show_bug.cgi?id=85486 Reviewed by Yury Semikhatsky. This allows us to get rid of the corresponding content provider wrapper. * inspector/front-end/ContentProviders.js: * inspector/front-end/RawSourceCode.js: (WebInspector.RawSourceCode.prototype._createContentProvider): * inspector/front-end/Script.js: (WebInspector.Script.prototype.contentURL): (WebInspector.Script.prototype.requestContent.didGetScriptSource): (WebInspector.Script.prototype.requestContent): * inspector/front-end/SnippetsModel.js: (WebInspector.SnippetsScriptMapping.prototype._createUISourceCodeForScript): 2012-05-03 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org> Remove extra checks for empty string when parsing CSS value https://bugs.webkit.org/show_bug.cgi?id=85480 Reviewed by Alexis Menard. Each parse value helper function was checking whether the value string was empty. For the common case this check is already done by StylePropertySet::setProperty(). So this patch make CSSParser::parseValue() assume the value string is not empty, and fix the other two clients. Test: fast/html/font-face-empty-should-not-crash.html * css/CSSParser.cpp: (WebCore::parseColorValue): Replace the string empty check by an ASSERT() to document function's expectations. (WebCore::parseSimpleLengthValue): Ditto. (WebCore::parseKeywordValue): Ditto. (WebCore::CSSParser::parseFontFaceValue): This will be covered by the added test. (WebCore::CSSParser::parseValue): * css/WebKitCSSMatrix.cpp: (WebCore::WebKitCSSMatrix::setMatrixValue): This is already covered by transforms/cssmatrix-2d-interface.xhtml. 2012-05-03 Arpita Bahuguna <arpitabahuguna@gmail.com> Broken handling of pseudo-elements in selectors API https://bugs.webkit.org/show_bug.cgi?id=83446 Reviewed by Antti Koivisto. Test: fast/dom/Window/querySelectorAll-with-pseudo-elements.html * css/SelectorChecker.cpp: (WebCore::SelectorChecker::SelectorChecker): Setting the default value for the enum member m_mode to ResolvingStyle. (WebCore::SelectorChecker::checkSelector): Instead of verifying against the bool m_isCollectingRulesOnly, we now check whether or not m_mode is set to ResolvingStyle. (WebCore::SelectorChecker::checkOneSelector): Instead of verifying against the bool m_isCollectingRulesOnly, we now check whether or not m_mode is set to ResolvingStyle. Also, for the pseudo-elements case we check if its value is set to QueryingRules in which case we return false. * css/SelectorChecker.h: (WebCore::SelectorChecker::mode): Returns the mode (m_mode) value. (WebCore::SelectorChecker::setMode): Sets the mode (m_mode) to the passed enum value. * css/StyleResolver.cpp: (WebCore::StyleResolver::sortAndTransferMatchedRules): (WebCore::StyleResolver::collectMatchingRulesForList): Retrieves SelectorChecker's mode value. * dom/SelectorQuery.cpp: (WebCore::SelectorQuery::SelectorQuery): Sets SelectorChecker's mode to QueryingRules. * html/shadow/ContentSelectorQuery.cpp: (WebCore::ContentSelectorQuery::ContentSelectorQuery): Sets SelectorChecker's mode to CollectingRules. 2012-05-03 Pavel Feldman <pfeldman@chromium.org> Web Inspector: EXC_BAD_ACCESS in DOM breakpoint processing code. https://bugs.webkit.org/show_bug.cgi?id=85482 Reviewed by Yury Semikhatsky. 0 check added since we are guaranteed to get immediate parent, but not the whole ancestor tree. * inspector/InspectorDOMDebuggerAgent.cpp: (WebCore::InspectorDOMDebuggerAgent::descriptionForDOMEvent): 2012-05-03 Ilya Tikhonovsky <loislo@chromium.org> Web Inspector: compile time ambiguity happens when I try to assign a TypeBuilder object to an out argument. https://bugs.webkit.org/show_bug.cgi?id=85462 It happens because we have type casting operators for both types RefPtr<*Type*> and PassRefPtr<*Type*>. I think we can drop PassRefPtr type casting operator and use a named function 'release'. Reviewed by Yury Semikhatsky. * inspector/CodeGeneratorInspector.py: * inspector/ContentSearchUtils.cpp: (WebCore::ContentSearchUtils::buildObjectForSearchMatch): * inspector/InspectorApplicationCacheAgent.cpp: (WebCore::InspectorApplicationCacheAgent::buildObjectForApplicationCache): * inspector/InspectorPageAgent.cpp: (WebCore::buildObjectForCookie): (WebCore::buildObjectForSearchResult): * inspector/InspectorResourceAgent.cpp: (WebCore::buildObjectForTiming): (WebCore::InspectorResourceAgent::buildInitiatorObject): * inspector/ScriptCallFrame.cpp: (WebCore::ScriptCallFrame::buildInspectorObject): 2012-05-03 Yury Semikhatsky <yurys@chromium.org> Web Inspector: crash in InspectorResourceAgent::didReceiveWebSocketFrame https://bugs.webkit.org/show_bug.cgi?id=85394 Reviewed by Pavel Feldman. Pass string length explicitely when creating String object from non-null-terminated char* strings. * inspector/InspectorResourceAgent.cpp: (WebCore): (WebCore::InspectorResourceAgent::didReceiveWebSocketFrame): (WebCore::InspectorResourceAgent::didSendWebSocketFrame): 2012-05-03 'Pavel Feldman' <pfeldman@chromium.org> Not reviewed: never surround InspectorInstrumentation:: with ENABLED(INSPECTOR) * dom/ContainerNode.cpp: (WebCore::ContainerNode::insertBefore): (WebCore::ContainerNode::replaceChild): (WebCore::ContainerNode::appendChild): (WebCore::dispatchChildRemovalEvents): 2012-04-30 Pavel Feldman <pfeldman@chromium.org> Web Inspector: migrate breakpoint manager to live locations. https://bugs.webkit.org/show_bug.cgi?id=85136 Reviewed by Yury Semikhatsky. - Merges Breakpoint and UIBreakpoint to have single instance - Extracts storage from the breakpoint manager - Makes breakpoint manager use source mapping from the script, not the presentation model - Removes breakpoints collection from the UISourceCode Unfortunately, there are too many inter-dependencies that require that these changes are done simultaneously. * inspector/front-end/BreakpointManager.js: (WebInspector.BreakpointManager): (WebInspector.BreakpointManager.prototype.setBreakpoint): (WebInspector.BreakpointManager.prototype.breakpoint): (WebInspector.BreakpointManager.prototype.breakpointLocationsForUISourceCode): (WebInspector.BreakpointManager.prototype.removeAllBreakpoints): (WebInspector.BreakpointManager.prototype.reset): (WebInspector.BreakpointManager.prototype.debuggerReset): (WebInspector.BreakpointManager.prototype._breakpointResolved): (WebInspector.BreakpointManager.prototype._removeBreakpoint): (WebInspector.BreakpointManager.prototype._uiLocationAdded): (WebInspector.BreakpointManager.prototype._uiLocationRemoved): (WebInspector.BreakpointManager.prototype.storage): (WebInspector.BreakpointManager.Breakpoint): (WebInspector.BreakpointManager.Breakpoint.prototype.primaryUILocation): (WebInspector.BreakpointManager.Breakpoint.prototype._addResolvedLocation): (WebInspector.BreakpointManager.Breakpoint.prototype.enabled): (WebInspector.BreakpointManager.Breakpoint.prototype.setEnabled): (WebInspector.BreakpointManager.Breakpoint.prototype.condition): (WebInspector.BreakpointManager.Breakpoint.prototype.setCondition): (WebInspector.BreakpointManager.Breakpoint.prototype._updateBreakpoint): (WebInspector.BreakpointManager.Breakpoint.prototype.remove): (WebInspector.BreakpointManager.Breakpoint.prototype._setInDebugger.didSetBreakpoint): (WebInspector.BreakpointManager.Breakpoint.prototype._setInDebugger): (WebInspector.BreakpointManager.Breakpoint.prototype._removeFromDebugger): (WebInspector.BreakpointManager.Breakpoint.prototype._resetLocations): (WebInspector.BreakpointManager.Breakpoint.prototype._breakpointStorageId): (WebInspector.BreakpointManager.Breakpoint.prototype._fakeBreakpointAtPrimaryLocation): (WebInspector.BreakpointManager.Storage.get this): (WebInspector.BreakpointManager.Storage): (WebInspector.BreakpointManager.Storage.prototype.restoreBreakpoints): (WebInspector.BreakpointManager.Storage.prototype._updateBreakpoint): (WebInspector.BreakpointManager.Storage.prototype._removeBreakpoint): (WebInspector.BreakpointManager.Storage.prototype._save): (set WebInspector.BreakpointManager.Storage.Item): * inspector/front-end/BreakpointsSidebarPane.js: (WebInspector.JavaScriptBreakpointsSidebarPane): (WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointAdded.didRequestContent): (WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointAdded): (WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointRemoved): (WebInspector.JavaScriptBreakpointsSidebarPane.prototype.highlightBreakpoint): (WebInspector.JavaScriptBreakpointsSidebarPane.prototype._createBreakpointItemId): (WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointClicked): (WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointCheckboxClicked): (WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointContextMenu): * inspector/front-end/DebuggerModel.js: (WebInspector.DebuggerModel): (WebInspector.DebuggerModel.prototype.breakpointsActive): (WebInspector.DebuggerModel.prototype.createLiveLocation): * inspector/front-end/DebuggerPresentationModel.js: (WebInspector.DebuggerPresentationModel.prototype._handleUISourceCodeListChanged): (WebInspector.DebuggerPresentationModelResourceBinding.prototype._setContentWithInitialContent): * inspector/front-end/JavaScriptSource.js: (WebInspector.JavaScriptSource): (WebInspector.JavaScriptSource.prototype.consoleMessagesCleared): * inspector/front-end/JavaScriptSourceFrame.js: (WebInspector.JavaScriptSourceFrame): (WebInspector.JavaScriptSourceFrame.prototype.canEditSource): (WebInspector.JavaScriptSourceFrame.prototype.editContent): (WebInspector.JavaScriptSourceFrame.prototype._onContentChanged): (WebInspector.JavaScriptSourceFrame.prototype.populateLineGutterContextMenu): (WebInspector.JavaScriptSourceFrame.prototype.beforeTextChanged): (WebInspector.JavaScriptSourceFrame.prototype.didEditContent): (WebInspector.JavaScriptSourceFrame.prototype._addBreakpointDecoration): (WebInspector.JavaScriptSourceFrame.prototype._onMouseDown): (WebInspector.JavaScriptSourceFrame.prototype._editBreakpointCondition.finishEditing): (WebInspector.JavaScriptSourceFrame.prototype._editBreakpointCondition): (WebInspector.JavaScriptSourceFrame.prototype._breakpointAdded): (WebInspector.JavaScriptSourceFrame.prototype._breakpointRemoved): (WebInspector.JavaScriptSourceFrame.prototype.onTextViewerContentLoaded): (WebInspector.JavaScriptSourceFrame.prototype._setBreakpoint): (WebInspector.JavaScriptSourceFrame.prototype._continueToLine): (WebInspector.JavaScriptSourceFrame.prototype._updateBreakpointsAfterLiveEdit): * inspector/front-end/Script.js: (WebInspector.Script.prototype.rawLocationToUILocation): * inspector/front-end/ScriptsPanel.js: (WebInspector.ScriptsPanel.prototype._uiSourceCodeAdded): (WebInspector.ScriptsPanel.prototype._uiSourceCodeRemoved): (WebInspector.ScriptsPanel.prototype._debuggerPaused.else.didGetUILocation): (WebInspector.ScriptsPanel.prototype._debuggerPaused): (WebInspector.ScriptsPanel.prototype._uiSourceCodeReplaced): * inspector/front-end/UISourceCode.js: (WebInspector.UISourceCode.prototype.contentChanged): 2012-05-03 Andrey Kosyakov <caseq@chromium.org> Unreviewed attemp to fix chromium win build broken at r115943. * notifications/NotificationClient.h: (WebCore): 2012-05-03 Vivek Galatage <vivekgalatage@gmail.com> Linker warnings due to duplicate symbols for SimplifyMarkupCommand.cpp on Windows https://bugs.webkit.org/show_bug.cgi?id=85467 Reviewed by Ryosuke Niwa. Removed the multiple inclusion of the file SimplifyMarkupCommand.cpp No new tests required. * WebCore.vcproj/WebCore.vcproj: 2012-05-03 Uday Kiran <udaykiran@motorola.com> CSS clip: auto clips to box borders instead of removing clipping https://bugs.webkit.org/show_bug.cgi?id=36772 Reviewed by Andreas Kling. According to CSS 2.1 spec, http://www.w3.org/TR/CSS2/visufx.html#propdef-clip, clip property with value 'auto' the element does not clip. Also getPropertyValue for clip when auto is specified should return "auto" and not "rect(0px 0px 0px 0px)". Tests: css2.1/20110323/clip-001-expected.html css2.1/20110323/clip-001.html * css/StyleBuilder.cpp: (WebCore::ApplyPropertyClip::applyValue): 2012-05-02 Antti Koivisto <antti@apple.com> Add temporary feature define for parsed stylesheet caching https://bugs.webkit.org/show_bug.cgi?id=85413 Rubber-stamped by Nikolas Zimmermann. While not an externally visible feature this is still a significant internal change. It is good to have define in case someone has an urgent need to turn it off. Caching is enabled by default on all platforms. The define should be removed after some bake time. * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::setCSSStyleSheet): 2012-05-03 Nikolas Zimmermann <nzimmermann@rim.com> Accumulation for values-animation is broken https://bugs.webkit.org/show_bug.cgi?id=85158 Reviewed by Zoltan Herczeg. Follow-up patch: Add const Foo& foo() const accessors to SVGAnimatedType, to avoid the "Foo& foo = animated->foo()" idiom in all cases where we don't need to mutate 'foo'. Use "const Foo& foo = animated->foo()" instead. Inline all of these methods to avoid the function call overhead. For to-animations we actually mutated the from value before, but it wasn't a problem in practive, as we did that on every animation step. Fully avoid these inconsitencies by never mutating the from/to types stored in SVGAnimateElement. Cache toAtEndOfDurationType just like m_toType/m_fromType in SVGAnimateElement, to avoid reconstructing it on every animation step. No new tests, only design/performance fixes. * svg/SVGAnimateElement.cpp: (WebCore::SVGAnimateElement::calculateAnimatedValue): (WebCore::SVGAnimateElement::calculateToAtEndOfDurationValue): (WebCore::SVGAnimateElement::targetElementWillChange): * svg/SVGAnimateElement.h: (SVGAnimateElement): * svg/SVGAnimateMotionElement.cpp: (WebCore::SVGAnimateMotionElement::SVGAnimateMotionElement): (WebCore::SVGAnimateMotionElement::calculateToAtEndOfDurationValue): (WebCore::SVGAnimateMotionElement::calculateFromAndToValues): (WebCore::SVGAnimateMotionElement::calculateFromAndByValues): (WebCore::SVGAnimateMotionElement::calculateAnimatedValue): * svg/SVGAnimateMotionElement.h: (SVGAnimateMotionElement): * svg/SVGAnimatedAngle.cpp: (WebCore::SVGAnimatedAngleAnimator::addAnimatedTypes): (WebCore::SVGAnimatedAngleAnimator::calculateAnimatedValue): * svg/SVGAnimatedBoolean.cpp: (WebCore::SVGAnimatedBooleanAnimator::calculateAnimatedValue): * svg/SVGAnimatedColor.cpp: (WebCore::SVGAnimatedColorAnimator::calculateAnimatedValue): * svg/SVGAnimatedEnumeration.cpp: (WebCore::SVGAnimatedEnumerationAnimator::calculateAnimatedValue): * svg/SVGAnimatedInteger.cpp: (WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedValue): * svg/SVGAnimatedIntegerOptionalInteger.cpp: (WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::addAnimatedTypes): (WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::calculateAnimatedValue): * svg/SVGAnimatedLength.cpp: (WebCore::SVGAnimatedLengthAnimator::addAnimatedTypes): (WebCore::SVGAnimatedLengthAnimator::calculateAnimatedValue): * svg/SVGAnimatedLengthList.cpp: (WebCore::SVGAnimatedLengthListAnimator::addAnimatedTypes): (WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumber.cpp: (WebCore::SVGAnimatedNumberAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumberList.cpp: (WebCore::SVGAnimatedNumberListAnimator::addAnimatedTypes): (WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumberOptionalNumber.cpp: (WebCore::SVGAnimatedNumberOptionalNumberAnimator::addAnimatedTypes): (WebCore::SVGAnimatedNumberOptionalNumberAnimator::calculateAnimatedValue): * svg/SVGAnimatedPath.cpp: (WebCore::SVGAnimatedPathAnimator::calculateAnimatedValue): * svg/SVGAnimatedPointList.cpp: (WebCore::SVGAnimatedPointListAnimator::addAnimatedTypes): (WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue): * svg/SVGAnimatedPreserveAspectRatio.cpp: (WebCore::SVGAnimatedPreserveAspectRatioAnimator::calculateAnimatedValue): * svg/SVGAnimatedRect.cpp: (WebCore::SVGAnimatedRectAnimator::calculateAnimatedValue): * svg/SVGAnimatedString.cpp: (WebCore::SVGAnimatedStringAnimator::calculateAnimatedValue): * svg/SVGAnimatedTransformList.cpp: (WebCore::SVGAnimatedTransformListAnimator::addAnimatedTypes): (WebCore::SVGAnimatedTransformListAnimator::calculateAnimatedValue): * svg/SVGAnimatedType.cpp: * svg/SVGAnimatedType.h: (WebCore::SVGAnimatedType::angleAndEnumeration): (SVGAnimatedType): (WebCore::SVGAnimatedType::boolean): (WebCore::SVGAnimatedType::color): (WebCore::SVGAnimatedType::enumeration): (WebCore::SVGAnimatedType::integer): (WebCore::SVGAnimatedType::integerOptionalInteger): (WebCore::SVGAnimatedType::length): (WebCore::SVGAnimatedType::lengthList): (WebCore::SVGAnimatedType::number): (WebCore::SVGAnimatedType::numberList): (WebCore::SVGAnimatedType::numberOptionalNumber): (WebCore::SVGAnimatedType::path): (WebCore::SVGAnimatedType::pointList): (WebCore::SVGAnimatedType::preserveAspectRatio): (WebCore::SVGAnimatedType::rect): (WebCore::SVGAnimatedType::string): (WebCore::SVGAnimatedType::transformList): * svg/SVGAnimationElement.cpp: (WebCore::SVGAnimationElement::currentValuesForValuesAnimation): (WebCore::SVGAnimationElement::startedActiveInterval): (WebCore::SVGAnimationElement::updateAnimation): * svg/SVGAnimationElement.h: (WebCore::SVGAnimationElement::adjustFromToListValues): (WebCore::SVGAnimationElement::animateDiscreteType): (SVGAnimationElement): 2012-05-02 Alexander Færøy <ahf@0x90.dk> Rename deviceDPI to devicePixelRatio https://bugs.webkit.org/show_bug.cgi?id=85049 Reviewed by Kenneth Rohde Christiansen. No new tests added since this is a minor refactoring with no changes that should affect tests. * page/Settings.cpp: (WebCore::Settings::Settings): * page/Settings.h: (WebCore::Settings::setDevicePixelRatio): (WebCore::Settings::devicePixelRatio): (Settings): 2012-05-03 Nikolas Zimmermann <nzimmermann@rim.com> Fix multiple begin values support - especially with seeking through setCurrentTime https://bugs.webkit.org/show_bug.cgi?id=85372 Reviewed by Zoltan Herczeg. Multiple begin values aka. begin="0s; 2s" aren't correctly handled - resulting in broken & unexpected behavior. Supporting seeking properly on documents containing such animations is very important, otherwise we can't reliable test animations using either reftests or the SVG JS animation test framework. Testcase: <rect height="100" fill="green"> <animate attributeName="width" begin="0s; 2s" dur="8s" from="0" to="100" fill="freeze"/> </rect> What's expected? Two times should be contained in the 'begin' times list in SVGSMILElement: m_beginTimes = { 0s, 2s }. The initial first resolved interval is: m_intervalBegin=0.0s, m_intervalEnd=8.0s. During t=0s..1.9999s the m_intervalBegin/m_intervalEnd are correct. At t=2s, a new interval can be started. m_intervalEnd should be set to nextBeginTime, where nextBeginTime=2s. The current interval should get cropped to: m_intervalBegin=0s, m_intervalEnd=2s. The following call to resolveNextInterval() sees that elapsed >= m_intervalEnd, and thus moves on to the next interval. m_intervalBegin should be 2s and m_intervalEnd=10s after that. In trunk this behavior is only partly implemented and broken. Especially broken together with seeking via SVGSVGElement.setCurrentTime. That's because we don't correctly seek to the right interval in case of multiple begin values, eg. if we sample an animation with begin="0s; 3s" dur="6s" we always remain in the first interval and don't move on. Fix all of these issues, making lots more tests work in Dr. Olaf Hofmanns SVG Animation test suite. Tests: svg/animations/multiple-begin-additive-animation.html svg/animations/multiple-begin-animation-discrete-expected.svg svg/animations/multiple-begin-animation-discrete.svg svg/animations/multiple-begin-animation-expected.svg svg/animations/multiple-begin-animation.svg * svg/animation/SMILTimeContainer.cpp: (WebCore::SMILTimeContainer::begin): (WebCore::SMILTimeContainer::setElapsed): (WebCore::SMILTimeContainer::updateAnimations): * svg/animation/SMILTimeContainer.h: (SMILTimeContainer): * svg/animation/SVGSMILElement.cpp: (WebCore::SVGSMILElement::findInstanceTime): (WebCore::SVGSMILElement::resolveInterval): (WebCore::SVGSMILElement::resolveNextInterval): (WebCore): (WebCore::SVGSMILElement::checkRestart): (WebCore::SVGSMILElement::seekToIntervalCorrespondingToTime): (WebCore::SVGSMILElement::progress): * svg/animation/SVGSMILElement.h: (SVGSMILElement): 2012-05-03 Dana Jansens <danakj@chromium.org> [chromium] Don't add small opaque areas to the occlusion tracker's Region https://bugs.webkit.org/show_bug.cgi?id=85297 Reviewed by Adrienne Walker. Don't add small opaque areas (smaller than 160x160) to the occlusion tracker's Region objects to avoid high Region::unite() costs. We would like Region to just be fast enough that this isn't a concern, and there are patches in flight to do this, but at the moment, small opaque areas add significant cost if there is many of them, for potentially small gains since they do not cover entire tiles. Comments in http://code.google.com/p/chromium/issues/detail?id=124687 motivate this approach for now, and point to around 160x160 being a reasonable threshold. Removes the opaque paint tracking flag while we're here. The flag is no longer used, and was broken when we moved the "paint vs opaque flag" distinction out to the layers. Unit test: CCOcclusionTrackerTestMinimumTrackingSize * platform/graphics/chromium/cc/CCLayerTreeHost.cpp: (WebCore::CCLayerTreeHost::paintLayerContents): * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp: (WebCore::CCLayerTreeHostImpl::calculateRenderPasses): * platform/graphics/chromium/cc/CCOcclusionTracker.cpp: (WebCore::::CCOcclusionTrackerBase): (WebCore::addOcclusionBehindLayer): (WebCore::::markOccludedBehindLayer): * platform/graphics/chromium/cc/CCOcclusionTracker.h: (WebCore::CCOcclusionTrackerBase::setMinimumTrackingSize): (CCOcclusionTrackerBase): (WebCore::CCOcclusionTrackerBase::preferredMinimumTrackingSize): 2012-05-02 Jon Lee <jonlee@apple.com> Migrate permission functions to Notification from NotificationCenter https://bugs.webkit.org/show_bug.cgi?id=80485 <rdar://problem/10965458> Reviewed by Jian Li. * notifications/Notification.idl: Add permission functions. * notifications/DOMWindowNotifications.idl: Wrap webkitNotifications as part of legacy API. * notifications/Notification.cpp: New permission functions are wrapped with ENABLE(NOTIFICATIONS) (WebCore::Notification::taskTimerFired): Use the new permission functions to determine whether we can show the notification. (WebCore::Notification::permissionLevel): (WebCore::Notification::permissionString): Declare three static locals for each of the values, and return based on the permission enum. (WebCore::Notification::requestPermission): Forward request to client. * notifications/Notification.h: * notifications/NotificationPermissionCallback.h: Added. (NotificationPermissionCallback): (WebCore::NotificationPermissionCallback::~NotificationPermissionCallback): * notifications/NotificationPermissionCallback.idl: Added. * notifications/NotificationCenter.cpp: Wrap permission functions in ENABLE(LEGACY_NOTIFICATIONS) * notifications/NotificationCenter.h: Wrap permission functions in ENABLE(LEGACY_NOTIFICATIONS) * notifications/NotificationCenter.idl: Refactor conditionals to make the center available only when ENABLE(LEGACY_NOTIFICATIONS) is on. * notifications/NotificationPresenter.h: (WebCore::NotificationPresenter::requestPermission): Add new requestPermission() function for new NotificationPermissionCallback type. Make it a stub implementation until all ports have adopted. * notifications/NotificationClient.h: Add another requestPermission() client call, wrapped in ENABLE(NOTIFICATIONS) that accepts the NotificationPermissionCallback. Wrap the original one in ENABLE(LEGACY_NOTIFICATIONS). * bindings/js/JSDesktopNotificationsCustom.cpp: Change to include the implementation only in ENABLE(LEGACY_NOTIFICATIONS). * bindings/js/JSNotificationsCustom.cpp: Custom implementation of requestPermission(). * bindings/v8/custom/V8NotificationCustom.cpp: Custom implementation of requestPermission(). * notifications/WorkerContextNotifications.idl: Make webktNotifications available only in legacy API. * CMakeLists.txt: Add new callback idl. * DerivedSources.make: Add new callback idl. * DerivedSources.pri: Add new callback idl. * GNUmakefile.list.am: Add NotificationPermissionCallback files. * Target.pri: Include JSNotificationCustom.cpp, V8NotificationCustom.cpp * UseJSC.cmake: Include JSNotificationCustom.cpp * UseV8.cmake: Include V8NotificationCustom.cpp * WebCore.gypi: Include JSNotificationCustom.cpp, V8NotificationCustom.cpp, JSNotificationPermissionCallback.{h,cpp} * WebCore.vcproj/WebCore.vcproj: Include JSNotificationCustom.cpp, JSNotificationPermissionCallback.{h,cpp} * WebCore.exp.in: Export permissionString(). * WebCore.xcodeproj/project.pbxproj: Add callback idl, h, and cpp files. 2012-05-02 Sheriff Bot <webkit.review.bot@gmail.com> Unreviewed, rolling out r115907. http://trac.webkit.org/changeset/115907 https://bugs.webkit.org/show_bug.cgi?id=85458 It broke all viewport tests on Qt and on GTK (Requested by Ossy on #webkit). * dom/ViewportArguments.cpp: (WebCore::computeViewportAttributes): * dom/ViewportArguments.h: (ViewportAttributes): 2012-05-02 Gustavo Noronha Silva <gns@gnome.org> [GTK] Finish moving modules into libWebCoreModules.la https://bugs.webkit.org/show_bug.cgi?id=85449 Unreviewed build fix. * GNUmakefile.list.am: move remaining modules source files into the libWebCoreModules library, this should fix the problems people had building the 1.9.1 tarball with unpatched make. 2012-05-02 Dongwoo Im <dw.im@samsung.com> [EFL] Unreviewed, Fix build break when WEB_AUDIO is enabled. https://bugs.webkit.org/show_bug.cgi?id=85443 Unreviewed build fix. Three new files were added in the Modules/webaudio directory. These files should be included into the CMakeLists.txt file. * CMakeLists.txt: Add the newly created files into the CMakeLists.txt 2012-05-02 Eric Seidel <eric@webkit.org> Sort ENABLE_ defines in FeatureDefines.xcconfig files to make them easier to compare with one another (and easier to autogenerate) https://bugs.webkit.org/show_bug.cgi?id=85433 Reviewed by Adam Barth. I have a script which can autogenerate these xcconfig files as well as the vsprops files (and soon the Chromium, cmake, gnumake and qmake) feature lists from a central feature list file. In preparation for posting such a tool, I'm re-sorting these xcconfig files to be alphabetically ordered (currently they're close, but not quite). There is also at least one inconsistency between these files (CSS_LEGACY_PREFIXES) which I will fix in a second pass. I will also sort the FEATURE_DEFINES = line in a follow-up patch. * Configurations/FeatureDefines.xcconfig: 2012-05-02 Dana Jansens <danakj@chromium.org> [chromium] Don't occlude pixels in a surface that are needed for a background filter blur https://bugs.webkit.org/show_bug.cgi?id=84317 Reviewed by Adrienne Walker. Blur filters move pixels around, so a pixel can influence the value of pixels at some distance away. If a pixel is not occluded, then all pixels within the radius of the blur may influence the value of that pixel, so they should also stay unoccluded. For background filters, the pixels are read from the filter's target surface, so we remove occlusion from that target surface from pixels that will blur into visible pixels. Unit test: CCOcclusionTrackerTestDontOccludePixelsNeededForBackgroundFilter CCOcclusionTrackerTestTwoBackgroundFiltersReduceOcclusionTwice CCOcclusionTrackerTestDontOccludePixelsNeededForBackgroundFilterWithClip CCOcclusionTrackerTestDontReduceOcclusionBelowBackgroundFilter CCOcclusionTrackerTestDontReduceOcclusionIfBackgroundFilterIsOccluded CCOcclusionTrackerTestReduceOcclusionWhenBackgroundFilterIsPartiallyOccluded * platform/graphics/chromium/cc/CCOcclusionTracker.cpp: (WebCore::reduceOcclusion): (WebCore): (WebCore::reduceOcclusionBelowSurface): (WebCore::::leaveToTargetRenderSurface): (WebCore::::unoccludedContributingSurfaceContentRect): * platform/graphics/chromium/cc/CCOcclusionTracker.h: (CCOcclusionTrackerBase): * platform/graphics/chromium/cc/CCQuadCuller.cpp: (WebCore::CCQuadCuller::appendSurface): (WebCore::CCQuadCuller::appendReplica): 2012-05-02 Levi Weintraub <leviw@chromium.org> Convert FractionalLayoutUnit overflow assertions to stderr warnings https://bugs.webkit.org/show_bug.cgi?id=85393 Reviewed by Eric Seidel. Writing warnings to stderr when FractionalLayoutUnits overflow on debug builds instead of asserting and crashing. It can be very useful to WebKit developers know when overflow is occurring, but it's not always a programming error, so assert wasn't the right action. No new tests. No change in behavior. * platform/FractionalLayoutUnit.h: (WebCore): (WebCore::FractionalLayoutUnit::FractionalLayoutUnit): (WebCore::FractionalLayoutUnit::toUnsigned): (WebCore::FractionalLayoutUnit::setRawValue): 2012-04-18 Jon Honeycutt <jhoneycutt@apple.com> FrameLoaderClient::dispatchWillSendSubmitEvent() should be given more information about the form being submitted https://bugs.webkit.org/show_bug.cgi?id=84297 Reviewed by Andy Estes. * html/HTMLFormElement.cpp: (WebCore::HTMLFormElement::prepareForSubmission): Get the form field names and values, and use them to create a FormState object. Pass this object when calling dispatchWillSendSubmitEvent(). (WebCore::HTMLFormElement::getTextFieldValues): Loop over the associated elements, looking for <input> elements. Collect their names and values. * html/HTMLFormElement.h: Declare getTextFieldData(). * loader/EmptyClients.h: (WebCore::EmptyFrameLoaderClient::dispatchWillSendSubmitEvent): Updated declaration for new parameter type. * loader/FrameLoaderClient.h: Updated declaration of dispatchWillSendSubmitEvent() for new param type. 2012-04-13 Jon Honeycutt <jhoneycutt@apple.com> Make Page::setDefersLoading() have a call count so that each time loading is deferred, it must be balanced with a call to resume. https://bugs.webkit.org/show_bug.cgi?id=84522 Reviewed by Andy Estes. * page/Page.cpp: (WebCore::Page::Page): Initialize new call count member. (WebCore::Page::setDefersLoading): Check whether the callers wants balanced defer/resume loading behavior. If the call count is not changing from 0 to 1 or 1 to 0, return early. Otherwise, defer or resume loading for frames in this page. * page/Page.h: (WebCore::Page::defersLoading): Added a member to hold the call count. * page/Settings.cpp: (WebCore::Settings::Settings): Initialized new member m_wantsBalancedSetDefersLoadingBehavior. * page/Settings.h: (Settings): Added new member m_wantsBalancedSetDefersLoadingBehavior. (WebCore::Settings::setWantsBalancedSetDefersLoadingBehavior): Setter. (WebCore::Settings::wantsBalancedSetDefersLoadingBehavior): Getter. 2012-05-02 Ojan Vafai <ojan@chromium.org> Add a histogram for rendertree size https://bugs.webkit.org/show_bug.cgi?id=85226 Reviewed by Eric Seidel. We record it when the page gets hidden, since this is a point at which, in theory, we could kill the rendertree. No new tests. This isn't web visible, so there's no way to test it. * loader/FrameLoader.cpp: (WebCore::FrameLoader::clear): * page/Page.cpp: (WebCore::Page::renderTreeSize): (WebCore): (WebCore::Page::setVisibilityState): * page/Page.h: (Page): * platform/HistogramSupport.cpp: (WebCore::HistogramSupport::histogramCustomCounts): (WebCore): * platform/HistogramSupport.h: (HistogramSupport): * platform/chromium/HistogramSupportChromium.cpp: (WebCore::HistogramSupport::histogramCustomCounts): (WebCore): 2012-05-02 Sheriff Bot <webkit.review.bot@gmail.com> Unreviewed, rolling out r115902. http://trac.webkit.org/changeset/115902 https://bugs.webkit.org/show_bug.cgi?id=85441 Compile failure on linux 32 (Requested by zhenyao on #webkit). * Modules/indexeddb/IDBBackingStore.h: (IDBBackingStore): * Modules/indexeddb/IDBLevelDBBackingStore.cpp: (WebCore::IDBLevelDBBackingStore::nextAutoIncrementNumber): * Modules/indexeddb/IDBLevelDBBackingStore.h: (IDBLevelDBBackingStore): * Modules/indexeddb/IDBObjectStoreBackendImpl.cpp: (WebCore::IDBObjectStoreBackendImpl::putInternal): (WebCore::IDBObjectStoreBackendImpl::genAutoIncrementKey): * Modules/indexeddb/IDBObjectStoreBackendImpl.h: (IDBObjectStoreBackendImpl): 2012-05-02 Julien Chaffraix <jchaffraix@webkit.org> Add ASSERTs to avoid querying dirtied z-index or normal flow lists on RenderLayer https://bugs.webkit.org/show_bug.cgi?id=84920 Reviewed by Simon Fraser. Covered by existing tests in Debug (at least several time!). This change adds some ASSERTs on RenderLayer that prevent any use of its lists if they are dirtied. On top of this change, we added an invariant that non-stacking contexts should have their z-index lists NULL (instead of empty or NULL previously). This is enforced at updateZOrderLists time as we now ensure that it is called in a timely manner. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::calculateLayerBounds): Added call to updateLayersIfNeeded as we will query them later and there is no guarantee that they are not dirty (we recurse in our children as part of calculateLayerBounds). This was causing the new ASSERTs to trigger on css3/filter/ tests. (WebCore::RenderLayer::dirtyZOrderLists): Added a comment as to why we can't ASSERT that we are in a stacking context here. (WebCore::RenderLayer::rebuildZOrderLists): Added an ASSERT that we only rebuild z-index lists for dirtied stacking context. (WebCore::RenderLayer::updateLayerListsIfNeeded): Updated to ensure that the reflection layer has its layers updated too. This was triggering the new ASSERTs on fast/runins/run-in-layer-not-removed-crash.html. (WebCore::RenderLayer::updateCompositingAndLayerListsIfNeeded): Updated to use the new isDirtyStackingContext function. * rendering/RenderLayer.h: (WebCore::RenderLayer::isDirtyStackingContext): New helper function. Also made updateLayerListsIfNeeded() the only way to update layer. That should prevent any misuse. (WebCore::RenderLayer::posZOrderList): (WebCore::RenderLayer::negZOrderList): (WebCore::RenderLayer::normalFlowList): ASSERT that we don't query any of the previous lists if they are dirty. Also enforce the invariant that non-stacking contexts should have NULL z-index lists. (WebCore::RenderLayer::clearZOrderLists): New function to clearZOrderLists so that we can enfore the previous invariant. (WebCore::RenderLayer::updateZOrderLists): Updated to clear the dirty flag and the z-index lists for non-stacking context. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::addToOverlapMapRecursive): (WebCore::RenderLayerCompositor::computeCompositingRequirements): (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree): Removed the explicit ASSERTs. (WebCore::RenderLayerCompositor::updateLayerTreeGeometry): (WebCore::RenderLayerCompositor::canBeComposited): Disabled compositing on RenderLayer in flow thread. Because flow thread's RenderLayer are not collected as part of RenderLayer's lists and could be composited, this was causing the new ASSERTs to trigger (e.g. on fast/regions/webkit-flow-renderer-layer.html). * rendering/RenderTreeAsText.cpp: (WebCore::writeLayers): Updated to use updateLayerListsIfNeeded(). 2012-05-02 Levi Weintraub <leviw@chromium.org> Remove unused adjustForAbsoluteZoom method in RenderObject.h https://bugs.webkit.org/show_bug.cgi?id=85396 Reviewed by Eric Seidel. We only want to use the integer adjustForAbsoluteZoom method, so this remnant is both unused and potentially confusing. No new tests. Removing unused code. * rendering/RenderObject.h: (WebCore): 2012-05-02 Fady Samuel <fsamuel@chromium.org> Removing line in computeViewportAttributes that enforces a minimum scale factor to never allow zooming out more than viewport https://bugs.webkit.org/show_bug.cgi?id=70609 Reviewed by Kenneth Rohde Christiansen. Make ViewportAttributes' layoutSize be a FloatRect to avoid rounding too early, and the occasional off by one fixed layout dimensions. * dom/ViewportArguments.cpp: (WebCore::computeViewportAttributes): * dom/ViewportArguments.h: (ViewportAttributes): 2012-05-02 Joshua Bell <jsbell@chromium.org> IndexedDB: Handle generated keys up to 2^53 https://bugs.webkit.org/show_bug.cgi?id=85114 The spec defines the behavior for generated keys up to 2^53 (the maximum integer storable as an ECMAScript number) and the error case when going beyond that. Ensure that we can handle values up to that point and generate errors beyond. Reviewed by Tony Chang. Test: storage/indexeddb/key-generator.html * Modules/indexeddb/IDBBackingStore.h: (IDBBackingStore): * Modules/indexeddb/IDBLevelDBBackingStore.cpp: (WebCore::IDBLevelDBBackingStore::nextAutoIncrementNumber): * Modules/indexeddb/IDBLevelDBBackingStore.h: (IDBLevelDBBackingStore): * Modules/indexeddb/IDBObjectStoreBackendImpl.cpp: (WebCore::IDBObjectStoreBackendImpl::putInternal): (WebCore::IDBObjectStoreBackendImpl::genAutoIncrementKey): * Modules/indexeddb/IDBObjectStoreBackendImpl.h: (IDBObjectStoreBackendImpl): 2012-05-02 Adam Klein <adamk@chromium.org> Childlist mutations in shadow DOM should be observable with MutationObservers https://bugs.webkit.org/show_bug.cgi?id=85402 Reviewed by Ojan Vafai. Though Mutation Events are not supported in Shadow DOM, MutationObservers are supposed to be. Due to a misplacement of the ChildListMutationScope, they were erroneously getting skipped. This patch moves code around to properly notify when childlist are mutated in shadow DOM and covers that change with a new test. Test: fast/mutation/shadow-dom.html * dom/ContainerNode.cpp: (WebCore::willRemoveChild): Handle notification of removal directly. (WebCore::willRemoveChildren): ditto. (WebCore::dispatchChildInsertionEvents): Remove notification of insertion. (WebCore::dispatchChildRemovalEvents): Remove notification of removal. (WebCore::updateTreeAfterInsertion): Handle notification of insertion directly. 2012-05-02 Eric Carlson <eric.carlson@apple.com> Crash in WebCore::TextTrackList::remove https://bugs.webkit.org/show_bug.cgi?id=85095 Reviewed by Maciej Stachowiak. Test: media/track/track-remove-quickly.html * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::willRemoveTrack): Return immediately if the tracks collection has not been allocated yet. 2012-05-02 David Barton <dbarton@mathscribe.com> After appending MathML with jquery the table renders with overlaps https://bugs.webkit.org/show_bug.cgi?id=52444 Reviewed by Julien Chaffraix. This patch also fixes bugs 72834 and 47781. The main problem is that correct preferred logical widths are affected by operator stretching. Thus we add a call to setNeedsLayoutAndPrefWidthsRecalc() after the stretching code in RenderMathMLOperator.cpp, and change RenderMathMLBlock and RenderMathMLRow to make sure that stretching of children is done before an <mrow>'s preferred logical widths are computed. Test: Added a test to mathml/presentation/mo-stretch.html * rendering/mathml/RenderMathMLBlock.cpp: (WebCore::RenderMathMLBlock::RenderMathMLBlock): (WebCore::RenderMathMLBlock::computePreferredLogicalWidths): (WebCore::RenderMathMLBlock::computeChildrenPreferredLogicalHeights): (WebCore::RenderMathMLBlock::preferredLogicalHeightAfterSizing): * rendering/mathml/RenderMathMLBlock.h: (WebCore::RenderMathMLBlock::unembellishedOperator): (WebCore::RenderMathMLBlock::isPreferredLogicalHeightDirty): (WebCore::RenderMathMLBlock::preferredLogicalHeight): (WebCore::RenderMathMLBlock::setPreferredLogicalHeight): - Add m_preferredLogicalHeight and methods to compute and return it. - Remove stretchToHeight() from most classes as it no longer needs to be done recursively. We just call it on the base of an embellished operator, and that calls setNeedsLayoutAndPrefWidthsRecalc() to mark itself and its container chain. * rendering/mathml/RenderMathMLOperator.cpp: (WebCore::RenderMathMLOperator::stretchToHeight): - Don't compare an unexpanded height to an expanded one. (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): (WebCore::RenderMathMLOperator::updateFromElement): - After stretching, call setNeedsLayoutAndPrefWidthsRecalc(). * rendering/mathml/RenderMathMLOperator.h: (RenderMathMLOperator): * rendering/mathml/RenderMathMLRow.cpp: (WebCore::RenderMathMLRow::computePreferredLogicalWidths): (WebCore::RenderMathMLRow::layout): * rendering/mathml/RenderMathMLRow.h: (RenderMathMLRow): - Add computePreferredLogicalWidths(), using computeChildrenPreferredLogicalHeights() to compute our children's preferred logical heights if necessary, followed by operator stretching. * rendering/mathml/RenderMathMLSubSup.cpp: * rendering/mathml/RenderMathMLSubSup.h: (RenderMathMLSubSup): * rendering/mathml/RenderMathMLUnderOver.cpp: * rendering/mathml/RenderMathMLUnderOver.h: (RenderMathMLUnderOver): 2012-05-02 Dana Jansens <danakj@chromium.org> [chromium] Avoid extra Region copies in CCOcclusionTracker https://bugs.webkit.org/show_bug.cgi?id=85257 Reviewed by Adrienne Walker. Instead of making a Region for each layer and then uniting the region with the current occlusion, directly add the rects for the given layer to the current occlusion. When subtracting a region from a rect, just subtract the region directly instead of computing the intersecting region. Covered by existing tests. * platform/graphics/chromium/cc/CCOcclusionTracker.cpp: (WebCore::addOcclusionBehindLayer): (WebCore::::markOccludedBehindLayer): (WebCore::rectSubtractRegion): 2012-05-02 Keith Rosenblatt <keith.rosenblatt@nokia.com> [Qt] ASSERT in FontCustomPlatformDataQt.cpp with invalid font in data URI https://bugs.webkit.org/show_bug.cgi?id=85089 Reviewed by Simon Hausmann. Do not return data referencing an invalid QRawFont from createFontCustomPlatformData(). Instead return null. Test: fast/css/font-face-data-uri-invalid.html * platform/graphics/qt/FontCustomPlatformDataQt.cpp: (WebCore::createFontCustomPlatformData): 2012-05-02 Michal Mocny <mmocny@google.com> [chromium] Set contents texture manager preferred memory limit based on GpuMemoryManager suggestion. https://bugs.webkit.org/show_bug.cgi?id=84270 Reviewed by Kenneth Russell. Updates the content texture manager memory limits based on GpuMemoryManager memory allocation suggestions. The memory allocation size (in bytes) is fed from LayerRendererChromium memory allocation changed callback handler to CCLayerTreeHost. At that point we adjust the limits, using the existing notions of preferred and max limits. On android, the preferred limit is half the maximum (as it has always been), but on all other platforms the preferred limit is now equal to max, in order to allow more agressive prepainting. Finally, android has memory constraints dependant on viewportSize, but that logic has been pushed into the GpuMemoryManager. * platform/graphics/chromium/LayerRendererChromium.cpp: (WebCore::LayerRendererGpuMemoryAllocationChangedCallbackAdapter::onGpuMemoryAllocationChanged): (WebCore::LayerRendererChromium::beginDrawingFrame): * platform/graphics/chromium/LayerRendererChromium.h: (LayerRendererChromiumClient): * platform/graphics/chromium/TextureManager.cpp: (WebCore::TextureManager::setMemoryAllocationLimitBytes): (WebCore): * platform/graphics/chromium/TextureManager.h: (TextureManager): * platform/graphics/chromium/cc/CCLayerTreeHost.cpp: (WebCore::CCLayerTreeHost::setViewportSize): (WebCore::CCLayerTreeHost::setContentsMemoryAllocationLimitBytes): (WebCore): * platform/graphics/chromium/cc/CCLayerTreeHost.h: (CCLayerTreeHost): * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp: (WebCore::CCLayerTreeHostImpl::setContentsMemoryAllocationLimitBytes): (WebCore): * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h: (CCLayerTreeHostImplClient): * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp: (WebCore::CCSingleThreadProxy::postSetContentsMemoryAllocationLimitBytesToMainThreadOnImplThread): (WebCore): * platform/graphics/chromium/cc/CCSingleThreadProxy.h: * platform/graphics/chromium/cc/CCThreadProxy.cpp: (WebCore::CCThreadProxy::postSetContentsMemoryAllocationLimitBytesToMainThreadOnImplThread): (WebCore): (WebCore::CCThreadProxy::setContentsMemoryAllocationLimitBytes): * platform/graphics/chromium/cc/CCThreadProxy.h: (CCThreadProxy): 2012-05-02 Emil A Eklund <eae@chromium.org> Fix usage of layout types in platform code https://bugs.webkit.org/show_bug.cgi?id=85392 Reviewed by Eric Seidel. No new tests, no change in functionality. * page/EventHandler.cpp: (WebCore::EventHandler::handleGestureTap): Use rounded point for gestures as event handling is still mostly int based. 2012-05-02 Kenneth Russell <kbr@google.com> Don't allocate stencil buffer if stencil flag is false in context creation attributes https://bugs.webkit.org/show_bug.cgi?id=85317 Reviewed by Dimitri Glazkov. Make it appear to WebGL application that there is no stencil buffer even if the underlying GraphicsContext3D allocated one. Verified intended behavior with test case from Mozilla's bug report. Updated context-attributes-alpha-depth-stencil-antialias.html test from Khronos repository. Ran WebGL layout tests on Linux in Chrome's DRT and on Mac OS in Safari's. * html/canvas/WebGLFramebuffer.cpp: (WebCore::WebGLFramebuffer::hasStencilBuffer): Added query method. (WebCore): Changed desired semantics of isValidRenderbuffer. * html/canvas/WebGLFramebuffer.h: (WebGLFramebuffer): Added hasStencilBuffer. * html/canvas/WebGLRenderingContext.cpp: (WebCore): (WebCore::WebGLRenderingContext::initializeNewContext): Clear new flag. (WebCore::WebGLRenderingContext::bindFramebuffer): Reset stencil test upon framebuffer change. (WebCore::WebGLRenderingContext::disable): Cache flag; reset stencil test. (WebCore::WebGLRenderingContext::enable): Cache flag; reset stencil test. (WebCore::WebGLRenderingContext::framebufferRenderbuffer): Reset stencil test upon renderbuffer change. (WebCore::WebGLRenderingContext::getContextAttributes): Force depth and stencil to false if false was requested. (WebCore::WebGLRenderingContext::isEnabled): Return cached flag. (WebCore::WebGLRenderingContext::renderbufferStorage): Reset stencil test upon renderbuffer reallocation. (WebCore::WebGLRenderingContext::applyStencilTest): Enable or disable stencil test based on request and availability. (WebCore::WebGLRenderingContext::enableOrDisable): Helper function. * html/canvas/WebGLRenderingContext.h: (WebGLRenderingContext): Added cache of STENCIL_TEST flag. Deleted unused m_stencilBits. 2012-05-02 Ryosuke Niwa <rniwa@webkit.org> Drag and drop text into table is pasting the text in the next <td> element https://bugs.webkit.org/show_bug.cgi?id=75004 Reviewed by Darin Adler. The bug was caused by ReplaceSelectionCommand adjusting the insertion position to be before of the block element containing the insertion position even when the block element is a table cell. Fixed the bug by not moving the insertion position before the table cell in this case. Test: editing/pasteboard/paste-into-table-cell.html * editing/ReplaceSelectionCommand.cpp: (WebCore::ReplaceSelectionCommand::doApply): 2012-05-02 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=85309 supportsExpandedScrollbars() should check for the method we actually call rather than a related method Reviewed by Anders Carlsson. Missing colon. * platform/mac/ScrollbarThemeMac.mm: (WebCore::supportsExpandedScrollbars): 2012-05-02 Antti Koivisto <antti@apple.com> Move title and media queries from StyleSheetInternal to CSSStyleSheet https://bugs.webkit.org/show_bug.cgi?id=85387 Reviewed by Anders Carlsson. Stylesheet title and media queries are determined by the owner, not by the stylesheet itself. The fields belong to CSSStyleSheet. This will make it easier to share StyleSheetInternal instances between documents. * css/CSSStyleSheet.cpp: (WebCore::StyleSheetInternal::StyleSheetInternal): (WebCore::StyleSheetInternal::isCacheable): (WebCore): (WebCore::CSSStyleSheet::setDisabled): Invalidate the document style directly instead of ping-ponging through StyleSheetInternal. (WebCore::CSSStyleSheet::setMediaQueries): (WebCore::CSSStyleSheet::media): * css/CSSStyleSheet.h: (StyleSheetInternal): (WebCore::StyleSheetInternal::originalURL): (WebCore::StyleSheetInternal::hasCharsetRule): (WebCore::CSSStyleSheet::mediaQueries): (CSSStyleSheet): (WebCore::CSSStyleSheet::setTitle): * css/StyleResolver.cpp: (WebCore::StyleResolver::appendAuthorStylesheets): (WebCore::StyleResolver::collectMatchingRulesForList): * dom/DOMImplementation.cpp: (WebCore::DOMImplementation::createCSSStyleSheet): * dom/ProcessingInstruction.cpp: (WebCore::ProcessingInstruction::setCSSStyleSheet): * dom/StyleElement.cpp: (WebCore::StyleElement::createSheet): * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::parseAttribute): (WebCore::HTMLLinkElement::setCSSStyleSheet): * html/HTMLStyleElement.cpp: (WebCore::HTMLStyleElement::parseAttribute): * svg/SVGStyleElement.cpp: (WebCore::SVGStyleElement::parseAttribute): 2012-05-02 Alexis Menard <alexis.menard@openbossa.org> Unreviewed Qt build fix with GCC 4.7.0. * platform/qt/DeviceMotionProviderQt.h: (DeviceMotionProviderQt): * platform/qt/DeviceOrientationProviderQt.cpp: (WebCore::DeviceOrientationProviderQt::~DeviceOrientationProviderQt): (WebCore): * platform/qt/DeviceOrientationProviderQt.h: (DeviceOrientationProviderQt): 2012-05-02 No'am Rosenthal <noam.rosenthal@nokia.com> [Texmap] Enable css filters in TextureMapperGL https://bugs.webkit.org/show_bug.cgi?id=75778 Unreviewed build fix to greenify the Qt Minimal bot. * platform/graphics/texmap/TextureMapperShaderManager.h: 2012-05-02 Philippe Normand <pnormand@igalia.com> [GTK] Compilation warnings in RenderTheme https://bugs.webkit.org/show_bug.cgi?id=85286 Reviewed by Martin Robinson. Removed un-needed code and refactored fileListNameForWidth accordingly to avoid un-used variable warnings during compilation. * platform/gtk/RenderThemeGtk.cpp: (WebCore): (WebCore::RenderThemeGtk::fileListNameForWidth): 2012-05-02 Ryosuke Niwa <rniwa@webkit.org> NULL ptr in WebCore::AppendNodeCommand::AppendNodeCommand https://bugs.webkit.org/show_bug.cgi?id=75843 Reviewed by Tony Chang. The crash was caused by indentIntoBlockquote's passing a bad outerBlock to moveParagraphsWithClone. When the position is created after blockquote in the following DOM: BODY * BLOCKQUOTE style=margin: 0 0 0 40px; border: none; padding: 0px; E #text "\nx\n" VisiblePosition's constructor (of startOfContents) turns the position into a legacy position (blockquote, 0). The crash occurs because this position doesn't belong in the same paragraph as E, which is the paragraph we're trying to move into the blockquote. Fixed bug by calling positionInParentAfterNode instead of positionAfterNode for now. We should eventually be able to use positionAfterNode here once VisiblePosition's constructor starts handling before/after positions properly. Test: editing/execCommand/indent-with-after-content-crash.html * editing/IndentOutdentCommand.cpp: (WebCore::IndentOutdentCommand::indentIntoBlockquote): 2012-05-02 Jer Noble <jer.noble@apple.com> WebWindowFadeAnimation ignores "duration" parameter. https://bugs.webkit.org/show_bug.cgi?id=85386 Reviewed by Brady Eidson. Ignoring the "duration" parameter causes the full screen fade and scale animations to get out of sync. * platform/mac/WebWindowAnimation.mm: (-[WebWindowFadeAnimation initWithDuration:window:initialAlpha:finalAlpha:]): 2012-05-02 Julien Chaffraix <jchaffraix@webkit.org> REGRESSION(110072): Clipping is not applied on layers that are animated using platform code https://bugs.webkit.org/show_bug.cgi?id=83954 Reviewed by Simon Fraser. Tests: fast/layers/no-clipping-overflow-hidden-added-after-transform-expected.html fast/layers/no-clipping-overflow-hidden-added-after-transform.html fast/layers/no-clipping-overflow-hidden-added-after-transition-expected.html fast/layers/no-clipping-overflow-hidden-added-after-transition.html fast/layers/no-clipping-overflow-hidden-hardware-acceleration-expected.html fast/layers/no-clipping-overflow-hidden-hardware-acceleration.html (and all the tests that will need to be rebaselined) r110072 changed the way we create layers to lazily allocate overflow: hidden ones based on layout overflow. However with hardware acceleration, certain operations do cause overflow without actually calling layout (the test cases added as part of this change are using transition / animation). This means that those cases wouldn't properly clip. Due to the above issue and the other regressions from r110072, the easiest fix is to just to roll it out. * rendering/RenderBox.h: Changed to allocate a layer whenever we have an overflow clip. * rendering/RenderBox.cpp: (WebCore::RenderBox::scrolledContentOffset): (WebCore::RenderBox::cachedSizeForOverflowClip): Reverted those 2 to avoid using the cached size logic. * rendering/RenderBlock.cpp: (WebCore::RenderBlock::updateScrollInfoAfterLayout): (WebCore::RenderBlock::layoutBlock): (WebCore::RenderBlock::paint): (WebCore::RenderBlock::isPointInOverflowControl): * rendering/RenderBlock.h: * rendering/RenderBox.cpp: (WebCore::RenderBox::willBeDestroyed): (WebCore::RenderBox::styleDidChange): (WebCore::RenderBox::layout): (WebCore::RenderBox::scrollWidth): (WebCore::RenderBox::scrollHeight): (WebCore::RenderBox::scrollLeft): (WebCore::RenderBox::scrollTop): (WebCore::RenderBox::setScrollLeft): (WebCore::RenderBox::setScrollTop): (WebCore::RenderBox::includeVerticalScrollbarSize): (WebCore::RenderBox::includeHorizontalScrollbarSize): (WebCore::RenderBox::pushContentsClip): (WebCore::RenderBox::popContentsClip): (WebCore::RenderBox::addLayoutOverflow): * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::styleDidChange): * rendering/RenderBoxModelObject.h: (RenderBoxModelObject): * rendering/RenderDeprecatedFlexibleBox.cpp: (WebCore::RenderDeprecatedFlexibleBox::layoutBlock): * rendering/RenderFlexibleBox.cpp: (WebCore::RenderFlexibleBox::layoutBlock): * rendering/RenderTable.cpp: (WebCore::RenderTable::layout): * rendering/RenderTableRow.h: (RenderTableRow): * rendering/RenderTableSection.cpp: (WebCore::RenderTableSection::layout): Removed the previous scaffolding code and reverted some functions to being private (as they were prior to r110072). 2012-05-02 No'am Rosenthal <noam.rosenthal@nokia.com> [Texmap] Enable css filters in TextureMapperGL https://bugs.webkit.org/show_bug.cgi?id=75778 Reviewed by Jocelyn Turcotte. Added support for color filters in TextureMapperGL. Blur and shadow would be done in a different patch. Modified BitmapTexture::applyFilters to return a texture, since GL cannot paint a texture into itself. Created a shader map for standard filters, since all of them work more or less the same way with a single uniform. Added the colorization shaders based on the W3C filter spec, as already implemented in FEFilterRenderer.cpp and FEColorMatrix.cpp. We use two swapping textures to render the filters. Covered by tests in css3/filters. * platform/graphics/texmap/TextureMapper.cpp: (WebCore::TextureMapper::acquireTextureFromPool): * platform/graphics/texmap/TextureMapper.h: (WebCore::BitmapTexture::applyFilters): * platform/graphics/texmap/TextureMapperGL.cpp: (WebCore::BitmapTextureGL::updateContents): (WebCore): (WebCore::TextureMapperGL::drawFiltered): (WebCore::BitmapTextureGL::applyFilters): (WebCore::BitmapTextureGL::bind): * platform/graphics/texmap/TextureMapperGL.h: (TextureMapperGL): (BitmapTextureGL): * platform/graphics/texmap/TextureMapperImageBuffer.cpp: (WebCore::BitmapTextureImageBuffer::applyFilters): * platform/graphics/texmap/TextureMapperImageBuffer.h: (BitmapTextureImageBuffer): * platform/graphics/texmap/TextureMapperLayer.cpp: (WebCore::applyFilters): (WebCore::TextureMapperLayer::syncCompositingStateSelf): * platform/graphics/texmap/TextureMapperShaderManager.cpp: (WebCore::TextureMapperShaderManager::~TextureMapperShaderManager): (WebCore): (WebCore::StandardFilterProgram::~StandardFilterProgram): (WebCore::StandardFilterProgram::StandardFilterProgram): (WebCore::StandardFilterProgram::create): (WebCore::StandardFilterProgram::prepare): (WebCore::TextureMapperShaderManager::getShaderForFilter): * platform/graphics/texmap/TextureMapperShaderManager.h: (WebCore): (StandardFilterProgram): (WebCore::StandardFilterProgram::vertexAttrib): (WebCore::StandardFilterProgram::texCoordAttrib): (WebCore::StandardFilterProgram::textureUniform): (TextureMapperShaderManager): 2012-05-02 Philippe Normand <pnormand@igalia.com> [GTK] media/track/track-cue-rendering-snap-to-lines-not-set.html fails https://bugs.webkit.org/show_bug.cgi?id=84378 Reviewed by Eric Carlson. Fix positioning of the controls panel back to relative, as it is in the parent CSS. Also remove some duplicate CSS attributes. * css/mediaControlsGtk.css: (audio::-webkit-media-controls-panel, video::-webkit-media-controls-panel): 2012-05-02 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=85309 supportsExpandedScrollbars() should check for the method we actually call rather than a related method -and corresponding- <rdar://problem/11065691> Reviewed by Anders Carlsson. * platform/mac/ScrollbarThemeMac.mm: (WebCore::supportsExpandedScrollbars): 2012-05-02 Zalan Bujtas <zbujtas@gmail.com> [Qt] Remove redundant updateViewportArguments() call from HTMLBodyElement::didNotifyDescendantInseretions() https://bugs.webkit.org/show_bug.cgi?id=84241 Reviewed by Kenneth Rohde Christiansen. No need to update viewport arguments when the body element is inserted into the Document. Viewport arguments are updated first when the Document is set on the Frame, and later on any subsequent occurence of the viewport meta tag in the document. It is sufficient to dispatch viewport update once per main frame, if no viewport meta tag is present. Also add a flag to be able to track viewport argument update dispatch. No tests. Currrent viewport tests cover this behaviour. * dom/Document.cpp: (WebCore::Document::Document): (WebCore::Document::updateViewportArguments): (WebCore::Document::documentWillSuspendForPageCache): * dom/Document.h: (Document): (WebCore::Document::didDispatchViewportPropertiesChanged): * html/HTMLBodyElement.cpp: (WebCore::HTMLBodyElement::didNotifyDescendantInseretions): 2012-05-02 Pavel Feldman <pfeldman@chromium.org> Web Inspector: Cannot read property 'length' of undefined TextEditorModel.js:467 https://bugs.webkit.org/show_bug.cgi?id=85360 Reviewed by Yury Semikhatsky. Added the undo/redo stack length checks. * inspector/front-end/TextEditorModel.js: (WebInspector.TextEditorModel.endsWithBracketRegex.): 2012-05-02 Pavel Feldman <pfeldman@chromium.org> WebInspector: Scripts panel editor dirty state is cleared when the tab with editor is closed. https://bugs.webkit.org/show_bug.cgi?id=85361 Reviewed by Yury Semikhatsky. Added content validation upon script show. * inspector/front-end/JavaScriptSourceFrame.js: (WebInspector.JavaScriptSourceFrame.prototype.wasShown): 2012-05-02 Pavel Feldman <pfeldman@chromium.org> Web Inspector: breakpoints are de-activated only upon the second click. https://bugs.webkit.org/show_bug.cgi?id=85359 Reviewed by Yury Semikhatsky. Initial value for activated state is set. * inspector/front-end/DebuggerModel.js: (WebInspector.DebuggerModel): 2012-05-02 Pavel Feldman <pfeldman@chromium.org> Web Inspector: live edit fails to report error https://bugs.webkit.org/show_bug.cgi?id=85357 Reviewed by Yury Semikhatsky. ProtocolError is now a string, not an error object. * inspector/front-end/DatabaseQueryView.js: (WebInspector.DatabaseQueryView.prototype._queryError): * inspector/front-end/SourceFrame.js: (WebInspector.SourceFrame.prototype.didEditContent): 2012-05-02 Lars Knudsen <lars.knudsen@nokia.com> [Qt] Make DeviceMotion and DeviceOrientation work with WebKit2 https://bugs.webkit.org/show_bug.cgi?id=64595 Reviewed by Kenneth Rohde Christiansen. No new tests added. This change adds support for WK2 what was in WK1. Also moving DeviceMotion and DeviceOrientation clients and providers to WebCore. This is done to allow clean dependencies when statically linking WK2. * Target.pri: * WebCore.pri: * platform/qt/DeviceMotionClientQt.cpp: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceMotionClientQt.cpp. (WebCore): (WebCore::DeviceMotionClientQt::~DeviceMotionClientQt): (WebCore::DeviceMotionClientQt::deviceMotionControllerDestroyed): (WebCore::DeviceMotionClientQt::setController): (WebCore::DeviceMotionClientQt::startUpdating): (WebCore::DeviceMotionClientQt::stopUpdating): (WebCore::DeviceMotionClientQt::currentDeviceMotion): * platform/qt/DeviceMotionClientQt.h: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceMotionClientQt.h. (WebCore): (DeviceMotionClientQt): (WebCore::DeviceMotionClientQt::DeviceMotionClientQt): * platform/qt/DeviceMotionProviderQt.cpp: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceMotionProviderQt.cpp. (WebCore): (WebCore::DeviceMotionProviderQt::DeviceMotionProviderQt): (WebCore::DeviceMotionProviderQt::~DeviceMotionProviderQt): (WebCore::DeviceMotionProviderQt::setController): (WebCore::DeviceMotionProviderQt::start): (WebCore::DeviceMotionProviderQt::stop): (WebCore::DeviceMotionProviderQt::filter): * platform/qt/DeviceMotionProviderQt.h: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceMotionProviderQt.h. (WebCore): (DeviceMotionProviderQt): (WebCore::DeviceMotionProviderQt::currentDeviceMotion): * platform/qt/DeviceOrientationClientQt.cpp: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceOrientationClientQt.cpp. (WebCore): (WebCore::DeviceOrientationClientQt::deviceOrientationControllerDestroyed): (WebCore::DeviceOrientationClientQt::setController): (WebCore::DeviceOrientationClientQt::startUpdating): (WebCore::DeviceOrientationClientQt::stopUpdating): (WebCore::DeviceOrientationClientQt::lastOrientation): * platform/qt/DeviceOrientationClientQt.h: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceOrientationClientQt.h. (WebCore): (DeviceOrientationClientQt): * platform/qt/DeviceOrientationProviderQt.cpp: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceOrientationProviderQt.cpp. (WebCore): (WebCore::DeviceOrientationProviderQt::DeviceOrientationProviderQt): (WebCore::DeviceOrientationProviderQt::~DeviceOrientationProviderQt): (WebCore::DeviceOrientationProviderQt::setController): (WebCore::DeviceOrientationProviderQt::start): (WebCore::DeviceOrientationProviderQt::stop): (WebCore::DeviceOrientationProviderQt::filter): * platform/qt/DeviceOrientationProviderQt.h: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceOrientationProviderQt.h. (WebCore): (DeviceOrientationProviderQt): (WebCore::DeviceOrientationProviderQt::isActive): (WebCore::DeviceOrientationProviderQt::lastOrientation): (WebCore::DeviceOrientationProviderQt::hasAlpha): 2012-05-02 Yury Semikhatsky <yurys@chromium.org> Web Inspector: exception in console when there are watch expressions https://bugs.webkit.org/show_bug.cgi?id=85351 Check if script execution is still paused before trying to resolve an object for script popover because execution may be resumed after popover showing is scheduled but before we start resolving the object under the cursor in which case there is no selected call frame any more and we should hide the popover. Reviewed by Pavel Feldman. * inspector/front-end/JavaScriptSourceFrame.js: (WebInspector.JavaScriptSourceFrame.prototype._resolveObjectForPopover): 2012-05-02 Tommy Widenflycht <tommyw@google.com> MediaStream API: Changing webkitGetUserMedia to take an object instead of a string https://bugs.webkit.org/show_bug.cgi?id=84850 Reviewed by Dimitri Glazkov. The standard changed a while back to use an object as a dictionary but since JSC didn't support the Dictionary class until just recently we have not updated the API until now. Change covered by existing, and edited, tests. * Modules/mediastream/NavigatorMediaStream.cpp: (WebCore::NavigatorMediaStream::webkitGetUserMedia): * Modules/mediastream/NavigatorMediaStream.h: (WebCore): (NavigatorMediaStream): * Modules/mediastream/NavigatorMediaStream.idl: * Modules/mediastream/UserMediaRequest.cpp: (WebCore::UserMediaRequest::create): (WebCore::UserMediaRequest::UserMediaRequest): * Modules/mediastream/UserMediaRequest.h: (WebCore): (UserMediaRequest): * platform/mediastream/MediaStreamSourcesQueryClient.h: (MediaStreamSourcesQueryClient): 2012-05-02 Antti Koivisto <antti@apple.com> StyleSheetInternal::parseUserStyleSheet() should be called parseAuthorStyleSheet(). Rubber-stamped by Nikolas Zimmermann. * css/CSSImportRule.cpp: (WebCore::StyleRuleImport::setCSSStyleSheet): * css/CSSStyleSheet.cpp: (WebCore::StyleSheetInternal::parseAuthorStyleSheet): * css/CSSStyleSheet.h: (StyleSheetInternal): * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::setCSSStyleSheet): 2012-05-02 Yury Semikhatsky <yurys@chromium.org> REGRESSION: Web Inspector doesn't show cookies anymore https://bugs.webkit.org/show_bug.cgi?id=85349 Pass root node instead of DataGrid object to the "populateNode" method. Added compiler annotations so that closure compiler catches such errors. Reviewed by Pavel Feldman. * inspector/front-end/CookiesTable.js: (WebInspector.CookiesTable.prototype._rebuildTable): * inspector/front-end/NetworkRequest.js: (WebInspector.NetworkRequest.prototype.addFrameError): 2012-05-02 Dongwoo Im <dw.im@samsung.com> [EFL] Implement the Web Audio API feature. https://bugs.webkit.org/show_bug.cgi?id=78688 Reviewed by Philippe Normand. Implement the Web Audio API feature on the EFL port. https://dvcs.w3.org/hg/audio/raw-file/tip/webaudio/specification.html * CMakeLists.txt: Add the list of the files which are needed for the Web Audio APi. * PlatformEfl.cmake: Add the list of the files which are needed for the Web Audio APi. * UseJSC.cmake: Add the list of the files which are needed for the Web Audio APi. * platform/audio/HRTFElevation.cpp: Enable the USE_CONCATENATED_IMPULSE_RESPONSES macro. (WebCore): * platform/audio/efl/AudioBusEfl.cpp: Added. (WebCore): (WebCore::AudioBus::loadPlatformResource): Create the absolute path of the audio resource. 2012-05-01 Kentaro Hara <haraken@chromium.org> [V8] Add an Isolate parameter to setJSWrapperForXXX() https://bugs.webkit.org/show_bug.cgi?id=85329 Reviewed by Adam Barth. The objective is to pass Isolate around in V8 bindings. This patch adds an Isolate parameter to setJSWrapperForXXX() and passes Isolate to setJSWrapperForXXX() in CodeGeneratorV8.pm. I'll pass Isolate to setJSWrapperForXXX() in custom bindings in a follow-up patch. No tests. No change in behavior. * bindings/scripts/CodeGeneratorV8.pm: Modified as described above. (GenerateConstructorCallback): (GenerateEventConstructorCallback): (GenerateNamedConstructorCallback): (GenerateToV8Converters): * bindings/v8/V8DOMWrapper.cpp: (WebCore::V8DOMWrapper::setJSWrapperForDOMNode): (WebCore::V8DOMWrapper::setJSWrapperForActiveDOMNode): * bindings/v8/V8DOMWrapper.h: (V8DOMWrapper): (WebCore::V8DOMWrapper::setJSWrapperForDOMObject): (WebCore::V8DOMWrapper::setJSWrapperForActiveDOMObject): * bindings/scripts/test/V8/V8Float64Array.cpp: Updated run-bindings-tests results. (WebCore::V8Float64Array::wrapSlow): * bindings/scripts/test/V8/V8TestActiveDOMObject.cpp: (WebCore::V8TestActiveDOMObject::wrapSlow): * bindings/scripts/test/V8/V8TestCustomNamedGetter.cpp: (WebCore::V8TestCustomNamedGetter::wrapSlow): * bindings/scripts/test/V8/V8TestEventConstructor.cpp: (WebCore::V8TestEventConstructor::constructorCallback): (WebCore::V8TestEventConstructor::wrapSlow): * bindings/scripts/test/V8/V8TestEventTarget.cpp: (WebCore::V8TestEventTarget::wrapSlow): * bindings/scripts/test/V8/V8TestInterface.cpp: (WebCore::V8TestInterface::constructorCallback): (WebCore::V8TestInterface::wrapSlow): * bindings/scripts/test/V8/V8TestMediaQueryListListener.cpp: (WebCore::V8TestMediaQueryListListener::wrapSlow): * bindings/scripts/test/V8/V8TestNamedConstructor.cpp: (WebCore::V8TestNamedConstructorConstructorCallback): (WebCore::V8TestNamedConstructor::wrapSlow): * bindings/scripts/test/V8/V8TestNode.cpp: (WebCore::V8TestNode::constructorCallback): (WebCore::V8TestNode::wrapSlow): * bindings/scripts/test/V8/V8TestObj.cpp: (WebCore::V8TestObj::constructorCallback): (WebCore::V8TestObj::wrapSlow): * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp: (WebCore::V8TestSerializedScriptValueInterface::constructorCallback): (WebCore::V8TestSerializedScriptValueInterface::wrapSlow): 2012-05-01 Eric Seidel <eric@webkit.org> Add <iframe seamless> navigation code (and pass all the navigation tests) https://bugs.webkit.org/show_bug.cgi?id=85340 Reviewed by Adam Barth. This code was primarily written by Adam Barth and then submitted to my GitHub branch via a pull request: https://github.com/eseidel/webkit/compare/master...seamless https://github.com/eseidel/webkit/pull/2 https://github.com/eseidel/webkit/pull/3 I rewrote parts of it to use Docment::shouldDisplaySeamlesslyWithParent. Other parts of the original change have already been committed to WebKit by Adam as part of prep-work for making the loader seamless-ready. * loader/FrameLoader.cpp: (WebCore::FrameLoader::findFrameForNavigation): 2012-05-01 Vincent Scheib <scheib@chromium.org> Fullscreen pop-up logic restored to using processingUserGesture. https://bugs.webkit.org/show_bug.cgi?id=85105 WebKit was recently updated to the new Fullscreen API: http://dvcs.w3.org/hg/fullscreen/raw-file/tip/Overview.html#api http://trac.webkit.org/changeset/111028 This change reverts back to using processingUserGesture() instead of DOMWindow::allowPopUp(). This fixes incorrect behavior in at least the Chromium port and is consistent with the cited definition of "allowed to show a pop-up": An algorithm is allowed to show a pop-up if, in the task in which the algorithm is running, either: - an activation behavior is currently being processed whose click event was trusted, or - the event listener for a trusted click event is being handled. Reviewed by Dimitri Glazkov. No new tests. * dom/Document.cpp: (WebCore::Document::requestFullScreenForElement): 2012-05-01 Xiaomei Ji <xji@chromium.org> enable ctrl-arrow move by word visually in non-Windows platforms. https://bugs.webkit.org/show_bug.cgi?id=85017 Reviewed by Ryosuke Niwa. Enable ctrl-arrow moves caret by word in visual order in non-Windows platforms that use ICU word break iterator (it is not enabled for WinCE and Qt where ICU is not used). For those platforms, ctrl-arrow moves caret to word break position before spaces. For example, given a logical text "abc def hij", the word break positions using ctrl-left-arrow from rightmost position are "|abc |def |hij". The word break positions using ctrl-right-arrow from leftmost position are "abc| def| hij|". Test: editing/selection/move-by-word-visually-mac.html * editing/EditingBehavior.h: (EditingBehavior): (WebCore::EditingBehavior::shouldEatSpaceToNextWord): To control different word break positions (regards to space) for different platforms. * editing/FrameSelection.cpp: (WebCore::FrameSelection::modifyMovingRight): Enable visual word movement for all platforms that use ICU. (WebCore::FrameSelection::modifyMovingLeft): * editing/visible_units.cpp: (WebCore::visualWordPosition): Determine the right word break position (regards to space) based on EditingBehavior. (WebCore::leftWordPosition): (WebCore::rightWordPosition): * editing/visible_units.h: 2012-05-01 Raymond Liu <raymond.liu@intel.com> Modify RealtimeAnalyserNode pull mechanism https://bugs.webkit.org/show_bug.cgi?id=77515 Reviewed by Chris Rogers. Test: webaudio/automatic-pull-node.html * GNUmakefile.list.am: * Modules/webaudio/AudioBasicInspectorNode.cpp: Added. (WebCore): (WebCore::AudioBasicInspectorNode::AudioBasicInspectorNode): (WebCore::AudioBasicInspectorNode::pullInputs): (WebCore::AudioBasicInspectorNode::connect): (WebCore::AudioBasicInspectorNode::disconnect): (WebCore::AudioBasicInspectorNode::checkNumberOfChannelsForInput): (WebCore::AudioBasicInspectorNode::updatePullStatus): * Modules/webaudio/AudioBasicInspectorNode.h: Added. (WebCore): (AudioBasicInspectorNode): * Modules/webaudio/AudioContext.cpp: (WebCore::AudioContext::AudioContext): (WebCore::AudioContext::~AudioContext): (WebCore::AudioContext::handlePreRenderTasks): (WebCore::AudioContext::handlePostRenderTasks): (WebCore::AudioContext::markForDeletion): (WebCore): (WebCore::AudioContext::addAutomaticPullNode): (WebCore::AudioContext::removeAutomaticPullNode): (WebCore::AudioContext::updateAutomaticPullNodes): (WebCore::AudioContext::processAutomaticPullNodes): * Modules/webaudio/AudioContext.h: (AudioContext): * Modules/webaudio/AudioDestinationNode.cpp: (WebCore::AudioDestinationNode::provideInput): * Modules/webaudio/AudioNode.h: (AudioNode): * Modules/webaudio/AudioNodeOutput.h: (WebCore::AudioNodeOutput::isConnected): (AudioNodeOutput): * Modules/webaudio/RealtimeAnalyserNode.cpp: (WebCore::RealtimeAnalyserNode::RealtimeAnalyserNode): * Modules/webaudio/RealtimeAnalyserNode.h: (RealtimeAnalyserNode): * WebCore.gypi: * WebCore.xcodeproj/project.pbxproj: 2012-05-01 Keishi Hattori <keishi@webkit.org> datalist: Form control in a <datalist> should be barred from constraint validation https://bugs.webkit.org/show_bug.cgi?id=84359 Reviewed by Kent Tamura. Tests: fast/forms/datalist/datalist-child-validation.html fast/forms/form-control-element-crash.html * html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::HTMLFormControlElement): (WebCore::HTMLFormControlElement::updateAncestors): Updates the ancestor information. (WebCore::HTMLFormControlElement::insertedInto): Invalidate the ancestor information and call setNeedsWillValidateCheck because willValidate might have changed. (WebCore::HTMLFormControlElement::removedFrom): Ditto. (WebCore::HTMLFormControlElement::disabled): (WebCore::HTMLFormControlElement::recalcWillValidate): Returns false if element has a datalist ancestor. (WebCore::HTMLFormControlElement::willValidate): Check if ancestor information is valid too. (WebCore::HTMLFormControlElement::setNeedsWillValidateCheck): * html/HTMLFormControlElement.h: (HTMLFormControlElement): 2012-05-01 Kent Tamura <tkent@chromium.org> Calendar Picker: Close the picker by ESC key https://bugs.webkit.org/show_bug.cgi?id=85337 Reviewed by Kentaro Hara. No new tests. Calendar picker is not testable in DRT yet. * Resources/calendarPicker.js: (handleGlobalKey): Close the popup by ESC key. 2012-05-01 Noel Gordon <noel.gordon@gmail.com> PNGImageDecoder: Handle interlace buffer allocation failure https://bugs.webkit.org/show_bug.cgi?id=85276 Reviewed by Eric Seidel. No new tests. Not something we can easily test (malloc failure). * platform/image-decoders/png/PNGImageDecoder.cpp: (WebCore::PNGImageDecoder::rowAvailable): Check interlace buffer allocations and bail via longjmp on failure. Note PNG_INTERLACE_ADAM7 is the only libpng supported interlace type so test for it explicitly. 2012-05-01 Kent Tamura <tkent@chromium.org> Calendar Picker: Too wide in Japanese locale https://bugs.webkit.org/show_bug.cgi?id=85331 Reviewed by Kentaro Hara. No new tests. This is a locale-specific behavior. * Resources/calendarPicker.js: (formatJapaneseImperialEra): Do not show an imperial era later than 平成99年 to avoid very long year string like "275760年(平成273772年)." (YearMonthController.prototype.attachTo): - Respect the maximum year specfied by <input max=...> If <input max="9999-12-31"> is specified, we don't need to secure space for the year 275,760. - Check the width for 平成99年 as well as the maximum year because "2087年(平成99年)" is usually wider than "275760年". 2012-05-01 Noel Gordon <noel.gordon@gmail.com> PNGImageDecoder: Add ENABLE(IMAGE_DECODER_DOWN_SAMPLING) guards to rowAvailable https://bugs.webkit.org/show_bug.cgi?id=85268 Reviewed by Eric Seidel. PNGImageDecoder supports image downsampling. Add ENABLE guards to show where downsampling is applied when outputting decoded rows to the frame buffer. Most ports don't enable the flag: don't penalize them in terms speed in this tight row pixel write loop. s/y/destY/ to match setRGBA() and amend some comments. No new tests. No change in behavior. * platform/image-decoders/png/PNGImageDecoder.cpp: (WebCore::PNGImageDecoder::rowAvailable): 2012-05-01 Eric Seidel <eric@webkit.org> Remove uneeded min/max pref width assignment from RenderView https://bugs.webkit.org/show_bug.cgi?id=85325 Reviewed by Julien Chaffraix. This code has been with us since the original import from KDE: http://trac.webkit.org/browser/trunk/WebCore/khtml/rendering/render_root.cpp?annotate=blame&rev=4#L93 It's never been documented, or explained. Removing it showed no effect on my local layout tests run. However this code blocks proper implementation of <iframe seamless> as we have to do proper min/max width negotiation across the iframe boundary. I would remove the whole function, but doing so opens a whole can of worms as this override is public, yet normally this function is *private* (well protected on RenderBox). It seems plausible that frame flattening code needs this override since it doesn't always call the min/maxPreferredWidth() calls which normally automatically call this compute* function if the pref-widths are dirty. Instead of trying to track that all down, I'm just removing this line, and we'll go back and remove the whole function at a later date if possible. * rendering/RenderView.cpp: (WebCore::RenderView::computePreferredLogicalWidths): 2012-05-01 Nate Chapin <japhet@chromium.org> REGRESSION(r115654): PDFs come up blank https://bugs.webkit.org/show_bug.cgi?id=85275 Reviewed by Alexey Proskuryakov. Test: http/tests/loading/pdf-commit-load-callbacks.html * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::finishedLoading): The load needs to be committed before we call finishedLoading on the FrameLoaderClient. * loader/FrameLoader.cpp: (WebCore::FrameLoader::transitionToCommitted): We're guaranteeing that receivedFirstData() will be called other ways (namely, DocumentLoader won't finish without doing so). This call now causes custom representations to double-commit, which is bad. 2012-05-01 Eric Seidel <eric@webkit.org> Add support for seamless attribute as well as seamless sandbox flag and default CSS styling https://bugs.webkit.org/show_bug.cgi?id=85302 Reviewed by Ojan Vafai. This also adds support for the seamless sandbox flag from HTML 5. The sandbox flag is not speficially overridable in the current HTML5, but it is set (like all sandbox flags) by default when sandbox is specified. Unfortunately this support is not yet observable in this patch, as this patch adds not observable features of seamless. This patch also adds the html.css additions for seamless, as specified: http://www.whatwg.org/specs/web-apps/current-work/multipage/rendering.html#replaced-elements I noticed that my previous testing did not confirm that iframes marked for seamless (but not possible to display as seamless due to sandbox, etc.) were still to have this seamless styling. I've added additional testing for this case. I also added another test for the about:blank FIXME added as part of this change. In order to support srcdoc w/ seamless, we needed to move the srcdoc determination sooner in the initSecurityContext function (before the should-inherit early return). The next patch will make seamless actually observable from JS/DOM, this one just lays down all the plumbing, and separates the security aspects for easy review. Test: fast/frames/seamless/seamless-inherited-origin.html * css/html.css: (iframe:not([seamless])): (iframe[seamless]): * dom/Document.cpp: (WebCore::isEligibleForSeamless): (WebCore): (WebCore::Document::initSecurityContext): (WebCore::Document::seamlessParentIFrame): (WebCore::Document::shouldDisplaySeamlesslyWithParent): * dom/Document.h: (WebCore): (Document): * dom/SecurityContext.cpp: (WebCore::SecurityContext::SecurityContext): * dom/SecurityContext.h: (WebCore::SecurityContext::mayDisplaySeamlessWithParent): (SecurityContext): * html/HTMLAttributeNames.in: * html/HTMLIFrameElement.cpp: (WebCore::HTMLIFrameElement::shouldDisplaySeamlessly): (WebCore): * html/HTMLIFrameElement.h: (HTMLIFrameElement): * html/HTMLIFrameElement.idl: 2012-05-01 Min Qin <qinmin@google.com> use USE(NATIVE_FULLSCREEN_VIDEO) instead of ENABLE(NATIVE_FULLSCREEN_VIDEO) https://bugs.webkit.org/show_bug.cgi?id=85316 Reviewed by Kent Tamura. NATIVE_FULLSCREEN_VIDEO means the fullscreen video is implemented by native system view instead of webkit. So it is more appropriate to use USE(NATIVE_FULLSCREEN_VIDEO). This chagne also disabled the rendering of the fullscreen video element in webkit when that flag is set. Just renaming the variable, no new tests. * dom/Document.cpp: (WebCore::Document::webkitWillEnterFullScreenForElement): (WebCore): * platform/graphics/MediaPlayer.cpp: (WebCore): * platform/graphics/MediaPlayer.h: (MediaPlayer): * platform/graphics/MediaPlayerPrivate.h: (MediaPlayerPrivateInterface): 2012-05-01 Jeffrey Pfau <jpfau@apple.com> <rdar://problem/10422318> Support for web content filter delegate for filtering https content https://bugs.webkit.org/show_bug.cgi?id=85300 Reviewed by Alexey Proskuryakov. No new tests. * WebCore.exp.in: * loader/MainResourceLoader.cpp: (WebCore::MainResourceLoader::MainResourceLoader): (WebCore::MainResourceLoader::~MainResourceLoader): (WebCore::MainResourceLoader::didCancel): (WebCore::MainResourceLoader::didReceiveResponse): (WebCore::MainResourceLoader::didReceiveData): (WebCore::MainResourceLoader::didFinishLoading): (WebCore::MainResourceLoader::didFail): * loader/MainResourceLoader.h: (MainResourceLoader): * platform/mac/WebCoreSystemInterface.h: * platform/mac/WebCoreSystemInterface.mm: 2012-05-01 Kent Tamura <tkent@chromium.org> Calendar Picker: Add capability to add platform-specific style sheet https://bugs.webkit.org/show_bug.cgi?id=85272 Reviewed by Kentaro Hara. Add RenderTheme::extraCalendarPickerStyleSheet(). The resultant string of the function is inserted into the calendar picker page. No new tests. Calendar picker apperance is not testable yet. * Resources/calendarPicker.css: Removed styles for year-month buttons. * Resources/calendarPickerMac.css: Moved from calendarPicker.css, and adjust styles so that they look standard Lion buttons. (.year-month-button): (.year-month-button:active): (.year-month-button:disabled): * WebCore.gyp/WebCore.gyp: Add a rule to produce CalendarPickerMac.{cpp,h}. * html/shadow/CalendarPickerElement.cpp: (WebCore::CalendarPickerElement::writeDocument): Add extraCalendarPickerStyleSheet() result to the document. * rendering/RenderTheme.cpp: (WebCore::RenderTheme::extraCalendarPickerStyleSheet): Added. Returns an empty CString by default. * rendering/RenderTheme.h: (RenderTheme): Added extraCalendarPickerStyleSheet(). * rendering/RenderThemeChromiumMac.h: Added extraCalendarPickerStyleSheet(). * rendering/RenderThemeChromiumMac.mm: (WebCore::RenderThemeChromiumMac::extraCalendarPickerStyleSheet): Added. Returns the content of Resources/calendarPickerMac.css. 2012-05-01 James Simonsen <simonjam@chromium.org> Ensure HTMLElementStack fails gracefully if it has a non-Element. https://bugs.webkit.org/show_bug.cgi?id=85167 Reviewed by Adam Barth. Test: Added to html5lib/resources/webkit02.dat * html/parser/HTMLElementStack.cpp: (WebCore::HTMLElementStack::oneBelowTop): * html/parser/HTMLTreeBuilder.cpp: (WebCore::HTMLTreeBuilder::processEndTag): 2012-05-01 Ryosuke Niwa <rniwa@webkit.org> *Command.h files shouldn't be exported to WebKit layer https://bugs.webkit.org/show_bug.cgi?id=74778 Reviewed by Eric Seidel. Remove the dependency on *Command.h files from Mac port's WebKit layer. Also wrapped the call to TypingCommand::insertParagraphSeparatorInQuotedContent in the Editor class so that we can just expose Editor's method instead of directly exposing the said static method. * WebCore.exp.in: * WebCore.xcodeproj/project.pbxproj: * editing/Editor.h: (Editor): * editing/mac/EditorMac.mm: (WebCore::Editor::insertParagraphSeparatorInQuotedContent): (WebCore): 2012-05-01 Julien Chaffraix <jchaffraix@webkit.org> Remove one bit from m_column to pack RenderTableCell bits more https://bugs.webkit.org/show_bug.cgi?id=85291 Reviewed by Ojan Vafai. Memory improvement, covered by the existing unit tests. * rendering/RenderTableCell.cpp: * rendering/RenderTableCell.h: Remove one bit from m_column (which should be fine as I wouldn't expect tables above 1 millions columns to render at all anyway) to pack the bitfields in 32 bits. Re-arranged the bits to have the bigger bitfield first. 2012-05-01 Anders Carlsson <andersca@apple.com> Slow scrolling on www.sholby.net https://bugs.webkit.org/show_bug.cgi?id=85304 <rdar://problem/11138952> Reviewed by Beth Dakin. Fix two performance issues that showed up on the profiles. * loader/FrameLoader.cpp: (WebCore::FrameLoader::checkLoadCompleteForThisFrame): Reset the relevant painted object counter; it's only interesting when loading. * page/Page.cpp: (WebCore::Page::startCountingRelevantRepaintedObjects): Set m_isCountingRelevantRepaintedObjects to true after calling reset, since reset now sets it to false. (WebCore::Page::resetRelevantPaintedObjectCounter): Set m_isCountingRelevantRepaintedObjects to false. (WebCore::Page::addRelevantRepaintedObject): Use HashSet::find to avoid an extra hash lookup. * page/scrolling/ScrollingCoordinator.cpp: (WebCore::ScrollingCoordinator::updateMainFrameScrollPositionAndScrollLayerPosition): Remove the call to FrameView::updateCompositingLayersAfterLayout now, since FrameView::notifyScrollPositionChanged already calls this and was making us to a lot of work twice. 2012-05-01 Silvia Pfeiffer <silviapf@chromium.org> Audio controls have a 1px surplus outline coming from RenderImage::paintReplaced base class, which needs overwriting. https://bugs.webkit.org/show_bug.cgi?id=84570 Reviewed by Eric Carlson. No new tests - covered by existing audio rendering tests. * rendering/RenderMedia.cpp: (WebCore::RenderMedia::paintReplaced): Overwrite inherited function. (WebCore): * rendering/RenderMedia.h: (RenderMedia): 2012-05-01 Terry Anderson <tdanderson@chromium.org> Allow a pre-targeted node to be specified when dispatching a GestureTap event https://bugs.webkit.org/show_bug.cgi?id=85296 Reviewed by Adam Barth. https://bugs.webkit.org/show_bug.cgi?id=85101 The new parameter will be used and tested in this patch. * page/EventHandler.cpp: (WebCore::EventHandler::handleGestureTap): The new preTargetedNode parameter can be used to pass in the Node that is the target of the GestureTap event. If this parameter is used, adjustedPoint is changed to be the center of the Node's bounding rectangle. * page/EventHandler.h: (EventHandler): 2012-05-01 Jessie Berlin <jberlin@apple.com> Crash calling disconnectFrame on a DOMWindowExtension a second time. https://bugs.webkit.org/show_bug.cgi?id=85301 Reviewed by Darin Adler. DOMWindowExtension::disconnectFrame assumed it would only be called when there was a frame to disconnect. However, DOMWindow's destructor invokes disconnectFrame on all its DOMWindowProperties, even if it already did so when it entered the page cache. * page/DOMWindowExtension.cpp: (WebCore::DOMWindowExtension::disconnectFrame): Don't do anything if the frame has already been disconnected. 2012-05-01 Aaron Colwell <acolwell@chromium.org> Temporarily remove webkitSourceAddId() & webkitSourceRemoveId() from DOM until the rest of the Media Source v0.5 methods are implemented. This is to prevent ambiguity about whether v0.5 is fully supported or not. https://bugs.webkit.org/show_bug.cgi?id=85295 Reviewed by Eric Carlson. No new tests. Removing methods from DOM so relevant tests are removed. * html/HTMLMediaElement.idl: 2012-05-01 Douglas Stockwell <dstockwell@chromium.org> IndexedDB: stale index entries may not be removed in some cases https://bugs.webkit.org/show_bug.cgi?id=85224 Reviewed by Ojan Vafai. Ensure that stale index entries are removed when the corresponding object store entry no longer exists. No new tests. Addresses a performance / storage leak that is not amenable to verification in a layout test. * Modules/indexeddb/IDBLevelDBBackingStore.cpp: (WebCore): 2012-05-01 Igor Oliveira <igor.o@sisa.samsung.com> Use HashMap<OwnPtr> for CounterMap in RenderCounter https://bugs.webkit.org/show_bug.cgi?id=85294 Reviewed by Eric Seidel. * rendering/RenderCounter.cpp: (WebCore): (WebCore::makeCounterNode): (WebCore::RenderCounter::destroyCounterNodes): 2012-05-01 Philip Rogers <pdr@google.com> Skip building instance tree for disallowed target https://bugs.webkit.org/show_bug.cgi?id=85202 Reviewed by Nikolas Zimmermann. When the target of a use is disallowed (e.g., a mask element) we can skip building the instance tree because the shadow tree will be skipped as well. Test: svg/custom/animate-disallowed-mask-element.svg * svg/SVGUseElement.cpp: (WebCore::SVGUseElement::buildInstanceTree): 2012-04-29 Nikolas Zimmermann <nzimmermann@rim.com> Accumulation for values-animation is broken https://bugs.webkit.org/show_bug.cgi?id=85158 Reviewed by Darin Adler. Example: <rect width="999" height="100" fill="green"/> <animate begin="0s" values="0; 30; 20" accumulate="sum" repeatCount="5" dur="2s"/> </rect> The rect should animate like this: 0.000s -> 0 0.500s -> 15 1.000s -> 30 1.500s -> 25 1.999s -> 20 2.000s -> 20 (first accumulation, starts accumulating from the last set value, here '20'). 2.500s -> 45 3.000s -> 50 3.500s -> 45 3.999s -> 40 4.000s -> 40 (second accumulation) etc. This is currently broken for values-animation. The accumulation should happen after a full cycle of the values animation ran (aka. at the end of the duration). A values animation works like this: iterate over the list of values, and calculate a 'from' and 'to' value for a given time. Example for values="0; 30; 20" dur="2s": - 0.0s .. 1.0s -> from=0, to=30 - 1.0s .. 2.0s -> from=30, to=20 Accumulation currently is taken into account at each interval for a values-animation instead of the end of the cycle. Fix that by passing an additional 'toAtEndOfDuration' type to calculateAnimatedValue() which is used for accumulation instead of the current 'to' value. Test: svg/animations/accumulate-values-width-animation.html * svg/SVGAnimateElement.cpp: (WebCore::SVGAnimateElement::calculateAnimatedValue): * svg/SVGAnimateElement.h: (SVGAnimateElement): * svg/SVGAnimateMotionElement.cpp: (WebCore::SVGAnimateMotionElement::calculateAnimatedValue): * svg/SVGAnimateMotionElement.h: (SVGAnimateMotionElement): * svg/SVGAnimatedAngle.cpp: (WebCore::SVGAnimatedAngleAnimator::calculateAnimatedValue): * svg/SVGAnimatedAngle.h: (SVGAnimatedAngleAnimator): * svg/SVGAnimatedBoolean.cpp: (WebCore::SVGAnimatedBooleanAnimator::calculateAnimatedValue): * svg/SVGAnimatedBoolean.h: (SVGAnimatedBooleanAnimator): * svg/SVGAnimatedColor.cpp: (WebCore::SVGAnimatedColorAnimator::calculateAnimatedValue): * svg/SVGAnimatedColor.h: (SVGAnimatedColorAnimator): * svg/SVGAnimatedEnumeration.cpp: (WebCore::SVGAnimatedEnumerationAnimator::calculateAnimatedValue): * svg/SVGAnimatedEnumeration.h: (SVGAnimatedEnumerationAnimator): * svg/SVGAnimatedInteger.cpp: (WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedInteger): (WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedValue): * svg/SVGAnimatedInteger.h: (SVGAnimatedIntegerAnimator): * svg/SVGAnimatedIntegerOptionalInteger.cpp: (WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::calculateAnimatedValue): * svg/SVGAnimatedIntegerOptionalInteger.h: (SVGAnimatedIntegerOptionalIntegerAnimator): * svg/SVGAnimatedLength.cpp: (WebCore::SVGAnimatedLengthAnimator::calculateAnimatedValue): * svg/SVGAnimatedLength.h: (SVGAnimatedLengthAnimator): * svg/SVGAnimatedLengthList.cpp: (WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue): * svg/SVGAnimatedLengthList.h: (SVGAnimatedLengthListAnimator): * svg/SVGAnimatedNumber.cpp: (WebCore::SVGAnimatedNumberAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumber.h: (SVGAnimatedNumberAnimator): * svg/SVGAnimatedNumberList.cpp: (WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumberList.h: (SVGAnimatedNumberListAnimator): * svg/SVGAnimatedNumberOptionalNumber.cpp: (WebCore::SVGAnimatedNumberOptionalNumberAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumberOptionalNumber.h: (SVGAnimatedNumberOptionalNumberAnimator): * svg/SVGAnimatedPath.cpp: (WebCore::SVGAnimatedPathAnimator::calculateAnimatedValue): * svg/SVGAnimatedPath.h: (SVGAnimatedPathAnimator): * svg/SVGAnimatedPointList.cpp: (WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue): * svg/SVGAnimatedPointList.h: (SVGAnimatedPointListAnimator): * svg/SVGAnimatedPreserveAspectRatio.cpp: (WebCore::SVGAnimatedPreserveAspectRatioAnimator::calculateAnimatedValue): * svg/SVGAnimatedPreserveAspectRatio.h: (SVGAnimatedPreserveAspectRatioAnimator): * svg/SVGAnimatedRect.cpp: (WebCore::SVGAnimatedRectAnimator::calculateAnimatedValue): * svg/SVGAnimatedRect.h: (SVGAnimatedRectAnimator): * svg/SVGAnimatedString.cpp: (WebCore::SVGAnimatedStringAnimator::calculateAnimatedValue): * svg/SVGAnimatedString.h: (SVGAnimatedStringAnimator): * svg/SVGAnimatedTransformList.cpp: (WebCore::SVGAnimatedTransformListAnimator::calculateAnimatedValue): * svg/SVGAnimatedTransformList.h: (SVGAnimatedTransformListAnimator): * svg/SVGAnimatedTypeAnimator.h: (SVGAnimatedTypeAnimator): * svg/SVGAnimationElement.cpp: (WebCore::SVGAnimationElement::currentValuesForValuesAnimation): (WebCore::SVGAnimationElement::updateAnimation): * svg/SVGAnimationElement.h: (WebCore::SVGAnimationElement::animateAdditiveNumber): (SVGAnimationElement): 2012-05-01 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=85231 Fixed position objects that are removed from the DOM don't kick off fixed position recalculation -and corresponding- <rdar://problem/11297916> Reviewed by Darin Adler. * rendering/RenderBox.cpp: (WebCore::RenderBox::willBeDestroyed): 2012-05-01 Dana Jansens <danakj@chromium.org> Early-out for subtracting a non-intersecting region https://bugs.webkit.org/show_bug.cgi?id=85258 Reviewed by Hajime Morita. Given regions A and B, if the bounds of the regions do not intersect, then the regions themselves do not intersect. If the intersection of A and B is empty, then A subtract B == A. * platform/graphics/Region.cpp: (WebCore::Region::subtract): 2012-04-30 Kent Tamura <tkent@chromium.org> [Chromium/Windows] Add LocalizedDateWin https://bugs.webkit.org/show_bug.cgi?id=84935 Reviewed by Kentaro Hara. LocalizedDateICU.cpp doesn't reflect system settings. So there were some problems such as <input type=date> doesn't use system's date format. We need to use Windows API to get a date format and calendar parameters. We obtain a date format like "MM/dd/yy" via Windows API, and format/parse dates for the format by our own code because Windows API can't handle years older than 1601 and doesn't have date parsing API. Unit test: Source/WebKit/chromium/tests/LocaleWinTest.cpp * WebCore.gypi: Add LocalizedDateWin.cpp. * WebCore.gyp/WebCore.gyp: For Windows, remove LocalizedDateICU.cpp and add LocalizedDateWin.cpp. All of *Win.cpp files are excluded by default. * platform/text/LocaleWin.cpp: Added. (WebCore::LocaleWin::LocaleWin): (WebCore::LocaleWin::create): (WebCore::LocaleWin::currentLocale): (WebCore::LocaleWin::~LocaleWin): (WebCore::LocaleWin::getLocaleInfoString): A helper function to obtain a string by GetLocaleInfo(). (WebCore::LocaleWin::initializeShortMonthLabels): Obtain short month names from Windows. (WebCore::DateFormatToken): A struct to represent a token in a date format. e.g. A format string "MM/dd/yy" generates five DateFormatToken: Month2, Literal, Day2, Literal, Year2. (isEraSymbol): A readability helper function. (isYearSymbol): ditto. (isMonthSymbol): ditto. (isDaySymbol): ditto. (countContinuousLetters): (commitLiteralToken): A helper for parseDateFormat(). (parseDateFormat): Parse a format string, and generate a list of DateFormatToken. (WebCore::parseNumber): A helper for parseDate(). (WebCore::LocaleWin::parseNumberOrMonth): ditto. (WebCore::LocaleWin::parseDate): Parse a user-provided date string by matching with a DateFormatToken list. (WebCore::appendNumber): A helper for formatDate(). (WebCore::appendTwoDigitsNumber): ditto. Write at least two digits. (WebCore::appendFourDigitsNumber): ditto. Write at least four digits. (WebCore::LocaleWin::formatDate): Format a DateComponents by iterating a DateFormatToken list. (WebCore::LocaleWin::initializeShortDateTokens): (WebCore::substituteLabelsIntoFormat): Creates a user-visible format string by iterating a DateFormatToken list. (WebCore::LocaleWin::dateFormatText): (WebCore::LocaleWin::initializeMonthLabels): Creates month names by Windows API. (WebCore::LocaleWin::initializeWeekDayShortLabels): Creates day names by Windows API. (WebCore::LocaleWin::monthLabels): Public accessor function for month names. (WebCore::LocaleWin::weekDayShortLabels): Public accessor function for day names. * platform/text/LocaleWin.h: Added. * platform/text/LocalizedDateWin.cpp: Added. The following functions simply delegate to LocaleWin::currentLocale(). (WebCore::parseLocalizedDate): (WebCore::formatLocalizedDate): (WebCore::localizedDateFormatText): (WebCore::monthLabels): (WebCore::weekDayShortLabels): (WebCore::firstDayOfWeek): 2012-04-30 Kent Tamura <tkent@chromium.org> REGRESSION(r115600): parseLocalizedDate() should fail for invalid inputs https://bugs.webkit.org/show_bug.cgi?id=85176 Reviewed by Kentaro Hara. Test: fast/forms/date/input-date-commit-valid-only.html * platform/text/mac/LocalizedDateMac.mm: (WebCore::parseLocalizedDate): We should check nil for the result of NSDateFormtter::dateFromString. 2012-04-30 Mark Rowe <mrowe@apple.com> Fix another leak due to misuse of createCFString. Reviewed by Darin Adler. * plugins/mac/PluginPackageMac.cpp: (WebCore::PluginPackage::fetchInfo): Adopt the result of createCFString. 2012-04-30 Mark Rowe <mrowe@apple.com> <rdar://problem/11312198> Many leaks during fast/events/dropzone-002.html Reviewed by Darin Adler. * platform/mac/ClipboardMac.mm: (WebCore::utiTypeFromCocoaType): Adopt the result of createCFString. 2012-04-30 Mark Rowe <mrowe@apple.com> <rdar://problem/11352575> Many CGImageRefs leaked during media layout tests Reviewed by Brian Weinstein. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::createImageForTimeInRect): Adopt the CGImageRef. 2012-04-30 Emil A Eklund <eae@chromium.org> Change RenderBoxModelObject::calculateBackgroundImageGeometry to use roundToInt https://bugs.webkit.org/show_bug.cgi?id=85249 Reviewed by Eric Seidel. Prepare RenderBoxModelObject for FractionalLayoutUnits by adding rounding logic to calculateBackgroundImageGeometry. Background images, as all images, needs to be layed out on pixel boundaries thus we need to convert it to a integer value. No new tests, no change in functionality. * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry): 2012-04-30 Ilya Sherman <isherman@chromium.org> Unreviewed, rolling out r113511. http://trac.webkit.org/changeset/113511 https://bugs.webkit.org/show_bug.cgi?id=66032 https://bugs.webkit.org/show_bug.cgi?id=85150 Regression: Many autofilled form fields lack the default autofill background even when authors don’t override the autofill colors * css/html.css: (input:-webkit-autofill): Restore !important modifiers 2012-04-30 Julien Chaffraix <jchaffraix@webkit.org> Move RenderTableCell's row index to RenderTableRow https://bugs.webkit.org/show_bug.cgi?id=85229 Reviewed by Ojan Vafai. Covered by the existing table tests. Row index is a RenderTableRow concept and as such this change moves the relevant logic into the class. While touching the code, renamed row() -> rowIndex() as now RenderTableCell can return its parent RenderTableRow and we were returning an index, not the row itself. * accessibility/AccessibilityTable.cpp: (WebCore::AccessibilityTable::cellForColumnAndRow): * accessibility/AccessibilityTableCell.cpp: (WebCore::AccessibilityTableCell::rowIndexRange): (WebCore::AccessibilityTableCell::titleUIElement): * rendering/RenderTable.cpp: (WebCore::RenderTable::cellAbove): (WebCore::RenderTable::cellBelow): (WebCore::RenderTable::cellBefore): (WebCore::RenderTable::cellAfter): * rendering/RenderTreeAsText.cpp: (WebCore::RenderTreeAsText::writeRenderObject): Updated after the renaming RenderTableCell::row() -> rowIndex(). * rendering/RenderTableCell.cpp: (WebCore::RenderTableCell::RenderTableCell): (WebCore::RenderTableCell::computeCollapsedBeforeBorder): (WebCore::RenderTableCell::computeCollapsedAfterBorder): Updated after m_rowIndex removal and row() -> rowIndex() renaming. (WebCore::RenderTableCell::styleDidChange): Switched the rowWasSet check to an ASSERT. The new logic guarantees that row index was set straight when we insert the row. The previous logic was opened to some race conditions as we could wait for a recalcCells call before setting the index on the rows which made this check necessary. * rendering/RenderTableCell.h: (WebCore::RenderTableCell::row): Added this RenderTableRow getter. (WebCore::RenderTableCell::rowIndex): Renamed from row(). * rendering/RenderTableRow.cpp: (WebCore::RenderTableRow::RenderTableRow): (WebCore::RenderTableRow::styleDidChange): Updated after adding m_rowIndex / rowIndex(). * rendering/RenderTableRow.h: (WebCore::RenderTableRow::setRowIndex): (WebCore::RenderTableRow::rowIndex): Added those getter / setter. Also kept m_rowIndex's smaller size for future optimization and for symmetry with the column index on RenderTableCell. * rendering/RenderTableSection.cpp: (WebCore::RenderTableSection::addChild): (WebCore::RenderTableSection::recalcCells): Made sure that whenever we insert or update our row index we do call setRowIndex(). (WebCore::RenderTableSection::addCell): This logic now doesn't need to query insertionRow as the cell's should have the index of the row in which it is inserted. (WebCore::RenderTableSection::calcRowLogicalHeight): (WebCore::RenderTableSection::layoutRows): (WebCore::compareCellPositionsWithOverflowingCells): More updates after row() -> rowIndex() renaming. * rendering/RenderTableSection.h: Removed rowIndexForRenderer now that the row caches this informatin. 2012-04-30 Keishi Hattori <keishi@webkit.org> datalist: Inconsistent behavior of HTMLInputElement::list https://bugs.webkit.org/show_bug.cgi?id=84351 Each platform will have a different set of input types that support the datalist UI. This patch makes shouldRespectListAttribute ask the RenderTheme if it supports datalist UI for that input type. Thus making it possible to do feature detection with JS. Reviewed by Kent Tamura. * WebCore.gypi: Added RenderThemeChromiumCommon.{cpp,h} * html/ColorInputType.cpp: (WebCore::ColorInputType::shouldRespectListAttribute): (WebCore): * html/ColorInputType.h: (ColorInputType): * html/InputType.cpp: (WebCore::InputType::themeSupportsDataListUI): Static method used by TextFieldInputType, RangeInputType, and ColorInputType. (WebCore): * html/InputType.h: (InputType): * html/RangeInputType.cpp: (WebCore::RangeInputType::shouldRespectListAttribute): * html/TextFieldInputType.cpp: (WebCore::TextFieldInputType::shouldRespectListAttribute): * rendering/RenderTheme.h: (RenderTheme): (WebCore::RenderTheme::supportsDataListUI): Returns true if the platform can show the datalist suggestions for a given input type. * rendering/RenderThemeChromiumCommon.cpp: Added. (WebCore): (WebCore::RenderThemeChromiumCommon::supportsDataListUI): * rendering/RenderThemeChromiumCommon.h: Added. (WebCore): (RenderThemeChromiumCommon): * rendering/RenderThemeChromiumMac.h: (RenderThemeChromiumMac): * rendering/RenderThemeChromiumMac.mm: (WebCore::RenderThemeChromiumMac::supportsDataListUI): (WebCore): * rendering/RenderThemeChromiumSkia.cpp: (WebCore::RenderThemeChromiumMac::supportsDataListUI): (WebCore): * rendering/RenderThemeChromiumSkia.h: (RenderThemeChromiumSkia): 2012-04-30 Levi Weintraub <leviw@chromium.org> RenderObject incorrectly lists maximalOutlineSize as a LayoutUnit https://bugs.webkit.org/show_bug.cgi?id=85248 Reviewed by Eric Seidel. Reverting RenderObject::maximalOutlineSize to int. This is a slop value for repaint rects that doesn't affect layout. It also derives its value from RenderView's function of the same name, which is already an integer. No new tests. No change in behavior. * rendering/RenderObject.cpp: (WebCore::RenderObject::maximalOutlineSize): * rendering/RenderObject.h: (RenderObject): 2012-04-30 Xingnan Wang <xingnan.wang@intel.com> Add multichannel support for input of JavaScriptAudioNode https://bugs.webkit.org/show_bug.cgi?id=84687 Reviewed by Chris Rogers. Tests: webaudio/javascriptaudionode-downmix8-2channel-input.html webaudio/javascriptaudionode-upmix2-8channel-input.html * Modules/webaudio/JavaScriptAudioNode.cpp: (WebCore::JavaScriptAudioNode::create): (WebCore::JavaScriptAudioNode::JavaScriptAudioNode): (WebCore::JavaScriptAudioNode::initialize): (WebCore::JavaScriptAudioNode::process): * Modules/webaudio/JavaScriptAudioNode.h: (JavaScriptAudioNode): 2012-04-30 Oliver Hunt <oliver@apple.com> Harden arithmetic in ImageBufferDataCG https://bugs.webkit.org/show_bug.cgi?id=61373 Reviewed by Gavin Barraclough. We have a checked type that allows us to automate many of the bounds checks we want here, so let's replace the floating point math, and just use Checked<> throughout. We use a non-recording Checked<> as no overflows should reach this point, so we'll take a hard early failure, over the cost of many branches when accessing the raw values in loops. * platform/graphics/cg/ImageBufferDataCG.cpp: (WebCore::ImageBufferData::getData): (WebCore::ImageBufferData::putData): 2012-04-30 Levi Weintraub <leviw@chromium.org> Add absoluteValue method for LayoutUnits to allow overloading abs() https://bugs.webkit.org/show_bug.cgi?id=85214 Reviewed by Eric Seidel. Adding an absoluteValue free inline function that operates on LayoutUnits, which allows us to have one function signature for ints or FractionalLayoutUnits. We can't simply add a FractionalLayoutUnit flavor of abs because it confuses some compilers due to the implicit FractionalLayoutUnit constructors that take ints and floats. No new tests. No change in behavior. * page/SpatialNavigation.cpp: (WebCore::distanceDataForNode): * rendering/LayoutTypes.h: (WebCore::absoluteValue): (WebCore): * rendering/RenderBlockLineLayout.cpp: (WebCore::RenderBlock::checkPaginationAndFloatsAtEndLine): * rendering/RenderLineBoxList.cpp: (WebCore::RenderLineBoxList::rangeIntersectsRect): * rendering/RenderObject.cpp: (WebCore::RenderObject::repaintAfterLayoutIfNeeded): 2012-04-30 Levi Weintraub <leviw@chromium.org> Update LayoutUnit usage in InlineFlowBox and RenderWidget https://bugs.webkit.org/show_bug.cgi?id=85239 Reviewed by Eric Seidel. Updating LayoutUnit usage in a pair of remaining functions to minimize the remaining work to switching to FractionalLayoutUnits for layout instead of integers. No new tests. No change in behavior. * rendering/InlineFlowBox.cpp: (WebCore::InlineFlowBox::placeBoxesInBlockDirection): Though stored as a float, the top is always set to an integer value. When we move to sub-pixel, we need to preserve this. Not preserving this behavior affects text decorations, most notably underlines. * rendering/RenderWidget.cpp: (WebCore::RenderWidget::updateWidgetGeometry): Adding pixel snapping for the content box if it's not transformed (absoluteContentBox includes pixel snapping), and properly treating the boundingBox as an IntRect. 2012-04-30 Levi Weintraub <leviw@chromium.org> Prepare RenderDeprecatedFlexibleBox for sub-pixel layout https://bugs.webkit.org/show_bug.cgi?id=85217 Reviewed by Eric Seidel. Bailing from the space distribution loop in layoutHorizontal/VerticalBox when the remaining space falls below one pixel. This has no effect in whole-pixel layout, but avoids unnecessary work/infinite loops in the sub-pixel case. No new tests. No change in behavior. * rendering/RenderDeprecatedFlexibleBox.cpp: (WebCore::RenderDeprecatedFlexibleBox::layoutHorizontalBox): (WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox): 2012-04-30 Ryosuke Niwa <rniwa@webkit.org> NULL ptr in WebCore::Range::getBorderAndTextQuads https://bugs.webkit.org/show_bug.cgi?id=77218 Reviewed by Eric Seidel. The crash was caused by a malformed range obtained within an event handler of mutation events (DOMNodeRemovedFromDocument). Because this range wasn't updated per node removal, range functions end up not behaving well. Fixed the bug by changing the order of the notifications in ContainerNode::willRemoveChild. We now fire mutation events first before updating ranges so that any range created inside those event handlers can also be updated prior to the actual node removal. Test: fast/dom/Range/range-created-in-mutation-event-crash.xhtml * dom/ContainerNode.cpp: (WebCore::willRemoveChild): 2012-04-30 Anders Carlsson <andersca@apple.com> ScrollingCoordinator::requestScrollPositionUpdate should not update the main frame scroll position https://bugs.webkit.org/show_bug.cgi?id=85240 <rdar://problem/11286609> Reviewed by Sam Weinig. The call to updateMainFrameScrollPosition was added to make the WebKit2 find overlay work, since it relies on scroll position updates being synchronous. Change the find code in WebKit2 to handle asynchronous scroll position updates and remove the call to updateMainFrameScrollPosition. * page/scrolling/ScrollingCoordinator.cpp: (WebCore::ScrollingCoordinator::requestScrollPositionUpdate): 2012-04-30 Anders Carlsson <andersca@apple.com> Add a way to asynchronously call a function once the scroll position of a page has been updated https://bugs.webkit.org/show_bug.cgi?id=85237 Reviewed by Sam Weinig. * WebCore.exp.in: Export functions needed by WebKit2. * page/scrolling/ScrollingCoordinator.h: Make commitTreeStateIfNeeded public. 2012-04-30 Kentaro Hara <haraken@chromium.org> WebGLRenderingContext methods should throw TypeError for not enough arguments https://bugs.webkit.org/show_bug.cgi?id=84787 Reviewed by Kenneth Russell. Currently, WebGLRenderingcontext methods implement "Not enough arguments" error as SyntaxError. The Web IDL spec requires that it should be TypeError: http://www.w3.org/TR/WebIDL/#dfn-overload-resolution-algorithm This patch changes SyntaxError to TypeError. I wanted to confirm the behavior of Firefox and Opera, but they do not implement WebGL yet. Test: fast/canvas/webgl/webgl-exceptions.html * bindings/js/JSWebGLRenderingContextCustom.cpp: (WebCore::getObjectParameter): (WebCore::JSWebGLRenderingContext::getAttachedShaders): (WebCore::JSWebGLRenderingContext::getExtension): (WebCore::JSWebGLRenderingContext::getFramebufferAttachmentParameter): (WebCore::JSWebGLRenderingContext::getParameter): (WebCore::JSWebGLRenderingContext::getProgramParameter): (WebCore::JSWebGLRenderingContext::getShaderParameter): (WebCore::JSWebGLRenderingContext::getUniform): (WebCore::dataFunctionf): (WebCore::dataFunctioni): (WebCore::dataFunctionMatrix): * bindings/v8/custom/V8WebGLRenderingContextCustom.cpp: (WebCore::getObjectParameter): (WebCore::V8WebGLRenderingContext::getAttachedShadersCallback): (WebCore::V8WebGLRenderingContext::getExtensionCallback): (WebCore::V8WebGLRenderingContext::getFramebufferAttachmentParameterCallback): (WebCore::V8WebGLRenderingContext::getParameterCallback): (WebCore::V8WebGLRenderingContext::getProgramParameterCallback): (WebCore::V8WebGLRenderingContext::getShaderParameterCallback): (WebCore::V8WebGLRenderingContext::getUniformCallback): (WebCore::vertexAttribAndUniformHelperf): (WebCore::uniformHelperi): (WebCore::uniformMatrixHelper): 2012-04-30 Emil A Eklund <eae@chromium.org> [gtk, qt, chromium, win] Fix usage of LayoutUnits and rounding in platform code https://bugs.webkit.org/show_bug.cgi?id=85222 Reviewed by Eric Seidel. Update platform code to use the pixel snapped values for painting rects to line up with device pixels and change platform specific hit testing code to use roundedPoint as hit testing is still mostly done on integer bounds. No new tests, no change in functionality. * platform/qt/RenderThemeQt.cpp: (WebCore::RenderThemeQt::paintMediaVolumeSliderTrack): * platform/win/PopupMenuWin.cpp: (WebCore::PopupMenuWin::paint): * rendering/RenderThemeChromiumSkia.cpp: (WebCore::RenderThemeChromiumSkia::paintSearchFieldCancelButton): (WebCore::RenderThemeChromiumSkia::paintSearchFieldResultsDecoration): (WebCore::RenderThemeChromiumSkia::paintSearchFieldResultsButton): 2012-04-30 Kentaro Hara <haraken@chromium.org> [V8][JSC] Remove hard-coded "Not enough arguments" errors https://bugs.webkit.org/show_bug.cgi?id=85207 Reviewed by Sam Weinig. In bug 85022 and bug 85097, we implemented createNotEnoughArgumentsError() in JSC and V8Proxy::throwNotEnoughArgumentsError() in V8 and partially removed hard-coded "Not enough arguments" errors. This patch removes hard-coded "Not enough arguments" errors by using the helper methods. No tests. No change in behavior. * bindings/js/JSAudioContextCustom.cpp: (WebCore::JSAudioContextConstructor::constructJSAudioContext): * bindings/js/JSSVGLengthCustom.cpp: (WebCore::JSSVGLength::convertToSpecifiedUnits): * bindings/js/JSWebSocketCustom.cpp: (WebCore::JSWebSocketConstructor::constructJSWebSocket): (WebCore::JSWebSocket::send): * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::open): * bindings/v8/ScriptController.cpp: (WebCore::setValueAndClosePopupCallback): * bindings/v8/custom/V8AudioContextCustom.cpp: (WebCore::V8AudioContext::constructorCallback): * bindings/v8/custom/V8SVGLengthCustom.cpp: (WebCore::V8SVGLength::convertToSpecifiedUnitsCallback): * bindings/v8/custom/V8WebSocketCustom.cpp: (WebCore::V8WebSocket::constructorCallback): (WebCore::V8WebSocket::sendCallback): * bindings/v8/custom/V8XMLHttpRequestCustom.cpp: (WebCore::V8XMLHttpRequest::openCallback): 2012-04-30 Benjamin Poulain <benjamin@webkit.org> Add String::startsWith() and endsWith() for string literals https://bugs.webkit.org/show_bug.cgi?id=85154 Reviewed by Darin Adler. Update WebCore to use the simpler startsWith() and endsWith() taking a UChar. * css/CSSParser.cpp: (WebCore::CSSParser::markPropertyEnd): * css/WebKitCSSKeyframeRule.cpp: (WebCore::StyleKeyframe::parseKeyString): * editing/markup.cpp: (WebCore::createFragmentFromText): * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::addSubresourceAttributeURLs): * html/HTMLTextFormControlElement.cpp: (WebCore::HTMLTextFormControlElement::setInnerTextValue): * inspector/ContentSearchUtils.cpp: (WebCore::ContentSearchUtils::getRegularExpressionMatchesByLines): * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::SetPropertyTextAction::redo): * loader/MainResourceLoader.cpp: (WebCore::MainResourceLoader::substituteMIMETypeFromPluginDatabase): * loader/appcache/ManifestParser.cpp: (WebCore::parseManifest): * platform/blackberry/CookieManager.cpp: (WebCore::CookieManager::shouldRejectForSecurityReason): * platform/posix/FileSystemPOSIX.cpp: (WebCore::pathByAppendingComponent): * plugins/PluginDatabase.cpp: (WebCore::PluginDatabase::findPlugin): * svg/SVGStopElement.cpp: (WebCore::SVGStopElement::parseAttribute): * svg/animation/SVGSMILElement.cpp: (WebCore::SVGSMILElement::parseOffsetValue): (WebCore::SVGSMILElement::parseCondition): 2012-04-30 Abhishek Arya <inferno@chromium.org> Remove positioned float code. https://bugs.webkit.org/show_bug.cgi?id=84795 Reviewed by Dan Bernstein. Backout r92004 and some pieces from r91702. Test: fast/block/float/positioned-float-crash.html * css/CSSParser.cpp: (WebCore::isValidKeywordPropertyAndValue): * css/CSSPrimitiveValueMappings.h: (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): (WebCore::CSSPrimitiveValue::operator EFloat): * css/CSSValueKeywords.in: * rendering/RenderBlock.cpp: (WebCore::RenderBlock::RenderBlock): (WebCore::RenderBlock::layoutBlock): (WebCore::RenderBlock::addOverflowFromFloats): (WebCore::RenderBlock::layoutBlockChild): (WebCore::RenderBlock::simplifiedLayout): (WebCore::RenderBlock::layoutPositionedObjects): (WebCore::RenderBlock::insertFloatingObject): (WebCore::RenderBlock::positionNewFloats): (WebCore::RenderBlock::clearFloats): (WebCore::RenderBlock::FloatingObjects::clear): (WebCore::RenderBlock::FloatingObjects::increaseObjectsCount): (WebCore::RenderBlock::FloatingObjects::decreaseObjectsCount): * rendering/RenderBlock.h: (RenderBlock): (WebCore::RenderBlock::forceLayoutInlineChildren): (FloatingObject): (WebCore::RenderBlock::FloatingObject::FloatingObject): (WebCore::RenderBlock::hasOverhangingFloats): (WebCore::RenderBlock::FloatingObjects::FloatingObjects): (FloatingObjects): * rendering/RenderBox.cpp: (WebCore::RenderBox::updateBoxModelInfoFromStyle): * rendering/RenderDeprecatedFlexibleBox.cpp: (WebCore::RenderDeprecatedFlexibleBox::layoutBlock): * rendering/RenderDeprecatedFlexibleBox.h: (RenderDeprecatedFlexibleBox): * rendering/RenderFlexibleBox.cpp: (WebCore::RenderFlexibleBox::layoutBlock): * rendering/RenderFlexibleBox.h: (RenderFlexibleBox): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::updateScrollbarsAfterLayout): * rendering/style/RenderStyleConstants.h: 2012-04-29 Sam Weinig <sam@webkit.org> Remove BlobBuilder https://bugs.webkit.org/show_bug.cgi?id=84036 Reviewed by Anders Carlsson. * GNUmakefile.am: * fileapi/WebKitBlobBuilder.idl: * page/DOMWindow.idl: * workers/WorkerContext.idl: Make exposing the WebKitBlobBuilder JS object conditional on a new ENABLE_LEGACY_WEBKIT_BLOB_BUILDER flag. Don't enable this for the Mac, but do for everyone else. 2012-04-30 Anders Carlsson <andersca@apple.com> Add a barrier-style dispatch member function to ScrollingThread https://bugs.webkit.org/show_bug.cgi?id=85228 Reviewed by Sam Weinig. Add a ScrollingThread::dispatchBarrier function which takes a WTF::Function and dispatches it to the main thread once all the currently scheduled scrolling thread functions have run. This is to be used for synchronization between the scrolling thread and the main thread. * page/scrolling/ScrollingThread.cpp: (WebCore::callFunctionOnMainThread): (WebCore): (WebCore::ScrollingThread::dispatchBarrier): * page/scrolling/ScrollingThread.h: (ScrollingThread): 2012-04-30 Min Qin <qinmin@google.com> Expose a flag so that fullscreen video on android can work with FULLSCREEN_API https://bugs.webkit.org/show_bug.cgi?id=84414 Reviewed by Darin Fisher. No tests, just exposing the flag, and will be used by android later. Sorry, there is a merge error during the previous commit, resolved now * platform/graphics/MediaPlayer.cpp: (WebCore::MediaPlayer::setControls): (WebCore): (WebCore::MediaPlayer::enterFullscreen): (WebCore::MediaPlayer::exitFullscreen): * platform/graphics/MediaPlayer.h: (MediaPlayer): * platform/graphics/MediaPlayerPrivate.h: (MediaPlayerPrivateInterface): (WebCore::MediaPlayerPrivateInterface::enterFullscreen): 2012-04-30 Nate Chapin <japhet@chromium.org> Move more of committing and starting to write a Document to DocumentLoader. https://bugs.webkit.org/show_bug.cgi?id=83908 Reviewed by Adam Barth. No new tests, refactor only. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::commitIfReady): Ignore m_gotFirstByte here, since it was always true here anyway. (WebCore::DocumentLoader::finishedLoading): If we are finishing an empty document, create the document now, so that FrameLoaderClient doesn't have to do it later (FrameLoaderClient code will be removed in a later patch). (WebCore::DocumentLoader::commitData): Call receivedFirstData() directly and do some work receivedFirstData() used to do, setEncoding() only once per load. (WebCore::DocumentLoader::receivedData): (WebCore::DocumentLoader::maybeCreateArchive): * loader/DocumentLoader.h: * loader/DocumentWriter.cpp: (WebCore::DocumentWriter::setEncoding): * loader/FrameLoader.cpp: (WebCore::FrameLoader::receivedFirstData): Move DocumentLoader calls to DocumentLoader. * loader/FrameLoader.h: Remove m_hasReceivedFirstData and willSetEncoding(), allow hasReceivedData() to be called directly. (FrameLoader): 2012-04-30 Kentaro Hara <haraken@chromium.org> Unreviewed. Fix test crashes in Win/Linux debug builds. * bindings/v8/V8LazyEventListener.cpp: (WebCore::V8LazyEventListener::V8LazyEventListener): (WebCore::V8LazyEventListener::prepareListenerObject): * bindings/v8/V8LazyEventListener.h: (V8LazyEventListener): 2012-04-30 Tommy Widenflycht <tommyw@google.com> MediaStream API: Change LocalMediaStream::stop to be synchronous https://bugs.webkit.org/show_bug.cgi?id=84942 Reviewed by Dimitri Glazkov. Since I changed LocalMediaStream to be a ActiveDOMObject recently the stop() behaviour needs to change since it is no longer a good idea to start a timer when called. Not possible to write a test for this. * Modules/mediastream/LocalMediaStream.cpp: (WebCore::LocalMediaStream::LocalMediaStream): (WebCore::LocalMediaStream::stop): * Modules/mediastream/LocalMediaStream.h: (LocalMediaStream): 2012-04-28 Emil A Eklund <eae@chromium.org> and Levi Weintraub <leviw@chromium.org> Add ENABLE_SUBPIXEL_LAYOUT controlling FractionalLayoutUnit denominator https://bugs.webkit.org/show_bug.cgi?id=85146 Reviewed by Eric Seidel. Add a new flag for controlling the fixed point denominator in FractionalLayoutUnit. Controls whether the denominator is set to 60 or 1. Until we change the LayoutUnit typedef this change will have no effect. No new tests, no change in functionality. * platform/FractionalLayoutUnit.h: (WebCore): (WebCore::FractionalLayoutUnit::operator++): (WebCore::operator/): (WebCore::operator+): Add ++, / double and and + double operators. These are needed when ENABLE_SUBPIXEL_LAYOUT is not enabled. * platform/graphics/FractionalLayoutRect.cpp: (WebCore::enclosingFractionalLayoutRect): 2012-04-30 Justin Schuh <jschuh@chromium.org> loadOrRedirectSubframe should return the owner element's frame https://bugs.webkit.org/show_bug.cgi?id=84780 Reviewed by Nate Chapin. Test: fast/loader/javascript-url-iframe-remove-on-navigate.html * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::loadOrRedirectSubframe): 2012-04-30 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org> Use Vector<Attribute> directly instead of encapsulating it in AttributeVector https://bugs.webkit.org/show_bug.cgi?id=84413 Reviewed by Andreas Kling. As commented in https://bugs.webkit.org/show_bug.cgi?id=79963#c16 we do not usually subclass basic types like Vector. This patch changes code to use Vector<Attribute> directly and move around the functionality of the former methods to more specific helper functions or inline code at the callers. * dom/Element.cpp: (WebCore::Element::parserSetAttributes): (WebCore::Element::normalizeAttributes): * dom/Element.h: (Element): * dom/ElementAttributeData.cpp: * dom/ElementAttributeData.h: (WebCore::findAttributeInVector): (WebCore::ElementAttributeData::getAttributeItem): (ElementAttributeData): (WebCore::ElementAttributeData::attributeVector): (WebCore::ElementAttributeData::clonedAttributeVector): (WebCore::ElementAttributeData::getAttributeItemIndex): (WebCore): * html/parser/HTMLConstructionSite.cpp: (WebCore::HTMLConstructionSite::createHTMLElementFromSavedElement): * html/parser/HTMLToken.h: (WebCore::AtomicHTMLToken::AtomicHTMLToken): * html/parser/HTMLTreeBuilder.cpp: (WebCore::HTMLTreeBuilder::processFakeStartTag): (WebCore::HTMLTreeBuilder::attributesForIsindexInput): Loop through the attributes backwards so we can remove items without affecting the rest of the loop run. * html/parser/HTMLTreeBuilder.h: * html/parser/TextDocumentParser.cpp: (WebCore::TextDocumentParser::insertFakePreElement): * xml/XMLErrors.cpp: (WebCore::createXHTMLParserErrorHeader): (WebCore::XMLErrors::insertErrorMessageBlock): * xml/parser/MarkupTokenBase.h: (WebCore::AtomicMarkupTokenBase::AtomicMarkupTokenBase): (WebCore::AtomicMarkupTokenBase::getAttributeItem): (WebCore::AtomicMarkupTokenBase::attributes): (AtomicMarkupTokenBase): (WebCore::::initializeAttributes): * xml/parser/XMLToken.h: (WebCore::AtomicXMLToken::AtomicXMLToken): 2012-04-30 Mark Pilgrim <pilgrim@chromium.org> [Chromium] Remove PlatformSupport::loadPlatformAudioResource, call loadResource directly https://bugs.webkit.org/show_bug.cgi?id=85193 Reviewed by Kentaro Hara. Part of a refactoring series. See tracking bug 82948. * platform/audio/chromium/AudioBusChromium.cpp: (WebCore::AudioBus::loadPlatformResource): * platform/chromium/PlatformSupport.h: (PlatformSupport): 2012-04-30 Mark Pilgrim <pilgrim@chromium.org> [Chromium] Call defaultLocale directly https://bugs.webkit.org/show_bug.cgi?id=85192 Reviewed by Kentaro Hara. Part of a refactoring series. See tracking bug 82948. * platform/chromium/LanguageChromium.cpp: (WebCore::platformLanguage): * platform/chromium/PlatformSupport.h: (PlatformSupport): 2012-04-30 Beth Dakin <bdakin@apple.com> https://bugs.webkit.org/show_bug.cgi?id=82922 border-image with image-set does not render correctly when viewed at 2x -and corresponding- <rdar://problem/11167820> Reviewed by Dan Bernstein. StyleImage::computeIntrinsicDimensions() is only called from one place: RenderBoxModelObject::calculateIntrinsicDimensions(), and that is only used for background images and border images. In my original image-set work, I decided that StyleCachedImageSet::computeIntrinsicDimensions() would compute "intrinsic" dimensions, meaning that they would compute the dimensions that the image resource was pretending to be rather than the actual dimensions of the resource. I chose to do this because it made background images work great without changing the call-site. But border images need to know the actual intrinsic dimensions, so this design decision (which was admittedly questionable from the start) won't stick. This patch makes StyleImage::computeIntrinsicDimensions() return actual intrinsic dimensions. Then the border-image and background- image code is very lightly patched to account for the image's scale factor. These functions no longer need the scale factor parameter. * loader/cache/CachedImage.cpp: (WebCore::CachedImage::computeIntrinsicDimensions): * loader/cache/CachedImage.h: (CachedImage): * platform/graphics/GeneratedImage.h: (GeneratedImage): * platform/graphics/GeneratorGeneratedImage.cpp: (WebCore::GeneratedImage::computeIntrinsicDimensions): * platform/graphics/Image.cpp: (WebCore::Image::computeIntrinsicDimensions): * platform/graphics/Image.h: (Image): * platform/graphics/cg/PDFDocumentImage.cpp: (WebCore::PDFDocumentImage::computeIntrinsicDimensions): * platform/graphics/cg/PDFDocumentImage.h: (PDFDocumentImage): * svg/graphics/SVGImage.cpp: (WebCore::SVGImage::computeIntrinsicDimensions): * svg/graphics/SVGImage.h: (SVGImage): * rendering/style/StyleCachedImageSet.cpp: (WebCore::StyleCachedImageSet::computeIntrinsicDimensions): New function on StyleImage returns the image's scale factor. * rendering/style/StyleCachedImageSet.h: (WebCore::StyleCachedImageSet::imageScaleFactor): * rendering/style/StyleImage.h: (WebCore::StyleImage::imageScaleFactor): Scale the intrinsic size of the background image down by the scale factor. * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::calculateFillTileSize): Slices should be multiplied by the image's scale factor since they are always expected to the specified in the 1x image's coordinate space. (WebCore::RenderBoxModelObject::paintNinePieceImage): 2012-04-30 Arko Saha <arko@motorola.com> Remove custom bindings code in JSHTMLCollectionCustom.cpp for HTMLPropertiesCollection. https://bugs.webkit.org/show_bug.cgi?id=85172 Reviewed by Kentaro Hara. Use [JSGenerateToJSObject] in HTMLPropertiesCollection.idl, so that it can generate toJS() in JSHTMLPropertiesCollection.cpp automatically. * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * html/HTMLPropertiesCollection.idl: 2012-04-30 No'am Rosenthal <noam.rosenthal@nokia.com> [Texmap] TextureMapperLayer uses intermediate surfaces too eagerly https://bugs.webkit.org/show_bug.cgi?id=85103 Reviewed by Kenneth Rohde Christiansen. Instead of automatically using an intermediate surface for layers with opacity and children, we limit surface usage for layers with more than one child and for layers with one child and contents of its own. This prevents us from using intermediate surfaces in cases where a single layer with opacity has a single descendant with content, in which case normal blending can be used. Covered by existing compositing layout tests. * platform/graphics/texmap/TextureMapperLayer.cpp: (WebCore): * platform/graphics/texmap/TextureMapperLayer.h: 2012-04-30 Yi Shen <yi.4.shen@nokia.com> Inserting a paragraph between quoted lines in editing/deleting/delete-4038408-fix.html doesn't work https://bugs.webkit.org/show_bug.cgi?id=78193 Reviewed by Ryosuke Niwa. When pasting a copied portion of a blockquote with a newline at the end into an unquoted area, the newline is inserted after the blockquote since we don't want it also to be quoted. However, this behavior has also applied when we insert a paragraph between quoted lines, which is incorrect. To figure out the right place to insert a paragraph, we need providing more information to the InsertParagraphSeparatorCommand by introducing a boolean parameter "pasteBlockqutoeIntoUnquotedArea". Tests: editing/inserting/insert-paragraph-separator-in-blockquote.html editing/pasteboard/paste-wrapped-blockquote-into-nonblockquote.html * editing/CompositeEditCommand.cpp: (WebCore::CompositeEditCommand::insertParagraphSeparator): * editing/CompositeEditCommand.h: (CompositeEditCommand): * editing/InsertParagraphSeparatorCommand.cpp: (WebCore::InsertParagraphSeparatorCommand::InsertParagraphSeparatorCommand): (WebCore::InsertParagraphSeparatorCommand::doApply): * editing/InsertParagraphSeparatorCommand.h: (WebCore::InsertParagraphSeparatorCommand::create): (InsertParagraphSeparatorCommand): * editing/ReplaceSelectionCommand.cpp: (WebCore::ReplaceSelectionCommand::doApply): 2012-04-30 Antti Koivisto <antti@apple.com> Protect current element in HTMLLinkElement::setCSSStyleSheet https://bugs.webkit.org/show_bug.cgi?id=85166 Reviewed by Andreas Kling. Stylesheet loading can trigger script execution. Test: fast/css/cached-sheet-restore-crash.html * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::setCSSStyleSheet): 2012-04-29 Keishi Hattori <keishi@webkit.org> Build fix for LocalizedDateMac.mm https://bugs.webkit.org/show_bug.cgi?id=85164 Reviewed by Kent Tamura. * platform/text/mac/LocalizedDateMac.mm: (WebCore::monthLabels): 2012-04-29 Luke Macpherson <macpherson@chromium.org> Initialize member variables in CSSParser's constructor. https://bugs.webkit.org/show_bug.cgi?id=84377 Reviewed by Kentaro Hara. It is good practice not to leave member variables uninitialized. They make debugging more difficult by reducing repeatability, and in some cases lead to the possibility of information leakage occuring. This patch simply adds initialization of m_numParsedPropertiesBeforeMarginBox to CSSParser's constructor to INVALID_NUM_PARSED_PROPERTIES so that the initial state is the same as the state after the properties are cleared. No tests added because this is a code style fix, not an actual bug so long as the bison generated code calls startDeclarationsForMarginBox() and endDeclarationsForMarginBox() symmetrically. The lack of initialization was originally detected by coverity. * css/CSSParser.cpp: (WebCore::CSSParser::CSSParser): 2012-04-29 Kent Tamura <tkent@chromium.org> [Mac] Add LocalizedDateMac https://bugs.webkit.org/show_bug.cgi?id=85039 Reviewed by Kentaro Hara. A date shown <input type=date> should be formatted for user's OS settings. Chromium-Mac used LocalizedDateICU.cpp to format/parse visible date strings and it didn't reflect user-settings. Test: covered by fast/forms/date/date-appearance.html * WebCore.gyp/WebCore.gyp: Use LocalizedDateMac.mm for OS X instead of LocalizedDateICU.cpp. * WebCore.gypi: Add LocalizedDateMac.mm * platform/text/mac/LocalizedDateMac.mm: Added. (WebCore::createShortDateFormatter): Creates a NSDateFormatter with desired settings. (WebCore::parseLocalizedDate): Impelment for tyep=date. (WebCore::formatLocalizedDate): ditto. (WebCore::isYearSymbol): A readability helper for format string parsing. (WebCore::isMonthSymbol): ditto. (WebCore::isDaySymbol): ditto. (WebCore::localizeDateFormat): Parse a format string, and replace symbols with user-friendly labels. (WebCore::localizedDateFormatText): Gets a format string, and apply localizeDateFormat(). (WebCore::monthLabels): Obtain month names from the system. (WebCore::weekDayShortLabels): Obtain week day symbols from the system. (WebCore::firstDayOfWeek): Obtain first day of week from the system. * platform/text/ICULocale.cpp: (WebCore::createFallbackMonthLabels): Uses WTF::monthFullName. 2012-04-29 Sam Weinig <sam@webkit.org> Add support for the Blob constructor (Part 2) https://bugs.webkit.org/show_bug.cgi?id=84555 Address additional feedback on Blob construction. - Add exception when the dictionary is not an object. - Ensure the proper ordering of dictionary access. Tested via throwing exceptions in toString, and ensuring correct one is fired first. - Changed type of exception throw for invalid enumeration to a TypeError. Reviewed by Kentaro Hara. Updated fast/files/blob-constructor.html to be more comprehensive. * bindings/js/JSBlobCustom.cpp: (WebCore::JSBlobConstructor::constructJSBlob): * bindings/v8/custom/V8BlobCustom.cpp: (WebCore::V8Blob::constructorCallback): 2012-04-29 No'am Rosenthal <noam.rosenthal@nokia.com> [Texmap] Leaves demo: wrong geometry when opacity animation kicks in https://bugs.webkit.org/show_bug.cgi?id=85096 Reviewed by Kenneth Rohde Christiansen. We should use combined() instead of combinedForChildren() since we don't allow intermediate surfaces for preserves-3d. Also, we should apply the offset before multiplying the transforms, otherwise the transform-origin is incorrect. Covered by existing compositing tests. * platform/graphics/texmap/TextureMapperLayer.cpp: (WebCore::TextureMapperLayer::paintSelf): (WebCore::TextureMapperLayer::paintRecursive): 2012-04-29 Mark Pilgrim <pilgrim@chromium.org> [Chromium] Call highUsageDeltaMB directly https://bugs.webkit.org/show_bug.cgi?id=84844 Reviewed by Kentaro Hara. Part of a refactoring series. See tracking bug 82948. * bindings/v8/V8GCController.cpp: (WebCore::V8GCController::checkMemoryUsage): * platform/MemoryUsageSupport.cpp: (WebCore): (WebCore::MemoryUsageSupport::highUsageDeltaMB): * platform/MemoryUsageSupport.h: (MemoryUsageSupport): * platform/chromium/MemoryUsageSupportChromium.cpp: (WebCore::MemoryUsageSupport::highUsageDeltaMB): (WebCore): * platform/chromium/PlatformSupport.h: (PlatformSupport): 2012-04-29 Kentaro Hara <haraken@chromium.org> REGRESSION(r113086): onresize event handler can be deleted in popup window https://bugs.webkit.org/show_bug.cgi?id=84908 Reviewed by Ojan Vafai. In a nutshell, an onresize event handler in the popup window can be non-deterministically deleted. For more details, please look at Chromium issue 123642: http://code.google.com/p/chromium/issues/detail?id=123642 I confirmed that this bug is the regression caused by r113086. r113086 introduced the following code: void V8LazyEventListener::prepareListenerObject(...) { if (hasExistingListenerObject()) return; ...; // Since we only parse once, there's no need to keep data // used for parsing around anymore. m_functionName = String(); m_code = String(); m_eventParameterName = String(); m_sourceURL = String(); setListenerObject(wrappedFunction); } This is not correct. The parsing can be done more than once, and thus we cannot clear data. This patch removes the above code. Consider the following situation: (1) Assume '<body onresize="f()"></body>'. (2) prepareListenerObject() runs. (3) Since this is the first parsing, hasExistingListenerObject() returns false. After the parsing, the listener object is set by setListenerObject(). (4) GC runs. Since there is no strong reference to the listener object, weakEventListenerCallback() is called back, and the listener object is disposed. (5) A resize event is triggered. (6) prepareListenerObject() is called again. Since the listener object is already disposed, hasExistingListenerObject() returns false, and the second parsing starts. In my investigation, the above situation is happening in the reported Chromium bug. Anyway, I am sure that potentially the parsing can be done more than once, and thus we must keep m_xxxx data. However, this is just a temporary fix. We should fix the code so that an alive event listener object is never reclaimed. See https://bugs.webkit.org/show_bug.cgi?id=85152 for more details. No tests: I tried hard to create a DRT test, but could not. The bug depends on the behavior of GC, and thus the reported bug is non-deterministic. For example, (as explained in the Chromium issue,) the bug does not happen if we load an HTML from network because the network latency hides the bug. Also the bug happens in the popup window only. If we open the reported HTML in the main window, we cannot reproduce the bug. * bindings/v8/V8LazyEventListener.cpp: (WebCore::V8LazyEventListener::prepareListenerObject): 2012-04-28 Sam Weinig <sam@webkit.org> Smooth scrolling needs a new key <rdar://problem/11331632> Reviewed by Geoffrey Garen. * platform/mac/ScrollAnimatorMac.mm: (WebCore::scrollAnimationEnabledForSystem): (WebCore::ScrollAnimatorMac::scroll): Update for new key. 2012-04-28 Li Yin <li.yin@intel.com> MessagePort must set m_closed to be true at the end of MessagePort::close function https://bugs.webkit.org/show_bug.cgi?id=85139 In the function MessagePort::close, the "m_closed = true" must be executed at the end, not at the beginning. Or, the m_entangledChannel->close() will not be executed. And it resulted in the failure of MS bench mark messagechannel_close.htm. http://samples.msdn.microsoft.com/ietestcenter/WebWorkers/messagechannel_close.htm Reviewed by Kentaro Hara. Test: fast/events/message-port-close.html * dom/MessagePort.cpp: (WebCore::MessagePort::close): 2012-04-28 Sam Weinig <sam@webkit.org> And again. * bindings/v8/custom/V8BlobCustom.cpp: (WebCore::V8Blob::constructorCallback): 2012-04-28 Sam Weinig <sam@webkit.org> Once again, try to make these puppies work. * bindings/v8/custom/V8BlobCustom.cpp: 2012-04-28 Sam Weinig <sam@webkit.org> Fix the Chromium build. * bindings/v8/custom/V8BlobCustom.cpp: (WebCore::V8Blob::constructorCallback): 2012-04-27 Sam Weinig <sam@webkit.org> Add support for the Blob constructor https://bugs.webkit.org/show_bug.cgi?id=84555 Reviewed by Maciej Stachowiak. Test: fast/files/blob-constructor.html This adds an implementation of the Blob constructor that willfully violates the W3C Editor’s Draft 29 February 2012 in the following ways: - Elements in the parts array are coerced to DOMStrings https://www.w3.org/Bugs/Public/show_bug.cgi?id=16721 - Don't throw for invalid key in the dictionary https://www.w3.org/Bugs/Public/show_bug.cgi?id=16727 - Values for the endings property are treated as enums https://www.w3.org/Bugs/Public/show_bug.cgi?id=16729 * bindings/js/JSBlobCustom.cpp: (WebCore::JSBlobConstructor::constructJSBlob): Implement blob constructor. * bindings/v8/custom/V8BlobCustom.cpp: (WebCore::V8Blob::constructorCallback): Implement blob constructor. * fileapi/Blob.idl: Add constructor to IDL. * workers/WorkerContext.idl: Add Blob constructor to the worker global object. 2012-04-28 Igor Oliveira <igor.o@sisa.samsung.com> Move PropertyWrapper out of the AnimationBase https://bugs.webkit.org/show_bug.cgi?id=84978 Reviewed by Dean Jackson. AnimationBase is a complex class. It has a state machine and a bunch of property handlers. This patch moves the property handlers to a separate class making AnimationBase simpler. * CMakeLists.txt: * GNUmakefile.list.am: * Target.pri: * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: * page/animation/AnimationBase.cpp: * page/animation/AnimationBase.h: (AnimationBase): * page/animation/AnimationController.cpp: (WebCore::AnimationController::supportsAcceleratedAnimationOfProperty): * page/animation/CSSPropertyAnimation.cpp: Added. (WebCore): (WebCore::blendFunc): (WebCore::crossfadeBlend): (AnimationPropertyWrapperBase): (WebCore::AnimationPropertyWrapperBase::AnimationPropertyWrapperBase): (WebCore::AnimationPropertyWrapperBase::~AnimationPropertyWrapperBase): (WebCore::AnimationPropertyWrapperBase::isShorthandWrapper): (WebCore::AnimationPropertyWrapperBase::property): (WebCore::AnimationPropertyWrapperBase::animationIsAccelerated): (WebCore::addPropertyWrapper): (WebCore::wrapperForProperty): (PropertyWrapperGetter): (WebCore::PropertyWrapperGetter::PropertyWrapperGetter): (WebCore::PropertyWrapperGetter::equals): (PropertyWrapper): (WebCore::PropertyWrapper::PropertyWrapper): (WebCore::PropertyWrapper::blend): (RefCountedPropertyWrapper): (WebCore::RefCountedPropertyWrapper::RefCountedPropertyWrapper): (WebCore::RefCountedPropertyWrapper::blend): (StyleImagePropertyWrapper): (WebCore::StyleImagePropertyWrapper::StyleImagePropertyWrapper): (WebCore::StyleImagePropertyWrapper::equals): (PropertyWrapperColor): (WebCore::PropertyWrapperColor::PropertyWrapperColor): (WebCore::PropertyWrapperColor::blend): (PropertyWrapperAcceleratedOpacity): (WebCore::PropertyWrapperAcceleratedOpacity::PropertyWrapperAcceleratedOpacity): (WebCore::PropertyWrapperAcceleratedOpacity::animationIsAccelerated): (WebCore::PropertyWrapperAcceleratedOpacity::blend): (PropertyWrapperAcceleratedTransform): (WebCore::PropertyWrapperAcceleratedTransform::PropertyWrapperAcceleratedTransform): (WebCore::PropertyWrapperAcceleratedTransform::animationIsAccelerated): (WebCore::PropertyWrapperAcceleratedTransform::blend): (PropertyWrapperAcceleratedFilter): (WebCore::PropertyWrapperAcceleratedFilter::PropertyWrapperAcceleratedFilter): (WebCore::PropertyWrapperAcceleratedFilter::animationIsAccelerated): (WebCore::PropertyWrapperAcceleratedFilter::blend): (WebCore::shadowListLength): (WebCore::shadowForBlending): (PropertyWrapperShadow): (WebCore::PropertyWrapperShadow::PropertyWrapperShadow): (WebCore::PropertyWrapperShadow::equals): (WebCore::PropertyWrapperShadow::blend): (WebCore::PropertyWrapperShadow::blendSimpleOrMatchedShadowLists): (WebCore::PropertyWrapperShadow::blendMismatchedShadowLists): (PropertyWrapperMaybeInvalidColor): (WebCore::PropertyWrapperMaybeInvalidColor::PropertyWrapperMaybeInvalidColor): (WebCore::PropertyWrapperMaybeInvalidColor::equals): (WebCore::PropertyWrapperMaybeInvalidColor::blend): (PropertyWrapperVisitedAffectedColor): (WebCore::PropertyWrapperVisitedAffectedColor::PropertyWrapperVisitedAffectedColor): (WebCore::PropertyWrapperVisitedAffectedColor::equals): (WebCore::PropertyWrapperVisitedAffectedColor::blend): (FillLayerAnimationPropertyWrapperBase): (WebCore::FillLayerAnimationPropertyWrapperBase::FillLayerAnimationPropertyWrapperBase): (WebCore::FillLayerAnimationPropertyWrapperBase::~FillLayerAnimationPropertyWrapperBase): (FillLayerPropertyWrapperGetter): (WebCore::FillLayerPropertyWrapperGetter::FillLayerPropertyWrapperGetter): (WebCore::FillLayerPropertyWrapperGetter::equals): (FillLayerPropertyWrapper): (WebCore::FillLayerPropertyWrapper::FillLayerPropertyWrapper): (WebCore::FillLayerPropertyWrapper::blend): (FillLayerRefCountedPropertyWrapper): (WebCore::FillLayerRefCountedPropertyWrapper::FillLayerRefCountedPropertyWrapper): (WebCore::FillLayerRefCountedPropertyWrapper::blend): (FillLayerStyleImagePropertyWrapper): (WebCore::FillLayerStyleImagePropertyWrapper::FillLayerStyleImagePropertyWrapper): (WebCore::FillLayerStyleImagePropertyWrapper::equals): (FillLayersPropertyWrapper): (WebCore::FillLayersPropertyWrapper::FillLayersPropertyWrapper): (WebCore::FillLayersPropertyWrapper::equals): (WebCore::FillLayersPropertyWrapper::blend): (ShorthandPropertyWrapper): (WebCore::ShorthandPropertyWrapper::ShorthandPropertyWrapper): (WebCore::ShorthandPropertyWrapper::isShorthandWrapper): (WebCore::ShorthandPropertyWrapper::equals): (WebCore::ShorthandPropertyWrapper::blend): (WebCore::ShorthandPropertyWrapper::propertyWrappers): (PropertyWrapperFlex): (WebCore::PropertyWrapperFlex::PropertyWrapperFlex): (WebCore::PropertyWrapperFlex::equals): (WebCore::PropertyWrapperFlex::blend): (PropertyWrapperSVGPaint): (WebCore::PropertyWrapperSVGPaint::PropertyWrapperSVGPaint): (WebCore::PropertyWrapperSVGPaint::equals): (WebCore::PropertyWrapperSVGPaint::blend): (WebCore::addShorthandProperties): (WebCore::CSSPropertyAnimation::ensurePropertyMap): (WebCore::gatherEnclosingShorthandProperties): (WebCore::CSSPropertyAnimation::blendProperties): (WebCore::CSSPropertyAnimation::animationOfPropertyIsAccelerated): (WebCore::CSSPropertyAnimation::animatableShorthandsAffectingProperty): (WebCore::CSSPropertyAnimation::propertiesEqual): (WebCore::CSSPropertyAnimation::getPropertyAtIndex): (WebCore::CSSPropertyAnimation::getNumProperties): * page/animation/CSSPropertyAnimation.h: Added. (WebCore): (CSSPropertyAnimation): * page/animation/CompositeAnimation.cpp: (WebCore::CompositeAnimation::updateTransitions): (WebCore::CompositeAnimation::pauseTransitionAtTime): * page/animation/ImplicitAnimation.cpp: (WebCore::ImplicitAnimation::animate): (WebCore::ImplicitAnimation::getAnimatedStyle): (WebCore::ImplicitAnimation::isTargetPropertyEqual): (WebCore::ImplicitAnimation::blendPropertyValueInStyle): (WebCore::ImplicitAnimation::timeToNextService): * page/animation/KeyframeAnimation.cpp: (WebCore::KeyframeAnimation::animate): (WebCore::KeyframeAnimation::getAnimatedStyle): (WebCore::KeyframeAnimation::timeToNextService): * rendering/style/RenderStyle.h: 2012-04-28 Geoffrey Garen <ggaren@apple.com> Clarified JSGlobalData (JavaScript VM) lifetime https://bugs.webkit.org/show_bug.cgi?id=85142 Reviewed by Anders Carlsson. * bindings/js/WorkerScriptController.cpp: (WebCore::WorkerScriptController::~WorkerScriptController): Slightly simpler than before. We can't just rely on our default destructor because we need to hold the JSLock when we tear down the VM. * bridge/NP_jsobject.cpp: (_NPN_InvokeDefault): (_NPN_Invoke): (_NPN_Evaluate): (_NPN_Construct): Don't RefPtr<> the JSGlobalData because it makes it seem like you know something the rest of our code doesn't know. The plugin JSGlobalData is immortal, anyway. I also removed some timeout checker related code because that feature doesn't work anymore, so it was effectively dead code. 2012-04-28 Ilya Tikhonovsky <loislo@chromium.org> Web Inspector: InspectorFrontendHost.append has to be implemented for saving heap snapshots. https://bugs.webkit.org/show_bug.cgi?id=85137 We can save a file with help of InspectorFrontendHost.save method, but it is suitable only for relatively small portions of data and can't process the 6Gb heap snapshot. These methods just pass the url and content into embedder. Reviewed by Yury Semikhatsky. * inspector/InspectorFrontendClient.h: (InspectorFrontendClient): * inspector/InspectorFrontendClientLocal.h: (WebCore::InspectorFrontendClientLocal::append): * inspector/InspectorFrontendHost.cpp: (WebCore::InspectorFrontendHost::append): (WebCore): * inspector/InspectorFrontendHost.h: (InspectorFrontendHost): * inspector/InspectorFrontendHost.idl: 2012-04-28 No'am Rosenthal <noam.rosenthal@nokia.com> [Qt][Texmap] Error of cross-compiling webkit with Qt 4.8.1 https://bugs.webkit.org/show_bug.cgi?id=84321 Speculative build-fix for Qt 4.8. Use QGLContext for Qt 4.x instead of the platform-specific context. Reviewed by Simon Hausmann. No new tests, build fix. * platform/graphics/texmap/TextureMapperGL.cpp: (SharedGLData): (WebCore::TextureMapperGLData::SharedGLData::getCurrentGLContext): 2012-04-28 No'am Rosenthal <noam.rosenthal@nokia.com> [Texmap] Falling leaves demo missing opacity fade out animation https://bugs.webkit.org/show_bug.cgi?id=83691 Reviewed by Martin Robinson. The bug originated from clearing an intermediate surface with glClear while the scissor state was wrong. When using intermediate surfaces, maintain a clip-stack for each surface, rather than a single clip-stack for the whole scene. When a surface is bound, its clip stack should be applied. Covered by existing compositing tests. * platform/graphics/texmap/TextureMapperGL.cpp: (SharedGLData): (WebCore::TextureMapperGL::ClipStack::push): (WebCore): (WebCore::TextureMapperGL::ClipStack::pop): (WebCore::scissorClip): (WebCore::TextureMapperGL::ClipStack::apply): (WebCore::TextureMapperGL::clipStack): (WebCore::TextureMapperGL::beginPainting): (WebCore::TextureMapperGL::drawTexture): (WebCore::BitmapTextureGL::didReset): (WebCore::BitmapTextureGL::clearIfNeeded): (WebCore::BitmapTextureGL::createFboIfNeeded): (WebCore::BitmapTextureGL::bind): (WebCore::TextureMapperGL::bindDefaultSurface): (WebCore::TextureMapperGL::bindSurface): (WebCore::TextureMapperGL::beginScissorClip): (WebCore::TextureMapperGL::beginClip): (WebCore::TextureMapperGL::endClip): * platform/graphics/texmap/TextureMapperGL.h: (TextureMapperGL): (ClipState): (WebCore::TextureMapperGL::ClipState::ClipState): (ClipStack): (WebCore::TextureMapperGL::ClipStack::current): (WebCore::TextureMapperGL::ClipStack::clear): (BitmapTextureGL): (WebCore::BitmapTextureGL::BitmapTextureGL): 2012-04-26 Emil A Eklund <eae@chromium.org> and Levi Weintraub <leviw@chromium.org> Move Length and CSS length computation to float https://bugs.webkit.org/show_bug.cgi?id=84801 Reviewed by Eric Seidel. Change Length and CSS length computation to floating point. This gets us closer to the goal of supporting subpixel layout and improves precision for SVG which already uses floating point for its layout. This change makes computedStyle return fractional values for pixel values if a fraction is specified. It also changes the result of computations where two or more values with fractional precision. Prior to this change the result of Length(2.9) + Length(2.9) would be 4 as each value would be floored. With this change the result is 5 as the addition is done with floating point precision and then the result will be floored. Once we enable subpixel layout the resulting value in this example would be 5.8. Updated existing layout tests. * css/CSSComputedStyleDeclaration.cpp: (WebCore::zoomAdjustedPixelValue): * css/CSSPrimitiveValue.cpp: (WebCore::CSSPrimitiveValue::computeLength): * css/CSSPrimitiveValue.h: (WebCore): (WebCore::roundForImpreciseConversion): Add specialized float version of roundForImpreciseConversion that matches the int versions rounding logic. If a value is sufficiently close to the next integer round it up to ensure that a style rule such as "width: 4.999px" evaluates to 5px instead of 4px. This is needed as, although Lengths are using floating point, the layout system still uses integer precision and floors the Length values. This will change once we move to FractionalLayoutUnits but for now this is needed to ensure compatibility with the existing system and tests. Without this specialized rounding logic we fail a handful of tests including acid3. * platform/Length.h: (WebCore::Length::value): (Length): (WebCore::Length::intValue): * rendering/RenderTableCell.cpp: (WebCore::RenderTableCell::styleOrColLogicalWidth): 2012-04-28 Alexander Pavlov <apavlov@chromium.org> Web Inspector: Enable touch events feature fails touch feature detection https://bugs.webkit.org/show_bug.cgi?id=84397 Whenever the touch emulation is enabled, Inspector adds a script to evaluate on load, that adds ontouch(start|end|move|cancel) properties to window.__proto__ and document.__proto__. Reviewed by Pavel Feldman. * inspector/front-end/DOMAgent.js: (WebInspector.DOMAgent.prototype._emulateTouchEventsChanged.get if): (WebInspector.DOMAgent.prototype._emulateTouchEventsChanged.scriptAddedCallback): (WebInspector.DOMAgent.prototype._emulateTouchEventsChanged): * inspector/front-end/inspector.js: 2012-04-28 Eugene Klyuchnikov <eustas.bug@gmail.com> Web Inspector: Shortcuts screen UI polish https://bugs.webkit.org/show_bug.cgi?id=84708 1) remove inconsistent shadow; 2) reduce border radius; 3) vertically center the “X” button; 4) replace unreadable symbolic shortcuts with text; 5) gaps / colors / opacity adjustments; 6) section-to-column distribution algorithm is replaced with a fair one. Reviewed by Pavel Feldman. This is a UI polising patch, so no new tests added. * English.lproj/localizedStrings.js: added keyboars arrow keys items * inspector/front-end/KeyboardShortcut.js: replace unreadable symbolic shortcuts with text * inspector/front-end/ShortcutsScreen.js: (WebInspector.ShortcutsScreen): (WebInspector.ShortcutsScreen.prototype.show): remove redundant parameter (WebInspector.ShortcutsScreen.prototype._buildTable): change section distributing algorithm (WebInspector.ShortcutsSection.prototype.renderSection): render colon with margins (WebInspector.ShortcutsSection.prototype._renderHeader): apply classname to th elements * inspector/front-end/helpScreen.css: (.help-window-main): reduce radius, remove shadow; tune color and opacity (.help-window-caption): fix spacing; add ruler (.help-window-title): fix spacing; remove ruler (.help-content): fix spacing (.help-close-button): fix spacing; adjust background color (.help-column-table): fix spacing (.help-table > tr > th): fix color (.help-key): fix color (.help-combine-keys, .help-key-delimiter): extract common style (.help-combine-keys): remove dupe (.help-section-title): add space between sections 2012-04-28 Noel Gordon <noel.gordon@gmail.com> Remove PlatformTouchPointQt.cpp PlatformTouchEventQt.cpp from the gyp projects https://bugs.webkit.org/show_bug.cgi?id=85132 Unreviewed VS2010 gyp project generation fix. PlatformTouchPointQt.cpp and PlatformTouchEventQt.cpp were removed in r115312, so remove them from the gyp projects. * WebCore.gypi: 2012-04-28 Nikolas Zimmermann <nzimmermann@rim.com> <animateTransform type="scale"> should use '0' as effective from value not '1', if no base value is specified and from is not given https://bugs.webkit.org/show_bug.cgi?id=85133 It should start from scale=0. I had that fixed before, but it got lost during merging. Restore the fix. See bug 85051, for more context why this is correct. Tests: svg/animations/animateTransform-by-scale-1-expected.svg svg/animations/animateTransform-by-scale-1.svg * svg/SVGAnimatedTransformList.cpp: (WebCore::SVGAnimatedTransformListAnimator::calculateAnimatedValue): 2012-04-28 Nikolas Zimmermann <nzimmermann@rim.com> SVGAnimateColorElement doesn't support by/to animations properly https://bugs.webkit.org/show_bug.cgi?id=36704 Reviewed by Antti Koivisto. Switch AnimatedColorAnimator to use the standard animateAdditiveNumber() method, taking progress & repeatCount into account. This gives us accumulation/repeatCount support for free. We just animate the four color components on their own now and clamp once at the end after addition/accumulation finished. Import <animateColor> tests from Dr. Olaf Hoffmanns SVG Animation test suite, which all pass now. While I was at it, remove the includeSMILProperties boolean from computeCSSPropertyValue - we always use the computed style without SMIL effects included, whenever we want to retrieve the "base value", or handle "inherit/currentColor". Tests: svg/animations/animateColor-additive-2a-expected.svg svg/animations/animateColor-additive-2a.svg svg/animations/animateColor-additive-2b-expected.svg svg/animations/animateColor-additive-2b.svg svg/animations/animateColor-additive-2c-expected.svg svg/animations/animateColor-additive-2c.svg svg/animations/animateColor-additive-2d-expected.svg svg/animations/animateColor-additive-2d.svg * svg/ColorDistance.cpp: (WebCore::ColorDistance::clampColor): (WebCore::ColorDistance::addColors): (WebCore::ColorDistance::addToColor): * svg/ColorDistance.h: (ColorDistance): * svg/SVGAnimateElement.cpp: (WebCore::SVGAnimateElement::resetToBaseValue): * svg/SVGAnimatedColor.cpp: (WebCore::SVGAnimatedColorAnimator::addAnimatedTypes): (WebCore::SVGAnimatedColorAnimator::calculateAnimatedValue): * svg/SVGAnimationElement.cpp: (WebCore::SVGAnimationElement::computeCSSPropertyValue): (WebCore::SVGAnimationElement::adjustForInheritance): * svg/SVGAnimationElement.h: (SVGAnimationElement): 2012-04-28 Nikolas Zimmermann <nzimmermann@rim.com> Not reviewed. Fix Qt build -- I was too quick. * rendering/svg/SVGPathData.cpp: Add back Path.h include. 2012-04-28 Nikolas Zimmermann <nzimmermann@rim.com> Rename SVGPathParserFactory to SVGPathUtilities and remove the obsolete singleton https://bugs.webkit.org/show_bug.cgi?id=85129 SVGPathParserFactory implements the singleton pattern, but stores no members. Remove the singleton and move all functions to free-functions into SVGPathUtilities.h. Makes the code easier to read - doesn't affect any tests. * CMakeLists.txt: * GNUmakefile.list.am: * Target.pri: * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: * rendering/svg/SVGPathData.cpp: (WebCore::updatePathFromPathElement): * rendering/svg/SVGRenderTreeAsText.cpp: (WebCore::operator<<): * svg/SVGAllInOne.cpp: * svg/SVGAnimateMotionElement.cpp: (WebCore::SVGAnimateMotionElement::parseAttribute): * svg/SVGAnimatedPath.cpp: (WebCore::SVGAnimatedPathAnimator::constructFromString): (WebCore::SVGAnimatedPathAnimator::startAnimValAnimation): (WebCore::SVGAnimatedPathAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedPathAnimator::addAnimatedTypes): (WebCore::SVGAnimatedPathAnimator::calculateAnimatedValue): * svg/SVGAnimatedType.cpp: * svg/SVGGlyphElement.cpp: (WebCore::SVGGlyphElement::buildGenericGlyphIdentifier): * svg/SVGPathBlender.cpp: Fix typo s/;;/;/ * svg/SVGPathElement.cpp: (WebCore::SVGPathElement::getTotalLength): (WebCore::SVGPathElement::getPointAtLength): (WebCore::SVGPathElement::getPathSegAtLength): (WebCore::SVGPathElement::parseAttribute): (WebCore::SVGPathElement::svgAttributeChanged): (WebCore::SVGPathElement::lookupOrCreateDWrapper): (WebCore::SVGPathElement::pathSegListChanged): * svg/SVGPathParserFactory.h: Removed. * svg/SVGPathSegList.cpp: (WebCore::SVGPathSegList::valueAsString): * svg/SVGPathUtilities.cpp: Renamed from Source/WebCore/svg/SVGPathParserFactory.cpp. (WebCore): (WebCore::globalSVGPathBuilder): (WebCore::globalSVGPathSegListBuilder): (WebCore::globalSVGPathByteStreamBuilder): (WebCore::globalSVGPathStringBuilder): (WebCore::globalSVGPathTraversalStateBuilder): (WebCore::globalSVGPathParser): (WebCore::globalSVGPathBlender): (WebCore::buildPathFromString): (WebCore::buildSVGPathByteStreamFromSVGPathSegList): (WebCore::buildPathFromByteStream): (WebCore::buildSVGPathSegListFromByteStream): (WebCore::buildStringFromByteStream): (WebCore::buildStringFromSVGPathSegList): (WebCore::buildSVGPathByteStreamFromString): (WebCore::buildAnimatedSVGPathByteStream): (WebCore::addToSVGPathByteStream): (WebCore::getSVGPathSegAtLengthFromSVGPathByteStream): (WebCore::getTotalLengthOfSVGPathByteStream): (WebCore::getPointAtLengthOfSVGPathByteStream): * svg/SVGPathUtilities.h: Added. (WebCore): * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h: (WebCore::SVGAnimatedPathSegListPropertyTearOff::animValDidChange): 2012-04-28 Nikolas Zimmermann <nzimmermann@rim.com> Fix repetitions & by animation support for path animations https://bugs.webkit.org/show_bug.cgi?id=85071 Rubber-stamped by Antti Koivisto. Cleanup SVGPathBlender, to make it more readable. * svg/SVGPathBlender.cpp: (WebCore::SVGPathBlender::blendLineToHorizontalSegment): (WebCore::SVGPathBlender::blendLineToVerticalSegment): (WebCore::SVGPathBlender::blendArcToSegment): (WebCore::SVGPathBlender::blendAnimatedPath): 2012-04-28 Yury Semikhatsky <yurys@chromium.org> Unreviewed. Qt build fix: added new exported symbols. * WebCore.exp.in: 2012-04-28 Yury Semikhatsky <yurys@chromium.org> Unreviewed. Fix Qt minimal build after r115553. * inspector/InspectorConsoleAgent.h: 2012-04-27 Nikolas Zimmermann <nzimmermann@rim.com> Fix repetitions & by animation support for path animations https://bugs.webkit.org/show_bug.cgi?id=85071 Reviewed by Antti Koivisto. Implement additive="sum" / by-animation support for path animations, eg. <path d="M 10 10 L 10 100 Z"> <animate attributeName="d" begin="0s" dur="4s" by="M 0 0 L 90 0 Z"/> <path> animates the d attribute to "M 10 10 L 100 100 0 Z". Now only <animateColor> and <animateMotion> are left to be fixed, all other types are working as expected now in all additive/accumulate/from-by/by/from-to animations. Tests: svg/animations/path-animation-expected.svg svg/animations/repeating-path-animation-expected.svg svg/animations/repeating-path-animation.svg * svg/SVGAnimatedPath.cpp: (WebCore::SVGAnimatedPathAnimator::addAnimatedTypes): Implemented, to support by-animations, instead of falling back to to-animations. (WebCore::SVGAnimatedPathAnimator::calculateAnimatedValue): Handle repetitions, accumulation & addition. * svg/SVGPathBlender.cpp: Allow empty from source everywhere, use default values if no from value is specified, needed for by-animations. (WebCore::SVGPathBlender::SVGPathBlender): (WebCore::SVGPathBlender::blendAnimatedDimensonalFloat): (WebCore::SVGPathBlender::blendAnimatedFloatPoint): (WebCore::SVGPathBlender::blendMoveToSegment): (WebCore::SVGPathBlender::blendLineToSegment): (WebCore::SVGPathBlender::blendLineToHorizontalSegment): (WebCore::SVGPathBlender::blendLineToVerticalSegment): (WebCore::SVGPathBlender::blendCurveToCubicSegment): (WebCore::SVGPathBlender::blendCurveToCubicSmoothSegment): (WebCore::SVGPathBlender::blendCurveToQuadraticSegment): (WebCore::SVGPathBlender::blendCurveToQuadraticSmoothSegment): (WebCore::SVGPathBlender::blendArcToSegment): (WebCore::SVGPathBlender::addAnimatedPath): (WebCore::SVGPathBlender::blendAnimatedPath): * svg/SVGPathBlender.h: Add new addAnimatedPath function. (SVGPathBlender): * svg/SVGPathByteStream.h: (SVGPathByteStream): Make SVGPathByteStreams copyable, needed for SVGAnimatedPathAnimator. (WebCore::SVGPathByteStream::size): Returns size of the SVGPathByteStream. * svg/SVGPathParserFactory.cpp: (WebCore::SVGPathParserFactory::buildAnimatedSVGPathByteStream): Allow empty from streams, needed for by animations. (WebCore::SVGPathParserFactory::addToSVGPathByteStream): Add 'byStream' 'repeatCount' times to 'toStream'. Both streams must match in size. * svg/SVGPathParserFactory.h: Add new addToSVGPathByteStream function. * svg/SVGPointList.cpp: Remove dead code. * svg/SVGPointList.h: Ditto. (SVGPointList): 2012-04-28 Nikolas Zimmermann <nzimmermann@rim.com> SVGAnimateMotion does not handle accumulation https://bugs.webkit.org/show_bug.cgi?id=18564 Reviewed by Antti Koivisto. Implement accumulation for <animateMotion>. Add lots of new reftests, verifying additive/accumulate behavior is correct. Tests: svg/animations/animateMotion-additive-1-expected.svg svg/animations/animateMotion-additive-1.svg svg/animations/animateMotion-additive-2a-expected.svg svg/animations/animateMotion-additive-2a.svg svg/animations/animateMotion-additive-2b-expected.svg svg/animations/animateMotion-additive-2b.svg svg/animations/animateMotion-additive-2c-expected.svg svg/animations/animateMotion-additive-2c.svg svg/animations/animateMotion-additive-2d-expected.svg svg/animations/animateMotion-additive-2d.svg svg/animations/mozilla/animateMotion-by-1-expected.svg svg/animations/mozilla/animateMotion-by-1.svg svg/animations/mozilla/animateMotion-from-to-1-expected.svg svg/animations/mozilla/animateMotion-from-to-1.svg svg/animations/mozilla/animateMotion-indefinite-to-1-expected.svg svg/animations/mozilla/animateMotion-indefinite-to-1.svg svg/animations/mozilla/animateMotion-indefinite-to-2-expected.svg svg/animations/mozilla/animateMotion-indefinite-to-2.svg svg/animations/mozilla/animateMotion-mpath-pathLength-1-expected.svg svg/animations/mozilla/animateMotion-mpath-pathLength-1.svg svg/animations/mozilla/animateMotion-mpath-targetChange-1-expected.svg svg/animations/mozilla/animateMotion-mpath-targetChange-1.svg svg/animations/mozilla/animateMotion-to-overridden-1-expected.svg svg/animations/mozilla/animateMotion-to-overridden-1.svg * svg/SVGAnimateMotionElement.cpp: (WebCore::SVGAnimateMotionElement::SVGAnimateMotionElement): (WebCore::SVGAnimateMotionElement::buildTransformForProgress): (WebCore::SVGAnimateMotionElement::calculateAnimatedValue): * svg/SVGAnimateMotionElement.h: 2012-04-27 Yury Semikhatsky <yurys@chromium.org> ScriptStateProtectedPtr should not keep a strong reference to the context https://bugs.webkit.org/show_bug.cgi?id=85009 Delete console message arguments when DOMWindow where the messages were created is reset on its frame. Reviewed by Pavel Feldman. Test: http/tests/inspector-enabled/console-clear-arguments-on-frame-navigation.html * inspector/ConsoleMessage.cpp: (WebCore::ConsoleMessage::addToFrontend): (WebCore::ConsoleMessage::windowCleared): (WebCore::ConsoleMessage::argumentCount): (WebCore): * inspector/ConsoleMessage.h: (ConsoleMessage): * inspector/InspectorConsoleAgent.cpp: (WebCore::InspectorConsoleAgent::consoleMessageArgumentCounts): (WebCore): * inspector/InspectorConsoleAgent.h: (InspectorConsoleAgent): * page/Frame.cpp: (WebCore::Frame::clearDOMWindow): (WebCore::Frame::setDOMWindow): * testing/Internals.cpp: (WebCore): (WebCore::Internals::consoleMessageArgumentCounts): * testing/Internals.h: (Internals): * testing/Internals.idl: 2012-04-27 Jochen Eisinger <jochen@chromium.org> Ensure that there's always a provisional document loader if the frame loader is in provisional state https://bugs.webkit.org/show_bug.cgi?id=83894 Reviewed by Nate Chapin. We're still seeing crashes in the FrameLoader where the FrameLoader's state is "provisional" but there is no provisional document loader. I added code to update the FrameLoader's state everytime the provisional document loader is cleared, and added checks that the FrameLoader's state can't be set to provisional without a provisional loader. If the crashes go away, or the newly added checks reveal the culprit, we should relex the checks to use ASSERT() instead of CRASH(). * loader/FrameLoader.cpp: (WebCore::FrameLoader::init): (WebCore::FrameLoader::setupForReplace): (WebCore::FrameLoader::stopAllLoaders): (WebCore::FrameLoader::clearProvisionalLoad): (WebCore::FrameLoader::continueFragmentScrollAfterNavigationPolicy): (WebCore::FrameLoader::continueLoadAfterNavigationPolicy): 2012-04-27 Geoffrey Garen <ggaren@apple.com> Try to fix the Qt build. * bridge/qt/qt_runtime.cpp: (JSC::Bindings::QtRuntimeMethod::finishCreation): 2012-04-27 Geoffrey Garen <ggaren@apple.com> Made WeakSet::allocate() static and removed its JSGlobalData argument https://bugs.webkit.org/show_bug.cgi?id=85128 Reviewed by Anders Carlsson. Mechanically removed JSGlobalData arguments from PassWeak<T> and Weak<T> allocation. * bindings/js/JSDOMBinding.cpp: (WebCore::jsStringSlowCase): * bindings/js/JSEventListener.h: (WebCore::JSEventListener::setWrapper): * bindings/js/JSNodeFilterCondition.cpp: (WebCore::JSNodeFilterCondition::JSNodeFilterCondition): * bindings/js/ScriptWrappable.h: (WebCore::ScriptWrappable::setWrapper): * bridge/jsc/BridgeJSC.cpp: (JSC::Bindings::Instance::createRuntimeObject): * bridge/qt/qt_runtime.cpp: (JSC::Bindings::QtRuntimeMethod::finishCreation): * bridge/runtime_root.cpp: (JSC::Bindings::RootObject::addRuntimeObject): 2012-04-27 Mark Rowe <mrowe@apple.com> <rdar://problem/11313710> Leaks under WebCore::CSSImageSetValue::cachedImageSet when running tests There was a reference cycle between CSSImageSetValue and StyleCachedImageSet via CSSImageSetValue::m_imageSet / StyleCachedImageSet::m_imageSetValue. Break the cycle by having StyleCachedImageSet hold a weak reference to the CSSImageSetValue rather than a strong reference. Reviewed by Geoff Garen. * rendering/style/StyleCachedImageSet.cpp: (WebCore::StyleCachedImageSet::StyleCachedImageSet): * rendering/style/StyleCachedImageSet.h: (StyleCachedImageSet): 2012-04-27 Mark Rowe <mrowe@apple.com> <rdar://problem/10346980> REGRESSION: Cannot enter text in Dashboard widget fields that have placeholder attribute Remove a dashboard backwards compatibility quirk that was in place to support an old version of the Stocks widget. It prevented the pointer-events property from being applied in Dashboard widgets, which caused -webkit-input-placeholder elements to eat mouse clicks rather than giving focus to the containing input elements. The offending widget has long since been fixed. Reviewed by Dan Bernstein. * css/StyleResolver.cpp: (WebCore::StyleResolver::collectMatchingRulesForList): 2012-04-27 Dean Jackson <dino@apple.com> Support reverse and alternate-reverse in CA animations https://bugs.webkit.org/show_bug.cgi?id=78041 Reviewed by Beth Dakin. CoreAnimation does not natively support reverse and alternate-reverse animation directions so we need to flip the animation values (keyframe keys and timing functions) that we send to GraphicsLayerCA. Unfortunately this code adds a lot of conditionals because it isn't as simple as reversing the order of keys. You also now have a different alignment of timing functions to the reversed list. New tests to cover the two new directions, making sure the timing functions are correctly inverted, and exercising fill modes. Tests: animations/animation-direction-reverse-fill-mode-hardware.html animations/animation-direction-reverse-fill-mode.html animations/animation-direction-reverse-hardware-opacity.html animations/animation-direction-reverse-hardware.html animations/animation-direction-reverse-non-hardware.html animations/animation-direction-reverse-timing-functions-hardware.html animations/animation-direction-reverse-timing-functions.html * platform/graphics/ca/GraphicsLayerCA.cpp: Handle the previously unsupported animation directions, reversing the list of values and keytimes that would be used to create the CA Animation. (WebCore::GraphicsLayerCA::addAnimation): Do not create an animation if on Windows and using a reverse direction. (WebCore::GraphicsLayerCA::createFilterAnimationsFromKeyframes): (WebCore::GraphicsLayerCA::setupAnimation): (WebCore::GraphicsLayerCA::setAnimationEndpoints): (WebCore::GraphicsLayerCA::setAnimationKeyframes): (WebCore::GraphicsLayerCA::setTransformAnimationEndpoints): (WebCore::GraphicsLayerCA::setTransformAnimationKeyframes): (WebCore::GraphicsLayerCA::setFilterAnimationEndpoints): (WebCore::GraphicsLayerCA::setFilterAnimationKeyframes): * platform/graphics/ca/PlatformCAAnimation.h: (PlatformCAAnimation): Pass through a flag that tells the CA Animation that it should invert the timing functions. * platform/graphics/ca/mac/PlatformCAAnimationMac.mm: (toCAMediaTimingFunction): Add a parameter that will invert the timing function coefficients if necessary. (PlatformCAAnimation::setTimingFunction): (PlatformCAAnimation::setTimingFunctions): * platform/graphics/ca/win/PlatformCAAnimationWin.cpp: (toCACFTimingFunction): New unused parameter. 2012-04-27 Sheriff Bot <webkit.review.bot@gmail.com> Unreviewed, rolling out r115407. http://trac.webkit.org/changeset/115407 https://bugs.webkit.org/show_bug.cgi?id=85126 Caused heap use after free (Requested by keishi_ on #webkit). * html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::HTMLFormControlElement): (WebCore::HTMLFormControlElement::updateFieldSetAndLegendAncestor): (WebCore::HTMLFormControlElement::insertedInto): (WebCore::HTMLFormControlElement::removedFrom): (WebCore::HTMLFormControlElement::disabled): (WebCore::HTMLFormControlElement::recalcWillValidate): (WebCore::HTMLFormControlElement::setNeedsWillValidateCheck): * html/HTMLFormControlElement.h: (HTMLFormControlElement): 2012-04-27 Kentaro Hara <haraken@chromium.org> [JSC] Implement a helper method createNotEnoughArgumentsError() https://bugs.webkit.org/show_bug.cgi?id=85102 Reviewed by Geoffrey Garen. In bug 84787, kbr@ requested to avoid hard-coding createTypeError(exec, "Not enough arguments") here and there. This patch implements createNotEnoughArgumentsError(exec) and uses it in JSC bindings. c.f. a corresponding bug for V8 bindings is bug 85097. Test: bindings/scripts/test/TestObj.idl * bindings/scripts/CodeGeneratorJS.pm: Modified as described above. (GenerateArgumentsCountCheck): * bindings/js/JSDataViewCustom.cpp: Ditto. (WebCore::getDataViewMember): (WebCore::setDataViewMember): * bindings/js/JSDeprecatedPeerConnectionCustom.cpp: (WebCore::JSDeprecatedPeerConnectionConstructor::constructJSDeprecatedPeerConnection): * bindings/js/JSDirectoryEntryCustom.cpp: (WebCore::JSDirectoryEntry::getFile): (WebCore::JSDirectoryEntry::getDirectory): * bindings/js/JSSharedWorkerCustom.cpp: (WebCore::JSSharedWorkerConstructor::constructJSSharedWorker): * bindings/js/JSWebKitMutationObserverCustom.cpp: (WebCore::JSWebKitMutationObserverConstructor::constructJSWebKitMutationObserver): (WebCore::JSWebKitMutationObserver::observe): * bindings/js/JSWorkerCustom.cpp: (WebCore::JSWorkerConstructor::constructJSWorker): * bindings/scripts/test/JS/JSFloat64Array.cpp: Updated run-bindings-tests. (WebCore::jsFloat64ArrayPrototypeFunctionFoo): * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp: (WebCore::jsTestActiveDOMObjectPrototypeFunctionExcitingFunction): (WebCore::jsTestActiveDOMObjectPrototypeFunctionPostMessage): * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp: (WebCore::jsTestCustomNamedGetterPrototypeFunctionAnotherFunction): * bindings/scripts/test/JS/JSTestEventTarget.cpp: (WebCore::jsTestEventTargetPrototypeFunctionItem): (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener): (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener): (WebCore::jsTestEventTargetPrototypeFunctionDispatchEvent): * bindings/scripts/test/JS/JSTestInterface.cpp: (WebCore::JSTestInterfaceConstructor::constructJSTestInterface): (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2): * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp: (WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod): * bindings/scripts/test/JS/JSTestNamedConstructor.cpp: (WebCore::JSTestNamedConstructorNamedConstructor::constructJSTestNamedConstructor): * bindings/scripts/test/JS/JSTestObj.cpp: (WebCore::JSTestObjConstructor::constructJSTestObj): (WebCore::jsTestObjPrototypeFunctionVoidMethodWithArgs): (WebCore::jsTestObjPrototypeFunctionIntMethodWithArgs): (WebCore::jsTestObjPrototypeFunctionObjMethodWithArgs): (WebCore::jsTestObjPrototypeFunctionMethodWithSequenceArg): (WebCore::jsTestObjPrototypeFunctionMethodReturningSequence): (WebCore::jsTestObjPrototypeFunctionMethodThatRequiresAllArgsAndThrows): (WebCore::jsTestObjPrototypeFunctionSerializedValue): (WebCore::jsTestObjPrototypeFunctionIdbKey): (WebCore::jsTestObjPrototypeFunctionOptionsObject): (WebCore::jsTestObjPrototypeFunctionAddEventListener): (WebCore::jsTestObjPrototypeFunctionRemoveEventListener): (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndOptionalArg): (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndTwoOptionalArgs): (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackArg): (WebCore::jsTestObjPrototypeFunctionMethodWithNonCallbackArgAndCallbackArg): (WebCore::jsTestObjPrototypeFunctionOverloadedMethod1): (WebCore::jsTestObjPrototypeFunctionOverloadedMethod2): (WebCore::jsTestObjPrototypeFunctionOverloadedMethod3): (WebCore::jsTestObjPrototypeFunctionOverloadedMethod4): (WebCore::jsTestObjPrototypeFunctionOverloadedMethod5): (WebCore::jsTestObjPrototypeFunctionOverloadedMethod6): (WebCore::jsTestObjPrototypeFunctionOverloadedMethod7): (WebCore::jsTestObjConstructorFunctionClassMethod2): (WebCore::jsTestObjConstructorFunctionOverloadedMethod11): (WebCore::jsTestObjConstructorFunctionOverloadedMethod12): (WebCore::jsTestObjPrototypeFunctionMethodWithUnsignedLongArray): (WebCore::jsTestObjPrototypeFunctionConvert1): (WebCore::jsTestObjPrototypeFunctionConvert2): (WebCore::jsTestObjPrototypeFunctionConvert3): (WebCore::jsTestObjPrototypeFunctionConvert4): (WebCore::jsTestObjPrototypeFunctionConvert5): (WebCore::jsTestObjPrototypeFunctionStrictFunction): * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp: (WebCore::JSTestSerializedScriptValueInterfaceConstructor::constructJSTestSerializedScriptValueInterface): (WebCore::jsTestSerializedScriptValueInterfacePrototypeFunctionAcceptTransferList): 2012-04-27 Mark Pilgrim <pilgrim@chromium.org> [Chromium] Call highMemoryUsageMB directly https://bugs.webkit.org/show_bug.cgi?id=84841 Reviewed by Kentaro Hara. Part of a refactoring series. See tracking bug 82948. * bindings/v8/V8GCController.cpp: (WebCore::V8GCController::checkMemoryUsage): * platform/MemoryUsageSupport.cpp: (WebCore::MemoryUsageSupport::highMemoryUsageMB): (WebCore): * platform/MemoryUsageSupport.h: (MemoryUsageSupport): * platform/chromium/MemoryUsageSupportChromium.cpp: (WebCore::MemoryUsageSupport::highMemoryUsageMB): (WebCore): * platform/chromium/PlatformSupport.h: (PlatformSupport): 2012-04-27 Geoffrey Garen <ggaren@apple.com> Only allow non-null pointers in the WeakSet https://bugs.webkit.org/show_bug.cgi?id=85119 Reviewed by Darin Adler. * bridge/jsc/BridgeJSC.cpp: (JSC::Bindings::Instance::Instance): Don't allocate a WeakImpl just to store null. This was needless, and is now a compile error. Instead, rely on the default constructor, which will produce a cheap null. 2012-04-27 Kentaro Hara <haraken@chromium.org> "Not enough arguments" error should be TypeError https://bugs.webkit.org/show_bug.cgi?id=84628 Reviewed by Darin Adler. Currently, some custom bindings implement "Not enough arguments" error as SyntaxError. The Web IDL spec requires that it should be TypeError: http://www.w3.org/TR/WebIDL/#dfn-overload-resolution-algorithm Thus, this patch changes SyntaxError to TypeError. Tests: http/tests/websocket/tests/hixie76/url-parsing.html: http/tests/websocket/tests/hybi/url-parsing.html: http/tests/xmlhttprequest/exceptions.html: svg/dom/SVGLength.html: webaudio/audionode.html: * bindings/js/JSAudioContextCustom.cpp: (WebCore::JSAudioContextConstructor::constructJSAudioContext): * bindings/js/JSSVGLengthCustom.cpp: (WebCore::JSSVGLength::convertToSpecifiedUnits): * bindings/js/JSWebSocketCustom.cpp: (WebCore::JSWebSocketConstructor::constructJSWebSocket): (WebCore::JSWebSocket::send): * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::open): * bindings/v8/custom/V8AudioContextCustom.cpp: (WebCore::V8AudioContext::constructorCallback): * bindings/v8/custom/V8SVGLengthCustom.cpp: (WebCore::V8SVGLength::convertToSpecifiedUnitsCallback): * bindings/v8/custom/V8WebSocketCustom.cpp: (WebCore::V8WebSocket::constructorCallback): (WebCore::V8WebSocket::sendCallback): * bindings/v8/custom/V8XMLHttpRequestCustom.cpp: (WebCore::V8XMLHttpRequest::openCallback): 2012-04-27 Kenneth Russell <kbr@google.com> Remove SHADER_COMPILER constant https://bugs.webkit.org/show_bug.cgi?id=85115 Reviewed by Darin Adler. Removed constant which was previously removed from spec. Updated layout test and expected results. * html/canvas/WebGLRenderingContext.idl: 2012-04-27 Arvid Nilsson <anilsson@rim.com> [BlackBerry] Fixed background is scrolling in http://www.nieuwecode.nl https://bugs.webkit.org/show_bug.cgi?id=85109 Reviewed by Antonio Gomes. Since the BlackBerry port uses very similar fixed position acceleration as the Qt WebKit2 port, the same fix that worked for them in bug 83980 works for us. Fixed by opting in to the FIXED_POSITION_CREATES_STACKING_CONTEXT mechanism. Covered by existing manual test fixed-position-no-z-index.html. * css/StyleResolver.cpp: 2012-04-27 Nat Duca <nduca@chromium.org> Expose high-resolution on requestAnimationFrame callback https://bugs.webkit.org/show_bug.cgi?id=66683 This changes requestAnimationFrame's animationStartTime argument to be a high resolution DOM timestamp, per disucssion here: http://lists.w3.org/Archives/Public/public-web-perf/2012Apr/0004.html Reviewed by James Robinson. Covered by existing requestAnimationFrame tests. * dom/Document.cpp: (WebCore::Document::serviceScriptedAnimations): * dom/Document.h: (Document): * dom/ScriptedAnimationController.cpp: (WebCore::ScriptedAnimationController::ScriptedAnimationController): (WebCore::ScriptedAnimationController::serviceScriptedAnimations): (WebCore): (WebCore::ScriptedAnimationController::windowScreenDidChange): (WebCore::ScriptedAnimationController::scheduleAnimation): (WebCore::ScriptedAnimationController::animationTimerFired): (WebCore::ScriptedAnimationController::displayRefreshFired): * dom/ScriptedAnimationController.h: (ScriptedAnimationController): * page/FrameView.cpp: (WebCore::FrameView::serviceScriptedAnimations): * page/FrameView.h: (FrameView): * platform/graphics/DisplayRefreshMonitor.cpp: (WebCore::DisplayRefreshMonitor::DisplayRefreshMonitor): (WebCore::DisplayRefreshMonitor::notifyClients): * platform/graphics/DisplayRefreshMonitor.h: (DisplayRefreshMonitor): * platform/graphics/blackberry/DisplayRefreshMonitorBlackBerry.cpp: (WebCore::DisplayRefreshMonitor::displayLinkFired): * platform/graphics/mac/DisplayRefreshMonitorMac.cpp: (WebCore): (WebCore::DisplayRefreshMonitor::requestRefreshCallback): (WebCore::DisplayRefreshMonitor::displayLinkFired): 2012-04-27 Kentaro Hara <haraken@chromium.org> [V8] Implement a helper method V8Proxy::throwNotEnoughArgumentsError() https://bugs.webkit.org/show_bug.cgi?id=85097 Reviewed by Kenneth Russell. In bug 84787, kbr requested to avoid hard-coding throwError("Not enough arguments", V8Proxy::TypeError) here and there. This patch implements V8Proxy::throwNotEnoughArgumentsError() and uses it in V8 bindings. No tests. No change in behavior. * bindings/scripts/CodeGeneratorV8.pm: (GenerateArgumentsCountCheck): (GenerateEventConstructorCallback): * bindings/v8/V8Proxy.cpp: (WebCore::V8Proxy::throwNotEnoughArgmentsError): (WebCore): * bindings/v8/V8Proxy.h: (V8Proxy): * bindings/v8/custom/V8DataViewCustom.cpp: (WebCore::V8DataView::getInt8Callback): (WebCore::V8DataView::getUint8Callback): (WebCore::V8DataView::setInt8Callback): (WebCore::V8DataView::setUint8Callback): * bindings/v8/custom/V8DirectoryEntryCustom.cpp: (WebCore::V8DirectoryEntry::getDirectoryCallback): (WebCore::V8DirectoryEntry::getFileCallback): * bindings/v8/custom/V8IntentConstructor.cpp: (WebCore::V8Intent::constructorCallback): * bindings/v8/custom/V8WebKitMutationObserverCustom.cpp: (WebCore::V8WebKitMutationObserver::constructorCallback): (WebCore::V8WebKitMutationObserver::observeCallback): Test: bindings/scripts/test/TestObj.idl * bindings/scripts/CodeGeneratorV8.pm: Modified as described above. (GenerateArgumentsCountCheck): (GenerateEventConstructorCallback): * bindings/v8/V8Proxy.cpp: Ditto. (WebCore::V8Proxy::throwNotEnoughArgumentsError): (WebCore): * bindings/v8/V8Proxy.h: (V8Proxy): * bindings/v8/custom/V8DataViewCustom.cpp: (WebCore::V8DataView::getInt8Callback): (WebCore::V8DataView::getUint8Callback): (WebCore::V8DataView::setInt8Callback): (WebCore::V8DataView::setUint8Callback): * bindings/v8/custom/V8DirectoryEntryCustom.cpp: (WebCore::V8DirectoryEntry::getDirectoryCallback): (WebCore::V8DirectoryEntry::getFileCallback): * bindings/v8/custom/V8IntentConstructor.cpp: (WebCore::V8Intent::constructorCallback): * bindings/v8/custom/V8WebKitMutationObserverCustom.cpp: (WebCore::V8WebKitMutationObserver::constructorCallback): (WebCore::V8WebKitMutationObserver::observeCallback): * bindings/scripts/test/V8/V8Float64Array.cpp: Updated run-bindings-tests. (WebCore::Float64ArrayV8Internal::fooCallback): * bindings/scripts/test/V8/V8TestActiveDOMObject.cpp: (WebCore::TestActiveDOMObjectV8Internal::excitingFunctionCallback): (WebCore::TestActiveDOMObjectV8Internal::postMessageCallback): * bindings/scripts/test/V8/V8TestCustomNamedGetter.cpp: (WebCore::TestCustomNamedGetterV8Internal::anotherFunctionCallback): * bindings/scripts/test/V8/V8TestEventConstructor.cpp: (WebCore::V8TestEventConstructor::constructorCallback): * bindings/scripts/test/V8/V8TestEventTarget.cpp: (WebCore::TestEventTargetV8Internal::itemCallback): (WebCore::TestEventTargetV8Internal::dispatchEventCallback): * bindings/scripts/test/V8/V8TestInterface.cpp: (WebCore::TestInterfaceV8Internal::supplementalMethod2Callback): (WebCore::V8TestInterface::constructorCallback): * bindings/scripts/test/V8/V8TestMediaQueryListListener.cpp: (WebCore::TestMediaQueryListListenerV8Internal::methodCallback): * bindings/scripts/test/V8/V8TestNamedConstructor.cpp: (WebCore::V8TestNamedConstructorConstructorCallback): * bindings/scripts/test/V8/V8TestObj.cpp: (WebCore::TestObjV8Internal::voidMethodWithArgsCallback): (WebCore::TestObjV8Internal::intMethodWithArgsCallback): (WebCore::TestObjV8Internal::objMethodWithArgsCallback): (WebCore::TestObjV8Internal::methodWithSequenceArgCallback): (WebCore::TestObjV8Internal::methodReturningSequenceCallback): (WebCore::TestObjV8Internal::methodThatRequiresAllArgsAndThrowsCallback): (WebCore::TestObjV8Internal::serializedValueCallback): (WebCore::TestObjV8Internal::idbKeyCallback): (WebCore::TestObjV8Internal::optionsObjectCallback): (WebCore::TestObjV8Internal::methodWithNonOptionalArgAndOptionalArgCallback): (WebCore::TestObjV8Internal::methodWithNonOptionalArgAndTwoOptionalArgsCallback): (WebCore::TestObjV8Internal::methodWithCallbackArgCallback): (WebCore::TestObjV8Internal::methodWithNonCallbackArgAndCallbackArgCallback): (WebCore::TestObjV8Internal::overloadedMethod1Callback): (WebCore::TestObjV8Internal::overloadedMethod2Callback): (WebCore::TestObjV8Internal::overloadedMethod3Callback): (WebCore::TestObjV8Internal::overloadedMethod4Callback): (WebCore::TestObjV8Internal::overloadedMethod5Callback): (WebCore::TestObjV8Internal::overloadedMethod6Callback): (WebCore::TestObjV8Internal::overloadedMethod7Callback): (WebCore::TestObjV8Internal::overloadedMethod11Callback): (WebCore::TestObjV8Internal::overloadedMethod12Callback): (WebCore::TestObjV8Internal::enabledAtRuntimeMethod1Callback): (WebCore::TestObjV8Internal::enabledAtRuntimeMethod2Callback): (WebCore::TestObjV8Internal::convert1Callback): (WebCore::TestObjV8Internal::convert2Callback): (WebCore::TestObjV8Internal::convert3Callback): (WebCore::TestObjV8Internal::convert4Callback): (WebCore::TestObjV8Internal::convert5Callback): (WebCore::TestObjV8Internal::strictFunctionCallback): (WebCore::V8TestObj::constructorCallback): * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp: (WebCore::TestSerializedScriptValueInterfaceV8Internal::acceptTransferListCallback): (WebCore::V8TestSerializedScriptValueInterface::constructorCallback): 2012-04-27 Mark Pilgrim <pilgrim@chromium.org> [Chromium] Call lowMemoryUsageMB directly https://bugs.webkit.org/show_bug.cgi?id=84840 Reviewed by Kentaro Hara. Part of a refactoring series. See tracking bug 82948. * bindings/v8/V8GCController.cpp: (WebCore::V8GCController::checkMemoryUsage): * platform/MemoryUsageSupport.cpp: (WebCore::MemoryUsageSupport::lowMemoryUsageMB): (WebCore): * platform/MemoryUsageSupport.h: (MemoryUsageSupport): * platform/chromium/MemoryUsageSupportChromium.cpp: (WebCore::MemoryUsageSupport::lowMemoryUsageMB): (WebCore): * platform/chromium/PlatformSupport.h: (PlatformSupport): 2012-04-27 Yi Shen <yi.4.shen@nokia.com> REGRESSION(113723): Pressing enter in this list example deletes the whole list https://bugs.webkit.org/show_bug.cgi?id=85016 Reviewed by Enrica Casucci. The bug was caused by CompositeEditCommand::breakOutOfEmptyListItem, which calls isListItem on the empty list's siblings to decide which part of the list should get removed. However, the check fails when the empty list's sibling is a text node, or a list element (e.g. ul, ol). Fixed it by skipping empty list's non-element sibling and calling isListElement to do further check. Test: added new test cases in the existing test (break-out-of-empty-list-item.html) * editing/CompositeEditCommand.cpp: (WebCore::CompositeEditCommand::breakOutOfEmptyListItem): 2012-04-27 Ian Vollick <vollick@chromium.org> [chromium] Add pause and resume support for accelerated css animations. https://bugs.webkit.org/show_bug.cgi?id=84601 Reviewed by James Robinson. Tested in: CCLayerAnimationControllerTest.syncPauseResume CCActiveAnimationTest.TrimTimeTimeOffset CCActiveAnimationTest.TrimTimeSuspendResume CCActiveAnimationTest.IsFinishedNeedsSynchronizedStartTime CCActiveAnimationTest.RunStateChangesIgnoredWhileSuspended * platform/graphics/chromium/GraphicsLayerChromium.cpp: (WebCore::GraphicsLayerChromium::suspendAnimations): (WebCore::GraphicsLayerChromium::resumeAnimations): * platform/graphics/chromium/GraphicsLayerChromium.h: (GraphicsLayerChromium): * platform/graphics/chromium/LayerChromium.cpp: (WebCore::LayerChromium::suspendAnimations): (WebCore::LayerChromium::resumeAnimations): * platform/graphics/chromium/LayerChromium.h: (LayerChromium): * platform/graphics/chromium/cc/CCActiveAnimation.cpp: (WebCore::CCActiveAnimation::CCActiveAnimation): (WebCore::CCActiveAnimation::setRunState): (WebCore::CCActiveAnimation::suspend): (WebCore::CCActiveAnimation::resume): (WebCore::CCActiveAnimation::isFinishedAt): (WebCore::CCActiveAnimation::trimTimeToCurrentIteration): (WebCore::CCActiveAnimation::cloneForImplThread): (WebCore::CCActiveAnimation::pushPropertiesTo): * platform/graphics/chromium/cc/CCActiveAnimation.h: (CCActiveAnimation): (WebCore::CCActiveAnimation::setStartTime): (WebCore::CCActiveAnimation::timeOffset): (WebCore::CCActiveAnimation::setTimeOffset): (WebCore::CCActiveAnimation::isFinished): * platform/graphics/chromium/cc/CCLayerAnimationController.cpp: (WebCore::CCLayerAnimationController::addAnimation): (WebCore::CCLayerAnimationController::pauseAnimation): (WebCore::CCLayerAnimationController::suspendAnimations): (WebCore::CCLayerAnimationController::resumeAnimations): (WebCore::CCLayerAnimationController::pushAnimationUpdatesTo): (WebCore::CCLayerAnimationController::getActiveAnimation): (WebCore::CCLayerAnimationController::pushNewAnimationsToImplThread): (WebCore::CCLayerAnimationController::removeAnimationsCompletedOnMainThread): (WebCore::CCLayerAnimationController::pushPropertiesToImplThread): (WebCore): (WebCore::CCLayerAnimationController::tickAnimations): * platform/graphics/chromium/cc/CCLayerAnimationController.h: (CCLayerAnimationController): 2012-04-27 Tim Horton <timothy_horton@apple.com> SMIL animation causes leak of the related Document (and many elements) https://bugs.webkit.org/show_bug.cgi?id=83856 <rdar://problem/11216047> Reviewed by Dean Jackson. The SVGAnimatedProperty cache was previously holding a reference to the properties it contained; said references were cleared in the SVGAnimatedProperty destructor (which was never called because there was always one remaining reference from the cache). The SVGAnimatedProperty cache now holds raw pointers instead of RefPtrs; the SVGAnimateElement now owns its own SVGAnimatedProperties, both for itself and for any <use/> instances of itself. They're cleared and destroyed within SVGAnimateElement::targetElementWillChange, at which time they're removed from the cache. SVGPropertyTearOffs now keep a reference to their SVGElement (m_contextElement) instead of their SVGAnimatedProperty; this way, there is no reference cycle, but the animated property (owned by the element) and the element itself are kept alive until the TearOff is garbage collected. Tests: svg/animations/smil-leak-dynamically-added-element-instances.svg svg/animations/smil-leak-elements.svg svg/animations/smil-leak-element-instances-noBaseValRef.svg svg/animations/smil-leak-element-instances.svg svg/animations/svglength-element-removed-crash.svg * svg/SVGAnimateElement.cpp: (WebCore::SVGAnimateElement::calculateAnimatedValue): (WebCore::propertyTypesAreConsistent): (WebCore::SVGAnimateElement::resetToBaseValue): (WebCore::SVGAnimateElement::applyResultsToTarget): (WebCore::SVGAnimateElement::targetElementWillChange): * svg/SVGAnimateElement.h: (SVGAnimateElement): * svg/SVGAnimatedAngle.cpp: (WebCore::SVGAnimatedAngleAnimator::startAnimValAnimation): (WebCore::SVGAnimatedAngleAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedAngleAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedAngleAnimator::animValWillChange): (WebCore::SVGAnimatedAngleAnimator::animValDidChange): * svg/SVGAnimatedAngle.h: (SVGAnimatedAngleAnimator): * svg/SVGAnimatedBoolean.cpp: (WebCore::SVGAnimatedBooleanAnimator::startAnimValAnimation): (WebCore::SVGAnimatedBooleanAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedBooleanAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedBooleanAnimator::animValWillChange): (WebCore::SVGAnimatedBooleanAnimator::animValDidChange): * svg/SVGAnimatedBoolean.h: (SVGAnimatedBooleanAnimator): * svg/SVGAnimatedColor.h: (WebCore::SVGAnimatedColorAnimator::startAnimValAnimation): (WebCore::SVGAnimatedColorAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedColorAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedColorAnimator::animValWillChange): (WebCore::SVGAnimatedColorAnimator::animValDidChange): * svg/SVGAnimatedEnumeration.cpp: (WebCore::SVGAnimatedEnumerationAnimator::startAnimValAnimation): (WebCore::SVGAnimatedEnumerationAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedEnumerationAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedEnumerationAnimator::animValWillChange): (WebCore::SVGAnimatedEnumerationAnimator::animValDidChange): * svg/SVGAnimatedEnumeration.h: (SVGAnimatedEnumerationAnimator): * svg/SVGAnimatedInteger.cpp: (WebCore::SVGAnimatedIntegerAnimator::startAnimValAnimation): (WebCore::SVGAnimatedIntegerAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedIntegerAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedIntegerAnimator::animValWillChange): (WebCore::SVGAnimatedIntegerAnimator::animValDidChange): * svg/SVGAnimatedInteger.h: (SVGAnimatedIntegerAnimator): * svg/SVGAnimatedIntegerOptionalInteger.cpp: (WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::startAnimValAnimation): (WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::animValWillChange): (WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::animValDidChange): * svg/SVGAnimatedIntegerOptionalInteger.h: (SVGAnimatedIntegerOptionalIntegerAnimator): * svg/SVGAnimatedLength.cpp: (WebCore::SVGAnimatedLengthAnimator::startAnimValAnimation): (WebCore::SVGAnimatedLengthAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedLengthAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedLengthAnimator::animValWillChange): (WebCore::SVGAnimatedLengthAnimator::animValDidChange): * svg/SVGAnimatedLength.h: (SVGAnimatedLengthAnimator): * svg/SVGAnimatedLengthList.cpp: (WebCore::SVGAnimatedLengthListAnimator::startAnimValAnimation): (WebCore::SVGAnimatedLengthListAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedLengthListAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedLengthListAnimator::animValWillChange): (WebCore::SVGAnimatedLengthListAnimator::animValDidChange): * svg/SVGAnimatedLengthList.h: (SVGAnimatedLengthListAnimator): * svg/SVGAnimatedNumber.cpp: (WebCore::SVGAnimatedNumberAnimator::startAnimValAnimation): (WebCore::SVGAnimatedNumberAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedNumberAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedNumberAnimator::animValWillChange): (WebCore::SVGAnimatedNumberAnimator::animValDidChange): * svg/SVGAnimatedNumber.h: (SVGAnimatedNumberAnimator): * svg/SVGAnimatedNumberList.cpp: (WebCore::SVGAnimatedNumberListAnimator::startAnimValAnimation): (WebCore::SVGAnimatedNumberListAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedNumberListAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedNumberListAnimator::animValWillChange): (WebCore::SVGAnimatedNumberListAnimator::animValDidChange): * svg/SVGAnimatedNumberList.h: (SVGAnimatedNumberListAnimator): * svg/SVGAnimatedNumberOptionalNumber.cpp: (WebCore::SVGAnimatedNumberOptionalNumberAnimator::startAnimValAnimation): (WebCore::SVGAnimatedNumberOptionalNumberAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedNumberOptionalNumberAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedNumberOptionalNumberAnimator::animValWillChange): (WebCore::SVGAnimatedNumberOptionalNumberAnimator::animValDidChange): * svg/SVGAnimatedNumberOptionalNumber.h: (SVGAnimatedNumberOptionalNumberAnimator): * svg/SVGAnimatedPath.cpp: (WebCore::SVGAnimatedPathAnimator::startAnimValAnimation): (WebCore::SVGAnimatedPathAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedPathAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedPathAnimator::animValWillChange): (WebCore::SVGAnimatedPathAnimator::animValDidChange): * svg/SVGAnimatedPath.h: (SVGAnimatedPathAnimator): * svg/SVGAnimatedPointList.cpp: (WebCore::SVGAnimatedPointListAnimator::startAnimValAnimation): (WebCore::SVGAnimatedPointListAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedPointListAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedPointListAnimator::animValWillChange): (WebCore::SVGAnimatedPointListAnimator::animValDidChange): * svg/SVGAnimatedPointList.h: (SVGAnimatedPointListAnimator): * svg/SVGAnimatedPreserveAspectRatio.cpp: (WebCore::SVGAnimatedPreserveAspectRatioAnimator::startAnimValAnimation): (WebCore::SVGAnimatedPreserveAspectRatioAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedPreserveAspectRatioAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedPreserveAspectRatioAnimator::animValWillChange): (WebCore::SVGAnimatedPreserveAspectRatioAnimator::animValDidChange): * svg/SVGAnimatedPreserveAspectRatio.h: (SVGAnimatedPreserveAspectRatioAnimator): * svg/SVGAnimatedRect.cpp: (WebCore::SVGAnimatedRectAnimator::startAnimValAnimation): (WebCore::SVGAnimatedRectAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedRectAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedRectAnimator::animValWillChange): (WebCore::SVGAnimatedRectAnimator::animValDidChange): * svg/SVGAnimatedRect.h: (SVGAnimatedRectAnimator): * svg/SVGAnimatedString.cpp: (WebCore::SVGAnimatedStringAnimator::startAnimValAnimation): (WebCore::SVGAnimatedStringAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedStringAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedStringAnimator::animValWillChange): (WebCore::SVGAnimatedStringAnimator::animValDidChange): * svg/SVGAnimatedString.h: (SVGAnimatedStringAnimator): * svg/SVGAnimatedTransformList.cpp: (WebCore::SVGAnimatedTransformListAnimator::startAnimValAnimation): (WebCore::SVGAnimatedTransformListAnimator::stopAnimValAnimation): (WebCore::SVGAnimatedTransformListAnimator::resetAnimValToBaseVal): (WebCore::SVGAnimatedTransformListAnimator::animValWillChange): (WebCore::SVGAnimatedTransformListAnimator::animValDidChange): * svg/SVGAnimatedTransformList.h: (SVGAnimatedTransformListAnimator): * svg/SVGAnimatedTypeAnimator.h: (SVGAnimatedTypeAnimator): (WebCore::SVGAnimatedTypeAnimator::findAnimatedPropertiesForAttributeName): (WebCore::SVGAnimatedTypeAnimator::findAnimatedPropertiesFromInstancesForAttributeName): (WebCore::SVGAnimatedTypeAnimator::constructFromBaseValue): (WebCore::SVGAnimatedTypeAnimator::resetFromBaseValue): (WebCore::SVGAnimatedTypeAnimator::stopAnimValAnimationForType): (WebCore::SVGAnimatedTypeAnimator::animValDidChangeForType): (WebCore::SVGAnimatedTypeAnimator::animValWillChangeForType): (WebCore::SVGAnimatedTypeAnimator::constructFromBaseValues): (WebCore::SVGAnimatedTypeAnimator::resetFromBaseValues): (WebCore::SVGAnimatedTypeAnimator::stopAnimValAnimationForTypes): (WebCore::SVGAnimatedTypeAnimator::animValDidChangeForTypes): (WebCore::SVGAnimatedTypeAnimator::animValWillChangeForTypes): (WebCore::SVGAnimatedTypeAnimator::castAnimatedPropertyToActualType): (WebCore::SVGAnimatedTypeAnimator::executeAction): * svg/properties/SVGAnimatedProperty.h: (SVGAnimatedProperty): * svg/properties/SVGPropertyTearOff.h: (WebCore::SVGPropertyTearOff::animatedProperty): (SVGPropertyTearOff): 2012-04-27 Adam Klein <adamk@chromium.org> Remove misspelled, unused, unimplemented method from V8Proxy https://bugs.webkit.org/show_bug.cgi?id=85091 Reviewed by Dimitri Glazkov. * bindings/v8/V8Proxy.h: (V8Proxy): 2012-04-24 Jeffrey Pfau <jpfau@apple.com> Disable RTF in JavaScript drag-and-drop https://bugs.webkit.org/show_bug.cgi?id=76597 Reviewed by Maciej Stachowiak. Test: fast/events/drag-and-drop-subframe-dataTransfer.html * platform/mac/ClipboardMac.mm: (WebCore::cocoaTypeFromHTMLClipboardType): 2012-04-26 James Robinson <jamesr@chromium.org> [chromium] Separate IOSurface layer type from texture layers https://bugs.webkit.org/show_bug.cgi?id=85030 Reviewed by Adrienne Walker. Adds a new layer type for IOSurface layers and pipes through a separate path through to rendering. IOSurface layers are very simple - they have an IOSurface id and size, nothing else. All IOSurface layers are "flipped" in our terminology. * WebCore.gypi: * platform/graphics/chromium/IOSurfaceLayerChromium.cpp: (WebCore): (WebCore::IOSurfaceLayerChromium::create): (WebCore::IOSurfaceLayerChromium::IOSurfaceLayerChromium): (WebCore::IOSurfaceLayerChromium::~IOSurfaceLayerChromium): (WebCore::IOSurfaceLayerChromium::setIOSurfaceProperties): (WebCore::IOSurfaceLayerChromium::createCCLayerImpl): (WebCore::IOSurfaceLayerChromium::drawsContent): (WebCore::IOSurfaceLayerChromium::pushPropertiesTo): * platform/graphics/chromium/IOSurfaceLayerChromium.h: (WebCore): (IOSurfaceLayerChromium): * platform/graphics/chromium/LayerRendererChromium.cpp: (WebCore::LayerRendererChromium::drawIOSurfaceQuad): (WebCore::LayerRendererChromium::cleanupSharedObjects): * platform/graphics/chromium/LayerRendererChromium.h: (LayerRendererChromium): * platform/graphics/chromium/TextureLayerChromium.cpp: (WebCore::TextureLayerChromium::TextureLayerChromium): (WebCore::TextureLayerChromium::drawsContent): (WebCore::TextureLayerChromium::pushPropertiesTo): * platform/graphics/chromium/TextureLayerChromium.h: (TextureLayerChromium): * platform/graphics/chromium/cc/CCIOSurfaceDrawQuad.cpp: (WebCore::CCIOSurfaceDrawQuad::create): (WebCore::CCIOSurfaceDrawQuad::CCIOSurfaceDrawQuad): * platform/graphics/chromium/cc/CCIOSurfaceDrawQuad.h: (CCIOSurfaceDrawQuad): * platform/graphics/chromium/cc/CCIOSurfaceLayerImpl.cpp: (WebCore): (WebCore::CCIOSurfaceLayerImpl::CCIOSurfaceLayerImpl): (WebCore::CCIOSurfaceLayerImpl::~CCIOSurfaceLayerImpl): (WebCore::CCIOSurfaceLayerImpl::willDraw): (WebCore::CCIOSurfaceLayerImpl::appendQuads): (WebCore::CCIOSurfaceLayerImpl::dumpLayerProperties): (WebCore::CCIOSurfaceLayerImpl::didLoseContext): (WebCore::CCIOSurfaceLayerImpl::setIOSurfaceProperties): * platform/graphics/chromium/cc/CCIOSurfaceLayerImpl.h: (WebCore): (CCIOSurfaceLayerImpl): (WebCore::CCIOSurfaceLayerImpl::create): * platform/graphics/chromium/cc/CCTextureLayerImpl.cpp: (WebCore::CCTextureLayerImpl::CCTextureLayerImpl): (WebCore::CCTextureLayerImpl::~CCTextureLayerImpl): (WebCore::CCTextureLayerImpl::appendQuads): (WebCore::CCTextureLayerImpl::didLoseContext): * platform/graphics/chromium/cc/CCTextureLayerImpl.h: (CCTextureLayerImpl): 2012-04-27 Arvid Nilsson <anilsson@rim.com> [BlackBerry] OpenGL related bug fixes https://bugs.webkit.org/show_bug.cgi?id=84836 Reviewed by Antonio Gomes. PR147254, 148933, 149117, 149721, 150228 No new tests, covered by existing BlackBerry browser stress tests * platform/graphics/blackberry/CanvasLayerWebKitThread.cpp: (WebCore::CanvasLayerWebKitThread::updateTextureContentsIfNeeded): * platform/graphics/blackberry/LayerCompositingThread.cpp: (WebCore::LayerCompositingThread::drawTextures): * platform/graphics/blackberry/LayerRenderer.cpp: (WebCore::LayerRenderer::~LayerRenderer): (WebCore::LayerRenderer::drawLayers): (WebCore::LayerRenderer::initializeSharedGLObjects): 2012-04-27 Nat Duca <nduca@chromium.org> Implement high-resolution time via window.performance.webkitNow() https://bugs.webkit.org/show_bug.cgi?id=66684 This implements the high resolution time spec from http://www.w3.org/TR/hr-time/, giving javascript access to sub-millisecond timestamps that increase over time instead of being subject to skewing, for example when the host machine's clock changes. Reviewed by Tony Gentilcore. Test: fast/performance/performance-now-timestamps.html * page/Performance.cpp: (WebCore::Performance::now): (WebCore): * page/Performance.h: (Performance): * page/Performance.idl: 2012-04-27 Filip Pizlo <fpizlo@apple.com> If you get a list of DOMWrapperWorld*'s and then plan to allocate in the heap, you should ref the DOMWrapperWorld*'s https://bugs.webkit.org/show_bug.cgi?id=85098 <rdar://problem/11318170> Reviewed by Sam Weinig. No new tests because this addresses hard-to-repro flaky behavior arising from GCs at inconvenient times. * bindings/js/ScriptController.cpp: (WebCore::ScriptController::getAllWorlds): * bindings/js/ScriptController.h: (ScriptController): * bindings/js/WebCoreJSClientData.h: (WebCore::WebCoreJSClientData::getAllWorlds): * bindings/v8/ScriptController.cpp: (WebCore::ScriptController::getAllWorlds): * bindings/v8/ScriptController.h: (ScriptController): * loader/FrameLoader.cpp: (WebCore::FrameLoader::dispatchDidClearWindowObjectsInAllWorlds): (WebCore::FrameLoader::dispatchGlobalObjectAvailableInAllWorlds): 2012-04-27 Geoffrey Garen <ggaren@apple.com> Removed the sole use of Weak<Unknown> https://bugs.webkit.org/show_bug.cgi?id=85099 Reviewed by Sam Weinig. The semantics and implementation of Weak<Unknown> are unclear because: - Should you call a finalizer for a non-GC thingy? If so, when? * Possible answer: No. - If WeakImpls for GC thingies live with the GC thingies in the heap, where do WeakImpls for non-GC thingies live? * Possible answer: Directly in the Weak<T>. Since no clients actually want these behaviors, it's hard to tell if they're the right behaviors, and it's not worth the implementation complexity. If we come up with a client that wants these behaviors, we can always revisit this. * bindings/js/JSNodeFilterCondition.cpp: (WebCore::JSNodeFilterCondition::JSNodeFilterCondition): Just leave our filter NULL if it's not an object -- that's a better way to indicate "not a valid filter object". (WebCore::JSNodeFilterCondition::acceptNode): Fixed up some naming to clarify that the object we're working with is not necessarily a function. * bindings/js/JSNodeFilterCondition.h: (JSNodeFilterCondition): Use Weak<JSObject>, since that more closely matches what we're trying to do. 2012-04-26 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to getDOMXXXMap() https://bugs.webkit.org/show_bug.cgi?id=85022 Reviewed by Nate Chapin. The objective is to pass Isolate around in V8 bindings. This patch passes Isolate to getDOMXXXMap(). Also this patch removes DOMMap::getDOMDataStore() and DOMData::getDefalutStore(), since the indirection by the methods is redundant. This is not for performance optimization but just for refactoring. No tests. No change in behavior. * bindings/v8/DOMData.cpp: (WebCore::DOMData::getCurrentStore): * bindings/v8/DOMData.h: (DOMData): * bindings/v8/V8DOMMap.cpp: (WebCore::getDOMNodeMap): (WebCore::getActiveDOMNodeMap): (WebCore::getDOMObjectMap): (WebCore::getActiveDOMObjectMap): (WebCore::removeAllDOMObjects): * bindings/v8/V8DOMMap.h: (WebCore): 2012-04-26 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to V8BindingPerIsolateData::current() https://bugs.webkit.org/show_bug.cgi?id=85023 Reviewed by Nate Chapin. The objective is to pass Isolate around in V8 bindings. This patch passes Isolate to V8BindingPerIsolateData::current(). No tests. No change in behavior. * bindings/v8/V8Binding.h: (WebCore::V8BindingPerIsolateData::current): (WebCore::v8ExternalString): 2012-04-27 Dimitri Glazkov <dglazkov@chromium.org> Unreviewed, rolling out r115484. http://trac.webkit.org/changeset/115484 https://bugs.webkit.org/show_bug.cgi?id=84555 Broke Chromium compile. * bindings/js/JSBlobCustom.cpp: * bindings/v8/custom/V8BlobCustom.cpp: * fileapi/Blob.cpp: * fileapi/Blob.h: (Blob): * fileapi/Blob.idl: * workers/WorkerContext.idl: 2012-04-27 Alexandru Chiculita <achicu@adobe.com> [CSS Shaders] Implement CSS Animations and Transitions for CSS Shaders https://bugs.webkit.org/show_bug.cgi?id=71406 Reviewed by Dean Jackson. I've implemented the blend function for the CustomFilterOperation. This should enable animations for CSS Shaders. Currently, just floats are implemented. If any of the filter attributes like shader, mesh size or box mode are different, the fallback is to use the "to" part of the animation instead. If other shader parameters do not match, it will merge the parameter values between the "from" and "to" states. Test: css3/filters/custom/custom-filter-animation.html * platform/graphics/filters/CustomFilterNumberParameter.h: (WebCore::CustomFilterNumberParameter::blend): (CustomFilterNumberParameter): (WebCore::CustomFilterNumberParameter::operator==): * platform/graphics/filters/CustomFilterOperation.cpp: (WebCore::equalCustomFilterParameters): (WebCore): (WebCore::checkCustomFilterParametersOrder): (WebCore::blendCustomFilterParameters): (WebCore::CustomFilterOperation::CustomFilterOperation): (WebCore::CustomFilterOperation::blend): * platform/graphics/filters/CustomFilterOperation.h: (WebCore): (CustomFilterOperation): (WebCore::CustomFilterOperation::operator==): (WebCore::CustomFilterOperation::operator!=): * platform/graphics/filters/CustomFilterParameter.h: (CustomFilterParameter): (WebCore::CustomFilterParameter::isSameType): (WebCore::CustomFilterParameter::operator==): (WebCore::CustomFilterParameter::operator!=): * platform/graphics/filters/CustomFilterProgram.h: * rendering/style/StyleCustomFilterProgram.h: (StyleCustomFilterProgram): (WebCore::StyleCustomFilterProgram::cachedVertexShader): (WebCore::StyleCustomFilterProgram::cachedFragmentShader): (WebCore::StyleCustomFilterProgram::operator==): 2012-04-27 Chris Rogers <crogers@google.com> Re-factor scheduling logic from AudioBufferSourceNode into AudioScheduledSourceNode https://bugs.webkit.org/show_bug.cgi?id=84639 Reviewed by Eric Carlson. Playback logic involving noteOn(), noteOff(), and playbackState were intertwined with the AudioBufferSourceNode's buffer playback code. These are more general concepts and may be implemented separately in another class called AudioScheduledSourceNode. No new tests. Covered by existing layout tests. * GNUmakefile.list.am: Add AudioScheduledSourceNode files to makefile. * Modules/webaudio/AudioBufferSourceNode.cpp: (WebCore): (WebCore::AudioBufferSourceNode::AudioBufferSourceNode): Re-factor some member variables into new base class AudioScheduledSourceNode. (WebCore::AudioBufferSourceNode::process): Re-factor scheduling logic into AudioScheduledSourceNode. * Modules/webaudio/AudioBufferSourceNode.h: (AudioBufferSourceNode): Simplify by re-factoring scheduling logic into AudioScheduledSourceNode. * Modules/webaudio/AudioScheduledSourceNode.cpp: Added. (WebCore): (WebCore::AudioScheduledSourceNode::AudioScheduledSourceNode): (WebCore::AudioScheduledSourceNode::updateSchedulingInfo): Get frame information for the current time quantum. * Modules/webaudio/AudioScheduledSourceNode.h: Added. (WebCore::AudioScheduledSourceNode::noteOn): (WebCore::AudioScheduledSourceNode::noteOff): (WebCore::AudioScheduledSourceNode::finish): (WebCore::AudioScheduledSourceNode::playbackState): (WebCore::AudioScheduledSourceNode::isPlayingOrScheduled): (WebCore::AudioScheduledSourceNode::hasFinished): Re-factored from AudioBufferSourceNode. * WebCore.gypi: * WebCore.xcodeproj/project.pbxproj: Add AudioScheduledSourceNode files to makefiles. 2012-04-26 Sam Weinig <sam@webkit.org> Add support for the Blob constructor https://bugs.webkit.org/show_bug.cgi?id=84555 Reviewed by Maciej Stachowiak. Test: fast/files/blob-constructor.html This adds an implementation of the Blob constructor that willfully violates the W3C Editor’s Draft 29 February 2012 in the following ways: - Elements in the parts array are coerced to DOMStrings https://www.w3.org/Bugs/Public/show_bug.cgi?id=16721 - Don't throw for invalid key in the dictionary https://www.w3.org/Bugs/Public/show_bug.cgi?id=16727 - Values for the endings property are treated as enums https://www.w3.org/Bugs/Public/show_bug.cgi?id=16729 * bindings/js/JSBlobCustom.cpp: (WebCore::JSBlobConstructor::constructJSBlob): Implement blob constructor. * bindings/v8/custom/V8BlobCustom.cpp: (WebCore::V8Blob::constructorCallback): Implement blob constructor. * fileapi/Blob.idl: Add constructor to IDL. * workers/WorkerContext.idl: Add Blob constructor to the worker global object. 2012-04-27 Allan Sandfeld Jensen <allan.jensen@nokia.com> [Qt] Fix minimal build. https://bugs.webkit.org/show_bug.cgi?id=85045 Reviewed by Tor Arne Vestbø. Compile LIBXML XML parser even if ENABLE_XSLT is not set. * Target.pri: 2012-04-27 Shawn Singh <shawnsingh@chromium.org> Infinite backgroundClipRect should not be scrolled. https://bugs.webkit.org/show_bug.cgi?id=84979 Reviewed by Adrienne Walker. Test: compositing/iframes/scroll-fixed-transformed-element.html By accidentally scrolling clipRects that should be considered "infinite", they were no longer being considered infinite. This caused a chain of un-intended code paths that caused fixed position elements to stutter when scrolling in Chromium. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::backgroundClipRect): 2012-04-27 Ryosuke Niwa <rniwa@webkit.org> FormatBlock crashes when body element is removed prior to the command execution https://bugs.webkit.org/show_bug.cgi?id=84937 Reviewed by Tony Chang. The crash was because because DOM had been modified since the last time selection had been "validated", and therefore frame selection's endpoints are no longer visible when we instantiated visibleStart and visibleEnd from m_endingSelection of the edit command. Fixed the bug by checking the nullity and orphanedness of visible start and visible end directly. I suspect we have similar bugs in other commands. The fundamental problem is that the copy constructor of VisibleSelection never validates so when a VisibleSelection is passed from one class to another (e.g. FrameSelection to EditCommand), we may not adjust end points as needed. Test: editing/execCommand/format-block-without-body-crash.html * editing/ApplyBlockElementCommand.cpp: (WebCore::ApplyBlockElementCommand::doApply): 2012-04-27 Enrica Casucci <enrica@apple.com> REGRESSION(r96257): Deleting a large amount of text is very slow. https://bugs.webkit.org/show_bug.cgi?id=83983 <rdar://problem/10826076> Reviewed by Ryosuke Niwa. The change in r96257 did not cause the performance regression per se, but exposed a problem in the way we calculate the offset in container node when the anchorType is PositionIsOffsetInAnchor. The offset was computed as the minimum between the given offset and lastOffsetInNode. If the container has a very large number of children, we walk the entire list of child nodes in the container simply to find out how many they are. Looking through the entire editing code, I found other 2 cases (one is only an ASSERT) where we could do a similar optimization. No new tests. No behavior change, only performance optimization. * dom/Position.cpp: (WebCore::Position::computeOffsetInContainerNode): * dom/Position.h: (WebCore::minOffsetForNode): (WebCore::offsetIsBeforeLastNodeOffset): * editing/ApplyStyleCommand.cpp: (WebCore::ApplyStyleCommand::removeInlineStyle): (WebCore::ApplyStyleCommand::mergeEndWithNextIfIdentical): 2012-04-27 Julien Chaffraix <jchaffraix@webkit.org> NULL-deref in RenderBox::clippedOverflowRectForRepaint https://bugs.webkit.org/show_bug.cgi?id=84774 Reviewed by Tony Chang. Test: fast/inline/crash-new-continuation-with-outline.html The bug comes from trying to repaint the :after content as part of updateBeforeAfterContent. The repainting logic would query the yet-to-be-inserted continuation(). Then we would crash in RenderBox::clippedOverflowRectForRepaint as we didn't have an enclosingLayer() (which any RenderObject in the tree will have). The fix is to check in RenderInline::clippedOverflowRectForRepaint that our continuation() is properly inserted in the tree. We could check that it isRooted() but it's an overkill here. * rendering/RenderInline.cpp: (WebCore::RenderInline::clippedOverflowRectForRepaint): 2012-04-27 Antti Koivisto <antti@apple.com> Memory cache pruning should be protected against reentering. https://bugs.webkit.org/show_bug.cgi?id=85077 Reviewed by Alexey Proskuryakov. MemoryCache::pruneDeadResourcesToSize() has some ad-hock protection against reentering. This patch adds more complete protection. * loader/cache/MemoryCache.cpp: (WebCore::MemoryCache::MemoryCache): (WebCore::MemoryCache::pruneLiveResourcesToSize): Protect live resource pruning too. (WebCore::MemoryCache::pruneDeadResourcesToSize): Remove the existing weak reentrancy handling in favor of full proctection. * loader/cache/MemoryCache.h: (MemoryCache): 2012-04-27 Alexander Pavlov <apavlov@chromium.org> Web Inspector: Implement the "Disable JavaScript" option in the settings dialog (re-landing r115417 with a test that should work on Windows.) https://bugs.webkit.org/show_bug.cgi?id=84946 Reviewed by Yury Semikhatsky. Test: inspector/debugger/disable-script.html * inspector/Inspector.json: * inspector/InspectorPageAgent.cpp: (PageAgentState): (WebCore::InspectorPageAgent::enable): (WebCore::InspectorPageAgent::disable): (WebCore::InspectorPageAgent::getScriptExecutionStatus): (WebCore): (WebCore::InspectorPageAgent::setScriptExecutionDisabled): * inspector/InspectorPageAgent.h: * inspector/front-end/Settings.js: * inspector/front-end/SettingsScreen.js: (WebInspector.SettingsScreen): (WebInspector.SettingsScreen.prototype.get _updateScriptDisabledCheckbox): (WebInspector.SettingsScreen.prototype._javaScriptDisabledChanged): * inspector/front-end/inspector.js: 2012-04-27 Keishi Hattori <keishi@webkit.org> IETC HTML5: verify HTMLDataListElement - instanceof HTMLDataListElement fails. https://bugs.webkit.org/show_bug.cgi?id=81196 Reviewed by Kent Tamura. Test: fast/dom/Window/window-properties.html, fast/dom/Window/window-lookup-precedence.html HTMLDataListElement should be available on DOMWindow. * page/DOMWindow.idl: Added HTMLDataListElement. 2012-04-27 Dimitri Glazkov <dglazkov@chromium.org> Unreviewed, rolling out r115417. http://trac.webkit.org/changeset/115417 https://bugs.webkit.org/show_bug.cgi?id=84946 Added test is broken on windows. * inspector/Inspector.json: * inspector/InspectorPageAgent.cpp: (WebCore::InspectorPageAgent::enable): (WebCore::InspectorPageAgent::disable): * inspector/InspectorPageAgent.h: * inspector/front-end/Settings.js: * inspector/front-end/SettingsScreen.js: (WebInspector.SettingsScreen): * inspector/front-end/inspector.js: 2012-04-27 Gavin Peters <gavinp@chromium.org> Add new ENABLE_LINK_PRERENDER define to control the Prerendering API https://bugs.webkit.org/show_bug.cgi?id=84871 Reviewed by Adam Barth. Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering API separates it from prefetching. Having separate include guards lets ports enable prefetching, a relatively easy change, without needing to build the infrastructure for prerendering, which is considerably more complicated. * Configurations/FeatureDefines.xcconfig: 2012-04-27 Zan Dobersek <zandobersek@gmail.com> [Gtk][DOM Bindings] Feature-protected properties are put under condition guards https://bugs.webkit.org/show_bug.cgi?id=85068 Reviewed by Martin Robinson. Generated feature-dependent properties are now present regardless of that feature being enabled. On getting or setting that property's value a warning is thrown if the feature is not enabled. Additionally, if the generated interface is feature-dependant, when getting or setting any property's value a warning is thrown if the feature is not enabled. No new tests - covered by existing bindings tests. * bindings/scripts/CodeGeneratorGObject.pm: (GenerateProperty): (GenerateProperties): * bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp: Rebaseline. (webkit_dom_test_interface_set_property): (webkit_dom_test_interface_get_property): (webkit_dom_test_interface_class_init): * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp: Ditto. (webkit_dom_test_obj_set_property): (webkit_dom_test_obj_get_property): (webkit_dom_test_obj_class_init): * bindings/scripts/test/GObject/WebKitDOMTestSerializedScriptValueInterface.cpp: Ditto. (webkit_dom_test_serialized_script_value_interface_get_property): 2012-04-27 Zan Dobersek <zandobersek@gmail.com> [Gtk][DOM Bindings] Conditional string in implementation file generated in wrong place after 113450 https://bugs.webkit.org/show_bug.cgi?id=85065 Reviewed by Martin Robinson. Put the condition string in implementation file after the header inclusions. This ensures that build errors do not occur when disabling the future that applies to the condition string because of WebCore objects and methods that are still in use despite the feature being disabled. No new tests - covered by bindings tests. * bindings/scripts/CodeGeneratorGObject.pm: (WriteData): * bindings/scripts/test/GObject/WebKitDOMTestCallback.cpp: Rebaseline generated results. * bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp: Ditto. * bindings/scripts/test/GObject/WebKitDOMTestSerializedScriptValueInterface.cpp: Ditto. 2012-04-27 Andreas Kling <kling@webkit.org> Avoid mutating Element attribute storage in StepRange constructor. <http://webkit.org/b/84797> Reviewed by Antti Koivisto. Test: fast/selectors/querySelector-in-range-crash.html * dom/Attribute.h: Add comment about the volatility of references returned by getters. * html/StepRange.cpp: (WebCore::StepRange::StepRange): Replace hasAttribute/getAttribute pair by a single fastGetAttribute. * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::updateType): (WebCore::HTMLInputElement::value): Store the value attribute in an local variable before passing it to sanitizeValue(). 2012-04-27 Rob Buis <rbuis@rim.com> SVG inline style of 'marker-*' does not override https://bugs.webkit.org/show_bug.cgi?id=84824 Reviewed by Nikolas Zimmermann. Properly handle CSSValueNone for clip-path, filter, mask and marker-* properties. Instead of bailing out, set the none value explicitly, since an earlier match may have set it to something other than none. Tests: svg/custom/inline-style-overrides-clipPath-expected.svg svg/custom/inline-style-overrides-clipPath.svg svg/custom/inline-style-overrides-filter-expected.svg svg/custom/inline-style-overrides-filter.svg svg/custom/inline-style-overrides-markers-expected.svg svg/custom/inline-style-overrides-markers.svg svg/custom/inline-style-overrides-mask-expected.svg svg/custom/inline-style-overrides-mask.svg * css/SVGCSSStyleSelector.cpp: (WebCore::StyleResolver::applySVGProperty): 2012-04-27 Christophe Dumez <christophe.dumez@intel.com> [EFL] media/video-controls-rendering-toggle-display-none.html is failing https://bugs.webkit.org/show_bug.cgi?id=84949 Reviewed by Antonio Gomes. Fix volume slider rendering so that the media/video-controls-rendering-toggle-display-none.html passes. * css/mediaControlsEfl.css: (audio::-webkit-media-controls-mute-button, video::-webkit-media-controls-mute-button): (audio::-webkit-media-controls-volume-slider-container, video::-webkit-media-controls-volume-slider-container): (audio::-webkit-media-controls-volume-slider, video::-webkit-media-controls-volume-slider): 2012-04-27 Nikolas Zimmermann <nzimmermann@rim.com> Support values animation mode with just a single value https://bugs.webkit.org/show_bug.cgi?id=85064 Reviewed by Antti Koivisto. values="a" is equal to <set to="a"> per SMIL specification. We currently only support values animation if at least two values are given, fix that. The reference animations in Dr. Olaf Hoffmanns SVG Animation test suite are mostly using values animations, sometimes with only a single value given. Lots of the reference animations are broken in trunk w/o this patch and now work as expected. See http://hoffmann.bplaced.net/svgtest/index.php?s=en&in=start. Test: svg/animations/single-values-animation.html * svg/SVGAnimationElement.cpp: (WebCore::SVGAnimationElement::calculateKeyTimesForCalcModePaced): (WebCore::SVGAnimationElement::currentValuesForValuesAnimation): (WebCore::SVGAnimationElement::startedActiveInterval): 2012-04-27 Konrad Piascik <kpiascik@rim.com> Web Inspector: Allow inspection of Web Socket Frames https://bugs.webkit.org/show_bug.cgi?id=83282 Reviewed by Pavel Feldman. Tests: http/tests/inspector/web-socket-frame-error.html http/tests/inspector/web-socket-frame.html * English.lproj/localizedStrings.js: Added new Web Inspector front-end UI strings. * Modules/websockets/WebSocketChannel.cpp: Added InspectorInstrumentation calls to the following methods. (WebCore::WebSocketChannel::fail): (WebCore::WebSocketChannel::processFrame): (WebCore::WebSocketChannel::sendFrame): * WebCore.gypi: Added new Web Inspector resource file. * WebCore.vcproj/WebCore.vcproj: Added new Web Inspector resource file. * inspector/Inspector.json: Added new Web Inspector resource file. * inspector/InspectorInstrumentation.cpp: Added new methods for instrumenting a Web Socket frame or error. (WebCore::InspectorInstrumentation::didReceiveWebSocketFrameImpl): (WebCore::InspectorInstrumentation::didReceiveWebSocketFrameErrorImpl): (WebCore::InspectorInstrumentation::didSendWebSocketFrameImpl): * inspector/InspectorInstrumentation.h: (WebCore): (InspectorInstrumentation): (WebCore::InspectorInstrumentation::didReceiveWebSocketFrame): (WebCore::InspectorInstrumentation::didReceiveWebSocketFrameError): (WebCore::InspectorInstrumentation::didSendWebSocketFrame): * inspector/InspectorResourceAgent.cpp: (WebCore::InspectorResourceAgent::didReceiveWebSocketFrame): (WebCore): (WebCore::InspectorResourceAgent::didSendWebSocketFrame): (WebCore::InspectorResourceAgent::didReceiveWebSocketFrameError): * inspector/InspectorResourceAgent.h: (WebCore): (InspectorResourceAgent): * inspector/compile-front-end.py: Added new Web Inspector resource file. * inspector/front-end/NetworkItemView.js: Added a new View for inspecting Web Socket frames and errors. (WebInspector.NetworkItemView): * inspector/front-end/NetworkManager.js: Implemented callback called by InspectorResourceAgent for the new Web Socket frame and error calls. (WebInspector.NetworkDispatcher.prototype.webSocketFrameReceived): (WebInspector.NetworkDispatcher.prototype.webSocketFrameSent): (WebInspector.NetworkDispatcher.prototype.webSocketFrameError): * inspector/front-end/NetworkRequest.js: Added a frames array to a Resource request along with accessor and helper methods (WebInspector.NetworkRequest): (WebInspector.NetworkRequest.prototype.resource): (WebInspector.NetworkRequest.prototype.hasFrames): (WebInspector.NetworkRequest.prototype.frameLength): (WebInspector.NetworkRequest.prototype.getFrame): (WebInspector.NetworkRequest.prototype.addFrameError): (WebInspector.NetworkRequest.prototype.addFrame): (WebInspector.NetworkRequest.prototype._pushFrame): * inspector/front-end/ResourceWebSocketFrameView.js: Added to help display Web Socket frame and error data. (WebInspector.ResourceWebSocketFrameView): * inspector/front-end/WebKit.qrc: Added new Web Inspector resource file. * inspector/front-end/inspector.html: Added new Web Inspector resource file. 2012-04-27 Nikolas Zimmermann <nzimmermann@rim.com> Fix repetitions & by animation support for SVGAnimateTransformElement https://bugs.webkit.org/show_bug.cgi?id=85051 Reviewed by Antti Koivisto. Repetitions are currently handled by adjusting percentage (percentage += repeatCount). This doesn't work for <animateTransform> as each repetition has to be post-multiplied to the animated transform list. Fix that. By-animations are equal to values="0;by" animations in SMIL. '0' is the neutral element of addition, which is the _zero_ matrix, not the identity matrix for SVGTransform. Add a new construction mode to SVGTransform to be able to construct zero transforms. Tests: svg/animations/animateTransform-accumulation-expected.svg svg/animations/animateTransform-accumulation.svg svg/animations/animateTransform-by-scale-expected.svg svg/animations/animateTransform-by-scale.svg svg/animations/animateTransform-from-by-from-to-comparision-expected.svg svg/animations/animateTransform-from-by-from-to-comparision.svg svg/animations/animateTransform-from-by-scale-additive-sum-expected.svg svg/animations/animateTransform-from-by-scale-additive-sum.svg svg/animations/animateTransform-from-by-scale-expected.svg svg/animations/animateTransform-from-by-scale.svg svg/animations/animateTransform-rotate-around-point-expected.svg svg/animations/animateTransform-rotate-around-point.svg svg/animations/animateTransform-skewX-expected.svg svg/animations/animateTransform-skewX.svg svg/animations/animateTransform-skewY-expected.svg svg/animations/animateTransform-skewY.svg svg/animations/animateTransform-translate-expected.svg svg/animations/animateTransform-translate.svg svg/animations/multiple-animateTransform-additive-sum-expected.svg svg/animations/multiple-animateTransform-additive-sum.svg * svg/SVGAnimateTransformElement.cpp: (WebCore::SVGAnimateTransformElement::parseAttribute): * svg/SVGAnimatedTransformList.cpp: (WebCore::SVGAnimatedTransformListAnimator::addAnimatedTypes): (WebCore::SVGAnimatedTransformListAnimator::calculateAnimatedValue): * svg/SVGAnimationElement.h: (WebCore::SVGAnimationElement::adjustFromToListValues): * svg/SVGTransform.cpp: (WebCore::SVGTransform::SVGTransform): * svg/SVGTransform.h: * svg/SVGTransformDistance.cpp: (WebCore::SVGTransformDistance::SVGTransformDistance): (WebCore::SVGTransformDistance::scaledDistance): (WebCore::SVGTransformDistance::addSVGTransforms): (WebCore::SVGTransformDistance::addToSVGTransform): (WebCore::SVGTransformDistance::distance): * svg/SVGTransformDistance.h: (SVGTransformDistance): 2012-04-27 Nikolas Zimmermann <nzimmermann@rim.com> SVG Animations update baseVal instead of animVal https://bugs.webkit.org/show_bug.cgi?id=12437 Reviewed by Dirk Schulze. Cleanup animation code, remove last remaining crufts of the old setAttribute() animation model. Now only two animation modes remain: animate SVG DOM animVal properties or CSS properties. Stop caching base values per string in SMILTimeContainer, as it breaks additive="sum" for CSS properties if the underlying base value is changed from the outside (eg. when calling style.fontSize="20px", if font-size was 10px, and we're running an additive by-animation with 50px). This requires us to cache the computed style of a SVGElement, without SMIL style property changes, in SVGElementRareData, similar to how the computed style itself is cached in ElementRareData. To be able to compute the base value for a CSS property at any time, we have to exclude any previous animation effects residing in the SMIL animated style properties, per SMIL2/3 specs. NOTE: This doesn't change or affect the way CSS Animations/Transitions are applied, we still have some bugs in that area, but this patch doesn't address them. The idea is to only remove the cache, to pave the way for future additive="sum" patches. Tests: svg/animations/change-css-property-while-animating-fill-freeze.html svg/animations/change-css-property-while-animating-fill-remove.html * dom/Element.cpp: (WebCore::Element::recalcStyle): * dom/Node.h: * svg/SVGAnimateElement.cpp: (WebCore::propertyTypesAreConsistent): (WebCore::SVGAnimateElement::resetToBaseValue): (WebCore::SVGAnimateElement::applyResultsToTarget): * svg/SVGAnimateElement.h: (SVGAnimateElement): * svg/SVGAnimateMotionElement.cpp: (WebCore::SVGAnimateMotionElement::resetToBaseValue): * svg/SVGAnimateMotionElement.h: (SVGAnimateMotionElement): * svg/SVGAnimationElement.cpp: (WebCore::applyCSSPropertyToTarget): (WebCore::SVGAnimationElement::setTargetAttributeAnimatedCSSValue): * svg/SVGAnimationElement.h: * svg/SVGElement.cpp: (WebCore::SVGElement::SVGElement): (WebCore::SVGElement::willRecalcStyle): (WebCore): (WebCore::SVGElement::rareSVGData): (WebCore::SVGElement::ensureRareSVGData): (WebCore::SVGElement::computedStyle): (WebCore::SVGElement::isAnimatableAttribute): * svg/SVGElement.h: (SVGElement): * svg/SVGElementRareData.h: (WebCore::SVGElementRareData::SVGElementRareData): (WebCore::SVGElementRareData::ensureAnimatedSMILStyleProperties): (WebCore::SVGElementRareData::destroyAnimatedSMILStyleProperties): (WebCore::SVGElementRareData::overrideComputedStyle): (WebCore::SVGElementRareData::setUseOverrideComputedStyle): * svg/animation/SMILTimeContainer.cpp: (WebCore::SMILTimeContainer::updateAnimations): * svg/animation/SMILTimeContainer.h: (SMILTimeContainer): * svg/animation/SVGSMILElement.h: (SVGSMILElement): 2012-04-26 Alexander Pavlov <apavlov@chromium.org> Web Inspector: Implement the "Disable JavaScript" option in the settings dialog (re-landing r115323 with a fixed test.) https://bugs.webkit.org/show_bug.cgi?id=84946 Based on user actions in the Inspector frontend, InspectorPageAgent invokes Settings::setScriptEnabled() for the associated page to switch the script execution therein. Reviewed by Yury Semikhatsky. Test: inspector/debugger/disable-script.html * inspector/Inspector.json: * inspector/InspectorPageAgent.cpp: (PageAgentState): (WebCore::InspectorPageAgent::enable): (WebCore::InspectorPageAgent::disable): (WebCore::InspectorPageAgent::getScriptExecutionStatus): (WebCore): (WebCore::InspectorPageAgent::setScriptExecutionDisabled): * inspector/InspectorPageAgent.h: * inspector/front-end/Settings.js: * inspector/front-end/SettingsScreen.js: (WebInspector.SettingsScreen): (WebInspector.SettingsScreen.prototype.get _updateScriptDisabledCheckbox): (WebInspector.SettingsScreen.prototype._javaScriptDisabledChanged): * inspector/front-end/inspector.js: 2012-04-26 Ryosuke Niwa <rniwa@webkit.org> REGRESSION (r94497): Pressing Command+A when inline (Marked Text) is not empty will clean whole content https://bugs.webkit.org/show_bug.cgi?id=84501 Reviewed by Alexey Proskuryakov. The bug was caused by setComposition, which is called by cancelComposition, deleting the contents when the passed text is empty. Fixed it by not deleting text when canceling compositions. This is okay because as the comment above the line suggests, this particular call to TypingCommand::deleteSelection is only useful when the confirmed text is empty and the composition text had previously been non-empty. Test: editing/input/select-all-clear-input-method.html * editing/Editor.cpp: (WebCore::Editor::setComposition): 2012-04-26 Keishi Hattori <keishi@webkit.org> datalist: Form control in a <datalist> should be barred from constraint validation https://bugs.webkit.org/show_bug.cgi?id=84359 http://www.whatwg.org/specs/web-apps/current-work/multipage/the-button-element.html#the-datalist-element According to this, if an element has a datalist element ancestor, it is barred from constraint validation. Reviewed by Kent Tamura. Test: fast/forms/datalist/datalist-child-validation.html * html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::HTMLFormControlElement): (WebCore::HTMLFormControlElement::updateAncestors): Updates the ancestor information. (WebCore::HTMLFormControlElement::insertedInto): Invalidates the ancestor information and calls setNeedsWillValidateCheck (WebCore::HTMLFormControlElement::removedFrom): Invalidates the ancestor information and calls setNeedsWillValidateCheck (WebCore::HTMLFormControlElement::disabled): (WebCore::HTMLFormControlElement::recalcWillValidate): Returns false if element has a datalist ancestor. (WebCore::HTMLFormControlElement::setNeedsWillValidateCheck): Check if ancestor information is valid too. * html/HTMLFormControlElement.h: (HTMLFormControlElement): 2012-04-26 Adrienne Walker <enne@google.com> [chromium] Remove unused CCLayerImpl::debugID() https://bugs.webkit.org/show_bug.cgi?id=85019 Reviewed by James Robinson. CCLayerSorter used debugID() but it was never set anywhere. Change the CCLayerSorter LOG messages to use id(), which does get set. * platform/graphics/chromium/cc/CCLayerImpl.h: (CCLayerImpl): * platform/graphics/chromium/cc/CCLayerSorter.cpp: (WebCore::CCLayerSorter::createGraphNodes): (WebCore::CCLayerSorter::createGraphEdges): (WebCore::CCLayerSorter::sort): 2012-04-26 Nico Weber <thakis@chromium.org> [chromium] Fix C++ language use. https://bugs.webkit.org/show_bug.cgi?id=85015 Reviewed by James Robinson. Even though MSVC allows it, a sizeof followed by a non-parenthesized typename is not valid C++. No functionality change. * rendering/RenderThemeChromiumWin.cpp: (WebCore): (WebCore::getNonClientMetrics): 2012-04-24 James Robinson <jamesr@chromium.org> [chromium] Move ProgramBinding definitions to LayerRendererChromium and normalize naming https://bugs.webkit.org/show_bug.cgi?id=84808 Reviewed by Adrienne Walker. The GL programs used are logically part of LayerRendererChromium and not something specific to a layer type, since a different renderer would want to use a different thing to render the same layer types. This moves all of the ProgramBinding definitions into LayerRendererChromium and gives them consistent names. With the exception of CCRenderSurface (noted by an inline comment), these programs are private to LRC. This patch also deduplicates programs a bit: 1.) Video's NativeTexture and RGBA programs were the same thing, folded. 2.) The TexStretch and TexTransform shaders are basically the same thing, folded together. * platform/graphics/chromium/LayerChromium.h: (LayerChromium): * platform/graphics/chromium/LayerRendererChromium.cpp: (WebCore::LayerRendererChromium::drawCheckerboardQuad): (WebCore::LayerRendererChromium::drawDebugBorderQuad): (WebCore::LayerRendererChromium::drawSolidColorQuad): (WebCore::LayerRendererChromium::drawTileQuad): (WebCore::LayerRendererChromium::drawYUV): (WebCore::LayerRendererChromium::drawRGBA): (WebCore::LayerRendererChromium::drawNativeTexture2D): (WebCore::LayerRendererChromium::drawStreamTexture): (WebCore::LayerRendererChromium::drawTextureQuad): (WebCore::LayerRendererChromium::drawHeadsUpDisplay): (WebCore::LayerRendererChromium::initializeSharedObjects): (WebCore::LayerRendererChromium::tileCheckerboardProgram): (WebCore::LayerRendererChromium::solidColorProgram): (WebCore::LayerRendererChromium::headsUpDisplayProgram): (WebCore::LayerRendererChromium::renderSurfaceProgram): (WebCore::LayerRendererChromium::renderSurfaceProgramAA): (WebCore::LayerRendererChromium::renderSurfaceMaskProgram): (WebCore::LayerRendererChromium::renderSurfaceMaskProgramAA): (WebCore::LayerRendererChromium::tileProgram): (WebCore::LayerRendererChromium::tileProgramOpaque): (WebCore::LayerRendererChromium::tileProgramAA): (WebCore::LayerRendererChromium::tileProgramSwizzle): (WebCore::LayerRendererChromium::tileProgramSwizzleOpaque): (WebCore::LayerRendererChromium::tileProgramSwizzleAA): (WebCore::LayerRendererChromium::textureProgramFlip): (WebCore::LayerRendererChromium::textureTexRectProgram): (WebCore::LayerRendererChromium::textureTexRectProgramFlip): (WebCore::LayerRendererChromium::videoRGBAProgram): (WebCore::LayerRendererChromium::videoYUVProgram): (WebCore::LayerRendererChromium::videoStreamTextureProgram): (WebCore::LayerRendererChromium::cleanupSharedObjects): * platform/graphics/chromium/LayerRendererChromium.h: (WebCore): (LayerRendererChromium): * platform/graphics/chromium/ShaderChromium.cpp: * platform/graphics/chromium/ShaderChromium.h: * platform/graphics/chromium/cc/CCHeadsUpDisplay.h: (CCHeadsUpDisplay): * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp: * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h: (WebCore): * platform/graphics/chromium/cc/CCRenderSurface.cpp: (WebCore::CCRenderSurface::copyTextureToFramebuffer): (WebCore::CCRenderSurface::drawLayer): * platform/graphics/chromium/cc/CCRenderSurface.h: (CCRenderSurface): * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp: * platform/graphics/chromium/cc/CCTextureLayerImpl.h: (CCTextureLayerImpl): * platform/graphics/chromium/cc/CCThreadProxy.cpp: * platform/graphics/chromium/cc/CCTiledLayerImpl.h: (CCTiledLayerImpl): * platform/graphics/chromium/cc/CCVideoLayerImpl.h: (WebCore): (CCVideoLayerImpl): 2012-04-26 Jeffrey Pfau <jpfau@apple.com> Invalid cast in WebCore::HTMLCollection::isAcceptableElement https://bugs.webkit.org/show_bug.cgi?id=84626 Reviewed by Darin Adler. Check if the object is an HTMLElement before casting. Test: fast/dom/htmlcollection-non-html.html * html/HTMLCollection.cpp: (WebCore::HTMLCollection::isAcceptableElement): 2012-04-26 Dana Jansens <danakj@chromium.org> [chromium] Some background filters require inflating damage on the surface behind them https://bugs.webkit.org/show_bug.cgi?id=84479 Reviewed by Adrienne Walker. A layer with a background blur will expand the damage from pixels in the surface below it. We extend the damage tracker to expand damage in a surface below such layers. Unit test: CCDamageTrackerTest.verifyDamageForBackgroundBlurredChild * platform/graphics/chromium/cc/CCDamageTracker.cpp: (WebCore::expandPixelOutsetsWithFilters): (WebCore): (WebCore::expandDamageRectInsideRectWithFilters): (WebCore::expandDamageRectWithFilters): (WebCore::CCDamageTracker::updateDamageTrackingState): (WebCore::CCDamageTracker::trackDamageFromActiveLayers): * platform/graphics/chromium/cc/CCDamageTracker.h: (CCDamageTracker): 2012-04-26 Simon Fraser <simon.fraser@apple.com> Improve compositing logging output https://bugs.webkit.org/show_bug.cgi?id=85010 Reviewed by Dean Jackson. In the compositing log channel output, indent the layers based on z-order tree depth. Tabulate the summary, and show obligate and secondary backing store area separately. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::updateClipRects): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::RenderLayerCompositor): (WebCore::RenderLayerCompositor::updateCompositingLayers): (WebCore::RenderLayerCompositor::logLayerInfo): (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree): (WebCore::RenderLayerCompositor::updateLayerTreeGeometry): (WebCore::RenderLayerCompositor::reasonForCompositing): * rendering/RenderLayerCompositor.h: (RenderLayerCompositor): 2012-04-26 Anders Carlsson <andersca@apple.com> REGRESSION (r115163): Unable to scroll article body with trackpad on altdevblogaday.com blog post https://bugs.webkit.org/show_bug.cgi?id=85024 <rdar://problem/11330758> Reviewed by Sam Weinig. Fix broken logic in canHaveScrollbars. * page/scrolling/ScrollingTreeNode.h: (WebCore::ScrollingTreeNode::canHaveScrollbars): 2012-04-24 James Robinson <jamesr@chromium.org> [chromium] Use different CCDrawQuad types for textures vs IOSurfaces https://bugs.webkit.org/show_bug.cgi?id=84811 Reviewed by Adrienne Walker. IOSurface and texture backed layers share few properties (only the flipped bool), so it doesn't make a lot of sense for them to use the same CCDrawQuad type for both. This splits IOSurfaces out to a dedicated quad type to make it easier to understand which bits of state apply to each. The logical next step after this is to split the layer type as well, but that will be awkward until bug 84808 is resolved. * WebCore.gypi: * platform/graphics/chromium/LayerRendererChromium.cpp: (WebCore::LayerRendererChromium::drawQuad): (WebCore::LayerRendererChromium::drawTextureQuad): (WebCore): (WebCore::LayerRendererChromium::drawIOSurfaceQuad): * platform/graphics/chromium/LayerRendererChromium.h: (LayerRendererChromium): * platform/graphics/chromium/cc/CCDrawQuad.cpp: (WebCore::CCDrawQuad::toIOSurfaceDrawQuad): (WebCore): * platform/graphics/chromium/cc/CCDrawQuad.h: (WebCore): (CCDrawQuad): * platform/graphics/chromium/cc/CCIOSurfaceDrawQuad.cpp: Copied from Source/WebCore/platform/graphics/chromium/cc/CCTextureDrawQuad.cpp. (WebCore): (WebCore::CCIOSurfaceDrawQuad::create): (WebCore::CCIOSurfaceDrawQuad::CCIOSurfaceDrawQuad): * platform/graphics/chromium/cc/CCIOSurfaceDrawQuad.h: Copied from Source/WebCore/platform/graphics/chromium/cc/CCTextureDrawQuad.h. (WebCore): (CCIOSurfaceDrawQuad): (WebCore::CCIOSurfaceDrawQuad::flipped): (WebCore::CCIOSurfaceDrawQuad::ioSurfaceSize): (WebCore::CCIOSurfaceDrawQuad::ioSurfaceTextureId): * platform/graphics/chromium/cc/CCTextureDrawQuad.cpp: (WebCore::CCTextureDrawQuad::create): (WebCore::CCTextureDrawQuad::CCTextureDrawQuad): * platform/graphics/chromium/cc/CCTextureDrawQuad.h: (CCTextureDrawQuad): * platform/graphics/chromium/cc/CCTextureLayerImpl.cpp: (WebCore::CCTextureLayerImpl::appendQuads): 2012-04-26 Benjamin Poulain <bpoulain@apple.com> Use WebKit types for the cache of ObjcClass::methodsNamed() https://bugs.webkit.org/show_bug.cgi?id=85012 Reviewed by Geoffrey Garen. This patch redefines the method cache ObjcClass to avoid memory allocations in the case of positive match. Instead of using the converted name as the key, the original identifier string is used. This shortcuts all the other operations when there is a match. A side effect is a method can appear multiple times in the cache if it is invoked with different names using the escape character "$". An attaquer could bloat the cache with a few hundreds strings. In the common case, having each name mapped is an improvment. * bridge/objc/objc_class.h: (ObjcClass): * bridge/objc/objc_class.mm: (JSC::Bindings::ObjcClass::ObjcClass): (JSC::Bindings::ObjcClass::methodsNamed): 2012-04-26 Ojan Vafai <ojan@chromium.org> Delete dead code in Arena.h/cpp https://bugs.webkit.org/show_bug.cgi?id=84997 Reviewed by Eric Seidel. Also cleaned up some style issues. Renamed some single-letter variable names. Avoided anything other than totally trivial style changes to be 100% sure that there is no change in behavior. No new tests. There's no non-style code changes except inlining CLEAR_UNUSED and CLEAR_ARENA. * platform/Arena.cpp: (WebCore): (WebCore::CeilingLog2): (WebCore::InitArenaPool): (WebCore::ArenaAllocate): (WebCore::FreeArenaList): (WebCore::FinishArenaPool): * platform/Arena.h: (WebCore): 2012-04-26 Shawn Singh <shawnsingh@chromium.org> Re-implement backFaceVisibility to avoid dealing with perspective w < 0 problem https://bugs.webkit.org/show_bug.cgi?id=84059 Reviewed by Adrienne Walker. Unit tests added to CCMathUtilTest.cpp. This patch changes the implementation of backFaceIsVisible so that it doesn't need to deal with the w < 0 problem from of perspective projections. Instead, it is equally correct to simply use the inverse-transpose of the matrix, and quickly check the third row, third column element. Additionally, it was appropriate to move this function into TransformationMatrix itself. Making this change fixes some issues related to disappearing layers in Chromium (where the compositor incorrectly thought that the back face was visible, and skipped the layer). * platform/graphics/chromium/cc/CCLayerTreeHostCommon.cpp: (WebCore::calculateVisibleLayerRect): (WebCore::layerShouldBeSkipped): * platform/graphics/transforms/TransformationMatrix.cpp: (WebCore::TransformationMatrix::isBackFaceVisible): (WebCore): * platform/graphics/transforms/TransformationMatrix.h: (TransformationMatrix): 2012-04-26 Martin Robinson <mrobinson@igalia.com> [Cairo] Wrap cairo surfaces in a class when storing native images https://bugs.webkit.org/show_bug.cgi?id=83611 Reviewed by Alejandro G. Castro. No new tests. This is just a refactoring. This shouldn't change functionality. Added class that wraps Cairo images surfaces to serve as the "native image" type for the Cairo platform. This will allow the addition of caching resampled images as well as versions of the image for non-image Cairo backends. Also split out BitmapImageCairo.cpp from ImageCairo.cpp since these classes are defined in two headers. * GNUmakefile.list.am: Added new files. * platform/graphics/BitmapImage.h: Added a factory method that takes an image surface to reduce code churn. * platform/graphics/ImageSource.h: NativeImagePtr is now NativeImageCairo*. (WebCore): * platform/graphics/cairo/BitmapImageCairo.cpp: Copied from Source/WebCore/platform/graphics/cairo/ImageCairo.cpp. * platform/graphics/cairo/GraphicsContext3DCairo.cpp: Updated to reflect use of NativeImageCairo. * platform/graphics/cairo/ImageCairo.cpp: Ditto. * platform/graphics/cairo/NativeImageCairo.cpp: Added. * platform/graphics/cairo/NativeImageCairo.h: Added. * platform/graphics/cairo/PatternCairo.cpp: Updated to reflect use of NativeImageCairo. * platform/graphics/gtk/ImageGtk.cpp: Ditto. * platform/image-decoders/cairo/ImageDecoderCairo.cpp: Ditto. 2012-04-26 Mark Hahnenberg <mhahnenberg@apple.com> [GTK] Massive media tests failures since r115288 https://bugs.webkit.org/show_bug.cgi?id=84950 Reviewed by Filip Pizlo. No new tests. Since the "cross-platform" WebCore timer is at too high of a level in terms of the layers of WebKit for JSC to use, we are not currently able to use it in JSC, thus only those platforms that support CoreFoundation can currently take advantage of the new and improved GC activity timer. We've restored the old code paths for those platforms that don't have CF so that they will at least have the same behavior as before when calling garbageCollectSoon. * bindings/js/GCController.cpp: Added back the old WebCore timer along with some if-defs that do away with the WebCore timer on platforms that support CoreFoundation. (WebCore::GCController::GCController): (WebCore::GCController::garbageCollectSoon): (WebCore): (WebCore::GCController::gcTimerFired): * bindings/js/GCController.h: Ditto. (GCController): 2012-04-26 Adam Klein <adamk@chromium.org> Don't include V8Proxy.h in ScriptValue.h when V8GCController is all that's required https://bugs.webkit.org/show_bug.cgi?id=84986 Reviewed by Kentaro Hara. This makes it easier to include ScriptValue.h since it greatly reduces that header's dependencies. * bindings/v8/ScriptValue.h: Changed to include just V8GCController.h and removed comment which is redundant with explicit V8GCController references nearby. 2012-04-26 Aaron Colwell <acolwell@chromium.org> Fix missing sourceState change on MEDIA_ERR_SOURCE_NOT_SUPPORTED error. https://bugs.webkit.org/show_bug.cgi?id=84996 Reviewed by Eric Carlson. No new tests. http/tests/media/media-source/webm/video-media-source-errors.html was updated to verify that webkitSourceState is always SOURCE_CLOSED when the onerror event fires. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::noneSupported): 2012-04-26 Antti Koivisto <antti@apple.com> Cache parsed stylesheets https://bugs.webkit.org/show_bug.cgi?id=85004 Reviewed by Andreas Kling. CSS parsing is 1-2% of WebKit CPU usage on average pages, more on sites with large stylesheets. We currently reparse all stylesheets from source text when they are encountered again. In many browsing scenarios we can eliminate lot of this by caching the parsed stylesheets. For example it is very common for subpages of a site to share the stylesheets. This patch enables memory caching for stylesheet loaded using the <link> element. Only stylesheets that have no import rules are cacheable for now. Cached stylesheets are copied on restore so there is no sharing (and no memory wins) yet. In the future we will also be able to share the actual data structures between pages for significant memory savings. After browsing around for a while <5% of the memory cache data was in parsed stylesheets so this does not bloat the cache significantly. * css/CSSStyleSheet.cpp: (WebCore): (WebCore::StyleSheetInternal::estimatedSizeInBytes): Estimate stylesheet size so we can handle decoded data pruning correctly. * css/CSSStyleSheet.h: (StyleSheetInternal): * css/StylePropertySet.cpp: (WebCore::StylePropertySet::averageSizeInBytes): (WebCore): * css/StylePropertySet.h: (StylePropertySet): * css/StyleRule.cpp: (WebCore::StyleRule::averageSizeInBytes): (WebCore): * css/StyleRule.h: (StyleRule): * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::setCSSStyleSheet): Save and restore parsed stylesheet. The current CSS parse context must be identical to the cached stylesheets. This ensures that the parsing results would be identical. * loader/cache/CachedCSSStyleSheet.cpp: (WebCore): (WebCore::CachedCSSStyleSheet::destroyDecodedData): (WebCore::CachedCSSStyleSheet::restoreParsedStyleSheet): (WebCore::CachedCSSStyleSheet::saveParsedStyleSheet): * loader/cache/CachedCSSStyleSheet.h: The parsed stylesheet cache is considered decoded data, similar to the image bitmaps. It uses the same mechanism for pruning. (WebCore): (CachedCSSStyleSheet): 2012-04-26 Anders Carlsson <andersca@apple.com> A TileCache should never outlive its WebTileCacheLayer https://bugs.webkit.org/show_bug.cgi?id=85008 <rdar://problem/11141172> Reviewed by Andreas Kling. Since WebTileCacheLayer objects can be destroyed on the scrolling thread, make sure to delete the TileCache layer when the PlatformCALayer is destroyed. This fixes a crash when the tile revalidation timer fires after the WebTileCacheLayer has been destroyed, but before the TileCache itself has been destroyed. * platform/graphics/ca/mac/PlatformCALayerMac.mm: (PlatformCALayer::~PlatformCALayer): * platform/graphics/ca/mac/WebTileCacheLayer.h: * platform/graphics/ca/mac/WebTileCacheLayer.mm: (-[WebTileCacheLayer dealloc]): (-[WebTileCacheLayer invalidate]): 2012-04-26 Benjamin Poulain <bpoulain@apple.com> Use String instead of RefPtr<StringImpl> for the cache of ObjcClass https://bugs.webkit.org/show_bug.cgi?id=84932 Reviewed by Andreas Kling. The cache with RefPtr<StringImpl*> was added with r115007. This patch aims at making the code a little easier to read. By using String, one would not need to know the Traits for StringImpl. * bridge/objc/objc_class.h: (ObjcClass): 2012-04-26 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to wrap() in SerializedScriptValue.cpp https://bugs.webkit.org/show_bug.cgi?id=84923 Reviewed by Nate Chapin. The objective is to pass Isolate around in V8 bindings. In this bug we pass Isolate to wrap() in SerializedScriptValue.cpp. No tests. No change in behavior. * bindings/v8/SerializedScriptValue.cpp: 2012-04-26 Hao Zheng <zhenghao@chromium.org> [chromium] Complex text support for Android. https://bugs.webkit.org/show_bug.cgi?id=84431 Complex text support is different on Android from other platforms. There are 2 kinds of font on Android: system fonts and fallback fonts. System fonts have a name, and are accessible in FontPlatformData. Fallback fonts do not have specific names, so they are not accessible from WebKit directly. There is one font for each script support. To feed Harfbuzz, use a trick to get correct SkTypeface based on script. Reviewed by Tony Chang. No new tests. Current tests are runnable on Android. * platform/graphics/FontCache.h: (FontCache): Make ComplexTextController friend of FontCache on Android. * platform/graphics/chromium/FontCacheAndroid.cpp: (WebCore::FontCache::createFontPlatformData): * platform/graphics/harfbuzz/ComplexTextControllerHarfBuzz.cpp: (WebCore::ComplexTextController::getComplexFontPlatformData): (WebCore): (WebCore::ComplexTextController::setupFontForScriptRun): * platform/graphics/harfbuzz/ComplexTextControllerHarfBuzz.h: (ComplexTextController): 2012-04-26 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to wrap() (Part2) https://bugs.webkit.org/show_bug.cgi?id=84922 Reviewed by Nate Chapin. The objective is to pass Isolate around in V8 bindings. This patch passes Isolate to wrap() in custom bindings. No tests. No change in behavior. * bindings/v8/custom/V8LocationCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8NamedNodeMapCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8SVGPathSegCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8StyleSheetCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8Uint16ArrayCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8Uint32ArrayCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8Uint8ArrayCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8Uint8ClampedArrayCustom.cpp: (WebCore::toV8): 2012-04-26 Jon Lee <jonlee@apple.com> [WK2] AlternativeTextClient leaks when the page is destroyed https://bugs.webkit.org/show_bug.cgi?id=84307 <rdar://problem/11328431> Reviewed by Enrica Casucci. * page/AlternativeTextClient.h: Add pageDestroyed() call, as in EditorClient. (AlternativeTextClient): * page/Page.cpp: (WebCore::Page::~Page): When the page is destroyed, notify the client if it exists. 2012-04-26 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to wrap() (Part1) https://bugs.webkit.org/show_bug.cgi?id=84921 Reviewed by Nate Chapin. The objective is to pass Isolate around in V8 bindings. This patch passes Isolate to wrap() in custom bindings. No tests. No change in behavior. * bindings/v8/custom/V8BlobCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8CSSRuleCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8CSSStyleSheetCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8CSSValueCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8DOMStringMapCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8DOMTokenListCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8DataViewCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8EventCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8Float32ArrayCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8Float64ArrayCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8HTMLCollectionCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8ImageDataCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8Int16ArrayCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8Int32ArrayCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8Int8ArrayCustom.cpp: (WebCore::toV8): 2012-04-26 Benjamin Poulain <bpoulain@apple.com> ObjcClass::methodsNamed() can leak if buffer is dynamically allocated https://bugs.webkit.org/show_bug.cgi?id=84668 Reviewed by Alexey Proskuryakov. Change ObjcClass::methodsNamed() to be based on a vector instead of managing the memory manually. Tests: platform/mac/plugins/bindings-objc-long-method-name.html platform/mac/plugins/bindings-objc-method-name-conversion.html * bridge/objc/objc_class.mm: (Bindings): (JSC::Bindings::convertJSMethodNameToObjc): (JSC::Bindings::ObjcClass::methodsNamed): 2012-04-26 Justin Novosad <junov@chromium.org> [Chromium] Single buffered canvas layers with the threaded compositor https://bugs.webkit.org/show_bug.cgi?id=80540 Reviewed by James Robinson. Tests: CCLayerTreeHostTestWriteLayersRedraw CCLayerTreeHostTestWriteLayersAfterVisible Canvas2DLayerChromiumTest.testFullLifecycleSingleThreadDeferred Canvas2DLayerChromiumTest.testFullLifecycleThreadDeferred CCSchedulerTest.VisibilitySwitchWithTextureAcquisition CCSchedulerTest.TextureAcquisitionCollision Disable double buffering and rate limiting on accelerated canvas when the threaded compositor and deferred canvas are enabled. Concurrent access to the layer texture by the main renderer thread and the compositor thread is avoided by enforcing a lock. The state of the lock is maintained by CCSchedulerStateMachine. Write access by the main thread is acquired through a signal round trip to the compositor thread, which may block the main thread in the event that one or more committed layers need to be protected until the compositor completes the requested draw. Draws on the impl thread are cancelled if the main thread has obtained write access to the texture. The write access is relinquished by the main thread upon commit completion. The scheduler state machine is responsible for preventing the texture lock from causing deadlocks by detecting and resolving problematic states. * platform/graphics/chromium/Canvas2DLayerChromium.cpp: (WebCore::Canvas2DLayerChromium::create): (WebCore::Canvas2DLayerChromium::Canvas2DLayerChromium): (WebCore::Canvas2DLayerChromium::~Canvas2DLayerChromium): (WebCore::Canvas2DLayerChromium::drawingIntoImplThreadTexture): (WebCore): (WebCore::Canvas2DLayerChromium::setTextureId): (WebCore::Canvas2DLayerChromium::setNeedsDisplayRect): (WebCore::Canvas2DLayerChromium::update): (WebCore::Canvas2DLayerChromium::layerWillDraw): (WebCore::Canvas2DLayerChromium::pushPropertiesTo): * platform/graphics/chromium/Canvas2DLayerChromium.h: * platform/graphics/chromium/cc/CCLayerTreeHost.cpp: (WebCore::CCLayerTreeHost::acquireLayerTextures): (WebCore): * platform/graphics/chromium/cc/CCLayerTreeHost.h: (CCLayerTreeHost): * platform/graphics/chromium/cc/CCProxy.h: (CCProxy): * platform/graphics/chromium/cc/CCScheduler.cpp: (WebCore::CCScheduler::setMainThreadNeedsLayerTextures): (WebCore): (WebCore::CCScheduler::processScheduledActions): * platform/graphics/chromium/cc/CCScheduler.h: (CCSchedulerClient): (CCScheduler): * platform/graphics/chromium/cc/CCSchedulerStateMachine.cpp: (WebCore::CCSchedulerStateMachine::CCSchedulerStateMachine): (WebCore::CCSchedulerStateMachine::drawSuspendedUntilCommit): (WebCore): (WebCore::CCSchedulerStateMachine::scheduledToDraw): (WebCore::CCSchedulerStateMachine::shouldDraw): (WebCore::CCSchedulerStateMachine::shouldAcquireLayerTexturesForMainThread): (WebCore::CCSchedulerStateMachine::nextAction): (WebCore::CCSchedulerStateMachine::updateState): (WebCore::CCSchedulerStateMachine::setMainThreadNeedsLayerTextures): * platform/graphics/chromium/cc/CCSchedulerStateMachine.h: (CCSchedulerStateMachine): * platform/graphics/chromium/cc/CCSingleThreadProxy.h: * platform/graphics/chromium/cc/CCThreadProxy.cpp: (WebCore::CCThreadProxy::CCThreadProxy): (WebCore::CCThreadProxy::beginFrame): (WebCore::CCThreadProxy::scheduledActionDrawAndSwapInternal): (WebCore): (WebCore::CCThreadProxy::acquireLayerTextures): (WebCore::CCThreadProxy::acquireLayerTexturesForMainThreadOnImplThread): (WebCore::CCThreadProxy::scheduledActionAcquireLayerTexturesForMainThread): * platform/graphics/chromium/cc/CCThreadProxy.h: (CCThreadProxy): * platform/graphics/skia/ImageBufferSkia.cpp: (WebCore): (WebCore::AcceleratedDeviceContext::AcceleratedDeviceContext): (WebCore::AcceleratedDeviceContext::prepareForDraw): (AcceleratedDeviceContext): (WebCore::createAcceleratedCanvas): (WebCore::ImageBuffer::context): 2012-04-26 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to toV8() in SerializedScriptValue.cpp https://bugs.webkit.org/show_bug.cgi?id=84918 Reviewed by Nate Chapin. This is the last step to pass Isolate around in SerializedScriptValue.cpp. This patch passes Isolate to toV8(). No tests. No change in behavior. * bindings/v8/SerializedScriptValue.cpp: 2012-04-26 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to wrapSlow() https://bugs.webkit.org/show_bug.cgi?id=84919 Reviewed by Nate Chapin. The objective is to pass Isolate around in V8 bindings. In this bug, we pass Isolate to wrapSlow(). Test: bindings/scripts/test/TestObj.idl etc * bindings/scripts/CodeGeneratorV8.pm: Modified as described above. (GenerateHeader): (GenerateToV8Converters): * bindings/scripts/test/V8/V8Float64Array.cpp: Updated run-bindings-tests. (WebCore::V8Float64Array::wrapSlow): * bindings/scripts/test/V8/V8Float64Array.h: (V8Float64Array): (WebCore::V8Float64Array::wrap): * bindings/scripts/test/V8/V8TestActiveDOMObject.cpp: (WebCore::V8TestActiveDOMObject::wrapSlow): * bindings/scripts/test/V8/V8TestActiveDOMObject.h: (V8TestActiveDOMObject): (WebCore::V8TestActiveDOMObject::wrap): * bindings/scripts/test/V8/V8TestCustomNamedGetter.cpp: (WebCore::V8TestCustomNamedGetter::wrapSlow): * bindings/scripts/test/V8/V8TestCustomNamedGetter.h: (V8TestCustomNamedGetter): (WebCore::V8TestCustomNamedGetter::wrap): * bindings/scripts/test/V8/V8TestEventConstructor.cpp: (WebCore::V8TestEventConstructor::wrapSlow): * bindings/scripts/test/V8/V8TestEventConstructor.h: (V8TestEventConstructor): (WebCore::V8TestEventConstructor::wrap): * bindings/scripts/test/V8/V8TestEventTarget.cpp: (WebCore::V8TestEventTarget::wrapSlow): * bindings/scripts/test/V8/V8TestEventTarget.h: (V8TestEventTarget): (WebCore::V8TestEventTarget::wrap): * bindings/scripts/test/V8/V8TestInterface.cpp: (WebCore::V8TestInterface::wrapSlow): * bindings/scripts/test/V8/V8TestInterface.h: (V8TestInterface): (WebCore::V8TestInterface::wrap): * bindings/scripts/test/V8/V8TestMediaQueryListListener.cpp: (WebCore::V8TestMediaQueryListListener::wrapSlow): * bindings/scripts/test/V8/V8TestMediaQueryListListener.h: (V8TestMediaQueryListListener): (WebCore::V8TestMediaQueryListListener::wrap): * bindings/scripts/test/V8/V8TestNamedConstructor.cpp: (WebCore::V8TestNamedConstructor::wrapSlow): * bindings/scripts/test/V8/V8TestNamedConstructor.h: (V8TestNamedConstructor): (WebCore::V8TestNamedConstructor::wrap): * bindings/scripts/test/V8/V8TestNode.cpp: (WebCore::V8TestNode::wrapSlow): * bindings/scripts/test/V8/V8TestNode.h: (V8TestNode): (WebCore::V8TestNode::wrap): * bindings/scripts/test/V8/V8TestObj.cpp: (WebCore::V8TestObj::wrapSlow): * bindings/scripts/test/V8/V8TestObj.h: (V8TestObj): (WebCore::V8TestObj::wrap): * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp: (WebCore::V8TestSerializedScriptValueInterface::wrapSlow): * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.h: (V8TestSerializedScriptValueInterface): (WebCore::V8TestSerializedScriptValueInterface::wrap): 2012-04-25 Antonio Gomes <agomes@rim.com> Add ScrollAnimatorBlackBerry as an extension to ScrollAnimatorNone https://bugs.webkit.org/show_bug.cgi?id=84625 Reviewed by Anders Carlsson. Patch adds ScrollAnimatorBlackBerry class as an extension to of ScrollAnimatorNone. The main goal here is extending the later to allow overscrolling while the animation runs. Once the animation finishes, the flag gets reseted and ScrollableArea::constrainsScrollingtoContentEdge is set back to the value it had before, so this method has to be explicitly called anytime it is wanted. * CMakeLists.txt: * platform/ScrollAnimator.h: (WebCore::ScrollAnimator::animationWillStart): (WebCore::ScrollAnimator::animationDidFinish): (ScrollAnimator): * platform/ScrollAnimatorNone.cpp: (WebCore): (WebCore::ScrollAnimatorNone::scroll): (WebCore::ScrollAnimatorNone::animationTimerFired): * platform/blackberry/ScrollAnimatorBlackBerry.cpp: Added. (WebCore): (WebCore::ScrollAnimator::create): (WebCore::ScrollAnimatorBlackBerry::ScrollAnimatorBlackBerry): (WebCore::ScrollAnimatorBlackBerry::animationWillStart): (WebCore::ScrollAnimatorBlackBerry::animationDidFinish): (WebCore::ScrollAnimatorBlackBerry::setDisableConstrainsScrollingToContentEdgeWhileAnimating): * platform/blackberry/ScrollAnimatorBlackBerry.h: Added. (WebCore): (ScrollAnimatorBlackBerry): 2012-04-26 Antonio Gomes <agomes@rim.com> [BlackBerry] Add smooth_scrolling options to CMAKE and enable it for Blackberry https://bugs.webkit.org/show_bug.cgi?id=84954 Reviewed by Daniel Bates. Add the default scroll animator to the build system (ScrollAnimatorNone.cpp) * CMakeLists.txt: 2012-04-25 Antonio Gomes <agomes@rim.com> Make ScrollView::scrollSize scrollbar-independent https://bugs.webkit.org/show_bug.cgi?id=84873 Reviewed by Anders Carlsson. For ports that disable scrollbars creation at FrameView creation time ScrollView::scrollSize should still return the scrollable ammount of content (if any) if scrolling is not prohibted. No new test, but it makes ScrollAnimator work for the BlackBerry port. * platform/ScrollView.cpp: (WebCore::ScrollView::scrollSize): 2012-04-25 Anders Carlsson <andersca@apple.com> The tile cache should know if a frame view can ever have scrollbars https://bugs.webkit.org/show_bug.cgi?id=84888 Reviewed by Andreas Kling. If a frame view has overflow: hidden on its body element we know that the document will most likely never be scrolled. The tile cache should know about this so we can optimize. * page/FrameView.cpp: (WebCore::FrameView::performPostLayoutTasks): * platform/graphics/TiledBacking.h: (TiledBacking): * platform/graphics/ca/mac/TileCache.h: (TileCache): * platform/graphics/ca/mac/TileCache.mm: (WebCore::TileCache::TileCache): (WebCore::TileCache::setCanHaveScrollbars): (WebCore): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::RenderLayerBacking): 2012-04-26 Ken Buchanan <kenrb@chromium.org> Crash from removal of line break object after layout https://bugs.webkit.org/show_bug.cgi?id=75461 Reviewed by David Hyatt. There is a condition where objects can get removed from underneath inlines while they represent a line break object in a RootInlineBox of an ancestor block. If an intermediary inline has already been marked as needing layout, then the line box will not get dirtied because dirtyLineFromChangedChild thinks it already has been. This patch introduces a new set in RenderObject to indicate whether an ancestral line box corresponding to the current line has been marked dirty or not. dirtyLinesFromChangedChild() can use this set rather than m_selfNeedsLayout, so it will not be confused if a container was dirtied for some other reason that did not affect the line box. * rendering/RenderLineBoxList.cpp: (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild): Use the new set rather than m_selfNeedsLayout in the container to determine whether to continue propagating upward. * rendering/RenderObject.cpp: (WebCore::RenderObject::s_ancestorLineboxDirtySet): Instantiate the static member. (WebCore::RenderObject::willBeDestroyed): Clears the object from the linebox set when it is being destroyed. * rendering/RenderObject.h: (WebCore::RenderObject::s_ancestorLineboxDirtySet): Added static member set. (WebCore::RenderObject::setNeedsLayout): Clears the object from the linebox set when layout bits are getting cleared. (WebCore::RenderObject::ancestorLineBoxDirty): Added. (WebCore::RenderObject::setAncestorLineBoxDirty): Added. 2012-04-26 Christophe Dumez <christophe.dumez@intel.com> [EFL] Enable VIDEO_TRACK feature https://bugs.webkit.org/show_bug.cgi?id=84830 Reviewed by Gustavo Noronha Silva. Enable support for VIDEO_TRACK feature by default for EFL port. * UseJSC.cmake: * bindings/generic/RuntimeEnabledFeatures.cpp: (WebCore): 2012-04-26 Antti Koivisto <antti@apple.com> Implement StyleSheetInternal copying https://bugs.webkit.org/show_bug.cgi?id=84969 Reviewed by Andreas Kling. We need to be able to copy stylesheets to cache them. Copying is already implement for most of the stylesheet data types but StyleSheetInternal::copy() is still missing. Preparation for stylesheet caching. The copying code is not used yet. * css/CSSNamespace.h: Instead of making it copyable, remove CSSNamespace class. * css/CSSParser.cpp: (WebCore::operator==): (WebCore): (WebCore::CSSParser::addNamespace): Avoid ping-ponging to StyleSheetInternal and back to set the default namespace. * css/CSSParserMode.h: (WebCore): (WebCore::operator!=): Add equality comparison operator to CSSParseMode. This will be needed to determine if a cached copy can be used. * css/CSSStyleSheet.cpp: (WebCore::StyleSheetInternal::StyleSheetInternal): (WebCore): (WebCore::StyleSheetInternal::isCacheable): (WebCore::StyleSheetInternal::parserAddNamespace): (WebCore::StyleSheetInternal::determineNamespace): Use HashMap instead of iterating a linked list of CSSNamespaces. (WebCore::StyleSheetInternal::styleSheetChanged): Add mutation bit. * css/CSSStyleSheet.h: (WebCore): (StyleSheetInternal): (WebCore::StyleSheetInternal::copy): Copy constructor. It only usable for cacheable stylesheets. 2012-04-26 Philip Rogers <pdr@google.com> Fix Skia's SkPathContainsPoint to work with sub-pixel accuracy https://bugs.webkit.org/show_bug.cgi?id=84117 Reviewed by Eric Seidel. Because we do hit testing in object-space (i.e., we may see a 0.1px*0.1px path) we need to support sub-pixel hit testing in Skia. Skia does not provide analytical path hit testing, so hit tests are done by rasterizing a path and checking if a specific pixel is drawn. SkPathContainsPoint did not work with sub-pixel values because this rasterization was sometimes very small which did not give enough resolution to check if the hit test pixel was drawn. This patch scales the path to a very large size during hit testing so that Skia's raster-based hit testing will work properly. Because Skia avoids unnecessary path rasterization, this is actually inexpensive. Below is a summary of a performance test on simple and complex paths: (before patch, after patch) Skia/Chrome 10,000 hit tests on a simple path: (229ms, 238ms) Skia/Chrome 10,000 hit tests on a complex path: (701ms, 704ms) For comparison, CG/Safari takes 236ms on the simple path and 466ms on the complex path. Therefore, this patch introduces small but measurable regression in hit testing performance due to scaling the path. Test: svg/hittest/svg-small-path.xhtml * platform/graphics/skia/SkiaUtils.cpp: (WebCore::SkPathContainsPoint): 2012-04-26 Sheriff Bot <webkit.review.bot@gmail.com> Unreviewed, rolling out r115323. http://trac.webkit.org/changeset/115323 https://bugs.webkit.org/show_bug.cgi?id=84975 Bad test, breaks all builds (Requested by apavlov1 on #webkit). * inspector/Inspector.json: * inspector/InspectorPageAgent.cpp: (WebCore::InspectorPageAgent::enable): (WebCore::InspectorPageAgent::disable): * inspector/InspectorPageAgent.h: * inspector/front-end/Settings.js: * inspector/front-end/SettingsScreen.js: (WebInspector.SettingsScreen): * inspector/front-end/inspector.js: 2012-04-26 Douglas Stockwell <dstockwell@chromium.org> IndexedDB: cursor does not correctly iterate over keys added and removed during iteration https://bugs.webkit.org/show_bug.cgi?id=84467 Reviewed by Ojan Vafai. Ensure that the iterator over the tree of cached adds/removes always points at the current key, or if the db iterator is current, the next key: - When refreshing the tree iterator after a mutation, always seek unless the tree iterator is current. - When handing conflicts and delete markers, only advance the tree iterator as far as the db iterator. Remove the expensive (and now redundant) logic that issued a get() to check whether an item had been deleted. Test: storage/indexeddb/cursor-added-bug.html * Modules/indexeddb/IDBLevelDBBackingStore.cpp: (WebCore): * platform/leveldb/LevelDBTransaction.cpp: (WebCore::LevelDBTransaction::TransactionIterator::refreshTreeIterator): (WebCore::LevelDBTransaction::TransactionIterator::handleConflictsAndDeletes): 2012-04-26 Alexander Pavlov <apavlov@chromium.org> Web Inspector: Implement the "Disable JavaScript" option in the settings dialog https://bugs.webkit.org/show_bug.cgi?id=84946 Based on user actions in the Inspector frontend, InspectorPageAgent invokes Settings::setScriptEnabled() for the associated page to switch the script execution therein. Reviewed by Yury Semikhatsky. Test: inspector/debugger/disable-script.html * inspector/Inspector.json: * inspector/InspectorPageAgent.cpp: (PageAgentState): (WebCore::InspectorPageAgent::enable): (WebCore::InspectorPageAgent::disable): (WebCore::InspectorPageAgent::getScriptExecutionStatus): (WebCore): (WebCore::InspectorPageAgent::setScriptExecutionDisabled): * inspector/InspectorPageAgent.h: * inspector/front-end/Settings.js: * inspector/front-end/SettingsScreen.js: (WebInspector.SettingsScreen): (WebInspector.SettingsScreen.prototype.get _updateScriptDisabledCheckbox): (WebInspector.SettingsScreen.prototype._javaScriptDisabledChanged): * inspector/front-end/inspector.js: 2012-04-26 Dominik Röttsches <dominik.rottsches@linux.intel.com> [cairo] CairoGraphicsContext fillRect (with Color) overrides composite operator https://bugs.webkit.org/show_bug.cgi?id=84848 Reviewed by Martin Robinson. FillRectWithColor used to be called fillRectSourceOver before r89314 where this operator still made sense. The way this function is used these days doesn't expect the composite operator to be overridden anymore. No new tests, covered by existing tests, e.g. svg/filters/feDropShadow.svg * platform/graphics/cairo/GraphicsContextCairo.cpp: (WebCore::fillRectWithColor): 2012-04-26 Nikolas Zimmermann <nzimmermann@rim.com> Fix additive by animations for most SMIL list types https://bugs.webkit.org/show_bug.cgi?id=84968 Reviewed by Antti Koivisto. Unify SMIL list animation code, to correctly respect the underlying from value for by-animations. Add lots of new tests covering by-animations for all primitives (except AnimatedPath/TransformList). AnimatedTransformList is not working correctly yet, and will be covered in a follow-up patch. AnimatdPath by-animations are complex, and thus also handled in another follow-up patch. Tests: svg/animations/additive-type-by-animation.html svg/animations/length-list-animation-expected.svg svg/animations/length-list-animation.svg svg/animations/svglength-additive-by-1.html svg/animations/svglength-additive-by-2.html svg/animations/svglength-additive-by-3.html svg/animations/svglength-additive-by-4.html svg/animations/svglength-additive-by-5.html svg/animations/svglength-additive-by-6.html svg/animations/svglength-additive-from-by-1.html svg/animations/svglength-additive-from-by-2.html svg/animations/svglength-additive-from-by-3.html svg/animations/svglength-additive-from-by-4.html * svg/SVGAnimatedLengthList.cpp: (WebCore::SVGAnimatedLengthListAnimator::addAnimatedTypes): (WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumberList.cpp: (WebCore::SVGAnimatedNumberListAnimator::addAnimatedTypes): (WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue): * svg/SVGAnimatedPointList.cpp: (WebCore::SVGAnimatedPointListAnimator::addAnimatedTypes): (WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue): * svg/SVGAnimationElement.h: (WebCore::SVGAnimationElement::adjustFromToListValues): 2012-04-26 Antti Koivisto <antti@apple.com> Add copy constructor to CSSSelector https://bugs.webkit.org/show_bug.cgi?id=84956 Reviewed by Anders Carlsson. To copy CSSSelectorLists correctly CSSSelector needs a copy constructor. This will be needed to implement stylesheet caching. The code is not used yet. * css/CSSSelector.cpp: (WebCore::CSSSelector::createRareData): * css/CSSSelector.h: (CSSSelector): (WebCore::CSSSelector::RareData::create): (RareData): Refcount RareData to make copying easier. This has no significant memory impact, rare data is rare. (WebCore::CSSSelector::CSSSelector): (WebCore): (WebCore::CSSSelector::~CSSSelector): * css/CSSSelectorList.cpp: (WebCore::CSSSelectorList::CSSSelectorList): Use copy constructor instead of memcpy (which doesn't work). 2012-04-26 Raphael Kubo da Costa <rakuco@webkit.org> [EFL] Fix the build with DRAG_SUPPORT disabled. https://bugs.webkit.org/show_bug.cgi?id=84963 Reviewed by Antonio Gomes. No new tests, build system-related change. EventHandlerEfl.cpp always assumed DRAG_SUPPORT was enabled and lacked the proper #if ENABLED() checks for some member variables and methods conditionally defined in EventHandler.h. * page/efl/EventHandlerEfl.cpp: (WebCore): 2012-04-26 Pavel Feldman <pfeldman@chromium.org> Web Inspector: remove stackTrace property from requestWillBeSent - it is already a part of the initiator. https://bugs.webkit.org/show_bug.cgi?id=84964 Reviewed by Yury Semikhatsky. * inspector/InspectorResourceAgent.cpp: (WebCore::InspectorResourceAgent::willSendRequest): * inspector/front-end/ConsoleMessage.js: (WebInspector.ConsoleMessageImpl.prototype._formatMessage): * inspector/front-end/NetworkManager.js: (WebInspector.NetworkDispatcher.prototype.requestWillBeSent): (WebInspector.NetworkDispatcher.prototype.requestServedFromMemoryCache): (WebInspector.NetworkDispatcher.prototype._appendRedirect): (WebInspector.NetworkDispatcher.prototype._createNetworkRequest): (get WebInspector): 2012-04-26 Stephen Chenney <schenney@chromium.org> SVG FEConvolveMatrix does not check for invalid property values https://bugs.webkit.org/show_bug.cgi?id=84363 Reviewed by Dirk Schulze. Adding code to check for valid input values on SVG feConvolveMatrix properties. And adding some of the first effective error reporting for SVG elements. Tests: svg/filters/feConvolveMatrix-invalid-targetX-expected.svg svg/filters/feConvolveMatrix-invalid-targetX.svg svg/filters/feConvolveMatrix-invalid-targetY-expected.svg svg/filters/feConvolveMatrix-invalid-targetY.svg svg/filters/feConvolveMatrix-negative-kernelUnitLengthX-expected.svg svg/filters/feConvolveMatrix-negative-kernelUnitLengthX.svg svg/filters/feConvolveMatrix-negative-kernelUnitLengthY-expected.svg svg/filters/feConvolveMatrix-negative-kernelUnitLengthY.svg svg/filters/feConvolveMatrix-negative-orderX-expected.svg svg/filters/feConvolveMatrix-negative-orderX.svg svg/filters/feConvolveMatrix-negative-orderY-expected.svg svg/filters/feConvolveMatrix-negative-orderY.svg svg/filters/feConvolveMatrix-non-integral-order-expected.svg svg/filters/feConvolveMatrix-non-integral-order.svg svg/filters/feConvolveMatrix-zero-divisor-expected.svg svg/filters/feConvolveMatrix-zero-divisor.svg * platform/graphics/filters/FEConvolveMatrix.cpp: (WebCore::FEConvolveMatrix::FEConvolveMatrix): (WebCore::FEConvolveMatrix::setKernelSize): (WebCore::FEConvolveMatrix::setDivisor): (WebCore::FEConvolveMatrix::setKernelUnitLength): * svg/SVGFEConvolveMatrixElement.cpp: (WebCore::SVGFEConvolveMatrixElement::parseAttribute): (WebCore::SVGFEConvolveMatrixElement::build): 2012-04-26 Allan Sandfeld Jensen <allan.jensen@nokia.com> Move WebKit1 specific conversion of touch-events to WebKit1. https://bugs.webkit.org/show_bug.cgi?id=84951 Reviewed by Kenneth Rohde Christiansen. No change in functionality. No new tests. * Target.pri: * platform/PlatformTouchEvent.h: (PlatformTouchEvent): * platform/PlatformTouchPoint.h: (PlatformTouchPoint): * platform/qt/PlatformTouchEventQt.cpp: Removed. * platform/qt/PlatformTouchPointQt.cpp: Removed. 2012-04-26 Nikolas Zimmermann <nzimmermann@rim.com> Share code used to animate numbers types between all animators https://bugs.webkit.org/show_bug.cgi?id=84945 Reviewed by Antti Koivisto. Refactor animateAdditiveNumber() from SVGAnimatedNumberAnimator into SVGAnimationElement, to reuse it for all primitives. Converted most primitives to use the new code. Lists, paths, colors are still todo. Doesn't affect any tests. * svg/SVGAnimatedAngle.cpp: (WebCore::SVGAnimatedAngleAnimator::calculateAnimatedValue): * svg/SVGAnimatedInteger.cpp: (WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedInteger): (WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedValue): * svg/SVGAnimatedInteger.h: (SVGAnimatedIntegerAnimator): * svg/SVGAnimatedIntegerOptionalInteger.cpp: (WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::addAnimatedTypes): (WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::calculateAnimatedValue): * svg/SVGAnimatedLength.cpp: (WebCore::SVGAnimatedLengthAnimator::calculateAnimatedValue): * svg/SVGAnimatedLengthList.cpp: (WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumber.cpp: (WebCore::SVGAnimatedNumberAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumber.h: * svg/SVGAnimatedNumberList.cpp: (WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumberOptionalNumber.cpp: (WebCore::SVGAnimatedNumberOptionalNumberAnimator::addAnimatedTypes): (WebCore::SVGAnimatedNumberOptionalNumberAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumberOptionalNumber.h: * svg/SVGAnimatedRect.cpp: (WebCore::SVGAnimatedRectAnimator::calculateAnimatedValue): * svg/SVGAnimationElement.h: (WebCore::SVGAnimationElement::animateAdditiveNumber): (SVGAnimationElement): 2012-04-26 Ryosuke Niwa <rniwa@webkit.org> Forgotten build fix after r115227. * css/StylePropertySet.cpp: (WebCore::StylePropertySet::get4Values): 2012-04-26 Mihnea Ovidenie <mihnea@adobe.com> Crash when collecting svg symbol element in named flow. https://bugs.webkit.org/show_bug.cgi?id=84493 Reviewed by David Hyatt. Test: fast/regions/symbol-in-named-flow-crash.svg * dom/Element.cpp: (WebCore::Element::~Element): Add an assert that an element that was collected into a named flow was already removed at this point (when the document is not in the process of destruction) (WebCore::Element::unregisterNamedFlowContentNode): Created a new function for unregistering a content node. In the future, this function may be used for content nodes from shadow dom. (WebCore::Element::detach): * dom/Element.h: (Element): * dom/NodeRenderingContext.cpp: (WebCore::NodeRenderingContext::moveToFlowThreadIfNeeded): Prevent elements that are part of shadow dom to be collected into a named flow. 2012-04-26 Nikolas Zimmermann <nzimmermann@rim.com> Share code used to animate discrete types between all animators https://bugs.webkit.org/show_bug.cgi?id=84853 Reviewed by Andreas Kling. Share by-animation handling for non-additive types in a central method in SVGAnimatedTypeAnimator, to be reusable by SVGAnimatedBoolean/Enumeration/PreserveAspectRatio/String. Add a new test covering these animations have no effect. Test: svg/animations/non-additive-type-by-animation.html * svg/SVGAnimateElement.cpp: (WebCore::SVGAnimateElement::calculateFromAndByValues): (WebCore::SVGAnimateElement::isAdditive): * svg/SVGAnimateElement.h: (SVGAnimateElement): * svg/SVGAnimateMotionElement.cpp: (WebCore::SVGAnimateMotionElement::calculateFromAndByValues): * svg/SVGAnimatedBoolean.cpp: (WebCore::isTrueString): (WebCore::SVGAnimatedBooleanAnimator::constructFromString): (WebCore::SVGAnimatedBooleanAnimator::addAnimatedTypes): (WebCore::SVGAnimatedBooleanAnimator::calculateAnimatedValue): * svg/SVGAnimatedEnumeration.cpp: (WebCore::SVGAnimatedEnumerationAnimator::addAnimatedTypes): (WebCore::SVGAnimatedEnumerationAnimator::calculateAnimatedValue): * svg/SVGAnimatedPreserveAspectRatio.cpp: (WebCore::SVGAnimatedPreserveAspectRatioAnimator::addAnimatedTypes): (WebCore::SVGAnimatedPreserveAspectRatioAnimator::calculateAnimatedValue): * svg/SVGAnimatedString.cpp: (WebCore::SVGAnimatedStringAnimator::addAnimatedTypes): (WebCore::SVGAnimatedStringAnimator::calculateAnimatedValue): * svg/SVGAnimationElement.cpp: (WebCore::SVGAnimationElement::startedActiveInterval): * svg/SVGAnimationElement.h: (SVGAnimationElement): (WebCore::SVGAnimationElement::animateDiscreteType): 2012-04-26 Chris Fleizach2 <cfleizach@apple.com> CrashTracer: [USER] 157 crashes in WebProcess at com.apple.WebCore: WebCore::AccessibilityRenderObject::isAttachment const + 29 https://bugs.webkit.org/show_bug.cgi?id=84463 Reviewed by Darin Adler. Accessibility was not being enabled when WK2 was asking only for the focused UI element. No layout test could be written because the WKTestRunner mechanism works differently when asking for this. * accessibility/AXObjectCache.cpp: (WebCore::AXObjectCache::focusedUIElementForPage): (WebCore::AXObjectCache::rootObject): (WebCore::AXObjectCache::rootObjectForFrame): 2012-04-25 Dana Jansens <danakj@chromium.org> [chromium] Remove guarded virtual methods from WebFilterOperation API https://bugs.webkit.org/show_bug.cgi?id=84926 Reviewed by James Robinson. * WebCore.gypi: * platform/chromium/support/WebFilterOperation.cpp: Removed. * platform/chromium/support/WebFilterOperations.cpp: (WebKit::WebFilterOperations::append): 2012-04-25 Benjamin Poulain <benjamin@webkit.org> Add a version of StringImpl::find() without offset https://bugs.webkit.org/show_bug.cgi?id=83968 Reviewed by Sam Weinig. Remove the zero offset of the find() functions on strings. * html/parser/XSSAuditor.cpp: (WebCore::XSSAuditor::init): * platform/network/ResourceResponseBase.cpp: (WebCore::trimToNextSeparator): (WebCore::parseCacheHeader): 2012-04-25 Mark Hahnenberg <mhahnenberg@apple.com> WebCore shouldn't call collectAllGarbage directly https://bugs.webkit.org/show_bug.cgi?id=84897 Reviewed by Geoffrey Garen. No new tests. Currently, GCController calls Heap::collectAllGarbage directly, which leads to an overload of collections as the timer in GCController and the timer in GCActivityCallback compete for collection time and fire independently. As a result, we end up doing almost 600 full collections during an in-browser run of SunSpider, or 20 full collections on a single load of TechCrunch. We can do better by preventing WebCore from calling collectAllGarbage directly and instead going through Heap::reportAbandonedObjectGraph, since that is what WebCore is trying to do--notify the Heap that a lot of garbage may have just been generated when we left a page. * WebCore.exp.in: * bindings/js/GCController.cpp: Removed all timer stuff. (WebCore::GCController::GCController): (WebCore::GCController::garbageCollectSoon): Changed to call Heap::reportAbandonedObjectGraph. (WebCore::GCController::garbageCollectNow): Changed to still directly call collectAllGarbage. We will deprecate this function soon hopefully. * bindings/js/GCController.h: Removed timer stuff. (GCController): * bindings/js/ScriptProfiler.cpp: (WebCore::ScriptProfiler::collectGarbage): Changed to call garbageCollectSoon. 2012-04-25 James Robinson <jamesr@chromium.org> [chromium] REGRESSION(112286) Compositor initialization blocks for program compilation / linking https://bugs.webkit.org/show_bug.cgi?id=84822 Reviewed by Adrienne Walker. r112286 introduced a subtle regression in the chromium compositor startup sequence - by querying the texture copy program's uniform location at the end of LayerRendererChromium::initialize(), the compositor's thread was blocked until the service side compiled _all_ eagerly initialized shaders. The intent of the way the compositor programs are created is that a set of commonly-used programs are sent to the service side, but no blocking calls are made until after we go through the first paint (with the hope that the service side will complete the compilation by then). Fixed by moving program initialization (which also grabs uniform locations) until the first actual use of the copier. It may be worth deferring the program initialization completely if it's not used very often. Added unit test in LayerRendererChromiumTests to make sure LRC initialization does not make any synchronous calls (like getUniformLocation()). * platform/graphics/chromium/TextureCopier.cpp: (WebCore::AcceleratedTextureCopier::AcceleratedTextureCopier): (WebCore::AcceleratedTextureCopier::copyTexture): 2012-04-25 Jason Liu <jason.liu@torchmobile.com.cn> [BlackBerry] Authenticated proxy isn't working. https://bugs.webkit.org/show_bug.cgi?id=84579 Reviewed by Antonio Gomes. We should try to get username and password from WiFi advanced configuration first when 407 is received. No new tests. This is covered by existing http tests when proxy's username and password are configured for WiFi. * platform/network/blackberry/NetworkJob.cpp: (WebCore::NetworkJob::sendRequestWithCredentials): 2012-04-25 Alec Flett <alecflett@chromium.org> IndexedDB: implement cursor.advance() https://bugs.webkit.org/show_bug.cgi?id=84174 Reviewed by Ojan Vafai. Implement IDBCursor.advance() to spec. Test: storage/indexeddb/cursor-advance.html * Modules/indexeddb/IDBBackingStore.h: * Modules/indexeddb/IDBCursor.cpp: (WebCore::IDBCursor::advance): (WebCore): * Modules/indexeddb/IDBCursor.h: (IDBCursor): * Modules/indexeddb/IDBCursor.idl: * Modules/indexeddb/IDBCursorBackendImpl.cpp: (WebCore::IDBCursorBackendImpl::advance): (WebCore): (WebCore::IDBCursorBackendImpl::advanceInternal): * Modules/indexeddb/IDBCursorBackendImpl.h: (IDBCursorBackendImpl): * Modules/indexeddb/IDBCursorBackendInterface.h: * Modules/indexeddb/IDBLevelDBBackingStore.cpp: (WebCore): 2012-04-24 Adrienne Walker <enne@google.com> [chromium] Hold video provider lock from willDraw to didDraw https://bugs.webkit.org/show_bug.cgi?id=84805 Reviewed by James Robinson. * platform/graphics/chromium/cc/CCVideoLayerImpl.cpp: (WebCore::CCVideoLayerImpl::willDraw): (WebCore): (WebCore::CCVideoLayerImpl::willDrawInternal): (WebCore::CCVideoLayerImpl::appendQuads): (WebCore::CCVideoLayerImpl::didDraw): * platform/graphics/chromium/cc/CCVideoLayerImpl.h: 2012-04-25 Adrienne Walker <enne@google.com> [chromium] Prevent CCLayerImpl::willDraw/didDraw mismatches https://bugs.webkit.org/show_bug.cgi?id=84812 Reviewed by James Robinson. Because some layers lock/unlock resources, it needs to be guaranteed that if willDraw is called on a layer then didDraw will also be called on that layer before another willDraw or before layer destruction. Add asserts to make sure that this is the case. willDraw is called via CCLayerTreeHostImpl::prepareToDraw -> calculateRenderPasses. didDraw was previously called in CCLayerTreeHostImpl::drawLayers. Sometimes drawLayers was being skipped by the caller of these functions based on what prepareToDraw returned (causing didDraw to not be called). Fix this by having an explicit step to call didDraw on all layers. This new didDrawAllLayers function must be called if and only if prepareToDraw is called. Tested by existing tests via new asserts in CCLayerImpl. * platform/graphics/chromium/cc/CCLayerImpl.cpp: (WebCore::CCLayerImpl::CCLayerImpl): (WebCore::CCLayerImpl::~CCLayerImpl): (WebCore::CCLayerImpl::willDraw): (WebCore): (WebCore::CCLayerImpl::didDraw): * platform/graphics/chromium/cc/CCLayerImpl.h: (CCLayerImpl): * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp: (WebCore::CCLayerTreeHostImpl::drawLayers): (WebCore::CCLayerTreeHostImpl::didDrawAllLayers): (WebCore): * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h: (CCLayerTreeHostImpl): * platform/graphics/chromium/cc/CCScrollbarLayerImpl.cpp: (WebCore::CCScrollbarLayerImpl::willDraw): (WebCore::CCScrollbarLayerImpl::didDraw): * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp: (WebCore::CCSingleThreadProxy::doComposite): * platform/graphics/chromium/cc/CCTextureLayerImpl.cpp: (WebCore::CCTextureLayerImpl::willDraw): * platform/graphics/chromium/cc/CCThreadProxy.cpp: (WebCore::CCThreadProxy::scheduledActionDrawAndSwapInternal): * platform/graphics/chromium/cc/CCVideoLayerImpl.cpp: (WebCore::CCVideoLayerImpl::willDraw): (WebCore::CCVideoLayerImpl::didDraw): 2012-04-24 Kent Tamura <tkent@chromium.org> Calendar Picker: Resize to minimal size to fit the content https://bugs.webkit.org/show_bug.cgi?id=84826 Reviewed by Hajime Morita. Using fixed-size popup isn't nice. The calender picker popup size should be minimal. The minimal size depends on font settings, localized labels, and localized formats. So we put visible objects on a transparent element, calculate minimal size, resize the popup, then show the objects. * Resources/calendarPicker.css: (body): Don't use purple. It was for debugging purpose. The body is visible for a short period becuse we use transparent element. (#main): - Add nowrap to avoid text wrapping. - Add wider width to avoid wrapping. - Add opacity to hide incomplete layout. (.year-month-upper): Don't set flexible box yet. (.month-selector-box): Fix incorrect display value. (.days-area): Don't set table-layout:fixed and width:100% in order that it has the minimal width. * Resources/calendarPicker.js: (initialize): Make a new functio to resize. (fixWindowSize): Compute the required width from the right edge of the next year button, the maximum cell width, and so on. Then, set CSS properties to have correct layout. (YearMonthController.prototype.attachTo): Set min-width property for a long year-month string. (YearMonthController.prototype._showPopup): Center the _monthPopup vertically. * html/shadow/CalendarPickerElement.cpp: (WebCore::CalendarPickerElement::contentSize): Specify small size for the initial size. It's better than showing a large window then shrink the size. * page/PagePopupClient.h: (PagePopupClient): Remove a false comment. We should support resize*(). 2012-04-25 Kent Tamura <tkent@chromium.org> Unreviewed. Sort Xcode project file. * WebCore.xcodeproj/project.pbxproj: 2012-04-25 Alpha Lam <hclam@chromium.org> Unreviewed, rolling out r115260. http://trac.webkit.org/changeset/115260 https://bugs.webkit.org/show_bug.cgi?id=84467 r115260 is crashing a list of IndexDB tests, revert. * Modules/indexeddb/IDBLevelDBBackingStore.cpp: (WebCore): * platform/leveldb/LevelDBTransaction.cpp: (WebCore::LevelDBTransaction::TransactionIterator::refreshTreeIterator): (WebCore::LevelDBTransaction::TransactionIterator::handleConflictsAndDeletes): * platform/leveldb/LevelDBTransaction.h: (TransactionIterator): 2012-04-25 James Simonsen <simonjam@chromium.org> [Web Timing] Add a vendor-prefixed Performance Timeline API https://bugs.webkit.org/show_bug.cgi?id=80350 As described here: http://dvcs.w3.org/hg/webperf/raw-file/tip/specs/PerformanceTimeline/Overview.html The API is there and should be correct, but it isn't particularly useful, because nothing is populated. Upcoming changes will add Navigation Timing and Resource Timing. Reviewed by Tony Gentilcore. No new tests. Functionality is disabled on all platforms. * CMakeLists.txt: Added PerformanceEntry* files. * DerivedSources.pri: Ditto. * GNUmakefile.list.am: Ditto. * WebCore.gypi: Ditto. * WebCore.vcproj/WebCore.vcproj: Ditto. * WebCore.xcodeproj/project.pbxproj: Ditto. * page/Performance.cpp: (WebCore::Performance::webkitGetEntries): Added. (WebCore::Performance::webkitGetEntriesByType): Added. (WebCore::Performance::webkitGetEntriesByName): Added. * page/Performance.h: (Performance): * page/Performance.idl: * page/PerformanceEntry.cpp: Added. (WebCore): (WebCore::PerformanceEntry::PerformanceEntry): (WebCore::PerformanceEntry::name): (WebCore::PerformanceEntry::entryType): (WebCore::PerformanceEntry::startTime): (WebCore::PerformanceEntry::duration): * page/PerformanceEntry.h: Added. (WebCore): (PerformanceEntry): * page/PerformanceEntry.idl: Added. * page/PerformanceEntryList.cpp: Added. (WebCore): (WebCore::PerformanceEntryList::PerformanceEntryList): (WebCore::PerformanceEntryList::~PerformanceEntryList): (WebCore::PerformanceEntryList::length): (WebCore::PerformanceEntryList::item): (WebCore::PerformanceEntryList::append): * page/PerformanceEntryList.h: Added. (WebCore): (PerformanceEntryList): (WebCore::PerformanceEntryList::create): * page/PerformanceEntryList.idl: Added. 2012-04-25 Benjamin Poulain <bpoulain@apple.com> Move convertJSMethodNameToObjc() to be a utility function of ObjcClass https://bugs.webkit.org/show_bug.cgi?id=84915 Reviewed by Darin Adler. The function convertJSMethodNameToObjc() is only useful for ObjcClass::methodsNamed(). This patch moves the function from objc_utility.mm to be a static function in objc_class.mm. It aims at simplifying the code for future changes of ObjcClass. * bridge/objc/objc_class.mm: (Bindings): (JSC::Bindings::convertJSMethodNameToObjc): * bridge/objc/objc_utility.h: * bridge/objc/objc_utility.mm: (Bindings): 2012-04-25 Kent Tamura <tkent@chromium.org> Unreviewed. Sort Xcode project file. * WebCore.xcodeproj/project.pbxproj: 2012-04-25 Greg Billock <gbillock@google.com> Implement object-literal constructor for the Intent object. https://bugs.webkit.org/show_bug.cgi?id=84220 Reviewed by Kentaro Hara. The use of the custom constructor will hopefully be temporary, as we plan to convert to just using the object literal constructor, which can then use codegen. See spec: http://dvcs.w3.org/hg/web-intents/raw-file/tip/spec/Overview.html Added support for the service and extras parameters in the Intent object to support the speced members in the object literal constructor. Added supporting accessor to Dictionary to retrieve a sub-Dictionary, and a utility to ScriptValue to serialize with ports. Test: webintents/web-intent-obj-constructor.html (WebCore): * Modules/intents/Intent.cpp: (WebCore::Intent::create): (WebCore::Intent::Intent): (WebCore::Intent::service): (WebCore): (WebCore::Intent::extras): * Modules/intents/Intent.h: (WebCore): (Intent): * Modules/intents/Intent.idl: * WebCore.gypi: * bindings/v8/Dictionary.cpp: (WebCore::Dictionary::get): (WebCore): * bindings/v8/Dictionary.h: (Dictionary): * bindings/v8/ScriptValue.cpp: (WebCore::ScriptValue::serialize): (WebCore): * bindings/v8/ScriptValue.h: (WTF): (WebCore): (ScriptValue): * bindings/v8/custom/V8IntentConstructor.cpp: Added. (WebCore): (WebCore::V8Intent::constructorCallback): 2012-04-25 Alexandru Chiculita <achicu@adobe.com> CSS Shaders: Use u_texture instead of s_texture. It was updated in the spec https://bugs.webkit.org/show_bug.cgi?id=82618 Reviewed by Dean Jackson. Changed the uniform name passed to the CSS Shaders from s_texture to u_texture. https://dvcs.w3.org/hg/FXTF/raw-file/tip/filters/index.html No new tests, just updating existing ones. * platform/graphics/filters/CustomFilterShader.cpp: (WebCore::CustomFilterShader::defaultFragmentShaderString): (WebCore::CustomFilterShader::initializeParameterLocations): 2012-04-25 Douglas Stockwell <dstockwell@chromium.org> IndexedDB: cursor does not correctly iterate over keys added and removed during iteration https://bugs.webkit.org/show_bug.cgi?id=84467 Reviewed by Ojan Vafai. Ensure that the iterator over the tree of cached adds/removes always points at the current key, or if the db iterator is current, the next key: - When refreshing the tree iterator after a mutation, always seek unless the tree iterator is current. - When handing conflicts and delete markers, only advance the tree iterator as far as the db iterator. Remove the expensive (and now redundant) logic that issued a get() to check whether an item had been deleted. Test: storage/indexeddb/cursor-added-bug.html * Modules/indexeddb/IDBLevelDBBackingStore.cpp: (WebCore): * platform/leveldb/LevelDBTransaction.cpp: (WebCore::LevelDBTransaction::TransactionIterator::refreshTreeIterator): (WebCore::LevelDBTransaction::TransactionIterator::handleConflictsAndDeletes): 2012-04-25 Antti Koivisto <antti@apple.com> Try to fix build with STYLE_SCOPED enabled. Not reviewed. * css/StyleResolver.cpp: (WebCore::StyleResolver::determineScope): 2012-04-25 Alec Flett <alecflett@chromium.org> IndexedDB: support openCursor(IDBKey) https://bugs.webkit.org/show_bug.cgi?id=84652 Reviewed by Ojan Vafai. Add signatures for openCursor/openKeyCursor(IDBKey). Test: storage/indexeddb/opencursor-key.html * Modules/indexeddb/IDBIndex.cpp: (WebCore::IDBIndex::openCursor): (WebCore): (WebCore::IDBIndex::openKeyCursor): * Modules/indexeddb/IDBIndex.h: (WebCore::IDBIndex::openCursor): (IDBIndex): (WebCore::IDBIndex::openKeyCursor): * Modules/indexeddb/IDBIndex.idl: * Modules/indexeddb/IDBObjectStore.cpp: (WebCore::IDBObjectStore::openCursor): (WebCore): * Modules/indexeddb/IDBObjectStore.h: (WebCore::IDBObjectStore::openCursor): (IDBObjectStore): * Modules/indexeddb/IDBObjectStore.idl: 2012-04-25 Antti Koivisto <antti@apple.com> Remove owner node pointer from StyleSheetInternal https://bugs.webkit.org/show_bug.cgi?id=84882 Reviewed by Andreas Kling. To make sharing between multiple nodes possible StyleSheetInternal should not have a Node pointer. - Make StyleSheetInternal constructor take CSSParserContext instead of Node* - Move owner node pointer to CSSStyleSheet. CSSStyleSheet now acts as a client for StyleSheetInternal. This gets us closer to being able to cache stylesheet data structures. * css/CSSImportRule.cpp: (WebCore::StyleRuleImport::setCSSStyleSheet): (WebCore::StyleRuleImport::requestStyleSheet): Setup CSSParserContext. Remove FIXME about updateBaseURL(). It is no longer possible to change URL of StyleSheetInternal. * css/CSSPageRule.cpp: (WebCore::CSSPageRule::setSelectorText): * css/CSSParser.cpp: (WebCore::CSSParserContext::CSSParserContext): * css/CSSParserMode.h: (CSSParserContext): Expand CSSParserContext constructors. * css/CSSStyleRule.cpp: (WebCore::CSSStyleRule::setSelectorText): * css/StyleResolver.cpp: (WebCore::StyleResolver::StyleResolver): (WebCore::StyleResolver::addAuthorRulesAndCollectUserRulesFromSheets): (WebCore::StyleResolver::collectMatchingRulesForList): * css/StyleResolver.h: (StyleResolver): * css/CSSStyleSheet.cpp: User stylesheets went back to being CSSStyleSheets. Adapt to that. (WebCore::StyleSheetInternal::StyleSheetInternal): (WebCore): (WebCore::StyleSheetInternal::checkLoaded): (WebCore::StyleSheetInternal::startLoadingDynamicSheet): (WebCore::StyleSheetInternal::rootStyleSheet): (WebCore::StyleSheetInternal::singleOwnerNode): (WebCore::StyleSheetInternal::singleOwnerDocument): (WebCore::StyleSheetInternal::styleSheetChanged): The owner node is now located through CSSStyleSheet. Only one client is supported atm. (WebCore::StyleSheetInternal::registerClient): (WebCore::StyleSheetInternal::unregisterClient): Register CSSStyleSheets. (WebCore::CSSStyleSheet::CSSStyleSheet): (WebCore::CSSStyleSheet::~CSSStyleSheet): (WebCore::CSSStyleSheet::rules): (WebCore::CSSStyleSheet::cssRules): (WebCore::CSSStyleSheet::ownerDocument): * css/CSSStyleSheet.h: (WebCore::StyleSheetInternal::create): (WebCore::StyleSheetInternal::createInline): (StyleSheetInternal): (WebCore::CSSStyleSheet::create): (CSSStyleSheet): Moved m_ownerNode. Changed constructors Removed setFinalURL(). * css/PropertySetCSSStyleDeclaration.cpp: (WebCore::StyleRuleCSSStyleDeclaration::setNeedsStyleRecalc): * dom/Document.cpp: (WebCore::Document::updateBaseURL): Instead of setFinalURL, construct a new StyleSheetInternal if the base url ever changes. (WebCore::Document::pageUserSheet): (WebCore::Document::pageGroupUserSheets): (WebCore::Document::addUserSheet): (WebCore::Document::elementSheet): * dom/Document.h: (Document): (WebCore::Document::documentUserSheets): Adapt to the new interface. Turned user stylesheets CSSStyleSheets so they can find the owner node. * dom/ProcessingInstruction.cpp: (WebCore::ProcessingInstruction::setCSSStyleSheet): * dom/StyleElement.cpp: (WebCore::StyleElement::createSheet): * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::setCSSStyleSheet): * inspector/InspectorCSSAgent.cpp: (WebCore::SelectorProfile::startSelector): (WebCore::InspectorCSSAgent::bindStyleSheet): * inspector/InspectorStyleSheet.cpp: (WebCore::fillMediaListChain): (WebCore::InspectorStyleSheet::ownerDocument): * page/PageSerializer.cpp: (WebCore::PageSerializer::serializeCSSStyleSheet): 2012-04-25 Adam Klein <adamk@chromium.org> Fix uninitialized variable warnings in PasteboardMac.mm after 115145 https://bugs.webkit.org/show_bug.cgi?id=84879 Reviewed by Enrica Casucci. * platform/mac/PasteboardMac.mm: (WebCore::Pasteboard::getDataSelection): Initialize attributedString to nil. (WebCore::Pasteboard::writeSelectionForTypes): ditto. 2012-04-25 Kenneth Russell <kbr@google.com> Delete CanvasPixelArray, ByteArray, JSByteArray and JSC code once unreferenced https://bugs.webkit.org/show_bug.cgi?id=83655 Reviewed by Oliver Hunt. Removed last few references to ByteArray, replacing with Uint8ClampedArray as necessary, and deleted now-obsolete CanvasPixelArray, ByteArray and JSByteArray. Removed code from JavaScriptCore special-casing ByteArray. No new tests. Did full layout test run on Mac OS; no regressions seen from this change. * CMakeLists.txt: * DerivedSources.pri: * ForwardingHeaders/runtime/JSByteArray.h: Removed. * GNUmakefile.list.am: * PlatformBlackBerry.cmake: * Target.pri: * UseV8.cmake: * WebCore.gypi: * WebCore.order: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: * bindings/v8/SerializedScriptValue.cpp: * bindings/v8/V8Binding.h: (WebCore::isHostObject): * bindings/v8/custom/V8CanvasPixelArrayCustom.cpp: Removed. * bindings/v8/custom/V8InjectedScriptHostCustom.cpp: (WebCore::V8InjectedScriptHost::typeCallback): * bridge/qt/qt_runtime.cpp: (JSC::Bindings::isJSUint8ClampedArray): (Bindings): (JSC::Bindings::valueRealType): (JSC::Bindings::convertValueToQVariant): (JSC::Bindings::convertQVariantToValue): * html/canvas/CanvasPixelArray.cpp: Removed. * html/canvas/CanvasPixelArray.h: Removed. * html/canvas/CanvasPixelArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore): * platform/graphics/filters/FEConvolveMatrix.h: * rendering/svg/RenderSVGResourceMasker.cpp: 2012-04-25 Alpha Lam <hclam@chromium.org> Unreviewed build fix. Build fix for compilation failure due to r115243. * platform/graphics/chromium/LayerChromium.h: (WebCore): 2012-04-25 Ryosuke Niwa <rniwa@webkit.org> Build fix after r115227. Return null string when the string builder is empty to match the old behavior. * css/StylePropertySet.cpp: (WebCore::StylePropertySet::borderPropertyValue): 2012-04-25 Ian Vollick <vollick@chromium.org> [chromium] Add support for animation finished events. https://bugs.webkit.org/show_bug.cgi?id=84454 Reviewed by James Robinson. Tested in CCLayerTreeHostTestAnimationFinishedEvents * platform/graphics/chromium/GraphicsLayerChromium.cpp: (WebCore::GraphicsLayerChromium::willBeDestroyed): (WebCore::GraphicsLayerChromium::notifyAnimationFinished): (WebCore): * platform/graphics/chromium/GraphicsLayerChromium.h: * platform/graphics/chromium/LayerChromium.cpp: (WebCore::LayerChromium::notifyAnimationStarted): (WebCore::LayerChromium::notifyAnimationFinished): (WebCore): * platform/graphics/chromium/LayerChromium.h: (WebCore): (LayerChromium): * platform/graphics/chromium/cc/CCAnimationEvents.h: (WebCore::CCAnimationEvent::CCAnimationEvent): (CCAnimationEvent): (WebCore): * platform/graphics/chromium/cc/CCLayerAnimationController.cpp: (WebCore::CCLayerAnimationController::animate): (WebCore::CCLayerAnimationController::notifyAnimationStarted): (WebCore::CCLayerAnimationController::startAnimationsWaitingForNextTick): (WebCore::CCLayerAnimationController::startAnimationsWaitingForStartTime): (WebCore::CCLayerAnimationController::startAnimationsWaitingForTargetAvailability): (WebCore::CCLayerAnimationController::purgeFinishedAnimations): * platform/graphics/chromium/cc/CCLayerAnimationController.h: (CCLayerAnimationController): * platform/graphics/chromium/cc/CCLayerAnimationDelegate.h: (CCLayerAnimationDelegate): * platform/graphics/chromium/cc/CCLayerTreeHost.cpp: (WebCore::CCLayerTreeHost::setAnimationEventsRecursive): 2012-04-25 Enrica Casucci <enrica@apple.com> REGRESSION (r110494): Dragging images from Safari to Finder results in .webloc rather than image file https://bugs.webkit.org/show_bug.cgi?id=84878 <rdar://problem/11155407> In WebKit2, it could happen to try to start the drag twice, given the asynchronous nature of the communication between the UI process and the WebProcess. We need to guarantee that we don't do that, otherwise on OS X the pasteboard ownership gets changed which affects the promised file types. Reviewed by Alexey Proskuryakov. * page/EventHandler.cpp: (WebCore::EventHandler::handleDrag): Reset m_mouseDownMayStartDrag to false to avoid attempting to start another drag. 2012-04-25 Andreas Kling <kling@webkit.org> Remove unused Attribute constructor. Semi-knowingly rubber-stamped by Antti Koivisto. * dom/Attribute.h: 2012-04-25 Nate Chapin <japhet@chromium.org> Crash in CachedRawResource::didAddClient() due to missing protector. https://bugs.webkit.org/show_bug.cgi?id=83632 Reviewed by Eric Seidel. Test: http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash.html * loader/cache/CachedRawResource.cpp: (WebCore::CachedRawResource::didAddClient): 2012-04-25 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to SerializedScriptValue::deserialize() https://bugs.webkit.org/show_bug.cgi?id=84758 Reviewed by Nate Chapin. The objective is to pass Isolate around. This patch passes Isolate to SerializedScriptValue::deserialize(). No tests. No change in behavior. * bindings/v8/custom/V8HistoryCustom.cpp: (WebCore::V8History::stateAccessorGetter): * bindings/v8/custom/V8IDBAnyCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8MessageEventCustom.cpp: (WebCore::V8MessageEvent::dataAccessorGetter): * bindings/v8/custom/V8PopStateEventCustom.cpp: (WebCore::V8PopStateEvent::stateAccessorGetter): 2012-04-25 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to SerializedScriptValue::create() in custom bindings https://bugs.webkit.org/show_bug.cgi?id=84757 Reviewed by Nate Chapin. The objective is to pass Isolate around in V8 bindings. This patch passes Isolate to SerializedScriptValue::create() in custom bindings. No tests. No change in behavior. * bindings/v8/custom/V8DOMWindowCustom.cpp: (WebCore::handlePostMessageCallback): * bindings/v8/custom/V8DedicatedWorkerContextCustom.cpp: (WebCore::handlePostMessageCallback): * bindings/v8/custom/V8HistoryCustom.cpp: (WebCore::V8History::pushStateCallback): (WebCore::V8History::replaceStateCallback): * bindings/v8/custom/V8MessagePortCustom.cpp: (WebCore::handlePostMessageCallback): * bindings/v8/custom/V8WorkerCustom.cpp: (WebCore::handlePostMessageCallback): 2012-04-25 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to SerializedScriptValue::create() in CodeGeneratorV8.pm https://bugs.webkit.org/show_bug.cgi?id=84753 Reviewed by Nate Chapin. The objective is to pass Isolate around in V8 bindings. This patch passes Isolate to SerializedScriptValue::create() in CodeGeneratorV8.pm. Tests: bindings/scripts/test/TestObj.idl bindings/scripts/test/TestSerializedScriptValueInterface.idl * bindings/scripts/CodeGeneratorV8.pm: (GenerateNormalAttrSetter): (GenerateParametersCheck): (JSValueToNative): * bindings/scripts/test/V8/V8TestObj.cpp: Updated run-bindings-tests results. (WebCore::TestObjV8Internal::intSequenceAttrAttrGetter): (WebCore::TestObjV8Internal::shortSequenceAttrAttrGetter): (WebCore::TestObjV8Internal::longSequenceAttrAttrGetter): (WebCore::TestObjV8Internal::longLongSequenceAttrAttrGetter): (WebCore::TestObjV8Internal::unsignedIntSequenceAttrAttrGetter): (WebCore::TestObjV8Internal::unsignedShortSequenceAttrAttrGetter): (WebCore::TestObjV8Internal::unsignedLongSequenceAttrAttrGetter): (WebCore::TestObjV8Internal::unsignedLongLongSequenceAttrAttrGetter): (WebCore::TestObjV8Internal::floatSequenceAttrAttrGetter): (WebCore::TestObjV8Internal::doubleSequenceAttrAttrGetter): (WebCore::TestObjV8Internal::booleanSequenceAttrAttrGetter): (WebCore::TestObjV8Internal::voidSequenceAttrAttrGetter): (WebCore::TestObjV8Internal::dateSequenceAttrAttrGetter): (WebCore::TestObjV8Internal::serializedValueCallback): * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp: (WebCore::TestSerializedScriptValueInterfaceV8Internal::valueAttrSetter): (WebCore::TestSerializedScriptValueInterfaceV8Internal::cachedValueAttrSetter): (WebCore::TestSerializedScriptValueInterfaceV8Internal::acceptTransferListCallback): (WebCore::TestSerializedScriptValueInterfaceV8Internal::multiTransferListCallback): (WebCore::V8TestSerializedScriptValueInterface::constructorCallback): 2012-04-25 Kentaro Hara <haraken@chromium.org> [V8] Add m_isolate to SerializedScriptValue::Writer and SerializedScriptValue::Reader https://bugs.webkit.org/show_bug.cgi?id=84739 Reviewed by Nate Chapin. This is the second step to pass Isolate around in SerializedScriptValue. This patch adds m_isolate to SerializedScriptValue::Writer and SerializedScriptValue::Reader, so that they can use the isolate around. The fix is safe since Writer and Reader are guaranteed to be used by one Isolate. No tests. No change in behavior. * bindings/v8/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::create): (WebCore::SerializedScriptValue::nullValue): (WebCore::SerializedScriptValue::undefinedValue): (WebCore::SerializedScriptValue::booleanValue): (WebCore::SerializedScriptValue::numberValue): (WebCore::SerializedScriptValue::SerializedScriptValue): (WebCore::SerializedScriptValue::deserialize): * bindings/v8/SerializedScriptValue.h: (SerializedScriptValue): 2012-04-25 Kentaro Hara <haraken@chromium.org> [V8] Make the Isolate* parameter non-optional in setDOMException() https://bugs.webkit.org/show_bug.cgi?id=84736 Reviewed by Nate Chapin. Now all setDOMException() callers pass Isolate* to setDOMException(). This patch makes the Isolate* parameter non-optional. No tests. No change in behavior. * bindings/v8/V8Proxy.h: (V8Proxy): 2012-04-24 Ryosuke Niwa <rniwa@webkit.org> REGRESSION(r112177): listStyleType CSS property gets converted into listStyle https://bugs.webkit.org/show_bug.cgi?id=83026 Reviewed by Darin Adler. Fixed the bug by not using shorthand notations when some values are missing. However, we still want to return a value when shorthand border property is explicitly requested so extract borderPropertyValue with a flag to support both behaviors. * css/StylePropertySet.cpp: (WebCore::borderPropertyValue): Extracted from getPropertyValue. (WebCore::StylePropertySet::getPropertyValue): (WebCore::StylePropertySet::get4Values): Don't return values when priority don't match. (WebCore::StylePropertySet::getShorthandValue): (WebCore::StylePropertySet::getCommonValue): Don't return null string for initial values to disambiguate missing values and "initial" in getPropertyValue. Also check propriety. (WebCore::StylePropertySet::asText): Support emitting border-width, border-style, and border-color when border doesn't work but the former properties do. 2012-04-25 Ian Vollick <vollick@chromium.org> [chromium] Do not clobber synchronized start times. https://bugs.webkit.org/show_bug.cgi?id=84605 Reviewed by James Robinson. Tested in CCLayerAnimationControllerTest.doNotClobberStartTimes (WebCore): * platform/graphics/chromium/cc/CCActiveAnimation.h: (CCActiveAnimation): (WebCore::CCActiveAnimation::hasSetStartTime): * platform/graphics/chromium/cc/CCLayerAnimationController.cpp: (WebCore::CCLayerAnimationController::startAnimationsWaitingForNextTick): (WebCore::CCLayerAnimationController::startAnimationsWaitingForTargetAvailability): 2012-04-25 Nate Chapin <japhet@chromium.org> REGRESSION (r100311): YummySoup app crashes when trying to print https://bugs.webkit.org/show_bug.cgi?id=83918 Reviewed by Alexey Proskuryakov. Test: http/tests/xmlhttprequest/cancel-during-failure-crash.html * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::didFail): Set m_calledDidFinishLoad when calling didFailToLoad() to prevent it from getting called twice if we cancel re-entrantly. 2012-04-25 Alexis Menard <alexis.menard@openbossa.org> Not reviewed, fix Windows build after r115215. * css/CSSAllInOne.cpp: 2012-04-25 Eric Carlson <eric.carlson@apple.com> Not reviewed, attempt to fix Windows build after r115215. * css/CSSAllInOne.cpp: Don't try to include CSSStyleSelector.cpp. 2012-04-25 Mark Pilgrim <pilgrim@chromium.org> [Chromium] Call actualMemoryUsageMB directly https://bugs.webkit.org/show_bug.cgi?id=84837 Reviewed by Kentaro Hara. Part of a refactoring series. See tracking bug 82948. * bindings/v8/V8DOMWindowShell.cpp: (WebCore::reportFatalErrorInV8): * bindings/v8/V8GCController.cpp: (WebCore): * platform/MemoryUsageSupport.cpp: (WebCore::MemoryUsageSupport::actualMemoryUsageMB): (WebCore): * platform/MemoryUsageSupport.h: (MemoryUsageSupport): * platform/chromium/MemoryUsageSupportChromium.cpp: (WebCore::MemoryUsageSupport::actualMemoryUsageMB): (WebCore): * platform/chromium/PlatformSupport.h: (PlatformSupport): 2012-04-25 Alexis Menard <alexis.menard@openbossa.org> Rename CSSStyleSelector files to StyleResolver. https://bugs.webkit.org/show_bug.cgi?id=84814 Reviewed by Antti Koivisto. Rename CSSStyleSelector files to match the new class name StyleResolver. Update the includes all over the code base to the new name. No new tests : renaming files, no behavior changes expected. * CMakeLists.txt: * GNUmakefile.list.am: * Target.pri: * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: * css/CSSAllInOne.cpp: * css/CSSCalculationValue.cpp: * css/CSSFontSelector.cpp: * css/CSSGradientValue.cpp: * css/MediaQueryEvaluator.cpp: * css/MediaQueryMatcher.cpp: * css/SVGCSSStyleSelector.cpp: * css/StyleBuilder.cpp: * css/StyleMedia.cpp: * css/StyleResolver.cpp: Renamed from Source/WebCore/css/CSSStyleSelector.cpp. (WebCore): (RuleData): (WebCore::RuleData::position): (WebCore::RuleData::rule): (WebCore::RuleData::selector): (WebCore::RuleData::hasFastCheckableSelector): (WebCore::RuleData::hasMultipartSelector): (WebCore::RuleData::hasRightmostSelectorMatchingHTMLBasedOnRuleHash): (WebCore::RuleData::containsUncommonAttributeSelector): (WebCore::RuleData::specificity): (WebCore::RuleData::linkMatchType): (WebCore::RuleData::hasDocumentSecurityOrigin): (WebCore::RuleData::isInRegionRule): (WebCore::RuleData::descendantSelectorIdentifierHashes): (SameSizeAsRuleData): (RuleSet): (WebCore::RuleSet::create): (WebCore::RuleSet::disableAutoShrinkToFit): (WebCore::RuleSet::features): (WebCore::RuleSet::idRules): (WebCore::RuleSet::classRules): (WebCore::RuleSet::tagRules): (WebCore::RuleSet::shadowPseudoElementRules): (WebCore::RuleSet::linkPseudoClassRules): (WebCore::RuleSet::focusPseudoClassRules): (WebCore::RuleSet::universalRules): (WebCore::RuleSet::pageRules): (WebCore::RuleSet::RuleSetSelectorPair::RuleSetSelectorPair): (RuleSetSelectorPair): (WebCore::elementCanUseSimpleDefaultStyle): (WebCore::screenEval): (WebCore::printEval): (WebCore::leftToRightDeclaration): (WebCore::rightToLeftDeclaration): (WebCore::StyleResolver::StyleResolver): (WebCore::StyleResolver::addAuthorRulesAndCollectUserRulesFromSheets): (WebCore::makeRuleSet): (WebCore::StyleResolver::collectFeatures): (WebCore::StyleResolver::determineScope): (WebCore::StyleResolver::ruleSetForScope): (WebCore::StyleResolver::appendAuthorStylesheets): (WebCore::StyleResolver::setupScopeStack): (WebCore::StyleResolver::pushScope): (WebCore::StyleResolver::popScope): (WebCore::StyleResolver::pushParentElement): (WebCore::StyleResolver::popParentElement): (WebCore::StyleResolver::pushParentShadowRoot): (WebCore::StyleResolver::popParentShadowRoot): (WebCore::StyleResolver::addKeyframeStyle): (WebCore::StyleResolver::~StyleResolver): (WebCore::StyleResolver::sweepMatchedPropertiesCache): (WebCore::StyleResolver::Features::Features): (WebCore::StyleResolver::Features::~Features): (WebCore::StyleResolver::Features::add): (WebCore::StyleResolver::Features::clear): (WebCore::parseUASheet): (WebCore::loadFullDefaultStyle): (WebCore::loadSimpleDefaultStyle): (WebCore::loadViewSourceStyle): (WebCore::ensureDefaultStyleSheetsForElement): (WebCore::StyleResolver::addMatchedProperties): (WebCore::StyleResolver::addElementStyleProperties): (WebCore::StyleResolver::collectMatchingRules): (WebCore::StyleResolver::collectMatchingRulesForRegion): (WebCore::StyleResolver::sortAndTransferMatchedRules): (WebCore::StyleResolver::matchScopedAuthorRules): (WebCore::StyleResolver::matchAuthorRules): (WebCore::StyleResolver::matchUserRules): (WebCore::StyleResolver::matchUARules): (MatchingUARulesScope): (WebCore::MatchingUARulesScope::MatchingUARulesScope): (WebCore::MatchingUARulesScope::~MatchingUARulesScope): (WebCore::MatchingUARulesScope::isMatchingUARules): (WebCore::StyleResolver::collectMatchingRulesForList): * css/StyleResolver.h: Renamed from Source/WebCore/css/CSSStyleSelector.h. (WebCore): (MediaQueryResult): (WebCore::MediaQueryResult::MediaQueryResult): (StyleResolver): (WebCore::StyleResolver::style): (WebCore::StyleResolver::parentStyle): (WebCore::StyleResolver::rootElementStyle): (WebCore::StyleResolver::element): (WebCore::StyleResolver::document): (WebCore::StyleResolver::fontDescription): (WebCore::StyleResolver::parentFontDescription): (WebCore::StyleResolver::setFontDescription): (WebCore::StyleResolver::setZoom): (WebCore::StyleResolver::setEffectiveZoom): (WebCore::StyleResolver::setTextSizeAdjust): (WebCore::StyleResolver::hasParentNode): (WebCore::StyleResolver::pushScope): (WebCore::StyleResolver::popScope): (WebCore::StyleResolver::setStyle): (WebCore::StyleResolver::fontSelector): (WebCore::StyleResolver::allVisitedStateChanged): (WebCore::StyleResolver::visitedStateChanged): (WebCore::StyleResolver::usesSiblingRules): (WebCore::StyleResolver::usesFirstLineRules): (WebCore::StyleResolver::usesBeforeAfterRules): (WebCore::StyleResolver::usesLinkRules): (WebCore::StyleResolver::RuleFeature::RuleFeature): (RuleFeature): (Features): (WebCore::StyleResolver::addMatchedRule): (WebCore::StyleResolver::MatchRanges::MatchRanges): (MatchRanges): (WebCore::StyleResolver::MatchedProperties::MatchedProperties): (MatchedProperties): (WebCore::StyleResolver::MatchResult::MatchResult): (MatchResult): (WebCore::StyleResolver::MatchOptions::MatchOptions): (MatchOptions): (WebCore::StyleResolver::isRightPage): (WebCore::StyleResolver::styleNotYetAvailable): (WebCore::StyleResolver::applyPropertyToRegularStyle): (WebCore::StyleResolver::applyPropertyToVisitedLinkStyle): (MatchedPropertiesCacheItem): (WebCore::StyleResolver::scopeStackIsConsistent): (WebCore::StyleResolver::ScopeStackFrame::ScopeStackFrame): (ScopeStackFrame): * css/WebKitCSSMatrix.cpp: * dom/Document.cpp: * dom/Element.cpp: * dom/Node.cpp: * dom/ShadowRoot.cpp: * dom/ShadowTree.cpp: * dom/StyledElement.cpp: * editing/ApplyStyleCommand.cpp: * editing/EditingStyle.cpp: * editing/Editor.cpp: * editing/markup.cpp: * history/CachedPage.cpp: * html/HTMLDocument.cpp: * html/HTMLLinkElement.cpp: * html/HTMLOptGroupElement.cpp: * html/HTMLOptionElement.cpp: * html/ValidationMessage.cpp: * html/canvas/CanvasRenderingContext2D.cpp: * html/shadow/MediaControlElements.cpp: * inspector/InspectorCSSAgent.cpp: * inspector/InspectorDOMAgent.cpp: * inspector/InspectorStyleSheet.cpp: * loader/LinkLoader.cpp: * page/DOMWindow.cpp: * page/FrameView.cpp: * page/Page.cpp: * page/animation/KeyframeAnimation.cpp: * platform/qt/RenderThemeQt.cpp: * platform/qt/RenderThemeQtMobile.cpp: * rendering/RenderLayer.cpp: * rendering/RenderLayerBacking.cpp: * rendering/RenderListBox.cpp: * rendering/RenderMenuList.cpp: * rendering/RenderObject.cpp: * rendering/RenderRegion.cpp: * rendering/RenderSlider.cpp: * rendering/RenderTextControlSingleLine.cpp: * rendering/RenderThemeMac.mm: * rendering/RenderThemeSafari.cpp: * rendering/style/RenderStyle.cpp: * rendering/style/StyleGeneratedImage.cpp: * rendering/style/StyleRareNonInheritedData.cpp: * rendering/svg/RenderSVGInlineText.cpp: * svg/SVGClipPathElement.cpp: * svg/SVGElement.cpp: * svg/SVGFontFaceElement.cpp: * svg/SVGGradientElement.cpp: * svg/SVGMaskElement.cpp: * svg/SVGUseElement.cpp: 2012-04-25 Crystal Zhang <haizhang@rim.com> https://bugs.webkit.org/show_bug.cgi?id=84875 make-css-file-arrays.pl now only take css files, make it also take js files, as for html popups we also need load js files. Reviewed by Antonio Gomes. * css/make-css-file-arrays.pl: 2012-04-25 Li Yin <li.yin@intel.com> [chromium][workers] setTargetType(ResourceRequest::TargetIsWorker) is repeatedly called in chromium https://bugs.webkit.org/show_bug.cgi?id=84542 Reviewed by David Levin. In chromium platform, the default value of m_targetType is ResourceRequest::TargetIsWorker it isn't necessary to call worker->m_scriptLoader->setTargetType(ResourceRequest::TargetIsWorker) again in Worker.cpp In chromium platform, the m_targettype value determines the priority of resource loaded. No new tests because this patch just deletes a repeated code, it can reduce code workload and can't impact any feature. If the target type isn't set correctly, the following test maybe fail because of timeout in the chromium. fast/workers/storage/multiple-transactions-on-different-handles.html fast/workers/storage/multiple-transactions-on-different-handles-sync.html fast/workers/storage/interrupt-database.html * workers/Worker.cpp: (WebCore::Worker::create): 2012-04-25 Yury Semikhatsky <yurys@chromium.org> Web Inspector: move HeapSnapshotLoader into a separate file https://bugs.webkit.org/show_bug.cgi?id=84860 Extracted HeapSnapshotLoader into its own file. Reviewed by Pavel Feldman. * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * inspector/compile-front-end.py: * inspector/front-end/HeapSnapshot.js: * inspector/front-end/HeapSnapshotLoader.js: Added. (WebInspector.HeapSnapshotLoader): (WebInspector.HeapSnapshotLoader.prototype._findBalancedCurlyBrackets): (WebInspector.HeapSnapshotLoader.prototype.finishLoading): (WebInspector.HeapSnapshotLoader.prototype._parseUintArray): (WebInspector.HeapSnapshotLoader.prototype._parseStringsArray): (WebInspector.HeapSnapshotLoader.prototype.pushJSONChunk): * inspector/front-end/WebKit.qrc: * inspector/front-end/inspector.html: 2012-04-25 'Pavel Feldman' <pfeldman@chromium.org> Not reviewed: inspector frontend tests fix. * inspector/front-end/ScriptsSearchScope.js: 2012-04-25 Ian Vollick <vollick@chromium.org> [chromium] Animations waiting for a synchronized start time should never be marked finished. https://bugs.webkit.org/show_bug.cgi?id=84519 Reviewed by James Robinson. Tested in CCLayerAnimationControllerTest.AnimationsWaitingForStartTimeDoNotFinishIfTheyWaitLongerToStartThanTheirDuration * platform/graphics/chromium/cc/CCLayerAnimationController.cpp: (WebCore::CCLayerAnimationController::tickAnimations): 2012-04-25 Pierre Rossi <pierre.rossi@gmail.com> [SVG] Nothing should be stroked when the stroke-width is 0 https://bugs.webkit.org/show_bug.cgi?id=83568 Reviewed by Nikolas Zimmermann. The spec states that "A zero value causes no stroke to be painted". We should avoid calling functions that could incorrectly paint something in that case. Test: svg/custom/path-zero-strokewidth.svg * rendering/style/SVGRenderStyle.h: (WebCore::SVGRenderStyle::hasVisibleStroke): * rendering/svg/RenderSVGEllipse.cpp: (WebCore::RenderSVGEllipse::strokeShape): Check if the stroke should be visible before painting. * rendering/svg/RenderSVGRect.cpp: (WebCore::RenderSVGRect::strokeShape): Ditto. * rendering/svg/RenderSVGShape.cpp: (WebCore::RenderSVGShape::strokeShape): Ditto. (WebCore::RenderSVGShape::strokePath): Ditto. * rendering/svg/SVGInlineTextBox.cpp: (WebCore::SVGInlineTextBox::paint): Dont call paintText for zero-width stroke. (WebCore::SVGInlineTextBox::paintDecoration): Ditto. 2012-04-25 Alexis Menard <alexis.menard@openbossa.org> Unfortunately http://trac.webkit.org/changeset/115055 was landed using webkit-patch land-from bug but didn't do the right thing, we lost the history. This commit is merging back CSSStyleApplyProperty.* and their history, rename the files to StyleBuilder and re-apply the two patches on trunk that were apply after the rename. Rename CSSStyleSelector class to StyleResolver. https://bugs.webkit.org/show_bug.cgi?id=84734 The name CSSStyleSelector is confusing as it conflicts a bit with the CSS concept of selectors. One could think it's an encapsulation of the CSS selectors but it's not, in fact this class is responsible of finding the RenderStyle for a given element. This is the first patch as I will later rename the files, and then rename the local variables. Replace occurences of style selector from variables and methods names by style resolver. https://bugs.webkit.org/show_bug.cgi?id=84765 Rename methods and variables to follow the new name StyleResolver. It requires to update the local variables, methods parameters, and function names to match the new name and to remove the concept of "selector" to avoid clashing with the CSS concept. The next and last patch will be to rename CSSStyleSelector file and update the includes. * css/StyleBuilder.cpp: Replaced with Source/WebCore/css/CSSStyleApplyProperty.cpp. (WebCore::ApplyPropertyExpanding::applyInheritValue): (WebCore::ApplyPropertyExpanding::applyInitialValue): (WebCore::ApplyPropertyExpanding::applyValue): (WebCore::ApplyPropertyDefaultBase::applyInheritValue): (WebCore::ApplyPropertyDefaultBase::applyInitialValue): (WebCore::ApplyPropertyDefaultBase::applyValue): (WebCore::ApplyPropertyDefault::applyValue): (WebCore::ApplyPropertyNumber::applyValue): (WebCore::ApplyPropertyStyleImage::applyValue): (WebCore::ApplyPropertyAuto::applyInheritValue): (WebCore::ApplyPropertyAuto::applyInitialValue): (WebCore::ApplyPropertyAuto::applyValue): (WebCore::ApplyPropertyClip::convertToLength): (WebCore::ApplyPropertyClip::applyInheritValue): (WebCore::ApplyPropertyClip::applyInitialValue): (WebCore::ApplyPropertyClip::applyValue): (WebCore::ApplyPropertyColor::applyInheritValue): (WebCore::ApplyPropertyColor::applyInitialValue): (WebCore::ApplyPropertyColor::applyValue): (WebCore::ApplyPropertyColor::applyColorValue): (WebCore::ApplyPropertyDirection::applyValue): (WebCore::ApplyPropertyLength::applyValue): (WebCore::ApplyPropertyString::applyValue): (WebCore::ApplyPropertyBorderRadius::applyValue): (WebCore::ApplyPropertyFillLayer::applyInheritValue): (WebCore::ApplyPropertyFillLayer::applyInitialValue): (WebCore::ApplyPropertyFillLayer::applyValue): (WebCore::ApplyPropertyComputeLength::applyValue): (WebCore::ApplyPropertyFont::applyInheritValue): (WebCore::ApplyPropertyFont::applyInitialValue): (WebCore::ApplyPropertyFont::applyValue): (WebCore::ApplyPropertyFontSize::applyInheritValue): (WebCore::ApplyPropertyFontSize::applyInitialValue): (WebCore::ApplyPropertyFontSize::applyValue): (WebCore::ApplyPropertyFontWeight::applyValue): (WebCore::ApplyPropertyFontVariantLigatures::applyInheritValue): (WebCore::ApplyPropertyFontVariantLigatures::applyInitialValue): (WebCore::ApplyPropertyFontVariantLigatures::applyValue): (WebCore::ApplyPropertyBorderImage::applyValue): (WebCore::ApplyPropertyBorderImageModifier::applyInheritValue): (WebCore::ApplyPropertyBorderImageModifier::applyInitialValue): (WebCore::ApplyPropertyBorderImageModifier::applyValue): (WebCore::ApplyPropertyBorderImageSource::applyValue): (WebCore::ApplyPropertyCounter::emptyFunction): (WebCore::ApplyPropertyCounter::applyInheritValue): (WebCore::ApplyPropertyCounter::applyValue): (WebCore::ApplyPropertyCursor::applyInheritValue): (WebCore::ApplyPropertyCursor::applyInitialValue): (WebCore::ApplyPropertyCursor::applyValue): (WebCore::ApplyPropertyTextAlign::applyValue): (WebCore::ApplyPropertyTextDecoration::applyValue): (WebCore::ApplyPropertyUnicodeBidi::applyValue): (WebCore::ApplyPropertyLineHeight::applyValue): (WebCore::ApplyPropertyPageSize::applyInheritValue): (WebCore::ApplyPropertyPageSize::applyInitialValue): (WebCore::ApplyPropertyPageSize::applyValue): (WebCore::ApplyPropertyTextEmphasisStyle::applyInheritValue): (WebCore::ApplyPropertyTextEmphasisStyle::applyInitialValue): (WebCore::ApplyPropertyTextEmphasisStyle::applyValue): (WebCore): (WebCore::ApplyPropertyAnimation::map): (WebCore::ApplyPropertyAnimation::applyInheritValue): (WebCore::ApplyPropertyAnimation::applyInitialValue): (WebCore::ApplyPropertyAnimation::applyValue): (WebCore::ApplyPropertyOutlineStyle::applyInheritValue): (WebCore::ApplyPropertyOutlineStyle::applyInitialValue): (WebCore::ApplyPropertyOutlineStyle::applyValue): (WebCore::ApplyPropertyResize::applyValue): (WebCore::ApplyPropertyVerticalAlign::applyValue): (WebCore::ApplyPropertyAspectRatio::applyInheritValue): (WebCore::ApplyPropertyAspectRatio::applyInitialValue): (WebCore::ApplyPropertyAspectRatio::applyValue): (WebCore::ApplyPropertyZoom::resetEffectiveZoom): (WebCore::ApplyPropertyZoom::applyInheritValue): (WebCore::ApplyPropertyZoom::applyInitialValue): (WebCore::ApplyPropertyZoom::applyValue): (WebCore::ApplyPropertyDisplay::isValidDisplayValue): (WebCore::ApplyPropertyDisplay::applyInheritValue): (WebCore::ApplyPropertyDisplay::applyInitialValue): (WebCore::ApplyPropertyDisplay::applyValue): (WebCore::ApplyPropertyFlex::applyInheritValue): (WebCore::ApplyPropertyFlex::applyInitialValue): (WebCore::ApplyPropertyFlex::applyValue): (WebCore::StyleBuilder::StyleBuilder): * css/StyleBuilder.h: Replaced with Source/WebCore/css/CSSStyleApplyProperty.h. (WebCore): (PropertyHandler): (WebCore::PropertyHandler::applyInheritValue): (WebCore::PropertyHandler::applyInitialValue): (WebCore::PropertyHandler::applyValue): 2012-04-25 Eric Carlson <eric.carlson@apple.com> Not reviewed, fix Windows build after r115165. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::updateCompositingLayers): Initialize logging variable. 2012-04-25 Florin Malita <fmalita@chromium.org> [Coverity] Uninitialized fields in RenderSVGShape constructors https://bugs.webkit.org/show_bug.cgi?id=84749 Reviewed by Darin Adler. Removing unused RenderSVGShape constructor and field. No new tests - no behavior change. * rendering/svg/RenderSVGShape.cpp: * rendering/svg/RenderSVGShape.h: (RenderSVGShape): 2012-04-25 'Pavel Feldman' <pfeldman@chromium.org> Not reviewed: follow up to r115194, removed debug output. * inspector/front-end/DebuggerPresentationModel.js: (WebInspector.DebuggerPresentationModel.prototype._parsedScriptSource): 2012-04-25 Pavel Feldman <pfeldman@chromium.org> Web Inspector: extract Linkifier from DebuggerPresentationModel. https://bugs.webkit.org/show_bug.cgi?id=84855 Reviewed by Yury Semikhatsky. There is nothing Linkifier needs from the model, extracting as a top-level class. * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * inspector/compile-front-end.py: * inspector/front-end/ConsoleMessage.js: * inspector/front-end/ConsoleView.js: (WebInspector.ConsoleView): * inspector/front-end/DebuggerPresentationModel.js: * inspector/front-end/EventListenersSidebarPane.js: * inspector/front-end/Linkifier.js: Added. (WebInspector.LinkifierFormatter): (WebInspector.LinkifierFormatter.prototype.formatLiveAnchor): (WebInspector.Linkifier): (WebInspector.Linkifier.prototype.linkifyLocation): (WebInspector.Linkifier.prototype.linkifyRawLocation): (WebInspector.Linkifier.prototype.reset): (WebInspector.Linkifier.prototype._updateAnchor): (WebInspector.Linkifier.DefaultFormatter): (WebInspector.Linkifier.DefaultFormatter.prototype.formatLiveAnchor): * inspector/front-end/NetworkPanel.js: * inspector/front-end/ObjectPopoverHelper.js: (WebInspector.ObjectPopoverHelper.prototype._showObjectPopover.showObjectPopover.): (WebInspector.ObjectPopoverHelper.prototype._showObjectPopover): * inspector/front-end/ProfileView.js: * inspector/front-end/ScriptsSearchScope.js: (WebInspector.ScriptsSearchResultsPane): * inspector/front-end/TimelinePresentationModel.js: (WebInspector.TimelinePresentationModel): * inspector/front-end/WebKit.qrc: * inspector/front-end/inspector.html: 2012-04-25 Pavel Feldman <pfeldman@chromium.org> Web Inspector: move sourcemap-agnostic part of the debugger presentation model into the raw debugger. https://bugs.webkit.org/show_bug.cgi?id=84852 Reviewed by Yury Semikhatsky. There is no need to keep that much debugging functionality in the debugger presentation model. It all perfectly applies to the raw script debugger. Methods for selecting call frames, activating breakpoints and paused details were moved to the WebInspector.DebuggerModel. * inspector/front-end/BreakpointManager.js: (WebInspector.BreakpointManager.prototype._removeBreakpointFromUI): * inspector/front-end/CallStackSidebarPane.js: (WebInspector.CallStackSidebarPane): (WebInspector.CallStackSidebarPane.prototype.update): (WebInspector.CallStackSidebarPane.prototype.setSelectedCallFrame): (WebInspector.CallStackSidebarPane.prototype._selectedCallFrameIndex): (WebInspector.CallStackSidebarPane.prototype._placardSelected): (WebInspector.CallStackSidebarPane.Placard): (WebInspector.CallStackSidebarPane.Placard.prototype._update): * inspector/front-end/ConsoleView.js: * inspector/front-end/DebuggerModel.js: (WebInspector.DebuggerModel.prototype._globalObjectCleared): (WebInspector.DebuggerModel.prototype._didEditScriptSource): (WebInspector.DebuggerModel.prototype._setDebuggerPausedDetails): (WebInspector.DebuggerModel.prototype._pausedScript): (WebInspector.DebuggerModel.prototype._resumedScript): (WebInspector.DebuggerModel.prototype.isPaused): (WebInspector.DebuggerModel.prototype.setSelectedCallFrame.updateExecutionLine): (WebInspector.DebuggerModel.prototype.setSelectedCallFrame): (WebInspector.DebuggerModel.prototype.selectedCallFrame): (WebInspector.DebuggerModel.prototype.evaluateOnSelectedCallFrame): (WebInspector.DebuggerModel.prototype.getSelectedCallFrameVariables.propertiesCollected): (WebInspector.DebuggerModel.prototype.getSelectedCallFrameVariables): (WebInspector.DebuggerModel.prototype.setBreakpointsActive): (WebInspector.DebuggerModel.prototype.breakpointsActive): (WebInspector.DebuggerModel.CallFrame): (WebInspector.DebuggerModel.CallFrame.prototype.get script): (WebInspector.DebuggerModel.CallFrame.prototype.get type): (WebInspector.DebuggerModel.CallFrame.prototype.get scopeChain): (WebInspector.DebuggerModel.CallFrame.prototype.get this): (WebInspector.DebuggerModel.CallFrame.prototype.get functionName): (WebInspector.DebuggerModel.CallFrame.prototype.get location): (WebInspector.DebuggerModel.CallFrame.prototype.evaluate): (WebInspector.DebuggerModel.CallFrame.prototype.createLiveLocation): (WebInspector.DebuggerModel.CallFrame.prototype.dispose): (WebInspector.DebuggerPausedDetails): (WebInspector.DebuggerPausedDetails.prototype.dispose): * inspector/front-end/DebuggerPresentationModel.js: (WebInspector.DebuggerPresentationModel): (WebInspector.DebuggerPresentationModel.prototype.createLiveLocation): (WebInspector.DebuggerPresentationModel.prototype._parsedScriptSource): (WebInspector.DebuggerPresentationModel.prototype._callFrameSelected): (WebInspector.DebuggerPresentationModel.prototype.setScriptSource.didEditScriptSource): (WebInspector.DebuggerPresentationModel.prototype.setScriptSource): (WebInspector.DebuggerPresentationModel.prototype._debuggerReset): * inspector/front-end/JavaScriptSource.js: (WebInspector.JavaScriptSource.prototype.setBreakpoint): * inspector/front-end/JavaScriptSourceFrame.js: (WebInspector.JavaScriptSourceFrame.prototype._resolveObjectForPopover): * inspector/front-end/Script.js: (WebInspector.Script.prototype.setSourceMapping): (WebInspector.Script.prototype.createLiveLocation): (WebInspector.Script.Location.prototype.update): * inspector/front-end/ScriptMapping.js: (WebInspector.LiveLocation): (WebInspector.LiveLocation.prototype.update): (WebInspector.LiveLocation.prototype.dispose): * inspector/front-end/ScriptsPanel.js: (WebInspector.ScriptsPanel.prototype._consoleCommandEvaluatedInSelectedCallFrame): (WebInspector.ScriptsPanel.prototype._debuggerPaused): (WebInspector.ScriptsPanel.prototype._callFrameSelected): (WebInspector.ScriptsPanel.prototype._toggleBreakpointsClicked): * inspector/front-end/UISourceCode.js: 2012-04-25 Yury Semikhatsky <yurys@chromium.org> Web Inspector: use composite node provider for diff nodes in heap profiler https://bugs.webkit.org/show_bug.cgi?id=84849 Inroduced HeapSnapshotDiffNodesProvider which is basically a composite provider combining providers for added and deleted nodes. This allowed to remove custom implementation of HeapSnapshotGridNode.prototype.populateChildren. Reviewed by Pavel Feldman. * inspector/front-end/HeapSnapshot.js: (WebInspector.HeapSnapshotNodesProvider.prototype.sort.sortByNodeField): moved index assignment to sortByComparator so that it is done only once. (WebInspector.HeapSnapshotNodesProvider.prototype.sort.sortByComparator): (WebInspector.HeapSnapshotNodesProvider.prototype.sort): * inspector/front-end/HeapSnapshotGridNodes.js: (WebInspector.HeapSnapshotGridNode): (WebInspector.HeapSnapshotGridNode.prototype.populateChildren.callSerialize): (WebInspector.HeapSnapshotGridNode.prototype.populateChildren.childrenRetrieved.notify): (WebInspector.HeapSnapshotGridNode.prototype.populateChildren.childrenRetrieved): (WebInspector.HeapSnapshotGridNode.prototype.populateChildren): (WebInspector.HeapSnapshotGridNode.prototype.sort.afterSort): (WebInspector.HeapSnapshotGridNode.prototype.sort): (WebInspector.HeapSnapshotDiffNodesProvider): (WebInspector.HeapSnapshotDiffNodesProvider.prototype.dispose): (WebInspector.HeapSnapshotDiffNodesProvider.prototype.isEmpty): (WebInspector.HeapSnapshotDiffNodesProvider.prototype.serializeNextItems): (WebInspector.HeapSnapshotDiffNodesProvider.prototype.serializeNextItems.didReceiveDeletedItems): (WebInspector.HeapSnapshotDiffNodesProvider.prototype.serializeNextItems.didReceiveAddedItems): (WebInspector.HeapSnapshotDiffNodesProvider.prototype.sortAndRewind.afterSort): (WebInspector.HeapSnapshotDiffNodesProvider.prototype.sortAndRewind): (WebInspector.HeapSnapshotDiffNode): (WebInspector.HeapSnapshotDiffNode._createProvider): (WebInspector.HeapSnapshotDiffNode.prototype._createChildNode): 2012-04-25 Nikolas Zimmermann <nzimmermann@rim.com> Refactor to/from/animatedType creation, to share more code between animators https://bugs.webkit.org/show_bug.cgi?id=84846 Reviewed by Antti Koivisto. Share more code bewteen animators, doesn't change functionality yet, except for one bug in SVGAnimatedString. SVGAnimatedString used to mutate the from/to values during animation, leading to problems in animate-element-31-t.svg. It now needs a rebaseline, now that this bug is fixed as side-effect. * svg/SVGAnimateColorElement.cpp: (WebCore::attributeValueIsCurrentColor): (WebCore::SVGAnimateColorElement::determinePropertyValueTypes): (WebCore): * svg/SVGAnimateColorElement.h: (SVGAnimateColorElement): * svg/SVGAnimateElement.cpp: (WebCore::SVGAnimateElement::SVGAnimateElement): * svg/SVGAnimateElement.h: (SVGAnimateElement): * svg/SVGAnimatedAngle.cpp: (WebCore::SVGAnimatedAngleAnimator::calculateAnimatedValue): * svg/SVGAnimatedBoolean.cpp: (WebCore::SVGAnimatedBooleanAnimator::calculateAnimatedValue): * svg/SVGAnimatedColor.cpp: (WebCore::adjustForCurrentColor): (WebCore): (WebCore::parseColorFromString): (WebCore::SVGAnimatedColorAnimator::calculateAnimatedValue): * svg/SVGAnimatedEnumeration.cpp: (WebCore::SVGAnimatedEnumerationAnimator::calculateAnimatedValue): * svg/SVGAnimatedInteger.cpp: (WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedInteger): (WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedValue): * svg/SVGAnimatedIntegerOptionalInteger.cpp: (WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::calculateAnimatedValue): * svg/SVGAnimatedLength.cpp: (WebCore::parseLengthFromString): (WebCore): (WebCore::SVGAnimatedLengthAnimator::calculateAnimatedValue): * svg/SVGAnimatedLengthList.cpp: (WebCore::parseLengthListFromString): (WebCore): (WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumber.cpp: (WebCore::parseNumberFromString): (WebCore): (WebCore::SVGAnimatedNumberAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumberList.cpp: (WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue): * svg/SVGAnimatedNumberOptionalNumber.cpp: (WebCore::SVGAnimatedNumberOptionalNumberAnimator::calculateAnimatedValue): * svg/SVGAnimatedPointList.cpp: (WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue): * svg/SVGAnimatedPreserveAspectRatio.cpp: (WebCore::SVGAnimatedPreserveAspectRatioAnimator::calculateAnimatedValue): * svg/SVGAnimatedRect.cpp: (WebCore::SVGAnimatedRectAnimator::calculateAnimatedValue): * svg/SVGAnimatedString.cpp: (WebCore::parseStringFromString): (WebCore): (WebCore::SVGAnimatedStringAnimator::calculateAnimatedValue): * svg/SVGAnimatedTransformList.cpp: (WebCore::SVGAnimatedTransformListAnimator::calculateAnimatedValue): * svg/SVGAnimationElement.cpp: (WebCore::SVGAnimationElement::SVGAnimationElement): (WebCore::SVGAnimationElement::adjustForInheritance): (WebCore): (WebCore::inheritsFromProperty): (WebCore::SVGAnimationElement::determinePropertyValueTypes): * svg/SVGAnimationElement.h: (WebCore::SVGAnimationElement::fromPropertyValueType): (WebCore::SVGAnimationElement::toPropertyValueType): (SVGAnimationElement): (WebCore::SVGAnimationElement::adjustForInheritance): (WebCore::SVGAnimationElement::adjustFromToValues): (WebCore::SVGAnimationElement::adjustFromToListValues): 2012-04-25 Nikolas Zimmermann <nzimmermann@rim.com> Share single calculateFromToValues/calculateFromByValues between all SVGAnimatedTypeAnimators https://bugs.webkit.org/show_bug.cgi?id=84832 Reviewed by Antti Koivisto. calculateFromAndToValues / calculateFromAndByValues don't need to be spread across all SVGAnimatedTypeAnimators. Centralize these new implementations in SVGAnimatedTypeAnimator.h. Refactored addAnimatedTypes() from constructFromAndByValues. calculateFromAndToValues: from = constructFromString(fromString) to = constructFromString(toString) calculateFromAndByValues: from = constructFromString(fromString) to = constructFromString(byString) addAnimatedTypes(from, to) Doesn't affect any tests, just refactors code. * svg/SVGAnimateElement.cpp: (WebCore::SVGAnimateElement::calculateFromAndToValues): (WebCore::SVGAnimateElement::calculateFromAndByValues): * svg/SVGAnimatedAngle.cpp: (WebCore::SVGAnimatedAngleAnimator::addAnimatedTypes): * svg/SVGAnimatedAngle.h: (SVGAnimatedAngleAnimator): * svg/SVGAnimatedBoolean.cpp: (WebCore::SVGAnimatedBooleanAnimator::addAnimatedTypes): * svg/SVGAnimatedBoolean.h: (SVGAnimatedBooleanAnimator): * svg/SVGAnimatedColor.cpp: (WebCore::SVGAnimatedColorAnimator::addAnimatedTypes): * svg/SVGAnimatedColor.h: (SVGAnimatedColorAnimator): * svg/SVGAnimatedEnumeration.cpp: (WebCore::SVGAnimatedEnumerationAnimator::addAnimatedTypes): * svg/SVGAnimatedEnumeration.h: (SVGAnimatedEnumerationAnimator): * svg/SVGAnimatedInteger.cpp: (WebCore::SVGAnimatedIntegerAnimator::addAnimatedTypes): * svg/SVGAnimatedInteger.h: (SVGAnimatedIntegerAnimator): * svg/SVGAnimatedIntegerOptionalInteger.cpp: (WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::addAnimatedTypes): * svg/SVGAnimatedIntegerOptionalInteger.h: (SVGAnimatedIntegerOptionalIntegerAnimator): * svg/SVGAnimatedLength.cpp: (WebCore::SVGAnimatedLengthAnimator::addAnimatedTypes): * svg/SVGAnimatedLength.h: (SVGAnimatedLengthAnimator): * svg/SVGAnimatedLengthList.cpp: (WebCore::SVGAnimatedLengthListAnimator::addAnimatedTypes): * svg/SVGAnimatedLengthList.h: (SVGAnimatedLengthListAnimator): * svg/SVGAnimatedNumber.cpp: (WebCore::SVGAnimatedNumberAnimator::addAnimatedTypes): * svg/SVGAnimatedNumber.h: (SVGAnimatedNumberAnimator): * svg/SVGAnimatedNumberList.cpp: (WebCore::SVGAnimatedNumberListAnimator::addAnimatedTypes): * svg/SVGAnimatedNumberList.h: (SVGAnimatedNumberListAnimator): * svg/SVGAnimatedNumberOptionalNumber.cpp: (WebCore::SVGAnimatedNumberOptionalNumberAnimator::addAnimatedTypes): * svg/SVGAnimatedNumberOptionalNumber.h: (SVGAnimatedNumberOptionalNumberAnimator): * svg/SVGAnimatedPath.cpp: (WebCore::SVGAnimatedPathAnimator::constructFromString): (WebCore::SVGAnimatedPathAnimator::addAnimatedTypes): * svg/SVGAnimatedPath.h: (SVGAnimatedPathAnimator): * svg/SVGAnimatedPointList.cpp: (WebCore::SVGAnimatedPointListAnimator::addAnimatedTypes): * svg/SVGAnimatedPointList.h: (SVGAnimatedPointListAnimator): * svg/SVGAnimatedPreserveAspectRatio.cpp: (WebCore::SVGAnimatedPreserveAspectRatioAnimator::addAnimatedTypes): * svg/SVGAnimatedPreserveAspectRatio.h: (SVGAnimatedPreserveAspectRatioAnimator): * svg/SVGAnimatedRect.cpp: (WebCore::SVGAnimatedRectAnimator::addAnimatedTypes): * svg/SVGAnimatedRect.h: (SVGAnimatedRectAnimator): * svg/SVGAnimatedString.cpp: (WebCore::SVGAnimatedStringAnimator::addAnimatedTypes): * svg/SVGAnimatedString.h: (SVGAnimatedStringAnimator): * svg/SVGAnimatedTransformList.cpp: (WebCore::SVGAnimatedTransformListAnimator::SVGAnimatedTransformListAnimator): (WebCore::SVGAnimatedTransformListAnimator::constructFromString): (WebCore::SVGAnimatedTransformListAnimator::addAnimatedTypes): (WebCore::SVGAnimatedTransformListAnimator::calculateDistance): * svg/SVGAnimatedTransformList.h: (SVGAnimatedTransformListAnimator): * svg/SVGAnimatedTypeAnimator.h: (SVGAnimatedTypeAnimator): (WebCore::SVGAnimatedTypeAnimator::calculateFromAndToValues): (WebCore::SVGAnimatedTypeAnimator::calculateFromAndByValues): (WebCore::SVGAnimatedTypeAnimator::setContextElement): 2012-04-25 Andreas Kling <kling@webkit.org> Shrink RenderText by 8 bytes on 64-bit. <http://webkit.org/b/84828> Reviewed by Maciej Stachowiak. Reorder the members so that the bits in RenderText falls into the padding at the end of RenderObject on 64-bit. Updated the compile-time size assertion to account for the new object structure. This shrinks RenderText from 104 to 96 bytes on 64-bit release builds. * rendering/RenderText.cpp: (SameSizeAsRenderText): (WebCore::RenderText::RenderText): * rendering/RenderText.h: (RenderText): 2012-04-25 Raymond Toy <rtoy@google.com> No audio from MediaElementAudioSourceNode https://bugs.webkit.org/show_bug.cgi?id=84669 MediaElementAudioSourceNode needs custom propagatesSilence() to return false to indicate the node never propagates silence. Reviewed by Chris Rogers. * Modules/webaudio/MediaElementAudioSourceNode.h: (MediaElementAudioSourceNode): Add propagatesSilence(). 2012-04-25 Xianzhu Wang <wangxianzhu@chromium.org> Web Inspector: Incorrect highlight position of inspected element in a scrolled page https://bugs.webkit.org/show_bug.cgi?id=84755 Reviewed by Pavel Feldman. Test: inspector/elements/highlight-node-scroll.html * inspector/DOMNodeHighlighter.cpp: Ensures the highlight position is in page coordinates. 2012-04-24 Yury Semikhatsky <yurys@chromium.org> Unreviewed. Revert part of the change r115063 which commented out real worker creation. It was commited by mistake. * inspector/front-end/HeapSnapshotProxy.js: (WebInspector.HeapSnapshotWorker): 2012-04-24 Jon Lee <jonlee@apple.com> New Notification constructor do not take into account security origin permissions https://bugs.webkit.org/show_bug.cgi?id=84825 <rdar://problem/11315405> Reviewed by Darin Adler. Tests requires support for notifications on Mac (see 79492). When the task timer fires, we should check to see that the notification has permission to show. If not, we fire the onError event. * notifications/Notification.cpp: (WebCore::Notification::Notification): Since the timer may show, or call the onerror event, we rename it from m_showTaskTimer. to m_taskTimer. (WebCore::Notification::dispatchErrorEvent): The default constructor of ErrorEvent doesn't create the proper event object. Create it using Event::create(). (WebCore::Notification::taskTimerFired): Check to see that we have permission first. * notifications/Notification.h: (Notification): 2012-04-24 Simon Fraser <simon.fraser@apple.com> Add a logging channel and some ouput for compositing https://bugs.webkit.org/show_bug.cgi?id=84817 Reviewed by Darin Adler. Add a logging channel called "Compositing". Output useful information to this channel, including a line for each composited layer, its composited bounds, the reason it was composited, the backing store megapixels, and a count of total composited layers and total backing store megapixels. * platform/Logging.cpp: (WebCore): (WebCore::getChannelFromName): * platform/Logging.h: (WebCore): * platform/graphics/GraphicsLayer.cpp: (WebCore::GraphicsLayer::backingStoreArea): * platform/graphics/GraphicsLayer.h: (GraphicsLayer): * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::backingStoreArea): (WebCore): * platform/graphics/ca/GraphicsLayerCA.h: (GraphicsLayerCA): * platform/mac/LoggingMac.mm: (WebCore::initializeLoggingChannelsIfNecessary): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::nameForLayer): (WebCore::RenderLayerBacking::backingStoreArea): (WebCore): * rendering/RenderLayerBacking.h: (RenderLayerBacking): * rendering/RenderLayerCompositor.cpp: (WebCore): (WebCore::compositingLogEnabled): (WebCore::RenderLayerCompositor::RenderLayerCompositor): (WebCore::RenderLayerCompositor::updateCompositingLayers): (WebCore::RenderLayerCompositor::logCompositingInfo): (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree): (WebCore::RenderLayerCompositor::updateLayerTreeGeometry): (WebCore::RenderLayerCompositor::reasonForCompositing): * rendering/RenderLayerCompositor.h: (RenderLayerCompositor): 2012-04-24 Kulanthaivel Palanichamy <kulanthaivel@codeaurora.org> getMatchedCSSRules() should return null when the second argument is an unrecognized pseudo-element name https://bugs.webkit.org/show_bug.cgi?id=83298 Reviewed by Ojan Vafai. I couldn't find any specification or any meaningful discussion on this API, but I assume that it shouldn't be any different from window.getComputedStyle() as far as the parameters are concerned. Test: fast/dom/Window/getMatchedCSSRules-with-invalid-pseudo-elements.html * page/DOMWindow.cpp: (WebCore::DOMWindow::getMatchedCSSRules): * page/DOMWindow.idl: 2012-04-24 Anders Carlsson <andersca@apple.com> overflow: hidden on the main frame is broken with threaded scrolling https://bugs.webkit.org/show_bug.cgi?id=84819 <rdar://problem/10920677> Reviewed by Darin Adler. Pass along the horizontal and vertical scrollbar modes to the scrolling tree and use it to determine if wheel events should be handled or not. This matches what we do for non-threaded scrolling. * page/scrolling/ScrollingCoordinator.cpp: (WebCore::ScrollingCoordinator::frameViewLayoutUpdated): (WebCore::ScrollingCoordinator::setScrollParameters): * page/scrolling/ScrollingCoordinator.h: (ScrollParameters): * page/scrolling/ScrollingTreeNode.cpp: (WebCore::ScrollingTreeNode::ScrollingTreeNode): (WebCore::ScrollingTreeNode::update): * page/scrolling/ScrollingTreeNode.h: (WebCore::ScrollingTreeNode::canHaveScrollbars): (ScrollingTreeNode): * page/scrolling/ScrollingTreeState.cpp: (WebCore::ScrollingTreeState::ScrollingTreeState): (WebCore::ScrollingTreeState::setHorizontalScrollbarMode): (WebCore): (WebCore::ScrollingTreeState::setVerticalScrollbarMode): * page/scrolling/ScrollingTreeState.h: (WebCore::ScrollingTreeState::horizontalScrollbarMode): (ScrollingTreeState): (WebCore::ScrollingTreeState::verticalScrollbarMode): * page/scrolling/mac/ScrollingTreeNodeMac.mm: (WebCore::ScrollingTreeNodeMac::handleWheelEvent): 2012-04-24 Adrienne Walker <enne@google.com> [chromium] Don't call calculateRenderPasses in CCLayerTreeHostImpl::scrollBegin() https://bugs.webkit.org/show_bug.cgi?id=84807 Reviewed by James Robinson. Instead of calculate render passes and quads and tracking damage, simply calculate the updated render layer list, which is what is needed for scrolling. This prevents a willDraw/didDraw mismatch on layers. * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp: (WebCore::CCLayerTreeHostImpl::calculateRenderSurfaceLayerList): (WebCore): (WebCore::CCLayerTreeHostImpl::calculateRenderPasses): (WebCore::CCLayerTreeHostImpl::ensureMostRecentRenderSurfaceLayerList): * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h: (CCLayerTreeHostImpl): 2012-04-24 Dana Jansens <danakj@chromium.org> [chromium] Unbounded draws should use clip to limit their damage to opaque tracking https://bugs.webkit.org/show_bug.cgi?id=84494 Reviewed by Adrienne Walker. Unit test: PlatformContextSkiaTest.UnboundedDrawsAreClipped * platform/graphics/skia/OpaqueRegionSkia.cpp: (WebCore::OpaqueRegionSkia::didDrawRect): (WebCore::OpaqueRegionSkia::didDrawPath): (WebCore::OpaqueRegionSkia::didDrawPoints): (WebCore::OpaqueRegionSkia::didDrawBounded): (WebCore::OpaqueRegionSkia::didDrawUnbounded): * platform/graphics/skia/OpaqueRegionSkia.h: (OpaqueRegionSkia): 2012-04-24 Alexis Menard <alexis.menard@openbossa.org> Implement createTBody for table element. https://bugs.webkit.org/show_bug.cgi?id=84465 Reviewed by Ojan Vafai. Implement createTBody of table element to allow creating tbodies from JS. It's following the specification http://dev.w3.org/html5/spec/the-table-element.html#dom-table-createtbody. Tests: fast/table/table-create-tbody-existing-tbody.html fast/table/table-create-tbody-multiple-tbody.html fast/table/table-create-tbody.html * html/HTMLTableElement.cpp: (WebCore::HTMLTableElement::createTBody): (WebCore): * html/HTMLTableElement.h: (HTMLTableElement): * html/HTMLTableElement.idl: 2012-04-24 Anders Carlsson <andersca@apple.com> ScrollingCoordinator::setScrollParameters should take a single struct https://bugs.webkit.org/show_bug.cgi?id=84816 Reviewed by Andreas Kling. * page/scrolling/ScrollingCoordinator.cpp: (WebCore::ScrollingCoordinator::frameViewLayoutUpdated): (WebCore::ScrollingCoordinator::setScrollParameters): * page/scrolling/ScrollingCoordinator.h: (ScrollingCoordinator): (ScrollParameters): * page/scrolling/ScrollingCoordinatorNone.cpp: (WebCore::ScrollingCoordinator::setScrollParameters): * page/scrolling/chromium/ScrollingCoordinatorChromium.cpp: (WebCore::ScrollingCoordinator::setScrollParameters): 2012-04-24 Adam Klein <adamk@chromium.org> Remove unused undefined() method from ScriptValue https://bugs.webkit.org/show_bug.cgi?id=84751 Reviewed by Kentaro Hara. * bindings/js/ScriptValue.h: (ScriptValue): * bindings/v8/ScriptValue.h: (ScriptValue): 2012-04-24 Yong Li <yoli@rim.com> ASSERT failure in RenderLayer::computeRepaintRects https://bugs.webkit.org/show_bug.cgi?id=84480 Reviewed by Simon Fraser. Update visibility status if necessary before updating compositing state in RenderLayer::styleChanged(). No new tests because this is obviously right thing to do and creating new test seems too much for this small change. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::styleChanged): 2012-04-24 Kent Tamura <tkent@chromium.org> Calendar Picker: Open a calendar picker by keyboard operation https://bugs.webkit.org/show_bug.cgi?id=84680 Reviewed by Kentaro Hara. - Open a calendar picker by the down arrow key. - Remove stepping down/up by keyboard and wheel operations. This behavior was for text fields with spin buttons. Because the date type doesn't have spin buttons, we should remove this behavior. No new tests for opening a calendar picker. This behavior is not testable by DRT yet. For removal of stepping up/down, fast/forms/date/date-stepup-stepdown-from-renderer.html is updated. * html/BaseDateAndTimeInputType.cpp: (WebCore::BaseDateAndTimeInputType::handleKeydownEvent): Check shouldHaveSpinButton() before spin button key operations. (WebCore::BaseDateAndTimeInputType::handleWheelEvent): Check shouldHaveSpinButton() before spin button wheel operations. * html/BaseDateAndTimeInputType.h: (BaseDateAndTimeInputType): Make handleKeydownEvent() protected because a subclass overrides it. * html/DateInputType.cpp: (WebCore::DateInputType::handleKeydownEvent): Open a calendar picker by the down arrow key. * html/DateInputType.h: (DateInputType): Add handleKeydownEvent() declaration. * html/shadow/CalendarPickerElement.h: (CalendarPickerElement): Make openPopup() public because DateInputType calls it. 2012-04-24 Sheriff Bot <webkit.review.bot@gmail.com> Unreviewed, rolling out r115099, r115102, and r115127. http://trac.webkit.org/changeset/115099 http://trac.webkit.org/changeset/115102 http://trac.webkit.org/changeset/115127 https://bugs.webkit.org/show_bug.cgi?id=84809 Made html5lib/runner.html crash, spot fix didn't help so rolling out so original author can do over. (Requested by kling on #webkit). * dom/Element.cpp: (WebCore::Element::parserSetAttributes): (WebCore::Element::normalizeAttributes): * dom/Element.h: (Element): * dom/ElementAttributeData.cpp: (WebCore::AttributeVector::removeAttribute): (WebCore): * dom/ElementAttributeData.h: (AttributeVector): (WebCore::AttributeVector::AttributeVector): (WebCore): (WebCore::AttributeVector::getAttributeItem): (WebCore::AttributeVector::getAttributeItemIndex): (WebCore::AttributeVector::insertAttribute): (WebCore::ElementAttributeData::getAttributeItem): (WebCore::ElementAttributeData::getAttributeItemIndex): (WebCore::ElementAttributeData::attributeVector): (WebCore::ElementAttributeData::clonedAttributeVector): (ElementAttributeData): * html/parser/HTMLConstructionSite.cpp: (WebCore::HTMLConstructionSite::createHTMLElementFromSavedElement): * html/parser/HTMLToken.h: (WebCore::AtomicHTMLToken::AtomicHTMLToken): * html/parser/HTMLTreeBuilder.cpp: (WebCore::HTMLTreeBuilder::processFakeStartTag): (WebCore::HTMLTreeBuilder::attributesForIsindexInput): * html/parser/HTMLTreeBuilder.h: * html/parser/TextDocumentParser.cpp: (WebCore::TextDocumentParser::insertFakePreElement): * xml/XMLErrors.cpp: (WebCore::createXHTMLParserErrorHeader): (WebCore::XMLErrors::insertErrorMessageBlock): * xml/parser/MarkupTokenBase.h: (WebCore::AtomicMarkupTokenBase::AtomicMarkupTokenBase): (WebCore::AtomicMarkupTokenBase::getAttributeItem): (WebCore::AtomicMarkupTokenBase::attributes): (AtomicMarkupTokenBase): (WebCore::::initializeAttributes): * xml/parser/XMLToken.h: (WebCore::AtomicXMLToken::AtomicXMLToken): 2012-04-24 Jeffrey Pfau <jpfau@apple.com> Prevent drag and drop from setting file URLs https://bugs.webkit.org/show_bug.cgi?id=76596 Reviewed by Enrica Casucci. Blacklisted file URLs from being set via dataTransfer.setData for specific types. * platform/mac/ClipboardMac.mm: (WebCore::ClipboardMac::setData): 2012-04-24 Enrica Casucci <enrica@apple.com> REGRESSION (r109022) Safari not placing service data on pasteboard. https://bugs.webkit.org/show_bug.cgi?id=84766 <rdar://problem/11085756> The support for OS X services requires that the write operations to the pasteboard occur synchronously. This behavior was changed with r109022. This change removes the original synchronous call to the WebProcess to perform the pasteboard write that had become asynchronous after r109022. It implements instead a synchronous call to retrive the content to be placed in the pasteboard. Reviewed by Alexey Proskuryakov. * WebCore.exp.in: * editing/Editor.h: * editing/mac/EditorMac.mm: (WebCore::Editor::writeSelectionToPasteboard): (WebCore::Editor::stringSelectionForPasteboard): Added. (WebCore::Editor::dataSelectionForPasteboard): Added. * platform/Pasteboard.h: * platform/mac/PasteboardMac.mm: (WebCore::Pasteboard::getStringSelection): Added. (WebCore::Pasteboard::getDataSelection): Added. (WebCore::Pasteboard::writeSelectionForTypes): (WebCore::Pasteboard::writeSelection): 2012-04-24 Dana Jansens <danakj@chromium.org> [chromium] Image masks are considered opaque incorrectly https://bugs.webkit.org/show_bug.cgi?id=84275 Reviewed by Adrienne Walker. Match the behaviour of SkCanvas layers more closely while tracking opaque paints. SkCanvas layers actually act as a separate device (ie. pixels) and when the layer is popped off, the pixels are copied down to the layer below. While we can use the total clip to decide what pixels the the drawing operation will affect in the final device, the blending down through layers needs to consider each layer carefully. In this case the image mask is drawn into a layer which is copied down using the DestinationIn operation. Since the layer contains non-opaque pixels, the DestinationIn copy can destroy opaque areas in the next layer. We add OpaqueRegionSkia::FillByCopy to distinguish the case where we are copying a block of pixels, and the alpha values are essentially unknown. Unit test: PlatformContextSkiaTest.trackImageMask PlatformContextSkiaTest.trackImageMaskWithOpaqueRect * platform/graphics/skia/OpaqueRegionSkia.cpp: (WebCore::paintIsOpaque): (WebCore::OpaqueRegionSkia::applyOpaqueRegionFromLayer): (WebCore::OpaqueRegionSkia::pushCanvasLayer): (WebCore::OpaqueRegionSkia::popCanvasLayer): (WebCore::OpaqueRegionSkia::didDrawRect): (WebCore::OpaqueRegionSkia::didDrawPath): (WebCore::OpaqueRegionSkia::didDrawPoints): (WebCore::OpaqueRegionSkia::didDrawBounded): (WebCore::OpaqueRegionSkia::didDraw): (WebCore::OpaqueRegionSkia::didDrawUnbounded): (WebCore::OpaqueRegionSkia::markRectAsOpaque): (WebCore::OpaqueRegionSkia::markRectAsNonOpaque): (WebCore::OpaqueRegionSkia::markAllAsNonOpaque): * platform/graphics/skia/OpaqueRegionSkia.h: (OpaqueRegionSkia): (CanvasLayerState): * platform/graphics/skia/PlatformContextSkia.cpp: (WebCore::PlatformContextSkia::restoreLayer): 2012-04-24 Alexandru Chiculita <achicu@adobe.com> CSS Shaders: Repainting the FECustomFilter requires full source image https://bugs.webkit.org/show_bug.cgi?id=76689 Reviewed by Dean Jackson.. When a pixel of a filtered layer changes we need to update the whole bounding box of the layer and not just the dirty rectangle. That's because the shader might change the color of any of the pixels inside the box. Added tests where a shader is moving and rotating the contents and the actual dirty box of the source image is not the same as the output dirty rectangle. Tests: css3/filters/custom/filter-repaint-custom-clipped.html css3/filters/custom/filter-repaint-custom-rotated.html css3/filters/custom/filter-repaint-custom.html * rendering/FilterEffectRenderer.cpp: (WebCore::FilterEffectRenderer::FilterEffectRenderer): (WebCore::FilterEffectRenderer::build): (WebCore::FilterEffectRenderer::computeSourceImageRectForDirtyRect): * rendering/FilterEffectRenderer.h: (FilterEffectRenderer): (WebCore::FilterEffectRenderer::hasCustomShaderFilter): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::setFilterBackendNeedsRepaintingInRect): 2012-04-24 Alexis Menard <alexis.menard@openbossa.org> Replace occurences of style selector from variables and methods names by style resolver. https://bugs.webkit.org/show_bug.cgi?id=84765 Reviewed by Andreas Kling. Rename methods and variables to follow the new name StyleResolver. It requires to update the local variables, methods parameters, and function names to match the new name and to remove the concept of "selector" to avoid clashing with the CSS concept. The next and last patch will be to rename CSSStyleSelector file and update the includes. No new tests : just renaming the variables and method names. No behavior changes expected. * css/CSSFontSelector.cpp: (WebCore::CSSFontSelector::dispatchInvalidationCallbacks): * css/CSSGradientValue.cpp: (WebCore::CSSGradientValue::addStops): * css/CSSPageRule.cpp: (WebCore::CSSPageRule::setSelectorText): * css/CSSStyleRule.cpp: (WebCore::CSSStyleRule::setSelectorText): * css/CSSStyleSheet.cpp: (WebCore::StyleSheetInternal::styleSheetChanged): * css/MediaQueryEvaluator.cpp: (WebCore::MediaQueryEvaluator::eval): * css/MediaQueryMatcher.cpp: (WebCore::MediaQueryMatcher::prepareEvaluator): (WebCore::MediaQueryMatcher::styleResolverChanged): * css/MediaQueryMatcher.h: (MediaQueryMatcher): * css/PropertySetCSSStyleDeclaration.cpp: (WebCore::StyleRuleCSSStyleDeclaration::setNeedsStyleRecalc): * css/StyleBuilder.cpp: (WebCore::ApplyPropertyExpanding::applyInheritValue): (WebCore::ApplyPropertyExpanding::applyInitialValue): (WebCore::ApplyPropertyExpanding::applyValue): (WebCore::ApplyPropertyDefaultBase::applyInheritValue): (WebCore::ApplyPropertyDefaultBase::applyInitialValue): (WebCore::ApplyPropertyDefault::applyValue): (WebCore::ApplyPropertyNumber::applyValue): (WebCore::ApplyPropertyStyleImage::applyValue): (WebCore::ApplyPropertyAuto::applyInheritValue): (WebCore::ApplyPropertyAuto::applyInitialValue): (WebCore::ApplyPropertyAuto::applyValue): (WebCore::ApplyPropertyClip::convertToLength): (WebCore::ApplyPropertyClip::applyInheritValue): (WebCore::ApplyPropertyClip::applyInitialValue): (WebCore::ApplyPropertyClip::applyValue): (WebCore::ApplyPropertyColor::applyInheritValue): (WebCore::ApplyPropertyColor::applyInitialValue): (WebCore::ApplyPropertyColor::applyValue): (WebCore::ApplyPropertyColor::applyColorValue): (WebCore::ApplyPropertyDirection::applyValue): (WebCore::ApplyPropertyLength::applyValue): (WebCore::ApplyPropertyString::applyValue): (WebCore::ApplyPropertyBorderRadius::applyValue): (WebCore::ApplyPropertyFillLayer::applyInheritValue): (WebCore::ApplyPropertyFillLayer::applyInitialValue): (WebCore::ApplyPropertyFillLayer::applyValue): (WebCore::ApplyPropertyComputeLength::applyValue): (WebCore::ApplyPropertyFont::applyInheritValue): (WebCore::ApplyPropertyFont::applyInitialValue): (WebCore::ApplyPropertyFont::applyValue): (WebCore::ApplyPropertyFontSize::applyInheritValue): (WebCore::ApplyPropertyFontSize::applyInitialValue): (WebCore::ApplyPropertyFontSize::applyValue): (WebCore::ApplyPropertyFontWeight::applyValue): (WebCore::ApplyPropertyFontVariantLigatures::applyInheritValue): (WebCore::ApplyPropertyFontVariantLigatures::applyInitialValue): (WebCore::ApplyPropertyFontVariantLigatures::applyValue): (WebCore::ApplyPropertyBorderImage::applyValue): (WebCore::ApplyPropertyBorderImageModifier::applyInheritValue): (WebCore::ApplyPropertyBorderImageModifier::applyInitialValue): (WebCore::ApplyPropertyBorderImageModifier::applyValue): (WebCore::ApplyPropertyBorderImageSource::applyValue): (WebCore::ApplyPropertyCounter::applyInheritValue): (WebCore::ApplyPropertyCounter::applyValue): (WebCore::ApplyPropertyCursor::applyInheritValue): (WebCore::ApplyPropertyCursor::applyInitialValue): (WebCore::ApplyPropertyCursor::applyValue): (WebCore::ApplyPropertyTextAlign::applyValue): (WebCore::ApplyPropertyTextDecoration::applyValue): (WebCore::ApplyPropertyUnicodeBidi::applyValue): (WebCore::ApplyPropertyLineHeight::applyValue): (WebCore::ApplyPropertyPageSize::applyValue): (WebCore::ApplyPropertyTextEmphasisStyle::applyInheritValue): (WebCore::ApplyPropertyTextEmphasisStyle::applyInitialValue): (WebCore::ApplyPropertyTextEmphasisStyle::applyValue): (WebCore::ApplyPropertyAnimation::map): (WebCore::ApplyPropertyAnimation::applyInheritValue): (WebCore::ApplyPropertyAnimation::applyInitialValue): (WebCore::ApplyPropertyAnimation::applyValue): (WebCore::ApplyPropertyOutlineStyle::applyInheritValue): (WebCore::ApplyPropertyOutlineStyle::applyInitialValue): (WebCore::ApplyPropertyOutlineStyle::applyValue): (WebCore::ApplyPropertyResize::applyValue): (WebCore::ApplyPropertyVerticalAlign::applyValue): (WebCore::ApplyPropertyAspectRatio::applyInheritValue): (WebCore::ApplyPropertyAspectRatio::applyInitialValue): (WebCore::ApplyPropertyAspectRatio::applyValue): (WebCore::ApplyPropertyZoom::resetEffectiveZoom): (WebCore::ApplyPropertyZoom::applyInheritValue): (WebCore::ApplyPropertyZoom::applyInitialValue): (WebCore::ApplyPropertyZoom::applyValue): (WebCore::ApplyPropertyDisplay::isValidDisplayValue): (WebCore::ApplyPropertyDisplay::applyInheritValue): (WebCore::ApplyPropertyDisplay::applyInitialValue): (WebCore::ApplyPropertyDisplay::applyValue): (WebCore::ApplyPropertyFlex::applyInheritValue): (WebCore::ApplyPropertyFlex::applyInitialValue): (WebCore::ApplyPropertyFlex::applyValue): * css/StyleBuilder.h: (WebCore::PropertyHandler::applyInheritValue): (WebCore::PropertyHandler::applyInitialValue): (WebCore::PropertyHandler::applyValue): * css/StyleMedia.cpp: (WebCore::StyleMedia::matchMedium): * dom/Document.cpp: (WebCore::Document::Document): (WebCore::Document::~Document): (WebCore::Document::setDocType): (WebCore::Document::childrenChanged): (WebCore::Document::setContentLanguage): (WebCore::Document::recalcStyle): (WebCore::Document::updateLayoutIgnorePendingStylesheets): (WebCore::Document::styleForElementIgnoringPendingStylesheets): (WebCore::Document::styleForPage): (WebCore::Document::combineCSSFeatureFlags): (WebCore::Document::resetCSSFeatureFlags): (WebCore::Document::createStyleResolver): (WebCore::Document::clearStyleResolver): (WebCore::Document::clearPageUserSheet): (WebCore::Document::updatePageUserSheet): (WebCore::Document::clearPageGroupUserSheets): (WebCore::Document::updatePageGroupUserSheets): (WebCore::Document::addUserSheet): (WebCore::Document::processHttpEquiv): (WebCore::Document::setSelectedStylesheetSet): (WebCore::Document::removePendingSheet): (WebCore::Document::evaluateMediaQueryList): (WebCore::Document::styleResolverChanged): (WebCore::Document::analyzeStylesheetChange): (WebCore::Document::updateActiveStylesheets): * dom/Document.h: (WebCore::Document::styleResolverIfExists): (WebCore::Document::styleResolver): (Document): * dom/Element.cpp: (WebCore::StyleResolverParentPusher::StyleResolverParentPusher): (WebCore::StyleResolverParentPusher::push): (WebCore::StyleResolverParentPusher::~StyleResolverParentPusher): (StyleResolverParentPusher): (WebCore::Element::attributeChanged): (WebCore::Element::attach): (WebCore::Element::styleForRenderer): (WebCore::Element::recalcStyle): (WebCore::Element::beginParsingChildren): (WebCore::Element::finishParsingChildren): * dom/ProcessingInstruction.cpp: (WebCore::ProcessingInstruction::removedFrom): * dom/ShadowRoot.cpp: (WebCore::ShadowRoot::attach): * dom/ShadowTree.cpp: (WebCore::ShadowTree::recalcShadowTreeStyle): * dom/StyleElement.cpp: (WebCore::StyleElement::removedFromDocument): * editing/EditingStyle.cpp: (WebCore::styleFromMatchedRulesForElement): * history/CachedPage.cpp: (WebCore::CachedPage::restore): * html/HTMLCanvasElement.cpp: (WebCore::HTMLCanvasElement::styleResolver): * html/HTMLCanvasElement.h: (HTMLCanvasElement): * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::setDisabledState): (WebCore::HTMLLinkElement::process): (WebCore::HTMLLinkElement::removedFrom): (WebCore::HTMLLinkElement::removePendingSheet): * html/HTMLStyleElement.cpp: (WebCore::HTMLStyleElement::registerWithScopingNode): (WebCore::HTMLStyleElement::unregisterWithScopingNode): * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::setFont): * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::recalcStyleForPseudoStateIfNeeded): (WebCore::InspectorCSSAgent::getMatchedStylesForNode): (WebCore::InspectorCSSAgent::buildArrayForRuleList): (WebCore::InspectorCSSAgent::clearPseudoState): * inspector/InspectorPageAgent.cpp: (WebCore::InspectorPageAgent::updateViewMetrics): * page/DOMWindow.cpp: (WebCore::DOMWindow::getMatchedCSSRules): * page/Frame.cpp: (WebCore::Frame::setPrinting): * page/FrameView.cpp: (WebCore::FrameView::layout): * page/Page.cpp: (WebCore::Page::setViewMode): (WebCore::Page::setNeedsRecalcStyleInAllFrames): (WebCore::Page::allVisitedStateChanged): (WebCore::Page::visitedStateChanged): * page/animation/KeyframeAnimation.cpp: (WebCore::KeyframeAnimation::KeyframeAnimation): * platform/efl/RenderThemeEfl.cpp: (WebCore::RenderThemeEfl::adjustSliderTrackStyle): (WebCore::RenderThemeEfl::adjustSliderThumbStyle): (WebCore::RenderThemeEfl::adjustCheckboxStyle): (WebCore::RenderThemeEfl::adjustRadioStyle): (WebCore::RenderThemeEfl::adjustButtonStyle): (WebCore::RenderThemeEfl::adjustMenuListStyle): (WebCore::RenderThemeEfl::adjustMenuListButtonStyle): (WebCore::RenderThemeEfl::adjustTextFieldStyle): (WebCore::RenderThemeEfl::adjustTextAreaStyle): (WebCore::RenderThemeEfl::adjustSearchFieldDecorationStyle): (WebCore::RenderThemeEfl::adjustSearchFieldResultsButtonStyle): (WebCore::RenderThemeEfl::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeEfl::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeEfl::adjustSearchFieldStyle): (WebCore::RenderThemeEfl::adjustProgressBarStyle): * platform/gtk/RenderThemeGtk.cpp: (WebCore::RenderThemeGtk::adjustButtonStyle): (WebCore::RenderThemeGtk::adjustMenuListStyle): (WebCore::RenderThemeGtk::adjustMenuListButtonStyle): (WebCore::RenderThemeGtk::adjustSearchFieldResultsButtonStyle): (WebCore::RenderThemeGtk::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeGtk::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeGtk::adjustSearchFieldStyle): (WebCore::RenderThemeGtk::adjustSliderThumbStyle): * platform/qt/RenderThemeQt.cpp: (WebCore::RenderThemeQt::adjustSliderThumbStyle): (WebCore::RenderThemeQt::adjustSearchFieldStyle): (WebCore::RenderThemeQt::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeQt::adjustSearchFieldDecorationStyle): (WebCore::RenderThemeQt::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeQt::adjustInnerSpinButtonStyle): * platform/qt/RenderThemeQtMobile.cpp: (WebCore::RenderThemeQtMobile::adjustButtonStyle): (WebCore::RenderThemeQtMobile::adjustMenuListStyle): * platform/wx/RenderThemeWx.cpp: (WebCore::RenderThemeWx::adjustButtonStyle): * rendering/RenderListBox.cpp: (WebCore::RenderListBox::updateFromElement): (WebCore::RenderListBox::paintItemForeground): * rendering/RenderMenuList.cpp: (WebCore::RenderMenuList::fontSelector): * rendering/RenderObject.cpp: (WebCore::RenderObject::getUncachedPseudoStyle): * rendering/RenderRegion.cpp: (WebCore::RenderRegion::styleDidChange): (WebCore::RenderRegion::computeStyleInRegion): * rendering/RenderTextControlSingleLine.cpp: (WebCore::RenderTextControlSingleLine::fontSelector): * rendering/RenderTheme.cpp: (WebCore::RenderTheme::adjustStyle): (WebCore::RenderTheme::adjustInputFieldSpeechButtonStyle): * rendering/RenderThemeChromiumSkia.cpp: (WebCore::RenderThemeChromiumSkia::adjustMenuListStyle): (WebCore::RenderThemeChromiumSkia::adjustMenuListButtonStyle): * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::adjustMenuListStyle): (WebCore::RenderThemeMac::adjustSliderThumbStyle): (WebCore::RenderThemeMac::adjustSearchFieldStyle): * rendering/RenderThemeSafari.cpp: (WebCore::RenderThemeSafari::setFontFromControlSize): (WebCore::RenderThemeSafari::adjustButtonStyle): (WebCore::RenderThemeSafari::adjustMenuListStyle): (WebCore::RenderThemeSafari::adjustMenuListButtonStyle): (WebCore::RenderThemeSafari::adjustSliderThumbStyle): (WebCore::RenderThemeSafari::adjustSearchFieldStyle): (WebCore::RenderThemeSafari::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeSafari::adjustSearchFieldDecorationStyle): (WebCore::RenderThemeSafari::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeSafari::adjustSearchFieldResultsButtonStyle): * rendering/RenderThemeWin.cpp: (WebCore::RenderThemeWin::adjustInnerSpinButtonStyle): (WebCore::RenderThemeWin::adjustMenuListStyle): (WebCore::RenderThemeWin::adjustMenuListButtonStyle): (WebCore::RenderThemeWin::adjustSearchFieldStyle): (WebCore::RenderThemeWin::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeWin::adjustSearchFieldDecorationStyle): (WebCore::RenderThemeWin::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeWin::adjustSearchFieldResultsButtonStyle): * rendering/RenderThemeWinCE.cpp: (WebCore::RenderThemeWinCE::adjustMenuListStyle): (WebCore::RenderThemeWinCE::adjustSearchFieldStyle): (WebCore::RenderThemeWinCE::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeWinCE::adjustSearchFieldDecorationStyle): (WebCore::RenderThemeWinCE::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeWinCE::adjustSearchFieldResultsButtonStyle): (WebCore::RenderThemeWinCE::adjustMenuListButtonStyle): * rendering/style/StyleGeneratedImage.cpp: (WebCore::StyleGeneratedImage::image): * rendering/svg/RenderSVGInlineText.cpp: (WebCore::RenderSVGInlineText::computeNewScaledFontForStyle): * svg/SVGElement.cpp: (WebCore::SVGElement::customStyleForRenderer): * svg/SVGFontFaceElement.cpp: (WebCore::SVGFontFaceElement::rebuildFontFace): (WebCore::SVGFontFaceElement::removedFrom): * xml/XMLTreeViewer.cpp: (WebCore::XMLTreeViewer::transformDocumentToTreeView): * xml/parser/XMLDocumentParser.cpp: (WebCore::XMLDocumentParser::end): * xml/parser/XMLDocumentParserLibxml2.cpp: (WebCore::XMLDocumentParser::doEnd): * xml/parser/XMLDocumentParserQt.cpp: (WebCore::XMLDocumentParser::doEnd): * WebCore.exp.in: 2012-04-24 Yael Aharon <yael.aharon@nokia.com> Fixed background is scrolling in http://www.nieuwecode.nl/ in Qt webkit2 https://bugs.webkit.org/show_bug.cgi?id=83980 Reviewed by Simon Fraser. When a fixed position element does not have z-index explicitly specified, it does not create a stacking context. This results in fixed elements scrolling with the content layer. This patch creates a stacking context for fixed positioned elements for the Qt port, by enabling the flag ENABLE_FIXED_POSITION_CREATES_STACKING_CONTEXT. Added a manual test because this patch takes effect only during scrolling. * css/CSSStyleSelector.cpp: (WebCore::CSSStyleSelector::collectMatchingRulesForList): 2012-04-24 Andreas Kling <kling@webkit.org> REGRESSION(r115099): html5lib/runner.html crashes. <http://webkit.org/b/84791> Reviewed by Anders Carlsson. Unbreak and simplify the code that filters attributes on isindex elements. It's perfectly safe to remove elements from a Vector while iterating over it. * html/parser/HTMLTreeBuilder.cpp: (WebCore::HTMLTreeBuilder::attributesForIsindexInput): 2012-04-24 Victor Carbune <vcarbune@adobe.com> Extra display logic for the media control panel element https://bugs.webkit.org/show_bug.cgi?id=82476 Reviewed by Eric Carlson. This patch fixes a bug which caused the controls to be displayed when they should remain hidden. Added an extra variable to the panel elements which properly keeps the state of the panel (visible or not). Test: media/video-controls-toggling.html * html/shadow/MediaControlElements.cpp: (WebCore::MediaControlPanelElement::MediaControlPanelElement): Added the variable m_isDisplayed to hold the state whether the panel is visible or not. (WebCore::MediaControlPanelElement::makeOpaque): Showing the panel only if it is visible. (WebCore::MediaControlPanelElement::makeTransparent): Enabled the transition timer which sets the display:none property on the controls. (WebCore::MediaControlPanelElement::setIsDisplayed): Setter for the state variable. (WebCore): * html/shadow/MediaControlElements.h: (MediaControlPanelElement): * html/shadow/MediaControlRootElement.cpp: (WebCore::MediaControlRootElement::show): Updated the panel visibility state. (WebCore::MediaControlRootElement::hide): Updated the panel visibility state. * html/shadow/MediaControlRootElementChromium.cpp: (WebCore::MediaControlRootElementChromium::show): Updated the panel visibility state. (WebCore::MediaControlRootElementChromium::hide): Updated the panel visibility state. 2012-04-24 Alexandru Chiculita <achicu@adobe.com> CSS Shaders: Custom filters painting is broken https://bugs.webkit.org/show_bug.cgi?id=82803 Reviewed by Kenneth Russell. In this patch I moved CSS Shaders file loading notifications from FilterEffectRenderer to the new RenderLayerFilterInfo. That's because FilterEffectRenderer is only used when running the filters in the software pipeline and has a very short lifetime. Due to a recent change FilterEffectRenderer actually gets deleted if the shader is not loaded, so it doesn't live that much to be notified when the shader was actually loaded. Also removed the FilterEffectObserver, that was only used to notify the RenderLayer about the loaded shader. No new tests. This is making existing CSS Shaders tests pass again. Cannot un-skip on Mac for now because the feature is compile time disabled. * WebCore.xcodeproj/project.pbxproj: * platform/graphics/filters/CustomFilterOperation.h: (WebCore::CustomFilterOperation::affectsOpacity): (WebCore::CustomFilterOperation::movesPixels): * platform/graphics/filters/FilterOperations.cpp: (WebCore): (WebCore::FilterOperations::hasCustomFilter): * platform/graphics/filters/FilterOperations.h: (FilterOperations): * platform/graphics/texmap/TextureMapperImageBuffer.cpp: (WebCore::BitmapTextureImageBuffer::applyFilters): * rendering/FilterEffectObserver.h: Removed. * rendering/FilterEffectRenderer.cpp: (WebCore::FilterEffectRenderer::FilterEffectRenderer): (WebCore::FilterEffectRenderer::~FilterEffectRenderer): (WebCore::FilterEffectRenderer::build): * rendering/FilterEffectRenderer.h: (WebCore): (WebCore::FilterEffectRenderer::create): (FilterEffectRenderer): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::updateOrRemoveFilterEffect): * rendering/RenderLayer.h: * rendering/RenderLayerFilterInfo.cpp: (WebCore::RenderLayerFilterInfo::~RenderLayerFilterInfo): (WebCore::RenderLayerFilterInfo::notifyCustomFilterProgramLoaded): (WebCore): (WebCore::RenderLayerFilterInfo::updateCustomFilterClients): (WebCore::RenderLayerFilterInfo::removeCustomFilterClients): * rendering/RenderLayerFilterInfo.h: (WebCore): (RenderLayerFilterInfo): 2012-04-24 Antti Koivisto <antti@apple.com> Another build fix. Not reviewed. * css/MediaList.cpp: (WebCore::MediaQuerySet::MediaQuerySet): * css/StylePropertySet.cpp: (WebCore::StylePropertySet::StylePropertySet): 2012-04-24 Antti Koivisto <antti@apple.com> Try to fix Qt build. Not reviewed. * css/StyleRule.h: (WebCore::StyleRuleBase::StyleRuleBase): 2012-04-24 Antti Koivisto <antti@apple.com> Implement StyleRule copying https://bugs.webkit.org/show_bug.cgi?id=84752 Reviewed by Andreas Kling. We'll need this for copy-on-write when style sheet data is shared between documents. Implement copy() and copy constructor for style rules their children as needed. The code is not yet used. * css/CSSSelectorList.cpp: (WebCore::CSSSelectorList::CSSSelectorList): (WebCore): * css/CSSSelectorList.h: (CSSSelectorList): * css/MediaList.h: (WebCore::MediaQuerySet::copy): (MediaQuerySet): * css/MediaQuery.cpp: (WebCore::MediaQuery::MediaQuery): (WebCore): * css/MediaQuery.h: (MediaQuery): (WebCore::MediaQuery::copy): * css/MediaQueryExp.h: (WebCore::MediaQueryExp::copy): (MediaQueryExp): * css/StylePropertySet.cpp: (WebCore::StylePropertySet::StylePropertySet): (WebCore): (WebCore::StylePropertySet::copy): * css/StylePropertySet.h: Make this copy parse mode too. As a result ElementAttributeData no longer needs to set it explicitly after copying. (StylePropertySet): * css/StyleRule.cpp: (WebCore::StyleRuleBase::copy): (WebCore): (WebCore::StyleRule::StyleRule): (WebCore::StyleRulePage::StyleRulePage): (WebCore::StyleRuleFontFace::StyleRuleFontFace): (WebCore::StyleRuleBlock::StyleRuleBlock): (WebCore::StyleRuleMedia::StyleRuleMedia): (WebCore::StyleRuleRegion::StyleRuleRegion): * css/StyleRule.h: (StyleRuleBase): (WebCore::StyleRuleBase::StyleRuleBase): (WebCore::StyleRule::copy): (StyleRule): (WebCore::StyleRuleFontFace::copy): (StyleRuleFontFace): (WebCore::StyleRulePage::copy): (StyleRulePage): (StyleRuleBlock): (WebCore::StyleRuleMedia::copy): (StyleRuleMedia): (WebCore::StyleRuleRegion::copy): (StyleRuleRegion): * css/WebKitCSSKeyframesRule.cpp: (WebCore): (WebCore::StyleRuleKeyframes::StyleRuleKeyframes): * css/WebKitCSSKeyframesRule.h: (WebCore): (WebCore::StyleRuleKeyframes::copy): (StyleRuleKeyframes): 2012-04-24 Ryosuke Niwa <rniwa@webkit.org> Revert r115009; It doesn't make necessary changes to NodeRareData and Node. * CMakeLists.txt: * DerivedSources.cpp: * DerivedSources.make: * DerivedSources.pri: * GNUmakefile.list.am: * Target.pri: * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::getNamedItems): * bindings/scripts/CodeGeneratorJS.pm: (GenerateImplementation): * bindings/v8/custom/V8HTMLCollectionCustom.cpp: (WebCore::getNamedItems): * html/CollectionType.h: * html/HTMLCollection.cpp: (WebCore::HTMLCollection::shouldIncludeChildren): (WebCore::HTMLCollection::isAcceptableElement): * html/HTMLFormCollection.cpp: (WebCore::HTMLFormCollection::HTMLFormCollection): * html/RadioNodeList.cpp: Removed. * html/RadioNodeList.h: Removed. * html/RadioNodeList.idl: Removed. 2012-04-24 Chris Rogers <crogers@google.com> WaveTable should normalize to 0dbFS instead of -6dbFS https://bugs.webkit.org/show_bug.cgi?id=84644 Reviewed by Kenneth Russell. No new tests. Oscillator tests will be rebaselined after landing, since several platforms are affected. * Modules/webaudio/WaveTable.cpp: (WebCore::WaveTable::createBandLimitedTables): 2012-04-24 Tommy Widenflycht <tommyw@google.com> MediaStream API: Create a new flag for PeerConnection https://bugs.webkit.org/show_bug.cgi?id=84723 Reviewed by Dimitri Glazkov. To allow Chrome to make the GetUserMedia functionality available by default we need another flag for the PeerConnection related parts. This new flag is in addition to the general media stream flag, and both need to be enabled for PeerConnection object creation. No code behavior changes. * bindings/generic/RuntimeEnabledFeatures.cpp: (WebCore): * bindings/generic/RuntimeEnabledFeatures.h: (RuntimeEnabledFeatures): (WebCore::RuntimeEnabledFeatures::peerConnectionEnabled): (WebCore::RuntimeEnabledFeatures::setPeerConnectionEnabled): (WebCore::RuntimeEnabledFeatures::webkitDeprecatedPeerConnectionEnabled): (WebCore::RuntimeEnabledFeatures::webkitPeerConnection00Enabled): 2012-04-24 Joe Mason <jmason@rim.com> [BlackBerry] Revert broken changes to authentication dialog https://bugs.webkit.org/show_bug.cgi?id=80135 Reviewed by Antonio Gomes. The previous patches from this bug caused an infinite loop when using digest auth; apparently they were only tested with basic. * platform/blackberry/PageClientBlackBerry.h: * platform/network/blackberry/NetworkJob.cpp: (WebCore::NetworkJob::handleAuthHeader): (WebCore::NetworkJob::sendRequestWithCredentials): 2012-04-24 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org> Fix wrong ASSERT() in findAttributeInVector() https://bugs.webkit.org/show_bug.cgi?id=84756 Unreviewed build fix. * dom/ElementAttributeData.h: (WebCore::findAttributeInVector): 2012-04-24 Anders Carlsson <andersca@apple.com> Update the scroll layer position on the main thread when viewing full-frame images https://bugs.webkit.org/show_bug.cgi?id=84754 <rdar://problem/11193304> Reviewed by Andreas Kling. Showing really big images can be slow sometimes and in that case it's better to update the scroll layer position on the main thread, which will avoid flashing white. * page/scrolling/ScrollingCoordinator.cpp: (WebCore::ScrollingCoordinator::updateShouldUpdateScrollLayerPositionOnMainThread): 2012-04-24 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org> Use Vector<Attribute> directly instead of encapsulating it in AttributeVector https://bugs.webkit.org/show_bug.cgi?id=84413 Reviewed by Andreas Kling. As commented in https://bugs.webkit.org/show_bug.cgi?id=79963#c16 we do not usually subclass basic types like Vector. This patch changes code to use Vector<Attribute> directly and move around the functionality of the former methods to more specific helper functions or inline code at the callers. * dom/Element.cpp: (WebCore::Element::parserSetAttributes): (WebCore::Element::normalizeAttributes): * dom/Element.h: (Element): * dom/ElementAttributeData.cpp: * dom/ElementAttributeData.h: (WebCore::getAttributeFromVector): (WebCore::ElementAttributeData::getAttributeItem): (ElementAttributeData): (WebCore::ElementAttributeData::attributeVector): (WebCore::ElementAttributeData::clonedAttributeVector): (WebCore::ElementAttributeData::getAttributeItemIndex): (WebCore): * html/parser/HTMLConstructionSite.cpp: (WebCore::HTMLConstructionSite::createHTMLElementFromSavedElement): * html/parser/HTMLToken.h: (WebCore::AtomicHTMLToken::AtomicHTMLToken): * html/parser/HTMLTreeBuilder.cpp: (WebCore::HTMLTreeBuilder::processFakeStartTag): (WebCore::HTMLTreeBuilder::attributesForIsindexInput): * html/parser/HTMLTreeBuilder.h: * html/parser/TextDocumentParser.cpp: (WebCore::TextDocumentParser::insertFakePreElement): * xml/XMLErrors.cpp: (WebCore::createXHTMLParserErrorHeader): (WebCore::XMLErrors::insertErrorMessageBlock): * xml/parser/MarkupTokenBase.h: (WebCore::AtomicMarkupTokenBase::AtomicMarkupTokenBase): (WebCore::AtomicMarkupTokenBase::getAttributeItem): (WebCore::AtomicMarkupTokenBase::attributes): (AtomicMarkupTokenBase): (WebCore::::initializeAttributes): * xml/parser/XMLToken.h: (WebCore::AtomicXMLToken::AtomicXMLToken): 2012-04-24 Alexis Menard <alexis.menard@openbossa.org> Rename CSSStyleSelector class to StyleResolver. https://bugs.webkit.org/show_bug.cgi?id=84734 Reviewed by Andreas Kling. The name CSSStyleSelector is confusing as it conflicts a bit with the CSS concept of selectors. One could think it's an encapsulation of the CSS selectors but it's not, in fact this class is responsible of finding the RenderStyle for a given element. This is the first patch as I will later rename the files, and then rename the local variables. No new tests : renaming, no behavior changes should appear. * css/CSSCalculationValue.cpp: (WebCore::CSSCalcPrimitiveValue::toCalcValue): * css/CSSFontSelector.cpp: (WebCore::CSSFontSelector::dispatchInvalidationCallbacks): * css/CSSParser.cpp: (WebCore::CSSParser::parseSizeParameter): * css/CSSStyleSelector.cpp: (RuleSet): (WebCore::RuleSet::features): (WebCore): (WebCore::StyleResolver::StyleResolver): (WebCore::StyleResolver::addAuthorRulesAndCollectUserRulesFromSheets): (WebCore::makeRuleSet): (WebCore::StyleResolver::collectFeatures): (WebCore::StyleResolver::determineScope): (WebCore::StyleResolver::ruleSetForScope): (WebCore::StyleResolver::appendAuthorStylesheets): (WebCore::StyleResolver::setupScopeStack): (WebCore::StyleResolver::pushScope): (WebCore::StyleResolver::popScope): (WebCore::StyleResolver::pushParentElement): (WebCore::StyleResolver::popParentElement): (WebCore::StyleResolver::pushParentShadowRoot): (WebCore::StyleResolver::popParentShadowRoot): (WebCore::StyleResolver::addKeyframeStyle): (WebCore::StyleResolver::~StyleResolver): (WebCore::StyleResolver::sweepMatchedPropertiesCache): (WebCore::StyleResolver::Features::Features): (WebCore::StyleResolver::Features::~Features): (WebCore::StyleResolver::Features::add): (WebCore::StyleResolver::Features::clear): (WebCore::StyleResolver::addMatchedProperties): (WebCore::StyleResolver::addElementStyleProperties): (WebCore::StyleResolver::collectMatchingRules): (WebCore::StyleResolver::collectMatchingRulesForRegion): (WebCore::StyleResolver::sortAndTransferMatchedRules): (WebCore::StyleResolver::matchScopedAuthorRules): (WebCore::StyleResolver::matchAuthorRules): (WebCore::StyleResolver::matchUserRules): (WebCore::StyleResolver::matchUARules): (WebCore::StyleResolver::collectMatchingRulesForList): * css/CSSStyleSelector.h: (StyleResolver): (Features): * css/MediaQueryEvaluator.cpp: (WebCore::MediaQueryEvaluator::eval): * css/MediaQueryEvaluator.h: (WebCore): (MediaQueryEvaluator): * css/MediaQueryMatcher.cpp: (WebCore::MediaQueryMatcher::prepareEvaluator): * css/SVGCSSStyleSelector.cpp: (WebCore::StyleResolver::applySVGProperty): * css/StyleBuilder.cpp: (WebCore::ApplyPropertyExpanding::applyInheritValue): (WebCore::ApplyPropertyExpanding::applyInitialValue): (WebCore::ApplyPropertyExpanding::applyValue): (WebCore::ApplyPropertyDefaultBase::applyInheritValue): (WebCore::ApplyPropertyDefaultBase::applyInitialValue): (WebCore::ApplyPropertyDefaultBase::applyValue): (WebCore::ApplyPropertyDefault::applyValue): (WebCore::ApplyPropertyNumber::applyValue): (WebCore::ApplyPropertyStyleImage::applyValue): (WebCore::ApplyPropertyAuto::applyInheritValue): (WebCore::ApplyPropertyAuto::applyInitialValue): (WebCore::ApplyPropertyAuto::applyValue): (WebCore::ApplyPropertyClip::convertToLength): (WebCore::ApplyPropertyClip::applyInheritValue): (WebCore::ApplyPropertyClip::applyInitialValue): (WebCore::ApplyPropertyClip::applyValue): (WebCore::ApplyPropertyColor::applyInheritValue): (WebCore::ApplyPropertyColor::applyInitialValue): (WebCore::ApplyPropertyColor::applyValue): (WebCore::ApplyPropertyColor::applyColorValue): (WebCore::ApplyPropertyDirection::applyValue): (WebCore::ApplyPropertyLength::applyValue): (WebCore::ApplyPropertyString::applyValue): (WebCore::ApplyPropertyBorderRadius::applyValue): (WebCore::ApplyPropertyFillLayer::applyInheritValue): (WebCore::ApplyPropertyFillLayer::applyInitialValue): (WebCore::ApplyPropertyFillLayer::applyValue): (WebCore::ApplyPropertyComputeLength::applyValue): (WebCore::ApplyPropertyFont::applyInheritValue): (WebCore::ApplyPropertyFont::applyInitialValue): (WebCore::ApplyPropertyFont::applyValue): (WebCore::ApplyPropertyFontSize::applyInheritValue): (WebCore::ApplyPropertyFontSize::applyInitialValue): (WebCore::ApplyPropertyFontSize::applyValue): (WebCore::ApplyPropertyFontWeight::applyValue): (WebCore::ApplyPropertyFontVariantLigatures::applyInheritValue): (WebCore::ApplyPropertyFontVariantLigatures::applyInitialValue): (WebCore::ApplyPropertyFontVariantLigatures::applyValue): (WebCore::ApplyPropertyBorderImage::applyValue): (WebCore::ApplyPropertyBorderImageModifier::applyInheritValue): (WebCore::ApplyPropertyBorderImageModifier::applyInitialValue): (WebCore::ApplyPropertyBorderImageModifier::applyValue): (WebCore::ApplyPropertyBorderImageSource::applyValue): (WebCore::ApplyPropertyCounter::emptyFunction): (WebCore::ApplyPropertyCounter::applyInheritValue): (WebCore::ApplyPropertyCounter::applyValue): (WebCore::ApplyPropertyCursor::applyInheritValue): (WebCore::ApplyPropertyCursor::applyInitialValue): (WebCore::ApplyPropertyCursor::applyValue): (WebCore::ApplyPropertyTextAlign::applyValue): (WebCore::ApplyPropertyTextDecoration::applyValue): (WebCore::ApplyPropertyUnicodeBidi::applyValue): (WebCore::ApplyPropertyLineHeight::applyValue): (WebCore::ApplyPropertyPageSize::applyInheritValue): (WebCore::ApplyPropertyPageSize::applyInitialValue): (WebCore::ApplyPropertyPageSize::applyValue): (WebCore::ApplyPropertyTextEmphasisStyle::applyInheritValue): (WebCore::ApplyPropertyTextEmphasisStyle::applyInitialValue): (WebCore::ApplyPropertyTextEmphasisStyle::applyValue): (WebCore): (WebCore::ApplyPropertyAnimation::map): (WebCore::ApplyPropertyAnimation::applyInheritValue): (WebCore::ApplyPropertyAnimation::applyInitialValue): (WebCore::ApplyPropertyAnimation::applyValue): (WebCore::ApplyPropertyOutlineStyle::applyInheritValue): (WebCore::ApplyPropertyOutlineStyle::applyInitialValue): (WebCore::ApplyPropertyOutlineStyle::applyValue): (WebCore::ApplyPropertyResize::applyValue): (WebCore::ApplyPropertyVerticalAlign::applyValue): (WebCore::ApplyPropertyAspectRatio::applyInheritValue): (WebCore::ApplyPropertyAspectRatio::applyInitialValue): (WebCore::ApplyPropertyAspectRatio::applyValue): (WebCore::ApplyPropertyZoom::resetEffectiveZoom): (WebCore::ApplyPropertyZoom::applyInheritValue): (WebCore::ApplyPropertyZoom::applyInitialValue): (WebCore::ApplyPropertyZoom::applyValue): (WebCore::ApplyPropertyDisplay::isValidDisplayValue): (WebCore::ApplyPropertyDisplay::applyInheritValue): (WebCore::ApplyPropertyDisplay::applyInitialValue): (WebCore::ApplyPropertyDisplay::applyValue): (WebCore::ApplyPropertyFlex::applyInheritValue): (WebCore::ApplyPropertyFlex::applyInitialValue): (WebCore::ApplyPropertyFlex::applyValue): (WebCore::StyleBuilder::StyleBuilder): * css/StyleBuilder.h: (WebCore): (PropertyHandler): (WebCore::PropertyHandler::applyInheritValue): (WebCore::PropertyHandler::applyInitialValue): (WebCore::PropertyHandler::applyValue): * css/StyleMedia.cpp: (WebCore::StyleMedia::matchMedium): * css/WebKitCSSKeyframesRule.cpp: (WebCore::WebKitCSSKeyframesRule::setName): * css/WebKitCSSMatrix.cpp: (WebCore::WebKitCSSMatrix::setMatrixValue): * dom/Document.cpp: (WebCore::Document::recalcStyle): (WebCore::Document::createStyleSelector): (WebCore::Document::testAddedStylesheetRequiresStyleRecalc): * dom/Document.h: (WebCore): (WebCore::Document::styleSelectorIfExists): (WebCore::Document::styleSelector): (Document): * dom/Element.cpp: (StyleSelectorParentPusher): (WebCore::Element::attributeChanged): (WebCore::Element::beginParsingChildren): (WebCore::Element::finishParsingChildren): * dom/ShadowRoot.cpp: (WebCore::ShadowRoot::attach): * dom/ShadowTree.cpp: (WebCore::ShadowTree::recalcShadowTreeStyle): * editing/EditingStyle.cpp: (WebCore::EditingStyle::mergeStyleFromRules): (WebCore::EditingStyle::removeStyleFromRulesAndContext): (WebCore::EditingStyle::removePropertiesInElementDefaultStyle): (WebCore::legacyFontSizeFromCSSValue): * editing/FrameSelection.cpp: (WebCore::FrameSelection::focusedOrActiveStateChanged): * history/CachedPage.cpp: (WebCore::CachedPage::restore): * html/HTMLCanvasElement.cpp: (WebCore::HTMLCanvasElement::styleSelector): * html/HTMLCanvasElement.h: (HTMLCanvasElement): * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::process): * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::setFont): * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::getMatchedStylesForNode): (WebCore::InspectorCSSAgent::buildArrayForRuleList): * inspector/InspectorCSSAgent.h: (InspectorCSSAgent): * page/DOMWindow.cpp: (WebCore::DOMWindow::getMatchedCSSRules): * page/Page.cpp: (WebCore::Page::allVisitedStateChanged): (WebCore::Page::visitedStateChanged): * page/animation/AnimationController.cpp: (WebCore::AnimationController::updateAnimations): * platform/blackberry/RenderThemeBlackBerry.cpp: (WebCore::RenderThemeBlackBerry::adjustButtonStyle): (WebCore::RenderThemeBlackBerry::adjustTextAreaStyle): (WebCore::RenderThemeBlackBerry::adjustTextFieldStyle): (WebCore::RenderThemeBlackBerry::adjustSearchFieldStyle): (WebCore::RenderThemeBlackBerry::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeBlackBerry::adjustMenuListButtonStyle): (WebCore::RenderThemeBlackBerry::adjustMenuListStyle): (WebCore::RenderThemeBlackBerry::adjustCheckboxStyle): (WebCore::RenderThemeBlackBerry::adjustRadioStyle): * platform/blackberry/RenderThemeBlackBerry.h: (RenderThemeBlackBerry): * platform/efl/RenderThemeEfl.cpp: (WebCore::RenderThemeEfl::adjustSliderTrackStyle): (WebCore::RenderThemeEfl::adjustSliderThumbStyle): (WebCore::RenderThemeEfl::adjustCheckboxStyle): (WebCore::RenderThemeEfl::adjustRadioStyle): (WebCore::RenderThemeEfl::adjustButtonStyle): (WebCore::RenderThemeEfl::adjustMenuListStyle): (WebCore::RenderThemeEfl::adjustMenuListButtonStyle): (WebCore::RenderThemeEfl::adjustTextFieldStyle): (WebCore::RenderThemeEfl::adjustTextAreaStyle): (WebCore::RenderThemeEfl::adjustSearchFieldDecorationStyle): (WebCore::RenderThemeEfl::adjustSearchFieldResultsButtonStyle): (WebCore::RenderThemeEfl::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeEfl::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeEfl::adjustSearchFieldStyle): (WebCore::RenderThemeEfl::adjustProgressBarStyle): * platform/efl/RenderThemeEfl.h: (RenderThemeEfl): * platform/gtk/RenderThemeGtk.cpp: (WebCore::RenderThemeGtk::adjustButtonStyle): (WebCore::RenderThemeGtk::adjustMenuListStyle): (WebCore::RenderThemeGtk::adjustMenuListButtonStyle): (WebCore::RenderThemeGtk::adjustSearchFieldResultsButtonStyle): (WebCore::RenderThemeGtk::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeGtk::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeGtk::adjustSearchFieldStyle): (WebCore::RenderThemeGtk::adjustSliderTrackStyle): (WebCore::RenderThemeGtk::adjustSliderThumbStyle): (WebCore::RenderThemeGtk::adjustProgressBarStyle): * platform/gtk/RenderThemeGtk.h: (RenderThemeGtk): * platform/gtk/RenderThemeGtk2.cpp: (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle): * platform/gtk/RenderThemeGtk3.cpp: (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle): * platform/qt/RenderThemeQt.cpp: (WebCore::RenderThemeQt::adjustTextFieldStyle): (WebCore::RenderThemeQt::adjustTextAreaStyle): (WebCore::RenderThemeQt::adjustMenuListStyle): (WebCore::RenderThemeQt::adjustMenuListButtonStyle): (WebCore::RenderThemeQt::adjustProgressBarStyle): (WebCore::RenderThemeQt::adjustSliderTrackStyle): (WebCore::RenderThemeQt::adjustSliderThumbStyle): (WebCore::RenderThemeQt::adjustSearchFieldStyle): (WebCore::RenderThemeQt::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeQt::adjustSearchFieldDecorationStyle): (WebCore::RenderThemeQt::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeQt::adjustInnerSpinButtonStyle): * platform/qt/RenderThemeQt.h: (RenderThemeQt): * platform/qt/RenderThemeQtMobile.cpp: (WebCore::RenderThemeQtMobile::adjustButtonStyle): (WebCore::RenderThemeQtMobile::adjustTextFieldStyle): (WebCore::RenderThemeQtMobile::adjustMenuListStyle): * platform/qt/RenderThemeQtMobile.h: (RenderThemeQtMobile): * platform/wx/RenderThemeWx.cpp: (RenderThemeWx): (WebCore::RenderThemeWx::adjustButtonStyle): (WebCore::RenderThemeWx::adjustTextFieldStyle): (WebCore::RenderThemeWx::adjustMenuListStyle): (WebCore::RenderThemeWx::adjustMenuListButtonStyle): * rendering/RenderInputSpeech.cpp: (WebCore::RenderInputSpeech::adjustInputFieldSpeechButtonStyle): * rendering/RenderInputSpeech.h: (RenderInputSpeech): * rendering/RenderTheme.cpp: (WebCore::RenderTheme::adjustStyle): (WebCore::RenderTheme::adjustCheckboxStyle): (WebCore::RenderTheme::adjustRadioStyle): (WebCore::RenderTheme::adjustButtonStyle): (WebCore::RenderTheme::adjustInnerSpinButtonStyle): (WebCore::RenderTheme::adjustTextFieldStyle): (WebCore::RenderTheme::adjustTextAreaStyle): (WebCore::RenderTheme::adjustMenuListStyle): (WebCore::RenderTheme::adjustInputFieldSpeechButtonStyle): (WebCore::RenderTheme::adjustMeterStyle): (WebCore::RenderTheme::adjustProgressBarStyle): (WebCore::RenderTheme::adjustMenuListButtonStyle): (WebCore::RenderTheme::adjustSliderTrackStyle): (WebCore::RenderTheme::adjustSliderThumbStyle): (WebCore::RenderTheme::adjustSearchFieldStyle): (WebCore::RenderTheme::adjustSearchFieldCancelButtonStyle): (WebCore::RenderTheme::adjustSearchFieldDecorationStyle): (WebCore::RenderTheme::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderTheme::adjustSearchFieldResultsButtonStyle): * rendering/RenderTheme.h: (RenderTheme): * rendering/RenderThemeChromiumAndroid.cpp: (WebCore::RenderThemeChromiumAndroid::adjustInnerSpinButtonStyle): * rendering/RenderThemeChromiumAndroid.h: (RenderThemeChromiumAndroid): * rendering/RenderThemeChromiumLinux.cpp: (WebCore::RenderThemeChromiumLinux::adjustInnerSpinButtonStyle): * rendering/RenderThemeChromiumLinux.h: (RenderThemeChromiumLinux): * rendering/RenderThemeChromiumSkia.cpp: (WebCore::RenderThemeChromiumSkia::adjustButtonStyle): (WebCore::RenderThemeChromiumSkia::adjustSearchFieldStyle): (WebCore::RenderThemeChromiumSkia::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeChromiumSkia::adjustSearchFieldDecorationStyle): (WebCore::RenderThemeChromiumSkia::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeChromiumSkia::adjustSearchFieldResultsButtonStyle): (WebCore::RenderThemeChromiumSkia::adjustMenuListStyle): (WebCore::RenderThemeChromiumSkia::adjustMenuListButtonStyle): * rendering/RenderThemeChromiumSkia.h: (RenderThemeChromiumSkia): * rendering/RenderThemeChromiumWin.cpp: (WebCore): (WebCore::RenderThemeChromiumWin::adjustInnerSpinButtonStyle): (WebCore::RenderThemeChromiumWin::adjustProgressBarStyle): * rendering/RenderThemeChromiumWin.h: (RenderThemeChromiumWin): * rendering/RenderThemeMac.h: (RenderThemeMac): * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::setFontFromControlSize): (WebCore::RenderThemeMac::adjustTextFieldStyle): (WebCore::RenderThemeMac::adjustTextAreaStyle): (WebCore::RenderThemeMac::adjustProgressBarStyle): (WebCore::RenderThemeMac::adjustMenuListStyle): (WebCore::RenderThemeMac::adjustMenuListButtonStyle): (WebCore::RenderThemeMac::adjustSliderTrackStyle): (WebCore::RenderThemeMac::adjustSliderThumbStyle): (WebCore::RenderThemeMac::adjustSearchFieldStyle): (WebCore::RenderThemeMac::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeMac::adjustSearchFieldDecorationStyle): (WebCore::RenderThemeMac::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeMac::adjustSearchFieldResultsButtonStyle): * rendering/RenderThemeSafari.cpp: (WebCore::RenderThemeSafari::setFontFromControlSize): (WebCore::RenderThemeSafari::adjustButtonStyle): (WebCore::RenderThemeSafari::adjustTextFieldStyle): (WebCore::RenderThemeSafari::adjustTextAreaStyle): (WebCore::RenderThemeSafari::adjustMenuListStyle): (WebCore::RenderThemeSafari::adjustMenuListButtonStyle): (WebCore::RenderThemeSafari::adjustSliderThumbStyle): (WebCore::RenderThemeSafari::adjustSearchFieldStyle): (WebCore::RenderThemeSafari::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeSafari::adjustSearchFieldDecorationStyle): (WebCore::RenderThemeSafari::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeSafari::adjustSearchFieldResultsButtonStyle): * rendering/RenderThemeSafari.h: (RenderThemeSafari): * rendering/RenderThemeWin.cpp: (WebCore::RenderThemeWin::adjustInnerSpinButtonStyle): (WebCore::RenderThemeWin::adjustMenuListStyle): (WebCore::RenderThemeWin::adjustMenuListButtonStyle): (WebCore::RenderThemeWin::adjustSearchFieldStyle): (WebCore::RenderThemeWin::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeWin::adjustSearchFieldDecorationStyle): (WebCore::RenderThemeWin::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeWin::adjustSearchFieldResultsButtonStyle): * rendering/RenderThemeWin.h: (RenderThemeWin): (WebCore::RenderThemeWin::adjustButtonStyle): (WebCore::RenderThemeWin::adjustTextFieldStyle): (WebCore::RenderThemeWin::adjustTextAreaStyle): * rendering/RenderThemeWinCE.cpp: (WebCore::RenderThemeWinCE::adjustMenuListStyle): (WebCore::RenderThemeWinCE::adjustSearchFieldStyle): (WebCore::RenderThemeWinCE::adjustSearchFieldCancelButtonStyle): (WebCore::RenderThemeWinCE::adjustSearchFieldDecorationStyle): (WebCore::RenderThemeWinCE::adjustSearchFieldResultsDecorationStyle): (WebCore::RenderThemeWinCE::adjustSearchFieldResultsButtonStyle): (WebCore::RenderThemeWinCE::adjustMenuListButtonStyle): * rendering/RenderThemeWinCE.h: (RenderThemeWinCE): (WebCore::RenderThemeWinCE::adjustButtonStyle): (WebCore::RenderThemeWinCE::adjustTextFieldStyle): (WebCore::RenderThemeWinCE::adjustTextAreaStyle): * rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::isStyleAvailable): * rendering/style/RenderStyle.h: (WebCore): * rendering/style/StyleRareNonInheritedData.h: (WebCore): * rendering/svg/RenderSVGInlineText.cpp: (WebCore::RenderSVGInlineText::computeNewScaledFontForStyle): * rendering/svg/SVGRenderSupport.cpp: (WebCore::SVGRenderSupport::isOverflowHidden): 2012-04-15 Robert Hogan <robert@webkit.org> CSS 2.1 failure: table-columns-example-001 fails https://bugs.webkit.org/show_bug.cgi?id=83978 Reviewed by David Hyatt. Tests: css2.1/20110323/table-columns-example-001.html fast/css/table-rules-attribute-groups-with-frame.html fast/css/table-rules-attribute-groups.html fast/css/table-rules-attribute-none-with-frame.html fast/css/table-rules-attribute-with-frame1.html fast/css/table-rules-attribute-with-frame2.html fast/css/table-rules-attribute.html WebKit does not implement the 'cols', 'rows', and 'all' rules attributes correctly for cells that are adjacent to the table's edges. The solution is to follow the hint in the spec at http://www.w3.org/TR/CSS21/tables.html#columns and set the table's border to hidden when the rules attribute is set to one of 'cols', 'rows' or 'all', and the table itself has no explicit border. Border collapsing will take care of the rest as 'hidden' always wins in border-conflict resolution. It's not completely clear from the spec that an explicit table border should trump a cols rule but doing so is consistent with FF and Opera at least. A 'rules' attribute is trumped by anything specified for the 'frame' attribute so need to ensure that is respected too. In short, any 'rules' attribute means a hidden table border unless there's a frame or border attribute. * html/HTMLTableElement.cpp: (WebCore::HTMLTableElement::additionalAttributeStyle): 2012-04-22 Timothy Hatcher <timothy@apple.com> Stop installing localizedStrings.js in Production builds. <rdar://problem/11296649> Reviewed by Joseph Pecoraro. * Configurations/WebCore.xcconfig: Added EXCLUDED_SOURCE_FILE_NAMES_Production_macosx and modified EXCLUDED_SOURCE_FILE_NAMES to look for CONFIGURATION variant. 2012-04-24 Yuzhu Shen <yzshen@chromium.org> [chromium] Add a description field in WebURLError and show failure description in the inspector network tab. https://bugs.webkit.org/show_bug.cgi?id=84566 Reviewed by Pavel Feldman. * inspector/front-end/NetworkPanel.js: (WebInspector.NetworkDataGridNode.prototype._refreshStatusCell): * platform/chromium/support/WebURLError.cpp: (WebKit::WebURLError::operator=): (WebKit::WebURLError::operator ResourceError): 2012-04-24 Rob Buis <rbuis@rim.com> [SVG] getBBox on a <g> within symbol returns 0 but with defs it works correctly https://bugs.webkit.org/show_bug.cgi?id=72796 SVG <use> of <symbol> containing <linearGradient> renders black https://bugs.webkit.org/show_bug.cgi?id=82775 Reviewed by Dirk Schulze. Create RenderSVGHiddenContainer for each <symbol>, which allows creation of child renderers too. This fixes both bugs since the bbox can be calculated at all times now and gradients in <symbol> are always created. This does allocate more memory but in general <symbol> is not used a lot and they tend to be small subtrees. Patch by Leo Yang. Tests: svg/custom/bbox-of-g-in-symbol.svg svg/custom/gradient-in-symbol-expected.svg svg/custom/gradient-in-symbol.svg * svg/SVGSymbolElement.cpp: (WebCore::SVGSymbolElement::createRenderer): (WebCore): * svg/SVGSymbolElement.h: (SVGSymbolElement): 2012-04-24 Brady Eidson <beidson@apple.com> <rdar://problem/10120155> and https://bugs.webkit.org/show_bug.cgi?id=82664 Need DOMWindow mechanism to supplement UserScripts for page cache notifications This patch creates a new object type "DOMWindowExtension" which extends DOMWindowProperty. A DOMWindowExtension is tied to a particular DOMWindow and represents extensibility in that DOMWindow within a particular DOMWrapperWorld. It is a token object meant designed to notify clients of the various events in the lifetime of a DOMWindow property such as creation, disconnecting for the page cache, reconnecting when restoring from the page cache, and DOMWindow destruction. Reviewed by Sam Weinig. New WebKit API test DOMWindowExtensionBasic added. Add hooks for 4 new client calls regarding DOMWindowExtensions and global object lifetime: * loader/FrameLoaderClient.h: (WebCore::FrameLoaderClient::dispatchCanCreateGlobalObject): (WebCore::FrameLoaderClient::dispatchWillDisconnectDOMWindowExtensionFromGlobalObject): (WebCore::FrameLoaderClient::dispatchDidReconnectDOMWindowExtensionToGlobalObject): (WebCore::FrameLoaderClient::dispatchWillDestroyGlobalObjectForDOMWindowExtension): At the same time "DidClearWindowObject" is called, also notify clients that the global object is available: * loader/FrameLoader.cpp: (WebCore::FrameLoader::receivedFirstData): (WebCore::FrameLoader::dispatchGlobalObjectAvailableInAllWorlds): * loader/FrameLoader.h: DOMWindowProperties might want to unregister themselves during these notifications, so copy the set to a Vector. While this technique is arguably fragile, its certainly less fragile than mutating a set while iterating it: * page/DOMWindow.cpp: (WebCore::DOMWindow::willDetachPage): (WebCore::DOMWindow::disconnectDOMWindowProperties): (WebCore::DOMWindow::reconnectDOMWindowProperties): Implement the DOMWindowExtension object. It acts like a DOMWindowProperty with the added capability of remembering what Frame it used to be connected to so it can *always* notify clients on willDetachPage: * page/DOMWindowExtension.cpp: Added. (WebCore::DOMWindowExtension::DOMWindowExtension): (WebCore::DOMWindowExtension::~DOMWindowExtension): (WebCore::DOMWindowExtension::disconnectFrame): (WebCore::DOMWindowExtension::reconnectFrame): (WebCore::DOMWindowExtension::willDetachPage): * page/DOMWindowExtension.h: Added. (WebCore::DOMWindowExtension::create): (WebCore::DOMWindowExtension::world): Project files: * CMakeLists.txt: * GNUmakefile.list.am: * Target.pri: * WebCore.exp.in: * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: 2012-04-24 Sami Kyostila <skyostil@chromium.org> [chromium] Don't keep pointers to released layer tree https://bugs.webkit.org/show_bug.cgi?id=84715 Reviewed by Adrienne Walker. As part of tree synchronization, CCLayerTreeHostImpl loses ownership of the previous tree (as per releaseRootLayer()). After this point we should not retain any pointers to the old tree, because they are effectively invalid as soon as the root layer is released. For processing scroll updates we need to keep track of which layer is being scrolled, and this state needs to survive tree synchronizations. Instead of keeping a direct pointer to the scrolled layer, we now save the id of that layer and use it to look up the same layer from the new tree. Unit test: CCLayerTreeHostImplTest.replaceTreeWhileScrolling * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp: (WebCore::CCLayerTreeHostImpl::CCLayerTreeHostImpl): (WebCore::CCLayerTreeHostImpl::setRootLayer): (WebCore::CCLayerTreeHostImpl::releaseRootLayer): (WebCore::CCLayerTreeHostImpl::scrollBegin): (WebCore::CCLayerTreeHostImpl::scrollEnd): * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h: (CCLayerTreeHostImpl): 2012-04-24 Alexandru Chiculita <achicu@adobe.com> [CSS Filters] Move m_filter and related fields from RenderLayer to a different structure and only allocate it when needed https://bugs.webkit.org/show_bug.cgi?id=84460 Reviewed by Dean Jackson. The new RenderLayerFilterInfo is meant to be allocated only when needed by filters. The link to the RenderLayerFilterInfo is maintained using a HashMap and a single boolean in the RenderLayer class. No new tests, just extracted a couple of fields inside the RenderLayer to a separate class. * GNUmakefile.list.am: * Target.pri: * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: * rendering/FilterEffectRenderer.cpp: (WebCore::FilterEffectRendererHelper::prepareFilterEffect): (WebCore::FilterEffectRendererHelper::beginFilterEffect): (WebCore::FilterEffectRendererHelper::applyFilterEffect): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::RenderLayer): (WebCore::RenderLayer::~RenderLayer): (WebCore::RenderLayer::paintsWithFilters): (WebCore::RenderLayer::requiresFullLayerImageForFilters): (WebCore::RenderLayer::setFilterBackendNeedsRepaintingInRect): (WebCore::RenderLayer::paintLayerContents): (WebCore::RenderLayer::updateOrRemoveFilterEffect): * rendering/RenderLayer.h: (WebCore::RenderLayer::filterRenderer): (RenderLayer): (WebCore::RenderLayer::filterInfo): (WebCore::RenderLayer::ensureFilterInfo): (WebCore::RenderLayer::removeFilterInfoIfNeeded): (WebCore::RenderLayer::hasFilterInfo): (WebCore::RenderLayer::setHasFilterInfo): * rendering/RenderLayerFilterInfo.cpp: Added. (WebCore): (WebCore::RenderLayerFilterInfo::filterInfoForRenderLayer): (WebCore::RenderLayerFilterInfo::createFilterInfoForRenderLayerIfNeeded): (WebCore::RenderLayerFilterInfo::removeFilterInfoForRenderLayer): (WebCore::RenderLayerFilterInfo::RenderLayerFilterInfo): (WebCore::RenderLayerFilterInfo::~RenderLayerFilterInfo): (WebCore::RenderLayerFilterInfo::setRenderer): * rendering/RenderLayerFilterInfo.h: Added. (WebCore): (RenderLayerFilterInfo): (WebCore::RenderLayerFilterInfo::dirtySourceRect): (WebCore::RenderLayerFilterInfo::addDirtySourceRect): (WebCore::RenderLayerFilterInfo::resetDirtySourceRect): (WebCore::RenderLayerFilterInfo::renderer): 2012-04-24 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate around in SerializedScriptValue.cpp (Part1) https://bugs.webkit.org/show_bug.cgi?id=84663 Reviewed by Nate Chapin. The objective is to pass Isolate to toV8() in SerializedScriptValue.cpp. Part1: Add an Isolate argument to SerializedScriptValue::create(), SerializedScriptValue::deserialize(), etc. Part2: Add an m_isolate member to SerializedScriptValue::Writer() and SerializedScriptValue::Reader(). Part3: Pass Isolate to toV8(). This patch fixes Part1. No tests. No change in behavior. * bindings/v8/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::create): (WebCore::SerializedScriptValue::undefinedValue): (WebCore::SerializedScriptValue::booleanValue): (WebCore::SerializedScriptValue::numberValue): (WebCore::SerializedScriptValue::SerializedScriptValue): (WebCore::SerializedScriptValue::deserialize): (WebCore::SerializedScriptValue::deserializeForInspector): * bindings/v8/SerializedScriptValue.h: (SerializedScriptValue): 2012-04-24 Kentaro Hara <haraken@chromium.org> [V8][Refactoring] Remove deserializeAndSetProperty() from SerializedScriptValue.cpp https://bugs.webkit.org/show_bug.cgi?id=84662 Reviewed by Nate Chapin. SerializedScriptValue::deserializeAndSetProperty() is no longer used. This patch removes it. No tests. No change in behavior. * bindings/v8/SerializedScriptValue.cpp: * bindings/v8/SerializedScriptValue.h: 2012-04-24 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to setDOMException() in CodeGeneratorV8.pm https://bugs.webkit.org/show_bug.cgi?id=84660 Reviewed by Nate Chapin. The objective is to pass Isolate around in V8 bindings. This patch passes Isolate to setDOMException() in CodeGeneratorV8.pm. Test: bindings/scripts/test/TestEventTarget.idl bindings/scripts/test/TestObj.idl bindings/scripts/test/TestInterface.idl * bindings/scripts/CodeGeneratorV8.pm: Modified as described above. (GenerateSetDOMException): (GenerateNormalAttrGetter): (GenerateNormalAttrSetter): (GenerateFunctionCallback): (GenerateParametersCheck): (GenerateFunctionCallString): * bindings/scripts/test/V8/V8TestEventTarget.cpp: Updated run-bindings-tests results. (WebCore::TestEventTargetV8Internal::itemCallback): (WebCore::TestEventTargetV8Internal::dispatchEventCallback): * bindings/scripts/test/V8/V8TestInterface.cpp: Ditto. (WebCore::TestInterfaceV8Internal::supplementalMethod2Callback): * bindings/scripts/test/V8/V8TestObj.cpp: Ditto. (WebCore::TestObjV8Internal::attrWithGetterExceptionAttrGetter): (WebCore::TestObjV8Internal::attrWithGetterExceptionAttrSetter): (WebCore::TestObjV8Internal::attrWithSetterExceptionAttrSetter): (WebCore::TestObjV8Internal::stringAttrWithGetterExceptionAttrGetter): (WebCore::TestObjV8Internal::stringAttrWithGetterExceptionAttrSetter): (WebCore::TestObjV8Internal::stringAttrWithSetterExceptionAttrSetter): (WebCore::TestObjV8Internal::withScriptStateAttributeRaisesAttrGetter): (WebCore::TestObjV8Internal::withScriptStateAttributeRaisesAttrSetter): (WebCore::TestObjV8Internal::withScriptExecutionContextAttributeRaisesAttrGetter): (WebCore::TestObjV8Internal::withScriptExecutionContextAttributeRaisesAttrSetter): (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateAttributeRaisesAttrGetter): (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateAttributeRaisesAttrSetter): (WebCore::TestObjV8Internal::methodThatRequiresAllArgsAndThrowsCallback): (WebCore::TestObjV8Internal::methodWithExceptionCallback): (WebCore::TestObjV8Internal::withScriptStateVoidExceptionCallback): (WebCore::TestObjV8Internal::withScriptStateObjExceptionCallback): (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateObjExceptionCallback): (WebCore::TestObjV8Internal::getSVGDocumentCallback): (WebCore::TestObjV8Internal::strictFunctionCallback): 2012-04-24 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to setDOMException() (Part2) https://bugs.webkit.org/show_bug.cgi?id=84658 Reviewed by Nate Chapin. The objective is to pass Isolate around in V8 bindings. This patch passes Isolate to setDOMException() in custom binding code. No tests. No change in behavior. * bindings/v8/V8Collection.cpp: (WebCore::toOptionsCollectionSetter): * bindings/v8/V8Collection.h: (WebCore): * bindings/v8/custom/V8ArrayBufferViewCustom.h: (WebCore::constructWebGLArrayWithArrayBufferArgument): (WebCore::setWebGLArrayHelper): * bindings/v8/custom/V8DOMWindowCustom.cpp: (WebCore::WindowSetTimeoutImpl): * bindings/v8/custom/V8DataViewCustom.cpp: (WebCore::V8DataView::getInt8Callback): (WebCore::V8DataView::getUint8Callback): (WebCore::V8DataView::setInt8Callback): (WebCore::V8DataView::setUint8Callback): * bindings/v8/custom/V8DirectoryEntrySyncCustom.cpp: (WebCore::V8DirectoryEntrySync::getDirectoryCallback): (WebCore::V8DirectoryEntrySync::getFileCallback): * bindings/v8/custom/V8HTMLCanvasElementCustom.cpp: (WebCore::V8HTMLCanvasElement::toDataURLCallback): * bindings/v8/custom/V8HTMLElementCustom.cpp: (WebCore::V8HTMLElement::itemValueAccessorSetter): * bindings/v8/custom/V8HTMLOptionsCollectionCustom.cpp: (WebCore::V8HTMLOptionsCollection::addCallback): (WebCore::V8HTMLOptionsCollection::lengthAccessorSetter): (WebCore::V8HTMLOptionsCollection::indexedPropertySetter): * bindings/v8/custom/V8HTMLSelectElementCustom.cpp: (WebCore::V8HTMLSelectElement::indexedPropertySetter): * bindings/v8/custom/V8NodeCustom.cpp: (WebCore::V8Node::insertBeforeCallback): (WebCore::V8Node::replaceChildCallback): (WebCore::V8Node::removeChildCallback): (WebCore::V8Node::appendChildCallback): * bindings/v8/custom/V8SQLTransactionCustom.cpp: (WebCore::V8SQLTransaction::executeSqlCallback): * bindings/v8/custom/V8WebKitMutationObserverCustom.cpp: (WebCore::V8WebKitMutationObserver::observeCallback): * bindings/v8/custom/V8XMLHttpRequestCustom.cpp: (WebCore::V8XMLHttpRequest::responseAccessorGetter): 2012-04-24 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to setDOMException() (Part1) https://bugs.webkit.org/show_bug.cgi?id=84656 Reviewed by Nate Chapin. The objective is to pass Isolate around in V8 bindings. This patch passes Isolate to setDOMException() in custom binding code. No tests. No change in behavior. * bindings/v8/custom/V8LocationCustom.cpp: (WebCore::V8Location::protocolAccessorSetter): * bindings/v8/custom/V8SQLTransactionSyncCustom.cpp: (WebCore::V8SQLTransactionSync::executeSqlCallback): * bindings/v8/custom/V8SVGLengthCustom.cpp: (WebCore::V8SVGLength::valueAccessorGetter): (WebCore::V8SVGLength::valueAccessorSetter): (WebCore::V8SVGLength::convertToSpecifiedUnitsCallback): * bindings/v8/custom/V8WebGLRenderingContextCustom.cpp: (WebCore::getObjectParameter): (WebCore::V8WebGLRenderingContext::getAttachedShadersCallback): (WebCore::V8WebGLRenderingContext::getExtensionCallback): (WebCore::V8WebGLRenderingContext::getFramebufferAttachmentParameterCallback): (WebCore::V8WebGLRenderingContext::getParameterCallback): (WebCore::V8WebGLRenderingContext::getProgramParameterCallback): (WebCore::V8WebGLRenderingContext::getShaderParameterCallback): (WebCore::V8WebGLRenderingContext::getUniformCallback): (WebCore::vertexAttribAndUniformHelperf): (WebCore::uniformHelperi): (WebCore::uniformMatrixHelper): 2012-04-24 Pavel Feldman <pfeldman@chromium.org> Web Inspector: encapsulate live location into the Script. https://bugs.webkit.org/show_bug.cgi?id=84722 Reviewed by Yury Semikhatsky. Live location is just a location on the script. The way it is implemented today involves too many indirections. * inspector/front-end/CompilerScriptMapping.js: * inspector/front-end/DebuggerModel.js: (WebInspector.DebuggerModel.prototype.setBreakpointByScriptLocation): (WebInspector.DebuggerModel.prototype.scriptForId): * inspector/front-end/DebuggerPresentationModel.js: (WebInspector.DebuggerPresentationModel.prototype.createLiveLocation): (WebInspector.DebuggerPresentationModel.prototype._addConsoleMessageToScript): (WebInspector.DebuggerPresentationModel.prototype._debuggerPaused): (WebInspector.DebuggerPresentationModel.prototype.set selectedCallFrame): (WebInspector.PresentationCallFrame.prototype.uiLocation): (WebInspector.DebuggerPresentationModel.CallFramePlacard): (WebInspector.DebuggerPresentationModel.Linkifier.prototype.linkifyRawLocation): * inspector/front-end/RawSourceCode.js: * inspector/front-end/ResourceScriptMapping.js: (WebInspector.ResourceScriptMapping.prototype.addScript): (WebInspector.ResourceScriptMapping.prototype._uiSourceCodeChanged): (WebInspector.ResourceScriptMapping.prototype._bindScriptToRawSourceCode): * inspector/front-end/Script.js: (WebInspector.Script): (WebInspector.Script.prototype.isInlineScript): (WebInspector.Script.prototype.setSourceMapping): (WebInspector.Script.prototype.createLocation): (WebInspector.Script.Location): (WebInspector.Script.Location.prototype.dispose): (WebInspector.Script.Location.prototype._update): * inspector/front-end/ScriptMapping.js: (WebInspector.UILocation): (WebInspector.SourceMapping): (WebInspector.SourceMapping.prototype.rawLocationToUILocation): (WebInspector.SourceMapping.prototype.uiLocationToRawLocation): (WebInspector.MainScriptMapping): (WebInspector.MainScriptMapping.prototype.addScript): (WebInspector.MainScriptMapping.prototype.reset): * inspector/front-end/SnippetsModel.js: (WebInspector.SnippetsScriptMapping.prototype._createUISourceCodeForScript): 2012-04-24 Yury Semikhatsky <yurys@chromium.org> Web Inspector: a bunch of heap profiler cleanups https://bugs.webkit.org/show_bug.cgi?id=84730 - HeapSnapshotProviderProxy passed explicitely as a parameter to HeapSnapshotGridNode constructor - Removed dead code - Removed unused parameters - Added more closure compiler annotations - Extracted code finding cycled among node ancestors into a separate method Reviewed by Pavel Feldman. * inspector/front-end/HeapSnapshot.js: (WebInspector.HeapSnapshot.prototype.createEdgesProvider): (WebInspector.HeapSnapshot.prototype.createRetainingEdgesProvider): (WebInspector.HeapSnapshot.prototype.createNodesProviderForDominator): (WebInspector.HeapSnapshotEdgesProvider): * inspector/front-end/HeapSnapshotDataGrids.js: * inspector/front-end/HeapSnapshotGridNodes.js: (WebInspector.HeapSnapshotGridNode): (WebInspector.HeapSnapshotGenericObjectNode): (WebInspector.HeapSnapshotObjectNode): (WebInspector.HeapSnapshotObjectNode.prototype._findAncestorWithSameSnapshotNodeId): (WebInspector.HeapSnapshotInstanceNode): (WebInspector.HeapSnapshotConstructorNode): (WebInspector.HeapSnapshotDiffNode): (WebInspector.HeapSnapshotDiffNode._createProvider): (WebInspector.HeapSnapshotDominatorObjectNode): * inspector/front-end/HeapSnapshotProxy.js: (WebInspector.HeapSnapshotWorker): (WebInspector.HeapSnapshotProxy.prototype.createNodesProviderForDominator): * inspector/front-end/utilities.js: 2012-04-24 Adam Klein <adamk@chromium.org> Fix includes in StrongInlines.h and ScriptValue.h https://bugs.webkit.org/show_bug.cgi?id=84659 Reviewed by Geoffrey Garen. This change was prompted by an attempt to use ScriptValue.h from a WebCore header file and running into trouble with the (as it turns out unnecessary) include of JSDOMBinding.h. * bindings/js/ScriptValue.cpp: Add include of JSDOMBinding.h, now that it's not included by the header. * bindings/js/ScriptValue.h: Remove unnecessary include of JSDOMBinding.h. 2012-04-24 Antti Koivisto <antti@apple.com> Move MediaList CSSOM wrapper ownership to parent rule or stylesheet https://bugs.webkit.org/show_bug.cgi?id=84716 Reviewed by Anders Carlsson. MediaList CSSOM wrapper should be owned by a rule or a stylesheet, not by the underlying MediaQuerySet. Remove the ref forwarding from MediaList in favor of regular refcounting. Use the usual pattern where the parent wrapper refs the child wrapper and zeroes the backpointer on destruction. * bindings/js/JSDOMBinding.h: (WebCore::root): * css/CSSImportRule.cpp: (WebCore::CSSImportRule::~CSSImportRule): (WebCore::CSSImportRule::media): * css/CSSImportRule.h: (StyleRuleImport): (CSSImportRule): * css/CSSMediaRule.cpp: (WebCore::CSSMediaRule::~CSSMediaRule): (WebCore::CSSMediaRule::media): * css/CSSMediaRule.h: (CSSMediaRule): * css/CSSStyleSheet.cpp: (WebCore::CSSStyleSheet::~CSSStyleSheet): (WebCore::CSSStyleSheet::media): * css/CSSStyleSheet.h: (CSSStyleSheet): * css/MediaList.cpp: (WebCore::MediaQuerySet::mediaText): (WebCore::MediaList::MediaList): (WebCore): (WebCore::MediaList::notifyChanged): * css/MediaList.h: (MediaQuerySet): (WebCore::MediaList::create): (WebCore::MediaList::parentRule): (WebCore::MediaList::clearParentStyleSheet): (WebCore::MediaList::clearParentRule): (WebCore::MediaList::queries): (MediaList): * css/StyleRule.h: (WebCore::StyleRuleMedia::mediaQueries): 2012-04-24 Carlos Garcia Campos <cgarcia@igalia.com> [GTK] Should pass canvas/philip/tests/toDataURL.jpeg.alpha.html https://bugs.webkit.org/show_bug.cgi?id=83973 Reviewed by Philippe Normand. Test: canvas/philip/tests/toDataURL.jpeg.alpha.html * platform/graphics/gtk/ImageBufferGtk.cpp: (WebCore::encodeImage): Convert ARGB32 cairo surface into RGB24 when encoding JPEG images since JPEG encoder doesn't support alpha channel. 2012-04-24 Carlos Garcia Campos <cgarcia@igalia.com> [GTK] Add WebKitCookieManager::changed signal to WebKit2 GTK+ API https://bugs.webkit.org/show_bug.cgi?id=82598 Reviewed by Philippe Normand. * GNUmakefile.list.am: Add new files to compilation. * platform/gtk/TemporaryLinkStubs.cpp: Remove stubs for setCookieStoragePrivateBrowsingEnabled, startObservingCookieChanges and stopObservingCookieChanges. * platform/network/soup/CookieStorageSoup.cpp: Added. (WebCore::setCookieStoragePrivateBrowsingEnabled): (WebCore::soupCookiesChanged): Notify cookies changes using platform strategies. (WebCore::startObservingCookieChanges): Connect to changed signal of the soup cookie jar. (WebCore::stopObservingCookieChanges): Disconnect signals handlers for changed signals of the soup cookie jar. 2012-04-24 Alexis Menard <alexis.menard@openbossa.org> Rename CSSStyleApplyProperty files to StyleBuilder. https://bugs.webkit.org/show_bug.cgi?id=84721 Reviewed by Antti Koivisto. r115043 renamed CSSStyleApplyProperty class to StyleBuilder. This patch rename the files to match the new class name. No new tests : renaming of files, no behavior changes expected. * CMakeLists.txt: * GNUmakefile.list.am: * Target.pri: * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: * css/CSSAllInOne.cpp: * css/CSSStyleSelector.cpp: (WebCore::CSSStyleSelector::collectMatchingRulesForList): * css/StyleBuilder.cpp: Renamed from Source/WebCore/css/CSSStyleApplyProperty.cpp. (WebCore): (ApplyPropertyExpanding): (WebCore::ApplyPropertyExpanding::applyInheritValue): (WebCore::ApplyPropertyExpanding::applyInitialValue): (WebCore::ApplyPropertyExpanding::applyValue): (WebCore::ApplyPropertyExpanding::createHandler): (ApplyPropertyDefaultBase): (WebCore::ApplyPropertyDefaultBase::setValue): (WebCore::ApplyPropertyDefaultBase::value): (WebCore::ApplyPropertyDefaultBase::initial): (WebCore::ApplyPropertyDefaultBase::applyInheritValue): (WebCore::ApplyPropertyDefaultBase::applyInitialValue): (WebCore::ApplyPropertyDefaultBase::applyValue): (WebCore::ApplyPropertyDefaultBase::createHandler): (ApplyPropertyDefault): (WebCore::ApplyPropertyDefault::setValue): (WebCore::ApplyPropertyDefault::applyValue): (WebCore::ApplyPropertyDefault::createHandler): (ApplyPropertyNumber): (WebCore::ApplyPropertyNumber::setValue): (WebCore::ApplyPropertyNumber::applyValue): (WebCore::ApplyPropertyNumber::createHandler): (ApplyPropertyStyleImage): (WebCore::ApplyPropertyStyleImage::applyValue): (WebCore::ApplyPropertyStyleImage::createHandler): (ApplyPropertyAuto): (WebCore::ApplyPropertyAuto::setValue): (WebCore::ApplyPropertyAuto::value): (WebCore::ApplyPropertyAuto::hasAuto): (WebCore::ApplyPropertyAuto::setAuto): (WebCore::ApplyPropertyAuto::applyInheritValue): (WebCore::ApplyPropertyAuto::applyInitialValue): (WebCore::ApplyPropertyAuto::applyValue): (WebCore::ApplyPropertyAuto::createHandler): (ApplyPropertyClip): (WebCore::ApplyPropertyClip::convertToLength): (WebCore::ApplyPropertyClip::applyInheritValue): (WebCore::ApplyPropertyClip::applyInitialValue): (WebCore::ApplyPropertyClip::applyValue): (WebCore::ApplyPropertyClip::createHandler): (WebCore::defaultInitialColor): (ApplyPropertyColor): (WebCore::ApplyPropertyColor::applyInheritValue): (WebCore::ApplyPropertyColor::applyInitialValue): (WebCore::ApplyPropertyColor::applyValue): (WebCore::ApplyPropertyColor::applyColorValue): (WebCore::ApplyPropertyColor::createHandler): (ApplyPropertyDirection): (WebCore::ApplyPropertyDirection::applyValue): (WebCore::ApplyPropertyDirection::createHandler): (ApplyPropertyLength): (WebCore::ApplyPropertyLength::setValue): (WebCore::ApplyPropertyLength::applyValue): (WebCore::ApplyPropertyLength::createHandler): (ApplyPropertyString): (WebCore::ApplyPropertyString::setValue): (WebCore::ApplyPropertyString::applyValue): (WebCore::ApplyPropertyString::createHandler): (ApplyPropertyBorderRadius): (WebCore::ApplyPropertyBorderRadius::setValue): (WebCore::ApplyPropertyBorderRadius::applyValue): (WebCore::ApplyPropertyBorderRadius::createHandler): (FillLayerAccessorTypes): (ApplyPropertyFillLayer): (WebCore::ApplyPropertyFillLayer::applyInheritValue): (WebCore::ApplyPropertyFillLayer::applyInitialValue): (WebCore::ApplyPropertyFillLayer::applyValue): (WebCore::ApplyPropertyFillLayer::createHandler): (ApplyPropertyComputeLength): (WebCore::ApplyPropertyComputeLength::setValue): (WebCore::ApplyPropertyComputeLength::applyValue): (WebCore::ApplyPropertyComputeLength::createHandler): (ApplyPropertyFont): (WebCore::ApplyPropertyFont::applyInheritValue): (WebCore::ApplyPropertyFont::applyInitialValue): (WebCore::ApplyPropertyFont::applyValue): (WebCore::ApplyPropertyFont::createHandler): (ApplyPropertyFontSize): (WebCore::ApplyPropertyFontSize::largerFontSize): (WebCore::ApplyPropertyFontSize::smallerFontSize): (WebCore::ApplyPropertyFontSize::applyInheritValue): (WebCore::ApplyPropertyFontSize::applyInitialValue): (WebCore::ApplyPropertyFontSize::applyValue): (WebCore::ApplyPropertyFontSize::createHandler): (ApplyPropertyFontWeight): (WebCore::ApplyPropertyFontWeight::applyValue): (WebCore::ApplyPropertyFontWeight::createHandler): (ApplyPropertyFontVariantLigatures): (WebCore::ApplyPropertyFontVariantLigatures::applyInheritValue): (WebCore::ApplyPropertyFontVariantLigatures::applyInitialValue): (WebCore::ApplyPropertyFontVariantLigatures::applyValue): (WebCore::ApplyPropertyFontVariantLigatures::createHandler): (ApplyPropertyBorderImage): (WebCore::ApplyPropertyBorderImage::applyValue): (WebCore::ApplyPropertyBorderImage::createHandler): (ApplyPropertyBorderImageModifier): (WebCore::ApplyPropertyBorderImageModifier::getValue): (WebCore::ApplyPropertyBorderImageModifier::setValue): (WebCore::ApplyPropertyBorderImageModifier::applyInheritValue): (WebCore::ApplyPropertyBorderImageModifier::applyInitialValue): (WebCore::ApplyPropertyBorderImageModifier::applyValue): (WebCore::ApplyPropertyBorderImageModifier::createHandler): (ApplyPropertyBorderImageSource): (WebCore::ApplyPropertyBorderImageSource::applyValue): (WebCore::ApplyPropertyBorderImageSource::createHandler): (ApplyPropertyCounter): (WebCore::ApplyPropertyCounter::emptyFunction): (WebCore::ApplyPropertyCounter::applyInheritValue): (WebCore::ApplyPropertyCounter::applyValue): (WebCore::ApplyPropertyCounter::createHandler): (ApplyPropertyCursor): (WebCore::ApplyPropertyCursor::applyInheritValue): (WebCore::ApplyPropertyCursor::applyInitialValue): (WebCore::ApplyPropertyCursor::applyValue): (WebCore::ApplyPropertyCursor::createHandler): (ApplyPropertyTextAlign): (WebCore::ApplyPropertyTextAlign::applyValue): (WebCore::ApplyPropertyTextAlign::createHandler): (ApplyPropertyTextDecoration): (WebCore::ApplyPropertyTextDecoration::applyValue): (WebCore::ApplyPropertyTextDecoration::createHandler): (ApplyPropertyUnicodeBidi): (WebCore::ApplyPropertyUnicodeBidi::applyValue): (WebCore::ApplyPropertyUnicodeBidi::createHandler): (ApplyPropertyLineHeight): (WebCore::ApplyPropertyLineHeight::applyValue): (WebCore::ApplyPropertyLineHeight::createHandler): (ApplyPropertyPageSize): (WebCore::ApplyPropertyPageSize::mmLength): (WebCore::ApplyPropertyPageSize::inchLength): (WebCore::ApplyPropertyPageSize::getPageSizeFromName): (WebCore::ApplyPropertyPageSize::applyInheritValue): (WebCore::ApplyPropertyPageSize::applyInitialValue): (WebCore::ApplyPropertyPageSize::applyValue): (WebCore::ApplyPropertyPageSize::createHandler): (ApplyPropertyTextEmphasisStyle): (WebCore::ApplyPropertyTextEmphasisStyle::applyInheritValue): (WebCore::ApplyPropertyTextEmphasisStyle::applyInitialValue): (WebCore::ApplyPropertyTextEmphasisStyle::applyValue): (WebCore::ApplyPropertyTextEmphasisStyle::createHandler): (ApplyPropertyAnimation): (WebCore::ApplyPropertyAnimation::setValue): (WebCore::ApplyPropertyAnimation::value): (WebCore::ApplyPropertyAnimation::test): (WebCore::ApplyPropertyAnimation::clear): (WebCore::ApplyPropertyAnimation::initial): (WebCore::ApplyPropertyAnimation::map): (WebCore::ApplyPropertyAnimation::accessAnimations): (WebCore::ApplyPropertyAnimation::animations): (WebCore::ApplyPropertyAnimation::applyInheritValue): (WebCore::ApplyPropertyAnimation::applyInitialValue): (WebCore::ApplyPropertyAnimation::applyValue): (WebCore::ApplyPropertyAnimation::createHandler): (ApplyPropertyOutlineStyle): (WebCore::ApplyPropertyOutlineStyle::applyInheritValue): (WebCore::ApplyPropertyOutlineStyle::applyInitialValue): (WebCore::ApplyPropertyOutlineStyle::applyValue): (WebCore::ApplyPropertyOutlineStyle::createHandler): (ApplyPropertyResize): (WebCore::ApplyPropertyResize::applyValue): (WebCore::ApplyPropertyResize::createHandler): (ApplyPropertyVerticalAlign): (WebCore::ApplyPropertyVerticalAlign::applyValue): (WebCore::ApplyPropertyVerticalAlign::createHandler): (ApplyPropertyAspectRatio): (WebCore::ApplyPropertyAspectRatio::applyInheritValue): (WebCore::ApplyPropertyAspectRatio::applyInitialValue): (WebCore::ApplyPropertyAspectRatio::applyValue): (WebCore::ApplyPropertyAspectRatio::createHandler): (ApplyPropertyZoom): (WebCore::ApplyPropertyZoom::resetEffectiveZoom): (WebCore::ApplyPropertyZoom::applyInheritValue): (WebCore::ApplyPropertyZoom::applyInitialValue): (WebCore::ApplyPropertyZoom::applyValue): (WebCore::ApplyPropertyZoom::createHandler): (ApplyPropertyDisplay): (WebCore::ApplyPropertyDisplay::isValidDisplayValue): (WebCore::ApplyPropertyDisplay::applyInheritValue): (WebCore::ApplyPropertyDisplay::applyInitialValue): (WebCore::ApplyPropertyDisplay::applyValue): (WebCore::ApplyPropertyDisplay::createHandler): (ApplyPropertyFlex): (WebCore::ApplyPropertyFlex::applyInheritValue): (WebCore::ApplyPropertyFlex::applyInitialValue): (WebCore::ApplyPropertyFlex::applyValue): (WebCore::ApplyPropertyFlex::createHandler): (WebCore::ApplyPropertyFlex::getFlexValue): (WebCore::StyleBuilder::sharedStyleBuilder): (WebCore::StyleBuilder::StyleBuilder): * css/StyleBuilder.h: Renamed from Source/WebCore/css/CSSStyleApplyProperty.h. (WebCore): (PropertyHandler): (WebCore::PropertyHandler::PropertyHandler): (WebCore::PropertyHandler::applyInheritValue): (WebCore::PropertyHandler::applyInitialValue): (WebCore::PropertyHandler::applyValue): (WebCore::PropertyHandler::isValid): (WebCore::PropertyHandler::inheritFunction): (WebCore::PropertyHandler::initialFunction): (WebCore::PropertyHandler::applyFunction): (StyleBuilder): (WebCore::StyleBuilder::propertyHandler): (WebCore::StyleBuilder::index): (WebCore::StyleBuilder::valid): (WebCore::StyleBuilder::setPropertyHandler): 2012-04-24 Florin Malita <fmalita@chromium.org> WebCore::EventTarget::addEventListener crash https://bugs.webkit.org/show_bug.cgi?id=84171 Reviewed by Nikolas Zimmermann. Test: svg/custom/use-tref-crash.svg Adding tref target event listeners while building the shadow tree is problematic, because SVGUseElement::buildShadowAndInstanceTree() only sets the element instance<->shadow element association at a later time. Fortunately, buildShadowAndInstanceTree() also propagates the event handlers (transferEventListenersToShadowTree) - so we can simply skip them in SVGTRefElement::buildPendingResource() for shadow elements. * svg/SVGTRefElement.cpp: (WebCore::SVGTRefElement::buildPendingResource): 2012-04-24 Kent Tamura <tkent@chromium.org> Clickable area of a calendar picker indicator is too small. https://bugs.webkit.org/show_bug.cgi?id=84677 Reviewed by Kentaro Hara. Test: fast/forms/date/date-appearance.html is affected. * css/html.css: (input::-webkit-calendar-picker-indicator): - Remove unnecessary disaplay:inline-block. - Add paddings instead of the margin. (input::-webkit-calendar-picker-indicator:hover): Add hover style. 2012-04-24 Alexis Menard <alexis.menard@openbossa.org> Another unreviewed build fix for Mac. * css/CSSStyleSelector.h: (CSSStyleSelector): 2012-04-24 Alexis Menard <alexis.menard@openbossa.org> Unreviewed build fix attempt for Mac. * rendering/style/RenderStyle.h: 2012-04-24 Alexis Menard <alexis.menard@openbossa.org> Rename CSSStyleApplyProperty class to StyleBuilder. https://bugs.webkit.org/show_bug.cgi?id=84711 Reviewed by Antti Koivisto. As per discussion on bug https://bugs.webkit.org/show_bug.cgi?id=42764 the name is a bit confusing. This first patch rename the class and a following one will rename the files. We also drop the CSS prefix of the class to keep CSS prefixed classes for CSSOM types. No new tests : renaming, no behavior changes should appear. * css/CSSStyleApplyProperty.cpp: (WebCore::ApplyPropertyExpanding::applyInheritValue): (WebCore::ApplyPropertyExpanding::applyInitialValue): (WebCore::ApplyPropertyExpanding::applyValue): (WebCore::StyleBuilder::sharedStyleBuilder): (WebCore::StyleBuilder::StyleBuilder): * css/CSSStyleApplyProperty.h: (WebCore): (StyleBuilder): * css/CSSStyleSelector.cpp: (WebCore::CSSStyleSelector::CSSStyleSelector): (WebCore::CSSStyleSelector::collectMatchingRulesForList): * css/CSSStyleSelector.h: (CSSStyleSelector): 2012-04-24 Kent Tamura <tkent@chromium.org> Merge LocalizedCalendar into LocalizedDate https://bugs.webkit.org/show_bug.cgi?id=84685 Reviewed by Kentaro Hara. The functionality of LocalizedCalendar is very related to LocalizedDate. We should merge them. No new tests. Just refactoring. * WebCore.gypi: Remove LocalizedCalendar.h and LocalizedCalenderICU.cpp. * html/shadow/CalendarPickerElement.cpp: Include LocalizedDate.h instead of LocalizedCalendar.h. * platform/text/LocalizedCalendar.h: Removed. Merged into LocalizedDate.h. * platform/text/LocalizedCalendarICU.cpp: Removed. Merged into LocalizedDateICU.h. * platform/text/LocalizedDate.h: (WebCore): Move some functions from LocalizedCalendar.h. * platform/text/LocalizedDateICU.cpp: Move some functions from LocalizedCalendarICU.cpp. 2012-04-24 Pavel Feldman <pfeldman@chromium.org> Web Inspector: remove pure delegation code from DebuggerPresentationModel https://bugs.webkit.org/show_bug.cgi?id=84704 Reviewed by Yury Semikhatsky. This change removes the code that delegates calls to breakpoint manager and exposes the breakpoint manager in debugger presentation model itself. It allows narrowing dpm dependencies. * inspector/front-end/BreakpointsSidebarPane.js: (WebInspector.JavaScriptBreakpointsSidebarPane): (WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointCheckboxClicked): (WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointContextMenu): (WebInspector.JavaScriptBreakpointsSidebarPane.prototype._contextMenu): * inspector/front-end/DebuggerModel.js: (WebInspector.DebuggerModel.prototype.debuggerPausedDetails): (WebInspector.DebuggerModel.prototype.createRawLocationByURL): (WebInspector.DebuggerModel.prototype.isPaused): * inspector/front-end/DebuggerPresentationModel.js: (WebInspector.DebuggerPresentationModel.prototype.get breakpointManager): (WebInspector.DebuggerPresentationModel.prototype._debuggerPaused): (WebInspector.DebuggerPresentationModelResourceBinding.prototype._setContentWithInitialContent): * inspector/front-end/JavaScriptSource.js: (WebInspector.JavaScriptSource): (WebInspector.JavaScriptSource.prototype.consoleMessagesCleared): (WebInspector.JavaScriptSource.prototype.findBreakpoint): (WebInspector.JavaScriptSource.prototype.setBreakpoint): (WebInspector.JavaScriptSource.prototype.setBreakpointEnabled): (WebInspector.JavaScriptSource.prototype.removeBreakpoint): (WebInspector.JavaScriptSource.prototype.updateBreakpoint): (WebInspector.JavaScriptSource.prototype.continueToLine): (WebInspector.JavaScriptSource.prototype.canSetContent): (WebInspector.JavaScriptSource.prototype.setContent): (WebInspector.JavaScriptSource.prototype.updateBreakpointsAfterLiveEdit): * inspector/front-end/JavaScriptSourceFrame.js: (WebInspector.JavaScriptSourceFrame.prototype.canEditSource): (WebInspector.JavaScriptSourceFrame.prototype.editContent): (WebInspector.JavaScriptSourceFrame.prototype._onContentChanged): (WebInspector.JavaScriptSourceFrame.prototype.populateLineGutterContextMenu.else.editBreakpointCondition.didEditBreakpointCondition): (WebInspector.JavaScriptSourceFrame.prototype.populateLineGutterContextMenu.else): (WebInspector.JavaScriptSourceFrame.prototype.populateLineGutterContextMenu): (WebInspector.JavaScriptSourceFrame.prototype.beforeTextChanged): (WebInspector.JavaScriptSourceFrame.prototype._getPopoverAnchor): (WebInspector.JavaScriptSourceFrame.prototype._resolveObjectForPopover.showObjectPopover): (WebInspector.JavaScriptSourceFrame.prototype._resolveObjectForPopover): (WebInspector.JavaScriptSourceFrame.prototype._setBreakpoint): (WebInspector.JavaScriptSourceFrame.prototype._onMouseDown): * inspector/front-end/ScopeChainSidebarPane.js: (WebInspector.ScopeChainSidebarPane.prototype.update): * inspector/front-end/ScriptsPanel.js: (WebInspector.ScriptsPanel.prototype._debuggerPaused.else.didGetUILocation): (WebInspector.ScriptsPanel.prototype._debuggerPaused): 2012-04-24 Yury Semikhatsky <yurys@chromium.org> Web Inspector: native nodes may have snapshot id less than base snapshot max JS object id https://bugs.webkit.org/show_bug.cgi?id=84681 Make sure new nodes whose IDs less than base snapshot max JS object id will get into snapshot delta. Reviewed by Pavel Feldman. Test: inspector/profiler/heap-snapshot-comparison-dom-groups-change.html * inspector/front-end/HeapSnapshot.js: (WebInspector.HeapSnapshot.prototype._calculateDiffForClass): * inspector/front-end/HeapSnapshotDataGrids.js: (WebInspector.HeapSnapshotSortableDataGrid): Drive-by fix, made recursion counter a normal field on HeapSnapshotSortableDataGrid. (WebInspector.HeapSnapshotSortableDataGrid.prototype.recursiveSortingEnter): (WebInspector.HeapSnapshotSortableDataGrid.prototype.recursiveSortingLeave): 2012-04-24 Sheriff Bot <webkit.review.bot@gmail.com> Unreviewed, rolling out r115000. http://trac.webkit.org/changeset/115000 https://bugs.webkit.org/show_bug.cgi?id=84703 Breaks webkit_unit_tests on Mac in Chromium: http://build.chromium.org/p/chromium.webkit/builders/Webkit%20Mac10.6/builds/15157 (Requested by mnaganov on #webkit). * platform/graphics/skia/OpaqueRegionSkia.cpp: (WebCore::paintIsOpaque): (WebCore::OpaqueRegionSkia::popCanvasLayer): (WebCore::OpaqueRegionSkia::didDraw): (WebCore::OpaqueRegionSkia::didDrawUnbounded): (WebCore::OpaqueRegionSkia::markRectAsOpaque): (WebCore::OpaqueRegionSkia::markRectAsNonOpaque): * platform/graphics/skia/OpaqueRegionSkia.h: (OpaqueRegionSkia): (WebCore::OpaqueRegionSkia::CanvasLayerState::CanvasLayerState): (CanvasLayerState): * platform/graphics/skia/PlatformContextSkia.cpp: (WebCore::PlatformContextSkia::restoreLayer): 2012-04-23 Antti Koivisto <antti@apple.com> Consolidate external stylesheet quirks handling to StyleSheetInternal https://bugs.webkit.org/show_bug.cgi?id=84632 Reviewed by Andreas Kling. Move the repeated code from StyleImportRule and HTMLLinkElement to StyleSheetInternal::parseUserStyleSheet. Remove a BUILDING_ON_LEOPARD-only quirk. * css/CSSImportRule.cpp: (WebCore::StyleRuleImport::setCSSStyleSheet): * css/CSSParser.cpp: (WebCore): (WebCore::CSSParserContext::CSSParserContext): Add new settings bits to the CSSParserContext. These are used for external stylesheet parsing quirks. * css/CSSParserMode.h: (CSSParserContext): * css/CSSStyleSheet.cpp: (WebCore::StyleSheetInternal::parseUserStyleSheet): (WebCore::StyleSheetInternal::parseString): (WebCore): (WebCore::StyleSheetInternal::parseStringAtLine): * css/CSSStyleSheet.h: (WebCore): (StyleSheetInternal): * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::setCSSStyleSheet): 2012-04-24 Yael Aharon <yael.aharon@nokia.com> [Qt] Move notification icon download out of WebCore https://bugs.webkit.org/show_bug.cgi?id=80700 Reviewed by Simon Hausmann. Remove the code that downloads the notification's icon out of WebCore. Other ports let the client decide if to download the icon or not. No new tests. This patch is only removing code. * notifications/Notification.cpp: (WebCore::Notification::~Notification): (WebCore::Notification::show): (WebCore::Notification::close): (WebCore::Notification::contextDestroyed): * notifications/Notification.h: (Notification): 2012-04-24 Rakesh KN <rakesh.kn@motorola.com> RadioNodeList support in HTMLFormElement::elements https://bugs.webkit.org/show_bug.cgi?id=81854 Implement RadioNodeList support spec'ed at http://www.whatwg.org/specs/web-apps/current-work/multipage/common-dom-interfaces.html#radionodelist Reviewed by Ryosuke Niwa. Test: fast/forms/form-collection-radio-node-list.html * CMakeLists.txt: Added entries for new files. * DerivedSources.cpp: Ditto. * DerivedSources.make: Ditto. * DerivedSources.pri: Ditto. * GNUmakefile.list.am: Ditto. * Target.pri: Ditto. * WebCore.gypi: Ditto. * WebCore.vcproj/WebCore.vcproj: Ditto. * WebCore.xcodeproj/project.pbxproj: Ditto. * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::getNamedItems): Modified to create RadioNodeList object when FormControlCollection has more than one element of same name/id. * bindings/scripts/CodeGeneratorJS.pm: (GenerateImplementation): Added code to include Node.h and JSNode.h in JSRadioNodeElement.cpp. * bindings/v8/custom/V8HTMLCollectionCustom.cpp: (WebCore::getNamedItems): Modified to create RadioNodeList object when FormControlCollection has more than one element of same name/id. * html/CollectionType.h: Added new FormControls type. * html/HTMLCollection.cpp: (WebCore::HTMLCollection::shouldIncludeChildren): (WebCore::HTMLCollection::isAcceptableElement): Handle FormControls collection type. * html/HTMLFormCollection.cpp: (WebCore::HTMLFormCollection::HTMLFormCollection): Contruct collection of FormControls type. * html/RadioNodeList.cpp: Added. (WebCore): (WebCore::RadioNodeList::RadioNodeList): (WebCore::RadioNodeList::~RadioNodeList): (WebCore::toRadioButtonInputElement): (WebCore::RadioNodeList::value): (WebCore::RadioNodeList::setValue): (WebCore::RadioNodeList::nodeMatches): * html/RadioNodeList.h: Added. (WebCore): (RadioNodeList): (WebCore::RadioNodeList::create): RadioNodeList implementation. * html/RadioNodeList.idl: Added. Idl for generating RadioNodeList JS/V8 bindings. 2012-04-24 Benjamin Poulain <bpoulain@apple.com> Implement the field cache of ObjcClass in WebKit types https://bugs.webkit.org/show_bug.cgi?id=84667 Reviewed by Geoffrey Garen. Every time we get a field through the Objective-C bridge, we waste some time converting the incoming string to an CFString. This patch implement the field cache based on WTF types so that we can return directly in case of a positive match. When we do not have a match on the Identifier, we allocate the memory and find the valid field as before. * bridge/objc/objc_class.h: (ObjcClass): * bridge/objc/objc_class.mm: (JSC::Bindings::deleteMethod): (Bindings): (JSC::Bindings::ObjcClass::ObjcClass): (JSC::Bindings::ObjcClass::fieldNamed): 2012-04-23 Andy Estes <aestes@apple.com> Incremental rendering should be unsuppressed after the load event or a configurable timeout, whichever occurs first. https://bugs.webkit.org/show_bug.cgi?id=84583 Reviewed by Anders Carlsson. In high-latency situations, having incremental rendering suppression enabled makes for a worse experience due to the excessively long time it takes for the load event to fire. So that clients that opt in to incremental rendering suppression can mitigate this, add a configurable timeout in which rendering is re-enabled if the load event has yet to fire. * dom/Document.cpp: (WebCore::Document::Document): (WebCore::Document::setReadyState): When the document transitions to the loading state, start a timer; when it transitions to the completed state, allow visual updates. (WebCore::Document::setVisualUpdatesAllowed): If visual updates are allowed, force a repaint. Otherwise, set a flag that suppresses rendering. (WebCore::Document::visualUpdatesSuppressionTimerFired): When the timer fires, allow visual updates. (WebCore::Document::implicitClose): Remove code that is now called in setVisualUpdatesAllowed(). * dom/Document.h: (WebCore::Document::visualUpdatesAllowed): * page/Settings.cpp: (WebCore::Settings::Settings): * page/Settings.h: (WebCore::Settings::setIncrementalRenderingSuppressionTimeoutInSeconds): (WebCore::Settings::incrementalRenderingSuppressionTimeoutInSeconds): 2012-04-23 Dana Jansens <danakj@chromium.org> [chromium] Image masks are considered opaque incorrectly https://bugs.webkit.org/show_bug.cgi?id=84275 Reviewed by Adrienne Walker. Match the behaviour of SkCanvas layers more closely while tracking opaque paints. SkCanvas layers actually act as a separate device (ie. pixels) and when the layer is popped off, the pixels are copied down to the layer below. While we can use the total clip to decide what pixels the the drawing operation will affect in the final device, the blending down through layers needs to consider each layer carefully. In this case the image mask is drawn into a layer which is copied down using the DestinationIn operation. Since the layer contains non-opaque pixels, the DestinationIn copy can destroy opaque areas in the next layer. We add OpaqueRegionSkia::FillByCopy to distinguish the case where we are copying a block of pixels, and the alpha values are essentially unknown. Unit test: PlatformContextSkiaTest.trackImageMask PlatformContextSkiaTest.trackImageMaskWithOpaqueRect * platform/graphics/skia/OpaqueRegionSkia.cpp: (WebCore::paintIsOpaque): (WebCore::OpaqueRegionSkia::applyOpaqueRegionFromLayer): (WebCore::OpaqueRegionSkia::pushCanvasLayer): (WebCore::OpaqueRegionSkia::popCanvasLayer): (WebCore::OpaqueRegionSkia::didDrawRect): (WebCore::OpaqueRegionSkia::didDrawPath): (WebCore::OpaqueRegionSkia::didDrawPoints): (WebCore::OpaqueRegionSkia::didDrawBounded): (WebCore::OpaqueRegionSkia::didDraw): (WebCore::OpaqueRegionSkia::didDrawUnbounded): (WebCore::OpaqueRegionSkia::markRectAsOpaque): (WebCore::OpaqueRegionSkia::markRectAsNonOpaque): (WebCore::OpaqueRegionSkia::markAllAsNonOpaque): * platform/graphics/skia/OpaqueRegionSkia.h: (OpaqueRegionSkia): (CanvasLayerState): * platform/graphics/skia/PlatformContextSkia.cpp: (WebCore::PlatformContextSkia::restoreLayer): 2012-04-23 Kent Tamura <tkent@chromium.org> Show the format indicator in a date field https://bugs.webkit.org/show_bug.cgi?id=83872 Reviewed by Hajime Morita. Enable the fixed placeholder feature for the date type, and show the editable date format as the fixed placeholder. The format string is created by the following steps. 1. Obtain a pattern string from ICU http://icu-project.org/apiref/icu4c/classSimpleDateFormat.html#details 2. Replace a sequence of 'y', 'Y', 'M', or 'd' in the pattern with a natural language string such as "year", "month", or "day". Test: fast/forms/date/date-fixed-placeholder.html * html/DateInputType.cpp: (WebCore::DateInputType::supportsPlaceholder): Added. Returns true. (WebCore::DateInputType::usesFixedPlaceholder): Added. Returns true. (WebCore::DateInputType::fixedPlaceholder): Added. Calls localizedDateFormatText() provided by LocalizedDate.h. * html/DateInputType.h: (DateInputType): Add declarations of new override functions. * platform/LocalizedStrings.h: (WebCore): Add dateFormat{Year,Month,DayInMonth}Text() * platform/text/ICULocale.cpp: (WebCore::isICUYearSymbol): A function to improve redability. (WebCore::isICUMonthSymbol): ditto. (WebCore::isICUDayInMonthSymbol): ditto. (WebCore::localizeFormat): Step 2 of the above description. (WebCore::ICULocale::initializeLocalizedDateFormatText): Step 1 of the above description. (WebCore::ICULocale::localizedDateFormatText): * platform/text/ICULocale.h: (ICULocale): Add new functions and a data member. * platform/text/LocalizedDate.h: (WebCore): Add localizedDateFormatText(). * platform/text/LocalizedDateICU.cpp: (WebCore::localizedDateFormatText): Just call ICULocale::localizedDateFormatText(). 2012-04-23 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to v8Array() https://bugs.webkit.org/show_bug.cgi?id=84295 Reviewed by Nate Chapin. The final objective is to pass Isolate around in V8 bindings. This patch passes the Isolate to v8Array(). (GenerateNormalAttrGetter): (NativeToJSValue): * bindings/scripts/test/V8/V8TestObj.cpp: (WebCore::TestObjV8Internal::sequenceAttrAttrGetter): (WebCore::TestObjV8Internal::methodReturningSequenceCallback): * bindings/v8/V8Binding.h: (WebCore::v8Array): 2012-04-23 Kentaro Hara <haraken@chromium.org> [V8] Pass Isolate to GetNamedProperty() https://bugs.webkit.org/show_bug.cgi?id=84277 Reviewed by Nate Chapin. The objective is to pass Isolate around in V8 bindings. This patch passes Isolate to GetNamedProperty(). (GenerateHeader): * bindings/v8/V8DOMWindowShell.cpp: (WebCore::getter): * bindings/v8/custom/V8HTMLDocumentCustom.cpp: (WebCore::V8HTMLDocument::GetNamedProperty): (WebCore::V8HTMLDocument::allAccessorGetter): 2012-04-23 Michael Nordman <michaeln@google.com> [chromium] DomStorage event handling mods. https://bugs.webkit.org/show_bug.cgi?id=84387 Add a few simple inline getters to allow the source Document of a storage event to be identified given a pointer to the source StorageArea so those Documents can be excluded by the event dispatching logic. Reviewed by Dimitri Glazkov. No new tests. No new functionality or change in behavior. * page/DOMWindow.h: (WebCore::DOMWindow::optionalSessionStorage): simple inline getter to avoid construction where possible (WebCore::DOMWindow::optionalLocalStorage): ditto * storage/Storage.h: (WebCore::Storage::area): simple inline getter 2012-04-23 Kenneth Russell <kbr@google.com> Change ImageData to reference Uint8ClampedArray rather than CanvasPixelArray https://bugs.webkit.org/show_bug.cgi?id=73011 Reviewed by Oliver Hunt. Changed ImageData to contain Uint8ClampedArray instead of ByteArray per current HTML5 spec. In order to avoid introducing large data copies, it was necessary to switch a few other places in WebKit to use Uint8ClampedArray at the same time, most notably the FilterEffect implementation, portions of ImageBuffer, and a couple of places in the image encoders. Note that the change in method name from "get" to "item" occurred because JSC's autogenerated indexed getters reference a method called "item". If desired, a convenience method could be introduced to avoid the renamings in the FilterEffect classes. With these changes, ByteArray and some custom code in JavaScriptCore actually become unreferenced, and can be deleted. This deletion will be done separately in Bug 83655, to keep the size of this patch manageable. Test: fast/canvas/imagedata-contains-uint8clampedarray.html * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/SerializedScriptValue.cpp: (WebCore::CloneSerializer::dumpIfTerminal): (WebCore::CloneDeserializer::readTerminal): * bindings/v8/SerializedScriptValue.cpp: * bindings/v8/custom/V8ImageDataCustom.cpp: (WebCore::toV8): * bridge/qt/qt_pixmapruntime.cpp: (JSC::Bindings::QtPixmapToImageDataMethod::invoke): * html/ImageData.cpp: (WebCore::ImageData::create): (WebCore::ImageData::ImageData): * html/ImageData.h: (ImageData): (WebCore::ImageData::data): * html/ImageData.idl: * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::createEmptyImageData): (WebCore::CanvasRenderingContext2D::getImageData): (WebCore::CanvasRenderingContext2D::putImageData): * platform/graphics/GraphicsContext3D.cpp: (WebCore::GraphicsContext3D::extractImageData): * platform/graphics/ImageBuffer.cpp: (WebCore::ImageBuffer::genericConvertToLuminanceMask): * platform/graphics/ImageBuffer.h: * platform/graphics/ShadowBlur.cpp: (WebCore::ShadowBlur::blurShadowBuffer): * platform/graphics/cairo/ImageBufferCairo.cpp: (WebCore::getImageData): (WebCore::ImageBuffer::getUnmultipliedImageData): (WebCore::ImageBuffer::getPremultipliedImageData): (WebCore::ImageBuffer::putByteArray): * platform/graphics/cg/ImageBufferCG.cpp: (WebCore::ImageBuffer::getUnmultipliedImageData): (WebCore::ImageBuffer::getPremultipliedImageData): (WebCore::ImageBuffer::putByteArray): (WebCore::ImageBuffer::toDataURL): (WebCore::ImageDataToDataURL): * platform/graphics/cg/ImageBufferDataCG.cpp: (WebCore::ImageBufferData::getData): (WebCore::ImageBufferData::putData): * platform/graphics/cg/ImageBufferDataCG.h: (ImageBufferData): * platform/graphics/filters/FEBlend.cpp: (WebCore::FEBlend::platformApplySoftware): * platform/graphics/filters/FEColorMatrix.cpp: (WebCore::effectType): (WebCore::FEColorMatrix::platformApplySoftware): * platform/graphics/filters/FEComponentTransfer.cpp: (WebCore::FEComponentTransfer::platformApplySoftware): * platform/graphics/filters/FEComposite.cpp: (WebCore::FEComposite::platformArithmeticSoftware): (WebCore::FEComposite::platformApplySoftware): * platform/graphics/filters/FEComposite.h: * platform/graphics/filters/FEConvolveMatrix.cpp: (WebCore::setDestinationPixels): (WebCore::FEConvolveMatrix::fastSetInteriorPixels): (WebCore::FEConvolveMatrix::fastSetOuterPixels): (WebCore::FEConvolveMatrix::platformApplySoftware): * platform/graphics/filters/FEConvolveMatrix.h: (PaintingData): * platform/graphics/filters/FECustomFilter.cpp: (WebCore::FECustomFilter::platformApplySoftware): (WebCore::FECustomFilter::bindProgramAndBuffers): * platform/graphics/filters/FECustomFilter.h: (JSC): (FECustomFilter): * platform/graphics/filters/FEDisplacementMap.cpp: (WebCore::FEDisplacementMap::platformApplySoftware): * platform/graphics/filters/FEDropShadow.cpp: (WebCore::FEDropShadow::platformApplySoftware): * platform/graphics/filters/FEGaussianBlur.cpp: (WebCore::boxBlur): (WebCore::FEGaussianBlur::platformApplyGeneric): (WebCore::FEGaussianBlur::platformApply): (WebCore::FEGaussianBlur::platformApplySoftware): * platform/graphics/filters/FEGaussianBlur.h: (PlatformApplyParameters): (FEGaussianBlur): * platform/graphics/filters/FELighting.cpp: (WebCore::FELighting::LightingData::topLeft): (WebCore::FELighting::LightingData::topRow): (WebCore::FELighting::LightingData::topRight): (WebCore::FELighting::LightingData::leftColumn): (WebCore::FELighting::LightingData::interior): (WebCore::FELighting::LightingData::rightColumn): (WebCore::FELighting::LightingData::bottomLeft): (WebCore::FELighting::LightingData::bottomRow): (WebCore::FELighting::LightingData::bottomRight): (WebCore::FELighting::inlineSetPixel): (WebCore::FELighting::drawLighting): (WebCore::FELighting::platformApplySoftware): * platform/graphics/filters/FELighting.h: (LightingData): (FELighting): * platform/graphics/filters/FEMorphology.cpp: (WebCore::FEMorphology::platformApplyGeneric): (WebCore::FEMorphology::platformApplySoftware): * platform/graphics/filters/FEMorphology.h: (PaintingData): * platform/graphics/filters/FETurbulence.cpp: (WebCore::FETurbulence::fillRegion): (WebCore::FETurbulence::platformApplySoftware): * platform/graphics/filters/FETurbulence.h: (FillRegionParameters): (FETurbulence): * platform/graphics/filters/FilterEffect.cpp: (WebCore::FilterEffect::forceValidPreMultipliedPixels): (WebCore::FilterEffect::asUnmultipliedImage): (WebCore::FilterEffect::asPremultipliedImage): (WebCore::FilterEffect::copyImageBytes): (WebCore::FilterEffect::copyUnmultipliedImage): (WebCore::FilterEffect::copyPremultipliedImage): (WebCore::FilterEffect::createUnmultipliedImageResult): (WebCore::FilterEffect::createPremultipliedImageResult): * platform/graphics/filters/FilterEffect.h: