2015-08-05  Babak Shafiei  <bshafiei@apple.com>

        Roll out r186982.

2015-07-30  Babak Shafiei  <bshafiei@apple.com>

        Roll out r186895.

2015-07-30  Babak Shafiei  <bshafiei@apple.com>

        Roll out r187048.

2015-07-30  Babak Shafiei  <bshafiei@apple.com>

        Roll out r187490.

2015-07-29  Babak Shafiei  <bshafiei@apple.com>

        Roll out r185848.

2015-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r187490.

    2015-07-28  Brady Eidson  <beidson@apple.com>

            Handle null CFArrayRef returning from _CFHTTPParsedCookiesWithResponseHeaderFields.
            <rdar://problem/21995928> and https://bugs.webkit.org/show_bug.cgi?id=147365

            Reviewed by Alexey Proskuryakov.

            * platform/network/cf/CookieJarCFNet.cpp:
            (WebCore::filterCookies): ASSERT the input is not null.
            (WebCore::createCookies): Always return a CFArrayRef, even if it's empty.

2015-07-27  Babak Shafiei  <bshafiei@apple.com>

        Roll out r180020.

2015-07-27  Babak Shafiei  <bshafiei@apple.com>

        Roll out r182829.

2015-07-24  Babak Shafiei  <bshafiei@apple.com>

        Merge patch for r187189.

    2015-07-24  Dean Jackson  <dino@apple.com>

            The merge of r187189 made changes to a file that doesn't
            yet exist in this branch. Move the code to the right place.

            * html/canvas/WebGLRenderingContext.cpp:
            (WebCore::WebGLRenderingContext::validateDrawArrays): Call into validateSimulatedVertexAttrib0.
            (WebCore::WebGLRenderingContext::validateDrawElements): Ditto.
            (WebCore::WebGLRenderingContext::validateSimulatedVertexAttrib0): Copy from the existing code.
            (WebCore::WebGLRenderingContext::simulateVertexAttrib0): Ditto.
            * html/canvas/WebGLRenderingContext.h:

2015-07-24  Babak Shafiei  <bshafiei@apple.com>

        Merge r187359.

    2015-07-24  Anders Carlsson  <andersca@apple.com>

            Fix fallout from merging changes for
            <rdar://problem/21707887> CSP doesn't prevent image loading of <object> when page contains <video controls> and ENABLE(MEDIA_CONTROLS_SCRIPT) is enabled

            Reviewed by Alexey Proskuryakov.

            Tweaked http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html so that
            it will test allowing evals in non-main worlds.

            * bindings/js/ScriptController.cpp:
            (WebCore::ScriptController::initScript):
            Due to ContentSecurityPolicy::allowEval being modified on ToT, we'd always end up passing true for
            the overrideContentSecurityPolicy parameter (since the ContentSecurityPolicy::SuppressReport parameter
            was incorrectly treated as a boolean).
            Fix this by merging part of the fix for bug 141316.

            * loader/cache/CachedResourceLoader.cpp:
            (WebCore::CachedResourceLoader::defaultCachedResourceOptions):
            The correct ContentSecurityPolicyImposition should be DoPolicyCheck. This was the case on ToT but for
            some reason it was changed to SkipPolicyCheck when the patch was merged.

            * page/DOMSecurityPolicy.cpp:
            (WebCore::DOMSecurityPolicy::allowsEval):
            Pass false for overrideContentSecurityPolicy.

2015-07-23  Babak Shafiei  <bshafiei@apple.com>

        Roll out r185838.

2015-07-23  Babak Shafiei  <bshafiei@apple.com>

        Merge r187189.

    2015-07-23  Dean Jackson  <dino@apple.com>

            Out of bounds in WebGLRenderingContext::simulateVertexAttrib0
            https://bugs.webkit.org/show_bug.cgi?id=147176
            <rdar://problem/21567767>

            Reviewed by Oliver Hunt.

            Test: fast/canvas/webgl/out-of-bounds-simulated-vertexAttrib0-drawArrays.html

            Add overflow checking for the drawing calls, specifically the way
            they may simulate vertexAttrib0.

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::validateDrawArrays): Call new validation method.
            (WebCore::WebGLRenderingContextBase::validateDrawElements): Ditto.
            (WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0): New method that
            validates the parameters used to create the simulated attribute.
            (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): No need to do overflow
            checking here now that the validation method does it for us.
            (WebCore::WebGLRenderingContextBase::validateVertexAttributes): Deleted.
            * html/canvas/WebGLRenderingContextBase.h: Add new validation method.

2015-07-20  Lucas Forschler  <lforschler@apple.com>

        Merge r186895

    2015-07-16  Brady Eidson  <beidson@apple.com>

            WebKit document.cookie mis-parsing.
            rdar://problem/21715050 and https://bugs.webkit.org/show_bug.cgi?id=146976

            Reviewed by Sam Weinig.

            * platform/network/cf/CookieJarCFNet.cpp:
            (WebCore::createCookies): Use new SPI if available.
            (WebCore::setCookiesFromDOM):
            * platform/spi/cf/CFNetworkSPI.h:

2015-07-17  Andy Estes  <aestes@apple.com>

        Merge r186982. rdar://problem/21709404

    2015-07-17  Andy Estes  <aestes@apple.com>

        [iOS] Further tighten the sandbox around pages fetched with Content-Disposition: attachment
        https://bugs.webkit.org/show_bug.cgi?id=147044
        rdar://problem/21567820

        Reviewed by Brady Eidson.

        In addition to placing resources fetched with 'Content-Disposition: attachment' in a unique origin,
        this change does the following:

        - Switches the sandbox type from SandboxOrigin to SandboxAll, which enforces the same restrictions as <iframe sandbox>.
        - Disables processing of <meta http-equiv> elements.
        - Disables loading of cross-origin subframes.

        Tests: http/tests/contentdispositionattachmentsandbox/cross-origin-frames-disabled.html
               http/tests/contentdispositionattachmentsandbox/form-submission-disabled.html
               http/tests/contentdispositionattachmentsandbox/http-equiv-disabled.html
               http/tests/contentdispositionattachmentsandbox/plugins-disabled.html
               http/tests/contentdispositionattachmentsandbox/scripts-disabled.html

        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv): Switched to calling Document::httpEquivPolicy(). Logged an error to the console for policies other than Enabled.
        (WebCore::Document::initSecurityContext): Switched sandbox enforcement from SandboxOrigin to SandboxAll.
        (WebCore::Document::httpEquivPolicy): Returned a HttpEquivPolicy based on shouldEnforceContentDispositionAttachmentSandbox() and Settings::httpEquivEnabled().
        (WebCore::Document::shouldEnforceContentDispositionAttachmentSandbox): Returned true if Settings::contentDispositionAttachmentSandboxEnabled()
        and the document was fetched as an attachment.
        * dom/Document.h:
        * loader/cache/CachedResourceLoader.cpp: 
        (WebCore::CachedResourceLoader::canRequest): When requesting a subframe main resource when the parent frame enforces an attachment sandbox,
        only continue if the parent frame's SecurityOrigin allows the request.
        * page/Settings.in: Added contentDispositionAttachmentSandboxEnabled with an initial value of false.

2015-07-13  David Kilzer  <ddkilzer@apple.com>

        Merge r186663. rdar://problem/21708241

    2015-07-09  Daniel Bates  <dabates@apple.com>

        Fetching Content Security Policy report URL should respect same origin policy
        https://bugs.webkit.org/show_bug.cgi?id=146754
        <rdar://problem/18860259>

        Reviewed by Brady Eidson.

        Inspired by Blink r149791 (by Mike West <mkwst@chromium.org>):
        <https://src.chromium.org/viewvc/blink?revision=149791&view=revision>

        As per <http://www.w3.org/TR/2015/CR-CSP2-20150219/#send-violation-reports>, fetching the
        Content Security Policy report URL should include cookies if and only if the origin of
        the protected resource is equal to the origin of the report URL.

        Tests: http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.html
               http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.html
               http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.html
               http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.html
               http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.html
               http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.html

        * loader/PingLoader.cpp:
        (WebCore::PingLoader::sendViolationReport):

2015-07-13  David Kilzer  <ddkilzer@apple.com>

        Merge r186530. rdar://problem/21708151

        * WebCore.exp.in: Export methods.

    2015-07-08  Brady Eidson  <beidson@apple.com>

        Move PingLoaders to the NetworkingProcess.
        <rdar://problem/18860263> and https://bugs.webkit.org/show_bug.cgi?id=146710

        Reviewed by Tim Horton.

        No new tests.
        There's no current solution for communicating back to a page that a ping load has reached its target.
        Until we have such a solution, any attempt at a layout test will be fragile at best.

        * WebCore.xcodeproj/project.pbxproj:
        
        * loader/LoaderStrategy.cpp:
        (WebCore::LoaderStrategy::createPingHandle): Default implementation is create the PingHandle directly.
        * loader/LoaderStrategy.h:

        PingLoader becomes a static class for now that crafts the ResourceRequest then passes it off
        to the LoaderStrategy:        
        * loader/PingLoader.cpp:
        (WebCore::PingLoader::loadImage):
        (WebCore::PingLoader::sendPing):
        (WebCore::PingLoader::sendViolationReport):
        (WebCore::PingLoader::startPingLoad):
        (WebCore::PingLoader::createPingLoader): Deleted.
        (WebCore::PingLoader::PingLoader): Deleted.
        (WebCore::PingLoader::~PingLoader): Deleted.
        * loader/PingLoader.h:
        (WebCore::PingLoader::timeoutTimerFired): Deleted.

        PingHandle does what PingLoader used to - It's a basic ResourceHandleClient that simply waits
        for any response/completion/failure and then deletes itself.
        * platform/network/PingHandle.h: Added.
        (WebCore::PingHandle::PingHandle):
        (WebCore::PingHandle::usesAsyncCallbacks):
        (WebCore::PingHandle::timeoutTimerFired):
        (WebCore::PingHandle::~PingHandle):

2015-07-13  David Kilzer  <ddkilzer@apple.com>

        Merge r186476. rdar://problem/21708269

        * WebCore.exp.in: Add symbol to export list since WEBCORE_EXPORT
        isn't available on the branch.

    2015-07-07  Brady Eidson  <beidson@apple.com>

        HTTP Auth cached after disabling private browsing/reset.
        <rdar://problem/8293055> and https://bugs.webkit.org/show_bug.cgi?id=146654

        Reviewed by Tim Horton.

        Test: http/tests/security/private-browsing-http-auth.html

        - Change most static CredentialStorage methods to be instance methods instead.
        - Make a CredentialStorage objects be per-NetworkStorageSession.

        * Modules/websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::WebSocketChannel):
        (WebCore::WebSocketChannel::connect): Only start the web socket load if a networking
          context is available.

        * platform/network/CredentialStorage.cpp:
        (WebCore::CredentialStorage::defaultCredentialStorage): Returns the credential storage
          from the default NetworkStorageSession.
        (WebCore::CredentialStorage::set):
        (WebCore::CredentialStorage::get):
        (WebCore::CredentialStorage::remove):
        (WebCore::CredentialStorage::findDefaultProtectionSpaceForURL):
        (WebCore::CredentialStorage::clearCredentials):
        (WebCore::protectionSpaceToCredentialMap): Deleted.
        (WebCore::originsWithCredentials): Deleted.
        (WebCore::pathToDefaultProtectionSpaceMap): Deleted.
        (WebCore::findDefaultProtectionSpaceForURL): Deleted.
        (WebCore::CredentialStorage::setPrivateMode): Deleted. Was a no-op anyways.
        * platform/network/CredentialStorage.h:
        
        * platform/network/NetworkStorageSession.h:
        (WebCore::NetworkStorageSession::credentialStorage):
        
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::createCFURLConnection):
        (WebCore::ResourceHandle::willSendRequest):
        (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
        (WebCore::ResourceHandle::receivedCredential):
        
        * platform/network/cf/SocketStreamHandle.h:
        (WebCore::SocketStreamHandle::create):
        * platform/network/cf/SocketStreamHandleCFNet.cpp:
        (WebCore::SocketStreamHandle::SocketStreamHandle):
        (WebCore::SocketStreamHandle::getStoredCONNECTProxyCredentials):
        (WebCore::getStoredCONNECTProxyCredentials): Deleted.
        
        * platform/network/curl/ResourceHandleCurl.cpp:
        (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
        (WebCore::ResourceHandle::receivedCredential):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::ResourceHandleManager::applyAuthenticationToRequest):
        
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::createNSURLConnection):
        (WebCore::ResourceHandle::willSendRequest):
        (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
        (WebCore::ResourceHandle::receivedCredential):
        
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::applyAuthenticationToRequest):
        (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
        (WebCore::ResourceHandle::receivedCredential):
        
2015-07-12  David Kilzer  <ddkilzer@apple.com>

        Merge r185769. rdar://problem/21727217

    2015-06-19  Andy Estes  <aestes@apple.com>

        Various assertion failures occur when executing script in the midst of DOM insertion
        https://bugs.webkit.org/show_bug.cgi?id=132482

        Reviewed by Darin Adler.

        Prior to this change, when an element containing a <script> child was inserted into a document, the script was
        executed in ScriptElement::insertedInto(). That script can access nodes that follow it in the newly-inserted
        hierarchy but are not yet fully inserted, leading to at least the following problems:

            - The script could remove a node that is not yet marked as in the document.
            - The script could remove a named <map> that has yet to be added to TreeScope::m_imageMapsByName.
            - The script could remove a form control that has yet to be added to FormController::m_formElementsWithState.

        These scenarios all result in assertion failures. This change ensures that each node in the newly-inserted
        hierarchy is fully inserted before executing any scripts.

        Tests: fast/dom/element-removed-while-inserting-parent-crash.html
               fast/dom/named-map-removed-while-inserting-parent-crash.html
               fast/forms/form-control-removed-while-inserting-parent-crash.html
               svg/dom/element-removed-while-inserting-parent-crash.html

        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::shouldNotifySubtreeInsertions): Renamed from insertedInto().
        Returned true in the case where insertedInto() would've called prepareScript().
        (WebCore::ScriptElement::didNotifySubtreeInsertions): Called prepareScript().
        (WebCore::ScriptElement::insertedInto): Renamed to shouldNotifySubtreeInsertions().
        * dom/ScriptElement.h:
        * html/HTMLScriptElement.cpp:
        (WebCore::HTMLScriptElement::insertedInto): If shouldNotifySubtreeInsertions() is true, returned InsertionShouldCallDidNotifySubtreeInsertions.
        Otherwise, returned InsertionDone.
        (WebCore::HTMLScriptElement::didNotifySubtreeInsertions): Called ScriptElement::didNotifySubtreeInsertions().
        * html/HTMLScriptElement.h:
        * svg/SVGScriptElement.cpp:
        (WebCore::SVGScriptElement::insertedInto): Did the same as HTMLScriptElement::insertedInto().
        (WebCore::SVGScriptElement::didNotifySubtreeInsertions): Called ScriptElement::didNotifySubtreeInsertions().
        * svg/SVGScriptElement.h:

2015-07-12  David Kilzer  <ddkilzer@apple.com>

        Merge r186474. rdar://problem/21716537

    2015-07-07  Zalan Bujtas  <zalan@apple.com>

        REGRESSION(169105): CSS Regions: renderer returns wrong selection root when it is inside a column flow.
        https://bugs.webkit.org/show_bug.cgi?id=146529
        rdar://problem/21613670

        Reviewed by Mihnea Ovidenie and David Kilzer.

        This patch ensures that RenderObject::selectionRoot() handles column flows properly while searching for the associated
        selection root.
        When the renderer is inside a column flow and the column flow is part of a named flow, we stop
        traversing the ancestor chain, searching for the selection root, when we reach the column flow.
        Since the column flow is not a selection root, we mistakenly fall back to the RenderView as selection root.
        Instead, we should check if the column is inside a named flow and return the selection root accordingly.
        Returning the wrong selection root confuses RenderView::splitSelectionBetweenSubtrees() logic and this particular
        RenderObject could end up in multiple selection trees.

        Test: fast/regions/selection/crash-when-element-is-inside-column-and-the-containing-block-is-inside-flow.html

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::selectionRoot):

2015-07-12  David Kilzer  <ddkilzer@apple.com>

        Merge r185572. rdar://problem/21716531

    2015-06-15  Zalan Bujtas  <zalan@apple.com>

        RootInlineBox::m_lineBreakObj becomes invalid when a child renderer is removed and the line does not get marked dirty.
        https://bugs.webkit.org/show_bug.cgi?id=145988
        rdar://problem/20959137

        Reviewed by David Hyatt.

        This patch ensures that we find the right first inline box so that we can dirty the
        the appropriate line boxes.
        With marking the right line boxes dirty, now we can update RootInlineBox::m_lineBreakObj at the next layout.

        Test: fast/inline/crash-when-child-renderer-is-removed-and-line-stays-clean.html

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::culledInlineFirstLineBox):
        (WebCore::RenderInline::culledInlineLastLineBox):
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::setLineBreakInfo): Deleted. Remove misleading assert and comment.

2015-07-12  David Kilzer  <ddkilzer@apple.com>

        Merge r184434, and a small part of r173173. rdar://problem/21716506

    2015-05-15  Antti Koivisto  <antti@apple.com>

        When redirecting to data URL use HTTP response for same origin policy checks
        https://bugs.webkit.org/show_bug.cgi?id=145054
        rdar://problem/20299050

        Reviewed by Alexey Proskuryakov.

        Test: http/tests/security/canvas-remote-read-data-url-image-redirect.html

        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::notifyFinished):
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::sanitizeScriptError):
        * html/canvas/CanvasRenderingContext.cpp:
        (WebCore::CanvasRenderingContext::wouldTaintOrigin):
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::notifyFinished):
        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResourceLoader::responseReceived):
        * loader/TextTrackLoader.cpp:
        (WebCore::TextTrackLoader::notifyFinished):
        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::isOriginClean):
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::passesAccessControlCheck):
        (WebCore::CachedResource::passesSameOriginPolicyCheck):

            Factor repeatedly used same origin policy test into a function.

        (WebCore::CachedResource::redirectReceived):

            When redirecting to a data URL save the redirect response.

        (WebCore::CachedResource::responseForSameOriginPolicyChecks):

            In case we got redirected to data use that response instead of the final data response for policy checks.

        * loader/cache/CachedResource.h:

2015-07-09  David Kilzer  <ddkilzer@apple.com>

        <rdar://problem/21716549> Donner: Safari URL And Javascript Prompt Origin Spoof Vulnerability

        Merge r184151.

    2015-05-11  Dan Bernstein  <mitz@apple.com>

        WebCore part of <rdar://problem/20878075> Trying to navigate to an invalid URL loads about:blank, but -[WKWebView URL] returns the invalid URL

        Reviewed by Alexey Proskuryakov.

        Test: TestWebKitAPI/Tests/WebKit2Cocoa/ProvisionalURLChange.mm

        In some cases, trying to navigate to an invalid URL results in navigation to about:blank.
        When the about:blank load is committed, the UI process still thinks that the provisional
        URL is the original, invalid URL, and updates its state to reflect that that’s the URL that
        has been committed.

        The provisional URL changes (1) when a provisional load begins, (2) when a server redirect
        happens, (3) when the client changes the request in willSendRequest, and (4) in this
        about:blank case. For (1) and (2), there are frame loader client callbacks. (3) is client-
        initiated. So this patch addresses (4).

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::maybeLoadEmpty): If our request URL is changing to about:blank and
        while loading the main resource, call FrameLoaderClient::dispatchDidChangeProvisionalURL.
        * loader/FrameLoaderClient.h: Added dispatchDidChangeProvisionalURL with an empty
        implementation.

2015-07-08  Lucas Forschler  <lforschler@apple.com>

        Merge r186165. rdar://problem/21533207

    2015-06-30  Zalan Bujtas  <zalan@apple.com>

            Frame flattening: Hit-testing an iframe could end up destroying the associated inline tree context.
            https://bugs.webkit.org/show_bug.cgi?id=146447
            rdar://problem/20613501

            Reviewed by Simon Fraser.

            This patch ensures that the render tree associated with the document on which
            the hit-test is initiated does not get laid out, unless it was directly mutated prior to the hittest.

            Hit-test requirements:
            1. A clean the render tree before hit-testing gets propagated to the renderers.
            Document::updateLayout() ensures it by calling both updateStyleIfNeeded() and layout() not only on the current tree, but also
            on the ancestors if needed.

            2. No render tree mutation while hit-testing the renderers.

            When an iframe is being hit-tested, this hit-test could bubble down to the child frame's render view.
            In order to ensure #1, we call Document::updateLayout() on the current (subframe) document.
            If updateStyleIfNeeded() mutates the render tree, we mark it dirty for layout(). However frame flattening also
            marks the parent renderer (RenderIFrame) dirty.
            While calling layout() to clean the current render tree, we end up laying out the parent tree too.
            Laying out the parent tree could end up destroying the inline tree context from where the
            hittest just bubbled down. (InlineFlowBox -> RenderWidget -> RenderView).

            This patch protects the render tree from such unintentional inline tree mutation during hittesting.
            After the initial layout we set a layout disallow flag on the frame view to defer subsequent layouts.
            This patch only changes behavior when frame flattening is enabled, but in future we may always want to enable this.

            Test: fast/frames/flattening/hittest-iframe-while-style-changes-crash.html

            * page/FrameView.cpp:
            (WebCore::FrameView::layout):
            (WebCore::FrameView::startLayoutAtMainFrameViewIfNeeded): Deleted. -> Assertion in no longer valid.
            * page/FrameView.h:
            * rendering/RenderView.cpp:
            (WebCore::FrameFlatteningLayoutDisallower::FrameFlatteningLayoutDisallower):
            (WebCore::FrameFlatteningLayoutDisallower::~FrameFlatteningLayoutDisallower):
            (WebCore::RenderView::hitTest): Protect the render tree from subsequent layouts.

2015-07-08  Lucas Forschler  <lforschler@apple.com>

        Merge r185665. rdar://problem/21716515

    2015-06-17  Zalan Bujtas  <zalan@apple.com>

            Selection cache produces invalid result when ancestor has float element.
            https://bugs.webkit.org/show_bug.cgi?id=146042
            rdar://problem/20604592

            Reviewed by Ryosuke Niwa.

            Selection cache already takes floats into account, however it's not enough to check current
            block against floats. Any of the ancestor's float starting from the selection root block
            can impact the selection offsets.

            Test: fast/block/selection-cache-is-incorrect-when-non-direct-parent-has-float.html

            * rendering/LogicalSelectionOffsetCaches.h:
            (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::ContainingBlockInfo):
            (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::setBlock):
            (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::block):
            (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::cache):
            (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::hasFloatsOrFlowThreads):
            (WebCore::LogicalSelectionOffsetCaches::LogicalSelectionOffsetCaches):

2015-07-08  Lucas Forschler  <lforschler@apple.com>

        Merge r185392

    2015-06-09  Said Abou-Hallawa  <sabouhallawa@apple.com>

            feComposite filter does not clip the paint rect to its effect rect when the operator is 'in' or 'atop'
            https://bugs.webkit.org/show_bug.cgi?id=137856

            Reviewed by Darin Adler.

            There was bug in calculating the absolutePaintRect of the feComposite filter
            when the operator is equal to 'in' or 'atop'. The absolutePaintRect was set
            to the absolutePaintRect of the background FilterEffect which is correct.
            What was missing is clipping this rectangle to the maxEffectRect of the
            filter which we do for other operators.

            Tests: svg/filters/feComposite-background-rect-control-operators.svg

            * platform/graphics/IntRect.h:
            (WebCore::operator-=):
            (WebCore::operator-): Add new operators to IntRect.

            * platform/graphics/filters/FEComposite.cpp:
            (WebCore::FEComposite::determineAbsolutePaintRect): Make sure the filter
            absolutePaintRect is clipped to maxEffectRect for all operators.

            (WebCore::FEComposite::platformApplySoftware): Code clean-up.

            * platform/graphics/filters/FilterEffect.cpp:
            (WebCore::FilterEffect::determineAbsolutePaintRect): Move the clipping
            part to a separate function.

            (WebCore::FilterEffect::clipAbsolutePaintRect): Clip the absolutePaintRect
            to the maxEffectRect of the filter.

            * platform/graphics/filters/FilterEffect.h:

2015-07-08  Lucas Forschler  <lforschler@apple.com>

        Merge r184965 rdar://problem/21716564

    2015-05-28  Myles C. Maxfield  <mmaxfield@apple.com>

            Crash under ICU with ASAN during editing/selection/move-by-word-visually-crash-test-5.html
            https://bugs.webkit.org/show_bug.cgi?id=145429
            <rdar://problem/20992218>

            Reviewed by Alexey Proskuryakov.

            WebKit uses some strings which contain the lower 8-bits of UTF-16 (thereby saving space). However,
            ICU doesn't understand this encoding. When we want to use ICU functions with strings in this encoding,
            we create a UTextProvider which converts our encoded strings to UTF-16 for ICU, one chunk at a time.
            This object contains a vtable which we populate to perform the conversion.

            The WebKit function which actually returns the UTF-16 chunks has two relevant arguments: an index into
            the encoded string which ICU is requesting, and a direction from that index which ICU is interested
            in. This function populates a "chunk" which is characterized by a pointer to a buffer, the length of
            the populated data in the buffer, and an offset into the chunk which represents the index that the
            requested character was put into.

            When ICU requests data going backward, we fill in the chunk accordingly, with the requested character
            all the way at the end. We then set the offset equal to the length of the buffer. However, this length
            value is stale from the previous time the function ran. Therefore, ICU was reading the wrong index in
            the chunk when expecting the requested character.

            Covered by editing/selection/move-by-word-visually-crash-test-5.html.

            * platform/text/icu/UTextProviderLatin1.cpp:
            (WebCore::uTextLatin1Access):

2015-07-08  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r184653. rdar://problem/21716528

    2015-05-20  Antti Koivisto  <antti@apple.com>

            Assertion failure in WebCore::BidiRun::BidiRun()
            https://bugs.webkit.org/show_bug.cgi?id=145203
            rdar://problem/20958973

            Reviewed by Andreas Kling.

            Test: fast/text/text-combine-crash.html

            * rendering/line/BreakingContext.h:
            (WebCore::BreakingContext::handleText):

                Renove !isCombined() check. RenderCombineText::combineText() doesn't
                do any work unless needed and text may become uncombined too.

            * rendering/line/LineBreaker.cpp:
            (WebCore::LineBreaker::skipLeadingWhitespace):

                Same here.

2015-07-08  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r183838. rdar://problem/21716569

    2015-05-05  Joseph Pecoraro  <pecoraro@apple.com>

            Web Inspector: Crash under WebCore::domWindowFromExecState reloading page with inspector open
            https://bugs.webkit.org/show_bug.cgi?id=144636

            Reviewed by Mark Lam.

            This ensures we create an InjectedScript for the execution context
            (frame) preventing the global object / exec state from getting garbage
            collected before we remove it from our map.

            * inspector/PageRuntimeAgent.cpp:
            (WebCore::PageRuntimeAgent::notifyContextCreated):

2015-07-08  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r183436. rdar://problem/21716524

    2015-04-27  Daniel Bates  <dabates@apple.com>

            Form control may be associated with the wrong HTML Form element after form id change
            https://bugs.webkit.org/show_bug.cgi?id=133456
            <rdar://problem/17095055>

            Reviewed by Andy Estes.

            Fixes an issue where a form control may be associated with the wrong HTML Form element
            after the id of the HTML Form element associated with the form control is changed when
            there is more than one HTML Form element with the same id in the document. Specifically,
            a form control that has an HTML form attribute value X will always be associated with
            some HTML Form element f where f.id = X regardless of whether f.id is subsequently
            changed.

            Tests: fast/forms/change-form-id-to-be-unique-then-submit-form.html
                   fast/forms/change-form-id-to-be-unique.html

            * dom/Element.cpp:
            (WebCore::Element::attributeChanged): Notify observers when the id of an element changed.
            (WebCore::Element::updateId): Added parameter NotifyObservers (defaults to NotifyObservers::Yes),
            as to whether we should notify observers of the id change.
            (WebCore::Element::updateIdForTreeScope): Ditto.
            (WebCore::Element::willModifyAttribute): Do not notify observers of the id change immediately. As
            indicated by the name of this method, we plan to modify the DOM attribute id of the element, but
            we have not actually modified it when this method is called. Instead we will notify observers
            in Element::attributeChanged(), which is called after the DOM attribute id is modified.
            (WebCore::Element::cloneAttributesFromElement): Ditto.
            * dom/Element.h: Defined enum class NotifyObservers.
            * dom/TreeScope.cpp:
            (WebCore::TreeScope::addElementById): Added boolean parameter notifyObservers (defaults to true)
            as to whether we should dispatch a notification to all observers.
            (WebCore::TreeScope::removeElementById): Ditto.
            * dom/TreeScope.h:

2015-07-08  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r183398. rdar://problem/21716555

    2015-04-27  Darin Adler  <darin@apple.com>

            Crashes under IDBDatabase::closeConnection
            https://bugs.webkit.org/show_bug.cgi?id=141745

            Reviewed by Alexey Proskuryakov.

            * Modules/indexeddb/IDBDatabase.cpp:
            (WebCore::IDBDatabase::~IDBDatabase): Do the work of close/closeConnection without
            actually calling those functions.
            (WebCore::IDBDatabase::closeConnection): Protect the database so it's not destroyed
            in the middle of this function's execution.

2015-07-08  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r182918. rdar://problem/21716544

    2015-04-16  Brady Eidson  <beidson@apple.com>

            Media element can manipulate DOM during Document destruction.
            rdar://problem/20553898 and https://bugs.webkit.org/show_bug.cgi?id=143780

            Reviewed by Jer Noble.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::configureMediaControls): Bail if the element has no active document.

2015-07-08  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r182829. rdar://problem/21716511

    2015-04-14  Chris Dumez  <cdumez@apple.com>

            Regression(r180020): Web Inspector crashes on pages that have a stylesheet with an invalid MIME type
            https://bugs.webkit.org/show_bug.cgi?id=143745
            <rdar://problem/20243916>

            Reviewed by Joseph Pecoraro.

            After r180020, we are stricter and no longer accept CSS resources that
            are not served with a CSS MIME type. Showing Web inspector on a page
            with such bad resource would crash because
            InspectorPageAgent::cachedResourceContent() would return true but
            the result String would be null. This null String would then later
            be passed to the Yarr interpreter and crash on a String::is8Bit()
            call.

            cachedResourceContent() calls CachedCSSStyleSheet::sheetText(). Before
            r180020, it would return the text, even if the MIME type was incorrect.
            However, this is no longer the case and we now need to make sure that
            cachedResourceContent() returns false if sheetText() returns a null
            String.

            Test: http/tests/inspector/css/bad-mime-type.html

            * inspector/InspectorPageAgent.cpp:
            (WebCore::InspectorPageAgent::cachedResourceContent):

2015-07-08  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r180280. rdar://problem/21716555

    2015-02-18  Alexey Proskuryakov  <ap@apple.com>

            Crashes under IDBDatabase::closeConnection.
            https://bugs.webkit.org/show_bug.cgi?id=141745
            rdar://problem/19816412

            Reviewed by David Kilzer.

            * Modules/indexeddb/IDBDatabase.cpp: (WebCore::IDBDatabase::closeConnection):
            Add a missing protector.

2015-07-08  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r180020. rdar://problem/21716511

    2015-02-12  Chris Dumez  <cdumez@apple.com>

            Drop the quirks-mode exception for CSS MIME types
            https://bugs.webkit.org/show_bug.cgi?id=141501

            Reviewed by Alexey Proskuryakov.

            Drop the quirks-mode exception for CSS MIME types.
            This matches Firefox's behavior.

            This patch is based on the following Blink revision:
            http://src.chromium.org/viewvc/blink?view=revision&revision=189669

            Tests:
            - http/tests/misc/css-accept-any-type.html
            - http/tests/security/cross-origin-css.html

            * css/StyleSheetContents.cpp:
            (WebCore::StyleSheetContents::parseAuthorStyleSheet):
            * dom/ProcessingInstruction.cpp:
            (WebCore::ProcessingInstruction::setCSSStyleSheet):
            * inspector/InspectorPageAgent.cpp:
            (WebCore::InspectorPageAgent::cachedResourceContent):
            * loader/cache/CachedCSSStyleSheet.cpp:
            (WebCore::CachedCSSStyleSheet::sheetText):
            (WebCore::CachedCSSStyleSheet::canUseSheet):
            * loader/cache/CachedCSSStyleSheet.h:

2015-07-08  Lucas Forschler  <lforschler@apple.com>

        Merge r186232 rdar://problem/9091261

    2015-07-02  Brady Eidson  <beidson@apple.com>

            Add preference to disable all http-equiv.
            <rdar://problem/9091261> and https://bugs.webkit.org/show_bug.cgi?id=146553

            Reviewed by Sam Weinig.

            No new tests (Covered by existing test)

            * dom/Document.cpp:
            (WebCore::Document::processHttpEquiv):
            * page/Settings.in:

2015-07-08  Lucas Forschler  <lforschler@apple.com>
        
        Merge change for rdar://problem/21533232
        
    2015-07-08  Zalan Bujtas  <zalan@apple.com>

            Do not crash when the descendant frame tree is destroyed during layout.
            https://bugs.webkit.org/show_bug.cgi?id=144540
            rdar://problem/20793184

            Reviewed by Andreas Kling.

            Widget::setFrameRect(), through WebHTMLView layout, could trigger a style recalc, which in turn
            could initiate an onBeforeLoad callback.
            If javascript happens to destroy the current iframe in the onBeforeLoad callback, we lose the descendant
            render tree, including the child FrameView (the iframe element's view). However the RenderIFrame
            object stays protected until after the layout is done. (see protectRenderWidgetUntilLayoutIsDone())

            Climbing back on the callstack, we need to make sure that
            1. the root widget of the descendant render tree (FrameView) stays valid as long as it is needed.
            2. RenderFrameBase::layoutWithFlattening() can handle the case when the associated widget (child FrameView) is set to nullptr.
            (see RenderWidget::willBeDestroyed() -> setWidget(nullptr))

            (and later, when layout is finished this (RenderIFrame) object gets destroyed too.)

            Covered by fast/frames/flattening/crash-remove-iframe-during-object-beforeload.html.

            * page/FrameView.cpp:
            (WebCore::FrameView::setFrameRect):
            (WebCore::FrameView::updateEmbeddedObject):
            (WebCore::FrameView::updateWidgetPositions):
            * platform/ScrollView.cpp:
            (WebCore::ScrollView::setFrameRect):
            * platform/mac/WidgetMac.mm:
            (WebCore::Widget::setFrameRect):
            * rendering/RenderFrameBase.cpp:
            (WebCore::RenderFrameBase::layoutWithFlattening):
            (WebCore::RenderFrameBase::childRenderView):
            (WebCore::RenderFrameBase::peformLayoutWithFlattening):
            * rendering/RenderFrameBase.h:
            * rendering/RenderWidget.cpp:
            (WebCore::RenderWidget::updateWidgetPosition):
            * rendering/RenderWidget.h:

2015-07-08  Daniel Bates  <dabates@apple.com>

        Merge r186388. rdar://problem/21708243

    2015-07-06  Daniel Bates  <dabates@apple.com>

            Isolated worlds should respect Content Security Policy; User Agent Shadow DOM
            should be exempt from Content Security Policy
            https://bugs.webkit.org/show_bug.cgi?id=144830
            <rdar://problem/18860261>

            Reviewed by Geoffrey Garen.

            Make scripts that run in an isolated world be subject to the Content Security Policy (CSP) of the page
            and exempt features implemented using a user agent shadow DOM. As a side effect of this change,
            Safari Content Extensions will respect the CSP policy of the page when loading subresources (e.g. an image).

            Tests: http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html
                   http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html
                   http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html

            * Modules/websockets/WebSocket.cpp:
            (WebCore::WebSocket::connect): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
            * css/CSSCanvasValue.h:
            (WebCore::CSSCanvasValue::loadSubimages): Modified to take argument ResourceLoaderOptions (unused).
            * css/CSSCrossfadeValue.cpp:
            (WebCore::CSSCrossfadeValue::fixedSize): Explicitly instantiate default ResourceLoaderOptions and pass
            pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
            the cross fade is applied to an element in a user agent shadow tree.
            (WebCore::CSSCrossfadeValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
            as appropriate.
            (WebCore::CSSCrossfadeValue::image): Explicitly instantiate default ResourceLoaderOptions and pass it
            when requesting a cached image. Added FIXME comment to skip Content Security Policy check when the cross
            fade is applied to an element in a user agent shadow tree.
            * css/CSSCrossfadeValue.h:
            * css/CSSCursorImageValue.cpp:
            (WebCore::CSSCursorImageValue::cachedImage): Take a ResourceLoaderOptions as an argument and passes it
            as appropriate.
            * css/CSSCursorImageValue.h:
            * css/CSSFilterImageValue.cpp:
            (WebCore::CSSFilterImageValue::fixedSize): Explicitly instantiate default ResourceLoaderOptions and pass
            pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
            the cross fade is applied to an element in a user agent shadow tree.
            (WebCore::CSSFilterImageValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
            as appropriate.
            (WebCore::CSSFilterImageValue::loadSubimages): Explicitly instantiate default ResourceLoaderOptions and pass
            pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
            the cross fade is applied to an element in a user agent shadow tree.
            (WebCore::CSSFilterImageValue::image):
            * css/CSSFilterImageValue.h:
            * css/CSSFontFaceSrcValue.cpp:
            (WebCore::CSSFontFaceSrcValue::cachedFont): Take a boolean, isInitiatingElementInUserAgentShadowTree,
            so as to determine the appropriate CSP imposition. In particular, we skip the CSP check when the initiating element
            (e.g. SVG font-face element) is in a user agent shadow tree.
            * css/CSSFontFaceSrcValue.h:
            * css/CSSFontSelector.cpp:
            (WebCore::CSSFontSelector::addFontFaceRule): Take a boolean, isInitiatingElementInUserAgentShadowTree, and passes
            it as appropriate.
            * css/CSSFontSelector.h:
            * css/CSSGradientValue.h:
            (WebCore::CSSGradientValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
            as appropriate.
            * css/CSSImageGeneratorValue.cpp:
            (WebCore::CSSImageGeneratorValue::loadSubimages): Ditto.
            (WebCore::CSSImageGeneratorValue::cachedImageForCSSValue): Ditto.
            * css/CSSImageGeneratorValue.h:
            * css/CSSImageSetValue.cpp:
            (WebCore::CSSImageSetValue::cachedImageSet): Deleted.
            * css/CSSImageSetValue.h:
            * css/CSSImageValue.cpp:
            (WebCore::CSSImageValue::cachedImage): Deleted.
            * css/CSSImageValue.h:
            * css/RuleSet.cpp:
            (WebCore::RuleSet::addChildRules): Take a boolean, isInitiatingElementInUserAgentShadowTree, and passes
            it as appropriate.
            (WebCore::RuleSet::addRulesFromSheet): Added FIXME comment to skip Content Security Policy check when
            when stylesheet is in a user agent shadow tree.
            * css/RuleSet.h:
            * css/StyleResolver.cpp:
            (WebCore::StyleResolver::StyleResolver): Determine whether the SVG font-face element is in a user agent shadow tree
            and pass the appropriate value when calling CSSFontSelector::addFontFaceRule(). Also, modernized code; used C++11 range
            -based for-loop instead of const_iterator idiom.
            (WebCore::StyleResolver::loadPendingSVGDocuments): Skip CSP check when requesting subresources as a byproduct of
            resolving style for an element in a user agent shadow tree.
            (WebCore::StyleResolver::loadPendingImage): Ditto.
            (WebCore::StyleResolver::loadPendingShapeImage): Ditto.
            * css/StyleRuleImport.cpp:
            (WebCore::StyleRuleImport::requestStyleSheet): Added FIXME comment to skip Content Security Policy check when
            when stylesheet is in a user agent shadow tree.
            * dom/Element.h:
            * dom/InlineStyleSheetOwner.cpp:
            (WebCore::InlineStyleSheetOwner::createSheet): Skip CSP check for an inline <style> that is in a user agent shadow tree.
            * dom/Node.cpp:
            (WebCore::Node::isInUserAgentShadowTree): Added.
            * dom/Node.h:
            * dom/ScriptElement.cpp:
            (WebCore::ScriptElement::requestScript): Skip CSP check for an external JavaScript script in a user agent shadow tree.
            (WebCore::ScriptElement::executeScript): Skip CSP check for an inline JavaScript script that is in a user agent shadow tree.
            * dom/StyledElement.cpp:
            (WebCore::StyledElement::styleAttributeChanged): Skip CSP check when modifying the inline style of an element in a user
            agent shadow tree.
            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::isSafeToLoadURL): Skip CSP check for a <audio>, <video> in a user agent shadow tree.
            (WebCore::HTMLMediaElement::outOfBandTrackSources): Ditto.
            * html/HTMLTrackElement.cpp:
            (WebCore::HTMLTrackElement::canLoadURL): Ditto.
            * html/track/LoadableTextTrack.cpp:
            (WebCore::LoadableTextTrack::loadTimerFired): Determine whether the <track> is in a user agent shadow tree
            and pass the appropriate value when calling TextTrackLoader::load().
            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::startLoadingMainResource): Do CSP check when loading a resource by default.
            * loader/ImageLoader.cpp:
            (WebCore::ImageLoader::updateFromElement): Skip CSP check for an image that is in a user agent shadow tree.
            * loader/MediaResourceLoader.cpp:
            (WebCore::MediaResourceLoader::start): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
            This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
            * loader/NetscapePlugInStreamLoader.cpp:
            (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): Added FIXME comment to skip Content Security Policy check
            when when associated plugin element is in a user agent shadow tree.
            * loader/PolicyChecker.cpp:
            (WebCore::PolicyChecker::checkNavigationPolicy): Skip CSP check for a <iframe> in a user agent shadow tree.
            * loader/ResourceLoaderOptions.h: Defined enum class ContentSecurityPolicyImposition with explicit type uint8_t so
            as to provide a hint to the compiler (for better packing) when it computes the memory layout for struct that
            contains an instance of this class.
            (WebCore::ResourceLoaderOptions::ResourceLoaderOptions): Added argument contentSecurityPolicyImposition.
            (WebCore::ResourceLoaderOptions::contentSecurityPolicyImposition): Added.
            (WebCore::ResourceLoaderOptions::setContentSecurityPolicyImposition): Added.
            * loader/SubframeLoader.cpp:
            (WebCore::SubframeLoader::pluginIsLoadable): Skip CSP check for a plugin element that is in a user agent shadow tree.
            (WebCore::SubframeLoader::createJavaAppletWidget): Skip CSP check for an applet element that is in a user agent shadow tree.
            * loader/TextTrackLoader.cpp:
            (WebCore::TextTrackLoader::load): Take a boolean, isInitiatingElementInUserAgentShadowTree, and sets the appropriate
            Content Security Policy imposition for the text track request.
            * loader/TextTrackLoader.h:
            * loader/cache/CachedResourceLoader.cpp:
            (WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Skip CSP check for a user-specified stylesheet.
            (WebCore::CachedResourceLoader::canRequest): Only check the CSP of the page if specified in the resource loader options for the request.
            (WebCore::CachedResourceLoader::defaultCachedResourceOptions): Add ContentSecurityPolicyImposition::DoPolicyCheck to the default
            resource loader options so that do check the CSP policy of the page before performing a resource request by default.
            * loader/cache/CachedSVGDocumentReference.cpp:
            (WebCore::CachedSVGDocumentReference::load): Take a ResourceLoaderOptions as an argument and passes it as appropriate.
            * loader/cache/CachedSVGDocumentReference.h:
            * loader/icon/IconLoader.cpp:
            (WebCore::IconLoader::startLoading): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
            This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
            * page/ContentSecurityPolicy.cpp:
            (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Take an argument called overrideContentSecurityPolicy (defaults to false). When
            overrideContentSecurityPolicy := true, this function unconditionally returns true.
            (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
            (WebCore::ContentSecurityPolicy::allowInlineScript): Ditto.
            (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
            (WebCore::ContentSecurityPolicy::allowEval): Ditto.
            (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
            (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
            (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
            (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
            (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
            (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
            (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
            (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
            (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
            (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
            (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
            * page/ContentSecurityPolicy.h:
            * page/DOMSecurityPolicy.cpp:
            * page/EventSource.cpp:
            (WebCore::EventSource::create): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
            * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
            (WebCore::WebCoreAVFResourceLoader::startLoading): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
            This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
            * svg/SVGFEImageElement.cpp:
            (WebCore::SVGFEImageElement::requestImageResource): Skip CSP check for a SVG FEImage element in a user agent shadow tree.
            * svg/SVGFontFaceUriElement.cpp:
            (WebCore::SVGFontFaceUriElement::loadFont): Skip CSP check for a SVG font-face-uri element in a user agent shadow tree.
            * svg/SVGUseElement.cpp:
            (WebCore::SVGUseElement::updateExternalDocument): Skip CSP check for a SVG use element in a user agent shadow tree.
            * testing/Internals.cpp:
            (WebCore::Internals::ensureUserAgentShadowRoot): Added.
            * testing/Internals.h:
            * testing/Internals.idl: Added declaration for ensureUserAgentShadowRoot().
            * xml/XMLHttpRequest.cpp:
            (WebCore::XMLHttpRequest::open): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().

2015-06-10  Chris Dumez  <cdumez@apple.com>

        ASSERT_WITH_SECURITY_IMPLICATION in WebCore::DocumentOrderedMap::getElementById
        https://bugs.webkit.org/show_bug.cgi?id=145857
        <rdar://problem/16798440>

        Reviewed by Darin Adler.

        Make sure Node::insertedInto() gets called on the inserted node and its
        descendants after its insertion into the tree but *before*
        ContainerNode::childrenChanged() is called on the parent node. This is
        needed so that the descendants know they've been inserted into the tree
        (and their InDocumentFlag flag gets set) before the parent node does
        anything with them in childrenChanged().

        In the case of <rdar://problem/16798440>, executing HTMLScriptElement's
        childrenChanged() after appending a child to a script element was causing
        the script to be executed. The script would call getElementBy() which
        would traverse the DOM tree and find a matching Element in the newly
        inserted subtree. However, the matching Element's InDocumentFlag flag was
        not set yet because the element's insertedInto() method has not been called
        yet at this point. This would cause us to hit an assertion as
        DocumentOrderedMap::getElementById() is only supposed to return elements
        that are in a Document.

        This patch is based on Blink r178976 by <esprehn@chromium.org>:
        https://src.chromium.org/viewvc/blink?view=rev&revision=178976

        Tests: fast/dom/script-getElementById-during-insertion.html
               fast/dom/script-remove-child-id-map.html

        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::notifyChildInserted):
        (WebCore::ContainerNode::notifyChildRemoved):
        (WebCore::ContainerNode::removeChildren):
        (WebCore::ContainerNode::parserInsertBefore): Deleted.
        (WebCore::ContainerNode::removeChild): Deleted.
        (WebCore::ContainerNode::parserRemoveChild): Deleted.
        (WebCore::ContainerNode::parserAppendChild): Deleted.
        (WebCore::ContainerNode::childrenChanged): Deleted.
        (WebCore::ContainerNode::setAttributeEventListener): Deleted.
        (WebCore::ContainerNode::querySelector): Deleted.
        * dom/ContainerNodeAlgorithms.cpp:
        (WebCore::ChildNodeInsertionNotifier::notifyDescendantInsertedIntoDocument):
        (WebCore::ChildNodeInsertionNotifier::notifyDescendantInsertedIntoTree):
        * dom/ContainerNodeAlgorithms.h:
        (WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument):
        (WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoTree):
        (WebCore::ChildNodeInsertionNotifier::notify):
        (WebCore::ChildNodeRemovalNotifier::notifyNodeRemovedFromDocument): Deleted.
        * dom/Element.cpp:
        (WebCore::Element::addShadowRoot):

2015-07-08  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r186389. rdar://problem/21708243

    2015-07-06  Daniel Bates  <dabates@apple.com>

            Fix the Windows build following <https://trac.webkit.org/changeset/186388>
            (https://bugs.webkit.org/show_bug.cgi?id=144830)

            As we for for Mac in WebCoreAVFResourceLoader::startLoading(), instantiate ResourceLoaderOptions
            with ContentSecurityPolicyImposition::DoPolicyCheck.

            * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
            (WebCore::WebCoreAVCFResourceLoader::startLoading):

2015-07-08  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r186384. rdar://problem/21708281

    2015-07-06  Dean Jackson  <dino@apple.com>

            Memory corruption in WebGLRenderingContext::simulateVertexAttrib0
            https://bugs.webkit.org/show_bug.cgi?id=146652
            <rdar://problem/21567767>

            Follow-up fix.

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0):

2015-07-08  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r186380. rdar://problem/21708281

    2015-07-06  Dean Jackson  <dino@apple.com>

            Memory corruption in WebGLRenderingContext::simulateVertexAttrib0
            https://bugs.webkit.org/show_bug.cgi?id=146652
            <rdar://problem/21567767>

            Reviewed by Brent Fulgham.

            The expression "(numVertex + 1) * 4 * sizeof(GC3Dfloat)" could potentially
            overflow. Make it use checked arithmetic.

            I couldn't make a test case that reliably exercised this.

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): Used Checked<GC3Dsizeiptr>
            for calculating the size of the buffer.

2015-07-08  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r185848. rdar://problem/21708274

    2015-06-22  Michael Catanzaro  <mcatanzaro@igalia.com>

            Web sockets should be treated as active mixed content
            https://bugs.webkit.org/show_bug.cgi?id=140624

            Reviewed by Sam Weinig.

            Tests: http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe.html
                   http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame.html

            * Modules/websockets/WebSocket.cpp:
            (WebCore::WebSocket::connect): Block ws:// WebSocket connections from https:// pages, and
            emit the onerror event after doing so.
            * platform/SchemeRegistry.cpp:
            (WebCore::secureSchemes): Add wss:// to the list of secure schemes.

2015-07-07  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r185838. rdar://problem/21708257

    2015-06-22  Zalan Bujtas  <zalan@apple.com>

            REGRESSION(r169105) Dangling renderer pointer in SelectionSubtreeRoot::SelectionSubtreeData.
            https://bugs.webkit.org/show_bug.cgi?id=146116
            rdar://problem/20959369

            Reviewed by Brent Fulgham.

            This patch ensures that we don't adjust the selection unless the visual selection still matches this subtree root.

            When multiple selection roots are present we need to ensure that a RenderObject
            only shows up in one of them.
            RenderView::splitSelectionBetweenSubtrees(), as the name implies, splits the
            selection and sets the selection range (start/end) on each selection root.
            However, SelectionSubtreeRoot::adjustForVisibleSelection() later recomputes the range
            based on visible selection and that could end up collecting renderers as selection start/end
            from another selection subtree.
            RenderObject's holds the last selection state (RenderObject::setSelectionState).
            If we set a renderer first as "on selection border" and later "inside" using multiple selection roots,
            we can't clean up selections properly when this object gets destroyed.
            One of the roots ends up with a dangling RenderObject pointer.

            Test: fast/regions/crash-when-renderer-is-in-multiple-selection-subtrees.html

            * rendering/SelectionSubtreeRoot.cpp:
            (WebCore::SelectionSubtreeRoot::adjustForVisibleSelection):

2015-07-07  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r184885. rdar://problem/21708260

    2015-05-26  Zalan Bujtas  <zalan@apple.com>

            Overhanging float sets are not cleaned up properly when floating renderer is destroyed.
            https://bugs.webkit.org/show_bug.cgi?id=145323
            rdar://problem/20980628

            Reviewed by Dave Hyatt.

            This patch ensures when an overhanging float renderer is destroyed,
            all the sibling containers' floating object set(m_floatingObjects) gets properly cleaned up.

            When an overhanging float is present, we cache the renderer on the parent and on the affected
            sibling containers too. (RenderBlockFlow::m_floatingObjects) These caches(sets) get cleared and repopulated
            during ::layout(). In order to have a float renderer removed from a set, a layout needs to be initiated on the container.
            This is normally done through RenderBlockFlow::markSiblingsWithFloatsForLayout() and RenderBlockFlow::markAllDescendantsWithFloatsForLayout().
            However, when the float container's parent's writing direction changes (and we promote the children containers to new formatting contexts),
            the layout propagation through siblings does not work anymore.

            The avoidsFloats() check in RenderBlockFlow::markSiblingsWithFloatsForLayout() has very little performance gain, but it prevents us
            from propagating layout to siblings when certain properties of the parent container changes.

            Test: fast/block/float/crash-when-floating-object-is-removed.xhtml

            * rendering/RenderBlockFlow.cpp:
            (WebCore::RenderBlockFlow::markSiblingsWithFloatsForLayout):
            * rendering/RenderBox.cpp:
            (WebCore::outermostBlockContainingFloatingObject):
            (WebCore::RenderBox::removeFloatingOrPositionedChildFromBlockLists):
            (WebCore::RenderBox::outermostBlockContainingFloatingObject): Deleted.
            * rendering/RenderBox.h:

2015-07-07  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r184577. rdar://problem/21708263

    2015-05-19  Zalan Bujtas  <zalan@apple.com>

            Merged anonymous blocks should invalidate simple line layout path.
            https://bugs.webkit.org/show_bug.cgi?id=145104
            rdar://problem/20980930

            Reviewed by Antti Koivisto.

            When anonymous blocks are merged together, it's not guaranteed that the final block can use simple line layout.
            This patch ensures that the flow block, where the other block's content gets moved to, is no longer on simple line layout path.
            Whether the final flow block ends up using inline boxes or simple line layout will be determined during the next layout.

            Test: fast/block/crash-when-anonymous-blocks-are-merged-with-simple-line-layout.html

            * rendering/RenderElement.cpp:
            (WebCore::RenderElement::insertChildInternal):

2015-06-08  Babak Shafiei  <bshafiei@apple.com>

        Merge r183682.

    2015-05-01  Brady Eidson  <beidson@apple.com>

            Add API to disable meta refreshes.
            <rdar://problem/20333198> and https://bugs.webkit.org/show_bug.cgi?id=144269

            Reviewed by Alexey Proskuryakov.

            Test: loader/meta-refresh-disabled.html

            * dom/Document.cpp:
            (WebCore::Document::processHttpEquiv): Bail early if Settings have meta refreshes disabled.
            * page/Settings.in:

2015-05-31  Babak Shafiei  <bshafiei@apple.com>

        Merge r185018.

    2015-05-29  Brady Eidson  <beidson@apple.com>

            Review feedback followup for r185003.
            https://bugs.webkit.org/show_bug.cgi?id=145463

            Reviewed by Darin Adler.

            * platform/sql/SQLiteDatabase.cpp:
            (WebCore::SQLiteDatabase::overrideUnauthorizedFunctions): `static const` one thing, c++-style cast another.

2015-05-31  Babak Shafiei  <bshafiei@apple.com>

        Merge r185003.

    2015-05-29  Brady Eidson  <beidson@apple.com>

            WebSQL default functions can bypass authorizer.
            <rdar://problem/21048994> and https://bugs.webkit.org/show_bug.cgi?id=145463

            Reviewed by Sam Weinig and Alexey Proskuryakov.

            No new tests yet.

            * platform/sql/SQLiteDatabase.cpp:
            (WebCore::unauthorizedSQLFunction): Function to install into SQLite to override some built-in functions.
            (WebCore::SQLiteDatabase::open):
            (WebCore::SQLiteDatabase::overrideUnauthorizedFunctions): Install function overrides for functions that
               take arbitrary input that are also meant to be disabled by virtue of them not being whitelisted.
            * platform/sql/SQLiteDatabase.h:

2015-05-19  Babak Shafiei  <bshafiei@apple.com>

        Merge r179010.

    2015-01-23  Jer Noble  <jer.noble@apple.com>

            Layout Test http/tests/media/track-in-band-hls-metadata.html is flaky
            https://bugs.webkit.org/show_bug.cgi?id=140827

            Reviewed by Eric Carlson.

            Create the m_metadataTrack by calling prepareMetadataTrack() before deref-ing it.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::metadataDidArrive):

2015-05-19  Babak Shafiei  <bshafiei@apple.com>

        Merge r183788.

    2015-05-04  Zalan Bujtas  <zalan@apple.com>

            RenderWidget::setWidgetGeometry() can end up destroying *this*.
            https://bugs.webkit.org/show_bug.cgi?id=144601

            Reviewed by Andreas Kling.

            This is a speculative fix to ensure we don't crash on an invalid *this* renderer
            while flattening the current iframe.
            Calling RenderWidget::setWidgetGeometry() can result in destroying the current renderer.
            While it is not a issue in case of normal layout flow as widget positions are updated at post layout,
            frame flattening initiates this action in the middle of layout.
            This patch re-introduces refcount model for RenderWidgets so that the renderer is protected during layout
            when frame flattening is in use.

            * rendering/RenderFrameBase.cpp:
            (WebCore::RenderFrameBase::layoutWithFlattening): Let's be paranoid about child view.
            * rendering/RenderObject.cpp:
            (WebCore::RenderObject::destroy):
            * rendering/FrameView.cpp:
            (WebCore::FrameView::layout):
            * rendering/RenderView.h:
            * rendering/RenderWidget.cpp:
            (WebCore::RenderWidget::~RenderWidget):
            * rendering/RenderWidget.h:
            (WebCore::RenderWidget::ref):
            (WebCore::RenderWidget::deref):

2015-05-08  Babak Shafiei  <bshafiei@apple.com>

        Merge r183649.

    2015-04-30  Brady Eidson  <beidson@apple.com>

            Build fix after r183646 for less enlightened platforms.

            Unreviewed.

            * Modules/webdatabase/DatabaseBackendBase.cpp:
            (WebCore::fullyQualifiedInfoTableName): Windows doesn’t have stpcpy :(

2015-05-08  Babak Shafiei  <bshafiei@apple.com>

        Merge r183646.

    2015-04-30  Brady Eidson  <beidson@apple.com>

            Javascript using WebSQL can create their own WebKit info table.
            <rdar://problem/20688792> and https://bugs.webkit.org/show_bug.cgi?id=144466

            Reviewed by Alex Christensen.

            Test: storage/websql/alter-to-info-table.html

            * Modules/webdatabase/DatabaseBackendBase.cpp:
            (WebCore::DatabaseBackendBase::databaseInfoTableName): Return the info table name.
            (WebCore::fullyQualifiedInfoTableName): Append "main." to the info table name.
            (WebCore::DatabaseBackendBase::DatabaseBackendBase): Use the fully qualified name.
            (WebCore::DatabaseBackendBase::performOpenAndVerify): Ditto.
            (WebCore::DatabaseBackendBase::getVersionFromDatabase): Ditto.
            (WebCore::DatabaseBackendBase::setVersionInDatabase): Ditto.

2015-04-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r183280.

    2015-04-24  Brady Eidson  <beidson@apple.com>

            Origin header is preserved on cross-origin redirects.
            https://bugs.webkit.org/show_bug.cgi?id=144157.

            Reviewed by Sam Weinig.

            Tests: http/tests/security/cors-post-redirect-301.html
                   http/tests/security/cors-post-redirect-302.html
                   http/tests/security/cors-post-redirect-307.html
                   http/tests/security/cors-post-redirect-308.html

            * platform/network/cf/ResourceHandleCFNet.cpp:
            (WebCore::ResourceHandle::willSendRequest): Always clear any origin header for cross-origin redirects.
            * platform/network/mac/ResourceHandleMac.mm:
            (WebCore::ResourceHandle::willSendRequest): Ditto.

2015-04-21  Lucas Forschler  <lforschler@apple.com>

        Merge r180110

    2015-02-14  Alexey Proskuryakov  <ap@apple.com>

            rel="noreferrer" should make window.opener null
            https://bugs.webkit.org/show_bug.cgi?id=141579

            Reviewed by Darin Adler.

            Tests: http/tests/navigation/target-blank-opener-post.html
                   http/tests/navigation/target-blank-opener.html

            We used to avoid passing window.opener policy by temporarily storing it in a FrameLoader
            member variable. This works for some clients - ones that invoke delegate callbacks
            synchronously - but not in the general case.

            So, changed to passing the policy explicitly.

            * WebCore.exp.in:
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::FrameLoader):
            (WebCore::FrameLoader::urlSelected):
            (WebCore::FrameLoader::loadURLIntoChildFrame):
            (WebCore::FrameLoader::loadFrameRequest):
            (WebCore::FrameLoader::loadURL):
            (WebCore::FrameLoader::load):
            (WebCore::FrameLoader::loadPostRequest):
            (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
            * loader/FrameLoader.h:
            (WebCore::FrameLoader::suppressOpenerInNewFrame): Deleted.
            * loader/FrameLoaderTypes.h:
            * loader/NavigationScheduler.cpp:
            * page/ContextMenuController.cpp:
            (WebCore::openNewWindow):
            (WebCore::ContextMenuController::contextMenuItemSelected):

2015-04-21  Lucas Forschler  <lforschler@apple.com>

        Merge r182835

    2015-04-14  Zalan Bujtas  <zalan@apple.com>

            Make inline continuation style change logic consistent.
            https://bugs.webkit.org/show_bug.cgi?id=143737
            rdar://problem/20486596

            Reviewed by Simon Fraser.

            Do not force RenderBlock type-casting on the first sibling of the continuation's container.
            The first sibling of the container of a continuation should be handled as the rest of the siblings.

            Test: fast/inline/inline-with-column-span-and-remove-block-child-crash.html

            * rendering/RenderInline.cpp:
            (WebCore::updateStyleOfAnonymousBlockContinuations):
            (WebCore::RenderInline::styleDidChange):

2015-04-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r181409

    2015-03-10  Andy Estes  <aestes@apple.com>

            REGRESSION (r180985): contentfiltering/block-after-add-data.html crashes with GuardMalloc
            https://bugs.webkit.org/show_bug.cgi?id=142526

            Reviewed by Darin Adler.

            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::dataReceived): Don't delete m_contentFilter until after we're done using its replacement data.

2015-04-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r182284

    2015-04-02  Alexey Proskuryakov  <ap@apple.com>

            Clean up access checks in JSHistoryCustom.cpp
            https://bugs.webkit.org/show_bug.cgi?id=143227

            Reviewed by Sam Weinig.

            * bindings/js/JSHistoryCustom.cpp:
            (WebCore::JSHistory::putDelegate):
            (WebCore::JSHistory::deleteProperty):
            (WebCore::JSHistory::deletePropertyByIndex):
            (WebCore::JSHistory::getOwnPropertyNames):
            (WebCore::JSHistory::pushState):
            (WebCore::JSHistory::replaceState):

2015-04-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r182051

    2015-03-26  Zalan Bujtas  <zalan@apple.com>

            Inline continuation code should not take anonymous containing wrapper granted.
            https://bugs.webkit.org/show_bug.cgi?id=133312

            Reviewed by Dave Hyatt.

            It's wrong to assume that when RenderInline is part of an inline continuation, its containing block
            is an anonymous wrapper and its sibling might be a block level renderer.
            When the inline continuation is no longer needed, for example when the block level renderer that initiated the continuation
            is detached from the render tree, the inline renderes still continue to form continuation.(however they no longer require
            anonymous wrappers)

            Test: fast/inline/crash-when-position-property-is-changed-and-no-longer-in-continuation.html

            * rendering/RenderInline.cpp:
            (WebCore::updateStyleOfAnonymousBlockContinuations):
            (WebCore::RenderInline::styleDidChange):

2015-04-20  Lucas Forschler  <lforschler@apple.com>

        Merge r182076

    2015-03-27  Brent Fulgham  <bfulgham@apple.com>

            Null dereference in InbandMetadataTextTrack handling
            https://bugs.webkit.org/show_bug.cgi?id=143144
            <rdar://problem/18983250>

            Reviewed by Eric Carlson.

            * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.cpp:
            (WebCore::InbandMetadataTextTrackPrivateAVF::updatePendingCueEndTimes): Check for null return value from
            'client()', just like we do in all other methods.

2015-04-20  Lucas Forschler  <lforschler@apple.com>

        Merge r179958

    2015-02-11  Chris Dumez  <cdumez@apple.com>

            Turn recent assertions into release assertions to help track down crash in DocumentLoader::stopLoadingForPolicyChange()
            https://bugs.webkit.org/show_bug.cgi?id=141484
            <rdar://problem/13811738>

            Reviewed by Andy Estes.

            Turn recent assertions into release assertions to help track down crash in
            DocumentLoader::stopLoadingForPolicyChange(). This should increase the
            likelyhood of tripping them so that we better understand why this happens.

            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::~DocumentLoader):
            (WebCore::DocumentLoader::detachFromFrame):

2015-04-20  Lucas Forschler  <lforschler@apple.com>

        Merge r179895

    2015-02-10  Chris Dumez  <cdumez@apple.com>

            Add another assertion to help track down crash in DocumentLoader::stopLoadingForPolicyChange()
            https://bugs.webkit.org/show_bug.cgi?id=141447
            <rdar://problem/13811738>

            Reviewed by Alexey Proskuryakov.

            Add another assertion to help track down crash in
            DocumentLoader::stopLoadingForPolicyChange().

            The trace seems to hint that frameLoader() returns null when
            stopLoadingForPolicyChange() is called. frameLoader() can only return
            null after DocumentLoader::detachFromFrame() has been called.
            Also, stopLoadingForPolicyChange() here is called from the
            DocumentLoader::continueAfterContentPolicy() policy callback which
            requires m_waitingForContentPolicy to be true. Therefore, we should
            assert that m_waitingForContentPolicy is false when m_frame is cleared
            in DocumentLoader::detachFromFrame().

            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::detachFromFrame):

2015-04-20  Lucas Forschler  <lforschler@apple.com>

        Merge r179880

    2015-02-10  Chris Dumez  <cdumez@apple.com>

            Add assertion to help track down WebCore::DocumentLoader::stopLoadingForPolicyChange() crash
            https://bugs.webkit.org/show_bug.cgi?id=141441
            <rdar://problem/13811738>

            Reviewed by Alexey Proskuryakov.

            Add assertion to help track down a crash in
            WebCore::DocumentLoader::stopLoadingForPolicyChange().

            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::~DocumentLoader):
            Make sure the DocumentLoader is not waiting for a content policy
            response when it is destroyed. If this were to happen, then the
            lambda function passed to PolicyChecker::checkContentPolicy()
            would outlive the DocumentLoader. This is an issue because
            that lambda function captures [this], which is the DocumentLoader.
            This would cause DocumentLoader::continueAfterContentPolicy() to
            be called after the DocumentLoader has been destroyed, which would
            explain the crash.

2015-04-20  Lucas Forschler  <lforschler@apple.com>

        Merge 181656 and 182985.

    2015-04-18  Simon Fraser  <simon.fraser@apple.com>

            REGRESSION (r181656): Animated tiled layers are missing content
            https://bugs.webkit.org/show_bug.cgi?id=143911
            rdar://problem/20596328

            Reviewed by Darin Adler.

            After r181656, all requestAnimationFrame was falling back to timers, and not
            using the platform's DisplayRefreshMonitor, because of a Nullopt vs nullptr
            fumble. As a result, GraphicsLayerUpdater (which updates tiled layers during
            animations) was failing to do any updates.
        
            Replace this confusing Optional<> code with simpler code that just forces the
            clients to make a DisplayRefreshMonitor if they can, first asking
            ChromeClient, and then falling back to createDefaultDisplayRefreshMonitor().
        
            Make lots of things into references, and use C++11 initialization in some places.
        
            Add Internals API to allow a test to get the number of layer flushes that have
            occurred.
        
            * dom/ScriptedAnimationController.cpp:
            (WebCore::ScriptedAnimationController::ScriptedAnimationController):
            (WebCore::ScriptedAnimationController::windowScreenDidChange):
            (WebCore::ScriptedAnimationController::scheduleAnimation):
            (WebCore::ScriptedAnimationController::createDisplayRefreshMonitor):
            * dom/ScriptedAnimationController.h:
            * page/ChromeClient.h:
            * platform/graphics/DisplayRefreshMonitor.cpp:
            (WebCore::DisplayRefreshMonitor::createDefaultDisplayRefreshMonitor):
            (WebCore::DisplayRefreshMonitor::create):
            (WebCore::DisplayRefreshMonitor::addClient):
            (WebCore::DisplayRefreshMonitor::removeClient):
            (WebCore::DisplayRefreshMonitor::displayDidRefresh):
            * platform/graphics/DisplayRefreshMonitor.h:
            * platform/graphics/DisplayRefreshMonitorClient.cpp:
            (WebCore::DisplayRefreshMonitorClient::~DisplayRefreshMonitorClient):
            * platform/graphics/DisplayRefreshMonitorClient.h:
            * platform/graphics/DisplayRefreshMonitorManager.cpp:
            (WebCore::DisplayRefreshMonitorManager::createMonitorForClient):
            (WebCore::DisplayRefreshMonitorManager::registerClient):
            (WebCore::DisplayRefreshMonitorManager::unregisterClient):
            (WebCore::DisplayRefreshMonitorManager::scheduleAnimation):
            (WebCore::DisplayRefreshMonitorManager::displayDidRefresh):
            (WebCore::DisplayRefreshMonitorManager::windowScreenDidChange):
            * platform/graphics/DisplayRefreshMonitorManager.h:
            * platform/graphics/GraphicsLayerUpdater.cpp:
            (WebCore::GraphicsLayerUpdater::GraphicsLayerUpdater):
            (WebCore::GraphicsLayerUpdater::scheduleUpdate):
            (WebCore::GraphicsLayerUpdater::screenDidChange):
            (WebCore::GraphicsLayerUpdater::displayRefreshFired):
            (WebCore::GraphicsLayerUpdater::createDisplayRefreshMonitor):
            * platform/graphics/GraphicsLayerUpdater.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::RenderLayerCompositor):
            (WebCore::RenderLayerCompositor::flushPendingLayerChanges):
            (WebCore::RenderLayerCompositor::notifyFlushBeforeDisplayRefresh):
            (WebCore::RenderLayerCompositor::flushLayersSoon):
            (WebCore::RenderLayerCompositor::createDisplayRefreshMonitor):
            (WebCore::RenderLayerCompositor::startTrackingLayerFlushes):
            (WebCore::RenderLayerCompositor::layerFlushCount):
            * rendering/RenderLayerCompositor.h:
            * testing/Internals.cpp:
            (WebCore::Internals::startTrackingLayerFlushes):
            (WebCore::Internals::layerFlushCount):
            * testing/Internals.h:
            * testing/Internals.idl:

    2015-03-17  Timothy Horton  <timothy_horton@apple.com>

            Reproducible null deref under ScriptedAnimationController::createDisplayRefreshMonitor
            https://bugs.webkit.org/show_bug.cgi?id=142776
            <rdar://problem/18921338>

            Reviewed by Alexey Proskuryakov.

            Test: fast/animation/request-animation-frame-unparented-iframe-crash.html

            In some cases (like the new test), we can end up trying to start
            requestAnimationFrame on a Document that has no Page. Most paths null-checked
            the Page and did the right thing, but one failed to do so. In addition,
            the current fallback (when Page is null) can result in us constructing
            the wrong kind of DisplayRefreshMonitor, which could lead to trouble
            down the road when it's reused. Instead, just completely avoid making a
            DisplayRefreshMonitor in the null-page case.

            * dom/ScriptedAnimationController.cpp:
            (WebCore::ScriptedAnimationController::createDisplayRefreshMonitor):
            If the page is null, bail.

            * dom/ScriptedAnimationController.h:
            * platform/graphics/DisplayRefreshMonitor.cpp:
            (WebCore::DisplayRefreshMonitor::create):
            Use Optional<> to make it easy to distinguish between ChromeClient
            being unreachable (because we don't have a Page for some reason) and
            ChromeClient declaring that it doesn't want to override the type of
            DisplayRefreshMonitor that is created.

            If ChromeClient was unreachable for some reason, we'll get back an engaged
            nullptr and return it (instead of creating a DisplayRefreshMonitor based
            on the platform). This avoids creating the wrong type of DisplayRefreshMonitor
            in the rare case where we can't reach the ChromeClient (e.g. a freshly unparented
            IFrame).

            If instead the client returns a disengaged Nullopt, we'll interpret that as
            "construct the default type", which falls back on the platform #ifdefs to
            decide what to make.2015-04-18  Simon Fraser  <simon.fraser@apple.com>

            REGRESSION (r181656): Animated tiled layers are missing content
            https://bugs.webkit.org/show_bug.cgi?id=143911
            rdar://problem/20596328

            Reviewed by Darin Adler.

            After r181656, all requestAnimationFrame was falling back to timers, and not
            using the platform's DisplayRefreshMonitor, because of a Nullopt vs nullptr
            fumble. As a result, GraphicsLayerUpdater (which updates tiled layers during
            animations) was failing to do any updates.
        
            Replace this confusing Optional<> code with simpler code that just forces the
            clients to make a DisplayRefreshMonitor if they can, first asking
            ChromeClient, and then falling back to createDefaultDisplayRefreshMonitor().
        
            Make lots of things into references, and use C++11 initialization in some places.
        
            Add Internals API to allow a test to get the number of layer flushes that have
            occurred.
        
            * dom/ScriptedAnimationController.cpp:
            (WebCore::ScriptedAnimationController::ScriptedAnimationController):
            (WebCore::ScriptedAnimationController::windowScreenDidChange):
            (WebCore::ScriptedAnimationController::scheduleAnimation):
            (WebCore::ScriptedAnimationController::createDisplayRefreshMonitor):
            * dom/ScriptedAnimationController.h:
            * page/ChromeClient.h:
            * platform/graphics/DisplayRefreshMonitor.cpp:
            (WebCore::DisplayRefreshMonitor::createDefaultDisplayRefreshMonitor):
            (WebCore::DisplayRefreshMonitor::create):
            (WebCore::DisplayRefreshMonitor::addClient):
            (WebCore::DisplayRefreshMonitor::removeClient):
            (WebCore::DisplayRefreshMonitor::displayDidRefresh):
            * platform/graphics/DisplayRefreshMonitor.h:
            * platform/graphics/DisplayRefreshMonitorClient.cpp:
            (WebCore::DisplayRefreshMonitorClient::~DisplayRefreshMonitorClient):
            * platform/graphics/DisplayRefreshMonitorClient.h:
            * platform/graphics/DisplayRefreshMonitorManager.cpp:
            (WebCore::DisplayRefreshMonitorManager::createMonitorForClient):
            (WebCore::DisplayRefreshMonitorManager::registerClient):
            (WebCore::DisplayRefreshMonitorManager::unregisterClient):
            (WebCore::DisplayRefreshMonitorManager::scheduleAnimation):
            (WebCore::DisplayRefreshMonitorManager::displayDidRefresh):
            (WebCore::DisplayRefreshMonitorManager::windowScreenDidChange):
            * platform/graphics/DisplayRefreshMonitorManager.h:
            * platform/graphics/GraphicsLayerUpdater.cpp:
            (WebCore::GraphicsLayerUpdater::GraphicsLayerUpdater):
            (WebCore::GraphicsLayerUpdater::scheduleUpdate):
            (WebCore::GraphicsLayerUpdater::screenDidChange):
            (WebCore::GraphicsLayerUpdater::displayRefreshFired):
            (WebCore::GraphicsLayerUpdater::createDisplayRefreshMonitor):
            * platform/graphics/GraphicsLayerUpdater.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::RenderLayerCompositor):
            (WebCore::RenderLayerCompositor::flushPendingLayerChanges):
            (WebCore::RenderLayerCompositor::notifyFlushBeforeDisplayRefresh):
            (WebCore::RenderLayerCompositor::flushLayersSoon):
            (WebCore::RenderLayerCompositor::createDisplayRefreshMonitor):
            (WebCore::RenderLayerCompositor::startTrackingLayerFlushes):
            (WebCore::RenderLayerCompositor::layerFlushCount):
            * rendering/RenderLayerCompositor.h:
            * testing/Internals.cpp:
            (WebCore::Internals::startTrackingLayerFlushes):
            (WebCore::Internals::layerFlushCount):
            * testing/Internals.h:
            * testing/Internals.idl:

2015-04-20  Lucas Forschler  <lforschler@apple.com>

        Merge r180520

    2015-02-22  Dean Jackson  <dino@apple.com>

            [iOS] Max canvas size is lower than expected
            https://bugs.webkit.org/show_bug.cgi?id=141886
            <rdar://problem/19729246>

            Reviewed by Tim Horton.

            Use the same maximum canvas area for all ports,
            which bumps the iOS limit up from 4580 * 1145
            to 16k * 16k.

            * html/HTMLCanvasElement.cpp: Update MaxCanvasArea.

2015-04-20  Lucas Forschler  <lforschler@apple.com>

        Merge r179850

    2015-02-09  Timothy Horton  <timothy_horton@apple.com>

            Avoid using a HashMap for DisplayRefreshMonitorManager, which rarely has more than one item
            https://bugs.webkit.org/show_bug.cgi?id=141353

            Reviewed by Anders Carlsson.

            No new tests, because there's no behavior change.

            * platform/graphics/DisplayRefreshMonitorManager.cpp:
            (WebCore::DisplayRefreshMonitorManager::ensureMonitorForClient):
            (WebCore::DisplayRefreshMonitorManager::unregisterClient):
            (WebCore::DisplayRefreshMonitorManager::displayDidRefresh):
            * platform/graphics/DisplayRefreshMonitorManager.h:
            Use a Vector of RefPtr<DisplayRefreshMonitor> instead of a HashMap
            from uint64_t to RefPtr<DisplayRefreshMonitor>. There's usually only one
            display, so there's usually only one DisplayRefreshMonitor. Linear search
            on the Vector will be faster than the hash lookup in all conceivable cases.
            This also avoids the situation mentioned in the comments in DisplayRefreshMonitorManager.h
            where we don't know enough about PlatformDisplayID to safely hash it.

2015-03-11  Babak Shafiei  <bshafiei@apple.com>

        Merge patch for rdar://problem/20128911.

2015-03-11  Babak Shafiei  <bshafiei@apple.com>

        Merge r181351.

    2015-03-10  Enrica Casucci  <enrica@apple.com>

            Add support for more emoji with variation.
            https://bugs.webkit.org/show_bug.cgi?id=142548
            rdar://problem/20105008

            Reviewed by Tim Horton.

            Update ICU rules to support new emoji with variation.

            Test: editing/selection/extend-by-character-007.html

            * platform/text/TextBreakIterator.cpp:
            (WebCore::cursorMovementIterator):

2015-03-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r181123.

    2015-03-05  Dean Jackson  <dino@apple.com>

            [iOS Media] Web video on iPad appears black and missing the AirPlay placard when connected to an AirPlay route
            https://bugs.webkit.org/show_bug.cgi?id=142373
            <rdar://problem/19866072>

            Reviewed by Brent Fulgham.

            There was no style for the placard, which meant it had
            zero height (and thus was invisible).

            * Modules/mediacontrols/mediaControlsiOS.css:
            (audio::-webkit-media-controls-wireless-playback-status): Added.
            (audio::-webkit-media-controls-wireless-playback-status.hidden):

2015-03-06  Lucas Forschler  <lforschler@apple.com>

        Merge r180337

    2015-02-18  Andreas Kling  <akling@apple.com>

            REGRESSION(r179347): Clearing the PageCache no longer clears the PageCache.
            <https://webkit.org/b/141788>

            Reviewed by Anders Carlsson.

            Once again we've fallen into the TemporaryChange trap:

                TemporaryChange<unsigned>(m_member, temporaryValue);

            The code above doesn't actually do anything. Since the TemporaryChange local is not named,
            it immediately goes out of scope and restores the original value of m_member.

            Unless someone knows a C++ trick to prevent these, we'll need to add a style checker pass
            to catch bugs like this. Whatever we do will be done separately from this bug.

            Test: fast/history/page-cache-clearing.html

            * history/PageCache.cpp:
            (WebCore::PageCache::pruneToSizeNow): Name the local so it lives longer.

            * testing/Internals.cpp:
            (WebCore::Internals::clearPageCache):
            (WebCore::Internals::pageCacheSize):
            * testing/Internals.h:
            * testing/Internals.idl: Add a way to clear the page cache and query its size from
            window.internals to facilitate writing a simple test for this bug.

2015-03-05  Dean Jackson  <dino@apple.com>

        Merge r180906. <rdar://problem/20058845>

    2015-03-02  Dean Jackson  <dino@apple.com>

            [iOS Media] Airplay button should be blue when active
            https://bugs.webkit.org/show_bug.cgi?id=142193

            Reviewed by Brent Fulgham.

            Add a blue form of the Airplay button that is used
            when we are actively displaying on another screen.

            * Modules/mediacontrols/mediaControlsiOS.css:
            (video::-webkit-media-controls-wireless-playback-picker-button):
            (video::-webkit-media-controls-wireless-playback-picker-button:active):
            (video::-webkit-media-controls-wireless-playback-picker-button.playing):
            * Modules/mediacontrols/mediaControlsiOS.js:
            (ControllerIOS.prototype.updateWirelessPlaybackStatus):

2015-03-05  Dean Jackson  <dino@apple.com>

        Merge r181085. <rdar://problem/20058743>

    2015-03-04  Dean Jackson  <dino@apple.com>

            [iOS Media] Small inline controls can clip the time widgets
            https://bugs.webkit.org/show_bug.cgi?id=142319

            Reviewed by Eric Carlson.

            Start counting the number of digits in a duration so that
            we can assign classes to the time widgets that specify
            a minimum width.

            * Modules/mediacontrols/mediaControlsApple.css: Replace the hour-long and ten-hour-long
            classes with number of digits.
            (audio::-webkit-media-controls-time-remaining-display.five-digit-time):
            (audio::-webkit-media-controls-current-time-display.five-digit-time):
            (audio::-webkit-media-controls-time-remaining-display.six-digit-time):
            (audio::-webkit-media-controls-current-time-display.six-digit-time):
            (audio::-webkit-media-controls-time-remaining-display.hour-long-time): Deleted.
            (audio::-webkit-media-controls-current-time-display.hour-long-time): Deleted.
            (audio::-webkit-media-controls-time-remaining-display.ten-hour-long-time): Deleted.
            (audio::-webkit-media-controls-current-time-display.ten-hour-long-time): Deleted.

            * Modules/mediacontrols/mediaControlsApple.js: Add some new class names.
            (Controller.prototype.updateDuration): Set the class of the time
            widgets when we know how long the media runs.

            * Modules/mediacontrols/mediaControlsiOS.css: Values for iOS that
            are big enough to avoid clipping.
            (video::-webkit-media-controls-current-time-display):
            (video::-webkit-media-controls-time-remaining-display):
            (video::-webkit-media-controls-current-time-display.three-digit-time):
            (video::-webkit-media-controls-time-remaining-display.three-digit-time):
            (video::-webkit-media-controls-current-time-display.four-digit-time):
            (video::-webkit-media-controls-time-remaining-display.four-digit-time):
            (video::-webkit-media-controls-current-time-display.five-digit-time):
            (video::-webkit-media-controls-time-remaining-display.five-digit-time):
            (video::-webkit-media-controls-current-time-display.six-digit-time):
            (video::-webkit-media-controls-time-remaining-display.six-digit-time):
            (audio::-webkit-media-controls-timeline-container): Deleted.
            (video::-webkit-media-text-track-container): Deleted.

2015-03-04  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r180910. rdar://problem/19395137

    2015-03-02  Jeremy Jones  <jeremyj@apple.com>

            RenderVideo should not paint the video frame when video is fullscreen.
            https://bugs.webkit.org/show_bug.cgi?id=142097

            Reviewed by Eric Carlson.

            For performance and correctness, RenderVideo should not paint the current video frame
            inline when video is fullscreen. This happens when snapshots are taken and can have a
            negative performance impact.

            * rendering/RenderVideo.cpp:
            (WebCore::RenderVideo::paintReplaced):

2015-02-26  Babak Shafiei  <bshafiei@apple.com>

        Merge r173806.

    2014-09-22  Mihnea Ovidenie  <mihnea@adobe.com>

            [CSS Regions] Assertion failure and null dereference crash when using animations and regions
            https://bugs.webkit.org/show_bug.cgi?id=136918

            Reviewed by Andrei Bucur.

            In some situations, for instance when an image has an attached animation, the style change caused by the animation
            triggers a geometry update for the backing store associated with the image's layer. This may occur before
            the layout for the image has finished.

            Moreover, if the image in such situation - having a composited layer - is displayed in a region,
            sicne the layout did not finish yet, the mappings between the layers of the elements collected in the named flow
            and the regions associated with the named flow are not updated and cannot be used.

            Therefore in those situations, we have to bail out early and use these mappings only after the layout has finished.

            This patch also changes RenderLayerBacking method updateAfterDescendents -> updateAfterDescendants.

            Test: fast/regions/animated-image-in-region.html

            * rendering/RenderFlowThread.cpp:
            (WebCore::RenderFlowThread::cachedRegionForCompositedLayer):
            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::calculateClipRects):
            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::updateAfterDescendants):
            * rendering/RenderLayerBacking.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
            (WebCore::RenderLayerCompositor::updateLayerTreeGeometry):
            (WebCore::RenderLayerCompositor::updateCompositingDescendantGeometry):

2015-02-26  Babak Shafiei  <bshafiei@apple.com>

        Merge patch for r180129, r180133.

    2015-02-26  Said Abou-Hallawa  <sabouhallawa@apple.com>

            Crash when accessing an item in SVGTransformList and then removing a previous item from this list.
            https://bugs.webkit.org/show_bug.cgi?id=141550.

            Reviewed by Darin Adler.

            Tests: LayoutTests/svg/dom/SVGTransformList-basics.xhtml: This test is modified to
            include a new test case.

            * svg/properties/SVGMatrixTearOff.h: m_value of SVGMatrixTearOff will be a null
            pointer. There is no point in having SVGMatrixTearOff points to the parent and
            the property of the parent at the same time.
        
            (WebCore::SVGMatrixTearOff::create): SVGMatrixTearOff will hold a pointer to
            the parent SVGPropertyTearOff<SVGTransform>. But it should overrides setValue()
            and propertyReference() so it can set and get the SVGMatrix from the SVGTransform
            parent.
        
            (WebCore::SVGMatrixTearOff::SVGMatrixTearOff): Pass a nullptr to the base class.
            SVGMatrixTearOff will act as a proxy of the parent. It does not hold any data by
            itself but it knows what property to set and get from the parent.
        
            * svg/properties/SVGPropertyTearOff.h:
            (WebCore::SVGPropertyTearOff::create): Add a create method which can take a pointer value.
        
            (WebCore::SVGPropertyTearOff::propertyReference):
            (WebCore::SVGPropertyTearOff::setValue): Make these functions virtual so concrete classes
            like SVGMatrixTearOff can override them.
        
            (WebCore::SVGPropertyTearOff::SVGPropertyTearOff): Add a new constructor.

2015-02-26  Babak Shafiei  <bshafiei@apple.com>

        Merged r180087.

    2015-02-12  Enrica Casucci  <enrica@apple.com>

            Additional emoji group support.
            https://bugs.webkit.org/show_bug.cgi?id=141539
            rdar://problem/19727527

            Reviewed by Sam Weinig.

            Adding some new emoji ligatures.
            Updated existing test to include the new sequences.

            * platform/text/TextBreakIterator.cpp:
            (WebCore::cursorMovementIterator):
            * rendering/RenderText.cpp:
            (WebCore::isEmojiGroupCandidate):

2015-02-26  Lucas Forschler  <lforschler@apple.com>

        Merge r180174

    2015-02-16  Zalan Bujtas  <zalan@apple.com>

            RenderTableCell can't access its parent while in detached state.
            https://bugs.webkit.org/show_bug.cgi?id=141639
            rdar://problem/19850760

            Reviewed by Simon Fraser.

            Null check against ancestor chain so that certain methods in RenderTableCell can
            be called even if the renderer is not yet attached.

            Test: fast/table/table-cell-crash-when-detached-state.html

            * rendering/RenderTableCell.cpp:
            (WebCore::RenderTableCell::borderLeft):
            (WebCore::RenderTableCell::borderRight):
            (WebCore::RenderTableCell::borderTop):
            (WebCore::RenderTableCell::borderBottom):
            (WebCore::RenderTableCell::borderStart):
            (WebCore::RenderTableCell::borderEnd):
            (WebCore::RenderTableCell::borderBefore):
            (WebCore::RenderTableCell::borderAfter):
            * rendering/RenderTableCell.h:

2015-02-26  Lucas Forschler  <lforschler@apple.com>

        Merge r179480

    2015-02-02  Jeremy Jones  <jeremyj@apple.com>

            Prevent crash when accessing WebAVPlayerController.delegate.
            https://bugs.webkit.org/show_bug.cgi?id=140893

            Reviewed by Darin Adler.

            This patch aims to prevent a null delegate access during invalidation by adding null checks before accessing the delegate, by making explicit the recreation of m_playerController, and by consolidating and correcting the teardown sequence.

            * WebCore.exp.in:
            * platform/ios/WebVideoFullscreenInterface.h: add resetMediaState()
            * platform/ios/WebVideoFullscreenInterfaceAVKit.h: ditto.
            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (-[WebAVPlayerController playerViewController:shouldExitFullScreenWithReason:]): Check for null before accessing delegate.
            (-[WebAVPlayerController play:]): ditto.
            (-[WebAVPlayerController pause:]): ditto.
            (-[WebAVPlayerController togglePlayback:]): ditto.
            (-[WebAVPlayerController setPlaying:]): ditto.
            (-[WebAVPlayerController beginScrubbing:]): ditto.
            (-[WebAVPlayerController endScrubbing:]): ditto.
            (-[WebAVPlayerController seekToTime:]): ditto.
            (-[WebAVPlayerController beginScanningForward:]): ditto.
            (-[WebAVPlayerController endScanningForward:]): ditto.
            (-[WebAVPlayerController beginScanningBackward:]): ditto.
            (-[WebAVPlayerController endScanningBackward:]): ditto.
            (-[WebAVPlayerController seekToBeginning:]): ditto.
            (-[WebAVPlayerController seekToEnd:]): ditto.
            (-[WebAVPlayerController setCurrentAudioMediaSelectionOption:]): ditto.
            (-[WebAVPlayerController setCurrentLegibleMediaSelectionOption:]): ditto.
            (-[WebAVPlayerController layoutSublayersOfLayer:]): ditto.
            (WebVideoFullscreenInterfaceAVKit::WebVideoFullscreenInterfaceAVKit): initialize m_playerController
            (WebVideoFullscreenInterfaceAVKit::resetMediaState): Added.
            (WebVideoFullscreenInterfaceAVKit::setDuration): remove playerController()
            (WebVideoFullscreenInterfaceAVKit::setCurrentTime): ditto.
            (WebVideoFullscreenInterfaceAVKit::setRate): ditto.
            (WebVideoFullscreenInterfaceAVKit::setVideoDimensions): ditto.
            (WebVideoFullscreenInterfaceAVKit::setSeekableRanges): ditto.
            (WebVideoFullscreenInterfaceAVKit::setCanPlayFastReverse): ditto.
            (WebVideoFullscreenInterfaceAVKit::setAudioMediaSelectionOptions): ditto.
            (WebVideoFullscreenInterfaceAVKit::setLegibleMediaSelectionOptions): ditto.
            (WebVideoFullscreenInterfaceAVKit::setExternalPlayback): ditto.
            (WebVideoFullscreenInterfaceAVKit::setupFullscreenInternal): ditto.
            (WebVideoFullscreenInterfaceAVKit::enterFullscreenStandard): ditto.
            (WebVideoFullscreenInterfaceAVKit::cleanupFullscreenInternal): consolidated cleanup code from invalidate()
            (WebVideoFullscreenInterfaceAVKit::invalidate): consolidate cleanup code.
            (WebVideoFullscreenInterfaceAVKit::playerController): Deleted.
            * platform/ios/WebVideoFullscreenModelVideoElement.mm:
            (WebVideoFullscreenModelVideoElement::setVideoElement): call resetMediaState()

2015-02-25  Babak Shafiei  <bshafiei@apple.com>

        Merge r180274.

    2015-02-18  Eric Carlson  <eric.carlson@apple.com>

            [iOS] pause video when a tab moves to the background on some devices
            https://bugs.webkit.org/show_bug.cgi?id=141753
            <rdar://problem/19814562>

            Reviewed by Jer Noble.

            Test: media/video-background-tab-playback.html

            * platform/audio/MediaSession.cpp:
            (WebCore::MediaSession::clientDataBufferingTimerFired): Pause video when the element becomes
                hidden if the BackgroundTabPlaybackRestricted is set.

            * platform/audio/MediaSessionManager.cpp:
            (WebCore::MediaSessionManager::applicationWillEnterBackground): Rename BackgroundPlaybackNotPermitted
                 to BackgroundProcessPlaybackRestricted.
            (WebCore::MediaSessionManager::applicationWillEnterForeground): Ditto.
            * platform/audio/MediaSessionManager.h:

            * platform/audio/ios/MediaSessionManagerIOS.mm:
            (WebCore::MediaSessionManageriOS::resetRestrictions): Set BackgroundTabPlaybackRestricted on
                devices with restricted memory. BackgroundPlaybackNotPermitted -> BackgroundProcessPlaybackRestricted.

            * testing/Internals.cpp:
            (WebCore::Internals::setMediaSessionRestrictions): Add support for BackgroundTabPlaybackRestricted.
                BackgroundPlaybackNotPermitted -> BackgroundProcessPlaybackRestricted.

2015-02-24  Dean Jackson  <dino@apple.com>

        Merged r180588.

    2015-02-24  Dean Jackson  <dino@apple.com>

            [ios Media] the inline controls are visible after pressing Done on iPhone
            https://bugs.webkit.org/show_bug.cgi?id=141987
            <rdar://problem/19944110>

            Reviewed by Beth Dakin.

            When exiting out of a playing video, we should show the
            start playback button if we don't allow inline media
            (such as on iPhone).

            * Modules/mediacontrols/mediaControlsiOS.js:
            (ControllerIOS.prototype.shouldHaveStartPlaybackButton): Test for
            allowsInline as well.

2015-02-24  Dean Jackson  <dino@apple.com>

        Merge r180583.

    2015-02-24  Dean Jackson  <dino@apple.com>

            [iOS Media] Be specific about which document to use for the timeline background canvas
            https://bugs.webkit.org/show_bug.cgi?id=141981

            Reviewed by Eric Carlson.

            In some cases, especially with nested iframes, the document
            reference for the shadow DOM might not be the one used
            to create a -webkit-canvas context for rendering via CSS.
            Explicitly get the context from the video's owner
            document.

            There is still a bug here:
            https://bugs.webkit.org/show_bug.cgi?id=141983

            * Modules/mediacontrols/mediaControlsiOS.js:
            (ControllerIOS.prototype.drawTimelineBackground):

2015-02-23  Babak Shafiei  <bshafiei@apple.com>

        Follow-up merge for r179877.

2015-02-22  David Kilzer  <ddkilzer@apple.com>

        Merge r180183, r180187.

    2015-02-16  Jer Noble  <jer.noble@apple.com>

        [iOS] Build fix: declare undeclared identifier 'credential'.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::receivedCredential):

    2015-02-16  Jer Noble  <jer.noble@apple.com>

        [iOS] Unable to play .mp4 file over http with basic http authentication
        https://bugs.webkit.org/show_bug.cgi?id=141503
        rdar://problem/15799844

        Reviewed by Alexey Proskuryakov.

        On iOS, CFNetwork is used for authentication, so the NSURLAuthenticationChallenge
        provided by AVAssetResourceLoader needs to be shoehorned into a AuthenticationChallenge
        object by way of CFURLAuthChallengeRef.

        Create a new class, WebCoreNSURLAuthenticationChallengeClient, whose sole purpose
        is to take AuthenticationChallengeClient callbacks and pass them along to a
        NSURLAuthenticationChallenge sender.

        Create a NSURLAuthenticationChallenge out of the CF version through an SPI, and add
        that SPI to a new header. Drive-by fix: take two of our existing SPI calls and move
        them into that same header.

        * WebCore.xcodeproj/project.pbxproj: Add CFNSURLConnectionSPI.h to project.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::create): Factory.
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::WebCoreNSURLAuthenticationChallengeClient): Simple constructor.
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::receivedCredential): Pass to m_challenge.
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::receivedRequestToContinueWithoutCredential): Ditto.
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::receivedCancellation): Ditto.
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::receivedRequestToPerformDefaultHandling): Ditto.
        (WebCore::WebCoreNSURLAuthenticationChallengeClient::receivedChallengeRejection): Ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForResponseToAuthenticationChallenge):
            Create an AuthenticationChallenge out of the nsChallenge and client and pass it up
            to the HTMLMediaElement.
        * platform/network/mac/AuthenticationMac.mm:
        * platform/spi/cocoa/CFNSURLConnectionSPI.h: Added.

2015-02-20  Lucas Forschler  <lforschler@apple.com>

        Merge r180278

    2015-02-18  Myles C. Maxfield  <mmaxfield@apple.com>

            Justified ruby can cause lines to grow beyond their container
            https://bugs.webkit.org/show_bug.cgi?id=141732

            Reviewed by David Hyatt.

            After we re-layout RenderRubyRuns, this can change the environment upon which
            ruby's overhang calculation is sensitive to. Before this patch, we would recalculate
            the overhang after the RenderRubyRun gets relaid out. However, doing such causes the
            effective width of the RenderRubyRun to change, which causes out subsequent
            justification calculations to be off.

            Therefore, we have a cycle; the amount of ruby overhang can change the justification
            in a line, and the layout of the line affects the ruby overhang calculation. Instead
            of performing a layout in a loop until it converges, this patch simply observes that
            having a flush right edge is more valuable than having a perfectly correct overhang.
            It therefore simply removes the secondary overhang calculation.

            Test: fast/text/ruby-justification-flush.html

            * rendering/RenderBlockFlow.h:
            * rendering/RenderBlockLineLayout.cpp:
            (WebCore::RenderBlockFlow::updateRubyForJustifiedText):
            (WebCore::RenderBlockFlow::computeExpansionForJustifiedText):
            (WebCore::RenderBlockFlow::computeInlineDirectionPositionsForSegment):

2015-02-20  Lucas Forschler  <lforschler@apple.com>

        Merge r180150

    2015-02-12  David Hyatt  <hyatt@apple.com>

            text-underline-position:under has multiple correctness issues
            https://bugs.webkit.org/show_bug.cgi?id=141528

            Reviewed by Dean Jackson.

            Added a bunch of new tests in fast/text

            * rendering/InlineFlowBox.cpp:
            (WebCore::InlineFlowBox::maxLogicalBottomForTextDecorationLine):
            (WebCore::InlineFlowBox::minLogicalTopForTextDecorationLine):
            (WebCore::InlineFlowBox::computeMaxLogicalBottom): Deleted.
            * rendering/InlineFlowBox.h:
            These functions have been re-written to take an enclosing renderer that specified the
            decoration. This way they can properly limit the bottom/top computation to only line boxes
            that are contained inside the renderer.

            * rendering/InlineTextBox.cpp:
            (WebCore::InlineTextBox::paintDecoration):
            Tweak the call to get the decoration colors now that quirks mode has been removed.

            * rendering/RenderElement.cpp:
            (WebCore::RenderElement::enclosingRendererWithTextDecoration):
            * rendering/RenderElement.h:
            New function that finds the enclosing renderer that specified a text decoration. For now
            this is only used in the "under" position computation, but soon we'll be using it
            everywhere.

            * rendering/RenderObject.cpp:
            (WebCore::RenderObject::getTextDecorationColors):
            * rendering/RenderObject.h:
            Remove the quirks mode argument, since we were always passing true anyway (making the argument dead).

            * rendering/RootInlineBox.cpp:
            (WebCore::RootInlineBox::maxLogicalBottom): Deleted.
            * rendering/RootInlineBox.h:
            Get rid of these functions and just have InlineTextBoxStyle's computeUnderLineOffset function call
            the InlineFlowBox functions directly.

            * style/InlineTextBoxStyle.cpp:
            (WebCore::computeUnderlineOffset):
            Re-written to fetch the enclosingRendererWithTextDecoration so that it can be passed to the logical top/bottom
            computation to limit which line boxes get included.

2015-02-20  Dean Jackson  <dino@apple.com>

        <rdar://problem/19450275> Media player updates.

        Merge r179808, r180013, r180024, r180231, r180347.

2015-02-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r180364.

    2015-02-19  David Hyatt  <hyatt@apple.com>

            Columns are splitting unsplittable content.
            https://bugs.webkit.org/show_bug.cgi?id=141807
            <rdar://problem/18387659>

            Reviewed by Dean Jackson.

            Added inline-table-dynamic-movement.html

            * rendering/RenderBlockFlow.cpp:
            (WebCore::RenderBlockFlow::pageLogicalTopForOffset):
            (WebCore::RenderBlockFlow::pageLogicalHeightForOffset):
            Patch these functions to always check the layout state for a zero
            pageLogicalHeight, since that is actually our indicator that we're
            doing column balancing and don't have a height set yet.

            * rendering/RenderMultiColumnFlowThread.cpp:
            (WebCore::RenderMultiColumnFlowThread::isPageLogicalHeightKnown):
            * rendering/RenderMultiColumnSet.cpp:
            (WebCore::RenderMultiColumnSet::RenderMultiColumnSet):
            (WebCore::RenderMultiColumnSet::setAndConstrainColumnHeight):
            (WebCore::RenderMultiColumnSet::prepareForLayout):
            * rendering/RenderMultiColumnSet.h:
            The function for deciding whether the logical height of the columns was
            known was checking for a zero computedColumnHeight. However, a column set
            can legitimately compute a zero column height, and with the fix to examine
            the layout state, this bug was exposed.

            The fix is to add a new variable that caches whether or not the column height
            has been computed, so that even if it computes to zero, we aren't fooled.

2015-02-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r180147

    2015-02-16  Brent Fulgham  <bfulgham@apple.com>

            FEGaussianBlur::calculateUnscaledKernelSize does unspeakable things with signed and unsigned values
            https://bugs.webkit.org/show_bug.cgi?id=141596
            <rdar://problem/19837103>

            Reviewed by Zalan Bujtas.

            No new tests. Covered by css3/filters/huge-blur-value.html

            Avoid overflowing the signed integer values by not converting from unsigned
            until the maximum size has been clamped to the expected max.

            * platform/graphics/filters/FEGaussianBlur.cpp:
            (WebCore::FEGaussianBlur::calculateUnscaledKernelSize):

2015-02-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r180191.

    2015-02-16  Enrica Casucci  <enrica@apple.com>

            Emoji sequences do not render properly.
            https://bugs.webkit.org/show_bug.cgi?id=141661
            rdar://problem/19820463

            Reviewed by Sam Weinig.

            Emoji sequences and emoji with variations should be rendered
            using the Complex code path and should be treated as graphemes.
            This change modifies advanceByCombiningCharacterSequence to add
            this logic.

            Test: fast/text/emoji.html

            * WebCore.xcodeproj/project.pbxproj:
            * platform/graphics/FontCascade.cpp:
            (WebCore::FontCascade::characterRangeCodePath):
            * platform/graphics/mac/ComplexTextController.cpp:
            (WebCore::advanceByCombiningCharacterSequence): Implements a simple
            logic to treat emoji sequences and emoji with variations as graphemes.
            * platform/text/CharacterProperties.h: Added.
            (WebCore::isEmojiGroupCandidate):
            (WebCore::isEmojiModifier):
            (WebCore::isVariationSelector):
            * rendering/RenderText.cpp:
            (WebCore::isEmojiGroupCandidate): Deleted.
            (WebCore::isEmojiModifier): Deleted.

2015-02-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r180155.

    2015-02-16  David Hyatt  <hyatt@apple.com>

            Add ifdefs to avoid adjusting Ruby selection rects to avoid overlap on iOS.
            https://bugs.webkit.org/show_bug.cgi?id=141651
            <rdar://problem/19182526>

            Reviewed by Simon Fraser.

            * rendering/RootInlineBox.cpp:
            (WebCore::RootInlineBox::selectionTop):
            (WebCore::RootInlineBox::selectionBottom):

2015-02-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r180128.

    2015-02-15  Said Abou-Hallawa  <sabouhallawa@apple.com>

            Crash when accessing an item in SVGLengthList and then replacing it with a previous item in the list.
            https://bugs.webkit.org/show_bug.cgi?id=141552.

            Reviewed by Darin Adler.

            Tests: LayoutTests/svg/dom/SVGLengthList-basics.xhtml: This test is modified to
            include a new test case.

            * svg/properties/SVGListPropertyTearOff.h: Commit the removal of the replacing item
            before trying to detach the wrapper of the item which going to be replaced.

2015-02-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r180063.

    2015-02-13  Simon Fraser  <simon.fraser@apple.com>

            Crashes under RenderLayer::hitTestLayer under determinePrimarySnapshottedPlugIn()
            https://bugs.webkit.org/show_bug.cgi?id=141551

            Reviewed by Zalan Bujtas.

            It's possible for a layout to dirty the parent frame's state, via the calls to
            ownerElement()->scheduleSetNeedsStyleRecalc() that RenderLayerCompositor does when
            iframes toggle their compositing mode.

            That could cause FrameView::updateLayoutAndStyleIfNeededRecursive() to fail to 
            leave all the frames in a clean state. Later on, we could enter hit testing,
            which calls document().updateLayout() on each frame's document. Document::updateLayout()
            does layout on all ancestor documents, so in the middle of hit testing, we could
            layout a subframe (dirtying an ancestor frame), then layout another frame, which
            would forcing that ancestor to be laid out while we're hit testing it, thus
            corrupting the RenderLayer tree while it's being iterated over.

            Fix by having FrameView::updateLayoutAndStyleIfNeededRecursive() do a second
            layout after laying out subframes, which most of the time will be a no-op.

            Also add a stronger assertion, that this frame and all subframes are clean
            at the end of FrameView::updateLayoutAndStyleIfNeededRecursive() for the
            main frame.

            Various existing frames tests hit the new assertion if the code change is removed,
            so this is covered by existing tests.

            * page/FrameView.cpp:
            (WebCore::FrameView::needsStyleRecalcOrLayout):
            (WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive):
            * page/FrameView.h:
            * rendering/RenderWidget.cpp:
            (WebCore::RenderWidget::willBeDestroyed):

2015-02-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r180062.

    2015-02-12  Simon Fraser  <simon.fraser@apple.com>

            determinePrimarySnapshottedPlugIn() should only traverse visible Frames
            https://bugs.webkit.org/show_bug.cgi?id=141547
            Part of rdar://problem/18445733.

            Reviewed by Anders Carlsson.

            There's an expectation from clients that FrameView::updateLayoutAndStyleIfNeededRecursive()
            updates layout in all frames, but it uses the widget tree, so only hits frames
            that are parented via renderers (i.e. not display:none frames or their descendants).

            Moving towards a future where we remove Widgets, fix by adding a FrameTree 
            traversal function that only finds rendered frames (those with an ownerRenderer).

            Not testable.

            * page/FrameTree.cpp:
            (WebCore::FrameTree::firstRenderedChild):
            (WebCore::FrameTree::nextRenderedSibling):
            (WebCore::FrameTree::traverseNextRendered):
            (printFrames):
            * page/FrameTree.h:
            * page/FrameView.cpp:
            (WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive):

2015-02-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r179877.

    2015-02-07  Zalan Bujtas  <zalan@apple.com>

            REGRESSION (r168046): Crash in WebCore::InlineBox::renderer / WebCore::RenderFlowThread::checkLinesConsistency
            https://bugs.webkit.org/show_bug.cgi?id=133462

            Reviewed by David Hyatt.

            RenderFlowThread::m_lineToRegionMap stores pointers to the root inlineboxes in the block flow.
            Normally root inlineboxes remove themselves from this map in their dtors. However when collapsing an anonymous block,
            we detach the inline tree first and destroy them after. The detached root boxes can't access
            the flowthread containing block and we end up with dangling pointers in this map.
            Call removeFlowChildInfo() before detaching the subtree to ensure proper pointer removal.

            Test: fast/multicol/newmulticol/crash-when-switching-to-floating.html

            * rendering/RenderBlock.cpp:
            (WebCore::RenderBlock::collapseAnonymousBoxChild):

2015-02-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r179776.

    2015-02-06  Zalan Bujtas  <zalan@apple.com>

            ASSERT repaintContainer->hasLayer() in WebCore::RenderObject::repaintUsingContainer
            https://bugs.webkit.org/show_bug.cgi?id=140750

            Reviewed by Simon Fraser.

            There's a short period of time when RenderObject::layer() still returns a valid pointer
            even though we already cleared the hasLayer() flag.
            Do not use the layer as repaint container in such cases.

            Test: compositing/repaint-container-assertion-when-toggling-compositing.html

            * rendering/RenderObject.cpp:
            (WebCore::RenderObject::enclosingLayer):

2015-02-13  Lucas Forschler  <lforschler@apple.com>

        Merge r179768

    2015-02-06  Brent Fulgham  <bfulgham@apple.com>

            [iOS] Implement audio track selection in fullscreen.
            https://bugs.webkit.org/show_bug.cgi?id=131236
            <rdar://problem/16552632>

            Reviewed by Eric Carlson.

            * platform/ios/WebVideoFullscreenModelVideoElement.h:
            * platform/ios/WebVideoFullscreenModelVideoElement.mm:
            (WebVideoFullscreenModelVideoElement::selectAudioMediaOption): Provide implementation.
            (WebVideoFullscreenModelVideoElement::updateLegibleOptions): Add audio track information
            to menu displayed to user.

2015-02-13  Lucas Forschler  <lforschler@apple.com>

        Merge r174823

    2014-10-16  Jer Noble  <jer.noble@apple.com>

            [Mac] Represent AVMediaSelectionOptions as AudioTracks
            https://bugs.webkit.org/show_bug.cgi?id=137474

            Reviewed by Brent Fulgham.

            Test: http/tests/media/hls/hls-audio-tracks.html

            Support selecting audio "tracks" in HLS streams by exposing AVMediaSelectionOptions
            as entries in the video's AudioTrackList.

            AVMediaSessionGroups and AVPlayerItems don't have KVO or notifications to track when options
            are selected and deselected, so wrap AVMediaSessionGroup and AVMediaSessionOption in C++
            wrappers. Each AVMediaSelectionGroup can have only one AVMediaSelectionOption selected at a
            time, so the wrapper will take care of answering which AVMediaSelectionOption is currently
            selected, as without KVO notifications, asking the AVMediaSelectionGroup directly is
            inconsistent. Because setting the selected option multiple times in the same run-loop can
            cause flakiness, coalesce calls to setSelectedOption() by setting a one-shot timer to do
            the actual selection in the next run-loop.

            * platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.h: Added.
            (WebCore::MediaSelectionOptionAVFObjC::avMediaSelectionOption):
            (WebCore::MediaSelectionOptionAVFObjC::clearGroup): Clear backpointer to group from option.
            (WebCore::MediaSelectionGroupAVFObjC::selectedOption): Simple accessor.
            (WebCore::MediaSelectionGroupAVFObjC::options):  Simple accessor.
            (WebCore::MediaSelectionGroupAVFObjC::avMediaSelectionGroup): Simple accessor.
            * platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm: Added.
            (WebCore::MediaSelectionOptionAVFObjC::create): Simple factory method.
            (WebCore::MediaSelectionOptionAVFObjC::MediaSelectionOptionAVFObjC): Simple constructor.
            (WebCore::MediaSelectionOptionAVFObjC::setSelected): Pass through to MediaSelectionGroupAVFObjC.
            (WebCore::MediaSelectionOptionAVFObjC::selected): Ditto.
            (WebCore::MediaSelectionOptionAVFObjC::index): Return index of this object in the group's object.
            (WebCore::MediaSelectionGroupAVFObjC::create):
            (WebCore::MediaSelectionGroupAVFObjC::MediaSelectionGroupAVFObjC):
            (WebCore::MediaSelectionGroupAVFObjC::~MediaSelectionGroupAVFObjC):
            (WebCore::MediaSelectionGroupAVFObjC::updateOptions): Discover added or removed options.
            (WebCore::MediaSelectionGroupAVFObjC::setSelectedOption): Set a one shot timer to coalesce multiple calls.
            (WebCore::MediaSelectionGroupAVFObjC::selectionTimerFired): Set the selected AVSelectionOption.

            Modify AVTrackPrivateAVFObjCImpl to support both AVPlayerItemTracks and these new
            MediaSelectionOptionAVFObjC objects.

            * platform/graphics/avfoundation/AVTrackPrivateAVFObjCImpl.h:
            (WebCore::AVTrackPrivateAVFObjCImpl::mediaSelectionOption): Simple accessor.
            * platform/graphics/avfoundation/AVTrackPrivateAVFObjCImpl.mm:
            (WebCore::AVTrackPrivateAVFObjCImpl::AVTrackPrivateAVFObjCImpl):  Simple constructor.
            (WebCore::AVTrackPrivateAVFObjCImpl::~AVTrackPrivateAVFObjCImpl): Simple destructor.
            (WebCore::AVTrackPrivateAVFObjCImpl::enabled): Use MediaSelectionOptionAVFObjC, if present.
            (WebCore::AVTrackPrivateAVFObjCImpl::setEnabled): Ditto.
            (WebCore::AVTrackPrivateAVFObjCImpl::audioKind): Ditto.
            (WebCore::AVTrackPrivateAVFObjCImpl::videoKind): Ditto.
            (WebCore::AVTrackPrivateAVFObjCImpl::index): Ditto.
            (WebCore::AVTrackPrivateAVFObjCImpl::id): Ditto.
            (WebCore::AVTrackPrivateAVFObjCImpl::label): Ditto.
            (WebCore::AVTrackPrivateAVFObjCImpl::language): Ditto.
            (WebCore::AVTrackPrivateAVFObjCImpl::languageForAVMediaSelectionOption): Ditto.
            (WebCore::AVTrackPrivateAVFObjCImpl::trackID): Ditto.

            Allow AudioTrackPrivateAVFObjC and VideoTrackPrivateAVFObjC to be created with
            a MediaSelectionOptionAVFObjC.

            * platform/graphics/avfoundation/objc/AudioTrackPrivateAVFObjC.h:
            (WebCore::AudioTrackPrivateAVFObjC::create): Takes a MediaSelectionOptionAVFObjC.
            * platform/graphics/avfoundation/objc/AudioTrackPrivateAVFObjC.mm:
            (WebCore::AudioTrackPrivateAVFObjC::AudioTrackPrivateAVFObjC): Simple constructor.
            (WebCore::AudioTrackPrivateAVFObjC::setMediaSelectionOption): Create a new AVTrackPrivateAVFObjCImpl.
            (WebCore::AudioTrackPrivateAVFObjC::mediaSelectionOption): Simple accessor.
            * platform/graphics/avfoundation/objc/VideoTrackPrivateAVFObjC.cpp:
            (WebCore::VideoTrackPrivateAVFObjC::VideoTrackPrivateAVFObjC): Simple constructor.
            (WebCore::VideoTrackPrivateAVFObjC::setMediaSelectonOption): Create a new AVTrackPrivateAVFObjCImpl.
            (WebCore::VideoTrackPrivateAVFObjC::mediaSelectionOption): Simple accessor.
            * platform/graphics/avfoundation/objc/VideoTrackPrivateAVFObjC.h:

            Because IDs are not necessarily unique across AVPlayerItemTracks and AVMediaSelectionOptions,
            use the index of the track or option instead of it's self-declared ID for ordering for the
            trackIndex.

            * platform/graphics/avfoundation/objc/AudioTrackPrivateAVFObjC.mm:
            (WebCore::AudioTrackPrivateAVFObjC::resetPropertiesFromTrack):
            * platform/graphics/avfoundation/objc/VideoTrackPrivateMediaSourceAVFObjC.mm:
            (WebCore::VideoTrackPrivateMediaSourceAVFObjC::resetPropertiesFromTrack):

            Rather than making allowing the AVPlayerItem to automatically select the "best"
            AVMediaSelectionOption, select the automatic options when creating the AVPlayerItem
            and thereafter allow the users manual selections "stick".

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::ensureAVPlayer):
            (WebCore::MediaPlayerPrivateAVFoundationObjC::ensureAVPlayerItem):

            Determine whether any MediaSelectionOptionsAVFObjC have been added or removed and send trackChange events accordingly.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::determineChangedTracksFromNewTracksAndOldItems): Added.
            (WebCore::MediaPlayerPrivateAVFoundationObjC::updateAudioTracks): Search for updated selection options.
            (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoTracks): Ditto.
            (WebCore::MediaPlayerPrivateAVFoundationObjC::safeMediaSelectionGroupForAudibleMedia): Return selection group, if available.
            (WebCore::MediaPlayerPrivateAVFoundationObjC::safeMediaSelectionGroupForVisualMedia): Ditto.
            (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksDidChange): Filter out AVPlayerItemTracks without
                AVAssetTracks, as these will be represented by MediaSelectionGroupObjCs instead.

            Add new files to project.
            * WebCore.xcodeproj/project.pbxproj:

2015-02-13  Lucas Forschler  <lforschler@apple.com>

        Merge r174402

    2014-10-07  Jer Noble  <jer.noble@apple.com>

            [Media] Expose AudioTracks in the "captions" menu.
            https://bugs.webkit.org/show_bug.cgi?id=137472

            Reviewed by Brent Fulgham.

            Test: media/video-controls-audiotracks-trackmenu.html

            If more than one AudioTrack is present in the video element, add those tracks to the
            captions menu:
            * English.lproj/mediaControlsLocalizedStrings.js:
            * Modules/mediacontrols/mediaControlsApple.js:
            (Controller.prototype.addVideoListeners):
            (Controller.prototype.removeVideoListeners):
            (Controller.prototype.handleAudioTrackChange):
            (Controller.prototype.handleAudioTrackAdd):
            (Controller.prototype.handleAudioTrackRemove):
            (Controller.prototype.updateCaptionButton):
            (Controller.prototype.buildCaptionMenu):
            (Controller.prototype.handleCaptionItemKeyUp):
            (Controller.prototype.audioTrackItemSelected):
            (Controller.prototype.focusSiblingAudioTrackItem):
            (Controller.prototype.handleAudioTrackItemKeyUp):

            Add support to MediaControlHost for retrieving the sorted audio track list, and the
            localized names for every audio track:
            * Modules/mediacontrols/MediaControlsHost.cpp:
            (WebCore::MediaControlsHost::sortedTrackListForMenu):
            (WebCore::MediaControlsHost::displayNameForTrack):
            * Modules/mediacontrols/MediaControlsHost.h:
            * Modules/mediacontrols/MediaControlsHost.idl:
            * page/CaptionUserPreferences.cpp:
            (WebCore::trackDisplayName):
            (WebCore::CaptionUserPreferences::displayNameForTrack):
            (WebCore::CaptionUserPreferences::sortedTrackListForMenu):
            * page/CaptionUserPreferences.h:
            * platform/LocalizedStrings.cpp:
            (WebCore::audioTrackNoLabelText):
            * platform/LocalizedStrings.h:
            * platform/efl/LocalizedStringsEfl.cpp:
            (WebCore::audioTrackNoLabelText):
            * platform/gtk/LocalizedStringsGtk.cpp:
            (WebCore::audioTrackNoLabelText):

            Drive-by fix; do not recurse into AudioTrackPrivate->setEnabled() when the enabled
            state changes.
            * html/track/AudioTrack.cpp:
            (WebCore::AudioTrack::enabledChanged):

            Fix possible out-of-bounds Vector access when adding tracks to a track list by
            sorting the list at insert time, rather than inserting into the track's reported
            position in the Vector:
            * html/track/AudioTrackList.cpp:
            (AudioTrackList::append):
            * html/track/VideoTrackList.cpp:
            (VideoTrackList::append):

            Correctly report the trackIndex of audio and video tracks from AVFoundation:
            * platform/graphics/avfoundation/AudioTrackPrivateAVF.h:
            (WebCore::AudioTrackPrivateAVF::trackIndex):
            (WebCore::AudioTrackPrivateAVF::setTrackIndex):
            (WebCore::AudioTrackPrivateAVF::AudioTrackPrivateAVF):
            * platform/graphics/avfoundation/VideoTrackPrivateAVF.h:
            (WebCore::VideoTrackPrivateAVF::trackIndex):
            (WebCore::VideoTrackPrivateAVF::setTrackIndex):
            (WebCore::VideoTrackPrivateAVF::VideoTrackPrivateAVF):
            * platform/graphics/avfoundation/objc/AudioTrackPrivateAVFObjC.mm:
            (WebCore::AudioTrackPrivateAVFObjC::resetPropertiesFromTrack):
            * platform/graphics/avfoundation/objc/VideoTrackPrivateAVFObjC.cpp:
            (WebCore::VideoTrackPrivateAVFObjC::resetPropertiesFromTrack):

2015-02-13  Lucas Forschler  <lforschler@apple.com>

        Merge r179933

    2015-02-10  Alexey Proskuryakov  <ap@apple.com>

            URL::setUser and URL::setPass don't percent encode
            https://bugs.webkit.org/show_bug.cgi?id=141453
            rdar://problem/14844503&16551802&19623145

            Reviewed by Darin Adler.

            Tests: fast/url/url-credentials-escaping.html
                   http/tests/xmlhttprequest/basic-auth-credentials-escaping.html

            Start adding some code that performs escaping in a way that matches the URL Standard.
            Right now, it's only used where we failed to do any escaping at all, and over time,
            we'll be moving towards a new implementation.

            * html/URLUtils.h:
            (WebCore::URLUtils<T>::username):
            (WebCore::URLUtils<T>::password):
            * platform/URL.cpp:
            (WebCore::isSchemeFirstChar):
            (WebCore::URL::user):
            (WebCore::URL::pass):
            (WebCore::URL::encodedUser):
            (WebCore::URL::encodedPass):
            (WebCore::URL::setUser):
            (WebCore::URL::setPass):
            (WebCore::encodeWithURLEscapeSequences):
            * platform/URL.h:

2015-02-13  Lucas Forschler  <lforschler@apple.com>

        Merge r179772

    2015-02-06  Said Abou-Hallawa  <sabouhallawa@apple.com>

            Invalid cast in WebCore::SVGAnimateElement::calculateAnimatedValue.
            https://bugs.webkit.org/show_bug.cgi?id=135171.

            Reviewed by Dean Jackson.

            The bug happens when an SVG element is animated by <animateMotion> followed by an
            <animateColor> or an <animate> and the values of the "attributeName" in both elements
            are the same. The problem is <animateMotion> should not have an attribute to animate.
            If it does by fuzz or by mistake, then we assume the <animateMotion> and the <animate>
            animate the same attribute for the same element target. Therefore we schedule them in
            the same AnimationVector in SMILTimeContainer::schedule(). When we call
            SVGAnimateElementBase::calculateAnimatedValue() for an SVGAnimateColorElement and the
            resultElement is SVGAnimateMotionElement, we fail to cast it to SVGAnimateElementBase
            because SVGAnimateMotionElement is derived from SVGAnimationElement which is the base
            class of all animate elements including SVGAnimateElementBase.

            The fix is to nullify setting "attributeName" of an SVGAnimationElement. By doing so,
            "attributeName" and its value will be ignored from the <animateMotion> which is correct.

            Tests: svg/animations/animate-montion-invalid-attribute.svg.

            * svg/SVGAnimateElementBase.cpp:
            (WebCore::SVGAnimateElementBase::setAttributeName):
            Do not call SVGAnimationElement::setAttributeName() since SVGAnimationElement should
            not have an attribute to animate. We prevent this by bypassing the parent in the class 
            hierarchy: SVGAnimationElement and calling SVGSMILElement::setAttributeName() directly.

            * svg/SVGAnimationElement.cpp:
            (WebCore::SVGAnimationElement::setAttributeName): Deleted.
            * svg/SVGAnimationElement.h:
            SVGAnimationElement should not have an attribute to animate. So implement its
            setAttributeName() as a null function.

2015-02-13  Lucas Forschler  <lforschler@apple.com>

        Merge r180053

    2015-02-13  Andreas Kling  <akling@apple.com>

            [iOS] Refine GC behavior in response to process suspension and memory pressure.
            <https://webkit.org/b/141543>
            <rdar://problem/19738024>

            Reviewed by Geoffrey Garen.

            Do an immediate full garbage collection when the web process is about to
            be suspended (when another tab is moving to the foreground on iOS.)
            This ensures that we make a best effort to reduce the process footprint
            before we lose the ability to execute code.

            When receiving a memory pressure warning, tell the garbage collector to
            accelerate its next collection (by calling garbageCollectSoon().)
            This gives us some confidence that a collection will happen within a
            reasonable timeframe, but doesn't risk dooming us to a loop of endless
            garbage collections.

            * platform/cocoa/MemoryPressureHandlerCocoa.mm:
            (WebCore::MemoryPressureHandler::platformReleaseMemory):

2015-02-13  Lucas Forschler  <lforschler@apple.com>

        Merge r179737

    2015-02-05  Andreas Kling  <akling@apple.com>

            [iOS] Run a full garbage collection on memory warning.
            <https://webkit.org/b/141313>
            <rdar://problem/19738024>

            Reviewed by Chris Dumez.

            Make sure that we run a full GC when trying to free up memory, as this might
            be our last chance to execute before the kernel suspends this process.

            This aligns WebKit2 with the old WebKit1 behavior.

            * platform/cocoa/MemoryPressureHandlerCocoa.mm:
            (WebCore::MemoryPressureHandler::platformReleaseMemory):

2015-02-13  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r179771. rdar://problem/19395131

    2015-02-06  Simon Fraser  <simon.fraser@apple.com>

            Convert the compositing overlap map to use LayoutRects
            https://bugs.webkit.org/show_bug.cgi?id=141346
            rdar://problem/18206365

            Reviewed by Zalan Bujtas.

            If two compositing layers were adjoining but not overlapping, but happened to
            have non-integral offsets, then using enclosing IntRects in the overlap map
            would cause us to think they are overlapping, and create unnecessary backing store.

            Fix by converting the overlap map to use LayoutRects.

            Test: compositing/layer-creation/subpixel-adjacent-layers-overlap.html

            * rendering/RenderLayerCompositor.cpp:
            (WebCore::OverlapMapContainer::add):
            (WebCore::OverlapMapContainer::overlapsLayers):
            (WebCore::RenderLayerCompositor::OverlapMap::add):
            (WebCore::RenderLayerCompositor::OverlapMap::overlapsLayers):
            (WebCore::RenderLayerCompositor::OverlapMap::RectList::append):
            (WebCore::RenderLayerCompositor::OverlapMap::RectList::intersects):
            (WebCore::RenderLayerCompositor::logLayerInfo):
            (WebCore::RenderLayerCompositor::addToOverlapMap):
            (WebCore::RenderLayerCompositor::addToOverlapMapRecursive):
            (WebCore::RenderLayerCompositor::computeCompositingRequirements):
            * rendering/RenderLayerCompositor.h:

2015-02-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r179883. rdar://problem/19790645

    2015-02-09  David Hyatt  <hyatt@apple.com>

            text-underline-position: under is broken
            https://bugs.webkit.org/show_bug.cgi?id=141400
            <rdar://problem/18569583>

            Reviewed by Simon Fraser.

            Added fast/text/text-underline-position-under.html

            * rendering/InlineFlowBox.cpp:
            (WebCore::InlineFlowBox::computeMaxLogicalBottom):
            (WebCore::InlineFlowBox::computeMaxLogicalTop): Deleted.
            * rendering/InlineFlowBox.h:
            Switch to using the bottom to compute the offset. Using the top is incorrect, since
            the heights of boxes can vary.

            Fix a bug where the y() of the box was being used instead of the logical value, making the result
            wrong for vertical text.

            * rendering/RootInlineBox.cpp:
            (WebCore::RootInlineBox::maxLogicalBottom):
            (WebCore::RootInlineBox::maxLogicalTop): Deleted.
            Switch to using the bottom instead of the top. Make sure the root box contributes its own bottom,
            since the old code just ignored the root's placement.

            * rendering/RootInlineBox.h:
            * style/InlineTextBoxStyle.cpp:
            (WebCore::computeUnderlineOffset):
            Call the bottom function now instead of the top.

2015-02-13  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r179771. rdar://problem/19395131

    2015-02-06  Simon Fraser  <simon.fraser@apple.com>

            Convert the compositing overlap map to use LayoutRects
            https://bugs.webkit.org/show_bug.cgi?id=141346
            rdar://problem/18206365

            Reviewed by Zalan Bujtas.

            If two compositing layers were adjoining but not overlapping, but happened to
            have non-integral offsets, then using enclosing IntRects in the overlap map
            would cause us to think they are overlapping, and create unnecessary backing store.

            Fix by converting the overlap map to use LayoutRects.

            Test: compositing/layer-creation/subpixel-adjacent-layers-overlap.html

            * rendering/RenderLayerCompositor.cpp:
            (WebCore::OverlapMapContainer::add):
            (WebCore::OverlapMapContainer::overlapsLayers):
            (WebCore::RenderLayerCompositor::OverlapMap::add):
            (WebCore::RenderLayerCompositor::OverlapMap::overlapsLayers):
            (WebCore::RenderLayerCompositor::OverlapMap::RectList::append):
            (WebCore::RenderLayerCompositor::OverlapMap::RectList::intersects):
            (WebCore::RenderLayerCompositor::logLayerInfo):
            (WebCore::RenderLayerCompositor::addToOverlapMap):
            (WebCore::RenderLayerCompositor::addToOverlapMapRecursive):
            (WebCore::RenderLayerCompositor::computeCompositingRequirements):
            * rendering/RenderLayerCompositor.h:

2015-02-13  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r179750. rdar://problem/19719085

    2015-02-06  Maciej Stachowiak  <mjs@apple.com>

            REGRESSION(r179706): Caused memory corruption on some tests (Requested by _ap_ on #webkit).
            https://bugs.webkit.org/show_bug.cgi?id=141324

            Reviewed by Alexey Proskuryakov.

            No new tests. This is caught by existing tests under ASAN, and I don't know how to reproduce
            it without ASAN.

            * rendering/RenderLineBoxList.cpp:
            (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild): Give up
            and just always invalidate the next line. It's too hard to come up
            with the condition that catches all needed cases, doesn't itself
            cause a crash, and isn't overzealous. And we do this for the
            previous line anyway.  Also clean up the code a bit since it
            confusingly reuses a variable, and declares it uninitialized, for
            no good reason.

2015-02-13  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r179706. rdar://problem/19719085

    2015-02-05  Maciej Stachowiak  <mjs@apple.com>

            Crash due to failing to dirty a removed text node's line box
            https://bugs.webkit.org/show_bug.cgi?id=136544

            Reviewed by David Hyatt.

            Test: fast/text/remove-text-node-linebox-not-dirty-crash.html

            * rendering/RenderLineBoxList.cpp:
            (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild): Make the check for dirtying the next
            line box a bit more inclusive to avoid a case of a line box for a destroyed render object not
            being dirtied. In particular, when the text node's parent has no line boxes but contains BRs.

2015-02-13  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r179691. rdar://problem/19719089

    2015-02-05  Zalan Bujtas  <zalan@apple.com>

            Do not destroy RenderQuote's text fragment child when quotation mark string is changing.
            https://bugs.webkit.org/show_bug.cgi?id=141271
            rdar://problem/18169375

            Reviewed by Antti Koivisto.

            Similar approach as https://codereview.chromium.org/679593004/

            This patch ensures that laying out a RenderQuote does not force a sibling RenderQuote's
            child renderer(RenderText) to be destroyed.
            BreakingContext holds a pointer to the next renderer on the line (BreakingContext::m_nextObject).
            While laying out the line, initiated by BreakingContext, placing the current renderer could end up destroying the "next" renderer.
            This happens when the pseudo after quotation mark(RenderQuote) becomes floated, the sibling <q>'s pseudo
            before text needs to be changed (from " to ') so that we don't end up with 2 sets of the same opening
            strings.
            The fix is to reuse the RenderTextFragment object instead of destroy/recreate it.

            Test: fast/css/content/quote-crash-when-floating.html

            * rendering/RenderQuote.cpp:
            (WebCore::RenderQuote::RenderQuote):
            (WebCore::fragmentChild):
            (WebCore::RenderQuote::updateText):
            * rendering/RenderQuote.h:
            * rendering/RenderTextFragment.cpp:
            (WebCore::RenderTextFragment::setText):
            (WebCore::RenderTextFragment::setContentString):
            * rendering/RenderTextFragment.h:

2015-02-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r179843.

    2015-02-09  Jer Noble  <jer.noble@apple.com>

            [Mac] Disable the currentTime estimation code in HTMLMediaElement for Yosemite+
            https://bugs.webkit.org/show_bug.cgi?id=141399

            Reviewed by Eric Carlson.

            Apparenty -[AVPlayer rate] means different things for HLS and progressive content; for progressive,
            the -rate is the actual rate of playback. For HLS, the -rate is the requested rate, and will return
            the requested value even if time is not progressing.

            We added the currentTime estimation engine because asking AVFoundation for its -currentTime used to
            be expensive, but we've been assured that in recent iOS and OS X releases, -currentTime should be
            very fast. That, in combination with the HLS behavior of -rate and how it breaks the currentTime
            estimation, means we should probably turn it off for iOS and Yosemite.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::maximumDurationToCacheMediaTime): Move implementation to .mm.
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::maximumDurationToCacheMediaTime): Disable on iOS and >=10.10.

2015-02-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r178571.

    2015-01-15  Ryosuke Niwa  <rniwa@webkit.org>

            Removing an HTML element spends a lot of time in adjustDirectionalityIfNeededAfterChildrenChanged
            https://bugs.webkit.org/show_bug.cgi?id=140523
            <rdar://problem/19464329>

            Reviewed by Chris Dumez.

            The bug was caused by adjustDirectionalityIfNeededAfterChildrenChanged always traversing children to
            unset selfOrAncestorHasDirAutoAttribute flag while removing a child element.

            Fixed the bug by removing this code. This code was no-op prior to being refactored in r154957 since
            we only entered a for loop with the invariant "counter < childCountDelta" when "childCountDelta < 0".

            See http://trac.webkit.org/changeset/154957/trunk/Source/WebCore/html/HTMLElement.cpp.

            * html/HTMLElement.cpp:
            (WebCore::HTMLElement::adjustDirectionalityIfNeededAfterChildrenChanged):

2015-02-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r178490.

    2015-01-14  Simon Fraser  <simon.fraser@apple.com>

            Graphics corruption after Find on some pages
            https://bugs.webkit.org/show_bug.cgi?id=140489

            Reviewed by Zalan Bujtas.

            After doing a Find on http://shop.outlier.cc/shop/retail/chino.html,
            garbage could appear on some parts of the page. This is caused by creating
            a compositing layer which is marked as opaque, yet failing to paint the entire
            layer contents.

            This was caused by a bug in RenderBox::computeBackgroundIsKnownToBeObscured()
            logic. On the page in question, doing a Find could cause overflow:hidden sections
            to get scrolled (since Find can reveal the selection by scrolling overflow).
            However, the render tree walking under RenderBox::foregroundIsKnownToBeOpaqueInRect()
            fails to take overflow scrolling into account, so gives the wrong answer
            in some content configurations. As a result, we'd think that the background
            is obscured, and never paint it.

            Conservative fix is to have isCandidateForOpaquenessTest() return false
            when the content has any non-zero scroll offset.

            Tests: compositing/contents-opaque/opaque-with-scrolled.html
                   fast/backgrounds/opaque-scrolled-paint-background.html

            * rendering/RenderBox.cpp:
            (WebCore::isCandidateForOpaquenessTest):

2015-02-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r178426.

    2015-01-14  Jer Noble  <jer.noble@apple.com>

            Null-deref crash when seeking immediately before looping.
            https://bugs.webkit.org/show_bug.cgi?id=140394

            Reviewed by Eric Carlson.

            It is possible for finishSeek() to be called when a seek() has caused a pending seek task
            to be scheduled, but before that pending seek task is run. In this case, if a seek request
            is issued, the existing pending seek task will not be cancelled, which will cause a crash
            when the pending seek task is run.

            When checking whether an existing seek task needs to be cancelled, check the actual timer,
            rather than the m_seeking boolean, so that this case is covered.

            Test: media/video-ended-seek-crash.html

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::seekWithTolerance):

2015-02-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r176240.

    2014-11-17  Simon Fraser  <simon.fraser@apple.com>

            [iOS WK1] Sometimes, missing tiles in -webkit-overflow-scrolling: touch in UIWebViews
            https://bugs.webkit.org/show_bug.cgi?id=138815
            rdar://problem/18746203

            Reviewed by Tim Horton.

            The scroll-velocity-related data members on FrameView, added in r168233, were uninitialized in UIWebViews,
            so FrameView::computeCoverageRect() could return garbage results, leading to too much or too little tile coverage.

            We still add additional coverage from the new inclusion of a margin area, but, for simplicity, leave that the same
            between WK1 and WK2 for now.

            * page/FrameView.cpp:
            (WebCore::FrameView::FrameView):

2015-02-05  Lucas Forschler  <lforschler@apple.com>

        Merge r179567

    2015-02-02  Enrica Casucci  <enrica@apple.com>

            Additional emoji support.
            https://bugs.webkit.org/show_bug.cgi?id=141047
            rdar://problem/19045135

            Reviewed by Darin Adler.

            Adds support for emoji modifiers and group emoji.

            Test: editing/deleting/delete-emoji.html

            * platform/graphics/FontCascade.cpp:
            (WebCore::FontCascade::characterRangeCodePath):
            * platform/text/TextBreakIterator.cpp:
            (WebCore::cursorMovementIterator):
            * rendering/RenderText.cpp:
            (WebCore::isEmojiGroupCandidate):
            (WebCore::isEmojiModifier):
            (WebCore::RenderText::previousOffsetForBackwardDeletion):

2015-02-05  David Kilzer  <ddkilzer@apple.com>

        Merge r176473.

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseFor): Change from
        r176473 not listed in that ChangeLog.
        (WebCore::SimpleLineLayout::createLineRuns): Call
        nextBreakablePositionNonLoosely() in place of
        nextBreakablePosition().

    2014-11-21  Glenn Adams  <glenn@skynav.com> and Myles C. Maxfield  <mmaxfield@apple.com>

        Add support to -webkit-line-break property for CSS3 Text line-break property values and semantics.
        https://bugs.webkit.org/show_bug.cgi?id=89235

        Reviewed by Eric Seidel and Dave Hyatt.

        This patch adds semantic support for the CSS3 line-break property (qua -webkit-line-break),
        and enables testing on (apple) mac ports. Follow on patches will enable these tests on
        other ports as they are incrementally verified.

        See also wiki documentation at:
        [1] http://trac.webkit.org/wiki/LineBreaking
        [2] http://trac.webkit.org/wiki/LineBreakingCSS3Mapping

        Tests: css3/line-break/line-break-auto-centered.html
               css3/line-break/line-break-auto-half-kana.html
               css3/line-break/line-break-auto-hyphens.html
               css3/line-break/line-break-auto-inseparables.html
               css3/line-break/line-break-auto-iteration-marks.html
               css3/line-break/line-break-auto-postfixes.html
               css3/line-break/line-break-auto-prefixes.html
               css3/line-break/line-break-auto-sound-marks.html
               css3/line-break/line-break-loose-centered.html
               css3/line-break/line-break-loose-half-kana.html
               css3/line-break/line-break-loose-hyphens.html
               css3/line-break/line-break-loose-inseparables.html
               css3/line-break/line-break-loose-iteration-marks.html
               css3/line-break/line-break-loose-postfixes.html
               css3/line-break/line-break-loose-prefixes.html
               css3/line-break/line-break-loose-sound-marks.html
               css3/line-break/line-break-normal-centered.html
               css3/line-break/line-break-normal-half-kana.html
               css3/line-break/line-break-normal-hyphens.html
               css3/line-break/line-break-normal-inseparables.html
               css3/line-break/line-break-normal-iteration-marks.html
               css3/line-break/line-break-normal-postfixes.html
               css3/line-break/line-break-normal-prefixes.html
               css3/line-break/line-break-normal-sound-marks.html
               css3/line-break/line-break-strict-centered.html
               css3/line-break/line-break-strict-half-kana.html
               css3/line-break/line-break-strict-hyphens.html
               css3/line-break/line-break-strict-inseparables.html
               css3/line-break/line-break-strict-iteration-marks.html
               css3/line-break/line-break-strict-postfixes.html
               css3/line-break/line-break-strict-prefixes.html
               css3/line-break/line-break-strict-sound-marks.html

        These tests were previously added in http://trac.webkit.org/changeset/143378, but skipped
        in generic TestExpectations. In this patch, they are marked as Pass for the (apple) mac ports.

        * platform/text/LineBreakIteratorPoolICU.h:
        (WebCore::LineBreakIteratorPool::makeLocaleWithBreakKeyword):
        Add static function to construct ICU locale argument (also used as pool key) with additional
        break keyword.
        (LineBreakIteratorPool):
        (WebCore::LineBreakIteratorPool::take):
        (WebCore::LineBreakIteratorPool::put):
        Remove direct dependency from ICU library (and types), moving that dependency into
        new {open,close}LineBreakIterator() functions (defined in TextBreakIteratorICU.cpp).
        Update to take line break mode into account.
        Create (and cache) different break iterators depending on line break mode (in addition to locale),
        which entails expanding pool entry key format to optionally append "@break=" +
        "loose"|"normal"|"strict" keyword to locale string.

        * platform/text/TextBreakIterator.h:
        (WebCore::LazyLineBreakIterator::LazyLineBreakIterator):
        (WebCore::LazyLineBreakIterator::isLooseCJKMode):
        (WebCore::LazyLineBreakIterator::get):
        (WebCore::LazyLineBreakIterator::reset):
        (LazyLineBreakIterator):
        Define LineBreakIteratorMode enumeration for use in TextBreakIterator et al.
        Add state member to indicate line break mode.

        * platform/text/TextBreakIteratorICU.cpp:
        (WebCore::acquireLineBreakIterator):
        Use new line break mode when making iterator from pool.
        Handle change of return type of LineBreakIteratorPool::take() to non-ICU type,
        i.e., TextBreakIterator* instead of ICU's UBreakIterator*.
        (WebCore::releaseLineBreakIterator):
        Handle change of parameter type of LineBreakIteratorPool::put() to non-ICU type,
        i.e., TextBreakIterator* instead of ICU's UBreakIterator*.
        (WebCore):
        (WebCore::isCJKLocale):
        New functions for determining if CJK rules apply.
        (WebCore::openLineBreakIterator):
        New function for abstracting opening of ICU style line break iterator. This is now
        used in LineBreakIteratorPoolICU.h rather than having direct ICU API dependency there.
        This function also takes into account the line break mode.

        Note that this function only calls ubrk_openRules() when the author has opted-in via
        using the -webkit-line-break CSS property. Eventually, we would like to be able to
        customize the rules that ICU's line breaking algorithm uses (especially for CJK text);
        however, ubrk_openRules() currently parses its input string to create a DFA and is
        therefore very slow. In fact, it's so slow that increasing our cache size in
        LineBreakIteratorPool doesn't actually help enough. Also note that the default value
        for the line-break CSS property is 'auto'.
        (WebCore::closeLineBreakIterator):
        (WebCore::mapLineIteratorModeToRules):
        New function for abstracting closing of ICU style line break iterator. This is now
        used in LineBreakIteratorPoolICU.h rather than having direct ICU API dependency there.

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlock::LineBreaker::nextSegmentBreak):
        Pass line break iterator mode flag when reseting LazyLineBreakIterator.
        Add looseMode local variable to prevent need for computing under isBreakable().

        * rendering/RenderText.cpp:
        (WebCore::mapLineBreakToIteratorMode):
        Add implementation for mapLineBreakToIteratorMode(), used by both RenderText::computePreferredLogicalWidths
        and RenderBlock::LineBreaker::nextLineBreak.
        (WebCore):
        (WebCore::RenderText::computePreferredLogicalWidths):
        Ensure (lazy line) breakIterator is initialized for line break mode.
        Ensure isBreakable() is passed loose mode flag to match behavior in RenderBlock::LineBreaker::nextLineBreak.

        * rendering/RenderText.h:
        (WebCore):
        Add declaration for mapLineBreakToIteratorMode(), used by both RenderText::computePreferredLogicalWidths
        and RenderBlock::LineBreaker::nextLineBreak.

        * rendering/break_lines.cpp:
        (WebCore):
        Introduce (local) enum NBSPBehavior for expanding template on nextBreakablePosition.
        (WebCore::isBreakableSpace):
        Add externally specified loose mode parameter to prevent need to invoke line break iterator
        accessor method on each invocation. Use new loose mode flavors off NBP functions.
        (WebCore::needsLineBreakIterator):
        Use enum NBSP behavior template parameter rather than boolean.
        (WebCore::nextBreakablePositionNonLoosely):
        Extend name to distinguish from loose flavor of this function.
        (WebCore::nextBreakablePositionLoosely):
        Add loose flavor of NBP invoked only when loose mode applies, in which case ASCII shortcut
        table cannot be used.
        (WebCore::nextBreakablePosition):
        (WebCore::nextBreakablePositionIgnoringNBSP):
        Use (renamed) non-loose flavor of NBP.
        (WebCore::nextBreakablePositionLoose):
        (WebCore::nextBreakablePositionIgnoringNBSPLoose):
        Introduce loose flavor of NBP template expansions.

        * rendering/break_lines.h:
        (WebCore):
        (WebCore::isBreakable):
        Add externally specified loose mode parameter to prevent need to invoke line break iterator
        accessor method on each invocation.

2015-02-05  Lucas Forschler  <lforschler@apple.com>

    Rollout r179711

2015-02-05  Lucas Forschler  <lforschler@apple.com>

        Merge r179627

    2015-02-03  David Hyatt  <hyatt@apple.com>

            Tables don't repaginate properly when the pagination height changes or the pagination offset changes.
            https://bugs.webkit.org/show_bug.cgi?id=141207
            <rdar://problem/18387659>

            Reviewed by Dean Jackson.

            Added fast/multicol/table-dynamic-movement.html

            Change markForPaginationRelayoutIfNeeded to be called always and to check needsLayout inside it.

            Make RenderTable override markForPaginationRelayoutIfNeeded and also dirty the sections if the table
            ended up getting marked for relayout.

            Make sure rows do the right thing as well.

            * rendering/RenderBlock.cpp:
            (WebCore::RenderBlock::layoutPositionedObjects):
            (WebCore::RenderBlock::markForPaginationRelayoutIfNeeded):
            * rendering/RenderBlock.h:
            * rendering/RenderBlockFlow.cpp:
            (WebCore::RenderBlockFlow::layoutBlockChild):
            (WebCore::RenderBlockFlow::adjustBlockChildForPagination):
            (WebCore::RenderBlockFlow::positionNewFloats):
            * rendering/RenderDeprecatedFlexibleBox.cpp:
            (WebCore::RenderDeprecatedFlexibleBox::layoutHorizontalBox):
            (WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox):
            * rendering/RenderTable.cpp:
            (WebCore::RenderTable::markForPaginationRelayoutIfNeeded):
            * rendering/RenderTable.h:
            * rendering/RenderTableRow.cpp:
            (WebCore::RenderTableRow::layout):
            * rendering/RenderTableSection.cpp:
            (WebCore::RenderTableSection::layout):

2015-02-05  Lucas Forschler  <lforschler@apple.com>

        Merge r179366

    2015-01-20  David Hyatt  <hyatt@apple.com>

            Japanese line breaking rules need to be respected before and after Ruby.
            https://bugs.webkit.org/show_bug.cgi?id=91588
            <rdar://problem/17306535>

            Reviewed by Dean Jackson.

            Added fast/ruby/ruby-punctuation-avoid-breaking.html.

            This patch has to add support for following line breaking rules at both
            sides of a Ruby boundary. For breaking before a Ruby, unfortunately we
            just hard-code the rules (and apply this hard-coding only to Ruby and not
            to other inline replaced elements).

            For breaking after a Ruby we do better. The Ruby run caches its prior characters
            and line layout is able to obtain them and use them when deciding whether or not
            to break. This means for the "after" side of a Ruby, we're able to behave the same
            as if no Ruby was used.

            * rendering/RenderBlockFlow.h:
            (WebCore::RenderBlockFlow::cachePriorCharactersIfNeeded):
            * rendering/RenderBlockLineLayout.cpp:
            (WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
            * rendering/RenderRubyBase.cpp:
            (WebCore::RenderRubyBase::cachePriorCharactersIfNeeded):
            * rendering/RenderRubyBase.h:
            * rendering/RenderRubyRun.cpp:
            (WebCore::RenderRubyRun::RenderRubyRun):
            (WebCore::RenderRubyRun::updatePriorContextFromCachedBreakIterator):
            (WebCore::RenderRubyRun::canBreakBefore):
            * rendering/RenderRubyRun.h:
            * rendering/RenderRubyText.cpp:
            (WebCore::RenderRubyText::canBreakBefore):
            * rendering/RenderRubyText.h:
            * rendering/line/BreakingContextInlineHeaders.h:
            (WebCore::BreakingContext::handleReplaced):
            (WebCore::BreakingContext::canBreakAtThisPosition):
            (WebCore::BreakingContext::commitAndUpdateLineBreakIfNeeded):

2015-02-05  Lucas Forschler  <lforschler@apple.com>

        Merge r179567

    2015-02-02  Enrica Casucci  <enrica@apple.com>

            Additional emoji support.
            https://bugs.webkit.org/show_bug.cgi?id=141047
            rdar://problem/19045135

            Reviewed by Darin Adler.

            Adds support for emoji modifiers and group emoji.

            Test: editing/deleting/delete-emoji.html

            * platform/graphics/FontCascade.cpp:
            (WebCore::FontCascade::characterRangeCodePath):
            * platform/text/TextBreakIterator.cpp:
            (WebCore::cursorMovementIterator):
            * rendering/RenderText.cpp:
            (WebCore::isEmojiGroupCandidate):
            (WebCore::isEmojiModifier):
            (WebCore::RenderText::previousOffsetForBackwardDeletion):

2015-02-04  Lucas Forschler  <lforschler@apple.com>

        Merge r178661

    2015-01-19  Brent Fulgham  <bfulgham@apple.com>

            Layers need to be already updated before we call adjustViewSize
            https://bugs.webkit.org/show_bug.cgi?id=135514

            Reviewed by Simon Fraser.

            Tested by 'fast/dynamic/layer-no-longer-paginated.html'

            Defer painting operations until we have finished layout. This
            has a couple of benefits:
            (1) We do not attempt to modify render layers during layout.
            (2) In WK1 we do not attempt to paint during layout.

            Add a new virtual predicate to ScrollView indicating when we are in
            layout so that calls to setContentsSize do not attempt
            to adjust scrollbars.

            Modify FrameView to set its ScrollView state to block paint
            operations during layout. Also add a post-layout handler to
            complete the scrollbar updates after layout is finished.

            * WebCore.exp.in: Move linker symbol to ScrollView (from FrameView).
            * page/FrameView.cpp:
            (WebCore::FrameView::layout):
            (WebCore::FrameView::shouldDeferScrollUpdateAfterContentSizeChange): Added.
            (WebCore::FrameView::scrollPositionChangedViaPlatformWidget): Removed (Renamed).
            (WebCore::FrameView::scrollPositionChangedViaPlatformWidgetImpl): Added (Renamed)
            (WebCore::FrameView::paintContents): Do not paint if we are inside view size adjustment.
            * page/FrameView.h:
            * platform/ScrollView.cpp:
            (WebCore::ScrollView::scrollPositionChangedViaPlatformWidget): Added. Checks whether we need to defer
            painting, and calls virtual scrollPositionChangedViaPlatformWidgetImpl if we do not.
            (WebCore::FrameView::scrollPositionChangedViaPlatformWidgetImpl): Added.
            (WebCore::ScrollView::handleDeferredScrollUpdateAfterContentSizeChange): Added.
            (WebCore::ScrollView::scrollTo): If we should defer painting, cache the
            the scroll delta and apply it after the layout is complete.
            (WebCore::ScrollView::completeUpdatesAfterScrollTo): Split off part of 'scrollTo' into its own method
            so we can reuse it in handleDeferredScrollUpdateAfterContentSizeChange.
            * platform/ScrollView.h:
            (WebCore::ScrollView::shouldDeferScrollUpdateAfterContentSizeChange): Added.

2015-02-04  Lucas Forschler  <lforschler@apple.com>

        Merge r178363

    2015-01-13  Andreas Kling  <akling@apple.com>

            Element::normalizeAttributes() needs to handle arbitrary JS executing between loop iterations.
            <https://webkit.org/b/140379>
            <rdar://problem/19446901>

            Reviewed by Benjamin Poulain.

            Since DOM mutation events may arise below the call to Node::normalize(),
            have the loop in Element::normalizeAttributes() make a copy of the Attr nodes
            beforehand, to guard against mutations.

            Based on a patch by Chris "Chris Dumez" Dumez.

            Test: fast/dom/Element/normalize-crash2.html

            * dom/Element.cpp:
            (WebCore::Element::normalizeAttributes):

2015-02-04  Lucas Forschler  <lforschler@apple.com>

        Merge r177165

    2014-12-10  Dean Jackson  <dino@apple.com>

            InstancedArray crashes attempting to draw out of bounds
            https://bugs.webkit.org/show_bug.cgi?id=139521

            Reviewed by Simon Fraser.

            We were not doing index validation correctly for instancing.

            Test: fast/canvas/webgl/angle-instanced-arrays-out-of-bounds.html

            * html/canvas/WebGLRenderingContext.cpp:
            (WebCore::WebGLRenderingContext::validateVertexAttributes): We need to check
            the number of instances drawn against the amount of instance data that has
            been provided, taking into account the number of repeats (the divisor).
            (WebCore::WebGLRenderingContext::drawArrays): Added some whitespace to make it more clear.
            (WebCore::WebGLRenderingContext::validateDrawElements): This needs to take a primcount
            parameter so that it can correctly validate the call (when used from drawElementsInstanced).
            (WebCore::WebGLRenderingContext::drawElements): New signature to validate.
            (WebCore::WebGLRenderingContext::drawArraysInstanced): Rearrange this a bit. The
            primcount validation is already being done by the validateDrawArrays call. Also, there
            was a bogus UNUSED_PARAM hanging around.
            (WebCore::WebGLRenderingContext::drawElementsInstanced): Similar rearrangement. Use
            the primcount parameter.
            * html/canvas/WebGLRenderingContext.h:

2015-02-04  Lucas Forschler  <lforschler@apple.com>

        Merge r177089

    2014-12-10  Antti Koivisto  <antti@apple.com>

            Crash when creating CSSCalcBinaryOperation
            https://bugs.webkit.org/show_bug.cgi?id=134886
            rdar://problem/17663561

            Reviewed by Chris Dumez.

            Test: fast/css/calc-binary-operation-crash.html

            * css/CSSCalculationValue.cpp:
            (WebCore::determineCategory):

            Ensure that both axis are within the addSubtractResult table.
            Remove unneeded CalcOther test. The call site guarantees it doesn't happen and the normal cases would handle it anyway.
            Also strengthen some asserts.

2015-02-04  Lucas Forschler  <lforschler@apple.com>

        Merge r176750

    2014-12-03  Zalan Bujtas  <zalan@apple.com>

            ASSERTION: RenderMultiColumnFlowThread::processPossibleSpannerDescendant() when column spanner's parent is not a RenderBlockFlow.
            https://bugs.webkit.org/show_bug.cgi?id=139188
            rdar://problem/18502182

            Reviewed by David Hyatt.

            This patch ensures that the validation check for spanner in isValidColumnSpanner() is in synch
            with the expectation in RenderMultiColumnFlowThread::processPossibleSpannerDescendant().
            (descendant's parent is expected to be a RenderBlockFlow)

            Test: fast/multicol/svg-content-as-column-spanner-crash.html

            * rendering/RenderMultiColumnFlowThread.cpp:
            (WebCore::isValidColumnSpanner):

2015-02-04  Lucas Forschler  <lforschler@apple.com>

        Merge r175641

    2014-11-04  David Hyatt  <hyatt@apple.com>

            Descendant ends up in wrong flow thread with nested columns and spans.
            https://bugs.webkit.org/show_bug.cgi?id=137273

            Reviewed by Simon Fraser.

            Unskipped the two problematic span tests.

            * rendering/RenderMultiColumnFlowThread.cpp:
            (WebCore::isValidColumnSpanner):
            Remove the guard and comment and added the assertion back in.

            (WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted):
            Changed to no longer use handleSpannerRemoval. Because the spanner was removed from the flow thread's map,
            handleSpannerRemoval was a no-op. So instead I just removed the placeholder by hand.

            The second fix was to stop destroying the placeholder. Since the placeholder can just have been inserted, you
            can't delete it, since otherwise code further up the stack will access the deleted object. For now, we just
            leak the placeholder.

            The third fix is to make sure the subtreeRoot is properly updated to be the new placeholder.

2015-02-04  Lucas Forschler  <lforschler@apple.com>

        Merge r174085

    2014-09-29  David Hyatt  <hyatt@apple.com>

            REGRESSION (r168046): Confused column spans when combined with dynamic animations
            https://bugs.webkit.org/show_bug.cgi?id=134048.

            Reviewed by Dean Jackson.

            Added fast/multicol/multicol-fieldset-span-changes.html

            * rendering/RenderMultiColumnFlowThread.cpp:
            (WebCore::RenderMultiColumnFlowThread::processPossibleSpannerDescendant):
            Refactor handling of insertions into the multicolumn flow thread into
            a helper function, processPossibleSpannerDescendant. This makes it easier
            to call the code from more than one place.

            (WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted):
            Modify the nested columns span shifting code to avoid problems. The
            new code suppresses notifications and does the move of the spanner back
            into the original spot *before* removing the placeholder. This ensures that
            the placeholder parent still exists.

            The stale placeholder is then removed and destroyed after the spanner has been put back
            into place.

            (WebCore::RenderMultiColumnFlowThread::handleSpannerRemoval):
            (WebCore::RenderMultiColumnFlowThread::flowThreadRelativeWillBeRemoved):
            Refactor the removal notifications for spanners into a helper function so that it can
            be called to do cleanup from the code that cleans up stale placeholders on a shift.

            * rendering/RenderMultiColumnFlowThread.h:
            Modified to add the new helpers.

2015-02-04  Babak Shafiei  <bshafiei@apple.com>

        Merge r178969.

    2015-01-22  Jer Noble  <jer.noble@apple.com>

            [iOS] Media controls disappear when loading a HLS live stream
            https://bugs.webkit.org/show_bug.cgi?id=140792
            rdar://problem/19491658

            Reviewed by Dean Jackson.

            Overload reconnectControls to reconnect the "start playback" button
            if the control type has been set to "StartPlaybackButton".

            * Modules/mediacontrols/mediaControlsiOS.js:
            (ControllerIOS.prototype.reconnectControls):

2015-02-04  Babak Shafiei  <bshafiei@apple.com>

        Merge r172257.

    2014-08-07  Eric Carlson  <eric.carlson@apple.com>

            Create UTF-8 string from in-band VTT cues
            https://bugs.webkit.org/show_bug.cgi?id=135716

            Reviewed by Brent Fulgham.

            Tests will be added in https://bugs.webkit.org/show_bug.cgi?id=135717.

            * platform/graphics/ISOVTTCue.cpp:
            (WebCore::ISOBox::peekString): Call String::fromUTF8 because we know that VTT is always
                UTF-8.

2015-01-28  David Kilzer  <ddkilzer@apple.com>

        run-webkit-tests: Merge 46 commits from trunk to make it work

        r171686, r171687, r171789, r171800, r171967, r171968, r171969,
        r172115, r172117, r172118, r172174, r172602, r172942, r172967,
        r173129, r173452, r173647, r173937, r174406, r174626, r174628,
        r174634, r174642, r174650, r174702, r174728, r174824, r174835,
        r174844, r175204, r176669, r176677, r176872, r176880, r176885,
        r176897, r177129, r177363, r177370, r177510, r178444, r178570,
        r178601, r178656, r178867, r178925

        * platform/ios/wak/WAKWindow.h:
        * platform/ios/wak/WAKWindow.mm:
        (-[WAKWindow setEntireWindowVisibleForTesting:]):
        (-[WAKWindow _visibleRectRespectingMasksToBounds:]):

    2014-10-13  Simon Fraser  <simon.fraser@apple.com>

        iOS DRT snapshots are limited to the page visible area
        https://bugs.webkit.org/show_bug.cgi?id=137650

        Reviewed by Daniel Bates.

        LegacyTileCache drawing was limited to the window's visible area, found by
        crawling up the layer hierarchy to the root layer. This caused test snapshots to
        be missing non-composited content outside the iPhone visible area, which hinders
        testing.
        
        Fix by adding a test-only mode where the window visible area is the entire window.

        * platform/ios/wak/WAKWindow.h:
        * platform/ios/wak/WAKWindow.mm:
        (-[WAKWindow setEntireWindowVisibleForTesting:]):
        (-[WAKWindow _visibleRectRespectingMasksToBounds:]):

2015-01-28  Lucas Forschler  <lforschler@apple.com>

        Merge r179027

    2015-01-23  Enrica Casucci  <enrica@apple.com>

            Hit test returns incorrect results when performed in paginated content over the page gaps.
            https://bugs.webkit.org/show_bug.cgi?id=140837
            rdar://problem/17494390

            Reviewed by Dave Hyatt.

            Tests: fast/multicol/pagination/LeftToRight-tb-hittest.html
                   fast/multicol/pagination/RightToLeft-rl-hittest.html

            When hittesting reaches the RenderView we need to check if we are
            in paginated content and use the correct class to compute hittest results.

            * rendering/RenderView.cpp:
            (WebCore::RenderView::updateHitTestResult):
2015-01-28  Lucas Forschler  <lforschler@apple.com>

        Merge r178380

    2015-01-13  Dean Jackson  <dino@apple.com>

            Filters aren't applied to elements in columns after the first
            https://bugs.webkit.org/show_bug.cgi?id=140331

            Reviewed by Simon Fraser.

            The important bits of this change came from Simon.

            Filters and clipping were not taking columns into
            account when using their offset rectangles. The fix
            is to recalculate the rects if you're in such a
            situation.

            Tests: fast/multicol/clip-in-columns.html
                   fast/multicol/filter-in-columns.html

            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::hasFilterThatIsPainting): New method used
            to check if we're about to paint a filter.
            (WebCore::RenderLayer::setupFilters): Use the new helper if possible.
            (WebCore::RenderLayer::paintLayerContents): If we're in columns,
            and we either have a clip or a filter, recalculate the offset rectangles.
            * rendering/RenderLayer.h:

2015-01-28  Lucas Forschler  <lforschler@apple.com>

        Merge r178175

    2015-01-08  Enrica Casucci  <enrica@apple.com>

            [iOS] Cannot paste an image URL in a plain text field in a page.
            https://bugs.webkit.org/show_bug.cgi?id=140274
            rdar://problem/18590809

            Reviewed by Alexey Proskuryakov.

            When we want to get plain text from the pasteboard, we
            should also try kUTTypeURL if there is no kUTTypeText available.

            * WebCore.exp.in:
            * platform/ios/PasteboardIOS.mm:
            (WebCore::Pasteboard::read):
            * platform/ios/PlatformPasteboardIOS.mm:
            (WebCore::PlatformPasteboard::readString):

2015-01-28  Lucas Forschler  <lforschler@apple.com>

        Merge r178038

    2015-01-07  Chris Fleizach  <cfleizach@apple.com>

            AX: Crash: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::AXObjectCache::clearTextMarkerNodesInUse + 149
            https://bugs.webkit.org/show_bug.cgi?id=139929

            Reviewed by Darin Adler.

            When a frame is replaced, there were instances when it was not clearing its associated nodes in the accessibility text marker -> Node cache.
            This caused dead Nodes to be left in the cache which would eventually be accessed when the cache was cleaned out at a later time.

            To fix this we should be clearing out the cache in Document::prepareForDestruction, instead of Frame::disconnectOwnerElement.

            While working on this, it also exposed a problem where when a frame goes away, it doesn't inform its parent to update its children,
            which causes an ASSERT to be hit with this test as well.

            Tests: accessibility/frame-disconnect-textmarker-cache-crash.html

            * dom/Document.cpp:
            (WebCore::Document::prepareForDestruction):
            * page/Frame.cpp:
            (WebCore::Frame::disconnectOwnerElement):
                Remove cache management from here since it is superceded by code in Document::prepareForDestruction
            * page/FrameView.cpp:
            (WebCore::FrameView::removeFromAXObjectCache):

2015-01-28  Lucas Forschler  <lforschler@apple.com>

        Merge r177850

    2015-01-01  Chris Dumez  <cdumez@apple.com>

            [iOS] Fix memory leak in FeatureCounter
            https://bugs.webkit.org/show_bug.cgi?id=140029
            <rdar://problem/19255690>

            Reviewed by Darin Adler.

            Fix memory leak in FeatureCounter. The NSString for the counter key
            was allocated but never released. The patch switches to using a
            RetainPtr instead of a raw pointer to avoid the issue.

            * platform/ios/FeatureCounter.mm:
            (WebCore::FeatureCounter::incrementKey):
            (WebCore::FeatureCounter::setKey):

2015-01-28  Lucas Forschler  <lforschler@apple.com>

        Merge r177738

    2014-12-25  Chris Dumez  <cdumez@apple.com>

            [iOS] Log better using FeatureCounter why PageCache is failing due to pruned resources
            https://bugs.webkit.org/show_bug.cgi?id=139921

            Reviewed by Gavin Barraclough and Alexey Proskuryakov.

            Log better using FeatureCounter why PageCache is failing due to pruned
            resources. In particular, we now distinguish if the resource was pruned
            due to:
            - Memory pressure
            - Page cache capacity reached
            - WebProcess suspended (WK2)

            * WebCore.exp.in:
            * history/HistoryItem.cpp:
            (WebCore::HistoryItem::HistoryItem):
            * history/HistoryItem.h:
            * history/PageCache.cpp:
            (WebCore::PageCache::pruneToCapacityNow):
            (WebCore::PageCache::setCapacity):
            (WebCore::pruningReasonToFeatureCounterKey):
            (WebCore::PageCache::add):
            (WebCore::PageCache::take):
            (WebCore::PageCache::get):
            (WebCore::PageCache::prune):
            * history/PageCache.h:
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::commitProvisionalLoad):
            * platform/FeatureCounterKeys.h:
            * platform/MemoryPressureHandler.cpp:
            (WebCore::MemoryPressureHandler::releaseCriticalMemory):

2015-01-28  Lucas Forschler  <lforschler@apple.com>

        Merge r177681

    2014-12-22  Chris Dumez  <cdumez@apple.com>

            [iOS] Log which type of resources are commonly loaded using FeatureCounter
            https://bugs.webkit.org/show_bug.cgi?id=139890

            Reviewed by Darin Adler.

            Log which type of resources are commonly loaded using FeatureCounter
            (e.g. stylesheets, scripts, fonts, images, ...).

            * loader/SubresourceLoader.cpp:
            (WebCore::logResourceLoadedUsingFeatureCounter):
            (WebCore::SubresourceLoader::didFinishLoading):
            * platform/FeatureCounterKeys.h:

2015-01-28  Lucas Forschler  <lforschler@apple.com>

        Merge r177680

    2014-12-22  Chris Dumez  <cdumez@apple.com>

            [iOS] Log using FeatureCounter when a PacheCache fails due to memory pressure
            https://bugs.webkit.org/show_bug.cgi?id=139874
            <rdar://problem/19255690>

            Reviewed by Darin Adler.

            Log using FeatureCounter when a PacheCache fails due to memory
            pressure. To detect this, a flag is added to HistoryItem to mark
            items that are no longer in the page becaused they were pruned
            (either because of a low memory handling or because the page cache
            reached its maximum capacity).

            * history/HistoryItem.cpp:
            (WebCore::HistoryItem::HistoryItem):
            * history/HistoryItem.h:
            * history/PageCache.cpp:
            (WebCore::PageCache::add):
            (WebCore::PageCache::take):
            (WebCore::PageCache::get):
            (WebCore::PageCache::prune):
            * platform/FeatureCounterKeys.h:

2015-01-27  Lucas Forschler  <lforschler@apple.com>

        Merge r177666

    2014-12-22  Chris Dumez  <cdumez@apple.com>

            [iOS] Log using FeatureCounter user-triggered zooming
            https://bugs.webkit.org/show_bug.cgi?id=139879
            <rdar://problem/19329130>

            Reviewed by Benjamin Poulain.

            Log using FeatureCounter user-triggered zooming on iOS.

            * WebCore.exp.in:
            * WebCore.xcodeproj/project.pbxproj:
            * platform/FeatureCounter.h:
            * platform/FeatureCounterKeys.h:

2015-01-27  Lucas Forschler  <lforschler@apple.com>

        Merge r177647

    2014-12-22  Chris Dumez  <cdumez@apple.com>

            [iOS] Log using FeatureCounter when a PacheCache entry is not reused because it expired
            https://bugs.webkit.org/show_bug.cgi?id=139869
            <rdar://problem/19255690>

            Reviewed by Darin Adler.

            Log using FeatureCounter when a PacheCache entry is not reused because
            it expired.

            * history/PageCache.cpp:
            (WebCore::PageCache::take):
            (WebCore::PageCache::get):
            * history/PageCache.h:
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::commitProvisionalLoad):
            (WebCore::FrameLoader::loadDifferentDocumentItem):
            * loader/HistoryController.cpp:
            (WebCore::HistoryController::invalidateCurrentItemCachedPage):
            * platform/FeatureCounterKeys.h:

2015-01-27  Lucas Forschler  <lforschler@apple.com>

        Merge r177591

    2014-12-19  Chris Dumez  <cdumez@apple.com>

            [iOS] Log how often media element playback happens using FeatureCounter
            https://bugs.webkit.org/show_bug.cgi?id=139819
            <rdar://problem/19309988>

            Reviewed by Eric Carlson.

            Log using FeatureCounter how often we start loading for audio / video
            elements, and how often they end up being played.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::HTMLMediaElement):
            Add flag to identify when a media element starts playing for the first
            time.

            (WebCore::HTMLMediaElement::loadResource):
            Log when a media element starts loading.

            (WebCore::HTMLMediaElement::updatePlayState):
            Log when a media element starts playing for the first time.

            * html/HTMLMediaElement.h:
            Add flag to identify when a media element starts playing for the first
            time.

            * platform/FeatureCounterKeys.h:
            Add FeatureCounter keys for HTMLMediaElement loading / playback.

2015-01-27  Lucas Forschler  <lforschler@apple.com>

        Merge r177581

    2014-12-19  Chris Dumez  <cdumez@apple.com>

            [iOS] Log how successful the memory cache is using FeatureCounter
            https://bugs.webkit.org/show_bug.cgi?id=139802

            Reviewed by Andreas Kling.

            Log how successful the memory cache is using FeatureCounter and why we
            choose not to use the resource in the memory cache when it is present.

            * loader/cache/CachedResourceLoader.cpp:
            (WebCore::CachedResourceLoader::requestResource):
            (WebCore::CachedResourceLoader::determineRevalidationPolicy):
            * platform/FeatureCounterKeys.h:

2015-01-27  Lucas Forschler  <lforschler@apple.com>

        Merge r177504

    2014-12-18  Chris Dumez  <cdumez@apple.com>

            [iOS] Log navigation types using FeatureCounter API
            https://bugs.webkit.org/show_bug.cgi?id=139753

            Reviewed by Darin Adler.

            Log navigation types using FeatureCounter API.

            No new tests, no behavior change other than additional feature
            counting.

            * loader/FrameLoader.cpp:
            (WebCore::logNavigationWithFeatureCounter):
            (WebCore::FrameLoader::loadWithDocumentLoader):
            * platform/FeatureCounterKeys.h:

2015-01-27  Lucas Forschler  <lforschler@apple.com>

        Merge r177499

    2014-12-18  Chris Dumez  <cdumez@apple.com>

            [iOS] Log why cached resources are being revalidated using FeatureCounter API
            https://bugs.webkit.org/show_bug.cgi?id=139759
            <rdar://problem/19288177>

            Reviewed by Antti Koivisto.

            Log why cached resources are being revalidated using FeatureCounter API.
            Also log if revalidation is successful or not.

            No new tests, no behavior change.

            * loader/SubresourceLoader.cpp:
            (WebCore::SubresourceLoader::willSendRequest):
            (WebCore::SubresourceLoader::didReceiveResponse):
            * loader/cache/CachedImage.cpp:
            (WebCore::CachedImage::mustRevalidateDueToCacheHeaders):
            * loader/cache/CachedImage.h:
            * loader/cache/CachedResource.cpp:
            (WebCore::CachedResource::failBeforeStarting):
            (WebCore::CachedResource::mustRevalidateDueToCacheHeaders):
            * loader/cache/CachedResource.h:
            (WebCore::CachedResource::loader):
            * loader/cache/CachedResourceLoader.cpp:
            (WebCore::CachedResourceLoader::determineRevalidationPolicy):
            * platform/FeatureCounterKeys.h:

2015-01-27  Lucas Forschler  <lforschler@apple.com>

        Merge r177455

    2014-12-17  Chris Dumez  <cdumez@apple.com>

            [iOS] Make it possible to toggle FeatureCounter support at runtime
            https://bugs.webkit.org/show_bug.cgi?id=139688
            <rdar://problem/19266254>

            Reviewed by Andreas Kling.

            Make it possible to toggle FeatureCounter support at runtime by adding
            a setting (disabled by default) and moving the API to a new
            FeatureCounter class under WebCore/plattorm which only logs if the
            setting is enabled. For privacy reasons, FeatureCounter logging is also
            disabled for private / ephemeral sessions.

            No new tests, no behavior change.

            * CMakeLists.txt:
            * Configurations/WebCore.xcconfig:
            * WebCore.vcxproj/WebCore.vcxproj:
            * WebCore.vcxproj/WebCore.vcxproj.filters:
            * WebCore.xcodeproj/project.pbxproj:
            * history/PageCache.cpp:
            (WebCore::logCanCacheFrameDecision):
            (WebCore::logCanCachePageDecision):
            * page/Settings.in:
            * platform/FeatureCounter.cpp: Renamed from Source/WTF/wtf/FeatureCounter.cpp.
            (WebCore::FeatureCounter::shouldUseForPage):
            (WebCore::FeatureCounter::incrementKey):
            (WebCore::FeatureCounter::setKey):
            * platform/FeatureCounter.h: Renamed from Source/WTF/wtf/FeatureCounter.h.
            * platform/FeatureCounterKeys.h:
            * platform/ios/FeatureCounter.mm: Renamed from Source/WTF/wtf/ios/FeatureCounter.mm.
            (WebCore::FeatureCounter::incrementKey):
            (WebCore::FeatureCounter::setKey):

2015-01-26  Lucas Forschler  <lforschler@apple.com>

        Merge r177328

    2014-12-15  Chris Dumez  <cdumez@apple.com>

            [iOS] Add feature counting support
            https://bugs.webkit.org/show_bug.cgi?id=139652
            <rdar://problem/19255690>

            Reviewed by Gavin Barraclough.

            Use FeatureCounter API to log PageCache failure reasons
            as well as its success rate.

            No new tests, no behavior change.

            * history/PageCache.cpp:
            (WebCore::logCanCacheFrameDecision):
            (WebCore::logCanCachePageDecision):
            (WebCore::PageCache::canCache):
            * platform/FeatureCounterKeys.h: Added.

2015-01-26  David Kilzer  <ddkilzer@apple.com>

        Merge r177927.

    2015-01-05  Chris Dumez  <cdumez@apple.com>

        Regression(r163928): Animated images are not resumed on window resizing
        https://bugs.webkit.org/show_bug.cgi?id=139714
        <rdar://problem/18855285>

        Reviewed by Darin Adler.

        After r163928, animated images were not resumed if they became visible
        after resizing the window. This patch calls resumes animated images if
        necessary in FrameView::setFrameRect() to handle this case properly.

        Tests: fast/images/animated-gif-window-resizing.html
               fast/images/animated-gif-zooming.html

        * page/FrameView.cpp:
        (WebCore::FrameView::setFrameRect):

2015-01-26  David Kilzer  <ddkilzer@apple.com>

        Merge r177404.

    2014-12-16  Myles C. Maxfield  <mmaxfield@apple.com>

        [iOS] Cherokee language is drawn as boxes
        https://bugs.webkit.org/show_bug.cgi?id=139706

        Reviewed by Simon Fraser.

        Test: platform/ios-simulator/fast/text/cherokee.html

        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::languageSpecificFallbackFont):

2015-01-26  David Kilzer  <ddkilzer@apple.com>

        Merge r177398.

    2014-12-16  Myles C. Maxfield  <mmaxfield@apple.com>

        Ruby overhang uses ints instead of floats
        https://bugs.webkit.org/show_bug.cgi?id=139624

        Reviewed by Dave Hyatt.

        Simply change the type.

        Updated existing tests.

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::setMarginsForRubyRun):
        * rendering/RenderRubyRun.cpp:
        (WebCore::RenderRubyRun::getOverhang):
        * rendering/RenderRubyRun.h:
        * rendering/line/LineWidth.cpp:
        (WebCore::LineWidth::applyOverhang):

2015-01-26  David Kilzer  <ddkilzer@apple.com>

        Merge r177377.

    2014-12-16  Myles C. Maxfield  <litherum@gmail.com>

        Ruby does not preserve expansion opportunities from enclosing context
        https://bugs.webkit.org/show_bug.cgi?id=139618

        Reviewed by David Hyatt.

        There is currently no sharing of expansion opportunity information between
        ruby bases and the text surrounding the ruby. This patch adds a bit on
        RenderText, m_contentIsKnownToFollow, which affects how expansion
        opportunities are handled at paint-time, as well as a bit on RenderRubyBase,
        m_isAfterExpansion, which affects how expansions are calculated when laying
        out a line. This patch also adds a field to RenderRubyBase which represents
        the base's starting position within a ruby. This field is necessary because
        an expansion from a line might occur at the very beginning of a ruby base,
        so we have to remember some state from expansion time to RenderRubyBase
        layout time.

        Added more tests to fast/ruby/ruby-justification.html.

        * rendering/InlineBox.h:
        (WebCore::InlineBox::setExpansionWithoutGrowing):
        (WebCore::InlineBox::expansion):
        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::removeChild): Keep the bit on InlineTextBox up to
        date.
        (WebCore::InlineFlowBox::placeBoxRangeInInlineDirection): Set expansion
        information in InlineFlowBoxes so the total expansion for a whole line
        is held in the RootInlineBox's expansion.
        * rendering/InlineTextBox.h:
        (WebCore::InlineTextBox::expansionBehavior):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::updateRubyForJustifiedText):
        updateRubyForJustifiedText() had a bunch of problems with it. First of all,
        it didn't actually set the InlineBoxes as dirty, so the second layout pass
        sometimes wouldn't perform any updates. Secondarily, it didn't take
        overhangs into account. Thirdly, it didn't mark the ruby base and text as
        needing layout so that subsequent layouts would actually traverse into them.
        (WebCore::RenderBlockFlow::computeExpansionForJustifiedText):
        (WebCore::RenderBlockFlow::computeInlineDirectionPositionsForSegment):
        This nested if triangle is super nasty, but I'm not sure of a better way to
        write it.
        (WebCore::updateRubyForJustifiedText): Deleted.
        (WebCore::computeExpansionForJustifiedText): Deleted.
        * rendering/RenderRubyBase.cpp:
        (WebCore::RenderRubyBase::RenderRubyBase):
        (WebCore::RenderRubyBase::adjustInlineDirectionLineBounds):
        * rendering/RenderRubyBase.h:
        * rendering/RenderRubyRun.cpp:
        (WebCore::RenderRubyRun::layout):
        * rendering/RenderText.cpp:
        (WebCore::RenderText::RenderText):
        * rendering/RenderText.h:
        (WebCore::RenderText::contentIsKnownToFollow):
        (WebCore::RenderText::setContentIsKnownToFollow):

2015-01-26  David Kilzer  <ddkilzer@apple.com>

        Merge r177360.

    2014-12-16  Chris Dumez  <cdumez@apple.com>

        REGRESSION (r163928): Animated GIFs are not resumed when translated into view using -webkit-transform
        https://bugs.webkit.org/show_bug.cgi?id=139672
        <rdar://problem/19260797>

        Reviewed by Antti Koivisto.

        After r163928, animated GIFs were not resumed when translated into view
        using '-webkit-transform' CSS property.

        This broke animated gifs on the mobile version of weibo.com (which is
        one of the most popular blogging sites in China) on iPhone. e.g.
        http://m.weibo.cn/page/tpl?containerid=1005052150182731_-_WEIBO_SECOND_PROFILE_WEIBO&itemid=&title=全部微博

        This patch calls FrameView::resumeVisibleImageAnimationsIncludingSubframes()
        after style recalc so that we resume animated images if they become visible
        after the style has changed. Doing so after layout wouldn't work because
        no layout happens in this case.

        Test: fast/images/animated-gif-webkit-transform.html

        * dom/Document.cpp:
        (WebCore::Document::recalcStyle):

2015-01-26  David Kilzer  <ddkilzer@apple.com>

        Merge r176384.

    2014-11-20  Antti Koivisto  <antti@apple.com>

        REGRESSION (r172854): Web Viewer in FileMaker does not render a Base64 encoded animated-GIF
        https://bugs.webkit.org/show_bug.cgi?id=138807
        <rdar://problem/18829540>

        Reviewed by Simon Fraser.

        Animation gets paused because WebKit thinks the GIF is outside of the view.

        * page/FrameView.cpp:
        (WebCore::FrameView::windowClipRect):

        We need to convert to window coordinates in paintsEntireContents mode too so these functions are consistent.
        This matters with some WK1 API clients.

2015-01-26  David Kilzer  <ddkilzer@apple.com>

        Merge r172854.

    2014-08-21  Antti Koivisto  <antti@apple.com>

        Animated GIFs scrolled out of view still cause titlebar blur to update, on tumblr.com page
        https://bugs.webkit.org/show_bug.cgi?id=136139

        Reviewed by Simon Fraser.

        The mechanism for pausing GIF images outside the viewport did not work for subframes.

        Test: fast/repaint/no-animation-outside-viewport-subframe.html

        * WebCore.exp.in:
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollPositionChanged):
        (WebCore::FrameView::resumeVisibleImageAnimationsIncludingSubframes):

            Add a function for resuming animations as needed in all subframes.
            This is used after scrolling instead of calling the RenderView function directly.

        * page/FrameView.h:
        * page/Page.cpp:
        (WebCore::Page::resumeAnimatingImages):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::newImageAnimationFrameAvailable):

            Determine the overall visible rect so that it is correct in subframes too.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollTo):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::resumePausedImageAnimationsIfNeeded):

2015-01-26  David Kilzer  <ddkilzer@apple.com>

        Merge r177135.

    2014-12-10  Chris Dumez  <cdumez@apple.com>

        http://omfgdogs.info/ only animates when you resize the window
        https://bugs.webkit.org/show_bug.cgi?id=139435
        <rdar://problem/19190493>

        Reviewed by Simon Fraser.

        After r163928, we would fail to animate a gif if:
        - it is used as a background image of a 0-height html element
        - it is used as a background image of a 0-height body element whose
          background is delegated to the root (because the root has no
          background).

        This is because in such cases, shouldRepaintForImageAnimation()
        should use the background rect instead of the renderer's overflow
        rect to determine if the image is inside the viewport. Both cases
        are addressed in this patch.

        Tests: fast/images/animated-gif-body-delegated-background-image.html
               fast/images/animated-gif-body-outside-viewport.html
               fast/images/animated-gif-html-background-image.html

        * rendering/RenderElement.cpp:
        (WebCore::shouldRepaintForImageAnimation):
        * testing/Internals.cpp:
        (WebCore::Internals::hasPausedImageAnimations):
        * testing/Internals.h:
        * testing/Internals.idl:

2015-01-26  David Kilzer  <ddkilzer@apple.com>

        Merge r177292.

    2014-12-15  Myles C. Maxfield  <mmaxfield@apple.com>

        [iOS] Codepoints not associated with languages are drawn as boxes
        https://bugs.webkit.org/show_bug.cgi?id=138906

        Reviewed by Darin Adler.

        Use SPI CTFontCreateForCharacters(), but only if we don't already know what to do
        with the characters.

        Test: platform/ios-simulator/fast/text/non-language-font-fallback.html

        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::FontCache::systemFallbackForCharacters):
        * platform/spi/cocoa/CoreTextSPI.h:

2015-01-25  David Kilzer  <ddkilzer@apple.com>

        Merge r177449.

    2014-12-17  Myles C. Maxfield  <mmaxfield@apple.com>

        Test fix after r177444.

        Unreviewed.

        * accessibility/AccessibilitySlider.cpp:
        (WebCore::AccessibilitySliderThumb::elementRect):

2015-01-25  David Kilzer  <ddkilzer@apple.com>

        Merge r177444.

    2014-12-16  Myles C. Maxfield  <mmaxfield@apple.com>

        Addressing more post-review comments in r177035

        * accessibility/AccessibilitySlider.cpp:
        (WebCore::AccessibilitySliderThumb::elementRect):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::setupDateTimeChooserParameters):

2015-01-25  David Kilzer  <ddkilzer@apple.com>

        Merge r177306.

    2014-12-15  Myles C. Maxfield  <mmaxfield@apple.com>

        Unreviewed build fix after r177301

        * html/ColorInputType.cpp:
        (WebCore::ColorInputType::elementRectRelativeToRootView):

2015-01-25  David Kilzer  <ddkilzer@apple.com>

        Merge r177301.

        * html/shadow/TextControlInnerElements.cpp:
        (WebCore::InputFieldSpeechButtonElement::startSpeechInput):

    2014-12-15  Myles C. Maxfield  <mmaxfield@apple.com>

        Addressing post-review comments in r177035
        https://bugs.webkit.org/show_bug.cgi?id=139557

        Reviewed by Darin Adler.

        This patch deletes the helper functions rendererBoundingBox() and rendererAnchorRect() and
        migrates callers to using renderers directly.

        It also improves the comment in RenderElement.h regarding RenderElement::anchorRect().

        No new tests because this is simply refactoring.

        * WebCore.exp.in: Delete exported symbol for rendererBoundingBox()
        * accessibility/AccessibilitySlider.cpp:
        (WebCore::AccessibilitySliderThumb::elementRect): Migrate off rendererBoundingBox()
        * dom/ContainerNode.cpp:
        (WebCore::rendererAnchorRect): Deleted.
        * dom/ContainerNode.h:
        * dom/Node.cpp:
        (WebCore::rendererBoundingBox): Deleted.
        * dom/Node.h:
        * html/ColorInputType.cpp:
        (WebCore::ColorInputType::elementRectRelativeToRootView): Migrate off rendererBoundingBox().
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::setupDateTimeChooserParameters): Ditto.
        * html/ValidationMessage.cpp:
        (WebCore::ValidationMessage::buildBubbleTree): Ditto.
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollElementToRect): Migrate off rendererAnchorRect().
        (WebCore::FrameView::scrollToAnchor): Ditto.
        * page/SpatialNavigation.cpp:
        (WebCore::nodeRectInAbsoluteCoordinates): Migrate off rendererBoundingBox().
        * rendering/RenderElement.h:

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r177050.

    2014-12-09  Myles C. Maxfield  <mmaxfield@apple.com>

        Scrolling to anchor tags does nothing in vertical-rl writing mode
        https://bugs.webkit.org/show_bug.cgi?id=137838

        Reviewed by David Hyatt.

        Scroll to a particular tag, and make sure the viewport is rendered as expected.

        Tests: fast/events/scroll-to-anchor-vertical-lr-writing-mode.html
               fast/events/scroll-to-anchor-vertical-writing-mode-contained-2.html
               fast/events/scroll-to-anchor-vertical-writing-mode-contained.html
               fast/events/scroll-to-anchor-vertical-writing-mode.html

        * page/FrameView.cpp:
        (WebCore::FrameView::scrollToAnchor):
        * rendering/ScrollBehavior.cpp:
        * rendering/ScrollBehavior.h:

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r177041.

        Already fixed by previous merge.

    2014-12-09  Myles C. Maxfield  <mmaxfield@apple.com>

        Fix iOS build after r177035.

        Unreviewed.

        I accidentally added my line to WebCore.exp.in inside an
        #IF PLATFORM(MAC) block.

        * WebCore.exp.in:

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r177035.

    2014-12-09  Myles C. Maxfield  <mmaxfield@apple.com>

        Delete Node::boundingBox()
        https://bugs.webkit.org/show_bug.cgi?id=139333

        Conceptually, boundingBox() should be on RenderInline. In addition,
        Node::boundingBox() is completely broken for inline elements: it
        makes a rect from the top left of the first inline child to the
        bottom right of the last inline child, disregarding the intermediate
        inline children. This breaks with vertical text and with line
        breaks.

        What makes this problem worse is that some functions actually rely
        on this bad behavior. These functions are functions that use the
        Node's so-called "bounding box" to scroll to an anchor tag.

        This patch goes through all the call sites of Node::boundingBox(),
        and segregates them into calls that expect the true bounding box
        and calls that need this false bounding box. This patch then moves
        this false bounding box into RenderElement, using the name
        anchorRect(). Callers what want the correct bounding box have been
        updated to use RenderElement::absoluteBoundingBoxRect().

        Reviewed by Zalan Bujtas.

        No new tests because there should be no behavior change.

        * accessibility/AccessibilitySlider.cpp:
        (WebCore::AccessibilitySliderThumb::elementRect): Use
        RenderObject::absoluteBoundingBoxRect()
        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::getUpperLeftCorner): Deleted.
        (WebCore::ContainerNode::getLowerRightCorner): Deleted.
        (WebCore::ContainerNode::boundingBox): Deleted.
        * dom/ContainerNode.h:
        * dom/Element.cpp:
        (WebCore::Element::scrollIntoView): Use RenderElement::anchorRect().
        (WebCore::Element::scrollIntoViewIfNeeded): Ditto.
        (WebCore::Element::updateFocusAppearance): Ditto.
        * dom/Node.cpp:
        (WebCore::Node::boundingBox): Deleted.
        * dom/Node.h:
        (WebCore::Node::pixelSnappedBoundingBox): Deleted.
        * html/ColorInputType.cpp:
        (WebCore::ColorInputType::elementRectRelativeToRootView): Use
        RenderObject::absoluteBoundingBoxRect()
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::setupDateTimeChooserParameters): Ditto.
        * html/ValidationMessage.cpp:
        (WebCore::ValidationMessage::buildBubbleTree): Ditto.
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollElementToRect): Use
        RenderElement::anchorRect().
        (WebCore::FrameView::scrollToAnchor): Ditto.
        * page/SpatialNavigation.cpp:
        (WebCore::nodeRectInAbsoluteCoordinates): Use
        RenderObject::absoluteBoundingBoxRect()
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::getUpperLeftCorner): Moved from ContainerNode.
        (WebCore::RenderElement::getLowerRightCorner): Moved from
        ContainerNode.
        (WebCore::RenderElement::anchorRect): Moved from ContainerNode.
        * rendering/RenderObject.h:
        * rendering/RenderText.cpp:
        (WebCore::RenderText::topOfFirstText): Helper for
        RenderElement::anchorRect()
        * rendering/RenderText.h:

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r176725.

    2014-12-03  Jer Noble  <jer.noble@apple.com>

        [Mac] Hang when calling -[AVAsset resolvedURL].
        https://bugs.webkit.org/show_bug.cgi?id=139223

        Reviewed by Eric Carlson.

        On a particularly slow-loading site, a call to -[AVAsset resolvedURL] can take an arbitrarily long
        time. Treat this AVAsset property similar to other "metadata" properties, and check the load status
        of the property before requesting it.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin): Check the load state of -resolvedURL.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::resolvedURL): Ditto.
        (WebCore::assetMetadataKeyNames): Add @"resolvedURL".

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge 'resolvedURL' changes from r176108.

        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::resolvedURL): Add.
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::resolvedURL): Add.

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r176475.

    2014-11-21  Jer Noble  <jer.noble@apple.com>

        [Mac] Delay of 1-2s after the first paint of a video frame.
        https://bugs.webkit.org/show_bug.cgi?id=138979

        Reviewed by Eric Carlson.

        Only bother waiting for a signal that a new image is ready when the image isn't ready in the first place.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::paintWithVideoOutput):

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r175251.

    2014-10-28  Jer Noble  <jer.noble@apple.com>

        [Mac] The first software paint of a <video> element takes up to 2.5s.
        https://bugs.webkit.org/show_bug.cgi?id=137754

        Reviewed by Brent Fulgham.

        It turns out that, if you pass nil to -[AVPlayerItemVideoOutput initWithPixelBufferAttributes:]
        the video output will not attempt to conform the resulting pixel buffers into a particular format.
        This means that adding such a video output to a AVPlayerItem should have almost no performance
        penalty, since the video output does not even copy the resulting buffers, but rather just retains
        and returns the ones from the AVPlayerLayer.

        Create and attach an AVPlayerItemVideoOutput after creating the AVPlayerItem, but before attaching
        the player item to the AVPlayer. This eliminates the reconfigure step which occurs after attaching
        a video output to an already attached AVPlayerItem.

        When creating the AVPlayerItemVideoOutput, pass in `nil` for the pixelBufferAttributes parameter.

        Instead of blocking waiting for output from the AVPlayerItemVideoOutput during creating, block and
        whait when asked to paint with the video output.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoLayer):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoOutput):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::paintWithVideoOutput):

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r176321.

    2014-11-19  Chris Fleizach  <cfleizach@apple.com>

        AX: Safari fails to load a web page with VoiceOver
        https://bugs.webkit.org/show_bug.cgi?id=138849

        Reviewed by Mario Sanchez Prada.

        Sometimes an inlineElementContinuation will continue to an inline RenderBlock, so we case this incorrectly and bad things happen.

        Test: accessibility/inline-block-assertion.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::startOfContinuations):

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r176262.

    2014-11-17  David Hyatt  <hyatt@apple.com>

        Improve Ruby selection (getting rid of overlap and improving gap filling)
        https://bugs.webkit.org/show_bug.cgi?id=138250

        Reviewed by Dean Jackson.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::selectionGaps):
        (WebCore::RenderBlock::blockSelectionGaps):
        Add Ruby text in along with the Ruby base.

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::inlineSelectionGaps):
        Don't let block gaps get filled in here.

        * rendering/RenderRubyBase.h:
        Expose accessor to the ruby run.

        * rendering/RenderRubyText.cpp:
        (WebCore::RenderRubyText::rubyRun):
        * rendering/RenderRubyText.h:
        Add accessor to the ruby run.

        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::selectionTop):
        (WebCore::RootInlineBox::selectionBottom):
        Improve selectionTop and selectionBottom of ruby bases to avoid the
        ruby text. Improve the selectionTop and selectionBottom of ruby texts
        to fill the gap up to the previous/next line as appropriate.

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r175260.

    2014-10-28  David Hyatt  <hyatt@apple.com>

        Selection gap painting is ugly for ruby bases.
        https://bugs.webkit.org/show_bug.cgi?id=138136

        Reviewed by Dean Jackson.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::selectionGaps):
        For ruby bases don't fill to the end of the block (in the block direction),
        since ideographic baselines push that end below the text baseline.

        (WebCore::RenderBlock::blockSelectionGaps):
        * rendering/RenderBlockFlow.cpp:
        Skip ruby bases for block selection gap filling.

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r175976.

    2014-11-11  Eric Carlson  <eric.carlson@apple.com>

        [iOS] cleanup wireless route monitoring
        https://bugs.webkit.org/show_bug.cgi?id=138614

        Reviewed by Jer Noble.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::clearMediaPlayer): Add logging.
        (WebCore::HTMLMediaElement::removeEventListener): Ditto.
        (WebCore::HTMLMediaElement::createMediaPlayer): Ditto.

        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (WebCore::MediaSessionManageriOS::resetRestrictions): Add logging.
        (WebCore::MediaSessionManageriOS::configureWireLessTargetMonitoring): Ditto.
        (WebCore::MediaSessionManageriOS::updateNowPlayingInfo): Ditto.
        (-[WebMediaSessionHelper initWithCallback:]): Ditto.
        (-[WebMediaSessionHelper dealloc]): Always deallocate volume view and routing controller
            on the main thread.
        (-[WebMediaSessionHelper clearCallback]): Add logging.
        (-[WebMediaSessionHelper hasWirelessTargetsAvailable]): Ditto.
        (-[WebMediaSessionHelper startMonitoringAirPlayRoutes]): Always call routing controller on
            the main thread.
        (-[WebMediaSessionHelper stopMonitoringAirPlayRoutes]): Ditto.
        (-[WebMediaSessionHelper interruption:]): Add logging.
        (-[WebMediaSessionHelper applicationWillEnterForeground:]): Ditto.
        (-[WebMediaSessionHelper applicationDidBecomeActive:]): Ditto.
        (-[WebMediaSessionHelper applicationWillResignActive:]): Ditto.
        (-[WebMediaSessionHelper wirelessRoutesAvailableDidChange:]): Ditto.

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r175585.

    2014-11-04  Reza Abbasian  <rabbasian@apple.com>

        [iOS] Fix incorrect interface orientation that can be caused by fullscreen video dismissal.
        https://bugs.webkit.org/show_bug.cgi?id=137930.

        Reviewed by Jer Noble.

        When a fullscreen video gets dismissed programmatically, for instance for removing
        a webview from the view hierarchy, it can put the device in an incorrect orientation.
        Make sure we retain the window of parentView when we attempt to go to fullscreen and use
        the retained window for putting the device in correct orientation after dismissal.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::setupFullscreen):
        (WebVideoFullscreenInterfaceAVKit::cleanupFullscreen):
        (WebVideoFullscreenInterfaceAVKit::invalidate):

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r174860.

    2014-10-18  Chris Fleizach  <cfleizach@apple.com>

        AX: Tables with <colgroups> are not reporting table column headers
        https://bugs.webkit.org/show_bug.cgi?id=137846

        Reviewed by Mario Sanchez Prada.

        The code to search for header objects was getting stuck on anonymous RenderTableSections.
        We also need to check more rows for headers, in case the first row or more is not visible or is empty.

        Test: accessibility/table-column-headers-with-captions.html

        * accessibility/AccessibilityTableColumn.cpp:
        (WebCore::AccessibilityTableColumn::headerObject):
        (WebCore::AccessibilityTableColumn::headerObjectForSection):

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r175085.

    2014-10-22  Simon Fraser  <simon.fraser@apple.com>

        [iOS] Toggling overflow:scroll to hidden on element with -webkit-overflow-scrolling:touch can cause children to disappear
        https://bugs.webkit.org/show_bug.cgi?id=137999
        rdar://problem/18425550

        Reviewed by Zalan Bujtas.
        
        When toggling overflow from scroll to hidden on an element with -webkit-overflow-scrolling:touch,
        we'd fail to do a compositing layer rebuild, which caused various issues like unparented
        descendants, and misplaced and unrepainted content.
        
        This happened because we'd get to RenderLayerBacking::updateConfiguration() via styleChanged
        with the view needing layout, so never hit the updateScrollingLayers() code, and the subsequent
        updateCompositingLayers() would be a no-op.
        
        Fix by explicitly triggering a layer rebuild when style changes such that the touch-scrollability
        of an element changes, as we do for changes in clip.

        Test: compositing/scrolling/touch-scroll-to-clip.html

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::isScrollableOverflow):
        (WebCore::styleHasTouchScrolling):
        (WebCore::styleChangeRequiresLayerRebuild):

2015-01-24  David Kilzer  <ddkilzer@apple.com>

        Merge r174356.

    2014-10-06  Simon Fraser  <simon.fraser@apple.com>

        Some compositing logic cleanup
        https://bugs.webkit.org/show_bug.cgi?id=133060

        Reviewed by Zalan Bujtas.

        Move compositing-related code from RenderLayer::styleChanged() to
        RenderLayerCompositor::layerStyleChanged(). Combine various tests
        (many clip-related) for changes that require layer rebuilding into 
        styleChangeRequiresLayerRebuild().
        
        Remove code that calls setBackingNeedsRepaint() after filters change
        between being composited or not; I verified that existing "repaint after
        style change" code takes care those repaints.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):
        (WebCore::RenderLayer::checkIfDescendantClippingContextNeedsUpdate): Deleted.
        * rendering/RenderLayer.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::checkIfDescendantClippingContextNeedsUpdate):
        (WebCore::styleChangeRequiresLayerRebuild):
        (WebCore::RenderLayerCompositor::layerStyleChanged):
        * rendering/RenderLayerCompositor.h:

2015-01-23  Pratik Solanki  <psolanki@apple.com>

        <rdar://problem/19564738> Stowe: CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::SharedBuffer::createPurgeableBuffer const + 14

        Reviewed by David Kilzer.

        Speculative fix for the above crash. The current theory is that a timer is being fired for a
        CachedResource that has been freed. Add a marker field in CachedResource to do an early
        return from CachedResource::makePurgeable() when this happens.

        No new tests because I can't reproduce the crash.

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::~CachedResource):
        (WebCore::CachedResource::makePurgeable):
        * loader/cache/CachedResource.h:

2015-01-23  Lucas Forschler  <lforschler@apple.com>

        Build fix after r179028, r179030, r179031, r179032. 

        Reviewed by Dana Burkart.

        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::WidthIterator):
        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::ComplexTextController::ComplexTextController):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::computeInlineDirectionPositionsForSegment):

2015-01-23  Lucas Forschler  <lforschler@apple.com>

        Merge r174489

    2014-10-08  Myles C. Maxfield  <litherum@gmail.com>

            Inline ruby does not get justified correctly
            https://bugs.webkit.org/show_bug.cgi?id=137421

            Reviewed by Dave Hyatt.

            We justify text in two passes: one counts expansion opportunities within a line,
            and the other doles out widths and expansion amounts to constituent inline boxes.
            This patch simply modifies both passes to descend into ruby bases. Once it has
            done so, we then re-layout the ruby run with the newly found width.

            Tests: fast/ruby/ruby-justification-hittest.html
                   fast/ruby/ruby-justification.html

            * rendering/InlineBox.h:
            (WebCore::InlineBox::setExpansion): updateRubyForJustifiedText() has to set the
            expansion for an inline box, so make setExpansion() public.
            * rendering/RenderBlockLineLayout.cpp:
            (WebCore::updateRubyForJustifiedText): Given values that have already been
            computed in computeInlineDirectionPositionsForSegment(), adjust the widths and
            expansion values for all the various pieces of ruby.
            (WebCore::computeExpansionForJustifiedText): Call updateRubyForJustifiedText() if
            necessary.
            (WebCore::RenderBlockFlow::computeInlineDirectionPositionsForSegment): When
            counting expansion opportunities in a line, include ruby bases.
            * rendering/RenderRubyRun.h: Fix grammar in comment.
            * rendering/RenderText.cpp:
            (WebCore::RenderText::stringView): Give default arguments to function.
            * rendering/RenderText.h: Ditto.

2015-01-23  Lucas Forschler  <lforschler@apple.com>

        Merge r174373

    2014-10-06  Myles C. Maxfield  <mmaxfield@apple.com>

            Addressing post-review comment on r174297.
            https://bugs.webkit.org/show_bug.cgi?id=137355

            Unreviewed.

            * rendering/RenderText.cpp:
            (WebCore::RenderText::stringView):

2015-01-23  Lucas Forschler  <lforschler@apple.com>

        Merge r174297

    2014-10-03  Myles C. Maxfield  <mmaxfield@apple.com>

            Clean up interface to Font::expansionOpportunityCount()
            https://bugs.webkit.org/show_bug.cgi?id=137355

            Reviewed by Dean Jackson.

            There are two overloads of Font::expansionOpportunityCount() which perform the same
            operation. One overload takes a UChar*, the other takes an LChar*, and they both
            take a length. This is the abstraction that StringView was designed to be. Instead
            of forcing each caller to take a different overload based on if their data is
            8 bit or not, allow the caller to construct a StringView and pass that into
            Font::expansionOpportunityCount() instead of a raw pointer/length.

            No new tests because there is no behavior change.

            * platform/graphics/Font.cpp:
            (WebCore::Font::expansionOpportunityCountInternal): Original two functions,
            renamed.
            (WebCore::Font::expansionOpportunityCount): Takes a StringView, calls 
            expansionOpportunityCountInternal().
            * platform/graphics/Font.h: Update signatures.
            * platform/graphics/WidthIterator.cpp:
            (WebCore::WidthIterator::WidthIterator): Use new signature to
            Font::expansionOpportunityCount().
            * platform/graphics/mac/ComplexTextController.cpp:
            (WebCore::ComplexTextController::ComplexTextController): Ditto.
            * rendering/RenderBlockLineLayout.cpp:
            (WebCore::RenderBlockFlow::computeInlineDirectionPositionsForSegment): Ditto.
            * rendering/RenderText.cpp:
            (WebCore::RenderText::stringView): Accessor to encapsulate character pointer
            and length.
            * rendering/RenderText.h: Signature of new accessor.

2015-01-23  Lucas Forschler  <lforschler@apple.com>

        Merge r174233

    2014-10-01  Myles C. Maxfield  <mmaxfield@apple.com>

            [Subpixel] Use floats instead of ints for text justification expansion
            https://bugs.webkit.org/show_bug.cgi?id=137327

            Reviewed by Zalan Bujtas.

            Use a float instead of an int for the expansion variable in InlineBox. The int was inside an inner class
            that held a collection of bitfields, and this patch removes that inner-inner variable.

            No new tests because there is plenty of existing coverage and existing tests are rebaselined.

            * rendering/InlineBox.cpp: Update static_assert for the size of InlineBox.
            * rendering/InlineBox.h: Use a float for the justification expansion amount instead of an int bitfield.
            (WebCore::InlineBox::InlineBoxBitfields::InlineBoxBitfields): Remove int bitfield.
            (WebCore::InlineBox::InlineBox): Initialize float expansion.
            (WebCore::InlineBox::expansion): Return a float.
            (WebCore::InlineBox::setExpansion): Take a float.
            (WebCore::InlineBox::InlineBoxBitfields::expansion): Deleted. Moved to InlineBox.
            (WebCore::InlineBox::InlineBoxBitfields::setExpansion): Deleted. Ditto.
            * rendering/InlineTextBox.h:
            (WebCore::InlineTextBox::setExpansion): Take a float.

2015-01-22  David Kilzer  <ddkilzer@apple.com>

        Merge r174250.

    2014-10-02  Andy Estes  <aestes@apple.com>

        [iOS] Create an SPI wrapper for _UIHighlightView and use it in WKContentView
        https://bugs.webkit.org/show_bug.cgi?id=137370

        Reviewed by Tim Horton.

        Added _UIHighlightViewSPI.h. When building against the internal SDK it imports <UIKit/_UIHighlightView.h>. Otherwise, it redeclares the SPI we use in WebKit2.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/spi/ios/_UIHighlightViewSPI.h: Added.

2015-01-22  David Kilzer  <ddkilzer@apple.com>

        Merge r173741.

    2014-09-18  Jeremy Jones  <jeremyj@apple.com>

        Improve fullscreen video rotation animation.
        https://bugs.webkit.org/show_bug.cgi?id=136870

        Reviewed by Simon Fraser.

        Instead of setting the frame on the video layer, set position and bounds separately. This allows the position to be synchronized with the rest of the animation.
        When using a fencePort to synchronize animations, if the fence times out, pivoting around the center provides a better fallback.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVVideoLayer setVideoSublayer:]): added
        (-[WebAVVideoLayer videoSublayer]): added
        (-[WebAVVideoLayer setBounds:]):  set position and bounds insted of frame.
        (WebVideoFullscreenInterfaceAVKit::setupFullscreen): use setVideoSublayer
        * platform/ios/WebVideoFullscreenModelVideoElement.mm:
        (WebVideoFullscreenModelVideoElement::setVideoFullscreenLayer): set bounds and anchorPoint instead of frame
        (WebVideoFullscreenModelVideoElement::setVideoLayerFrame): set bounds instead of frame.

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r178072.

    2015-01-07  Enrica Casucci  <enrica@apple.com>

            Can't copy URL for images and paste it into plain text fields.
            https://bugs.webkit.org/show_bug.cgi?id=140230
            rdar://problem/18736680

            Reviewed by Dan Bernstein.

            The incorrect objective C type was being written to the pasteboard.

            * platform/ios/PlatformPasteboardIOS.mm:
            (WebCore::PlatformPasteboard::write):

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r177000.

    2014-12-08  Dean Jackson  <dino@apple.com>

            [Apple] Use Accelerate framework to speed-up FEGaussianBlur
            https://bugs.webkit.org/show_bug.cgi?id=139310
            <rdar://problem/18434594>

            Reviewed by Simon Fraser.

            Using Apple's Accelerate framework provides faster blurs
            than the parallel jobs approach, especially since r168577
            which started performing retina-accurate filters.

            Using Accelerate.framework to replace the existing box blur (what
            we use to approximate Gaussian blurs) gets about a 20% speedup on
            desktop class machines, but between a 2x-6x speedup on iOS hardware.
            Obviously this depends on the size of the content being blurred,
            but it is still good.

            The change is to intercept the platformApply function on
            FEGaussianBlur and send it off to Accelerate.

            There is an interactive performance test: PerformanceTests/Interactive/blur-filter-timing.html

            * platform/graphics/filters/FEGaussianBlur.cpp:
            (WebCore::kernelPosition): Move this to a file static function from the .h.
            (WebCore::accelerateBoxBlur): The Accelerate implementation.
            (WebCore::standardBoxBlur): The default generic/standard implementation.
            (WebCore::FEGaussianBlur::platformApplyGeneric): Use accelerate or the default form.
            (WebCore::FEGaussianBlur::platformApply): Don't try the parallelJobs approach if Accelerate is available.
            * platform/graphics/filters/FEGaussianBlur.h:
            (WebCore::FEGaussianBlur::kernelPosition): Deleted. Move into the .cpp.

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r176977.

    2014-12-08  Eric Carlson  <eric.carlson@apple.com>

            [iOS] YouTube plug-in replacement should support partial urls
            https://bugs.webkit.org/show_bug.cgi?id=139400

            Reviewed by Alexey Proskuryakov.

            * Modules/plugins/YouTubePluginReplacement.cpp:
            (WebCore::YouTubePluginReplacement::youTubeURL): Call Document::completeURL.

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r176971.

    2014-12-08  Myles C. Maxfield  <mmaxfield@apple.com>

            [iOS] Narrow non-breaking space does not fall back to a correct font
            https://bugs.webkit.org/show_bug.cgi?id=139335

            Reviewed by Enrica Casucci.

            Test: fast/text/narrow-non-breaking-space.html

            * platform/graphics/ios/FontCacheIOS.mm:
            (WebCore::requiresCustomFallbackFont):
            (WebCore::FontCache::getCustomFallbackFont):

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r176948.

    2014-12-08  Chris Fleizach  <cfleizach@apple.com>

            AX: iOS: VoiceOver gets hung on some websites consistently.
            https://bugs.webkit.org/show_bug.cgi?id=139331

            Reviewed by Mario Sanchez Prada.

            iFrames are attachments on iOS, but they do not have attachment views. As a result, 
            WebCore would return incorrect information for the element count and index of children elements.

            No tests. Bug only manifests itself when iOS accessibility frameworks call into WebCore.

            * accessibility/AccessibilityMockObject.h:
            (WebCore::AccessibilityMockObject::isDetachedFromParent):
            * accessibility/AccessibilityObject.h:
            (WebCore::AccessibilityObject::isDetachedFromParent):
            * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
            (-[WebAccessibilityObjectWrapper accessibilityElementCount]):
            (-[WebAccessibilityObjectWrapper accessibilityElementAtIndex:]):
            (-[WebAccessibilityObjectWrapper indexOfAccessibilityElement:]):
            (-[WebAccessibilityObjectWrapper accessibilityContainer]):

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r176904.

    2014-12-05  Chris Fleizach  <cfleizach@apple.com>

            AX: I cannot activate links on the mobile version of news.google.com
            https://bugs.webkit.org/show_bug.cgi?id=139330

            Reviewed by Simon Fraser.

            This website only listens for touch events. VoiceOver normally dispatches click and mouse events,
            so on iOS this falls and VoiceOver is not able to activate anything.

            The solution here is to dispatch simulated touch down/up events.

            Test: platform/ios-simulator/ios-accessibility/press-fires-touch-events.html

            * accessibility/AccessibilityObject.cpp:
            (WebCore::AccessibilityObject::press):
            (WebCore::AccessibilityObject::dispatchTouchEvent):
            * accessibility/AccessibilityObject.h:
            (WebCore::AccessibilityObject::isDetachedFromParent):
            * page/EventHandler.h:
            * page/ios/EventHandlerIOS.mm:
            (WebCore::EventHandler::dispatchSimulatedTouchEvent):
            * platform/ios/PlatformEventFactoryIOS.h:
            * platform/ios/PlatformEventFactoryIOS.mm:
            (WebCore::PlatformTouchEventBuilder::PlatformTouchEventBuilder):
            (WebCore::PlatformEventFactory::createPlatformSimulatedTouchEvent):

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r176768.

    2014-12-03  Myles C. Maxfield  <mmaxfield@apple.com>

            List markers in RTL languages do not draw the first character.
            https://bugs.webkit.org/show_bug.cgi?id=139244

            Reviewed by Simon Fraser.

            Off-by-one error when reversing the string (from LTR to RTL)

            Test: fast/lists/rtl-marker.html

            * rendering/RenderListMarker.cpp:
            (WebCore::RenderListMarker::paint):

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r176734.

    2014-12-03  Jeremy Jones  <jeremyj@apple.com>

            Subtitle menu should only appear when useful.
            https://bugs.webkit.org/show_bug.cgi?id=139133

            Reviewed by Eric Carlson.

            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (-[WebAVPlayerController hasLegibleMediaSelectionOptions]): only enable when there are non default options.
            (-[WebAVPlayerController hasAudioMediaSelectionOptions]): only enable when there is more than one option.

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r176484.

    2014-11-21  Chris Fleizach  <cfleizach@apple.com>

            AX: com.apple.WebKit.WebContent crashed at WebCore: WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored const
            https://bugs.webkit.org/show_bug.cgi?id=138905

            Reviewed by Mario Sanchez Prada.

            The crash log indicates that m_renderer is null at the time we ask ancestorsOfType(). 
            This is more of a speculative fix, since I am not entirely sure m_renderer is null when we enter the method.

            Unable to determine cause of crash or how to reproduce on demand.

            * accessibility/AccessibilityRenderObject.cpp:
            (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored):

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r176471.

    2014-11-21  Eric Carlson  <eric.carlson@apple.com>

            [iOS] allocate volume view on the main thread
            https://bugs.webkit.org/show_bug.cgi?id=138971
            rdar://problem/18016958

            Reviewed by Jer Noble.

            * platform/audio/ios/MediaSessionManagerIOS.mm:
            (-[WebMediaSessionHelper allocateVolumeView]): New, dispatch to the main thread if necessary before allocating
                the volume view.
            (-[WebMediaSessionHelper initWithCallback:]): Call allocateVolumeView.

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r176447.

    2014-11-21  Chris Fleizach  <cfleizach@apple.com>

            AX: MathML expressions are misread by VoiceOver
            https://bugs.webkit.org/show_bug.cgi?id=138948

            Reviewed by Mario Sanchez Prada.

            The logic for deciding what's the radicand and an index was too tied to children placement.
            We should instead pull directly from the source.

            Test: platform/mac/accessibility/mathml-root.html

            * accessibility/AccessibilityRenderObject.cpp:
            (WebCore::AccessibilityRenderObject::mathRadicandObject):
            (WebCore::AccessibilityRenderObject::mathRootIndexObject):
            * rendering/mathml/RenderMathMLRoot.h:

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r176372.

    2014-11-19  Myles C. Maxfield  <mmaxfield@apple.com>

            [OS X] Upright vertical text is completely broken for multi-code-unit codepoints
            https://bugs.webkit.org/show_bug.cgi?id=138891

            Reviewed by Dan Bernstein.

            We were assuming that we can use the string index (in UTF-16) as the glyph
            index. This falls down when a single codepoint (and glyph) contians
            multiple code units.

            Test: platform/mac/fast/text/multiple-codeunit-vertical-upright.html

            * platform/graphics/GlyphPage.h:
            * platform/graphics/mac/GlyphPageTreeNodeMac.cpp:
            (WebCore::GlyphPage::fill):

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r176354.

    2014-11-19  David Hyatt  <hyatt@apple.com>

            Images/replaced elements that are as tall as a page should be on their own page
            https://bugs.webkit.org/show_bug.cgi?id=138886 - <rdar://problem/18296371>

            Reviewed by Dean Jackson.

            Added fast/multicol/tall-image-behavior.html (and RL/LR variants)

            * rendering/InlineFlowBox.cpp:
            (WebCore::InlineFlowBox::computeReplacedAndTextLineTopAndBottom):
            * rendering/InlineFlowBox.h:
            Add a new method that computes the line top and line bottom ignoring all margins,
            overflow and line-height. This allows us to see if a line that is taller than a page
            can be made to fit if we ignored margins and unused descent.

            * rendering/RenderBlockFlow.cpp:
            (WebCore::RenderBlockFlow::adjustLinePositionForPagination):
            Call the new helper function, computeReplacedAndTextLineTopAndBottom and push
            to a new page if we see that we can fit on a page by ourselves without blank space
            included.

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r176318.

    2014-11-19  Chris Fleizach  <cfleizach@apple.com>

            AX: Screen braille input doesn't work on forms.
            https://bugs.webkit.org/show_bug.cgi?id=138804

            Reviewed by Mario Sanchez Prada.

            Allow iOS to set values of text fields through the API.

            Test: platform/ios-sim/accessibility/set-value.html

            * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
            (-[WebAccessibilityObjectWrapper _accessibilitySetValue:]):

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r176285.

    2014-11-18  Myles C. Maxfield  <mmaxfield@apple.com>

            Multicolumn layout with negative line spacing and orphans causes pieces of letters to be shown at the bottom of columns
            https://bugs.webkit.org/show_bug.cgi?id=138204

            Reviewed by Dave Hyatt.

            This code is responsible for pushing block elements to the next column if
            the "orphans" CSS property is triggered. The mechanism by which this is
            achieved is to push the block down such that the origin of the block is
            at the origin of the next column. However, if there is negative line
            spacing, the top portion of the text might actually be on top of the
            origin of the block. Therefore, the block wasn't being pushed down enough
            to entirely contain its text, so the top pieces were being drawn on the
            previous column.

            Test: fast/multicol/orphans-negative-line-spacing.html

            * rendering/RenderBlockFlow.cpp:
            (WebCore::RenderBlockFlow::adjustLinePositionForPagination):

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r175818.

    2014-11-10  Simon Fraser  <simon.fraser@apple.com>

            [iOS WK2] Layers with negative z position disapear behind the page tiles
            https://bugs.webkit.org/show_bug.cgi?id=138571
            rdar://problem/18873480

            Reviewed by Dean Jackson.

            Some crufty iOS-only code in RenderLayerBacking::parentForSublayers() caused us to fail
            to use the m_childContainmentLayer as the ancestor for descendants, so layers with
            negative z position would get depth-sorted behind the tiles.

            Fix by removing that code.

            This should have been detected by compositing/tile-cache-must-flatten.html, but
            testing infrastructure suck prevented us from doing so.

            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::parentForSublayers):
            * rendering/RenderLayerBacking.h: Just some nullptr cleanup.

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r175812.

    2014-11-10  Eric Carlson  <eric.carlson@apple.com>

            [iOS] wireless playback placeholder UI doesn't always draw
            https://bugs.webkit.org/show_bug.cgi?id=138548

            While it is important to only listen for the 'webkitplaybacktargetavailabilitychanged' event
            when we are displaying inline controls because listening for it increases power consumption,
            we should always listen for the 'webkitcurrentplaybacktargetiswirelesschanged' event because
            it controls whether or not we draw the placeholder UI which is always visible during wireless
            playback.

            Reviewed by Brent Fulgham.

            * Modules/mediacontrols/mediaControlsiOS.js:
            (ControllerIOS.prototype.addVideoListeners): Always listen for the
                'webkitcurrentplaybacktargetiswirelesschanged' event.
            (ControllerIOS.prototype.removeVideoListeners): Always stop listening for the 
                'webkitcurrentplaybacktargetiswirelesschanged' event.
            (ControllerIOS.prototype.handleStartPlaybackButtonTouchEnd): Call updateControls so we update 
                the type of controls rendered and start listening for wireless target changes immediately.
            (ControllerIOS.prototype.setShouldListenForPlaybackTargetAvailabilityEvent): Don't start and stop 
                listening for 'webkitcurrentplaybacktargetiswirelesschanged', we should always listen for it.

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r175771.

    2014-11-07  Alexey Proskuryakov  <ap@apple.com>

            CSP is enforced for eval in report-only mode on first page load
            https://bugs.webkit.org/show_bug.cgi?id=138492
            rdar://problem/15782525

            Reviewed by Daniel Bates.

            This is covered by existing tests when running as one test per process invocation.

            * page/ContentSecurityPolicy.cpp:
            (WebCore::CSPDirectiveList::allowEval): Allow when in report only mode. The allowEval
            function itself needs to return false, because it's used in checkEvalAndReportViolation().
            (WebCore::CSPDirectiveList::allowJavaScriptURLs): Apply the same fix, although it's
            not changing the behavior - this function is never called with ContentSecurityPolicy::SuppressReport.
            (WebCore::CSPDirectiveList::allowInlineEventHandlers): Ditto.
            (WebCore::CSPDirectiveList::allowInlineScript): Ditto.
            (WebCore::CSPDirectiveList::allowInlineStyle): Ditto.
            (WebCore::CSPDirectiveList::allowPluginType): Ditto.
            (WebCore::CSPDirectiveList::allowScriptFromSource): Ditto.
            (WebCore::CSPDirectiveList::allowObjectFromSource): Ditto.
            (WebCore::CSPDirectiveList::allowChildFrameFromSource): Ditto.
            (WebCore::CSPDirectiveList::allowImageFromSource): Ditto.
            (WebCore::CSPDirectiveList::allowStyleFromSource): Ditto.
            (WebCore::CSPDirectiveList::allowFontFromSource): Ditto.
            (WebCore::CSPDirectiveList::allowMediaFromSource): Ditto.
            (WebCore::CSPDirectiveList::allowConnectToSource): Ditto.
            (WebCore::CSPDirectiveList::allowFormAction): Ditto.
            (WebCore::CSPDirectiveList::allowBaseURI): Ditto.
            (WebCore::ContentSecurityPolicy::didReceiveHeader): Remove isReportOnly() check,
            which is now inside allowEval().

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r175718.

    2014-11-06  Yongjun Zhang  <yongjun_zhang@apple.com>

            Don't send identifierForInitialRequest callback method for request with DoNotSendCallbacks option.
            https://bugs.webkit.org/show_bug.cgi?id=138473

            The iOS specific code that sets up a valid m_identifier is not needed any more, since this
            will be done later in ResourceLoader::willSendRequest. This also matches the behavior that
            we don't call assignIdentifierToInitialRequest callback method if the reqeust has
            DoNotSendCallbacks option.

            Reviewed by Pratik Solanki.

            * loader/ResourceLoader.cpp: 
            (WebCore::ResourceLoader::willSendRequest): Remove iOS specific block for setting up a valid
                m_identifier. In iOS, also make sure we still bail out if the resource loader was stopped
                in assignIdentifierToInitialRequest callback by a client.

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r175277.

    2014-10-24  Jeffrey Pfau  <jpfau@apple.com>

            FrameProgressTracker expects Page to not have detached
            https://bugs.webkit.org/show_bug.cgi?id=138061

            Reviewed by Alexey Proskuryakov.

            In some cases, a Page may be detached from a Frame before its
            FrameLoader is torn down, causing FrameProgressTracker's destructor
            to hit a null pointer.

            No new tests; it is impossible to reliably simulate the null pointer
            case without intrusive code changes.

            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::FrameProgressTracker::~FrameProgressTracker):

2015-01-21  Babak Shafiei  <bshafiei@apple.com>

        Merge r175236.

    2014-10-24  David Hyatt  <hyatt@apple.com>

            text-combine needs to center text within the vertical space using glyph bounds
            https://bugs.webkit.org/show_bug.cgi?id=138056
            <rdar://problem/15403667>

            Reviewed by Dean Jackson.

            Added fast/text/tatechuyoko.html

            * rendering/RenderCombineText.cpp:
            (WebCore::RenderCombineText::RenderCombineText):
            (WebCore::RenderCombineText::adjustTextOrigin):
            (WebCore::RenderCombineText::combineText):
            * rendering/RenderCombineText.h:

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r175241.

    2014-10-27  Chris Fleizach  <cfleizach@apple.com>

            AX: input type=hidden is being exposed when aria-hidden=false
            https://bugs.webkit.org/show_bug.cgi?id=138106

            Reviewed by Benjamin Poulain.

            If an input type=hidden was inside an aria-hidden=false, it would appear because
            the lack of a RenderObject behind that object was not blocking its adoption into the AX tree.
            We should explicity check for whether the type is hidden and then return an appropriate role. 

            Test: accessibility/input-type-hidden-in-aria-hidden-false.html

            * accessibility/AccessibilityNodeObject.cpp:
            (WebCore::AccessibilityNodeObject::determineAccessibilityRole):
            (WebCore::AccessibilityNodeObject::computeAccessibilityIsIgnored):

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r175131.

    2014-10-23  Jer Noble  <jer.noble@apple.com>

            [Mac] Safari cannot play 'audio/amr' content.
            https://bugs.webkit.org/show_bug.cgi?id=137894

            Reviewed by Eric Carlson.

            Test: media/media-can-play-case-insensitive.html

            Sites are returning 'video/amr' for AMR audio content, but the IANA spec says 'audio/AMR', which is also what
            AVFoundation claims to support.  However, MIME types are supposed to be case-insensitive. When creating our
            mime type cache, case-fold to lower all MIME types given to us by our media frameworks.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::mimeTypeCache):
            * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
            (WebCore::addFileTypesToCache):

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r174832.

    2014-10-17  Dean Jackson  <dino@apple.com>

            [Media] Always update controls for <audio> since they are always visible
            https://bugs.webkit.org/show_bug.cgi?id=137829
            <rdar://problem/18693987>

            Reviewed by Brent Fulgham.

            Revision 174756 made a change to only update the display of the controls
            while they are visible. However, <audio> elements didn't detect visibility
            the same way, since their controls do not auto-hide.

            Change controlsAreHidden to check if we're an audio element.

            * Modules/mediacontrols/mediaControlsApple.js:
            (Controller.prototype.controlsAreHidden): Audio elements do not auto-hide their controls.

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r174756.

    2014-10-15  Dean Jackson  <dino@apple.com>

            [Media] Reduce style updates (painting) in controls
            https://bugs.webkit.org/show_bug.cgi?id=137763
            <rdar://problem/17833045>

            Reviewed by Simon Fraser.

            Media controls were causing a lot of repaints they were
            constantly updating the style of the widgets, the value
            of the forms, or the text in the display.

            This is necessary when the controls are visible, but not
            necessary when they are hidden. Return immediately in that case.

            * Modules/mediacontrols/mediaControlsApple.js:
            (Controller.prototype.createControls): Initialise the slider to a zero value.
            (Controller.prototype.handleDurationChange): Force an update even though we might be hidden.
            (Controller.prototype.updateProgress): Don't update if we're hidden.
            (Controller.prototype.updateTime): Ditto.
            * Modules/mediacontrols/mediaControlsiOS.js:
            (ControllerIOS.prototype.updateProgress): Ditto.

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r174741.

    2014-10-13  Chris Fleizach  <cfleizach@apple.com>

            AX: Going back is broken for VoiceOver
            https://bugs.webkit.org/show_bug.cgi?id=137382

            Reviewed by Darin Adler.

            There were two issues preventing VoiceOver from navigating when using page history to go back/forward.
              1) Existing AXLoadComplete does not get fired when you just move through page history. 
                   There were existing frameLoad notifications used by GTK. I think we should use those which seem more reliable.
              2) The AccessibilityScrollView cached its children, but on some history page loads, that cache was never cleared out.
                   Rather than trying to find those places to clear out the cache, it's easier to just add the elements to the children
                   array everytime it's asked for. Since there's only ever 3 elements (web area + 2 scroll bars) this should not be a performance hit.

            Tests are not possible since they require monitoring notifications across multiple page loads.

            * accessibility/AXObjectCache.h:
            * accessibility/AccessibilityScrollView.cpp:
            (WebCore::AccessibilityScrollView::updateChildrenIfNecessary):
            * accessibility/ios/AXObjectCacheIOS.mm:
            (WebCore::AXObjectCache::frameLoadingEventPlatformNotification):
            * accessibility/mac/AXObjectCacheMac.mm:
            (WebCore::AXObjectCache::frameLoadingEventPlatformNotification):
            * dom/Document.cpp:
            (WebCore::Document::implicitClose):

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r174716.

    2014-10-14  Zalan Bujtas  <zalan@apple.com>

            REGRESSION (Safari 7.1/8.0): Border-radius and overflow hidden renders incorrectly.
            https://bugs.webkit.org/show_bug.cgi?id=137205

            Reviewed by Simon Fraser.

            Child layer should not reset radius clipping behaviour.

            Test: fast/layers/parent-clipping-overflow-is-overwritten-by-child-clipping.html

            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::calculateClipRects):

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r174712.

    2014-10-14  Dan Bernstein  <mitz@apple.com>

            URLs that start with http:/// and https:/// lose two slashes when parsed, causing assertion failure and inconsistent behavior
            https://bugs.webkit.org/show_bug.cgi?id=137718

            Reviewed by Alexey Proskuryakov.

            Added cases to fast/loader/url-parse-1.html.

            * platform/URL.cpp:
            (WebCore::URL::parse): In hierarchical schemes other than file:, ignore any additional
            slashes after the ://, as prescribed by the authority-ignore-slashes state in the current
            URL spec.

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r174540.

    2014-10-09  Said Abou-Hallawa  <sabouhallawa@apple.com>

            RenderMathMLUnderOver adds spacing to the child operator indefinitely when resizing the window.
            https://bugs.webkit.org/show_bug.cgi?id=137330

            Reviewed by Darin Adler.

            The layout for the <mundercover> math object happens in two separate passes. The first pass runs
            the layout for the two children and then calculates the maximum child width.  It then sets the 
            stretch size for the math operator child.  And finally it runs the second layout pass by calling
            the base class layout() function. The base class function then runs the layout for the children
            rendering blocks.  In the operator child function computePreferredLogicalWidths(), the stretch 
            size is used to adjust the width (or the height) of the operator. Then it adds the leading and
            trailing spaces and the total will be the operator child width.

            When resizing or zooming the window, the render objects are just invalidated but marked as 'needs-
            Layout'.  The problem is happening because the stretch size of the math operator is not reset
            before running the layout.  The old logical width (or height) of the the math operator child which
            is equal to the stretch size plus the leading and trailing spaces for is compared with the glyph
            size if the old logical width ( or height) is larger, it is set to be the stretch size.  When it
            is used again because of invalidation, new leading and trailing spaces are included in the new
            logical width.  So with every zooming-in or out or window resizing, new leading and trailing 
            spaces are added to the logical width of the math operator child or the math <munderober> object.

            Ensure the stretch size of the math operator render object is reset before running its layout.
            Running the layout means either the page is just loaded or it's invalidated which means, no 
            layout stall data should be used.

            Test: mathml/opentype/munderover-window-resize.html

            * rendering/mathml/RenderMathMLOperator.cpp:
            (WebCore::RenderMathMLOperator::resetStretchSize):
            * rendering/mathml/RenderMathMLOperator.h:
            resetStretchSize() sets the stretch size to its original value when the class is created.
            * rendering/mathml/RenderMathMLUnderOver.cpp:
            (WebCore::RenderMathMLUnderOver::layout):
            Make sure the operator stretch size is reset before calling its layout. Also make sure the new 
            maximum stretch size to the operator objects that were invalid and needsLayout.

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r174345.

    2014-10-06  Chris Fleizach  <cfleizach@apple.com>

            AX: Performance: Certain Web site causes Safari to hang completely while entering form data
            https://bugs.webkit.org/show_bug.cgi?id=137420

            Reviewed by Mario Sanchez Prada.

            If a website has multiple nested tables that are not "accessibility" tables, the performance of accessibility slows to a crawl because:
              1) We are re-computing accessibilityIsIgnored many times.
                   As a solution, we can enable the isIgnoredCache when updating children.
              2) When asking if an object isTableCell, we'd go up the parent chain, asking each of those parents the same question, which exploded into calling this many times.
                  As a solution, I've changed our determination of isTableCell to instead check if the parent is an accessibiltyTable which should be much faster.

            No new functionality. Existing tests cover changes.

            * accessibility/AccessibilityObject.cpp:
            (WebCore::AccessibilityObject::updateChildrenIfNecessary):
            (WebCore::AccessibilityObject::accessibilityIsIgnored):
            * accessibility/AccessibilityTableCell.cpp:
            (WebCore::AccessibilityTableCell::parentTable):
            (WebCore::AccessibilityTableCell::isTableCell):

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r174330.

    2014-10-05  Chris Fleizach  <cfleizach@apple.com>

            AX: iOS8: Crash at -[WebAccessibilityObjectWrapper accessibilityElementAtIndex:]
            https://bugs.webkit.org/show_bug.cgi?id=137289

            Reviewed by Mario Sanchez Prada.

            Casting a NSInteger to an unsigned can bypass the check we were hoping to achieve, 
            because size_t is not the same as unsigned.

            Test: platform/ios-sim/accessibility/out-of-bounds-child-access.html

            * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
            (-[WebAccessibilityObjectWrapper accessibilityElementAtIndex:]):

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r173790.

    2014-09-19  Jer Noble  <jer.noble@apple.com>

            [Media][Mac] Buffered range slides around as you resize a window
            https://bugs.webkit.org/show_bug.cgi?id=136960

            Reviewed by Dean Jackson.

            Rather than using a canvas as the background image for the timeline slider, use a generated SVG image
            to represent the buffered ranges.

            * Modules/mediacontrols/mediaControlsApple.css:
            (audio::-webkit-media-controls-timeline):
            * Modules/mediacontrols/mediaControlsApple.js:
            (Controller.prototype.createControls):
            (Controller.prototype.updateProgress):

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r173688.

    2014-09-16  Yusuke Suzuki  <utatane.tea@gmail.com>

            filterRootById accidentally clears inAdjacentChain flag
            https://bugs.webkit.org/show_bug.cgi?id=136851

            Reviewed by Benjamin Poulain.

            Test: fast/selectors/filter-root-node-with-selector-contains-adjacents.html

            * dom/SelectorQuery.cpp:
            (WebCore::filterRootById):

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r173504.

    2014-09-10  Timothy Horton  <timothy_horton@apple.com>

            Fix the build.

            * platform/network/ResourceHandle.h:
            * platform/network/mac/ResourceHandleMac.mm:

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r173501.

    2014-09-10  Tim Horton  <timothy_horton@apple.com>

            Call setCollectsTimingData only once, and before making any {CF,NS}URLConnections
            https://bugs.webkit.org/show_bug.cgi?id=136731
            <rdar://problem/18252844>

            Reviewed by Simon Fraser.

            * platform/network/cf/ResourceHandleCFNet.cpp:
            (WebCore::ResourceHandle::start):
            Move setCollectsTimingData to before createCFURLConnection, so the first connection
            has timing data associated with it.

            * platform/network/mac/ResourceHandleMac.mm:
            (WebCore::ResourceHandle::createNSURLConnection):
            Move setCollectsTimingData to before we create our NSURLConnection, so the first connection
            has timing data associated with it.
            Use setCollectsTimingData instead of the NSURLConnection SPI directly.

            (WebCore::ResourceHandle::setCollectsTimingData):
            Only call _setCollectsTimingData once.

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r173071.

    2014-08-27  Enrica Casucci  <enrica@apple.com>

            textStylingAtPosition returns incorrect values after executing toggleBold, toggleItalic and toggleUnderline.
            https://bugs.webkit.org/show_bug.cgi?id=136323
            rdar://problem/18141964

            Reviewed by Antti Koivisto.

            For underline style we need to check typingStyle first and use that information to populate
            the dictionary. If there is no typing style we can use the render style.

            * WebCore.exp.in:
            * editing/ios/EditorIOS.mm:
            (WebCore::Editor::fontAttributesForSelectionStart):

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r172797.

    2014-08-20  Zalan Bujtas  <zalan@apple.com>

            Dashed/dotted borders do not paint.
            https://bugs.webkit.org/show_bug.cgi?id=135898

            Reviewed by Simon Fraser.

            Remove the empty line checks for drawLines. There's no need to protect the graphics
            context from empty lines.

            Tests: fast/borders/border-painting-dashed-at-all.html
                   fast/borders/border-painting-dashed.html
                   fast/borders/border-painting-dotted-at-all.html
                   fast/borders/border-painting-dotted.html
                   fast/borders/border-painting-double-at-all.html
                   fast/borders/border-painting-double.html
                   fast/borders/border-painting-groove-at-all.html
                   fast/borders/border-painting-inset-at-all.html
                   fast/borders/border-painting-inset.html
                   fast/borders/border-painting-outset-at-all.html
                   fast/borders/border-painting-outset.html
                   fast/borders/border-painting-ridge-at-all.html
                   fast/borders/border-painting-solid-at-all.html
                   fast/borders/border-painting-solid.html
                   fast/borders/hidpi-border-painting-groove.html
                   fast/borders/hidpi-border-painting-ridge.html

            * rendering/RenderObject.cpp:
            (WebCore::RenderObject::drawLineForBoxSide):
            (WebCore::drawBorderLineRect): Deleted.
            (WebCore::drawBorderLine): Deleted.

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r172504.

    2014-08-12  Myles C. Maxfield  <mmaxfield@apple.com>

            Fonts forced to use non synthetic italics might be laid out with the incorrect baseline
            https://bugs.webkit.org/show_bug.cgi?id=135403

            Reviewed by Darin Adler.

            When italics is specified on a font, and the font isn't coming from the cache, we ask
            the SimpleFontData to provide a non-synthetic-italic version of itself. Our current
            implementation doesn't preserve whether or not the SimpleFontData includes vertical
            glyphs (glyphs that are not rotated when drawn in the vertical writing mode), which
            determines which baseline we use to lay out the text. By passing "false" to
            the isTextOrientationFallback argument to SimpleFontData::create(), we preserve this
            hasVerticalGlyphs flag.

            Test: fast/text/international/synthesized-italic-vertical-latin-double.html

            * platform/graphics/SimpleFontData.cpp:
            (WebCore::SimpleFontData::nonSyntheticItalicFontData):
            * testing/Internals.cpp:
            (WebCore::Internals::invalidateFontCache): Add "invalidateFontCache" to window.internals.
            * testing/Internals.h: Ditto.
            * testing/Internals.idl: Ditto.

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r172326.

    2014-08-07  Zalan Bujtas  <zalan@apple.com>

            Subpixel rendering: Border thickness and length flooring can result empty borders
            due to losing precision during multiple float <-> LayoutUnit conversions.
            https://bugs.webkit.org/show_bug.cgi?id=135686

            Reviewed by Simon Fraser.

            The combination of losing precision and flooring the border thickness/length to avoid
            empty border rect drawing can lead to false positives of missing borders.
            This patch moves empty border checking right before painting where we can safely use round
            instead of floor.

            Tests: fast/borders/hidpi-border-width-flooring.html

            * rendering/RenderObject.cpp:
            (WebCore::drawBorderLineRect):
            (WebCore::drawBorderLine):
            (WebCore::RenderObject::drawLineForBoxSide):

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r172215.

    2014-08-07  Pratik Solanki  <psolanki@apple.com>

            Random resource replacement on beta.icloud.com
            https://bugs.webkit.org/show_bug.cgi?id=135685
            <rdar://problem/17937975>

            Reviewed by Alexey Proskuryakov.

            Revert the performance optimization in r170499. It turns out we could get a delayed disk
            cache notification for a resource that has since been changed in WebCore. In such a case, we
            were replacing the newer resource data with the older disk cached resource data. This was
            happening for cached POST content on beta.icloud.com. Fix this by forcing a memcmp of data
            contents before replacing it which is what we used to do before.

            * loader/cache/CachedResource.cpp:
            (WebCore::CachedResource::tryReplaceEncodedData):

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r171984.

    2014-08-03  Dan Bernstein  <mitz@apple.com>

            <rdar://problem/17782529> REGRESSION: OS marketing version in iOS Simulator user-agent string is the host OS’s
            https://bugs.webkit.org/show_bug.cgi?id=135549

            Reviewed by Mark Rowe.

            * platform/cocoa/SystemVersion.mm:
            (WebCore::createSystemMarketingVersion): On the iOS Simulator, locate the system Library
            directory relative to the Simulator root.

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r171941.

    2014-07-30  Myles C. Maxfield  <mmaxfield@apple.com>

            URLs in srcset attributes are not made absolute upon copy and paste
            https://bugs.webkit.org/show_bug.cgi?id=135448

            Reviewed by Ryosuke Niwa.

            When pasting, canonicalize URLs in srcset the same way we do with src.

            Test: editing/pasteboard/img-srcset-copy-paste-canonicalization.html

            * dom/Element.cpp:
            (WebCore::Element::completeURLsInAttributeValue): Initial implemention, moved from markup.cpp.
            * dom/Element.h:
            (WebCore::Element::attributeContainsURL): New function for completeURLs to call.
            (WebCore::Element::completeURLsInAttributeValue): Only called if attributeContainsURL returns
            true. Default implementation simply calls isURLAttribute().
            * editing/markup.cpp:
            (WebCore::completeURLs): Call attributeContainsURL() and completeURLsInAttributeValue() to
            complete the URL, so nodes can perform their own behavior.
            * html/HTMLImageElement.cpp:
            (WebCore::HTMLImageElement::attributeContainsURL): Return true for srcset.
            (WebCore::HTMLImageElement::completeUrlAttributeValue): Use our existing srcset parser to
            parse the srcset attribute, then use its output to canonicalize URLs, and build it back up
            into a string.
            * html/HTMLImageElement.h:
            (WebCore::HTMLImageElement::attributeContainsURL):
            (WebCore::HTMLImageElement::completeUrlAttributeValue):
            * html/parser/HTMLSrcsetParser.cpp: Make parseImageCandidatesFromSrcsetAttribute() public
            and change its signature to return its result.
            (WebCore::parseImageCandidatesFromSrcsetAttribute):
            * html/parser/HTMLSrcsetParser.h: Ditto.

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r171708.

    2014-07-28  Brady Eidson  <beidson@apple.com>

            REGRESSION(168376): Standalone images pasted to Outlook 2011 don't display
            <rdar://problem/17768371> and https://bugs.webkit.org/show_bug.cgi?id=135363

            Reviewed by Tim Horton.

            Outlook isn’t prepared to handle the resource load callbacks when sent synchronously.

            r168376 was an optimization that we no longer need, so the simplest fix is to roll it out.

            * editing/mac/EditorMac.mm:
            (WebCore::Editor::WebContentReader::readImage):

            * loader/archive/ArchiveResource.cpp:
            (WebCore::ArchiveResource::ArchiveResource):
            * loader/archive/ArchiveResource.h:
            (WebCore::ArchiveResource::setShouldLoadImmediately): Deleted.
            (WebCore::ArchiveResource::shouldLoadImmediately): Deleted.

            * loader/cache/CachedResourceLoader.cpp:
            (WebCore::CachedResourceLoader::requestResource):

2015-01-20  Babak Shafiei  <bshafiei@apple.com>

        Merge r171692.

    2014-07-28  Andreas Kling  <akling@apple.com>

            REGRESSION (r160806): CSS zoom property doesn't work on anything inside anchors.
            <https://webkit.org/b/135344>
            <rdar://problem/17759577>

            When DeprecatedStyleBuilder applies the CSS zoom property (ApplyPropertyZoom)
            it first resets the "effective zoom" by calling RenderStyle::setEffectiveZoom().

            This mechanism was not resistent to being called multiple times, due to the
            optimization in RenderStyle::setZoom() to avoid copy-on-writing the shared data
            when setting some property to the already-set value.

            The bug would happen in this sequence:

            ApplyPropertyZoom:
                - setEffectiveZoom(1);
                - setZoom(2); // this updates the effective zoom
            ApplyPropertyZoom:
                - setEffectiveZoom(1);
                - setZoom(2); // this doesn't update the effective zoom

            When we run the second setZoom(2); call, the RenderStyle's zoom value is 2
            already and we'll early return without updating the effective zoom.

            This change moves the updating of the effective zoom in setZoom() to take place
            before the early return due to overwriting with the same value.

            Note: the fact that we're apply the zoom property twice is an inefficiency that
            we should figure out a way to avoid in the future.

            Reviewed by Simon Fraser.

            Test: fast/css/zoom-inside-link.html

            * rendering/style/RenderStyle.h:
            (WebCore::RenderStyle::setZoom):

2014-12-19  Babak Shafiei  <bshafiei@apple.com>

        Merge r177566.

    2014-12-18  Jeremy Jones  <jeremyj@apple.com>

            dispatch to main thread before accessing playerController() in WebVideoFullscreenInterfaceAVKit::setCanPlayFastReverse
            https://bugs.webkit.org/show_bug.cgi?id=139809

            Reviewed by Dan Bernstein.

            This prevents a race in playerController().

            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (WebVideoFullscreenInterfaceAVKit::setCanPlayFastReverse):

2014-12-17  Babak Shafiei  <bshafiei@apple.com>

        Merge build fix for r177375.

    2014-12-16  Jer Noble  <jer.noble@apple.com>

            Unreviewed build fix after r177375; explicitly cast to NSUInteger.

            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (WebVideoFullscreenInterfaceAVKit::setAudioMediaSelectionOptions):
            (WebVideoFullscreenInterfaceAVKit::setLegibleMediaSelectionOptions):

2014-12-17  Babak Shafiei  <bshafiei@apple.com>

        Merge patch for r177375.

    2014-12-16  Jer Noble  <jer.noble@apple.com>

            [iOS] Crash in WebKit::WebPageProxy::dispatchViewStateChange() tapping a link from another app while playing a video
            https://bugs.webkit.org/show_bug.cgi?id=139550

            Reviewed by Anders Carlsson.

            The existing "dispatch to WebThread, then release" model is insufficient and still
            can result in RefPtr race conditions between the main thread and the web thread.
            Make WebVideoFullscreenInterfaceAVKit a thread-safe ref-counted class, which
            eliminates the necessity of disptaching back to the web thread before releasing.

            * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (WebVideoFullscreenInterfaceAVKit::setDuration): Use a strongThis model.
            (WebVideoFullscreenInterfaceAVKit::setCurrentTime): Ditto.
            (WebVideoFullscreenInterfaceAVKit::setRate): Ditto.
            (WebVideoFullscreenInterfaceAVKit::setVideoDimensions): Ditto.
            (WebVideoFullscreenInterfaceAVKit::setSeekableRanges): Ditto.
            (mediaSelectionOptions): Return a RetainPtr object.
            (WebVideoFullscreenInterfaceAVKit::setAudioMediaSelectionOptions): Use a strongThis model.
            (WebVideoFullscreenInterfaceAVKit::setLegibleMediaSelectionOptions): Ditto.
            (WebVideoFullscreenInterfaceAVKit::setExternalPlayback): Ditto.
            (WebVideoFullscreenInterfaceAVKit::setupFullscreen): Ditto.
            (WebVideoFullscreenInterfaceAVKit::enterFullscreen): Ditto.
            (WebVideoFullscreenInterfaceAVKit::exitFullscreen): Ditto.
            (WebVideoFullscreenInterfaceAVKit::cleanupFullscreen): Ditto.
            (WebVideoFullscreenInterfaceAVKit::setupFullscreenInternal): Added utility
                function. Lets us use the implied this pointer rather than an explicit
                strongThis.
            (WebVideoFullscreenInterfaceAVKit::enterFullscreenOptimized): Ditto.
            (WebVideoFullscreenInterfaceAVKit::enterFullscreenStandard): Ditto.
            (WebVideoFullscreenInterfaceAVKit::exitFullscreenInternal): Ditto.
            (WebVideoFullscreenInterfaceAVKit::cleanupFullscreenInternal): Ditto.
            (WebVideoFullscreenInterfaceAVKit::requestHideAndExitFullscreen): Use a strongThis model.

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r176803.

    2014-12-04  Oliver Hunt  <oliver@apple.com>

            Serialization of MapData object provides unsafe access to internal types
            https://bugs.webkit.org/show_bug.cgi?id=138653

            Reviewed by Geoffrey Garen.

            We now keep the value portion of the key/value pair in MapData as a
            separate stack. This allows us to maintain the spec semantic of
            "atomic" serialisation of the key/value pair without retaining the
            use of a potentially invalid iterator.

            * bindings/js/SerializedScriptValue.cpp:
            (WebCore::CloneSerializer::serialize):

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r175974.

    2014-11-11  David Kilzer  <ddkilzer@apple.com>

            Protect Document in ProcessingInstruction::setXSLStyleSheet()
            <http://webkit.org/b/138621>

            Reviewed by Andreas Kling.

            The patch is inspired by the following Blink revision by
            <tasak@google.com>:
            <https://src.chromium.org/viewvc/blink?view=rev&revision=182309>

            * dom/ProcessingInstruction.cpp:
            (WebCore::ProcessingInstruction::setXSLStyleSheet):

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r175347.

    2014-10-29  Alexey Proskuryakov  <ap@apple.com>

            Notify Settings object when its Page object goes away.
            https://bugs.webkit.org/show_bug.cgi?id=138183
            rdar://problem/18786900

            Reviewed by Andreas Kling.

            I could not make a test for this issue.

            * page/Page.cpp:
            (WebCore::Page::~Page):
            * page/Settings.cpp:
            (WebCore::setImageLoadingSettings):
            (WebCore::Settings::Settings):
            (WebCore::Settings::setTextAutosizingEnabled):
            (WebCore::Settings::setTextAutosizingWindowSizeOverride):
            (WebCore::Settings::setTextAutosizingFontScaleFactor):
            (WebCore::Settings::setMediaTypeOverride):
            (WebCore::Settings::setScriptEnabled):
            (WebCore::Settings::setUserStyleSheetLocation):
            (WebCore::Settings::setMinDOMTimerInterval):
            (WebCore::Settings::minDOMTimerInterval):
            (WebCore::Settings::domTimerAlignmentInterval):
            (WebCore::Settings::setUsesPageCache):
            (WebCore::Settings::setScreenFontSubstitutionEnabled):
            (WebCore::Settings::setFontRenderingMode):
            (WebCore::Settings::setDNSPrefetchingEnabled):
            (WebCore::Settings::setStorageBlockingPolicy):
            (WebCore::Settings::setBackgroundShouldExtendBeyondPage):
            (WebCore::Settings::setScrollingPerformanceLoggingEnabled):
            (WebCore::Settings::setHiddenPageDOMTimerThrottlingEnabled):
            (WebCore::Settings::setHiddenPageCSSAnimationSuspensionEnabled):
            (WebCore::Settings::setFontFallbackPrefersPictographs):
            * page/Settings.h:
            (WebCore::Settings::pageDestroyed):

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r175345.

    2014-10-29  Zalan Bujtas  <zalan@apple.com>

            Remove invalid float from RootInlineBox.
            https://bugs.webkit.org/show_bug.cgi?id=137707

            Reviewed by Antti Koivisto.

            In certain cases, floating boxes get attached to the last (root) inline box.
            When this particular floating box gets destroyed, it also needs to be detached
            from the last inline box.
            1. Introduce RootInlineBox::removeFloat() (vs. RootInlineBox::appendFloat())
            2. Ensure that it is called when the floating box is being destroyed.

            Test: fast/inline/crash-when-inline-box-has-invalid-float.html

            * rendering/RenderBlockFlow.cpp:
            (WebCore::RenderBlockFlow::removeFloatingObject):
            (WebCore::RenderBlockFlow::markAllDescendantsWithFloatsForLayout): During style recalc, while
            tearing down the render tree, we can get to a state where a block element has both inline and block children.
            It happens when the style change on an element makes sibling anonymous block wrappers detached.
            In that case the markAllDescendantsWithFloatsForLayout() call does not get propagated down on the
            block child elements as we return early at the childrenInline() check.
            * rendering/RootInlineBox.h:
            (WebCore::RootInlineBox::removeFloat):

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r175197.

    2014-10-24  Said Abou-Hallawa  <sabouhallawa@apple.com>

            Clamp wordSpacing percentage value.
            https://bugs.webkit.org/show_bug.cgi?id=129350.

            Reviewed by Zalan Bujtas.

            When the CSS wordSpacing property is percentage, its value has to be within the
            pre-defined min/max values for the CSS length type. This is done the same way
            the wordSpacing of type <length> is handled.

            Tests: css3/infinite-word-spacing.html.

            Move the definitions of minValueForCssLength and maxValueForCssLength from the
            .cpp file to the .h file.
            * css/CSSPrimitiveValue.cpp:
            * css/CSSPrimitiveValue.h:

            Clamp the wordSpacing value to minValueForCssLength and maxValueForCssLength when
            its type is percentage.
            * css/DeprecatedStyleBuilder.cpp:
            (WebCore::ApplyPropertyWordSpacing::applyValue):

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r176735.

    2014-12-03  Dana Burkart  <dburkart@apple.com>

            Fix merge-related build failure.

            * rendering/RenderBlock.cpp:
            (WebCore::RenderBlock::blockSelectionGaps):

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r176295.

    2014-11-18  David Hyatt  <hyatt@apple.com>

            REGRESSION (r167210): Invalid cast in WebCore::RenderBlock::blockSelectionGaps
            https://bugs.webkit.org/show_bug.cgi?id=137590

            Reviewed by Dean Jackson.

            Added fast/block/selection-block-gaps-crash.html

            * rendering/RenderBlock.cpp:
            (WebCore::RenderBlock::blockSelectionGaps):
            Check that we really are a RenderBlock before recurring.

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r175074.

    2014-10-22  Said Abou-Hallawa  <sabouhallawa@apple.com>

            SVG loaded through html <img> can't request to load any external resources.
            https://bugs.webkit.org/show_bug.cgi?id=137762.

            Reviewed by Daniel Bates.

            SVG images have unique security rules that prevent them from loading any external
            resources. This patch enforces these rules in CachedResourceLoader::canRequest for
            all non-data-uri resources.

            The fix and the tests are ported but modified a little from the chromium fix:
            http://src.chromium.org/viewvc/blink?view=rev&rev=176084

            Test: http/tests/security/svg-image-with-cached-remote-image.html
                  http/tests/security/svg-image-with-css-cross-domain.html

            For the SVG image, prevent loading any external sub-resource except for data urls.
            * loader/cache/CachedResourceLoader.cpp:
            (WebCore::CachedResourceLoader::canRequest):

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r174946.

    2014-10-21  Manuel Rego Casasnovas  <rego@igalia.com>

            ASSERTION FAILED: !gridWasPopulated() in WebCore::RenderGrid::placeItemsOnGrid
            https://bugs.webkit.org/show_bug.cgi?id=136939

            Reviewed by Darin Adler.

            In some particular situations computeIntrinsicLogicalWidths() is called
            in the middle of layoutGridItems(). In these cases we do not need to
            populate the grid again, so we should avoid calling placeItemsOnGrid().
            In addition, we do not need to clean the grid either, as that will be
            done later by layoutGridItems().

            Test: fast/css-grid-layout/grid-was-populated-assert.html

            * rendering/RenderGrid.cpp:
            (WebCore::RenderGrid::computeIntrinsicLogicalWidths): Avoid calls to
            placeItemsOnGrid() and clearGrid() if the grid was already populated.
            * rendering/RenderGrid.h: Move gridWasPopulated() header out of the
            debug ifdefs.

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r174922.

    2014-10-17  Jeffrey Pfau  <jpfau@apple.com>

            Ensure attached frame count doesn't exceed the maximum allowed frames
            https://bugs.webkit.org/show_bug.cgi?id=136457

            Reviewed by Alexey Proskuryakov.

            Test: fast/frames/exponential-frames.html

            * html/HTMLFrameElementBase.cpp:
            (WebCore::HTMLFrameElementBase::isURLAllowed):

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r173845.

    2014-09-22  David Hyatt  <hyatt@apple.com>

            Bad cast in isValidColumnSpanner.
            https://bugs.webkit.org/show_bug.cgi?id=133380.

            Reviewed by Simon Fraser.

            Added fast/multicol/multicol-crazy-nesting.html

            * rendering/RenderMultiColumnFlowThread.cpp:
            (WebCore::isValidColumnSpanner):
            The crawl up the chain looking for unsplittable objects should use containing blocks
            and not be casting to parent boxes. You can have an inline in the parent chain, so
            this was not the right way to walk up the tree.

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r173843.

    2014-09-22  David Hyatt  <hyatt@apple.com>

            ASSERT in RenderMultiColumnSet::requiresBalancing.
            https://bugs.webkit.org/show_bug.cgi?id=136376.

            Reviewed by David Kilzer.

            Added fast/multicol/multicol-selection.html.

            * rendering/RenderMultiColumnFlowThread.cpp:
            (WebCore::isValidColumnSpanner):
            Don't allow an object to become a spanner if it does not have the flow
            thread as its containing block. Otherwise the flow thread won't get notified
            of spanner placeholder insertions, and so the spanner ends up orphaned.

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r173738.

    2014-09-18  Daniel Bates  <dabates@apple.com>

            REGRESSION (r168921): SVG elements may be unnecessarily rebuilt
            https://bugs.webkit.org/show_bug.cgi?id=136373

            Reviewed by David Kilzer.

            Fixes an issue where a SVG element may be unnecessarily rebuilt. In particular,
            it is unnecessary to rebuild a SVG element that will be removed from the document.

            Test: svg/custom/remove-subtree-including-use-with-child-textpath-that-references-earlier-path.html

            * svg/SVGDocumentExtensions.cpp:
            (WebCore::SVGDocumentExtensions::removeAllElementReferencesForTarget): Modified to remove a SVG element
            from the list of elements to be rebuilt.

2014-12-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r173424.

    2014-09-08  Mihnea Ovidenie  <mihnea@adobe.com>

            [CSSRegions]Incorrect layout for multicol element transformed into region
            https://bugs.webkit.org/show_bug.cgi?id=136459

            Reviewed by David Hyatt.

            Until we will support the multicolumn region functionality, a multicolumn element
            that also has flow-from style is not transformed into a region (https://bugs.webkit.org/show_bug.cgi?id=135153).
            However, when a multicolumn element with flow-from style dynamically loses
            its multicolumn style while keeping the flow-from style, we have to transform
            the element into a region by detaching and attaching the associated DOM node,
            in the same way we are proceeding when an element receives a different flow-from style.

            Test: fast/regions/multicol/nested-multicol-into-region-dynamic.html

            * style/StyleResolveTree.cpp:
            (WebCore::Style::determineChange):

2014-12-09  Babak Shafiei  <bshafiei@apple.com>

        Merge r173061.

    2014-08-28  Mihnea Ovidenie  <mihnea@adobe.com>

            [CSSRegions] Incorrect selection clearing on a document without regions
            https://bugs.webkit.org/show_bug.cgi?id=134901

            Reviewed by David Hyatt.

            When we select all the content of document with named flows but without regions,
            the start and end points of selection is cached in RenderView. However, since
            the document has named flows, the selection is split between the subtrees. During the split,
            it is possible that the cached end-points of the original selection are not included
            in any of the resulting subtree selection and they are not marked accordingly.
            In order to process the selection clearing correctly, we have to take the original
            selection end-points into account.

            Test: fast/regions/selection/select-all-without-regions.html

            * rendering/RenderObject.cpp:
            (WebCore::RenderObject::isSelectionBorder):

2014-12-09  Babak Shafiei  <bshafiei@apple.com>

        Merge r173046.

    2014-08-27  Daniel Bates  <dabates@apple.com>

            Scrollbar corner can be drawn outside containing frame
            https://bugs.webkit.org/show_bug.cgi?id=133131
            <rdar://problem/16382769>

            Reviewed by Simon Fraser.

            Merged from Blink (patch by Levi Weintraub):
            <https://src.chromium.org/viewvc/blink?revision=170625&view=revision>

            Fixes an issue where the scroll corner may be painted outside the rectangle of
            its associated frame by setting a clip rectangle before painting the scroll bar(s)
            and scroll corner.

            Test: scrollbars/custom-scrollbars-paint-outside-iframe.html

            * platform/ScrollView.cpp:
            (WebCore::ScrollView::paint):

2014-12-09  Babak Shafiei  <bshafiei@apple.com>

        Merge r171849.

    2014-07-31  Andrei Bucur  <abucur@adobe.com>

            [CSS Multicolumn] Clear the lines when switching to multi-column layout
            https://bugs.webkit.org/show_bug.cgi?id=135127

            Reviewed by Alexandru Chiculita.

            When switching an element to multi-column layout it becomes a container of block
            children. When this happens the existing line boxes must be deleted in addition
            to clearing the hasInlineChildren flag.

            Tests: fast/multicol/inline-container-to-multicol.html
                   fast/multicol/inline-container-to-multicol-float.html
                   fast/multicol/inline-container-to-multicol-positioned.html

            * rendering/RenderBlockFlow.cpp:
            (WebCore::RenderBlockFlow::createMultiColumnFlowThread):

2014-10-27  Babak Shafiei  <bshafiei@apple.com>

        Merge r175158.

    2014-10-23  Zalan Bujtas  <zalan@apple.com>

            WebContent crash at WebCore::RenderTextControl::textFormControlElement const.
            https://bugs.webkit.org/show_bug.cgi?id=138035

            Reviewed by Antti Koivisto.

            NULL-check element().renderer() before using it.

            * html/SearchInputType.cpp:
            (WebCore::SearchInputType::didSetValueByUserEdit):

2014-10-23  Babak Shafiei  <bshafiei@apple.com>

        Merge r174827.

    2014-10-17  Alexey Proskuryakov  <ap@apple.com>

            [iOS] Crash when load is canceled while waiting for the user to type HTTP authentication credentials
            https://bugs.webkit.org/show_bug.cgi?id=137826
            rdar://problem/17329599

            Reviewed by Brady Eidson.

            No new tests, as we don't have a way to simulate details of user interaction with
            an auth dialog.

            * platform/network/cf/ResourceHandleCFNet.cpp:
            (WebCore::ResourceHandle::receivedCredential):
            (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
            (WebCore::ResourceHandle::receivedRequestToPerformDefaultHandling):
            (WebCore::ResourceHandle::receivedChallengeRejection):
            Added null checks before passing m_connection for CFNetwork functions, making this
            match what Mac code does when sending a message to a nil receiver.

2014-10-23  Babak Shafiei  <bshafiei@apple.com>

        Merge r174846.

    2014-10-17  Simon Fraser  <simon.fraser@apple.com>

            [iOS] Speculative fix for a crash under RenderLayerCompositor::updateScrollCoordinatedLayer()
            https://bugs.webkit.org/show_bug.cgi?id=137837
            rdar://problem/18545452

            Reviewed by Tim Horton.

            Crash logs suggest that an iframe's RenderView's RenderLayer's backing can be null
            in a call to updateScrollCoordinatedLayer(), so add an assertion (to help find a reproducible case)
            and a null check.

            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::attachScrollingNode):

2014-10-23  Babak Shafiei  <bshafiei@apple.com>

        Merge r174787.

    2014-10-16  Alexey Proskuryakov  <ap@apple.com>

            Crashes in ResourceHandleCFURLConnectionDelegateWithOperationQueue due to unimplemented retain/release
            https://bugs.webkit.org/show_bug.cgi?id=137779
            rdar://problem/18679320

            Reviewed by Brady Eidson.

            * platform/network/cf/ResourceHandleCFURLConnectionDelegate.cpp:
            (WebCore::ResourceHandleCFURLConnectionDelegate::retain):
            (WebCore::ResourceHandleCFURLConnectionDelegate::release):
            (WebCore::ResourceHandleCFURLConnectionDelegate::makeConnectionClient):
            * platform/network/cf/ResourceHandleCFURLConnectionDelegate.h:
            Implemented retain/release. They are necessary, as ResourceHandle goes away when
            it's canceled, and there is noone else to keep the client object alive but
            CFURLConnection itself.

            * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveData):
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFinishLoading):
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFail):
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveChallenge):
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData):
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace):
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveDataArray):
            Added a FIXME about potential improvements that I spotted while invsestigating this.

2014-10-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r173974.

    2014-09-25  Jeremy Jones  <jeremyj@apple.com>

            Race in ref pointer for WebVideoFullscreenInterfaceAVKit.
            https://bugs.webkit.org/show_bug.cgi?id=137123

            Reviewed by Eric Carlson.

            Add WebThreadRun to prevent race with RefPtr of WebVideoFullscreenInterfaceAVKit.

            * platform/ios/WebVideoFullscreenControllerAVKit.mm:
            (-[WebVideoFullscreenController didSetupFullscreen]): add WebThreadRun
            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (WebVideoFullscreenInterfaceAVKit::setDuration): ditto
            (WebVideoFullscreenInterfaceAVKit::setCurrentTime): ditto
            (WebVideoFullscreenInterfaceAVKit::setRate): ditto
            (WebVideoFullscreenInterfaceAVKit::setVideoDimensions): ditto
            (WebVideoFullscreenInterfaceAVKit::setSeekableRanges): ditto
            (WebVideoFullscreenInterfaceAVKit::setAudioMediaSelectionOptions): ditto
            (WebVideoFullscreenInterfaceAVKit::setLegibleMediaSelectionOptions): ditto
            (WebVideoFullscreenInterfaceAVKit::setExternalPlayback): ditto
            (WebVideoFullscreenInterfaceAVKit::setupFullscreen): ditto
            (WebVideoFullscreenInterfaceAVKit::enterFullscreen): ditto
            (WebVideoFullscreenInterfaceAVKit::exitFullscreen): ditto
            (WebVideoFullscreenInterfaceAVKit::cleanupFullscreen): ditto
            (WebVideoFullscreenInterfaceAVKit::requestHideAndExitFullscreen): ditto

2014-10-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r173848.

    2014-09-22  Alexey Proskuryakov  <ap@apple.com>

            WebSocket crash when a connection is closed from server side
            https://bugs.webkit.org/show_bug.cgi?id=137009
            rdar://problem/18333977
            rdar://problem/12708225

            Reviewed by Brady Eidson.

            I don't think that this can be tested with our test server.

            * Modules/websockets/WebSocketChannel.cpp:
            (WebCore::WebSocketChannel::WebSocketChannel): Added logging.
            (WebCore::WebSocketChannel::~WebSocketChannel): Ditto.
            (WebCore::WebSocketChannel::close): Protect self, because startClosingHandshake
            can release the last reference.
            (WebCore::WebSocketChannel::fail): Added an assertion that the channel is always
            closed after this function.
            (WebCore::WebSocketChannel::startClosingHandshake): Protect self, and don't change
            the stack from closed back to closing if after failing to send closing handshake.
            (WebCore::WebSocketChannel::processOutgoingFrameQueue): Protect self.

2014-10-19  Babak Shafiei  <bshafiei@apple.com>

        Merge r174651.

    2014-10-13  Jer Noble  <jer.noble@apple.com>

            [iOS] Stop listening for wireless playback target availability when the default controls are hidden.
            https://bugs.webkit.org/show_bug.cgi?id=137633

            Reviewed by Dean Jackson.

            In order to minimize the excess bandwidth and power consumption required for actively listening
            for wireless playback target availablity, unregister for those notifications while the controls
            are hidden due to playback, or when the element's document is hidden.

            * Modules/mediacontrols/mediaControlsiOS.js:
            (ControllerIOS.prototype.createBase): Register for document visiblity change notfications.
            (ControllerIOS.prototype.setControlsType): Call updateShouldListenForPlaybackTargetAvailabilityEvent()
                instead of setShouldListenForPlaybackTargetAvailabilityEvent()
            (ControllerIOS.prototype.hideControls): Ditto.
            (ControllerIOS.prototype.showControls): Ditto.
            (ControllerIOS.prototype.updateStatusDisplay): Ditto.
            (ControllerIOS.prototype.handleVisibilityChange): Ditto.
            (ControllerIOS.prototype.updateShouldListenForPlaybackTargetAvailabilityEvent): Added. Only listen
                for target availability when the video has no errors, is not in the initial "big play button"
                controls state, and when the controls are not hidden.
            * platform/audio/ios/MediaSessionManagerIOS.mm:
            (-[WebMediaSessionHelper stopMonitoringAirPlayRoutes]): Explicitly set the discoveryMode to "disabled"
                rather than waiting for the autoreleasepool to destroy our routing controller.

2014-10-19  Babak Shafiei  <bshafiei@apple.com>

        Merge r174073.

    2014-09-29  Eric Carlson  <eric.carlson@apple.com>

            [iOS] Optimize media controls AirPlay discovery
            https://bugs.webkit.org/show_bug.cgi?id=137180

            Reviewed by Darin Adler.
        
            AirPlay discovery mode uses increases power consumption, so don't enable it when there
            is no chance an AirPlay target picker will be useful.

            * Modules/mediacontrols/mediaControlsiOS.js:
            (ControllerIOS): Initialize isListeningForPlaybackTargetAvailabilityEvent.
            (ControllerIOS.prototype.addVideoListeners): Don't enable register wireless playback event
                listeners, it isn't possible to show the target picker until there is an inline controller.
            (ControllerIOS.prototype.removeVideoListeners): Call setShouldListenForPlaybackTargetAvailabilityEvent.
            (ControllerIOS.prototype.setControlsType): Add wireless event listers on when not showing 
                the one button controller.
            (ControllerIOS.prototype.updateStatusDisplay): Unregister wireless event listeners when the
                media element is in an error state.
            (ControllerIOS.prototype.setShouldListenForPlaybackTargetAvailabilityEvent): New, add or
                remove event listeners.

2014-10-03  Babak Shafiei  <bshafiei@apple.com>

        Merge r174277.

    2014-10-03  Jer Noble  <jer.noble@apple.com>

            [iOS] Back-to-back fullscreen videos result in incorrectly sized videos
            https://bugs.webkit.org/show_bug.cgi?id=137380

            Reviewed by Eric Carlson.

            During a normal workflow, a <video> element will create an AVPlayerLayer, then it will get a
            fullscreen (hosted) parent layer, then it will be told an explicit fullscreen size. But when
            a <video> element creates an AVPlayerLayer after the <video> element is already in
            fullscreen mode, it sets that AVPlayerLayer's frame using the size of the hosted parent
            layer, rather than the explicit fullscreen size. Instead, use the (already set) explicit
            fullscreen size after creating the AVPlayerLayer.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::ensureAVPlayerLayer):
            (WebCore::MediaPlayerPrivateAVFoundationObjC::platformLayer):

2014-10-03  Babak Shafiei  <bshafiei@apple.com>

        Merge r174244.

    2014-10-02  Pratik Solanki  <psolanki@apple.com>

            [iOS] Networking process stops loading web pages while running Alexa test with random URL list
            https://bugs.webkit.org/show_bug.cgi?id=137362
            <rdar://problem/18507382>

            Reviewed by Alexey Proskuryakov.

            ResourceHandleCFURLConnectionDelegateWithOperationQueue needs to signal threads waiting on
            its semaphore when the handle is being destroyed. Otherwise, we can leave dispatch threads
            hanging around waiting for a response. This can happen when the Web Content process dies.
            Any thread/queue waiting on a response from that web process will leak and stay around
            forever. If we reach the dispatch queue limit of 64, then all networking will cease to
            happen in the Networking process. Fix this by signalling waiting threads and clearing out
            our state in much the same way that -[WebCoreResourceHandleAsOperationQueueDelegate
            detachHandle] does for Mac.

            * platform/network/cf/ResourceHandleCFURLConnectionDelegate.h:
            * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::releaseHandle):
            * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.h:

2014-10-02  Babak Shafiei  <bshafiei@apple.com>

        Merge r174199.

    2014-10-01  Benjamin Poulain  <bpoulain@apple.com>

            Click events offset in webkit-overflow-scrolling iframes
            https://bugs.webkit.org/show_bug.cgi?id=134596

            Reviewed by Sam Weinig.

            * platform/ScrollView.cpp:
            (WebCore::ScrollView::visibleContentRectInternal):
            When converting coordinates from the main frame to a subframe's document, the position
            is first converted to the subframe's FrameView coordinate system, then offset by the scroll
            offset of the subframe itself.

            The bug in this case was that the scroll offset used was the global scroll offset of the frame
            in the view instead of the scroll offset of the document in its own frameview.

            The regression was introduced by the refactoring r162663. On iOS WebKit1, the coordinate system
            is different depending on VisibleContentRectIncludesScrollbars. In r162663, the value was set
            such that the rect returned is always in absolute coordinate.

            The ideal solution would be to refactor ScrollView::platformVisibleContentRect() to always return
            the offsets in scroll view coordinates and verify and update all the call sites to use explicit
            conversion to the top frame. In this patch I only reverted the coordinate change of r162663 to avoid
            large scale impact.

2014-09-18  Babak Shafiei  <bshafiei@apple.com>

        Merge patch for <rdar://problem/18382131>.

    2014-09-18  Benjamin Poulain  <bpoulain@apple.com>

            CSS JIT: The backtracking register can be ignored from the minimumRegisterRequirements
            https://bugs.webkit.org/show_bug.cgi?id=136906
            rdar://problem/18368294

            Reviewed by Darin Adler.

            This patch is for WebKit branches that do not include r173229.

            * cssjit/SelectorCompiler.cpp:
            (WebCore::SelectorCompiler::minimumRegisterRequirements):
            In the worst case, the nth-child() filter can take up to 6 registers:
            1) currentElement, the state register.
            2) parentElement for tree marking on style resolution.
            3) elementCounter to count elements pior to current.
            4) previousSibling when walking the previous siblings.
            5) elementRareData to access the index cache.
            6) cachedChildIndex, the value of the index cache.

            If the backtracking register is also used, the total of "in-flight" registers is 7,
            one more than "minimumRequiredRegisterCount". This needs to be taken into account
            in minimumRegisterRequirements() or we will run out of registers when hitting the worst case.

2014-09-15  Babak Shafiei  <bshafiei@apple.com>

        <rdar://problem/18327341> Disable Web Timing on this branch.

        Reviewed originally by Sam Weinig.

        Disable:
        - WEB_TIMING

        * Configurations/FeatureDefines.xcconfig:

2014-09-11  Babak Shafiei  <bshafiei@apple.com>

        Merge r173016.

    2014-08-27  Timothy Hatcher  <timothy@apple.com>

            Web Inspector: Crash when you open Web Inspector in a private window (due to IndexedDB)
            https://bugs.webkit.org/show_bug.cgi?id=136293

            Reviewed by Joseph Pecoraro.

            * inspector/InspectorIndexedDBAgent.cpp:
            (WebCore::InspectorIndexedDBAgent::requestDatabaseNames): Null check idbRequest from
            IDBFactory::getDatabaseNames, which can return null now after r172603 in private browsing.

2014-09-10  Babak Shafiei  <bshafiei@apple.com>

        Merge r173345.

    2014-09-05  Tim Horton  <timothy_horton@apple.com>

            [iOS] Work around bug 136593 by disabling the PDFDocumentImage live resize optimization there
            https://bugs.webkit.org/show_bug.cgi?id=136594
            rdar://problem/17457013

            Reviewed by Simon Fraser.

            * platform/graphics/cg/PDFDocumentImage.cpp:
            (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
            Disable the optimization on iOS, because bug 136593 rears its head
            most often on iOS because it is more common to have contexts that always
            use low-quality image interpolation on that platform.

2014-09-08  Babak Shafiei  <bshafiei@apple.com>

        Merge r173344.

    2014-09-05  Tim Horton  <timothy_horton@apple.com>

            Doing a navigation on a non-opaque WKWebView can result in an empty layer tree
            https://bugs.webkit.org/show_bug.cgi?id=136590
            <rdar://problem/18234000>

            Reviewed by Simon Fraser.

            * page/FrameView.cpp:
            (WebCore::FrameView::setTransparent):
            Avoid scheduling a compositing layer update if the RenderView isn't the
            one associated with this FrameView. This can happen during a navigation,
            before the new Document (and RenderView) is swapped in. This is particularly
            bad in the case of setTransparent because it is called from Frame::createView,
            which is right in the middle of that transition window. If we let the compositing
            layer update go ahead, it can end up detaching the new Document's layer tree,
            and we have no mechanism that would cause it to reattach.

2014-08-18  Babak Shafiei  <bshafiei@apple.com>

        Merge r172213.

    2014-08-06  Brent Fulgham  <bfulgham@apple.com>

            [Mac, iOS] Captions are appearing multiple times during repeated video play through
            https://bugs.webkit.org/show_bug.cgi?id=135680
            <rdar://problem/17926802>

            Reviewed by Eric Carlson.

            Test: media/track/track-in-band-cues-added-once.html

            Revert TextTrackCueGeneric::isOrderedBefore logic to its original form, and add
            a new 'isOrderedBeforeDuringDisplay' for the special case of displaying captions.

            * html/shadow/MediaControlElements.cpp:
            (WebCore::compareCueIntervalForDisplay): Added helper function.
            (WebCore::MediaControlTextTrackContainerElement::updateDisplay): Use the new
            'isOrderedBeforeDuringDisplay' to order the cues for display.
            * html/track/TextTrackCue.h:
            (WebCore::TextTrackCue::isOrderedBeforeDuringDisplay): Added. This just
            calls the existing 'isOrderedBefore' method.
            * html/track/TextTrackCueGeneric.cpp:
            (WebCore::TextTrackCueGeneric::isOrderedBefore): Revert to logic used
            prior to r171700.
            (WebCore::TextTrackCueGeneric::isOrderedBeforeDuringDisplay): New method that
            implements the behavior in r171700.
            * html/track/TextTrackCueGeneric.h:

2014-08-18  Babak Shafiei  <bshafiei@apple.com>

        Merge r172317.

    2014-08-07  Simon Fraser  <simon.fraser@apple.com>

            HTML <sub> and <sup> elements do not work in some 64-bit builds
            https://bugs.webkit.org/show_bug.cgi?id=135736

            Reviewed by Tim Horton.
        
            RootInlineBox::verticalPositionForBox() had some implicit conversions between
            LayoutUnit and int that caused overflow, and resulted in different comparison
            behavior with an int constant in different architectures, since overflow behavior
            is undefined.
        
            Specifically, VerticalPositionCache was written in terms of ints with a special
            0x80000000 "not found" value. However, 0x80000000 was being assigned to
            a LayoutUnit, which multiplies by 64 causing overflow. The result was then
            compared again with 0x80000000 which could pass or fail depending on overflow
            behavior.
        
            Fix by converting VerticalPositionCache to use LayoutUnits, and to have a bool
            return value with a result out param, instead of a special return value.

            Not easily testable, since the difference does not show in DRT output,
            and a ref test would be flakey.

            * rendering/RootInlineBox.cpp:
            (WebCore::RootInlineBox::ascentAndDescentForBox):
            * rendering/VerticalPositionCache.h:
            (WebCore::VerticalPositionCache::get):
            (WebCore::VerticalPositionCache::set):

2014-08-15  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172603. <rdar://problem/18008488>

    2014-08-14  Martin Hock  <mhock@apple.com>

            IndexedDB should respect SchemeRegistry's database access setting.
            https://bugs.webkit.org/show_bug.cgi?id=135890
            <rdar://problem/17989469>

            Reviewed by Alexey Proskuryakov.

            Test: storage/indexeddb/open-db-private-browsing.html

            * Modules/indexeddb/IDBFactory.cpp:

2014-08-15  Lucas Forschler  <lforschler@apple.com>

        Merge r172502

    2014-08-12  Pratik Solanki  <psolanki@apple.com>

            Cached file backed resources don't make it to the Web Process when NETWORK_CFDATA_ARRAY_CALLBACK is enabled
            https://bugs.webkit.org/show_bug.cgi?id=135727
            <rdar://problem/17947880>

            Reviewed by Darin Adler.

            Add SharedBuffer::existingCFData() which returns CFDataRef if it has one. Refactor
            this code out of createCFData().

            * WebCore.exp.in:
            * platform/SharedBuffer.h:
            * platform/mac/SharedBufferMac.mm:
            (WebCore::SharedBuffer::existingCFData): Added.
            (WebCore::SharedBuffer::createCFData):

2014-08-15  Lucas Forschler  <lforschler@apple.com>

        Merge r171675

    2014-07-28  Yusuke Suzuki  <utatane.tea@gmail.com>

            CSS: Fix :visited behavior for SubSelectors
            https://bugs.webkit.org/show_bug.cgi?id=135324

            Reviewed by Benjamin Poulain.

            Disable :visited match for the selectors that has SubSelectors.

            Tests: fast/history/nested-visited-test-complex.html
                   fast/history/sibling-visited-test-complex.html

            * css/SelectorChecker.cpp:
            (WebCore::SelectorChecker::matchRecursively):

2014-08-11  Babak Shafiei  <bshafiei@apple.com>

        Merge r172422. <rdar://problem/17912361>

    2014-08-11  Jer Noble  <jer.noble@apple.com>

            [iOS] <video> element requests are missing session cookies; sometimes persistant cookies.
            https://bugs.webkit.org/show_bug.cgi?id=135816

            Reviewed by Alexey Proskuryakov.

            On iOS, the AVFoundation framework will copy appropriate cookies for the requested URL across to the
            mediaserverd process. For WebKit2, the WebProcess does not have access to session cookies for the 
            current browsing session. When creating an AVURLAsset, fetch the appropriate cookies for the requested
            URL, and pass them into AVURLAsset in the options dictionary.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::mediaPlayerGetRawCookies): Call CookieJar's equivalent method.
            * html/HTMLMediaElement.h:
            * platform/graphics/MediaPlayer.cpp:
            (WebCore::MediaPlayer::getRawCookies): Pass to HTMLMediaElement.
            * platform/graphics/MediaPlayer.h:
            (WebCore::MediaPlayerClient::mediaPlayerGetRawCookies):
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::toNSHTTPCookie): Convert a WebCore Cookie -> NSHTTPCookie.
            (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Fetch cookies for the requested
                URL, and if successful, add them to the AVURLAsset options dictionary.

2014-08-07  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172275. <rdar://problem/17886686>

    2014-08-07  Daniel Bates  <dabates@apple.com>
    
            Sometimes Gmail cannot load messages, particularly on refresh ("...the application ran into an unexpected error...")
            https://bugs.webkit.org/show_bug.cgi?id=135688
            <rdar://problem/17886686>
    
            Reviewed by Alexey Proskuryakov.
    
            Fixes an issue where gmail.com may fail to load the list of messages. In particular, a SQLTransactionCallback
            function may not be executed and hence Gmail will not display the list of messages and
            will subsequently display an error message.
    
            When a WebKit client defers loading of a page (e.g. -[WebView setDefersCallbacks:YES]), WebCore
            may still load the main resource, say if substitute data is available for it, and defer executing
            tasks, such as a SQLTransactionCallback function, by appending such tasks to the end of the list
            of pending tasks for the associated Document. This list of pending tasks is never processed when
            a client subsequently allows loading (e.g. -[WebView setDefersCallbacks:NO])). Therefore, we never
            execute a SQLTransactionCallback function that was deferred.
    
            Ideally WebCore would defer loading of substitute data when a WebKit client requests that loading
            be deferred and hence a SQLTransactionCallback function would be deferred as a consequence of the
            lack of JavaScript script execution (since substitute data wasn't loaded and hence any JavaScript
            script contained in the substitute data that initiates a SQL transaction isn't executed). For now,
            it's sufficient to only defer executing tasks when either there are existing pending tasks or the
            page defers loading and active DOM objects in the document are suspended (e.g. Document::suspendActiveDOMObjects() was called).
    
            * dom/Document.cpp:
            (WebCore::Document::postTask):
    
2014-08-07  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172244. <rdar://problem/17939895>

    2014-08-06  Jeremy Jones  <jeremyj@apple.com>
    
            Disable implicit animations on video layer.
            https://bugs.webkit.org/show_bug.cgi?id=135679
    
            Reviewed by Eric Carlson.
    
            Disable implicit animations on AVPlayerLayer except when setting fullscreen frame.
            This prevents unwanted animations.
    
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer): disable implicit animations
            (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenFrame): allow implicit animations while changing fullscreen frame.
    
2014-08-07  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172197. <rdar://problem/17855327>

    2014-08-06  Myles C. Maxfield  <mmaxfield@apple.com>
    
            [iOS] Make document marker assets not specific to particular scale factors
            https://bugs.webkit.org/show_bug.cgi?id=135671
    
            Reviewed by Simon Fraser.
    
            No new tests.
    
            * WebCore.xcodeproj/project.pbxproj:
            * platform/ios/wak/WKGraphics.mm:
            (imageResourcePath):
            (WKGraphicsCreateImageFromBundleWithName):
    
2014-08-07  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172191. <rdar://problem/17895138>

    2014-08-06  Andy Estes  <aestes@apple.com>
    
            [iOS] Subresources referenced in converted QuickLook documents sometimes fail to load
            https://bugs.webkit.org/show_bug.cgi?id=135676
    
            Reviewed by David Kilzer.
    
            * loader/DocumentLoader.h:
            (WebCore::DocumentLoader::setQuickLookHandle):
            (WebCore::DocumentLoader::quickLookHandle):
    
2014-08-07  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172183. <rdar://problem/17908085>

    2014-08-06  Simon Fraser  <simon.fraser@apple.com>
    
            REGRESSION (r168119): Album flipping animation doesn’t work
            https://bugs.webkit.org/show_bug.cgi?id=132801
            <rdar://problem/16878497>, <rdar://problem/17908085>
    
            Reviewed by Dean Jackson.
            
            In r168119 I avoided creating backing store for backface-visibility:hidden unless
            some ancestor was 3d-transformed. However, when starting transitions or animations
            that apply transforms, we don't do a layout, and therefore don't update the RenderLayer
            flags that mark an ancestor as having a transform. This broke various content which
            used backface-visibility:hidden for "flip" animations.
            
            Make a low-risk fix that looks for the pattern of CSS properties used for flipping,
            making a compositing layer for backface-visibility:hidden if the stacking context element
            has transform-style: preserve-3d.
    
            Test: compositing/backing/backface-visibility-flip.html
    
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::requiresCompositingForBackfaceVisibility):
    
2014-08-07  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172006. <rdar://problem/17947503>

    2014-08-04  Joseph Pecoraro  <pecoraro@apple.com>
    
            Always clear ConsoleClient when Page/WindowShell is destroyed
            https://bugs.webkit.org/show_bug.cgi?id=135569
    
            Reviewed by Mark Lam.
    
            * bindings/js/ScriptController.cpp:
            (WebCore::ScriptController::~ScriptController):
            Whenever a window shell goes away, clear the console client.
            We did this in clearWindowShell but not before destroying.
    
2014-08-06  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172172. <rdar://problem/17862892>

    2014-08-06  Alexey Proskuryakov  <ap@apple.com>
    
            REGRESSION (WebKit2): iOS Safari default encoding doesn't follow system language
            https://bugs.webkit.org/show_bug.cgi?id=135667
            <rdar://problem/17862892>
    
            Reviewed by Anders Carlsson.
    
            Moved a function that computes default encoding from WebKit to WebCore, so that
            it could be shared with WebKit2.
    
            * WebCore.exp.in:
            * platform/ios/WebCoreSystemInterfaceIOS.mm:
            * platform/mac/WebCoreSystemInterface.h:
            * platform/mac/WebCoreSystemInterface.mm:
            * platform/text/TextEncodingRegistry.cpp:
            (WebCore::defaultTextEncodingNameForSystemLanguage):
            * platform/text/TextEncodingRegistry.h:
    
2014-08-06  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172159. <rdar://problem/17869353>

    2014-08-06  Andy Estes  <aestes@apple.com>
    
            [iOS] QuickLook returns an invalid MIME type for some documents
            https://bugs.webkit.org/show_bug.cgi?id=135651
    
            Reviewed by David Kilzer.
    
            r172151 ensured that we ignore QuickLook delegate messages after an error, but neglected to do so for
            connectionDidFinishLoading:. Do not call ResourceLoader::didFinishLoading() if an error has occurred.
    
            * platform/network/ios/QuickLook.mm:
            (-[WebResourceLoaderQuickLookDelegate connectionDidFinishLoading:]):
    
2014-08-06  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172151. <rdar://problem/17869353>

    2014-08-06  Andy Estes  <aestes@apple.com>
    
            [iOS] QuickLook returns an invalid MIME type for some documents
            https://bugs.webkit.org/show_bug.cgi?id=135651
    
            Reviewed by David Kilzer.
    
            In some cases QuickLook indicates a failure by returning a nil MIME type in -[QLPreviewConverter previewResponse]
            rather than calling connection:didFailWithError:. Calling ResourceLoader::didReceiveResponse() with a response
            containing a nil MIME type leads to a crash.
    
            Stop loading the resource and display an error page if QuickLook cannot provide a MIME type for the converted response.
    
            No new tests. QuickLook is not testable from WebKit.
    
            * platform/network/ios/QuickLook.mm:
            (-[WebResourceLoaderQuickLookDelegate _sendDidReceiveResponseIfNecessary]): Called ResourceLoader::didFail() if
            MIME type was nil. Called ResourceLoader::didReceiveResponse() otherwise.
            (-[WebResourceLoaderQuickLookDelegate connection:didReceiveDataArray:]): Called -_sendDidReceiveResponseIfNecessary.
            (-[WebResourceLoaderQuickLookDelegate connection:didReceiveData:lengthReceived:]): Ditto.
            (-[WebResourceLoaderQuickLookDelegate connection:didFailWithError:]): Ditto.
    
2014-08-06  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172035. <rdar://problem/17869353>

    2014-08-04  Andy Estes  <aestes@apple.com>
    
            [iOS] The raw bytes of an iWork document's PDF preview are displayed rather than the PDF itself
            https://bugs.webkit.org/show_bug.cgi?id=135596
    
            Reviewed by David Kilzer.
    
            Some iWork documents contain pre-rendered PDF previews. When WebKit asks QuickLook to convert such a document,
            QuickLook will return this PDF as the converted response. However, until WebKit has sent the document's data to
            QuickLook, -[QLPreviewConverter previewResponse] will misleadingly tell WebKit that the converted resource will
            be of type 'text/html'. This leads WebKit to render the PDF preview as HTML.
    
            Instead of querying QLPreviewConverter for the previewResponse before we've sent it any data, postpone calling
            ResourceLoader::didReceiveResponse until we've begun to receive data via the QLPreviewConverter delegate. At
            that point -[QLPreviewConverter previewResponse] will have the correct MIME type and we can call didReceiveResponse.
    
            No new tests. QuickLook is not testable from WebKit.
    
            * platform/network/ios/QuickLook.mm:
            (-[WebResourceLoaderQuickLookDelegate connection:didReceiveDataArray:]): If didReceiveResponse has yet to be
            called, call it now with QuickLookHandle::nsResponse().
            (-[WebResourceLoaderQuickLookDelegate connection:didReceiveData:lengthReceived:]): Ditto.
            (-[WebResourceLoaderQuickLookDelegate connection:didFailWithError:]): Ditto.
            (-[WebResourceLoaderQuickLookDelegate connectionDidFinishLoading:]): Assert that didReceiveResponse has been called.
            (-[WebResourceLoaderQuickLookDelegate clearHandle]): Cleared the raw pointer to QuickLookHandle.
            (WebCore::QuickLookHandle::create): Pointed WebResourceLoaderQuickLookDelegate's quickLookHandle property to
            the newly created QuickLookHandle.
    
2014-08-06  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172112. <rdar://problem/17802174>

    2014-08-05  Simon Fraser  <simon.fraser@apple.com>
    
            [iOS WK2] Crash going back on a specific tumblr blog (under ScrollingStateTree::removeNodeAndAllDescendants)
            https://bugs.webkit.org/show_bug.cgi?id=135629
            <rdar://problem/17802174>
    
            Reviewed by Tim Horton.
            
            In r170198 I added an "orphan scrolling nodes" code path that sets aside subtrees
            of scrolling nodes into an m_orphanedSubframeNodes map, which keeps them alive until
            they get reparented or destroyed. The nodes in that subtree remain in m_stateNodeMap,
            which holds raw pointers to them.
            
            However, ScrollingStateTree::commit() can clear m_orphanedSubframeNodes, which is
            sometimes non-empty at this point. When that happened, we would destroy nodes which
            were still referenced by m_stateNodeMap, with the result that a later query for the
            same nodeID would hand back a pointer to a deleted object.
            
            Fix by calling recursiveNodeWillBeRemoved() on nodes in the m_orphanedSubframeNodes
            before clearing it, which removes them and all their descendants from the state node map.
    
            Test: platform/mac-wk2/tiled-drawing/scrolling/frames/orphaned-subtree.html
    
            * page/scrolling/ScrollingStateTree.cpp:
            (WebCore::ScrollingStateTree::clear):
            (WebCore::ScrollingStateTree::commit):
    
2014-08-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172083. <rdar://problem/17849206>

    2014-08-05  Dean Jackson  <dino@apple.com>
    
            [iOS] Media controls layout incorrectly in RTL content
            https://bugs.webkit.org/show_bug.cgi?id=135621
            <rdar://problem/17849206>
    
            Reviewed by Eric Carlson.
    
            Media controls should always layout in LTR mode, even when the
            page content is RTL. There already was a rule to do this on
            non-iOS systems, but it wasn't getting included for iOS.
            In this case I put the rule on the composited parent of the
            controls in order to maintain the padding of the control panel.
            This should still leave the captions unaffected.
    
            * Modules/mediacontrols/mediaControlsiOS.css:
            (video::-webkit-media-controls-panel-composited-parent): Add direction: ltr.
    
2014-08-05  Matthew Hanson  <matthew_hanson@apple.com>

        Roll out r172035. <rdar://problem/17869353>

    2014-08-05  Matthew Hanson  <matthew_hanson@apple.com>

            Merge r172035. <rdar://problem/17869353>

        2014-08-04  Andy Estes  <aestes@apple.com>

                [iOS] The raw bytes of an iWork document's PDF preview are displayed rather than the PDF itself
                https://bugs.webkit.org/show_bug.cgi?id=135596

                Reviewed by David Kilzer.

                Some iWork documents contain pre-rendered PDF previews. When WebKit asks QuickLook to convert such a document,
                QuickLook will return this PDF as the converted response. However, until WebKit has sent the document's data to
                QuickLook, -[QLPreviewConverter previewResponse] will misleadingly tell WebKit that the converted resource will
                be of type 'text/html'. This leads WebKit to render the PDF preview as HTML.

                Instead of querying QLPreviewConverter for the previewResponse before we've sent it any data, postpone calling
                ResourceLoader::didReceiveResponse until we've begun to receive data via the QLPreviewConverter delegate. At
                that point -[QLPreviewConverter previewResponse] will have the correct MIME type and we can call didReceiveResponse.

                No new tests. QuickLook is not testable from WebKit.

                * platform/network/ios/QuickLook.mm:
                (-[WebResourceLoaderQuickLookDelegate connection:didReceiveDataArray:]): If didReceiveResponse has yet to be
                called, call it now with QuickLookHandle::nsResponse().
                (-[WebResourceLoaderQuickLookDelegate connection:didReceiveData:lengthReceived:]): Ditto.
                (-[WebResourceLoaderQuickLookDelegate connection:didFailWithError:]): Ditto.
                (-[WebResourceLoaderQuickLookDelegate connectionDidFinishLoading:]): Assert that didReceiveResponse has been called.
                (-[WebResourceLoaderQuickLookDelegate clearHandle]): Cleared the raw pointer to QuickLookHandle.
                (WebCore::QuickLookHandle::create): Pointed WebResourceLoaderQuickLookDelegate's quickLookHandle property to
                the newly created QuickLookHandle.

2014-08-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172053. <rdar://problem/17876385>

    2014-08-05  Antti Koivisto  <antti@apple.com>
    
            REGRESSION: Extremely flashy scrolling while a page is still loading (because of flush throttling)
            https://bugs.webkit.org/show_bug.cgi?id=135603
            <rdar://problem/17876385>
            
            This hit ASSERT(frame().isMainFrame()) in FrameView::updateLayerFlushThrottling
            running scrollbars/scrollbar-iframe-click-does-not-blur-content.html and a few other tests.
    
            * page/FrameView.cpp:
            (WebCore::FrameView::setWasScrolledByUser): Only invoke updateLayerFlushThrottling for the main frame.
    
2014-08-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172039. <rdar://problem/17876385>

    2014-08-05  Antti Koivisto  <antti@apple.com>
    
            REGRESSION: Extremely flashy scrolling while a page is still loading (because of flush throttling)
            https://bugs.webkit.org/show_bug.cgi?id=135603
            <rdar://problem/17876385>
    
            Reviewed by Andreas Kling.
    
            * page/FrameView.cpp:
            (WebCore::determineLayerFlushThrottleState):
            
                Disable throttling after user has scrolled the page.
                This is consistent with the speculative tiling. It also gets enabled on first scroll.
    
            (WebCore::FrameView::setWasScrolledByUser):
    
2014-08-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r172035. <rdar://problem/17869353>

    2014-08-04  Andy Estes  <aestes@apple.com>

            [iOS] The raw bytes of an iWork document's PDF preview are displayed rather than the PDF itself
            https://bugs.webkit.org/show_bug.cgi?id=135596

            Reviewed by David Kilzer.

            Some iWork documents contain pre-rendered PDF previews. When WebKit asks QuickLook to convert such a document,
            QuickLook will return this PDF as the converted response. However, until WebKit has sent the document's data to
            QuickLook, -[QLPreviewConverter previewResponse] will misleadingly tell WebKit that the converted resource will
            be of type 'text/html'. This leads WebKit to render the PDF preview as HTML.

            Instead of querying QLPreviewConverter for the previewResponse before we've sent it any data, postpone calling
            ResourceLoader::didReceiveResponse until we've begun to receive data via the QLPreviewConverter delegate. At
            that point -[QLPreviewConverter previewResponse] will have the correct MIME type and we can call didReceiveResponse.

            No new tests. QuickLook is not testable from WebKit.

            * platform/network/ios/QuickLook.mm:
            (-[WebResourceLoaderQuickLookDelegate connection:didReceiveDataArray:]): If didReceiveResponse has yet to be
            called, call it now with QuickLookHandle::nsResponse().
            (-[WebResourceLoaderQuickLookDelegate connection:didReceiveData:lengthReceived:]): Ditto.
            (-[WebResourceLoaderQuickLookDelegate connection:didFailWithError:]): Ditto.
            (-[WebResourceLoaderQuickLookDelegate connectionDidFinishLoading:]): Assert that didReceiveResponse has been called.
            (-[WebResourceLoaderQuickLookDelegate clearHandle]): Cleared the raw pointer to QuickLookHandle.
            (WebCore::QuickLookHandle::create): Pointed WebResourceLoaderQuickLookDelegate's quickLookHandle property to
            the newly created QuickLookHandle.

2014-08-04  Lucas Forschler  <lforschler@apple.com>

        Merge r171882

    2014-07-31  Andrei Bucur  <abucur@adobe.com>

            REGRESSION: Search highlight is broken in RTL multicolumn content
            https://bugs.webkit.org/show_bug.cgi?id=135452

            Reviewed by Simon Fraser.

            The offsets for elements inside RTL multi-column elements are incorrectly computed because
            the columns don't calculate their left position according to the writing direction.

            The patch extracts the column position computation in two helper functions (for top and left)
            so they can be used when needed in different parts of the code. In our case, the |columnLogicalLeft|
            function should be used inside |columnTranslationForOffset|.

            Test: fast/multicol/content-bounding-box-rtl.html

            * rendering/RenderMultiColumnSet.cpp:
            (WebCore::RenderMultiColumnSet::columnLogicalLeft): Return the logical left of a column relative to the set.
            (WebCore::RenderMultiColumnSet::columnLogicalTop): Return the logical top of a column relative to the set.
            (WebCore::RenderMultiColumnSet::columnRectAt): Split the code between columnLogicalLeft and columnLogicalTop.
            (WebCore::RenderMultiColumnSet::collectLayerFragments): Make code clearer by adding a new line.
            (WebCore::RenderMultiColumnSet::columnTranslationForOffset): Use columnLogicalLeft instead of duplicating logic.
            * rendering/RenderMultiColumnSet.h:

2014-08-03  Babak Shafiei  <bshafiei@apple.com>

        Merge r171973.

    2014-08-02  Jeremy Jones  <jeremyj@apple.com>

            Support both window and view based video fullscreen.
            https://bugs.webkit.org/show_bug.cgi?id=135525

            Reviewed by Simon Fraser.

            Presenting in a separate window gives greater flexibility for rotation separately from the app.
            Presenting in the same window works better if the interface is rehosted in another process.

            * platform/ios/WebVideoFullscreenControllerAVKit.mm:
            (-[WebVideoFullscreenController enterFullscreen:]): Use clientRect instead of screenRect.
            * platform/ios/WebVideoFullscreenInterfaceAVKit.h: Add m_window and m_parentView.
            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: 
            (-[WebAVVideoLayer setBounds:]): Parent view might not be fullscreen; use window instead.
            (WebVideoFullscreenInterfaceAVKit::setupFullscreen): Conditionally create UIWindow and UIViewController for fullscreen.
            (WebVideoFullscreenInterfaceAVKit::enterFullscreen): Video, not the container should have black background.
            (WebVideoFullscreenInterfaceAVKit::exitFullscreen): Conditionally translate finalRect.
            (WebVideoFullscreenInterfaceAVKit::cleanupFullscreen): Clean up UIWindow and force status bar to correct orientation.
            (WebVideoFullscreenInterfaceAVKit::invalidate): Clean up UIWindow.
            (WebVideoFullscreenInterfaceAVKit::requestHideAndExitFullscreen): Hide window and exit without animation.
            * platform/ios/WebVideoFullscreenModelMediaElement.mm:
            (WebVideoFullscreenModelMediaElement::setVideoFullscreenLayer): Apply frame, because it may have been set before the layer.

2014-08-03  Babak Shafiei  <bshafiei@apple.com>

        Merge r171944.

    2014-07-31  Dean Jackson  <dino@apple.com>

            [Media iOS] Ensure there is a nice default fallback for missing wireless target names
            https://bugs.webkit.org/show_bug.cgi?id=135488
            <rdar://problem/17879156>

            Reviewed by Eric Carlson.

            We occasionally run into cases where this.host.externalDeviceDisplayName
            is empty or null, creating a pretty ugly/confusing string in the
            wireless playback status screen.

            If this happens, we should default to using "Apple TV".

            * Modules/mediacontrols/mediaControlsiOS.js:
            (ControllerIOS.prototype.updateWirelessPlaybackStatus): Check if the externalDeviceDisplayName
            is empty or null, and fall back to "Apple TV" if so.

2014-07-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171259. <rdar://problem/17718984>

    2014-07-20  Eric Carlson  <eric.carlson@apple.com>

            [iOS] ignore requests to set volume
            https://bugs.webkit.org/show_bug.cgi?id=135081

            Applied post-review comments from Darin Adler.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::setVolume): Don't include unreachable
                code on iOS.

2014-07-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171259. <rdar://problem/17718984>

    2014-07-18  Eric Carlson  <eric.carlson@apple.com>

            [iOS] ignore requests to set volume
            https://bugs.webkit.org/show_bug.cgi?id=135081

            Reviewed by Jer Noble.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::setVolume): Do nothing on iOS.

2014-07-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171895. <rdar://problem/17835345>

    2014-07-31  Jer Noble  <jer.noble@apple.com>

            [iOS] Video in an <embed> has a bad aspect ratio when in fullscreen mode.
            https://bugs.webkit.org/show_bug.cgi?id=135481

            Reviewed by Simon Fraser.

            Do not change the gravity of our AVPlayerLayer when in full screen mode; its gravity
            is controlled by setVideoFullscreenGravity(), and should not be affected by style changes.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity):

2014-07-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171866. <rdar://problem/17872676>

    2014-07-31  Joseph Pecoraro  <pecoraro@apple.com>
    
            Web Inspector: console.profile missing profile information
            https://bugs.webkit.org/show_bug.cgi?id=135432
    
            Reviewed by Timothy Hatcher.
    
            By switching console.profile to start/stop the timeline we would
            not have a chance to recompile JS functions with profiling information.
            This used to work because whenever the inspector was open we would
            have profiling information enabled. Go back to that behavior.
    
            * inspector/InspectorController.cpp:
            (WebCore::InspectorController::profilerEnabled):
            Instead of checking if the timeline agent has started, check if the
            timeline agent has been created. Going back to the normal behavior
            of always having profiling information when the inspector is open.
    
            * inspector/InspectorTimelineAgent.h:
            * inspector/InspectorTimelineAgent.cpp:
            (WebCore::InspectorTimelineAgent::didCreateFrontendAndBackend):
            Recompile initializing the timeline agent to include profiling information.
    
            (WebCore::InspectorTimelineAgent::willDestroyFrontendAndBackend):
            Recompile destrying the timeline agent, only if needed.
    
            (WebCore::InspectorTimelineAgent::willCallFunction):
            (WebCore::InspectorTimelineAgent::didCallFunction):
            (WebCore::InspectorTimelineAgent::willEvaluateScript):
            (WebCore::InspectorTimelineAgent::didEvaluateScript):
            Using a boolean to track nested calls would not give expected
            behavior when un-nesting. Switch to a counter to ensure that
            as we start profiling in the outermost level we then stop
            profiling at that same level and not inside an inner nesting.
    
2014-07-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171851. <rdar://problem/17719026>

    2014-07-31  Jer Noble  <jer.noble@apple.com>
    
            REGRESSION(??): [iOS] Disabling MediaPlaybackRequiresUserGesture does not remove user gesture requirement for entering full screen.
            https://bugs.webkit.org/show_bug.cgi?id=135443
    
            Reviewed by Dean Jackson.
    
            Allow full screen mode to be entered without a user gesture if the gesture requirement for media playback
            has been unset.
    
            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::HTMLMediaElement):
    
2014-07-30  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171766. <rdar://problem/17824645>

    2014-07-29  Pratik Solanki  <psolanki@apple.com>
    
            [iOS] REGRESSION(r171526): PDF documents fail to load in WebKit1 with disk image caching enabled
            https://bugs.webkit.org/show_bug.cgi?id=135359
            <rdar://problem/17824645>
    
            Reviewed by Darin Adler.
    
            r171526 broke the case where we have a memory mapped file from the DiskImageCache in the
            SharedBuffer. In such a case, m_buffer is empty and createCFData() returned an
            WebCoreSharedBufferData with an empty buffer.
    
            Fix this by taking the easy route of bringing back the old code for the disk image cache
            file backed case. In the long run we probably want to remove the iOS specific disk image
            cache anyway.
    
            Review also uncovered another bug in r171526 where we were balancing an Objective-C alloc
            with a CFRelease which is incorrect when running under GC. Fix that by using adoptNS along
            with adoptCF which is what the code did before.
    
            No new tests because the bug only occurs on device and we can't run tests on device yet.
    
            * platform/mac/SharedBufferMac.mm:
            (-[WebCoreSharedBufferData initWithDiskImageSharedBuffer:]):
            (-[WebCoreSharedBufferData length]):
            (-[WebCoreSharedBufferData bytes]):
            (WebCore::SharedBuffer::createCFData):
    
2014-07-30  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171702. <rdar://problem/16828238>

    2014-07-28  Antti Koivisto  <antti@apple.com>
    
            <embed> videos flashes constantly while playing inline on iPad, making it unwatchable
            https://bugs.webkit.org/show_bug.cgi?id=135356
            <rdar://problem/16828238>
    
            Reviewed by Simon Fraser.
            
            The shadow tree for media controls is scheduling style recalc. The general silliness of
            HTMLPlugInImageElement::willRecalcStyle/willDetachRenderers is turning those into render
            tree reconstructions causing flicker.
    
            * html/HTMLPlugInImageElement.cpp:
            (WebCore::HTMLPlugInImageElement::willRecalcStyle):
            
                Don't do the forced renderer reconstruction if there is no style change for the element
                or its ancestors. This way recalcs scheduled by the shadow tree don't trigger the widget
                update code path.
    
2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r171675. <rdar://problem/17826572>

    2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

            Merge r171675. <rdar://problem/17826572>

        2014-07-28  Yusuke Suzuki  <utatane.tea@gmail.com>
        
                CSS: Fix :visited behavior for SubSelectors
                https://bugs.webkit.org/show_bug.cgi?id=135324
        
                Reviewed by Benjamin Poulain.
        
                Disable :visited match for the selectors that has SubSelectors.
        
                Tests: fast/history/nested-visited-test-complex.html
                       fast/history/sibling-visited-test-complex.html
        
                * css/SelectorChecker.cpp:
                (WebCore::SelectorChecker::matchRecursively):

2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r171702. <rdar://problem/16828238>

    2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

            Merge r171702. <rdar://problem/16828238>

        2014-07-28  Antti Koivisto  <antti@apple.com>
        
                <embed> videos flashes constantly while playing inline on iPad, making it unwatchable
                https://bugs.webkit.org/show_bug.cgi?id=135356
                <rdar://problem/16828238>
        
                Reviewed by Simon Fraser.
                
                The shadow tree for media controls is scheduling style recalc. The general silliness of
                HTMLPlugInImageElement::willRecalcStyle/willDetachRenderers is turning those into render
                tree reconstructions causing flicker.
        
                * html/HTMLPlugInImageElement.cpp:
                (WebCore::HTMLPlugInImageElement::willRecalcStyle):
                
                    Don't do the forced renderer reconstruction if there is no style change for the element
                    or its ancestors. This way recalcs scheduled by the shadow tree don't trigger the widget
                    update code path.

2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r171703. <rdar://problem/17833422>

    2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

            Merge r171703. <rdar://problem/17833422>

        2014-07-28  Mark Hahnenberg  <mhahnenberg@apple.com>
        
                ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock()
                https://bugs.webkit.org/show_bug.cgi?id=135352
        
                Reviewed by Oliver Hunt.
        
                * Modules/plugins/QuickTimePluginReplacement.mm:
                (WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected): This should be taking a 
                JSLock like its sibling methods do (e.g. installReplacement).

2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r171708. <rdar://problem/17844894>

    2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

            Merge r171708. <rdar://problem/17844894>

        2014-07-28  Brady Eidson  <beidson@apple.com>
        
                REGRESSION(168376): Standalone images pasted to Outlook 2011 don't display
                <rdar://problem/17768371> and https://bugs.webkit.org/show_bug.cgi?id=135363
        
                Reviewed by Tim Horton.
        
                Outlook isn’t prepared to handle the resource load callbacks when sent synchronously.
        
                r168376 was an optimization that we no longer need, so the simplest fix is to roll it out.
        
                * editing/mac/EditorMac.mm:
                (WebCore::Editor::WebContentReader::readImage):
        
                * loader/archive/ArchiveResource.cpp:
                (WebCore::ArchiveResource::ArchiveResource):
                * loader/archive/ArchiveResource.h:
                (WebCore::ArchiveResource::setShouldLoadImmediately): Deleted.
                (WebCore::ArchiveResource::shouldLoadImmediately): Deleted.
        
                * loader/cache/CachedResourceLoader.cpp:
                (WebCore::CachedResourceLoader::requestResource):

2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171711. <rdar://problem/17756281>

    2014-07-28  Dean Jackson  <dino@apple.com>
    
            [Media iOS] Touching play button feels unresponsive
            https://bugs.webkit.org/show_bug.cgi?id=135370
            <rdar://problem/17756281>
    
            Reviewed by Simon Fraser.
    
            Add an :active rule that shows a slightly darker button when touched.
    
            * Modules/mediacontrols/mediaControlsiOS.css:
            (audio::-webkit-media-controls-start-playback-button:active):

2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171708. <rdar://problem/17844894>

    2014-07-28  Brady Eidson  <beidson@apple.com>
    
            REGRESSION(168376): Standalone images pasted to Outlook 2011 don't display
            <rdar://problem/17768371> and https://bugs.webkit.org/show_bug.cgi?id=135363
    
            Reviewed by Tim Horton.
    
            Outlook isn’t prepared to handle the resource load callbacks when sent synchronously.
    
            r168376 was an optimization that we no longer need, so the simplest fix is to roll it out.
    
            * editing/mac/EditorMac.mm:
            (WebCore::Editor::WebContentReader::readImage):
    
            * loader/archive/ArchiveResource.cpp:
            (WebCore::ArchiveResource::ArchiveResource):
            * loader/archive/ArchiveResource.h:
            (WebCore::ArchiveResource::setShouldLoadImmediately): Deleted.
            (WebCore::ArchiveResource::shouldLoadImmediately): Deleted.
    
            * loader/cache/CachedResourceLoader.cpp:
            (WebCore::CachedResourceLoader::requestResource):
    
2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171703. <rdar://problem/17833422>

    2014-07-28  Mark Hahnenberg  <mhahnenberg@apple.com>
    
            ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock()
            https://bugs.webkit.org/show_bug.cgi?id=135352
    
            Reviewed by Oliver Hunt.
    
            * Modules/plugins/QuickTimePluginReplacement.mm:
            (WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected): This should be taking a 
            JSLock like its sibling methods do (e.g. installReplacement).
    
2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171702. <rdar://problem/16828238>

    2014-07-28  Antti Koivisto  <antti@apple.com>
    
            <embed> videos flashes constantly while playing inline on iPad, making it unwatchable
            https://bugs.webkit.org/show_bug.cgi?id=135356
            <rdar://problem/16828238>
    
            Reviewed by Simon Fraser.
            
            The shadow tree for media controls is scheduling style recalc. The general silliness of
            HTMLPlugInImageElement::willRecalcStyle/willDetachRenderers is turning those into render
            tree reconstructions causing flicker.
    
            * html/HTMLPlugInImageElement.cpp:
            (WebCore::HTMLPlugInImageElement::willRecalcStyle):
            
                Don't do the forced renderer reconstruction if there is no style change for the element
                or its ancestors. This way recalcs scheduled by the shadow tree don't trigger the widget
                update code path.
    
2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171700. <rdar://problem/17844901>

    2014-07-27  Brent Fulgham  <bfulgham@apple.com>
    
            [Mac, iOS] Paint-on closed captions get out-of-order in Safari
            https://bugs.webkit.org/show_bug.cgi?id=135332
            <rdar://problem/15317278>
    
            Reviewed by Brent Fulgham.
    
            * html/shadow/MediaControlElements.cpp:
            (WebCore::MediaControlTextTrackContainerElement::updateDisplay): If the
            number of active cues is greater than the current set of CSS boxes representing
            the cues, throw away the CSS boxes and re-layout all the cues.
            * html/track/InbandGenericTextTrack.cpp:
            (WebCore::InbandGenericTextTrack::addGenericCue): Add some logging.
            (WebCore::InbandGenericTextTrack::removeGenericCue): Ditto.
            * html/track/TextTrackCueGeneric.cpp:
            (WebCore::TextTrackCueGeneric::isOrderedBefore): Revise ordering rules so that we put
            newer cues earlier in the layout order so they are drawn towards the bottom
            of the screen. Only do this for Generic captions.
            * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
            (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Adjust logging
            messages.
            (WebCore::InbandTextTrackPrivateAVF::removeCompletedCues): Add logging.
    
2014-07-29  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171675. <rdar://problem/17826572>

    2014-07-28  Yusuke Suzuki  <utatane.tea@gmail.com>
    
            CSS: Fix :visited behavior for SubSelectors
            https://bugs.webkit.org/show_bug.cgi?id=135324
    
            Reviewed by Benjamin Poulain.
    
            Disable :visited match for the selectors that has SubSelectors.
    
            Tests: fast/history/nested-visited-test-complex.html
                   fast/history/sibling-visited-test-complex.html
    
            * css/SelectorChecker.cpp:
            (WebCore::SelectorChecker::matchRecursively):
    
2014-07-27  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171661. <rdar://problem/17315237>

    2014-07-27  Daniel Bates  <dabates@apple.com>
    
            [WK2] Crash when accessing window.localStorage after calling window.close()
            https://bugs.webkit.org/show_bug.cgi?id=135328
            <rdar://problem/17315237>
    
            Reviewed by Sam Weinig.
    
            Fixes an issue where accessing local storage for the first time after calling window.close()
            causes a crash.
    
            For now, we should disallow accessing local storage after calling window.close() regardless of
            whether it's the first access to local storage as this seems like a bad idiom to support. Note,
            this represents a change in behavior from WebKit1. If such usage of window.localStorage turns
            out to be reasonable then we can visit this decision again in <https://bugs.webkit.org/show_bug.cgi?id=135330>.
    
            Tests: storage/domstorage/localstorage/access-storage-after-window-close.html
                   storage/domstorage/localstorage/access-storage-then-set-value-in-storage-after-window-close.html
                   storage/domstorage/localstorage/set-value-in-storage-after-window-close.html
    
            * page/DOMWindow.cpp:
            (WebCore::DOMWindow::localStorage): Modified to only return the cached local storage or
            create a new local storage so long as the page isn't being closed. Also, substitute nullptr
            for 0.
            (WebCore::DOMWindow::close): Call Page::setIsClosing() to mark that the page is closing.
            * page/Page.cpp:
            (WebCore::Page::Page): Initialize m_isClosing to false.
            * page/Page.h:
            (WebCore::Page::setIsClosing): Added.
            (WebCore::Page::isClosing): Added.
    
2014-07-27  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171647. <rdar://problem/17315168>

    2014-07-26  Timothy Horton  <timothy_horton@apple.com>
    
            Crash in Web Content Process under ~PDFDocument under clearTouchEventListeners at topDocument()
            https://bugs.webkit.org/show_bug.cgi?id=135319
            <rdar://problem/17315168>
    
            Reviewed by Darin Adler and Antti Koivisto.
    
            * dom/Document.h:
            * dom/Document.cpp:
            (WebCore::Document::Document):
            (WebCore::Document::prepareForDestruction):
            Add a flag on Document, m_hasPreparedForDestruction, which ensures
            that each Document only goes through prepareForDestruction() once.
            prepareForDestruction() can be called a number of times during teardown,
            but it's only necessary to actually execute it once.
            
            This was previously achieved by virtue of all callers of prepareForDestruction()
            first checking hasLivingRenderTree, and prepareForDestruction() tearing down
            the render tree, but that meant that prepareForDestruction() was not called
            for Documents who never had a render tree in the first place.
    
            The only part of prepareForDestruction() that is now predicated on hasLivingRenderTree()
            is the call to destroyRenderTree(); the rest of the function has the potential to be relevant
            for non-rendered placeholder documents and can safely deal with them in other ways.
    
            It is important to call prepareForDestruction() on non-rendered placeholder documents
            because some of the cleanup (like disconnectFromFrame()) is critical to safe destruction.
    
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::clear):
            Call prepareForDestruction() even if we don't have a living render tree.
            For the sake of minimizing change, removeFocusedNodeOfSubtree still
            depends on having a living render tree before calling prepareForDestruction().
    
            * page/Frame.cpp:
            (WebCore::Frame::setView):
            (WebCore::Frame::setDocument):
            Call prepareForDestruction() even if we don't have a living render tree.
    
2014-07-27  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171640. <rdar://problem/17812921>

    2014-07-25  Zalan Bujtas  <zalan@apple.com>
    
            Subpixel rendering: Rounded rect gets non-renderable at certain subpixel size.
            https://bugs.webkit.org/show_bug.cgi?id=135314
            <rdar://problem/17812921>
    
            Reviewed by Tim Horton.
    
            While calculating the rounded rect for painting, the radius is adjusted to compensate
            for the pixel snapped size. However while scaling the radius, certain values overflow
            (float) mantissa and it produces a non-renderable rounded rect where the radius becomes bigger
            than the rectangle dimensions. In such cases, we need to shrink the radius to make it
            renderable again.
    
            Test: transitions/rounded-rect-becomes-non-renderable-while-transitioning.html
    
            * platform/graphics/RoundedRect.cpp:
            (WebCore::RoundedRect::pixelSnappedRoundedRectForPainting): shrink the radius by
            one device pixel. It is as good as any other small value.
    
2014-07-27  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171624. <rdar://problem/17715503>

    2014-07-25  Jer Noble  <jer.noble@apple.com>
    
            [MSE] Playback stalls & readyState drops to HAVE_CURRENT_DATA at end of stream with unbalanced buffered SourceBuffers
            https://bugs.webkit.org/show_bug.cgi?id=135291
            <rdar://problem/17715503>
    
            Reviewed by Sam Weinig.
    
            Test: media/media-source/media-source-end-of-stream-buffered.html
    
            When determining the correct ReadyState for the MediaSource in monitorSourceBuffers(), use the same
            definition of "buffered" as is used in the calculation of HTMLMediaElement.buffered and in the
            Stream Ended algorithm. Namely, when the stream has ended, treat each SourceBuffer as if its last
            buffered range extends to the duration of the stream. This allows playback to continue through to
            the duration without stalling due to monitorSourceBuffers().
    
            * Modules/mediasource/SourceBuffer.cpp:
            (WebCore::SourceBuffer::bufferedAccountingForEndOfStream): Added; extends the last range in buffered
                to MediaSource::duration() if the MediaSource is ended.
            (WebCore::SourceBuffer::hasCurrentTime): Uses bufferedAccountingForEndOfStream().
            (WebCore::SourceBuffer::hasFutureTime): Ditto.
            (WebCore::SourceBuffer::canPlayThrough): Ditto.
            * Modules/mediasource/SourceBuffer.h:
    
            Add a convenience method for determining whether the MediaSource has ended:
            * Modules/mediasource/MediaSource.cpp:
            (WebCore::MediaSource::isEnded):
            * Modules/mediasource/MediaSource.h:
    
            Add start() and end() methods that don't take a (usually ignored) isValid inout parameter. Add duration()
            and maximumBufferedTime() convenience methods:
            * platform/graphics/PlatformTimeRanges.cpp:
            (WebCore::PlatformTimeRanges::start):
            (WebCore::PlatformTimeRanges::end):
            (WebCore::PlatformTimeRanges::duration):
            (WebCore::PlatformTimeRanges::maximumBufferedTime):
            * platform/graphics/PlatformTimeRanges.h:
    
2014-07-27  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171616. <rdar://problem/17736875>

    2014-07-25  Jer Noble  <jer.noble@apple.com>
    
            [MSE] High CPU usage in SampleMap::findSamplesWithinPresentationRange() with a large number of buffered samples.
            https://bugs.webkit.org/show_bug.cgi?id=135247
    
            Reviewed by Geoffrey Garen.
    
            Anchor our search for overlapping frames to the end of the search range when the overlap range is sufficiently
            close to the end of the search range. The common case for this search is when a sample is about to be appended
            to the end of the sample queue, so this should turn most searches into no-ops.
    
            * Modules/mediasource/SampleMap.cpp:
            (WebCore::PresentationOrderSampleMap::findSamplesWithinPresentationRangeFromEnd):
            * Modules/mediasource/SampleMap.h:
            * Modules/mediasource/SourceBuffer.cpp:
            (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
    
2014-07-27  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171609. <rdar://problem/17043792>

    2014-07-25  David Hyatt  <hyatt@apple.com>
    
            [New Multicolumn] RenderViews paginated as RL or LR don't handle percentage widths correctly.
            REGRESSION: Images don’t scale to fit in page in vertical text books
    
            https://bugs.webkit.org/show_bug.cgi?id=135204
            <rdar://problem/17043792>
            
            Reviewed by Simon Fraser.
    
            Added fast/multicol/pagination/RightToLeft-max-width.html
    
            * rendering/RenderView.cpp:
            (WebCore::RenderView::availableLogicalHeight):
            Put back in the same code that used to exist for the old columns (but ported to the new
            columns).
    
2014-07-25  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171632. <rdar://problem/17817223>

    2014-07-25  Jer Noble  <jer.noble@apple.com>

            [EME][Mac] CDM error messages not piped through to MediaKeySession correctly; clients don't receive error events
            https://bugs.webkit.org/show_bug.cgi?id=135312
            <rdar://problem/17817223>

            Reviewed by Brent Fulgham.

            Set (and clear) the client interface so that errors can be piped from the CDMSession up to the MediaKeySession.

            * Modules/encryptedmedia/MediaKeySession.cpp:
            (WebCore::MediaKeySession::MediaKeySession):
            (WebCore::MediaKeySession::close):

2014-07-25  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171619. <rdar://problem/17811922>

    2014-07-25  Pratik Solanki  <psolanki@apple.com>

            [iOS] REGRESSION(r171526): Images fail to load sometimes
            https://bugs.webkit.org/show_bug.cgi?id=135304
            <rdar://problem/17811922>

            Reviewed by Alexey Proskuryakov.

            SharedBuffer::createCFData() calls data() as a way to coalesce the data array elements and
            segments into m_buffer. However, data() has an optimization where if we had a single element
            in the data array, it would just return that and not do coalescing. So when we passed
            m_buffer to WebCoreSharedData, we passed a buffer with no data in it.

            Fix this by bringing the optimization to createCFData() and return the CFDataRef from the
            data array if we just have a single element.

            No new tests. Should be covered by existing tests.

            * platform/mac/SharedBufferMac.mm:
            (WebCore::SharedBuffer::createCFData):

2014-07-25  Lucas Forschler  <lforschler@apple.com>

        Merge r171593

    2014-07-25  Zalan Bujtas  <zalan@apple.com>

            Subpixel rendering: iOS video playback controls look blurry.
            https://bugs.webkit.org/show_bug.cgi?id=135245
            <rdar://problem/16878037>

            Reviewed by Simon Fraser.

            This patch introduces a compositing parent of the overlay control panel so that
            the transformed overlay panel becomes sharp. This is a workaround for webkit.org/b/135246.

            Can't find a way to test it yet.

            * Modules/mediacontrols/mediaControlsApple.css:
            (video::-webkit-media-controls-panel-composited-parent):
            * Modules/mediacontrols/mediaControlsApple.js:
            (Controller.prototype.createControls):
            (Controller.prototype.addControls):
            * Modules/mediacontrols/mediaControlsiOS.css:
            (video::-webkit-media-controls-panel-composited-parent):
            * Modules/mediacontrols/mediaControlsiOS.js: This is a workaround for webkit.org/b/135248
            It pushes the overlay panel down to close the gap with the video element. Since the
            panel's size in css pixels is scale dependent, the gap needs to be scale dependent too.
            (ControllerIOS.prototype.set pageScaleFactor):

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171203

    2014-07-17  Enrica Casucci  <enrica@apple.com>

            [REGRESSION WK2]The menu bar does not show up when tapping on the caret.
            https://bugs.webkit.org/show_bug.cgi?id=135023
            <rdar://problem/17617282>

            Reviewed by Benjamin Poulain.

            Adding some exports.

            * WebCore.exp.in:

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171580

    2014-07-24  Ryosuke Niwa  <rniwa@webkit.org>

            REGRESSION(r164401): Placing a caret doesn't bring up autocorrection panel
            https://bugs.webkit.org/show_bug.cgi?id=135278

            Reviewed by Tim Horton.

            The bug was caused by editorUIUpdateTimerFired calling respondToChangedSelection only if the selection was
            triggered by dictation instead of only if it was NOT triggered by dictation.

            Prior to r164401, AlternativeTextController::respondToMarkerAtEndOfWord exited early when SetSelectionOptions
            had DictationTriggered set. r164401 intended to move this check to editorUIUpdateTimerFired to avoid passing
            options around but the boolean condition was erroneously flipped.

            Fixed the bug by negating the condition in editorUIUpdateTimerFired.

            No new tests for now since autocorrection panel cannot be tested automatically. (We should really automate this!)

            * editing/Editor.cpp:
            (WebCore::Editor::editorUIUpdateTimerFired):

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171577

    2014-07-24  Tim Horton  <timothy_horton@apple.com>

            Crashes under scanSelectionForTelephoneNumbers in Range::text() on some sites
            https://bugs.webkit.org/show_bug.cgi?id=135281
            <rdar://problem/17803347>

            Reviewed by Ryosuke Niwa.

            * editing/Editor.cpp:
            (WebCore::Editor::scanSelectionForTelephoneNumbers):
            toNormalizedRange is not guaranteed to return a non-null range.
            If it returns null, pass the empty markedRanges down to the client as our new set.

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171567

    2014-07-24  Simon Fraser  <simon.fraser@apple.com>

            [iOS WK1] CSS viewport units use the wrong viewport size in WebKit1
            https://bugs.webkit.org/show_bug.cgi?id=135254
            <rdar://problem/17781423>

            Reviewed by Tim Horton.

            Test: fast/css/viewport-units-dynamic.html

            In WebKit1 on iOS, we want to resolve viewport units against the visible
            viewport, not the legacy WK1 notion of the "viewport" which is the entire document.

            Fixes rendering of medium.com articles in WK1 views on iPad.

            * page/FrameView.cpp:
            (WebCore::FrameView::viewportSizeForCSSViewportUnits):

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171561

    2014-07-24  Myles C. Maxfield  <mmaxfield@apple.com>

            Crash when measuring a glyphs from a fallback SVG font
            https://bugs.webkit.org/show_bug.cgi?id=135264

            Reviewed by Simon Fraser.

            We can't realize font data for all fallback fonts ahead
            of time, but we don't have all the necessary context to
            realize SVG fallback data when it's needed. For now, we
            can just bail; however, a larger, more invasive fix is
            in order.

            Test: svg/text/svg-fallback-font-crash.html

            * platform/graphics/WidthIterator.cpp:
            (WebCore::applyFontTransforms):

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171559

    2014-07-24  Daniel Bates  <dabates@apple.com>
                And Alexey Proskuryakov  <ap@apple.com>

            [iOS] REGRESSION (WebKit2): Can't login to Wordpress.com, facebook.com when always allowing cookies
            https://bugs.webkit.org/show_bug.cgi?id=135273
            <rdar://problem/17598815>

            Reviewed by Alexey Proskuryakov.

            Fixes an issue where cookies may be created in the wrong cookie store.

            Currently, when we update the CFURLRequest object associated with a ResourceRequest object
            we explicitly set a cookie storage, cookie accept policy, and SSL properties based on the
            corresponding values in the old CFURLRequest object (if we have one). This ultimately leads
            to CFNetwork associating the cookies for the request with a different cookie store when we
            handle the request in the NetworkProcess. Instead, we shouldn't set these properties
            explicitly as we already copy them implicitly earlier (via CFURLRequestCreateMutableCopy()).

            * platform/network/cf/ResourceRequestCFNet.cpp:
            (WebCore::ResourceRequest::doUpdatePlatformRequest):

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171505

    2014-07-23  Joseph Pecoraro  <pecoraro@apple.com>

            ScriptController::updateDocument ASSERT mutating map while iterating map
            https://bugs.webkit.org/show_bug.cgi?id=135211

            Reviewed by Oliver Hunt.

            Avoid iterating over m_windowShells in more places. This prevents
            the possibility of a collection during JSC allocation which might
            cause a mutation to m_windowShells (HTMLMediaElement destruction).

            Have ScriptController defriend ScriptCachedFrameData by providing
            a getter for the list of window shells.

            * bindings/js/ScriptCachedFrameData.cpp:
            (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
            (WebCore::ScriptCachedFrameData::restore):
            * bindings/js/ScriptController.cpp:
            (WebCore::ScriptController::windowShells):
            (WebCore::ScriptController::clearWindowShell):
            (WebCore::ScriptController::attachDebugger):
            (WebCore::ScriptController::updateDocument):
            * bindings/js/ScriptController.h:

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171554

    2014-07-24  Dan Bernstein  <mitz@apple.com>

            Fixed Windows build fix.

            * platform/network/cf/AuthenticationCF.cpp:

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171545

    2014-07-24  Dan Bernstein  <mitz@apple.com>

            Attempted Windows build fix.

            * platform/network/cf/AuthenticationCF.cpp:
            (WebCore::AuthenticationChallenge::AuthenticationChallenge):
            * platform/network/cf/CredentialStorageCFNet.cpp:
            (WebCore::CredentialStorage::getFromPersistentStorage):
            * platform/network/cf/ProtectionSpaceCFNet.cpp:
            (WebCore::ProtectionSpace::receivesCredentialSecurely):
            (WebCore::ProtectionSpaceBase::receivesCredentialSecurely): Deleted.

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171540

    2014-07-24  Dan Bernstein  <mitz@apple.com>

            <rdar://problem/17766348> [Cocoa] WebCore::ProtectionSpace doesn’t preserve all NSURLProtectionSpace properties, such as the distinguishedNames array
            https://bugs.webkit.org/show_bug.cgi?id=135229

            Reviewed by Alexey Proskuryakov.

            * CMakeLists.txt: Updated for rename of a source file.

            * WebCore.exp.in: Updated.

            * WebCore.vcxproj/WebCore.vcxproj: Updated for rename of source files, added
            ProtectionSpaceCFNet.{cpp,h}.
            * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.

            * WebCore.xcodeproj/project.pbxproj: Updated for rename of source files, added
            ProtectionSpaceCococa.{h.mm}.

            * platform/network/ProtectionSpace.cpp: Renamed to ProtectionSpaceBase.cpp.
            * platform/network/ProtectionSpace.h: This file was renamed to ProtectionSpaceBase.h, and
            in its place added a generic ProtectionSpace class that just derives from
            ProtectionSpaceBase. For Cocoa and CFNetwork, ProtectionSpace{Cocoa,CFNet}.h is included
            instead of the generic class.

            * platform/network/ProtectionSpaceBase.cpp: Renamed ProtectionSpace.cpp to this.
            (WebCore::ProtectionSpaceBase::ProtectionSpaceBase): Updated for rename.
            (WebCore::ProtectionSpaceBase::host): Ditto.
            (WebCore::ProtectionSpaceBase::port): Ditto.
            (WebCore::ProtectionSpaceBase::serverType): Ditto.
            (WebCore::ProtectionSpaceBase::isProxy): Ditto.
            (WebCore::ProtectionSpaceBase::realm): Ditto.
            (WebCore::ProtectionSpaceBase::authenticationScheme): Ditto.
            (WebCore::ProtectionSpaceBase::receivesCredentialSecurely): Removed CFNetwork-specific part,
            which is now implemented in ProtectionSpaceCFNet.cpp.
            (WebCore::ProtectionSpaceBase::compare): Replaced operator== with this, and made it call
            ProtectionSpace::platformCompare at the end if needed.

            * platform/network/ProtectionSpaceBase.h: Renamed ProtectionSpace.h to this.
            (WebCore::ProtectionSpaceBase::encodingRequiresPlatformData): Added with a default
            implementation that returns false, for ProtectionSpace implementations to override.
            (WebCore::ProtectionSpaceBase::platformCompare): Added with a default implementation that
            returns true, for ProtectionSpace implementations to override.
            (WebCore::operator==): Changed to call compare.

            * platform/network/cf/AuthenticationCF.cpp:
            (WebCore::AuthenticationChallenge::AuthenticationChallenge): Changed to use the
            ProtectionSpace constructor that takes a CFURLProtectionSpaceRef.
            (WebCore::createCF): Changed to use ProtectionSpace::cfSpace.

            * platform/network/cf/AuthenticationCF.h: Guarded a couple of functiosn that aren’t used in
            Cocoa with #if PLATFORM(WIN).

            * platform/network/cf/CredentialStorageCFNet.cpp:
            (WebCore::CredentialStorage::getFromPersistentStorage): Changed to use
            ProtectionSpace::cfSpace.
            (WebCore::CredentialStorage::saveToPersistentStorage): Ditto.

            * platform/network/cf/ProtectionSpaceCFNet.cpp: Added.
            (WebCore::ProtectionSpaceBase::receivesCredentialSecurely): Override with the
            CFNetwork-specific test that was previously in ProtectionSpace.cpp.

            * platform/network/cf/ProtectionSpaceCFNet.h: Copied from Source/WebCore/platform/network/ProtectionSpace.h.
            Declare ProtectionSpace and override receivesCredentialSecurely.

            * platform/network/mac/AuthenticationMac.h: Deleted the ProtectionSpace core() and mac().
            * platform/network/mac/AuthenticationMac.mm:
            (WebCore::AuthenticationChallenge::AuthenticationChallenge): Changed to use the
            ProtectionSpace constructor that takes an NSURLProtectionSpace.
            (WebCore::mac): Changed to use ProtectionSpace::nsSpace.

            * platform/network/mac/CredentialStorageMac.mm:
            (WebCore::CredentialStorage::getFromPersistentStorage): Ditto.

            * platform/network/mac/ResourceHandleMac.mm:
            (WebCore::ResourceHandle::receivedCredential): Changed to use the ProtectionSpace
            constructor that takes an NSURLProtectionSpace.

            * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
            (-[WebCoreResourceHandleAsDelegate connection:canAuthenticateAgainstProtectionSpace:]):
            Ditto.

            * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
            (-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]):
            Ditto.

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171532

    2014-07-24  Benjamin Poulain  <benjamin@webkit.org>

            [WK2] Fixed/Sticky layers can get mispositioned when the layer tree commit change their position or size
            https://bugs.webkit.org/show_bug.cgi?id=135227
            <rdar://problem/17279500>

            Reviewed by Simon Fraser.

            Keep track of the creation/destruction of Fixed and Sticky nodes in the ScrollingTree.

            * page/scrolling/ScrollingTree.cpp:
            (WebCore::ScrollingTree::ScrollingTree):
            * page/scrolling/ScrollingTree.h:
            (WebCore::ScrollingTree::hasFixedOrSticky):
            (WebCore::ScrollingTree::fixedOrStickyNodeAdded):
            (WebCore::ScrollingTree::fixedOrStickyNodeRemoved):
            * page/scrolling/mac/ScrollingTreeFixedNode.mm:
            (WebCore::ScrollingTreeFixedNode::ScrollingTreeFixedNode):
            (WebCore::ScrollingTreeFixedNode::~ScrollingTreeFixedNode):
            * page/scrolling/mac/ScrollingTreeStickyNode.mm:
            (WebCore::ScrollingTreeStickyNode::ScrollingTreeStickyNode):
            (WebCore::ScrollingTreeStickyNode::~ScrollingTreeStickyNode):

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171526

    2014-07-24  Pratik Solanki  <psolanki@apple.com>

            Sharing SharedBuffer between WebCore and ImageIO is racy and crash prone
            https://bugs.webkit.org/show_bug.cgi?id=135069
            <rdar://problem/17470655>

            Reviewed by Simon Fraser.

            When passing image data to ImageIO for decoding, we pass an NSData subclass that is a wraper
            around SharedBuffer. This can be a problem when ImageIO tries to access the data on the CA
            thread. End result is data corruption on large image loads and potential crashes. The fix is
            to have SharedBuffer create a copy of its data if the data has been passed to ImageIO and
            might be accessed concurrently.

            Since Vector is not refcounted, we do this by having a new refcounted object in SharedBuffer
            that contains the buffer and we pass that in our NSData subclass WebCoreSharedBufferData.
            Code that would result in the Vector memory moving e.g. append(), resize(), now checks to
            see if the buffer was shared and if so, will create a new copy of the vector. This ensures
            that the main thread does not end up invalidating the vector memory that we have passed it
            to ImageIO.

            No new tests because no functional changes.

            * loader/cache/CachedResource.cpp:
            (WebCore::CachedResource::makePurgeable):
                Remove early return - createPurgeableMemory() has the correct check now.
            * platform/SharedBuffer.cpp:
            (WebCore::SharedBuffer::SharedBuffer):
            (WebCore::SharedBuffer::adoptVector):
            (WebCore::SharedBuffer::createPurgeableBuffer):
                Don't create purgeable buffer if we are sharing the buffer.
            (WebCore::SharedBuffer::append):
            (WebCore::SharedBuffer::clear):
            (WebCore::SharedBuffer::copy):
            (WebCore::SharedBuffer::duplicateDataBufferIfNecessary): Added.
                Create a new copy of the data if we have shared the buffer and if appending to it would
                exceed the capacity of the vector resulting in memmove.
            (WebCore::SharedBuffer::appendToInternalBuffer): Added.
            (WebCore::SharedBuffer::clearInternalBuffer): Added.
            (WebCore::SharedBuffer::buffer):
                Create a new copy of the buffer if we have shared it.
            (WebCore::SharedBuffer::getSomeData):
            * platform/SharedBuffer.h:
            * platform/cf/SharedBufferCF.cpp:
            (WebCore::SharedBuffer::SharedBuffer):
            (WebCore::SharedBuffer::singleDataArrayBuffer):
            (WebCore::SharedBuffer::maybeAppendDataArray):
            * platform/mac/SharedBufferMac.mm:
                Pass the InternalBuffer object to WebCoreSharedBufferData
            (-[WebCoreSharedBufferData dealloc]):
            (-[WebCoreSharedBufferData initWithSharedBufferInternalBuffer:]):
            (-[WebCoreSharedBufferData length]):
            (-[WebCoreSharedBufferData bytes]):
            (WebCore::SharedBuffer::createNSData):
                Call createCFData() instead of duplicating code.
            (WebCore::SharedBuffer::createCFData):
                If the data is in purgeable memory, make a copy of it since m_buffer was cleared when
                creating the purgeable buffer.
            (-[WebCoreSharedBufferData initWithSharedBuffer:]): Deleted.

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171497

    2014-07-23  Pratik Solanki  <psolanki@apple.com>

            Get rid of SharedBuffer::NSDataRetainPtrWithoutImplicitConversionOperator
            https://bugs.webkit.org/show_bug.cgi?id=135219

            Reviewed by Anders Carlsson.

            No new tests because no functional changes.

            * loader/ResourceBuffer.h:
            * loader/mac/ResourceBuffer.mm:
            (WebCore::ResourceBuffer::createNSData):
            * platform/SharedBuffer.h:
            (WebCore::SharedBuffer::NSDataRetainPtrWithoutImplicitConversionOperator::NSDataRetainPtrWithoutImplicitConversionOperator): Deleted.
            * platform/mac/SharedBufferMac.mm:
            (WebCore::SharedBuffer::createNSData):

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171506

    2014-07-23  Jeremy Jones  <jeremyj@apple.com>

            Transparent fullscreen background when video is not present.
            https://bugs.webkit.org/show_bug.cgi?id=135226

            Reviewed by Simon Fraser.

            Set background to black just before beginning the animation to fullscreen.

            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (WebVideoFullscreenInterfaceAVKit::enterFullscreen): set background color black.

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171481

    2014-07-23  Joseph Pecoraro  <pecoraro@apple.com>

            JSDOMWindowShell leaks on pages with media elements
            https://bugs.webkit.org/show_bug.cgi?id=135178

            Reviewed by Oliver Hunt.

            The DOMWindowWorld for HTMLMediaElements with MEDIA_CONTROLS_SCRIPT
            was not getting cleared and removed.

            * bindings/js/ScriptController.cpp:
            (WebCore::ScriptController::clearWindowShell):
            Iterate over a copy of the values. A sweep / garbage collection caused by
            any JSC allocation during iteration could trigger a mutation of the m_windowShells
            table that was being iterating. So instead iterate a list that won't mutate.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::~HTMLMediaElement):
            If we had an isolated world, release as much memory as possible.

2014-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r171478

    2014-07-23  Jer Noble  <jer.noble@apple.com>

            [MSE][Mac] Support abort() in SourceBufferPrivateAVFObjC.
            https://bugs.webkit.org/show_bug.cgi?id=135163

            Reviewed by Brent Fulgham.

            Recreate the parser when asked to abort().

            * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
            (WebCore::SourceBufferPrivateAVFObjC::abort):

2014-07-23  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r171499. <rdar://problem/17783423>

    2014-07-23  Tim Horton  <timothy_horton@apple.com>

            REGRESSION (r171376): Sometimes we detect less than the whole phone number
            https://bugs.webkit.org/show_bug.cgi?id=135220
            <rdar://problem/17783423>

            Reviewed by Brady Eidson.

            * editing/Editor.cpp:
            (WebCore::Editor::scanSelectionForTelephoneNumbers):
            Use the visible selection's start and end instead of base and extent, because they'll
            always be in the right order in the case of a directional selection (base can be *after* extent
            if you select from right to left). This fixes the code that expands the selection.

            Pass the *entire* expanded selection to DataDetectors, instead of using TextIterator.
            This way, we will find each number only once, and will never get part of a phone number once
            and then the whole phone number later.

2014-07-23  Lucas Forschler  <lforschler@apple.com>

        Merge r171370

    2014-07-22  Enrica Casucci  <enrica@apple.com>

            REGRESSION (WebKit2): Selection inside accelerated overflow:scroll doesn't track scrolling.
            https://bugs.webkit.org/show_bug.cgi?id=135180
            <rdar://problem/16721055>

            Reviewed by Simon Fraser.

            AsyncScrollingCoordinator will force a selection update on iOS
            when scrolling terminates in an overflow scroll.

            * loader/EmptyClients.h:
            * page/EditorClient.h:
            * page/scrolling/AsyncScrollingCoordinator.cpp:
            (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):
            * page/scrolling/ScrollingTree.h:
            (WebCore::ScrollingTree::scrollingTreeNodeWillStartScroll):
            (WebCore::ScrollingTree::scrollingTreeNodeDidEndScroll):

2014-07-23  Lucas Forschler  <lforschler@apple.com>

        Merge r171355

    2014-07-21  Sam Weinig  <sam@webkit.org>

            [Cocoa] WKScriptMessageHandlers don't seem to function properly after navigating
            https://bugs.webkit.org/show_bug.cgi?id=135148

            Reviewed by Geoffrey Garen.

            The "webkit" property on the window was not getting installed for subsequent
            loads due to intricate dance playing setting the JSDOMWindow where the DOMWindow
            object is not yet in a Frame when the JSDOMWindow is created. Since we were
            adding the "webkit" property on construction, the property was returning null
            thinking it had no Frame and was in a bad state. We can fix this by making the
            "webkit" property behave like all the other window properties moving its getting
            to JSDOMWindow::getOwnPropertySlot.

            Added API test (WebKit2Cocoa/UserContentController).

            * bindings/js/JSDOMWindowBase.cpp:
            (WebCore::JSDOMWindowBase::finishCreation):
            * bindings/js/JSDOMWindowCustom.cpp:
            (WebCore::jsDOMWindowWebKit):
            (WebCore::JSDOMWindow::getOwnPropertySlot):

2014-07-23  Lucas Forschler  <lforschler@apple.com>

        Merge r171353

    2014-07-22  Brent Fulgham  <bfulgham@apple.com>

            [Win] Fix Leak in WebCore::createGlobalImageFileDescriptor 
            https://bugs.webkit.org/show_bug.cgi?id=134423
            <rdar://problem/17492758>

            Reviewed by Geoffrey Garen.

            * platform/win/PasteboardWin.cpp:
            (WebCore::createGlobalImageFileDescriptor): Unlock and release the
            HGLOBAL when exiting early.

2014-07-23  Lucas Forschler  <lforschler@apple.com>

        Merge r171347

    2014-07-21  Myles C. Maxfield  <mmaxfield@apple.com>

            Clicking on links while accessibility is enabled sometimes crashes
            https://bugs.webkit.org/show_bug.cgi?id=135074

            Reviewed by Chris Fleizach.

            When an accessibility request comes in from the system, we call updateBackingStore() on the
            relevant AccessibilityObject, which triggers a relayout of the entire document. This relayout
            might delete that accessibility node and its parent, which would cause the node to be deleted.
            After the stack unwinds, we then call a member function on the node without checking for this
            condition.

            Test: accessibility/parent-delete.html

            * accessibility/AccessibilityObject.cpp:
            (WebCore::AccessibilityObject::updateBackingStore): Retain the node for the duration of the
            function.

2014-07-23  Lucas Forschler  <lforschler@apple.com>

        Merge r171345

    2014-07-22  Jeremy Jones  <jeremyj@apple.com>

            Don't create new UIWindow for video fullscreen.
            https://bugs.webkit.org/show_bug.cgi?id=135038

            Reviewed by Darin Adler.

            * WebCore.exp.in:
            * platform/ios/WebVideoFullscreenControllerAVKit.h: use UIView instead of UIScreen.
            * platform/ios/WebVideoFullscreenControllerAVKit.mm:
            (-[WebVideoFullscreenController enterFullscreen:]): provide parent UIView.
            * platform/ios/WebVideoFullscreenInterfaceAVKit.h: remove UIWindow.
            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: 
            (WebVideoFullscreenInterfaceAVKit::setupFullscreen): ditto 
            (WebVideoFullscreenInterfaceAVKit::cleanupFullscreen): ditto
            (WebVideoFullscreenInterfaceAVKit::invalidate): ditto
            (WebVideoFullscreenInterfaceAVKit::requestHideAndExitFullscreen): ditto

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171336.

    2014-07-21  Benjamin Poulain  <bpoulain@apple.com>

            [iOS][WK2] Improve event throttling for Scroll Events
            https://bugs.webkit.org/show_bug.cgi?id=135082
            <rdar://problem/17445266>

            Reviewed by Simon Fraser.

            This patch is composed of two parts. The first part in the WebKit layer
            track an approximate measurement of the main thread responsiveness.
            The second part in WebCore use that information to avoid sending events
            if a page is unresponsive.

            In WebCore, this patch only consider scroll events so far. Hopefully the concept
            should be easy to generalize.

            * loader/EmptyClients.h:
            * page/ChromeClient.h:
            Chrome client provides us with one information: how long an incoming event should be delayed.
            Every port is free to implement whatever logic is suitable for them.

            * page/FrameView.cpp:
            (WebCore::FrameView::FrameView):
            (WebCore::FrameView::reset):
            (WebCore::FrameView::delayedScrollEventTimerFired):
            (WebCore::FrameView::scrollPositionChanged):
            (WebCore::FrameView::sendScrollEvent):
            * page/FrameView.h:
            Scroll events do not have any associated information so they can be coalesced by just skipping
            all input hapenning during the throttling delay.

            The implementation is done by using a timer to delay the events.

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171332.

    2014-07-21  Tim Horton  <timothy_horton@apple.com>

            Avoid putting empty-sized surfaces into IOSurfacePool
            https://bugs.webkit.org/show_bug.cgi?id=135136

            Reviewed by Simon Fraser.

            * platform/graphics/cg/IOSurfacePool.cpp:
            (WebCore::IOSurfacePool::addSurface):
            Avoid adding 0x0 surfaces to the pool, because they will wreak havoc
            when their size is used as the key in the CachedSurfaceMap.
            Additionally, avoid any empty sizes, because they're just pointless.

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171321.

    2014-07-21  Beth Dakin  <bdakin@apple.com>

            WK1 should always setAcceleratedCompositingForFixedPositionEnabled(true) on 
            Yosemite
            https://bugs.webkit.org/show_bug.cgi?id=135135

            Reviewed by Darin Adler.

            This patch gets rid of the ChromeClient function that was introduced with 
            http://trac.webkit.org/changeset/171308 We’ll just enable the Setting instead.
            * css/StyleResolver.cpp:
            (WebCore::StyleResolver::adjustRenderStyle):
            (WebCore::fixedPositionCreatesStackingContext): Deleted.
            * page/ChromeClient.h:
            (WebCore::ChromeClient::requiresAcceleratedCompositingForViewportConstrainedPosition): Deleted.
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::requiresCompositingForPosition):

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171320.

    2014-07-21  Simon Fraser  <simon.fraser@apple.com>

            [iOS WK2] Turn off position:fixed behavior when the keyboard is up
            https://bugs.webkit.org/show_bug.cgi?id=132537

            Reviewed by Benjamin Poulain.

            Export RenderObject::localToContainerPoint().

            * WebCore.exp.in:

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171316.

    2014-07-21  Jer Noble  <jer.noble@apple.com>

            [MSE] YouTube video decode error when variant-switching
            https://bugs.webkit.org/show_bug.cgi?id=135128

            Reviewed by Brent Fulgham.

            Test: media/media-source/media-source-overlapping-decodetime.html

            When variant-switching, the situation can arise where an existing sample with a presentation
            timestamp of N and a decode timestamp of M, and a new sample with a presentation timestamp > N
            and the same decode timestamp of M, will keep the new sample from being added to the SampleMap.
            This can result in a decode error when samples depending on that new, missing sample are enqueued.

            The MSE spec is silent on the issue of overlapping decode timestamps. However, it guarantees that
            presentation timestamps are non-overlapping. So instead of using just the decode timestamp as a key
            for storing the samples in decode order, use both the decode timestamp and the presentation timestamp.
            That ensures that samples with different presentation times but equal decode times are both inserted
            into the decode queue, and in the correct order.

            * Modules/mediasource/SampleMap.cpp:
            (WebCore::SampleIsRandomAccess::operator()): Update the parameter type to match the new KeyType.
            (WebCore::SampleMap::addSample): Pass both decodeTime and presentationTime as the key to decodeOrder.
            (WebCore::SampleMap::removeSample): Ditto.
            (WebCore::DecodeOrderSampleMap::findSampleWithDecodeKey): Renamed from findSampleWithDecodeTime.
            (WebCore::DecodeOrderSampleMap::reverseFindSampleWithDecodeKey): renamed from reverseFindSampleWithDecodeTime.
            (WebCore::DecodeOrderSampleMap::findSyncSamplePriorToPresentationTime): Use renamed version of above.
            (WebCore::DecodeOrderSampleMap::findSyncSampleAfterPresentationTime): Ditto.
            (WebCore::DecodeOrderSampleMap::findDependentSamples): Ditto.
            (WebCore::DecodeOrderSampleMap::findSampleWithDecodeTime): Deleted.
            (WebCore::DecodeOrderSampleMap::reverseFindSampleWithDecodeTime): Deleted.
            * Modules/mediasource/SampleMap.h:
            * Modules/mediasource/SourceBuffer.cpp:
            (WebCore::SourceBuffer::removeCodedFrames): Ditto.
            (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample): Ditto.
            (WebCore::SourceBuffer::reenqueueMediaForTime): Ditto.

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171314.

    2014-07-21  Andy Estes  <aestes@apple.com>

            [iOS] Handle QuickLook ResourceLoaders in the web process
            https://bugs.webkit.org/show_bug.cgi?id=135113

            Reviewed by David Kilzer.

            No new tests. QuickLook is not testable from WebKit.

            * WebCore.exp.in:
            * loader/ResourceLoadScheduler.cpp:
            (WebCore::ResourceLoadScheduler::maybeLoadQuickLookResource): Start loading the ResourceLoader if it is for a QuickLook resource.
            * loader/ResourceLoadScheduler.h:

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171308.

    2014-07-21  Beth Dakin  <bdakin@apple.com>

            Put position:fixed elements into layers when a WK1 view is layer-backed
            https://bugs.webkit.org/show_bug.cgi?id=135075

            Reviewed by Darin Adler.

            This patch adds a new ChromeClient function called 
            requiresAcceleratedCompositingForViewportConstrainedPosition(). Since a view can 
            go in and out of layer backing, we need a ChromeClient method that can be 
            dynamically re-evaluated rather than using the existing settings for enabling 
            accelerated fixed and fixed that creates a stacking context.

            Ensure that fixed elements create a stacking context when 
            requiresAcceleratedCompositingForViewportConstrainedPosition is true.
            * css/StyleResolver.cpp:
            (WebCore::StyleResolver::adjustRenderStyle):

            New ChromeClient function.
            * page/ChromeClient.h:

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171306.

    2014-07-20  Simon Fraser  <simon.fraser@apple.com>

            [iOS WK1] Single touch div scrolling doesn't work in framesets (breaks Word previews)
            https://bugs.webkit.org/show_bug.cgi?id=135103
            <rdar://problem/11830219>

            Reviewed by Darin Adler.

            After r166117 all layer flushing starts on the root frame; we no longer flush layers
            for each frame during painting. However, flushing GraphicsLayers can set some state
            on a subframe RenderLayerCompositor that is now never processed, which breaks scroll
            layer registration.
            
            Fix by doing a walk of the Frame tree, and calling didFlushLayers() on subframe RenderLayerCompositors
            before calling didFlushLayers() on self.

            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::flushPendingLayerChanges):
            (WebCore::RenderLayerCompositor::didFlushLayers):
            (WebCore::RenderLayerCompositor::notifySubframesAfterLayerFlush):
            (WebCore::RenderLayerCompositor::enclosingCompositorFlushingLayers): Drive-by nullptr.
            * rendering/RenderLayerCompositor.h:

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171299.

    2014-07-21  Eric Carlson  <eric.carlson@apple.com>

            [iOS] a Paused media session is not active
            https://bugs.webkit.org/show_bug.cgi?id=135108

            Reviewed by Darin Adler.

            Activating the shared AudioSession will pause audio playing in another application,
            so only report a Playing media sessions as active.

            * platform/audio/MediaSessionManager.cpp:
            * platform/audio/MediaSessionManager.h:
            (WebCore::MediaSessionManager::activeAudioSessionRequired): Renamed from hasActive to make
            clear what it does. Only return true for a session that is Playing.

            * platform/audio/mac/MediaSessionManagerMac.cpp:
            (MediaSessionManager::updateSessionState): hasActive renamed to activeAudioSessionRequired.

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171289.

    2014-07-20  Pratik Solanki  <psolanki@apple.com>

            Reduce the chances of a race condition when sharing SharedBuffer
            https://bugs.webkit.org/show_bug.cgi?id=135060
            <rdar://problem/17729444>

            Reviewed by Darin Adler.

            We currently pass a SharedBuffer wrapped in WebCoreSharedBufferData to ImageIO for image
            decoding. This is not thread safe since ImageIO will access this buffer on a separate
            thread. We access SharedBuffer::buffer() on the other thread which resizes the Vector
            m_buffer if m_size is greater than the vector size. Since the code in SharedBuffer::append()
            sets m_size before appending the data to the buffer, m_size is out of sync with the m_buffer
            size for the entire duration of the Vector append which could be doing a lot of copying if
            the resource is large. While this change does not fix the race condition, we can at least
            reduce the chances of SharedBuffer::buffer() calling resize() by setting m_size after the
            cector has finished appending.

            No new tests because no functional changes.

            * platform/SharedBuffer.cpp:
            (WebCore::SharedBuffer::append):

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171288.

    2014-07-20  Jeremy Jones  <jeremyj@apple.com>

            Disable ff/rw based on canPlayFastForward and canPlayFastRewind.
            https://bugs.webkit.org/show_bug.cgi?id=134894

            Reviewed by Darin Adler.

            * WebCore.exp.in: add symbol for canPlayFastReverse
            * html/HTMLMediaElement.cpp: Add two new accessors
            (WebCore::HTMLMediaElement::nextScanRate): possibly limit scanRate
            (WebCore::HTMLMediaElement::canPlayFastForward): added
            (WebCore::HTMLMediaElement::canPlayFastReverse): added
            * html/HTMLMediaElement.h: declare two new methods
            * platform/graphics/MediaPlayer.cpp: Plumb through two new accessors
            (WebCore::MediaPlayer::maxFastForwardRate): added
            (WebCore::MediaPlayer::minFastReverseRate): added
            * platform/graphics/MediaPlayer.h: Declare new methods
            * platform/graphics/MediaPlayerPrivate.h: Added two new methods.
            (WebCore::MediaPlayerPrivateInterface::maxFastForwardRate): added
            (WebCore::MediaPlayerPrivateInterface::minFastReverseRate): added
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: member to cache ff/rw enabled state
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer): observe on item canPlayFastForward canPlayFastReverse
            (WebCore::MediaPlayerPrivateAVFoundationObjC::canPlayFastForwardDidChange): added
            (WebCore::MediaPlayerPrivateAVFoundationObjC::canPlayFastReverseDidChange): added
            (WebCore::itemKVOProperties): observe canPlayFastForward canPlayFastRewind
            (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]): ditto
            * platform/ios/WebVideoFullscreenInterface.h: add new method
            * platform/ios/WebVideoFullscreenInterfaceAVKit.h: ditto
            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: ditto
            (WebVideoFullscreenInterfaceAVKit::setCanPlayFastReverse): Set value on WebAVPlayerController.
            (-[WebAVPlayerController canScanBackward]): Deleted.
            (+[WebAVPlayerController keyPathsForValuesAffectingCanScanBackward]): Deleted.
            * platform/ios/WebVideoFullscreenModelMediaElement.mm:
            (WebVideoFullscreenModelMediaElement::updateForEventName): update canPlayFastReverse.

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171287.

    2014-07-18  Gavin Barraclough  <baraclough@apple.com>

            HTMLMediaElement should registerWithDocument on iOS
            https://bugs.webkit.org/show_bug.cgi?id=135084
            <rdar://problem/17702531>

            Reviewed by Andreas Kling.

            Otherwise it won't know when the visibility changes!

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::registerWithDocument):
            (WebCore::HTMLMediaElement::unregisterWithDocument):

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171286.

    2014-07-20  Jeremy Jones  <jeremyj@apple.com>

            Decrease flicker when enter and exit fullscreen.
            https://bugs.webkit.org/show_bug.cgi?id=134919

            Reviewed by Simon Fraser.

            Put AVPlayerLayer in a container layer so moving it between inline and fullscreen
            is as easy as adding and removing it from a containter layer; no need to do a layout.

            Make sure fullscreen layers are transparent before moving moving the AVPlayerLayer
            between inline and fullscreen so you don't briefly see the empty fullscreen layers.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::platformLayer): remove fullscreen special case.
            (WebCore::HTMLMediaElement::setVideoFullscreenLayer): no need to recalc style
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: add inline container layer
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: 
            add WebVideoContainerLayer to contain AVPlayerLayer and keep layout correct.
            (-[WebVideoContainerLayer setBounds:]): forward setbounds to set child frame.
            (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer): create the video container layer
            (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): destroy the video container layer
            (WebCore::MediaPlayerPrivateAVFoundationObjC::platformLayer): use container layer instead of video layer
            (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer): use transactions to prevent unwanted animation.
            (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenFrame): ditto
            * platform/graphics/ca/mac/PlatformCALayerMac.mm:
            (PlatformCALayerMac::layerTypeForPlatformLayer): WebVideoContainerLayer is a kind of AVPlayerLayer
            * platform/ios/WebVideoFullscreenControllerAVKit.mm:
            (-[WebVideoFullscreenController didCleanupFullscreen]): remove video fullscreen layer first
            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (WebVideoFullscreenInterfaceAVKit::setupFullscreen): make background transparent during transition.
               dispatch_async to allow CATransaction to complete before calling didSetupFullscreen()

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171284.

    2014-07-20  Dan Bernstein  <mitz@apple.com>

            <rdar://problems/17742611> -[_WKActivatedElementInfo image] is often empty
            https://bugs.webkit.org/show_bug.cgi?id=135107

            Reviewed by Sam Weinig.

            Test: TestWebKitAPI/Tests/mac/RenderedImageFromDOMNode.mm

            * page/FrameView.cpp:
            (WebCore::FrameView::paintContents): To work around http://webkit.org/b/135106, replace the
            paint root with its nearest ancestor that isn’t an inline with culled line boxes, if needed.

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171283.

    2014-07-20  Darin Adler  <darin@apple.com>

            Crashes seen in wheel event handling
            https://bugs.webkit.org/show_bug.cgi?id=135102

            Reviewed by Beth Dakin.

            Speculative fix based on guesses about what could be crashing.
            The crash seems to be calling ref on an event target, and my guess is that this
            has something to do with latching.

            * page/EventHandler.cpp:
            (WebCore::EventHandler::platformPrepareForWheelEvents): Updated argument types.
            (WebCore::EventHandler::handleWheelEvent): Refactored a little and made some local
            variables use RefPtr instead of raw pointers. Also added some comments.

            * page/EventHandler.h: Changed argument types to RefPtr.

            * page/mac/EventHandlerMac.mm:
            (WebCore::EventHandler::platformPrepareForWheelEvents): Updated argument types.
            Also added a FIXME.

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171252.

    2014-07-18  Andy Estes  <aestes@apple.com>

            [iOS] Tapping "Allow Website" on a restricted page does not bring up the keypad
            https://bugs.webkit.org/show_bug.cgi?id=135072
            <rdar://problem/17528188>

            Reviewed by David Kilzer.

            No new tests. Content filtering is not testable from WebKit.

            * WebCore.exp.in: Exported necessary ContentFilter symbols.
            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::finishedLoading): Called FrameLoaderClient::contentFilterDidBlockLoad().
            (WebCore::DocumentLoader::responseReceived): Created a new ContentFilter.
            (WebCore::DocumentLoader::dataReceived): Called FrameLoaderClient::contentFilterDidBlockLoad().
            (WebCore::DocumentLoader::setContentFilterForBlockedLoad): Deleted.
            (WebCore::DocumentLoader::handleContentFilterRequest): Deleted.
            * loader/DocumentLoader.h:
            * loader/FrameLoaderClient.h:
            (WebCore::FrameLoaderClient::contentFilterDidBlockLoad):
            * loader/PolicyChecker.cpp:
            (WebCore::PolicyChecker::checkNavigationPolicy): Removed the check for unblock navigations, as this is now
            handled at the WebKit layer.
            * platform/ContentFilter.h: ContentFilter no longer needs to be RefCounted, so made various changes in order to
            make it compatible with unique_ptr.
            * platform/ios/ContentFilterIOS.mm:
            (WebCore::scheme): Changed from a public member function to a static inline free function.
            (WebCore::ContentFilter::handleUnblockRequestAndDispatchIfSuccessful): Renamed from requestUnblockAndDispatchIfSuccessful.
            * platform/mac/ContentFilterMac.mm:
            (WebCore::ContentFilter::ContentFilter): Added a default constructor for use during message decoding.
            (WebCore::ContentFilter::addData): Removed calls to ref() and deref(). These were never actually needed since
            we were dispatching the block synchronously.
            (WebCore::ContentFilter::finishedAddingData): Ditto.
            (WebCore::ContentFilter::encode): Encoded m_platformContentFilter to the NSKeyedArchiver if it conforms to NSSecureCoding.
            (WebCore::ContentFilter::decode): Decoded m_platformContentFilter from the NSKeyedUnarchiver if it conforms to NSSecureCoding.
            (WebCore::ContentFilter::create): Deleted.

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171250.

    2014-07-18  Simon Fraser  <simon.fraser@apple.com>

            [iOS WK2] position:fixed in iframes with programmatic scroll could end up in the wrong place
            https://bugs.webkit.org/show_bug.cgi?id=135078
            <rdar://problem/17401823>

            Reviewed by Tim Horton.
            
            When the UI-side scrolling tree receives a requested scroll position update, it scrolls
            the node (e.g. a frame) then traverses child nodes to update them, e.g. for fixed position.
            However, we would always use a viewport rect for the main document (from the scrolling tree),
            which is not appropriate for subframes. Subframes should just use their own visible
            rect to position fixed children.

            Test: platform/mac-wk2/tiled-drawing/scrolling/frames/fixed-inside-frame.html

            * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.mm:
            (WebCore::ScrollingTreeFrameScrollingNodeIOS::updateChildNodesAfterScroll):

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171246.

    2014-07-18  Beth Dakin  <bdakin@apple.com>

            Fixed position elements are misplaced when a WK1 view has contentInsets set
            https://bugs.webkit.org/show_bug.cgi?id=135031
            -and corresponding-
            <rdar://problem/17682335>

            Reviewed by Tim Horton.

            [NSScrollView documentVisibleRect] includes content that is within the inset-area 
            of a view, but WebCore is interested in the content that is fully visible, so we 
            need to factor the inset sizes out of this rect.

            Implement contract() to avoid the awkwardness of calling expand() with negative 
            values.
            * platform/graphics/IntSize.h:
            (WebCore::IntSize::contract):

            Factor out insets
            * platform/mac/ScrollViewMac.mm:
            (WebCore::ScrollView::platformVisibleContentRect):
            (WebCore::ScrollView::platformVisibleContentSize):

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171239.

    2014-07-18  Tim Horton  <timothy_horton@apple.com>

            Take navigation snapshots whenever the current back-forward item is going to change
            https://bugs.webkit.org/show_bug.cgi?id=135058
            <rdar://problem/17464515>

            Reviewed by Dan Bernstein.

            * loader/HistoryController.cpp:
            (WebCore::HistoryController::updateForCommit):
            (WebCore::HistoryController::recursiveUpdateForCommit):
            (WebCore::HistoryController::recursiveUpdateForSameDocumentNavigation):
            (WebCore::HistoryController::createItem):
            Use setCurrentItem instead of duplicating the contents of it inside each of these functions.

            (WebCore::HistoryController::setCurrentItem):
            (WebCore::HistoryController::replaceCurrentItem):
            When setting or replacing the current item, let the FrameLoaderClient know that we're going
            to change which history item is "current".

            * loader/FrameLoaderClient.h:
            (WebCore::FrameLoaderClient::willChangeCurrentHistoryItem): Added.

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171215.

    2014-07-17  Jer Noble  <jer.noble@apple.com>

            [MSE] Re-enqueue after a removeCodedFrames() only if the removed frames overlap what may have possibly been enqueued but undisplayed.
            https://bugs.webkit.org/show_bug.cgi?id=135039

            Reviewed by Eric Carlson.

            When a client calls removeCodedFrames(), we must re-enqueue those ranges if the removed samples overlap with
            enqueued but possibly un-displayed samples. Otherwise, replacement samples may lead to decode errors as those
            new samples dependencies are not met. But if we re-enqueue too frequently, this may cause subtle but noticible
            display timing glitches, so only re-enqueue when removeCodedFrames have a possiblity of removing enqueued, but
            not yet displayed samples.

            * Modules/mediasource/SourceBuffer.cpp:
            (WebCore::SourceBuffer::removeCodedFrames):

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171210.

    2014-07-17  Zalan Bujtas  <zalan@apple.com>

            Subpixel rendering: Embedded non-compositing rotate transform paints to wrong position.
            https://bugs.webkit.org/show_bug.cgi?id=135028

            Reviewed by Simon Fraser.

            CTM always translates to where the layer's renderer() is going to paint.
            It ensures that the pixel snapped renderer() always end up painting to (0, 0) which is
            required to be able to position properly on transformed context.

            Test: fast/layers/hidpi-transform-on-child-content-is-mispositioned.html

            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::beginTransparencyLayers):
            (WebCore::RenderLayer::clipToRect):
            (WebCore::RenderLayer::paintLayerByApplyingTransform):
            (WebCore::RenderLayer::paintBackgroundForFragments):
            (WebCore::RenderLayer::paintForegroundForFragmentsWithPhase):
            (WebCore::RenderLayer::paintOutlineForFragments):
            (WebCore::RenderLayer::paintMaskForFragments):
            (WebCore::RenderLayer::paintOverflowControlsForFragments):
            (WebCore::RenderLayer::calculateClipRects):
            * rendering/RenderLayer.h:

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171195.

    2014-07-17  Timothy Hatcher  <timothy@apple.com>

            Make console.profile record to the Timeline.

            https://bugs.webkit.org/show_bug.cgi?id=134643

            Reviewed by Joseph Pecoraro.

            Passes existing profiler tests in fast/profiler.

            * bindings/js/ScriptState.cpp:
            (WebCore::domWindowFromExecState):
            (WebCore::frameFromExecState):
            (WebCore::scriptExecutionContextFromExecState):
            (WebCore::mainWorldExecState):
            (WebCore::execStateFromNode):
            * bindings/js/ScriptState.h:
            * inspector/InspectorController.cpp:
            (WebCore::InspectorController::InspectorController):
            (WebCore::InspectorController::profilerEnabled):
            (WebCore::InspectorController::setProfilerEnabled):
            * inspector/InspectorController.h:
            * inspector/InspectorInstrumentation.cpp:
            (WebCore::InspectorInstrumentation::startProfilingImpl):
            (WebCore::InspectorInstrumentation::stopProfilingImpl):
            * inspector/InspectorTimelineAgent.cpp:
            (WebCore::InspectorTimelineAgent::didCreateFrontendAndBackend):
            (WebCore::InspectorTimelineAgent::willDestroyFrontendAndBackend):
            (WebCore::InspectorTimelineAgent::start):
            (WebCore::InspectorTimelineAgent::stop):
            (WebCore::startProfiling):
            (WebCore::stopProfiling):
            (WebCore::InspectorTimelineAgent::startFromConsole):
            (WebCore::InspectorTimelineAgent::stopFromConsole):
            (WebCore::InspectorTimelineAgent::didWriteHTML):
            (WebCore::InspectorTimelineAgent::breakpointActionProbe):
            (WebCore::toProtocol):
            (WebCore::InspectorTimelineAgent::addRecordToTimeline):
            (WebCore::InspectorTimelineAgent::didCompleteRecordEntry):
            (WebCore::InspectorTimelineAgent::didCompleteCurrentRecord):
            (WebCore::InspectorTimelineAgent::InspectorTimelineAgent):
            (WebCore::InspectorTimelineAgent::sendEvent):
            (WebCore::InspectorTimelineAgent::createRecordEntry):
            (WebCore::InspectorTimelineAgent::pushCurrentRecord):
            * inspector/InspectorTimelineAgent.h:
            (WebCore::InspectorTimelineAgent::TimelineRecordEntry::TimelineRecordEntry):
            (WebCore::InspectorTimelineAgent::pushCurrentRecord):
            * inspector/InstrumentingAgents.cpp:
            (WebCore::InstrumentingAgents::InstrumentingAgents):
            (WebCore::InstrumentingAgents::reset):
            * inspector/InstrumentingAgents.h:
            (WebCore::InstrumentingAgents::persistentInspectorTimelineAgent):
            (WebCore::InstrumentingAgents::setPersistentInspectorTimelineAgent):
            * inspector/TimelineRecordFactory.cpp:
            (WebCore::TimelineRecordFactory::createConsoleProfileData):
            * inspector/TimelineRecordFactory.h:
            * inspector/protocol/Timeline.json:
            * page/PageConsole.cpp:
            (WebCore::PageConsole::profileEnd):

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171188.

    2014-07-16  Sam Weinig  <sam@webkit.org>

            Don't send geolocation permission requests when the page is not visible
            <rdar://problem/17208715>
            https://bugs.webkit.org/show_bug.cgi?id=134989

            Reviewed by Darin Adler.

            Instead of eagerly requesting geolocation permission for pages that aren't visible,
            store a set of pending requests, and send them only once the page has become visible.

            * Modules/geolocation/GeolocationController.cpp:
            (WebCore::GeolocationController::GeolocationController):
            (WebCore::GeolocationController::~GeolocationController):
            (WebCore::GeolocationController::requestPermission):
            (WebCore::GeolocationController::cancelPermissionRequest):
            (WebCore::GeolocationController::viewStateDidChange):
            (WebCore::provideGeolocationTo):
            * Modules/geolocation/GeolocationController.h:
            Store pending requests to be fired once the page is visible.

            * WebCore.xcodeproj/project.pbxproj:
            Add ViewStateChangeObserver.h

            * page/Page.cpp:
            (WebCore::Page::addViewStateChangeObserver):
            (WebCore::Page::removeViewStateChangeObserver):
            (WebCore::Page::setViewState):
            * page/Page.h:
            Add a set of registered view state observers, and notify them when the
            view state changes.

            * page/ViewStateChangeObserver.h: Added.
            (WebCore::ViewStateChangeObserver::~ViewStateChangeObserver):
            Add an observer that can register with the page for view state changes.

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171184.

    2014-07-17  Jer Noble  <jer.noble@apple.com>

            Enable legacy fullscreen API in media controls
            https://bugs.webkit.org/show_bug.cgi?id=134985

            Reviewed by Eric Carlson.

            Allow clients who have not enabled HTML5 Fullscreen APIs to still use fullscreen mode
            with <video> elements by using the legacy, video-element-specific fullscreen APIs in
            the <video> media controls.

            * Modules/mediacontrols/mediaControlsApple.js:
            (Controller):
            (Controller.prototype.handleReadyStateChange):
            (Controller.prototype.isFullScreen):
            (Controller.prototype.handlePlayButtonClicked):
            (Controller.prototype.updateFullscreenButton):
            (Controller.prototype.handleFullscreenButtonClicked):

2014-07-22 Dana Burkart <dburkart@apple.com>
    
        Merge r171376.

    2014-07-22  Tim Horton  <timothy_horton@apple.com>

            REGRESSION (r171016): Reproducible infinite spin selecting phone number
            https://bugs.webkit.org/show_bug.cgi?id=135183
            <rdar://problem/17727342>

            Reviewed by Ryosuke Niwa.

            * editing/Editor.cpp:
            (WebCore::Editor::scanRangeForTelephoneNumbers):
            Make use of TextIterator::subrange, which knows how to make a subrange from character positions,
            instead of assuming that our character positions translate directly to positions in the incoming range.
            Make use of DocumentMarkerController::addMarker, which takes a range and applies the marker to
            all text nodes inside the range as appropriate.
            Fix naming of the shadowed 'length' local.
            Fix a typo in the comment.

2014-07-17  Dean Jackson  <dino@apple.com>

        <rdar://problem/17675068> Disable some features on this branch.

        Reviewed originally by Simon Fraser.

        Disable:
        - CSS_EXCLUSIONS
        - CSS_GRID_LAYOUT
        - INPUT_TYPE_COLOR
        - INPUT_TYPE_COLOR_POPUP
        - CANVAS_PATH
        - CSS_TRANSFORMS_ANIMATIONS_UNPREFIXED
        - INDIE_UI
        - SHARED_WORKERS
        - NAVIGATOR_HWCONCURRENCY
        - GAMEPAD
        - PICTURE_SIZES
        - CSS3_CONDITIONAL_RULES
        - WILL_REVEAL_EDGE_EVENTS

        * Configurations/FeatureDefines.xcconfig:

2014-07-16  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Adjust cliprect with devicePixelFractionFromRenderer() before painting.
        https://bugs.webkit.org/show_bug.cgi?id=134950
        <rdar://problem/17617994>

        Reviewed by Simon Fraser.

        The cliprect coming from the graphics layer needs to be adjusted with the subpixel gap
        from renderer. This is symmetric with the offsetting we do, when the dirty rect is sent off to the GraphicsLayer.
        It puts us back to the correct coordinating system for intersecting with renderers.

        Test: compositing/hidpi-compositing-layer-with-tile-layers-on-subpixel-position.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::beginTransparencyLayers):
        (WebCore::RenderLayer::clipToRect):

2014-07-16  Simon Fraser  <simon.fraser@apple.com>

        Fix a typo noticed by Darin.
        
        * rendering/RenderBox.cpp:
        (WebCore::shouldApplyContainersClipAndOffset):
        (WebCore::RenderBox::computeRectForRepaint):
        (WebCore::shouldAppyContainersClipAndOffset): Deleted.

2014-07-16  Simon Fraser  <simon.fraser@apple.com>

        Improve showTree() logging
        https://bugs.webkit.org/show_bug.cgi?id=134997

        Reviewed by Tim Horton.

        Have the debug showTree(), which dumps the Node/Element tree, show which nodes need
        style recalc, and print element renderers.

        * dom/Node.cpp:
        (WebCore::Node::showNode):

2014-07-16  Simon Fraser  <simon.fraser@apple.com>

        [iOS] Expose the points on WebEventRegion
        https://bugs.webkit.org/show_bug.cgi?id=134978

        Reviewed by Tim Horton.

        Expose WebEventRegion's points so that UIKit can get at them.

        * page/ios/WebEventRegion.h:
        * page/ios/WebEventRegion.mm:
        (-[WebEventRegion p1]):
        (-[WebEventRegion p2]):
        (-[WebEventRegion p3]):
        (-[WebEventRegion p4]):

2014-07-16  Brady Eidson  <beidson@apple.com>

        Add WebSecurityOrigin "webSecurityOriginFromDatabaseIdentifier" SPI and change _websiteDataURLForContainerWithURL: SPI
        <rdar://problem/17454712> and https://bugs.webkit.org/show_bug.cgi?id=134984

        Reviewed by Dan Bernstein.

        Change _websiteDataURLForContainerWithURL: SPI to include an optional bundle identifier argument:
        * UIProcess/API/Cocoa/WKProcessPool.mm:
        (+[WKProcessPool _websiteDataURLForContainerWithURL:bundleIdentifierIfNotInContainer:]):
        (+[WKProcessPool _websiteDataURLForContainerWithURL:]): Deleted.
        * UIProcess/API/Cocoa/WKProcessPoolPrivate.h:

        Add a big shiny comment in a few key places:
        * DatabaseProcess/DatabaseProcess.cpp:
        (WebKit::DatabaseProcess::initializeDatabaseProcess):
        * DatabaseProcess/IndexedDB/UniqueIDBDatabase.cpp:
        (WebKit::UniqueIDBDatabase::UniqueIDBDatabase):
        * UIProcess/WebContext.cpp:
        (WebKit::WebContext::applyPlatformSpecificConfigurationDefaults):
        (WebKit::WebContext::ensureDatabaseProcess):

2014-07-16  Roger Fong  <roger_fong@apple.com>

        Captions container should not clip content.
        https://bugs.webkit.org/show_bug.cgi?id=134840.
        <rdar://problem/14553608>.

        Reviewed by Simon Fraser.

        Tests: media/track/track-in-band-subtitles-too-large.html
               media/track/track-long-word-container-sizing.html

        * Modules/mediacontrols/mediaControlsApple.css:
        (video::-webkit-media-text-track-container):
        Set word break property of WebCTT cues to normal to make it consistent with in-band cues.
        * html/track/TextTrackCueGeneric.cpp:
        (WebCore::TextTrackCueGenericBoxElement::applyCSSProperties):
        Set -webkit-min-content on min-width/min-height property of the text track display.
        * html/track/VTTCue.cpp:
        (WebCore::VTTCueBox::applyCSSProperties):
        Do the same for WebVTT cues.

2014-07-16  Eric Carlson  <eric.carlson@apple.com>

        [Mac] replace AVPlayerItem on the main thread
        https://bugs.webkit.org/show_bug.cgi?id=134983

        Reviewed by Jer Noble.

        No new tests, this fixes a problem with a thread configuration not present in the
        test environment.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setAVPlayerItem): New, when called off of 
            the main thread, dispatch to the main thread before setting AVPlayerItem.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer): Call setAVPlayerItem.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerItem): Ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldBufferData): Ditto.

2014-07-16  Jer Noble  <jer.noble@apple.com>

        [MSE] http/tests/media/media-source/mediasource-buffered.html is flakey
        https://bugs.webkit.org/show_bug.cgi?id=134949

        Reviewed by Eric Carlson.

        Depending on which SourceBuffer is successfully parsed first, the order of activeSourceBuffers
        may change from run to run, breaking the http/tests/media/media-source/mediasource-buffered.html
        test. Make the order of activeSourceBuffers the same as (a subset of) sourceBuffers, by replacing
        calls to activeSourceBuffers->add() and with a new call to regenerateActiveSourceBuffers(), which
        swaps the contents of the SourceBufferList with a new, ordered Vector.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::addSourceBuffer):
        (WebCore::MediaSource::sourceBufferDidChangeAcitveState):
        (WebCore::MediaSource::regenerateActiveSourceBuffers):
        * Modules/mediasource/MediaSource.h:
        * Modules/mediasource/SourceBufferList.cpp:
        (WebCore::SourceBufferList::swap):
        * Modules/mediasource/SourceBufferList.h:

2014-07-16  Mike West  <mkwst@chromium.org>

        CSP: Drop 'script-nonce' directive.
        https://bugs.webkit.org/show_bug.cgi?id=134926

        Reviewed by Darin Adler.

        This patch drops the outdated 'script-nonce' Content Security
        Policy directive. It was removed from the spec, and replaced in
        CSP2 with a new 'script-src' syntax. We should implement that
        instead.

        Until then, removing the outdated syntax will ensure that no one
        ends up relying on it in WebKit's implementation.

        This should have limited web-visible impact, as the feature is
        behind the CSP_NEXT flag, which is not enabled by default.

        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::requestScript):
        (WebCore::ScriptElement::executeScript):
        * page/ContentSecurityPolicy.cpp:
        (WebCore::CSPDirectiveList::allowJavaScriptURLs):
        (WebCore::CSPDirectiveList::allowInlineEventHandlers):
        (WebCore::CSPDirectiveList::addDirective):
        (WebCore::NonceDirective::NonceDirective): Deleted.
        (WebCore::NonceDirective::allows): Deleted.
        (WebCore::NonceDirective::parse): Deleted.
        (WebCore::CSPDirectiveList::checkNonce): Deleted.
        (WebCore::CSPDirectiveList::checkNonceAndReportViolation): Deleted.
        (WebCore::CSPDirectiveList::allowScriptNonce): Deleted.
        (WebCore::isAllowedByAllWithNonce): Deleted.
        (WebCore::ContentSecurityPolicy::allowScriptNonce): Deleted.
        (WebCore::ContentSecurityPolicy::reportInvalidNonce): Deleted.
        * page/ContentSecurityPolicy.h:

2014-07-16  Jer Noble  <jer.noble@apple.com>

        REGRESSION(r171069) 75% repro crash in WebCore::AudioHardwareListenerMac::processIsRunningChanged()
        https://bugs.webkit.org/show_bug.cgi?id=134986

        Reviewed by Eric Carlson.

        Add a WeakPtrFactory to AudioHardwareListenerMac, so that if CoreAudio calls our block after
        being unregistered, we can bail early instead of calling into a deleted object.

        * platform/audio/mac/AudioHardwareListenerMac.cpp:
        (WebCore::AudioHardwareListenerMac::AudioHardwareListenerMac):
        * platform/audio/mac/AudioHardwareListenerMac.h:

2014-07-16  Jer Noble  <jer.noble@apple.com>

        [MSE] REGRESSION(r171033): ASSERT in WebCore::MediaSource::onReadyStateChange()
        https://bugs.webkit.org/show_bug.cgi?id=134941

        Reviewed by Eric Carlson.

        Only do our modified-order change of the readyState if the error parameter is empty,
        as that's the only case where a duration change will cause an inadvertant readyState
        change.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::streamEndedWithError):

2014-07-16  Alexey Proskuryakov  <ap@apple.com>

        Remove svn:executable property erroneously added in <http://trac.webkit.org/changeset/171144> somehow.

        * ChangeLog: Removed property svn:executable.
        * svg/SVGSVGElement.h: Removed property svn:executable.
        * svg/animation/SVGSMILElement.h: Removed property svn:executable.

2014-07-16  Daniel Bates  <dabates@apple.com>

        Substitute CGRectZero for NSZeroRect in -[DOMNode hrefFrame].

        Rubber-stamped by Zalan Bujtas.

        The method -[DOMNode hrefFrame] returns a CGRect. So, when we don't have a renderer
        we should return CGRectZero instead of a NSZeroRect.

        * bindings/objc/DOM.mm:
        (-[DOMNode hrefFrame]): Also, fix up some code style issues.

2014-07-16  Jeongeun Kim  <je_julie.kim@samsung.com>

        mutable pointers from const methods, timeContainer().
        https://bugs.webkit.org/show_bug.cgi?id=134757

        Reviewed by Alexey Proskuryakov.

        Avoid return mutable pointers from const methods.
        No new tests, no behavior change.

        * svg/SVGSVGElement.h:
        * svg/animation/SVGSMILElement.h:
        (WebCore::SVGSMILElement::timeContainer):

2014-07-15  Yusuke Suzuki  <utatane.tea@gmail.com>

        CSS: Generalize CSS First Letter treatment
        https://bugs.webkit.org/show_bug.cgi?id=134936

        Reviewed by Benjamin Poulain.

        first-letter pseudo element rule is handled differently from the other rules
        such as first-line. This patch removes this special handling in SelectorChecker
        and handles it in RulesFeatureSet.

        * css/RuleFeature.cpp:
        (WebCore::RuleFeatureSet::collectFeaturesFromSelector):
        (WebCore::RuleFeatureSet::add):
        (WebCore::RuleFeatureSet::clear):
        * css/RuleFeature.h:
        (WebCore::RuleFeatureSet::RuleFeatureSet):
        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::matchRecursively):
        * css/StyleResolver.h:
        (WebCore::StyleResolver::usesFirstLetterRules):
        * dom/DocumentStyleSheetCollection.cpp:
        (WebCore::DocumentStyleSheetCollection::combineCSSFeatureFlags):
        (WebCore::DocumentStyleSheetCollection::resetCSSFeatureFlags):
        * dom/DocumentStyleSheetCollection.h:
        (WebCore::DocumentStyleSheetCollection::setUsesFirstLetterRules): Deleted.

2014-07-15  Simon Fraser  <simon.fraser@apple.com>

        Fix non-iOS builds.

        * rendering/RenderBox.cpp:
        (WebCore::shouldAppyContainersClipAndOffset):

2014-07-15  Simon Fraser  <simon.fraser@apple.com>

        [iOS] Fix touches inside accelerated overflow:scroll
        https://bugs.webkit.org/show_bug.cgi?id=134961
        <rdar://problem/16088789>

        Reviewed by Benjamin Poulain.

        When individual elements inside an overflow:scroll with -webkit-overflow-scrolling: touch
        had touch event listeners, we would fail to take the scroll offset into account when
        building the touch event region, causing touches on those elements to fail after scrolling.
        
        Touch event region building uses RenderObject::absoluteClippedOverflowRect(), and that
        code path tries to fix up repaint rects to work correctly in composited overflow:scroll.
        However, that broke the touch region computation.
        
        Fix by only ignoring the scroll offset for calls to computeRectForRepaint() which
        have a non-null repaintContainer (which indicates that we're doing a repaint in the
        compositing layer), and for which the repaintContainer is the containing block
        which is using composited scrolling. This restores correct behavior to the event region
        code which always calls this with a null repaintContainer.

        * rendering/RenderBox.cpp:
        (WebCore::shouldAppyContainersClipAndOffset):
        (WebCore::RenderBox::computeRectForRepaint):

2014-07-15  Simon Fraser  <simon.fraser@apple.com>

        [iOS] Fix issues drawing subsampled image elements and CSS images
        https://bugs.webkit.org/show_bug.cgi?id=134944
        <rdar://problem/17634095>

        Reviewed by Dean Jackson.

        After r170675 it is important for BitmapImage::draw() to be given a srcRect computed
        using the original size of the image, not the subsampled size.
        
        So fix various code paths that end up in image drawing to use the originalSize(),
        which requires giving Image a virtual function that just returns size(), and hence has
        a FloatSize return value.
        
        Tested by setting a very low subsampling threshold and browsing various sites.
        
        A better longterm fix will happen via bug 134916.

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::originalSize):
        * platform/graphics/BitmapImage.h:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawImage):
        * platform/graphics/Image.cpp:
        (WebCore::Image::drawTiled):
        (WebCore::Image::computeIntrinsicDimensions):
        * platform/graphics/Image.h:
        (WebCore::Image::originalSize):
        * platform/graphics/cg/BitmapImageCG.cpp:
        (WebCore::BitmapImage::BitmapImage): Just use m_size for initializing the other members.
        (WebCore::BitmapImage::draw):
        * platform/graphics/cg/GraphicsContext3DCG.cpp:
        (WebCore::GraphicsContext3D::ImageExtractor::extractImage):
        * platform/graphics/cg/ImageCG.cpp:
        (WebCore::Image::drawPattern):

2014-07-15  Brent Fulgham  <bfulgham@apple.com>

        [Win] Unreviewed build fix after r171069.

        Add missing AudioHardwareListener implementation on Windows.

        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:

2014-07-15  Antti Koivisto  <antti@apple.com>

        REGRESSION (r155957): Invalid cast in WebCore::RenderNamedFlowThread::getRanges
        https://bugs.webkit.org/show_bug.cgi?id=134888

        Reviewed by Mihnea Ovidenie.

        Test: fast/regions/flowthread-getranges-box-cast.html

        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::getRanges): Test the type before casting.

2014-07-15  Carlos Alberto Lopez Perez  <clopez@igalia.com>

        [GTK] Update GObject DOM bindings symbols file after r171014.
        https://bugs.webkit.org/show_bug.cgi?id=134907

        Reviewed by Philippe Normand.

        * bindings/gobject/webkitdom.symbols: Update to the current API.

2014-07-15  Manuel Rego Casasnovas  <rego@igalia.com>

        Unreviwed fix wrong indentation from r171082.

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):

2014-07-14  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Zero sized compositing container's content positioned off by one device pixel.
        https://bugs.webkit.org/show_bug.cgi?id=134903

        Reviewed by Simon Fraser.

        The compositing layer boundaries are calculated using its renderer()'s and the renderer()'s
        descendants' bounds. However when the renderer() is zero sized, its bounds are omitted.
        In such cases, when the child content has offset from the renderer(), the subpixel adjustment
        of the compositing layer becomes negative (-meaning that the compositing layer is to the right/bottom
        direction from its renderer()). Remove fabs() to be able to express such direction.

        Test: compositing/hidpi-compositing-layer-with-zero-sized-container.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGeometry):

2014-07-14  Jeremy Jones  <jeremyj@apple.com>

        Fix crash on WebVideoFullscreenManagerProxy construction.
        https://bugs.webkit.org/show_bug.cgi?id=134909

        Unreviewed fix crash from r171089

        Remove unnecessary dispatch to main queue since it can happen during construction.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::setWebVideoFullscreenModel): remove dispatch_async

2014-07-14  Jeremy Jones  <jeremyj@apple.com>

        WebVideoFullscreenInterfaceAVKit should only call the UI from main thread.
        https://bugs.webkit.org/show_bug.cgi?id=134890

        Reviewed by Eric Carlson.

        dispatch_async to the main thread before setting properties that would affect the UI.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::setWebVideoFullscreenModel): wrap in call to dispatch_async
        (WebVideoFullscreenInterfaceAVKit::setDuration): ditto
        (WebVideoFullscreenInterfaceAVKit::setCurrentTime): ditto
        (WebVideoFullscreenInterfaceAVKit::setRate): ditto
        (WebVideoFullscreenInterfaceAVKit::setVideoDimensions): ditto
        (WebVideoFullscreenInterfaceAVKit::setSeekableRanges): ditto
        (WebVideoFullscreenInterfaceAVKit::setAudioMediaSelectionOptions): ditto
        (WebVideoFullscreenInterfaceAVKit::setLegibleMediaSelectionOptions): ditto
        (WebVideoFullscreenInterfaceAVKit::setExternalPlayback): ditto

2014-07-14  Tibor Meszaros  <tmeszaros.u-szeged@partner.samsung.com>

        Fix the !ENABLE(FILTERS) && !ENABLE(CSS_FILTERS) build after r167497
        https://bugs.webkit.org/show_bug.cgi?id=134679

        Reviewed by Darin Adler.

        * html/ImageData.cpp:
        * platform/graphics/cairo/ImageBufferCairo.cpp:

2014-07-14  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Grid Layout] Support sparse in auto-placement algorithm
        https://bugs.webkit.org/show_bug.cgi?id=134544

        Reviewed by Sergio Villar Senin.

        This patch implements sparse mode for auto-placement algorithm, which is
        the default mode in the new grid-auto-flow syntax. It keeps track of the
        auto-placement cursor in
        RenderGrid::placeAutoMajorAxisItemsOnGrid() and updates it accordingly
        when auto-positioned items are placed.
        If we're in dense mode it resets the cursor after each item (which keeps
        the old behavior that was using dense mode by default).

        GridIterator has been adapted to look for empty areas from a given
        position in both directions.

        Test: fast/css-grid-layout/grid-auto-flow-sparse.html

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::GridIterator::GridIterator): Modify constructor to
        add an optional argument for the varying index. This allows to look for
        empty areas in both axis.
        (WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Defined the
        auto-placement cursor and rested after each item if we're in dense mode.
        (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid): Use auto-placement
        cursor to look for empty areas from the last auto-positioned item
        placed.
        * rendering/RenderGrid.h: Modify placeAutoMajorAxisItemOnGrid() header
        to receive the auto-placement cursor.

2014-07-14  Brent Fulgham  <bfulgham@apple.com>

        [iOS] Some videos play as inline audio-only content
        https://bugs.webkit.org/show_bug.cgi?id=134898.
        <rdar://problem/17629379>

        Reviewed by Eric Carlson.

        Add a new 'presentationType' accessor that indicates if the media
        element is playing in 'audio' mode. This can happen if a video
        element plays an HLS stream that starts off in audio-only mode.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::presentationType): Added.
        * html/HTMLMediaElement.h:
        * platform/audio/MediaSession.cpp:
        (WebCore::MediaSession::presentationType): Added.
        * platform/audio/MediaSession.h:
        * platform/audio/MediaSessionManager.cpp: 
        (WebCore::MediaSessionManager::sessionRestrictsInlineVideoPlayback):
        Use the presentationType, rather than the mediaType to control
        inline playback behavior.
        * platform/audio/ios/AudioDestinationIOS.h:
        (WebCore::AudioDestinationMac::presentationType): Add presentationType.
        * platform/audio/mac/AudioDestinationMac.h:
        (WebCore::AudioDestinationMac::presentationType): Ditto.

2014-07-14  Bear Travis  <betravis@adobe.com>

        [Feature Queries] Enable Feature Queries on Mac
        https://bugs.webkit.org/show_bug.cgi?id=134404

        Reviewed by Antti Koivisto.

        Enable Feature Queries on Mac and resume running the
        feature tests.

        * Configurations/FeatureDefines.xcconfig: Turn on
        ENABLE_CSS3_CONDITIONAL_RULES.

2014-07-11  David Hyatt  <hyatt@apple.com>

        <rdar://problem/17305458> Cannot interact with video controls in ePubs
        Bug 134836 - [New Multicolumn] Crawl to check for compositing between us and the enclosingPaginationLayer
        https://bugs.webkit.org/show_bug.cgi?id=134836

        Reviewed by Dean Jackson.

        The paginatedAndComposited bit being set in updateLayerPositions just didn't work, since compositing states
        can change without triggering that function. This patch just gets rid of the bit and does a crawl every time
        to check. This ensures that changes in compositing states don't necessitate any changes in pagination,
        since the lookup will always check the current compositing state.
        
        The new function that does this check is hasCompositedLayerInEnclosingPaginationChain.
        
        I have been unable to reproduce this issue, and this is therefore a purely speculative fix. I have no test
        case to provide because of this.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        (WebCore::RenderLayer::updateLayerPositions):
        (WebCore::RenderLayer::hasCompositedLayerInEnclosingPaginationChain):
        (WebCore::RenderLayer::updatePagination):
        * rendering/RenderLayer.h:

2014-07-14  Zalan Bujtas  <zalan@apple.com>

        Move composite bounds calculation to RenderLayerBacking.
        https://bugs.webkit.org/show_bug.cgi?id=134864

        Reviewed by Darin Adler.

        No change in functionality.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateCompositedBounds):
        * rendering/RenderLayerCompositor.cpp: it was just proxying the calculateLayerBounds()
        to the RenderLayer.
        (WebCore::RenderLayerCompositor::calculateCompositedBounds): Deleted.
        * rendering/RenderLayerCompositor.h:

2014-07-14  Tim Horton  <timothy_horton@apple.com>

        Fix the build.

        * platform/audio/MediaSessionManager.h:

2014-07-14  Eric Carlson  <eric.carlson@apple.com>

        [Mac] don't enable low power audio mode on external output devices
        https://bugs.webkit.org/show_bug.cgi?id=134877

        Reviewed by Sam Weinig.

        No new tests, this deals with changes to the audio hardware at runtime.

        * WebCore.xcodeproj/project.pbxproj: Remove AudioSessionListener.h.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto.

        * platform/audio/AudioHardwareListener.cpp:
        (WebCore::AudioHardwareListener::AudioHardwareListener): Initialize m_outputDeviceSupportsLowPowerMode
            to true on iOS.
        * platform/audio/AudioHardwareListener.h:
        (WebCore::AudioHardwareListener::outputDeviceSupportsLowPowerMode): New accessor.
        (WebCore::AudioHardwareListener::setHardwareActivity): New setter for derived classes.
        (WebCore::AudioHardwareListener::setOutputDeviceSupportsLowPowerMode): Ditto.

        Remove AudioSessionListener interface, it wasn't being used.
        * platform/audio/AudioSession.cpp:
        (WebCore::AudioSession::addListener): Deleted.
        (WebCore::AudioSession::removeListener): Deleted.
        (WebCore::AudioSession::beganAudioInterruption): Deleted.
        (WebCore::AudioSession::endedAudioInterruption): Deleted.
        * platform/audio/AudioSession.h:
        * platform/audio/AudioSessionListener.h: Removed.

        * platform/audio/MediaSessionManager.cpp:
        (WebCore::MediaSessionManager::addSession): Allocate the AudioHardwareListener if necessary.
        (WebCore::MediaSessionManager::removeSession): Free the AudioHardwareListener if necessary.
        (WebCore::MediaSessionManager::audioOutputDeviceChanged): AudioHardwareListener client interface
            called when the output device changes, call updateSessionState to make sure we are using
            the correct buffer size.
        * platform/audio/MediaSessionManager.h:

        * platform/audio/ios/AudioDestinationIOS.h:
        * platform/audio/ios/AudioSessionIOS.mm:
        (WebCore::AudioSessionPrivate::AudioSessionPrivate): Drive-by cleanup, remove ObjC helper object
            that was used to listen for OS notifications, it is no longer used.
        (SOFT_LINK_POINTER): Deleted.
        (-[WebAudioSessionHelper initWithCallback:]): Deleted.
        (-[WebAudioSessionHelper dealloc]): Deleted.
        (-[WebAudioSessionHelper interruption:]): Deleted.

        * platform/audio/mac/AudioHardwareListenerMac.cpp:
        (WebCore::currentDeviceSupportsLowPowerBufferSize): New, return true only if using build-in 
            transport device.
        (WebCore::processIsRunningPropertyDescriptor): Return reference to static AudioObjectPropertyAddress
            for kAudioHardwarePropertyProcessIsRunning instead of declaring one in every method
            that needs one.
        (WebCore::outputDevicePropertyDescriptor): Return reference to static AudioObjectPropertyAddress
            for kAudioHardwarePropertyDefaultOutputDevice.
        (WebCore::AudioHardwareListenerMac::AudioHardwareListenerMac): Restructure and add audio object
            listener for default output device.
        (WebCore::AudioHardwareListenerMac::~AudioHardwareListenerMac): *Remove* listener audio object
            property listener instead of *Adding* a new one. Remove new listener.
        (WebCore::AudioHardwareListenerMac::propertyChanged): Enumerate the properties that changed,
            call appropriate method.
        (WebCore::AudioHardwareListenerMac::processIsRunningChanged): Renamed from setHardwareActive, 
            cleanup.
        (WebCore::AudioHardwareListenerMac::outputDeviceChanged): New, call client.audioHardwareOutputDeviceChanged.
        (WebCore::AudioHardwareListenerMac::setHardwareActive): Deleted, renamed processIsRunningChanged.
        * platform/audio/mac/AudioHardwareListenerMac.h:

        * platform/audio/mac/MediaSessionManagerMac.cpp:
        (MediaSessionManager::updateSessionState): Only set the output buffer size to 4K when hardware
            supports it.

2014-07-13  Benjamin Poulain  <benjamin@webkit.org>

        Remove SelectorCheckerFastPath from the style resolution algorithm
        https://bugs.webkit.org/show_bug.cgi?id=134866

        Reviewed by Antti Koivisto.

        SelectorCheckerFastPath is now pure overhead because it can almost never match
        if the CSS JIT was unable to compile.

        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::ruleMatches):
        The "pre-filter" behind fastCheckableSelector had two parts:
        1) Filtering the pseudoID.
        2) Filtering on the rule hash.

        The first part has been generalized (RuleDatacanMatchPseudoElement())
        and moved to collectMatchingRulesForList(). 

        (WebCore::ElementRuleCollector::collectMatchingRulesForList):
        * css/RuleSet.cpp:
        (WebCore::selectorCanMatchPseudoElement):
        (WebCore::RuleData::RuleData):
        (WebCore::RuleSet::addRegionRule):
        (WebCore::RuleSet::addRulesFromSheet):
        * css/RuleSet.h:
        (WebCore::RuleData::canMatchPseudoElement):
        (WebCore::RuleData::hasFastCheckableSelector): Deleted.
        * css/StyleResolver.cpp:

2014-07-13  Benjamin Poulain  <benjamin@webkit.org>

        Remove an useless check from SelectorChecker
        https://bugs.webkit.org/show_bug.cgi?id=134868

        Reviewed by Darin Adler.

        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::matchRecursively):
        The condition of this if() branch can never be met for the mode "QueryingRules".

        The next condition in that if() is "dynamicPseudo != NOPSEUDO", which implies
        a pseudo element was matched prior to the current context/simple selector.
        This cannot happen with QueryingRules, since we never match pseudo elements for
        SelectorQuery.

2014-07-12  Nikos Andronikos  <nikos.andronikos-webkit@cisra.canon.com.au>

        Elements with rendering disabled due to dimensions should not contribute to parent bounding box
        https://bugs.webkit.org/show_bug.cgi?id=134184

        Reviewed by Dirk Schulze.

        SVG elements that have rendering disabled should not contribute to any ancestor elements bounding box.
        Examples of elements with rendering disabled:
        - basic shape with width <= 0 or height <= 0
        - path with no path data (d attribute missing or empty)
        - polyline or polygon element with no point data (points attribute missing or empty)

        To achieve this a method (isRenderingDisabled) was added to RenderSVGShape and it's derived classes.
        This is used to determine if an element is included when creating the union of child bounding boxes
        in a container element.

        Tests: svg/custom/GetBBox-path-nodata.html
               svg/custom/GetBBox-polygon-nodata.html
               svg/custom/GetBBox-polyline-nodata.html
               svg/custom/getBBox-container-hiddenchild.html

        * rendering/svg/RenderSVGEllipse.cpp:
        (WebCore::RenderSVGEllipse::isRenderingDisabled):
        New method added. Checks bounding box to determine if rendering is disabled.
        * rendering/svg/RenderSVGEllipse.h:
        * rendering/svg/RenderSVGPath.cpp:
        (WebCore::RenderSVGPath::isRenderingDisabled):
        New method added. Checks bounding box to determine if rendering is disabled.
        * rendering/svg/RenderSVGPath.h:
        * rendering/svg/RenderSVGRect.cpp:
        (WebCore::RenderSVGRect::isRenderingDisabled):
        New method added. Checks bounding box to determine if rendering is disabled.
        * rendering/svg/RenderSVGRect.h:
        * rendering/svg/RenderSVGShape.h:
        (WebCore::RenderSVGShape::isRenderingDisabled):
        New method added. Always returns false so that derived classes that do not
        implement this method retain the existing behaviour.
        * rendering/svg/SVGRenderSupport.cpp:
        (WebCore::SVGRenderSupport::computeContainerBoundingBoxes):
        For each element potentially being included in the unioned bounding box of
        a container, check isRenderingDisabled and skip that element if true.

        * rendering/svg/RenderSVGEllipse.cpp:
        (WebCore::RenderSVGEllipse::isRenderingDisabled):
        * rendering/svg/RenderSVGEllipse.h:
        * rendering/svg/RenderSVGPath.cpp:
        (WebCore::RenderSVGPath::isRenderingDisabled):
        * rendering/svg/RenderSVGPath.h:
        * rendering/svg/RenderSVGRect.cpp:
        (WebCore::RenderSVGRect::isRenderingDisabled):
        * rendering/svg/RenderSVGRect.h:
        * rendering/svg/RenderSVGShape.h:
        * rendering/svg/SVGRenderSupport.cpp:
        (WebCore::SVGRenderSupport::computeContainerBoundingBoxes):

2014-07-12  Benjamin Poulain  <benjamin@webkit.org>

        Rename selectorListContainsUncommonAttributeSelector() to selectorListContainsAttributeSelector()
        https://bugs.webkit.org/show_bug.cgi?id=134862

        Reviewed by Sam Weinig.

        Unlike containsUncommonAttributeSelector(), selectorListContainsUncommonAttributeSelector() does not
        evaluate the attribute for "uncommon" types.

        It would be possible to change the function instead to evaluate common attributes based
        on the match type and the pseudo class type. Such change would be more risky
        and we would get very little benefit from it, I leave that for later if that ever becomes useful.

        * css/RuleSet.cpp:
        (WebCore::selectorListContainsAttributeSelector):
        (WebCore::containsUncommonAttributeSelector):
        (WebCore::selectorListContainsUncommonAttributeSelector): Deleted.

2014-07-12  Zan Dobersek  <zdobersek@igalia.com>

        Use braced-init-list to create one-item Vector object in insertPerformanceEntry
        https://bugs.webkit.org/show_bug.cgi?id=133675

        Reviewed by Darin Adler.

        * page/PerformanceUserTiming.cpp:
        (WebCore::insertPerformanceEntry): Avoid wasting three lines for creating a
        Vector object with just one item that in the end gets copied. Use the
        braced-init-list syntax instead, leveraging Vector's std::initializer_list
        constructor.

2014-07-12  Allan Sandfeld Jensen  <allan.jensen@digia.com>

        Memory leaks with autoLoadImages off
        https://bugs.webkit.org/show_bug.cgi?id=124411

        Reviewed by Darin Adler.

        Do not emit notifyFinished for images with deferred load,
        and allow deferred loads to be cancelled.

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::checkNotify):
        (WebCore::CachedResource::cancelLoad):

2014-07-11  Jer Noble  <jer.noble@apple.com>

        [MSE] http/tests/media/media-source/mediasource-duration.html is failing.
        https://bugs.webkit.org/show_bug.cgi?id=134852

        Reviewed by Eric Carlson.

        Fixes the following tests:
        http/tests/media/media-source/mediasource-config-change-mp4-a-bitrate.html
        http/tests/media/media-source/mediasource-config-change-mp4-av-audio-bitrate.html
        http/tests/media/media-source/mediasource-config-change-mp4-av-video-bitrate.html
        http/tests/media/media-source/mediasource-config-change-mp4-v-bitrate.html
        http/tests/media/media-source/mediasource-config-change-mp4-v-framerate.html
        http/tests/media/media-source/mediasource-duration.html
        http/tests/media/media-source/mediasource-play.html

        The primary change necessary to fix the mediasource-duration.html test was to add support
        for delaying the completion of a seek operation until the HTMLMediaElement's readyState
        rises to > HAVE_CURRENT_DATA. This is accomplished by modifying MediaSourcePrivate to have
        waitForSeekCompleted() and seekCompleted() virtual methods. These are called by MediaSource
        when a seek operation results in the current time moving outside the currently buffered time
        ranges, and when an append operation results in the readyState changing, respectively.

        A number of other drive-by fixes were necessary to get this test fully passing, as noted
        below.

        Make the MediaSource the primary owner of the media's duration, rather than the MediaSourcePrivate.
        Move the MediaSourcePrivateClient pointer to the MediaSourcePrivate from the MediaPlayerPrivate, so
        the MediaSource's duration can be retrieved.  While we're at it, do the same thing for buffered.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::MediaSource): Initialize m_duration.
        (WebCore::MediaSource::duration): Simple accessor.
        (WebCore::MediaSource::setDurationInternal): Bring 'duration change algorithm' up to spec.
        (WebCore::MediaSource::setReadyState): Reset m_duration on close.
        * Modules/mediasource/MediaSource.h:
        * platform/graphics/MediaSourcePrivate.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::load): Do not call setPrivateAndOpen().
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::durationDouble): Pass through to MediaSourcePrivateAVFObjC.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::buffered): Ditto.
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
        (WebCore::MediaSourcePrivateAVFObjC::create): Call setPrivateAndOpen().
        (WebCore::MediaSourcePrivateAVFObjC::MediaSourcePrivateAVFObjC): Set m_client.
        (WebCore::MediaSourcePrivateAVFObjC::duration): Pass through to MediaSourcePrivateClient.
        (WebCore::MediaSourcePrivateAVFObjC::buffered): Ditto.
        (WebCore::MediaSourcePrivateAVFObjC::durationChanged): Pass through to MediaPlayerPrivateMediaSourceAVFObjC.
        (WebCore::MediaSourcePrivateAVFObjC::setDuration): Deleted.
        * platform/graphics/gstreamer/MediaSourceGStreamer.cpp:
        (WebCore::MediaSourceGStreamer::open): Pass in MediaSourcePrivateClient.
        (WebCore::MediaSourceGStreamer::MediaSourceGStreamer): Initialize m_mediaSource.
        (WebCore::MediaSourceGStreamer::durationChanged): Retrieve the duration from MediaSourcePrivateClient.
        (WebCore::MediaSourceGStreamer::markEndOfStream): Remove unnecssary ASSERT.
        (WebCore::MediaSourceGStreamer::unmarkEndOfStream): Ditto.
        (WebCore::MediaSourceGStreamer::setDuration): Deleted.
        * platform/graphics/gstreamer/MediaSourceGStreamer.h:
        * platform/mock/mediasource/MockMediaPlayerMediaSource.cpp:
        (WebCore::MockMediaPlayerMediaSource::load): Do not call setPrivateAndOpen().
        (WebCore::MockMediaPlayerMediaSource::buffered): Pass through to MockMediaSourcePrivate.
        (WebCore::MockMediaPlayerMediaSource::durationDouble): Ditto.
        (WebCore::MockMediaPlayerMediaSource::advanceCurrentTime): Ditto.
        * platform/mock/mediasource/MockMediaSourcePrivate.cpp:
        (WebCore::MockMediaSourcePrivate::create): Call setPrivateAndOpen().
        (WebCore::MockMediaSourcePrivate::MockMediaSourcePrivate): Set m_client.
        (WebCore::MockMediaSourcePrivate::duration): Pass through to MediaSourcePrivateClient.
        (WebCore::MockMediaSourcePrivate::buffered): Ditto.
        (WebCore::MockMediaSourcePrivate::durationChanged): Pass thorugh to MockMediaPlayerMediaSource.
        (WebCore::MockMediaSourcePrivate::setDuration): Deleted.

        Route seekToTime through MediaSource, rather than through MediaSourcePrivate, so that
        the time can be compared against the buffered ranges, and trigger the delay of the seek
        operation if necessary. Add a seekTimer to MediaPlayerPrivateMediaSourceAVFObjC, as this
        guarantees the order of asynchronous operations, rather than callOnMainThread, which can
        cause async operations to occur out of order.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::seekToTime): Bring up to spec.
        (WebCore::MediaSource::completeSeek): Ditto.
        (WebCore::MediaSource::monitorSourceBuffers): Call completeSeek() when appropriate.
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateSeekToTime): Deleted.
        (WebCore::SourceBuffer::seekToTime): Renamed from sourceBufferPrivateSeekToTime().
        * platform/graphics/MediaSourcePrivate.h:
        * platform/graphics/MediaSourcePrivateClient.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::MediaPlayerPrivateMediaSourceAVFObjC): Add seekTimer. Only
            call timeChanged() if no longer seeking, thereby triggering a 'seeked' event.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::~MediaPlayerPrivateMediaSourceAVFObjC): Clear m_seekTimer.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekWithTolerance): Use m_seekTimer.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekTimerFired): Call seekInternal.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekInternal): Add logging.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::waitForSeekCompleted): Added.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekCompleted): Added; trigger 'seeked'.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setReadyState): No longer attempt to finish seek when
            readyState changes here; this has been moved up to MediaSource.cpp.
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
        (WebCore::MediaSourcePrivateAVFObjC::waitForSeekCompleted): Pass through to MediaPlayerPrivateMediaSourceAVFObjC.
        (WebCore::MediaSourcePrivateAVFObjC::seekCompleted): Ditto.
        (WebCore::MediaSourcePrivateAVFObjC::seekToTime): Pass through to MediaSourcePrivateClient.
        (WebCore::MediaSourcePrivateAVFObjC::fastSeekTimeForMediaTime): Ditto.
        * platform/mock/mediasource/MockMediaPlayerMediaSource.cpp:
        (WebCore::MockMediaPlayerMediaSource::MockMediaPlayerMediaSource): Initialize m_seekCompleted.
        (WebCore::MockMediaPlayerMediaSource::seeking): Check for an uncompleted seek operation. 
        (WebCore::MockMediaPlayerMediaSource::seekWithTolerance): Ditto.
        (WebCore::MockMediaPlayerMediaSource::waitForSeekCompleted): Added.
        (WebCore::MockMediaPlayerMediaSource::seekCompleted): Added; trigger 'seeked'.
        * platform/mock/mediasource/MockMediaPlayerMediaSource.h:
        * platform/mock/mediasource/MockMediaSourcePrivate.cpp:
        (WebCore::MockMediaSourcePrivate::waitForSeekCompleted): Pass through to MockMediaPlayerMediaSource.
        (WebCore::MockMediaSourcePrivate::seekCompleted): Ditto.
        * platform/mock/mediasource/MockMediaSourcePrivate.h:

        Drive-by fixes.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::streamEndedWithError): Re-order the steps in streamEndedWithError()
            to avoid the MediaSource being closed and re-opened by the resulting duration change
            operation.
        * Modules/mediasource/MediaSource.h:
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::remove): Added logging.
        (WebCore::SourceBuffer::removeCodedFrames): Ditto.
        (WebCore::SourceBuffer::hasFutureTime): Swap an ASSERT for an early-return; it's possible
            for currentTime() to be outside of a buffered area.
        * Modules/mediasource/SourceBuffer.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute): Do not issue an additional 'timeupdate' event
            after finishSeek() issues one of its own.
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::globalDataParserQueue): Allow parsing operations to happen concurrently on
            background queues.

2014-07-12  Eric Carlson  <eric.carlson@apple.com>

        [iOS] update control type when playback state changes
        https://bugs.webkit.org/show_bug.cgi?id=134856

        Reviewed by Dean Jackson.

        Check to make sure the correct type of media controls are showing when playback state
        changes so we don't end up with the wrong type of controls during playback.

        * Modules/mediacontrols/mediaControlsApple.js: 
        (Controller.prototype.HandledVideoEvents): Drive-by fix, call handlePlay on 'playing' instead
            of 'play' so controls don't hide too early.
        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.setPlaying): New, call updateControls to make sure inline
            controls are shown when appropriate.

2014-07-12  Dean Jackson  <dino@apple.com>

        [iOS Media] Start playback button should indicate when it can't play
        https://bugs.webkit.org/show_bug.cgi?id=134851

        Post-commit review with Eric Carlson on IRC.

        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.updateStatusDisplay): Remove the line that sets the
        class on the inline play button.

2014-07-11  Dean Jackson  <dino@apple.com>

        [iOS Media] Start playback button should indicate when it can't play
        https://bugs.webkit.org/show_bug.cgi?id=134851

        Reviewed by Sam Weinig.

        If a video element has errors and cannot play, then the start
        playback button should use the "broken" icon.

        * Modules/mediacontrols/mediaControlsApple.js: Add a new "failed" class.
        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.shouldHaveStartPlaybackButton): We need a playback button
        even when there is an error.
        (ControllerIOS.prototype.handleWirelessPickerButtonTouchStart): Don't offer Airplay
        if we're in an error state.
        (ControllerIOS.prototype.updateStatusDisplay): Set the "failed" class on
        the playback buttons if we are in an error state.

2014-07-11  Benjamin Poulain  <benjamin@webkit.org>

        Partition the CSS rules based on the most specific filter of the rightmost fragment
        https://bugs.webkit.org/show_bug.cgi?id=134828

        Reviewed by Andreas Kling.

        Previously, RuleSet was partitioning each rule based on the rightmost filter.
        While fast, this had the side effect of putting many selectors with ID match in the class
        bucket (because the selectors are generally written starting with the ID).

        This patch replace the code of findBestRuleSetAndAdd() by a simple loop going over all
        the simple selectors in the rightmost fragment to find the best bucket.

        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::ruleMatches):
        * css/RuleSet.cpp:
        (WebCore::isSelectorMatchingHTMLBasedOnRuleHash):
        I unified ruleData.hasRightmostSelectorMatchingHTMLBasedOnRuleHash() and hasMultipartSelector().

        (WebCore::RuleData::RuleData):
        (WebCore::rulesCountForName):
        (WebCore::RuleSet::addRule):
        I removed the recursive part of findBestRuleSetAndAdd() (which was wrong anyway). The function
        was useless so I just moved the algorithm to addRule() directly.

        We first loop over all the CSSSelectors related by SubSelector, this correspond to the rightmost fragment.
        If a filter with high specificity is found, we add the rule immediately and end there.
        If a filter that is not very specific is found, we keep a pointer to the selector to use it later.

        (WebCore::RuleSet::findBestRuleSetAndAdd): Deleted.
        * css/RuleSet.h:
        (WebCore::RuleData::hasMultipartSelector): Deleted.

2014-07-11  Alex Christensen  <achristensen@webkit.org>

        [WinCairo] Unreviewed build fix after r170937.

        * WebCore.vcxproj/WebCoreGeneratedWinCairo.make:
        Update and apply changes applied to WebCoreGenerated.make in r170937.

2014-07-11  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Crash when using a stale InspectableNode Node
        https://bugs.webkit.org/show_bug.cgi?id=134849

        Reviewed by Timothy Hatcher.

        * inspector/PageConsoleAgent.cpp:

2014-07-11  Jer Noble  <jer.noble@apple.com>

        [MSE] Separate MediaSource logging into its own log channel
        https://bugs.webkit.org/show_bug.cgi?id=134809

        Reviewed by Eric Carlson.

        Separate out MediaSource logging (which can be quite verbose) into its own log channel,
        distinct from the Media log channel. Add some per-sample logging and further sequester that
        logging into its own MediaSourceSamples log channel.

        Add the MediaSource and MediaSourceSamples channels:
        * platform/Logging.h:

        Move LOG(Media) -> LOG(MediaSource):
        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::MediaSource):
        (WebCore::MediaSource::~MediaSource):
        (WebCore::MediaSource::setReadyState):
        (WebCore::MediaSource::addSourceBuffer):
        (WebCore::MediaSource::removeSourceBuffer):
        (WebCore::MediaSource::isTypeSupported):
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateSeekToTime):
        (WebCore::SourceBuffer::sourceBufferPrivateAppendComplete):
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
        (WebCore::SourceBuffer::sourceBufferPrivateDidBecomeReadyForMoreSamples):
        (WebCore::SourceBuffer::provideMediaData):
        (WebCore::SourceBuffer::monitorBufferingRate):
        (WebCore::SourceBuffer::textTrackAddCues):
        (WebCore::SourceBuffer::hasFutureTime):
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::didParseStreamDataAsAsset):
        (WebCore::SourceBufferPrivateAVFObjC::didFailToParseStreamDataWithError):
        (WebCore::SourceBufferPrivateAVFObjC::processCodedFrame):
        (WebCore::SourceBufferPrivateAVFObjC::didProvideContentKeyRequestInitializationDataForTrackID):
        (WebCore::SourceBufferPrivateAVFObjC::append):
        (WebCore::SourceBufferPrivateAVFObjC::layerDidReceiveError):
        (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError):
        (WebCore::SourceBufferPrivateAVFObjC::flushAndEnqueueNonDisplayingSamples):
        (WebCore::SourceBufferPrivateAVFObjC::enqueueSample):

2014-07-11  Brady Eidson  <beidson@apple.com>

        Phone numbers that span two lines are not detected.
        <rdar://problem/17601146> and https://bugs.webkit.org/show_bug.cgi?id=134808

        Reviewed by Tim Horton.

        * editing/Editor.cpp:
        (WebCore::Editor::scanSelectionForTelephoneNumbers): After scanning a range from the TextIterator,
            create an "edge range" window around the end of the TextIterator range, and scan it.
            Also make sure to not accumulate duplicate ranges that might have showed up in both the
            TextIterator range and the edge window range.

2014-07-11  Enrica Casucci  <enrica@apple.com>

        Implement textStylingAtPosition in WK2.
        https://bugs.webkit.org/show_bug.cgi?id=134843
        <rdar://problem/17614981>
        
        Reviewed by Benjamin Poulain.

        Adding some exports and making styleForSelectionStart public.

        * WebCore.exp.in:
        * editing/Editor.h:

2014-07-11  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r168868): eBay 'see all' links fail due to different JS bindings conversion behavior.
        https://bugs.webkit.org/show_bug.cgi?id=134841
        <rdar://problem/17577563>

        Reviewed by Simon Fraser.

        Revert back to type int for Element.scroll* APIs in order to preserve exception handling
        behavior.

        Test: cssom/non-subpixel-scroll-top-left-values.html

        * dom/Element.cpp:
        (WebCore::Element::scrollLeft):
        (WebCore::Element::scrollTop):
        (WebCore::Element::setScrollLeft):
        (WebCore::Element::setScrollTop):
        (WebCore::Element::scrollWidth):
        (WebCore::Element::scrollHeight):
        * dom/Element.h:
        * dom/Element.idl:
        * html/HTMLBodyElement.cpp:
        (WebCore::adjustForZoom):
        (WebCore::HTMLBodyElement::scrollLeft):
        (WebCore::HTMLBodyElement::setScrollLeft):
        (WebCore::HTMLBodyElement::scrollTop):
        (WebCore::HTMLBodyElement::setScrollTop):
        (WebCore::HTMLBodyElement::scrollHeight):
        (WebCore::HTMLBodyElement::scrollWidth):
        * html/HTMLBodyElement.h:

2014-07-11  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Debugger Pause button does not work
        https://bugs.webkit.org/show_bug.cgi?id=134785

        Reviewed by Timothy Hatcher.

        * CMakeLists.txt:
        * DerivedSources.make:
        * inspector/CommandLineAPIModuleSource.js:
        Minification strips the sourceURL command. Add it back with minification.

2014-07-11  Andreas Kling  <akling@apple.com>

        Use the bare minimum tile coverage rect when under memory pressure.
        <https://webkit.org/b/134837>

        When the browser is under critical memory pressure, don't generate any
        more tiles than are needed to cover the exposed viewport rect.

        Reviewed by Pratik Solanki.

        * page/FrameView.cpp:
        (WebCore::FrameView::computeCoverageRect):

2014-07-11  Javier Fernandez  <jfernandez@igalia.com>

        [CSS Grid Layout] Implement justify-self css property
        https://bugs.webkit.org/show_bug.cgi?id=134419

        Reviewed by Dean Jackson.

        This change adds the justify-self property from CSS 3 Box Alignment
        and implements the parsing.

        From Blink r164685 by <jchaffraix@chromium.org>

        Test: fast/css/parse-justify-self.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        (WebCore::CSSParser::parseValue):
        (WebCore::isItemPositionKeyword):
        (WebCore::CSSParser::parseJustifySelf):
        * css/CSSParser.h:
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::operator EJustifySelf):
        (WebCore::CSSPrimitiveValue::operator EJustifySelfOverflowAlignment):
        * css/CSSPropertyNames.in:
        * css/CSSValueKeywords.in:
        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::DeprecatedStyleBuilder::DeprecatedStyleBuilder):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::applyProperty):
        * rendering/style/RenderStyle.h:
        * rendering/style/RenderStyleConstants.h:
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:

2014-07-11  Bear Travis  <betravis@adobe.com>

        [Feature Queries] Feature Query CSS Grammar Productions Should Return a Value
        https://bugs.webkit.org/show_bug.cgi?id=134810

        Reviewed by Antti Koivisto.

        The parsing return values are used to determine if a feature query is valid. Two
        grammar productions have been updated to correctly return a value.

        Tests exist for this feature but will not be run until the feature is turned on.
        See https://bugs.webkit.org/show_bug.cgi?id=134404.

        * css/CSSGrammar.y.in: Adding return values for two valid feature query productions.

2014-07-10  Brent Fulgham  <bfulgham@apple.com>

        Use a separate backdrop element to allow cues to have highlight and background color
        https://bugs.webkit.org/show_bug.cgi?id=134821
        <rdar://problem/15999721>

        Reviewed by Eric Carlson.

        Add a new <div> element wrapping the existing cue <span>. This allows
        us to have a highlight on the cue (in the <span> background), as well
        as an overall background color.

        * Modules/mediacontrols/mediaControlsApple.css:
        (video::-webkit-media-text-track-display-backdrop): New markup for
        the backdrop element of the caption.
        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::cueBackdropShadowPseudoId): Added to
        allow user customization of the cue backdrop.
        (WebCore::VTTCue::initialize): Rename the old "m_cueBackgroundBox" to
        "m_cueHighlightBox" and add a new "m_cueBackdropBox" member.
        (WebCore::VTTCue::updateDisplayTree): Update for m_cueHighlightBox.
        (WebCore::VTTCue::getDisplayTree): Make m_cueHighlightBox a child
        of the new m_cueBackdropBox element, and add m_cueBackdropBox to
        the display tree.
        * html/track/VTTCue.h:
        (WebCore::VTTCue::element):
        * page/CaptionUserPreferencesMediaAF.cpp:
        (WebCore::CaptionUserPreferencesMediaAF::setInterestedInCaptionPreferenceChanges):
        Fix for missing caption style updates. Even if we are already
        listening for caption changes, we still want to update the new
        instance's style sheet to match.
        (WebCore::CaptionUserPreferencesMediaAF::captionsStyleSheetOverride):
        * rendering/RenderVTTCue.cpp:
        (WebCore::RenderVTTCue::initializeLayoutParameters): Take the new
        <div> into consideration when looking for the Cue text element.

2014-07-11  Zalan Bujtas  <zalan@apple.com>

        Subpixel layout: return integral results for offset*, client*, scroll* by default.
        https://bugs.webkit.org/show_bug.cgi?id=134651

        Reviewed by Simon Fraser.

        Revert to returning integral values for Element.offset* client* scroll* by default.
        Fractional values break number of sites(tight design) and JS frameworks(fail to handle fractional values).

        Since snapped dimension depends on both the original point and the width/height of the box,
        we need to call RenderBoxModelObject::pixelSnapped*() helpers, instead of round().

        Covered by existing tests
 
        * dom/Element.cpp:
        (WebCore::subpixelMetricsEnabled):
        (WebCore::convertToNonSubpixelValueIfNeeded):
        (WebCore::Element::offsetLeft):
        (WebCore::Element::offsetTop):
        (WebCore::Element::offsetWidth):
        (WebCore::Element::offsetHeight):
        (WebCore::Element::clientLeft):
        (WebCore::Element::clientTop):
        (WebCore::Element::clientWidth):
        (WebCore::Element::clientHeight):
        * page/Settings.in:

2014-07-11  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: icloud.com password arrow has clipped circle at some window sizes.
        https://bugs.webkit.org/show_bug.cgi?id=134824
        <rdar://problem/17612729>

        Reviewed by Simon Fraser.

        Transparent layer clipping needs device pixel offset adjusting.

        Test: fast/layers/wrong-clipping-semi-transparent-compositing-layer-on-subpixel-position.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::beginTransparencyLayers):
        (WebCore::RenderLayer::paintLayer):
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::paintBackgroundForFragments):
        (WebCore::RenderLayer::paintForegroundForFragments):
        * rendering/RenderLayer.h:

2014-07-11  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Remove unused file.

        * html/shadow/MediaControlsGtk.h: Removed.

2014-07-11  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Grid Layout] Update grid-auto-flow to the new syntax
        https://bugs.webkit.org/show_bug.cgi?id=134057

        Reviewed by Sergio Villar Senin.

        In last versions of the spec grid-auto-flow syntax has changed. New
        syntax is:
        [ row | column ] && dense? | stack && [ row | column ]?

        Implemented parsing for new syntax and added/modified test cases in
        current layout tests.

        For the moment, the implementation keeps working in the same way, but
        using "stack" value for grid-auto-flow property instead of "none". This
        should be fixed in a follow-up patch once "stack" is properly
        implemented.

        Also "dense" needs to be reviewed. Right now auto-placement algorithm is
        always "dense" and never "sparse".

        No new tests, update current tests to add new cases.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue): Adapt to new syntax.
        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue): Removed grid-auto-flow as it
        is not a keyword anymore.
        (WebCore::isKeywordPropertyID): Ditto.
        (WebCore::CSSParser::parseValue): Add specific method for parsing
        grid-auto-flow.
        (WebCore::CSSParser::parseGridShorthand): Adapt parsing for
        grid-auto-flow property inside the shorthand.
        (WebCore::isValidGridAutoFlowId): Helper method to check if the CSSValue
        id is a valid keyword for grid-auto-flow property.
        (WebCore::CSSParser::parseGridAutoFlow): Implement new parsing for
        grid-auto-flow.
        * css/CSSParser.h: Method header for grid-auto-flow parsing.
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::operator GridAutoFlow): Deleted.
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): Deleted.
        * css/CSSValueKeywords.in: Add new keywords required by grid-auto-flow:
        "dense" and "stack".
        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::DeprecatedStyleBuilder::DeprecatedStyleBuilder): Remove
        default handler as grid-auto-flow is not a keyword now.
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::applyProperty): Implement particular handler
        for new grid-auto-flow syntax.
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::placeItemsOnGrid): Keep old "none" behavior as
        "stack" behavior for the moment.
        (WebCore::RenderGrid::autoPlacementMajorAxisDirection): Use the new
        helper methods in RenderStyle.
        (WebCore::RenderGrid::autoPlacementMinorAxisDirection): Ditto.
        * rendering/style/GridResolvedPosition.cpp:
        (WebCore::GridResolvedPosition::resolveGridPositionsFromStyle): Again
        keep old "none" behavior for "stack".
        * rendering/style/RenderStyle.h: Add new helper methods to know the
        direction and algorithm of grid-auto-flow property.
        * rendering/style/RenderStyleConstants.h: Redefine GridAutoFlow enum
        using flags for algorithm and direction.
        * rendering/style/StyleGridData.h: Change m_gridAutoFlow type to
        unsigned.

2014-07-10  Myles C. Maxfield  <mmaxfield@apple.com>

        [iOS] Pasting rich content does not perform a two-step paste
        https://bugs.webkit.org/show_bug.cgi?id=134795

        Reviewed by Benjamin Poulain.

        UIKit requires writing something (anything!) to a particular pasteboard
        during copy in order to flag the content as rich. When a paste occurs,
        UIKit will read this flag and perform a two-step paste.

        Test: platform/ios-sim/editing/pasteboard/two-step-paste.html

        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::PlatformPasteboard::write):

2014-07-09  Andy Estes  <aestes@apple.com>

        [iOS] Some QuickLook documents are not displayed as previews
        https://bugs.webkit.org/show_bug.cgi?id=134788
        <rdar://problem/17278194>

        Reviewed by Pratik Solanki.

        ResourceRequest::isMainResourceRequest() is not reliable (e.g. ResourceRequests reconstituted from an
        NSURLRequest have no way to set this bit properly) and should probably be removed. Instead of using
        isMainResourceRequest() to check if a QuickLookHandle should be created when the Network Process is in use,
        just check if the current ResourceLoader is the same as the DocumentLoader's ResourceLoader.

        No new tests. QuickLook is not testable from WebKit.

        * platform/network/ios/QuickLook.mm:
        (WebCore::QuickLookHandle::create):

2014-07-10  Andreas Kling  <akling@apple.com>

        [iOS WebKit2] Don't uninstall the memory pressure listener after first signal.
        <https://webkit.org/b/134814>

        The call to uninstall() should not be made on iOS since iOS doesn't use the
        hold-off mechanism in MemoryPressureHandler.

        Reviewed by Benjamin Poulain.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::respondToMemoryPressure):

2014-07-10  Jer Noble  <jer.noble@apple.com>

        [MSE] Overlapping appended ranges must cause the decoder to flush and re-enqueue.
        https://bugs.webkit.org/show_bug.cgi?id=134805

        Reviewed by Eric Carlson.

        When appending a range of media data which overlaps with an existing range, SourceBuffer
        must cause the decoder to flush and re-enqueue samples. Those samples removed by appending
        the overlapping range may have already been enqueued for display, and unless the decode
        queue is flushed, corruption or decode errors may occur as the new samples are enqueued for
        display.

        Add a boolean flag onto TrackBuffer to indicate whether the decoder needs to be flushed and
        re-enqueued the next time an append operation completes. Set this flag whenever samples are
        removed due to overlapping or an explicit call to removeCodedFrames(). Move the contents of
        sourceBufferPrivateSeekToTime() (which previously did flushing and re-enqueueing) into a new
        function, reenqueueMediaForTime(), which can be called from sourceBufferPrivateAppendComplete().

        Drive-by fix: findSyncSampleAfterDecodeIterator() would return the passed in iterator if that
        sample is a sync-sample. Fix this to correctly return the next sync sample.

        Drive-by fix: Use a SampleMap, rather than a DecodeOrderSampleMap, to track erased samples
        so that the erasedSamples are correctly accounted for in both presentation and decode orders.

        * Modules/mediasource/SampleMap.cpp:
        (WebCore::SampleMap::empty): Add convenience method.
        (WebCore::DecodeOrderSampleMap::findSyncSampleAfterDecodeIterator): Drive-by fix.
        * Modules/mediasource/SampleMap.h:
        (WebCore::SampleMap::decodeOrder): Added const accessor.
        (WebCore::SampleMap::presentationOrder): Ditto.
        (WebCore::SampleMap::addRange): Added.
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::TrackBuffer::TrackBuffer): Add needsReenqueeing flag.
        (WebCore::SourceBuffer::sourceBufferPrivateSeekToTime): Move contents into reenqueueMediaForTime().
        (WebCore::SourceBuffer::sourceBufferPrivateAppendComplete): Call reenqueMediaForTime() if necessary.
        (WebCore::SourceBuffer::removeCodedFrames): Set needsReenqueing.
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample): Ditto.
        (WebCore::SourceBuffer::provideMediaData): Drive-by fix.
        (WebCore::SourceBuffer::reenqueueMediaForTime): Moved from sourceBufferPrivateSeekToTime().
        * Modules/mediasource/SourceBuffer.h:

2014-07-10  Pratik Solanki  <psolanki@apple.com>

        ASSERT in SharedBuffer::maybeAppendDataArray() on MobileSafari launch
        https://bugs.webkit.org/show_bug.cgi?id=134812
        <rdar://problem/17628434>

        Reviewed by Joseph Pecoraro.

        Fix bug in my fix in r170930. Initialize the badly named m_shouldUsePurgeableMemory field to
        false. This field indicates when it is okay to use purgeable memory and is set to true once
        the resource is finished loading. By setting it to true in the constructor we were creating
        purgeable memory while the resource was still being loaded and this triggered the assert.

        No new tests. Should be covered by existing tests.

        * platform/cf/SharedBufferCF.cpp:
        (WebCore::SharedBuffer::SharedBuffer):

2014-07-10  Andreas Kling  <akling@apple.com>

        [iOS WebKit2] Some memory pressure relief tweaks.
        <https://webkit.org/b/134811>

        Split memory pressure relief into critical and non-critical sections.
        Non-critical relief is for clearing out things that are really not
        essential, e.g unused font data, text measurement caches, etc.

        On iOS, only flip the "WebKit is under memory pressure" flag when we
        are under *critical* memroy pressure, rather than doing it early on
        and gimping ourselves because other processes are too big.

        Also added logging for when we transition in/out of system pressure.

        Reviewed by Geoffrey Garen.

        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseNoncriticalMemory):
        (WebCore::MemoryPressureHandler::releaseCriticalMemory):
        (WebCore::MemoryPressureHandler::releaseMemory):
        * platform/MemoryPressureHandler.h:
        (WebCore::MemoryPressureHandler::ReliefLogger::loggingEnabled):
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::install):

2014-07-10  Beth Dakin  <bdakin@apple.com>

        Need Setting/WKPreference that allows clients to prevent scrollbars from drawing 
        on a secondary thread
        https://bugs.webkit.org/show_bug.cgi?id=134778
        -and corresponding-
        <rdar://problem/17595333>

        Reviewed by Tim Horton.

        This is a requirement for some types of performance tests. The patch adds a new 
        virtual function to ScrollableArea that forces subclasses to indicate the value of 
        the Setting. This is required because Scrollbar and ScrollableArea can’t get to 
        Settings on their own.

        * page/FrameView.cpp:
        (WebCore::FrameView::forceUpdateScrollbarsOnMainThreadForPerformanceTesting):
        * page/FrameView.h:
        * page/Settings.in:
        * platform/ScrollableArea.h:
        * platform/Scrollbar.cpp:
        (WebCore::Scrollbar::supportsUpdateOnSecondaryThread):
        * platform/win/PopupMenuWin.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::forceUpdateScrollbarsOnMainThreadForPerformanceTesting):
        * rendering/RenderLayer.h:
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::forceUpdateScrollbarsOnMainThreadForPerformanceTesting):
        * rendering/RenderListBox.h:

2014-07-10  Brady Eidson  <beidson@apple.com>

        Phone number highlights should always be visible if the mouse hovers over.
        <rdar://problem/17527476> and https://bugs.webkit.org/show_bug.cgi?id=134784

        Reviewed by Tim Horton.

        * WebCore.exp.in:

2014-07-10  Timothy Horton  <timothy_horton@apple.com>

        Assertions or crashes under _takeViewSnapshot when restoring windows
        https://bugs.webkit.org/show_bug.cgi?id=134792

        Reviewed by Simon Fraser.

        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::createFromImage):

2014-07-10  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [XHR] overrideMimeType() should be able to change encoding in HEADERS RECEIVED state
        https://bugs.webkit.org/show_bug.cgi?id=128968

        Reviewed by Alexey Proskuryakov.

        Moved response encoding computation from didReceiveResponse to didReceiveData, just before the decoder is instantiated.
        This allows overrideMimeType to be changed within readystatechange event callback and have an impact on selected encoding.

        Test: http/tests/xmlhttprequest/overridemimetype-headers-received-state-force-shiftjis.html

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::didReceiveResponse): Removed m_responseEncoding computation from response and mimeTypeOverride.
        (WebCore::XMLHttpRequest::didReceiveData): Added m_responseEncoding computation from response and mimeTypeOverride.

2014-07-09  Brady Eidson  <beidson@apple.com>

        Fire connected/disconnected events for Gamepads.
        https://bugs.webkit.org/show_bug.cgi?id=134386

        Reviewed by Dean Jackson.

        No new tests (No effect in a currently tested config)

        * Modules/gamepad/GamepadManager.cpp:
        (WebCore::navigatorGamepadFromDOMWindow): Handling converting a possibly-null Navigator into
            a possibly null NavigatorGamepad.
        (WebCore::GamepadManager::platformGamepadConnected): Notify blind Navigator/DOMWindows of all
            previously attached Gamepads, then notify everybody of this new gamepad.
        (WebCore::GamepadManager::platformGamepadDisconnected): Handle dispatching the disconnected
            event to all registered DOMWindows.
        (WebCore::GamepadManager::platformGamepadInputActivity): Notify blind Navigator/DOMWindows of all
            attached Gamepads.
        (WebCore::GamepadManager::makeGamepadVisible): Handles notifying setting up a new gamepads
            with all NavigatorGamepads as well as dispatching the connected even to DOMWindows.
        (WebCore::GamepadManager::registerDOMWindow):
        (WebCore::GamepadManager::unregisterDOMWindow):
        (WebCore::GamepadManager::makeGamepadsVisibileToBlindNavigators): Deleted.
        * Modules/gamepad/GamepadManager.h:

        * Modules/gamepad/NavigatorGamepad.cpp:
        (WebCore::NavigatorGamepad::gamepadAtIndex):
        * Modules/gamepad/NavigatorGamepad.h:

2014-07-09  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Disable text quantization while actively changing the page's scale factor
        https://bugs.webkit.org/show_bug.cgi?id=134781

        Reviewed by Tim Horton and Myles C. Maxfield.

        Query the chrome client to setup quantization on each layers.

        * page/ChromeClient.h:
        (WebCore::ChromeClient::hasStablePageScaleFactor):
        * platform/graphics/mac/FontMac.mm:
        (WebCore::Font::drawGlyphs):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::setupFontSubpixelQuantization):

2014-07-09  peavo@outlook.com  <peavo@outlook.com>

        [Curl] Cache entry invalidated too early.
        https://bugs.webkit.org/show_bug.cgi?id=134681

        Reviewed by Alex Christensen.

        When a cache entry has expired, it is invalidated when a request for the corresponding url is started.
        This is too early, since the resource is possibly not modified (even though it has expired),
        and the server might respond with a 304 (not modified) response.
        When we then receive a 304 response, the cache entry is deleted, and we have no cached response/data to provide.
        This can be solved by not invalidating the entry when a request for that url is started,
        but instead invalidate when a 200 OK response is received (which means the resource has been modified).

        * platform/network/curl/CurlCacheManager.cpp:
        (WebCore::CurlCacheManager::isCached): Avoid invalidating cache entry when it has expired, wait until we know the server response.
        * platform/network/curl/CurlCacheManager.h: Added const modifier.

2014-07-09  Myles C. Maxfield  <mmaxfield@apple.com>

        Revert r170413 and r170390
        https://bugs.webkit.org/show_bug.cgi?id=134741

        Reviewed by Benjamin Poulain.

        These patches caused a variety of failures. I'm going to break them up into
        smaller chunks and commit them separately at some point in the future.

        Requesting a review from Ben Poulain because there were some conflicts with
        r170561 in InlineTextBox.cpp and InlineTextBox.h.

        * WebCore.exp.in:
        * platform/graphics/Font.cpp:
        (WebCore::Font::drawText):
        (WebCore::Font::drawEmphasisMarks):
        (WebCore::Font::adjustSelectionRectForText):
        (WebCore::computeUnderlineType):
        * platform/graphics/Font.h:
        * platform/graphics/FontFastPath.cpp:
        (WebCore::Font::getGlyphsAndAdvancesForSimpleText):
        (WebCore::Font::drawSimpleText):
        (WebCore::Font::drawEmphasisMarksForSimpleText):
        (WebCore::Font::drawGlyphBuffer):
        (WebCore::Font::drawEmphasisMarks):
        (WebCore::Font::adjustSelectionRectForSimpleText):
        * platform/graphics/GlyphBuffer.h:
        (WebCore::GlyphBuffer::size):
        (WebCore::GlyphBuffer::glyphs):
        (WebCore::GlyphBuffer::advances):
        (WebCore::GlyphBuffer::fontDataAt):
        (WebCore::GlyphBuffer::advanceAt):
        (WebCore::GlyphBuffer::offsetAt):
        (WebCore::GlyphBuffer::reverse):
        (WebCore::GlyphBuffer::offsetInString):
        (WebCore::GlyphBuffer::swap):
        * platform/graphics/GraphicsContext.cpp:
        * platform/graphics/Latin1TextIterator.h:
        (WebCore::Latin1TextIterator::Latin1TextIterator):
        (WebCore::Latin1TextIterator::currentCharacter):
        * platform/graphics/SimpleFontData.h:
        * platform/graphics/SurrogatePairAwareTextIterator.cpp:
        (WebCore::SurrogatePairAwareTextIterator::SurrogatePairAwareTextIterator):
        * platform/graphics/SurrogatePairAwareTextIterator.h:
        (WebCore::SurrogatePairAwareTextIterator::currentCharacter):
        * platform/graphics/TextRun.h:
        (WebCore::TextRun::length):
        (WebCore::TextRun::charactersLength):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::glyphDataForCharacter):
        (WebCore::applyFontTransforms):
        (WebCore::WidthIterator::advanceInternal):
        (WebCore::WidthIterator::advance):
        (WebCore::WidthIterator::advanceOneCharacter):
        * platform/graphics/WidthIterator.h:
        * platform/graphics/cairo/FontCairo.cpp:
        (WebCore::Font::drawGlyphs):
        * platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        (WebCore::Font::adjustSelectionRectForComplexText):
        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::setNormalizedBuffer):
        * platform/graphics/mac/FontComplexTextMac.cpp:
        (WebCore::Font::adjustSelectionRectForComplexText):
        (WebCore::Font::getGlyphsAndAdvancesForComplexText):
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        * platform/graphics/mac/FontMac.mm:
        (WebCore::Font::drawGlyphs):
        * platform/graphics/win/FontCGWin.cpp:
        (WebCore::Font::drawGlyphs):
        * platform/graphics/win/FontWin.cpp:
        (WebCore::Font::adjustSelectionRectForComplexText):
        (WebCore::Font::getGlyphsAndAdvancesForComplexText):
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        * platform/graphics/wince/FontWinCE.cpp:
        (WebCore::Font::drawGlyphs):
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        (WebCore::Font::selectionRectForComplexText):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::isSelected):
        (WebCore::InlineTextBox::selectionState):
        (WebCore::InlineTextBox::localSelectionRect):
        (WebCore::InlineTextBox::paint):
        (WebCore::InlineTextBox::selectionStartEnd):
        (WebCore::InlineTextBox::paintSelection):
        (WebCore::InlineTextBox::paintCompositionBackground):
        (WebCore::InlineTextBox::paintDocumentMarker):
        (WebCore::InlineTextBox::paintTextMatchMarker):
        (WebCore::InlineTextBox::computeRectForReplacementMarker):
        (WebCore::InlineTextBox::paintCompositionUnderline):
        (WebCore::InlineTextBox::positionForOffset):
        (WebCore::InlineTextBox::constructTextRun):
        * rendering/InlineTextBox.h:
        (WebCore::InlineTextBox::truncation):
        * rendering/RenderCombineText.cpp:
        (WebCore::RenderCombineText::getStringToRender):
        * rendering/RenderCombineText.h:
        * rendering/RenderTextLineBoxes.cpp:
        (WebCore::ellipsisRectForBox):
        * rendering/svg/SVGInlineFlowBox.cpp:
        (WebCore::SVGInlineFlowBox::computeTextMatchMarkerRectForRenderer):
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::positionForOffset):
        (WebCore::SVGInlineTextBox::localSelectionRect):
        (WebCore::SVGInlineTextBox::paintSelectionBackground):
        (WebCore::SVGInlineTextBox::mapStartEndPositionsIntoFragmentCoordinates):
        (WebCore::SVGInlineTextBox::paintText):
        * rendering/svg/SVGInlineTextBox.h:
        * rendering/svg/SVGTextMetricsBuilder.cpp:
        (WebCore::SVGTextMetricsBuilder::currentCharacterStartsSurrogatePair):
        (WebCore::SVGTextMetricsBuilder::advance):
        * rendering/svg/SVGTextQuery.cpp:
        (WebCore::SVGTextQuery::mapStartEndPositionsIntoFragmentCoordinates):
        (WebCore::SVGTextQuery::modifyStartEndPositionsRespectingLigatures):
        (WebCore::SVGTextQuery::subStringLengthCallback):
        (WebCore::SVGTextQuery::startPositionOfCharacterCallback):
        (WebCore::SVGTextQuery::endPositionOfCharacterCallback):
        (WebCore::SVGTextQuery::rotationOfCharacterCallback):
        (WebCore::SVGTextQuery::extentOfCharacterCallback):
        (WebCore::SVGTextQuery::characterNumberAtPositionCallback):
        * rendering/svg/SVGTextQuery.h:
        * rendering/svg/SVGTextRunRenderingContext.cpp:
        (WebCore::SVGGlyphToPathTranslator::SVGGlyphToPathTranslator):
        (WebCore::SVGTextRunRenderingContext::glyphDataForCharacter):
        * rendering/svg/SVGTextRunRenderingContext.h:
        * svg/SVGFontData.cpp:
        (WebCore::SVGFontData::applySVGGlyphSelection):
        * svg/SVGFontData.h:

2014-07-08  Jeffrey Pfau  <jpfau@apple.com>

        Fix flaky loading tests
        https://bugs.webkit.org/show_bug.cgi?id=133696

        Reviewed by Ryosuke Niwa.

        In some cases, the Frame may be destroyed while the loader is
        initializing. Make sure we don't delete it too early.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::init):

2014-07-09  Simon Fraser  <simon.fraser@apple.com>

        Make IndirectCompositingReason an enum class
        https://bugs.webkit.org/show_bug.cgi?id=134789

        Reviewed by Tim Horton.

        Make RenderLayer::IndirectCompositingReason an enum class, and change some code
        in RenderLayerCompositor::reasonsForCompositing() to use a switch.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        * rendering/RenderLayer.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::computeCompositingRequirements):
        (WebCore::RenderLayerCompositor::requiresOwnBackingStore):
        (WebCore::RenderLayerCompositor::reasonsForCompositing):
        (WebCore::RenderLayerCompositor::requiresCompositingForIndirectReason):

2014-07-09  Pratik Solanki  <psolanki@apple.com>

        Make SharedBuffer::append(SharedBuffer*) be smarter about CFData and data arrays
        https://bugs.webkit.org/show_bug.cgi?id=134731

        Reviewed by Antti Koivisto.

        If the target SharedBuffer has a CFDataRef or a data array then we can simply retain that
        CFDataRef or data array elements in the SharedBuffer being appended to. This avoids
        unnecessary copying.

        No new tests because no functional changes.

        * platform/SharedBuffer.cpp:
        (WebCore::SharedBuffer::append):
        (WebCore::SharedBuffer::maybeAppendPlatformData):
        * platform/SharedBuffer.h:
        * platform/cf/SharedBufferCF.cpp:
        (WebCore::SharedBuffer::maybeAppendPlatformData):
        (WebCore::SharedBuffer::maybeAppendDataArray):
        * platform/soup/SharedBufferSoup.cpp:
        (WebCore::SharedBuffer::maybeAppendPlatformData):

2014-07-09  Brent Fulgham  <bfulgham@apple.com>

        [Win] Remove uses of 'bash' in build system
        https://bugs.webkit.org/show_bug.cgi?id=134782
        <rdar://problem/17615533>

        Reviewed by Dean Jackson.

        Remove uses of 'bash' by replacing Windows-specific bash scripts
        with Perl equivalents.

        * WebCore.vcxproj/WebCoreGenerated.make:
        * WebCore.vcxproj/WebCoreGenerated.vcxproj:
        * WebCore.vcxproj/WebCoreGenerated.vcxproj.filters:
        * WebCore.vcxproj/WebCorePreBuild.cmd:
        * WebCore.vcxproj/build-generated-files.pl: Copied from Source/WebCore/WebCore.vcxproj/build-generated-files.sh.
        * WebCore.vcxproj/build-generated-files.sh: Removed.
        * WebCore.vcxproj/migrate-scripts.pl: Copied from Source/WebCore/WebCore.vcxproj/migrate-scripts.sh.
        * WebCore.vcxproj/migrate-scripts.sh: Removed.

2014-07-09  Anders Carlsson  <andersca@apple.com>

        Support transparent WKWebViews
        https://bugs.webkit.org/show_bug.cgi?id=134779
        <rdar://problem/17351058>

        Reviewed by Tim Horton.

        Schedule rebuilding the compositing layers if a FrameView's transparency changes.

        * page/FrameView.cpp:
        (WebCore::FrameView::setTransparent):

2014-07-09  Javier Fernandez  <jfernandez@igalia.com>
        CSS canvas color parsing accepts invalid color identifiers
        https://bugs.webkit.org/show_bug.cgi?id=134661

        Reviewed by Benjamin Poulain.

        Current implementation of the CSSParser::parseSystemColor assumes
        that if a valid cssValueKeywordID is got then it has to be a valid
        color. Such assumption is wrong and lead to many bugs and layout
        test failures.

        The parseSystemFunction determines now whether the parsed color is
        valid or not.

        Addtionally, a new method has been added to share the logic of
        determining whether a CSSValueID is a valid primitive values for
        colors or not. Generally, we should avoid passing invalid color
        identifiers to the theming API.

        No new tests, but added additional cases to the
        canvas-color-serialization.html, test-setting-canvas-color and
        rgb-color-parse test.

        * css/CSSParser.cpp:
        (WebCore::validPrimitiveValueColor): Added.
        (WebCore::parseColorValue):
        (WebCore::CSSParser::parseSystemColor):

2014-06-28  Jer Noble  <jer.noble@apple.com>

        [MSE] http/tests/media/media-source/mediasource-remove.html is failing
        https://bugs.webkit.org/show_bug.cgi?id=134768

        Reviewed by Eric Carlson.

        Fix multiple bugs causing mediasource-remove.html to fail:

        Separate out setDuration() into setDurationInternal() so that steps which require
        us to run the "duration change algorithm" don't bail out if the SoureBuffer is
        inside updating().

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::setDuration):
        (WebCore::MediaSource::setDurationInternal):
        * Modules/mediasource/MediaSource.h:
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment):
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):

        When removing coded frames, do so starting from the first sample in the range in
        decode order, so that frames dependant on removed frames are themselves removed. Add
        a convenience method in SampleMap findSampleWithPresentationTime(), and rename
        findSampleAfterPresentationTime() to findSampleOnOrAfterPresentationTime() to correctly
        reflect what the method does, and simplify its implementation by searching the map's keys
        directly.

        * Modules/mediasource/SampleMap.cpp:
        (WebCore::PresentationOrderSampleMap::findSampleWithPresentationTime):
        (WebCore::PresentationOrderSampleMap::findSampleOnOrAfterPresentationTime):
        (WebCore::DecodeOrderSampleMap::findSyncSampleAfterPresentationTime):
        (WebCore::PresentationOrderSampleMap::findSampleAfterPresentationTime): Deleted.
        * Modules/mediasource/SampleMap.h:
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::decodeTimeComparator):
        (WebCore::SourceBuffer::removeCodedFrames):

        Throw the correct exception (INVALID_STATE_ERR) from SourceBuffer::remove().

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::remove):

2014-07-09  Pratik Solanki  <psolanki@apple.com>

        Add SharedBuffer::wrapCFDataArray() and use it
        https://bugs.webkit.org/show_bug.cgi?id=134733

        Reviewed by Antti Koivisto.

        No new tests. Should be covered by existing tests.

        * platform/SharedBuffer.h:
        * platform/cf/SharedBufferCF.cpp:
        (WebCore::SharedBuffer::wrapCFDataArray):
        (WebCore::SharedBuffer::SharedBuffer):
        * platform/network/ResourceHandle.h:
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::handleDataArray): Deleted.
        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveDataArray):
        * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp:
        (WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveDataArray):
        * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
        (-[WebCoreResourceHandleAsDelegate connection:didReceiveDataArray:]):
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveDataArray:]):

2014-07-09  Pratik Solanki  <psolanki@apple.com>

        Move resource buffering from SynchronousNetworkLoaderClient to NetworkResourceLoader
        https://bugs.webkit.org/show_bug.cgi?id=134732

        Reviewed by Darin Adler.

        No new tests because no functional changes.

        * WebCore.exp.in:

2014-07-09  Tim Horton  <timothy_horton@apple.com>

        Fix the !USE(IOSURFACE) build.

        * WebCore.exp.in:

2014-07-09  Tim Horton  <timothy_horton@apple.com>

        Use IOSurface ViewSnapshots everywhere on Mac, remove JPEG encoding path
        https://bugs.webkit.org/show_bug.cgi?id=134773

        Reviewed by Anders Carlsson.

        * WebCore.exp.in:
        * platform/graphics/cocoa/IOSurface.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::createFromImage):
        Move make-an-IOSurface-from-a-CGImageRef into WebCore::IOSurface.

2014-07-09  Enrica Casucci  <enrica@apple.com>

        Implement Editor::fontAttributesForSelectionStart() or iOS.
        https://bugs.webkit.org/show_bug.cgi?id=134771
        <rdar://problem/16167838>

        Reviewed by Ryosuke Niwa.

        Implement for iOS the equivalent function we have for OS X.

        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::fontAttributesForSelectionStart):

2014-07-09  Brent Fulgham  <bfulgham@apple.com>

        [Win] Remove use of 'grep' in build steps
        https://bugs.webkit.org/show_bug.cgi?id=134770
        <rdar://problem/17608783>

        Reviewed by Tim Horton.

        Replace uses of the grep command in Windows builds with the equivalent
        Perl program.

        * WebCore.vcxproj/WebCoreGenerated.make:
        * WebCore.vcxproj/WebCorePreBuild.cmd:
        * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
        (WebCore::WebCoreAVCFResourceLoader::notifyFinished):

2014-07-09  Alex Christensen  <achristensen@webkit.org>

        Added css jit profiler, disabled by default.
        https://bugs.webkit.org/show_bug.cgi?id=134695

        Reviewed by Benjamin Poulain.

        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::ruleMatches):
        Tell the RuleData when its compiled selector is used.
        * css/RuleSet.cpp:
        (WebCore::RuleData::RuleData):
        Initialize the compiled selector use count to 0.
        * css/RuleSet.h:
        (WebCore::RuleData::~RuleData):
        (WebCore::RuleData::compiledSelectorUsed):
        Count and log the number of times a compiled selector is used.
        * cssjit/SelectorCompiler.h:
        Added option for CSS_SELECTOR_JIT_PROFILING set to 0 by default.
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorDataList::executeCompiledSimpleSelectorChecker):
        (WebCore::SelectorDataList::execute):
        Tell the SelectorData when its compiled selector is used.
        * dom/SelectorQuery.h:
        (WebCore::SelectorDataList::SelectorData::SelectorData):
        (WebCore::SelectorDataList::SelectorData::~SelectorData):
        (WebCore::SelectorDataList::SelectorData::compiledSelectorUsed):
        Count and log the number of times a compiled selector is used.

2014-07-09  Eric Carlson  <eric.carlson@apple.com>

        [iOS] caption size is sometimes incorrect in fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=134740

        Reviewed by Jer Noble.

        Captions on iOS are displayed in fullscreen with a TextTrackRepresentation object. Because
        the fullscreen video presentation is controlled by code in the UI process running on the
        UI thread, WebCore is notified of changes to fullscreen state asynchronously. This resulted
        in the TextTrackRepresentation object being created and/or destroyed too late some of the 
        time, which caused us to sometimes display captions incorrectly. Fix this by setting up and
        tearing down the TextTrackRepresentation object when WebCore's 'webkitfullscreenchange'
        event fires.

        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::enteredFullscreen): Notify text track container.
        (WebCore::MediaControlsHost::exitedFullscreen): Ditto.
        * Modules/mediacontrols/MediaControlsHost.h:
        * Modules/mediacontrols/MediaControlsHost.idl:

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.handleFullscreenChange): Notify host of fullscreen change.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::requiresTextTrackRepresentation): Only return true when in
            fullscreen.
        (WebCore::HTMLMediaElement::setVideoFullscreenLayer): Call updateTextTrackDisplay.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::MediaControlTextTrackContainerElement): Initialize
            m_updateTextTrackRepresentationStyle to false.
        (WebCore::MediaControlTextTrackContainerElement::updateDisplay): Move logic for creating
            TextTrackRepresentation to updateTextTrackRepresentation.
        (WebCore::MediaControlTextTrackContainerElement::updateActiveCuesFontSize): New, split out of updateTimerFired.
        (WebCore::MediaControlTextTrackContainerElement::updateTimerFired): Move code to force immediate
            font size change to updateActiveCuesFontSize.
        (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentation): New, update
            text track representation, creating first if necessary.
        (WebCore::MediaControlTextTrackContainerElement::clearTextTrackRepresentation): Add an early
            return if we don't have a text track representation.
        (WebCore::MediaControlTextTrackContainerElement::updateStyleForTextTrackRepresentation): Early
            return if there is nothing to be done.
        (WebCore::MediaControlTextTrackContainerElement::enteredFullscreen): Force a caption update
            if there are visible captions.
        (WebCore::MediaControlTextTrackContainerElement::updateSizes): Set m_updateTextTrackRepresentationStyle
            to true.
        (WebCore::MediaControlTextTrackContainerElement::textTrackRepresentationBoundsChanged):  Force a 
            caption update if there are visible captions.
        * html/shadow/MediaControlElements.h:

2014-07-09  Jer Noble  <jer.noble@apple.com>

        [MSE] http/tests/media/media-source/mediasource-endofstream-invaliderror.html is failing.
        https://bugs.webkit.org/show_bug.cgi?id=134413

        Reviewed by Eric Carlson.

        Update MediaSource.endOfStream() to take an optional enum instead of an optional String.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::endOfStream):
        * Modules/mediasource/MediaSource.h:
        * Modules/mediasource/MediaSource.idl:

2014-07-08  Brady Eidson  <beidson@apple.com>

        DOMWindows should register themselves with the GamepadManager when they have event listeners
        https://bugs.webkit.org/show_bug.cgi?id=134669

        Reviewed by Dean Jackson.

        No new tests (No effect in a currently tested config)

        By having DOMWindows register with the GamepadManager when they have/don’t have gamepad event
        listeners, we accomplish two things:
        1 - It’s simple for GamepadManager to dispatch gamepad events directly to the DOMWindows interested.
        2 - We know when to start monitoring for gamepad connections.

        * Modules/gamepad/GamepadManager.cpp:
        (WebCore::GamepadManager::GamepadManager):
        (WebCore::GamepadManager::registerNavigator):
        (WebCore::GamepadManager::unregisterNavigator):
        (WebCore::GamepadManager::registerDOMWindow):
        (WebCore::GamepadManager::unregisterDOMWindow):
        (WebCore::GamepadManager::maybeStartMonitoringGamepads): Start monitoring gamepads if there are any
          registered DOMWindows or NavigatorGamepads, and we aren’t already monitoring them.
        (WebCore::GamepadManager::maybeStopMonitoringGamepads): Stop monitoring gamepads if there aren’t any
          registered DOMWindows or NavigatorGameads, and we have been monitoring them before now.
        * Modules/gamepad/GamepadManager.h:

        * dom/EventNames.h:
        (WebCore::EventNames::isGamepadEventType):

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::DOMWindow):
        (WebCore::DOMWindow::~DOMWindow): If registered for gamepad events, unregister now.
        (WebCore::DOMWindow::incrementGamepadEventListenerCount): If this is the first gamepad event
          listener, register with the GamepadManager now.
        (WebCore::DOMWindow::decrementGamepadEventListenerCount): If this was the last gamepad event
          listener, unregister from the GamepadManager now.
        (WebCore::DOMWindow::addEventListener):
        (WebCore::DOMWindow::removeEventListener):
        * page/DOMWindow.h:

2014-07-08  Sun-woo Nam  <sunny.nam@samsung.com>

        [EFL] Fix the build break when ENABLE_ENCRYPTED_MEDIA_V2 is turned on.
        https://bugs.webkit.org/show_bug.cgi?id=134750

        Reviewed by Gyuyoung Kim.

        When turning ENABLE_ENCRYPTED_MEDIA_V2 on, build break occurs.
        Some source files need to be included in CMakeLists.txt file for build.
        And wrap the included header file which is built only on mac and wince.

        * CMakeLists.txt:
        * Modules/encryptedmedia/CDMPrivateMediaPlayer.cpp:

2014-07-08  Eric Carlson  <eric.carlson@apple.com>

        [iOS] user caption preferences not applied
        https://bugs.webkit.org/show_bug.cgi?id=134599

        Reviewed by Sam Weinig.

        * page/CaptionUserPreferences.cpp:
        (WebCore::CaptionUserPreferences::updateCaptionStyleSheetOveride): All Pages in a PageGroup
        do not necessarily use the same PageUserContentController, so apply and remove caption user
        the style sheet directly to each page rather than to the page group.

2014-07-08  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r170894.
        https://bugs.webkit.org/show_bug.cgi?id=134749

        "It broke the build on mountainlion release 32bit" (Requested
        by mmirman on #webkit).

        Reverted changeset:

        "Added css jit profiler, disabled by default."
        https://bugs.webkit.org/show_bug.cgi?id=134695
        http://trac.webkit.org/changeset/170894

2014-07-08  Jeremy Jones  <jeremyj@apple.com>

        WebVideoFullscreenInterfaceAVKit should lazily create m_playerController.
        https://bugs.webkit.org/show_bug.cgi?id=134706

        Reviewed by Simon Fraser.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::setWebVideoFullscreenModel):
        Don't set the delegate if m_playerController isn't created.

2014-07-08  Bem Jones-Bey  <bjonesbe@adobe.com>

        Ensure we compute the height of replaced elements to 'auto' when appropriate.
        https://bugs.webkit.org/show_bug.cgi?id=134700

        Reviewed by David Hyatt.

        This fixes two issues:

        1) If a replaced element has a percentage height specified then its
        height should compute to 'auto' when its containing block does not
        have a height 'specified explicitly'. We were taking this to mean when
        its containing block's specified height value is 'auto' - in fact it
        means when the containing block's computed height is auto.

        2) Top and bottom on the containing block should only affect the
        height of the block if that block has absolute or fixed position.

        This brings us into line with IE, Firefox, and Chrome.

        This is a port of Blink patches by Rob Hogan and David Vest.

        Tests: css2.1/20110323/height-percentage-005.htm
               fast/css/replaced-element-ignore-top-bottom.html

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::hasAutoHeightOrContainingBlockWithAutoHeight):

2014-07-08  Alex Christensen  <achristensen@webkit.org>

        Added css jit profiler, disabled by default.
        https://bugs.webkit.org/show_bug.cgi?id=134695

        Reviewed by Benjamin Poulain.

        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::ruleMatches):
        Tell the RuleData when its compiled selector is used.
        * css/RuleSet.cpp:
        (WebCore::RuleData::RuleData):
        Initialize the compiled selector use count to 0.
        * css/RuleSet.h:
        (WebCore::RuleData::~RuleData):
        (WebCore::RuleData::compiledSelectorUsed):
        Count and log the number of times a compiled selector is used.
        * cssjit/SelectorCompiler.h:
        Added option for CSS_SELECTOR_JIT_PROFILING set to 0 by default.
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorDataList::executeCompiledSimpleSelectorChecker):
        (WebCore::SelectorDataList::execute):
        Tell the SelectorData when its compiled selector is used.
        * dom/SelectorQuery.h:
        (WebCore::SelectorDataList::SelectorData::SelectorData):
        (WebCore::SelectorDataList::SelectorData::~SelectorData):
        (WebCore::SelectorDataList::SelectorData::compiledSelectorUsed):
        Count and log the number of times a compiled selector is used.

2014-07-08  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix GObject DOM bindings API breaks test after r170700.

        Add missing WebKitDOMXPathNSResolver.symbols that I forgot to add
        in r170700.

        * bindings/gobject/WebKitDOMXPathNSResolver.symbols: Added.

2014-07-07  Pratik Solanki  <psolanki@apple.com>

        Unreviewed. iOS build fix after r170871.

        * rendering/RenderThemeIOS.mm:
        (WebCore::adjustInputElementButtonStyle):

2014-07-07  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: icloud.com password arrow has clipped circle at some window sizes.
        https://bugs.webkit.org/show_bug.cgi?id=134710
        <rdar://problem/17545291>

        Reviewed by Simon Fraser.

        Transparent layer clipping needs device pixel snapping.

        Test: fast/layers/wrong-clipping-semi-transparent-layer-on-subpixel-position.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::beginTransparencyLayers):

2014-07-07  Benjamin Poulain  <benjamin@webkit.org>

        LinkBuffer should not keep a reference to the MacroAssembler
        https://bugs.webkit.org/show_bug.cgi?id=134668

        Reviewed by Geoffrey Garen.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::compile):

2014-07-07  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Inline box decoration rounds to integral.
        https://bugs.webkit.org/show_bug.cgi?id=134523
        <rdar://problem/17530298>

        Reviewed by Darin Adler.

        This patch removes 2 integral roundings from InlineFlowBox:
        1. Border and padding sizes are implicitly integral truncated by the 'int' return type
           of borderLogicalLeft/Right()/paddingLogicalLeft/Right(). It results in losing
           fractional border/padding values.
        2. Painting rectangle is explicitly rounded which pushes border and
           other decoration elements to odd device pixel positions on retina displays.
        These values get pixel snapped right before calling in to GraphicsContext::*.

        Test: fast/inline/hidpi-inline-text-decoration-with-subpixel-value.html

        * rendering/InlineBox.h:
        (WebCore::InlineBox::frameRect):
        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::nodeAtPoint):
        (WebCore::InlineFlowBox::paintBoxDecorations):
        (WebCore::InlineFlowBox::paintMask):
        (WebCore::InlineFlowBox::roundedFrameRect): Deleted.
        * rendering/InlineFlowBox.h:
        (WebCore::InlineFlowBox::borderLogicalLeft):
        (WebCore::InlineFlowBox::borderLogicalRight):
        (WebCore::InlineFlowBox::paddingLogicalLeft):
        (WebCore::InlineFlowBox::paddingLogicalRight):

2014-07-07  Zalan Bujtas  <zalan@apple.com>

        Pass RenderLayer reference instead of pointer to RenderLayer::paintingExtent().
        https://bugs.webkit.org/show_bug.cgi?id=134714

        Reviewed by Simon Fraser.

        No change in functionality. 

        * rendering/RenderLayer.cpp: * -> &
        (WebCore::expandClipRectForRegionAndReflection):
        (WebCore::expandClipRectForDescendantsAndReflection):
        (WebCore::transparencyClipBox):
        (WebCore::paintingExtent):
        (WebCore::RenderLayer::beginTransparencyLayers):
        (WebCore::RenderLayer::paintTransformedLayerIntoFragments):
        (WebCore::RenderLayer::hitTestTransformedLayerInFragments):
        (WebCore::RenderLayer::paintingExtent): Deleted.
        * rendering/RenderLayer.h:

2014-07-07  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove misleadingly-named Font::isSVGFont()
        https://bugs.webkit.org/show_bug.cgi?id=134697

        Reviewed by Dean Jackson.

        Being a SVG font is a property of the FontData object, not
        the Font object. Providing an isSVGFont() function on the
        Font class will likely lead to incorrect code and non-obvious
        bugs.

        No new tests because there is no behavior change.

        * platform/graphics/Font.h:
        (WebCore::Font::isSVGFont): Deleted.
        * platform/graphics/mac/FontMac.mm:
        (WebCore::Font::primaryFontDataIsSystemFont):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::constructTextRun):
        * rendering/RenderBlock.cpp:
        (WebCore::constructTextRunInternal):
        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseFor):
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::constructTextRun):
        * rendering/svg/SVGTextMetrics.cpp:
        (WebCore::SVGTextMetrics::constructTextRun):
        (WebCore::SVGTextMetrics::SVGTextMetrics):

2014-07-07  Brady Eidson  <beidson@apple.com>

        Move Gamepad index down into PlatformGamepad.
        https://bugs.webkit.org/show_bug.cgi?id=134670

        Reviewed by Darin Adler.

        PlatformGamepads always have an inherent index anyways.
        This will make things easier in all upcoming work.

        * Modules/gamepad/Gamepad.cpp:
        (WebCore::Gamepad::Gamepad):
        * Modules/gamepad/Gamepad.h:

        * Modules/gamepad/GamepadManager.cpp:
        (WebCore::GamepadManager::platformGamepadConnected):
        (WebCore::GamepadManager::platformGamepadDisconnected):
        (WebCore::GamepadManager::makeGamepadsVisibileToBlindNavigators):
        * Modules/gamepad/GamepadManager.h:

        * Modules/gamepad/NavigatorGamepad.cpp:
        (WebCore::NavigatorGamepad::gamepadsBecameVisible):
        (WebCore::NavigatorGamepad::gamepadConnected):
        (WebCore::NavigatorGamepad::gamepadDisconnected):
        * Modules/gamepad/NavigatorGamepad.h:

        * platform/GamepadProviderClient.h:

        * platform/PlatformGamepad.h:
        (WebCore::PlatformGamepad::index):
        (WebCore::PlatformGamepad::PlatformGamepad):

        * platform/mac/HIDGamepad.cpp:
        (WebCore::HIDGamepad::HIDGamepad):
        * platform/mac/HIDGamepad.h:

        * platform/mac/HIDGamepadProvider.cpp:
        (WebCore::HIDGamepadProvider::deviceAdded):
        (WebCore::HIDGamepadProvider::deviceRemoved):
        (WebCore::HIDGamepadProvider::removeGamepadForDevice):
        * platform/mac/HIDGamepadProvider.h:

2014-07-07  Simon Fraser  <simon.fraser@apple.com>

        [UI-side compositing] Support reflections on custom layers like video
        https://bugs.webkit.org/show_bug.cgi?id=134701

        Reviewed by Tim Horton.

        Add a LayerTypeWebGLLayer layer type, and support casting to PlatformCALayerRemoteCustom.

        * WebCore.exp.in: Export PlatformCALayerMac::layerTypeForPlatformLayer(CALayer*), and sort.
        * platform/graphics/ca/PlatformCALayer.h:
        (WebCore::PlatformCALayer::isPlatformCALayerRemoteCustom):
        * platform/graphics/ca/mac/PlatformCALayerMac.h:
        * platform/graphics/ca/mac/PlatformCALayerMac.mm:
        (PlatformCALayerMac::layerTypeForPlatformLayer):
        (PlatformCALayerMac::PlatformCALayerMac):
        (PlatformCALayerMac::commonInit):

2014-07-07  Simon Fraser  <simon.fraser@apple.com>

        [UI-side compositing] Crash when starting a filter transition on a reflected layer
        https://bugs.webkit.org/show_bug.cgi?id=134694

        Reviewed by Tim Horton.

        Don't call the owner if we failed to find the animation key (which actually
        isn't used by PlatformCALayerMac anyway).

        * platform/graphics/ca/mac/PlatformCALayerMac.mm:
        (-[WebAnimationDelegate animationDidStart:]):

2014-07-07  Alex Christensen  <achristensen@webkit.org>

        [iOS WebGL] Fix crash with too many nested glsl functions.
        https://bugs.webkit.org/show_bug.cgi?id=134683
        <rdar://problem/17541529>

        Reviewed by Geoffrey Garen.

        This fixes the Khronos WebGL 1.0.3 test nested-functions-should-not-crash.html.

        * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
        (WebCore::Extensions3DOpenGLCommon::getTranslatedShaderSourceANGLE):
        Add SH_LIMIT_CALL_STACK_DEPTH to extraCompileOptions.

2014-07-07  Ion Rosca  <rosca@adobe.com>

        [CSS Blending]The background images set on the root element will blend on an initial white backdrop.
        https://bugs.webkit.org/show_bug.cgi?id=134342

        Reviewed by Dean Jackson.

        Tests: css3/blending/background-blend-mode-body-image.html
               css3/blending/background-blend-mode-body-transparent-color-and-image.html
               css3/blending/background-blend-mode-body-transparent-image.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::paintFillLayers):
        If the background layers have blend modes, we paint the base background color first,
        before starting a new transparency layer. After creating the transparency layer,
        the base background will be skipped, and the background layers will blend on top of
        a transparent backdrop.
        (WebCore::RenderBox::paintFillLayer):
        * rendering/RenderBox.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        This method is able to paint only the base background color (BaseBackgroundColorOnly), 
        skipping the background-color and background-images. This option is available only
        on bottom layer of the root renderer and only if the background color is not opaque,
        otherwise the method will return early.
        Another option is to paint the root background without using the base background color
        (BaseBackgroundColorSkip).
        * rendering/RenderBoxModelObject.h:
        Adding the BaseBackgroundColorUsage enum.

2014-07-06  Yoav Weiss  <yoav@yoav.ws>

        Turn on img@sizes compile flag
        https://bugs.webkit.org/show_bug.cgi?id=134634

        Reviewed by Benjamin Poulain.

        * Configurations/FeatureDefines.xcconfig: Moved compile flag to alphabetical order.

2014-07-06  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Generate isMathMLFoo() toMathMLFoo() by using NODE_TYPE_CASTS macro and generateTypeHelpers
        https://bugs.webkit.org/show_bug.cgi?id=134647

        Reviewed by Andreas Kling.

        Use type cast macro and generation tag for isFoo() and toFoo() in some MathML classes.

        No new tests, no behavior change.

        * mathml/MathMLElement.h: Place MathMLElementTypeHelpers.h to the bottom of the
        file so that functions from that file can use the Element|Node classes and other things defined in this file.
        * mathml/MathMLMencloseElement.h:
        (WebCore::toMathMLMencloseElement): Deleted.
        * mathml/mathtags.in:

2014-07-06  Yusuke Suzuki  <utatane.tea@gmail.com>

        CSS JIT: Ensure resolvingMode size is 1 byte
        https://bugs.webkit.org/show_bug.cgi?id=134662

        Reviewed by Benjamin Poulain.

        Since selector compiler uses MacroAssembler::branch8 for SelectorChecker::Mode,
        we should ensure sizeof(SelectorChecker::Mode) == 1.
        Old implementation works only in little endianness environments.

        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::matchedResult):
        (WebCore::ElementRuleCollector::matchedRuleList):
        (WebCore::ElementRuleCollector::collectMatchingRules):
        (WebCore::ElementRuleCollector::sortAndTransferMatchedRules):
        (WebCore::ElementRuleCollector::hasAnyMatchingRules):
        * css/ElementRuleCollector.h:
        (WebCore::ElementRuleCollector::ElementRuleCollector):
        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::match):
        (WebCore::SelectorChecker::matchRecursively):
        (WebCore::SelectorChecker::checkOne):
        * css/SelectorChecker.h:
        * css/StyleInvalidationAnalysis.cpp:
        (WebCore::invalidateStyleRecursively):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::pseudoStyleRulesForElement):
        * css/StyleResolver.h:
        (WebCore::checkRegionSelector):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::jumpIfNotResolvingStyle):
        (WebCore::SelectorCompiler::elementIsActiveForStyleResolution):
        (WebCore::SelectorCompiler::elementIsHoveredForStyleResolution):
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorDataList::selectorMatches):

2014-07-06  Antti Koivisto  <antti@apple.com>

        Don't throttle layer flushes when the main resource is a GIF
        https://bugs.webkit.org/show_bug.cgi?id=134650
        <rdar://problem/17490712>

        Reviewed by Simon Fraser.
        
        Avoid throttling big image animations.

        * page/FrameView.cpp:
        (WebCore::determineLayerFlushThrottleState):
        
            Disable for image documents.

        (WebCore::FrameView::disableLayerFlushThrottlingTemporarilyForInteraction):
        (WebCore::FrameView::updateLayerFlushThrottling):
        
            Refactor a bit.

        * page/LayerFlushThrottleState.h:
        
            Rename the flag.

2014-07-06  Andreas Kling  <akling@apple.com>

        Inline NodeListsNodeData helpers more aggressively.
        <https://webkit.org/b/134654>

        Get rid of call overhead costs when retrieving NodeLists and
        HTMLCollections from Document. These functions have very few clients,
        so there's no real reason to keep them out of line.

        Reviewed by Antti Koivisto.

        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::addCacheWithAtomicName):
        (WebCore::NodeListsNodeData::addCacheWithName):

2014-07-06  Andreas Kling  <akling@apple.com>

        Inline Node's rare data getters.
        <https://webkit.org/b/134652>

        There was a fair bit of overhead when calling Node::ensureRareData()
        from Document's collection getters. This patch inlines the case where
        we've already materialized the rare data.

        Reviewed by Antti Koivisto.

        * dom/Node.cpp:
        (WebCore::Node::materializeRareData):
        (WebCore::Node::rareData): Deleted.
        (WebCore::Node::ensureRareData): Deleted.
        * dom/Node.h:
        * dom/NodeRareData.h:
        (WebCore::Node::rareData):
        (WebCore::Node::ensureRareData):

2014-07-05  Dean Jackson  <dino@apple.com>

        [iOS] MediaDocument should set a viewport
        https://bugs.webkit.org/show_bug.cgi?id=134658
        <rdar://problem/17552339>

        Reviewed by Zalan Bujtas.

        A MediaDocument should fill the viewport, so set its
        initial-scale to 1 and make it non-zoomable.

        * html/MediaDocument.cpp:
        (WebCore::MediaDocumentParser::createDocumentStructure): Create
        a <head> element and a <meta> element with a 1:1 viewport.

2014-07-05  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r170825.
        https://bugs.webkit.org/show_bug.cgi?id=134653

        broke debug builds (Requested by kling on #webkit).

        Reverted changeset:

        "Generate isMathMLFoo() toMathMLFoo() by using NODE_TYPE_CASTS
        macro and generateTypeHelpers"
        https://bugs.webkit.org/show_bug.cgi?id=134647
        http://trac.webkit.org/changeset/170825

2014-07-05  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Generate isMathMLFoo() toMathMLFoo() by using NODE_TYPE_CASTS macro and generateTypeHelpers
        https://bugs.webkit.org/show_bug.cgi?id=134647

        Reviewed by Andreas Kling.

        Use type cast macro and generation tag for isFoo() and toFoo() in some MathML classes.

        No new tests, no behavior change.

        * mathml/MathMLElement.h: Place MathMLElementTypeHelpers.h to the bottom of the
        file so that functions from that file can use the Element|Node classes and other things defined in this file.
        (WebCore::isMathMLElement): Deleted.
        * mathml/MathMLMencloseElement.h:
        (WebCore::toMathMLMencloseElement): Deleted.
        * mathml/mathtags.in:

2014-07-04  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        [EFL] Support Geolocation
        https://bugs.webkit.org/show_bug.cgi?id=134439

        Reviewed by Antonio Gomes.

        Add geoclue files in order to enable geolocation for EFL port.

        * PlatformEfl.cmake:

2014-07-04  Benjamin Poulain  <benjamin@webkit.org>

        CSS JIT: compile :in-range and :out-of-range
        https://bugs.webkit.org/show_bug.cgi?id=134639

        Reviewed by Andreas Kling.

        The pseudo class :in-range and :out-of-range are trivial non-inlined selectors.

        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::checkOne):
        * css/SelectorCheckerTestFunctions.h:
        (WebCore::isInRange):
        (WebCore::isOutOfRange):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoClassType):

2014-07-04  Andreas Kling  <akling@apple.com>

        Fast path for jsStringWithCache() when asked for the same string repeatedly.
        <https://webkit.org/b/134635>

        Reviewed by Darin Adler.

        * WebCore.exp.in:
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::jsStringWithCache): Deleted.
        * bindings/js/JSDOMBinding.h:
        (WebCore::JSValueTraits<String>::arrayJSValue):
        (WebCore::jsStringWithCache): Deleted.
        * bridge/c/c_utility.cpp:
        (JSC::Bindings::convertNPVariantToValue):
        * loader/cache/CachedResourceHandle.h:

2014-07-04  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: ebay.com rotating billboard on the main page has cut off buttons.
        https://bugs.webkit.org/show_bug.cgi?id=134636
        <rdar://problem/17529112>

        Reviewed by Darin Adler.

        Missing pixel snapping when clipping the transparency layer for BackgroundBleedUseTransparencyLayer.
        Clipping needs to take the same snapping strategy as the rest of the painting code.

        Test: fast/borders/border-radius-on-subpixel-position-non-hidpi.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::paintBoxDecorations):

2014-05-10  Andreas Kling  <akling@apple.com>

        QualifiedName should use RefPtr<QualifiedNameImpl> internally.
        <https://webkit.org/b/132796>

        We were not inlining ~QualifiedName() and it was showing up in some
        profiles (over 1% on dom-attr.html.)

        This patch modernizes QualifiedName a bit by using RefPtr to store
        the QualifiedNameImpl instead of doing manual ref() and deref()
        in out-of-line functions.

        Reviewed by Darin Adler.

        * WebCore.exp.in:
        * dom/QualifiedName.cpp:
        (WebCore::QNameComponentsTranslator::translate):
        (WebCore::QualifiedName::QualifiedName):
        (WebCore::QualifiedName::~QualifiedName): Deleted.
        (WebCore::QualifiedName::deref): Deleted.
        * dom/QualifiedName.h:
        (WebCore::QualifiedName::QualifiedNameImpl::create):
        (WebCore::QualifiedName::QualifiedName):
        (WebCore::QualifiedName::isHashTableDeletedValue):
        (WebCore::QualifiedName::~QualifiedName):
        (WebCore::QualifiedName::operator=):
        (WebCore::QualifiedName::impl):
        (WebCore::QualifiedName::ref): Deleted.

2014-07-04  Dean Jackson  <dino@apple.com>

        [iOS] [Media] Prevent page zoom if it started in the video element
        https://bugs.webkit.org/show_bug.cgi?id=134640
        <rdar://problem/16630794>

        Reviewed by Sam Weinig.

        In r170572 I attempted to prevent the page zoom from happening
        when the user was attempting to fullscreen the video. That fix was
        not complete, because it relied on the touchstart event being
        sent before a gesture event. It turns out this doesn't always happen,
        so we need to apply the same check in the gesture event - if the
        gesture began with two fingers on the media, don't do a page zoom.
        The exception is zooming out, if you've managed to make the video
        cover the entire screen (also, the pinch-out-of-fullscreen gesture
        does not get handled by WebKit).

        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.handleBaseGestureChange): Add a check to
        make sure our pinch didn't start in the video element.

2014-07-04  Hunseop Jeong  <hs85.jeong@samsung.com>

        [CoordinatedGraphics] Use the C++11 syntax to clean-up for loops 
        https://bugs.webkit.org/show_bug.cgi?id=134594

        Reviewed by Darin Adler.

        Convert a couple of loops to range-based for 

        No change in functionality, no new tests.

        * platform/graphics/TiledBackingStore.cpp:
        (WebCore::TiledBackingStore::updateTileBuffers):
        (WebCore::TiledBackingStore::resizeEdgeTiles):
        (WebCore::TiledBackingStore::setKeepRect):
        * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
        (WebCore::CompositingCoordinator::~CompositingCoordinator):
        (WebCore::CompositingCoordinator::flushPendingImageBackingChanges):
        (WebCore::CompositingCoordinator::setVisibleContentsRect):
        (WebCore::CompositingCoordinator::purgeBackingStores):
        * platform/graphics/texmap/coordinated/CoordinatedBackingStore.cpp:
        (WebCore::CoordinatedBackingStore::removeAllTiles):
        (WebCore::CoordinatedBackingStore::paintToTextureMapper):
        (WebCore::CoordinatedBackingStore::drawBorder):
        (WebCore::CoordinatedBackingStore::drawRepaintCounter):
        (WebCore::CoordinatedBackingStore::commitTileOperations):
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsScene.cpp:
        (WebCore::CoordinatedGraphicsScene::adjustPositionForFixedLayers):
        (WebCore::CoordinatedGraphicsScene::commitPendingBackingStoreOperations):

2014-07-04  Andreas Kling  <akling@apple.com>

        CTTE: ScriptElement always has a HTTPScriptElement or SVGScriptElement.
        <https://webkit.org/b/134637>

        Have ScriptElement store the pointer to the more specific subclass
        element as a reference. Also made the constructor protected since
        nobody should instantiate ScriptElement directly.

        Reviewed by Antti Koivisto.

        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::ScriptElement):
        (WebCore::ScriptElement::childrenChanged):
        (WebCore::ScriptElement::dispatchErrorEvent):
        (WebCore::ScriptElement::prepareScript):
        (WebCore::ScriptElement::requestScript):
        (WebCore::ScriptElement::executeScript):
        (WebCore::ScriptElement::notifyFinished):
        (WebCore::ScriptElement::ignoresLoadRequest):
        (WebCore::ScriptElement::scriptContent):
        * dom/ScriptElement.h:
        (WebCore::ScriptElement::element):
        * dom/ScriptRunner.cpp:
        (WebCore::ScriptRunner::queueScriptForExecution):
        * html/HTMLScriptElement.cpp:
        (WebCore::HTMLScriptElement::HTMLScriptElement):
        * svg/SVGScriptElement.cpp:
        (WebCore::SVGScriptElement::SVGScriptElement):

2014-07-04  Julien Quint  <pom@graougraou.com>

        input type=range element should only fire change events after committing a  value
        https://bugs.webkit.org/show_bug.cgi?id=134545

        Reviewed by Dean Jackson.

        A "change" event was fired every time the slider thumb element was dragged
        by the user. The "change" event is now fired only after the thumb
        element has stopped moving; previously, both "input" and "change" events
        where dispatched while changes were being made. This new behavior is
        consistent with the specification (cf.
        http://www.whatwg.org/specs/web-apps/current-work/multipage/common-input-element-attributes.html#event-input-change),
        as well as other implementations such as Firefox and Chrome.

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.createControls): Listen to the "input" event
        rather than the "change" event for the timeline control in order to
        keep track of value changes when the user is dragging the thumb.
        * accessibility/AccessibilitySlider.cpp:
        (WebCore::AccessibilitySlider::setValue): Dispatch "change" event while
        setting the new value rather than dispatching later, since setting the
        value now clears the change flag.
        * html/RangeInputType.cpp:
        (WebCore::RangeInputType::setValue): Update the text value of the
        control in the case when no event is to be dispatched, so that this
        value can be checked the next time a "change" event dispatch is
        requested.
        * html/shadow/SliderThumbElement.cpp:
        (WebCore::SliderThumbElement::setPositionFromPoint): Removed the
        dispatch of the "change" event, and no longer track the text value of
        the element as a result of dispatching a "change" event.
        (WebCore::SliderThumbElement::stopDragging): Dispatch the "change" event
        on completing the drag.

2014-07-04  Andreas Kling  <akling@apple.com>

        CTTE: ApplicationCacheHost always has a DocumentLoader.
        <https://webkit.org/b/b/128435>

        Have ApplicationCacheHost store the backpointer to its owning
        DocumentLoader as a reference.

        Reviewed by Sam Weinig.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::DocumentLoader):
        (WebCore::DocumentLoader::startLoadingMainResource):
        * loader/appcache/ApplicationCacheHost.cpp:
        (WebCore::ApplicationCacheHost::ApplicationCacheHost):
        (WebCore::ApplicationCacheHost::~ApplicationCacheHost):
        (WebCore::ApplicationCacheHost::selectCacheWithoutManifest):
        (WebCore::ApplicationCacheHost::selectCacheWithManifest):
        (WebCore::ApplicationCacheHost::maybeLoadMainResource):
        (WebCore::ApplicationCacheHost::maybeLoadFallbackForMainResponse):
        (WebCore::ApplicationCacheHost::maybeLoadFallbackForMainError):
        (WebCore::ApplicationCacheHost::failedLoadingMainResource):
        (WebCore::ApplicationCacheHost::finishedLoadingMainResource):
        (WebCore::ApplicationCacheHost::maybeLoadResource):
        (WebCore::ApplicationCacheHost::maybeLoadFallbackForError):
        (WebCore::ApplicationCacheHost::maybeLoadSynchronously):
        (WebCore::ApplicationCacheHost::notifyDOMApplicationCache):
        (WebCore::ApplicationCacheHost::stopDeferringEvents):
        (WebCore::ApplicationCacheHost::scheduleLoadFallbackResourceFromApplicationCache):
        (WebCore::ApplicationCacheHost::update):
        (WebCore::ApplicationCacheHost::swapCache):
        (WebCore::ApplicationCacheHost::abort):
        (WebCore::ApplicationCacheHost::isApplicationCacheEnabled):
        * loader/appcache/ApplicationCacheHost.h:
        (WebCore::ApplicationCacheHost::documentLoader): Deleted.

2014-07-04  Antti Koivisto  <antti@apple.com>

        REGRESSION(r159345): Lines are clipped between pages when printing web content from Safari
        https://bugs.webkit.org/show_bug.cgi?id=134633
        <rdar://problem/17088936>

        Reviewed by Zalan Bujtas.

        Test: printing/simple-lines-break.html

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseFor):
        
            Disable simple lines if global pagination is enabled.
            Printing does not currently use flow threads which we already test for.

2014-07-04  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed. Fixing the build after r170795.

        Mac didn't like that change as it seems to properly typedef long long to int64_t.
        That's not the case on 64-bit Linux (for some reason), so I'm changing the type of
        the two long long variables in FormDataElement to int64_t to avoid any further trouble.

        * platform/network/FormData.h:

2014-07-03  Brady Eidson  <beidson@apple.com>

        When showing the selection menu, include menu options for all selected phone numbers.
        <rdar://problem/16983434>, <rdar://problem/16874568>, and https://bugs.webkit.org/show_bug.cgi?id=134613

        Reviewed by Tim Horton.

        * English.lproj/Localizable.strings:

        * dom/Range.cpp:
        (WebCore::rangesOverlap): Fix reversed arguments that caused some types of overlaps to not be detected.

2014-07-03  Daniel Bates  <dabates@apple.com>

        Add WTF::move()
        https://bugs.webkit.org/show_bug.cgi?id=134500

        Rubber-stamped by Anders Carlsson.

        Substitute WTF::move() for std::move().

        * Modules/battery/NavigatorBattery.cpp:
        * Modules/encryptedmedia/MediaKeys.cpp:
        * Modules/gamepad/NavigatorGamepad.cpp:
        * Modules/gamepad/deprecated/NavigatorGamepad.cpp:
        * Modules/geolocation/NavigatorGeolocation.cpp:
        * Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
        * Modules/indexeddb/IDBDatabaseBackend.cpp:
        * Modules/indexeddb/IDBDatabaseBackend.h:
        [...]

2014-07-03  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Fix small bugs of dynamicViewportSizeUpdate that were causing inaccuracies in the computed target
        https://bugs.webkit.org/show_bug.cgi?id=134582

        Reviewed by Tim Horton.

        * WebCore.exp.in:
        * platform/ScrollView.h:
        (WebCore::ScrollView::unobscuredContentSize):
        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::unobscuredContentRect):
        (WebCore::ScrollView::setUnobscuredContentSize):

2014-07-02  Brent Fulgham  <bfulgham@apple.com>

        [Mac] WebKit1 WebView iframe not responding to scroll gestures
        https://bugs.webkit.org/show_bug.cgi?id=134569
        <rdar://problem/17309008>

        Reviewed by Simon Fraser.

        New test: platform/mac/fast/scrolling/scroll-iframe-fragment.html

        WK1 scrollable areas are implemented on top of PlatformWidget (i.e., NSView) objects. They only
        perform a scroll operation if the EventHandler::handleWheelEvent method returns 'false', indicating
        that the Cocoa layer should do scrolling work. This is in contrast to WK2, where the scrolling is
        handled separately and we return 'true' from EventHandler::handleWheelEvent to indicate that the
        scroll event has been handled and that no other work is needed. This mismatch in the meaning of
        EventHandler::handleWheelEvent means that WK1 views do not properly handle scroll wheel events.

        To correct this, we need to see if we are acting on an Element backed by a PlatformWidget. When we
        are (the WK1 case) we want to return 'false' to instruct the Cocoa object to do the scroll operation.
        To implement proper latching behavior in WK1, we must return 'true' in the case where we are latched
        to a PlatformWidget, and that PlatformWidget did not start the scroll gesture at the edge of
        the region in the dominant scroll direction.

        Finally, additional logic was needed to determine whether the PlatformWidget is scrolled to the
        edge in the dominant scroll direction.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::platformCompleteWheelEvent): Added stub.
        (WebCore::EventHandler::platformCompletePlatformWidgetWheelEvent): Added stub.
        (WebCore::EventHandler::handleWheelEvent): Call new platformCompletePlatformWidgetWheelEvent if the
        event was handled for a PlatformWidget.
        * page/EventHandler.h:
        * page/mac/EventHandlerMac.mm:
        (WebCore::widgetForEventTarget): Added helper function.
        (WebCore::scrollViewForEventTarget): Added helper function.
        (WebCore::eventTargetIsPlatformWidget): Added helper function.
        (WebCore::EventHandler::platformPrepareForWheelEvents): Check whether we are at a scrolled edge
        for the NSView (PlatformWidget) case.
        (WebCore::EventHandler::platformCompleteWheelEvent): Return 'false' when handling WK1-style scrolls.
        (WebCore::EventHandler::platformCompletePlatformWidgetWheelEvent): Added. We generally want to
        return false so the PlatformWidget handles scrolling, except in the case where we are latched to
        a PlatformWidget, which has already performed its scroll, and we want to avoid propegating a
        scroll event to an enclosing region.

2014-07-03  Pratik Solanki  <psolanki@apple.com>

        Preserve old behavior of creating an NSURLRequest of the exact same type as passed to us
        https://bugs.webkit.org/show_bug.cgi?id=134605
        <rdar://problem/17544641>

        Reviewed by Andreas Kling.

        We have client code that passes us a subclass of NSURLRequest to load resource. Later when
        we call willSendRequest, they test to make sure they get an object of the same type. My
        optimization in r170642 broke this path when I cleared out the NSURLRequest object. We
        already had code in updateNSURLRequest() that was taking this quirk into account but I broke
        that. Fix it by reverting to old behavior for such clients.

        No new tests though we need one. I will add it later.

        * platform/network/cf/ResourceRequest.h:
        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::ResourceRequest::doUpdatePlatformRequest):
        (WebCore::ResourceRequest::doUpdatePlatformHTTPBody):
        (WebCore::ResourceRequest::setStorageSession):
        * platform/network/ios/ResourceRequestIOS.mm:
        (WebCore::ResourceRequest::updateNSURLRequest):
        (WebCore::ResourceRequest::clearOrUpdateNSURLRequest):

2014-07-02  Anders Carlsson  <andersca@apple.com>

        Stop using EncoderAdapter/DecoderAdapter for FormData
        https://bugs.webkit.org/show_bug.cgi?id=134571

        Reviewed by Andreas Kling.

        * WebCore.exp.in:
        * platform/network/FormData.cpp:
        (WebCore::encodeElement): Deleted.
        (WebCore::decodeElement): Deleted.
        (WebCore::FormData::encode): Deleted.
        (WebCore::FormData::decode): Deleted.
        * platform/network/FormData.h:
        (WebCore::FormDataElement::encode):
        (WebCore::FormDataElement::decode):
        (WebCore::FormData::encode):
        (WebCore::FormData::decode):

2014-07-03  Brady Eidson  <beidson@apple.com>

        Selection rects sent to ServicesOverlayController are wrong.
        <rdar://problem/16727796> and https://bugs.webkit.org/show_bug.cgi?id=134568

        Reviewed by Darin Adler (and Tim Horton and Ryosuke Niwa).

        * WebCore.exp.in:

        Update the gatherer to keep GapRects separate from LayoutRects:
        * editing/SelectionRectGatherer.cpp:
        (WebCore::SelectionRectGatherer::addRects):
        (WebCore::SelectionRectGatherer::Notifier::~Notifier):
        (WebCore::SelectionRectGatherer::clearAndCreateNotifier):
        * editing/SelectionRectGatherer.h:

        * page/EditorClient.h:
        (WebCore::EditorClient::selectionRectsDidChange): Updated to take LayoutRects and GapRects separately.

        Change RenderSelectionInfo to also hang on to the individual rects that formed the final bounding rect:
        * rendering/RenderSelectionInfo.h:
        (WebCore::RenderSelectionInfo::RenderSelectionInfo): If the RenderObject is a RenderText, then call
          collectSelectionRectsForLineBoxes instead of selectionRectForRepaint.
        (WebCore::RenderSelectionInfo::rects):

        * rendering/RenderText.cpp:
        (WebCore::RenderText::collectSelectionRectsForLineBoxes): Added
        (WebCore::RenderText::selectionRectForRepaint):
        * rendering/RenderText.h:

        * rendering/RenderTextLineBoxes.cpp:
        (WebCore::RenderTextLineBoxes::collectSelectionRectsForRange): Added
        * rendering/RenderTextLineBoxes.h:

        * rendering/RenderView.cpp:
        (WebCore::RenderView::setSubtreeSelection): Add the list of rects to the gatherer instead of just 
          the bounding rect.

2014-07-03  Brady Eidson  <beidson@apple.com>

        Possible crash in IconDatabase in WebCore::IconDatabase::dispatchDidRemoveAllIconsOnMainThread
        <rdar://problem/17437687> and https://bugs.webkit.org/show_bug.cgi?id=134517

        Reviewed by Eric Carlson.

        Since WebCore::IconDatabase is not RefCounted there’s no obvious way to keep it alive until it is
        truly no longer needed.

        This isn’t generally a problem because they are usually a singleton that lasts the lifetime of the process.

        In the WebKit2 case, WebCore::IconDatabases can come and go as their owning WebIconDatabases come and go.

        So we can rely on WebIconDatabase to handle the lifetime appropriately. 

        * loader/icon/IconDatabase.cpp:
        (WebCore::IconDatabase::close): If the database is actually closed, notify the client.
        (WebCore::IconDatabase::IconDatabase):
        (WebCore::IconDatabase::isOpen): Take into account whether there’s any main thread callbacks, plus what
          is covered by isOpenBesidesMainThreadCallbacks.
        (WebCore::IconDatabase::isOpenBesidesMainThreadCallbacks): Take into account whether the sync thread
          is still running and whether or not the database file is still open.
        (WebCore::IconDatabase::checkClosedAfterMainThreadCallback): Checks to see if the database has just
          become 100% closed and - if so - notify the client.
        (WebCore::IconDatabase::dispatchDidImportIconURLForPageURLOnMainThread): Updated to increment the main thread
          callback count and to call checkClosedAfterMainThreadCallback when done.
        (WebCore::IconDatabase::dispatchDidImportIconDataForPageURLOnMainThread): Ditto.
        (WebCore::IconDatabase::dispatchDidRemoveAllIconsOnMainThread): Ditto.
        (WebCore::IconDatabase::dispatchDidFinishURLImportOnMainThread): Ditto.
        * loader/icon/IconDatabase.h:

        * loader/icon/IconDatabaseClient.h:
        (WebCore::IconDatabaseClient::didClose): Added. For the IconDatabase to tell its client it is 100% closed.

2014-07-03  Chris Fleizach  <cfleizach@apple.com>

        AX: VoiceOver does not read aria-expanded attribute on controls in Safari
        https://bugs.webkit.org/show_bug.cgi?id=134527

        Reviewed by Mario Sanchez Prada.

        Expose whether the ARIA expanded property is present or not.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper accessibilitySupportsARIAExpanded]):

2014-07-02  Jon Honeycutt  <jhoneycutt@apple.com>

        Removing an element with CSS -webkit-overflow-scrolling: touch breaks
        subsequent touch events

        <https://bugs.webkit.org/show_bug.cgi?id=134584>
        <rdar://problem/17202021>

        This issue is caused by the order of teardown for RenderLayers.

        RenderLayer clears its m_backing in its destructor, calling the
        RenderLayerBacking destructor. The RenderLayerBacking destructor calls
        RenderLayerCompositor::willRemoveScrollingLayer(), which tries to
        access the RenderLayer's backing that has already been cleared. This
        causes us to skip the call to ChromeClient::removeScrollingLayer(),
        resulting in a stale view that can block touch events.

        Reviewed by Simon Fraser.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateScrollingLayers):
        When calling willRemoveScrollingLayerWithBacking(), pass both the layer
        and the RenderLayerBacking.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::willRemoveScrollingLayerWithBacking):
        Renamed. Use the passed RenderLayerBacking, as the RenderLayer's
        backing might have already been cleared.
        (WebCore::RenderLayerCompositor::willRemoveScrollingLayer): Deleted.

        * rendering/RenderLayerCompositor.h:
        Renamed willRemoveScrollingLayer() to
        willRemoveScrollingLayerWithBacking() and added a parameter.

2014-07-01  Mark Rowe  <mrowe@apple.com>

        Ensure that the WebKit bundle version in the user agent string continues to match the current format.
        <https://webkit.org/b/134524> / <rdar://problem/17447771>

        Reviewed by Simon Fraser.

        * page/cocoa/UserAgent.h:
        * page/cocoa/UserAgent.mm:
        (WebCore::userVisibleWebKitBundleVersionFromFullVersion): Updated to take an NSString now that it's internal
        to the file.
        (WebCore::userAgentBundleVersionFromFullVersionString): Limit the bundle version included in the user agent
        string to three components.
        * page/ios/UserAgentIOS.mm:
        (WebCore::standardUserAgentWithApplicationName): Update to call userAgentBundleVersionFromFullVersionString.
        * page/mac/UserAgentMac.mm:
        (WebCore::standardUserAgentWithApplicationName): Ditto.

2014-07-01  Mark Rowe  <mrowe@apple.com>

        <https://webkit.org/b/134522> Remove duplication in code that prepares the user agent string on Mac and iOS

        Reviewed by Simon Fraser.

        * page/cocoa/UserAgent.h:
        * page/cocoa/UserAgent.mm:
        (WebCore::userVisibleWebKitBundleVersionFromFullVersion): Moved from WebKit2.
        * page/ios/UserAgentIOS.mm:
        (WebCore::standardUserAgentWithApplicationName): Pass the WebKit bundle version through userVisibleWebKitBundleVersionFromFullVersion
        before including it in the user agent string.
        * page/mac/UserAgentMac.mm:
        (WebCore::standardUserAgentWithApplicationName): Ditto.

2014-07-02  Mark Rowe  <mrowe@apple.com>

        <https://webkit.org/b/134521> iOS should use shared code to determine the system marketing version

        Reviewed by Simon Fraser.

        * WebCore.xcodeproj/project.pbxproj: Add the new files, and sort the groups they're in.
        * page/cocoa/UserAgent.h: Copied from Source/WebCore/page/mac/UserAgent.h.
        * page/cocoa/UserAgent.mm: Renamed from Source/WebCore/page/mac/UserAgent.h.
        Move systemMarketingVersionForUserAgentString to a location where it can be shared between
        Mac and iOS.
        * page/ios/UserAgentIOS.mm:
        (WebCore::standardUserAgentWithApplicationName): Switch to systemMarketingVersionForUserAgentString.
        * page/mac/UserAgentMac.mm:
        * platform/cocoa/SystemVersion.h: Renamed from Source/WebCore/platform/mac/SystemVersionMac.h.
        * platform/cocoa/SystemVersion.mm: Renamed from Source/WebCore/platform/mac/SystemVersionMac.mm.
        Move to a location that makes it clear this is shared between Mac and iOS. Enable the modern Mac
        codepath for iOS as well.

2014-07-02  Anders Carlsson  <andersca@apple.com>

        Remove keyed coding from FormData
        https://bugs.webkit.org/show_bug.cgi?id=134565

        Reviewed by Tim Horton.

        * platform/network/FormData.cpp:
        (WebCore::encodeElement): Deleted.
        (WebCore::decodeElement): Deleted.
        (WebCore::FormData::encode): Deleted.
        (WebCore::FormData::decode): Deleted.
        * platform/network/FormData.h:

2014-07-02  Anders Carlsson  <andersca@apple.com>

        Get rid of the HistoryItem encoding/decoding in WebCore
        https://bugs.webkit.org/show_bug.cgi?id=134564

        Reviewed by Beth Dakin.

        * WebCore.exp.in:
        * history/HistoryItem.cpp:
        (WebCore::HistoryItem::encodeBackForwardTree): Deleted.
        (WebCore::encodeRect): Deleted.
        (WebCore::encodeSize): Deleted.
        (WebCore::HistoryItem::encodeBackForwardTreeNode): Deleted.
        (WebCore::DecodeRecursionStackElement::DecodeRecursionStackElement): Deleted.
        (WebCore::decodeRect): Deleted.
        (WebCore::decodeSize): Deleted.
        (WebCore::HistoryItem::decodeBackForwardTree): Deleted.
        * history/HistoryItem.h:

2014-07-02  Alex Christensen  <achristensen@webkit.org>

        [WebGL] Fix crash when glsl expressions are too complex.
        https://bugs.webkit.org/show_bug.cgi?id=134554
        <rdar://problem/17540462>

        Reviewed by Dean Jackson.
        
        This fixes the Khronos test conformance/glsl/bugs/long-expressions-should-not-crash.html.

        * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
        (WebCore::Extensions3DOpenGLCommon::getTranslatedShaderSourceANGLE):
        Add SH_LIMIT_EXPRESSION_COMPLEXITY to the ANGLE compile options.

2014-07-02  Benjamin Poulain  <benjamin@webkit.org>

        WebCore JIT: rename registerCount to something less generic and add new types for lists of registers and lists of stack references
        https://bugs.webkit.org/show_bug.cgi?id=134552

        Reviewed by Alex Christensen.

        Little cleanup:
        -The name registerCount was a little too generic. Rename that to "maximumRegisterCount" to avoid confusion.
        -Add a new type RegisterVector for any vector holding registers. This is just to avoid repeating the inline
         size everywhere, no functional change.
        -Same idea for the stack: welcome StackReferenceVector!

        * cssjit/FunctionCall.h:
        (WebCore::FunctionCall::saveAllocatedCallerSavedRegisters):
        Remove the appendVector here. It was unnecessarily cautious, StackAllocator already protect us
        from mistakes.

        * cssjit/RegisterAllocator.h:
        (WebCore::RegisterAllocator::allocatedRegisters):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
        Changing from the count of "calleeSavedRegisterCount" to "maximumRegisterCount" will cause
        calleeSavedRegisterStackReferences to always overallocate.
        The code generator is never on the heap, so that should not change anything.

        * cssjit/StackAllocator.h:
        (WebCore::StackAllocator::push):
        (WebCore::StackAllocator::pop):

2014-07-02  Dan Bernstein  <mitz@apple.com>

        Remove some code only needed for versions of Safari that are no longer supported
        https://bugs.webkit.org/show_bug.cgi?id=134537

        Reviewed by Anders Carlsson.

        * bindings/objc/DOMHTML.mm:
        (-[DOMHTMLInputElement _rectOnScreen]): Deleted.
        (-[DOMHTMLInputElement _replaceCharactersInRange:withString:selectingFromIndex:]): Deleted.
        (-[DOMHTMLInputElement _selectedRange]): Deleted.
        * bindings/objc/DOMPrivate.h:
        * editing/EditorCommand.cpp:
        (WebCore::createCommandMap):

2014-07-02  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GStreamer] MediaPlayerPrivateGStreamer.cpp fails to build when VIDEO_TRACK is enabled and using GSTREAMER_MPEGTS
        https://bugs.webkit.org/show_bug.cgi?id=134548

        Reviewed by Philippe Normand.

        Include AtomicStringHash.h when ENABLE(VIDEO_TRACK) && USE(GSTREAMER_MPEGTS)
        since it's used by HashMap<AtomicString, RefPtr<InbandMetadataTextTrackPrivateGStreamer>>

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:

2014-07-02  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Unstable headers should include webkitdomdefines-unstable.h
        https://bugs.webkit.org/show_bug.cgi?id=134540

        Reviewed by Martin Robinson.

        Instead of the class header that can only be included from webkitdom.h.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (WriteData):

2014-07-02  Mario Sanchez Prada  <mario.prada@samsung.com>

        REGRESSION(r170008): [GTK] Layout Tests fast/forms/option-constructor-selected.html and fast/forms/select-live-pseudo-selectors.html crash.
        https://bugs.webkit.org/show_bug.cgi?id=134399

        Reviewed by Chris Fleizach.

        Check that the value of optionIndex passed as a parameter is valid
        before calling didUpdateActiveOption() over the item of the menu
        list, to prevent crashes in platforms where renderers (and therefore
        accessibility objects) might not be created for items at the time
        of calling AccessibilityMenuList::didUpdateActiveOption().

        * accessibility/AccessibilityMenuList.cpp:
        (WebCore::AccessibilityMenuList::didUpdateActiveOption): Added check.

2014-07-02  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Do not add forward declaration of class struct for interfaces
        https://bugs.webkit.org/show_bug.cgi?id=134297

        Reviewed by Martin Robinson.

        * PlatformGTK.cmake: Make files generated by
        gobject-generate-headers.pl script depend on it.
        * bindings/gobject/WebKitDOMEventTarget.h: Remove forward declaration.
        * bindings/gobject/WebKitDOMNodeFilter.h: Ditto
        * bindings/gobject/WebKitDOMXPathNSResolver.h: Ditto.
        * bindings/scripts/gobject-generate-headers.pl: Use Iface instead
        of Class suffix for interfaces.

2014-07-01  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] XPathNSResolver should be exposed as an interface instead of as a class
        https://bugs.webkit.org/show_bug.cgi?id=134028

        Reviewed by Gustavo Noronha Silva.

        Add custom implementation of WebKitDOMXPathNSResolver to expose it
        as an interface instead of a class. It also includes an internal
        default implementation of the interface to support methods that
        create a XPathNSResolver using the native implementation.

        * PlatformGTK.cmake: Add new files to compilation.
        * bindings/gobject/GObjectXPathNSResolver.cpp: Added.
        (WebCore::GObjectXPathNSResolver::~GObjectXPathNSResolver):
        (WebCore::GObjectXPathNSResolver::lookupNamespaceURI): Call
        webkit_dom_xpath_ns_resolver_lookup_namespace_uri().
        * bindings/gobject/GObjectXPathNSResolver.h: Added.
        (WebCore::GObjectXPathNSResolver::create):
        (WebCore::GObjectXPathNSResolver::GObjectXPathNSResolver): Create
        a new GObjectXPathNSResolver for the given WebKitDOMXPathNSResolver.
        * bindings/gobject/WebKitDOMXPathNSResolver.cpp: Added.
        (webkit_dom_xpath_ns_resolver_default_init):
        (webkit_dom_xpath_ns_resolver_lookup_namespace_uri):
        (webkitDOMNativeXPathNSResolverFinalize):
        (webkitDOMNativeXPathNSResolverConstructor):
        (webkit_dom_native_xpath_ns_resolver_init):
        (webkit_dom_native_xpath_ns_resolver_class_init):
        (webkitDOMNativeXPathNSResolverLookupNamespaceURI):
        (webkitDOMXPathNSResolverIfaceInit):
        (WebKit::core): Return the native XPathNSResolver when using the
        internal implementation or create a custom XPathNSResolver when
        using a user provided WebKitDOMXPathNSResolver.
        (WebKit::kit):
        * bindings/gobject/WebKitDOMXPathNSResolver.h: Added.
        * bindings/gobject/WebKitDOMXPathNSResolverPrivate.h: Added.
        * bindings/scripts/CodeGeneratorGObject.pm:
        (GenerateFunction): Add exceptions for XPathNSResolver since
        the core method returns a PassRefPtr.

2014-07-01  Frédéric Wang  <fred.wang@free.fr>

        The OpenType MATH table is not read on Mac
        https://bugs.webkit.org/show_bug.cgi?id=133569

        Reviewed by Chris Fleizach.

        An incorrect tag format is used to load the OpenType MATH table on Mac.
        This commit makes the format consistent with what is used for other tables on Mac.
        This will allow to load the MATH table and to use it for the MathML rendering.

        No new tests. platform/graphics/opentype already contains tests for the OpenType MATH support.

        * platform/graphics/opentype/OpenTypeMathData.cpp:

2014-07-01  Alex Christensen  <achristensen@webkit.org>

        [Win64] Unreviewed build fix.

        * WebCore.vcxproj/WebCore.vcxproj:
        Exclude CA files from 32 and 64 bit WinCairo builds.
        * WebCore.vcxproj/WebCoreTestSupport.vcxproj:
        Don't use a precompiled header in 32 or 63 bit builds of MockCDM.cpp.

2014-07-01  Alex Christensen  <achristensen@webkit.org>

        Reduce dynamic memory allocation in css jit.
        https://bugs.webkit.org/show_bug.cgi?id=134416

        Reviewed by Benjamin Poulain.

        * cssjit/FunctionCall.h:
        (WebCore::FunctionCall::saveAllocatedRegisters):
        * cssjit/RegisterAllocator.h:
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoClassType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
        * cssjit/StackAllocator.h:
        (WebCore::StackAllocator::push):
        (WebCore::StackAllocator::pop):
        Use inlineCapacity template parameter to reduce malloc calls.
        I use 32 as the inline capacity for non-register related vectors because that
        is probably big enough for the selector compiler, and if it is not then a malloc
        call will not be significant because the selector is very complex.

2014-07-01  Eric Carlson  <eric.carlson@apple.com>

        WebVTT percentage value can be a float
        https://bugs.webkit.org/show_bug.cgi?id=134511

        Reviewed by Brent Fulgham.

        No new tests, existing tests modified.

        * html/track/TextTrackCueGeneric.cpp:
        (WebCore::TextTrackCueGeneric::setLine): int -> double.
        (WebCore::TextTrackCueGeneric::setPosition): Ditto.
        * html/track/TextTrackCueGeneric.h:

        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::setLine): Ditto.
        (WebCore::VTTCue::setPosition):  Ditto.
        (WebCore::VTTCue::setCueSettings): Support floating point values for line, position, and size.
        (WebCore::scanPercentage): Deleted.
        * html/track/VTTCue.h:

        * html/track/VTTScanner.cpp:
        (WebCore::VTTScanner::scanFloat): Support negative values.
        * html/track/VTTScanner.h:

        * html/track/WebVTTParser.cpp: Include parseFloatPercentageValue in non-WEBVTT_REGIONS builds.
        * html/track/WebVTTParser.h:

        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
        (WebCore::InbandTextTrackPrivateAVF::processCueAttributes): Drive by change to take a cue
            reference rather than a pointer.
        (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Ditto.
        (WebCore::InbandTextTrackPrivateAVF::removeCompletedCues): Loop over all cues, don't LOG that
            we are asking the client to delete the cue because the client will have already deleted
            it when status when to GenericCueData::Complete.
        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.h:

2014-07-01  Simon Fraser  <simon.fraser@apple.com>

        Improve behavior of position:sticky on zoomed pages
        https://bugs.webkit.org/show_bug.cgi?id=134535
        <rdar://problem/12898829>

        Reviewed by Dean Jackson.

        Despite r138036, position:sticky still had incorrect behavior in zoomed pages.
        
        Fix by removing the scaling of the rect from viewportConstrainedVisibleContentRect(),
        since all the other math happens in unscaled coordinates.

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::constrainingRectForStickyPosition):

2014-07-01  Alex Christensen  <achristensen@webkit.org>

        [WebGL] Fix PVRTC extension.
        https://bugs.webkit.org/show_bug.cgi?id=134525

        Reviewed by Dean Jackson.

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::validateCompressedTexDimensions):
        Remove the return false which I mistakenly committed in r170128
        and make the gl error match the S3TC error and the khronos test.

2014-07-01  Chris Fleizach  <cfleizach@apple.com>

        AX: iOS does not expose ARIA toggle buttons at all (not even as a regular button)
        https://bugs.webkit.org/show_bug.cgi?id=133875

        Reviewed by Enrica Casucci.

        Support the toggle button type in iOS.

        Test: platform/ios-sim/accessibility/toggle-button.html

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper accessibilityCanFuzzyHitTest]):
        (-[WebAccessibilityObjectWrapper accessibilityTraits]):
        (-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):

2014-07-01  Dean Jackson  <dino@apple.com>

        [iOS] Subsampled JPEG images do not draw correctly via the canvas APIs
        https://bugs.webkit.org/show_bug.cgi?id=134513
        <rdar://problem/12078860>
        <rdar://problem/16745393>

        Reviewed by Tim Horton.

        Subsampled images (e.g. JPEG) were not consistently using
        their original dimensions and subsampled dimensions. This caused
        things like texImage2D to pack the pixels incorrectly, or drawImage
        to squish the rendering.

        Renamed m_scale to m_subsamplingScale on FrameData.

        Tests: fast/canvas/image-potential-subsample.html
               fast/canvas/webgl/tex-image-and-sub-image-2d-with-potentially-subsampled-image.html

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::cacheFrame): Rename to m_subsamplingScale.
        (WebCore::BitmapImage::frameAtIndex): Ditto.
        * platform/graphics/BitmapImage.h:
        (WebCore::FrameData::FrameData): Ditto.
        * platform/graphics/cg/BitmapImageCG.cpp:
        (WebCore::FrameData::clear): Ditto.
        (WebCore::BitmapImage::BitmapImage): Ditto.
        (WebCore::BitmapImage::draw): Use a scaledSrcRect that reflects the subsampled size,
        rather than assuming the srcRect accurately reflects how many pixels we have
        in the Bitmap.
        (WebCore::BitmapImage::copyUnscaledFrameAtIndex):
        * platform/graphics/cg/GraphicsContext3DCG.cpp:
        (WebCore::GraphicsContext3D::ImageExtractor::extractImage): Similar fix, although this
        time we just ask the image decoder to take into account the subsampled size
        when it is "generating" a frame, causing it to use the bitmap data it has already
        decoded.

2014-07-01  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Selected DOM element highlights invisible near bottom of the viewport (topContentInset?)
        https://bugs.webkit.org/show_bug.cgi?id=133818

        Reviewed by Beth Dakin.

        * inspector/InspectorOverlay.cpp:
        (WebCore::InspectorOverlay::update):
        Take the topContentInset into account when sizing the InspectorOverlay's FrameView.

2014-07-01  Chris Fleizach  <cfleizach@apple.com>

        AX: HTML indeterminate IDL attribute not mapped to checkbox value=2
        https://bugs.webkit.org/show_bug.cgi?id=134492

        Reviewed by Andreas Kling.

        Support the indeterminate attribute in AX code.

        Test: Update existing test: accessibility/aria-checked-mixed-value

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::checkboxOrRadioValue):

2014-07-01  Myles C. Maxfield  <mmaxfield@apple.com>

        Typing an automatic text replacement phrase after a br in contenteditable is not rendered as expected
        https://bugs.webkit.org/show_bug.cgi?id=133883

        Reviewed by Enrica Casucci.

        enclosingDeletableElement() makes sure that the element's container is editable, but not
        that it is capable of having content inside it (like how a <br> can't).

        No new tests. I don't think this is testable because it requires setting some state in System Preferences.

        * editing/DeleteButtonController.cpp:
        (WebCore::enclosingDeletableElement):

2014-07-01  Alex Christensen  <achristensen@webkit.org>

        [iOS] Unreviewed build fix after r170640.

        * page/EditorClient.h:
        (WebCore::EditorClient::selectedTelephoneNumberRangesChanged):
        Add ifdefs to make everything compile and link.

2014-07-01  Daniel Bates  <dabates@apple.com>

        Remove unnecessary calls to std::move()
        https://bugs.webkit.org/show_bug.cgi?id=134493

        Reviewed by Anders Carlsson.

        * Modules/encryptedmedia/CDM.cpp:
        (WebCore::CDM::CDM):
        * css/CSSGrammar.y.in:
        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::formatNumberValue):
        * css/MediaQuery.cpp:
        (WebCore::MediaQuery::MediaQuery):
        * platform/graphics/mac/FontMac.mm:
        (WebCore::Font::dashesForIntersectionsWithRect):

2014-07-01  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Pixel crack in breadcrumbs at devforums.apple.com.
        https://bugs.webkit.org/show_bug.cgi?id=134491

        Reviewed by Simon Fraser.

        Do not early round geometry values, while computing background image position. It changes the final
        subpixel values and that could lead to wrong snap positions.
        pixelSnapBackgroundImageGeometryForPainting() takes care of geometry snapping.

        Test: fast/backgrounds/background-image-size-double-rounding.html

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):

2014-07-01  Pratik Solanki  <psolanki@apple.com>

        Create NSURLRequest lazily when USE(CFNETWORK) is enabled
        https://bugs.webkit.org/show_bug.cgi?id=134441

        Reviewed by Andreas Kling.

        No new tests. Should be covered by existing tests.

        * platform/network/cf/ResourceRequest.h:
        (WebCore::ResourceRequest::ResourceRequest):
        (WebCore::ResourceRequest::encodingRequiresPlatformData):
        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::ResourceRequest::doUpdatePlatformRequest):
        (WebCore::ResourceRequest::doUpdatePlatformHTTPBody):
        (WebCore::ResourceRequest::setStorageSession):
        * platform/network/cocoa/ResourceRequestCocoa.mm:
        (WebCore::ResourceRequest::nsURLRequest):

2014-07-01  Brady Eidson  <beidson@apple.com>

        Combine the Telephone and Selection overlay controllers, updating UI behavior.
        https://bugs.webkit.org/show_bug.cgi?id=134461

        Reviewed by Tim Horton.

        * WebCore.exp.in:

        * dom/Range.cpp:
        (WebCore::Range::contains): Returns true if the Range completely contains the passed-in Range.
        * dom/Range.h:

2014-07-01  Antti Koivisto  <antti@apple.com>

        REGRESSION(160908): vube.com video won't play after going into and out of fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=134489

        Reviewed by Zalan Bujtas.

        Test: fullscreen/full-screen-plugin.html

        It is difficult to restore the render tree correctly in all cases after removing a full screen
        renderer from the tree. r160908 avoided dealing with this by simply always reconstructing the subtree.
        Unfortunately plugin lifetime is currently tied to its renderer so this would cause the plugin to restart.
        
        With this patch we avoid reconstruction in normal cases and only force it if the render tree is complicated.

        * dom/Document.cpp:
        (WebCore::unwrapFullScreenRenderer):
        
            Force reconstruction conditionally.

        (WebCore::Document::webkitWillEnterFullScreenForElement):
        (WebCore::Document::webkitDidExitFullScreenForElement):
        * rendering/RenderFullScreen.cpp:
        (WebCore::RenderFullScreen::wrapRenderer):
        (WebCore::RenderFullScreen::unwrapRenderer):
        
            Deal with the simple case of single child, possibly in anonymous wrapper.
            In other cases request reconstruction.
            This is covered by the existing fullscreen tests.

        * rendering/RenderFullScreen.h:

2014-07-01  Zan Dobersek  <zdobersek@igalia.com>

        Remove remaining Vector<> copies in WebCore accessibility code
        https://bugs.webkit.org/show_bug.cgi?id=133263

        Reviewed by Darin Adler.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::notificationPostTimerFired): Don't copy the Vector member and
        then clear it -- move it into the local variable instead.
        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::ariaLabeledByText): Move the axElements Vector into
        the AccessibilityText constructor.
        (WebCore::AccessibilityNodeObject::stringValue): Create a const reference to the Vector of
        HTMLSelectElement's list items instead of copying it.
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityText::AccessibilityText): Take the Vector parameter by non-const
        value and move it into the member variable.
        * accessibility/AccessibilityRenderObject.cpp: 
        (WebCore::AccessibilityRenderObject::stringValue): Create a const reference to the Vector
        of HTMLSelectElement's list items instead of copying it.
        (WebCore::AccessibilityRenderObject::ariaSelectedRows): Wrap the AccessibilityChildrenVector
        iteration in a lambda. Use it to iterate over either the newly-constructed Vector (in case
        the object has the tree role) or the reference to the vector returned by
        AccessibilityTable::rows() (in case the object is an AccessibilityTable instance).

2014-06-30  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r170605.
        https://bugs.webkit.org/show_bug.cgi?id=134484

        The changes cause crashes on ARM64 (Requested by benjaminp on
        #webkit).

        Reverted changeset:

        "Reduce dynamic memory allocation in css jit."
        https://bugs.webkit.org/show_bug.cgi?id=134416
        http://trac.webkit.org/changeset/170605

2014-06-30  Anders Carlsson  <andersca@apple.com>

        Change the AddBackForwardItem message to take a page state object
        https://bugs.webkit.org/show_bug.cgi?id=134475

        Reviewed by Andreas Kling.

        * WebCore.exp.in:

2014-06-30  Benjamin Poulain  <benjamin@webkit.org>

        [iOS][WK2] Do not put tap highlight on images that are not in links, and on applet/embed/object
        https://bugs.webkit.org/show_bug.cgi?id=134471
        <rdar://problem/17513542>

        Reviewed by Enrica Casucci.

        UIKit has some special code to avoid tap highlight on certain type of object. This is not very flexible
        since the page has no way of overriding that behavior.

        This patch implement the same feature by changing the default stylesheet. The tap highlight is disabled
        by default for those object, and enabled for images that are in a link.

        * css/html.css:
        (applet, embed, object, img):
        (:-webkit-any-link img):

2014-06-30  Myles C. Maxfield  <mmaxfield@apple.com>

        All Indic text is rendered as boxes on iOS
        https://bugs.webkit.org/show_bug.cgi?id=134464

        Reviewed by Simon Fraser.

        I made a typo in r170207.

        Test: fast/text/indic.html

        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::languageSpecificFallbackFont):

2014-06-30  Myles C. Maxfield  <mmaxfield@apple.com>

        [iOS] languageSpecificFallbackFont() is not consistent
        https://bugs.webkit.org/show_bug.cgi?id=134473

        Reviewed by Darin Adler.

        It can use "<" throughout the function as well as keeping the fallthrough behavior consistent.

        No tests because there is no behavior change.

        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::languageSpecificFallbackFont):

2014-06-30  Brent Fulgham  <bfulgham@apple.com>

        [Win] Unreviewed gardening.

        * WebCore.vcxproj/WebCore.vcxproj: Do not compile JSFileException
        and JSFileReaderSync multiple times.

2014-06-30  Daniel Bates  <dabates@apple.com>

        Avoid copying function object in lambda function in ScrollingThread::dispatchBarrier(); actually use move semantics
        https://bugs.webkit.org/show_bug.cgi?id=134470

        Reviewed by Anders Carlsson.

        Currently we always copy construct the captured std::function object when calling callOnMainThread()
        in the lambda function created in ScrollingThread::dispatchBarrier() because captured variables are
        const in a lambda expression's body by default. That is, the std::function object is captured as const.
        Instead, we should mark this lambda expression as mutable so the captured std::function object is
        non-const and hence we can use move semantics when passing it to callOnMainThread().

        * page/scrolling/ScrollingThread.cpp:
        (WebCore::ScrollingThread::dispatchBarrier):

2014-06-30  Anders Carlsson  <andersca@apple.com>

        Adopt the legacy session decoding inside WebPage::restoreSession for now
        https://bugs.webkit.org/show_bug.cgi?id=134465

        Reviewed by Sam Weinig.

        * WebCore.exp.in:

2014-06-30  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r170578.
        https://bugs.webkit.org/show_bug.cgi?id=134462

        causes assertions loading nytimes.com on iOS (Requested by
        smfr on #webkit).

        Reverted changeset:

        "Create NSURLRequest lazily when USE(CFNETWORK) is enabled"
        https://bugs.webkit.org/show_bug.cgi?id=134441
        http://trac.webkit.org/changeset/170578

2014-06-30  Alex Christensen  <achristensen@webkit.org>

        Reduce dynamic memory allocation in css jit.
        https://bugs.webkit.org/show_bug.cgi?id=134416

        Reviewed by Benjamin Poulain.

        * cssjit/FunctionCall.h:
        (WebCore::FunctionCall::FunctionCall):
        (WebCore::FunctionCall::saveAllocatedCallerSavedRegisters):
        * cssjit/RegisterAllocator.h:
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoClassType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generatePrologue):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
        Use inlineCapacity template parameter to reduce malloc calls.
        I use 16 and 32 as the inline capacity for non-register related vectors because that
        is probably big enough for the selector compiler, and if it is not then a malloc
        call will not be significant because the selector is very complex.
        * cssjit/StackAllocator.h:
        (WebCore::StackAllocator::push):
        Pass a vector of stack references to match calls to pop and to avoid a call to appendVector.

2014-06-30  Alex Christensen  <achristensen@webkit.org>

        Use non-thumb registers in armv7 css jit.
        https://bugs.webkit.org/show_bug.cgi?id=134450

        Reviewed by Geoff Garen.

        * cssjit/RegisterAllocator.h:
        (WebCore::RegisterAllocator::isValidRegister):
        (WebCore::RegisterAllocator::isCallerSavedRegister):
        Use additional general purpose registers.
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::compile):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
        Always succeed when compiling css selectors.

2014-06-30  Myles C. Maxfield  <mmaxfield@apple.com>

        Tiles on bottom of screen are not always allocated when necessary
        https://bugs.webkit.org/show_bug.cgi?id=134272

        Reviewed by Simon Fraser.

        The initial visibleRect is in the coordinate of the root layer, so its origin
        is at the top left of the view. The initial rect we were using doesn't
        include the contents inset, so it was too short, which was causing tiles near
        the bottom of the screen to not always be allocated if the tile threshold was
        close to the bottom of the view. Instead, we want to include the contents
        inset size so the visible rect includes the entire view.
        GraphicsLayerCA::recursiveCommitChanges() takes care of mapping and cropping
        the visible rect into the tiled layer's coordinate system, at which point it
        is used for visible tile logic.

        Test: platform/mac-wk2/tiled-drawing/visible-rect-content-inset.html

        * platform/graphics/ca/TileCoverageMap.cpp:
        (WebCore::TileCoverageMap::update):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::flushPendingLayerChanges):

2014-06-30  Brent Fulgham  <bfulgham@apple.com>

        [Win] Unreviewed project gardening.

        * WebCore.vcxproj/WebCore.vcxproj: Clean up path information so
        files appear in appropriate places in project view.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.

2014-06-30  Zalan Bujtas  <zalan@apple.com>

        Remove redundant repaintCompositedLayers() parameter and its dependencies.
        https://bugs.webkit.org/show_bug.cgi?id=134431

        Reviewed by Darin Adler.

        No change in functionality.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::convertToPixelSnappedLayerCoords): Deleted.
        (WebCore::RenderLayer::convertToLayerCoords): Deleted.
        * rendering/RenderLayer.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::repaintCompositedLayers):
        (WebCore::RenderLayerCompositor::recursiveRepaintLayer):
        * rendering/RenderLayerCompositor.h:

2014-06-30  Alex Christensen  <achristensen@webkit.org>

        Remove webkit prefix from pointer lock.
        https://bugs.webkit.org/show_bug.cgi?id=134312

        Reviewed by Dean Jackson.

        * dom/Document.cpp:
        (WebCore::Document::exitPointerLock):
        (WebCore::Document::pointerLockElement):
        (WebCore::Document::webkitExitPointerLock): Deleted.
        (WebCore::Document::webkitPointerLockElement): Deleted.
        * dom/Document.h:
        * dom/Document.idl:
        * dom/Element.cpp:
        (WebCore::Element::requestPointerLock):
        (WebCore::Element::webkitRequestPointerLock): Deleted.
        * dom/Element.h:
        * dom/Element.idl:
        * dom/EventNames.h:
        * dom/MouseEvent.idl:
        * dom/MouseRelatedEvent.h:
        (WebCore::MouseRelatedEvent::movementX):
        (WebCore::MouseRelatedEvent::movementY):
        (WebCore::MouseRelatedEvent::webkitMovementX): Deleted.
        (WebCore::MouseRelatedEvent::webkitMovementY): Deleted.
        * page/PointerLockController.cpp:
        (WebCore::PointerLockController::PointerLockController):
        Initialize all data members.
        (WebCore::PointerLockController::requestPointerLock):
        (WebCore::PointerLockController::didAcquirePointerLock):
        (WebCore::PointerLockController::didNotAcquirePointerLock):
        (WebCore::PointerLockController::didLosePointerLock):

2014-06-30  Myles C. Maxfield  <mmaxfield@apple.com>

        U16_IS_SURROGATE should not be called with a UChar32
        https://bugs.webkit.org/show_bug.cgi?id=134440

        Reviewed by Darin Adler.

        No new tests because there is no behavior change.

        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::advanceByCombiningCharacterSequence):

2014-06-30  Ryuan Choi  <ryuan.choi@samsung.com>

        [EFL] Remove m_evasObject from Widget
        https://bugs.webkit.org/show_bug.cgi?id=134442

        Reviewed by Gyuyoung Kim.

        Since WebKit1/EFL was dropped, we don't need to keep the m_evasObject
        in the Widget.cpp because it's not used for WebKit2/Efl.

        * platform/Widget.h:
        (WebCore::Widget::evasObject): Deleted.
        * platform/efl/ScrollbarEfl.cpp:
        Removed WebKit1/Efl specific code which uses m_evasObject.
        It will be a dummy until WebKit2/Efl support proper scrollbar implementation.
        (WebCore::ScrollbarEfl::ScrollbarEfl):
        (WebCore::ScrollbarEfl::~ScrollbarEfl):
        (WebCore::ScrollbarEfl::setParent):
        (WebCore::ScrollbarEfl::frameRectsChanged):
        (WebCore::ScrollbarEfl::invalidate):
        (ScrollbarEfl::ScrollbarEfl): Deleted.
        (ScrollbarEfl::~ScrollbarEfl): Deleted.
        (scrollbarEflEdjeMessage): Deleted.
        (ScrollbarEfl::setParent): Deleted.
        (ScrollbarEfl::updateThumbPosition): Deleted.
        (ScrollbarEfl::updateThumbProportion): Deleted.
        (ScrollbarEfl::updateThumbPositionAndProportion): Deleted.
        (ScrollbarEfl::frameRectsChanged): Deleted.
        (ScrollbarEfl::invalidate): Deleted.
        * platform/efl/ScrollbarEfl.h:
        Removed unnecessary methods. In addition, applied final, override keyword.
        (WebCore::ScrollbarEfl::handleMouseMoveEvent): Deleted.
        (WebCore::ScrollbarEfl::handleMouseOutEvent): Deleted.
        (WebCore::ScrollbarEfl::handleMousePressEvent): Deleted.
        (WebCore::ScrollbarEfl::handleMouseReleaseEvent): Deleted.
        * platform/efl/WidgetEfl.cpp:
        (WebCore::Widget::Widget):
        (WebCore::Widget::setEvasObject): Deleted.

2014-06-30  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>

        Fix deprecated warning with bison 3
        https://bugs.webkit.org/show_bug.cgi?id=133791

        Reviewed by Csaba Osztrogonác.

        No new tests because no functional changes.

        * css/CSSGrammar.y.in:
        * xml/XPathGrammar.y:

2014-06-30  Jaehun Lim  <ljaehun.lim@samsung.com>

        Remove HarfBuzzShaper::setDrawRange()
        https://bugs.webkit.org/show_bug.cgi?id=134243

        Reviewed by Gyuyoung Kim.

        setDrawRange() is not used anywhere. Remove it.
        And m_fromIndex and m_toIndex are changed by only setDrawRange().
        So remove them too and use the default values instead of them.

        No new tests, no behavior changes.

        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::HarfBuzzShaper):
        (WebCore::HarfBuzzShaper::fillGlyphBufferFromHarfBuzzRun):
            currentCharacterIndex is unsigned, always greater than 0. Clean up if statements.
        (WebCore::HarfBuzzShaper::setDrawRange): Deleted.
        * platform/graphics/harfbuzz/HarfBuzzShaper.h:

2014-06-29  Pratik Solanki  <psolanki@apple.com>

        Create NSURLRequest lazily when USE(CFNETWORK) is enabled
        https://bugs.webkit.org/show_bug.cgi?id=134441

        Reviewed by Sam Weinig.

        No new tests. Should be covered by exsting tests.

        * platform/network/cf/ResourceRequest.h:
        (WebCore::ResourceRequest::ResourceRequest):
        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::ResourceRequest::doUpdatePlatformRequest):
        (WebCore::ResourceRequest::doUpdatePlatformHTTPBody):
        (WebCore::ResourceRequest::setStorageSession):
        * platform/network/cocoa/ResourceRequestCocoa.mm:
        (WebCore::ResourceRequest::nsURLRequest):

2014-06-29  Ryuan Choi  <ryuan.choi@samsung.com>

        [EFL] Remove netscape plugin implementation from WebCore
        https://bugs.webkit.org/show_bug.cgi?id=134438

        Reviewed by Gyuyoung Kim.

        Because WebKit1/Efl was dropped, PluginPackageEfl.cpp and PluginViewEfl.cpp are not necessary.

        * PlatformEfl.cmake:
        * plugins/efl/PluginPackageEfl.cpp: Removed.
        * plugins/efl/PluginViewEfl.cpp: Removed.
        * plugins/x11/PluginViewX11.cpp: Removed.
        This file is to share common code between WebKit1/Efl and WebKit1/GTk.
        Now, both ports are dropped WebKit1 support and the GTK port already removed the related files at r167016.

2014-06-29  Yoav Weiss  <yoav@yoav.ws>

        Add support for HTMLImageElement's sizes attribute
        https://bugs.webkit.org/show_bug.cgi?id=133620

        Reviewed by Dean Jackson.

        Tests: fast/dom/HTMLImageElement/sizes/image-sizes-1x.html
               fast/dom/HTMLImageElement/sizes/image-sizes-2x.html
               fast/dom/HTMLImageElement/sizes/image-sizes-js-change.html
               fast/dom/HTMLImageElement/sizes/image-sizes-js-innerhtml.html
               http/tests/loading/sizes/preload-image-sizes-2x.html
               http/tests/loading/sizes/preload-image-sizes.html

        This patch adds support for HTMLImageElement's sizes attribute and the
        related srcset extended syntax as defined in
        http://picture.responsiveimages.org/.
        This sizes attribute syntax is added to the CSSGrammar and parsed by
        the CSSParser.
        The SourceSizeList class is generated by the parser, and used to get
        the final source size.
        HTMLImageElement and HTMLPreloadScanner send this value to
        HTMLSrcsetParser.
        HTMLSrcsetParser uses this value in order to pick the right resource.

        * CMakeLists.txt: Added css/SourceSizeList.cpp.
        * Configurations/FeatureDefines.xcconfig: Added the PICTURE_SIZES flag.
        * WebCore.vcxproj/WebCore.vcxproj: Added css/SourceSizeList.*.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Added css/SourceSizeList.*.
        * WebCore.xcodeproj/project.pbxproj: Added css/SourceSizeList.*.
        * css/CSSGrammar.y.in: Added 4 grammar rules that define a Media condition,
        Source size list, Source size length and source size.
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseSizesAttribute): Parse the sizes attribute.
        (WebCore::CSSParser::detectAtToken): Set the token to SIZESATTR.
        * css/CSSParser.h:
        * css/SourceSizeList.cpp: Added. Defined the SourceSize and SourceSizeList classes.
        (WebCore::SourceSize::match):
        (WebCore::computeLength):
        (WebCore::defaultValue):
        (WebCore::SourceSize::length):
        (WebCore::SourceSizeList::parseSizesAttribute):
        (WebCore::SourceSizeList::getEffectiveSize):
        * css/SourceSizeList.h: Added.
        (WebCore::SourceSize::SourceSize):
        (WebCore::SourceSizeList::append):
        * html/HTMLImageElement.cpp: Integrated sizes attribute parsing and added currentSrc.
        (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
        (WebCore::HTMLImageElement::parseAttribute):
        (WebCore::HTMLImageElement::currentSrc):
        * html/HTMLImageElement.h:
        * html/HTMLImageElement.idl:
        * html/parser/HTMLDocumentParser.cpp: Added information required for sizes parsing to
        HTMLPreloadScanner calls.
        (WebCore::HTMLDocumentParser::pumpTokenizer):
        (WebCore::HTMLDocumentParser::insert):
        (WebCore::HTMLDocumentParser::append):
        (WebCore::HTMLDocumentParser::appendCurrentInputStreamToPreloadScannerAndScan):
        * html/parser/HTMLPreloadScanner.cpp: Integrated sizes attribute parsing.
        (WebCore::TokenPreloadScanner::StartTagScanner::processAttributes):
        (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):
        (WebCore::TokenPreloadScanner::scan):
        (WebCore::HTMLPreloadScanner::scan):
        * html/parser/HTMLPreloadScanner.h:
        * html/parser/HTMLSrcsetParser.cpp: Added 'w' descriptor parsing sizes based normalization.
        (WebCore::parseDescriptors):
        (WebCore::pickBestImageCandidate):
        (WebCore::bestFitSourceForImageAttributes):
        * html/parser/HTMLSrcsetParser.h:

2014-06-29  Andreas Kling  <akling@apple.com>

        No need to lazily initialize ResourceResponse internals when accessing timing data.
        <https://webkit.org/b/134437>
        <rdar://problem/17499876>

        When building with ENABLE(WEB_TIMING), the last thing that would happen when
        serializing a ResourceResponse in the network process is that we'd retrieve
        the ResourceLoadTiming to encode it as part of the response. Doing so would
        trigger the lazy instantiation of ResourceResponse's internal data structures.

        Since timing data is not actually lazily instantiated, we can just not do that.

        This shaves off ~550ms of network process main thread time on PLT, reducing
        response latency by not doing unnecessary stuff before letting the web process
        look at the downloaded data.

        Reviewed by Gavin Barraclough.

        * WebCore.exp.in:
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::adopt):
        (WebCore::ResourceResponseBase::resourceLoadTiming): Deleted.
        (WebCore::ResourceResponseBase::setResourceLoadTiming): Deleted.
        * platform/network/ResourceResponseBase.h:
        (WebCore::ResourceResponseBase::resourceLoadTiming):

2014-06-29  Pratik Solanki  <pratik.solanki@gmail.com>

        Refactor ResourceRequest into Cocoa and iOS specific files
        https://bugs.webkit.org/show_bug.cgi?id=134430

        Reviewed by Andreas Kling.

        No new tests because no functional changes.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::ResourceRequest::applyWebArchiveHackForMail): Deleted.
        * platform/network/cocoa/ResourceRequestCocoa.mm: Copied from Source/WebCore/platform/network/mac/ResourceRequestMac.mm.
        (WebCore::ResourceRequest::nsURLRequest):
        (WebCore::ResourceRequest::cfURLRequest):
        (WebCore::ResourceRequest::doUpdateResourceRequest):
        (WebCore::ResourceRequest::doUpdateResourceHTTPBody):
        (WebCore::ResourceRequest::doUpdatePlatformRequest):
        (WebCore::ResourceRequest::doUpdatePlatformHTTPBody):
        (WebCore::ResourceRequest::updateFromDelegatePreservingOldProperties):
        (WebCore::ResourceRequest::applyWebArchiveHackForMail):
        (WebCore::ResourceRequest::setStorageSession):
        * platform/network/ios/ResourceRequestIOS.mm: Added.
        (WebCore::ResourceRequest::useQuickLookResourceCachingQuirks):
        (WebCore::ResourceRequest::ResourceRequest):
        (WebCore::ResourceRequest::updateNSURLRequest):
        * platform/network/mac/ResourceRequestMac.mm:
        (WebCore::initQuickLookResourceCachingQuirks):
        (WebCore::ResourceRequest::useQuickLookResourceCachingQuirks):
        (WebCore::ResourceRequest::ResourceRequest):
        (WebCore::ResourceRequest::updateNSURLRequest):
        (WebCore::ResourceRequest::applyWebArchiveHackForMail):
        (WebCore::ResourceRequest::nsURLRequest): Deleted.
        (WebCore::ResourceRequest::cfURLRequest): Deleted.
        (WebCore::ResourceRequest::doUpdateResourceRequest): Deleted.
        (WebCore::ResourceRequest::doUpdateResourceHTTPBody): Deleted.
        (WebCore::ResourceRequest::doUpdatePlatformRequest): Deleted.
        (WebCore::ResourceRequest::doUpdatePlatformHTTPBody): Deleted.
        (WebCore::ResourceRequest::updateFromDelegatePreservingOldProperties): Deleted.
        (WebCore::ResourceRequest::setStorageSession): Deleted.

2014-06-29  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        TextCodecICU::encode turns the whole string as yen signs if there is any backslash in it
        https://bugs.webkit.org/show_bug.cgi?id=133678

        Reviewed by Alexey Proskuryakov.

        Test: fast/encoding/backslash-encoding-jp.html

        * platform/text/TextCodecICU.cpp:
        (WebCore::TextCodecICU::encode): fixed the copy of characters other than backslash.

2014-06-28  Dean Jackson  <dino@apple.com>

        [iOS] Pinching into a video (fullscreen gesture) leaves page zoomed in
        https://bugs.webkit.org/show_bug.cgi?id=134433
        <rdar://problem/16630794>

        Reviewed by Eric Carlson.

        Detect the number of target touches (those directly on the
        video element) and disable the page zoom if it looks
        like the user is trying to trigger fullscreen.

        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.handleBaseGestureStart): If we are seeing
        two touches in this video element, don't trigger fullscreen. The
        exception is if we haven't yet started playback.
        (ControllerIOS.prototype.handleBaseGestureChange): Don't allow fullscreen
        if we haven't started playback (iOS 7 behaviour).
        (ControllerIOS.prototype.handleWrapperTouchStart): Keep track of the
        number of targetted touches.

2014-06-27  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] position:fixed inside accelerated overflow:scroll is jumpy
        https://bugs.webkit.org/show_bug.cgi?id=134426
        <rdar://problem/17474523>

        Reviewed by Tim Horton.

        After committing a new layer tree (with possibly stale position:fixed layer
        positions), we need the scrolling tree to update those positions based on
        the current scroll offset.
        
        Give ScrollingTreeScrollingNode an implementation of updateLayersAfterAncestorChange()
        which is required to update fixed/sticky child nodes.

        * WebCore.exp.in:
        * page/scrolling/ScrollingTreeScrollingNode.cpp:
        (WebCore::ScrollingTreeScrollingNode::updateLayersAfterAncestorChange):
        * page/scrolling/ScrollingTreeScrollingNode.h:

2014-06-28  Juan A. Suarez Romero  <jasuarez@igalia.com>  and  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Use public getter/setter in GObject DOM bindings properties implementation.
        https://bugs.webkit.org/show_bug.cgi?id=134390.

        Reviewed by Carlos Garcia Campos.

        The current GObject DOM bindings generator is duplicating code when
        implementing the get/set_property methods and the public
        getters/setters, instead of making one invoking the other.
        
        This commit changes this behaviour so the code is not duplicated,
        making it easier to maintain.

        No new tests needed.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (GenerateProperty):
        (GenerateProperties):
        (WriteData):
        (GetCoreObject): Deleted.
        * bindings/scripts/test/GObject/WebKitDOMTestActiveDOMObject.cpp:
        (webkit_dom_test_active_dom_object_get_property):
        * bindings/scripts/test/GObject/WebKitDOMTestEventConstructor.cpp:
        (webkit_dom_test_event_constructor_get_property):
        * bindings/scripts/test/GObject/WebKitDOMTestException.cpp:
        (webkit_dom_test_exception_get_property):
        * bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp:
        (webkit_dom_test_interface_set_property):
        (webkit_dom_test_interface_get_property):
        * bindings/scripts/test/GObject/WebKitDOMTestNondeterministic.cpp:
        (webkit_dom_test_nondeterministic_set_property):
        (webkit_dom_test_nondeterministic_get_property):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_set_property):
        (webkit_dom_test_obj_get_property):
        * bindings/scripts/test/GObject/WebKitDOMTestSerializedScriptValueInterface.cpp:
        (webkit_dom_test_serialized_script_value_interface_get_property):
        * bindings/scripts/test/GObject/WebKitDOMTestTypedefs.cpp:
        (webkit_dom_test_typedefs_set_property):
        (webkit_dom_test_typedefs_get_property):
        * bindings/scripts/test/GObject/WebKitDOMattribute.cpp:
        (webkit_dom_test_exception_get_property):
        (webkit_dom_attribute_get_property):

2014-06-28  Radu Stavila  <stavila@adobe.com>

        [New Multicolumn] Elements with rounded corners and overflow:hidden do not properly clip their content
        https://bugs.webkit.org/show_bug.cgi?id=133941

        Reviewed by Darin Adler.

        When having a multicol element inside an element with overflow:hidden and border-radius,
        the fragments representing the columns need to have the border radius set also, to ensure
        proper clipping.

        Test: fast/multicol/newmulticol/multicol-clip-rounded-corners.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::collectFragments):

2014-06-27  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Background clipping with subpixel behaves differently when composited.
        https://bugs.webkit.org/show_bug.cgi?id=134422

        Reviewed by Simon Fraser.

        Adjust cliprect with the subpixel offset from the graphics layer the same way we do it for painting.
        It ensures that cliprect starts from the right position when graphics layer is not on the same
        coordinates as the associated render layer.

        Test: compositing/hidpi-compositing-layer-with-subpixel-offset-accumulation-clipping.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::clipToRect):
        (WebCore::RenderLayer::paintLayer):
        (WebCore::RenderLayer::applyFilters):
        (WebCore::RenderLayer::paintTransformedLayerIntoFragments):
        (WebCore::RenderLayer::paintBackgroundForFragments):
        (WebCore::RenderLayer::paintForegroundForFragments):
        (WebCore::RenderLayer::paintForegroundForFragmentsWithPhase):
        (WebCore::RenderLayer::paintOutlineForFragments):
        (WebCore::RenderLayer::paintMaskForFragments):
        (WebCore::RenderLayer::paintOverflowControlsForFragments):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayer.h:

2014-06-27  Brent Fulgham  <bfulgham@apple.com>

        [Win] Implement parts of the AVFOUNDATION_LOADER_DELEGATE logic for Windows
        https://bugs.webkit.org/show_bug.cgi?id=134418

        Reviewed by Eric Carlson.

        Land an initial implementation of AVFOUNDATION_LOADER_DELEGATE for
        Windows.

        * DerivedSources.cpp: Add new IDL files
        * DerivedSources.make: Add check for AVFOUNDATION_LOADER_DELEGATE.
        * Modules/encryptedmedia/CDMPrivateMediaPlayer.cpp: Added (ported from
        Objective C.)
        * WebCore.vcxproj/WebCore.vcxproj: Update for new files.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * WebCore.vcxproj/WebCoreCommon.props: Add new search paths.
        * WebCore.vcxproj/WebCoreTestSupport.vcxproj: Update for new files.
        * WebCore.vcxproj/WebCoreTestSupport.vcxproj.filters: Ditto.
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::extractKeyURIKeyIDAndCertificateFromInitData):
        Moved from MediaPlayerPrivateAVFoundationObjC.
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
        * platform/graphics/avfoundation/cf/AVFoundationCFSoftLinking.h:
        Update for new API calls.
        * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.cpp: Added.
        * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.h: Added.
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        Updated for new AVFOUNDATION_LOADER_DELEGATE methods.
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h:
        * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp: Added.
        * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.h: Added.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        Remove method that was moved to base class.

2014-06-27  Benjamin Poulain  <benjamin@webkit.org>

        Remove BufferForAppendingHyphen
        https://bugs.webkit.org/show_bug.cgi?id=134376

        Reviewed by Darin Adler.

        It is legacy, from a time when that code was using a Vector.

        The problem is that StringBuilder's memory was also implicitly used to keep
        the string alive for the lifespan of the TextRun. That seems quite dangerous
        as changes in StringBuilder could have changed that.

        To fix the lifetime issue, my first idea was to make it explicit by passing
        a String reference to hold the memory alive, and a boolean to say if the text
        need an hyphen. The problem with that is this code is very hot and I made things
        worse.

        The solution with this patch is to just pass a pointer to a String to do both
        the buffer reference, and the decision to add the hyphen. Having a single
        argument with 2 meanings is not pretty but that's not worse than the old buffer.

        * editing/TextIterator.cpp:
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::localSelectionRect):
        (WebCore::InlineTextBox::paint):
        (WebCore::InlineTextBox::paintSelection):
        (WebCore::InlineTextBox::constructTextRun):
        (WebCore::adjustCharactersAndLengthForHyphen): Deleted.
        * rendering/InlineTextBox.h:
        (WebCore::BufferForAppendingHyphen::BufferForAppendingHyphen): Deleted.
        * rendering/RenderText.cpp:

2014-06-27  Jeremy Jones  <jeremyj@apple.com>

        Lazily link frameworks in WebVideoFullscreenInterfaceAVKit.
        https://bugs.webkit.org/show_bug.cgi?id=134407

        Reviewed by Eric Carlson.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerController init]):
        Load AVPlayerController on use.
        (WebVideoFullscreenInterfaceAVKit::WebVideoFullscreenInterfaceAVKit):
        Remove loading on construction.
        (WebVideoFullscreenInterfaceAVKit::setCurrentTime): Load AVValueTiming on use.
        (WebVideoFullscreenInterfaceAVKit::setupFullscreen): Load several classes on use.
        (WebVideoFullscreenInterfaceAVKit::exitFullscreen): Load UIColor on use.

2014-06-27  Alex Christensen  <achristensen@webkit.org>

        Remove extra operations from 64-bit or on armv7.
        https://bugs.webkit.org/show_bug.cgi?id=134408

        Reviewed by Geoffrey Garen.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::addFlagsToElementStyleFromContext):
        Only do or operations if it would change values.
        Often we're only setting one flag, so half the operations are not necessary.

2014-06-27  Beth Dakin  <bdakin@apple.com>

        ScrollView::rootViewToTotalContents() needs to take topContentInset into account
        https://bugs.webkit.org/show_bug.cgi?id=134415
        -and corresponding-
        <rdar://problem/17473633>

        Reviewed by Simon Fraser.

        This affects hit testing in headers aka PageBanners.

        The root view will be anchored above the start of the total contents if there is a 
        topContentInset, so the inset value should be subtracted to get into the right 
        coordinate space here.
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::rootViewToTotalContents):

2014-06-27  Antti Koivisto  <antti@apple.com>

        Flush throttling with remote layers
        https://bugs.webkit.org/show_bug.cgi?id=134398

        Reviewed by Darin Adler.

        With remote layer trees the flush scheduling lives in the WebKit2 layer. The throttling code
        needs to live there as well.
        
        Add the required callbacks and disable the existing throttling code in RenderLayerCompositor
        when remote layers are in use. Later we can get rid of the RenderLayerCompositor throttling code.

        * WebCore.xcodeproj/project.pbxproj:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadProgressingStatusChanged):
        * page/ChromeClient.h:
        (WebCore::ChromeClient::adjustLayerFlushThrottling):
        * page/FrameView.cpp:
        (WebCore::FrameView::disableLayerFlushThrottlingTemporarilyForInteraction):
        (WebCore::FrameView::loadProgressingStatusChanged):
        
            Factor the progress status change activities to a function.

        (WebCore::FrameView::updateLayerFlushThrottling):
        (WebCore::FrameView::setExposedRect):
        
            Move the call to adjustTiledBackingCoverage from WebKit to here.

        (WebCore::FrameView::updateLayerFlushThrottlingInAllFrames): Deleted.
        * page/FrameView.h:
        * page/LayerFlushThrottleState.h: Added.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::RenderLayerCompositor):

2014-06-27  Brady Eidson  <beidson@apple.com>

        The user pressing a button on a gamepad should cause gamepads to become visible to all NavigatorGamepads.
        https://bugs.webkit.org/show_bug.cgi?id=134375

        Reviewed by Darin Adler.

        No new tests (Not yet a tested config)

        * Modules/gamepad/GamepadManager.cpp:
        (WebCore::GamepadManager::platformGamepadConnected): Also call to makeGamepadsVisibileToBlindNavigators.
        (WebCore::GamepadManager::platformGamepadDisconnected):
        (WebCore::GamepadManager::platformGamepadInputActivity): Call makeGamepadsVisibileToBlindNavigators.
        (WebCore::GamepadManager::makeGamepadsVisibileToBlindNavigators): Walk through each blind navigator
          notifying it of each connected Gamepad.
        (WebCore::GamepadManager::registerNavigator): Also add to the blind navigator set.
        (WebCore::GamepadManager::unregisterNavigator): Also remove from the blind navigator set.
        * Modules/gamepad/GamepadManager.h:

        * platform/GamepadProviderClient.h: Added platformGamepadInputActivity.

        * platform/mac/HIDGamepadProvider.cpp:
        (WebCore::HIDGamepadProvider::HIDGamepadProvider):
        (WebCore::HIDGamepadProvider::valuesChanged): Set the input notification timer which will notify the clients
          that a button was pressed.
        (WebCore::HIDGamepadProvider::inputNotificationTimerFired): Perform that notification.
        * platform/mac/HIDGamepadProvider.h:

2014-06-27  Brady Eidson  <beidson@apple.com>

        HIDGamepads should populate themselves with initial input values
        https://bugs.webkit.org/show_bug.cgi?id=134381

        Reviewed by Darin Adler.

        No new tests (Not yet a tested config)

        * platform/mac/HIDGamepad.cpp:
        (WebCore::HIDGamepad::getCurrentValueForElement):
        (WebCore::HIDGamepad::initElements):  Loop through all the saved elements to get current values.
        (WebCore::HIDGamepad::maybeAddButton):
        (WebCore::HIDGamepad::maybeAddAxis):
        * platform/mac/HIDGamepad.h:
        (WebCore::HIDGamepadElement::HIDGamepadElement):
        (WebCore::HIDGamepadButton::HIDGamepadButton):
        (WebCore::HIDGamepadAxis::HIDGamepadAxis):

2014-06-27  Peyton Randolph  <prandolph@apple.com>

        Add feature flag for link long-press gesture.
        https://bugs.webkit.org/show_bug.cgi?id=134262

        Reviewed by Enrica Casucci.

        * Configurations/FeatureDefines.xcconfig:
        Add ENABLE_LINK_LONG_PRESS.

2014-06-26  Brady Eidson  <beidson@apple.com>

        HIDGamepadProvider should only be active when someone is interested in Gamepads.
        https://bugs.webkit.org/show_bug.cgi?id=134374

        Reviewed by Darin Adler.

        No new tests (Not yet a tested config)

        * Modules/gamepad/GamepadManager.cpp:
        (WebCore::GamepadManager::registerNavigator): Add some logging.
        (WebCore::GamepadManager::unregisterNavigator): Ditto.

        * platform/mac/HIDGamepadProvider.cpp:
        (WebCore::HIDGamepadProvider::HIDGamepadProvider):
        (WebCore::HIDGamepadProvider::connectionDelayTimerFired): Stop suppressing connection callbacks
        (WebCore::HIDGamepadProvider::openAndScheduleManager):
        (WebCore::HIDGamepadProvider::closeAndUnscheduleManager): Stop listening for gamepad events, and clear
          all current gamepads.
        (WebCore::HIDGamepadProvider::startMonitoringGamepads): If the first client, call openAndScheduleManager
        (WebCore::HIDGamepadProvider::stopMonitoringGamepads): If the last client, call closeAndUnscheduleManager
        (WebCore::HIDGamepadProvider::deviceAdded): If this callback came while we were suppressing connection
          callbacks, it is a startup event for already-connected gamepads. Stop suppressing callbacks in a later
          spin of the runloop.
        (WebCore::HIDGamepadProvider::deviceRemoved):
        * platform/mac/HIDGamepadProvider.h:
        (WebCore::HIDGamepadProvider::setShouldDispatchCallbacks): Deleted.

2014-06-27  Alex Christensen  <achristensen@webkit.org>

        Prevent unnecessary register saving in css jit.
        https://bugs.webkit.org/show_bug.cgi?id=133955

        Reviewed by Geoff Garen.

        * cssjit/FunctionCall.h:
        (WebCore::FunctionCall::prepareAndCall):
        (WebCore::FunctionCall::cleanupPostCall):
        (WebCore::FunctionCall::saveAllocatedCallerSavedRegisters):
        (WebCore::FunctionCall::restoreAllocatedCallerSavedRegisters):
        (WebCore::FunctionCall::saveAllocatedRegisters): Renamed to saveAllocatedCallerSavedRegisters.
        (WebCore::FunctionCall::restoreAllocatedRegisters): Renamed to restoreAllocatedCallerSavedRegisters.
        Only push caller saved registers before function calls.
        * cssjit/RegisterAllocator.h:
        (WebCore::RegisterAllocator::isValidRegister):
        Corrected register ranges.
        (WebCore::RegisterAllocator::isCallerSavedRegister): Added.

2014-06-27  Beth Dakin  <bdakin@apple.com>

        Custom scrollbars should not create ScrollbarPainters on Mac
        https://bugs.webkit.org/show_bug.cgi?id=134406
        -and corresponding-
        <rdar://problem/16178301>

        Reviewed by Tim Horton.

        The solution here is to return early in ScrollbarThemeMac::registerScrollbar() if 
        the scrollbar is custom. However, since this function is called during the 
        RenderScrollbar and Scrollbar constructor, we need to re-implement 
        Scrollbar::isCustomScrollbar() to return a member variable that is passed into the 
        constructor. Otherwise, we will get Scrollbar’s implementation is 
        isCustomScrollbar() wrongfully returning false since instead of the derived
        class’s implementation. 

        Scrollbar constructor now has an option parameter isCustomScrollbar that defaults 
        to false. That value is returned by isCustomScrollbar()
        * platform/Scrollbar.cpp:
        (WebCore::Scrollbar::Scrollbar):
        * platform/Scrollbar.h:

        Return early if this is a custom scrollbar since the rest of the function deals 
        with creating a native scrollbar and getting it in the right state.
        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::ScrollbarThemeMac::registerScrollbar):

        Send true to the Scrollbar constructor to indicate that this is a custom 
        scrollbar.
        * rendering/RenderScrollbar.cpp:
        (WebCore::RenderScrollbar::RenderScrollbar):
        * rendering/RenderScrollbar.h:

2014-06-27  Eric Carlson  <eric.carlson@apple.com>

        [Mac] AVMetadataKeySpaceISOUserData not defined on 10.8
        https://bugs.webkit.org/show_bug.cgi?id=134401

        Reviewed by Jer Noble.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::metadataType): Use SOFT_LINK_POINTER_OPTIONAL for AVMetadataKeySpaceISOUserData
            so we don't have problems on OS versions where it isn't defined.

2014-06-27  Martin Hodovan  <mhodovan.u-szeged@partner.samsung.com>

        REGRESSION (r168685): css calc() expression fails 
        https://bugs.webkit.org/show_bug.cgi?id=134059

        The expression 'calc((100% - 20px) / 3' did not work properly after r168685,
        because primitiveType() function in CSSCalculationValue.cpp has handled
        CalcPercentLength and CalcPercentNumber categories as if they were angles.
        The patch fixes this incorrect behavior.

        Reviewed by Simon Fraser.

        Test: fast/css/calc-percentage-pixel.html

        * css/CSSCalculationValue.cpp:

2014-06-27  Jer Noble  <jer.noble@apple.com>

        [MSE] http/tests/media/media-source/mediasource-append-buffer.html is failing
        https://bugs.webkit.org/show_bug.cgi?id=134389

        Reviewed by Eric Carlson.

        Two subtests in mediasource-append-buffer.html are failing. Bring setDuration() up to spec
        by throwing an exception if the duration is called while any SourceBuffer is updating. Do
        not cancel pending events when a SourceBuffer is removed from its MediaSource. And mark the
        SourceBuffer as having pending activity if there are pending events to be fired.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::setDuration):
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::removedFromMediaSource):
        (WebCore::SourceBuffer::hasPendingActivity):

2014-06-26  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Fix touch-scrollable elements with overflow:scroll on just one axis, and RTL scrolling
        https://bugs.webkit.org/show_bug.cgi?id=134377
        <rdar://problem/16762224>

        Reviewed by Tim Horton.
        
        Make -webkit-overflow-scrolling:touch scrolling work correctly when one axis
        has overflow:scroll and the other overflow:hidden. Also fix scrolling in RTL
        contexts.
        
        An RTL scroller with overflow-x:hidden will have a non-zero scroll origin,
        and needs to truncate the scrolled content on the left side. To pass the
        correct geometry to the UI process, we need to introduce the concept of
        "reachable" size as well as total content size; normally these are the same,
        but will differ when scrolling is only allowed on one axis but there is overflow
        on both axes.
        
        To get the reachable size, add RenderLayer::scrollableContentsSize().
        
        RenderLayer::visibleSize() was wrong; the function should return the size of the 
        scrollable portion, but used layer size which includes borders. Fix to use pixelSnappedClientWidth()/Height(),
        which is what we use for scrollbar computations.

        * WebCore.exp.in:
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):
        (WebCore::AsyncScrollingCoordinator::updateFrameScrollingNode):
        (WebCore::AsyncScrollingCoordinator::updateOverflowScrollingNode):
        * page/scrolling/ScrollingCoordinator.h:
        * page/scrolling/ScrollingStateScrollingNode.cpp:
        (WebCore::ScrollingStateScrollingNode::ScrollingStateScrollingNode):
        (WebCore::ScrollingStateScrollingNode::setReachableContentsSize):
        * page/scrolling/ScrollingStateScrollingNode.h:
        (WebCore::ScrollingStateScrollingNode::reachableContentsSize):
        * page/scrolling/ScrollingTreeScrollingNode.cpp:
        (WebCore::ScrollingTreeScrollingNode::updateBeforeChildren):
        * page/scrolling/ScrollingTreeScrollingNode.h:
        (WebCore::ScrollingTreeScrollingNode::reachableContentsSize):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::visibleSize):
        (WebCore::RenderLayer::scrollableContentsSize):
        * rendering/RenderLayer.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::updateScrollingLayerWithClient):
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):

2014-06-27  Bear Travis  <betravis@adobe.com>

        [Feature Queries] Fix feature queries build on Mac
        https://bugs.webkit.org/show_bug.cgi?id=134359

        Reviewed by Antti Koivisto.

        Update the XCode project and Feature Queries code to build on Mac.

        There are existing tests for supports in the LayoutTests/css3 directory.

        * WebCore.xcodeproj/project.pbxproj: Add the Feature Queries files
        to the XCode project.
        * css/CSSGrammar.y.in: Update CSSParserExpression to CSSParserValueList.
        * css/DOMWindowCSS.idl: Add ImplementationLacksVTable metadata.

2014-06-27  Jer Noble  <jer.noble@apple.com>

        [MSE] media/media-source/media-source-tracks.html is crashy
        https://bugs.webkit.org/show_bug.cgi?id=134385

        Reviewed by Eric Carlson.

        Fix the refactoring error (self assignment) introduced by r170488.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment):

2014-06-27  Mark Hahnenberg  <mhahnenberg@apple.com>

        XHR should keep attributes on instance
        https://bugs.webkit.org/show_bug.cgi?id=134363

        Reviewed by Sam Weinig.

        Test: js/dom/xhr-prototype-define-property.html

        Having them on the prototype broke some sites due to the fact that these DOM attributes are currently 
        not configurable. Once we make them configurable, we can move XHR attributes back to the prototype.

        * bindings/scripts/CodeGeneratorJS.pm:
        (InterfaceRequiresAttributesOnInstanceForCompatibility):

2014-06-27  Jeremy Jones  <jeremyj@apple.com>

        removeCodedFrames should modify ref to TrackBuffer no a copy.
        https://bugs.webkit.org/show_bug.cgi?id=134380

        Reviewed by Daniel Bates.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::removeCodedFrames):
        Iterate with a reference.

2014-06-27  Zalan Bujtas  <zalan@apple.com>

        Set cliprect radius unconditionally in RenderLayer.
        https://bugs.webkit.org/show_bug.cgi?id=134396

        Reviewed by Simon Fraser.

        No change in functionality.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):

2014-06-27  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Grid Layout] Interaction between auto-placement and column / row spanning
        https://bugs.webkit.org/show_bug.cgi?id=110633

        Reviewed by Sergio Villar Senin.

        Modify auto-placement algorithm in order to support span in both
        definite and automatic positions.

        This patch fixes examples like:
        grid-row: auto;
        grid-column: 2 / span 3;

        And also:
        grid-row: auto;
        grid-column: span 3;

        Tests: fast/css-grid-layout/grid-item-auto-placement-automatic-span.html
               fast/css-grid-layout/grid-item-auto-placement-definite-span.html

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::GridIterator::isEmptyAreaEnough): New method that
        checks if a grid area is or not empty.
        (WebCore::RenderGrid::GridIterator::nextEmptyGridArea): Updated method
        that now receives two arguments with the span value in both directions.
        (WebCore::RenderGrid::ensureGridSize): Renamed from gridRow(). Adapted
        method to grow in both directions at the same time if needed. It ensures
        that the grid is big enough to insert a new item.
        (WebCore::RenderGrid::insertItemIntoGrid): Only leave the method that
        receives a GridCoordinate. It uses ensureGridSize() before inserting the
        item in the grid.
        (WebCore::RenderGrid::populateExplicitGridAndOrderIterator): Ensure that
        the grid is big enough to place the largest span for auto-positioned
        items.
        (WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid):
        New method that returns a GridCoordinate outside current grid with the
        requested dimensions.
        (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid): Adapted
        method to calculate the item's span and use the new version of
        nextEmptyGridArea(). If an empty area is not found it uses
        createEmptyGridAreaAtSpecifiedPositionsOutsideGrid() to place the item.
        (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid): Ditto.
        (WebCore::RenderGrid::growGrid): Renamed to ensureGridSize().
        * rendering/RenderGrid.h: Modify methods headers and add new method
        signature.
        * rendering/style/GridCoordinate.h:
        (WebCore::GridSpan::integerSpan): Add new simple method to return the
        span value of a position.
        * rendering/style/GridResolvedPosition.cpp:
        (WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):
        Implement method to take into account span in auto-placement algorithm.
        (WebCore::GridResolvedPosition::adjustGridPositionsFromStyle): Add new
        checks related with named grid line spans in auto-positioned items,
        which is not allowed according to the spec.
        * rendering/style/GridResolvedPosition.h: Update method header.

2014-06-27  Mahesh Kulkarni  <mahesh.kk@samsung.com>

        [XHR] open method must uppercase only standard method types
        https://bugs.webkit.org/show_bug.cgi?id=134264

        Reviewed by Darin Adler.

        As per step-5 of http://xhr.spec.whatwg.org/#the-open()-method only
        DELETE, PUT, GET, POST, OPTIONS, HEAD are standard. Use other methods as is without case change.
        All tests from w3c-test suite pass http://w3c-test.org/XMLHttpRequest/open-method-case-sensitive.htm.
        This merges blink changes from r176592.

        Tests: http/tests/xmlhttprequest/xmlhttprequest-open-method-allowed.html
               http/tests/xmlhttprequest/xmlhttprequest-open-method-case-insensitive.html

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::uppercaseKnownHTTPMethod):

2014-06-27  Andre Moreira Magalhaes   <andre.magalhaes@collabora.co.uk>

        Increase priority on SharedTimer source.
        http://bugs.webkit.org/show_bug.cgi?id=134109

        While running webkit on a Debian virtual machine I stumbled upon an issue where JS
        setTimeout callbacks were not being properly invoked due to machine limitations and the
        usage of a low priority on setTimeout timers.

        This patch increases the SharedTimer source priority to use the default glib priority which
        fixes the issue, making setTimeout JS calls work properly on the test environment.

        Reviewed by Gustavo Noronha Silva.

        * platform/gtk/SharedTimerGtk.cpp:
        (WebCore::setSharedTimerFireInterval):

2014-06-27  Zalan Bujtas  <zalan@apple.com>

        Remove redundant offsetFromAncestor() call from RenderLayer::localClipRect().
        https://bugs.webkit.org/show_bug.cgi?id=134378

        Reviewed by Simon Fraser.

        No change in functionality.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):

2014-06-27  Philippe Normand  <pnormand@igalia.com>

        [GTK] 8tracks.com triggers annoying pop-up window/installation of "About protocol source plugin" (GStreamer?)
        https://bugs.webkit.org/show_bug.cgi?id=133605

        Reviewed by Carlos Garcia Campos.

        Don't attempt to load blank URLs with the GStreamer media
        player. Those URLs trigger the codec installer which is useless in
        this scenario. This patch also renames some of the variables of
        the ::load method, as suggested by Carlos.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer):
        Check video-sink validity before disconnecting its signal handlers.
        (WebCore::MediaPlayerPrivateGStreamer::load): Don't load blank
        URLs (about:blank).
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
        Disconnect repaint handler only if it's valid.

2014-06-26  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Expose getter and setter functions for attributes named type
        https://bugs.webkit.org/show_bug.cgi?id=134300

        Reviewed by Martin Robinson.

        We skip those because the getter conflicts with the get_type()
        function of all GObjects. We should use a different name for them. As
        a general rule we use the last word of the class name, something like:

          webkit_dom_blob_get_type() -> webkit_dom_blob_get_blob_type()
          webkit_dom_event_get_type() -> webkit_dom_event_get_event_type()

        It's consistent with other existing DOM methods like
        webkit_dom_xpath_result_get_result_type() or webkit_dom_css_value_get_css_value_type().
        This patch also adds some exceptions for particular cases.

        * bindings/gobject/webkitdom.symbols: Add new public symbols.
        * bindings/scripts/CodeGeneratorGObject.pm:
        (GetFunctionSigName): Helper function to return the function name
        that takes into account all exceptions when generating getters and
        setters of attributes named type. Otherwise the name is returned unmodified.
        (GenerateFunction): Use GetFunctionSigName().
        (GenerateFunctions): Do not skip functions for type attributes.

2014-06-27  Sungmann Cho  <sungmann.cho@navercorp.com>

        Remove unnecessary #include in HistoryController
        https://bugs.webkit.org/show_bug.cgi?id=134369

        Reviewed by Daniel Bates.

        After the landing of https://webkit.org/b/130099, HistoryController doesn't need
        WebCore::Settings class. So we can remove the related header.

        * loader/HistoryController.cpp:

2014-06-26  Jeongeun Kim  <je_julie.kim@samsung.com>

        REGRESSION (r170287): SVGDocumentExtensions::rebuildElements() called on removed element
        https://bugs.webkit.org/show_bug.cgi?id=134304

        Reviewed by Daniel Bates.

        Roll out <http://trac.webkit.org/170287> (https://bugs.webkit.org/show_bug.cgi?id=134186)
        as it led to SVGDocumentExtensions::rebuildElements() being called on an element(s) that
        may no longer be in the document.

        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::removeChild):
        (WebCore::ContainerNode::removeChildren):
        * dom/Document.cpp:
        (WebCore::Document::commonTeardown):
        (WebCore::Document::implicitClose):
        * history/CachedFrame.cpp:
        (WebCore::CachedFrameBase::restore):
        * svg/SVGDocumentExtensions.cpp:
        (WebCore::SVGDocumentExtensions::startAnimations):
        (WebCore::SVGDocumentExtensions::pauseAnimations):
        (WebCore::SVGDocumentExtensions::unpauseAnimations):
        (WebCore::SVGDocumentExtensions::dispatchSVGLoadEventToOutermostSVGElements):
        (WebCore::SVGDocumentExtensions::rebuildElements):
        * svg/SVGDocumentExtensions.h:

2014-06-26  Tim Horton  <timothy_horton@apple.com>

        [WK2] Pinch-zoom shadows can overlap headers and footers
        https://bugs.webkit.org/show_bug.cgi?id=134372
        <rdar://problem/16004095>

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateLayerForHeader):
        (WebCore::RenderLayerCompositor::updateLayerForFooter):
        Put header/footer layers in front of the root content layer instead of behind.
        Ideally nothing would ever overlap them, but this will give them precedence regardless.

2014-06-26  David Kilzer  <ddkilzer@apple.com>

        [Win] Always NULL-terminate the string in createUTF8String()
        <http://webkit.org/b/134353>
        <rdar://problem/17471783>

        Reviewed by Brent Fulgham.

        * plugins/PluginView.cpp:
        (WebCore::createUTF8String): Pull out CString length into local
        variable.  Switch to use memcpy.  Always NULL-terminate the
        string.

2014-06-26  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] Crash in WebCore::MediaPlayerPrivateMediaSourceAVFObjC::buffered const + 13
        https://bugs.webkit.org/show_bug.cgi?id=134367

        Reviewed by Darin Adler.

        Add a couple of null-checks to protect against methods being called in the brief time
        between when the object is created and when it's asked to load.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::durationDouble):
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::buffered):

2014-06-26  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Rearrange conditions to find invalid protocol in NavigatorContentUtils::verifyProtocolHandlerScheme()
        https://bugs.webkit.org/show_bug.cgi?id=134289

        Reviewed by Darin Adler.

        If we do early return when there is invalid protocol, we're able to avoid unnecessary call flow.

        No new tests, covered by existing tests.

        * Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
        (WebCore::verifyProtocolHandlerScheme):

2014-06-26  Benjamin Poulain  <bpoulain@apple.com>

        [WK1] Use native touch event's timestamp for DOM touch event
        https://bugs.webkit.org/show_bug.cgi?id=134326

        Reviewed by Enrica Casucci.

        * platform/ios/PlatformEventFactoryIOS.mm:
        (WebCore::PlatformTouchEventBuilder::PlatformTouchEventBuilder):
        Use device event timestamp to get more accurate timing information. This also removes
        the variance introduced by WebKit when computing velocity/acceleration/etc.

2014-06-26  Balazs Kelemen  <b.kelemen@samsung.com>

        Memcache migth not be pruned when it should for https pages
        https://bugs.webkit.org/show_bug.cgi?id=134361

        Reviewed by Geoffrey Garen.

        There is no reason we should not try to prune in case of a https resource.

        No observable change in behavior, no tests.

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::removeClient):
        Call prune unconditionally and remove an unnecessary branch.

2014-06-26  Alexey Proskuryakov  <ap@apple.com>

        REGRESSION: Mountain Lion: Gmail's "in new window" view of mail threads is very slow to load its content
        https://bugs.webkit.org/show_bug.cgi?id=133882
        <rdar://problem/17271965>

        Reviewed by Brady Eidson.

        This goes to pre-r161796 behavior on 10.8 and 10.9. We schedule the requests internally,
        and only give 6 of them to CFNetwork at a time. Except for synchronous requests,
        which still use the improved approach, and don't count against 6 connections.

        * loader/ResourceLoadScheduler.cpp:
        (WebCore::ResourceLoadScheduler::scheduleLoad):
        * platform/network/cf/ResourceRequest.h:
        (WebCore::ResourceRequest::resourcePrioritiesEnabled):
        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::ResourceRequest::doUpdatePlatformRequest):
        (WebCore::ResourceRequest::doUpdateResourceRequest):
        (WebCore::initializeMaximumHTTPConnectionCountPerHost): Deleted.
        * platform/network/mac/ResourceRequestMac.mm:
        (WebCore::ResourceRequest::doUpdateResourceRequest):
        (WebCore::ResourceRequest::doUpdatePlatformRequest):

2014-06-26  Brady Eidson  <beidson@apple.com>

        Remove use of PlatformStrategies for Gamepad API.
        https://bugs.webkit.org/show_bug.cgi?id=134348

        Reviewed by Dean Jackson.

        No new tests (Not yet a tested config)

        Introduce a virtual GamepadProvider with a process-global shared provider.
        The base implementation of the GamepadProvider does nothing.
        * platform/GamepadProvider.cpp: Renamed from Source/WebKit/mac/WebCoreSupport/WebHIDGamepadController.h.
        (WebCore::GamepadProvider::shared):
        (WebCore::GamepadProvider::setSharedProvider):
        (WebCore::GamepadProvider::startMonitoringGamepads):
        (WebCore::GamepadProvider::stopMonitoringGamepads):
        (WebCore::GamepadProvider::platformGamepads):
        * platform/GamepadProvider.h: Renamed from Source/WebCore/platform/GamepadStrategy.h.
        (WebCore::GamepadProvider::~GamepadProvider):

        * platform/GamepadProviderClient.h: Renamed from Source/WebCore/platform/GamepadStrategyClient.h.
        (WebCore::GamepadProviderClient::~GamepadProviderClient):

        GamepadManager is now a GamepadProviderClient:
        * Modules/gamepad/GamepadManager.cpp:
        (WebCore::GamepadManager::GamepadManager):
        (WebCore::GamepadManager::registerNavigator):
        (WebCore::GamepadManager::unregisterNavigator):
        * Modules/gamepad/GamepadManager.h:

        Remove the GamepadStrategy altogether:
        * platform/PlatformStrategies.h:
        (WebCore::PlatformStrategies::PlatformStrategies):
        (WebCore::PlatformStrategies::gamepadStrategy): Deleted.

        Call to the shared GamepadProvider instead of the strategy:
        * Modules/gamepad/NavigatorGamepad.cpp:
        (WebCore::NavigatorGamepad::gamepads):
        (WebCore::NavigatorGamepad::gamepadsBecameVisible):
        (WebCore::NavigatorGamepad::gamepadConnected):

        HIDGamepadListener is now a subclass of GamepadProvider that implements the HID based management.
        LegacyWebKit on Mac will install the shared HIDGamepadProvider instead of the default GamepadProvider:
        * platform/mac/HIDGamepadProvider.cpp: Renamed from Source/WebCore/platform/mac/HIDGamepadListener.cpp.
        (WebCore::deviceMatchingDictionary):
        (WebCore::deviceAddedCallback):
        (WebCore::deviceRemovedCallback):
        (WebCore::deviceValuesChangedCallback):
        (WebCore::HIDGamepadProvider::shared):
        (WebCore::HIDGamepadProvider::HIDGamepadProvider):
        (WebCore::HIDGamepadProvider::indexForNewlyConnectedDevice):
        (WebCore::HIDGamepadProvider::startMonitoringGamepads):
        (WebCore::HIDGamepadProvider::stopMonitoringGamepads):
        (WebCore::HIDGamepadProvider::deviceAdded):
        (WebCore::HIDGamepadProvider::deviceRemoved):
        (WebCore::HIDGamepadProvider::valuesChanged):
        (WebCore::HIDGamepadProvider::removeGamepadForDevice):
        * platform/mac/HIDGamepadProvider.h: Renamed from Source/WebCore/platform/mac/HIDGamepadListener.h.
        (WebCore::HIDGamepadProvider::platformGamepads):
        (WebCore::HIDGamepadProvider::setShouldDispatchCallbacks):

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:

        * platform/mac/HIDGamepad.h: Fix incorrect comment

2014-06-26  Andreas Kling  <akling@apple.com>

        Skip memcmp()ing fully downloaded resources after they become mmap()able.
        <https://webkit.org/b/134362>

        When we receive word that a downloaded resource is now available for mmap()ing
        from the file system, we don't need to compare against the buffered data,
        since even if there were a mismatch, the cached version should be the canonical one.

        This was added as belt-and-suspenders while the supporting mechanism was being
        developed in CFNetwork, and there's no evidence of a race today. This change
        turns the runtime checks into debug-only assertions.

        Saves ~300ms of main thread time on PLT.

        Reviewed by Geoff Garen.

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::tryReplaceEncodedData):

2014-06-26  Jer Noble  <jer.noble@apple.com>

        [MSE] Refactoring: Use C++11 for-loops in SourceBuffer.
        https://bugs.webkit.org/show_bug.cgi?id=134352

        Reviewed by Darin Adler.

        Use C++11 style for-loops where appropriate in SourceBuffer now that the
        SampleMap ordered objects support them.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateSeekToTime):
        (WebCore::SourceBuffer::sourceBufferPrivateFastSeekTimeForMediaTime):
        (WebCore::SourceBuffer::sourceBufferPrivateAppendComplete):
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment):
        (WebCore::SourceBuffer::validateInitializationSegment):
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):

2014-06-25  Joseph Pecoraro  <pecoraro@apple.com>
 
        [iOS]: Tapping <button> outside of a form is no longer working
        https://bugs.webkit.org/show_bug.cgi?id=134319
        <rdar://problem/17213346>

        Reviewed by Daniel Bates.

        Restore behavior of allowing <button> clicks outside of <form>.
        This used to be iOS behavior before it was removed in favor of the
        OpenSource (Android?) behavior. Now, willRespondToMouseClickEvents
        is only used by iOS, so lets restore the iOS behavior.

        * html/HTMLButtonElement.cpp:
        (WebCore::HTMLButtonElement::willRespondToMouseClickEvents):

2014-06-26  Jer Noble  <jer.noble@apple.com>

        Unreviewed build-fix. Remove unintentionial rename of MediaTime.h -> MediaTimeHash.h.

        * Modules/mediasource/SampleMap.h:

2014-06-26  Eric Carlson  <eric.carlson@apple.com>

        [iOS] no need to deactivate audio session
        https://bugs.webkit.org/show_bug.cgi?id=134350

        Reviewed by Jer Noble.

        * platform/audio/mac/MediaSessionManagerMac.cpp:
        (MediaSessionManager::updateSessionState): Don't bother calling 
            AudioSession::setActive(false), WebCore's audio session will be deactivated 
            automatically if another application begins playing audio.

2014-06-26  Jer Noble  <jer.noble@apple.com>

        [MSE] Refactoring: Differentiate between SampleMap decode and presentation order methods
        https://bugs.webkit.org/show_bug.cgi?id=134349

        Reviewed by Geoffrey Garen.

        Refactor SampleMap to clarify the distinction between methods which return decode-order
        iterators and ones which retun presentation-order iterators.

        Add two classes, PresentationOrderSampleMap and DecodeOrderSampleMap, to contain the actual
        MediaTime-to-Sample maps, and move the methods returning presentation-order and decode-order
        iterators to each, respectively.  Rename the {presentation,decode}{Begin,End}() methods to
        begin() and end() so the objects can be used in C++11 for-loops.

        Update all the call sites in SourceBuffer to use the new ordered objects.

        * Modules/mediasource/SampleMap.cpp:
        (WebCore::SampleIsLessThanMediaTimeComparator::operator()): Use new ordered objects.
        (WebCore::SampleIsGreaterThanMediaTimeComparator::operator()): Ditto.
        (WebCore::SampleMap::clear): Ditto.
        (WebCore::SampleMap::addSample): Ditto.
        (WebCore::SampleMap::removeSample): Ditto.
        (WebCore::PresentationOrderSampleMap::findSampleContainingPresentationTime): Renamed from SampleMap version.
        (WebCore::PresentationOrderSampleMap::findSampleAfterPresentationTime): Ditto.
        (WebCore::DecodeOrderSampleMap::findSampleWithDecodeTime): Ditto.
        (WebCore::PresentationOrderSampleMap::reverseFindSampleContainingPresentationTime): Ditto.
        (WebCore::PresentationOrderSampleMap::reverseFindSampleBeforePresentationTime): Ditto.
        (WebCore::DecodeOrderSampleMap::reverseFindSampleWithDecodeTime): Ditto.
        (WebCore::DecodeOrderSampleMap::findSyncSamplePriorToPresentationTime): Ditto.
        (WebCore::DecodeOrderSampleMap::findSyncSamplePriorToDecodeIterator): Ditto.
        (WebCore::DecodeOrderSampleMap::findSyncSampleAfterPresentationTime): Ditto.
        (WebCore::DecodeOrderSampleMap::findSyncSampleAfterDecodeIterator): Ditto.
        (WebCore::PresentationOrderSampleMap::findSamplesBetweenPresentationTimes): Ditto.
        (WebCore::PresentationOrderSampleMap::findSamplesWithinPresentationRange): Ditto.
        (WebCore::DecodeOrderSampleMap::findDependentSamples): Ditto.
        * Modules/mediasource/SampleMap.h:
        (WebCore::PresentationOrderSampleMap::begin): Renamed from presentationBegin().
        (WebCore::PresentationOrderSampleMap::end): Renamed from presentationEnd().
        (WebCore::PresentationOrderSampleMap::rbegin): Renamed from reversePresentationBegin().
        (WebCore::PresentationOrderSampleMap::rend): Renamed from reversePresentationEnd().
        (WebCore::DecodeOrderSampleMap::begin): Renamed from decodeBegin().
        (WebCore::DecodeOrderSampleMap::end): Renamed from decodeEnd().
        (WebCore::DecodeOrderSampleMap::rbegin): Renamed from reverseDecodeBegin().
        (WebCore::DecodeOrderSampleMap::rend): Renamed from reverseDecodeEnd().
        (WebCore::SampleMap::SampleMap): Create new ordered objects.
        (WebCore::SampleMap::sizeInBytes): Use new ordered objects.
        (WebCore::SampleMap::decodeOrder): Simple accessor.
        (WebCore::SampleMap::presentationOrder): Simple accessor.
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateSeekToTime): Use new ordered objects.
        (WebCore::SourceBuffer::sourceBufferPrivateFastSeekTimeForMediaTime): Ditto.
        (WebCore::SourceBuffer::removeCodedFrames): Ditto.
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample): Ditto.
        (WebCore::SourceBuffer::bufferedSamplesForTrackID): Ditto.

2014-06-26  Chris Fleizach  <cfleizach@apple.com>

        Add an undo group for each dictated utterance in WebKit
        https://bugs.webkit.org/show_bug.cgi?id=134086

        Applied review comments from Sam Weinig.

        Move the associated USE #define into Platform.h.
 
        * WebCore.xcodeproj/project.pbxproj:
        * editing/mac/TextUndoInsertionMarkup.h: Removed.
        * editing/mac/TextUndoInsertionMarkupMac.h:

2014-06-26  Shivakumar JM  <shiva.jm@samsung.com>

        [EFL][WK2] Fix Debug Build Error in Webcore module.
        https://bugs.webkit.org/show_bug.cgi?id=134345

        Reviewed by Zalan Bujtas.

        Use static cast to change the type of variable to fix error

        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::setDrawRange):

2014-06-26  Eric Carlson  <eric.carlson@apple.com>

        [Mac] allow host application to canonicalize media urls
        https://bugs.webkit.org/show_bug.cgi?id=134329

        Reviewed by Dean Jackson.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::canonicalURL): New, use NSURLProtocol to canonicalize a URL.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Call canonicalURL.

2014-06-26  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Add padding for future expansion to WebKitDOMEventTargetIface
        https://bugs.webkit.org/show_bug.cgi?id=134298

        Reviewed by Martin Robinson.

        * bindings/gobject/WebKitDOMEventTarget.h:

2014-06-25  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Add support for constants in GObject DOM bindings
        https://bugs.webkit.org/show_bug.cgi?id=133983

        Reviewed by Martin Robinson.

        * bindings/gobject/webkitdom.symbols: Add stable constants.
        * bindings/scripts/CodeGeneratorGObject.pm:
        (GenerateHeader): Add constants to the header.
        (Generate): Pass the interface object to GenerateHeader to get the constants
        (IsInterfaceSymbol): Helper function that returns whether the given
        symbol belongs to the interface. Check also constants now.
        (ReadStableSymbols): Use IsInterfaceSymbol().
        * bindings/scripts/test/GObject/WebKitDOMTestInterface.h:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:

2014-06-26  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Grid Layout] Properly support for z-index on grid items
        https://bugs.webkit.org/show_bug.cgi?id=103329

        Reviewed by Benjamin Poulain.

        From Blink r157620 by <jchaffraix@chromium.org> and r172402 by
        <wangxianzhu@chromium.org>.

        The specification says that grid should match flexbox and force
        grid items to be stacking context if z-index is set, regardless
        of 'position'. After this change, this is what happens.

        Previously z-index changes of static positioned objects were ignored.
        However, z-index is applicable for some static positioned objects,
        such as grid items. Ignoring them makes the object not to be properly
        painted on z-index change.

        As StyleResolver has ensured that z-index is non-auto only if
        applicable, RenderStyle::changeRequiresLayerRepaint() should not check
        again (with inconsistent conditions).

        Tests: fast/css-grid-layout/grid-item-z-index-change-repaint.html
               fast/css-grid-layout/grid-item-z-index-stacking-context.html
               fast/css-grid-layout/grid-item-z-index-support.html

        * css/StyleResolver.cpp:
        (WebCore::isDisplayFlexibleOrGridBox): Add new method to check if parent
        display is flexbox or grid.
        (WebCore::StyleResolver::adjustRenderStyle): Use new method in z-index
        condition.
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeRequiresLayerRepaint): Move z-index checks
        out of non-static positioned objects if.

2014-06-25  Dean Jackson  <dino@apple.com>

        HIDGamepad should use CFIndex when looping
        https://bugs.webkit.org/show_bug.cgi?id=134337

        Reviewed by Dan Bernstein.

        * platform/mac/HIDGamepad.cpp:
        (WebCore::HIDGamepad::initElementsFromArray): Replace int with CFIndex, and use
        a local variable for CFArrayCount.

2014-06-25  Ryosuke Niwa  <rniwa@webkit.org>

        Build fix attempt after r170465.

        * platform/mac/HIDGamepad.cpp:
        (WebCore::HIDGamepad::initElementsFromArray):

2014-06-25  Dean Jackson  <dino@apple.com>

        [Mac] Radio buttons and checkboxes vanish when redrawn
        https://bugs.webkit.org/show_bug.cgi?id=134335

        Reviewed by Dan Bernstein.

        I screwed up when landing r170343 by moving some code around
        which broke the logic. We need to query the animation
        state for controls after we draw (both statically and animated).

        * platform/mac/ThemeMac.mm:
        (WebCore::paintToggleButton): We need to check the state of animation again, after
        we draw.

2014-06-25  Brady Eidson  <beidson@apple.com>

        Add HID-based gamepad implementation for Mac
        https://bugs.webkit.org/show_bug.cgi?id=134324

        Reviewed by Dean Jackson.

        No new tests (Not yet a tested config)

        * Modules/gamepad/Gamepad.cpp:
        (WebCore::Gamepad::Gamepad):
        (WebCore::Gamepad::updateFromPlatformGamepad): Update the Gamepad’s data from the passed-in PlatformGamepad.
        * Modules/gamepad/Gamepad.h:

        * Modules/gamepad/GamepadButton.h:
        (WebCore::GamepadButton::create): Change to use Ref instead of RefPtr.

        GamepadManager is a GamepadStrategyClient that receives notifications from the platform gamepad implementation
        and forwards them to NavigatorGamepad objects. In the future it will also handle event dispatch and exposing
        gamepads to the API layer when a button is pressed:
        * Modules/gamepad/GamepadManager.cpp: Added.
        (WebCore::GamepadManager::shared):
        (WebCore::GamepadManager::GamepadManager):
        (WebCore::GamepadManager::platformGamepadConnected):
        (WebCore::GamepadManager::platformGamepadDisconnected):
        (WebCore::GamepadManager::registerNavigator):
        (WebCore::GamepadManager::unregisterNavigator):
        * Modules/gamepad/GamepadManager.h:

        The NavigatorGamepad supplement actually manages visibility of Gamepads on a per-DOMWindow basis:
        * Modules/gamepad/NavigatorGamepad.cpp:
        (WebCore::NavigatorGamepad::NavigatorGamepad):
        (WebCore::NavigatorGamepad::~NavigatorGamepad):
        (WebCore::NavigatorGamepad::from):
        (WebCore::NavigatorGamepad::gamepads):
        (WebCore::NavigatorGamepad::gamepadsBecameVisible):
        (WebCore::NavigatorGamepad::gamepadConnected):
        (WebCore::NavigatorGamepad::gamepadDisconnected):
        * Modules/gamepad/NavigatorGamepad.h:
        (WebCore::NavigatorGamepad::navigationStart):

        HIDGamepad is a PlatformGamepad that wraps an IOHIDDeviceRef and keeps input values updated:
        * platform/mac/HIDGamepad.cpp: Added.
        (WebCore::HIDGamepad::HIDGamepad):
        (WebCore::HIDGamepad::initElements):
        (WebCore::HIDGamepad::initElementsFromArray):
        (WebCore::HIDGamepad::maybeAddButton):
        (WebCore::HIDGamepad::maybeAddAxis):
        (WebCore::HIDGamepad::valueChanged):
        * platform/mac/HIDGamepad.h: Added.
        (WebCore::HIDGamepadElement::HIDGamepadElement):
        (WebCore::HIDGamepadElement::~HIDGamepadElement):
        (WebCore::HIDGamepadElement::isButton):
        (WebCore::HIDGamepadElement::isAxis):
        (WebCore::HIDGamepadButton::HIDGamepadButton):
        (WebCore::HIDGamepadAxis::HIDGamepadAxis):
        (WebCore::HIDGamepad::hidDevice):

        HIDGamepadListener wraps an IOHIDManagerRef and continuously listens for changes to Gamepad-type
        devices plugged in to the system:
        * platform/mac/HIDGamepadListener.cpp: Added.
        (WebCore::deviceMatchingDictionary):
        (WebCore::deviceAddedCallback):
        (WebCore::deviceRemovedCallback):
        (WebCore::deviceValuesChangedCallback):
        (WebCore::HIDGamepadListener::shared):
        (WebCore::HIDGamepadListener::HIDGamepadListener):
        (WebCore::HIDGamepadListener::indexForNewlyConnectedDevice):
        (WebCore::HIDGamepadListener::deviceAdded):
        (WebCore::HIDGamepadListener::deviceRemoved):
        (WebCore::HIDGamepadListener::valuesChanged):
        (WebCore::HIDGamepadListener::removeGamepadForDevice):
        * platform/mac/HIDGamepadListener.h: Copied from Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp.
        (WebCore::HIDGamepadListenerClient::~HIDGamepadListenerClient):
        (WebCore::HIDGamepadListener::setClient):
        (WebCore::HIDGamepadListener::platformGamepads):
        (WebCore::HIDGamepadListener::setShouldDispatchCallbacks):

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:

2014-06-25  Ryosuke Niwa  <rniwa@webkit.org>

        WebProgressTracker updates progress too frequently
        https://bugs.webkit.org/show_bug.cgi?id=134185

        Reviewed by Tim Horton.

        The old code throttled the progress update to when either 100ms has passed or the delta is at least 2%
        but this was still not enough in pages that loaded in sub-seconds. The new code always throttles it at 200ms.

        * loader/ProgressTracker.cpp:
        (WebCore::ProgressTracker::ProgressTracker):
        (WebCore::ProgressTracker::incrementProgress):
        * loader/ProgressTracker.h:

2014-06-25  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Fixed position elements jump around when zooming
        https://bugs.webkit.org/show_bug.cgi?id=134328
        <rdar://problem/17447048>

        Reviewed by Zalan Bujtas.

        If a given remote layer tree commit contains changes of layers for viewport-constrained
        objects, then the associated scrolling tree also needs to show that the layers changed,
        since we need to re-run the "viewport changed" logic in the UI process to get the
        layers correctly positioned for the current zoom level.
        
        The bug was that page scale changes resulted in small "pixel alignment" position
        changes which touched layers, but we didn't commit any scrolling tree changes. So
        the scrolling tree commit would result in visibly stale layer positions, with no scrolling tree
        update to adjust them for the current transient zoom.

        Fix by making use of the existing "alignment offset" field in the ViewportConstraints
        data, and having RemoteScrollingCoordinatorProxy::connectStateNodeLayers() note that
        fixed or sticky layers changed if any properties of fixed or sticky scrolling tree
        nodes were updated.

        * page/scrolling/ScrollingConstraints.h:
        (WebCore::StickyPositionViewportConstraints::operator==):
        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::pixelAlignmentOffset):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::updateGeometry):
        * platform/graphics/ca/GraphicsLayerCA.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::computeFixedViewportConstraints):
        (WebCore::RenderLayerCompositor::computeStickyViewportConstraints):

2014-06-25  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Tweak the logic used to choose the scale at which position:fixed gets pushed out of view
        https://bugs.webkit.org/show_bug.cgi?id=134323

        Reviewed by Benjamin Poulain.

        Previously we used a fixed scale (1.2x) at which we'd start pushing position:fixed elements
        out of the viewport. This worked well on iPad, but terribly on iPhone. Instead, choose a scale
        relative to how much of the page is visible width-wise, the threshold being 2/3 of the page width.
        The width is clamped to get reasonable behavior on wide pages.

        * page/FrameView.cpp:
        (WebCore::FrameView::rectForViewportConstrainedObjects):

2014-06-25  Brady Eidson  <beidson@apple.com>

        Add new platform gamepad abstractions
        https://bugs.webkit.org/show_bug.cgi?id=134325

        Reviewed by Dean Jackson.

        No new tests (Not yet a tested config)

        - GamepadStrategy lets ports customize the 3 basic behaviors needed for a gamepad
          implementation to feed the API in WebCore.
        - GamepadStrategyClient gives arbitrary objects in WebCore the ability to register
          for callbacks with the GamepadStrategy.
        - PlatformGamepad is a platform-agnostic object that represents the data that
          feeds into the Gamepad object that is exposed to web content.

        The code in this patch is dead as-is, but https://bugs.webkit.org/show_bug.cgi?id=134324
        will contain an immediate follow-up patch that uses it.

        Makes sense to review them separately.

        * WebCore.xcodeproj/project.pbxproj:

        * platform/GamepadStrategy.h: Added.
        (WebCore::GamepadStrategy::~GamepadStrategy):

        * platform/GamepadStrategyClient.h: Added.
        (WebCore::GamepadStrategyClient::~GamepadStrategyClient):

        * platform/PlatformGamepad.h: Added.
        (WebCore::PlatformGamepad::~PlatformGamepad):
        (WebCore::PlatformGamepad::id):
        (WebCore::PlatformGamepad::lastUpdateTime):
        (WebCore::PlatformGamepad::connectTime):
        (WebCore::PlatformGamepad::PlatformGamepad):

        * platform/PlatformStrategies.h:
        (WebCore::PlatformStrategies::gamepadStrategy):
        (WebCore::PlatformStrategies::PlatformStrategies):

2014-06-25  Zalan Bujtas  <zalan@apple.com>

        Assertion failed: CGPathAddRoundedRect asserts on non-renderable rounded rectangle.
        https://bugs.webkit.org/show_bug.cgi?id=134288

        Reviewed by Simon Fraser.

        Speculative fix. This changeset attempts to address a possible mantissa overflow of radius
        when checking whether the rounded rectangle is renderable.
        We convert both the radius and the rectangle values to CGFloat(float/double) to perform
        this renderable check, instead of always using float.

        * platform/graphics/FloatRoundedRect.cpp:
        (WebCore::FloatRoundedRect::Radii::scale): Move scale(float, float) from RoundedRect to FloatRoundedRect.
        (WebCore::FloatRoundedRect::isRenderable): Add check if radius is >= 0.
        * platform/graphics/FloatRoundedRect.h:
        * platform/graphics/RoundedRect.cpp:
        (WebCore::RoundedRect::Radii::scale):
        (WebCore::RoundedRect::pixelSnappedRoundedRectForPainting): use FloatRoundeRect::Radii.
        * platform/graphics/RoundedRect.h:
        * platform/graphics/cg/PathCG.cpp:
        (WebCore::Path::platformAddPathForRoundedRect): use epsilon() to ensure width/height is always >= even with mantissa overflow. 

2014-06-25  Jer Noble  <jer.noble@apple.com>

        [MSE] removeCodedFrames() can remove more than it should
        https://bugs.webkit.org/show_bug.cgi?id=134320

        Reviewed by Geoff Garen.

        removeCodedFrames() can remove more samples than it should because it compares an iterator
        in presentation timespace to one in decode timespace. Clean up this code by removing frames
        in decode order. Rename variables and add comments to make explicit which timespace defines
        the iterators being used.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::removeCodedFrames):

2014-06-25  Beth Dakin  <bdakin@apple.com>

        Crash in ScrollingTree::isRubberBandInProgress()
        https://bugs.webkit.org/show_bug.cgi?id=134316
        -and corresponding-
        <rdar://problem/16247911>

        Reviewed by Geoffrey Garen.

        This crash appears to have been caused by http://trac.webkit.org/changeset/161276 
        which moved the ScrollingNode creation code from ScrollingTree over to 
        ScrollingCoordinator. This creates a thread safety issue. In the crashing case, we 
        believe that the ScrollingCoordinator's ScrollingTree pointer had been null-ed out
        even though the ScrollingTree was kept alive by the bind call to propagate 
        commitNewTreeState() over to the scrolling thread. The fix is to move node 
        creation back to the ScrollingTree and to use the this pointer to create new
        nodes rather than the ScrollingCoordinator's ScrollingTree pointer.

        Don't allow ScrollingCoordinator to handle ScrollingTreeNode creation.
        * page/scrolling/AsyncScrollingCoordinator.h:

        Re-name createNode to createScrollingTreeNode(). 
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::updateTreeFromStateNode):
        * page/scrolling/ScrollingTree.h:

        Remove this implementation of createNode that called into the 
        ScrollingCoordinator.
        * page/scrolling/ThreadedScrollingTree.cpp:
        (WebCore::ThreadedScrollingTree::createNode): Deleted.
        * page/scrolling/ThreadedScrollingTree.h:

        Don't allow ScrollingCoordinator to handle ScrollingTreeNode creation.
        * page/scrolling/ios/ScrollingCoordinatorIOS.h:
        * page/scrolling/ios/ScrollingCoordinatorIOS.mm:
        (WebCore::ScrollingCoordinatorIOS::createScrollingTreeNode): Deleted.

        Re-name createNode to createScrollingTreeNode, and actually create the nodes here.
        * page/scrolling/ios/ScrollingTreeIOS.cpp:
        (WebCore::ScrollingTreeIOS::createScrollingTreeNode):
        (WebCore::ScrollingTreeIOS::createNode): Deleted.
        * page/scrolling/ios/ScrollingTreeIOS.h:

        Don't allow ScrollingCoordinator to handle ScrollingTreeNode creation.
        * page/scrolling/mac/ScrollingCoordinatorMac.h:
        * page/scrolling/mac/ScrollingCoordinatorMac.mm:
        (WebCore::ScrollingCoordinatorMac::createScrollingTreeNode): Deleted.

        Add the implementation of createScrollingTreeNode() for the Mac to 
        ScrollingTreeMac since it can create Mac-specific nodes.
        * page/scrolling/mac/ScrollingTreeMac.cpp:
        (ScrollingTreeMac::createScrollingTreeNode):
        * page/scrolling/mac/ScrollingTreeMac.h:

2014-06-25  Enrica Casucci  <enrica@apple.com>

        iOS build fix after http://trac.webkit.org/changeset/170447.
        Unreviewed.

        * editing/mac/TextUndoInsertionMarkup.h:

2014-06-25  Chris Fleizach  <cfleizach@apple.com>

        Add an undo group for each dictated utterance in WebKit
        https://bugs.webkit.org/show_bug.cgi?id=134086

        Reviewed by Enrica Casucci.

        Provide a mechanism for ending the current undo group on a text insertion.
        This allows a stream of text, that is normally part of one undo group, to be
        broken up so that subsequent undo commands will only undo portions of the text stream.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * editing/mac/TextUndoInsertionMarkup.h: Added.
        * editing/mac/TextUndoInsertionMarkup.mm: Added.
        (WebCore::shouldRegisterInsertionUndoGroup):
        (WebCore::registerInsertionUndoGrouping):

2014-06-25  Joseph Pecoraro  <pecoraro@apple.com>

        [iOS]: WK2 Inspector Node Search
        https://bugs.webkit.org/show_bug.cgi?id=134279

        Reviewed by Benjamin Poulain.

        * WebCore.exp.in:
        Export Node::inspect for WebKit2.

2014-06-25  Dana Burkart  <dburkart@apple.com>

        Add support for 5-tuple versioning.

        Reviewed by David Farler.

        * Configurations/Version.xcconfig:

2014-06-25  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] REGRESSION(r170336) - zero tolerance seeks are ignored.
        https://bugs.webkit.org/show_bug.cgi?id=134310

        Reviewed by Brent Fulgham.

        Tests for zero tolerance seeks were inadvertantly reversed in r170336.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekInternal):

2014-06-25  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] Pause playback when readyState drops below HAVE_FUTURE_DATA, and do not complete seek until it rises above HAVE_METADATA.
        https://bugs.webkit.org/show_bug.cgi?id=134306

        Reviewed by Eric Carlson.

        Pause the synchronizer before seeking, and do not resume the synchronizer until it both reports that the seek completed,
        and that the readyState rises above HAVE_METADATA. In every other location where we change the rate of the synchronizer,
        gate that rate change on the above.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::MediaPlayerPrivateMediaSourceAVFObjC): Check shouldBePlaying().
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::playInternal): Ditto.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekWithTolerance): Unset m_seekCompleted.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekInternal): Pause the synchronizer.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setRateDouble): Check shouldBePlaying().
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::shouldBePlaying): Test m_seeking, !m_seekCompleted, and the readyState.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setReadyState): Set m_seekCompleted; check shouldBePlaying() and play if appropriate.

2014-06-25  Jer Noble  <jer.noble@apple.com>

        [MSE] Update monitorSourceBuffers to match recent spec changes
        https://bugs.webkit.org/show_bug.cgi?id=134305

        Reviewed by Eric Carlson.

        In W3C bug #24347, the text for the third clause of Source Buffer Monitoring was updated. Update our
        implementation to match the new text.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::monitorSourceBuffers):

2014-06-25  Alex Christensen  <achristensen@webkit.org>
            And peavo@outlook.com  <peavo@outlook.com>

        Use references instead of pointers in RenderTheme.
        https://bugs.webkit.org/show_bug.cgi?id=134261

        Reviewed by Zalan Bujtas.

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle):
        * html/TextFieldInputType.cpp:
        (WebCore::TextFieldInputType::shouldHaveSpinButton):
        * html/shadow/SliderThumbElement.cpp:
        (WebCore::RenderSliderThumb::updateAppearance):
        * platform/efl/RenderThemeEfl.cpp:
        (WebCore::RenderThemeEfl::adjustSizeConstraints):
        (WebCore::RenderThemeEfl::applyEdjeRTLState):
        (WebCore::RenderThemeEfl::isControlStyled):
        (WebCore::RenderThemeEfl::paintThemePart):
        (WebCore::RenderThemeEfl::supportsFocusRing):
        (WebCore::RenderThemeEfl::adjustSliderTrackStyle):
        (WebCore::RenderThemeEfl::adjustSliderThumbStyle):
        (WebCore::RenderThemeEfl::adjustSliderThumbSize):
        (WebCore::RenderThemeEfl::adjustCheckboxStyle):
        (WebCore::RenderThemeEfl::adjustRadioStyle):
        (WebCore::RenderThemeEfl::adjustButtonStyle):
        (WebCore::RenderThemeEfl::adjustMenuListStyle):
        (WebCore::RenderThemeEfl::adjustMenuListButtonStyle):
        (WebCore::RenderThemeEfl::adjustTextFieldStyle):
        (WebCore::RenderThemeEfl::adjustTextAreaStyle):
        (WebCore::RenderThemeEfl::adjustSearchFieldResultsButtonStyle):
        (WebCore::RenderThemeEfl::adjustSearchFieldResultsDecorationPartStyle):
        (WebCore::RenderThemeEfl::adjustSearchFieldCancelButtonStyle):
        (WebCore::RenderThemeEfl::adjustSearchFieldStyle):
        (WebCore::RenderThemeEfl::adjustInnerSpinButtonStyle):
        (WebCore::RenderThemeEfl::adjustProgressBarStyle):
        (WebCore::RenderThemeEfl::animationRepeatIntervalForProgressBar):
        (WebCore::RenderThemeEfl::animationDurationForProgressBar):
        * platform/efl/RenderThemeEfl.h:
        * platform/gtk/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::supportsFocusRing):
        (WebCore::RenderThemeGtk::adjustButtonStyle):
        (WebCore::RenderThemeGtk::adjustMenuListStyle):
        (WebCore::RenderThemeGtk::adjustMenuListButtonStyle):
        (WebCore::RenderThemeGtk::adjustSearchFieldResultsButtonStyle):
        (WebCore::adjustSearchFieldIconStyle):
        (WebCore::RenderThemeGtk::adjustSearchFieldResultsDecorationPartStyle):
        (WebCore::RenderThemeGtk::adjustSearchFieldCancelButtonStyle):
        (WebCore::RenderThemeGtk::adjustSearchFieldStyle):
        (WebCore::RenderThemeGtk::adjustSliderTrackStyle):
        (WebCore::RenderThemeGtk::adjustSliderThumbStyle):
        (WebCore::borderRadiiFromStyle):
        (WebCore::RenderThemeGtk::paintMediaSliderTrack):
        (WebCore::RenderThemeGtk::paintMediaSliderThumb):
        (WebCore::RenderThemeGtk::paintMediaVolumeSliderTrack):
        (WebCore::RenderThemeGtk::adjustProgressBarStyle):
        (WebCore::RenderThemeGtk::animationRepeatIntervalForProgressBar):
        (WebCore::RenderThemeGtk::animationDurationForProgressBar):
        (WebCore::RenderThemeGtk::calculateProgressRect):
        * platform/gtk/RenderThemeGtk.h:
        * platform/gtk/RenderThemeGtk2.cpp:
        (WebCore::setToggleSize):
        (WebCore::RenderThemeGtk::setCheckboxSize):
        (WebCore::RenderThemeGtk::setRadioSize):
        (WebCore::RenderThemeGtk::comboBoxArrowSize):
        (WebCore::RenderThemeGtk::getComboBoxPadding):
        (WebCore::RenderThemeGtk::popupInternalPaddingLeft):
        (WebCore::RenderThemeGtk::popupInternalPaddingRight):
        (WebCore::RenderThemeGtk::popupInternalPaddingTop):
        (WebCore::RenderThemeGtk::popupInternalPaddingBottom):
        (WebCore::RenderThemeGtk::paintMenuList):
        (WebCore::RenderThemeGtk::adjustSliderThumbSize):
        (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
        * platform/gtk/RenderThemeGtk3.cpp:
        (WebCore::setToggleSize):
        (WebCore::RenderThemeGtk::setCheckboxSize):
        (WebCore::RenderThemeGtk::setRadioSize):
        (WebCore::getComboBoxMetrics):
        (WebCore::RenderThemeGtk::popupInternalPaddingLeft):
        (WebCore::RenderThemeGtk::popupInternalPaddingRight):
        (WebCore::RenderThemeGtk::popupInternalPaddingTop):
        (WebCore::RenderThemeGtk::popupInternalPaddingBottom):
        (WebCore::RenderThemeGtk::adjustSliderThumbSize):
        (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
        * rendering/RenderButton.cpp:
        (WebCore::RenderButton::layout):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::paintOutline):
        * rendering/RenderMediaControls.cpp:
        (WebCore::RenderMediaControls::adjustMediaSliderThumbSize):
        * rendering/RenderMediaControls.h:
        * rendering/RenderMenuList.cpp:
        (WebCore::RenderMenuList::adjustInnerStyle):
        (RenderMenuList::computeIntrinsicLogicalWidths):
        (RenderMenuList::menuStyle):
        * rendering/RenderMeter.cpp:
        (WebCore::RenderMeter::updateLogicalWidth):
        (WebCore::RenderMeter::computeLogicalHeight):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::paintOutline):
        * rendering/RenderProgress.cpp:
        (WebCore::RenderProgress::updateAnimationState):
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::layout):
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::adjustStyle):
        (WebCore::RenderTheme::isControlStyled):
        (WebCore::RenderTheme::supportsFocusRing):
        (WebCore::RenderTheme::stateChanged):
        (WebCore::RenderTheme::adjustCheckboxStyle):
        (WebCore::RenderTheme::adjustRadioStyle):
        (WebCore::RenderTheme::adjustButtonStyle):
        (WebCore::RenderTheme::adjustInnerSpinButtonStyle):
        (WebCore::RenderTheme::adjustTextFieldStyle):
        (WebCore::RenderTheme::adjustTextAreaStyle):
        (WebCore::RenderTheme::adjustMenuListStyle):
        (WebCore::RenderTheme::adjustInputFieldSpeechButtonStyle):
        (WebCore::RenderTheme::adjustMeterStyle):
        (WebCore::RenderTheme::meterSizeForBounds):
        (WebCore::RenderTheme::animationRepeatIntervalForProgressBar):
        (WebCore::RenderTheme::animationDurationForProgressBar):
        (WebCore::RenderTheme::adjustProgressBarStyle):
        (WebCore::RenderTheme::shouldHaveSpinButton):
        (WebCore::RenderTheme::adjustMediaControlStyle):
        (WebCore::RenderTheme::adjustSliderTrackStyle):
        (WebCore::RenderTheme::adjustSliderThumbStyle):
        (WebCore::RenderTheme::adjustSliderThumbSize):
        (WebCore::RenderTheme::adjustSearchFieldStyle):
        (WebCore::RenderTheme::adjustSearchFieldCancelButtonStyle):
        (WebCore::RenderTheme::adjustSearchFieldDecorationPartStyle):
        (WebCore::RenderTheme::adjustSearchFieldResultsDecorationPartStyle):
        (WebCore::RenderTheme::adjustSearchFieldResultsButtonStyle):
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::supportsHover):
        (WebCore::RenderTheme::minimumMenuListSize):
        (WebCore::RenderTheme::popupInternalPaddingLeft):
        (WebCore::RenderTheme::popupInternalPaddingRight):
        (WebCore::RenderTheme::popupInternalPaddingTop):
        (WebCore::RenderTheme::popupInternalPaddingBottom):
        (WebCore::RenderTheme::popupMenuSize):
        (WebCore::RenderTheme::setCheckboxSize):
        (WebCore::RenderTheme::setRadioSize):
        (WebCore::RenderTheme::setButtonSize):
        * rendering/RenderThemeIOS.h:
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::adjustCheckboxStyle):
        (WebCore::RenderThemeIOS::isControlStyled):
        (WebCore::RenderThemeIOS::adjustRadioStyle):
        (WebCore::RenderThemeIOS::popupInternalPaddingRight):
        (WebCore::RenderThemeIOS::adjustRoundBorderRadius):
        (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
        (WebCore::RenderThemeIOS::adjustSliderTrackStyle):
        (WebCore::RenderThemeIOS::adjustSliderThumbSize):
        (WebCore::RenderThemeIOS::animationRepeatIntervalForProgressBar):
        (WebCore::RenderThemeIOS::animationDurationForProgressBar):
        (WebCore::RenderThemeIOS::adjustSearchFieldStyle):
        (WebCore::RenderThemeIOS::adjustButtonStyle):
        (WebCore::RenderThemeIOS::setButtonSize):
        (WebCore::RenderThemeIOS::shouldHaveSpinButton):
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::isControlStyled):
        (WebCore::RenderThemeMac::controlSizeForFont):
        (WebCore::RenderThemeMac::sizeForFont):
        (WebCore::RenderThemeMac::sizeForSystemFont):
        (WebCore::RenderThemeMac::setSizeFromFont):
        (WebCore::RenderThemeMac::setFontFromControlSize):
        (WebCore::RenderThemeMac::controlSizeForSystemFont):
        (WebCore::RenderThemeMac::adjustTextFieldStyle):
        (WebCore::RenderThemeMac::adjustTextAreaStyle):
        (WebCore::RenderThemeMac::paintMenuList):
        (WebCore::RenderThemeMac::meterSizeForBounds):
        (WebCore::RenderThemeMac::paintMeter):
        (WebCore::RenderThemeMac::levelIndicatorFor):
        (WebCore::RenderThemeMac::progressBarRectForBounds):
        (WebCore::RenderThemeMac::minimumProgressBarHeight):
        (WebCore::RenderThemeMac::animationRepeatIntervalForProgressBar):
        (WebCore::RenderThemeMac::animationDurationForProgressBar):
        (WebCore::RenderThemeMac::adjustProgressBarStyle):
        (WebCore::RenderThemeMac::paintProgressBar):
        (WebCore::RenderThemeMac::adjustMenuListStyle):
        (WebCore::RenderThemeMac::popupInternalPaddingLeft):
        (WebCore::RenderThemeMac::popupInternalPaddingRight):
        (WebCore::RenderThemeMac::popupInternalPaddingTop):
        (WebCore::RenderThemeMac::popupInternalPaddingBottom):
        (WebCore::RenderThemeMac::popupMenuSize):
        (WebCore::RenderThemeMac::minimumMenuListSize):
        (WebCore::RenderThemeMac::adjustSliderTrackStyle):
        (WebCore::RenderThemeMac::adjustSliderThumbStyle):
        (WebCore::RenderThemeMac::setSearchCellState):
        (WebCore::RenderThemeMac::setSearchFieldSize):
        (WebCore::RenderThemeMac::adjustSearchFieldStyle):
        (WebCore::RenderThemeMac::adjustSearchFieldCancelButtonStyle):
        (WebCore::RenderThemeMac::adjustSearchFieldDecorationPartStyle):
        (WebCore::RenderThemeMac::adjustSearchFieldResultsDecorationPartStyle):
        (WebCore::RenderThemeMac::adjustSearchFieldResultsButtonStyle):
        (WebCore::RenderThemeMac::adjustSliderThumbSize):
        * rendering/RenderThemeSafari.cpp:
        (WebCore::RenderThemeSafari::isControlStyled):
        (WebCore::RenderThemeSafari::adjustRepaintRect):
        (WebCore::RenderThemeSafari::baselinePosition):
        (WebCore::RenderThemeSafari::controlSizeForFont):
        (WebCore::RenderThemeSafari::sizeForFont):
        (WebCore::RenderThemeSafari::sizeForSystemFont):
        (WebCore::RenderThemeSafari::setSizeFromFont):
        (WebCore::RenderThemeSafari::setFontFromControlSize):
        (WebCore::RenderThemeSafari::controlSizeForSystemFont):
        (WebCore::RenderThemeSafari::paintCheckbox):
        (WebCore::RenderThemeSafari::setCheckboxSize):
        (WebCore::RenderThemeSafari::paintRadio):
        (WebCore::RenderThemeSafari::setRadioSize):
        (WebCore::RenderThemeSafari::setButtonPaddingFromControlSize):
        (WebCore::RenderThemeSafari::adjustButtonStyle):
        (WebCore::RenderThemeSafari::setButtonSize):
        (WebCore::RenderThemeSafari::adjustTextFieldStyle):
        (WebCore::RenderThemeSafari::adjustTextAreaStyle):
        (WebCore::RenderThemeSafari::paintMenuList):
        (WebCore::RenderThemeSafari::adjustMenuListStyle):
        (WebCore::RenderThemeSafari::popupInternalPaddingLeft):
        (WebCore::RenderThemeSafari::popupInternalPaddingRight):
        (WebCore::RenderThemeSafari::popupInternalPaddingTop):
        (WebCore::RenderThemeSafari::popupInternalPaddingBottom):
        (WebCore::RenderThemeSafari::adjustMenuListButtonStyle):
        (WebCore::RenderThemeSafari::minimumMenuListSize):
        (WebCore::RenderThemeSafari::adjustSliderThumbStyle):
        (WebCore::RenderThemeSafari::adjustSliderThumbSize):
        (WebCore::RenderThemeSafari::setSearchFieldSize):
        (WebCore::RenderThemeSafari::adjustSearchFieldStyle):
        (WebCore::RenderThemeSafari::adjustSearchFieldCancelButtonStyle):
        (WebCore::RenderThemeSafari::adjustSearchFieldDecorationPartStyle):
        (WebCore::RenderThemeSafari::adjustSearchFieldResultsDecorationPartStyle):
        (WebCore::RenderThemeSafari::adjustSearchFieldResultsButtonStyle):
        (WebCore::RenderThemeSafari::adjustMeterStyle):
        (WebCore::RenderThemeSafari::meterSizeForBounds):
        (WebCore::RenderThemeSafari::paintMeter):
        * rendering/RenderThemeSafari.h:
        * rendering/RenderThemeWin.cpp:
        (WebCore::RenderThemeWin::supportsHover):
        (WebCore::RenderThemeWin::supportsFocusRing):
        (WebCore::RenderThemeWin::adjustInnerSpinButtonStyle):
        (WebCore::RenderThemeWin::setCheckboxSize):
        (WebCore::RenderThemeWin::paintTextField):
        (WebCore::RenderThemeWin::paintMenuList):
        (WebCore::RenderThemeWin::adjustMenuListStyle):
        (WebCore::RenderThemeWin::adjustMenuListButtonStyle):
        (WebCore::RenderThemeWin::adjustSliderThumbSize):
        (WebCore::RenderThemeWin::adjustSearchFieldStyle):
        (WebCore::RenderThemeWin::adjustSearchFieldCancelButtonStyle):
        (WebCore::RenderThemeWin::adjustSearchFieldDecorationPartStyle):
        (WebCore::RenderThemeWin::adjustSearchFieldResultsDecorationPartStyle):
        (WebCore::RenderThemeWin::adjustSearchFieldResultsButtonStyle):
        (WebCore::RenderThemeWin::adjustMeterStyle):
        (WebCore::RenderThemeWin::meterSizeForBounds):
        (WebCore::RenderThemeWin::paintMeter):
        * rendering/RenderThemeWin.h:
        (WebCore::RenderThemeWin::paintCheckbox):
        (WebCore::RenderThemeWin::paintRadio):
        (WebCore::RenderThemeWin::setRadioSize):
        (WebCore::RenderThemeWin::paintTextArea):
        (WebCore::RenderThemeWin::popupOptionSupportsTextIndent):
        (WebCore::RenderThemeWin::paintSearchFieldDecorationPart):
        (WebCore::RenderThemeWin::adjustButtonStyle):
        (WebCore::RenderThemeWin::adjustTextFieldStyle):
        (WebCore::RenderThemeWin::adjustTextAreaStyle):
        (WebCore::RenderThemeWin::shouldShowPlaceholderWhenFocused):

2014-06-25  Benjamin Poulain  <benjamin@webkit.org>

        [Mac] Update the time base of event's timestamp when the system time changes
        https://bugs.webkit.org/show_bug.cgi?id=134293

        Reviewed by Anders Carlsson.

        * platform/mac/PlatformEventFactoryMac.mm:
        (WebCore::cachedStartupTimeIntervalSince1970): Since events timestamps are absolute time, they also
        need to be updated if the system clock changes.

2014-06-25  Dirk Schulze  <krit@webkit.org>

        Add all blend modes to feBlend

        feBlend should support all blend modes from CSS and Canvas
        https://bugs.webkit.org/show_bug.cgi?id=134296

        Reviewed by Dean Jackson.

        Add all blend modes to <feBlend> (the SVG filter primitive) that are also
        supported by HTML Canvas and CSS.

        In addition, add "normal" blend mode to HTML Canvas as requested by the
        CSS Compositing and Blending specification. (Referenced from HTML Canvas.)
        With this change, SVG, CSS and Canvas truly share the same blend modes and
        even the same keywords. This is much easier to for web authors.

        http://www.w3.org/TR/2014/CR-compositing-1-20140220/#ltblendmodegt

        Test: svg/filters/feBlend-all-blendmodes.svg

        * platform/graphics/GraphicsTypes.cpp: Reorder blend mode text streams to match
            enumeration order. Add a new function to parse blend modes independent of
            compositing modes. Add a string "normal" that is supported by CSS, feBlend and
            HTML Canvas now.
        (WebCore::parseBlendMode):
        (WebCore::parseCompositeAndBlendOperator):
        * platform/graphics/GraphicsTypes.h: Reorder BlendMode enumeration values to match
         the SVG JS enumeration for blend modes.
        * platform/graphics/cpu/arm/filters/FEBlendNEON.h: Move all software code that is no
            longer required by the software path but still used by NEON here.
        (WebCore::FEBlend::platformApplySoftware):
        (WebCore::FEBlend::platformApplyNEON):
        * platform/graphics/filters/FEBlend.cpp:
            Use drawImageBuffer() to blend the results of previous filter primitives. This
            allows removing more than 60% of the code.
        (WebCore::FEBlend::FEBlend):
        (WebCore::FEBlend::create):
        (WebCore::FEBlend::blendMode):
        (WebCore::FEBlend::setBlendMode):
        (WebCore::FEBlend::platformApplySoftware):
        (WebCore::FEBlend::dump):
        (WebCore::FEBlend::externalRepresentation):
        (WebCore::feBlendNormal): Deleted.
        (WebCore::feBlendMultiply): Deleted.
        (WebCore::feBlendScreen): Deleted.
        (WebCore::feBlendDarken): Deleted.
        (WebCore::feBlendLighten): Deleted.
        (WebCore::feBlendUnknown): Deleted.
        (WebCore::platformApply): Deleted.
        (WebCore::FEBlend::platformApplyGeneric): Deleted.
        (WebCore::operator<<): Deleted.
        * platform/graphics/filters/FEBlend.h:
        * svg/SVGAnimatedEnumeration.cpp: Use the global BlendMode enumeration.
        (WebCore::enumerationValueForTargetAttribute):
        * svg/SVGFEBlendElement.cpp:
        (WebCore::SVGFEBlendElement::SVGFEBlendElement): Use the global BlendMode enumeration.
            No new enumeration values added or exposed to SVG DOM as requested by SVG WG.
        (WebCore::SVGFEBlendElement::parseAttribute):
        * svg/SVGFEBlendElement.h: Replace BlendModeType with global BlendMode enumeration. Remove
            blend mode parsing code and use the code in GraphicsTypes instead.
        (WebCore::SVGPropertyTraits<BlendMode>::highestEnumValue):
        (WebCore::SVGPropertyTraits<BlendMode>::toString):
        (WebCore::SVGPropertyTraits<BlendModeType>::highestEnumValue): Deleted.
        (WebCore::SVGPropertyTraits<BlendModeType>::toString): Deleted.
        (WebCore::SVGPropertyTraits<BlendModeType>::fromString): Deleted.

2014-06-25  Zalan Bujtas  <zalan@apple.com>

        Unreviewed iOS build fix after r170425.

        * accessibility/AccessibilityProgressIndicator.cpp:
        * accessibility/AccessibilityProgressIndicator.h:

2014-06-25  Chris Fleizach  <cfleizach@apple.com>

        AX: Crash at com.apple.WebCore: WebCore::AlternativeTextController::removeDictationAlternativesForMarker + 43
        https://bugs.webkit.org/show_bug.cgi?id=134226

        Reviewed by Enrica Casucci.

        Unchecked access of details pointer in the Document marker led to the crash.
        It seems erroneous to allow creation of a DocumentMarker without details when one is expected, because it
        carries the dictation context (not just the description).
        Also, add in ASSERTs to catch scenarios where a nullptr might be passed in.

        Test: platform/mac/editing/input/crash-for-empty-text-alternative.html

        * dom/DocumentMarker.cpp:
        (WebCore::DocumentMarker::DocumentMarker):
        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::removeDictationAlternativesForMarker):

2014-06-25  Laszlo Gombos  <l.gombos@samsung.com>

        Remove build guard for progress element
        https://bugs.webkit.org/show_bug.cgi?id=134292

        Reviewed by Benjamin Poulain.

        The build flag is no longer needed as it is always on.

        No new tests as there is no new behaviour.

        * Configurations/FeatureDefines.xcconfig:
        * DerivedSources.make:
        * accessibility/AXObjectCache.cpp:
        (WebCore::createFromRenderer):
        * accessibility/AccessibilityProgressIndicator.cpp:
        (WebCore::AccessibilityProgressIndicator::create):
        (WebCore::AccessibilityProgressIndicator::valueForRange):
        (WebCore::AccessibilityProgressIndicator::maxValueForRange):
        (WebCore::AccessibilityProgressIndicator::minValueForRange):
        (WebCore::AccessibilityProgressIndicator::progressElement):
        * accessibility/AccessibilityProgressIndicator.h:
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
        * css/html.css:
        (progress::-webkit-progress-value):
        * html/HTMLProgressElement.cpp:
        * html/HTMLProgressElement.h:
        * html/HTMLProgressElement.idl:
        * html/HTMLTagNames.in:
        * html/shadow/ProgressShadowElement.cpp:
        * html/shadow/ProgressShadowElement.h:
        * platform/efl/DefaultTheme/CMakeLists.txt:
        * platform/efl/DefaultTheme/default.edc:
        * platform/efl/RenderThemeEfl.cpp:
        (WebCore::toEdjeGroup):
        (WebCore::RenderThemeEfl::applyEdjeRTLState):
        (WebCore::RenderThemeEfl::paintProgressBar):
        * platform/efl/RenderThemeEfl.h:
        * platform/gtk/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::calculateProgressRect):
        * platform/gtk/RenderThemeGtk.h:
        * platform/gtk/RenderThemeGtk2.cpp:
        (WebCore::RenderThemeGtk::paintProgressBar):
        * platform/gtk/RenderThemeGtk3.cpp:
        (WebCore::RenderThemeGtk::paintProgressBar):
        * rendering/RenderObject.h:
        (WebCore::RenderObject::isSnapshottedPlugIn):
        (WebCore::RenderObject::isProgress):
        * rendering/RenderProgress.cpp:
        * rendering/RenderProgress.h:
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::adjustStyle):
        (WebCore::RenderTheme::paint):
        (WebCore::RenderTheme::paintBorderOnly):
        (WebCore::RenderTheme::paintDecorations):
        (WebCore::RenderTheme::progressBarRectForBounds):
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::paintProgressBar):
        * rendering/RenderThemeIOS.h:
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::paintProgressBar):
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintProgressBar):

2014-06-25  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Update GObject DOM bindings test results after r170422.

        * bindings/scripts/test/GObject/WebKitDOMTestActiveDOMObject.cpp:
        (WebKit::wrapTestActiveDOMObject):
        * bindings/scripts/test/GObject/WebKitDOMTestCallback.cpp:
        (WebKit::wrapTestCallback):
        * bindings/scripts/test/GObject/WebKitDOMTestCustomNamedGetter.cpp:
        (WebKit::wrapTestCustomNamedGetter):
        * bindings/scripts/test/GObject/WebKitDOMTestEventConstructor.cpp:
        (WebKit::wrapTestEventConstructor):
        * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
        (WebKit::wrapTestEventTarget):
        * bindings/scripts/test/GObject/WebKitDOMTestException.cpp:
        (WebKit::wrapTestException):
        * bindings/scripts/test/GObject/WebKitDOMTestGenerateIsReachable.cpp:
        (WebKit::wrapTestGenerateIsReachable):
        * bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp:
        (WebKit::wrapTestInterface):
        * bindings/scripts/test/GObject/WebKitDOMTestMediaQueryListListener.cpp:
        (WebKit::wrapTestMediaQueryListListener):
        * bindings/scripts/test/GObject/WebKitDOMTestNamedConstructor.cpp:
        (WebKit::wrapTestNamedConstructor):
        * bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
        (WebKit::wrapTestNode):
        * bindings/scripts/test/GObject/WebKitDOMTestNondeterministic.cpp:
        (WebKit::wrapTestNondeterministic):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (WebKit::wrapTestObj):
        * bindings/scripts/test/GObject/WebKitDOMTestOverloadedConstructors.cpp:
        (WebKit::wrapTestOverloadedConstructors):
        * bindings/scripts/test/GObject/WebKitDOMTestSerializedScriptValueInterface.cpp:
        (WebKit::wrapTestSerializedScriptValueInterface):
        * bindings/scripts/test/GObject/WebKitDOMTestTypedefs.cpp:
        (WebKit::wrapTestTypedefs):
        * bindings/scripts/test/GObject/WebKitDOMattribute.cpp:
        (WebKit::wrapattribute):
        * bindings/scripts/test/GObject/WebKitDOMreadonly.cpp:
        (WebKit::wrapreadonly):

2014-06-24  Tomas Popela  <tpopela@redhat.com>

        [GTK] Some of DOM bindings macros are misnamed
        https://bugs.webkit.org/show_bug.cgi?id=121543

        Reviewed by Carlos Garcia Campos.

        As we are using WebKitDOM as a namespace we should unify all type macros
        to have WEBKIT_DOM_TYPE prefix instead of WEBKIT_TYPE_DOM. Also add
        more exceptions to decamelize function in GObject bindings generator
        to fix the names of bindings for BR, HR, UL, OL, DL and LI elements.

        * bindings/gobject/GObjectEventListener.cpp:
        (WebCore::GObjectEventListener::handleEvent):
        * bindings/gobject/WebKitDOMEventTarget.h:
        * bindings/gobject/WebKitDOMNodeFilter.h:
        * bindings/gobject/WebKitDOMObject.h:
        * bindings/gobject/webkitdom.symbols:
        * bindings/scripts/CodeGeneratorGObject.pm:
        (decamelize):
        (GetParentGObjType):
        (GenerateProperty):
        (GenerateHeader):
        (GenerateCFile):
        (GenerateEventTargetIface):
        * bindings/scripts/test/GObject/WebKitDOMFloat64Array.cpp:
        (WebKit::wrapFloat64Array):
        * bindings/scripts/test/GObject/WebKitDOMFloat64Array.h:
        * bindings/scripts/test/GObject/WebKitDOMTestActiveDOMObject.cpp:
        (WebKit::wrapTestActiveDOMObject):
        * bindings/scripts/test/GObject/WebKitDOMTestActiveDOMObject.h:
        * bindings/scripts/test/GObject/WebKitDOMTestCallback.cpp:
        (WebKit::wrapTestCallback):
        * bindings/scripts/test/GObject/WebKitDOMTestCallback.h:
        * bindings/scripts/test/GObject/WebKitDOMTestCustomNamedGetter.cpp:
        (WebKit::wrapTestCustomNamedGetter):
        * bindings/scripts/test/GObject/WebKitDOMTestCustomNamedGetter.h:
        * bindings/scripts/test/GObject/WebKitDOMTestEventConstructor.cpp:
        (WebKit::wrapTestEventConstructor):
        * bindings/scripts/test/GObject/WebKitDOMTestEventConstructor.h:
        * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
        (WebKit::wrapTestEventTarget):
        * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.h:
        * bindings/scripts/test/GObject/WebKitDOMTestException.cpp:
        (WebKit::wrapTestException):
        * bindings/scripts/test/GObject/WebKitDOMTestException.h:
        * bindings/scripts/test/GObject/WebKitDOMTestGenerateIsReachable.cpp:
        (WebKit::wrapTestGenerateIsReachable):
        * bindings/scripts/test/GObject/WebKitDOMTestGenerateIsReachable.h:
        * bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp:
        (WebKit::wrapTestInterface):
        (webkit_dom_test_interface_class_init):
        * bindings/scripts/test/GObject/WebKitDOMTestInterface.h:
        * bindings/scripts/test/GObject/WebKitDOMTestMediaQueryListListener.cpp:
        (WebKit::wrapTestMediaQueryListListener):
        * bindings/scripts/test/GObject/WebKitDOMTestMediaQueryListListener.h:
        * bindings/scripts/test/GObject/WebKitDOMTestNamedConstructor.cpp:
        (WebKit::wrapTestNamedConstructor):
        * bindings/scripts/test/GObject/WebKitDOMTestNamedConstructor.h:
        * bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
        (WebKit::wrapTestNode):
        * bindings/scripts/test/GObject/WebKitDOMTestNode.h:
        * bindings/scripts/test/GObject/WebKitDOMTestNondeterministic.cpp:
        (WebKit::wrapTestNondeterministic):
        * bindings/scripts/test/GObject/WebKitDOMTestNondeterministic.h:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (WebKit::wrapTestObj):
        (webkit_dom_test_obj_class_init):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        * bindings/scripts/test/GObject/WebKitDOMTestOverloadedConstructors.cpp:
        (WebKit::wrapTestOverloadedConstructors):
        * bindings/scripts/test/GObject/WebKitDOMTestOverloadedConstructors.h:
        * bindings/scripts/test/GObject/WebKitDOMTestSerializedScriptValueInterface.cpp:
        (WebKit::wrapTestSerializedScriptValueInterface):
        (webkit_dom_test_serialized_script_value_interface_class_init):
        * bindings/scripts/test/GObject/WebKitDOMTestSerializedScriptValueInterface.h:
        * bindings/scripts/test/GObject/WebKitDOMTestTypedefs.cpp:
        (WebKit::wrapTestTypedefs):
        (webkit_dom_test_typedefs_class_init):
        * bindings/scripts/test/GObject/WebKitDOMTestTypedefs.h:
        * bindings/scripts/test/GObject/WebKitDOMattribute.cpp:
        (WebKit::wrapattribute):
        * bindings/scripts/test/GObject/WebKitDOMattribute.h:
        * bindings/scripts/test/GObject/WebKitDOMreadonly.cpp:
        (WebKit::wrapreadonly):
        * bindings/scripts/test/GObject/WebKitDOMreadonly.h:

2014-06-24  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r170414.
        https://bugs.webkit.org/show_bug.cgi?id=134291

        the patch added a test that fails on almost every Mac tester
        (Requested by rniwa on #webkit).

        Reverted changeset:

        "Tiles on bottom of screen are not always allocated when
        necessary"
        https://bugs.webkit.org/show_bug.cgi?id=134272
        http://trac.webkit.org/changeset/170414

2014-06-24  Myles C. Maxfield  <mmaxfield@apple.com>

        Tiles on bottom of screen are not always allocated when necessary
        https://bugs.webkit.org/show_bug.cgi?id=134272

        Reviewed by Simon Fraser.

        The initial visibleRect is in the coordinate of the root layer, so its origin
        is at the top left of the view. The initial rect we were using doesn't
        include the contents inset, so it was too short, which was causing tiles near
        the bottom of the screen to not always be allocated if the tile threshold was
        close to the bottom of the view. Instead, we want to include the contents
        inset size so the visible rect includes the entire view.
        GraphicsLayerCA::recursiveCommitChanges() takes care of mapping and cropping
        the visible rect into the tiled layer's coordinate system, at which point it
        is used for visible tile logic.

        Test: platform/mac-wk2/tiled-drawing/visible-rect-content-inset.html

        * platform/graphics/ca/TileCoverageMap.cpp:
        (WebCore::TileCoverageMap::update):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::flushPendingLayerChanges):

2014-06-24  Myles C. Maxfield  <mmaxfield@apple.com>

        InlineTextBox's m_len can be an unsigned (rather than an unsigned short)
        https://bugs.webkit.org/show_bug.cgi?id=134173

        Reviewed by Daniel Bates.

        After Zalan's talks with Kling, it seems that the simple line layout code
        might alleviate the need for the space savings in InlineTextBox. Given this,
        it would be beneficial to be a little more safe by using unsigneds throughout.

        For example, we have code like "void setLen(unsigned len) { m_len = len; }"
        which might silently break if given particular inputs.

        No new tests because there is no behavior change.

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::isSelected):
        (WebCore::InlineTextBox::localSelectionRect):
        (WebCore::InlineTextBox::paint):
        (WebCore::InlineTextBox::selectionStartEnd):
        (WebCore::InlineTextBox::paintSelection):
        (WebCore::InlineTextBox::paintCompositionBackground):
        (WebCore::InlineTextBox::paintDocumentMarker):
        (WebCore::InlineTextBox::paintTextMatchMarker):
        (WebCore::InlineTextBox::computeRectForReplacementMarker):
        * rendering/InlineTextBox.h:
        (WebCore::InlineTextBox::truncation):
        * rendering/RenderTextLineBoxes.cpp:
        (WebCore::ellipsisRectForBox):

2014-06-24  Ryosuke Niwa  <rniwa@webkit.org>

        Speculative 32-bit Mac build fix after r170402.

        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::advanceByCombiningCharacterSequence):

2014-06-24  Joseph Pecoraro  <pecoraro@apple.com>

        [iOS]: WK2 Inspector Node Highlighting
        https://bugs.webkit.org/show_bug.cgi?id=134257

        Reviewed by Timothy Hatcher.

        Some clients want to get highlights with the scroll applied,
        others do not. Provide a CoordinateSpace param to be used for
        getting a highlight (only used on iOS).

        * WebCore.exp.in:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::getHighlight):
        * inspector/InspectorController.h:
        * inspector/InspectorOverlay.cpp:
        (WebCore::InspectorOverlay::getHighlight):
        (WebCore::buildObjectForRendererFragments):
        * inspector/InspectorOverlay.h:
        (WebCore::Highlight::Highlight):
        * testing/Internals.cpp:
        (WebCore::Internals::inspectorHighlightRects):

2014-06-24  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] Uncaught exception when deallocating AVSampleBufferDisplayLayer
        https://bugs.webkit.org/show_bug.cgi?id=134281

        Reviewed by Brent Fulgham.

        AVSampleBufferDisplayLayer is throwing an exception from its -dealloc method because KVO observers exist
        at the time of dealloc. Remove the observer for outputObscuredDueToInsufficientExternalProtection inside
        -stopObservingLayer.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (-[WebAVSampleBufferErrorListener stopObservingLayer:]):

2014-06-24  Mark Rowe  <mrowe@apple.com>

        WKContextHistoryClient::didNavigateWithNavigationData is passed incorrect URL when history.pushState is used
        <https://webkit.org/b/134271> / <rdar://problem/16270167>

        Reviewed by Brady Eidson.

        Tests: http/tests/globalhistory/history-delegate-pushstate.html
               http/tests/globalhistory/history-delegate-replacestate.html

        * page/History.cpp:
        (WebCore::History::stateObjectAdded): Call HistoryController after updating the document's URL so that the
        URL will reflect the destination of the navigation when FrameLoaderClient::updateGlobalHistory is called.

2014-06-24  Myles C. Maxfield  <mmaxfield@apple.com>

        advanceByCombiningCharacterSequence() can be simplified
        https://bugs.webkit.org/show_bug.cgi?id=133591

        Reviewed by Dean Jackson.

        Use U16_NEXT() because it already does what we're trying to do.

        No new tests because there is no behavior change.

        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::advanceByCombiningCharacterSequence):

2014-06-24  Brady Eidson  <beidson@apple.com>

        Enable GAMEPAD in the Mac build, but disabled at runtime.
        https://bugs.webkit.org/show_bug.cgi?id=134255

        Reviewed by Dean Jackson.

        No new tests (No changes to a tested config).

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation): Add the ability to have a function be EnabledAtRuntime by
          removing such functions from the prototype if they are disabled.

        Change the three new objects and the one new function to be EnabledAtRuntime
        * Modules/gamepad/Gamepad.idl:
        * Modules/gamepad/GamepadButton.idl:
        * Modules/gamepad/GamepadEvent.idl:
        * Modules/gamepad/NavigatorGamepad.idl:

        Add a RuntimeEnabledFeature for Gamepads:
        * bindings/generic/RuntimeEnabledFeatures.cpp:
        (WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures):
        * bindings/generic/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setGamepadsEnabled):
        (WebCore::RuntimeEnabledFeatures::gamepadsEnabled):

        * Configurations/FeatureDefines.xcconfig:

2014-06-24  Yusuke Suzuki  <utatane.tea@gmail.com>

        CSS JIT: Add positionInRootFragments to SelectorFragment
        https://bugs.webkit.org/show_bug.cgi?id=133609

        Reviewed by Benjamin Poulain.

        Some non-backtrack-related predicates use relationToRightFragment information
        to decide whether checkingContext->elementStyle should be refered.
        To make it works correctly, add the positionInRootFragments field to SelectorFragment.
        When positionInRootFragments == Rightmost and relationToRightFragment == Rightmost,
        we should see checkingContext->elementStyle.

        Test: fast/selectors/first-child-update-with-renderer.html

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::shouldUseRenderStyleFromCheckingContext):
        (WebCore::SelectorCompiler::addPseudoClassType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
        (WebCore::SelectorCompiler::constructFragments):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsActive):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsHovered):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsLastChild):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsOnlyChild):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):

2014-06-24  Jer Noble  <jer.noble@apple.com>

        [Fullscreen][Mac] WKView is not firstResponder after entering fullscreen mode
        https://bugs.webkit.org/show_bug.cgi?id=134270

        Reviewed by Jon Honeycutt.

        The WebCoreFullScreenWindow's firstResponder is reset when the full screen animation completes and
        the window's style is changed to a fullscreen style. Save the firstResponder, and if it's still in
        the window's view hierarchy after the style changes, reset it to the firstResponder.

        * platform/mac/WebCoreFullScreenWindow.mm:
        (-[WebCoreFullScreenWindow setStyleMask:]):

2014-06-24  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status through to EME
        https://bugs.webkit.org/show_bug.cgi?id=134221

        Reviewed by Eric Carlson.

        Pass the outputObscuredDueToInsufficientExternalProtection property of AVSampleBufferDisplayLayer
        as an error to the associated MediaKeySession object.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (-[WebAVSampleBufferErrorListener invalidate]):
        (-[WebAVSampleBufferErrorListener beginObservingLayer:]):
        (-[WebAVSampleBufferErrorListener observeValueForKeyPath:ofObject:change:context:]):

2014-06-20  Myles C. Maxfield  <mmaxfield@apple.com>

        Use unsigneds instead of ints for indexes into a string in text layout code
        https://bugs.webkit.org/show_bug.cgi?id=133592

        Reviewed by Zalan Bujtas.

        Migrate much of the text-handling code to use unsigneds for indexes into a string.

        No new tests because there is no behavior change.

        * WebCore.exp.in:
        * platform/graphics/Font.cpp:
        (WebCore::Font::drawText):
        (WebCore::Font::drawEmphasisMarks):
        (WebCore::Font::adjustSelectionRectForText):
        (WebCore::computeUnderlineType):
        * platform/graphics/Font.h:
        * platform/graphics/FontFastPath.cpp:
        (WebCore::Font::getGlyphsAndAdvancesForSimpleText):
        (WebCore::Font::drawSimpleText):
        (WebCore::Font::drawEmphasisMarksForSimpleText):
        (WebCore::Font::drawGlyphBuffer):
        (WebCore::Font::drawEmphasisMarks):
        (WebCore::Font::adjustSelectionRectForSimpleText):
        * platform/graphics/GlyphBuffer.h:
        (WebCore::GlyphBuffer::size):
        (WebCore::GlyphBuffer::glyphs):
        (WebCore::GlyphBuffer::advances):
        (WebCore::GlyphBuffer::fontDataAt):
        (WebCore::GlyphBuffer::advanceAt):
        (WebCore::GlyphBuffer::offsetAt):
        (WebCore::GlyphBuffer::reverse):
        (WebCore::GlyphBuffer::offsetInString):
        (WebCore::GlyphBuffer::swap):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::TextRunIterator::atEnd):
        * platform/graphics/Latin1TextIterator.h:
        (WebCore::Latin1TextIterator::Latin1TextIterator):
        (WebCore::Latin1TextIterator::currentCharacter):
        * platform/graphics/SimpleFontData.h:
        * platform/graphics/SurrogatePairAwareTextIterator.cpp:
        (WebCore::SurrogatePairAwareTextIterator::SurrogatePairAwareTextIterator):
        * platform/graphics/SurrogatePairAwareTextIterator.h:
        (WebCore::SurrogatePairAwareTextIterator::currentCharacter):
        * platform/graphics/TextRun.h:
        (WebCore::TextRun::length):
        (WebCore::TextRun::charactersLength):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::glyphDataForCharacter):
        (WebCore::applyFontTransforms):
        (WebCore::WidthIterator::advanceInternal):
        (WebCore::WidthIterator::advance):
        (WebCore::WidthIterator::advanceOneCharacter):
        * platform/graphics/WidthIterator.h:
        * platform/graphics/cairo/FontCairo.cpp:
        (WebCore::Font::drawGlyphs):
        * platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        (WebCore::Font::adjustSelectionRectForComplexText):
        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::setNormalizedBuffer):
        * platform/graphics/mac/FontComplexTextMac.cpp:
        (WebCore::Font::adjustSelectionRectForComplexText):
        (WebCore::Font::getGlyphsAndAdvancesForComplexText):
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        * platform/graphics/mac/FontMac.mm:
        (WebCore::Font::drawGlyphs):
        * platform/graphics/win/FontCGWin.cpp:
        (WebCore::Font::drawGlyphs):
        * platform/graphics/win/FontWin.cpp:
        (WebCore::Font::adjustSelectionRectForComplexText):
        (WebCore::Font::getGlyphsAndAdvancesForComplexText):
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        * platform/graphics/wince/FontWinCE.cpp:
        (WebCore::Font::drawGlyphs):
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        (WebCore::Font::selectionRectForComplexText):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::isSelected):
        (WebCore::InlineTextBox::selectionState):
        (WebCore::adjustCharactersAndLengthForHyphen):
        (WebCore::InlineTextBox::localSelectionRect):
        (WebCore::InlineTextBox::paint):
        (WebCore::InlineTextBox::selectionStartEnd):
        (WebCore::InlineTextBox::paintSelection):
        (WebCore::InlineTextBox::paintCompositionBackground):
        (WebCore::InlineTextBox::paintDocumentMarker):
        (WebCore::InlineTextBox::paintTextMatchMarker):
        (WebCore::InlineTextBox::computeRectForReplacementMarker):
        (WebCore::InlineTextBox::paintCompositionUnderline):
        (WebCore::InlineTextBox::positionForOffset):
        (WebCore::InlineTextBox::constructTextRun):
        * rendering/InlineTextBox.h:
        * rendering/RenderCombineText.cpp:
        (WebCore::RenderCombineText::getStringToRender):
        * rendering/RenderCombineText.h:
        * rendering/svg/SVGInlineFlowBox.cpp:
        (WebCore::SVGInlineFlowBox::computeTextMatchMarkerRectForRenderer):
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::positionForOffset):
        (WebCore::SVGInlineTextBox::localSelectionRect):
        (WebCore::SVGInlineTextBox::paintSelectionBackground):
        (WebCore::SVGInlineTextBox::mapStartEndPositionsIntoFragmentCoordinates):
        (WebCore::SVGInlineTextBox::paintText):
        * rendering/svg/SVGInlineTextBox.h:
        * rendering/svg/SVGTextMetricsBuilder.cpp:
        (WebCore::SVGTextMetricsBuilder::currentCharacterStartsSurrogatePair):
        (WebCore::SVGTextMetricsBuilder::advance):
        * rendering/svg/SVGTextQuery.cpp:
        (WebCore::SVGTextQuery::mapStartEndPositionsIntoFragmentCoordinates):
        (WebCore::SVGTextQuery::modifyStartEndPositionsRespectingLigatures):
        (WebCore::SVGTextQuery::subStringLengthCallback):
        (WebCore::SVGTextQuery::startPositionOfCharacterCallback):
        (WebCore::SVGTextQuery::endPositionOfCharacterCallback):
        (WebCore::SVGTextQuery::rotationOfCharacterCallback):
        (WebCore::SVGTextQuery::extentOfCharacterCallback):
        (WebCore::SVGTextQuery::characterNumberAtPositionCallback):
        * rendering/svg/SVGTextQuery.h:
        * rendering/svg/SVGTextRunRenderingContext.cpp:
        (WebCore::SVGGlyphToPathTranslator::SVGGlyphToPathTranslator):
        (WebCore::SVGTextRunRenderingContext::glyphDataForCharacter):
        * rendering/svg/SVGTextRunRenderingContext.h:
        * svg/SVGFontData.cpp:
        (WebCore::SVGFontData::applySVGGlyphSelection):
        * svg/SVGFontData.h:

2014-06-24  Eric Carlson  <eric.carlson@apple.com>

        Unreviewed build fix.

        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
        (WebCore::InbandTextTrackPrivateAVF::processNativeSamples): Cast variadic argument to int.

2014-06-24  Brent Fulgham  <bfulgham@apple.com>

        [Win] MSVC mishandles enums in bitfields
        https://bugs.webkit.org/show_bug.cgi?id=134237

        Reviewed by Michael Saboff.

        Replace uses of enum types in bit fields with unsigned to
        avoid losing a bit to hold the sign value. This can result
        in Windows interpreting the value of the field improperly.

        * loader/ResourceLoaderOptions.h:
        * platform/network/ResourceRequestBase.h:
        * platform/network/cf/ResourceResponse.h:
        * rendering/RenderLayer.h:
        * rendering/RenderMarquee.h:

2014-06-24  Antti Koivisto  <antti@apple.com>

        Try to fix build.

        * WebCore.exp.in: Remove duplicate export, this should be in the iOS section only.

2014-06-24  Eric Carlson  <eric.carlson@apple.com>

        [Mac] process raw VTT in-band captions
        https://bugs.webkit.org/show_bug.cgi?id=134178

        Reviewed by Jer Noble.

        * CMakeLists.txt: Add ISOVTTCue.cpp|h.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.

        * html/track/BufferedLineReader.h:
        (WebCore::BufferedLineReader::reset): New, empty the input buffer.

        Make it possible to process WebVTT captions. 
        * html/track/InbandGenericTextTrack.cpp:
        (WebCore::InbandGenericTextTrack::parser): Allocate, if necessary, and return a WebVTT parser.
        (WebCore::InbandGenericTextTrack::parseWebVTTCueData): Pass a cue to the parser.
        (WebCore::InbandGenericTextTrack::parseWebVTTFileHeader): Pass a VTT file header to the parser.
        (WebCore::InbandGenericTextTrack::newCuesParsed): Parser callback.
        (WebCore::InbandGenericTextTrack::newRegionsParsed): Ditto.
        (WebCore::InbandGenericTextTrack::fileFailedToParse): Ditto.
        * html/track/InbandGenericTextTrack.h:

        * html/track/InbandTextTrack.h:

        * html/track/InbandWebVTTTextTrack.cpp:
        (WebCore::InbandWebVTTTextTrack::parser): New, parser accessor.
        (WebCore::InbandWebVTTTextTrack::parseWebVTTCueData): New, parse VTT data in an ISOWebVTTCue
            object.
        (WebCore::InbandWebVTTTextTrack::newCuesParsed): Cleanup.
        (WebCore::InbandWebVTTTextTrack::newRegionsParsed): Implement.
        (WebCore::InbandWebVTTTextTrack::fileFailedToParse): Change the error message.
        * html/track/InbandWebVTTTextTrack.h:

        * html/track/TextTrackCueGeneric.cpp:
        (WebCore::TextTrackCueGenericBoxElement::TextTrackCueGenericBoxElement): Change cue parameter
            from a pointer to a reference.
        (WebCore::TextTrackCueGeneric::createDisplayTree): Ditto.

        * html/track/VTTCue.cpp:
        (WebCore::VTTCueBox::create): Change cue parameter from a pointer to a reference.
        (WebCore::VTTCueBox::VTTCueBox): Ditto.
        (WebCore::VTTCueBox::getCue): Return a reference.
        (WebCore::VTTCueBox::applyCSSProperties): m_cue is a reference, not a pointer.
        (WebCore::VTTCue::create): New, create a VTTCue from WebVTTCueData.
        (WebCore::VTTCue::VTTCue): New, internal constructor that takes a WebVTTCueData.
        (WebCore::VTTCue::initialize): New, shared constructor initialization.
        (WebCore::VTTCue::createDisplayTree): m_cue is a reference, not a pointer.
        (WebCore::VTTCue::markFutureAndPastNodes): Ditto.
        (WebCore::VTTCue::setCueSettings): Ditto.
        * html/track/VTTCue.h:
        (WebCore::VTTCueBox::create): Deleted.
        (WebCore::VTTCue::create): Deleted.

        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::parseFileHeader): New. Reset the line reader buffer and parser state, 
            call the parser.
        (WebCore::WebVTTParser::parseCueData): Create a cue from ISOWebVTTCue.
        (WebCore::WebVTTParser::collectTimingsAndSettings): Return immediately if the string is empty.
        (WebCore::WebVTTParser::collectTimeStamp): Ditto.
        * html/track/WebVTTParser.h:
        (WebCore::WebVTTCueData::originalStartTime): New.
        (WebCore::WebVTTCueData::setOriginalStartTime): New.
        (WebCore::WebVTTCueData::WebVTTCueData):

        * loader/TextTrackLoader.cpp:
        (WebCore::TextTrackLoader::getNewCues): Cleanup, use the new VTTCue::create.

        Parse ISO WebVTT cue boxes.
        * platform/graphics/ISOVTTCue.cpp: Added.
        (WebCore::ISOBox::ISOBox):
        (WebCore::ISOBox::peekType):
        (WebCore::ISOBox::peekLength):
        (WebCore::ISOBox::peekString):
        (WebCore::vttCueBoxType):
        (WebCore::vttIdBoxType):
        (WebCore::vttSettingsBoxType):
        (WebCore::vttPayloadBoxType):
        (WebCore::vttCurrentTimeBoxType):
        (WebCore::vttCueSourceIDBoxType):
        (WebCore::ISOWebVTTCue::boxType):
        (WebCore::ISOWebVTTCue::ISOWebVTTCue):
        * platform/graphics/ISOVTTCue.h: Added.
        (WebCore::ISOBox::boxHeaderSize):
        (WebCore::ISOBox::length):
        (WebCore::ISOBox::type):
        (WebCore::ISOWebVTTCue::presentationTime):
        (WebCore::ISOWebVTTCue::duration):
        (WebCore::ISOWebVTTCue::sourceID):
        (WebCore::ISOWebVTTCue::id):
        (WebCore::ISOWebVTTCue::originalStartTime):
        (WebCore::ISOWebVTTCue::settings):
        (WebCore::ISOWebVTTCue::cueText):

        * platform/graphics/InbandTextTrackPrivateClient.h:
        (WebCore::InbandTextTrackPrivateClient::parseWebVTTFileHeader): New.

        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
        (WebCore::InbandTextTrackPrivateAVF::InbandTextTrackPrivateAVF): Add a cue format parameter.
        (WebCore::InbandTextTrackPrivateAVF::processCue): Call processNativeSamples.
        (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Add logging. Minor cleanup.
        (WebCore::InbandTextTrackPrivateAVF::processNativeSamples): New, process an array of 
            CMSampleBuffers, create ISOWebVTTCue from the sample data.
        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.h:

        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.cpp:
        (WebCore::InbandTextTrackPrivateAVCF::InbandTextTrackPrivateAVCF):
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.h:
        (WebCore::InbandTextTrackPrivateAVCF::create):
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::MediaPlayerPrivateAVFoundationCF::processMediaSelectionOptions):
        (WebCore::LegibleOutputData::LegibleOutputData):
        (WebCore::AVFWrapper::processCue):
        (WebCore::AVFWrapper::legibleOutputCallback):

        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.h:
        (WebCore::InbandTextTrackPrivateAVFObjC::create): Add a cue format parameter.
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.mm:
        (WebCore::InbandTextTrackPrivateAVFObjC::InbandTextTrackPrivateAVFObjC): Ditto.

        * platform/graphics/avfoundation/InbandTextTrackPrivateLegacyAVFObjC.cpp:
        (WebCore::InbandTextTrackPrivateLegacyAVFObjC::InbandTextTrackPrivateLegacyAVFObjC): Pass cue
            format to base class.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Improve logging.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerItem): Don't leak an NSDictionary.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged): Don't process media selection
            options until we have tracks.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::processMediaSelectionOptions): 
        (WebCore::MediaPlayerPrivateAVFoundationObjC::processCue): Pass native samples as well as 
            attributed strings to track.
        (-[WebCoreAVFMovieObserver legibleOutput:didOutputAttributedStrings:nativeSampleBuffers:forItemTime:]):
        * platform/graphics/avfoundation/objc/OutOfBandTextTrackPrivateAVF.h:
        (WebCore::OutOfBandTextTrackPrivateAVF::OutOfBandTextTrackPrivateAVF):

        * platform/graphics/avfoundation/objc/OutOfBandTextTrackPrivateAVF.h:
        (WebCore::OutOfBandTextTrackPrivateAVF::OutOfBandTextTrackPrivateAVF):

2014-06-24  Antti Koivisto  <antti@apple.com>

        Only flush layers when the exposed rect actually changes
        https://bugs.webkit.org/show_bug.cgi?id=134248

        Reviewed by Anders Carlsson.

        * WebCore.exp.in:

2014-06-24  Brady Eidson  <beidson@apple.com>

        Remove references to "Shader.h" which doesn't currently exist in the project.

        Rubberstamped by Andreas Kling.

        * WebCore.xcodeproj/project.pbxproj:

2014-06-24  Martin Hock  <mhock@apple.com>

        [iOS] DOMWindow::outerWidth and outerHeight don't return useful values, so return 0.
        Also, revert r169281.
        https://bugs.webkit.org/show_bug.cgi?id=134233
        <rdar://problem/17060183>

        Reviewed by Benjamin Poulain.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::outerHeight):
        (WebCore::DOMWindow::outerWidth):

2014-06-24  Jeremy Jones  <jeremyj@apple.com>

        Don't set AudioSession active while interrupted.
        https://bugs.webkit.org/show_bug.cgi?id=134239

        Reviewed by Eric Carlson.

        To activate the AudioSession there must be a session with audio or video
        and being playing or paused.

        * platform/audio/MediaSessionManager.cpp:
        (WebCore::MediaSessionManager::hasActive): added
        (WebCore::MediaSessionManager::beginInterruption): updateSessionState
        (WebCore::MediaSessionManager::sessionWillBeginPlayback): updateSessionState
        * platform/audio/MediaSessionManager.h: declare hasActive()
        * platform/audio/mac/MediaSessionManagerMac.cpp:
        (MediaSessionManager::updateSessionState): use hasActive()

2014-06-24  Jer Noble  <jer.noble@apple.com>

        REGRESSION(r170336): Crash in HTMLMediaElement::seekTimerFired()
        https://bugs.webkit.org/show_bug.cgi?id=134253

        Rubber-stamped by Eric Carlson.

        Now that seekWithTolerance() has been split up into an asyncronous section, the null-checks in seekWithTolerance()
        need to be re-performed in seekTimerFired(), in case the m_player has been cleared between when the seek was initiated
        and when the asynchronous section is performed.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::seekTimerFired):

2014-06-24  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>

        Fix unused parameter warnings if inspector is disabled
        https://bugs.webkit.org/show_bug.cgi?id=134244

        Reviewed by Zalan Bujtas.

        No new tests, no behavior change.

        * inspector/InspectorConsoleInstrumentation.h:
        (WebCore::InspectorInstrumentation::startProfiling):
        (WebCore::InspectorInstrumentation::stopProfiling):
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didFinishXHRLoading):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::shouldContinueAfterNotifyingLoadedFromMemoryCache):

2014-06-24  Jer Noble  <jer.noble@apple.com>

        [MSE] Add null-check in sourceBufferPrivateAppendComplete().
        https://bugs.webkit.org/show_bug.cgi?id=133230

        Reviewed by Eric Carlson.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateAppendComplete): Bail early if the 
            SourceBuffer has been removed from the MediaSource.

2014-06-24  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r170337.
        https://bugs.webkit.org/show_bug.cgi?id=134250

        caused 3 layout tests to crash on debug. (Requested by zalan
        on #webkit).

        Reverted changeset:

        "Use unsigneds instead of ints for indexes into a string in
        text layout code"
        https://bugs.webkit.org/show_bug.cgi?id=133592
        http://trac.webkit.org/changeset/170337

2014-06-24  Jarek Czekalski  <jarekczek@poczta.onet.pl>

        [ATK] Don't ignore links rendered as blocks.
        https://bugs.webkit.org/show_bug.cgi?id=130941

        Reviewed by Mario Sanchez Prada.

        * /m/usr/src/webkit-trunk/Source/WebCore/accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (WebCore::AccessibilityObject::objectFocusedAndCaretOffsetUnignored): Don't ignore links
        when they are renderered with display:block.

2014-06-24  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Update GObject DOM bindings test results after r170351.

        * bindings/scripts/test/GObject/WebKitDOMTestTypedefs.cpp:
        * bindings/scripts/test/GObject/WebKitDOMTestTypedefs.h:

2014-06-24  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix GTK+ build after r170309.

        Skip functions returning arrays in GObject DOM bindings.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (SkipFunction):

2014-06-23  Ryuan Choi  <ryuan.choi@samsung.com>

        [EFL] Replace RefPtr<Evas_Object> with UniquePtrEfl
        https://bugs.webkit.org/show_bug.cgi?id=134236

        Reviewed by Gyuyoung Kim.

        * platform/efl/RenderThemeEfl.cpp:
        (WebCore::RenderThemeEfl::ThemePartCacheEntry::create):
        (WebCore::RenderThemeEfl::loadTheme):
        (WebCore::RenderThemeEfl::applyPartDescriptionsFrom):
        * platform/efl/RenderThemeEfl.h:
        * platform/graphics/efl/CairoUtilitiesEfl.cpp:
        (WebCore::evasObjectFromCairoImageSurface):
        * platform/graphics/efl/CairoUtilitiesEfl.h:
        * platform/graphics/efl/ImageEfl.cpp:
        (WebCore::BitmapImage::getEvasObject):

2014-06-23  Jeremy Jones  <jeremyj@apple.com>

        Chapter forward/backward should seek to beginning/end.
        https://bugs.webkit.org/show_bug.cgi?id=134225

        Reviewed by Eric Carlson.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerController seekChapterBackward:]): forwards to -seekToBeginning
        (-[WebAVPlayerController seekChapterForward:]): forwards to -seekToEnd

2014-06-23  Dean Jackson  <dino@apple.com>

        [Mac] Don't draw focus rings if we are animating controls
        https://bugs.webkit.org/show_bug.cgi?id=134232
        <rdar://problem/17381121>

        Reviewed by Tim Horton.

        Controls in native apps do not draw their focus rings as they
        animate (in Yosemite). Turn this off for WebKit too. It turns
        out that when we were drawing them, they were in the wrong
        place anyway.

        Since we don't animate controls when testing, we can't really test this.

        * platform/mac/ThemeMac.mm:
        (WebCore::paintToggleButton): Only draw the focus ring if the
        NSButtonCell is not animating.

2014-06-23  Krzysztof Czech  <k.czech@samsung.com>

        [ATK] Remove some unnecessary code from WebKitAccessibleWrapperAtk
        https://bugs.webkit.org/show_bug.cgi?id=134193

        Reviewed by Gyuyoung Kim.

        It was used along with DRT. Since we have stopped support WK1/DRT, it won't be needed.

        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (webkitAccessibleGetFocusedElement): Deleted.
        * accessibility/atk/WebKitAccessibleWrapperAtk.h:

2014-06-20  Myles C. Maxfield  <mmaxfield@apple.com>

        Use unsigneds instead of ints for indexes into a string in text layout code
        https://bugs.webkit.org/show_bug.cgi?id=133592

        Reviewed by Zalan Bujtas.

        Migrate much of the text-handling code to use unsigneds for indexes into a string.

        No new tests because there is no behavior change.

        * WebCore.exp.in:
        * platform/graphics/Font.cpp:
        (WebCore::Font::drawText):
        (WebCore::Font::drawEmphasisMarks):
        (WebCore::Font::adjustSelectionRectForText):
        (WebCore::computeUnderlineType):
        * platform/graphics/Font.h:
        * platform/graphics/FontFastPath.cpp:
        (WebCore::Font::getGlyphsAndAdvancesForSimpleText):
        (WebCore::Font::drawSimpleText):
        (WebCore::Font::drawEmphasisMarksForSimpleText):
        (WebCore::Font::drawGlyphBuffer):
        (WebCore::Font::drawEmphasisMarks):
        (WebCore::Font::adjustSelectionRectForSimpleText):
        * platform/graphics/GlyphBuffer.h:
        (WebCore::GlyphBuffer::size):
        (WebCore::GlyphBuffer::glyphs):
        (WebCore::GlyphBuffer::advances):
        (WebCore::GlyphBuffer::fontDataAt):
        (WebCore::GlyphBuffer::advanceAt):
        (WebCore::GlyphBuffer::offsetAt):
        (WebCore::GlyphBuffer::reverse):
        (WebCore::GlyphBuffer::offsetInString):
        (WebCore::GlyphBuffer::swap):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::TextRunIterator::atEnd):
        * platform/graphics/Latin1TextIterator.h:
        (WebCore::Latin1TextIterator::Latin1TextIterator):
        (WebCore::Latin1TextIterator::currentCharacter):
        * platform/graphics/SimpleFontData.h:
        * platform/graphics/SurrogatePairAwareTextIterator.cpp:
        (WebCore::SurrogatePairAwareTextIterator::SurrogatePairAwareTextIterator):
        * platform/graphics/SurrogatePairAwareTextIterator.h:
        (WebCore::SurrogatePairAwareTextIterator::currentCharacter):
        * platform/graphics/TextRun.h:
        (WebCore::TextRun::length):
        (WebCore::TextRun::charactersLength):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::glyphDataForCharacter):
        (WebCore::applyFontTransforms):
        (WebCore::WidthIterator::advanceInternal):
        (WebCore::WidthIterator::advance):
        (WebCore::WidthIterator::advanceOneCharacter):
        * platform/graphics/WidthIterator.h:
        * platform/graphics/cairo/FontCairo.cpp:
        (WebCore::Font::drawGlyphs):
        * platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        (WebCore::Font::adjustSelectionRectForComplexText):
        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::setNormalizedBuffer):
        * platform/graphics/mac/FontComplexTextMac.cpp:
        (WebCore::Font::adjustSelectionRectForComplexText):
        (WebCore::Font::getGlyphsAndAdvancesForComplexText):
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        * platform/graphics/mac/FontMac.mm:
        (WebCore::Font::drawGlyphs):
        * platform/graphics/win/FontCGWin.cpp:
        (WebCore::Font::drawGlyphs):
        * platform/graphics/win/FontWin.cpp:
        (WebCore::Font::adjustSelectionRectForComplexText):
        (WebCore::Font::getGlyphsAndAdvancesForComplexText):
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        * platform/graphics/wince/FontWinCE.cpp:
        (WebCore::Font::drawGlyphs):
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        (WebCore::Font::selectionRectForComplexText):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::isSelected):
        (WebCore::InlineTextBox::selectionState):
        (WebCore::adjustCharactersAndLengthForHyphen):
        (WebCore::InlineTextBox::localSelectionRect):
        (WebCore::InlineTextBox::paint):
        (WebCore::InlineTextBox::selectionStartEnd):
        (WebCore::InlineTextBox::paintSelection):
        (WebCore::InlineTextBox::paintCompositionBackground):
        (WebCore::InlineTextBox::paintDocumentMarker):
        (WebCore::InlineTextBox::paintTextMatchMarker):
        (WebCore::InlineTextBox::computeRectForReplacementMarker):
        (WebCore::InlineTextBox::paintCompositionUnderline):
        (WebCore::InlineTextBox::positionForOffset):
        (WebCore::InlineTextBox::constructTextRun):
        * rendering/InlineTextBox.h:
        * rendering/RenderCombineText.cpp:
        (WebCore::RenderCombineText::getStringToRender):
        * rendering/RenderCombineText.h:
        * rendering/svg/SVGInlineFlowBox.cpp:
        (WebCore::SVGInlineFlowBox::computeTextMatchMarkerRectForRenderer):
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::positionForOffset):
        (WebCore::SVGInlineTextBox::localSelectionRect):
        (WebCore::SVGInlineTextBox::paintSelectionBackground):
        (WebCore::SVGInlineTextBox::mapStartEndPositionsIntoFragmentCoordinates):
        (WebCore::SVGInlineTextBox::paintText):
        * rendering/svg/SVGInlineTextBox.h:
        * rendering/svg/SVGTextMetricsBuilder.cpp:
        (WebCore::SVGTextMetricsBuilder::currentCharacterStartsSurrogatePair):
        (WebCore::SVGTextMetricsBuilder::advance):
        * rendering/svg/SVGTextQuery.cpp:
        (WebCore::SVGTextQuery::mapStartEndPositionsIntoFragmentCoordinates):
        (WebCore::SVGTextQuery::modifyStartEndPositionsRespectingLigatures):
        (WebCore::SVGTextQuery::subStringLengthCallback):
        (WebCore::SVGTextQuery::startPositionOfCharacterCallback):
        (WebCore::SVGTextQuery::endPositionOfCharacterCallback):
        (WebCore::SVGTextQuery::rotationOfCharacterCallback):
        (WebCore::SVGTextQuery::extentOfCharacterCallback):
        (WebCore::SVGTextQuery::characterNumberAtPositionCallback):
        * rendering/svg/SVGTextQuery.h:
        * rendering/svg/SVGTextRunRenderingContext.cpp:
        (WebCore::SVGGlyphToPathTranslator::SVGGlyphToPathTranslator):
        (WebCore::SVGTextRunRenderingContext::glyphDataForCharacter):
        * rendering/svg/SVGTextRunRenderingContext.h:
        * svg/SVGFontData.cpp:
        (WebCore::SVGFontData::applySVGGlyphSelection):
        * svg/SVGFontData.h:

2014-06-20  Jer Noble  <jer.noble@apple.com>

        HTMLMediaElement seek algorithm should allow cancelling previous seeks.
        https://bugs.webkit.org/show_bug.cgi?id=134116

        Reviewed by Eric Carlson.

        Test: media/video-seek-double.html

        Fulfill the requirement of the §4.7.14.9 seeking algorithm to do steps 5+ asynchronously and cancel
        previous instances of the algorithm.

        For the html/ parts of the algorithm, implement this by adding a seek timer, which when fired will
        issue steps 5-12. MediaPlayerPrivateAVFoundation will already coalesce multiple seek operations, so nothing
        additional needs be done there.  However, MediaPlayerPrivateMediaSourceAVFObjC needs to implement the same
        pending seek logic in case additional seeks were issued after the html/ algorithm reached step 12.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement): Initialize the new m_seekTimer.
        (WebCore::HTMLMediaElement::parseAttribute): Clear the seek timer.
        (WebCore::HTMLMediaElement::seekInternal): Differentiate between DOM seeks and internal seeks.
        (WebCore::HTMLMediaElement::seekWithTolerance:) Split into the seekTimerFired() method.
        (WebCore::HTMLMediaElement::seekTimerFired:) Added, split from seekWithTolerance().
        * html/HTMLMediaElement.h:
        * html/MediaController.cpp:
        (MediaController::bringElementUpToSpeed): Call seekInternal().
        (WebCore::HTMLMediaElement::PendingSeek::PendingSeek): Added convenience struct for storing seek requests.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::PendingSeek::PendingSeek): Ditto.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::MediaPlayerPrivateMediaSourceAVFObjC): Modify the time jumped
            handler to not clear the m_seeking flag if another seek request is pending.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekWithTolerance):
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekInternal):

2014-06-23  Timothy Horton  <timothy_horton@apple.com>

        [WK2] Use the page background color instead of white when swipe snapshots were purged (134218)
        https://bugs.webkit.org/show_bug.cgi?id=134218
        <rdar://problem/17426454>

        Reviewed by Benjamin Poulain.

        * WebCore.exp.in:

2014-06-23  Eric Carlson  <eric.carlson@apple.com>

        [iOS] remove InbandTextTrackPrivateAVFIOS
        https://bugs.webkit.org/show_bug.cgi?id=134220

        Reviewed by Benjamin Poulain.

        * WebCore.xcodeproj/project.pbxproj: Remove references to InbandTextTrackPrivateAVFIOS.

        * platform/graphics/ios/InbandTextTrackPrivateAVFIOS.h: Removed.
        * platform/graphics/ios/InbandTextTrackPrivateAVFIOS.mm: Removed.

2014-06-23  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r170323.
        https://bugs.webkit.org/show_bug.cgi?id=134224

        lots of build breakage (Requested by bradeeoh on #webkit).

        Reverted changeset:

        "[Mac] process raw VTT in-band captions"
        https://bugs.webkit.org/show_bug.cgi?id=134178
        http://trac.webkit.org/changeset/170323

2014-06-23  Jeffrey Pfau  <jpfau@apple.com>

        Fix release build

        * Modules/indexeddb/IDBTransactionCoordinator.cpp:
        (WebCore::IDBTransactionCoordinator::canRunTransaction):

2014-06-19  Jeffrey Pfau  <jpfau@apple.com>

        Database process crashes when multiple transactions attempt to run at once
        https://bugs.webkit.org/show_bug.cgi?id=134139

        Reviewed by David Kilzer.

        Ensure that only one transaction can be running at a time.

        Test: storage/indexeddb/transaction-overlapping.html

        * Modules/indexeddb/IDBTransactionCoordinator.cpp:
        (WebCore::IDBTransactionCoordinator::canRunTransaction):

2014-06-23  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Make the state restore from HistoryItem more precise and reliable
        https://bugs.webkit.org/show_bug.cgi?id=134150

        Reviewed by Tim Horton.

        The two biggest changes for WebCore are:
        -Store everything we need to handle changes of ViewportConfiguration on HistoryItem.
        -Store the exposedRect with floating point coordinates.

        * WebCore.exp.in:
        * history/CachedPage.cpp:
        (WebCore::CachedPage::restore):
        We cannot determine a good scroll position from the WebProcess because the obscured insets can change
        arbitrarily in the UIProcess. When we scroll here from the WebProcess, we would force an invalid position
        to the UIProcess with the next layer tree update.

        To avoid any problem, we prohibit scrolling when restoring the focus appearance.

        * history/HistoryItem.cpp:
        (WebCore::encodeRect):
        (WebCore::encodeSize):
        (WebCore::HistoryItem::encodeBackForwardTreeNode):
        (WebCore::decodeRect):
        (WebCore::decodeSize):
        (WebCore::HistoryItem::decodeBackForwardTree):
        * history/HistoryItem.h:
        (WebCore::HistoryItem::exposedContentRect):
        (WebCore::HistoryItem::setExposedContentRect):
        (WebCore::HistoryItem::unobscuredContentRect):
        (WebCore::HistoryItem::setUnobscuredContentRect):
        (WebCore::HistoryItem::minimumLayoutSizeInScrollViewCoordinates):
        (WebCore::HistoryItem::setMinimumLayoutSizeInScrollViewCoordinates):
        (WebCore::HistoryItem::contentSize):
        (WebCore::HistoryItem::setContentSize):
        (WebCore::HistoryItem::exposedContentPosition): Deleted.
        (WebCore::HistoryItem::setExposedContentPosition): Deleted.
        * loader/HistoryController.cpp:
        (WebCore::HistoryController::saveScrollPositionAndViewStateToItem):
        * page/FrameView.h:
        * platform/ScrollView.h:
        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::exposedContentRect):
        (WebCore::ScrollView::setExposedContentRect):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::didChangeVisibleRect):

2014-06-23  Eric Carlson  <eric.carlson@apple.com>

        [Mac] process raw VTT in-band captions
        https://bugs.webkit.org/show_bug.cgi?id=134178

        Reviewed by Jer Noble.

        * CMakeLists.txt: Add ISOVTTCue.cpp|h.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.

        * html/track/BufferedLineReader.h:
        (WebCore::BufferedLineReader::reset): New, empty the input buffer.

        Make it possible to process WebVTT captions. 
        * html/track/InbandGenericTextTrack.cpp:
        (WebCore::InbandGenericTextTrack::parser): Allocate, if necessary, and return a WebVTT parser.
        (WebCore::InbandGenericTextTrack::parseWebVTTCueData): Pass a cue to the parser.
        (WebCore::InbandGenericTextTrack::parseWebVTTFileHeader): Pass a VTT file header to the parser.
        (WebCore::InbandGenericTextTrack::newCuesParsed): Parser callback.
        (WebCore::InbandGenericTextTrack::newRegionsParsed): Ditto.
        (WebCore::InbandGenericTextTrack::fileFailedToParse): Ditto.
        * html/track/InbandGenericTextTrack.h:

        * html/track/InbandTextTrack.h:

        * html/track/InbandWebVTTTextTrack.cpp:
        (WebCore::InbandWebVTTTextTrack::parser): New, parser accessor.
        (WebCore::InbandWebVTTTextTrack::parseWebVTTCueData): New, parse VTT data in an ISOWebVTTCue
            object.
        (WebCore::InbandWebVTTTextTrack::newCuesParsed): Cleanup.
        (WebCore::InbandWebVTTTextTrack::newRegionsParsed): Implement.
        (WebCore::InbandWebVTTTextTrack::fileFailedToParse): Change the error message.
        * html/track/InbandWebVTTTextTrack.h:

        * html/track/TextTrackCueGeneric.cpp:
        (WebCore::TextTrackCueGenericBoxElement::TextTrackCueGenericBoxElement): Change cue parameter
            from a pointer to a reference.
        (WebCore::TextTrackCueGeneric::createDisplayTree): Ditto.

        * html/track/VTTCue.cpp:
        (WebCore::VTTCueBox::create): Change cue parameter from a pointer to a reference.
        (WebCore::VTTCueBox::VTTCueBox): Ditto.
        (WebCore::VTTCueBox::getCue): Return a reference.
        (WebCore::VTTCueBox::applyCSSProperties): m_cue is a reference, not a pointer.
        (WebCore::VTTCue::create): New, create a VTTCue from WebVTTCueData.
        (WebCore::VTTCue::VTTCue): New, internal constructor that takes a WebVTTCueData.
        (WebCore::VTTCue::initialize): New, shared constructor initialization.
        (WebCore::VTTCue::createDisplayTree): m_cue is a reference, not a pointer.
        (WebCore::VTTCue::markFutureAndPastNodes): Ditto.
        (WebCore::VTTCue::setCueSettings): Ditto.
        * html/track/VTTCue.h:
        (WebCore::VTTCueBox::create): Deleted.
        (WebCore::VTTCue::create): Deleted.

        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::parseFileHeader): New. Reset the line reader buffer and parser state, 
            call the parser.
        (WebCore::WebVTTParser::parseCueData): Create a cue from ISOWebVTTCue.
        (WebCore::WebVTTParser::collectTimingsAndSettings): Return immediately if the string is empty.
        (WebCore::WebVTTParser::collectTimeStamp): Ditto.
        * html/track/WebVTTParser.h:
        (WebCore::WebVTTCueData::originalStartTime): New.
        (WebCore::WebVTTCueData::setOriginalStartTime): New.
        (WebCore::WebVTTCueData::WebVTTCueData):

        * loader/TextTrackLoader.cpp:
        (WebCore::TextTrackLoader::getNewCues): Cleanup, use the new VTTCue::create.

        * platform/graphics/InbandTextTrackPrivateClient.h:
        (WebCore::InbandTextTrackPrivateClient::parseWebVTTFileHeader): New.

        Parse ISO WebVTT cue boxes.
        * platform/graphics/ISOVTTCue.cpp: Added.
        (WebCore::ISOBox::ISOBox):
        (WebCore::ISOBox::peekType):
        (WebCore::ISOBox::peekLength):
        (WebCore::ISOBox::peekString):
        (WebCore::vttCueBoxType):
        (WebCore::vttIdBoxType):
        (WebCore::vttSettingsBoxType):
        (WebCore::vttPayloadBoxType):
        (WebCore::vttCurrentTimeBoxType):
        (WebCore::vttCueSourceIDBoxType):
        (WebCore::ISOWebVTTCue::boxType):
        (WebCore::ISOWebVTTCue::ISOWebVTTCue):
        * platform/graphics/ISOVTTCue.h: Added.
        (WebCore::ISOBox::boxHeaderSize):
        (WebCore::ISOBox::length):
        (WebCore::ISOBox::type):
        (WebCore::ISOWebVTTCue::presentationTime):
        (WebCore::ISOWebVTTCue::duration):
        (WebCore::ISOWebVTTCue::sourceID):
        (WebCore::ISOWebVTTCue::id):
        (WebCore::ISOWebVTTCue::originalStartTime):
        (WebCore::ISOWebVTTCue::settings):
        (WebCore::ISOWebVTTCue::cueText):

        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
        (WebCore::InbandTextTrackPrivateAVF::InbandTextTrackPrivateAVF): Add a cue format parameter.
        (WebCore::InbandTextTrackPrivateAVF::processCue): Call processNativeSamples.
        (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Add logging. Minor cleanup.
        (WebCore::InbandTextTrackPrivateAVF::processNativeSamples): New, process an array of 
            CMSampleBuffers, create ISOWebVTTCue from the sample data.
        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.h:

        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.h:
        (WebCore::InbandTextTrackPrivateAVFObjC::create): Add a cue format parameter.
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.mm:
        (WebCore::InbandTextTrackPrivateAVFObjC::InbandTextTrackPrivateAVFObjC): Ditto.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Improve logging.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerItem): Don't leak an NSDictionary.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged): Don't process media selection
            options until we have tracks.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::processMediaSelectionOptions): 
        (WebCore::MediaPlayerPrivateAVFoundationObjC::processCue): Pass native samples as well as 
            attributed strings to track.
        (-[WebCoreAVFMovieObserver legibleOutput:didOutputAttributedStrings:nativeSampleBuffers:forItemTime:]):
        * platform/graphics/avfoundation/objc/OutOfBandTextTrackPrivateAVF.h:
        (WebCore::OutOfBandTextTrackPrivateAVF::OutOfBandTextTrackPrivateAVF):

        * platform/graphics/avfoundation/InbandTextTrackPrivateLegacyAVFObjC.cpp:
        (WebCore::InbandTextTrackPrivateLegacyAVFObjC::InbandTextTrackPrivateLegacyAVFObjC): Pass cue
            format to base class.

        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.cpp:
        (WebCore::InbandTextTrackPrivateAVCF::InbandTextTrackPrivateAVCF): Ditto.
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.h:

2014-06-23  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] Crash in SourceBuffer::sourceBufferPrivateDidReceiveRenderingError()
        https://bugs.webkit.org/show_bug.cgi?id=134211

        Reviewed by Eric Carlson.

        Null-check m_source before dereferencing, as the SourceBuffer may have been removed
        from its MediaSource before this error was received.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveRenderingError):

2014-06-23  Joseph Pecoraro  <pecoraro@apple.com>

        Reduce synchronous layout triggered by JavaScript-based media controls
        https://bugs.webkit.org/show_bug.cgi?id=134208

        Reviewed by Eric Carlson.

        Avoid always querying the offsetWidth and offsetHeight of the timeline
        by only calculating these values when the timeline may change size.
        Also avoid doing work in a few cases where properties did not
        actually change.

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller):

        (Controller.prototype.setNeedsTimelineMetricsUpdate):
        (Controller.prototype.updateTimelineMetricsIfNeeded):
        Only update the timeline metrics when they may have changed.

        (Controller.prototype.updateControls):
        (Controller.prototype.handleTimelineMouseMove):
        (Controller.prototype.progressFillStyle):
        (Controller.prototype.showControls):
        (Controller.prototype.addControls):
        Mark timeline metrics need update based on various UI changes.

        (Controller.prototype.setStatusHidden):
        Only do work if the hidden status changed.
        Mark timeline metrics need update if the timeline is changed.

        (Controller.prototype.updateProgress):
        Use cached timeline metrics instead of always querying offsetWidth/offsetHeight.

        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS):
        (ControllerIOS.prototype.updateControls):

        (ControllerIOS.prototype.updateProgress):
        Use cached timeline metrics instead of always querying offsetWidth/offsetHeight.

        (ControllerIOS.prototype.handleWirelessPlaybackChange):
        Mark timeline metrics need update as button may have changed.

        (ControllerIOS.prototype.handleWirelessTargetAvailableChange):
        Only do work if the availability changed.
        Mark timeline metrics need update as a new button may have appeared.

        (ControllerIOS.prototype.set pageScaleFactor):
        Only do work if the page scale factor changed.

2014-06-23  Brady Eidson  <beidson@apple.com>

        Add skeleton code for updated Gamepad API
        https://bugs.webkit.org/show_bug.cgi?id=134165

        Unreviewed - Forgotten review feedback from http://trac.webkit.org/changeset/170309

        * Modules/gamepad/GamepadButton.idl: Forgot to commit the removal of NoInterfaceObject here.

2014-06-23  Brady Eidson  <beidson@apple.com>

        Add skeleton code for updated Gamepad API
        https://bugs.webkit.org/show_bug.cgi?id=134165

        Reviewed by Dean Jackson.

        No new tests (No change in behavior for any tested configuration)

        Interface and dummy implementation for the Gamepad object:
        * Modules/gamepad/Gamepad.cpp: Added.
        (WebCore::Gamepad::Gamepad):
        (WebCore::Gamepad::~Gamepad):
        (WebCore::Gamepad::axes):
        (WebCore::Gamepad::buttons):
        * Modules/gamepad/Gamepad.h: Added.
        * Modules/gamepad/Gamepad.idl: Added.

        Interface and dummy implementation for the GamepadButton object:
        * Modules/gamepad/GamepadButton.cpp: Added.
        (WebCore::GamepadButton::GamepadButton):
        (WebCore::GamepadButton::pressed):
        * Modules/gamepad/GamepadButton.h: Added.
        (WebCore::GamepadButton::create):
        (WebCore::GamepadButton::value):
        (WebCore::GamepadButton::setValue):
        * Modules/gamepad/GamepadButton.idl: Added.

        Interface and dummy implementation for the GamepadEvent object:
        * Modules/gamepad/GamepadEvent.cpp: Added.
        (WebCore::GamepadEvent::GamepadEvent):
        * Modules/gamepad/GamepadEvent.h: Added.
        (WebCore::GamepadEventInit::GamepadEventInit):
        (WebCore::GamepadEvent::~GamepadEvent):
        (WebCore::GamepadEvent::create):
        (WebCore::GamepadEvent::gamepad):
        * Modules/gamepad/GamepadEvent.idl: Added.
        * dom/EventNames.in:

        Interface and dummy implementation for additions to the Navigator object:
        * Modules/gamepad/NavigatorGamepad.cpp: Added.
        (WebCore::NavigatorGamepad::NavigatorGamepad):
        (WebCore::NavigatorGamepad::supplementName):
        (WebCore::NavigatorGamepad::from):
        (WebCore::NavigatorGamepad::getGamepads):
        (WebCore::NavigatorGamepad::gamepads):
        * Modules/gamepad/NavigatorGamepad.h: Added.
        * Modules/gamepad/NavigatorGamepad.idl: Added.

        Bindings additions necessary for these new interfaces:
        * bindings/js/JSDOMBinding.h:
        (WebCore::JSValueTraits<double>::arrayJSValue):
        * bindings/js/JSDictionary.cpp:
        (WebCore::JSDictionary::convertValue):
        * bindings/js/JSDictionary.h:

        Project file stuff:
        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCoreCommon.props:
        * WebCore.vcxproj/copyForwardingHeaders.cmd:
        * WebCore.xcodeproj/project.pbxproj:
        * DerivedSources.make:

2014-06-23  Simon Fraser  <simon.fraser@apple.com>

        Catch Obj-C exceptions thrown by _linenPatternImage
        https://bugs.webkit.org/show_bug.cgi?id=134202

        Reviewed by Geoffrey Garen.

        Catch Objective-C exceptions thrown by _linenPatternImage and
        -[NSImage CGImageForProposedRect:context:hints:].

        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::linenBackgroundColor):

2014-06-23  Simon Fraser  <simon.fraser@apple.com>

        CSS clip property should make layers non-opaque
        https://bugs.webkit.org/show_bug.cgi?id=134147
        <rdar://problem/17324579>

        Reviewed by Tim Horton.
        
        https://www.fairphone.com has position:fixed elements with clip: rect(...)
        but we were making those layers opaque, resulting in garbage pixels
        in areas outside the clip rect.
        
        Fix by checking for the clip property in RenderBox::backgroundIsKnownToBeOpaqueInRect().

        Test: compositing/contents-opaque/opaque-with-clip.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::backgroundIsKnownToBeOpaqueInRect):

2014-06-23  Simon Fraser  <simon.fraser@apple.com>

        Adding a mask on a simple color compositing layer removes the content
        https://bugs.webkit.org/show_bug.cgi?id=134127

        Reviewed by Dean Jackson.
        
        In r169053 I moved some updateDrawsContent() into updateAfterDescendents(),
        but this isn't called when a composited layer gains or loses a mask (which
        doesn't cause a layout). This caused us to fail to allocate backing store
        when gaining a mask, resulting in missing content.
        
        Fix by calling updateAfterDescendents() from RenderLayer::styleChange()
        when the layer config isn't changing.
        
        Also remove a condition in isSimpleContainerCompositingLayer() that caused us
        to fall off the simple layer path for masked layers, since this works just
        fine.

        Test: compositing/masks/solid-color-masked.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::isSimpleContainerCompositingLayer):

2014-06-23  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Writing mode changes on the <html> and RenderView need to
        be propagated to column sets and flow thread children of those renderers.
        https://bugs.webkit.org/show_bug.cgi?id=134121
        <rdar://problem/16884527>

        Reviewed by Dean Jackson.

        Added fast/multicol/pagination/RightToLeft-rl-dynamic.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::styleDidChange):
        Refactor the propagation code for column sets and flow thread styles into a helper
        function that is called here.

        (WebCore::RenderBlockFlow::updateStylesForColumnChildren):
        * rendering/RenderBlockFlow.h:
        Add a new helper function for recalculating the styles of the column sets and
        flow thread in response to changes.

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::styleDidChange):
        When the style is changed for a root element or the RenderView in response to
        writing mode and direction changes, make sure that style gets propagated to
        the column children by calling the new helper function.

2014-06-23  Jer Noble  <jer.noble@apple.com>

        [Mac] Uncaught exception crash when destroying MediaPlayerPrivateAVFoundationObjC
        https://bugs.webkit.org/show_bug.cgi?id=134198

        Reviewed by Eric Carlson.

        Now that we always create an AVPlayerLayer when creating an AVPlayer, but we don't
        return that layer from platformLayer() unless we've been asked to, we no longer are
        asked to destroy our video layer from MediaPlayerPrivateAVFoundation::tearDownVideoRendering().

        Instead, explicitly destroy our video layer (and remove the KVO-observer which is
        causing this exception) in the MediaPlayerPrivateAVFoundationObjC destructor.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC):

2014-06-23  Andreas Kling  <akling@apple.com>

        Remove unused FrameView::setUseCustomFixedPositionLayoutRect().
        <https://webkit.org/b/134194>

        Reviewed by Anders Carlsson.

        * WebCore.exp.in:
        * page/FrameView.cpp:
        (WebCore::FrameView::setUseCustomFixedPositionLayoutRect): Deleted.
        * page/FrameView.h:

2014-06-23  Antti Koivisto  <antti@apple.com>

        REGRESSION (r160908): Unable to unset bold while entering text
        https://bugs.webkit.org/show_bug.cgi?id=134196
        <rdar://problem/17051653>

        Reviewed by Andreas Kling.
        
        No test, this code path is used by some WK1 API clients only.

        * editing/Editor.cpp:
        (WebCore::Editor::styleForSelectionStart):
        
            This needs to update the style before requesting the renderer.

        * editing/Editor.h:
        * editing/ios/EditorIOS.mm:
        (WebCore::styleForSelectionStart): Deleted.
        * editing/mac/EditorMac.mm:
        (WebCore::styleForSelectionStart): Deleted.
        
            Removed the duplicated functions, moved to Editor.cpp.

2014-06-23  Alex Christensen  <achristensen@webkit.org>

        [iOS] Fix video in WebGL.
        https://bugs.webkit.org/show_bug.cgi?id=133511

        Reviewed by Jer Noble.

        * WebCore.exp.in:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin):
        (WebCore::wkAVAssetResolvedURL): Deleted.
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:
        Declare and use resolvedURL on AVURLAsset instead of using wkAVAssetResolvedURL through WebKitSystemInterface.

2014-06-23  Radu Stavila  <stavila@adobe.com>

        REGRESSION (r168046): Incorrect handling of object information in WebCore::RenderFlowThread::removeLineRegionInfo
        https://bugs.webkit.org/show_bug.cgi?id=133587

        Reviewed by Antti Koivisto.

        When an object flowed in multicol is moved from in-flow positioning to out-of-flow positioning,
        its information must be removed from the flowthread prior to the change being made. 
        Otherwise, the flow thread will no longer be its containing block and a reference to it
        will not be possible to obtain.

        No new tests can be added because the code still hits in an unrelated assertion followed by a null dereference.
        The issue was discussed with Antti Koivisto and we decided its better to fix this problem first and
        handle the following issue in a separate bug.

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::styleWillChange):
        * rendering/RenderObject.h:
        (WebCore::RenderObject::flowThreadContainingBlock):

2014-06-23  Krzysztof Czech  <k.czech@samsung.com>

        [EFL] Platform support for WebSpeech feature.
        https://bugs.webkit.org/show_bug.cgi?id=116438

        Reviewed by Csaba Osztrogonác.

        It's a first step of adding support for Speech Synthesis in EFL port.
        Just stub out required API and support for compilation.

        * CMakeLists.txt:
        * PlatformEfl.cmake:
        * PlatformGTK.cmake: Added some idls to not break GTK build.
        * platform/PlatformSpeechSynthesizer.h:
        * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp: Added.
        (WebCore::PlatformSpeechSynthesisProviderEfl::PlatformSpeechSynthesisProviderEfl):
        (WebCore::PlatformSpeechSynthesisProviderEfl::~PlatformSpeechSynthesisProviderEfl):
        (WebCore::PlatformSpeechSynthesisProviderEfl::initializeVoiceList):
        (WebCore::PlatformSpeechSynthesisProviderEfl::pause):
        (WebCore::PlatformSpeechSynthesisProviderEfl::resume):
        (WebCore::PlatformSpeechSynthesisProviderEfl::speak):
        (WebCore::PlatformSpeechSynthesisProviderEfl::cancel):
        * platform/efl/PlatformSpeechSynthesisProviderEfl.h: Added.
        * platform/efl/PlatformSpeechSynthesizerEfl.cpp: Added.
        (WebCore::PlatformSpeechSynthesizer::PlatformSpeechSynthesizer):
        (WebCore::PlatformSpeechSynthesizer::~PlatformSpeechSynthesizer):
        (WebCore::PlatformSpeechSynthesizer::initializeVoiceList):
        (WebCore::PlatformSpeechSynthesizer::pause):
        (WebCore::PlatformSpeechSynthesizer::resume):
        (WebCore::PlatformSpeechSynthesizer::speak):
        (WebCore::PlatformSpeechSynthesizer::cancel):

2014-06-23  Jeongeun Kim  <je_julie.kim@samsung.com>

        Make it clear to get m_svgExtensions using svgExtensions().
        https://bugs.webkit.org/show_bug.cgi?id=134186.

        Reviewed by Dirk Schulze.

        This patch makes sure that the purpose of code is to get m_svgExtensions 
        as changing accessSVGExtensions() to svgExtensions(). 
        svgExtensions() is a getter API and accessSVGExtensions() checks 
        the presence of m_svgExtensions and create m_svgExtensions if it does not exist. 

        No new tests, no behavior change.

        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::removeChild):
        (WebCore::ContainerNode::removeChildren):
        * dom/Document.cpp:
        (WebCore::Document::commonTeardown):
        (WebCore::Document::implicitClose):
        * history/CachedFrame.cpp:
        (WebCore::CachedFrameBase::restore):
        * svg/SVGDocumentExtensions.cpp:
        (WebCore::SVGDocumentExtensions::startAnimations):
        (WebCore::SVGDocumentExtensions::pauseAnimations):
        (WebCore::SVGDocumentExtensions::unpauseAnimations):
        (WebCore::SVGDocumentExtensions::dispatchSVGLoadEventToOutermostSVGElements):
        (WebCore::SVGDocumentExtensions::rebuildElements):
        * svg/SVGDocumentExtensions.h:

2014-06-23  Dean Jackson  <dino@apple.com>

        [iOS] Use WebGLLayer rather than PlatformLayer in GraphicsContext3D
        https://bugs.webkit.org/show_bug.cgi?id=134183

        Follow-up review from Sam Weinig.

        * platform/graphics/GraphicsContext3D.h: Merge another bit of MAC and IOS
        code.
        * ChangeLog: Actually read his review comments this time.

2014-06-23  Dean Jackson  <dino@apple.com>

        [iOS] Use WebGLLayer rather than PlatformLayer in GraphicsContext3D
        https://bugs.webkit.org/show_bug.cgi?id=134183

        Reviewed by Sam Weinig.

        GraphicsContext3D has a reference to a WebGLLayer that was
        hidden behind a PlatformLayer. This meant we had to cast it
        to use a WebGLLayer method.

        * platform/graphics/GraphicsContext3D.h: Replace RetainPtr<PlatformLayer>
        with RetainPtr<WebGLLayer>.
        * platform/graphics/mac/GraphicsContext3DMac.mm:
        (WebCore::GraphicsContext3D::~GraphicsContext3D): No need to cast.

2014-06-22  Zalan Bujtas  <zalan@apple.com>

        Make offset from ancestor computation explicit by moving it to the callers.
        https://bugs.webkit.org/show_bug.cgi?id=134168.

        Reviewed by Simon Fraser.
        
        Explicit offset computation helps code reading and less error-prone than passing
        the offset pointer and compute it locally when it is null.

        No change in functionality.

        * rendering/RenderLayer.cpp:
        (WebCore::transparencyClipBox):
        (WebCore::performOverlapTests):
        (WebCore::RenderLayer::setupClipPath):
        (WebCore::RenderLayer::setupFilters):
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::collectFragments):
        (WebCore::RenderLayer::updatePaintingInfoForFragments):
        (WebCore::RenderLayer::paintTransformedLayerIntoFragments):
        (WebCore::RenderLayer::hitTestLayer):
        (WebCore::RenderLayer::hitTestTransformedLayerInFragments):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayer.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::calculateCompositedBounds):
        (WebCore::RenderLayerCompositor::requiresCompositingForPosition):
        * rendering/RenderTreeAsText.cpp:
        (WebCore::writeLayers):

2014-06-22  Zalan Bujtas  <zalan@apple.com>

        Transition layer offsets from LayoutPoint to LayoutSize.
        https://bugs.webkit.org/show_bug.cgi?id=134156

        Reviewed by Simon Fraser.

        Use better representation for offset values.

        No change in functionality.

        * platform/graphics/LayoutSize.h:
        (WebCore::roundedForPainting):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::fragmentsBoundingBox):
        * rendering/RenderLayer.cpp:
        (WebCore::expandClipRectForDescendantsAndReflection):
        (WebCore::RenderLayer::convertToLayerCoords):
        (WebCore::computeReferenceBox):
        (WebCore::RenderLayer::setupClipPath):
        (WebCore::RenderLayer::setupFilters):
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::paintLayerByApplyingTransform):
        (WebCore::RenderLayer::collectFragments):
        (WebCore::RenderLayer::updatePaintingInfoForFragments):
        (WebCore::RenderLayer::paintTransformedLayerIntoFragments):
        (WebCore::RenderLayer::createLocalTransformState):
        (WebCore::RenderLayer::hitTestTransformedLayerInFragments):
        (WebCore::RenderLayer::hitTestLayerByApplyingTransform):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayer.h:
        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::collectLayerFragments):

2014-06-22  Dean Jackson  <dino@apple.com>

        Attempted iOS build fix.

        * platform/graphics/mac/GraphicsContext3DMac.mm:
        (WebCore::GraphicsContext3D::~GraphicsContext3D): Cast to WebGLLayer.

2014-06-22  Dean Jackson  <dino@apple.com>

        [Apple] WebGL layer may use GC3D after free with remote layer hosting
        https://bugs.webkit.org/show_bug.cgi?id=134179
        <rdar://problem/17412931>

        Reviewed by Tim Horton.

        With remote layer hosting, a WebGLLayer may attempt to draw after
        the GraphicsContext3D has been destroyed. We need to make sure
        the GC3D tells the WebGLLayer that it is no longer valid.

        While here, I changed some return 0 to return nullptr, the
        name of the ObjC property member from m_context to _context,
        and removed some unnecessary .get() calls.

        This is tested by run-webkit-tests with the --remote-layer-tree
        option.

        * platform/graphics/mac/GraphicsContext3DMac.mm:
        (WebCore::GraphicsContext3D::GraphicsContext3D): No need for .get().
        (WebCore::GraphicsContext3D::~GraphicsContext3D): Set the context reference on WebGLLayer
        to be null.
        (WebCore::GraphicsContext3D::setRenderbufferStorageFromDrawable): No need for .get().
        * platform/graphics/mac/WebGLLayer.h: Set the context reference on WebGLLayer
        to be null.
        * platform/graphics/mac/WebGLLayer.mm:
        (-[WebGLLayer initWithGraphicsContext3D:]): Rename m_context to _context.
        (-[WebGLLayer copyCGLPixelFormatForDisplayMask:]): Check for null.
        (-[WebGLLayer copyCGLContextForPixelFormat:]): Rename to _context.
        (-[WebGLLayer drawInCGLContext:pixelFormat:forLayerTime:displayTime:]): Check for null.
        (-[WebGLLayer copyImageSnapshotWithColorSpace:]): Ditto.
        (-[WebGLLayer display]): Ditto.

2014-06-20  Simon Fraser  <simon.fraser@apple.com>

        [WK2] Frameset frames are not scrollable after loading (and should be)
        https://bugs.webkit.org/show_bug.cgi?id=134151
        <rdar://problem/17403365>

        Reviewed by Dan Bates.
        
        When loading a <frameset>, we could end up with an empty non-fast-scrollable
        region for the main frame, because after the initial frameset document layout,
        nothing updated the non-fast scrollable region as the subframes added their
        scrollable areas to the the main frame's scrollable area set.
        
        Fix by having addScrollableArea() and removeScrollableArea() trigger an update
        of the non-fast scrollable region.

        Test: platform/mac-wk2/tiled-drawing/scrolling/frames/frameset-frame-scrollability.html

        * page/FrameView.cpp:
        (WebCore::FrameView::addScrollableArea):
        (WebCore::FrameView::removeScrollableArea):
        (WebCore::FrameView::scrollableAreaSetChanged):
        * page/FrameView.h:

2014-06-22  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r170265.
        https://bugs.webkit.org/show_bug.cgi?id=134174

        Broke editing tests (Requested by litherum on #webkit).

        Reverted changeset:

        "Use unsigneds instead of ints for indexes into a string in
        text layout code"
        https://bugs.webkit.org/show_bug.cgi?id=133592
        http://trac.webkit.org/changeset/170265

2014-06-20  Simon Fraser  <simon.fraser@apple.com>

        Have scrollingTreeAsText() dump the non-fast-scrollable region
        https://bugs.webkit.org/show_bug.cgi?id=134149

        Reviewed by Sam Weinig.

        Dump the non-fast-scrollable region (as an array of rects).

        * WebCore.exp.in:
        * page/scrolling/ScrollingStateFrameScrollingNode.cpp:
        (WebCore::ScrollingStateFrameScrollingNode::dumpProperties):

2014-06-20  Myles C. Maxfield  <mmaxfield@apple.com>

        Use unsigneds instead of ints for indexes into a string in text layout code
        https://bugs.webkit.org/show_bug.cgi?id=133592

        Reviewed by Zalan Bujtas.

        Migrate much of the text-handling code to use unsigneds for indexes into a string.

        No new tests because there is no behavior change.

        * WebCore.exp.in:
        * platform/graphics/Font.cpp:
        (WebCore::Font::drawText):
        (WebCore::Font::drawEmphasisMarks):
        (WebCore::Font::adjustSelectionRectForText):
        (WebCore::computeUnderlineType):
        * platform/graphics/Font.h:
        * platform/graphics/FontFastPath.cpp:
        (WebCore::Font::getGlyphsAndAdvancesForSimpleText):
        (WebCore::Font::drawSimpleText):
        (WebCore::Font::drawEmphasisMarksForSimpleText):
        (WebCore::Font::drawGlyphBuffer):
        (WebCore::Font::drawEmphasisMarks):
        (WebCore::Font::adjustSelectionRectForSimpleText):
        * platform/graphics/GlyphBuffer.h:
        (WebCore::GlyphBuffer::size):
        (WebCore::GlyphBuffer::glyphs):
        (WebCore::GlyphBuffer::advances):
        (WebCore::GlyphBuffer::fontDataAt):
        (WebCore::GlyphBuffer::advanceAt):
        (WebCore::GlyphBuffer::offsetAt):
        (WebCore::GlyphBuffer::reverse):
        (WebCore::GlyphBuffer::offsetInString):
        (WebCore::GlyphBuffer::swap):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::TextRunIterator::atEnd):
        * platform/graphics/Latin1TextIterator.h:
        (WebCore::Latin1TextIterator::Latin1TextIterator):
        (WebCore::Latin1TextIterator::currentCharacter):
        * platform/graphics/SimpleFontData.h:
        * platform/graphics/SurrogatePairAwareTextIterator.cpp:
        (WebCore::SurrogatePairAwareTextIterator::SurrogatePairAwareTextIterator):
        * platform/graphics/SurrogatePairAwareTextIterator.h:
        (WebCore::SurrogatePairAwareTextIterator::currentCharacter):
        * platform/graphics/TextRun.h:
        (WebCore::TextRun::length):
        (WebCore::TextRun::charactersLength):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::glyphDataForCharacter):
        (WebCore::applyFontTransforms):
        (WebCore::WidthIterator::advanceInternal):
        (WebCore::WidthIterator::advance):
        (WebCore::WidthIterator::advanceOneCharacter):
        * platform/graphics/WidthIterator.h:
        * platform/graphics/cairo/FontCairo.cpp:
        (WebCore::Font::drawGlyphs):
        * platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        (WebCore::Font::adjustSelectionRectForComplexText):
        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::setNormalizedBuffer):
        * platform/graphics/mac/FontComplexTextMac.cpp:
        (WebCore::Font::adjustSelectionRectForComplexText):
        (WebCore::Font::getGlyphsAndAdvancesForComplexText):
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        * platform/graphics/mac/FontMac.mm:
        (WebCore::Font::drawGlyphs):
        * platform/graphics/win/FontCGWin.cpp:
        (WebCore::Font::drawGlyphs):
        * platform/graphics/win/FontWin.cpp:
        (WebCore::Font::adjustSelectionRectForComplexText):
        (WebCore::Font::getGlyphsAndAdvancesForComplexText):
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        * platform/graphics/wince/FontWinCE.cpp:
        (WebCore::Font::drawGlyphs):
        (WebCore::Font::drawComplexText):
        (WebCore::Font::drawEmphasisMarksForComplexText):
        (WebCore::Font::selectionRectForComplexText):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::isSelected):
        (WebCore::InlineTextBox::selectionState):
        (WebCore::adjustCharactersAndLengthForHyphen):
        (WebCore::InlineTextBox::localSelectionRect):
        (WebCore::InlineTextBox::paint):
        (WebCore::InlineTextBox::selectionStartEnd):
        (WebCore::InlineTextBox::paintSelection):
        (WebCore::InlineTextBox::paintCompositionBackground):
        (WebCore::InlineTextBox::paintDocumentMarker):
        (WebCore::InlineTextBox::paintTextMatchMarker):
        (WebCore::InlineTextBox::computeRectForReplacementMarker):
        (WebCore::InlineTextBox::paintCompositionUnderline):
        (WebCore::InlineTextBox::positionForOffset):
        (WebCore::InlineTextBox::constructTextRun):
        * rendering/InlineTextBox.h:
        * rendering/RenderCombineText.cpp:
        (WebCore::RenderCombineText::getStringToRender):
        * rendering/RenderCombineText.h:
        * rendering/svg/SVGInlineFlowBox.cpp:
        (WebCore::SVGInlineFlowBox::computeTextMatchMarkerRectForRenderer):
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::positionForOffset):
        (WebCore::SVGInlineTextBox::localSelectionRect):
        (WebCore::SVGInlineTextBox::paintSelectionBackground):
        (WebCore::SVGInlineTextBox::mapStartEndPositionsIntoFragmentCoordinates):
        (WebCore::SVGInlineTextBox::paintText):
        * rendering/svg/SVGInlineTextBox.h:
        * rendering/svg/SVGTextMetricsBuilder.cpp:
        (WebCore::SVGTextMetricsBuilder::currentCharacterStartsSurrogatePair):
        (WebCore::SVGTextMetricsBuilder::advance):
        * rendering/svg/SVGTextQuery.cpp:
        (WebCore::SVGTextQuery::mapStartEndPositionsIntoFragmentCoordinates):
        (WebCore::SVGTextQuery::modifyStartEndPositionsRespectingLigatures):
        (WebCore::SVGTextQuery::subStringLengthCallback):
        (WebCore::SVGTextQuery::startPositionOfCharacterCallback):
        (WebCore::SVGTextQuery::endPositionOfCharacterCallback):
        (WebCore::SVGTextQuery::rotationOfCharacterCallback):
        (WebCore::SVGTextQuery::extentOfCharacterCallback):
        (WebCore::SVGTextQuery::characterNumberAtPositionCallback):
        * rendering/svg/SVGTextQuery.h:
        * rendering/svg/SVGTextRunRenderingContext.cpp:
        (WebCore::SVGGlyphToPathTranslator::SVGGlyphToPathTranslator):
        (WebCore::SVGTextRunRenderingContext::glyphDataForCharacter):
        * rendering/svg/SVGTextRunRenderingContext.h:
        * svg/SVGFontData.cpp:
        (WebCore::SVGFontData::applySVGGlyphSelection):
        * svg/SVGFontData.h:

2014-06-21  Zan Dobersek  <zdobersek@igalia.com>

        createCairoGLSurface should take in a FloatSize reference as its first parameter
        https://bugs.webkit.org/show_bug.cgi?id=134159

        Reviewed by Martin Robinson.

        The ImageBuffer constructor operates with a FloatSize reference, which is also
        passed to createCairoGLSurface when accelerated 2D canvas support is enabled.
        That function should take in a reference to the same type.

        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::createCairoGLSurface):

2014-06-21  Dean Jackson  <dino@apple.com>

        [Mac] Margins for new form controls need tweaking
        https://bugs.webkit.org/show_bug.cgi?id=134135
        <rdar://problem/17262164>

        Reviewed by Sam Weinig.

        Take 2 of this patch. Only the mac-mountainlion LayoutTest
        results are different from the first attempt.

        With the newer animated controls in OS X Yosemite, we need
        to tweak the fudge-factor margins for positioning. In a recent
        patch I added another fudge, which I'm removing with this. I'm
        not sure where the older values came from, but I've checked with
        the latest AppKit sources and am using the sizes they implement
        for the controls.

        This will rebaseline a lot of tests, since I've made small tweaks
        to the form layout.

        * platform/mac/ThemeMac.mm:
        (WebCore::checkboxMargins): New margin amounts.
        (WebCore::radioSizes): New sizes.
        (WebCore::radioMargins): New margin amounts.
        (WebCore::paintToggleButton): No need to call the positioning fudge any more.
        (WebCore::checkboxOffsets): Deleted.
        (WebCore::radioOffsets): Deleted.

2014-06-20  Sam Weinig  <sam@webkit.org>

        Remove static tables for bindings that use eager reification
        https://bugs.webkit.org/show_bug.cgi?id=134126

        Reviewed by Oliver Hunt.

        This shaves about 1MB off of WebCore's .o files.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GenerateImplementation):
        (GenerateConstructorHelperMethods):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.h:
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        * bindings/scripts/test/JS/JSTestEventTarget.h:
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestException.h:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestInterface.h:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        * bindings/scripts/test/JS/JSTestNamedConstructor.h:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestNode.h:
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        * bindings/scripts/test/JS/JSTestNondeterministic.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.h:
        * bindings/scripts/test/JS/JSattribute.cpp:
        * bindings/scripts/test/JS/JSattribute.h:
        * bindings/scripts/test/JS/JSreadonly.cpp:
        * bindings/scripts/test/JS/JSreadonly.h:

2014-06-21  Brady Eidson  <beidson@apple.com>

        Gamepad API - Deprecate the existing implementation
        https://bugs.webkit.org/show_bug.cgi?id=134108

        Reviewed by Timothy Hatcher.

        -Add new "GAMEPAD_DEPRECATED" build flag, moving the existing implementation to use it
        -Move some implementation files into a "deprecated" subdirectory.

        * CMakeLists.txt:
        * Configurations/FeatureDefines.xcconfig:
        * PlatformGTK.cmake:

        * Modules/gamepad/deprecated/Gamepad.cpp: Renamed from Source/WebCore/Modules/gamepad/Gamepad.cpp.
        * Modules/gamepad/deprecated/Gamepad.h: Renamed from Source/WebCore/Modules/gamepad/Gamepad.h.
        * Modules/gamepad/deprecated/Gamepad.idl: Renamed from Source/WebCore/Modules/gamepad/Gamepad.idl.
        * Modules/gamepad/deprecated/GamepadList.cpp: Renamed from Source/WebCore/Modules/gamepad/GamepadList.cpp.
        * Modules/gamepad/deprecated/GamepadList.h: Renamed from Source/WebCore/Modules/gamepad/GamepadList.h.
        * Modules/gamepad/deprecated/GamepadList.idl: Renamed from Source/WebCore/Modules/gamepad/GamepadList.idl.
        * Modules/gamepad/deprecated/NavigatorGamepad.cpp: Renamed from Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp.
        * Modules/gamepad/deprecated/NavigatorGamepad.h: Renamed from Source/WebCore/Modules/gamepad/NavigatorGamepad.h.
        * Modules/gamepad/deprecated/NavigatorGamepad.idl: Renamed from Source/WebCore/Modules/gamepad/NavigatorGamepad.idl.

        * platform/Gamepads.h:
        * platform/efl/GamepadsEfl.cpp:
        * platform/gtk/GamepadsGtk.cpp:
        * platform/linux/GamepadDeviceLinux.cpp:
        * platform/linux/GamepadDeviceLinux.h:

2014-06-21  Myles C. Maxfield  <mmaxfield@apple.com>

        Mark TextRun's constructors as explicit
        https://bugs.webkit.org/show_bug.cgi?id=134124

        Reviewed by Sam Weinig.

        After r170072, nobody is implicitly converting a string to a TextRun. Therefore,
        we can make the constructors explicit.

        No new tests because there is no behavior change.

        * platform/graphics/TextRun.h:
        (WebCore::TextRun::TextRun):

2014-06-21  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r170244.
        https://bugs.webkit.org/show_bug.cgi?id=134157

        GTK/EFL bindings generator works differently, making this
        patch not work there.  Will fix entire patch after a rollout.
        (Requested by bradee-oh on #webkit).

        Reverted changeset:

        "Gamepad API - Deprecate the existing implementation"
        https://bugs.webkit.org/show_bug.cgi?id=134108
        http://trac.webkit.org/changeset/170244

2014-06-21  Zan Dobersek  <zdobersek@igalia.com>

        Fix the mismatched header build guards in WebKitDOMNodeFilterPrivate.h
        which are throwing compilation warnings when building with Clang.

        * bindings/gobject/WebKitDOMNodeFilterPrivate.h:

2014-06-21  Brady Eidson  <beidson@apple.com>

        Gamepad API - Deprecate the existing implementation
        https://bugs.webkit.org/show_bug.cgi?id=134108

        Reviewed by Timothy Hatcher.

        -Add new "GAMEPAD_DEPRECATED" build flag, moving the existing implementation to use it
        -Add the "Deprecated" suffix to some implementation files

        * CMakeLists.txt:
        * PlatformGTK.cmake:
        * Configurations/FeatureDefines.xcconfig:
        
        * Modules/gamepad/GamepadDeprecated.cpp: Renamed from Source/WebCore/Modules/gamepad/Gamepad.cpp.
        * Modules/gamepad/GamepadDeprecated.h: Renamed from Source/WebCore/Modules/gamepad/Gamepad.h.
        * Modules/gamepad/GamepadDeprecated.idl: Renamed from Source/WebCore/Modules/gamepad/Gamepad.idl.

        * Modules/gamepad/GamepadList.cpp:
        * Modules/gamepad/GamepadList.h:
        * Modules/gamepad/GamepadList.idl:

        * Modules/gamepad/NavigatorGamepadDeprecated.cpp: Renamed from Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp.
        * Modules/gamepad/NavigatorGamepadDeprecated.h: Renamed from Source/WebCore/Modules/gamepad/NavigatorGamepad.h.
        * Modules/gamepad/NavigatorGamepadDeprecated.idl: Renamed from Source/WebCore/Modules/gamepad/NavigatorGamepad.idl.

        * platform/Gamepads.h:
        * platform/efl/GamepadsEfl.cpp:
        * platform/gtk/GamepadsGtk.cpp:
        * platform/linux/GamepadDeviceLinux.cpp:
        * platform/linux/GamepadDeviceLinux.h:

2014-06-21  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r170228.
        https://bugs.webkit.org/show_bug.cgi?id=134155

        Caused 9 layout test failures on Mountain Lion
        http://build.webkit.org/builders/Apple%20MountainLion%20Release%20WK2%20(Tests)/builds/19216
        (Requested by bradee-oh on #webkit).

        Reverted changeset:

        "[Mac] Margins for new form controls need tweaking"
        https://bugs.webkit.org/show_bug.cgi?id=134135
        http://trac.webkit.org/changeset/170228

2014-06-21  Jer Noble  <jer.noble@apple.com>

        [Mac] Create and attach the AVPlayerLayer to the AVPlayer immediately if the media element is <video>.
        https://bugs.webkit.org/show_bug.cgi?id=134131

        Reviewed by Eric Carlson.

        The AVPlayer uses the presence of an AVPlayerLayer to decide which alternate to display in the case of
        HLS streams with audio-only alternates. To give the AVPlayer the most information with which to make its
        decision, always create and attach an AVPlayerLayer before attaching an AVPlayerItem to the AVPlayerLayer.
        In addition, retrieve the <video> element bounds and create an AVPlayerLayer with a matching size, so that
        the AVPlayer can choose an alternate with the correct dimensions.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::hasLayerRenderer):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoLayer):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::platformLayer):

2014-06-21  Jeremy Jones  <jeremyj@apple.com>

        Implement ios -[WAKWindow convertBaseToScreen:]
        https://bugs.webkit.org/show_bug.cgi?id=134053

        Reviewed by Eric Carlson.

        * platform/ios/wak/WAKWindow.mm:
        (-[WAKWindow convertBaseToScreen:]):
        Traverse layer hierarchy and convert point.

        (-[WAKWindow convertScreenToBase:]):
        Traverse layer hierarchy and convert point.

2014-06-21  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>

        Removing PAGE_VISIBILITY_API compile guard.
        https://bugs.webkit.org/show_bug.cgi?id=133844

        Reviewed by Gavin Barraclough.

        No new tests because no functional changes.

        * Configurations/FeatureDefines.xcconfig:
        * Modules/vibration/NavigatorVibration.cpp:
        (WebCore::NavigatorVibration::vibrate):
        * dom/Document.cpp:
        (WebCore::Document::hidden):
        * dom/Document.h:
        * dom/Document.idl:
        * dom/Element.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::registerWithDocument):
        (WebCore::HTMLMediaElement::unregisterWithDocument):
        (WebCore::HTMLMediaElement::parseAttribute):
        * html/HTMLMediaElement.h:
        * page/Page.cpp:
        (WebCore::Page::setIsVisibleInternal):
        (WebCore::Page::visibilityState):
        (WebCore::Page::hiddenPageCSSAnimationSuspensionStateChanged):
        * page/Page.h:
        * page/PageVisibilityState.cpp:
        * page/PageVisibilityState.h:
        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        (WebCore::Settings::setHiddenPageCSSAnimationSuspensionEnabled):
        * page/Settings.h:
        * platform/audio/MediaSession.cpp:
        (WebCore::MediaSession::updateClientDataBuffering):
        * platform/audio/MediaSession.h:

2014-06-21  Frédéric Wang  <fred.wang@free.fr>

        [GTK][EFL] Use OpenType MATH fonts by default.
        https://bugs.webkit.org/show_bug.cgi?id=133604

        Reviewed by Chris Fleizach.

        In order to support stretching of horizontal operators and large
        operators in display mode as well as to improve the drawing of radicals,
        we need to use an OpenType MATH table. This commit makes the MathML code
        try "Latin Modern Math" first, which is an OpenType version of Knuth's
        popular Computer Modern font and is packaged with most TeX
        distributions (e.g. TeX Live on Linux). This should work well on the
        EFL & GTK ports for which the initial OpenType MATH support has been
        tested. Other ports will be handled later.

        No new tests. This is already tested in LayoutTests/mathml/opentype/.

        * css/mathml.css:
        (math): Add "Latin Modern Math" as the first font-family of the <math> element.

2014-06-20  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Unreviewed EFL build fix since r170224.

        Add retainPlatformLayer() and releasePlatformLayer() in ScrollingStateNodeCoordinatedGraphics.cpp
        as well. Thouse functions were missed in r170224.

        * page/scrolling/ScrollingStateNode.h:
        * page/scrolling/coordinatedgraphics/ScrollingStateNodeCoordinatedGraphics.cpp:
        (WebCore::LayerRepresentation::retainPlatformLayer):
        (WebCore::LayerRepresentation::releasePlatformLayer):

2014-06-20  Dean Jackson  <dino@apple.com>

        [Mac] Margins for new form controls need tweaking
        https://bugs.webkit.org/show_bug.cgi?id=134135
        <rdar://problem/17262164>

        Reviewed by Sam Weinig.

        With the newer animated controls in OS X Yosemite, we need
        to tweak the fudge-factor margins for positioning. In a recent
        patch I added another fudge, which I'm removing with this. I'm
        not sure where the older values came from, but I've checked with
        the latest AppKit sources and am using the sizes they implement
        for the controls.

        This will rebaseline a lot of tests, since I've made small tweaks
        to the form layout.

        * platform/mac/ThemeMac.mm:
        (WebCore::checkboxMargins): New margin amounts.
        (WebCore::radioSizes): New sizes.
        (WebCore::radioMargins): New margin amounts.
        (WebCore::paintToggleButton): No need to call the positioning fudge any more.
        (WebCore::checkboxOffsets): Deleted.
        (WebCore::radioOffsets): Deleted.

2014-06-20  Alex Christensen  <achristensen@webkit.org>

        Fix css jit on armv7.
        https://bugs.webkit.org/show_bug.cgi?id=134143
        <rdar://problem/17348060>

        Reviewed by Benjamin Poulain.

        This fixes the acid3 test.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::addFlagsToElementStyleFromContext):
        Correct high and low bits.

2014-06-20  Beth Dakin  <bdakin@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=134117
        Unreproducible crashes under WebCore::ScrollingTree::updateTreeFromStateNode() 
        from messaging a deleted Obj-C object
        -and corresponding-
        <rdar://problem/17149252>

        Reviewed by Simon Fraser.

        This is a speculative fix. It makes LayerRepresentation retain m_platformLayer.

        * WebCore.exp.in:
        * page/scrolling/ScrollingStateNode.h:
        (WebCore::LayerRepresentation::LayerRepresentation):
        (WebCore::LayerRepresentation::~LayerRepresentation):
        (WebCore::LayerRepresentation::operator=):
        (WebCore::LayerRepresentation::operator==):
        (WebCore::LayerRepresentation::operator ==): Deleted.

        Make this ASSERT an ASSERT_WITH_SECURITY_IMPLICATION
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::updateTreeFromStateNode):

        Moved ScrollingStateNodeMac.mm, which was empty anyway, to cocoa/
        ScrollingStateNode.mm so that iOS can use it too.
        * page/scrolling/cocoa: Added.
        * page/scrolling/cocoa/ScrollingStateNode.mm: Copied from page/scrolling/mac/ScrollingStateNodeMac.mm.

        Actual implementation for retain and release.
        (WebCore::LayerRepresentation::retainPlatformLayer):
        (WebCore::LayerRepresentation::releasePlatformLayer):

        Deleted.
        * page/scrolling/mac/ScrollingStateNodeMac.mm: Removed.

2014-06-19  Zalan Bujtas  <zalan@apple.com>

        Introduce RenderLayer::offsetFromAncestorLayer() to make convertToLayerCoords() calls with
        LayoutPoint(0, 0) as parameter more explicit.
        https://bugs.webkit.org/show_bug.cgi?id=134092

        Reviewed by Simon Fraser.

        Most of the RenderLayer::convertToLayerCoords() callers are only interested in
        the offset from the ancestor layer by passing LayoutPoint(0, 0) as the coordinate to convert.
        Introducing offsetFromAncestorLayer() makes those calls more explicit/self-explanatory.
        It helps simplifying the callsite's code.

        No change in functionality.

        * rendering/RenderGeometryMap.cpp:
        (WebCore::RenderGeometryMap::mapToContainer):
        (WebCore::RenderGeometryMap::pushMappingsToAncestor):
        (WebCore::RenderGeometryMap::push):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::computeOffsetFromRoot):
        (WebCore::RenderLayer::updateLayerPositions):
        (WebCore::expandClipRectForRegionAndReflection):
        (WebCore::expandClipRectForDescendantsAndReflection):
        (WebCore::transparencyClipBox):
        (WebCore::RenderLayer::convertToPixelSnappedLayerCoords):
        (WebCore::accumulateOffsetTowardsAncestor):
        (WebCore::RenderLayer::convertToLayerCoords):
        (WebCore::RenderLayer::offsetFromAncestorLayer):
        (WebCore::RenderLayer::clipToRect):
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::paintLayerByApplyingTransform):
        (WebCore::RenderLayer::collectFragments):
        (WebCore::RenderLayer::paintTransformedLayerIntoFragments):
        (WebCore::RenderLayer::createLocalTransformState):
        (WebCore::RenderLayer::hitTestTransformedLayerInFragments):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayer.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateCompositedBounds):
        (WebCore::RenderLayerBacking::updateGeometry):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::repaintInCompositedAncestor):

2014-06-20  Myles C. Maxfield  <mmaxfield@apple.com>

        Removing dead code in platform/graphics/gpu
        https://bugs.webkit.org/show_bug.cgi?id=134065

        Reviewed by Simon Fraser.

        No new tests because there is no behavior change.

        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/gpu/LoopBlinnClassifier.cpp: Removed.
        * platform/graphics/gpu/LoopBlinnClassifier.h: Removed.
        * platform/graphics/gpu/LoopBlinnConstants.h: Removed.
        * platform/graphics/gpu/LoopBlinnLocalTriangulator.cpp: Removed.
        * platform/graphics/gpu/LoopBlinnLocalTriangulator.h: Removed.
        * platform/graphics/gpu/LoopBlinnMathUtils.cpp: Removed.
        * platform/graphics/gpu/LoopBlinnMathUtils.h: Removed.
        * platform/graphics/gpu/LoopBlinnPathCache.cpp: Removed.
        * platform/graphics/gpu/LoopBlinnPathCache.h: Removed.
        * platform/graphics/gpu/LoopBlinnPathProcessor.h: Removed.
        * platform/graphics/gpu/LoopBlinnShader.cpp: Removed.
        * platform/graphics/gpu/LoopBlinnShader.h: Removed.
        * platform/graphics/gpu/LoopBlinnSolidFillShader.cpp: Removed.
        * platform/graphics/gpu/LoopBlinnSolidFillShader.h: Removed.
        * platform/graphics/gpu/LoopBlinnTextureCoords.cpp: Removed.
        * platform/graphics/gpu/LoopBlinnTextureCoords.h: Removed.
        * platform/graphics/gpu/Shader.cpp: Removed.
        * platform/graphics/gpu/Shader.h: Removed.
        * platform/graphics/gpu/SharedGraphicsContext3D.cpp: Removed.
        * platform/graphics/gpu/SharedGraphicsContext3D.h: Removed.
        * platform/graphics/gpu/mac/DrawingBufferMac.mm: Removed.
        * platform/graphics/gpu/opencl/FilterContextOpenCL.cpp: Removed.
        * platform/graphics/gpu/opencl/FilterContextOpenCL.h: Removed.
        * platform/graphics/gpu/opencl/OpenCLFEColorMatrix.cpp: Removed.
        * platform/graphics/gpu/opencl/OpenCLFEFlood.cpp: Removed.
        * platform/graphics/gpu/opencl/OpenCLFEImage.cpp: Removed.
        * platform/graphics/gpu/opencl/OpenCLFEMerge.cpp: Removed.
        * platform/graphics/gpu/opencl/OpenCLFESourceAlpha.cpp: Removed.
        * platform/graphics/gpu/opencl/OpenCLFESourceGraphic.cpp: Removed.
        * platform/graphics/gpu/opencl/OpenCLFETurbulence.cpp: Removed.
        * platform/graphics/gpu/opencl/OpenCLHandle.h: Removed.

2014-06-20  Myles C. Maxfield  <mmaxfield@apple.com>

        [iOS] Support Khmer and Lao fallback fonts
        https://bugs.webkit.org/show_bug.cgi?id=134114

        Reviewed by Enrica Casucci.

        iOS has fonts which have glyphs for the Khmer and Lao languages.

        This patch also does a little refactoring of the language-specific fallback
        font path to increase readability.

        Test: fast/text/khmer-lao-font.html

        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::languageSpecificFallbackFont):
        (WebCore::FontCache::systemFallbackForCharacters):

2014-06-20  Anders Carlsson  <andersca@apple.com>

        Give NPAPI post requests a default content type
        https://bugs.webkit.org/show_bug.cgi?id=134120

        Reviewed by Andreas Kling.

        * WebCore.exp.in:

2014-06-20  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (r169972): fix issue when removing masks from compositing layers
        https://bugs.webkit.org/show_bug.cgi?id=134118
        <rdar://problem/17366654>

        Reviewed by Dean Jackson.
        
        After r169972 when removing the mask, we could destroy the mask
        layer before the call into m_graphicsLayer->setMaskLayer(), which would
        try to call functions on the old mask. Fix by clearing the mask layer
        on the GraphicsLayer before the mask layer gets destroyed.

        Test: compositing/masks/toggle-mask.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateConfiguration):
        (WebCore::RenderLayerBacking::updateMaskLayer):
        * rendering/RenderLayerBacking.h:

2014-06-20  Andreas Kling  <akling@apple.com>

        [Cocoa] Release freed up blocks from the JS heap after simulated memory pressure.
        <https://webkit.org/b/134112>

        Reviewed by Mark Hahnenberg.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::install):

2014-06-20  Zalan Bujtas  <zalan@apple.com>

        Remove redundant RenderLayer::computeOffsetFromRoot() function.
        https://bugs.webkit.org/show_bug.cgi?id=134088

        Reviewed by Benjamin Poulain.

        No change in functionality.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):
        (WebCore::RenderLayer::computeOffsetFromRoot): Deleted.
        * rendering/RenderLayer.h:

2014-06-19  Simon Fraser  <simon.fraser@apple.com>

        [iOS WebKit2] Make -webkit-overflow-scrolling:touch work in iframes (breaks MSWord previews)
        https://bugs.webkit.org/show_bug.cgi?id=134085
        <rdar://problem/16440586>

        Reviewed by Tim Horton.
        
        When nodes were detached from the scrolling tree, we would previously throw away
        all descendant nodes, expecting that they would be re-attached as we walk the compositing
        layer tree in RenderLayerCompositor.
        
        However, this doesn't work across frame boundaries; the subframe may never update
        its compositing layers again, so would lose all its scrolling nodes.
        
        Fix by having ScrollingStateTree::detachNode() by default set aside subframe nodes
        into a hash map. On reattach, we'll look in the hash map and pull out an existing node
        (with its children intact) if possible.

        Tests: platform/mac-wk2/tiled-drawing/scrolling/frames/coordinated-frame-gain-scrolling-ancestor.html
               platform/mac-wk2/tiled-drawing/scrolling/frames/coordinated-frame-lose-scrolling-ancestor.html
               platform/mac-wk2/tiled-drawing/scrolling/frames/remove-coordinated-frame.html

        * page/scrolling/ScrollingStateNode.cpp:
        (WebCore::ScrollingStateNode::ScrollingStateNode):
        * page/scrolling/ScrollingStateTree.cpp:
        (WebCore::ScrollingStateTree::attachNode):
        (WebCore::ScrollingStateTree::detachNode):
        (WebCore::ScrollingStateTree::clear):
        (WebCore::ScrollingStateTree::removeNodeAndAllDescendants):
        (WebCore::ScrollingStateTree::recursiveNodeWillBeRemoved):
        * page/scrolling/ScrollingStateTree.h:
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::commitNewTreeState): Go back to removing the deleted
        nodes from m_nodeMap first.
        (WebCore::ScrollingTree::removeDestroyedNodes): There is no need for this to
        actually make use of ScrollingTreeNode* any more; the ASSERT(!node->parent())
        is bogus because it can fire when whole subtrees are removed, and to clear the
        latched node we just need the ID.

2014-06-19  Simon Fraser  <simon.fraser@apple.com>

        Handle scrolling tree modifications which remove intermediate nodes
        https://bugs.webkit.org/show_bug.cgi?id=134082

        Reviewed by Tim Horton.

        When updating the scrolling tree from the state tree, we failed to maintain
        the children arrays correctly. Fix by removing all children on scrolling nodes,
        and allowing the calls on children to add them back. A temporary hash map
        keeps the nodes alive.
        
        The state tree's m_nodesRemovedSinceLastCommit was also made into a HashSet,
        to make it easier to handle removal followed by re-insertion.

        * WebCore.exp.in:
        * page/scrolling/ScrollingStateTree.cpp:
        (WebCore::ScrollingStateTree::attachNode): If a node is (possibly re-)added,
        remove it from m_nodesRemovedSinceLastCommit.remove.
        (WebCore::ScrollingStateTree::willRemoveNode):
        (WebCore::ScrollingStateTree::setRemovedNodes):
        * page/scrolling/ScrollingStateTree.h:
        (WebCore::ScrollingStateTree::removedNodes):
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::commitNewTreeState):
        (WebCore::ScrollingTree::updateTreeFromStateNode): Clean up to have only one call
        to updateBeforeChildren(), and remove all children from the scrolling node
        before visiting state children.
        (WebCore::ScrollingTree::removeDestroyedNodes): It was very wrong to assume
        that all non-root nodes were parented in the root! Now we don't need to
        remove from the parent anyway.
        * page/scrolling/ScrollingTree.h:
        * page/scrolling/ScrollingTreeNode.h:
        (WebCore::ScrollingTreeNode::children):

2014-06-19  Simon Fraser  <simon.fraser@apple.com>

        Make ScrollingTreeNodes refounted, for easier tree reconfiguration
        https://bugs.webkit.org/show_bug.cgi?id=134075

        Reviewed by Tim Horton.

        Make ScrollingTreeNode be ref-counted.

        * page/scrolling/AsyncScrollingCoordinator.h:
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::handleWheelEvent):
        (WebCore::ScrollingTree::updateTreeFromStateNode):
        * page/scrolling/ScrollingTree.h:
        (WebCore::ScrollingTree::rootNode):
        * page/scrolling/ScrollingTreeNode.cpp:
        (WebCore::ScrollingTreeNode::appendChild):
        * page/scrolling/ScrollingTreeNode.h:
        * page/scrolling/ThreadedScrollingTree.cpp:
        (WebCore::ThreadedScrollingTree::createNode):
        * page/scrolling/ThreadedScrollingTree.h:
        * page/scrolling/ios/ScrollingCoordinatorIOS.h:
        * page/scrolling/ios/ScrollingCoordinatorIOS.mm:
        (WebCore::ScrollingCoordinatorIOS::createScrollingTreeNode):
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.h:
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::create):
        * page/scrolling/ios/ScrollingTreeIOS.cpp:
        (WebCore::ScrollingTreeIOS::createNode):
        * page/scrolling/ios/ScrollingTreeIOS.h:
        * page/scrolling/mac/ScrollingCoordinatorMac.h:
        * page/scrolling/mac/ScrollingCoordinatorMac.mm:
        (WebCore::ScrollingCoordinatorMac::createScrollingTreeNode):
        * page/scrolling/mac/ScrollingTreeFixedNode.h:
        * page/scrolling/mac/ScrollingTreeFixedNode.mm:
        (WebCore::ScrollingTreeFixedNode::create):
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::create):
        * page/scrolling/mac/ScrollingTreeStickyNode.h:
        * page/scrolling/mac/ScrollingTreeStickyNode.mm:
        (WebCore::ScrollingTreeStickyNode::create):

2014-06-20  Enrica Casucci  <enrica@apple.com>

        iOS build fix after http://trac.webkit.org/changeset/170167.

        Reviewed by Geoff Garen.

        * bindings/js/JSDeviceMotionEventCustom.cpp:
        * bindings/js/JSDeviceOrientationEventCustom.cpp:

2014-06-19  Pratik Solanki  <psolanki@apple.com>

        Enable synchronous willSendRequest on iOS
        https://bugs.webkit.org/show_bug.cgi?id=134081
        <rdar://problem/17350927>

        Reviewed by Andreas Kling.

        We lost the call to make willSendrequest callbacks be synchronous if possible during code
        refactoring. The call is present in ResourceHandleMac.mm but that code is not called when
        we use the CFNetwork based loader. Call the SPI in setupRequest().

        No new tests because existing tests should cover this functionality.

        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::setupRequest):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):

2014-06-20  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Do not build quota files when QUOTA is disabled
        https://bugs.webkit.org/show_bug.cgi?id=134101

        Reviewed by Philippe Normand.

        * CMakeLists.txt: Remove exception for GTK+ that is no longer
        required since r170173.
        * PlatformGTK.cmake: Generate GObject DOM bindings for Quota when enabled.

2014-06-20  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Grid Layout] Add GridSpan::iterator
        https://bugs.webkit.org/show_bug.cgi?id=134058

        Reviewed by Bem Jones-Bey.

        Once that GridResolvedPosition has been introduced in r169934, this
        patch adds a GridSpan::iterator which allows to simplify the loops over
        GridResolvedPositions.
        From now on we could use range-based for loops.

        No new tests as it is already covered by current tests
        (fast/css-grid-layout/).

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::computeNormalizedFractionBreadth): Change loop to
        ranged-based for.
        (WebCore::RenderGrid::insertItemIntoGrid): Ditto.
        (WebCore::RenderGrid::gridAreaBreadthForChild): Ditto.
        * rendering/style/GridCoordinate.h: Define GridSpan::iterator.
        (WebCore::GridSpan::begin): Return resolved initial position.
        (WebCore::GridSpan::end): Return next to resolved final position.
        * rendering/style/GridResolvedPosition.h:
        (WebCore::GridResolvedPosition::operator*): Add operator required by
        range-based for loops.
        (WebCore::GridResolvedPosition::operator!=): Add not equal operator.

2014-06-20  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix GTK+ debug build after r170174.

        * bindings/gobject/WebKitDOMNodeFilter.cpp:
        (WebKit::nodeFilterObjectDestroyedCallback):

2014-06-20  Tim Horton  <timothy_horton@apple.com>

        LayerPool’d PlatformCALayerRemote/RemoteLayerBackingStore can have stale context pointers
        https://bugs.webkit.org/show_bug.cgi?id=134050
        <rdar://problem/17315114>

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::platformReleaseMemory):
        Drain all LayerPools upon memory pressure.

        * platform/graphics/ca/LayerPool.cpp:
        (WebCore::LayerPool::LayerPool):
        (WebCore::LayerPool::~LayerPool):
        (WebCore::LayerPool::allLayerPools):
        (WebCore::LayerPool::sharedPool): Deleted.
        * platform/graphics/ca/LayerPool.h:
        * platform/graphics/ca/PlatformCALayer.cpp:
        (WebCore::PlatformCALayer::createCompatibleLayerWithSize):
        Add createCompatibleLayerWithSize, which optionally tries to take said layer from the LayerPool.

        (WebCore::PlatformCALayer::moveToLayerPool):
        Add moveToLayerPool, which moves the layer to the LayerPool.

        (WebCore::PlatformCALayer::layerPool):
        The LayerPool for each layer is obtained via PlatformCALayer::layerPool(), which subclasses can override for special behaviors.
        The base class uses a global LayerPool.

        * platform/graphics/ca/PlatformCALayer.h:
        * platform/graphics/ca/TileController.cpp:
        (WebCore::TileController::createTileLayer):
        * platform/graphics/ca/TileGrid.cpp:
        (WebCore::TileGrid::removeTiles):

2014-06-19  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] webkit_dom_document_create_tree_walker impossible to use due to WebKitDOMNodeFilter
        https://bugs.webkit.org/show_bug.cgi?id=93002

        Reviewed by Gustavo Noronha Silva.

        Add custom implementation of WebKitDOMNodeFilter to expose it as
        an interface instead of a class.

        * PlatformGTK.cmake: Add new files to compilation.
        * bindings/gobject/GObjectNodeFilterCondition.cpp: Added.
        (WebCore::GObjectNodeFilterCondition::~GObjectNodeFilterCondition):
        Reset the NodeFilter WebCore object associated to the
        WebKitDOMNodeFilter object.
        (WebCore::GObjectNodeFilterCondition::acceptNode): Call webkit_dom_node_filter_accept_node().
        * bindings/gobject/GObjectNodeFilterCondition.h: Added.
        (WebCore::GObjectNodeFilterCondition::create): Create a new
        GObjectNodeFilterCondition for the given WebKitDOMNodeFilter.
        (WebCore::GObjectNodeFilterCondition::GObjectNodeFilterCondition):
        * bindings/gobject/WebKitDOMNodeFilter.cpp: Added.
        (webkit_dom_node_filter_default_init):
        (webkit_dom_node_filter_accept_node):
        (WebKit::nodeFilterMap): Map NodeFilter WebCore objects to
        WebKitDOMNodeFilter objects.
        (WebKit::nodeFilterObjectDestroyedCallback): Remove the node
        filter form the map when the WebKitDOMNodeFilter objecrt is destroyed.
        (WebKit::kit): Return the WebKitDOMNodeFilter object for the given
        NodeFilter WebCore object.
        (WebKit::core): Get or create a NodeFilter WebCore object
        associated to the given WebKitDOMNodeFilter.
        * bindings/gobject/WebKitDOMNodeFilter.h: Added.
        * bindings/gobject/WebKitDOMNodeFilter.symbols: Added.
        * bindings/gobject/WebKitDOMNodeFilterPrivate.h: Added.
        * bindings/scripts/CodeGeneratorGObject.pm:
        (GenerateFunction): Add exceptions for NodeFilter parameters since
        the core method returns a PassRefPtr.

2014-06-19  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Limit the amount of API exposed to GObject DOM bindings API
        https://bugs.webkit.org/show_bug.cgi?id=133726

        Reviewed by Gustavo Noronha Silva.

        Split the GObject DOM bindings API into stable and unstable. The
        unstable API is not included in the main webkitdom.h file, so that
        to use it users have to include the headers individually and
        define a macro WEBKIT_DOM_USE_UNSTABLE_API. For unstable methods
        of stable classes we generate a {ClassName}Unstable.h header file
        containing the unstable API. From now on we only keep backwards
        compatibility for the stable API.

        * PlatformGTK.cmake: Split GObject DOM bindings related variables
        into Stable and Unstable. Add also
        * bindings/gobject/WebKitDOMCustom.cpp:
        (webkit_dom_html_media_element_set_current_time): Deleted.
        (webkit_dom_text_track_get_kind): Deleted.
        (webkit_dom_text_track_get_mode): Deleted.
        (webkit_dom_text_track_set_mode): Deleted.
        * bindings/gobject/WebKitDOMCustom.h:
        * bindings/gobject/WebKitDOMCustom.symbols: Remove custom symbols
        added due to API changes.
        * bindings/gobject/WebKitDOMPrivate.h: Include webkitdomdefines-unstable.h.
        * bindings/gobject/webkitdom.symbols: Remove all unstable symbols.
        * bindings/scripts/CodeGeneratorGObject.pm:
        (SkipFunction): Do not skip webkit_dom_html_media_element_set_current_time anymore.
        (GenerateHeader): Only force single header include for stable
        headers and add WEBKIT_DOM_USE_UNSTABLE_API #ifdef to unstable headers.
        (GenerateFunction): Only add stable symbols to the symbols
        array. Add function prototypes to main header or unstable header
        depending on whether it's an unstable symbol for a stable class or
        not. Also add Stability gtk-doc tag to unstable methods.
        (GenerateEndHeader): Add required #endifs
        (WriteData): Write also an Unstable.h header when appropriate and
        only generate a symbols file for stable classes.
        (ReadStableSymbols): Read the stable symbols for the current class.
        (GenerateInterface): Call ReadStableSymbols.
        * bindings/scripts/gobject-generate-headers.pl: Generate webkitdomdefines-unstable.h.
        * bindings/scripts/test/GObject/WebKitDOMTestActiveDOMObject.h:
        * bindings/scripts/test/GObject/WebKitDOMTestCallback.h:
        * bindings/scripts/test/GObject/WebKitDOMTestCustomNamedGetter.h:
        * bindings/scripts/test/GObject/WebKitDOMTestEventConstructor.h:
        * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.h:
        * bindings/scripts/test/GObject/WebKitDOMTestException.h:
        * bindings/scripts/test/GObject/WebKitDOMTestGenerateIsReachable.h:
        * bindings/scripts/test/GObject/WebKitDOMTestInterface.h:
        * bindings/scripts/test/GObject/WebKitDOMTestMediaQueryListListener.h:
        * bindings/scripts/test/GObject/WebKitDOMTestNamedConstructor.h:
        * bindings/scripts/test/GObject/WebKitDOMTestNode.h:
        * bindings/scripts/test/GObject/WebKitDOMTestNondeterministic.h:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        * bindings/scripts/test/GObject/WebKitDOMTestOverloadedConstructors.h:
        * bindings/scripts/test/GObject/WebKitDOMTestSerializedScriptValueInterface.h:
        * bindings/scripts/test/GObject/WebKitDOMTestTypedefs.h:
        * bindings/scripts/test/GObject/WebKitDOMattribute.h:
        * bindings/scripts/test/GObject/WebKitDOMreadonly.h:

2014-06-19  Andreas Kling  <akling@apple.com>

        When simulating memory pressure, GC *after* releasing WebCore resources.

        Since clearing the page cache is likely to create lots of garbage, defer the
        synchronous GC until after the WebCore pressure relief, so we can see the
        effect of clearing out all those pages.

        Rubber-stamped by Gavin Barraclough.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::install):

2014-06-18  Sam Weinig  <sam@webkit.org>

        Move generate prototype and constructor classes into the generated implementation files
        https://bugs.webkit.org/show_bug.cgi?id=134054

        Reviewed by Oliver Hunt.

        In an effort to reduce the size of the generated bindings headers, which is important
        as the generated headers get included in a lot of places, this patch moves the prototype
        and constructor declarations from the header to implementation file. This works because,
        for the most part, no code cares about the prototype or constructors except the instance.

        There are a few exceptions which had to be accounted for:
        - The global objects (JSDOMWindow and JSWorkerGlobalScope) need to have their prototypes
          available during initialization, so they remain in the header.
        - JSLocation requires customizing some aspects of the prototype behavior, so its prototype,
          and any future class that uses JSCustomNamedGetterOnPrototype or JSCustomDefineOwnPropertyOnPrototype,
          remains in the header.
        - A few classes had custom constructor functions. Instead of keeping the entire constructor
          in the header, I opted for pulling just the static constructor function into the header, and
          modifying the custom constructors to use the DOMConstructorObject type as the callee, since the
          more specific type was unnecessary.

        As a result of making these changes, I was also able to remove the #include of JSDOMBinding.h from
        all the headers, which brought in quite a bit.

        * bindings/js/JSAudioContextCustom.cpp:
        (WebCore::constructJSAudioContext):
        (WebCore::JSAudioContextConstructor::constructJSAudioContext): Deleted.
        * bindings/js/JSBlobCustom.cpp:
        (WebCore::constructJSBlob):
        (WebCore::JSBlobConstructor::constructJSBlob): Deleted.
        * bindings/js/JSCryptoCustom.cpp:
        * bindings/js/JSDOMFormDataCustom.cpp:
        (WebCore::constructJSDOMFormData):
        (WebCore::JSDOMFormDataConstructor::constructJSDOMFormData): Deleted.
        * bindings/js/JSDOMMimeTypeArrayCustom.cpp:
        * bindings/js/JSDOMPluginArrayCustom.cpp:
        * bindings/js/JSDOMPluginCustom.cpp:
        * bindings/js/JSDataCueCustom.cpp:
        (WebCore::constructJSDataCue):
        (WebCore::JSDataCueConstructor::constructJSDataCue): Deleted.
        * bindings/js/JSDataTransferCustom.cpp:
        * bindings/js/JSEventCustom.cpp:
        * bindings/js/JSFileReaderCustom.cpp:
        * bindings/js/JSHistoryCustom.cpp:
        * bindings/js/JSIDBAnyCustom.cpp:
        * bindings/js/JSIDBDatabaseCustom.cpp:
        * bindings/js/JSIDBObjectStoreCustom.cpp:
        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::finishCreation):
        * bindings/js/JSImageDataCustom.cpp:
        * bindings/js/JSInspectorFrontendHostCustom.cpp:
        * bindings/js/JSLocationCustom.cpp:
        * bindings/js/JSMessagePortCustom.cpp:
        * bindings/js/JSMutationObserverCustom.cpp:
        (WebCore::constructJSMutationObserver):
        (WebCore::JSMutationObserverConstructor::constructJSMutationObserver): Deleted.
        * bindings/js/JSSQLResultSetRowListCustom.cpp:
        * bindings/js/JSSQLTransactionSyncCustom.cpp:
        * bindings/js/JSSVGLengthCustom.cpp:
        * bindings/js/JSSharedWorkerCustom.cpp:
        (WebCore::constructJSSharedWorker):
        (WebCore::JSSharedWorkerConstructor::constructJSSharedWorker): Deleted.
        * bindings/js/JSStorageCustom.cpp:
        * bindings/js/JSUserMessageHandlersNamespaceCustom.cpp:
        * bindings/js/JSWebKitPointCustom.cpp:
        (WebCore::constructJSWebKitPoint):
        (WebCore::JSWebKitPointConstructor::constructJSWebKitPoint): Deleted.
        * bindings/js/JSWorkerCustom.cpp:
        (WebCore::constructJSWorker):
        (WebCore::JSWorkerConstructor::constructJSWorker): Deleted.
        * bindings/js/SerializedScriptValue.cpp:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GenerateImplementation):
        (GeneratePrototypeDeclaration):
        (GenerateConstructorDeclaration):
        (GenerateConstructorHelperMethods):
        (HeaderNeedsPrototypeDeclaration):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.h:
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        * bindings/scripts/test/JS/JSTestEventTarget.h:
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestException.h:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestInterface.h:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        * bindings/scripts/test/JS/JSTestNamedConstructor.h:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestNode.h:
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        * bindings/scripts/test/JS/JSTestNondeterministic.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.h:
        * bindings/scripts/test/JS/JSattribute.cpp:
        * bindings/scripts/test/JS/JSattribute.h:
        * bindings/scripts/test/JS/JSreadonly.cpp:
        * bindings/scripts/test/JS/JSreadonly.h:


2014-06-19  peavo@outlook.com  <peavo@outlook.com>

        [Curl] Compile errors related to http header field names.
        https://bugs.webkit.org/show_bug.cgi?id=134029

        Reviewed by Brent Fulgham.

        Http header field names should now be specified with an enum, not a string.

        * platform/network/curl/MultipartHandle.cpp:
        (WebCore::MultipartHandle::didReceiveResponse):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::getProtectionSpace):

2014-06-19  Anders Carlsson  <andersca@apple.com>

        Put the divider in the right place.

        * DerivedSources.make:

2014-06-19  Anders Carlsson  <andersca@apple.com>

        Address a review comment from Darin.

        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::willLoadXHR):

2014-06-19  Anders Carlsson  <andersca@apple.com>

        Simplify two HistoryController member functions
        https://bugs.webkit.org/show_bug.cgi?id=134064

        Reviewed by Dan Bernstein.

        Remove the FrameLoadType parameter from recursiveSetProvisionalItem,
        use early returns and modern loops.

        * loader/HistoryController.cpp:
        (WebCore::HistoryController::goToItem):
        (WebCore::HistoryController::recursiveSetProvisionalItem):
        (WebCore::HistoryController::recursiveGoToItem):
        * loader/HistoryController.h:

2014-06-19  David Kilzer  <ddkilzer@apple.com>

        MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL() leaks an NSMutableArray
        <http://webkit.org/b/134052>

        Reviewed by Eric Carlson.

        Fixes the following static analyzer warning:

            WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:688:43: warning: Potential leak of an object stored into 'outOfBandTracks'
                    NSMutableArray* outOfBandTracks = [[NSMutableArray alloc] init];
                                                      ^

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
        Use RetainPtr<NSMutableArray> to prevent a leak.  Use
        Objective-C literals to clean up the code.

2014-06-18  Zan Dobersek  <zdobersek@igalia.com>

        ScriptExecutionContext::Task, FileThread::Task parameters should be values
        https://bugs.webkit.org/show_bug.cgi?id=134035

        Reviewed by Anders Carlsson.

        r170106 and similar previous changesets enforced ScriptExecutionContext::Task and
        FileThread::Task parameters as rvalue references. There's technically nothing wrong
        with that, but since both classes are move-only it is also not strictly required.
        Accepting these parameters as values is more common in C++ value semantics as well.

        * dom/Document.cpp:
        (WebCore::Document::postTask):
        * dom/Document.h:
        * dom/ScriptExecutionContext.h:
        * fileapi/FileThread.cpp:
        (WebCore::FileThread::postTask):
        * fileapi/FileThread.h:
        * workers/DefaultSharedWorkerRepository.cpp:
        (WebCore::SharedWorkerProxy::postTaskToLoader):
        (WebCore::SharedWorkerProxy::postTaskForModeToWorkerGlobalScope):
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::postTask):
        * workers/WorkerGlobalScope.h:
        * workers/WorkerLoaderProxy.h:
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::postTaskToLoader):
        (WebCore::WorkerMessagingProxy::postTaskForModeToWorkerGlobalScope):
        * workers/WorkerMessagingProxy.h:
        * workers/WorkerRunLoop.cpp:
        (WebCore::WorkerRunLoop::postTask):
        (WebCore::WorkerRunLoop::postTaskAndTerminate):
        (WebCore::WorkerRunLoop::postTaskForMode):
        (WebCore::WorkerRunLoop::Task::create):
        (WebCore::WorkerRunLoop::Task::Task):
        * workers/WorkerRunLoop.h:

2014-06-18  James Craig  <jcraig@apple.com>

        Web Inspector: AXI: expose aria-relevant
        https://bugs.webkit.org/show_bug.cgi?id=130913

        Reviewed by Joseph Pecoraro.

        Expose ARIA live region relevance in Web Inspector.
        E.g. "Live: Assertive (Additions, Text)"

        Test: inspector-protocol/dom/getAccessibilityPropertiesForNode_liveRegion.html

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties): Support for liveRegionRelevant.
        * inspector/protocol/DOM.json: Defined enum values and array passed to client.

2014-06-18  Simon Fraser  <simon.fraser@apple.com>

        Add rebeccapurple to CSS named color list
        https://bugs.webkit.org/show_bug.cgi?id=133804

        Reviewed by Jer Noble.

        Add the named color "rebeccapurple" (#639).

        * css/SVGCSSValueKeywords.in:
        * platform/ColorData.gperf:

2014-06-11  Jeffrey Pfau  <jpfau@apple.com>

        Fix flaky beforeload tests
        https://bugs.webkit.org/show_bug.cgi?id=133685

        Reviewed by David Kilzer.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadURL):

2014-06-18  Anders Carlsson  <andersca@apple.com>

        Make FrameLoadType a strongly typed enum
        https://bugs.webkit.org/show_bug.cgi?id=134047

        Reviewed by Andreas Kling.

        * history/BackForwardController.cpp:
        (WebCore::BackForwardController::goBackOrForward):
        (WebCore::BackForwardController::goBack):
        (WebCore::BackForwardController::goForward):
        * history/PageCache.cpp:
        (WebCore::logCanCachePageDecision):
        (WebCore::PageCache::canCache):
        * loader/FrameLoader.cpp:
        (WebCore::isBackForwardLoadType):
        (WebCore::FrameLoader::FrameLoader):
        (WebCore::FrameLoader::loadURLIntoChildFrame):
        (WebCore::FrameLoader::prepareForLoadStart):
        (WebCore::FrameLoader::loadFrameRequest):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::load):
        (WebCore::FrameLoader::reloadWithOverrideEncoding):
        (WebCore::FrameLoader::reload):
        (WebCore::FrameLoader::commitProvisionalLoad):
        (WebCore::FrameLoader::transitionToCommitted):
        (WebCore::FrameLoader::isReplacing):
        (WebCore::FrameLoader::setReplacing):
        (WebCore::FrameLoader::subresourceCachePolicy):
        (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
        (WebCore::FrameLoader::addExtraFieldsToRequest):
        (WebCore::FrameLoader::continueFragmentScrollAfterNavigationPolicy):
        (WebCore::FrameLoader::shouldPerformFragmentNavigation):
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
        (WebCore::FrameLoader::loadDifferentDocumentItem):
        * loader/FrameLoaderTypes.h:
        * loader/HistoryController.cpp:
        (WebCore::HistoryController::restoreDocumentState):
        (WebCore::HistoryController::updateForReload):
        (WebCore::HistoryController::isReplaceLoadTypeWithProvisionalItem):
        (WebCore::HistoryController::isReloadTypeWithProvisionalItem):
        * loader/NavigationAction.cpp:
        (WebCore::navigationType):
        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::PolicyChecker):
        (WebCore::PolicyChecker::checkNavigationPolicy):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::cachePolicy):
        * loader/icon/IconController.cpp:
        (WebCore::IconController::startLoader):

2014-06-18  Alex Christensen  <achristensen@webkit.org>

        [curl] Unreviewed speculative build fix after r170021.

        * platform/network/curl/CurlCacheEntry.cpp:
        (WebCore::CurlCacheEntry::setResponseFromCachedHeaders):
        (WebCore::CurlCacheEntry::parseResponseHeaders):
        * platform/network/curl/CurlDownload.cpp:
        (WebCore::CurlDownload::didReceiveHeader):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::getProtectionSpace):
        (WebCore::headerCallback):
        Use HTTPHeaderName constants.

2014-06-18  Simon Fraser  <simon.fraser@apple.com>

        Move the removeNode() tree walking from ScrollingStateNote into ScrollingStateTree
        https://bugs.webkit.org/show_bug.cgi?id=134043

        Reviewed by Beth Dakin.

        It's cleaner if ScrollingStateTree does the descendant walk when removing nodes.
        We can simply start the "willBeRemoved" walk at the node in question.
        
        Have willRemoveNode() just remove the node from the m_stateNodeMap directly, rather
        than this happening in a separate walk of m_nodesRemovedSinceLastCommit.

        * page/scrolling/ScrollingStateNode.cpp:
        (WebCore::ScrollingStateNode::removeDescendant): Deleted.
        (WebCore::ScrollingStateNode::willBeRemovedFromStateTree): Deleted.
        * page/scrolling/ScrollingStateNode.h:
        * page/scrolling/ScrollingStateTree.cpp:
        (WebCore::ScrollingStateTree::attachNode):
        (WebCore::ScrollingStateTree::detachNode):
        (WebCore::ScrollingStateTree::clear):
        (WebCore::ScrollingStateTree::removeNodeAndAllDescendants):
        (WebCore::ScrollingStateTree::recursiveNodeWillBeRemoved):
        (WebCore::ScrollingStateTree::willRemoveNode):
        (WebCore::ScrollingStateTree::removeNode): Deleted.
        * page/scrolling/ScrollingStateTree.h:

2014-06-18  Alex Christensen  <achristensen@webkit.org>

        [iOS WebGL] Fixed WEBGL_compressed_texture_pvrtc.
        https://bugs.webkit.org/show_bug.cgi?id=133561
        
        Based on Blink r153971 by bajones@chromium.org.

        Reviewed by Dean Jackson.

        No new tests, but this should fix webgl-compressed-texture-pvrtc.html.

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::validateCompressedTexDimensions):
        (WebCore::WebGLRenderingContext::validateCompressedTexSubDimensions):
        Added checks for pvrtc.

2014-06-18  Anders Carlsson  <andersca@apple.com>

        Work around a Windows compiler crash.

        * loader/archive/cf/LegacyWebArchive.cpp:
        (WebCore::LegacyWebArchive::createFromSelection):

2014-06-18  Benjamin Poulain  <benjamin@webkit.org>

        Subtrees with :first-child and :last-child are not invalidated when siblings are added/removed
        https://bugs.webkit.org/show_bug.cgi?id=133934

        Reviewed by Antti Koivisto.

        When adding/removing nodes on an element, we try to invalidate only the elements that are
        affected. In the case of :first-child and :last-child, that optimizations is implemented
        through two types of flags that are updated during style resolution.

        The first flag is childrenAffectedByFirstChildRules (childrenAffectedByLastChildRules),
        set on the parent of any element that could be affected by :first-child (:last-child).

        The other part of the optimization is marking the style itself with firstChildState (lastChildState)
        to further reduce invalidations.

        The problem in this case happen with a subtree of element is detached. Since there is no renderer,
        the computed style is resolved ad-hoc and stored directly on the element. When the element is moved,
        the computed style was never cleared because the invalidation optimizations were not handling
        elements without style.

        Credit to Yusuke Suzuki for discovering the issue and creating test cases.

        Tests: fast/css/getComputedStyle/empty-update-without-renderer.html
               fast/css/getComputedStyle/first-child-update-without-renderer.html
               fast/css/getComputedStyle/last-child-update-without-renderer.html

        * dom/Element.cpp:
        (WebCore::checkForEmptyStyleChange):
        Clean up: pull the style directly from the function instead of expection the call sites to do that.
        Refine the checks to avoid invalidation.

        (WebCore::checkForSiblingStyleChanges):
        Do not early return if the parent is detached, the children may still need invalidation.

        When there is no renderer, assume the worst first-child/last-child and force the invalidation.

        (WebCore::Element::childrenChanged):

2014-06-18  Daniel Bates  <dabates@apple.com>

        REGRESSION (r167856): Unable to log into HSBC app
        https://bugs.webkit.org/show_bug.cgi?id=133991
        <rdar://problem/17044839>

        Reviewed by David Kilzer.

        Following <http://trac.webkit.org/changeset/167856> we disallow "navigation to any URL that is
        invalid, except for JavaScript URLs, which need not be valid." A byproduct of this policy
        decision is that we no longer notify the WebKit client to about a navigation if the destination
        URL is invalid. And some apps, including the HSBC app for iOS, have logic to intercept URLs
        as a means to pass data from their WebView-embedded web app to the WebView. We should expose a
        setting called allowNavigationToInvalidURL (disabled by default on all ports and conditionally
        enabled on iOS) to toggle whether WebCore allows navigation to any URL, even if its invalid,
        so as to not break clients that intercept URLs and have custom logic to handle them.

        Tests: fast/loader/allow-redirect-to-invalid-url-using-javascript.html
               fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html
               fast/loader/disallow-redirect-to-invalid-url-using-javascript.html
               fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html

        * loader/NavigationScheduler.cpp:
        (WebCore::NavigationScheduler::shouldScheduleNavigation): Modified to only validate
        the URL when the setting allowNavigationToInvalidURL is disabled.
        * page/Settings.in: Added setting allowNavigationToInvalidURL (disabled by default).

2014-06-18  Simon Fraser  <simon.fraser@apple.com>

        Make ScrollingStateNodes refcounted, and other minor cleanup
        https://bugs.webkit.org/show_bug.cgi?id=134040

        Reviewed by Beth Dakin.

        Prepare for future scrolling frame gyrations by making
        ScrollingStateNodes refcounted.
        
        Rename ScrollingStateNode::removeChild() to removeDescendant()
        since that's what it does. Also rename didRemoveNode() to willRemoveNode()
        to better match the behavior.
        
        Use 'auto' in more places.

        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::syncChildPositions):
        * page/scrolling/ScrollingStateFixedNode.cpp:
        (WebCore::ScrollingStateFixedNode::create):
        (WebCore::ScrollingStateFixedNode::clone):
        * page/scrolling/ScrollingStateFixedNode.h:
        * page/scrolling/ScrollingStateFrameScrollingNode.cpp:
        (WebCore::ScrollingStateFrameScrollingNode::create):
        (WebCore::ScrollingStateFrameScrollingNode::clone):
        * page/scrolling/ScrollingStateFrameScrollingNode.h:
        * page/scrolling/ScrollingStateNode.cpp:
        (WebCore::ScrollingStateNode::cloneAndReset):
        (WebCore::ScrollingStateNode::appendChild):
        (WebCore::ScrollingStateNode::removeDescendant):
        (WebCore::ScrollingStateNode::willBeRemovedFromStateTree):
        (WebCore::ScrollingStateNode::removeChild): Deleted.
        * page/scrolling/ScrollingStateNode.h:
        (WebCore::ScrollingStateNode::children):
        * page/scrolling/ScrollingStateOverflowScrollingNode.cpp:
        (WebCore::ScrollingStateOverflowScrollingNode::create):
        (WebCore::ScrollingStateOverflowScrollingNode::clone):
        * page/scrolling/ScrollingStateOverflowScrollingNode.h:
        * page/scrolling/ScrollingStateStickyNode.cpp:
        (WebCore::ScrollingStateStickyNode::create):
        (WebCore::ScrollingStateStickyNode::clone):
        * page/scrolling/ScrollingStateStickyNode.h:
        * page/scrolling/ScrollingStateTree.cpp:
        (WebCore::ScrollingStateTree::attachNode):
        (WebCore::ScrollingStateTree::removeNode):
        (WebCore::ScrollingStateTree::willRemoveNode):
        (WebCore::ScrollingStateTree::didRemoveNode): Deleted.
        * page/scrolling/ScrollingStateTree.h:
        (WebCore::ScrollingStateTree::setRootStateNode):
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::updateTreeFromStateNode):

2014-06-18  Anders Carlsson  <andersca@apple.com>

        Adopt modern C++11 loops and fix WebArchive creation functions
        https://bugs.webkit.org/show_bug.cgi?id=134032

        Reviewed by Andreas Kling.

        Use modern loops in a couple of places, fix DocumentLoader::subresources() to return a Vector,
        and stop using Vectors of PassRefPtrs.

        * WebCore.exp.in:
        * dom/Document.cpp:
        (WebCore::Document::textInserted):
        (WebCore::Document::textRemoved):
        (WebCore::Document::textNodesMerged):
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::subresources):
        (WebCore::DocumentLoader::getSubresources): Deleted.
        * loader/DocumentLoader.h:
        * loader/appcache/ApplicationCache.cpp:
        (WebCore::ApplicationCache::dump):
        * loader/appcache/ApplicationCache.h:
        (WebCore::ApplicationCache::resources):
        (WebCore::ApplicationCache::begin): Deleted.
        (WebCore::ApplicationCache::end): Deleted.
        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::didFinishLoadingManifest):
        * loader/appcache/ApplicationCacheHost.cpp:
        (WebCore::ApplicationCacheHost::fillResourceList):
        * loader/appcache/ApplicationCacheStorage.cpp:
        (WebCore::ApplicationCacheStorage::fallbackCacheGroupForURL):
        (WebCore::ApplicationCacheStorage::store):
        (WebCore::ApplicationCacheStorage::empty):
        (WebCore::ApplicationCacheStorage::storeCopyOfCache):
        * loader/archive/cf/LegacyWebArchive.cpp:
        (WebCore::LegacyWebArchive::create):
        (WebCore::LegacyWebArchive::createFromSelection):
        * loader/archive/cf/LegacyWebArchive.h:
        * xml/XMLHttpRequestProgressEventThrottle.cpp:
        (WebCore::XMLHttpRequestProgressEventThrottle::dispatchDeferredEvents):

2014-06-18  Alex Christensen  <achristensen@webkit.org>

        Remove duplicate code using sdiv.
        https://bugs.webkit.org/show_bug.cgi?id=133764

        Reviewed by Daniel Bates.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::modulo):
        Use template sdiv for apple armv7s and arm64.

2014-06-18  Zan Dobersek  <zdobersek@igalia.com>

        ScriptExecutionContext::Task parameters should always be rvalue references
        https://bugs.webkit.org/show_bug.cgi?id=133615

        Reviewed by Darin Adler.

        ScriptExecutionContext::Task parameters should be rvalue references as the
        passed-in objects are always ScriptExecutionContext::Task rvalues that were
        implicitly constructed from a lambda function or rvalues of objects that
        derive from ScriptExecutionContext::Task.

        This isn't really necessary since ScriptExecutionContext::Task is non-copyable
        and we have to use move semantics anyway, but it makes it clear that these
        objects are expiring rvalues that must be properly dealt with.

        * dom/Document.cpp:
        (WebCore::Document::postTask):
        * dom/Document.h:
        * dom/ScriptExecutionContext.h:
        * workers/DefaultSharedWorkerRepository.cpp:
        (WebCore::SharedWorkerProxy::postTaskToLoader):
        (WebCore::SharedWorkerProxy::postTaskForModeToWorkerGlobalScope):
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::postTask):
        * workers/WorkerGlobalScope.h:
        * workers/WorkerLoaderProxy.h:
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::postTaskToLoader):
        (WebCore::WorkerMessagingProxy::postTaskForModeToWorkerGlobalScope):
        * workers/WorkerMessagingProxy.h:
        * workers/WorkerRunLoop.cpp:
        (WebCore::WorkerRunLoop::postTask):
        (WebCore::WorkerRunLoop::postTaskAndTerminate):
        (WebCore::WorkerRunLoop::postTaskForMode):
        (WebCore::WorkerRunLoop::Task::create):
        (WebCore::WorkerRunLoop::Task::Task):
        * workers/WorkerRunLoop.h:

2014-06-18  peavo@outlook.com  <peavo@outlook.com>

        [WinCairo] Compile errors when trying to compile CA code.
        https://bugs.webkit.org/show_bug.cgi?id=134030

        Reviewed by Simon Fraser.

        WinCairo does not USE(CA).

        * WebCore.vcxproj/WebCore.vcxproj:
        * platform/graphics/ca/TileController.h:

2014-06-17  Tim Horton  <timothy_horton@apple.com>

        [iOS][wk2] Use ImageDocument to display subframe PDFs
        https://bugs.webkit.org/show_bug.cgi?id=133944
        <rdar://problem/17205983>

        Reviewed by Dan Bates.

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::createDocument):
        Make a ImageDocument to show our subframe PDF, if the setting is enabled.

        * html/ImageDocument.cpp:
        (WebCore::ImageDocument::finishedParsing):
        (WebCore::ImageDocument::createDocumentStructure):
        Set the ResourceResponse on the ImageElement upon creation, instead of
        when the load finishes. This way, when the internal CachedImage creates
        its Image, it can have the correct MIME type for the response, and can
        make a PDFDocumentImage if necessary.

        We never noticed this before because CachedImage falls back to making a
        BitmapImage, and that was the only case that was normally used.

        Throw an explicit white background behind PDF ImageDocuments; PDFDocumentImage
        paints with a transparent background, but when used as an ImageDocument
        it seems reasonable to assume that there should be a white page background
        (similar to what PDFPlugin and friends do).

        * loader/DocumentWriter.cpp:
        (WebCore::DocumentWriter::createDocument):
        Don't make a PDFDocument if we want to use an ImageDocument for this subframe PDF.

        * page/Settings.in:

        * platform/MIMETypeRegistry.cpp:
        (WebCore::MIMETypeRegistry::isPDFMIMEType):
        * platform/MIMETypeRegistry.h:
        Expose the already implemented pdfMIMETypes table just like all the rest.

2014-06-17  Ryuan Choi  <ryuan.choi@samsung.com>

        Unreviewed build fix with ENABLE_NOSNIFF after r170021

        * loader/cache/CachedScript.cpp:
        (WebCore::CachedScript::mimeTypeAllowedByNosniff):

2014-06-17  Jeremy Jones  <jeremyj@apple.com>

        Improve enter and exit fullscreen transition by using two step transition.
        https://bugs.webkit.org/show_bug.cgi?id=133706

        Reviewed by Simon Fraser.

        setupFullscreen, creates the fullscreen views ready to receive the video layer.
        Once they are in place, didSetupFullscreen will move the video layer into the 
        new view hierarchy and initiate enterFullscreen to animate.

        Reverse process for exit fullscreen.

        * WebCore.exp.in: Add exports.
        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (-[WebVideoFullscreenController enterFullscreen:]):
        Refactor into didSetupFullscreen.
        (-[WebVideoFullscreenController didSetupFullscreen]):
        Move the video layer once fullscreen is ready to receive it.
        (-[WebVideoFullscreenController didExitFullscreen]):
        Move the video layer back into we the web page, and initiate cleanup.
        (-[WebVideoFullscreenController didCleanupFullscreen]):
        Refactord cleanup from didExitFullscreen.
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h: Add delcarations.
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::setupFullscreen):
        Refactored from enterFullscreen. Builds views ready to receive video layer.
        (WebVideoFullscreenInterfaceAVKit::enterFullscreen):
        Animates into fullscreen.
        (WebVideoFullscreenInterfaceAVKit::exitFullscreen):
        Animates from fullscreen. Cleanup is refactored into cleanupFullscreen()
        (WebVideoFullscreenInterfaceAVKit::cleanupFullscreen):
        Refactored from exitFullscreen(), removes views.

2014-06-17  Sam Weinig  <sam@webkit.org>

        Remove unnecessary Structure flags from generated bindings
        https://bugs.webkit.org/show_bug.cgi?id=133992

        Reviewed by Daniel Bates.

        - Remove OverridesVisitChildren flag from DOM prototype objects. They never
          implement visitChildren.
        - Remove OverridesGetOwnPropertySlot and ImplementsHasInstance from DOM constructor
          objects. getOwnPropertySlot is never implemented and ImplementsHasInstance is inherited
          automatically from DOMConstructorObject.
        - If we are not changing any flags, we now don't emit StructureFlags at all for the class.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GeneratePrototypeDeclaration):
        (GenerateConstructorDeclaration):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
        (WebCore::JSTestActiveDOMObjectPrototype::JSTestActiveDOMObjectPrototype):
        (WebCore::JSTestActiveDOMObjectConstructor::createStructure):
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
        (WebCore::JSTestCustomNamedGetterPrototype::JSTestCustomNamedGetterPrototype):
        (WebCore::JSTestCustomNamedGetterConstructor::createStructure):
        * bindings/scripts/test/JS/JSTestEventConstructor.h:
        (WebCore::JSTestEventConstructorPrototype::JSTestEventConstructorPrototype):
        * bindings/scripts/test/JS/JSTestEventTarget.h:
        (WebCore::JSTestEventTargetPrototype::JSTestEventTargetPrototype):
        (WebCore::JSTestEventTargetConstructor::createStructure):
        * bindings/scripts/test/JS/JSTestException.h:
        (WebCore::JSTestExceptionPrototype::JSTestExceptionPrototype):
        (WebCore::JSTestExceptionConstructor::createStructure):
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
        (WebCore::JSTestGenerateIsReachablePrototype::JSTestGenerateIsReachablePrototype):
        (WebCore::JSTestGenerateIsReachableConstructor::createStructure):
        * bindings/scripts/test/JS/JSTestInterface.h:
        (WebCore::JSTestInterfacePrototype::JSTestInterfacePrototype):
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
        (WebCore::JSTestMediaQueryListListenerPrototype::JSTestMediaQueryListListenerPrototype):
        (WebCore::JSTestMediaQueryListListenerConstructor::createStructure):
        * bindings/scripts/test/JS/JSTestNamedConstructor.h:
        (WebCore::JSTestNamedConstructorPrototype::JSTestNamedConstructorPrototype):
        (WebCore::JSTestNamedConstructorConstructor::createStructure):
        * bindings/scripts/test/JS/JSTestNode.h:
        (WebCore::JSTestNodePrototype::JSTestNodePrototype):
        * bindings/scripts/test/JS/JSTestNondeterministic.h:
        (WebCore::JSTestNondeterministicPrototype::JSTestNondeterministicPrototype):
        (WebCore::JSTestNondeterministicConstructor::createStructure):
        * bindings/scripts/test/JS/JSTestObj.h:
        (WebCore::JSTestObjPrototype::JSTestObjPrototype):
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
        (WebCore::JSTestOverloadedConstructorsPrototype::JSTestOverloadedConstructorsPrototype):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
        (WebCore::JSTestSerializedScriptValueInterfacePrototype::JSTestSerializedScriptValueInterfacePrototype):
        (WebCore::JSTestSerializedScriptValueInterfaceConstructor::createStructure):
        * bindings/scripts/test/JS/JSTestTypedefs.h:
        (WebCore::JSTestTypedefsPrototype::JSTestTypedefsPrototype):
        * bindings/scripts/test/JS/JSattribute.h:
        (WebCore::JSattributePrototype::JSattributePrototype):
        (WebCore::JSattributeConstructor::createStructure):
        * bindings/scripts/test/JS/JSreadonly.h:
        (WebCore::JSreadonlyPrototype::JSreadonlyPrototype):
        (WebCore::JSreadonlyConstructor::createStructure):

2014-06-17  Myles C. Maxfield  <mmaxfield@apple.com>

        [iOS] Input type=time elements styled with SVG fonts have 0 width
        https://bugs.webkit.org/show_bug.cgi?id=133524

        Reviewed by Simon Fraser.

        Refactor how the LocalizedDateCache returns maximum widths for input elements. Currently,
        measuring the width of an SVG font requires a RenderObject for context, which the
        LocalizedDateCache can't know about (it would be a platform violation). Instead, the
        LocalizedDateCache can return the strings that it would use to measure the width, and the
        caller can actually run the width computation.

        Test: fast/forms/time-input-svg-font.html

        * platform/text/PlatformLocale.h:
        * platform/text/ios/LocalizedDateCache.h:
        * platform/text/ios/LocalizedDateCache.mm:
        (WebCore::LocalizedDateCache::maximumWidthForDateType): Take a delegate which can
        measure text
        (WebCore::LocalizedDateCache::calculateMaximumWidth): Perform maximum width
        computation using delegate.
        * platform/text/mac/LocaleMac.h:
        * platform/text/mac/LocaleMac.mm:
        (WebCore::LocaleMac::formatDateTime):
        (WebCore::LocaleMac::maximumWidthForDateType): Deleted. Short-circuit this and go
        directly to the LocalizedDateCache. This makes sense because we have to explicitly
        insert computed values back into the cache in this new model.
        * rendering/RenderThemeIOS.mm:
        (WebCore::adjustInputElementButtonStyle): Create a delegate and pass it to the
        LocalizedDateCache

2014-06-17  Simon Fraser  <simon.fraser@apple.com>

        [UI-side compositing] fix reflections on composited layers
        https://bugs.webkit.org/show_bug.cgi?id=133942

        Reviewed by Tim Horton.

        Fix reflections on composited layers. There are two main set of changes.
        
        First, a PlatformCALayerRemote which is a clone has to track the layer
        it is a clone of, so it knows where to grab the contents from in the UI process.
        This layer may be told that its contents need updating out of order during
        recursiveBuildTransaction(), so we need some small changes in RemoteLayerTreeContext
        to allow a layer to add itself to the set of layers requiring commit.
        
        In the UI process, a new step is added to RemoteLayerTreeHost::updateLayerTree()
        to go through clones, and copy their contents from the origin layer.
        
        The second set of changes makes platformCALayerLayerDidDisplay() work for
        UI-side compositing by not taking a PlatformLayer*, but instead a PlatformCALayer*.
        PlatformCALayer::setContentsChanged() changed to copyContentsFromLayer() so we know
        what the origin layer is.

        Test: compositing/reflections/repaint-with-reflection.html

        * WebCore.exp.in:
        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::layerDidDisplay): Deleted.
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::LayerClient::platformCALayerLayerDidDisplay): Deleted.
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::layerDidDisplay):
        (WebCore::GraphicsLayerCA::findOrMakeClone):
        * platform/graphics/ca/GraphicsLayerCA.h:
        * platform/graphics/ca/PlatformCALayer.h:
        * platform/graphics/ca/PlatformCALayerClient.h:
        (WebCore::PlatformCALayerClient::platformCALayerLayerDidDisplay):
        * platform/graphics/ca/mac/PlatformCALayerMac.h:
        * platform/graphics/ca/mac/PlatformCALayerMac.mm:
        (PlatformCALayerMac::copyContentsFromLayer):
        (PlatformCALayerMac::superlayer):
        (PlatformCALayerMac::setContentsChanged): Deleted.
        * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp:
        (PlatformCALayerWinInternal::displayCallback):
        * platform/graphics/mac/WebLayer.mm:
        (-[WebSimpleLayer display]):

2014-06-17  Anders Carlsson  <andersca@apple.com>

        Use strongly typed enums for AnimationState and AnimationInputState
        https://bugs.webkit.org/show_bug.cgi?id=133988

        Reviewed by Tim Horton.

        * page/animation/AnimationBase.cpp:
        (WebCore::AnimationBase::AnimationBase):
        (WebCore::nameForState):
        (WebCore::AnimationBase::updateStateMachine):
        (WebCore::AnimationBase::fireAnimationEventsIfNeeded):
        (WebCore::AnimationBase::updatePlayState):
        (WebCore::AnimationBase::timeToNextService):
        (WebCore::AnimationBase::goIntoEndingOrLoopingState):
        (WebCore::AnimationBase::freezeAtTime):
        (WebCore::AnimationBase::beginAnimationUpdateTime):
        * page/animation/AnimationBase.h:
        (WebCore::AnimationBase::clear):
        (WebCore::AnimationBase::onAnimationStartResponse):
        (WebCore::AnimationBase::waitingToStart):
        (WebCore::AnimationBase::preActive):
        (WebCore::AnimationBase::postActive):
        (WebCore::AnimationBase::fillingForwards):
        (WebCore::AnimationBase::paused):
        (WebCore::AnimationBase::inPausedState):
        (WebCore::AnimationBase::isNew):
        (WebCore::AnimationBase::waitingForStartTime):
        (WebCore::AnimationBase::waitingForStyleAvailable):
        (WebCore::AnimationBase::isAnimatingProperty):
        (WebCore::AnimationBase::styleAvailable):
        (WebCore::AnimationBase::compositeAnimation):
        * page/animation/ImplicitAnimation.cpp:
        (WebCore::ImplicitAnimation::onAnimationEnd):
        (WebCore::ImplicitAnimation::sendTransitionEvent):
        (WebCore::ImplicitAnimation::reset):
        (WebCore::ImplicitAnimation::setOverridden):
        * page/animation/KeyframeAnimation.cpp:
        (WebCore::KeyframeAnimation::KeyframeAnimation):
        (WebCore::KeyframeAnimation::animate):
        (WebCore::KeyframeAnimation::sendAnimationEvent):

2014-06-17  Andreas Kling  <akling@apple.com>

        Avoid synchronous layout in window.scrollTo(0,0) when already at (0,0)
        <https://webkit.org/b/133893>

        Going from 0,0 to 0,0 is a no-op since there is no way a layout will
        affect the current scroll position.

        We don't send scroll events when moving to the previous position,
        so this change is not observable.

        Reviewed by Anders Carlsson.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::scrollTo):

2014-06-17  Alex Christensen  <achristensen@webkit.org>

        Fix css jit register usage on armv7.
        https://bugs.webkit.org/show_bug.cgi?id=133952

        Reviewed by Benjamin Poulain.

        * cssjit/RegisterAllocator.h:
        List r7 as a callee saved register, which it is.
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generatePrologue):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateEpilogue):
        Save r6, which is used as a temporary register and must be preserved.

2014-06-17  Miyoung Shin  <myid.shin@samsung.com>

        Use references instead of pointers to RenderBlock in enclosingBoxModelObject()
        https://bugs.webkit.org/show_bug.cgi?id=133978

        Reviewed by Andreas Kling.

        Just a straightforward conversion from pointers to references.

        No new tests, no behavior change.

        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::paint):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::paintObject):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::enclosingBoxModelObject):
        * rendering/RenderObject.h:

2014-06-17  Zan Dobersek  <zdobersek@igalia.com>

        Cache the gst_query_get_n_buffering_ranges() return value for the for-loop conditional
        https://bugs.webkit.org/show_bug.cgi?id=133953

        Reviewed by Philippe Normand.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::buffered): Avoid the extra call in the for-loop
        conditional expression by caching the return value of gst_query_get_n_buffering_ranges().

2014-06-17  Zan Dobersek  <zdobersek@igalia.com>

        Avoid Vector<char> copies in the OffsetBuffer constructor
        https://bugs.webkit.org/show_bug.cgi?id=133956

        Reviewed by Andreas Kling.

        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::OffsetBuffer::OffsetBuffer): Take the Vector parameter by value and
        move it into the member variable.
        (WebCore::openFunc): Move the Vector object into the OffsetBuffer constructor.

2014-06-17  Jer Noble  <jer.noble@apple.com>

        [MSE] Overwritten samples are removed from buffered ranges using decode times; added samples using presentation times
        https://bugs.webkit.org/show_bug.cgi?id=133959

        Reviewed by Eric Carlson.

        Test: media/media-source/media-source-overlapping-append-buffered.html

        Explicitly call presentationTime() on removed samples, rather than implicitly asking for the iterator's "first"
        member. When iterating over samples, "first" can either be presentation time, or decode time, depending on which
        iteration method is called. In the case of removing samples, this was using the decode time incorrectly.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):

2014-06-16  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Region with border radius and overflow:hidden does not clip content
        https://bugs.webkit.org/show_bug.cgi?id=133476

        Reviewed by Andrei Bucur.

        When setting the clip before painting the named flow content,
        use the region's foreground rect to take the region's border radius
        into account if needed.

        Test: fast/regions/region-border-radius-overflow-clip.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintFlowThreadIfRegionForFragments):

2014-06-16  Sam Weinig  <sam@webkit.org>

        Extract prototype declaration generation into a helper function
        https://bugs.webkit.org/show_bug.cgi?id=133969

        Reviewed by Dan Bernstein.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GeneratePrototypeDeclaration):

2014-06-16  Sam Weinig  <sam@webkit.org>

        Move forward declaration of bindings static functions into their implementation files
        https://bugs.webkit.org/show_bug.cgi?id=133943

        Reviewed by Geoffrey Garen.

        - Moves the forward declaration of static functions for generated files to the implementation.
        - Adds a new extended attribute, ForwardDeclareInHeader, for functions that still need a 
          forward declaration in the header.

        * bindings/js/JSDOMBinding.h:
        (WebCore::nonCachingStaticFunctionGetter):
        Move this helper here from JSDOMWindowCustom.cpp.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        Switch to comparing the property name directly rather than looking up in the static table and
        comparing function pointers.

        * bindings/js/JSHistoryCustom.cpp:
        (WebCore::JSHistory::getOwnPropertySlotDelegate):
        Switch to comparing the property name directly rather than looking up in the static table and
        comparing function pointers and start using the nonCachingStaticFunctionGetter<> helper.

        * bindings/js/JSLocationCustom.cpp:
        (WebCore::JSLocation::getOwnPropertySlotDelegate):
        (WebCore::JSLocation::putDelegate):
        Switch to comparing the property name directly rather than looking up in the static table and
        comparing function pointers and start using the nonCachingStaticFunctionGetter<> helper.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GenerateImplementation):
        Move forward declaration creation to the implementation file where possible.

        * bindings/scripts/IDLAttributes.txt:
        Add ForwardDeclareInHeader.

        * page/DOMWindow.idl:
        * page/History.idl:
        * page/Location.idl:
        Add ForwardDeclareInHeader where necessary.

2014-06-16  Jaehun Lim  <ljaehun.lim@samsung.com>

        Unreviewed build fix after r170029

        Use String() instead of AtomicString().

        * platform/network/HTTPParsers.cpp:
        (WebCore::parseHTTPHeader):
        * platform/network/soup/ResourceRequestSoup.cpp:
        (WebCore::ResourceRequest::updateSoupMessageHeaders):
        * platform/network/soup/ResourceResponseSoup.cpp:
        (WebCore::ResourceResponse::toSoupMessage):

2014-06-16  Brent Fulgham  <bfulgham@apple.com>

        [Win] Use TileController on Windows
        https://bugs.webkit.org/show_bug.cgi?id=133895

        Reviewed by Tim Horton.

        * WebCore.vcxproj/WebCore.vcxproj: Add Tiled Drawing files.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * platform/graphics/TiledBacking.h: No longer Cocoa-only.
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::swapFromOrToTiledLayer): Windows
        now uses the same layer type as Mac.
        * platform/graphics/ca/LayerPool.cpp:
        (WebCore::LayerPool::takeLayerWithSize): Use nullptr
        rather than nil for C++ code.
        * platform/graphics/ca/PlatformCALayer.cpp:
        * platform/graphics/ca/PlatformCALayer.h: Expose necessary
        drawing functions for Windows port.
        * platform/graphics/ca/TileController.cpp: Remove unneeded
        header include for WebLayer.
        * platform/graphics/ca/TileCoverageMap.cpp: Correct #includes.
        * platform/graphics/ca/TileGrid.h: Not just for Cococa.
        * platform/graphics/ca/mac/PlatformCALayerMac.mm: Remove
        extra whitespace.
        * platform/graphics/ca/mac/PlatformCALayerMac.h: Remove
        unneeded overload.
        * platform/graphics/ca/win/PlatformCALayerWin.cpp:
        (PlatformCALayer::collectRectsToPaint): Added stub.
        (PlatformCALayer::drawLayerContents): Added.
        (PlatformCALayer::frameForLayer): Added.
        (PlatformCALayerWin::PlatformCALayerWin): Remove unneeded
        assert now that we support these types. Add TileController
        support.
        (PlatformCALayerWin::setEdgeAntialiasingMask): Added.
        (printLayer): Add newly-supported tile types.
        (PlatformCALayerWin::tiledBacking): Added.
        * platform/graphics/ca/win/PlatformCALayerWin.h: Update to
        support Tiled Drawing.
        * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp:
        (PlatformCALayerWinInternal::PlatformCALayerWinInternal): Update to
        recognize newly-supported layer types.
        (PlatformCALayerWinInternal::setNeedsDisplay): Ditto.
        (PlatformCALayerWinInternal::setSublayers): Ditto.
        (PlatformCALayerWinInternal::getSublayers): Ditto.
        (PlatformCALayerWinInternal::removeAllSublayers): Ditto.
        (PlatformCALayerWinInternal::insertSublayer): Ditto.
        (PlatformCALayerWinInternal::sublayerCount): Ditto.
        (PlatformCALayerWinInternal::indexOfSublayer): Ditto.
        (PlatformCALayerWinInternal::sublayerAtIndex): Ditto.
        (PlatformCALayerWinInternal::setBounds): Ditto.
        (PlatformCALayerWinInternal::setFrame): Ditto.
        (PlatformCALayerWinInternal::drawTile): Ditto.
        (PlatformCALayerWinInternal::createTileController): Ditto.
        (PlatformCALayerWinInternal::tiledBacking): Ditto.
        * platform/graphics/ca/win/PlatformCALayerWinInternal.h: Update to use
        TileController.

2014-06-16  Andreas Kling  <akling@apple.com>

        Remove unnecessary style invalidation in RenderTextControl::styleDidChange().
        <https://webkit.org/b/133949>

        This explicit invalidation of the text control's inner text element
        was hacked in to fix an editing test back in 2011, long before lazy
        render tree construction.

        It should be safe to remove, since doing so doesn't affect any tests.

        Reviewed by Antti Koivisto.

        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::styleDidChange):

2014-06-16  Anders Carlsson  <andersca@apple.com>

        Fix iOS build.

        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::setHeaderFields):

2014-06-16  Anders Carlsson  <andersca@apple.com>

        Accept-Ranges is not specific to GStreamer.

        * platform/network/HTTPHeaderNames.in:

2014-06-16  Anders Carlsson  <andersca@apple.com>

        Don't use AtomicString in HTTPHeaderMap
        https://bugs.webkit.org/show_bug.cgi?id=133957
        <rdar://problem/15256572>

        Reviewed by Andreas Kling.

        Use the string data that comes from the generated HTTPHeaderNames.cpp file
        for sharing header name data instead. In the future we can do something more fancy where
        we'll hash the HTTPHeaderName enum directly, but this is good enough for now.

        * Modules/websockets/WebSocketHandshake.cpp:
        (WebCore::WebSocketHandshake::readHTTPHeaders):
        * WebCore.exp.in:
        * inspector/InspectorResourceAgent.cpp:
        (WebCore::buildObjectForHeaders):
        * loader/CrossOriginPreflightResultCache.cpp:
        (WebCore::CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders):
        * loader/appcache/ApplicationCacheStorage.cpp:
        (WebCore::parseHeader):
        * loader/cache/CachedResource.cpp:
        (WebCore::shouldUpdateHeaderAfterRevalidation):
        * platform/network/HTTPHeaderMap.cpp:
        (WebCore::HTTPHeaderMap::copyData):
        (WebCore::internHTTPHeaderNameString):
        (WebCore::HTTPHeaderMap::get):
        (WebCore::HTTPHeaderMap::set):
        (WebCore::HTTPHeaderMap::add):
        (WebCore::CaseFoldingCStringTranslator::hash): Deleted.
        (WebCore::CaseFoldingCStringTranslator::equal): Deleted.
        (WebCore::CaseFoldingCStringTranslator::translate): Deleted.
        * platform/network/HTTPHeaderMap.h:
        * platform/network/HTTPHeaderNames.in:
        * platform/network/HTTPParsers.cpp:
        (WebCore::parseHTTPHeader):
        * platform/network/HTTPParsers.h:
        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::httpHeaderField):
        (WebCore::ResourceRequestBase::setHTTPHeaderField):
        (WebCore::ResourceRequestBase::addHTTPHeaderField):
        * platform/network/ResourceRequestBase.h:
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::httpHeaderField):
        (WebCore::ResourceResponseBase::setHTTPHeaderField):
        (WebCore::ResourceResponseBase::addHTTPHeaderField):
        * platform/network/ResourceResponseBase.h:
        * platform/network/mac/ResourceRequestMac.mm:
        (WebCore::ResourceRequest::doUpdateResourceRequest):
        * platform/network/mac/ResourceResponseMac.mm:
        (WebCore::ResourceResponse::platformLazyInit):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::setRequestHeader):
        (WebCore::XMLHttpRequest::setRequestHeaderInternal):
        (WebCore::XMLHttpRequest::getRequestHeader):
        (WebCore::XMLHttpRequest::getResponseHeader):
        * xml/XMLHttpRequest.h:

2014-06-16  Chris Fleizach  <cfleizach@apple.com>

        AX: Safari crashed once in WebCore::AccessibilityObject::ariaIsHidden
        https://bugs.webkit.org/show_bug.cgi?id=133825

        Reviewed by Enrica Casucci.

        Sometimes asking accessibilityIsIgnored() will cause a newObject to be detached immediately after its created. 
        The creation function holds a reference with RefPtr as long as it lives, but when that method returns, the object goes away.

        With that out of the way, I saw the same backtrace lead to updateLayoutIgnorePendingStylesheets being called while still inLayout.

        I tried my best but could not create a reproducible layout test.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::getOrCreate):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::updateBackingStore):

2014-06-16  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed. Add more GStreamer-specific header names that are required
        after changes in r170021, fixing the build for ports using GStreamer.

        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (StreamingClient::handleResponseReceived):
        * platform/network/HTTPHeaderNames.in:

2014-06-16  Chris Fleizach  <cfleizach@apple.com>

        AX: Crash at WebCore::AXObjectCache::textChanged
        https://bugs.webkit.org/show_bug.cgi?id=133873

        Reviewed by Enrica Casucci.

        This looks like a very similar problem to 
        https://bugs.webkit.org/show_bug.cgi?id=133825

        The object is being created and deallocated almost right away because calling accessibilityIsIgnored triggers
        a deferred layout that invalidates the associated render element.

        Despite my best efforts, I could not come up with a way to reproduce this in a layout test.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::getOrCreate):

2014-06-15  Anders Carlsson  <andersca@apple.com>

        Change ResourceRequestBase::addHTTPHeaderFields to setHTTPHeaderFields instead
        https://bugs.webkit.org/show_bug.cgi?id=133925

        Reviewed by Sam Weinig.

        * WebCore.exp.in:
        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::setHTTPHeaderFields):
        (WebCore::ResourceRequestBase::addHTTPHeaderFields): Deleted.
        * platform/network/ResourceRequestBase.h:
        * plugins/PluginView.cpp:
        (WebCore::PluginView::handlePost):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest):

2014-06-16  Jeongeun Kim  <je_julie.kim@samsung.com>

        Use references instead of pointers to RenderBlock in RenderObject::enclosingBox().
        https://bugs.webkit.org/show_bug.cgi?id=133902

        Reviewed by Andreas Kling.

        Just a straightforward conversion from pointers to references.

        No new tests, no behavior change.

        * bindings/objc/DOMUIKitExtensions.mm:
        (-[DOMHTMLElement structuralComplexityContribution]):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):
        * inspector/InspectorOverlay.cpp:
        (WebCore::buildObjectForRendererFragments):
        * page/EventHandler.cpp:
        (WebCore::scrollNode):
        (WebCore::EventHandler::scrollOverflow):
        (WebCore::EventHandler::logicalScrollOverflow):
        * page/FrameView.cpp:
        (WebCore::FrameView::layout):
        * rendering/RenderBox.cpp:
        (WebCore::computeInlineStaticDistance):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::computedRegionRangeForBox):
        (WebCore::RenderFlowThread::objectShouldFragmentInFlowRegion):
        (WebCore::RenderFlowThread::objectInFlowRegion):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::enclosingBox): Removed FIXME comment
        * rendering/RenderObject.h:
        * rendering/RenderScrollbar.cpp:
        (WebCore::RenderScrollbar::owningRenderer):

2014-06-16  Anders Carlsson  <andersca@apple.com>

        Use HTTPHeaderName in more places
        https://bugs.webkit.org/show_bug.cgi?id=133948

        Reviewed by Andreas Kling.

        * loader/cache/CachedRawResource.cpp:
        (WebCore::shouldIgnoreHeaderForCacheReuse):
        * platform/network/HTTPHeaderNames.in:
        * xml/XMLHttpRequest.cpp:
        (WebCore::isSetCookieHeader):
        (WebCore::isForbiddenRequestHeader):
        (WebCore::XMLHttpRequest::isAllowedHTTPHeader):
        (WebCore::XMLHttpRequestStaticData::XMLHttpRequestStaticData): Deleted.
        (WebCore::staticData): Deleted.

2014-06-16  Anders Carlsson  <andersca@apple.com>

        Add HTTPHeaderName overloads on ResourceResponseBase
        https://bugs.webkit.org/show_bug.cgi?id=133946

        Reviewed by Andreas Kling.

        * WebCore.exp.in:
        * dom/Document.cpp:
        (WebCore::Document::lastModified):
        * loader/CrossOriginAccessControl.cpp:
        (WebCore::passesAccessControlCheck):
        * loader/CrossOriginPreflightResultCache.cpp:
        (WebCore::CrossOriginPreflightResultCacheItem::parse):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::receivedFirstData):
        (WebCore::FrameLoader::didBeginDocument):
        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::createResourceHandle):
        * loader/cache/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::canUseSheet):
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::load):
        * loader/cache/CachedScript.cpp:
        (WebCore::CachedScript::mimeType):
        * platform/network/HTTPHeaderNames.in:
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::httpHeaderField):
        (WebCore::ResourceResponseBase::setHTTPHeaderField):
        * platform/network/ResourceResponseBase.h:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::getAllResponseHeaders):
        (WebCore::XMLHttpRequest::getResponseHeader):
        (WebCore::XMLHttpRequest::responseMIMEType):
        (WebCore::XMLHttpRequest::didReceiveResponse):

2014-04-05  Antonio Gomes  <a1.gomes@sisa.samsung.com>

        [Bindings] "nullable" sequence support is incomplete (i.e. sequence<NativeType>?)
        https://bugs.webkit.org/show_bug.cgi?id=131240

        Reviewed by Darin Adler.

        Nullable sequences are not fully supported in WebKit's
        code generator machinery. Although the generated code
        does add "is nullable" check to the evaluation condition
        (i.e. if (arg.isNull() || ...)), when the JSValue
        that holds a "null" JSObject is actually to be "converted"
        to a native Vector<T>, it fails.

        The reason for the failure is in JSDOMBindings::toNativeArray.
        This method verifies that JSValue does not hold a "non-null"
        object, and it bails out.
        Analogly, the "ref ptr" variant of this method (toRefPtrNativeArray)
        does support nullables.

        Patch fixes it be checking for a "null" JSValue check before hand.

        Tests: Binding tests updated.

        * bindings/js/JSDOMBinding.h:
        (WebCore::toNativeArray):
        * bindings/scripts/CodeGeneratorJS.pm:
        (JSValueToNative):
        * Modules/websocket/WebSocket.idl:
        Removed one overload ctor now that
        we can use nullable sequences.

2014-06-16  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] Occasional image corruption after seeking
        https://bugs.webkit.org/show_bug.cgi?id=133879

        Reviewed by Eric Carlson.

        Change the order of operations for seeks: change the current time of the AVSampleBufferRenderSynchronizer
        before flushing and appending non-displaying samples.

        Rather than having a single function which retrieves the fast seek time and then seeks, split this out
        into two functions: one which gets the fast seek time, and one which seeks. (The later of course already
        exists: seekToTime()).

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::MediaPlayerPrivateMediaSourceAVFObjC):
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekInternal):
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
        (WebCore::MediaSourcePrivateAVFObjC::fastSeekTimeForMediaTime): Renamed from seekToTime()
        (WebCore::MediaSourcePrivateAVFObjC::seekToTime): Deleted.

2014-06-16  Zan Dobersek  <zdobersek@igalia.com>

        Have ScriptExecutionContext::Task functions take in a ScriptExecutionContext reference
        https://bugs.webkit.org/show_bug.cgi?id=133795

        Reviewed by Andreas Kling.

        The pointer to the ScriptExecutionContext object that is passed to the C++11 lambdas or
        helper functions wrapped in ScriptExecutionContext::Task is never null, so that parameter
        should be a reference instead.

        * Modules/webdatabase/Database.cpp:
        (WebCore::Database::~Database):
        (WebCore::Database::runTransaction):
        (WebCore::Database::scheduleTransactionCallback):
        * Modules/webdatabase/DatabaseManager.cpp:
        (WebCore::DatabaseManager::openDatabase):
        * Modules/webdatabase/SQLCallbackWrapper.h:
        (WebCore::SQLCallbackWrapper::clear):
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
        (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasksCallback):
        (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks): Dereference the
        member variable that holds a never-null pointer to the ScriptExecutionContext. This should
        similarly be a reference.
        (WebCore::ThreadableWebSocketChannelClientWrapper::didConnectCallback):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageCallback):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryDataCallback):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmountCallback):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshakeCallback):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didCloseCallback):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageErrorCallback):
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.h:
        * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
        (WebCore::workerGlobalScopeDidSend):
        (WebCore::workerGlobalScopeDidGetBufferedAmount):
        (WebCore::workerGlobalScopeDidConnect):
        (WebCore::workerGlobalScopeDidReceiveMessage):
        (WebCore::workerGlobalScopeDidReceiveBinaryData):
        (WebCore::workerGlobalScopeDidUpdateBufferedAmount):
        (WebCore::workerGlobalScopeDidStartClosingHandshake):
        (WebCore::workerGlobalScopeDidClose):
        (WebCore::workerGlobalScopeDidReceiveMessageError):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadConnect):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadSend):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadSendArrayBuffer):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadSendBlob):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadBufferedAmount):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadClose):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadFail):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadDestroy):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadSuspend):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadResume):
        * Modules/websockets/WorkerThreadableWebSocketChannel.h:
        * bindings/js/JSCallbackData.h:
        (WebCore::DeleteCallbackDataTask::DeleteCallbackDataTask):
        * bindings/js/JSDOMGlobalObjectTask.cpp:
        (WebCore::JSGlobalObjectTask::JSGlobalObjectTask):
        * dom/Document.cpp:
        (WebCore::Document::postTask):
        (WebCore::Document::pendingTasksTimerFired):
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::processMessagePortMessagesSoon):
        * dom/ScriptExecutionContext.h:
        (WebCore::ScriptExecutionContext::Task::performTask):
        (WebCore::ScriptExecutionContext::AddConsoleMessageTask::AddConsoleMessageTask):
        * dom/StringCallback.cpp:
        (WebCore::StringCallback::scheduleCallback):
        * fileapi/FileReader.cpp:
        (WebCore::delayedAbort):
        (WebCore::FileReader::abort):
        (WebCore::FileReader::doAbort): Deleted.
        * loader/WorkerThreadableLoader.cpp:
        (WebCore::WorkerThreadableLoader::MainThreadBridge::mainThreadCreateLoader):
        (WebCore::WorkerThreadableLoader::MainThreadBridge::mainThreadDestroy):
        (WebCore::WorkerThreadableLoader::MainThreadBridge::mainThreadCancel):
        (WebCore::workerGlobalScopeDidSendData):
        (WebCore::workerGlobalScopeDidReceiveResponse):
        (WebCore::workerGlobalScopeDidReceiveData):
        (WebCore::workerGlobalScopeDidFinishLoading):
        (WebCore::workerGlobalScopeDidFail):
        (WebCore::workerGlobalScopeDidFailAccessControlCheck):
        (WebCore::workerGlobalScopeDidFailRedirectCheck):
        * loader/WorkerThreadableLoader.h:
        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::postListenerTask):
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::crossThreadRemoveRequestFromCache):
        (WebCore::MemoryCache::crossThreadRemoveRequestFromSessionCaches):
        * loader/cache/MemoryCache.h:
        * workers/DefaultSharedWorkerRepository.cpp:
        (WebCore::SharedWorkerProxy::postExceptionToWorkerObject):
        (WebCore::SharedWorkerProxy::postConsoleMessageToWorkerObject):
        (WebCore::SharedWorkerConnectTask::SharedWorkerConnectTask):
        * workers/WorkerEventQueue.cpp:
        (WebCore::WorkerEventQueue::enqueueEvent):
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::close):
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::postMessageToWorkerObject):
        (WebCore::WorkerMessagingProxy::postMessageToWorkerGlobalScope):
        (WebCore::WorkerMessagingProxy::postExceptionToWorkerObject):
        (WebCore::WorkerMessagingProxy::postConsoleMessageToWorkerObject):
        (WebCore::WorkerMessagingProxy::workerObjectDestroyed):
        (WebCore::WorkerMessagingProxy::notifyNetworkStateChange):
        (WebCore::WorkerMessagingProxy::connectToInspector):
        (WebCore::WorkerMessagingProxy::disconnectFromInspector):
        (WebCore::WorkerMessagingProxy::sendMessageToInspector):
        (WebCore::WorkerMessagingProxy::workerGlobalScopeDestroyed):
        (WebCore::WorkerMessagingProxy::workerGlobalScopeClosed):
        (WebCore::WorkerMessagingProxy::postMessageToPageInspector):
        (WebCore::WorkerMessagingProxy::confirmMessageFromWorkerObject):
        (WebCore::WorkerMessagingProxy::reportPendingActivity):
        * workers/WorkerRunLoop.cpp:
        (WebCore::WorkerRunLoop::Task::performTask):
        * workers/WorkerScriptLoader.cpp:
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::stop):
        (WebCore::WorkerThread::releaseFastMallocFreeMemoryInAllThreads):

2014-06-16  Zan Dobersek  <zdobersek@igalia.com>

        Page::findStringMatchingRanges() should take Vector<RefPtr<Range>> by reference instead of pointer
        https://bugs.webkit.org/show_bug.cgi?id=133677

        Reviewed by Anders Carlsson.

        * WebCore.exp.in: Update the changed symbol.
        * page/Page.cpp:
        (WebCore::Page::findStringMatchingRanges): The method expects the matchRanges parameter to be non-null,
        so it should take in that parameter by reference instead of pointer.
        * page/Page.h:

2014-06-16  Radu Stavila  <stavila@adobe.com>

        REGRESSION (r168046): Incorrect layout for multicol spanners when moving from one thread to another
        https://bugs.webkit.org/show_bug.cgi?id=133589

        Reviewed by Antti Koivisto.

        When a spanner is moved from a multicol thread to another, its placeholder
        must be properly repositioned.

        Test: fast/multicol/newmulticol/spanner-crash.html

        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted):

2014-06-16  Mario Sanchez Prada  <mario.prada@samsung.com>

        [ATK] Missing 'selection-changed' signal when navigating a combo box with keyboard
        https://bugs.webkit.org/show_bug.cgi?id=133512

        Reviewed by Chris Fleizach.

        Make sure that AccessibilityMenuList objects update their active
        option when it changes, which will send a platform-dependent
        accessibility-related notification when needed.

        Test: accessibility/combo-box-collapsed-selection-changed.html

        * rendering/RenderMenuList.cpp:
        (RenderMenuList::didUpdateActiveOption): Keep the out-of-bounds
        check for the index passed but don't avoid updating the option for
        the associated AccessibilityMenuList object if the selected list
        item does not have a renderer, because that could be the case for
        cases where the popup (and its elements) would be rendered in the
        UI Process (e.g. GTK+ port uses GtkMenu and GtkMenuItem for that).

        * accessibility/AccessibilityMenuList.cpp:
        (WebCore::AccessibilityMenuList::didUpdateActiveOption): Ensure
        that the AccessibilityMenuListPopup object for a given menu list
        has accessibility children before updating its active option.

2014-06-16  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r170003.
        https://bugs.webkit.org/show_bug.cgi?id=133938

        This patch broke GTK build (Requested by kczech on #webkit).

        Reverted changeset:

        "[EFL] Platform support for WebSpeech feature."
        https://bugs.webkit.org/show_bug.cgi?id=116438
        http://trac.webkit.org/changeset/170003

2014-06-16  Frédéric Wang  <fred.wang@free.fr>

        Draw radicals with glyphs for better rendering.
        https://bugs.webkit.org/show_bug.cgi?id=119038

        Unreviewed ASSERT fix.

        * rendering/mathml/RenderMathMLRoot.h:

2014-06-16  Frédéric Wang  <fred.wang@free.fr>

        Draw radicals with glyphs for better rendering
        https://bugs.webkit.org/show_bug.cgi?id=119038

        Reviewed by Chris Fleizach.

        We rewrite RenderMathMLRoot in order to fix bugs with SVG transforms and dynamic modification of children and allow drawing with an OpenType MATH table.
        The drawing of the radical sign (without the top bar) is now moved to a RenderMathMLRadicalOperator class inheriting from RenderMathMLOperator.
        This class fallbacks to the original drawing with graphic primitives if an OpenType MATH table is not available.

        Tests: mathml/opentype/roots-LatinModern.html
               mathml/presentation/mroot-transform.html

        * CMakeLists.txt: add files to build system.
        * WebCore.vcxproj/WebCore.vcxproj: ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: ditto.
        * WebCore.xcodeproj/project.pbxproj: ditto
        * css/mathml.css: remove rules for msqrt/mroot. The "script level" in mroot is not incremented by 2 as specified in the spec.
        (math, mrow, mfenced, merror, mphantom, mstyle, menclose):
        (mroot > *:last-child):
        (math, mrow, mfenced, msqrt, mroot, merror, mphantom, mstyle, menclose): Deleted.
        (msqrt > *): Deleted.
        (mroot): Deleted. This rule was causing bug 126516.
        (mroot > * + *): Deleted.
        * rendering/RenderObject.h: Add two new isRenderMathML* functions for dynamic casting.
        (WebCore::RenderObject::isRenderMathMLRadicalOperator):
        (WebCore::RenderObject::isRenderMathMLRootWrapper):
        * rendering/mathml/RenderMathMLOperator.cpp: Accept a set of operator dictionary flags, all disabled by default. This is to allow anonymous radicas, which don't have any flag.
        isFencedOperator() is now replaced with the more general isAnonymous() since we allow anonymous radical operator fors msqrt/mroot.
        (WebCore::RenderMathMLOperator::RenderMathMLOperator):
        (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
        (WebCore::RenderMathMLOperator::setOperatorPropertiesFromOpDictEntry):
        (WebCore::RenderMathMLOperator::SetOperatorProperties):
        (WebCore::RenderMathMLOperator::updateTokenContent):
        * rendering/mathml/RenderMathMLOperator.h: Allow class to be overriden, redefine the anonymous constructor, remove isFencedOperator().
        * rendering/mathml/RenderMathMLRadicalOperator.cpp: Added.
        (WebCore::RenderMathMLRadicalOperator::RenderMathMLRadicalOperator):
        (WebCore::RenderMathMLRadicalOperator::stretchTo):
        (WebCore::RenderMathMLRadicalOperator::SetOperatorProperties):
        (WebCore::RenderMathMLRadicalOperator::computePreferredLogicalWidths):
        (WebCore::RenderMathMLRadicalOperator::computeLogicalHeight):
        (WebCore::RenderMathMLRadicalOperator::paint):
        (WebCore::RenderMathMLRadicalOperator::trailingSpaceError):
        * rendering/mathml/RenderMathMLRadicalOperator.h: Added.
        * rendering/mathml/RenderMathMLRoot.cpp: Rewritten. Some parts to use graphic primitives are moved to RenderMathMLRadicalOperator.cpp.
        (WebCore::RenderMathMLRoot::RenderMathMLRoot):
        (WebCore::RenderMathMLRoot::baseWrapper):
        (WebCore::RenderMathMLRoot::radicalWrapper):
        (WebCore::RenderMathMLRoot::indexWrapper):
        (WebCore::RenderMathMLRoot::radicalOperator):
        (WebCore::RenderMathMLRoot::restructureWrappers):
        (WebCore::RenderMathMLRoot::addChild):
        (WebCore::RenderMathMLRoot::styleDidChange):
        (WebCore::RenderMathMLRoot::updateFromElement):
        (WebCore::RenderMathMLRoot::updateStyle):
        (WebCore::RenderMathMLRoot::firstLineBaseline):
        (WebCore::RenderMathMLRoot::layout):
        (WebCore::RenderMathMLRoot::paint):
        (WebCore::RenderMathMLRootWrapper::createAnonymousWrapper):
        (WebCore::RenderMathMLRootWrapper::removeChildWithoutRestructuring):
        (WebCore::RenderMathMLRootWrapper::removeChild):
        (WebCore::RenderMathMLRoot::paddingTop): Deleted.
        (WebCore::RenderMathMLRoot::paddingBottom): Deleted.
        (WebCore::RenderMathMLRoot::paddingLeft): Deleted.
        (WebCore::RenderMathMLRoot::paddingRight): Deleted.
        (WebCore::RenderMathMLRoot::paddingBefore): Deleted.
        (WebCore::RenderMathMLRoot::paddingAfter): Deleted.
        (WebCore::RenderMathMLRoot::paddingStart): Deleted.
        (WebCore::RenderMathMLRoot::paddingEnd): Deleted.
        (WebCore::RenderMathMLRoot::index): Deleted.
        * rendering/mathml/RenderMathMLRoot.h: Rewritten.
        (WebCore::RenderMathMLRootWrapper::RenderMathMLRootWrapper):

2014-06-16  Krzysztof Czech  <k.czech@samsung.com>

        [EFL] Platform support for WebSpeech feature.
        https://bugs.webkit.org/show_bug.cgi?id=116438

        Reviewed by Gyuyoung Kim.

        It's a first step of adding support for Speech Synthesis in EFL port.
        Just stub out required API and support for compilation.

        * CMakeLists.txt:
        * PlatformEfl.cmake:
        * platform/PlatformSpeechSynthesizer.h:
        * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp: Added.
        (WebCore::PlatformSpeechSynthesisProviderEfl::PlatformSpeechSynthesisProviderEfl):
        (WebCore::PlatformSpeechSynthesisProviderEfl::~PlatformSpeechSynthesisProviderEfl):
        (WebCore::PlatformSpeechSynthesisProviderEfl::initializeVoiceList):
        (WebCore::PlatformSpeechSynthesisProviderEfl::pause):
        (WebCore::PlatformSpeechSynthesisProviderEfl::resume):
        (WebCore::PlatformSpeechSynthesisProviderEfl::speak):
        (WebCore::PlatformSpeechSynthesisProviderEfl::cancel):
        * platform/efl/PlatformSpeechSynthesisProviderEfl.h: Added.
        * platform/efl/PlatformSpeechSynthesizerEfl.cpp: Added.
        (WebCore::PlatformSpeechSynthesizer::PlatformSpeechSynthesizer):
        (WebCore::PlatformSpeechSynthesizer::~PlatformSpeechSynthesizer):
        (WebCore::PlatformSpeechSynthesizer::initializeVoiceList):
        (WebCore::PlatformSpeechSynthesizer::pause):
        (WebCore::PlatformSpeechSynthesizer::resume):
        (WebCore::PlatformSpeechSynthesizer::speak):
        (WebCore::PlatformSpeechSynthesizer::cancel):

2014-06-15  Benjamin Poulain  <benjamin@webkit.org>

        CSS JIT: add support for the :lang() pseudo class
        https://bugs.webkit.org/show_bug.cgi?id=133913

        Reviewed by Andreas Kling.

        The selector is already very expensive to begin with, just implement it with
        a function call.

        It is also done after every other filter since it is so inefficient.

        Tests: fast/selectors/lang-conflict.html
               fast/selectors/lang-empty.html
               fast/selectors/lang-specificity-xml.xhtml
               fast/selectors/lang-specificity.html

        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::checkOne):
        * css/SelectorCheckerTestFunctions.h:
        (WebCore::matchesLangPseudoClass):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorFragment::SelectorFragment):
        (WebCore::SelectorCompiler::addPseudoClassType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsInLanguage):
        * dom/Element.cpp:
        (WebCore::Element::computeInheritedLanguage):
        * dom/ElementData.cpp:
        (WebCore::ElementData::findLanguageAttribute):
        * dom/ElementData.h:

2014-06-15  Anders Carlsson  <andersca@apple.com>

        Add an autorelease() member function to RetainPtr
        https://bugs.webkit.org/show_bug.cgi?id=133929

        Reviewed by Dan Bernstein.

        * bindings/objc/DOM.mm:
        (-[DOMNode renderedImage]):
        (-[DOMRange renderedImageForcingBlackText:renderedImageForcingBlackText:]):
        * bindings/objc/DOMUIKitExtensions.mm:
        (-[DOMHTMLImageElement dataRepresentation:]):
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:]):
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willCacheResponse:]):

2014-06-14  Anders Carlsson  <andersca@apple.com>

        Adopt HTTPHeaderName in ResourceResponseBase
        https://bugs.webkit.org/show_bug.cgi?id=133919

        Reviewed by Sam Weinig.

        * platform/network/HTTPHeaderNames.in:
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::updateHeaderParsedState):
        (WebCore::ResourceResponseBase::setHTTPHeaderField):
        (WebCore::ResourceResponseBase::addHTTPHeaderField):
        (WebCore::ResourceResponseBase::parseCacheControlDirectives):
        (WebCore::ResourceResponseBase::hasCacheValidatorFields):
        (WebCore::parseDateValueInHeader):
        (WebCore::ResourceResponseBase::date):
        (WebCore::ResourceResponseBase::age):
        (WebCore::ResourceResponseBase::expires):
        (WebCore::ResourceResponseBase::lastModified):
        (WebCore::ResourceResponseBase::isAttachment):
        * platform/network/ResourceResponseBase.h:

2014-06-14  Anders Carlsson  <andersca@apple.com>

        Simplify ResourceRequest constructors
        https://bugs.webkit.org/show_bug.cgi?id=133911

        Reviewed by Sam Weinig.

        * platform/network/cf/ResourceRequest.h:
        (WebCore::ResourceRequest::ResourceRequest):

2014-06-14  Benjamin Poulain  <benjamin@webkit.org>

        Fix the ARM64 build

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::addFlagsToElementStyleFromContext):

2014-06-13  Sam Weinig  <sam@webkit.org>

        Store DOM constants directly in the JS object rather than jumping through a custom accessor
        https://bugs.webkit.org/show_bug.cgi?id=133898

        Reviewed by Oliver Hunt.

        Instead of implementing constants as custom accessors that just happen to return a value,
        we now store the constant directly in the HashTableValue array (where the GetValueFunc used
        to be). 
        
        - For the case where the constant is accessed via the static table (still in use for instances 
          and some prototypes), the static lookup function will set the value on the property slot,
          instead of passing a function pointer.
        - For the case where the constant is eagerly reified (most prototypes and all constructors) the
          constant is put directly in the object.

        In micro benchmarks this looks to be around a 4x speedup on the use of DOM constants.

        This also removes support for constant strings in IDL, which we had no uses of.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        Remove code to generate forward declaration of constant accessor functions.

        (GenerateImplementation):
        Remove code to generate implementation of constant accessor functions.

        (GenerateHashTableValueArray):
        Plant the constant directly in the value array.

        * bindings/scripts/IDLParser.pm:
        (parseConstValue):
        Remove support for constant strings.

        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestInterface.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/TestObj.idl:
        Update test results.

2014-06-14  Anders Carlsson  <andersca@apple.com>

        Simplify Document::processHttpEquiv
        https://bugs.webkit.org/show_bug.cgi?id=133910

        Reviewed by Andreas Kling.

        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv):
        * platform/network/HTTPHeaderNames.in:

2014-06-14  Andreas Kling  <akling@apple.com>

        GCController should return FastMalloc memory to the system.
        <https://webkit.org/b/133884>

        Reviewed by Anders Carlsson.

        Speculative test fix; I'm kinda suspecting that some tests are reporting
        more memory used because we did a GC but didn't get around to returning
        free pages to the system yet.

        * bindings/js/GCController.cpp:
        (WebCore::GCController::garbageCollectNow):

2014-06-14  Zan Dobersek  <zdobersek@igalia.com>

        Generate HTTP header names that are required by WebKitWebSrc
        https://bugs.webkit.org/show_bug.cgi?id=133906

        Reviewed by Anders Carlsson.

        WebKitWebSrc implementation sets icy-metadata and transferMode.dlna HTTP headers
        on ResourceRequest objects. The two headers are added to HTTPHeaderNames.in, and
        a small tweak is added to the generator script to avoid the dot in the second
        header's name (which would otherwise generate invalid C++).

        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcStart):
        * platform/network/HTTPHeaderNames.in:
        * platform/network/create-http-header-name-table:

2014-06-14  Anders Carlsson  <andersca@apple.com>

        Replace some uses of ResourceRequestBase::addHTTPHeaderField with setHTTPHeaderField
        https://bugs.webkit.org/show_bug.cgi?id=133907

        Reviewed by Andreas Kling.

        * Modules/websockets/WebSocketHandshake.cpp:
        (WebCore::WebSocketHandshake::clientHandshakeRequest):
        * platform/network/HTTPHeaderNames.in:
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::applyBasicAuthorizationHeader):
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::applyBasicAuthorizationHeader):

2014-06-13  Anders Carlsson  <andersca@apple.com>

        Add a ResourceRequestBase::setHTTPHeaderField overload that takes a HTTPHeaderName
        https://bugs.webkit.org/show_bug.cgi?id=133881

        Reviewed by Sam Weinig.

        * WebCore.exp.in:
        * fileapi/FileReaderLoader.cpp:
        (WebCore::FileReaderLoader::start):
        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::willSendRequest):
        * loader/CrossOriginAccessControl.cpp:
        (WebCore::createAccessControlPreflightRequest):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::addExtraFieldsToRequest):
        * loader/PingLoader.cpp:
        (WebCore::PingLoader::loadImage):
        (WebCore::PingLoader::sendPing):
        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::createResourceHandle):
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::load):
        * page/EventSource.cpp:
        (WebCore::EventSource::connect):
        * platform/network/BlobResourceHandle.cpp:
        (WebCore::BlobResourceHandle::doStart):
        * platform/network/HTTPHeaderNames.in:
        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::httpHeaderField):
        (WebCore::ResourceRequestBase::setHTTPHeaderField):
        (WebCore::ResourceRequestBase::httpContentType):
        (WebCore::ResourceRequestBase::setHTTPContentType):
        (WebCore::ResourceRequestBase::httpReferrer):
        (WebCore::ResourceRequestBase::setHTTPReferrer):
        (WebCore::ResourceRequestBase::httpOrigin):
        (WebCore::ResourceRequestBase::setHTTPOrigin):
        (WebCore::ResourceRequestBase::httpUserAgent):
        (WebCore::ResourceRequestBase::setHTTPUserAgent):
        (WebCore::ResourceRequestBase::httpAccept):
        (WebCore::ResourceRequestBase::setHTTPAccept):
        * platform/network/ResourceRequestBase.h:
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::willSendRequest):

2014-06-14  Simon Fraser  <simon.fraser@apple.com>

        Masks disappear when layers become tiled
        https://bugs.webkit.org/show_bug.cgi?id=133892
        <rdar://problem/17309793>

        Reviewed by Tim Horton.
        
        There were several problems with tiled mask layers.
        
        First, when a layer became tiled it failed to re-apply the platform layer
        for its mask; fixed by adding MaskLayerChanged to the set of flags in
        swapFromOrToTiledLayer().
        
        Secondly, in CA, a mask layer's superlayer is the layer which is it masking,
        so the if (oldLayer->superlayer())... code in swapFromOrToTiledLayer() would
        erroneously try to swap out a sublayer on the superlayer with the mask.
        
        Thirdly, the mask layer is updated after its host layer, but when the mask layer
        become tiled, there was no code that updated the mask platform layer on its
        host layer. Fix by:
            1. setting a bit on a layer to note that it's being used as a mask.
            2. setting the parent of such a layer to its host layer (mimicking CA)
            3. when the mask becomes tiled, dirtying the MaskLayerChanged bit on
               its parent and adding a clause to commitLayerChangesAfterSublayers()
               to update the mask layer.
        
        Finally, ASSERTION FAILED: owningGraphicsLayer()->isCommittingChanges() would
        fire because we failed to set the m_isCommittingChanges flag while committing
        the mask layer. Fix by moving the TemporaryChange<bool> that sets this flag
        into commitLayerChangesBeforeSublayers() and commitLayerChangesAfterSublayers().
        
        Also used safe casts in more places in GraphicsLayerCA.

        Tests: compositing/masks/become-tiled-mask.html
               compositing/masks/cease-tiled-mask.html
               compositing/masks/tiled-mask.html

        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::GraphicsLayer):
        (WebCore::GraphicsLayer::removeFromParent):
        (WebCore::GraphicsLayer::setMaskLayer):
        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::setIsMaskLayer):
        (WebCore::GraphicsLayer::isMaskLayer):
        (WebCore::GraphicsLayer::setMaskLayer): Deleted.
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::removeFromParent):
        (WebCore::GraphicsLayerCA::setMaskLayer):
        (WebCore::GraphicsLayerCA::recursiveVisibleRectChangeRequiresFlush):
        (WebCore::GraphicsLayerCA::recursiveCommitChanges):
        (WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers):
        (WebCore::GraphicsLayerCA::commitLayerChangesAfterSublayers):
        (WebCore::GraphicsLayerCA::updateSublayerList):
        (WebCore::GraphicsLayerCA::ensureStructuralLayer):
        (WebCore::GraphicsLayerCA::updateMaskLayer):
        (WebCore::GraphicsLayerCA::replicatedLayerRoot):
        (WebCore::GraphicsLayerCA::createFilterAnimationsFromKeyframes):
        (WebCore::GraphicsLayerCA::swapFromOrToTiledLayer):
        (WebCore::GraphicsLayerCA::propagateLayerChangeToReplicas):
        (WebCore::GraphicsLayerCA::fetchCloneLayers):

2014-06-14  peavo@outlook.com  <peavo@outlook.com>

        [Curl] Compile errors related to http headers.
        https://bugs.webkit.org/show_bug.cgi?id=133901

        Reviewed by Brent Fulgham.

        Http headers should now be specified with an enum, not a string.

        * platform/network/curl/CurlCacheEntry.cpp:
        (WebCore::CurlCacheEntry::parseResponseHeaders):
        * platform/network/curl/MultipartHandle.cpp:
        (WebCore::MultipartHandle::didReceiveResponse):

2014-06-14  Brent Fulgham  <bfulgham@apple.com>

        Unreviewed build fix after r169960.

        * platform/graphics/ca/PlatformCALayer.cpp: Add missing include
        for snprintf on Windows.

2014-06-14  Csaba Osztrogonác  <ossy@webkit.org>

        URTBF after r169943 and r169946.

        * platform/network/HTTPHeaderMap.h: Removed maybe accidental deletion of the only one add function.
        * platform/network/HTTPHeaderNames.in: Added Sec-WebSocket-Key.

2014-06-14  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r169963.
        https://bugs.webkit.org/show_bug.cgi?id=133899

        Assertion in mathml/roots-removeChild.html (Requested by fredw
        on #webkit).

        Reverted changeset:

        "Draw radicals with glyphs for better rendering"
        https://bugs.webkit.org/show_bug.cgi?id=119038
        http://trac.webkit.org/changeset/169963

2014-06-14  Frédéric Wang  <fred.wang@free.fr>

        Draw radicals with glyphs for better rendering
        https://bugs.webkit.org/show_bug.cgi?id=119038

        Reviewed by Chris Fleizach.

        We rewrite RenderMathMLRoot in order to fix bugs with SVG transforms and dynamic modification of children and allow drawing with an OpenType MATH table.
        The drawing of the radical sign (without the top bar) is now moved to a RenderMathMLRadicalOperator class inheriting from RenderMathMLOperator.
        This class fallbacks to the original drawing with graphic primitives if an OpenType MATH table is not available.

        Tests: mathml/opentype/roots-LatinModern.html
               mathml/presentation/mroot-transform.html

        * CMakeLists.txt: add files to build system.
        * WebCore.vcxproj/WebCore.vcxproj: ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: ditto.
        * WebCore.xcodeproj/project.pbxproj: ditto
        * css/mathml.css: remove rules for msqrt/mroot. The "script level" in mroot is not incremented by 2 as specified in the spec.
        (math, mrow, mfenced, merror, mphantom, mstyle, menclose):
        (mroot > *:last-child):
        (math, mrow, mfenced, msqrt, mroot, merror, mphantom, mstyle, menclose): Deleted.
        (msqrt > *): Deleted.
        (mroot): Deleted. This rule was causing bug 126516.
        (mroot > * + *): Deleted.
        * rendering/RenderObject.h: Add two new isRenderMathML* functions for dynamic casting.
        (WebCore::RenderObject::isRenderMathMLRadicalOperator):
        (WebCore::RenderObject::isRenderMathMLRootWrapper):
        * rendering/mathml/RenderMathMLOperator.cpp: Accept a set of operator dictionary flags, all disabled by default. This is to allow anonymous radicas, which don't have any flag.
        isFencedOperator() is now replaced with the more general isAnonymous() since we allow anonymous radical operator fors msqrt/mroot.
        (WebCore::RenderMathMLOperator::RenderMathMLOperator):
        (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
        (WebCore::RenderMathMLOperator::setOperatorPropertiesFromOpDictEntry):
        (WebCore::RenderMathMLOperator::SetOperatorProperties):
        (WebCore::RenderMathMLOperator::updateTokenContent):
        * rendering/mathml/RenderMathMLOperator.h: Allow class to be overriden, redefine the anonymous constructor, remove isFencedOperator().
        * rendering/mathml/RenderMathMLRadicalOperator.cpp: Added.
        (WebCore::RenderMathMLRadicalOperator::RenderMathMLRadicalOperator):
        (WebCore::RenderMathMLRadicalOperator::stretchTo):
        (WebCore::RenderMathMLRadicalOperator::SetOperatorProperties):
        (WebCore::RenderMathMLRadicalOperator::computePreferredLogicalWidths):
        (WebCore::RenderMathMLRadicalOperator::computeLogicalHeight):
        (WebCore::RenderMathMLRadicalOperator::paint):
        (WebCore::RenderMathMLRadicalOperator::trailingSpaceError):
        * rendering/mathml/RenderMathMLRadicalOperator.h: Added.
        * rendering/mathml/RenderMathMLRoot.cpp: Rewritten. Some parts to use graphic primitives are moved to RenderMathMLRadicalOperator.cpp.
        (WebCore::RenderMathMLRoot::RenderMathMLRoot):
        (WebCore::RenderMathMLRoot::baseWrapper):
        (WebCore::RenderMathMLRoot::radicalWrapper):
        (WebCore::RenderMathMLRoot::indexWrapper):
        (WebCore::RenderMathMLRoot::radicalOperator):
        (WebCore::RenderMathMLRoot::restructureWrappers):
        (WebCore::RenderMathMLRoot::addChild):
        (WebCore::RenderMathMLRoot::styleDidChange):
        (WebCore::RenderMathMLRoot::updateFromElement):
        (WebCore::RenderMathMLRoot::updateStyle):
        (WebCore::RenderMathMLRoot::firstLineBaseline):
        (WebCore::RenderMathMLRoot::layout):
        (WebCore::RenderMathMLRoot::paint):
        (WebCore::RenderMathMLRootWrapper::createAnonymousWrapper):
        (WebCore::RenderMathMLRootWrapper::removeChildWithoutRestructuring):
        (WebCore::RenderMathMLRootWrapper::removeChild):
        (WebCore::RenderMathMLRoot::paddingTop): Deleted.
        (WebCore::RenderMathMLRoot::paddingBottom): Deleted.
        (WebCore::RenderMathMLRoot::paddingLeft): Deleted.
        (WebCore::RenderMathMLRoot::paddingRight): Deleted.
        (WebCore::RenderMathMLRoot::paddingBefore): Deleted.
        (WebCore::RenderMathMLRoot::paddingAfter): Deleted.
        (WebCore::RenderMathMLRoot::paddingStart): Deleted.
        (WebCore::RenderMathMLRoot::paddingEnd): Deleted.
        (WebCore::RenderMathMLRoot::index): Deleted.
        * rendering/mathml/RenderMathMLRoot.h: Rewritten.
        (WebCore::RenderMathMLRootWrapper::RenderMathMLRootWrapper):

2014-06-13  Brent Fulgham  <bfulgham@apple.com>

        Move utility functions from WebLayer to PlatformCALayer
        https://bugs.webkit.org/show_bug.cgi?id=133887
        <rdar://problem/17309622>

        Reviewed by Simon Fraser.

        Move some utility functions from WebLayer.h/.mm to PlatformCALayer.
        Provide ObjC implementation in PlatformCALayerMac. A future patch will
        provide corresponding Windows versions.

        * WebCore.exp.in:
        * platform/graphics/ca/PlatformCALayer.cpp:
        (WebCore::PlatformCALayer::drawRepaintIndicator):
        * platform/graphics/ca/PlatformCALayer.h:
        * platform/graphics/ca/TileController.cpp:
        (WebCore::TileController::blankPixelCountForTiles):
        * platform/graphics/ca/TileGrid.cpp:
        (WebCore::TileGrid::platformCALayerPaintContents):
        * platform/graphics/ca/mac/PlatformCALayerMac.mm:
        (PlatformCALayer::collectRectsToPaint):
        (PlatformCALayer::drawLayerContents):
        (PlatformCALayer::frameForLayer):
        * platform/graphics/mac/WebLayer.h:
        * platform/graphics/mac/WebLayer.mm:
        (-[WebLayer drawInContext:]):
        (WebCore::collectRectsToPaint): Deleted.
        (WebCore::drawLayerContents): Deleted.
        (WebCore::drawRepaintIndicator): Deleted.
        (WebCore::frameForLayer): Deleted.

2014-06-13  Alex Christensen  <achristensen@webkit.org>

        Unreviewed disabling css jit on armv7.  It's not quite ready yet.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::modulo):
        Removed extra comma.

2014-06-13  Alex Christensen  <achristensen@webkit.org>

        Make css jit compile on armv7.
        https://bugs.webkit.org/show_bug.cgi?id=133889

        Reviewed by Benjamin Poulain.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::moduloHelper):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::modulo):
        Implement modulo using a function call for now.

2014-06-13  Anders Carlsson  <andersca@apple.com>

        Use the callOnMainThread version that takes an std::function in BlobResourceHandle::start()
        https://bugs.webkit.org/show_bug.cgi?id=133886

        Reviewed by Andreas Kling.

        Also replace a couple of NSAutoreleasePools with @autoreleasepool and an OwnPtr with an std::unique_ptr.

        * page/scrolling/mac/ScrollingThreadMac.mm:
        (WebCore::ScrollingThread::threadRunLoopSourceCallback):
        * platform/mac/SharedTimerMac.mm:
        (WebCore::PowerObserver::PowerObserver):
        (WebCore::timerFired):
        (WebCore::setSharedTimerFireInterval):
        (WebCore::PowerObserver::create): Deleted.
        (WebCore::PowerObserver::didReceiveSystemPowerNotification): Deleted.
        * platform/network/BlobResourceHandle.cpp:
        (WebCore::BlobResourceHandle::start):
        (WebCore::delayedStartBlobResourceHandle): Deleted.
        * platform/network/BlobResourceHandle.h:

2014-06-12  Sam Weinig  <sam@webkit.org>

        Constructors should eagerly reify their properties too
        https://bugs.webkit.org/show_bug.cgi?id=133822

        Reviewed by Andreas Kling.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateConstructorDeclaration):
        Constructors should never need to use the lazy property HashTable, so we can just
        remove its getOwnPropertySlot completely.

        (ConstructorHasProperties):
        Add helper to determine if we need to reify any properties.

        (GenerateConstructorHelperMethods):
        Reify if needed, and remove the implementation of getOwnPropertySlot.

        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.h:
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        * bindings/scripts/test/JS/JSTestEventTarget.h:
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestException.h:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestInterface.h:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        * bindings/scripts/test/JS/JSTestNamedConstructor.h:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestNode.h:
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        * bindings/scripts/test/JS/JSTestNondeterministic.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.h:
        * bindings/scripts/test/JS/JSattribute.cpp:
        * bindings/scripts/test/JS/JSattribute.h:
        * bindings/scripts/test/JS/JSreadonly.cpp:
        * bindings/scripts/test/JS/JSreadonly.h:
        Update tests.

2014-06-13  Alex Christensen  <achristensen@webkit.org>

        Make css jit allocator smarter.
        https://bugs.webkit.org/show_bug.cgi?id=133834

        Reviewed by Benjamin Poulain.

        * cssjit/RegisterAllocator.h:
        (WebCore::RegisterAllocator::allocateRegister):
        (WebCore::RegisterAllocator::deallocateRegister):
        (WebCore::RegisterAllocator::reserveCalleeSavedRegisters):
        (WebCore::LocalRegister::LocalRegister):
        (WebCore::RegisterAllocator::RegisterAllocator):
        Use a Deque for the registers.  Allocate from the front and deallocate to the back to cycle the register usage.
        (WebCore::RegisterAllocator::allocateRegisterWithPreference):
        (WebCore::LocalRegisterWithPreference::LocalRegisterWithPreference):
        Added the ability to specify that we prefer a certain register if it is available while allocating.
        These functions always return a register.  It is just a different register than preferred if the preferred register is not available.
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeValueExactMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeFunctionCallValueMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsActive):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsHovered):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
        Whenever we are allocating a register for the second argument, we should specify that we 
        prefer to have argumentGPR1 to reduce register swapping when preparing for a function call.
        This cannot be done for argumentGPR0 because elementAddressRegister is argumentGPR0 and it is always allocated.

2014-06-13  Jeremy Jones  <jeremyj@apple.com>

        set setUsesExternalPlaybackWhileExternalScreenIsActive based on fullscreen mode
        https://bugs.webkit.org/show_bug.cgi?id=133829

        Reviewed by Eric Carlson.

        When playing inline and external screen is active, don't use external playback.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        declare updateDisableExternalPlayback()
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer):
        call updateDisableExternalPlayback when player is created
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer):
        call updateDisableExternalPlayback when fullscreen mode changes
        (WebCore::MediaPlayerPrivateAVFoundationObjC::updateDisableExternalPlayback):
        update setUsesExternalPlaybackWhileExternalScreenIsActive based on fullscreen mode

2014-06-13  Brent Fulgham  <bfulgham@apple.com>

        Convert LayerPool and TileCoverageMap from ObjC to C++
        https://bugs.webkit.org/show_bug.cgi?id=133862
        <rdar://problem/17302883>

        Reviewed by Simon Fraser.

        This just moves two ObjC files from the mac subdirectory to the parent and
        revises the project to build them as C++.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/ca/LayerPool.cpp: Copied from platform/graphics/ca/mac/LayerPool.mm.
        * platform/graphics/ca/LayerPool.h: Copied from platform/graphics/ca/mac/LayerPool.h.
        * platform/graphics/ca/TileCoverageMap.cpp: Copied from platform/graphics/ca/mac/TileCoverageMap.mm.
        * platform/graphics/ca/TileCoverageMap.h: Copied from platform/graphics/ca/mac/TileCoverageMap.h.
        * platform/graphics/ca/mac/LayerPool.h: Removed.
        * platform/graphics/ca/mac/LayerPool.mm: Removed.
        * platform/graphics/ca/mac/TileCoverageMap.h: Removed.
        * platform/graphics/ca/mac/TileCoverageMap.mm: Removed.

2014-06-13  Alex Christensen  <achristensen@webkit.org>

        Make css jit compile for armv7.
        https://bugs.webkit.org/show_bug.cgi?id=133596

        Reviewed by Benjamin Poulain.

        * cssjit/FunctionCall.h:
        (WebCore::FunctionCall::swapArguments):
        Implemented for ARM_THUMB2 and removed allocator hack.
        * cssjit/RegisterAllocator.h:
        Added list of ARM_THUMB2 general purpose registers.
        (WebCore::RegisterAllocator::isValidRegister):
        Added ARM register range and corrected ARM64 register range now that r15 is tempRegister.
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::compile):
        Return CannotCompile if compiling fails because of lack of registers.
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generatePrologue):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateEpilogue):
        Implemented for ARM_THUMB2.
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
        Return false if the selector cannot be compiled because of lack of registers.
        (WebCore::SelectorCompiler::SelectorCodeGenerator::addFlagsToElementStyleFromContext):
        Added code using 32-bit operations and used macro assembler for 64-bit operations.
        (WebCore::SelectorCompiler::SelectorCodeGenerator::modulo):
        Implemented for APPLE_ARMV7S, where sdiv is not a template in the assembler.
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributesMatching):
        Use addPtr instead of add64.

2014-06-13  Anders Carlsson  <andersca@apple.com>

        Add a HTTPHeaderMap::get overload that takes an HTTPHeaderName
        https://bugs.webkit.org/show_bug.cgi?id=133877

        Reviewed by Andreas Kling.

        * Modules/websockets/WebSocketHandshake.cpp:
        (WebCore::WebSocketHandshake::serverWebSocketProtocol):
        (WebCore::WebSocketHandshake::serverSetCookie):
        (WebCore::WebSocketHandshake::serverSetCookie2):
        (WebCore::WebSocketHandshake::serverUpgrade):
        (WebCore::WebSocketHandshake::serverConnection):
        (WebCore::WebSocketHandshake::serverWebSocketAccept):
        * WebCore.exp.in:
        * platform/network/HTTPHeaderMap.cpp:
        (WebCore::HTTPHeaderMap::get):
        * platform/network/HTTPHeaderMap.h:
        * platform/network/HTTPHeaderNames.in:
        * plugins/PluginView.cpp:
        (WebCore::PluginView::handlePost):

2014-06-13  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r169939.
        https://bugs.webkit.org/show_bug.cgi?id=133878

        This patch raises assertions on mac (Requested by fredw on
        #webkit).

        Reverted changeset:

        "Draw radicals with glyphs for better rendering"
        https://bugs.webkit.org/show_bug.cgi?id=119038
        http://trac.webkit.org/changeset/169939

2014-06-13  Anders Carlsson  <andersca@apple.com>

        Add a HTTPHeaderMap::set overload that takes a HTTPHeaderName
        https://bugs.webkit.org/show_bug.cgi?id=133874

        Reviewed by Tim Horton.

        * platform/network/HTTPHeaderMap.cpp:
        (WebCore::HTTPHeaderMap::set):
        * platform/network/HTTPHeaderMap.h:
        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::ResourceRequest::doUpdatePlatformHTTPBody):
        * platform/network/mac/ResourceRequestMac.mm:
        (WebCore::ResourceRequest::doUpdatePlatformHTTPBody):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::send):

2014-06-13  Anders Carlsson  <andersca@apple.com>

        Add a HTTPHeaderMap::find overload that takes a HTTPHeaderName
        https://bugs.webkit.org/show_bug.cgi?id=133872

        Reviewed by Andreas Kling.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::responseReceived):
        * platform/network/HTTPHeaderMap.cpp:
        (WebCore::HTTPHeaderMap::get):
        (WebCore::HTTPHeaderMap::find):
        * platform/network/HTTPHeaderMap.h:
        * platform/network/HTTPHeaderNames.in:

2014-06-13  Frédéric Wang  <fred.wang@free.fr>

        Draw radicals with glyphs for better rendering
        https://bugs.webkit.org/show_bug.cgi?id=119038

        Reviewed by Chris Fleizach.

        We rewrite RenderMathMLRoot in order to fix bugs with SVG transforms and dynamic modification of children and allow drawing with an OpenType MATH table.
        The drawing of the radical sign (without the top bar) is now moved to a RenderMathMLRadicalOperator class inheriting from RenderMathMLOperator.
        This class fallbacks to the original drawing with graphic primitives if an OpenType MATH table is not available.

        Tests: mathml/opentype/roots-LatinModern.html
               mathml/presentation/mroot-transform.html

        * CMakeLists.txt: add files to build system.
        * WebCore.vcxproj/WebCore.vcxproj: ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: ditto.
        * WebCore.xcodeproj/project.pbxproj: ditto
        * css/mathml.css: remove rules for msqrt/mroot. The "script level" in mroot is not incremented by 2 as specified in the spec.
        (math, mrow, mfenced, merror, mphantom, mstyle, menclose):
        (mroot > *:last-child):
        (math, mrow, mfenced, msqrt, mroot, merror, mphantom, mstyle, menclose): Deleted.
        (msqrt > *): Deleted.
        (mroot): Deleted. This rule was causing bug 126516.
        (mroot > * + *): Deleted.
        * rendering/RenderObject.h: Add two new isRenderMathML* functions for dynamic casting.
        (WebCore::RenderObject::isRenderMathMLRadicalOperator):
        (WebCore::RenderObject::isRenderMathMLRootWrapper):
        * rendering/mathml/RenderMathMLOperator.cpp: Accept a set of operator dictionary flags, all disabled by default. This is to allow anonymous radicas, which don't have any flag.
        isFencedOperator() is now replaced with the more general isAnonymous() since we allow anonymous radical operator fors msqrt/mroot.
        (WebCore::RenderMathMLOperator::RenderMathMLOperator):
        (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
        (WebCore::RenderMathMLOperator::setOperatorPropertiesFromOpDictEntry):
        (WebCore::RenderMathMLOperator::SetOperatorProperties):
        (WebCore::RenderMathMLOperator::updateTokenContent):
        * rendering/mathml/RenderMathMLOperator.h: Allow class to be overriden, redefine the anonymous constructor, remove isFencedOperator().
        * rendering/mathml/RenderMathMLRadicalOperator.cpp: Added.
        (WebCore::RenderMathMLRadicalOperator::RenderMathMLRadicalOperator):
        (WebCore::RenderMathMLRadicalOperator::stretchTo):
        (WebCore::RenderMathMLRadicalOperator::SetOperatorProperties):
        (WebCore::RenderMathMLRadicalOperator::computePreferredLogicalWidths):
        (WebCore::RenderMathMLRadicalOperator::computeLogicalHeight):
        (WebCore::RenderMathMLRadicalOperator::paint):
        (WebCore::RenderMathMLRadicalOperator::trailingSpaceError):
        * rendering/mathml/RenderMathMLRadicalOperator.h: Added.
        * rendering/mathml/RenderMathMLRoot.cpp: Rewritten. Some parts to use graphic primitives are moved to RenderMathMLRadicalOperator.cpp.
        (WebCore::RenderMathMLRoot::RenderMathMLRoot):
        (WebCore::RenderMathMLRoot::baseWrapper):
        (WebCore::RenderMathMLRoot::radicalWrapper):
        (WebCore::RenderMathMLRoot::indexWrapper):
        (WebCore::RenderMathMLRoot::radicalOperator):
        (WebCore::RenderMathMLRoot::restructureWrappers):
        (WebCore::RenderMathMLRoot::addChild):
        (WebCore::RenderMathMLRoot::styleDidChange):
        (WebCore::RenderMathMLRoot::updateFromElement):
        (WebCore::RenderMathMLRoot::updateStyle):
        (WebCore::RenderMathMLRoot::firstLineBaseline):
        (WebCore::RenderMathMLRoot::layout):
        (WebCore::RenderMathMLRoot::paint):
        (WebCore::RenderMathMLRootWrapper::createAnonymousWrapper):
        (WebCore::RenderMathMLRootWrapper::removeChildWithoutRestructuring):
        (WebCore::RenderMathMLRootWrapper::removeChild):
        (WebCore::RenderMathMLRoot::paddingTop): Deleted.
        (WebCore::RenderMathMLRoot::paddingBottom): Deleted.
        (WebCore::RenderMathMLRoot::paddingLeft): Deleted.
        (WebCore::RenderMathMLRoot::paddingRight): Deleted.
        (WebCore::RenderMathMLRoot::paddingBefore): Deleted.
        (WebCore::RenderMathMLRoot::paddingAfter): Deleted.
        (WebCore::RenderMathMLRoot::paddingStart): Deleted.
        (WebCore::RenderMathMLRoot::paddingEnd): Deleted.
        (WebCore::RenderMathMLRoot::index): Deleted.
        * rendering/mathml/RenderMathMLRoot.h: Rewritten.
        (WebCore::RenderMathMLRootWrapper::RenderMathMLRootWrapper):

2014-06-12  Anders Carlsson  <andersca@apple.com>

        Add overloads of HTTPHeaderMap::find and remove that take enums
        https://bugs.webkit.org/show_bug.cgi?id=133823

        Reviewed by Sam Weinig.

        * WebCore.exp.in:
        Update symbols.

        * WebCore.xcodeproj/project.pbxproj:
        Make HTTPHeaderNames.h private.

        * platform/network/HTTPHeaderMap.cpp:
        (WebCore::HTTPHeaderMap::contains):
        Convert the enum value to a string and call the contains overload that takes a string.

        (WebCore::HTTPHeaderMap::remove):
        Convert the enum value to a string and call the remove overload that takes a string.

        * platform/network/HTTPHeaderMap.h:
        Add new overloads taking HTTPHeaderName and mark the versions taking string literals as deleted.

        * platform/network/HTTPHeaderNames.in:
        Add new header names.

        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::clearHTTPAuthorization):
        (WebCore::ResourceRequestBase::clearHTTPContentType):
        (WebCore::ResourceRequestBase::clearHTTPReferrer):
        (WebCore::ResourceRequestBase::clearHTTPOrigin):
        (WebCore::ResourceRequestBase::clearHTTPUserAgent):
        (WebCore::ResourceRequestBase::clearHTTPAccept):
        Update functions to use HTTPHeaderName enums.

        (WebCore::ResourceRequestBase::isConditional):
        (WebCore::ResourceRequestBase::makeUnconditional):
        Simplify these.

2014-06-13  Jarek Czekalski  <jarekczek@poczta.onet.pl>

        [ATK] Fix text inside "span" block in "a" block was not accessible.
        https://bugs.webkit.org/show_bug.cgi?id=132349

        Reviewed by Mario Sanchez Prada.

        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp: Add link role
          to the list of roles whose objects always expose atk_text interface.

2014-06-13  Alberto Garcia  <berto@igalia.com>

        [GTK] GLContextEGL.cpp: conflicting declaration 'typedef ptrdiff_t GLintptr'
        https://bugs.webkit.org/show_bug.cgi?id=133550

        Reviewed by Gustavo Noronha Silva.

        Cairo includes some definitions from GLX that conflict with the
        ones provided by our GLES2 headers (GLintptr, GLsizeiptr).

        Since GLContextEGL doesn't use any GLX functions we can safely
        disable the inclusion of those functions in that source file.

        * platform/graphics/egl/GLContextEGL.cpp:

2014-06-13  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Grid Layout] Introduce an explicit type for resolved grid positions
        https://bugs.webkit.org/show_bug.cgi?id=131732

        Reviewed by Sergio Villar Senin.

        We were using simple size_t integers to represent resolved grid
        positions in our internal data structures. This change allows us to
        clarify the code, avoid potential off by one mistakes, and move the
        resolving code to a central place.

        A new class GridResolvedPosition has been created and the related
        methods have been moved there from RenderGrid.
        GridSpan is now defined by two GridResolvedPosition, so all the code
        using it has been modified to adapt it to GridResolvedPosition.

        No new tests as it is already covered by current tests
        (fast/css-grid-layout/).

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSGridTemplateAreasValue.cpp:
        (WebCore::stringForPosition):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseGridTemplateAreasRow):
        * css/StyleResolver.cpp:
        (WebCore::createImplicitNamedGridLinesFromGridArea):
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
        (WebCore::RenderGrid::computeNormalizedFractionBreadth):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
        (WebCore::RenderGrid::insertItemIntoGrid):
        (WebCore::RenderGrid::placeItemsOnGrid):
        (WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
        (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
        (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
        (WebCore::RenderGrid::autoPlacementMajorAxisDirection):
        (WebCore::RenderGrid::autoPlacementMinorAxisDirection):
        (WebCore::RenderGrid::gridAreaBreadthForChild):
        (WebCore::RenderGrid::findChildLogicalPosition):
        (WebCore::RenderGrid::explicitGridColumnCount): Deleted.
        (WebCore::RenderGrid::explicitGridRowCount): Deleted.
        (WebCore::isColumnSide): Deleted.
        (WebCore::isStartSide): Deleted.
        (WebCore::RenderGrid::explicitGridSizeForSide): Deleted.
        (WebCore::RenderGrid::resolveGridPositionsFromAutoPlacementPosition): Deleted.
        (WebCore::gridLinesForSide): Deleted.
        (WebCore::implicitNamedGridLineForSide): Deleted.
        (WebCore::isNonExistentNamedLineOrArea): Deleted.
        (WebCore::RenderGrid::adjustGridPositionsFromStyle): Deleted.
        (WebCore::RenderGrid::resolveGridPositionsFromStyle): Deleted.
        (WebCore::RenderGrid::resolveNamedGridLinePositionFromStyle): Deleted.
        (WebCore::RenderGrid::resolveGridPositionFromStyle): Deleted.
        (WebCore::RenderGrid::resolveGridPositionAgainstOppositePosition): Deleted.
        (WebCore::RenderGrid::resolveNamedGridLinePositionAgainstOppositePosition): Deleted.
        (WebCore::firstNamedGridLineBeforePosition): Deleted.
        (WebCore::RenderGrid::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition): Deleted.
        (WebCore::RenderGrid::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition): Deleted.
        * rendering/RenderGrid.h:
        * rendering/style/GridCoordinate.h:
        (WebCore::GridSpan::GridSpan):
        (WebCore::GridSpan::operator==):
        * rendering/style/GridPosition.h:
        (WebCore::GridPosition::adjustGridPositionForRowEndColumnEndSide): Deleted.
        (WebCore::GridPosition::adjustGridPositionForSide): Deleted.
        * rendering/style/GridResolvedPosition.cpp: Added.
        (WebCore::isColumnSide):
        (WebCore::isStartSide):
        (WebCore::explicitGridSizeForSide):
        (WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):
        (WebCore::gridLinesForSide):
        (WebCore::implicitNamedGridLineForSide):
        (WebCore::isNonExistentNamedLineOrArea):
        (WebCore::GridResolvedPosition::adjustGridPositionsFromStyle):
        (WebCore::GridResolvedPosition::resolveGridPositionsFromStyle):
        (WebCore::GridResolvedPosition::resolveNamedGridLinePositionFromStyle):
        (WebCore::GridResolvedPosition::resolveGridPositionFromStyle):
        (WebCore::GridResolvedPosition::resolveGridPositionAgainstOppositePosition):
        (WebCore::GridResolvedPosition::resolveNamedGridLinePositionAgainstOppositePosition):
        (WebCore::firstNamedGridLineBeforePosition):
        (WebCore::GridResolvedPosition::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
        (WebCore::GridResolvedPosition::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
        * rendering/style/GridResolvedPosition.h: Added.
        (WebCore::GridResolvedPosition::adjustGridPositionForRowEndColumnEndSide):
        (WebCore::GridResolvedPosition::adjustGridPositionForSide):
        (WebCore::GridResolvedPosition::GridResolvedPosition):
        (WebCore::GridResolvedPosition::operator++):
        (WebCore::GridResolvedPosition::operator==):
        (WebCore::GridResolvedPosition::operator<):
        (WebCore::GridResolvedPosition::operator>):
        (WebCore::GridResolvedPosition::operator<=):
        (WebCore::GridResolvedPosition::operator>=):
        (WebCore::GridResolvedPosition::toInt):
        (WebCore::GridResolvedPosition::next):

2014-06-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Remove all deprecated API from GObject DOM bindings
        https://bugs.webkit.org/show_bug.cgi?id=133728

        Reviewed by Martin Robinson.

        Remove all deprecated symbols from the GObject DOM bindings,
        keeping the deprecation infraestructure for future API breaks.

        * PlatformGTK.cmake: Remove WebKitDOMDeprecated files from the
        build.
        * bindings/gobject/WebKitDOMDeprecated.cpp: Removed.
        * bindings/gobject/WebKitDOMDeprecated.h: Removed.
        * bindings/gobject/WebKitDOMDeprecated.symbols: Removed.
        * bindings/gobject/webkitdom.symbols: Updated to the current API.
        * bindings/scripts/CodeGeneratorGObject.pm:
        (SkipFunction): Remove exceptions for deprecated API.
        (GetFunctionDeprecationInformation): Ditto.
        (GetEffectiveFunctionName): Ditto.
        * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
        (webkit_dom_test_event_target_dispatch_event): Deleted.
        * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.h:
        * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.symbols:
        * dom/Element.idl: Remove GObject exception.

2014-06-12  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Make <input type=> and <button> elements' decoration subpixel aware.
        https://bugs.webkit.org/show_bug.cgi?id=133812
        <rdar://problem/17286309>

        Reviewed by Simon Fraser.

        Enable <input type=> and <button> decoration painting on subpixel positions.
        The theme size is still integral, but its position is snapped to device pixels.
        Theme's label, the InlineTextBox is already subpixel position aware.
        webkit.org/b/132005 tracks the rest of the themes.

        Not testable.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::boundingBoxForQuads): Keep integral snapping for now.
        * platform/Theme.h:
        (WebCore::Theme::paint):
        (WebCore::Theme::inflateControlPaintRect):
        * platform/mac/ThemeMac.h:
        * platform/mac/ThemeMac.mm:
        (WebCore::inflateRect):
        (WebCore::configureToggleButton):
        (WebCore::sharedRadioCell):
        (WebCore::sharedCheckboxCell):
        (WebCore::paintToggleButton):
        (WebCore::setUpButtonCell):
        (WebCore::button):
        (WebCore::paintButton):
        (WebCore::paintStepper):
        (WebCore::ThemeMac::inflateControlPaintRect):
        (WebCore::ThemeMac::paint):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::addVisualOverflowFromTheme): Keep integral snapping for now.
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::addRegionsVisualOverflowFromTheme): Keep integral snapping for now.
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::paint):
        (WebCore::RenderTheme::adjustRepaintRect):
        * rendering/RenderTheme.h:
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::adjustRepaintRect):

2014-06-12  Brent Fulgham  <bfulgham@apple.com>

        [Win] Avoid fork bomb during build
        https://bugs.webkit.org/show_bug.cgi?id=133837
        <rdar://problem/17296034>

        Reviewed by Tim Horton.

        * WebCore.vcxproj/build-generated-files.sh: Use a reasonable
        default value when the 'num-cpus' script is not available.

2014-06-12  Gavin Barraclough  <barraclough@apple.com>

        Add support for thread/WorkQueue QoS
        https://bugs.webkit.org/show_bug.cgi?id=130688

        Reviewed by Anders Carlson & Simon Fraser.

        WebCore's ScrollingThread should be UserInteractive.

        * page/scrolling/ScrollingThread.cpp:
        (WebCore::ScrollingThread::threadCallback):
            - ScrollingThread should be UserInteractive

2014-06-12  Brent Fulgham  <bfulgham@apple.com>

        [Mac] Build fix after r169919.

        * WebCore.xcodeproj/project.pbxproj: The 'TileController.h' file must be a private header.

2014-06-12  Andy Estes  <aestes@apple.com>

        [Mac] Speculative build fix after r169921.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::destroyRenderers):

2014-06-12  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] Stop observing the sample buffer renderers when destroying them.
        https://bugs.webkit.org/show_bug.cgi?id=133831

        Reviewed by Beth Dakin.

        Release our retain on our AVSampleBufferDisplayLayer and AVSampleBufferAudioRenderer by stopping
        our observation of its properties when removing them from the SourceBufferPrivateAVFObjC object.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::destroyRenderers):

2014-06-12  Brent Fulgham  <bfulgham@apple.com>

        Correct file locations after r169914. These should have been
        in platform/graphics/ca.

        Rubberstamped by Tim Horton.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/ca/TileController.cpp: Copied from platform/graphics/ca/mac/TileController.cpp.
        * platform/graphics/ca/TileController.h: Copied from platform/graphics/ca/mac/TileController.h.
        * platform/graphics/ca/TileGrid.cpp: Copied from platform/graphics/ca/mac/TileGrid.cpp.
        * platform/graphics/ca/TileGrid.h: Copied from platform/graphics/ca/mac/TileGrid.h.
        * platform/graphics/ca/mac/TileController.cpp: Removed.
        * platform/graphics/ca/mac/TileController.h: Removed.
        * platform/graphics/ca/mac/TileGrid.cpp: Removed.
        * platform/graphics/ca/mac/TileGrid.h: Removed.

2014-06-12  Andy Estes  <aestes@apple.com>

        Fix the build after r169913.

        * loader/HistoryController.cpp:
        (WebCore::HistoryController::restoreScrollPositionAndViewState):

2014-06-12  Alex Christensen  <achristensen@webkit.org>

        Collect correct web timing data from CFNetwork.
        https://bugs.webkit.org/show_bug.cgi?id=133824
        <rdar://problem/17273654>

        Reviewed by Simon Fraser.

        Covered by existing web timing tests.

        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::getConnectionTimingData):
        Use _kCFNTimingDataFetchStart as the reference start time key.

2014-06-12  Brent Fulgham  <bfulgham@apple.com>

        Convert TileController and TileGrid from ObjC to C++
        https://bugs.webkit.org/show_bug.cgi?id=133819
        <rdar://problem/17291841>

        Reviewed by Tim Horton.

        Convert TileGrid.mm and TileController.mm into C++ implementations. This required creating a 'frameForLayer'
        wrapper to call the 'frame' method of the CALayer object.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/ca/mac/TileController.cpp: Copied from platform/graphics/ca/mac/TileController.mm.
        (WebCore::TileController::blankPixelCountForTiles):
        * platform/graphics/ca/mac/TileController.mm: Removed.
        * platform/graphics/ca/mac/TileGrid.cpp: Copied from platform/graphics/ca/mac/TileGrid.mm.
        * platform/graphics/ca/mac/TileGrid.h:
        * platform/graphics/ca/mac/TileGrid.mm: Removed.
        * platform/graphics/mac/WebLayer.h:
        * platform/graphics/mac/WebLayer.mm:
        (WebCore::frameForLayer): Wrapper function to hide ObjC call from C++ compilation unit.

2014-06-12  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Fix crash on back/foward swipe
        https://bugs.webkit.org/show_bug.cgi?id=133826
        <rdar://problem/17032752>

        Reviewed by Tim Horton.

        AsyncScrollingCoordinator::frameViewForScrollingNode() would crash with a null root
        state node, because HistoryController::restoreScrollPositionAndViewState() tried
        to restore scroll position (via restoreViewState()) before hooking up the scrolling
        coordinator.
        
        Fix by doing the scrollingCoordinator->frameViewRootLayerDidChange() before
        calling restoreViewState().
        
        Also add a defensive null-check on the root state node in updateScrollPositionAfterAsyncScrollTimerFired().

        * loader/HistoryController.cpp:
        (WebCore::HistoryController::restoreScrollPositionAndViewState):
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewForScrollingNode):

2014-06-12  Anders Carlsson  <andersca@apple.com>

        Add a space after the comma.

        * platform/network/HTTPHeaderMap.cpp:
        (WebCore::HTTPHeaderMap::add):

2014-06-12  Anders Carlsson  <andersca@apple.com>

        Move header value merging to HTTPHeaderMap
        https://bugs.webkit.org/show_bug.cgi?id=133815

        Reviewed by Andreas Kling.

        * platform/network/HTTPHeaderMap.cpp:
        (WebCore::HTTPHeaderMap::set):
        (WebCore::HTTPHeaderMap::add):
        * platform/network/HTTPHeaderMap.h:
        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::addHTTPHeaderField):
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::addHTTPHeaderField):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::setRequestHeaderInternal):

2014-06-12  Anders Carlsson  <andersca@apple.com>

        Add ShapeValue.cpp and move ShapeValue::isImageValid() there
        https://bugs.webkit.org/show_bug.cgi?id=133809

        Reviewed by Antti Koivisto.

        This gets rid of CachedImage.h (and ResourceRequest and friends) from RenderStyle.h.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::shapePropertyValue):
        * css/CSSCrossfadeValue.cpp:
        * css/CSSFilterImageValue.cpp:
        * css/StyleResolver.h:
        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::blendFunc):
        * rendering/ShapeValue.cpp: Added.
        (WebCore::ShapeValue::isImageValid):
        * rendering/shapes/ShapeOutsideInfo.cpp:
        (WebCore::referenceBox):
        (WebCore::ShapeOutsideInfo::computedShape):
        (WebCore::ShapeOutsideInfo::isEnabledFor):
        * rendering/style/ShapeValue.h:
        (WebCore::ShapeValue::type):
        (WebCore::ShapeValue::setImage):
        (WebCore::ShapeValue::ShapeValue):
        (WebCore::ShapeValue::isImageValid): Deleted.

2014-06-12  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Make <select> element's decoration subpixel aware.
        https://bugs.webkit.org/show_bug.cgi?id=133781
        <rdar://problem/17272083>

        Reviewed by Simon Fraser.

        Enable <select> decoration painting on subpixel positions.
        The theme size is still integral, but its position is snapped to device pixels.
        Theme's label, the InlineTextBox is already subpixel position aware.
        webkit.org/b/132005 tracks the rest of the themes.

        Not testable.

        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::paint):
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::paintMenuList):
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::inflateRect):
        (WebCore::RenderThemeMac::adjustRepaintRect):
        (WebCore::RenderThemeMac::paintMenuList):
        (WebCore::RenderThemeMac::progressBarRectForBounds):
        (WebCore::RenderThemeMac::setPopupButtonCellState):
        (WebCore::RenderThemeMac::inflateRect): Deleted.

2014-06-12  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] Crash in MediaSourcePrivateAVFObjC::naturalSize()
        https://bugs.webkit.org/show_bug.cgi?id=133789

        Reviewed by Eric Carlson.

        Add null-check to proctect against being queried for the naturalSize before we have a
        m_mediaSourcePrivate.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::naturalSize):

2014-06-12  Alberto Garcia  <berto@igalia.com>

        [GTK] fails to build with --disable-webgl --disable-accelerated-compositing
        https://bugs.webkit.org/show_bug.cgi?id=131267

        Reviewed by Philippe Normand.

        Add missing headers needed for Float32Array::create().

        * Modules/webaudio/AudioBuffer.cpp:

2014-06-12  Sergio Villar Senin  <svillar@igalia.com>

        [GTK] REGRESSION: application name is not correctly appended to the UA
        https://bugs.webkit.org/show_bug.cgi?id=133793

        Reviewed by Carlos Garcia Campos.

        We must use a blank to separate the default UA provided by WebKitGtk
        from the application name coming from the public API.

        Added an extra test case to the API tests to catch regressions.

        * platform/gtk/UserAgentGtk.cpp:
        (WebCore::standardUserAgent):

2014-06-12  Zan Dobersek  <zdobersek@igalia.com>

        WorkerRunLoop::Task::performTask should take in WorkerGlobalScope* to avoid downcasting
        https://bugs.webkit.org/show_bug.cgi?id=133616

        Reviewed by Andreas Kling.

        * workers/WorkerRunLoop.cpp:
        (WebCore::WorkerRunLoop::Task::performTask): Demand the context parameter to be a pointer
        to WorkerGlobalScope instead of ScriptExecutionContext, avoiding an unnecessary downcast.
        In the future this complete code path should use a reference to WorkerGlobalScope instead
        of a pointer.
        * workers/WorkerRunLoop.h:

2014-06-12  Sergio Villar Senin  <svillar@igalia.com>

        [GTK] Unsupported browser in www.icloud.com
        https://bugs.webkit.org/show_bug.cgi?id=133403

        Reviewed by Martin Robinson.

        We claim to be Safari (among others) to ensure maximum
        compatibility with existing web sites. Valid Safari UA strings do
        always (since Safari 3.0) contain the string "Version/X" before
        the "Safari/X" part. We were wrongly only adding it in very
        specific cases and we were placing it at the wrong position as it
        must precede the "Safari/X" part.

        From now on we unconditionally prepend the "Version/X" string to
        the "Safari/X" part as we always claim to be Safari. This makes
        the NeedsSafariVersion6 quirk invalid. This not only fixes
        "unsupported browser" issues in icloud.com, but also in
        globalforestwatch.com and live.com among many others.

        Apart from that I'm bumping the Safari Version in the UA to 8.0 as
        we're already claiming to be "Safari/538.35"" which corresponds to
        Safari 8 beta.

        * platform/gtk/UserAgentGtk.cpp:
        (WebCore::buildUserAgentString):
        (WebCore::standardUserAgentForURL):

2014-06-12  Pratik Solanki  <psolanki@apple.com>

        Avoid creating a CFData when checking if a resource is file backed
        https://bugs.webkit.org/show_bug.cgi?id=133783

        Reviewed by Andreas Kling.

        Export SharedBuffer::hasPlatformData().

        No new tests because no functional changes.

        * WebCore.exp.in:
        * platform/SharedBuffer.h:

2014-06-11  Myles C. Maxfield  <mmaxfield@apple.com>

        SVGGlyphToPathTranslator ASSERTs when encountering a missing glyph in an SVG font
        https://bugs.webkit.org/show_bug.cgi?id=133528

        Reviewed by Simon Fraser.

        Turns out this assertion is benign. We can take an early out of advance() (which
        is then handled properly by Font::dashesForIntersectionsWithRect()

        Test: svg/custom/skip-underline-missing-glyph.html

        * platform/graphics/mac/FontMac.mm:
        (WebCore::Font::dashesForIntersectionsWithRect): Rather than skip partial results,
        don't skip anything at all to be consistent.
        * rendering/svg/SVGTextRunRenderingContext.cpp:
        (WebCore::SVGGlyphToPathTranslator::advance): Take an early out to avoid an ASSERT.

2014-06-11  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Give WebKitTestRunner a viewport configuration with initial scale=1 for testing
        https://bugs.webkit.org/show_bug.cgi?id=133779

        Reviewed by Benjamin Poulain.

        Add a "testing" viewport configuration with initial scale of 1.

        * WebCore.exp.in:
        * page/ViewportConfiguration.cpp:
        (WebCore::ViewportConfiguration::testingParameters):
        * page/ViewportConfiguration.h:

2014-06-11  Pratik Solanki  <psolanki@apple.com>

        Keep CFDataRefs in SharedBuffer instead of merging them
        https://bugs.webkit.org/show_bug.cgi?id=133775

        Reviewed by Alexey Proskuryakov.

        Instead of merging the CFDataRefs into one buffer, save them in as CFDataRefs in
        SharedBuffer. They will get merged when code calls buffer() later on.

        No new tests because no functional changes.

        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::handleDataArray):

2014-06-11  Alexey Proskuryakov  <ap@apple.com>

        editing/selection/selection-in-iframe-removed-crash.html or selection-invalid-offset.html crashes intermittently
        https://bugs.webkit.org/show_bug.cgi?id=111521
        <rdar://problem/15159351>

        Reviewed by Brady Eidson.

        Covered by existing tests.

        * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::commitData): Bail out if the
        load was canceled from under receivedFirstData(). Since this is where we commit the
        load, there are ample opportunities for scripts or clients to do anything.

2014-06-11  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: RenderBox's content clipping should clip on device pixel boundary.
        https://bugs.webkit.org/show_bug.cgi?id=133767
        <rdar://problem/17272365>

        Reviewed by Simon Fraser.

        Push RenderBox's content clipping to device pixel boundaries. Integral snapping makes
        content cut off prematurely.

        Test: fast/inline-block/hidpi-margin-top-with-subpixel-value-and-overflow-hidden.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::pushContentsClip):

2014-06-11  Anders Carlsson  <andersca@apple.com>

        Remove XHRReplayData::addHeader
        https://bugs.webkit.org/show_bug.cgi?id=133776

        Reviewed by Antti Koivisto.

        Just pass the HTTP header map to XHRReplayData::create directly.

        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::willLoadXHR):
        * inspector/NetworkResourcesData.cpp:
        (WebCore::XHRReplayData::create):
        (WebCore::XHRReplayData::XHRReplayData):
        (WebCore::XHRReplayData::addHeader): Deleted.
        * inspector/NetworkResourcesData.h:

2014-06-11  Andy Estes  <aestes@apple.com>

        Fix the Mac build.

        * WebCore.exp.in: Exported __ZN7WebCore19ResourceRequestBase15setHTTPReferrerERKN3WTF6StringE
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: Moved ivar declarations to @interface to account for the 32-bit legacy runtime.

2014-06-11  Simon Fraser  <simon.fraser@apple.com>

        Make FrameView 8 bytes smaller
        https://bugs.webkit.org/show_bug.cgi?id=133771

        Reviewed by Anders Carlsson.

        m_borderX and m_borderY were historical cruft.

        * page/FrameView.cpp:
        (WebCore::FrameView::reset):
        * page/FrameView.h:

2014-06-11  David Kilzer  <ddkilzer@apple.com>

        WindowFeatures arguments shoud ignore invalid characters in values
        <http://webkit.org/b/133703>
        <rdar://problem/17254118>

        Reviewed by Andy Estes.

        Test: fast/dom/Window/window-property-invalid-characters-ignored.html

        * page/WindowFeatures.cpp:
        (WebCore::WindowFeatures::WindowFeatures): Set |length| based on
        |buffer|, not |features|.  Switch to using a for loop.  Switch
        to unsigned types since we are working with positive offsets
        into a String.

2014-06-11  David Kilzer  <ddkilzer@apple.com>

        Viewport arguments should ignore invalid characters in values
        <http://webkit.org/b/133555>
        <rdar://problem/17179650>

        Reviewed by Daniel Bates.

        Test: fast/viewport/viewport-warnings-7.html

        * dom/Document.cpp:
        (WebCore::Document::processArguments): Set |length| based on
        |buffer|, not |features|.  Switch to using a for loop.  Switch
        to unsigned types since we are working with positive offsets
        into a String.

2014-06-11  Anders Carlsson  <andersca@apple.com>

        Move some HTTP header field accessors to ResourceRequestBase.cpp
        https://bugs.webkit.org/show_bug.cgi?id=133773

        Reviewed by Andreas Kling.

        This will avoid having to include HTTPHeaderNames.h from ResourceRequestBase.h.

        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::httpContentType):
        (WebCore::ResourceRequestBase::setHTTPContentType):
        (WebCore::ResourceRequestBase::httpReferrer):
        (WebCore::ResourceRequestBase::setHTTPReferrer):
        (WebCore::ResourceRequestBase::httpOrigin):
        (WebCore::ResourceRequestBase::setHTTPOrigin):
        (WebCore::ResourceRequestBase::httpUserAgent):
        (WebCore::ResourceRequestBase::setHTTPUserAgent):
        (WebCore::ResourceRequestBase::httpAccept):
        (WebCore::ResourceRequestBase::setHTTPAccept):
        * platform/network/ResourceRequestBase.h:
        (WebCore::ResourceRequestBase::httpContentType): Deleted.
        (WebCore::ResourceRequestBase::setHTTPContentType): Deleted.
        (WebCore::ResourceRequestBase::httpReferrer): Deleted.
        (WebCore::ResourceRequestBase::setHTTPReferrer): Deleted.
        (WebCore::ResourceRequestBase::httpOrigin): Deleted.
        (WebCore::ResourceRequestBase::setHTTPOrigin): Deleted.
        (WebCore::ResourceRequestBase::httpUserAgent): Deleted.
        (WebCore::ResourceRequestBase::setHTTPUserAgent): Deleted.
        (WebCore::ResourceRequestBase::httpAccept): Deleted.
        (WebCore::ResourceRequestBase::setHTTPAccept): Deleted.

2014-06-11  Anders Carlsson  <andersca@apple.com>

        Remove some more unneeded member functions from HTTPHeaderMap
        https://bugs.webkit.org/show_bug.cgi?id=133768

        Reviewed by Simon Fraser.

        * loader/CrossOriginAccessControl.cpp:
        (WebCore::createAccessControlPreflightRequest):
        * platform/network/HTTPHeaderMap.cpp:
        (WebCore::HTTPHeaderMap::find): Deleted.
        (WebCore::HTTPHeaderMap::keys): Deleted.
        * platform/network/HTTPHeaderMap.h:

2014-06-11  Jer Noble  <jer.noble@apple.com>

        Unreviwed Mac release build fix; mark the keyPath parameter as unused.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (-[WebAVSampleBufferErrorListener observeValueForKeyPath:ofObject:change:context:]):

2014-06-11  Brent Fulgham  <bfulgham@apple.com>

        [Win] Avoid deadlock with AVFoundation
        https://bugs.webkit.org/show_bug.cgi?id=133762
        <rdar://problem/17128248>

        Reviewed by Eric Carlson.

        Always invoke our notifications asynchronously so that we do not
        execute long-running code while holding the AVFWrapper map mutex
        lock. AVFoundationCF callbacks can deadlock if we call into AVF
        while holding this lock.


        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::scheduleMainThreadNotification):

2014-06-11  Csaba Osztrogonác  <ossy@webkit.org>

        [CMake] One more URTBF after r169826.

        * CMakeLists.txt: Generate files to the proper place.

2014-06-11  Csaba Osztrogonác  <ossy@webkit.org>

        [CMake]URTBF after r169826.

        * CMakeLists.txt: Typo fix.

2014-06-11  Anders Carlsson  <andersca@apple.com>

        Get rid of an unneeded HTTPHeaderMap::remove overload
        https://bugs.webkit.org/show_bug.cgi?id=133763

        Reviewed by Andreas Kling.

        Change HTTPHeaderMap::remove to return whether an entry was removed or not and simplify
        ResourceRequestBase::clearHTTPAuthorization.

        * platform/network/HTTPHeaderMap.cpp:
        (WebCore::HTTPHeaderMap::remove):
        * platform/network/HTTPHeaderMap.h:
        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::clearHTTPAuthorization):

2014-06-11  Jer Noble  <jer.noble@apple.com>

        [EME][Mac] Propagate errors from AVSampleBufferDisplayLayer through to MSE
        https://bugs.webkit.org/show_bug.cgi?id=133747

        Reviewed by Eric Carlson.

        Abstract out the delivery of errors in MediaKeySession into its own method, which can be triggered by 
        CDMSession objects through the CDMSessionClient interface:
        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::keyRequestTimerFired):
        (WebCore::MediaKeySession::addKeyTimerFired):
        (WebCore::MediaKeySession::sendMessage):
        (WebCore::MediaKeySession::sendError):
        * Modules/encryptedmedia/MediaKeySession.h:
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveRenderingError):
        * Modules/mediasource/SourceBuffer.h:
        * platform/graphics/SourceBufferPrivateClient.h:
        * platform/graphics/CDMSession.h:

        Add an Objective-C object which can listen for error KVO notifications:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
        (WebCore::SourceBufferPrivateAVFObjCErrorClient::~SourceBufferPrivateAVFObjCErrorClient):
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (-[WebAVSampleBufferErrorListener initWithParent:WebCore::]):
        (-[WebAVSampleBufferErrorListener dealloc]):
        (-[WebAVSampleBufferErrorListener invalidate]):
        (-[WebAVSampleBufferErrorListener beginObservingLayer:]):
        (-[WebAVSampleBufferErrorListener stopObservingLayer:]):
        (-[WebAVSampleBufferErrorListener beginObservingRenderer:]):
        (-[WebAVSampleBufferErrorListener stopObservingRenderer:]):
        (-[WebAVSampleBufferErrorListener observeValueForKeyPath:ofObject:change:context:]):
        (-[WebAVSampleBufferErrorListener layerFailedToDecode:]):
        (WebCore::SourceBufferPrivateAVFObjC::SourceBufferPrivateAVFObjC):
        (WebCore::SourceBufferPrivateAVFObjC::trackDidChangeEnabled):
        (WebCore::SourceBufferPrivateAVFObjC::registerForErrorNotifications):
        (WebCore::SourceBufferPrivateAVFObjC::unregisterForErrorNotifications):
        (WebCore::SourceBufferPrivateAVFObjC::layerDidReceiveError):
        (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError):

        Register for the new error notifications:
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h:
        (WebCore::CDMSessionMediaSourceAVFObjC::~CDMSessionMediaSourceAVFObjC): Moved to source file.
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm:
        (WebCore::CDMSessionMediaSourceAVFObjC::CDMSessionMediaSourceAVFObjC): Register for error notifications.
        (WebCore::CDMSessionMediaSourceAVFObjC::~CDMSessionMediaSourceAVFObjC): Unregister for error notifications.
        (WebCore::CDMSessionMediaSourceAVFObjC::layerDidReceiveError): Pass through to CDMSessionClient.
        (WebCore::CDMSessionMediaSourceAVFObjC::rendererDidReceiveError): Ditto.

2014-06-11  Andreas Kling  <akling@apple.com>

        Don't force CharacterData to override getOwnPropertySlot.
        <https://webkit.org/b/133717>

        This was preventing us from taking the GetByVal fast path for Text nodes
        since they inherit from CharacterData and having a "length" attribute
        meant we gave them a custom getOwnPropertySlot, despite not actually
        needing it for anything.

        Reviewed by Anders Carlsson.

        * bindings/scripts/CodeGeneratorJS.pm:
        (AttributeShouldBeOnInstance):

2014-06-11  Anders Carlsson  <andersca@apple.com>

        Add a script that generates a gperf hash for HTTP header names
        https://bugs.webkit.org/show_bug.cgi?id=133760

        Reviewed by Andreas Kling.

        This is the first step towards getting rid of AtomicString from HTTPHeaderMap.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/network/HTTPHeaderNames.in: Added.
        * platform/network/create-http-header-name-table: Added.
        (HTTPHeaderName):

2014-06-11  Brent Fulgham  <bfulgham@apple.com>

        ROLLOUT: r153510: Broke Table borders on Wikipedia
        https://bugs.webkit.org/show_bug.cgi?id=132802
        <rdar://problem/16792562>

        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::paintCollapsedBorders):
        (WebCore::RenderTableCell::alignLeftRightBorderPaintRect): Deleted.
        (WebCore::RenderTableCell::alignTopBottomBorderPaintRect): Deleted.
        * rendering/RenderTableCell.h:

2014-06-11  peavo@outlook.com  <peavo@outlook.com>

        [Curl] Empty headers in request response.
        https://bugs.webkit.org/show_bug.cgi?id=133483

        Reviewed by Brent Fulgham.

        When a request is taken from the cache, its cached response headers are empty, if the cache entry was created in the same session.
        It is only when the cache entry is loaded from disc, that the response headers are properly set.
        We need to set the cached response headers in both cases.
        There is also an issue if two jobs are loading the same url at the same time.
        Both jobs will then write to the cache content file, and create invalid content.
        This can be fixed by only letting the first request write to the content file.

        * platform/network/curl/CurlCacheEntry.cpp:
        (WebCore::CurlCacheEntry::CurlCacheEntry):
        (WebCore::CurlCacheEntry::isLoading): Added method to check if cache entry is loading the content.
        (WebCore::CurlCacheEntry::saveResponseHeaders): Set the cached response headers when response is saved.
        (WebCore::CurlCacheEntry::invalidate): To be on the safe side, close content file when entry is invalidated.
        (WebCore::CurlCacheEntry::parseResponseHeaders): Made parameter const.
        * platform/network/curl/CurlCacheEntry.h: Keep track of which job is creating this cache entry.
        (WebCore::CurlCacheEntry::getJob):
        * platform/network/curl/CurlCacheManager.cpp:
        (WebCore::CurlCacheManager::loadIndex): When cache entry is loaded from disc, there is no associated job.
        (WebCore::CurlCacheManager::didReceiveResponse): Bail out if cache entry is already currently loading,
        otherwise associate this job with the new cache entry.
        (WebCore::CurlCacheManager::didFinishLoading): Changed parameter type.
        (WebCore::CurlCacheManager::isCached): Don't report the url as cached if it's currently loading content.
        (WebCore::CurlCacheManager::didReceiveData): Don't write to the content file if the entry is not associated with the job.
        (WebCore::CurlCacheManager::didFail): Changed parameter type.
        * platform/network/curl/CurlCacheManager.h: Changed parameter type.
        * platform/network/curl/ResourceHandleManager.cpp: Ditto.
        (WebCore::writeCallback):
        (WebCore::ResourceHandleManager::downloadTimerCallback):

2014-06-11  Sam Weinig  <sam@webkit.org>

        REGRESSION (r133705): Layout Test js/dom/webidl-type-mapping.html is failing
        https://bugs.webkit.org/show_bug.cgi?id=133736

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        Turns out we can't remove the HashTable yet after all, as JavaScriptCore
        relies on hasSetterOrReadonlyProperties bit to make put work correctly. We
        can, however, skip creating the table, and just use the value array during
        reification. 

2014-06-11  Chris Fleizach  <cfleizach@apple.com>

        AX: iOS: VoiceOver ignores input type = date in Safari on iOS7
        https://bugs.webkit.org/show_bug.cgi?id=133709

        Reviewed by Mario Sanchez Prada.

        The date field on iOS appears as a popup button, which is not a type we had encountered for <input> types.
        This returns an appropriate role in that case.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):

2014-06-11  Zan Dobersek  <zdobersek@igalia.com>

        Avoid FontGlyphsCacheKey copy in FontGlyphsCacheEntry constructor
        https://bugs.webkit.org/show_bug.cgi?id=133674

        Reviewed by Andreas Kling.

        * platform/graphics/Font.cpp:
        (WebCore::FontGlyphsCacheEntry::FontGlyphsCacheEntry): The FontGlyphsCacheKey
        variable is already passed-in as an rvalue reference, so it should be moved
        into the constructor of the corresponding member variable instead of copied.

2014-06-11  Andy Estes  <aestes@apple.com>

        Fix the build after after r169789 on platforms that build with -Wunused-const-variable

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHashTable): Don't create the value array if it'll never be used.

2014-06-11  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Use a different user agent string depending on the site
        https://bugs.webkit.org/show_bug.cgi?id=132681

        Reviewed by Anders Carlsson.

        We have changed the user agent string several times to try to fix
        broken websites that require specific things in the UA string to
        properly work. But everytime we change the UA string to fix a
        website we break others. We could use different UA string
        depending on the website. UserAgentGtk code has also been cleaned
        up, using NeverDestroyed instead of DEPRECATED_DEFINE_STATIC_LOCAL
        and avoiding unneeded conversions to UTF-8.

        * platform/gtk/UserAgentGtk.cpp:
        (WebCore::UserAgentQuirks::UserAgentQuirks): New helper private
        class to handle user agent quirks.
        (WebCore::UserAgentQuirks::add):
        (WebCore::UserAgentQuirks::contains):
        (WebCore::UserAgentQuirks::isEmpty):
        (WebCore::platformForUAString): Bring back this method that was
        removed to always pretend to be Macintosh.
        (WebCore::platformVersionForUAString): Return a different platform
        version depending on the actual platform.
        (WebCore::versionForUAString): Return the WebKit version.
        (WebCore::buildUserAgentString): Helper function to build the user
        agent taking into account the UserAgentQuirks received.
        (WebCore::standardUserAgentStatic): Standard user agent string
        when no quirks are present.
        (WebCore::standardUserAgent):
        (WebCore::standardUserAgentForURL): New method that returns the
        user agent string for the given URL.
        * platform/gtk/UserAgentGtk.h:

2014-06-11  Alex Christensen  <achristensen@webkit.org>

        [Win] Unreviewed build fix.

        * platform/network/curl/ResourceRequest.h:
        Include missing PassOwnPtr.h.

2014-06-10  Sam Weinig  <sam@webkit.org>

        Actually only generate tables for History and Location.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):

2014-06-10  Sam Weinig  <sam@webkit.org>

        Attempt to fix the tests.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        Keep generating HashTables for History and Location, since they use them in
        their custom getOwnPropertySlot delegates.

2014-06-10  Benjamin Poulain  <benjamin@webkit.org>

        [iOS][WK2] ScrollingTreeOverflowScrollingNode does not use asynchronous touch dispatch
        https://bugs.webkit.org/show_bug.cgi?id=133702

        Reviewed by Simon Fraser.

        * page/scrolling/ScrollingTree.h:
        (WebCore::ScrollingTree::scrollingTreeNodeWillStartPanGesture):

2014-06-10  Benjamin Poulain  <benjamin@webkit.org>

        Reduce the overhead of updating the animatable style on ARMv7
        https://bugs.webkit.org/show_bug.cgi?id=133618

        Reviewed by Simon Fraser.

        While updating the style for animations, most of the time spent was pure calling overhead.

        This patch should reduce this a bit on ARMv7:
        1) Get the frame directly from the document instead of document->view->framview->frame.
        2) Inline RenderObject::animation(). This is just 3 loads, setting up the registers on the call
           site is more expensive than loading the values directly.
        3) Inline RenderElement::setAnimatableStyle(). It has only one call site and the call is mostly
           overhead.

        * css/CSSComputedStyleDeclaration.cpp:
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::setAnimatableStyle): Deleted.
        * rendering/RenderElement.h:
        (WebCore::RenderElement::setAnimatableStyle):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::adjustRectForOutlineAndShadow):
        (WebCore::RenderObject::animation): Deleted.
        * rendering/RenderObject.h:
        (WebCore::RenderObject::animation):
        * rendering/RenderView.h:
        (WebCore::RenderObject::frame):

2014-06-10  Sam Weinig  <sam@webkit.org>

        Don't create a HashTable for JSObjects that use eager reification
        https://bugs.webkit.org/show_bug.cgi?id=133705

        Reviewed by Geoffrey Garen.

        It is unnecessary to create the CompactHashIndex or HashTable for JSObjects
        that use eager reification, since we will never look up properties directly.
        Instead, we can iterate the HashTableValue array directly during reification.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        Only generate the value array for prototypes that use eager reification.

        (GenerateHashTableValueArray):
        Extract out into a helper.

        (GenerateHashTable):
        Add a parameter, $justGenerateValueArray, that if true, means we only
        should generate the value array. 

        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/JS/JSattribute.cpp:
        * bindings/scripts/test/JS/JSreadonly.cpp:

2014-06-10  Chris Fleizach  <cfleizach@apple.com>

        AX: iOS: Return the language for attributed text marker queries
        https://bugs.webkit.org/show_bug.cgi?id=133682

        Reviewed by Mario Sanchez Prada.

        Add language to the list of objects being returned for attributed text.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (AXAttributeStringSetLanguage):
        (AXAttributedStringAppendText):

2014-06-10  Dan Bernstein  <mitz@apple.com>

        WebCore part of [Cocoa] Handling authentication challenges should not require multiple delegate methods
        https://bugs.webkit.org/show_bug.cgi?id=133697

        Reviewed by Anders Carlsson.

        * platform/network/AuthenticationClient.h: Declared new virtual member functions for
        requesting default handling of a challenge and rejecting a challenge.
        * platform/network/ResourceHandle.h: Override new AuthenticationClient functions.
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::receivedRequestToPerformDefaultHandling): Added. Calls
        CFURLConnectionPerformDefaultHandlingForChallenge.
        (WebCore::ResourceHandle::receivedChallengeRejection): Added. Calls
        CFURLConnectionRejectChallenge.
        * platform/network/cf/SocketStreamHandle.h: Override new AuthenticationClient functions.
        * platform/network/cf/SocketStreamHandleCFNet.cpp:
        (WebCore::SocketStreamHandle::receivedRequestToPerformDefaultHandling): Added empty
        override.
        (WebCore::SocketStreamHandle::receivedChallengeRejection): Ditto.

2014-06-09  Brent Fulgham  <bfulgham@apple.com>

        REGRESSION (r167962): Out of bounds read in JSC::StructureIDTable::get()
        https://bugs.webkit.org/show_bug.cgi?id=133463
        <rdar://problem/17098100>

        Reviewed by Geoffrey Garen.

        Revise MediaControllerHost implementation so that instead of holding its
        own pointer to the JS Controller object, it uses new properties added to
        the internal media controls DOM hierarchy. This allows the GC to see the
        needed lifecycle of the various media control objects and avoids the
        premature deallocation that caused this bug.
 
        * Modules/mediacontrols/MediaControlsHost.h:
        (WebCore::MediaControlsHost::controllerJSValue): Deleted.
        (WebCore::MediaControlsHost::setControllerJSValue): Deleted.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::controllerJSValue): Added convenience function
        to share logic for retrieving the controller object.
        (WebCore::HTMLMediaElement::updateCaptionContainer): Revise to use new method
        for accessing the controller.
        (WebCore::HTMLMediaElement::didAddUserAgentShadowRoot): Connect the media
        elements JS wrapper object to the MediaControlsHost JS wrapper. Then connect
        the MediaControlsHost JS wrapper to the Controller JS object.
        (WebCore::HTMLMediaElement::pageScaleFactorChanged): Revise to use new method
        for accessing the controller.

2014-06-10  Myles C. Maxfield  <mmaxfield@apple.com>

        Japanese text in Google search is rendered too low and clipped
        https://bugs.webkit.org/show_bug.cgi?id=133595

        Reviewed by Simon Fraser.

        This is a revert of r155324.

        By forcing line-height to be normal, r155324 was forcing WebKit to inspect font metrics
        to determine the height of a line. This means that if a fallback font was required to
        draw a line of text, and the fallback font had a higher ascent than the primary font,
        the entire line of text would be pushed down. If we don't force line-height to be normal,
        then we use the line-height value instead, which short circuits this mechanism, thereby
        not pushing text down.

        No new tests (because this is simply a revert)

        * css/html.css:
        (input): Deleted.

2014-06-10  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r167937): Do not use effective zoom factor while resolving media query's min-, max-(device)width/height values.
        https://bugs.webkit.org/show_bug.cgi?id=133681

        Reviewed by Simon Fraser.

        We lost the default multiplier(zoom) value of 1 with r167937 at template<typename T> T computeLength().
        Now MediaQueryEvaluator takes the current page zoom factor into account while resolving min-, max- width values.

        This patch explicitly sets the multiplier value to 1 to ensure zoom independent media query value resolving.

        Test: fast/media/media-query-with-scaled-content.html

        * css/CSSToLengthConversionData.cpp:
        (WebCore::CSSToLengthConversionData::viewportWidthFactor):
        (WebCore::CSSToLengthConversionData::viewportHeightFactor):
        * css/CSSToLengthConversionData.h:
        * css/MediaQueryEvaluator.cpp:
        (WebCore::MediaQueryEvaluator::eval):
        * testing/Internals.cpp:
        (WebCore::Internals::setPageZoomFactor):
        * testing/Internals.h:
        * testing/Internals.idl:

2014-06-10  Simon Fraser  <simon.fraser@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=133694

        Revert the part of r169733 that caused this test to start failing.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::notifyIFramesOfCompositingChange):

2014-06-10  Timothy Horton  <timothy_horton@apple.com>

        Factor repeated CFRunLoopObserver code out
        https://bugs.webkit.org/show_bug.cgi?id=133690

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/cf/RunLoopObserver.cpp: Added.
        (WebCore::RunLoopObserver::create):
        (WebCore::RunLoopObserver::~RunLoopObserver):
        (WebCore::RunLoopObserver::runLoopObserverFired):
        (WebCore::RunLoopObserver::schedule):
        (WebCore::RunLoopObserver::invalidate):
        * platform/cf/RunLoopObserver.h: Added.
        (WebCore::RunLoopObserver::isScheduled):
        (WebCore::RunLoopObserver::RunLoopObserver):
        Factor CFRunLoopObserver management code out of LayerFlushScheduler and WebKit2.

        * platform/graphics/ca/LayerFlushScheduler.h:
        * platform/graphics/ca/mac/LayerFlushSchedulerMac.cpp:
        (WebCore::LayerFlushScheduler::LayerFlushScheduler):
        (WebCore::LayerFlushScheduler::~LayerFlushScheduler):
        (WebCore::LayerFlushScheduler::layerFlushCallback):
        (WebCore::LayerFlushScheduler::schedule):
        (WebCore::LayerFlushScheduler::invalidate):
        (WebCore::LayerFlushScheduler::runLoopObserverCallback): Deleted.
        Make use of WebCore::RunLoopObserver.

2014-06-10  Simon Fraser  <simon.fraser@apple.com>

        Modernize loop code in scrolling tree code
        https://bugs.webkit.org/show_bug.cgi?id=133688

        Reviewed by Anders Carlsson.

        Use new loop syntax for walking children.

        * page/scrolling/ScrollingStateNode.cpp:
        (WebCore::ScrollingStateNode::cloneAndResetChildren):
        (WebCore::ScrollingStateNode::removeChild):
        (WebCore::ScrollingStateNode::willBeRemovedFromStateTree):
        (WebCore::ScrollingStateNode::dump):
        * page/scrolling/ScrollingTreeNode.cpp:
        (WebCore::ScrollingTreeNode::removeChild):
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollLayerPosition):

2014-06-10  Anders Carlsson  <andersca@apple.com>

        Add -[WKWebView evaluateJavaScript:completionHandler:]
        https://bugs.webkit.org/show_bug.cgi?id=133689
        <rdar://problem/17152685>

        Reviewed by Geoffrey Garen.

        * English.lproj/Localizable.strings:
        Add new localizable strings.

2014-06-10  Antti Koivisto  <antti@apple.com>

        Serialize ResourceRequests without platform request
        https://bugs.webkit.org/show_bug.cgi?id=133679

        Reviewed by Alexey Proskuryakov.

        We create platform requests in the web process just so we can serialize them. This is unnecessary work.

        * platform/network/ResourceRequestBase.h:
        (WebCore::ResourceRequestBase::encodingRequiresPlatformData):
        (WebCore::ResourceRequestBase::encodeWithoutPlatformData):
        (WebCore::ResourceRequestBase::decodeWithoutPlatformData):
        
            Add encoding and decoding functions here to avoid exposing internals.

        * platform/network/cf/ResourceRequest.h:
        (WebCore::ResourceRequest::encodingRequiresPlatformData):
        
            Allow encoding without platform data if it hasn't been created yet and there is no request body.

2014-06-10  Brady Eidson  <beidson@apple.com>

        Send more context about text selection to telephone number scanner
        <rdar://problem/16874385> and https://bugs.webkit.org/show_bug.cgi?id=133684

        Reviewed by Enrica Casucci.

        * dom/Range.cpp:
        (WebCore::rangesOverlap):Add a utility to check if two ranges overlap.
        * dom/Range.h:
        
        * editing/Editor.cpp:
        (WebCore::Editor::scanSelectionForTelephoneNumbers): Create a range that is wider than the 
          actual selection to search for phone numbers that are not completely selected yet.

2014-06-10  Alex Christensen  <achristensen@webkit.org>

        [iOS] Another unreviewed build fix after r169746.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        Prevent another unused value error.

2014-06-10  Alex Christensen  <achristensen@webkit.org>

        [iOS] Unreviewed build fix after r169746.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::respondToMemoryPressure):
        Protect startTime with !PLATFORM(IOS) to prevent a unused variable build error.

2014-06-10  Chris Fleizach  <cfleizach@apple.com>

        AX: WK2: iOS: text editing does not work
        https://bugs.webkit.org/show_bug.cgi?id=133666

        Reviewed by Mario Sanchez Prada.

        In WK2, all the text editing is handled by the WebProcess, so selectedTextRange and setSelectedTextRange
        need to be implemented, as well as posting the right value change notification.

        * accessibility/ios/AXObjectCacheIOS.mm:
        (WebCore::AXObjectCache::postPlatformNotification):
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper postValueChangedNotification]):
        (-[WebAccessibilityObjectWrapper _accessibilitySelectedTextRange]):
        (-[WebAccessibilityObjectWrapper _accessibilitySetSelectedTextRange:]):

2014-06-10  Andreas Kling  <akling@apple.com>

        [iOS WebKit2] Stay in "memory pressure" mode until told otherwise.
        <https://webkit.org/b/133671>

        When we receive the first memory pressure signal, flip the flag in
        MemoryPressureHandler so that isUnderMemoryPressure() returns true
        from then on, until the system tells us pressure levels are back
        to normal.

        The hold-off mechanism is disabled for iOS, that wasn't actually
        needed in the first place, since the system is not going to spam
        you with tons of notifications.

        Also propagate the "critical" flag all the way from the system
        to the pressure handler. Note that we don't actually do anything
        differently based on the flag yet.

        Reviewed by Sam Weinig.

        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::respondToMemoryPressure):
        * platform/MemoryPressureHandler.h:
        (WebCore::MemoryPressureHandler::setUnderMemoryPressure):
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::install):
        (WebCore::MemoryPressureHandler::respondToMemoryPressure):

2014-06-10  Simon Fraser  <simon.fraser@apple.com>

        Fix logging of sticky scrolling tree nodes
        https://bugs.webkit.org/show_bug.cgi?id=133670

        Reviewed by Sam Weinig.

        ScrollingStateStickyNode::dumpProperties() dumped stickyBoxRect() twice and
        didn't dump constrainingRectAtLastLayout(), so fix that.

        * page/scrolling/ScrollingStateStickyNode.cpp:
        (WebCore::ScrollingStateStickyNode::dumpProperties):

2014-06-05  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] Simplify the named grid lines resolution algorithm
        https://bugs.webkit.org/show_bug.cgi?id=133543

        Reviewed by Darin Adler.

        Named grid lines resolution algorithm can be heavily simplified by
        inserting the implicit named grid lines generated by each grid
        area (<area-name>-{start|end} for rows and columns), into the list
        of user defined named grid lines. This way we would only have to
        deal with named grid lines and forget about the named grid areas
        (as described in the specs
        http://dev.w3.org/csswg/css-grid/#grid-placement-slot).

        As a nice side effect, we'll get for free the implementation of the
        use case described in section 5.2.2 Implicit Named Areas.

        Test: fast/css-grid-layout/named-grid-lines-with-named-grid-areas-dynamic-get-set.html

        * css/StyleResolver.cpp:
        (WebCore::createImplicitNamedGridLinesFromGridArea):
        (WebCore::StyleResolver::applyProperty):
        * rendering/RenderGrid.cpp:
        (WebCore::isStartSide):
        (WebCore::gridLinesForSide):
        (WebCore::implicitNamedGridLineForSide):
        (WebCore::isNonExistentNamedLineOrArea):
        (WebCore::RenderGrid::adjustGridPositionsFromStyle):
        (WebCore::RenderGrid::resolveNamedGridLinePositionFromStyle):
        (WebCore::RenderGrid::resolveGridPositionFromStyle):
        (WebCore::RenderGrid::resolveNamedGridLinePositionAgainstOppositePosition):
        (WebCore::gridLineDefinedBeforeGridArea): Deleted.
        (WebCore::setNamedLinePositionIfDefinedBeforeArea): Deleted.
        (WebCore::RenderGrid::adjustNamedGridItemPosition): Deleted.

2014-06-10  Kiran  <kiran.guduru@samsung.com>

        [MediaStream] Add getTracks() support to MediaStream.
        https://bugs.webkit.org/show_bug.cgi?id=133641

        Reviewed by Eric Carlson.

        A new method named getTracks is proposed to retrieve all the tracks
        of a MediaStream irrespective of the type. This method has been implementd.

        Test: fast/mediastream/MediaStream-getTracks.html

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::getTracks):
        * Modules/mediastream/MediaStream.h:
        * Modules/mediastream/MediaStream.idl:

2014-06-09  Simon Fraser  <simon.fraser@apple.com>

        Remove use of view() in RenderView code
        https://bugs.webkit.org/show_bug.cgi?id=133669

        Reviewed by Andreas Kling.

        view() in RenderView just returns *this, so no need to use it.

        * rendering/RenderView.cpp:
        (WebCore::RenderView::setSelection):

2014-06-09  Eric Carlson  <eric.carlson@apple.com>

        [iOS] Wireless route picker control should use touch event handlers
        https://bugs.webkit.org/show_bug.cgi?id=133672

        Reviewed by Brent Fulgham.

        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.createControls): Listen for touch events.
        (ControllerIOS.prototype.handleWirelessPickerButtonTouchStart): New, handle touch start.
        (ControllerIOS.prototype.handleWirelessPickerButtonTouchEnd): New, handle touch end.
        (ControllerIOS.prototype.handleWirelessPickerButtonTouchCancel): New, handle touch cancel.
        (ControllerIOS.prototype.handleWirelessPickerButtonClicked): Deleted.

2014-06-09  Benjamin Poulain  <benjamin@webkit.org>

        Do not use a mask when matching the return value of a function call on ARM
        https://bugs.webkit.org/show_bug.cgi?id=133614

        Reviewed by Andreas Kling.

        On ARM, we cannot have garbage on the top bits of booleans. It is faster to check the whole
        register for nullity.

        * cssjit/FunctionCall.h:
        (WebCore::FunctionCall::callAndBranchOnBooleanReturnValue):
        (WebCore::FunctionCall::callAndBranchOnCondition):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeValueExactMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeFunctionCallValueMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementFunctionCallTest):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsActive):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsHovered):

2014-06-09  Ryosuke Niwa  <rniwa@webkit.org>

        Remove the bogus assertion that didn't even build.

        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::formatNumberValue):

2014-06-09  Ryosuke Niwa  <rniwa@webkit.org>

        Commit the right fix.

        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::formatNumberValue):

2014-06-09  Ryosuke Niwa  <rniwa@webkit.org>

        Debug build fix after r169731.

        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::formatNumberValue):

2014-06-09  Simon Fraser  <simon.fraser@apple.com>

        Work towards having frames in the scrolling tree
        https://bugs.webkit.org/show_bug.cgi?id=133665

        Reviewed by Tim Horton.
        
        Optionally (based on Setting) create nodes in the scrolling tree for frames which
        contain async-scrollable content. This will be used on iOS/WK2 to support accelerated
        overflow-scroll in iframes. The setting allows for testing on OS X.
        
        The change breaks an assumption in ScrollingCoordinator/AsyncScrollingCoordinator
        that we're always dealing with the main frame, and changes logic in RenderLayerCompositor
        so that we can connect the scrolling tree across frame boundaries. RenderLayerCompositor
        maintains a m_subframeScrollLayersNeedReattach flag that gets set whenever we add or remove
        scroll-coordinated layers in the current frame. When set, after updating compositing
        layers we walk child frames, and, if they have scrolling nodes, re-attach them to the
        scrolling tree (which will find the new ancestor node).

        Tests: platform/mac-wk2/tiled-drawing/scrolling/frames/coordinated-frame-in-fixed.html
               platform/mac-wk2/tiled-drawing/scrolling/frames/coordinated-frame.html

        * WebCore.exp.in:
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollLayerID): Use the new "for role" way of getting the node ID.
        * page/Settings.cpp:
        * page/Settings.in: Add scrollingTreeIncludesFrames.
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):
        (WebCore::AsyncScrollingCoordinator::frameViewNonFastScrollableRegionChanged): Only set
        the region for the main frame.
        (WebCore::AsyncScrollingCoordinator::frameViewForScrollingNode): updateScrollPositionAfterAsyncScroll()
        needs to know which FrameView a given nodeID is hosted in; doing a walk of the frame tree for
        non-main frames seems to be the safest way.
        (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):
        (WebCore::AsyncScrollingCoordinator::syncChildPositions):
        * page/scrolling/AsyncScrollingCoordinator.h:
        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::coordinatesScrollingForFrameView): Consult the new setting.
        (WebCore::ScrollingCoordinator::frameViewHasSlowRepaintObjectsDidChange):
        (WebCore::ScrollingCoordinator::frameViewFixedObjectsDidChange):
        (WebCore::ScrollingCoordinator::frameViewRootLayerDidChange):
        (WebCore::ScrollingCoordinator::synchronousScrollingReasons):
        (WebCore::ScrollingCoordinator::updateSynchronousScrollingReasons):
        (WebCore::ScrollingCoordinator::setForceSynchronousScrollLayerPositionUpdates):
        (WebCore::ScrollingCoordinator::shouldUpdateScrollLayerPositionSynchronously):
        (WebCore::ScrollingCoordinator::replaySessionStateDidChange):
        (WebCore::ScrollingCoordinator::synchronousScrollingReasonsAsText):
        * page/scrolling/ScrollingCoordinator.h:
        (WebCore::ScrollingCoordinator::shouldUpdateScrollLayerPositionSynchronously): Deleted.
        * rendering/RenderLayerBacking.h: Rather than separate functions to get the two scrolling
        node IDs, having one scrollingNodeIDForRole() makes calling code cleaner.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::RenderLayerCompositor):
        (WebCore::RenderLayerCompositor::updateCompositingLayers):  call reattachSubframeScrollLayers()
        after a compositing tree update.
        (WebCore::RenderLayerCompositor::isAsyncScrollableStickyLayer): Deals with the various configurations
        in which we can do async scrolling of sticky elements.
        (WebCore::RenderLayerCompositor::isViewportConstrainedFixedOrStickyLayer):
        (WebCore::useCoordinatedScrollingForLayer):
        (WebCore::RenderLayerCompositor::requiresCompositingForPosition):
        (WebCore::RenderLayerCompositor::requiresCompositingForScrolling): Moved.
        (WebCore::RenderLayerCompositor::notifyIFramesOfCompositingChange): This is a bug fix;
        we only need to notify child frames, not all descendant frames.
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedStatus):
        (WebCore::RenderLayerCompositor::removeFromScrollCoordinatedLayers):
        (WebCore::enclosingScrollingNodeID):
        (WebCore::scrollCoordinatedAncestorInParentOfFrame):
        (WebCore::RenderLayerCompositor::reattachSubframeScrollLayers):
        (WebCore::RenderLayerCompositor::attachScrollingNode):
        (WebCore::RenderLayerCompositor::updateScrollCoordinationForThisFrame):
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):
        (WebCore::RenderLayerCompositor::detachScrollCoordinatedLayer):
        (WebCore::RenderLayerCompositor::registerAllViewportConstrainedLayers):
        (WebCore::RenderLayerCompositor::willRemoveScrollingLayer):
        (WebCore::isStickyInAcceleratedScrollingLayerOrViewport): Deleted.
        (WebCore::isViewportConstrainedFixedOrStickyLayer): Deleted.
        (WebCore::isMainFrameScrollingOrOverflowScrolling): Deleted.
        (WebCore::nearestScrollCoordinatedAncestor): Deleted.
        * rendering/RenderLayerCompositor.h:
        * rendering/RenderView.cpp:
        (WebCore::RenderView::setSelection): Added comment.
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::setScrollingTreeIncludesFrames):
        * testing/InternalSettings.h: Removed some useless parameter names.
        * testing/InternalSettings.idl: Added setScrollingTreeIncludesFrames() setting.

2014-06-09  Benjamin Poulain  <bpoulain@apple.com>

        Improve CSSPrimitiveValue::customCSSText for ARMv7
        https://bugs.webkit.org/show_bug.cgi?id=133597

        Reviewed by Andreas Kling.

        On imgur, some script is updating some layout on timers and on scroll.

        It looks like CSSPrimitiveValue::customCSSText() is a little constrained
        by the instruction cache on ARMv7. This patch improve the situation a bit.

        First, the creation of the string itself is changed to go from two allocation to one.
        Previously, we would allocate a StringBuffer and adopt it. Now we allocate a StringImpl
        directly with the inline buffer.

        The second issue is that the compiler was generating a real copy constructor for every
        assignment of the "text" variable (likely because the variable span is so large).
        This was solved by moving the string creating into a separate function (to fix the span)
        and being careful with passing PassRef<StringImpl> around.

        Then there was the problem that the compiler was a little too aggressive with inlining
        which caused each "case" to repeat the same prologue and epilogue before formatValue().
        This was solved by adding formatNumberValue() with NEVER_INLINE to have the prologue/epilogue
        in a single place.

        On older device, that's about 3% improvement on style access. On modern ARM64/x86_64
        there is no noticeable difference.

        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::formatNumberValue):
        (WebCore::CSSPrimitiveValue::formatNumberForcustomCSSText):
        (WebCore::CSSPrimitiveValue::customCSSText):
        (WebCore::formatNumber): Deleted.
        * css/CSSPrimitiveValue.h:

2014-06-09  Alex Christensen  <achristensen@webkit.org>

        [iOS WebGL] Fix EXT_shader_texture_lod.
        https://bugs.webkit.org/show_bug.cgi?id=133633

        Reviewed by Brady Eidson.

        Covered by the Khronos test (and in LayoutTests):
        conformance/extensions/ext-shader-texture-lod.html

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getExtension):
        (WebCore::WebGLRenderingContext::getSupportedExtensions):
        Added shader texture lod name to match value from glGetString(GL_EXTENSIONS) on iOS.

2014-06-09  Benjamin Poulain  <bpoulain@apple.com>

        Document::updateStyleIfNeededForNode can get very expensive
        https://bugs.webkit.org/show_bug.cgi?id=133599

        Reviewed by Andreas Kling.

        When pages are querying their style, we first run through
        Document::updateStyleIfNeededForNode() to find if that particular node needs style recalc.

        The problem was that updateStyleIfNeededForNode() could get really expensive. For each node,
        it needs to check the whole parent chain to find if any needs style recalc.
        When web pages get a bunch of nodes and querying their style, we ended up going over a lot
        of nodes just to find there is nothing to do.

        This patch adds two tweaks to reduce the problem:
        First, before querying nodeOrItsAncestorNeedsStyleRecalc() we check if the Document is dirty at all.
        The other part is making nodeOrItsAncestorNeedsStyleRecalc() faster by removing useless elements check.

        * dom/Document.cpp:
        (WebCore::nodeOrItsAncestorNeedsStyleRecalc):
        (WebCore::Document::updateStyleIfNeededForNode):

2014-06-09  Enrica Casucci  <enrica@apple.com>

        iOS WebKit: Crash in charactersAroundPosition.
        https://bugs.webkit.org/show_bug.cgi?id=133659
        <rdar://problem/17220870>

        Reviewed by Benjamin Poulain.

        Ensure that we stay within the vector boundaries
        when returning the characters around the position.

        * editing/VisibleUnits.cpp:
        (WebCore::charactersAroundPosition):

2014-06-09  Alexey Proskuryakov  <ap@apple.com>

        Properly reset UStringSearch object in SearchBuffer constructor.
        https://bugs.webkit.org/show_bug.cgi?id=133662
        <rdar://problem/17240136>

        Reviewed by Tim Horton.

        * editing/TextIterator.cpp: (WebCore::SearchBuffer::~SearchBuffer):

2014-06-09  Eric Carlson  <eric.carlson@apple.com>

        Automatic text track selection can select more than one track
        https://bugs.webkit.org/show_bug.cgi?id=133590

        Reviewed by Brent Fulgham.

        Test: media/video-trackmenu-selection.html

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::configureTextTrack): Consider the currently selected
            track, if any.

        * page/CaptionUserPreferencesMediaAF.cpp:
        (WebCore::CaptionUserPreferencesMediaAF::sortedTrackListForMenu): Drive-by change
            to make sure no non-visible text tracks are included in the track menu.

2014-06-09  Jer Noble  <jer.noble@apple.com>

        [Mac] Hang when painting media before compositing mode activated
        https://bugs.webkit.org/show_bug.cgi?id=133655

        Reviewed by Eric Carlson.

        When asked to paint(), MediaPlayerPrivateAVFoundationObjC should not create an image generator
        or a video output. These operations are synchronous, and will block the drawing thread and cause
        a spin. paint() as opposed to paintImageInContext() is only called when painting the layer tree
        and MediaPlayerPrivateAVFoundationObjC will paint by creating a AVPlayerLayer, not by painting
        frames directly into the tree.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::paint):

2014-06-09  Jer Noble  <jer.noble@apple.com>

        [Mac][MSE] Exception thrown from ~MediaPlayerPrivateMediaSourceAVFObjC().
        https://bugs.webkit.org/show_bug.cgi?id=133656

        Reviewed by Eric Carlson.

        AVSampleBufferRenderSynchronizer can't handle being passed a NULL observer, so only attempt
        to remove the time jumped or duration observer if one was actually created.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::~MediaPlayerPrivateMediaSourceAVFObjC):

2014-06-09  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Pixelsnapping empty rounded rect results in NaN radii width/height.
        https://bugs.webkit.org/show_bug.cgi?id=133654

        Reviewed by Simon Fraser.

        Empty rounded rects don't need snapping.

        Not testable.

        * platform/graphics/RoundedRect.cpp:
        (WebCore::RoundedRect::pixelSnappedRoundedRectForPainting):

2014-05-21  Myles C. Maxfield  <mmaxfield@apple.com>

        REGRESSION: missing underline under CJK text
        https://bugs.webkit.org/show_bug.cgi?id=128145

        Reviewed by Darin Adler.

        This patch refactors the GlyphToPathTranslator which is used to find intersections of
        glyphs and underlines. It was modified to allow for querying these pieces of
        information:
        1) The extents of the glyph. This can be used to make the underlines skip an entire
        glyph, wholesale
        2) What kind of skipping behavior should be used
        3) The Path which represents the glyph
        There are three skipping behaviors:
        1) (SkipDescenders) The previous behavior
        2) (SkipGlyph) Make the underline skip over the entire glyph, using the extents() function
        3) (DrawOverGlyph) Make the underline plow through the glyph, ignoring any descenders

        Calculating which underlining behavior to use depends on what the base codepoint that
        originated that glyph is. This means that we have to map from glyphs to characters,
        something which is nontrivial to do. In order to solve this problem, this patch adds
        an optional vector to GlyphBuffer which represents the location in the original string
        from which a particular glyph originated. Then, when our WidthIterator code adds
        glyphs to the GlyphBuffer, we can include the extra information about where we are
        in the input string. Once this data is available, the GlyphPathTranslator can look up
        the base codepoint from which this glyph originates, and can run ICU functions on that
        codepoint.

        We can use the ICU ublock_getCode() function to find which Unicode block a particular
        codepoint comes from. If the codepoint comes from a CJK block, we will use
        DrawOverGlyph; otherwise, we will use SkipDescenders.

        Test: fast/css3-text/css3-text-decoration/text-decoration-skip/text-decoration-skip-ink-cjk.html

        * platform/graphics/Font.cpp:
        (WebCore::sharedUnderlineType): Look up the base codepoint from which this glyph
        originates, call ublock_getCode to get its Unicode block, then return
        a GlyphUnderlineType accordingly. This code is shared between SVG and non-SVG.
        * platform/graphics/Font.h: New virtual functions in GlyphToPathTranslator, as well as
        function signatures for the above two functions.
        * platform/graphics/GlyphBuffer.h: Add an optional instance member for the location
        from within the original string from which a particular glyph originates.
        (WebCore::GlyphBuffer::clear): Updated for new member.
        (WebCore::GlyphBuffer::add): Ditto.
        (WebCore::GlyphBuffer::saveOffsetsInString): Opt-in to using the new variable
        (WebCore::GlyphBuffer::offsetInString): New variable accessor.
        * platform/graphics/TextRun.h: SVG needs the TextRun to use sharedUnderlineType.
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::advanceInternal): Use GlyphBuffer's new variable (if present).
        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::ComplexTextController::advance): Use GlyphBuffer's new variable (if present).
        * platform/graphics/mac/FontMac.mm: Implement new GlyphToPathTranslator functions.
        (WebCore::MacGlyphToPathTranslator::path):
        (WebCore::MacGlyphToPathTranslator::extents):
        (WebCore::MacGlyphToPathTranslator::underlineType): Calls sharedUnderlineType().
        (WebCore::MacGlyphToPathTranslator::moveToNextValidGlyph):
        (WebCore::MacGlyphToPathTranslator::increment):
        (WebCore::Font::dashesForIntersectionsWithRect): Ask the translator what kind of underline
        behavior should be used. React accordingly.
        (WebCore::MacGlyphToPathTranslator::nextPath): Deleted.
        (WebCore::MacGlyphToPathTranslator::incrementIndex): Deleted.
        * platform/graphics/win/UniscribeController.cpp:
        (WebCore::UniscribeController::shapeAndPlaceItem): Update to new signature of GlyphBuffer::add()
        * rendering/svg/SVGTextRunRenderingContext.cpp: Implement new GlyphToPathTranslator functions.
        (WebCore::SVGGlyphToPathTranslator::SVGGlyphToPathTranslator):
        (WebCore::SVGGlyphToPathTranslator::getCurrentTransform):
        (WebCore::SVGGlyphToPathTranslator::path):
        (WebCore::SVGGlyphToPathTranslator::extents):
        (WebCore::MacGlyphToPathTranslator::underlineType): Calls sharedUnderlineType().
        (WebCore::SVGGlyphToPathTranslator::moveToNextValidGlyph):
        (WebCore::SVGGlyphToPathTranslator::increment):
        (WebCore::SVGTextRunRenderingContext::createGlyphToPathTranslator):
        (WebCore::SVGTextRunRenderingContext::drawSVGGlyphs):
        (WebCore::SVGGlyphToPathTranslator::nextPath): Deleted.
        (WebCore::SVGGlyphToPathTranslator::incrementIndex): Deleted.
        * rendering/svg/SVGTextRunRenderingContext.h: SVG needs the TextRun to use sharedUnderlineType.

2014-06-09  Alex Christensen  <achristensen@webkit.org>

        [iOS WebGL] Implement OES_vertex_array_object for iOS.
        https://bugs.webkit.org/show_bug.cgi?id=133629

        Reviewed by Brady Eidson.

        Covered by the Khronos test (and in LayoutTests):
        conformance/extensions/oes-vertex-array-object.html

        * platform/graphics/ios/GraphicsContext3DIOS.h:
        Added OpenGL vertex array function renaming for iOS adding the OES suffix.
        * platform/graphics/opengl/Extensions3DOpenGL.cpp:
        (WebCore::Extensions3DOpenGL::createVertexArrayOES):
        (WebCore::Extensions3DOpenGL::deleteVertexArrayOES):
        (WebCore::Extensions3DOpenGL::isVertexArrayOES):
        (WebCore::Extensions3DOpenGL::bindVertexArrayOES):
        Added isVertexArrayObjectSupported and support for iOS.
        (WebCore::Extensions3DOpenGL::supportsExtension):
        Added iOS name for GL_OES_vertex_array_object extension.
        * platform/graphics/opengl/Extensions3DOpenGL.h:
        Added isVertexArrayObjectSupported for iOS.        

2014-06-09  Eric Carlson  <eric.carlson@apple.com>

        [Mac] caption size is not update immediately when system preferences change
        https://bugs.webkit.org/show_bug.cgi?id=133598

        Reviewed by Brent Fulgham.

        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::updateCaptionDisplaySizes): New.
        * Modules/mediacontrols/MediaControlsHost.h:

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::captionPreferencesChanged): Tell the controls host to update sizes.

2014-06-09  Daniel Bates  <dabates@apple.com>

        [iOS] Amazon app: Cannot interact with product page after tapping on product image
        https://bugs.webkit.org/show_bug.cgi?id=133559
        <rdar://problem/16332749>

        Reviewed by Oliver Hunt.

        As a workaround for issues in the Amazon app, mark the attribute navigator.geolocation as
        replaceable so that we don't throw a JavaScript type error when assigning to an instance
        attribute that shadows it. At the time of writing the first such assignment to is ignored.
        See <https://bugs.webkit.org/show_bug.cgi?id=133648> for more details.

        When loading a product page in the Amazon app it overwrites the readonly property geolocation
        on an object that extends the Navigator object. In strict mode, this operation is not honored
        and is treated as a JavaScript type error, which stops JavaScript execution. Therefore, the
        product page does not behave as intended. In contrast, this operation would not be honored in
        non-strict mode and would not be treated as a JavaScript type error.

        Test: js/dom/shadow-navigator-geolocation-in-strict-mode-does-not-throw.html

        * Modules/geolocation/NavigatorGeolocation.idl:

2014-06-09  Andreas Kling  <akling@apple.com>

        HTML*ListElement wrappers have custom getOwnPropertySlot()s for no good reason.
        <https://webkit.org/b/133653>

        The JavaScript bindings generator was a bit overzealous in forcing every
        interface with "List" in the name to have its attributes on the instance.
        This caused some elements (HTMLUListElement, etc.) to automatically opt out
        of eager prototype attribute reification.

        Reviewed by Mark Hahnenberg.

        * bindings/scripts/CodeGeneratorJS.pm:
        (InterfaceRequiresAttributesOnInstance):

2014-06-09  Jer Noble  <jer.noble@apple.com>

        ASSERT(!m_inRemovedLastRefFunction) in Element::addShadowRoot while destroying a document
        https://bugs.webkit.org/show_bug.cgi?id=133450

        Reviewed by Eric Carlson.

        ensureUserAgentShadowRoot() is being called when a media element is removed from its document
        in HTMLMediaElement::removedFrom() because Node::removedFrom() has not yet run and removed the
        InDocument flag from the node.  Rather than calling configureMediaControls() at this point
        just expilictly remove the media controls if present.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):

2014-06-09  Mark Hahnenberg  <mhahnenberg@apple.com>

        Rebaseline bindings tests after r169703

        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::JSTestActiveDOMObjectPrototype::finishCreation):
        (WebCore::JSTestActiveDOMObjectPrototype::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        (WebCore::JSTestCustomNamedGetterPrototype::finishCreation):
        (WebCore::JSTestCustomNamedGetterPrototype::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        (WebCore::JSTestEventConstructorPrototype::finishCreation):
        (WebCore::JSTestEventConstructorPrototype::getOwnPropertySlot): Deleted.
        (WebCore::JSTestEventConstructor::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestEventConstructor.h:
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::JSTestEventTargetPrototype::finishCreation):
        (WebCore::JSTestEventTargetPrototype::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestEventTarget.h:
        * bindings/scripts/test/JS/JSTestException.cpp:
        (WebCore::JSTestExceptionPrototype::finishCreation):
        (WebCore::JSTestExceptionPrototype::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestException.h:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        (WebCore::JSTestGenerateIsReachablePrototype::finishCreation):
        (WebCore::JSTestGenerateIsReachablePrototype::getOwnPropertySlot): Deleted.
        (WebCore::JSTestGenerateIsReachable::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::JSTestInterfacePrototype::finishCreation):
        (WebCore::JSTestInterfacePrototype::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestInterface.h:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        (WebCore::JSTestMediaQueryListListenerPrototype::finishCreation):
        (WebCore::JSTestMediaQueryListListenerPrototype::getOwnPropertySlot): Deleted.
        (WebCore::JSTestMediaQueryListListener::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        (WebCore::JSTestNamedConstructorPrototype::finishCreation):
        (WebCore::JSTestNamedConstructorPrototype::getOwnPropertySlot): Deleted.
        (WebCore::JSTestNamedConstructor::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestNamedConstructor.h:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        (WebCore::JSTestNodePrototype::finishCreation):
        (WebCore::JSTestNodePrototype::getOwnPropertySlot): Deleted.
        (WebCore::JSTestNode::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestNode.h:
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        (WebCore::JSTestNondeterministicPrototype::finishCreation):
        (WebCore::JSTestNondeterministicPrototype::getOwnPropertySlot): Deleted.
        (WebCore::JSTestNondeterministic::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestNondeterministic.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObjPrototype::finishCreation):
        (WebCore::JSTestObjPrototype::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        (WebCore::JSTestOverloadedConstructorsPrototype::finishCreation):
        (WebCore::JSTestOverloadedConstructorsPrototype::getOwnPropertySlot): Deleted.
        (WebCore::JSTestOverloadedConstructors::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        (WebCore::JSTestSerializedScriptValueInterfacePrototype::finishCreation):
        (WebCore::JSTestSerializedScriptValueInterfacePrototype::getOwnPropertySlot): Deleted.
        (WebCore::JSTestSerializedScriptValueInterface::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::JSTestTypedefsPrototype::finishCreation):
        (WebCore::JSTestTypedefsPrototype::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSTestTypedefs.h:
        * bindings/scripts/test/JS/JSattribute.cpp:
        (WebCore::JSattributePrototype::finishCreation):
        (WebCore::JSattributePrototype::getOwnPropertySlot): Deleted.
        (WebCore::JSattribute::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSattribute.h:
        * bindings/scripts/test/JS/JSreadonly.cpp:
        (WebCore::JSreadonlyPrototype::finishCreation):
        (WebCore::JSreadonlyPrototype::getOwnPropertySlot): Deleted.
        (WebCore::JSreadonly::getOwnPropertySlot): Deleted.
        * bindings/scripts/test/JS/JSreadonly.h:

2014-06-09  Simon Fraser  <simon.fraser@apple.com>

        Group the methods in InternalSettings.idl
        https://bugs.webkit.org/show_bug.cgi?id=133652

        Reviewed by Tim Horton.

        Group methods by topic.

        * testing/InternalSettings.idl:

2014-06-05  Mark Hahnenberg  <mhahnenberg@apple.com>

        Eagerly reify DOM prototype attributes
        https://bugs.webkit.org/show_bug.cgi?id=133558

        Reviewed by Oliver Hunt.

        No new tests.

        This allows us to get rid of a lot of the additional overhead of pushing DOM attributes up into the prototype. 
        By eagerly reifying the custom getters and setters into the actual JSObject we avoid having to override 
        getOwnPropertySlot for all of the DOM prototypes, which is a lot of the overhead of doing property lookups on 
        DOM wrappers.

        * bindings/scripts/CodeGeneratorJS.pm:
        (prototypeHashTableAccessor): Changed to pass along the VM.
        (AttributeShouldBeOnInstanceForCompatibility): We were being overly conservative in regard to touch events. 
        This caused us to store the touch event handler getters and setters on the JSElement instance, which caused
        us to override getOwnPropertySlot for every JSElement subclass.
        (InstanceOverridesGetOwnPropertySlot): This was being overly paranoid about generate a getOwnPropertySlot if
        there was going to be a "constructor" property, even though we handled this in another place already.
        (GenerateHeader): Generate a finishCreation for prototypes unless it's the JSDOMWindow. We can't correctly 
        handle the DOMWindow in this version of the patch because reifying the static properties requires a global object,
        which hasn't been created yet when the prototype for the window object is being created.
        (GenerateImplementation): Generate the finishCreation calls to reifyStaticProperties.

2014-06-09  Alexey Proskuryakov  <ap@apple.com>

        REGRESSION (r169681): Three tests are broken
        https://bugs.webkit.org/show_bug.cgi?id=133646

        Reviewed by Tim Horton.

        r169681 removed platformFocusRingMaxWidth() override, which returned either 0 or 9
        on Mac. But the cross-platform default is 3, so this changed Mac behavior.

        I'm not entirely sure why the cross-platform default is 3 (it was also added in r168397),
        but restoring the override to return 0 fixes test cases.

        While at it, also added final/override, and removed some functions that were only
        needed by subclasses, which we now have none.

        * rendering/RenderThemeMac.h:
        (WebCore::RenderThemeMac::supportsControlTints): Deleted.
        (WebCore::RenderThemeMac::scrollbarControlSizeForPart): Deleted.
        (WebCore::RenderThemeMac::supportsSelectionForegroundColors): Deleted.
        (WebCore::RenderThemeMac::supportsClosedCaptioning): Deleted.
        (WebCore::RenderThemeMac::updateActiveState): Deleted.
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::platformFocusRingMaxWidth):
        (WebCore::RenderThemeMac::setPopupButtonCellState):
        (WebCore::RenderThemeMac::paintSliderThumb):
        (WebCore::RenderThemeMac::setSearchCellState):
        (WebCore::RenderThemeMac::paintSearchFieldCancelButton):
        (WebCore::RenderThemeMac::paintSearchFieldResultsDecorationPart):
        (WebCore::RenderThemeMac::paintSearchFieldResultsButton):

2014-06-09  Bem Jones-Bey  <bjonesbe@adobe.com>

        [CSS Shapes] Bound RasterShapeInterval size to int
        https://bugs.webkit.org/show_bug.cgi?id=133576

        Reviewed by Simon Fraser.

        Everything in the code assumes that the interval size will always fit
        in an int. However, to make sure there are no negatives, the
        RasterShapeInterval constructor takes an unsigned. This clamps that
        value to make sure we can't overflow an int later.

        * rendering/shapes/RasterShape.h:
        (WebCore::RasterShapeIntervals::RasterShapeIntervals):

2014-06-09  Zalan Bujtas  <zalan@apple.com>

        [iOS] Gaps below and to the right of the video controls on devour.com
        https://bugs.webkit.org/show_bug.cgi?id=133607

        Reviewed by Simon Fraser.

        Non-toplevel compositing layers are device pixel aligned. In order to render the content
        to the same position as if the layer was not aligned, the graphics layer needs to be translated.
        CALayer::bounds is set to compensate for the shifted layer. However, we should not change the layer's
        size as that stretches the content and results in overlaps/gaps/extra fuzziness.

        Test: compositing/contents-scale/hidpi-compositing-layer-positioned-on-scaled-context.html

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::updateGeometry):
        (WebCore::GraphicsLayerCA::computePixelAlignment): remove old epsilon adjustment code.
        * platform/graphics/ca/GraphicsLayerCA.h:

2014-06-09  Zalan Bujtas  <zalan@apple.com>

        [SVG] Subpixel rendering: Mask with transformed text does not render.
        https://bugs.webkit.org/show_bug.cgi?id=133626
        <rdar://problem/17123070>

        Reviewed by Simon Fraser.

        Replace IntRect::infiniteRect() with Layout::infiniteRect(). A transformed IntRect::infiniteRect()
        overflows and produces invalid repaint rect. -also remove IntRect::infiniteRect() as no one calls
        it anymore.

        Tests: svg/masking/mask-transformed-text-missing-expected.svg
               svg/masking/mask-transformed-text-missing.svg

        * platform/graphics/IntRect.h:
        (WebCore::IntRect::infiniteRect): Deleted.
        * rendering/svg/SVGRenderingContext.cpp:
        (WebCore::SVGRenderingContext::renderSubtreeToImageBuffer):

2014-06-08  Dean Jackson  <dino@apple.com>

        [Mac] checkboxes and radio buttons animate incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=133619
        <rdar://problem/16478676>

        Reviewed by Sam Weinig.

        As many people have noticed, the new checkboxes and radio
        buttons jump around during their animation. To fix this
        I've added yet another magic set of numbers to our
        native form positioning - this time the placement
        of the controls when rendering on the animated path.
        This is quite annoying, since there doesn't appear
        to be any pattern to the offsets (or margins) given
        a control size, and this case also needed a sub-pixel
        offset to display correctly on retina machines.

        * platform/mac/ThemeMac.mm:
        (WebCore::checkboxMargins): Add comment so I know what the values mean.
        (WebCore::checkboxOffsets): Add the magic translation values for animated states.
        (WebCore::radioMargins): Ditto.
        (WebCore::radioOffsets):
        (WebCore::paintToggleButton): Paint with these new offsets.

2014-06-07  Dean Jackson  <dino@apple.com>

        Regression r168397 - Form layout is incorrect on OS X Yosemite
        https://bugs.webkit.org/show_bug.cgi?id=133612
        <rdar://problem/16850492>
        <rdar://problem/17016914>

        Reviewed by Anders Carlson.

        Revision 168397 introduced a new animated style of form controls. Part of
        it included extending the margins for the controls to take into account the
        focus ring that animates in from a large radius to a small radius. This
        caused two problems:

        - the incorrect margins broke many layouts
        - despite increased margins, there were still some areas
          that did not repaint correctly.

        Restore the old margins and (temporarily) turn off focus ring animation.
        Bad layout is much worse than a missing animation. Another benefit
        of this is that we will use less memory.

        * platform/graphics/mac/GraphicsContextMac.mm:
        (WebCore::drawFocusRingToContextAtTime): Pass in a time far far far in the future to
        get the static rendering.
        * platform/mac/ThemeMac.mm:
        (WebCore::checkboxMargins): Restore correct margins.
        (WebCore::radioMargins): Ditto.
        (WebCore::drawCellFocusRing): New method that calls WKSI with a future time.
        (WebCore::paintToggleButton): Call the new wrapper.
        (WebCore::buttonMargins): Restore correct margins.
        (WebCore::paintButton): Call the new wrapper.
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintMenuList): Use a future time.
        (WebCore::RenderThemeMac::platformFocusRingMaxWidth): Deleted. Use old outline value.

2014-05-29  Anders Carlsson  <andersca@apple.com>

        HTTPHeaderMap should not derive from HashMap
        https://bugs.webkit.org/show_bug.cgi?id=133392

        Reviewed by Darin Adler.

        Use a HashMap member variable instead.

        * WebCore.exp.in:
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::responseReceived):
        * platform/network/HTTPHeaderMap.cpp:
        (WebCore::HTTPHeaderMap::copyData):
        (WebCore::HTTPHeaderMap::adopt):
        (WebCore::HTTPHeaderMap::get):
        (WebCore::HTTPHeaderMap::set):
        (WebCore::HTTPHeaderMap::add):
        (WebCore::HTTPHeaderMap::contains):
        (WebCore::HTTPHeaderMap::find):
        (WebCore::HTTPHeaderMap::remove):
        (WebCore::HTTPHeaderMap::keys):
        * platform/network/HTTPHeaderMap.h:
        (WebCore::HTTPHeaderMap::isEmpty):
        (WebCore::HTTPHeaderMap::size):
        (WebCore::HTTPHeaderMap::clear):
        (WebCore::HTTPHeaderMap::begin):
        (WebCore::HTTPHeaderMap::end):
        (WebCore::HTTPHeaderMap::operator==):
        (WebCore::HTTPHeaderMap::operator!=):
        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::adopt):
        * platform/network/ResourceRequestBase.h:
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::adopt):
        * platform/network/ResourceResponseBase.h:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest):

2014-06-07  Zan Dobersek  <zdobersek@igalia.com>

        Use C++11 lambdas to construct FileThread::Task objects
        https://bugs.webkit.org/show_bug.cgi?id=133079

        Reviewed by Darin Adler.

        Have FileThread::Task constructor take in a std::function<void ()>-like object
        as the second parameter. Much like with ScriptExecutionContext::Task, the idea here
        is to use inlined C++11 lambdas in FileThread::postTask() calls. Because FileThread::Task
        also requires an instance pointer, a brace-init list is passed to these calls, passing
        in the instance pointer as the first parameter and the C++11 lambda as the second.

        FileThread::postTask() now takes in a FileThread::Task rvalue and moves it onto the heap
        and into the queue.

        In AsyncFileStream.cpp, calls to FileThread::postTask() are updated to use C++11 lambdas.
        Uses of MainThreadTask are also replaced by C++11 lambdas. This modernizes the code and
        removes a lot of helper functions.

        FileThread::Task doesn't use CrossThreadCopier anymore. Instead, we manually produce
        thread-safe copies as necessary. At the moment this approach produces another copy when
        passing the freshly-copied object into the lambda, but this will be avoidable once we
        make C++14 and the lambda capture expression support mandatory.

        * fileapi/AsyncFileStream.cpp:
        (WebCore::AsyncFileStream::create):
        (WebCore::AsyncFileStream::stop):
        (WebCore::AsyncFileStream::getSize):
        (WebCore::AsyncFileStream::openForRead):
        (WebCore::AsyncFileStream::openForWrite):
        (WebCore::AsyncFileStream::close):
        (WebCore::AsyncFileStream::read):
        (WebCore::AsyncFileStream::write):
        (WebCore::AsyncFileStream::truncate):
        (WebCore::didStart): Deleted.
        (WebCore::AsyncFileStream::startOnFileThread): Deleted.
        (WebCore::derefProxyOnMainThread): Deleted.
        (WebCore::AsyncFileStream::stopOnFileThread): Deleted.
        (WebCore::didGetSize): Deleted.
        (WebCore::AsyncFileStream::getSizeOnFileThread): Deleted.
        (WebCore::didOpen): Deleted.
        (WebCore::AsyncFileStream::openForReadOnFileThread): Deleted.
        (WebCore::AsyncFileStream::openForWriteOnFileThread): Deleted.
        (WebCore::AsyncFileStream::closeOnFileThread): Deleted.
        (WebCore::didRead): Deleted.
        (WebCore::AsyncFileStream::readOnFileThread): Deleted.
        (WebCore::didWrite): Deleted.
        (WebCore::AsyncFileStream::writeOnFileThread): Deleted.
        (WebCore::didTruncate): Deleted.
        (WebCore::AsyncFileStream::truncateOnFileThread): Deleted.
        * fileapi/AsyncFileStream.h:
        * fileapi/FileThread.cpp:
        (WebCore::FileThread::postTask):
        * fileapi/FileThread.h:
        (WebCore::FileThread::Task::Task):

2014-06-07  Zan Dobersek  <zdobersek@igalia.com>

        Pass C++11 lambdas to callOnMainThread() calls in IconDatabase
        https://bugs.webkit.org/show_bug.cgi?id=133374

        Reviewed by Darin Adler.

        Use C++11 lambads to inline the main thread tasks into the calling code,
        modernizing the look of the code and removing a few static methods and
        classes that were used as helpers.

        * loader/icon/IconDatabase.cpp:
        (WebCore::IconDatabase::scheduleOrDeferSyncTimer):
        (WebCore::IconDatabase::performURLImport):
        (WebCore::IconDatabase::dispatchDidImportIconURLForPageURLOnMainThread):
        (WebCore::IconDatabase::dispatchDidImportIconDataForPageURLOnMainThread):
        (WebCore::IconDatabase::dispatchDidRemoveAllIconsOnMainThread):
        (WebCore::IconDatabase::dispatchDidFinishURLImportOnMainThread):
        (WebCore::IconDatabase::notifyPendingLoadDecisionsOnMainThread): Deleted.
        (WebCore::IconDatabase::performScheduleOrDeferSyncTimer): Deleted.
        (WebCore::IconDatabase::performScheduleOrDeferSyncTimerOnMainThread): Deleted.
        (WebCore::ClientWorkItem::ClientWorkItem): Deleted.
        (WebCore::ClientWorkItem::~ClientWorkItem): Deleted.
        (WebCore::ImportedIconURLForPageURLWorkItem::ImportedIconURLForPageURLWorkItem): Deleted.
        (WebCore::ImportedIconURLForPageURLWorkItem::~ImportedIconURLForPageURLWorkItem): Deleted.
        (WebCore::ImportedIconURLForPageURLWorkItem::performWork): Deleted.
        (WebCore::ImportedIconDataForPageURLWorkItem::ImportedIconDataForPageURLWorkItem): Deleted.
        (WebCore::ImportedIconDataForPageURLWorkItem::~ImportedIconDataForPageURLWorkItem): Deleted.
        (WebCore::ImportedIconDataForPageURLWorkItem::performWork): Deleted.
        (WebCore::RemovedAllIconsWorkItem::RemovedAllIconsWorkItem): Deleted.
        (WebCore::RemovedAllIconsWorkItem::performWork): Deleted.
        (WebCore::FinishedURLImport::FinishedURLImport): Deleted.
        (WebCore::FinishedURLImport::performWork): Deleted.
        (WebCore::performWorkItem): Deleted.
        * loader/icon/IconDatabase.h:

2014-06-07  Zan Dobersek  <zdobersek@igalia.com>

        Replace uses of CrossThreadTask in DefaultSharedWorkerRepository, WorkerMessagingProxy with C++11 lambdas
        https://bugs.webkit.org/show_bug.cgi?id=133375

        Reviewed by Darin Adler.

        Uses of CrossThreadTask in the two classes are replaced with C++11 lambdas.
        The necessary cross-thread copies are created manually and passed into the
        lambdas by value, removing the need for CrossThreadTask and its use of CrossThreadCopier.

        Remove the explicit use of this pointer in some lambdas -- it is captured automatically when
        capturing by value, so enforcing its capturing through explicit use is not necessary.

        * workers/DefaultSharedWorkerRepository.cpp:
        (WebCore::SharedWorkerProxy::postExceptionToWorkerObject):
        (WebCore::SharedWorkerProxy::postConsoleMessageToWorkerObject):
        (WebCore::postExceptionTask): Deleted.
        (WebCore::postConsoleMessageTask): Deleted.
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::postMessageToWorkerObject):
        (WebCore::WorkerMessagingProxy::postConsoleMessageToWorkerObject):
        (WebCore::WorkerMessagingProxy::workerObjectDestroyed):
        (WebCore::WorkerMessagingProxy::notifyNetworkStateChange):
        (WebCore::WorkerMessagingProxy::connectToInspector):
        (WebCore::WorkerMessagingProxy::disconnectFromInspector):
        (WebCore::WorkerMessagingProxy::sendMessageToInspector):
        (WebCore::WorkerMessagingProxy::postMessageToPageInspector):
        (WebCore::WorkerMessagingProxy::confirmMessageFromWorkerObject):
        (WebCore::WorkerMessagingProxy::reportPendingActivity):
        (WebCore::postConsoleMessageTask): Deleted.
        (WebCore::WorkerMessagingProxy::workerObjectDestroyedInternal): Deleted.
        (WebCore::connectToWorkerGlobalScopeInspectorTask): Deleted.
        (WebCore::disconnectFromWorkerGlobalScopeInspectorTask): Deleted.
        (WebCore::dispatchOnInspectorBackendTask): Deleted.
        * workers/WorkerMessagingProxy.h:

2014-06-06  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Scheme of content utils should be compared in an ASCII case-insensitive manner
        https://bugs.webkit.org/show_bug.cgi?id=133502

        Reviewed by Darin Adler.

        According to spec, scheme must be compared in an ASCII case-insensitive manner by user agents.

        Covered by existing tests.

        * Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
        (WebCore::isProtocolWhitelisted):

2014-06-06  Andreas Kling  <akling@apple.com>

        Indexed getters should return values directly on the PropertySlot.
        <https://webkit.org/b/133586>

        Make indexed getters more efficient by using PropertySlot::setValue()
        to pass the value directly back through the slot, instead of giving it
        a function pointer that JSC would then immediately call back through
        to retrieve the value.

        The function pointer approach would make sense if we did inline caching
        of indexed getters but since we currently don't, this is pure overhead.

        Reviewed by Darin Adler.

        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        (WebCore::JSCSSStyleDeclaration::getOwnPropertySlotDelegate):
        (WebCore::cssPropertyGetterPixelOrPosPrefixCallback): Deleted.
        (WebCore::cssPropertyGetterCallback): Deleted.
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
        (WebCore::indexGetter): Deleted.
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateGetOwnPropertySlotBody):
        (GenerateHeader):
        (GetIndexedGetterExpression):
        (GenerateImplementation):
        * bridge/runtime_array.cpp:
        (JSC::RuntimeArray::getOwnPropertySlot):
        (JSC::RuntimeArray::getOwnPropertySlotByIndex):
        (JSC::RuntimeArray::indexGetter): Deleted.
        * bridge/runtime_array.h:

2014-06-06  Brent Fulgham  <bfulgham@apple.com>

        GenericCueData elements prematurely removed
        https://bugs.webkit.org/show_bug.cgi?id=133588

        Reviewed by Eric Carlson.

        Add a 'removeCompletedCues' method instead of using the 'resetCueValues' method
        after processing new cues. We do not want to reset cue state if we have pending
        cues that are being extended by future updates (such as paint-on cues).

        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
        (WebCore::InbandTextTrackPrivateAVF::processCue):  Call new 'removeCompletedCues' method.
        (WebCore::InbandTextTrackPrivateAVF::removeCompletedCues): Added.
        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.h:

2014-06-06  Brady Eidson  <beidson@apple.com>

        Initialize a char* that needs to be initialized.
        <rdar://problem/15840022> and https://bugs.webkit.org/show_bug.cgi?id=133585

        Reviewed by Mark Rowe.

        r152134 (erroneously) removed this initialization.

        * platform/sql/SQLiteStatement.cpp:
        (WebCore::SQLiteStatement::prepare): tail should start out initialized to 0.

2014-06-06  Alexey Proskuryakov  <ap@apple.com>

        [iOS] Support pasting HTML
        https://bugs.webkit.org/show_bug.cgi?id=133581
        <rdar://problem/17070305>

        Reviewed by Enrica Casucci.

        We can probably share a lot of code between Mac and iOS here, but for now, just
        implement the unimplemented functions.

        * editing/ios/EditorIOS.mm: (WebCore::Editor::WebContentReader::readHTML):
        Implemented based on WebArchive reading code above, and on Mac version of readHTML.
        Unlike on Mac, we don't need to support Microsoft CF_HTML format, as nothing
        generates it.

        * platform/ios/PasteboardIOS.mm:
        (WebCore::Pasteboard::read):
        (WebCore::Pasteboard::supportedPasteboardTypes):
        Added HTML support, as the second preferred format after WebArchive.

2014-06-06  Alexey Proskuryakov  <ap@apple.com>

        Try to fix the build after http://trac.webkit.org/changeset/169655

        Unfortunately, the fix is very fragile, and will likely not work for some SDKs
        or possibly local headers - all OS versions have multiple SecBsse.h headers with
        different definitions for SecIdentityRef.

        We'll see.

        * WebCore.exp.in:

2014-06-06  Dan Bernstein  <mitz@apple.com>

        WebCore part of <rdar://problem/17095692> [iOS] Client-certificate authentication isn’t working
        https://bugs.webkit.org/show_bug.cgi?id=133527

        Reviewed by Darin Adler.

        * WebCore.exp.in: Exported some Credential member functions.

2014-06-06  Dean Jackson  <dino@apple.com>

        [iOS WebGL] Float texture extension has a slightly different name
        https://bugs.webkit.org/show_bug.cgi?id=133580
        <rdar://problem/17113451>

        Reviewed by Brady Eidson.

        Floating point textures were not available on iOS, because we were
        looking for the wrong extension.

        Covered by the Khronos test (and in LayoutTests):
        conformance/extensions/oes-texture-float.html

        * platform/graphics/opengl/Extensions3DOpenGL.cpp:
        (WebCore::Extensions3DOpenGL::supportsExtension): Look for GL_OES_texture_float
        as well as GL_ARB_texture_float.
        * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
        (WebCore::GraphicsContext3D::texImage2D): Increase the set of things skipped
        on PLATFORM(IOS) since they are supported natively there.

2014-06-05  David Hyatt  <hyatt@apple.com>

        REGRESSION: Hit testing of composited elements is broken in new multicolumn layout.
        https://bugs.webkit.org/show_bug.cgi?id=133522 (<rdar://problem/17060556>)
        
        Reviewed by Simon Fraser.

        Hit testing for the new columns doesn't care about compositing but does still
        need a pagination layer set to work. The old column code didn't care about this
        because it was top down (and wrong). The new code lets each layer paint and hit
        test its own fragments, so having a pagination layer set suddenly becomes relevant
        for composited layers.
    
        The solution is to cache whether or not the pagination layer crosses a compositing
        boundary, and then to force call sites of enclosingPaginationLayer to pass an argument
        indicating whether compositing layers should be included. Typically painting wants to
        exclude them but hit testing wants to include them.

        * page/FrameView.cpp:
        (WebCore::updateLayerPositionFlags):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        (WebCore::RenderLayer::updateLayerPositions):
        (WebCore::RenderLayer::updatePagination):
        (WebCore::transparencyClipBox):
        (WebCore::RenderLayer::paintLayer):
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::enclosingPaginationLayerInSubtree):
        (WebCore::RenderLayer::collectFragments):
        (WebCore::RenderLayer::paintTransformedLayerIntoFragments):
        (WebCore::RenderLayer::hitTestLayer):
        (WebCore::RenderLayer::hitTestTransformedLayerInFragments):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayer.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresCompositingForPosition):

2014-06-06  Kiran  <kiran.guduru@samsung.com>

        [MediaStream] 'get' prefix is missing for capabilities and constraints.
        https://bugs.webkit.org/show_bug.cgi?id=133573

        Reviewed by Eric Carlson.

        Modified the existing MediaStreamTrack.html to test the changes.

        As per the Media Capture and Streams spec method names constreaints and
        capabilities should be prefixed by 'get'. So updated the method names.

        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::getConstraints):
        (WebCore::MediaStreamTrack::getCapabilities):
        (WebCore::MediaStreamTrack::constraints): Deleted.
        (WebCore::MediaStreamTrack::capabilities): Deleted.
        * Modules/mediastream/MediaStreamTrack.h:
        * Modules/mediastream/MediaStreamTrack.idl:

2014-06-05  Brent Fulgham  <bfulgham@apple.com>

        REGRESSION(169440): Repro crash when playing a video with captions
        https://bugs.webkit.org/show_bug.cgi?id=133459
        <rdar://problem/17079081>

        Reviewed by Eric Carlson.

        The change I made in r169440 introduced a crash for paint-on captions. This
        resolves the problem as follows:
        1. No longer attempt to modify the start/endTime in the TextTrack implementation.
        2. Check for extensions to existing cues when we are about to add new arriving
           cues. If they extend a current pending cue, don't set an end-time for the
           pending cue, and throw away the new duplicate. Otherwise set the end time
           as previously and continue.

        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::hasCue): Remove 'doesExtendCue' case since this is
        no longer possible.
        * platform/graphics/InbandTextTrackPrivateClient.h:
        (WebCore::GenericCueData::doesExtendCueData): Added.
        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
        (WebCore::InbandTextTrackPrivateAVF::processCue): Check for cues extending
        other cues and handle appropriately.

2014-06-06  Brent Fulgham  <bfulgham@apple.com>

        ROLLOUT: r169630: Caused a retain cycle.
        https://bugs.webkit.org/show_bug.cgi?id=133463
        <rdar://problem/17098100>

        Rolling out this change as it introduced a retain cycle.

        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::setControllerJSObject): Deleted.
        * Modules/mediacontrols/MediaControlsHost.h:
        (WebCore::MediaControlsHost::controllerJSValue):
        (WebCore::MediaControlsHost::setControllerJSValue):
        (WebCore::MediaControlsHost::controllerJSObject): Deleted.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):

2014-06-05  Dean Jackson  <dino@apple.com>

        StyleResolver doesn't compile without CSS_GRID_LAYOUT enabled
        https://bugs.webkit.org/show_bug.cgi?id=133568

        Reviewed by Tim Horton.

        * css/StyleResolver.cpp:
        (WebCore::isDisplayGridBox): Add UNUSED_PARAM.

2014-06-05  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Region box incorrectly overlaps floating box
        https://bugs.webkit.org/show_bug.cgi?id=133545

        Reviewed by David Hyatt.

        A region box creates a BFC and it should not overlap a floating box in the same formatting context: http://www.w3.org/TR/CSS21/visuren.html#bfc-next-to-float

        Test: fast/regions/region-as-bfc-avoids-float.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::avoidsFloats):

2014-06-05  Yoav Weiss  <yoav@yoav.ws>

        Align srcset parser with recent spec changes
        https://bugs.webkit.org/show_bug.cgi?id=133504

        Reviewed by Darin Adler.

        New tests were added to fast/hidpi/image-srcset-invalid-descriptor.html

        The srcset parser changes align it with the spec:
        http://picture.responsiveimages.org/#parse-srcset-attr.
        The spec changes are meant to give the parser better future
        compatibility, and enable it to work well with the 'w' descriptor, the
        soon to be added 'h' descriptor and function descriptors (e.g.
        future-descriptor(a, b, c) ).

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
        (WebCore::HTMLImageElement::parseAttribute):
        * html/HTMLImageElement.h:
        * html/parser/HTMLParserIdioms.h:
        (WebCore::isHTMLSpace):
        (WebCore::isComma):
        (WebCore::isHTMLSpaceOrComma):
        * html/parser/HTMLPreloadScanner.cpp:
        (WebCore::TokenPreloadScanner::StartTagScanner::processAttributes):
        * html/parser/HTMLSrcsetParser.cpp:
        (WebCore::compareByDensity):
        (WebCore::appendDescriptorAndReset):
        (WebCore::appendCharacter):
        (WebCore::isEOF):
        (WebCore::tokenizeDescriptors):
        (WebCore::stringViewToFloat):
        (WebCore::stringViewToInt):
        (WebCore::parseDescriptors):
        (WebCore::parseImageCandidatesFromSrcsetAttribute):
        (WebCore::pickBestImageCandidate):
        (WebCore::bestFitSourceForImageAttributes):
        (WebCore::compareByScaleFactor): Deleted.
        (WebCore::parseImagesWithScaleFromSrcsetAttribute): Deleted.
        * html/parser/HTMLSrcsetParser.h:
        (WebCore::DescriptorParsingResult::DescriptorParsingResult):
        (WebCore::DescriptorParsingResult::hasDensity):
        (WebCore::DescriptorParsingResult::hasWidth):
        (WebCore::DescriptorParsingResult::hasHeight):
        (WebCore::DescriptorParsingResult::density):
        (WebCore::DescriptorParsingResult::resourceWidth):
        (WebCore::DescriptorParsingResult::resourceHeight):
        (WebCore::DescriptorParsingResult::setResourceWidth):
        (WebCore::DescriptorParsingResult::setResourceHeight):
        (WebCore::DescriptorParsingResult::setDensity):
        (WebCore::ImageCandidate::ImageCandidate):
        (WebCore::ImageCandidate::toString):
        (WebCore::ImageCandidate::url):
        (WebCore::ImageCandidate::setDensity):
        (WebCore::ImageCandidate::density):
        (WebCore::ImageCandidate::resourceWidth):
        (WebCore::ImageCandidate::srcOrigin):
        (WebCore::ImageCandidate::isEmpty):
        (WebCore::ImageWithScale::ImageWithScale): Deleted.
        (WebCore::ImageWithScale::imageURL): Deleted.
        (WebCore::ImageWithScale::scaleFactor): Deleted.
        * html/parser/ParsingUtilities.h: Renamed from Source/WebCore/html/track/ParsingUtilities.h.
        (skipExactly):
        (skipUntil):
        (skipWhile):
        (reverseSkipWhile):

2014-06-05 Wenson Hsieh  <wenson_hsieh@apple.com>

        Current media controls look different from previous media controls. Adjusted CSS to make media elements more similar by adding padding, adjusting hues/svg, resizing elements, etc.

        https://bugs.webkit.org/show_bug.cgi?id=133521

        Reviewed by Eric Carlson.

        The main issues:
        - The widths between elements of both audio and video players are incorrect.
        - The hues of audio player elements are incorrect.
        - The hues of video player elements are content dependent (refer to full-screen mode), and this cannot be exactly replicated using just css. This patch only attempts to make them more similar.
        - The height of the audio player is incorrect.

        Test: platform/ios-sim/media/audio-width.html

        * Modules/mediacontrols/mediaControlsiOS.css: Updated style elements for audio/video elements.
        (::-webkit-media-controls): Enforce a minimum width on audio/video controls.
        (audio): Enforce a minimum width on audio elements.
        (audio::-webkit-media-controls): see below
        (audio::-webkit-media-controls-wireless-playback-picker-button): modified SVG, hue and width/height.
        (audio::-webkit-media-controls-panel): adjusted hue, added left/right padding.
        (audio::-webkit-media-controls-fullscreen-button): removed. There's no fullscreen for audio anyways.
        (audio::-webkit-media-controls-current-time-display): adjusted font size, added left padding.
        (audio::-webkit-media-controls-time-remaining-display): adjusted font size, added right padding.

        (video::-webkit-media-controls-panel): adjusted hue, added left/right padding.
        (video::-webkit-media-controls-current-time-display): added left padding.
        (video::-webkit-media-controls-time-remaining-display): added right padding.
        (video::-webkit-media-controls-wireless-playback-picker-button): modified SVG, hue, opacity and width/height.
        (video::-webkit-media-controls-fullscreen-button): modified SVG, hue, opacity, and width/height. In particular, made the svg seem sharper.
        (video::-webkit-media-controls-play-button): modified SVG, hue, opacity, and width/height.

2014-06-05  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r169570.
        https://bugs.webkit.org/show_bug.cgi?id=133565

        It breaks Baidu (Requested by benjaminp on #webkit).

        Reverted changeset:

        "[iOS] Start ignoring common bogus viewport parameters"
        https://bugs.webkit.org/show_bug.cgi?id=133466
        http://trac.webkit.org/changeset/169570

2014-06-05  Michael Timbrook  <timbrook@apple.com>

        AX: Add support for ARIA 1.1 'none' role
        https://bugs.webkit.org/show_bug.cgi?id=133367

        Reviewed by Chris Fleizach.

        Added support for the 'none' role by added a lookup for it to go to PresentationalRole
        Test: accessibility/aria-none-role.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::initializeRoleMap):

2014-06-05  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [ATK] Children of tables and lists with role='presentation' should each be exposed as if they were div elements
        https://bugs.webkit.org/show_bug.cgi?id=133133

        Reviewed by Chris Fleizach.

        When a table or list has role='presentation', accessibility is "ignored"
        for that element, but not for the required children. The default roles
        for the children (CellRole and ListItemRole) do not make sense without
        the parent, therefore map them to DivRole in ATK if they inherit the
        presentational role.

        Test: accessibility/aria-inherits-presentational.html

        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::inheritsPresentationalRole):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::inheritsPresentationalRole):
        * accessibility/AccessibilityRenderObject.h:
        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (atkRole):

2014-06-05  Brent Fulgham  <bfulgham@apple.com>

        REGRESSION (r167962): Out of bounds read in JSC::StructureIDTable::get() 
        https://bugs.webkit.org/show_bug.cgi?id=133463
        <rdar://problem/17098100>

        Reviewed by Dean Jackson.

        Revise MediaControllerHost implementation so that it holds a Strong
        reference to the JavaScript 'Controller' object it mirrors. The
        MediaControllerHost is constructed when we create an HTMLMediaElement,
        and is the logical place to retain ownership of the JS object so that
        it does not get garbage collected as long as HTMLMediaElement exists.

        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::setControllerJSObject): Create a strong
        reference to the JavaScript Controller object.
        * Modules/mediacontrols/MediaControlsHost.h: Use JSC::Strong to hold a
        JSObject, rather than a bare JSValue.
        (WebCore::MediaControlsHost::controllerJSObject): Change name to reflect
        that we are working with JSObjects, not JSValues.
        (WebCore::MediaControlsHost::controllerJSValue): Deleted.
        (WebCore::MediaControlsHost::setControllerJSValue): Deleted.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute): Revise for changed method
        signature.

2014-06-05  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Add device orientation
        https://bugs.webkit.org/show_bug.cgi?id=133530

        Reviewed by Tim Horton.

        Previously, WebCore was getting the orientation directly from the WebKit layer.
        This had to be done during the frame creation and was very fragile.

        Frame is changed to pull the value from the chrome client. That way we avoid races
        and we can maintain a single value for all frames.

        Sending the values to all the subframes is aslo done here so that we do not have to repeat
        it in both WebKit layers.

        * WebCore.exp.in:
        * loader/EmptyClients.h:
        * page/ChromeClient.h:
        * page/Frame.cpp:
        (WebCore::Frame::Frame):
        (WebCore::Frame::orientationChanged):
        (WebCore::Frame::orientation):
        (WebCore::Frame::sendOrientationChangeEvent): Deleted.
        * page/Frame.h:
        (WebCore::Frame::orientation): Deleted.

2014-06-05  Timothy Horton  <timothy_horton@apple.com>

        Fix the !CACHE_SUBIMAGES build

        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::drawNativeImage):

2014-06-05  Yusuke Suzuki  <utatane.tea@gmail.com>

        CSS JIT: Clean up StackAllocator
        https://bugs.webkit.org/show_bug.cgi?id=133506

        Reviewed by Benjamin Poulain.

        Cleaning up CSS JIt StackAllocator code. Sharing push / pop code and
        using information provided by MacroAssembler more aggressively
        to drop ifdefs.

        * cssjit/StackAllocator.h:
        (WebCore::StackAllocator::allocateUninitialized):
        (WebCore::StackAllocator::push):
        (WebCore::StackAllocator::pop):
        (WebCore::StackAllocator::popAndDiscard):
        (WebCore::StackAllocator::popAndDiscardUpTo):
        (WebCore::StackAllocator::alignStackPreFunctionCall):
        (WebCore::StackAllocator::unalignStackPostFunctionCall):
        (WebCore::StackAllocator::stackUnitInBytes):

2014-06-05  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: border-radius painting falls back to rectangle when the snapped rounded rect becomes non-renderable.
        https://bugs.webkit.org/show_bug.cgi?id=133491

        Reviewed by Simon Fraser.

        Pixel snapping can change the rectangle's size when it is on a certain subpixel position. (usually it does not)
        This patch ensures that the snapped rect is still renderable by adjusting the radii as well.

        Test: fast/borders/hidpi-border-radius-with-subpixel-margin-not-renderable.html

        * platform/graphics/RoundedRect.cpp:
        (WebCore::RoundedRect::Radii::scale):
        (WebCore::RoundedRect::pixelSnappedRoundedRectForPainting):
        * platform/graphics/RoundedRect.h:

2014-06-05  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r169587.
        https://bugs.webkit.org/show_bug.cgi?id=133552

        Calls a pure virtual method, crashes (Requested by ap on
        #webkit).

        Reverted changeset:

        "WebKit should adopt journal_mode=wal for all SQLite
        databases."
        https://bugs.webkit.org/show_bug.cgi?id=133496
        http://trac.webkit.org/changeset/169587

2014-06-05  Frédéric Wang  <fred.wang@free.fr>

        Apply Character-level mirroring to stretchy operators in RTL mode.
        https://bugs.webkit.org/show_bug.cgi?id=130839

        Reviewed by Chris Fleizach.

        We add support for character-level mirroring for stretchy MathML operators in RTL mode.
        Glyph-level mirroring (via the rtlm OpenType feature) will be handled in bug 130840.

        Test: mathml/presentation/stretchy-rtl.html

        * rendering/mathml/RenderMathMLOperator.cpp: reorganize the Unicode stretchyCharacters table to make mirroring easy.
        (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): pass the right boolean to glyphDataForCharacter.
        (WebCore::RenderMathMLOperator::getDisplayStyleLargeOperator): ditto
        (WebCore::RenderMathMLOperator::findStretchyData): ditto and change the index for the stretchyCharacters fallback.
        (WebCore::RenderMathMLOperator::updateStyle): pass the right boolean to glyphDataForCharacter.
        (WebCore::RenderMathMLOperator::paint): remove the FIXME comment.
        (WebCore::RenderMathMLOperator::paintVerticalGlyphAssembly): switch the leading/trailing space in RTL mode.

2014-06-05  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Buttons in default media controls shift vertically when controls fade in or out.
        https://bugs.webkit.org/show_bug.cgi?id=133488

        Reviewed by Simon Fraser.

        Filter effects are not subpixel aware yet. They paint to integrally sized image buffers.
        In order to ensure that the content is rendered to the the same position on the filter 
        source context as if there was no filter, the repaint rects need to be adjusted to match with
        the internal filter snapping (enclosingIntRect).
        This is a temporary change until after filter effects get subpixelized.

        However, this changeset regresses RenderNameFlow clipping when the content is on subpixel position
        and filter effect is present. Instead of adding the failing test cases to TestExpectations, I removed
        the video controls from the <video> to make the tests pass, when possible (they just happen to have <video>)
        and filed webkit.org/b/133523 to track the regression.

        Test: css3/filters/filter-is-on-subpixel-position.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::setupFilters):

2014-06-05  Kiran  <kiran.guduru@samsung.com>

        [MediaStream] MediaStream.addTrack should not check for tracks ended state.
        https://bugs.webkit.org/show_bug.cgi?id=133510

        Reviewed by Eric Carlson.

        Adding and removing of tracks to a MediaStream should not have dependency
        on tracks state. So the check for MediaStreamTrack's ended state has been
        removed while adding a track in MediaStreamPrivate.cpp.

        Test: fast/mediastream/MediaStream-add-ended-tracks.html

        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::addTrack):

2014-06-05  Gwang Yoon Hwang  <yoon@igalia.com>

        [GTK] Remove ScrollViewGtk.cpp
        https://bugs.webkit.org/show_bug.cgi?id=133535

        Reviewed by Carlos Garcia Campos.

        Because GTK+ WK1 was removed, we don't have to consider special cases
        handled in ScrollViewGtk.cpp.

        No new tests are necessary because there is no behavior change.

        * PlatformGTK.cmake:
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::setScrollbarModes):
        (WebCore::ScrollView::visibleContentRectInternal):
        * platform/gtk/ScrollViewGtk.cpp: Removed.

2014-06-05  Frédéric Wang  <fred.wang@free.fr>

        MathML operators not stretched horizontally
        https://bugs.webkit.org/show_bug.cgi?id=72828

        Reviewed by Chris Fleizach.

        This patch adds basic horizontal stretching rules for operators inside
        an <munder>, <mover> or <munderover> elements. The stretchy operators
        in such an element stretch to cover the size of the non-stretchy
        operators. This only works when fonts that have an OpenType MATH table
        are used.

        Tests: mathml/opentype/horizontal-LatinModern.html
               mathml/opentype/opentype-stretchy-horizontal.html
               mathml/opentype/horizontal-LatinModern-munderover.html

        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::MathMLOperatorDictionary::ExtractKeyHorizontal): We add an ordered list of operators that have horizontal stretch direction.
        (WebCore::RenderMathMLOperator::RenderMathMLOperator): init m_Vertical
        (WebCore::RenderMathMLOperator::SetOperatorProperties): set m_Vertical by checking whether the operator is in the horizontalOperators list.
        (WebCore::RenderMathMLOperator::stretchTo): We do not stretch vertically
        if the operator has horizontal direction.
        We also add a new version stretchTo(LayoutUnit width) for horizontal stretching only.
        (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Handle horizontal stretching: the maximumGlyphWidth is the maximum of
        the base size or of the stretch size.
        (WebCore::RenderMathMLOperator::getDisplayStyleLargeOperator): Add an ASSERT to ensure that this function is only called for vertical stretching.
        (WebCore::RenderMathMLOperator::findStretchyData): Add an ASSERT to ensure that this function is not called to get the maximum width of a horizontal stretchy operator.
        We take into account m_isVertical when calling getMathVariants or computing sizes.
        There is not any Unicode-only construction for horizontal stretching, so a MATH table is required for horizontal stretching.
        (WebCore::RenderMathMLOperator::updateStyle): Ignore some code paths specific to vertical stretching and take into account the m_Vertical parameters.
        For horizontal stretching, the m_stretch*Baseline parameters are now updated to match the metrics of the size variant or of the maximum of the parts in the glyph assembly.
        (WebCore::RenderMathMLOperator::computeLogicalHeight): logicalHeight is now explicitely the sum of m_stretchHeightAboveBaseline and m_stretchDepthBelowBaseline, since it can be different from the stretchSize() in horizontal stretching.
        (WebCore::RenderMathMLOperator::paintGlyph): handle trimming for horizontal stretching.
        (WebCore::RenderMathMLOperator::fillWithVerticalExtensionGlyph): rename the function and ensure it is only call for m_isVertical.
        (WebCore::RenderMathMLOperator::fillWithHorizontalExtensionGlyph): same as fillWithVerticalExtensionGlyph, but for horizontal stretching.
        (WebCore::RenderMathMLOperator::paint): For glyph assembly, choose between paintVerticalGlyphAssembly or paintHorizontalGlyphAssembly.
        (WebCore::RenderMathMLOperator::paintVerticalGlyphAssembly): rename the function and ensure it is only call for m_isVertical.
        (WebCore::RenderMathMLOperator::paintHorizontalGlyphAssembly): same as paintVerticalGlyphAssembly but for horizontal stretching.
        * rendering/mathml/RenderMathMLOperator.h: we add a m_isVertical member to indicate the stretch direction and a m_stretchWidth to indicate the width of the stretchy character.
        We define the horizontal counterparts of fillWith*ExtensionGlyph, paint*GlyphAssembly, GlyphPaintTrimming  StretchyData.
        Finally stretchSize() takes into account the stretch direction.
        * rendering/mathml/RenderMathMLUnderOver.cpp: We override the layout() function to stretch munderover children horizontally.
        (WebCore::RenderMathMLUnderOver::layout):
        * rendering/mathml/RenderMathMLUnderOver.h: we declare layout().

2014-06-04  Bem Jones-Bey  <bjonesbe@adobe.com>

        [CSS Shapes] Image lifetime is not properly handled for gradient shapes
        https://bugs.webkit.org/show_bug.cgi?id=133414

        Reviewed by Simon Fraser.

        Refactor computedShape() and it's helpers to be able to properly
        manage the lifetime of the image returned from StyleImage.

        This is a port of a Blink patch by Hans Muller.

        Test: fast/shapes/shape-outside-floats/shape-outside-uncached-gradient.html

        * rendering/shapes/ShapeOutsideInfo.cpp:
        (WebCore::ShapeOutsideInfo::createShapeForImage): Properly handle the
            lifetime of the image. Changed to use StyleImage::image() to get
            the image in all cases there's no need to special case cached
            images.
        (WebCore::ShapeOutsideInfo::computedShape): Call createShapeForImage.
        (WebCore::getShapeImageAndRect): Deleted.
        * rendering/shapes/ShapeOutsideInfo.h:

2014-06-04  Bem Jones-Bey  <bjonesbe@adobe.com>

        [CSS Shapes] Fix off by one in creating a RasterShape
        https://bugs.webkit.org/show_bug.cgi?id=133499

        Reviewed by Darin Adler.

        Test: fast/shapes/shape-outside-floats/shape-outside-floats-shape-margin-crash.html

        * rendering/shapes/RasterShape.cpp:
        (WebCore::RasterShapeIntervals::computeShapeMarginIntervals):
            marginY1 is supposed to be an inclusive endpoint, however, maxY()
            is an exclusive endpoint. This simply changes marginY1 into an
            exclusive endpoint.

2014-06-04  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Restore the visual scroll position instead of the dom scroll position when restoring states from the history
        https://bugs.webkit.org/show_bug.cgi?id=133490

        Reviewed by Tim Horton.

        Expose the WebKit1 parameter "ScaleIsInitial". It is used for a similar concept in WebKit2 (userHasChangedPageScaleFactor).

        Add "exposedContentPosition", which is the scroll position of the exposed rect.

        * history/HistoryItem.h:
        (WebCore::HistoryItem::exposedContentPosition):
        (WebCore::HistoryItem::setExposedContentPosition):
        (WebCore::HistoryItem::setScaleIsInitial):
        * loader/HistoryController.cpp:
        (WebCore::HistoryController::saveScrollPositionAndViewStateToItem):

2014-06-04  Alex Christensen  <achristensen@webkit.org>

        Enable WebGL on Windows.
        https://bugs.webkit.org/show_bug.cgi?id=133503

        Reviewed by Brent Fulgham.

        No new tests, but we should enable the webgl tests soon.

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::markContextChanged):
        Check if the context and RenderBox are accelerated to use accelerated code path.
        * html/canvas/WebGLRenderingContext.h:
        Disable accelerated compositing on WebGL canvases until that works.
        * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
        (WebCore::GraphicsContext3D::reshapeFBOs):
        Compile fix after r166563.

2014-06-04  Benjamin Poulain  <benjamin@webkit.org>

        Regression(r169547): Crash in WebCore::styleForFirstLetter() while loading http://thenextweb.com/apple/2014/02/21/apple-confirms-acquired-testflight-creator-burstly/
        https://bugs.webkit.org/show_bug.cgi?id=133500

        Reviewed by Antti Koivisto.

        Unlike the other tree marking optimization, adding HasPseudoStyle() on an element style
        during style resolution must be conservative and not set the flag unless every other filter
        matched first.

        After r169547, the SelectorChecker was setting flags on HasPseudoStyle() during the pseudo
        element matching. If that passed but the remaining filter did not match, the element style
        could have the flag "FIRST_LETTER" while not being able to resolve a style for "FIRST_LETTER".

        When the layout code was creating the renderer, it would find the FIRST_LETTER flag on the main style
        and try to get the specific style for FIRST_LETTER. Since no rule would resolve for FIRST_LETTER,
        the style would be null and the code would be crashing when accessing its parameters.

        This patch fixes the issue by moving the style marking for pseudo element at the end of the matching.

        Test: fast/css/first-letter-on-non-matching-selectors.html

        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::match):
        (WebCore::SelectorChecker::matchRecursively):
        * css/SelectorChecker.h:
        (WebCore::SelectorChecker::match): Deleted.

2014-06-04  Eric Carlson  <eric.carlson@apple.com>

        [iOS] allow UA to specify network interface
        https://bugs.webkit.org/show_bug.cgi?id=133396

        Reviewed by Jer Noble.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaPlayerInterfaceName): Return settings->networkInterfaceName.
        * html/HTMLMediaElement.h:

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::mediaPlayerNetworkInterfaceName): Pass through the media element.
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayerClient::mediaPlayerNetworkInterfaceName):

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): If the media player
            wants to use a specific netork interface name, pass it to the AVAsset allocator.

2014-06-03  Jon Honeycutt  <jhoneycutt@apple.com>

        Pasting multiple photos on iOS only pastes one photo

        <https://bugs.webkit.org/show_bug.cgi?id=133495>
        <rdar://problem/16138616>

        Reviewed by Alexey Proskuryakov.

        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::pasteWithPasteboard):
        Create a WebContentReader. For each pasteboard item, get the document
        fragment for that item, and add it to the reader. If we fail to get
        the fragment from the delegate, fall back to using
        webContentFromPasteboard() as before.

2014-06-04  Myles C. Maxfield  <litherum@gmail.com>

        Use references instead of pointers for non-optional arguments during text layout
        https://bugs.webkit.org/show_bug.cgi?id=133501

        Reviewed by Tim Horton.

        This patch applies some cleanup to InlineBox layout functions to take
        references instead of pointers where appropriate.

        No new tests are necessary because there is no behavior change.

        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::computeLogicalBoxHeights): Make the function take a
        reference to the RootInlineBox instead of a pointer. This function does some
        rounding.
        (WebCore::InlineFlowBox::addTextBoxVisualOverflow): Make the function take a
        reference to the InlineTextBox instead of a pointer.
        (WebCore::InlineFlowBox::computeOverflow): Update call to addTextBoxVisualOverflow
        to pass a reference instead of a pointer.
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::alignBoxesInBlockDirection): Update call to
        computeLogicalBoxHeights to pass a reference instead of a pointer.
        (WebCore::RootInlineBox::ascentAndDescentForBox): Make the function take a
        reference to the InlineBox instead of a pointer.
        (WebCore::RootInlineBox::includeLeadingForBox): Make the function take a reference
        instead of a pointer.
        (WebCore::RootInlineBox::includeFontForBox): Ditto.
        (WebCore::RootInlineBox::includeGlyphsForBox): Ditto.
        (WebCore::RootInlineBox::includeMarginForBox): Ditto.
        * rendering/RootInlineBox.h: Move functions that are not externally called into
        a private: section. In addition, update function signatures to take references
        instead of pointers.

2014-05-27  Myles C. Maxfield  <mmaxfield@apple.com>

        Lists styled with SVG fonts are not rendered as expected
        https://bugs.webkit.org/show_bug.cgi?id=133198

        Reviewed by Simon Fraser.

        There were a couple places in RenderListMarker and RenderMenuList that were
        implicitly creating TextRuns by passing a String to a function which
        expected a TextRun. Because TextRun has a constructor which takes a single
        String and isn't marked explicit, TextRuns were being created without
        any of the associated code that initializes the TextRun (such as creating
        a RenderingContext if necessary).

        There is currently one more client of this code that needs to be fixed.
        This is in RenderThemeIOS::adjustMenuListButtonStyle(). However, fixing
        this will be a somewhat large change, and is out of scope for this patch.
        I will submit a follow-up patch that fixes this permanently. Once this is
        fixed, I can mark TextRun's constructors as explicit.

        Test: svg/custom/list-items-with-svg-font-family.html

        * platform/graphics/TextRun.h:
        (WebCore::TextRun::TextRun): Mark constructors as explicit.
        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::computePreferredLogicalWidths): Call
        RenderBlock::constructTextRun.
        (WebCore::RenderListMarker::getRelativeMarkerRect): Ditto.
        * rendering/RenderMenuList.cpp:
        (RenderMenuList::updateOptionsWidth): Ditto.
        * rendering/RenderThemeIOS.mm:
        (WebCore::adjustInputElementButtonStyle): Instead of crashing, mark
        form controls rendered with SVG fonts as having 0 width. This isn't
        perfect, but fixing this is out of scope for this patch.

2014-06-04  Andreas Kling  <akling@apple.com>

        WebKit should adopt journal_mode=wal for all SQLite databases.
        <https://webkit.org/b/133496>
        <rdar://problem/15600186>

        We already had code to enable write-ahead logging, but it didn't work
        since calling SQLiteStatement::step() without first calling prepare()
        is a no-op.

        Converted it to use into a simple executeCommand() instead.

        Reviewed by Brady Eidson.

        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::SQLiteDatabase::open):

2014-06-04  Radu Stavila  <stavila@adobe.com>

        REGRESSION: [CSS Regions] Regions with overflow:auto generate scrollbars even if the content flows into the following regions and as such, should not be scrolled
        https://bugs.webkit.org/show_bug.cgi?id=133481

        Reviewed by Antti Koivisto.

        When enlarging the layout overflow of a scrollable region, the portion of the content that flows
        in the region must be taken into consideration. If the content continues to flow into the next
        region, the layout overflow of the current region must not be enlarged.

        Test: fast/regions/scrollable-first-region.html

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::addRegionsOverflowFromChild):

2014-06-03  Benjamin Poulain  <benjamin@webkit.org>

        Fix some corner cases of :hover and :active in quirks mode
        https://bugs.webkit.org/show_bug.cgi?id=133493

        Reviewed by Andreas Kling.

        Previously, the quirks mode of :hover and :active were evaluated from the SelectorFragment
        in fragmentOnlyMatchesLinksInQuirksMode(). There were two problems with that approach:
        1) The FragmentGenerator optimizes out some filter when they always match or can never match.
           Those fragment should still qualify :hover and :active, but they were lost
           for fragmentOnlyMatchesLinksInQuirksMode().
        2) Explicitely listing every attribute of SelectorFragment in fragmentOnlyMatchesLinksInQuirksMode()
           was extremly fragile. When :not() and :-webkit-any() were added, we forgot to update the quirks
           exceptions.

        This patch moves the quirks mode exception code from the code generator to the Fragment generator.
        The useless filters are no longer ignored for the quirks, and we don't need to update the quirks mode detection
        with every change of SelectorFragment.

        It is inefficient and ugly, but that is how that quirks is defined. It is only a problem for compilation,
        execution time remains unchanged.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorFragment::SelectorFragment):
        (WebCore::SelectorCompiler::addPseudoClassType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
        (WebCore::SelectorCompiler::pseudoClassOnlyMatchesLinksInQuirksMode):
        (WebCore::SelectorCompiler::constructFragments):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSpecialFailureInQuirksModeForActiveAndHoverIfNeeded):
        (WebCore::SelectorCompiler::fragmentOnlyMatchesLinksInQuirksMode): Deleted.

2014-06-03  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Need to check invalid scheme in navigator content utils 
        https://bugs.webkit.org/show_bug.cgi?id=133296

        Reviewed by Darin Adler.

        * Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
        (WebCore::verifyProtocolHandlerScheme): Just fix a wrong typo.

2014-06-03  Timothy Horton  <timothy_horton@apple.com>

        WebKit2 View Gestures (Zoom): Can show unpainted regions when zoom-pinching-out
        https://bugs.webkit.org/show_bug.cgi?id=133472
        <rdar://problem/15686848>

        Reviewed by Simon Fraser.

        * WebCore.exp.in:

2014-06-03  Yoav Weiss  <yoav@yoav.ws>

        Refactor the srcset parser into its own file
        https://bugs.webkit.org/show_bug.cgi?id=133480

        Reviewed by Andreas Kling.

        No new tests, since this patch doesn't change the parser's behavior.

        This patch moves the srcset parser into its own file,
        in order to prepare the code for alignment with recent spec changes.

        * CMakeLists.txt:
        * html/HTMLImageElement.cpp:
        * html/parser/HTMLParserIdioms.cpp:
        (WebCore::compareByScaleFactor): Deleted.
        (WebCore::parseDescriptors): Deleted.
        (WebCore::parseImagesWithScaleFromSrcsetAttribute): Deleted.
        (WebCore::bestFitSourceForImageAttributes): Deleted.
        * html/parser/HTMLParserIdioms.h:
        (WebCore::ImageWithScale::ImageWithScale): Deleted.
        (WebCore::ImageWithScale::imageURL): Deleted.
        (WebCore::ImageWithScale::scaleFactor): Deleted.
        * html/parser/HTMLPreloadScanner.cpp:
        * html/parser/HTMLSrcsetParser.cpp: Added.
        (WebCore::compareByScaleFactor):
        (WebCore::parseDescriptors):
        (WebCore::parseImagesWithScaleFromSrcsetAttribute):
        (WebCore::bestFitSourceForImageAttributes):
        * html/parser/HTMLSrcsetParser.h: Added.
        (WebCore::ImageWithScale::ImageWithScale):
        (WebCore::ImageWithScale::imageURL):
        (WebCore::ImageWithScale::scaleFactor):

2014-06-03  Mario Sanchez Prada  <mario.prada@samsung.com>

        [ATK] accessibility/textarea-selected-text-range.html is failing
        https://bugs.webkit.org/show_bug.cgi?id=133479

        Reviewed by Chris Fleizach.

        Implement atk_text_set_caret_offset() in terms of
        atk_text_set_selection() for zero-length selections.

        No new tests needed, the following test should just start
        passing again now: accessibility/textarea-selected-text-range.html.

        * accessibility/atk/WebKitAccessibleInterfaceText.cpp:
        (webkitAccessibleTextSetCaretOffset): Reimplemented this function
        in terms of webkitAccessibleTextSetSelection().

2014-06-03  Alex Christensen  <achristensen@webkit.org>

        Corrected arm64 assertion in css jit.

        Rubber stamped by Benjamin Poulain.

        * cssjit/StackAllocator.h:
        (WebCore::StackAllocator::pop):
        Changed assertion from incorrectly matching x86_64 to using the correct minimum offset,
        taking into account that a stackUnitInBytes is used for two registers on arm64
        except the last stack unit, which could only be used for one register if there are
        an odd number of registers.

2014-06-03  Benjamin Poulain  <bpoulain@apple.com>

        [iOS] Start ignoring common bogus viewport parameters
        https://bugs.webkit.org/show_bug.cgi?id=133466
        <rdar://problem/16203396>

        Reviewed by Sam Weinig.

        Incorrect viewports are spreading really quickly lately. We have to start ignoring
        some combinations of arguments as they are almost always used incorrectly, causing
        a poor user experience on those websites.

        * dom/ViewportArguments.cpp:
        (WebCore::finalizeViewportArguments):

2014-06-03  Yusuke Suzuki  <utatane.tea@gmail.com>

        CSS JIT: add support for the "any" pseudo class
        https://bugs.webkit.org/show_bug.cgi?id=133473

        Reviewed by Benjamin Poulain.

        Add support for the :any pseudo class.

        Test: fast/selectors/pseudo-class-any.html

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoClassType):
        (WebCore::SelectorCompiler::minimumRegisterRequirements):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatchesAnyPseudoClass):

2014-06-02  Jer Noble  <jer.noble@apple.com>

        Update PlatformTimeRanges to use MediaTime rather than doubles for time values.
        https://bugs.webkit.org/show_bug.cgi?id=133454

        Reviewed by Eric Carlson.

        PlatformTimeRanges will now use MediaTime, so operations at the platform level won't
        lose precision when converting to and from doubles and rational time values like CMTime.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::currentTimeFudgeFactor):
        (WebCore::SourceBuffer::hasCurrentTime):
        (WebCore::SourceBuffer::hasFutureTime):
        (WebCore::SourceBuffer::canPlayThrough):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):
        * html/TimeRanges.cpp:
        (WebCore::TimeRanges::TimeRanges):
        (WebCore::TimeRanges::start):
        (WebCore::TimeRanges::end):
        (WebCore::TimeRanges::add):
        (WebCore::TimeRanges::contain):
        (WebCore::TimeRanges::find):
        (WebCore::TimeRanges::nearest):
        (WebCore::TimeRanges::totalDuration):
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::seekable):
        * platform/graphics/PlatformTimeRanges.cpp:
        (WebCore::PlatformTimeRanges::create):
        (WebCore::PlatformTimeRanges::PlatformTimeRanges):
        (WebCore::PlatformTimeRanges::invert):
        (WebCore::PlatformTimeRanges::start):
        (WebCore::PlatformTimeRanges::end):
        (WebCore::PlatformTimeRanges::add):
        (WebCore::PlatformTimeRanges::contain):
        (WebCore::PlatformTimeRanges::find):
        (WebCore::PlatformTimeRanges::nearest):
        (WebCore::PlatformTimeRanges::totalDuration):
        * platform/graphics/PlatformTimeRanges.h:
        (WebCore::PlatformTimeRanges::Range::Range):
        (WebCore::PlatformTimeRanges::Range::isPointInRange):
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::extraMemoryCost):
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::MediaPlayerPrivateAVFoundationCF::platformBufferedTimeRanges):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::platformBufferedTimeRanges):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekable):
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::buffered): Deleted.
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        (WebCore::MediaPlayerPrivateQTKit::buffered):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::buffered):
        * platform/mock/mediasource/MockMediaPlayerMediaSource.cpp:
        (WebCore::MockMediaPlayerMediaSource::advanceCurrentTime):

2014-06-03  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Align the highlight rects with device pixels
        https://bugs.webkit.org/show_bug.cgi?id=133464

        Reviewed by Enrica Casucci.

        Add utility functions to pixel align points and rects.

        * WebCore.exp.in:
        * platform/graphics/FloatPoint.h:
        (WebCore::flooredToDevicePixels):
        (WebCore::ceiledToDevicePixels):
        * platform/graphics/FloatRect.cpp:
        (WebCore::enclosingRectExtendedToDevicePixels):
        * platform/graphics/FloatRect.h:

2014-06-03  Timothy Horton  <timothy_horton@apple.com>

        Prepopulated tiles may never be unparented from TileGrids with aggressive tile retention on
        https://bugs.webkit.org/show_bug.cgi?id=133471

        Reviewed by Simon Fraser.

        * platform/graphics/ca/mac/TileController.h:
        * platform/graphics/ca/mac/TileGrid.h:
        (WebCore::TileGrid::TileCohortInfo::TileCohortInfo):
        * platform/graphics/ca/mac/TileGrid.mm:
        (WebCore::TileGrid::TileCohortInfo::timeUntilExpiration):
        (WebCore::TileGrid::cohortRemovalTimerFired):
        Factor timeUntilExpiration() out of cohortRemovalTimerFired().

        (WebCore::TileGrid::revalidateTiles):
        Ensure that secondary tiles that never touch the primary coverage rect
        are still unparented eventually (after 2 seconds, the same lifetime we use
        for cohorts in non-aggressive retention).
        Schedule another revalidateTiles if we left parented secondary tiles behind.

2014-06-03  Timothy Horton  <timothy_horton@apple.com>

        TileGrid::prepopulateRect populates the wrong tiles if scale != 1
        https://bugs.webkit.org/show_bug.cgi?id=133470

        Reviewed by Simon Fraser.

        * page/FrameView.cpp:
        (WebCore::FrameView::requestScrollPositionUpdate):
        * platform/graphics/ca/mac/TileGrid.mm:
        (WebCore::TileGrid::prepopulateRect):
        (WebCore::TileGrid::revalidateTiles):
        prepopulateRect takes rects in "content" coordinates, but when later passed to
        ensureTilesForRect, they're expected to be in the same coordinate space as the layer's
        visible rect, and are scaled up. So, apply the inverse scale to counter that.

2014-06-03  Timothy Horton  <timothy_horton@apple.com>

        Minor TileCoverageMap refinements
        https://bugs.webkit.org/show_bug.cgi?id=133468

        Reviewed by Simon Fraser.

        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::setContentsScale):
        * platform/graphics/ca/mac/TileCoverageMap.h:
        * platform/graphics/ca/mac/TileCoverageMap.mm:
        (WebCore::TileCoverageMap::TileCoverageMap):
        (WebCore::TileCoverageMap::setDeviceScaleFactor):
        Keep the TileCoverageMap's contentsScale at the device scale factor, so that it
        looks sharp on non-1x displays.

        (WebCore::TileCoverageMap::update):
        Decrease the height available for the TileCoverageMap by the topContentInset;
        it's already being vertically offset by the topContentInset, but the height was
        not adjusted, so it would run off the bottom of the window.

        * platform/graphics/ca/mac/TileGrid.mm:
        (WebCore::TileGrid::drawTileMapContents):
        If using aggressive tile retention (and thus not coloring tiles based on age),
        dim tiles that aren't in the visible cohort.

2014-06-03  Timothy Horton  <timothy_horton@apple.com>

        Fix a typo, TileGrid::updateTilerLayerProperties
        https://bugs.webkit.org/show_bug.cgi?id=133474

        Reviewed by Anders Carlsson.

        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::setAcceleratesDrawing):
        (WebCore::TileController::setTilesOpaque):
        (WebCore::TileController::setTileDebugBorderWidth):
        (WebCore::TileController::setTileDebugBorderColor):
        * platform/graphics/ca/mac/TileGrid.h:
        * platform/graphics/ca/mac/TileGrid.mm:
        (WebCore::TileGrid::updateTileLayerProperties):
        (WebCore::TileGrid::updateTilerLayerProperties):
        s/updateTilerLayerProperties/updateTileLayerProperties/g

2014-06-03  Carlos Garcia Campos  <cgarcia@igalia.com>

        [SOUP] ResourceLoadTiming.responseStart is always 0
        https://bugs.webkit.org/show_bug.cgi?id=133469

        Reviewed by Sergio Villar Senin.

        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::sendRequestCallback): Record the responseStart time.

2014-06-02  David Kilzer  <ddkilzer@apple.com>

        [iOS] WebCore fails to build: platform/network/mac/ResourceHandleMac.mm:729:62: error: use of undeclared identifier '_CFURLConnectionCopyTimingData'
        <http://webkit.org/b/133445>
        <rdar://problem/17090035>

        Reviewed by Alexey Proskuryakov.

        * platform/network/mac/ResourceHandleMac.mm: Attempt to fix the
        build by including a private header and local declaration.

2014-05-31  Anders Carlsson  <andersca@apple.com>

        Change DeferrableOneShotTimer to use std::function instead of being a class template
        https://bugs.webkit.org/show_bug.cgi?id=133423

        Reviewed by Antti Koivisto.

        Also, add a new constructor to DeferrableOneShotTimer that takes an std::function. Change the callback
        to not pass a DeferrableOneShotTimer& anymore. Change the delay parameter to use std::chrono::milliseconds.

        * css/CSSImageGeneratorValue.cpp:
        (WebCore::CSSImageGeneratorValue::CachedGeneratedImage::CachedGeneratedImage):
        (WebCore::CSSImageGeneratorValue::CachedGeneratedImage::evictionTimerFired):
        * css/CSSImageGeneratorValue.h:
        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::simulatedMouseClickTimerFired):
        * html/HTMLPlugInImageElement.h:
        * loader/cache/CachedResource.cpp:
        (WebCore::deadDecodedDataDeletionIntervalForResourceType):
        (WebCore::CachedResource::destroyDecodedDataIfNeeded):
        (WebCore::CachedResource::decodedDataDeletionTimerFired):
        * loader/cache/CachedResource.h:
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::MemoryCache):
        * loader/cache/MemoryCache.h:
        (WebCore::MemoryCache::setDeadDecodedDataDeletionInterval):
        (WebCore::MemoryCache::deadDecodedDataDeletionInterval):
        * platform/Timer.h:
        (WebCore::Timer::Timer):
        (WebCore::DeferrableOneShotTimer::DeferrableOneShotTimer):
        * platform/graphics/cg/SubimageCacheWithTimer.cpp:
        (WebCore::SubimageCacheWithTimer::invalidateCacheTimerFired):
        * platform/graphics/cg/SubimageCacheWithTimer.h:

2014-06-02  Benjamin Poulain  <benjamin@webkit.org>

        Make pseudo element matching for style resolution more JIT friendly
        https://bugs.webkit.org/show_bug.cgi?id=133441

        Reviewed by Antti Koivisto.

        Sharing pseudo elements is a complicated mess shared between the SelectorChecker
        and the RuleCollector.

        For compiling pseudo element matching, it would be best if all the complexity could
        be moved to compile time instead of runtime. It is also preferable to keep the compiler
        independant of the RuleCollector implementation's detail.

        This patch is a first step toward that goal. The main objective here is to make
        "dynamicPseudo" completely internal to the SelectorChecker.
        This is mostly a mechanical change, it is likely PseudoElement matching could be simplified
        further but that is not attempted here.

        Test: fast/css/style-sharing-empty-rule-modification.html

        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::ruleMatches):
        The condition regarding pseudo element matching has been moved into SelectorChecker::match().

        This creates an extra cost for querySelector(), but that should be fine since the vast majority
        of selectors are JIT compiled and never use SelectorChecker in the first place.

        (WebCore::ElementRuleCollector::collectMatchingRulesForList):
        The loop is changed such that the tree marking (Style::setHasPseudoStyle) could be moved
        to SelectorChecker.

        The conditions about the security origin for getMatchedCSSRules() and the empty style rules
        are moved prior to the call to ElementRuleCollector::ruleMatches(). This ensure we keep the same
        behavior of not adding the pseudo style for empty rules (this could also help with tree marking
        in general but empty rules are probably uncommon).

        There is one behavior change from making this loop simpler: the SharingRules and StyleInvalidation
        modes now update their ruleRange. It is useless but it is simpler.

        * css/ElementRuleCollector.h:
        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::matchRecursively):
        The tree marking has been moved here.

        * css/SelectorChecker.h:
        (WebCore::SelectorChecker::match):
        The pseudo element matching has been moved here.

        * css/StyleResolver.h:
        (WebCore::checkRegionSelector):
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorDataList::selectorMatches):

2014-06-02  Jeremy Jones  <jeremyj@apple.com>

        Send external playback properties to fullscreen.
        https://bugs.webkit.org/show_bug.cgi?id=133366

        Reviewed by Simon Fraser.

        Refactor property updates in WebVideoFullscreenModelMediaElement and update
        setExternalPlayback on webkitcurrentplaybacktargetiswirelesschangedEvent.

        * WebCore.exp.in: Add export for setExternalPlayback.
        * platform/ios/WebVideoFullscreenInterface.h: add setExternalPlayback
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h: add setExternalPlayback
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerController isPlayingOnExternalScreen]): added
        (+[WebAVPlayerController keyPathsForValuesAffectingPlayingOnExternalScreen]): added
        (WebVideoFullscreenInterfaceAVKit::setExternalPlayback): added
        (WebVideoFullscreenInterfaceAVKit::enterFullscreen): added
        * platform/ios/WebVideoFullscreenModelMediaElement.h: add updateForEventName
        * platform/ios/WebVideoFullscreenModelMediaElement.mm:
        (WebVideoFullscreenModelMediaElement::setMediaElement): refactor property changes into updateForEventName()
        (WebVideoFullscreenModelMediaElement::handleEvent): refactor property changes into updateForEventName()
        (WebVideoFullscreenModelMediaElement::updateForEventName): remove duplicate code, implement for setExternalPlayback

2014-06-02  Zsolt Borbely  <zsborbely.u-szeged@partner.samsung.com>

        WebCore build fix for webreplay
        https://bugs.webkit.org/show_bug.cgi?id=133401

        Reviewed by Darin Adler.

        * replay/MemoizedDOMResult.cpp:
        (WebCore::MemoizedDOMResultBase::createFromEncodedResult):
        Add a default nullptr return in order to avoid a gcc warning.
        The warning is because of a non-void method that has a case which doesn't return.
        * replay/ReplayController.cpp:
        (WebCore::ReplayController::setForceDeterministicSettings):
        Guard the ScrollingCoordinator with the appropriate #ifdef.
        * replay/SerializationMethods.cpp:
        Guard the KeypressCommand with COCOA as it is only present there.

2014-06-02  Jer Noble  <jer.noble@apple.com>

        Further unreviewed GTK build fix after r169536.

        Update the m_duration contructor in MediaSourceGStreamer.

        * platform/graphics/gstreamer/MediaSourceGStreamer.cpp:
        (WebCore::MediaSourceGStreamer::MediaSourceGStreamer):

2014-06-02  Jer Noble  <jer.noble@apple.com>

        Unreviewed GTK build fix after r169536.

        Update MediaSourceGStreamer to match new duration parameters.

        * platform/graphics/gstreamer/MediaSourceGStreamer.cpp:
        (WebCore::MediaSourceGStreamer::setDuration): Ditto.
        * platform/graphics/gstreamer/MediaSourceGStreamer.h:
        * platform/mock/mediasource/MockMediaPlayerMediaSource.cpp:

2014-06-02  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] Media does not generate 'ended' event when playing to duration.
        https://bugs.webkit.org/show_bug.cgi?id=133452

        Reviewed by Eric Carlson.

        Add a boundaryTimeObserver to the AVSampleBufferRenderSynchronizer to detect when
        playback crosses the duration boundary, and pause in that event. Also refuse to begin
        playback if the currentTime is beyond the duration. Also, pause playback if duration
        becomes less than currentTime.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::~MediaPlayerPrivateMediaSourceAVFObjC):
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::playInternal):
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::currentMediaTime):
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::currentTimeDouble):
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::durationChanged):

        Update MediaSource::duration() and ::setDuration() to take and give MediaTimes rather than doubles:
        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::duration): double -> MediaTime.
        (WebCore::MediaSource::setDuration): Ditto.
        (WebCore::MediaSource::streamEndedWithError): Ditto.
        * platform/graphics/MediaSourcePrivate.h: Ditto.
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
        (WebCore::MediaSourcePrivateAVFObjC::MediaSourcePrivateAVFObjC): Ditto.
        (WebCore::MediaSourcePrivateAVFObjC::duration): Ditto.
        (WebCore::MediaSourcePrivateAVFObjC::setDuration): Ditto.
        * platform/mock/mediasource/MockMediaPlayerMediaSource.cpp:
        (WebCore::MockMediaPlayerMediaSource::MockMediaPlayerMediaSource): Ditto.
        (WebCore::MockMediaPlayerMediaSource::maxTimeSeekableDouble): Ditto.
        (WebCore::MockMediaPlayerMediaSource::durationDouble): Ditto.
        (WebCore::MockMediaPlayerMediaSource::advanceCurrentTime): Ditto.
        (WebCore::MockMediaPlayerMediaSource::updateDuration): Ditto.
        * platform/mock/mediasource/MockMediaPlayerMediaSource.h:
        * platform/mock/mediasource/MockMediaSourcePrivate.cpp:
        (WebCore::MockMediaSourcePrivate::MockMediaSourcePrivate): Ditto.
        (WebCore::MockMediaSourcePrivate::duration): Ditto.
        (WebCore::MockMediaSourcePrivate::setDuration): Ditto.
        * platform/mock/mediasource/MockMediaSourcePrivate.h:

2014-06-02  Zalan Bujtas  <zalan@apple.com>

        Rename ImagePaintingContext to ImagePaintingOptions.
        https://bugs.webkit.org/show_bug.cgi?id=133451

        Reviewed by Simon Fraser.

        No change in functionality.

        * WebCore.exp.in:
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::paint):
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawImage):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawImage):
        (WebCore::GraphicsContext::drawTiledImage):
        (WebCore::GraphicsContext::drawImageBuffer):
        * platform/graphics/GraphicsContext.h:
        (WebCore::ImagePaintingOptions::ImagePaintingOptions):
        (WebCore::ImagePaintingContext::ImagePaintingContext): Deleted.
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::paintSnapshotImage):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintIntoRect):
        * rendering/RenderSnapshottedPlugIn.cpp:
        (WebCore::RenderSnapshottedPlugIn::paintSnapshot):

2014-05-31  Brent Fulgham  <bfulgham@apple.com>

        REGRESSION (r154622): Borders disappear when hovering over cells in table
        https://bugs.webkit.org/show_bug.cgi?id=133057
        <rdar://problem/15922359>

        Reviewed by Tim Horton.

        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::paintCollapsedBorders): Revert recent
        non-edge collapsed border optimization due to drawing
        regressions.

2014-06-02  Zalan Bujtas  <zalan@apple.com>

        Provide better encapsulation for image related painting properties.
        https://bugs.webkit.org/show_bug.cgi?id=133434

        Reviewed by Darin Adler.

        Image related drawing property list keeps growing for the functions below and results in
        multiple overloadings with seemingly random default parameters.
        
        GraphicsContext::drawImage()
        GraphicsContext::drawTiledImage()
        GraphicsContext::drawImageBuffer()
        
        This patch provides encapsulation for the image drawing properties. Encapsulation ensures that
        introducing a new property does not result in yet another overloaded function.

        No change in functionality.

        * WebCore.exp.in:
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::paint):
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawImage):
        (WebCore::CanvasRenderingContext2D::compositeBuffer):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawImage):
        (WebCore::GraphicsContext::drawTiledImage):
        (WebCore::GraphicsContext::drawImageBuffer):
        * platform/graphics/GraphicsContext.h:
        (WebCore::ImagePaintingContext::ImagePaintingContext):
        * platform/graphics/ShadowBlur.cpp:
        (WebCore::ShadowBlur::endShadowLayer):
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBuffer::draw):
        * platform/graphics/filters/FEComposite.cpp:
        (WebCore::FEComposite::platformApplySoftware):
        * rendering/FilterEffectRenderer.cpp:
        (WebCore::FilterEffectRendererHelper::applyFilterEffect):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::paintSnapshotImage):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintReplaced):
        (WebCore::RenderImage::paintIntoRect):
        * rendering/RenderSnapshottedPlugIn.cpp:
        (WebCore::RenderSnapshottedPlugIn::paintSnapshot):

2014-06-02  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r169529.
        https://bugs.webkit.org/show_bug.cgi?id=133447

        caused assert in drawImage() (Requested by zalan on #webkit).

        Reverted changeset:

        "Provide better encapsulation for image related painting
        properties."
        https://bugs.webkit.org/show_bug.cgi?id=133434
        http://trac.webkit.org/changeset/169529

2014-06-02  Zalan Bujtas  <zalan@apple.com>

        Provide better encapsulation for image related painting properties.
        https://bugs.webkit.org/show_bug.cgi?id=133434

        Reviewed by Darin Adler.

        Image related drawing property list keeps growing for the functions below and results in
        multiple overloadings with seemingly random default parameters.
        
        GraphicsContext::drawImage()
        GraphicsContext::drawTiledImage()
        GraphicsContext::drawImageBuffer()
        
        This patch provides encapsulation for the image drawing properties. Encapsulation ensures that
        introducing a new property does not result in yet another overloaded function.

        No change in functionality.

        * WebCore.exp.in:
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::paint):
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawImage):
        (WebCore::CanvasRenderingContext2D::compositeBuffer):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawImage):
        (WebCore::GraphicsContext::drawTiledImage):
        (WebCore::GraphicsContext::drawImageBuffer):
        * platform/graphics/GraphicsContext.h:
        (WebCore::ImagePaintingContext::ImagePaintingContext):
        * platform/graphics/ShadowBlur.cpp:
        (WebCore::ShadowBlur::endShadowLayer):
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBuffer::draw):
        * platform/graphics/filters/FEComposite.cpp:
        (WebCore::FEComposite::platformApplySoftware):
        * rendering/FilterEffectRenderer.cpp:
        (WebCore::FilterEffectRendererHelper::applyFilterEffect):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::paintSnapshotImage):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintReplaced):
        (WebCore::RenderImage::paintIntoRect):
        * rendering/RenderSnapshottedPlugIn.cpp:
        (WebCore::RenderSnapshottedPlugIn::paintSnapshot):

2014-06-02  Kiran  <kiran.guduru@samsung.com>

        Add mock DTMFSender support.
        https://bugs.webkit.org/show_bug.cgi?id=133298

        Reviewed by Eric Carlson.

        Implemented mock implementation for RTCPeerConnectionHandler. Now creating
        RTCDTMFSenderHandlerMock and returning while creating DTMFSender instead of
        returning null.
       
        Test: fast/mediastream/RTCPeerConnection-dtmf.html.

        * CMakeLists.txt:
        * platform/mock/RTCDTMFSenderHandlerMock.cpp: Added.
        (WebCore::RTCDTMFSenderHandlerMock::RTCDTMFSenderHandlerMock):
        (WebCore::RTCDTMFSenderHandlerMock::setClient):
        (WebCore::RTCDTMFSenderHandlerMock::insertDTMF):
        * platform/mock/RTCDTMFSenderHandlerMock.h: Added.
        * platform/mock/RTCPeerConnectionHandlerMock.cpp:
        (WebCore::RTCPeerConnectionHandlerMock::createDTMFSender):

2014-06-02  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GTK] media controls should prevent 'click' events from reaching the page
        https://bugs.webkit.org/show_bug.cgi?id=133402

        Reviewed by Eric Carlson.

        When handling events, we events we need to return true in order
        that the superclass gets the value and prevents the execution of
        the default event handler in the page.

        Test: media/media-controls-cancel-events.html

        * Modules/mediacontrols/mediaControlsGtk.js:
        (ControllerGtk.prototype.handleMuteButtonMouseOver):
        (ControllerGtk.prototype.handleVolumeBoxMouseOut):
        (ControllerGtk.prototype.handleCaptionButtonClicked):
        (ControllerGtk.prototype.handleCaptionButtonMouseOver):
        (ControllerGtk.prototype.handleCaptionButtonShowMenu):
        (ControllerGtk.prototype.handleCaptionButtonMouseOut):
        (ControllerGtk.prototype.handleCaptionMouseOut): Return true to
        prevent forwarding the event execution.

2014-06-02  Yusuke Suzuki  <utatane.tea@gmail.com>

        CSS JIT: add support for the "not" pseudo class
        https://bugs.webkit.org/show_bug.cgi?id=133314

        Reviewed by Benjamin Poulain.

        Add :not pseudo class support to CSS JIT. Current implementation
        doesn't support visitedMatchType. So when link pseudo class appears in
        :not sub fragment, fallback to the non-JIT implementation.

        Tests: fast/selectors/not-active-hover-quirks.html
               fast/selectors/not-active-hover-strict.html
               fast/selectors/pseudo-class-not.html

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoClassType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
        (WebCore::SelectorCompiler::constructFragments):
        (WebCore::SelectorCompiler::minimumRegisterRequirements):
        (WebCore::SelectorCompiler::computeBacktrackingInformation):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
        (WebCore::SelectorCompiler::fragmentOnlyMatchesLinksInQuirksMode):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementDataMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatchesNotPseudoClass):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::computeBacktrackingInformation): Deleted.

2014-06-01  Jer Noble  <jer.noble@apple.com>

        [MSE] Appends of overlapping sample data do not clear existing samples properly.
        https://bugs.webkit.org/show_bug.cgi?id=133435

        Reviewed by Darin Adler.

        Test: media/media-source/media-source-overlapping-append.html

        The MSE spec has a spec error in how it removes overlapping frames. The intention seems to be
        to check for overlapping samples only when the incoming sample increases the highest presentation time
        field. But due to a mismatch in the range of a sample, defined as [start, end), and the check, which 
        treats the end as inclusive, the overlapping check is almost never run.

        Add the sample comparison logic to match [start, end) ranges, and rename the existing check to differentiate
        it from the new one:
        * Modules/mediasource/SampleMap.cpp:
        (WebCore::SamplePresentationTimeIsInsideRangeComparator::operator()):
        (WebCore::SamplePresentationTimeIsWithinRangeComparator::operator()):
        (WebCore::SampleMap::findSamplesBetweenPresentationTimes):
        (WebCore::SampleMap::findSamplesWithinPresentationRange):
        * Modules/mediasource/SampleMap.h:

        Update the overlapping check to occur whenever the highest presentation time increases, and update the
        logic within that check to catch all overlapping frames.
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment):
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
        (WebCore::SourceBuffer::bufferedSamplesForTrackID):
        * Modules/mediasource/SourceBuffer.h:
        * WebCore.exp.in:

        Add a dump method to MediaSample so that samples can be easily converted to a string for testing.
        * platform/MediaSample.h:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::MediaSampleAVFObjC::presentationSize):
        (WebCore::MediaSampleAVFObjC::dump):

        Update the Mock MSE implementation to pass along a "generation" field, to aid in testing.
        * platform/mock/mediasource/MockBox.cpp:
        (WebCore::MockSampleBox::MockSampleBox):
        * platform/mock/mediasource/MockBox.h:
        * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
        (WebCore::MockMediaSample::dump):

        Add a method to internals to dump the buffered samples to string.
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::bufferedSamplesForTrackID):
        * Modules/mediasource/SourceBuffer.h:
        * testing/Internals.cpp:
        (WebCore::Internals::bufferedSamplesForTrackID):
        * testing/Internals.h:
        * testing/Internals.idl:

2014-06-01  Nikos Andronikos  <nikos.andronikos-webkit@cisra.canon.com.au>

        getBBox() returns (0,0) when width or height is zero.
        https://bugs.webkit.org/show_bug.cgi?id=93290

        Reviewed by Philip Rogers.

        The SVG spec states that a width or height of zero for  rects, circles and
        ellipses is valid but disables rendering of that shape.
        In this case, getBBox() should return the actual bounding box of the element.
        Previously, WebKit always returned (0,0,0,0) rather than the
        correct bounding box. This patch fixes that. 

        Rects and ellipses both now follow the same behaviour where
        the fall-back code path is only used when the shape will render (e.g. not
        when a dimension <= 0).
  
        This necessitates calling calculateRadiiAndCenter for ellipses even
        when the calculated values will be discarded in the fall back code path.
        But calculateRadiiAndCenter is cheap and this avoids making changes 
        elsewhere to stop CG drawing a zero width (or height) ellipse.  

        Tests: svg/custom/getBBox-js-circle-zerodimension.html
               svg/custom/getBBox-js-ellipse-zerodimension.html
               svg/custom/getBBox-js-rect-zerodimension.html

        * rendering/svg/RenderSVGEllipse.cpp:
        (WebCore::RenderSVGEllipse::updateShapeFromElement):
        Only follow fall-back code path when shape renders. 
        width||height==0 is not an error case so calculate bounding box.        

        * rendering/svg/RenderSVGRect.cpp:
        (WebCore::RenderSVGRect::updateShapeFromElement):
        Only follow fall-back code path when shape renders. 
        rx||ry==0 is not an error case so calculate bounding box.        

2014-06-01  Simon Fraser  <simon.fraser@apple.com>

        Don't scroll to non-integral scroll offsets
        https://bugs.webkit.org/show_bug.cgi?id=133436
        <rdar://problem/17088336>

        Reviewed by Darin Adler.

        With the gradual migration of scroll offsets to floating point, we ended
        up with a fully floating point code path been event scroll deltas and
        setting scroll positions in the scrolling tree.
        
        With some input devices (e.g. Logitech scrollwheel mice), the scroll deltas
        come in with non-integral values, and that caused the scroll offset to be non-integral,
        resulting in fuzzy layer contents. So round the scroll position.

        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollPosition):

2014-05-31  Anders Carlsson  <andersca@apple.com>

        Add a LazyNeverDestroyed class template and use it
        https://bugs.webkit.org/show_bug.cgi?id=133425

        Reviewed by Darin Adler.

        * Modules/webdatabase/DatabaseBackendBase.cpp:
        (WebCore::guidMutex):
        * crypto/CryptoAlgorithmRegistry.cpp:
        (WebCore::registryMutex):
        * inspector/WorkerDebuggerAgent.cpp:
        * loader/CrossOriginAccessControl.cpp:
        (WebCore::isOnAccessControlResponseHeaderWhitelist):
        * platform/network/NetworkStateNotifier.cpp:
        (WebCore::networkStateNotifier):
        * workers/DefaultSharedWorkerRepository.cpp:
        (WebCore::DefaultSharedWorkerRepository::instance):
        * workers/DefaultSharedWorkerRepository.h:
        * workers/WorkerThread.cpp:
        (WebCore::threadSetMutex):
        * xml/XMLHttpRequest.cpp:
        (WebCore::staticData):

2014-06-01  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Selection gap produces a pixel line overlap on inline boxes.
        https://bugs.webkit.org/show_bug.cgi?id=133429

        Reviewed by Simon Fraser.

        Do not floor logical right/left values when selection gap is calculated for RenderBlocks.
        It produces overlapping line/gap because the floored value is intersecting/too far from the
        non-floored content selection rect.

        Tests: fast/inline/hidpi-selection-gap-and-inline-selection-have-gap-rtl.html
               fast/inline/hidpi-selection-gap-overlaps-inline-selection.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::logicalLeftSelectionGap):
        (WebCore::RenderBlock::logicalRightSelectionGap):

2014-05-31  Timothy Horton  <timothy_horton@apple.com>

        REGRESSION (r169412): Garbage pixels when vertical rubber-banding on http://yvoschaap.com/pmarca/
        https://bugs.webkit.org/show_bug.cgi?id=133418
        <rdar://problem/17065494>

        Reviewed by Sam Weinig.

        * WebCore.exp.in:
        * platform/graphics/FloatPoint.h:
        (WebCore::toFloatPoint):
        * platform/graphics/Image.cpp:
        (WebCore::Image::drawTiled):
        The manual tiling code previously adjusted the initial
        tiling source rect so that if the pattern was out of phase,
        the first row and column would paint only the necessary part
        of the tile. However, it did not also adjust the destination rect,
        so the tile was painted in entirely the wrong place.
        Additional testing (by enabling manual tiling mode for all patterned
        images and running all of the layout tests) exposed another bug
        where the last row and column would paint too much, which
        was resolved by clipping to the outer image's destination rect.

2014-05-31  Benjamin Poulain  <benjamin@webkit.org>

        CSS JIT cleanup: move two utility functions out of the properties-matcher section
        https://bugs.webkit.org/show_bug.cgi?id=133427

        Reviewed by Andreas Kling.

        Just move the code, no other modification.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::jumpIfNoPreviousAdjacentElement):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::jumpIfNoNextAdjacentElement):

2014-05-31  Darin Adler  <darin@apple.com>

        Viewport percentage tests that resize the viewport are flaky
        https://bugs.webkit.org/show_bug.cgi?id=133351

        Reviewed by Anders Carlsson.

        * page/FrameView.cpp:
        (WebCore::FrameView::setFrameRect): Removed code that explicitly sends a resize event here.
        The resize event will be sent as a side effect of layout instead.
        (WebCore::FrameView::sendResizeEventIfNeeded): Don't send a resize event until layout is done,
        since this is what propagates the new geometry in so the JavaScript code can detect it. Also
        simplified the logic and streamlined a little, and added a FIXME about the bad idea here where
        the code enqueues an event for an unknown time in the future. Removed the unneeded code that
        passes in the DOM window as the target to dispatchWindowEvent, since that gets filled in as the
        target by default.

2014-05-31  Anders Carlsson  <andersca@apple.com>

        Don't use std::mutex::try_lock to check if we own a mutex
        https://bugs.webkit.org/show_bug.cgi?id=133421

        Reviewed by Dan Bernstein.

        According the C++ standard, calling try_lock on a mutex that's already owned by the current thread
        is undefined behavior, so don't do that.

        * Modules/webdatabase/DatabaseBackendBase.cpp:
        (WebCore::guidToVersionMap):
        (WebCore::updateGuidVersionMap):
        (WebCore::guidToDatabaseMap):
        (WebCore::guidForOriginAndName):

2014-05-30  Enrica Casucci  <enrica@apple.com>

        REGRESSION (WebKit2): space space to insert period doesn't work in web forms.
        https://bugs.webkit.org/show_bug.cgi?id=133413
        <rdar://problem/16948333>

        Reviewed by Benjamin Poulain.

        Adding utility functions and their exports.

        * WebCore.exp.in:
        * editing/TextIterator.cpp:
        (WebCore::plainTextReplacingNoBreakSpace):
        * editing/TextIterator.h:
        * editing/VisibleUnits.cpp:
        (WebCore::charactersAroundPosition):
        (WebCore::characterBeforePosition): Deleted.
        * editing/VisibleUnits.h:

2014-05-30  Zalan Bujtas  <zalan@apple.com>

        Cleanup temporary setting of image interpolation quality in GraphicsContext::drawImage*
        https://bugs.webkit.org/show_bug.cgi?id=133407

        Reviewed by Darin Adler.

        Add helper class to set/reset image interpolation quality value.

        No change in functionality.

        * platform/graphics/GraphicsContext.cpp:
        (WebCore::InterpolationQualityMaintainer::InterpolationQualityMaintainer):
        (WebCore::InterpolationQualityMaintainer::~InterpolationQualityMaintainer):
        (WebCore::GraphicsContext::drawImage):
        (WebCore::GraphicsContext::drawTiledImage):
        (WebCore::GraphicsContext::drawImageBuffer):

2014-05-30  Myles C. Maxfield  <mmaxfield@apple.com>

        Support -apple-system-font on OS X
        https://bugs.webkit.org/show_bug.cgi?id=133382

        Addressing post-review comments.

        * platform/mac/WebFontCache.mm:
        (+[WebFontCache internalFontWithFamily:traits:weight:size:]):

2014-05-30  Prashant Hiremath  <hiremathprashants@gmail.com>

        Remove repetitive header in HTMLInputElement.cpp
        https://bugs.webkit.org/show_bug.cgi?id=133376

        Reviewed by Anders Carlsson.

        It is just removal repeative headers hence no test needed.

        * html/HTMLInputElement.cpp:

2014-05-30  Zalan Bujtas  <zalan@apple.com>

        Remove redundant GraphicsContext::drawImage() function.
        https://bugs.webkit.org/show_bug.cgi?id=133347

        Reviewed by Simon Fraser.

        There are 2 GraphicsContext::drawImage functions with very similar parameter list. This looks
        to be a source of confusion and results in passing unneeded parameters.

        No change in functionality.

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawImage):
        (WebCore::drawImageToContext):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawImage):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::paint):
        * platform/graphics/texmap/TextureMapperImageBuffer.cpp:
        (WebCore::BitmapTextureImageBuffer::updateContents):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintNinePieceImage):

2014-05-29  Alex Christensen  <achristensen@webkit.org>

        Prepare css jit for arm64 and other architectures.
        https://bugs.webkit.org/show_bug.cgi?id=133394

        Reviewed by Benjamin Poulain.

        * cssjit/FunctionCall.h:
        (WebCore::FunctionCall::swapArguments):
        * cssjit/RegisterAllocator.h:
        Use a designated temporary register on arm64 to prevent using a deallocated argument register to swap argument registers in.
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
        Added assertion to make sure there are enough registers.

2014-05-29  Benjamin Poulain  <benjamin@webkit.org>

        CSS JIT: add support for the pseudo classes :hover and :active
        https://bugs.webkit.org/show_bug.cgi?id=133295

        Reviewed by Andreas Kling.

        This patch adds compilation support for :hover and :active. The code generation of both of them is trivial,
        most of the patch is improving the infrastructure and safety.

        The document compatibility mode is moved to its own typed enum. This ensure the values are exclusives and
        the native type is known (unsigned char here). The values are changes to binary flags to take advantage of
        test-and-branch on ARM64 (not used explicitely, it is automatically generated by the MacroAssembler).

        The other important refactoring is the code updating the flags on RenderStyle::NonInheritedFlags.
        The code was duplicated in some places so it is move into its own function addFlagToElementStyleFromContext().

        The generators themself are very simple. First we check the quirks-mode exceptions, that is generally excluded
        at compile time because the conditions are almost never met, even in strict mode.
        Then we have two cases: style resolution and query selector. Almost everything is just function calls.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorFragment::SelectorFragment):
        (WebCore::SelectorCompiler::addPseudoClassType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::addFlagToElementStyleFromContext):
        (WebCore::SelectorCompiler::fragmentOnlyMatchesLinksInQuirksMode):
        (WebCore::SelectorCompiler::getDocument):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSpecialFailureInQuirksModeForActiveAndHoverIfNeeded):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        (WebCore::SelectorCompiler::elementIsActive):
        (WebCore::SelectorCompiler::elementIsActiveForStyleResolution):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsActive):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
        (WebCore::SelectorCompiler::elementIsHovered):
        (WebCore::SelectorCompiler::elementIsHoveredForStyleResolution):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsHovered):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsLastChild):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsOnlyChild):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::setCompatibilityMode):
        (WebCore::Document::implicitOpen):
        (WebCore::Document::cloneDataFromDocument):
        * dom/Document.h:
        (WebCore::Document::compatibilityModeMemoryOffset):
        (WebCore::Document::inQuirksMode):
        (WebCore::Document::inLimitedQuirksMode):
        (WebCore::Document::inNoQuirksMode):
        (WebCore::Document::compatibilityMode): Deleted.
        * html/ImageDocument.cpp:
        (WebCore::ImageDocument::ImageDocument):
        * html/MediaDocument.cpp:
        (WebCore::MediaDocument::MediaDocument):
        * html/PluginDocument.cpp:
        (WebCore::PluginDocument::PluginDocument):
        * html/TextDocument.cpp:
        (WebCore::TextDocument::TextDocument):
        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::setDefaultCompatibilityMode):
        (WebCore::HTMLConstructionSite::setCompatibilityMode):
        (WebCore::HTMLConstructionSite::setCompatibilityModeFromDoctype):
        (WebCore::HTMLConstructionSite::insertDoctype):
        * html/parser/HTMLConstructionSite.h:
        * loader/DocumentWriter.cpp:
        (WebCore::DocumentWriter::replaceDocument):
        * loader/SinkDocument.cpp:
        (WebCore::SinkDocument::SinkDocument):
        * page/ios/FrameIOS.mm:
        (WebCore::Frame::initWithSimpleHTMLDocument):
        * rendering/style/RenderStyle.h:

2014-05-28  Jon Honeycutt  <jhoneycutt@apple.com>

        Roll r168668 back in.

        <https://bugs.webkit.org/show_bug.cgi?id=132621>

        Reviewed by Brent Fulgham.

        Tests: fast/events/beforeload-assertion.html
               fast/events/beforeload-iframe-crash.html
               fast/events/beforeload-input-time-crash.html

        * WebCore.exp.in:
        * dom/Document.cpp:
        (WebCore::Document::updateLayoutIgnorePendingStylesheets):
        * dom/Document.h:
        * html/HTMLAppletElement.cpp:
        (WebCore::HTMLAppletElement::renderWidgetForJSBindings):
        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::renderWidgetForJSBindings):
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::renderWidgetForJSBindings):
        * page/FrameView.cpp:
        (WebCore::FrameView::FrameView):
        (WebCore::FrameView::reset):
        (WebCore::FrameView::updateEmbeddedObjectsTimerFired):
        (WebCore::FrameView::flushAnyPendingPostLayoutTasks):
        (WebCore::FrameView::performPostLayoutTasks):
        * page/FrameView.h:
        * testing/Internals.cpp:
        (WebCore::Internals::updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks):
        * testing/Internals.h:
        * testing/Internals.idl:

2014-05-29  Myles C. Maxfield  <mmaxfield@apple.com>

        Support -apple-system-font on OS X
        https://bugs.webkit.org/show_bug.cgi?id=133382

        Reviewed by Simon Fraser.

        Guard on both family names: "-apple-system-font" and "-webkit-system-font"

        Test: platform/mac/fast/text/systemFont.html

        * platform/mac/WebFontCache.mm:
        (+[WebFontCache internalFontWithFamily:traits:weight:size:]):

2014-05-29  Alexey Proskuryakov  <ap@apple.com>

        Loading <object> from WebArchive crashes
        https://bugs.webkit.org/show_bug.cgi?id=133386
        <rdar://problem/13345509>

        Reviewed by Brady Eidson.

        Test: webarchive/loading/object.html

        This (a) fixes the crash, and (b) avoids the crash.

        * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::continueAfterContentPolicy):
        Some types of substitute data - such as WebArchive - don't contain HTTP result codes,
        so let's not drop to <object> fallback content when status is 0.
        And if the load somehow failed anyway, don't crash by trying to deliver substitute data
        to a finished loader.

2014-05-29  Alex Christensen  <achristensen@webkit.org>

        [iOS WebGL] Fix depth buffer clearing issue.
        https://bugs.webkit.org/show_bug.cgi?id=133388

        Reviewed by Dean Jackson.

        No new tests, but this fixes webgl/1.0.1/conformance/canvas/buffer-preserve-test.html.

        * platform/graphics/mac/WebGLLayer.mm:
        (-[WebGLLayer display]):
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::prepareTexture):
        Moved marking the layer as composited from the mac-only prepareTexture to
        the end of [WebGLLayer display] which is called by mac and iOS.

2014-05-29  Jeremy Jones  <jeremyj@apple.com>

        Perserve caption selection in fullscreen.
        https://bugs.webkit.org/show_bug.cgi?id=133350

        Reviewed by Eric Carlson.

        Use the logic from the inline player to calculate the selected caption index.

        * html/HTMLMediaElement.h:
        (WebCore::HTMLMediaElement::mediaControlsHost):
        Expose mediaControlsHost() for use by WebVideoFullscreenModelMediaElement.

        * platform/ios/WebVideoFullscreenModelMediaElement.mm:
        (WebVideoFullscreenModelMediaElement::updateLegibleOptions):
        Use logic from buildCaptionsMenu from mediaControlsApple.js.

2014-05-29  Jeremy Jones  <jeremyj@apple.com>

        Use correct version of requiresFullscreenForVideoPlayback().
        https://bugs.webkit.org/show_bug.cgi?id=133331

        Reviewed by Eric Carlson.

        Test: media/video-fullscreeen-only-controls.html

        Update the last place not yet using m_mediaSession->requiresFullscreenForVideoPlayback.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):
        switch to media session version for requriesFullscreenForVideoPlayback.

2014-05-29  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Add support for HiDPI icons
        https://bugs.webkit.org/show_bug.cgi?id=133377

        Reviewed by Martin Robinson.

        Use the GTK+ missing icon at 16 or 32 size depending on the device
        scale factor.

        * platform/graphics/gtk/ImageGtk.cpp:
        (WebCore::loadMissingImageIconFromTheme):
        (WebCore::Image::loadPlatformResource):

2014-05-29  Owen Taylor  <otaylor@redhat.com>

        [GTK] Add HighDPI support for non-accelerated compositing contents
        https://bugs.webkit.org/show_bug.cgi?id=131562

        Reviewed by Anders Carlsson.

        No new tests. This will be tested once we have the proper dependencies in the WebKit testing
        JHBuild.

        * platform/cairo/WidgetBackingStore.h:
        (WebCore::WidgetBackingStore::WidgetBackingStore): Accept a device scale argument.
        * platform/cairo/WidgetBackingStoreCairo.cpp: Use the device scale argument to make the surface the proper size and set the surface device scale.
        * platform/cairo/WidgetBackingStoreCairo.h: Accept a device scale argument.
        * platform/graphics/cairo/CairoUtilities.cpp: Add a new helper to set the device scale if Cairo built against is new enough.
        * platform/graphics/cairo/CairoUtilities.h:
        * platform/gtk/GtkVersioning.h: Add the HAVE_GTK_SCALE_FACTOR macro.
        * platform/gtk/WidgetBackingStoreGtkX11.cpp: Use the device scale argument to make the surface the proper size and set the surface device scale.
        * platform/gtk/WidgetBackingStoreGtkX11.h: Accept a device scale argument.

2014-05-28  Brent Fulgham  <bfulgham@apple.com>

        Captions during HLS playback flash/are difficult to readily
        https://bugs.webkit.org/show_bug.cgi?id=133365
        <rdar://problem/16584132>

        Reviewed by Eric Carlson.

        Correct two problems:
        1. Add new logic to handle cues that are identical to existing cues, except
           that they cover a slightly later moment in playback. For example, a cue
           encoding device might emit a cue at 24 fps, with many of the cues containing
           the same content but covering only 1/24th of a second.
           
           Rather than hiding and displaying our cues at the cue encoding rate, we should
           simply continue to display the same cue as long as the content is unchanged.
        2. The cue "isEqual" logic for TextTrackCueGeneric improperly short-circuited the
           VTTCue isEqual logic. This was done to avoid a false failure due to the cue
           type being 'generic' rather than 'vtt', but incorrectly treated cues with
           non-matching text as equal.

        * html/track/DataCue.cpp:
        (WebCore::DataCue::cueContentsMatch): Move cue comparison code to new method that
        doesn't check that the 'type' of the cue is identical.
        (WebCore::DataCue::isEqual): Modified to use new 'cueContentsMatch' method.
        (WebCore::DataCue::isStartOfCue): Confirms cues match except for start and end times.
        * html/track/DataCue.h:
        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::hasCue): Modify to check if a new cue is simply a continuation
        of an existing cue.
        * html/track/TextTrackCue.cpp:
        (WebCore::TextTrackCue::cueContentsMatch): New method containing the equality code
        that used to live in 'isEqual'.
        (WebCore::TextTrackCue::isEqual): Modified to use new 'cueContentsMatch' method.
        (WebCore::TextTrackCue::isStartOfCue): Confirms cues match except for start and
        end times.
        * html/track/TextTrackCue.h:
        * html/track/TextTrackCueGeneric.cpp:
        (WebCore::TextTrackCueGeneric::cueContentsMatch): New method containing the equality
        code that used to live in 'isEqual'.
        (WebCore::TextTrackCueGeneric::isEqual): Modified to use new 'cueContentsMatch' method.
        (WebCore::TextTrackCueGeneric::isStartOfCue): Confirms cues match except for start and
        end times.
        * html/track/TextTrackCueGeneric.h:
        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::cueContentsMatch): New method containing the equality code that
        used to live in 'isEqual'.
        (WebCore::VTTCue::isEqual): Modified to use new 'cueContentsMatch' method.
        (WebCore::VTTCue::isStartOfCue): Confirms cues match except for start and end times.
        * html/track/VTTCue.h:

2014-05-28  Oliver Hunt  <oliver@apple.com>

        Whoops, update bindings tests results.

2014-05-28  Oliver Hunt  <oliver@apple.com>

        Make DOM properties exposed as instance properties use the base object instead of |this|
        https://bugs.webkit.org/show_bug.cgi?id=133353

        Reviewed by Geoffrey Garen.

        Make the bindings generator emit code that uses the base object for
        a property, rather than the this object. This means that attributes
        that we need to be treated as instance properties will match their old
        instance-based behaviour.

        * bindings/scripts/CodeGeneratorJS.pm:
        (InterfaceRequiresAttributesOnInstanceForCompatibility):
        (InterfaceRequiresAttributesOnInstance):
        (GetCastingHelperForBaseObject):
        (GenerateImplementation):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::jsTestActiveDOMObjectExcitingAttr):
        * bindings/scripts/test/JS/JSTestException.cpp:
        (WebCore::jsTestExceptionName):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::jsTestInterfaceImplementsStr3):
        (WebCore::jsTestInterfaceSupplementalStr3):
        (WebCore::setJSTestInterfaceConstructorImplementsStaticAttr):
        (WebCore::setJSTestInterfaceImplementsStr2):
        (WebCore::setJSTestInterfaceImplementsStr3):
        (WebCore::setJSTestInterfaceImplementsNode):
        (WebCore::setJSTestInterfaceConstructorSupplementalStaticAttr):
        (WebCore::setJSTestInterfaceSupplementalStr2):
        (WebCore::setJSTestInterfaceSupplementalStr3):
        (WebCore::setJSTestInterfaceSupplementalNode):
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        (WebCore::setJSTestNondeterministicNondeterministicWriteableAttr):
        (WebCore::setJSTestNondeterministicNondeterministicExceptionAttr):
        (WebCore::setJSTestNondeterministicNondeterministicGetterExceptionAttr):
        (WebCore::setJSTestNondeterministicNondeterministicSetterExceptionAttr):
        (WebCore::setJSTestSerializedScriptValueInterfaceCachedValue):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::jsTestTypedefsConstructorTestSubObj):
        (WebCore::setJSTestTypedefsUnsignedLongLongAttr):
        (WebCore::setJSTestTypedefsImmutableSerializedScriptValue):
        (WebCore::setJSTestTypedefsAttrWithGetterException):
        (WebCore::setJSTestTypedefsAttrWithSetterException):
        (WebCore::setJSTestTypedefsStringAttrWithGetterException):
        (WebCore::setJSTestTypedefsStringAttrWithSetterException):

2014-05-28  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Improve behavior of position:fixed inside accelerated overflow-scroll
        https://bugs.webkit.org/show_bug.cgi?id=133352

        Reviewed by Tim Horton.

        When adjusting layers inside accelerated overflow-scroll, pass a delta
        down to descendant nodes. Fix behavior of sticky nodes inside fixed nodes
        inside overflow scroll (sticky should only be affected if the parent node
        is a scrolling node).

        * page/scrolling/mac/ScrollingTreeFixedNode.mm:
        (WebCore::ScrollingTreeFixedNode::updateLayersAfterAncestorChange): Just remove
        some .get()
        * page/scrolling/mac/ScrollingTreeStickyNode.mm:
        (WebCore::ScrollingTreeStickyNode::updateLayersAfterAncestorChange): Remove .get()s.
        We never care about the cumulative delta here, because sticky nodes only respond to
        changes in their direct scrolling ancestors. Only adjust the layer if the parent
        is a scrolling node.

2014-05-27  Chris Fleizach  <cfleizach@apple.com>

        AX: WebKit does not recognize ARIA 1.1 tables
        https://bugs.webkit.org/show_bug.cgi?id=133163

        Reviewed by Darin Adler.

        The AXObjectCache code that determines which object to create based on the role needs to be token fallback aware.

        Test: accessibility/table-fallback-roles-expose-element-attributes.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::nodeHasRole):

2014-05-28  Radu Stavila  <stavila@adobe.com>

        REGRESSION (r168046): Invalid layout in multicol
        https://bugs.webkit.org/show_bug.cgi?id=133322

        Reviewed by Antti Koivisto.

        In some situations, deleting the line boxes of a multicol element causes the line to region
        link to become invalid.

        Test: fast/multicol/newmulticol/multicol-inside-multicol.html

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::clearLinesToRegionMap):
        (WebCore::RenderFlowThread::deleteLines):
        (WebCore::RenderFlowThread::willBeDestroyed):
        * rendering/RenderFlowThread.h:

2014-05-28  Ryuan Choi  <ryuan.choi@samsung.com>

        Remove DocumentThreadableLoaderClient.h
        https://bugs.webkit.org/show_bug.cgi?id=133341

        Reviewed by Gyuyoung Kim.

        DocumentThreadableLoaderClient is not used anymore.

        * WebCore.order:
        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::redirectReceived):
        * loader/DocumentThreadableLoaderClient.h: Removed.
        * loader/ThreadableLoaderClient.h:
        (WebCore::ThreadableLoaderClient::isDocumentThreadableLoaderClient): Deleted.

2014-05-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Update GObject DOM bindings symbols file after r169017.

        * bindings/gobject/webkitdom.symbols: Add webkit_dom_navigator_get_hardware_concurrency.

2014-05-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r168868): [GTK] Element.offset* client* scroll* API changed
        https://bugs.webkit.org/show_bug.cgi?id=133313

        Reviewed by Philippe Normand.

        Keep old API that uses long also for GObject bindings.

        * dom/Element.idl:

2014-05-27  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r169400.
        https://bugs.webkit.org/show_bug.cgi?id=133338

        Broke the iOS build in
        LocalizedDateCache::calculateMaximumWidth() (Requested by smfr
        on #webkit).

        Reverted changeset:

        "SVG TextRuns do not always get RenderingContexts"
        https://bugs.webkit.org/show_bug.cgi?id=133198
        http://trac.webkit.org/changeset/169400

2014-05-27  Timothy Horton  <timothy_horton@apple.com>

        REGRESSION (Margin tiles): Background gradient on dom.spec.whatwg.org is very slow to render
        https://bugs.webkit.org/show_bug.cgi?id=133335
        <rdar://problem/17011392>

        Reviewed by Simon Fraser.

        * platform/graphics/Image.cpp:
        (WebCore::Image::drawTiled):
        Make cross-platform and use some iOS code which avoids patterned drawing when the pattern buffer
        would be very large. Instead, it calls draw() repeatedly over the pattern space, avoiding the allocation
        of a huge (in the case of bug 133335, nearly 2GB) buffer.

2014-05-27  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Fix behavior of position:sticky inside accelerated overflow-scroll
        https://bugs.webkit.org/show_bug.cgi?id=133334
        <rdar://problem/16462535>

        Reviewed by Tim Horton.

        When the scroll position changes in an accelerated overflow-scroll element, we have
        to update child nodes in the scrolling tree for position:sticky. That requires a
        more generic ability to update the scrolling tree after some arbitrary zoom or
        scroll. To do this, we need to know the current fixed position rect, rather than
        having it passed in.
        
        So make the fixed position rect available from ScrollingTree, and make it possible
        to get the current scrollPosition() from any ScrollingTreeScrollingNode.
        
        Also, implement updateLayersAfterDelegatedScroll() in ScrollingTreeOverflowScrollingNodeIOS,
        and have it update descendant layers.
        
        Finally, fix ScrollingTreeOverflowScrollingNode to use the correct rectangle for its
        constraints math, using the scroll position of the parent node if appropriate.

        * page/scrolling/ScrollingTree.h:
        * page/scrolling/ScrollingTreeScrollingNode.h:
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::updateChildNodesAfterScroll):
        * page/scrolling/ios/ScrollingTreeIOS.cpp:
        (WebCore::ScrollingTreeIOS::fixedPositionRect):
        * page/scrolling/ios/ScrollingTreeIOS.h:
        * page/scrolling/mac/ScrollingTreeStickyNode.mm:
        (WebCore::ScrollingTreeStickyNode::updateLayersAfterAncestorChange):

2014-05-27  Simon Fraser  <simon.fraser@apple.com>

        Do some renaming in the scrolling tree
        https://bugs.webkit.org/show_bug.cgi?id=133333

        Reviewed by Tim Horton.

        Rename ScrollingTreeNode::parentScrollPositionDidChange() to updateLayersAfterAncestorChange()
        since this goes deep and to indicate that it's about layer updating.
        
        Also rename the "viewportRect" parameter to "fixedPositionRect", since on iOS
        this is the custom fixed-position rect that changes on zooming.

        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::viewportChangedViaDelegatedScrolling):
        * page/scrolling/ScrollingTree.h:
        * page/scrolling/ScrollingTreeFrameScrollingNode.h:
        * page/scrolling/ScrollingTreeNode.h:
        * page/scrolling/ScrollingTreeScrollingNode.h:
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.h:
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::updateLayersAfterViewportChange):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::updateChildNodesAfterScroll):
        * page/scrolling/mac/ScrollingTreeFixedNode.h:
        * page/scrolling/mac/ScrollingTreeFixedNode.mm:
        (WebCore::ScrollingTreeFixedNode::updateLayersAfterAncestorChange):
        (WebCore::ScrollingTreeFixedNode::parentScrollPositionDidChange): Deleted.
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollLayerPosition):
        * page/scrolling/mac/ScrollingTreeStickyNode.h:
        * page/scrolling/mac/ScrollingTreeStickyNode.mm:
        (WebCore::ScrollingTreeStickyNode::updateLayersAfterAncestorChange):
        (WebCore::ScrollingTreeStickyNode::parentScrollPositionDidChange): Deleted.

2014-05-27  Simon Fraser  <simon.fraser@apple.com>

        Instantiate a ScrollingTreeMac on Mac
        https://bugs.webkit.org/show_bug.cgi?id=133332

        Reviewed by Tim Horton.

        Mac previously instantiated a ThreadedScrollingTree, but this has no platform
        knowledge. To support future expansion, create a ScrollingTreeMac subclass and
        instantiate that on Mac.
        
        Also protect ScrollingCoordinatorMac in PLATFORM(MAC) #ifdefs and remove it from the
        EXCLUDED_SOURCE_FILE_NAMES list in the xcconfig file, following general trends.

        * Configurations/WebCore.xcconfig:
        * WebCore.xcodeproj/project.pbxproj:
        * page/scrolling/ThreadedScrollingTree.cpp:
        (WebCore::ThreadedScrollingTree::create): Deleted.
        * page/scrolling/ThreadedScrollingTree.h:
        * page/scrolling/mac/ScrollingCoordinatorMac.h:
        * page/scrolling/mac/ScrollingCoordinatorMac.mm:
        (WebCore::ScrollingCoordinatorMac::ScrollingCoordinatorMac):
        * page/scrolling/mac/ScrollingTreeMac.cpp: Copied from Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.h.
        (ScrollingTreeMac::create):
        (ScrollingTreeMac::ScrollingTreeMac):
        * page/scrolling/mac/ScrollingTreeMac.h: Copied from Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.h.

2014-05-27  Simon Fraser  <simon.fraser@apple.com>

        Prepare for position:sticky support inside accelerated overflow-scroll with WK2
        https://bugs.webkit.org/show_bug.cgi?id=133329

        Reviewed by Tim Horton.

        RenderLayerCompositor::computeStickyViewportConstraints() was always using
        the viewport rect as the constraining rect for sticky position. This is not
        correct when inside overflow:scroll.
        
        Refactor code in RenderBoxModelObject to make getting the rect easy, and use
        it to compute the constraints.

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::constrainingRectForStickyPosition):
        (WebCore::RenderBoxModelObject::stickyPositionOffset):
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::computeStickyViewportConstraints):

2014-05-27  Bem Jones-Bey  <bjonesbe@adobe.com>

        vw/vh units used as font/line-height values don't scale with the viewport
        https://bugs.webkit.org/show_bug.cgi?id=87846

        Reviewed by Darin Adler.

        This patch moves the resolution of viewport units to style recalc
        time. Currently viewport units are left unresolved during style
        recalcs, which leads to many problems with viewport units. Moving the
        resolution will fix these problems, as well as reduce the plumbing
        that goes on.

        This patch touches a lot of files since the valueForLength functions
        no longer need a RenderView. The interesting changes are in:

        - CSSToLengthConversionData -> CSSPrimitiveValue: for moving
            resolution to style recalc time.
        - Length / LengthFunctions: no longer needs to know about viewport
            units.
        - FrameView -> Document -> StyleResolver: for scheduling style recalcs
            upon resize

        Note that getComputedStyle will now return pixel values when viewport
        units are used. This behavior matches Firefox and the css3-cascade
        spec.

        This is based on a Blink patch by timloh@chromium.org.

        Tests: css3/viewport-percentage-lengths/viewport-percentage-lengths-anonymous-block.html
               css3/viewport-percentage-lengths/viewport-percentage-lengths-calc.html
               css3/viewport-percentage-lengths/viewport-percentage-lengths-percent-size-child.html
               css3/viewport-percentage-lengths/viewport-percentage-lengths-relative-font-size.html
               css3/viewport-percentage-lengths/viewport-percentage-lengths-resize.html

        * WebCore.exp.in: Remove RenderView argument to floatValueForLength.
        * accessibility/atk/WebKitAccessibleInterfaceText.cpp: 
        (getAttributeSetForAccessibilityObject): Remove RenderView argument.
        * css/BasicShapeFunctions.cpp:
        (WebCore::convertToLength): Ditto.
        (WebCore::floatValueForCenterCoordinate): Ditto.
        * css/BasicShapeFunctions.h: Ditto.
        * css/CSSCalculationValue.cpp:
        (WebCore::unitCategory): Remove special handling for viewport units,
            as they get resolved to pixels.
        (WebCore::createCSS): Ditto.
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::positionOffsetValue): Remove RendewView argument.
        (WebCore::getBorderRadiusCornerValues): Remove handling of viewport
            units, as they are already resolve to pixels here.
        (WebCore::getBorderRadiusCornerValue): Remove RenderView argument.
        (WebCore::getBorderRadiusShorthandValue): Ditto.
        (WebCore::specifiedValueForGridTrackBreadth): Remove handling of
            viewport units, as they are already resolved to pixels here.
        (WebCore::specifiedValueForGridTrackSize): Remove RenderView argument.
        (WebCore::valueForGridTrackList): Ditto.
        (WebCore::lineHeightFromStyle): Ditto.
        (WebCore::ComputedStyleExtractor::propertyValue): Ditto.
        * css/CSSGradientValue.cpp:
        (WebCore::CSSLinearGradientValue::createGradient): Pass RenderView to
            CSSToLengthConversionData constructor.
        (WebCore::CSSRadialGradientValue::createGradient): Ditto.
        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::unitCategory): Remove handling of
            viewport units, as they get resolved to pixels.
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): Ditto.
        (WebCore::CSSPrimitiveValue::init): Ditto.
        (WebCore::CSSPrimitiveValue::computeLengthDouble): Resolve viewport
            units to pixels.
        (WebCore::CSSPrimitiveValue::canonicalUnitTypeForCategory): Remove
        handling of viewport units, since they get resolved to pixels.
        (WebCore::CSSPrimitiveValue::viewportPercentageLength): Deleted.
        * css/CSSPrimitiveValue.h:
        (WebCore::CSSPrimitiveValue::isLength): Remove special handling of
            viewport units, since they get resolved to pixels.
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::convertToLength): Ditto.
        * css/CSSToLengthConversionData.cpp:
        (WebCore::CSSToLengthConversionData::viewportWidthFactor): Caclulate
            conversion factor for viewport units to pixels. Note this does not
            set hasViewportUnits on the RenderStyle if computing the font
            size, because in the font size case, the RenderStyle is the
            parent's style, not the current renderer's style.
        (WebCore::CSSToLengthConversionData::viewportHeightFactor): Ditto.
        (WebCore::CSSToLengthConversionData::viewportMinFactor): Ditto.
        (WebCore::CSSToLengthConversionData::viewportMaxFactor): Ditto.
        * css/CSSToLengthConversionData.h:
        (WebCore::CSSToLengthConversionData::CSSToLengthConversionData): Add
            RenderView parameter, and make RenderStyle non-const so that
            hasViewportUnits can be set on the Style..
        (WebCore::CSSToLengthConversionData::style): style is now non-const.
        (WebCore::CSSToLengthConversionData::copyWithAdjustedZoom): Handle
            RenderView argument.
        * css/CSSToStyleMap.cpp:
        (WebCore::CSSToStyleMap::mapFillXPosition): Remove handling of
            viewport units, as they are already resolved to pixels here.
        (WebCore::CSSToStyleMap::mapFillYPosition): Ditto.
        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::ApplyPropertyLength::applyValue): Ditto.
        (WebCore::ApplyPropertyBorderRadius::applyValue): Ditto.
        (WebCore::ApplyPropertyComputeLength::applyValue): Ditto.
        (WebCore::ApplyPropertyFontSize::applyValue): Ditto.
        (WebCore::ApplyPropertyLineHeight::applyValue): Ditto.
        (WebCore::ApplyPropertyLineHeightForIOSTextAutosizing::applyValue): Ditto.
        (WebCore::ApplyPropertyWordSpacing::applyValue): Ditto.
        (WebCore::ApplyPropertyVerticalAlign::applyValue): Ditto.
        (WebCore::ApplyPropertyTextIndent::applyValue): Ditto.
        * css/LengthFunctions.cpp:
        (WebCore::minimumIntValueForLength): Remove RenderView argument.
        (WebCore::intValueForLength): Remove RenderView argument and
            roundPecentages.
        (WebCore::minimumValueForLength): Remove RenderView argument, and
            special handling of viewport units.
        (WebCore::valueForLength): Ditto.
        (WebCore::floatValueForLength): Ditto.
        (WebCore::floatSizeForLengthSize): Remove RenderView argument.
        * css/LengthFunctions.h: Ditto.
        * css/MediaQueryEvaluator.cpp:
        (WebCore::MediaQueryEvaluator::eval): Add RenderView argument for
            CSSToLengthConversionData constuctor.
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::State::clear): Change to 0 arg constructor
            for CSSToLengthConversionData.
        (WebCore::StyleResolver::State::updateConversionData): In order to get
            the RenderView, we need to have a valid Element set on the state.
            Since this means that we need to set the conversion data in more
            places, move the contruction of conversion data into this helper
            method.
        (WebCore::StyleResolver::State::initElement): Make sure conversion
            data is up to date.
        (WebCore::StyleResolver::State::initForStyleResolve): Ditto.
        (WebCore::StyleResolver::State::setStyle): When the style is set, we
            need to make sure to update the conversion data.
        (WebCore::StyleResolver::styleForElement): If the style has viewport
            units, flage the document so that we can make sure to recalc the
            viewport unit values when the viewport is resized.
        (WebCore::StyleResolver::pseudoStyleForElement): Ditto.
        (WebCore::StyleResolver::updateFont): Make sure the font having
            viewport units updates the style.
        (WebCore::StyleResolver::convertToIntLength): Remove handling of
        viewport units, as they are resolved to pixels.
        (WebCore::StyleResolver::convertToFloatLength): Ditto.
        (WebCore::StyleResolver::clearCachedPropertiesAffectedByViewportUnits):
            Invalidate the matched properties cache for styles with viewport
            units when the viewport is resized.
        (WebCore::createGridTrackBreadth): Remove handling of viewport units,
            as they are resolved to pixels.
        (WebCore::StyleResolver::applyProperty): Ditto.
        (WebCore::StyleResolver::hasMediaQueriesAffectedByViewportChange):
            Rename to be less confusing, since it has nothing to do with
            viewport units.
        (WebCore::StyleResolver::createFilterOperations): Remove handling of
            viewport units, as they are resolved to pixels.
        (WebCore::StyleResolver::affectedByViewportChange): Deleted.
        (WebCore::StyleResolver::viewportPercentageValue): Deleted.
        * css/StyleResolver.h:
        (WebCore::StyleResolver::State::State): C++11 cleanup: 0 -> nullptr.
        (WebCore::StyleResolver::State::setFontSizeHasViewportUnits): Set if
            the font size is specified in viewport units.
        (WebCore::StyleResolver::State::fontSizeHasViewportUnits): Ditto.
        (WebCore::StyleResolver::State::setStyle): Deleted.
        * css/TransformFunctions.cpp:
        (WebCore::convertToFloatLength): Remove handling of viewport units,
            since they are resolved to pixels.
        * dom/Document.cpp:
        (WebCore::Document::Document): Add flag to determine if some style in
            the document has viewport units.
        (WebCore::Document::pageSizeAndMarginsInPixels): Remove RenderView
            argument.
        (WebCore::Document::updateViewportUnitsOnResize): Mark elements with
            viewport units for style recalc when the viewport size has
            changed.
        * dom/Document.h:
        (WebCore::Document::setHasStyleWithViewportUnits): Flag to determine
            if some style in the document has viewport units.
        (WebCore::Document::hasStyleWithViewportUnits): Ditto.
        * html/HTMLAreaElement.cpp:
        (WebCore::HTMLAreaElement::getRegion): Remove RenderView argument.
        * page/FrameView.cpp:
        (WebCore::FrameView::layout): When the viewport is resized, call
            updateViewportUnitsOnResize on the document.
        * platform/Length.h:
        (WebCore::Length::isSpecified): Remove handling of viewport units,
            since they are now resolved to pixels.
        (WebCore::Length::viewportPercentageLength): Deleted.
        (WebCore::Length::isViewportPercentage): Deleted.
        * rendering/ClipPathOperation.h:
        (WebCore::ShapeClipPathOperation::pathForReferenceRect): Remove
            RenderView argument.
        (WebCore::BoxClipPathOperation::pathForReferenceRect): Ditto.
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::updateBlockChildDirtyBitsBeforeLayout): Remove
            handling of viewport units, since they get updated by
            updateViewportUnitsOnResize when the viewport is resized.
        (WebCore::RenderBlock::nodeAtPoint): Remove RenderView argument.
        (WebCore::RenderBlock::lineHeight): Ditto.
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::paintBoxDecorations): Remove RenderView argument.
        (WebCore::RenderBox::computeContentAndScrollbarLogicalHeightUsing):
            Remove handling of viewport units, as they are resolved to pixels.
        (WebCore::RenderBox::computePercentageLogicalHeight): Ditto.
        (WebCore::RenderBox::computeReplacedLogicalWidthUsing): Ditto.
        (WebCore::RenderBox::computeReplacedLogicalHeightUsing): Ditto.
        (WebCore::RenderBox::hasViewportPercentageLogicalHeight): Deleted.
        * rendering/RenderBox.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::getBackgroundRoundedRect): Remove
            RenderView argument.
        (WebCore::RenderBoxModelObject::calculateFillTileSize): Remove
            handling of viewport units, as they are resolved to pixels.
        (WebCore::computeBorderImageSide): Remove RenderView argument.
        (WebCore::RenderBoxModelObject::paintNinePieceImage): Ditto.
        (WebCore::RenderBoxModelObject::paintBorder): Ditto.
        (WebCore::RenderBoxModelObject::paintBoxShadow): Ditto.
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::repaintAfterLayoutIfNeeded): Ditto.
        * rendering/RenderElement.h:
        (WebCore::RenderElement::valueForLength): Remove unused
            roundPercentages argument.
        (WebCore::RenderElement::minimumValueForLength): Remove unused
            RoundPercentages and RenderView arguments.
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::layoutGridItems): Remove handling of viewport
            units as they are resolved to pixels.
        * rendering/RenderInline.cpp:
        (WebCore::computeMargin): Ditto.
        (WebCore::RenderInline::lineHeight): Remove RenderView argument.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::setupClipPath): Ditto.
        * rendering/RenderLineBreak.cpp:
        (WebCore::RenderLineBreak::lineHeight): Ditto.
        * rendering/RenderScrollbarPart.cpp:
        (WebCore::calcScrollbarThicknessUsing): Ditto.
        (WebCore::RenderScrollbarPart::computeScrollbarWidth): Ditto.
        (WebCore::RenderScrollbarPart::computeScrollbarHeight): Ditto.
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::convertStyleLogicalHeightToComputedHeight):
            Remove handling of viewport units, since they are resolved to
            pixels.
        (WebCore::RenderTable::computePreferredLogicalWidths): Now that
            viewport unit values are resolved to pixels at style recalc time,
            no special checking is needed to handle them, so update the
            comment to reflect that.
        * rendering/RenderThemeIOS.mm:
        (WebCore::applyCommonButtonPaddingToStyle): Add RenderView argument to
            CSSToLengthConversionData constructor.
        (WebCore::RenderThemeIOS::adjustButtonStyle): Ditto.
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintMenuListButtonGradients): Remove
            RenderView argument.
        * rendering/RenderView.cpp:
        (WebCore::RenderView::layout): Remove handling of viewport units,
            since they are resolved to pixels.
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::ascentAndDescentForBox): Remove RenderView
            argument.
        * rendering/shapes/Shape.cpp:
        (WebCore::Shape::createShape): Remove RenderView argument.
        * rendering/shapes/Shape.h:
        * rendering/shapes/ShapeOutsideInfo.cpp:
        (WebCore::ShapeOutsideInfo::computedShape): Ditto.
        * rendering/style/BasicShapes.cpp:
        (WebCore::BasicShapeCircle::floatValueForRadiusInBox): Ditto.
        (WebCore::BasicShapeCircle::path): Ditto.
        (WebCore::BasicShapeEllipse::floatValueForRadiusInBox): Ditto.
        (WebCore::BasicShapeEllipse::path): Ditto.
        (WebCore::BasicShapePolygon::path): Ditto.
        (WebCore::floatSizeForLengthSize): Ditto.
        (WebCore::BasicShapeInset::path): Ditto.
        * rendering/style/BasicShapes.h:
        * rendering/style/RenderStyle.cpp:
        (WebCore::calcRadiiFor): Ditto.
        (WebCore::RenderStyle::getRoundedBorderFor): Ditto.
        (WebCore::RenderStyle::computedLineHeight): Remove handling of
            viewport units since they are resolved to pixels.
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::setHasViewportUnits): Set if this style has
        a property set with viewport units.
        (WebCore::RenderStyle::hasViewportUnits): Ditto.
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::resolveLengthAttributeForSVG): Remove RenderView argument.
        (WebCore::RenderSVGRoot::computeReplacedLogicalWidth): Ditto.
        (WebCore::RenderSVGRoot::computeReplacedLogicalHeight): Ditto.
        * rendering/svg/SVGRenderingContext.cpp:
        (WebCore::SVGRenderingContext::prepareToRenderSVGContent): Ditto.

2014-05-27  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] serialization of the computed value should omit the default radii
        https://bugs.webkit.org/show_bug.cgi?id=132747

        Reviewed by Darin Adler.

        We should omit closest-side value, whereever is possible. Specification:
        http://www.w3.org/TR/2014/CR-css-shapes-1-20140320/#basic-shape-computed-values 
        This change aligns the behavior to the specification.

        Added new test cases for the shape-outside parsing tests.

        * css/CSSBasicShapes.cpp:
        (WebCore::buildCircleString):
        (WebCore::CSSBasicShapeCircle::cssText):
        (WebCore::CSSBasicShapeEllipse::cssText):

2014-05-27  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r169399.
        https://bugs.webkit.org/show_bug.cgi?id=133326

        Causes assertion failures in tests.  See
        http://build.webkit.org/results/Apple%20Mavericks%20Debug%20WK1%20(Tests)/r169399%20(5622)/results.html
        (Requested by mlam on #webkit).

        Reverted changeset:

        "Caret's screen position does not update during an overflow
        scroll"
        https://bugs.webkit.org/show_bug.cgi?id=133256
        http://trac.webkit.org/changeset/169399

2014-05-27  Myles C. Maxfield  <mmaxfield@apple.com>

        Lists styled with SVG fonts are not rendered as expected
        https://bugs.webkit.org/show_bug.cgi?id=133198

        Reviewed by Simon Fraser.

        There were a couple places in RenderListMarker and RenderMenuList that were
        implicitly creating TextRuns by passing a String to a function which
        expected a TextRun. Because TextRun has a constructor which takes a single
        String and isn't marked explicit, TextRuns were being created without
        any of the associated code that initializes the TextRun (such as creating
        a RenderingContext if necessary).

        This patch marks the aforementioned constructor as "explicit" to discourage
        such behavior in the future.

        Test: svg/custom/list-items-with-svg-font-family.html

        * platform/graphics/TextRun.h:
        (WebCore::TextRun::TextRun): Mark constructors as explicit.
        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::computePreferredLogicalWidths): Call
        RenderBlock::constructTextRun.
        (WebCore::RenderListMarker::getRelativeMarkerRect): Ditto.
        * rendering/RenderMenuList.cpp:
        (RenderMenuList::updateOptionsWidth): Ditto.

2014-05-23  Myles C. Maxfield  <mmaxfield@apple.com>

        Caret's screen position does not update during an overflow scroll
        https://bugs.webkit.org/show_bug.cgi?id=133256

        Reviewed by Simon Fraser.

        During a scroll, we set a flag which caret position is gated on, but we never
        actually invalidate the caret's position. This patch does so.

        Test: editing/input/caret-position-during-scroll.html

        * editing/FrameSelection.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollTo):

2014-05-27  Timothy Horton  <timothy_horton@apple.com>

        Turn on the LayerPool for iOS
        https://bugs.webkit.org/show_bug.cgi?id=133299

        Reviewed by Antti Koivisto.

        * Configurations/WebCore.xcconfig:
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::platformReleaseMemory):
        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::createTileLayer):
        * platform/graphics/ca/mac/TileGrid.mm:
        (WebCore::TileGrid::removeTiles):
        Turn on the LayerPool for iOS.
        We've used this on Mac for a long time, and the WebKit1
        ("legacy") iOS TileCache also had a similar pool.
        This helps a good bit with flashiness while scrolling.

2014-05-27  David Hyatt  <hyatt@apple.com>

        REGRESSION: Audio volume scrubber does not show volume level thumb
        <rdar://problem/16902004>
        https://bugs.webkit.org/show_bug.cgi?id=133310

        Reviewed by Dean Jackson.

        This was just a silly mistake on my part with the setting of the pagination
        layers. Layers inside transforms are supposed to clear out their pagination
        status based off their ancestor containing block layers, and not off the
        enclosing pagination layer.
        
        Added fast/multicol/pagination/nested-transforms.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updatePagination):

2014-05-27  Eric Carlson  <eric.carlson@apple.com>

        [Mac] media controls should prevent 'click' events from reaching the page
        https://bugs.webkit.org/show_bug.cgi?id=133268

        Reviewed by Jer Noble.

        Test: media/media-controls-cancel-events.html

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.handleEvent): Allow event handler to cancel event default action.
        (Controller.prototype.handleRewindButtonClicked): Cancel event default.
        (Controller.prototype.handlePlayButtonClicked): Ditto.
        (Controller.prototype.handleMuteButtonClicked): Ditto.
        (Controller.prototype.handleMinButtonClicked): Ditto.
        (Controller.prototype.handleCaptionButtonClicked): Ditto.
        (Controller.prototype.handleFullscreenButtonClicked): Ditto.
        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.handlePlayButtonTouchEnd): Ditto.
        (ControllerIOS.prototype.handlePlayButtonTouchCancel): Ditto.
        (ControllerIOS.prototype.handleFullscreenTouchEnd): Ditto.
        (ControllerIOS.prototype.handleFullscreenTouchCancel): Ditto.
        (ControllerIOS.prototype.handleStartPlaybackButtonTouchEnd): Ditto.
        (ControllerIOS.prototype.handleStartPlaybackButtonTouchCancel): Ditto.
        (ControllerIOS.prototype.handleWirelessPickerButtonClicked): Ditto.

2014-05-27  Jon Lee  <jonlee@apple.com>

        Fix Mavericks bots from r169383.
        https://bugs.webkit.org/show_bug.cgi?id=133311

        Reviewed by Eric Carlson.

        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h: Update #ifdef to check for ENABLE(MEDIA_SOURCE).
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm: Ditto.

2014-05-27  Radu Stavila  <stavila@adobe.com>

        REGRESSION (r168046): Incorrect handling of multicol spanner
        https://bugs.webkit.org/show_bug.cgi?id=133249

        Reviewed by David Hyatt.

        When removing the child of an object, the removeChild method should return the next element
        following the one being deleted. This will ensure that proper iteration and destruction of
        an object's children is possible.

        No new tests added. This is because the test that triggers this issue also triggers
        another assertion, in RenderMultiColumnSet::requiresBalancing(). However, that is a totally
        separate problem and will be handled in a separate bug: https://bugs.webkit.org/show_bug.cgi?id=133309

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::removeChild):
        * rendering/RenderBlock.h:
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::removeChild):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderButton.cpp:
        (WebCore::RenderButton::removeChild):
        * rendering/RenderButton.h:
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::removeChild):
        (WebCore::RenderElement::removeChildInternal):
        * rendering/RenderElement.h:
        * rendering/RenderMenuList.cpp:
        (RenderMenuList::removeChild):
        * rendering/RenderMenuList.h:
        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted):
        * rendering/RenderRuby.cpp:
        (WebCore::RenderRubyAsInline::removeChild):
        (WebCore::RenderRubyAsBlock::removeChild):
        * rendering/RenderRuby.h:
        * rendering/RenderRubyRun.cpp:
        (WebCore::RenderRubyRun::removeChild):
        * rendering/RenderRubyRun.h:
        * rendering/mathml/RenderMathMLScripts.cpp:
        (WebCore::RenderMathMLScripts::removeChildInternal):
        (WebCore::RenderMathMLScripts::removeChild):
        (WebCore::RenderMathMLScriptsWrapper::removeChildInternal):
        (WebCore::RenderMathMLScriptsWrapper::removeChild):
        * rendering/mathml/RenderMathMLScripts.h:
        * rendering/svg/RenderSVGContainer.cpp:
        (WebCore::RenderSVGContainer::removeChild):
        * rendering/svg/RenderSVGContainer.h:
        * rendering/svg/RenderSVGInline.cpp:
        (WebCore::RenderSVGInline::removeChild):
        * rendering/svg/RenderSVGInline.h:
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::removeChild):
        * rendering/svg/RenderSVGRoot.h:
        * rendering/svg/RenderSVGText.cpp:
        (WebCore::RenderSVGText::removeChild):
        * rendering/svg/RenderSVGText.h:

2014-05-27  Jon Lee  <jonlee@apple.com>

        Update ENABLE(MEDIA_SOURCE) on Mac
        https://bugs.webkit.org/show_bug.cgi?id=133141

        Reviewed by Darin Adler.

        * Configurations/FeatureDefines.xcconfig:

2014-05-27  Tibor Meszaros  <tmeszaros.u-szeged@partner.samsung.com>

        Remove BLOB guards
        https://bugs.webkit.org/show_bug.cgi?id=132863

        Reviewed by Csaba Osztrogonác.

        * Configurations/FeatureDefines.xcconfig:
        * Modules/websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::WebSocketChannel):
        (WebCore::WebSocketChannel::didFail):
        (WebCore::WebSocketChannel::processOutgoingFrameQueue):
        (WebCore::WebSocketChannel::abortOutgoingFrameQueue):
        * Modules/websockets/WebSocketChannel.h:
        * WebCore.exp.in:
        * WebCore.vcxproj/WebCore.vcxproj:
        * bindings/js/JSBlobCustom.cpp:
        (WebCore::JSBlobConstructor::constructJSBlob):
        * bindings/js/JSFileReaderCustom.cpp:
        * dom/DOMExceptions.in:
        * dom/EventTargetFactory.in:
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::publicURLManager):
        * dom/ScriptExecutionContext.h:
        * fileapi/AsyncFileStream.cpp:
        * fileapi/AsyncFileStream.h:
        * fileapi/Blob.cpp:
        (WebCore::Blob::Blob):
        * fileapi/Blob.h:
        (WebCore::Blob::slice):
        * fileapi/Blob.idl:
        * fileapi/FileError.h:
        * fileapi/FileError.idl:
        * fileapi/FileException.cpp:
        * fileapi/FileException.h:
        * fileapi/FileException.idl:
        * fileapi/FileReader.cpp:
        * fileapi/FileReader.h:
        * fileapi/FileReader.idl:
        * fileapi/FileReaderLoader.cpp:
        * fileapi/FileReaderLoader.h:
        * fileapi/FileReaderLoaderClient.h:
        * fileapi/FileReaderSync.cpp:
        * fileapi/FileReaderSync.h:
        * fileapi/FileReaderSync.idl:
        * fileapi/FileThread.cpp:
        * fileapi/FileThread.h:
        * fileapi/ThreadableBlobRegistry.cpp:
        (WebCore::ThreadableBlobRegistry::registerFileBlobURL): Deleted.
        (WebCore::ThreadableBlobRegistry::registerBlobURL): Deleted.
        (WebCore::ThreadableBlobRegistry::registerBlobURLForSlice): Deleted.
        (WebCore::ThreadableBlobRegistry::unregisterBlobURL): Deleted.
        (WebCore::ThreadableBlobRegistry::blobSize): Deleted.
        (WebCore::ThreadableBlobRegistry::getCachedOrigin): Deleted.
        * fileapi/WebKitBlobBuilder.cpp:
        (WebCore::BlobBuilder::append):
        * fileapi/WebKitBlobBuilder.h:
        * html/DOMURL.cpp:
        * html/DOMURL.h:
        * html/DOMURL.idl:
        * html/PublicURLManager.cpp:
        * html/PublicURLManager.h:
        * loader/LoaderStrategy.cpp:
        (WebCore::LoaderStrategy::createBlobRegistry):
        * loader/LoaderStrategy.h:
        * page/DOMWindow.idl:
        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::shouldUseInnerURL):
        (WebCore::getCachedOrigin):
        * platform/FileStream.cpp:
        * platform/FileStream.h:
        * platform/FileStreamClient.h:
        * platform/SchemeRegistry.cpp:
        (WebCore::canDisplayOnlyIfCanRequestSchemes):
        * platform/network/BlobRegistry.cpp:
        * platform/network/BlobRegistryImpl.cpp:
        * platform/network/BlobResourceHandle.cpp:
        * platform/network/BlobResourceHandle.h:
        * platform/network/FormData.cpp:
        (WebCore::FormData::deepCopy):
        (WebCore::FormData::appendFile):
        (WebCore::FormData::appendBlob):
        (WebCore::FormData::appendKeyValuePairItems):
        (WebCore::FormData::resolveBlobReferences):
        (WebCore::encodeElement):
        (WebCore::decodeElement):
        * platform/network/FormData.h:
        (WebCore::FormDataElement::FormDataElement):
        (WebCore::operator==):
        * platform/network/cf/FormDataStreamCFNet.cpp:
        (WebCore::closeCurrentStream):
        (WebCore::advanceCurrentStream):
        (WebCore::formCreate):
        (WebCore::formRead):
        (WebCore::setHTTPBody):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::getFormElementsCount):
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::addEncodedBlobToSoupMessageBody):
        (WebCore::addFormElementsToSoupMessage):
        * workers/WorkerGlobalScope.idl:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::send):
        (WebCore::XMLHttpRequest::createRequest):

2014-05-27  Zsolt Borbely  <zsborbely.u-szeged@partner.samsung.com>

        Allow building CMake based ports with WEB_REPLAY
        https://bugs.webkit.org/show_bug.cgi?id=133154

        Reviewed by Csaba Osztrogonác.

        * CMakeLists.txt:

2014-05-27  Adrian Perez de Castro  <aperez@igalia.com>

        [GStreamer] Add missing <wtf/MathExtras.h> header
        https://bugs.webkit.org/show_bug.cgi?id=133236

        Reviewed by Philippe Normand.

        In some configurations, not including <wtf/MathExtras.h> will cause
        errors about undefined functions. In particular, this happens in
        Linux with glibc 2.19 and compiling with Clang. Having the header
        included is the correct thing to do anyway.

        * platform/graphics/gstreamer/GStreamerUtilities.cpp:
        Include <wtf/MathExtras.h>

2014-05-27  Manuel Rego Casasnovas  <rego@igalia.com>

        Setting up OrderIterator shouldn't require an extra Vector
        https://bugs.webkit.org/show_bug.cgi?id=119061

        Reviewed by Darin Adler.

        From Blink r153971 by <jchaffraix@chromium.org>

        This patches reuse the OrderIterator's Vector. It provides a helper class OrderIteratorPopulator, used for
        manipulating the Vector directly. Which allows to consolidate the code into a single implementation across
        flexbox and grid.

        No new tests, already covered by current tests.

        * rendering/OrderIterator.cpp:
        (WebCore::OrderIteratorPopulator::~OrderIteratorPopulator): Reset OrderIterator and call
        removeDuplicatedOrderValues().
        (WebCore::OrderIteratorPopulator::removeDuplicatedOrderValues): Sorts the Vector and removes the duplicated
        order values.
        (WebCore::OrderIteratorPopulator::collectChild): Collect order value information from child.
        (WebCore::OrderIterator::setOrderValues): Deleted.
        * rendering/OrderIterator.h:
        (WebCore::OrderIteratorPopulator::OrderIteratorPopulator): Add helper class to manipulate OrderValues Vector.
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::layoutBlock): Remove unneeded code related to old OrderValues vector.
        (WebCore::RenderFlexibleBox::prepareOrderIteratorAndMargins): Populate OrderIterator using collectChild().
        (WebCore::RenderFlexibleBox::computeMainAxisPreferredSizes): Deleted.
        * rendering/RenderFlexibleBox.h: Rename computeMainAxisPreferredSizes() to prepareOrderIteratorAndMargins().
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::populateExplicitGridAndOrderIterator): Populate OrderIterator using collectChild().

2014-05-26  Tim Horton  <timothy_horton@apple.com>

        [wk2] RemoteLayerBackingStore front buffers should be purgeable when unparented
        https://bugs.webkit.org/show_bug.cgi?id=133020
        <rdar://problem/16521736>

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * platform/graphics/cg/IOSurfacePool.cpp:
        (WebCore::IOSurfacePool::willAddSurface):
        * platform/graphics/cocoa/IOSurface.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::releaseGraphicsContext):
        Rename clearGraphicsContext to releaseGraphicsContext for clarity.

2014-05-26  Philip Rogers  <pdr@google.com>

        Remove special case for transparent SVG root layers
        https://bugs.webkit.org/show_bug.cgi?id=116856

        Reviewed by Dirk Schulze.

        This patch removes a special case from RenderLayer for root SVG layers
        with opacity. Instead of checking whether a composited layer exists in
        SVGRenderingContext::prepareToRenderSVGContent we now exclude the root
        SVG renderobject from the opacity checks in prepareToRenderSVGContent.

        This is a merge of https://src.chromium.org/viewvc/blink?view=rev&revision=174102
        by Philip Rogers <pdr@chromium.org>.

        No new tests as this is covered by svg/custom/composited-svg-with-opacity.html.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::isTransparent): Deleted.
        * rendering/RenderLayer.h:
        * rendering/svg/SVGRenderingContext.cpp:
        (WebCore::SVGRenderingContext::prepareToRenderSVGContent):
            The opacity case for root svg renderers is now handled by
            RenderLayer.

2014-05-26  Yusuke Suzuki  <utatane.tea@gmail.com>

        CSS JIT: Fix build error raised when CSS_SELECTOR_JIT_DEBUGGING is 1
        https://bugs.webkit.org/show_bug.cgi?id=133266

        Reviewed by Benjamin Poulain.

        When CSS_SELECTOR_JIT_DEBUGGING is 1, build erros occur on x86_64.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generatePrologue):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateEpilogue):

2014-05-26  Benjamin Poulain  <benjamin@webkit.org>

        Fix the quirks mode selector matching of the pseudo classes :hover and :active
        https://bugs.webkit.org/show_bug.cgi?id=133063

        Reviewed by Antti Koivisto.

        Our implementation of the quirks mode of :active and :hover was very wrong. The only
        thing it was doing is verify the pseudo class is not the first selector of a fragment
        (which was conveniently the only thing that was tested :)).

        Since those pseudo class were only checking for the order of the filters, something like
            #target:hover
        would succeed because :hover is not the first simple selector, while
            :hover#target
        would fail.

        That behavior is also a problem for the CSS JIT as it is an implementation detail of SelectorChecker
        and compiling something like that with our out-of-order matching would be nonsense.

        This patch update the implementation to follow http://quirks.spec.whatwg.org/#the-:active-and-:hover-quirk
        Basically, the only cases that do not work in quirks mode are selectors composed only of "*, :hover and :active".

        To implement this behavior, I needed to be able to inspect a complete selector fragment, including
        what is before and after :hover/:active.
        To do that, I replaced the boolean isSubSelector by a pointer to the first selector of the fragment.
        When we need to match :active/:hover in quirks mode, we just go over all the selectors in the fragment
        to find one of the qualifying match type.

        Tests: fast/selectors/active-hover-quirks.html
               fast/selectors/active-quirks.html
               fast/selectors/hover-quirks.html

        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::matchRecursively):
        (WebCore::canMatchHoverOrActiveInQuirksMode):
        (WebCore::SelectorChecker::checkOne):
        * css/SelectorChecker.h:
        (WebCore::SelectorChecker::SelectorCheckingContext::SelectorCheckingContext):

2014-05-26  Zalan Bujtas  <zalan@apple.com>

        Split the call to adjustForLocalZoom out into a separate expression.
        https://bugs.webkit.org/show_bug.cgi?id=133286

        Reviewed by Darin Adler.

        This patch ensures that adjustForLocalZoom() always gets called before we look at
        zoomFactor's value. (and not rely on the undefined behavior of the order of function argument evaluation)

        * dom/Element.cpp:
        (WebCore::Element::offsetLeft):
        (WebCore::Element::offsetTop):

2014-05-26  Darin Adler  <darin@apple.com>

        Class name matching should use ASCII case-insensitive matching, not Unicode case folding
        https://bugs.webkit.org/show_bug.cgi?id=133292

        Reviewed by Anders Carlsson.

        Tests: fast/dom/getElementsByClassName/ASCII-case-insensitive.html
               fast/dom/getElementsByClassName/case-sensitive.html

        * dom/SpaceSplitString.cpp:
        (WebCore::hasNonASCIIOrUpper): Deleted.
        (WebCore::tokenizeSpaceSplitString): Use a for loop instead of while.
        (WebCore::spaceSplitStringTable): Renamed from sharedDataMap; the new name is supposed
        to help us see the analogy with the atomic string table.
        (WebCore::SpaceSplitString::set): Removed unneeded special case for null and preflight
        since AtomicString::convertToASCIILowercase now handles both of those. Changed to call
        convertToASCIILowercase instead of foldCase, since we don't want to fold non-ASCII.
        (WebCore::SpaceSplitString::spaceSplitStringContainsValue): Ditto.
        (WebCore::SpaceSplitStringData::create): Marked this inline since it's only called in
        one place and that place is in this file. Also used auto a bit and used get instead of
        find since the value type is a simple pointer.
        (WebCore::SpaceSplitStringData::destroy): Removed unneeded check for null. We never
        create any SpaceSplitStringData with empty strings, and a null is a kind of empty string.

        * dom/SpaceSplitString.h: Removed some unneeded includes and some unneeded uses of the
        inline keyword. Changed types from size_t to unsigned in a couple places; we had a mix
        of the types and there was no reason to use size_t there.

2014-05-26  Javier Fernandez  <jfernandez@igalia.com>

        [CSS Grid Layout] Implementation of the "grid" shorthand.
        https://bugs.webkit.org/show_bug.cgi?id=132122

        Reviewed by Darin Adler.

        The grid property is a shorthand that sets all of the explicit
        grid properties (grid-template-rows, grid-template-columns, and
        grid-template-areas) as well as all the implicit grid properties
        (grid-auto-rows, grid-auto-columns, and grid-auto-flow) in a
        single declaration

        Notice that either explicit or implicit grid can be specified,
        assigning the initial values to the omitted properties.

        Test: fast/css-grid-layout/grid-shorthand-get-set.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseGridShorthand):
        * css/CSSParser.h:
        * css/CSSPropertyNames.in:
        * css/StylePropertyShorthand.cpp:
        (WebCore::webkitGridShorthand):
        * css/StylePropertyShorthand.h:

2014-05-26  Zalan Bujtas  <zalan@apple.com>

        Subpixel layout: Legacy Element.offset* client* return values are invalid in certain cases.
        https://bugs.webkit.org/show_bug.cgi?id=133272

        Reviewed by Simon Fraser.

        Element.offset* client* functions applied various rounding strategies on the return values before r168868.
        (for example, offsetLeft/Top either floored through implicit integer arithmetics or rounded explicitly depending
        whether the zoom scale was 1. see http://trac.webkit.org/changeset/168868/trunk/Source/WebCore/dom/Element.cpp for details)
        This patch mimics the legacy behavior by either rounding or flooring the return value.

        Not testable (legacy switch is not exposed)

        * dom/Element.cpp:
        (WebCore::adjustForLocalZoom):
        (WebCore::convertToNonSubpixelValueIfNeeded):
        (WebCore::Element::offsetLeft):
        (WebCore::Element::offsetTop):

2014-05-26  Michał Pakuła vel Rutka  <m.pakula@samsung.com>

        [EFL] Input fields and text areas are not rendered correctly after r167771
        https://bugs.webkit.org/show_bug.cgi?id=133181

        Reviewed by Gyuyoung Kim.

        r167771 changed arguments of RenderTheme two virtual method arguments which were not reflected
        in changes in derived classes, which caused parent method to be called. Arguments in derived class
        were updated, also 'override' specifiers were added to all virtual methods to prevent similar errors.

        Already covered by fast/forms/textarea-placeholder-wrapping.html

        * platform/efl/RenderThemeEfl.cpp:
        (WebCore::RenderThemeEfl::paintTextField):
        (WebCore::RenderThemeEfl::paintTextArea):
        * platform/efl/RenderThemeEfl.h:
        (WebCore::RenderThemeEfl::supportsHover):
        (WebCore::RenderThemeEfl::supportsControlTints):

2014-05-20  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] Children of grid containers must be turned into grid items
        https://bugs.webkit.org/show_bug.cgi?id=132991

        Reviewed by Darin Adler.

        From Blink r150472 by <jchaffraix@chromium.org>

        According to specs each child of a grid container must become a
        grid item meaning that grid items are grid level boxes and thus,
        do not participate in the block formatting context but in the grid
        formatting one.

        This change updates the grid items' 'display' property after style
        resolution so that we match the specification (see section 4. Grid
        Items). The spec basically instructs us to compute the value of
        'display' by applying the table in CSS2.1 Chapter 9.7
        http://www.w3.org/TR/CSS2/visuren.html#dis-pos-flo

        Test: fast/css-grid-layout/grid-item-display.html

        * css/StyleResolver.cpp:
        (WebCore::isDisplayGridBox):
        (WebCore::StyleResolver::adjustRenderStyle):

2014-05-26  Zan Dobersek  <zdobersek@igalia.com>

        Remove Vector copies in ShorthandPropertyWrapper implementation and use
        https://bugs.webkit.org/show_bug.cgi?id=133265

        Reviewed by Simon Fraser.

        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::ShorthandPropertyWrapper::ShorthandPropertyWrapper): Move the passed-in Vector
        into the member variable instead of using Vector<>::swap().
        (WebCore::ShorthandPropertyWrapper::propertyWrappers): Return a const reference of the member
        variable instead of a const value.
        (WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap): Move the Vector
        object into the ShorthandProperthyWrapper constructor.
        (WebCore::gatherEnclosingShorthandProperties): Deploy a range-based for-loop.

2014-05-26  Tanay C  <tanay.c@samsung.com>

        [EFL] Fix build error in blob.cpp after r168435
        https://bugs.webkit.org/show_bug.cgi?id=132678

        Reviewed by Alexey Proskuryakov.

        * fileapi/Blob.cpp:
        (WebCore::Blob::size): Using isInBound to check range of local var
        actualsize to resolve build error

2014-05-25  Ryuan Choi  <ryuan.choi@samsung.com>

        [EFL] Remove TileCairo and TiledBackingStoreBackendCairo
        https://bugs.webkit.org/show_bug.cgi?id=133274

        Reviewed by Gyuyoung Kim.

        Now, TiledBackingStore is only used for CoordinatedGraphics and the EFL port.
        CoordinatedGraphics does not use TileCairo and TiledBackingStoreBackendCairo.

        This patch removed them and refactored related files.

        * PlatformEfl.cmake:
        * PlatformGTK.cmake:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * platform/graphics/TiledBackingStore.cpp:
        (WebCore::TiledBackingStore::TiledBackingStore): Deleted.
        * platform/graphics/TiledBackingStore.h:
        * platform/graphics/TiledBackingStoreBackend.h:
        * platform/graphics/cairo/TileCairo.cpp: Removed.
        * platform/graphics/cairo/TiledBackingStoreBackendCairo.cpp: Removed.

2014-05-25  Jinwoo Song  <jinwoo7.song@samsung.com>

        setData() of DataTransfer has a void return type
        https://bugs.webkit.org/show_bug.cgi?id=133108

        Reviewed by Alexey Proskuryakov.

        According to HTML5 spec, setData() of DataTranfer interface does not return value.
        http://www.w3.org/TR/html/editing.html#the-datatransfer-interface

        Test: editing/pasteboard/set_data_typeof_return.html

        * dom/DataTransfer.cpp:
        (WebCore::DataTransfer::setData):
        * dom/DataTransfer.h:
        * dom/DataTransfer.idl:
        * platform/Pasteboard.h:
        * platform/efl/PasteboardEfl.cpp:
        (WebCore::Pasteboard::writeString):
        * platform/gtk/PasteboardGtk.cpp:
        (WebCore::Pasteboard::writeString):
        * platform/ios/PasteboardIOS.mm:
        (WebCore::Pasteboard::writeString):
        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::writeString):
        * platform/win/PasteboardWin.cpp:
        (WebCore::Pasteboard::writeString):

2014-05-25  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Use ScrollView's scrollOffset as the unobscuredContentRect
        https://bugs.webkit.org/show_bug.cgi?id=133262

        Reviewed by Simon Fraser.

        Since VisibleContentRect was fixed, we were no longer sending scroll events when updating the scrollOffset
        when updating the visible content rects. The reason is that the scrollOffset was defined as the top left of the
        VisibleContentRect, and as such was already at the end position after updating the unobscured rect.

        This patch split the unobscuredContentRect in unobscuredContentSize (updated live on zoom) and the position defined
        by the ScrollView's scrollOffset (updated when scrolling).

        * WebCore.exp.in:
        * platform/ScrollView.h:
        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::unobscuredContentRect):
        (WebCore::ScrollView::setUnobscuredContentSize):
        (WebCore::ScrollView::setUnobscuredContentRect): Deleted.

2014-05-25  David Kilzer  <ddkilzer@apple.com>

        Add type-checked casts for TransformOperations
        <http://webkit.org/b/133217>

        Reviewed by Simon Fraser.

        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::validateTransformOperations):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::getTransformFunctionValue):
        - Switch to type-checked casts.

        * platform/graphics/transforms/IdentityTransformOperation.h:
        * platform/graphics/transforms/Matrix3DTransformOperation.h:
        * platform/graphics/transforms/MatrixTransformOperation.h:
        * platform/graphics/transforms/PerspectiveTransformOperation.h:
        * platform/graphics/transforms/RotateTransformOperation.h:
        * platform/graphics/transforms/ScaleTransformOperation.h:
        * platform/graphics/transforms/SkewTransformOperation.h:
        * platform/graphics/transforms/TranslateTransformOperation.h:
        - Add 'final' to class declaration.
        - Add 'override' to overridden methods.
        - Add type-checked cast via TRANSFORMOPERATION_TYPE_CASTS macro.
        - Move implementation of operator==(const TransformOperation&)
          from header to source file so it is able to use a type-checked
          cast, and switch back to using a reference instead of a
          pointer.
        - Add or update ASSERT in private constructor to check for
          correct OperationType in classes that represent multiple
          types.

        * platform/graphics/transforms/Matrix3DTransformOperation.cpp:
        (WebCore::Matrix3DTransformOperation::operator==): Added.

        * platform/graphics/transforms/MatrixTransformOperation.cpp:
        (WebCore::Matrix3DTransformOperation::operator==): Added.
        (WebCore::MatrixTransformOperation::blend):
        - Switch to type-checked casts and use a reference.

        * platform/graphics/transforms/PerspectiveTransformOperation.cpp:
        (WebCore::Matrix3DTransformOperation::operator==): Added.
        (WebCore::PerspectiveTransformOperation::blend):
        * platform/graphics/transforms/RotateTransformOperation.cpp:
        (WebCore::Matrix3DTransformOperation::operator==): Added.
        (WebCore::RotateTransformOperation::blend):
        * platform/graphics/transforms/ScaleTransformOperation.cpp:
        (WebCore::Matrix3DTransformOperation::operator==): Added.
        (WebCore::ScaleTransformOperation::blend):
        * platform/graphics/transforms/SkewTransformOperation.cpp:
        (WebCore::Matrix3DTransformOperation::operator==): Added.
        (WebCore::SkewTransformOperation::blend):
        * platform/graphics/transforms/TranslateTransformOperation.cpp:
        (WebCore::Matrix3DTransformOperation::operator==): Added.
        (WebCore::TranslateTransformOperation::blend):
        - Switch to type-checked casts.

        * platform/graphics/transforms/TransformOperation.h:
        (WebCore::TransformOperation::isRotateTransformOperationType):
        (WebCore::TransformOperation::isScaleTransformOperationType):
        (WebCore::TransformOperation::isSkewTransformOperationType):
        (WebCore::TransformOperation::isTranslateTransformOperationType):
        - Add type-checking methods used in constructors and type-checked
          casts.
        - Define TRANSFORMOPERATION_TYPE_CASTS macro used by subclasses.

2014-05-25  David Kilzer  <ddkilzer@apple.com>

        Crash in WebCore::TextResourceDecoder::checkForCSSCharset
        <http://webkit.org/b/133257>
        <rdar://problem/17027109>

        Reviewed by Alexey Proskuryakov.

        Test: fast/encoding/css-charset-missing-semi-colon-and-newline.html

        * loader/TextResourceDecoder.cpp:
        (WebCore::TextResourceDecoder::checkForCSSCharset): Add early
        return.

2014-05-24  Eric Carlson  <eric.carlson@apple.com>

        [Mac] preload AVAssetTrack properties before asking for them
        https://bugs.webkit.org/show_bug.cgi?id=133240

        Reviewed by Jer Noble.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::assetTrackMetadataKeyNames): Add preferredTransform and naturalSize to the list
            of properties we preload.

2014-05-24  Zsolt Borbely  <zsborbely.u-szeged@partner.samsung.com>

        Remove one of the CSSProperty constructor
        https://bugs.webkit.org/show_bug.cgi?id=131094

        Reviewed by Darin Adler.

        Remove one of the CSSProperty constructor, because it is obsolete.

        * css/CSSProperty.h:
        (WebCore::CSSProperty::CSSProperty): Deleted.
        * css/StyleProperties.h:
        (WebCore::StyleProperties::PropertyReference::toCSSProperty):

2014-05-23  Simon Fraser  <simon.fraser@apple.com>

        Rename ScrollingTreeScrollingNode's m_scrollPosition to make it clear that it's the value committed from the state tree
        https://bugs.webkit.org/show_bug.cgi?id=133254

        Reviewed by Tim Horton.

        Make ScrollingTreeScrollingNode::scrollPosition() pure virtual, and rename
        the member variable and associated getter to make it clear that they relate
        to the last committed scroll position.

        * page/scrolling/ScrollingTreeScrollingNode.cpp:
        (WebCore::ScrollingTreeScrollingNode::updateBeforeChildren):
        * page/scrolling/ScrollingTreeScrollingNode.h:
        (WebCore::ScrollingTreeScrollingNode::lastCommittedScrollPosition):
        (WebCore::ScrollingTreeScrollingNode::scrollPosition): Deleted.

2014-05-23  Simon Fraser  <simon.fraser@apple.com>

        Share some more ScrollingTreeScrollingNode code
        https://bugs.webkit.org/show_bug.cgi?id=133248

        Reviewed by Sam Weinig.

        Push scrollBy(), scrollByWithoutContentEdgeConstraints() and setScrollPosition()
        down to ScrollingTreeFrameScrollingNode.
        
        This requires that scrollPosition() return the right thing for each class, so make
        it virtual. Future patches will reduce the confusion between the committed scroll
        position and the one derived from layers.

        * page/scrolling/ScrollingTreeFrameScrollingNode.cpp:
        (WebCore::ScrollingTreeFrameScrollingNode::scrollBy):
        (WebCore::ScrollingTreeFrameScrollingNode::scrollByWithoutContentEdgeConstraints):
        (WebCore::ScrollingTreeFrameScrollingNode::setScrollPosition):
        * page/scrolling/ScrollingTreeFrameScrollingNode.h:
        * page/scrolling/ScrollingTreeScrollingNode.h:
        (WebCore::ScrollingTreeScrollingNode::scrollPosition):
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.h:
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::setScrollPosition): Deleted.
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::scrollBy): Deleted.
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::scrollByWithoutContentEdgeConstraints): Deleted.
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::immediateScrollBy):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::immediateScrollByWithoutContentEdgeConstraints):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::scrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::scrollBy): Deleted.
        (WebCore::ScrollingTreeFrameScrollingNodeMac::scrollByWithoutContentEdgeConstraints): Deleted.

2014-05-24  Chris Fleizach  <cfleizach@apple.com>

        AX: fix coordinate mapping for iOS accessibility
        https://bugs.webkit.org/show_bug.cgi?id=133188

        Reviewed by Sam Weinig.

        Make WebCore aware of the accessibility point/rect conversion methods.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper convertPointToScreenSpace:]):
        (-[WebAccessibilityObjectWrapper convertRectToScreenSpace:]):
        * loader/EmptyClients.h:
        * page/Chrome.cpp:
        (WebCore::Chrome::accessibilityScreenToRootView):
        (WebCore::Chrome::rootViewToAccessibilityScreen):
        * page/Chrome.h:
        * page/ChromeClient.h:
        * platform/HostWindow.h:

2014-05-24  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Non-compositing transforms with subpixel coordinates paint to wrong position.
        https://bugs.webkit.org/show_bug.cgi?id=133184
        <rdar://problem/16745606>

        Reviewed by Simon Fraser.

        Snapping relative negative coordinate values should produce the same position as if they were
        positive absolute coordinates.
        When a child box gets positioned off of its containers towards top/left, its relative coordinates
        become negative. Pixel snapping those negative values should produce the same
        final painting position as if the child box was fixed positioned with positive coordinates.
        Since halfway values always round away from zero, negative and positive halfway values
        produce opposite rounding direction.
        This patch ensures that negative halfway values round to the direction as if they were positive.  

        Test: fast/layers/hidpi-floor-negative-coordinate-values-to-maintain-rounding-direction.html

        * platform/LayoutUnit.h:
        (WebCore::roundToDevicePixel):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerByApplyingTransform):

2014-05-24  Frédéric Wang  <fred.wang@free.fr>

        Use size variants and glyph assembly from the MATH data.
        https://bugs.webkit.org/show_bug.cgi?id=130322

        Reviewed by Chris Fleizach.

        This patch modifies the RenderMathMLOperator code to use the MATH table
        when one is provided in the current font on the <math> tag. More
        precisely, the MathVariants table is used to draw a size variant or
        a glyph assembly. The displaystyle attribute is not supported yet, so
        for now large operators are always assumed to be in display style. The
        MATH support does not work well with all platforms+fonts, so at the
        moment the default font-family on the <math> is not changed.

        Tests: mathml/opentype/large-operators-LatinModern.html
               mathml/opentype/opentype-stretchy.html
               mathml/opentype/vertical-LatinModern.html

        * css/mathml.css: We only specify the default font-family on the math root, so that people can easily style the mathematics.
        For now, old fonts without the MATH table are still used as the default.
        (math):
        (math, mfenced > *): Deleted.
        (mo, mfenced): Deleted.
        * platform/graphics/SimpleFontData.cpp: don't return the math data if the font is loading.
        (WebCore::SimpleFontData::mathData):
        * platform/graphics/opentype/OpenTypeMathData.cpp: update #ifdef so that disabling ENABLE_OPENTYPE_MATH won't lead to errors with unused parameters.
        (WebCore::OpenTypeMathData::OpenTypeMathData):
        (WebCore::OpenTypeMathData::getMathConstant):
        (WebCore::OpenTypeMathData::getItalicCorrection):
        (WebCore::OpenTypeMathData::getMathVariants):
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::boundsForGlyph):
        (WebCore::RenderMathMLOperator::heightForGlyph):
        (WebCore::RenderMathMLOperator::advanceForGlyph):
        (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): We handle preferred width of size variants.
        (WebCore::RenderMathMLOperator::shouldAllowStretching): This function now only returns whether the operator will stretch and no longer has side effect.
        (WebCore::RenderMathMLOperator::getGlyphAssemblyFallBack): We add a function to convert from the MathVariant table data to the format supported by RenderMathMLOperator.
        (WebCore::RenderMathMLOperator::getDisplayStyleLargeOperator): We add a function to get the glyph that will be used for large operators in display style.
        (WebCore::RenderMathMLOperator::findStretchyData): We make this function handle size variants.
        (WebCore::RenderMathMLOperator::updateStyle): We handle size variants.
        (WebCore::RenderMathMLOperator::paint): We handle size variants.
        * rendering/mathml/RenderMathMLOperator.h:

2014-05-23  Tim Horton  <timothy_horton@apple.com>

        REGRESSION (iOS WebKit2): requestAnimationFrame fires more than once between layer tree commits
        https://bugs.webkit.org/show_bug.cgi?id=132794
        <rdar://problem/16877909>

        Reviewed by Simon Fraser.

        Virtualize DisplayRefreshMonitor so that WebKit2 can implement its own DisplayRefreshMonitor for UI-side compositing views.
        This allows the synchronization of requestAnimationFrame callbacks with UI-side compositing painting.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        
        * page/ChromeClient.h:
        (WebCore::ChromeClient::graphicsLayerFactory):
        (WebCore::ChromeClient::createDisplayRefreshMonitor):
        * platform/graphics/DisplayRefreshMonitorFactory.h: Added.
        * platform/graphics/GraphicsLayerUpdater.cpp:
        (WebCore::GraphicsLayerUpdater::createDisplayRefreshMonitor):
        * platform/graphics/GraphicsLayerUpdater.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::createDisplayRefreshMonitor):
        * rendering/RenderLayerCompositor.h:
        Give the ChromeClient a chance to provide us with a custom DisplayRefreshMonitor.
        If it does not, we'll fall back to making a DisplayRefreshMonitorMac or
        DisplayRefreshMonitorIOS depending on the platform.

        * dom/ScriptedAnimationController.cpp:
        * dom/ScriptedAnimationController.h:
        * platform/graphics/DisplayRefreshMonitor.cpp:
        * platform/graphics/DisplayRefreshMonitor.h:
        * platform/graphics/DisplayRefreshMonitorClient.cpp: Added.
        * platform/graphics/DisplayRefreshMonitorClient.h: Added.
        * platform/graphics/DisplayRefreshMonitorManager.cpp: Added.
        * platform/graphics/DisplayRefreshMonitorManager.h: Added.
        Split DisplayRefreshMonitor.cpp into one file per class.
        Use references in a few places.
        Remove some useless comments.

        * platform/graphics/DisplayRefreshMonitor.cpp:
        (WebCore::DisplayRefreshMonitor::displayDidRefresh):
        Use takeAny() and remove a FIXME about it not existing.

        * platform/graphics/DisplayRefreshMonitorClient.cpp: Added.
        (WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded):
        Use an early return instead of having the whole function body in an if().

        * platform/graphics/ios/DisplayRefreshMonitorIOS.h: Added.
        * platform/graphics/ios/DisplayRefreshMonitorIOS.mm:
        * platform/graphics/mac/DisplayRefreshMonitorMac.cpp:
        * platform/graphics/mac/DisplayRefreshMonitorMac.h: Added.
        Virtualize DisplayRefreshMonitorIOS and DisplayRefreshMonitorMac,
        and move things specific to each of them out of DisplayRefreshMonitor itself.

2014-05-23  Yusuke Suzuki  <utatane.tea@gmail.com>

        CSS JIT: Apply backtracking optimization to adjacent backtracking
        https://bugs.webkit.org/show_bug.cgi?id=132951

        Reviewed by Benjamin Poulain.

        Apply the backtracking optimization to the adjacent backtracking.
        This optimization is already done for the descendant backtracking.
        We apply this to the adjacent backtracking similarly.

        Test: fast/selectors/backtracking-adjacent-optimized.html

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorFragment::SelectorFragment):
        (WebCore::SelectorCompiler::solveAdjacentBacktrackingActionForDirectAdjacent):
        (WebCore::SelectorCompiler::solveBacktrackingAction):
        (WebCore::SelectorCompiler::computeBacktrackingStartOffsetInChain):
        (WebCore::SelectorCompiler::computeBacktrackingHeightFromDescendant):
        (WebCore::SelectorCompiler::computeBacktrackingWidthFromIndirectAdjacent):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::computeBacktrackingInformation):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateIndirectAdjacentTreeWalker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::linkFailures):
        (WebCore::SelectorCompiler::computeBacktrackingStartHeightFromDescendant): Deleted.

2014-05-23  Alex Christensen  <achristensen@webkit.org>

        Make CSS JIT run on ARM64.
        https://bugs.webkit.org/show_bug.cgi?id=133156

        Reviewed by Benjamin Poulain.

        * cssjit/FunctionCall.h:
        (WebCore::FunctionCall::saveAllocatedRegisters):
        (WebCore::FunctionCall::restoreAllocatedRegisters):
        Use StackAllocator's new push and pop functions to push and pop a vector instead of iterating it.
        * cssjit/RegisterAllocator.h:
        (WebCore::RegisterAllocator::reserveCalleeSavedRegisters):
        (WebCore::RegisterAllocator::restoreCalleeSavedRegisters):
        Return a vector of registers to allocate instead of doing the allocation to make the RegisterAllocator
        not need to know about the StackAllocator and to use the new vector push and pop functions.
        (WebCore::RegisterAllocator::~RegisterAllocator):
        Store RegisterIDs instead of StackReferences to avoid needing to know about the stack.
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::compile):
        Removed the requirement for assert to be disabled to print disassembly when debugging css jit.
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generatePrologue):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateEpilogue):
        Added to correctly push the link register and frame pointer.
        This is required if the jit code calls a function on arm64 and helpful for debugging tools on x86_64.
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
        Generate the prologue and epilogue which respectively push and pop
        the link register, frame pointer, and callee saved registers if needed.
        * cssjit/StackAllocator.h:
        (WebCore::StackAllocator::push):
        (WebCore::StackAllocator::pop):
        Added new vector push and pop functions to use stp and ldb instructions on arm64.

2014-05-23  Jeremy Jones  <jeremyj@apple.com>

        Hide fullscreen immediately when switching tabs.
        https://bugs.webkit.org/show_bug.cgi?id=133239

        Reviewed by Eric Carlson.

        This change allows fullscreen to disappear immediately while still cleaning
        up fullscreen normally.

        * WebCore.exp.in:
        * platform/ios/WebVideoFullscreenControllerAVKit.h:
        renamed function to requestHideAndExitFullscreen

        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        renamed function to requestHideAndExitFullscreen

        (-[WebVideoFullscreenController requestHideAndExitFullscreen]):
        rename of requestExitFullscreen that also hides.

        (-[WebVideoFullscreenController requestExitFullscreen]): Deleted.
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h: declare requestHideAndExitFullscreen()
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::requestHideAndExitFullscreen):
        this hides the window before requesting exitfullscreen from the model.

2014-05-23  Tim Horton  <timothy_horton@apple.com>

        [iOS] WKPDFView should have a page indicator
        https://bugs.webkit.org/show_bug.cgi?id=133109
        <rdar://problem/16383003>

        Reviewed by Anders Carlsson.

        * English.lproj/Localizable.strings:

2014-05-23  Enrica Casucci  <enrica@apple.com>

        Remove invalid ASSERT in wordRangeForPosition.
        https://bugs.webkit.org/show_bug.cgi?id=133232

        Reviewed by Ryosuke Niwa.

        In WK2 for iOS this function is called on every selection change.
        The selection could be set by Javascript in an element that is not visible.
        In that case we won't be able to create a VisiblePosition therefore wordRangeForPosition
        should not ASSERT that the VisiblePosition is not null, but rather
        perform an early return if it is null.

        * editing/VisibleUnits.cpp:
        (WebCore::wordRangeFromPosition):

2014-05-23  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Grid Layout] Use gridRowCount() and gridColumnCount() when possible
        https://bugs.webkit.org/show_bug.cgi?id=133213

        Reviewed by Sergio Villar Senin.

        Use gridRowCount() and gridColumnCount() instead of m_grid.size() and
        m_grid[0].size() to make the code more descriptive and easier to
        understand.

        No new tests (No change in behavior).

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::growGrid):
        (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):

2014-05-23  Alexey Proskuryakov  <ap@apple.com>

        REGRESSION (r153917): Chart for the Category Explorer within Quicken Essentials
        does not draw until you force a redraw
        https://bugs.webkit.org/show_bug.cgi?id=133228
        <rdar://problem/15221231>

        Reviewed by Simon Fraser.

        * platform/RuntimeApplicationChecks.cpp: (WebCore::applicationIsQuickenEssentials):
        * platform/RuntimeApplicationChecks.h:
        Added a check for Quicken Essentials.

        * platform/mac/WidgetMac.mm: (WebCore::Widget::paint): Don't do an early return
        for Quicken Essentials, it depends on drawing to update its layer.

2014-05-23  Mihnea Ovidenie  <mihnea@adobe.com>

        REGRESSION(r169105): fast/regions/cssom/region-range-for-box-crash.html is more crashy than before
        https://bugs.webkit.org/show_bug.cgi?id=133124

        Reviewed by David Hyatt.

        When adjusting the end points of a subtree selection in the case of a document
        with named flows, we have to make sure that we pass the computed end
        points to the visible selection algorithm only if the end points are
        part of the same subtree, otherwise assume a selection clear behavior.

        The test fast/regions/cssom/region-range-for-box-crash.html is used to
        test this behavior.

        * rendering/SelectionSubtreeRoot.cpp:
        (WebCore::SelectionSubtreeRoot::adjustForVisibleSelection):
        (WebCore::SelectionSubtreeRoot::selectionStartEndPositions): Moved to header file.
        * rendering/SelectionSubtreeRoot.h:
        (WebCore::SelectionSubtreeRoot::selectionStartEndPositions):

2014-05-23  Jeremy Jones  <jeremyj@apple.com>

        reset m_havePreparedToPlay when changing media engines.
        https://bugs.webkit.org/show_bug.cgi?id=133199

        Reviewed by Eric Carlson.

        If a play request comes in before the media player is created, m_havePreparedToPlay
        is set to true. But when the player is created, this prevents the new player from
        getting the prepare call.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaPlayerEngineUpdated): set m_havePreparedToPlay false.

2014-05-23  Oliver Hunt  <oliver@apple.com>

        Navigator object needs to have properties directly on the instance object
        https://bugs.webkit.org/show_bug.cgi?id=133221

        Reviewed by Mark Lam.

        Flag the Navigator object as requiring properties to be on the instance
        as there were a few compatibility issues when on the prototype.

        * bindings/scripts/CodeGeneratorJS.pm:
        (InterfaceRequiresAttributesOnInstance):

2014-05-23  Simon Fraser  <simon.fraser@apple.com>

        Switch CSSGradientValue to use more references
        https://bugs.webkit.org/show_bug.cgi?id=133206

        Reviewed by Andreas Kling.

        Switch from pointers to references in various places.

        * css/CSSGradientValue.cpp:
        (WebCore::CSSGradientValue::image):
        (WebCore::CSSGradientValue::addStops):
        (WebCore::positionFromValue):
        (WebCore::CSSGradientValue::computeEndPoint):
        (WebCore::CSSLinearGradientValue::createGradient):
        (WebCore::CSSRadialGradientValue::resolveRadius):
        (WebCore::CSSRadialGradientValue::createGradient):
        * css/CSSGradientValue.h:

2014-05-23  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Make webkit-box-shadow painting subpixel aware.
        https://bugs.webkit.org/show_bug.cgi?id=133201
        <rdar://problem/16072830>

        Reviewed by Simon Fraser.

        This patch enables webkit-box-shadow to be painted on a subpixel position. However, we
        still truncate -webkit-box-shadow property values. Tracked here: http://webkit.org/b/133202

        Test: fast/box-shadow/hidpi-webkit-box-shadow-subpixel-position.html

        * platform/graphics/FloatRoundedRect.cpp:
        (WebCore::FloatRoundedRect::inflateWithRadii): same as in from RoundedRect.
        (WebCore::FloatRoundedRect::adjustRadii): same as in from RoundedRect.
        * platform/graphics/FloatRoundedRect.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintBoxShadow):

2014-05-22  peavo@outlook.com  <peavo@outlook.com>

        [Curl] Crash when exceeding maximum cache limit.
        https://bugs.webkit.org/show_bug.cgi?id=133185

        Reviewed by Brent Fulgham.

        When the maximum cache limit is exceeded, I get a crash.
        This happens when deleting cache entries, because a reference to the url string object in the LRU list
        is used as a parameter to invalidateCacheEntry(), when called from makeRoomForNewEntry().
        When the string is removed from the LRU list in makeRoomForNewEntry(), the string is deleted.
        Next, the string is accessed again to remove the url from the index, and we crash.

        This can be fixed by removing the string from the LRU list after it is removed from the index.

        Fixing the crash also revealed an infinite loop problem.
        If the url for some reason only exist in the LRU list, and not in the index,
        we will inifitely loop in makeRoomForNewEntry(), trying to remove this url from the cache, but never succeeding.
        This can be fixed by removing the url from the LRU list, also when it's not in the index.

        * platform/network/curl/CurlCacheManager.cpp:
        (WebCore::CurlCacheManager::makeRoomForNewEntry): Avoid infinite loop by checking if there are more cache entries to remove.
        (WebCore::CurlCacheManager::invalidateCacheEntry): Avoid crash and infinite loop by removing url from LRU list last.

2014-05-22  Simon Fraser  <simon.fraser@apple.com>

        Make viewport units work in CSS gradients
        https://bugs.webkit.org/show_bug.cgi?id=133204
        <rdar://problem/17012259>
        
        Reviewed by Tim Horton.
        
        Make viewport percentage lengths work in gradients.

        Test: fast/gradients/viewport-units-gradient.html

        * css/CSSGradientValue.cpp:
        (WebCore::CSSGradientValue::addStops):
        (WebCore::CSSLinearGradientValue::createGradient):
        (WebCore::CSSRadialGradientValue::createGradient):
        * css/CSSGradientValue.h:

2014-05-22  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Add support for minimal-ui viewports
        https://bugs.webkit.org/show_bug.cgi?id=133162

        Reviewed by Simon Fraser.

        Add support for minimal-ui directly into the Viewport configuration.

        ViewportConfiguration knows about two kinds of layout size in scrollview coordinates:
        -normal size
        -minimal ui size.

        Initially, the page is initialized with resetMinimalUI() and starts with a normal layout.

        At any time before the main resource is loaded, the Web page can update its viewport meta tag
        to include minimal-ui. The viewport configuration is updated immediately to reflect the minimal-ui
        layout size. Any layout after that takes minimal-ui into account.

        * WebCore.exp.in:
        * css/LengthFunctions.cpp:
        (WebCore::minimumValueForLength):
        (WebCore::floatValueForLength):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::viewportPercentageValue):
        * dom/ViewportArguments.h:
        (WebCore::ViewportArguments::operator==):
        * page/FrameView.cpp:
        (WebCore::FrameView::setViewportSizeForCSSViewportUnits):
        (WebCore::FrameView::viewportSizeForCSSViewportUnits):
        (WebCore::FrameView::setViewportSize): Deleted.
        (WebCore::FrameView::viewportSize): Deleted.
        * page/FrameView.h:
        * page/ViewportConfiguration.cpp:
        (WebCore::ViewportConfiguration::ViewportConfiguration):
        (WebCore::ViewportConfiguration::setMinimumLayoutSize):
        (WebCore::ViewportConfiguration::setMinimumLayoutSizeForMinimalUI):
        (WebCore::ViewportConfiguration::activeMinimumLayoutSizeInScrollViewCoordinates):
        (WebCore::ViewportConfiguration::resetMinimalUI):
        (WebCore::ViewportConfiguration::pageWillRenderFirstFrame):
        (WebCore::ViewportConfiguration::initialScale):
        (WebCore::ViewportConfiguration::minimumScale):
        (WebCore::ViewportConfiguration::updateConfiguration):
        (WebCore::ViewportConfiguration::layoutWidth):
        (WebCore::ViewportConfiguration::layoutHeight):
        (WebCore::ViewportConfiguration::description):
        * page/ViewportConfiguration.h:
        (WebCore::ViewportConfiguration::minimumLayoutSizeForMinimalUI):
        (WebCore::ViewportConfiguration::usesMinimalUI):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::viewportSizeForCSSViewportUnits):
        (WebCore::RenderView::viewportSize): Deleted.
        * rendering/RenderView.h:

2014-05-22  Ryosuke Niwa  <rniwa@webkit.org>

        Can't type in status in facebook.com on iOS Safari because keyboard disappears
        https://bugs.webkit.org/show_bug.cgi?id=133196

        Reviewed by Geoffrey Garen.

        Fixed the bug by rolling out r156252.

        When the user taps on the status on facebook.com, the page focuses a textarea,
        which is then made momentarily invisible by setting display:none.
        The page then removes display:none later and expects the textarea to be still focused.

        With r156252, the focus is removed after the page sets display:none and the keyboard disappears.
        Since the focus is never reset on the textarea, the user can never type in anything.

        The specification may need to change here given that this (rather odd) behavior/expectation exists
        on one of the most popular websites on the Web.

        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::recalcStyle):
        (WebCore::Document::updateLayout):
        (WebCore::Document::resetHiddenFocusElementSoon): Deleted.
        (WebCore::Document::resetHiddenFocusElementTimer): Deleted.
        * dom/Document.h:

2014-05-22  Myles C. Maxfield  <mmaxfield@apple.com>

        http/tests/security/xss-DENIED-xsl-document-redirect.xml fails with NetworkProcess
        https://bugs.webkit.org/show_bug.cgi?id=132523

        Reviewed by Alexey Proskuryakov.

        We should not manufacture a response in the event of an error during a
        synchronous XHR. In addition, this test removes two places that are
        sensitive to such a manufactured response.

        Updates test expectations.

        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::loadRequest): Don't inspect a
        loader response if there is an error
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::platformLoadResourceSynchronously): Do not
        manufacture a response
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::platformLoadResourceSynchronously): Do not
        manufacture a response
        * xml/XSLTProcessorLibxslt.cpp:
        (WebCore::docLoaderFunc): Only use the response's URL if no error
        occurred.

2014-05-22  Myles C. Maxfield  <litherum@gmail.com>

        Unreviewed typo fix.

        Reviewed by NOBODY.

        No new tests.

        * platform/graphics/mac/FontMac.mm:
        (WebCore::Font::dashesForIntersectionsWithRect): Accidentally said run.length() instead of glyphBuffer.size().

2014-05-22  Andreas Kling  <akling@apple.com>

        [iOS WebKit2] Web process should try to shrink its memory footprint when going into background.
        <https://webkit.org/b/133197>
        <rdar://problem/17011561>

        Make releaseMemory() public so we can call it from the process-will-suspend callback.

        Reviewed by Gavin Barraclough.

        * WebCore.exp.in:
        * platform/MemoryPressureHandler.h:

2014-05-22  Andreas Kling  <akling@apple.com>

        Hook up a setting for showing detailed logging during memory pressure relief.
        <https://webkit.org/b/133194>

        Make the pressure relief logger opt-in. Also make it flush memory back to the
        OS (for both malloc and FastMalloc) to get more accurate numbers at each step.

        Reviewed by Gavin Barraclough.

        * WebCore.exp.in:
        * platform/MemoryPressureHandler.cpp:
        * platform/MemoryPressureHandler.h:
        (WebCore::MemoryPressureHandler::ReliefLogger::ReliefLogger):
        (WebCore::MemoryPressureHandler::ReliefLogger::~ReliefLogger):
        (WebCore::MemoryPressureHandler::ReliefLogger::setLoggingEnabled):
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::ReliefLogger::platformMemoryUsage):

2014-05-22  Brady Eidson  <beidson@apple.com>

        Don't scan for phone numbers in editable regions
        <rdar://problem/16949846> and https://bugs.webkit.org/show_bug.cgi?id=133192

        Reviewed by Enrica Casucci.

        No new tests (Currently untested WK2-only feature)

        * editing/Editor.cpp:
        (WebCore::Editor::scanRangeForTelephoneNumbers): Skip the range if the Node is editable.

2014-05-22  Jeremy Jones  <jeremyj@apple.com>

        Captions layout incorrectly in fullscreen.
        https://bugs.webkit.org/show_bug.cgi?id=133175

        Reviewed by Eric Carlson.

        When doing layout for fullscreen, geometry should be absolute so it is not influenced
        by the rest of the page. This change adds style for CSSPropertyPosition, CSSPropertyLeft,
        and CSSPropertyTop.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateDisplay):
        Refactor style changes into updateStyleForTextTrackRepresentation().
        (WebCore::MediaControlTextTrackContainerElement::updateTimerFired):
        Refactor style changes into updateStyleForTextTrackRepresentation().
        (WebCore::MediaControlTextTrackContainerElement::clearTextTrackRepresentation):
        Refactor style changes into updateStyleForTextTrackRepresentation().
        (WebCore::MediaControlTextTrackContainerElement::updateStyleForTextTrackRepresentation):
        Consolidate style changes here. Include the two existing and three new style changes.
        * html/shadow/MediaControlElements.h:
        Declare updateStyleForTextTrackRepresentation().

2014-05-22  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (r155977): Very stuttery 3D css animation on jtechcommunications.com
        https://bugs.webkit.org/show_bug.cgi?id=133179
        <rdar://problem/16864666>

        Reviewed by Dean Jackson.

        Revert code added in r155977 to try to pick a good contentsScale for layers
        based on a root-relative transform. This resulted in pages with too much 
        backing store, and too many cases where layers repainted during animations,
        causing stutter.

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::GraphicsLayerCA):
        (WebCore::GraphicsLayerCA::flushCompositingState):
        (WebCore::GraphicsLayerCA::recursiveCommitChanges):
        (WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers):
        (WebCore::GraphicsLayerCA::updateContentsOpaque):
        (WebCore::GraphicsLayerCA::updateAnimations):
        (WebCore::GraphicsLayerCA::appendToUncommittedAnimations):
        (WebCore::GraphicsLayerCA::setTransformAnimationEndpoints):
        (WebCore::GraphicsLayerCA::setTransformAnimationKeyframes):
        (WebCore::GraphicsLayerCA::updateContentsScale):
        (WebCore::clampedContentsScaleForScale): Deleted.
        (WebCore::maxScaleFromTransform): Deleted.
        (WebCore::GraphicsLayerCA::updateRootRelativeScale): Deleted.
        (WebCore::GraphicsLayerCA::getTransformFromAnimationsWithMaxScaleImpact): Deleted.
        * platform/graphics/ca/GraphicsLayerCA.h:

2014-05-22  Martin Hock  <mhock@apple.com>

        [iOS] Enable -apple-system- styled elements to respond to system font size changes.
        https://bugs.webkit.org/show_bug.cgi?id=133186
        <rdar://problem/16583782>

        Reviewed by Enrica Casucci.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/RenderThemeIOS.h:
        * rendering/RenderThemeIOS.mm:
        (WebCore::_contentSizeCategory):
        (WebCore::RenderThemeIOS::contentSizeCategory):
        (WebCore::RenderThemeIOS::setContentSizeCategory):

2014-05-22  Jer Noble  <jer.noble@apple.com>

        [MSE] Stored samples are not freed when SourceBuffer is removed from MediaSource
        https://bugs.webkit.org/show_bug.cgi?id=133174

        Reviewed by Eric Carlson.

        Clear out stored MediaSamples from SourceBuffer's TrackBuffer storage when
        aborting loading. Also, report the memory cost of those samples, so that the
        SourceBuffer will be GCd more readily.

        Add a mechanism for reporting the size of a MediaSample:
        * Modules/mediasource/SourceBuffer.h:
        * platform/MediaSample.h:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        * platform/mock/mediasource/MockSourceBufferPrivate.cpp:

        Track the memory usage of a SampleMap when adding and removing samples, as well
        as allowing the SampleMap to be cleared wholesale:
        * Modules/mediasource/SampleMap.cpp:
        (WebCore::SampleMap::clear): Release all stored MediaSamples.
        (WebCore::SampleMap::addSample): Update m_totalSize.
        (WebCore::SampleMap::removeSample): Ditto.
        * Modules/mediasource/SampleMap.h:
        (WebCore::SampleMap::SampleMap): Initialize m_totalSize.
        (WebCore::SampleMap::sizeInBytes): Simple accessor.

        Clear the stored samples when loading is aborted, and report the extra memory
        cost
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::SourceBuffer): Initialize m_reportedExtraMemoryCost.
        (WebCore::SourceBuffer::removedFromMediaSource): Clear all stored samples.
        (WebCore::SourceBuffer::sourceBufferPrivateAppendComplete): Call reportExtraMemoryCost().
        (WebCore::SourceBuffer::reportExtraMemoryCost): Inform the vm of the new
            extra memory cost incurred by the object.

2014-05-22  Enrica Casucci  <enrica@apple.com>

        REGRESSION (WebKit2): Keyboard should have Search button in duckduckgo.com.
        https://bugs.webkit.org/show_bug.cgi?id=133183
        <rdar://problem/17004207>

        Reviewed by Geoff Garen.

        Adding new export.

        * WebCore.exp.in:

2014-05-22  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r163712): [GTK] Misspelling and grammar underline marks are no longer drawn
        https://bugs.webkit.org/show_bug.cgi?id=133047

        Reviewed by Darin Adler.

        Change two conditions changed by mistake in r163712.

        * editing/TextCheckingHelper.cpp:
        (WebCore::findMisspellings): Enter the loop also when wordStart is 0.
        (WebCore::TextCheckingHelper::findFirstMisspelling): Skip the work
        when the text is a single character. Also reworked it to use a for
        loop to improve the readability.

2014-05-22  Piotr Grad  <p.grad@samsung.com>

        Video is resumed with old playback rate.
        https://bugs.webkit.org/show_bug.cgi?id=132905

        Reviewed by Philippe Normand.

        Setting '0' playback rate is causing pipeline to pause.
        GStreamer player impl. exposed this information to upper layers but it should not.
        Solution is to hidden such situation behind m_playbackRatePause flag.

        Test: media/video-paused-0-rate.html

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer):
        (WebCore::MediaPlayerPrivateGStreamer::play):
        (WebCore::MediaPlayerPrivateGStreamer::pause):
        (WebCore::MediaPlayerPrivateGStreamer::doSeek):
        (WebCore::MediaPlayerPrivateGStreamer::updatePlaybackRate):
        (WebCore::MediaPlayerPrivateGStreamer::paused):
        (WebCore::MediaPlayerPrivateGStreamer::setRate):
        (WebCore::MediaPlayerPrivateGStreamer::updateStates):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:

2014-05-22  Antti Koivisto  <antti@apple.com>

        Text markers don't paint on simple lines
        https://bugs.webkit.org/show_bug.cgi?id=133177

        Reviewed by Anders Carlsson.
        
        Marker painting code does not yet support simple lines.

        Tests: fast/text/mark-matches-rendering-simple-lines.html
               fast/text/mark-matches-rendering.html

        * dom/DocumentMarkerController.cpp:
        (WebCore::DocumentMarkerController::addMarker):
        
            Force text blocks with markers to use line boxes.

        * testing/Internals.cpp:
        (WebCore::Internals::setMarkedTextMatchesAreHighlighted):
        
            Expose this so we can make reftests for marker rendering.

        * testing/Internals.h:
        * testing/Internals.idl:

2014-05-22  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Grid Layout] Guard RenderObject::isRenderGrid() method
        https://bugs.webkit.org/show_bug.cgi?id=132380

        Reviewed by Benjamin Poulain.

        Guard RenderObject::isRenderGrid() method under ENABLE_CSS_GRID_LAYOUT compilation flag.

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeLogicalWidthInRegion):
        * rendering/RenderObject.h:

2014-05-21  Antti Koivisto  <antti@apple.com>

        REGRESSION(r167870): Crash in simple line layout code with :after
        https://bugs.webkit.org/show_bug.cgi?id=133155
        <rdar://problem/16977696>

        Reviewed by Darin Adler.
        
        Fix https://bugs.webkit.org/show_bug.cgi?id=132241 in a safer way.
        The underline behavior is tested by the existing fast/text/simple-lines-hover-underline.html

        Test: fast/text/simple-lines-hover-after.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::invalidateLineLayoutPath): Deleted.

            Move to RenderBlockFlow.

        * rendering/RenderBlock.h:
        (WebCore::RenderBlock::invalidateLineLayoutPath):
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::styleDidChange):
        
            Invalidate layout if style changes in a manner that makes us ineligible to use the simple line layout path.

        (WebCore::RenderBlockFlow::invalidateLineLayoutPath):
        
            Drop the simple line layout on path invalidation if it exists. It may not be valid anymore.
            Also invalidate the layout if this happens so we'll reconstruct the lines later.

        (WebCore::RenderBlockFlow::simpleLineLayout): Deleted.
        (WebCore::RenderBlockFlow::ensureLineBoxes):
        (WebCore::RenderBlockFlow::createLineBoxes): Deleted.
                
            Revert some of the changes made it r167870.

        * rendering/RenderBlockFlow.h:
        (WebCore::RenderBlockFlow::simpleLineLayout):
        
            Add strong validity assert.

2014-05-21  Eric Carlson  <eric.carlson@apple.com>

        [iOS] two media control button strings are not localized
        https://bugs.webkit.org/show_bug.cgi?id=133160

        Reviewed by Geoffrey Garen.

        * English.lproj/mediaControlsLocalizedStrings.js:

2014-05-21  Dean Jackson  <dino@apple.com>

        [iOS] Update some of the media controls buttons to be bigger
        https://bugs.webkit.org/show_bug.cgi?id=133158
        <rdar://problem/16475828>

        Reviewed by Simon Fraser.

        The buttons in the media controls on iOS are too small
        to be comfortably pressed. Make them the size of the controls
        panel and the expected iOS button size (44x44px).

        The artwork for the buttons now includes the padding. I've
        added a file from which you can edit the artwork, then
        copy it into the CSS (because editing directly in CSS is
        a huge pain).

        So far just the play/pause and fullscreen button have been
        updated. There will be a follow-up patch to fix the remaining
        buttons and the scrubber.

        * Modules/mediacontrols/assets-apple-iOS.svg: Added.
        * Modules/mediacontrols/mediaControlsiOS.css:
        (audio::-webkit-media-controls-panel):
        (audio::-webkit-media-controls-fullscreen-button):
        (audio::-webkit-media-controls-play-button):
        (audio::-webkit-media-controls-play-button:active):
        (audio::-webkit-media-controls-play-button.paused):
        (audio::-webkit-media-controls-fullscreen-button:active):
        (@media only screen and (-webkit-min-device-pixel-ratio: 2)): Deleted.

2014-05-21  Zalan Bujtas  <zalan@apple.com>

        Garbage when rubber-banding at the right edge of a page zoomed to non-integral scale.
        https://bugs.webkit.org/show_bug.cgi?id=133139
        <rdar://problem/16503353>

        Reviewed by Simon Fraser.

        Do not pixel align the root content layer. The alignment code expands the graphics's layer size
        which makes the right and bottom tiles bigger than the content.
        Painting the body's background color produces pixel cracks, because the content can not
        fill the expanded tiles completely.

        Not testable.

        * platform/graphics/GraphicsLayerClient.h:
        (WebCore::GraphicsLayerClient::needsPixelAligment):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::updateGeometry):
        (WebCore::GraphicsLayerCA::computePixelAlignment):
        * platform/graphics/ca/mac/TileGrid.mm:
        (WebCore::TileGrid::rectForTileIndex):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::needsPixelAligment):
        * rendering/RenderLayerBacking.h:

2014-05-21  Radu Stavila  <stavila@adobe.com>

        REGRESSION (r168046): Invalid layout in WebCore::RenderBox::containingBlockLogicalWidthForPositioned
        https://bugs.webkit.org/show_bug.cgi?id=132933

        Reviewed by Darin Adler.

        Invalid layout is performed when calling containingBlockLogicalWidthForPositioned for a RenderTableSection object.

        Test: fast/multicol/newmulticol/table-section-crash.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::containingBlockLogicalWidthForPositioned):

2014-05-21  Simon Pena  <simon.pena@samsung.com>

        [EFL] Ensure EGLOffScreenContext::initialize calls platformMakeCurrent on the surface
        https://bugs.webkit.org/show_bug.cgi?id=124832

        Reviewed by Antonio Gomes.

        The original code was only calling platformMakeCurrent when the
        GL_EXT_robustness extension is supported: the alternate code path
        would only create a context, but it wouldn't make that context
        current. This patch ensures platformMakeCurrent is also called for
        the alternate code path, and, if it fails to make the context
        current, will destroy the context. Effectively, this makes both
        code paths behave in the same way.

        * platform/graphics/surfaces/egl/EGLContext.cpp:
        (WebCore::EGLOffScreenContext::initialize):

2014-05-20  Brent Fulgham  <bfulgham@apple.com>

        [Mac] DataCues do not work properly when rewinding video
        https://bugs.webkit.org/show_bug.cgi?id=133138
        <rdar://problem/16979086>

        Reviewed by Eric Carlson.

        Make the TrackPrivateBase responsible for knowing if a type of track needs a non-zero
        startTimeVariance value.

        Also, correct a bug in the equality test for DataCue objects.

        * html/track/DataCue.cpp:
        (WebCore::DataCue::isEqual): Handle the JSValue data types consistently, so that we don't attempt
        to compare a JSNull against a default JSValue object.
        * html/track/InbandTextTrack.cpp:
        (WebCore::InbandTextTrack::startTimeVariance): Added.
        * html/track/InbandTextTrack.h:
        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::hasCue): Use new startTimeVariance method location.
        * html/track/TextTrack.h:
        (WebCore::TextTrack::startTimeVariance): Added.
        * html/track/TextTrackCue.cpp:
        (WebCore::TextTrackCue::hasEquivalentStartTime): Use new startTimeVariance location.
        * html/track/TextTrackCue.h:
        (WebCore::TextTrackCue::startTimeVariance): Deleted.
        * html/track/TextTrackCueGeneric.h:
        * platform/graphics/TrackPrivateBase.h:
        (WebCore::TrackPrivateBase::startTimeVariance): Added.
        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.h:

2014-05-20  Mark Hahnenberg  <mhahnenberg@apple.com>

        Watchdog timer should be lazily allocated
        https://bugs.webkit.org/show_bug.cgi?id=133135

        Reviewed by Geoffrey Garen.

        No new tests.

        We incur a noticeable amount of overhead on some benchmarks due to checking if the Watchdog ever fired. 
        There is no reason to do this checking if we never activated the Watchdog, which can only be done through 
        JSContextGroupSetExecutionTimeLimit or JSContextGroupClearExecutionTimeLimit. 

        By allocating the Watchdog lazily on the VM we can avoid all of the associated overhead when we don't use 
        these two API functions (which is true of most clients).

        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::handleEvent):
        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::evaluate):
        (WebCore::WorkerScriptController::scheduleExecutionTermination):
        (WebCore::WorkerScriptController::isExecutionTerminating):

2014-05-20  Dean Jackson  <dino@apple.com>

        [Mac] Allow popup menus to override default appearance
        https://bugs.webkit.org/show_bug.cgi?id=133129

        Reviewed by Tim Horton.

        WebKitSystemInterface's WKPopupMenu has a flag to hide
        the arrows at the end of a popup-menu (e.g. <select>).
        Expose that via adding a hasDefaultAppearance flag to
        PopupMenuStyle, which then passes it on to WKSI.

        * platform/PopupMenuStyle.h:
        (WebCore::PopupMenuStyle::PopupMenuStyle): New flag in constructor.
        (WebCore::PopupMenuStyle::hasDefaultAppearance): New flag.
        * platform/mac/WebCoreSystemInterface.h: wkPopupMenu signature has changed to accept
        the new flag.
        * platform/mac/WebCoreSystemInterface.mm: Ditto.
        * rendering/RenderMenuList.cpp:
        (RenderMenuList::itemStyle): Pass in true as default appearance when creating
        the PopupMenuStyle. We don't need it.
        (RenderMenuList::menuStyle): In this case we pass in the negated value of
        style().hasAppearance(), which indicates if we are overriding the built-in drawing.
        * rendering/RenderSearchField.cpp:
        (WebCore::RenderSearchField::menuStyle): Use true as the default value.

2014-05-20  Eric Carlson  <eric.carlson@apple.com>

        [Mac] do not deactivate an audio session that has running I/O
        https://bugs.webkit.org/show_bug.cgi?id=133127

        Reviewed by Jer Noble.

        * page/Settings.h:
        (WebCore::Settings::setShouldManageAudioSessionCategory): Renamed from setShouldManageAudioSession.
        (WebCore::Settings::shouldManageAudioSessionCategory): Renamed from shouldManageAudioSession.
        (WebCore::Settings::setShouldManageAudioSession): Deleted.
        (WebCore::Settings::shouldManageAudioSession): Deleted.

        * platform/audio/mac/MediaSessionManagerMac.cpp:
        (MediaSessionManager::updateSessionState): Don't deactivate the session if there are any
            Video or Audio sessions.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::assetStatus): Drive-by change to log errors 
            returned by -statusOfValueForKey:error: in debug builds.

2014-05-20  Beth Dakin  <bdakin@apple.com>

        REGRESSION: All non-mainframe scrollbars don't paint after r169065
        https://bugs.webkit.org/show_bug.cgi?id=133132
        -and corresponding-
        <rdar://problem/16968850>

        Reviewed by Geoff Garen.

        We should not universally return true here. This feature will only work for 
        scrollbars with layers.
        * platform/ScrollableArea.h:
        * platform/Scrollbar.cpp:
        (WebCore::Scrollbar::supportsUpdateOnSecondaryThread):

2014-05-20  Daniel Bates  <dabates@apple.com>

        Element within flattened frame may update its scroll state during the layout phase of the wrong RenderView
        https://bugs.webkit.org/show_bug.cgi?id=133013
        <rdar://problem/16760154>

        Reviewed by David Hyatt.

        Fixes an issue where the scroll state of an element may be updated during the layout of the wrong
        RenderView. In particular, the scroll state of an element inside a CSS flex box in a flattened
        frame f is updated during the layout of the RenderView associated with the parent frame of f instead
        of during the layout of the RenderView associated with f.

        The layout machinery assumes that the scroll state of each scrollable element is updated before the
        completion of layout for its associated RenderView. Currently we have logic to defer updating the scroll
        state of a scrollable element until completion of recursive layout. For a page with a flattened frame, we
        defer such updates until completion of layout for all RenderViews along the ancestor frame hierarchy of
        each flattened frame regardless of the RenderView associated with the element that originated the
        deferred scroll state request. Instead, only the RenderView associated with the element that deferred its
        scroll state update should dispatch the scroll state update.

        Tests: fast/frames/flattening/scrollable-flexbox-inside-iframe-with-zero-height-and-needs-full-repaint-crash.html
               fast/frames/flattening/scrollable-flexbox-inside-iframe-with-zero-height-assertion-failure.html

        * rendering/RenderBlock.cpp: Removed WTF::-prefix in typedef definition for ContinuationOutlineTableMap.
        (WebCore::UpdateScrollInfoAfterLayoutTransaction::UpdateScrollInfoAfterLayoutTransaction): Added; a struct
        that represents a RenderView v, nested transaction count, and a list of RenderBlocks in v that will need
        to have their scroll state updated.
        (WebCore::updateScrollInfoAfterLayoutTransactionStack): Added; returns the global stack of transactions.
        (WebCore::RenderBlock::willBeDestroyed): Call removeFromUpdateScrollInfoAfterLayoutTransaction(), which
        was formerly named as removeFromDelayedUpdateScrollInfoSet.
        (WebCore::currentUpdateScrollInfoAfterLayoutTransaction): Added; returns the top-most transaction in the
        global stack.
        (WebCore::RenderBlock::beginUpdateScrollInfoAfterLayoutTransaction): Modified as appropriate to make use
        of the global stack of transactions; formerly named startDelayUpdateScrollInfo.
        (WebCore::RenderBlock::endAndCommitUpdateScrollInfoAfterLayoutTransaction): Modified as appropriate to
        make use of the global stack of transactions; formerly named finishDelayUpdateScrollInfo.
        (WebCore::RenderBlock::removeFromUpdateScrollInfoAfterLayoutTransaction): Modified as appropriate to make
        use of the global stack of transactions; formerly named removeFromDelayedUpdateScrollInfoSet.
        (WebCore::RenderBlock::updateScrollInfoAfterLayout): Modified as appropriate to make use of the global
        stack of transactions.
        (WebCore::RenderBlock::layout): Ditto.
        (WebCore::RenderBlock::startDelayUpdateScrollInfo): Deleted.
        (WebCore::RenderBlock::finishDelayUpdateScrollInfo): Deleted.
        (WebCore::RenderBlock::removeFromDelayedUpdateScrollInfoSet): Deleted.
        * rendering/RenderBlock.h:
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::willBeDestroyed): Call removeFromUpdateScrollInfoAfterLayoutTransaction(), which
        was formerly named removeFromDelayedUpdateScrollInfoSet.
        * rendering/RenderDeprecatedFlexibleBox.cpp:
        (WebCore::RenderDeprecatedFlexibleBox::layoutHorizontalBox): Call {begin, end}UpdateScrollInfoAfterLayoutTransaction(),
        which was formerly named {start, end}DelayUpdateScrollInfo.
        (WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox): Ditto.
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::layoutBlock): Ditto.

2014-05-20  Beth Dakin  <bdakin@apple.com>

        REGRESSION (r169065): Mountain Lion run-api-tests failures: ASSERTION FAILED: 
        Uncaught exception - -[NSRegularLegacyScrollerImp setPresentationValue:]: 
        unrecognized selector sent to instance 0x7ff51aa38000
        https://bugs.webkit.org/show_bug.cgi?id=133121

        Reviewed by Tim Horton.

        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::ScrollbarThemeMac::setPaintCharacteristicsForScrollbar):

2014-05-19  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (r169063) Fixed and sticky nodes misplaced on scrolling sometimes
        https://bugs.webkit.org/show_bug.cgi?id=133106
        <rdar://problem/16967648>

        Reviewed by Sam Weinig.

        Fix regression from r169063. That commit removed scrolledContentsLayers from 
        frame scrolling nodes, but they do actually use them.
        
        So put them back; not in the base class, because they have a somewhat different
        meaning for overflow scrolling and frame scrolling.

        * WebCore.exp.in:
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewRootLayerDidChange):
        (WebCore::AsyncScrollingCoordinator::updateFrameScrollingNode):
        * page/scrolling/AsyncScrollingCoordinator.h:
        * page/scrolling/ScrollingCoordinator.h:
        (WebCore::ScrollingCoordinator::updateFrameScrollingNode):
        * page/scrolling/ScrollingStateFrameScrollingNode.cpp:
        (WebCore::ScrollingStateFrameScrollingNode::ScrollingStateFrameScrollingNode):
        (WebCore::ScrollingStateFrameScrollingNode::setScrolledContentsLayer):
        * page/scrolling/ScrollingStateFrameScrollingNode.h:
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):

2014-05-20  Radu Stavila  <stavila@adobe.com>

        REGRESSION: [CSS Regions] Content flowed directly into the flow thread that ends up in the second region is not properly repainted
        https://bugs.webkit.org/show_bug.cgi?id=133111

        Reviewed by David Hyatt.

        When computing the repaint rect of an element flowed into a flow thread, if the element is flowed directly into
        the flow thread (meaning its containing block is the flow thread itself), the region's position within the flow
        must no longer be taken into consideration, because its already included in the element's |topLeft|.

        Test: fast/regions/hover-element-flowed-second-region.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeRectForRepaint):

2014-05-20  Alex Christensen  <achristensen@webkit.org>

        Fix web timing assertion failure.
        https://bugs.webkit.org/show_bug.cgi?id=133094
        <rdar://problem/16966032>

        Reviewed by Alexey Proskuryakov.

        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::getConnectionTimingData):
        Set requestStart and responseStart to 0 instead of -1 to match the 
        ResourceLoadTiming constructor and prevent the assertion failure in
        PerformanceTiming::responseStart.

2014-05-20  Prashant Hiremath  <hiremathprashants@gmail.com>

        Only set title on SVG documents
        https://bugs.webkit.org/show_bug.cgi?id=133068

        Reviewed by Dirk Schulze.

        Test: svg/custom/html_document_set_title.html

        * svg/SVGTitleElement.cpp:
        (WebCore::SVGTitleElement::insertedInto):
        (WebCore::SVGTitleElement::removedFrom):
        (WebCore::SVGTitleElement::childrenChanged):

2014-05-20  peavo@outlook.com  <peavo@outlook.com>

        [Curl] Invalid content in cache file, causes broken rendering.
        https://bugs.webkit.org/show_bug.cgi?id=133069

        Reviewed by Brent Fulgham.

        When data for a url is received as multiple parts, the cache file for the url is truncated when opened for writing,
        and will only contain the last part of data received.
        This is fixed by only opening the file once, and close it after all data has been received.

        * platform/network/curl/CurlCacheEntry.cpp:
        (WebCore::CurlCacheEntry::CurlCacheEntry): Initialize cache file handle member.
        (WebCore::CurlCacheEntry::~CurlCacheEntry): Close cache file.
        (WebCore::CurlCacheEntry::saveCachedData): Only open cache file once to avoid truncating.
        (WebCore::CurlCacheEntry::didFail): Close cache file.
        (WebCore::CurlCacheEntry::didFinishLoading): Ditto.
        (WebCore::CurlCacheEntry::openContentFile): Added method to open cache file.
        (WebCore::CurlCacheEntry::closeContentFile): Added method to close cache file.
        * platform/network/curl/CurlCacheEntry.h: Added file handle member, and methods to open and close cache file.

2014-05-20  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Block incorrectly sized when containing an unsplittable box
        https://bugs.webkit.org/show_bug.cgi?id=132601

        Reviewed by Antti Koivisto.

        When laying out elements in a region, when an inline element is encountered
        the size of its parent must not be increased beyond the bottom of the current region,
        unless if its the last region. This will ensure that the next sibling of the
        inline element is correctly laid out at the top of the next region, instead
        of leaving an empty space equal to the height of the overflow, as it did until now.

        Tests: fast/regions/inline-block-inside-anonymous-overflow.html
               fast/regions/inline-block-overflow.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::adjustLinePositionForPagination):
        (WebCore::RenderBlockFlow::hasNextPage):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
        (WebCore::RenderBlockFlow::linkToEndLineIfNeeded):
        (WebCore::RenderBlockFlow::determineStartPosition):
        (WebCore::RenderBlockFlow::checkPaginationAndFloatsAtEndLine):

2014-05-20  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSS Regions] Crash while painting block selection gaps in regions
        https://bugs.webkit.org/show_bug.cgi?id=132720

        Reviewed by David Hyatt.

        The fix for WebKit bug https://bugs.webkit.org/show_bug.cgi?id=131511
        allowed selection highlight to match the DOM selection when the start
        and end point of the selection were in different flow threads. In order
        to enable that, the selection was performed separately on view and
        render flow threads, considered selection subtrees.

        However, the start and end points for each selection subtree were computed
        by means of Range class but it is not always possible to construct a valid
        Range from two pairs of RenderObjects and offsets.

        This patch keeps the substrees approach but instead of storing the endpoints
        for each subtree in a Range and continuously extending the Range, it stores them
        using the already available SelectionSubtreeRoot class. After the end points are
        computed for each subtree and before processing the subtree selection, the end points
        are adjusted in a similar fashion as the one used in FrameSelection::updateAppearance(),
        to make sure we are passing the same expected information to the method implementing
        the visible selection processing.

        Test: fast/regions/selection-gaps-paint-crash.html

        * rendering/RenderView.cpp:
        (WebCore::RenderView::splitSelectionBetweenSubtrees):
        * rendering/SelectionSubtreeRoot.cpp:
        (WebCore::SelectionSubtreeRoot::adjustForVisibleSelection):
        * rendering/SelectionSubtreeRoot.h:
        (WebCore::SelectionSubtreeRoot::selectionClear):

2014-05-19  Simon Fraser  <simon.fraser@apple.com>

        Scrolling pages with large TiledBacking content layers creates way too many tiles
        https://bugs.webkit.org/show_bug.cgi?id=133101

        Reviewed by Tim Horton.

        Fix the GraphicsLayerCA::adjustTiledLayerVisibleRect() logic to avoid making giant rects if the old
        and new visible rects don't overlap.

        * platform/graphics/TiledBacking.h:
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::adjustTiledLayerVisibleRect):
        * platform/graphics/ca/mac/TileController.h:

2014-05-19  Simon Fraser  <simon.fraser@apple.com>

        Correctly maintain the "isInWindow" state for all TiledBackings
        https://bugs.webkit.org/show_bug.cgi?id=133095

        Reviewed by Tim Horton.
        
        We never updated the "isInWindow" state for TiledBacking that wasn't the RenderView's
        backing. Fix it by having RenderLayerCompositor::setIsInWindow() recurse through all
        layers (if necessary), updating their state. Also set the state on newly created
        TiledBackings.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::layerTiledBackingUsageChanged):
        (WebCore::RenderLayerCompositor::setIsInWindowForLayerIncludingDescendants):
        (WebCore::RenderLayerCompositor::setIsInWindow):
        (WebCore::RenderLayerCompositor::pageTiledBacking): Deleted.
        * rendering/RenderLayerCompositor.h:

2014-05-19  Dean Jackson  <dino@apple.com>

        [iOS] Use status display for live streams
        https://bugs.webkit.org/show_bug.cgi?id=133097

        Reviewed by Sam Weinig.

        Follow-on from https://bugs.webkit.org/show_bug.cgi?id=131390
        Allow the iOS controls to use the status display field.

        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.configureInlineControls): Live streams should
        not have a timeline or rewind button.

2014-05-19  Myles C. Maxfield  <litherum@gmail.com>

        Text decorations do not contribute to visual overflow
        https://bugs.webkit.org/show_bug.cgi?id=132773

        Reviewed by Antti Koivisto.

        This patch creates a function, visualOverflowForDecorations, which computes
        how much visual overflow to add around a text box due to text decorations. Most of the time,
        text decorations are fully contained within the text box, so the result is usually 0.

        This function exists within style/InlineTextBoxStyle.cpp, which is an added file. This is
        so that it can be called from setLogicalWidthForTextRun() inside RenderBlockLineLayout.cpp
        and from RenderStyle::changeAffectsVisualOverflow(). The former case passes in the full
        InlineTextBox and the latter case just passes in a RenderStyle (because the InlineTextBox
        is unavailable.)

        This patch also modifies RenderTableSection::spannedColumns() to fix an off-by-one error
        that was causing table borders to not be drawn when they existed right on the edge of
        a repaint rect.

        Tests: fast/css3-text/css3-text-decoration/repaint/underline-outside-of-layout-rect.html
        Tests: fast/repaint/border-collapse-table-off-by-one-expected.html

        * WebCore.vcxproj/WebCore.vcxproj: Adding reference to new InlineTextBoxStyle.cpp file
        * WebCore.vcxproj/WebCore.vcxproj.filters: Adding reference to new InlineTextBoxStyle files
        * WebCore.xcodeproj/project.pbxproj: Adding reference to new InlineTextBoxStyle files
        * rendering/InlineTextBox.cpp:
        (WebCore::computeUnderlineOffset): Moved to InlineTextBox.cpp
        (WebCore::getWavyStrokeParameters): Moved to InlineTextBox.cpp
        (WebCore::InlineTextBox::paintDecoration): Update to use newly refactored functions
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::setLogicalWidthForTextRun): Call visualOverflowForDecorations()
        * rendering/RenderTableSection.cpp:
        * rendering/RenderTableSelection.cpp: Fix off-by-one error when the boundary of a repaint
        rect lies exactly on top of a table column position
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeAffectsVisualOverflow): Inspects shadows and text decorations
        (WebCore::RenderStyle::changeRequiresLayout): Calls changeAffectsVisualOverflow()
        (WebCore::RenderStyle::changeRequiresRepaintIfTextOrBorderOrOutline): Moved code from here
        to changeAffectsVisualOverflow().
        * rendering/style/RenderStyle.h: Function signature
        * style/InlineTextBoxStyle.cpp: Added.
        (WebCore::computeUnderlineOffset): Moved from InlineTextBox.cpp
        (WebCore::getWavyStrokeParameters): Moved from InlineTextBox.cpp
        (WebCore::extendIntToFloat): Convenience function for dealing with the fact that
        underline bounding boxes use floats and GlyphOverflow uses ints
        (WebCore::visualOverflowForDecorations): Given
        vertical overflow bounds, possibly extend those to include location of
        decorations.
        * style/InlineTextBoxStyle.h: Added. Function signatures.
        (WebCore::textDecorationStrokeThickness): Refactored from InlineTextBox.cpp
        (WebCore::wavyOffsetFromDecoration): Refactored from InlineTextBox.cpp
        * platform/graphics/Font.h:
        (WebCore::GlyphOverflow::isEmpty): Convenience function
        (WebCore::GlyphOverflow::extendTo): Convenience function

2014-05-19  Alex Christensen  <achristensen@webkit.org>

        Unreviewed build fix after r169082

        * platform/network/ResourceHandle.h:
        Added NSDictionary declaration.

2014-05-19  Beth Dakin  <bdakin@apple.com>

        REGRESSION: Standalone images need to take topContentInset into account
        https://bugs.webkit.org/show_bug.cgi?id=133092
        -and corresponding-
        <rdar://problem/16945791>

        Reviewed by Darin Adler.

        The FrameView’s size is accurate in terms of the NSWindow size, but that is not 
        really what the ImageDocument code is looking for here. The ImageDocument wants to 
        know the size of the unobscured viewport area. We should use visibleSize() for 
        that.
        * html/ImageDocument.cpp:
        (WebCore::ImageDocument::scale):
        (WebCore::ImageDocument::imageFitsInWindow):
        (WebCore::ImageDocument::imageClicked):

2014-05-19  Alex Christensen  <achristensen@webkit.org>

        Collect web timing data on iOS.
        https://bugs.webkit.org/show_bug.cgi?id=133075

        Reviewed by Sam Weinig.

        * platform/network/ResourceHandle.h:
        Added setCollectsTimingData wrapper and getConnectionTimingData declarations.
        getConnectionTimingData with a dictionary parameter is a private helper function.
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::start):
        Call setCollectsTimingData wrapper when creating a connection to ensure that timing data is collected.
        * platform/network/cf/ResourceHandleCFURLConnectionDelegate.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegate::didReceiveResponseCallback):
        * platform/network/cf/ResourceHandleCFURLConnectionDelegate.h:
        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.h:
        * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp:
        (WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveResponse):
        * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.h:
        Pass the CFURLConnectionRef to didReceiveResponse to get timing data from.
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::getConnectionTimingData):
        Moved from getTimingData to compile regardless of using CFNetwork and added wrapper with CFDictionaryRef.
        (WebCore::ResourceHandle::setCollectsTimingData):
        Added wrapper to call objc function from c++.
        (WebCore::ResourceHandle::getTimingData):
        Renamed to getConnectionTimingData.
        * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
        (-[WebCoreResourceHandleAsDelegate connection:didReceiveResponse:]):
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
        Updated function name from getTimingData to getConnectionTimingData.

2014-05-19  Chris Fleizach  <cfleizach@apple.com>

        AX: VoiceOver sees the WebArea out of order when topContentInset is used
        https://bugs.webkit.org/show_bug.cgi?id=133091

        Reviewed by Simon Fraser.

        Modify the scroll view's frame so that it recognizes the content inset.
        This is needed so that when VoiceOver sorts elements to create an ordering,
        the web area is not ordered at the top of the screen.

        Test: platform/mac-wk2/accessibility/content-inset-scrollview-frame.html

        * accessibility/AccessibilityScrollView.cpp:
        (WebCore::AccessibilityScrollView::elementRect):

2014-05-19  Beth Dakin  <bdakin@apple.com>

        Scrollbars display incorrectly after switching between fast and slow scrolling 
        mode, affects Find and real sites
        https://bugs.webkit.org/show_bug.cgi?id=133077
        -and corresponding-
        <rdar://problem/16888608>

        Reviewed by Tim Horton.

        We should always return true here when updating on the secondary thread is 
        supported. It does not need to be gated on whether we are actively taking 
        advantage of that support at this moment.
        * platform/Scrollbar.cpp:
        (WebCore::Scrollbar::supportsUpdateOnSecondaryThread):

        Always update the presentationValue whenever we update the doubleValue just to 
        keep them in sync.
        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::ScrollbarThemeMac::setPaintCharacteristicsForScrollbar):

2014-05-19  Simon Fraser  <simon.fraser@apple.com>

        Split scrolling tree ScrollingNodes into FrameScrollingNodes and OverflowScrollingNodes
        https://bugs.webkit.org/show_bug.cgi?id=133022

        Reviewed by Sam Weinig.

        In both the scrolling state tree and the scrolling tree, split the "scrolling nodes"
        into FrameScrolling and OverflowScrolling nodes.
        
        Move what was the "viewportSize" property onto the base class for the scrolling
        nodes, calling it "scrollableAreaSize".
        
        Make minimum/maximumScrollPosition() virtual so we can share more code (and there
        is more code sharing to be done in future).

        * Configurations/WebCore.xcconfig: Remove ScrollingStateScrollingNodeMac.mm and ScrollingTreeScrollingNodeMac.mm
        from the list, using #ifdefs in the file instead.
        * WebCore.exp.in: Lots of exports.
        * WebCore.xcodeproj/project.pbxproj: New files.
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):
        (WebCore::AsyncScrollingCoordinator::frameViewRootLayerDidChange):
        (WebCore::AsyncScrollingCoordinator::updateFrameScrollingNode):
        (WebCore::AsyncScrollingCoordinator::updateOverflowScrollingNode):
        (WebCore::AsyncScrollingCoordinator::recomputeWheelEventHandlerCountForFrameView):
        (WebCore::AsyncScrollingCoordinator::updateScrollingNode): Deleted.
        (WebCore::AsyncScrollingCoordinator::setScrollbarPaintersFromScrollbarsForNode): Deleted.
        This tiny function didn't need to exist.
        * page/scrolling/AsyncScrollingCoordinator.h:
        * page/scrolling/ScrollingCoordinator.h:
        (WebCore::ScrollingCoordinator::updateFrameScrollingNode):
        (WebCore::ScrollingCoordinator::updateOverflowScrollingNode):
        (WebCore::ScrollingCoordinator::updateScrollingNode): Deleted.
        * page/scrolling/ScrollingStateFrameScrollingNode.cpp: Copied from Source/WebCore/page/scrolling/ScrollingStateScrollingNode.cpp.
        (WebCore::ScrollingStateFrameScrollingNode::create):
        (WebCore::ScrollingStateFrameScrollingNode::ScrollingStateFrameScrollingNode):
        (WebCore::ScrollingStateFrameScrollingNode::~ScrollingStateFrameScrollingNode):
        (WebCore::ScrollingStateFrameScrollingNode::clone):
        (WebCore::ScrollingStateFrameScrollingNode::setFrameScaleFactor):
        (WebCore::ScrollingStateFrameScrollingNode::setNonFastScrollableRegion):
        (WebCore::ScrollingStateFrameScrollingNode::setWheelEventHandlerCount):
        (WebCore::ScrollingStateFrameScrollingNode::setSynchronousScrollingReasons):
        (WebCore::ScrollingStateFrameScrollingNode::setScrollBehaviorForFixedElements):
        (WebCore::ScrollingStateFrameScrollingNode::setHeaderHeight):
        (WebCore::ScrollingStateFrameScrollingNode::setFooterHeight):
        (WebCore::ScrollingStateFrameScrollingNode::setTopContentInset):
        (WebCore::ScrollingStateFrameScrollingNode::setCounterScrollingLayer):
        (WebCore::ScrollingStateFrameScrollingNode::setInsetClipLayer):
        (WebCore::ScrollingStateFrameScrollingNode::setContentShadowLayer):
        (WebCore::ScrollingStateFrameScrollingNode::setHeaderLayer):
        (WebCore::ScrollingStateFrameScrollingNode::setFooterLayer):
        (WebCore::ScrollingStateFrameScrollingNode::setScrollbarPaintersFromScrollbars):
        (WebCore::ScrollingStateFrameScrollingNode::dumpProperties):
        * page/scrolling/ScrollingStateFrameScrollingNode.h: Copied from Source/WebCore/page/scrolling/ScrollingStateScrollingNode.h.
        * page/scrolling/ScrollingStateNode.h:
        (WebCore::LayerRepresentation::layerID):
        (WebCore::ScrollingStateNode::isFrameScrollingNode):
        (WebCore::ScrollingStateNode::isOverflowScrollingNode):
        * page/scrolling/ScrollingStateOverflowScrollingNode.cpp: Added.
        (WebCore::ScrollingStateOverflowScrollingNode::create):
        (WebCore::ScrollingStateOverflowScrollingNode::ScrollingStateOverflowScrollingNode):
        (WebCore::ScrollingStateOverflowScrollingNode::~ScrollingStateOverflowScrollingNode):
        (WebCore::ScrollingStateOverflowScrollingNode::clone):
        (WebCore::ScrollingStateOverflowScrollingNode::setScrolledContentsLayer):
        (WebCore::ScrollingStateOverflowScrollingNode::dumpProperties):
        * page/scrolling/ScrollingStateOverflowScrollingNode.h: Copied from Source/WebCore/page/scrolling/mac/ScrollingStateScrollingNodeMac.mm.
        (WebCore::ScrollingStateOverflowScrollingNode::scrolledContentsLayer):
        * page/scrolling/ScrollingStateScrollingNode.cpp:
        (WebCore::ScrollingStateScrollingNode::ScrollingStateScrollingNode):
        (WebCore::ScrollingStateScrollingNode::setScrollableAreaSize):
        (WebCore::ScrollingStateScrollingNode::setTotalContentsSize):
        (WebCore::ScrollingStateScrollingNode::dumpProperties):
        (WebCore::ScrollingStateScrollingNode::create): Deleted.
        (WebCore::ScrollingStateScrollingNode::clone): Deleted.
        (WebCore::ScrollingStateScrollingNode::setViewportSize): Deleted.
        (WebCore::ScrollingStateScrollingNode::setFrameScaleFactor): Deleted.
        (WebCore::ScrollingStateScrollingNode::setNonFastScrollableRegion): Deleted.
        (WebCore::ScrollingStateScrollingNode::setWheelEventHandlerCount): Deleted.
        (WebCore::ScrollingStateScrollingNode::setSynchronousScrollingReasons): Deleted.
        (WebCore::ScrollingStateScrollingNode::setScrollBehaviorForFixedElements): Deleted.
        (WebCore::ScrollingStateScrollingNode::setHeaderHeight): Deleted.
        (WebCore::ScrollingStateScrollingNode::setFooterHeight): Deleted.
        (WebCore::ScrollingStateScrollingNode::setTopContentInset): Deleted.
        (WebCore::ScrollingStateScrollingNode::setScrolledContentsLayer): Deleted.
        (WebCore::ScrollingStateScrollingNode::setCounterScrollingLayer): Deleted.
        (WebCore::ScrollingStateScrollingNode::setInsetClipLayer): Deleted.
        (WebCore::ScrollingStateScrollingNode::setContentShadowLayer): Deleted.
        (WebCore::ScrollingStateScrollingNode::setHeaderLayer): Deleted.
        (WebCore::ScrollingStateScrollingNode::setFooterLayer): Deleted.
        (WebCore::ScrollingStateScrollingNode::setScrollbarPaintersFromScrollbars): Deleted.
        * page/scrolling/ScrollingStateScrollingNode.h:
        (WebCore::ScrollingStateScrollingNode::scrollableAreaSize):
        (WebCore::ScrollingStateScrollingNode::totalContentsSize):
        * page/scrolling/ScrollingStateTree.cpp:
        (WebCore::ScrollingStateTree::attachNode):
        (WebCore::ScrollingStateTree::commit):
        * page/scrolling/ScrollingStateTree.h:
        (WebCore::ScrollingStateTree::rootStateNode):
        (WebCore::ScrollingStateTree::setRootStateNode):
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::commitNewTreeState):
        * page/scrolling/ScrollingTreeFrameScrollingNode.cpp: Added.
        (WebCore::ScrollingTreeFrameScrollingNode::ScrollingTreeFrameScrollingNode):
        (WebCore::ScrollingTreeFrameScrollingNode::~ScrollingTreeFrameScrollingNode):
        (WebCore::ScrollingTreeFrameScrollingNode::updateBeforeChildren):
        * page/scrolling/ScrollingTreeFrameScrollingNode.h: Copied from Source/WebCore/page/scrolling/ScrollingTreeScrollingNode.h.
        (WebCore::ScrollingTreeFrameScrollingNode::updateLayersAfterDelegatedScroll):
        (WebCore::ScrollingTreeFrameScrollingNode::synchronousScrollingReasons):
        (WebCore::ScrollingTreeFrameScrollingNode::shouldUpdateScrollLayerPositionSynchronously):
        (WebCore::ScrollingTreeFrameScrollingNode::frameScaleFactor):
        (WebCore::ScrollingTreeFrameScrollingNode::headerHeight):
        (WebCore::ScrollingTreeFrameScrollingNode::footerHeight):
        (WebCore::ScrollingTreeFrameScrollingNode::topContentInset):
        (WebCore::ScrollingTreeFrameScrollingNode::scrollBehaviorForFixedElements):
        * page/scrolling/ScrollingTreeNode.h:
        (WebCore::ScrollingTreeNode::isFrameScrollingNode):
        (WebCore::ScrollingTreeNode::isOverflowScrollingNode):
        * page/scrolling/ScrollingTreeOverflowScrollingNode.cpp: Copied from Source/WebKit2/UIProcess/Scrolling/ios/ScrollingTreeOverflowScrollingNodeIOS.h.
        (WebCore::ScrollingTreeOverflowScrollingNode::ScrollingTreeOverflowScrollingNode):
        (WebCore::ScrollingTreeOverflowScrollingNode::~ScrollingTreeOverflowScrollingNode):
        * page/scrolling/ScrollingTreeOverflowScrollingNode.h: Copied from Source/WebKit2/UIProcess/Scrolling/ios/ScrollingTreeOverflowScrollingNodeIOS.h.
        * page/scrolling/ScrollingTreeScrollingNode.cpp:
        (WebCore::ScrollingTreeScrollingNode::ScrollingTreeScrollingNode):
        (WebCore::ScrollingTreeScrollingNode::updateBeforeChildren):
        (WebCore::ScrollingTreeScrollingNode::updateAfterChildren):
        (WebCore::ScrollingTreeScrollingNode::setScrollPosition):
        (WebCore::ScrollingTreeScrollingNode::setScrollPositionWithoutContentEdgeConstraints):
        (WebCore::ScrollingTreeScrollingNode::minimumScrollPosition):
        (WebCore::ScrollingTreeScrollingNode::maximumScrollPosition):
        * page/scrolling/ScrollingTreeScrollingNode.h:
        (WebCore::ScrollingTreeScrollingNode::scrollableAreaSize):
        (WebCore::ScrollingTreeScrollingNode::totalContentsSize):
        (WebCore::ScrollingTreeScrollingNode::totalContentsSizeForRubberBand):
        (WebCore::ScrollingTreeScrollingNode::setTotalContentsSizeForRubberBand):
        (WebCore::ScrollingTreeScrollingNode::synchronousScrollingReasons): Deleted.
        (WebCore::ScrollingTreeScrollingNode::shouldUpdateScrollLayerPositionSynchronously): Deleted.
        (WebCore::ScrollingTreeScrollingNode::viewportSize): Deleted.
        (WebCore::ScrollingTreeScrollingNode::frameScaleFactor): Deleted.
        (WebCore::ScrollingTreeScrollingNode::headerHeight): Deleted.
        (WebCore::ScrollingTreeScrollingNode::footerHeight): Deleted.
        (WebCore::ScrollingTreeScrollingNode::scrollBehaviorForFixedElements): Deleted.
        (WebCore::ScrollingTreeScrollingNode::topContentInset): Deleted.
        * page/scrolling/ios/ScrollingCoordinatorIOS.mm:
        (WebCore::ScrollingCoordinatorIOS::createScrollingTreeNode):
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.h: Renamed from Source/WebCore/page/scrolling/ios/ScrollingTreeScrollingNodeIOS.h.
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::scrollLayer):
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.mm: Renamed from Source/WebCore/page/scrolling/ios/ScrollingTreeScrollingNodeIOS.mm.
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::create):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::ScrollingTreeFrameScrollingNodeIOS):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::~ScrollingTreeFrameScrollingNodeIOS):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::updateBeforeChildren):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::updateAfterChildren):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::scrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::setScrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::setScrollPositionWithoutContentEdgeConstraints):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::setScrollLayerPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::updateLayersAfterViewportChange):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::updateLayersAfterDelegatedScroll):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::updateChildNodesAfterScroll):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::minimumScrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::maximumScrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::scrollBy):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::scrollByWithoutContentEdgeConstraints):
        * page/scrolling/mac/ScrollingCoordinatorMac.mm:
        (WebCore::ScrollingCoordinatorMac::createScrollingTreeNode):
        * page/scrolling/mac/ScrollingStateFrameScrollingNodeMac.mm: Renamed from Source/WebCore/page/scrolling/mac/ScrollingStateScrollingNodeMac.mm.
        (WebCore::ScrollingStateFrameScrollingNode::setScrollbarPaintersFromScrollbars):
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h: Renamed from Source/WebCore/page/scrolling/mac/ScrollingTreeScrollingNodeMac.h.
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm: Renamed from Source/WebCore/page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm.
        (WebCore::ScrollingTreeFrameScrollingNodeMac::create):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::ScrollingTreeFrameScrollingNodeMac):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::updateAfterChildren):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::handleWheelEvent):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::allowsHorizontalStretching):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::allowsVerticalStretching):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::stretchAmount):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::pinnedInDirection):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::canScrollHorizontally):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::canScrollVertically):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::shouldRubberBandInDirection):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::absoluteScrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::immediateScrollBy):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::immediateScrollByWithoutContentEdgeConstraints):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::startSnapRubberbandTimer):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::stopSnapRubberbandTimer):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::adjustScrollPositionToBoundsIfNecessary):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::scrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollPositionWithoutContentEdgeConstraints):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollLayerPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::updateLayersAfterViewportChange):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::minimumScrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::maximumScrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::scrollBy):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::scrollByWithoutContentEdgeConstraints):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::updateMainFramePinState):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::logExposedUnfilledArea):
        (WebCore::logThreadedScrollingMode):
        (WebCore::logWheelEventHandlerCountChanged):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):

2014-05-19  Simon Fraser  <simon.fraser@apple.com>

        Images missing sometimes with composited clipping layers
        https://bugs.webkit.org/show_bug.cgi?id=133065
        <rdar://problem/15224559>

        Reviewed by Beth Dakin.
        
        When support for solid colors on layers was added, a layer was considered a candidate
        for the solid color optimization without regard to whether it had descendent layers
        with "paintsIntoCompositedAncestor" requirements.
        
        Fix hasVisibleNonCompositingDescendantLayers(), renaming it to isPaintDestinationForDescendentLayers()
        and having it take into account whether descendent layers need to paint into an
        ancestor.
        
        Also, this test has to happen after those descendent layers have had their
        compositing state updated, so move the isSimpleContainerCompositingLayer() to
        a new updateAfterDescendents() function which is called from the various
        places we do compositing-udpate-tree-walks.

        Test: compositing/backing/solid-color-with-paints-into-ancestor.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGeometry):
        (WebCore::RenderLayerBacking::updateAfterDescendents):
        (WebCore::RenderLayerBacking::paintsChildren):
        (WebCore::compositedWithOwnBackingStore):
        (WebCore::descendentLayerPaintsIntoAncestor):
        (WebCore::RenderLayerBacking::isPaintDestinationForDescendentLayers):
        (WebCore::hasVisibleNonCompositingDescendant): Deleted.
        (WebCore::RenderLayerBacking::hasVisibleNonCompositingDescendantLayers): Deleted.
        * rendering/RenderLayerBacking.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
        (WebCore::RenderLayerCompositor::updateLayerTreeGeometry):
        (WebCore::RenderLayerCompositor::updateCompositingDescendantGeometry):

2014-05-19  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r133351, sub-pixel layout): Right-to-left block with text-overflow: ellipsis truncates prematurely (breaks facebook.com Hebrew UI)
        https://bugs.webkit.org/show_bug.cgi?id=112227

        Reviewed by Maciej Stachowiak.

        This patch removes unnecessary integral snapping of inlines at layout time.

        The general rule of thumb of using round/floor/ceil at layout time is to not use them.
 
        When some computed values (x, y, width, height) get snapped during layout, while others don't,
        intersecting/measuring mismatches could occur and they could end up producing visual artifacts such as truncations.
        This patch also enables iframe content to be positioned on odd device pixel positions on retina displays.
        
        Tests: fast/frames/hidpi-position-iframe-on-device-pixel.html
               fast/inline/hidpi-rtl-text-does-not-fit-line-and-gets-cut-off.html

        * rendering/RenderBlock.h:
        (WebCore::RenderBlock::logicalLeftOffsetForLine):
        (WebCore::RenderBlock::pixelSnappedLogicalLeftOffsetForLine): Deleted.
        (WebCore::RenderBlock::pixelSnappedLogicalRightOffsetForLine): Deleted.
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::updateLogicalInlinePositions):
        (WebCore::RenderBlockFlow::deleteEllipsisLineBoxes):
        (WebCore::RenderBlockFlow::checkLinesForTextOverflow):

2014-05-18  Chris Fleizach  <cfleizach@apple.com>

        AX: iOS: using AXAttributeCacheEnabler is too slow for every accessibilityElementAtIndex:
        https://bugs.webkit.org/show_bug.cgi?id=133043

        Reviewed by Mario Sanchez Prada.

        iOS Accessibility code tries to improve performance by caching attributes when accessing
        elements through the platform API. However, those API calls can be used very frequently when 
        iterating elements. Creating the AXAttributeCacheEnabler object and tearing it down is proving
        to be the hottest code path in samples for accessibility access.

        We need to move the logic for enabling/disabling the attribute cache to a level that can make
        a more informed decision about when to enable/disable.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper enableAttributeCaching]):
        (-[WebAccessibilityObjectWrapper disableAttributeCaching]):
        (-[WebAccessibilityObjectWrapper accessibilityElementCount]):
        (-[WebAccessibilityObjectWrapper accessibilityElementAtIndex:]):
        (-[WebAccessibilityObjectWrapper indexOfAccessibilityElement:]):

2014-05-18  Simon Fraser  <simon.fraser@apple.com>

        Use RenderStyle& in more places in RenderLayerBacking
        https://bugs.webkit.org/show_bug.cgi?id=133061

        Reviewed by Andreas Kling.

        Convert several member functions to use references to RenderStyle rather
        than pointers. Move canCreateTiledImage() higher in the file (no code
        changes). Other minor cleanup.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer):
        (WebCore::RenderLayerBacking::updateOpacity):
        (WebCore::RenderLayerBacking::updateTransform):
        (WebCore::RenderLayerBacking::updateFilters):
        (WebCore::RenderLayerBacking::updateBlendMode):
        (WebCore::RenderLayerBacking::updateGeometry):
        (WebCore::hasBoxDecorations):
        (WebCore::canCreateTiledImage):
        (WebCore::hasBoxDecorationsOrBackgroundImage):
        (WebCore::hasPerspectiveOrPreserves3D):
        (WebCore::supportsDirectBoxDecorationsComposition):
        (WebCore::RenderLayerBacking::isSimpleContainerCompositingLayer):
        (WebCore::RenderLayerBacking::contentChanged):
        (WebCore::RenderLayerBacking::startTransition):
        * rendering/RenderLayerBacking.h:

2014-05-17  Simon Fraser  <simon.fraser@apple.com>

        Rename some RenderLayerBacking member functions
        https://bugs.webkit.org/show_bug.cgi?id=133030

        Reviewed by Sam Weinig.

        Remove "GraphicsLayer" from some member function names on RenderLayerBacking.
        
        No behavior change.

        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::AVFWrapper::createAVCFVideoLayer):
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        (WebCore::MediaPlayerPrivateQTKit::createQTMovieLayer):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateAfterLayout):
        (WebCore::RenderLayerBacking::updateConfiguration):
        (WebCore::RenderLayerBacking::updateGeometry):
        (WebCore::RenderLayerBacking::contentChanged):
        (WebCore::RenderLayerBacking::setContentsNeedDisplayInRect):
        (WebCore::RenderLayerBacking::updateGraphicsLayerConfiguration): Deleted.
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry): Deleted.
        * rendering/RenderLayerBacking.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateLayerCompositingState):
        (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
        (WebCore::RenderLayerCompositor::updateLayerTreeGeometry):
        (WebCore::RenderLayerCompositor::updateCompositingDescendantGeometry):
        (WebCore::RenderLayerCompositor::attachRootLayer):

2014-05-19  Antti Koivisto  <antti@apple.com>

        Fix assertion failure with simple line layout debug borders enabled.

        Rubber-stamped by Andreas Kling.

        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::paintDebugBorders): We shoudn't try to paint empty rects.

2014-05-18  Andreas Kling  <akling@apple.com>

        Reduce constructor copypasta in RenderText and RenderElement.
        <https://webkit.org/b/133056>

        Use delegating constructors to remove duplicated initializer lists
        from the constructors of RenderText and RenderElement.

        Reviewed by Anders Carlsson.

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::RenderElement):
        * rendering/RenderElement.h:
        * rendering/RenderText.cpp:
        (WebCore::RenderText::RenderText):
        * rendering/RenderText.h:

2014-05-18  Brent Fulgham  <bfulgham@apple.com>

        Crash during scroll when latched
        https://bugs.webkit.org/show_bug.cgi?id=133064

        Reviewed by Simon Fraser.

        * page/mac/EventHandlerMac.mm:
        (WebCore::EventHandler::platformPrepareForWheelEvents): Prevent dereference of NULL
        wheelEventTarget argument.

2014-05-18  Svetlana Redchenko  <redchenko@yandex-team.ru>

        Input ::selection pseudo class does not work leading to hidden selection
        https://bugs.webkit.org/show_bug.cgi?id=38943

        Reviewed by Darin Adler.

        Test: fast/selectors/input-with-selection-pseudo-element.html

        When text is selected inside input element, it should change the
        color and background color according to the ::selection pseudo element.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::selectionBackgroundColor):
        (WebCore::RenderObject::selectionColor):
        (WebCore::RenderObject::selectionPseudoStyle):
        * rendering/RenderObject.h:

2014-05-18  Sam Weinig  <sam@webkit.org>

        [WebKit2] Implement ScriptMessageHandlers
        https://bugs.webkit.org/show_bug.cgi?id=133053

        Reviewed by Anders Carlsson.

        * DerivedSources.make:
        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::finishCreation):
        * bindings/js/JSUserMessageHandlersNamespaceCustom.cpp: Added.
        (WebCore::JSUserMessageHandlersNamespace::getOwnPropertySlotDelegate):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::shouldHaveWebKitNamespaceForWorld):
        (WebCore::DOMWindow::webkitNamespace):
        * page/DOMWindow.h:
        * page/UserContentController.cpp:
        (WebCore::UserContentController::addUserMessageHandlerDescriptor):
        (WebCore::UserContentController::removeUserMessageHandlerDescriptor):
        * page/UserContentController.h:
        (WebCore::UserContentController::userMessageHandlerDescriptors):
        * page/UserMessageHandler.cpp: Added.
        (WebCore::UserMessageHandler::UserMessageHandler):
        (WebCore::UserMessageHandler::~UserMessageHandler):
        (WebCore::UserMessageHandler::postMessage):
        (WebCore::UserMessageHandler::name):
        (WebCore::UserMessageHandler::world):
        * page/UserMessageHandler.h: Added.
        (WebCore::UserMessageHandler::create):
        * page/UserMessageHandler.idl: Added.
        * page/UserMessageHandlerDescriptor.cpp: Added.
        (WebCore::UserMessageHandlerDescriptor::UserMessageHandlerDescriptor):
        (WebCore::UserMessageHandlerDescriptor::~UserMessageHandlerDescriptor):
        (WebCore::UserMessageHandlerDescriptor::name):
        (WebCore::UserMessageHandlerDescriptor::world):
        * page/UserMessageHandlerDescriptor.h: Added.
        (WebCore::UserMessageHandlerDescriptor::Client::~Client):
        (WebCore::UserMessageHandlerDescriptor::create):
        (WebCore::UserMessageHandlerDescriptor::client):
        * page/UserMessageHandlerDescriptorTypes.h: Added.
        * page/UserMessageHandlersNamespace.cpp: Added.
        (WebCore::UserMessageHandlersNamespace::UserMessageHandlersNamespace):
        (WebCore::UserMessageHandlersNamespace::~UserMessageHandlersNamespace):
        (WebCore::UserMessageHandlersNamespace::handler):
        * page/UserMessageHandlersNamespace.h: Added.
        (WebCore::UserMessageHandlersNamespace::create):
        * page/UserMessageHandlersNamespace.idl: Added.
        * page/WebKitNamespace.cpp: Added.
        (WebCore::WebKitNamespace::WebKitNamespace):
        (WebCore::WebKitNamespace::~WebKitNamespace):
        (WebCore::WebKitNamespace::messageHandlers):
        * page/WebKitNamespace.h: Added.
        (WebCore::WebKitNamespace::create):
        * page/WebKitNamespace.idl: Added.

2014-05-18  Maciej Stachowiak  <mjs@apple.com>

        REGRESSION (r156546): Default media controls are laid out incorrectly when media element is styled with direction:rtl
        https://bugs.webkit.org/show_bug.cgi?id=132531
        <rdar://problem/16806267>
        
        Reviewed by Mark Rowe.

        This was already tested by the media/video-rtl.htm reftest, now unskipped.

        * Modules/mediacontrols/mediaControlsApple.css:
        (audio::-webkit-media-controls-panel): Add missing direction: ltr

2014-05-18  Rik Cabanier  <cabanier@adobe.com>

        support for navigator.hardwareConcurrency
        https://bugs.webkit.org/show_bug.cgi?id=132588

        Reviewed by Filip Pizlo.

        Added a new API that returns the number of CPU cores up to 8.

        Test: fast/dom/navigator-hardwareConcurrency.html

        * Configurations/FeatureDefines.xcconfig:
        * page/Navigator.cpp:
        (WebCore::Navigator::hardwareConcurrency):
        * page/Navigator.h:
        * page/Navigator.idl:

2014-05-18  Anders Carlsson  <andersca@apple.com>

        Fix iOS build.

        * WebCore.exp.in:
        Move UserContentController symbols to the right place.

2014-05-18  Jon Lee  <jonlee@apple.com>

        Build fix for r169006.

        Unreviewed.

        * loader/ResourceLoader.h: Return didCreateQuickLookHandle() to public.

2014-05-18  Antti Koivisto  <antti@apple.com>

        REGRESSION (r160259): text-combine glyphs are not rendered
        https://bugs.webkit.org/show_bug.cgi?id=127324

        Reviewed by Andreas Kling.
        
        The original text gets overwritten by a change that is supposed to affect rendered text only.
        Fixed by giving the text update functions well-defined purposes.

        Test: fast/text/text-combine-rendering.html

        * rendering/RenderCombineText.cpp:
        (WebCore::RenderCombineText::styleDidChange):
        (WebCore::RenderCombineText::setRenderedText):
        (WebCore::RenderCombineText::combineText):
        (WebCore::RenderCombineText::setTextInternal): Deleted.
        * rendering/RenderCombineText.h:
        * rendering/RenderCounter.cpp:
        (WebCore::RenderCounter::computePreferredLogicalWidths):
        * rendering/RenderText.cpp:
        (WebCore::RenderText::setRenderedText):
        
            This function now updates the rendered text but does not change the original.
            Get the original text by calling originalText().

        (WebCore::RenderText::setText):
        
            This the only place original text now changes.

        (WebCore::RenderText::setTextInternal): Deleted.
        
            Renamed to setRenderedText.

        * rendering/RenderText.h:
        * rendering/svg/RenderSVGInlineText.cpp:
        (WebCore::RenderSVGInlineText::setRenderedText):
        (WebCore::RenderSVGInlineText::setTextInternal): Deleted.
        * rendering/svg/RenderSVGInlineText.h:

2014-05-17  Maciej Stachowiak  <mjs@apple.com>

        Don't attempt to update id or name for nodes that are already removed
        https://bugs.webkit.org/show_bug.cgi?id=133041

        Reviewed by Sam Weinig.

        Tests: fast/dom/remove-element-with-id-that-was-inserted-on-DOMNodeRemoved.html
               fast/dom/remove-element-with-name-that-was-inserted-on-DOMNodeRemoved.html

        * dom/Element.cpp:
        (WebCore::Element::removedFrom): Skip updating ids and names for an element not
        in a treescope, as we already do for elements not in a document.

2014-05-17  Alexey Proskuryakov  <ap@apple.com>

        REGRESSION (NetworkProcess): Trying to use appcache fallback crashes in ApplicationCacheHost::scheduleLoadFallbackResourceFromApplicationCache
        https://bugs.webkit.org/show_bug.cgi?id=133007
        <rdar://problem/13702706>

        appcache tests often fail on the Mac WebKit2 bot
        https://bugs.webkit.org/show_bug.cgi?id=82061

        Reviewed by Maciej Stachowiak.

        Covered by existing tests, which this patch enables.

        * WebCore.exp.in: Export ResourceLoader::cancel(const ResourceError&). It used
        to be virtual, but marking subclasses final has resulted in the compiler calling
        it directly from WebKitLegacy framework. Seeing that no subclass overrides it,
        I then made it non-virtual.
        Also export ApplicationCacheHost functions that are now used from WebKit2.

        * loader/ResourceLoader.h: Made the class abstract (as I didn't realize at first
        that it's always either a SubresourceLoader or a NetscapePlugInStreamLoader).
        Made ResourceHandleClient functions private, as they should never be called other
        than via a ResourceHandleClient pointer.

        * loader/NetscapePlugInStreamLoader.h:
        * loader/SubresourceLoader.h:
        Marked these final.

        * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::willSwitchToSubstituteResource):
        Added a function to be called when switching to a substitute resource. We still
        need a ResourceLoader at this point, as substitute resource will be delivered through
        it, but we don't want it to continue its current load.

        * loader/appcache/ApplicationCacheHost.cpp:
        (WebCore::ApplicationCacheHost::scheduleLoadFallbackResourceFromApplicationCache):
        Call the ResourceLoader function instead of using handle, which is null when
        using out of process networking.

2014-05-17  Andreas Kling  <akling@apple.com>

        We shouldn't make a ScrollingThread on iOS.
        <https://webkit.org/b/133038>
        <rdar://problem/16947589>

        Don't call ScrollingThred::dispatch() from the pressure relief
        code on iOS since that will end up instantiating a scrolling thread
        which we'd otherwise never have.

        Reviewed by Sam Weinig.

        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseMemory):

2014-05-17  Piotr Grad  <p.grad@samsung.com>

        Setting playback rate on video with media controller is not ignored.
        https://bugs.webkit.org/show_bug.cgi?id=129048

        Reviewed by Jer Noble.

        Replaced queries for m_playbackRate with effectivePlaybackRate()
        which includes media controller playback rate.

        Test: media/video-controller-child-rate.html

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):
        * html/HTMLMediaElement.h:

2014-05-16  Anders Carlsson  <andersca@apple.com>

        Expose WKUserScript as API
        https://bugs.webkit.org/show_bug.cgi?id=133017
        <rdar://problem/16948059>

        Reviewed by Sam Weinig.

        * WebCore.exp.in:
        Export symbols.

        * WebCore.xcodeproj/project.pbxproj:
        Change UserContentController.h to be a private header.

        * page/Page.cpp:
        (WebCore::Page::Page):
        Set m_userContentController from the page configuration and add it if it's not null.

        * page/Page.h:
        Add UserContentController to PageClients.

        * page/PageGroup.cpp:
        (WebCore::PageGroup::addPage):
        Only try to add a user content controller if the page doesn't already have one.

        (WebCore::PageGroup::removePage):
        Only try to remove the user content controller if it's the group one.

2014-05-17  Andreas Kling  <akling@apple.com>

        REGRESSION (r166422): All RenderBox objects grew 104 bytes from adding repaint timers.
        <https://webkit.org/b/133027>
        <rdar://problem/16867410>

        Instead of storing a rarely-used repaint timer on every RenderBox, store one
        on the RenderView, and keep a hash set of renderers needing repaint.

        Renderers get a flag tracking whether they have a pending lazy repaint.
        This way we can avoid hash lookups in the common case.

        Also added a static assertion to catch RenderBox growing in the future.

        Reviewed by Antti Koivisto.

        * rendering/RenderBox.cpp:
        (WebCore::SameSizeAsRenderBox::~SameSizeAsRenderBox):
        (WebCore::RenderBox::RenderBox):
        (WebCore::RenderBox::~RenderBox):
        (WebCore::RenderBox::paintBoxDecorations):
        (WebCore::RenderBox::layoutOverflowRectForPropagation):
        * rendering/RenderBox.h:
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::RenderElement):
        * rendering/RenderElement.h:
        (WebCore::RenderElement::setRenderBoxNeedsLazyRepaint):
        (WebCore::RenderElement::renderBoxNeedsLazyRepaint):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::RenderView):
        (WebCore::RenderView::scheduleLazyRepaint):
        (WebCore::RenderView::unscheduleLazyRepaint):
        (WebCore::RenderView::lazyRepaintTimerFired):
        * rendering/RenderView.h:

2014-05-16  Jer Noble  <jer.noble@apple.com>

        [Mac][MSE] setCurrentTime() goes down fastSeek path in MediaPlayerPrivateMediaSourceAVFObjC.
        https://bugs.webkit.org/show_bug.cgi?id=133023

        Reviewed by Eric Carlson.

        When seeking a MSE video, do not go down the fastSeekForMediaTime() path if the
        seek resulted from a setCurrentTime() call. The logic can lead to attempted seeks
        before buffered ranges.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekInternal):
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
        (WebCore::MediaSourcePrivateAVFObjC::seekToTime):

2014-05-16  Benjamin Poulain  <bpoulain@apple.com>

        [iOS] ScrollView::visibleContentRectInternal is bypassing the iOS code for unobscuredContentRect
        https://bugs.webkit.org/show_bug.cgi?id=133008

        Reviewed by Simon Fraser.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::visibleContentRectInternal):
        ScrollView::visibleContentRectInternal() was calling the internal implementation of visibleContentRect().
        That was skipping the iOS implementation and getting the framerect directly. That size is invalid on iOS
        when the exposed rect and unobscured rect are not the same.

2014-05-16  Jer Noble  <jer.noble@apple.com>

        [Mac] naturalSize not updated when preload=metadata
        https://bugs.webkit.org/show_bug.cgi?id=132994

        Reviewed by Eric Carlson.

        Test: media/video-load-preload-metadata-naturalsize.html

        When preload=metadata, we never create an AVPlayerItem, and therefore never receive a
        presentationSize KVO. When an AVAsset informs us that its tracks have changed, and there
        is no AVPlayerItem, recalculate presentation size based on the first video track's natural
        size.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekInternal):

2014-05-16  Simon Fraser  <simon.fraser@apple.com>

        Remove "region-based columns" prefs
        https://bugs.webkit.org/show_bug.cgi?id=133006
        <rdar://problem/16945824>

        Reviewed by Dave Hyatt.

        Remove "region-based columns" prefs and related code, since this is only
        way to render columns now.

        * page/Settings.in:

2014-05-16  Antti Koivisto  <antti@apple.com>

        Link search area for touch events is too large in some cases
        https://bugs.webkit.org/show_bug.cgi?id=132988
        <rdar://problem/16917843>

        Reviewed by Simon Fraser.

        * page/ios/FrameIOS.mm:
        (WebCore::Frame::qualifyingNodeAtViewportLocation):
        
            - Adjust the search area to screen ppi.
            - Remove cut-off at scale 1. This made us pick physically far-away elements when zoomed in.
            
        * platform/PlatformScreen.h:
        * platform/ios/PlatformScreenIOS.mm:
        (WebCore::mobileGestaltFloatValue):
        (WebCore::screenPPIFactor):

            Figure out screens physical PPI relative to a base.

2014-05-16  Jer Noble  <jer.noble@apple.com>

        [MSE] Crash at  WebCore::SourceBuffer::~SourceBuffer + 110
        https://bugs.webkit.org/show_bug.cgi?id=132973

        Reviewed by Eric Carlson.

        Change SourceBuffer::m_private into a Ref<>, and add an assertion to
        SourceBufferPrivateAVFObjC's destructor if its client has not been cleared.

        Eliminate unnecessary churn in MediaSourcePrivateAVFObjC by having the predicate
        functor take bare pointers, rather than a PassRefPtr.

        The underlying problem seems to be in WebAVStreamDataParserListener. RefPtrs were
        being created off the main thread to a non-thread safe ref counted class. In some
        situations, this would result in double decrementing the ref, which would cause an
        early destruction of the underlying object. Instead replace these RefPtr strong
        pointers with explicit weak ones. Ensure the parser and its delegate are not freed
        before the append operation completes by passing strong pointers into the async
        append operation lambda.

        There were a few places where we weren't null checking m_mediaSource before using it,
        and at least one place where we weren't clearing m_mediaSource.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::SourceBuffer): Use Ref instead of RefPtr.
        (WebCore::SourceBuffer::appendBufferTimerFired): Ditto.
        * Modules/mediasource/SourceBuffer.h:
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
        (WebCore::MediaSourcePrivateAVFObjCHasAudio): Take a bare pointer, instead of a PassRefPtr.
        (WebCore::MediaSourcePrivateAVFObjCHasVideo): Ditto.
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
        (WebCore::MediaSourcePrivateAVFObjC::removeSourceBuffer): Clear the back pointer when removing a buffer.
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (-[WebAVStreamDataParserListener initWithParser:parent:WebCore::]): Use WeakPtr instead of RefPtr.
        (-[WebAVStreamDataParserListener invalidate]): Ditto.
        (-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:]): Ditto.
        (-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:withDiscontinuity:]): Ditto.
        (-[WebAVStreamDataParserListener streamDataParser:didFailToParseStreamDataWithError:]): Ditto.
        (-[WebAVStreamDataParserListener streamDataParser:didProvideMediaData:forTrackID:mediaType:flags:]): Ditto.
        (-[WebAVStreamDataParserListener streamDataParser:didReachEndOfTrackWithTrackID:mediaType:]): Ditto.
        (-[WebAVStreamDataParserListener streamDataParser:didProvideContentKeyRequestInitializationData:forTrackID:]): Ditto.
        (WebCore::SourceBufferPrivateAVFObjC::~SourceBufferPrivateAVFObjC):
        (WebCore::SourceBufferPrivateAVFObjC::append): Ditto.

2014-05-16  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Push named flows in region to device pixel when painting.
        https://bugs.webkit.org/show_bug.cgi?id=132986

        Reviewed by Simon Fraser.

        Remove integral rounding when named flow sets the painting offset on the graphics context.
        Use device pixel snapping instead to ensure that we can paint on odd device pixel positions on retina displays. 

        Test: fast/regions/hidpi-region-with-auto-margin-on-subpixel-position.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):

2014-05-16  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Add ASSERT to make sure using the flowThread cache does not return incorrect results
        https://bugs.webkit.org/show_bug.cgi?id=132906

        Reviewed by Simon Fraser.

        If flowThreadContainingBlock() is called on an object which is in a different
        flow thread than the one currently being laid out, this method will return an incorrect
        result. I added an assertion for that to make sure we catch and treat any such scenarios.
        For the moment, this assertion is only validated for regions, as multicol still has some issues.

        No new tests required.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::locateFlowThreadContainingBlockNoCache):
        (WebCore::RenderObject::locateFlowThreadContainingBlock):
        * rendering/RenderObject.h:

2014-05-16  Martin Hock  <mhock@apple.com>

        MemoryCache::addImageToCache should return the result of add().
        https://bugs.webkit.org/show_bug.cgi?id=132928
        <rdar://problem/16651547>

        Reviewed by Alexey Proskuryakov.

        API test: WebKit1.MemoryCacheADdImageToCache (MemoryCacheAddImageToCacheIOS.mm)

        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::addImageToCache):

2014-05-16  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] Reduce the RenderRegion invasiveness in rendering code
        https://bugs.webkit.org/show_bug.cgi?id=132121

        Reviewed by Antti Koivisto.

        Remove the RenderRegion / RenderNamedFlowFragment parameters and fields from
        the painting / hit testing data structures and use a stateful approach to
        correctly handle regions.

        When painting or hit testing, the current flow thread is saved along the current
        region. They are accessed through the |currentRenderNamedFlowFragment| helper
        method on RenderObject or RenderLayer.

        The patch also changes a bunch of 0s to nullptrs.

        Tests: No new tests, no functional change.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage):
        * rendering/HitTestLocation.cpp:
        (WebCore::HitTestLocation::HitTestLocation):
        (WebCore::HitTestLocation::operator=):
        * rendering/HitTestLocation.h:
        (WebCore::HitTestLocation::region): Deleted.
        * rendering/HitTestResult.h:
        * rendering/PaintInfo.h:
        (WebCore::PaintInfo::PaintInfo):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::paint):
        (WebCore::RenderBlock::paintObject):
        (WebCore::RenderBlock::selectionGaps):
        (WebCore::RenderBlock::nodeAtPoint):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::nodeAtPoint):
        (WebCore::RenderBox::paintBoxDecorations):
        (WebCore::RenderBox::pushContentsClip):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintMaskForTextFillBox):
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paint):
        (WebCore::RenderLayer::paintLayer):
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::paintLayerByApplyingTransform):
        (WebCore::RenderLayer::collectFragments):
        (WebCore::RenderLayer::updatePaintingInfoForFragments):
        (WebCore::RenderLayer::paintTransformedLayerIntoFragments):
        (WebCore::RenderLayer::paintBackgroundForFragments):
        (WebCore::RenderLayer::paintForegroundForFragmentsWithPhase):
        (WebCore::RenderLayer::paintOutlineForFragments):
        (WebCore::RenderLayer::paintMaskForFragments):
        (WebCore::RenderLayer::hitTest):
        (WebCore::RenderLayer::hitTestFixedLayersInNamedFlows):
        (WebCore::RenderLayer::hitTestLayer):
        (WebCore::RenderLayer::hitTestTransformedLayerInFragments):
        (WebCore::RenderLayer::mapLayerClipRectsToFragmentationLayer):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayer.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateCompositedBounds):
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::addToOverlapMap):
        (WebCore::RenderLayerCompositor::clippedByAncestor):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::currentRenderNamedFlowFragment):
        * rendering/RenderObject.h:
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::shouldPaint):
        * rendering/RenderReplica.cpp:
        (WebCore::RenderReplica::paint):
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::nodeAtPoint):
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::nodeAtPoint):
        * rendering/RenderTreeAsText.cpp:
        (WebCore::writeLayers):
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::paint):
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::paintReplaced):

2014-05-16  Kiran  <kiran.guduru@samsung.com>

        RTCDtmfSender default values need to be updated.
        https://bugs.webkit.org/show_bug.cgi?id=132952

        Reviewed by Eric Carlson.

        The default ToneDuration and ToneGap values are modified in the updated spec.
        So these values need to be updated.

        Test: fast/mediastream/RTCPeerConnection-dtmf.html.

        * Modules/mediastream/RTCDTMFSender.cpp:

2014-05-15  Daniel Bates  <dabates@apple.com>

        Attempt to fix the Apple Mavericks Release, Apple MountainLion Release,
        Apple MountainLion Release (32-bit Build), EFL, and GTK builds following
        <http://trac.webkit.org/changeset/168921> (https://bugs.webkit.org/show_bug.cgi?id=132669)

        * dom/ContainerNode.cpp: Include SVGElement.h for the definition of Node::hasTagName(const SVGQualifiedName&).

2014-05-15  Daniel Bates  <dabates@apple.com>

        ASSERT_NOT_REACHED() in DocumentOrderedMap::get() when removing SVG subtree
        https://bugs.webkit.org/show_bug.cgi?id=132669
        <rdar://problem/14931432>

        Reviewed by Brent Fulgham and Ryosuke Niwa.

        Fixes an assertion failure when removing an SVG element with a duplicate id.

        When removing an SVG element with id A we synchronously instruct each element that references A
        to find the first element with id A, call this N, from the document root and register itself to
        either receive subsequent notifications from N (say, there is another element with id A) or as
        waiting for an element with id A (say, N = nullptr; => we removed the last element with id A from
        the document). Because the elements that reference A perform this operation synchronously when
        removing an element they consult an transient state of the DocumentOrderedMap when querying for the
        element with id A.
    
        Without loss of generality, let E, E_1, E_2, and E_3 be elements, where E_1, E_2, E_3 are children
        of E in that order and E_1.id = E_2.id = A and E_3.href = #A (that is, it references an element
        with id A). Suppose we remove E then we remove E_1, update DocumentOrderedMap to decrement its count
        for id A, and notify E_3 to look for an element with id A. This leads to an assertion failure since
        DocumentOrderedMap expects to find an element with id A, E_2, but cannot find such an element when
        traversing from the document root because E was unlinked from the document root (i.e. E_2 is in a
        disjoint subtree).

        Tests: svg/custom/change-id-of-use-during-removal.html
               svg/custom/remove-subtree-including-path-with-duplicate-id-referenced-by-later-textpath.html
               svg/custom/remove-subtree-including-text-with-duplicate-id-referenced-by-later-tref.html
               svg/custom/remove-subtree-including-use-with-duplicate-id-referenced-by-earlier-use.html
               svg/custom/remove-subtree-including-use-with-duplicate-id-referenced-by-later-animate.html
               svg/custom/remove-subtree-including-use-with-duplicate-id-referenced-by-later-feimage.html
               svg/custom/remove-subtree-including-use-with-duplicate-id-referenced-by-later-mpath.html
               svg/custom/remove-subtree-including-use-with-duplicate-id-referenced-by-later-use.html
               svg/custom/remove-subtree-including-use-with-duplicate-id-referenced-by-later-use2.html
               svg/custom/remove-subtree-including-use-with-duplicate-id-referenced-by-use-in-different-subtree.html
               svg/custom/remove-subtree-including-use-with-duplicate-id-referenced-by-use-with-duplicate-id-in-different-subtree.html
               svg/custom/remove-use-with-duplicate-id-referenced-by-later-use.html

        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::removeChild): Call SVGDocumentExtensions::rebuildElements() after we remove
        a DOM subtree so that applicable SVG elements can update their referenced element when the DocumentOrderedMap
        is in a stable-state.
        (WebCore::ContainerNode::removeChildren): Ditto.
        * svg/SVGDocumentExtensions.cpp:
        (WebCore::SVGDocumentExtensions::rebuildElements): Added; notifies SVG elements that their href attribute
        changed so that they query the DocumentOrderedMap for the element they reference by id in their href attribute.
        (WebCore::SVGDocumentExtensions::clearTargetDependencies): Added; Called from removing
        an SVG element S from the DOM. Appends all elements that reference the id of S to the end of a Vector of
        elements to be rebuilt (when SVGDocumentExtensions::rebuildElements() is called) and notifies these elements
        that have been marked to be rebuilt so that they can invalidate their state (e.g. stop animating).
        (WebCore::SVGDocumentExtensions::rebuildAllElementReferencesForTarget): Changed to take its argument by reference
        (since it's always non-null) and simplified logic to synchronously notify SVG updates that their referenced element
        may have changed. Calling SVGElement::svgAttributeChanged() on an element E should at most remove the dependencies
        of E.
        * svg/SVGDocumentExtensions.h:
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::~SVGElement): Substitute "*this" for "this" as SVGDocumentExtensions::rebuildAllElementReferencesForTarget()
        now takes a reference instead of a pointer.
        (WebCore::SVGElement::removedFrom): Modified to call SVGDocumentExtensions::clearTargetDependencies().
        (WebCore::SVGElement::attributeChanged): Substitute "*this" for "this" as SVGDocumentExtensions::rebuildAllElementReferencesForTarget()
        now takes a reference instead of a pointer.
        * svg/SVGElement.h:
        (WebCore::SVGElement::callClearTarget): Added; calls through to private virtual SVGElement::clearTarget().
        (WebCore::SVGElement::clearTarget): Added.
        * svg/SVGTRefElement.cpp:
        (WebCore::SVGTRefElement::clearTarget): Added.
        * svg/SVGTRefElement.h:
        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::clearTarget): Added.
        * svg/animation/SVGSMILElement.h:

2014-05-15  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] When zoomed, fixed elements jump at the start of a scroll, and jump back at the end.
        https://bugs.webkit.org/show_bug.cgi?id=132978
        <rdar://problem/16894428>

        Reviewed by Benjamin Poulain.

        This was the actual cause of the bug; r168560 changed the rect passed in here
        to be the customFixedPositionRect rather than the unobscured rect, but we
        used it to call FrameView::rectForViewportConstrainedObjects() which gave back
        another bogus rect. So just use the rect passed in.

        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeScrollingNodeIOS::updateLayersAfterViewportChange):

2014-05-15  Daniel Bates  <dabates@apple.com>

        SVG element may reference arbitrary DOM element before running its insertion logic
        https://bugs.webkit.org/show_bug.cgi?id=132757
        <rdar://problem/15703817>

        Reviewed by Ryosuke Niwa.

        Fixes an issue where an SVG element may reference an arbitrary DOM element e before e finished being
        inserted in the tree.

        Currently when an SVG element A is inserted into a document we use document.getElementById() to find the
        element B it references (if any). If A is inserted before B and B has the same id as a later element in
        the document then A can find B before B is notified that its been inserted into the document (i.e. before
        Element::insertedFrom() is called on B). Instead, A should call document.getElementById() only after
        cessation of the insertion operation that inserted it to ensure that all inserted nodes (including B)
        processed their insertion-specific logic.

        Tests: svg/custom/reparent-animate-element.html
               svg/custom/reparent-feimage-element.html
               svg/custom/reparent-mpath-element.html
               svg/custom/reparent-textpath-element.html
               svg/custom/reparent-tref-element.html
               svg/custom/reparent-use-element.html

        * svg/SVGFEImageElement.cpp:
        (WebCore::SVGFEImageElement::insertedInto): Return InsertionShouldCallDidNotifySubtreeInsertions so that
        we are called back to resolve our target element (i.e. call SVGFEImageElement::buildPendingResources())
        after the subtree we're in is inserted.
        (WebCore::SVGFEImageElement::didNotifySubtreeInsertions): Added; turns around and calls SVGFEImageElement::buildPendingResources().
        * svg/SVGFEImageElement.h:
        * svg/SVGMPathElement.cpp:
        (WebCore::SVGMPathElement::insertedInto): Return InsertionShouldCallDidNotifySubtreeInsertions so that
        we are called back to resolve our target element (i.e. call SVGMPathElement::buildPendingResources())
        after the subtree we're in is inserted.
        (WebCore::SVGMPathElement::didNotifySubtreeInsertions): Added; turns around and calls SVGMPathElement::buildPendingResources().
        * svg/SVGMPathElement.h:
        * svg/SVGTRefElement.cpp:
        (WebCore::SVGTRefElement::insertedInto): Return InsertionShouldCallDidNotifySubtreeInsertions so that
        we are called back to resolve our target element (i.e. call SVGTRefElement::buildPendingResources())
        after the subtree we're in is inserted.
        (WebCore::SVGTRefElement::didNotifySubtreeInsertions): Added; turns around and calls SVGTRefElement::buildPendingResources().
        * svg/SVGTRefElement.h:
        * svg/SVGTextPathElement.cpp:
        (WebCore::SVGTextPathElement::insertedInto): Return InsertionShouldCallDidNotifySubtreeInsertions so that
        we are called back to resolve our target element (i.e. call SVGTextPathElement::buildPendingResources())
        after the subtree we're in is inserted.
        (WebCore::SVGTextPathElement::didNotifySubtreeInsertions): Added; turns around and calls SVGTextPathElement::buildPendingResources().
        * svg/SVGTextPathElement.h:
        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::insertedInto): Return InsertionShouldCallDidNotifySubtreeInsertions so that
        we are called back to resolve our target element (i.e. call SVGUseElement::buildPendingResources()) after its subtree is
        inserted.
        (WebCore::SVGUseElement::didNotifySubtreeInsertions): Added; turns around and calls SVGUseElement::buildPendingResources().
        * svg/SVGUseElement.h:
        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::insertedInto): Return InsertionShouldCallDidNotifySubtreeInsertions so that
        we are called back to resolve our target element (i.e. call SVGSMILElement::buildPendingResources())
        after the subtree we're in is inserted.
        (WebCore::SVGSMILElement::didNotifySubtreeInsertions): Added; turns around and calls SVGSMILElement::buildPendingResources().
        * svg/animation/SVGSMILElement.h:

2014-05-15  Mark Hahnenberg  <mhahnenberg@apple.com>

        JSDOMWindow should not claim HasImpureGetOwnPropertySlot
        https://bugs.webkit.org/show_bug.cgi?id=132918

        Reviewed by Geoffrey Garen.

        Tests: js/cached-window-properties.html
               js/cached-window-prototype-properties.html

        We now correctly handle the impurity of JSDOMWindow's custom getOwnPropertySlot without needing the 
        blanket HasImpureGetOwnPropertySlot. We do this through the use of watchpoints and by explicitly forbidding
        any caching beyond a certain point using PropertySlot::disableCaching. Getting rid of this flag will allow 
        us to cache many properties/methods on both the JSDOMWindow and its prototype, which are very commonly used 
        across the web.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        * bindings/scripts/CodeGeneratorJS.pm:
        (HasComplexGetOwnProperty):
        (InterfaceRequiresAttributesOnInstance):
        (InstanceOverridesGetOwnPropertySlot):
        (GenerateHeader):

2014-05-15  Alexey Proskuryakov  <ap@apple.com>

        NetworkProcess crashes at ResourceHandle::continueDidReceiveResponse
        https://bugs.webkit.org/show_bug.cgi?id=132966
        <rdar://problem/16373694>

        Reviewed by Brady Eidson.

        Covered by many fast/files tests.

        * platform/network/BlobResourceHandle.cpp: (WebCore::BlobResourceHandle::continueDidReceiveResponse):
        * platform/network/BlobResourceHandle.h:
        * platform/network/ResourceHandle.h:
        Don't call delegate's continueDidReceiveResponse when loading a blob:// URL,
        the delegate is null. On the Mac, we used to lazily create it, which was also wrong,
        but at least not observable.

2014-05-15  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r168899.
        https://bugs.webkit.org/show_bug.cgi?id=132965

        Broke some compositing regions tests on Mavericks (Requested
        by mihnea___ on #webkit).

        Reverted changeset:

        "[CSS Regions] Reduce the RenderRegion invasiveness in
        rendering code"
        https://bugs.webkit.org/show_bug.cgi?id=132121
        http://trac.webkit.org/changeset/168899

2014-05-15  Alex Christensen  <achristensen@webkit.org>

        Add pointer lock to features without enabling it.
        https://bugs.webkit.org/show_bug.cgi?id=132961

        Reviewed by Sam Weinig.

        * Configurations/FeatureDefines.xcconfig:
        Added ENABLE_POINTER_LOCK to list of features.
        * WebCore.exp.in:
        Added linker symbols which differ with pointer lock enabled.
        * WebCore.xcodeproj/project.pbxproj:
        Added PointerLockController.cpp to build.

2014-05-15  Mark Hahnenberg  <mhahnenberg@apple.com>

        Move subframe name getter lookup later in JSDOMWindow::getOwnPropertySlot
        https://bugs.webkit.org/show_bug.cgi?id=132922

        Reviewed by Geoffrey Garen.

        No new tests.

        In JSDOMWindow::getOwnPropertySlot, we currently look for the property on the JSDOMWindow, 
        then we search the window's subframes for name getters, then we look in the window's prototype 
        chain. Apparently we were doing the lookup in this order to be compatible with Mozilla, but 
        Mozilla no longer implements this behavior. Instead, they do the lookup on the prototype before 
        looking for subframe name getters. We should change this to match Mozilla. This has the convenient 
        side effect of allowing us to cache lookups in the window's prototype chain.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):

2014-05-15  Simon Fraser  <simon.fraser@apple.com>

        [UI-side compositing] Fix copying animations between layers, and pausing them
        https://bugs.webkit.org/show_bug.cgi?id=132943
        <rdar://problem/16906369&16906541>

        Reviewed by Tim Horton.

        Pass the animation key back to animationStarted(), though this isn't used
        when animations are running in-process.

        * platform/graphics/ca/PlatformCALayer.h:
        * platform/graphics/ca/mac/PlatformCALayerMac.h:
        * platform/graphics/ca/mac/PlatformCALayerMac.mm:
        (-[WebAnimationDelegate animationDidStart:]):
        (PlatformCALayerMac::animationStarted):
        * platform/graphics/ca/win/PlatformCALayerWin.cpp:
        (PlatformCALayerWin::animationStarted):
        * platform/graphics/ca/win/PlatformCALayerWin.h:

2014-05-15  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] Reduce the RenderRegion invasiveness in rendering code
        https://bugs.webkit.org/show_bug.cgi?id=132121

        Reviewed by Antti Koivisto.

        Remove the RenderRegion / RenderNamedFlowFragment parameters and fields from
        the painting / hit testing data structures and use a stateful approach to
        correctly handle regions.

        When painting or hit testing, the current flow thread is saved along the current
        region. They are accessed through the |currentRenderNamedFlowFragment| helper
        method on RenderObject or RenderLayer.

        The patch also changes a bunch of 0s to nullptrs.

        Tests: No new tests, no functional change.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage):
        * rendering/HitTestLocation.cpp:
        (WebCore::HitTestLocation::HitTestLocation):
        (WebCore::HitTestLocation::operator=):
        * rendering/HitTestLocation.h:
        (WebCore::HitTestLocation::region): Deleted.
        * rendering/HitTestResult.h:
        * rendering/PaintInfo.h:
        (WebCore::PaintInfo::PaintInfo):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::paint):
        (WebCore::RenderBlock::paintObject):
        (WebCore::RenderBlock::selectionGaps):
        (WebCore::RenderBlock::nodeAtPoint):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::nodeAtPoint):
        (WebCore::RenderBox::paintBoxDecorations):
        (WebCore::RenderBox::pushContentsClip):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintMaskForTextFillBox):
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paint):
        (WebCore::RenderLayer::paintLayer):
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::paintLayerByApplyingTransform):
        (WebCore::RenderLayer::collectFragments):
        (WebCore::RenderLayer::updatePaintingInfoForFragments):
        (WebCore::RenderLayer::paintTransformedLayerIntoFragments):
        (WebCore::RenderLayer::paintBackgroundForFragments):
        (WebCore::RenderLayer::paintForegroundForFragmentsWithPhase):
        (WebCore::RenderLayer::paintOutlineForFragments):
        (WebCore::RenderLayer::paintMaskForFragments):
        (WebCore::RenderLayer::hitTest):
        (WebCore::RenderLayer::hitTestFixedLayersInNamedFlows):
        (WebCore::RenderLayer::hitTestLayer):
        (WebCore::RenderLayer::hitTestTransformedLayerInFragments):
        (WebCore::RenderLayer::mapLayerClipRectsToFragmentationLayer):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayer.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateCompositedBounds):
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::addToOverlapMap):
        (WebCore::RenderLayerCompositor::clippedByAncestor):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::currentRenderNamedFlowFragment):
        * rendering/RenderObject.h:
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::shouldPaint):
        * rendering/RenderReplica.cpp:
        (WebCore::RenderReplica::paint):
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::nodeAtPoint):
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::nodeAtPoint):
        * rendering/RenderTreeAsText.cpp:
        (WebCore::writeLayers):
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::paint):
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::paintReplaced):

2014-05-14  Simon Fraser  <simon.fraser@apple.com>

        Clean up "has non-zero begin time" terminology in animations
        https://bugs.webkit.org/show_bug.cgi?id=132942

        Reviewed by Tim Horton.

        Change the "non-zero beginTime" terminology in the platform CA animations
        code to "explicit beginTime": this flag really means that we explicitly set
        the beginTime of the animation, rather than let CA set the beginTime when
        committing the animation. This flag is used for animations with negative
        delay, and when pausing.
        
        The WKNonZeroBeginTimeFlag key was spread across PlatformCALayerMac and PlatformCAAnimationMac,
        so hide it behind getter/setter functions.
        
        Remove lots of m_layer.get() in PlatformCAAnimationMac.

        * platform/graphics/ca/mac/PlatformCAAnimationMac.h:
        * platform/graphics/ca/mac/PlatformCAAnimationMac.mm:
        (WebCore::hasExplicitBeginTime):
        (WebCore::setHasExplicitBeginTime):
        (PlatformCAAnimationMac::copy):
        (PlatformCAAnimationMac::keyPath):
        (PlatformCAAnimationMac::beginTime):
        (PlatformCAAnimationMac::setBeginTime):
        (PlatformCAAnimationMac::duration):
        (PlatformCAAnimationMac::setDuration):
        (PlatformCAAnimationMac::speed):
        (PlatformCAAnimationMac::setSpeed):
        (PlatformCAAnimationMac::timeOffset):
        (PlatformCAAnimationMac::setTimeOffset):
        (PlatformCAAnimationMac::repeatCount):
        (PlatformCAAnimationMac::setRepeatCount):
        (PlatformCAAnimationMac::autoreverses):
        (PlatformCAAnimationMac::setAutoreverses):
        (PlatformCAAnimationMac::fillMode):
        (PlatformCAAnimationMac::setFillMode):
        (PlatformCAAnimationMac::setTimingFunction):
        (PlatformCAAnimationMac::copyTimingFunctionFrom):
        (PlatformCAAnimationMac::isRemovedOnCompletion):
        (PlatformCAAnimationMac::setRemovedOnCompletion):
        (PlatformCAAnimationMac::isAdditive):
        (PlatformCAAnimationMac::setAdditive):
        (PlatformCAAnimationMac::valueFunction):
        (PlatformCAAnimationMac::setValueFunction):
        (hasNonZeroBeginTimeFlag): Deleted.
        (setNonZeroBeginTimeFlag): Deleted.
        * platform/graphics/ca/mac/PlatformCALayerMac.mm:
        (-[WebAnimationDelegate animationDidStart:]):

2014-05-15  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Compile all installed resources as GResources
        https://bugs.webkit.org/show_bug.cgi?id=131099

        Reviewed by Philippe Normand.

        * PlatformGTK.cmake: Do not install the resources.
        * platform/audio/gtk/AudioBusGtk.cpp:
        (WebCore::AudioBus::loadPlatformResource): Load the audio resource
        from GResources and use createBusFromInMemoryAudioFile().
        * platform/graphics/Image.h: Remove unsued function loadPlatformThemeIcon.
        * platform/graphics/gtk/ImageGtk.cpp:
        (WebCore::loadImageFromGResource): Load the given icon name from GResources.
        (WebCore::loadResourceSharedBuffer): Use char* instead of CString.
        (WebCore::loadMissingImageIconFromTheme): Try to load the missing
        icon from the current GTK icon theme.
        (WebCore::Image::loadPlatformResource): Call
        loadMissingImageIconFromTheme for missing icon or
        loadImageFromGResource for any other icon name.
        (WebCore::getPathToImageResource): Deleted.
        (WebCore::getThemeIconFileName): Deleted.
        (WebCore::loadImageFromFile): Deleted.
        (WebCore::Image::loadPlatformThemeIcon): Deleted.

2014-05-14  Beth Dakin  <bdakin@apple.com>

        Tiled scrolling indicator needs to take topContentInset into account
        https://bugs.webkit.org/show_bug.cgi?id=132940

        Reviewed by Simon Fraser.

        The tiled scrolling indicator needs to move down by the value of the 
        topContentInset. This patch makes that happen by caching the topContentInset in 
        the TileController. This does feel a little silly since there is already a 
        function called setTiledScrollingIndicatorPosition() on TiledBacking. However, it 
        was often the case that calling that function had no effect because m_coverageMap 
        had not yet been created, and then the information was lost. So instead, we cache 
        the value.

        Set TiledBacking’s copy of topContentInset whenever it changes for the FrameView.
        * page/FrameView.cpp:
        (WebCore::FrameView::topContentInsetDidChange):

        New function to set the inset. Use the inset to position the coverage map.
        * platform/graphics/TiledBacking.h:
        * platform/graphics/ca/mac/TileController.h:
        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::TileController):
        (WebCore::TileController::setTopContentInset):

        When the coverage map is created, consult the value of the inset.
        * platform/graphics/ca/mac/TileCoverageMap.mm:
        (WebCore::TileCoverageMap::TileCoverageMap):

        Once the backing has been ensured, set the inset.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateBacking):

2014-05-14  Brent Fulgham  <bfulgham@apple.com>

        Merge r1267628 from branch.
        <rdar://problem/15751219>

            Pratik Solanki  <psolanki@apple.com>

            Reviewed by Simon Fraser.",

            TileController relied on the tiling mode in TileCache to determine if it should use low-res
            tiles when zooming. Unfortunately, sometimes the tiling mode gets set to Zooming even though
            it's actually a pan. Thus we can end up with blurry tiles. Fix this by adding a new flag on
            TileCache that controls this behavior and have UIKit set it only when we have an actual zoom
            operation.
 
        * platform/ios/LegacyTileCache.h:
        (WebCore::LegacyTileCache::tileControllerShouldUseLowScaleTiles):
        (WebCore::LegacyTileCache::setTileControllerShouldUseLowScaleTiles):
        * platform/ios/LegacyTileCache.mm:
        (WebCore::LegacyTileCache::LegacyTileCache):
        * platform/ios/wak/WAKWindow.h:
        * platform/ios/wak/WAKWindow.mm:
        (-[WAKWindow setTileControllerShouldUseLowScaleTiles:]):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::contentsScaleMultiplierForNewTiles):

2014-05-14  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r168750.
        https://bugs.webkit.org/show_bug.cgi?id=132935

        Caused repaint bugs (Requested by weinig on #webkit).

        Reverted changeset:

        "Text decorations do not contribute to visual overflow"
        https://bugs.webkit.org/show_bug.cgi?id=132773
        http://trac.webkit.org/changeset/168750

2014-05-14  Simon Fraser  <simon.fraser@apple.com>

        [New multicolumn] Spin in RenderMultiColumnSet::repaintFlowThreadContent()
        https://bugs.webkit.org/show_bug.cgi?id=132884

        Reviewed by Beth Dakin.

        On iOS, wikipedia pages can hang under RenderMultiColumnSet::repaintFlowThreadContent().
        It appears that computedColumnHeight is set to 0 in prepareForLayout, but layout never happens
        on the RenderMultiColumnSet in some cases, leaving the column height set to zero.
        This caused columnIndexAtOffset() to return bad values, which resulted in very long loops
        in repaintFlowThreadContent().
        
        This fix is a stop-gap.

        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::columnIndexAtOffset):

2014-05-14  Benjamin Poulain  <bpoulain@apple.com>

        Remove FrameView::viewportConstrainedExtentRect, it is unused
        https://bugs.webkit.org/show_bug.cgi?id=132927

        Reviewed by Simon Fraser.

        * page/FrameView.cpp:
        (WebCore::FrameView::viewportConstrainedExtentRect): Deleted.
        * page/FrameView.h:
        Simon replaced this by viewportConstrainedVisibleContentRect, remove the old code.

2014-05-14  Matthew Hanson  <matthew_hanson@apple.com>

        Only define MAX_GRID_TRACK_REPETITIONS if CSS_GRID_LAYOUT is enabled.

        Reviewed by Dean Jackson.

        This was causing -Wunused-const-variable errors.

        * css/CSSParser.cpp: Add include guard.

2014-05-14  Beth Dakin  <bdakin@apple.com>

        Tile cache has way too many tiles when pinch-zoomed in
        https://bugs.webkit.org/show_bug.cgi?id=132929
        -and corresponding-
        <rdar://problem/16527172>

        Reviewed by Benjamin Poulain.

        This patch makes the margin sizing functions return the set margin size scaled by 
        the TileGrid's scale. We also need to get rid of the old notion we used to have
        that margin tiles might be allowed to have a different size than the other tiles. 
        We don't want that. They should have the normal margin size, but they should
        affect the overall coverage area.

        Scale by the TileGrid's scale.
        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::topMarginHeight):
        (WebCore::TileController::bottomMarginHeight):
        (WebCore::TileController::leftMarginWidth):
        (WebCore::TileController::rightMarginWidth):

        Get rid of adjustRectAtTileIndexForMargin() since we do not want to ever do this 
        adjustment. Use tileSize instead of margin size for all sizing computations.
        * platform/graphics/ca/mac/TileGrid.h:
        * platform/graphics/ca/mac/TileGrid.mm:
        (WebCore::TileGrid::rectForTileIndex):
        (WebCore::TileGrid::getTileIndexRangeForRect):
        (WebCore::TileGrid::adjustRectAtTileIndexForMargin): Deleted.

2014-05-14  Dean Jackson  <dino@apple.com>

        [Mac] Search fields should not use centered look
        https://bugs.webkit.org/show_bug.cgi?id=132930
        <rdar://problem/16825842>

        Reviewed by Beth Dakin.

        We need to explicitly set the centeredLook property
        to NO on modern releases of Mac.

        * rendering/RenderThemeMac.mm: Declare a new private property and set it to NO.
        (WebCore::RenderThemeMac::search):

2014-05-14  Zalan Bujtas  <zalan@apple.com>

        Subpixel layout: Change Element.offset* client* scroll* return type to double.
        https://bugs.webkit.org/show_bug.cgi?id=132895

        Reviewed by Simon Fraser.

        This patch changes Element.offset*, Element.client* and Element.scroll* APIs return
        type from long to double to match the latest CSSOM View Module spec[1].
        Element.offset* and Element.client* do return subpixel values from now on.
        Element.scroll* still return integral values as the scrolling code hasn't adopted to subpixel rendering yet.

        subpixelCSSOMElementMetricsEnabled setting is added to be able to turn this feature on/off
        from WK2 preferences. It toggles the return value from subpixel to floored integral.
        It does not change layout/rendering behavior.

        Reference list of what other browsers do:
        IE: http://blogs.msdn.com/b/ie/archive/2012/02/17/sub-pixel-rendering-and-the-css-object-model.aspx
        Blink: http://www.chromestatus.com/features/5497402177880064
        Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=825607

        [1] http://www.w3.org/TR/2013/WD-cssom-view-20131217/

        Test: cssom/subpixel-offsetleft-top-width-height-values.html

        * dom/Element.cpp:
        (WebCore::localZoomForRenderer):
        (WebCore::adjustForLocalZoom):
        (WebCore::convertToNonSubpixelValueIfNeeded):
        (WebCore::Element::offsetLeft):
        (WebCore::Element::offsetTop):
        (WebCore::Element::offsetWidth):
        (WebCore::Element::offsetHeight):
        (WebCore::Element::clientLeft):
        (WebCore::Element::clientTop):
        (WebCore::Element::clientWidth):
        (WebCore::Element::clientHeight):
        (WebCore::Element::scrollLeft):
        (WebCore::Element::scrollTop):
        (WebCore::Element::setScrollLeft):
        (WebCore::Element::setScrollTop):
        (WebCore::Element::scrollWidth):
        (WebCore::Element::scrollHeight):
        * dom/Element.h:
        * dom/Element.idl:
        * html/HTMLBodyElement.cpp:
        (WebCore::adjustForZoom):
        (WebCore::HTMLBodyElement::scrollLeft):
        (WebCore::HTMLBodyElement::setScrollLeft):
        (WebCore::HTMLBodyElement::scrollTop):
        (WebCore::HTMLBodyElement::setScrollTop):
        (WebCore::HTMLBodyElement::scrollHeight):
        (WebCore::HTMLBodyElement::scrollWidth):
        * html/HTMLBodyElement.h:
        * page/Settings.in:

2014-05-14  Brady Eidson  <beidson@apple.com>

        Implement NSSharingServiceDelegate method "transitionImageForShareItem"
        <rdar://problem/16878020> and https://bugs.webkit.org/show_bug.cgi?id=132911

        Reviewed by Tim Horton.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:

2014-05-14  Alex Christensen  <achristensen@webkit.org>

        Another unreviewed build fix.

        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::getTimingData):
        Added necessary UNUSED_PARAMs.

2014-05-14  Alex Christensen  <achristensen@webkit.org>

        Unreviewed build fix after r168849.

        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::getTimingData):
        Protect use of timing data with ENABLE(WEB_TIMING).

2014-05-14  Alex Christensen  <achristensen@webkit.org>

        Refactor duplicate code in web timing.
        https://bugs.webkit.org/show_bug.cgi?id=132917

        Reviewed by Alexey Proskuryakov.

        * platform/network/ResourceHandle.h:
        Added getTimingData declaration.
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::getTimingData):
        * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
        (-[WebCoreResourceHandleAsDelegate connection:didReceiveResponse:]):
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
        Moved duplicate code to ResourceHandle.

2014-05-14  Alex Christensen  <achristensen@webkit.org>

        Use references instead of pointers with ResourceLoadTiming.
        https://bugs.webkit.org/show_bug.cgi?id=132846

        Reviewed by Alexey Proskuryakov.

        * WebCore.exp.in:
        Removed ResourceResponseBase::setResourceLoadTiming linker symbol.
        * inspector/InspectorResourceAgent.cpp:
        (WebCore::buildObjectForResourceResponse):
        * page/PerformanceResourceTiming.cpp:
        (WebCore::PerformanceResourceTiming::domainLookupStart):
        (WebCore::PerformanceResourceTiming::domainLookupEnd):
        (WebCore::PerformanceResourceTiming::connectStart):
        (WebCore::PerformanceResourceTiming::connectEnd):
        (WebCore::PerformanceResourceTiming::secureConnectionStart):
        (WebCore::PerformanceResourceTiming::requestStart):
        Use references instead of pointers.
        * page/PerformanceResourceTiming.h:
        Make an instance instead of a RefPtr.
        * page/PerformanceTiming.cpp:
        (WebCore::PerformanceTiming::domainLookupStart):
        (WebCore::PerformanceTiming::domainLookupEnd):
        (WebCore::PerformanceTiming::connectStart):
        (WebCore::PerformanceTiming::connectEnd):
        (WebCore::PerformanceTiming::secureConnectionStart):
        (WebCore::PerformanceTiming::requestStart):
        (WebCore::PerformanceTiming::responseStart):
        Check to see if the loader exists, then use ResourceLoadTiming reference.
        (WebCore::PerformanceTiming::resourceLoadTiming): Deleted.
        * page/PerformanceTiming.h:
        Removed resourceLoadTiming declaration.
        * platform/network/ResourceLoadTiming.h:
        (WebCore::ResourceLoadTiming::ResourceLoadTiming):
        (WebCore::ResourceLoadTiming::operator=):
        Replaced reference counting with copy constructors.
        (WebCore::ResourceLoadTiming::create): Deleted.
        (WebCore::ResourceLoadTiming::deepCopy): Deleted.
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::adopt):
        (WebCore::ResourceResponseBase::copyData):
        (WebCore::ResourceResponseBase::resourceLoadTiming):
        (WebCore::ResourceResponseBase::setResourceLoadTiming):
        (WebCore::ResourceResponseBase::compare):
        * platform/network/ResourceResponseBase.h:
        * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
        (-[WebCoreResourceHandleAsDelegate connection:didReceiveResponse:]):
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::ResourceHandle::didStartRequest):
        (WebCore::networkEventCallback):
        Use references instead of pointers.

2014-05-14  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r168837.
        https://bugs.webkit.org/show_bug.cgi?id=132913

        The patch added an assertion which fires on 6 tests (Requested
        by ap on #webkit).

        Reverted changeset:

        "[CSS Regions] Add ASSERT to make sure using the flowThread
        cache does not return incorrect results"
        https://bugs.webkit.org/show_bug.cgi?id=132906
        http://trac.webkit.org/changeset/168837

2014-05-13  Jon Honeycutt  <jhoneycutt@apple.com>

        Revert "Don't dispatch 'beforeload' event inside FrameView::layout()",
        commit 84fe8cf6fbe8b5de9a06300ca3ef6d0ffc96948c, and associated
        follow-up fixes:

            "platform/mac/plugins/testplugin-onnew-onpaint.html failing after
                r168668", commit c17be3bf5127baf94310af4b4b9bf5a57d29aaf4
            "[Win] Unreviewed build fix after r168668.", commit
                4fa470ad12c38ee7d4c114541b6dd321181a8bc9

        The original merged patch appears to have caused a regression in
        fast/dom/HTMLObjectElement/object-as-frame.html.

        <https://bugs.webkit.org/show_bug.cgi?id=132886>

        Reviewed by Alexey Proskuryakov.

        * WebCore.exp.in:
        * dom/Document.cpp:
        (WebCore::Document::updateLayoutIgnorePendingStylesheets):
        * dom/Document.h:
        * html/HTMLAppletElement.cpp:
        (WebCore::HTMLAppletElement::renderWidgetForJSBindings):
        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::renderWidgetForJSBindings):
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::renderWidgetForJSBindings):
        * page/FrameView.cpp:
        (WebCore::FrameView::FrameView):
        (WebCore::FrameView::reset):
        (WebCore::FrameView::flushAnyPendingPostLayoutTasks):
        (WebCore::FrameView::performPostLayoutTasks):
        (WebCore::FrameView::updateEmbeddedObjectsTimerFired): Deleted.
        * page/FrameView.h:
        * testing/Internals.cpp:
        (WebCore::Internals::updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:

2014-05-14  Kiran  <kiran.guduru@samsung.com>

        alidation for getUserMedia() errorCallback is missing.
        https://bugs.webkit.org/show_bug.cgi?id=132901

        Reviewed by Darin Adler.

        The patch adds the validation for getUserMedia errorCallBack
        and throws TypeMismatchError.

        Test: fast/mediastream/getusermedia.html 

        * Modules/mediastream/NavigatorUserMedia.cpp:
        (WebCore::NavigatorUserMedia::webkitGetUserMedia):

2014-05-14  Tibor Meszaros  <tmeszaros.u-szeged@partner.samsung.com>

        Remove CSS_STICKY_POSITION guards
        https://bugs.webkit.org/show_bug.cgi?id=132676

        Reviewed by Simon Fraser.

        * Configurations/FeatureDefines.xcconfig:
        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::operator EPosition):
        * css/CSSValueKeywords.in:
        * editing/EditingStyle.cpp:
        (WebCore::EditingStyle::convertPositionStyle):

2014-05-14  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Add ASSERT to make sure using the flowThread cache does not return incorrect results
        https://bugs.webkit.org/show_bug.cgi?id=132906

        Reviewed by Andrei Bucur.

        If flowThreadContainingBlock() is called on an object which is in a different
        flow thread than the one currently being laid out, this method will return an incorrect
        result. I added an assertion for that to make sure we catch and treat any such scenarios.

        No new tests required.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::locateFlowThreadContainingBlockNoCache):
        (WebCore::RenderObject::locateFlowThreadContainingBlock):
        * rendering/RenderObject.h:

2014-05-14  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] Don't relayout when updating the region range unless necessary
        https://bugs.webkit.org/show_bug.cgi?id=132120

        Reviewed by Antti Koivisto.

        The patch reduces the cases when a relayout is made for boxes that change the region range.
        This lowers the amount of nested layouts in most cases and produces big layout speedups for trees
        without overhanging floats.

        Tests: Major performance improvement with speedups of 50-60% on:
        Layout/RegionsAuto.html, Layout/RegionsAutoMaxHeight.html and Layout/RegionsFixed.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::updateRegionRangeForBoxChild): Ask the child box if it needs a relayout
        in case its region range changes.
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::layoutBlockChild): It's not necessary to do two layouts here because
        there's no block direction position change between them for the child.
        (WebCore::RenderBlockFlow::needsLayoutAfterRegionRangeChange): If the block doesn't have floats
        or if it expands to enclose the floats it doesn't need to relayout after a region range chage.
        It's not possible for it to have a float inside overflow that must be repositioned using the new
        range.
        * rendering/RenderBlockFlow.h:
        * rendering/RenderBox.h:
        (WebCore::RenderBox::needsLayoutAfterRegionRangeChange): By default don't relayout after a region
        range change.

2014-05-14  Antti Koivisto  <antti@apple.com>

        RuleData should ref the StyleRule
        https://bugs.webkit.org/show_bug.cgi?id=132865

        Reviewed by Andreas Kling.

        As a defensive move make RuleData ref the StyleRule. 
        This adds some ref churn but the overall performance impact should be minimal.

        * css/RuleSet.h:
        (WebCore::RuleData::rule):

2014-05-14  Antti Koivisto  <antti@apple.com>

        GIF animations don't restart after scrolling on iOS WebKit1
        https://bugs.webkit.org/show_bug.cgi?id=132900

        Reviewed by Andreas Kling.

        * WebCore.exp.in:

2014-05-13  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] Assertion failure in some cases with inline blocks
        https://bugs.webkit.org/show_bug.cgi?id=132859

        Reviewed by Mihnea Ovidenie.

        The patch hardens the conditions when the region range caches are
        populated to avoid desynchronizations when objects move during layout.
        This is true especially in the case of the boxes found inside
        inline blocks, that get their range from the containing line.

        There is a new function |computedRegionRangeForBox| that will always
        return a region range for a box using a best effort algorithm. This should
        be used only when there's no need to cache region information.

        This change also allows better control over the lifecycle of the
        |RenderBoxRegionInfo| objects stored on the regions. We can now iterate
        over the full range of the box when cleaning up the region box info. The
        same applies for the width change detection function.

        Test: fast/regions/inline-block-shifted-region.html

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::updateRegionForLine): Don't set the containing
        region if the block doesn't have a range. The returned value would not
        be correctly clamped.
        * rendering/RenderBox.cpp:
        (WebCore::RenderBlock::hasRegionRangeInFlowThread):
        * rendering/RenderBox.h:
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::removeRenderBoxRegionInfo): Iterate only over
        the range of the box, not from the start of the region chain.
        (WebCore::RenderFlowThread::logicalWidthChangedInRegionsForBlock): Same as
        above.
        (WebCore::RenderFlowThread::hasCachedRegionRangeForBox):
        (WebCore::RenderFlowThread::getRegionRangeForBoxFromCachedInfo):
        (WebCore::RenderFlowThread::getRegionRangeForBox):
        (WebCore::RenderFlowThread::computedRegionRangeForBox): Best effort function
        to determine the range of a box. It will always return something as long
        as the flow thread has regions.
        (WebCore::RenderFlowThread::objectShouldFragmentInFlowRegion): Use the new function
        to determine the range.
        * rendering/RenderFlowThread.h:
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::absoluteQuadsForBox): Use the new function to determine
        the range.

2014-05-13  Simon Fraser  <simon.fraser@apple.com>

        Fix "ASSERTION FAILED: m_representation == PlatformLayerRepresentation" with UI-side compositing
        https://bugs.webkit.org/show_bug.cgi?id=132899

        Reviewed by Beth Dakin.

        Export some things

        * WebCore.exp.in:

2014-05-13  Hans Muller  <hmuller@adobe.com>

        [CSS Shapes] line height grows around polygon and incorrectly causes text to wrap to next line
        https://bugs.webkit.org/show_bug.cgi?id=131622

        Reviewed by Bem Jones-Bey.

        Corrected an earlier PolygonShape fix https://bugs.webkit.org/show_bug.cgi?id=132132
        When the top or bottom of a layout line is coincident with a polygon edge vertex, we
        only consider it an intersection if the edge extends into the line.

        Test: fast/shapes/shape-outside-floats/shape-outside-edge-case.html

        * rendering/shapes/PolygonShape.cpp:
        (WebCore::OffsetPolygonEdge::clippedEdgeXRange):

2014-05-13  Beth Dakin  <bdakin@apple.com>

        m_layerForOverhangAreas is sometimes not positioned correctly when topContentInset 
        has changed
        https://bugs.webkit.org/show_bug.cgi?id=132898
        -and corresponding-
        <rdar://problem/16644710>

        Reviewed by Anders Carlsson.

        This function is called whenever the topContentInset changes, so use it as an 
        opportunity to ensure that m_layerForOverhangAreas has been positioned correctly.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::frameViewDidChangeSize):

        Everyone gets an anchor point!
        (WebCore::RenderLayerCompositor::updateOverflowControlsLayers):

2014-05-13  Dean Jackson  <dino@apple.com>

        Attempted build fix after https://bugs.webkit.org/show_bug.cgi?id=132891

        * page/PageDebuggable.cpp:

2014-05-13  Timothy Hatcher  <timothy@apple.com>

        Force developerExtrasEnabled when a remote Inspector client connects.

        https://bugs.webkit.org/show_bug.cgi?id=132891

        Reviewed by Joseph Pecoraro.

        * page/PageDebuggable.cpp:
        (WebCore::PageDebuggable::PageDebuggable): Initialize m_forcedDeveloperExtrasEnabled to false.
        (WebCore::PageDebuggable::connect): Set m_forcedDeveloperExtrasEnabled if the setting is changed.
        (WebCore::PageDebuggable::disconnect): Switch developerExtrasEnabled back to false
        if m_forcedDeveloperExtrasEnabled is true.
        * page/PageDebuggable.h: Added m_forcedDeveloperExtrasEnabled.

2014-05-13  Beth Dakin  <bdakin@apple.com>

        REGRESSION (topContentInset): Searching through Facebook Messenger's chat causes 
        scrolling in News Feed
        https://bugs.webkit.org/show_bug.cgi?id=132889
        -and corresponding-
        <rdar://problem/16715716>

        Reviewed by Simon Fraser.

        First of all, scrollOffsetRelativeToDocument() was very poorly named. This patch 
        re-names it to the much more accurate documentScrollOffsetRelativeToViewOrigin(). 
        Re-naming it makes it clear that ONE call site was not getting the right offset. 
        That call site does not want to know the document’s position relative to the view 
        origin, but rather it wants to know the Document’s position relative to the 
        scrolling origin.

        Export new name.
        * WebCore.exp.in:

        Use newly re-named documentScrollPositionRelativeToViewOrigin().
        * page/FrameView.cpp:
        (WebCore::FrameView::convertToRenderer):
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::documentScrollOffsetRelativeToViewOrigin):
        (WebCore::ScrollView::documentScrollPositionRelativeToViewOrigin):
        (WebCore::ScrollView::documentScrollOffsetRelativeToScrollableAreaOrigin):
        (WebCore::ScrollView::rootViewToContents):
        (WebCore::ScrollView::windowToContents):
        (WebCore::ScrollView::scrollOffsetRelativeToDocument): Deleted.
        (WebCore::ScrollView::scrollPositionRelativeToDocument): Deleted.
        * platform/ScrollView.h:

        THIS is the spot that needs the new function, 
        documentScrollOffsetRelativeToScrollableAreaOrigin()()
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollRectToVisible):

2014-05-13  Dean Jackson  <dino@apple.com>

        [iOS] Page scale update messages for media controls should only fire at the end of zooming
        https://bugs.webkit.org/show_bug.cgi?id=132857
        <rdar://problem/16631009>

        Reviewed by Simon Fraser.

        As the user was zooming, the media controls that responded
        to the page scale (and resized themselves) would do so
        slightly out of sync with the screen refreshes, and it looked
        terrible. They really only need to get told at the end
        of the zoom that they need to relayout.

        Allow setPageScaleFactor to accept another parameter
        that indicates if the change is stable. That way, changes
        during a user triggers zoom gesture can be ignored for
        media controls.

        * WebCore.exp.in: Page::setPageScaleFactor takes a new parameter.
        * dom/Document.cpp:
        (WebCore::Document::pageScaleFactorChangedAndStable): Renamed from pageScaleFactorChanged.
        (WebCore::Document::pageScaleFactorChanged): Deleted.
        * dom/Document.h:
        * page/Page.cpp:
        (WebCore::Page::setPageScaleFactor): Accepts a new inStableState parameter,
        and tells the main frame that the scale factor has changed if it's stable.
        * page/Page.h:

2014-05-13  Eric Carlson  <eric.carlson@apple.com>

        Unreviewed build fix after r168755.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::metadataDidArrive):

2014-05-13  Eric Carlson  <eric.carlson@apple.com>

        [Mac] hasVideo should return true when video is ready to display
        https://bugs.webkit.org/show_bug.cgi?id=132885

        Reviewed by Jer Noble.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):

        * platform/graphics/avfoundation/objc/AudioTrackPrivateAVFObjC.mm:
        (WebCore::AudioTrackPrivateAVFObjC::resetPropertiesFromTrack): Don't change the
            enabled state of the AVPlayerItemTrack during setup.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC): Initialize
            m_cachedIsReadyForDisplay.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::cancelLoad): Remove "enabled" KVO observers.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoLayer): Observe "readyForDisplay"
            change notifications.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): Remove for "readyForDisplay"
            observer.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::hasAvailableVideoFrame): Return cached readyForDisplay
            state instead of polling every time.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged): Call setHasVideo(true) if the
            player layer is ready for display.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::updateAudioTracks): Update logging.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoTracks): Ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::firstFrameAvailableDidChange): Cache readyForDisplay
            state, call tracksChanged() if we haven't seen a video track yet.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::trackEnabledDidChange): New.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::metadataDidArrive): Correct logging.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksDidChange): Remove old "enabled" listeners
            before release tracks, add new ones to new tracks.
        (WebCore::assetTrackMetadataKeyNames): Add "enabled" to the list of properties we require to 
            be loaded before announcing that metadata has loaded.
        (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]): Observe 
            "readyForDisplay" and "enabled".

        * platform/graphics/avfoundation/objc/VideoTrackPrivateAVFObjC.cpp:
        (WebCore::VideoTrackPrivateAVFObjC::resetPropertiesFromTrack): Don't change the
            enabled state of the AVPlayerItemTrack during setup.

2014-05-13  Myles C. Maxfield  <litherum@gmail.com>

        Text decorations do not contribute to visual overflow
        https://bugs.webkit.org/show_bug.cgi?id=132773

        Reviewed by Darin Adler.

        Tests: fast/css3-text/css3-text-decoration/repaint/underline-outside-of-layout-rect.html

        * rendering/InlineTextBox.cpp:
        (WebCore::textDecorationStrokeThickness): Refactor into a common function
        (WebCore::wavyOffsetFromDecoration): Ditto
        (WebCore::InlineTextBox::extendVerticalVisualOverflowForDecorations): Given
        vertical overflow bounds, possibly extend those to include location of
        decorations.
        (WebCore::InlineTextBox::paintDecoration): Use refactored functions.
        * rendering/InlineTextBox.h: Function signature
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::setLogicalWidthForTextRun): Call extendVerticalVisualOverflowForDecorations()
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeAffectsVisualOverflow): Inspects shadows and text decorations
        (WebCore::RenderStyle::changeRequiresLayout): Calls changeAffectsVisualOverflow()
        (WebCore::RenderStyle::changeRequiresRepaintIfTextOrBorderOrOutline): Moved code from here
        to changeAffectsVisualOverflow().
        * rendering/style/RenderStyle.h: Function signature

2014-05-13  Enrica Casucci  <enrica@apple.com>

        REGRESSION (WebKit2): Zooming to text field leaves it partially hidden by the form assistant.
        https://bugs.webkit.org/show_bug.cgi?id=132879
        <rdar://problem/16318049>

        Reviewed by Benjamin Poulain.

        Adding some exports. The fix to setScrollPosition is to avoid clamping the scroll
        position when using delegate scrolling.

        * WebCore.exp.in:
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::setScrollPosition):

2014-05-13  Brady Eidson  <beidson@apple.com>

        Followup to: Update positioning/drawing of the image controls button.
        <rdar://problem/16885077> and https://bugs.webkit.org/show_bug.cgi?id=132883

        Reviewed by Tim Horton.

        Cleared up the actual intent behind review feedback on the original patch.

        * html/shadow/mac/ImageControlsButtonElementMac.cpp:
        (WebCore::ImageControlsButtonElementMac::maybeCreate):

2014-05-13  Brady Eidson  <beidson@apple.com>

        Update positioning/drawing of the image controls button.
        <rdar://problem/16885077> and https://bugs.webkit.org/show_bug.cgi?id=132883

        Reviewed by Tim Horton.

        * html/shadow/mac/ImageControlsButtonElementMac.cpp:
        (WebCore::ImageControlsButtonElementMac::maybeCreate): Add inline style for top/right
          positioning based on the metrics from the render theme.

        * html/shadow/mac/imageControlsMac.css:
        (.x-webkit-image-controls-button): Can’t hard code any positioning.

        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::imageControlsButtonPositionOffset):
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::servicesRolloverButtonCell):
        (WebCore::RenderThemeMac::imageControlsButtonPositionOffset):

2014-05-13  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] background-attachment:fixed behaves very poorly
        https://bugs.webkit.org/show_bug.cgi?id=132881
        <rdar://problem/16789526>

        Reviewed by Beth Dakin.

        Remove the old ENABLE_FAST_MOBILE_SCROLLING code, and add a setting that
        controls whether fixed backgrounds paint relative to the document, which
        is enabled for iOS (WK1 and WK2). This setting is consulted when we repaint
        fixed backgrounds on scrolling, when we paint them, and when we decide to make
        a layer for fixed backgrounds.
        
        * page/Settings.cpp:
        * page/Settings.in:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::styleWillChange):
        (WebCore::RenderElement::willBeRemovedFromTree):
        (WebCore::shouldRepaintFixedBackgroundsOnScroll): Deleted.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::needsFixedRootBackgroundLayer):

2014-05-13  Zalan Bujtas  <zalan@apple.com>

        REGRESSSION(r168528) Subpixel rendering: Selection rect is not positioned properly when SVG text is selected.
        https://bugs.webkit.org/show_bug.cgi?id=132868

        Reviewed by Dirk Schulze.

        Scale the selection rect. r168528 missed applying this final transform on the selection/painting rect.

        Test: svg/text/hidpi-text-selection-rect-position.html

        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::selectionRectForTextFragment):

2014-05-13  Martin Hodovan  <mhodovan.u-szeged@partner.samsung.com>

        ASSERTION FAILED: leftCategory != CalcOther && rightCategory != CalcOther
        in WebCore::CSSCalcBinaryOperation::createSimplified
        https://bugs.webkit.org/show_bug.cgi?id=132870

        According to the standard, calc() should be able to handle angle, time
        and frequency values as well: http://www.w3.org/TR/css3-values/#calc

        Reviewed by Darin Adler.

        Test: fast/css/calc-with-angle-time-frequency.html

        * css/CSSCalculationValue.cpp:
        (WebCore::unitCategory):
        (WebCore::CSSCalcPrimitiveValue::createCalcExpression):
        (WebCore::CSSCalcPrimitiveValue::computeLengthPx):
        (WebCore::CSSCalcPrimitiveValue::addSubtractResult):
        (WebCore::CSSCalcPrimitiveValue::determineCategory):
        (WebCore::CSSCalcBinaryOperation::primitiveType)
        * css/CSSCalculationValue.h: extending CalculationCategory
        * css/CSSParser.cpp:
        (WebCore::CSSParser::validCalculationUnit):
        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::primitiveType):

2014-05-13  Darin Adler  <darin@apple.com>

        Try to fix the !ENABLE(ICONDATABASE) build

        * loader/icon/IconDatabase.h: Include WTFString.h.

2014-05-13  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r167771): [GTK] Text fields and areas are rendered unthemed
        https://bugs.webkit.org/show_bug.cgi?id=132864

        Reviewed by Philippe Normand.

        This is because the virtual methods changed the API in the parent,
        and since we don't have the methods marked as override we didn't
        noticed it. After using override keyword for all virtual methods
        in the derived class another problem showed up, the ActiveListBox
        selection methods were incorrectly named.

        * platform/gtk/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::paintTextArea): Update to API changes in the
        parent class.
        * platform/gtk/RenderThemeGtk.h: Mark all virtual methods as
        override and the class as final.
        * platform/gtk/RenderThemeGtk2.cpp:
        (WebCore::RenderThemeGtk::paintTextField): Update to API changes
        in the parent class.
        (WebCore::RenderThemeGtk::platformActiveListBoxSelectionBackgroundColor):
        (WebCore::RenderThemeGtk::platformInactiveListBoxSelectionBackgroundColor):
        (WebCore::RenderThemeGtk::platformActiveListBoxSelectionForegroundColor):
        (WebCore::RenderThemeGtk::platformInactiveListBoxSelectionForegroundColor):
        (WebCore::RenderThemeGtk::activeListBoxSelectionBackgroundColor): Deleted.
        (WebCore::RenderThemeGtk::inactiveListBoxSelectionBackgroundColor): Deleted.
        (WebCore::RenderThemeGtk::activeListBoxSelectionForegroundColor): Deleted.
        (WebCore::RenderThemeGtk::inactiveListBoxSelectionForegroundColor): Deleted.
        * platform/gtk/RenderThemeGtk3.cpp:
        (WebCore::RenderThemeGtk::paintTextField): Update to API changes
        in the parent class.
        (WebCore::RenderThemeGtk::platformActiveListBoxSelectionBackgroundColor):
        (WebCore::RenderThemeGtk::platformInactiveListBoxSelectionBackgroundColor):
        (WebCore::RenderThemeGtk::platformActiveListBoxSelectionForegroundColor):
        (WebCore::RenderThemeGtk::platformInactiveListBoxSelectionForegroundColor):
        (WebCore::RenderThemeGtk::activeListBoxSelectionBackgroundColor): Deleted.
        (WebCore::RenderThemeGtk::inactiveListBoxSelectionBackgroundColor): Deleted.
        (WebCore::RenderThemeGtk::activeListBoxSelectionForegroundColor): Deleted.
        (WebCore::RenderThemeGtk::inactiveListBoxSelectionForegroundColor): Deleted.

2014-05-13  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GStreamer] Move toGstClockTime to utilities
        https://bugs.webkit.org/show_bug.cgi?id=132702

        Reviewed by Philippe Normand.

        toGstClockTime should be in GStreamerUtilities and corrected typo
        in getGstPlayFlag.

        No new tests needed.

        * platform/graphics/gstreamer/GStreamerUtilities.cpp:
        (WebCore::getGstPlayFlag): Renamed from getGstPlaysFlag.
        (WebCore::toGstClockTime): Moved from MediaPlayerPrivateGStreamer.
        (WebCore::getGstPlaysFlag): Deleted.
        * platform/graphics/gstreamer/GStreamerUtilities.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::setDownloadBuffering):
        Corrected getGstPlayFlag typo.
        (WebCore::toGstClockTime): Deleted.

2014-05-12  Darin Adler  <darin@apple.com>

        Make a few icon database improvements
        https://bugs.webkit.org/show_bug.cgi?id=132812

        Reviewed by Brady Eidson.

        * WebCore.exp.in: Export more IconDatabase functions, since they are now called
        by WebKit2 through pointers to a class marked final.

        * loader/icon/IconDatabase.cpp: Removed unneeded includes. Use override for
        virtual functions.

        * loader/icon/IconDatabase.h: Removed unneeded includes. Marked the class final.
        Use override for virtual functions. Use a public constructor instead of a create
        function.

        * loader/icon/IconDatabaseBase.h: Removed unneeded includes.

2014-05-13  Kiran  <kiran.guduru@samsung.com>

        [MediaStream] MediaStream.addTrack Should not check for active state.
        https://bugs.webkit.org/show_bug.cgi?id=132558

        Reviewed by Eric Carlson.

        MediaStream.addTrack method is checking for active state of a
        MediaStream, but it should not check for active state while adding a Track.

        Test: fast/mediastream/MediaStream-add-tracks-to-inactive-stream.html

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::addTrack):

2014-05-12  Mark Lam  <mark.lam@apple.com>

        WebKit2 on iOS needs to capture the main thread's floating point environment.
        <https://webkit.org/b/132755>

        Reviewed by Geoffrey Garen.

        For iOS, WorkerThread::workerThread() expects to be able to initialize the
        worker thread's floating point environment to be the same as the one in the
        main thread.  The FP env of the main thread is expected to have been captured
        in the mainThreadFEnv global.  On WebKit2 for iOS, we neglected to initialize
        mainThreadFEnv.

        We now introduce a FloatingPointEnvironment class that will encapsulate the main
        thread (aka "UIThread") fenv, and we'll call FloatingPointEnv::saveMainThreadEnvironment()
        from ChildProcess::platformInitialize() to ensure that the FloatingPointEnvironment
        singleton instance is initialized properly for WebKit2.

        In the ChildProcess::platformInitialize(), we also need to initialize the ARMv7
        FP env to support denormalized numbers.  We'll do this before calling
        saveMainThreadEnvironment().

        Tests: fast/workers/worker-floating-point.html
               js/floating-point-denormalized.html

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/ios/wak/FloatingPointEnvironment.cpp: Added.
        (WebCore::FloatingPointEnvironment::env):
        (WebCore::FloatingPointEnvironment::FloatingPointEnvironment):
        (WebCore::FloatingPointEnvironment::enableDenormalSupport):
        (WebCore::FloatingPointEnvironment::saveMainThreadEnvironment):
        (WebCore::FloatingPointEnvironment::propagateMainThreadEnvironment):
        * platform/ios/wak/FloatingPointEnvironment.h: Added.
        * platform/ios/wak/WebCoreThread.h:
        * platform/ios/wak/WebCoreThread.mm:
        (RunWebThread):
        (StartWebThread):
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::workerThread):

2014-05-12  Dirk Schulze  <krit@webkit.org>

        SVG root element accepts background color but fails to repaint it
        https://bugs.webkit.org/show_bug.cgi?id=63153

        Reviewed by Dean Jackson.

        This is back ported from Blink. Don't know the exact commit though.
        The patch checks if the SVGSVGElement is an outermost root element.
        If it is, mark the whole element for repaint.

        Test: svg/custom/svg-root-background.html

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::calculateHasBoxDecorations):
        (WebCore::RenderBoxModelObject::updateFromStyle):
        * rendering/RenderBoxModelObject.h:
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::RenderSVGRoot):
        (WebCore::RenderSVGRoot::layout):
        (WebCore::RenderSVGRoot::paintReplaced):
        (WebCore::RenderSVGRoot::clippedOverflowRectForRepaint):
            This is a simple optimization by taking the necessary parts
            from RenderReplaced and SVGRenderSupport.
        * rendering/svg/RenderSVGRoot.h:

2014-05-12  Simon Fraser  <simon.fraser@apple.com>

        [iOS] Fixed items are sometimes clipped after rubber-banding
        https://bugs.webkit.org/show_bug.cgi?id=132851
        <rdar://problem/16870790>

        Reviewed by Benjamin Poulain.

        On iOS fixed-position layers would get clipped to the document rect,
        but with rubber-banding, we can now have a custom fixed postion rect
        that extends outside the document rect.
        
        Another issue was that we would un-composite fixed elements sometimes
        when scrolling fast, again because they could fall outside of the document rect.
        
        A final issue was that pinching could reveal parts of fixed elements that should
        lie outside the viewport, rather than clipping the layers.
        
        Fix by converting both call points to use viewportConstrainedVisibleContentRect()
        rather than viewportConstrainedExtentRect(). On non-iOS platforms these are
        the same, but on iOS viewportConstrainedVisibleContentRect() uses the
        custom fixed position rect, which is the correct rect to intersect with.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateCompositedBounds):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresCompositingForPosition):

2014-05-06  Jon Honeycutt  <jhoneycutt@apple.com>

        Don't dispatch 'beforeload' event inside FrameView::layout()

        https://bugs.webkit.org/show_bug.cgi?id=132621
        <rdar://problem/15661470>

        This merges Blink revision 162073 with minor renaming and style
        changes. From that commit:

        Executing JavaScript code inside FrameView::layout() is problematic.
        e.g. an assertion failure tested in fast/events/beforeload-assertion.html.
        We should avoid it.

        This CL makes 'beforeload' event dispatching for plugins and iframes asynchronous,
        except plugin access from JavaScript code (HTMLPlugInElement::
        renderWidgetForJSBindings).

        Reviewed by Brent Fulgham.

        Tests: fast/events/beforeload-assertion.html
               fast/events/beforeload-iframe-crash.html
               fast/events/beforeload-input-time-crash.html

        * WebCore.exp.in:
        * dom/Document.cpp:
        (WebCore::Document::updateLayoutIgnorePendingStylesheets):
        * dom/Document.h:
        * html/HTMLAppletElement.cpp:
        (WebCore::HTMLAppletElement::renderWidgetForJSBindings):
        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::renderWidgetForJSBindings):
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::renderWidgetForJSBindings):
        * page/FrameView.cpp:
        (WebCore::FrameView::FrameView):
        (WebCore::FrameView::reset):
        (WebCore::FrameView::updateEmbeddedObjectsTimerFired):
        (WebCore::FrameView::flushAnyPendingPostLayoutTasks):
        (WebCore::FrameView::performPostLayoutTasks):
        * page/FrameView.h:
        * testing/Internals.cpp:
        (WebCore::Internals::updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks):
        * testing/Internals.h:
        * testing/Internals.idl:

2014-05-12  Roger Fong  <roger_fong@apple.com>

        Limit number of active graphics contexts per web process.
        https://bugs.webkit.org/show_bug.cgi?id=132833.
        <rdar://problem/16888459>

        Reviewed by Dean Jackson.

        Test: webgl/many-contexts.html

        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/mac/GraphicsContext3DMac.mm: Limit number of active contexts to 16.
        (WebCore::GraphicsContext3D::create):
        (WebCore::GraphicsContext3D::~GraphicsContext3D):

2014-05-12  Simon Fraser  <simon.fraser@apple.com>

        Build fix fix.

        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::contentShadowLayerForFrameView):

2014-05-12  Brent Fulgham  <bfulgham@apple.com>

        DataDetectorUI doesn't update with resize
        https://bugs.webkit.org/show_bug.cgi?id=132830
        <rdar://problem/16871179>

        Reviewed by Simon Fraser.

        * editing/Editor.cpp:
        (WebCore::Editor::scanSelectionForTelephoneNumbers): Add public, no-argument
        version that can be called after layout changes.
        (WebCore::Editor::didLayout): Reprocess telephone number data
        since Ranges will have changed.
        * editing/Editor.h:
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::updateDataDetectorsForSelection): Added.
        * editing/FrameSelection.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::performPostLayoutTasks): Ask the FrameSelection to update the
        Range information for selected phone numbers.

2014-05-12  Simon Fraser  <simon.fraser@apple.com>

        Fix the iOS build.

        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::contentShadowLayerForFrameView):

2014-05-12  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Fuzzy tiles on some sites on loading
        https://bugs.webkit.org/show_bug.cgi?id=132847
        <rdar://problem/16816178>

        Reviewed by Benjamin Poulain.

        Export WebCore::TileController::contentsScale() const

        * WebCore.exp.in:

2014-05-12  Simon Fraser  <simon.fraser@apple.com>

        Add debug dumping for ViewportConfiguration
        https://bugs.webkit.org/show_bug.cgi?id=132843

        Reviewed by Benjamin Poulain.

        Add some TextStream-based dumping for ViewportConfiguration.

        * page/ViewportConfiguration.cpp:
        (WebCore::ViewportConfiguration::updateConfiguration):
        (WebCore::ViewportConfigurationTextStream::ViewportConfigurationTextStream):
        (WebCore::ViewportConfigurationTextStream::increaseIndent):
        (WebCore::ViewportConfigurationTextStream::decreaseIndent):
        (WebCore::dumpProperty):
        (WebCore::ViewportConfigurationTextStream::writeIndent):
        (WebCore::ViewportConfigurationTextStream::operator<<):
        (WebCore::ViewportConfiguration::description):
        (WebCore::ViewportConfiguration::dump):
        * page/ViewportConfiguration.h:

2014-05-12  Brady Eidson  <beidson@apple.com>

        Followup to "Teach Editor to support more direct replacement of a Node"
        <rdar://problem/16817952> and https://bugs.webkit.org/show_bug.cgi?id=132834

        Pair programmed and pair reviewed by Brady Eidson and Darin Adler.

        * editing/mac/EditorMac.mm:
        (WebCore::maybeCopyNodeAttributesToFragment):
        (WebCore::Editor::replaceNodeFromPasteboard):

2014-05-12  Beth Dakin  <bdakin@apple.com>

        Content shadow layer needs to move in sync with the content layer
        https://bugs.webkit.org/show_bug.cgi?id=132841
        -and corresponding-
        <rdar://problem/16641115>

        Reviewed by Simon Fraser.

        Now that the root content layer moves a little bit (for y scroll positions between 
        0 and topContentInset), the shadow layer needs to move along with it since the 
        shadow layer should always have the same position as the root content layer.

        Set the root state node’s shadow layer, and update the position whenever the root 
        content layer’s position is updated.
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewRootLayerDidChange):
        (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):

        Fetch the compositor’s layerForContentShadow().
        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::contentShadowLayerForFrameView):
        * page/scrolling/ScrollingCoordinator.h:

        Hook up the contentShadowLayer in the state node.
        * page/scrolling/ScrollingStateScrollingNode.cpp:
        (WebCore::ScrollingStateScrollingNode::ScrollingStateScrollingNode):
        (WebCore::ScrollingStateScrollingNode::setContentShadowLayer):

        Hook it up in the ScrollingTreeNode as well. Move the layer whenever the m
        _scrolledContentsLayer is moved.
        * page/scrolling/ScrollingStateScrollingNode.h:
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
        (WebCore::ScrollingTreeScrollingNodeMac::updateBeforeChildren):
        (WebCore::ScrollingTreeScrollingNodeMac::setScrollLayerPosition):

        The shadow layer needs an anchor point now that we are moving it around.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateOverflowControlsLayers):

2014-05-12  Dirk Schulze  <krit@webkit.org>

        <svg> with opacity and compositing double-applies its opacity
        https://bugs.webkit.org/show_bug.cgi?id=116856

        Reviewed by Simon Fraser.

        The opacity is applied by the compositor. However, all SVG elements
        create transparency layers on their own to apply opacity. So did
        SVGSVGElement.

        Added a check if the current element has a compositing layer and skip
        creating transparency layer if it has.

        Test: svg/custom/composited-svg-with-opacity.html

        * rendering/svg/SVGRenderingContext.cpp:
        (WebCore::SVGRenderingContext::prepareToRenderSVGContent):

2014-05-12  Brady Eidson  <beidson@apple.com>

        Teach Editor to support more direct replacement of a Node
        <rdar://problem/16817952> and https://bugs.webkit.org/show_bug.cgi?id=132834

        Reviewed by Enrica Casucci.

        The new method "Editor::replaceNodeFromPasteboard" has the intent that the new DocumentFragment
        from the pasteboard is as similar to the old Node as possible.

        In practice, the new DocumentFragment:
        1 - Can represent a single node that's missing various attributes the original Node had.
        2 - Can be an unwanted fragment of arbitrary depth when the replacement happens inside Mail.app

        This fixes both of these issues.

        Add a MailBlockquoteHandling enum class for various Editor operations to pass through to the
        ReplaceSelectionCommand:
        * editing/Editor.cpp:
        (WebCore::Editor::handleTextEvent):
        (WebCore::Editor::pasteAsFragment):
        (WebCore::Editor::pasteWithPasteboard):
        (WebCore::Editor::replaceSelectionWithFragment):
        * editing/Editor.h:

        * dom/TextEvent.cpp:
        (WebCore::TextEvent::createForPlainTextPaste):
        (WebCore::TextEvent::createForFragmentPaste):
        (WebCore::TextEvent::TextEvent):
        * dom/TextEvent.h:
        (WebCore::TextEvent::mailBlockquoteHandling):

        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplaceSelectionCommand::ReplaceSelectionCommand):
        (WebCore::ReplaceSelectionCommand::doApply): Consider whether or not this particular Editor
          operation was meant to give special consideration to Mail's Blockquotes.
        * editing/ReplaceSelectionCommand.h:

        * editing/efl/EditorEfl.cpp:
        (WebCore::Editor::pasteWithPasteboard):
        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::pasteWithPasteboard):

        * editing/mac/EditorMac.mm:
        (WebCore::Editor::pasteWithPasteboard):
        (WebCore::Editor::readSelectionFromPasteboard):
        (WebCore::maybeCopyNodeAttributesToFragment): If the new DocumentFragment represents a single HTML node
          with the same tag name is the original HTML node, copy over most attributes from the original node.
        (WebCore::Editor::replaceNodeFromPasteboard): Create the fragment, run it through maybeCopyNodeAttributesToFragment.

        * WebCore.exp.in:

2014-05-12  Alex Christensen  <achristensen@webkit.org>

        Progress on web timing.
        https://bugs.webkit.org/show_bug.cgi?id=132574

        Reviewed by Alexey Proskuryakov.

        * CMakeLists.txt:
        Removed ResourceLoadTiming.cpp.
        * WebCore.exp.in:
        Added linker symbols for ResourceLoadTiming.
        * WebCore.xcodeproj/project.pbxproj:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        Removed ResourceLoadTiming.cpp.
        * inspector/InspectorResourceAgent.cpp:
        (WebCore::buildObjectForTiming):
        * inspector/protocol/Network.json:
        Updated ResourceTiming structure.
        * loader/DocumentLoadTiming.cpp:
        (WebCore::DocumentLoadTiming::setNavigationStart):
        * loader/DocumentLoadTiming.h:
         Deleted unused setNavigationStart function.
        * page/Performance.idl:
        Updated spec URL.
        * page/PerformanceResourceTiming.cpp:
        (WebCore::PerformanceResourceTiming::domainLookupStart):
        (WebCore::PerformanceResourceTiming::domainLookupEnd):
        (WebCore::PerformanceResourceTiming::connectStart):
        (WebCore::PerformanceResourceTiming::secureConnectionStart):
        (WebCore::PerformanceResourceTiming::responseEnd):
        Updated ResourceLoadTiming member variable names.
        (WebCore::PerformanceResourceTiming::responseStart):
        * page/PerformanceResourceTiming.h:
        * page/PerformanceResourceTiming.idl:
        Deleted responseStart because it is not in the spec.
        * page/PerformanceTiming.cpp:
        (WebCore::PerformanceTiming::domainLookupStart):
        (WebCore::PerformanceTiming::domainLookupEnd):
        (WebCore::PerformanceTiming::connectStart):
        (WebCore::PerformanceTiming::secureConnectionStart):
        (WebCore::PerformanceTiming::requestStart):
        (WebCore::PerformanceTiming::responseStart):
        Updated ResourceLoadTiming member variable names.
        (WebCore::PerformanceTiming::resourceLoadTimeRelativeToAbsolute):
        Use navigationStart as base for resource load times.
        * page/PerformanceTiming.idl:
        Updated spec URL.
        * platform/network/HTTPParsers.h:
        Removed unused class declarations.
        * platform/network/ResourceHandle.h:
        Moved soup request time from ResourceLoadTiming to ResourceHandle.
        * platform/network/ResourceLoadTiming.cpp: Removed.
        * platform/network/ResourceLoadTiming.h:
        (WebCore::ResourceLoadTiming::deepCopy):
        (WebCore::ResourceLoadTiming::operator==):
        (WebCore::ResourceLoadTiming::ResourceLoadTiming):
        Updated ResourceLoadTiming member variable names.
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::createNSURLConnection):
        Collect timing data.
        * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
        (-[WebCoreResourceHandleAsDelegate connection:didReceiveResponse:]):
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
        Save timing data to a ResourceLoadTiming on the ResourceResponse.
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::gotHeadersCallback):
        (WebCore::restartedCallback):
        (WebCore::milisecondsSinceRequest):
        (WebCore::ResourceHandle::didStartRequest):
        (WebCore::networkEventCallback):
        (WebCore::createSoupMessageForHandleAndRequest):
        (WebCore::ResourceHandle::sendPendingRequest):
        Updated ResourceLoadTiming member variable names.
        (WebCore::wroteBodyCallback): Deleted.

2014-05-12  Dirk Schulze  <krit@webkit.org>

        SVG outline property is broken and inefficient
        https://bugs.webkit.org/show_bug.cgi?id=113666

        Reviewed by Dean Jackson.

        Patch by Erik Dahlström backported from Blink.

        "[SVG2] css 'outline' property should apply to svg elements 

        The 'outline' property was only partially working in SVG before
        this patch, this makes it work on text and text content child
        elements too. 

        This makes SVG render the outlines as part of the foreground paint
        phase. 

        Partly based on Florin Malita's webkit patch https://bugs.webkit.org/show_bug.cgi?id=113666#c12."

        Tests: svg/custom/outline-stacking-expected.svg
               svg/custom/outline-stacking.svg
               svg/custom/rgba-color-outline.svg
               svg/text/text-outline-expected.svg
               svg/text/text-outline-rgba.html
               svg/text/text-outline.html
               svg/text/textpath-outline-expected.svg
               svg/text/textpath-outline.svg
               svg/text/tspan-multiple-outline.svg
               svg/text/tspan-outline-2-expected.svg
               svg/text/tspan-outline-2.svg
               svg/text/tspan-outline-expected.svg
               svg/text/tspan-outline.html

        * rendering/svg/RenderSVGContainer.cpp:
        (WebCore::RenderSVGContainer::paint): Draw outline in forground
            paint phase.
        * rendering/svg/RenderSVGImage.cpp:
        (WebCore::RenderSVGImage::paint): Draw outline in forground
            paint phase.
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::paintReplaced): Pass paint offset.
        * rendering/svg/RenderSVGShape.cpp:
        (WebCore::RenderSVGShape::paint): Draw outline in forground
            paint phase.
        * rendering/svg/RenderSVGText.cpp:
        (WebCore::RenderSVGText::paint): Draw outline in forground
            paint phase.
        * rendering/svg/SVGInlineFlowBox.cpp:
        (WebCore::SVGInlineFlowBox::paint): Pass paint offset.
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::paint): Draw outline in forground
            paint phase.
        * rendering/svg/SVGRootInlineBox.cpp:
        (WebCore::SVGRootInlineBox::paint): Pass paint offset.

2014-05-12  Beth Dakin  <bdakin@apple.com>

        Layer for bottom overhang area needs to be offset by the topContentInset
        https://bugs.webkit.org/show_bug.cgi?id=132835
        -and corresponding-
        <rdar://problem/16641115>

        Reviewed by Simon Fraser.

        Push this layer down by the topContentInset in addition to the root layer height, 
        footer height, and header height.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateLayerForBottomOverhangArea):

2014-05-09  Jon Honeycutt  <jhoneycutt@apple.com>

        REGRESSION (r167818): editing/inserting/typing-space-to-trigger-smart-link.html fails on WebKit1 bots

        <https://bugs.webkit.org/show_bug.cgi?id=132207>
        <rdar://problem/16730393>

        Reverts the previous workaround in favor of a more specific fix for the
        null dereference.

        Reviewed by Darin Adler.

        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::applyInlineStyleToNodeRange):
        Check whether the run's start and end are still in the document, as
        removeConflictingInlineStyleFromRun() may have removed them.

        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::apply):
        Reverted previous workaround.
        (WebCore::ApplyEditCommand::ReentrancyGuard::isRecursiveCall): Deleted.
        (WebCore::ApplyEditCommand::ReentrancyGuard::Scope::Scope): Deleted.
        (WebCore::ApplyEditCommand::ReentrancyGuard::Scope::~Scope): Deleted.

2014-05-12  Zan Dobersek  <zdobersek@igalia.com>

        Clean up CrossThreadTask
        https://bugs.webkit.org/show_bug.cgi?id=132800

        Reviewed by Darin Adler.

        Remove the createCallbackTask overloads and the related CrossThreadTask helper classes.

        Instead, have one simple CrossThreadTask class that derives from ScriptExecutionContext::Task.
        Its templated constructor takes in the method and the variadic pack of parameters. The cross-thread
        copies of the parameters are then bound to that method and the resulting bind expression is used to
        initialize the base class. The bind expression is constructed with a placeholder for the
        ScriptExecutionContext* parameter that's provided through ScriptExecutionContext::Task::performTask().

        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
        (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
        (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
        * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
        (WebCore::WorkerThreadableWebSocketChannel::Peer::send):
        (WebCore::WorkerThreadableWebSocketChannel::Peer::bufferedAmount):
        (WebCore::WorkerThreadableWebSocketChannel::Peer::didConnect):
        (WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveMessage):
        (WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveBinaryData):
        (WebCore::WorkerThreadableWebSocketChannel::Peer::didUpdateBufferedAmount):
        (WebCore::WorkerThreadableWebSocketChannel::Peer::didStartClosingHandshake):
        (WebCore::WorkerThreadableWebSocketChannel::Peer::didClose):
        (WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveMessageError):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::initialize):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::connect):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::send):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::bufferedAmount):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::close):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::fail):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::disconnect):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::suspend):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::resume):
        * dom/CrossThreadTask.h:
        (WebCore::CrossThreadTask::CrossThreadTask):
        (WebCore::CrossThreadTask1::CrossThreadTask1): Deleted.
        (WebCore::CrossThreadTask1::performTask): Deleted.
        (WebCore::CrossThreadTask2::CrossThreadTask2): Deleted.
        (WebCore::CrossThreadTask2::performTask): Deleted.
        (WebCore::CrossThreadTask3::CrossThreadTask3): Deleted.
        (WebCore::CrossThreadTask3::performTask): Deleted.
        (WebCore::CrossThreadTask4::CrossThreadTask4): Deleted.
        (WebCore::CrossThreadTask4::performTask): Deleted.
        (WebCore::CrossThreadTask5::CrossThreadTask5): Deleted.
        (WebCore::CrossThreadTask5::performTask): Deleted.
        (WebCore::CrossThreadTask6::CrossThreadTask6): Deleted.
        (WebCore::CrossThreadTask6::performTask): Deleted.
        (WebCore::CrossThreadTask7::CrossThreadTask7): Deleted.
        (WebCore::CrossThreadTask7::performTask): Deleted.
        (WebCore::CrossThreadTask8::CrossThreadTask8): Deleted.
        (WebCore::CrossThreadTask8::performTask): Deleted.
        (WebCore::createCallbackTask): Deleted.
        * fileapi/FileReader.cpp:
        (WebCore::FileReader::abort):
        * loader/WorkerThreadableLoader.cpp:
        (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
        (WebCore::WorkerThreadableLoader::MainThreadBridge::destroy):
        (WebCore::WorkerThreadableLoader::MainThreadBridge::cancel):
        (WebCore::WorkerThreadableLoader::MainThreadBridge::didSendData):
        (WebCore::WorkerThreadableLoader::MainThreadBridge::didReceiveResponse):
        (WebCore::WorkerThreadableLoader::MainThreadBridge::didReceiveData):
        (WebCore::WorkerThreadableLoader::MainThreadBridge::didFinishLoading):
        (WebCore::WorkerThreadableLoader::MainThreadBridge::didFail):
        (WebCore::WorkerThreadableLoader::MainThreadBridge::didFailAccessControlCheck):
        (WebCore::WorkerThreadableLoader::MainThreadBridge::didFailRedirectCheck):
        * loader/WorkerThreadableLoader.h:
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::removeRequestFromCache):
        (WebCore::MemoryCache::removeRequestFromSessionCaches):
        * workers/DefaultSharedWorkerRepository.cpp:
        (WebCore::SharedWorkerProxy::postExceptionToWorkerObject):
        (WebCore::SharedWorkerProxy::postConsoleMessageToWorkerObject):
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::postConsoleMessageToWorkerObject):
        (WebCore::WorkerMessagingProxy::workerObjectDestroyed):
        (WebCore::WorkerMessagingProxy::connectToInspector):
        (WebCore::WorkerMessagingProxy::disconnectFromInspector):
        (WebCore::WorkerMessagingProxy::sendMessageToInspector):

2014-05-12  Alex Christensen  <achristensen@webkit.org>

        Implement EXT_shader_texture_lod in WebGL.
        https://bugs.webkit.org/show_bug.cgi?id=128985
        <rdar://problem/16111396>

        Based on Chromium patch by bajones@chromium.org.
        https://src.chromium.org/viewvc/blink?revision=171465&view=revision

        Reviewed by Dean Jackson.

        Test: webgl/conformance/extensions/ext-shader-texture-lod.html
        
        * CMakeLists.txt:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        Added new EXTShaderTextureLOD files.
        * bindings/js/JSWebGLRenderingContextCustom.cpp:
        (WebCore::toJS):
        Added EXTShaderTextureLOD.
        * html/canvas/EXTShaderTextureLOD.cpp: Added.
        (WebCore::EXTShaderTextureLOD::EXTShaderTextureLOD):
        (WebCore::EXTShaderTextureLOD::~EXTShaderTextureLOD):
        (WebCore::EXTShaderTextureLOD::getName):
        * html/canvas/EXTShaderTextureLOD.h: Added.
        * html/canvas/EXTShaderTextureLOD.idl: Added.
        * html/canvas/WebGLExtension.h:
        Added EXTShaderTextureLODName.
        * html/canvas/WebGLObject.cpp:
        Removed unused inclusion of EXTTextureFilterAnisotropic.h.
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getExtension):
        Added EXT_shader_texture_lod.
        * html/canvas/WebGLRenderingContext.h:
        Added a EXTShaderTextureLOD member variable.

2014-05-12  Martin Hock  <mhock@apple.com>

        Disallow drag and drop of non-displayable resources.
        https://bugs.webkit.org/show_bug.cgi?id=132745
        <rdar://problem/10562662>

        Reviewed by Alexey Proskuryakov.

        Test: http/tests/security/drag-drop-local-file.html

        * page/DragController.cpp:
        (WebCore::DragController::startDrag):

2014-05-12  Jozsef Berta  <jberta.u-szeged@partner.samsung.com>

        WinCairo buildfix after r168611
        https://bugs.webkit.org/show_bug.cgi?id=132825

        Reviewed by Darin Adler.

        * platform/network/curl/CurlDownload.cpp:
        (WebCore::CurlDownloadManager::downloadThread):
        (WebCore::CurlDownload::didReceiveHeader):
        (WebCore::CurlDownload::didReceiveData):

2014-05-12  Antti Koivisto  <antti@apple.com>

        REGRESSION (r159560): Text clips on tile border if line-height < font-size
        https://bugs.webkit.org/show_bug.cgi?id=132822

        Reviewed by Andreas Kling.
        
        The first line of simple line layout run range was miscomputed.

        Test: fast/text/simple-lines-range-low-line-height.html

        * rendering/SimpleLineLayoutResolver.h:
        (WebCore::SimpleLineLayout::RunResolver::lineIndexForHeight):
        
            Lines may overlap if line-height < font-size. Apply different adjustment when searching for range begin
            so that overflowing earlier lines are taken into account.

        (WebCore::SimpleLineLayout::RunResolver::rangeForRect):

2014-05-12  Radu Stavila  <stavila@adobe.com>

        Invalid information remaining in lineToRegion map of RenderFlowThread.
        https://bugs.webkit.org/show_bug.cgi?id=132690

        Reviewed by Antti Koivisto.

        Test: fast/multicol/newmulticol/lines-region-map-crash.html

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::deleteLines):
        * rendering/RenderFlowThread.h:

2014-05-12  Zan Dobersek  <zdobersek@igalia.com>

        Clean up MainThreadTask
        https://bugs.webkit.org/show_bug.cgi?id=132799

        Reviewed by Darin Adler.

        Only have one simple MainThreadTask class that derives from std::function<void ()>.
        Its templated constructor takes in the method and a variadic pack of parameters.
        The cross-thread copies of the parameter are then bound to the given method through
        std::bind(), with the resulting bind expression used to initialize the base
        std::function<void ()> class.

        The WebCore::callOnMainThread() functions and the helper classes are removed in favor
        of passing MainThreadTask rvalues directly to WTF::callOnMainThread().

        * fileapi/AsyncFileStream.cpp:
        (WebCore::AsyncFileStream::startOnFileThread):
        (WebCore::AsyncFileStream::stopOnFileThread):
        (WebCore::AsyncFileStream::getSizeOnFileThread):
        (WebCore::AsyncFileStream::openForReadOnFileThread):
        (WebCore::AsyncFileStream::openForWriteOnFileThread):
        (WebCore::AsyncFileStream::readOnFileThread):
        (WebCore::AsyncFileStream::writeOnFileThread):
        (WebCore::AsyncFileStream::truncateOnFileThread):
        * platform/MainThreadTask.h:
        (WebCore::MainThreadTask::MainThreadTask):
        (WebCore::MainThreadTaskBase::MainThreadTaskBase): Deleted.
        (WebCore::MainThreadTaskBase::~MainThreadTaskBase): Deleted.
        (WebCore::MainThreadTask1::create): Deleted.
        (WebCore::MainThreadTask1::MainThreadTask1): Deleted.
        (WebCore::MainThreadTask2::create): Deleted.
        (WebCore::MainThreadTask2::MainThreadTask2): Deleted.
        (WebCore::MainThreadTask3::create): Deleted.
        (WebCore::MainThreadTask3::MainThreadTask3): Deleted.
        (WebCore::MainThreadTask4::create): Deleted.
        (WebCore::MainThreadTask4::MainThreadTask4): Deleted.
        (WebCore::MainThreadTask5::create): Deleted.
        (WebCore::MainThreadTask5::MainThreadTask5): Deleted.
        (WebCore::MainThreadTask6::create): Deleted.
        (WebCore::MainThreadTask6::MainThreadTask6): Deleted.
        (WebCore::MainThreadTask7::create): Deleted.
        (WebCore::MainThreadTask7::MainThreadTask7): Deleted.
        (WebCore::MainThreadTask8::create): Deleted.
        (WebCore::MainThreadTask8::MainThreadTask8): Deleted.
        (WebCore::executeMainThreadTask): Deleted.
        (WebCore::callOnMainThread): Deleted.

2014-05-11  Zan Dobersek  <zdobersek@igalia.com>

        Simplify FileThread::Task usage
        https://bugs.webkit.org/show_bug.cgi?id=132798

        Reviewed by Darin Adler.

        Remove the createFileThreadTask functions and the related FileThreadTask helper classes.

        Instead, the FileThread::Task class now has a templated constructor that takes in a pointer
        to the object instance, a method, and a variadic pack of parameters. The pointer and the
        cross-thread copies of all the parameters are then bound to the given method through std::bind().

        Instead of createFileThreadTask, std::make_unique<>() should be used to construct unique pointers
        that wrap FileThread::Task objects.

        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * fileapi/AsyncFileStream.cpp:
        (WebCore::AsyncFileStream::create):
        (WebCore::AsyncFileStream::stop):
        (WebCore::AsyncFileStream::getSize):
        (WebCore::AsyncFileStream::openForRead):
        (WebCore::AsyncFileStream::openForWrite):
        (WebCore::AsyncFileStream::close):
        (WebCore::AsyncFileStream::read):
        (WebCore::AsyncFileStream::write):
        (WebCore::AsyncFileStream::truncate):
        * fileapi/FileThread.h:
        (WebCore::FileThread::Task::Task):
        (WebCore::FileThread::Task::performTask):
        (WebCore::FileThread::Task::~Task): Deleted.
        * fileapi/FileThreadTask.h: Removed.

2014-05-11  Benjamin Poulain  <benjamin@webkit.org>

        Do not create a temporary string to append the SVGLength's unit
        https://bugs.webkit.org/show_bug.cgi?id=132807

        Reviewed by Geoffrey Garen.

        * svg/SVGLength.cpp:
        (WebCore::lengthTypeToString):
        The caller just append the string to a number string. The function
        lengthTypeToString() was creating a new WTF::String from scratch,
        copied the characters to make a new string, and destroyed the WTF::String.

        Instead, just append the string literal.

2014-05-11  Yusuke Suzuki  <utatane.tea@gmail.com>

        CSS JIT: reduce cost of computing backtracking height
        https://bugs.webkit.org/show_bug.cgi?id=132546

        Reviewed by Benjamin Poulain.

        Because compiler previously compute backtracking height for
        previous child fragment, by leveraging this, we can limit the
        `maxPrefixSize` for `computeBacktrackingHeightFromDescendant`.

        For example, consider selector "c>a>b>d>a>b e"'s descendant chain,
        "c>a>b>d>a>b".

        At the <a> position, we have matching pattern [b, a, d, b, a] and
        calculate the backtracking height by following method.

        pattern:    [b, a, d, b, a]
        candidate0:    [b, a, d, b]  => Not matched.
        candidate1:       [b, a, d]  => Not matched.
        candidate2:          [b, a]  => Matched against the pattern.

        At this time, first candidate0's pattern size is `pattern.size() - 1`.
        And get backtracking height from descendant 3, that is
        `pattern.size() - candidate.size()`, `5 - 2`.

        And next, at the <c> position, we calcucate the backtracking height
        for this pattern.

        pattern:    [b, a, d, b, a, c]
        candidate0:    [b, a, d, b, a]  => Not matched.
        candidate1:       [b, a, d, b]  => Not matched.
        candidate2:          [b, a, d]  => Not matched.
        candidate3:             [b, a]  => Not matched.
        candidate4:                [b]  => Not matched.
        candidate5:                 []  => Matched against the pattern.

        Then, we get the backtracking height, which is 6 (6 - 0).
        However, in the above case, we already know that attempts from candidate0
        to candidate1 always fail, since parts of these are already tested at
        the <b> position trial and we know they don't match.

        So in this case, we should start this computation from candidate2,
        such as,

        pattern:    [b, a, d, b, a, c]
        candidate2:          [b, a, d]  => Not matched.
        candidate3:             [b, a]  => Not matched.
        candidate4:                [b]  => Not matched.
        candidate5:                 []  => Matched against the pattern.

        We can start computation with candidate size
        `pattern.size() - previousChildFragmentBacktrackingHeight`.
        In this example, `pattern.size()` is 6 and
        `previousChildFragmentBacktrackingHeight` is 3, so candidate size is
        3, that is candidate2.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::computeBacktrackingStartHeightFromDescendant):
        (WebCore::SelectorCompiler::computeBacktrackingHeightFromDescendant):

2014-05-11  Beth Dakin  <bdakin@apple.com>

        Headers and footers are not positioned correctly with topContentInset
        https://bugs.webkit.org/show_bug.cgi?id=132787
        -and corresponding-
        <rdar://problem/16641115>

        Reviewed by Tim Horton.

        Headers and footers need to take the inset into account, and they also need to 
        factor in the fact that the root layer moves around now too.

        The existing yPositionForRootContentLayer() is actually the right calculation for 
        the header layer. The root content layer wants that value, but pushed down by the 
        header height. Now there are static functions for both of them and the footer to 
        avoid duplicated code in the three spots where we need this information.
        * page/FrameView.cpp:
        (WebCore::FrameView::yPositionForHeaderLayer):
        (WebCore::FrameView::yPositionForRootContentLayer):
        (WebCore::FrameView::yPositionForFooterLayer):
        * page/FrameView.h:

        Use the static functions to compute the layer positions.
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):

        How did headers ever work with this bug?? I don’t know. We need to return that 
        layer.
        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::headerLayerForFrameView):

        Use the static functions to compute the layer positions.
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
        (WebCore::ScrollingTreeScrollingNodeMac::setScrollLayerPosition):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateRootLayerPosition):
        (WebCore::RenderLayerCompositor::updateLayerForHeader):
        (WebCore::RenderLayerCompositor::updateLayerForFooter):

2014-05-11  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering[iOS]: <select> decoration is misaligned when the renderer is on subpixel position.
        https://bugs.webkit.org/show_bug.cgi?id=132779
        <rdar://problem/16631071>

        Reviewed by Simon Fraser.

        Push <select> theme decoration's rect to device pixel position to ensure
        that the theme bounds are aligned with the renderer's bounds. (in painting terms)
        However, as the decoration code paints multiple items, they all need to use snapped 
        final coordinates for painting : tracked here https://bugs.webkit.org/show_bug.cgi?id=132780
        This patch also changes the padding values for <select> [iOS] to compensate for the integer
        truncation that happened before subpixel. 

        Not testable.

        * css/html.css:
        (select):
        * platform/efl/RenderThemeEfl.cpp:
        (WebCore::RenderThemeEfl::paintMenuListButtonDecorations):
        * platform/efl/RenderThemeEfl.h:
        * platform/gtk/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::paintMenuListButtonDecorations):
        * platform/gtk/RenderThemeGtk.h:
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::paintDecorations):
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::paintMenuListButtonDecorations):
        * rendering/RenderThemeIOS.h:
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::paintMenuListButtonDecorations):
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintMenuListButtonDecorations):
        * rendering/RenderThemeSafari.cpp:
        (WebCore::RenderThemeSafari::paintMenuListButtonDecorations):
        * rendering/RenderThemeSafari.h:
        * rendering/RenderThemeWin.cpp:
        (WebCore::RenderThemeWin::paintMenuList):
        (WebCore::RenderThemeWin::paintMenuListButtonDecorations):
        * rendering/RenderThemeWin.h:

2014-05-11  Zan Dobersek  <zdobersek@igalia.com>

        Move Source/WebCore/workers/ code to std::unique_ptr
        https://bugs.webkit.org/show_bug.cgi?id=132401

        Reviewed by Darin Adler.

        Replace uses of OwnPtr and PassOwnPtr in code under Source/WebCore/workers (and related places)
        with std::unique_ptr.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setTimeout):
        (WebCore::JSDOMWindow::setInterval):
        * bindings/js/JSWorkerGlobalScopeCustom.cpp:
        (WebCore::JSWorkerGlobalScope::setTimeout):
        (WebCore::JSWorkerGlobalScope::setInterval):
        * bindings/js/ScheduledAction.cpp:
        (WebCore::ScheduledAction::create):
        * bindings/js/ScheduledAction.h:
        * page/DOMTimer.cpp:
        (WebCore::DOMTimer::DOMTimer):
        (WebCore::DOMTimer::install):
        (WebCore::DOMTimer::fired):
        (WebCore::DOMTimer::didStop):
        * page/DOMTimer.h:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::setTimeout):
        (WebCore::DOMWindow::setInterval):
        * page/DOMWindow.h:
        * workers/WorkerEventQueue.h:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::WorkerGlobalScope):
        (WebCore::WorkerGlobalScope::setTimeout):
        (WebCore::WorkerGlobalScope::setInterval):
        * workers/WorkerGlobalScope.h:
        (WebCore::WorkerGlobalScope::clearScript):
        * workers/WorkerLoaderProxy.h:
        * workers/WorkerMessagingProxy.h:
        * workers/WorkerRunLoop.cpp:
        (WebCore::WorkerRunLoop::WorkerRunLoop):
        * workers/WorkerRunLoop.h:
        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::loadSynchronously):
        (WebCore::WorkerScriptLoader::loadAsynchronously):
        (WebCore::WorkerScriptLoader::createResourceRequest):
        * workers/WorkerScriptLoader.h:
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::WorkerThread):
        (WebCore::WorkerThread::workerThread):
        (WebCore::WorkerThreadStartupData::create): Deleted.
        * workers/WorkerThread.h:

2014-05-09  Myles C. Maxfield  <litherum@gmail.com>

        [Mac] [iOS] Underlines are too low
        https://bugs.webkit.org/show_bug.cgi?id=132770

        Reviewed by Darin Adler.

        computeUnderlineOffset() inside InlineTextBox.cpp lowers underlines from text
        baseline by a value that is proportional to the font size. However, this
        lowering was done a second time in
        GraphicsContext::computeLineBoundsAndAntialiasingModeForText(). This patch
        removes this second, platform-dependent lowering.

        This duplication was caused by merging iOS into open source, where iOS used
        the GraphicsContext approach and open source used the InlineTextBox approach.

        Covered by fast/css3-text/css3-text-decoration/text-decoration-thickness.html.

        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::computeLineBoundsAndAntialiasingModeForText): Remove
        redundant lowering code
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paintDecoration): Clean up textDecorationThickness
        variable

2014-05-11  Antti Koivisto  <antti@apple.com>

        Text with simple line layout not getting pushed below float when there is not enough space for it
        https://bugs.webkit.org/show_bug.cgi?id=126991

        Reviewed by Andreas Kling.

        Tests: fast/text/simple-lines-intruding-wide-float-dynamic.html
               fast/text/simple-lines-intruding-wide-float.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::markLinesDirtyInBlockRange):
        
            Invalidate the line layout path when floats change. We need to check SimpleLineLayout::canUseFor again as
            intruding floats may make this flow ineligible to use the path.

        * rendering/RenderBlockFlow.h:
        (WebCore::RenderBlockFlow::floatingObjectSet):
        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseFor):
        
            Test the top positions of all floats for case that would push text below the float instead of just testing 
            the first line. We may have floats in the middle of the paragraph too.

2014-05-11  peavo@outlook.com  <peavo@outlook.com>

        WinCairo crashes on acid3 test
        https://bugs.webkit.org/show_bug.cgi?id=131364

        Reviewed by Brent Fulgham.

        When the 304 (Not-modified) response is received, the Curl backend should look up the cached response,
        and call the client method didReceiveResponse with the cached response, instead of the 304 response.
        Otherwise the response will contain an empty MIME type, which causes the request to be cancelled, and the client deleted.
        When the Curl cache manager then accesses the client afterwards, it is deleted, and we crash.

        * platform/network/curl/CurlCacheManager.cpp:
        (WebCore::CurlCacheManager::didReceiveResponse): Return early if request is cancelled.
        (WebCore::CurlCacheManager::getCachedResponse): Added method to get cached response.
        * platform/network/curl/CurlCacheManager.h: Ditto.
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::headerCallback): When 304 response is received, look up cached response, and use it.

2014-05-10  Tim Horton  <timothy_horton@apple.com>

        [WKWebView _updateScrollViewBackground] churns UI-and-CGColors while repainting
        https://bugs.webkit.org/show_bug.cgi?id=132793
        <rdar://problem/16877870>

        Reviewed by Dan Bernstein.

        * WebCore.exp.in:
        Export a Color convenience function.

2014-05-10  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r168578.
        https://bugs.webkit.org/show_bug.cgi?id=132789

        Speculative rollout since this appears to break PLT3.
        (Requested by kling on #webkit).

        Reverted changeset:

        "Move Source/WebCore/workers/ code to std::unique_ptr"
        https://bugs.webkit.org/show_bug.cgi?id=132401
        http://trac.webkit.org/changeset/168578

2014-05-10  Darin Adler  <darin@apple.com>

        REGRESSION (r166853): fast/preloader/document-write.html is very flaky
        https://bugs.webkit.org/show_bug.cgi?id=130942

        Reviewed by Anders Carlsson.

        * style/StyleResolveTree.cpp:
        (WebCore::Style::suspendMemoryCacheClientCalls): Use a RefPtr to the main
        frame as a weak pointer to a Page that will work unless the page is destroyed.
        The old code tried to do it with a RefPtr to a document, but as the FIXME
        points out, that won't work if the document is disassociated with its frame.

2014-05-10  Anders Carlsson  <andersca@apple.com>

        Block exceptions when trying to convert attributed strings to RTF and RTFD
        https://bugs.webkit.org/show_bug.cgi?id=132778
        <rdar://problem/16675805>

        Reviewed by Darin Adler.

        When the iOS WebHTMLConverter was upstreamed, converting some attributed strings to RTF and RTFD
        started throwing Objective-C exceptions (see <rdar://problem/16876920>).
        
        In WebKit2, we now crash on unhandled exceptions so work around that crash by adding exception blocking macros.

        * editing/ios/EditorIOS.mm:
        (WebCore::dataInRTFDFormat):
        (WebCore::dataInRTFFormat):
        * editing/mac/EditorMac.mm:
        (WebCore::dataInRTFDFormat):
        (WebCore::dataInRTFFormat):

2014-05-10  Zan Dobersek  <zdobersek@igalia.com>

        Move Source/WebCore/workers/ code to std::unique_ptr
        https://bugs.webkit.org/show_bug.cgi?id=132401

        Reviewed by Andreas Kling.

        Replace uses of OwnPtr and PassOwnPtr in code under Source/WebCore/workers (and related places)
        with std::unique_ptr.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setTimeout):
        (WebCore::JSDOMWindow::setInterval):
        * bindings/js/JSWorkerGlobalScopeCustom.cpp:
        (WebCore::JSWorkerGlobalScope::setTimeout):
        (WebCore::JSWorkerGlobalScope::setInterval):
        * bindings/js/ScheduledAction.cpp:
        (WebCore::ScheduledAction::create):
        * bindings/js/ScheduledAction.h:
        * page/DOMTimer.cpp:
        (WebCore::DOMTimer::DOMTimer):
        (WebCore::DOMTimer::install):
        (WebCore::DOMTimer::fired):
        (WebCore::DOMTimer::didStop):
        * page/DOMTimer.h:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::setTimeout):
        (WebCore::DOMWindow::setInterval):
        * page/DOMWindow.h:
        * workers/WorkerEventQueue.h:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::WorkerGlobalScope):
        (WebCore::WorkerGlobalScope::setTimeout):
        (WebCore::WorkerGlobalScope::setInterval):
        * workers/WorkerGlobalScope.h:
        (WebCore::WorkerGlobalScope::clearScript):
        * workers/WorkerLoaderProxy.h:
        * workers/WorkerMessagingProxy.h:
        * workers/WorkerRunLoop.cpp:
        (WebCore::WorkerRunLoop::WorkerRunLoop):
        * workers/WorkerRunLoop.h:
        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::loadSynchronously):
        (WebCore::WorkerScriptLoader::loadAsynchronously):
        (WebCore::WorkerScriptLoader::createResourceRequest):
        * workers/WorkerScriptLoader.h:
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::WorkerThread):
        (WebCore::WorkerThread::workerThread):
        (WebCore::WorkerThreadStartupData::create): Deleted.
        * workers/WorkerThread.h:

2014-05-09  Dean Jackson  <dino@apple.com>

        -webkit-filter prevents rendering at retina scale
        https://bugs.webkit.org/show_bug.cgi?id=93471

        Reviewed by Dirk Schulze.

        Implement 2x support for filters that go through
        the -webkit-filter property. This includes all
        shorthand filters, and any referenced SVG-style filters
        (as long as they use only the supported subset of
        operations - basically the same as is exposed for
        the shorthands).

        Tests: fast/hidpi/filters-blur.html
               fast/hidpi/filters-hue-rotate.html
               fast/hidpi/filters-invert.html
               fast/hidpi/filters-multiple.html
               fast/hidpi/filters-reference.html
               fast/hidpi/filters-shadow.html

        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::getUnmultipliedImageData): Scale the source rectangle if the method was
        called using LogicalCoordinates.
        (WebCore::ImageBuffer::getPremultipliedImageData): Ditto.
        (WebCore::ImageBuffer::putByteArray): Ditto.

        * platform/graphics/filters/FEDropShadow.cpp:
        (WebCore::FEDropShadow::platformApplySoftware): Make sure to scale the blur radius by the filter
        resolution, and call the byte-array methods with the native coordinate system.
        * platform/graphics/filters/FEGaussianBlur.cpp:
        (WebCore::FEGaussianBlur::calculateUnscaledKernelSize): Fix typo.
        (WebCore::FEGaussianBlur::platformApplySoftware): Scale the kernel and paint rectangles
        by the filter scale.

        * platform/graphics/filters/Filter.h:
        (WebCore::Filter::Filter): Initialise the filter scale.
        (WebCore::Filter::filterScale): New property which reflects the mapping between logical pixels
        and device pixels.
        (WebCore::Filter::setFilterScale):

        * platform/graphics/filters/FilterEffect.cpp:
        (WebCore::FilterEffect::asImageBuffer): Make sure buffer creation takes scale into account.
        (WebCore::FilterEffect::asUnmultipliedImage): Ditto.
        (WebCore::FilterEffect::asPremultipliedImage): Ditto.
        (WebCore::FilterEffect::copyImageBytes): Scale any incoming regions if they are talking about
        device pixels rather than logical pixels.
        (WebCore::FilterEffect::copyUnmultipliedImage): Ditto.
        (WebCore::FilterEffect::copyPremultipliedImage): Ditto.
        (WebCore::FilterEffect::createImageBufferResult): Take scale into account when creating byte array.
        (WebCore::FilterEffect::createUnmultipliedImageResult): Ditto.
        (WebCore::FilterEffect::createPremultipliedImageResult): Ditto.

        * rendering/FilterEffectRenderer.cpp:
        (WebCore::FilterEffectRenderer::allocateBackingStoreIfNeeded): Pass filter scale into buffer creation.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateOrRemoveFilterEffectRenderer): Make sure to set the filter scale to
        the device scale factor, and notice if we ever change scales.

2014-05-10  Praveen R Jadhav  <praveen.j@samsung.com>

        [MediaStream] Rename NavigatorMediaStream as NavigatorUserMedia.
        https://bugs.webkit.org/show_bug.cgi?id=132734

        Reviewed by Eric Carlson.

        Spec: http://www.w3.org/TR/mediacapture-streams/#navigatorusermedia

        This patch replaces 'NavigatorMediaStream' with 'NavigatorUserMedia'
        throughout the code to be consistent with W3C specifications.
        Test cases remain the same as 'Navigator' implies 'NavigatorUserMedia'.

        * CMakeLists.txt: Compiles NavigatorUserMedia.cpp
        * DerivedSources.make: Compiles NavigatorUserMedia.idl
        * Modules/mediastream/NavigatorMediaStream.cpp: Removed.
        * Modules/mediastream/NavigatorMediaStream.h: Removed.
        * Modules/mediastream/NavigatorMediaStream.idl: Removed.
        * Modules/mediastream/NavigatorUserMedia.cpp: Added.
        (WebCore::NavigatorUserMedia::NavigatorUserMedia):
        (WebCore::NavigatorUserMedia::~NavigatorUserMedia):
        (WebCore::NavigatorUserMedia::webkitGetUserMedia):
        * Modules/mediastream/NavigatorUserMedia.h: Added.
        * Modules/mediastream/NavigatorUserMedia.idl: Added.
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSNavigatorCustom.cpp:
        (WebCore::JSNavigator::webkitGetUserMedia): NavigatorUserMedia
        class is used instead of NavigatorMediaStream.

2014-05-10  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Empty rects should remain empty after integrally enclosing them.
        https://bugs.webkit.org/show_bug.cgi?id=132753
        <rdar://problem/16846801>

        Reviewed by Simon Fraser.

        This patch ensures that empty LayoutRects remain empty after converting to integral enclosing rect.
        LayoutRects with fractional position get expanded even if they are empty. This makes rectangle
        operations unreliable and can result in undesired side effects.

        No testable/covered by existing tests.

        * platform/graphics/LayoutRect.cpp:
        (WebCore::enclosingIntRect):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::localSelectionRect):
        (WebCore::InlineTextBox::paintDocumentMarker):
        (WebCore::InlineTextBox::paintTextMatchMarker):
        (WebCore::InlineTextBox::computeRectForReplacementMarker):
        (WebCore::integralEnclosingRectForSelection): Deleted.

2014-05-09  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Allow Remote Inspector to entitlement check UIProcess through WebProcess
        https://bugs.webkit.org/show_bug.cgi?id=132409

        Reviewed by Timothy Hatcher.

        * inspector/InspectorClient.h:
        (WebCore::InspectorClient::parentProcessIdentifier): Deleted.
        * page/PageDebuggable.cpp:
        (WebCore::PageDebuggable::parentProcessIdentifier): Deleted.
        * page/PageDebuggable.h:
        pid per debuggable is no longer needed.

2014-05-09  Dean Jackson  <dino@apple.com>

        [fullscreen] cursor should auto-hide when over video
        https://bugs.webkit.org/show_bug.cgi?id=132758

        Unreviewed followup based on test failure.

        * css/fullscreen.css: Append the previous rule - video children of fullscreen elements.

2014-05-09  Dean Jackson  <dino@apple.com>

        [fullscreen] cursor should auto-hide when over video
        https://bugs.webkit.org/show_bug.cgi?id=132758

        Reviewed by Brent Fulgham.

        Cursors were not auto-hiding over fullscreen video. There was
        a small error in the CSS we load for fullscreen content.

        * css/fullscreen.css: Don't hide when video is a child of the fullscreen element - hide when it *is* the fullscreen element.
        (video:-webkit-full-screen):
        (:-webkit-full-screen video:hover): Deleted.

2014-05-09  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering[iOS]: Top bar on apple.com/support jiggles when the swoosh animates.
        https://bugs.webkit.org/show_bug.cgi?id=132750
        <rdar://problem/16803281>

        Reviewed by Simon Fraser.

        This patch ensures that GraphicsLayer and RemoteLayerBackingStore have the same dimensions.
        
        Remove integral enclosing when we set the size on RemoteLayerBackingStore. It makes the layer's size
        different from the backingstore when the passed value is fractional.
        We scale and integral round this value to size the shareable bitmap later. Rounding ensures that
        the final size value matches what we calculated at GraphicsLayerCA::updateGeometry()

        Currently not testable.

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::updateGeometry):
        (WebCore::GraphicsLayerCA::computePixelAlignment): include device scale factor to be able calculate the final content scale.
        * platform/graphics/ca/GraphicsLayerCA.h:

2014-05-09  Mark Hahnenberg  <mhahnenberg@apple.com>

        JSDOMWindow should disable property caching after a certain point
        https://bugs.webkit.org/show_bug.cgi?id=132751

        Reviewed by Filip Pizlo.

        No new tests.

        This is part of removing HasImpureGetOwnPropertySlot from JSDOMWindow. After the lookup in the static 
        hash table for JSDOMWindow fails we want to disable property caching even if the code that follows thinks 
        that it has provided a cacheable value.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):

2014-05-09  Benjamin Poulain  <bpoulain@apple.com>

        Fix the export file after r168556

        * WebCore.exp.in: I forgot to fix the export file before landing.

2014-05-09  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Set up the resize events
        https://bugs.webkit.org/show_bug.cgi?id=132726

        Reviewed by Darin Adler and Simon Fraser.

        Let the WebKit2 layer override the size used for resize events.

        * WebCore.exp.in:
        * page/FrameView.cpp:
        (WebCore::FrameView::layout):
        (WebCore::FrameView::sizeForResizeEvent):
        (WebCore::FrameView::sendResizeEventIfNeeded):
        (WebCore::FrameView::setCustomSizeForResizeEvent):
        * page/FrameView.h:

2014-05-09  Alexey Proskuryakov  <ap@apple.com>

        REGRESSION (r168518): Multiple tests for workers in blobs assert
        https://bugs.webkit.org/show_bug.cgi?id=132728

        Reviewed by Geoffrey Garen.

        Change File serialization to include name, so that we don't have to regenerate anything
        on a secondary thread after deserialization.

        Files and Blobs can't be stored persistently, because URLs are transient (IndexedDB
        has an explicit check, and fails if there were any blob URLs). API doesn't have the
        check, but given that anyone who tried to use these to serialize a File would fail,
        it seems OK to change the format.

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::write):
        (WebCore::CloneDeserializer::readFile):
        * fileapi/File.cpp:
        (WebCore::File::File):
        * fileapi/File.h:

2014-05-08  Mark Hahnenberg  <mhahnenberg@apple.com>

        JSDOMWindow should have a WatchpointSet to fire on window close
        https://bugs.webkit.org/show_bug.cgi?id=132721

        Reviewed by Filip Pizlo.

        No new tests.

        This patch allows us to reset the inline caches that assumed they could skip 
        the first part of JSDOMWindow::getOwnPropertySlot that checks if the window has 
        been closed. This is part of getting rid of HasImpureGetOwnPropertySlot on JSDOMWindow.

        JSDOMWindowBase now has a WatchpointSet that the underlying DOMWindow fires when its
        frame is cleared. In getOwnPropertySlot, we now pass this WatchpointSet to PropertySlot
        which will shepherd it back up to the code that generates the inline cache (and the 
        Watchpoint for clearing it).

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::JSDOMWindowBase):
        (WebCore::JSDOMWindowBase::fireFrameClearedWatchpointsForWindow):
        * bindings/js/JSDOMWindowBase.h:
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::frameDestroyed):

2014-05-09  Zsolt Borbely  <zsborbely.u-szeged@partner.samsung.com>

        ASSERTION FAILED: object->style()->overflowX() == object->style()->overflowY()
        https://bugs.webkit.org/show_bug.cgi?id=121682

        Reviewed by Dirk Schulze.

        Add more overflow freedom to the SVG element:
        -overflow-x and overflow-y for controlling each scrollbar independently is now supported
        -overflow:scroll will display scrollbars regardless of the svg overflowing or not (as required by CSS)
        -overflow:hidden will cause overflow to be clipped away and scrollbars to be hidden

        Merged from Blink r172126 by <ed@opera.com>

        Tests: svg/W3C-SVG-1.1-SE/painting-marker-05-f.svg
               svg/W3C-SVG-1.1-SE/painting-marker-06-f.svg
               svg/animations/animate-viewport-overflow-2.html
               svg/animations/animate-viewport-overflow.html
               svg/in-html/overflow-repaint.html
               svg/in-html/overflow-svg-root-attr.html
               svg/in-html/overflow-svg-root-style.html
               svg/in-html/overflow-svg-root.html
               svg/overflow/overflow-on-outermost-svg-element-horizontal-auto.svg
               svg/overflow/overflow-on-outermost-svg-element-vertical-auto.svg
               svg/overflow/overflow-scroll-on-outermost-svg-element.svg
               svg/overflow/overflow-x-hidden-on-outermost-svg-element-expected.svg
               svg/overflow/overflow-x-hidden-on-outermost-svg-element.svg
               svg/overflow/overflow-y-hidden-on-outermost-svg-element-expected.svg
               svg/overflow/overflow-y-hidden-on-outermost-svg-element.svg

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle):
        * page/FrameView.cpp:
        (WebCore::FrameView::applyOverflowToViewport):
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::layout):
        (WebCore::RenderSVGRoot::shouldApplyViewportClip):
        (WebCore::RenderSVGRoot::paintReplaced):
        (WebCore::RenderSVGRoot::computeFloatRectForRepaint):
        * rendering/svg/RenderSVGRoot.h:
        * rendering/svg/SVGRenderSupport.cpp:
        (WebCore::SVGRenderSupport::isOverflowHidden):

2014-05-09  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] Destroy the AVStreamDataParser when the SourceBuffer is removed from its MediaSource.
        https://bugs.webkit.org/show_bug.cgi?id=132710

        Reviewed by Eric Carlson.

        The AVStreamDataParser should be destroyed when the SourceBuffer is removed, so that subsequent
        SourceBuffers can utilize resources released by the parser on destruction.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (-[WebAVStreamDataParserListener invalidate]):
        (-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:]):  Protect against _parent being invalidated.
        (-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:withDiscontinuity:]): Ditto.
        (-[WebAVStreamDataParserListener streamDataParser:didFailToParseStreamDataWithError:]): Ditto.
        (-[WebAVStreamDataParserListener streamDataParser:didProvideMediaData:forTrackID:mediaType:flags:]): Ditto.
        (WebCore::SourceBufferPrivateAVFObjC::~SourceBufferPrivateAVFObjC): Call destroyParser();.
        (WebCore::SourceBufferPrivateAVFObjC::removedFromMediaSource): Ditto.
        (WebCore::SourceBufferPrivateAVFObjC::destroyParser): Call -[WebAVStreamDataParserListener invalidate].

2014-05-09  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] 1-2% performance regression in html5-full-render after r168286
        https://bugs.webkit.org/show_bug.cgi?id=132672

        Reviewed by Mihnea Ovidenie.

        The patch optimizes the search of regions when there's a single region in the chain.
        There's no need to execute advanced search logic, we can directly return that region.

        Tests: No function change, no tests.

        * rendering/RenderBlock.cpp:
        (WebCore::canComputeRegionRangeForBox):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::regionAtBlockOffset):
        (WebCore::RenderFlowThread::hasCachedRegionRangeForBox): Renamed from hasRegionRangeForBox to
        better suggest what the function does.
        (WebCore::RenderFlowThread::getRegionRangeForBox):
        (WebCore::RenderFlowThread::hasRegionRangeForBox): Deleted.
        * rendering/RenderFlowThread.h:

2014-05-09  Jer Noble  <jer.noble@apple.com>

        [EME] Call suspendIfNeeded() in the MediaKeySession create() method to avoid an ASSERT.
        https://bugs.webkit.org/show_bug.cgi?id=132712

        Reviewed by Eric Carlson.

        All ActiveDOMObject subclasses must call suspendIfNeeded() immediately after creation.

        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::MediaKeySession):

2014-05-09  Zalan Bujtas  <zalan@apple.com>

        Unreviewed. Another attempt to fix Windows build after r168528.

        * platform/graphics/win/FontWin.cpp:
        (WebCore::Font::adjustSelectionRectForComplexText):

2014-05-09  Zalan Bujtas  <zalan@apple.com>

        Unreviewed build fix for Win after r168528.

        * platform/graphics/win/FontWin.cpp:
        (WebCore::Font::adjustSelectionRectForComplexText):

2014-05-09  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r168095): 1-pixel gap between adjacent selection inlines
        https://bugs.webkit.org/show_bug.cgi?id=132474
        <rdar://problem/16797394>

        Reviewed by David Hyatt.

        This patch changes text selection rectangle calculation from integral to device
        pixel snapping. It ensures that selection rect painting matches box boundaries for inline elements.
        Directional rounding (horizontal only atm) is moved out from Font class and now accessible
        to all the painting code. RTL snapping strategy is changed from floor to round to match ltr behavior.
        However this patch does not address all the integral snapping across inline elements. There are
        a few places where we still calculate enclosing rects where snapping is sufficient.

        Test: fast/inline/hidpi-pixel-gap-between-adjacent-selection-inlines.html

        * platform/LayoutUnit.h:
        (WebCore::roundToDevicePixel): added fudge factor to change rounding direction as directed.
        * platform/graphics/Font.cpp:
        (WebCore::Font::adjustSelectionRectForText):
        (WebCore::Font::selectionRectForText): Deleted.
        * platform/graphics/Font.h:
        * platform/graphics/FontFastPath.cpp:
        (WebCore::Font::adjustSelectionRectForSimpleText): removed directional rounding.
        (WebCore::Font::selectionRectForSimpleText): Deleted.
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawHighlightForText): Deleted.
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/LayoutPoint.h:
        (WebCore::roundedForPainting):
        * platform/graphics/LayoutRect.h:
        (WebCore::directionalPixelSnappedForPainting): Snap top right corner for rtl direction.
        * platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:
        (WebCore::Font::adjustSelectionRectForComplexText):
        (WebCore::Font::selectionRectForComplexText): Deleted.
        * platform/graphics/mac/FontComplexTextMac.cpp:
        (WebCore::Font::adjustSelectionRectForComplexText): removed directional rounding.
        (WebCore::Font::selectionRectForComplexText): Deleted.
        * platform/graphics/win/FontWin.cpp:
        (WebCore::Font::adjustSelectionRectForComplexText):
        (WebCore::Font::selectionRectForComplexText): Deleted.
        * rendering/EllipsisBox.cpp:
        (WebCore::EllipsisBox::selectionRect):
        (WebCore::EllipsisBox::paintSelection):
        * rendering/InlineTextBox.cpp:
        (WebCore::integralEnclosingRectForSelection): helper to address enclosing empty rect problem.
        (WebCore::InlineTextBox::localSelectionRect):
        (WebCore::InlineTextBox::paintSelection):
        (WebCore::InlineTextBox::paintCompositionBackground):
        (WebCore::InlineTextBox::paintDocumentMarker):
        (WebCore::InlineTextBox::paintTextMatchMarker):
        (WebCore::InlineTextBox::computeRectForReplacementMarker):
        (WebCore::InlineTextBox::positionForOffset):
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::selectionRectForTextFragment):

2014-05-09  Martin Hodovan  <mhodovan@inf.u-szeged.hu>

        ASSERTION FAILED: !m_code || m_code == defaultExceptionCode
        in WebCore::constructQualifiedName
        https://bugs.webkit.org/show_bug.cgi?id=132343

        'Remove bad assertion in SVGSMILElement's constructQualifiedName() by passing
        IGNORE_EXCEPTION instead ASSERT_NO_EXCEPTION to Document::parseQualifiedName().
        The constructQualifiedName() function handles parseQualifiedName() failures
        propertly by returning early so there is no reason to assert on parsing
        failures.'

        Blink merge: http://src.chromium.org/viewvc/blink?view=revision&revision=173564
        Based on the patch made by Christophe Dumez <ch.dumez@samsung.com>.

        Reviewed by Dirk Schulze.

        Test: svg/custom/bad-attributeName-crash.html

        * svg/animation/SVGSMILElement.cpp:
        (WebCore::constructQualifiedName):

2014-05-08  Brent Fulgham  <bfulgham@apple.com>

        Multiple (stacked) cues when shuttling through video while playing closed captions
        https://bugs.webkit.org/show_bug.cgi?id=132715
        <rdar://problem/16795782>

        Reviewed by Eric Carlson.

        Tests: media/track/track-in-band-cues-added-once.html

        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::hasCue): Revise to use a relaxed time equality.
        * html/track/TextTrackCue.cpp:
        (WebCore::TextTrackCue::isEqual): Ditto.
        (WebCore::TextTrackCue::hasEquivalentStartTime): Added.
        * html/track/TextTrackCue.h:
        (WebCore::TextTrackCue::startTimeVariance): Added.
        * html/track/TextTrackCueGeneric.h:
        * html/track/TextTrackCueGeneric.cpp:
        (WebCore::TextTrackCueGeneric::isEqual): Do not call the VTTCue::isEqual method from
        this class, since cueType() will not equal VTTCue, and the equality will fail.

2014-05-08  Alexey Proskuryakov  <ap@apple.com>

        Automatically zip document bundles used via File API
        https://bugs.webkit.org/show_bug.cgi?id=132713
        <rdar://problem/13397892>

        Reviewed by Anders Carlsson.

        Tests: fast/files/filereader-zip-bundle.html
               http/tests/local/fileapi/upload-zip-bundle-as-blob.html

        * FileMac.mm: Added.
        (WebCore::File::shouldReplaceFile):
        (WebCore::File::computeNameAndContentTypeForReplacedFile):
        Added code that decides what to do with a bundle. We need this to happen in
        WebProcess, because HTML5 dropzone depends on this, it needs to know file type
        even before a File object can be created.

        * WebCore.exp.in: Export new functions.

        * WebCore.xcodeproj/project.pbxproj: Added new files.

        * dom/DataTransfer.cpp: (WebCore::DataTransfer::hasFileOfType): Updated for File
        interface change.

        * fileapi/File.h:
        * fileapi/File.cpp:
        (WebCore::File::File):
        (WebCore::File::computeNameAndContentType):
        (WebCore::File::contentTypeForFile):
        (WebCore::File::contentTypeFromFilePathOrName): Deleted.
        Make it possible for a subclass to affect file name and content type calculation.

        * platform/network/BlobDataFileReference.cpp:
        (WebCore::BlobDataFileReference::BlobDataFileReference):
        (WebCore::BlobDataFileReference::~BlobDataFileReference):
        (WebCore::BlobDataFileReference::path):
        (WebCore::BlobDataFileReference::size):
        (WebCore::BlobDataFileReference::expectedModificationTime):
        (WebCore::BlobDataFileReference::startTrackingModifications):
        * platform/network/BlobDataFileReference.h:
        (WebCore::BlobDataFileReference::path): Deleted.
        (WebCore::BlobDataFileReference::BlobDataFileReference): Deleted.
        Use original or replaced file, as appropriate. 

        * platform/network/mac/BlobDataFileReferenceMac.mm: Added.
        (WebCore::BlobDataFileReference::generateReplacementFile): Implements generateReplacementFile().

        * platform/network/FormData.h: Added a FIXME.

        * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::send): Always use Blob code path
        for blobs, don't unwrap them into a file path.

2014-05-08  Simon Fraser  <simon.fraser@apple.com>

        Occasional crash under AsyncScrollingCoordinator::frameViewRootLayerDidChange() on history navigation
        https://bugs.webkit.org/show_bug.cgi?id=132723

        Reviewed by Sam Weinig.
        
        Crash reports suggest that when we call AsyncScrollingCoordinator::frameViewRootLayerDidChange()
        from HistoryController::restoreScrollPositionAndViewState(), the FrameView may not have a 
        scrolling node ID, which suggests that either the FrameView doesn't have a RenderView,
        or compositing hasn't happened yet.
        
        So if we enter AsyncScrollingCoordinator::frameViewRootLayerDidChange()
        and the FrameView has no scrollLayerID, just return. We'll fix things up
        when compositing kicks in later.

        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewRootLayerDidChange):

2014-05-08  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Bottom-relative position:fixed elements are misplaced on page load
        https://bugs.webkit.org/show_bug.cgi?id=132719
        <rdar://problem/16860837>

        Reviewed by Benjamin Poulain.

        Add a couple of functions, and sort.

        * WebCore.exp.in:

2014-05-08  Jer Noble  <jer.noble@apple.com>

        [Mac, iOS] Add source application accounting to AVURLAsset.
        https://bugs.webkit.org/show_bug.cgi?id=132637

        Reviewed by Eric Carlson.

        Properly account for the application responisble for data loading by passing the source
        application identifier through to AVFoundation through AVURLAsset options.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):
        * html/HTMLMediaElement.h:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::sourceApplicationIdentifier):
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayerClient::mediaPlayerSourceApplicationIdentifier):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
        * platform/network/NetworkingContext.h:

2014-05-08  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] Move AVStreamDataParser off-main-thread.
        https://bugs.webkit.org/show_bug.cgi?id=132698

        Reviewed by Eric Carlson.

        -[AVStreamDataParser appendStreamData:] can casue the main thread to hang when a
        large amount of media data is appended at once. Move the actual parsing of data
        to a background (synchronous) dispatch queue, and split SourceBuffer::appendBufferTimerFired
        into two functions, the latter of which will be called after the background queue
        completes.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::appendBufferTimerFired): Split into sourceBufferPrivateAppendComplete.
        (WebCore::SourceBuffer::sourceBufferPrivateAppendComplete): Split from appendBufferTimerFired.
        * Modules/mediasource/SourceBuffer.h:
        * platform/graphics/SourceBufferPrivate.h:
        * platform/graphics/SourceBufferPrivateClient.h:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:]): Re-dispatch to the
                web thread.
        (-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:withDiscontinuity:]): Ditto.
        (-[WebAVStreamDataParserListener streamDataParser:didFailToParseStreamDataWithError:]): Ditto.
        (-[WebAVStreamDataParserListener streamDataParser:didProvideMediaData:forTrackID:mediaType:flags:]): Ditto.
        (-[WebAVStreamDataParserListener streamDataParser:didReachEndOfTrackWithTrackID:mediaType:]): Ditto.
        (-[WebAVStreamDataParserListener streamDataParser:didProvideContentKeyRequestInitializationData:forTrackID:]): Ditto.
        (WebCore::globalDataParserQueue): Added.
        (WebCore::SourceBufferPrivateAVFObjC::append): Dispatch to the globalDataParserQueue.
        (WebCore::SourceBufferPrivateAVFObjC::appendCompleted): Added.
        * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
        (WebCore::MockSourceBufferPrivate::append): Adopt sourceBufferPrivateAppendComplete.
        * platform/mock/mediasource/MockSourceBufferPrivate.h:

        Update SourceBufferPrivateGStreamer to match the new append return value:
        * platform/graphics/gstreamer/SourceBufferPrivateGStreamer.cpp:
        (WebCore::SourceBufferPrivateGStreamer::append):
        * platform/graphics/gstreamer/SourceBufferPrivateGStreamer.h:

2014-05-08  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r168498.
        https://bugs.webkit.org/show_bug.cgi?id=132714

        broke Mavericks WK2 (Requested by litherum on #webkit).

        Reverted changeset:

        "http/tests/security/xss-DENIED-xsl-document-redirect.xml
        fails with NetworkProcess"
        https://bugs.webkit.org/show_bug.cgi?id=132523
        http://trac.webkit.org/changeset/168498

2014-05-08  Myles C. Maxfield  <mmaxfield@apple.com>

        http/tests/security/xss-DENIED-xsl-document-redirect.xml fails with NetworkProcess
        https://bugs.webkit.org/show_bug.cgi?id=132523

        Reviewed by Alexey Proskuryakov.

        We should not manufacture a response in the event of an error during a
        synchronous XHR. In addition, this test removes one place that is
        sensitive to such a manufactured response.

        Updates test expectations.

        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::platformLoadResourceSynchronously): Do not
        manufacture a response
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::platformLoadResourceSynchronously): Do not
        manufacture a response
        * xml/XSLTProcessorLibxslt.cpp:
        (WebCore::docLoaderFunc): Only use the response's URL if no error
        occurred.

2014-05-08  Andreas Kling  <akling@apple.com>

        [iOS] WebKit should listen to critical memory warnings.
        <https://webkit.org/b/132704>
        <rdar://problem/16857112>

        Listen for DISPATCH_MEMORYSTATUS_PRESSURE_CRITICAL in addition to
        DISPATCH_MEMORYSTATUS_PRESSURE_WARN, since we may only get the critical
        notification on some systems.

        Reviewed by Gavin Barraclough.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::install):

2014-05-08  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: InspectorDOMAgent::getAccessibilityPropertiesForNode should gracefully handle bad node
        https://bugs.webkit.org/show_bug.cgi?id=132697

        Reviewed by Timothy Hatcher.

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::getAccessibilityPropertiesForNode):
        Gracefully handle no node.

2014-05-08  Tim Horton  <timothy_horton@apple.com>

        Fix the iOS build after r168476.

        * platform/graphics/mac/GraphicsContextMac.mm:
        (WebCore::GraphicsContext::drawFocusRing):

2014-05-08  Bem Jones-Bey  <bjonesbe@adobe.com>

        [CSS Shapes] Shapes do not resolve dimensions specified in viewport units
        https://bugs.webkit.org/show_bug.cgi?id=124052

        Reviewed by Dirk Schulze.

        Viewport unit resolution doesn't work unless the RenderView is passed
        down into the floatValueForLength methods. All this does is plumb down
        a RenderView in all of these cases.

        Tests: css3/masking/clip-path-polygon-viewport-units.html
               fast/shapes/shape-outside-floats/shape-outside-floats-viewport-units.html

        * css/BasicShapeFunctions.cpp:
        (WebCore::floatValueForCenterCoordinate):
        * css/BasicShapeFunctions.h:
        * css/LengthFunctions.cpp:
        (WebCore::floatSizeForLengthSize):
        * css/LengthFunctions.h:
        * rendering/ClipPathOperation.h:
        (WebCore::ShapeClipPathOperation::pathForReferenceRect):
        (WebCore::BoxClipPathOperation::pathForReferenceRect):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::setupClipPath):
        * rendering/shapes/Shape.cpp:
        (WebCore::Shape::createShape):
        * rendering/shapes/Shape.h:
        * rendering/shapes/ShapeOutsideInfo.cpp:
        (WebCore::ShapeOutsideInfo::computedShape):
        * rendering/style/BasicShapes.cpp:
        (WebCore::BasicShapeCircle::floatValueForRadiusInBox):
        (WebCore::BasicShapeCircle::path):
        (WebCore::BasicShapeEllipse::floatValueForRadiusInBox):
        (WebCore::BasicShapeEllipse::path):
        (WebCore::BasicShapePolygon::path):
        (WebCore::floatSizeForLengthSize):
        (WebCore::BasicShapeInset::path):
        * rendering/style/BasicShapes.h:
        * rendering/svg/SVGRenderingContext.cpp:
        (WebCore::SVGRenderingContext::prepareToRenderSVGContent):

2014-05-08  Brent Fulgham  <bfulgham@apple.com>

        Cue display events may not be registered during page load.
        https://bugs.webkit.org/show_bug.cgi?id=132696
        <rdar://problem/16652874>

        Reviewed by Eric Carlson.

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.handleTextTrackAdd): Don't register
        for 'cuechange' events anymore.
        (Controller.prototype.handleTextTrackRemove): Ditto.
        (Controller.prototype.updateCaptionContainer): Reduce CSS
        churn by not adding/removing 'Hidden' class every time a
        new cue is processed. Only do this when transitioning
        track display state.
        (Controller.prototype.handleTextTrackCueChange): Deleted.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::updateTextTrackDisplay): Call
        'updateTextTrackContainer' directory when processing cues,
        rather than trampolining through the JS layer.

2014-05-08  Alexey Proskuryakov  <ap@apple.com>

        Make BlobDataFileReference manage its sandbox extension
        https://bugs.webkit.org/show_bug.cgi?id=132689

        Reviewed by Anders Carlsson.

        * WebCore.exp.in: Export symbols that are now needed in WebKit2 to subclass BlobDataFileReference.

        * fileapi/ThreadableBlobRegistry.cpp: (WebCore::ThreadableBlobRegistry::registerFileBlobURL):
        * platform/network/BlobData.cpp: (WebCore::BlobData::appendFile):
        * platform/network/BlobData.h: (WebCore::BlobDataItem::BlobDataItem):
        * platform/network/BlobRegistry.h:
        * platform/network/BlobRegistryImpl.cpp: (WebCore::BlobRegistryImpl::registerFileBlobURL):
        * platform/network/BlobRegistryImpl.h:
        BlobRegistry now takes a BlobDataFileReference and not a path, so that WebKit2
        could pass objects that include sandbox extensions.

        * platform/network/BlobDataFileReference.h:
        * platform/network/BlobDataFileReference.cpp:
        (WebCore::BlobDataFileReference::~BlobDataFileReference): Added a virtual destructor.
        (WebCore::BlobDataFileReference::size): We now record the size and modification time right away, no need to lazily calculate them.
        (WebCore::BlobDataFileReference::expectedModificationTime): Ditto.
        (WebCore::BlobDataFileReference::startTrackingModifications): Record time and size
        (since it's a single call). However, size calculation will become complicated again soon.
        (WebCore::BlobDataFileReference::prepareForFileAccess): A hook for subclasses.
        (WebCore::BlobDataFileReference::revokeFileAccess): Ditto.
        (WebCore::BlobDataFileReference::computeFileSystemData): Deleted.

2014-05-08  Rik Cabanier  <cabanier@adobe.com>

        Add support for drawFocusIfNeeded
        https://bugs.webkit.org/show_bug.cgi?id=132584

        Reviewed by Dirk Schulze.

        The drawFocusIfNeeded API will draw a focus ring if the element that is passed
        in is focused and a child element of the canvas.

        Test: fast/canvas/draw-focus-if-needed.html

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawFocusIfNeeded):
        * html/canvas/CanvasRenderingContext2D.h:
        * html/canvas/CanvasRenderingContext2D.idl:

2014-05-08  Antti Koivisto  <antti@apple.com>

        [iOS WebKit2] Can't activate text fields on Facebook
        https://bugs.webkit.org/show_bug.cgi?id=132682

        Reviewed by Enrica Casucci.

        * page/DOMTimer.cpp:
        (WebCore::DOMTimer::fired):
        
            The isDocument() test here had reversed in the merge breaking content change observer callback.

2014-05-07  Sergio Villar Senin  <svillar@igalia.com>

        Replace DEPRECATED_DEFINE_STATIC_LOCAL by static NeverDestroyed<T> in svg/
        https://bugs.webkit.org/show_bug.cgi?id=132647

        Reviewed by Darin Adler.

        * svg/SVGAElement.cpp:
        (WebCore::SVGAElement::isSupportedAttribute):
        * svg/SVGAnimateMotionElement.cpp:
        (WebCore::SVGAnimateMotionElement::isSupportedAttribute):
        * svg/SVGAnimateTransformElement.cpp:
        (WebCore::SVGAnimateTransformElement::isSupportedAttribute):
        * svg/SVGAnimatedLength.cpp:
        (WebCore::sharedSVGLength):
        * svg/SVGAnimationElement.cpp:
        (WebCore::SVGAnimationElement::isSupportedAttribute):
        * svg/SVGCircleElement.cpp:
        (WebCore::SVGCircleElement::isSupportedAttribute):
        * svg/SVGClipPathElement.cpp:
        (WebCore::SVGClipPathElement::isSupportedAttribute):
        * svg/SVGComponentTransferFunctionElement.cpp:
        (WebCore::SVGComponentTransferFunctionElement::isSupportedAttribute):
        * svg/SVGCursorElement.cpp:
        (WebCore::SVGCursorElement::isSupportedAttribute):
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::instancesForElement):
        (WebCore::SVGElement::childShouldCreateRenderer):
        * svg/SVGEllipseElement.cpp:
        (WebCore::SVGEllipseElement::isSupportedAttribute):
        * svg/SVGFEBlendElement.cpp:
        (WebCore::SVGFEBlendElement::isSupportedAttribute):
        * svg/SVGFEColorMatrixElement.cpp:
        (WebCore::SVGFEColorMatrixElement::isSupportedAttribute):
        * svg/SVGFEComponentTransferElement.cpp:
        (WebCore::SVGFEComponentTransferElement::isSupportedAttribute):
        * svg/SVGFECompositeElement.cpp:
        (WebCore::SVGFECompositeElement::isSupportedAttribute):
        * svg/SVGFEConvolveMatrixElement.cpp:
        (WebCore::SVGFEConvolveMatrixElement::isSupportedAttribute):
        * svg/SVGFEDiffuseLightingElement.cpp:
        (WebCore::SVGFEDiffuseLightingElement::isSupportedAttribute):
        * svg/SVGFEDisplacementMapElement.cpp:
        (WebCore::SVGFEDisplacementMapElement::isSupportedAttribute):
        * svg/SVGFEDropShadowElement.cpp:
        (WebCore::SVGFEDropShadowElement::isSupportedAttribute):
        * svg/SVGFEGaussianBlurElement.cpp:
        (WebCore::SVGFEGaussianBlurElement::isSupportedAttribute):
        * svg/SVGFEImageElement.cpp:
        (WebCore::SVGFEImageElement::isSupportedAttribute):
        * svg/SVGFELightElement.cpp:
        (WebCore::SVGFELightElement::isSupportedAttribute):
        * svg/SVGFEMergeNodeElement.cpp:
        (WebCore::SVGFEMergeNodeElement::isSupportedAttribute):
        * svg/SVGFEMorphologyElement.cpp:
        (WebCore::SVGFEMorphologyElement::isSupportedAttribute):
        * svg/SVGFEOffsetElement.cpp:
        (WebCore::SVGFEOffsetElement::isSupportedAttribute):
        * svg/SVGFESpecularLightingElement.cpp:
        (WebCore::SVGFESpecularLightingElement::isSupportedAttribute):
        * svg/SVGFETileElement.cpp:
        (WebCore::SVGFETileElement::isSupportedAttribute):
        * svg/SVGFETurbulenceElement.cpp:
        (WebCore::SVGFETurbulenceElement::isSupportedAttribute):
        * svg/SVGFilterElement.cpp:
        (WebCore::SVGFilterElement::isSupportedAttribute):
        (WebCore::SVGFilterElement::childShouldCreateRenderer):
        * svg/SVGFilterPrimitiveStandardAttributes.cpp:
        (WebCore::SVGFilterPrimitiveStandardAttributes::isSupportedAttribute):
        * svg/SVGForeignObjectElement.cpp:
        (WebCore::SVGForeignObjectElement::isSupportedAttribute):
        * svg/SVGGElement.cpp:
        (WebCore::SVGGElement::isSupportedAttribute):
        * svg/SVGGradientElement.cpp:
        (WebCore::SVGGradientElement::isSupportedAttribute):
        * svg/SVGGraphicsElement.cpp:
        (WebCore::SVGGraphicsElement::isSupportedAttribute):
        * svg/SVGImageElement.cpp:
        (WebCore::SVGImageElement::isSupportedAttribute):
        * svg/SVGLength.cpp:
        (WebCore::SVGLength::lengthModeForAnimatedLengthAttribute):
        * svg/SVGLineElement.cpp:
        (WebCore::SVGLineElement::isSupportedAttribute):
        * svg/SVGLinearGradientElement.cpp:
        (WebCore::SVGLinearGradientElement::isSupportedAttribute):
        * svg/SVGMPathElement.cpp:
        (WebCore::SVGMPathElement::isSupportedAttribute):
        * svg/SVGMarkerElement.cpp:
        (WebCore::SVGMarkerElement::isSupportedAttribute):
        * svg/SVGMaskElement.cpp:
        (WebCore::SVGMaskElement::isSupportedAttribute):
        * svg/SVGPathElement.cpp:
        (WebCore::SVGPathElement::isSupportedAttribute):
        * svg/SVGPatternElement.cpp:
        (WebCore::SVGPatternElement::isSupportedAttribute):
        * svg/SVGPolyElement.cpp:
        (WebCore::SVGPolyElement::isSupportedAttribute):
        * svg/SVGRadialGradientElement.cpp:
        (WebCore::SVGRadialGradientElement::isSupportedAttribute):
        * svg/SVGRectElement.cpp:
        (WebCore::SVGRectElement::isSupportedAttribute):
        * svg/SVGScriptElement.cpp:
        (WebCore::SVGScriptElement::isSupportedAttribute):
        * svg/SVGStopElement.cpp:
        (WebCore::SVGStopElement::isSupportedAttribute):
        * svg/SVGStyleElement.cpp:
        (WebCore::SVGStyleElement::isSupportedAttribute):
        * svg/SVGSymbolElement.cpp:
        (WebCore::SVGSymbolElement::isSupportedAttribute):
        * svg/SVGTRefElement.cpp:
        (WebCore::SVGTRefElement::isSupportedAttribute):
        * svg/SVGTests.cpp:
        (WebCore::SVGTests::attributeToPropertyMap):
        * svg/SVGTextContentElement.cpp:
        (WebCore::SVGTextContentElement::textLengthAnimated):
        (WebCore::SVGTextContentElement::isSupportedAttribute):
        * svg/SVGTextPathElement.cpp:
        (WebCore::SVGTextPathElement::isSupportedAttribute):
        * svg/SVGTextPositioningElement.cpp:
        (WebCore::SVGTextPositioningElement::isSupportedAttribute):
        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::isSupportedAttribute):
        (WebCore::isDisallowedElement):
        * svg/SVGViewElement.cpp:
        (WebCore::SVGViewElement::isSupportedAttribute):

2014-05-08  Ion Rosca  <rosca@adobe.com>

        [CSS Blending] Replacing Unisolated with NotIsolated in variables and methods names
        https://bugs.webkit.org/show_bug.cgi?id=132677

        Reviewed by Dirk Schulze.

        No new tests required.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        (WebCore::RenderLayer::updateAncestorChainHasBlendingDescendants):
        (WebCore::RenderLayer::dirtyAncestorChainHasBlendingDescendants):
        (WebCore::RenderLayer::updateDescendantDependentFlags):
        hasUnisolatedBlendingDescendants -> hasNotIsolatedBlendingDescendants
        (WebCore::RenderLayer::addChild):
        (WebCore::RenderLayer::removeChild):
        (WebCore::RenderLayer::updateStackingContextsAfterStyleChange):
        * rendering/RenderLayer.h:
        m_hasUnisolatedBlendingDescendants -> m_hasNotIsolatedBlendingDescendants
        m_hasUnisolatedBlendingDescendantsStatusDirty -> m_hasNotIsolatedBlendingDescendantsStatusDirty
        hasUnisolatedBlendingDescendants() -> hasNotIsolatedBlendingDescendants()
        hasUnisolatedBlendingDescendantsStatusDirty() -> hasNotIsolatedBlendingDescendantsStatusDirty()
        m_hasUnisolatedCompositedBlendingDescendants -> m_hasNotIsolatedCompositedBlendingDescendants
        hasUnisolatedCompositedBlendingDescendants() -> hasNotIsolatedCompositedBlendingDescendants()
        setHasUnisolatedCompositedBlendingDescendants() -> setHasNotIsolatedCompositedBlendingDescendants
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::CompositingState::CompositingState):
        m_hasUnisolatedCompositedBlendingDescendants -> m_hasNotIsolatedCompositedBlendingDescendants
        (WebCore::RenderLayerCompositor::computeCompositingRequirements):

2014-05-08  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GTK] Enable skipped http/tests/media/hls/video-controls-live-stream.html
        https://bugs.webkit.org/show_bug.cgi?id=132329

        Reviewed by Eric Carlson.

        GTK port needed to define what happened with live stream media
        controls. Now we disable and dim the timeline and tweak the
        timers.

        Test: http/tests/media/hls/video-controls-live-stream.html.

        * Modules/mediacontrols/mediaControlsGtk.js:
        (ControllerGtk.prototype.configureControls): Moved logic from
        setControlsType and changed to use an early return.
        (ControllerGtk.prototype.reconnectControls): Redefined to just
        configure the controls.
        (ControllerGtk.prototype.handlePlay): If stream is live we don't
        activate the current time just in case.
        (ControllerGtk.prototype.updateDuration): Calls the superclass and
        sets timeline.max to 0.
        (ControllerGtk.prototype.setControlsType): Deleted.
        (ControllerGtk.prototype.setIsLive): Configures controls and
        disables the timeline if stream is live.
        * css/mediaControlsGtk.css:
        (audio::-webkit-media-controls-timeline[disabled])
        (video::-webkit-media-controls-timeline[disabled]): Dimmed the
        timeline by setting opacity to 0.3.

2014-05-08  Ion Rosca  <rosca@adobe.com>

        [CSS Blending] Changing isolation CSS property should not trigger repaint in RenderStyle::changeRequiresLayerRepaint
        https://bugs.webkit.org/show_bug.cgi?id=131436

        Reviewed by Dirk Schulze.

        The isolation:isolate property will create a stacking context. This is done in
        StyleResolver::adjustRenderStyle where z-index is forced to 0.
        If the element is already a stacking context for any other reason,
        changing the isolation flag should not have any effect.

        Tests: css3/blending/repaint/blend-mode-turn-off-isolation-no-effect.html
               css3/blending/repaint/blend-mode-turn-off-isolation.html

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeRequiresLayerRepaint):
        do not request repaint if isolation has changed.

2014-05-08  Manuel Rego Casasnovas  <rego@igalia.com>

        REGRESSION (r167652): SelectionState is not set properly for non leaf objects in pages with regions
        https://bugs.webkit.org/show_bug.cgi?id=132493

        Reviewed by David Hyatt.

        Non selection leaf elements were not included in the selection ranges,
        that was causing that their selection state was not set properly and
        when one of the element was removed as it was marked as SelectionNone
        current selection was not removed.

        Due to this fix, the regression detected in bug #131982 arose again.
        Reverted changes from r167675 and reopened bug as previous fix was not
        right. Updated TestExpectations accordingly.

        Test: fast/regions/selection/crash-select-all.html

        * rendering/RenderView.cpp:
        (WebCore::RenderView::splitSelectionBetweenSubtrees): We need to include
        non selection leafs in the range, otherwise we won't be marking
        selection state of some elements properly.

2014-05-08  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] Can't select content within the area of the floating box when clip-path is applied
        https://bugs.webkit.org/show_bug.cgi?id=131375

        Reviewed by Dirk Schulze.

        According to http://www.w3.org/TR/css-masking-1/, the clipped part of the element should
        not have pointer event dispatching. So add this logic to RenderBlock::nodeAtPoint. This
        fixes the bug as it disallows selection on any clipped parts.

        I implemented the proper selection for the various CSS box types and added testing
        for them. Also, I made and run performance tests for exposing mouse events over the
        clipped/non-clipped area, which results can be seen in bugzilla.

        Based on the patch made by Rob Buis <rob.buis@samsung.com>
        Blink revision: http://src.chromium.org/viewvc/blink?view=revision&revision=172619

        Tests: fast/masking/clip-path-selection.html
               fast/shapes/shape-outside-floats/shape-outside-clip-path-selection.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::nodeAtPoint):

2014-05-07  Ion Rosca  <rosca@adobe.com>

        [CSS Blending] Blending doesn't work if the parent stacking context is not a self painting layer
        https://bugs.webkit.org/show_bug.cgi?id=130891

        Reviewed by Dean Jackson.

        The stacking context layers having unisolated blending descendants should be able
        to create transparency layers or to become composited in order to restrict blending 
        content to accessing the information outside the current stacking context.
        Some layers are not self painting layers and these layers cannot crate transparency
        layers and cannot be composited, thus they are not able to isolate blending descendants
        when it's required.
        
        The solution in this patch is to make a layer isSelfPaintingLayer when
        it needs to isolate blending descendants (hasUnisolatedBlendingDescendants).

        Tests: css3/blending/blend-mode-isolation-accelerated-overflow-hidden.html
               css3/blending/blend-mode-isolation-overflow-hidden.html
               css3/blending/blend-mode-isolation-turn-off-self-painting-layer.html
               css3/blending/blend-mode-isolation-turn-off-self-painting-layer1.html
               css3/blending/blend-mode-isolation-turn-off-self-painting-layer2.html
               css3/blending/blend-mode-isolation-turn-on-self-painting-layer.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateAncestorChainHasBlendingDescendants):
        When hasUnisolatedBlendingDescendants is set we make sure that isSelfPaintingLayer flag is set too.
        (WebCore::RenderLayer::updateDescendantDependentFlags):
        The flags might be read or changed while walking the descendants, so we don't want to reset
        them before traversing the tree.
        (WebCore::RenderLayer::shouldBeSelfPaintingLayer):
        Adding isolatesBlending() condition for a layer to be self painting.
        * rendering/RenderLayer.h:
        Removing ASSERT from hasUnisolatedBlendingDescendants(). It crashes in minibrowser
        and in layout tests when painting contents. Similar bugs on other flags: #71044, #71277.
        * rendering/RenderLayerModelObject.cpp:
        (WebCore::RenderLayerModelObject::styleDidChange):
        Telling ancestors that blend mode property has been removed from CSS when the layer for
        this element is going to be removed; styleChanged will not be called anymore.

2014-05-06  Myles C. Maxfield  <mmaxfield@apple.com>

        Dragging text from one paragraph to another does not render as expected
        https://bugs.webkit.org/show_bug.cgi?id=132633

        Reviewed by Darin Adler and Ryosuke Niwa.

        When we are dragging and dropping into a content editable field, we detect
        if we are trying to put a <p> into an existing <p>, and if so, split the
        outer <p> and insert the new <p> as its sibling. However, the outer <p>
        might not be editable, so we don't want to do any splitting and inserting
        at that location.

        Test: editing/pasteboard/drag-drop-paragraph-crasher.html

        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):

2014-05-07  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        [CoordinatedGraphics][WK2] Scale factor and scroll position is not being restored properly in a back/forward load
        https://bugs.webkit.org/show_bug.cgi?id=126022

        Reviewed by Benjamin Poulain.

        Original author : Thiago de Barros Lacerda, and finished by Gyuyoung Kim.

        When user is navigating back/forward to a page that has been scrolled and/or scaled, that page must be shown
        with its last scroll position and scale factor. However, when fixed layout was enabled with CoordinatedGraphics
        and TILED_BACKING_STORE, Page::setPageScaleFactor() doesn't send previous scroll position since r165652 and r165913.

        This patch allows the Page::setPageScaleFactor() send stored position to WK2 implementation by calling delegatedScrollRequested()
        directly when delegatesScrolling() is on.

        * page/Page.cpp:
        (WebCore::Page::setPageScaleFactor): TILED_BACKING_STORE and delegateScrolling are enabled, we pass new scroll position to WK2 though
        delegateScrolling is disabled.
        * platform/ScrollView.cpp: delegatedScrollRequested() call is moved from ScrollView::setScrollPosition() to Page::setPageScaleFactor().
        (WebCore::ScrollView::setScrollPosition): 

2014-05-07  Dean Jackson  <dino@apple.com>

        Using a fill pattern much larger than actual canvas reliably segfaults browser
        https://bugs.webkit.org/show_bug.cgi?id=132635

        Reviewed by Simon Fraser.

        Make sure that createPattern checks that the canvas it is about to use
        as a source is valid.

        Test: fast/canvas/pattern-too-large-to-create.html

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::createPattern): Check that the source canvas has
        an ok ImageBuffer.

2014-05-07  Pratik Solanki  <psolanki@apple.com>

        Use system defaults for hardware jpeg decoding
        https://bugs.webkit.org/show_bug.cgi?id=132661
        <rdar://problem/11348201>

        Reviewed by Tim Horton.

        Remove code that explicitly disabled hardware image decoding. Let the system decide what to do.

        * WebCore.exp.in:
        * platform/graphics/ImageSource.h:
        (WebCore::ImageSource::acceleratedImageDecodingEnabled): Deleted.
        (WebCore::ImageSource::setAcceleratedImageDecodingEnabled): Deleted.
        * platform/graphics/cg/ImageSourceCG.cpp:
        (WebCore::ImageSource::imageSourceOptions):

2014-05-07  Radu Stavila  <stavila@adobe.com>

        Use after free in WebCore::RenderObject::nextSibling / WebCore::RenderBoxModelObject::moveChildrenTo
        https://bugs.webkit.org/show_bug.cgi?id=132625

        Reviewed by David Hyatt.

        Fixed problem with dynamically inserting first letter elements.

        Test: fast/multicol/newmulticol/first-letter-create.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::getFirstLetter):
        (WebCore::RenderBlock::updateFirstLetter):
        * rendering/RenderBlock.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::moveChildrenTo):

2014-05-07  Enrica Casucci  <enrica@apple.com>

        WK2: Programatic scroll requests during scroll or zoom animation to reveal focused element are ignored.
        https://bugs.webkit.org/show_bug.cgi?id=132657
        <rdar://problem/16468462>

        Reviewed by Benjamin Poulain.

        With the scrolling model we use on iOS, a programatic scroll
        request can be received while we are still animating to reveal
        the focused input element. The WebProcess is unaware that the
        scroll position is being changed in the UIProcess, and does not
        honor the scroll request from JavaScript.
        This is patch changes the behavior for clients using scroll delegates
        to always send the scroll request to the UIProcess without checking
        the current scroll position.

        * page/FrameView.h:
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::setScrollPosition):
        * platform/ScrollView.h:
        (WebCore::ScrollView::inProgrammaticScroll):

2014-05-07  Brent Fulgham  <bfulgham@apple.com>

        [Mac, iOS] REGRESSION: WK2 YouTube support
        https://bugs.webkit.org/show_bug.cgi?id=132568
        <rdar://problem/11464344>

        Reviewed by Darin Adler.

        Move the custom YouTube loader code out of the WebFrameLoaderClient into a
        PluginReplacement-based class.

        * Modules/plugins/PluginReplacement.h:
        (WebCore::PluginReplacement::supportsURL): New predicate so we can restrict
        use of a plugin to a particular category of URLs.
        * Modules/plugins/QuickTimePluginReplacement.mm:
        (WebCore::QuickTimePluginReplacement): Updated for new registrar signature.
        * Modules/plugins/YouTubePluginReplacement.h: Added.
        (WebCore::YouTubePluginReplacement::parentElement):
        * Modules/plugins/YouTubePluginReplacement.cpp: Added.
        (WebCore::YouTubePluginReplacement::registerPluginReplacement):
        (WebCore::YouTubePluginReplacement::create):
        (WebCore::YouTubePluginReplacement::supportsMimeType):
        (WebCore::YouTubePluginReplacement::supportsFileExtension):
        (WebCore::kit):
        (WebCore::YouTubePluginReplacement::YouTubePluginReplacement):
        (WebCore::YouTubePluginReplacement::createElementRenderer):
        (WebCore::objectForKey):
        (WebCore::YouTubePluginReplacement::installReplacement):
        (WebCore::createYouTubeURL):
        (WebCore::processAndCreateYouTubeURL):
        (WebCore::YouTubePluginReplacement::youTubeURL):
        * WebCore.exp.in: Add new export from WebCore.
        * WebCore.xcodeproj/project.pbxproj:
        * html/HTMLPlugInElement.cpp:
        (WebCore::pluginReplacementForType): Update to also check that the URL is supported
        by the plugin.
        (WebCore::registeredPluginReplacements): Add new YouTubePluginReplacement to registry.
        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::createElementRenderer): Remove custom YouTube code
        now that this logic is handled in the plugin replacement class.
        (WebCore::HTMLPlugInImageElement::createShadowIFrameSubtree): Deleted.
        * html/HTMLPlugInImageElement.h:
        * html/shadow/YouTubeEmbedShadowElement.cpp:
        (WebCore::YouTubeEmbedShadowElement::YouTubeEmbedShadowElement):
        (WebCore::YouTubeEmbedShadowElement::shadowPseudoId): Use correct pseudoID for the
        plugin replacement architecture.
        * html/shadow/YouTubeEmbedShadowElement.h:
        * platform/mac/WebCoreNSURLExtras.h:
        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::unescapedQueryValue): Moved from WebKit/Misc/WebNSURLExtras.
        (WebCore::queryKeysAndValues): Ditto.

2014-05-07  Simon Fraser  <simon.fraser@apple.com>

        [iOS] Acclerated overflow-scrolling broken in WK1
        https://bugs.webkit.org/show_bug.cgi?id=132665
        <rdar://problem/16842909>

        Reviewed by Tim Horton.

        r168301 added a CALayer delegate to disable implicit animations,
        but for some layers we wrap them in UIViews (which are themselves
        layer delegates), so bad things happened.
        
        Fix by falling back to setting the null actions dictionary for
        layers with custom scrolling behavior.

        * platform/graphics/GraphicsLayer.h:
        * platform/graphics/ca/mac/PlatformCALayerMac.h:
        * platform/graphics/ca/mac/PlatformCALayerMac.mm:
        (PlatformCALayerMac::updateCustomBehavior):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateScrollingLayers):

2014-05-07  Jeremy Jones  <jeremyj@apple.com>

        HTMLMediaElement should exitFullscreen when view is removed from the window.
        https://bugs.webkit.org/show_bug.cgi?id=132506

        Reviewed by Tim Horton.

        * platform/ios/WebVideoFullscreenControllerAVKit.h:
        Add -requestExitFullscreen.

        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (-[WebVideoFullscreenController requestExitFullscreen]):
        Forward request onto WebVideoFullscreenModelMediaElement.

        * platform/ios/WebVideoFullscreenModelMediaElement.mm:
        (WebVideoFullscreenModelMediaElement::requestExitFullscreen):
        Add some protection here since this may be called when not in fullscreen.

2014-05-07  Dean Jackson  <dino@apple.com>

        Clean up the difference between painting focus rings and adding PDF annotations
        https://bugs.webkit.org/show_bug.cgi?id=132638

        Follow-up comments from Darin Adler.

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::paintOutline): Move "else if" to a separate "if" for clarity.
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::paintFocusRing): Don't guard against outlineIsAuto(). ASSERT instead.
        (WebCore::RenderObject::addPDFURLRect): Give "rect" variable a better name.
        (WebCore::RenderObject::paintOutline): Move "else if" to a separate "if" for clarity.

2014-05-07  Alexey Proskuryakov  <ap@apple.com>

        Make blob size computation lazy
        https://bugs.webkit.org/show_bug.cgi?id=132653

        Reviewed by Anders Carlsson.

        * fileapi/Blob.cpp:
        (WebCore::Blob::Blob):
        (WebCore::Blob::size):
        * fileapi/Blob.h:
        (WebCore::Blob::size): Deleted.
        * fileapi/File.cpp:
        (WebCore::File::size): Deleted.
        * fileapi/File.h:
        * fileapi/ThreadableBlobRegistry.cpp:
        (WebCore::ThreadableBlobRegistry::registerFileBlobURL):
        (WebCore::ThreadableBlobRegistry::registerBlobURL):
        (WebCore::ThreadableBlobRegistry::registerBlobURLForSlice):
        (WebCore::ThreadableBlobRegistry::blobSize):
        (WebCore::ThreadableBlobRegistry::unregisterBlobURL):
        (WebCore::unregisterBlobURLTask): Deleted.
        * fileapi/ThreadableBlobRegistry.h:
        * platform/network/BlobData.cpp:
        (WebCore::BlobData::appendData):
        * platform/network/BlobRegistry.h:
        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::registerBlobURL):
        (WebCore::BlobRegistryImpl::registerBlobURLForSlice):
        * platform/network/BlobRegistryImpl.h:

2014-05-06  Simon Fraser  <simon.fraser@apple.com>

        Add scrolling tree logging to RemoteLayerTree output
        https://bugs.webkit.org/show_bug.cgi?id=132640

        Reviewed by Beth Dakin.

        Support scrolling tree logging in the RemoteLayerTree log channel
        output.
        
        ScrollingStateTree::commit() unconditionally set treeStateClone->m_hasChangedProperties
        to true, but we should set it based on original scrolling state tree's 
        m_hasChangedProperties.
        
        We have to encode all of the scrolling state nodes anyway (they only encode
        changed properties), but we can use this for future optimizations, and to
        avoid spurious logging.
        
        * WebCore.exp.in: Export a couple of things we need.
        * page/scrolling/ScrollingStateTree.cpp:
        (WebCore::ScrollingStateTree::commit):

2014-05-07  Chris Fleizach  <cfleizach@apple.com>

        AX: aria-expanded changes are not communicated to clients
        https://bugs.webkit.org/show_bug.cgi?id=132642

        Reviewed by Mario Sanchez Prada.

        When aria-expanded changes on non list/tree items, send out a generic
        AXExpandedChange notification.

        Test: platform/mac/accessibility/expanded-notification.html

        * accessibility/AXObjectCache.h:
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::handleAriaExpandedChanged):
        * accessibility/mac/AXObjectCacheMac.mm:
        (WebCore::AXObjectCache::postPlatformNotification):

2014-05-07  Alexey Proskuryakov  <ap@apple.com>

        Release build fix.

        * platform/MIMETypeRegistry.cpp: (WebCore::initializeSupportedImageMIMETypes):
        Removed unused globals.

2014-05-07  Alexey Proskuryakov  <ap@apple.com>

        Eliminate "well known MIME type" support
        https://bugs.webkit.org/show_bug.cgi?id=132654

        Reviewed by Anders Carlsson.

        Vestiges of FileSystem API.

        * dom/DataTransfer.cpp:
        (WebCore::DataTransfer::files):
        (WebCore::DataTransfer::hasFileOfType):
        * fileapi/File.cpp:
        (WebCore::File::File):
        (WebCore::File::contentTypeFromFilePathOrName):
        * fileapi/File.h:
        * html/FileInputType.cpp:
        (WebCore::FileInputType::createFileList):
        * platform/MIMETypeRegistry.cpp:
        (WebCore::initializeSupportedImageMIMETypes):
        (WebCore::findMimeType): Deleted.
        (WebCore::MIMETypeRegistry::getWellKnownMIMETypeForExtension): Deleted.
        * platform/MIMETypeRegistry.h:

2014-05-07  Christophe Dumez  <ch.dumez@samsung.com>

        [HTML] Default argument to HTMLTableElement.insertRow() should be -1
        https://bugs.webkit.org/show_bug.cgi?id=132651

        Reviewed by Alexey Proskuryakov.

        HTMLTableElement.insertRow()'s argument default value should be -1, not 0,
        as per the specification:
        http://www.whatwg.org/specs/web-apps/current-work/multipage/tabular-data.html#htmltableelement

        The new behavior matches the one of Firefox 29 and IE11, and soon Blink:
        https://codereview.chromium.org/270213007/

        Test: fast/dom/HTMLTableElement/insertRow-default-argument.html

        * html/HTMLTableElement.h:
        * html/HTMLTableElement.idl:

2014-05-07  Chris Fleizach  <cfleizach@apple.com>

        AX: AXSelectTextWithCriteria should support capitalize/lowercase/uppercase
        https://bugs.webkit.org/show_bug.cgi?id=132622

        Reviewed by Mario Sanchez Prada.

        The select text with criteria mechanism used through accessibility needs to support
        a few more parameters to be complete (including capitalize, lowercase and uppercase).

        Updated: accessibility/select-text.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::selectText):
        * accessibility/AccessibilityObject.h:
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (accessibilitySelectTextCriteriaForCriteriaParameterizedAttribute):
        * rendering/RenderText.cpp:
        (WebCore::makeCapitalized):
        * rendering/RenderText.h:

2014-05-07  peavo@outlook.com  <peavo@outlook.com>

        DocumentLoader::dataReceived assertion failed
        https://bugs.webkit.org/show_bug.cgi?id=132017

        Reviewed by Brent Fulgham.

        We need to call didReceiveResponse client method before the didReceiveData client method, otherwise we get a lot of asserts.
        This patch also fixes frequent crashes in downloadTimerCallback method on page loading.

        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::calculateWebTimingInformations): Initialize local variables.
        (WebCore::headerCallback): Call didReceiveResponse client method here instead of in downloadTimerCallback.
        (WebCore::ResourceHandleManager::downloadTimerCallback): Remove call to didReceiveResponse method.
        (WebCore::ResourceHandleManager::dispatchSynchronousJob): Removed empty line.

2014-05-06  Antti Koivisto  <antti@apple.com>

        REGRESSION: Animated GIF inside compositing layer never resumes animation when scrolled back into view
        https://bugs.webkit.org/show_bug.cgi?id=132608

        Reviewed by Simon Fraser.

        Test: fast/repaint/animation-after-layer-scroll.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollTo):
        
            Check if any animations need to be restarted after layer scroll.

2014-05-07  Hyowon Kim  <hw1008.kim@samsung.com>

        GraphicsLayer::client() should return a reference.
        https://bugs.webkit.org/show_bug.cgi?id=126372

        Reviewed by Simon Fraser.

        GraphicsLayers always have a GraphicsLayerClient attached,
        so make client() a reference and remove some unnecessary branches.
        The author of the changes in the mac port is Andreas Kling <akling@apple.com>.

        * WebCore.exp.in:
        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::GraphicsLayer):
        (WebCore::GraphicsLayer::willBeDestroyed):
        (WebCore::GraphicsLayer::paintGraphicsLayerContents):
        (WebCore::GraphicsLayer::addRepaintRect):
        (WebCore::dumpChildren):
        (WebCore::GraphicsLayer::dumpProperties):
        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::client):
        (WebCore::GraphicsLayer::pageScaleFactor):
        (WebCore::GraphicsLayer::deviceScaleFactor):
        * platform/graphics/GraphicsLayerFactory.h:
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayer::create):
        (WebCore::GraphicsLayerCA::GraphicsLayerCA):
        (WebCore::GraphicsLayerCA::initialize):
        (WebCore::GraphicsLayerCA::platformCALayerAnimationStarted):
        (WebCore::GraphicsLayerCA::computePositionRelativeToBase):
        (WebCore::GraphicsLayerCA::flushCompositingStateForThisLayerOnly):
        (WebCore::GraphicsLayerCA::computeVisibleRect):
        (WebCore::GraphicsLayerCA::recursiveCommitChanges):
        (WebCore::GraphicsLayerCA::platformCALayerContentsScaleMultiplierForNewTiles):
        (WebCore::GraphicsLayerCA::platformCALayerShouldAggressivelyRetainTiles):
        (WebCore::GraphicsLayerCA::platformCALayerShouldTemporarilyRetainTileCohorts):
        (WebCore::GraphicsLayerCA::updateContentsOpaque):
        (WebCore::GraphicsLayerCA::updateContentsScale):
        (WebCore::GraphicsLayerCA::swapFromOrToTiledLayer):
        (WebCore::GraphicsLayerCA::noteLayerPropertyChanged):
        * platform/graphics/ca/GraphicsLayerCA.h:
        * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
        (WebCore::GraphicsLayer::create):
        (WebCore::GraphicsLayerTextureMapper::GraphicsLayerTextureMapper):
        (WebCore::GraphicsLayerTextureMapper::notifyChange):
        (WebCore::GraphicsLayerTextureMapper::commitLayerChanges):
        * platform/graphics/texmap/GraphicsLayerTextureMapper.h:
        * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
        (WebCore::CompositingCoordinator::createRootLayer):
        (WebCore::CompositingCoordinator::createGraphicsLayer):
        * platform/graphics/texmap/coordinated/CompositingCoordinator.h:
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
        (WebCore::CoordinatedGraphicsLayer::notifyFlushRequired):
        (WebCore::CoordinatedGraphicsLayer::CoordinatedGraphicsLayer):
        (WebCore::CoordinatedGraphicsLayer::computeTransformedVisibleRect):
        (WebCore::CoordinatedGraphicsLayer::animationStartedTimerFired):
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::createGraphicsLayer):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateLayerForTopOverhangArea):
        (WebCore::RenderLayerCompositor::updateLayerForBottomOverhangArea):
        (WebCore::RenderLayerCompositor::updateLayerForHeader):
        (WebCore::RenderLayerCompositor::updateLayerForFooter):
        (WebCore::RenderLayerCompositor::updateOverflowControlsLayers):
        (WebCore::RenderLayerCompositor::ensureRootLayer):

2014-05-07  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GStreamer] Corrected typo
        https://bugs.webkit.org/show_bug.cgi?id=132609

        Reviewed by Martin Robinson.

        Corrected m_canFallBackToLastFinishedSeekPositon typo and
        initialized in the constructor to prevent problems in the future.

        No test needed.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer):
        Initialized m_canFallBackToLastFinishedSeekPosition as false.
        (WebCore::MediaPlayerPrivateGStreamer::playbackPosition):
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
        (WebCore::MediaPlayerPrivateGStreamer::asyncStateChangeDone):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
        m_canFallBackToLastFinishedSeekPositon ->
        m_canFallBackToLastFinishedSeekPosition

2014-05-07  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Convert PassOwnPtr to unique_ptr in CrossThreadTask.h
        https://bugs.webkit.org/show_bug.cgi?id=132605

        Reviewed by Dirk Schulze.

        * dom/CrossThreadTask.h: Converted.

2014-05-07  Carlos Garcia Campos  <cgarcia@igalia.com>

        [SOUP] TLSErrors do not cause page load to fail when not ignored
        https://bugs.webkit.org/show_bug.cgi?id=121548

        Reviewed by Sergio Villar Senin.

        This only happens in case of redirection, when the initial URL is
        an HTTPS site with an invalid certificate, that redirects to
        another location. We are starting the redirection without checking
        the TLS errors.

        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::sendRequestCallback): Check TLS errors before starting a
        possible redirection.

2014-05-07  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Grid Layout] Remove runtime feature
        https://bugs.webkit.org/show_bug.cgi?id=132382

        Reviewed by Benjamin Poulain.

        Remove cssGridLayoutEnabled setting. Update methods using it accordingly.

        * WebCore.order:
        * css/CSSParser.cpp:
        (WebCore::CSSParserContext::CSSParserContext):
        (WebCore::operator==):
        (WebCore::isValidKeywordPropertyAndValue):
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseGridTemplateShorthand):
        (WebCore::CSSParser::parseGridAreaShorthand):
        (WebCore::CSSParser::cssGridLayoutEnabled): Deleted.
        * css/CSSParser.h:
        * css/CSSParserMode.h:
        * dom/Document.cpp:
        (WebCore::Document::cssGridLayoutEnabled): Deleted.
        * dom/Document.h:
        * page/Settings.in:

2014-05-07  Praveen R Jadhav  <praveen.j@samsung.com>

        Fix build errors for BlobDataItem after r168391.
        https://bugs.webkit.org/show_bug.cgi?id=132643

        Reviewed by Carlos Garcia Campos.

        Patch updates BlobDataItem params usage in ResourceHandleSoup.cpp
        to be inline with r168391.

        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::blobIsOutOfDate): BlobDataItem class is updated in r168391.
        Corresponding parameter changes are done to resolve build error.
        (WebCore::addEncodedBlobItemToSoupMessageBody): BlobDataItem class is updated
        in r168391. Corresponding parameter changes are done to resolve build error.

2014-05-06  Dean Jackson  <dino@apple.com>

        Clean up the difference between painting focus rings and adding PDF annotations
        https://bugs.webkit.org/show_bug.cgi?id=132638

        Reviewed by Simon Fraser.

        The code to add a PDF annotation when printing was called from
        drawFocusRing, which is quite confusing. With just little movement
        of code, we can detect an annotation and call addPDFURLRect in the
        paint phase, and drawFocusRing becomes something that only
        draws focus rings.

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::paintOutline): Split calls to drawFocusRing
        and addPDFURLRect.
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::paintFocusRing): Get rid of call to PDF.
        (WebCore::RenderObject::addPDFURLRect): Change the signature so it
        can be called externally, and calculates the rectangle itself.
        (WebCore::RenderObject::paintOutline): Split the calls.
        * rendering/RenderObject.h:

2014-05-06  Rik Cabanier  <cabanier@adobe.com>

        Calling createPattern with a broken image must throw an invalidstate error
        https://bugs.webkit.org/show_bug.cgi?id=132407

        Reviewed by Darin Adler.

        Updated createPattern so it throws an invalidState exception
        if you pass it an image that is in the broken state.

        Tests:
        * canvas/philip/tests/2d.pattern.image.broken.html:
        * canvas/philip/tests/2d.pattern.image.incomplete.empty.html:
        * fast/canvas/canvas-empty-image-pattern.html:

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::createPattern):

2014-05-06  Jer Noble  <jer.noble@apple.com>

        [iOS][Mac] Display sleeps while playing <video> content.
        https://bugs.webkit.org/show_bug.cgi?id=132624

        Reviewed by Darin Adler.

        On iOS and Mac, create a DisplaySleepDisablerCocoa rather than an (no-op) DisplaySleepDisabler.

        * platform/cocoa/DisplaySleepDisablerCocoa.cpp:
        (WebCore::DisplaySleepDisabler::create):
        * platform/cocoa/DisplaySleepDisablerCocoa.h:

2014-05-06  Dean Jackson  <dino@apple.com>

        [Mac] Allow focus rings to redraw themselves if necessary
        https://bugs.webkit.org/show_bug.cgi?id=132593

        Fix iOS build.

        * platform/graphics/mac/GraphicsContextMac.mm:
        (WebCore::GraphicsContext::drawFocusRing): We no longer use the color parameter.

2014-05-06  Dean Jackson  <dino@apple.com>

        [Mac] Allow focus rings to redraw themselves if necessary
        https://bugs.webkit.org/show_bug.cgi?id=132593

        Reviewed by Simon Fraser.

        Mac allows focus rings to change rendering over time. Expose this
        functionality to WebKit by having the rendering code detect that
        a focused element has asked to repaint itself, and also have
        the FocusController object remember how long it has been since
        an element was focused.

        This patch removes WebCoreNSCellExtras, since a better version is
        available in WebKitSystemInterface, and it was going to be cumbersome
        to port the code from there into WebKit.

        * WebCore.exp.in: Export _wkDrawFocusRingAtTime and _wkDrawCellFocusRingWithFrameAtTime.
        * WebCore.xcodeproj/project.pbxproj: Remove WebCoreNSCellExtras.
        * page/FocusController.cpp:
        (WebCore::FocusController::FocusController): Initialize the repaint timer.
        (WebCore::FocusController::~FocusController): Stop the repaint timer on deletion.
        (WebCore::FocusController::setFocusedElement): Keep track of the current time when focused.
        (WebCore::FocusController::focusedElementNeedsRepaint): Start the repaint timer.
        (WebCore::FocusController::focusRepaintTimerFired): Ask the focused element to repaint itself.
        (WebCore::FocusController::timeSinceFocusWasSet):
        * page/FocusController.h: Expose timeSinceFocusWasSet() and focusedElementNeedsRepaint(), as
        well as add the timer for repainting.

        * platform/ControlStates.h: Add timeSinceControlWasFocused member variable, allowing the platform
        code such as Theme to obtain the value from FocusController.
        (WebCore::ControlStates::ControlStates):
        (WebCore::ControlStates::timeSinceControlWasFocused):
        (WebCore::ControlStates::setTimeSinceControlWasFocused):

        * platform/graphics/GraphicsContext.h:
        (WebCore::GraphicsContext::drawFocusRing): New Mac-only method that uses timeOffset.

        * platform/graphics/mac/GraphicsContextMac.mm:
        (WebCore::drawFocusRingToContext): No need to pass in color and radius - these are now
        ignored in WKDrawFocusRing. However, I didn't want to change the signature of the
        WKSI function.
        (WebCore::drawFocusRingToContextAtTime): Call into the new method WKDrawFocusRingAtTime.
        (WebCore::GraphicsContext::drawFocusRing): Color and radius no longer used.

        * platform/mac/ThemeMac.mm:
        (WebCore::checkboxMargins): Update the margins since our focus ring can be a lot bigger.
        (WebCore::radioMargins): Ditto.
        (WebCore::paintToggleButton): Drawing a focus ring might trigger a repaint too.
        (WebCore::buttonMargins): Increase the margins.
        (WebCore::paintButton): If our focus ring wants to be drawn again, set the ControlStates flag.

        * platform/mac/WebCoreNSCellExtras.h: Removed.
        * platform/mac/WebCoreNSCellExtras.m: Removed.

        * platform/mac/WebCoreSystemInterface.h: Declare the new methods.
        * platform/mac/WebCoreSystemInterface.mm:

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::initializeStyle): Expand the overflow rects by the maximum
        focus ring width. This might be different from the current outline size.
        (WebCore::RenderElement::setStyle): Ditto.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::paintFocusRing): If we're on Mac, use the new drawFocusRing method,
        which sets a parameter to true if the focused element needs a repaint.

        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::updateControlStatesForRenderer): Copy the value from FocusController
        so that the platform Theme code can use it.

        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::platformFocusRingMaxWidth): Add a way to get the maximum width
        of a focus ring for the platform. This is used to extend the overflow rects.
        * rendering/RenderThemeMac.h: Override the focus ring width.
        * rendering/RenderThemeMac.mm: On newer versions of OS X, we have a larger focus ring.
        (WebCore::RenderThemeMac::platformFocusRingMaxWidth):
        (WebCore::RenderThemeMac::paintMenuList): If a menu is focused, and needs a repaint, mark
        it as such.

2014-05-06  Jer Noble  <jer.noble@apple.com>

        [iOS] Animate AVPlayerLayer into and out of full screen
        https://bugs.webkit.org/show_bug.cgi?id=132603

        Reviewed by Simon Fraser.

        Rather than synchronize animations across the WebProcess / UIProcess boundary, animate
        the AVPlayerLayer into place by first resizing the full screen layer to occupy the
        entire screen in the WebProcess, and use a sublayerTransform animation in the UIProcess
        to scale the AVPlayer from its initial screen location, as well as back to its final screen
        location.

        * platform/graphics/GeometryUtilities.cpp:
        (WebCore::largestRectWithAspectRatioInsideRect): Added utility method.
        * platform/graphics/GeometryUtilities.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVVideoLayer init]): Added, initialize video gravity and enable child layer masking.
        (-[WebAVVideoLayer setBounds:]): Create a transform to scale the video area.
        (WebVideoFullscreenInterfaceAVKit::enterFullscreen): Block implicit animations during setup.
        (WebVideoFullscreenInterfaceAVKit::exitFullscreen): Reset the gravity to ResizeAspect
            if necessary.

2014-05-06  Alexey Proskuryakov  <ap@apple.com>

        Make BlobDataItem use a refcounted object for files
        https://bugs.webkit.org/show_bug.cgi?id=132628

        Reviewed by Anders Carlsson.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        Added BlobDataFileReference.{h|cpp}

        * WebCore.exp.in: Removed unused exports.

        * platform/network/BlobData.h:
        (WebCore::BlobDataItem::offset):
        (WebCore::BlobDataItem::BlobDataItem):
        Use a wrapper class for files, not a path. Changed to be more class-like accordingly.

        * platform/network/BlobData.cpp:
        (WebCore::BlobData::appendData):
        (WebCore::BlobData::appendFile):
        (WebCore::BlobData::appendBlob): Deleted.
        (WebCore::BlobData::BlobData): Deleted.
        We never add blobs to BlobData, they are always resolved to data of file references.
        Lots of very confusing code to delete.

        * platform/network/BlobDataFileReference.h: Added.
        * platform/network/BlobDataFileReference.cpp: Added.
        (WebCore::BlobDataFileReference::size):
        (WebCore::BlobDataFileReference::expectedModificationTime):
        (WebCore::BlobDataFileReference::computeFileSystemData):
        A unique reference to a file referenced by blob, to be preserved when you slice
        or combine blobs.

        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::appendStorageItems):
        (WebCore::BlobRegistryImpl::registerFileBlobURL):
        (WebCore::BlobRegistryImpl::registerBlobURL):
        (WebCore::BlobRegistryImpl::blobSize):
        * platform/network/BlobResourceHandle.cpp:
        (WebCore::BlobResourceHandle::getSizeForNext):
        (WebCore::BlobResourceHandle::didGetSize):
        (WebCore::BlobResourceHandle::readDataSync):
        (WebCore::BlobResourceHandle::readFileSync):
        (WebCore::BlobResourceHandle::readDataAsync):
        (WebCore::BlobResourceHandle::readFileAsync):
        * platform/network/BlobResourceHandle.h:
        * platform/network/FormData.cpp:
        (WebCore::appendBlobResolved):
        Updated for BlobDataItem interface changes.

2014-05-06  Christophe Dumez  <ch.dumez@samsung.com>

        [HTML] Default argument to HTMLTableRowElement.insertCell() should be -1
        https://bugs.webkit.org/show_bug.cgi?id=132615

        Reviewed by Darin Adler.

        HTMLTableRowElement.insertCell()'s argument default value should be -1, not
        0, as per the specification:
        http://www.whatwg.org/specs/web-apps/current-work/multipage/tabular-data.html#the-tr-element

        The new behavior matches the one of Firefox 29 and IE11, and soon Blink:
        https://codereview.chromium.org/263323004/

        Test: fast/dom/HTMLTableRowElement/insertCell-default-argument.html

        * html/HTMLTableRowElement.h:
        * html/HTMLTableRowElement.idl:

2014-05-06  Oliver Hunt  <oliver@apple.com>

        Fix build.

        * WebCore.exp.in:

2014-05-06  Andreas Kling  <akling@apple.com>

        Add missing line from r168384.

        * dom/ContainerNode.h:
        (WebCore::ChildNodesLazySnapshot::~ChildNodesLazySnapshot):

2014-05-06  Oliver Hunt  <oliver@apple.com>

        Can't make a booking at virginamerica.com
        https://bugs.webkit.org/show_bug.cgi?id=132626

        Reviewed by Geoffrey Garen.

        Test: fast/dom/assign-to-prototype-accessor-on-prototype-should-be-silent.html

        We can't throw an exception when a site incorrectly attempts
        to use a dom property setter directly on the prototype as
        there are sites that do this as compatibility workarounds
        for old browsers. Instead we treat use of the setter on
        the prototype object in the same way we do getters, and just
        log a warning to the console.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::reportDeprecatedSetterError):
        * bindings/js/JSDOMBinding.h:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::setJSTestInterfaceImplementsStr2):
        (WebCore::setJSTestInterfaceImplementsStr3):
        (WebCore::setJSTestInterfaceImplementsNode):
        (WebCore::setJSTestInterfaceSupplementalStr2):
        (WebCore::setJSTestInterfaceSupplementalStr3):
        (WebCore::setJSTestInterfaceSupplementalNode):
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        (WebCore::setJSTestNondeterministicNondeterministicWriteableAttr):
        (WebCore::setJSTestNondeterministicNondeterministicExceptionAttr):
        (WebCore::setJSTestNondeterministicNondeterministicGetterExceptionAttr):
        (WebCore::setJSTestNondeterministicNondeterministicSetterExceptionAttr):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::setJSTestObjTestSubObjEnabledBySettingConstructor):
        (WebCore::setJSTestObjEnumAttr):
        (WebCore::setJSTestObjByteAttr):
        (WebCore::setJSTestObjOctetAttr):
        (WebCore::setJSTestObjShortAttr):
        (WebCore::setJSTestObjUnsignedShortAttr):
        (WebCore::setJSTestObjLongAttr):
        (WebCore::setJSTestObjLongLongAttr):
        (WebCore::setJSTestObjUnsignedLongLongAttr):
        (WebCore::setJSTestObjStringAttr):
        (WebCore::setJSTestObjTestObjAttr):
        (WebCore::setJSTestObjXMLObjAttr):
        (WebCore::setJSTestObjCreate):
        (WebCore::setJSTestObjReflectedStringAttr):
        (WebCore::setJSTestObjReflectedIntegralAttr):
        (WebCore::setJSTestObjReflectedUnsignedIntegralAttr):
        (WebCore::setJSTestObjReflectedBooleanAttr):
        (WebCore::setJSTestObjReflectedURLAttr):
        (WebCore::setJSTestObjReflectedCustomIntegralAttr):
        (WebCore::setJSTestObjReflectedCustomBooleanAttr):
        (WebCore::setJSTestObjReflectedCustomURLAttr):
        (WebCore::setJSTestObjTypedArrayAttr):
        (WebCore::setJSTestObjAttrWithGetterException):
        (WebCore::setJSTestObjAttrWithSetterException):
        (WebCore::setJSTestObjStringAttrWithGetterException):
        (WebCore::setJSTestObjStringAttrWithSetterException):
        (WebCore::setJSTestObjCustomAttr):
        (WebCore::setJSTestObjWithScriptStateAttribute):
        (WebCore::setJSTestObjWithScriptExecutionContextAttribute):
        (WebCore::setJSTestObjWithScriptStateAttributeRaises):
        (WebCore::setJSTestObjWithScriptExecutionContextAttributeRaises):
        (WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttribute):
        (WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
        (WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):
        (WebCore::setJSTestObjWithScriptArgumentsAndCallStackAttribute):
        (WebCore::setJSTestObjConditionalAttr1):
        (WebCore::setJSTestObjConditionalAttr2):
        (WebCore::setJSTestObjConditionalAttr3):
        (WebCore::setJSTestObjConditionalAttr4Constructor):
        (WebCore::setJSTestObjConditionalAttr5Constructor):
        (WebCore::setJSTestObjConditionalAttr6Constructor):
        (WebCore::setJSTestObjAnyAttribute):
        (WebCore::setJSTestObjMutablePoint):
        (WebCore::setJSTestObjImmutablePoint):
        (WebCore::setJSTestObjStrawberry):
        (WebCore::setJSTestObjStrictFloat):
        (WebCore::setJSTestObjId):
        (WebCore::setJSTestObjReplaceableAttribute):
        (WebCore::setJSTestObjNullableLongSettableAttribute):
        (WebCore::setJSTestObjNullableStringValue):
        (WebCore::setJSTestObjAttributeWithReservedEnumType):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        (WebCore::setJSTestSerializedScriptValueInterfaceValue):
        (WebCore::setJSTestSerializedScriptValueInterfaceCachedValue):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::setJSTestTypedefsUnsignedLongLongAttr):
        (WebCore::setJSTestTypedefsImmutableSerializedScriptValue):
        (WebCore::setJSTestTypedefsAttrWithGetterException):
        (WebCore::setJSTestTypedefsAttrWithSetterException):
        (WebCore::setJSTestTypedefsStringAttrWithGetterException):
        (WebCore::setJSTestTypedefsStringAttrWithSetterException):

2014-05-06  Andreas Kling  <akling@apple.com>

        ChildNodesLazySnapshot::m_childNodes needs two heap allocations.
        <https://webkit.org/b/132616>

        This seems a bit silly, since ChildNodesLazySnapshot is always
        allocated on the stack.

        Change it to be a bool + a Vector instead of using the nullity
        as a presence indicator. This way we also don't end up with an
        out-of-line ~OwnPtr for the Vector.

        Reviewed by Geoff Garen.

        * dom/ContainerNode.h:
        (WebCore::ChildNodesLazySnapshot::ChildNodesLazySnapshot):
        (WebCore::ChildNodesLazySnapshot::nextNode):
        (WebCore::ChildNodesLazySnapshot::takeSnapshot):
        (WebCore::ChildNodesLazySnapshot::hasSnapshot):

2014-05-06  Alexey Proskuryakov  <ap@apple.com>

        Eliminate BlobStorageData
        https://bugs.webkit.org/show_bug.cgi?id=132617

        Reviewed by Anders Carlsson.

        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/network/BlobData.h:
        (WebCore::BlobData::create):
        (WebCore::BlobData::BlobData):
        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::loadResourceSynchronously):
        (WebCore::BlobRegistryImpl::appendStorageItems):
        (WebCore::BlobRegistryImpl::registerFileBlobURL):
        (WebCore::BlobRegistryImpl::registerBlobURL):
        (WebCore::BlobRegistryImpl::registerBlobURLForSlice):
        (WebCore::BlobRegistryImpl::getBlobDataFromURL):
        (WebCore::BlobRegistryImpl::blobSize):
        * platform/network/BlobRegistryImpl.h:
        * platform/network/BlobResourceHandle.cpp:
        (WebCore::BlobResourceHandle::createAsync):
        (WebCore::BlobResourceHandle::loadResourceSynchronously):
        (WebCore::BlobResourceHandle::BlobResourceHandle):
        (WebCore::BlobResourceHandle::doStart):
        (WebCore::BlobResourceHandle::getSizeForNext):
        (WebCore::BlobResourceHandle::didGetSize):
        (WebCore::BlobResourceHandle::seek):
        (WebCore::BlobResourceHandle::readSync):
        (WebCore::BlobResourceHandle::readDataSync):
        (WebCore::BlobResourceHandle::readFileSync):
        (WebCore::BlobResourceHandle::readAsync):
        (WebCore::BlobResourceHandle::readDataAsync):
        (WebCore::BlobResourceHandle::readFileAsync):
        (WebCore::BlobResourceHandle::notifyResponseOnSuccess):
        * platform/network/BlobResourceHandle.h:
        * platform/network/BlobStorageData.h: Removed.
        * platform/network/FormData.cpp:
        (WebCore::appendBlobResolved):
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::addEncodedBlobToSoupMessageBody):

2014-05-06  Simon Fraser  <simon.fraser@apple.com>

        Fix the iOS build.

        WebCore::Editor::replaceNodeFromPasteboard(WebCore::Node*, WTF::String const&) is Mac-only.
        Also sort the export file.

        * WebCore.exp.in:

2014-05-06  David Hyatt  <hyatt@apple.com>

        Begin Removal of Old Multi-Column Code.
        https://bugs.webkit.org/show_bug.cgi?id=132480

        Reviewed by Andreas Kling.

        * dom/Document.cpp:
        (WebCore::Document::regionBasedColumnsEnabled): Deleted.
        * dom/Document.h:
        * page/FrameView.cpp:
        (WebCore::updateLayerPositionFlags):
        * page/Settings.in:
        * rendering/LayoutState.cpp:
        (WebCore::LayoutState::LayoutState):
        (WebCore::LayoutState::clearPaginationInformation):
        (WebCore::LayoutState::addForcedColumnBreak): Deleted.
        * rendering/LayoutState.h:
        (WebCore::LayoutState::LayoutState):
        (WebCore::LayoutState::isPaginatingColumns): Deleted.
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::~RenderBlock):
        (WebCore::RenderBlock::addChildToContinuation):
        (WebCore::RenderBlock::addChild):
        (WebCore::RenderBlock::addChildIgnoringContinuation):
        (WebCore::RenderBlock::removeLeftoverAnonymousBlock):
        (WebCore::canMergeContiguousAnonymousBlocks):
        (WebCore::RenderBlock::removeChild):
        (WebCore::RenderBlock::recomputeLogicalWidth):
        (WebCore::RenderBlock::addOverflowFromChildren):
        (WebCore::RenderBlock::expandsToEncloseOverhangingFloats):
        (WebCore::RenderBlock::simplifiedLayout):
        (WebCore::RenderBlock::layoutPositionedObjects):
        (WebCore::RenderBlock::paintObject):
        (WebCore::RenderBlock::selectionGaps):
        (WebCore::RenderBlock::nodeAtPoint):
        (WebCore::RenderBlock::offsetForContents):
        (WebCore::RenderBlock::computeIntrinsicLogicalWidths):
        (WebCore::RenderBlock::createAnonymousBoxWithSameTypeAs):
        (WebCore::RenderBlock::childBoxIsUnsplittableForFragmentation):
        (WebCore::RenderBlock::renderName):
        (WebCore::RenderBlock::addChildToAnonymousColumnBlocks): Deleted.
        (WebCore::RenderBlock::containingColumnsBlock): Deleted.
        (WebCore::RenderBlock::splitFlow): Deleted.
        (WebCore::RenderBlock::makeChildrenAnonymousColumnBlocks): Deleted.
        (WebCore::RenderBlock::columnsBlockForSpanningElement): Deleted.
        (WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks): Deleted.
        (WebCore::RenderBlock::updateLogicalWidthAndColumnWidth): Deleted.
        (WebCore::RenderBlock::isTopLayoutOverflowAllowed): Deleted.
        (WebCore::RenderBlock::isLeftLayoutOverflowAllowed): Deleted.
        (WebCore::RenderBlock::paintColumnRules): Deleted.
        (WebCore::RenderBlock::initialBlockOffsetForPainting): Deleted.
        (WebCore::RenderBlock::blockDeltaForPaintingNextColumn): Deleted.
        (WebCore::RenderBlock::paintColumnContents): Deleted.
        (WebCore::ColumnRectIterator::ColumnRectIterator): Deleted.
        (WebCore::ColumnRectIterator::advance): Deleted.
        (WebCore::ColumnRectIterator::columnRect): Deleted.
        (WebCore::ColumnRectIterator::hasMore): Deleted.
        (WebCore::ColumnRectIterator::adjust): Deleted.
        (WebCore::ColumnRectIterator::update): Deleted.
        (WebCore::RenderBlock::hitTestColumns): Deleted.
        (WebCore::RenderBlock::adjustForColumnRect): Deleted.
        (WebCore::RenderBlock::availableLogicalWidth): Deleted.
        (WebCore::RenderBlock::columnGap): Deleted.
        (WebCore::RenderBlock::computeColumnCountAndWidth): Deleted.
        (WebCore::RenderBlock::requiresColumns): Deleted.
        (WebCore::RenderBlock::setComputedColumnCountAndWidth): Deleted.
        (WebCore::RenderBlock::updateColumnProgressionFromStyle): Deleted.
        (WebCore::RenderBlock::computedColumnWidth): Deleted.
        (WebCore::RenderBlock::computedColumnCount): Deleted.
        (WebCore::RenderBlock::columnInfo): Deleted.
        (WebCore::RenderBlock::columnCount): Deleted.
        (WebCore::RenderBlock::columnRectAt): Deleted.
        (WebCore::RenderBlock::adjustPointToColumnContents): Deleted.
        (WebCore::RenderBlock::adjustRectForColumns): Deleted.
        (WebCore::RenderBlock::flipForWritingModeIncludingColumns): Deleted.
        (WebCore::RenderBlock::adjustStartEdgeForWritingModeIncludingColumns): Deleted.
        (WebCore::RenderBlock::adjustForColumns): Deleted.
        (WebCore::RenderBlock::adjustIntrinsicLogicalWidthsForColumns): Deleted.
        (WebCore::RenderBlock::paginationUnit): Deleted.
        (WebCore::RenderBlock::createAnonymousColumnsWithParentRenderer): Deleted.
        (WebCore::RenderBlock::createAnonymousColumnSpanWithParentRenderer): Deleted.
        (WebCore::RenderBlock::computeLineGridPaginationOrigin): Deleted.
        * rendering/RenderBlock.h:
        (WebCore::RenderBlock::pixelSnappedLogicalRightOffsetForLine):
        (WebCore::RenderBlock::createAnonymousBlock):
        (WebCore::RenderBlock::paintColumnRules):
        (WebCore::RenderBlock::createAnonymousColumnsBlock): Deleted.
        (WebCore::RenderBlock::createAnonymousColumnSpanBlock): Deleted.
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::adjustIntrinsicLogicalWidthsForColumns):
        (WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths):
        (WebCore::RenderBlockFlow::recomputeLogicalWidthAndColumnWidth):
        (WebCore::RenderBlockFlow::columnGap):
        (WebCore::RenderBlockFlow::computeColumnCountAndWidth):
        (WebCore::RenderBlockFlow::layoutBlock):
        (WebCore::inNormalFlow):
        (WebCore::RenderBlockFlow::applyBeforeBreak):
        (WebCore::RenderBlockFlow::applyAfterBreak):
        (WebCore::RenderBlockFlow::updateMinimumPageHeight):
        (WebCore::RenderBlockFlow::computeOverflow):
        (WebCore::RenderBlockFlow::addOverhangingFloats):
        (WebCore::RenderBlockFlow::hasOverhangingFloat):
        (WebCore::RenderBlockFlow::relayoutForPagination):
        (WebCore::RenderBlockFlow::checkForPaginationLogicalHeightChange):
        (WebCore::RenderBlockFlow::requiresColumns):
        (WebCore::RenderBlockFlow::setComputedColumnCountAndWidth):
        (WebCore::RenderBlockFlow::updateColumnProgressionFromStyle):
        (WebCore::RenderBlockFlow::computedColumnWidth):
        (WebCore::RenderBlockFlow::computedColumnCount):
        * rendering/RenderBlockFlow.h:
        (WebCore::RenderBlockFlow::hasOverhangingFloats):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::styleDidChange):
        (WebCore::RenderBox::offsetFromContainer):
        (WebCore::RenderBox::computeRectForRepaint):
        (WebCore::RenderBox::layoutOverflowRectForPropagation):
        * rendering/RenderBox.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::adjustedPositionRelativeToOffsetParent):
        (WebCore::RenderBoxModelObject::mapAbsoluteToLocalPoint):
        * rendering/RenderBoxModelObject.h:
        (WebCore::RenderBoxModelObject::canHaveBoxInfoInRegion):
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::layoutBlock):
        * rendering/RenderFlowThread.h:
        * rendering/RenderGeometryMap.cpp:
        (WebCore::canMapBetweenRenderers):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::clippedOverflowRectForRepaint):
        (WebCore::RenderInline::computeRectForRepaint):
        (WebCore::RenderInline::offsetFromContainer):
        (WebCore::RenderInline::mapLocalToContainer):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        (WebCore::RenderLayer::updateLayerPositions):
        (WebCore::RenderLayer::updatePagination):
        (WebCore::accumulateOffsetTowardsAncestor):
        (WebCore::RenderLayer::paintList):
        (WebCore::RenderLayer::hitTestList):
        (WebCore::checkContainingBlockChainForPagination): Deleted.
        (WebCore::RenderLayer::useRegionBasedColumns): Deleted.
        (WebCore::RenderLayer::paintPaginatedChildLayer): Deleted.
        (WebCore::RenderLayer::paintChildLayerIntoColumns): Deleted.
        (WebCore::RenderLayer::hitTestPaginatedChildLayer): Deleted.
        (WebCore::RenderLayer::hitTestChildLayerColumns): Deleted.
        * rendering/RenderLayer.h:
        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::shouldCheckColumnBreaks):
        * rendering/RenderMultiColumnFlowThread.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::computeRectForRepaint):
        (WebCore::RenderObject::mapLocalToContainer):
        (WebCore::RenderObject::pushMappingToContainer):
        (WebCore::RenderObject::offsetFromContainer):
        * rendering/RenderObject.h:
        (WebCore::RenderObject::isAnonymousBlock):
        (WebCore::RenderObject::RenderObjectBitfields::RenderObjectBitfields):
        (WebCore::RenderObject::hasColumns): Deleted.
        (WebCore::RenderObject::setHasColumns): Deleted.
        (WebCore::RenderObject::isAnonymousColumnsBlock): Deleted.
        (WebCore::RenderObject::isAnonymousColumnSpanBlock): Deleted.
        (WebCore::RenderObject::adjustForColumns): Deleted.
        (WebCore::RenderObject::offsetForColumns): Deleted.
        * rendering/RenderText.cpp:
        (WebCore::RenderText::selectionRectForRepaint):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::availableLogicalHeight):
        (WebCore::RenderView::pageOrViewLogicalHeight):
        (WebCore::RenderView::unextendedBackgroundRect):
        (WebCore::RenderView::backgroundRect):
        (WebCore::RenderView::shouldDisableLayoutStateForSubtree):
        (WebCore::RenderView::pageNumberForBlockProgressionOffset):
        (WebCore::RenderView::pageCount):
        (WebCore::RenderView::paginationUnit): Deleted.
        * rendering/RenderView.h:
        (WebCore::LayoutStateMaintainer::LayoutStateMaintainer):
        (WebCore::LayoutStateMaintainer::push):
        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseFor):
        * rendering/svg/RenderSVGText.cpp:
        (WebCore::RenderSVGText::layout):
        * style/StyleResolveForDocument.cpp:
        (WebCore::Style::resolveForDocument):

2014-05-06  Brady Eidson  <beidson@apple.com>

        Don't select an image that is about to have its menu shown.
        <rdar://problem/16807845> and https://bugs.webkit.org/show_bug.cgi?id=132579

        Reviewed by Tim Horton.

        * WebCore.exp.in:

        * editing/Editor.h:
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::replaceNodeFromPasteboard): New method that first selects
          the Node and then immediately pastes over it. Since it’s synchronous the 
          selection never has a chance to paint.

        * html/shadow/mac/ImageControlsButtonElementMac.cpp:
        (WebCore::ImageControlsButtonElementMac::defaultEventHandler): Don’t select the image.

2014-05-06  Eric Carlson  <eric.carlson@apple.com>

        [Mac] make metadata cue attributes consistent
        https://bugs.webkit.org/show_bug.cgi?id=132610

        Reviewed by Jer Noble.

        No new tests, updated http/tests/media/track-in-band-hls-metadata.html.

        * platform/mac/SerializedPlatformRepresentationMac.mm:
        (WebCore::jsValueWithAVMetadataItemInContext): Don't include keys @dataTypeNamespace
            or @pictureType, @dataType -> @type.

2014-05-06  Brady Eidson  <beidson@apple.com>

        "Flash of content without image" when pasting a raw image from the pasteboard
        <rdar://problem/16826199> and https://bugs.webkit.org/show_bug.cgi?id=132612

        Reviewed by Tim Horton.

        Let an ArchiveResource be flagged as "should load immediately":
        * loader/archive/ArchiveResource.cpp:
        (WebCore::ArchiveResource::ArchiveResource):
        * loader/archive/ArchiveResource.h:
        (WebCore::ArchiveResource::setShouldLoadImmediately):
        (WebCore::ArchiveResource::shouldLoadImmediately):

        Set that flag on the ArchiveResource for the image.
        Note we quite explicitly do this only in the "read a single image" from the pasteboard
        case, because we don't want to do this synchronous step for multiple images at once
        such as when pasting a WebArchive:
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::WebContentReader::readImage):

        When creating a new CachedResource, if there is an ArchiveResource that is set to
        load immediately, populate the CachedResource immediately instead of scheduling a load:
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestResource):

2014-05-06  Alex Christensen  <achristensen@webkit.org>

        Unreviewed build fix for debug after r168367.

        * platform/NotImplemented.cpp:
        Added include NotImplemented.h.

2014-05-06  Alex Christensen  <achristensen@webkit.org>

        Removed unnecessary notImplemented.h includes.
        https://bugs.webkit.org/show_bug.cgi?id=132587

        Reviewed by Anders Carlsson.

        * Modules/webdatabase/Database.cpp:
        * accessibility/AccessibilityObject.cpp:
        * bindings/js/Dictionary.h:
        * bindings/js/SerializedScriptValue.cpp:
        * html/HTMLMediaSession.cpp:
        * html/ImageDocument.cpp:
        * html/parser/HTMLFormattingElementList.cpp:
        * loader/appcache/ApplicationCacheStorage.cpp:
        * page/mac/EventHandlerMac.mm:
        * platform/NotImplemented.cpp:
        * platform/audio/ios/MediaSessionManagerIOS.mm:
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
        * platform/graphics/mac/GraphicsContext3DMac.mm:
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        * platform/ios/PlatformScreenIOS.mm:
        * platform/mac/PlatformScreenMac.mm:
        * platform/mac/WidgetMac.mm:
        * platform/mediastream/MediaStreamTrackPrivate.cpp:
        * platform/mediastream/mac/AVCaptureDeviceManager.mm:
        * platform/mediastream/mac/AVMediaCaptureSource.mm:
        * rendering/RenderGrid.cpp:
        * workers/SharedWorkerGlobalScope.cpp:
        * workers/WorkerGlobalScope.cpp:
        * workers/WorkerMessagingProxy.cpp:
        Removed notImplemented from list of includes.

2014-05-06  Enrica Casucci  <enrica@apple.com>

        Unreviewed build fix after http://trac.webkit.org/changeset/168364

        * rendering/RenderLineBreak.cpp:

2014-05-06  Christophe Dumez  <ch.dumez@samsung.com>

        [HTML] Default argument to HTMLTableSectionElement.insertRow() should be -1
        https://bugs.webkit.org/show_bug.cgi?id=132570

        Reviewed by Darin Adler.

        HTMLTableSectionElement.insertRow()'s argument default value should be -1, not
        0, as per the specification:
        http://www.whatwg.org/specs/web-apps/current-work/multipage/tabular-data.html#the-tbody-element

        The new behavior matches the one of Firefox 29 and IE11, and soon Blink:
        https://code.google.com/p/chromium/issues/detail?id=369803

        Test: fast/dom/HTMLTableSectionElement/insertRow-default-argument.html

        * html/HTMLTableSectionElement.h:
        * html/HTMLTableSectionElement.idl:

2014-05-05  Enrica Casucci  <enrica@apple.com>

        REGRESSION(r155957): Selection rects are incorrect when the selection contains BR elements.
        https://bugs.webkit.org/show_bug.cgi?id=132596
        <rdar://problem/16692206>

        Reviewed by Antti Koivisto.

        This patch adds an implementation of collectSelectionRects to RenderLineBreak.
        It uses the same logic used by RenderText to compute and annotate the returned rect
        which is computed, like the caret rect, using information from the rootline box.

        * rendering/RenderLineBreak.cpp:
        (WebCore::RenderLineBreak::collectSelectionRects):
        * rendering/RenderLineBreak.h:

2014-05-06  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] Optimize the number of regions invalidations
        https://bugs.webkit.org/show_bug.cgi?id=132611

        Reviewed by David Hyatt.

        It is possible to invalidate the region chain of a flow thread
        during the layout of the region when its height is not final.

        This patch places the check after the height of the region
        is determined, reducing the number of invalidations.

        Tests: Less invalidations and repaints in the repaint tests for
        the flow threads.

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::updateLogicalHeight):
        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::layoutBlock):
        (WebCore::RenderNamedFlowFragment::invalidateRegionIfNeeded):
        * rendering/RenderNamedFlowFragment.h:

2014-05-03  Sam Weinig  <sam@webkit.org>

        [Extended Background] Respect repeat-x/repeat-y when creating margin tiles
        https://bugs.webkit.org/show_bug.cgi?id=132534

        Reviewed by Beth Dakin.

        If the background image that is causing margin tiles only repeats in dimension only create
        the tiles in that dimension.

        * page/FrameView.cpp:
        (WebCore::FrameView::updateExtendBackgroundIfNecessary):
        (WebCore::FrameView::calculateExtendedBackgroundMode):
        (WebCore::FrameView::updateTilesForExtendedBackgroundMode):
        (WebCore::FrameView::setBackgroundExtendsBeyondPage): Deleted.
        (WebCore::FrameView::needsExtendedBackgroundRectForPainting): Deleted.
        (WebCore::FrameView::setHasExtendedBackgroundRectForPainting): Deleted.
        * page/FrameView.h:
        * page/Settings.cpp:
        (WebCore::Settings::setBackgroundShouldExtendBeyondPage):
        * platform/graphics/TiledBacking.h:
        * platform/graphics/ca/mac/TileController.h:
        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::hasHorizontalMargins):
        (WebCore::TileController::hasVerticalMargins):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::styleWillChange):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::setTiledBackingHasMargins):
        * rendering/RenderLayerBacking.h:

2014-05-06  Chris Fleizach  <cfleizach@apple.com>

        AX: VoiceOver does not announce text changes for content editable regions in Safari
        https://bugs.webkit.org/show_bug.cgi?id=132577

        Reviewed by Mario Sanchez Prada.

        When text or children are changed inside of a contenteditable region, we need to 
        convert those actions into AXValueChange notifications.

        Test: accessibility/content-editable-set-inner-text-generates-axvalue-notification.html

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::childrenChanged):
        (WebCore::AccessibilityNodeObject::hasContentEditableAttributeSet): Deleted.
        * accessibility/AccessibilityNodeObject.h:
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::hasContentEditableAttributeSet):
        * accessibility/AccessibilityObject.h:
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::textChanged):

2014-05-06  Dirk Schulze  <krit@webkit.org>

        [SVG2] Share "on"- event attributes with HTMLElement
        https://bugs.webkit.org/show_bug.cgi?id=132604

        Reviewed by Mihnea Ovidenie.

        Share "on" event attribute parsing between SVGElement and HTMLElement.

        Tests: fast/dom/script-tests/event-attribute-availability.js:

        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::populateEventNameForAttributeLocalNameMap):
        (WebCore::populateEventNameForAttributeLocalNameMap): Deleted.
        * html/HTMLElement.h: Make populateEventNameForAttributeLocalNameMap
            public for use in SVGElement.
        * svg/SVGElement.cpp: Use HTMLElement code to parse "on" event
            attributes.
        (WebCore::SVGElement::parseAttribute):

2014-05-05  Zan Dobersek  <zdobersek@igalia.com>

        [Soup] Use std::unique_ptr<char[]> for the read buffer in SocketStreamHandle
        https://bugs.webkit.org/show_bug.cgi?id=132559

        Reviewed by Carlos Garcia Campos.

        Manage the read buffer array through a std::unique_ptr<char[]> object.
        This avoids handling with the raw pointer and also ensures that the memory
        allocated with the new[] operator is deleted with the delete[] operator,
        a problem exposed by the AddressSanitizer in WebSocket tests.

        * platform/network/soup/SocketStreamHandle.h:
        * platform/network/soup/SocketStreamHandleSoup.cpp:
        (WebCore::SocketStreamHandle::SocketStreamHandle):
        (WebCore::SocketStreamHandle::connected):
        (WebCore::SocketStreamHandle::readBytes):
        (WebCore::SocketStreamHandle::platformClose):

2014-05-05  Dirk Schulze  <krit@webkit.org>

        Adapt inline SVG sizing behavior to Firefox and Blink
        https://bugs.webkit.org/show_bug.cgi?id=132569

        Reviewed by Dean Jackson.

        This patch is ported from Blink CR 308992. Thanks to David Vest for helping
        with back porting his Blink patch. From the commit message:

        "The basis of this change is to map explicit width and height
        attributes to CSS properties, essentially promoting them to
        presentation attributes. Note that implicit "100%" width and height
        are not mapped.
        
        This enables us to remove the concept of "percentage intrinsic size"
        and rely on normal CSS rules to resolve percentage values.
        
        The change has been approved by the SVG WG and the spec is being
        updated. Minutes here:
        
        http://www.w3.org/2014/04/07-svg-minutes.html#item03"

        The new model was indeed approved by the SVG WG and is basically following
        the CSS 2.1 model for replaced elements.

        With this patch WebKit, Firefox and Blink have the same behavior for inline SVG.
        This is the first successful approach to unify the sizing behavior of SVG
        across UAs.

        Tests: svg/as-object/sizing/svg-in-object-placeholder-height-auto.html
               svg/as-object/sizing/svg-in-object-placeholder-height-fixed.html
               svg/as-object/sizing/svg-in-object-placeholder-height-percentage.html
               svg/in-html/sizing/svg-inline.html

        * css/svg.css: Root SVG elements still need to be sized with height: 100% and
            width: 100%. This is necessary since width and height are presentation
            attributes now.
        (svg:root):
        * rendering/RenderBox.h:
        (WebCore::RenderBox::computeIntrinsicRatioInformation): Remove all special
            behavior for intrinsic and percentage based sizes in SVG. This simplifies and
            unifies the code a lot. Most of the logic that is used is in RenderBox and
            RenderReplaced now. RenderSVGRoot was cleaned up a lot and is much lighter. 
            And so it SVGSVGElement.
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::hasAutoHeightOrContainingBlockWithAutoHeight):
        (WebCore::RenderBoxModelObject::calculateImageIntrinsicDimensions):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::computeIntrinsicRatioInformation):
        * rendering/RenderImage.h:
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::computeAspectRatioInformationForRenderBox):
        (WebCore::RenderReplaced::computeIntrinsicRatioInformation):
        (WebCore::RenderReplaced::computeReplacedLogicalWidth):
        (WebCore::RenderReplaced::computeReplacedLogicalHeight):
        (WebCore::RenderReplaced::computePreferredLogicalWidths):
        * rendering/RenderReplaced.h:
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::computeIntrinsicRatioInformation):
        (WebCore::RenderSVGRoot::computeReplacedLogicalWidth):
        (WebCore::RenderSVGRoot::computeReplacedLogicalHeight):
        (WebCore::RenderSVGRoot::hasRelativeDimensions):
        (WebCore::RenderSVGRoot::hasRelativeIntrinsicLogicalWidth): Deleted.
        (WebCore::RenderSVGRoot::hasRelativeLogicalHeight): Deleted.
        * rendering/svg/RenderSVGRoot.h:
        * svg/SVGElement.h:
        (WebCore::SVGElement::invalidateSVGPresentationAttributeStyle):
        * svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::isPresentationAttribute):
        (WebCore::SVGSVGElement::collectStyleForPresentationAttribute):
        (WebCore::SVGSVGElement::svgAttributeChanged):
        (WebCore::SVGSVGElement::currentViewportSize):
        (WebCore::SVGSVGElement::hasIntrinsicWidth):
        (WebCore::SVGSVGElement::hasIntrinsicHeight):
        (WebCore::SVGSVGElement::intrinsicWidth):
        (WebCore::SVGSVGElement::intrinsicHeight):
        (WebCore::SVGSVGElement::widthAttributeEstablishesViewport): Deleted.
        (WebCore::SVGSVGElement::heightAttributeEstablishesViewport): Deleted.
        * svg/SVGSVGElement.h:
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::containerSize):
        * xml/XMLErrors.cpp: If an error occurs in a stand alone SVG file, we create
            an XHTML document with the error message and append the SVG file.
            This SVG file now follows the CSS sizing behavior as inline SVG.
            Therefore, we need to set width and height to 100% explicitly.
        (WebCore::XMLErrors::insertErrorMessageBlock):

2014-05-05  Ryuan Choi  <ryuan.choi@samsung.com>

        [EFL] REGRESSION(167145): JavaScript media controls are broken
        https://bugs.webkit.org/show_bug.cgi?id=131573

        Reviewed by Brent Fulgham.

        * PlatformEfl.cmake: Add the localized strings file to the list of user agent scripts.
        * platform/efl/RenderThemeEfl.cpp:
        (WebCore::RenderThemeEfl::mediaControlsScript): Include the localized strings file in the script body.

2014-05-05  Jeremy Jones  <jeremyj@apple.com>

        Implement scan backward and forward in video fullscreen.
        https://bugs.webkit.org/show_bug.cgi?id=132517

        Reviewed by Simon Fraser.

        Implement scanning forward and backward. This implements methods in 
        WebAVPlayerController and forwards them through WebVideoFullscreenModelMediaElement
        and on to HTMLMediaElement.

        * WebCore.exp.in: necessary exports.
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerController seekToTime:]):
        Use fastSeek in this case.
        (-[WebAVPlayerController canScanForward]): If you can play, you can scan.
        (+[WebAVPlayerController keyPathsForValuesAffectingCanScanForward]): ditto
        (-[WebAVPlayerController beginScanningForward:]): ditto
        (-[WebAVPlayerController endScanningForward:]): ditto
        (-[WebAVPlayerController canScanBackward]): If you can play, you can scan.
        (+[WebAVPlayerController keyPathsForValuesAffectingCanScanBackward]): ditto
        (-[WebAVPlayerController beginScanningBackward:]): ditto
        (-[WebAVPlayerController endScanningBackward:]): ditto
        (-[WebAVPlayerController canSeekToBeginning]):
        This looks at seekableRanges to determine if any seeking is possible.
        (+[WebAVPlayerController keyPathsForValuesAffectingCanSeekToBeginning]):
        depends on seekableRanges.
        (-[WebAVPlayerController seekToBeginning:]): seek to -ininity
        (-[WebAVPlayerController canSeekToEnd]):
        This looks at seekableRanges to determine if any seeking is possible.
        (+[WebAVPlayerController keyPathsForValuesAffectingCanSeekToEnd]):
        depends on seekableRanges.
        (-[WebAVPlayerController seekToEnd:]): seek to INFINITY.
        * platform/ios/WebVideoFullscreenModel.h:
        Add 4 new functions.
        * platform/ios/WebVideoFullscreenModelMediaElement.h:
        ditto
        * platform/ios/WebVideoFullscreenModelMediaElement.mm:
        (WebVideoFullscreenModelMediaElement::fastSeek): forwards to HTMLMediaEelement
        (WebVideoFullscreenModelMediaElement::beginScanningForward): forwards to HTMLMediaEelement
        (WebVideoFullscreenModelMediaElement::beginScanningBackward): forwards to HTMLMediaEelement
        (WebVideoFullscreenModelMediaElement::endScanning): forwards to HTMLMediaEelement

2014-05-05  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Prefetch DNS hostnames on tap highlight
        https://bugs.webkit.org/show_bug.cgi?id=132509

        Reviewed by Alexey Proskuryakov.

        * WebCore.exp.in:
        * dom/Element.cpp:
        * dom/Element.h:
        (WebCore::Element::absoluteLinkURL()):

2014-05-05  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Flickery scrolling inside overflow-scrolling: touch
        https://bugs.webkit.org/show_bug.cgi?id=132591
        <rdar://problem/16760466>

        Reviewed by Tim Horton.

        Avoid triggering layer tree commits that touch the layer's boundsOrigin
        while the user is scrolling in the UI process.
        
        Fix the WKOverflowScrollViewDelegate to pass along an "inUserInteration"
        flag to the ScrollingTree to say that we're in the middle of a user interaction
        (and also to send a final non-interactive update). That gets passed along
        to the web process, and turned into "SyncScrollingLayerPosition" update.
        AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll() consults
        this, and uses it to set a flag on the ScrollableArea to say that the scroll
        is a user scroll.
        
        RenderLayerBacking then makes use of this (in existing code, shared with WK1)
        to avoid triggering layer bounds setting. Instead, it now just calls syncBoundsOrigin(),
        which updates the GraphicsLayer without touching platform layers. This is necessary
        so that GraphicsLayer geometry is up-to-date (used for tiled layer visibility
        computations).
        
        Finally, a hack in GraphicsLayerCA::computeVisibleRect() is conditionalized
        for WebKit1 by checking the type of platform layer.

        * WebCore.exp.in:
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::scrollPositionChangedViaDelegatedScrolling):
        * page/scrolling/ScrollingTree.h:
        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::syncBoundsOrigin):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::computeVisibleRect):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):

2014-05-05  Alexey Proskuryakov  <ap@apple.com>

        Stop using BlobData on client side
        https://bugs.webkit.org/show_bug.cgi?id=132582

        Reviewed by Sam Weinig.

        Blob registration now uses either a single file path, or a vector of much simpler
        BlobPart objects, not an array with arbitrarily sliced blobs or files, which can't happen.

        * Modules/websockets/WebSocket.cpp:(WebCore::WebSocket::didReceiveBinaryData):
        Use a new simpler Blob constructor.

        * WebCore.xcodeproj/project.pbxproj: Added BlobPart, removed BlobRegistrationData.

        * bindings/js/JSBlobCustom.cpp: (WebCore::JSBlobConstructor::constructJSBlob):
        Use Vector<BlobPart> instead of BlobData (1 line of code instead of 5).

        * dom/DataTransfer.cpp: (WebCore::DataTransfer::hasFileOfType): Updated for
        File::contentTypeFromFilePathOrName rename.

        * fileapi/Blob.cpp: (WebCore::Blob::Blob):
        * fileapi/Blob.h:
        (WebCore::Blob::create):
        (WebCore::Blob::deserialize):
        * fileapi/File.cpp:
        (WebCore::File::File):
        (WebCore::File::contentTypeFromFilePathOrName):
        (WebCore::createBlobDataForFileWithType): Deleted.
        (WebCore::createBlobDataForFile): Deleted.
        (WebCore::createBlobDataForFileWithName): Deleted.
        (WebCore::File::contentTypeFromFilePath): Deleted.
        * fileapi/File.h: (WebCore::File::deserialize): Deleted.
        Added and updated constructors to not use BlobData. Changed special case constructors
        to use name tags instead of non-enforced comments.

        * fileapi/ThreadableBlobRegistry.h:
        * fileapi/ThreadableBlobRegistry.cpp:
        (WebCore::BlobRegistryContext::BlobRegistryContext): Updated with new data members
        that were split out of BlobData.
        (WebCore::ThreadableBlobRegistry::registerFileBlobURL): Added.
        (WebCore::ThreadableBlobRegistry::registerBlobURL): Updated to pass Content-Type
        explicitly, as it's no longer hidden in BlobData.

        * fileapi/WebKitBlobBuilder.h:
        * fileapi/WebKitBlobBuilder.cpp:
        (WebCore::BlobBuilder::append):
        (WebCore::BlobBuilder::finalize):
        (WebCore::BlobBuilder::appendBytesData): Deleted.
        Updated to use BlobPart. There is no longer any need to special case Files,
        the registry takes care of that.

        * platform/network/BlobData.h:
        * platform/network/BlobData.cpp:
        (WebCore::BlobDataItem::detachFromCurrentThread): Deleted.
        (WebCore::BlobData::detachFromCurrentThread): Deleted.
        BlobData will only be used on main thread by the registry.

        * platform/network/BlobPart.h: Added. A new class to encapsulate a list of blobs
        that are combined into a new blob, as exposed to JS via Blob constructor.

        * platform/network/BlobRegistry.h:
        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::registerFileBlobURL):
        (WebCore::BlobRegistryImpl::registerBlobURL):
        * platform/network/BlobRegistryImpl.h:
        Updated for the new registration methods. We no longer have arbitrary BlobDatas
        coming in.

        * platform/network/FormData.cpp: Don't include BlobData for now (but really,
        BlobStorageData is the same thing, and they will be merged soon).
        Unfortunately, FormData is used by both client and registry side, and there is
        no clear delimitation at the time.
 
        * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::responseBlob): Use the new simpler
        way to create a Blob.

2014-05-05  Benjamin Poulain  <benjamin@webkit.org>

        Clean up Image Document and tweak the layout and viewport
        https://bugs.webkit.org/show_bug.cgi?id=132552

        Reviewed by Sam Weinig.

        The #ifdef in every function was making quite a mess. A lot of that code does
        not make sense on iOS.

        This patch make a clean split between mouse related stuff and iOS.

        Also:
        -Change the viewport to be only width based, and avoid scaling in portrait.
        -Center the image horizontally in the view.

        * html/ImageDocument.cpp:
        (WebCore::ImageDocument::ImageDocument):
        (WebCore::ImageDocument::createDocumentStructure):
        (WebCore::ImageDocument::imageUpdated):
        (WebCore::ImageDocument::scale):
        (WebCore::ImageDocument::resizeImageToFit):
        (WebCore::ImageDocument::imageFitsInWindow):
        (WebCore::ImageDocument::windowSizeChanged):
        (WebCore::ImageDocument::imageClicked):
        * html/ImageDocument.h:

2014-05-05  Beth Dakin  <bdakin@apple.com>

        Need a delegate that informs the UI process when the page's pin state changes
        https://bugs.webkit.org/show_bug.cgi?id=132583
        -and corresponding-
        <rdar://problem/16806231>

        Reviewed by Anders Carlsson.

        We should default all of these pin-state value to true.
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::ScrollingTree):

2014-05-05  Christophe Dumez  <ch.dumez@samsung.com>

        Named element cache can become invalid during HTMLCollection::updateNamedElementCache()
        https://bugs.webkit.org/show_bug.cgi?id=132575

        Reviewed by Ryosuke Niwa.

        Make sure the named element cache object stays valid in
        HTMLCollection::updateNamedElementCache() while it is populating it.

        The method was previously creating and setting the cache first, and then start
        traversing the DOM tree to populate it. As a consequence, hasNamedElementCache()
        would start returning true before the cache is actually populated.
        The issue is that finding matches in the DOM tree can cause
        HTMLCollection::invalidateCache() to be called under certain circumstances and
        thus the named element cache object can become invalid while
        updateNamedElementCache() is populating it.

        To avoid the issue, this patch updates updateNamedElementCache() so that the
        named element cache map is set *after* traversing the DOM tree. This way,
        hasNamedElementCache() returns false while the cache is being populated and
        there is no chance of it being invalidated too early.

        Test: fast/dom/htmlcollection-selectedOptions-namedItem-crash.html

        * html/HTMLCollection.cpp:
        (WebCore::HTMLCollection::updateNamedElementCache):
        * html/HTMLCollection.h:
        (WebCore::HTMLCollection::setNameItemCache):
        (WebCore::HTMLCollection::createNameItemCache): Deleted.
        * html/HTMLFormControlsCollection.cpp:
        (WebCore::HTMLFormControlsCollection::updateNamedElementCache):

2014-05-05  Benjamin Poulain  <benjamin@webkit.org>

        [iOS][WK2] Special case ViewGestureGeometryCollector::collectGeometryForSmartMagnificationGesture() for image documents
        https://bugs.webkit.org/show_bug.cgi?id=132553

        Reviewed by Tim Horton.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * html/ImageDocument.cpp:
        (WebCore::ImageDocument::imageElement):
        * html/ImageDocument.h:

2014-05-05  Ion Rosca  <rosca@adobe.com>

        [CSS Blending] Webkit-blend-mode fails for accelerated parent with overflow:hidden
        https://bugs.webkit.org/show_bug.cgi?id=126160

        When the isolating layer has overflow:hidden, it will create a descendant clipping layer
        (m_childContainmentLayer), which will restrict the bleding layer to reading the backdrop
        from the isolating layer.
        The solution in this patch is to forbid the isolating layer to create a descendant clipping
        layer and make all the children to get their own ancestor clipping layers instead.

        Reviewed by Dean Jackson.

        Tests: css3/compositing/blend-mode-accelerated-parent-overflow-hidden.html
               css3/compositing/blend-mode-clip-accelerated-blending-canvas.html
               css3/compositing/blend-mode-clip-accelerated-blending-child.html
               css3/compositing/blend-mode-clip-accelerated-blending-double.html
               css3/compositing/blend-mode-clip-accelerated-blending-with-siblings.html
               css3/compositing/blend-mode-clip-accelerated-transformed-blending.html
               css3/compositing/blend-mode-clip-rect-accelerated-blending.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        when the compositing ancestor isolates blending we take it into account for computing
        the clipping rect for this layer, because it was not allowed to create the descendant
        clipping layer. 
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::clippedByAncestor):
        when the compositing ancestor isolates blending we decide if a layer is clipped by ancestor
        by computing the clipping rect taking into account all the ancestors up to and including
        the compositing ancestor.
        (WebCore::RenderLayerCompositor::clipsCompositingDescendants):
        if a layer isolates blending, it is not allowed to create a descendant clipping layer.

2014-05-05  Dirk Schulze  <krit@webkit.org>

        AX: tabindex support in SVG2
        https://bugs.webkit.org/show_bug.cgi?id=130212

        Reviewed by Chris Fleizach.

        The patch is mainly based on a patch for Blink by Erik Dahlström.
        https://src.chromium.org/viewvc/blink?revision=172964&view=revision

        It adds support for tabindex to SVG by reusing the HTML code.

        Spec: https://svgwg.org/svg2-draft/interact.html#sequential-focus-navigation-and-the-tabindex-attribute
        IDL attribute: https://svgwg.org/svg2-draft/types.html#__svg__SVGElement__tabIndex

        Test: svg/custom/tabindex-order.html

        * dom/Element.cpp:
        (WebCore::Element::setTabIndex): Moved from HTMLElement and shared with all elements.
        * dom/Element.h:
        * html/HTMLAnchorElement.cpp: Remove outdated comment.
        (WebCore::HTMLAnchorElement::canStartSelection):
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::setTabIndex): Deleted.
        * html/HTMLElement.h:
        * svg/SVGAElement.cpp: Uses the same logic as HTMLAnchorElement now.
        (WebCore::SVGAElement::tabIndex):
        (WebCore::SVGAElement::supportsFocus):
        (WebCore::SVGAElement::isMouseFocusable):
        (WebCore::SVGAElement::isKeyboardFocusable):
        (WebCore::SVGAElement::canStartSelection):
        * svg/SVGAElement.h:
        * svg/SVGCircleElement.h:
        * svg/SVGClipPathElement.h:
        * svg/SVGDefsElement.h:
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::tabIndex): Return -1 if element can not be focused.
        (WebCore::SVGElement::parseAttribute):
        (WebCore::SVGElement::isMouseFocusable):
        (WebCore::SVGElement::isKeyboardFocusable): Deleted. Use function on Element.
        * svg/SVGElement.h:
        * svg/SVGElement.idl:
        * svg/SVGEllipseElement.h:
        * svg/SVGGElement.h:
        * svg/SVGGraphicsElement.h: Remove supportsFocus() from inheriting functions.
            Don't just return true. SVG elements should not be focusable by default.
            Instead check if tabindex was set explicitly.
        * svg/SVGImageElement.h:
        * svg/SVGLineElement.h:
        * svg/SVGPathElement.h:
        * svg/SVGPolyElement.h:
        * svg/SVGRectElement.h:
        * svg/SVGSVGElement.h:
        * svg/SVGSwitchElement.h:
        * svg/SVGSymbolElement.h:
        * svg/SVGTextElement.h:

2014-05-05  Jeremy Jones  <jeremyj@apple.com>

        Implement beginScrubbing and endScrubbing for video fullscreen.
        https://bugs.webkit.org/show_bug.cgi?id=132520

        Reviewed by Eric Carlson.

        Plumb through beginScrubbing and endScrubbing from AVKit down to HTMLMediaElement.
        This keeps the playback state consistent while scrubbing and allows playback state
        to return to the original state when scrubbing is complete.

        * WebCore.exp.in:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerController beginScrubbing:]):
        (-[WebAVPlayerController endScrubbing:]):
        * platform/ios/WebVideoFullscreenModel.h:
        * platform/ios/WebVideoFullscreenModelMediaElement.h:
        * platform/ios/WebVideoFullscreenModelMediaElement.mm:
        (WebVideoFullscreenModelMediaElement::beginScrubbing):
        (WebVideoFullscreenModelMediaElement::endScrubbing):

2014-05-05  Tim Horton  <timothy_horton@apple.com>

        More long hangs under IOSurfacePool::evict
        https://bugs.webkit.org/show_bug.cgi?id=132576
        <rdar://problem/16769469>

        Reviewed by Simon Fraser.

        * platform/graphics/cg/IOSurfacePool.cpp:
        (WebCore::IOSurfacePool::evict):
        If the pool is too full, we should be evicting in-use surfaces
        even if the size of the in-use surfaces has dropped below maximumInUseBytes,
        otherwise we can get stuck in an infinite loop with 0 cached surfaces
        and 1+ in-use surfaces.

2014-05-05  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Remove regionLayoutUpdate event
        https://bugs.webkit.org/show_bug.cgi?id=132564

        Reviewed by Simon Fraser.

        The regionLayoutUpdate event was removed from the regions spec and was replaced by two other events: 
        regionOversetChange and regionFragmentChange.

        No new tests needed, this patch removes a feature.

        * dom/EventNames.h:
        * dom/WebKitNamedFlow.cpp:
        (WebCore::WebKitNamedFlow::dispatchRegionLayoutUpdateEvent): Deleted.
        * dom/WebKitNamedFlow.h:
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::resetNonPersistentData):
        (WebCore::InspectorCSSAgent::willRemoveNamedFlow):
        (WebCore::UpdateRegionLayoutTask::UpdateRegionLayoutTask): Deleted.
        (WebCore::UpdateRegionLayoutTask::scheduleFor): Deleted.
        (WebCore::UpdateRegionLayoutTask::unschedule): Deleted.
        (WebCore::UpdateRegionLayoutTask::reset): Deleted.
        (WebCore::UpdateRegionLayoutTask::timerFired): Deleted.
        (WebCore::InspectorCSSAgent::didUpdateRegionLayout): Deleted.
        (WebCore::InspectorCSSAgent::regionLayoutUpdated): Deleted.
        * inspector/InspectorCSSAgent.h:
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didUpdateRegionLayoutImpl): Deleted.
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didUpdateRegionLayout): Deleted.
        * inspector/protocol/CSS.json:
        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::updateOversetState):
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::RenderNamedFlowThread):
        (WebCore::RenderNamedFlowThread::removeRegionFromThread):
        (WebCore::RenderNamedFlowThread::layout):
        (WebCore::RenderNamedFlowThread::dispatchRegionLayoutUpdateEventIfNeeded): Deleted.
        (WebCore::RenderNamedFlowThread::regionLayoutUpdateEventTimerFired): Deleted.
        * rendering/RenderNamedFlowThread.h:

2014-05-05  Rik Cabanier  <cabanier@adobe.com>

        Enhance IDL compiler so it supports unrestricted float and double
        https://bugs.webkit.org/show_bug.cgi?id=132460

        Reviewed by Dirk Schulze.

        Updated IDL compiler so it supports unrestricted types.
        Also updated the IDL files so they use unrestricted float and
        double.

        Tests:
        * canvas/philip/tests/2d.gradient.linear.nonfinite.html:
        * canvas/philip/tests/2d.gradient.object.invalidoffset.html:
        * canvas/philip/tests/2d.gradient.radial.nonfinite.html:
        * canvas/philip/tests/2d.imageData.get.nonfinite.html:
        * canvas/philip/tests/2d.imageData.put.nonfinite.html:
        * canvas/philip/tests/2d.missingargs.html:
        * fast/canvas/canvas-getImageData-invalid-expected.txt:
        * fast/canvas/canvas-putImageData-expected.txt:
        * fast/canvas/canvas-putImageData.js:

        * Modules/battery/BatteryManager.idl:
        * Modules/gamepad/Gamepad.idl:
        * Modules/geolocation/Coordinates.idl:
        * Modules/mediasource/MediaSource.idl:
        * Modules/mediasource/SourceBuffer.idl:
        * Modules/mediasource/VideoPlaybackQuality.idl:
        * Modules/mediastream/MediaSourceStates.idl:
        * Modules/proximity/DeviceProximityEvent.idl:
        * Modules/speech/SpeechGrammar.idl:
        * Modules/speech/SpeechGrammarList.idl:
        * Modules/speech/SpeechRecognitionAlternative.idl:
        * Modules/speech/SpeechSynthesisEvent.idl:
        * Modules/speech/SpeechSynthesisUtterance.idl:
        * Modules/webaudio/AnalyserNode.idl:
        * Modules/webaudio/AudioBuffer.idl:
        * Modules/webaudio/AudioBufferSourceNode.idl:
        * Modules/webaudio/AudioContext.idl:
        * Modules/webaudio/AudioListener.idl:
        * Modules/webaudio/AudioParam.idl:
        * Modules/webaudio/AudioProcessingEvent.idl:
        * Modules/webaudio/OfflineAudioContext.idl:
        * Modules/webaudio/OscillatorNode.idl:
        * Modules/webaudio/PannerNode.idl:
        * bindings/scripts/CodeGenerator.pm:
        * bindings/scripts/CodeGeneratorGObject.pm:
        (GetGValueTypeName):
        (GetGlibTypeName):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        (GenerateParametersCheck):
        (JSValueToNative):
        * bindings/scripts/CodeGeneratorObjC.pm:
        (GetObjCType):
        (GenerateHeader):
        * bindings/scripts/test/TestObj.idl:
        * bindings/scripts/test/TestTypedefs.idl:
        * css/CSSPrimitiveValue.idl:
        * css/WebKitCSSMatrix.idl:
        * dom/ClientRect.idl:
        * dom/DeviceMotionEvent.idl:
        * dom/DeviceOrientationEvent.idl:
        * dom/Document.idl:
        * dom/RequestAnimationFrameCallback.idl:
        * dom/Touch.idl:
        * dom/TransitionEvent.idl:
        * dom/WebKitAnimationEvent.idl:
        * dom/WebKitTransitionEvent.idl:
        * dom/WheelEvent.idl:
        * html/HTMLInputElement.idl:
        * html/HTMLMediaElement.idl:
        * html/HTMLMeterElement.idl:
        * html/HTMLProgressElement.idl:
        * html/MediaController.idl:
        * html/TextMetrics.idl:
        * html/TimeRanges.idl:
        * html/canvas/CanvasRenderingContext2D.idl:
        * html/canvas/WebGLRenderingContext.idl:
        * html/track/DataCue.idl:
        * html/track/TextTrackCue.idl:
        * html/track/VTTCue.idl:
        * html/track/VTTRegion.idl:
        * inspector/InspectorFrontendHost.idl:
        * inspector/ScriptProfile.idl:
        * inspector/ScriptProfileNode.idl:
        * page/DOMWindow.idl:
        * page/Performance.idl:
        * page/PerformanceEntry.idl:
        * page/PerformanceResourceTiming.idl:
        * page/SpeechInputResult.idl:
        * page/WebKitPoint.idl:
        * svg/SVGAngle.idl:
        * svg/SVGAnimatedNumber.idl:
        * svg/SVGAnimationElement.idl:
        * svg/SVGFEDropShadowElement.idl:
        * svg/SVGFEGaussianBlurElement.idl:
        * svg/SVGFEMorphologyElement.idl:
        * svg/SVGGlyphRefElement.idl:
        * svg/SVGLength.idl:
        * svg/SVGMatrix.idl:
        * svg/SVGNumber.idl:
        * svg/SVGPathElement.idl:
        * svg/SVGPathSegArcAbs.idl:
        * svg/SVGPathSegArcRel.idl:
        * svg/SVGPathSegCurvetoCubicAbs.idl:
        * svg/SVGPathSegCurvetoCubicRel.idl:
        * svg/SVGPathSegCurvetoCubicSmoothAbs.idl:
        * svg/SVGPathSegCurvetoCubicSmoothRel.idl:
        * svg/SVGPathSegCurvetoQuadraticAbs.idl:
        * svg/SVGPathSegCurvetoQuadraticRel.idl:
        * svg/SVGPathSegCurvetoQuadraticSmoothAbs.idl:
        * svg/SVGPathSegCurvetoQuadraticSmoothRel.idl:
        * svg/SVGPathSegLinetoAbs.idl:
        * svg/SVGPathSegLinetoHorizontalAbs.idl:
        * svg/SVGPathSegLinetoHorizontalRel.idl:
        * svg/SVGPathSegLinetoRel.idl:
        * svg/SVGPathSegLinetoVerticalAbs.idl:
        * svg/SVGPathSegLinetoVerticalRel.idl:
        * svg/SVGPathSegMovetoAbs.idl:
        * svg/SVGPathSegMovetoRel.idl:
        * svg/SVGPoint.idl:
        * svg/SVGRect.idl:
        * svg/SVGSVGElement.idl:
        * svg/SVGTextContentElement.idl:
        * svg/SVGTransform.idl:
        * svg/SVGZoomEvent.idl:
        * testing/InternalSettings.idl:
        * testing/Internals.idl:
        * xml/XPathResult.idl:

2014-05-05  Tim Horton  <timothy_horton@apple.com>

        Use a layer delegate instead of web_disableAllActions wherever possible
        https://bugs.webkit.org/show_bug.cgi?id=132560
        <rdar://problem/16459284>

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/ca/mac/PlatformCALayerMac.mm:
        (PlatformCALayerMac::commonInit):
        If we own the platform layer, set its delegate to the action-disabling WebActionDisablingCALayerDelegate.
        If we don't, its actual owner might want to control the delegate, so continue using web_disableAllActions.

        * platform/graphics/cocoa/WebActionDisablingCALayerDelegate.h: Added.
        * platform/graphics/cocoa/WebActionDisablingCALayerDelegate.mm: Added.
        (+[WebActionDisablingCALayerDelegate shared]):
        (-[WebActionDisablingCALayerDelegate actionForLayer:forKey:]):
        Add a class that can act as the delegate of a CALayer, and disables all actions.

        * platform/graphics/cocoa/WebCoreCALayerExtras.h: Renamed from Source/WebCore/platform/graphics/mac/WebCoreCALayerExtras.h.
        * platform/graphics/cocoa/WebCoreCALayerExtras.mm: Renamed from Source/WebCore/platform/graphics/mac/WebCoreCALayerExtras.mm.
        (-[CALayer web_disableAllActions]):
        Move WebCoreCALayerExtras from mac/ to cocoa/.

2014-05-05  Martin Hock  <mhock@apple.com>

        Session-aware plugin autostart data
        https://bugs.webkit.org/show_bug.cgi?id=131758
        <rdar://problem/15906540>

        Reviewed by Alexey Proskuryakov.

        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::userDidClickSnapshot):
        * page/PlugInClient.h:

2014-05-05  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Elements with overflow:auto are not painted inside regions when following a float
        https://bugs.webkit.org/show_bug.cgi?id=131161

        Reviewed by David Hyatt.

        When a float-avoiding element (such as overflow:auto) is flowed into a flow thread after a float, its 
        logical left is not set on its frameRect or its layer's topLeft, but is instead kept in its RenderBoxRegionInfo
        structure. In some situation, this causes paint rejection to kick-in because intersecting the layer's rect
        (which DOESN'T contain the logical left from the region info object) with the computed background rect 
        (which contains the logical left from the region info object) results in an empty rect.

        Test: fast/regions/overflow-auto-after-float.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):

2014-05-05  Andrei Bucur  <abucur@adobe.com>

        [CSSRegions] Slider displayed wrong in regions
        https://bugs.webkit.org/show_bug.cgi?id=132243

        Reviewed by Mihnea Ovidenie.

        In case a box didn't have a range, getRegionRangeForBox was searching for
        the top-most unplittable ancestor. This is not correct in every case. It's
        possible to have a box with range that has children without ranges (e.g. an
        absolutely positioned inline box with shadow descendants).

        I've modified getRegionRangeForBox to search for the first ancestor that
        has a cached range and use that instead of looking for an unsplittable box.
        The range of the box is the region at the top of the box, clamped by the
        range of the ancestor. This will be correct all the time once all the layout
        systems are region range aware and are able to cache it.

        Test: fast/regions/positioned-slider-in-regions.html

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::hasRegionRangeForBox):
        (WebCore::RenderFlowThread::getRegionRangeForBox):
        * rendering/RenderFlowThread.h:

2014-05-05  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] ASSERT when hovering over region
        https://bugs.webkit.org/show_bug.cgi?id=128809

        Reviewed by Mihnea Ovidenie.

        There's no point in hit-testing a box for a region if it's not contained inside
        that region.

        Test: fast/regions/hit-test-box-non-containing-region.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::nodeAtPoint):

2014-05-04  Andreas Kling  <akling@apple.com>

        Optimize JSRopeString for resolving directly to AtomicString.
        <https://webkit.org/b/132548>

        Add two bindings generator attributes for parameters to influence
        the way that JS rope strings are resolved:

        - AtomicString

            Generates code that avoids allocating a new StringImpl if there
            is already an existing AtomicString we can reuse.

        - RequiresExistingAtomicString

            Generates code that fails immediately if the provided string
            is not found in the AtomicString table. This is now used for
            document.getElementById(), and works because any existing ID
            is guaranteed to be in the table.

        Reviewed by Filip Pizlo.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateParametersCheck):
        (JSValueToNative):
        * bindings/scripts/IDLAttributes.txt:
        * dom/Document.idl:

2014-05-04  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Compositing layers in iframes are misplaced
        https://bugs.webkit.org/show_bug.cgi?id=132554
        <rdar://problem/16203027>

        Reviewed by Benjamin Poulain.

        Have requiresScrollLayer() only consider frameView.delegatesScrolling()
        for the main frame, so that iframes get scroll layers (even though they
        will never scroll), so that the rest of geometry code works as on other
        platforms.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresScrollLayer):

2014-05-04  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Use std::unique_ptr in m_taskTimer of Notification class
        https://bugs.webkit.org/show_bug.cgi?id=132544

        Reviewed by Andreas Kling.

        No new tests, no behavior change.

        * Modules/notifications/Notification.cpp:
        (WebCore::Notification::Notification):
        * Modules/notifications/Notification.h: Use std::unique_ptr instead of OwnPtr.

2014-05-04  Tim Horton  <timothy_horton@apple.com>

        Long hangs under IOSurfacePool::evict
        https://bugs.webkit.org/show_bug.cgi?id=132549
        <rdar://problem/16769469>

        Reviewed by Simon Fraser.

        * platform/graphics/cg/IOSurfacePool.cpp:
        (WebCore::IOSurfacePool::willAddSurface):
        Run eviction before adding the new surface to m_bytesCached/m_inUseBytesCached.
        We use the additionalSize parameter to make space for the new surface.

        (WebCore::IOSurfacePool::evict):
        If we want to free up the entire pool, we can do so by throwing away everything.
        This also avoids an underflow if additionalSize is larger than the maximum pool size.

2014-05-04  Pratik Solanki  <psolanki@apple.com>

        Shortcircuit shouldUseCredentialStorage callback
        https://bugs.webkit.org/show_bug.cgi?id=132308
        <rdar://problem/16806708>

        Reviewed by Alexey Proskuryakov.

        If we are going to return true from the shouldUseCredentialStorage callback then we don't
        really need to have CFNetwork/Foundation call us. We can just disable the callback and
        CFNetwork will assume true. Add a separate subclass that implements this callback when we
        need to return false. We can also eliminate the corresponding async callbacks. This avoids
        pingponging between dispatch queue and main thread in the common case.

        No new tests because no change in functionality.

        * WebCore.exp.in:
        * platform/network/ResourceHandle.cpp:
        * platform/network/ResourceHandle.h:
        * platform/network/ResourceHandleClient.cpp:
        * platform/network/ResourceHandleClient.h:
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::createCFURLConnection):
        (WebCore::ResourceHandle::shouldUseCredentialStorage):
        * platform/network/cf/ResourceHandleCFURLConnectionDelegate.h:
        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::shouldUseCredentialStorage):
        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.h:
        * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp:
        * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.h:
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::start):
        (WebCore::ResourceHandle::makeDelegate):
        (WebCore::ResourceHandle::delegate):
        (WebCore::ResourceHandle::platformLoadResourceSynchronously):
        (WebCore::ResourceHandle::shouldUseCredentialStorage):
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.h:
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleWithCredentialStorageAsOperationQueueDelegate connectionShouldUseCredentialStorage:]):
        * platform/network/soup/ResourceHandleSoup.cpp:

2014-05-04  Brent Fulgham  <bfulgham@apple.com>

        [iOS] deviceScaleFactor is being double-applied when rendering captions in full screen mode 
        https://bugs.webkit.org/show_bug.cgi?id=132481
        <rdar://problem/16507482>

        Reviewed by Jer Noble.

        Add a new 'syncTextTrackBounds' method (and relaying functions) to keep the text track container in sync
        with changes to the video player's display layer.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::syncTextTrackBounds: Added.
        * html/HTMLMediaElement.h:
        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateDisplay): Don't set the platform scale factor here. It is already
        being accounted for in the createTextTrackRepresentationImage method.
        (WebCore::MediaControlTextTrackContainerElement::updateSizes): Synchronize the text track representation
        with any new video layer changes.
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::syncTextTrackBounds): Added.
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::syncTextTrackBounds): Added.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer): Use new sync function.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenFrame): Ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::syncTextTrackBounds): Added. Keep the text track layer size in sync with
        the current video layer size. This may change during animations, rotations, etc.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setTextTrackRepresentation): Use new sync function.

2014-05-04  Beth Dakin  <bdakin@apple.com>

        Top content inset: Margin tiles should not display in the inset area when pinned 
        to the top of the page
        https://bugs.webkit.org/show_bug.cgi?id=132535
        -and corresponding-
        <rdar://problem/16613039>

        Reviewed by Simon Fraser.

        Prior to this change, topContentInset was implemented by positioning 
        RenderLayerCompositor’s m_rootContentLayer based on the inset value. In order to 
        ensure that no content is displayed in the inset area when we are pinned to the 
        top of the page, we’ll have to take a different approach. In this patch, when you 
        are pinned to the top of the page, the m_rootContentLayer is positioned at (0,0), 
        much like it would be without an inset, but the m_clip layer IS positioned at (0, 
        topContentInset). Then for all y-scroll values between 0 and topContentInset, the 
        positions of the clip layer and the contents layer are adjusted so that the clip 
        layer approaches a position of (0,0), and the root layer approaches a position of 
        (0, topContentInset). This makes sure that any content above the top the document 
        is aways clipped out of the inset area.

        In order to achieve this, the scrolling thread needs to know about the 
        topContentInset, the clip layer, and the root contents layer.

        AsyncScrollingCoordinator::updateScrollingNode() now takes an additional parameter 
        for the clip layer. Also export the topContentInset symbol for UI-side 
        compositing.
        * WebCore.exp.in:

        Here is the new computation. Implemented in one spot that can be called from the 
        scrolling thread, AsyncScrollingCoordinator and RenderLayerCompositor.
        * page/FrameView.cpp:
        (WebCore::FrameView::yPositionForInsetClipLayer):
        (WebCore::FrameView::yPositionForRootContentLayer):
        * page/FrameView.h:

        Set the topContentInset, the insetClipLayer, and the scrolledContentsLayer when 
        appropriate.
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):
        (WebCore::AsyncScrollingCoordinator::frameViewRootLayerDidChange):

        Set or sync the positions for the inset layer and the contents layer.
        (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):
        (WebCore::AsyncScrollingCoordinator::updateScrollingNode):
        * page/scrolling/AsyncScrollingCoordinator.h:

        Convenience functions for getting the clipLayer() and the rootContentLayer() from 
        the RenderLayerCompositor.
        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::insetClipLayerForFrameView):
        (WebCore::ScrollingCoordinator::rootContentLayerForFrameView):
        * page/scrolling/ScrollingCoordinator.h:
        (WebCore::ScrollingCoordinator::updateScrollingNode):

        ScrollingStateScrolling nodes have two new members now. m_insetClipLayer and 
        m_topContentInset. We can use m_scrolledContentsLayer for the rootContentsLayer 
        since previously that member was not used for FrameViews; it was only used for 
        accelerated overflow:scroll nodes.
        * page/scrolling/ScrollingStateScrollingNode.cpp:
        (WebCore::ScrollingStateScrollingNode::ScrollingStateScrollingNode):
        (WebCore::ScrollingStateScrollingNode::setTopContentInset):
        (WebCore::ScrollingStateScrollingNode::setInsetClipLayer):
        * page/scrolling/ScrollingStateScrollingNode.h:

        Similarly, ScrollingTreeScrollingNode has two new members for m_topContentInset 
        and m_clipLayer.
        * page/scrolling/ScrollingTreeScrollingNode.cpp:
        (WebCore::ScrollingTreeScrollingNode::ScrollingTreeScrollingNode):
        (WebCore::ScrollingTreeScrollingNode::updateBeforeChildren):
        * page/scrolling/ScrollingTreeScrollingNode.h:
        (WebCore::ScrollingTreeScrollingNode::topContentInset):
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
        (WebCore::ScrollingTreeScrollingNodeMac::updateBeforeChildren):

        Compute positions for the two new layers.
        (WebCore::ScrollingTreeScrollingNodeMac::setScrollLayerPosition):

        Now use the static FrameView functions to compute the positions for these layers.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::frameViewDidChangeSize):
        (WebCore::RenderLayerCompositor::positionForClipLayer):
        (WebCore::RenderLayerCompositor::clipLayer):
        (WebCore::RenderLayerCompositor::rootContentLayer):
        (WebCore::RenderLayerCompositor::updateRootLayerPosition):
        (WebCore::RenderLayerCompositor::updateOverflowControlsLayers):
        (WebCore::RenderLayerCompositor::ensureRootLayer):
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):
        * rendering/RenderLayerCompositor.h:

2014-05-04  Benjamin Poulain  <benjamin@webkit.org>

        Clear the Selector Query caches on memory pressure
        https://bugs.webkit.org/show_bug.cgi?id=132545

        Reviewed by Andreas Kling.

        The Selector Query Cache can use quite a bit of memory if many
        complex selectors are compiled. This patch makes sure the cache gets
        cleared on memory pressure.

        * dom/Document.cpp:
        (WebCore::Document::clearSelectorQueryCache):
        (WebCore::Document::setCompatibilityMode):
        (WebCore::Document::updateBaseURL):
        * dom/Document.h:
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorQueryCache::invalidate): Deleted.
        * dom/SelectorQuery.h:
        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseMemory):

2014-05-04  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Convert OwnPtr to std::unique_ptr in CDM
        https://bugs.webkit.org/show_bug.cgi?id=132467

        Reviewed by Andreas Kling.

        Use std::unique_ptr in CDM class.

        No new tests, no behavior change.

        * Modules/encryptedmedia/CDM.cpp:
        (WebCore::CDM::create):
        (WebCore::CDM::CDM):
        * Modules/encryptedmedia/CDM.h:
        * Modules/encryptedmedia/CDMPrivateMediaPlayer.h:
        (WebCore::CDMPrivateMediaPlayer::CDMPrivateMediaPlayer):
        (WebCore::CDMPrivateMediaPlayer::create):
        * Modules/encryptedmedia/MediaKeys.cpp:
        (WebCore::MediaKeys::create):
        (WebCore::MediaKeys::MediaKeys):
        * Modules/encryptedmedia/MediaKeys.h:
        * WebCore.exp.in:

2014-05-03  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r168232.
        https://bugs.webkit.org/show_bug.cgi?id=132543

        broke ~15 tests on WK2 debug (Requested by kling on #webkit).

        Reverted changeset:

        "Shortcircuit shouldUseCredentialStorage callback"
        https://bugs.webkit.org/show_bug.cgi?id=132308
        http://trac.webkit.org/changeset/168232

2014-05-03  Andreas Kling  <akling@apple.com>

        RenderSVGResourcePattern should deal in RenderElement&.
        <https://webkit.org/b/132536>

        Tweak buildPattern() and buildTileImageTransform() to take RenderElement&
        instead of RenderObject* since we know that these functions will always
        be called with non-null RenderElement subclasses.

        Reviewed by Sam Weinig.

        * rendering/svg/RenderSVGResourceContainer.cpp:
        (WebCore::RenderSVGResourceContainer::shouldTransformOnTextPainting):
        * rendering/svg/RenderSVGResourceContainer.h:
        * rendering/svg/RenderSVGResourceGradient.cpp:
        (WebCore::RenderSVGResourceGradient::applyResource):
        * rendering/svg/RenderSVGResourcePattern.cpp:
        (WebCore::RenderSVGResourcePattern::buildPattern):
        (WebCore::RenderSVGResourcePattern::applyResource):
        (WebCore::RenderSVGResourcePattern::buildTileImageTransform):
        * rendering/svg/RenderSVGResourcePattern.h:

2014-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>

        CSS JIT: optimize direct / indirect adjacent's traversal backtracking
        https://bugs.webkit.org/show_bug.cgi?id=132319

        Reviewed by Benjamin Poulain.

        Since adjacent backtracking stack reference is pre-allocated
        in prologue in http://trac.webkit.org/changeset/166834,
        clearing stack phase is not needed. So we can drop
        JumpToClearAdjacentTail from backtracking action and simplify
        backtracking handling.
        And optimize direct / indirect adjacent's traversal backtracking by
        using appropriate backtracking height.

        When solving adjacent traversal backtracking action,
        1) When there's no descendant relation on the right, traversal
        failure becomes global failure.
        2) When `tagNameMatchedBacktrackingStartHeightFromDescendant` ==
        `heightFromDescendant` + 1, the descendant backtracking starts with
        the parent of the current element. So we can use the current element
        and the backtracking action is JumpToDescendantTreeWalkerEntryPoint.
        3) Otherwise, currently we take the conservative approach,
        JumpToDescendantTail.

        NOTE:
        And if `hasDescendantRelationOnTheRight` is true and there's no child
        fragment on the right, the backtracking element register is not
        effective. So we should ensure that fragment doesn't use the
        backtracking element register. Such a fragment fulfills the following
        conditions. 1. tagNameMatchedBacktrackingStartHeightFromDescendant is
        always 1 (tagNames.size(), that contains only descendant fragment) 2.
        heightFromDescendant is always 0 (-- See
        computeBacktrackingHeightFromDescendant implementation) Therefore such
        a fragment's action always becomes
        JumpToDescendantTreeWalkerEntryPoint. So we can ensure that the
        backtracking element register is not used.

        Test: fast/selectors/backtracking-adjacent.html

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::solveDescendantBacktrackingActionForChild):
        (WebCore::SelectorCompiler::solveAdjacentTraversalBacktrackingAction):
        (WebCore::SelectorCompiler::solveBacktrackingAction):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::computeBacktrackingInformation):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::linkFailures):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateAdjacentBacktrackingTail):
        (WebCore::SelectorCompiler::isAfterChildRelation): Deleted.

2014-05-03  Andreas Kling  <akling@apple.com>

        Clear the JSString cache when under memory pressure.
        <https://webkit.org/b/132539>

        The WeakGCMap used for fast mapping from StringImpl* to JSString*
        can actually get pretty big, and if we find ourselves under memory
        pressure, it's entirely inessential.

        1.1 MB progression on Membuster3.

        Reviewed by Sam Weinig.

        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseMemory):

2014-05-03  Benjamin Poulain  <benjamin@webkit.org>

        [iOS][WK2] Support disabling speculative tiling
        https://bugs.webkit.org/show_bug.cgi?id=132512

        Reviewed by Tim Horton.

        Move ScrollView::setScrollVelocity() and ScrollView::computeCoverageRect() to FrameView.
        When speculative tiling is disabled, return an unmodified exposed rect.

        Time/velocity adjusments are completely unnecessary at the moment since speculative tiling
        is enabled as soon as the view scrolls.

        * WebCore.exp.in:
        * page/FrameView.cpp:
        (WebCore::FrameView::setScrollVelocity):
        (WebCore::FrameView::computeCoverageRect):
        * page/FrameView.h:
        * platform/ScrollView.h:
        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::setScrollVelocity): Deleted.
        (WebCore::ScrollView::computeCoverageRect): Deleted.

2014-05-02  Pratik Solanki  <psolanki@apple.com>

        Shortcircuit shouldUseCredentialStorage callback
        https://bugs.webkit.org/show_bug.cgi?id=132308
        <rdar://problem/16806708>

        Reviewed by Alexey Proskuryakov.

        If we are going to return true from the shouldUseCredentialStorage callback then we don't
        really need to have CFNetwork/Foundation call us. We can just disable the callback and
        CFNetwork will assume true. Add a separate subclass that implements this callback when we
        need to return false. We can also eliminate the corresponding async callbacks. This avoids
        pingponging between dispatch queue and main thread in the common case.

        No new tests because no change in functionality.

        * WebCore.exp.in:
        * platform/network/ResourceHandle.cpp:
        * platform/network/ResourceHandle.h:
        * platform/network/ResourceHandleClient.cpp:
        * platform/network/ResourceHandleClient.h:
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::createCFURLConnection):
        (WebCore::ResourceHandle::shouldUseCredentialStorage):
        * platform/network/cf/ResourceHandleCFURLConnectionDelegate.h:
        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::shouldUseCredentialStorage):
        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.h:
        * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp:
        * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.h:
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::start):
        (WebCore::ResourceHandle::makeDelegate):
        (WebCore::ResourceHandle::delegate):
        (WebCore::ResourceHandle::platformLoadResourceSynchronously):
        (WebCore::ResourceHandle::shouldUseCredentialStorage):
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.h:
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleWithCredentialStorageAsOperationQueueDelegate connectionShouldUseCredentialStorage:]):
        * platform/network/soup/ResourceHandleSoup.cpp:

2014-05-03  Andreas Kling  <akling@apple.com>

        Invalidate scrollbars when custom scrollbar style changes dynamically.
        <https://webkit.org/b/132529>

        Add a ScrollView::styleDidChange() and call that from RenderView::styleDidChange()
        so that the scrollbars are sure to get repainted with potentially different style.

        Reviewed by Antti Koivisto.

        Test: fast/css/scrollbar-dynamic-style-change.html

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::styleDidChange):
        * platform/ScrollView.h:
        * rendering/RenderView.cpp:
        (WebCore::RenderView::styleDidChange):

2014-05-03  Simon Fraser  <simon.fraser@apple.com>

        Very fuzzy layers under non-decompasable matrices
        https://bugs.webkit.org/show_bug.cgi?id=132516
        <rdar://problem/16717478>

        Reviewed by Sam Weinig.
        
        r155977 added code to modify layer contentsScale based on a root-relative
        scale, so that scaled-up layers remained sharp. It does this by decomposing
        an accumulated matrix, but failed to test whether the decomposition
        succeeded. This would result in contentsScale of 0, which is clamped to 0.1,
        resulting in very fuzzy layers.
        
        Fix by testing for success of decomposition.

        Test: compositing/contents-scale/non-decomposable-matrix.html

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::maxScaleFromTransform):
        * platform/graphics/transforms/TransformationMatrix.cpp:
        (WebCore::TransformationMatrix::decompose2): Return early for identity matrices,
        with fix for m11 and m22.
        (WebCore::TransformationMatrix::decompose4): Return early for identity matrices.
        * platform/graphics/transforms/TransformationMatrix.h:
        Make Decomposed2Type and Decomposed4Type into C++ structs.
        (WebCore::TransformationMatrix::Decomposed2Type::operator==): Added to make it easier
        to write code that asserts that decomposition is correct.
        (WebCore::TransformationMatrix::Decomposed4Type::operator==): Ditto.

2014-05-03  Simon Fraser  <simon.fraser@apple.com>

        Fix crash in WebKit client app when zooming
        https://bugs.webkit.org/show_bug.cgi?id=132475
        <rdar://problem/16703405>

        Reviewed by Tim Horton.

        It's possible for a WebTiledBackingLayer CALayer to remain in the CALayer
        hierarchy after we've called -invalidate on it, which clears the _tileController.
        Project the getters against null derefs to handle this.

        * platform/graphics/ca/mac/WebTiledBackingLayer.mm:
        (-[WebTiledBackingLayer isOpaque]):
        (-[WebTiledBackingLayer acceleratesDrawing]):
        (-[WebTiledBackingLayer contentsScale]):

2014-05-03  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix GTK+ build after r168209.

        * platform/leveldb/LevelDBDatabase.cpp:
        (WebCore::LevelDBDatabase::write):

2014-05-03  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Fieldset legend has a horizontal line through, when the fieldset is painted on odd device pixel position.
        https://bugs.webkit.org/show_bug.cgi?id=132521
        <rdar://problem/16803305>

        Reviewed by Simon Fraser.

        Use device pixel snapping when the fieldset's border gets clipped out for the legend's text. It ensures that
        the device pixel snapped border gets properly clipped out.

        Existing fieldset tests cover it.

        * rendering/RenderFieldset.cpp:
        (WebCore::RenderFieldset::paintBoxDecorations):

2014-05-02  Zalan Bujtas  <zalan@apple.com>

        CodeCleanup: Remove *MaintainsPixelAlignment from GraphicsLayer*.
        https://bugs.webkit.org/show_bug.cgi?id=132501

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::GraphicsLayer):
        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::setMaintainsPixelAlignment): Deleted.
        (WebCore::GraphicsLayer::maintainsPixelAlignment): Deleted.
        (WebCore::GraphicsLayer::pixelAlignmentOffset): Deleted.
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::updateGeometry):
        (WebCore::GraphicsLayerCA::computePixelAlignment):
        (WebCore::GraphicsLayerCA::setMaintainsPixelAlignment): Deleted.
        * platform/graphics/ca/GraphicsLayerCA.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::createGraphicsLayer):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::keepLayersPixelAligned): Deleted.
        * rendering/RenderLayerCompositor.h:

2014-05-02  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Tiled layer content missing on pages with animated tiled layers
        https://bugs.webkit.org/show_bug.cgi?id=132507
        <rdar://problem/16765740>

        Reviewed by Tim Horton.

        Updating the tiling area of content TileControllers while
        CSS animations are running depends on GraphicsLayerUpdater
        triggering repeated layer flushes. With UI-side compositing, those
        flushes were happening, but nothing triggered RemoteLayerTreeDrawingArea
        to flush changes to the UI process.
        
        Fix by having RenderLayerCompositor schedule a flush, rather
        than just doing a flush, in response to GraphicsLayerUpdater.
        
        Also change the name of the GraphicsLayerUpdaterClient function
        to indicate that it suggests that a flush is required soon, rather than
        that the flushing has to be synchronous.

        * platform/graphics/GraphicsLayerUpdater.cpp:
        (WebCore::GraphicsLayerUpdater::displayRefreshFired):
        * platform/graphics/GraphicsLayerUpdater.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::flushLayersSoon):
        (WebCore::RenderLayerCompositor::flushLayers): Deleted.
        * rendering/RenderLayerCompositor.h:

2014-05-02  Jeremy Jones  <jeremyj@apple.com>

        Use displayNameForTrack instead of textTrack->label() for captions.
        https://bugs.webkit.org/show_bug.cgi?id=131311

        Reviewed by Darin Adler.

        Use the same mechanism as the desktop to build the captions list so it has the correct
        names in the correct order including none and automatic.

        * platform/ios/WebVideoFullscreenModelMediaElement.h:
        * platform/ios/WebVideoFullscreenModelMediaElement.mm:
        (WebVideoFullscreenModelMediaElement::setMediaElement):
        move legible track code into updateLegibleOptions()

        (WebVideoFullscreenModelMediaElement::handleEvent):
        updateLegibleOptions on addTrack and removeTrack

        (WebVideoFullscreenModelMediaElement::selectLegibleMediaOption):
        select the corresponding TextTrack on HTMLMediaElement.

        (WebVideoFullscreenModelMediaElement::updateLegibleOptions):
        use the same mechanism as desktop to build the captions menu.

2014-05-02  Jeremy Jones  <jeremyj@apple.com>

        CSS-based Media Controls Show Different times content longer than 1 hour.
        https://bugs.webkit.org/show_bug.cgi?id=132443

        Reviewed by Jer Noble.

        * Modules/mediacontrols/mediaControlsApple.css:
        (audio::-webkit-media-controls-timeline-container .hour-long-time):
        This class has a wider width for longer duration times.

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.updateDuration):
        Apply .hour-long-time class as appropriate.

        (Controller.prototype.formatTime):
        More robust formatting to handle hours.

        * Modules/mediacontrols/mediaControlsiOS.css:
        (audio::-webkit-media-controls-timeline-container .hour-long-time):
        This class has a wider width for longer duration times.

        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.formatTime):
        More robust formatting to handle hours.

2014-05-02  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] AVAssetTrack returns incorrect track size
        https://bugs.webkit.org/show_bug.cgi?id=132469

        Reviewed by Brent Fulgham.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::didParseStreamDataAsAsset):  Remove the sizeChanged() notification.
        (WebCore::SourceBufferPrivateAVFObjC::processCodedFrame): Cache the last parsed video frame size.
        (WebCore::SourceBufferPrivateAVFObjC::naturalSize): Return the cached value.

2014-05-02  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering[iOS]: Use pixelSnappedRoundedRectForPainting() to clip text area rect.
        https://bugs.webkit.org/show_bug.cgi?id=132499
        <rdar://problem/16631050>

        Reviewed by Simon Fraser.

        Snap to device pixels properly instead of relying on float arithmetics while converting from RoundedRect
        to FloatRoundedRect. This is the second, cleanup part of the text-area decoration is off-by-one painting issue.

        Currently not testable.

        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::paintTextFieldDecorations):

2014-05-02  Andreas Kling  <akling@apple.com>

        Remove HistogramSupport.
        <https://webkit.org/b/132354>

        Prune some leftover Chromium gunk that no other ports ever used.

        Reviewed by Simon Fraser.

        * CMakeLists.txt:
        * Modules/indexeddb/IDBDatabase.cpp:
        (WebCore::IDBDatabase::createObjectStore):
        (WebCore::IDBDatabase::deleteObjectStore):
        (WebCore::IDBDatabase::transaction):
        * Modules/indexeddb/IDBFactory.cpp:
        (WebCore::IDBFactory::openInternal):
        (WebCore::IDBFactory::deleteDatabase):
        * Modules/indexeddb/IDBHistograms.h: Removed.
        * Modules/indexeddb/leveldb/IDBBackingStoreLevelDB.cpp:
        (WebCore::IDBBackingStoreLevelDB::open):
        (WebCore::IDBBackingStoreLevelDB::openInMemory):
        (WebCore::recordInternalError): Deleted.
        * Modules/indexeddb/leveldb/IDBBackingStoreTransactionLevelDB.cpp:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSParser.cpp:
        (WebCore::cssPropertyID):
        * dom/Document.cpp:
        (WebCore::Document::~Document):
        (WebCore::histogramMutationEventUsage): Deleted.
        * dom/ShadowRoot.cpp:
        * fileapi/Blob.cpp:
        * fileapi/WebKitBlobBuilder.cpp:
        (WebCore::BlobBuilder::append):
        * history/PageCache.cpp:
        (WebCore::logCanCacheFrameDecision):
        (WebCore::logCanCachePageDecision):
        * platform/HistogramSupport.cpp: Removed.
        * platform/HistogramSupport.h: Removed.
        * platform/leveldb/LevelDBDatabase.cpp:
        (WebCore::LevelDBDatabase::open):
        (WebCore::histogramLevelDBError): Deleted.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateNeedsCompositedScrolling):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::send):

2014-05-02  Brady Eidson  <beidson@apple.com>

        Stop flipping the ImageControlsButton
        <rdar://problem/16773238> and https://bugs.webkit.org/show_bug.cgi?id=132502

        Reviewed by Tim Horton.

        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintImageControlsButton):

2014-05-02  Jeremy Jones  <jeremyj@apple.com>

        Fullscreen UI does not appear after WebProcess has crashed
        https://bugs.webkit.org/show_bug.cgi?id=132442

        Reviewed by Darin Adler.

        Clean up immediately when there is a WebProcess crash.

        * WebCore.exp.in:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::invalidate):
        Clean-up resources immediately.

2014-05-02  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r168192.
        https://bugs.webkit.org/show_bug.cgi?id=132498

        Was not the correct fix (blurry!) (Requested by bfulgham_ on
        #webkit).

        Reverted changeset:

        "[iOS] deviceScaleFactor is being double-applied when
        rendering captions in full screen mode"
        https://bugs.webkit.org/show_bug.cgi?id=132481
        http://trac.webkit.org/changeset/168192

2014-05-02  Alexey Proskuryakov  <ap@apple.com>

        Remove Blob contentDisposition handling
        https://bugs.webkit.org/show_bug.cgi?id=132490

        Reviewed by Sam Weinig.

        Dead code.

        * platform/network/BlobData.h:
        (WebCore::BlobData::contentDisposition): Deleted.
        (WebCore::BlobData::setContentDisposition): Deleted.
        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::registerBlobURL):
        (WebCore::BlobRegistryImpl::registerBlobURLForSlice):
        * platform/network/BlobResourceHandle.cpp:
        (WebCore::BlobResourceHandle::notifyResponseOnSuccess):
        * platform/network/BlobStorageData.h:
        (WebCore::BlobStorageData::create):
        (WebCore::BlobStorageData::contentType):
        (WebCore::BlobStorageData::BlobStorageData):
        (WebCore::BlobStorageData::contentDisposition): Deleted.

2014-05-02  Anders Carlsson  <andersca@apple.com>

        Implement FormData decoding using KeyedDecoder
        https://bugs.webkit.org/show_bug.cgi?id=132494

        Reviewed by Tim Horton.

        * platform/KeyedCoding.h:
        (WebCore::KeyedDecoder::decodeEnum):
        * platform/network/FormData.cpp:
        (WebCore::decodeElement):
        (WebCore::FormData::decode):
        * platform/network/FormData.h:

2014-05-02  Brent Fulgham  <bfulgham@apple.com>

        [iOS] deviceScaleFactor is being double-applied when rendering captions in full screen mode
        https://bugs.webkit.org/show_bug.cgi?id=132481

        Reviewed by Jer Noble.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateDisplay): Don't set the platform scale factor here. It is already
        being accounted for in the createTextTrackRepresentationImage method.

2014-05-02  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Don't create backing store for -webkit-overflow-scrolling:touch that can't scroll
        https://bugs.webkit.org/show_bug.cgi?id=132487
        <rdar://problem/16758041>

        Reviewed by Sam Weinig.

        Previously, -webkit-overflow-scrolling:touch would cause us to make compositing
        layers for any element that had overflow: auto or scroll on either axis. This
        created lots of backing store when not required.
        
        Improve this to only create compositing for scrolling when there is actually
        scrollable overflow. This makes things slightly more complex, because we can
        only know when layout is up to date.

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeRectForRepaint): usesCompositedScrolling() tells
        us if we're actually doing composited overflow.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::hasTouchScrollableOverflow):
        (WebCore::RenderLayer::handleTouchEvent):
        * rendering/RenderLayer.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::layerOrAncestorIsTransformedOrUsingCompositedScrolling):
        (WebCore::RenderLayerBacking::updateGraphicsLayerConfiguration): Only update
        scrolling and clipping layers if layout is not pending.
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        (WebCore::RenderLayerBacking::updateScrollingLayers): The caller calls
        updateInternalHierarchy(), so no need to do it here.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresCompositingForScrolling): We
        can only determine that we're scrollable after layout.
        (WebCore::isStickyInAcceleratedScrollingLayerOrViewport):
        (WebCore::isMainFrameScrollingOrOverflowScrolling):

2014-05-02  Anders Carlsson  <andersca@apple.com>

        Clean up FormDataElement
        https://bugs.webkit.org/show_bug.cgi?id=132483

        Reviewed by Sam Weinig.

        * platform/network/FormData.cpp:
        (WebCore::FormData::FormData):
        (WebCore::FormData::deepCopy):
        (WebCore::FormData::expandDataStore):
        (WebCore::FormData::flatten):
        (WebCore::FormData::resolveBlobReferences):
        (WebCore::FormData::generateFiles):
        (WebCore::FormData::hasGeneratedFiles):
        (WebCore::FormData::hasOwnedGeneratedFiles):
        (WebCore::FormData::removeGeneratedFilesIfNeeded):
        (WebCore::encodeElement):
        (WebCore::decodeElement):
        * platform/network/FormData.h:
        (WebCore::FormDataElement::FormDataElement):
        (WebCore::operator==):
        * platform/network/cf/FormDataStreamCFNet.cpp:
        (WebCore::advanceCurrentStream):
        (WebCore::setHTTPBody):
        * platform/network/curl/FormDataStreamCurl.cpp:
        (WebCore::FormDataStream::read):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::setupFormData):
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::addFormElementsToSoupMessage):

2014-05-02  Jer Noble  <jer.noble@apple.com>

        [iOS] Wireless playback button not blue when active
        https://bugs.webkit.org/show_bug.cgi?id=132473

        Reviewed by Simon Fraser.

        The playback button's class was being set to 'undefined', due to Controller.ClassNames.active being undefined.

        * Modules/mediacontrols/mediaControlsApple.js:

2014-05-02  Alexey Proskuryakov  <ap@apple.com>

        Don't abuse Blob deserialization constructor in WebSocket
        https://bugs.webkit.org/show_bug.cgi?id=132478

        Reviewed by Sam Weinig.

        * Modules/websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::send):
        (WebCore::WebSocketChannel::enqueueBlobFrame): This is the important change -
        Blob::create was called for no reason. If the blob came from a worker, it was
        already cloned for cross-thread messaging, otherwise there is no reason to make
        a new one.

        * fileapi/Blob.h:
        (WebCore::Blob::deserialize):
        (WebCore::Blob::create): Deleted.
        * fileapi/File.h:
        (WebCore::File::deserialize):
        (WebCore::File::create): Deleted.
        Renamed a special case of "create" function to avoid explaining what it is for.

        * Modules/websockets/ThreadableWebSocketChannel.h:
        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::send):
        * Modules/websockets/WebSocketChannel.h:
        * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
        (WebCore::WorkerThreadableWebSocketChannel::send): Print a full URL in LOG(),
        not one shortened to 1024 characters.
        (WebCore::WorkerThreadableWebSocketChannel::Peer::send):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadSendBlob):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::send):
        * Modules/websockets/WorkerThreadableWebSocketChannel.h:
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::readFile):
        (WebCore::CloneDeserializer::readTerminal):

2014-05-02  Anders Carlsson  <andersca@apple.com>

        Add and implement KeyedDecoder::decodeBytes
        https://bugs.webkit.org/show_bug.cgi?id=132479

        Reviewed by Tim Horton.

        * platform/KeyedCoding.h:
        (WebCore::KeyedDecoder::decodeBytes):

2014-05-02  Joseph Pecoraro  <pecoraro@apple.com>

        [iOS] WebKit2 File Upload Support
        https://bugs.webkit.org/show_bug.cgi?id=132024

        Reviewed by Enrica Casucci.

        * English.lproj/Localizable.strings:
        New localized strings for <input type="file"> on iOS.

2014-05-02  Chris Fleizach  <cfleizach@apple.com>

        AX: WK2: iOS web page scrolling doesn't work with VoiceOver
        https://bugs.webkit.org/show_bug.cgi?id=132028

        Reviewed by Mario Sanchez Prada.

        With the AX tree residing in the WebProcess, scrolling needs to be implemented in
        WebCore using accessibilityScroll: in order for accessibility clients to scroll through the AX API.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::scrollViewAncestor):
        (WebCore::AccessibilityObject::scrollToMakeVisibleWithSubFocus):
        * accessibility/AccessibilityObject.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper _accessibilityConvertPointToViewSpace:]):
        (-[WebAccessibilityObjectWrapper _accessibilityScrollToVisible]):
        (-[WebAccessibilityObjectWrapper accessibilityScroll:]):
        (-[WebAccessibilityObjectWrapper postScrollStatusChangeNotification]):
        (-[WebAccessibilityObjectWrapper _accessibilityScrollPosition]):
        (-[WebAccessibilityObjectWrapper _accessibilityScrollSize]):
        (-[WebAccessibilityObjectWrapper _accessibilityScrollVisibleRect]):

2014-05-02  Jeremy Jones  <jeremyj@apple.com>

        Pause playback on exit fullscreen when inline playback not allowed.
        https://bugs.webkit.org/show_bug.cgi?id=132450

        Reviewed by Jer Noble.

        Use correct method of determining if inline playback is allowed.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):
        Use m_mediaSession->requiresFullscreenForVideoPlayback to detect if inline playback is allowed.

        * platform/ios/WebVideoFullscreenModelMediaElement.mm:
        (WebVideoFullscreenModelMediaElement::requestExitFullscreen):
        Prevent duplicate exit requests.

2014-05-02  Ion Rosca  <rosca@adobe.com>

        [CSS Blending] Remove support for non-separable blend modes from background-blend-mode
        https://bugs.webkit.org/show_bug.cgi?id=132327

        Reviewed by Dean Jackson.

        Removed support for non-separable background blend modes from the CSS parser.
        Covered by existing tests.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseFillProperty):

2014-05-02  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Clean up #include <OwnPtr.h>|<PassOwnPtr.h> in Supplementable classes
        https://bugs.webkit.org/show_bug.cgi?id=132466

        Reviewed by Tim Horton.

        Since r168144, Supplementable classes don't need to include OwnPtr.h or PassOwnPtr.h.
        Clean up those inclusions.

        No new tests, just clean up patch.

        * Modules/encryptedmedia/CDMPrivate.h:
        * Modules/gamepad/NavigatorGamepad.cpp:
        * Modules/geolocation/GeolocationController.cpp:
        (WebCore::GeolocationController::create): Deleted. Don't need to have a factory function.
        * Modules/geolocation/GeolocationController.h:
        * Modules/mediasource/MediaSource.h:
        * Modules/mediastream/UserMediaController.h:
        * Modules/notifications/NotificationCenter.h:
        * Modules/notifications/NotificationController.cpp:
        * Modules/quota/StorageErrorCallback.h:
        * Modules/vibration/Vibration.h:
        * Modules/webdatabase/Database.cpp:
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.h:
        * Modules/websockets/WebSocket.cpp:
        * Modules/websockets/WebSocket.h:

2014-05-01  Ryuan Choi  <ryuan.choi@samsung.com>

        Remove TiledBackingStore stuff from Frame
        https://bugs.webkit.org/show_bug.cgi?id=132458

        Reviewed by Andreas Kling.

        Although TiledBackingStore is using for the CoordinatedGraphics,
        CoordinatedGraphics does not use tiledBackingStore of Frame.

        This patch removed TiledBackingStore related code of the Frame.

        * page/Frame.cpp:
        (WebCore::Frame::Frame):
        (WebCore::Frame::setView):
        (WebCore::Frame::setTiledBackingStoreEnabled): Deleted.
        (WebCore::Frame::tiledBackingStorePaintBegin): Deleted.
        (WebCore::Frame::tiledBackingStorePaint): Deleted.
        (WebCore::Frame::tiledBackingStorePaintEnd): Deleted.
        (WebCore::Frame::tiledBackingStoreContentsRect): Deleted.
        (WebCore::Frame::tiledBackingStoreVisibleRect): Deleted.
        (WebCore::Frame::tiledBackingStoreBackgroundColor): Deleted.
        * page/Frame.h:
        (WebCore::Frame::tiledBackingStore): Deleted.
        * page/FrameView.cpp:
        (WebCore::FrameView::repaintContentRectangle):
        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        (WebCore::Settings::setTiledBackingStoreEnabled): Deleted.
        * page/Settings.h:
        (WebCore::Settings::tiledBackingStoreEnabled): Deleted.

2014-05-01  Myles C. Maxfield  <mmaxfield@apple.com>

        Migrate all uses of DeviceMotionController and DeviceOrientationController to std::unique_ptr
        https://bugs.webkit.org/show_bug.cgi?id=132461

        Unreviewed build fix.

        No new tests.

        * dom/Document.cpp:
        (WebCore::Document::Document):
        * dom/Document.h:
        * platform/ios/DeviceMotionClientIOS.h:
        (WebCore::DeviceMotionClientIOS::create): Deleted.
        * platform/ios/DeviceOrientationClientIOS.h:
        (WebCore::DeviceOrientationClientIOS::create): Deleted.

2014-05-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Convert OwnPtr and PassOwnPtr uses to std::unique_ptr in Supplement
        https://bugs.webkit.org/show_bug.cgi?id=132165

        Reviewed by Darin Adler.

        According to convert from PassOwnPtr to std::unique_ptr, provideTo() callers also begin
        to use std::make_unique.

        * Modules/battery/BatteryController.cpp:
        (WebCore::provideBatteryTo):
        * Modules/battery/BatteryController.h:
        * Modules/battery/NavigatorBattery.cpp:
        (WebCore::NavigatorBattery::from):
        * Modules/gamepad/NavigatorGamepad.cpp:
        (WebCore::NavigatorGamepad::from):
        * Modules/geolocation/GeolocationController.cpp:
        (WebCore::provideGeolocationTo):
        * Modules/geolocation/GeolocationController.h:
        * Modules/geolocation/NavigatorGeolocation.cpp:
        (WebCore::NavigatorGeolocation::from):
        * Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
        (WebCore::DOMWindowIndexedDatabase::from):
        * Modules/indexeddb/PageGroupIndexedDatabase.cpp:
        (WebCore::PageGroupIndexedDatabase::from):
        * Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.cpp:
        (WebCore::WorkerGlobalScopeIndexedDatabase::from):
        * Modules/mediastream/UserMediaController.cpp:
        (WebCore::provideUserMediaTo):
        (WebCore::UserMediaController::create): Deleted.
        * Modules/mediastream/UserMediaController.h:
        * Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
        (WebCore::provideNavigatorContentUtilsTo):
        (WebCore::NavigatorContentUtils::create): Deleted.
        * Modules/navigatorcontentutils/NavigatorContentUtils.h:
        * Modules/notifications/DOMWindowNotifications.cpp:
        (WebCore::DOMWindowNotifications::from):
        * Modules/notifications/NotificationController.cpp:
        (WebCore::provideNotification):
        (WebCore::NotificationController::create): Deleted.
        * Modules/notifications/NotificationController.h:
        * Modules/notifications/WorkerGlobalScopeNotifications.cpp:
        (WebCore::WorkerGlobalScopeNotifications::from):
        * Modules/proximity/DeviceProximityController.cpp:
        (WebCore::provideDeviceProximityTo):
        (WebCore::DeviceProximityController::create): Deleted.
        * Modules/proximity/DeviceProximityController.h:
        * Modules/quota/DOMWindowQuota.cpp:
        (WebCore::DOMWindowQuota::from):
        * Modules/quota/NavigatorStorageQuota.cpp:
        (WebCore::NavigatorStorageQuota::from):
        * Modules/quota/WorkerNavigatorStorageQuota.cpp:
        (WebCore::WorkerNavigatorStorageQuota::from):
        * Modules/speech/DOMWindowSpeechSynthesis.cpp:
        (WebCore::DOMWindowSpeechSynthesis::from):
        * Modules/speech/SpeechRecognitionController.cpp:
        (WebCore::provideSpeechRecognitionTo):
        * Modules/vibration/Vibration.cpp:
        (WebCore::provideVibrationTo):
        (WebCore::Vibration::create): Deleted.
        * Modules/vibration/Vibration.h:
        * dom/DeviceMotionController.cpp:
        (WebCore::provideDeviceMotionTo):
        (WebCore::DeviceMotionController::create): Deleted.
        * dom/DeviceMotionController.h:
        * dom/DeviceOrientationController.cpp:
        (WebCore::provideDeviceOrientationTo):
        (WebCore::DeviceOrientationController::create): Deleted.
        * dom/DeviceOrientationController.h:
        * page/SpeechInput.cpp:
        (WebCore::provideSpeechInputTo):
        (WebCore::SpeechInput::create): Deleted.
        * page/SpeechInput.h:
        * platform/Supplementable.h:
        (WebCore::Supplement::provideTo):
        (WebCore::Supplementable::provideSupplement):
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::from):

2014-05-01  Andreas Kling  <akling@apple.com>

        HTMLMediaElement: Remove two unnecessary virtual overrides.
        <https://webkit.org/b/132445>

        Now that ENABLE_PLUGIN_PROXY_FOR_VIDEO is gone, we can remove
        these overrides:

            - defaultEventHandler()
            - willRespondToMouseClickEvents()

        Reviewed by Darin Adler.

        * html/HTMLMediaElement.cpp:
        * html/HTMLMediaElement.h:

2014-05-01  Benjamin Poulain  <bpoulain@apple.com>

        ViewportConfiguration::minimumScale() uses the initial scale as initial value
        https://bugs.webkit.org/show_bug.cgi?id=132451
        <rdar://problem/16780111>

        Reviewed by Enrica Casucci.

        * page/ViewportConfiguration.cpp:
        (WebCore::ViewportConfiguration::minimumScale):
        The initial minimum scale was set to the initial scale, preventing some pages from zooming
        out.

2014-05-01  Alexey Proskuryakov  <ap@apple.com>

        Build fix for !ENABLE(BLOB) builds.

        * fileapi/ThreadableBlobRegistry.cpp:
        (WebCore::ThreadableBlobRegistry::registerBlobURL):
        (WebCore::ThreadableBlobRegistry::registerBlobURLForSlice):

2014-05-01  Alexey Proskuryakov  <ap@apple.com>

        Move size computation for Blob constructor into BlobRegistryImpl
        https://bugs.webkit.org/show_bug.cgi?id=132439

        Reviewed by Sam Weinig.

        * Modules/websockets/WebSocket.cpp: (WebCore::WebSocket::didReceiveBinaryData):
        Don't pass the size, anyone who cares can get it from BlobData.

        * bindings/js/JSBlobCustom.cpp: (WebCore::JSBlobConstructor::constructJSBlob):
        Updated for BlobBuilder changes.

        * fileapi/Blob.cpp: (WebCore::Blob::Blob):
        * fileapi/Blob.h: (WebCore::Blob::create):
        No longer take a precomputed size with BlobData, BlobRegistry will compute it as
        part of registration.

        * fileapi/File.h:
        * fileapi/File.cpp:
        (WebCore::File::File): Don't pass a size (that's unknown anyway).
        (WebCore::File::captureSnapshot): Deleted. Finally, only the registry is responsible
        for snapshot tracking now (I doubt that either new or old code is particularly compliant).

        * fileapi/ThreadableBlobRegistry.cpp:
        (WebCore::ThreadableBlobRegistry::registerBlobURL):
        * fileapi/ThreadableBlobRegistry.h:
        Plumbing to make this version of registerBlobURL return a size. I may make size
        calculation lazy and the function async later, but this is needed to move the behavior
        to the right place first.

        * fileapi/WebKitBlobBuilder.h:
        * fileapi/WebKitBlobBuilder.cpp:
        (WebCore::BlobBuilder::BlobBuilder):
        (WebCore::BlobBuilder::append):
        (WebCore::BlobBuilder::appendBytesData):
        (WebCore::BlobBuilder::finalize):
        (WebCore::BlobBuilder::getBlob): Deleted.
        Don't track sizes or modification times, registry will do that with appropriate laziness.
        Cleaned up the API - now that BlobBuilder is not exposed to JS as an object, it
        does not need to be reusable.

        * platform/network/BlobRegistry.h: Made this version of registerBlobURL return a size.
        * platform/network/BlobRegistryImpl.h:
        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::appendStorageItems): Assert that length computations are accurate.
        (WebCore::BlobRegistryImpl::registerBlobURL): Compute a size to return, and record
        modification time as necessary.

        * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::responseBlob): Don't pass the
        size, which can be computed from data. Soon, I want to add a constructor that doesn't
        require wrapping a single Vector as BlobData to construct a Blob.

2014-05-01  Eric Carlson  <eric.carlson@apple.com>

        [iOS] audio and video should automatically play to active external device
        https://bugs.webkit.org/show_bug.cgi?id=132428

        Reviewed by Jer Noble.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer): Set 
            AVPlayer.usesExternalPlaybackWhileExternalScreenIsActive.

2014-05-01  David Hyatt  <hyatt@apple.com>

        REGRESSION (r168046): [New Multicolumn] Selection into and out of column-span elements doesn't work
        https://bugs.webkit.org/show_bug.cgi?id=132066

        Reviewed by Oliver Hunt.

        Make a new SelectionIterator struct that knows how to drill into and out of
        column span placeholders. Also change spans to be selection roots (in the painting
        sense).

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::isSelectionRoot):
        (WebCore::RenderBlock::selectionGaps):
        * rendering/RenderView.cpp:
        (WebCore::SelectionIterator::SelectionIterator):
        (WebCore::SelectionIterator::checkForSpanner):
        (WebCore::SelectionIterator::current):
        (WebCore::SelectionIterator::next):
        (WebCore::RenderView::subtreeSelectionBounds):
        (WebCore::RenderView::repaintSubtreeSelection):
        (WebCore::RenderView::setSubtreeSelection):

2014-05-01  Simon Fraser  <simon.fraser@apple.com>

        Don't always make backing store for -webkit-backface-visibility:hidden
        https://bugs.webkit.org/show_bug.cgi?id=132420

        Reviewed by Sam Weinig.
        
        Previously, -webkit-backface-visibility:hidden unconditionally created
        compositing layers with backing store. This results in high memory use
        on pages with this style applied to many elements (a cargo-cult "optimization").
        
        Fix by only having -webkit-backface-visibility:hidden create compositing layers
        if some ancestor has a 3D transform. That's the only scenario in which the
        element can be flipped around to reveal the back side, so the only time we need
        to do compositing for this property. In future, we could be smarter, and only
        consider 3D transforms in the current preserve-3d context.

        Tests: compositing/backing/backface-visibility-in-3dtransformed.html
               compositing/backing/backface-visibility-in-transformed.html
               compositing/backing/backface-visibility.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        (WebCore::RenderLayer::updateLayerPositions):
        (WebCore::RenderLayer::hitTestLayer):
        * rendering/RenderLayer.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresCompositingLayer):
        (WebCore::RenderLayerCompositor::requiresOwnBackingStore):
        (WebCore::RenderLayerCompositor::requiresCompositingForBackfaceVisibility):
        * rendering/RenderLayerCompositor.h:

2014-05-01  Alex Christensen  <achristensen@webkit.org>

        Finish updating ANGLE.
        https://bugs.webkit.org/show_bug.cgi?id=132434

        Reviewed by Dean Jackson.

        * CMakeLists.txt:
        Removed Uniform.cpp which is no longer in ANGLE.

2014-05-01  David Hyatt  <hyatt@apple.com>

        REGRESSION (new multi-column): WebKit2.ResizeReversePaginatedWebView fails on debug bots
        https://bugs.webkit.org/show_bug.cgi?id=132429

        Reviewed by Alexey Proskuryakov.
        
        Make sure to get the column count directly from the column set.
        I was returning the theoretical column count from the flow thread,
        and that wasn't the right value.

        * rendering/RenderMultiColumnSet.h:
        * rendering/RenderView.cpp:
        (WebCore::RenderView::pageCount):

2014-05-01  Brent Fulgham  <bfulgham@apple.com>

        Fix handling of attributes prior to compiling shader
        https://bugs.webkit.org/show_bug.cgi?id=132430

        Reviewed by Dean Jackson.

        WebGL programs that called bindAttribLocations prior to compiling shader sources
        would perform the bind using the non-hashed symbol name, but would later create
        the attributes as hashed names. Consequently, the program would refer to
        attributes that were never actually part of any shader, resulting in some amazing
        display artifacts.

        This patch adds a dictionary of hashed symbol names so that we can tell the WebGL
        program the proper name that will be used when the shader is eventually compiled,
        allowing the WebGL program to link against the proper symbol after compiling and
        linking completes.

        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::generateHashedName): Function uses the ANGLE hashing
        function to generate correct symbol.
        (WebCore::GraphicsContext3D::mappedSymbolName): If we haven't compiled shaders yet, look
        in our set of potentially unused attributes.
        (WebCore::GraphicsContext3D::originalSymbolName): Ditto, for reverse lookup.

2014-05-01  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Make selection gaps painting subpixel aware.
        https://bugs.webkit.org/show_bug.cgi?id=132169

        Reviewed by Simon Fraser.

        Push selection gaps painting to device pixel boundaries instead of integral CSS pixel positions.

        Test: fast/inline/hidpi-selection-gap-on-subpixel-position.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::blockSelectionGap):
        (WebCore::RenderBlock::logicalLeftSelectionGap):
        (WebCore::RenderBlock::logicalRightSelectionGap):

2014-05-01  David Kilzer  <ddkilzer@apple.com>

        Really remove ENABLE_PLUGIN_PROXY_FOR_VIDEO
        <http://webkit.org/b/132432>

        Reviewed by Tim Horton.

        * platform/graphics/wince/MediaPlayerPrivateWinCE.h: Remove
        methods and ivar in ENABLE(PLUGIN_PROXY_FOR_VIDEO).

2014-05-01  Javier Fernandez  <jfernandez@igalia.com>

        [CSS Grid Layout] Clamping the number of repetitions in repeat()
        https://bugs.webkit.org/show_bug.cgi?id=131023

        Reviewed by Brent Fulgham.

        The ED suggests now to be able to clamp the number of repetitions when
        using the repeat() function, taking precautions about excessive memory
        usage.

        The implemented max repetitions is 10K.

        Test: fast/css-grid-layout/grid-element-repeat-max-repetitions.html

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseGridTrackRepeatFunction):

2014-04-30  Jer Noble  <jer.noble@apple.com>

        [MSE] Seeking between two buffered ranges enquues incorrect buffers.
        https://bugs.webkit.org/show_bug.cgi?id=132416

        Reviewed by Eric Carlson.

        std::equal_range(begin, end, value) will return an empty range if equal values cannot
        be found. But the range is not necessarily [end, end).  It may be some other value n,
        such that the empty range is [n, n). Check to see if the returned range is empty in
        findSampleContainingPresentationTime() and its reverse version, and if so, explicitly
        return presentationEnd() or reversePresentationEnd() respectively.

        Drive-by fix: make the comparator functions take const& arguments to minimize object
        creation.

        * Modules/mediasource/SampleMap.cpp:
        (WebCore::SampleIsLessThanMediaTimeComparator::operator()):
        (WebCore::SampleIsGreaterThanMediaTimeComparator::operator()):
        (WebCore::SampleMap::findSampleContainingPresentationTime):
        (WebCore::SampleMap::reverseFindSampleContainingPresentationTime):

2014-05-01  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Inline text selection painting should not snap to integral CSS pixel position.
        https://bugs.webkit.org/show_bug.cgi?id=132164

        Reviewed by Darin Adler.

        Inline text selection painting now snaps to device pixels. It uses the same rounding logic as
        other painting functions.

        Test: fast/inline/hidpi-select-inline-on-subpixel-position.html

        * rendering/EllipsisBox.cpp:
        (WebCore::EllipsisBox::paintSelection):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paintSelection):
        (WebCore::alignSelectionRectToDevicePixels): Deleted.
        * rendering/InlineTextBox.h:

2014-05-01  Ryuan Choi  <ryuan.choi@samsung.com>

        [EFL] There are many warnings with software backend
        https://bugs.webkit.org/show_bug.cgi?id=132422

        Reviewed by Gyuyoung Kim.

        ecore_evas_gl_x11_window_get should be called when only engine is opengl_x11.

        This patch refactors not to call unnecessary API by checking engine type.
        In addition, removed unnecessary isUsingEcoreX().

        * platform/efl/EflScreenUtilities.cpp:
        (WebCore::applyFallbackCursor):
        (WebCore::getEcoreXWindow):
        (WebCore::isUsingEcoreX): Deleted.
        * platform/efl/EflScreenUtilities.h:

2014-05-01  Rik Cabanier  <cabanier@adobe.com>

        Calling createPattern with a broken image must throw an invalidstate error
        https://bugs.webkit.org/show_bug.cgi?id=132407

        Reviewed by Dirk Schulze.

        Per the WebIDL spec, passing non-finite parameter to a method that
        takes doubles, should generate a type error.

        Tests:
        * canvas/philip/tests/2d.imageData.create2.nonfinite.html:
        * fast/canvas/canvas-2d-imageData-create-nonfinite.html:

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::createImageData):

2014-04-30  David Hyatt  <hyatt@apple.com>

        REGRESSION (r168046): [New Multicolumn] LeftToRight-rl.html (and all the other reversed/block-axis pagination tests) fail
        https://bugs.webkit.org/show_bug.cgi?id=132419

        Reviewed by Andreas Kling.

        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::initialBlockOffsetForPainting):
        Don't flip here. The old code needed to do that, but the new code doesn't.

2014-04-30  Alexey Proskuryakov  <ap@apple.com>

        Roll out fix for https://bugs.webkit.org/show_bug.cgi?id=131637:
        Clean up unnecessary methods in the BackForwardClient interface

        It broke a regression test and an API test.

        * WebCore.exp.in:
        * history/BackForwardClient.h:
        (WebCore::BackForwardClient::backItem):
        (WebCore::BackForwardClient::currentItem):
        (WebCore::BackForwardClient::forwardItem):
        * history/BackForwardController.cpp:
        (WebCore::BackForwardController::BackForwardController):
        * history/BackForwardController.h:
        (WebCore::BackForwardController::client):
        * history/BackForwardList.cpp:
        (WebCore::BackForwardList::BackForwardList):
        (WebCore::BackForwardList::close):
        * history/BackForwardList.h:
        (WebCore::BackForwardList::create):
        (WebCore::BackForwardList::page):
        * page/Page.cpp:
        (WebCore::Page::Page):
        (WebCore::Page::PageClients::PageClients):
        * page/Page.h:

2014-04-30  Simon Fraser  <simon.fraser@apple.com>

        More iOS build fixing. MediaPlayerPrivateIOS is defunct and can be removed.
        Fix some build errors in other media files.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/MediaPlayer.cpp:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        * platform/graphics/ios/MediaPlayerPrivateIOS.h: Removed.
        * platform/graphics/ios/MediaPlayerPrivateIOS.mm: Removed.

2014-04-30  Simon Fraser  <simon.fraser@apple.com>

        Fix the iOS build, which no longer needs these calls
        to enter/exitFullscreen.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):

2014-04-30  Simon Fraser  <simon.fraser@apple.com>

        Remove ENABLE_PLUGIN_PROXY_FOR_VIDEO
        https://bugs.webkit.org/show_bug.cgi?id=132396

        Reviewed by Eric Carlson.

        Remove ENABLE_PLUGIN_PROXY_FOR_VIDEO and related code.

        * Configurations/FeatureDefines.xcconfig:
        * WebCore.exp.in:
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::canShareStyleWithElement):
        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::createDocument):
        * editing/TextIterator.cpp:
        (WebCore::isRendererReplacedElement):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::parseAttribute):
        * html/HTMLMediaElement.h:
        (WebCore::HTMLMediaElement::setNeedWidgetUpdate): Deleted.
        * html/HTMLMediaSession.cpp:
        (WebCore::HTMLMediaSession::showPlaybackTargetPicker):
        (WebCore::HTMLMediaSession::hasWirelessPlaybackTargets):
        (WebCore::HTMLMediaSession::setHasPlaybackTargetAvailabilityListeners):
        * html/HTMLVideoElement.cpp:
        (WebCore::HTMLVideoElement::createElementRenderer):
        (WebCore::HTMLVideoElement::didAttachRenderers):
        (WebCore::HTMLVideoElement::parseAttribute):
        (WebCore::HTMLVideoElement::setDisplayMode):
        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateSizes):
        * loader/EmptyClients.cpp:
        (WebCore::EmptyFrameLoaderClient::createMediaPlayerProxyPlugin): Deleted.
        * loader/EmptyClients.h:
        * loader/FrameLoaderClient.h:
        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::loadPlugin):
        (WebCore::SubframeLoader::loadMediaPlayerProxyPlugin): Deleted.
        * loader/SubframeLoader.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::updateEmbeddedObject):
        * page/Settings.cpp:
        (WebCore::Settings::setVideoPluginProxyEnabled): Deleted.
        * page/Settings.h:
        (WebCore::Settings::isVideoPluginProxyEnabled): Deleted.
        * platform/graphics/GraphicsLayerClient.h:
        (WebCore::GraphicsLayerClient::mediaLayerMustBeUpdatedOnMainThread): Deleted.
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::installedMediaEngines):
        (WebCore::MediaPlayer::MediaPlayer):
        (WebCore::MediaPlayer::loadWithNextMediaEngine):
        (WebCore::NullMediaPlayerPrivate::deliverNotification): Deleted.
        (WebCore::NullMediaPlayerPrivate::setMediaPlayerProxy): Deleted.
        (WebCore::NullMediaPlayerPrivate::setControls): Deleted.
        (WebCore::MediaPlayer::deliverNotification): Deleted.
        (WebCore::MediaPlayer::setMediaPlayerProxy): Deleted.
        (WebCore::MediaPlayer::setControls): Deleted.
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::deliverNotification): Deleted.
        (WebCore::MediaPlayerPrivateInterface::setMediaPlayerProxy): Deleted.
        (WebCore::MediaPlayerPrivateInterface::setControls): Deleted.
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::updateGeometry):
        (WebCore::GraphicsLayerCA::updateContentsRects):
        (WebCore::GraphicsLayerCA::mediaLayerMustBeUpdatedOnMainThread): Deleted.
        * platform/graphics/ca/GraphicsLayerCA.h:
        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::canHaveChildren):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::mediaLayerMustBeUpdatedOnMainThread): Deleted.
        * rendering/RenderLayerBacking.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresCompositingForVideo):

2014-04-30  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Some accerated overflow-scroll doesn't scroll correctly
        https://bugs.webkit.org/show_bug.cgi?id=132375

        Reviewed by Tim Horton.
        
        We set the size of the scrolling layer (which becomes the bounds of
        the UIScrollView) to a non-pixel-snapped padding box size, but the
        size of the contents layer is an integral-snapped scroll size.
        This would result in a fractional difference between the two, which
        makes us thing that the element is scrollable when it really is not.
        
        Fix by setting the size of the scroll layer to pixel snapped client size,
        which is what we also use for scrollability computation.
        
        Added some FIXMEs in code that requires pixel snapping.
        
        Also use #if PLATFORM(IOS)/#else to bracket some code that never runs on iOS
        but tries to do something similar to iOS-only code.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):

2014-04-30  David Hyatt  <hyatt@apple.com>

        REGRESSION (r168046): [New Multicolumn] Painting order is wrong for columns and fixed positioned elements
        https://bugs.webkit.org/show_bug.cgi?id=132377

        Reviewed by Simon Fraser.

        Added fast/multicol/fixed-stack.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::shouldBeSelfPaintingLayer):
        (WebCore::RenderLayer::shouldBeNormalFlowOnly):
        Change the flow thread layer for multicolumn layout to be normal flow only and to
        stay self-painting. This has the effect of keeping the flow thread layer grouped
        with the enclosing multicolumn layer, and this keeps the paint order correct when
        compositing kicks in (or when something would otherwise try to get between the
        two layers).

2014-04-30  Eric Carlson  <eric.carlson@apple.com>

        [iOS] do not pause video when entering background while playing to external device
        https://bugs.webkit.org/show_bug.cgi?id=132374

        Reviewed by Jer Noble.

        * WebCore.exp.in: Update beginInterruption signature.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::canOverrideBackgroundPlaybackRestriction): New, return true when
            playing to external device.
        * html/HTMLMediaElement.h:

        * platform/audio/MediaSession.cpp:
        (WebCore::MediaSession::beginInterruption): Add interruption type to beginInterruption.
        * platform/audio/MediaSession.h:

        * platform/audio/MediaSessionManager.cpp:
        (WebCore::MediaSessionManager::beginInterruption): Ditto.
        (WebCore::MediaSessionManager::applicationWillEnterBackground): Ditto.
        (WebCore::MediaSessionManager::systemWillSleep): Ditto.
        * platform/audio/MediaSessionManager.h:

        * platform/audio/ios/AudioDestinationIOS.h:
        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (-[WebMediaSessionHelper interruption:]): Ditto.

        * platform/audio/mac/AudioDestinationMac.h: Make most methods private. Add 
            canOverrideBackgroundPlaybackRestriction. Add missing overrides.
        * testing/Internals.cpp:
        (WebCore::Internals::beginMediaSessionInterruption): Pass interruption type.

2014-04-30  Manuel Rego Casasnovas  <rego@igalia.com>

        Unreviewed, rolling out r167879 and r167942.
        https://bugs.webkit.org/show_bug.cgi?id=132408

        OrderIterator changes caused regressions in flexbox (Requested
        by rego on #webkit).

        We're keeping the new layout test introduced in r167942
        (fast/flexbox/order-iterator-crash.html) to avoid similar
        regressions in the future.

        Reverted changesets:

        "OrderIterator refactoring to avoid extra loops"
        https://bugs.webkit.org/show_bug.cgi?id=119061
        http://trac.webkit.org/changeset/167879

        "REGRESSION (r167879): Heap-use-after-free in
        WebCore::RenderFlexibleBox"
        https://bugs.webkit.org/show_bug.cgi?id=132337
        http://trac.webkit.org/changeset/167942

2014-04-30  Enrica Casucci  <enrica@apple.com>

        Cursor gets thinner on empty lines.
        https://bugs.webkit.org/show_bug.cgi?id=132411
        <rdar://problem/15994556>

        Reviewed by Benjamin Poulain.

        RenderLineBreak::localCaretRect should not define
        locally the constant caretWidth, but use the one from
        RenderObject.h which knows about the differences between
        iOS and the other platforms.

        * rendering/RenderLineBreak.cpp:
        (WebCore::RenderLineBreak::localCaretRect):

2014-04-30  Víctor Manuel Jáquez Leal  <vjaquez@igalia.com>

        [GStreamer] Use GstMetaVideo
        https://bugs.webkit.org/show_bug.cgi?id=132247

        Reviewed by Philippe Normand.

        In WebKitVideoSink we announce the usage of GstMetaVideo, but we do
        not use it when handling the video frames. This might break
        some decoders and filters that rely on buffer's meta, rather
        that in the caps structures.

        This patch enables the use of GstMetaVideo through the GstVideoFrame
        API. And it is used everywhere the buffer mapping is required.

        Also this patch changes to nullptr where zeros were used.

        Also, compile conditionally the video buffer conversion when it is
        ARGB/BGRA, since it is only required for the Cairo backend.

        No new tests, already covered by current tests.

        * platform/graphics/gstreamer/GStreamerUtilities.cpp:
        (WebCore::getVideoSizeAndFormatFromCaps): init the GstVideoInfo before
        used and remove caps fixate check since it is done by
        gst_video_info_from_caps().
        * platform/graphics/gstreamer/ImageGStreamer.h:
        * platform/graphics/gstreamer/ImageGStreamerCairo.cpp:
        (ImageGStreamer::ImageGStreamer): use GstVideoFrame for buffer mapping
        and unmapping.
        (ImageGStreamer::~ImageGStreamer): ditto.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::updateTexture): ditto.
        (WebCore::MediaPlayerPrivateGStreamerBase::currentVideoSinkCaps):
        return nullptr if failed.
        * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
        (webkitVideoSinkRender): rely on GstVideoInfo rather than on the
        caps. Use GstVideoFrame for buffer mapping and unmapping. Add guards
        for buffer transformation, since it's only used by Cairo.
        (webkitVideoSinkDispose): remove glib version guards.
        (webkitVideoSinkSetCaps): update the value of the private
        GstVideoInfo.

2014-04-30  Víctor Manuel Jáquez Leal  <vjaquez@igalia.com>

        [GTK][GStreamer] Remove unnecessary GLIB_CHECK_VERSION #ifdefs
        https://bugs.webkit.org/show_bug.cgi?id=132390

        Reviewed by Philippe Normand.

        Since EFL port use GLib 2.38 and GTK+, 2.33.2, I assume it is OK
        remove, in GTK+ and GST, the existing glib version guards.

        No new tests, already covered by current tests.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
        (WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
        * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
        (webkitVideoSinkDispose):
        (webkitVideoSinkFinalize): Deleted.

2014-04-30  Alex Christensen  <achristensen@webkit.org>

        Updated ANGLE.
        https://bugs.webkit.org/show_bug.cgi?id=132367
        <rdar://problem/16211451>

        Reviewed by Dean Jackson.

        * CMakeLists.txt
        Fixed ANGLE compiling with the update.
        * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
        (WebCore::Extensions3DOpenGLCommon::getTranslatedShaderSourceANGLE):
        Removed SH_MAP_LONG_VARIABLE_NAMES which is no longer defined in ANGLE.
        See https://chromium.googlesource.com/angle/angle/+/3cdfcce86b38ef31a0afd71855887193a7924468
        * platform/graphics/opengl/Extensions3DOpenGLES.h:
        * platform/graphics/opengl/Extensions3DOpenGLES.cpp:
        Updated type names from ANGLE.

2014-04-30  Alexey Proskuryakov  <ap@apple.com>

        Move Blob.slice() implementation into BlobRegistryImpl
        https://bugs.webkit.org/show_bug.cgi?id=132402

        Reviewed by Anders Carlsson.

        Part or centralizing the responsibility for file size tracking.

        * fileapi/Blob.cpp:
        (WebCore::Blob::Blob):
        (WebCore::Blob::slice): Deleted.
        * fileapi/Blob.h:
        (WebCore::Blob::slice):
        * fileapi/ThreadableBlobRegistry.cpp:
        (WebCore::ThreadableBlobRegistry::registerBlobURL):
        (WebCore::ThreadableBlobRegistry::registerBlobURLForSlice):
        (WebCore::registerBlobURLTask): Deleted.
        (WebCore::registerBlobURLFromTask): Deleted.
        * fileapi/ThreadableBlobRegistry.h:
        * platform/network/BlobRegistry.h:
        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::appendStorageItems):
        (WebCore::BlobRegistryImpl::registerBlobURLForSlice):
        (WebCore::BlobRegistryImpl::blobSize):
        * platform/network/BlobRegistryImpl.h:

2014-04-30  Brent Fulgham  <bfulgham@apple.com>

        Unreviewed build fix after r168041.

        * WebCore.exp.in: Add missing iOS exports.

2014-04-30  Beth Dakin  <bdakin@apple.com>

        Always-visible scrollbars continuously repaint after non-momentum scrollling
        https://bugs.webkit.org/show_bug.cgi?id=132403
        -and corresponding-
        <rdar://problem/16553878>

        Reviewed by Simon Fraser.

        No longer universally opt into presentation value mode whenever the scroll 
        position changes on the scrolling thread. We really only want it for momentum 
        scrolls, and this will ensure that we always set it to NO once we have set it to 
        YES.
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
        (WebCore::ScrollingTreeScrollingNodeMac::handleWheelEvent):
        (WebCore::ScrollingTreeScrollingNodeMac::setScrollLayerPosition):

        Expose shouldUsePresentationValue.
        * platform/mac/NSScrollerImpDetails.h:

2014-04-30  Anders Carlsson  <andersca@apple.com>

        Move the legacy WebKit API into WebKitLegacy.framework and move it inside WebKit.framework
        https://bugs.webkit.org/show_bug.cgi?id=132399
        <rdar://problem/15920046>

        Reviewed by Dan Bernstein.

        Allow WebKitLegacy to link against WebCore.

        * Configurations/WebCore.xcconfig:

2014-04-30  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] ASSERTs in fast/dynamic/continuation-detach-crash.html
        https://bugs.webkit.org/show_bug.cgi?id=132392

        Reviewed by Dean Jackson.

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::setRegionRangeForBox):
        Add ASSERTs in case we ever try to set regions from the wrong flow thread
        as part of the box's region range.

        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted):
        Add a bunch of code that handles the discovery of a span from an outer flow thread
        being inserted into an inner flow thread. This forces us to delete that placeholder
        and shift the outer spanning content into the inner flow thread in order to get a new
        mapping/placeholder created in the inner flow thread.

        (WebCore::RenderMultiColumnFlowThread::flowThreadRelativeWillBeRemoved):
        Tighten this code to use the parent() just in case we change the invariant of
        parent = containingBlock later.

        * rendering/RenderMultiColumnFlowThread.h:
        Add a static guard when shifting a spanner to prevent the outer flow thread from
        thinking the spanner belongs to it when it gets punted out of the inner flow thread.
        A better long-term solution might be to make the spanner map global instead of
        per-flow thread.

        * rendering/RenderMultiColumnSpannerPlaceholder.cpp:
        (WebCore::RenderMultiColumnSpannerPlaceholder::RenderMultiColumnSpannerPlaceholder):
        * rendering/RenderMultiColumnSpannerPlaceholder.h:
        Cache the flow thread so that we can get back to it in order to detect if the
        placeholder belongs to us or not.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::insertedIntoTree):
        Notifications from insertedIntoTree are problematic, since this can be called during
        the layout of the outer flow thread for content inside an inner flow thread that is
        not getting a layout yet. This makes the currentFlowThread in the flow thread controller
        inaccurate, so we have to add code to clear it out and put it back.

2014-04-29  Chris Fleizach  <cfleizach@apple.com>

        AX: Make "contenteditable" regions into AXTextAreas
        https://bugs.webkit.org/show_bug.cgi?id=132379

        Reviewed by Mario Sanchez Prada.

        Make contenteditable regions into AXTextAreas. This will allow for a more standardized
        interface for interaction with assistive technologies.

        Test: accessibility/content-editable-as-textarea.html

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::hasContentEditableAttributeSet):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
        * accessibility/AccessibilityObject.h:
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::documentBasedSelectedTextRange):
        (WebCore::AccessibilityRenderObject::selectedText):
        (WebCore::AccessibilityRenderObject::selectedTextRange):
        (WebCore::AccessibilityRenderObject::renderObjectIsObservable):
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
        (WebCore::AccessibilityRenderObject::ariaSelectedTextRange): Deleted.
        * accessibility/AccessibilityRenderObject.h:

2014-04-30  Brian J. Burg  <burg@cs.washington.edu>

        Clean up unnecessary methods in the BackForwardClient interface
        https://bugs.webkit.org/show_bug.cgi?id=131637

        Reviewed by Andreas Kling.

        Demote back/current/forwardItem and iOS-specific methods from the
        BackForwardClient interface. Convert the class to not be refcounted.

        No new tests, no behavior was changed.

        * WebCore.exp.in:
        * history/BackForwardClient.h:
        (WebCore::BackForwardClient::~BackForwardClient): Deleted.
        (WebCore::BackForwardClient::backItem): Deleted.
        (WebCore::BackForwardClient::currentItem): Deleted.
        (WebCore::BackForwardClient::forwardItem): Deleted.
        * history/BackForwardController.cpp:
        (WebCore::BackForwardController::BackForwardController):
        * history/BackForwardController.h: Take ownership of the passed BackForwardClient.
        (WebCore::BackForwardController::client): Return a reference.
        * history/BackForwardList.h: Remove the Page field, since it isn't used any more.
        (WebCore::BackForwardList::create): Deleted.
        * page/Page.h: Remove RefPtr from PageClient.
        * page/Page.cpp:
        (WebCore::PageClients::PageClients): Initialize client to nullptr.

2014-04-30  Brent Fulgham  <bfulgham@apple.com>

        [Mac, iOS] Support caption activation via JS webkitHasClosedCaptions method
        https://bugs.webkit.org/show_bug.cgi?id=132320

        Reviewed by Eric Carlson.

        * Modules/mediacontrols/mediaControlsApple.css:
        (video::-webkit-media-text-track-container .hidden): Added.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::configureTextTrackGroup): Added call to
        new 'updateCaptionsContainer'.
        (WebCore::HTMLMediaElement::updateCaptionContainer): Added.
        * html/HTMLMediaElement.h:

2014-04-30  Alexey Proskuryakov  <ap@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=132363
        Make Blob RawData immutable

        Reviewed by Anders Carlsson.

        * Modules/websockets/WebSocket.cpp: (WebCore::WebSocket::didReceiveBinaryData):
        Create RawData in one step.

        * WebCore.exp.in: Don't export a constructor that we no longer have (and the new one is inline).

        * fileapi/Blob.cpp: Removed entirely dead code.

        * fileapi/WebKitBlobBuilder.cpp:
        * fileapi/WebKitBlobBuilder.h:
        Updated to collect data in a plain Vector, so that we don't have to modify RawData.
        Removed FIXMEs about renaming - there used to be a BlobBuilder exposed to JS, but
        now this is just a helper to implement JS Blob constructor. We should probably
        still rename it, but not how the FIXME suggested.

        * platform/network/BlobData.cpp:
        (WebCore::BlobDataItem::detachFromCurrentThread): RawData::detachFromCurrentThread()
        was a no-op.
        (WebCore::BlobDataHandle::BlobDataHandle): Deleted. This was entirely dead code.
        (WebCore::BlobDataHandle::~BlobDataHandle): Ditto.

        * platform/network/BlobData.h: Made RawData immutable.

        * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::responseBlob):
        Create RawData in one step.

2014-04-30  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Region offset not factored in when mapping to local coords
        https://bugs.webkit.org/show_bug.cgi?id=132383

        Reviewed by Anders Carlsson.

        Make sure to cache the offset of the multicolumn set from its parent and then
        add that in to the translation offset.

        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::mapAbsoluteToLocalPoint):

2014-04-30  Zsolt Borbely  <zsborbely.u-szeged@partner.samsung.com>

        Move removeEquivalentProperties functions to EditingStyle
        https://bugs.webkit.org/show_bug.cgi?id=131093

        Reviewed by Csaba Osztrogonác.

        A follow-up to r167967. Use single line declaration for template methods.

        * editing/EditingStyle.h:

2014-04-30  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Grid Layout] Enable runtime feature by default
        https://bugs.webkit.org/show_bug.cgi?id=132189

        Reviewed by Benjamin Poulain.

        * page/Settings.in: Set cssGridLayoutEnabled to true.

2014-04-30  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Grid Layout] Wrap some specific grid code under compilation flag
        https://bugs.webkit.org/show_bug.cgi?id=132341

        Reviewed by Benjamin Poulain.

        Some static variables in RenderBox are only used for CSS Grid Layout code. Wrap them and the related methods
        under ENABLE_CSS_GRID_LAYOUT compilation flag.

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::willBeDestroyed):
        (WebCore::RenderBox::containingBlockLogicalWidthForContent):
        (WebCore::RenderBox::containingBlockLogicalHeightForContent):
        (WebCore::RenderBox::perpendicularContainingBlockLogicalHeight):
        (WebCore::RenderBox::computePercentageLogicalHeight):
        * rendering/RenderBox.h:

2014-04-29  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167962 and r167975.
        https://bugs.webkit.org/show_bug.cgi?id=132376

        Mysteriously broke many tests (Requested by ap on #webkit).

        Reverted changesets:

        "[Mac, iOS] Support caption activation via JS
        webkitHasClosedCaptions method"
        https://bugs.webkit.org/show_bug.cgi?id=132320
        http://trac.webkit.org/changeset/167962

        "Unreviewed test fix after r167962."
        http://trac.webkit.org/changeset/167975

2014-04-29  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Multiple tests assert in RenderGeometryMap
        https://bugs.webkit.org/show_bug.cgi?id=132285

        Reviewed by Simon Fraser.

        Implement offsetFromContainer for RenderMultiColumnFlowThread so that the
        geometry map gets the right offsets. This is really only relevant for the 
        geometry map, since I already overrode mapAbsoluteToLocalPoint and multicolumn
        flow threads are repaint containers (so mapLocalToAbsolute never needs offsetFromContainer).

        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::offsetFromContainer):
        * rendering/RenderMultiColumnFlowThread.h:

2014-04-29  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] When pageScaleFactor * deviceScaleFactor = 1, the tile grid is completely messed up
        https://bugs.webkit.org/show_bug.cgi?id=132368

        Reviewed by Simon Fraser.

        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::TileController):
        The initial device scale factor was initialized to 1. We were returning the wrong zoomedOutContentsScale() and
        contentsScale() on retina devices until the next successful scale update.

2014-04-29  Alexey Proskuryakov  <ap@apple.com>

        Remove an unused override of BlobRegistryImpl::appendStorageItems
        https://bugs.webkit.org/show_bug.cgi?id=132365

        Reviewed by Andreas Kling.

        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::appendStorageItems): Deleted.
        * platform/network/BlobRegistryImpl.h:

2014-04-29  Eric Carlson  <eric.carlson@apple.com>

        [Mac] tag the video layers with descriptive name to aid debugging
        https://bugs.webkit.org/show_bug.cgi?id=132371

        Reviewed by Darin Adler.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoLayer): Set the AVPlayerLayer
            name in a debug build.

2014-04-29  Nikos Andronikos  <nikos.andronikos-webkit@cisra.canon.com.au>

        [GTK][cmake] CMake variable (non)expansion causing 'File name too long' build error.
        https://bugs.webkit.org/show_bug.cgi?id=132244

        Reviewed by Martin Robinson.

        Removing quotes around include directory variable ${WebCore_INCLUDE_DIRECTORIES} in
        the include_directories cmake macro enables the variable to be expanded correctly.

        No tests created as this fixes a platform specific build issue.

        * PlatformGTK.cmake:

2014-04-29  Brent Fulgham  <bfulgham@apple.com>

        Unreviewed test fix after r167962.
        * Modules/mediacontrols/mediaControlsApple.css:
        (.hidden): Use common '.hidden' class for controls.
        (video::-webkit-media-text-track-container .hidden): Deleted.

2014-04-29  Brady Eidson  <beidson@apple.com>

        Handle selection services menu.
        <rdar://problem/16727798> and https://bugs.webkit.org/show_bug.cgi?id=132362

        Reviewed by Tim Horton.

        * WebCore.exp.in:

2014-04-29  Myles C. Maxfield  <mmaxfield@apple.com>

        Removing unused argument in InlineFlowBox::placeBoxesInInlineDirection()
        https://bugs.webkit.org/show_bug.cgi?id=132369

        Reviewed by Darin Adler.

        This was not caught by our compiler because placeBoxesInInlineDirection()
        is mutually-recursive with placeBoxRangeInInlineDirection().

        No new tests are necessary because there should be no behavior change.

        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::placeBoxesInInlineDirection):
        (WebCore::InlineFlowBox::placeBoxRangeInInlineDirection):
        * rendering/InlineFlowBox.h:
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::computeInlineDirectionPositionsForLine):

2014-04-29  Alex Christensen  <achristensen@webkit.org>

        [WinCairo] Switch video from GStreamer to Media Foundation.
        https://bugs.webkit.org/show_bug.cgi?id=132358

        Reviewed by Brent Fulgham.

        * WebCore.vcxproj/WebCore.vcxproj:
        Removed dependencies on GStreamer.

2014-04-29  Simon Fraser  <simon.fraser@apple.com>

        Remove some PLATFORM(IOS) #ifdefs related to hasAcceleratedTouchScrolling()
        https://bugs.webkit.org/show_bug.cgi?id=132353

        Reviewed by Tim Horton & Darin Adler.

        Minor cleanup and refactoring to remove #idefs.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollTo): No need for this #ifdef, usesCompositedScrolling()
        gives the right answser already.
        (WebCore::RenderLayer::visibleContentRectInternal): Use showsOverflowControls() to
        avoid #ifdef.
        (WebCore::RenderLayer::invalidateScrollbarRect): Ditto.
        (WebCore::RenderLayer::invalidateScrollCornerRect): Ditto.
        (WebCore::RenderLayer::verticalScrollbarWidth): Ditto.
        (WebCore::RenderLayer::horizontalScrollbarHeight): Ditto.
        (WebCore::RenderLayer::showsOverflowControls): Return false on iOS.
        (WebCore::RenderLayer::paintOverflowControls): Ditto.
        (WebCore::RenderLayer::calculateClipRects): Ditto.
        * rendering/RenderLayer.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::layerOrAncestorIsTransformedOrUsingCompositedScrolling):
        Just #ifdef in side of this function rather than having two similar functions.
        (WebCore::RenderLayerBacking::shouldClipCompositedBounds):
        (WebCore::hasNonZeroTransformOrigin):
        (WebCore::RenderLayerBacking::updateGraphicsLayerConfiguration): Use a local bool
        to reduce #ifdefs.
        (WebCore::layerOrAncestorIsTransformedOrScrolling): Deleted.

2014-04-29  Simon Fraser  <simon.fraser@apple.com>

        Remove Settings::compositedScrollingForFramesEnabled
        https://bugs.webkit.org/show_bug.cgi?id=132352

        Reviewed by Andreas Kling.

        The usesCompositedScrolling setting was only used by Chromium, so
        remove it and associated code.

        * page/FrameView.cpp:
        (WebCore::FrameView::usesCompositedScrolling): Deleted.
        * page/FrameView.h:
        * page/Settings.in:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateScrollLayerPosition):

2014-04-29  Zsolt Borbely  <zsborbely.u-szeged@partner.samsung.com>

        Move removeEquivalentProperties functions to EditingStyle
        https://bugs.webkit.org/show_bug.cgi?id=131093

        Reviewed by Darin Adler.

        Moved the removeEquivalentProperties functions
        from StyleProperties to EditingStyle class.

        * css/StyleProperties.cpp:
        (WebCore::MutableStyleProperties::removeEquivalentProperties): Deleted.
        * css/StyleProperties.h:
        * editing/EditingStyle.cpp:
        (WebCore::EditingStyle::removeStyleAddedByNode):
        (WebCore::EditingStyle::removeStyleConflictingWithStyleOfNode):
        (WebCore::EditingStyle::prepareToApplyAt):
        (WebCore::EditingStyle::removeEquivalentProperties):
        (WebCore::extractPropertiesNotIn):
        * editing/EditingStyle.h:

2014-04-29  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Implement support for compositing
        https://bugs.webkit.org/show_bug.cgi?id=132298

        Reviewed by Simon Fraser.

        * rendering/RenderLayer.cpp:
        (WebCore::accumulateOffsetTowardsAncestor):
        Add in a case for the new columns that calls into the multi-column flow thread
        to get an offset to adjust by.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::adjustAncestorCompositingBoundsForFlowThread):
        Make sure this code only runs for named flow threads.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::canBeComposited):
        Turn on compositing support for in-flow RenderFlowThreads instead of always returning
        false

        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::physicalTranslationOffsetFromFlowToRegion):
        Changed this function to fix a couple of bugs exposed by compositing/columns tests. Its
        end goal is the same, but the approach is improved.

        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::endFlow):
        Don't pad out to a multiple of column height. You can't flip around a flow thread
        to get back to accurate physical coordinates if bogus padding is introduced. This
        seemed to have no effect on any layout tests when removed, so I don't think it 
        was really serving any useful purpose.

        (WebCore::RenderMultiColumnSet::columnTranslationForOffset):
        Don't factor in the overall flow thread portion, since this is handled by the callers
        now.

        (WebCore::RenderMultiColumnSet::adjustRegionBoundsFromFlowThreadPortionRect):
        * rendering/RenderMultiColumnSet.h:
        Change this function to be ASSERT_NOT_REACHED(), since we want to know if someone calls
        it. It only runs for named flow thread compositing code, so it would be a mistake if
        this ever gets invoked.

2014-04-29  Mark Hahnenberg  <mhahnenberg@apple.com>

        JSProxies should be cacheable
        https://bugs.webkit.org/show_bug.cgi?id=132351

        Reviewed by Geoffrey Garen.

        No new tests.

        Whenever we encounter a proxy in an inline cache we should try to cache on the 
        proxy's target instead of giving up.

        This patch adds support for a simple "recursive" inline cache if the base object
        we're accessing is a pure forwarding proxy. JSGlobalObject and its subclasses 
        are the only ones to benefit from this right now.

        This is performance neutral on the benchmarks we track. Currently we won't
        cache on JSDOMWindow due to HasImpureGetOwnPropertySlot, but this issue will be fixed soon.

        * bindings/js/JSDOMWindowShell.h:
        (WebCore::JSDOMWindowShell::createStructure):

2014-04-29  Brent Fulgham  <bfulgham@apple.com>

        [Mac, iOS] Support caption activation via JS webkitHasClosedCaptions method
        https://bugs.webkit.org/show_bug.cgi?id=132320

        Reviewed by Eric Carlson.

        * Modules/mediacontrols/mediaControlsApple.css:
        (video::-webkit-media-text-track-container .hidden): Added.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::configureTextTrackGroup): Added call to
        new 'updateCaptionsContainer'.
        (WebCore::HTMLMediaElement::updateCaptionContainer): Added.
        * html/HTMLMediaElement.h:
        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::hide): Use CSS class .hidden instead of
        hard-coded "display:none".
        (WebCore::MediaControlTextTrackContainerElement::show): Ditto.
        * html/shadow/MediaControlElements.h:

2014-04-28  Roger Fong  <roger_fong@apple.com>

        Plugins hidden by images should autoplay.
        https://bugs.webkit.org/show_bug.cgi?id=132222.
        <rdar://problem/16653536>

        Reviewed by Jon Lee and Darin Adler.

        * WebCore.exp.in: Add exports needed by WK2.

2014-04-29  Filip Pizlo  <fpizlo@apple.com>

        Use LLVM as a backend for the fourth-tier DFG JIT (a.k.a. the FTL JIT)
        https://bugs.webkit.org/show_bug.cgi?id=112840

        Rubber stamped by Geoffrey Garen.

        It already has a lot of tests.

        * Configurations/FeatureDefines.xcconfig:

2014-04-29  Brady Eidson  <beidson@apple.com>

        Change Image Controls replacement to use selection and paste
        <rdar://problem/16302722> and https://bugs.webkit.org/show_bug.cgi?id=131992

        Reviewed by Tim Horton.

        * WebCore.exp.in: Remove deleted symbol.

        * html/shadow/mac/ImageControlsButtonElementMac.cpp:
        (WebCore::ImageControlsButtonElementMac::defaultEventHandler):

        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::showImageControlsMenu): Select the image element
          before showing the menu.
        (WebCore::ContextMenuController::replaceControlledImage): Deleted.
        * page/ContextMenuController.h:

2014-04-29  Jer Noble  <jer.noble@apple.com>

        [iOS] Remove workaround for <rdar://problem/16578727>.
        https://bugs.webkit.org/show_bug.cgi?id=132338

        Reviewed by Darin Adler.

        Now that <rdar://problem/16578727> is fixed, remove the workaround by replacing the
        call to -_updatePlaybackControlsViewController with one to -layoutIfNeeded.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::enterFullscreen):

2014-04-29  Zan Dobersek  <zdobersek@igalia.com>

        ScriptExecutionContext::Task should work well with C++11 lambdas
        https://bugs.webkit.org/show_bug.cgi?id=129795

        Reviewed by Darin Adler.

        Instead of having classes that subclass ScriptExecutionContext::Task and override
        the performTask(ScriptExecutionContext*) method, have the ScriptExecutionContext::Task
        take in a std::function<void (ScriptExecutionContext*)>-like object trough the constructor
        which would contain the code currently kept in the performTask() methods.

        This enables inlining C++11 lambdas into ScriptExecutionContext::postTask() calls. For
        cleanup tasks, the Task object can be implicitly constructed by using the initializer list
        constructor with the first argument being the ScriptExecutionContext::Task::CleanupTask tag.
        The ScriptExecutionContext class remains non-copyable and now stores the passed-in invokable
        object in the std::function wrapper, along with a boolean member that indicates whether the
        task is of cleanup nature.

        * Modules/quota/StorageErrorCallback.cpp:
        (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
        (WebCore::StorageErrorCallback::CallbackTask::performTask): Deleted.
        * Modules/quota/StorageErrorCallback.h:
        (WebCore::StorageErrorCallback::CallbackTask::create): Deleted.
        * Modules/webdatabase/Database.cpp:
        (WebCore::Database::~Database):
        (WebCore::Database::runTransaction):
        (WebCore::Database::scheduleTransactionCallback):
        (WebCore::DerefContextTask::create): Deleted.
        (WebCore::DerefContextTask::performTask): Deleted.
        (WebCore::DerefContextTask::isCleanupTask): Deleted.
        (WebCore::DerefContextTask::DerefContextTask): Deleted.
        (WebCore::callTransactionErrorCallback): Deleted.
        (WebCore::DeliverPendingCallbackTask::create): Deleted.
        (WebCore::DeliverPendingCallbackTask::performTask): Deleted.
        (WebCore::DeliverPendingCallbackTask::DeliverPendingCallbackTask): Deleted.
        * Modules/webdatabase/DatabaseManager.cpp:
        (WebCore::DatabaseManager::openDatabase):
        (WebCore::DatabaseCreationCallbackTask::create): Deleted.
        (WebCore::DatabaseCreationCallbackTask::performTask): Deleted.
        (WebCore::DatabaseCreationCallbackTask::DatabaseCreationCallbackTask): Deleted.
        * Modules/webdatabase/DatabaseSync.cpp:
        (WebCore::CloseSyncDatabaseOnContextThreadTask::create): Deleted.
        (WebCore::CloseSyncDatabaseOnContextThreadTask::performTask): Deleted.
        (WebCore::CloseSyncDatabaseOnContextThreadTask::CloseSyncDatabaseOnContextThreadTask): Deleted.
        * Modules/webdatabase/SQLCallbackWrapper.h:
        (WebCore::SQLCallbackWrapper::clear):
        (WebCore::SQLCallbackWrapper::SafeReleaseTask::create): Deleted.
        (WebCore::SQLCallbackWrapper::SafeReleaseTask::performTask): Deleted.
        (WebCore::SQLCallbackWrapper::SafeReleaseTask::isCleanupTask): Deleted.
        (WebCore::SQLCallbackWrapper::SafeReleaseTask::SafeReleaseTask): Deleted.
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
        (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
        (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.h:
        * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadDestroy):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::disconnect):
        (WebCore::WorkerThreadableWebSocketChannel::WorkerGlobalScopeDidInitializeTask::create): Deleted.
        (WebCore::WorkerThreadableWebSocketChannel::WorkerGlobalScopeDidInitializeTask::~WorkerGlobalScopeDidInitializeTask): Deleted.
        (WebCore::WorkerThreadableWebSocketChannel::WorkerGlobalScopeDidInitializeTask::WorkerGlobalScopeDidInitializeTask): Deleted.
        * Modules/websockets/WorkerThreadableWebSocketChannel.h:
        * bindings/js/JSCallbackData.h:
        (WebCore::DeleteCallbackDataTask::DeleteCallbackDataTask):
        (WebCore::DeleteCallbackDataTask::create): Deleted.
        (WebCore::DeleteCallbackDataTask::performTask): Deleted.
        (WebCore::DeleteCallbackDataTask::isCleanupTask): Deleted.
        * bindings/js/JSDOMGlobalObjectTask.cpp:
        (WebCore::JSGlobalObjectTask::JSGlobalObjectTask):
        (WebCore::JSGlobalObjectTask::~JSGlobalObjectTask): Deleted.
        (WebCore::JSGlobalObjectTask::performTask): Deleted.
        * bindings/js/JSDOMGlobalObjectTask.h:
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::queueTaskToEventLoop):
        * bindings/js/JSWorkerGlobalScopeBase.cpp:
        (WebCore::JSWorkerGlobalScopeBase::queueTaskToEventLoop):
        * bindings/scripts/CodeGeneratorJS.pm:
        * bindings/scripts/test/JS/JSTestCallback.cpp:
        (WebCore::JSTestCallback::~JSTestCallback):
        (GenerateCallbackImplementation):
        * dom/CrossThreadTask.h:
        (WebCore::CrossThreadTask1::performTask):
        (WebCore::CrossThreadTask2::performTask):
        (WebCore::CrossThreadTask3::performTask):
        (WebCore::CrossThreadTask4::performTask):
        (WebCore::CrossThreadTask5::performTask):
        (WebCore::CrossThreadTask6::performTask):
        (WebCore::CrossThreadTask7::performTask):
        (WebCore::CrossThreadTask8::performTask):
        (WebCore::createCallbackTask):
        (WebCore::CrossThreadTask1::create): Deleted.
        (WebCore::CrossThreadTask2::create): Deleted.
        (WebCore::CrossThreadTask3::create): Deleted.
        (WebCore::CrossThreadTask4::create): Deleted.
        (WebCore::CrossThreadTask5::create): Deleted.
        (WebCore::CrossThreadTask6::create): Deleted.
        (WebCore::CrossThreadTask7::create): Deleted.
        (WebCore::CrossThreadTask8::create): Deleted.
        * dom/Document.cpp:
        (WebCore::Document::addConsoleMessage):
        (WebCore::Document::addMessage):
        (WebCore::Document::postTask):
        (WebCore::Document::pendingTasksTimerFired):
        (WebCore::PerformTaskContext::PerformTaskContext): Deleted.
        (WebCore::Document::didReceiveTask): Deleted.
        * dom/Document.h:
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::processMessagePortMessagesSoon):
        (WebCore::ScriptExecutionContext::timerAlignmentInterval):
        (WebCore::ProcessMessagesSoonTask::create): Deleted.
        (WebCore::ScriptExecutionContext::AddConsoleMessageTask::performTask): Deleted.
        (WebCore::ScriptExecutionContext::Task::~Task): Deleted.
        * dom/ScriptExecutionContext.h:
        (WebCore::ScriptExecutionContext::Task::Task):
        (WebCore::ScriptExecutionContext::Task::performTask):
        (WebCore::ScriptExecutionContext::Task::isCleanupTask):
        (WebCore::ScriptExecutionContext::AddConsoleMessageTask::AddConsoleMessageTask):
        (WebCore::ScriptExecutionContext::AddConsoleMessageTask::create): Deleted.
        * dom/StringCallback.cpp:
        (WebCore::StringCallback::scheduleCallback):
        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::postListenerTask):
        (WebCore::CallCacheListenerTask::create): Deleted.
        (WebCore::CallCacheListenerTask::CallCacheListenerTask): Deleted.
        * workers/DefaultSharedWorkerRepository.cpp:
        (WebCore::SharedWorkerProxy::postTaskToLoader):
        (WebCore::SharedWorkerProxy::postTaskForModeToWorkerGlobalScope):
        (WebCore::SharedWorkerConnectTask::SharedWorkerConnectTask):
        (WebCore::DefaultSharedWorkerRepository::workerScriptLoaded):
        (WebCore::DefaultSharedWorkerRepository::connectToWorker):
        (WebCore::SharedWorkerConnectTask::create): Deleted.
        (WebCore::SharedWorkerConnectTask::performTask): Deleted.
        * workers/WorkerEventQueue.cpp:
        (WebCore::WorkerEventQueue::EventDispatcher::EventDispatcher):
        (WebCore::WorkerEventQueue::EventDispatcher::~EventDispatcher):
        (WebCore::WorkerEventQueue::EventDispatcher::dispatch):
        (WebCore::WorkerEventQueue::enqueueEvent):
        (WebCore::WorkerEventQueue::cancelEvent):
        (WebCore::WorkerEventQueue::close):
        * workers/WorkerEventQueue.h:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::close):
        (WebCore::WorkerGlobalScope::postTask):
        (WebCore::WorkerGlobalScope::addConsoleMessage):
        (WebCore::WorkerGlobalScope::addMessage):
        (WebCore::CloseWorkerGlobalScopeTask::create): Deleted.
        (WebCore::CloseWorkerGlobalScopeTask::performTask): Deleted.
        (WebCore::CloseWorkerGlobalScopeTask::isCleanupTask): Deleted.
        * workers/WorkerGlobalScope.h:
        * workers/WorkerLoaderProxy.h:
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::postMessageToWorkerObject):
        (WebCore::WorkerMessagingProxy::postMessageToWorkerGlobalScope):
        (WebCore::WorkerMessagingProxy::postTaskForModeToWorkerGlobalScope):
        (WebCore::WorkerMessagingProxy::postTaskToLoader):
        (WebCore::WorkerMessagingProxy::postExceptionToWorkerObject):
        (WebCore::WorkerMessagingProxy::workerThreadCreated):
        (WebCore::WorkerMessagingProxy::notifyNetworkStateChange):
        (WebCore::WorkerMessagingProxy::workerGlobalScopeDestroyed):
        (WebCore::WorkerMessagingProxy::workerGlobalScopeClosed):
        (WebCore::WorkerMessagingProxy::postMessageToPageInspector):
        (WebCore::WorkerMessagingProxy::confirmMessageFromWorkerObject):
        (WebCore::WorkerMessagingProxy::reportPendingActivity):
        (WebCore::MessageWorkerGlobalScopeTask::create): Deleted.
        (WebCore::MessageWorkerGlobalScopeTask::MessageWorkerGlobalScopeTask): Deleted.
        (WebCore::MessageWorkerGlobalScopeTask::performTask): Deleted.
        (WebCore::MessageWorkerTask::create): Deleted.
        (WebCore::MessageWorkerTask::MessageWorkerTask): Deleted.
        (WebCore::MessageWorkerTask::performTask): Deleted.
        (WebCore::WorkerExceptionTask::create): Deleted.
        (WebCore::WorkerExceptionTask::WorkerExceptionTask): Deleted.
        (WebCore::WorkerExceptionTask::performTask): Deleted.
        (WebCore::WorkerGlobalScopeDestroyedTask::create): Deleted.
        (WebCore::WorkerGlobalScopeDestroyedTask::WorkerGlobalScopeDestroyedTask): Deleted.
        (WebCore::WorkerGlobalScopeDestroyedTask::performTask): Deleted.
        (WebCore::WorkerTerminateTask::create): Deleted.
        (WebCore::WorkerTerminateTask::WorkerTerminateTask): Deleted.
        (WebCore::WorkerTerminateTask::performTask): Deleted.
        (WebCore::WorkerThreadActivityReportTask::create): Deleted.
        (WebCore::WorkerThreadActivityReportTask::WorkerThreadActivityReportTask): Deleted.
        (WebCore::WorkerThreadActivityReportTask::performTask): Deleted.
        (WebCore::PostMessageToPageInspectorTask::create): Deleted.
        (WebCore::PostMessageToPageInspectorTask::PostMessageToPageInspectorTask): Deleted.
        (WebCore::PostMessageToPageInspectorTask::performTask): Deleted.
        (WebCore::NotifyNetworkStateChangeTask::create): Deleted.
        (WebCore::NotifyNetworkStateChangeTask::NotifyNetworkStateChangeTask): Deleted.
        (WebCore::NotifyNetworkStateChangeTask::performTask): Deleted.
        * workers/WorkerMessagingProxy.h:
        * workers/WorkerRunLoop.cpp:
        (WebCore::WorkerRunLoop::postTask):
        (WebCore::WorkerRunLoop::postTaskAndTerminate):
        (WebCore::WorkerRunLoop::postTaskForMode):
        (WebCore::WorkerRunLoop::Task::create):
        (WebCore::WorkerRunLoop::Task::performTask):
        (WebCore::WorkerRunLoop::Task::Task):
        * workers/WorkerRunLoop.h:
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::stop):
        (WebCore::WorkerThread::releaseFastMallocFreeMemoryInAllThreads):
        (WebCore::WorkerThreadShutdownFinishTask::create): Deleted.
        (WebCore::WorkerThreadShutdownFinishTask::performTask): Deleted.
        (WebCore::WorkerThreadShutdownFinishTask::isCleanupTask): Deleted.
        (WebCore::WorkerThreadShutdownStartTask::create): Deleted.
        (WebCore::WorkerThreadShutdownStartTask::performTask): Deleted.
        (WebCore::WorkerThreadShutdownStartTask::isCleanupTask): Deleted.

2014-04-29  Manuel Rego Casasnovas  <rego@igalia.com>

        REGRESSION (r167879): Heap-use-after-free in WebCore::RenderFlexibleBox
        https://bugs.webkit.org/show_bug.cgi?id=132337

        Reviewed by Simon Fraser.

        From Blink r154582 by <jchaffraix@chromium.org>

        This is a regression from the changes in OrderIterator. The issue is
        that we don't invalidate our iterator when a child is removed. This
        means that we could hold onto free'd memory until the next layout
        when we will recompute the iterator.

        The solution is simple: just clear the memory when we remove a child.

        Note that RenderGrid is not impacted by this bug as we don't use the
        iterator outside layout yet, but if we do it at some point the very same
        problem will arise, so the same treatment was applied to the class.

        Test: fast/flexbox/order-iterator-crash.html

        * rendering/OrderIterator.cpp:
        (WebCore::OrderIterator::invalidate): Clear m_children Vector.
        * rendering/OrderIterator.h:
        (WebCore::OrderIteratorPopulator::OrderIteratorPopulator): Use
        invalidate() method.
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::removeChild): Invalidate m_orderIterator.
        * rendering/RenderFlexibleBox.h: Add removeChild() signature.
        * rendering/RenderGrid.cpp: Invalidate m_orderIterator.
        (WebCore::RenderGrid::removeChild):
        * rendering/RenderGrid.h: Add removeChild() header.

2014-04-29  Enrica Casucci  <enrica@apple.com>

        iOS build fix after http://trac.webkit.org/changeset/167937.
        Unreviewed.

        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::adjustButtonStyle):

2014-04-29  Hans Muller  <hmuller@adobe.com>

        [CSS Shapes] off-by-one error in Shape::createRasterShape()
        https://bugs.webkit.org/show_bug.cgi?id=132154

        Reviewed by Bem Jones-Bey.

        This is a port of a patch for a bug that was reported by and fixed in Blink by
        David Vest: https://codereview.chromium.org/237123002/.  Shape::createRasterShape()
        now consistently reports "end-point exclusive" intervals. Before the patch
        an entire row of pixels was above the shape-image-threshold, the interval's end
        index was reported as image.width. Now it's image.width + 1, which is consistent
        with the way the end index is reported if the last above threshold pixel is within
        an image row.

        Two existing tests were revised to account for this change.

        * rendering/shapes/RasterShape.cpp:
        (WebCore::RasterShape::getExcludedIntervals):
        * rendering/shapes/Shape.cpp:
        (WebCore::Shape::createRasterShape):

2014-04-29  Bem Jones-Bey  <bjonesbe@adobe.com>

        Wrap CSS length conversion arguments in an object
        https://bugs.webkit.org/show_bug.cgi?id=131552

        Reviewed by Andreas Kling.

        This patch introduces a class CSSToLengthConversionData to wrap the
        data required to convert CSS lengths to Lengths. This simplifies the
        plumbing that goes on whenever we need to resolve CSS lengths and
        makes it easier to update the arguments needed for resolving these (in
        particular adding a RenderView for resolving viewport units at style
        recalc time; removing the computingFontSize bool also appears
        possible).

        Note that the zoom argument, which was previously a float in some
        places and a double in others is now a float.

        This is a port of a Blink patch by timloh@chromium.org.

        No new tests, no behavior change.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:
        * css/BasicShapeFunctions.cpp:
        (WebCore::convertToLength):
        (WebCore::convertToLengthSize):
        (WebCore::convertToCenterCoordinate):
        (WebCore::cssValueToBasicShapeRadius):
        (WebCore::basicShapeForValue):
        * css/BasicShapeFunctions.h:
        * css/CSSCalculationValue.cpp:
        (WebCore::CSSCalcValue::computeLengthPx):
        (WebCore::determineCategory):
        * css/CSSCalculationValue.h:
        (WebCore::CSSCalcValue::createCalculationValue):
        * css/CSSGradientValue.cpp:
        (WebCore::CSSGradientValue::addStops):
        (WebCore::positionFromValue):
        (WebCore::CSSGradientValue::computeEndPoint):
        (WebCore::CSSLinearGradientValue::createGradient):
        (WebCore::CSSRadialGradientValue::resolveRadius):
        (WebCore::CSSRadialGradientValue::createGradient):
        * css/CSSGradientValue.h:
        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::computeLength):
        (WebCore::CSSPrimitiveValue::computeLengthDouble):
        * css/CSSPrimitiveValue.h:
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::convertToLength):
        * css/CSSToLengthConversionData.cpp: Added.
        (WebCore::CSSToLengthConversionData::zoom):
        * css/CSSToLengthConversionData.h: Added.
        (WebCore::CSSToLengthConversionData::CSSToLengthConversionData):
        (WebCore::CSSToLengthConversionData::style):
        (WebCore::CSSToLengthConversionData::rootStyle):
        (WebCore::CSSToLengthConversionData::computingFontSize):
        (WebCore::CSSToLengthConversionData::copyWithAdjustedZoom):
        * css/CSSToStyleMap.cpp:
        (WebCore::CSSToStyleMap::CSSToStyleMap):
        (WebCore::CSSToStyleMap::mapFillSize):
        (WebCore::CSSToStyleMap::mapFillXPosition):
        (WebCore::CSSToStyleMap::mapFillYPosition):
        (WebCore::CSSToStyleMap::mapNinePieceImageQuad):
        * css/CSSToStyleMap.h:
        (WebCore::CSSToStyleMap::CSSToStyleMap): Deleted.
        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::ApplyPropertyAuto::applyValue):
        (WebCore::ApplyPropertyClip::convertToLength):
        (WebCore::ApplyPropertyLength::applyValue):
        (WebCore::ApplyPropertyBorderRadius::applyValue):
        (WebCore::ApplyPropertyComputeLength::applyValue):
        (WebCore::ApplyPropertyFontSize::applyValue):
        (WebCore::csstoLengthConversionDataWithTextZoomFactor):
        (WebCore::ApplyPropertyMarqueeIncrement::applyValue):
        (WebCore::ApplyPropertyLineHeight::applyValue):
        (WebCore::ApplyPropertyLineHeightForIOSTextAutosizing::applyValue):
        (WebCore::ApplyPropertyWordSpacing::applyValue):
        (WebCore::ApplyPropertyPageSize::mmLength):
        (WebCore::ApplyPropertyPageSize::inchLength):
        (WebCore::ApplyPropertyPageSize::applyValue):
        (WebCore::ApplyPropertyVerticalAlign::applyValue):
        (WebCore::ApplyPropertyClipPath::applyValue):
        (WebCore::ApplyPropertyShape::applyValue):
        (WebCore::ApplyPropertyTextIndent::applyValue):
        * css/MediaQueryEvaluator.cpp:
        (WebCore::colorMediaFeatureEval):
        (WebCore::color_indexMediaFeatureEval):
        (WebCore::monochromeMediaFeatureEval):
        (WebCore::orientationMediaFeatureEval):
        (WebCore::aspect_ratioMediaFeatureEval):
        (WebCore::device_aspect_ratioMediaFeatureEval):
        (WebCore::device_pixel_ratioMediaFeatureEval):
        (WebCore::resolutionMediaFeatureEval):
        (WebCore::gridMediaFeatureEval):
        (WebCore::computeLength):
        (WebCore::device_heightMediaFeatureEval):
        (WebCore::device_widthMediaFeatureEval):
        (WebCore::heightMediaFeatureEval):
        (WebCore::widthMediaFeatureEval):
        (WebCore::min_colorMediaFeatureEval):
        (WebCore::max_colorMediaFeatureEval):
        (WebCore::min_color_indexMediaFeatureEval):
        (WebCore::max_color_indexMediaFeatureEval):
        (WebCore::min_monochromeMediaFeatureEval):
        (WebCore::max_monochromeMediaFeatureEval):
        (WebCore::min_aspect_ratioMediaFeatureEval):
        (WebCore::max_aspect_ratioMediaFeatureEval):
        (WebCore::min_device_aspect_ratioMediaFeatureEval):
        (WebCore::max_device_aspect_ratioMediaFeatureEval):
        (WebCore::min_device_pixel_ratioMediaFeatureEval):
        (WebCore::max_device_pixel_ratioMediaFeatureEval):
        (WebCore::min_heightMediaFeatureEval):
        (WebCore::max_heightMediaFeatureEval):
        (WebCore::min_widthMediaFeatureEval):
        (WebCore::max_widthMediaFeatureEval):
        (WebCore::min_device_heightMediaFeatureEval):
        (WebCore::max_device_heightMediaFeatureEval):
        (WebCore::min_device_widthMediaFeatureEval):
        (WebCore::max_device_widthMediaFeatureEval):
        (WebCore::min_resolutionMediaFeatureEval):
        (WebCore::max_resolutionMediaFeatureEval):
        (WebCore::animationMediaFeatureEval):
        (WebCore::transitionMediaFeatureEval):
        (WebCore::transform_2dMediaFeatureEval):
        (WebCore::transform_3dMediaFeatureEval):
        (WebCore::view_modeMediaFeatureEval):
        (WebCore::video_playable_inlineMediaFeatureEval):
        (WebCore::hoverMediaFeatureEval):
        (WebCore::pointerMediaFeatureEval):
        (WebCore::MediaQueryEvaluator::eval):
        * css/SVGCSSStyleSelector.cpp:
        (WebCore::StyleResolver::applySVGProperty):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::State::clear):
        (WebCore::StyleResolver::State::initForStyleResolve):
        (WebCore::StyleResolver::convertToIntLength):
        (WebCore::StyleResolver::convertToFloatLength):
        (WebCore::createGridTrackBreadth):
        (WebCore::StyleResolver::applyProperty):
        (WebCore::StyleResolver::createFilterOperations):
        * css/StyleResolver.h:
        (WebCore::StyleResolver::State::setStyle):
        (WebCore::StyleResolver::State::cssToLengthConversionData):
        * css/TransformFunctions.cpp:
        (WebCore::convertToFloatLength):
        (WebCore::transformsForValue):
        * css/TransformFunctions.h:
        * css/WebKitCSSMatrix.cpp:
        (WebCore::WebKitCSSMatrix::setMatrixValue):
        * rendering/RenderThemeIOS.mm:
        (WebCore::applyCommonButtonPaddingToStyle):
        (WebCore::RenderThemeIOS::adjustButtonStyle):

2014-04-29  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] complex calc args for inset round vanish
        https://bugs.webkit.org/show_bug.cgi?id=132293

        Reviewed by Bem Jones-Bey.

        In order to use calc in the rounded parameters for inset shapes, we need
        to pass RenderStyle for the value creation as we did for the width arguments.
        Without taking RenderStyle into account, we hit an assert not reache
        in CSSPrimitiveValue::init in the debug builds.

        I've added new parsing test.

        * css/BasicShapeFunctions.cpp:
        (WebCore::valueForBasicShape):
        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::init):
        * css/CSSPrimitiveValue.h:
        (WebCore::CSSPrimitiveValue::create):
        * css/CSSValuePool.h:
        (WebCore::CSSValuePool::createValue):

2014-04-29  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] complex calc values for shape-margin return null for computed style
        https://bugs.webkit.org/show_bug.cgi?id=132313

        Reviewed by Bem Jones-Bey.

        We need to pass RenderStyle* to the cssValuePool when parsing
        shape-margin in order to use calc() as a parameter.

        I've added the new test case to parsing-shape-margin.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):

2014-04-29  Chris Fleizach  <cfleizach@apple.com>

        AX: Row span info is wrong for table cells when a footer section is placed above a body section
        https://bugs.webkit.org/show_bug.cgi?id=131832

        Reviewed by Mario Sanchez Prada.

        If a <footer> section is placed before the body, it renders AX row information and order incorrectly.
        This also affects ARIA tables because they add their children by looking at renderer children, instead
        interrogating the RenderTable directly.

        Test: accessibility/table-with-footer-section-above-body.html

        * accessibility/AccessibilityARIAGrid.cpp:
        (WebCore::AccessibilityARIAGrid::addTableCellChild):
        (WebCore::AccessibilityARIAGrid::addChildren):
        * accessibility/AccessibilityTable.cpp:
        (WebCore::AccessibilityTable::addChildren):
        (WebCore::AccessibilityTable::addChildrenFromSection):
        * accessibility/AccessibilityTable.h:
        * accessibility/AccessibilityTableCell.cpp:
        (WebCore::AccessibilityTableCell::rowIndexRange):
        (WebCore::AccessibilityTableCell::columnIndexRange):

2014-04-29  Chris Fleizach  <cfleizach@apple.com>

        AX: SpeechSynthesisUtterance cannot addEventListener
        https://bugs.webkit.org/show_bug.cgi?id=132321

        Reviewed by Mario Sanchez Prada.

        Modified an existing test (speech-synthesis-speak.html) to use addEventTarget.

        * Modules/speech/SpeechSynthesisUtterance.idl:

2014-04-29  Hans Muller  <hmuller@adobe.com>

        [CSS Shapes] shape-outside polygon fails when first vertex is 0,0
        https://bugs.webkit.org/show_bug.cgi?id=132132

        Reviewed by Bem Jones-Bey.

        ShapeInterval now distinguishes between x1==x2 - isEmpty() and x1,x2 haven't been
        set yet - isUndefined(). Removed the ShapeInterval setX1() and setX2() methods, since
        they're no longer used.

        The polygon algorithm for computing excluded intervals now ignores horizontal
        edges. It also ignores edges whose lower vertex matches the top of the line, if
        the edge's Y direction is upwards (away from the top of the line). The rationale
        for this was explained here:
        http://hansmuller-webkit.blogspot.com/2012/11/revised-horizontal-box-algorithm.html

        Test: fast/shapes/shape-outside-floats/shape-outside-polygon-zero-vertex.html

        * rendering/shapes/PolygonShape.cpp:
        (WebCore::OffsetPolygonEdge::clippedEdgeXRange):
        (WebCore::PolygonShape::getExcludedIntervals):
        * rendering/shapes/ShapeInterval.h:
        (WebCore::ShapeInterval::ShapeInterval):
        (WebCore::ShapeInterval::isUndefined):
        (WebCore::ShapeInterval::x1):
        (WebCore::ShapeInterval::x2):
        (WebCore::ShapeInterval::width):
        (WebCore::ShapeInterval::isEmpty):
        (WebCore::ShapeInterval::setX1):
        (WebCore::ShapeInterval::setX2):
        (WebCore::ShapeInterval::overlaps):
        (WebCore::ShapeInterval::contains):
        (WebCore::ShapeInterval::unite):

2014-04-29  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] Fix getClientRects() for content nodes
        https://bugs.webkit.org/show_bug.cgi?id=117407

        Reviewed by David Hyatt.

        This patch modifies getClientRects() to return a list of fragments
        for a fragmented box instead of a single rectangle positioned inside
        the region where the box center would appear.

        The approach is to split the border box of the element in regions using
        the layout positioning. Then each fragment is mapped to the view coordinates
        and the result added to the list of rectangles. To preserve the originating
        region when mapping the fragment through the ancestor tree I've introduced
        the concept of a current region. The current region is stored inside a
        CurrentRenderRegionMaintainer object, created whenever an algorithm needing
        it needs to run. When the maintainer is destroyed, the cleanup is made
        automatically. The RenderFlowThread holds a pointer to this structure for
        easy access.

        Tests: fast/regions/cssom/client-rects-fixed-content.html
               fast/regions/cssom/client-rects-forced-breaks.html
               fast/regions/cssom/client-rects-inline-complex.html
               fast/regions/cssom/client-rects-inline.html
               fast/regions/cssom/client-rects-nested-regions.html
               fast/regions/cssom/client-rects-positioned.html
               fast/regions/cssom/client-rects-relative-position.html
               fast/regions/cssom/client-rects-simple-block.html
               fast/regions/cssom/client-rects-transforms.html
               fast/regions/cssom/client-rects-unsplittable-float.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::absoluteQuads): Split the box in fragments.
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::absoluteQuads): Split the box in fragments.
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::RenderFlowThread):
        (WebCore::RenderFlowThread::mapFromFlowToRegion):
        (WebCore::RenderFlowThread::mapLocalToContainer):
        (WebCore::RenderFlowThread::currentRegion):
        * rendering/RenderFlowThread.h:
        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::absoluteQuadsForBoxInRegion): Get
        the fragments for this box in the region.
        * rendering/RenderNamedFlowFragment.h:
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::absoluteQuadsForBox): Virtual function
        that can be used to implement fragments to client rects mapping.
        * rendering/RenderNamedFlowThread.h:
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::rectFlowPortionForBox): Small change to correctly
        map empty rectangles to containers.
        (WebCore::CurrentRenderRegionMaintainer::CurrentRenderRegionMaintainer):
        (WebCore::CurrentRenderRegionMaintainer::~CurrentRenderRegionMaintainer):
        * rendering/RenderRegion.h:
        (WebCore::RenderRegion::absoluteQuadsForBoxInRegion):
        (WebCore::CurrentRenderRegionMaintainer::region):

2014-04-29  Andrei Bucur  <abucur@adobe.com>

        Store the containing region map inside the flow thread
        https://bugs.webkit.org/show_bug.cgi?id=131647

        Reviewed by Mihnea Ovidenie.

        The patch moves the containing region map inside the flow thread where
        it can be better handled in case the region chain changes and the map
        needs to be cleared.

        As a result of this move we are able to also cleanup the lines region
        information of a block flow when it is removed from the tree.

        Test: fast/regions/inline-strike-through.html

        * rendering/InlineFlowBox.h:
        (WebCore::InlineFlowBox::InlineFlowBox):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::addOverflowFromInlineChildren):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::removeFlowChildInfo):
        (WebCore::RenderFlowThread::invalidateRegions):
        (WebCore::RenderFlowThread::removeLineRegionInfo):
        (WebCore::RenderFlowThread::checkLinesConsistency):
        (WebCore::RenderFlowThread::containingRegionMap):
        * rendering/RenderFlowThread.h:
        * rendering/RootInlineBox.cpp:
        (WebCore::containingRegionMap):
        (WebCore::RootInlineBox::~RootInlineBox):
        (WebCore::RootInlineBox::paint):
        (WebCore::RootInlineBox::containingRegion):
        (WebCore::RootInlineBox::clearContainingRegion):
        (WebCore::RootInlineBox::setContainingRegion):

2014-04-28  Benjamin Poulain  <benjamin@webkit.org>

        SelectorCodeGenerator::generateElementIsNthChild() leaks the parent register :nth-child() is non-filtering
        https://bugs.webkit.org/show_bug.cgi?id=132311

        Reviewed by Andreas Kling.

        In two cases, the parent register was never returned to the register allocator:
        -Non filtering selectors (the early return).
        -Non marking selectors (at the moment: only querySelector API).

        Unfortunately, generateElementIsNthChild() makes function call, which forces us to do this manual allocation
        of the parentElement register. Long term, I want RegisterAllocator and FunctionCall to have a special type for that.

        Test: fast/selectors/several-nth-child.html

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):

2014-04-28  Yusuke Suzuki  <utatane.tea@gmail.com>

        CSS JIT: backtracking with current / parent element for child
        https://bugs.webkit.org/show_bug.cgi?id=132057

        Reviewed by Benjamin Poulain.

        Calculate appropriate backtracking start height from the closest
        descendant. And at first, we use it for a simple optimization.

        1. When backtracking start height equals to current height, we
        can simply jump to a descendant element check phase.
        2. When backtracking start height equals to current height + 1, we
        can simply jump to a descendant element traversing phase.

        We can apply this optimization to fragments with adjacent combinators.
        But, in the meantime, we start to implement it for a fragment with
        child combinator.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorFragment::SelectorFragment):
        (WebCore::SelectorCompiler::TagNamePattern::TagNamePattern):
        (WebCore::SelectorCompiler::solveDescendantBacktrackingActionForChild):
        (WebCore::SelectorCompiler::solveBacktrackingAction):
        (WebCore::SelectorCompiler::equalTagNames):
        (WebCore::SelectorCompiler::equalTagNamePatterns):
        (WebCore::SelectorCompiler::computeBacktrackingStartHeightFromDescendant):
        (WebCore::SelectorCompiler::computeBacktrackingHeightFromDescendant):
        (WebCore::SelectorCompiler::requiresAdjacentTail):
        (WebCore::SelectorCompiler::requiresDescendantTail):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::computeBacktrackingInformation):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateWalkToParentNode):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateWalkToParentElement):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateParentElementTreeWalker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateAncestorTreeWalker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateDirectAdjacentTreeWalker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateIndirectAdjacentTreeWalker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):

2014-04-28  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Restore the scroll position and scale from the HistoryItem (mostly)
        https://bugs.webkit.org/show_bug.cgi?id=132307

        Reviewed by Simon Fraser.

        * WebCore.exp.in:

2014-04-28  Beth Dakin  <bdakin@apple.com>

        Scrollbars do not update properly when topContentInset changes dynamically
        https://bugs.webkit.org/show_bug.cgi?id=132309
        -and corresponding-
        <rdar://problem/16642232>

        Reviewed by Tim Horton.

        It is not sufficient to do a layout and call updateScrollbars(). We must also call 
        RenderLayerCompositor::frameViewDidChangeSize() in order to properly adjust the 
        size and position of all of the scrolling-related layers.
        * page/FrameView.cpp:
        (WebCore::FrameView::topContentInsetDidChange):

2014-04-28  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] event.offsetX/offsetY don't work correctly
        https://bugs.webkit.org/show_bug.cgi?id=132284

        Reviewed by Simon Fraser.

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::mapAbsoluteToLocalPoint):
        Change the code here to only trigger for CSS Regions and not for
        multi-column. Add a FIXME pointing out that the code is broken even for
        CSS regions.

         * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::mapAbsoluteToLocalPoint):
        Override mapAbsoluteToLocalPoint in order to guess a region and attempt
        to translate the point from that region to the flow thread local coordinate
        space.

        (WebCore::RenderMultiColumnFlowThread::physicalTranslationFromRegionToFlow):
        * rendering/RenderMultiColumnFlowThread.h:
        New helper function that just wraps calling the region's logical translation
        function and converting to/from physical coordinates.

2014-04-28  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167857.
        https://bugs.webkit.org/show_bug.cgi?id=132305

        the change was rolled out, roll out the new expectations as
        well (Requested by thorton on #webkit).

        Reverted changeset:

        "Unreviewed. Updating one bindings test baseline after
        r167855."
        http://trac.webkit.org/changeset/167857

2014-04-28  Dean Jackson  <dino@apple.com>

        [Mac] Use the animated version of setHighlighted on NSButtonCell where available
        https://bugs.webkit.org/show_bug.cgi?id=132295
        <rdar://problem/16747240>

        Reviewed by Beth Dakin.

        Like setState, there is an animated version of setHighlighted available.

        * platform/mac/ThemeMac.mm:
        (WebCore::updateStates): Use private version of _setHighlighted where possible.

2014-04-28  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167855.
        https://bugs.webkit.org/show_bug.cgi?id=132301

        Broke the windows build (Requested by bfulgham on #webkit).

        Reverted changeset:

        "ScriptExecutionContext::Task should work well with C++11
        lambdas"
        https://bugs.webkit.org/show_bug.cgi?id=129795
        http://trac.webkit.org/changeset/167855

2014-04-24  Andy Estes  <aestes@apple.com>

        [iOS] Implement WebQuickLookHandleClient for WebKit2
        https://bugs.webkit.org/show_bug.cgi?id=132157

        Reviewed by Darin Adler.

        * WebCore.exp.in: Exported QuickLookHandle::previewUTI().
        * platform/network/ios/QuickLook.h:
        * platform/network/ios/QuickLook.mm:
        (WebCore::QuickLookHandle::previewFileName): Changed to return a WTF::String.
        (WebCore::QuickLookHandle::previewUTI): Added.

2014-04-28  Chris Fleizach  <cfleizach@apple.com>

        REGRESSION: Intermittent crash in SpeechSynthesis::didFinishSpeaking
        https://bugs.webkit.org/show_bug.cgi?id=111613

        Reviewed by Mark Lam.

        I think it's possible that didFinishSpeaking ends up calling directly back into start speaking, and the utterance reference
        we were holding can get cleared, so protecting this should avoid a few asserts.

        * platform/mock/PlatformSpeechSynthesizerMock.cpp:
        (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):

2014-04-28  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167871.
        https://bugs.webkit.org/show_bug.cgi?id=132290

        broke a newmulticol test (spanner-nested-dynamic) (Requested
        by thorton on #webkit).

        Reverted changeset:

        "Store the containing region map inside the flow thread"
        https://bugs.webkit.org/show_bug.cgi?id=131647
        http://trac.webkit.org/changeset/167871

2014-04-28  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167853.
        https://bugs.webkit.org/show_bug.cgi?id=132288

        caused crashes+timeouts+layout test failures described in the
        bug (Requested by thorton on #webkit).

        Reverted changeset:

        "Coalesce responses on network process side"
        https://bugs.webkit.org/show_bug.cgi?id=132229
        http://trac.webkit.org/changeset/167853

2014-04-24  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] flickery scrolling with overflow-scrolling:touch
        https://bugs.webkit.org/show_bug.cgi?id=132150

        Reviewed by Tim Horton.

        Fix typo in a comment.

        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::scheduleUpdateScrollPositionAfterAsyncScroll):

2014-04-28  Martin Robinson  <mrobinson@igalia.com>

        [GTK] Builtin cursors do not properly handle transparency
        https://bugs.webkit.org/show_bug.cgi?id=131866

        Reviewed by Gustavo Noronha Silva.

        Tested by ManualTests/cursor.html.

        * platform/gtk/CursorGtk.cpp:
        (WebCore::createNamedCursor): Instead of interpreting the source bitmap as an A1 image, use
        it as a 1-bit black and white image. We do this by:
            1. Painting the result to a full color image with transparency instead of an alpha-only surface.
            2. Masking a white background using the cursor alpha surface.
            3. Painting the black parts of the cursor by painting the source surface, where black pixels
            will be interpreted as full opaque pixels.

2014-04-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Update GObject DOM bindings symbols file.

        * bindings/gobject/webkitdom.symbols: Add missing symbols.

2014-04-28  Manuel Rego Casasnovas  <rego@igalia.com>

        OrderIterator refactoring to avoid extra loops
        https://bugs.webkit.org/show_bug.cgi?id=119061

        Reviewed by Darin Adler.

        This patch removes order values Vector and use a Vector of pairs instead. The pairs are formed by a child
        (RenderBox) and the index of this child. In addition, OrderIterator code is simplified.

        It provides a helper class OrderIteratorPopulator, used for manipulating the Vector directly. Which allows to
        consolidate the code into a single implementation across flexbox and grid. OrderIteratorPopulator part is based
        on a patch from Blink r153971 by <jchaffraix@chromium.org>.

        Current implementation is O(number of children * number of order values). Now it will just do a sort operation
        and then a regular loop. So if you have different order values in a flexbox or grid the performance will
        improve.

        Comparing results of perf-tests:
        * Layout/auto-grid-lots-of-data: ~0.5% worse.
        * Layout/fixed-grid-lots-of-data: ~0.5% worse.
        * Layout/fixed-grid-lots-of-data (setting 100 different order values): ~50% better.
        * Layout/flexbox-lots-of-data: ~5% better.

        No new tests, already covered by current tests.

        * rendering/OrderIterator.cpp:
        (WebCore::OrderIterator::currentChild): Return current child according to m_childrenIndex.
        (WebCore::OrderIterator::first): Initialize m_childrenIndex and return current child.
        (WebCore::OrderIterator::next): Increase m_childrenIndex and return current child.
        (WebCore::compareByOrderValueAndIndex): Sorts the Vector by order value and index.
        (WebCore::OrderIteratorPopulator::~OrderIteratorPopulator): Calls compareByOrderValueAndIndex() if there is any
        child with non default order value.
        (WebCore::OrderIteratorPopulator::collectChild): Adds the child and index to the Vector. Update
        m_allChildrenHaveDefaultOrderValue accordingly.
        (WebCore::OrderIterator::OrderIterator): Deleted.
        (WebCore::OrderIterator::setOrderValues): Deleted.
        (WebCore::OrderIterator::reset): Deleted.
        * rendering/OrderIterator.h:
        (WebCore::OrderIteratorPopulator::OrderIteratorPopulator): New helper class to manipulate the Vector.
        (WebCore::OrderIterator::currentChild): Deleted.
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::RenderFlexibleBox): Remove OrderIterator intialization.
        (WebCore::RenderFlexibleBox::layoutBlock): Remove unneeded code related to old OrderValues vector.
        (WebCore::RenderFlexibleBox::prepareOrderIteratorAndMargins): Populate OrderIterator using collectChild().
        (WebCore::RenderFlexibleBox::computeMainAxisPreferredSizes): Deleted.
        * rendering/RenderFlexibleBox.h: Rename computeMainAxisPreferredSizes() to prepareOrderIteratorAndMargins().
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::RenderGrid): Remove OrderIterator initialization.
        (WebCore::RenderGrid::populateExplicitGridAndOrderIterator): Populate OrderIterator using collectChild().

2014-04-28  Zan Dobersek  <zdobersek@igalia.com>

        std::bitset<>::test() does unnecessary bounds checks on CSSPropertyID bitsets
        https://bugs.webkit.org/show_bug.cgi?id=131685

        Reviewed by Darin Adler.

        Use std::bitset<>::operator[]() instead of std::bitset<>::test() to avoid
        bounds checks which are not necessary as long as a CSSPropertyID value is used.

        * css/CSSParser.cpp:
        (WebCore::filterProperties):
        * css/StyleProperties.cpp:
        (WebCore::StyleProperties::asText):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::CascadedProperties::hasProperty):
        (WebCore::StyleResolver::CascadedProperties::set):

2014-04-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] TextTrack kind and mode attributes are enums since r166180
        https://bugs.webkit.org/show_bug.cgi?id=132228

        Reviewed by Martin Robinson.

        Improve coding style according to review comments, that I forgot
        to do before landing previous commit.

        * bindings/gobject/WebKitDOMCustom.cpp:
        (webkit_dom_text_track_get_kind):
        (webkit_dom_text_track_get_mode):
        (webkit_dom_text_track_set_mode):

2014-04-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] TextTrack kind and mode attributes are enums since r166180
        https://bugs.webkit.org/show_bug.cgi?id=132228

        Reviewed by Martin Robinson.

        We don't support enum values yet in GObject DOM bindings, but they
        are internally strings anyway, so we can keep the old
        implementations using strings as custom functions until we
        properly support enums.

        * bindings/gobject/WebKitDOMCustom.cpp:
        (webkit_dom_text_track_get_kind):
        (webkit_dom_text_track_get_mode):
        (webkit_dom_text_track_set_mode):
        * bindings/gobject/WebKitDOMCustom.h:
        * bindings/gobject/WebKitDOMCustom.symbols:

2014-04-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] TextTrack::addCue can raise an exception since r163974
        https://bugs.webkit.org/show_bug.cgi?id=132227

        Reviewed by Martin Robinson.

        webkit_dom_text_track_add_cue() now receives a GError paramater
        which is an API break. Add
        webkit_dom_text_track_add_cue_with_error and keep
        webkit_dom_text_track_add_cue as deprecated to keep API
        compatibility.

        * bindings/gobject/WebKitDOMDeprecated.cpp:
        (webkit_dom_text_track_add_cue):
        * bindings/gobject/WebKitDOMDeprecated.h:
        * bindings/gobject/WebKitDOMDeprecated.symbols:
        * bindings/gobject/webkitdom.symbols:
        * bindings/scripts/CodeGeneratorGObject.pm:
        (GetEffectiveFunctionName):

2014-04-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] TextTrackCue API changed in r163649
        https://bugs.webkit.org/show_bug.cgi?id=132226

        Reviewed by Martin Robinson.

        TextTrackCue is now a base class and part of its API was moved to
        the derived class VTTCue. Update the GObject DOM bindings to keep
        backwards compatibility.

        * PlatformGTK.cmake: Generate bindings for DataCue and VTTCue.
        * bindings/gobject/WebKitDOMDeprecated.cpp:
        (webkit_dom_text_track_cue_get_cue_as_html): Mark as deprecated in
        favor of VTTCue API.
        (webkit_dom_text_track_cue_get_vertical): Ditto.
        (webkit_dom_text_track_cue_set_vertical): Ditto.
        (webkit_dom_text_track_cue_get_snap_to_lines): Ditto.
        (webkit_dom_text_track_cue_set_snap_to_lines): Ditto.
        (webkit_dom_text_track_cue_get_line): Ditto.
        (webkit_dom_text_track_cue_set_line): Ditto.
        (webkit_dom_text_track_cue_get_position): Ditto.
        (webkit_dom_text_track_cue_set_position): Ditto.
        (webkit_dom_text_track_cue_get_size): Ditto.
        (webkit_dom_text_track_cue_set_size): Ditto.
        (webkit_dom_text_track_cue_get_align): Ditto.
        (webkit_dom_text_track_cue_set_align): Ditto.
        (webkit_dom_text_track_cue_get_text): Ditto.
        (webkit_dom_text_track_cue_set_text): Ditto.
        * bindings/gobject/WebKitDOMDeprecated.h:
        * bindings/gobject/WebKitDOMDeprecated.symbols: Add new deprecated symbols.
        * bindings/gobject/WebKitDOMPrivate.cpp:
        (WebKit::wrap): Add generic wrap for TextTrackCue now that it's a
        base class to generate DataCue or VTTCue objects.
        * bindings/gobject/WebKitDOMPrivate.h:
        * bindings/gobject/webkitdom.symbols: Add DataCue symbols.
        * bindings/scripts/CodeGeneratorGObject.pm:
        (IsPolymorphic): Add TextTrackCue to the list of polymorphic classes.

2014-04-27  Andrei Bucur  <abucur@adobe.com>

        Store the containing region map inside the flow thread
        https://bugs.webkit.org/show_bug.cgi?id=131647

        Reviewed by Mihnea Ovidenie.

        The patch moves the containing region map inside the flow thread where
        it can be better handled in case the region chain changes and the map
        needs to be cleared.

        As a result of this move we are able to also cleanup the lines region
        information of a block flow when it is removed from the tree.

        Test: fast/regions/inline-strike-through.html

        * rendering/InlineFlowBox.h:
        (WebCore::InlineFlowBox::InlineFlowBox):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::addOverflowFromInlineChildren):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::removeFlowChildInfo):
        (WebCore::RenderFlowThread::invalidateRegions):
        (WebCore::RenderFlowThread::removeLineRegionInfo):
        (WebCore::RenderFlowThread::checkLinesConsistency):
        (WebCore::RenderFlowThread::containingRegionMap):
        * rendering/RenderFlowThread.h:
        * rendering/RootInlineBox.cpp:
        (WebCore::containingRegionMap):
        (WebCore::RootInlineBox::~RootInlineBox):
        (WebCore::RootInlineBox::paint):
        (WebCore::RootInlineBox::containingRegion):
        (WebCore::RootInlineBox::clearContainingRegion):
        (WebCore::RootInlineBox::setContainingRegion):

2014-04-27  Darin Adler  <darin@apple.com>

        REGRESSION (r159345): The hover state for links in the top navigation of Yahoo.com doesn't work
        https://bugs.webkit.org/show_bug.cgi?id=132241
        rdar://problem/16501924

        Reviewed by Andreas Kling.

        Test: fast/text/simple-lines-hover-underline.html

        Checked that this does not hurt performance by running the
        run-perf-tests PerformanceTests/Layout/line-layout.html command before and after.

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::hitTestInlineChildren): Use simpleLineLayout function rather than
        getting at the data member directly.
        (WebCore::RenderBlockFlow::firstLineBaseline): Ditto.
        (WebCore::RenderBlockFlow::inlineBlockBaseline): Ditto.
        (WebCore::RenderBlockFlow::lineCount): Ditto.
        (WebCore::RenderBlockFlow::paintInlineChildren): Ditto.
        (WebCore::RenderBlockFlow::hasLines): Ditto.
        (WebCore::RenderBlockFlow::simpleLineLayout): Added logic to determine which path to use if
        m_lineLayoutPath is undetermined, and call createLineBoxes if it's not simple.
        (WebCore::RenderBlockFlow::ensureLineBoxes): Factored out most of the code into a new
        createLineBoxes function.
        (WebCore::RenderBlockFlow::createLineBoxes): Ditto.

        * rendering/RenderBlockFlow.h: Made simpleLineLayout function no longer an inline.
        Added a private createLineBoxes function.

2014-04-27  Praveen R Jadhav  <praveen.j@samsung.com>

        [MediaStream] .ended shouldn't be part of MediaStream IDL
        https://bugs.webkit.org/show_bug.cgi?id=132104

        Reviewed by Eric Carlson.

        .ended attribute is spec'ed out of MediaStream IDL. Instead, .active
        is introduced to handle more scenarios. This patch replaces all 'ended'
        attribute calls with corresponding 'active' attributes. 

        MediaStream-add-remove-tracks.html is updated.

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::addTrack): Replaced ended() with active().
        (WebCore::MediaStream::removeTrack): setEnded() isn't called. setActive()
        is retained which propagates oninactive event.
        (WebCore::MediaStream::trackDidEnd): setEnded() isn't called.
        (WebCore::MediaStream::removeRemoteSource): Replaced ended() with active().
        (WebCore::MediaStream::addRemoteTrack): Replaced ended() with active().
        (WebCore::MediaStream::removeRemoteTrack): Replaced ended() with active().
        (WebCore::MediaStream::ended): Deleted.
        (WebCore::MediaStream::setEnded): Deleted.
        (WebCore::MediaStream::streamDidEnd): Deleted.
        * Modules/mediastream/MediaStream.h:
        * Modules/mediastream/MediaStream.idl:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::didRemoveRemoteStream): Replaced setEnded()
        with setActive().
        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::MediaStreamPrivate):
        (WebCore::MediaStreamPrivate::setActive): Updated comment from bug 
        https://bugs.webkit.org/show_bug.cgi?id=131973
        (WebCore::MediaStreamPrivate::setEnded): Deleted.
        * platform/mediastream/MediaStreamPrivate.h:
        (WebCore::MediaStreamPrivate::ended): Deleted.

2014-04-25  Andy Estes  <aestes@apple.com>

        [iOS] Stop creating a WKWebResourceQuickLookDelegate for every WebResourceLoader
        https://bugs.webkit.org/show_bug.cgi?id=132215

        Reviewed by Dan Bernstein.

        * WebCore.exp.in: Moved QuickLook symbols to the USE(QUICK_LOOK) stanza.
        * platform/network/ios/QuickLook.h: Changed one of the create() overloads to no longer take a delegate argument.
        * platform/network/ios/QuickLook.mm: Moved WKWebResourceQuickLookDelegate to here and renamed to WebResourceLoaderQuickLookDelegate.
        (WebCore::QuickLookHandle::create): Created a WebResourceLoaderQuickLookDelegate only if QuickLook can handle the response.

2014-04-27  Sam Weinig  <sam@webkit.org>

        [iOS WebKit2] Add support for text autosizing
        <rdar://problem/16545245>
        https://bugs.webkit.org/show_bug.cgi?id=132237

        Reviewed by Tim Horton.

        Move text autosizing width from Frame to Page, as it is a Page level concept.

        * WebCore.exp.in:
        * page/Frame.cpp:
        (WebCore::Frame::textAutosizingWidth): Deleted.
        (WebCore::Frame::setTextAutosizingWidth): Deleted.
        * page/Frame.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::layout):
        * page/Page.cpp:
        (WebCore::Page::Page):
        * page/Page.h:
        (WebCore::Page::textAutosizingWidth):
        (WebCore::Page::setTextAutosizingWidth):

2014-04-27  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed. Updating one bindings test baseline after r167855.

        * bindings/scripts/test/JS/JSTestCallback.cpp:
        (WebCore::JSTestCallback::~JSTestCallback):

2014-04-27  Darin Adler  <darin@apple.com>

        Webpages can trigger loads with invalid URLs
        https://bugs.webkit.org/show_bug.cgi?id=132224
        rdar://problem/16697142

        Reviewed by Alexey Proskuryakov.

        Invalid URLs can be a way to trick the user about what website they
        are looking at.  Still trying to figure out a good way to regression-test this.

        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv): Pass a URL rather than a String to
        the navigation scheduler.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::receivedFirstData): Ditto.

        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledURLNavigation::ScheduledURLNavigation): Take a URL rather
        than a string.
        (WebCore::ScheduledURLNavigation::url): Ditto.
        (WebCore::ScheduledRedirect::ScheduledRedirect): Ditto.
        (WebCore::ScheduledLocationChange::ScheduledLocationChange): Ditto.
        (WebCore::ScheduledRefresh::ScheduledRefresh): Ditto.
        (WebCore::NavigationScheduler::shouldScheduleNavigation): Added a check that
        prevents navigation to any URL that is invalid, except for JavaScript URLs,
        which need not be valid.
        (WebCore::NavigationScheduler::scheduleRedirect): Use URL instead of String.
        (WebCore::NavigationScheduler::scheduleLocationChange): Use URL instead of
        String. Also got rid of empty string check since empty URLs are also invalid,
        and so shouldScheduleNavigation will take care of it.
        (WebCore::NavigationScheduler::scheduleRefresh): Use URL instead of String.

        * loader/NavigationScheduler.h: Take URL instead of String. Also removed some
        unneeded incldues and uses of WTF_MAKE_NONCOPYABLE. NavigationScheduler is
        already noncopyable because it has a reference for a data member, and the
        disabler doesn't have any real reason to be noncopyable.

        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::loadOrRedirectSubframe): Pass a URL rather than a
        String to the NavigationScheduler.
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow): Ditto.

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::urlWithUniqueSecurityOrigin): Return a URL instead
        of a String.
        * page/SecurityOrigin.h: Updated for above change.

2014-04-27  Zan Dobersek  <zdobersek@igalia.com>

        ScriptExecutionContext::Task should work well with C++11 lambdas
        https://bugs.webkit.org/show_bug.cgi?id=129795

        Reviewed by Darin Adler.

        Instead of having classes that subclass ScriptExecutionContext::Task and override
        the performTask(ScriptExecutionContext*) method, have the ScriptExecutionContext::Task
        take in a std::function<void (ScriptExecutionContext*)>-like object trough the constructor
        which would contain the code currently kept in the performTask() methods.

        This enables inlining C++11 lambdas into ScriptExecutionContext::postTask() calls. For
        cleanup tasks, the Task object can be implicitly constructed by using the initializer list
        constructor with the first argument being the ScriptExecutionContext::Task::CleanupTask tag.
        The ScriptExecutionContext class remains non-copyable and now stores the passed-in invokable
        object in the std::function wrapper, along with a boolean member that indicates whether the
        task is of cleanup nature.

        * Modules/quota/StorageErrorCallback.cpp:
        (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
        (WebCore::StorageErrorCallback::CallbackTask::performTask): Deleted.
        * Modules/quota/StorageErrorCallback.h:
        (WebCore::StorageErrorCallback::CallbackTask::create): Deleted.
        * Modules/webdatabase/Database.cpp:
        (WebCore::Database::~Database):
        (WebCore::Database::runTransaction):
        (WebCore::Database::scheduleTransactionCallback):
        (WebCore::DerefContextTask::create): Deleted.
        (WebCore::DerefContextTask::performTask): Deleted.
        (WebCore::DerefContextTask::isCleanupTask): Deleted.
        (WebCore::DerefContextTask::DerefContextTask): Deleted.
        (WebCore::callTransactionErrorCallback): Deleted.
        (WebCore::DeliverPendingCallbackTask::create): Deleted.
        (WebCore::DeliverPendingCallbackTask::performTask): Deleted.
        (WebCore::DeliverPendingCallbackTask::DeliverPendingCallbackTask): Deleted.
        * Modules/webdatabase/DatabaseManager.cpp:
        (WebCore::DatabaseManager::openDatabase):
        (WebCore::DatabaseCreationCallbackTask::create): Deleted.
        (WebCore::DatabaseCreationCallbackTask::performTask): Deleted.
        (WebCore::DatabaseCreationCallbackTask::DatabaseCreationCallbackTask): Deleted.
        * Modules/webdatabase/DatabaseSync.cpp:
        (WebCore::CloseSyncDatabaseOnContextThreadTask::create): Deleted.
        (WebCore::CloseSyncDatabaseOnContextThreadTask::performTask): Deleted.
        (WebCore::CloseSyncDatabaseOnContextThreadTask::CloseSyncDatabaseOnContextThreadTask): Deleted.
        * Modules/webdatabase/SQLCallbackWrapper.h:
        (WebCore::SQLCallbackWrapper::clear):
        (WebCore::SQLCallbackWrapper::SafeReleaseTask::create): Deleted.
        (WebCore::SQLCallbackWrapper::SafeReleaseTask::performTask): Deleted.
        (WebCore::SQLCallbackWrapper::SafeReleaseTask::isCleanupTask): Deleted.
        (WebCore::SQLCallbackWrapper::SafeReleaseTask::SafeReleaseTask): Deleted.
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
        (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
        (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.h:
        * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadDestroy):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::disconnect):
        (WebCore::WorkerThreadableWebSocketChannel::WorkerGlobalScopeDidInitializeTask::create): Deleted.
        (WebCore::WorkerThreadableWebSocketChannel::WorkerGlobalScopeDidInitializeTask::~WorkerGlobalScopeDidInitializeTask): Deleted.
        (WebCore::WorkerThreadableWebSocketChannel::WorkerGlobalScopeDidInitializeTask::WorkerGlobalScopeDidInitializeTask): Deleted.
        * Modules/websockets/WorkerThreadableWebSocketChannel.h:
        * bindings/js/JSCallbackData.h:
        (WebCore::DeleteCallbackDataTask::DeleteCallbackDataTask):
        (WebCore::DeleteCallbackDataTask::create): Deleted.
        (WebCore::DeleteCallbackDataTask::performTask): Deleted.
        (WebCore::DeleteCallbackDataTask::isCleanupTask): Deleted.
        * bindings/js/JSDOMGlobalObjectTask.cpp:
        (WebCore::JSGlobalObjectTask::JSGlobalObjectTask):
        (WebCore::JSGlobalObjectTask::~JSGlobalObjectTask): Deleted.
        (WebCore::JSGlobalObjectTask::performTask): Deleted.
        * bindings/js/JSDOMGlobalObjectTask.h:
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::queueTaskToEventLoop):
        * bindings/js/JSWorkerGlobalScopeBase.cpp:
        (WebCore::JSWorkerGlobalScopeBase::queueTaskToEventLoop):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateCallbackImplementation):
        * dom/CrossThreadTask.h:
        (WebCore::CrossThreadTask1::performTask):
        (WebCore::CrossThreadTask2::performTask):
        (WebCore::CrossThreadTask3::performTask):
        (WebCore::CrossThreadTask4::performTask):
        (WebCore::CrossThreadTask5::performTask):
        (WebCore::CrossThreadTask6::performTask):
        (WebCore::CrossThreadTask7::performTask):
        (WebCore::CrossThreadTask8::performTask):
        (WebCore::createCallbackTask):
        (WebCore::CrossThreadTask1::create): Deleted.
        (WebCore::CrossThreadTask2::create): Deleted.
        (WebCore::CrossThreadTask3::create): Deleted.
        (WebCore::CrossThreadTask4::create): Deleted.
        (WebCore::CrossThreadTask5::create): Deleted.
        (WebCore::CrossThreadTask6::create): Deleted.
        (WebCore::CrossThreadTask7::create): Deleted.
        (WebCore::CrossThreadTask8::create): Deleted.
        * dom/Document.cpp:
        (WebCore::Document::addConsoleMessage):
        (WebCore::Document::addMessage):
        (WebCore::Document::postTask):
        (WebCore::Document::pendingTasksTimerFired):
        (WebCore::PerformTaskContext::PerformTaskContext): Deleted.
        (WebCore::Document::didReceiveTask): Deleted.
        * dom/Document.h:
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::processMessagePortMessagesSoon):
        (WebCore::ScriptExecutionContext::timerAlignmentInterval):
        (WebCore::ProcessMessagesSoonTask::create): Deleted.
        (WebCore::ScriptExecutionContext::AddConsoleMessageTask::performTask): Deleted.
        (WebCore::ScriptExecutionContext::Task::~Task): Deleted.
        * dom/ScriptExecutionContext.h:
        (WebCore::ScriptExecutionContext::Task::Task):
        (WebCore::ScriptExecutionContext::Task::performTask):
        (WebCore::ScriptExecutionContext::Task::isCleanupTask):
        (WebCore::ScriptExecutionContext::AddConsoleMessageTask::AddConsoleMessageTask):
        (WebCore::ScriptExecutionContext::AddConsoleMessageTask::create): Deleted.
        * dom/StringCallback.cpp:
        (WebCore::StringCallback::scheduleCallback):
        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::postListenerTask):
        (WebCore::CallCacheListenerTask::create): Deleted.
        (WebCore::CallCacheListenerTask::CallCacheListenerTask): Deleted.
        * workers/DefaultSharedWorkerRepository.cpp:
        (WebCore::SharedWorkerProxy::postTaskToLoader):
        (WebCore::SharedWorkerProxy::postTaskForModeToWorkerGlobalScope):
        (WebCore::SharedWorkerConnectTask::SharedWorkerConnectTask):
        (WebCore::DefaultSharedWorkerRepository::workerScriptLoaded):
        (WebCore::DefaultSharedWorkerRepository::connectToWorker):
        (WebCore::SharedWorkerConnectTask::create): Deleted.
        (WebCore::SharedWorkerConnectTask::performTask): Deleted.
        * workers/WorkerEventQueue.cpp:
        (WebCore::WorkerEventQueue::EventDispatcher::EventDispatcher):
        (WebCore::WorkerEventQueue::EventDispatcher::~EventDispatcher):
        (WebCore::WorkerEventQueue::EventDispatcher::dispatch):
        (WebCore::WorkerEventQueue::enqueueEvent):
        (WebCore::WorkerEventQueue::cancelEvent):
        (WebCore::WorkerEventQueue::close):
        * workers/WorkerEventQueue.h:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::close):
        (WebCore::WorkerGlobalScope::postTask):
        (WebCore::WorkerGlobalScope::addConsoleMessage):
        (WebCore::WorkerGlobalScope::addMessage):
        (WebCore::CloseWorkerGlobalScopeTask::create): Deleted.
        (WebCore::CloseWorkerGlobalScopeTask::performTask): Deleted.
        (WebCore::CloseWorkerGlobalScopeTask::isCleanupTask): Deleted.
        * workers/WorkerGlobalScope.h:
        * workers/WorkerLoaderProxy.h:
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::postMessageToWorkerObject):
        (WebCore::WorkerMessagingProxy::postMessageToWorkerGlobalScope):
        (WebCore::WorkerMessagingProxy::postTaskForModeToWorkerGlobalScope):
        (WebCore::WorkerMessagingProxy::postTaskToLoader):
        (WebCore::WorkerMessagingProxy::postExceptionToWorkerObject):
        (WebCore::WorkerMessagingProxy::workerThreadCreated):
        (WebCore::WorkerMessagingProxy::notifyNetworkStateChange):
        (WebCore::WorkerMessagingProxy::workerGlobalScopeDestroyed):
        (WebCore::WorkerMessagingProxy::workerGlobalScopeClosed):
        (WebCore::WorkerMessagingProxy::postMessageToPageInspector):
        (WebCore::WorkerMessagingProxy::confirmMessageFromWorkerObject):
        (WebCore::WorkerMessagingProxy::reportPendingActivity):
        (WebCore::MessageWorkerGlobalScopeTask::create): Deleted.
        (WebCore::MessageWorkerGlobalScopeTask::MessageWorkerGlobalScopeTask): Deleted.
        (WebCore::MessageWorkerGlobalScopeTask::performTask): Deleted.
        (WebCore::MessageWorkerTask::create): Deleted.
        (WebCore::MessageWorkerTask::MessageWorkerTask): Deleted.
        (WebCore::MessageWorkerTask::performTask): Deleted.
        (WebCore::WorkerExceptionTask::create): Deleted.
        (WebCore::WorkerExceptionTask::WorkerExceptionTask): Deleted.
        (WebCore::WorkerExceptionTask::performTask): Deleted.
        (WebCore::WorkerGlobalScopeDestroyedTask::create): Deleted.
        (WebCore::WorkerGlobalScopeDestroyedTask::WorkerGlobalScopeDestroyedTask): Deleted.
        (WebCore::WorkerGlobalScopeDestroyedTask::performTask): Deleted.
        (WebCore::WorkerTerminateTask::create): Deleted.
        (WebCore::WorkerTerminateTask::WorkerTerminateTask): Deleted.
        (WebCore::WorkerTerminateTask::performTask): Deleted.
        (WebCore::WorkerThreadActivityReportTask::create): Deleted.
        (WebCore::WorkerThreadActivityReportTask::WorkerThreadActivityReportTask): Deleted.
        (WebCore::WorkerThreadActivityReportTask::performTask): Deleted.
        (WebCore::PostMessageToPageInspectorTask::create): Deleted.
        (WebCore::PostMessageToPageInspectorTask::PostMessageToPageInspectorTask): Deleted.
        (WebCore::PostMessageToPageInspectorTask::performTask): Deleted.
        (WebCore::NotifyNetworkStateChangeTask::create): Deleted.
        (WebCore::NotifyNetworkStateChangeTask::NotifyNetworkStateChangeTask): Deleted.
        (WebCore::NotifyNetworkStateChangeTask::performTask): Deleted.
        * workers/WorkerMessagingProxy.h:
        * workers/WorkerRunLoop.cpp:
        (WebCore::WorkerRunLoop::postTask):
        (WebCore::WorkerRunLoop::postTaskAndTerminate):
        (WebCore::WorkerRunLoop::postTaskForMode):
        (WebCore::WorkerRunLoop::Task::create):
        (WebCore::WorkerRunLoop::Task::performTask):
        (WebCore::WorkerRunLoop::Task::Task):
        * workers/WorkerRunLoop.h:
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::stop):
        (WebCore::WorkerThread::releaseFastMallocFreeMemoryInAllThreads):
        (WebCore::WorkerThreadShutdownFinishTask::create): Deleted.
        (WebCore::WorkerThreadShutdownFinishTask::performTask): Deleted.
        (WebCore::WorkerThreadShutdownFinishTask::isCleanupTask): Deleted.
        (WebCore::WorkerThreadShutdownStartTask::create): Deleted.
        (WebCore::WorkerThreadShutdownStartTask::performTask): Deleted.
        (WebCore::WorkerThreadShutdownStartTask::isCleanupTask): Deleted.

2014-04-27  Antti Koivisto  <antti@apple.com>

        Coalesce responses on network process side
        https://bugs.webkit.org/show_bug.cgi?id=132229

        Reviewed by Andreas Kling.

        * WebCore.exp.in:

2014-04-27  David Kilzer  <ddkilzer@apple.com>

        Roll out changes not part of the patch reviewed for Bug 132089
        <http://webkit.org/b/132089>

        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::loadOrRedirectSubframe):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::setLocation):
        (WebCore::DOMWindow::createWindow):
        (WebCore::DOMWindow::open):

2014-04-26  Darin Adler  <darin@apple.com>

        Frame and page lifetime fixes in WebCore::createWindow
        https://bugs.webkit.org/show_bug.cgi?id=132089

        Reviewed by Sam Weinig.

        Speculative fix because I was unable to reproduce the crash that was
        reported with the test case attached to this bug.

        * loader/FrameLoader.cpp:
        (WebCore::createWindow): Changed code to remove the assumption that calls
        out will not destroy the page or frame. Use RefPtr for the frame, and
        added early exits if frame->page() becomes null at any point before we
        use a page pointer.

2014-04-26  Alexey Proskuryakov  <ap@apple.com>

        Local files should not be allowed to read pasteboard data during drag
        https://bugs.webkit.org/show_bug.cgi?id=131767

        Reviewed by Sam Weinig.

        Test: fast/files/local-file-drag-security.html

        * page/DragController.cpp:
        (WebCore::DragController::dragExited):
        (WebCore::DragController::tryDHTMLDrag):
        Make an old Dashboard quirk really Dashboard only.

2014-04-24  Darin Adler  <darin@apple.com>

        REGRESSION (r164133): Selection doesn't paint when scrolling some pages
        https://bugs.webkit.org/show_bug.cgi?id=132172
        rdar://problem/16719473

        Reviewed by Brent Fulgham.

        Tests: fast/dynamic/remove-invisible-node-inside-selection.html
               fast/dynamic/remove-node-inside-selection.html

        * editing/FrameSelection.cpp:
        (WebCore::clearRenderViewSelection): Changed to take a Node& because having
        this take a Position& was unnecessary and strange, when really it just needs
        to take a document as an argument.
        (WebCore::DragCaretController::nodeWillBeRemoved): Updated for the above.
        (WebCore::FrameSelection::respondToNodeModification): Added code to set the
        m_pendingSelectionUpdate flag and call RenderView::setNeedsLayout so the
        selection will be recomputed after it's temporarily cleared when one of
        the selected nodes is removed.

2014-04-25  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION (r167689): Hovering file name in a file input causes a crash
        https://bugs.webkit.org/show_bug.cgi?id=132214

        Reviewed by Andreas Kling.

        The bug was caused by callDefaultEventHandlersInTheBubblingOrder unconditionally
        accessing path.contextAt(0) even if the event path was empty.

        Fixed the bug by exiting early when the event path is empty.

        Test: fast/events/shadow-event-path-2.html

        * dom/EventDispatcher.cpp:
        (WebCore::callDefaultEventHandlersInTheBubblingOrder):

2014-04-25  Tim Horton  <timothy_horton@apple.com>

        REGRESSION (r167828): http/tests/media/hls/video-controls-live-stream.html fails

        * English.lproj/mediaControlsLocalizedStrings.js:
        Add 'Live Broadcast' to the localized strings list.

2014-04-25  Brady Eidson  <beidson@apple.com>

        Add a selection overlay.
        <rdar://problem/16727797> and https://bugs.webkit.org/show_bug.cgi?id=132200

        Reviewed by David Hyatt.

        No new tests (WK2 feature in development).

        * WebCore.xcodeproj/project.pbxproj:

        Add a SelectionRectGathterer class.
        It creates a Notifier (given a RenderView) then accepts Rects from the RenderView.
        When the Notifier is destroyed, the appropriate EditorClient is notified of the gathered rects.
        * editing/SelectionRectGatherer.cpp: Added.
        (WebCore::SelectionRectGatherer::SelectionRectGatherer):
        (WebCore::SelectionRectGatherer::addRect):
        (WebCore::SelectionRectGatherer::addRects):
        (WebCore::SelectionRectGatherer::Notifier::Notifier):
        (WebCore::SelectionRectGatherer::Notifier::~Notifier):
        (WebCore::SelectionRectGatherer::clearAndCreateNotifier):
        * editing/SelectionRectGatherer.h: Added.

        * page/EditorClient.h:
        (WebCore::EditorClient::selectionRectsDidChange):

        * rendering/RenderView.cpp:
        (WebCore::RenderView::RenderView):
        (WebCore::RenderView::setSelection): Clear the gatherer’s rects then create a Notifier.
        (WebCore::RenderView::setSubtreeSelection): Give all the selection rects to be painted to
          the SelectionRectGatherer.
        * rendering/RenderView.h:

2014-04-08  Jer Noble  <jer.noble@apple.com>

        Support "Live" streams in media controls.
        https://bugs.webkit.org/show_bug.cgi?id=131390

        Reviewed by Brent Fulgham.

        Test: http/tests/media/hls/video-controls-live-stream.html

        Support "Live" streams by adding an isLive property to our media controls.

        * Modules/mediacontrols/mediaControlsApple.css:
        (audio::-webkit-media-controls-status-display):
        (video:-webkit-full-screen::-webkit-media-controls-status-display):
        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller): isLive defaults to false.
        (Controller.prototype.setIsLive): Set the isLive property and conditionally reconfigure the controls.
        (Controller.prototype.configureInlineControls): Don't add the timeline if we are live.
        (Controller.prototype.configureFullScreenControls): Ditto.
        (Controller.prototype.updateStatusDisplay): Added.
        (Controller.prototype.handleLoadStart): Call updateStatusDisplay().
        (Controller.prototype.handleError): Ditto.
        (Controller.prototype.handleAbort): Ditto.
        (Controller.prototype.handleSuspend): Ditto.
        (Controller.prototype.handleStalled): Ditto.
        (Controller.prototype.handleWaiting): Ditto.
        (Controller.prototype.updateDuration): Ditto.
        (Controller.prototype.updateReadyState): Ditto.

2014-04-25  Dean Jackson  <dino@apple.com>

        Allow a platform-specific size enumeration to be passed into popup-menu display
        https://bugs.webkit.org/show_bug.cgi?id=132195

        Reviewed by Brent Fulgham. With some in-person review comments from Sam Weinig.

        Platforms like OS X use a set of predefined sizes for built-in controls
        used for <select>: normal, small and mini. Expose that information to
        the PopupMenuClient via the PopupMenuStyle, allowing it to be passed
        into the platform code in WebKitSystemInterface.

        * platform/PopupMenuStyle.h: Add a menu size enum.
        (WebCore::PopupMenuStyle::PopupMenuStyle):
        (WebCore::PopupMenuStyle::menuSize):
        * platform/mac/WebCoreSystemInterface.h: Pass in NSControlSize as a parameter
        to WKPopupMenu.
        * platform/mac/WebCoreSystemInterface.mm: Ditto.
        * rendering/RenderMenuList.cpp:
        (RenderMenuList::menuStyle): Ask the RenderTheme to calculate the size
        of the menu button, so that it can be added to the PopupMenuStyle.
        * rendering/RenderTheme.h: New method to retrieve the menu size.
        (WebCore::RenderTheme::popupMenuSize): Convert an NSControlSize into a PopupMenuSize.
        * rendering/RenderThemeMac.h: Override the base function, and add a
        controlSizeForCell helper.
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::controlSizeForCell): Used by this new
        code and the old setControlSizeForCell to calculate the NSControlSize
        that would be used for the button.
        (WebCore::RenderThemeMac::setControlSize): Call the new helper.
        (WebCore::RenderThemeMac::popupMenuSize): Return the value from the helper.

2014-04-25  Javier Fernandez  <jfernandez@igalia.com>

        REGRESSION(r167799): ASSERTION in parseGridTemplateShorthand in fast/css-grid-layout/grid-template-shorthand-get-set.html
        https://bugs.webkit.org/show_bug.cgi?id=132194

        Reviewed by Martin Robinson.

        Properly resolving the grid-template shorthand for the corresponding longhand
        properties.

        No new tests, grid-template-shorthand-get-set.html already covers this case.

        * css/StyleProperties.cpp:
        (WebCore::StyleProperties::getPropertyValue):
        * css/StylePropertyShorthand.cpp:
        (WebCore::shorthandForProperty):
        (WebCore::matchingShorthandsForLonghand):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::applyProperty):

2014-04-25  David Hyatt  <hyatt@apple.com>

        Column rules not respecting scroll offsets.
        https://bugs.webkit.org/show_bug.cgi?id=109683

        Reviewed by Dean Jackson.

        Added fast/multicol/scrolling-column-rules.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::paintColumnRules):
        Make paintColumnRules virtual so that it works with both column implementations.

        (WebCore::RenderBlock::paintObject):
        Changed to call paintColumnRules with the adjusted scroll offset and to do it after
        bailing on the root background only check.

        * rendering/RenderBlock.h:
        paintColumnRules is now virtual.

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::paintColumnRules):
        (WebCore::RenderBlockFlow::paintBoxDecorations): Deleted.
        * rendering/RenderBlockFlow.h:
        Got rid of paintBoxDecorations override since it failed when hasBoxDecorations was false
        anyway. Override paintColumnRules instead to paint at the right time.

2014-04-23  Jon Honeycutt  <jhoneycutt@apple.com>

        Crash applying editing commands from iframe onload event

        <https://bugs.webkit.org/show_bug.cgi?id=132103>
        <rdar://problem/15696351>

        This patch merges the Chromium bug workaround from
        <http://src.chromium.org/viewvc/blink?revision=162080&view=revision>,
        which prevents reentrancy in CompositeEditCommand::apply().

        Reviewed by Darin Adler.

        Test: editing/apply-style-iframe-crash.html

        * editing/CompositeEditCommand.cpp:
        (WebCore::HTMLNames::ReentrancyGuard::isRecursiveCall):
        (WebCore::HTMLNames::ReentrancyGuard::Scope::Scope):
        (WebCore::HTMLNames::ReentrancyGuard::Scope::~Scope):
        (WebCore::CompositeEditCommand::apply):
        If this is a recursive call, return early.

2014-04-25  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] fast/multicol/hit-test-* layout tests all fail
        https://bugs.webkit.org/show_bug.cgi?id=132081

        Reviewed by Dean Jackson.

        Added a bunch of tests in fast/multicol/newmulticol/compare-with-old-impl/hit-test-*.html

        * rendering/RenderBlock.h:
        Make offsetForContents public, since I need to call it from RenderMultiColumnSet.

        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::populate):
        Stop an ASSERT in the new columns code on the hit tests by making sure layout state is
        disabled when moving children around.

        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::positionForPoint):
        Refactor this function to call a helper function instead, translateRegionPointToFlowThread.

        (WebCore::RenderMultiColumnSet::translateRegionPointToFlowThread):
        This function is logical (unlike the mistaken physical function I first implemented in
        positionForPoint).

        (WebCore::RenderMultiColumnSet::updateHitTestResult):
        * rendering/RenderMultiColumnSet.h:
        Overridden to fill in the correct local coordinate when the HTML document is inside a paginated
        RenderView. Note that column spans don't actually work, but once we move over to a 
        non-column based pagination API, that will become irrelevant.

2014-04-25  Andreas Kling  <akling@apple.com>

        Mark some things with WTF_MAKE_FAST_ALLOCATED.
        <https://webkit.org/b/132198>

        Use FastMalloc for more things.

        Reviewed by Anders Carlsson.

        * bindings/js/ScriptController.h:
        * dom/DocumentOrderedMap.h:
        * inspector/InspectorCSSAgent.h:
        * inspector/InspectorDOMAgent.h:
        * inspector/InspectorDOMDebuggerAgent.h:
        * inspector/InspectorDOMStorageAgent.h:
        * inspector/InspectorDatabaseAgent.h:
        * inspector/InspectorLayerTreeAgent.h:
        * inspector/InspectorPageAgent.h:
        * inspector/InspectorResourceAgent.h:
        * inspector/InspectorTimelineAgent.h:
        * inspector/InspectorWorkerAgent.h:
        * inspector/PageRuntimeAgent.h:
        * loader/HistoryController.h:
        * page/DeviceClient.h:
        * page/DeviceController.h:
        * page/EventHandler.h:
        * page/Page.h:
        * page/scrolling/ScrollingStateNode.h:
        * platform/graphics/FontGenericFamilies.h:
        * platform/graphics/FontPlatformData.h:

2014-04-25  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Rename objectShouldPaintInFlowRegion to something more clear
        https://bugs.webkit.org/show_bug.cgi?id=132050

        Reviewed by Andreas Kling.

        The objectShouldPaintInFlowRegion is no longer used only by the painting process
        but also for hit-testing, so it was renamed to something more generic (objectShouldFragmentInFlowRegion).

        No new tests required, it's just a method rename.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::paint):
        (WebCore::RenderBlock::selectionGaps):
        (WebCore::RenderBlock::nodeAtPoint):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::positionForPoint):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::objectShouldFragmentInFlowRegion):
        (WebCore::RenderFlowThread::objectShouldPaintInFlowRegion): Deleted.
        * rendering/RenderFlowThread.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayer):
        (WebCore::RenderLayer::hitTestLayer):
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::ensureOverflowForBox):
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::shouldPaint):

2014-04-25  Enrica Casucci  <enrica@apple.com>

        iOS build fix after http://trac.webkit.org/changeset/167803
        Unreviewed.

        * page/Frame.cpp:
        (WebCore::Frame::checkOverflowScroll):
        * rendering/RenderBlock.cpp:
        (WebCore::positionForPointRespectingEditingBoundaries):

2014-04-24  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Add support for offsetLeft and offsetTop.
        https://bugs.webkit.org/show_bug.cgi?id=132080

        Reviewed by Andrei Bucur.

        Added fast/multicol/client-spanners-complex.html and offset-top-left.html

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::adjustedPositionRelativeToOffsetParent):
        Patch the offsetLeft/Top loop to handle calling into RenderMultiColumnFlowThread
        in order to adjust the coordinates for the new multicolumn layout.

        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::mapFromFlowToRegion):
        Modified to use a helper that can be shared by offsetLeft/Top code. This code
        ran for client rects, and I'm moving/refactoring it for more sharing.

        (WebCore::RenderMultiColumnFlowThread::physicalTranslationOffsetFromFlowToRegion):
        (WebCore::RenderMultiColumnFlowThread::physicalTranslationFromFlowToRegion):
        * rendering/RenderMultiColumnFlowThread.h:
        New functions that beef up what was in mapFromFlowToRegion and fix some bugs
        with the translation code.

        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::columnTranslationForOffset):
        Patched to factor in the flow thread portion rect of the specific multicolumn set.

        * rendering/RenderObject.h:
        (WebCore::RenderObject::isRenderMultiColumnFlowThread):
        Added for toRenderMultiColumnFlowThread capability.

2014-04-25  Brent Fulgham  <bfulgham@apple.com>

        ScrollingCoordinator is unaware of topContentInset
        https://bugs.webkit.org/show_bug.cgi?id=132158
        <rdar://problem/16706152>

        Reviewed by Darin Adler.

        Test: platform/mac/fast/scrolling/scroll-select-bottom-test.html

        The calculation of non-fast-scrollable regions does not currently take
        the topContentOffset into account. Consequently, the logic that decides
        whether to stay on the scrolling thread, or drop down to an individual
        page element, can make the wrong choice. This is especially true for
        small scrollable regions (such as <select> elements), where the
        topContentInset may be quite close to the size of the scrollable
         element itself.

        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::computeNonFastScrollableRegion): Also
        include the topContentInset value in our calculation.

2014-04-25  Javier Fernandez  <jfernandez@igalia.com>

        REGRESSION(r167799): Breaks debug build
        https://bugs.webkit.org/show_bug.cgi?id=132194

        Reviewed by Andrei Bucur.

        Fix the debug bots after r167799

        No new tests, no new functionality.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseGridTemplateShorthand):

2014-04-25  Miyoung Shin  <myid.shin@samsung.com>

        Web process is crashed during dispatching touchEvent created by JS.
        https://bugs.webkit.org/show_bug.cgi?id=113225

        Reviewed by Benjamin Poulain.

        TouchEvent created by JS should have the necessary attributes
        of touches, targetTouches and changedTouches.
        It should be verified weather there are touchLists before dispatching touch event.

        Test: fast/events/touch/create-touch-event-without-touchList.html

        * dom/EventDispatcher.cpp:
        (WebCore::EventDispatcher::dispatchEvent):
        (WebCore::EventPath::updateTouchLists):
        (WebCore::addRelatedNodeResolversForTouchList): Deleted.

2014-04-25  Philippe Normand  <pnormand@igalia.com>

        [GTK] File webkitRelativePath attribute was removed in r163483
        https://bugs.webkit.org/show_bug.cgi?id=132193

        Reviewed by Carlos Garcia Campos.

        Add the removed getter as deprecated API to keep backwards compatibility.

        * bindings/gobject/WebKitDOMDeprecated.cpp:
        (webkit_dom_file_get_webkit_relative_path):
        * bindings/gobject/WebKitDOMDeprecated.h:
        * bindings/gobject/WebKitDOMDeprecated.symbols:

2014-04-25  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Overflow selection doesn't work properly
        https://bugs.webkit.org/show_bug.cgi?id=130715

        Reviewed by David Hyatt.

        When hit-testing, painting block selection gaps and searching for the node at a specific point inside a flow thread,
        the region range of the box being checked must be validated in order to not return false positives. Otherwise, hit-testing
        at the top of region B could hit elements that overflow the bottom of region A.

        Tests: fast/regions/selection-in-overflow-hit-testing.html
               fast/regions/selection-in-overflow.html
               fast/regions/selection-in-text-after-overflow-hit-testing.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::visiblePositionRangeForLine):
        (WebCore::AccessibilityRenderObject::visiblePositionForPoint):
        * dom/Document.cpp:
        (WebCore::Document::caretRangeFromPoint):
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::contains):
        * editing/VisibleUnits.cpp:
        (WebCore::previousLinePosition):
        (WebCore::nextLinePosition):
        * page/EventHandler.cpp:
        (WebCore::EventHandler::selectClosestWordFromHitTestResult):
        (WebCore::EventHandler::selectClosestWordOrLinkFromMouseEvent):
        (WebCore::EventHandler::handleMousePressEventTripleClick):
        (WebCore::EventHandler::handleMousePressEventSingleClick):
        (WebCore::selectionExtentRespectingEditingBoundary):
        (WebCore::EventHandler::updateSelectionForMouseDrag):
        (WebCore::EventHandler::handleMouseReleaseEvent):
        * page/Frame.cpp:
        (WebCore::Frame::visiblePositionForPoint):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::selectionGaps):
        (WebCore::RenderBlock::nodeAtPoint):
        (WebCore::positionForPointRespectingEditingBoundaries):
        (WebCore::RenderBlock::positionForPointWithInlineChildren):
        (WebCore::isChildHitTestCandidate):
        (WebCore::RenderBlock::positionForPoint):
        * rendering/RenderBlock.h:
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::positionForPointWithInlineChildren):
        (WebCore::RenderBlockFlow::positionForPoint):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::positionForPoint):
        * rendering/RenderBox.h:
        * rendering/RenderFileUploadControl.cpp:
        (WebCore::RenderFileUploadControl::positionForPoint):
        * rendering/RenderFileUploadControl.h:
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::positionForPoint):
        * rendering/RenderInline.h:
        * rendering/RenderLineBreak.cpp:
        (WebCore::RenderLineBreak::positionForPoint):
        * rendering/RenderLineBreak.h:
        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::positionForPoint):
        * rendering/RenderMultiColumnSet.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::positionForPoint):
        * rendering/RenderObject.h:
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::positionForPoint):
        * rendering/RenderRegion.h:
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::positionForPoint):
        * rendering/RenderReplaced.h:
        * rendering/RenderText.cpp:
        (WebCore::RenderText::positionForPoint):
        * rendering/RenderText.h:
        * rendering/svg/RenderSVGInlineText.cpp:
        (WebCore::RenderSVGInlineText::positionForPoint):
        * rendering/svg/RenderSVGInlineText.h:
        * rendering/svg/RenderSVGText.cpp:
        (WebCore::RenderSVGText::positionForPoint):
        * rendering/svg/RenderSVGText.h:

2014-04-25  Philippe Normand  <pnormand@igalia.com>

        [GTK] Iframe seamless support was removed in r163427
        https://bugs.webkit.org/show_bug.cgi?id=132192

        Reviewed by Carlos Garcia Campos.

        Add the removed get and set methods as deprecated API to keep
        backwards compatibility.

        * bindings/gobject/WebKitDOMDeprecated.cpp:
        (webkit_dom_processing_instruction_set_data):
        (webkit_dom_html_iframe_element_get_seamless):
        (webkit_dom_html_iframe_element_set_seamless):
        * bindings/gobject/WebKitDOMDeprecated.h:
        * bindings/gobject/WebKitDOMDeprecated.symbols:

2014-04-25  Philippe Normand  <pnormand@igalia.com>

        [GTK] HTMLInputElement webkitdirectory property was removed in r163483
        https://bugs.webkit.org/show_bug.cgi?id=132191

        Reviewed by Carlos Garcia Campos.

        Add the removed get and set methods as deprecated API to keep
        backwards compatibility.

        * bindings/gobject/WebKitDOMDeprecated.cpp:
        (webkit_dom_html_input_element_get_webkitdirectory):
        (webkit_dom_html_input_element_set_webkitdirectory):
        * bindings/gobject/WebKitDOMDeprecated.h:
        * bindings/gobject/WebKitDOMDeprecated.symbols:

2014-04-25  Javier Fernandez  <jfernandez@igalia.com>

        [CSS Grid Layout] Implementation of the grid-template shorthand.
        https://bugs.webkit.org/show_bug.cgi?id=128980

        Reviewed by Darin Adler.

        This shorthand sets the values for the grid-template-columns,
        grid-template-rows and grid-template-areas, so the implementation
        tries to reuse as much available parsing functions as possible.

        The "parsingGridTrackList" was refactored to return a CSSValue and
        let the "parseValue" function to assign the property value. The
        "forwardSlash" operator is now valid when the track-list clause is
        part of a shorthand. The "parseValue" function checkouts that only
        additional clauses are allowed when processing shorthands; the
        grid-columns-rows-get-set.html tests was modified to verify this.

        The "parseGridTemplateAreas" was refactored too, in order to
        process single areas's rows. This is very useful for the
        gris-template secondary syntax, which mixes areas and rows values.

        Finally, the "parseGirdLineNames" function was modified as well by
        defining an new argument to concatenate head/tail custom-ident
        elements and ensure the identList is at the heading index, since
        it's now possible the parseList was rewound.

        The implementation of the grid-template shorthand tries first to
        match the <grid-template-columns> / <grid-template-rows> syntax,
        failing back to the secondary syntax if needed.  This approach
        requires to rewind the parseList but it produces a clearer code.

        Test: fast/css-grid-layout/grid-template-shorthand-get-set.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseGridTemplateRowsAndAreas):
        (WebCore::CSSParser::parseGridTemplateShorthand):
        (WebCore::CSSParser::parseGridLineNames):
        (WebCore::CSSParser::parseGridTrackList):
        (WebCore::CSSParser::parseGridTemplateAreasRow):
        (WebCore::CSSParser::parseGridTemplateAreas):
        * css/CSSParser.h:
        * css/CSSParserValues.h:
        (WebCore::CSSParserValueList::setCurrentIndex):
        * css/CSSPropertyNames.in:
        * css/StylePropertyShorthand.cpp:
        (WebCore::webkitGridTemplateShorthand):
        * css/StylePropertyShorthand.h:

2014-04-25  Andreas Kling  <akling@apple.com>

        Remove two unused SVGDocument functions.
        <https://webkit.org/b/132178>

        Reviewed by Antti Koivisto.

        * svg/SVGDocument.cpp:
        (WebCore::SVGDocument::dispatchZoomEvent): Deleted.
        (WebCore::SVGDocument::dispatchScrollEvent): Deleted.
        * svg/SVGDocument.h:

2014-04-25  Ion Rosca  <rosca@adobe.com>

        Incomplete body painting when using blend modes
        https://bugs.webkit.org/show_bug.cgi?id=131889

        The incomplete painting was caused by the transparency layer created for
        the root renderer. We can safely skip creating this transparency layer at
        the root level, as there is nothing else being painted behind this layer that
        could be used erroneously as a backdrop.

        Reviewed by Simon Fraser.

        Test: css3/compositing/blend-mode-with-body.html

        * rendering/RenderLayer.h:
        Changing RenderLayer::paintsWithTransparency so that it will not
        return true when the root renderer needs to isolate blending.

2014-04-25  Darin Adler  <darin@apple.com>

        ASSERTION FAILED: "!m_isolatedWorld->isNormal() || m_wrapper || !m_jsFunction" in svg/custom/use-instanceRoot-event-listeners.xhtml
        https://bugs.webkit.org/show_bug.cgi?id=132148

        Reviewed by Andreas Kling.

        Changed how JSCustomMarkFunction generation works. Instead of leaving out
        the generated visitChildren function, just generate a call to visitAdditionalChildren.
        This eliminates the need to repeat boilerplate.

        The fix for the above bug was to correct mistaken logic where JSSVGElementInstance
        had a visitChildren that did not properly mark event listeners because it explicitly
        did not call through to the base class visitChildren. The new arrangement makes that
        mistake impossible.

        * bindings/js/JSAttrCustom.cpp:
        (WebCore::JSAttr::visitAdditionalChildren): Use this instead of visitChildren.
        * bindings/js/JSAudioTrackCustom.cpp:
        (WebCore::JSAudioTrack::visitAdditionalChildren): Ditto.
        * bindings/js/JSAudioTrackListCustom.cpp:
        (WebCore::JSAudioTrackList::visitAdditionalChildren): Ditto.
        * bindings/js/JSCSSRuleCustom.cpp:
        (WebCore::JSCSSRule::visitAdditionalChildren): Ditto.
        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        (WebCore::JSCSSStyleDeclaration::visitAdditionalChildren): Ditto.
        * bindings/js/JSCanvasRenderingContextCustom.cpp:
        (WebCore::JSCanvasRenderingContext::visitAdditionalChildren): Ditto.
        * bindings/js/JSCryptoKeyPairCustom.cpp:
        (WebCore::JSCryptoKeyPair::visitAdditionalChildren): Ditto.
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::visitAdditionalChildren): Ditto.
        * bindings/js/JSMessageChannelCustom.cpp:
        (WebCore::JSMessageChannel::visitAdditionalChildren): Ditto.
        * bindings/js/JSMessagePortCustom.cpp:
        (WebCore::JSMessagePort::visitAdditionalChildren): Ditto.
        * bindings/js/JSNodeCustom.cpp:
        (WebCore::JSNode::visitAdditionalChildren): Ditto.
        * bindings/js/JSNodeFilterCustom.cpp:
        (WebCore::JSNodeFilter::visitAdditionalChildren): Ditto.
        * bindings/js/JSNodeIteratorCustom.cpp:
        (WebCore::JSNodeIterator::visitAdditionalChildren): Ditto.
        * bindings/js/JSSVGElementInstanceCustom.cpp:
        (WebCore::JSSVGElementInstance::visitAdditionalChildren): Ditto.
        * bindings/js/JSSharedWorkerCustom.cpp:
        (WebCore::JSSharedWorker::visitAdditionalChildren): Ditto.
        * bindings/js/JSStyleSheetCustom.cpp:
        (WebCore::JSStyleSheet::visitAdditionalChildren): Ditto.
        * bindings/js/JSTextTrackCueCustom.cpp:
        (WebCore::JSTextTrackCue::visitAdditionalChildren): Ditto.
        * bindings/js/JSTextTrackCustom.cpp:
        (WebCore::JSTextTrack::visitAdditionalChildren): Ditto.
        * bindings/js/JSTextTrackListCustom.cpp:
        (WebCore::JSTextTrackList::visitAdditionalChildren): Ditto.
        * bindings/js/JSTreeWalkerCustom.cpp:
        (WebCore::JSTreeWalker::visitAdditionalChildren): Ditto.
        * bindings/js/JSVideoTrackCustom.cpp:
        (WebCore::JSVideoTrack::visitAdditionalChildren): Ditto.
        * bindings/js/JSVideoTrackListCustom.cpp:
        (WebCore::JSVideoTrackList::visitAdditionalChildren): Ditto.
        * bindings/js/JSWebGLRenderingContextCustom.cpp:
        (WebCore::JSWebGLRenderingContext::visitAdditionalChildren): Ditto.
        * bindings/js/JSWorkerGlobalScopeCustom.cpp:
        (WebCore::JSWorkerGlobalScope::visitAdditionalChildren): Ditto.
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::JSXMLHttpRequest::visitAdditionalChildren): Ditto.
        * bindings/js/JSXPathResultCustom.cpp:
        (WebCore::JSXPathResult::visitAdditionalChildren): Ditto.

        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::visitChildren): Rewrote to use modern for loops.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader): Generate declaration of visitAdditionalChildren.
        (GenerateImplementation): Generate call to visitAdditionalChildren.

2014-04-24  Andreas Kling  <akling@apple.com>

        [iOS WebKit2] Enable optimization to mmap downloaded resources once they become file-backed.
        <https://webkit.org/b/132171>
        <rdar://problem/16720733>

        Add a missing export for the USE(CFNETWORK) + WebKit2 combo.

        Reviewed by Antti Koivisto.

        * WebCore.exp.in:

2014-04-24  Darin Adler  <darin@apple.com>

        FrameLoader::checkCompleted can hit the "ref'ing while destroyed" assertion
        https://bugs.webkit.org/show_bug.cgi?id=132163
        rdar://problem/16720640

        Reviewed by Brady Eidson.

        Couldn't find a way to test this yet. Would be nice to have a test.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::checkCompleted): Move protector until after we check
        if the frame is already complete. That can happen in practice when this is
        called from within the frame's destructor. All the code that runs before the
        protector simply checks state and does not require protection.

2014-04-24  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Mark Supplement instead of RefCountedSupplement in NavigatorContentUtils 
        https://bugs.webkit.org/show_bug.cgi?id=132151

        Reviewed by Darin Adler.

        Though Original goal was to make it sharable across navigator instances, the NavigatorContentUtils
        has used RefCountedSupplement<Page> instead of RefCountedSupplement<Navigator>. This patch makes it
        use Supplement<Page> because there is no scenario which needs to be shared across navigator instances.

        Blink merge from https://src.chromium.org/viewvc/blink?view=rev&revision=171403.

        No new tests, no behavior changes.

        * Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
        (WebCore::NavigatorContentUtils::from):
        (WebCore::NavigatorContentUtils::create):
        (WebCore::provideNavigatorContentUtilsTo):
        * Modules/navigatorcontentutils/NavigatorContentUtils.h:

2014-04-24  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167700.
        https://bugs.webkit.org/show_bug.cgi?id=132142

        Incorrectly reverted the change in r167547 for
        webkit.org/b/131898 (Requested by rniwa on #webkit).

        Reverted changeset:

        "Cursor doesn't change back to pointer when leaving the Safari
        window"
        https://bugs.webkit.org/show_bug.cgi?id=132038
        http://trac.webkit.org/changeset/167700

2014-04-24  Brady Eidson  <beidson@apple.com>

        Rename "IMAGE_CONTROLS" feature to "SERVICE_CONTROLS"
        https://bugs.webkit.org/show_bug.cgi?id=132155

        Reviewed by Tim Horton.

        No new tests (No change in behavior).

        * Configurations/FeatureDefines.xcconfig:
        * DerivedSources.make:
        * WebCore.exp.in:
        * css/CSSDefaultStyleSheets.cpp:
        (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        * css/CSSValueKeywords.in:
        * dom/Node.h:
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::HTMLImageElement):
        (WebCore::HTMLImageElement::parseAttribute):
        (WebCore::HTMLImageElement::didAttachRenderers):
        * html/HTMLImageElement.h:
        * html/shadow/ImageControlsRootElement.cpp:
        * html/shadow/ImageControlsRootElement.h:
        * html/shadow/mac/ImageControlsButtonElementMac.cpp:
        * html/shadow/mac/ImageControlsButtonElementMac.h:
        * html/shadow/mac/ImageControlsRootElementMac.cpp:
        * html/shadow/mac/ImageControlsRootElementMac.h:
        * page/ContextMenuContext.cpp:
        (WebCore::ContextMenuContext::ContextMenuContext):
        * page/ContextMenuContext.h:
        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::maybeCreateContextMenu):
        (WebCore::ContextMenuController::populate):
        * page/ContextMenuController.h:
        * page/Settings.in:
        * platform/ThemeTypes.h:
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::canHaveChildren):
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::adjustStyle):
        (WebCore::RenderTheme::paint):
        (WebCore::RenderTheme::paintBorderOnly):
        (WebCore::RenderTheme::paintDecorations):
        * rendering/RenderTheme.h:
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::servicesRolloverButtonCell):
        (WebCore::RenderThemeMac::paintImageControlsButton):
        (WebCore::RenderThemeMac::imageControlsButtonSize):

2014-04-24  Timothy Hatcher  <timothy@apple.com>

        Web Inspector: Restore PageDebuggerAgent::enable / disable
        https://bugs.webkit.org/show_bug.cgi?id=132156

        Restore functions that were eroniously removed in r167530.

        Reviewed by Joseph Pecoraro.

        * inspector/PageDebuggerAgent.cpp:
        (WebCore::PageDebuggerAgent::enable): Added.
        (WebCore::PageDebuggerAgent::disable): Added.
        * inspector/PageDebuggerAgent.h:

2014-04-24  Alexey Proskuryakov  <ap@apple.com>

        Dropzone effects don't work in non-file documents
        https://bugs.webkit.org/show_bug.cgi?id=131770

        Reviewed by Darin Adler.

        File documents have two quirks that were making dropzone work in these before:
        1. An ancient hack for Dashboard allows pasteboard access from JS.
        2. On Mac, sandbox doesn't prevent File object creation, as we already have the access.

        * dom/DataTransfer.cpp:
        (WebCore::DataTransfer::hasFileOfType):
        (WebCore::DataTransfer::hasStringOfType):
        * dom/DataTransfer.h:
        Moved these functions from EventHandler to DataTransfer. We can't create a DataTransfer
        with Files while dragging, security doesn't permit us to. But we can get the file name.

        * fileapi/File.cpp:
        (WebCore::createBlobDataForFile):
        (WebCore::createBlobDataForFileWithName):
        (WebCore::File::contentTypeFromFilePath):
        (WebCore::getContentTypeFromFileName): Deleted.
        * fileapi/File.h:
        Exposed a function to get file type from path without creating a File first.
        This is much cheaper than creating a File, and works even when sandbox disallows
        read access to content, such as when dragging over a target.

        * page/EventHandler.cpp:
        (WebCore::hasDropZoneType):
        (WebCore::hasFileOfType): Deleted.
        (WebCore::hasStringOfType): Deleted.

2014-04-24  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167441.
        https://bugs.webkit.org/show_bug.cgi?id=132152

        Caused full screen regressions on vimeo, youtube, and others.
        (Requested by jernoble on #webkit).

        Reverted changeset:

        "Fullscreen media controls are unusable in pagination mode"
        https://bugs.webkit.org/show_bug.cgi?id=131705
        http://trac.webkit.org/changeset/167441

2014-04-24  Adenilson Cavalcanti  <cavalcantii@gmail.com>

        Unused class forward declarations in Page
        https://bugs.webkit.org/show_bug.cgi?id=132141

        Reviewed by Benjamin Poulain.

        No new tests, no change on behavior.

        * page/Page.h:

2014-04-24  Eric Carlson  <eric.carlson@apple.com>

        [Mac] don't ask for AVAssetTrack properties before they are available
        https://bugs.webkit.org/show_bug.cgi?id=131902
        <rdar://problem/16505076>

        Reviewed by Brent Fulgham.

        No new tests, the behavior this changes can not be tested with a layout test.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC): Initialize
            m_cachedTotalBytes.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::beginLoadingMetadata): Don't report that
            metadata has been loaded until the track properties we need have been loaded too.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::totalBytes): Cache totalBytes instead
            of recalculating it every time.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksDidChange): Invalidate cached
            total bytes.
        (WebCore::assetTrackMetadataKeyNames): Array of AVAssetTrack properties we use.

2014-04-24  Myles C. Maxfield  <mmaxfield@apple.com>

        Unify platformWidthForGlyph across OS X and iOS
        https://bugs.webkit.org/show_bug.cgi?id=132036

        Reviewed by Darin Adler.

        This patch creates on shared SimpleFontData::platformWidthForGlyph() function for both OS X and iOS.

        No new tests are necessary because there should be no behavior changes.

        * platform/graphics/SimpleFontData.h: Signatures for two helper functions
        * platform/graphics/ios/SimpleFontDataIOS.mm: Replace iOS implementation of platformWidthForGlyph() with
        implementations of only the two helper functions
        (WebCore::SimpleFontData::getRenderingStyle): Compute style argument to CGFontGetGlyphAdvancesForStyle()
        (WebCore::SimpleFontData::advanceForColorBitmapFont): iOS doesn't have color bitmap fonts
        (WebCore::SimpleFontData::platformWidthForGlyph): Deleted.
        * platform/graphics/mac/SimpleFontDataMac.mm:
        (WebCore::SimpleFontData::getRenderingStyle): Compute style argument to CGFontGetGlyphAdvancesForStyle()
        (WebCore::SimpleFontData::advanceForColorBitmapFont): Use [NSFont advancementForGlyph] to compute the advance
        (WebCore::hasCustomTracking): Removed #if
        (WebCore::isEmoji): Only relevant on iOS
        (WebCore::SimpleFontData::platformWidthForGlyph): Shared implementation. Calls helper functions.

2014-04-24  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Clipping on text areas when shifted by one device pixel.
        https://bugs.webkit.org/show_bug.cgi?id=132008

        Reviewed by Darin Adler.

        Make RenderTheme paint* functions LayoutRect aware. Textarea is device pixel snapped, while
        other theme controls are still on integral size/positions.

        Test: fast/forms/hidpi-textarea-on-subpixel-position.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::paintBoxDecorations):
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::paint):
        (WebCore::RenderTheme::paintBorderOnly):
        (WebCore::RenderTheme::paintDecorations):
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::paintTextField):
        (WebCore::RenderTheme::paintTextFieldDecorations):
        (WebCore::RenderTheme::paintTextArea):
        (WebCore::RenderTheme::paintTextAreaDecorations):
        * rendering/RenderThemeIOS.h:
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::paintTextFieldDecorations):
        (WebCore::RenderThemeIOS::paintTextAreaDecorations):
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintTextField):
        (WebCore::RenderThemeMac::paintTextArea):

2014-04-24  Myles C. Maxfield  <mmaxfield@apple.com>

        FontCache::fontCache() never returns nullptr so it can be made to return a reference instead
        https://bugs.webkit.org/show_bug.cgi?id=132110

        Reviewed by Tim Horton.

        Updates callers to use '.' instead of '->'.

        No new tests are necessary because there should be no behavior change.

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::getFontData):
        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::CSSFontSelector):
        (WebCore::CSSFontSelector::~CSSFontSelector):
        (WebCore::CSSFontSelector::addFontFaceRule):
        (WebCore::fontDataForGenericFamily):
        (WebCore::CSSFontSelector::getFallbackFontData):
        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseMemory):
        * platform/graphics/FontCache.cpp:
        (WebCore::fontCache): Return a reference
        * platform/graphics/FontCache.h:
        (WebCore::FontCachePurgePreventer::FontCachePurgePreventer):
        (WebCore::FontCachePurgePreventer::~FontCachePurgePreventer):
        * platform/graphics/FontGlyphs.cpp:
        (WebCore::FontGlyphs::FontGlyphs):
        (WebCore::FontGlyphs::releaseFontData):
        (WebCore::FontGlyphs::realizeFontDataAt):
        (WebCore::FontGlyphs::glyphDataAndPageForCharacter):
        * platform/graphics/freetype/FontPlatformDataFreeType.cpp:
        (WebCore::FontPlatformData::verticalData):
        * platform/graphics/ios/SimpleFontDataIOS.mm:
        (WebCore::SimpleFontData::platformCreateScaledFontData):
        * platform/graphics/mac/ComplexTextControllerCoreText.mm:
        (WebCore::ComplexTextController::collectComplexTextRunsForCharacters):
        * platform/graphics/mac/FontCacheMac.mm:
        (WebCore::invalidateFontCache):
        (WebCore::fontCacheRegisteredFontsChangedNotificationCallback):
        * platform/graphics/mac/SimpleFontDataMac.mm:
        (WebCore::SimpleFontData::platformDestroy):
        (WebCore::SimpleFontData::platformCreateScaledFontData):
        * platform/graphics/win/FontCacheWin.cpp:
        (WebCore::getCJKCodePageMasks):
        * platform/graphics/win/SimpleFontDataWin.cpp:
        (WebCore::SimpleFontData::containsCharacters):
        * platform/graphics/wince/FontCacheWinCE.cpp:
        (WebCore::getCJKCodePageMasks):
        * platform/graphics/wince/FontPlatformData.cpp:
        (WebCore::FontFamilyCodePageInfo::codePages):
        (WebCore::FixedSizeFontData::create):
        * platform/graphics/wince/GlyphPageTreeNodeWinCE.cpp:
        (WebCore::GlyphPage::fill):
        * platform/graphics/wince/SimpleFontDataWinCE.cpp:
        (WebCore::SimpleFontData::platformCreateScaledFontData):
        (WebCore::SimpleFontData::containsCharacters):

2014-04-24  Eric Carlson  <eric.carlson@apple.com>

        [iOS] Manage AudioSession category according to media type
        https://bugs.webkit.org/show_bug.cgi?id=132096

        Reviewed by Jer Noble.

        * WebCore.exp.in: Export setting.

        * html/HTMLMediaSession.cpp:
        (WebCore::HTMLMediaSession::HTMLMediaSession):
        (WebCore::initializeAudioSession): Deleted.

        * page/Settings.cpp:
        * page/Settings.h:
        (WebCore::Settings::setShouldManageAudioSession): New.
        (WebCore::Settings::shouldManageAudioSession): Ditto.

        * platform/audio/ios/AudioDestinationIOS.cpp:
        (WebCore::AudioDestinationIOS::AudioDestinationIOS): Use a MediaSession instead of inheriting
            from AudioListener and calling the AudioSession directly.
        (WebCore::AudioDestinationIOS::~AudioDestinationIOS): Ditto.
        (WebCore::AudioDestinationIOS::start): Notify session.
        (WebCore::AudioDestinationIOS::stop): Ditto.
        (WebCore::AudioDestinationIOS::beganAudioInterruption): Deleted.
        (WebCore::AudioDestinationIOS::endedAudioInterruption): Deleted.
        * platform/audio/ios/AudioDestinationIOS.h:
        (WebCore::AudioDestinationIOS::mediaType):
        (WebCore::AudioDestinationIOS::canReceiveRemoteControlCommands):
        (WebCore::AudioDestinationIOS::didReceiveRemoteControlCommand):
        (WebCore::AudioDestinationIOS::isPlaying): Deleted.

        * platform/audio/ios/AudioSessionIOS.mm:
        (WebCore::categoryName): Debug-only logging function.
        (WebCore::AudioSession::setCategory): Don't stick with "media" once it is set.

        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (WebCore::MediaSessionManageriOS::resetRestrictions): Set up restrictions for WebAudio.
        (WebCore::MediaSessionManageriOS::updateNowPlayingInfo): Don't set invalid start time.

        * platform/audio/mac/MediaSessionManagerMac.cpp:
        (MediaSessionManager::updateSessionState): Manage AudioSession.active when WebAudio clients
            come and go. Manage AudioSession.category according to the number of WebAudio and
            HTMLMediaElement clients.

2014-04-24  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Client rects don't work with column spans.
        https://bugs.webkit.org/show_bug.cgi?id=132131

        Reviewed by Dean Jackson.
        
        Don't factor in the offset of the multicolumn set from the top
        of the multicolumn block. This was added already, and it doesn't
        need to be a part of columnTranslationForOffset.

        Added fast/multicol/client-rects-spanners.html

        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::columnTranslationForOffset):

2014-04-24  Praveen R Jadhav  <praveen.j@samsung.com>

        [EFL] WebKit build fails when MEDIA_SOURCE is enabled
        https://bugs.webkit.org/show_bug.cgi?id=132118

        Reviewed by Brent Fulgham.

        Files MediaSourceGStreamer.cpp, SourceBufferPrivateGStreamer.cpp and
        WebKitMediaSourceGStreamer.cpp are included for EFL port build.

        No new tests. No change in behaviour.

        * PlatformEfl.cmake: MediaSourceGStreamer.cpp, SourceBufferPrivateGStreamer.cpp
        and WebKitMediaSourceGStreamer.cpp are included for compilation.

2014-04-24  Tamas Gergely  <tgergely.u-szeged@partner.samsung.com>

        ASSERTION FAILED: !begin.isIndefinite() in WebCore::SVGSMILElement::resolveFirstInterval.
        https://bugs.webkit.org/show_bug.cgi?id=131097

        Reviewed by Darin Adler.

        According to smil animation reference, max attribute cannot be 0.

        Test: svg/animations/smil-animation-max-attribute-zero-crash.svg

        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::maxValue):
          changed (result < 0) to (result <= 0)

2014-04-24  Ryuan Choi  <ryuan.choi@samsung.com>

        Remove screenColorProfile()
        https://bugs.webkit.org/show_bug.cgi?id=132035

        Reviewed by Darin Adler.

        Only chromium used screenColorProfile() since r120789.

        * platform/PlatformScreen.h:
        * platform/efl/PlatformScreenEfl.cpp:
        (WebCore::screenColorProfile): Deleted.
        * platform/gtk/PlatformScreenGtk.cpp:
        (WebCore::screenColorProfile): Deleted.
        * platform/image-decoders/ImageDecoder.h:
        (WebCore::ImageDecoder::qcmsOutputDeviceProfile):
        * platform/ios/PlatformScreenIOS.mm:
        (WebCore::screenColorProfile): Deleted.
        * platform/mac/PlatformScreenMac.mm:
        (WebCore::screenColorProfile): Deleted.
        * platform/win/PlatformScreenWin.cpp:
        (WebCore::screenColorProfile): Deleted.

2014-04-24  Zalan Bujtas  <zalan@apple.com>

        One more unreviewed build fix after r167755.

        * html/shadow/mac/ImageControlsButtonElementMac.cpp:
        (WebCore::RenderImageControlsButton::updateLogicalWidth):
        (WebCore::RenderImageControlsButton::computeLogicalHeight):

2014-04-24  Zalan Bujtas  <zalan@apple.com>

        Unreviewed build fix after r167755.

        * rendering/RenderThemeMac.h:

2014-04-24  Zalan Bujtas  <zalan@apple.com>

        Transition RenderTheme API from RenderObject* to const RenderObject&
        https://bugs.webkit.org/show_bug.cgi?id=132037

        Reviewed by Andreas Kling.

        Using const references provides better encapsulation and improve security.

        No change in behavior.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::boundingBoxForQuads):
        * dom/Element.cpp:
        (WebCore::Element::setActive):
        (WebCore::Element::setHovered):
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::focusedOrActiveStateChanged):
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::disabledStateChanged):
        (WebCore::HTMLFormControlElement::readOnlyAttributeChanged):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::setChecked):
        (WebCore::HTMLInputElement::setIndeterminate):
        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::parseAttribute):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::addVisualOverflowFromTheme):
        (WebCore::RenderBlock::baselinePosition):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::paintBoxDecorations):
        * rendering/RenderButton.cpp:
        (WebCore::RenderButton::styleDidChange):
        * rendering/RenderFileUploadControl.cpp:
        (WebCore::RenderFileUploadControl::paintObject):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::addRegionsVisualOverflowFromTheme):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::drawLineForBoxSide):
        * rendering/RenderObject.h:
        * rendering/RenderProgress.cpp:
        (WebCore::RenderProgress::computeLogicalHeight):
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::paint):
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::paint):
        (WebCore::RenderTheme::paintBorderOnly):
        (WebCore::RenderTheme::paintDecorations):
        (WebCore::RenderTheme::baselinePosition):
        (WebCore::RenderTheme::adjustRepaintRect):
        (WebCore::RenderTheme::stateChanged):
        (WebCore::RenderTheme::updateControlStatesForRenderer):
        (WebCore::RenderTheme::extractControlStatesForRenderer):
        (WebCore::RenderTheme::isActive):
        (WebCore::RenderTheme::isChecked):
        (WebCore::RenderTheme::isIndeterminate):
        (WebCore::RenderTheme::isEnabled):
        (WebCore::RenderTheme::isFocused):
        (WebCore::RenderTheme::isPressed):
        (WebCore::RenderTheme::isSpinUpButtonPartPressed):
        (WebCore::RenderTheme::isReadOnlyControl):
        (WebCore::RenderTheme::isHovered):
        (WebCore::RenderTheme::isSpinUpButtonPartHovered):
        (WebCore::RenderTheme::isDefault):
        (WebCore::RenderTheme::paintInputFieldSpeechButton):
        (WebCore::RenderTheme::paintMeter):
        (WebCore::RenderTheme::paintSliderTicks):
        (WebCore::RenderTheme::progressBarRectForBounds):
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::controlSupportsTints):
        (WebCore::RenderTheme::paintCapsLockIndicator):
        (WebCore::RenderTheme::paintFileUploadIconDecorations):
        (WebCore::RenderTheme::imageControlsButtonSize):
        (WebCore::RenderTheme::paintCheckbox):
        (WebCore::RenderTheme::paintRadio):
        (WebCore::RenderTheme::paintButton):
        (WebCore::RenderTheme::paintInnerSpinButton):
        (WebCore::RenderTheme::paintCheckboxDecorations):
        (WebCore::RenderTheme::paintRadioDecorations):
        (WebCore::RenderTheme::paintButtonDecorations):
        (WebCore::RenderTheme::paintTextField):
        (WebCore::RenderTheme::paintTextFieldDecorations):
        (WebCore::RenderTheme::paintTextArea):
        (WebCore::RenderTheme::paintTextAreaDecorations):
        (WebCore::RenderTheme::paintMenuList):
        (WebCore::RenderTheme::paintMenuListDecorations):
        (WebCore::RenderTheme::paintMenuListButtonDecorations):
        (WebCore::RenderTheme::paintPushButtonDecorations):
        (WebCore::RenderTheme::paintSquareButtonDecorations):
        (WebCore::RenderTheme::paintProgressBar):
        (WebCore::RenderTheme::paintSliderTrack):
        (WebCore::RenderTheme::paintSliderThumb):
        (WebCore::RenderTheme::paintSliderThumbDecorations):
        (WebCore::RenderTheme::paintSearchField):
        (WebCore::RenderTheme::paintSearchFieldDecorations):
        (WebCore::RenderTheme::paintSearchFieldCancelButton):
        (WebCore::RenderTheme::paintSearchFieldDecorationPart):
        (WebCore::RenderTheme::paintSearchFieldResultsDecorationPart):
        (WebCore::RenderTheme::paintSearchFieldResultsButton):
        (WebCore::RenderTheme::paintMediaFullscreenButton):
        (WebCore::RenderTheme::paintMediaPlayButton):
        (WebCore::RenderTheme::paintMediaOverlayPlayButton):
        (WebCore::RenderTheme::paintMediaMuteButton):
        (WebCore::RenderTheme::paintMediaSeekBackButton):
        (WebCore::RenderTheme::paintMediaSeekForwardButton):
        (WebCore::RenderTheme::paintMediaSliderTrack):
        (WebCore::RenderTheme::paintMediaSliderThumb):
        (WebCore::RenderTheme::paintMediaVolumeSliderContainer):
        (WebCore::RenderTheme::paintMediaVolumeSliderTrack):
        (WebCore::RenderTheme::paintMediaVolumeSliderThumb):
        (WebCore::RenderTheme::paintMediaRewindButton):
        (WebCore::RenderTheme::paintMediaReturnToRealtimeButton):
        (WebCore::RenderTheme::paintMediaToggleClosedCaptionsButton):
        (WebCore::RenderTheme::paintMediaControlsBackground):
        (WebCore::RenderTheme::paintMediaCurrentTime):
        (WebCore::RenderTheme::paintMediaTimeRemaining):
        (WebCore::RenderTheme::paintMediaFullScreenVolumeSliderTrack):
        (WebCore::RenderTheme::paintMediaFullScreenVolumeSliderThumb):
        (WebCore::RenderTheme::paintSnapshottedPluginOverlay):
        (WebCore::RenderTheme::paintImageControlsButton):
        * rendering/RenderThemeIOS.h:
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::addRoundedBorderClip):
        (WebCore::RenderThemeIOS::paintCheckboxDecorations):
        (WebCore::RenderThemeIOS::baselinePosition):
        (WebCore::RenderThemeIOS::paintRadioDecorations):
        (WebCore::RenderThemeIOS::paintTextFieldDecorations):
        (WebCore::RenderThemeIOS::paintTextAreaDecorations):
        (WebCore::RenderThemeIOS::paintMenuListButtonDecorations):
        (WebCore::RenderThemeIOS::paintSliderTrack):
        (WebCore::RenderThemeIOS::paintSliderThumbDecorations):
        (WebCore::RenderThemeIOS::paintProgressBar):
        (WebCore::RenderThemeIOS::paintSearchFieldDecorations):
        (WebCore::RenderThemeIOS::paintButtonDecorations):
        (WebCore::RenderThemeIOS::paintPushButtonDecorations):
        (WebCore::RenderThemeIOS::paintFileUploadIconDecorations):
        * rendering/RenderThemeMac.h:
        (WebCore::RenderThemeMac::updateActiveState):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::documentViewFor):
        (WebCore::RenderThemeMac::adjustRepaintRect):
        (WebCore::RenderThemeMac::convertToPaintingRect):
        (WebCore::RenderThemeMac::updateCheckedState):
        (WebCore::RenderThemeMac::updateEnabledState):
        (WebCore::RenderThemeMac::updateFocusedState):
        (WebCore::RenderThemeMac::updatePressedState):
        (WebCore::RenderThemeMac::controlSupportsTints):
        (WebCore::RenderThemeMac::paintTextField):
        (WebCore::RenderThemeMac::paintCapsLockIndicator):
        (WebCore::RenderThemeMac::paintTextArea):
        (WebCore::RenderThemeMac::paintMenuList):
        (WebCore::RenderThemeMac::paintMeter):
        (WebCore::RenderThemeMac::progressBarRectForBounds):
        (WebCore::RenderThemeMac::paintProgressBar):
        (WebCore::RenderThemeMac::paintMenuListButtonGradients):
        (WebCore::RenderThemeMac::paintMenuListButtonDecorations):
        (WebCore::RenderThemeMac::setPopupButtonCellState):
        (WebCore::RenderThemeMac::paintSliderTrack):
        (WebCore::RenderThemeMac::paintSliderThumb):
        (WebCore::RenderThemeMac::paintSearchField):
        (WebCore::RenderThemeMac::setSearchCellState):
        (WebCore::RenderThemeMac::paintSearchFieldCancelButton):
        (WebCore::RenderThemeMac::paintSearchFieldDecorationPart):
        (WebCore::RenderThemeMac::paintSearchFieldResultsDecorationPart):
        (WebCore::RenderThemeMac::paintSearchFieldResultsButton):
        (WebCore::RenderThemeMac::paintSnapshottedPluginOverlay):
        (WebCore::RenderThemeMac::paintImageControlsButton):
        (WebCore::RenderThemeMac::imageControlsButtonSize):

2014-04-23  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] HTML Media capture attribute is a boolean since r163958
        https://bugs.webkit.org/show_bug.cgi?id=132061

        Reviewed by Gustavo Noronha Silva.

        Add new methods webkit_dom_html_input_element_get_capture_enabled
        and webkit_dom_html_input_element_set_capture_enabled using a
        boolean and deprecate the old methods.

        * bindings/gobject/WebKitDOMDeprecated.cpp:
        (webkit_dom_html_input_element_get_capture):
        (webkit_dom_html_input_element_set_capture):
        * bindings/gobject/WebKitDOMDeprecated.h:
        * bindings/gobject/WebKitDOMDeprecated.symbols:
        * bindings/gobject/webkitdom.symbols:
        * bindings/scripts/CodeGeneratorGObject.pm:
        (GetEffectiveFunctionName): Helper function to rename API methods
        for special cases.
        (GenerateFunction): Use GetEffectiveFunctionName().

2014-04-23  Praveen R Jadhav  <praveen.j@samsung.com>

        [MediaStream] Implement MediaStream active attribute
        https://bugs.webkit.org/show_bug.cgi?id=131973

        Reviewed by Eric Carlson.

        MediaStream .active attribute are introduced which will replace
        .ended attribute. This patch implements the newly introduced attributes.

        MediaStream-add-remove-tracks.html is updated to handle this scenario.

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::active): Added.
        (WebCore::MediaStream::setActive): Added.
        (WebCore::MediaStream::addTrack): Propagates 'onactive' event when required.
        (WebCore::MediaStream::removeTrack): Propagates 'oninactive' event when required.
        (WebCore::MediaStream::trackDidEnd): Propagates 'oninactive' event when required.
        (WebCore::MediaStream::streamDidEnd):
        (WebCore::MediaStream::setStreamIsActive): Added.
        * Modules/mediastream/MediaStream.h:
        * Modules/mediastream/MediaStream.idl:
        * dom/EventNames.h:
        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::MediaStreamPrivate): Initialize .active attribute
        (WebCore::MediaStreamPrivate::setEnded):
        (WebCore::MediaStreamPrivate::setActive): Added.
        * platform/mediastream/MediaStreamPrivate.h:
        (WebCore::MediaStreamPrivate::active): Added.

2014-04-23  Darin Adler  <darin@apple.com>

        [Cocoa] fix CF leaks found by code inspection
        https://bugs.webkit.org/show_bug.cgi?id=132106

        Reviewed by Andreas Kling.

        * page/CaptionUserPreferencesMediaAF.cpp:
        (WebCore::trackDisplayName): Added a missing adoptCF.

        * platform/Language.cpp:
        (WebCore::displayNameForLanguageLocale): Added a missing adoptCF.

        * platform/graphics/FontPlatformData.cpp:
        (WebCore::FontPlatformData::openTypeTable): Added a missing adoptCF.

        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.cpp:
        (WebCore::InbandTextTrackPrivateAVCF::label): Added two missing adoptCF.

        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::AVFWrapper::createImageForTimeInRect): Added two missing adoptCF.

        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::createPDFDocument): Added missing adoptCF.

        * platform/graphics/cocoa/FontPlatformDataCocoa.mm:
        (WebCore::cascadeToLastResortFontDescriptor): Added two missing adoptCF.

        * platform/graphics/mac/FontMac.mm:
        (WebCore::Font::primaryFontDataIsSystemFont): Added missing adoptCF.

        * platform/graphics/mac/SimpleFontDataMac.mm:
        (WebCore::hasCustomTracking): Added missing adoptCF.

        * platform/image-decoders/ImageDecoder.h:
        (WebCore::ImageDecoder::qcmsOutputDeviceProfile): Added CFRelease.

        * plugins/mac/PluginPackageMac.cpp:
        (WebCore::readPListFile): Added two missing adoptCF.

2014-04-23  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION (r157328): popover to check into flight ba.com dismisses instantly when focusing form
        https://bugs.webkit.org/show_bug.cgi?id=131949

        Address the review comment.

        * dom/EventDispatcher.cpp:
        (WebCore::EventRelatedNodeResolver::findHostOfTreeScopeInTargetTreeScope):

2014-04-23  Andreas Kling  <akling@apple.com>

        CachedResourceLoader hoards URLs indefinitely for no good reason.
        <https://webkit.org/b/132102>
        <rdar://problem/16708265>

        Since we don't care about CachedResourceLoader::m_validatedURL's after
        the Document has finished dispatching its initial load event, clear the
        set at that point, and don't add any new URLs to it.

        Reviewed by Anders Carlsson.

        * dom/Document.cpp:
        (WebCore::Document::dispatchWindowLoadEvent):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestResource):
        (WebCore::CachedResourceLoader::documentDidFinishLoadEvent):
        * loader/cache/CachedResourceLoader.h:

2014-04-23  Andreas Kling  <akling@apple.com>

        Canvas cache of clean URLs can grow without bounds.
        <https://webkit.org/b/132091>
        <rdar://problem/16695665>

        Remove a silly "optimization" that kept a cache of clean URLs
        that can be drawn into a canvas without tainting it, all to avoid
        the "expensive" checks to determine whether it would taint.

        Reviewed by Benjamin Poulain.

        * html/canvas/CanvasRenderingContext.cpp:
        (WebCore::CanvasRenderingContext::wouldTaintOrigin):
        * html/canvas/CanvasRenderingContext.h:

2014-04-23  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Fix a few mistakes affecting the initial layout and the initial unobscured rect
        https://bugs.webkit.org/show_bug.cgi?id=132093

        Reviewed by Tim Horton.

        Change the minimum layout size to float point values to account for size defined on retina displays.
        The minimum layout size supports half-pixels, the value is rounded later when computing the layout size
        in document coordinates.

        * WebCore.exp.in:
        * page/ViewportConfiguration.cpp:
        (WebCore::ViewportConfiguration::ViewportConfiguration):
        Setting the initial content size is incorrect. The layout size computation already take into account
        empty size for the first layout.

        Setting the content size upfront make the first computation incorrect when the viewport arguments specify
        the initial scale.

        (WebCore::ViewportConfiguration::setMinimumLayoutSize):
        * page/ViewportConfiguration.h:
        (WebCore::ViewportConfiguration::minimumLayoutSize):

2014-04-23  Brent Fulgham  <bfulgham@apple.com>

        [Mac, iOS] Stop buffering media when on an inactive tab. 
        https://bugs.webkit.org/show_bug.cgi?id=132077

        Reviewed by Eric Carlson.

        * html/HTMLMediaElement.cpp: Rename 'm_isDisplaySleepDisablingSuspended'
        to 'm_elementIsHidden'.
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::visibilityStatusChanged): Notify the
        media session that the element is (or is not) hidden.
        (WebCore::HTMLMediaElement::setShouldBufferData): Added.
        * html/HTMLMediaElement.h:
        * platform/audio/MediaSession.cpp:
        (WebCore::MediaSession::clientWillBeginPlayback): Tell media to
        buffer if not hidden or playing.
        (WebCore::MediaSession::clientWillPausePlayback): Ditto.
        (WebCore::MediaSession::visibilityChanged): Added. Client API, just relays call
        to updateClientDataBuffering.
        (WebCore::MediaSession::updateClientDataBuffering): Tell client it should only
        buffer data if it's currently playing, or not hidden.
        * platform/audio/MediaSession.h:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::setShouldBufferData): Added: Just relays to
        MediaPlayerPrivate object.
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::setShouldBufferData):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldBufferData): Added.
        Detach the player item from the player if we don't want to continue
        buffering or other background tasks.

2014-04-23  Alexey Proskuryakov  <ap@apple.com>

        Eliminate internals.setMockScrollbarsEnabled()
        https://bugs.webkit.org/show_bug.cgi?id=132085

        Reviewed by Tim Horton.

        This was essentially unused, and also didnt work.

        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::Backup::restoreTo):
        (WebCore::InternalSettings::setMockScrollbarsEnabled): Deleted.
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:

2014-04-23  Anders Carlsson  <andersca@apple.com>

        Don't migrate the WKView.h header from WebCore to WebKit
        https://bugs.webkit.org/show_bug.cgi?id=132086

        Reviewed by Dan Bernstein.

        * WebCore.xcodeproj/project.pbxproj:
        Add WAKViewInternal.h.

        * platform/WAKViewInternal.h: Added.

        * platform/ios/wak/WAKClipView.m:
        Import WAKViewInternal.h instead of WAKViewPrivate.h.

        * platform/ios/wak/WAKScrollView.mm:
        Import WAKViewInternal.h instead of WAKViewPrivate.h.

        * platform/ios/wak/WAKView.h:
        Move ivars to a class extension in WAKViewInternal.h and remove WKView.h import.

        * platform/ios/wak/WAKView.mm:
        Import WAKViewInternal.h instead of WAKViewPrivate.h.

        * platform/ios/wak/WAKViewPrivate.h:
        Import WKViewPrivate.h.

2014-04-23  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] fast/multicol/fixed-column-percent-logical-height-orthogonal-writing-mode.html fails
        https://bugs.webkit.org/show_bug.cgi?id=132078

        Reviewed by Anders Carlsson.

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::skipContainingBlockForPercentHeightCalculation):
        Add a parameter to test for orthogonal writing modes. If we're perpendicular,
        then we should not skip the flow thread, since we resolve relative to the column width,
        and that is always set.

        (WebCore::RenderBox::computePercentageLogicalHeight):
        Patched to pass in whether or not the box and the ancestor block are perpendicular.

        * rendering/RenderBox.h:
        Patched the signature of skipContainingBlockForPercentHeightCalculation

2014-04-23  Myles C. Maxfield  <mmaxfield@apple.com>

        [OS X] Make checking if a font is the system font more robust
        https://bugs.webkit.org/show_bug.cgi?id=132030

        Reviewed by Dean Jackson.

        Instead of inspecting a font's name to determine if it is a system font,
        on OS X we can ask the system directly.

        This patch also moves a platform-specific check into platform-specific
        code, so that other platforms don't check for OS X-specific behavior.

        Covered by existing tests.

        * platform/graphics/Font.cpp:
        (WebCore::Font::hasValidAverageCharWidth):
        * platform/graphics/Font.h:
        * platform/graphics/mac/FontMac.mm:
        (WebCore::Font::primaryFontDataIsSystemFont):

2014-04-23  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Assertion failure in huge-column-count.html
        https://bugs.webkit.org/show_bug.cgi?id=132071

        Reviewed by Dean Jackson.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::regionAtBlockOffset):
        Back out this change, since it wasn't general enough.

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::getRegionRangeForBox):
        The real issue was that this loop needed to consider the actual box
        rather than starting from the parent. This was a non-issue for normal
        regions (which cannot have nested flow threads), but for columns, you 
        have to consider the fact that the box could itself be a flow thread.

2014-04-23  Andreas Kling  <akling@apple.com>

        [iOS] Memory pressure notification should fire on main thread.
        <https://webkit.org/b/132074>

        Rejig the memory pressure notification to fire on the main queue
        directly instead of rerouting it manually.

        Reviewed by Mark Rowe.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::install):

2014-04-23  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167720.
        https://bugs.webkit.org/show_bug.cgi?id=132075

        broke eight newmulticol tests (Requested by thorton on
        #webkit).

        Reverted changeset:

        "[New Multicolumn] Assertion failure in huge-column-
        count.html"
        https://bugs.webkit.org/show_bug.cgi?id=132071
        http://trac.webkit.org/changeset/167720

2014-04-23  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Assertion failure in huge-column-count.html
        https://bugs.webkit.org/show_bug.cgi?id=132071

        Reviewed by Dean Jackson.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::regionAtBlockOffset):
        Remove the code that returned 0 here, since we're going to patch a lower-level
        function to catch all cases.

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::getRegionRangeForBox):
        Don't allow in-flow RenderFlowThreads to ever have a region range. The sets
        are what should have ranges... the flow thread needs to just be ignored.

2014-04-23  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Crasher when clearing out a flow thread in multicolumn layout.
        https://bugs.webkit.org/show_bug.cgi?id=132069

        Reviewed by Dean Jackson.

        This is imported from a patch Morten did for Blink, but I had to change it a fair
        bit. deleteLines() is used to handle simple line box layout instead of just calling
        deleteLineBoxTree.
        
        I also had to disable the layout state to stop asserts on repaint when the children
        get moved. Not sure why Blink didn't hit this, but it's simple enough to add a
        LayoutStateDisabler to stop the assert.

        Added fast/multicol/inline-children-crash.html

        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::evacuateAndDestroy):

2014-04-23  Andreas Kling  <akling@apple.com>

        [iOS WebKit2] IOSurfacePool should force CA to actually garbage collect surfaces.
        <https://webkit.org/b/132065>
        <rdar://problem/16110687>

        Add a platformGarbageCollectNow() helper function to IOSurfacePool that
        triggers a sweep of the IOSurfaces. Call this from collectionTimerFired()
        and discardAllSurfaces().

        This lets us drop all otherwise-unused 420f surfaces on memory pressure.

        Reviewed by Tim Horton.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/cg/IOSurfacePool.cpp:
        (WebCore::IOSurfacePool::collectionTimerFired):
        (WebCore::IOSurfacePool::discardAllSurfaces):
        * platform/graphics/cg/IOSurfacePool.h:
        * platform/graphics/cocoa/IOSurfacePoolCocoa.mm: Added.
        (WebCore::IOSurfacePool::platformGarbageCollectNow):

2014-04-23  Morten Stenshorne  <mstensho@opera.com>

        REGRESSION (Safari 6 - ToT): Incorrectly assumes that RenderStyle data can be shared
        https://bugs.webkit.org/show_bug.cgi?id=113058

        Reviewed by David Hyatt.

        Before sharing CSS properties with an element in the cache, we need to
        check that the new element is suitable for this, just like we check
        elements before inserting them into the cache.

        Test: fast/css/identical-logical-height-decl.html

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::applyMatchedProperties):

2014-04-23  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167713.
        https://bugs.webkit.org/show_bug.cgi?id=132070

        broke hundreds of tests (Requested by thorton on #webkit).

        Reverted changeset:

        "[OS X] Make checking if a font is the system font more
        robust"
        https://bugs.webkit.org/show_bug.cgi?id=132030
        http://trac.webkit.org/changeset/167713

2014-04-22  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Nested columns not working at all.
        https://bugs.webkit.org/show_bug.cgi?id=131805

        Reviewed by Dean Jackson.

        Add support for nested pagination contexts, allowing for an arbitrary level
        of nesting of multicolumn layouts. There were a number of things that had to
        be patched in order for this to work.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::regionAtBlockOffset):
        Make sure RenderMultiColumnFlowThreads just return null for regions at any
        block offset. Individual region sets will be created as you cross ancestor
        regions eventually, so this is just getting in the way.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::enclosingPaginationLayerInSubtree):
        Add a new helper method for obtaining an enclosingPaginationLayer when
        constrained by some root. This function ensures you don't accidentally
        cross your subtree root when looking for enclosing pagination layers.

        (WebCore::RenderLayer::collectFragments):
        Patch collectFragments to know how to recur to collect ancestor fragments
        in order to apply nested splitting as you cross pagination boundaries.

        (WebCore::RenderLayer::updatePaintingInfoForFragments):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayer.h:
        (WebCore::LayerFragment::LayerFragment):
        (WebCore::LayerFragment::setRects):
        (WebCore::LayerFragment::moveBy):
        (WebCore::LayerFragment::intersect):
        Improve the LayerFragment so that it caches transformed bounding boxes as
        well. This is needed to fix intersectsDamageRect so that it doesn't grab
        the wrong bounding box when checking inline layers that are paginated.

        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted):
        Ignore inserted flow threads inside an ancestor flow thread, since we only
        care about what the sets do.
        
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::insertedIntoTree):
        Make sure that nested flow thread layers return themselves when a child
        is inserted directly under them.

2014-04-22  Myles C. Maxfield  <mmaxfield@apple.com>

        [OS X] Make checking if a font is the system font more robust
        https://bugs.webkit.org/show_bug.cgi?id=132030

        Reviewed by Dean Jackson.

        Instead of inspecting a font's name to determine if it is a system font,
        on OS X we can ask the system directly.

        This patch also moves a platform-specific check into platform-specific
        code, so that other platforms don't check for OS X-specific behavior.

        Covered by existing tests.

        * platform/graphics/Font.cpp:
        (WebCore::Font::hasValidAverageCharWidth):
        * platform/graphics/Font.h:
        * platform/graphics/mac/FontMac.mm:
        (WebCore::Font::primaryFontDataIsSystemFont):

2014-04-23  Philippe Normand  <pnormand@igalia.com>

        [GTK] Focus management API was moved from HTMLDocument to Document in r166668
        https://bugs.webkit.org/show_bug.cgi?id=132060

        Reviewed by Carlos Garcia Campos.

        Deprecate the removed methods in WebKitDOMHTMLDocument to keep API compatibility.

        * bindings/gobject/WebKitDOMDeprecated.cpp:
        (webkit_dom_html_document_get_active_element):
        (webkit_dom_html_document_has_focus):
        * bindings/gobject/WebKitDOMDeprecated.h:
        * bindings/gobject/WebKitDOMDeprecated.symbols:
        * bindings/gobject/webkitdom.symbols:

2014-04-22  Andreas Kling  <akling@apple.com>

        [iOS WebKit1] MemoryPressureHandler::respondToMemoryPressure called on wrong thread.
        <https://webkit.org/b/132041>
        <rdar://problem/16687238>

        Always dispatch the memory pressure relief code on the main queue.
        This is really only needed for iOS/WK1, but we might as well share the code.

        Reviewed by Michael Saboff.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::install):

2014-04-23  Philippe Normand  <pnormand@igalia.com>

        [GTK] ShadowRoot API was removed in r164131
        https://bugs.webkit.org/show_bug.cgi?id=132059

        Reviewed by Gustavo Noronha Silva.

        Add ShadowRoot removed API to WebKitDOMDeprecated to keep API/ABI compatibility.

        * bindings/gobject/WebKitDOMDeprecated.cpp:
        (webkit_dom_shadow_root_class_init):
        (webkit_dom_shadow_root_init):
        (webkit_dom_shadow_root_element_from_point):
        (webkit_dom_shadow_root_get_active_element):
        (webkit_dom_shadow_root_get_apply_author_styles):
        (webkit_dom_shadow_root_get_element_by_id):
        (webkit_dom_shadow_root_get_elements_by_class_name):
        (webkit_dom_shadow_root_get_elements_by_tag_name):
        (webkit_dom_shadow_root_get_elements_by_tag_name_ns):
        (webkit_dom_shadow_root_get_inner_html):
        (webkit_dom_shadow_root_get_reset_style_inheritance):
        (webkit_dom_shadow_root_get_selection):
        (webkit_dom_shadow_root_set_apply_author_styles):
        (webkit_dom_shadow_root_set_inner_html):
        (webkit_dom_shadow_root_set_reset_style_inheritance):
        * bindings/gobject/WebKitDOMDeprecated.h:
        * bindings/gobject/WebKitDOMDeprecated.symbols:

2014-04-23  Morten Stenshorne  <mstensho@opera.com>

        [New Multicolumn] fast/multicol/overflow-content.html displays red
        https://bugs.webkit.org/show_bug.cgi?id=131809

        Reviewed by David Hyatt.

        Insert a break at end of content on our own in the multicol code, to make sure
        that overflow is accounted for, and also to make sure that we account for all
        content in non-final sets (i.e. those preceding spanners).

        In other words, this will additionally fix balancing issues in sets preceding
        a spanner. Added a test for that.

        Tests: fast/multicol/break-in-columns-before-spanner.html
               fast/multicol/newmulticol/compare-with-old-impl/overflow-content.html

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::regionInRange): Deleted.
        * rendering/RenderFlowThread.h:
        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::distributeImplicitBreaks):
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::applyBreakAfterContent):
        * rendering/RenderNamedFlowThread.h:

2014-04-23  Morten Stenshorne  <mstensho@opera.com>

        Overflow propagation broken in BTT and RTL writing-modes
        https://bugs.webkit.org/show_bug.cgi?id=113781

        Reviewed by David Hyatt.

        Overflow rectangles are not quite physical, not quite logical. This
        means that we cannot use clientBoxRect() directly to represent a
        rectangle that expresses exactly no overflow. This rectangle is the
        padding box (relative to the border box) in vertical-lr and
        horizontal-tb, but the block-direction borders need to be flipped in
        vertical-rl and horizontal-bt.

        Tests: fast/css/overflow-btt-border-after.html
               fast/css/overflow-rtl-border-after.html

        * WebCore.exp.in:
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::computeOverflow):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::addLayoutOverflow):
        (WebCore::RenderBox::addVisualOverflow):
        (WebCore::RenderBox::layoutOverflowRectForPropagation):
        * rendering/RenderBox.h:
        (WebCore::RenderBox::layoutOverflowRect):

2014-04-23  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] Improve the debugging infrastructure
        https://bugs.webkit.org/show_bug.cgi?id=132042

        Reviewed by Mihnea Ovidenie.

        This patch improves the debugging code for CSS Regions.

        Tests: No function change. No new tests.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::showRegionsInformation): Print brackets around the region range when dumping
        the render tree to the console.
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::containingRegion): Convert the ASSERT to an ASSERT_WITH_SECURITY_IMPLICATION.

2014-04-22  Ryosuke Niwa  <rniwa@webkit.org>

        Cursor doesn't change back to pointer when leaving the Safari window
        https://bugs.webkit.org/show_bug.cgi?id=132038

        Reviewed by Alexey Proskuryakov.

        r147739 incorrectly added an early exit in EventHandler::selectCursor when hit test result didn't have
        any node associated with it. Since we will hit this code when the cursor is outside of the WebView,
        we still need to take the CURSOR_AUTO path as did the code before r147739.

        No new test is added since this behavior can't be tested in DRT or WTR.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::selectCursor):

2014-04-22  Zalan Bujtas  <zalan@apple.com>

        Do not paint border image when the border rect is empty.
        https://bugs.webkit.org/show_bug.cgi?id=131988

        Reviewed by Darin Adler.

        http://trac.webkit.org/changeset/167351 introduced an early return when border
        rect is empty. This patch ensures that border image is not painted either in that case.

        Modified padding-margin-negative-border.html to cover border-image case.

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintBorder):

2014-04-22  Tim Horton  <timothy_horton@apple.com>

        ASSERTION FAILED: scrollerImp == scrollbarPainterForScrollbar(_scrollbar) on two API tests
        https://bugs.webkit.org/show_bug.cgi?id=132034
        <rdar://problem/16624332>

        Reviewed by Simon Fraser.

        * platform/mac/ScrollAnimatorMac.mm:
        (-[WebScrollbarPainterDelegate shouldUseLayerPerPartForScrollerImp:]):
        scrollerImpWithStyle:controlSize:horizontal:replacingScrollerImp: moves the delegate
        from the old scrollerImp to the new one, and also happens to call shouldUseLayerPerPartForScrollerImp.
        Since scrollerImpWithStyle: has not returned yet, the scrollbarPainterForScrollbar still returns the old scrollerImp,
        so this assertion fires. It's safe to remove this because supportsUpdateOnSecondaryThread doesn't make use of the imp.

2014-04-22  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION (r157328): popover to check into flight ba.com dismisses instantly when focusing form
        https://bugs.webkit.org/show_bug.cgi?id=131949

        Reviewed by Darin Adler.

        The regression was caused by two bugs:
        1. The event didn't stop propagating itself even when it should.
           If the related target is same as the event origin, the event propagation should stop when the event reaches
           the root of the related target's tree scope. Otherwise, it should stop when it reaches the related target.

        2. Mouse event's related target exposed nodes inside a user-agent shadow DOM when the related target appeared
           inside the origin.

        Fixed the bugs by re-introducing path shrinkage algorithm removed in r157328 into EventPath::setRelatedTarget
        and adding an algorithm to determine the least common ancestor of the related target and the current target
        in moveToParentOrShadowHost. The latter algorithm doesn't match the shadow DOM specification:
        http://www.w3.org/TR/2013/WD-shadow-dom-20130514/
        but it's good enough in terms of the Web exposed behavior as we don't support author defined insertion points.

        Test: fast/events/shadow-event-path.html

        * dom/EventDispatcher.cpp:
        (WebCore::EventRelatedNodeResolver::moveToParentOrShadowHost):
        (WebCore::EventRelatedNodeResolver::findHostOfTreeScopeInTargetTreeScope): Added.
        (WebCore::EventDispatcher::dispatchEvent):
        (WebCore::EventPath::setRelatedTarget):

2014-04-22  Ryosuke Niwa  <rniwa@webkit.org>

        Rollout r156635 since the old behavior was intentional.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::selectCursor):

2014-04-22  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167674.
        https://bugs.webkit.org/show_bug.cgi?id=132025

        Going a different way with this (Requested by bradee-oh on
        #webkit).

        Reverted changeset:

        "Change Image Controls replacement to use selection and paste"
        https://bugs.webkit.org/show_bug.cgi?id=131992
        http://trac.webkit.org/changeset/167674

2014-04-22  Brent Fulgham  <bfulgham@apple.com>

        [Win] Support Python 2.7 in Cygwin
        https://bugs.webkit.org/show_bug.cgi?id=132023

        Reviewed by Michael Saboff.

        * DerivedSources.make: Use proper path to Cygwin on
        all platforms.

2014-04-22  Andreas Kling  <akling@apple.com>

        REGRESSION (r151839): Subframe keeps getting mousemove events with the same coordinates after hiding a hovered element.
        <https://webkit.org/b/131974>
        <rdar://problem/15907469>

        When the currently hovered element disappears as a result of style recalc,
        we send a fake mousemove event to the page, to see if anything newly added
        should become hovered.

        The faking mechanism lives in EventHandler and simply synthesizes a new
        mousemove event using the last seen mouse location.

        The problem here is that we were sending this fake mousemove event to the
        subframe where the hovered element lived. Since subframes aren't kept up
        to date on recent mouse locations, this could cause some strange behavior
        where a subframe would dispatch mousemove events with stale coordinates.

        The solution is to always dispatch fake mousemove events from the main
        frame's event handler. This is how real event delivery happens, and hit
        testing will then find the appropriate subframe, if any.

        Reviewed by Benjamin Poulain.

        Test: fast/events/ghostly-mousemoves-in-subframe.html

        * dom/Document.cpp:
        (WebCore::Document::recalcStyle):

2014-04-22  Myles C. Maxfield  <mmaxfield@apple.com>

        [OS X] Glyph spacing for system fonts may be incorrect
        https://bugs.webkit.org/show_bug.cgi?id=131967

        Unreviewed iOS build fix after r167679.

        * platform/graphics/mac/SimpleFontDataMac.mm:

2014-04-22  Myles C. Maxfield  <mmaxfield@apple.com>

        [OS X] Glyph spacing for system fonts may be incorrect
        https://bugs.webkit.org/show_bug.cgi?id=131967

        Unreviewed build fix after r167679.

        * platform/graphics/mac/SimpleFontDataMac.mm:
        (WebCore::hasCustomTracking):

2014-04-21  Myles C. Maxfield  <mmaxfield@apple.com>

        [OS X] Glyph spacing for system fonts may be incorrect
        https://bugs.webkit.org/show_bug.cgi?id=131967

        Reviewed by Simon Fraser.

        Covered by existing tests.

        * platform/graphics/mac/SimpleFontDataMac.mm:
        (WebCore::SimpleFontData::platformWidthForGlyph): Update to use CTFontGetAdvancesForGlyphs() for system fonts
        (WebCore::hasCustomTracking):

2014-04-22  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] widows/orphans cause assertion failures.
        https://bugs.webkit.org/show_bug.cgi?id=131233

        Reviewed by Dean Jackson.

        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::recordSpaceShortage):
        Fix an obvious bug where the space shortage is recorded twice (and the
        if statement that kept it from being negative is accidentally ignored).

2014-04-22  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Make sure columnTranslationForOffset has the same column-span-aware
        translation that fragment collection does.
        https://bugs.webkit.org/show_bug.cgi?id=131738

        Reviewed by Anders Carlsson.

        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::collectLayerFragments):
        Remove a FIXME that is no longer needed, since the translation offset of the 
        column set did get patched.

        (WebCore::RenderMultiColumnSet::columnTranslationForOffset):
        Add the exact same fix to columnTranslationForOffset that was applied to collectLayerFragments.

2014-04-22  Mark Lam  <mark.lam@apple.com>

        WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript() needs to acquire the JSLock before calling into JS.
        <https://webkit.org/b/132021>

        Reviewed by Mark Hahnenberg.

        Covered by existing layout test.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):

2014-04-22  Manuel Rego Casasnovas  <rego@igalia.com>

        REGRESSION (r167652): Broke fast/regions/cssom/region-range-for-box-crash.html in debug mode
        https://bugs.webkit.org/show_bug.cgi?id=131982

        Reviewed by David Hyatt.

        The problem was creating the Range from the arguments received at RenderView::setSelection(). Specifically
        in this test endPos is 1 when the element has not children which creates an invalid Range.

        * rendering/RenderView.cpp:
        (WebCore::RenderView::splitSelectionBetweenSubtrees): Pass 0 as startPos and endPos to Range::create() as we are
        not interested in the positions at this point.

2014-04-22  Brady Eidson  <beidson@apple.com>

        Change Image Controls replacement to use selection and paste
        <rdar://problem/16302722> and https://bugs.webkit.org/show_bug.cgi?id=131992

        Reviewed by Tim Horton.

        * WebCore.exp.in: Remove deleted symbol.

        * html/shadow/mac/ImageControlsButtonElementMac.cpp:
        (WebCore::ImageControlsButtonElementMac::defaultEventHandler):

        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::showImageControlsMenu): Select the image element
          before showing the menu.
        (WebCore::ContextMenuController::replaceControlledImage): Deleted.
        * page/ContextMenuController.h:

2014-04-22  David Hyatt  <hyatt@apple.com>

        REGRESSION: Hitting asserts in new flow thread selection code.
        https://bugs.webkit.org/show_bug.cgi?id=132019

        Reviewed by Anders Carlsson.

        Null checking flowThreadController is not enough. The list of threads
        can be null even when the flowThreadController is not. That's why you
        use hasRenderNamedFlowThreads. I patched the two bad places in the code
        to use hasRenderNamedFlowThreads to stop the crashes.
        
        * rendering/RenderView.cpp:
        (WebCore::RenderView::selectionBounds):
        (WebCore::RenderView::repaintSelection):

2014-04-22  Brent Fulgham  <bfulgham@apple.com>

        Check (rather than assume) element is a RenderTableSection before using it
        https://bugs.webkit.org/show_bug.cgi?id=121858

        Reviewed by David Kilzer.

        Test: fast/table/table-insert-object-before-td-crash.html

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::addChild): Check that lastBox is a table section before
        using the node as if it was one.

2014-04-22  Alex Christensen  <achristensen@webkit.org>

        Begin implementation of video using Media Foundation.
        https://bugs.webkit.org/show_bug.cgi?id=131830

        Reviewed by Brent Fulgham.

        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        Added MediaPlayerPrivateMediaFoundation files.
        * platform/graphics/MediaPlayer.cpp:
        Include MediaPlayerPrivateMediaFoundation inside new USE(MEDIA_FOUNDATION) flag.
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp: Added.
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h: Added.

2014-04-22  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167658.
        https://bugs.webkit.org/show_bug.cgi?id=131993

        Caused many crashes on media tests (Requested by ap on
        #webkit).

        Reverted changeset:

        "[Mac] don't ask for AVAssetTrack properties before they are
        available"
        https://bugs.webkit.org/show_bug.cgi?id=131902
        http://trac.webkit.org/changeset/167658

2014-04-22  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] fast/multicol/multicol-with-child-renderLayer-for-input.html puts the textfield in the wrong place
        https://bugs.webkit.org/show_bug.cgi?id=131808

        Reviewed by Brady Eidson.
    
        Make sure FrameView is patched to pass in the update pagination flag when subtree layout
        is done on textfields. It had code for the old multicolumn system but did not have a check
        for the new multicolumn system.

        Added fast/multicol/newmulticol/compare-with-old-impl/multicol-with-child-renderLayer-for-input.html

        * page/FrameView.cpp:
        (WebCore::updateLayerPositionFlags):

2014-04-22  Zalan Bujtas  <zalan@apple.com>

        border-style: double rendered as solid when combined with border-radius
        https://bugs.webkit.org/show_bug.cgi?id=131927

        Reviewed by Simon Fraser.

        BorderEdge::getDoubleBorderStripeWidths() should return the calculated inner, outer border widths. 

        Test: fast/borders/hidpi-double-border-with-border-radius-always-produce-solid-line.html

        * rendering/BorderEdge.cpp:
        (WebCore::BorderEdge::getDoubleBorderStripeWidths):
        * rendering/BorderEdge.h:

2014-04-22  Eric Carlson  <eric.carlson@apple.com>

        [Mac] don't ask for AVAssetTrack properties before they are available
        https://bugs.webkit.org/show_bug.cgi?id=131902
        <rdar://problem/16505076>

        Reviewed by Jer Noble.

        No new tests, the behavior this changes can not be tested with a layout test.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC): Initialize
            m_cachedTotalBytes.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::beginLoadingMetadata): Don't report that
            metadata has been loaded until the track properties we need have been loaded too.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::totalBytes): Cache totalBytes instead
            of recalculating it every time.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksDidChange): Invalidate cached
            total bytes.
        (WebCore::assetTrackMetadataKeyNames): Array of AVAssetTrack properties we use.

2014-04-22  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>

        Buildfix after r167650 broke non-Cocoa builds
        https://bugs.webkit.org/show_bug.cgi?id=131980

        Reviewed by Mario Sanchez Prada.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleWheelEvent):

2014-04-22  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Regions] Selection highlight doesn't match DOM selection
        https://bugs.webkit.org/show_bug.cgi?id=131511

        Reviewed by David Hyatt.

        This patch implements a subtrees approach to fix selection interaction in CSS Regions.

        The idea is to divide the Render tree in subtrees. One subtree will be the RenderView (which is always present),
        then for each RenderNamedFlowThread (which are children of RenderView) we will have an extra subtree.

        For each subtree it determines the start and end positions according to the DOM tree. So, every subtree will
        always have a start and end position, and the selection algorithm will be able to reach the end from the start
        without problems (this allows us to remove the changes introduced in r155058).

        Then selection related methods in RenderView are adapted to ensure that they are called for each subtree. Making
        the selection highlight to match DOM selection as expected.

        Test: fast/regions/selection/selecting-text-including-region.html

        * CMakeLists.txt: Add new class SelectionSubtreeRoot to build file.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * rendering/RenderNamedFlowThread.h: Inherit from SelectionSubtreeRoot.
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::selectionRoot): New method to return the RenderNamedFlowThread if any or the RenderView
        otherwise.
        (WebCore::RenderObject::selectionStartEnd): If it's inside a RenderNamedFlowThread use specific method instead
        of the RenderView's one.
        * rendering/RenderObject.h: Add new method signature.
        * rendering/RenderView.cpp:
        (WebCore::RenderView::selectionBounds): Adapt method to subtrees approach.
        (WebCore::RenderView::subtreeSelectionBounds): Modify previous method in order to use SelectionSubtreeRoot
        objects.
        (WebCore::RenderView::repaintSelection): Adapt method to subtrees approach.
        (WebCore::RenderView::repaintSubtreeSelection): Modify previous method in order to use SelectionSubtreeRoot
        objects.
        (getNextOrPrevRenderObjectBasedOnDirection): Deleted method from r155058 as it is not needed anymore. Each
        subtree will have start and end positions, so the selection algorithm will always find the end.
        (WebCore::RenderView::setSelection): Adapt method to subtrees approach.
        (WebCore::RenderView::splitSelectionBetweenSubtrees): Determine start and end positions for each subtree and
        call setSubtreeSelection().
        (WebCore::RenderView::setSubtreeSelection): Modify previous method in order to use SelectionSubtreeRoot objects.
        * rendering/RenderView.h: Inherit from SelectionSubtreeRoot. Add signature for new helper methods receiving
        SelectionSubtreeRoot objects.
        * rendering/SelectionSubtreeRoot.cpp: Added.
        (WebCore::SelectionSubtreeRoot::SelectionSubtreeRoot):
        (WebCore::SelectionSubtreeRoot::selectionStartEndPositions):
        * rendering/SelectionSubtreeRoot.h: Added. New class to identify root elements for the subtrees. With some basic
        attributes and methods to store the start and end positions and offsets.
        (WebCore::SelectionSubtreeRoot::selectionStart):
        (WebCore::SelectionSubtreeRoot::selectionStartPos):
        (WebCore::SelectionSubtreeRoot::selectionEnd):
        (WebCore::SelectionSubtreeRoot::selectionEndPos):
        (WebCore::SelectionSubtreeRoot::setSelectionStart):
        (WebCore::SelectionSubtreeRoot::setSelectionStartPos):
        (WebCore::SelectionSubtreeRoot::setSelectionEnd):
        (WebCore::SelectionSubtreeRoot::setSelectionEndPos):

2014-04-21  Brent Fulgham  <bfulgham@apple.com>

        [Mac] Follow-up: After a horizontal overflow scroll with a mechanical wheel mouse, vertical scrolling no longer works
        https://bugs.webkit.org/show_bug.cgi?id=131960
        <rdar://problem/16142100>

        Unreviewed build fix.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleWheelEvent): The test to clear the
        last scrolled node was too broad. It should only follow this path
        if both the phase and momentum phase are 'None'.

2014-04-21  Brent Fulgham  <bfulgham@apple.com>

        [Mac] After a horizontal overflow scroll with a mechanical wheel mouse, vertical scrolling no longer works
        https://bugs.webkit.org/show_bug.cgi?id=131960
        <rdar://problem/16142100>

        Reviewed by Darin Adler.

        Test: platform/mac/fast/scrolling/scroll-div-no-latching.html

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleWheelEvent): When not latching, always clear m_latchedWheelEventElement and m_previousWheelScrolledElement.

2014-04-21  Joseph Pecoraro  <pecoraro@apple.com>

        WebProfilerAgent::disable is calling the wrong superclass method
        https://bugs.webkit.org/show_bug.cgi?id=131968

        Reviewed by Simon Fraser.

        * inspector/WebProfilerAgent.cpp:
        (WebCore::WebProfilerAgent::disable):

2014-04-21  Enrica Casucci  <enrica@apple.com>

        Followup from http://trac.webkit.org/changeset/167624

        Reviewed by Darin Adler.

        Fixing incorrect use of ? : syntax.

        * editing/VisibleUnits.cpp:
        (WebCore::characterBeforePosition):

2014-04-21  Ryuan Choi  <ryuan.choi@samsung.com>

        Move CoordinatedGraphics related codes out of CMakeLists.txt
        https://bugs.webkit.org/show_bug.cgi?id=131931

        Reviewed by Gyuyoung Kim.

        Move CoordinatedGraphics related files to PlatformEfl.cmake because they are not common files.

        * CMakeLists.txt: 
        * PlatformEfl.cmake:

2014-04-21  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] AVSampleBufferDisplayLayer and AudioRenderer is overretained.
        https://bugs.webkit.org/show_bug.cgi?id=131963

        Reviewed by Jon Honeycutt.

        Adopt the results of -[[class alloc] init] rather than retaining them.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::hasVideo):
        (WebCore::SourceBufferPrivateAVFObjC::trackDidChangeEnabled):

2014-04-21  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r166784): Gradient at background of iCloud login page doesn’t go all the way to the bottom
        https://bugs.webkit.org/show_bug.cgi?id=131924

        Computing tile dimension for contain/cover requires higher precision than what LayoutUnit has. Switching to floats.

        Reviewed by Simon Fraser.

        Test: fast/backgrounds/hidpi-background-image-contain-cover-scale-needs-more-precision.html

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::calculateFillTileSize):

2014-04-21  Dean Jackson  <dino@apple.com>

        Build fix for Mountain Lion.

        * platform/mac/SerializedPlatformRepresentationMac.mm:
        (WebCore::SerializedPlatformRepresentationMac::deserialize):

2014-04-21  Dan Bernstein  <mitz@apple.com>

        WebCore part of <rdar://problem/16631323> Page::setDefersLoading doesn’t do anything when using the Network process
        https://bugs.webkit.org/show_bug.cgi?id=131939

        Reviewed by David Kilzer.

        * WebCore.exp.in: Exported WebCore::ResourceHandle::setDefersLoading.

        * loader/ResourceLoadScheduler.cpp:
        (WebCore::ResourceLoadScheduler::setDefersLoading): Added a no-op implementation.
        * loader/ResourceLoadScheduler.h: Declared new virtual member function setDefersLoading.

        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::setDefersLoading): Added a call to the above function.

2014-04-21  Brent Fulgham  <bfulgham@apple.com>

        [Mac] Difficulty gesture scrolling vertically with trackpad after scrolling horizontally 
        https://bugs.webkit.org/show_bug.cgi?id=131959
        <rdar://problem/16654523>

        Reviewed by Simon Fraser.

        * page/mac/EventHandlerMac.mm:
        (WebCore::deltaIsPredominantlyVertical): Added.
        (WebCore::scrolledToEdgeInDominantDirection): Only consider current mouse wheel event. We don't care about
        overall history when deciding if we are bumping against the edge of a scrollable region. Short-circuit if
        the element style indicates that overflow is hidden, since this means there is no scroll possible in that
        direction.
        (WebCore::EventHandler::platformPrepareForWheelEvents): Update for new signature.

2014-04-21  Eric Carlson  <eric.carlson@apple.com>

        [Mac] implement WebKitDataCue
        https://bugs.webkit.org/show_bug.cgi?id=131799

        Reviewed by Dean Jackson.

        Tests: http/tests/media/track-in-band-hls-metadata.html
               media/track/track-datacue-value.html

        * Configurations/FeatureDefines.xcconfig: Define ENABLE_DATACUE_VALUE.
        * DerivedSources.make: Add ENABLE_DATACUE_VALUE to HTML_FLAGS when appropriate.

        * CMakeLists.txt: Add JSDataCueCustom.cpp.
        * bindings/js/JSBindingsAllInOne.cpp:
        * WebCore.xcodeproj/project.pbxproj: Add new files.

        * bindings/js/JSDataCueCustom.cpp: Added.
        (WebCore::JSDataCue::value): 
        (WebCore::JSDataCue::setValue):
        (WebCore::JSDataCueConstructor::constructJSDataCue): Custom constructor.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::updateActiveTextTrackCues): Drive-by fixes: don't schedule timeupdate
            events when paused, don't call sort on an Vector that can't be sorted.

        * html/track/DataCue.cpp:
        (WebCore::DataCue::DataCue): Initialize m_type.
        (WebCore::DataCue::~DataCue): Unprotect the JSValue if necessary.
        (WebCore::DataCue::data): Ask the platform value for data if non-null.
        (WebCore::DataCue::setData): Clear m_platformValue and m_value.
        (WebCore::DataCue::isEqual): New.
        (WebCore::DataCue::value): Return a JSValue from the platform value, or the value passed
            to the constructor/set by script.
        (WebCore::DataCue::setValue): Set m_value.
        * html/track/DataCue.h:
        * html/track/DataCue.idl:

        * html/track/InbandDataTextTrack.cpp:
        (WebCore::InbandDataTextTrack::addDataCue): Don't add the same cue more than once.
        (WebCore::InbandDataTextTrack::updateDataCue): Update a cue's duration.
        (WebCore::InbandDataTextTrack::removeDataCue): Remove an incomplete cue.
        (WebCore::InbandDataTextTrack::removeCue): Remove a cue from the incomplete cue map if necessary.
        * html/track/InbandDataTextTrack.h:

        * html/track/InbandGenericTextTrack.cpp:
        (WebCore::InbandGenericTextTrack::addGenericCue): CueMatchRules is now in TextTrackCue instead
            of VTTCue.
        * html/track/InbandTextTrack.h:

        * html/track/InbandWebVTTTextTrack.cpp:
        (WebCore::InbandWebVTTTextTrack::newCuesParsed): Ditto.

        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::hasCue): Ditto.
        * html/track/TextTrack.h:

        * html/track/TextTrackCue.cpp:
        (WebCore::TextTrackCue::isEqual): New, test base class equality.
        * html/track/TextTrackCue.h:

        * html/track/TextTrackCueGeneric.cpp:
        (WebCore::TextTrackCueGeneric::isEqual): Call TextTrackCue::isEqual first.
        * html/track/TextTrackCueGeneric.h:

        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::isEqual): Call TextTrackCue::isEqual first.
        * html/track/VTTCue.h:

        * platform/SerializedPlatformRepresentation.h: Added.
        (WebCore::SerializedPlatformRepresentation::~SerializedPlatformRepresentation):
        (WebCore::SerializedPlatformRepresentation::SerializedPlatformRepresentation):

        * platform/graphics/InbandTextTrackPrivateClient.h: Add methods for DataCue with SerializedPlatformRepresentation.

        * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.cpp: Added.
        (WebCore::InbandMetadataTextTrackPrivateAVF::create):
        (WebCore::InbandMetadataTextTrackPrivateAVF::InbandMetadataTextTrackPrivateAVF):
        (WebCore::InbandMetadataTextTrackPrivateAVF::~InbandMetadataTextTrackPrivateAVF):
        (WebCore::InbandMetadataTextTrackPrivateAVF::addDataCue):
        (WebCore::InbandMetadataTextTrackPrivateAVF::updatePendingCueEndTimes):
        (WebCore::InbandMetadataTextTrackPrivateAVF::flushPartialCues):
        * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.h: Added.

        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::seekWithTolerance): currentTrack -> currentTextTrack.
        (WebCore::MediaPlayerPrivateAVFoundation::seekCompleted): Ditto.
        (WebCore::MediaPlayerPrivateAVFoundation::configureInbandTracks): Ditto.
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
        (WebCore::MediaPlayerPrivateAVFoundation::setCurrentTextTrack):
        (WebCore::MediaPlayerPrivateAVFoundation::setCurrentTrack): Deleted.

        Renamed currentTrack and setCurrentTrack to currentTextTrack and setCurrentTextTrack.
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::AVFWrapper::currentTextTrack):
        (WebCore::MediaPlayerPrivateAVFoundationCF::setCurrentTextTrack):
        (WebCore::MediaPlayerPrivateAVFoundationCF::currentTextTrack):
        (WebCore::AVFWrapper::setCurrentTextTrack):
        (WebCore::AVFWrapper::AVFWrapper):
        (WebCore::AVFWrapper::processCue):
        (WebCore::AVFWrapper::currentTrack): Deleted.
        (WebCore::MediaPlayerPrivateAVFoundationCF::setCurrentTrack): Deleted.
        (WebCore::MediaPlayerPrivateAVFoundationCF::currentTrack): Deleted.
        (WebCore::AVFWrapper::setCurrentTrack): Deleted.
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h:

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::seekToTime): currentTrack -> currentTextTrack
        (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged): currentTrack -> currentTextTrack.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::processMetadataTrack): New.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::processCue): m_currentTrack -> m_currentTextTrack.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::flushCues): Ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setCurrentTextTrack): Renamed from setCurrentTextTrack.
        (WebCore::metadataType): Map an AVFoundation metadata key space to a metadata cue type.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::metadataDidArrive): Process new metadata.
        (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setCurrentTrack): Deleted.

        Create a JSValue representation from an AVMetadataItem.
        * platform/mac/SerializedPlatformRepresentationMac.h: Added.
        (WebCore::SerializedPlatformRepresentationMac::platformType):
        (WebCore::SerializedPlatformRepresentationMac::nativeValue):
        * platform/mac/SerializedPlatformRepresentationMac.mm: Added.
        (WebCore::SerializedPlatformRepresentationMac::SerializedPlatformRepresentationMac):
        (WebCore::SerializedPlatformRepresentationMac::~SerializedPlatformRepresentationMac):
        (WebCore::SerializedPlatformRepresentationMac::create):
        (WebCore::SerializedPlatformRepresentationMac::data):
        (WebCore::SerializedPlatformRepresentationMac::deserialize):
        (WebCore::SerializedPlatformRepresentationMac::isEqual):
        (WebCore::toSerializedPlatformRepresentationMac):
        (WebCore::jsValueWithValueInContext):
        (WebCore::jsValueWithDataInContext):
        (WebCore::jsValueWithArrayInContext):
        (WebCore::jsValueWithDictionaryInContext):
        (WebCore::jsValueWithAVMetadataItemInContext):

2014-04-21  Benjamin Poulain  <benjamin@webkit.org>

        Add Element.matches, the standard name for webkitMatchesSelector
        https://bugs.webkit.org/show_bug.cgi?id=131922

        Reviewed by Andreas Kling.

        This patch just renames webkitMatchesSelector() to matches().

        * bindings/scripts/CodeGeneratorObjC.pm:
        (GenerateImplementation):
        The Objective-C binding generator only supported ImplementedAs for getters and setters.
        This adds support for the option so that Element.matches can be generated for Obj-C.

        * dom/Element.cpp:
        (WebCore::Element::matches):
        (WebCore::Element::webkitMatchesSelector): Deleted.
        * dom/Element.h:
        * dom/Element.idl:
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::buildArrayForMatchedRuleList):

2014-04-21  Beth Dakin  <bdakin@apple.com>

        topContentInset does not play well with fullscreen elements
        https://bugs.webkit.org/show_bug.cgi?id=131955
        -and corresponding-
        <rdar://problem/16651925>

        Reviewed by Sam Weinig.

        Calling setNeedsLayout() is not sufficient when the topContentInset has changed 
        dynamically. We need to perform the layout right away and update the scrollbars. 
        This works completely when the inset changes due to entering/exiting fullscreen, 
        but I left a FIXME behind because it is possible to change the inset dynamically 
        just through the WK2 API and end up in a situation where everything looks right 
        except for the scrollbars. 
        * page/FrameView.cpp:
        (WebCore::FrameView::topContentInsetDidChange):
        * page/FrameView.h:
        * page/Page.cpp:
        (WebCore::Page::setTopContentInset):

2014-04-18  Jon Honeycutt  <jhoneycutt@apple.com>

        Empty RenderInline objects should not be line break objects.

        https://bugs.webkit.org/show_bug.cgi?id=131861
        <rdar://problem/15663617>

        Reviewed by David Hyatt.

        * rendering/line/BreakingContextInlineHeaders.h:
        (WebCore::BreakingContext::canBreakAtThisPosition):
        Don't break at this position if this is an empty RenderInline.

2014-04-21  Enrica Casucci  <enrica@apple.com>

        [iOS WebKit2] support replacements for misspelled words.
        https://bugs.webkit.org/show_bug.cgi?id=131827
        <rdar://problem/16319657>

        Reviewed by Darin Adler.

        Adds utility function to return the character before the current selection
        and converts the nbsp to the space character.

        * WebCore.exp.in:
        * editing/VisibleUnits.cpp:
        (WebCore::characterBeforePosition):
        * editing/VisibleUnits.h:

2014-04-21  Eric Carlson  <eric.carlson@apple.com>

        [iOS] enable plug-in replacement
        https://bugs.webkit.org/show_bug.cgi?id=131947

        Reviewed by Jer Noble.

        * bindings/generic/RuntimeEnabledFeatures.cpp:
        (WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures): initialize m_isPluginReplacementEnabled
            to true on iOS.

2014-04-21  Rik Cabanier  <cabanier@adobe.com>

        [CSS Blending] Remove support for non-separable blend modes from mix-blend-mode
        https://bugs.webkit.org/show_bug.cgi?id=131824

        Reviewed by Dean Jackson.

        Removed support for non-separable blend modes from the CSS parser.

        Covered by existing tests

        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        * platform/graphics/ca/mac/PlatformCAFiltersMac.mm:
        (PlatformCAFilters::setBlendingFiltersOnLayer):

2014-04-21  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Column set drawing under horizontal scrollbar.
        https://bugs.webkit.org/show_bug.cgi?id=131812.

        Reviewed by Sam Weinig.

        Added fast/multicol/newmulticol/compare-with-old-impl/LeftToRight-tb.html.

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::layoutBlock):
        (WebCore::RenderBlockFlow::checkForPaginationLogicalHeightChange):
        * rendering/RenderBlockFlow.h:
        Pass in relayoutChildren as a reference boolean to checkForPaginationLogicalHeightChange.
        The new columns need to be able to set it to true if the amount of available column
        height ever changes, so that the RenderFlowThread and the sets get a layout call.

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::setColumnStylesFromPaginationMode):
        Make sure that the pagination mode is set up with an auto column-fill specified. You
        don't ever want to balance when you set a pagination mode on the RenderView.

2014-04-21  Tim Horton  <timothy_horton@apple.com>

        [iOS WebKit2] Implement CSS viewport units
        https://bugs.webkit.org/show_bug.cgi?id=131863
        <rdar://problem/16279088>

        Reviewed by Darin Adler.

        * WebCore.exp.in:
        * page/FrameView.cpp:
        (WebCore::FrameView::setViewportSize):
        * page/FrameView.h:
        (WebCore::FrameView::viewportSize):
        Add setViewportSize() and viewportSize().
        If the viewport size changes, we have to do style recalc.
        If we have an overridden viewport size, use it.

        * rendering/RenderView.cpp:
        (WebCore::RenderView::viewportSize):
        * rendering/RenderView.h:
        Get the size from FrameView.

2014-04-21  Joseph Pecoraro  <pecoraro@apple.com>

        Remove unused WebKitSystemInterface functions
        https://bugs.webkit.org/show_bug.cgi?id=131938

        Reviewed by Alexey Proskuryakov.

        * WebCore.exp.in:
        * platform/ios/WebCoreSystemInterfaceIOS.mm:
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:

2014-04-21  Andreas Kling  <akling@apple.com>

        Move the JSString cache from DOMWrapperWorld to VM.
        <https://webkit.org/b/131940>

        Since there's no need for JSStrings to be world-specific, this patch
        moves the string cache to JSC::VM. This makes jsStringWithCache()
        a lot faster since it no longer has to jump through twenty-eleven
        hoops to find the DOMWrapperWorld.

        Reviewed by Geoff Garen.

        * bindings/js/DOMWrapperWorld.cpp:
        (WebCore::DOMWrapperWorld::clearWrappers):
        * bindings/js/DOMWrapperWorld.h:
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::jsStringWithCache):

2014-04-21  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Column balancing is slow on float-multicol.html
        https://bugs.webkit.org/show_bug.cgi?id=131801

        Reviewed by Enrica Casucci.

        Added fast/multicol/tall-float.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::expandsToEncloseOverhangingFloats):
        Make RenderFlowThreads expand to encompass floats. Also from Morten's patch for
        Blink (#361551).

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::computeOverflow):
        Fix a bug where the new multi-column code was adding in overflow for floats
        when it should not. This was resulting in the creation of scrollbars when none
        should exist. This is my own addition.

        (WebCore::RenderBlockFlow::addOverhangingFloats):
        Make RenderFlowThreads and RenderRegions ignore overhanging float additions. This
        comes from Morten's patch for Blink (#361551).

2014-04-21  Darin Adler  <darin@apple.com>

        REGRESSION (r160908): Safari doesn't draw rotated images properly first time
        https://bugs.webkit.org/show_bug.cgi?id=131930

        Reviewed by Anders Carlsson.

        With render tree creation sufficiently lazy, we had to put some explicit
        calls to updateStyleIfNeeded into the ImageDocument class.

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::createDocument): Pass a Frame&.

        * html/ImageDocument.cpp:
        (WebCore::ImageDocument::imageSize): Added this helper function. This updates
        style so we can use the renderer to compute an image size taking things like
        orientation into account, and also passes in the zoom factor.
        (WebCore::ImageDocument::updateDuringParsing): Moved the body of the
        ImageDocumentParser::appendBytes function into this function. Since it's a
        member of ImageDocument, it has better access to appropriate private members,
        and we don't have to expose as many functions to the public. Also changed to
        not use the frame so much. Also merged in the code that creates the document
        instead of having it be a side effect in the cachedImage helper function; all
        the other call sites were checking for null before calling cachedImage.
        (WebCore::ImageDocument::finishedParsing): Moved the body of the
        ImageDocumentParser::finish function here. Added a call to updateStyleIfNeeded
        before using the renderer to get the image size.
        (WebCore::ImageDocumentParser::document): Made this return a reference. It's
        just a convenience function used in the two functions below.
        (WebCore::ImageDocumentParser::appendBytes): Just call updateDuringParsing.
        (WebCore::ImageDocumentParser::finish): Just call finishedParsing.
        (WebCore::ImageDocument::ImageDocument): Take a reference for the argument,
        use nullptr, and also initialize m_shouldShrinkImage directly instead of using
        a shouldShrinkToFit() helper function to do it.
        (WebCore::ImageDocument::createDocumentStructure): Removed unneeded check of
        null for the frame, since the caller does it. Removed some unneeded
        IGNORE_EXCEPTON and a stray semicolon. Use m_shouldShrinkImage instead of
        calling shouldShrinkToFit since at this early point they will be identical.
        (WebCore::ImageDocument::scale): Make non-const so we can call the new
        imageSize helper. Use Document::view instead of Frame::view. Improved the
        conversion to floating point so it doesn't involve a static_cast and an extra
        conversion from int to LayoutUnit.
        (WebCore::ImageDocument::resizeImageToFit): Ditto.
        (WebCore::ImageDocument::imageClicked): Ditto.
        (WebCore::ImageDocument::imageUpdated): Ditto. Also use m_shouldShrinkImage
        ibnstead of shouldShrinkToFit.
        (WebCore::ImageDocument::restoreImageSize): Ditto.
        (WebCore::ImageDocument::imageFitsInWindow): Ditto.
        (WebCore::ImageDocument::windowSizeChanged): Ditto.
        (WebCore::ImageDocument::cachedImage): Deleted. Moved logic into updateDuringParsing.
        (WebCore::ImageDocument::shouldShrinkToFit): Deleted. Moved logic into constructor.
        (WebCore::ImageEventListener::handleEvent): Updated for changes above.
        (WebCore::ImageEventListener::operator==): Simplified. No reason this has to check
        whether both listeners are in the same document.
        (WebCore::ImageDocumentElement::didMoveToNewDocument): Use nullptr.

        * html/ImageDocument.h: Deleted some unused things, updated for changes above,
        and made some memer functions private.

        * loader/FrameLoaderClient.h: Deleted the allowScriptFromSource, allowPlugins,
        allowImage, and allowDisplayingInsecureContent functions. These were only used in
        Chromium and are now unneeded complexity. We could bring them back if anyone wants them.

        * loader/MixedContentChecker.cpp:
        (WebCore::MixedContentChecker::canDisplayInsecureContent): Removed call to
        allowDisplayingInsecureContent, just use the setting directly.
        (WebCore::MixedContentChecker::canRunInsecureContent): Removed call to
        allowRunningInsecureContent, just use the setting directly.

        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::allowPlugins): Removed call to allowPlugins, just
        use the arePluginsEnabled setting directly.

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::canRequest): Removed call to allowScriptFromSource, just
        use the isScriptEnabled setting directly.
        (WebCore::CachedResourceLoader::clientDefersImage): Removed call to allowImage.

2014-04-21  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Pagination mode messed up with non-inline axis and reversed direction.
        https://bugs.webkit.org/show_bug.cgi?id=131811

        Reviewed by Dean Jackson.

        Added fast/multicol/newmulticol/compare-with-old-impl/BottomToTop-tb.html
        
        With block axis pagination mode, it is possible to set a column height that is not the same
        as the available fill height for a block. The new multi-column code had the assumption that
        the column height was the same as the amount of fill room you had available. This is not
        the case.
        
        To correct the issue, I added a member variable to RenderMultiColumnSet that stores the
        available column height as a separate variable from the computed column height. This allows
        the pagination API to specify a different column height that is not the same as the view's
        content height.

        Even though it isn't involved in the solution, I also patched pageOrViewLogicalHeight on
        RenderView to work with the new column code as well.

        To address the layout test failures (that caused the previous rollout), I made sure to
        initialize m_availableHeight to 0 when m_computedColumnHeight also gets reset to 0.
        
        The assertion is not something I could reproduce on any machine, but I can see the problem.
        I patched Page's pageCount method to not have column code directly in Page.cpp, 
        and to make a new pageCount() method on RenderView that Page calls
        into. This method is now patched to handle the new column code as well as the old. I have
        no real way of testing this method though, since I can't reproduce the assertion that the
        bots were experiencing.

        * page/Page.cpp:
        (WebCore::Page::pageCount):
        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::RenderMultiColumnSet):
        (WebCore::RenderMultiColumnSet::setAndConstrainColumnHeight):
        (WebCore::RenderMultiColumnSet::prepareForLayout):
        (WebCore::RenderMultiColumnSet::computeLogicalHeight):
        * rendering/RenderMultiColumnSet.h:
        * rendering/RenderView.cpp:
        (WebCore::RenderView::pageOrViewLogicalHeight):
        (WebCore::RenderView::pageCount):
        * rendering/RenderView.h:

2014-04-18  Dean Jackson  <dino@apple.com>

        [Media] Clean up localized strings in controls
        https://bugs.webkit.org/show_bug.cgi?id=131857
        <rdar://problem/16663005>

        Reviewed by Eric Carlson.

        There is no need for separate localization files
        on OS X and iOS. Move the small number of iOS-specific
        localizations into a shared file.

        We also don't need a function to return a static table.
        Ultimately I think we want a top-level WebKit object that
        hold the table, but for now use a global variable
        called UIStringTable. Since we're in an isolated world, we
        won't clash with anything.

        I noticed a few cases were we grab a localized string and
        then instantly run a replacement on it. This should be
        supported directly in the UIString() accessor.

        * English.lproj/mediaControlsLocalizedStrings.js: Add iOS strings. Just
        use a static table.
        (mediaControlsLocalizedStrings): Deleted.
        * English.lproj/mediaControlsLocalizedStringsiOS.js: Removed.
        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.extend): Fix braces.
        (Controller.prototype.UIString): Use the string table, and allow replacement.
        (Controller.prototype.createControls): Use new UIString replacement.
        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.updateWirelessPlaybackStatus): Use new UIString.
        (ControllerIOS.prototype.UIString): Deleted. Use the parent class version.
        * WebCore.xcodeproj/project.pbxproj: Remove file from Resources.
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::mediaControlsScript): No need to include the iOS
        specific localization file.

2014-04-21  Brent Fulgham  <bfulgham@apple.com>

        [Win] Unreviewed build fix.

        * inspector/TimelineRecordFactory.cpp: Add missing include.

2014-04-21  Zan Dobersek  <zdobersek@igalia.com>

        Move cross-port Source/WebCore/page/ code to std::unique_ptr
        https://bugs.webkit.org/show_bug.cgi?id=130534

        Reviewed by Darin Adler.

        Replace uses of OwnPtr and PassOwnPtr in cross-port code under Source/WebCore/page/ with
        std::unique_ptr. Unnecessary OwnPtr.h and PassOwnPtr.h header inclusions are removed as well.

        * dom/Document.cpp:
        (WebCore::Document::initSecurityContext):
        * dom/SecurityContext.cpp:
        (WebCore::SecurityContext::setContentSecurityPolicy):
        * dom/SecurityContext.h:
        * page/CaptionUserPreferences.h:
        * page/ContentSecurityPolicy.cpp:
        (WebCore::CSPDirectiveList::create):
        (WebCore::CSPDirectiveList::checkEvalAndReportViolation):
        (WebCore::CSPDirectiveList::checkInlineAndReportViolation):
        (WebCore::CSPDirectiveList::checkSourceAndReportViolation):
        (WebCore::CSPDirectiveList::setCSPDirective):
        (WebCore::ContentSecurityPolicy::didReceiveHeader):
        * page/ContentSecurityPolicy.h:
        * page/DOMSecurityPolicy.h:
        * page/DOMWindow.cpp:
        (WebCore::PostMessageTimer::fired):
        (WebCore::DOMWindow::postMessageTimerFired):
        * page/DOMWindow.h:
        * page/EventHandler.cpp:
        (WebCore::EventHandler::EventHandler):
        * page/EventHandler.h:
        * page/Frame.cpp:
        (WebCore::Frame::Frame):
        (WebCore::createRegExpForLabels):
        (WebCore::Frame::searchForLabelsAboveCell):
        (WebCore::Frame::searchForLabelsBeforeElement):
        (WebCore::matchLabelsAgainstString):
        (WebCore::Frame::setTiledBackingStoreEnabled):
        * page/Frame.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::addEmbeddedObjectToUpdate):
        (WebCore::FrameView::addSlowRepaintObject):
        (WebCore::FrameView::addViewportConstrainedObject):
        (WebCore::FrameView::addScrollableArea):
        * page/FrameView.h:
        * page/Page.cpp:
        (WebCore::Page::Page):
        * page/Page.h:
        * page/PageConsole.h:
        * page/PageThrottler.h:
        * page/SecurityPolicy.cpp:
        (WebCore::SecurityPolicy::addOriginAccessWhitelistEntry):
        * page/animation/AnimationController.h:
        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::PropertyWrapperVisitedAffectedColor::PropertyWrapperVisitedAffectedColor):
        (WebCore::CSSPropertyAnimationWrapperMap::instance):
        (WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):
        * page/mac/PageMac.cpp:
        (WebCore::Page::addSchedulePair):
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::applyContentSecurityPolicyFromString):

2014-04-21  Darin Adler  <darin@apple.com>

        Add HashSet::takeAny
        https://bugs.webkit.org/show_bug.cgi?id=131928

        Reviewed by Benjamin Poulain.

        * dom/Document.cpp:
        (WebCore::Document::takeAnyMediaCanStartListener): Use HashSet::takeAny.
        * dom/ScriptExecutionContext.cpp:
        (WebCore::takeAny): Deleted.
        (WebCore::ScriptExecutionContext::~ScriptExecutionContext): Use HashSet::takeAny.

2014-04-21  Zan Dobersek  <zdobersek@igalia.com>

        iOS and non-iOS RemoteCommandListener::create() functions should use std::make_unique<>()
        https://bugs.webkit.org/show_bug.cgi?id=131916

        Reviewed by Darin Adler.

        A follow-up to r167197. Make RemoteCommandListener ctor public and use std::make_unique<>()
        in both versions of RemoteCommandListener::create() functions (iOS and non-iOS).

        * platform/RemoteCommandListener.cpp:
        (WebCore::RemoteCommandListener::create):
        * platform/RemoteCommandListener.h:
        (WebCore::RemoteCommandListener::RemoteCommandListener):
        * platform/ios/RemoteCommandListenerIOS.mm:
        (WebCore::RemoteCommandListener::create):

2014-04-21  Andreas Kling  <akling@apple.com>

        Micro-optimize the way we hand NodeLists to JSC.
        <https://webkit.org/b/131932>

        Use HashMap::fastAdd() when returning cached node lists and collections.
        10.9% progression on Bindings/get-elements-by-tag-name.html

        Reviewed by Antti Koivisto.

        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::addCacheWithAtomicName):
        (WebCore::NodeListsNodeData::addCacheWithName):
        (WebCore::NodeListsNodeData::addCacheWithQualifiedName):
        (WebCore::NodeListsNodeData::addCachedCollection):

2014-04-21  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167584.
        https://bugs.webkit.org/show_bug.cgi?id=131929

        Broke Objective-C bindings test (Requested by ap on #webkit).

        Reverted changeset:

        "Add Element.matches, the standard name for
        webkitMatchesSelector"
        https://bugs.webkit.org/show_bug.cgi?id=131922
        http://trac.webkit.org/changeset/167584

2014-04-20  Benjamin Poulain  <benjamin@webkit.org>

        Compile the :root pseudo class and fix a related issue with :nth-child()
        https://bugs.webkit.org/show_bug.cgi?id=131926

        Reviewed by Andreas Kling.

        Add the :root pseudo class. This is another trivial selector, we just need to compare
        the element pointer with the documentElement.

        I discovered some issues with :nth-child(n) through the layout tests for ":root".
        When the pseudo class nth-child could match anything, no code was generated. That decision
        was taken when generating the fragments.

        The specification of :nth-child() has two tests: the parent test and the counter test.
        Since some fragments would not generate any code for :nth-child(n), they would succeed on the root,
        which is incorrect since the root should fail the parent test.

        This was fixed by moving the filtering of non-counting :nth-child() after we generate the parent
        check.
        We still don't generate any counter test unless required.

        Test: fast/selectors/nth-child-on-root.html

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoClassType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsRoot):
        * dom/Document.h:
        (WebCore::Document::documentElementMemoryOffset):

2014-04-20  Benjamin Poulain  <benjamin@webkit.org>

        Add Element.matches, the standard name for webkitMatchesSelector
        https://bugs.webkit.org/show_bug.cgi?id=131922

        Reviewed by Andreas Kling.

        This patch just renames webkitMatchesSelector() to matches().

        * bindings/scripts/CodeGeneratorObjC.pm:
        (GenerateImplementation):
        The Objective-C binding generator only supported ImplementedAs for getters and setters.
        This adds support for the option so that Element.matches can be generated for Obj-C.

        * dom/Element.cpp:
        (WebCore::Element::matches):
        (WebCore::Element::webkitMatchesSelector): Deleted.
        * dom/Element.h:
        * dom/Element.idl:
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::buildArrayForMatchedRuleList):

2014-04-20  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: RenderLayer's size is set using enclosingRect() which can result in cruft.
        https://bugs.webkit.org/show_bug.cgi?id=131468

        Reviewed by Darin Adler.

        Layers marked opaque may not paint edge pixels, when RenderLayer bounds are non-integral and
        get device pixel snapped.
        For details see this: https://trac.webkit.org/r159463

        Test: compositing/hidpi-non-simple-compositing-layer-with-fractional-size-and-background.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):

2014-04-19  Darin Adler  <darin@apple.com>

        Simple layout can get confused by coordinate overflow
        https://bugs.webkit.org/show_bug.cgi?id=131890
        rdar://problem/15558510

        Reviewed by Andreas Kling.

        Test: fast/css/simple-layout-overflow.html

        * rendering/SimpleLineLayoutResolver.h:
        (WebCore::SimpleLineLayout::RunResolver::rangeForRect):
        If lastLine is smaller than firstLine, just ignore it.

2014-04-20  Darin Adler  <darin@apple.com>

        ScriptExecutionContext::stopActiveDOMObjects iterates a hash map that can change during iteration (for multiple reasons, including GC)
        https://bugs.webkit.org/show_bug.cgi?id=52719

        Reviewed by Alexey Proskuryakov.

        At least two specific ways this can happen:

        1) XMLHttpRequest::stop can trigger a JavaScript garbage collection.
        2) NotificationCenter::stop can delete the last references to notifications;
           those notifications are also active DOM objects.

        Besides fixing the iteration in that function, did some other fixes for the
        ScriptExecutionContext class, including some coding style changes. Many uses
        of nullptr instead of 0, without listing each function separately below.

        * Modules/webdatabase/DatabaseContext.cpp:
        (WebCore::DatabaseContext::contextDestroyed): Call through to the base class
        version of contextDestroyed rather than repeating what it does (with a large
        comment that doesn't acknowledge the base class alread does it).
        * Modules/webdatabase/DatabaseContext.h: Removed some unneeded includes.
        Wrote out "private" explicitly for deriving from ActiveDOMObject. Made the
        ActiveDOMObject function overrides private, and marked them override and final.

        * dom/ActiveDOMObject.h: Updated comments. Replaced suspendIfNeededCalled with
        assertSuspendIfNeededWasCalled, which has an empty inline version in the header.
        Renamed m_suspendIfNeededCalled to m_suspendIfNeededWasCalled.

        * dom/ActiveDOMObject.cpp:
        (WebCore::ActiveDOMObject::ActiveDOMObject): Pass a reference instead of a pointer.
        (WebCore::ActiveDOMObject::~ActiveDOMObject): Ditto.
        (WebCore::ActiveDOMObject::suspendIfNeeded): Ditto.

        * dom/ContextDestructionObserver.cpp:
        (WebCore::ContextDestructionObserver::observeContext): Pass a reference instead of a pointer.

        * dom/MessagePort.cpp:
        (WebCore::MessagePort::MessagePort): Pass a reference instead of a pointer.
        (WebCore::MessagePort::~MessagePort): Ditto.
        (WebCore::MessagePort::disentangle): Ditto.

        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::ScriptExecutionContext): Updated flags used
        for assertions so they are conditional and updated their names.
        (WebCore::takeAny): Added. Helper function that we can consider for HashSet in
        the future; makes loop below easier to read.
        (WebCore::checkConsistency): Added. Assertions that were done multiple places below,
        and should not be written over and over again.
        (WebCore::ScriptExecutionContext::~ScriptExecutionContext): Changed to use C++11
        for loops and the takeAny function above.
        (WebCore::ScriptExecutionContext::dispatchMessagePortEvents): Ditto.
        (WebCore::ScriptExecutionContext::createdMessagePort): Changed to take a reference
        for clarity and so it doesn't have to do an assert the pointer is non-null.
        (WebCore::ScriptExecutionContext::destroyedMessagePort): Ditto.
        (WebCore::ScriptExecutionContext::canSuspendActiveDOMObjects): Changed to use
        C++11 for loop and reworded comment and redid assertions.
        (WebCore::ScriptExecutionContext::suspendActiveDOMObjects): Ditto.
        (WebCore::ScriptExecutionContext::resumeActiveDOMObjects): Ditto.
        (WebCore::ScriptExecutionContext::stopActiveDOMObjects): Changed to support
        removal of an active DOM object during the stop function. Included new comments
        to clarify what the rules are.
        (WebCore::ScriptExecutionContext::suspendActiveDOMObjectIfNeeded): Changed to take
        a reference for clarity and so it doesn't have to assert a pointer is non-null.
        (WebCore::ScriptExecutionContext::didCreateActiveDOMObject): Ditto. Also changed to
        use RELEASE_ASSERT instead of CRASH.
        (WebCore::ScriptExecutionContext::willDestroyActiveDOMObject): Ditto.
        (WebCore::ScriptExecutionContext::didCreateDestructionObserver): Ditto.
        (WebCore::ScriptExecutionContext::willDestroyDestructionObserver): Ditto.
        (WebCore::ScriptExecutionContext::closeMessagePorts): Moved the body of this
        function into its one call site, ScriptExecutionContext::stopActiveDOMObjects,
        since it's simple enough when written as a C++11 for loop.
        (WebCore::ScriptExecutionContext::hasPendingActivity): Added. This function was
        already exported for workers, and implementing it outside this class required
        exposing the private HashSet members; more sensible to implement it here and
        simply make it public in WorkerGlobalScope.

        * dom/ScriptExecutionContext.h: Removed unnecessary includes and forward declarations.
        Removed a long-ago-fixed FIXME. Changed various functions to take references instead of
        pointers. Added a protected hasPendingActivity function, deleted the closeMessagePorts
        function, deleted the ActiveDOMObjectsSet typedef, made the assertion flags be
        !ASSERT_DISABLED only, and deleted the messagePorts and activeDOMObjects functions.

        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::hasPendingActivity): Deleted. This is now implemented
        in the base class.

        * workers/WorkerGlobalScope.h: Make hasPendingActivity function from the base class
        public instead of declaring it in this class.

2014-04-20  Brent Fulgham  <bfulgham@apple.com>

        [Mac] Unable to select 'Off' or 'Auto' from track menu when tracks consist of unsupported track types
        https://bugs.webkit.org/show_bug.cgi?id=131908
        <rdar://problem/15999882>

        Reviewed by Eric Carlson.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::setSelectedTextTrack): When the user selects 'Off', make sure the currently 'showing'
        track is switched to 'disabled'.

2014-04-20  Andreas Kling  <akling@apple.com>

        Speed up jsStringWithCache() through WeakGCMap inlining.
        <https://webkit.org/b/131923>

        Inline the common path of WeakGCMap::add() in jsStringWithCache().
        26% progression on Bindings/id-getter.html

        Reviewed by Darin Adler.

        * WebCore.exp.in:
        * bindings/js/JSDOMBinding.h:
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::jsStringWithCache):

            Move jsStringWithCache() out of line since we're now blowing up
            its size quite a bit.

2014-04-20  Benjamin Poulain  <benjamin@webkit.org>

        Fix the build after r167574

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):

2014-04-20  Benjamin Poulain  <benjamin@webkit.org>

        Compile the pseudo class :target
        https://bugs.webkit.org/show_bug.cgi?id=131904

        Reviewed by Andreas Kling.

        The pseudo class :target is trivial, it just compare the current element with
        Document::cssTarget().

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        (WebCore::SelectorCompiler::getDocument):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeValueExactMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsTarget):
        * dom/Document.h:
        (WebCore::Document::cssTargetMemoryOffset):

2014-04-20  Benjamin Poulain  <benjamin@webkit.org>

        Rename the CSSSelector PseudoType to PseudoClassType
        https://bugs.webkit.org/show_bug.cgi?id=131907

        Reviewed by Andreas Kling.

        Pseudo Elements and Page Pseudo Classes have been moved out of PseudoType in previous patches.
        The remaining values in the PseudoType enumeration are the pseudo classes.

        This patch is the final clean up, PseudoType is renamed to PseudoClassType.

        * css/CSSGrammar.y.in:
        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::parsePseudoClassAndCompatibilityElementSelector):
        * css/CSSParserValues.h:
        (WebCore::CSSParserSelector::pseudoClassType):
        (WebCore::CSSParserSelector::pseudoType): Deleted.
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::specificityForOneSelector):
        (WebCore::appendPseudoClassFunctionTail):
        (WebCore::CSSSelector::selectorText):
        * css/CSSSelector.h:
        (WebCore::CSSSelector::pseudoClassType):
        (WebCore::CSSSelector::pseudoElementType):
        (WebCore::CSSSelector::pagePseudoClassType):
        (WebCore::pseudoClassIsRelativeToSiblings):
        (WebCore::CSSSelector::isSiblingSelector):
        (WebCore::CSSSelector::CSSSelector):
        (WebCore::CSSSelector::pseudoType): Deleted.
        * css/RuleSet.cpp:
        (WebCore::RuleSet::findBestRuleSetAndAdd):
        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::checkOne):
        (WebCore::SelectorChecker::checkScrollbarPseudoClass):
        (WebCore::SelectorChecker::determineLinkMatchType):
        (WebCore::SelectorChecker::matchesFocusPseudoClass):
        * css/SelectorChecker.h:
        (WebCore::SelectorChecker::isCommonPseudoClassSelector):
        * css/SelectorCheckerFastPath.cpp:
        (WebCore::SelectorCheckerFastPath::commonPseudoClassSelectorMatches):
        * css/SelectorPseudoClassAndCompatibilityElementMap.in:
        * css/SelectorPseudoTypeMap.h:
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::styleForElement):
        * css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
        (enumerablePseudoType):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoClassType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        (WebCore::SelectorCompiler::addPseudoType): Deleted.
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::computePseudoClassMask):
        (WebCore::InspectorCSSAgent::forcePseudoState):
        * inspector/InspectorCSSAgent.h:
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::forcePseudoStateImpl):
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::forcePseudoState):

2014-04-19  Alexey Proskuryakov  <ap@apple.com>

        Crashes in HTMLFormElement::submit.
        https://bugs.webkit.org/show_bug.cgi?id=131910
        <rdar://problem/15661790>

        Based on a patch by Kent Tamura.

        Reviewed by Anders Carlsson.

        Tests: fast/forms/form-submission-crash-2.html
               fast/forms/form-submission-crash.html

        Code that executes arbitrary JS needs to protect objects that it uses afterwards.

        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::prepareForSubmission):
        (WebCore::HTMLFormElement::submit):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::submitForm):

2014-04-20  Antti Koivisto  <antti@apple.com>

        Text bounding box computation for simple line layout is wrong
        https://bugs.webkit.org/show_bug.cgi?id=131912

        Reviewed by Andreas Kling.

        Top-left is currently the first line top-left which is not always correct.

        * WebCore.exp.in:
        * rendering/RenderText.cpp:
        (WebCore::RenderText::firstRunLocation):
        (WebCore::RenderText::firstRunOrigin): Deleted.
        (WebCore::RenderText::firstRunX): Deleted.
        (WebCore::RenderText::firstRunY): Deleted.
        
            Keep just one accessor and rename it.
            Encapsulate the line box and simple line versions.

        * rendering/RenderText.h:
        * rendering/RenderTextLineBoxes.cpp:
        (WebCore::RenderTextLineBoxes::firstRunLocation):

            Line box version.

        * rendering/RenderTextLineBoxes.h:
        * rendering/RenderTreeAsText.cpp:
        
            Simplify RenderText dumping.

        (WebCore::RenderTreeAsText::writeRenderObject):
        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::computeTextBoundingBox):
        
            Return the correct x position.

        (WebCore::SimpleLineLayout::computeTextFirstRunLocation):
        
            Simple line version.

        * rendering/SimpleLineLayoutFunctions.h:
        * rendering/svg/SVGRenderTreeAsText.cpp:
        (WebCore::writeSVGInlineText):

2014-04-19  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: RenderLayer's clipping should snap to device pixel boundaries.
        https://bugs.webkit.org/show_bug.cgi?id=131466

        Reviewed by Simon Fraser.

        Fractional pixel clipping can produce cruft on RenderLayers. Since RenderLayer
        sizing and painting are snapped, painting clip rect needs to be snapped the same way.

        Test: fast/clip/clip-when-rect-has-fractional-pixel-value.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::clipToRect):

2014-04-19  Brent Fulgham  <bfulgham@apple.com>

        Latched scrolling may interact badly with custom programmatic scrolling
        https://bugs.webkit.org/show_bug.cgi?id=131869
        <rdar://problem/16249557>

        Reviewed by Darin Adler.

        * dom/Element.cpp:
        (WebCore::Element::setScrollLeft): Mark scrollable area as having
        been scrolled programmatically.
        (WebCore::Element::setScrollTop): Ditto.
        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleWheelEvent): Check for programmatic scroll, and
        clear latched state if the handler manually scrolled. Clear programmatic
        scroll state at the end of event handling.
        (WebCore::EventHandler::clearLatchedState): Refactored code.
        * page/EventHandler.h:
        * page/mac/EventHandlerMac.mm:
        (WebCore::EventHandler::platformPrepareForWheelEvents): Check
        if scrollable area was scrolled programmatically. If it was, do
        not honor latching behavior.
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::ScrollableArea): Initialize new member.
        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::isScrolledProgrammatically): Added.
        (WebCore::ScrollableArea::setScrolledProgrammatically): Added.

2014-04-19  Chris Fleizach  <cfleizach@apple.com>

        AX: grid rows are not recognized do to lack of explicit role="row", role="gridcell"
        https://bugs.webkit.org/show_bug.cgi?id=131819

        Reviewed by Darin Adler.

        Test: accessibility/table-with-missing-aria-role-rows.html

        If a table is using role="grid", and it has <tr> elements that do not have
        role="row", we should still treat them as row elements.

        * accessibility/AccessibilityARIAGrid.cpp:
        (WebCore::AccessibilityARIAGrid::addTableCellChild):

2014-04-19  Chris Fleizach  <cfleizach@apple.com>

        AX: Malformed tables exposing incorrect col and colSpans
        https://bugs.webkit.org/show_bug.cgi?id=131796

        Reviewed by Darin Adler.

        Test: accessibility/table-incorrect-colspan-cell.html

        When a developer has specified malformed colspans, accessibility is reporting those values instead of the effective column information.

        * accessibility/AccessibilityTableCell.cpp:
        (WebCore::AccessibilityTableCell::columnIndexRange):

2014-04-19  Benjamin Poulain  <bpoulain@apple.com>

        Make the CSS JIT compile for ARM64
        https://bugs.webkit.org/show_bug.cgi?id=131834

        Reviewed by Gavin Barraclough.

        Add the CPU specific code required to compile SelectorCompiler on ARM64.
        The code is absolutely non-functional, it would crash immediately, but it compiles.

        * cssjit/FunctionCall.h:
        (WebCore::FunctionCall::FunctionCall):
        (WebCore::FunctionCall::callAndBranchOnCondition):
        * cssjit/RegisterAllocator.h:
        What am I supposed to do with all those registers? There are so many of them :)
        The array calleeSavedRegisters is defined for compatibility but it cannot be reached at the moment.

        (WebCore::RegisterAllocator::isValidRegister):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::modulo):
        Implement modulo by doing dividend - (divisor * int(dividend/divisor)).

        * cssjit/StackAllocator.h:
        StackAllocator will need a small redesign to handle the 16 bytes alligned stack of
        ARM64.
        The code has been modified to build but it is pretty useless.

        (WebCore::StackAllocator::allocateUninitialized):
        (WebCore::StackAllocator::push):
        (WebCore::StackAllocator::pop):
        (WebCore::StackAllocator::popAndDiscard):
        (WebCore::StackAllocator::popAndDiscardUpTo):
        (WebCore::StackAllocator::alignStackPreFunctionCall):
        (WebCore::StackAllocator::unalignStackPostFunctionCall):

2014-04-19  Simon Fraser  <simon.fraser@apple.com>

        [UI-side compositing] Implement blend modes
        https://bugs.webkit.org/show_bug.cgi?id=131891
        <rdar://problem/16490085>

        Reviewed by Tim Horton.

        Implement blend modes with UI-side compositing.
        
        PlatformCALayer::setBlendMode() becomes pure virtual, and overridden in
        PlatformCALayerMac and PlatformCALayerRemote.
        PlatformCAFilters::setBlendingFiltersOnLayer() now takes a raw platform
        layer, so it can be called from the UI process on a CALayer*.
        
        Fix an issue with GraphicsLayerCA::LayerChange flags. 1 << 31 shifts
        a signed integer, so it ended up setting all the high bits in m_uncommittedChanges,
        causing us to push blend modes to the UI process for every layer. Fix by shifting
        an unsigned long long (1LLU << 31). This should also fix a build warning on Windows.

        * WebCore.exp.in:
        * platform/graphics/ca/GraphicsLayerCA.h:
        * platform/graphics/ca/PlatformCAFilters.h:
        * platform/graphics/ca/PlatformCALayer.h:
        * platform/graphics/ca/mac/PlatformCAFiltersMac.mm:
        (PlatformCAFilters::setBlendingFiltersOnLayer):
        * platform/graphics/ca/mac/PlatformCALayerMac.h:
        * platform/graphics/ca/mac/PlatformCALayerMac.mm:
        (PlatformCALayerMac::setFilters):
        (PlatformCALayerMac::setBlendMode):
        (PlatformCALayer::setBlendMode): Deleted.

2014-04-19  Joseph Pecoraro  <pecoraro@apple.com>

        Fix AVPlayerController leak on pages with video
        https://bugs.webkit.org/show_bug.cgi?id=131878

        Reviewed by Eric Carlson.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerController init]):
        Assigning to the retain property will increment the count,
        so balance the alloc with an autorelease.

2014-04-19  Andreas Kling  <akling@apple.com>

        Slap ALWAYS_INLINE on Element attribute lookup things.
        <https://webkit.org/b/131892>

        Most of the "inline" helpers for setting/getting attributes were not
        actually getting inlined by the compiler, so let's make that happen.

        Reviewed by Geoffrey Garen.

        * dom/Element.cpp:
        (WebCore::Element::synchronizeAttribute):
        * dom/ElementData.h:
        (WebCore::ElementData::findAttributeByName):
        (WebCore::ElementData::findAttributeIndexByName):

2014-04-19  Darin Adler  <darin@apple.com>

        Telephone number detection should respect its setting consistently
        https://bugs.webkit.org/show_bug.cgi?id=131893
        rdar://problem/16597639

        Reviewed by Tim Horton.

        * editing/Editor.cpp:
        (WebCore::Editor::respondToChangedSelection): Only start the timer
        if shouldDetectTelephoneNumbers returns true.
        (WebCore::Editor::shouldDetectTelephoneNumbers): Added. Calls both
        isTelephoneNumberParsingEnabled and TelephoneNumberDetector::isSupported.
        (WebCore::Editor::scanSelectionForTelephoneNumbers): Use
        shouldDetectTelephoneNumbers.
        (WebCore::Editor::clearDataDetectedTelephoneNumbers): Use document()
        instead of m_frame.document().

        * editing/Editor.h: Added declaration of shouldDetectTelephoneNumbers.

2014-04-19  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] Harden the layout in case there are no regions
        https://bugs.webkit.org/show_bug.cgi?id=131517

        Reviewed by Mihnea Ovidenie.

        The patch fixes the cases when the content of a flow thread is not
        properly invalidated when all the regions of its chain are removed.

        Test: fast/regions/simplified-layout-no-regions.html

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::logicalWidthChangedInRegionsForBlock):
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::ensureOverflowForBox):

2014-04-19  Zalan Bujtas  <zalan@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=131594
        Subpixel rendering: WK1: Wrong repaint rect is calculated when layer has non-compositing transform.

        Reviewed by Simon Fraser.

        We need to snap the repaint rect for transformed object the same way when we paint them.

        Test: fast/repaint/hidpi-wrong-repaint-rect-when-parent-has-noncompositing-transform.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeRectForRepaint):

2014-04-18  Simon Fraser  <simon.fraser@apple.com>

        Use 'override' in GraphicsLayerCA
        https://bugs.webkit.org/show_bug.cgi?id=131882

        Reviewed by Tim Horton.

        Add 'override' to all overridden functions. Found a few that need
        not have been virtual. Removed "allowTiledLayer" stuff that was
        never called.

        * WebCore.exp.in:
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::GraphicsLayerCA):
        (WebCore::GraphicsLayerCA::requiresTiledLayer):
        (WebCore::GraphicsLayerCA::setAllowTiledLayer): Deleted.
        * platform/graphics/ca/GraphicsLayerCA.h:
        (WebCore::GraphicsLayerCA::platformCALayer):
        (WebCore::GraphicsLayerCA::hasContentsLayer): Deleted.
        (WebCore::GraphicsLayerCA::allowTiledLayer): Deleted.
        (WebCore::GraphicsLayerCA::isGraphicsLayerCA): Deleted.
        (WebCore::GraphicsLayerCA::platformCALayerLayoutSublayersOfLayer): Deleted.
        (WebCore::GraphicsLayerCA::platformCALayerRespondsToLayoutChanges): Deleted.
        (WebCore::GraphicsLayerCA::platformCALayerContentsOrientation): Deleted.
        (WebCore::GraphicsLayerCA::platformCALayerShowDebugBorders): Deleted.
        (WebCore::GraphicsLayerCA::platformCALayerIncrementRepaintCount): Deleted.
        (WebCore::GraphicsLayerCA::platformCALayerContentsOpaque): Deleted.
        (WebCore::GraphicsLayerCA::platformCALayerDrawsContent): Deleted.
        (WebCore::GraphicsLayerCA::platformCALayerLayerDidDisplay): Deleted.

2014-04-18  Timothy Hatcher  <timothy@apple.com>

        Web Inspector: Move InspectorProfilerAgent to JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=131673

        Passes existing profiler and inspector tests.

        Reviewed by Joseph Pecoraro.

        * CMakeLists.txt:
        * DerivedSources.make:
        * ForwardingHeaders/inspector/agents/InspectorProfilerAgent.h: Added.
        * WebCore.exp.in:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/ScriptProfile.cpp: Removed.
        * bindings/js/ScriptProfile.h:
        * bindings/js/ScriptProfiler.cpp: Removed.
        * bindings/js/ScriptProfiler.h: Removed.
        * inspector/InspectorAllInOne.cpp:
        * inspector/InspectorConsoleInstrumentation.h:
        (WebCore::InspectorInstrumentation::profilerEnabled):
        (WebCore::InspectorInstrumentation::startProfiling):
        (WebCore::InspectorInstrumentation::stopProfiling):
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        * inspector/InspectorController.h:
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):
        (WebCore::InspectorInstrumentation::startProfilingImpl):
        (WebCore::InspectorInstrumentation::stopProfilingImpl):
        (WebCore::InspectorInstrumentation::consoleTimeStampImpl): Deleted.
        * inspector/InspectorInstrumentation.h:
        * inspector/InspectorProfilerAgent.cpp: Removed.
        * inspector/InspectorProfilerAgent.h: Removed.
        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::startProfiling):
        (WebCore::stopProfiling):
        (WebCore::InspectorTimelineAgent::willCallFunction):
        (WebCore::InspectorTimelineAgent::didCallFunction):
        (WebCore::InspectorTimelineAgent::willEvaluateScript):
        (WebCore::InspectorTimelineAgent::didEvaluateScript):
        (WebCore::InspectorTimelineAgent::didDispatchXHRLoadEvent): Deleted.
        * inspector/InstrumentingAgents.h:
        (WebCore::InstrumentingAgents::inspectorProfilerAgent):
        (WebCore::InstrumentingAgents::setInspectorProfilerAgent):
        * inspector/PageDebuggerAgent.cpp:
        (WebCore::PageDebuggerAgent::sourceMapURLForScript): Deleted.
        * inspector/PageDebuggerAgent.h:
        * inspector/PageProfilerAgent.cpp: Added.
        (WebCore::PageProfilerAgent::PageProfilerAgent):
        (WebCore::PageProfilerAgent::profilingGlobalExecState):
        * inspector/PageProfilerAgent.h: Added.
        (WebCore::PageProfilerAgent::~PageProfilerAgent):
        * inspector/ScriptProfile.idl:
        * inspector/TimelineRecordFactory.cpp:
        (WebCore::TimelineRecordFactory::appendProfile):
        * inspector/TimelineRecordFactory.h:
        * inspector/WebConsoleAgent.cpp:
        * inspector/WebProfilerAgent.cpp: Added.
        (WebCore::WebProfilerAgent::WebProfilerAgent):
        (WebCore::WebProfilerAgent::enable):
        (WebCore::WebProfilerAgent::disable):
        * inspector/WebProfilerAgent.h: Added.
        (WebCore::WebProfilerAgent::~WebProfilerAgent):
        * inspector/WorkerInspectorController.cpp:
        (WebCore::WorkerInspectorController::WorkerInspectorController):
        * inspector/WorkerProfilerAgent.cpp: Added.
        (WebCore::WorkerProfilerAgent::WorkerProfilerAgent):
        (WebCore::WorkerProfilerAgent::profilingGlobalExecState):
        * inspector/WorkerProfilerAgent.h: Added.
        (WebCore::WorkerProfilerAgent::~WorkerProfilerAgent):
        * loader/appcache/ApplicationCacheGroup.cpp:
        * page/PageConsole.cpp:
        (WebCore::PageConsole::profile):
        (WebCore::PageConsole::profileEnd):
        (WebCore::PageConsole::time): Deleted.
        (WebCore::PageConsole::timeEnd): Deleted.
        (WebCore::PageConsole::timeStamp): Deleted.
        * page/PageConsole.h:
        * testing/Internals.cpp:
        * testing/Internals.h:
        * xml/XMLHttpRequest.cpp:

2014-04-18  Simon Fraser  <simon.fraser@apple.com>

        Contents of directly composited image layers are sometimes missing
        https://bugs.webkit.org/show_bug.cgi?id=131880

        Reviewed by Tim Horton.
        
        RenderLayerBacking::updateGraphicsLayerGeometry() tested whether a
        GraphicsLayer had a contents layer to determine whether to call code
        that updates the contents rect. However, on Mac, we don't make a contents
        layer until later at layer flush time. That would result in an empty
        contentsRect being set.
        
        Fix by renaming GraphicsLayer::hasContentsLayer() to usesContentsLayer(),
        and on Mac consulting the m_contentsLayerPurpose flag, which is set
        at the appropriate time.

        Test: compositing/images/update-content-rect.html

        * platform/ScrollView.cpp:
        (WebCore::positionScrollbarLayer):
        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::getDebugBorderInfo):
        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::usesContentsLayer):
        (WebCore::GraphicsLayer::hasContentsLayer): Deleted.
        * platform/graphics/ca/GraphicsLayerCA.h:
        (WebCore::GraphicsLayerCA::hasContentsLayer): Deleted.
        * platform/graphics/texmap/GraphicsLayerTextureMapper.h:
        (WebCore::GraphicsLayerTextureMapper::usesContentsLayer):
        (WebCore::GraphicsLayerTextureMapper::hasContentsLayer): Deleted.
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        (WebCore::RenderLayerBacking::positionOverflowControlsLayers):
        (WebCore::RenderLayerBacking::compositingLayerType):

2014-04-18  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167527.
        https://bugs.webkit.org/show_bug.cgi?id=131883

        Broke 32-bit build (Requested by ap on #webkit).

        Reverted changeset:

        "[Mac] implement WebKitDataCue"
        https://bugs.webkit.org/show_bug.cgi?id=131799
        http://trac.webkit.org/changeset/167527

2014-04-18  Eric Carlson  <eric.carlson@apple.com>

        [Mac] implement WebKitDataCue
        https://bugs.webkit.org/show_bug.cgi?id=131799

        Reviewed by Dean Jackson.

        Tests: http/tests/media/track-in-band-hls-metadata.html
               media/track/track-datacue-value.html

        * Configurations/FeatureDefines.xcconfig: Define ENABLE_DATACUE_VALUE.
        * DerivedSources.make: Add ENABLE_DATACUE_VALUE to HTML_FLAGS when appropriate.

        * CMakeLists.txt: Add JSDataCueCustom.cpp.
        * bindings/js/JSBindingsAllInOne.cpp:
        * WebCore.xcodeproj/project.pbxproj: Add new files.

        * bindings/js/JSDataCueCustom.cpp: Added.
        (WebCore::JSDataCue::value): 
        (WebCore::JSDataCue::setValue):
        (WebCore::JSDataCueConstructor::constructJSDataCue): Custom constructor.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::updateActiveTextTrackCues): Drive-by fixes: don't schedule timeupdate
            events when paused, don't call sort on an Vector that can't be sorted.

        * html/track/DataCue.cpp:
        (WebCore::DataCue::DataCue): Initialize m_type.
        (WebCore::DataCue::~DataCue): Unprotect the JSValue if necessary.
        (WebCore::DataCue::data): Ask the platform value for data if non-null.
        (WebCore::DataCue::setData): Clear m_platformValue and m_value.
        (WebCore::DataCue::isEqual): New.
        (WebCore::DataCue::value): Return a JSValue from the platform value, or the value passed
            to the constructor/set by script.
        (WebCore::DataCue::setValue): Set m_value.
        * html/track/DataCue.h:
        * html/track/DataCue.idl:

        * html/track/InbandDataTextTrack.cpp:
        (WebCore::InbandDataTextTrack::addDataCue): Don't add the same cue more than once.
        (WebCore::InbandDataTextTrack::updateDataCue): Update a cue's duration.
        (WebCore::InbandDataTextTrack::removeDataCue): Remove an incomplete cue.
        (WebCore::InbandDataTextTrack::removeCue): Remove a cue from the incomplete cue map if necessary.
        * html/track/InbandDataTextTrack.h:

        * html/track/InbandGenericTextTrack.cpp:
        (WebCore::InbandGenericTextTrack::addGenericCue): CueMatchRules is now in TextTrackCue instead
            of VTTCue.
        * html/track/InbandTextTrack.h:

        * html/track/InbandWebVTTTextTrack.cpp:
        (WebCore::InbandWebVTTTextTrack::newCuesParsed): Ditto.

        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::hasCue): Ditto.
        * html/track/TextTrack.h:

        * html/track/TextTrackCue.cpp:
        (WebCore::TextTrackCue::isEqual): New, test base class equality.
        * html/track/TextTrackCue.h:

        * html/track/TextTrackCueGeneric.cpp:
        (WebCore::TextTrackCueGeneric::isEqual): Call TextTrackCue::isEqual first.
        * html/track/TextTrackCueGeneric.h:

        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::isEqual): Call TextTrackCue::isEqual first.
        * html/track/VTTCue.h:

        * platform/SerializedPlatformRepresentation.h: Added.
        (WebCore::SerializedPlatformRepresentation::~SerializedPlatformRepresentation):
        (WebCore::SerializedPlatformRepresentation::SerializedPlatformRepresentation):

        * platform/graphics/InbandTextTrackPrivateClient.h: Add methods for DataCue with SerializedPlatformRepresentation.

        * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.cpp: Added.
        (WebCore::InbandMetadataTextTrackPrivateAVF::create):
        (WebCore::InbandMetadataTextTrackPrivateAVF::InbandMetadataTextTrackPrivateAVF):
        (WebCore::InbandMetadataTextTrackPrivateAVF::~InbandMetadataTextTrackPrivateAVF):
        (WebCore::InbandMetadataTextTrackPrivateAVF::addDataCue):
        (WebCore::InbandMetadataTextTrackPrivateAVF::updatePendingCueEndTimes):
        (WebCore::InbandMetadataTextTrackPrivateAVF::flushPartialCues):
        * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.h: Added.

        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::seekWithTolerance): currentTrack -> currentTextTrack.
        (WebCore::MediaPlayerPrivateAVFoundation::seekCompleted): Ditto.
        (WebCore::MediaPlayerPrivateAVFoundation::configureInbandTracks): Ditto.
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
        (WebCore::MediaPlayerPrivateAVFoundation::setCurrentTextTrack):
        (WebCore::MediaPlayerPrivateAVFoundation::setCurrentTrack): Deleted.

        Renamed currentTrack and setCurrentTrack to currentTextTrack and setCurrentTextTrack.
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::AVFWrapper::currentTextTrack):
        (WebCore::MediaPlayerPrivateAVFoundationCF::setCurrentTextTrack):
        (WebCore::MediaPlayerPrivateAVFoundationCF::currentTextTrack):
        (WebCore::AVFWrapper::setCurrentTextTrack):
        (WebCore::AVFWrapper::AVFWrapper):
        (WebCore::AVFWrapper::processCue):
        (WebCore::AVFWrapper::currentTrack): Deleted.
        (WebCore::MediaPlayerPrivateAVFoundationCF::setCurrentTrack): Deleted.
        (WebCore::MediaPlayerPrivateAVFoundationCF::currentTrack): Deleted.
        (WebCore::AVFWrapper::setCurrentTrack): Deleted.
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h:

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::seekToTime): currentTrack -> currentTextTrack
        (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged): currentTrack -> currentTextTrack.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::processMetadataTrack): New.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::processCue): m_currentTrack -> m_currentTextTrack.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::flushCues): Ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setCurrentTextTrack): Renamed from setCurrentTextTrack.
        (WebCore::metadataType): Map an AVFoundation metadata key space to a metadata cue type.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::metadataDidArrive): Process new metadata.
        (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setCurrentTrack): Deleted.

        Create a JSValue representation from an AVMetadataItem.
        * platform/mac/SerializedPlatformRepresentationMac.h: Added.
        (WebCore::SerializedPlatformRepresentationMac::platformType):
        (WebCore::SerializedPlatformRepresentationMac::nativeValue):
        * platform/mac/SerializedPlatformRepresentationMac.mm: Added.
        (WebCore::SerializedPlatformRepresentationMac::SerializedPlatformRepresentationMac):
        (WebCore::SerializedPlatformRepresentationMac::~SerializedPlatformRepresentationMac):
        (WebCore::SerializedPlatformRepresentationMac::create):
        (WebCore::SerializedPlatformRepresentationMac::data):
        (WebCore::SerializedPlatformRepresentationMac::deserialize):
        (WebCore::SerializedPlatformRepresentationMac::isEqual):
        (WebCore::toSerializedPlatformRepresentationMac):
        (WebCore::jsValueWithValueInContext):
        (WebCore::jsValueWithDataInContext):
        (WebCore::jsValueWithArrayInContext):
        (WebCore::jsValueWithDictionaryInContext):
        (WebCore::jsValueWithAVMetadataItemInContext):

2014-04-18  Jon Honeycutt  <jhoneycutt@apple.com>

        Harden RenderInline::inlineElementContinuation()

        <https://bugs.webkit.org/show_bug.cgi?id=131858>

        Reviewed by Sam Weinig.

        No new tests, as there are no known cases of this happening.

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::inlineElementContinuation):
        Return nullptr if the continuation is neither a RenderInline nor a
        RenderBlock.

2014-04-18  Stephanie Lewis  <slewis@apple.com>

        We shouldn’t create page throttlers for other pages than WebKit2 pages.
        Part of <rdar://problem/16473045> Visibility state counters are often incorrect
        https://bugs.webkit.org/show_bug.cgi?id=131696

        Reviewed by Gavin Barraclough.

        No new test since not web exposed.

        Page throttlers were being created for SVG images and other page instances that
        were not accurately tracking the states that enable and disable page throttling.
        Make the throttler an unique ptr and only initialize it for WebKit2.

        This also fixes an inefficiency where we would throttle a new page on creation because 
        we assumed it was visible even if that was not the case.

        * WebCore.exp.in:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute): Check page throttler exists.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::started): ditto
        * page/Page.cpp:
        (WebCore::Page::Page): Don’t automatically create page throttler.
        (WebCore::Page::createPageThrottler): Create page throttler.
        (WebCore::Page::setViewState): Check page throttler exists.
        * page/Page.h:
        (WebCore::Page::pageThrottler): Make the page throttler a unique ptr.
        * page/PageThrottler.h:
        * page/Settings.cpp: 
        (WebCore::Settings::setHiddenPageDOMTimerThrottlingEnabled): Check page throttler exists.

2014-04-18  Stephanie Lewis  <slewis@apple.com>

        Move DOM throttling out of the page throttler
        <rdar://problem/16473004>
        https://bugs.webkit.org/show_bug.cgi?id=131697

        Reviewed by Gavin Barraclough.

        No new tests since it's not web exposed.

        DOM timer throttling is currently part of the page throttler which uses per process 
        state and per page state to determine when to throttle.  This led us to being overly 
        conservative when turning DOM throttling off.  It should only respond to view state changes.

        Additionally since creating extra page throttlers SVG images caused bugs 
        in tracking state we'll reserve the page throttler for WebKit2 views.  To avoid regressing 
        WebKit1 we should move DOM timer throttling back to the page.

        * page/Page.cpp:
        (WebCore::Page::Page): set DOM timer throttling.
        (WebCore::Page::setIsVisuallyIdleInternal): ditto.
        (WebCore::Page::hiddenPageDOMTimerThrottlingStateChanged): ditto.
        (WebCore::Page::setIsVisible): Update view state masks for WebKit1 to include IsVisibleOrOccluded and IsVisuallyIdle
        * page/Page.h:
        * page/PageThrottler.cpp:
        (WebCore::PageThrottler::PageThrottler): remove DOM timer throttling.
        (WebCore::PageThrottler::started): ditto.
        (WebCore::PageThrottler::stopped): ditto.
        (WebCore::PageThrottler::hiddenPageDOMTimerThrottlingStateChanged): Deleted.
        * page/PageThrottler.h:
        * page/Settings.cpp:
        (WebCore::Settings::setHiddenPageDOMTimerThrottlingEnabled):

2014-04-18  Dean Jackson  <dino@apple.com>

        [WebGL] Limit maximum texture sizes on older Intel hardware
        https://bugs.webkit.org/show_bug.cgi?id=131867

        Reviewed by Geoffrey Garen.

        Both Chrome and Firefox limit the MAX_TEXTURE_SIZE on
        older Intel hardware to be at most 4096. This does the
        same for WebKit.

        * platform/graphics/Extensions3D.h: Add requiresRestrictedMaximumTextureSize() accessor.
        * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
        (WebCore::Extensions3DOpenGLCommon::Extensions3DOpenGLCommon): Record the value of GL_RENDERER
        and test for "Intel HD Graphics 3000", which is the problematic hardware.
        * platform/graphics/opengl/Extensions3DOpenGLCommon.h:
        (WebCore::Extensions3DOpenGLCommon::requiresRestrictedMaximumTextureSize): Getter.
        * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
        (WebCore::GraphicsContext3D::getIntegerv): If you're asking for MAX_TEXTURE_SIZE or
        MAX_CUBE_MAP_TEXTURE_SIZE, and you're on problematic hardware, return a clamped value
        (4096 and 1024 respectively).

2014-04-18  Hans Muller  <hmuller@adobe.com>

        [CSS Shapes] Add parsing support for gradients
        https://bugs.webkit.org/show_bug.cgi?id=131444

        Reviewed by Bem Jones-Bey.

        Added support for shape-outside gradient values.

        Test: fast/shapes/shape-outside-floats/shape-outside-linear-gradient.html

        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::ApplyPropertyShape::applyValue): Accept generated images as shape-outside values.
        * rendering/shapes/ShapeOutsideInfo.cpp:
        (WebCore::checkShapeImageOrigin): Generated images get a pass, others do not.
        (WebCore::getShapeImageAndRect): Use StyleImage::image() to get a generated image.
        (WebCore::ShapeOutsideInfo::isEnabledFor):
        * rendering/style/ShapeValue.h:
        (WebCore::ShapeValue::isImageValid): Generated images are always considered valid.

2014-04-18  Brady Eidson  <beidson@apple.com>

        REGRESSION (r155700): Pasting an image into content-editable regions is broken.
        <rdar://problem/16654156> and https://bugs.webkit.org/show_bug.cgi?id=131844

        Reviewed by Enrica Casucci.

        * editing/mac/EditorMac.mm:
        (WebCore::Editor::createFragmentForImageResourceAndAddResource): Add the ArchiveResource before
          creating the element that uses it.

2014-04-18  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Make window.scroll() and window.scrollBy() work
        https://bugs.webkit.org/show_bug.cgi?id=131848
        <rdar://problem/16638319>

        Reviewed by Beth Dakin.

        The scrolling-related functions in DOMWindow were #ifdeffed for iOS
        to use the hacky WK1-specific "actual scroll" functions, which do nothing
        in WK2.
        
        Fix by adding a scroll position wrapper (contentsScrollPosition) which does
        the right thing on WK1 and WK2, and change almost all the places that used "actualScrollPosition"
        to us it (with the exception of contentsScrollOffset() in MouseRelatedEvent.cpp, which has
        confusing scaling behavior).

        * dom/MouseRelatedEvent.cpp:
        (WebCore::MouseRelatedEvent::MouseRelatedEvent):
        * dom/TreeScope.cpp:
        (WebCore::nodeFromPoint): Remove #ifdefs. 
        * html/HTMLBodyElement.cpp:
        (WebCore::HTMLBodyElement::scrollLeft):
        (WebCore::HTMLBodyElement::scrollTop):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::scrollX):
        (WebCore::DOMWindow::scrollY):
        (WebCore::DOMWindow::scrollBy):
        (WebCore::DOMWindow::scrollTo):
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::contentsScrollPosition):
        (WebCore::ScrollView::setContentsScrollPosition):
        * platform/ScrollView.h:

2014-04-18  Simon Fraser  <simon.fraser@apple.com>

        Worse animation performance on pages with 3D transforms
        https://bugs.webkit.org/show_bug.cgi?id=131838
        <rdar://problem/16428630&15705876>

        Reviewed by Dean Jackson.
        
        r155977 added logic to adjust the contentsScale of compositing layers
        based on a root-relative transform. However, this resulted in
        the contentsScale continually changing on layers whose transforms
        are changed dynamically, which caused lots of expensive painting.
        
        Fix by bucketing the part of the scale computed from the root-relative transform
        into buckets of 0.25 via rounding.

        Test: compositing/contents-scale/rounded-contents-scale.html

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::clampedContentsScaleForScale):
        (WebCore::GraphicsLayerCA::updateContentsOpaque):
        (WebCore::GraphicsLayerCA::updateContentsScale):
        (WebCore::GraphicsLayerCA::updateContentsVisibility): Deleted.
        (WebCore::GraphicsLayerCA::animatedLayerClones): Deleted.

2014-04-18  Simon Fraser  <simon.fraser@apple.com>

        Remove some includes from image-related headers, and Document.h
        https://bugs.webkit.org/show_bug.cgi?id=131797

        Reviewed by Martin Robinson.

        Remove some #includes from Document.h, DragImage.h, GradientImage.h,
        Image.h, and ImageBuffer.h and deal with the fallout.

        * dom/ContainerNode.h:
        * dom/Document.cpp:
        (WebCore::Document::setInputCursor):
        * dom/Document.h:
        (WebCore::Document::inputCursor):
        * dom/MutationObserverRegistration.cpp:
        * html/canvas/WebGLRenderingContext.cpp:
        * page/FrameSnapshotting.cpp:
        * page/Page.cpp:
        * platform/DragImage.h:
        * platform/graphics/BitmapImage.cpp:
        * platform/graphics/GradientImage.cpp:
        (WebCore::GradientImage::GradientImage):
        (WebCore::GradientImage::~GradientImage):
        * platform/graphics/GradientImage.h:
        * platform/graphics/Image.h:
        * platform/graphics/ImageBuffer.cpp:
        * platform/graphics/ImageBuffer.h:
        (WebCore::ImageBuffer::create):
        (WebCore::ImageBuffer::internalSize):
        (WebCore::ImageBuffer::logicalSize):
        (WebCore::ImageBuffer::baseTransform):
        (WebCore::ImageBuffer::spaceSize):
        (WebCore::ImageBuffer::setSpaceSize):
        * rendering/RenderThemeMac.mm:
        * rendering/shapes/Shape.cpp:
        * rendering/svg/RenderSVGContainer.cpp:
        * svg/SVGURIReference.h:

2014-04-18  Gabor Rapcsanyi  <rgabor@webkit.org>

        Unreviewed. ARM64 buildfix after r167473.

        * platform/audio/DenormalDisabler.h: Put back the MathExtras.h include.

2014-04-18  Radu Stavila  <stavila@adobe.com>

        [CSSRegions] Incorrect background paint on positioned element hover
        https://bugs.webkit.org/show_bug.cgi?id=131617

        Reviewed by Andrei Bucur.

        When computing the repaint rect for absolute elements flowed into regions, the Y location of the
        region within the flow thread must no longer be added to the repaint rect's location because absolute
        positioned elements get pushed down through the regions by their absolute top. So adding the region's
        position in the flow thread and then adding the element's absolute top would cause us to add
        something twice.

        Tests: fast/regions/repaint/repaint-absolute-pushed-to-next-region.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeRectForRepaint):

2014-04-18  Philippe Normand  <pnormand@igalia.com>

        Remove NETWORK_INFO support
        https://bugs.webkit.org/show_bug.cgi?id=131841

        Reviewed by Gyuyoung Kim.

        * CMakeLists.txt:
        * Modules/networkinfo/NavigatorNetworkInfoConnection.cpp: Removed.
        * Modules/networkinfo/NavigatorNetworkInfoConnection.h: Removed.
        * Modules/networkinfo/NavigatorNetworkInfoConnection.idl: Removed.
        * Modules/networkinfo/NetworkInfo.cpp: Removed.
        * Modules/networkinfo/NetworkInfo.h: Removed.
        * Modules/networkinfo/NetworkInfoClient.h: Removed.
        * Modules/networkinfo/NetworkInfoConnection.cpp: Removed.
        * Modules/networkinfo/NetworkInfoConnection.h: Removed.
        * Modules/networkinfo/NetworkInfoConnection.idl: Removed.
        * Modules/networkinfo/NetworkInfoController.cpp: Removed.
        * Modules/networkinfo/NetworkInfoController.h: Removed.
        * PlatformEfl.cmake:
        * dom/EventTargetFactory.in:
        * platform/efl/NetworkInfoProviderEfl.cpp: Removed.
        * platform/efl/NetworkInfoProviderEfl.h: Removed.
        * testing/Internals.cpp:
        (WebCore::Internals::setNetworkInformation): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:

2014-04-17  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167478.
        https://bugs.webkit.org/show_bug.cgi?id=131840

        Broke multicol tests (Requested by ap on #webkit).

        Reverted changeset:

        "[New Multicolumn] Pagination mode messed up with non-inline
        axis and reversed direction."
        https://bugs.webkit.org/show_bug.cgi?id=131811
        http://trac.webkit.org/changeset/167478

2014-04-17  Daniel Bates  <dabates@apple.com>

        [iOS] Hook up screen.{availHeight, availWidth, height, width}
        https://bugs.webkit.org/show_bug.cgi?id=131821
        <rdar://problem/16413795>

        Reviewed by Benjamin Poulain and Tim Horton.

        Implement support for screen.{availHeight, availWidth, height, width} in WebKit2 for iOS.

        Additionally substitute "screenSize" for "viewporScreenSize" to make the code more understandable.

        * WebCore.exp.in: Export symbol for WebCore System Interface function
        _wkGetAvailableScreenSize.
        * dom/Document.cpp:
        (WebCore::Document::processViewport): Modified to call Chrome::screenSize(); formerly it
        called ChromeClient::viewportScreenSize().
        * page/Chrome.cpp:
        (WebCore::Chrome::screenSize): Added; turns around and calls ChromeClient::screenSize().
        (WebCore::Chrome::availableScreenSize): Added; turns around and calls ChromeClient::availableScreenSize().
        * page/Chrome.h:
        * page/ChromeClient.h:
        (WebCore::ChromeClient::screenSize): Renamed; formerly named viewportScreenSize.
        (WebCore::ChromeClient::availableScreenSize): Added; default implementation, which
        returns the size of Chrome::windowRect().
        * page/ViewportConfiguration.cpp:
        (WebCore::ViewportConfiguration::textDocumentParameters):
        * platform/HostWindow.h: Added declarations for availableScreenSize() and screenSize()
        so that a caller (e.g. WebCore::screenRect()) can query for such screen information using
        only the HostWindow interface. That is, a caller doesn't need to know about ChromeClient.
        * platform/ios/PlatformScreenIOS.mm:
        (WebCore::screenRect): Modified to query HostWindow::screenSize() when computing the
        screen rectangle in WebKit2 for iOS.
        (WebCore::screenAvailableRect): Modified to query HostWindow::availableScreenSize()
        when computing the available screen rectangle in WebKit2 for iOS.
        * platform/ios/WebCoreSystemInterfaceIOS.mm:
        * platform/mac/WebCoreSystemInterface.h:

2014-04-17  Darin Adler  <darin@apple.com>

        origin spoofing possible (HTTP Origin, postMessage event.origin) due to inappropriate URL escape sequence decoding
        https://bugs.webkit.org/show_bug.cgi?id=131837
        rdar://problem/15211936

        Reviewed by Anders Carlsson and Dave Hyatt.

        Tests: fast/dom/DOMURL/parsing.html
               fast/dom/HTMLAnchorElement/anchor-element-href-parsing.html

        * platform/URL.cpp:
        (WebCore::URL::host): Removed unnecessary call to decodeURLEscapeSequences, which caused
        problems and was not needed.

2014-04-17  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Pagination mode messed up with non-inline axis and reversed direction.
        https://bugs.webkit.org/show_bug.cgi?id=131811

        Reviewed by Dean Jackson.

        Added fast/multicol/newmulticol/compare-with-old-impl/BottomToTop-tb.html
        
        With block axis pagination mode, it is possible to set a column height that is not the same
        as the available fill height for a block. The new multi-column code had the assumption that
        the column height was the same as the amount of fill room you had available. This is not
        the case.
        
        To correct the issue, I added a member variable to RenderMultiColumnSet that stores the
        available column height as a separate variable from the computed column height. This allows
        the pagination API to specify a different column height that is not the same as the view's
        content height.

        Even though it isn't involved in the solution, I also patched pageOrViewLogicalHeight on
        RenderView to work with the new column code as well.

        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::RenderMultiColumnSet):
        (WebCore::RenderMultiColumnSet::setAndConstrainColumnHeight):
        (WebCore::RenderMultiColumnSet::computeLogicalHeight):
        * rendering/RenderMultiColumnSet.h:
        * rendering/RenderView.cpp:
        (WebCore::RenderView::pageOrViewLogicalHeight):

2014-04-17  Anders Carlsson  <andersca@apple.com>

        Build fix.

        * svg/animation/SMILTime.h:

2014-04-17  Bem Jones-Bey  <bjonesbe@adobe.com>

        Unreviewed, rolling out r167384.

        Sounds like this isn't the right fix, and causes generation to
        run far too often.

        Reverted changeset:

        "Fix CodeGenerator.pm to only write files if the generated
        content has changed"
        https://bugs.webkit.org/show_bug.cgi?id=131756
        http://trac.webkit.org/changeset/167384

2014-04-17  Ryuan Choi  <ryuan.choi@samsung.com>

        Remove unnecessary MathExtras.h includes
        https://bugs.webkit.org/show_bug.cgi?id=131789

        Reviewed by Anders Carlsson.

        * platform/FileSystem.h:
        * platform/Scrollbar.h:
        * platform/animation/AnimationUtilities.h:
        * platform/audio/DenormalDisabler.h:
        * platform/graphics/Font.h:
        * platform/graphics/IntPoint.h: Included cmath instad of MathExtras.h.
        * platform/graphics/LayoutPoint.h:
        * platform/graphics/cairo/GraphicsContextPlatformPrivateCairo.h:
        * rendering/svg/SVGMarkerData.h:
        * svg/animation/SMILTime.h:

2014-04-16  Huang Dongsung  <luxtella@company100.net>

        Make RenderLayerBacking get the timingFunction of the correct animation.
        https://bugs.webkit.org/show_bug.cgi?id=100632

        Reviewed by Simon Fraser.

        When an element has multiple animations that have different timingFunctions,
        the progress of each animation should be calculated using its respective
        timingFunction. But at this point, the timingFunction of the first animation is
        only used in RenderLayerBacking::startAnimation(), regardless of how many
        animations the element has.

        getAnimationFromStyleByName() was introduced in r89462 so that the
        timingFunction of the correct animation searched by its name would be
        used. This patch moves the function to KeyframeValue::timingFunction()
        so that RenderLayerBacking reuses this method.

        Test: animations/keyframe-multiple-timing-functions-transform.html

        * page/animation/KeyframeAnimation.cpp:
        (WebCore::KeyframeAnimation::fetchIntervalEndpointsForProperty):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::startAnimation):
        * rendering/style/KeyframeList.cpp:
        (WebCore::KeyframeValue::timingFunction):
        (WebCore):
        * rendering/style/KeyframeList.h:
        (WebCore):
        (KeyframeValue):

2014-04-17  Andreas Kling  <akling@apple.com>

        Rollout: Add a way to cache never-changing IDL attributes in the wrapper.
        <https://webkit.org/b/131759>

        This behavior may be observable from the web, so we can't do it this way.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        * bindings/scripts/IDLAttributes.txt:
        * bindings/scripts/test/*:
        * dom/Element.idl:
        * dom/Node.idl:

2014-04-17  Andreas Kling  <akling@apple.com>

        Cheesy Mountain Lion build fix.

        * platform/MemoryPressureHandler.h:
        (WebCore::MemoryPressureHandler::ReliefLogger::logString):

2014-04-17  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Column rules don't respect the specified stacking order.
        https://bugs.webkit.org/show_bug.cgi?id=131804

        Reviewed by Beth Dakin.

        Added fast/multicol/newmulticol/compare_with_old_impl/column-rules-stacking.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::paintBoxDecorations):
        * rendering/RenderBlockFlow.h:
        Override paintBoxDecorations for block flows so that we can iterate over our column sets
        and paint their rules just after painting our background and border. We can't wait until
        the child column sets paint their backgrounds, since that is specified as being above negative
        z-index children. We have to pretend that the column sets don't exist as
        far as column rule painting is concerned.

        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::paintObject): Deleted.
        * rendering/RenderMultiColumnSet.h:
        Turn paintObject in RenderMultiColumnSet into an override that doesn't paint anything.

2014-04-17  Beth Dakin  <bdakin@apple.com>

        Hit-testing is incorrect for plugins inside iframes when there is a 
        topContentInset
        https://bugs.webkit.org/show_bug.cgi?id=131826
        -and corresponding-
        <rdar://problem/16649996>

        Reviewed by Tim Horton.

        I missed one coordinate-conversion spot when getting hit-testing to work. Like 
        headerHeight() which also manipulates the location of the root layer, 
        topContentInset() has to be factored into all of these conversions.
        * page/FrameView.cpp:
        (WebCore::FrameView::convertFromRenderer):

2014-04-17  Andreas Kling  <akling@apple.com>

        Stub out MemoryPressureHandler::ReliefLogger on older OS X'es.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::ReliefLogger::platformLog):
        (WebCore::MemoryPressureHandler::ReliefLogger::platformMemoryUsage):

2014-04-17  Dirk Schulze  <krit@webkit.org>

        Remove CANVAS_PATH where possible
        https://bugs.webkit.org/show_bug.cgi?id=131788

        Reviewed by Dean Jackson.

        Since Firefox and Chrome ship the same interoperable subset of Path2D soon, 
        it is time to remove CANVAS_PATH where possible.

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::clip):
        (WebCore::CanvasRenderingContext2D::isPointInStroke):
        * html/canvas/CanvasRenderingContext2D.h:
        * html/canvas/CanvasRenderingContext2D.idl:
        * html/canvas/DOMPath.h:
        * html/canvas/DOMPath.idl:

2014-04-17  Brendan Long  <b.long@cablelabs.com>

        [GStreamer] Store TrackPrivateBaseGStreamer's label and language as AtomicStrings
        https://bugs.webkit.org/show_bug.cgi?id=130404

        Reviewed by Philippe Normand.

        No new tests, this just makes things more efficient.

        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
        (WebCore::TrackPrivateBaseGStreamer::getLanguageCode):
        (WebCore::TrackPrivateBaseGStreamer::getTag):
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.h:

2014-04-17  Andreas Kling  <akling@apple.com>

        Fix Cocoa build.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::ReliefLogger::platformMemoryUsage):

2014-04-17  Rik Cabanier  <cabanier@adobe.com>

        [CSS Blending] Remove the -webkit- prefix for mix-blend-mode and isolation CSS properties
        https://bugs.webkit.org/show_bug.cgi?id=131355

        Reviewed by Dean Jackson.

        Removed webkit prefix from mix-blend-mode and isolation. These properties
        never shipped and their spec is now in CR.

        Covered by existing tests.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        (WebCore::isKeywordPropertyID):
        (WebCore::CSSParser::parseValue):
        * css/CSSPropertyNames.in:
        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::DeprecatedStyleBuilder::DeprecatedStyleBuilder):

2014-04-17  David Kilzer  <ddkilzer@apple.com>

        Tidy up isIsolatedInline() and highestContainingIsolateWithinRoot()
        <http://webkit.org/b/131117>

        Reviewed by Daniel Bates.

        Based on review feedback for r166650.

        * rendering/InlineIterator.h:
        (WebCore::isIsolatedInline):
        - Switch argument to a reference since it is never called with a
          nullptr.
        (WebCore::highestContainingIsolateWithinRoot):
        - Switch first argument to a reference since it's never a
          nullptr.
        - Use nullptr for pointer initialization.
        - Switch while() loop to for() loop. Pass reference to
          isIsolatedInline().
        (WebCore::numberOfIsolateAncestors):
        - Switch while() loop to for() loop. Pass reference to
          isIsolatedInline().
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::constructBidiRunsForSegment):
        - Rename startObj to startObject.
        - No longer need to pass the address of startObject here.

2014-04-17  Andreas Kling  <akling@apple.com>

        Log number of bytes reclaimed at each step of memory pressure relief.
        <https://webkit.org/b/131751>

        Reviewed by Antti Koivisto.

        * platform/MemoryPressureHandler.h:
        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::ReliefLogger::platformLog):
        (WebCore::MemoryPressureHandler::ReliefLogger::platformMemoryUsage):
        (WebCore::MemoryPressureHandler::ReliefLogger::ReliefLogger):
        (WebCore::MemoryPressureHandler::ReliefLogger::~ReliefLogger):
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandlerCocoa::ReliefLogger::platformMemoryUsage):
        (WebCore::MemoryPressureHandlerCocoa::ReliefLogger::platformLog):

            Add a simple RAII helper to check memory usage before and after
            a block of code, and then dump the delta to system log.

        (WebCore::MemoryPressureHandler::releaseMemory):
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::platformReleaseMemory):

            Use ReliefLogger to annotate the various attempts to reduce
            our memory footprint. This will help us understand the efficiency
            of our current strategy.

2014-04-17  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] columnNumberForOffset is not patched for new multicolumn code yet.
        https://bugs.webkit.org/show_bug.cgi?id=131740

        Reviewed by Enrica Casucci.
        
        I took the opportunity to clean this code up while adding support for the new columns.
        columnNumberForOffset only applied for paginated RenderViews and was really about
        pages and not columns. It also only returns an actual page number if the columns are
        block progressed (e.g., right-to-left vertical Japanese books).
        
        Therefore I renamed columnNumberForOffset to pageNumberForBlockProgressionOffset and
        moved it to RenderView.
        
        I also renamed the member variable of SelectionRect to be pageNumber instead of
        columnNumber in order to make it more obvious that this isn't about columns per se
        (since the fact that we implemented RenderView's pagination mode using columns is an
        implementation detail).

        * dom/Range.cpp:
        (WebCore::coalesceSelectionRects):
        (WebCore::Range::collectSelectionRects):
        * platform/ios/SelectionRect.h:
        (WebCore::SelectionRect::pageNumber):
        (WebCore::SelectionRect::columnNumber): Deleted.
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::collectSelectionRects):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::collectSelectionRects):
        (WebCore::RenderObject::columnNumberForOffset): Deleted.
        * rendering/RenderObject.h:
        * rendering/RenderText.cpp:
        (WebCore::RenderText::collectSelectionRects):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::pageNumberForBlockProgressionOffset):
        * rendering/RenderView.h:

2014-04-16  Brent Fulgham  <bfulgham@apple.com>

        [Win] A few final cleanups to the DataObject classes.
        https://bugs.webkit.org/show_bug.cgi?id=131784

        Reviewed by Anders Carlsson.

        * platform/win/WCDataObject.cpp:
        (WebCore::WCDataObject::clearData): Use 'last()' method.

2014-04-15  Jer Noble  <jer.noble@apple.com>

        Fullscreen media controls are unusable in pagination mode
        https://bugs.webkit.org/show_bug.cgi?id=131705

        Reviewed by Darin Adler.

        When pagination mode is enabled, the full screen media will (depending on the width of the
        pagination columns) overflow its column, and hit testing will be clipped to the column. In extreme
        cases, where the column width < 0.5 * media element width, the media controls will be entirely
        unclickable.

        Rather than making the RenderFullScreen a child of the full screen element's parent's renderer,
        make it a child of the RenderView, putting it outside of the columns entirely. Always create and
        insert the fullscreenRenderer's placeholder, using it as the remembered insertion point for the
        fullscreen element's renderer when we exit full screen.

        Drive-by fix: don't wrap the full screen element's renderer in webkitWillEnterFullScreenForElement();
        it will just be re-wrapped in createRendererIfNeeded().

        * dom/Document.cpp:
        (WebCore::Document::webkitWillEnterFullScreenForElement): Don't wrap the full screen element's renderer.
        (WebCore::Document::setFullScreenRenderer): Call setPlaceholderStyle.
        * rendering/RenderFullScreen.cpp:
        (WebCore::RenderFullScreenPlaceholder::willBeDestroyed): Call clearPlaceholder.
        (WebCore::RenderFullScreen::wrapRenderer): Make fullscreenRenderer a child of the view().
        (WebCore::RenderFullScreen::unwrapRenderer): Return the children to the parent of the placeholder().
        (WebCore::RenderFullScreen::clearPlaceholder): Renamed from setPlaceholder().
        (WebCore::RenderFullScreen::ensurePlaceholder): Added. 
        (WebCore::RenderFullScreen::setPlaceholderStyle): Renamed from createPlaceholder().
        (WebCore::RenderFullScreen::setPlaceholder): Deleted.
        (WebCore::RenderFullScreen::createPlaceholder): Deleted.
        * rendering/RenderFullScreen.h:

2014-04-16  Jer Noble  <jer.noble@apple.com>

        [MSE] Multiple initialization segments with same codecs in tracks fail validation.
        https://bugs.webkit.org/show_bug.cgi?id=131768

        Additional initialization segments added to the same SourceBuffer with the same
        codec values will fail validation. Update the validation check to add the correct
        codec information for the initial segment, and check against the correct codecs during
        the validation step.

        Additionally, after validation, if successful update the Audio, Video, and TextTracks
        for the SourceBuffer with the updated initialization segment information.

        Reviewed by Eric Carlson.

        Test: media/media-source/media-source-multiple-initialization-segments.html

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::appendBufferTimerFired): m_source may have been cleared
            as a result of the append, so check it before using.
        (WebCore::SourceBuffer::sourceBufferPrivateDidEndStream): Call streamEndedWithError
            instead of endOfStream as the latter is safe to call within an update.
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment): Ditto.
            Update the track lists if validation succeeds.
        (WebCore::SourceBuffer::validateInitializationSegment): Switch the audio and video
            codec checks.

        Add the ability for Audio, Video, and InbandTextTracks to replace their private tracks:
        * html/track/AudioTrack.cpp:
        (WebCore::AudioTrack::AudioTrack): Call updateKindFromPrivate().
        (WebCore::AudioTrack::setPrivate):
        (WebCore::AudioTrack::updateKindFromPrivate): Split out from constructor.
        * html/track/AudioTrack.h:
        * html/track/InbandTextTrack.cpp:
        (WebCore::InbandTextTrack::InbandTextTrack): Call updateKindFromPrivate().
        (WebCore::InbandTextTrack::setPrivate):
        (WebCore::InbandTextTrack::setMode): Split up into setModeInternal().
        (WebCore::InbandTextTrack::setModeInternal): Broke out from setMode().
        (WebCore::InbandTextTrack::updateKindFromPrivate): Split out from constructor.
        * html/track/InbandTextTrack.h:
        * html/track/TextTrack.h:
        (WebCore::TextTrack::isInband): Added, returns false.
        * html/track/VideoTrack.cpp:
        (WebCore::VideoTrack::VideoTrack): Call updateKindFromPrivate().
        (WebCore::VideoTrack::setPrivate):
        (WebCore::VideoTrack::updateKindFromPrivate):  Split out from constructor.
        * html/track/VideoTrack.h:

2014-04-17  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Column sets below spanners don't repaint properly.
        https://bugs.webkit.org/show_bug.cgi?id=131778

        Reviewed by Beth Dakin.

        Added fast/repaint/spanner-with-margins.html.

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeRectForRepaint):
        Turn off some code that was running for in-flow RenderFlowThreads that made no sense.
        I'm not convinced the code is right for other types of RenderFlowThreads either,
        but will leave that to the named flow thread experts. :)

2014-04-17  Koji Ishii  <kojishi@gmail.com>

        Catch up ruby and its tag omission rule changes in HTML5 CR Feb 2014
        https://bugs.webkit.org/show_bug.cgi?id=131175

        Reviewed by Darin Adler.

        Tests: html5lib/resources/ruby.dat
               html5lib/resources/tests19.dat

        This patch makes WebKit HTML parser to match to the tag omission rules of HTML5 CR Feb 2014:
        http://www.w3.org/TR/2014/CR-html5-20140204/syntax.html#syntax-tag-omission
        with the support for two new elements (rb, rtc) which were also defined in the spec:
        http://www.w3.org/TR/2014/CR-html5-20140204/text-level-semantics.html#the-rb-element
        http://www.w3.org/TR/2014/CR-html5-20140204/text-level-semantics.html#the-rtc-element
        to better support use cases presented by W3C I18N WG:
        http://www.w3.org/TR/ruby-use-cases/

        * html/HTMLTagNames.in: rb and rtc added as HTMLElement interfaces.
        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::hasImpliedEndTag): the spec says rb and rtc have implied end tags.
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::processStartTagForInBody): rb and rtc added. rt excludes rtc from its implied end tags.

2014-04-17  Darin Adler  <darin@apple.com>

        Try to fix EFL and GTK builds.

        * workers/WorkerGlobalScope.idl: Touch file to make it rebuild, assuming that
        module dependencies aren't working right with CMake. Tweaked formatting quite a
        bit while I was in here.

2014-04-17  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] REGRESSION: Column set styles don't update when zooming etc.
        https://bugs.webkit.org/show_bug.cgi?id=131777

        Reviewed by Enrica Casucci.

        Added fast/multicol/zoom-test.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::styleDidChange):
        Put back in the code that propagates new styles to the flow thread and column sets
        when styles change. This propagation was removed when the column span code landed.
        This patch puts it back in but qualifies the types of objects that get styles
        propagated to avoid accidentally propagating the wrong style to column spans.

2014-04-17  Darin Adler  <darin@apple.com>

        Add separate flag for IndexedDatabase in workers since the current implementation is not threadsafe
        https://bugs.webkit.org/show_bug.cgi?id=131785
        rdar://problem/16003108

        Reviewed by Brady Eidson.

        * Configurations/FeatureDefines.xcconfig: Added INDEXED_DATABASE_IN_WORKERS.

        * Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.cpp: Use the new conditional
        instead of the old one.
        * Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.h: Ditto.
        * Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.idl: Ditto.

2014-04-17  Dan Bernstein  <mitz@apple.com>

        WebCore part of <rdar://problem/16601336> [Cocoa] _userInitiated is always NO in WKNavigationAction passed to -webView:createWebViewWithConfiguration:forNavigationAction:windowFeatures:
        https://bugs.webkit.org/show_bug.cgi?id=131783

        Reviewed by Tim Horton.

        * loader/NavigationAction.cpp:
        (WebCore::NavigationAction::NavigationAction): Initialize m_processingUserGesture to
        ScriptController::processingUserGesture() at the time the NavigationAction is constructed.
        * loader/NavigationAction.h:
        Added boolean member variable m_processionUserGesture
        (WebCore::NavigationAction::processingUserGesture): Added this getter.

2014-04-17  Ion Rosca  <rosca@adobe.com>

        [CSS Blending] Isolation descendant dependent flags are not updated correctly
        https://bugs.webkit.org/show_bug.cgi?id=130892

        Reviewed by Dean Jackson.

        The isolation descendant dependent flag (m_hasUnisolatedBlendingDescendants)
        will help us to determine if a layer should isolate blending descendants or not.
        The m_hasUnisolatedBlendingDescendants flag should be set for layers that have blending descendant layers
        not isolated by descendant stacking contexts.
        An element isolatesBlending() if it has this flag set and creates stacking context.

        Tests: css3/compositing/blend-mode-isolation-flags-append-non-stacking-context-blending.html
               css3/compositing/blend-mode-isolation-flags-append-stacking-context-blending.html
               css3/compositing/blend-mode-isolation-flags-remove-non-stacking-context-blending.html
               css3/compositing/blend-mode-isolation-flags-remove-stacking-context-blending.html
               css3/compositing/blend-mode-isolation-flags-turn-off-blending-no-isolation.html
               css3/compositing/blend-mode-isolation-flags-turn-off-blending.html
               css3/compositing/blend-mode-isolation-flags-turn-off-stacking-context.html
               css3/compositing/blend-mode-isolation-flags-turn-on-blending.html
               css3/compositing/blend-mode-isolation-flags-turn-on-stacking-context.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        (WebCore::RenderLayer::updateBlendMode):
        (WebCore::RenderLayer::updateAncestorChainHasBlendingDescendants):
            When a layer has blending and it hasn't had it before, we set the isolation
        flag for all its ancestors up to the first layer creating stacking context.
        I removed the isComposited() check here. Isolation flags should be correct regardless
        of compositing state. Moreover, if this method is called from styleChanged(),
        the compositing state might not be accurate, it's going to be recalculated afterwards.  
        (WebCore::RenderLayer::dirtyAncestorChainHasBlendingDescendants):
            When a layer doesn't have blending, but it used to have it before, we mark
        the isolation flag as dirty for all its ancestors up to the first layer
        creating stacking context. The isolation flags will be recalculated by
        RenderLayer::updateDescendantDependentFlags.
        (WebCore::RenderLayer::updateDescendantDependentFlags):
            Evaluates if the layer has unisolated blending descendants by traversing
        the layer subtree.
        (WebCore::RenderLayer::addChild):
            When adding a subtree that has blending or has some unisolated descendants,
        we set the flag for all the ancestors, up to the stacking context layer.
        (WebCore::RenderLayer::removeChild):
            When removing a subtree that had blending or had some unisolated descendants,
        we dirty the flag so that it could be reevaluated.
        (WebCore::RenderLayer::calculateClipRects):
        (WebCore::RenderLayer::updateTransform):
        * rendering/RenderLayer.h:
            Rename m_hasBlendedElementInChildStackingContext => m_hasUnisolatedBlendingDescendants
        and m_hasBlendedElementInChildStackingContextStatusDirty => m_hasUnisolatedBlendingDescendantsStatusDirty,
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::computeCompositingRequirements):
            Add an assert to make sure that if m_hasUnisolatedCompositedBlendingDescendants is true,
        then m_hasUnisolatedBlendingDescendants is true as well.

2014-04-17  Tim Horton  <timothy_horton@apple.com>

        Uninline blend(Color, Color) to get AnimationUtilities out of Color.h
        https://bugs.webkit.org/show_bug.cgi?id=131781

        Reviewed by Simon Fraser.

        * platform/graphics/Color.cpp:
        (WebCore::blend):
        Un-inline.

        * platform/graphics/Color.h:
        No more AnimationUtilities.

2014-04-16  Benjamin Poulain  <bpoulain@apple.com>

        Fix the build after r167412

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::updateScrollbars):

2014-04-16  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Fix annoying scrolling bugs
        https://bugs.webkit.org/show_bug.cgi?id=131722

        Reviewed by Simon Fraser.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::updateScrollbars):
        Since ScrollingStateScrollingNode::setRequestedScrollPosition() was added, we see ScrollView::updateScrollbars()
        keep changing the scroll position to incorrect values.

        On iOS, the scrollbars are handled by the native UI, the code just compute incorrect scroll position. On WebKit1,
        the code does not run because there is a platformWidget().

        Just #ifdef the whole useless code.

2014-04-16  Alexandru Chiculita  <achicu@adobe.com>

        Improve performance of the RenderLayerCompositor::OverlapMap
        https://bugs.webkit.org/show_bug.cgi?id=115063

        Reviewed by Simon Fraser.

        No new tests, no new functionality or behavior.

        Do not use the OverlapMap in RenderLayerCompositor::computeCompositingRequirements if the layer already
        has a 3D transform. This way we can avoid a potential expensive lookups when we know for sure the layer
        is already supposed to be composited. 

        Also, added a bounding box of the overlap map, so that it can catch cases when the new layer is not overlapping
        any of the previous layers. This is pretty common when having composited layers laid out in a vertical/horizontal list.


        * rendering/RenderLayerCompositor.cpp:
        (OverlapMapContainer):
        (WebCore::OverlapMapContainer::add):
        (WebCore::OverlapMapContainer::overlapsLayers):
        (WebCore::OverlapMapContainer::unite):
        (WebCore):
        (WebCore::RenderLayerCompositor::OverlapMap::add):
        (WebCore::RenderLayerCompositor::OverlapMap::overlapsLayers):
        (WebCore::RenderLayerCompositor::OverlapMap::pushCompositingContainer):
        (WebCore::RenderLayerCompositor::OverlapMap::popCompositingContainer):
        (RenderLayerCompositor::OverlapMap):
        (WebCore::RenderLayerCompositor::computeCompositingRequirements):

2014-04-16  Brian J. Burg  <burg@cs.washington.edu>

        Web Replay: memoize fallback time values for document.lastModified
        https://bugs.webkit.org/show_bug.cgi?id=131318

        Reviewed by Joseph Pecoraro.

        If a document's Last-Modified header can't be found or used, then 
        document.lastModified is derived from the current system time or
        from filesystem data, which is obviously nondeterministic.

        It's better to handle this inside Document::lastModified rather than using
        MemoizedDOMResult, because only the fallback case is nondeterministic.

        Test: http/tests/inspector/replay/document-last-modified-fallback-value.html

        The test is skipped for now, as it will be very flaky without the
        functionality introduced by bugs 130728 and 129391.

        * dom/Document.cpp:
        (WebCore::Document::lastModified): Save or reuse memoized fallback value.
        * replay/WebInputs.json: Add input DocumentLastModifiedDate.

2014-04-16  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Selection gets confused when the mouse is in the column gaps.
        https://bugs.webkit.org/show_bug.cgi?id=131739

        Reviewed by Enrica Casucci.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::selectionGaps):
        Make sure not to paint selection gaps. This matches the old multi-column behavior. Even though
        selection gaps *nearly* work with the new multi-column code, I am disabling them so that we
        can turn them on without visual regressions.
        
        (WebCore::isChildHitTestCandidate):
        Don't allow in-flow RenderFlowThreads to be descended into from positionForPoint. We always want
        to look only at the spanners and at the sets.

        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::nodeAtPoint):
        * rendering/RenderMultiColumnFlowThread.h:
        Override nodeAtPoint to disallow the RenderMultiColumnFlowThread from being considered for hit
        testing when no DOM node is found. It's better to just let RenderBlock's positionForPoint run
        to drill back down into the appropriate column set.

        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::positionForPoint):
        Implement positionForPoint for RenderMultiColumnSets. This is a straight-up port of the
        old multi-column code's adjustPointToColumnContents function.

        * rendering/RenderMultiColumnSet.h:
        Add override of positionForPoint.

2014-04-16  Dean Jackson  <dino@apple.com>

        MediaDocument on iOS should be full page
        https://bugs.webkit.org/show_bug.cgi?id=131774

        Reviewed by Jer Noble.

        A MediaDocument on iOS has two problems. It can't rely
        on intrinsic size, since it doesn't load the content until
        a user gesture. Secondly, on a small screen you want the
        media to fill the page.

        Add width/height 100% for iOS documents.

        Test: platform/iphone-simulator/media/media-document-controls-size.html

        * html/MediaDocument.cpp:
        (WebCore::MediaDocumentParser::createDocumentStructure):

2014-04-16  Roger Fong  <roger_fong@apple.com>

        Add a way for layout tests to determine whether or not a plugin is snapshotted.
        https://bugs.webkit.org/show_bug.cgi?id=131650.
        <rdar://problem/16615528>

        Reviewed by Dean Jackson.

        * testing/Internals.cpp:
        (WebCore::Internals::isPluginSnapshotted):
        * testing/Internals.h:
        * testing/Internals.idl:

2014-04-16  Zoltan Horvath  <zoltan@webkit.org>

        Vanish unnecessary includes from Shapes.{h|cpp}
        https://bugs.webkit.org/show_bug.cgi?id=131762

        Reviewed by Andreas Kling.

        No new tests, no behavior change.

        * rendering/shapes/BoxShape.h:
        * rendering/shapes/Shape.cpp:
        * rendering/shapes/Shape.h:
        * rendering/shapes/ShapeOutsideInfo.h:

2014-04-16  Andreas Kling  <akling@apple.com>

        Revert direct caching of tagName and nodeName from r167383.

        Ryosuke tells me this is not entirely safe, will need to rethink.

        * dom/Element.idl:
        * dom/Node.idl:

2014-04-16  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>

        Improve security mitigation added in webkit r94001.
        We missed the case where attachLine was called when we already had an inline box wrapper.
        https://bugs.webkit.org/show_bug.cgi?id=127285

        Reviewed by Brent Fulgham.

        Merged from Blink: https://src.chromium.org/viewvc/blink?revision=150697&view=revision

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::positionLineBox):
        * rendering/RenderBox.h:
        (WebCore::RenderBox::setInlineBoxWrapper):

2014-04-16  Bem Jones-Bey  <bjonesbe@adobe.com>

        Fix CodeGenerator.pm to only write files if the generated content has changed
        https://bugs.webkit.org/show_bug.cgi?id=131756

        Reviewed by Sam Weinig.

        To improve build speed, don't touch generated files unless the newly
        generated content is actually different.

        * bindings/scripts/CodeGenerator.pm:
        (UpdateFile):

2014-04-16  Andreas Kling  <akling@apple.com>

        Add a way to cache never-changing IDL attributes in the wrapper.
        <https://webkit.org/b/131759>

        Some IDL attributes will always return the same value when queried
        on an object, so let's have a way to avoid calling into C++ code
        every time they are queried.

        This patch adds a custom IDL thingy called "ReturnsCacheableValue"
        which causes the code generator to emit code to cache the returned
        value directly in the JS wrapper object.

        Reviewed by Oliver Hunt.

        * bindings/scripts/IDLAttributes.txt:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):

            Add ReturnsCacheableValue custom attribute.

        * dom/Element.idl:
        * dom/Node.idl:

            Annotate some attributes that return fully cacheable values.

        * bindings/scripts/test/*:

            Rebaseline.

2014-04-16  Noel Gordon  <noel.gordon@gmail.com>

        Progressive JPEG outputScanlines() calls should handle failure
        https://bugs.webkit.org/show_bug.cgi?id=116701

        Reviewed by Brent Fulgham.

        outputScanlines() can fail and delete |this|. Copy the decoder pointer
        member and use that copy to detect and handle the failure case.

        * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
        (WebCore::JPEGImageReader::decode):

2014-04-16  Robert Sipka  <sipka@inf.u-szeged.hu>

        [curl] Add WEB_TIMING support
        https://bugs.webkit.org/show_bug.cgi?id=127555

        Reviewed by Brent Fulgham.

        Access timing information related to navigation.

        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::milisecondsSinceRequest):
        (WebCore::calculateWebTimingInformations):
        (WebCore::sockoptfunction):
        (WebCore::headerCallback):
        (WebCore::ResourceHandleManager::downloadTimerCallback):
        (WebCore::ResourceHandleManager::dispatchSynchronousJob):
        (WebCore::ResourceHandleManager::initializeHandle):

2014-04-16  Zoltan Horvath  <zoltan@webkit.org>

        Cleanup header includes in ShapeOutsideInfo.h
        https://bugs.webkit.org/show_bug.cgi?id=131750

        Reviewed by Antti Koivisto.

        Make the build faster by removing unnecessary header includes.

        No new tests, no behavior change.

        * rendering/shapes/ShapeOutsideInfo.h:

2014-04-16  Simon Fraser  <simon.fraser@apple.com>

        Fix the iOS build.

        * platform/graphics/cg/BitmapImageCG.cpp:
        (WebCore::BitmapImage::draw):

2014-04-16  Alexey Proskuryakov  <ap@apple.com>

        DataTransfer should cache its FileList
        https://bugs.webkit.org/show_bug.cgi?id=131694

        Reviewed by Darin Adler.

        Test: fast/events/data-transfer-files-attribute-identity.html

        * bindings/js/SerializedScriptValue.cpp: (WebCore::CloneDeserializer::readTerminal):
        Switched to a new FileList constructor, CloneDeserializer doesn't really need to modify
        the FileList with append().

        * dom/DataTransfer.h:
        * dom/DataTransfer.cpp:
        (WebCore::DataTransfer::types): Added a FIXME.
        (WebCore::DataTransfer::files): Changed to reuse a cached FileList. It's currently
        easy, because we don't support DataTransferItemList. Once we do, making any changes
        through it will also require updating the FileList in a way that doesn't replace
        File objects for unchanged files.

        * fileapi/FileList.h:
        (WebCore::FileList::create):
        (WebCore::FileList::isEmpty):
        (WebCore::FileList::FileList):
        (WebCore::FileList::append):
        (WebCore::FileList::clear):
        Made non-const functions private, because neither DataTransfer nor FileInputType
        expect the list to be modified without their knowledge. Added a new Vector based
        constructor so that a FileList could be created without the use of append().

        * html/FileInputType.cpp: (WebCore::FileInputType::createFileList): Simplified
        the code a little bit. FileInputType still needs to modify the list for clear(),
        but doesn't need to add to it dynamically - unlike with DataTransfer, it's expected
        to create a new FileList when it's modified.

2014-04-15  Brent Fulgham  <bfulgham@apple.com>

        [Win] Eliminate use of deleteAllValues in Windows Files
        https://bugs.webkit.org/show_bug.cgi?id=131631

        Reviewed by Darin Adler.

        Update to use std::unique_ptr for object lifetime. Get rid of
        deleteAllValues now that it is no loner needed. Use ranged for
        loops where possible.

        * platform/win/WCDataObject.cpp:
        (WebCore::WCEnumFormatEtc::WCEnumFormatEtc):
        (WebCore::WCDataObject::~WCDataObject):
        (WebCore::WCDataObject::GetData):
        (WebCore::WCDataObject::QueryGetData):
        (WebCore::WCDataObject::SetData):
        (WebCore::WCDataObject::clearData):
        * platform/win/WCDataObject.h:

2014-04-16  Chris Fleizach  <cfleizach@apple.com>

        AX: Accessing a table cell with an invalid column header crashes
        https://bugs.webkit.org/show_bug.cgi?id=131719

        Reviewed by Darin Adler.

        If no tableCell is available as a column/row header, then do not continue processing.

        Test: accessibility/table-missing-column-header-crash.html

        * accessibility/AccessibilityTableCell.cpp:
        (WebCore::AccessibilityTableCell::columnHeaders):
        (WebCore::AccessibilityTableCell::rowHeaders):

2014-04-16  Brendan Long  <b.long@cablelabs.com>

        [GTK] Fix unused parameter warnings
        https://bugs.webkit.org/show_bug.cgi?id=131721

        Reviewed by Darin Adler.

        * bindings/js/JSMediaStreamCapabilitiesCustom.cpp:
        (WebCore::toJS): Remove unused 'exec' parameter.

2014-04-16  Simon Fraser  <simon.fraser@apple.com>

        Convert the boolean param of Image::startAnimation() to an enum
        https://bugs.webkit.org/show_bug.cgi?id=131742

        Reviewed by Tim Horton.

        Use an enum to make the code more readable.

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::startAnimation):
        * platform/graphics/BitmapImage.h:
        * platform/graphics/Image.cpp:
        (WebCore::Image::drawTiled):
        * platform/graphics/Image.h:
        (WebCore::Image::startAnimation):
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::startAnimation):
        * svg/graphics/SVGImage.h:

2014-04-16  David Hyatt  <hyatt@apple.com>

        Make sure to skip the RenderMultiColumnFlowThread when resolving percentage heights inside columns against
        containing blocks. The flow thread's auto height should not interfere if a fixed height is specified on
        an ancestor.

        https://bugs.webkit.org/show_bug.cgi?id=131741

        Reviewed by Simon Fraser.

        Added fast/multicol/percent-height.html.

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::skipContainingBlockForPercentHeightCalculation):
        Add an isInFlowRenderFlowThread check so that we skip those blocks and don't consider them at all
        when resolving percentage heights.

2014-04-16  Daewoong Jang  <daewoong.jang@navercorp.com>

        [WinCairo][cURL] Build fix for WinCairo build with USE(CURL).
        https://bugs.webkit.org/show_bug.cgi?id=131614

        Reviewed by Brent Fulgham.

        Build fix, no new tests needed.

        * platform/network/curl/CurlCacheEntry.cpp:
        (WebCore::CurlCacheEntry::loadResponseHeaders):
        * platform/network/curl/CurlCacheManager.cpp:
        (WebCore::CurlCacheManager::loadIndex):
        * platform/network/soup/ResourceError.h:
        * platform/network/soup/SocketStreamHandle.h:

2014-04-16  Martin Hodovan  <mhodovan@inf.u-szeged.hu>

        ASSERTION FAILED: x2 >= x1 in WebCore::RenderObject::drawLineForBoxSide
        https://bugs.webkit.org/show_bug.cgi?id=127835

        In some cases when a negative margin and a positive padding are applied
        together to the right and/or left side of the box, the logical width of
        the borders can be set to a negative value, making the assertion fire.
        The fix checks if the width or height of the box is negative, and if so,
        it will not display the borders and shadows of the box.

        Reviewed by Darin Adler.

        Test: fast/css/padding-margin-negative-border.html

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintBorder):

2014-04-16  Jer Noble  <jer.noble@apple.com>

        [MSE] Seeks into buffered ranges will never complete.
        https://bugs.webkit.org/show_bug.cgi?id=131717

        Reviewed by Eric Carlson.

        Test: media/media-source/media-source-seek-complete.html

        Run the SourceBuffer Monitoring step after initiating a seek.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateSeekToTime):

2014-04-15  Hyowon Kim  <hw1008.kim@samsung.com>

        [EFL] Fix problems with the pixel dump.
        https://bugs.webkit.org/show_bug.cgi?id=131265

        Reviewed by Gyuyoung Kim.

        Painting and compositing paths of WebKit-EFL were totally modified from r166768.
        However pixel dump codes still call deprecated functions like ewk_view_paint(),
        which causes that nothing is drawn.

        This patch adds new member functions to AcceleratedCompositingContext to support pixel dump.
        One of new functions is AcceleratedCompositingContext::extractImageData(),
        which replaces deprecated function calls. Besides the extractImageData() is invoked by
        ewk_view_screenshot_contents_get() in order to take the visible content displayed on the EFL webview.

        * platform/graphics/cairo/CairoUtilities.cpp:
        (WebCore::flipImageSurfaceVertically): Flip pixel data of given cairo_surface_t vertically up/down.
        Whereas Cairo uses the top-left corner as being 0,0 of the coordinate system,
        OpenGL uses the bottom-left corner being 0,0.
        So we need to vertically flip resultant images taken by glReadPixels().
        * platform/graphics/cairo/CairoUtilities.h:

2014-04-15  Hyowon Kim  <hw1008.kim@samsung.com>

        Make page overlay functionality working on coordinated graphics.
        https://bugs.webkit.org/show_bug.cgi?id=131425

        Reviewed by Darin Adler.

        Page overlay functionality did not work on coordinated graphics since r166975.
        This patch removes deprecated code related to the PageOverlay GraphicsLayer management.
        and makes CoordinatedLayerTreeHost use PageOverlayController.

        * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
        (WebCore::CompositingCoordinator::setRootCompositingLayer):
        (WebCore::CompositingCoordinator::flushPendingLayerChanges):
        * platform/graphics/texmap/coordinated/CompositingCoordinator.h:

2014-04-10  Roger Fong  <roger_fong@apple.com>

        Snapshotted plugins may need to be restarted if style properties are changed after initial load of plugin.
        https://bugs.webkit.org/show_bug.cgi?id=131553.
        <rdar://problem/15443375>

        Reviewed by Timothy Horton.

        Test: plugins/snapshotting/set-plugin-size-to-tiny.html

        When updating embedded objects during our post layout checks, check for certain style changes
        that may result in the plugin needing to be restarted.

        * html/HTMLPlugInImageElement.h: 
        Add m_plugInDimensionsSpecified field to keep track of whether or not dimensions on the plugin’s renderer have been specified.
        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::HTMLPlugInImageElement):
        Initialize m_plugInDimensionsSpecified.
        (WebCore::isSmallerThanTinySizingThreshold):
        Refactoring, move check for whether or not plugin is smaller than the tiny plugin size threshold to this method.
        (WebCore::HTMLPlugInImageElement::isTopLevelFullPage): 
        Refactoring, move check for whether or not plugin is top level full page to this method.
        (WebCore::HTMLPlugInImageElement::checkSnapshotStatus): 
        Use refactored checks here as well to determine whether or not we need to restart the snapshotted plugin.
        (WebCore::HTMLPlugInImageElement::subframeLoaderWillCreatePlugIn): Use refactored checks.
        If plugin dimensions were specified, set m_plugInDimensionsSpecified to true.

2014-04-15  Andreas Kling  <akling@apple.com>

        [iOS WebKit2] Listen for system memory pressure notifications.
        <https://webkit.org/b/131653>
        <rdar://problem/16208123>

        Reviewed by Antti Koivisto.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::install):

            Use the right invocation to summon the memory pressure handler.

        (WebCore::MemoryPressureHandler::install):
        (WebCore::MemoryPressureHandler::uninstall):
        (WebCore::MemoryPressureHandler::holdOff):
        (WebCore::MemoryPressureHandler::respondToMemoryPressure):

            Make stubbed out functions !PLATFORM(COCOA)

2014-04-14  Morten Stenshorne  <mstensho@opera.com>

        [New Multicolumn] Add support for column-span:all
        https://bugs.webkit.org/show_bug.cgi?id=129330

        Reviewed by Dave Hyatt.

        Column spanners are implemented as siblings of RenderMultiColumnSet
        objects (i.e. the regions for the column rows). This means that they
        are pulled out from the flow thread tree where they would otherwise
        live. This causes some complexity, most of which is contained within
        the multicol code.

        A placeholder is put in the flow thread tree where the spanner's
        renderer would otherwise live. This is needed in order make sure that
        we interrupt line layout before after the spanner. We also need this
        to be able to switch from one multicol set to the next.

        Some extra logic is required when dynamically inserting and removing
        flow thread descendants now, because we need to figure out if the
        renderer added should trigger creation of new multi column sets. If
        a spanner is inserted in the middle of a multi column set, we need to
        detect this, split the set and put the spanner in the middle.

        Wrote a bunch of tests. A few of the tests were copied from existing
        (old-impl) tests and put in a separate directory. That directory can
        be wiped when we turn on the new multicol implementation by default.

        Tests: fast/multicol/newmulticol/adjacent-spanners.html
               fast/multicol/newmulticol/block-becomes-spanner.html
               fast/multicol/newmulticol/change-spanner-display.html
               fast/multicol/newmulticol/change-spanner-parent-display.html
               fast/multicol/newmulticol/compare-with-old-impl/anonymous-block-split-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/before-child-anonymous-column-block.html
               fast/multicol/newmulticol/compare-with-old-impl/clone-before-after-content-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/clone-block-children-inline-mismatch-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/clone-flexbox.html
               fast/multicol/newmulticol/compare-with-old-impl/clone-summary.html
               fast/multicol/newmulticol/compare-with-old-impl/column-span-inside-multicol-webkit-box.html
               fast/multicol/newmulticol/compare-with-old-impl/continuation-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/double-merge-anonymous-block-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/empty-anonymous-block-split-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/float-not-removed-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/list-multi-column-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/positioned-child-not-removed-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/positioned-objects-not-removed-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/recursive-split-flow-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/removal-of-multicol-span-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/remove-child-split-flow-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/runin-continuation-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/span-as-immediate-child-complex-splitting.html
               fast/multicol/newmulticol/compare-with-old-impl/span-as-nested-inline-block-child.html
               fast/multicol/newmulticol/compare-with-old-impl/split-flow-anonymous-wrapper-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/split-inline-wrong-post-block-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/table-multi-column-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/textbox-not-removed-crash.html
               fast/multicol/newmulticol/compare-with-old-impl/update-after-content-before-child-crash.html
               fast/multicol/newmulticol/insert-row-content1.html
               fast/multicol/newmulticol/insert-row-content2.html
               fast/multicol/newmulticol/insert-row-content3.html
               fast/multicol/newmulticol/insert-row-content4.html
               fast/multicol/newmulticol/insert-row-content5.html
               fast/multicol/newmulticol/insert-row-content6.html
               fast/multicol/newmulticol/insert-row-content7.html
               fast/multicol/newmulticol/insert-row-content8.html
               fast/multicol/newmulticol/insert-row-content9.html
               fast/multicol/newmulticol/insert-spanner-child1.html
               fast/multicol/newmulticol/insert-spanner-child2.html
               fast/multicol/newmulticol/insert-spanner-child3.html
               fast/multicol/newmulticol/insert-spanner1.html
               fast/multicol/newmulticol/insert-spanner2.html
               fast/multicol/newmulticol/insert-spanner3.html
               fast/multicol/newmulticol/insert-spanner4.html
               fast/multicol/newmulticol/insert-spanner5.html
               fast/multicol/newmulticol/insert-spanner6.html
               fast/multicol/newmulticol/insert-spanner7.html
               fast/multicol/newmulticol/insert-spanner8.html
               fast/multicol/newmulticol/multicol-with-spanner-becomes-regular-block.html
               fast/multicol/newmulticol/remove-row-content1.html
               fast/multicol/newmulticol/remove-row-content2.html
               fast/multicol/newmulticol/remove-row-content3.html
               fast/multicol/newmulticol/remove-row-content4.html
               fast/multicol/newmulticol/remove-row-content5.html
               fast/multicol/newmulticol/remove-row-content6.html
               fast/multicol/newmulticol/remove-row-content7.html
               fast/multicol/newmulticol/remove-row-content8.html
               fast/multicol/newmulticol/remove-row-content9.html
               fast/multicol/newmulticol/remove-spanner1.html
               fast/multicol/newmulticol/remove-spanner2.html
               fast/multicol/newmulticol/remove-spanner3.html
               fast/multicol/newmulticol/remove-spanner4.html
               fast/multicol/newmulticol/remove-spanner5.html
               fast/multicol/newmulticol/remove-spanner6.html
               fast/multicol/newmulticol/sole-spanner.html
               fast/multicol/newmulticol/span-between-text.html
               fast/multicol/newmulticol/spanner-becomes-regular-block.html
               fast/multicol/newmulticol/spanner-first.html
               fast/multicol/newmulticol/spanner-img.html
               fast/multicol/newmulticol/spanner-inline-block.html
               fast/multicol/newmulticol/spanner-last.html
               fast/multicol/newmulticol/spanner-nested-dynamic.html
               fast/multicol/newmulticol/spanner-nested.html
               fast/multicol/newmulticol/spanner-pseudo-after1.html
               fast/multicol/newmulticol/spanner-pseudo-after2.html
               fast/multicol/newmulticol/spanner-pseudo-after3.html
               fast/multicol/newmulticol/spanner-pseudo-after4.html
               fast/multicol/newmulticol/spanner-pseudo-before-after1.html
               fast/multicol/newmulticol/spanner-pseudo-before-after2.html
               fast/multicol/newmulticol/spanner-pseudo-before-after3.html
               fast/multicol/newmulticol/spanner-pseudo-before-after4.html
               fast/multicol/newmulticol/spanner-pseudo-before1.html
               fast/multicol/newmulticol/spanner-pseudo-before2.html
               fast/multicol/newmulticol/spanner-pseudo-before3.html
               fast/multicol/newmulticol/spanner-pseudo-before4.html
               fast/multicol/newmulticol/spanner-table.html
               fast/multicol/newmulticol/spanner-with-margin.html
               fast/multicol/newmulticol/spanner1.html
               fast/multicol/newmulticol/spanner2.html
               fast/multicol/newmulticol/spanner3.html
               fast/multicol/newmulticol/spanner4.html
               fast/multicol/newmulticol/spanner5.html
               fast/multicol/newmulticol/spanner6.html
               fast/multicol/newmulticol/spanner7.html
               fast/multicol/newmulticol/spanner8.html
               fast/multicol/newmulticol/spanner9.html
               fast/multicol/newmulticol/trailing-margin-with-spanner.html
               fast/multicol/newmulticol/trailing-margin-with-spanner2.html

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks):
        Disable the old anonymous multicol container and spanner anonymous
        block generation machinery when the new multicol implementation is
        enabled.
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::createMultiColumnFlowThread):
        (WebCore::RenderBlockFlow::destroyMultiColumnFlowThread):
        (WebCore::RenderBlockFlow::layoutBlockChild): Need to notify the
        flow thread when a descendant's final position is known. Spanner
        placeholders need to know where to terminate the column set that
        it follows.
        (WebCore::RenderBlockFlow::styleDidChange): Remove old code that
        isn't needed anymore. The renderers in question (flow thread and
        column sets) set display:block on themselves already. This code
        caused problems for spanners, which got all their style wiped.
        (WebCore::RenderBlockFlow::setMultiColumnFlowThread): If setting
        the flow thread to nullptr, there's no need to create the "rare
        data" structure.
        (WebCore::RenderBlockFlow::relayoutForPagination):
        (WebCore::RenderBlockFlow::layoutSpecialExcludedChild):
        (WebCore::RenderBlockFlow::addChild): beforeChild is retrieved via
        the DOM. If it is a spanner, we need to locate the placeholder
        here, because that's the correct location to insert siblings,
        DOM-wise.
        (WebCore::RenderBlockFlow::removeChild): The multicol flow thread
        needs to know when children disappear.
        (WebCore::RenderBlockFlow::checkForPaginationLogicalHeightChange):
        Don't modify the height back and forth when calculating the
        multicol container's final height, as that messes up balancing.
        (WebCore::RenderBlockFlow::insertedIntoTree): Deleted.
        (WebCore::RenderBlockFlow::willBeDestroyed): Deleted.
        (WebCore::RenderBlockFlow::styleWillChange): Deleted.
        (WebCore::RenderBlockFlow::lineAtIndex): Deleted.
        * rendering/RenderBlockFlow.h:
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::insertedIntoTree): Set up an element's
        layer before notifying the flow thread. The multicol flow thread
        may decide to move the element (if it's a spanner), which may
        involve re-insertion of layers.  Calling
        RenderObject::insertedIntoTree() last instead of first also better
        matches the order we used to have prior to the introduction of
        RenderElement, FWIW.
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::layout):
        (WebCore::RenderFlowThread::removeRegionFromThread): Deleted.
        (WebCore::RenderFlowThread::invalidateRegions): Deleted.
        * rendering/RenderFlowThread.h:
        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::RenderMultiColumnFlowThread):
        (WebCore::RenderMultiColumnFlowThread::removeFlowChildInfo): When
        a flow thread descendant is inserted, the multicol flow thread
        needs to be notified.
        (WebCore::RenderMultiColumnFlowThread::firstMultiColumnSet):
        (WebCore::RenderMultiColumnFlowThread::lastMultiColumnSet):
        (WebCore::RenderMultiColumnFlowThread::firstColumnSetOrSpanner):
        (WebCore::RenderMultiColumnFlowThread::nextColumnSetOrSpannerSiblingOf):
        (WebCore::RenderMultiColumnFlowThread::previousColumnSetOrSpannerSiblingOf):
        (WebCore::RenderMultiColumnFlowThread::layout):
        (WebCore::RenderMultiColumnFlowThread::findSetRendering):
        (WebCore::RenderMultiColumnFlowThread::populate):
        (WebCore::RenderMultiColumnFlowThread::evacuateAndDestroy):
        (WebCore::RenderMultiColumnFlowThread::addRegionToThread):
        (WebCore::RenderMultiColumnFlowThread::willBeRemovedFromTree):
        Need to detach column sets here, since they have pointers to their
        flow thread.
        (WebCore::RenderMultiColumnFlowThread::resolveMovedChild):
        (WebCore::isValidColumnSpanner):
        (WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted):
        (WebCore::RenderMultiColumnFlowThread::flowThreadRelativeWillBeRemoved):
        (WebCore::RenderMultiColumnFlowThread::flowThreadDescendantBoxLaidOut):
        (WebCore::RenderMultiColumnFlowThread::autoGenerateRegionsToBlockOffset):
        Nothing to be done here for the time being. Column sets are now
        created during box creation. We are going to need to add some code
        here again once multicol properly supports nested fragmentation
        contexts (and you get adjacent column rows because of that).
        (WebCore::RenderMultiColumnFlowThread::regionAtBlockOffset):
        During layout, don't trust the region interval tree, as that one
        depends on the resulting layout.
        (WebCore::RenderMultiColumnFlowThread::setRegionRangeForBox): With
        a convenience method to get the last column set, and column sets
        now being created during normal box creation, this young method
        needs an overhaul.
        (WebCore::RenderMultiColumnFlowThread::setRegionRangeForBox):
        (WebCore::RenderMultiColumnFlowThread::isPageLogicalHeightKnown):
        * rendering/RenderMultiColumnFlowThread.h:
        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::nextSiblingMultiColumnSet):
        (WebCore::RenderMultiColumnSet::previousSiblingMultiColumnSet):
        (WebCore::RenderMultiColumnSet::firstRendererInFlowThread):
        (WebCore::RenderMultiColumnSet::lastRendererInFlowThread):
        (WebCore::precedesRenderer):
        (WebCore::RenderMultiColumnSet::containsRendererInFlowThread):
        (WebCore::RenderMultiColumnSet::setLogicalTopInFlowThread):
        (WebCore::RenderMultiColumnSet::setLogicalBottomInFlowThread):
        (WebCore::RenderMultiColumnSet::pageLogicalTopForOffset):
        (WebCore::RenderMultiColumnSet::distributeImplicitBreaks):
        (WebCore::RenderMultiColumnSet::calculateBalancedHeight):
        (WebCore::RenderMultiColumnSet::addForcedBreak):
        (WebCore::RenderMultiColumnSet::recalculateColumnHeight):
        Previously only needed if columns were to be balanced, now it's
        also needed when not balancing.
        (WebCore::RenderMultiColumnSet::recordSpaceShortage): Some layout
        elements actually have 0 height. Skip them, since they're not
        taking us anywhere.
        (WebCore::RenderMultiColumnSet::updateLogicalWidth):
        (WebCore::RenderMultiColumnSet::requiresBalancing): Column sets
        now have individual balancing needs. If they precede a spanner,
        they must always be balanced. For the last column set, see if
        height is unspecified or column-fill is 'balance' (like before).
        (WebCore::RenderMultiColumnSet::prepareForLayout):
        (WebCore::RenderMultiColumnSet::beginFlow):
        (WebCore::RenderMultiColumnSet::endFlow):
        (WebCore::RenderMultiColumnSet::layout):
        (WebCore::RenderMultiColumnSet::calculateMaxColumnHeight):
        (WebCore::RenderMultiColumnSet::columnRectAt):
        (WebCore::RenderMultiColumnSet::flowThreadPortionOverflowRect):
        (WebCore::RenderMultiColumnSet::paintColumnRules):
        (WebCore::RenderMultiColumnSet::initialBlockOffsetForPainting):
        (WebCore::RenderMultiColumnSet::collectLayerFragments):
        (WebCore::RenderMultiColumnSet::columnTranslationForOffset):
        (WebCore::RenderMultiColumnSet::setAndConstrainColumnHeight): Deleted.
        (WebCore::RenderMultiColumnSet::findRunWithTallestColumns): Deleted.
        (WebCore::RenderMultiColumnSet::clearForcedBreaks): Deleted.
        (WebCore::RenderMultiColumnSet::repaintFlowThreadContent): Deleted.
        * rendering/RenderMultiColumnSet.h:
        * rendering/RenderMultiColumnSpannerPlaceholder.cpp: Added.
        (WebCore::RenderMultiColumnSpannerPlaceholder::createAnonymous):
        (WebCore::RenderMultiColumnSpannerPlaceholder::RenderMultiColumnSpannerPlaceholder):
        (WebCore::RenderMultiColumnSpannerPlaceholder::renderName):
        * rendering/RenderMultiColumnSpannerPlaceholder.h: Added.
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::insertedIntoTree): Need to notify the
        multicol flow thread when descendants are inserted. That may
        trigger insertion of column sets, or, in the case of spanners,
        they need to be moved out from the flow thread.
        * rendering/RenderObject.h:
        (WebCore::RenderObject::isRenderMultiColumnSpannerPlaceholder):
        (WebCore::RenderObject::isAnonymousBlock): Exclude column sets
        here, so that they don't get involved in anonymous block merging
        and other kinds of fun.
        * rendering/RenderRegion.h:
        * rendering/RenderRegionSet.h:

2014-04-15  Simon Fraser  <simon.fraser@apple.com>

        LayerTreeAsTextBehavior should be in the WebCore namespace
        https://bugs.webkit.org/show_bug.cgi?id=131683

        Reviewed by Andrei Bucur.

        Move LayerTreeAsTextBehavior and the bit flags into the WebCore namespace.

        * platform/graphics/GraphicsLayer.cpp:
        (showGraphicsLayerTree):
        * platform/graphics/GraphicsLayer.h:

2014-04-15  Benjamin Poulain  <bpoulain@apple.com>

        ViewportConfiguration handles userZoom incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=131657

        Reviewed by Darin Adler.

        * page/ViewportConfiguration.cpp:
        (WebCore::viewportArgumentUserZoomIsSet):
        (WebCore::ViewportConfiguration::updateConfiguration):
        The other viewport values must be strictly positive, userZoom is always either zero, one or minus one.
        As a result, the value zero was never set.

2014-04-15  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Pages often blank on first load if page loaded by typing the URL
        https://bugs.webkit.org/show_bug.cgi?id=131665

        Reviewed by Tim Horton.

        The document overlay-related code in RemoteLayerTreeDrawingArea::setRootCompositingLayer()
        was triggering a compositing layer flush when called with a null rootLayer, which happens
        for pages going into the page cache. This would trigger a layer flush that would clobber
        the root layer for the visible page, resulting in missing content.
        
        Also, rebuildCompositingLayerTree() is called recursively and the m_documentOverlayRootLayer
        was being added to (and then removed from) every single compositing layers.
        
        Fix both these by changing to a pull model, where RenderLayerCompositor requests
        the overlay layer via ChromeClient, and gets it at the end of every flush,
        adding to the children of the root layer.

        * WebCore.exp.in:
        * page/ChromeClient.h:
        (WebCore::ChromeClient::documentOverlayLayerForFrame):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::RenderLayerCompositor):
        (WebCore::RenderLayerCompositor::flushPendingLayerChanges): Put visibleRect
        into a variable for ease of debugging.
        (WebCore::RenderLayerCompositor::updateCompositingLayers): Asser
        that we're not in the page cache (this would have caught the bug).
        (WebCore::RenderLayerCompositor::appendOverlayLayers):
        (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
        (WebCore::RenderLayerCompositor::setDocumentOverlayRootLayer): Deleted.
        * rendering/RenderLayerCompositor.h:

2014-04-15  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167199 and r167251.
        https://bugs.webkit.org/show_bug.cgi?id=131678

        Caused a DYEBench regression and does not seem to improve perf
        on relevant websites (Requested by rniwa on #webkit).

        Reverted changesets:

        "Rewrite Function.bind as a builtin"
        https://bugs.webkit.org/show_bug.cgi?id=131083
        http://trac.webkit.org/changeset/167199

        "Update test result"
        http://trac.webkit.org/changeset/167251

2014-04-15  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Remove unnecessary null checking in NavigatorContentUtils
        https://bugs.webkit.org/show_bug.cgi?id=131652

        Reviewed by Darin Adler.

        Some functions have checked if document is null. However, document is always not
        null when frame is existed.

        No new tests, no behavior changes.

        * Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
        (WebCore::NavigatorContentUtils::registerProtocolHandler):
        (WebCore::NavigatorContentUtils::isProtocolHandlerRegistered):
        (WebCore::NavigatorContentUtils::unregisterProtocolHandler):

2014-04-15  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167298.
        https://bugs.webkit.org/show_bug.cgi?id=131670

        Broke CSS filters (17 test crashes) (Requested by ap on
        #webkit).

        Reverted changeset:

        "[iOS WK2] Pages often blank on first load if page loaded by
        typing the URL"
        https://bugs.webkit.org/show_bug.cgi?id=131665
        http://trac.webkit.org/changeset/167298

2014-04-14  Pratik Solanki  <psolanki@apple.com>

        Unreviewed. Attempt to fix Windows build after r167277.

        * page/FrameView.cpp:
        (WebCore::FrameView::willPaintContents):

2014-04-14  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167261.
        https://bugs.webkit.org/show_bug.cgi?id=131667

        broke many navigation tests (Requested by ap on #webkit).

        Reverted changeset:

        "Web Replay: memoize fallback time values for
        document.lastModified"
        https://bugs.webkit.org/show_bug.cgi?id=131318
        http://trac.webkit.org/changeset/167261

2014-04-14  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Pages often blank on first load if page loaded by typing the URL
        https://bugs.webkit.org/show_bug.cgi?id=131665

        Reviewed by Tim Horton.

        The document overlay-related code in RemoteLayerTreeDrawingArea::setRootCompositingLayer()
        was triggering a compositing layer flush when called with a null rootLayer, which happens
        for pages going into the page cache. This would trigger a layer flush that would clobber
        the root layer for the visible page, resulting in missing content.
        
        Also, rebuildCompositingLayerTree() is called recursively and the m_documentOverlayRootLayer
        was being added to (and then removed from) every single compositing layers.
        
        Fix both these by changing to a pull model, where RenderLayerCompositor requests
        the overlay layer via ChromeClient, and gets it at the end of every flush,
        adding to the children of the root layer.

        * WebCore.exp.in:
        * page/ChromeClient.h:
        (WebCore::ChromeClient::documentOverlayLayerForFrame):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::RenderLayerCompositor):
        (WebCore::RenderLayerCompositor::flushPendingLayerChanges): Put visibleRect
        into a variable for ease of debugging.
        (WebCore::RenderLayerCompositor::updateCompositingLayers): Asser
        that we're not in the page cache (this would have caught the bug).
        (WebCore::RenderLayerCompositor::appendOverlayLayers):
        (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
        (WebCore::RenderLayerCompositor::setDocumentOverlayRootLayer): Deleted.
        * rendering/RenderLayerCompositor.h:

2014-04-14  Jon Honeycutt  <jhoneycutt@apple.com>

        Assertion failure under FEImage::determineAbsolutePaintRect()

        <https://bugs.webkit.org/show_bug.cgi?id=131660>
        <rdar://problem/15669294>

        This patch merges Chromium r149536 (see
        <https://chromiumcodereview.appspot.com/14701012>), which moves
        m_absoluteTransform out of SVGFilter and into the base Filter class, so
        that it isn't necessary to cast a Filter to SVGFilter to get the
        absolute transform.

        Reviewed by Geoffrey Garen.

        Test: svg/filters/feImage-filter-assertion.html

        * platform/graphics/filters/Filter.h:
        (WebCore::Filter::Filter):
        Changed to take the absolute transform.
        (WebCore::Filter::absoluteTransform):
        Moved from SVGFilter.
        (WebCore::Filter::mapAbsolutePointToLocalPoint):
        Ditto.

        * rendering/FilterEffectRenderer.cpp:
        (WebCore::FilterEffectRenderer::FilterEffectRenderer):
        Pass a default AffineTransform() to the Filter base class.

        * svg/graphics/filters/SVGFEImage.cpp:
        (WebCore::FEImage::determineAbsolutePaintRect):
        Use the Filter without casting it to SVGFilter.
        (WebCore::FEImage::platformApplySoftware):
        Ditto.

        * svg/graphics/filters/SVGFilter.cpp:
        (WebCore::SVGFilter::SVGFilter):
        Pass the transform to the base class, and remove initialization of a
        removed member var.

        * svg/graphics/filters/SVGFilter.h:
        Member var moved to Filter.h.

2014-04-14  Darin Adler  <darin@apple.com>

        REGRESSION (r158617): Find on Page can get stuck in a loop when the search string occurs in an <input> in a <fieldset>
        https://bugs.webkit.org/show_bug.cgi?id=126322

        Reviewed by Ryosuke Niwa.

        One additional tweak to the fix for the bug above.
        Fixes crash in editing/editability/ignored-content.html test.

        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::canContainRangeEndPoint): Call through to
        HTMLElement::canContainRangeEndPoint, bypassing HTMLPlugInElement override
        that always returns false. Without this change, this function was always
        returning false.

2014-04-14  Simon Fraser  <simon.fraser@apple.com>

        Crash in TileController::tileRevalidationTimerFired
        https://bugs.webkit.org/show_bug.cgi?id=131656
        <rdar://problem/16583166>

        Reviewed by Sam Weinig.

        It's possible for the TileController revalidation timer to fire after
        the GraphicsLayer has been destroyed, so the PlatformCALayer no longer
        has an owningGraphicsLayer.
        
        Bail from the timer callback if owningGraphicsLayer() is null.
        
        Also some drive-by 0 -> nullptr changes.

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::willBeDestroyed):
        * platform/graphics/ca/PlatformCALayer.cpp:
        (WebCore::PlatformCALayer::~PlatformCALayer):
        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::tileRevalidationTimerFired):

2014-04-14  Bem Jones-Bey  <bjonesbe@adobe.com>

        [CSS Shapes] Remove some leftover shape-inside code
        https://bugs.webkit.org/show_bug.cgi?id=131641

        Reviewed by Dean Jackson.

        I discovered that some code had been leftover from the shape-inside
        removal. This removes that leftover code.

        No new tests, no behavior change.

        * platform/text/BidiResolver.h:
        * rendering/BidiRun.cpp:
        (WebCore::BidiRun::BidiRun):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::createLineBoxes):
        (WebCore::RenderBlockFlow::constructLine):
        (WebCore::computeExpansionForJustifiedText):
        (WebCore::RenderBlockFlow::computeInlineDirectionPositionsForSegment):

2014-04-14  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] video.currentTime is sometimes negative.
        https://bugs.webkit.org/show_bug.cgi?id=131644

        Reviewed by Eric Carlson.

        AVSampleBufferRenderSynchronizer will occasionally return slightly negative values
        when beginning playback. Clamp the return value to 0.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::currentTimeDouble):

2014-04-14  Bem Jones-Bey  <bjonesbe@adobe.com>

        [CSSExclusions] Remove FIXME referencing closed bug
        https://bugs.webkit.org/show_bug.cgi?id=131645

        Reviewed by Dean Jackson.

        This is silly, but the comment is really confusing as it's entirely
        wrong now.

        No new tests, no behavior change.

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeRequiresRepaint):

2014-04-14  Andreas Kling  <akling@apple.com>

        Build fixage.

        * page/FrameView.cpp:

2014-04-14  Jon Honeycutt  <jhoneycutt@apple.com>

        Assertion failure !node || node->isElementNode() in
        WebCore::RenderBlock::inlineElementContinuation
  
        https://bugs.webkit.org/show_bug.cgi?id=108829
        <rdar://problem/13666405>
  
        I can't reproduce this assertion failure, but there seems to be an
        invalid assumption in RenderBlock::inlineElementContinuation() that
        anything with the "isInline()" bit set is a RenderInline.
        
        No new test because the test case in the bug does not repro for me.

        Reviewed by Brent Fulgham.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::inlineElementContinuation):
        Dave Hyatt says that this function should only return RenderInline
        objects (not non-RenderInline inline objects), so update the checks
        from isInline() to isRenderInline() before casting with
        toRenderInline().

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::inlineElementContinuation):
        Ditto.

2014-04-14  Andreas Kling  <akling@apple.com>

        Do more things under memory pressure on non-iOS platforms.
        <https://webkit.org/b/131625>

        Reviewed by Antti Koivisto.

        Rename hasReceivedMemoryPressure() to isUnderMemoryPressure() and
        make it use std::atomic<bool> instead of OSAtomic primitives.

        Unmask most of the PLATFORM(IOS) blocks so all platforms can take
        advantage of optimizations done while under pressure. Note that
        isUnderMemoryPressure() will still always return false on platforms
        other than iOS/WK1, but this will change soon.

        * history/PageCache.cpp:
        (WebCore::PageCache::canCache):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad):
        * page/FrameView.cpp:
        (WebCore::FrameView::willPaintContents):
        (WebCore::FrameView::didPaintContents):
        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::MemoryPressureHandler):
        * platform/MemoryPressureHandler.h:
        (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::setReceivedMemoryPressure):
        (WebCore::MemoryPressureHandler::clearMemoryPressure):
        (WebCore::MemoryPressureHandler::respondToMemoryPressureIfNeeded):
        (WebCore::MemoryPressureHandler::hasReceivedMemoryPressure): Deleted.
        * platform/graphics/FontCache.cpp:
        (WebCore::FontCache::purgeInactiveFontDataIfNeeded):
        * platform/ios/LegacyTileCache.mm:
        (WebCore::LegacyTileCache::createTilesInActiveGrid):
        * platform/ios/LegacyTileGrid.mm:
        (WebCore::LegacyTileGrid::shouldUseMinimalTileCoverage):
        * platform/ios/LegacyTileLayerPool.mm:
        (WebCore::LegacyTileLayerPool::addLayer):
        * platform/ios/TileControllerMemoryHandlerIOS.cpp:
        (WebCore::TileControllerMemoryHandler::tileControllerGainedUnparentedTiles):

2014-04-14  Beth Dakin  <bdakin@apple.com>

        RenderLayerCompositor's m_layerForOverhangAreas should be offset by the 
        topContentInset
        https://bugs.webkit.org/show_bug.cgi?id=131632
        -and corresponding-
        <rdar://problem/16609602>

        Reviewed by Tim Horton.

        Offset m_layerForOverhangAreas by the topContentInset. 
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateOverflowControlsLayers):

2014-04-14  Alexey Proskuryakov  <ap@apple.com>

        Eliminate CachedFrame::m_mousePressNode
        https://bugs.webkit.org/show_bug.cgi?id=131626

        Reviewed by Brady Eidson.

        I couldn't find any observable effect of this change.

        * history/CachedFrame.cpp:
        (WebCore::CachedFrameBase::CachedFrameBase):
        (WebCore::CachedFrameBase::restore):
        (WebCore::CachedFrame::clear):
        * history/CachedFrame.h:
        (WebCore::CachedFrame::documentLoader):
        (WebCore::CachedFrame::mousePressNode): Deleted.
        Eliminated m_mousePressNode, accessor, and code that reached out to EventHandler.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::mousePressNode): Deleted.
        (WebCore::EventHandler::setMousePressNode): Deleted.
        * page/EventHandler.h:
        (WebCore::EventHandler::setMousePressed): Deleted. This function was already unused.

2014-04-14  Simon Fraser  <simon.fraser@apple.com>

        Run filter animations in the UI process with UI-side compositing
        https://bugs.webkit.org/show_bug.cgi?id=131199
        <rdar://problem/16479487>

        Reviewed by Sam Weinig.

        Add FilterOperation::clone() which is used during decoding.
        Export some things.

        * WebCore.exp.in:
        * platform/graphics/filters/FilterOperation.h:

2014-04-14  Jer Noble  <jer.noble@apple.com>

        Use after free in WebCore::CachedResourceHandleBase::~CachedResourceHandleBase / WebCore::removeDetachedChildrenInContainer
        https://bugs.webkit.org/show_bug.cgi?id=131169

        Reviewed by Eric Carlson.

        Invalidate the WebCoreAVFResourceLoader owned by MediaPlayerPrivateAVFoundationObjC
        in its destructor, to prevent a private function being called in response to the
        WebCoreAVFResourceLoader being stopped.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC):
        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.h:
        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
        (WebCore::WebCoreAVFResourceLoader::invalidate):

2014-04-14  Simon Fraser  <simon.fraser@apple.com>

        [WK2 iOS] Scrolling to anchor links is broken
        https://bugs.webkit.org/show_bug.cgi?id=131618
        <rdar://problem/16599144>

        Reviewed by Tim Horton.

        Have ScrollingTreeScrollingNode pass RequestedScrollPosition updates
        to the scrolling tree, so that the scrolling tree can have custom behavior
        for them if necessary.

        * page/scrolling/ScrollingTree.h:
        (WebCore::ScrollingTree::scrollingTreeNodeRequestsScroll):
        * page/scrolling/ScrollingTreeScrollingNode.cpp:
        (WebCore::ScrollingTreeScrollingNode::updateAfterChildren):
        * page/scrolling/ScrollingTreeScrollingNode.h:

2014-04-14  Brian J. Burg  <burg@cs.washington.edu>

        Web Replay: memoize fallback time values for document.lastModified
        https://bugs.webkit.org/show_bug.cgi?id=131318

        Reviewed by Joseph Pecoraro.

        If a document's Last-Modified header can't be found or used, then 
        document.lastModified is derived from the current system time or
        from filesystem data, which is obviously nondeterministic.

        It's better to handle this inside Document::lastModified rather than using
        MemoizedDOMResult, because only the fallback case is nondeterministic.

        Test: http/tests/inspector/replay/document-last-modified-fallback-value.html

        * dom/Document.cpp:
        (WebCore::Document::lastModified): Save or reuse memoized fallback value.
        * replay/WebInputs.json: Add input DocumentLastModifiedDate.

2014-04-12  Antti Koivisto  <antti@apple.com>

        Keep secondary tile grid for zoomed-out scale
        https://bugs.webkit.org/show_bug.cgi?id=131586

        Reviewed by Darin Adler.

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::updateContentsScale):
        
            Don't repaint tiled backing with setNeedsDisplay, it invalidates itself correctly in setContentsScale.
            Update custom child layers when tiled backing scale changes.

        * platform/graphics/ca/mac/TileController.h:
        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::TileController):
        (WebCore::TileController::setNeedsDisplay):
        
            Drop the whole zoomed-out grid on full repaint.

        (WebCore::TileController::setNeedsDisplayInRect):
            
            Drop changed zoomed-out tiles. A more sophisticated strategy is possible.

        (WebCore::TileController::setContentsScale):
        
            Swap the zoomed-out grid in and out as needed.
            Repaint the active grid after scale change so the client does not have to.

        (WebCore::TileController::contentsScale):
        
            Get the content scale from the tile grid so it is not kept in two places.

        (WebCore::TileController::zoomedOutContentsScale):
        (WebCore::TileController::setZoomedOutContentsScale):
        
            Drop the zoomed-out grid if it no longer matches the zoomed-out scale.

        (WebCore::TileController::tileRevalidationTimerFired):
        (WebCore::TileController::retainedTileBackingStoreMemory):
        (WebCore::TileController::containerLayers):
        
            Return both zoomed-out tiles and the active tiles. Active tiles are on top.

        (WebCore::TileController::numberOfUnparentedTiles):
        (WebCore::TileController::removeUnparentedTilesNow):
        * platform/graphics/ca/mac/TileGrid.h:
        * platform/graphics/ca/mac/TileGrid.mm:
        (WebCore::TileGrid::dropTilesInRect):
        
            Add a function for dropping tiles.

        (WebCore::TileGrid::revalidateTiles):

2014-04-14  Oliver Hunt  <oliver@apple.com>

        Update test result

        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        (WebCore::JSTestNondeterministicConstructor::finishCreation):

2014-04-14  Dirk Schulze  <krit@webkit.org>

        Optimize Canvas fill and drawImage with SourceIn, DestinationIn, SourceOut, and DestinationAtop using transparencyLayer.
        https://bugs.webkit.org/show_bug.cgi?id=79659

        Reviewed by Darin Adler.

        Optimize fill() and fillRect() operations in Canvas on composited contexts by
        10 to 20 times on CG.

        Replacing the ImageBuffer code by transparency layers allows the
        graphics library to optimize the drawing.

        Doing the same for drawImage() would give performance regressions.

        An inline function will create a transparency layer for CG. Cairo graphics
        does not composite correctly when a transparency layer gets created. 
        The inline function is just a NOOP for Cairo.

        This fixes bug 131303 as well.

        Added performance tests with r167124 already.

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::fillInternal):
        (WebCore::CanvasRenderingContext2D::strokeInternal):
        (WebCore::CanvasRenderingContext2D::beginCompositeLayer):
        (WebCore::CanvasRenderingContext2D::endCompositeLayer):
        (WebCore::CanvasRenderingContext2D::fillRect):
        (WebCore::CanvasRenderingContext2D::strokeRect):
        (WebCore::CanvasRenderingContext2D::drawTextInternal):
        (WebCore::CanvasRenderingContext2D::fullCanvasCompositedFill): Deleted.
        * html/canvas/CanvasRenderingContext2D.h:

2014-04-14  Tim Horton  <timothy_horton@apple.com>

        Lots of compositing test failures after r167152
        https://bugs.webkit.org/show_bug.cgi?id=131574

        Reviewed by Darin Adler.

        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::dumpChildren):
        (WebCore::GraphicsLayer::dumpProperties):
        Make child-dumping recursive so that we can easily skip layers up to any depth.

2014-04-14  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>

        Fix incorrect indentations in CodeGeneratorJS.pm introduced in r165521
        https://bugs.webkit.org/show_bug.cgi?id=131613

        Reviewed by Csaba Osztrogonác.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        Fixed 5-space indentation.
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        Updated the tests accordingly.

2014-04-14  Manuel Rego Casasnovas  <rego@igalia.com>

        [JSC] CSSStyleDeclaration report incorrect descriptor
        https://bugs.webkit.org/show_bug.cgi?id=89697

        Reviewed by Benjamin Poulain.

        Change descriptor of CSSStyleDeclaration properties in order to have
        writable and enumerable attributes set to true. Configurable is kept to
        false since the property is not deleteable.

        Test: fast/dom/CSSStyleDeclaration/cssstyledeclaration-properties-descriptor.html

        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        (WebCore::JSCSSStyleDeclaration::getOwnPropertySlotDelegate): Only set
        DontDelete attribute when creating the descriptor for
        CSSStyleDeclaration properties.

2014-04-14  Benjamin Poulain  <benjamin@webkit.org>

        [JSC] Improve the call site of string comparison in some hot path
        https://bugs.webkit.org/show_bug.cgi?id=131605

        Reviewed by Darin Adler.

        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::NodeListCacheMapEntryHash::equal):
        We should use the right comparison operation depending on the Hash Traits.

2014-04-14  Andreas Kling  <akling@apple.com>

        Merge MemoryPressureHandler{Mac,IOS}.mm
        <https://webkit.org/b/131603>

        Join the iOS and Mac platform implementations of MemoryPressureHandler
        under the shared Cocoa banner. Each platform still has its own quirky
        behavior, but this puts them in the same file so we can start sharing.

        Reviewed by Darin Adler.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/cocoa/MemoryPressureHandlerCocoa.mm: Renamed from Source/WebCore/platform/mac/MemoryPressureHandlerMac.mm.
        (WebCore::MemoryPressureHandler::platformReleaseMemory):
        (WebCore::MemoryPressureHandler::install):
        (WebCore::MemoryPressureHandler::uninstall):
        (WebCore::MemoryPressureHandler::holdOff):
        (WebCore::MemoryPressureHandler::respondToMemoryPressure):
        (WebCore::respondToMemoryPressureCallback):
        (WebCore::MemoryPressureHandler::installMemoryReleaseBlock):
        (WebCore::MemoryPressureHandler::setReceivedMemoryPressure):
        (WebCore::MemoryPressureHandler::hasReceivedMemoryPressure):
        (WebCore::MemoryPressureHandler::clearMemoryPressure):
        (WebCore::MemoryPressureHandler::shouldWaitForMemoryClearMessage):
        (WebCore::MemoryPressureHandler::respondToMemoryPressureIfNeeded):
        * platform/ios/MemoryPressureHandlerIOS.mm: Removed.

2014-04-14  Benjamin Poulain  <benjamin@webkit.org>

        CSS JIT: compile the :nth-child() pseudo class
        https://bugs.webkit.org/show_bug.cgi?id=131602

        Reviewed by Andreas Kling.

        Tests: fast/selectors/nth-child-bounds.html
               fast/selectors/nth-child-with-backtracking.html

        Compile the :nth-child() pseudo class function + some related clean up.

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::nthA):
        (WebCore::CSSSelector::nthB):
        Expose the parsed value of an+b filters. Those values are used to compile
        the selector.

        (WebCore::CSSSelector::RareData::parseNth):
        While working on the patch, I discovered some severe issues with the parsing of large
        values of a and/or b. The problem comes from the way the CSS parser handle the values:
        the values are parsed as a double then converted to an AtomicString for CSSSelector.

        There are many problems related to large values but we never got bug reports because
        they are very uncommon. Fixing those problem would require changing the parser.

        Here, CSSSelector::RareData::parseNth() is hardened a little bit to avoid absurd values
        of a and b.

        * css/CSSSelector.h:
        * cssjit/RegisterAllocator.h:
        It looks like I forgot RDX in the list of register. Add it now since it is required
        for SelectorCodeGenerator::modulo().

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::modulo):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::moduloIsZero):
        There is no modulo() operation exposed on the macro assemblers. This is a basic
        implementation on top of idiv for x86_64.

        Since idiv works exclusively with RAX and RDX, most of the code is about getting
        those registers efficiently.

        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        (WebCore::SelectorCompiler::setElementChildIndex):
        (WebCore::SelectorCompiler::setElementChildIndexAndUpdateStyle):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
        This is pretty much a straightforward implementation of :nth-child().
        The first part counts the number of previous elements.
        The second part updates the tree if this is style resolution.
        The last part compares the number of previous siblings to an+b to find if the filter matches.

        The only part that diverges from SelectorChecker is how childIndex is used. Instead of testing it
        at every iteration, only the first iteration handle the cache.

        * dom/ElementRareData.h:
        (WebCore::ElementRareData::childIndexMemoryOffset):
        * dom/Node.h:
        (WebCore::Node::rareDataMemoryOffset):
        (WebCore::Node::flagHasRareData):
        * rendering/style/RenderStyle.h:

2014-04-14  Tim Horton  <timothy_horton@apple.com>

        Support setting a background color on page overlays
        https://bugs.webkit.org/show_bug.cgi?id=131600

        Reviewed by Darin Adler.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::setDocumentOverlayRootLayer):
        Mark the compositing tree as needing a rebuild when we get a new document-relative
        overlay layer; otherwise we were depending on something else coming along and
        requiring a rebuild, which didn't always happen.

2014-04-14  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSS Regions] Hit testing doesn't work in video
        https://bugs.webkit.org/show_bug.cgi?id=131485

        Reviewed by Andrei Bucur.

        When hit testing flow thread layer through the region layer,
        we have to pass the depth sorting information and take that
        into account for the situation in which an ancestor of the region
        has preserve-3d transform style.

        Test: fast/regions/hit-test-region-preserve3d-container.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::hitTestLayer):
        (WebCore::RenderLayer::hitTestFlowThreadIfRegionForFragments):
        * rendering/RenderLayer.h:

2014-04-13  Darin Adler  <darin@apple.com>

        userVisibleString should not try to "encode" host names
        https://bugs.webkit.org/show_bug.cgi?id=131587
        rdar://problem/14686849

        Reviewed by Alexey Proskuryakov.

        * WebCore.exp.in: Updated for WebCoreNSURLExtras argument type changes.

        * platform/mac/WebCoreNSURLExtras.h: Removed unneeded code to make this
        Objective-C++ header compile in plain C++ files, which we never need to do.
        Added missing argument name, baseURL, and changed mysterious CFIndex arguments
        to the correct type, CFURLComponentType.

        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::isLookalikeCharacter): Removed the inline keyword from this, and added
        more lookalike characters from the Mozilla list referenced here.
        (WebCore::URLByTruncatingOneCharacterBeforeComponent): Updated argument type.
        (WebCore::dataForURLComponentType): Ditto.
        (WebCore::userVisibleString): Only call mapHostNames if host name decoding is
        needed; no encoding here.

2014-04-13  Darin Adler  <darin@apple.com>

        REGRESSION (r158617): Find on Page can get stuck in a loop when the search string occurs in an <input> in a <fieldset>
        https://bugs.webkit.org/show_bug.cgi?id=126322

        Reviewed by Ryosuke Niwa.

        * dom/Element.cpp:
        (WebCore::Element::canContainRangeEndPoint): Now returns false when the role of the element
        is "img". This is the same rule that's hard-coded in isRenderReplacedElement for the same
        reason. Need more test coverage to make sure this role feature works consistently.

        * dom/Element.h: Made canContainRangeEndPoint no longer inline since it's not just a
        return statement any more.

        * dom/Position.cpp:
        (WebCore::Position::isCandidate): Took out code that calls isRendererReplacedElement
        that was added in r158617; not needed now that we updated canContainRangeEndPoint.

        * dom/Range.cpp:
        (WebCore::Range::firstNode): Removed code here that called isRendererReplacedElement.
        This was the wrong level to be adding editing logic, and there's a FIXME here to that
        effect, which we are now deleting. This was the change that broke Find.

        * editing/TextIterator.cpp: Added a comment about the redundancy between the
        isRendererReplacedElement and editingIgnoresContent functions.

        * html/HTMLHRElement.cpp:
        (WebCore::HTMLHRElement::canContainRangeEndPoint): Call through to base class instead
        of just returning true when we have child nodes. Lets Element::canContainRangeEndPoint
        do its thing.
        * html/HTMLHRElement.h: Ditto.

        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::canContainRangeEndPoint): Call through to base class instead
        of just returning true when we have fallback content. Lets Element::canContainRangeEndPoint
        do its thing.
        * html/HTMLObjectElement.h: Ditto.

        * testing/Internals.cpp:
        (WebCore::Internals::countMatchesForText): Set the limit to 1000 instead of infinite.

2014-04-12  Darin Adler  <darin@apple.com>

        Use unique_ptr for FillLayer::m_next
        https://bugs.webkit.org/show_bug.cgi?id=75222

        Reviewed by Dan Bernstein.

        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::ApplyPropertyFillLayer::applyInheritValue):
        Renamed currChild to just child and prevChild to previousChild.
        Changed code to pass ownership of the new FillLayer immediately.
        Changed some loops to be for loops.
        (WebCore::ApplyPropertyFillLayer::applyInitialValue): Ditto.
        (WebCore::ApplyPropertyFillLayer::applyValue): Ditto.

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::backgroundHasOpaqueTopLayer): Use reference
        instead of pointer.
        (WebCore::RenderBox::paintFillLayers): Ditto.
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended): Ditto.

        * rendering/style/FillLayer.cpp:
        (WebCore::FillLayer::FillLayer): Removed m_next initializer since it is now an
        OwnPtr and initializes automatically. In a couple other places, changed m_next
        initializer to use make_unique.
        (WebCore::FillLayer::~FillLayer): Wrote loop for deletion of m_next.
        (WebCore::FillLayer::operator=): Removed unneeded explicit deletion of m_next.
        (WebCore::FillLayer::cullEmptyLayers): Ditto.
        (WebCore::clipMax): Marked inline.
        (WebCore::FillLayer::computeClipMax): Rewrote to use a loop instead of recursion.
        (WebCore::FillLayer::containsImage): Ditto.
        (WebCore::FillLayer::imagesAreLoaded): Ditto.
        (WebCore::FillLayer::hasOpaqueImage): Rewrote to use && instead of multiple if.
        (WebCore::FillLayer::hasImage): Rewrote to use a loop instead of recursion.
        (WebCore::FillLayer::hasFixedImage): Ditto.

        * rendering/style/FillLayer.h: Changed m_next to be a unique_ptr.

2014-04-13  Andy Estes  <aestes@apple.com>

        [QuickLook] Move file system-related code into WebKit
        https://bugs.webkit.org/show_bug.cgi?id=131597

        Reviewed by Dan Bernstein.

        QuickLookHandle should not be responsible for saving a copy of the
        original document to disk as it might be running in a process that
        either can't write to disk or can only write into a sandboxed
        container. To account for this, we need to separate the concern of
        quick look conversion from that of original document saving so that
        each activity can run in the appropriate process.

        Created a new interface between WebCore and WebKit by adding a client
        (QuickLookHandleClient) to QuickLookHandle which is notified of incoming
        bytes. A new function on FrameLoaderClient tells WebKit when a new
        QuickLookHandle is created, giving WebKit the opportunity to register a
        handle client. Moved the existing file system-related code as well as
        code only needed by WebKit1 in QuickLookHandle into a new WebKit1
        QuickLookHandleClient subclass.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj: Made QuickLookHandleClient.h Private.
        * loader/FrameLoaderClient.h:
        (WebCore::FrameLoaderClient::didCreateQuickLookHandle): Added.
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::didCreateQuickLookHandle): Called FrameLoaderClient::didCreateQuickLookHandle().
        * loader/ResourceLoader.h:
        * platform/network/ResourceHandle.h: Made m_quickLook a unique_ptr.
        (WebCore::ResourceHandle::setQuickLookHandle): Changed to take a unique_ptr.
        * platform/network/ResourceHandleClient.h:
        (WebCore::ResourceHandleClient::didCreateQuickLookHandle): Added.
        * platform/network/ios/QuickLook.h: Added m_client, gave m_converter a stronger type, and made m_nsResponse a RetainPtr.
        (WebCore::QuickLookHandle::setClient): Added.
        (WebCore::QuickLookHandle::firstRequestURL): Added.
        (WebCore::QuickLookHandle::converter): Added.
        * platform/network/ios/QuickLook.mm:
        (WebCore::registerQLPreviewConverterIfNeeded):
        (WebCore::createTemporaryFileForQuickLook): Made non-static.
        (WebCore::emptyClient): Returned a shared empty QuickLookHandleClient.
        (WebCore::QuickLookHandle::QuickLookHandle): Removed file system and WebKit1-only code.
        (WebCore::QuickLookHandle::create): Changed to return a unique_ptr.
        (WebCore::QuickLookHandle::nsResponse):
        (WebCore::QuickLookHandle::didReceiveDataArray): Removed file system code and called QuickLookHandleClient::didReceiveDataArray() instead.
        (WebCore::QuickLookHandle::didReceiveData): Removed file system code and called QuickLookHandleClient::didReceiveData() instead.
        (WebCore::QuickLookHandle::didFinishLoading): Removed file system code and called QuickLookHandleClient::didFinishLoading() instead.
        (WebCore::QuickLookHandle::didFail): Removed file system and WebKit1-only code, calling QuickLookHandleClient::didFail() instead.
        (WebCore::QuickLookHandle::~QuickLookHandle): Removed file system and WebKit1-only code. Cleared our reference to m_client.
        (WebCore::QuickLookHandle::previewFileName): Retrieved from m_converter.
        (WebCore::QuickLookHandle::previewRequestURL): Ditto.
        * platform/network/ios/QuickLookHandleClient.h: Added.
        (WebCore::QuickLookHandleClient::~QuickLookHandleClient):
        (WebCore::QuickLookHandleClient::didReceiveDataArray):
        (WebCore::QuickLookHandleClient::didReceiveData):
        (WebCore::QuickLookHandleClient::didFinishLoading):
        (WebCore::QuickLookHandleClient::didFail):

2014-04-10  Pratik Solanki  <psolanki@apple.com>

        Move early return out of dispatch_async() block so we can return from willSendRequest quickly
        https://bugs.webkit.org/show_bug.cgi?id=131478
        <rdar://problem/16575535>

        Reviewed by Alexey Proskuryakov.

        Do a quick check to see if we need to synthesize the redirect response on the dispatch queue
        and return from willSendRequest callback quickly instead of always doing an effectively synchronous
        call to the main thread. We can't call synthesizeRedirectResponseIfNecessary on the dispatch
        queue since that accesses the ResourceRequest.

        No new tests because no change in functionality.

        * platform/network/cf/ResourceHandleCFURLConnectionDelegate.h:
        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::setupRequest): Save the
        request scheme to use later for early return from willSendRequest.
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):

2014-04-08  Oliver Hunt  <oliver@apple.com>

        Rewrite Function.bind as a builtin
        https://bugs.webkit.org/show_bug.cgi?id=131083

        Reviewed by Geoffrey Garen.

        Switch WebCore to use the helper functions when defining the
        prototype properties on DOM constructors, and update bindings
        tests accordingly.

        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::finishCreation):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateConstructorHelperMethods):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::JSTestActiveDOMObjectConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        (WebCore::JSTestCustomNamedGetterConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        (WebCore::JSTestEventConstructorConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::JSTestEventTargetConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestException.cpp:
        (WebCore::JSTestExceptionConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        (WebCore::JSTestGenerateIsReachableConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::JSTestInterfaceConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        (WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        (WebCore::JSTestNamedConstructorConstructor::finishCreation):
        (WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestNode.cpp:
        (WebCore::JSTestNodeConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObjConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        (WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        (WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::JSTestTypedefsConstructor::finishCreation):
        * bindings/scripts/test/JS/JSattribute.cpp:
        (WebCore::JSattributeConstructor::finishCreation):
        * bindings/scripts/test/JS/JSreadonly.cpp:
        (WebCore::JSreadonlyConstructor::finishCreation):

2014-04-13  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Hook up scrolling tree nodes when coming out of the page cache
        https://bugs.webkit.org/show_bug.cgi?id=131577

        Reviewed by Tim Horton.

        The call to scrollingCoordinator->frameViewRootLayerDidChange() was inside
        a #if !PLATFORM(IOS) block, but now that we use the ScrollingCoordinator
        for WK2 we want to call this.

        * loader/HistoryController.cpp:
        (WebCore::HistoryController::restoreScrollPositionAndViewState):

2014-04-13  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed build fix after r167196.

        * platform/RemoteCommandListener.cpp:
        (WebCore::RemoteCommandListener::create): Fall back to using the new operator
        for allocating RemoteCommandListener object. Using std::make_unique() requires
        for the operator to be public, which doesn't work well with the static create()
        method.

2014-04-13  Zan Dobersek  <zdobersek@igalia.com>

        Remove unnecessary uses of std::move() in return statements
        https://bugs.webkit.org/show_bug.cgi?id=131457

        Reviewed by Darin Adler.

        Don't use std::move() in return statements unless necessary as it inhibits
        named return value optimizations as performed by compilers.

        * Modules/battery/BatteryManager.cpp:
        (WebCore::BatteryManager::create):
        * html/FormController.cpp:
        (WebCore::FormController::createSavedFormStateMap):
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::create):
        * platform/RemoteCommandListener.cpp:
        (WebCore::RemoteCommandListener::create):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayer::create):
        * platform/ios/RemoteCommandListenerIOS.mm:
        (WebCore::RemoteCommandListener::create):
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::setupFilters):
        * rendering/style/CounterDirectives.cpp:
        (WebCore::clone):

2014-04-13  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167168 and r167194.
        https://bugs.webkit.org/show_bug.cgi?id=131589

        Caused massive ASSERTION failures on the GTK Debug bot
        (Requested by philn on #webkit).

        Reverted changesets:

        "[GTK] Add HighDPI support for non-accelerated compositing
        contents"
        https://bugs.webkit.org/show_bug.cgi?id=131562
        http://trac.webkit.org/changeset/167168

        "Unreviewed. Fix GTK+ build with recent cairo and GTK+ after
        r167168."
        http://trac.webkit.org/changeset/167194

2014-04-13  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [GStreamer] No CORS support for media elements
        https://bugs.webkit.org/show_bug.cgi?id=99037

        Reviewed by Philippe Normand.

        Added CORS access control check to media sources when crossorigin attribute is set.

        Added getter to CORS access control check status (used to compute whether the stream is tainted or not).
        Related test is http/tests/security/video-cross-origin-readback.html.

        Disabled access to cross-origin streams that fail CORS check when crossorigin attribute is set.
        Related test is http/tests/security/video-cross-origin-accessfailure.html.

        Tests: http/tests/security/video-cross-origin-accessfailure.html
               http/tests/security/video-cross-origin-accesssameorigin.html

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::didPassCORSAccessCheck): Return whether media is cross-origin (tainted) or not by querying the gstreamer source layer.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Added MediaPlayerPrivateGStreamer::didPassCORSAccessCheck declaration.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcStart): Passed CORS mode parameter to the streaming client. In case of CORS check failure, stop the resource loading.
        (webKitSrcPassedCORSAccessCheck): Return whether CORS access control check was done and successful.
        (StreamingClient::handleResponseReceived): Take a parameter to assign the CORS access control check result.
        (CachedResourceStreamingClient::CachedResourceStreamingClient): Updated setting of the ResourceLoaderOptions according CORS mode.
        (CachedResourceStreamingClient::responseReceived): Check CORS and pass result to handleResponseReceived.
        (ResourceHandleStreamingClient::didReceiveResponse): No CORS check.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Added webKitSrcPassedCORSAccessCheck declaration.

2014-04-12  Darin Adler  <darin@apple.com>

        REGRESSION (r166860): ASSERTION FAILED: !isCalculated() on fast/css/image-set-value-not-removed-crash.html
        https://bugs.webkit.org/show_bug.cgi?id=131480

        Reviewed by Andreas Kling.

        Fixes intermittent assertion failure in fast/css/image-set-value-not-removed-crash.html.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::valueForImageSliceSide): Added. Helper used below in valueForNinePieceImageSlice.
        Handles calculated values by returning 0; incorrect but predictable.
        (WebCore::valueForNinePieceImageSlice): Updated to call valueForImageSliceSide.
        (WebCore::positionOffsetValue): Use nullptr.
        (WebCore::ComputedStyleExtractor::propertyValue): Updated to call positionOffsetValue
        by its new name. Removed "get" from the name.
        (WebCore::positionOffsetValue): Renamed from getPositionOffsetValue.

        * platform/Length.h: Made isCalculated public.

2014-04-12  Andy Estes  <aestes@apple.com>

        Fix the iOS build after r167183.

        * platform/network/ResourceHandle.h:
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::schedule):
        (WebCore::ResourceHandle::unschedule):

2014-04-12  Andy Estes  <aestes@apple.com>

        [iOS] Move QuickLookHandle from ResourceLoader to WebResourceLoader
        https://bugs.webkit.org/show_bug.cgi?id=131580

        Reviewed by Darin Adler.

        There's no need to bloat WebKit1's ResourceLoader with a pointer that
        only WebKit2's WebResourceLoader cares about.

        * loader/ResourceLoader.h:
        (WebCore::ResourceLoader::quickLookHandle): Deleted.
        (WebCore::ResourceLoader::setQuickLookHandle): Deleted.

2014-04-12  Chris Fleizach  <cfleizach@apple.com>

        AX: Cleanup AccessibilityObject::getAttribute
        https://bugs.webkit.org/show_bug.cgi?id=131555

        Reviewed by Darin Adler.

        No new functionality.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::getAttribute):

2014-04-12  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [SOUP] Libsoup internal credential setting should be controlled by loader decision
        https://bugs.webkit.org/show_bug.cgi?id=130963

        Reviewed by Darin Adler.

        Disabled libsoup internal authentication manager for messages for which no credential is available and no stored credentials should be used.
        Updated synchronous loader to return whether using credentials or not according StoredCredential loader option parameter.
        Unskipped test http/tests/xmlhttprequest/cross-origin-no-authorization.html covers the patch.

        * platform/network/ResourceHandleInternal.h:
        (WebCore::ResourceHandleInternal::ResourceHandleInternal): Added m_useAuthenticationManager boolean to control whether disable authentication manager or not.
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::WebCoreSynchronousLoader::WebCoreSynchronousLoader): Added m_storedCredentials member.
        (WebCore::WebCoreSynchronousLoader::shouldUseCredentialStorage): Return true if stored credentials are allowed.
        (WebCore::applyAuthenticationToRequest): Set m_useAuthenticationManager value to disable authentication manager if cannot use stored credentials and ResourceHandleInternal has no username and password.
        (WebCore::createSoupMessageForHandleAndRequest): Disable authentication mananger according m_useAuthenticationManager value.
        (WebCore::ResourceHandle::platformLoadResourceSynchronously): Added StoredCredentials loader option to the sync loader constructor.

2014-04-11  Darin Adler  <darin@apple.com>

        Some small loader refinements and refactoring
        https://bugs.webkit.org/show_bug.cgi?id=131541

        Reviewed by Alexey Proskuryakov.

        Cut down on use of ResourceLoader::handle, which always returns null when
        using a network process. Also streamlined conditionals and did some other
        small refactoring.

        * loader/DocumentLoader.h: Use references rather than pointers for SchedulePair.

        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::didChangePriority): Use m_handle instead of handle(),
        since we'd like to delete handle() entirely soon.
        (WebCore::ResourceLoader::didReceiveAuthenticationChallenge): Ditto.
        (WebCore::ResourceLoader::schedule): Added.
        (WebCore::ResourceLoader::unschedule): Ditto.
        * loader/ResourceLoader.h: Rearranged header to eliminate nested conditionals.
        Added schedule and unschedule functions for Mac.

        * loader/mac/DocumentLoaderMac.cpp:
        (WebCore::scheduleAll): Changed to take a reference and call ResourceLoader::schedule.
        (WebCore::unscheduleAll): Ditto.
        (WebCore::DocumentLoader::schedule): Ditto.
        (WebCore::DocumentLoader::unschedule): Ditto.

        * page/mac/PageMac.cpp:
        (WebCore::Page::addSchedulePair): Pass a reference rather than a pointer to schedule.
        (WebCore::Page::removeSchedulePair): Ditto.

        * platform/network/ResourceHandle.h: Did a bit of reformatting and reorganizing of
        conditionals.

        * platform/network/ResourceHandleInternal.h: Removed a tiny bit of unneeded declaration.

        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::schedule): Updated to take a reference rather than a pointer.
        (WebCore::ResourceHandle::unschedule): Ditto.

2014-04-11  Andreas Kling  <akling@apple.com>

        Make NodeList.length inline-cacheable by JSC.
        <https://webkit.org/b/131579>

        For objects with custom index or name getters, we have to make sure
        that builtin properties take precedence. We do this by scanning the
        ancestor chain for a suitable property slot before moving on to
        named items.

        With this patch, we now mark such builtins as cacheable. This is
        safe since the whole point of doing this before processing named
        items is to ensure the same slot is returned consistently.

        Reviewed by Benjamin Poulain.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateGetOwnPropertySlotBody):

2014-04-11  Tim Horton  <timothy_horton@apple.com>

        Lots of compositing test failures after r167152
        https://bugs.webkit.org/show_bug.cgi?id=131574

        Reviewed by Simon Fraser.

        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::dumpProperties):
        We were asking the parent's client whether the child should be dumped,
        but really the child's client is the one who should decide.

2014-04-11  Benjamin Poulain  <bpoulain@apple.com>

        ViewportConfiguration::layoutWidth() compute the width incorrectly when initial-scale+width do not fit in view
        https://bugs.webkit.org/show_bug.cgi?id=131575

        Reviewed by Enrica Casucci.

        I made a mistake when writing the new viewport code: ViewportConfiguration::layoutWidth() uses m_contentSize in one place.
        That make no sense, contentSize depends on the layout width.

        * page/ViewportConfiguration.cpp:
        (WebCore::ViewportConfiguration::layoutWidth):

2014-04-11  Andreas Kling  <akling@apple.com>

        Remove "numeric index getter" stuff from bindings code generator.
        <https://webkit.org/b/131565>

        This was used for an earlier generation of typed arrays. Now that JSC
        has native typed array support, we're not using this functionality and
        can just remove it.

        Reviewed by Geoffrey Garen.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateGetOwnPropertySlotBody):
        (HasComplexGetOwnProperty):
        (InterfaceRequiresAttributesOnInstance):
        (InstanceOverridesGetOwnPropertySlot):
        (GenerateHeader):
        (GenerateImplementation):

2014-04-11  Brian J. Burg  <burg@cs.washington.edu>

        Web Replay: consolidate decoding macros used in SerializationMethods
        https://bugs.webkit.org/show_bug.cgi?id=131564

        Reviewed by Timothy Hatcher.

        We can use EncodingTraits<T>::DecodedType to create a local variable
        with the appropriate decoded type, rather than special casing.

        * replay/SerializationMethods.cpp:
        (JSC::EncodingTraits<NondeterministicInputBase>::decodeValue):
        (JSC::EncodingTraits<KeypressCommand>::decodeValue):
        (JSC::EncodingTraits<PlatformKeyboardEvent>::decodeValue):
        (JSC::EncodingTraits<PlatformMouseEvent>::decodeValue):
        (JSC::EncodingTraits<PlatformWheelEvent>::decodeValue):
        (JSC::EncodingTraits<PluginData>::decodeValue):

2014-04-11  Beth Dakin  <bdakin@apple.com>

        Need WK2 API to disable rubber-banding
        https://bugs.webkit.org/show_bug.cgi?id=131567

        Reviewed by Simon Fraser.

        Page will now store a vertical and horizontal ScrollElasticity in case the API has 
        been called before the FrameView even exists.

        New Page functions.
        * WebCore.exp.in:

        Use Page’s cached ScrollElasticity.
        * page/FrameView.cpp:
        (WebCore::FrameView::FrameView):

        If there is already a FrameView, then assign it the new ScrollElasticity.
        * page/Page.cpp:
        (WebCore::Page::Page):
        (WebCore::Page::setVerticalScrollElasticity):
        (WebCore::Page::setHorizontalScrollElasticity):
        * page/Page.h:
        (WebCore::Page::verticalScrollElasticity):
        (WebCore::Page::horizontalScrollElasticity):

2014-04-11  Martin Robinson  <mrobinson@igalia.com>

        REGRESSION(167145): Many media tests fail
        https://bugs.webkit.org/show_bug.cgi?id=131569

        Reviewed by Brent Fulgham.

        * PlatformGTK.cmake: Add the localized strings file to the list of user agent scripts.
        * platform/gtk/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::mediaControlsScript): Include the localized strings file in the script body.

2014-04-11  Tim Horton  <timothy_horton@apple.com>

        [iOS WebKit2] Find-in-page indicator
        https://bugs.webkit.org/show_bug.cgi?id=131510
        <rdar://problem/16547777>

        Reviewed by Simon Fraser and Enrica Casucci.

        * editing/Editor.cpp:
        (WebCore::Editor::findString):
        * editing/FindOptions.h:
        Add a find option which prevents WebCore from revealing the selection
        after selecting a successful find match.

2014-04-11  Owen Taylor  <otaylor@redhat.com>

        [GTK] Add HighDPI support for non-accelerated compositing contents
        https://bugs.webkit.org/show_bug.cgi?id=131562

        Reviewed by Martin Robinson.

        No new tests. This will be tested once we have the proper dependencies in the WebKit testing
        JHBuild.

        * platform/cairo/WidgetBackingStore.h:
        (WebCore::WidgetBackingStore::WidgetBackingStore): Accept a device scale argument.
        * platform/cairo/WidgetBackingStoreCairo.cpp: Use the device scale argument to make the surface the proper size and set the surface device scale.
        * platform/cairo/WidgetBackingStoreCairo.h: Accept a device scale argument.
        * platform/graphics/cairo/CairoUtilities.cpp: Add a new helper to set the device scale if Cairo built against is new enough.
        * platform/graphics/cairo/CairoUtilities.h:
        * platform/gtk/GtkVersioning.h: Add the HAVE_GTK_SCALE_FACTOR macro.
        * platform/gtk/WidgetBackingStoreGtkX11.cpp: Use the device scale argument to make the surface the proper size and set the surface device scale.
        * platform/gtk/WidgetBackingStoreGtkX11.h: Accept a device scale argument.

2014-04-11  Jon Honeycutt  <jhoneycutt@apple.com>

        Assertion failure changing select element size during focus event
        dispatch
        <https://bugs.webkit.org/show_bug.cgi?id=131566>
        <rdar://problem/16400735>

        Reviewed by Andy Estes.

        Test: fast/forms/select-change-size-during-focus.html

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::listBoxDefaultEventHandler):
        Adopt the fix from Chromium r171216; check that the renderer is still
        of the expected type, and return early if it is not.

2014-04-11  Bem Jones-Bey  <bjonesbe@adobe.com>

        Clear sibling floats while splitting inline flow
        https://bugs.webkit.org/show_bug.cgi?id=130905

        Reviewed by David Hyatt.

        This is a port of a Blink patch by kenrb@chromium.org.
        (https://src.chromium.org/viewvc/blink?revision=169658&view=revision)

        During RenderInline::splitFlow(), floats are cleared on an anonymous
        containingBlock() for the inline being split. This is a problem if
        siblings of the block contain references to the same floats, since the
        float removal code in markSiblingsWithFloatsForLayout() will not later
        find them.

        This change also affects RenderBlock::splitFlow() and
        RenderBoxModelObject::moveChildrenTo, since those are called in
        similar situations as RenderInline::splitFlow().

        Test: fast/block/float/split-inline-sibling-of-float-crash.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::removeFloatingObjects): Add call to
            markSiblingsWithFloatsForLayout() before removing floats.

2014-04-11  Gavin Barraclough  <baraclough@apple.com>

        Rollout - Rewrite Function.bind as a builtin
        https://bugs.webkit.org/show_bug.cgi?id=131083

        Unreviewed.

        Rolling out r167020 while investigating a performance regression.

        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::finishCreation):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateConstructorHelperMethods):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::JSTestActiveDOMObjectConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        (WebCore::JSTestCustomNamedGetterConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        (WebCore::JSTestEventConstructorConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::JSTestEventTargetConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestException.cpp:
        (WebCore::JSTestExceptionConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        (WebCore::JSTestGenerateIsReachableConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::JSTestInterfaceConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        (WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        (WebCore::JSTestNamedConstructorConstructor::finishCreation):
        (WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestNode.cpp:
        (WebCore::JSTestNodeConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObjConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        (WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        (WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::JSTestTypedefsConstructor::finishCreation):
        * bindings/scripts/test/JS/JSattribute.cpp:
        (WebCore::JSattributeConstructor::finishCreation):
        * bindings/scripts/test/JS/JSreadonly.cpp:
        (WebCore::JSreadonlyConstructor::finishCreation):

2014-04-11  Myles C. Maxfield  <mmaxfield@apple.com>

        Build Fix after r167151.

        Unreviewed.

        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::applyAlternativeTextToRange):

2014-04-10  Jer Noble  <jer.noble@apple.com>

        [EME][Mac] Using KeySession.update([renew]) should trigger KeyMessage event instead of NeedKey event
        https://bugs.webkit.org/show_bug.cgi?id=131527

        Reviewed by Eric Carlson.

        Rather than triggering a needKey() event, necessatating the creation
        of an entirely new MediaKeySession, cause a new key request to be
        created by sending the same initData back into the AVSampleDataParser.

        Also, do some drive-by clean up suggested by Darin in the review for
        r166509.

        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm:
        (WebCore::isEqual): Support an alloc-free equality check between
            Uint8Array and static strings.
        (WebCore::CDMSessionMediaSourceAVFObjC::update):

2014-04-11  David Kilzer  <ddkilzer@apple.com>

        Build fix (r167151): Do not dereference Node::document() before passing to Range::create()
        <https://webkit.org/b/131475>

        Fixes the following build failure:

            WebCore/editing/AlternativeTextController.cpp:275:71: error: indirection requires pointer operand ('WebCore::Document' invalid)
                int paragraphStartIndex = TextIterator::rangeLength(Range::create(*rootNode.document(), &rootNode, 0, paragraphRangeContainingCorrection.get()->startContainer(), paragraphRangeContainingCorrection.get()->startOffset()).get());
                                                                                  ^~~~~~~~~~~~~~~~~~~~

        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::applyAlternativeTextToRange):
        Remove unneeded '*' operator since Node::document() returns a
        Document& and Range::create() accepts a Document& for its first
        argument.

2014-04-11  Brian J. Burg  <burg@cs.washington.edu>

        Web Replay: memoize nondeterministic attributes of the Navigator interface
        https://bugs.webkit.org/show_bug.cgi?id=131340

        Reviewed by Timothy Hatcher.

        Most attributes of window.navigator do not change very often, but they
        could be easily changed by the user or embedder. So, memoize attribute values.

        This change does not include navigator.mimeTypes and navigator.plugins,
        which will be handled at a different level. <https://webkit.org/b/131341>

        Test: ManualTests/inspector/replay-window-navigator-basic.html

        * page/Navigator.idl: Add Nondeterministic attribute.

2014-04-10  Jer Noble  <jer.noble@apple.com>

        [iOS][WK2] Videos should animate into and out of fullscreen.
        https://bugs.webkit.org/show_bug.cgi?id=131497

        Reviewed by Simon Fraser.

        Use AVPlayerViewController's new enterFullScreenWithCompletionHandler: and exitFullScreenWithCompletionHandler:
        methods to animate into and out of full screen. To do so, use the provided initialFrame and finalFrame screen
        rects to correctly place the AVPlayerViewController's view before entering or exiting fullscreen.

        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (-[WebVideoFullscreenController enterFullscreen:]): Pass the media element's screen rect.
        (-[WebVideoFullscreenController exitFullscreen]): Ditto.
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerController playerViewController:shouldExitFullScreenWithReason:]): Renamed from shouldDismissWithReason.
        (WebVideoFullscreenInterfaceAVKit::enterFullscreen): Use the new AVKit APIs.
        (WebVideoFullscreenInterfaceAVKit::exitFullscreen): Ditto.
        * WebCore.exp.in: Modify the exported symbols for enter and exitFullscreen.

2014-04-11  Tim Horton  <timothy_horton@apple.com>

        Support document-relative and custom-frame page overlays
        https://bugs.webkit.org/show_bug.cgi?id=131560
        <rdar://problem/16595556>

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::RenderLayerCompositor):
        (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
        (WebCore::RenderLayerCompositor::setDocumentOverlayRootLayer):
        * rendering/RenderLayerCompositor.h:
        Add the concept of a document overlay layer, which is plugged in as the
        last child of the root content layer. Expose it to WebKit2.

2014-04-09  Myles C. Maxfield  <mmaxfield@apple.com>

        Autocorrection causes ASSERT when replacing alternative string
        https://bugs.webkit.org/show_bug.cgi?id=131475

        Reviewed by Ryosuke Niwa.

        In AlternativeTextController::applyAlternativeTextToRange(), we attempt to create
        a Range that crosses from outside of a shadow root to inside of one. Instead,
        we should keep the Range entirely within the shadow root.

        Test: ManualTests/autocorrection/autocorrection-accept-crash.html

        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::applyAlternativeTextToRange):

2014-04-11  Hans Muller  <hmuller@adobe.com>

        [CSS Shapes] shape-outside from image doesn't load properly
        https://bugs.webkit.org/show_bug.cgi?id=131491

        Reviewed by Bem Jones-Bey.

        Make RenderImage::imageChanged() call super if there's a shape-outside
        image because the shape-outside imageChanged() logic is in RenderBox.

        Test: http/tests/css/shape-image-file.html

        * rendering/RenderElement.h:
        (WebCore::RenderElement::hasShapeOutside):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::imageChanged):

2014-04-11  Brady Eidson  <beidson@apple.com>

        Aggregate multiple "respondToChangedSelection" calls to one scan for telephone numbers
        https://bugs.webkit.org/show_bug.cgi?id=131559

        Reviewed by Gavin Barraclough.

        No new tests (Perf-only change to an untested feature)

        * editing/Editor.cpp:
        (WebCore::Editor::Editor):
        (WebCore::Editor::respondToChangedSelection): Start a one shot timer for scanSelectionForTelephoneNumbers
          instead of scanning synchronously.
        (WebCore::Editor::scanSelectionForTelephoneNumbers):
        * editing/Editor.h:

2014-04-11  Antti Koivisto  <antti@apple.com>

        Try to fix windows build.
        
        * platform/graphics/ca/GraphicsLayerCA.h:

2014-04-11  Brent Fulgham  <bfulgham@apple.com>

        Unreviewed follow-up for r167145

        * English.lproj/mediaControlsLocalizedStringsiOS.js:
        (mediaControlsLocalizedStringsiOS): Use smart-quote in
        message string.

2014-04-11  Brent Fulgham  <bfulgham@apple.com>

        Regression: media controls and status messages are no longer localized.
        https://bugs.webkit.org/show_bug.cgi?id=120956

        Reviewed by Jer Noble.

        * English.lproj/mediaControlsLocalizedStrings.js: Added.
        (mediaControlsLocalizedStrings): Moved from mediaControlsApple.js.
        * English.lproj/mediaControlsLocalizedStringsiOS.js: Added.
        (mediaControlsLocalizedStringsiOS): Moved from mediaControlsiOS.js.
        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.UIString): Get strings from external file.
        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.UIString): Ditto.
        * WebCore.vcxproj/copyWebCoreResourceFiles.cmd: Copy to Windows bundle.
        * WebCore.xcodeproj/project.pbxproj: Copy new files to bundle.
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::mediaControlsScript): Load the locale-specific
        string resource when loading the media controls.
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::mediaControlsScript): Ditto.
        * rendering/RenderThemeWin.cpp:
        (WebCore::RenderThemeWin::mediaControlsScript): Ditto.

2014-04-11  Brent Fulgham  <bfulgham@apple.com>

        [Win] Build fix after r167138

        * platform/graphics/ca/GraphicsLayerCA.h: The TileController is
        only available on Mac/Cocoa builds.

2014-04-11  Mark Lam  <mark.lam@apple.com>

        JSMainThreadExecState::call() should clear exceptions before returning.
        <https://webkit.org/b/131530>

        Reviewed by Geoffrey Garen.

        Test: fast/dom/regress-131530.html

        Previously, JSMainThreadExecState::call() did not clear any pending
        exceptions in the VM before returning.  On returning, the
        JSMainThreadExecState destructor may re-enter the VM to notify
        MutationObservers.  This may result in a crash because the VM expects
        exceptions to be cleared at entry.

        We now change JSMainThreadExecState::call() to return the exception
        (if present) via an argument, and clear it from the VM before returning.

        As part of this change, I updated various parts of the code base to use the
        new API as needed.

        * bindings/js/JSCallbackData.cpp:
        (WebCore::JSCallbackData::invokeCallback):
        * bindings/js/JSCustomXPathNSResolver.cpp:
        (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
        * bindings/js/JSDOMGlobalObjectTask.cpp:
        - Assert that there's no unhandled exception after the Microtask returns.
          See comment for WebCore::JSMainThreadExecState::runTask below for more
          details.

        * bindings/js/JSErrorHandler.cpp:
        (WebCore::JSErrorHandler::handleEvent):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::handleEvent):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::open):
        - Document.open() cannot be the first function on the JS stack.  Hence,
          there is no need to use JSMainThreadExecState to call into the VM, as
          this is only needed to catch the event of returning from the first
          function for the purpose of notifying MutationObservers.  Change to
          call JSC::call() directly.

        * bindings/js/JSMainThreadExecState.cpp:
        (WebCore::functionCallHandlerFromAnyThread):
        * bindings/js/JSMainThreadExecState.h:
        (WebCore::JSMainThreadExecState::call):
        (WebCore::JSMainThreadExecState::evaluate):
        - Remove the explicitly acquisition of the JSLock here because we now
          acquire the JSLock as part of the JSMainThreadExecState instance.
        (WebCore::JSMainThreadExecState::runTask):
        - Added an assert to verify that the task does not return with an
          unhandled exception.  Currently, the only Microtask in use is for the
          Promise implementation, which will eat the exception before returning.
          This assertion is added here to verify that this contract does not
          inadvertantly change in the future.
        (WebCore::JSMainThreadExecState::JSMainThreadExecState):
        - Now acquires the JSLock as well since by definition, we're only
          instantiating the JSMainThreadExecState because we're about to enter
          the VM.

        * bindings/js/JSMutationCallback.cpp:
        (WebCore::JSMutationCallback::call):
        * bindings/js/JSNodeFilterCondition.cpp:
        (WebCore::JSNodeFilterCondition::acceptNode):
        - acceptNode() is only used in the TreeWalker and NodeIterator APIs which
          cannot be the first function on the JS stack.  Hence, we should call
          JSC::call() directly instead of going through JSMainThreadExecState.

        * bindings/js/ScheduledAction.cpp:
        (WebCore::ScheduledAction::executeFunctionInContext):
        * bindings/objc/WebScriptObject.mm:
        (WebCore::addExceptionToConsole):
        (-[WebScriptObject callWebScriptMethod:withArguments:]):

2014-04-11  Brian J. Burg  <burg@cs.washington.edu>

        Web Replay: CodeGeneratorJS should guard includes of replay-related headers
        https://bugs.webkit.org/show_bug.cgi?id=131407

        Reviewed by Timothy Hatcher.

        This patch adds guards to headers that are only required by generated replay code
        that is itself guarded. Other ports probably haven't added the headers to their
        build files, so we don't want to emit the unused header includes.

        This patch also converts generated uses of DEFINE_STATIC_LOCAL to NeverDestroyed<T>.
        Finally, a new bindings test was added to document changes to generated replay code.

        Test: Source/WebCore/bindings/scripts/test/TestNondeterministic.idl

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        (GenerateImplementationFunctionCall):

        * bindings/scripts/test/GObject/WebKitDOMTestNondeterministic.cpp: Added.
        * bindings/scripts/test/GObject/WebKitDOMTestNondeterministic.h: Added.
        * bindings/scripts/test/GObject/WebKitDOMTestNondeterministic.symbols: Added.
        * bindings/scripts/test/GObject/WebKitDOMTestNondeterministicPrivate.h: Added.
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp: Added.
        * bindings/scripts/test/JS/JSTestNondeterministic.h: Added.
        * bindings/scripts/test/ObjC/DOMTestNondeterministic.h: Added.
        * bindings/scripts/test/ObjC/DOMTestNondeterministic.mm: Added.
        * bindings/scripts/test/ObjC/DOMTestNondeterministicInternal.h: Added.
        * bindings/scripts/test/TestNondeterministic.idl: Added.

2014-04-11  Antti Koivisto  <antti@apple.com>

        Pipe initial scale factor to TileController
        https://bugs.webkit.org/show_bug.cgi?id=131521

        Reviewed by Tim Horton.

        * WebCore.exp.in:
        * page/Page.cpp:
        (WebCore::Page::Page):
        (WebCore::Page::setZoomedOutPageScaleFactor):
        * page/Page.h:
        (WebCore::Page::zoomedOutPageScaleFactor):
        * platform/graphics/GraphicsLayerClient.h:
        (WebCore::GraphicsLayerClient::zoomedOutPageScaleFactor):
        * platform/graphics/TiledBacking.h:
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::updateContentsScale):
        * platform/graphics/ca/GraphicsLayerCA.h:
        * platform/graphics/ca/mac/TileController.h:
        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::TileController):
        (WebCore::TileController::setContentsScale):
        (WebCore::TileController::setZoomedOutContentsScale):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::zoomedOutPageScaleFactor):
        * rendering/RenderLayerBacking.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::zoomedOutPageScaleFactor):
        * rendering/RenderLayerCompositor.h:

2014-04-10  Chris Fleizach  <cfleizach@apple.com>

        Heap-use-after-free in WebCore::SpeechSynthesisUtterance::startTime
        https://bugs.webkit.org/show_bug.cgi?id=131482

        Reviewed by David Kilzer.

        Hold onto the utterance until it has time to fire, in case other references have been removed.

        Merged from Blink r171077 by <dmazzoni@chromium.org>

        Test: platform/mac/fast/speechsynthesis/speech-synthesis-gc-utterance-crash.html

        * Modules/speech/SpeechSynthesis.cpp:
        (WebCore::SpeechSynthesis::handleSpeakingCompleted):

2014-04-11  Zan Dobersek  <zdobersek@igalia.com>

        Avoid Vector copies in RenderGrid::placeItemsOnGrid()
        https://bugs.webkit.org/show_bug.cgi?id=131452

        Reviewed by Sergio Villar Senin.

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid): Take in a const reference to the
        Vector object. Make the for-loop that iterates through it range-based.
        (WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Ditto.
        * rendering/RenderGrid.h:

2014-04-11  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Remove shared PageScriptDebugServer, create per-Page
        https://bugs.webkit.org/show_bug.cgi?id=131523

        Reviewed by Timothy Hatcher.

        Having a shared PageScriptDebugServer was causing issues when we called
        JSC::Debugger::clearBreakpoints() closing one inspector while another
        is open for another WebCore::Page in the same process. Having the same
        JSC::Debugger underlying multiple InspectorDebuggerAgent instances
        means that when clearBreakpoints is called, the real JSC breakpoints
        underlying other InspectorDebuggerAgent's get removed. When those
        InspectorDebuggerAgents attempt to remove their breakpoints they
        encounter unexpected issues.

        This entirely rebuilds PageScriptDebugServer to be per-Page instead
        of shared across all pages. So take this opportunity to move the
        file from WebCore/bindings/js to WebCore/inspector.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/PageScriptDebugServer.h: Removed.
        * inspector/InspectorAllInOne.cpp:
        Move PageScriptDebugServer.

        * inspector/InspectorController.h:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        Set the ScriptDebugServer directly on some other agents that
        were previously using the global debug server.

        * inspector/InspectorProfilerAgent.h:
        (WebCore::InspectorProfilerAgent::scriptDebugServer):
        * inspector/InspectorProfilerAgent.cpp:
        (WebCore::InspectorProfilerAgent::InspectorProfilerAgent):
        (WebCore::InspectorProfilerAgent::setScriptDebugServer):
        (WebCore::InspectorProfilerAgent::start):
        (WebCore::InspectorProfilerAgent::willDestroyFrontendAndBackend): Deleted.
        * inspector/InspectorTimelineAgent.h:
        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::start):
        (WebCore::InspectorTimelineAgent::stop):
        (WebCore::InspectorTimelineAgent::setPageScriptDebugServer):
        (WebCore::InspectorTimelineAgent::InspectorTimelineAgent):
        Refactor these two agents to take in a script debug server.
        The server is expected to be set during initialization and
        to always be valid (like debug server on RuntimeAgent).

        * inspector/PageDebuggerAgent.h:
        * inspector/PageDebuggerAgent.cpp:
        (WebCore::PageDebuggerAgent::PageDebuggerAgent):
        (WebCore::PageDebuggerAgent::startListeningScriptDebugServer):
        (WebCore::PageDebuggerAgent::stopListeningScriptDebugServer):
        (WebCore::PageDebuggerAgent::scriptDebugServer):
        Have PageDebuggerAgent hold the PageScriptDebugServer.
        Update for the simplified interfaces.

        * inspector/PageScriptDebugServer.h: Added.
        * inspector/PageScriptDebugServer.cpp: Renamed from Source/WebCore/bindings/js/PageScriptDebugServer.cpp.
        (WebCore::PageScriptDebugServer::PageScriptDebugServer):
        (WebCore::PageScriptDebugServer::addListener):
        (WebCore::PageScriptDebugServer::removeListener):
        (WebCore::PageScriptDebugServer::recompileAllJSFunctions):
        (WebCore::PageScriptDebugServer::didPause):
        (WebCore::PageScriptDebugServer::didContinue):
        (WebCore::PageScriptDebugServer::runEventLoopWhilePaused):
        (WebCore::PageScriptDebugServer::runEventLoopWhilePausedInternal):
        (WebCore::PageScriptDebugServer::isContentScript):
        (WebCore::PageScriptDebugServer::reportException):
        (WebCore::PageScriptDebugServer::setJavaScriptPaused):
        Model after JSGlobalObjectScriptDebugServer, the PageScriptDebugServer
        holds a reference to a Page.

2014-04-11  Bear Travis  <betravis@adobe.com>

        [CSS Shapes] inset args and radial args should serialize to the simplest form
        https://bugs.webkit.org/show_bug.cgi?id=129825

        Reviewed by Dirk Schulze.

        Modify inset serialization to omit components where possible. The insets simplify
        according to the margin shorthand, while the corner radii simplify according to
        the border-radius shorthand.

        Modifying existing parsing tests.

        * css/CSSBasicShapes.cpp:
        (WebCore::buildInsetRadii): Add the necessary radii, omitting components where possible.
        (WebCore::buildInsetString): Omit components where possible.

2014-04-11  Praveen R Jadhav  <praveen.j@samsung.com>

        "playbackTime" parameter is not present in AudioProcessingEvent Interface as per W3C spec
        https://bugs.webkit.org/show_bug.cgi?id=105518

        Reviewed by Jer Noble.

        Attribute "playbackTime" in AudioProcessingEvent implemented to pass playback time of
        audiobuffer associated with ScriptProcessorNode of the context.
 
        Reference: https://codereview.chromium.org/210973002

        Spec: http://www.w3.org/TR/webaudio/#AudioProcessingEvent

        Test: webaudio/audioprocessingevent.html

        * Modules/webaudio/AudioProcessingEvent.cpp:
        (WebCore::AudioProcessingEvent::create):
        (WebCore::AudioProcessingEvent::AudioProcessingEvent):
        * Modules/webaudio/AudioProcessingEvent.h:
        (WebCore::AudioProcessingEvent::playbackTime):
        * Modules/webaudio/AudioProcessingEvent.idl:
        * Modules/webaudio/ScriptProcessorNode.cpp:
        (WebCore::ScriptProcessorNode::fireProcessEvent):

2014-04-11  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: WK1: Trail of cruft in redraw during animations.
        https://bugs.webkit.org/show_bug.cgi?id=131525

        Reviewed by Simon Fraser.

        Use enclosing rect instead of snapping to make sure the repaint rect always
        covers the dirty area when painting is requested in a non-compositing RenderView.
        This only applies to WK1 as WK2 has compositing RenderView and the repainting 
        is managed by RenderLayerBacking.

        This is a temporary solution until after ScrollView/FrameView/RenderView
        is transitioned to device pixels. (tracked here: webkit.org/b/131526).

        Test: fast/repaint/hidpi-block-width-change-leaves-cruft.html

        * rendering/RenderView.cpp:
        (WebCore::RenderView::repaintViewRectangle):

2014-04-10  Dean Jackson  <dino@apple.com>

        WebGL: need error checking after texture uploads
        https://bugs.webkit.org/show_bug.cgi?id=62902
        rdar://problem/9640309

        Reviewed by Brent Fulgham.

        A followup to Darin's r167109. We need to also check for errors
        in the texImage2D case.

        This is difficult to reproducibly test because it would require
        attempting to exhaust GPU memory.

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::compressedTexImage2D): Check for errors by calling
        moveErrorsToSyntheticErrorList twice, once before and once after. If an error
        occurred, explicitly mark the texture as invalid.
        (WebCore::WebGLRenderingContext::texImage2DBase): Ditto.
        * html/canvas/WebGLTexture.cpp:
        (WebCore::WebGLTexture::markInvalid): If the LevelInfo exists for this
        mipmap level, then set the valid flag to false. There is a chance that
        a previous call to texImage2D succeeded for this level, but it's probably
        better to assume that is now invalid.
        * html/canvas/WebGLTexture.h: New markInvalid method.

2014-04-10  Darin Adler  <darin@apple.com>

        WebGL: need error checking after texture and buffer uploads in some cases
        https://bugs.webkit.org/show_bug.cgi?id=62902
        rdar://problem/9640309

        Reviewed by Dean Jackson.

        Not clear how to write a test for this.

        * html/canvas/WebGLBuffer.cpp:
        (WebCore::WebGLBuffer::disassociateBufferData): Added.
        * html/canvas/WebGLBuffer.h: Added disassociateBufferData.

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::bufferData): Check for errors by calling
        moveErrorsToSyntheticErrorList twice, once before and once after. If an error
        occurred, call the WebGLBuffer so it doesn't think it has data.
        (WebCore::WebGLRenderingContext::bufferSubData): Ditto.

        * platform/graphics/GraphicsContext3D.h: Added moveErrorsToSyntheticErrorList.

        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::moveErrorsToSyntheticErrorList): Added. Calls
        glError and moves any errors to the synthetic error list.
        (WebCore::GraphicsContext3D::getError): Added call to moveErrorsToSyntheticErrorList
        to preserve error ordering.
        (WebCore::GraphicsContext3D::synthesizeGLError): Ditto.

2014-04-10  Enrica Casucci  <enrica@apple.com>

        iOS build fix to deal with CoreText changes.
        
        Reviewed by Benjamin Poulain.
        
        This is a temporary fix until CT fixes the issue.

        * rendering/RenderThemeIOS.mm:

2014-04-10  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167073.
        https://bugs.webkit.org/show_bug.cgi?id=131516

        This patch caused crashes in video tests. (Requested by
        mrobinson on #webkit).

        Reverted changeset:

        "[GStreamer] No CORS support for media elements"
        https://bugs.webkit.org/show_bug.cgi?id=99037
        http://trac.webkit.org/changeset/167073

2014-04-10  Beth Dakin  <bdakin@apple.com>

        Radio buttons are using the wrong sizes and margins
        https://bugs.webkit.org/show_bug.cgi?id=131503

        Reviewed by Jer Noble.

        This is a regression that I caused recently when I combined radio button and 
        checkbox code. 
        * platform/mac/ThemeMac.mm:
        (WebCore::paintToggleButton):

2014-04-08  Jon Honeycutt  <jhoneycutt@apple.com>

        Assertion failure in WebCore::FlexBoxIterator::next()
        <https://bugs.webkit.org/show_bug.cgi?id=117176>
        <rdar://problem/14054549>

        Code added in r115687 began removing anonymous wrappers when children
        become inline. However, there are some objects, like
        RenderDeprecatedFlexBox, whose children should always be blocks.

        Reviewed by Tim Horton.

        * rendering/RenderBlock.h:
        (WebCore::RenderBlock::canCollapseAnonymousBlockChild):
        Made public.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::removeAnonymousWrappersForInlinesIfNecessary):
        Return early if we can't collapse anonymous block children.

2014-04-07  Jon Honeycutt  <jhoneycutt@apple.com>

        Assertion failure, !node || node->isElementNode(), in
        WebCore::RenderBlock::clone()
        <https://bugs.webkit.org/show_bug.cgi?id=110489>
        <rdar://problem/13666425>

        Reviewed by Antti Koivisto.

        We're ending up in RenderBlock::splitBlocks() with |this| ==
        |fromBlock|.  We then try to climb the ancestor block chain from
        this->parent() to |fromBlock|, but this->parent() is already above
        |fromBlock|, so we end up climbing up to the RenderView and trying to
        clone it, causing the assertion failure.

        Adopt Chromium's mitigation for this from
        <https://codereview.chromium.org/13852041>. This is not intended as a
        fix for the underlying issue.

        Also, fix another issue that occurs with this fuzzed test case that's
        not handled by the Chromium fix.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::splitBlocks):
        Ensure while we're in the loop that |curr| is a descendant of
        |fromBlock|. From the Chromium patch:

            We need to check in every iteration of the loop because
            moveChildrenTo could have moved |curr|. This is a mitigation and
            not really a fix against a class of tree craziness.

        Finally, before moving children from |fromBlock| to |toBlock|, ensure
        that the children are children of |fromBlock|. If we never entered the
        loop, they will be siblings of |fromBlock|, not children.

2014-04-10  Enrica Casucci  <enrica@apple.com>

        Build fix after http://trac.webkit.org/changeset/167085.

        Reviewed by Timothy Hatcher.

        * plugins/PluginData.h:

2014-04-10  Zalan Bujtas  <zalan@apple.com>

        Web Inspector: Breakpoint in gutter has clipped / broken border image.
        https://bugs.webkit.org/show_bug.cgi?id=131500

        Reviewed by Joseph Pecoraro.

        Typo in r166925.

        Test: fast/borders/border-image-slice-missing-right.html

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintNinePieceImage):

2014-04-10  James Craig  <jcraig@apple.com>

        Web Inspector: AXI: expose aria-busy state of current and ancestor nodes
        https://bugs.webkit.org/show_bug.cgi?id=130826

        Reviewed by Timothy Hatcher.

        Test: inspector-protocol/dom/getAccessibilityPropertiesForNode.html

        Expose if node is contained by any "busy" ancestor nodes, too.

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

2014-04-10  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Remove unused ruler in overlay code
        https://bugs.webkit.org/show_bug.cgi?id=131507

        Reviewed by Timothy Hatcher.

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::highlightConfigFromInspectorObject):
        * inspector/InspectorOverlay.cpp:
        (WebCore::buildObjectForHighlight):
        * inspector/InspectorOverlay.h:
        (WebCore::Highlight::Highlight):
        (WebCore::Highlight::setDataFromConfig):
        * inspector/InspectorOverlayPage.js:
        (_drawFragmentHighlight):
        (_drawRegionNumber): Deleted.
        (quadToPath): Deleted.
        (drawOutlinedQuad): Deleted.
        (pathCommand): Deleted.
        (drawPath): Deleted.
        (drawOutlinedQuadWithClip): Deleted.
        (quadEquals): Deleted.
        (drawGutter): Deleted.
        (drawNodeHighlight): Deleted.
        (drawQuadHighlight): Deleted.
        (setPlatform): Deleted.
        (dispatch): Deleted.
        (log): Deleted.

2014-04-10  Brian J. Burg  <burg@cs.washington.edu>

        Web Replay: memoize plugin data for navigator.mimeTypes and navigator.plugins
        https://bugs.webkit.org/show_bug.cgi?id=131341

        Reviewed by Timothy Hatcher.

        Information about plugins and mime types is nondeterministic and can change
        at any time, whether by system events, browser settings changes, or
        triggered by script. To avoid interposing on all those code paths, just
        memoize the plugin data used by DOMPluginArray and DOMMimeTypeArray.

        This is less efficient than controlling mutations to the underlying PluginData
        of a Page, but that can be done later if better plugin support is desired.
        The point of this change is to make analytics trackers deterministic across
        enabling/disabling of plugins.

        Test: LayoutTests/inspector/window-navigator-plugins-memoized.hml

        * plugins/DOMMimeTypeArray.cpp:
        (WebCore::DOMMimeTypeArray::getPluginData):
        * plugins/DOMPluginArray.cpp:
        (WebCore::DOMPluginArray::pluginData): Save or restore memoized plugin
        data during capture and replay, respectively.

        * plugins/PluginData.h:
        (WebCore::PluginData::PluginData): Add a constructor that uses the
        provided plugin data rather than fetching live plugin data. This is
        marked protected so it's only used by a subclass specifically for
        deserialization.

        * replay/SerializationMethods.cpp: Add encoder specializations.
        (JSC::EncodingTraits<MimeClassInfo>::encodeValue):
        (JSC::EncodingTraits<MimeClassInfo>::decodeValue):
        (JSC::EncodingTraits<PluginInfo>::encodeValue):
        (JSC::EncodingTraits<PluginInfo>::decodeValue):
        (JSC::EncodingTraits<PluginData>::encodeValue):
        (JSC::DeserializedPluginData::DeserializedPluginData): Add a custom
        subclass of PluginData that can be initialized from deserialized data.
        (JSC::EncodingTraits<PluginData>::decodeValue):
        * replay/SerializationMethods.h:
        * replay/WebInputs.json: Add new input FetchPluginData.

2014-04-10  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove "System Font" from character width calculations
        https://bugs.webkit.org/show_bug.cgi?id=131411

        Reviewed by Tim Horton.

        Covered by existing tests

        * platform/graphics/Font.cpp:
        (WebCore::Font::hasValidAverageCharWidth):

2014-04-10  Bem Jones-Bey  <bjonesbe@adobe.com>

        Invalid cast in WebCore::RenderLayer::setupClipPath
        https://bugs.webkit.org/show_bug.cgi?id=131368

        Reviewed by Dirk Schulze.

        Only attempt to clip to a box shape if the renderer being clipped is
        actually a box.

        Test: css3/masking/clip-path-box-shape-on-inline-crash.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::setupClipPath): Add isBox() check.

2014-04-10  Owen Taylor  <otaylor@redhat.com>

        [GTK] Remove a comment that was incorrectly cut-and-pasted from WidgetBackingStoreCairo
        https://bugs.webkit.org/show_bug.cgi?id=131499

        Reviewed by Martin Robinson.

        * platform/gtk/WidgetBackingStoreGtkX11.cpp: Remove a comment that was incorrectly copy and pasted
        from the Cairo implementation.

2014-04-09  Alexey Proskuryakov  <ap@apple.com>

        Eliminate DragSession structure
        https://bugs.webkit.org/show_bug.cgi?id=131465

        Reviewed by Benjamin Poulain.

        DragSession is really just a transient response to NSDragDestination delegate methods.
        The "session" name was quite misleading, and thankfully, we don't need a class for this
        bag of data at all.

        * WebCore.xcodeproj/project.pbxproj:
        * page/DragController.cpp:
        (WebCore::DragController::DragController):
        (WebCore::DragController::dragEntered):
        (WebCore::DragController::dragUpdated):
        (WebCore::DragController::dragEnteredOrUpdated):
        (WebCore::DragController::tryDocumentDrag):
        * page/DragController.h:
        (WebCore::DragController::mouseIsOverFileInput):
        (WebCore::DragController::numberOfItemsToBeAccepted):
        * page/DragSession.h: Removed.

2014-04-10  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [GStreamer] No CORS support for media elements
        https://bugs.webkit.org/show_bug.cgi?id=99037

        Reviewed by Philippe Normand.

        Added CORS access control check to media sources when crossorigin attribute is set.

        Added getter to CORS access control check status (used to compute whether the stream is tainted or not).
        Related test is http/tests/security/video-cross-origin-readback.html.

        Disabled access to cross-origin streams that fail CORS check when crossorigin attribute is set.
        Related test is http/tests/security/video-cross-origin-accessfailure.html.

        Tests: http/tests/security/video-cross-origin-accessfailure.html
               http/tests/security/video-cross-origin-accesssameorigin.html

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::didPassCORSAccessCheck): Return whether media is cross-origin (tainted) or not by querying the gstreamer source layer.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Added MediaPlayerPrivateGStreamer::didPassCORSAccessCheck declaration.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcStart): Passed CORS mode parameter to the streaming client. In case of CORS check failure, stop the resource loading.
        (webKitSrcPassedCORSAccessCheck): Return whether CORS access control check was done and successful.
        (StreamingClient::handleResponseReceived): Take a parameter to assign the CORS access control check result.
        (CachedResourceStreamingClient::CachedResourceStreamingClient): Updated setting of the ResourceLoaderOptions according CORS mode.
        (CachedResourceStreamingClient::responseReceived): Check CORS and pass result to handleResponseReceived.
        (ResourceHandleStreamingClient::didReceiveResponse): No CORS check.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Added webKitSrcPassedCORSAccessCheck declaration.

2014-04-10  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>

        Move UseJSC.cmake back to CMakeLists.txt
        https://bugs.webkit.org/show_bug.cgi?id=130834

        Reviewed by Csaba Osztrogonác.

        No new tests required.

        * CMakeLists.txt:
        * UseJSC.cmake: Removed.

2014-04-09  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r167046.
        https://bugs.webkit.org/show_bug.cgi?id=131479

        Caused 300+ failures on Mavericks WK1 tester (Requested by ap
        on #webkit).

        Reverted changeset:

        "Remove "System Font" from whitelisted DRT fonts and char
        width calculations"
        https://bugs.webkit.org/show_bug.cgi?id=131411
        http://trac.webkit.org/changeset/167046

2014-04-09  Jeremy Jones  <jeremyj@apple.com>

        Fix build failure.
        https://bugs.webkit.org/show_bug.cgi?id=131473

        Reviewed by Dan Bernstein.

        Fix build failure.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (mediaSelectionOptions):

2014-04-09  Enrica Casucci  <enrica@apple.com>

        Unreviewed build fix after http://trac.webkit.org/changeset/167045

        The file contained an invalid character.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::enterFullscreen):

2014-04-09  Dean Jackson  <dino@apple.com>

        [iOS] Media controls should resize as the user zooms
        https://bugs.webkit.org/show_bug.cgi?id=131322

        Reviewed by Eric Carlson.

        On iOS the media controls should remain the same size
        independent of user zoom. Have the HTMLMediaElement optionally
        register for updates in the page scale to apply an inverse
        scale.

        * Modules/mediacontrols/MediaControlsHost.cpp: New exposed property that calls
        back into HTMLMediaElement::mediaControlsDependOnPageScaleFactor.
        (WebCore::MediaControlsHost::controlsDependOnPageScaleFactor):
        (WebCore::MediaControlsHost::setControlsDependOnPageScaleFactor):
        * Modules/mediacontrols/MediaControlsHost.h: Keep a reference to the actual
        controls from the JavaScript side so we can talk to it later.
        (WebCore::MediaControlsHost::controllerJSValue):
        (WebCore::MediaControlsHost::setControllerJSValue):
        * Modules/mediacontrols/MediaControlsHost.idl: Expose controlsDependOnPageScaleFactor.

        * Modules/mediacontrols/mediaControlsiOS.css:
        (audio::-webkit-media-controls-panel): Specify the transform origin so that
        scaling will keep the controls pinned to the bottom left corner.
        (audio::-webkit-media-controls-start-playback-button): Update to the correct size
        and provide new artwork.
        (audio::-webkit-media-controls-start-playback-button.failed): New artwork.
        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS): Tell the host that these controls care about the page scale.
        (ControllerIOS.prototype.get pageScaleFactor): New getter.
        (ControllerIOS.prototype.set pageScaleFactor): When set, update the play button and the panel.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript): Small naming cleanup.
        (setPageScaleFactorProperty): Static helper to set a JS property value.
        (WebCore::HTMLMediaElement::didAddUserAgentShadowRoot): Keep a reference to the controls object,
        and make sure to set the page scale factor on the controls.
        (WebCore::HTMLMediaElement::pageScaleFactorChanged): Implement the callback, telling
        the controls object that it needs to relayout.

2014-04-09  Antti Koivisto  <antti@apple.com>

        Try to fix iOS build.

        * platform/graphics/ca/mac/TileController.mm:

2014-04-09  Andy Estes  <aestes@apple.com>

        REGRESSION (r165908): ~QuickLookHandle() tries to dereference a null ResourceHandle
        https://bugs.webkit.org/show_bug.cgi?id=131467

        Reviewed by Tim Horton.

        QuickLookHandle stored a ResourceHandle pointer in order to later
        retrive the URL of its firstRequest(), but after r165908 we no longer
        always have a ResourceHandle. Since firstRequest()'s URL is the only
        thing we need from ResourceHandle, store it directly rather than a
        ResourceHandle pointer. In the case where we create a QuickLookHandle
        from a ResourceLoader rather than a ResourceHandle, pass the loader's
        originalRequest(), which represents the same request as firstRequest()
        (i.e. the request after willSendRequest() but before redirects).

        * platform/network/ios/QuickLook.h:
        * platform/network/ios/QuickLook.mm:
        (WebCore::QuickLookHandle::QuickLookHandle):
        (WebCore::QuickLookHandle::create):
        (WebCore::QuickLookHandle::didFail):
        (WebCore::QuickLookHandle::~QuickLookHandle):

2014-04-09  James Craig  <jcraig@apple.com>

        AX: Bug in AccessibilityNodeObject::helpText
        https://bugs.webkit.org/show_bug.cgi?id=130386

        Reviewed by Chris Fleizach.

        Test: accessibility/help-text.html

        Ancestor loop was always checking attribute of original node rather than current node.

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::helpText):

2014-04-09  Chris Fleizach  <cfleizach@apple.com>

        Regression: AX: list heuristics sometimes determined as presentational even when explicit roles applied
        https://bugs.webkit.org/show_bug.cgi?id=131041

        Reviewed by Mario Sanchez Prada.

        When display:table is used on a list item, it inserts RenderObjects that can be ignored as the children
        of the list. This allows normal list heuristics to be applied.

        * accessibility/AccessibilityTableCell.cpp:
        (WebCore::AccessibilityTableCell::computeAccessibilityIsIgnored):

2014-04-09  Antti Koivisto  <antti@apple.com>

        TileGrid should be PlatformCALayerClient instead of TileController
        https://bugs.webkit.org/show_bug.cgi?id=131456
        
        Switch one more place to use removeTiles.

        * platform/graphics/ca/mac/TileGrid.mm:
        (WebCore::TileGrid::revalidateTiles):

2014-04-09  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove "System Font" from whitelisted DRT fonts and char width calculations
        https://bugs.webkit.org/show_bug.cgi?id=131411

        Reviewed by Tim Horton.

        Covered by existing tests.

        * platform/graphics/Font.cpp:
        (WebCore::Font::hasValidAverageCharWidth):

2014-04-09  Jeremy Jones  <jeremyj@apple.com>

        Fullscreen does two view controller changes at once
        https://bugs.webkit.org/show_bug.cgi?id=131432

        Reviewed by Eric Carlson.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::enterFullscreen):
        delay -presentViewController on the main run loop to allow
        previous view controller change to complete.

2014-04-09  Jeremy Jones  <jeremyj@apple.com>

        Enable fullscreen captions selection
        https://bugs.webkit.org/show_bug.cgi?id=131069

        Reviewed by Eric Carlson.

        Enable media selection options from fullscreen. i.e. captions.

        * WebCore.exp.in:
        Add exports for 
        setAudioMediaSelectionOptions
        setLegibleMediaSelectionOptions
        selectAudioMediaOption
        selectLegibleMediaOption

        * platform/ios/WebVideoFullscreenInterface.h:
        Add setAudioMediaSelectionOptions/setLegibleMediaSelectionOptions

        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        Add setAudioMediaSelectionOptions/setLegibleMediaSelectionOptions

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        Add setAudioMediaSelectionOptions/setLegibleMediaSelectionOptions

        (-[WebAVPlayerController dealloc]):
        (-[WebAVPlayerController hasMediaSelectionOptions]):
        (+[WebAVPlayerController keyPathsForValuesAffectingHasMediaSelectionOptions]):
        (-[WebAVPlayerController hasAudioMediaSelectionOptions]):
        (+[WebAVPlayerController keyPathsForValuesAffectingHasAudioMediaSelectionOptions]):
        (-[WebAVPlayerController hasLegibleMediaSelectionOptions]):
        (+[WebAVPlayerController keyPathsForValuesAffectingHasLegibleMediaSelectionOptions]):
        (-[WebAVPlayerController currentAudioMediaSelectionOption]):
        (-[WebAVPlayerController setCurrentAudioMediaSelectionOption:]):
        (-[WebAVPlayerController currentLegibleMediaSelectionOption]):
        (-[WebAVPlayerController setCurrentLegibleMediaSelectionOption:]):
        (WebVideoFullscreenInterfaceAVKit::setAudioMediaSelectionOptions):
        (WebVideoFullscreenInterfaceAVKit::setLegibleMediaSelectionOptions):
        * platform/ios/WebVideoFullscreenModel.h:
        Add selectAudioMediaOption/selectLegibleMediaOption

        * platform/ios/WebVideoFullscreenModelMediaElement.h:
        Add selectAudioMediaOption/selectLegibleMediaOption

        * platform/ios/WebVideoFullscreenModelMediaElement.mm:
        Add selectAudioMediaOption/selectLegibleMediaOption

        (WebVideoFullscreenModelMediaElement::setMediaElement):
        Send initial media selection options.

        (WebVideoFullscreenModelMediaElement::selectAudioMediaOption):
        Will be implemented when audio track slection is implemented.

        (WebVideoFullscreenModelMediaElement::selectLegibleMediaOption):
        Select corresponding text track on HTMLMediaElement.

2014-04-09  Antti Koivisto  <antti@apple.com>

        TileGrid should be PlatformCALayerClient instead of TileController
        https://bugs.webkit.org/show_bug.cgi?id=131456

        Reviewed by Tim Horton.

        The client interface is for the tiles in the grid.

        * platform/graphics/ca/mac/TileController.h:
        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::setContentsScale):
        (WebCore::TileController::createTileLayer):
        (WebCore::TileController::platformCALayerPaintContents): Deleted.
        (WebCore::TileController::platformCALayerDeviceScaleFactor): Deleted.
        (WebCore::TileController::platformCALayerShowDebugBorders): Deleted.
        (WebCore::TileController::platformCALayerShowRepaintCounter): Deleted.
        (WebCore::TileController::platformCALayerIncrementRepaintCount): Deleted.
        * platform/graphics/ca/mac/TileGrid.h:
        
            Move repaint counter to TileGrid too.

        * platform/graphics/ca/mac/TileGrid.mm:
        (WebCore::TileGrid::removeTiles):
        (WebCore::TileGrid::removeAllSecondaryTiles):
        (WebCore::TileGrid::removeTilesInCohort):
        
           Cleaned up tile removal.

        (WebCore::TileGrid::revalidateTiles):
        (WebCore::TileGrid::ensureTilesForRect):
        (WebCore::TileGrid::platformCALayerPaintContents):
        (WebCore::TileGrid::platformCALayerDeviceScaleFactor):
        (WebCore::TileGrid::platformCALayerShowDebugBorders):
        (WebCore::TileGrid::platformCALayerShowRepaintCounter):
        (WebCore::TileGrid::platformCALayerContentsOpaque):
        (WebCore::TileGrid::platformCALayerIncrementRepaintCount):
        (WebCore::queueTileForRemoval): Deleted.

2014-04-09  Alexey Proskuryakov  <ap@apple.com>

        Rename some dragging functions
        https://bugs.webkit.org/show_bug.cgi?id=131460

        Reviewed by Tim Horton.

        Renamed performDrag to performDragOperation. This function is responsible for
        accepting a drop, not for the whole drag.

        The new name is not perfect either, but I think that it's better, and at least
        it matches AppKit, like the other dragging destination functions already do.

        * WebCore.exp.in:
        * page/DragController.cpp:
        (WebCore::DragController::performDragOperation):
        (WebCore::DragController::performDrag): Deleted.
        * page/DragController.h:

2014-04-08  Samuel White  <samuel_white@apple.com>

        AX: Initial text selection point should respect element focus.
        https://bugs.webkit.org/show_bug.cgi?id=131402

        Reviewed by Chris Fleizach.

        Support the case where we want to set the initial selection and there's already a focused element.

        No new tests, updated existing selection-initial to test this functionality.

        * page/EventHandler.cpp:
        (WebCore::setKeyboardSelection):
        (WebCore::handleKeyboardSelectionMovement):

2014-04-09  Ryosuke Niwa  <rniwa@webkit.org>

        HTMLCollection::updateNamedElementCach iterates over items twice
        https://bugs.webkit.org/show_bug.cgi?id=131448

        Reviewed by Andreas Kling.

        Compute the length first and go through the cache interface to traverse through items.

        * html/HTMLCollection.cpp:
        (WebCore::HTMLCollection::updateNamedElementCache):

2014-04-09  Brendan Long  <b.long@cablelabs.com>

        [GStreamer] Expose MPEG-TS metadata
        https://bugs.webkit.org/show_bug.cgi?id=122001

        Reviewed by Eric Carlson.

        Test: media/track/in-band/track-in-band-mpegts-metadata.html

        * CMakeLists.txt: Add InbandDataTextTrack.
        * PlatformGTK.cmake: Look for gstreamer-mpegts and use it if available.
        * WebCore.vcxproj/WebCore.vcxproj: Add InbandDataTextTrack.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Same.
        * WebCore.xcodeproj/project.pbxproj: Same.
        * html/track/DataCue.cpp:
        (WebCore::DataCue::DataCue): Add a constructor using raw data.
        * html/track/DataCue.h:
        (WebCore::DataCue::create): Same.
        * html/track/InbandDataTextTrack.cpp: Added, InbandTextTrack which implements addDataCue().
        * html/track/InbandDataTextTrack.h:
        * html/track/InbandGenericTextTrack.h: Move unimplemented methods to InbandTextTrack.
        * html/track/InbandWebVTTTextTrack.h: Same.
        * html/track/InbandTextTrack.h: Same, and add inBandMetadataTrackDispatchType.
        * html/track/InbandTextTrack.cpp:
        (WebCore::InbandTextTrack::create): Add constructor for InbandDataTextTrack.
        (WebCore::InbandTextTrack::inBandMetadataTrackDispatchType): Added.
        * html/track/TextTrack.h:
        (WebCore::TextTrack::inBandMetadataTrackDispatchType): Added (empty).
        * html/track/TextTrack.idl: Add inBandMetadataTrackDispatchType.
        * platform/graphics/InbandTextTrackPrivate.h: Add inBandMetadataTrackDispatchType and Data format.
        (WebCore::InbandTextTrackPrivate::inBandMetadataTrackDispatchType):
        * platform/graphics/InbandTextTrackPrivateClient.h: Add addDataCue() method.
        * platform/graphics/gstreamer/InbandMetadataTextTrackPrivateGStreamer.h:
        (WebCore::InbandMetadataTextTrackPrivateGStreamer::create): Allow specifying the cue format and id.
         (WebCore::InbandMetadataTextTrackPrivateGStreamer::InbandMetadataTextTrackPrivateGStreamer): Same.
        (WebCore::InbandMetadataTextTrackPrivateGStreamer::setInBandMetadataTrackDispatchType): Added.
        (WebCore::InbandMetadataTextTrackPrivateGStreamer::addDataCue): Added.
        (WebCore::InbandMetadataTextTrackPrivateGStreamer::addGenericCue): Added.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage): Check for MPEG-TS sections.
        (WebCore::MediaPlayerPrivateGStreamer::processMpegTsSection): Add MPEG-TS section metadata, and get inBandMetadataTrackDispatchType from the PMT.
        (WebCore::MediaPlayerPrivateGStreamer::processTableOfContents): Explicitly use Generic CueFormat.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:

2014-04-08  Chris Fleizach  <cfleizach@apple.com>

        AX: Make AXPress much more reliable on the Web
        https://bugs.webkit.org/show_bug.cgi?id=131426

        Reviewed by Mario Sanchez Prada.

        AXPress fails when an event handler is on a node higher in the parent chain than the focused node.

        We need to make AXPress more reliable by 
            1) Using the element that is focused as the target of the event
            2) Search for the inner most control object when dispatching the event

        Updated existing accessibility/press-works-on-control-types.html

        * accessibility/AccessibilityMenuList.cpp:
        (WebCore::AccessibilityMenuList::press):
        * accessibility/AccessibilityMenuList.h:
        * accessibility/AccessibilityMenuListPopup.cpp:
        (WebCore::AccessibilityMenuListPopup::press):
        * accessibility/AccessibilityMenuListPopup.h:
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::press):
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::performDefaultAction):
        * accessibility/AccessibilitySearchFieldButtons.cpp:
        (WebCore::AccessibilitySearchFieldCancelButton::press):
        * accessibility/AccessibilitySearchFieldButtons.h:
        * accessibility/AccessibilitySpinButton.cpp:
        (WebCore::AccessibilitySpinButtonPart::press):
        * accessibility/AccessibilitySpinButton.h:

2014-04-09  Brady Eidson  <beidson@apple.com>

        ContentFilterMac is broken when NE_FILTER_SOURCE is enabled.
        <rdar://problem/15978793> and https://bugs.webkit.org/show_bug.cgi?id=131445

        Reviewed by Andy Estes.

        No new tests (Not a tested feature).

        * platform/mac/ContentFilterMac.mm:
        (WebCore::ContentFilter::needsMoreData): Only consider m_neFilterSourceStatus if m_neFilterSource exists.
        (WebCore::ContentFilter::didBlockData): Ditto.

2014-04-08  Oliver Hunt  <oliver@apple.com>

        Rewrite Function.bind as a builtin
        https://bugs.webkit.org/show_bug.cgi?id=131083

        Reviewed by Geoffrey Garen.

        Switch WebCore to use the helper functions when defining the
        prototype properties on DOM constructors, and update bindings
        tests accordingly.

        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::finishCreation):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateConstructorHelperMethods):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::JSTestActiveDOMObjectConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        (WebCore::JSTestCustomNamedGetterConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        (WebCore::JSTestEventConstructorConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::JSTestEventTargetConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestException.cpp:
        (WebCore::JSTestExceptionConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        (WebCore::JSTestGenerateIsReachableConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::JSTestInterfaceConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        (WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        (WebCore::JSTestNamedConstructorConstructor::finishCreation):
        (WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestNode.cpp:
        (WebCore::JSTestNodeConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObjConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        (WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        (WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::JSTestTypedefsConstructor::finishCreation):
        * bindings/scripts/test/JS/JSattribute.cpp:
        (WebCore::JSattributeConstructor::finishCreation):
        * bindings/scripts/test/JS/JSreadonly.cpp:
        (WebCore::JSreadonlyConstructor::finishCreation):

2014-04-09  Enrica Casucci  <enrica@apple.com>

        Unreviewed iOS build fix. Replacing deprecated enum with AVPlayerViewControllerExitFullScreenReason.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerController playerViewController:shouldDismissWithReason:]):

2014-04-09  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Monolithic elements should not affect the layout of the content outside its region
        https://bugs.webkit.org/show_bug.cgi?id=130499

        Reviewed by David Hyatt.

        When performing layout on an element flowed into regions, its logical height must not be incremented 
        past the region's logical bottom for monolithic elements in regions different than the last region their containing
        block is fragmented into. This ensures that the following elements are correctly laid out 
        from the top of the next region.
        This change must also be applied to floats in order to prevent text from avoiding part
        of a float that did not actually made it into the current region, but instead overflowed
        the previous one.

        Tests: fast/regions/fragmentation-after-float-overflow-single-region.html
               fast/regions/fragmentation-after-monolithic-overflow-self-collapsed.html
               fast/regions/fragmentation-after-monolithic-overflow-single-region.html
               fast/regions/fragmentation-after-monolithic-overflow.html

        * rendering/FloatingObjects.cpp:
        (WebCore::FloatingObjects::computePlacedFloatsTree):
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::layoutBlockChild):
        (WebCore::RenderBlockFlow::adjustBlockChildForPagination):
        (WebCore::RenderBlockFlow::lowestFloatLogicalBottom):
        (WebCore::RenderBlockFlow::getClearDelta):
        (WebCore::RenderBlockFlow::applyAfterBreak): Deleted.
        (WebCore::RenderBlockFlow::nextFloatLogicalBottomBelow): Deleted.
        (WebCore::RenderBlockFlow::nextFloatLogicalBottomBelowForBlock): Deleted.
        (WebCore::RenderBlockFlow::flipFloatForWritingModeForChild): Deleted.
        * rendering/RenderBlockFlow.h:
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::isBoxInDifferentRegionsAsFloat):
        * rendering/RenderFlowThread.h:

2014-04-09  Anders Carlsson  <andersca@apple.com>

        Use std::array in AffineTransform, and get rid of setMatrix
        https://bugs.webkit.org/show_bug.cgi?id=131416

        Reviewed by Sam Weinig.

        * platform/graphics/transforms/AffineTransform.cpp:
        (WebCore::AffineTransform::AffineTransform):
        (WebCore::AffineTransform::multiply):
        * platform/graphics/transforms/AffineTransform.h:
        (WebCore::AffineTransform::setMatrix): Deleted.

2014-04-09  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Plugin process crashes when loading totem plugin
        https://bugs.webkit.org/show_bug.cgi?id=131357

        Reviewed by Martin Robinson.

        Remove netscape plugin implementation from WebCore that was only
        used by WebKit1. This removes the conflict between the WebCore NPN
        symbols and the ones used by the plugins.

        * CMakeLists.txt:
        * PlatformEfl.cmake:
        * PlatformGTK.cmake:
        * PlatformWin.cmake:
        * plugins/PluginViewNone.cpp:
        * plugins/gtk/PluginPackageGtk.cpp: Removed.
        * plugins/gtk/PluginViewGtk.cpp: Removed.
        * plugins/gtk/gtk2xtbin.c: Removed.
        * plugins/gtk/gtk2xtbin.h: Removed.
        * plugins/gtk/xembed.h: Removed.

2014-04-09  Jeremy Jones  <jeremyj@apple.com>

        fullscreen controls first show a play button instead of a pause button
        https://bugs.webkit.org/show_bug.cgi?id=131430

        Reviewed by Jer Noble.

        isPlaying() is false while buffering, paused() isn't; use paused() for
        the play button.

        * platform/ios/WebVideoFullscreenModelMediaElement.mm:
        (WebVideoFullscreenModelMediaElement::setMediaElement):
        (WebVideoFullscreenModelMediaElement::handleEvent):
        Use HTMLMediaElement::paused() instead of HTMLMediaElement::isPlaying()

2014-04-09  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>

        Remove duplicated files and unnecessary conditions from UseJSC.cmake
        https://bugs.webkit.org/show_bug.cgi?id=131438

        Reviewed by Csaba Osztrogonác.

        No new tests required.

        * UseJSC.cmake:

2014-04-09  Mario Sanchez Prada  <mario.prada@samsung.com>

        [GTK] Layout tests accessibility/children-changed-sends-notification.html and accessibility/notification-listeners.html fails
        https://bugs.webkit.org/show_bug.cgi?id=131380

        Reviewed by Chris Fleizach.

        Don't emit signals for added objects that we know won't be exposed
        to the accessibility hierarchy (e.g. static text).

        * accessibility/atk/AXObjectCacheAtk.cpp:
        (WebCore::AXObjectCache::attachWrapper): Add extra check and early return.

2014-04-09  Mario Sanchez Prada  <mario.prada@samsung.com>

        [AX][GTK] No new lines in some AX tests output
        https://bugs.webkit.org/show_bug.cgi?id=131294

        Reviewed by Martin Robinson.

        Do not implement Hypetext or AtkText for the WebArea. Those
        interfaces will be implemented by the containers (automatically
        generated or not) for the different parts of the DOM and the
        render subtree under this element anyway.

        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (getInterfaceMaskFromObject): Make sure we don't apply
        WAIHypertext nor WAIText to objects with role WebAreaRole.

2014-04-08  Conrad Shultz  <conrad_shultz@apple.com>

        nil should only be used for objects
        https://bugs.webkit.org/show_bug.cgi?id=131431

        Reviewed by Chris Fleizach.

        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper accessibilityIsAttributeSettable:]):
        nil -> NO.

        * platform/mac/WebVideoFullscreenController.mm:
        (-[WebVideoFullscreenController setMediaElement:]):
        nil -> 0; change a NULL to nullptr while we're here.

2014-04-08  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Crash when video in region exits fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=131366

        Reviewed by Andrei Bucur.

        After fix for https://bugs.webkit.org/show_bug.cgi?id=130392, we compute the region ranges
        information for inline elements collected in named flows with associated region chains.
        The algorithm for this computation, implemented in RenderFlowThread::getRegionRangeForBox,
        walks up the render tree trying to find the top-most unsplittable box under the named flow
        in the case where the region ranges information is not available.

        As this traversal works properly only when the starting box is not detached from the render tree,
        i changed the named flow information clearing in RenderBlock::collapseAnonymousBoxChild
        to occur before the child to be collapsed is removed from the render tree.

        Test: fast/regions/full-screen-video-in-region-crash.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::collapseAnonymousBoxChild):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::getRegionRangeForBox):

2014-04-08  Chris Fleizach  <cfleizach@apple.com>

        Unreviewed build fix for iOS (redux).

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper accessibilityARIAIsBusy]):
        (-[WebAccessibilityObjectWrapper accessibilityARIALiveRegionIsAtomic]):

2014-04-08  Chris Fleizach  <cfleizach@apple.com>
 
        Unreviewed build fix for iOS.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper accessibilityElementCount]):

2014-04-08  Antti Koivisto  <antti@apple.com>

        Factor tile coverage map into a class
        https://bugs.webkit.org/show_bug.cgi?id=131417

        Reviewed by Tim Horton.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/ca/PlatformCALayerClient.h:
        (WebCore::PlatformCALayerClient::platformCALayerLayoutSublayersOfLayer):
        (WebCore::PlatformCALayerClient::platformCALayerRespondsToLayoutChanges):
        (WebCore::PlatformCALayerClient::platformCALayerAnimationStarted):
        (WebCore::PlatformCALayerClient::platformCALayerContentsOrientation):
        (WebCore::PlatformCALayerClient::platformCALayerShowDebugBorders):
        (WebCore::PlatformCALayerClient::platformCALayerShowRepaintCounter):
        (WebCore::PlatformCALayerClient::platformCALayerIncrementRepaintCount):
        (WebCore::PlatformCALayerClient::platformCALayerLayerDidDisplay):
        
            Added default implementation to some of these to make clients less messy.

        * platform/graphics/ca/mac/TileController.h:
        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::~TileController):
        (WebCore::TileController::platformCALayerPaintContents):
        (WebCore::TileController::setTiledScrollingIndicatorPosition):
        (WebCore::TileController::updateTileCoverageMap):
        (WebCore::TileController::tiledScrollingIndicatorLayer):
        * platform/graphics/ca/mac/TileCoverageMap.h: Added.
        (WebCore::TileCoverageMap::setPosition):
        (WebCore::TileCoverageMap::layer):
        * platform/graphics/ca/mac/TileCoverageMap.mm: Added.
        
            The new class.

        (WebCore::TileCoverageMap::TileCoverageMap):
        (WebCore::TileCoverageMap::~TileCoverageMap):
        (WebCore::TileCoverageMap::update):
        (WebCore::TileCoverageMap::platformCALayerPaintContents):
        (WebCore::TileCoverageMap::platformCALayerDeviceScaleFactor):
        * platform/graphics/ca/mac/TileGrid.h:
        * platform/graphics/ca/mac/TileGrid.mm:
        (WebCore::TileGrid::drawTileMapContents):

2014-04-08  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Clip outer rounded border rect on device pixel boundaries.
        https://bugs.webkit.org/show_bug.cgi?id=131404

        Reviewed by Simon Fraser.

        Use device pixel snapped rectangle to clip out rounded rects, when not all sides are solid/double.
        Snapping it to device pixel boundaries ensures that when we call drawRect(devicePixelSnappedRect) later,
        it leaves no cruft behind.

        Test: fast/borders/hidpi-rounded-border-on-subpixel-position.html

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintBorder):

2014-04-08  Jon Lee  <jonlee@apple.com>

        Turn MSE on by default
        https://bugs.webkit.org/show_bug.cgi?id=131313
        <rdar://problem/16525223>

        Reviewed by Jer Noble.

        * Configurations/FeatureDefines.xcconfig:
        * page/Settings.in: Add MEDIA_SOURCE conditional.

2014-04-08  Anders Carlsson  <andersca@apple.com>

        Remove an unused parameter from loadResource.

        Reviewed by Darin Adler.

        Since the CachedResourceRequest has the charset in it, we don't need to pass it separately to loadRequest.

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestResource):
        (WebCore::CachedResourceLoader::loadResource):
        * loader/cache/CachedResourceLoader.h:

2014-04-08  Ryuan Choi  <ryuan.choi@samsung.com>

        Unreviewed EFL build fix attempt since r166956

        * page/efl/DragControllerEfl.cpp: Rename Clipboard to DataTransfer.
        (WebCore::DragController::declareAndWriteDragImage):

2014-04-08  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (r155998): Elements render at very low resolution with some 3d transforms
        https://bugs.webkit.org/show_bug.cgi?id=131412
        <rdar://problem/16525044>

        Reviewed by Tim Horton.
        
        In r155998 we started to compute a root-relative transform in order to choose
        a good contentsScale to avoid blurring on scaling.
        
        However, the code failed to update this transform when passing over
        GraphicsLayerCAs with no uncommitted changes, which caused us to choose
        an incorrect contentsScale sometimes, resulting in blurriness.
        
        Fix by updating the root-relative transform on layers with no uncommitted
        changes.

        Test: compositing/contents-scale/incremental-change.html

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers):

2014-04-08  Anders Carlsson  <andersca@apple.com>

        Don't call CGPathAddPath with invalid CGAffineTransform objects
        https://bugs.webkit.org/show_bug.cgi?id=131413
        <rdar://problem/16399645>

        Reviewed by Darin Adler.

        Covered by existing tests.

        * platform/graphics/cg/PathCG.cpp:
        (WebCore::Path::addPath):
        Don't try to add the path if the affine transform isn't invertible.

        * platform/graphics/transforms/AffineTransform.cpp:
        (WebCore::AffineTransform::isInvertible):
        Handle infinite and NaN determinants.

        (WebCore::AffineTransform::inverse):
        Handle infinite and NaN determinants.

2014-04-08  Brian J. Burg  <burg@cs.washington.edu>

        Web Replay: memoize nondeterministic attributes of the Screen interface
        https://bugs.webkit.org/show_bug.cgi?id=131339

        Reviewed by Timothy Hatcher.

        The values from the screen interface are nondeterministic. Since we can't
        change the physical screen dimensions, instead memoize values of attributes.

        Test: ManualTests/inspector/replay-window-screen.html

        * page/Screen.idl: Add Nondeterministic attribute.

2014-04-08  Beth Dakin  <bdakin@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=131408
        Scrollbars layers don't dynamically update when device scale factor changes
        -and corresponding-
        <rdar://problem/16503875>

        Reviewed by Tim Horton.

        The scrollbar layers are not children of the RenderView's layer, so they were 
        completely skipped over by this function before. We need to start this higher up 
        the tree in the rootGraphicsLayer(), which will typically return the 
        m_overflowControlsHostLayer.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::deviceOrPageScaleFactorChanged):

2014-04-08  Ryosuke Niwa  <rniwa@webkit.org>

        HTMLConverter::aggregatedAttributesForAncestors should cache intermediate results
        https://bugs.webkit.org/show_bug.cgi?id=131400

        Reviewed by Sam Weinig.

        Instead of accumulating attributes from a character node to the highest ancestor,
        recursively call aggregatedAttributesForElementAndItsAncestors so that aggregated
        attributes are cached on each ancestor to eliminate the old O(n^2) behavior.

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverter::aggregatedAttributesForAncestors):
        (HTMLConverter::aggregatedAttributesForElementAndItsAncestors): Extracted from aggregatedAttributesForAncestors.

2014-04-08  Jinwoo Song  <jinwoo7.song@samsung.com>

        Unreviewed CMake build fix after r166965.

        * UseJSC.cmake: Rename JSClipboardCustom.cpp to JSDataTransferCustom.cpp.

2014-04-08  Enrica Casucci  <enrica@apple.com>

        Unreviewed iOS build fix.

        Return false instead of nil in a function that returns BOOL.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper accessibilityCanFuzzyHitTest]):

2014-04-08  Brady Eidson  <beidson@apple.com>

        Non-empty ranges misdetected as empty ranges, avoiding telephone number detection.
        <rdar://problem/16553441> and https://bugs.webkit.org/show_bug.cgi?id=131397 

        Reviewed by Tim Horton.

        No new tests (Only affects a currently untested Mac-only WK2 feature)

        * editing/Editor.cpp:
        (WebCore::Editor::scanSelectionForTelephoneNumbers): Fix detection of empty ranges so we don’t
          early return erroneously.

2014-04-08  Adenilson Cavalcanti  <cavalcantii@gmail.com>

        [SVG] Fix CSS transform handling when zoomed
        https://bugs.webkit.org/show_bug.cgi?id=125836

        Reviewed by Tim Horton.

        Tests: svg/zoom/page/zoom-css-transforms-expected.svg
               svg/zoom/page/zoom-css-transforms.svg

        Adjusts CSS transforms when used in SVG to account for unexpected
        translation scale. Backport from Chromium #174910.

        * svg/SVGGraphicsElement.cpp:
        (WebCore::SVGGraphicsElement::animatedLocalTransform):

2014-04-08  Hans Muller  <hmuller@adobe.com>

        [CSS Shapes] large corner radius combined with 0 radius does not wrap properly
        https://bugs.webkit.org/show_bug.cgi?id=129739

        Reviewed by Bem Jones-Bey.

        Corrected special case handling for shape-outside border-box values with border-radius
        values that greater than or equal to the box's height.

        Tests: fast/shapes/shape-outside-floats/shape-outside-big-box-border-radius-001.html
               fast/shapes/shape-outside-floats/shape-outside-big-box-border-radius-002.html

        * rendering/shapes/BoxShape.cpp:
        (WebCore::BoxShape::getExcludedIntervals):

2014-04-08  Alexey Proskuryakov  <ap@apple.com>

        Rename Clipboard to DataTransfer
        https://bugs.webkit.org/show_bug.cgi?id=131371

        Reviewed by Anders Carlsson.

        This is the name used in HTML5, and it's much better than the confusing Clipboard one.

        Renamed related enums too, and made DataTransferAccessPolicy an enum class.

        * CMakeLists.txt:
        * Configurations/WebCore.xcconfig:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * WebCore.exp.in:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSClipboardCustom.cpp: Removed.
        * bindings/js/JSDataTransferCustom.cpp: Copied from Source/WebCore/bindings/js/JSClipboardCustom.cpp.
        (WebCore::JSDataTransfer::types):
        (WebCore::JSClipboard::types): Deleted.
        * bindings/js/JSEventCustom.cpp:
        * dom/Clipboard.cpp: Removed.
        * dom/Clipboard.h: Removed.
        * dom/Clipboard.idl: Removed.
        * dom/ClipboardAccessPolicy.h: Removed.
        * dom/ClipboardEvent.cpp:
        (WebCore::ClipboardEvent::ClipboardEvent):
        * dom/ClipboardEvent.h:
        (WebCore::ClipboardEvent::create):
        (WebCore::ClipboardEvent::clipboard): Deleted.
        * dom/ClipboardMac.mm: Removed.
        * dom/DOMAllInOne.cpp:
        * dom/DataTransfer.cpp: Copied from Source/WebCore/dom/Clipboard.cpp.
        (WebCore::DataTransfer::DataTransfer):
        (WebCore::DataTransfer::createForCopyAndPaste):
        (WebCore::DataTransfer::~DataTransfer):
        (WebCore::DataTransfer::setAccessPolicy):
        (WebCore::DataTransfer::canReadTypes):
        (WebCore::DataTransfer::canReadData):
        (WebCore::DataTransfer::canWriteData):
        (WebCore::DataTransfer::clearData):
        (WebCore::DataTransfer::getData):
        (WebCore::DataTransfer::setData):
        (WebCore::DataTransfer::types):
        (WebCore::DataTransfer::files):
        (WebCore::DataTransfer::dropEffect):
        (WebCore::DataTransfer::setDropEffect):
        (WebCore::DataTransfer::effectAllowed):
        (WebCore::DataTransfer::setEffectAllowed):
        (WebCore::DataTransfer::setDragImage):
        (WebCore::DataTransfer::createForDragAndDrop):
        (WebCore::DataTransfer::canSetDragImage):
        (WebCore::DataTransfer::updateDragImage):
        (WebCore::DataTransfer::createDragImage):
        (WebCore::DragImageLoader::DragImageLoader):
        (WebCore::DragImageLoader::imageChanged):
        (WebCore::DataTransfer::sourceOperation):
        (WebCore::DataTransfer::destinationOperation):
        (WebCore::DataTransfer::setSourceOperation):
        (WebCore::DataTransfer::setDestinationOperation):
        (WebCore::Clipboard::Clipboard): Deleted.
        (WebCore::Clipboard::createForCopyAndPaste): Deleted.
        (WebCore::Clipboard::~Clipboard): Deleted.
        (WebCore::Clipboard::setAccessPolicy): Deleted.
        (WebCore::Clipboard::canReadTypes): Deleted.
        (WebCore::Clipboard::canReadData): Deleted.
        (WebCore::Clipboard::canWriteData): Deleted.
        (WebCore::Clipboard::clearData): Deleted.
        (WebCore::Clipboard::getData): Deleted.
        (WebCore::Clipboard::setData): Deleted.
        (WebCore::Clipboard::types): Deleted.
        (WebCore::Clipboard::files): Deleted.
        (WebCore::Clipboard::dropEffect): Deleted.
        (WebCore::Clipboard::setDropEffect): Deleted.
        (WebCore::Clipboard::effectAllowed): Deleted.
        (WebCore::Clipboard::setEffectAllowed): Deleted.
        (WebCore::Clipboard::setDragImage): Deleted.
        (WebCore::Clipboard::createForDragAndDrop): Deleted.
        (WebCore::Clipboard::canSetDragImage): Deleted.
        (WebCore::Clipboard::updateDragImage): Deleted.
        (WebCore::Clipboard::createDragImage): Deleted.
        (WebCore::Clipboard::sourceOperation): Deleted.
        (WebCore::Clipboard::destinationOperation): Deleted.
        (WebCore::Clipboard::setSourceOperation): Deleted.
        (WebCore::Clipboard::setDestinationOperation): Deleted.
        * dom/DataTransfer.h: Copied from Source/WebCore/dom/Clipboard.h.
        * dom/DataTransfer.idl: Copied from Source/WebCore/dom/Clipboard.idl.
        * dom/DataTransferAccessPolicy.h: Copied from Source/WebCore/dom/ClipboardAccessPolicy.h.
        * dom/DataTransferItemList.h:
        * dom/DataTransferMac.mm: Copied from Source/WebCore/dom/ClipboardMac.mm.
        (WebCore::DataTransfer::createDragImage):
        (WebCore::Clipboard::createDragImage): Deleted.
        * dom/Event.h:
        (WebCore::Event::clipboardData):
        (WebCore::Event::internalDataTransfer):
        (WebCore::Event::clipboard): Deleted.
        * dom/Event.idl:
        * dom/MouseEvent.cpp:
        (WebCore::MouseEvent::create):
        (WebCore::MouseEvent::MouseEvent):
        (WebCore::MouseEvent::initMouseEvent):
        * dom/MouseEvent.h:
        (WebCore::MouseEvent::dataTransfer):
        * dom/MouseEvent.idl:
        * dom/WheelEvent.cpp:
        * editing/Editor.cpp:
        (WebCore::Editor::canDHTMLCut):
        (WebCore::Editor::canDHTMLCopy):
        (WebCore::Editor::canDHTMLPaste):
        (WebCore::Editor::tryDHTMLCopy):
        (WebCore::Editor::tryDHTMLCut):
        (WebCore::Editor::tryDHTMLPaste):
        (WebCore::Editor::dispatchCPPEvent):
        (WebCore::Editor::performCutOrCopy):
        (WebCore::Editor::selectedTextForDataTransfer):
        (WebCore::Editor::selectedTextForClipboard): Deleted.
        * editing/Editor.h:
        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::stringSelectionForPasteboardWithImageAltText):
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::takeFindStringFromSelection):
        (WebCore::Editor::stringSelectionForPasteboardWithImageAltText):
        * loader/EmptyClients.h:
        * page/DragClient.h:
        * page/DragController.cpp:
        (WebCore::DragController::dragExited):
        (WebCore::DragController::performDrag):
        (WebCore::DragController::tryDHTMLDrag):
        (WebCore::DragController::startDrag):
        (WebCore::DragController::doImageDrag):
        (WebCore::DragController::doSystemDrag):
        * page/DragController.h:
        * page/DragState.h:
        * page/EventHandler.cpp:
        (WebCore::EventHandler::dispatchDragEvent):
        (WebCore::hasFileOfType):
        (WebCore::hasStringOfType):
        (WebCore::hasDropZoneType):
        (WebCore::findDropZone):
        (WebCore::EventHandler::updateDragAndDrop):
        (WebCore::EventHandler::cancelDragAndDrop):
        (WebCore::EventHandler::performDragAndDrop):
        (WebCore::EventHandler::freeDataTransfer):
        (WebCore::EventHandler::dragSourceEndedAt):
        (WebCore::EventHandler::dispatchDragSrcEvent):
        (WebCore::EventHandler::handleDrag):
        (WebCore::EventHandler::freeClipboard): Deleted.
        * page/EventHandler.h:
        * page/efl/EventHandlerEfl.cpp:
        (WebCore::EventHandler::createDraggingDataTransfer):
        (WebCore::EventHandler::createDraggingClipboard): Deleted.
        * page/gtk/DragControllerGtk.cpp:
        (WebCore::DragController::declareAndWriteDragImage):
        * page/gtk/EventHandlerGtk.cpp:
        (WebCore::EventHandler::createDraggingDataTransfer):
        (WebCore::EventHandler::createDraggingClipboard): Deleted.
        * page/mac/DragControllerMac.mm:
        (WebCore::DragController::declareAndWriteDragImage):
        * page/mac/EventHandlerMac.mm:
        (WebCore::EventHandler::createDraggingDataTransfer):
        (WebCore::EventHandler::createDraggingClipboard): Deleted.
        * page/win/DragControllerWin.cpp:
        (WebCore::DragController::declareAndWriteDragImage):
        * page/win/EventHandlerWin.cpp:
        (WebCore::EventHandler::createDraggingataTransfer):
        (WebCore::EventHandler::createDraggingClipboard): Deleted.
        * platform/Pasteboard.h:
        * platform/gtk/PasteboardGtk.cpp:
        (WebCore::Pasteboard::writeSelection):
        * platform/mac/PasteboardMac.mm:
        * platform/win/PasteboardWin.cpp:
        (WebCore::Pasteboard::writeRangeToDataObject):
        (WebCore::Pasteboard::writeSelection):

2014-04-08  Jer Noble  <jer.noble@apple.com>

        Unreviewed iOS build fix. Pass 0 instead of nil to the options parameter of addObserver:forKeyPath:options:context.

        * platform/graphics/ios/TextTrackRepresentationIOS.mm:
        (-[WebCoreTextTrackRepresentationIOSHelper setParent:]):

2014-04-08  Antti Koivisto  <antti@apple.com>

        Remove exposedRect from TileController
        https://bugs.webkit.org/show_bug.cgi?id=131378

        Reviewed by Simon Fraser.

        Having two separate visible rectangles is confusing. We should compute one on higher level.

        * page/FrameView.cpp:
        (WebCore::FrameView::setExposedRect):
        
            Push exposed rect to tile controller by doing a layer flush (like the changed visible rect is normally passed).

        * platform/graphics/TiledBacking.h:
        * platform/graphics/ca/mac/TileController.h:
        * platform/graphics/ca/mac/TileController.mm:
        
            Remove exposedRect and just use visibleRect.

        (WebCore::TileController::TileController):
        (WebCore::TileController::setTiledScrollingIndicatorPosition):
        
            Update the scrolling indicator position.

        (WebCore::TileController::updateTileCoverageMap):
        (WebCore::TileController::setExposedRect): Deleted.
        * platform/graphics/ca/mac/TileGrid.h:
        * platform/graphics/ca/mac/TileGrid.mm:
        (WebCore::TileGrid::tilesWouldChangeForVisibleRect):
        (WebCore::TileGrid::revalidateTiles):
        (WebCore::TileGrid::scaledExposedRect): Deleted.
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::RenderLayerBacking):
        
            No need to push exposedRect anymore.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::flushPendingLayerChanges):
        
            Integrate exposed rect to visible rect when flushing layers.

2014-04-08  Andreas Kling  <akling@apple.com>

        [Mac] Always do a full GC when simulating memory pressure.
        <https://webkit.org/b/129790>

        To get more consistent accounting on automated memory testers,
        add a synchronous GC as part of the simulated memory pressure event.

        Reviewed by Geoffrey Garen.

        * platform/mac/MemoryPressureHandlerMac.mm:
        (WebCore::MemoryPressureHandler::install):

2014-04-08  Jer Noble  <jer.noble@apple.com>

        Unreviewed iOS build fix. Pass 0 instead of nil to setRate: when pausing.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::platformPause):

2014-04-08  Mark Lam  <mark.lam@apple.com>

        Refactor to make JSMainThreadExecState's constructor and destructor private.
        <https://webkit.org/b/131372>

        Reviewed by Mark Hahnenberg.

        This is in preparation for subsequent patches to ensure that we don't
        exit the VM with an exception still pending.

        No new tests required.  This is only a refactor of existing behavior.

        * bindings/js/JSDOMGlobalObjectTask.cpp:
        * bindings/js/JSMainThreadExecState.h:
        (WebCore::JSMainThreadExecState::runTask):

2014-04-07  Jer Noble  <jer.noble@apple.com>

        [WK2][iOS] Consecutive videos in full screen display only black
        https://bugs.webkit.org/show_bug.cgi?id=131316

        Reviewed by Eric Carlson.

        Update the MediaPlayer's full screen attributes whenever the underlying engine changes,
        not just when the engine is initially created. Also, clear the videoLayer out of the
        fullscreen layer when destroying the videoLayer.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer):

2014-04-08  Morten Stenshorne  <mstensho@opera.com>

        [New Multicolumn] Child top margin sometimes ignored for column balancing
        https://bugs.webkit.org/show_bug.cgi?id=122754

        Reviewed by David Hyatt.

        We need to set zero page logical height in LayoutState when column
        height is unknown (when the columns haven't yet been
        balanced). There's code that assumes that non-zero page height means
        that page height is known. Lying about this makes the pagination code
        believe that every top margin is adjacent to a column break, which
        makes it eat and ignore all top margins.

        This should be cleaned up, but it's easier to wait until the old
        multicol code has been removed.

        Tests: fast/multicol/break-in-scrollable.html
               fast/multicol/newmulticol/leading-and-trailing-margin.html
               fast/multicol/newmulticol/leading-margin.html

        * rendering/LayoutState.cpp:
        (WebCore::LayoutState::LayoutState):
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::checkForPaginationLogicalHeightChange):
        * rendering/RenderFlowThread.h:
        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::isPageLogicalHeightKnown):
        * rendering/RenderMultiColumnFlowThread.h:

2014-04-07  Dean Jackson  <dino@apple.com>

        Allow elements to register for changes in page scale
        https://bugs.webkit.org/show_bug.cgi?id=131319

        Reviewed by Eric Carlson.

        Some parts of WebCore need to react to changes in the page
        scale factor, such as resizing when the user zooms. A followup
        patch will enable this for media controls - this simply lays
        the groundwork.

        At the moment we only allow HTMLMediaElements to register, but if
        necessary this could be expanded in the future.

        * dom/Document.cpp: New methods to keep a list of HTMLMediaElements that
        are interested in updates.
        (WebCore::Document::registerForPageScaleFactorChangedCallbacks):
        (WebCore::Document::unregisterForPageScaleFactorChangedCallbacks):
        (WebCore::Document::pageScaleFactorChanged):
        * dom/Document.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::registerWithDocument): Add ourselves to the
        the document's pageScale callback.
        (WebCore::HTMLMediaElement::unregisterWithDocument): Remove ourselves from the
        the document's pageScale callback.
        (WebCore::HTMLMediaElement::setMediaControlsDependOnPageScaleFactor): Add/remove ourselves to/from
        the callback if necessary.
        (WebCore::HTMLMediaElement::pageScaleFactorChanged): The callback function. Empty for now.
        * html/HTMLMediaElement.h:
        (WebCore::HTMLMediaElement::mediaControlsDependOnPageScaleFactor): Accessor.
        * page/Page.cpp:
        (WebCore::Page::setPageScaleFactor): Tell all documents that the user has zoomed.

2014-04-08  peavo@outlook.com  <peavo@outlook.com>

        [WinCairo] Compile error in TextureMapper.h
        https://bugs.webkit.org/show_bug.cgi?id=131360

        Reviewed by Brent Fulgham.

        The TextureMapper class has pure virtual methods, and cannot be instantiated.

        * platform/graphics/texmap/TextureMapper.h:
        (WebCore::TextureMapper::platformCreateAccelerated):

2014-04-08  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Slow paint path for inlines should snap to device pixels.
        https://bugs.webkit.org/show_bug.cgi?id=131259

        Reviewed by Simon Fraser.

        InlineTextBox::paint needs to round to the same device pixel position as SimpleLineLayout does.

        Test: fast/inline/hidpi-slow-path-text-on-subpixel-position.html

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paint):
        * rendering/TextPainter.h: Cleanup. No reason to have them as references here.

2014-04-07  Brent Fulgham  <bfulgham@apple.com>

        Keep 'webkitClosedCaptionsVisible' API in sync with captions display preferences
        https://bugs.webkit.org/show_bug.cgi?id=131344

        Reviewed by Eric Carlson.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::configureTextTrackGroup) If we decide that captions should
        be active (due to user preferences) make sure the 'webkitClosedCaptionsVisible' state
        is turned on.

2014-04-08  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Paint the filter effect result image on device pixel position.
        https://bugs.webkit.org/show_bug.cgi?id=131255

        Reviewed by Simon Fraser.

        This patch moves filter effect images from integral to device pixel position. However,
        result images are still integral based.

        Test: css3/filters/hidpi-filter-is-on-subpixel-position.html

        * rendering/FilterEffectRenderer.cpp:
        (WebCore::FilterEffectRendererHelper::applyFilterEffect):

2014-04-08  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Make border images device pixel aware.
        https://bugs.webkit.org/show_bug.cgi?id=131209

        Reviewed by Simon Fraser.

        Snap border-image size and position to device pixels. It works both on generated and bitmap images.

        Test: fast/borders/hidpi-border-image-gradient-on-subpixels.html

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintNinePieceImage):

2014-04-08  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [SOUP] Control cookie management according ResourceRequest.allowCookies()
        https://bugs.webkit.org/show_bug.cgi?id=131026

        Reviewed by Sergio Villar Senin.

        Added per soup-message disabling of cookie jar manager when related ResourceRequest does not allow cookies (e.g. some cross-origin requests).

        Patch is covered by unskipped test http/tests/xmlhttprequest/cross-origin-cookie-storage.html.

        * platform/network/soup/ResourceRequestSoup.cpp:
        (WebCore::ResourceRequest::updateSoupMessageMembers): Added disabling of cookie jar manager if cookies are not allowed.

2014-04-08  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] Handle min/max height in the grid element
        https://bugs.webkit.org/show_bug.cgi?id=131302

        Reviewed by Darin Adler.

        Removed a FIXME in the code as we're already handling min/max
        height in the code. Added a couple of test cases to improve the
        test coverage.

        Merged from Blink r161876 by <jchaffraix@chromium.org>

        Tests: fast/css-grid-layout/flex-content-sized-columns-resize.html
               fast/css-grid-layout/grid-element-min-max-height.html

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::layoutGridItems):

2014-04-08  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Remove unused RenderBox::clearRenderBoxRegionInfo
        https://bugs.webkit.org/show_bug.cgi?id=131352

        Reviewed by Andrei Bucur.

        No new tests, code clean-up.

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::clearRenderBoxRegionInfo): Deleted.
        * rendering/RenderBox.h:

2014-04-08  Zsolt Borbely  <zsborbely.u-szeged@partner.samsung.com>

        Buildfix after r166917
        https://bugs.webkit.org/show_bug.cgi?id=131351

        Reviewed by Andrei Bucur.

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::accessibleNameForNode):

2014-04-08  Darin Adler  <darin@apple.com>

        Fix assertions triggered by CSS calc changes in r166860
        https://bugs.webkit.org/show_bug.cgi?id=131346

        Reviewed by Andrei Bucur.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::getBorderRadiusCornerValues): Use isPercentNotCalculated() instead of
        type() == Percent; no behavior change.
        (WebCore::getBorderRadiusCornerValue): Ditto.
        (WebCore::lineHeightFromStyle): Use isPercentNotCalculated() before code
        that calls percent(), which won't work for a calculated length.

        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::ApplyPropertyBorderRadius::applyValue): Use isNegative and isZero rather
        than calling value() unconditionally. Should make calculated values work better.

        * html/HTMLPlugInImageElement.cpp:
        (WebCore::is100Percent): Use isPercentNotCalculated() before code
        that calls percent(), which won't work for a calculated length.

        * platform/Length.cpp:
        (WebCore::CalculationValueMap::deref): Use adoptRef here instead of calling deref
        immediately, so the deref will happen after calling remove. This makes the code
        work properly even if it's reentered inside the calculation value's destructor.

        * platform/Length.h:
        (WebCore::Length::percent): Change assert to isPercentNotCalculated, since the
        value function this calls only works for non-calculated values anyway.
        (WebCore::Length::isPercentNotCalculated): Added.
        (WebCore::Length::isPercent): Changed to call isPercentNotCalculated.
        (WebCore::Length::isSpecified): Changed to call isPercent.

        * platform/graphics/transforms/TranslateTransformOperation.h:
        (WebCore::TranslateTransformOperation::apply): Use isPercentNotCalculated()
        instead of type() == Percent; no behavior change.

        * rendering/AutoTableLayout.cpp:
        (WebCore::AutoTableLayout::recalcColumn): Use isPercentNotCalculated()
        before code that calls value() or percent(), which won't work for a calculated length.
        (WebCore::AutoTableLayout::computeIntrinsicLogicalWidths): Ditto.
        (WebCore::AutoTableLayout::calcEffectiveLogicalWidth): Ditto.
        (WebCore::AutoTableLayout::layout): Ditto.
        * rendering/FixedTableLayout.cpp:
        (WebCore::FixedTableLayout::layout): Ditto.
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::calculateImageIntrinsicDimensions): Ditto.
        * rendering/RenderTableSection.cpp:
        (WebCore::updateLogicalHeightForCell): Ditto.
        (WebCore::RenderTableSection::distributeExtraLogicalHeightToPercentRows): Ditto.
        (WebCore::RenderTableSection::distributeExtraLogicalHeightToRows): Ditto.

        * rendering/style/RenderStyle.cpp:
        (WebCore::requireTransformOrigin): Use modern for loop. Also marked function static,
        since it's private to this file.
        (WebCore::RenderStyle::applyTransform): Use isPercentNotCalculated() instead of
        type() == Percent; no behavior change. Also use a modern for loop and auto& to avoid
        a really long type name.

        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::computeIntrinsicRatioInformation): Use isPercentNotCalculated()
        before code that calls percent(), which won't work for a calculated length.

        * platform/Length.h:
        (WebCore::Length::percent):
        (WebCore::Length::isPercentNotCalculated):
        (WebCore::Length::isPercent):
        (WebCore::Length::isSpecified):
        * platform/graphics/transforms/TranslateTransformOperation.h:
        (WebCore::TranslateTransformOperation::apply):
        * rendering/AutoTableLayout.cpp:
        (WebCore::AutoTableLayout::recalcColumn):
        (WebCore::AutoTableLayout::computeIntrinsicLogicalWidths):
        (WebCore::AutoTableLayout::calcEffectiveLogicalWidth):
        (WebCore::AutoTableLayout::layout):
        * rendering/FixedTableLayout.cpp:
        (WebCore::FixedTableLayout::layout):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::calculateImageIntrinsicDimensions):
        * rendering/RenderTableSection.cpp:
        (WebCore::updateLogicalHeightForCell):
        (WebCore::RenderTableSection::distributeExtraLogicalHeightToPercentRows):
        (WebCore::RenderTableSection::distributeExtraLogicalHeightToRows):
        * rendering/style/RenderStyle.cpp:
        (WebCore::requireTransformOrigin):
        (WebCore::RenderStyle::applyTransform):
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::computeIntrinsicRatioInformation):

2014-04-08  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GTK] Remove media controls dead code
        https://bugs.webkit.org/show_bug.cgi?id=131300

        Reviewed by Eric Carlson.

        MediaControlsGtk.cpp is no longer used so we can remove it from
        the repo.

        No new tests needed.

        * PlatformGTK.cmake: Remove html/shadow/MediaControlsGtk.cpp from
        compilation.
        * html/shadow/MediaControlsGtk.cpp: Removed.

2014-04-08  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Fixed positioned elements in named flows have fragmented content
        https://bugs.webkit.org/show_bug.cgi?id=130595

        Reviewed by Darin Adler.

        Fixed positioned elements that have the named flow as parent are positioned
        and sized relative to the viewport. Because of that, when the named flow
        has an associated region chain, the fixed positioned elements should not
        be fragmented.

        By making a fixed positioned element with a named flow parent unsplittable
        for fragmentation, we prevent this wrong behavior.

        Test: fast/regions/fixed-pos-content-fragmented.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::isUnsplittableForPagination):

2014-04-07  Chris Fleizach  <cfleizach@apple.com>

        Regression: AX: image labels no longer exposed to AX API in SVG test case
        https://bugs.webkit.org/show_bug.cgi?id=131208

        Reviewed by Daniel Bates.

        accessibleNameForNode should work on any Element, not just HTML elements.

        Test: accessibility/svg-labelledby.html

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::accessibleNameForNode):

2014-04-08  Andres Gomez  <agomez@igalia.com>

        [GTK] [EFL] Build fails with GCC < 4.8.x
        https://bugs.webkit.org/show_bug.cgi?id=130585

        Reviewed by Martin Robinson.

        The behavior in lower versions of GCC seem to be related to
        http://www.open-std.org/jtc1/sc22/wg21/docs/lwg-active.html#2132.

        Provided explicit casts for the failing ambiguous overloads.

        * platform/audio/gstreamer/AudioFileReaderGStreamer.cpp:
        (WebCore::AudioFileReader::createBus):
        * platform/graphics/gstreamer/WebKitMediaSourceGStreamer.cpp:
        (webKitMediaSrcChangeState):
        (webKitMediaVideoSrcNeedDataCb):
        (webKitMediaAudioSrcNeedDataCb):
        (webKitMediaVideoSrcEnoughDataCb):
        (webKitMediaAudioSrcEnoughDataCb):
        (webKitMediaVideoSrcSeekDataCb):
        (webKitMediaAudioSrcSeekDataCb):
        * platform/gtk/GtkDragAndDropHelper.cpp:
        (WebCore::GtkDragAndDropHelper::handleDragLeave):
        * platform/gtk/SharedTimerGtk.cpp:
        (WebCore::setSharedTimerFireInterval):

2014-04-08  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Change NavigatorContentUtils client ownership from port side to NavigatorContentUtils
        https://bugs.webkit.org/show_bug.cgi?id=131299

        Reviewed by Darin Adler.

        EFL and GTK ports have managed own client of NavigatorContentUtils though it is only passed to
        NavigatorContentUtils. The NavigatorContentUtils has used the client to call port functions. So,
        there is no reason port implementation needs to manage the ownership. To manage the client is
        unnecessary work in current implementation.

        No new tests, no behavior changes.

        * Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
        (WebCore::NavigatorContentUtils::create):
        (WebCore::provideNavigatorContentUtilsTo):
        * Modules/navigatorcontentutils/NavigatorContentUtils.h:
        * Modules/navigatorcontentutils/NavigatorContentUtilsClient.h:

2014-04-07  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] Simplify the parsing of width arguments for Inset shapes
        https://bugs.webkit.org/show_bug.cgi?id=131305

        Reviewed by Andreas Kling.

        This code introduces some helper functions for setting the size arguments of inset shapes. This change
        also modifies the code to be the same as in Blink, so it helps us to keep the shapes code similar.

        No new tests, no behavior change.

        * css/CSSBasicShapes.h:
        (WebCore::CSSBasicShapeInset::updateShapeSize4Values):
        (WebCore::CSSBasicShapeInset::updateShapeSize1Value):
        (WebCore::CSSBasicShapeInset::updateShapeSize2Values):
        (WebCore::CSSBasicShapeInset::updateShapeSize3Values):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseBasicShapeInset):

2014-04-07  Martin Robinson  <mrobinson@igalia.com>

        fast/css3-text/css3-text-decoration/text-decoration-thickness.html fails on GTK
        https://bugs.webkit.org/show_bug.cgi?id=129957

        Reviewed by Dean Jackson.

        Causes existing tests to pass.

        * platform/graphics/cairo/GraphicsContextCG.cpp: Use the now-shared computeLineBoundsAndAntialiasingModeForText.
        * platform/graphics/cairo/GraphicsContextCairo.cpp: Align the Cairo version of text underline drawing with the CG version.
        * platform/graphics/GraphicsContext.h: Add computeLineBoundsAndAntialiasingModeForText.
        * platform/graphics/GraphicsContext.cpp: Ditto.

2014-04-07  Beth Dakin  <bdakin@apple.com>

        REGRESSION (r163194-r163227): Garbage tiles in overflow of RTL page with 
        background image
        https://bugs.webkit.org/show_bug.cgi?id=131323
        -and corresponding-
        <rdar://problem/16402013>

        Reviewed by Tim Horton.

        Returning the TiledBacking::bounds() for the 
        FrameView::extendedBackgroundRectForPainting() in convenient for ltr pages, but it 
        is simply incorrect in rtl. There is no easy way to map the rect into the right 
        coordinate space, so this patch re-works the code to use computations in 
        RenderView to get the right rect.

        Call RenderView::unextendedBackgroundRect() and expand and move it based on the 
        TiledBacking’s margins.
        * page/FrameView.cpp:
        (WebCore::FrameView::extendedBackgroundRectForPainting):

        The logic that used to be in backgroundRect() has been moved to 
        unextendedBackgroundRect(). 
        * rendering/RenderView.cpp:
        (WebCore::RenderView::unextendedBackgroundRect):
        (WebCore::RenderView::backgroundRect):
        * rendering/RenderView.h:

2014-04-07  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] inset complex calc() args vanish in serialized computed style
        https://bugs.webkit.org/show_bug.cgi?id=129838

        Reviewed by Bem Jones-Bey.

        We didn't pass the style parameter when setting the width members of CSSBasicShapeInset,
        which lead to a 'should never reach asserttion' in CSSPrimitiveValue::init. This patch
        adds the missing parameters to the call sites.

        Extended existing parsing test script.

        * css/BasicShapeFunctions.cpp:
        (WebCore::valueForBasicShape):

2014-04-07  Eric Carlson  <eric.carlson@apple.com>

        [iOS] MediaDocument should allow autoplay
        https://bugs.webkit.org/show_bug.cgi?id=131301

        Reviewed by Jer Noble.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement): Don't add the RequireUserGestureForRateChange
            behavior restriction when in a MediaDocument.

2014-04-07  Hyowon Kim  <hw1008.kim@samsung.com>

        Move to using std::unique_ptr for opengl, texmap, transforms and efl in WebCore/platform/graphics.
        https://bugs.webkit.org/show_bug.cgi?id=131276

        Reviewed by Darin Adler.

        Replace uses of OwnPtr and PassOwnPtr in code under WebCore/platform/graphics/
        opengl, texmap, transforms and efl with std::unique_ptr.

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::initializeNewContext):
        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/GraphicsContext3DPrivate.cpp:
        (WebCore::GraphicsContext3DPrivate::create): Deleted.
        * platform/graphics/GraphicsContext3DPrivate.h:
        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        (WebCore::GraphicsContext3D::GraphicsContext3D):
        (WebCore::GraphicsContext3D::setContextLostCallback):
        (WebCore::GraphicsContext3D::setErrorMessageCallback):
        * platform/graphics/efl/EvasGLContext.h:
        * platform/graphics/efl/EvasGLSurface.h:
        * platform/graphics/efl/GraphicsContext3DEfl.cpp:
        (WebCore::GraphicsContext3D::setContextLostCallback):
        (WebCore::GraphicsContext3D::setErrorMessageCallback):
        * platform/graphics/efl/GraphicsContext3DPrivate.cpp:
        (WebCore::GraphicsContext3DPrivate::create):
        (WebCore::GraphicsContext3DPrivate::setContextLostCallback):
        * platform/graphics/efl/GraphicsContext3DPrivate.h:
        * platform/graphics/mac/GraphicsContext3DMac.mm:
        (WebCore::GraphicsContext3D::GraphicsContext3D):
        (WebCore::GraphicsContext3D::setContextLostCallback):
        (WebCore::GraphicsContext3D::setErrorMessageCallback):
        * platform/graphics/opengl/Extensions3DOpenGLES.cpp:
        (WebCore::Extensions3DOpenGLES::setEXTContextLostCallback):
        * platform/graphics/opengl/Extensions3DOpenGLES.h:
        * platform/graphics/opengl/GLPlatformContext.cpp:
        (WebCore::createOffScreenContext):
        (WebCore::GLPlatformContext::createContext):
        * platform/graphics/opengl/GLPlatformContext.h:
        * platform/graphics/opengl/GLPlatformSurface.cpp:
        (WebCore::GLPlatformSurface::createOffScreenSurface):
        * platform/graphics/opengl/GLPlatformSurface.h:
        * platform/graphics/surfaces/efl/GraphicsSurfaceCommon.cpp:
        * platform/graphics/surfaces/egl/EGLSurface.cpp:
        (WebCore::EGLOffScreenSurface::createOffScreenSurface):
        * platform/graphics/surfaces/egl/EGLSurface.h:
        * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
        (WebCore::GraphicsLayerTextureMapper::GraphicsLayerTextureMapper):
        * platform/graphics/texmap/GraphicsLayerTextureMapper.h:
        * platform/graphics/texmap/TextureMapper.cpp:
        (WebCore::TextureMapper::create):
        (WebCore::TextureMapper::TextureMapper):
        * platform/graphics/texmap/TextureMapper.h:
        (WebCore::TextureMapper::platformCreateAccelerated):
        * platform/graphics/texmap/TextureMapperGL.cpp:
        (WebCore::TextureMapper::platformCreateAccelerated):
        * platform/graphics/texmap/TextureMapperGL.h:
        (WebCore::TextureMapperGL::create): Deleted.
        * platform/graphics/texmap/TextureMapperImageBuffer.h:
        (WebCore::TextureMapperImageBuffer::TextureMapperImageBuffer):
        (WebCore::TextureMapperImageBuffer::create): Deleted.
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsScene.cpp:
        (WebCore::CoordinatedGraphicsScene::purgeGLResources):
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsScene.h:
        * platform/graphics/transforms/TransformState.cpp:
        (WebCore::TransformState::operator=):
        (WebCore::TransformState::applyTransform):
        * platform/graphics/transforms/TransformState.h:
        * platform/graphics/win/GraphicsContext3DWin.cpp:
        (WebCore::GraphicsContext3D::GraphicsContext3D):
        (WebCore::GraphicsContext3D::setContextLostCallback):
        (WebCore::GraphicsContext3D::setErrorMessageCallback):

2014-04-07  Tim Horton  <timothy_horton@apple.com>

        [iOS WebKit2] Make back-buffers purgeable when possible
        https://bugs.webkit.org/show_bug.cgi?id=131213
        <rdar://problem/15373906>

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * platform/graphics/cg/IOSurfacePool.cpp:
        (WebCore::IOSurfacePool::takeSurface):
        (WebCore::IOSurfacePool::markOlderSurfacesPurgeable):
        (WebCore::IOSurfacePool::showPoolStatistics):
        * platform/graphics/cocoa/IOSurface.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::isVolatile):
        (IOSurface::setIsVolatile):
        Rename purgeability functions to match the system
        and reduce confusion between purgeable memory
        and volatile vs. non-volatile memory.

2014-04-07  Benjamin Poulain  <benjamin@webkit.org>

        Split CSS Selectors pseudo class and pseudo elements
        https://bugs.webkit.org/show_bug.cgi?id=131295

        Reviewed by Andreas Kling.

        Split pseudo class and pseudo element to make it clearer what pseudo types
        are possible for a given match type.

        Pseudo Element types are separated and Pseudo Class are left in place. The Pseudo Class
        will have to be renamed too but that will be done separately to make this change smaller.

        * css/CSSGrammar.y.in:
        * css/CSSParser.cpp:
        (WebCore::CSSParser::rewriteSpecifiersWithElementName):
        (WebCore::CSSParser::rewriteSpecifiers):
        Use a method isPseudoElementCueFunction() to abstract the #ifdef out of the parser.

        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::parsePseudoElementSelector):

        (WebCore::CSSParserSelector::parsePseudoElementCueFunctionSelector):
        Rename to specify this is for the pseudo element cue function, not the pseudo element cue.

        (WebCore::CSSParserSelector::parsePseudoClassAndCompatibilityElementSelector):
        (WebCore::CSSParserSelector::parsePseudoCueFunctionSelector): Deleted.
        * css/CSSParserValues.h:
        (WebCore::CSSParserSelector::isPseudoElementCueFunction):
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::specificityForOneSelector):
        (WebCore::CSSSelector::pseudoId):
        (WebCore::CSSSelector::parsePseudoElementType):
        (WebCore::CSSSelector::operator==):
        * css/CSSSelector.h:
        (WebCore::CSSSelector::pseudoType):
        (WebCore::CSSSelector::setPseudoElementType):
        (WebCore::CSSSelector::pseudoElementType):
        (WebCore::CSSSelector::isUnknownPseudoElement):
        (WebCore::CSSSelector::isCustomPseudoElement):
        (WebCore::pseudoClassIsRelativeToSiblings):
        (WebCore::CSSSelector::isSiblingSelector):
        * css/RuleFeature.cpp:
        (WebCore::RuleFeatureSet::collectFeaturesFromSelector):
        * css/RuleSet.cpp:
        (WebCore::determinePropertyWhitelistType):
        (WebCore::RuleSet::findBestRuleSetAndAdd):
        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::matchRecursively):
        (WebCore::SelectorChecker::checkOne):
        (WebCore::SelectorChecker::checkScrollbarPseudoClass):
        (WebCore::SelectorChecker::determineLinkMatchType):
        * css/SelectorPseudoClassAndCompatibilityElementMap.in:
        * css/SelectorPseudoElementTypeMap.in:
        * css/SelectorPseudoTypeMap.h:
        * css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
        * css/makeSelectorPseudoElementsMap.py:
        (enumerablePseudoType):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::getMatchedCSSRules):

        * rendering/style/RenderStyleConstants.h:
        All the fullscreen pseudo types are pseudo class selectors. They should not have a pseudo ID.

2014-04-07  Brian J. Burg  <burg@cs.washington.edu>

        Web Replay: detect possible replay divergence from unexpected DOM event dispatches
        https://bugs.webkit.org/show_bug.cgi?id=131193

        Reviewed by Andreas Kling.

        Add assertions to catch potential nondeterministic behavior.

        The assertion added by this patch catches dispatched DOM events
        that are triggered by nondeterministic event loop cycles. If we
        did not capture an event loop input in the current event loop
        cycle nor are we manually simulating an event loop input during
        playback, then DOM events fired during the unordered cycle could
        run JavaScript and diverge the execution.

        During playback, we can assert that EventLoopInputDispatcher is dispatching
        when a DOM event is be dispatched to a document that is being replayed.

        During capturing, event loop inputs are captured rather than
        dispatched, so we add some accounting to track what caused a DOM
        event. To approximate the extent of computation triggered by an
        event loop input, we add RAII helpers to call sites where event
        loop inputs are captured.

        The assertions are disabled by default until the most common
        sources of nondeterminism are handled and playback errors are
        gracefully surfaced to the user. <https://webkit.org/b/131279>

        No new tests. This patch adds extra assertions for debugging purposes.

        * WebCore.xcodeproj/project.pbxproj:
        * inspector/InspectorInstrumentation.cpp: Notify ReplayAgent of dispatched DOM event.
        (WebCore::InspectorInstrumentation::willDispatchEventImpl):
        (WebCore::InspectorInstrumentation::willDispatchEventOnWindowImpl):
        * inspector/InspectorReplayAgent.cpp: Forward dispatched DOM events to ReplayController.
        (WebCore::InspectorReplayAgent::willDispatchEvent): Added.
        * inspector/InspectorReplayAgent.h:
        * replay/CapturingInputCursor.cpp:
        (WebCore::CapturingInputCursor::CapturingInputCursor):
        (WebCore::CapturingInputCursor::setWithinEventLoopInputExtent): Added.
        * replay/CapturingInputCursor.h:
        * replay/EventLoopInput.cpp: Added.
        (WebCore::EventLoopInputExtent::EventLoopInputExtent): Added.
        (WebCore::EventLoopInputExtent::~EventLoopInputExtent): Added.
        * replay/EventLoopInput.h:
        * replay/EventLoopInputDispatcher.h:
        (WebCore::EventLoopInputDispatcher::isDispatching): Add a getter.
        * replay/ReplayController.cpp:
        (WebCore::logDispatchedDOMEvent): Added. This is useful for understanding script-visible events.
        (WebCore::ReplayController::willDispatchEvent): Added.
        * replay/ReplayController.h:
        * replay/UserInputBridge.cpp: Add extent helpers to call sites that capture inputs.
        (WebCore::UserInputBridge::handleMousePressEvent):
        (WebCore::UserInputBridge::handleMouseReleaseEvent):
        (WebCore::UserInputBridge::handleMouseMoveEvent):
        (WebCore::UserInputBridge::handleMouseMoveOnScrollbarEvent):
        (WebCore::UserInputBridge::handleKeyEvent):
        (WebCore::UserInputBridge::handleWheelEvent):
        (WebCore::UserInputBridge::scrollRecursively):
        (WebCore::UserInputBridge::logicalScrollRecursively):

2014-04-07  Timothy Hatcher  <timothy@apple.com>

        Remove copy of combine-javascript-resources.pl that isn't used anymore
        https://bugs.webkit.org/show_bug.cgi?id=131307

        Reviewed by Joseph Pecoraro.

        * WebCore.xcodeproj/project.pbxproj:
        * inspector/combine-javascript-resources.pl: Removed.

2014-04-07  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] Clean up invalid FIXME
        https://bugs.webkit.org/show_bug.cgi?id=131304

        Reviewed by Andreas Kling.

        No new tests, no behavior change.

        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::blendFunc):

2014-04-07  Ryuan Choi  <ryuan.choi@samsung.com>

        [EFL] Turn on ENABLE_MEDIA_CONTROLS_SCRIPT
        https://bugs.webkit.org/show_bug.cgi?id=131257

        Reviewed by Gyuyoung Kim.

        no new tests. just rebased exisiting tests.

        * PlatformEfl.cmake: Added the media controls script associated files.
        * css/mediaControlsEfl.css: Removed.
        * css/mediaControlsEflFullscreen.css: Removed.
        * platform/efl/DefaultTheme/CMakeLists.txt:
        * platform/efl/DefaultTheme/default.edc:
        * platform/efl/DefaultTheme/widget/mediacontrol/fullscreenbutton/enterfullscreenbutton.png: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/fullscreenbutton/exitfullscreenbutton.png: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/fullscreenbutton/fullscreen_button.edc: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/mutebutton/mute_button.edc: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/mutebutton/mutebutton.png: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/mutebutton/unmutebutton.png: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/playpausebutton/pausebutton.png: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/playpausebutton/playbutton.png: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/playpausebutton/playpause_button.edc: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/seekbackwardbutton/seekbackward_button.edc: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/seekbackwardbutton/seekbackwardbutton.png: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/seekforwardbutton/seekforward_button.edc: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/seekforwardbutton/seekforwardbutton.png: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/togglecaptionsbutton/closedcaption.png: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/togglecaptionsbutton/closedcaption_disabled.png: Removed.
        * platform/efl/DefaultTheme/widget/mediacontrol/togglecaptionsbutton/toggle_captions_button.edc: Removed.
        * platform/efl/RenderThemeEfl.cpp:
        (WebCore::toEdjeGroup):
        (WebCore::RenderThemeEfl::RenderThemeEfl):
        (WebCore::RenderThemeEfl::adjustSliderThumbSize):
        (WebCore::RenderThemeEfl::mediaControlsStyleSheet): Modified to load bundle style sheet.
        (WebCore::RenderThemeEfl::mediaControlsScript): Added to load bundle scripts.
        (WebCore::RenderThemeEfl::emitMediaButtonSignal): Deleted.
        (WebCore::RenderThemeEfl::extraMediaControlsStyleSheet): Deleted.
        (WebCore::RenderThemeEfl::extraFullScreenStyleSheet): Deleted.
        (WebCore::RenderThemeEfl::formatMediaControlsCurrentTime): Deleted.
        (WebCore::RenderThemeEfl::hasOwnDisabledStateHandlingFor): Deleted.
        (WebCore::RenderThemeEfl::paintMediaFullscreenButton): Deleted.
        (WebCore::RenderThemeEfl::paintMediaMuteButton): Deleted.
        (WebCore::RenderThemeEfl::paintMediaPlayButton): Deleted.
        (WebCore::RenderThemeEfl::paintMediaSeekBackButton): Deleted.
        (WebCore::RenderThemeEfl::paintMediaSeekForwardButton): Deleted.
        (WebCore::RenderThemeEfl::paintMediaSliderTrack): Deleted.
        (WebCore::RenderThemeEfl::paintMediaSliderThumb): Deleted.
        (WebCore::RenderThemeEfl::paintMediaVolumeSliderContainer): Deleted.
        (WebCore::RenderThemeEfl::paintMediaVolumeSliderTrack): Deleted.
        (WebCore::RenderThemeEfl::paintMediaVolumeSliderThumb): Deleted.
        (WebCore::RenderThemeEfl::paintMediaCurrentTime): Deleted.
        (WebCore::RenderThemeEfl::supportsClosedCaptioning): Deleted.
        (WebCore::RenderThemeEfl::paintMediaToggleClosedCaptionsButton): Deleted.
        * platform/efl/RenderThemeEfl.h:

2014-04-07  Benjamin Poulain  <benjamin@webkit.org>

        CSS JIT: change the node flags directly instead of using function calls when possible
        https://bugs.webkit.org/show_bug.cgi?id=131292

        Reviewed by Andreas Kling.

        For historical reasons, changing the node flags was always done with function calls.
        This patch changes those calls to modify the nodes directly.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateDirectAdjacentTreeWalker):
        (WebCore::SelectorCompiler::setNodeFlag):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::markParentElementIfResolvingStyle):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsLastChild):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsOnlyChild):
        (WebCore::SelectorCompiler::markElementWithSetChildrenAffectedByLastChildRules): Deleted.
        (WebCore::SelectorCompiler::markElementWithSetChildrenAffectedByFirstChildAndLastChildRules): Deleted.
        * dom/Element.cpp:
        (WebCore::Element::setChildrenAffectedByFirstChildRules): Deleted.
        (WebCore::Element::setChildrenAffectedByDirectAdjacentRules): Deleted.
        * dom/Element.h:
        * dom/Node.h:
        (WebCore::Node::flagChildrenAffectedByFirstChildRulesFlag):
        (WebCore::Node::flagChildrenAffectedByLastChildRulesFlag):
        (WebCore::Node::flagChildrenAffectedByDirectAdjacentRulesFlag):

2014-04-07  Krzysztof Czech  <k.czech@samsung.com>

        Remove unused header from PlatformSpeechSynthesizer.h
        https://bugs.webkit.org/show_bug.cgi?id=131103

        Reviewed by Anders Carlsson.

        Since WebSpeech has switched to use std::unique_ptr, we do not need to include PassOwnPtr.

        No new tests. No behaviour change, just quick fix.

        * platform/PlatformSpeechSynthesizer.h:

2014-04-06  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Use RenderRegion::isValid() before using a region
        https://bugs.webkit.org/show_bug.cgi?id=131232

        Reviewed by Andreas Kling.

        RenderRegion method isValid() should be used to test whether a region
        is good to use instead of a mix between isValid() and flowThread().
        When the region is designed to fragment content from a parent flow thread,
        the m_flowThread is not nullified anymore, thus ensuring the same treatment for all invalid
        regions.
        Covered by existing regions tests.

        * inspector/InspectorOverlay.cpp:
        (WebCore::buildObjectForElementInfo):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::layoutOverflowRectForPropagation):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintMaskForTextFillBox):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateLayerPositions):
        (WebCore::RenderLayer::paintLayer):
        (WebCore::RenderLayer::hitTestLayer):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::pageLogicalHeight):
        (WebCore::RenderNamedFlowFragment::maxPageLogicalHeight):
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::getRanges):
        (WebCore::RenderNamedFlowThread::clearRenderObjectCustomStyle):
        (WebCore::RenderNamedFlowThread::checkRegionsWithStyling):
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::RenderRegion):
        (WebCore::RenderRegion::positionForPoint):
        (WebCore::RenderRegion::pageLogicalWidth):
        (WebCore::RenderRegion::pageLogicalHeight):
        (WebCore::RenderRegion::styleDidChange):
        (WebCore::RenderRegion::installFlowThread):
        (WebCore::RenderRegion::attachRegion):
        (WebCore::RenderRegion::detachRegion):
        (WebCore::RenderRegion::ensureOverflowForBox):
        (WebCore::RenderRegion::renderBoxRegionInfo):

2014-04-06  Benjamin Poulain  <benjamin@webkit.org>

        Fix the debug bots after r166863

        * css/PageRuleCollector.cpp:
        (WebCore::checkPageSelectorComponents): I forgot to update one call site for PagePseudoClass.

2014-04-06  Darin Adler  <darin@apple.com>

        Make some bindings improvements, with smaller code size for error message generation
        https://bugs.webkit.org/show_bug.cgi?id=131285

        Reviewed by Andreas Kling.

        * WebCore.exp.in: Updated to remove old and add new functions, for use by the Internals
        JavaScript bindings.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::makeDOMBindingsTypeErrorStringInternal): Deleted.
        (WebCore::throwTypeError): Added. Helper to avoid repeating throwVMError/createTypeError.
        (WebCore::appendArgumentMustBe): Added. Helper for building up argument error strings.
        (WebCore::reportDeprecatedGetterError): Added. For bindings to use.
        (WebCore::throwArgumentMustBeEnumError): Ditto.
        (WebCore::throwArgumentMustBeFunctionError): Ditto.
        (WebCore::throwArgumentTypeError): Ditto.
        (WebCore::throwArrayElementTypeError): Ditto.
        (WebCore::throwAttributeTypeError): Ditto.
        (WebCore::throwConstructorDocumentUnavailableError): Ditto.
        (WebCore::throwGetterTypeError): Ditto.
        (WebCore::throwSequenceTypeError): Ditto.
        (WebCore::throwSetterTypeError): Ditto.
        (WebCore::throwThisTypeError): Ditto.

        * bindings/js/JSDOMBinding.h: Added declarations for new functions. Removed forward
        declarations for things not used in this file. Use nullptr instead of 0. Format
        templates consistently. Use a better for loop in the jsArray function. Removed
        unused HasMemoryCostMemberFunction, makeDOMBindingsTypeErrorString, and
        makeDOMBindingsTypeErrorStringInternal.

        * bindings/js/JSNavigatorCustom.cpp: Fixed a hand-written binding that was using
        makeDOMBindingsTypeErrorString to make a string.

        * bindings/js/ScriptController.h: Updated forward declarations.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation): Cut down on use of UNUSED_PARAM. Use the new functions
        for errors, keeping the code in the generated file to a minimum.
        (GenerateParametersCheck): Ditto.
        (GenerateConstructorDefinition): Ditto.

        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/JS/JSattribute.cpp:
        * bindings/scripts/test/JS/JSreadonly.cpp:
        Updated expected results for changes above.

2014-04-06  Benjamin Poulain  <benjamin@webkit.org>

        Move the PseudoPageClass types out of the pseudo element/class mix
        https://bugs.webkit.org/show_bug.cgi?id=131284

        Reviewed by Darin Adler.

        Some more cleanup of Selector's pseudo types. This patch moves the page pseudo
        class types into their own enumeration (PagePseudoClassType).

        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::parsePagePseudoSelector):
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::specificityForPage):
        (WebCore::CSSSelector::pseudoId):
        (WebCore::CSSSelector::selectorText):
        * css/CSSSelector.h:
        (WebCore::CSSSelector::setPagePseudoType):
        (WebCore::CSSSelector::pagePseudoClassType):
        * css/PageRuleCollector.cpp:
        (WebCore::checkPageSelectorComponents):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):

2014-04-06  Benjamin Poulain  <benjamin@webkit.org>

        CSS JIT: add support for :last-child and :only-child
        https://bugs.webkit.org/show_bug.cgi?id=131283

        Reviewed by Andreas Kling.

        This is the straightforward implementation of :last-child and :only-child.

        Both are extremely similar to :first-child. There are only minor differences:
        -:last-child has an additional check for the flag IsParsingChildrenFinished.
        -:only-child is like :first-child + :last-child but with combined marking.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateWalkToNextAdjacentElement):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::jumpIfNoPreviousAdjacentElement):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::jumpIfNoNextAdjacentElement):
        (WebCore::SelectorCompiler::markElementWithSetChildrenAffectedByLastChildRules):
        (WebCore::SelectorCompiler::setLastChildState):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsLastChild):
        (WebCore::SelectorCompiler::markElementWithSetChildrenAffectedByFirstChildAndLastChildRules):
        (WebCore::SelectorCompiler::setOnlyChildState):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsOnlyChild):
        * dom/Node.h:
        (WebCore::Node::nextSiblingMemoryOffset):
        (WebCore::Node::flagIsParsingChildrenFinished):
        * rendering/style/RenderStyle.h:
        Removed the unused flags, I will add them back later as needed.

2014-04-06  Darin Adler  <darin@apple.com>

        Rework CSS calc logic, fixing some reference count mistakes in Length
        https://bugs.webkit.org/show_bug.cgi?id=131280
        rdar://problem/16400823

        Reviewed by Andreas Kling.

        New unit test in TestWebKitAPI.

        Changed the classes related to CSS "calc" to make the code a bit easier to read by
        moving code out of class definitions. Also used final some more, made more things private,
        used references instead of pointers, and other such changes. Biggest change, though, is to
        Length, which had a broken system for managing reference counted calculated objects.
        There were multiple bugs including a basic design mistake of not having a reference count
        and trying to use the reference count in the object itself. Fixed and covered by the unit
        test now; test found multiple problems in both the old and new implementations.

        * WebCore.exp.in: Updated exports, including symbols to make the unit test practical.

        * WebCore.xcodeproj/project.pbxproj: Made CalculationValue.h a Private file so it can
        be used in a unit test. Also let Xcode update the file type for a gperf file.

        * css/CSSCalculationValue.cpp:
        (WebCore::CSSCalcValue::equals): Updated since m_expression is a Ref now.
        (WebCore::CSSCalcValue::clampToPermittedRange): Marked inline and updated for data member
        name change.
        (WebCore::isIntegerResult): Changed argument order to put the operator first and use
        references instead of pointers. Also marked inline.
        (WebCore::createBlendHalf): Added. Helper to make the other functions more readable.
        (WebCore::createExpressionNode): Made non-member function private to this file. Also made
        many small improvements.
        (WebCore::CSSCalcValue::create): Updated so both of these call the same constructor.

        * css/CSSCalculationValue.h: Cut down CSSCalcValue class by making more things private
        and deleting unneeded things. Also use Ref instead of RefPtr.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::getPositionOffsetValue): Use isFixed function instead of type function.

        * css/CSSGradientValue.cpp:
        (WebCore::CSSGradientValue::addStops): Updated code since toCalcValue now returns PassRef
        instead of PassRefPtr. Unfortunately the new code is a bit more verbose.
        (WebCore::positionFromValue): Ditto.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseCalculation):

        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): Updated to pass reference rather than pointer.
        (WebCore::CSSPrimitiveValue::init): Ditto.

        * css/CSSToStyleMap.h: Removed unneeded include of LengthBox.h.

        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::ApplyPropertyLength::applyValue): Updated for function name change.
        (WebCore::ApplyPropertyBorderRadius::applyValue): Removed extra parentheses.
        (WebCore::ApplyPropertyFontSize::applyValue): Ditto. Also updated since toCalcValue returns Ref.

        * css/LengthFunctions.cpp:
        (WebCore::floatValueForLength): Updated to call value instead of getFloatValue; both are the same.

        * css/StyleResolver.cpp:
        (WebCore::addIntrinsicMargins): Updated for function name change.
        (WebCore::createGridTrackBreadth): Ditto.

        * platform/CalculationValue.cpp:
        (WebCore::CalculationValue::create): Changed to return PassRef.
        (WebCore::CalcExpressionNumber::evaluate): Moved this function out of the header, since it's
        virtual and not really going to be inlined.
        (WebCore::CalcExpressionNumber::operator==): Ditto.
        (WebCore::CalculationValue::evaluate): Ditto.
        (WebCore::CalcExpressionBinaryOperation::operator==): Ditto.
        (WebCore::CalcExpressionLength::evaluate): Ditto.
        (WebCore::CalcExpressionLength::operator==): Ditto.
        (WebCore::CalcExpressionBlendLength::evaluate): Ditto.
        (WebCore::CalcExpressionBlendLength::operator==): Ditto.

        * platform/CalculationValue.h: Moved most functions out of the class bodies so the classes are
        easier to see. Made all the == operator functions non-member ones except for the polymorphic
        one from the base class. Changed the casting functions to work on references instead of pointers.
        Tweaked name of some members.

        * platform/Length.cpp: Reworked the CalculationValueMap (formerly CalculationValueHandleMap) to
        use unsigned instead of int, and store reference counts in the map rather than trying to share the
        reference count of the underlying CalculationValue object, which can lead to storage leaks where
        handles end up in the map permanently.
        (WebCore::calculationValues): Use NeverDestroyed instead of DEPRECATED_DEFINE_STATIC_LOCAL.
        (WebCore::Length::Length): Updated some data member names.
        (WebCore::Length::calculationValue): Updated to return a reference instead of a PassRefPtr.
        (WebCore::Length::ref): Renamed and updated for new interface to the map.
        (WebCore::Length::deref): Ditto.
        (WebCore::Length::nonNanCalculatedValue): Updated to use a reference instead of a pointer.
        (WebCore::Length::isCalculatedEqual): Updated since this is now only called if both objects are
        known to be calculated values.

        * platform/Length.h: Moved most functions out of the class definition to make the class definition
        easier to read. Reworked the constructors and assignment operators to handle the reference counting
        correctly. Added various FIXMEs and assertions. Removed some unused functions, made others private.

        * platform/LengthBox.h: Renamed some one-letter arguments to use words instead.

        * rendering/AutoTableLayout.cpp:
        (WebCore::AutoTableLayout::recalcColumn): Updated for change to Length::setValue.
        * rendering/FixedTableLayout.cpp:
        (WebCore::FixedTableLayout::calcWidthArray): Ditto.

        * rendering/style/FillLayer.h:
        (WebCore::FillLayer::initialFillXPosition): Updated to not convert a double to a float at runtime.
        (WebCore::FillLayer::initialFillYPosition): Ditto.

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::setWordSpacing): Removed a bogus FALLTHROUGH that was clearly wrong, but
        harmless. Updated for changes to Length.

        * rendering/style/RenderStyle.h: Updated for name changes and to avoid converting doubles to floats
        at runtime.

2014-04-06  Brent Fulgham  <bfulgham@apple.com>

        Honor System-Level User Preferences for Caption Display
        https://bugs.webkit.org/show_bug.cgi?id=131258

        Reviewed by Eric Carlson.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::setSelectedTextTrack): Allow preferenced change to fully dispatch
        so we can properly deal with captions being turned off.
        (WebCore::HTMLMediaElement::captionPreferencesChanged): Use 'webkit' variant of the
        setWebKitClosedCaptionsVisible method so we properly adjust settings needed for the JS API call.
        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateDisplay): When captions are turned off, e.g.
        because the user turned off the preference, don't inadvertently turn them back on just bacause there
        was an existing track that was not in a 'hidden' state.

2014-04-06  Brian J. Burg  <burg@cs.washington.edu>

        Web Replay: add methods to encode a frame's index based on its FrameTree position
        https://bugs.webkit.org/show_bug.cgi?id=131281

        Reviewed by Timothy Hatcher.

        Given a frame, its encoded index is computed by traversing the frame tree
        and saving how many nodes have been traversed to reach a given frame.

        This is used to disambiguate frames when dispatching frame-specific event
        loop inputs during replay, such as timers and resource loaders.

        * replay/SerializationMethods.cpp:
        (WebCore::frameIndexFromDocument): Added.
        (WebCore::frameIndexFromFrame): Added.
        (WebCore::documentFromFrameIndex): Added.
        (WebCore::frameFromFrameIndex): Added.
        * replay/SerializationMethods.h:

2014-04-06  Alexey Proskuryakov  <ap@apple.com>

        iOS build fix.

        * WebCore.exp.in: Move newly exported function to a right section of this file.

2014-04-06  Darin Adler  <darin@apple.com>

        Refactor post-attach and HTMLObjectElement-related code
        https://bugs.webkit.org/show_bug.cgi?id=131282

        Reviewed by Antti Koivisto.

        * dom/ContainerNode.cpp: Moved the post-attach callback code from here to
        StyleResolveTree.h/cpp.
        * dom/ContainerNode.h: Ditto.

        * dom/Document.cpp:
        (WebCore::Document::recalcStyle): Use Style::PostResolutionCallbackDisabler instead of
        PostAttachCallbackDisabler.

        * dom/Element.h: Moved the post-attach callback code from here to StyleResolveTree.h/cpp.

        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::parseAttribute): Simplified the code for typeAttr, turning
        it into a 1-liner. Added a FIXME in codeAttr about the fact that it does not have the
        code to trigger image loads.

        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::didAttachRenderers): Updated to use
        Style::queuePostResolutionCallback and use a lambda instead of a function.
        (WebCore::HTMLFormControlElement::didRecalcStyle): Ditto. Also added RefPtr instead
        of just using wishful thinking to keep the object alive.
        * html/HTMLFrameOwnerElement.cpp:
        (WebCore::HTMLFrameOwnerElement::scheduleSetNeedsStyleRecalc): Ditto.

        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::parseAttribute):: Simplified the code for typeAttr, turning
        it into a 1-liner. Made dataAttr call setNeedsWidgetUpdate(true) unconditionally after
        checking carefully to see that's harmless if there is no renderer. Changed classidAttr
        to call setNeedsWidgetUpdate(true) unconditionally and not set m_classId.
        (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk): Use fastGetAttribute
        instead of classId and descendantsOfType instead of getElementsByTagName.
        (WebCore::HTMLObjectElement::hasValidClassId): Use fastGetAttribute instead of classId.
        (WebCore::HTMLObjectElement::renderFallbackContent): Use imageLoader instead of m_imageLoader.

        * html/HTMLObjectElement.h: Removed classId, since there is no reason to cache that
        attribute in a data member. Rearranged header, making more private, and fixing some typos,
        and doing a "using" instead of a function to disambiguate the inherited form functions.

        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::createElementRenderer): Fixed some code that assumed the
        first child of the shadow root is guaranteed to be an element.
        (WebCore::HTMLPlugInImageElement::didMoveToNewDocument): Removed null check on oldDocument,
        since m_needsDocumentActivationCallbacks can't be true if the old document was null.
        (WebCore::is100Percent): Added helper to make function below more readable.
        (WebCore::HTMLPlugInImageElement::subframeLoaderWillCreatePlugIn): Restructured the code a
        bit. The part that attracted my attention was the local variable of type RenderBox, which
        was named renderEmbeddedObject. Turns out the caller guarantees to only call this if there
        is a renderer of type RenderEmbeddedObject, so depend on that.

        * html/HTMLPlugInImageElement.h: Trimmed includes a bit. Made more members private.
        Marked more function members final. Made a protected imageLoader function so that
        m_imageLoader can be private eventually. Made m_imageLoader be std::unique_ptr.

        * style/StyleResolveTree.cpp:
        (WebCore::Style::needsPseudoElement): Fixed spelling error in the name of this function.
        (WebCore::Style::attachBeforeOrAfterPseudoElementIfNeeded): Updated for name change.
        (WebCore::Style::attachRenderTree): Update for new name of PostResolutionCallbackDisabler.
        (WebCore::Style::updateBeforeOrAfterPseudoElement): Updated for name change.
        (WebCore::Style::postResolutionCallbackQueue): Added.
        (WebCore::Style::queuePostResolutionCallback): Added.
        (WebCore::Style::suspendMemoryCacheClientCalls): Added. This is a side effect of the original
        PostAttachCallbackDisabler that is now done in a cleaner way, using the callback queue, instead
        of as a special case. It should not work for multiple documents across multiple pages instead of
        only the outermost one.
        (WebCore::Style::PostResolutionCallbackDisabler::PostResolutionCallbackDisabler): Added.
        Calls suspendMemoryCacheClientCalls, but a FIXME tries to point out why that isn't so great.
        (WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler): Added.
        (WebCore::Style::postResolutionCallbacksAreSuspended): Added.

        * style/StyleResolveTree.h: Added queuePostResolutionCallback and
        postResolutionCallbacksAreSuspended. Also added PostResolutionCallbackDisabler, which should
        eventually become a private implementation detail.

2014-04-04  Brian J. Burg  <burg@cs.washington.edu>

        Enable WEB_REPLAY for PLATFORM(MAC)
        https://bugs.webkit.org/show_bug.cgi?id=130700

        Reviewed by Timothy Hatcher.

        Switch on WEB_REPLAY feature flag for non-production builds.

        * Configurations/FeatureDefines.xcconfig:
        * replay/ReplayInputDispatchMethods.cpp: Fix the ENABLE(WEB_REPLAY) build.
        It was broken by the bool to enum refactoring in r166684.
        (WebCore::InitialNavigation::dispatch):

2014-04-05  Brian J. Burg  <burg@cs.washington.edu>

        Web Inspector: remove unused test hook setInspectorResourcesDataSizeLimits
        https://bugs.webkit.org/show_bug.cgi?id=131268

        Reviewed by Timothy Hatcher.

        This was used in the old inspector frontend tests for the Network panel.
        It's no longer used by any tests or frontend code.

        * WebCore.exp.in: Remove symbols.
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::setInspectorResourcesDataSizeLimits): Deleted.
        * inspector/InspectorController.h:
        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::setResourcesDataSizeLimitsFromInternals): Deleted.
        * inspector/InspectorResourceAgent.h:
        * inspector/NetworkResourcesData.cpp:
        (WebCore::NetworkResourcesData::setResourcesDataSizeLimits): Deleted.
        * inspector/NetworkResourcesData.h:
        * testing/Internals.cpp:
        (WebCore::Internals::setInspectorResourcesDataSizeLimits): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:

2014-04-05  Alexey Proskuryakov  <ap@apple.com>

        REGRESSION (NetworkProcess): Subresources fail to load from AppCache
        https://bugs.webkit.org/show_bug.cgi?id=131262
        <rdar://problem/15370653>

        Reviewed by Sam Weinig.

        Exported ApplicationCacheHost::maybeLoadResource. Changed it to take a const
        reference to ResourceRequest, as appropriate for WebResourceLoadScheduler.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * loader/appcache/ApplicationCacheHost.cpp:
        (WebCore::ApplicationCacheHost::maybeLoadResource):
        * loader/appcache/ApplicationCacheHost.h:

2014-04-05  Brian J. Burg  <burg@cs.washington.edu>

        Web Inspector: remove unused metrics and commands from the Timeline agent
        https://bugs.webkit.org/show_bug.cgi?id=131184

        Reviewed by Timothy Hatcher.

        This patch removes several instrumentation hooks that are not being
        used by the frontend in any way. Most of them are not hooked up to
        produce any data, so they just clutter up InspectorClient and the agent.

        * WebCore.exp.in: Remove didBeginFrame/didCancelFrame.
        * inspector/InspectorClient.h: Remove client methods that are never overridden.
        (WebCore::InspectorClient::canMonitorMainThread): Deleted.
        (WebCore::InspectorClient::supportsFrameInstrumentation): Deleted.
        (WebCore::InspectorClient::getAllocatedObjects): Deleted.
        (WebCore::InspectorClient::dumpUncountedAllocatedObjects): Deleted.

        * inspector/InspectorController.cpp: Remove unused instrumentation.
        (WebCore::InspectorController::didBeginFrame): Deleted.
        (WebCore::InspectorController::didCancelFrame): Deleted.
        (WebCore::InspectorController::didComposite): Deleted.
        (WebCore::InspectorController::wilComposite): Deleted.
        * inspector/InspectorController.h:

        * inspector/InspectorTimelineAgent.cpp: Remove the backend's BeginFrame enum
        value, but keep it in the protocol for when it is reimplemented. Remove
        management of the current frame record, and simplify some code.
        (WebCore::toProtocol):
        (WebCore::InspectorTimelineAgent::addRecordToTimeline):
        (WebCore::InspectorTimelineAgent::didCompleteCurrentRecord):
        (WebCore::InspectorTimelineAgent::pushCurrentRecord):
        (WebCore::InspectorTimelineAgent::clearRecordStack):
        (WebCore::InspectorTimelineAgent::canMonitorMainThread): Deleted.
        (WebCore::InspectorTimelineAgent::supportsFrameInstrumentation): Deleted.
        (WebCore::InspectorTimelineAgent::didBeginFrame): Deleted.
        (WebCore::InspectorTimelineAgent::didCancelFrame): Deleted.
        (WebCore::InspectorTimelineAgent::didComposite): Deleted.
        (WebCore::InspectorTimelineAgent::wilComposite): Deleted.
        (WebCore::InspectorTimelineAgent::innerAddRecordToTimeline): Deleted. Undo telescoping.
        (WebCore::usedHeapSize): Deleted.
        (WebCore::InspectorTimelineAgent::commitFrameRecord): Deleted.
        * inspector/InspectorTimelineAgent.h:
        (WebCore::InspectorTimelineAgent::TimelineRecordEntry::TimelineRecordEntry):
        * inspector/protocol/Timeline.json:

        * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp: Remove
        instrumentation hook for beginFrame. This is the only backend that implements it.
        (WebCore::CompositingCoordinator::syncDisplayState):

        * testing/Internals.cpp: Remove crufty test methods that aren't used.
        (WebCore::Internals::emitInspectorDidBeginFrame): Deleted.
        (WebCore::Internals::emitInspectorDidCancelFrame): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:

2014-04-05  Alexey Proskuryakov  <ap@apple.com>

        REGRESSION (r163914): Application cache cannot be used in main frame
        https://bugs.webkit.org/show_bug.cgi?id=131263
        <rdar://problem/16532063>

        Reviewed by Sam Weinig.

        * loader/appcache/ApplicationCacheHost.cpp: (WebCore::ApplicationCacheHost::isApplicationCacheBlockedForRequest):
        Don't check main frame origin when loading into main frame, it's not a 3rd party
        subframe, and the URL is unrelated to the page we are loading now.

        * loader/appcache/ApplicationCacheGroup.cpp: (WebCore::ApplicationCacheGroup::cacheForMainRequest):
        Removed the same incorrect check that was duplicated here. The only caller already
        checks isApplicationCacheBlockedForRequest().

2014-04-05  Dan Bernstein  <mitz@apple.com>

        [Xcode] Clean up the platform/graphics group
        https://bugs.webkit.org/show_bug.cgi?id=131271

        Reviewed by Eric Carlson.

        * WebCore.xcodeproj/project.pbxproj: Created an opentype group and moved opentype file
        references into it. Removed duplicate file references.

2014-04-05  Andreas Kling  <akling@apple.com>

        Remove unused type casting helpers for HTMLUnknownElement...

        ...to fix the debug build.

        * html/HTMLUnknownElement.h:

2014-04-05  Dirk Schulze  <krit@webkit.org>

        Canvas strokeText and fillText with SourceIn, DestinationIn, SourceOut, DestinationAtop and Copy have errors
        https://bugs.webkit.org/show_bug.cgi?id=66766

        Reviewed by Andreas Kling.

        Use transparency layers to draw text with certain compositing modes on
        the canvas. This follows the Canvas specification and makes WebKit fully
        compatible with IE. It also makes it more compatible with Firefox, even though
        Firefox still has some bugs.

        Test: fast/canvas/canvas-composite-text-alpha.html

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawTextInternal):

2014-04-05  Andreas Kling  <akling@apple.com>

        Devirtualize isHTMLUnknownElement().
        <https://webkit.org/b/131269>

        We were hitting isHTMLUnknownElement() pretty hard when marking
        out-of-document Nodes. (The check is part of isHTMLAudioElement()
        which is called by JSNodeOwner::isReachableFromOpaqueRoots().)

        This patch uses a Node flag for the unknown element instead.
        I'm also adding HTMLUnknownElement.{h,idl} to the Xcode project
        since they were suspiciously missing.

        Reviewed by Benjamin Poulain.

        * WebCore.xcodeproj/project.pbxproj:
        * dom/Node.h:
        * html/HTMLElement.h:
        (WebCore::HTMLElement::isHTMLUnknownElement):
        * html/HTMLUnknownElement.h:
        (WebCore::toHTMLUnknownElement): Deleted.

2014-04-05  Dirk Schulze  <krit@webkit.org>

        Canvas stroke and strokeRect with SourceIn, DestinationIn, SourceOut, DestinationAtop and Copy have errors
        https://bugs.webkit.org/show_bug.cgi?id=66762

        Reviewed by Andreas Kling.

        For fill operations we create a new ImageBuffer to ensure that the results are composited
        correctly according to the Canvas spec. This patch creates a new transparency layer
        for stroking on certain compositing operators to archive the same. This makes WebKit's
        behavior interoperable with Firefox and IE as well. 

        Test: fast/fast/canvas/canvas-composite-stroke-alpha.html

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::strokeInternal):
        (WebCore::CanvasRenderingContext2D::strokeRect):

2014-04-05  Yusuke Suzuki  <utatane.tea@gmail.com>

        Use preallocated stack reference to store adjacentBacktrackingStart
        https://bugs.webkit.org/show_bug.cgi?id=131237

        Reviewed by Benjamin Poulain.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::computeBacktrackingInformation):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateDirectAdjacentTreeWalker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateAdjacentBacktrackingTail):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateBacktrackingTailsIfNeeded):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateWalkToPreviousAdjacent): Deleted.
        (WebCore::SelectorCompiler::SelectorCodeGenerator::linkFailures): Deleted.
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateDescendantBacktrackingTail): Deleted.
        * cssjit/StackAllocator.h:
        (WebCore::StackAllocator::allocateUninitialized):

2014-04-05  Jeongeun Kim  <je_julie.kim@samsung.com>

        bad values from HTMLImageElement x and y attributes (CSSOM-View)
        https://bugs.webkit.org/show_bug.cgi?id=130308
        
        Reviewed by Simon Fraser.

        According to CSSOM-View, interface HTMLImageElement,
        The x attribute must return the x-coordinate.
        If style is not updated when x() is called, it can’t return anything.
        Style and layout should be done before getting value for x() and y(). 

        Test: cssom/cssom-view-img-attributes-001.html

        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::x):
        (WebCore::HTMLImageElement::y):

2014-04-05  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] Remove CSSBoxType member from BasicShape and CSSBasicShape
        https://bugs.webkit.org/show_bug.cgi?id=129706

        Reviewed by Andreas Kling.

        The CSSBoxType has been moved up to ShapeValue and is no longer needed in the BasicShape classes.

        No new tests, no behavior change.

        * css/BasicShapeFunctions.cpp:
        (WebCore::valueForBasicShape):
        (WebCore::basicShapeForValue):
        * rendering/style/BasicShapes.cpp:
        (WebCore::BasicShape::canBlend):
        * rendering/style/BasicShapes.h:
        (WebCore::BasicShape::referenceBox): Deleted.
        (WebCore::BasicShape::setReferenceBox): Deleted.
        (WebCore::BasicShape::BasicShape): Deleted.

2014-04-05  Mark Rowe  <mrowe@apple.com>

        Fix the 32-bit build after r166818.

        * WebCore.exp.in:

2014-04-03  Brian J. Burg  <burg@cs.washington.edu>

        Web Inspector: hook up probe samples to TimelineAgent's records
        https://bugs.webkit.org/show_bug.cgi?id=131127

        Reviewed by Timothy Hatcher.

        Hook up probe callbacks from ScriptDebugListener so that timeline records are
        created for probe samples. The record includes the probe identifier and hit count.
        The actual probe evaluation result is sent separately by DebuggerAgent, and
        can be looked up in frontend models using the identifier and hit count.

        * inspector/InspectorTimelineAgent.cpp: Only listen to the debug server when recording.
        (WebCore::InspectorTimelineAgent::start):
        (WebCore::InspectorTimelineAgent::stop):
        (WebCore::InspectorTimelineAgent::breakpointActionProbe):
        (WebCore::toProtocol):
        * inspector/InspectorTimelineAgent.h:
        * inspector/TimelineRecordFactory.cpp:
        (WebCore::TimelineRecordFactory::createProbeSampleData):
        * inspector/TimelineRecordFactory.h:
        * inspector/protocol/Timeline.json: Add new enum value.

2014-04-04  Andreas Kling  <akling@apple.com>

        Streamline cached wrapper lookup for Nodes in the normal world.
        <https://webkit.org/b/131249>

        Inline the hot path for toJS(..., Node*) for cached wrapper lookups
        in the normal world. (Or really, out-of-line the cold path, since
        that was preventing the compiler from inlining this function.)

        Also have JSDOMGlobalObject cache the "is normal world" flag from
        the DOMWrapperWorld so we can avoid the extra load.

        Reviewed by Benjamin Poulain.

        * WebCore.exp.in:
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
        * bindings/js/JSDOMGlobalObject.h:
        (WebCore::JSDOMGlobalObject::worldIsNormal):
        * bindings/js/JSNodeCustom.cpp:
        (WebCore::getOutOfLineCachedWrapper):
        * bindings/js/JSNodeCustom.h:
        (WebCore::toJS):

2014-04-04  Brady Eidson  <beidson@apple.com>

        Show DataDetector UI on scanned phone numbers.
        <rdar://problem/16379588> and https://bugs.webkit.org/show_bug.cgi?id=131247

        Reviewed by Tim Horton.

        Gather the ranges of the scanned telephone numbers and send them up to WK2:
        * editing/Editor.cpp:
        (WebCore::Editor::respondToChangedSelection):
        (WebCore::Editor::scanSelectionForTelephoneNumbers):
        (WebCore::Editor::scanRangeForTelephoneNumbers):
        * editing/Editor.h:

        Add client method to receive scanned telephone number ranges:
        * page/EditorClient.h:
        (WebCore::EditorClient::selectedTelephoneNumberRangesChanged):

        Remove unneeded placeholder UI:
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paintDocumentMarkers):
        (WebCore::InlineTextBox::computeRectForReplacementMarker): Deleted.
        (WebCore::InlineTextBox::paintCompositionUnderline): Deleted.
        * rendering/InlineTextBox.h:
        (WebCore::InlineTextBox::expansionBehavior): Deleted.

2014-04-04  James Craig  <jcraig@apple.com>

        AX: supportsARIAExpanded should always return true for a few roles: combobox, disclosure.
        https://bugs.webkit.org/show_bug.cgi?id=129787

        Reviewed by Chris Fleizach.

        Test: inspector-protocol/dom/getAccessibilityPropertiesForNode.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::supportsARIAExpanded):

2014-04-04  Andreas Kling  <akling@apple.com>

        JSGenerateToNativeObject should use fast JSNode/JSElement casts.
        <https://webkit.org/b/131245>

        Make JSGenerateToNativeObject spit out code using the fast new wrapper
        casts for JSNode and JSElement.

        This avoids walking the ClassInfo chain in many core functions, e.g:

            - Node.insertBefore()
            - Node.replaceChild()
            - Node.removeChild()
            - Node.appendChild()
            - window.getComputedStyle()

        Reviewed by Geoff Garen.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):

2014-04-04  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] polygon y-value calc() args serialize incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=129842

        Reviewed by Bem Jones-Bey.

        The code hit ASSERT(isCalculation(value)) in CSSParser::createPrimitiveNumbericValue, because
        CSSParser::validUnit had been called on both coordinates, which set the value for m_parsedCalculation,
        but only one of the coordinates was calculation value. I reordered calling valudUnit and
        createPrimitiveNumbericValue to be called in the correct order on the coordinates.

        I added the new test case to parsing-test-utils.js.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseBasicShapePolygon):

2014-04-04  Brian J. Burg  <burg@cs.washington.edu>

        Web Replay: capture and replay wheel events and scroll commands
        https://bugs.webkit.org/show_bug.cgi?id=129402

        Reviewed by Timothy Hatcher and Simon Fraser.

        To capture and replay scrolling, the scrolling coordinator will force synchronous 
        scrolling during capture and replay. If the page is capturing or replaying,
        ForceOnMainThread will be added to the coordinator's SynchronousScrollingReasons.

        A callback was added to signal that replay session state have changed,
        and thus the synchronous scrolling reasons should be recomputed.

        Automated replay reftests for scrolling are not included, because they will be
        too flaky until more nondeterminism is handled. Specifically, resource loading,
        initial focus/active state, and parsing are known blocking issues.

        Test: ManualTests/inspector/replay-wheel-events.html

        * page/scrolling/ScrollingCoordinator.cpp: Add a new callback for replay state
        session changes. Add ForceOnMainThread if the page's active input cursor is
        capturing or replaying.

        (WebCore::ScrollingCoordinator::synchronousScrollingReasons):
        (WebCore::ScrollingCoordinator::replaySessionStateDidChange): Added.
        * page/scrolling/ScrollingCoordinator.h:

        * platform/PlatformWheelEvent.h:
        * platform/ScrollTypes.h: Add explicit enum storage types so these enums can
        be forward-declared. This is necessary to generate enum encode/decode implementations.

        * replay/ReplayController.cpp:
        (WebCore::ReplayController::setForceDeterministicSettings): If async scrolling
        support is available, tell the scrolling tree to behave deterministically.

        * replay/ReplayInputDispatchMethods.cpp:
        (WebCore::HandleWheelEvent::dispatch): Added.
        (WebCore::LogicalScrollPage::dispatch): Added.
        (WebCore::ScrollPage::dispatch): Added.
        * replay/SerializationMethods.cpp: Introduce more specific macros for values
        deserialized to arbitraray lvalues, scalars, RefPtr, and unique_ptr. Fix existing
        uses of decode macros.

        (JSC::EncodingTraits<NondeterministicInputBase>::encodeValue): Fix macro name.
        (JSC::EncodingTraits<KeypressCommand>::encodeValue): Fix macro name.
        (JSC::EncodingTraits<PlatformKeyboardEvent>::encodeValue): Fix macro name.
        (JSC::EncodingTraits<PlatformMouseEvent>::encodeValue): Fix macro name.
        (JSC::PlatformWheelEventCocoa::PlatformWheelEventCocoa): Added. Encapsulate
        and initialize data members specific to PLATFORM(COCOA).

        (JSC::EncodingTraits<PlatformWheelEvent>::encodeValue): Added.
        (JSC::EncodingTraits<PlatformWheelEvent>::decodeValue): Added.
        * replay/SerializationMethods.h:
        * replay/UserInputBridge.cpp: Fill in bridge methods to capture inputs.
        (WebCore::UserInputBridge::handleWheelEvent):
        (WebCore::UserInputBridge::scrollRecursively):
        (WebCore::UserInputBridge::logicalScrollRecursively):
        * replay/WebInputs.json: Add inputs and new enum types.

2014-04-04  Yusuke Suzuki  <utatane.tea@gmail.com>

        Upgrade to SelectorFailsAllSiblings when Child selector is failed.
        https://bugs.webkit.org/show_bug.cgi?id=130961

        Reviewed by Benjamin Poulain.

        When Child selector fails, we should resume matching from the closest
        Descendant selector.
        So upgrading SelectorFailsLocally to SelectorFailsAllSibling at least
        to prevent unnecessary direct/indirect adjacent selectors matching.

        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::matchRecursively):

2014-04-04  Roger Fong  <roger_fong@apple.com>

        Keep track of filtered active attribute/uniform indices per shader program.
        https://bugs.webkit.org/show_bug.cgi?id=131235.

        Reviewed by Dean Jackson.

        Tests: Covered by existing Khronos Conformance tests. 
        Will create a test to use multiple shader programs in a follow-up patch.

        * html/canvas/WebGLProgram.cpp:
        (WebCore::WebGLProgram::cacheActiveAttribLocations): Use getActiveAttribImpl. We do not need to use the filtered list of attributes here.
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getUniformLocation): Use filtered list of uniforms for uniform count.
        * platform/graphics/GraphicsContext3D.h: Create a map of shader programs to ActiveShaderSymbolCounts.
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::attachShader): 
        When attaching or detaching a shader the shader program's active symbols list will change. Clear it so that it will be updated later.
        (WebCore::GraphicsContext3D::detachShader): Ditto.
        (WebCore::GraphicsContext3D::compileShader): No need to clear symbol counts here.
        (WebCore::GraphicsContext3D::getActiveAttrib): getActiveAttrib should only be able to query for attributes in the filtered list.
        (WebCore::GraphicsContext3D::getActiveUniform): getActiveUniform should only be able to query for uniforms in the filtered list.
        (WebCore::GraphicsContext3D::getNonBuiltInActiveSymbolCount): Return the filtered symbol count for a shader program.

2014-04-04  Ion Rosca  <rosca@adobe.com>

        [CSS Blending] Add compositing reason for isolation.
        https://bugs.webkit.org/show_bug.cgi?id=131153

        Reviewed by Joseph Pecoraro.

        There are 2 reasons involving blend modes for a layer to be composited:
        1) the layer has blend mode and has composited descendants: CompositingReasonBlendingWithCompositedDescendants.
        2) the layer has to isolate composited blending descendants: CompositingReasonIsolatesCompositedBlendingDescendants

        Test: inspector-protocol/layers/layers-blending-compositing-reasons.html

        * inspector/InspectorLayerTreeAgent.cpp:
        (WebCore::InspectorLayerTreeAgent::reasonsForCompositingLayer):
        * inspector/protocol/LayerTree.json:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::reasonsForCompositing):
        (WebCore::RenderLayerCompositor::logReasonsForCompositing):
        * rendering/RenderLayerCompositor.h: adding CompositingReasonIsolatesCompositedBlendingDescendants.

2014-04-04  Bem Jones-Bey  <bjonesbe@adobe.com>

        Use more const refs in ShapeOutsideInfo and some misc cleanup
        https://bugs.webkit.org/show_bug.cgi?id=131192

        Reviewed by Dirk Schulze.

        Use const refs for pretty much everything that can't be null. Also
        cleanup some code that got a bit messy when ShapeInfo was merged into
        ShapeOutsideInfo.

        No new tests, no behavior change.

        * rendering/shapes/ShapeOutsideInfo.cpp:
        (WebCore::ShapeOutsideInfo::shapeToRendererPoint):
        (WebCore::ShapeOutsideInfo::shapeToRendererSize):
        (WebCore::referenceBox):
        (WebCore::ShapeOutsideInfo::setReferenceBoxLogicalSize):
        (WebCore::getShapeImageAndRect):
        (WebCore::ShapeOutsideInfo::computedShape):
        (WebCore::ShapeOutsideInfo::logicalTopOffset):
        (WebCore::ShapeOutsideInfo::logicalLeftOffset):
        * rendering/shapes/ShapeOutsideInfo.h:

2014-04-04  Alexey Proskuryakov  <ap@apple.com>

        REGRESSION (r166615): Pressing return doesn’t submit search term at bing.com
        https://bugs.webkit.org/show_bug.cgi?id=131212
        <rdar://problem/16521788>

        Reviewed by Dan Bernstein.

        Test: fast/forms/submit-while-you-submit.html

        Turns out that m_shouldSubmit can actually be modified in a code path where we can't
        directly return the result. I'm not sure if the current behavior is entirely correct
        (we have open bugs about submitting forms multiple times), but let's restore it to
        pre-r166615 state.

        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::HTMLFormElement):
        (WebCore::HTMLFormElement::prepareForSubmission):
        (WebCore::HTMLFormElement::submit):
        * html/HTMLFormElement.h:

2014-04-04  Martin Hock  <mhock@apple.com>

        [Mac] Change operation queue width to NSOperationQueueDefaultMaxConcurrentOperationCount.
        https://bugs.webkit.org/show_bug.cgi?id=131231

        <rdar://problem/13913483>

        Reviewed by Brady Eidson.

        No new tests, no behavior change.

        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::operationQueueForAsyncClients):

2014-04-04  Hans Muller  <hmuller@adobe.com>

        [CSS Shapes] Simplify Polygon implementation
        https://bugs.webkit.org/show_bug.cgi?id=130975

        Reviewed by Andreas Kling.

        Only floats can specify shape-outside. For polygon shape-outside values, the problem
        of finding the left and right exclusion edges reduces to finding the X axis
        limits of the polygon edges that overlap a particular layout line. This is a much
        simpler version of the problem that PolygonShape was originally designed for, and so
        the implementation can also be simplified. There's more about the new algorithm in
        http://hansmuller-webkit.blogspot.com/2014/03/a-simpler-algorithm-for-css-shapes.html.

        No new tests, since functionality was only removed.

        * platform/graphics/FloatRect.h:
        (WebCore::FloatRect::overlapsYRange):
        (WebCore::FloatRect::overlapsXRange):
        * rendering/shapes/PolygonShape.cpp:
        (WebCore::OffsetPolygonEdge::xIntercept):
        (WebCore::circleXIntercept):
        (WebCore::OffsetPolygonEdge::clippedEdgeXRange): X axis extent of the edge clipped to a vertical interval.
        (WebCore::clippedCircleXRange): X axis extent of a circle clipped to a vertical interval.
        (WebCore::PolygonShape::shapeMarginLogicalBoundingBox):
        (WebCore::PolygonShape::getExcludedIntervals):
        (WebCore::PolygonShape::buildDisplayPaths):
        * rendering/shapes/PolygonShape.h:
        (WebCore::OffsetPolygonEdge::OffsetPolygonEdge):
        (WebCore::OffsetPolygonEdge::isWithinYRange):
        (WebCore::OffsetPolygonEdge::overlapsYRange):
        (WebCore::PolygonShape::PolygonShape):
        * rendering/shapes/ShapeInterval.h:
        (WebCore::ShapeInterval::isEmpty):
        (WebCore::ShapeInterval::unite):

2014-04-04  Bem Jones-Bey  <bjonesbe@adobe.com>

        [CSS Shapes] shape-margin in percentage units always computes to 0px
        https://bugs.webkit.org/show_bug.cgi?id=130369

        Reviewed by Andreas Kling.

        Make shape-margin parsing accept percentages and properly compute the
        length once the percentage is accepted.

        Test: fast/shapes/shape-outside-floats/shape-outside-floats-shape-margin-percent.html

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        * rendering/shapes/Shape.cpp:
        (WebCore::Shape::createShape):
        (WebCore::Shape::createRasterShape):
        (WebCore::Shape::createBoxShape):
        * rendering/shapes/Shape.h:
        * rendering/shapes/ShapeOutsideInfo.cpp:
        (WebCore::ShapeOutsideInfo::computedShape):

2014-04-04  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] Remove outside-shape CSS value
        https://bugs.webkit.org/show_bug.cgi?id=131201

        Reviewed by Bem Jones-Bey.

        Outside-shape is not a valid CSS value anymore. This patch removes it.

        No new tests, existing tests are removed.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::shapePropertyValue):
        * css/CSSValueKeywords.in:
        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::ApplyPropertyShape::applyValue):
        * rendering/shapes/ShapeOutsideInfo.cpp:
        (WebCore::ShapeOutsideInfo::computedShape):
        (WebCore::ShapeOutsideInfo::isEnabledFor):
        * rendering/style/ShapeValue.h:
        (WebCore::ShapeValue::createOutsideValue): Deleted.

2014-04-04  Dirk Schulze  <krit@webkit.org>

        Gradient offsets are off if compositing operator != source-over
        https://bugs.webkit.org/show_bug.cgi?id=129791

        Reviewed by Andreas Kling.

        Instead of transforming the path before drawing it on the context,
        the whole context should be transformed. This will make the gradient
        map correctly to the context space.

        Test: fast/canvas/canvas-gradient-on-compositing.html

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::fullCanvasCompositedFill):

2014-04-04  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Move background images to device pixel boundaries.
        https://bugs.webkit.org/show_bug.cgi?id=131144

        Reviewed by Simon Fraser.

        Replace integral snapping with device pixel snapping.
        Background image geometry calculation uses LayoutUnits and we snap to device pixels right before painting.

        Tests: fast/backgrounds/hidpi-bitmap-background-on-subpixel-position.html
               fast/backgrounds/hidpi-bitmap-background-origin-on-subpixel-position.html
               fast/backgrounds/hidpi-bitmap-background-repeat-on-subpixel-position.html
               fast/backgrounds/hidpi-generated-gradient-background-on-subpixel-position.html

        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::setContentsTilePhase):
        (WebCore::GraphicsLayer::contentsTilePhase):
        (WebCore::GraphicsLayer::setContentsTileSize):
        (WebCore::GraphicsLayer::contentsTileSize):
        * platform/graphics/texmap/TextureMapperLayer.cpp:
        (WebCore::TextureMapperLayer::setContentsTileSize):
        (WebCore::TextureMapperLayer::setContentsTilePhase):
        * platform/graphics/texmap/TextureMapperLayer.h:
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
        (WebCore::CoordinatedGraphicsLayer::setContentsTileSize):
        (WebCore::CoordinatedGraphicsLayer::setContentsTilePhase):
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsState.h:
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::repaintLayerRectsForImage):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        (WebCore::resolveWidthForRatio):
        (WebCore::resolveHeightForRatio):
        (WebCore::resolveAgainstIntrinsicWidthOrHeightAndRatio):
        (WebCore::resolveAgainstIntrinsicRatio):
        (WebCore::RenderBoxModelObject::calculateImageIntrinsicDimensions):
        (WebCore::RenderBoxModelObject::calculateFillTileSize):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::setNoRepeatX):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::setNoRepeatY):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::useFixedAttachment):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::clip):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::relativePhase):
        (WebCore::getSpace):
        (WebCore::RenderBoxModelObject::pixelSnapBackgroundImageGeometryForPainting):
        (WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):
        (WebCore::RenderBoxModelObject::getGeometryForBackgroundImage):
        (WebCore::RenderBoxModelObject::paintNinePieceImage):
        (WebCore::applySubPixelHeuristicForTileSize): Deleted.
        * rendering/RenderBoxModelObject.h:
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::destOrigin):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::setDestOrigin):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::destRect):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::setDestRect):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::phase):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::setPhase):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::tileSize):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::setTileSize):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::spaceSize):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::setSpaceSize):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::setPhaseX):
        (WebCore::RenderBoxModelObject::BackgroundImageGeometry::setPhaseY):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateDirectlyCompositedBackgroundImage):
        * rendering/shapes/ShapeOutsideInfo.cpp:
        (WebCore::getShapeImageAndRect):

2014-04-04  Brent Fulgham  <bfulgham@apple.com>

        [Win] Unreviewed test fix (crash in debug build).

        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::AVFWrapper::legibleOutputCallback): Correct assertion. This
        callback is scheduled for the caption queue, not the main queue.

2014-04-03  Brent Fulgham  <bfulgham@apple.com>

        [Win] Load Media Controls js/css from bundle
        https://bugs.webkit.org/show_bug.cgi?id=131194

        Reviewed by Dean Jackson.

        * DerivedSources.cpp: Remove no-longer generated file.
        * DerivedSources.make: Don't generate unneeded files.
        * WebCore.vcxproj/WebCore.vcxproj: Don't compile unneeded files.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * WebCore.vcxproj/copyWebCoreResourceFiles.cmd: Copy css/js to resource
        * rendering/RenderThemeSafari.cpp:
        * rendering/RenderThemeSafari.h:
        * rendering/RenderThemeWin.cpp:
        * rendering/RenderThemeWin.h:

2014-04-04  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Region's behaviour not updated when becoming valid from invalid
        https://bugs.webkit.org/show_bug.cgi?id=131211

        Reviewed by Andrei Bucur.

        When a region becomes valid again from invalid, it was part of a dependency cycle and the dependency cycle was broken,
        it needs to behave like a valid region again: if it has autoheight then it should compute its height based on the
        named flow content, if it has region styling then it should apply the additional style to the flowed content.

        Added a new method, updateRegionFlags, that is used to ensure that auto-height and region-styling flags
        are properly set in several situations. Checking the behaviour, autoheight or styling, is done only
        if the region is valid.

        Tests: fast/regions/auto-size/autoheight-region-valid-from-invalid.html
               fast/regions/region-styling/region-withstyling-valid-from-invalid.html

        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::updateRegionFlags):
        (WebCore::RenderNamedFlowFragment::styleDidChange):
        (WebCore::RenderNamedFlowFragment::updateRegionHasAutoLogicalHeightFlag):
        (WebCore::RenderNamedFlowFragment::checkRegionStyle):
        (WebCore::RenderNamedFlowFragment::attachRegion):
        (WebCore::RenderNamedFlowFragment::detachRegion):
        * rendering/RenderNamedFlowFragment.h:
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::addFragmentToNamedFlowThread):

2014-04-04  Raphael Kubo da Costa  <raphael.kubo.da.costa@intel.com>

        [GTK][CMake] Remove FindXt.cmake.
        https://bugs.webkit.org/show_bug.cgi?id=131227

        Reviewed by Anders Carlsson.

        * PlatformGTK.cmake: Use FindX11.cmake's Xt variables instead of our own FindXt.cmake's ones.

2014-04-03  Andreas Kling  <akling@apple.com>

        Fast-path for casting JS wrappers to JSElement.
        <https://webkit.org/b/131210>

        Add an extended JSType for Element wrappers so we can avoid walking
        the ClassInfo chain in those bindings as well.

        Generalized the code to select a casting helper in the bindings
        generator into a function (GetCastingHelperForThisObject.)
        Updated all the jsDynamicCast call sites to go through this, in case
        there's an optimized cast available for the desired type.

        Reviewed by Benjamin Poulain.

        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMWrapper.h:
        * bindings/js/JSElementCustom.h: Added.
        (WebCore::jsElementCast):
        * bindings/js/JSNodeCustom.h:
        (WebCore::jsNodeCast):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GetCastingHelperForThisObject):
        (GenerateImplementation):
        * dom/Element.idl:

2014-04-03  Andreas Kling  <akling@apple.com>

        Rebaseline a bindings test.

        * bindings/scripts/test/JS/JSTestNode.h:
        (WebCore::JSTestNode::createStructure):

2014-04-03  Andreas Kling  <akling@apple.com>

        Fast-path for casting JS wrappers to JSNode.
        <https://webkit.org/b/131196>

        Add a way to quickly determine that a given JSObject is a JSNode.
        This lets us avoid walking the ClassInfo chain in the DOM bindings
        for WebCore::Node.

        Reviewed by Mark Hahnenberg and Geoff Garen.

        * bindings/js/JSDOMWrapper.h:

            Added a JSNodeType constant that extends beyond JSC::JSType.

        * bindings/js/JSNodeCustom.h:
        (WebCore::jsNodeCast):

            Added. Fast cast from JSValue to JSNode.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GenerateImplementation):

            Generate code that uses jsNodeCast in Node interfaces.

2014-04-03  Bem Jones-Bey  <bjonesbe@adobe.com>

        Merge ShapeInfo & ShapeOutsideInfo now that ShapeInsideInfo is no more
        https://bugs.webkit.org/show_bug.cgi?id=131180

        Reviewed by Andreas Kling.

        Now that ShapeInsideInfo is gone, having a class hiearachy and
        templates doesn't make any sense. As a first step to cleaning up the
        code, this remove ShapeInfo and puts all of its functionality into
        ShapeOutsideInfo.

        No new tests, no behavior change.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/shapes/ShapeInfo.cpp: Removed.
        * rendering/shapes/ShapeInfo.h: Removed.
        * rendering/shapes/ShapeOutsideInfo.cpp:
        (WebCore::ShapeOutsideInfo::computedShapePhysicalBoundingBox):
        (WebCore::ShapeOutsideInfo::shapeToRendererPoint):
        (WebCore::ShapeOutsideInfo::shapeToRendererSize):
        (WebCore::referenceBox):
        (WebCore::ShapeOutsideInfo::setReferenceBoxLogicalSize):
        (WebCore::checkShapeImageOrigin):
        (WebCore::getShapeImageAndRect):
        (WebCore::getShapeImageMarginRect):
        (WebCore::ShapeOutsideInfo::computedShape):
        (WebCore::borderBeforeInWritingMode):
        (WebCore::borderAndPaddingBeforeInWritingMode):
        (WebCore::ShapeOutsideInfo::logicalTopOffset):
        (WebCore::borderStartWithStyleForWritingMode):
        (WebCore::borderAndPaddingStartWithStyleForWritingMode):
        (WebCore::ShapeOutsideInfo::logicalLeftOffset):
        (WebCore::ShapeOutsideInfo::computeSegmentsForLine):
        (WebCore::ShapeOutsideInfo::updateDeltasForContainingBlockLine):
        (WebCore::ShapeOutsideInfo::shapeValue): Deleted.
        (WebCore::ShapeOutsideInfo::styleForWritingMode): Deleted.
        * rendering/shapes/ShapeOutsideInfo.h:

2014-04-03  Andreas Kling  <akling@apple.com>

        Fix over-retain in SharedBufferCF's createCFData().
        <https://webkit.org/b/131139>

        Constructing the return type (RetainPtr<CFDataRef>) will also retain
        the pointee, so this would end up leaking.

        Reviewed by Anders Carlsson.

        * platform/cf/SharedBufferCF.cpp:
        (WebCore::SharedBuffer::createCFData):

2014-04-03  Brent Fulgham  <bfulgham@apple.com>

        [Win] Turn on ENABLE_CSS_GRID_LAYOUT
        https://bugs.webkit.org/show_bug.cgi?id=131147

        Reviewed by Simon Fraser.

        Covered by existing fast/css/getComputedStyle tests.

        * css/CSSAllInOne.cpp: Add CSSGridLineNamesValue.cpp when building
        with ENABLE(CSS_GRID_LAYOUT)

2014-04-03  Simon Fraser  <simon.fraser@apple.com>

        Pixelated WebView when display is changed from hiDPI to regularDPI
        https://bugs.webkit.org/show_bug.cgi?id=131185

        Reviewed by Tim Horton.

        r166309 added a short circuit in GraphicsLayerCA::updateContentsScale()
        when the scale didn't change. This broke layers which expected to
        unconditionally receive a setContentsScale(), namely the WebTiledBackingLayer
        which owns the TileController. WebTiledBackingLayer overrode -setContentsScale:
        to pass the scale down to the TileController; however, it didn't override
        -contentsScale, and it mucked with the scale passed in.
        
        Fix by having setting and fetching contentsScale on a WebTiledBackingLayer
        work as expected. Also rename the TileController functions to mirror the
        CALayer functions better.

        * WebCore.exp.in:
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::updateContentsScale):
        * platform/graphics/ca/mac/TileController.h:
        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::TileController):
        (WebCore::TileController::contentsScale):
        (WebCore::TileController::setContentsScale):
        (WebCore::TileController::scale): Deleted.
        (WebCore::TileController::setScale): Deleted.
        * platform/graphics/ca/mac/WebTiledBackingLayer.mm:
        (-[WebTiledBackingLayer setContentsScale:]):
        (-[WebTiledBackingLayer contentsScale]):

2014-04-03  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] LineSegment logicalLeft and logicalRight members should be floats
        https://bugs.webkit.org/show_bug.cgi?id=116160

        Reviewed by Andreas Kling. 

        LineSegment edges should not have been changed to LayoutUnit. These are
        used only as floats. I modified them back to floats. 

        No new tests are needed, no behavior change.

        * rendering/shapes/Shape.h:

2014-04-03  Dirk Schulze  <krit@webkit.org>

        [CG] Canvas lineDashOffset does not handle negative numbers correctly
        https://bugs.webkit.org/show_bug.cgi?id=80560

        Reviewed by Dean Jackson.

        CG ignores negative dash array offsets. Check if we have a negative offset, if yes
        then calculate the length of the dash array and modulo the dash array offset with
        the dash array length.

        Test: fast/canvas/canvas-negative-lineDashOffset.html

        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::setLineDash):

2014-04-03  David Hyatt  <hyatt@apple.com>

        REGRESSION: fast/css/relative-positioned-block-nested-with-inline-parent-multiple-descendant-blocks-dynamic.html broken
        https://bugs.webkit.org/show_bug.cgi?id=131183

        Reviewed by Simon Fraser.

        Revert the loop to continue rather than breaking when an invalid block is encountered.
        This is what it used to do if it encountered a non-continuation block.

        * rendering/RenderInline.cpp:
        (WebCore::updateStyleOfAnonymousBlockContinuations):

2014-04-02  Simon Fraser  <simon.fraser@apple.com>

        Harden FilterOperation type casting
        https://bugs.webkit.org/show_bug.cgi?id=131142

        Reviewed by Sam Weinig.

        DefaultFilterOperation had an error-prone behavior where it set the base class
        OperationType to the type of some other filter class, but overrode isDefault(). 
        This made it very easy to write incorrect code that casted incorrectly based on type().
        
        Fix by making adding a DEFAULT filter operation type, and storing the represented
        type on DefaultFilterOperation().
        
        Also remove the OperationType argument for constructors of FilterOperations that
        can only be of one type, to avoid possible mistakes.
        
        Make the type cast macros a bit more normal, and use them in a few places.
        
        Fixed PlatformCAFiltersMac to handle the default filter case more cleanly.

        * WebCore.exp.in:
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::valueForFilter):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::createFilterOperations):
        * platform/graphics/ca/PlatformCAFilters.h:
        * platform/graphics/ca/mac/PlatformCAFiltersMac.mm:
        (PlatformCAFilters::filterValueForOperation):
        (PlatformCAFilters::colorMatrixValueForFilter):
        * platform/graphics/filters/FilterOperation.cpp:
        (WebCore::DefaultFilterOperation::operator==):
        (WebCore::ReferenceFilterOperation::ReferenceFilterOperation):
        (WebCore::ReferenceFilterOperation::operator==):
        (WebCore::BlurFilterOperation::operator==):
        (WebCore::BlurFilterOperation::blend):
        (WebCore::DropShadowFilterOperation::operator==):
        (WebCore::DropShadowFilterOperation::blend):
        * platform/graphics/filters/FilterOperation.h:
        (WebCore::FilterOperation::blend):
        (WebCore::FilterOperation::type):
        (WebCore::FilterOperation::isBasicColorMatrixFilterOperation):
        (WebCore::FilterOperation::isBasicComponentTransferFilterOperation):
        (WebCore::FilterOperation::isSameType):
        (WebCore::DefaultFilterOperation::create):
        (WebCore::DefaultFilterOperation::representedType):
        (WebCore::DefaultFilterOperation::DefaultFilterOperation):
        (WebCore::ReferenceFilterOperation::create):
        (WebCore::BlurFilterOperation::create):
        (WebCore::BlurFilterOperation::BlurFilterOperation):
        (WebCore::DropShadowFilterOperation::create):
        (WebCore::DropShadowFilterOperation::DropShadowFilterOperation):
        (WebCore::FilterOperation::isDefault): Deleted.
        * platform/graphics/filters/FilterOperations.cpp:
        (WebCore::FilterOperations::outsets):
        * rendering/FilterEffectRenderer.cpp:
        (WebCore::FilterEffectRenderer::build):
        * rendering/RenderLayerFilterInfo.cpp:
        (WebCore::RenderLayer::FilterInfo::updateReferenceFilterClients):

2014-04-03  Andreas Kling  <akling@apple.com>

        Stop throwing away the Document's StyleResolver on a timer.
        <https://webkit.org/b/131168>
        <rdar://problem/15227045>

        This was causing some unfortunate pauses when returning to idle pages
        after a long-ish time. There's already a mechanism in place that will
        throw these away if the system comes under memory pressure.

        Reviewed by Sam Weinig.

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::styleForElement):
        (WebCore::StyleResolver::styleForKeyframe):
        (WebCore::StyleResolver::pseudoStyleForElement):
        (WebCore::StyleResolver::styleForPage):
        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::didAccessStyleResolver): Deleted.
        (WebCore::Document::styleResolverThrowawayTimerFired): Deleted.
        * dom/Document.h:

2014-04-02  Simon Fraser  <simon.fraser@apple.com>

        Assertion under RenderLayerCompositor::updateScrollCoordinatedLayer on time.com on iOS
        https://bugs.webkit.org/show_bug.cgi?id=131150

        Reviewed by Beth Dakin.

        When calling updateScrollCoordinatedLayer() under styleChanged, we haven't done
        layout yet so our composting layers haven't been hooked together. Don't try
        to add a zero nodeID to the map in this case.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):

2014-04-03  David Hyatt  <hyatt@apple.com>

        Continuations casting issue.
        https://bugs.webkit.org/show_bug.cgi?id=130057
        <rdar://problem/16283406>

        Reviewed by Simon Fraser.

        The code to update relative positioned anonymous block continuations should not
        have assumed that all siblings were RenderBlocks. Make the code smarter and
        make it bail when it hits something that isn't part of the block continuation
        chain.

        Added fast/block/continuation-crash.html

        * rendering/RenderInline.cpp:
        (WebCore::updateStyleOfAnonymousBlockContinuations):

2014-04-03  Bem Jones-Bey  <bjonesbe@adobe.com>

        [CSS Shapes] CRASH with calc() value args in inset round
        https://bugs.webkit.org/show_bug.cgi?id=129816

        Reviewed by Andreas Kling.

        The code to parse the inset rounded corners was adding the parser
        value arguments to a temporary CSSParserValueList. Unfortunately,
        CSSParserValueList expects to own the values it contains, and it frees
        the values it contains when the list is destroyed. This was a problem
        because the values are owned by the CSSParserValueList passed in to
        parseInsetRoundedCorners, and thus the calc's argument list would get
        double freed, resulting in a crash. This patch fixes this by using a
        Vector to hold the pointers instead.

        Test: fast/shapes/shape-outside-floats/shape-outside-inset-round-calc-crash.html

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseInsetRoundedCorners):

2014-04-03  Jer Noble  <jer.noble@apple.com>

        Leaving a streaming movie by going "Back" keeps playing the audio
        https://bugs.webkit.org/show_bug.cgi?id=131149

        Reviewed by Eric Carlson.

        When stopping a HTMLMediaElement, call userCancelledLoad() (which clears the
        MediaPlayer) only after calling setPausedInternal() (which pauses the MediaPlayer).
        Previously, and in the reverse order, the MediaPlayer would never get a chance to pause
        before being cleared. There is an underlying error with the QTKit media engine which
        is causing it to continue playing even after its last reference is released, but this
        does fix the symptom of playback continuing even after stopping.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::stop):

2014-04-03  Jer Noble  <jer.noble@apple.com>

        [EME] Crash when passing a NULL initData to MediaKeys.createSession()
        https://bugs.webkit.org/show_bug.cgi?id=131156

        Reviewed by Eric Carlson.

        Update the checks at the start of createSession() to match the current spec, notably
        bailing early if the initData parameter is NULL or empty.

        * Modules/encryptedmedia/MediaKeys.cpp:
        (WebCore::MediaKeys::createSession):

2014-04-03  Eric Carlson  <eric.carlson@apple.com>

        [iOS] add missing QuickTime plug-in replacement API
        https://bugs.webkit.org/show_bug.cgi?id=131042

        Reviewed by Dean Jackson.

        Rename QuickTimePluginReplacement.cpp to QuickTimePluginReplacement.mm to make it possible
        to use the ObjC JSC API.
        * Modules/plugins/QuickTimePluginReplacement.cpp:
        * Modules/plugins/QuickTimePluginReplacement.h:
        (WebCore::QuickTimePluginReplacement::parentElement):
        * Modules/plugins/QuickTimePluginReplacement.idl:

        * Modules/plugins/QuickTimePluginReplacement.js:
        (Replacement.prototype.timedMetadataUpdates): Implement.
        (Replacement.prototype.accessLog): Ditto.
        (Replacement.prototype.errorLog): Ditto.

        Use the JSC ObjC API to create a JavaScript object from an array of AVMetadataItems. The
        JSC ObjC API supports basic NSTypes, but an AVMetadataItem can also contain NSData which 
        the existing plug-in returns as base-64 encoded data, so create wrappers for NSDictionary
        and NSArray.
        * Modules/plugins/QuickTimePluginReplacement.mm: Copied from Source/WebCore/Modules/plugins/QuickTimePluginReplacement.cpp.
        (WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected): Disambiguate with "JSC::"
        (WebCore::QuickTimePluginReplacement::installReplacement): Ditto.
        (WebCore::jsValueWithDataInContext): Create JSValue* from NSData.
        (WebCore::jsValueWithArrayInContext): Create JSValue* from NSArray.
        (WebCore::jsValueWithDictionaryInContext): Create JSValue* from NSDictionary.
        (WebCore::jsValueWithValueInContext): Create JSValue* from basic NSTypes plus AVMetadataItem
            and NSData.
        (WebCore::jsValueWithAVMetadataItemInContext): Create JSValue* from AVMetadataItem.
        (WebCore::JSQuickTimePluginReplacement::timedMetaData): Script interface.
        (WebCore::JSQuickTimePluginReplacement::accessLog): Ditto.
        (WebCore::JSQuickTimePluginReplacement::errorLog): Ditto.

        * WebCore.xcodeproj/project.pbxproj: QuickTimePluginReplacement.cpp -> QuickTimePluginReplacement.mm.

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::timedMetadata): iOS only accessor.
        (WebCore::MediaPlayer::accessLog): Ditto.
        (WebCore::MediaPlayer::errorLog): Ditto.
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::timedMetadata):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::accessLog):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::errorLog):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::metadataDidArrive):
        (WebCore::itemKVOProperties):
        (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]):

2014-04-03  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] Include region range information when printing the render tree
        https://bugs.webkit.org/show_bug.cgi?id=131159

        Reviewed by Mihnea Ovidenie.

        With this change showRenderObject() will print the region range for objects inside
        a flow thread. The format is:
        Rs: <startRegion> Re: <endRegion>

        Because this can be called anytime during debugging, it's necessary to disable the
        current flow thread caching to prevent using the wrong flow thread for an object.

        Tests: No new tests, no functional change.

        * rendering/RenderFlowThread.cpp:
        (WebCore::CurrentRenderFlowThreadDisabler::CurrentRenderFlowThreadDisabler):
        (WebCore::CurrentRenderFlowThreadDisabler::~CurrentRenderFlowThreadDisabler):
        * rendering/RenderFlowThread.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::showRegionsInformation): Added.
        (WebCore::RenderObject::showRenderObject):
        * rendering/RenderObject.h:

2014-04-03  Antti Koivisto  <antti@apple.com>

        RenderSnapshottedPlugIn::paint should use iterator for traversal.
        https://bugs.webkit.org/show_bug.cgi?id=131158

        Reviewed by Dean Jackson.

        * rendering/RenderSnapshottedPlugIn.cpp:
        (WebCore::RenderSnapshottedPlugIn::paint):

2014-03-27  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] <string> not allowed in grid-{area | row | column} syntax
        https://bugs.webkit.org/show_bug.cgi?id=129713

        Reviewed by Darin Adler.

        Grid positioning properties no longer accept <string> values for
        named grid lines as they did in previous versions of the specs. They
        were first replaced by <ident> and since the beginning of 2014 they
        should only accept <custom-ident>.

        Updated the parser and the style resolver to this new syntax. Also
        updated the tests accordingly.

        Test: fast/css-grid-layout/grid-container-change-named-grid-lines-recompute-child.html

        * css/CSSParser.cpp:
        (WebCore::isValidCustomIdent): New function that checks that the
        <custom-ident> is valid.
        (WebCore::CSSParser::parseIntegerOrCustomIdentFromGridPosition):
        (WebCore::CSSParser::parseGridPosition):
        (WebCore::CSSParser::parseIntegerOrStringFromGridPosition):
        Replaced by WebCore::CSSParser::parseIntegerOrCustomIdentFromGridPosition.
        * css/CSSParser.h:
        * css/StyleResolver.cpp:
        (WebCore::createGridPosition):

2014-04-03  Antti Koivisto  <antti@apple.com>

        Crash after mutating after pseudo style
        https://bugs.webkit.org/show_bug.cgi?id=130881

        Reviewed by Andreas Kling.

        Test: fast/css/pseudo-after-crash.html

        * style/StyleResolveTree.cpp:
        (WebCore::Style::updateBeforeOrAfterPseudoElement):
        
            Invalidate the cached renderer for pseudo elements too.
    
        (WebCore::Style::needsPseudeElement): Deleted.
        
            Fix spelling.

2014-04-02  Chris Fleizach  <cfleizach@apple.com>

        AX: AccessibilityObject::children() returns invalid results sometimes
        https://bugs.webkit.org/show_bug.cgi?id=130563

        Reviewed by Joseph Pecoraro.

        Allow the DOM inspector to handle AX objects that do not have Node equivalents
        (e.g. anonymous renderers).

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::processAccessibilityChildren):
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
        * inspector/InspectorDOMAgent.h:

2014-04-02  Alexey Proskuryakov  <ap@apple.com>

        Sandbox violation in NetworkProcess when uploading a bundle
        https://bugs.webkit.org/show_bug.cgi?id=131133

        Reviewed by Brady Eidson.

        Track generated file ownership explicitly, so that each copy of FormData would know
        whether to delete the file.

        This part is needed to prevent asserting in FormData destructor in NetworkProcess,
        because it doesn't delete the files. Also, some cleanup.

        * WebCore.exp.in: Don't export FormData::removeGeneratedFilesIfNeeded(), WebKit2
        doesn't need it any more.
        * platform/network/FormData.cpp: Removed m_hasGeneratedFiles. There is no problem
        iterating over FormDataElements to compute it, and that's more robust when FormDatas
        are passed or stored on disk permanently.
        Updated touched functions to use C++ iteration, and renamed "e" to "element".
        (WebCore::FormData::encode): Keep encoding a boolean for hasGeneratedFiles, because
        the encoded FormData can be stored persitently, and we can't change the format.

        * platform/network/FormData.h: (WebCore::FormDataElement::FormDataElement):
        Added m_ownsGeneratedFile. FormData will only delete files it owns. Since files
        are generated immediately before form submission, it's always the FormData being
        submitted that owns the generated files.

2014-04-02  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Use RenderStyle::hasFlowInto when needed
        https://bugs.webkit.org/show_bug.cgi?id=131092

        Reviewed by Andrei Bucur.

        Add hasFlowInto() helper method on RenderStyle to be used
        instead of directly checking the presence or absence of flowThread value.
        No new functionality, no new tests.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        * dom/Element.cpp:
        (WebCore::Element::shouldMoveToFlowThread):
        * rendering/style/RenderStyle.h:
        * style/StyleResolveTree.cpp:
        (WebCore::Style::isRendererReparented):

2014-04-02  Benjamin Poulain  <benjamin@webkit.org>

        CSS JIT: the adjacent position is never reset
        https://bugs.webkit.org/show_bug.cgi?id=131145

        Reviewed by Andreas Kling.

        Corresponding radar: <rdar://problem/16440036>. The backtracking action would use a tail
        when not needed.

        Test: fast/selectors/multiple-adjacent-chain-without-adjacent-tail.html

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::updateChainStates):

2014-04-02  Brent Fulgham  <bfulgham@apple.com>

        Speculative build fix for Windows.

        * DerivedSources.make: Make sure we generate our media control
        scripts for Apple Windows (but not WinCairo)

2014-04-02  Tim Horton  <timothy_horton@apple.com>

        Fix the !USE(IOSURFACE) iOS build.

        * platform/ios/MemoryPressureHandlerIOS.mm:
        (WebCore::MemoryPressureHandler::platformReleaseMemory):

2014-04-02  Mark Rowe  <mrowe@apple.com>

        <https://webkit.org/b/131136> Remove FrameLoadRequest's m_lockHistory member since it's always false.

        Reviewed by Andreas Kling.

        * loader/FrameLoadRequest.cpp:
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        * loader/FrameLoadRequest.h:
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        (WebCore::FrameLoadRequest::lockHistory): Deleted.
        (WebCore::FrameLoadRequest::setLockHistory): Deleted.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::load): Remove an if whose body was never executed.

2014-04-02  Mark Rowe  <mrowe@apple.com>

        <https://webkit.org/b/131135> Introduce LockHistory and LockBackForwardList enums to use in place of bools.

        These arguments are often passed using literals at the call site, where the use of bools severely hinders
        the readability of the code.

        Reviewed by Andreas Kling.

        * WebCore.exp.in:
        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::handleClick):
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::submit):
        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::openURL):
        (WebCore::HTMLFrameElementBase::setLocation):
        * html/HTMLFrameElementBase.h:
        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::openInNewTab):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::navigate):
        * loader/FormSubmission.cpp:
        (WebCore::FormSubmission::FormSubmission):
        (WebCore::FormSubmission::create):
        * loader/FormSubmission.h:
        (WebCore::FormSubmission::lockHistory):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::changeLocation):
        (WebCore::FrameLoader::urlSelected):
        (WebCore::FrameLoader::loadURLIntoChildFrame):
        (WebCore::FrameLoader::loadFrameRequest):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::loadWithNavigationAction):
        (WebCore::FrameLoader::clientRedirected):
        (WebCore::FrameLoader::loadPostRequest):
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
        (WebCore::FrameLoader::loadDifferentDocumentItem):
        * loader/FrameLoader.h:
        * loader/FrameLoaderTypes.h:
        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledNavigation::ScheduledNavigation):
        (WebCore::ScheduledNavigation::lockHistory):
        (WebCore::ScheduledNavigation::lockBackForwardList):
        (WebCore::ScheduledURLNavigation::ScheduledURLNavigation):
        (WebCore::ScheduledRedirect::ScheduledRedirect):
        (WebCore::ScheduledLocationChange::ScheduledLocationChange):
        (WebCore::ScheduledRefresh::ScheduledRefresh):
        (WebCore::ScheduledHistoryNavigation::ScheduledHistoryNavigation):
        (WebCore::ScheduledFormSubmission::ScheduledFormSubmission):
        (WebCore::NavigationScheduler::scheduleRedirect):
        (WebCore::NavigationScheduler::mustLockBackForwardList):
        (WebCore::NavigationScheduler::scheduleLocationChange):
        (WebCore::NavigationScheduler::scheduleFormSubmission):
        * loader/NavigationScheduler.h:
        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::requestFrame):
        (WebCore::SubframeLoader::requestObject):
        (WebCore::SubframeLoader::loadOrRedirectSubframe):
        * loader/SubframeLoader.h:
        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow):
        (WebCore::ContextMenuController::contextMenuItemSelected):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::setLocation):
        (WebCore::DOMWindow::createWindow):
        (WebCore::DOMWindow::open):
        * svg/SVGAElement.cpp:
        (WebCore::SVGAElement::defaultEventHandler):

2014-04-02  Tim Horton  <timothy_horton@apple.com>

        Pool IOSurfaces to help with allocation cost
        https://bugs.webkit.org/show_bug.cgi?id=131096
        <rdar://problem/15373942>

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        
        * platform/Timer.h:
        (WebCore::TimerBase::startRepeating): Add a std::chrono startRepeating.

        * platform/graphics/cg/IOSurfacePool.h: Added.
        (WebCore::IOSurfacePool::CachedSurfaceDetails::CachedSurfaceDetails):
        (WebCore::IOSurfacePool::CachedSurfaceDetails::resetLastUseTime):
        * platform/graphics/cg/ImageBufferBackingStoreCache.cpp: Removed.
        * platform/graphics/cg/ImageBufferBackingStoreCache.h: Removed.
        * platform/graphics/cg/IOSurfacePool.cpp: Added.
        (WebCore::IOSurfacePool::IOSurfacePool):
        (WebCore::IOSurfacePool::sharedPool):
        (WebCore::surfaceMatchesParameters):
        (WebCore::IOSurfacePool::willAddSurface):
        (WebCore::IOSurfacePool::didRemoveSurface):
        (WebCore::IOSurfacePool::didUseSurfaceOfSize):
        (WebCore::IOSurfacePool::takeSurface):
        (WebCore::IOSurfacePool::addSurface):
        (WebCore::IOSurfacePool::insertSurfaceIntoPool):
        (WebCore::IOSurfacePool::setPoolSize):
        (WebCore::IOSurfacePool::tryEvictInUseSurface):
        (WebCore::IOSurfacePool::tryEvictOldestCachedSurface):
        (WebCore::IOSurfacePool::evict):
        (WebCore::IOSurfacePool::collectInUseSurfaces):
        (WebCore::IOSurfacePool::markOlderSurfacesPurgeable):
        (WebCore::IOSurfacePool::collectionTimerFired):
        (WebCore::IOSurfacePool::scheduleCollectionTimer):
        (WebCore::IOSurfacePool::discardAllSurfaces):
        (WebCore::IOSurfacePool::showPoolStatistics):
        Add a pool of IOSurfaces. It behaves as such:

            - Keeps up to 64MB of surfaces.
            - Keeps unused and in-use surfaces (but never gets more than 1/2 full with the latter)
            - Marks surfaces purgeable after they've been unused for 2 seconds.
            - Tries to move surfaces from the in-use pool to the unused pool every 500ms.
            - Evicts in an LRU-ish fashion, interleaving eviction of the oldest
              surfaces and the in-use surfaces (since in-use surfaces are not immediately
              useful for the pool, but they are desirous because they were recently used).
            - Throws everything away under memory pressure.

        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::create):
        Try to grab a surface from the IOSurfacePool.

        * platform/ios/MemoryPressureHandlerIOS.mm:
        (WebCore::MemoryPressureHandler::platformReleaseMemory):
        * platform/mac/MemoryPressureHandlerMac.mm:
        (WebCore::MemoryPressureHandler::install):
        (WebCore::MemoryPressureHandler::platformReleaseMemory):
        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::platformReleaseMemory):
        Fix some includes, and throw away all surfaces when we're under memory pressure.

2014-04-02  Stephanie Lewis  <slewis@apple.com>

        Roll out http://trac.webkit.org/changeset/166144
        <rdar://problem/16481284> PLT stops loading on news.google.com

        Unreviewed rollout.

        Rollout 166144 since it prevents the PLT from completing.

        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::suspendPostAttachCallbacks):
        (WebCore::ContainerNode::resumePostAttachCallbacks):
        (WebCore::ContainerNode::queuePostAttachCallback):
        (WebCore::ContainerNode::postAttachCallbacksAreSuspended):
        (WebCore::ContainerNode::dispatchPostAttachCallbacks):
        * dom/ContainerNode.h:
        * dom/Document.cpp:
        (WebCore::Document::recalcStyle):
        * dom/Element.h:
        (WebCore::PostAttachCallbackDisabler::PostAttachCallbackDisabler):
        (WebCore::PostAttachCallbackDisabler::~PostAttachCallbackDisabler):
        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::parseAttribute):
        * html/HTMLFormControlElement.cpp:
        (WebCore::focusPostAttach):
        (WebCore::HTMLFormControlElement::didAttachRenderers):
        (WebCore::updateFromElementCallback):
        (WebCore::HTMLFormControlElement::didRecalcStyle):
        * html/HTMLFrameOwnerElement.cpp:
        (WebCore::needsStyleRecalcCallback):
        (WebCore::HTMLFrameOwnerElement::scheduleSetNeedsStyleRecalc):
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::parseAttribute):
        (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):
        (WebCore::HTMLObjectElement::hasValidClassId):
        (WebCore::HTMLObjectElement::renderFallbackContent):
        * html/HTMLObjectElement.h:
        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::HTMLPlugInImageElement):
        (WebCore::HTMLPlugInImageElement::createElementRenderer):
        (WebCore::HTMLPlugInImageElement::didAttachRenderers):
        (WebCore::HTMLPlugInImageElement::willDetachRenderers):
        (WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary):
        (WebCore::HTMLPlugInImageElement::didMoveToNewDocument):
        (WebCore::HTMLPlugInImageElement::updateWidgetCallback):
        (WebCore::HTMLPlugInImageElement::startLoadingImage):
        (WebCore::HTMLPlugInImageElement::startLoadingImageCallback):
        (WebCore::HTMLPlugInImageElement::createShadowIFrameSubtree):
        (WebCore::HTMLPlugInImageElement::subframeLoaderWillCreatePlugIn):
        (WebCore::HTMLPlugInImageElement::didRecalcStyle): Deleted.
        (WebCore::HTMLPlugInImageElement::scheduleUpdateForAfterStyleResolution): Deleted.
        (WebCore::HTMLPlugInImageElement::updateAfterStyleResolution): Deleted.
        (WebCore::HTMLPlugInImageElement::removedFrom): Deleted.
        (WebCore::is100Percent): Deleted.
        (WebCore::HTMLPlugInImageElement::setNeedsImageReload): Deleted.
        * html/HTMLPlugInImageElement.h:
        (WebCore::HTMLPlugInImageElement::imageLoader): Deleted.
        (WebCore::HTMLPlugInImageElement::updateImageLoaderWithNewURLSoon): Deleted.
        * style/StyleResolveTree.cpp:
        (WebCore::Style::needsPseudeElement):
        (WebCore::Style::attachBeforeOrAfterPseudoElementIfNeeded):
        (WebCore::Style::attachRenderTree):
        (WebCore::Style::updateBeforeOrAfterPseudoElement):
        (WebCore::Style::needsPseudoElement): Deleted.
        (WebCore::Style::postResolutionCallbackQueue): Deleted.
        (WebCore::Style::queuePostResolutionCallback): Deleted.
        (WebCore::Style::suspendMemoryCacheClientCalls): Deleted.
        (WebCore::Style::PostResolutionCallbackDisabler::PostResolutionCallbackDisabler): Deleted.
        (WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler): Deleted.
        (WebCore::Style::postResolutionCallbacksAreSuspended): Deleted.
        * style/StyleResolveTree.h:

2014-04-02  Jinwoo Song  <jinwoo7.song@samsung.com>

        Page should use std::unique_ptr for PointerLockController
        https://bugs.webkit.org/show_bug.cgi?id=131098

        Reviewed by Anders Carlsson.

        Make Page keep a std::unique_ptr to PointerLockController. Store page 
        references and return controller references where possible.

        * dom/Document.cpp:
        (WebCore::Document::prepareForDestruction):
        (WebCore::Document::webkitExitPointerLock):
        (WebCore::Document::webkitPointerLockElement):
        * dom/Element.cpp:
        (WebCore::Element::removedFrom):
        (WebCore::Element::webkitRequestPointerLock):
        * page/Page.cpp:
        (WebCore::Page::Page):
        * page/Page.h:
        (WebCore::Page::pointerLockController):
        * page/PointerLockController.cpp:
        (WebCore::PointerLockController::PointerLockController):
        (WebCore::PointerLockController::requestPointerLock):
        (WebCore::PointerLockController::requestPointerUnlock):
        (WebCore::PointerLockController::create): Deleted.
        * page/PointerLockController.h:

2014-04-02  Dean Jackson  <dino@apple.com>

        Load Media Controls js/css from bundle
        https://bugs.webkit.org/show_bug.cgi?id=131086

        Followup comments from Eric Carlson.

        Remove the booleans that were guarding loading the resources.

        * rendering/RenderThemeIOS.h:
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::mediaControlsStyleSheet):
        (WebCore::RenderThemeIOS::mediaControlsScript):
        (WebCore::RenderThemeIOS::RenderThemeIOS):
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::RenderThemeMac):
        (WebCore::RenderThemeMac::mediaControlsStyleSheet):
        (WebCore::RenderThemeMac::mediaControlsScript):

2014-04-01  Dean Jackson  <dino@apple.com>

        Load Media Controls js/css from bundle
        https://bugs.webkit.org/show_bug.cgi?id=131086

        Reviewed by Eric Carlson.

        Rather than embed encoded versions of the JS and CSS files
        into C++ source, just load the files directly from the bundle.

        * DerivedSources.make: Removed now unnecessary rules.
        * WebCore.xcodeproj/project.pbxproj: Copy mediaControls files to the bundle.
        * rendering/RenderThemeIOS.h:
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::RenderThemeIOS):
        (WebCore::RenderThemeIOS::mediaControlsStyleSheet): Load from the bundle.
        (WebCore::RenderThemeIOS::mediaControlsScript): Ditto.
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::RenderThemeMac):
        (WebCore::RenderThemeMac::mediaControlsStyleSheet):
        (WebCore::RenderThemeMac::mediaControlsScript):

2014-04-02  Daniel Bates  <dabates@apple.com>

        Move focus management API from HTMLDocument to Document
        https://bugs.webkit.org/show_bug.cgi?id=131079
        <rdar://problem/16220103>

        Reviewed by Timothy Hatcher.

        Merged from Blink (patch by Christophe Dumez):
        https://src.chromium.org/viewvc/blink?view=rev&revision=165515

        Move hasFocus() and attribute activeElement from interface HTMLDocument
        to DOMDocument as per section Focus management APIs of the HTML5 standard:
        <http://www.whatwg.org/specs/web-apps/current-work/#focus-management-apis> (1 April 2014).

        Test: fast/dom/Document/xml-document-focus.xml

        * bindings/objc/PublicDOMInterfaces.h: Moved hasFocus() and property activeElement from
        interface DOMHTMLDocument to DOMDocument.
        * dom/Document.cpp:
        (WebCore::Document::activeElement): Added.
        (WebCore::Document::hasFocus): Added.
        * dom/Document.h:
        * dom/Document.idl:
        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::activeElement): Deleted.
        (WebCore::HTMLDocument::hasFocus): Deleted.
        * html/HTMLDocument.h:
        * html/HTMLDocument.idl:

2014-04-02  Benjamin Poulain  <benjamin@webkit.org>

        Refactor the function call generator to take the arguments by value
        https://bugs.webkit.org/show_bug.cgi?id=131129

        Reviewed by Andreas Kling.

        Nothing forces the pointed address to stay alive between setOneArgument/setTwoArguments
        and prepareAndCall.

        This patch changes FunctionCall to:
        -Keep the register by value instead of using pointers.
        -Crash at compile time if a register is invalid.

        * cssjit/FunctionCall.h:
        (WebCore::FunctionCall::FunctionCall):
        (WebCore::FunctionCall::setOneArgument):
        (WebCore::FunctionCall::setTwoArguments):
        (WebCore::FunctionCall::swapArguments):
        (WebCore::FunctionCall::prepareAndCall):
        * cssjit/RegisterAllocator.h:
        (WebCore::RegisterAllocator::isValidRegister):

2014-04-02  Daniel Bates  <dabates@apple.com>

        Remove Settings::maximumDecodedImageSize()
        https://bugs.webkit.org/show_bug.cgi?id=131057
        <rdar://problem/15626368>

        Reviewed by Darin Adler.

        The setting Settings::maximumDecodedImageSize() and its related logic have various
        shortcomings, including the inability to cancel an image load when the estimated
        decoded image size exceeds the maximum decoded image size. In the iOS port, this
        setting is less useful given image subsampling support. For now, we remove this
        setting and its related logic. Should it turn out that such a setting is useful
        then we can implement it again taking care to address the shortcomings in the
        original design.

        * html/HTMLCanvasElement.cpp: For the iOS port, define MaxCanvasArea to be 4580 * 1145
        pixels such that the maximum size of the image buffer is 20 MB (assumes 4 bytes per pixel).
        (WebCore::HTMLCanvasElement::HTMLCanvasElement):
        (WebCore::HTMLCanvasElement::createImageBuffer):
        * html/HTMLCanvasElement.h:
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::createImageData):
        (WebCore::CanvasRenderingContext2D::getImageData):
        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::addIncrementalDataBuffer):
        (WebCore::CachedImage::finishLoading):
        * loader/cache/CachedImage.h:
        * page/Settings.in:

2014-04-02  Martin Hock  <mhock@apple.com>

        Unify private browsing with sessions.
        https://bugs.webkit.org/show_bug.cgi?id=130099

        Reviewed by Alexey Proskuryakov.

        Unless otherwise noted, the following consists solely of mechanical changes to replace querying WebCore::Settings::privateBrowsingEnabled() with Page::usesEphemeralSession().

        * Modules/webdatabase/DatabaseContext.cpp:
        (WebCore::DatabaseContext::allowDatabaseAccess):
        * WebCore.exp.in: Remove Settings::setPrivateBrowsingEnabled, add Page::legacyPrivateBrowsingEnabled.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):
        * loader/HistoryController.cpp:
        (WebCore::HistoryController::updateForStandardLoad):
        (WebCore::HistoryController::updateForRedirectWithLockedBackForwardList):
        (WebCore::HistoryController::updateForClientRedirect):
        (WebCore::HistoryController::updateForSameDocumentNavigation):
        (WebCore::HistoryController::pushState):
        (WebCore::HistoryController::replaceState):
        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::cacheForMainRequest):
        (WebCore::ApplicationCacheGroup::selectCache):
        (WebCore::ApplicationCacheGroup::selectCacheWithoutManifestURL):
        (WebCore::ApplicationCacheGroup::update):
        * loader/appcache/ApplicationCacheHost.cpp:
        (WebCore::ApplicationCacheHost::isApplicationCacheEnabled):
        * loader/icon/IconController.cpp:
        (WebCore::IconController::continueLoadWithDecision):
        * page/Page.cpp:
        (WebCore::Page::Page): Initialize with defaultSessionID.
        (WebCore::Page::legacyPrivateBrowsingEnabled): Legacy setting for private browsing.
        (WebCore::Page::privateBrowsingStateChanged): Move implementation to setSessionID.
        (WebCore::Page::sessionID): Simplify to just return m_sessionID.
        (WebCore::Page::setSessionID): Also perform privateBrowsingStateChanged action.a
        (WebCore::Page::privateBrowsingStateChanged): Deleted.
        (WebCore::Page::checkSubframeCountConsistency): Deleted.
        * page/Page.h:
        * page/PageConsole.cpp:
        (WebCore::PageConsole::addMessage):
        (WebCore::PageConsole::messageWithTypeAndLevel):
        * page/Settings.cpp: Remove privateBrowsingEnabled setting.
        (WebCore::Settings::Settings):
        (WebCore::Settings::setPrivateBrowsingEnabled): Page reflects setting using session.
        * page/Settings.h:
        * plugins/PluginView.cpp:
        (WebCore::PluginView::getValue):
        * rendering/RenderSearchField.cpp:
        (WebCore::RenderSearchField::addSearchResult):
        * storage/Storage.cpp:
        (WebCore::Storage::isDisabledByPrivateBrowsing):

2014-04-02  Antti Koivisto  <antti@apple.com>

        Try to fix test failures.

        * platform/graphics/ca/mac/TileGrid.mm:
        (WebCore::TileGrid::TileGrid):  Initialize a field.

2014-04-02  Timothy Hatcher  <timothy@apple.com>

        Remove Input domain from the Web Inspector protocol.

        https://bugs.webkit.org/show_bug.cgi?id=131073

        Reviewed by Joseph Pecoraro.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * inspector/InspectorAllInOne.cpp:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        * inspector/InspectorInputAgent.cpp: Removed.
        * inspector/InspectorInputAgent.h: Removed.
        * inspector/protocol/Input.json: Removed.

2014-04-02  Antti Koivisto  <antti@apple.com>

        Split tile grid out from TileController
        https://bugs.webkit.org/show_bug.cgi?id=131102

        Reviewed by Simon Fraser.

        Add a TileGrid class that encapsulates tiles, zoom level and the related metadata.
        This will make it possible to have multiple grids per TileController later.

2014-03-31  Brent Fulgham  <bfulgham@apple.com>

        [Win] Correct media controls for test harness
        https://bugs.webkit.org/show_bug.cgi?id=131008 

        Reviewed by Eric Carlson.

        * rendering/RenderThemeSafari.cpp: Revise to match RenderThemeWin logic.
        (WebCore::RenderThemeSafari::systemFont):
        (WebCore::RenderThemeSafari::paintMenuList):
        (WebCore::RenderThemeSafari::paintSearchFieldResultsButton):
        (WebCore::RenderThemeSafari::mediaControlsStyleSheet):
        (WebCore::RenderThemeSafari::mediaControlsScript):
        (WebCore::RenderThemeSafari::paintMediaFullscreenButton): Deleted.
        (WebCore::RenderThemeSafari::paintMediaMuteButton): Deleted.
        (WebCore::RenderThemeSafari::paintMediaPlayButton): Deleted.
        (WebCore::RenderThemeSafari::paintMediaSeekBackButton): Deleted.
        (WebCore::RenderThemeSafari::paintMediaSeekForwardButton): Deleted.
        (WebCore::RenderThemeSafari::paintMediaSliderTrack): Deleted.
        (WebCore::RenderThemeSafari::paintMediaSliderThumb): Deleted.
        * rendering/RenderThemeSafari.h:

2014-04-02  peavo@outlook.com  <peavo@outlook.com>

        [WinCairo] Compile error.
        https://bugs.webkit.org/show_bug.cgi?id=131110

        Reviewed by Simon Fraser.

        Image::size() now returns a FloatSize instead of an IntSize.

        * platform/win/DragImageCairoWin.cpp:
        (WebCore::createDragImageFromImage):

2014-04-02  David Kilzer  <ddkilzer@apple.com>

        Use outermost containing isolate when constructing bidi runs
        <http://webkit.org/b/131107>
        <rdar://problem/15690021>

        Reviewed by Darin Adler.

        Merged from Blink (patch by jww@chromium.org):
        https://src.chromium.org/viewvc/blink?revision=157268&view=revision
        http://crbug.com/279277

            Update containingIsolate to go back all the way to top
            isolate from current root, rather than stopping at the first
            isolate it finds. This works because the current root is
            always updated with each isolate run.

        Tests: fast/text/international/unicode-bidi-isolate-nested-with-removes-not-adjacent.html
               fast/text/international/unicode-bidi-isolate-nested-with-removes.html

        * rendering/InlineIterator.h:
        (WebCore::highestContainingIsolateWithinRoot):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::constructBidiRunsForSegment):

2014-04-02  Chris Fleizach  <cfleizach@apple.com>

        AX: Improve ARIA live region reliability by sending notifications when live regions are created/shown and hidden/destroyed
        https://bugs.webkit.org/show_bug.cgi?id=124381

        Reviewed by Mario Sanchez Prada.

        Re-organize some code so that when we detect a new node has been created, we can safely determine its live region status.
        If it is a live region, we fire off a live region created notification.

        Test: platform/mac/accessibility/live-region-creation-notification.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::handleLiveRegionCreated):
        (WebCore::AXObjectCache::childrenChanged):
        (WebCore::AXObjectCache::handleAttributeChanged):
        * accessibility/AXObjectCache.h:
        (WebCore::AXObjectCache::childrenChanged):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::defaultLiveRegionStatusForRole):
        (WebCore::AccessibilityObject::liveRegionStatusIsEnabled):
        (WebCore::AccessibilityObject::supportsARIALiveRegion):
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::ariaLiveRegionStatus):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::ariaLiveRegionStatus):
        * accessibility/AccessibilityRenderObject.h:
        * accessibility/ios/AXObjectCacheIOS.mm:
        (WebCore::AXObjectCache::postPlatformNotification):
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper postLiveRegionCreatedNotification]):
        * accessibility/mac/AXObjectCacheMac.mm:
        (WebCore::AXObjectCache::postPlatformNotification):

2014-04-02  Martin Robinson  <mrobinson@igalia.com>

        REGRESSION(r165704): [GTK] Inspector resources not correctly generated
        https://bugs.webkit.org/show_bug.cgi?id=130343

        Reviewed by Gustavo Noronha Silva.

        * CMakeLists.txt: Generate the web inspector JS file into the new WebInspectorUI derived sources
        directory.

2014-04-02  Zalan Bujtas  <zalan@apple.com>

        Unreviewed build fix after r166642.
        (WinCairo should really turn subpixel layout on.)

        * platform/graphics/LayoutSize.h:
        (WebCore::flooredForPainting):

2014-04-02  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Make GraphicsContext::drawTiledImage* functions float based.
        https://bugs.webkit.org/show_bug.cgi?id=131062

        Reviewed by Simon Fraser.

        This is in preparation to support subpixel positioned/sized background images. Generated images
        need to be able to sized on device pixels.

        No change in behavior.

        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawImage):
        (WebCore::GraphicsContext::drawTiledImage):
        * platform/graphics/GraphicsContext.h:

2014-04-02  Alex Christensen  <achristensen@webkit.org>

        [WinCairo] Build fix after r166496.
        https://bugs.webkit.org/show_bug.cgi?id=131006

        Reviewed by Carlos Garcia Campos.

        * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.cpp:
        (WebCore::InbandTextTrackPrivateGStreamer::handleSample):
        (WebCore::InbandTextTrackPrivateGStreamer::streamChanged):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::changePipelineState):
        (WebCore::MediaPlayerPrivateGStreamer::videoChanged):
        (WebCore::MediaPlayerPrivateGStreamer::videoCapsChanged):
        (WebCore::MediaPlayerPrivateGStreamer::audioChanged):
        (WebCore::MediaPlayerPrivateGStreamer::textChanged):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::volumeChanged):
        (WebCore::MediaPlayerPrivateGStreamerBase::muteChanged):
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
        (WebCore::TrackPrivateBaseGStreamer::activeChanged):
        (WebCore::TrackPrivateBaseGStreamer::tagsChanged):
        * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
        (webkitVideoSinkRender):
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcChangeState):
        (webKitWebSrcNeedDataCb):
        (webKitWebSrcEnoughDataCb):
        (webKitWebSrcSeekDataCb):
        Added std::function<void()> constructors to help Visual Studio decide which version of 
        GMainLoopSource::schedule or GMainLoopSource::scheduleAfterDelay to use.

2014-04-02  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Transition class CSSImageGeneratorValue/class StyleImage (and its dependencies) from 
        IntSize to FloatSize to enable subpixel sized (generated)images.
        https://bugs.webkit.org/show_bug.cgi?id=130659

        Reviewed by Simon Fraser and Andreas Kling.

        This is in preparation to support subpixel positioned/sized background images. Generated images
        needs to be able to sized on device pixels.

        No change in behavior.

        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSCanvasValue.cpp:
        (WebCore::CSSCanvasValue::fixedSize):
        (WebCore::CSSCanvasValue::image):
        * css/CSSCanvasValue.h:
        * css/CSSCrossfadeValue.cpp:
        (WebCore::CSSCrossfadeValue::fixedSize):
        (WebCore::CSSCrossfadeValue::image):
        * css/CSSCrossfadeValue.h:
        * css/CSSFilterImageValue.cpp:
        (WebCore::CSSFilterImageValue::fixedSize):
        (WebCore::CSSFilterImageValue::image):
        * css/CSSFilterImageValue.h:
        * css/CSSGradientValue.cpp:
        (WebCore::CSSGradientValue::image):
        (WebCore::positionFromValue):
        (WebCore::CSSGradientValue::computeEndPoint):
        (WebCore::endPointsFromAngle):
        (WebCore::CSSLinearGradientValue::createGradient):
        (WebCore::CSSRadialGradientValue::createGradient):
        * css/CSSGradientValue.h:
        (WebCore::CSSGradientValue::fixedSize):
        * css/CSSImageGeneratorValue.cpp:
        (WebCore::CSSImageGeneratorValue::cachedImageForSize):
        (WebCore::CSSImageGeneratorValue::saveCachedImageForSize):
        (WebCore::CSSImageGeneratorValue::evictCachedGeneratedImage):
        (WebCore::CSSImageGeneratorValue::CachedGeneratedImage::CachedGeneratedImage):
        (WebCore::CSSImageGeneratorValue::image):
        (WebCore::CSSImageGeneratorValue::fixedSize):
        * css/CSSImageGeneratorValue.h:
        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::setContainerSizeForRenderer):
        * loader/cache/CachedImage.h:
        * platform/graphics/FloatSizeHash.h: Added.
        (WTF::FloatHash<WebCore::FloatSize>::hash):
        (WTF::FloatHash<WebCore::FloatSize>::equal):
        (WTF::HashTraits<WebCore::FloatSize>::constructDeletedValue):
        (WTF::HashTraits<WebCore::FloatSize>::isDeletedValue):
        * platform/graphics/LayoutSize.h:
        (WebCore::flooredForPainting):
        * rendering/RenderImageResourceStyleImage.h:
        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::computePreferredLogicalWidths):
        * rendering/style/StyleCachedImage.cpp:
        (WebCore::StyleCachedImage::imageSize):
        (WebCore::StyleCachedImage::setContainerSizeForRenderer):
        (WebCore::StyleCachedImage::image):
        * rendering/style/StyleCachedImage.h:
        * rendering/style/StyleCachedImageSet.cpp:
        (WebCore::StyleCachedImageSet::imageSize):
        (WebCore::StyleCachedImageSet::setContainerSizeForRenderer):
        (WebCore::StyleCachedImageSet::image):
        * rendering/style/StyleCachedImageSet.h:
        * rendering/style/StyleGeneratedImage.cpp:
        (WebCore::StyleGeneratedImage::imageSize):
        (WebCore::StyleGeneratedImage::computeIntrinsicDimensions):
        (WebCore::StyleGeneratedImage::image):
        * rendering/style/StyleGeneratedImage.h:
        * rendering/style/StyleImage.h:
        * rendering/style/StylePendingImage.h:
        * svg/graphics/SVGImageCache.cpp:
        (WebCore::SVGImageCache::setContainerSizeForRenderer):
        * svg/graphics/SVGImageCache.h:

2014-04-02  Gergo Balogh  <gbalogh.u-szeged@partner.samsung.com>

        Warning fix for RenderLayer.
        https://bugs.webkit.org/show_bug.cgi?id=131090

        Reviewed by Csaba Osztrogonác.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateDescendantDependentFlags):

2014-04-02  Frédéric Wang  <fred.wang@free.fr>

        Operator stretching: read the Open Type MATH table
        https://bugs.webkit.org/show_bug.cgi?id=130324

        Reviewed by Chris Fleizach.

        We parse and expose some data from the OpenType MATH table that will be
        be relevant for at least the MathML operator stretching (bug 130322):
        math constants, italic corrections and size variants / glyph assembly.
        This will be tested when the MathML code uses the data.

        * WebCore.xcodeproj/project.pbxproj: Add OpenTypeTypes.h to the Mac build.
        * platform/graphics/opentype/OpenTypeMathData.cpp: We implement the low-level parsing of the MATH table.
        (WebCore::OpenType::MathItalicsCorrectionInfo::getItalicCorrection):
        (WebCore::OpenType::MathGlyphInfo::mathItalicsCorrectionInfo):
        (WebCore::OpenType::GlyphAssembly::getAssemblyParts):
        (WebCore::OpenType::MathGlyphConstruction::getSizeVariants):
        (WebCore::OpenType::MathGlyphConstruction::getAssemblyParts):
        (WebCore::OpenType::MathVariants::mathGlyphConstruction):
        (WebCore::OpenType::MATHTable::mathConstants):
        (WebCore::OpenType::MATHTable::mathGlyphInfo):
        (WebCore::OpenType::MATHTable::mathVariants):
        (WebCore::OpenTypeMathData::OpenTypeMathData): We load the MATH table.
        (WebCore::OpenTypeMathData::getMathConstant): We add a function to get values from the MathConstant subtable.
        (WebCore::OpenTypeMathData::getItalicCorrection): We add a function to get italic correction from the MathGlyphInfo subtable.
        (WebCore::OpenTypeMathData::getMathVariants): We add a function to get size variants / glyph assembly from the MathVariants subtable.
        * platform/graphics/opentype/OpenTypeMathData.h: We expose three new functions to get math data.
        * platform/graphics/opentype/OpenTypeTypes.h: We share the coverage tables that are common to vertical and math data.
        (WebCore::OpenType::TableWithCoverage::getCoverageIndex): We add a function to get the coverage index from a given glyph.
        * platform/graphics/opentype/OpenTypeVerticalData.cpp: We move the coverage tables to OpenTypeTypes.h.

2014-04-02  Ion Rosca  <rosca@adobe.com>

        [CSS Blending] Compositing requirements for blending are not computed correctly
        https://bugs.webkit.org/show_bug.cgi?id=130664

        Reviewed by Dean Jackson.

        Tests: css3/compositing/blend-mode-accelerated-with-multiple-stacking-contexts.html
               css3/compositing/blend-mode-with-accelerated-sibling.html

        Compositing requirements for blending: if a layer having blend mode
        other than normal is composited for any reason, its closest stacking
        context ancestor should be composited as well.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        * rendering/RenderLayer.h: added a new field,
        m_hasUnisolatedCompositedBlendingDescendants, which is true if the layer
        has composited blending descendants not isolated by any stacking context child;
        added a new method: isolatesCompositedBlending(), which is true if we should
        accelerate that layer in order to perform isolation correctly.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::CompositingState::CompositingState): m_subtreeHasBlending was renamed
        m_hasUnisolatedCompositedBlendingDescendants in order to be more self-explanatory.
        (WebCore::RenderLayerCompositor::computeCompositingRequirements):
        computes the isolation requirements for composited blending by
        (re)setting RenderLayer::m_hasUnisolatedCompositedBlendingDescendants flag.

        (WebCore::RenderLayerCompositor::reasonsForCompositing):
        fixed the reason of compositing: isolation instead of blending.

        (WebCore::RenderLayerCompositor::requiresCompositingForIndirectReason):
        * rendering/RenderLayerCompositor.h:

2014-04-02  Frédéric Wang  <fred.wang@free.fr>

        Operator stretching: expose a math data API
        https://bugs.webkit.org/show_bug.cgi?id=130572

        Reviewed by Chris Fleizach.

        We expose a new SimpleFontData API to give access to the data from the
        OpenType MATH table. The class OpenTypeMathData will
        be implemented in bug 130324. On Darwin platform, we also implement the
        missing FontPlatformData::openTypeTable function which will be necessary
        to load the OpenType MATH table. The changes are intended to be used
        for MathML operator stretching (bug 130322) so tests are not added yet.

        * CMakeLists.txt: add new OpenTypeMathData files.
        * WebCore.vcxproj/WebCore.vcxproj: ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: ditto.
        * WebCore.xcodeproj/project.pbxproj: ditto.
        * platform/graphics/FontPlatformData.cpp:
        (WebCore::FontPlatformData::openTypeTable): We implement openTypeTable() on Darwin platform.
        * platform/graphics/FontPlatformData.h: We expose openTypeTable() on Darwin platform.
        * platform/graphics/SimpleFontData.cpp:
        (WebCore::SimpleFontData::SimpleFontData):
        (WebCore::SimpleFontData::mathData): Initialize and return the math data.
        * platform/graphics/SimpleFontData.h: We expose a mathData() function to access the MATH data.
        * platform/graphics/opentype/OpenTypeMathData.cpp: Added. This is a new class that will be used to parse the data from the OpenType MATH table.
        (WebCore::OpenTypeMathData::OpenTypeMathData):
        * platform/graphics/opentype/OpenTypeMathData.h: Added.
        (WebCore::OpenTypeMathData::create):
        (WebCore::OpenTypeMathData::hasMathData):

2014-04-01  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Displaying region's children in another region not supported
        https://bugs.webkit.org/show_bug.cgi?id=130735

        Reviewed by David Hyatt.

        With http://trac.webkit.org/changeset/166353, we disabled the possibility
        of collecting the region's children into another flow and displaying them
        in another region.
        I added a new test for this and also changed the plain ASSERT in Element dtor
        to ASSERT_WITH_SECURITY_IMPLICATION to better reflect the meaning of the assertion.

        Test: fast/regions/region-child-not-flowed.html

        * dom/Element.cpp:
        (WebCore::Element::~Element):

2014-04-01  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] Simplify the RenderFlowThread state pusher
        https://bugs.webkit.org/show_bug.cgi?id=131035

        Reviewed by David Hyatt.

        The RenderFlowThread state pusher is desynchronized from the RenderView layout state pusher
        by one renderer. This patch fixes the anomaly by correctly ordering the push and pop operations
        between the two systems.

        Tests: no functional change, no new tests.

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::pushFlowThreadLayoutState):
        (WebCore::RenderFlowThread::popFlowThreadLayoutState):
        (WebCore::RenderFlowThread::offsetFromLogicalTopOfFirstRegion):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::pushLayoutState):
        * rendering/RenderView.h:

2014-04-01  Beth Dakin  <bdakin@apple.com>

        willReveal edge events should be hooked up for overflow:scroll
        https://bugs.webkit.org/show_bug.cgi?id=131071
        -and corresponding-
        <rdar://problem/16190392>

        Reviewed by Sam Weinig.

        This patch moves the will reveal logic from FrameView to Document so that it can 
        be shared for RenderLayers.

        This is mostly just a moved function, but now the function takes an Element* that 
        represents the target of the event if the target is not the window.
        * dom/Document.cpp:
        (WebCore::Document::sendWillRevealEdgeEventsIfNeeded):
        * dom/Document.h:

        No longer implement sendWillRevealEdgeEventsIfNeeded() on FrameView or 
        ScrollableArea at all. Call into Document instead.
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollPositionChanged):
        (WebCore::FrameView::sendWillRevealEdgeEventsIfNeeded): Deleted.
        * page/FrameView.h:
        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::sendWillRevealEdgeEventsIfNeeded): Deleted.

        Call sendWillRevealEdgeEventsIfNeeded() after sending scroll events. 
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollTo):

2014-04-01  Jon Honeycutt  <jhoneycutt@apple.com>

        Crash in WebCore::RenderLayer::FilterInfo::updateReferenceFilterClients

        <https://bugs.webkit.org/show_bug.cgi?id=121887>
        <rdar://problem/15073043>

        Reviewed by Dean Jackson.

        Test: svg/filters/first-letter-crash.html

        * rendering/FilterEffectRenderer.cpp:
        (WebCore::FilterEffectRenderer::buildReferenceFilter):
        Added a null check to prevent crashes for anonymous RenderObjects.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::filterNeedsRepaint):
        Get the enclosing element, if there is one, and recalculate its style.
        We use the enclosing element so that we recalculate style for the
        ancestor of an anonymous RenderElement.
        (WebCore::RenderLayer::enclosingElement):
        Remove an assertion; we may now reach this condition if loading a
        cached SVG document results in RenderLayer::filterNeedsRepaint() being
        called before the object has been inserted into the render tree.

        * rendering/RenderLayerFilterInfo.cpp:
        (WebCore::RenderLayer::FilterInfo::notifyFinished):
        Tell the RenderLayer that the filter needs repainting.
        (WebCore::RenderLayer::FilterInfo::updateReferenceFilterClients):
        Get the Element from the renderer rather than asking the renderer's
        Element, which will be null for anonymous RenderObjects.

        * rendering/RenderLayerFilterInfo.h:
        Removed declaration for the old workaround function, layerElement().

2014-04-01  Ryuan Choi  <ryuan.choi@samsung.com>

        Build break when disabled VIDEO since r166261
        https://bugs.webkit.org/show_bug.cgi?id=131087

        Reviewed by Gyuyoung Kim.

        * testing/Internals.cpp: Added ENABLE(VIDEO) guards
        (WebCore::Internals::simulateSystemSleep):
        (WebCore::Internals::simulateSystemWake):

2014-04-01  Timothy Hatcher  <timothy@apple.com>

        Remove HeapProfiler from the Web Inspector protocol.

        https://bugs.webkit.org/show_bug.cgi?id=131070

        Reviewed by Joseph Pecoraro.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/ScriptHeapSnapshot.h: Removed.
        * bindings/js/ScriptProfiler.h:
        (WebCore::ScriptProfiler::takeHeapSnapshot): Deleted.
        (WebCore::ScriptProfiler::isSampling): Deleted.
        (WebCore::ScriptProfiler::hasHeapProfiler): Deleted.
        * inspector/InspectorAllInOne.cpp:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        * inspector/InspectorHeapProfilerAgent.cpp: Removed.
        * inspector/InspectorHeapProfilerAgent.h: Removed.
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):
        * inspector/InspectorProfilerAgent.cpp:
        (WebCore::InspectorProfilerAgent::InspectorProfilerAgent):
        (WebCore::InspectorProfilerAgent::getProfileHeaders):
        (WebCore::InspectorProfilerAgent::removeProfile):
        (WebCore::InspectorProfilerAgent::resetState): The CommandLineAPIHost call to
        clear inspected objects should have not been here. It was only needed by the
        HeapProfilerAgent.
        (WebCore::InspectorProfilerAgent::resetFrontendProfiles):
        (WebCore::InspectorProfilerAgent::collectGarbage): Deleted.
        (WebCore::InspectorProfilerAgent::createSnapshotHeader): Deleted.
        (WebCore::InspectorProfilerAgent::isSampling): Deleted.
        (WebCore::InspectorProfilerAgent::hasHeapProfiler): Deleted.
        (WebCore::InspectorProfilerAgent::getHeapSnapshot): Deleted.
        (WebCore::InspectorProfilerAgent::takeHeapSnapshot): Deleted.
        (WebCore::InspectorProfilerAgent::getObjectByHeapObjectId): Deleted.
        (WebCore::InspectorProfilerAgent::getHeapObjectId): Deleted.
        * inspector/InspectorProfilerAgent.h:
        * inspector/InstrumentingAgents.h:
        (WebCore::InstrumentingAgents::inspectorHeapProfilerAgent): Deleted.
        (WebCore::InstrumentingAgents::setInspectorHeapProfilerAgent): Deleted.
        * inspector/WebConsoleAgent.cpp:
        (WebCore::WebConsoleAgent::addInspectedHeapObject): Deleted.
        * inspector/WebConsoleAgent.h:
        * inspector/WorkerInspectorController.cpp:
        (WebCore::WorkerInspectorController::WorkerInspectorController):
        * inspector/protocol/HeapProfiler.json: Removed.
        * inspector/protocol/Profiler.json:

2014-04-01  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Exclusions] Remove exclusions parsing support
        https://bugs.webkit.org/show_bug.cgi?id=131046

        Reviewed by David Hyatt.

        CSS Exclusions specification [1] needs some evolution before the actual implementation happens.
        We have only the parsing code in WebKit for -webkit-wrap-flow and -webkit-wrap-through.
        This patch removes the code from the trunk for now, it doesn't make sense to keep it around.

        [1] http://www.w3.org/TR/css3-exclusions/

        Removed existing parsing tests.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        (WebCore::isKeywordPropertyID):
        (WebCore::CSSParser::parseValue):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): Deleted.
        (WebCore::CSSPrimitiveValue::operator WrapFlow): Deleted.
        (WebCore::CSSPrimitiveValue::operator WrapThrough): Deleted.
        * css/CSSPropertyNames.in:
        * css/CSSValueKeywords.in:
        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::DeprecatedStyleBuilder::DeprecatedStyleBuilder):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::applyProperty):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeRequiresLayout):
        * rendering/style/RenderStyle.h:
        * rendering/style/RenderStyleConstants.h:
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:

2014-04-01  Timothy Hatcher  <timothy@apple.com>

        Remove the rest of the old Canvas inspection support.

        https://bugs.webkit.org/show_bug.cgi?id=131066

        Reviewed by Joseph Pecoraro.

        * CMakeLists.txt: Removed Canvas.json.
        * DerivedSources.make: Ditto.
        * inspector/InjectedScriptCanvasModuleSource.js: Removed.
        * inspector/protocol/Canvas.json: Removed.

2014-04-01  Alexey Proskuryakov  <ap@apple.com>

        Eliminate HTMLFormElement::m_shouldSubmit
        https://bugs.webkit.org/show_bug.cgi?id=131055

        Reviewed by Tim Horton.

        m_shouldSubmit was used for two purposes:
        - as a return value in a function whose return value is ignored by all callers;
        - to make a decision that's local to a function.

        There is no need for it to be an instance variable.

        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::HTMLFormElement):
        (WebCore::HTMLFormElement::prepareForSubmission):
        (WebCore::HTMLFormElement::submit):
        * html/HTMLFormElement.h:

2014-04-01  Benjamin Poulain  <bpoulain@apple.com>

        Remove a couple of useless static strings
        https://bugs.webkit.org/show_bug.cgi?id=131003

        Reviewed by David Kilzer.

        There is zero value in keeping those strings alive.

        * css/StyleProperties.cpp:
        (WebCore::isInitialOrInherit):

2014-04-01  Myles C. Maxfield  <mmaxfield@apple.com>

        svg/text/text-overflow-ellipsis-svgfont-kerning-ligatures.html and svg/css/font-face-crash.html frequently assert in ComplexTextController::offsetForPosition
        https://bugs.webkit.org/show_bug.cgi?id=119747

        Reviewed by Simon Fraser.

        Even though kerning and ligatures currently don't work with the
        simple text path, messing those up is better than creating null
        CTRun and CTLine objects.

        Rather than calling the badly-named renderingContext() function on TextRun objects
        to determine if they are drawn with an SVG font, this patch creates a wrapper function
        with a better name and uses that instead.

        Test: svg/text/svg-font-hittest.html

        * platform/graphics/Font.cpp:
        (WebCore::isDrawnWithSVGFont): Wrapper around renderingContext()
        (WebCore::Font::drawText): Use wrapper function
        (WebCore::Font::drawEmphasisMarks): Use wrapper function
        (WebCore::Font::width): Use wrapper function
        (WebCore::Font::selectionRectForText): Use wrapper function
        (WebCore::Font::offsetForPosition): If we are using an SVG font, use the simple path
        instead of the complex one
        (WebCore::Font::codePath): Use wrapper function
        * platform/graphics/cocoa/FontPlatformDataCocoa.mm:
        (WebCore::FontPlatformData::ctFont):

2014-04-01  Daniel Bates  <dabates@apple.com>

        RenderQuote must destroy remaining text renderer before first letter renderer
        https://bugs.webkit.org/show_bug.cgi?id=78023
        <rdar://problem/10830009>

        Reviewed by Brent Fulgham.

        Merged from Blink (patch by Abhishek Arya):
        https://src.chromium.org/viewvc/blink?view=rev&revision=151270

        Following the fix for <https://bugs.webkit.org/show_bug.cgi?id=114586>, a
        RenderQuote may have child render objects for the first letter of its text
        and everything following the first letter so as to support the CSS first-
        letter property. The latter renderer is responsible for destroying the former
        on destruction. It's sufficient to reverse the destruction of the children of
        RenderQuote to ensure that we destroy the remaining text renderer before we
        destroy the first letter renderer.

        Test: fast/css-generated-content/quote-first-letter-crash.html

        * rendering/RenderQuote.cpp:
        (WebCore::RenderQuote::updateText):

2014-04-01  David Kilzer  <ddkilzer@apple.com>

        Do not allow HTTP refresh headers to refresh to javascript: URLs
        <http://webkit.org/b/119051>
        <rdar://problem/14536453>

        Reviewed by Alexey Proskuryakov.

        Merged from Blink (patch by tsepez@chromium.org):
        https://src.chromium.org/viewvc/blink?revision=153912&view=revision
        http://crbug.com/258151

            This behaviour has been standard in IE since IE7.  This makes us both
            more compatible and less vulnerable to XSS.

        Tests: http/tests/security/no-javascript-location-percent-escaped.html
               http/tests/security/no-javascript-location.html
               http/tests/security/no-javascript-refresh-percent-escaped.php
               http/tests/security/no-javascript-refresh-spaces.php
               http/tests/security/no-javascript-refresh-static-percent-escaped.html
               http/tests/security/no-javascript-refresh-static-spaces.html
               http/tests/security/no-javascript-refresh-static.html
               http/tests/security/no-javascript-refresh.php

        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::receivedFirstData):
        - Do not fire meta http refresh for a javascript: URL protocol.

2014-04-01  Pratik Solanki  <psolanki@apple.com>

        Unreviewed build fix. Remove duplicate file entries.

        * WebCore.xcodeproj/project.pbxproj:

2014-03-31  Simon Fraser  <simon.fraser@apple.com>

        Enable WEB_TIMING on Mac and iOS
        https://bugs.webkit.org/show_bug.cgi?id=128064

        Reviewed by Sam Weinig, Brent Fulgham.

        Enable WEB_TIMING. Add PerformanceTiming.cpp and JSPerformanceTiming.cpp
        to the project.
        
        * Configurations/FeatureDefines.xcconfig:
        * WebCore.xcodeproj/project.pbxproj:

2014-04-01  James Craig  <jcraig@apple.com>

        AX: AccessibilityRenderObject::ariaLiveRegionAtomic() should default to true if
        roleValue is ApplicationAlertRole || ApplicationStatusRole
        https://bugs.webkit.org/show_bug.cgi?id=130907

        Reviewed by Chris Fleizach.

        Tests: inspector-protocol/dom/getAccessibilityPropertiesForNode_liveRegion.html:
               platform/mac/accessibility/aria-liveregions-attributes.html:

        Updated AccessibilityRenderObject::ariaLiveRegionAtomic() to match ARIA spec.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::ariaLiveRegionAtomic):

2014-04-01  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed. Fixing debug builds after r166586.

        * svg/SVGElement.cpp:
        (WebCore::SVGElement::addEventListener): Fix the ASSERT.
        (WebCore::SVGElement::removeEventListener): Ditto.

2014-04-01  Zan Dobersek  <zdobersek@igalia.com>

        Prevent unnecessary copies in compareEqual template
        https://bugs.webkit.org/show_bug.cgi?id=131014

        Reviewed by Antti Koivisto.

        * rendering/style/RenderStyle.h:
        (compareEqual): Casting the second parameter to a non-const, non-reference type
        causes an extra copy of that object. Casting to the const reference type of the
        first parameter avoids that.

2014-04-01  Zan Dobersek  <zdobersek@igalia.com>

        Avoid unnecessary HashSet copies when calling collectInstancesForSVGElement
        https://bugs.webkit.org/show_bug.cgi?id=131020

        Reviewed by Andreas Kling.

        Remove collectInstancesForSVGElement() to avoid HashSet copies when assigning a const
        HashSet reference to a non-const HashSet reference. Instead, range-based for-loops are
        deployed to iterate directly over the const reference to HashSet that's returned by
        SVGElement::instancesForElement(). SVGElement::containingShadowRoot() return value
        is checked to see if the iteration should be performed in the first place, preserving
        the behavior of collectInstancesForSVGElement().

        * svg/SVGElement.cpp:
        (WebCore::SVGElement::addEventListener):
        (WebCore::SVGElement::removeEventListener):
        (WebCore::collectInstancesForSVGElement): Deleted.

2014-04-01  Zan Dobersek  <zdobersek@igalia.com>

        Move the attributes HashMap out of the parseAttributes function
        https://bugs.webkit.org/show_bug.cgi?id=131019

        Reviewed by Andreas Kling.

        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::parseAttributes): Avoid copying the HashMap object that's being returned by
        converting it to an xvalue through using std::move() in the return statement.

2014-04-01  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Transition class Image (and its dependencies) from int to float to enable subpixel positioned/sized images.
        https://bugs.webkit.org/show_bug.cgi?id=130643

        Reviewed by Simon Fraser.

        This is in preparation to support subpixel positioned/sized background images. While 1x bitmap images can't take
        subpixel sizing on hidpi resolutions, both generated and hidpi images can.
        This patch does not change Image behavior in general as both position and size are still snapped to integral values.  

        No change in behavior.

        * WebCore.exp.in:
        * css/CSSCrossfadeValue.cpp:
        (WebCore::CSSCrossfadeValue::fixedSize):
        * css/CSSFilterImageValue.cpp:
        (WebCore::CSSFilterImageValue::fixedSize):
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::drawImageIntoBuffer):
        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::imageSizeForRenderer):
        * page/EventHandler.cpp:
        (WebCore::EventHandler::selectCursor):
        * platform/Cursor.cpp:
        (WebCore::determineHotSpot):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::size):
        (WebCore::BitmapImage::currentFrameSize):
        * platform/graphics/BitmapImage.h:
        * platform/graphics/CrossfadeGeneratedImage.cpp:
        (WebCore::CrossfadeGeneratedImage::CrossfadeGeneratedImage):
        (WebCore::drawCrossfadeSubimage):
        (WebCore::CrossfadeGeneratedImage::drawCrossfade):
        * platform/graphics/CrossfadeGeneratedImage.h:
        * platform/graphics/GeneratedImage.h:
        * platform/graphics/Gradient.cpp:
        (WebCore::Gradient::adjustParametersForTiledDrawing):
        * platform/graphics/Gradient.h:
        * platform/graphics/GradientImage.cpp:
        (WebCore::GradientImage::drawPattern):
        * platform/graphics/GradientImage.h:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::createCompatibleBuffer):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/Image.cpp:
        (WebCore::Image::adjustSourceRectForDownSampling):
        * platform/graphics/Image.h:
        (WebCore::Image::setContainerSize):
        (WebCore::Image::rect):
        (WebCore::Image::width):
        (WebCore::Image::height):
        * platform/graphics/ImageBuffer.cpp:
        (WebCore::ImageBuffer::createCompatibleBuffer):
        * platform/graphics/ImageBuffer.h:
        (WebCore::ImageBuffer::create):
        * platform/graphics/IntPoint.cpp:
        (WebCore::IntPoint::IntPoint):
        * platform/graphics/IntPoint.h:
        * platform/graphics/IntSize.cpp:
        (WebCore::IntSize::IntSize):
        * platform/graphics/IntSize.h:
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBuffer::ImageBuffer):
        * platform/graphics/cairo/ImageCairo.cpp:
        (WebCore::Image::drawPattern):
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::ImageBuffer):
        * platform/graphics/cg/ImageBufferDataCG.cpp:
        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::size):
        (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
        (WebCore::applyRotationForPainting):
        * platform/graphics/cg/PDFDocumentImage.h:
        * platform/graphics/cg/PatternCG.cpp:
        (WebCore::Pattern::createPlatformPattern):
        * platform/graphics/mac/GraphicsContextMac.mm:
        * platform/graphics/mac/IconMac.mm:
        * platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:
        (WebCore::TextureMapperTiledBackingStore::updateContentsFromImageIfNeeded):
        * platform/graphics/texmap/coordinated/CoordinatedImageBacking.cpp:
        (WebCore::CoordinatedImageBacking::update):
        * platform/graphics/win/ImageCGWin.cpp:
        (WebCore::BitmapImage::getHBITMAPOfSize):
        (WebCore::BitmapImage::drawFrameMatchingSourceSize):
        * platform/graphics/win/ImageCairoWin.cpp:
        (WebCore::BitmapImage::getHBITMAPOfSize):
        (WebCore::BitmapImage::drawFrameMatchingSourceSize):
        * platform/mac/DragImageMac.mm:
        (WebCore::createDragImageFromImage):
        * platform/win/DragImageCGWin.cpp:
        (WebCore::createDragImageFromImage):
        * platform/win/PasteboardWin.cpp:
        (WebCore::Pasteboard::writeImage):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::imageSizeForError):
        (WebCore::RenderImage::paintReplaced):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::drawPlatformResizerImage):
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::setContainerSize):
        * svg/graphics/SVGImage.h:
        * svg/graphics/SVGImageCache.cpp:
        (WebCore::SVGImageCache::imageSizeForRenderer):
        * svg/graphics/SVGImageCache.h:
        * svg/graphics/SVGImageForContainer.cpp:
        (WebCore::SVGImageForContainer::size):
        * svg/graphics/SVGImageForContainer.h:
        * svg/graphics/filters/SVGFEImage.cpp:
        (WebCore::FEImage::externalRepresentation):
        * testing/Internals.cpp:
        (WebCore::Internals::getCurrentCursorInfo):

2014-04-01  Ryuan Choi  <ryuan.choi@samsung.com>

        Unreviewed build fix when disabled ACCESSIBILITY

        * accessibility/atk/WebKitAccessibleInterfaceTableCell.cpp:
        Separated macros not to check ATK version when disabled ACCESSIBILITY

2014-04-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        [CMake][EFL] Enable CSS JIT
        https://bugs.webkit.org/show_bug.cgi?id=131010

        Reviewed by Benjamin Poulain.

        Add an inclusion path for enabling CSS JIT on EFL and GTK ports.
        This patch only enables it for EFL port.

        * CMakeLists.txt:

2014-04-01  Martin Robinson  <mrobinson@igalia.com>

        [GTK] Readonly attributes installed as readwrite in GObject DOM bindings
        https://bugs.webkit.org/show_bug.cgi?id=130978

        Reviewed by Carlos Garcia Campos.

        Unify how we decide if an attribute is readable or writeable and improve the code.
        This results in some attributes now being marked as read-only which didn't have
        corresponding case statements in the set_property switch statements and also correctly
        installs set_property support for some more POD types.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (IsPropertyReadable): Added this helper to simplify deciding if an attribute is readable.
        (IsPropertyWriteable): Added this helper to simplify deciding if an attribute is writeable. Also
        update the list of types to reflect the full list of types we can generate setters for.
        (GenerateProperty): Use the IsPropertyWriteable helper instead of checking whether the attribute is read-only.
        Also fix generation of the blurb by using $mutableString instead of $mutableStringconst which isn't used.
        (GenerateProperties): Use grep and the new helpers to simplify the code.
        (GetReadableProperties): Deleted.
        (GetWriteableProperties): Deleted.
        * bindings/scripts/test/GObject: Update results

2014-03-31  Ryuan Choi  <ryuan.choi@samsung.com>

        [EFL][WK2] Extract the control of page background out of color_set
        https://bugs.webkit.org/show_bug.cgi?id=127539

        Reviewed by Gyuyoung Kim.

        * platform/graphics/texmap/coordinated/CoordinatedGraphicsScene.cpp:
        Added m_viewBackgroundColor to clear when m_setDrawsBackground is false.
        (WebCore::CoordinatedGraphicsScene::CoordinatedGraphicsScene):
        (WebCore::CoordinatedGraphicsScene::paintToCurrentGLContext):
        (WebCore::CoordinatedGraphicsScene::paintToGraphicsContext):
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsScene.h:
        (WebCore::CoordinatedGraphicsScene::setViewBackgroundColor):
        (WebCore::CoordinatedGraphicsScene::viewBackgroundColor):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer):
        Added EFL guard not to set opaque as a default for MainFrameRenderViewLayer.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::ensureRootLayer):
        Added EFL guard to apply page scale on RenderView like IOS.

2014-03-31  Byungseon Shin  <sun.shin@lge.com>

        [WebGL][OpenGLES] Enable MSAA support for WebGL Canvas
        https://bugs.webkit.org/show_bug.cgi?id=130955

        Reviewed by Dean Jackson.

        To avoid aliasing issues when we render content to WebGL canvas,
         we need to implement MSAA support.
        - Imagination OpenGLES GPU Driver already support MSAA, so we
         need a separate code path to enable it.

        * platform/graphics/Extensions3D.h:
        * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
        (WebCore::Extensions3DOpenGLCommon::Extensions3DOpenGLCommon):
        * platform/graphics/opengl/Extensions3DOpenGLCommon.h:
        (WebCore::Extensions3DOpenGLCommon::isImagination):
        * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
        (WebCore::GraphicsContext3D::reshapeFBOs):

2014-03-31  Alexey Proskuryakov  <ap@apple.com>

        Crashes in PageConsole::addMessage
        https://bugs.webkit.org/show_bug.cgi?id=130991
        <rdar://problem/14795232>

        Reviewed by Geoffrey Garen.

        Test: http/tests/misc/detached-frame-console.html

        * page/DOMWindow.cpp: (WebCore::DOMWindow::printErrorMessage): Added a null check.
        It's legitimate for this to be called for a window that is not currently displayed
        in a frame.

2014-03-31  Simon Fraser  <simon.fraser@apple.com>

        [UI-side compositing] Proxy animations to the UI process
        https://bugs.webkit.org/show_bug.cgi?id=130946

        Reviewed by Tim Horton.
        
        To proxy CA animations, make PlatformCAAnimation a pure virtual base class
        and subclass for Mac, Windows, and Remote (just like PlatformCALayer).
        
        Add coding support for TimingFunctions.
        
        Do some minor #include tidyup.
        
        Minor refactor in GraphicsLayerCA to share some animations code.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/animation/TimingFunction.h: Add setters need for encode/decode.
        (WebCore::CubicBezierTimingFunction::setValues):
        (WebCore::CubicBezierTimingFunction::setTimingFunctionPreset):
        (WebCore::StepsTimingFunction::create):
        (WebCore::StepsTimingFunction::setNumberOfSteps):
        (WebCore::StepsTimingFunction::setStepAtStart):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::createPlatformCAAnimation):
        (WebCore::GraphicsLayerCA::animationCanBeAccelerated): Minor refactor so we can share
        code with GraphicsLayerCARemote.
        (WebCore::GraphicsLayerCA::addAnimation):
        (WebCore::GraphicsLayerCA::createBasicAnimation):
        (WebCore::PassRefPtr<PlatformCAAnimation>GraphicsLayerCA::createKeyframeAnimation):
        * platform/graphics/ca/GraphicsLayerCA.h:
        * platform/graphics/ca/PlatformCAAnimation.h:
        (WebCore::PlatformCAAnimation::~PlatformCAAnimation):
        (WebCore::PlatformCAAnimation::isPlatformCAAnimationMac):
        (WebCore::PlatformCAAnimation::isPlatformCAAnimationWin):
        (WebCore::PlatformCAAnimation::isPlatformCAAnimationRemote):
        (WebCore::PlatformCAAnimation::PlatformCAAnimation):
        (WebCore::PlatformCAAnimation::setType):
        * platform/graphics/ca/PlatformCALayer.h:
        * platform/graphics/ca/mac/PlatformCAAnimationMac.h: Added.
        * platform/graphics/ca/mac/PlatformCAAnimationMac.mm:
        * platform/graphics/ca/mac/PlatformCALayerMac.mm:
        (PlatformCALayerMac::addAnimationForKey):
        (PlatformCALayerMac::animationForKey):
        * platform/graphics/ca/mac/TileController.mm:
        * platform/graphics/ca/win/PlatformCAAnimationWin.cpp:
        * platform/graphics/ca/win/PlatformCAAnimationWin.h: Added.

2014-03-31  Benjamin Poulain  <benjamin@webkit.org>

        CSS JIT: compile the first-child pseudo class
        https://bugs.webkit.org/show_bug.cgi?id=130954

        Reviewed by Andreas Kling.

        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::collectMatchingRules):
        The compiler use the context's style directly when resolving style. An error introduced
        in the rule collector would cause a crash in the compiled code which would be hard to debug.
        Add an assertion early in the stack to catch errors where it is easier to debug them.

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::State::initForStyleResolve):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateWalkToPreviousAdjacentElement):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateWalkToPreviousAdjacent):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateDirectAdjacentTreeWalker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateIndirectAdjacentTreeWalker):
        Refactor those to be able to reuse the code getting a sibling element preceding the current element.

        (WebCore::SelectorCompiler::SelectorCodeGenerator::jumpIfNotResolvingStyle):
        Extract the code checking the current mode from SelectorCodeGenerator::markParentElementIfResolvingStyle()
        in a separate function. This will be useful for all the pseudo class with marking.

        (WebCore::SelectorCompiler::SelectorCodeGenerator::markParentElementIfResolvingStyle):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        (WebCore::SelectorCompiler::setFirstChildState):
        This is the slow path for when the first-child pseudo class is on a fragment that is not
        the rightmost.
        The reason to use a slow path is accessing renderStyle() is not trivial and this case isn't not
        as common. We should improve this later.

        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
        This is just implementing the test for first-child plus the tree marking. Nothing fancy,
        this is basically the same thing as SelectorChecker.

        * dom/Element.cpp:
        (WebCore::Element::setChildrenAffectedByFirstChildRules):
        * dom/Element.h:
        C++ fallback to set the flag, to be improved later with the other flags.

        * rendering/style/RenderStyle.h:
        I accidentaly put noninheritedFlagsMemoryOffset() as private in the RenderStyle refactoring.

        Also update the flags accessor to make them easier to work with from the compiler. In particular,
        setFirstChildStateFlags() sets both isUnique and firstChild. Currently the JIT does not need to access
        the value so individual flags are made private.

2014-03-31  Dean Jackson  <dino@apple.com>

        Remove WEB_ANIMATIONS
        https://bugs.webkit.org/show_bug.cgi?id=130989

        Reviewed by Simon Fraser.

        Remove this feature flag until we plan to implement.

        * Configurations/FeatureDefines.xcconfig:

2014-03-31  Simon Fraser  <simon.fraser@apple.com>

        Fix iOS build.

        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeScrollingNodeIOS::updateLayersAfterDelegatedScroll):

2014-03-31  Pratik Solanki  <psolanki@apple.com>

        Unreviewed. iOS build fix after r166532. Add missing comma.

        * dom/DocumentMarker.h:

2014-03-31  Brady Eidson  <beidson@apple.com>

        Add variant of phone number parsing that use DocumentMarker in the current selection
        <rdar://problem/16379566> and https://bugs.webkit.org/show_bug.cgi?id=130917

        Reviewed by Darin Adler.

        * dom/DocumentMarker.h:
        (WebCore::DocumentMarker::AllMarkers::AllMarkers): Add a new TelephoneNumber document marker type.

        * editing/Editor.cpp:
        (WebCore::Editor::respondToChangedSelection):
        (WebCore::Editor::scanSelectionForTelephoneNumbers): TextIterate over the selected range looking for numbers.
        (WebCore::Editor::scanRangeForTelephoneNumbers): Scan the given range for a telephone number,
          adding the DocumentMarker to any that are found.
        (WebCore::Editor::clearDataDetectedTelephoneNumbers):
        * editing/Editor.h:

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::processCharacterBufferForInBody): Only linkify on iOS.

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paintTelephoneNumberMarker): Placeholder UI while the feature is developed.
        (WebCore::InlineTextBox::paintDocumentMarkers):
        * rendering/InlineTextBox.h:

        * testing/Internals.cpp:
        (WebCore::markerTypesFrom):

2014-03-31  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Hook up scroll events for accelerated overflow:scroll
        https://bugs.webkit.org/show_bug.cgi?id=130976

        Reviewed by Tim Horton.

        When an accelerated overflow:scroll is scrolled in the UI process,
        tell the WebProcess that the scroll happened to update RenderLayer
        state and fire events.
        
        In the WebProcess, RemoteScrollingCoordinator gets a message from the
        UI process and calls AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll().
        Fixed that function to handle scrolling nodes other than the root, which
        required storing a map of ScrollingNodeID->RenderLayer* on RenderLayerCompositor,
        accessible through FrameView::scrollableAreaForScrollLayerID().

        * WebCore.exp.in:
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollableAreaForScrollLayerID):
        * page/FrameView.h:
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll): Handle
        overflow as well as main frame scrolling nodes.
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::viewportChangedViaDelegatedScrolling): Use isScrollingNode().
        (WebCore::ScrollingTree::scrollPositionChangedViaDelegatedScrolling): When an overflow
        scroll node was scrolled externally, we have to update layers in decendant nodes,
        and then call scrollingTreeNodeDidScroll() which tells the ScrollingCoordinator that
        we scrolled.
        * page/scrolling/ScrollingTree.h: Try to reduce confusion between the roles played
        by these various functions, some of which happen in the UI process with UI-side
        compositing.
        * page/scrolling/ScrollingTreeScrollingNode.h:
        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.h: Need some functions to be
        callable by subclasses.
        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeScrollingNodeIOS::updateLayersAfterDelegatedScroll):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer): Add
        scrolling layers to the m_scrollingNodeToLayerMap
        (WebCore::RenderLayerCompositor::detachScrollCoordinatedLayer): Remove
        layer from the m_scrollingNodeToLayerMap.
        (WebCore::RenderLayerCompositor::scrollableAreaForScrollLayerID):
        * rendering/RenderLayerCompositor.h:

2014-03-31  Antti Koivisto  <antti@apple.com>

        Rename TileCache to LegacyTileCache
        https://bugs.webkit.org/show_bug.cgi?id=130986

        Reviewed by Simon Fraser.

        Rename iOS WebKit1 tile cache classes to reflect its status.
        This also frees some good type names.

        TileCache -> LegacyTileCache
        TileGrid -> LegacyTileGrid
        TileGridTile -> LegacyTileGridTile
        etc.

2014-03-31  Tim Horton  <timothy_horton@apple.com>

        Small adjustments to WebCore::IOSurface
        https://bugs.webkit.org/show_bug.cgi?id=130981

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        Export some more things.

        * platform/graphics/cocoa/IOSurface.h:
        createImage() can't be const because it calls ensurePlatformContext().

        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::createImage):
        We should be able to create an image even if the CGContext has been cleared (or never created).

        (IOSurface::isInUse):
        Rename inUse() to isInUse().

        (IOSurface::clearGraphicsContext):
        Add clearGraphicsContext().

2014-03-31  Tim Horton  <timothy_horton@apple.com>

        Allocate IOSurfaces with the same cache mode that CoreAnimation uses
        https://bugs.webkit.org/show_bug.cgi?id=130982

        Reviewed by Simon Fraser.

        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::IOSurface):
        CA uses kIOMapWriteCombineCache for IOSurfaces allocated on iOS.

2014-03-31  Ion Rosca  <rosca@adobe.com>

        [CSS Blending] Blend mode property is propagated to multiple GraphicLayers
        https://bugs.webkit.org/show_bug.cgi?id=130337

        Reviewed by Dean Jackson.

        Resets the blend mode for graphicsLayer when it has an ancestorClippingLayer.

        Test: css3/compositing/blend-mode-ancestor-clipping-layer.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateBlendMode):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateBlendMode):
        * rendering/RenderLayerBacking.h:

2014-03-31  Ion Rosca  <rosca@adobe.com>

        [CSS Blending] showLayerTree should dump layer's blend mode and isolation properties
        https://bugs.webkit.org/show_bug.cgi?id=130922

        Reviewed by Simon Fraser.

        This change only updates existing tests involving blending. No new test required,
        as there is no new or changed functionality.

        * rendering/RenderLayer.h: adding blendMode() getter.
        * rendering/RenderTreeAsText.cpp:
        (WebCore::write):
        adding blendMode property and layer's isolation status (does layer isolate blending descendants or not?).

2014-03-31  Benjamin Poulain  <benjamin@webkit.org>

        CSS JIT: clean up the functions ending when generating a checker with context
        https://bugs.webkit.org/show_bug.cgi?id=130959

        Reviewed by Andreas Kling.

        This code got refactored over time and now both branches do the exact same action
        on the stack.
        This patch removes the stack split and move the stack cleanup in the common ending
        just before restoring the callee saved registers.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):

2014-03-31  Beth Dakin  <bdakin@apple.com>

        ThemeMac should use std::array instead of IntSize* for control sizes
        https://bugs.webkit.org/show_bug.cgi?id=130985

        Reviewed by Darin Adler.

        Replace uses of const IntSize* with const std::array<IntSize, 3>
        * platform/mac/ThemeMac.mm:
        (WebCore::sizeFromNSControlSize):
        (WebCore::sizeFromFont):
        (WebCore::controlSizeFromPixelSize):
        (WebCore::setControlSize):
        (WebCore::checkboxSizes):
        (WebCore::radioSizes):
        (WebCore::buttonSizes):
        (WebCore::setUpButtonCell):
        (WebCore::stepperSizes):

2014-03-31  Hans Muller  <hmuller@adobe.com>

        [CSS Shapes] Simplify RasterShape implementation
        https://bugs.webkit.org/show_bug.cgi?id=130916

        Reviewed by Dean Jackson.

        Since only floats can specify shape-outside, the RasterShapeIntervals
        class only needs to track the first and last above threshold pixel column
        (x1 and x2 in the implementation) for each row. Removed code for dealing with
        multiple "runs" per row as well as shape-inside internals.

        No new tests, since functionality was only removed.

        * rendering/shapes/RasterShape.cpp:
        (WebCore::RasterShapeIntervals::computeShapeMarginIntervals):
        (WebCore::RasterShapeIntervals::initializeBounds):
        (WebCore::RasterShapeIntervals::buildBoundsPath):
        (WebCore::RasterShape::getExcludedIntervals):
        * rendering/shapes/RasterShape.h:
        (WebCore::RasterShapeIntervals::RasterShapeIntervals):
        (WebCore::RasterShapeIntervals::intervalAt):
        (WebCore::RasterShape::RasterShape):
        * rendering/shapes/Shape.cpp:
        (WebCore::Shape::createRasterShape):
        * rendering/shapes/ShapeInterval.h:
        (WebCore::ShapeInterval::unite):

2014-03-31  Andreas Kling  <akling@apple.com>

        Always inline toJS() for NodeList.
        <https://webkit.org/b/130974>

        This is a pretty cheesy optimization, but it's a 3% progression on
        Dromaeo/dom-query.html on my MBP.

        Reviewed by Benjamin Poulain.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSNodeListCustom.h: Added.
        (WebCore::toJS):
        * dom/NodeList.idl:

2014-03-31  Benjamin Poulain  <bpoulain@apple.com>

        Attempt to fix the 32bits debug builds

        The additional debug flags in RefCounted cause the structure to have different alignment
        with the 64bits flags.

        * rendering/style/RenderStyle.cpp:

2014-03-29  Simon Fraser  <simon.fraser@apple.com>

        Clarify some scrolling tree terminology
        https://bugs.webkit.org/show_bug.cgi?id=130929

        Reviewed by Tim Horton.

        Attempt to reduce some ambiguity in scrolling tree terminology.
        When async scrolling occurs, there are two tasks we have to perform:
        1. Layers need to be updated to reflect the scroll
        2. WebCore state has to be updated.
        The "updateForViewport" name didn't clearly reflect which of these
        tasks was being performed, so rename it to updateLayersAfterViewportChange()
        to reflect the fact that it only does the first.
        
        Remove the Mac implementation of updateLayersAfterViewportChange(), since
        it was confsued about this, and was never called anyway.

        * WebCore.exp.in:
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::viewportChangedViaDelegatedScrolling):
        * page/scrolling/ScrollingTreeScrollingNode.h:
        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.h:
        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeScrollingNodeIOS::updateLayersAfterViewportChange):
        (WebCore::ScrollingTreeScrollingNodeIOS::updateForViewport): Deleted.
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
        (WebCore::ScrollingTreeScrollingNodeMac::updateLayersAfterViewportChange):
        (WebCore::ScrollingTreeScrollingNodeMac::updateForViewport): Deleted.

2014-03-31  Tim Horton  <timothy_horton@apple.com>

        [iOS WebKit2] Disable tile cohort retention for now
        https://bugs.webkit.org/show_bug.cgi?id=130926
        <rdar://problem/16465413>

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        (WebCore::Settings::setScrollingPerformanceLoggingEnabled):
        (WebCore::Settings::setAggressiveTileRetentionEnabled): Deleted.
        * page/Settings.h:
        (WebCore::Settings::aggressiveTileRetentionEnabled): Deleted.
        * page/Settings.in:
        Use Settings.in for these simple settings.

        * platform/graphics/GraphicsLayerClient.h:
        (WebCore::GraphicsLayerClient::shouldAggressivelyRetainTiles):
        (WebCore::GraphicsLayerClient::shouldTemporarilyRetainTileCohorts):
        * platform/graphics/TiledBacking.h:
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::platformCALayerShouldAggressivelyRetainTiles):
        (WebCore::GraphicsLayerCA::platformCALayerShouldTemporarilyRetainTileCohorts):
        * platform/graphics/ca/GraphicsLayerCA.h:
        * platform/graphics/ca/PlatformCALayerClient.h:
        (WebCore::PlatformCALayerClient::platformCALayerShouldAggressivelyRetainTiles):
        (WebCore::PlatformCALayerClient::platformCALayerShouldTemporarilyRetainTileCohorts):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::shouldAggressivelyRetainTiles):
        (WebCore::RenderLayerBacking::shouldTemporarilyRetainTileCohorts):
        * rendering/RenderLayerBacking.h:
        Plumb the two tile-retention settings through to TileController in a pull manner
        instead of a push manner, as there were some cases (especially on iOS) where
        the settings weren't always getting pushed down.

        * platform/graphics/ca/mac/TileController.h:
        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::TileController):
        (WebCore::TileController::tileRevalidationTimerFired):
        (WebCore::TileController::revalidateTiles):
        (WebCore::TileController::drawTileMapContents):
        Aggressive tile retention wins over temporary retention. If we aren't
        using temporary (cohort) retention, throw away the cohort as soon as it
        is created.

2014-03-31  Beth Dakin  <bdakin@apple.com>

        Radio buttons and checkboxes should share code
        https://bugs.webkit.org/show_bug.cgi?id=130915

        Reviewed by Sam Weinig.

        Radio buttons and checkboxes now share a lot of code. The common term for both is 
        toggle buttons.

        Move these radio-sizing functions up in the file to be next to the checkbox sizing 
        functions.
        * platform/mac/ThemeMac.mm:
        (WebCore::radioSizes):
        (WebCore::radioMargins):
        (WebCore::radioSize):

        Configures a radio button or a checkbox.
        (WebCore::configureToggleButton):

        Creates a radio button or a checkbox.
        (WebCore::createToggleButtonCell):

        Still have a shared cell for each.
        (WebCore::sharedRadioCell):
        (WebCore::sharedCheckboxCell):

        Does the work of the old paintRadio() and paintCheckbox().
        (WebCore::paintToggleButton):

        Use sharedRadioCell() here.
        (WebCore::ThemeMac::inflateControlPaintRect):

        Call paintToggleButton() for radio buttons and checkboxes.
        (WebCore::ThemeMac::paint):

        All gone.
        (WebCore::configureCheckbox): Deleted.
        (WebCore::createCheckboxCell): Deleted.
        (WebCore::paintCheckbox): Deleted.
        (WebCore::radio): Deleted.
        (WebCore::paintRadio): Deleted.

2014-03-31  Samuel White  <samuel_white@apple.com>

        AX: Need ability to get line range for text marker.
        https://bugs.webkit.org/show_bug.cgi?id=130906

        Reviewed by Chris Fleizach.

        Added ability to get line range from any marker on that line. This matches the functionality of existing
        attributes such as AXParagraphTextMarkerRangeForTextMarker and AXSentenceTextMarkerRangeForTextMarker.

        Test: platform/mac/accessibility/line-range-for-text-marker.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::visiblePositionRangeForRange):
        (WebCore::AccessibilityObject::lineRangeForPosition):
        * accessibility/AccessibilityObject.h:
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper accessibilityParameterizedAttributeNames]):
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):

2014-03-31  Anders Carlsson  <andersca@apple.com>

        Fix iOS build.

        * page/ChromeClient.h:
        (WebCore::ChromeClient::updateViewportConstrainedLayers):

2014-03-31  Jer Noble  <jer.noble@apple.com>

        [MSE][Mac] Support lease-renewal.
        https://bugs.webkit.org/show_bug.cgi?id=130919

        Reviewed by Eric Carlson.

        Trigger a new key request when receiving an update message containting "renew".

        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm:
        (WebCore::CDMSessionMediaSourceAVFObjC::generateKeyRequest): Drive-by fix; generate a UTF-8
            based array.
        (WebCore::CDMSessionMediaSourceAVFObjC::update):

2014-03-31  Alexey Proskuryakov  <ap@apple.com>

        Remove special handling of soft hyphens in search code
        https://bugs.webkit.org/show_bug.cgi?id=130940

        Reviewed by Anders Carlsson.

        ICU knows to ignore soft hyphens, so we don't need to replace them before searching.

        Covered by existing tests.

        * editing/TextIterator.cpp:
        (WebCore::foldQuoteMark):
        (WebCore::foldQuoteMarks):
        (WebCore::SearchBuffer::SearchBuffer):
        (WebCore::SearchBuffer::append):
        (WebCore::foldQuoteMarkOrSoftHyphen): Deleted.
        (WebCore::foldQuoteMarksAndSoftHyphens): Deleted.

2014-03-31  Alex Christensen  <achristensen@webkit.org>

        Preparation for using Soup on Windows.
        https://bugs.webkit.org/show_bug.cgi?id=130615

        Reviewed by Carlos Garcia Campos.

        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        Added Soup source files in WinCairo build.
        * loader/soup/CachedRawResourceSoup.cpp:
        * loader/soup/SubresourceLoaderSoup.cpp:
        * platform/soup/SharedBufferSoup.cpp:
        * platform/soup/URLSoup.cpp:
        * platform/network/NetworkStorageSessionStub.cpp:
        Only build if USE(SOUP) to prevent building when USE(CURL) is true.
        * platform/network/soup/ResourceHandleSoup.cpp:
        Only include unistd.h in non-Visual Studio builds.
        This would normally be done with a HAVE_UNISTD_H macro when compiling glib and Soup,
        but that would need to be left undefined for Visual Studio.

2014-03-31  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed. Addressing reviewing comments for r166491 that I forgot
        to address before landing.

        * html/FormController.cpp:
        (WebCore::SavedFormState::deserialize): No need to move the std::unique_ptr
        object on the way out.
        (WebCore::FormController::createSavedFormStateMap): FormKeyGenerator can be
        allocated on the stack.
        (WebCore::FormController::formStatesFromStateVector): Use auto.

2014-03-20  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Use GMainLoopSource for idle and timeout sources in WebCore
        https://bugs.webkit.org/show_bug.cgi?id=130078

        Reviewed by Philippe Normand.

        * platform/audio/gstreamer/AudioFileReaderGStreamer.cpp:
        * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.cpp:
        * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.h:
        * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
        * platform/graphics/gstreamer/WebKitMediaSourceGStreamer.cpp:
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        * platform/gtk/GtkDragAndDropHelper.cpp:
        * platform/gtk/SharedTimerGtk.cpp:

2014-03-31  Andrei Bucur  <abucur@adobe.com>

        Wrong layout while animating content in regions
        https://bugs.webkit.org/show_bug.cgi?id=125086

        Reviewed by David Hyatt.

        The region to layer and regions to layer mappings should be cleared when the region chain changes.

        Test: fast/regions/layers/region-removed-during-animation.html

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::invalidateRegions): Clear the two maps and flag them for recomputation.
        (WebCore::RenderFlowThread::cachedRegionForCompositedLayer): Assert that the returned region exists.

2014-03-31  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>

        Remove hostThisRegister() and hostThisValue()
        https://bugs.webkit.org/show_bug.cgi?id=130895

        Reviewed by Geoffrey Garen.

        Removed hostThisRegister() and hostThisValue() and instead use thisArgumentOffset() and thisValue() respectively.

        No new tests, no behavior changes.

        * bindings/js/JSNavigatorCustom.cpp:
        (WebCore::JSNavigator::webkitGetUserMedia):
        * bindings/js/JSPluginElementFunctions.cpp:
        (WebCore::callPlugin):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        * bindings/scripts/test/JS/JSFloat64Array.cpp:
        (WebCore::jsFloat64ArrayPrototypeFunctionFoo):
        (WebCore::jsFloat64ArrayPrototypeFunctionSet):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::jsTestActiveDOMObjectPrototypeFunctionExcitingFunction):
        (WebCore::jsTestActiveDOMObjectPrototypeFunctionPostMessage):
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        (WebCore::jsTestCustomNamedGetterPrototypeFunctionAnotherFunction):
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::jsTestEventTargetPrototypeFunctionItem):
        (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
        (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
        (WebCore::jsTestEventTargetPrototypeFunctionDispatchEvent):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod1):
        (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod2):
        (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod3):
        (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod1):
        (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2):
        (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod3):
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        (WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionVoidMethod):
        (WebCore::jsTestObjPrototypeFunctionVoidMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionByteMethod):
        (WebCore::jsTestObjPrototypeFunctionByteMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionOctetMethod):
        (WebCore::jsTestObjPrototypeFunctionOctetMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionLongMethod):
        (WebCore::jsTestObjPrototypeFunctionLongMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionObjMethod):
        (WebCore::jsTestObjPrototypeFunctionObjMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionMethodWithSequenceArg):
        (WebCore::jsTestObjPrototypeFunctionMethodReturningSequence):
        (WebCore::jsTestObjPrototypeFunctionMethodWithEnumArg):
        (WebCore::jsTestObjPrototypeFunctionMethodThatRequiresAllArgsAndThrows):
        (WebCore::jsTestObjPrototypeFunctionSerializedValue):
        (WebCore::jsTestObjPrototypeFunctionOptionsObject):
        (WebCore::jsTestObjPrototypeFunctionMethodWithException):
        (WebCore::jsTestObjPrototypeFunctionCustomMethod):
        (WebCore::jsTestObjPrototypeFunctionCustomMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionAddEventListener):
        (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateVoid):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateObj):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateVoidException):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateObjException):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContext):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptState):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateObjException):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateWithSpaces):
        (WebCore::jsTestObjPrototypeFunctionWithScriptArgumentsAndCallStack):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArg):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndOptionalArg):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndTwoOptionalArgs):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalString):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsUndefined):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsNullString):
        (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackArg):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonCallbackArgAndCallbackArg):
        (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackAndOptionalArg):
        (WebCore::jsTestObjPrototypeFunctionConditionalMethod1):
        (WebCore::jsTestObjPrototypeFunctionConditionalMethod2):
        (WebCore::jsTestObjPrototypeFunctionConditionalMethod3):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod1):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod2):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod3):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod4):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod5):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod6):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod8):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod10):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod11):
        (WebCore::jsTestObjPrototypeFunctionClassMethodWithClamp):
        (WebCore::jsTestObjPrototypeFunctionMethodWithUnsignedLongSequence):
        (WebCore::jsTestObjPrototypeFunctionStringArrayFunction):
        (WebCore::jsTestObjPrototypeFunctionDomStringListFunction):
        (WebCore::jsTestObjPrototypeFunctionGetSVGDocument):
        (WebCore::jsTestObjPrototypeFunctionConvert1):
        (WebCore::jsTestObjPrototypeFunctionConvert2):
        (WebCore::jsTestObjPrototypeFunctionConvert4):
        (WebCore::jsTestObjPrototypeFunctionConvert5):
        (WebCore::jsTestObjPrototypeFunctionMutablePointFunction):
        (WebCore::jsTestObjPrototypeFunctionImmutablePointFunction):
        (WebCore::jsTestObjPrototypeFunctionOrange):
        (WebCore::jsTestObjPrototypeFunctionStrictFunction):
        (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithSequence):
        (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithArray):
        (WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
        (WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
        (WebCore::jsTestObjPrototypeFunctionVariadicNodeMethod):
        (WebCore::jsTestObjPrototypeFunctionAny):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::jsTestTypedefsPrototypeFunctionFunc):
        (WebCore::jsTestTypedefsPrototypeFunctionSetShadow):
        (WebCore::jsTestTypedefsPrototypeFunctionMethodWithSequenceArg):
        (WebCore::jsTestTypedefsPrototypeFunctionNullableArrayArg):
        (WebCore::jsTestTypedefsPrototypeFunctionFuncWithClamp):
        (WebCore::jsTestTypedefsPrototypeFunctionImmutablePointFunction):
        (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction):
        (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction2):
        (WebCore::jsTestTypedefsPrototypeFunctionCallWithSequenceThatRequiresInclude):
        (WebCore::jsTestTypedefsPrototypeFunctionMethodWithException):
        * bridge/objc/objc_runtime.mm:
        (JSC::Bindings::callObjCFallbackObject):
        * bridge/runtime_method.cpp:
        (JSC::callRuntimeMethod):

2014-03-31  Zan Dobersek  <zdobersek@igalia.com>

        Move the rest of Source/WebCore/html/ code to std::unique_ptr
        https://bugs.webkit.org/show_bug.cgi?id=129669

        Reviewed by Anders Carlsson.

        Replace the remaining uses of OwnPtr, PassOwnPtr under Source/WebCore/html/ with std::unique_ptr.

        * html/FormController.cpp:
        (WebCore::SavedFormState::SavedFormState):
        (WebCore::SavedFormState::deserialize):
        (WebCore::FormController::createSavedFormStateMap):
        (WebCore::FormController::formElementsState):
        (WebCore::FormController::takeStateForFormElement):
        (WebCore::FormController::formStatesFromStateVector):
        * html/FormController.h:
        * html/HTMLAreaElement.cpp:
        (WebCore::HTMLAreaElement::mapMouseEvent):
        * html/HTMLAreaElement.h:
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::setSurfaceSize):
        (WebCore::HTMLCanvasElement::createImageBuffer):
        * html/HTMLCanvasElement.h:
        * html/HTMLCollection.h:
        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::parseAttribute):
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::updateVisibleValidationMessage):
        * html/HTMLFormControlElement.h:
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::addToPastNamesMap):
        * html/HTMLFormElement.h:
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::imageLoader):
        (WebCore::HTMLInputElement::resetListAttributeTargetObserver):
        * html/HTMLInputElement.h:
        (WebCore::HTMLInputElement::hasImageLoader):
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::parseAttribute):
        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::startLoadingImage):
        * html/HTMLPlugInImageElement.h:
        * html/HTMLVideoElement.cpp:
        (WebCore::HTMLVideoElement::didAttachRenderers):
        (WebCore::HTMLVideoElement::parseAttribute):
        * html/HTMLVideoElement.h:
        * html/ValidationMessage.cpp:
        (WebCore::ValidationMessage::ValidationMessage):
        (WebCore::ValidationMessage::setMessage):
        (WebCore::ValidationMessage::setMessageDOMAndStartTimer):
        (WebCore::ValidationMessage::requestToHideMessage):
        * html/ValidationMessage.h:

2014-03-31  Maurice van der Pot  <griffon26@kfk4ever.com>

        Fix mixed use of booleans in JPEGImageDecoder.cpp
        https://bugs.webkit.org/show_bug.cgi?id=122412

        Reviewed by Darin Adler.

        Trivial fix for compilation error; no new tests.

        * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
        (WebCore::JPEGImageReader::decode):
        (WebCore::fill_input_buffer):
        Use TRUE/FALSE defined by libjpeg for libjpeg booleans

2014-03-23  Zan Dobersek  <zdobersek@igalia.com>

        Move Source/WebCore/rendering/ code to std::unique_ptr
        https://bugs.webkit.org/show_bug.cgi?id=129664

        Reviewed by Anders Carlsson.

        Replace uses of OwnPtr and PassOwnPtr in code under Source/WebCore/rendering/ with std::unique_ptr.

        * platform/graphics/FloatPolygon.cpp:
        (WebCore::FloatPolygon::FloatPolygon):
        * platform/graphics/FloatPolygon.h:
        * rendering/ClipPathOperation.h:
        * rendering/FlowThreadController.cpp:
        (WebCore::FlowThreadController::ensureRenderFlowThreadWithName):
        * rendering/FlowThreadController.h:
        * rendering/HitTestLocation.h:
        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::HitTestResult):
        (WebCore::HitTestResult::operator=):
        (WebCore::HitTestResult::rectBasedTestResult):
        (WebCore::HitTestResult::mutableRectBasedTestResult):
        * rendering/HitTestResult.h:
        * rendering/HitTestingTransformState.cpp:
        * rendering/ImageQualityController.h:
        * rendering/RenderBlock.cpp:
        (WebCore::removeBlockFromDescendantAndContainerMaps):
        (WebCore::RenderBlock::finishDelayUpdateScrollInfo):
        (WebCore::RenderBlock::addContinuationWithOutline):
        (WebCore::RenderBlock::paintContinuationOutlines):
        (WebCore::RenderBlock::insertIntoTrackedRendererMaps):
        (WebCore::RenderBlock::removeFromTrackedRendererMaps):
        (WebCore::RenderBlock::setComputedColumnCountAndWidth):
        * rendering/RenderBlock.h:
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::createFloatingObjects):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderBoxRegionInfo.h:
        * rendering/RenderButton.cpp:
        (WebCore::RenderButton::styleDidChange):
        * rendering/RenderButton.h:
        * rendering/RenderCounter.cpp:
        (WebCore::makeCounterNode):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::updateAllLayerToRegionMappings):
        (WebCore::RenderFlowThread::logicalWidthChangedInRegionsForBlock):
        * rendering/RenderFlowThread.h:
        * rendering/RenderGeometryMap.cpp:
        (WebCore::RenderGeometryMap::push):
        (WebCore::RenderGeometryMap::pushView):
        * rendering/RenderGeometryMap.h:
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
        (WebCore::RenderGrid::placeItemsOnGrid):
        (WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
        (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
        (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
        (WebCore::RenderGrid::resolveGridPositionsFromStyle):
        (WebCore::RenderGrid::resolveGridPositionAgainstOppositePosition):
        (WebCore::RenderGrid::resolveNamedGridLinePositionAgainstOppositePosition):
        (WebCore::RenderGrid::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
        (WebCore::RenderGrid::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
        * rendering/RenderGrid.h:
        * rendering/RenderImageResource.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateDescendantsAreContiguousInStackingOrder):
        (WebCore::RenderLayer::updateTransform):
        (WebCore::RenderLayer::setupFilters):
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::paintChildLayerIntoColumns):
        (WebCore::RenderLayer::hitTestChildLayerColumns):
        (WebCore::RenderLayer::updateClipRects):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayer.h:
        (WebCore::RenderLayer::clearZOrderLists):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::notifyFlushBeforeDisplayRefresh):
        (WebCore::RenderLayerCompositor::registerAllViewportConstrainedLayers):
        * rendering/RenderLayerCompositor.h:
        * rendering/RenderLayerFilterInfo.cpp:
        (WebCore::RenderLayer::FilterInfo::map):
        (WebCore::RenderLayer::FilterInfo::get):
        * rendering/RenderLayerFilterInfo.h:
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::setRenderBoxRegionInfo):
        (WebCore::RenderRegion::takeRenderBoxRegionInfo):
        * rendering/RenderRegion.h:
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::styleDidChange):
        * rendering/RenderTable.h:
        * rendering/RenderView.cpp:
        (WebCore::RenderView::selectionBounds):
        (WebCore::RenderView::setSelection):
        (WebCore::RenderView::compositor):
        (WebCore::RenderView::flowThreadController):
        (WebCore::RenderView::imageQualityController):
        * rendering/RenderView.h:
        * rendering/RootInlineBox.h:
        (WebCore::RootInlineBox::appendFloat):
        * rendering/TextAutosizer.h:
        * rendering/shapes/PolygonShape.cpp:
        (WebCore::computeShapePaddingBounds):
        (WebCore::computeShapeMarginBounds):
        * rendering/shapes/PolygonShape.h:
        (WebCore::PolygonShape::PolygonShape):
        * rendering/shapes/RasterShape.cpp:
        (WebCore::RasterShapeIntervals::computeShapeMarginIntervals):
        * rendering/shapes/RasterShape.h:
        (WebCore::RasterShape::RasterShape):
        * rendering/shapes/Shape.cpp:
        (WebCore::createInsetShape):
        (WebCore::createRectangleShape):
        (WebCore::createCircleShape):
        (WebCore::createEllipseShape):
        (WebCore::createPolygonShape):
        (WebCore::Shape::createShape):
        (WebCore::Shape::createRasterShape):
        (WebCore::Shape::createLayoutBoxShape):
        * rendering/shapes/Shape.h:
        * rendering/shapes/ShapeInfo.h:
        (WebCore::ShapeInfo::markShapeAsDirty):
        (WebCore::ShapeInfo::isShapeDirty):
        * rendering/shapes/ShapeInsideInfo.h:
        * rendering/style/ContentData.h:
        * rendering/style/CounterDirectives.cpp:
        (WebCore::clone):
        * rendering/style/CounterDirectives.h:
        * rendering/style/GridCoordinate.h:
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::addCachedPseudoStyle):
        (WebCore::RenderStyle::accessCounterDirectives):
        (WebCore::RenderStyle::accessAnimations):
        (WebCore::RenderStyle::accessTransitions):
        * rendering/style/RenderStyle.h:
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        * rendering/style/StyleRareNonInheritedData.h:
        * rendering/svg/RenderSVGResourceGradient.cpp:
        (WebCore::RenderSVGResourceGradient::applyResource):
        * rendering/svg/RenderSVGResourceGradient.h:
        * rendering/svg/RenderSVGResourcePattern.cpp:
        (WebCore::RenderSVGResourcePattern::buildPattern):
        * rendering/svg/RenderSVGResourcePattern.h:
        * rendering/svg/RenderSVGShape.cpp:
        (WebCore::RenderSVGShape::updateShapeFromElement):
        * rendering/svg/RenderSVGShape.h:
        * rendering/svg/SVGResources.cpp:
        (WebCore::SVGResources::setClipper):
        (WebCore::SVGResources::setFilter):
        (WebCore::SVGResources::setMarkerStart):
        (WebCore::SVGResources::setMarkerMid):
        (WebCore::SVGResources::setMarkerEnd):
        (WebCore::SVGResources::setMasker):
        (WebCore::SVGResources::setFill):
        (WebCore::SVGResources::setStroke):
        * rendering/svg/SVGResources.h:
        * rendering/svg/SVGResourcesCache.cpp:
        (WebCore::SVGResourcesCache::addResourcesFromRenderer):
        (WebCore::SVGResourcesCache::removeResourcesFromRenderer):
        * rendering/svg/SVGResourcesCache.h:
        * rendering/svg/SVGTextMetricsBuilder.cpp:
        (WebCore::SVGTextMetricsBuilder::initializeMeasurementWithTextRenderer):
        * rendering/svg/SVGTextMetricsBuilder.h:

2014-03-28  Sergio Villar Senin  <svillar@igalia.com>

        Replace DEPRECATED_DEFINE_STATIC_LOCAL by static NeverDestroyed<T> in loader
        https://bugs.webkit.org/show_bug.cgi?id=130893

        Reviewed by Darin Adler.

        * loader/ImageLoader.cpp:
        (WebCore::beforeLoadEventSender):
        (WebCore::loadEventSender):
        (WebCore::errorEventSender):
        * loader/appcache/ApplicationCacheStorage.cpp:
        (WebCore::cacheStorage):
        * loader/appcache/ApplicationCacheStorage.h:
        * loader/archive/ArchiveFactory.cpp:
        (WebCore::archiveMIMETypes):
        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::brokenImage):
        * loader/cache/CachedRawResource.cpp:
        (WebCore::shouldIgnoreHeaderForCacheReuse):
        * loader/cache/MemoryCache.cpp:
        (WebCore::dummyCachedImageClient):

2014-03-28  Sergio Villar Senin  <svillar@igalia.com>

        Replace DEPRECATED_DEFINE_STATIC_LOCAL by static NeverDestroyed<T> in css
        https://bugs.webkit.org/show_bug.cgi?id=130409

        Reviewed by Darin Adler.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::logUnimplementedPropertyID):
        * css/CSSDefaultStyleSheets.cpp:
        (WebCore::screenEval):
        (WebCore::printEval):
        * css/CSSParser.cpp:
        (WebCore::strictCSSParserContext):
        * css/CSSPrimitiveValue.cpp:
        (WebCore::cssTextCache):
        * css/CSSProperty.cpp:
        (WebCore::borderDirections):
        * css/CSSStyleRule.cpp:
        (WebCore::selectorTextCache):
        * css/CSSValuePool.cpp:
        (WebCore::cssValuePool):
        * css/CSSValuePool.h:
        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::ApplyPropertyPageSize::getPageSizeFromName):
        (WebCore::DeprecatedStyleBuilder::sharedStyleBuilder):
        * css/DeprecatedStyleBuilder.h:

2014-03-30  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GTK] [TextureMapper] Weird brightness with some videos with acceletared compositing
        https://bugs.webkit.org/show_bug.cgi?id=130665

        Reviewed by Martin Robinson.

        When we uploaded a video texture to the mapper we were not
        considering that some videos could be decoded into a format
        without alpha component. Now we check if the video has alpha and
        if it does not, we remove the alpha flag when retrieving the
        texture from the pool. For this, the method to get the texture
        from the pool was modified to receive the flags, that is mapped to
        have alpha by default in order not to break any other existing
        code.

        Though we have a problem with AC in WTR and that makes it
        currently not testable, no new tests are needed because once this
        is fixed the current test set suffices to detect a possible
        regression in this.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::updateTexture): Check
        the video format and decide if the texture shall be pulled with
        alpha support or not.
        * platform/graphics/texmap/TextureMapper.cpp:
        (WebCore::TextureMapper::acquireTextureFromPool): Use the flags
        when resetting the texture.
        * platform/graphics/texmap/TextureMapper.h:
        (WebCore::BitmapTexture::Flag::None): Added with 0x00.
        (WebCore::TextureMapper::acquireTextureFromPool): Added flag
        parameter to set up the texture with the default for including
        alpha channel.

2014-03-30  Jinwoo Song  <jinwoo7.song@samsung.com>

        Adopt range-based for loops to TextCheckerEnchant
        https://bugs.webkit.org/show_bug.cgi?id=130714

        Reviewed by Darin Adler.

        * platform/text/enchant/TextCheckerEnchant.cpp:
        (WebCore::TextCheckerEnchant::ignoreWord):
        (WebCore::TextCheckerEnchant::learnWord):
        (WebCore::TextCheckerEnchant::checkSpellingOfWord):
        (WebCore::TextCheckerEnchant::getGuessesForWord):
        (WebCore::TextCheckerEnchant::updateSpellCheckingLanguages):
        (WebCore::TextCheckerEnchant::loadedSpellCheckingLanguages):
        (WebCore::TextCheckerEnchant::availableSpellCheckingLanguages):
        (WebCore::TextCheckerEnchant::freeEnchantBrokerDictionaries):

2014-03-30  Benjamin Poulain  <benjamin@webkit.org>

        Second attempt to fix 32bits build after r166465

        * rendering/style/RenderStyle.h:
        The compiler probably complain about the return value, that makes more sense.

2014-03-30  Benjamin Poulain  <benjamin@webkit.org>

        Attempt to fix 32bits build after r166465

        * rendering/style/RenderStyle.h:

2014-03-30  Benjamin Poulain  <benjamin@webkit.org>

        Make RenderStyle's non inherited flags more JSC friendly
        https://bugs.webkit.org/show_bug.cgi?id=130939

        Reviewed by Andreas Kling.

        Make RenderStyle::NonInheritedFlags accessible to the JIT:
        -Make the struct public to give access to the offset.
        -Move away from a bit field to static offsets we can use
         with the MacroAssembler.
        -Reorder the field to simplify bit access of the flags we need.

        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::ApplyPropertyVerticalAlign::createHandler):
        (WebCore::ApplyPropertyDisplay::applyInitialValue):
        (WebCore::DeprecatedStyleBuilder::DeprecatedStyleBuilder):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::RenderStyle):
        (WebCore::RenderStyle::copyNonInheritedFrom):
        (WebCore::RenderStyle::hashForTextAutosizing):
        (WebCore::RenderStyle::equalForTextAutosizing):
        (WebCore::RenderStyle::changeRequiresLayout):
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::hasAnyPublicPseudoStyles):
        (WebCore::RenderStyle::hasPseudoStyle):
        (WebCore::RenderStyle::setHasPseudoStyle):
        * rendering/style/StyleMultiColData.cpp:
        (WebCore::StyleMultiColData::StyleMultiColData):
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):

2014-03-30  David Kilzer  <ddkilzer@apple.com>

        [iOS] Fix build of HTMLConverter.mm after r166454

        Fixes the following build failures:

            WebCore/editing/cocoa/HTMLConverter.mm:1507:13: error: value of type 'WebCore::Element' is not contextually convertible to 'bool'
                    if (element)
                        ^~~~~~~
            WebCore/editing/cocoa/HTMLConverter.mm:1508:49: error: no matching function for call to 'core'
                        _caches->floatPropertyValueForNode(*core(element), CSSPropertyVerticalAlign, verticalAlign);
                                                            ^~~~
            In file included from WebCore/editing/cocoa/HTMLConverter.mm:41:
            In file included from WebCore/page/Frame.h:42:
            In file included from WebCore/editing/VisibleSelection.h:30:
            In file included from WebCore/editing/VisiblePosition.h:30:
            In file included from WebCore/dom/Position.h:31:
            WebCore/editing/TextAffinity.h:54:27: note: candidate function not viable: no known conversion from 'WebCore::Element' to 'NSSelectionAffinity' (aka '_NSSelectionAffinity') for 1st argument
            inline WebCore::EAffinity core(NSSelectionAffinity affinity)
                                      ^
            WebCore/editing/cocoa/HTMLConverter.mm:1509:81: error: reference to non-static member function must be called; did you mean to call it with no arguments?
                    attachment.get().bounds = CGRectMake(0, (verticalAlign / 100) * element.clientHeight, element.clientWidth, element.clientHeight);
                                                                                    ~~~~~~~~^~~~~~~~~~~~
                                                                                                        ()
            WebCore/editing/cocoa/HTMLConverter.mm:1509:103: error: reference to non-static member function must be called; did you mean to call it with no arguments?
                    attachment.get().bounds = CGRectMake(0, (verticalAlign / 100) * element.clientHeight, element.clientWidth, element.clientHeight);
                                                                                                          ~~~~~~~~^~~~~~~~~~~
                                                                                                                             ()
            WebCore/editing/cocoa/HTMLConverter.mm:1509:124: error: reference to non-static member function must be called; did you mean to call it with no arguments?
                    attachment.get().bounds = CGRectMake(0, (verticalAlign / 100) * element.clientHeight, element.clientWidth, element.clientHeight);
                                                                                                                               ~~~~~~~~^~~~~~~~~~~~
                                                                                                                                                   ()
            5 errors generated.

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverter::_addAttachmentForElement):

2014-03-30  Andreas Kling  <akling@apple.com>

        Make NodeList and HTMLCollection caching helpers use PassRef.
        <https://webkit.org/b/130943>

        Tweak the helpers in NodeListsNodeData to return PassRef instead of
        PassRefPtr. This knocks 2 branches off of some pretty hot code on
        Dromaeo/dom-query.

        Reviewed by Antti Koivisto.

        * dom/ChildNodeList.h:
        * dom/ClassNodeList.h:
        * dom/NameNodeList.h:
        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::ensureChildNodeList):
        (WebCore::NodeListsNodeData::ensureEmptyChildNodeList):
        (WebCore::NodeListsNodeData::addCacheWithAtomicName):
        (WebCore::NodeListsNodeData::addCacheWithName):
        (WebCore::NodeListsNodeData::addCacheWithQualifiedName):
        (WebCore::NodeListsNodeData::addCachedCollection):
        * dom/TagNodeList.h:
        * html/HTMLCollection.cpp:
        (WebCore::HTMLCollection::create):
        * html/HTMLCollection.h:
        * html/HTMLFormControlsCollection.cpp:
        (WebCore::HTMLFormControlsCollection::create):
        * html/HTMLFormControlsCollection.h:
        * html/RadioNodeList.h:

2014-03-29  Antti Koivisto  <antti@apple.com>

        LiveNodeLists should use ElementDescendantIterator
        https://bugs.webkit.org/show_bug.cgi?id=130931

        Reviewed by Andreas Kling.
        
        Make LiveNodeList traversal use the common DOM tree iterator.

        * dom/ChildNodeList.cpp:
        (WebCore::ChildNodeList::ChildNodeList):
        (WebCore::ChildNodeList::collectionBegin):
        (WebCore::ChildNodeList::collectionTraverseForward):
        (WebCore::ChildNodeList::collectionTraverseBackward):
        (WebCore::ChildNodeList::invalidateCache):
        (WebCore::ChildNodeList::collectionFirst): Deleted.
        
            Iterator for ChildNodeList is still just Node*.

        * dom/ChildNodeList.h:
        * dom/CollectionIndexCache.h:
        (WebCore::CollectionIndexCache::hasValidCache):
        (WebCore::Iterator>::CollectionIndexCache):
        (WebCore::Iterator>::nodeCount):
        (WebCore::Iterator>::computeNodeCountUpdatingListCache):
        (WebCore::Iterator>::traverseBackwardTo):
        (WebCore::Iterator>::traverseForwardTo):
        (WebCore::Iterator>::nodeAt):
        (WebCore::Iterator>::invalidate):
        
            Make CollectionIndexCache iterator based instead of using NodeType*. The iterator type may
            still be a Node* though.

        (WebCore::NodeType>::CollectionIndexCache): Deleted.
        (WebCore::NodeType>::nodeCount): Deleted.
        (WebCore::NodeType>::computeNodeCountUpdatingListCache): Deleted.
        (WebCore::NodeType>::nodeBeforeCached): Deleted.
        (WebCore::NodeType>::nodeAfterCached): Deleted.
        (WebCore::NodeType>::nodeAt): Deleted.
        (WebCore::NodeType>::invalidate): Deleted.
        * dom/ElementDescendantIterator.h:
        (WebCore::ElementDescendantIterator::operator--):
        
            Add backward iteration support.

        (WebCore::ElementDescendantIteratorAdapter::last):
        (WebCore::ElementDescendantConstIteratorAdapter::last):
        
            Add a way to get the last item.
            Provide std::iterator_traits so we can extract the type.

        * dom/LiveNodeList.h:
        (WebCore::CachedLiveNodeList::collectionEnd):
        (WebCore::CachedLiveNodeList<NodeListType>::CachedLiveNodeList):
        (WebCore::CachedLiveNodeList<NodeListType>::~CachedLiveNodeList):
        (WebCore::CachedLiveNodeList<NodeListType>::collectionBegin):
        (WebCore::CachedLiveNodeList<NodeListType>::collectionLast):
        (WebCore::CachedLiveNodeList<NodeListType>::collectionTraverseForward):
        (WebCore::CachedLiveNodeList<NodeListType>::collectionTraverseBackward):
        (WebCore::CachedLiveNodeList<NodeListType>::invalidateCache):
        (WebCore::CachedLiveNodeList<NodeListType>::collectionFirst): Deleted.
        
            Make LiveNodeList traversal use ElementDescendantIterator.

        (WebCore::nextMatchingElement): Deleted.
        (WebCore::previousMatchingElement): Deleted.
        * html/HTMLCollection.cpp:
        (WebCore::HTMLCollection::HTMLCollection):
        (WebCore::HTMLCollection::~HTMLCollection):
        (WebCore::HTMLCollection::collectionBegin):
        (WebCore::HTMLCollection::collectionTraverseForward):
        (WebCore::HTMLCollection::collectionTraverseBackward):
        (WebCore::HTMLCollection::invalidateCache):
        (WebCore::HTMLCollection::collectionFirst): Deleted.
        * html/HTMLCollection.h:
        (WebCore::HTMLCollection::collectionEnd):
        
            HTMLCollection still uses Element* as iterator for now.

2014-03-29  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r166434.
        https://bugs.webkit.org/show_bug.cgi?id=130938

        Caused crashes and other failures on cache tests (Requested by
        ap on #webkit).

        Reverted changeset:

        "Web Replay: add page-level setting to bypass the MemoryCache"
        https://bugs.webkit.org/show_bug.cgi?id=130728
        http://trac.webkit.org/changeset/166434

2014-03-29  David Kilzer  <ddkilzer@apple.com>

        Preserve selection end positions in directionOfSelection
        <http://webkit.org/b/104813>
        <rdar://problem/13666417>

        Reviewed by Brent Fulgham.

        Merged from Blink (patch by kenrb@chromium.org):
        https://src.chromium.org/viewvc/blink?revision=150621&view=revision
        http://crbug.com/164263

            VisibleSelection::visibleStart() and VisibleSelection::visibleEnd()
            can both cause layouts, which has the potential to invalidate any
            rendertree-based objects. This was causing a problem in
            FrameSelection::directionOfSelection(), where a reference to a
            lineBox was being held across a call to visibleEnd().

            This patch ensures that the any layout is completed before linebox
            references are retrieved.

        Test: editing/selection/layout-during-move-selection-crash.html

        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::directionOfSelection):

2014-03-29  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Simple line layout should not round to integral position while painting.
        https://bugs.webkit.org/show_bug.cgi?id=130934

        Reviewed by Simon Fraser.

        Remove rounding to integral position. When RenderLayer is injected and hides subpixel positions,
        integral rounding produces different paint position.

        Test: fast/flexbox/hidpi-simple-line-layout-with-flexbox-and-transition.html

        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::paintFlow):

2014-03-29  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Make GraphicsContext::drawImageBuffer* functions float based.
        https://bugs.webkit.org/show_bug.cgi?id=130932

        Reviewed by Simon Fraser.
        
        This is in preparation to support device pixel based filter painting.
        Filter calculation is still integral based.

        No change in behavior.

        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawImageBuffer):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/filters/FilterEffect.cpp: This will eventually be fully float based.
        Right now, this IntRect->FloatRect change is only to ensure that we can call 
        the float based drawImageBuffer(). 
        (WebCore::FilterEffect::drawingRegionOfInputImage):
        * platform/graphics/filters/FilterEffect.h:

2014-03-27  Sam Weinig  <sam@webkit.org>

        Convert yet more of HTMLConverter to C++
        https://bugs.webkit.org/show_bug.cgi?id=130850

        Reviewed by Anders Carlsson.

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverterCaches::isAncestorsOfStartToBeConverted):
        (HTMLConverter::HTMLConverter):
        (HTMLConverter::~HTMLConverter):
        (HTMLConverter::convert):
        (HTMLConverter::computedAttributesForElement):
        (HTMLConverter::attributesForElement):
        (HTMLConverter::_newParagraphForElement):
        (HTMLConverter::_newLineForElement):
        (HTMLConverter::_newTabForElement):
        (HTMLConverter::_addAttachmentForElement):
        (HTMLConverter::_addQuoteForElement):
        (HTMLConverter::_addValue):
        (HTMLConverter::_processHeadElement):
        (HTMLConverter::_enterElement):
        (HTMLConverter::_addTableCellForElement):
        (HTMLConverter::_processElement):
        (HTMLConverter::_addMarkersToList):
        (HTMLConverter::_exitElement):
        (HTMLConverter::_processText):
        (HTMLConverter::_traverseNode):
        (HTMLConverter::_traverseFooterNode):
        (WebCore::attributedStringFromRange):
        (_childrenForNode): Deleted.
        (HTMLConverter::_computedAttributesForElement): Deleted.
        (HTMLConverter::_attributesForElement): Deleted.
        (HTMLConverter::_loadFromDOMRange): Deleted.

2014-03-28  Csaba Osztrogonác  <ossy@webkit.org>

        Unreviewed buildfix after r166441 and r166443.

        * CMakeLists.txt: Add platform/audio/AudioHardwareListener.cpp.

2014-03-28  Javier Fernandez  <jfernandez@igalia.com>

        [CSS Grid Layout] The 'auto' height must be adapted to the item's margin.
        https://bugs.webkit.org/show_bug.cgi?id=130920

        Reviewed by Darin Adler.

        Adding the grid-item's marginLogicalHeight to the used breadth when computing
        content based grid-track sizes.

        Test: fast/css-grid-layout/grid-item-margin-auto-columns-rows.html

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::logicalContentHeightForChild):

2014-03-28  James Craig  <jcraig@apple.com>

        Web Inspector: AXI: support for live regions
        https://bugs.webkit.org/show_bug.cgi?id=130725

        Reviewed by Timothy Hatcher.

        Tests: inspector-protocol/dom/getAccessibilityPropertiesForNode.html
               inspector-protocol/dom/getAccessibilityPropertiesForNode_liveRegion.html

        Initial support for @aria-live, @aria-atomic, and @aria-busy.

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
        * inspector/protocol/DOM.json:

2014-03-28  Darin Adler  <darin@apple.com>

        Fix recently-introduced off-by-one error in centerTruncateToBuffer
        https://bugs.webkit.org/show_bug.cgi?id=130889
        <rdar://problem/16408694>

        Reviewed by Alexey Proskuryakov.

        * platform/graphics/StringTruncator.cpp:
        (WebCore::centerTruncateToBuffer): Simplified expression that computes truncatedLength.
        Removed incorrect "+ 1" from computation of where to write characters.

2014-03-28  Benjamin Poulain  <bpoulain@apple.com>

        Update the code related to SelectorPseudoTypeMap to reflect its new purpose
        https://bugs.webkit.org/show_bug.cgi?id=130620

        Reviewed by Andreas Kling.

        Since r166094, SelectorPseudoTypeMap only contains PseudoClass instances and the 4 compatibility PseudoElement.

        This patch rename SelectorPseudoTypeMap to SelectorPseudoClassAndCompatibilityElementMap and update the parsing
        to split PseudoClass and PseudoElement.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSGrammar.y.in:
        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::parsePseudoClassAndCompatibilityElementSelector):
        (WebCore::CSSParserSelector::setPseudoClassValue):
        * css/CSSParserValues.h:
        * css/CSSSelector.cpp:
        (WebCore::appendPseudoClassFunctionTail):
        (WebCore::CSSSelector::selectorText):
        * css/SelectorPseudoClassAndCompatibilityElementMap.in: Renamed from Source/WebCore/css/SelectorPseudoTypeMap.in.
        * css/SelectorPseudoTypeMap.h:
        * css/makeSelectorPseudoClassAndCompatibilityElementMap.py: Renamed from Source/WebCore/css/makeSelectorPseudoTypeMap.py.
        (enumerablePseudoType):
        (expand_ifdef_condition):

2014-03-28  Stephanie Lewis  <slewis@apple.com>

        Unreviewed build fix.

        * platform/audio/AudioHardwareListener.cpp:
        (WebCore::AudioHardwareListener::create):
        (WebCore::AudioHardwareListener::audioHardwareListenerIsSupported): Deleted.
        * platform/audio/AudioHardwareListener.h:

2014-03-28  Lukasz Bialek  <l.bialek@samsung.com>

        Refactor cut and copy functions as suggested in FIXME line
        https://bugs.webkit.org/show_bug.cgi?id=129867

        Reviewed by Darin Adler.

        Cut and Copy functions in Editor.cpp use lots of common code.
        Those functions are merged into one to share code, several
        additional conditions are added to preserve Cut and Copy
        functionality.

        * editing/Editor.cpp:
        (WebCore::Editor::cut):
        (WebCore::Editor::copy):
        (WebCore::Editor::performCutOrCopy):
        * editing/Editor.h:

2014-03-28  Stephanie Lewis  <slewis@apple.com>

        Rename pluginDidEvaluate to better represent when it’s called.
        Part of <rdar://problem/16061257> PluginProcess should AppNap when no plugins on active tab.

        Reviewed by Anders Carlsson.

        No new test because it’s just a name change.

        * page/PageThrottler.h:
        (WebCore::PageThrottler::pluginDidEvaluateWhileAudioIsPlaying):

2014-03-28  Stephanie Lewis  <slewis@apple.com>

        Notification handler for telling if audio hardware is active.
        https://bugs.webkit.org/show_bug.cgi?id=130743

        Reviewed by Jer Noble.

        Not web-exposed so no easy way to test.

        Listen to CoreAudio to see if audio hardware is active in the current process.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/audio/AudioHardwareListener.cpp: Added.
        (WebCore::AudioHardwareListener::create):
        (WebCore::AudioHardwareListener::AudioHardwareListener):
        * platform/audio/AudioHardwareListener.h: Added.
        (WebCore::AudioHardwareListener::Client::~Client):
        (WebCore::AudioHardwareListener::~AudioHardwareListener):
        (WebCore::AudioHardwareListener::isHardwareActive):
        * platform/audio/mac/AudioHardwareListenerMac.cpp: Added.
        (WebCore::isAudioHardwareProcessRunning):
        (WebCore::AudioHardwareListener::create):
        (WebCore::AudioHardwareListenerMac::create):
        (WebCore::AudioHardwareListenerMac::AudioHardwareListenerMac):
        (WebCore::AudioHardwareListenerMac::~AudioHardwareListenerMac):
        (WebCore::AudioHardwareListenerMac::setHardwareActive):
        * platform/audio/mac/AudioHardwareListenerMac.h: Added.

2014-03-28  James Craig  <jcraig@apple.com>

        Web Inspector: AXI: expose what elements get generic "clickable" status
        https://bugs.webkit.org/show_bug.cgi?id=130721

        Reviewed by Timothy Hatcher.

        Test: inspector-protocol/dom/getAccessibilityPropertiesForNode.html:
        Test: inspector-protocol/dom/getAccessibilityPropertiesForNode_mouseEventNodeId.html

        Expose ancestor element link to "Click Listener" or generic "Clickable: Yes" if current node has mouse handler.

        Update AccessibilityNodeObject::mouseButtonListener() to optionally return body element if 
            requested so that Web Inspector can display body event delegate handlers.

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::mouseButtonListener):
        * accessibility/AccessibilityNodeObject.h:
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
        * inspector/protocol/DOM.json:

2014-03-28  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Really drop all locks in nested run loop on iOS if WebThread is enabled
        https://bugs.webkit.org/show_bug.cgi?id=130912

        Reviewed by Geoffrey Garen.

        Previously we were calling DropAllLocks inside of a single line if statement,
        so the JSLock was getting reaquired very quickly. We really want to DropAllLocks
        for the duration of running the nested run loop on iOS if there is a WebThread.

        * bindings/js/PageScriptDebugServer.h:
        * bindings/js/PageScriptDebugServer.cpp:
        (WebCore::PageScriptDebugServer::runEventLoopWhilePaused):
        (WebCore::PageScriptDebugServer::runEventLoopWhilePausedInternal):

2014-03-28  Brent Fulgham  <bfulgham@apple.com>

        [Win] Enable Media Track testing features on Windows
        https://bugs.webkit.org/show_bug.cgi?id=130851

        Reviewed by Eric Carlson.

        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState): Execute code on Windows as well.
        (WebCore::Internals::Internals): Ditto.
        (WebCore::Internals::captionsStyleSheetOverride): Ditto.
        (WebCore::Internals::setCaptionsStyleSheetOverride): Ditto.
        (WebCore::Internals::setPrimaryAudioTrackLanguageOverride): Ditto.
        (WebCore::Internals::setCaptionDisplayMode): Ditto.

2014-03-28  Brian Burg  <bburg@apple.com>

        Web Replay: add page-level setting to bypass the MemoryCache
        https://bugs.webkit.org/show_bug.cgi?id=130728

        Reviewed by Timothy Hatcher.

        When replaying a specific Page we don't want to store its cached resources in the
        MemoryCache. This patch adds a page setting to prevent the page's resources from
        being saved in the MemoryCache.

        If Settings::usesMemoryCache() is false, page resources are given the special
        SessionID bypassCacheSessionID(). The cached resource loader and memory cache
        act as if the memory cache is disabled if the resource has this special session id.

        Hook up ReplayController to override the memory cache setting during capture/replay.

        Test: http/tests/cache/bypass-memory-cache-after-reload.html

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestResource):
        (WebCore::CachedResourceLoader::revalidateResource):
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::add):
        * page/Page.cpp:
        (WebCore::Page::sessionID):
        * page/SessionID.h:
        (WebCore::SessionID::bypassCacheSessionID):
        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        * page/Settings.h:
        (WebCore::Settings::setUsesMemoryCache):
        (WebCore::Settings::usesMemoryCache):
        * replay/ReplayController.cpp:
        (WebCore::ReplayController::setForceDeterministicSettings):
        * replay/ReplayController.h:
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::Backup::Backup):
        (WebCore::InternalSettings::Backup::restoreTo):
        (WebCore::InternalSettings::setUsesMemoryCache):
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:

2014-03-28  Radu Stavila  <stavila@adobe.com>

        In some situations, partial layouts of floating elements produce incorrect results.
        https://bugs.webkit.org/show_bug.cgi?id=122668

        Reviewed by David Hyatt.

        When performing partial layout of float elements and checking if other float
        elements are encountered, incorrect results were obtained by not checking
        the size of the existing floats vector.

        Test: fast/block/float/floats-in-clean-line-crash.html

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::checkFloatsInCleanLine):

2014-03-28  Beth Dakin  <bdakin@apple.com>

        Build fix.

        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::paint):

2014-03-28  Jer Noble  <jer.noble@apple.com>

        [MSE] Implement support for SourceBuffer.remove()
        https://bugs.webkit.org/show_bug.cgi?id=121562

        Reviewed by Eric Carlson.

        Test: media/media-source/media-source-remove.html

        Add support for SourceBuffer.remove().

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::SourceBuffer): Initialize new member variables.
        (WebCore::SourceBuffer::setTimestampOffset): Update comments to match spec.
        (WebCore::SourceBuffer::remove): Added; start removeTimer.
        (WebCore::SourceBuffer::abortIfUpdating): Cancel removeTimer.
        (WebCore::SourceBuffer::removedFromMediaSource): Call abortIfUpdating().
        (WebCore::SourceBuffer::stop): Cancel removeTimer.
        (WebCore::SourceBuffer::removeCodedFrames): Added.
        (WebCore::SourceBuffer::removeTimerFired): Added.
        * Modules/mediasource/SourceBuffer.h:
        * Modules/mediasource/SourceBuffer.idl:

2014-03-27  Dean Jackson  <dino@apple.com>

        Support form controls that may need incremental redraw
        https://bugs.webkit.org/show_bug.cgi?id=130736

        Reviewed by Beth Dakin.

        There are some form controls that change appearance
        over time. Expand the ControlStates so that it can
        hold a little more information, including a reference
        to the native form control. This way the Theme implementation
        can repaint the existing native control if necessary. At
        least ThemeMac was reusing a single control for painting
        all instances before this change.

        Since ControlStates is now a class, pass it around by
        reference.

        The other major change is keeping a timer to trigger a
        repaint in RenderBox, which happens if Theme/RenderTheme
        update the ControlState to request one.

        * WebCore.xcodeproj/project.pbxproj: Add ControlStates.h.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * dom/Element.cpp:
        (WebCore::Element::setActive): States now within ControlStates.
        (WebCore::Element::setHovered): Ditto.
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::focusedOrActiveStateChanged): Ditto.
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::disabledStateChanged): Ditto.
        (WebCore::HTMLFormControlElement::readOnlyAttributeChanged): Ditto.
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::setChecked): Ditto.
        (WebCore::HTMLInputElement::setIndeterminate): Ditto.
        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::parseAttribute): Ditto.
        * platform/ControlStates.h: New file. Copied the old ControlStates enum,
        and added accessors to hold whether or not the state is dirty, and
        a reference to a platform control if necessary.
        * platform/Theme.h:
        (WebCore::Theme::selectionColor): Pass ControlStates pointer.
        (WebCore::Theme::paint): Ditto.
        (WebCore::Theme::inflateControlPaintRect): Ditto.
        * platform/ThemeTypes.h: Remove ControlStates enum.
        * platform/efl/RenderThemeEfl.cpp:
        (WebCore::RenderThemeEfl::applyEdjeStateFromForm): Pass ControlStates pointer.
        (WebCore::RenderThemeEfl::paintThemePart): Ditto.
        * platform/efl/RenderThemeEfl.h: Ditto.
        * platform/mac/ThemeMac.h: Ditto.
        * platform/mac/ThemeMac.mm:
        (-[WebCoreThemeView addSubview:]): New method to make sure we don't add CALayer backed
        views to the NSView we're using for rendering.
        (WebCore::updateStates): Use the private animated setters if necessary.
        (WebCore::convertControlStatesToThemeDrawState): Namespacing.
        (WebCore::configureCheckbox): Pass ControlStates pointer.
        (WebCore::createCheckboxCell): New helper since we're creating non-static cells.
        (WebCore::sharedCheckboxCell): The old static provider, renamed.
        (WebCore::paintCheckbox): Check if this paint was triggered by a state change
        or an animation. Update the ControlStates if we need to be repainted.
        (WebCore::radio): Parameter is now ControlStates*.
        (WebCore::paintRadio): Ditto.
        (WebCore::setUpButtonCell): Ditto.
        (WebCore::button): Ditto.
        (WebCore::paintButton): Ditto.
        (WebCore::paintStepper): Ditto.
        (WebCore::ThemeMac::ensuredView): Ditto.
        (WebCore::ThemeMac::inflateControlPaintRect): Ditto.
        (WebCore::ThemeMac::paint): Ditto.
        (WebCore::checkbox): Deleted.
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::RenderBox): Initialize timer.
        (WebCore::RenderBox::~RenderBox): Stop any pending timers and delete the ControlState if necessary.
        (WebCore::RenderBox::paintBoxDecorations): Create a ControlStates if needed. Paint, and start the repaint
        timer if the ControlStates say we should.
        (WebCore::RenderBox::repaintTimerFired): Call repaint when the timer fires.
        * rendering/RenderBox.h: Add a timer for repainting.
        * rendering/RenderElement.cpp:
        (WebCore::controlStatesRendererMap): A static HashMap that associates renderers with ControlStates.
        (WebCore::RenderElement::hasControlStatesForRenderer):
        (WebCore::RenderElement::controlStatesForRenderer):
        (WebCore::RenderElement::removeControlStatesForRenderer):
        (WebCore::RenderElement::addControlStatesForRenderer):
        * rendering/RenderElement.h:
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::paint): Use a pointer to ControlStates.
        (WebCore::RenderTheme::adjustRepaintRect): Ditto.
        (WebCore::RenderTheme::stateChanged): Ditto.
        (WebCore::RenderTheme::updateControlStatesForRenderer): New method that just updates the states part of ControlStates.
        (WebCore::RenderTheme::extractControlStatesForRenderer): New method that calculates the state.
        (WebCore::RenderTheme::controlStatesForRenderer): Deleted.
        * rendering/RenderTheme.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::documentViewFor): Use a ControlStates pointer.

2014-03-28  Myles C. Maxfield  <mmaxfield@apple.com>

        Clear SVGInlineTextBox fragments when the text changes.
        https://bugs.webkit.org/show_bug.cgi?id=130879

        Reviewed by Darin Adler.

        Ported from Blink: https://src.chromium.org/viewvc/blink?revision=150456&view=revision

        This patch modifies SVGInlineTextBox::dirtyLineBoxes to clear all
        following text boxes when invoked. Typically this method is called
        when the underlying text string changes, and that change needs to
        be propagated to all the boxes that use the text beyond the point
        where the text is first modified.
        
        Also cleans up final function keywords for SVGRootInlineBox.

        Test: svg/custom/unicode-in-tspan-multi-svg-crash.html

        * rendering/InlineTextBox.h: Added (non-recursive) dirtyOwnLineBoxes() function
        (WebCore::InlineTextBox::dirtyOwnLineBoxes): Calls dirtyLineBoxes()
        * rendering/svg/SVGInlineTextBox.h: Added (non-recursive) dirtyOwnLineBoxes() function
        (WebCore::SVGInlineTextBox::dirtyOwnLineBoxes):
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::dirtyOwnLineBoxes): Non-recursive part of dirtyLineBoxes()
        (WebCore::SVGInlineTextBox::dirtyLineBoxes): Calls dirtyOwnLineBoxes() in a loop
        * rendering/svg/SVGRootInlineBox.h:

2014-03-28  Andreas Kling  <akling@apple.com>

        Rebaseline bindings tests.

2014-03-28  Michael Saboff  <msaboff@apple.com>

        Unreviewed, rolling r166248 back in.

        Turns out r166070 didn't cause a 2% performance loss in page load times

        Reverted changeset:

        Unreviewed, rolling out r166126.
        Rollout r166126 in prepartion to roll out prerequisite r166070

2014-03-26  Antonio Gomes  <a1.gomes@sisa.samsung.com>

        [Bindings] constants are always typed to 'int'
        https://bugs.webkit.org/show_bug.cgi?id=130775

        Reviewed by Darin Adler.

        Patch fixes a bug where all constant getter generated
        methods were returning 'integer' values due to static_cast.

        Compilers should be smarth enough to properly infer which
        jsNumber class construtor to call given a literal value.

        Patch also fixes a bug where values whose representation
        is bigger an integer maximum were overflowing. For instance,
        NodeFilter.SHOW_ALL (0xFFFFFFFF).

        Tests:
        Binding tests updated.
        Rebaselined fast/dom/constants.html

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::jsTestInterfaceIMPLEMENTSCONSTANT1):
        (WebCore::jsTestInterfaceIMPLEMENTSCONSTANT2):
        (WebCore::jsTestInterfaceSUPPLEMENTALCONSTANT1):
        (WebCore::jsTestInterfaceSUPPLEMENTALCONSTANT2):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjCONDITIONAL_CONST):
        (WebCore::jsTestObjCONST_VALUE_0):
        (WebCore::jsTestObjCONST_VALUE_1):
        (WebCore::jsTestObjCONST_VALUE_2):
        (WebCore::jsTestObjCONST_VALUE_4):
        (WebCore::jsTestObjCONST_VALUE_8):
        (WebCore::jsTestObjCONST_VALUE_9):
        (WebCore::jsTestObjCONST_VALUE_11):
        (WebCore::jsTestObjCONST_VALUE_12):
        (WebCore::jsTestObjCONST_VALUE_13):
        (WebCore::jsTestObjCONST_VALUE_14):
        (WebCore::jsTestObjCONST_JAVASCRIPT):
        (WebCore::jsTestObjReadonly):

2014-03-28  Myles C. Maxfield  <mmaxfield@apple.com>

        A TrailingObject's endpoint might get decremented twice
        https://bugs.webkit.org/show_bug.cgi?id=130874

        Reviewed by Darin Adler.

        There are two places where we might shave off a trailing space from the end
        of a line. We don't want to hit both codepaths for a single line.

        Fixes fast/block/update-midpoints-for-trailing-boxes-crash.html after r166245.

        * rendering/line/BreakingContextInlineHeaders.h:
        (WebCore::checkMidpoints):
        (WebCore::BreakingContext::handleEndOfLine):

2014-03-28  Andreas Kling  <akling@apple.com>

        Inline JSDOMWrapper subclasses' finishCreation().
        <https://webkit.org/b/130890>

        finishCreation() is really a no-op for JSDOMWrapper subclasses in
        release builds. None of the ancestor classes do anything but assert
        in their implementations.

        Generate the function inline, reducing binary size, and removing
        an unnecessary call from the JSFoo::create() helpers.

        Reviewed by Sam Weinig.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GenerateImplementation):

2014-03-28  Jer Noble  <jer.noble@apple.com>

        [Mac] HLS streams will report an incorrect natural size.
        https://bugs.webkit.org/show_bug.cgi?id=130859

        Reviewed by Eric Carlson.

        Some HLS streams will report incorrect naturalSizes due to the asset's preferredTransform
        property not being  available at the same time as the track's natural size. Given that
        AVFoundation only allows one video track to be selected at a time, simply use the asset's
        presentation size, cached in m_cachedPresentation size in all cases.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::sizeChanged):

2014-03-28  Antti Koivisto  <antti@apple.com>

        Remove NodeListRootType flag
        https://bugs.webkit.org/show_bug.cgi?id=130896

        Reviewed by Anders Carlsson.

        This can be handled statically (except for the RadioNodeList case) removing
        a branch from NodeList traversal.

        * dom/ClassNodeList.h:
        * dom/Document.cpp:
        (WebCore::Document::registerNodeListForInvalidation):
        (WebCore::Document::unregisterNodeListForInvalidation):
        (WebCore::Document::registerNodeList): Deleted.
        (WebCore::Document::unregisterNodeList): Deleted.
        
            Mark document invalidation registered lists with a bit.
            Renamed for clarity.

        * dom/Document.h:
        * dom/LiveNodeList.cpp:
        (WebCore::LiveNodeList::LiveNodeList):
        (WebCore::LiveNodeList::rootNode):
        
            Base class version that invokes virtual isRootedAtDocument. It is needed to support 
            LiveNodeList::namedItem.

        * dom/LiveNodeList.h:
        (WebCore::LiveNodeList::isRegisteredForInvalidationAtDocument):
        (WebCore::LiveNodeList::setRegisteredForInvalidationAtDocument):
        (WebCore::LiveNodeList::document):
        (WebCore::CachedLiveNodeList<NodeListType>::CachedLiveNodeList):
        (WebCore::CachedLiveNodeList<NodeListType>::~CachedLiveNodeList):
        (WebCore::CachedLiveNodeList<NodeListType>::rootNode):
        
            Call isRootedAtDocument on the final leaf type. Except for RadioNodeList this
            resolves statically.

        (WebCore::CachedLiveNodeList<NodeListType>::willValidateIndexCache):
        (WebCore::CachedLiveNodeList<NodeListType>::invalidateCache):
        (WebCore::LiveNodeList::isRootedAtDocument): Deleted.
        (WebCore::LiveNodeList::rootType): Deleted.
        (WebCore::LiveNodeList::rootNode): Deleted.
        * dom/NameNodeList.h:
        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::adoptDocument):
        * dom/TagNodeList.h:
        * html/HTMLCollection.cpp:
        (WebCore::rootTypeFromCollectionType):
        * html/HTMLCollection.h:
        (WebCore::HTMLCollection::isRootedAtDocument):
        (WebCore::HTMLCollection::rootType):
        
            HTMLCollections still needs the flag.

        * html/LabelsNodeList.cpp:
        (WebCore::LabelsNodeList::LabelsNodeList):
        * html/LabelsNodeList.h:
        * html/RadioNodeList.cpp:
        (WebCore::RadioNodeList::RadioNodeList):
        * html/RadioNodeList.h:

2014-03-28  Mario Sanchez Prada  <mario.prada@samsung.com>

        [GTK] Geoclue2 providers won't work after reloading
        https://bugs.webkit.org/show_bug.cgi?id=130898

        Reviewed by Martin Robinson.

        Don't reuse the Geoclue2 client proxy between different calls to
        startPosition(), and create a new client proxy each time instead.

        * platform/geoclue/GeolocationProviderGeoclue2.cpp:
        (GeolocationProviderGeoclue::startUpdating): Don't reuse the
        client proxy, by always calling geoclue_manager_call_get_client().
        (GeolocationProviderGeoclue::stopUpdating): Disconnect from the
        'location-updated' signal and dispose the client proxy.

2014-03-28  Diego Pino Garcia  <dpino@igalia.com>

        [GTK] Too many redirects visiting www.globalforestwatch.org
        https://bugs.webkit.org/show_bug.cgi?id=129681

        Reviewed by Martin Robinson.

        * platform/gtk/UserAgentGtk.cpp:
        (WebCore::standardUserAgent): Append Safari version to UserAgent
        string.

2014-03-28  Michael Saboff  <msaboff@apple.com>

        Unreviewed, rolling r166249 back in.

        Turns out r166070 didn't cause a 2% performance loss in page load times

        Reverted changeset:

        Unreviewed, rolling out r166070.
        Rollout r166070 due to 2% performance loss in page load times

2014-03-28  James Craig  <jcraig@apple.com>

        Web Inspector: Copy/paste error. EventListener block in DOM.json uses description from Node.
        https://bugs.webkit.org/show_bug.cgi?id=130158

        Reviewed by Timothy Hatcher.

        * inspector/protocol/DOM.json: Fixed a copy/paste annoyance.

2014-03-27  James Craig  <jcraig@apple.com>

        Web Inspector: AXI: expose selectedChildNodeIds of list boxes, tree controls, etc., and reconcile UI with childNodeIds
        https://bugs.webkit.org/show_bug.cgi?id=130827

        Reviewed by Timothy Hatcher.

        Test: inspector-protocol/dom/getAccessibilityPropertiesForNode.html

        Support for selectedChildNodeIds in inspector-protocol: DOM.getAccessibilityPropertiesForNode.

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
        * inspector/protocol/DOM.json:

2014-03-27  Brent Fulgham  <bfulgham@apple.com>

        Specify Shadow DOM Pseudo IDs in Media Element Constructors
        https://bugs.webkit.org/show_bug.cgi?id=130882

        Reviewed by Eric Carlson.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlPanelElement::MediaControlPanelElement): Call setPseudoId in constructor.
        (WebCore::MediaControlPanelEnclosureElement::MediaControlPanelEnclosureElement): Ditto.
        (WebCore::MediaControlTimelineContainerElement::MediaControlTimelineContainerElement): Ditto.
        (WebCore::MediaControlVolumeSliderContainerElement::MediaControlVolumeSliderContainerElement): Ditto.
        (WebCore::MediaControlStatusDisplayElement::MediaControlStatusDisplayElement): Ditto.
        (WebCore::MediaControlPanelMuteButtonElement::MediaControlPanelMuteButtonElement): Ditto.
        (WebCore::MediaControlVolumeSliderMuteButtonElement::MediaControlVolumeSliderMuteButtonElement): Ditto.
        (WebCore::MediaControlPlayButtonElement::MediaControlPlayButtonElement): Ditto.
        (WebCore::MediaControlOverlayPlayButtonElement::MediaControlOverlayPlayButtonElement): Ditto.
        (WebCore::MediaControlSeekForwardButtonElement::MediaControlSeekForwardButtonElement): Ditto.
        (WebCore::MediaControlSeekBackButtonElement::MediaControlSeekBackButtonElement): Ditto.
        (WebCore::MediaControlRewindButtonElement::MediaControlRewindButtonElement): Ditto.
        (WebCore::MediaControlReturnToRealtimeButtonElement::MediaControlReturnToRealtimeButtonElement): Ditto.
        (WebCore::MediaControlToggleClosedCaptionsButtonElement::MediaControlToggleClosedCaptionsButtonElement): Ditto.
        (WebCore::MediaControlClosedCaptionsContainerElement::MediaControlClosedCaptionsContainerElement): Ditto.
        (WebCore::MediaControlClosedCaptionsTrackListElement::MediaControlClosedCaptionsTrackListElement): Ditto.
        (WebCore::MediaControlTimelineElement::MediaControlTimelineElement): Ditto.
        (WebCore::MediaControlPanelVolumeSliderElement::MediaControlPanelVolumeSliderElement): Ditto.
        (WebCore::MediaControlFullscreenVolumeSliderElement::MediaControlFullscreenVolumeSliderElement): Ditto.
        (WebCore::MediaControlFullscreenButtonElement::MediaControlFullscreenButtonElement): Ditto.
        (WebCore::MediaControlFullscreenVolumeMinButtonElement::MediaControlFullscreenVolumeMinButtonElement): Ditto.
        (WebCore::MediaControlFullscreenVolumeMaxButtonElement::MediaControlFullscreenVolumeMaxButtonElement): Ditto.
        (WebCore::MediaControlTimeRemainingDisplayElement::MediaControlTimeRemainingDisplayElement): Ditto.
        (WebCore::MediaControlCurrentTimeDisplayElement::MediaControlCurrentTimeDisplayElement): Ditto.
        (WebCore::MediaControlTextTrackContainerElement::MediaControlTextTrackContainerElement): Ditto.

2014-03-27  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Adjust the tile coverage on the scrollview's edges
        https://bugs.webkit.org/show_bug.cgi?id=130884

        Reviewed by Dan Bernstein.

        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::computeCoverageRect):
        Pull back the future rect inside the contentRect if it goes outside.
        There is no point in retiling for rubberbanding and the extra tiles should be always be
        on the opposite side to the edges.

2014-03-27  Joseph Pecoraro  <pecoraro@apple.com>

        Remove unused LocaleMac::create method
        https://bugs.webkit.org/show_bug.cgi?id=130870

        Reviewed by Andreas Kling.

        * platform/text/mac/LocaleMac.h:
        * platform/text/mac/LocaleMac.mm:
        (WebCore::LocaleMac::create): Deleted.
        (WebCore::LocaleMac::shortDateFormatter): Deleted.

2014-03-27  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Clean up unneeded "mutable" keyword
        https://bugs.webkit.org/show_bug.cgi?id=130832

        Reviewed by Andreas Kling.

        As r166350, this patch cleans up unneeded "mutable" keywords.
        Additionally, m_validatedSelectionCache is removed because it is not used anywhere else.

        * css/CSSFontFaceRule.h:
        * css/CSSStyleRule.h:
        * editing/FrameSelection.h:

2014-03-27  Enrica Casucci  <enrica@apple.com>

        Add support for AirPlay picker in WK2 for iOS.
        https://bugs.webkit.org/show_bug.cgi?id=130855
        <rdar://problem/15349859>

        Reviewed by Eric Carlson, Joseph Pecoraro and Benjamin Poulain.

        Adds support in HTMLMediaSession to display the airplay picker
        and to monitor presence of available wireless targets.

        * html/HTMLMediaSession.cpp:
        (WebCore::HTMLMediaSession::showPlaybackTargetPicker):
        (WebCore::HTMLMediaSession::hasWirelessPlaybackTargets):
        (WebCore::HTMLMediaSession::setHasPlaybackTargetAvailabilityListeners):
        * loader/EmptyClients.h:
        * page/ChromeClient.h:
        * platform/audio/MediaSessionManager.cpp:
        (WebCore::MediaSessionManager::wirelessRoutesAvailableChanged):
        * platform/audio/MediaSessionManager.h:
        (WebCore::MediaSessionManager::hasWirelessTargetsAvailable):
        (WebCore::MediaSessionManager::startMonitoringAirPlayRoutes):
        (WebCore::MediaSessionManager::stopMonitoringAirPlayRoutes):
        * platform/audio/ios/MediaSessionManagerIOS.h:
        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (WebCore::MediaSessionManageriOS::hasWirelessTargetsAvailable):
        (WebCore::MediaSessionManageriOS::startMonitoringAirPlayRoutes):
        (WebCore::MediaSessionManageriOS::stopMonitoringAirPlayRoutes):
        (-[WebMediaSessionHelper initWithCallback:]):
        (-[WebMediaSessionHelper hasWirelessTargetsAvailable]):
        (-[WebMediaSessionHelper startMonitoringAirPlayRoutes]):
        (-[WebMediaSessionHelper stopMonitoringAirPlayRoutes]):
        (-[WebMediaSessionHelper wirelessRoutesAvailableDidChange:]):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::wirelessVideoPlaybackDisabled):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setWirelessVideoPlaybackDisabled):

2014-03-27  Bem Jones-Bey  <bjonesbe@adobe.com>

        [CSS Shapes][css clip-path] rounded corner calculation for box shapes is wrong
        https://bugs.webkit.org/show_bug.cgi?id=127982

        Reviewed by Simon Fraser.

        Calculate rounded corners for box shapes as defined in the CSS Shapes
        spec.

        Tests: css3/masking/clip-path-border-radius-border-box-000.html
               css3/masking/clip-path-border-radius-content-box-000.html
               css3/masking/clip-path-border-radius-content-box-001.html
               css3/masking/clip-path-border-radius-padding-box-000.html
               css3/masking/clip-path-border-radius-padding-box-001.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-border-box-000.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-border-box-001.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-border-box-002.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-content-box-000.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-content-box-001.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-content-box-002.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-content-box-003.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-margin-box-000.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-margin-box-001.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-margin-box-002.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-margin-box-003.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-margin-box-004.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-padding-box-000.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-padding-box-001.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-padding-box-002.html
               fast/shapes/shape-outside-floats/shape-outside-floats-border-radius-padding-box-003.html

        * platform/graphics/RoundedRect.h:
        (WebCore::RoundedRect::Radii::transposedRadii): Transpose radii for
            vertical writing modes.
        (WebCore::RoundedRect::moveBy): Add method for use with clip path.
        (WebCore::RoundedRect::transposedRect): Transpose rect for vertical
            writing modes.
        * rendering/RenderBox.h:
        (WebCore::RenderBox::marginBoxRect): Return the margin box rect for
            the RenderBox.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::setupClipPath): Call the new function for the
            rounded corner calculation.
        * rendering/shapes/ShapeInfo.cpp:
        (WebCore::ShapeInfo<RenderType>::computedShape): Call the new function
            for the rounded corner calculation.
        * rendering/shapes/BoxShape.cpp:
        (WebCore::adjustRadiusForMarginBoxShape): Helper function for
            computeRoundedRectForLayoutBoxShape.
        (WebCore::computeMarginBoxShapeRadius): Ditto.
        (WebCore::computeMarginBoxShapeRadii): Ditto.
        (WebCore::computeRoundedRectForBoxShape): Utility function to do the
            rounded corner calculation.
        * rendering/shapes/BoxShape.h: Add new function.
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::getRoundedInnerBorderFor): Add default argument
            values.

2014-03-27  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r166364.
        https://bugs.webkit.org/show_bug.cgi?id=130872

        Caused a test assertion (Requested by smfr on #webkit).

        Reverted changeset:

        "Operator stretching: expose a math data API"
        https://bugs.webkit.org/show_bug.cgi?id=130572
        http://trac.webkit.org/changeset/166364

2014-03-27  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Compute a good exposed rect when scaling WKContentView
        https://bugs.webkit.org/show_bug.cgi?id=130761

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * platform/ScrollView.h:
        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::setScrollVelocity):
        (WebCore::ScrollView::computeCoverageRect):
        While scaling in, do not add margins tiles. When scaling out, add 1 margin tile size
        all around.

2014-03-27  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r166360.
        https://bugs.webkit.org/show_bug.cgi?id=130869

        Seems to have broken PLT (Requested by ap on #webkit).

        Reverted changeset:

        "Connection::dispatchOneMessage() can be re-entered while
        handling Cmd-key menu"
        https://bugs.webkit.org/show_bug.cgi?id=130767
        http://trac.webkit.org/changeset/166360

2014-03-27  Antti Koivisto  <antti@apple.com>

        Remove LiveNodeList::Type
        https://bugs.webkit.org/show_bug.cgi?id=130866

        Reviewed by Andreas Kling.

        We don't need dynamic type information anymore.

        * dom/ClassNodeList.cpp:
        (WebCore::ClassNodeList::ClassNodeList):
        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::getElementsByTagName):
        (WebCore::ContainerNode::getElementsByName):
        (WebCore::ContainerNode::getElementsByClassName):
        (WebCore::ContainerNode::radioNodeList):
        * dom/LiveNodeList.cpp:
        (WebCore::LiveNodeList::LiveNodeList):
        * dom/LiveNodeList.h:
        (WebCore::LiveNodeList::invalidationType):
        (WebCore::CachedLiveNodeList<NodeListType>::CachedLiveNodeList):
        (WebCore::LiveNodeList::type): Deleted.
        * dom/NameNodeList.cpp:
        (WebCore::NameNodeList::NameNodeList):
        (WebCore::NameNodeList::nodeMatches): Deleted.
        * dom/NameNodeList.h:
        (WebCore::NameNodeList::nodeMatches):
        * dom/NodeRareData.h:
        (WebCore::NodeListTypeIdentifier<ClassNodeList>::value):
        (WebCore::NodeListTypeIdentifier<NameNodeList>::value):
        (WebCore::NodeListTypeIdentifier<TagNodeList>::value):
        (WebCore::NodeListTypeIdentifier<HTMLTagNodeList>::value):
        (WebCore::NodeListTypeIdentifier<RadioNodeList>::value):
        (WebCore::NodeListTypeIdentifier<LabelsNodeList>::value):
        
            Get unique id from type for key generation purposes only.

        (WebCore::NodeListsNodeData::addCacheWithAtomicName):
        (WebCore::NodeListsNodeData::addCacheWithName):
        (WebCore::NodeListsNodeData::removeCacheWithAtomicName):
        (WebCore::NodeListsNodeData::removeCacheWithName):
        (WebCore::NodeListsNodeData::namedNodeListKey):
        * dom/TagNodeList.cpp:
        (WebCore::TagNodeList::TagNodeList):
        (WebCore::HTMLTagNodeList::HTMLTagNodeList):
        * dom/TagNodeList.h:
        * html/LabelableElement.cpp:
        (WebCore::LabelableElement::labels):
        * html/LabelsNodeList.cpp:
        (WebCore::LabelsNodeList::LabelsNodeList):
        * html/LabelsNodeList.h:
        * html/RadioNodeList.cpp:
        (WebCore::RadioNodeList::RadioNodeList):
        * html/RadioNodeList.h:

2014-03-27  Simon Fraser  <simon.fraser@apple.com>

        Fix crash when RenderView is cleared inside of frame flattening layout
        https://bugs.webkit.org/show_bug.cgi?id=130864

        Reviewed by Dan Bernstein.
        
        Navigating on http://wallstcheatsheet.com pages on iOS in WebKit1 would
        sometimes crash when, inside the inChildFrameLayoutWithFrameFlattening clause,
        our frame's RenderView would be null after doing a layout from the root frame,
        possibly also when WebCore was being re-entered from another thread.
        
        Add a null check to fix this.
        
        Crash was timing-dependent and hard to test.

        * page/FrameView.cpp:
        (WebCore::FrameView::layout):

2014-03-27  Antti Koivisto  <antti@apple.com>

        Remove some unnecessary branches from LiveNodeList traversal
        https://bugs.webkit.org/show_bug.cgi?id=130854

        Reviewed by Andreas Kling.

        Compile different traversal code paths for all NodeList subclasses.

        * dom/ClassNodeList.cpp:
        (WebCore::ClassNodeList::ClassNodeList):
        (WebCore::ClassNodeList::~ClassNodeList):
        (WebCore::ClassNodeList::nodeMatches): Deleted.
        * dom/ClassNodeList.h:
        (WebCore::ClassNodeList::nodeMatches):
        (WebCore::ClassNodeList::nodeMatchesInlined): Deleted.
        
            Remove separate nodeMatchesInlined functions. 
            We now rely on exact types and marking classes final.

        * dom/LiveNodeList.cpp:
        (WebCore::LiveNodeList::LiveNodeList):
        (WebCore::LiveNodeList::~LiveNodeList):
        (WebCore::LiveNodeList::namedItem):
        (WebCore::LiveNodeList::rootNode): Deleted.
        (WebCore::isMatchingElement): Deleted.
        (WebCore::firstMatchingElement): Deleted.
        (WebCore::lastMatchingElement): Deleted.
        (WebCore::nextMatchingElement): Deleted.
        (WebCore::previousMatchingElement): Deleted.
        (WebCore::traverseMatchingElementsForward): Deleted.
        (WebCore::traverseMatchingElementsBackward): Deleted.
        (WebCore::LiveNodeList::collectionFirst): Deleted.
        (WebCore::LiveNodeList::collectionLast): Deleted.
        (WebCore::LiveNodeList::collectionTraverseForward): Deleted.
        (WebCore::LiveNodeList::collectionTraverseBackward): Deleted.
        (WebCore::LiveNodeList::length): Deleted.
        (WebCore::LiveNodeList::item): Deleted.
        (WebCore::LiveNodeList::memoryCost): Deleted.
        (WebCore::LiveNodeList::invalidateCache): Deleted.
        * dom/LiveNodeList.h:
        (WebCore::LiveNodeList::invalidateCacheForAttribute):
        (WebCore::CachedLiveNodeList::collectionCanTraverseBackward):
        (WebCore::LiveNodeList::rootNode):
        (WebCore::CachedLiveNodeList<NodeListType>::CachedLiveNodeList):
        
            Add CachedLiveNodeList<NodeListType> utility type that interfaces with CollectionIndexCache.
            It is the base class for all concrete LiveNodeLists.

        (WebCore::CachedLiveNodeList<NodeListType>::~CachedLiveNodeList):
        (WebCore::CachedLiveNodeList<NodeListType>::collectionFirst):
        (WebCore::CachedLiveNodeList<NodeListType>::collectionLast):
        (WebCore::nextMatchingElement):
        (WebCore::CachedLiveNodeList<NodeListType>::collectionTraverseForward):
        (WebCore::previousMatchingElement):
        (WebCore::CachedLiveNodeList<NodeListType>::collectionTraverseBackward):
        (WebCore::CachedLiveNodeList<NodeListType>::willValidateIndexCache):
        (WebCore::CachedLiveNodeList<NodeListType>::invalidateCache):
        (WebCore::CachedLiveNodeList<NodeListType>::length):
        (WebCore::CachedLiveNodeList<NodeListType>::item):
        (WebCore::CachedLiveNodeList<NodeListType>::memoryCost):
        
            Templated code moves to header.

        (WebCore::LiveNodeList::LiveNodeList): Deleted.
        (WebCore::LiveNodeList::~LiveNodeList): Deleted.
        (WebCore::LiveNodeList::invalidateCache): Deleted.
        (WebCore::LiveNodeList::collectionCanTraverseBackward): Deleted.
        (WebCore::LiveNodeList::willValidateIndexCache): Deleted.
        * dom/NameNodeList.cpp:
        (WebCore::NameNodeList::NameNodeList):
        * dom/NameNodeList.h:
        * dom/Node.cpp:
        (WebCore::Document::invalidateNodeListAndCollectionCaches):
        (WebCore::NodeListsNodeData::invalidateCaches):
        * dom/TagNodeList.cpp:
        (WebCore::TagNodeList::TagNodeList):
        (WebCore::HTMLTagNodeList::HTMLTagNodeList):
        (WebCore::HTMLTagNodeList::~HTMLTagNodeList):
        (WebCore::TagNodeList::nodeMatches): Deleted.
        (WebCore::HTMLTagNodeList::nodeMatches): Deleted.
        * dom/TagNodeList.h:
        (WebCore::TagNodeList::nodeMatches):
        (WebCore::HTMLTagNodeList::nodeMatches):
        (WebCore::TagNodeList::create): Deleted.
        (WebCore::HTMLTagNodeList::nodeMatchesInlined): Deleted.
        * html/LabelsNodeList.cpp:
        (WebCore::LabelsNodeList::LabelsNodeList):
        * html/LabelsNodeList.h:
        * html/RadioNodeList.cpp:
        (WebCore::RadioNodeList::RadioNodeList):
        * html/RadioNodeList.h:

2014-03-27  Adenilson Cavalcanti  <cavalcantii@gmail.com>

        Remove comment from Filter.h
        https://bugs.webkit.org/show_bug.cgi?id=130848

        Reviewed by Simon Fraser.

        Exploring the use of consts on applyScale() methods didn't yield
        good results.

        No new tests, no change on behavior.

        * platform/graphics/filters/Filter.h:

2014-03-27  Frédéric Wang  <fred.wang@free.fr>

        Operator stretching: expose a math data API
        https://bugs.webkit.org/show_bug.cgi?id=130572

        Reviewed by Chris Fleizach.

        We expose a new SimpleFontData API to give access to the data from the
        OpenType MATH table using a font cache. The class OpenTypeMathData will
        be implemented in bug 130324. On Darwin platform, we also implement the
        missing FontPlatformData::openTypeTable function which will be necessary
        to load the OpenType MATH table. The changes are intended to be used
        for MathML operator stretching (bug 130322) so tests are not added yet.

        * CMakeLists.txt: add new OpenTypeMathData files.
        * WebCore.vcxproj/WebCore.vcxproj: ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: ditto.
        * WebCore.xcodeproj/project.pbxproj: ditto.
        * platform/graphics/FontCache.cpp: We add a FontCache::getMathData function to implement a cache for the math data.
        We make the math and vertical data share the same key for the cache.
        (WebCore::fontMathDataCacheInstance):
        (WebCore::FontCache::getMathData):
        (WebCore::fontVerticalDataCacheInstance):
        * platform/graphics/FontCache.h: We declare FontCache::getMathData and FontFileKey on all platforms.
        * platform/graphics/FontPlatformData.cpp:
        (WebCore::FontPlatformData::openTypeTable): We implement openTypeTable() on Darwin platform.
        * platform/graphics/FontPlatformData.h: We expose openTypeTable() on Darwin platform.
        * platform/graphics/SimpleFontData.cpp: We initialize m_mathData from the font cache.
        (WebCore::SimpleFontData::SimpleFontData):
        * platform/graphics/SimpleFontData.h: We expose a mathData() function to access the MATH data.
        * platform/graphics/opentype/OpenTypeMathData.cpp: Added. This is a new class that will be used to parse the data from the OpenType MATH table.
        (WebCore::OpenTypeMathData::OpenTypeMathData):
        * platform/graphics/opentype/OpenTypeMathData.h: Added.
        (WebCore::OpenTypeMathData::create):
        (WebCore::OpenTypeMathData::hasMathData):

2014-03-27  Brent Fulgham  <bfulgham@apple.com>

        Fix a crash caused by track insertion after load()
        https://bugs.webkit.org/show_bug.cgi?id=130777

        Reviewed by Eric Carlson.

        Test: media/track/track-insert-after-load-crash.html

        Based on the Blink change (patch by acolwell@chromium.org):
        https://codereview.chromium.org/211373009/

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute): Remove stale LoadMediaResource flag after explicit load.

2014-03-27  Alexey Proskuryakov  <ap@apple.com>

        Connection::dispatchOneMessage() can be re-entered while handling Cmd-key menu
        equivalents, ASSERT(!_data->_keyDownEventBeingResent)
        https://bugs.webkit.org/show_bug.cgi?id=130767
        <rdar://problem/16307487>

        Added a wrapper for RunLoop::initializeMainThread that also adds modal run loop
        mode to it on Mac.

        * CMakeLists.txt:
        * WebCore.exp.in:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/MainRunLoop.cpp: Added.
        (WebCore::initializeMainRunLoop):
        * platform/MainRunLoop.h: Added.
        * platform/mac/MainRunLoop.mm: Added.
        (WebCore::initializeMainRunLoop):

2014-03-27  Krzysztof Czech  <k.czech@samsung.com>

        AX: Returns const reference to static string.
        https://bugs.webkit.org/show_bug.cgi?id=130835

        Reviewed by Mario Sanchez Prada.

        Avoiding some unnecessary copies by returning const reference to static string.

        No new tests. No behaviour change.

        * accessibility/AccessibilityMediaControls.cpp:
        (WebCore::AccessibilityMediaControl::controlTypeName):
        (WebCore::AccessibilityMediaControlsContainer::elementTypeName):
        * accessibility/AccessibilityMediaControls.h:

2014-03-27  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Rename inNamedFlow flag to isNamedFlowContentNode flag
        https://bugs.webkit.org/show_bug.cgi?id=130731

        Reviewed by Andrei Bucur.

        Currently, the inNamedFlow flag in Node class tells if a node is a content node, one that has a style with flow-into.
        Since it is used only for those nodes and not propagated through hierarchy, i want to renamed it to a more meaningful name.
        No new functionality, no new tests.

        * dom/ContainerNode.cpp:
        (WebCore::destroyRenderTreeIfNeeded):
        * dom/Element.cpp:
        (WebCore::Element::~Element):
        (WebCore::Element::unregisterNamedFlowContentElement):
        * dom/Node.h:
        (WebCore::Node::isNamedFlowContentNode):
        (WebCore::Node::setIsNamedFlowContentNode):
        (WebCore::Node::clearIsNamedFlowContentNode):
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::clearContentElements):
        (WebCore::RenderNamedFlowThread::registerNamedFlowContentElement):
        (WebCore::RenderNamedFlowThread::unregisterNamedFlowContentElement):
        (WebCore::nextNodeInsideContentElement):
        * style/StyleResolveTree.cpp:
        (WebCore::Style::attachChildren):
        (WebCore::Style::resolveLocal):

2014-03-27  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Crash when cloning a region child with a content node child
        https://bugs.webkit.org/show_bug.cgi?id=129811

        Reviewed by David Hyatt.

        Collecting the children of a region in another named flow will be supported
        again in the future and it will be revisited when we will implement the content
        keyword: http://dev.w3.org/csswg/css-regions-1/#the-flow-into-property.
        Remove the support for now as it introduces unnecessary complexity in the code
        and potential wrong behavior.

        Test: fast/regions/region-content-node-child-clone-crash.html

        * dom/Element.cpp:
        (WebCore::Element::shouldMoveToFlowThread):
        (WebCore::Element::clearStyleDerivedDataBeforeDetachingRenderer):
        * dom/Element.h:
        * dom/ElementRareData.h:
        (WebCore::ElementRareData::ElementRareData):
        * rendering/FlowThreadController.cpp:
        * rendering/FlowThreadController.h:
        * style/StyleResolveTree.cpp:
        (WebCore::Style::moveToFlowThreadIfNeeded):
        (WebCore::Style::createRendererIfNeeded):

2014-03-27  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Remove unneeded mutable keyword in some member variables 
        https://bugs.webkit.org/show_bug.cgi?id=130813

        Reviewed by Andreas Kling.

        Some member variables have mutable keyword though they don't used by const function.
        This patch removes them. 

        No new tests, no behavior changes. Just clean up.

        * storage/StorageAreaSync.h:
        * svg/animation/SVGSMILElement.h:

2014-03-27  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r166296 and r166331.
        https://bugs.webkit.org/show_bug.cgi?id=130822

        caused some crashes and frequent assertion failures, and the
        fix is going to take a little while (Requested by thorton on
        #webkit).

        Reverted changesets:

        "[iOS WebKit2] Flush all surfaces after painting into all of
        them, instead of after painting into each one"
        https://bugs.webkit.org/show_bug.cgi?id=130768
        http://trac.webkit.org/changeset/166296

        "Assertion failure in RemoteLayerBackingStore::flush"
        https://bugs.webkit.org/show_bug.cgi?id=130810
        http://trac.webkit.org/changeset/166331

2014-03-26  Simon Fraser  <simon.fraser@apple.com>

        Fix failing scrolling tests by reverting to previous behavior where
        the scrolling geometry for the main frame scrolling node was only
        updated from frameViewLayoutUpdated() and no-where else.

        * WebCore.exp.in:
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::updateScrollingNode):
        * page/scrolling/AsyncScrollingCoordinator.h:
        * page/scrolling/ScrollingCoordinator.h:
        (WebCore::ScrollingCoordinator::updateScrollingNode):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):
        (WebCore::RenderLayerCompositor::detachScrollCoordinatedLayer): Deleted.

2014-03-26  Ryosuke Niwa  <rniwa@webkit.org>

        HTMLConverter::_processText is slow because it walks up ancestor elements
        https://bugs.webkit.org/show_bug.cgi?id=130820

        Reviewed by Sam Weinig.

        Avoid walking up the tree from each text node by caching the aggregated attributed strings for each element.
        Also compute the attributed strings top-down to avoid calling mutableCopy in every iteration. 

        This reduces the runtime of Interactive/CopyAll.html from 15s to 13s (15%).

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverter::_attributesForElement):
        (HTMLConverter::attributesForElement):
        (HTMLConverter::aggregatedAttributesForAncestors):
        (HTMLConverter::_processText):

2014-03-26  Sam Weinig  <sam@webkit.org>

        Fix iOS build.

        * editing/cocoa/HTMLConverter.mm:
        (_font):

2014-03-26  Ryosuke Niwa  <rniwa@webkit.org>

        Make _processText and _traverseNode in HTMLConverter more efficient
        https://bugs.webkit.org/show_bug.cgi?id=130769

        Reviewed by Sam Weinig.

        Rewrote a bunch of code in C++ and avoided creating wrappers.
        This reduces the runtime of Interactive/CopyAll.html from ~16.5s to 15s.

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverterCaches::isAncestorsOfStartToBeConverted):
        (HTMLConverter::HTMLConverter):
        (HTMLConverter::~HTMLConverter):
        (HTMLConverter::_processElement):
        (HTMLConverter::_processText):
        (HTMLConverter::_traverseNode):
        (HTMLConverter::_traverseFooterNode):
        (HTMLConverterCaches::cacheAncestorsOfStartToBeConverted):
        (HTMLConverter::_loadFromDOMRange):

2014-03-26  Adenilson Cavalcanti  <cavalcantii@gmail.com>

        FEGaussianBlur: unify and const-ify calculateKernelSize
        https://bugs.webkit.org/show_bug.cgi?id=130779

        Some methods can benefit of using const refs as also make sense to
        unify the interface (i.e. parameters) in calculateKernelSize/Unscaled.

        FilterEffect::filter() will now return a reference, which helps since
        its descendants were accessing methods into the pointer without testing
        for it.

        Reviewed by Simon Fraser.

        No new tests, no changes on behavior.

        * platform/graphics/filters/FEDisplacementMap.cpp:
        (WebCore::FEDisplacementMap::platformApplySoftware):
        * platform/graphics/filters/FEDropShadow.cpp:
        (WebCore::FEDropShadow::determineAbsolutePaintRect):
        (WebCore::FEDropShadow::platformApplySoftware):
        * platform/graphics/filters/FEGaussianBlur.cpp:
        (WebCore::FEGaussianBlur::calculateUnscaledKernelSize):
        (WebCore::FEGaussianBlur::calculateKernelSize):
        (WebCore::FEGaussianBlur::determineAbsolutePaintRect):
        (WebCore::FEGaussianBlur::platformApplySoftware):
        * platform/graphics/filters/FEGaussianBlur.h:
        * platform/graphics/filters/FEMorphology.cpp:
        (WebCore::FEMorphology::determineAbsolutePaintRect):
        (WebCore::FEMorphology::platformApplySoftware):
        * platform/graphics/filters/FEOffset.cpp:
        (WebCore::FEOffset::determineAbsolutePaintRect):
        (WebCore::FEOffset::platformApplySoftware):
        * platform/graphics/filters/FETile.cpp:
        (WebCore::FETile::platformApplySoftware):
        * platform/graphics/filters/FETurbulence.cpp:
        (WebCore::FETurbulence::fillRegion):
        * platform/graphics/filters/Filter.h:
        (WebCore::Filter::applyHorizontalScale):
        (WebCore::Filter::applyVerticalScale):
        * platform/graphics/filters/FilterEffect.h:
        (WebCore::FilterEffect::filter):
        * platform/graphics/filters/SourceAlpha.cpp:
        (WebCore::SourceAlpha::determineAbsolutePaintRect):
        (WebCore::SourceAlpha::platformApplySoftware):
        * platform/graphics/filters/SourceGraphic.cpp:
        (WebCore::SourceGraphic::determineAbsolutePaintRect):
        (WebCore::SourceGraphic::platformApplySoftware):
        * rendering/svg/RenderSVGResourceFilterPrimitive.cpp:
        (WebCore::RenderSVGResourceFilterPrimitive::determineFilterPrimitiveSubregion):
        * svg/graphics/filters/SVGFEImage.cpp:
        (WebCore::FEImage::determineAbsolutePaintRect):
        (WebCore::FEImage::platformApplySoftware):

2014-03-26  Simon Fraser  <simon.fraser@apple.com>

        Make sure childContainmentLayer is parented
        https://bugs.webkit.org/show_bug.cgi?id=130808

        Reviewed by Tim Horton.

        m_childContainmentLayer was never parented if the page
        created no other compositing layers, which left a dangling
        GraphicsLayer which in turn confused UI-side compositing a little.
        Fix by always parenting this layer.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer):

2014-03-26  Brian Burg  <bburg@apple.com>

        Web Replay: disable page cache during capture/replay
        https://bugs.webkit.org/show_bug.cgi?id=130672

        Reviewed by Timothy Hatcher.

        Save, set, and restore page cache settings at the correct times.

        No new tests. If this code fails, then the tests for network replay will fail.

        * replay/ReplayController.cpp:
        (WebCore::ReplayController::setForceDeterministicSettings): Added.
        (WebCore::ReplayController::startCapturing):
        (WebCore::ReplayController::stopCapturing):
        (WebCore::ReplayController::cancelPlayback):
        (WebCore::ReplayController::replayToPosition):
        * replay/ReplayController.h:

2014-03-26  Sam Weinig  <sam@webkit.org>

        Convert more of HTMLConverter to C++
        https://bugs.webkit.org/show_bug.cgi?id=130811

        Reviewed by Anders Carlsson.

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverter::HTMLConverter):
        (HTMLConverter::~HTMLConverter):
        (HTMLConverter::_blockLevelElementForNode):
        (HTMLConverter::_colorForElement):
        (HTMLConverter::_computedAttributesForElement):
        (HTMLConverter::_attributesForElement):
        (HTMLConverter::_fillInBlock):
        (HTMLConverter::_enterElement):
        (HTMLConverter::_addTableForElement):
        (HTMLConverter::_addTableCellForElement):
        (HTMLConverter::_processElement):
        (HTMLConverter::_exitElement):
        (HTMLConverter::_getFloat): Deleted.
        (HTMLConverter::_elementIsBlockLevel): Deleted.
        (HTMLConverter::_elementHasOwnBackgroundColor): Deleted.
        (HTMLConverter::_colorForNode): Deleted.

2014-03-26  Simon Fraser  <simon.fraser@apple.com>

        Hook up -webkit-overflow-scrolling:touch for iOS WK2
        https://bugs.webkit.org/show_bug.cgi?id=130809

        Reviewed by Tim Horton.

        Get -webkit-overflow-scrolling: touch working for iOS WK2.
        
        * WebCore.exp.in:
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::updateScrollingNode):
        Send in ScrollingGeometry when we update scrolling nodes.
        * page/scrolling/AsyncScrollingCoordinator.h:
        * page/scrolling/ScrollingCoordinator.h:
        (WebCore::ScrollingCoordinator::updateScrollingNode):
        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.h:
        Need to get to the scrolling layer in a subclass.
        (WebCore::ScrollingTreeScrollingNodeIOS::scrollLayer):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::hasAcceleratedTouchScrolling): Remove code
        that temporarily disabled touch-scrolling.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer): When we
        update scrolling nodes, send in the right scrolling geometry.

2014-03-26  Timothy Hatcher  <timothy@apple.com>

        Modernize the loops in InspectorPageAgent.cpp.

        Also moves the check for hiddenFromInspector to a lower level.
        This hides hidden resources from more places.

        https://bugs.webkit.org/show_bug.cgi?id=130803

        Reviewed by Joseph Pecoraro.

        * inspector/InspectorPageAgent.cpp:
        (WebCore::buildArrayForCookies):
        (WebCore::cachedResourcesForFrame):
        (WebCore::allResourcesURLsForFrame):
        (WebCore::InspectorPageAgent::getCookies):
        (WebCore::InspectorPageAgent::searchInResources):
        (WebCore::InspectorPageAgent::didClearWindowObjectInWorld):
        (WebCore::InspectorPageAgent::loaderDetachedFromFrame):
        (WebCore::InspectorPageAgent::buildObjectForFrameTree):

2014-03-26  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        Add platform implementation for RTCOfferAnswerOptions and RTCOfferOptions
        https://bugs.webkit.org/show_bug.cgi?id=130689

        Reviewed by Eric Carlson.

        RTCOfferAnswerOptions and RTCOfferOptions objects were being passed to platform class, causing a layer
        violation.

        * Modules/mediastream/RTCOfferAnswerOptions.cpp:
        (WebCore::RTCOfferAnswerOptions::initialize):
        (WebCore::RTCOfferOptions::initialize):
        * Modules/mediastream/RTCOfferAnswerOptions.h:
        (WebCore::RTCOfferAnswerOptions::requestIdentity):
        (WebCore::RTCOfferAnswerOptions::privateOfferAnswerOptions):
        (WebCore::RTCOfferAnswerOptions::RTCOfferAnswerOptions):
        (WebCore::RTCOfferOptions::offerToReceiveVideo):
        (WebCore::RTCOfferOptions::offerToReceiveAudio):
        (WebCore::RTCOfferOptions::voiceActivityDetection):
        (WebCore::RTCOfferOptions::iceRestart):
        (WebCore::RTCOfferOptions::privateOfferOptions):
        (WebCore::RTCOfferOptions::RTCOfferOptions):
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::createOffer):
        (WebCore::RTCPeerConnection::createAnswer):
        * platform/mediastream/RTCOfferAnswerOptionsPrivate.h: Added.
        * platform/mediastream/RTCPeerConnectionHandler.h:
        * platform/mock/RTCPeerConnectionHandlerMock.cpp:
        (WebCore::RTCPeerConnectionHandlerMock::createOffer):
        (WebCore::RTCPeerConnectionHandlerMock::createAnswer):
        * platform/mock/RTCPeerConnectionHandlerMock.h:

2014-03-26  Zalan Bujtas  <zalan@apple.com>

        Device scale factor should always be greater than 0.
        https://bugs.webkit.org/show_bug.cgi?id=130798

        Reviewed by David Kilzer.

        Rendering context requires a device scale factor > 0 so that we can map CSS pixels
        to device pixels properly. Neither 0 nor a negative device pixel ratio are considered to be valid.

        * page/Page.cpp:
        (WebCore::Page::setDeviceScaleFactor):

2014-03-26  Myles C. Maxfield  <mmaxfield@apple.com>

        Skipping underlines disregard points completely inside the underline rect
        https://bugs.webkit.org/show_bug.cgi?id=130800

        Reviewed by Dean Jackson.

        When determining bounds for underline skipping, endpoints of glyph contours
        that lie entirely within the rect of the underline are ignored. This patch
        makes these points affect the skipping regions the same way that intersections
        do.

        Test: fast/css3-text/css3-text-decoration/text-decoration-skip/glyph-inside-underline.html

        * platform/graphics/mac/FontMac.mm:
        (WebCore::updateX): Refactored common code into a function
        (WebCore::findPathIntersections): Test for endpoints which lie entirely within
        the underline bounds

2014-03-26  Pratik Solanki  <psolanki@apple.com>

        Unreviewed. iOS build fix after r166312. Soft link CMTimeRangeGetEnd.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

2014-03-26  Timothy Hatcher  <timothy@apple.com>

        Propagate the hiddenFromInspector flag on ResourceRequest in
        places when a new request a made or passed between processes.

        https://bugs.webkit.org/show_bug.cgi?id=130741

        Reviewed by Joseph Pecoraro.

        * WebCore.exp.in: Updated symbols for updateFromDelegatePreservingOldProperties.
        * platform/network/cf/ResourceRequest.h:
        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::ResourceRequest::updateFromDelegatePreservingOldProperties): Added.
        (WebCore::ResourceRequest::updateFromDelegatePreservingOldHTTPBody): Deleted.
        * platform/network/curl/ResourceRequest.h:
        (WebCore::ResourceRequest::updateFromDelegatePreservingOldProperties): Added.
        (WebCore::ResourceRequest::updateFromDelegatePreservingOldHTTPBody): Deleted.
        * platform/network/mac/ResourceRequestMac.mm:
        (WebCore::ResourceRequest::updateFromDelegatePreservingOldProperties): Added.
        (WebCore::ResourceRequest::updateFromDelegatePreservingOldHTTPBody): Deleted.
        * platform/network/soup/ResourceRequest.h:
        (WebCore::ResourceRequest::updateFromDelegatePreservingOldProperties): Added.
        (WebCore::ResourceRequest::updateFromDelegatePreservingOldHTTPBody): Deleted.

2014-03-26  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] Remove no-longer-used shape-inside geometry code
        https://bugs.webkit.org/show_bug.cgi?id=130740

        Reviewed by David Hyatt.

        This patch removes shape-padding support, since it can be used only with shape-inside.
        Shape-inside support has been removed in r166301.

        No new tests needed, existing tests have been removed by r166301.

        * rendering/shapes/BoxShape.cpp:
        (WebCore::BoxShape::shapePaddingLogicalBoundingBox): Deleted.
        (WebCore::BoxShape::shapePaddingBounds): Deleted.
        (WebCore::BoxShape::getIncludedIntervals): Deleted.
        (WebCore::BoxShape::firstIncludedIntervalLogicalTop): Deleted.
        * rendering/shapes/BoxShape.h:
        * rendering/shapes/PolygonShape.cpp:
        (WebCore::leftSide): Deleted.
        (WebCore::isReflexVertex): Deleted.
        (WebCore::computeShapePaddingBounds): Deleted.
        (WebCore::PolygonShape::shapePaddingBounds): Deleted.
        (WebCore::PolygonShape::getIncludedIntervals): Deleted.
        (WebCore::firstFitRectInPolygon): Deleted.
        (WebCore::aboveOrToTheLeft): Deleted.
        (WebCore::PolygonShape::firstIncludedIntervalLogicalTop): Deleted.
        * rendering/shapes/PolygonShape.h:
        (WebCore::PolygonShape::PolygonShape):
        * rendering/shapes/RasterShape.cpp:
        (WebCore::RasterShapeIntervals::firstIncludedIntervalY): Deleted.
        (WebCore::RasterShapeIntervals::getIncludedIntervals): Deleted.
        (WebCore::RasterShape::paddingIntervals): Deleted.
        (WebCore::RasterShape::getIncludedIntervals): Deleted.
        (WebCore::RasterShape::firstIncludedIntervalLogicalTop): Deleted.
        * rendering/shapes/RasterShape.h:
        * rendering/shapes/RectangleShape.cpp:
        (WebCore::ellipseYIntercept): Deleted.
        (WebCore::RectangleShape::shapePaddingBounds): Deleted.
        (WebCore::RectangleShape::getIncludedIntervals): Deleted.
        (WebCore::cornerInterceptForWidth): Deleted.
        (WebCore::RectangleShape::firstIncludedIntervalLogicalTop): Deleted.
        * rendering/shapes/RectangleShape.h:
        * rendering/shapes/Shape.cpp:
        (WebCore::Shape::createShape):
        (WebCore::Shape::createRasterShape):
        (WebCore::Shape::createBoxShape):
        * rendering/shapes/Shape.h:
        (WebCore::Shape::lineOverlapsShapePaddingBounds): Deleted.
        (WebCore::Shape::shapePadding): Deleted.
        * rendering/shapes/ShapeInfo.cpp:
        (WebCore::ShapeInfo<RenderType>::computedShape):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeRequiresLayout):
        * rendering/style/RenderStyle.h:
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:

2014-03-26  Jeremy Jones  <jeremyj@apple.com>

        Implement hasLiveStreamingContent property in WebAVPlayerController
        https://bugs.webkit.org/show_bug.cgi?id=128684

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        Add export for WebVideoFullscreenInterfaceAVKit::setSeekableRanges().

        * platform/ios/WebVideoFullscreenInterface.h:
        Add setSeekableRanges()

        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        Add setSeekableRanges()

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        Remove vestigial playerLayer property. Add seekableTimeRanges property.

        (-[WebAVPlayerController dealloc]):
        Release _seekableTimeRanges.
        Remove references to _playerLayer.

        (-[WebAVPlayerController hasLiveStreamingContent]):
        Implement based on duration. Live stream has an infinite duration.

        (+[WebAVPlayerController keyPathsForValuesAffectingHasLiveStreamingContent]):
        Describe dependent keys for computed property hasLiveStreamingContent.

        (-[WebAVPlayerController skipBackwardThirtySeconds:]):
        Seek back 30 seconds if that time is in the seekable ranges.

        (-[WebAVPlayerController gotoEndOfSeekableRanges:]):
        Jump to live by going to the of the seekable ranges.

        (WebVideoFullscreenInterfaceAVKit::setSeekableRanges):
        Convert TimeRange to CMTimeRange.

        * platform/ios/WebVideoFullscreenModelMediaElement.mm:
        (WebVideoFullscreenModelMediaElement::setMediaElement):
        Set initial seekable ranges.

        (WebVideoFullscreenModelMediaElement::handleEvent):
        Update seekable ranges when time changes.

2014-03-26  Brent Fulgham  <bfulgham@apple.com>

        Fix OS X build.

        * WebCore.exp.in: Add missing export symbol.

2014-03-26  Simon Fraser  <simon.fraser@apple.com>

        Fix the Windows build. Add a no-op impl for Mac non-UI-side.

        * platform/graphics/ca/mac/PlatformCALayerMac.h:
        * platform/graphics/ca/win/PlatformCALayerWin.cpp:
        (PlatformCALayerWin::PlatformCALayerWin):
        * platform/graphics/ca/win/PlatformCALayerWin.h:

2014-03-26  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (r155977): matrix animations no longer animate
        https://bugs.webkit.org/show_bug.cgi?id=130789
        <rdar://problem/15650946>

        Reviewed by Dean Jackson.
        
        r155977 erroneously removed two lines that set the end points for
        matrix animations (used when transform lists don't match), so
        put them back.
        
        Also don't repaint when updateContentsScale()
        is called and doesn't change the contents scale.

        Test: compositing/animation/matrix-animation.html

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::updateRootRelativeScale):
        (WebCore::GraphicsLayerCA::setTransformAnimationEndpoints):
        (WebCore::GraphicsLayerCA::updateContentsScale):

2014-03-26  Simon Fraser  <simon.fraser@apple.com>

        Add a custom behavior flag to GraphicsLayer, piped down to PlatformCALayer, for scrolling layers
        https://bugs.webkit.org/show_bug.cgi?id=130778

        Reviewed by Tim Horton.

        Make it possible to put a "custom behavior" flag on a layer so that,
        with UI-side compositing, we know to create a specific type of
        layer or view for that GraphicsLayer.

        * WebCore.exp.in:
        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::GraphicsLayer):
        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::setCustomBehavior):
        (WebCore::GraphicsLayer::customBehavior):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers):
        (WebCore::GraphicsLayerCA::updateCustomBehavior):
        (WebCore::GraphicsLayerCA::setCustomBehavior):
        * platform/graphics/ca/GraphicsLayerCA.h:
        * platform/graphics/ca/PlatformCALayer.h:
        * platform/graphics/ca/mac/PlatformCALayerMac.h:
        * platform/graphics/ca/mac/PlatformCALayerMac.mm:
        (PlatformCALayerMac::PlatformCALayerMac):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateScrollingLayers):

2014-03-26  Brent Fulgham  <bfulgham@apple.com>

        Unreviewed test correction.

        Because of the way DRT on Windows links to WebCore, having the implementaion of the update
        method in the header caused a runtime failure due to duplicate symbols being bound to the
        compilation unit.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::setEnhancedUserInterfaceAccessibility): Moved from header.
        * accessibility/AXObjectCache.h:
        (WebCore::AXObjectCache::setEnhancedUserInterfaceAccessibility): Deleted.

2014-03-26  Jer Noble  <jer.noble@apple.com>

        REGRESSION(r162679): Poster image visible under the video
        https://bugs.webkit.org/show_bug.cgi?id=130783

        Reviewed by Simon Fraser.

        In the listed revision, we started checking for isRenderImage()
        instead of isImage(). RenderMedias return 'true' for the first
        but 'false' for the second. Change the if() statement to check
        for isRenderMedia() in addition to !isRenderImage().

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::isDirectlyCompositedImage):

2014-03-26  Antti Koivisto  <antti@apple.com>

        Render tree construction is O(N^2) in number of siblings
        https://bugs.webkit.org/show_bug.cgi?id=129065

        Reviewed by Darin Adler.
        
        When adding a new renderer to the tree we would search for the correct render tree
        position by traversing DOM children forward to find something that already has a renderer.
        In common case there is no such renderer. This would be repeated for each inserted renderer
        leading to O(n^2) in respect to child node count.
        
        This patch caches the computed render tree insertion position and passes it to siblings.
        Until the cached position is reached it can be used for all new renderers.

        Test: perf/sibling-renderer-On2.html

        * style/StyleResolveTree.cpp:
        (WebCore::Style::RenderTreePosition::parent):
        (WebCore::Style::RenderTreePosition::RenderTreePosition):
        (WebCore::Style::RenderTreePosition::canInsert):
        (WebCore::Style::RenderTreePosition::insert):
        (WebCore::Style::RenderTreePosition::computeNextSibling):
        (WebCore::Style::RenderTreePosition::invalidateNextSibling):
        (WebCore::Style::styleForElement):
        (WebCore::Style::elementInsideRegionNeedsRenderer):
        (WebCore::Style::createRendererIfNeeded):
        (WebCore::Style::createTextRendererIfNeeded):
        (WebCore::Style::attachTextRenderer):
        (WebCore::Style::updateTextRendererAfterContentChange):
        (WebCore::Style::attachChildren):
        (WebCore::Style::attachDistributedChildren):
        (WebCore::Style::attachShadowRoot):
        (WebCore::Style::attachBeforeOrAfterPseudoElementIfNeeded):
        (WebCore::Style::attachRenderTree):
        (WebCore::Style::resolveLocal):
        (WebCore::Style::resolveTextNode):
        (WebCore::Style::resolveShadowTree):
        (WebCore::Style::updateBeforeOrAfterPseudoElement):
        (WebCore::Style::resolveTree):

2014-03-26  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r166264.
        https://bugs.webkit.org/show_bug.cgi?id=130785

        Broke some window.opener tests for WK2 Mavericks (Requested by
        brrian__ on #webkit).

        Reverted changeset:

        "Web Replay: resource unique identifiers should be unique-per-
        frame, not globally"
        https://bugs.webkit.org/show_bug.cgi?id=130632
        http://trac.webkit.org/changeset/166264

2014-03-26  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] Remove shape-inside support
        https://bugs.webkit.org/show_bug.cgi?id=130698

        Reviewed by David Hyatt.

        CSS Shapes Level 1 (CR) only contains shape-outside. We are focusing our efforts on finalizing
        the implementation of shape-outside, it's worth to remove shape-inside code at this point for now.

        A list of reasons for the removal:
          - Shape-inside is only part of Shapes Level 2, which needs to be improved on some topics.
          - Shape-inside is lack of new shapes support (e.g. inset).
          - Deprecated shapes (r165472) are removed from the code (e.g. rectangle), which affects shape-inside. 
          - The current shape-inside code spreads across the layout code.
          - The current shape-inside implementation is experimental in some areas,
            and the partially implemented code can have security implications.
          - Removal of shape-inside opens possibilities for code complexity and performance
            optimizations for shape-outside. (e.g. simpler geometry code)

        No new tests are needed.

        * CMakeLists.txt:
        * Configurations/FeatureDefines.xcconfig:
        * GNUmakefile.list.am:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSParser.cpp:
        (WebCore::isSimpleLengthPropertyID):
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseShapeProperty):
        * css/CSSPropertyNames.in:
        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::DeprecatedStyleBuilder::DeprecatedStyleBuilder):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::applyProperty):
        (WebCore::StyleResolver::loadPendingImages):
        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):
        * rendering/LayoutState.cpp:
        (WebCore::LayoutState::LayoutState):
        * rendering/LayoutState.h:
        (WebCore::LayoutState::LayoutState):
        (WebCore::LayoutState::shapeInsideInfo): Deleted.
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::styleDidChange):
        (WebCore::RenderBlock::imageChanged):
        (WebCore::RenderBlock::preparePaginationBeforeBlockLayout):
        (WebCore::RenderBlock::relayoutShapeDescendantIfMoved): Deleted.
        (WebCore::RenderBlock::logicalOffsetFromShapeAncestorContainer): Deleted.
        (WebCore::RenderBlock::updateShapeInsideInfoAfterStyleChange): Deleted.
        (WebCore::RenderBlock::ensureShapeInsideInfo): Deleted.
        (WebCore::RenderBlock::shapeInsideInfo): Deleted.
        (WebCore::RenderBlock::setShapeInsideInfo): Deleted.
        (WebCore::RenderBlock::markShapeInsideDescendantsForLayout): Deleted.
        (WebCore::RenderBlock::layoutShapeInsideInfo): Deleted.
        (WebCore::shapeInfoRequiresRelayout): Deleted.
        (WebCore::RenderBlock::computeShapeSize): Deleted.
        (WebCore::RenderBlock::updateShapesBeforeBlockLayout): Deleted.
        (WebCore::RenderBlock::updateShapesAfterBlockLayout): Deleted.
        (WebCore::RenderBlock::prepareShapesAndPaginationBeforeBlockLayout): Deleted.
        * rendering/RenderBlock.h:
        (WebCore::RenderBlock::allowsShapeInsideInfoSharing): Deleted.
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::layoutBlock):
        (WebCore::RenderBlockFlow::layoutBlockChild):
        (WebCore::RenderBlockFlow::computeLogicalLocationForFloat):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::computeInlineDirectionPositionsForLine):
        (WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
        (WebCore::constructBidiRunsForLine): Deleted.
        (WebCore::pushShapeContentOverflowBelowTheContentBox): Deleted.
        (WebCore::RenderBlockFlow::updateShapeAndSegmentsForCurrentLine): Deleted.
        (WebCore::RenderBlockFlow::updateShapeAndSegmentsForCurrentLineInFlowThread): Deleted.
        (WebCore::adjustLogicalLineTop): Deleted.
        (WebCore::RenderBlockFlow::adjustLogicalLineTopAndLogicalHeightIfNeeded): Deleted.
        * rendering/RenderDeprecatedFlexibleBox.cpp:
        (WebCore::RenderDeprecatedFlexibleBox::layoutBlock):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::~RenderElement):
        (WebCore::RenderElement::initializeStyle):
        (WebCore::RenderElement::setStyle):
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::layoutBlock):
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::layoutBlock):
        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::createStyle):
        * rendering/RenderView.h:
        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseFor):
        * rendering/line/BreakingContextInlineHeaders.h:
        (WebCore::BreakingContext::handleText):
        (WebCore::BreakingContext::handleEndOfLine):
        (WebCore::updateSegmentsForShapes): Deleted.
        * rendering/line/LineBreaker.cpp:
        (WebCore::LineBreaker::nextLineBreak):
        * rendering/line/LineWidth.cpp:
        (WebCore::LineWidth::LineWidth):
        (WebCore::LineWidth::updateAvailableWidth):
        (WebCore::LineWidth::wrapNextToShapeOutside):
        (WebCore::LineWidth::fitBelowFloats):
        (WebCore::LineWidth::updateLineSegment): Deleted.
        (WebCore::LineWidth::updateCurrentShapeSegment): Deleted.
        * rendering/line/LineWidth.h:
        * rendering/shapes/ShapeInsideInfo.cpp: Removed.
        * rendering/shapes/ShapeInsideInfo.h: Removed.
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeRequiresLayout):
        * rendering/style/RenderStyle.h:
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:

2014-03-25  Brent Fulgham  <bfulgham@apple.com>

        Avoid duplicate size checks when creating empty image
        https://bugs.webkit.org/show_bug.cgi?id=130730

        Reviewed by Dean Jackson.

        Merged from Blink (patch by ch.dumez@samsung.com):
        https://chromium.googlesource.com/chromium/blink/+/4861a71bc1f284fc97417f405ab7d08dc6947b88
        http://crbug.com/190633011

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::createEmptyImageData): Don't perform overflow calculation twice.

2014-03-26  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] getComputedStyle() must return the specified value for positioning properties
        https://bugs.webkit.org/show_bug.cgi?id=130010

        Reviewed by Darin Adler.

        According to the specs
        http://dev.w3.org/csswg/css-grid/#property-index and also to
        http://lists.w3.org/Archives/Public/www-style/2014Mar/0162.html
        the function getComputedStyle() must return the specified values
        for positioning properties, i.e, grid-{columns|rows}-{start|end}.

        We were in some cases, adjusting the style in the StyleResolver
        (for example with two opposing spans) something that is now done
        in the RenderGrid because we cannot alter the original style.

        The code moved to the renderer became more self explanatory and it
        now supports named grid areas with names ending in "-start" and
        "-end".

        Test: fast/css-grid-layout/named-grid-lines-with-named-grid-areas-get-set.html

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle):
        (WebCore::gridLineDefinedBeforeGridArea): Deleted.
        (WebCore::StyleResolver::adjustNamedGridItemPosition): Deleted.
        (WebCore::StyleResolver::adjustGridItemPosition): Deleted.
        * css/StyleResolver.h:
        * rendering/RenderGrid.cpp:
        (WebCore::isColumnSide):
        (WebCore::RenderGrid::explicitGridSizeForSide):
        (WebCore::gridLineDefinedBeforeGridArea):
        (WebCore::setNamedLinePositionIfDefinedBeforeArea):
        (WebCore::RenderGrid::adjustNamedGridItemPosition):
        (WebCore::RenderGrid::adjustGridPositionsFromStyle):
        (WebCore::RenderGrid::resolveGridPositionsFromStyle):
        (WebCore::RenderGrid::resolveNamedGridLinePositionFromStyle):
        (WebCore::RenderGrid::resolveNamedGridLinePositionAgainstOppositePosition):
        * rendering/RenderGrid.h:
        * rendering/style/GridPosition.h:
        (WebCore::GridPosition::setAutoPosition): New helper function.

2014-03-26  Simon Fraser  <simon.fraser@apple.com>

        Fix the iOS build.

        * WebCore.exp.in:

2014-03-26  Tim Horton  <timothy_horton@apple.com>

        [iOS WebKit2] Flush all surfaces after painting into all of them, instead of after painting into each one
        https://bugs.webkit.org/show_bug.cgi?id=130768
        <rdar://problem/16421471>

        Reviewed by Simon Fraser.

        * platform/graphics/cocoa/IOSurface.h:
        Add a non-ensuring platformContext() getter.

2014-03-26  James Craig  <jcraig@apple.com>

        Web Inspector: AXI: crash when inspecting "bar" text node in getAccessibilityPropertiesForNode layout test
        https://bugs.webkit.org/show_bug.cgi?id=130290

        Reviewed by Timothy Hatcher.

        Test: inspector-protocol/dom/getAccessibilityPropertiesForNode.html

        Fixing regression from r165590. http://webkit.org/b/129779
        Verify isElementNode to avoid calling toElement on document or text nodes.

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

2014-03-25  Sergio Villar Senin  <svillar@igalia.com>

        Replace DEPRECATED_DEFINE_STATIC_LOCAL by static NeverDestroyed<T> in editing/
        https://bugs.webkit.org/show_bug.cgi?id=130722

        Reviewed by Antti Koivisto.

        * editing/AlternativeTextController.cpp:
        (WebCore::markerTypesForAutocorrection):
        (WebCore::markerTypesForReplacement):
        (WebCore::markerTypesForAppliedDictationAlternative):
        * editing/EditingStyle.cpp:
        (WebCore::htmlElementEquivalents):
        (WebCore::htmlAttributeEquivalents):
        * editing/FormatBlockCommand.cpp:
        (WebCore::isElementForFormatBlock):
        * editing/RemoveFormatCommand.cpp:
        (WebCore::isElementForRemoveFormatCommand):
        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::isProhibitedParagraphChild):
        * editing/atk/FrameSelectionAtk.cpp:
        (WebCore::maybeEmitTextFocusChange):

2014-03-25  Simon Fraser  <simon.fraser@apple.com>

        Add a new type of scrolling tree node for overflow scrolling
        https://bugs.webkit.org/show_bug.cgi?id=130763

        Reviewed by Tim Horton.

        Prepare for overflow scrolling via the scrolling tree by adding
        a new scrolling node type for overflow:scroll nodes. Mostly
        this is a new ScrollingNodeType that gets mapped to the same
        scrolling state nodes and scrolling nodes, but iOS creates
        state and scrolling nodes specific to overflow:scroll.
        
        Change the type checking on nodes to use virtual functions instead
        of just checking the node type, to allow the macros to work with
        the new scrolling node type.

        * WebCore.exp.in:
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::ensureRootStateNodeForFrameView):
        * page/scrolling/ScrollingCoordinator.h:
        * page/scrolling/ScrollingStateFixedNode.h:
        * page/scrolling/ScrollingStateNode.h:
        (WebCore::ScrollingStateNode::isFixedNode):
        (WebCore::ScrollingStateNode::isStickyNode):
        (WebCore::ScrollingStateNode::isScrollingNode):
        * page/scrolling/ScrollingStateScrollingNode.cpp:
        (WebCore::ScrollingStateScrollingNode::create):
        (WebCore::ScrollingStateScrollingNode::ScrollingStateScrollingNode):
        * page/scrolling/ScrollingStateScrollingNode.h:
        * page/scrolling/ScrollingStateStickyNode.h:
        * page/scrolling/ScrollingStateTree.cpp:
        (WebCore::ScrollingStateTree::attachNode):
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::viewportChangedViaDelegatedScrolling):
        (WebCore::ScrollingTree::updateTreeFromStateNode):
        * page/scrolling/ScrollingTreeNode.h:
        (WebCore::ScrollingTreeNode::isFixedNode):
        (WebCore::ScrollingTreeNode::isStickyNode):
        (WebCore::ScrollingTreeNode::isScrollingNode):
        * page/scrolling/ScrollingTreeScrollingNode.cpp:
        (WebCore::ScrollingTreeScrollingNode::ScrollingTreeScrollingNode):
        * page/scrolling/ScrollingTreeScrollingNode.h:
        * page/scrolling/ios/ScrollingCoordinatorIOS.mm:
        (WebCore::ScrollingCoordinatorIOS::createScrollingTreeNode):
        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.h:
        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeScrollingNodeIOS::create):
        (WebCore::ScrollingTreeScrollingNodeIOS::ScrollingTreeScrollingNodeIOS):
        * page/scrolling/mac/ScrollingCoordinatorMac.mm:
        (WebCore::ScrollingCoordinatorMac::createScrollingTreeNode):
        * page/scrolling/mac/ScrollingTreeFixedNode.h:
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
        (WebCore::ScrollingTreeScrollingNodeMac::create):
        (WebCore::ScrollingTreeScrollingNodeMac::ScrollingTreeScrollingNodeMac):
        * page/scrolling/mac/ScrollingTreeStickyNode.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):

2014-03-26  Krzysztof Czech  <k.czech@samsung.com>

        [ATK] Utilize new AtkValue interface coming in ATK 2.11.92
        https://bugs.webkit.org/show_bug.cgi?id=130575

        Reviewed by Mario Sanchez Prada.

        ATK 2.11.92 introduces some new API and deprecates an old one.
        Adjust current implementation to meet requirements of the new API.

        No new tests. Covered by existing ones.

        * accessibility/atk/AXObjectCacheAtk.cpp:
        (WebCore::AXObjectCache::postPlatformNotification):
        * accessibility/atk/WebKitAccessibleInterfaceValue.cpp:
        (webkitAccessibleSetNewValue):
        (webkitAccessibleGetIncrementValue):
        (webkitAccessibleGetValueAndText):
        (webkitAccessibleGetIncrement):
        (webkitAccessibleSetValue):
        (webkitAccessibleGetRange):
        (webkitAccessibleValueSetCurrentValue):
        (webkitAccessibleValueGetMinimumIncrement):
        (webkitAccessibleValueInterfaceInit):

2014-03-26  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed. Removing the remaining Automake cruft.

        * GNUmakefile.list.am: Removed.

2014-03-25  Pratik Solanki  <psolanki@apple.com>

        iOS build fix. Add missing semicolon.

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverter::_addAttachmentForElement):

2014-03-25  Sam Weinig  <sam@webkit.org>

        Speculative iOS build fix.

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverter::_addAttachmentForElement):

2014-03-25  Jer Noble  <jer.noble@apple.com>

        [MSE] Duplicate 'seeked' events.
        https://bugs.webkit.org/show_bug.cgi?id=130754

        Reviewed by Eric Carlson.

        Test: media/media-source/media-source-duplicate-seeked.html

        During certain seek operations, HTMLMediaElement::finishSeek() can be called re-entrantly due to
        the ready state changing as a result of MediaSource::monitorSourceBuffers(). Move this call to the
        end of finishSeek() after m_seeking has been cleared.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):

2014-03-25  James Craig  <jcraig@apple.com>

        Web Inspector: AXI: add support for aria-activedescendant and reconcile UI/testing with parentNode
        https://bugs.webkit.org/show_bug.cgi?id=130712

        Reviewed by Timothy Hatcher.

        Test: inspector-protocol/dom/getAccessibilityPropertiesForNode.html

        Support for @aria-activedescendant; code reuse changes w/ parentNode and activeDescendantNode.

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
        * inspector/protocol/DOM.json:

2014-03-25  Sanghyup Lee  <sh53.lee@samsung.com>

        When the mouse is upped after dragged out of shadowDOM, it should lose :active.
        https://bugs.webkit.org/show_bug.cgi?id=130660

        Reviewed by Darin Adler.

        This caused a regression after r165037.
        When we have to clear :active style of shadow DOM, we should clear host's style.
        This patch replaces parentElement() by parentOrShadowHostElement().

        * dom/Document.cpp:
        (WebCore::Document::updateHoverActiveState):

2014-03-25  Eric Carlson  <eric.carlson@apple.com>

        [Mac] Always retry a failed MediaDocument as a PluginDocument
        https://bugs.webkit.org/show_bug.cgi?id=130742

        Reviewed by Jer Noble.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaLoadingFailedFatally): If the element is in a media document,
            tell it that loading failed so it can retry as a plug-in.

2014-03-25  Ryosuke Niwa  <rniwa@webkit.org>

        Replace HTMLConverter::_stringForNode by propertyValueForNode
        https://bugs.webkit.org/show_bug.cgi?id=130711

        Reviewed by Sam Weinig.

        Replaced all calls to HTMLConverter::_stringForNode by that to propertyValueForNode.

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverter::_computedAttributesForElement):
        (HTMLConverter::_addAttachmentForElement):
        (HTMLConverter::_enterElement):
        (HTMLConverter::_addTableForElement):
        (HTMLConverter::_addTableCellForElement):
        (HTMLConverter::_processElement):
        (HTMLConverter::_exitElement):
        (HTMLConverter::_processText):
        (HTMLConverter::_traverseNode):
        (HTMLConverter::_traverseFooterNode):
        (HTMLConverter::_stringForNode): Deleted.

2014-03-25  Pratik Solanki  <psolanki@apple.com>

        Attempt to fix iOS build after r166261.

        * WebCore.xcodeproj/project.pbxproj: Make SystemSleepListener.h a private header.

2014-03-21  Jer Noble  <jer.noble@apple.com>

        [iOS] Enable caption support in full screen.
        https://bugs.webkit.org/show_bug.cgi?id=130603

        Reviewed by Eric Carlson.

        Add TextTrackRepresentation support to MediaPlayerPrivateAVFoundationObjC.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoLayer): Add the m_textTrackRepresenationLayer if present.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer): Ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::requiresTextTrackRepresentation): True, if a m_videoFullscreenLayer is present.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setTextTrackRepresentation): Remove the old, and add the new m_textTrackRepresenationLayer.

        Make the text track container a stacking context for painting purposes.
        * Modules/mediacontrols/mediaControlsiOS.css:
        (video::-webkit-media-text-track-container):

2014-03-25  Brian Burg  <bburg@apple.com>

        Web Replay: resource unique identifiers should be unique-per-frame, not globally
        https://bugs.webkit.org/show_bug.cgi?id=130632

        Reviewed by Timothy Hatcher.

        For replay purposes, we want to deterministically assign resource load identifiers
        to resource loaders, provided that the resource loaders are created in the same
        order.

        To do this, we convert unique identifiers from being globally-unique to being
        frame-unique. When a new frame is being loaded, unique identifiers for
        subresources of that frame begin counting from 1.

        No new tests. Identifier invariants are exercised by existing assertions and tests.

        * loader/ProgressTracker.cpp:
        (WebCore::ProgressTracker::ProgressTracker):
        (WebCore::ProgressTracker::reset):
        (WebCore::ProgressTracker::createUniqueIdentifier):
        * loader/ProgressTracker.h:

2014-03-25  Jer Noble  <jer.noble@apple.com>

        [Mac] Pause the media element during system sleep.
        https://bugs.webkit.org/show_bug.cgi?id=130718

        Reviewed by Eric Carlson.

        Test: media/video-system-sleep.html

        Relying on the platform media system to pause and restart playback during
        system sleep can cause problems on some platforms, especially where hardware
        decoders are concerned. Rather than implicitly pausing the media during
        system sleep, explicitly pause the media before sleeping and resume (if
        appropriate) upon waking.

        Add a new class to be used for system sleep notifications:
        * platform/SystemSleepListener.cpp: Added.
        (WebCore::SystemSleepListener::create):
        (WebCore::SystemSleepListener::SystemSleepListener):
        * platform/SystemSleepListener.h: Added.
        (WebCore::SystemSleepListener::Client::~Client):
        (WebCore::SystemSleepListener::~SystemSleepListener):
        (WebCore::SystemSleepListener::client):

        Add a Mac-specific implementation:
        * platform/mac/SystemSleepListenerMac.h: Added.
        * platform/mac/SystemSleepListenerMac.mm: Added.
        (WebCore::SystemSleepListener::create):
        (WebCore::SystemSleepListenerMac::SystemSleepListenerMac):
        (WebCore::SystemSleepListenerMac::~SystemSleepListenerMac):

        Listen for system sleep notifications in MediaSessionManager:
        * platform/audio/MediaSessionManager.cpp:
        (WebCore::MediaSessionManager::MediaSessionManager):
        (WebCore::MediaSessionManager::systemWillSleep):
        (WebCore::MediaSessionManager::systemDidWake):
        * platform/audio/MediaSessionManager.h:

        Drive-by fix; notify the MediaSession that playback will begin
        due to autoplay, but do not begin autoplaying if the session
        is already interrupted:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):

        Add new files to project:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:
        * CMakeLists.txt:
        * GNUmakefile.list.am:

2014-03-25  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] The background of children of scrollable elements flowed into regions is not properly scrolled
        https://bugs.webkit.org/show_bug.cgi?id=130574

        Reviewed by David Hyatt.

        When computing the clip rect for painting the box decorations, the scrolled content offset
        must be computed by going up the containing block tree, up to the region.

        Tests: fast/regions/scrollable-region-scrollable-absolute-content-background.html
               fast/regions/scrollable-region-scrollable-content-background.html

        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::decorationsClipRectForBoxInNamedFlowFragment):

2014-03-25  Joseph Pecoraro  <pecoraro@apple.com>

        [iOS] Inspector View Indication Support
        https://bugs.webkit.org/show_bug.cgi?id=130709

        Reviewed by Simon Fraser.

        * inspector/InspectorClient.h:
        (WebCore::InspectorClient::showInspectorIndication):
        (WebCore::InspectorClient::hideInspectorIndication):
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::setIndicating):
        Rename indicate/hideIndication to show/hide names.

2014-03-25  Brent Fulgham  <bfulgham@apple.com>

        Unreviewed build fix. Typo on checkin.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerItem): Left an unmatched open bracket.

2014-03-25  Jer Noble  <jer.noble@apple.com>

        Even further unreviewed build fix after r166247. Unprotect the implementation of HTMLMediaElement::shouldDisableSleep().

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):

2014-03-25  Jer Noble  <jer.noble@apple.com>

        Further unreviewed build fix after r166247. Add DisplaySleepDisabler to the windows project file and
        move the definition of DisplaySleepDisabler's constructor and destructor into the cpp file.

        * WebCore.vcxproj/WebCore.vcxproj:
        * platform/DisplaySleepDisabler.cpp:
        (WebCore::DisplaySleepDisabler::DisplaySleepDisabler):
        (WebCore::DisplaySleepDisabler::~DisplaySleepDisabler):
        * platform/DisplaySleepDisabler.h:

2014-03-25  Jer Noble  <jer.noble@apple.com>

        Unreviewed build fix after r166247. Un-platform-protect the declaration of HTMLMediaElement::shouldDisableSleep()
        and make WebVideoFullscreenController's _displaySleepDisabler a std::unique_ptr.

        * html/HTMLMediaElement.h:
        * platform/mac/WebVideoFullscreenController.h:

2014-03-25  Brent Fulgham  <bfulgham@apple.com>

        [iOS] Pass additional options to AVFoundation during playback.
        https://bugs.webkit.org/show_bug.cgi?id=130624

        Reviewed by Eric Carlson.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::doesHaveAttribute): Return attribute value if the user
        passes a pointer to fill in.
        * html/HTMLMediaElement.h:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::doesHaveAttribute):
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayerClient::doesHaveAttribute):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerItem): Pass additional
        option if supplied by user.

2014-03-25  Michael Saboff  <msaboff@apple.com>

        Unreviewed, rolling out r166070.

        Rollout r166070 due to 2% performance loss in page load times

        Reverted changeset:

        "Change CodeGeneratorJS.pm special cases for "DOMWindow" to be
        general purpose"
        https://bugs.webkit.org/show_bug.cgi?id=130553
        http://trac.webkit.org/changeset/166070

2014-03-25  Michael Saboff  <msaboff@apple.com>

        Unreviewed, rolling out r166126.

        Rollout r166126 in prepartion to roll out prerequisite r166070

        Reverted changeset:

        "toThis() on a JSWorkerGlobalScope should return a JSProxy and
        not undefined"
        https://bugs.webkit.org/show_bug.cgi?id=130554
        http://trac.webkit.org/changeset/166126

2014-03-25  Jer Noble  <jer.noble@apple.com>

        [iOS] Playing video does not disable display sleep.
        https://bugs.webkit.org/show_bug.cgi?id=130729

        Reviewed by Eric Carlson.

        DisplaySleepDisabler was broken by r161589, which replaced the iOS implementation with
        an empty one. Make a platform independent version with a Cocoa-platform subclass. Update
        the APIs to non-deprecated ones.

        * platform/DisplaySleepDisabler.cpp: Added.
        (WebCore::DisplaySleepDisabler::create):
        * platform/DisplaySleepDisabler.h: Added.
        (WebCore::DisplaySleepDisabler::~DisplaySleepDisabler):
        (WebCore::DisplaySleepDisabler::DisplaySleepDisabler):
        * platform/cocoa/DisplaySleepDisablerCocoa.cpp: Renamed from Source/WebCore/platform/mac/DisplaySleepDisabler.cpp.
        (WebCore::DisplaySleepDisabler::create):
        (WebCore::DisplaySleepDisablerCocoa::DisplaySleepDisablerCocoa):
        (WebCore::DisplaySleepDisablerCocoa::~DisplaySleepDisablerCocoa):
        * platform/cocoa/DisplaySleepDisablerCocoa.h: Renamed from Source/WebCore/platform/mac/DisplaySleepDisabler.h.

        Update m_sleepDisabler to be a std::unique_ptr, and unprotect the definition of methods which use it.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::updateSleepDisabling):
        (WebCore::HTMLMediaElement::shouldDisableSleep):
        * html/HTMLMediaElement.h:

        Add the new and renamed files to the project:
        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * WebCore.xcodeproj/project.pbxproj:

2014-03-25  Dirk Schulze  <krit@webkit.org>

        Implement ImageData constructors and WebWorkers exposure
        https://bugs.webkit.org/show_bug.cgi?id=130668

        Reviewed by Dean Jackson.

        Add new constructors for ImageData.

        http://www.whatwg.org/specs/web-apps/current-work/multipage/the-canvas-element.html#pixel-manipulation

        Test: fast/canvas/canvas-imageData.html

        * html/ImageData.cpp: 
        (WebCore::ImageData::create):
        * html/ImageData.h:
        * html/ImageData.idl:

2014-03-25  Myles C. Maxfield  <mmaxfield@apple.com>

        InlineIterator position (unsigned int) variable can wrap around
        https://bugs.webkit.org/show_bug.cgi?id=130540

        Reviewed by Simon Fraser.

        We trigger an ASSERT that occurs when we are ignoring spaces (to collapse them
        into a single whitespace mark) but then encounter a line break. Because we don't ignore
        the first space (but do ignore subsequent spaces), when we hit a newline in an RTL context
        we want to ignore that first space as well (so as not to push the text away from the right
        edge). We do this by decrementing the InlineIterator pointing to this first space, so all
        the spaces get ignored. However, if that space is the first character in a Text node, the
        decrement will try to go past the beginning of the node, and trigger an ASSERT.

        This design is not great. At some point we should rework it to more elegantly handle
        collapsing whitespace in both RTL and LTR writing modes.

        This patch adds an ASSERT earlier in this codepath to catch potential problems earlier.
        It also pulls our sentinel value out into a separate boolean to make it more clear what is
        going on.

        Test: fast/text/whitespace-only-text-in-rtl.html

        * rendering/InlineIterator.h:
        (WebCore::InlineIterator::moveTo): Use the set***() calls
        (WebCore::InlineIterator::setOffset): ASSERT early that our math hasn't wrapped
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::appendRunsForObject): Use new boolean value
        * rendering/line/BreakingContextInlineHeaders.h:
        (WebCore::BreakingContext::handleText): Guard against wraps
        (WebCore::checkMidpoints): Use new boolean value
        * rendering/line/TrailingObjects.cpp:
        (WebCore::TrailingObjects::updateMidpointsForTrailingBoxes): Use new boolean value

2014-03-25  Martin Robinson  <mrobinson@igalia.com>

        [GTK] Remove the autotools build
        https://bugs.webkit.org/show_bug.cgi?id=130717

        Reviewed by Anders Carlsson.

        * GNUmakefile.am: Removed.
        * bindings/gobject/GNUmakefile.am: Removed.
        * config.h: Removed references to autotools configure file.

2014-03-24  Brent Fulgham  <bfulgham@apple.com>

        Prevent 'removetrack' events from firing when all inband text tracks are removed.
        https://bugs.webkit.org/show_bug.cgi?id=130704

        Reviewed by Eric Carlson.

        Test: media/track/track-remove-track.html

        Based on the Blink change (patch by acolwell@chromium.org):
        https://codereview.chromium.org/177243018/

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::prepareForLoad): Reorder steps to match W3C specification.
        (WebCore::HTMLMediaElement::noneSupported): Forget tracks as required by specification.
        (WebCore::HTMLMediaElement::mediaLoadingFailed): Forget tracks as required by specification.
        (WebCore::HTMLMediaElement::removeTextTrack): Only request the 'removetracks' event if
        requested by caller.
        (WebCore::HTMLMediaElement::removeAllInbandTracks): Renamed to 'forgetResourceSpecificTracks'
        (WebCore::HTMLMediaElement::noneSupported): Specify that we want the 'removetracks' event
        fired for this use case.
        (WebCore::HTMLMediaElement::prepareForLoad): Switch to new 'forgetResourceSpecificTracks' name.
        * html/HTMLMediaElement.h:
        * html/track/TextTrackList.cpp:
        (TextTrackList::remove): Only fire the 'removetrack' event if the caller requests it.
        * html/track/TextTrackList.h: Add default argument to fire the 'removetrack' event
        when removing a track.
        * html/track/TrackListBase.cpp:
        (TrackListBase::remove): Only fire the 'removetrack' event if the caller requests it.
        * html/track/TrackListBase.h: Add default argument to fire the 'removetrack' event.

2014-03-25  David Kilzer  <ddkilzer@apple.com>

        Hold a reference to firstSuccessfulSubmitButton in HTMLFormElement::submit
        <http://webkit.org/b/130713>
        <rdar://problem/15661876>

        Reviewed by Darin Adler.

        Merged from Blink (patch by Ian Beer):
        http://crbug.com/303657
        https://src.chromium.org/viewvc/blink?view=rev&revision=158938

        Test: fast/forms/form-submission-crash-successful-submit-button.html

        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::submit):

2014-03-25  Gabor Rapcsanyi  <rgabor@webkit.org>

        [ARM64] GNU assembler fails in TransformationMatrix::multiply
        https://bugs.webkit.org/show_bug.cgi?id=130454

        Reviewed by Zoltan Herczeg.

        Change the NEON intstructions to the proper style.

        * platform/graphics/transforms/TransformationMatrix.cpp:
        (WebCore::TransformationMatrix::multiply):

2014-03-20  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] Vertical rectangles not considered as valid grid areas
        https://bugs.webkit.org/show_bug.cgi?id=130513

        Reviewed by Andreas Kling.

        Grid areas sized as vertical rectangles were incorrectly
        considered as invalid by the parser. That's because the condition
        checking that each new row was adjacent to the previous one was
        using the first row of the currently parsed grid area instead of
        the last one.

        Test: fast/css-grid-layout/grid-template-areas-get-set.html

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseGridTemplateAreas):

2014-03-25  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GTK] Volume slider shows below the panel with videos in certain cases
        https://bugs.webkit.org/show_bug.cgi?id=130608

        Reviewed by Jer Noble.

        We need to delay the moment we check if the volume slider shows up
        or down. If the video was not visible, the offsets were 0 and it
        was forced to be shown below the panel.

        Test: media/video-initially-hidden-volume-slider-up.html

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.createControls): Moved volumebox pseudo from
        the subclass. The test checks for it and it would fail in Mac.
        * Modules/mediacontrols/mediaControlsGtk.js:
        (ControllerGtk.prototype.createControls): Moved volumebox pseudo
        to the superclass.
        (ControllerGtk.prototype.handleMuteButtonMouseOver): Check if
        volume slider should show up or down.
        (ControllerGtk.prototype.updateReadyState): Removed check for
        volume slider direction.

2014-03-24  Brent Fulgham  <bfulgham@apple.com>

        [Win] Enable WebVTT Regions on Windows.
        https://bugs.webkit.org/show_bug.cgi?id=130680

        Reviewed by Eric Carlson.

        * DerivedSources.cpp: Add new build components.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.

2014-03-24  Simon Fraser  <simon.fraser@apple.com>

        Remove some unnecessary includes from PlatformCALayerClient.h
        https://bugs.webkit.org/show_bug.cgi?id=130703

        Reviewed by Andreas Kling.
        
        No need for all these #includes.

        * platform/graphics/ca/PlatformCALayerClient.h:

2014-03-24  Adenilson Cavalcanti  <cavalcantii@gmail.com>

        [core] FEGaussianBlur: use IntSize to simplify member function interface
        https://bugs.webkit.org/show_bug.cgi?id=130695

        Reviewed by Dean Jackson.

        By returning an IntSize to store the calculated kernel size values
        it is possible to have less function parameters. This patch also
        streamlines a bit the code in calculateUnscaledKernelSize.

        No new tests, no change in behavior.

        * platform/graphics/filters/FEDropShadow.cpp:
        (WebCore::FEDropShadow::determineAbsolutePaintRect):
        * platform/graphics/filters/FEGaussianBlur.cpp:
        (WebCore::FEGaussianBlur::calculateUnscaledKernelSize):
        (WebCore::FEGaussianBlur::calculateKernelSize):
        (WebCore::FEGaussianBlur::determineAbsolutePaintRect):
        (WebCore::FEGaussianBlur::platformApplySoftware):
        * platform/graphics/filters/FEGaussianBlur.h:
        (if): Deleted.
        * platform/graphics/filters/FilterOperations.cpp:
        (WebCore::outsetSizeForBlur):

2014-03-24  Brian Burg  <bburg@apple.com>

        Web Replay: capture and replay keyboard events
        https://bugs.webkit.org/show_bug.cgi?id=130314

        Reviewed by Joseph Pecoraro.

        Upstream support for capturing and replaying non-IME keyboard input.
        This works similarly to mouse events. It introduces optional fields and
        macros to encode/decode them.

        Test: ManualTests/inspector/replay-keyboard-events.html

        * replay/ReplayInputDispatchMethods.cpp:
        (WebCore::HandleKeyPress::dispatch):
        * replay/SerializationMethods.cpp:
        (JSC::EncodingTraits<NondeterministicInputBase>::encodeValue):
        (JSC::EncodingTraits<NondeterministicInputBase>::decodeValue): Switch existing
        encode/decode calls to use the shortening macros.
        (JSC::EncodingTraits<KeypressCommand>::encodeValue): Added.
        (JSC::EncodingTraits<KeypressCommand>::decodeValue): Added.
        (JSC::PlatformKeyboardEventAppKit::PlatformKeyboardEventAppKit): Subclass
        PlatformKeyboardEvent so that we can set AppKit-specific members not
        initialized through the main constructors.
        (JSC::EncodingTraits<PlatformKeyboardEvent>::encodeValue): Added.
        (JSC::EncodingTraits<PlatformKeyboardEvent>::decodeValue): Added.
        * replay/SerializationMethods.h:
        * replay/UserInputBridge.cpp:
        (WebCore::UserInputBridge::UserInputBridge): initialize m_state inside a guard.
        (WebCore::UserInputBridge::handleKeyEvent): fill in the implementation.
        * replay/WebInputs.json:

2014-03-24  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        Optimizing string construction for type error in JSNavigatorCustom.cpp
        https://bugs.webkit.org/show_bug.cgi?id=130683

        Reviewed by Eric Carlson.

        * bindings/js/JSNavigatorCustom.cpp:
        (WebCore::JSNavigator::webkitGetUserMedia):

2014-03-24  Beth Dakin  <bdakin@apple.com>

        Legacy-style scrollbars constantly redraw after scrolling
        https://bugs.webkit.org/show_bug.cgi?id=130699

        Reviewed by Simon Fraser.

        The constant re-draw was happening because we were never calling [ScrollbarPainter 
        setUsePresentationValue:NO]. This is a silly bug where were should have been 
        looking at PlatformWheelEvent::momentumPhase() instead of 
        PlatformWheelEvent::phase()

        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
        (WebCore::ScrollingTreeScrollingNodeMac::handleWheelEvent):

2014-03-24  Daniel Bates  <dabates@apple.com>

        XSS Auditor doesn't block <script> injected before an existing <script>
        https://bugs.webkit.org/show_bug.cgi?id=130475

        Merged from Blink (patch by Tom Sepez):
        https://src.chromium.org/viewvc/blink?view=rev&revision=169697

        Tests: http/tests/security/xssAuditor/script-tag-expression-follows.html
               http/tests/security/xssAuditor/script-tag-near-start.html

        * html/parser/XSSAuditor.cpp:
        (WebCore::startsHTMLCommentAt):
        (WebCore::startsSingleLineCommentAt):
        (WebCore::startsMultiLineCommentAt):
        (WebCore::startsOpeningScriptTagAt):
        (WebCore::XSSAuditor::decodedSnippetForJavaScript):

2014-03-24  Brent Fulgham  <bfulgham@apple.com>

        Activate WebVTT Tests Once Merging is Complete
        https://bugs.webkit.org/show_bug.cgi?id=130420

        Reviewed by Eric Carlson.

        * Configurations/FeatureDefines.xcconfig: Turn on ENABLE(WEBVTT_REGIONS)

2014-03-24  Anders Carlsson  <andersca@apple.com>

        Re-fix the build.

        * WebCore.exp.in:

2014-03-24  Anders Carlsson  <andersca@apple.com>

        Fix build.

        * WebCore.exp.in:
        Move a CFNetwork only symbol inside the USE(CFNETWORK) section.

2014-03-24  Chris Fleizach  <cfleizach@apple.com>

        Regression: AX: Don't expose role or notifications for invalid menus
        https://bugs.webkit.org/show_bug.cgi?id=129814

        Reviewed by Mario Sanchez Prada.

        If a role=menu has no menuitem children, it should not be a menu.
        This was a bit tricky to implement since we need to update the role after the children are created,
        but it means we have to be a bit more aggressive about when to updateChildren, so that the role
        is known to be valid.

        Test: platform/mac/accessibility/invalid-menu-role-does-not-send-notification.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::notificationPostTimerFired):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::updateRoleAfterChildrenCreation):
        (WebCore::AccessibilityRenderObject::addChildren):
        * accessibility/AccessibilityRenderObject.h:
        * accessibility/mac/WebAccessibilityObjectWrapperBase.mm:
        (-[WebAccessibilityObjectWrapperBase updateObjectBackingStore]):

2014-03-24  Andy Estes  <aestes@apple.com>

        [iOS] Download support by CFURLDownloadRef under USE(CFNETWORK).
        https://bugs.webkit.org/show_bug.cgi?id=129322

        Reviewed by Anders Carlsson.

        * platform/network/ResourceHandle.h:
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::releaseConnectionForDownload): Changed to
        return a RetainPtr that adopts the connection's retain count.

2014-03-24  Enrica Casucci  <enrica@apple.com>

        Update Hindi fallback font.
        https://bugs.webkit.org/show_bug.cgi?id=130690
        <rdar://problem/16391601>

        Reviewed by Sam Weinig.

        Using the new available font for Hindi in the fallback list.

        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::FontCache::systemFallbackForCharacters):

2014-03-24  Brent Fulgham  <bfulgham@apple.com>

        Merge Minor WebVTT Cleanups from Blink
        https://bugs.webkit.org/show_bug.cgi?id=130681

        Reviewed by Eric Carlson.

        Merged from Blink (patch by philipj@opera.com):
        https://chromium.googlesource.com/chromium/blink/+/693eb5e2933dca0eab5bbd604e9f3406fe9fd1ab
        http://crbug.com/52593009
        https://chromium.googlesource.com/chromium/blink/+/40b3602feab34e9be829fd742b6ad6ded322a09f
        http://crbug.com/104243003

        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::setMode):
        * html/track/TextTrack.idl:
        * html/track/TextTrackCue.h:
        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::VTTCue):
        * html/track/VTTCue.h:

2014-03-24  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r166169.
        https://bugs.webkit.org/show_bug.cgi?id=130682

        This patch broke tests on Apple Mavericks (Requested by fredw
        on #webkit).

        Reverted changeset:

        "Operator stretching: expose a math data API"
        https://bugs.webkit.org/show_bug.cgi?id=130572
        http://trac.webkit.org/changeset/166169

2014-03-24  Martin Hodovan  <mhodovan@inf.u-szeged.hu>

        ENABLE(CSS_GRID_LAYOUT) guard for CSSGridLineNamesValue
        https://bugs.webkit.org/show_bug.cgi?id=130669

        Reviewed by Sergio Villar Senin.

        No new tests. No new functionality.

        * css/CSSGridLineNamesValue.cpp:
        * css/CSSGridLineNamesValue.h:

2014-03-24  Chris Fleizach  <cfleizach@apple.com>

        <hr> should expose AXRole/AXSubrole, etc
        https://bugs.webkit.org/show_bug.cgi?id=109015

        Reviewed by Mario Sanchez Prada.

        Expose the <hr> element to Mac and iOS through the accessibility interface.

        Test: platform/mac/accessibility/hr-element.html

        * English.lproj/Localizable.strings:
        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::isEnabled):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::computedRoleString):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored):
        * accessibility/atk/AccessibilityObjectAtk.cpp:
        (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):
        (-[WebAccessibilityObjectWrapper accessibilityLabel]):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (createAccessibilityRoleMap):
        (-[WebAccessibilityObjectWrapper subrole]):
        (-[WebAccessibilityObjectWrapper roleDescription]):
        * platform/LocalizedStrings.cpp:
        (WebCore::AXHorizontalRuleDescriptionText):
        * platform/LocalizedStrings.h:

2014-03-24  Antti Koivisto  <antti@apple.com>

        Invalidate sibling text node style when needed instead of attaching synchronously
        https://bugs.webkit.org/show_bug.cgi?id=130590

        Reviewed by Andreas Kling.
        
        Make things simpler.

        * style/StyleResolveTree.cpp:
        (WebCore::Style::invalidateWhitespaceOnlyTextSiblingsAfterAttachIfNeeded):
        
            Just invalidate instead of calling attach directly.
            Rename to match.

        (WebCore::Style::textRendererIsNeeded):
        (WebCore::Style::createTextRendererIfNeeded):
        
            Move all testing to textRendererIsNeeded.

        (WebCore::Style::updateTextRendererAfterContentChange):
        
            Call resolveTextNode instead of re-implementing the same thing.

        (WebCore::Style::resolveLocal):
        (WebCore::Style::resolveTextNode):
        
            Avoid unnecessary reattaching.
            Rename for consistency.

        (WebCore::Style::resolveShadowTree):
        (WebCore::Style::resolveTree):
        
2014-03-24  Zsolt Borbely  <zsborbely.u-szeged@partner.samsung.com>

        Fix !ENABLE(VIDEO) build
        https://bugs.webkit.org/show_bug.cgi?id=130671

        Reviewed by Eric Carlson.

        Add missing ENABLE(VIDEO) guards because many functions use
        the newly guarded functions.

        * testing/Internals.cpp:
        * testing/Internals.h:
        * testing/Internals.idl:

2014-03-24  Antti Koivisto  <antti@apple.com>

        Text autosizing does not determine line count correctly for simple line layout
        https://bugs.webkit.org/show_bug.cgi?id=130673

        Reviewed by Daniel Bates.
        
        We don't count lines correctly in simple line layout case.

        * page/Frame.cpp:
        (WebCore::Frame::textAutosizingWidth):
        (WebCore::Frame::setTextAutosizingWidth):
        * page/ios/FrameIOS.mm:
        (WebCore::Frame::textAutosizingWidth): Deleted.
        (WebCore::Frame::setTextAutosizingWidth): Deleted.
        
            Move to Frame.cpp to make enabling on non-iOS build easier.

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::lineCount):
        
            Handle simple line layout case.

        (WebCore::RenderBlockFlow::lineCountForTextAutosizing):
            
            Call lineCount() if children are inline.
            Rename for clarity.

        (WebCore::RenderBlockFlow::adjustComputedFontSizes):
        (WebCore::RenderBlockFlow::immediateLineCount): Deleted.
        * rendering/RenderBlockFlow.h:

2014-03-24  Frédéric Wang  <fred.wang@free.fr>

        [regression] background colors do not apply to <mo> elements.
        https://bugs.webkit.org/show_bug.cgi?id=130470.

        Test: mathml/presentation/tokenElements-background-color.html

        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::paint): always call the parent painting to draw the background.
        (WebCore::RenderMathMLOperator::paintChildren): move the special case for invisible operator here.

2014-03-24  Frédéric Wang  <fred.wang@free.fr>

        Operator stretching: expose a math data API
        https://bugs.webkit.org/show_bug.cgi?id=130572

        Reviewed by Chris Fleizach.

        We expose a new SimpleFontData API to give access to the data from the
        OpenType MATH table using a font cache. The class OpenTypeMathData will
        be implemented in bug 130324. On Darwin platform, we also implement the
        missing FontPlatformData::openTypeTable function which will be necessary
        to load the OpenType MATH table. The changes are intended to be used
        for MathML operator stretching (bug 130322) so tests are not added yet.

        * CMakeLists.txt: add new OpenTypeMathData files.
        * GNUmakefile.list.am: ditto.
        * WebCore.vcxproj/WebCore.vcxproj: ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: ditto.
        * WebCore.xcodeproj/project.pbxproj: ditto.
        * platform/graphics/FontCache.cpp: We add a FontCache::getMathData function to implement a cache for the math data.
        We make the math and vertical data share the same key for the cache.
        (WebCore::fontMathDataCacheInstance):
        (WebCore::FontCache::getMathData):
        (WebCore::fontVerticalDataCacheInstance):
        * platform/graphics/FontCache.h: We declare FontCache::getMathData and FontFileKey on all platforms.
        * platform/graphics/FontPlatformData.cpp:
        (WebCore::FontPlatformData::openTypeTable): We implement openTypeTable() on Darwin platform.
        * platform/graphics/FontPlatformData.h: We expose openTypeTable() on Darwin platform.
        * platform/graphics/SimpleFontData.cpp: We initialize m_mathData from the font cache.
        (WebCore::SimpleFontData::SimpleFontData):
        * platform/graphics/SimpleFontData.h: We expose a mathData() function to access the MATH data.
        * platform/graphics/opentype/OpenTypeMathData.cpp: Added. This is a new class that will be used to parse the data from the OpenType MATH table.
        (WebCore::OpenTypeMathData::OpenTypeMathData):
        * platform/graphics/opentype/OpenTypeMathData.h: Added.
        (WebCore::OpenTypeMathData::create):
        (WebCore::OpenTypeMathData::hasMathData):

2014-03-24  Jon Lee  <jonlee@apple.com>

        Build fixes.

        Unreviewed.

        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::writeSelectionToPasteboard): Convert to reference.

2014-03-24  Martin Hodovan  <mhodovan@inf.u-szeged.hu>

        ENABLE(VIDEO_TRACK) guard for CSSParserSelector::parsePseudoCueFunctionSelector
        https://bugs.webkit.org/show_bug.cgi?id=130666

        Reviewed by Andreas Kling.

        No new tests. No new functionality.

        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::parsePseudoCueFunctionSelector): Deleted.

2014-03-24  Javier Fernandez  <jfernandez@igalia.com>

        [CSS Grid Layout] Update named <grid-line> syntax to the last version of the specs
        https://bugs.webkit.org/show_bug.cgi?id=129041

        Reviewed by Sergio Villar Senin.

        From Blink r162555 by <svillar@igalia.com>

        Names for grid lines are now specified as a list of whitespace separated
        idents enclosed in parentheses instead of as a list of strings.

        Updated tests to match the new <grid-line> syntax.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * WebCore.xcodeproj/project.pbxproj: Added info of the new file for the CSSGridLineNamesValue class.
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::addValuesForNamedGridLinesAtIndex): The named <grid-line> value is now a list.
        * css/CSSGrammar.y.in: New syntax for named <grid-line>.
        * css/CSSGridLineNamesValue.cpp: Added.
        (WebCore::CSSGridLineNamesValue::customCSSText): String representation of the named <grid-line> as a list of Strings.
        (WebCore::CSSGridLineNamesValue::CSSGridLineNamesValue): Constructor.
        (WebCore::CSSGridLineNamesValue::cloneForCSSOM): Ref counted cloning function.
        * css/CSSGridLineNamesValue.h: Added.
        (WebCore::CSSGridLineNamesValue::create): Ref counted constructor.
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseGridLineNames): It replaces the old parseGrdTrackNames.
        (WebCore::CSSParser::parseGridTrackList): Using the new named <grid-line> syntax.
        (WebCore::CSSParser::parseGridTrackRepeatFunction): Using the new named <grid-line> syntax.
        * css/CSSParser.h:
        * css/CSSParserValues.cpp:
        (WebCore::destroy): Handling the case of CSSValue being CSSValueList intances.
        (WebCore::CSSParserValue::createCSSValue): Handling the case of CSSValue being CSSValueList intances.
        * css/CSSParserValues.h:
        (WebCore::CSSParserValue::setFromValueList): Adds the named <grid-line> list to the CSSParserValueList instance.
        * css/CSSValue.cpp:
        (WebCore::CSSValue::equals): Handling the case of the new CSSGridLineNamesValue class.
        (WebCore::CSSValue::cssText): Handling the case of the new CSSGridLineNamesValue class.
        (WebCore::CSSValue::destroy): Handling the case of the new CSSGridLineNamesValue class.
        * css/CSSValue.h:
        (WebCore::CSSValue::isGridLineNamesValue): Type cast check for the new CSSGridLineNamesValue class.
        * css/StyleResolver.cpp:
        (WebCore::createGridTrackList): Using the new named <grid-line> syntax.

2014-03-23  Sam Weinig  <sam@webkit.org>

        Convert WebHTMLConverter to C++
        https://bugs.webkit.org/show_bug.cgi?id=130655

        Reviewed by Andreas Kling.

        - Mechanically converts the Objective-C class WebHTMLConverter, to the C++ HTMLConverter (lots of cleanup to follow).
        - Removes unused members
            - _standardFontFamily (never assigned to)
            - _textSizeMultiplier (always exactly 1)
            - _webViewTextSizeMultiplier (always exactly 0)
            - _defaultFontSize (always exactly 12, changed to be constant)
            - _minimumFontSize (always exactly 1, changed to be constant)
            - _colorsForNodes (never assigned to)
            - _indexingLimit (always exactly 0)
            - _thumbnailLimit (always exactly 0)
            - _flags.isIndexing (always false)
            - _flags.isTesting (always false)

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverter::convert):
        (HTMLConverter::HTMLConverter):
        (HTMLConverter::~HTMLConverter):
        (defaultParagraphStyle):
        (_childrenForNode):
        (HTMLConverter::_stringForNode):
        (HTMLConverter::_getFloat):
        (_webKitBundle):
        (HTMLConverter::_elementIsBlockLevel):
        (HTMLConverter::_elementHasOwnBackgroundColor):
        (HTMLConverter::_blockLevelElementForNode):
        (HTMLConverter::_colorForNode):
        (HTMLConverter::_computedAttributesForElement):
        (HTMLConverter::_attributesForElement):
        (HTMLConverter::_newParagraphForElement):
        (HTMLConverter::_newLineForElement):
        (HTMLConverter::_newTabForElement):
        (_WebMessageDocumentClass):
        (HTMLConverter::_addAttachmentForElement):
        (HTMLConverter::_addQuoteForElement):
        (HTMLConverter::_addValue):
        (HTMLConverter::_fillInBlock):
        (HTMLConverter::_processMetaElementWithName):
        (HTMLConverter::_processHeadElement):
        (HTMLConverter::_enterElement):
        (HTMLConverter::_addTableForElement):
        (HTMLConverter::_addTableCellForElement):
        (HTMLConverter::_processElement):
        (HTMLConverter::_addMarkersToList):
        (HTMLConverter::_exitElement):
        (HTMLConverter::_processText):
        (HTMLConverter::_traverseNode):
        (HTMLConverter::_traverseFooterNode):
        (HTMLConverter::_adjustTrailingNewline):
        (HTMLConverter::_loadFromDOMRange):
        (fileWrapperForURL):
        (fileWrapperForElement):
        (WebCore::attributedStringFromRange):
        (WebCore::editingAttributedStringFromRange):

2014-03-23  Jinwoo Song  <jinwoo7.song@samsung.com>

        Remove Dead Stores from editing directory
        https://bugs.webkit.org/show_bug.cgi?id=130634

        Reviewed by Darin Adler.

        Remove Dead Stores from editing directory which assigning a value to a variable
        and never reading that value.

        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::mergeStartWithPreviousIfIdentical):
        * editing/markup.cpp:
        (WebCore::createMarkupInternal):

2014-03-23  Hyowon Kim  <hw1008.kim@samsung.com>

        Move all EFL typedefs into EflTypedefs.h.
        https://bugs.webkit.org/show_bug.cgi?id=130511

        Reviewed by Gyuyoung Kim.

        * platform/FileSystem.h: Remove EFL typedefs.
        * platform/Widget.h: Ditto.
        * platform/efl/EflScreenUtilities.h: Ditto.
        * platform/graphics/Icon.h: Ditto.
        * platform/graphics/Image.h: Ditto.
        * platform/graphics/IntPoint.h: Ditto.
        * platform/graphics/IntRect.h: Ditto.
        * platform/network/NetworkStateNotifier.h: Ditto.

2014-03-23  Sam Weinig  <sam@webkit.org>

        Move HTMLConverter from platform/mac to editing/cocoa.

        Rubber-stamped by Darin Adler.

        * WebCore.xcodeproj/project.pbxproj:
        * editing/cocoa: Added.
        * editing/cocoa/HTMLConverter.h: Copied from platform/mac/HTMLConverter.h.
        * editing/cocoa/HTMLConverter.mm: Copied from platform/mac/HTMLConverter.mm.
        * platform/mac/HTMLConverter.h: Removed.
        * platform/mac/HTMLConverter.mm: Removed.

2014-03-23  Sam Weinig  <sam@webkit.org>

        Simplify the HTMLConverter interface (Part 2)
        https://bugs.webkit.org/show_bug.cgi?id=130654

        Reviewed by Darin Adler.

        Switch HTMLConverter from using an Objective-C interface to C functions.

        * WebCore.exp.in:
        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::writeSelectionToPasteboard):
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::dataSelectionForPasteboard):
        (WebCore::Editor::writeSelectionToPasteboard):
        * platform/ios/PasteboardIOS.mm:
        * platform/mac/HTMLConverter.h:
        * platform/mac/HTMLConverter.mm:
        (WebCore::attributedStringFromRange):
        (WebCore::editingAttributedStringFromRange):
        * platform/mac/PasteboardMac.mm:

2014-03-23  Darin Adler  <darin@apple.com>

        Remove code in HTMLObjectElement attribute parsing that forces style resolution and layout
        https://bugs.webkit.org/show_bug.cgi?id=130653

        Reviewed by Antti Koivisto.

        * dom/ContainerNode.cpp: Moved the post-attach callback code from here to
        StyleResolveTree.h/cpp.
        * dom/ContainerNode.h: Ditto.

        * dom/Document.cpp:
        (WebCore::Document::recalcStyle): Use Style::PostResolutionCallbackDisabler instead of
        PostAttachCallbackDisabler.

        * dom/Element.h: Moved the post-attach callback code from here to StyleResolveTree.h/cpp.

        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::parseAttribute): Simplified the code for typeAttr, turning
        it into a 1-liner. Added a FIXME in codeAttr about the fact that it does not have the
        code to trigger image loads. Changed srcAttr to call updateImageLoaderWithNewURLSoon to
        do the image loading logic.

        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::didAttachRenderers): Updated to use
        Style::queuePostResolutionCallback and use a lambda instead of a function.
        (WebCore::HTMLFormControlElement::didRecalcStyle): Ditto. Also added RefPtr instead
        of just using wishful thinking to keep the object alive.
        * html/HTMLFrameOwnerElement.cpp:
        (WebCore::HTMLFrameOwnerElement::scheduleSetNeedsStyleRecalc): Ditto.

        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::parseAttribute):: Simplified the code for typeAttr, turning
        it into a 1-liner. Changed dataAttr to use updateImageLoaderWithNewURLSoon(). Also made
        it call setNeedsWidgetUpdate(true) unconditionally after checking carefully to see that's
        harmless if there is no renderer. Changed classidAttr to call setNeedsWidgetUpdate(true)
        unconditionally and not set m_classId.
        (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk): Use fastGetAttribute
        instead of classId and descendantsOfType instead of getElementsByTagName.
        (WebCore::HTMLObjectElement::hasValidClassId): Use fastGetAttribute instead of classId.
        (WebCore::HTMLObjectElement::renderFallbackContent): Use imageLoader instead of m_imageLoader.

        * html/HTMLObjectElement.h: Removed classId, since there is no reason to cache that
        attribute in a data member. Rearranged header, making more private, and fixing some typos,
        and doing a "using" instead of a function to disambiguate the inherited form functions.

        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::HTMLPlugInImageElement): Initialize m_needsImageReload.
        (WebCore::HTMLPlugInImageElement::createElementRenderer): Fixed some code that assumed the
        first child of the shadow root is guaranteed to be an element.
        (WebCore::HTMLPlugInImageElement::didRecalcStyle): Added. Calls the new
        scheduleUpdateForAfterStyleResolution function.
        (WebCore::HTMLPlugInImageElement::didAttachRenderers): Moved all the logic from this
        function into scheduleUpdateForAfterStyleResolution. Also added a call through to the base
        class; cleaner even though it's just an assertion.
        (WebCore::HTMLPlugInImageElement::scheduleUpdateForAfterStyleResolution): Added.
        Schedules a call to updateAfterStyleResolution when needed.
        (WebCore::HTMLPlugInImageElement::updateAfterStyleResolution): Added.
        Combines updateWidgetIfNecessary and startLoadingImage, and also deals with the new
        m_needsImageReload boolean in cases where no actual loading is done.
        (WebCore::HTMLPlugInImageElement::removedFrom): Added. Do not delay the load event of
        document once this element is removed, clears m_needsImageReload.
        (WebCore::HTMLPlugInImageElement::didMoveToNewDocument): Removed null check on oldDocument,
        since m_needsDocumentActivationCallbacks can't be true if the old document was null.
        (WebCore::is100Percent): Added helper to make function below more readable.
        (WebCore::HTMLPlugInImageElement::subframeLoaderWillCreatePlugIn): Restructured the code a
        bit. The part that attracted my attention was the local variable of type RenderBox, which
        was named renderEmbeddedObject. Turns out the caller guarantees to only call this if there
        is a renderer of type RenderEmbeddedObject, so depend on that.
        (WebCore::HTMLPlugInImageElement::setNeedsImageReload): Added. When called with true, sets
        the flag and triggers a style recalculation, and lets updateAfterStyleResolution do the rest.
        When called with false, reverses the effects and stops delaying the load event.

        * html/HTMLPlugInImageElement.h: Trimmed includes a bit. Made more members private.
        Marked more function members final. Made a protected imageLoader function so that
        m_imageLoader can be private. Added new protected function updateImageLoaderWithNewURLSoon,
        as well as other new private functions. Made m_imageLoader be std::unique_ptr instead of
        OwnPtr, and added m_needsImageReload.

        * style/StyleResolveTree.cpp:
        (WebCore::Style::needsPseudoElement): Fixed spelling error in the name of this function.
        (WebCore::Style::attachBeforeOrAfterPseudoElementIfNeeded): Updated for name change.
        (WebCore::Style::attachRenderTree): Update for new name of PostResolutionCallbackDisabler.
        (WebCore::Style::updateBeforeOrAfterPseudoElement): Updated for name change.
        (WebCore::Style::postResolutionCallbackQueue): Added.
        (WebCore::Style::queuePostResolutionCallback): Added.
        (WebCore::Style::suspendMemoryCacheClientCalls): Added. This is a side effect of the original
        PostAttachCallbackDisabler that is now done in a cleaner way, using the callback queue, instead
        of as a special case. It should not work for multiple documents across multiple pages instead of
        only the outermost one.
        (WebCore::Style::PostResolutionCallbackDisabler::PostResolutionCallbackDisabler): Added.
        Calls suspendMemoryCacheClientCalls, but a FIXME tries to point out why that isn't so great.
        (WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler): Added.
        (WebCore::Style::postResolutionCallbacksAreSuspended): Added.

        * style/StyleResolveTree.h: Added queuePostResolutionCallback and
        postResolutionCallbacksAreSuspended. Also added PostResolutionCallbackDisabler, which should
        eventually become a private implementation detail.

2014-03-23  Sam Weinig  <sam@webkit.org>

        Simplify the HTMLConverter interface (Part 1)
        https://bugs.webkit.org/show_bug.cgi?id=130654

        Reviewed by Dan Bernstein.

        Convert WebHTMLConverter's interface to only use class methods as the first
        step of simplifying the interface. 

        * editing/ios/EditorIOS.mm:
        (WebCore::attributedStringForRange):
        * editing/mac/EditorMac.mm:
        (WebCore::attributedStringForRange):
        * platform/mac/HTMLConverter.h:
        * platform/mac/HTMLConverter.mm:
        (+[WebHTMLConverter attributedStringFromRange:]):

2014-03-23  James Craig  <jcraig@apple.com>

        Web Inspector: AXI: add other ARIA one-to-many relationships: owns, flowto, controls.
        https://bugs.webkit.org/show_bug.cgi?id=130635

        Reviewed by Timothy Hatcher.

        Support for @aria-owns, @aria-controls, and @aria-flowto.

        Test: inspector-protocol/dom/getAccessibilityPropertiesForNode.html

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
        * inspector/protocol/DOM.json:

2014-03-23  Simon Fraser  <simon.fraser@apple.com>

        Clean up #includes by geometry classes
        https://bugs.webkit.org/show_bug.cgi?id=130645

        Reviewed by Andreas Kling.

        Pulling in <wtf/Vector.h> and <wtf/PrintStream.h> in the simple geometry
        classes brings in a lot of additional headers. Fix by adding a new
        GeometryUtilities file so that the basic files don't need Vector,
        and including GeometryUtilities.h where necessary.
        
        Also forward declare PrintStream.h and only bring in the header
        in implementation files.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSToStyleMap.h:
        * html/HTMLCanvasElement.cpp:
        * platform/cairo/WidgetBackingStoreCairo.h:
        * platform/graphics/FloatPoint.cpp:
        * platform/graphics/FloatPoint.h:
        * platform/graphics/FloatRect.cpp:
        * platform/graphics/FloatRect.h:
        * platform/graphics/FloatSize.cpp:
        * platform/graphics/FloatSize.h:
        * platform/graphics/GeometryUtilities.cpp: Added.
        (WebCore::findSlope):
        (WebCore::findIntersection):
        (WebCore::unionRect):
        (WebCore::mapRect):
        * platform/graphics/GeometryUtilities.h: Copied from Source/WebCore/platform/graphics/TextTrackRepresentation.h.
        * platform/graphics/IntPoint.h:
        * platform/graphics/IntRect.cpp:
        * platform/graphics/IntRect.h:
        * platform/graphics/IntSize.h:
        * platform/graphics/TextTrackRepresentation.h:
        * platform/graphics/Tile.h:
        * platform/graphics/texmap/coordinated/UpdateAtlas.h:
        * platform/gtk/WidgetBackingStoreGtkX11.h:
        * rendering/RenderBoxModelObject.cpp:
        * rendering/RenderImage.cpp:
        * rendering/RenderObject.cpp:

2014-03-23  Simon Fraser  <simon.fraser@apple.com>

        Clean up #includes by geometry classes
        https://bugs.webkit.org/show_bug.cgi?id=130645

        Reviewed by Andreas Kling.

        Pulling in <wtf/Vector.h> and <wtf/PrintStream.h> in the simple geometry
        classes brings in a lot of additional headers. Fix by adding a new
        GeometryUtilities file so that the basic files don't need Vector,
        and including GeometryUtilities.h where necessary.
        
        Also forward declare PrintStream.h and only bring in the header
        in implementation files.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSToStyleMap.h:
        * html/HTMLCanvasElement.cpp:
        * platform/cairo/WidgetBackingStoreCairo.h:
        * platform/graphics/FloatPoint.cpp:
        * platform/graphics/FloatPoint.h:
        * platform/graphics/FloatRect.cpp:
        * platform/graphics/FloatRect.h:
        * platform/graphics/FloatSize.cpp:
        * platform/graphics/FloatSize.h:
        * platform/graphics/GeometryUtilities.cpp: Added.
        (WebCore::findSlope):
        (WebCore::findIntersection):
        (WebCore::unionRect):
        (WebCore::mapRect):
        * platform/graphics/GeometryUtilities.h: Copied from Source/WebCore/platform/graphics/TextTrackRepresentation.h.
        * platform/graphics/IntPoint.h:
        * platform/graphics/IntRect.cpp:
        * platform/graphics/IntRect.h:
        * platform/graphics/IntSize.h:
        * platform/graphics/TextTrackRepresentation.h:
        * platform/graphics/Tile.h:
        * platform/gtk/WidgetBackingStoreGtkX11.h:
        * rendering/RenderBoxModelObject.cpp:
        * rendering/RenderImage.cpp:
        * rendering/RenderObject.cpp:

2014-03-22  Chang Shu  <cshu@webkit.org>

        Replace deprecatedIsCollapsibleWhitespace with RenderStyle::isCollapsibleWhiteSpace in TextIterator.
        https://bugs.webkit.org/show_bug.cgi?id=130612.

        Reviewed by Darin Adler.

        Some layout tests are affected by this change but the new behavior should be correct.

        * editing/TextIterator.cpp:
        (WebCore::TextIterator::handleTextNode):
        (WebCore::TextIterator::handleTextBox):

2014-03-22  Sam Weinig  <sam@webkit.org>

        Switch HTMLConverter to use CSSPropertyIDs to refer to CSS properties
        https://bugs.webkit.org/show_bug.cgi?id=130639

        Reviewed by Darin Adler.

        This is a ~15% speedup on PerformanceTests/Interactive/CopyAll.html.

        - Removes gratuitous lookup of CSS properties that are known at compile time.
        - Removes attempted use of non-supported CSS properties (font-effect and horizontal-align) 
          that will alway yield the same results.
        - Fix some obvious typos where the author thought they were testing for fontKerning or fontLigatures
          but instead used the non-existent font-effect.

        * platform/mac/HTMLConverter.mm:
        (HTMLConverterCaches::computedStylePropertyForElement):
        (HTMLConverterCaches::inlineStylePropertyForElement):
        (HTMLConverterCaches::propertyValueForNode):
        (-[WebHTMLConverter _stringForNode:property:]):
        (HTMLConverterCaches::floatPropertyValueForNode):
        (-[WebHTMLConverter _getFloat:forNode:property:]):
        (HTMLConverterCaches::isBlockElement):
        (HTMLConverterCaches::elementHasOwnBackgroundColor):
        (HTMLConverterCaches::colorPropertyValueForNode):
        (-[WebHTMLConverter _colorForNode:property:]):
        (-[WebHTMLConverter _computedAttributesForElement:]):
        (-[WebHTMLConverter _addAttachmentForElement:URL:needsParagraph:usePlaceholder:]):
        (-[WebHTMLConverter _fillInBlock:forElement:backgroundColor:extraMargin:extraPadding:isTable:]):
        (-[WebHTMLConverter _addTableForElement:]):
        (-[WebHTMLConverter _addTableCellForElement:]):
        (-[WebHTMLConverter _processElement:tag:display:depth:]):
        (-[WebHTMLConverter _exitElement:tag:display:depth:startIndex:]):
        (-[WebHTMLConverter _processText:]):
        (-[WebHTMLConverter _traverseNode:depth:embedded:]):

2014-03-22  Andreas Kling  <akling@apple.com>

        Fix debug build.

        * bindings/js/JSDOMBinding.h:
        (WebCore::createWrapper):

2014-03-22  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Add *final* keyword to NavigatorContentUtils class
        https://bugs.webkit.org/show_bug.cgi?id=130636

        Reviewed by Darin Adler.

        NavigatorContentUtils won't be used as a base class. So, added final keyword.

        No new tests, no behavior changes.

        * Modules/navigatorcontentutils/NavigatorContentUtils.h:

2014-03-22  Andreas Kling  <akling@apple.com>

        CREATE_DOM_WRAPPER doesn't need the ExecState.
        <https://webkit.org/b/130648>

        Remove the ExecState parameter from CREATE_DOM_WRAPPER and get all
        that we need from the global object instead.

        toJS() and toJSNewlyCreated() still take an ExecState, that needs
        to be dealt with separately since some of them have scary looking
        currentWorld() checks.

        Reviewed by Darin Adler.

        * bindings/js/JSAudioContextCustom.cpp:
        (WebCore::JSAudioContextConstructor::constructJSAudioContext):
        * bindings/js/JSBlobCustom.cpp:
        (WebCore::toJS):
        (WebCore::JSBlobConstructor::constructJSBlob):
        * bindings/js/JSCDATASectionCustom.cpp:
        (WebCore::toJSNewlyCreated):
        * bindings/js/JSCSSRuleCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSCSSValueCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSCanvasRenderingContextCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSDOMBinding.h:
        (WebCore::createWrapper):
        (WebCore::wrap):
        (WebCore::createNewWrapper):
        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSElementCustom.cpp:
        (WebCore::toJSNewlyCreated):
        * bindings/js/JSEventCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSHTMLCollectionCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSHTMLTemplateElementCustom.cpp:
        (WebCore::JSHTMLTemplateElement::content):
        * bindings/js/JSIDBAnyCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSImageDataCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSMediaStreamCapabilitiesCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSNodeCustom.cpp:
        (WebCore::createWrapperInline):
        * bindings/js/JSPerformanceEntryCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSRTCIceCandidateCustom.cpp:
        (WebCore::JSRTCIceCandidateConstructor::constructJSRTCIceCandidate):
        * bindings/js/JSRTCPeerConnectionCustom.cpp:
        (WebCore::JSRTCPeerConnectionConstructor::constructJSRTCPeerConnection):
        * bindings/js/JSRTCSessionDescriptionCustom.cpp:
        (WebCore::JSRTCSessionDescriptionConstructor::constructJSRTCSessionDescription):
        * bindings/js/JSSVGPathSegCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSStyleSheetCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSTextCustom.cpp:
        (WebCore::toJSNewlyCreated):
        * bindings/js/JSTextTrackCueCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSTouchCustom.cpp:
        (WebCore::toJSNewlyCreated):
        * bindings/js/JSTouchListCustom.cpp:
        (WebCore::toJSNewlyCreated):
        * bindings/js/JSTrackCustom.cpp:
        (WebCore::toJS):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        * dom/make_names.pl:
        (printWrapperFunctions):
        (printWrapperFactoryCppFile):
        (printWrapperFactoryHeaderFile):

2014-03-22  Michael Saboff  <msaboff@apple.com>

        toThis() on a JSWorkerGlobalScope should return a JSProxy and not undefined
        https://bugs.webkit.org/show_bug.cgi?id=130554

        Reviewed by Geoffrey Garen.

        Fixed toThis() on WorkerGlobalScope to return a JSProxy instead of the JSGlobalObject.
        Added cast from JSProxy->target() if the jsCast<>() to the native object fails
        in toJSDedicatedWorkerGlobalScope() and toJSSharedWorkerGlobalScope().
        The original cast is needed for access to the local side of the worker, while the JSProxy
        cast is used on the remote side of a worker.

        Test: fast/workers/worker-strict.html

        * bindings/js/JSWorkerGlobalScopeBase.cpp:
        (WebCore::toJSDedicatedWorkerGlobalScope):
        (WebCore::toJSSharedWorkerGlobalScope):

        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::evaluate): Changed to pass in the JSProxy and not
        the WorkerGlobalScope object as the this object to script evaluation.

        * workers/DedicatedWorkerGlobalScope.idl:
        * workers/SharedWorkerGlobalScope.idl:
        * workers/WorkerGlobalScope.idl:
        Added the new CustomProxyToJSObject attribute so we'll call to<{nativeClass}>() for
        getting the object to use for global evaluation.

2014-03-22  Simon Fraser  <simon.fraser@apple.com>

        Some #include hygiene in Node/Element etc
        https://bugs.webkit.org/show_bug.cgi?id=130642

        Reviewed by Geoffrey Garen.

        Clean up various #includes.

        * accessibility/AccessibilityObject.h:
        * bindings/js/WebCoreTypedArrayController.h:
        * dom/Element.h:
        * dom/EventListenerMap.h:
        * dom/EventTarget.h:
        * dom/Node.h:
        * rendering/RenderObject.h:
        * rendering/svg/RenderSVGRoot.h:

2014-03-22  Simon Fraser  <simon.fraser@apple.com>

        FloatRect.h on iOS should not suck in a system header
        https://bugs.webkit.org/show_bug.cgi?id=130641

        Reviewed by Geoff Garen.

        Don't pull in <CoreGraphics/CGGeometry.h> from FloatRect.h.

        * platform/graphics/FloatRect.h:

2014-03-22  Dan Bernstein  <mitz@apple.com>

        Fixed the iOS build.

        Reviewed by Darin Adler.

        * page/ios/FrameIOS.mm:
        (WebCore::Frame::interpretationsForCurrentRoot):

2014-03-22  Darin Adler  <darin@apple.com>

        Remove String::deprecatedCharacters
        https://bugs.webkit.org/show_bug.cgi?id=126854

        Reviewed by Sam Weinig.

        * bindings/scripts/StaticString.pm:
        (GenerateStrings): Remove the code to generate the null m_copyData16 pointer.

        * editing/TextIterator.cpp:
        (WebCore::SearchBuffer::prependContext): Changed to use the new append function in
        StringView.h and removed the one defined locally here.

        * editing/VisibleUnits.cpp:
        (WebCore::wordBreakIteratorForMinOffsetBoundary): Use the new append function
        in StringView.h instead of using deprecatedCharacters.
        (WebCore::wordBreakIteratorForMaxOffsetBoundary): Ditto.
        Removed an append function defined locally here and use the one in StringView.h.

        * editing/htmlediting.cpp:
        (WebCore::stringWithRebalancedWhitespace): Use StringView::getCharactersWithUpconvert.

        * html/parser/HTMLToken.h:
        (WebCore::HTMLToken::appendToAttributeValue): Changed to take a StringView instead
        of a const String&.

        * loader/appcache/ManifestParser.cpp:
        (WebCore::parseManifest): Use StringView and StringView::upconvertedCharacters.

        * page/EventSource.cpp:
        (WebCore::EventSource::didReceiveData): Use the new append overload from StringView.h.
        Also added a comment about incorrect use of the decode function.

        * page/ios/FrameIOS.mm:
        (WebCore::Frame::interpretationsForCurrentRoot): Use the new StringView append function.
        Also use simpler new-style for loops.

        * platform/LinkHash.cpp:
        (WebCore::visitedURLInline): Use the new append function and StringView::substring.
        (WebCore::visitedLinkHash): Use upconvertedCharacters for the non-8-bit case.

        * platform/URL.cpp:
        (WebCore::findFirstOf): Chagned to take a StringView.
        (WebCore::containsOnlyASCII): Added. Works on StringView. Could move to a WTF header in
        the future if it's needed elsewhere.
        (WebCore::protocolIs): Added. Works on StringView. Could put in URL.h if needed elsewhere,
        or consider replacing the one that takes const String& with just this one.
        (WebCore::appendEncodedHostname): Changed to take a StringView and use
        StringView::upconvertedCharacters.
        (WebCore::findHostnamesInMailToURL): Changed to take a StringView.
        (WebCore::findHostnameInHierarchicalURL): Ditto.
        (WebCore::encodeHostnames): Ditto.
        (WebCore::encodeRelativeString): Ditto.

        * platform/graphics/StringTruncator.cpp:
        (WebCore::StringTruncator::width): Use StringView::upconvertedCharacters.

        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::setFontFeatures): Use indexing directly on the string instead
        of on a UChar*.
        (WebCore::HarfBuzzShaper::shapeHarfBuzzRuns): Use StringView::upconvertedCharacters.

        * platform/text/TextCodecICU.cpp:
        (WebCore::TextCodecICU::encode): Use a Vector<UChar> rather than a String to copy and
        replace the backslashes with yen signs. Also optimize case where there are no backslashes.

        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::paint): Use TextRun::setText(StringView).

        * rendering/RenderText.cpp:
        (WebCore::maxWordFragmentWidth): Pass a String to RenderBlock::constructTextRun instead of
        calling StringBuilder::deprecatedCharacters.

        * rendering/RenderText.h: Removed deprecatedCharacters function.

        * rendering/line/BreakingContextInlineHeaders.h: Added now-needed header include.

        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::constructTextRun): Use StringView version of TextRun constructor.

        * rendering/svg/SVGTextMetrics.cpp:
        (WebCore::SVGTextMetrics::SVGTextMetrics): Take references instead of pointers.
        (WebCore::SVGTextMetrics::constructTextRun): Take references instead of pointers, and don't
        take a character pointer any more. Instead, extract the text and use the StringView version of
        the TextRun constructor.
        (WebCore::SVGTextMetrics::measureCharacterRange): Take references instead of pointers and
        update for above changes.
        * rendering/svg/SVGTextMetrics.h: Updated for changes above. Also tweaked style a bit.

        * rendering/svg/SVGTextMetricsBuilder.cpp:
        (WebCore::SVGTextMetricsBuilder::advanceSimpleText): Updated for SVGTextMetrics changes.
        (WebCore::SVGTextMetricsBuilder::advanceComplexText): Ditto.
        (WebCore::SVGTextMetricsBuilder::initializeMeasurementWithTextRenderer): Ditto.
        (WebCore::SVGTextMetricsBuilder::measureTextRenderer): Change code to store a character
        for lastCharacter rather than storing a pointer to a character. Stop using TextRun::data16.

        * rendering/svg/SVGTextQuery.cpp:
        (WebCore::SVGTextQuery::subStringLengthCallback): Updated for SVGTextMetrics changes.
        (WebCore::SVGTextQuery::startPositionOfCharacterCallback): Ditto.
        (WebCore::SVGTextQuery::endPositionOfCharacterCallback): Ditto.
        (WebCore::calculateGlyphBoundaries): Ditto.

        * xml/XPathFunctions.cpp:
        (WebCore::XPath::atomicSubstring): Added.
        (WebCore::XPath::FunId::evaluate): Tweaked a bit to use a new style for loop.
        Use the atomicSubstring function to avoid making a temporary String just to make an AtomicString.
        That function also uses characters8/16 rather than depreccatedCharacters.

        * xml/XPathNodeSet.h: Added begin and end so this collection can be iterated with new style for loop.

        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLDocumentParser::doWrite): Use StringView::upconvertedCharacters.
        (WebCore::parseAttributes): Ditto.

2014-03-22  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r166118.
        https://bugs.webkit.org/show_bug.cgi?id=130640

        Crashing things (Requested by weinig on #webkit).

        Reverted changeset:

        "Switch HTMLConverter to use CSSPropertyIDs to refer to CSS
        properties"
        https://bugs.webkit.org/show_bug.cgi?id=130639
        http://trac.webkit.org/changeset/166118

2014-03-22  Sam Weinig  <sam@webkit.org>

        Switch HTMLConverter to use CSSPropertyIDs to refer to CSS properties
        https://bugs.webkit.org/show_bug.cgi?id=130639

        Reviewed by Simon Fraser.

        This is a ~15% speedup on PerformanceTests/Interactive/CopyAll.html.

        - Removes gratuitous lookup of CSS properties that are known at compile time.
        - Removes attempted use of non-supported CSS properties (font-effect and horizontal-align) 
          that will alway yield the same results.
        - Fix some obvious typos where the author thought they were testing for fontKerning or fontLigatures
          but instead used the non-existent font-effect.

        * platform/mac/HTMLConverter.mm:
        (HTMLConverterCaches::computedStylePropertyForElement):
        (HTMLConverterCaches::inlineStylePropertyForElement):
        (HTMLConverterCaches::propertyValueForNode):
        (-[WebHTMLConverter _stringForNode:property:]):
        (HTMLConverterCaches::floatPropertyValueForNode):
        (-[WebHTMLConverter _getFloat:forNode:property:]):
        (HTMLConverterCaches::isBlockElement):
        (HTMLConverterCaches::elementHasOwnBackgroundColor):
        (HTMLConverterCaches::colorPropertyValueForNode):
        (-[WebHTMLConverter _colorForNode:property:]):
        (-[WebHTMLConverter _computedAttributesForElement:]):
        (-[WebHTMLConverter _addAttachmentForElement:URL:needsParagraph:usePlaceholder:]):
        (-[WebHTMLConverter _fillInBlock:forElement:backgroundColor:extraMargin:extraPadding:isTable:]):
        (-[WebHTMLConverter _addTableForElement:]):
        (-[WebHTMLConverter _addTableCellForElement:]):
        (-[WebHTMLConverter _processElement:tag:display:depth:]):
        (-[WebHTMLConverter _exitElement:tag:display:depth:startIndex:]):
        (-[WebHTMLConverter _processText:]):
        (-[WebHTMLConverter _traverseNode:depth:embedded:]):

2014-03-21  Simon Fraser  <simon.fraser@apple.com>

        Don't flush compositing layers within FrameView::willPaintContents()
        https://bugs.webkit.org/show_bug.cgi?id=130627
        <rdar://problem/16368869>

        Reviewed by Sam Weinig.

        Remove the call to flushCompositingStateForThisFrame() here. We should
        have always flushed before painting via other mechanisms in WebKit2 and WebKit2.
        Flushing during painting is actually harmful, since we could be inside
        a CA commit already, and creating or destroying layers via flushing is bad.

        * page/FrameView.cpp:
        (WebCore::FrameView::willPaintContents):

2014-03-22  Martin Hodovan  <mhodovan@inf.u-szeged.hu>

        ASSERTION FAILED: std::isfinite(num) in WebCore::CSSPrimitiveValue::CSSPrimitiveValue
        https://bugs.webkit.org/show_bug.cgi?id=127361

        Huge numbers represented by the 'INF' value can not be used
        in CSS rules, so they make the assert fail. We have to make
        sure that the parsed property value is finite, otherwise
        the property will be dropped.

        Test: fast/css/infinite-floating-value.html

        * css/CSSValuePool.cpp:
        (WebCore::CSSValuePool::createValue):

2014-03-21  Zalan Bujtas  <zalan@apple.com>

        Remove redundant friending from class Image.
        https://bugs.webkit.org/show_bug.cgi?id=130628

        Reviewed by Simon Fraser.

        Those friend classes are subclasses. No need to make them friend of their parent class.

        No change in functionality.

        * platform/graphics/Image.h:

2014-03-21  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Reduce the tiling coverage to the current rect and 1 tile size ahead
        https://bugs.webkit.org/show_bug.cgi?id=130555

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * platform/ScrollView.h:
        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::computeTileCoverageRect):
        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::setScrollVelocityInformation):
        (WebCore::ScrollView::computeCoverageRect):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::flushPendingLayerChanges):

2014-03-21  Eric Carlson  <eric.carlson@apple.com>

        [iOS] clean up fullscreen player controller when exiting fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=130621

        Reviewed by Jer Noble.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVVideoLayer setBounds:]): Do nothing if _avPlayerController is nil.
        (-[WebAVVideoLayer setVideoLayerGravity:]): Ditto.
        (WebVideoFullscreenInterfaceAVKit::exitFullscreen): Set m_playerViewController delegate
            and player controller to nil.

2014-03-21  Eric Carlson  <eric.carlson@apple.com>

        [iOS] remote command callbacks must happen on the WebThread
        https://bugs.webkit.org/show_bug.cgi?id=130618

        Reviewed by Jer Noble.

        * platform/ios/RemoteCommandListenerIOS.h:
        (WebCore::RemoteCommandListenerIOS::createWeakPtr):
        * platform/ios/RemoteCommandListenerIOS.mm:
        (WebCore::RemoteCommandListenerIOS::RemoteCommandListenerIOS): Dispatch commands to the
            main thread before making listener callbacks.

2014-03-21  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Make <img> positioning subpixel aware.
        https://bugs.webkit.org/show_bug.cgi?id=130596

        Reviewed by Simon Fraser.

        Change <img> positioning from integral to device pixel. It enables us
        to paint hairline borders around <img> properly.
        This patch changes the behavior of broken image representation from constant 1 CSS px border
        to a dynamic 1 device px.

        Test: fast/images/hidpi-image-position-on-device-pixels.html

        * WebCore.exp.in:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawImage):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::drawRect):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::drawRect):
        * platform/graphics/wince/GraphicsContextWinCE.cpp:
        (WebCore::GraphicsContext::drawRect):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintReplaced):
        (WebCore::RenderImage::paintIntoRect):
        * rendering/RenderImage.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::drawPlatformResizerImage):

2014-03-21  Brent Fulgham  <bfulgham@apple.com>

        Merge VTTScanner Code from Blink
        https://bugs.webkit.org/show_bug.cgi?id=130616

        Reviewed by Eric Carlson.

        Merged from Blink (patch by fs@opera.com):
        https://chromium.googlesource.com/chromium/blink/+/f1ceb058d574a1174b524c57f67350510a942071
        http://crbug.com/75273002
        https://chromium.googlesource.com/chromium/blink/+/3e2c67969486e86347b328c72c67cacabfe6f4a1
        http://crbug.com/134173002
        https://chromium.googlesource.com/chromium/blink/+/5962b7bbb001838f3fc7f24817637528b86bfd9b
        http://crbug.com/134153002
        https://chromium.googlesource.com/chromium/blink/+/6c81f51438013edca920a19fc6a31026fc562af2
        http://crbug.com/137033002
        https://chromium.googlesource.com/chromium/blink/+/fa286dca17a291da3ae8be80111e2264de6d5cfd
        http://crbug.com/140503004
        https://chromium.googlesource.com/chromium/blink/+/8f33b63aabcce7dd21dd15288d45c4eb37c02001
        http://crbug.com/139343006
        https://chromium.googlesource.com/chromium/blink/+/1872b54b908fac525f1ad9d6f15174b11e27c8af
        http://crbug.com/143983002
        https://chromium.googlesource.com/chromium/blink/+/e6494b3359e2077bd8772d86ab1fb709acf4c398
        http://crbug.com/144893002
 
        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * html/track/ParsingUtilities.h: Added.
        (skipExactly):
        (skipUntil):
        (skipWhile):
        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::markFutureAndPastNodes):
        (WebCore::VTTCue::settingName):
        (WebCore::scanPercentage):
        (WebCore::VTTCue::setCueSettings):
        * html/track/VTTCue.h:
        * html/track/VTTRegion.cpp:
        (WebCore::VTTRegion::setRegionSettings):
        (WebCore::VTTRegion::scanSettingName):
        (WebCore::parsedEntireRun):
        (WebCore::VTTRegion::parseSettingValue):
        * html/track/VTTRegion.h:
        * html/track/VTTScanner.cpp: Added.
        (WebCore::VTTScanner::VTTScanner):
        (WebCore::VTTScanner::scan):
        (WebCore::VTTScanner::scanRun):
        (WebCore::VTTScanner::skipRun):
        (WebCore::VTTScanner::extractString):
        (WebCore::VTTScanner::restOfInputAsString):
        (WebCore::VTTScanner::scanDigits):
        (WebCore::VTTScanner::scanFloat):
        * html/track/VTTScanner.h: Added.
        (WebCore::VTTScanner::Run::Run):
        (WebCore::VTTScanner::Run::start):
        (WebCore::VTTScanner::Run::end):
        (WebCore::VTTScanner::Run::isEmpty):
        (WebCore::VTTScanner::isAt):
        (WebCore::VTTScanner::isAtEnd):
        (WebCore::VTTScanner::match):
        (WebCore::VTTScanner::position):
        (WebCore::VTTScanner::end):
        (WebCore::VTTScanner::LCharPredicateAdapter):
        (WebCore::VTTScanner::Run::length):
        (WebCore::VTTScanner::scan):
        (WebCore::VTTScanner::skipWhile):
        (WebCore::VTTScanner::skipUntil):
        (WebCore::VTTScanner::collectWhile):
        (WebCore::VTTScanner::collectUntil):
        (WebCore::VTTScanner::seekTo):
        (WebCore::VTTScanner::currentChar):
        (WebCore::VTTScanner::advance):
        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::parseFloatPercentageValue):
        (WebCore::WebVTTParser::parseFloatPercentageValuePair):
        (WebCore::WebVTTParser::collectTimingsAndSettings):
        (WebCore::WebVTTParser::collectTimeStamp):
        (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
        * html/track/WebVTTParser.h:

2014-03-21  Benjamin Poulain  <bpoulain@apple.com>

        Pseudo type cleanup part 2: split pseudo elements parsing
        https://bugs.webkit.org/show_bug.cgi?id=130370

        Reviewed by Andreas Kling.

        With this patch, pseudo elements are handled separately. The only thing left in
        the old path is compatibility pseudo elements and pseudo classes.

        The list of special pseudo elements is now separated and is stored in SelectorPseudoElementTypeMap.in.
        The script makeSelectorPseudoElementsMap.py takes that list to make the pseudo elements hash table.

        The other pseudo elements are the prefixed ones, they are filtered in CSSSelector::parsePseudoElementType().

        All the non-compatibility selectors are removed from SelectorPseudoTypeMap.in. CSSParserSelector::setPseudoTypeValue()
        is updated accordingly. The next step will be to clean that part.

        * CMakeLists.txt:
        * DerivedSources.make:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::CSSComputedStyleDeclaration::CSSComputedStyleDeclaration):
        * css/CSSGrammar.y.in:
        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::parsePseudoElementSelector):
        (WebCore::CSSParserSelector::parsePseudoCueFunctionSelector):
        (WebCore::CSSParserSelector::setPseudoTypeValue):
        * css/CSSParserValues.h:
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::parsePseudoElementType):
        * css/CSSSelector.h:
        * css/SelectorPseudoElementTypeMap.in: Added.
        * css/SelectorPseudoTypeMap.h:
        * css/SelectorPseudoTypeMap.in:
        * css/html.css:
        (q::before):
        (q::after):
        * css/makeSelectorPseudoElementsMap.py: Added.
        (enumerablePseudoType):
        (expand_ifdef_condition):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::getMatchedCSSRules):

2014-03-20  Andreas Kling  <akling@apple.com>

        Less inclusion of JSCInlines.h.
        <https://webkit.org/b/130545>

        Stop including JSCInlines.h from JSDOMGlobalObject.h!

        Reviewed by Simon Fraser.

        * ForwardingHeaders/runtime/IdentifierInlines.h: Added.
        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        * bindings/js/JSCommandLineAPIHostCustom.cpp:
        * bindings/js/JSDOMGlobalObject.h:
        * bindings/js/JSDOMStringMapCustom.cpp:
        * bindings/js/JSHTMLAllCollectionCustom.cpp:
        * bindings/js/JSHTMLFormControlsCollectionCustom.cpp:
        * bindings/js/JSLazyEventListener.cpp:
        * bindings/js/JSSQLResultSetRowListCustom.cpp:
        * bindings/js/JSStorageCustom.cpp:
        * bindings/js/ScriptGlobalObject.cpp:
        * dom/NodeIterator.cpp:
        * dom/TreeWalker.cpp:
        * testing/Internals.cpp:
        * testing/js/WebCoreTestSupport.cpp:

2014-03-21  Oliver Hunt  <oliver@apple.com>

        Fix a crash when assigning an object to document.location
        https://bugs.webkit.org/show_bug.cgi?id=130213

        Reviewed by Geoffrey Garen.

        Convert location to string before we make use the document.
        This prevents us from attempting to navigate a frame that
        has already been removed.

        Test: fast/dom/navigation-with-sideeffects-crash.html

        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::JSDocument::location):
        (WebCore::JSDocument::setLocation):

2014-03-21  Brian Burg  <bburg@apple.com>

        Web Replay: replay controller is improperly setting user input bridge state
        https://bugs.webkit.org/show_bug.cgi?id=130606

        Reviewed by Timothy Hatcher.

        The user input bridge was being set based on the old session state,
        rather than the new session state.

        * replay/ReplayController.cpp:
        (WebCore::ReplayController::setSessionState):

2014-03-21  James Craig  <jcraig@apple.com>

        Web Inspector: AXI: Expose Accessibility Tree children of the selected node
        https://bugs.webkit.org/show_bug.cgi?id=130264

        Reviewed by Timothy Hatcher.

        Test: inspector-protocol/dom/getAccessibilityPropertiesForNode.html

        Expose the accessibility tree children (different from DOM children) of the
        current node in the accessibility node inspector.

        * inspector/InspectorDOMAgent.cpp: 
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
        * inspector/InspectorDOMAgent.h:
        * inspector/protocol/DOM.json:

2014-03-21  Alex Christensen  <achristensen@webkit.org>

        [Win] Compile fixes with video not enabled.
        https://bugs.webkit.org/show_bug.cgi?id=130597

        Reviewed by Darin Adler.

        * DerivedSources.make:
        Only generate UserAgentScripts.h if needed.
        * platform/audio/MediaSession.cpp:
        * platform/audio/MediaSessionManager.cpp:
        Only compile if video is enabled.

2014-03-21  Adenilson Cavalcanti  <cavalcantii@gmail.com>

        Optimize FEGaussian blur
        https://bugs.webkit.org/show_bug.cgi?id=50881

        Reviewed by Dirk Schulze.

        Currently boxBlur() will calculate the filter for each channel in
        a loop and also uses Uint8ClampedArray::set() to write the
        resulting pixels into destination array.

        Using Uint8ClampedArray::set() requires lots of unnecessary type
        conversions, not to mention other function calls. This patch
        updates the original written by Simon Fraser to apply cleanly to current
        trunk.

        It also implements code to handle EdgeModes and finally avoids use
        of ::set() in the newly added boxBlurAlphaOnly()
        function. Assignment of calculated pixel values rely on pointers.

        No new tests, no change on behavior.

        * platform/graphics/filters/FEGaussianBlur.cpp:
        (WebCore::boxBlurAlphaOnly): Specialized version for alpha only cases.
        (WebCore::boxBlur):

2014-03-21  Simon Fraser  <simon.fraser@apple.com>

        unobscuredContentRect() should have the same signature on iOS and other platforms,
        and should not recurse on iOS.
        https://bugs.webkit.org/show_bug.cgi?id=130604
        <rdar://problem/16392587>

        Reviewed by Tim Horton and Beth Dakin.

        Having different signatures on different platforms is a recipe for
        build breakage. Give the iOS unobscuredContentRect() an unused 
        VisibleContentRectIncludesScrollbars parameter.
        
        Also avoid recursion via unobscuredContentRect() calling visibleContentRectInternal().

        * WebCore.exp.in:
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::unobscuredContentRect):
        (WebCore::ScrollView::unobscuredContentRectInternal):
        (WebCore::ScrollView::visibleContentRectInternal):
        * platform/ScrollView.h:
        (WebCore::ScrollView::unobscuredContentRectIncludingScrollbars):
        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::unobscuredContentRect):

2014-03-21  Brent Fulgham  <bfulgham@apple.com>

        Handle recovery on "timestamp-looking" lines in the WebVTT parser
        https://bugs.webkit.org/show_bug.cgi?id=130610

        Reviewed by Eric Carlson.

        Merged from Blink (patch by fs@opera.com):
        https://chromium.googlesource.com/chromium/blink/+/b669a380efbffe25f3b154b026b57b9822ce08e2
        http://crbug.com/75273002

        Tests: media/track/track-webvtt-tc031-cue-recovery.html
               media/track/track-webvtt-tc032-degenerate-cues.html

        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::parse):
        (WebCore::WebVTTParser::collectCueText):
        (WebCore::WebVTTParser::recoverCue):
        (WebCore::WebVTTParser::ignoreBadCue):
        * html/track/WebVTTParser.h:

2014-03-21  Andreas Kling  <akling@apple.com>

        Remove unused RenderView::repaintRectangleInViewAndCompositedLayers().
        <https://webkit.org/b/130605>

        Reviewed by Antti Koivisto.

        * rendering/RenderView.cpp:
        * rendering/RenderView.h:

2014-03-21  David Hyatt  <hyatt@apple.com>

        Crash in RenderBlock::addChildIgnoringAnonymousColumnBlocks.
        https://bugs.webkit.org/show_bug.cgi?id=129948
        <rdar://problem/16074072>
        
        Reviewed by Simon Fraser.

        When the marker was placed for multi-column list items, it was being inserted
        into the list item itself. Even though the add code in RenderBlock did the right
        thing and put the marker inside the multi-column flow thread, the list item code
        passed in a beforeChild that was computed using the incorrect parent. This resulted
        in the flow thread being used both as the parent of the marker and the sibling of
        the marker.
        
        The fix is to add some code to RenderListItem to make sure it uses the multi-column
        flow thread if it exists both as the parent of the marker and as the basis for the
        computation of the sibling that the marker should be placed in front of.

        Added fast/multicol/multicol-li-crash.html

        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::insertOrMoveMarkerRendererIfNeeded):

2014-03-20  Andreas Kling  <akling@apple.com>

        Stop pulling in JSCInlines.h all over the place.
        <https://webkit.org/b/130105>

        JSDOMBinding.h is included by everyone and their uncle, so try to
        cut down on the amount of JSC *Inlines.h it includes.

        Reviewed by Geoff Garen.

        * ForwardingHeaders/heap/SlotVisitorInlines.h: Added.
        * ForwardingHeaders/runtime/JSCJSValueInlines.h: Added.
        * ForwardingHeaders/runtime/JSCellInlines.h: Added.
        * ForwardingHeaders/runtime/StructureInlines.h: Added.
        * bindings/js/JSDOMBinding.h:

2014-03-21  David Kilzer  <ddkilzer@apple.com>

        WindowFeatures.{x|y|width|height} are not initialized
        <http://webkit.org/b/130547>
        <rdar://problem/16383151>

        Reviewed by Darin Adler.

        Based on a Blink patch in CRBug 342591 by zhaoqin.

        * page/WindowFeatures.cpp:
        (WebCore::WindowFeatures::WindowFeatures):
        - Initialize x, y, width, height in String constructor.
        - Move 'resizeable' variable to short-hand initialization since
          it is true in both cases.
        - Use String::isEmpty() instead of checking its length.
        * page/WindowFeatures.h:
        (WebCore::WindowFeatures::WindowFeatures): Initialize x, y,
        width, height in no-argument constructor.

2014-03-21  Sergio Villar Senin  <svillar@igalia.com>

        Replace DEPRECATED_DEFINE_STATIC_LOCAL by static NeverDestroyed<T> in bridge/
        https://bugs.webkit.org/show_bug.cgi?id=130601

        Reviewed by Darin Adler.

        * bridge/IdentifierRep.cpp:
        (WebCore::identifierSet):
        (WebCore::intIdentifierMap):
        (WebCore::stringIdentifierMap):
        * bridge/NP_jsobject.cpp:
        (objectMap):
        * bridge/runtime_root.cpp:
        (JSC::Bindings::rootObjectSet): Return a reference instead of
        a pointer.
        (JSC::Bindings::findProtectingRootObject):
        (JSC::Bindings::findRootObject):
        (JSC::Bindings::RootObject::RootObject):
        (JSC::Bindings::RootObject::invalidate):

2014-03-21  Michael Saboff  <msaboff@apple.com>

        Change CodeGeneratorJS.pm special cases for "DOMWindow" to be general purpose
        https://bugs.webkit.org/show_bug.cgi?id=130553

        Reviewed by Geoffrey Garen.

        Eliminated 'if ($interfaceName eq "DOMWindow") {' sections in CodeGeneratorJS where
        it was used to do DOMWindow specific casting to a JSObject, either a JSDOMWindow* or
        a JSDOMWindowShell*.  Instead the code generator will use the existing 
        JSDOMWindow* toJSDOMWindow(JSValue value) function based on a newly added attribute
        "CustomProxyToJSObject".  That attribute will emit a call to the function
        ${className}* to${className}(JSValue).

        This is being done to clean up the code generator and for a subsequent patch that
        will use a similar custom to{className} function for workers,
        JSDedicatedWorkerGlobalScope* toJSDedicatedWorkerGlobalScope(JSValue).

        Changes covered by existing tests.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        * bindings/scripts/IDLAttributes.txt:
        * page/DOMWindow.idl:

2014-03-21  Krzysztof Czech  <k.czech@samsung.com>

        AX: Replace DEPRECATED_DEFINE_STATIC_LOCAL by static NeverDestroyed
        https://bugs.webkit.org/show_bug.cgi?id=130594

        Reviewed by Chris Fleizach.

        Use static NeverDestroyed<T> in new code.

        * accessibility/AccessibilityMediaControls.cpp:
        (WebCore::AccessibilityMediaControl::controlTypeName):
        (WebCore::AccessibilityMediaControl::title):
        (WebCore::AccessibilityMediaControlsContainer::elementTypeName):
        (WebCore::AccessibilityMediaTimeline::helpText):
        (WebCore::AccessibilityMediaTimeDisplay::accessibilityDescription):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::actionVerb):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::inheritsPresentationalRole):
        (WebCore::AccessibilityRenderObject::ariaLiveRegionStatus):
        (WebCore::AccessibilityRenderObject::ariaLiveRegionRelevant):
        (WebCore::AccessibilityRenderObject::actionVerb):
        * accessibility/atk/AXObjectCacheAtk.cpp:
        (WebCore::notifyChildrenSelectionChange):

2014-03-20  Brent Fulgham  <bfulgham@apple.com>

        Merge WebVTT Tokenizer Updates
        https://bugs.webkit.org/show_bug.cgi?id=130565

        Reviewed by Eric Carlson.

        Merged from Blink (patch by fs@opera.com):
        https://chromium.googlesource.com/chromium/blink/+/923db263aa65d6efd71c5b55708ad7eea6b23f53
        http://crbug.com/73813002
        https://chromium.googlesource.com/chromium/blink/+/48375b1d56b2d8850ae93a6c6fb01c69fae82c75
        http://crbug.com/77553004
        https://chromium.googlesource.com/chromium/blink/+/98d4fc4f5cb716a31d11907120b10538d4ba0f09
        http://crbug.com/78833002
        https://chromium.googlesource.com/chromium/blink/+/0e53d4f9f140e979b7f32de495551684bc7f4cd2
        http://crbug.com/81113003
        https://chromium.googlesource.com/chromium/blink/+/730ef1e7f9a1919964f7e74e7ccb2f343e10a148
        http://crbug.com/97103002
        https://chromium.googlesource.com/chromium/blink/+/c373ee914ffabeaf833939129538251d8f2f4eca
        http://crbug.com/98763004
        https://chromium.googlesource.com/chromium/blink/+/4ddb4d57948228fa05e49e06bd58a1179c09f212
        http://crbug.com/118263002
 
        * html/track/VTTCue.cpp:
        (WebCore::scanPercentage):
        (WebCore::VTTCue::setCueSettings):
        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTTreeBuilder::buildFromString):
        (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
        * html/track/WebVTTToken.h:
        (WebCore::WebVTTToken::WebVTTToken):
        (WebCore::WebVTTToken::StringToken):
        (WebCore::WebVTTToken::StartTag):
        (WebCore::WebVTTToken::EndTag):
        (WebCore::WebVTTToken::TimestampTag):
        (WebCore::WebVTTToken::type):
        (WebCore::WebVTTToken::name):
        (WebCore::WebVTTToken::characters):
        (WebCore::WebVTTToken::classes):
        (WebCore::WebVTTToken::annotation):
        * html/track/WebVTTTokenizer.cpp:
        (WebCore::addNewClass):
        (WebCore::emitToken):
        (WebCore::advanceAndEmitToken):
        (WebCore::WebVTTTokenizer::WebVTTTokenizer):
        (WebCore::WebVTTTokenizer::nextToken):
        * html/track/WebVTTTokenizer.h:
        (WebCore::WebVTTTokenizer::shouldSkipNullCharacters):

2014-03-21  Frédéric Wang  <fred.wang@free.fr>

        Bug 130345 - Refine childShouldCreateRenderer for MathML elements
        https://bugs.webkit.org/show_bug.cgi?id=130345

        Reviewed by Chris Fleizach.

        This is a follow-up of bug 124128. We add more restrictions on foreign
        content of MathML elements.

        Tests: mathml/presentation/annotation-children.html
               mathml/presentation/foreign-element-in-token.html

        * mathml/MathMLElement.cpp:
        (WebCore::MathMLElement::isPresentationMathML): fix line wrapping
        (WebCore::MathMLElement::isPhrasingContent):
        - move the function from MathMLSelectElement.cpp
        - add the constraint "is descendant of a map element" for area.
        (WebCore::MathMLElement::isFlowContent): new function to test flow content.
        (WebCore::MathMLElement::childShouldCreateRenderer):
        - remove annotation since it is now tested in MathMLTextElement
        - refine testing of annotation-xml
        - do not create renderer for text content in MathML. Such content is only allowed inside token elements.
        * mathml/MathMLElement.h: Declare isPhrasingContent and isFlowContent.
        * mathml/MathMLSelectElement.cpp: Add new function to test MathML/SVG/HTML encodings.
        (WebCore::MathMLSelectElement::isMathMLEncoding):
        (WebCore::MathMLSelectElement::isSVGEncoding):
        (WebCore::MathMLSelectElement::isHTMLEncoding):
        (WebCore::MathMLSelectElement::getSelectedSemanticsChild): use the new functions.
        * mathml/MathMLSelectElement.h: Declare the new public functions.
        * mathml/MathMLTextElement.cpp: remove the isPhrasingContent function.
        (WebCore::MathMLTextElement::childShouldCreateRenderer): Just in case, use the generic StyledElement::childShouldCreateRenderer.

2014-03-21  Darin Adler  <darin@apple.com>

        Stop using deprecatedCharacters in WebCore/platform/win
        https://bugs.webkit.org/show_bug.cgi?id=130515

        Reviewed by Brent Fulgham.

        * platform/graphics/TextRun.h:
        (WebCore::TextRun::TextRun): Add a constructor that takes a StringView.
        Later, we might want to exclusively use the StringView version and remove
        some of the others.
        (WebCore::TextRun::setText): Add a version of this function that takes a StringView.

        * platform/graphics/win/FontCacheWin.cpp:
        (WebCore::FontCache::systemFallbackForCharacters): Use StringView::getCharactersWithUpconvert.
        (WebCore::createGDIFont): Ditto.
        (WebCore::FontCache::getTraitsInFamily): Ditto.
        * platform/win/BString.cpp:
        (WebCore::BString::BString): Use StringView::upconvertedCharacters.
        * platform/win/ClipboardUtilitiesWin.cpp:
        (WebCore::createGlobalData): Use StringView::getCharactersWithUpconvert.
        * platform/win/FileSystemWin.cpp:
        (WebCore::pathByAppendingComponent): Use StringBuilder and StringView::getCharactersWithUpconvert.
        (WebCore::fileSystemRepresentation): Use StringView::upconvertedCharacters.
        * platform/win/PasteboardWin.cpp:
        (WebCore::filesystemPathFromUrlOrTitle): Use StringView::getCharactersWithUpconvert.
        (WebCore::Pasteboard::writeURLToDataObject): Ditto.
        (WebCore::createGlobalImageFileDescriptor): Ditto.

        * platform/win/PopupMenuWin.cpp:
        (WebCore::PopupMenuWin::calculatePositionAndSize): Use the new TextRun constructor.
        * platform/win/WebCoreTextRenderer.cpp:
        (WebCore::doDrawTextAtPoint): Ditto.

2014-03-21  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: RenderBox is positioned off by one when non-compositing transform is present.
        https://bugs.webkit.org/show_bug.cgi?id=130430

        Reviewed by Simon Fraser.

        div {
            position: absolute;
             top: 10.25px;
             left: 10.25px;
         }

         The <div> with (10.25px, 10.25px) is painted to (10.5px, 10.5px) after device pixel snapping on 2x display.
         Moving <div> to its own RenderLayer should not change the painting position.

         div {
             position: absolute;
             top: 10.25px;
             left: 10.25px;
             -webkit-transform: rotate(0deg);
         }

        When we paint the RenderLayer's content, the graphics context is translated by the rounded value of
        renderer's offset from parent.

            (10.25px,10.25px) -> rounded to (10.5px,10.5px).

        When the translate moves the graphics context's origin over the renderer's top-left position,
        the renderer's relative top-left coordinates end up being negative.

            Graphics context translated by (10.5px,10.5px) -> pushes renderer's relative top-left coords to (-0.25px,-0.25px)

        When we round (pixel snap) these negative coordinates, half-way values get translated to the wrong direction.

        (relative coords (-0.25px,-0.25px) -> pixel snapped to (-0.5px,-0.5px) -> final absolute(painting) coords (10px,10px))

        This patch changes the rounding to flooring to ensure that the relative top-left position never gets negative as the result
        of subpixel shifting.

        Tests: compositing/hidpi-box-positioned-off-by-one-when-non-compositing-transform-is-present.html
               fast/layers/hidpi-box-positioned-off-by-one-when-transform-is-present.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::computedTransform):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateTransform):
        (WebCore::RenderLayer::currentTransform):
        (WebCore::RenderLayer::paintLayerByApplyingTransform):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateTransform):
        * rendering/style/RenderStyle.cpp:
        * rendering/style/RenderStyle.h:
        * svg/SVGTextElement.cpp:
        (WebCore::SVGTextElement::animatedLocalTransform):

2014-03-21  Pratik Solanki  <psolanki@apple.com>

        Unreviewed. iOS build fix after r166046.

        * WebCore.exp.in:

2014-03-21  Laszlo Vidacs  <lvidacs.u-szeged@partner.samsung.com>

        Fix the !ENABLE(FILTERS) build
        https://bugs.webkit.org/show_bug.cgi?id=130394

        Reviewed by Gyuyoung Kim.

        Add missing includes in rendering to fix compile errors, and include JSC headers to ImageBuffer.h to fix linker errors.

        * platform/graphics/ImageBuffer.h:
        * rendering/svg/RenderSVGImage.cpp:
        * rendering/svg/RenderSVGRoot.cpp:

2014-03-21  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r166052.
        https://bugs.webkit.org/show_bug.cgi?id=130571

        It broke EFL build (Requested by KaL on #webkit).

        Reverted changeset:

        "[GTK] Use GMainLoopSource for idle and timeout sources in
        WebCore"
        https://bugs.webkit.org/show_bug.cgi?id=130078
        http://trac.webkit.org/changeset/166052

2014-03-21  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Add *explicit* keyword to avoid implicit type conversion
        https://bugs.webkit.org/show_bug.cgi?id=130568

        Reviewed by Antti Koivisto.

        Constructors of RemoteFontFaceSource, SVGDocumentExtensions, XMLDocumentParserScope,
        and WorkerScriptDebugServer need to use *explicit* keyword because they have an argument.
        Besides removed a meaningless argument name.

        * svg/SVGDocumentExtensions.h:
        * xml/parser/XMLDocumentParserScope.h:

2014-03-20  Sergio Villar Senin  <svillar@igalia.com>

        Modules: replace DEPRECATED_DEFINE_STATIC_LOCAL by static NeverDestroyed<T>
        https://bugs.webkit.org/show_bug.cgi?id=130407

        Reviewed by Darin Adler.

        * Modules/encryptedmedia/CDM.cpp:
        (WebCore::installedCDMFactories):
        * Modules/mediasource/MediaSourceRegistry.cpp:
        (WebCore::MediaSourceRegistry::registry):
        * Modules/mediasource/MediaSourceRegistry.h:
        * Modules/mediastream/MediaStreamRegistry.cpp:
        (WebCore::MediaStreamRegistry::registry):

2014-03-20  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Use GMainLoopSource for idle and timeout sources in WebCore
        https://bugs.webkit.org/show_bug.cgi?id=130078

        Reviewed by Philippe Normand.

        * platform/audio/gstreamer/AudioFileReaderGStreamer.cpp:
        * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.cpp:
        * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.h:
        * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
        * platform/graphics/gstreamer/WebKitMediaSourceGStreamer.cpp:
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        * platform/gtk/GtkDragAndDropHelper.cpp:
        * platform/gtk/SharedTimerGtk.cpp:

2014-03-21  Andreas Kling  <akling@apple.com>

        HTMLFrameOwnerElement should obey the SubframeLoadingDisabler when creating subframes
        <rdar://problem/15675780>

        Merge Blink r156744 by Adam Klein.

        Test: fast/frames/set-iframe-src-in-pagehide-crash.html

        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::loadSubframe):

2014-03-21  Darin Adler  <darin@apple.com>

        Improve idiom used for string building in a few places
        https://bugs.webkit.org/show_bug.cgi?id=130561

        Reviewed by Andreas Kling.

        * Modules/indexeddb/IDBKeyData.cpp:
        (WebCore::IDBKeyData::loggingString): Use a StringBuilder, and get rid of
        an an unnecessary additional string allocation.

        * Modules/websockets/ThreadableWebSocketChannel.cpp:
        (WebCore::ThreadableWebSocketChannel::create): Use StringBuilder.

        * html/FTPDirectoryDocument.cpp:
        (WebCore::FTPDirectoryDocumentParser::createTDForFilename): Do a more efficient
        string concatenation.
        * html/ValidationMessage.cpp:
        (WebCore::ValidationMessage::updateValidationMessage): Ditto.

        * inspector/InspectorApplicationCacheAgent.cpp:
        (WebCore::InspectorApplicationCacheAgent::buildObjectForApplicationCacheResource):
        Use a StringBuilder.

        * inspector/InspectorStyleSheet.cpp: 
        (WebCore::InspectorStyle::shorthandValue): Use a StringBuilder.

        * inspector/InspectorStyleTextEditor.cpp:
        (WebCore::InspectorStyleTextEditor::insertProperty): Use a more efficient idiom
        for string concatenation.
        (WebCore::InspectorStyleTextEditor::internalReplaceProperty): Ditto.
        * loader/FormSubmission.cpp:
        (WebCore::appendMailtoPostFormDataToURL): Ditto.

        * page/Frame.cpp:
        (WebCore::createRegExpForLabels): Use a StringBuilder.

        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
        (WebCore::InbandTextTrackPrivateAVF::processCueAttributes): Use a more efficient
        idiom for string concatenation.

        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::getUnmangledInfoLog): Use a StringBuilder.

        * platform/network/MIMEHeader.cpp:
        (WebCore::MIMEHeader::parseHeader): Use a more efficient idiom for string
        concatenation.
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::addHTTPHeaderField): Ditto.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::layerTreeAsText): Ditto.

        * rendering/RenderText.cpp:
        (WebCore::RenderText::secureText): Create a new string with the substring
        function rather than with the append function.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::setRequestHeaderInternal): Use a more efficient idiom
        for string concatenation.

2014-03-21  Darin Adler  <darin@apple.com>

        Add a combined decodeAndFlush to TextResourceDecoder
        https://bugs.webkit.org/show_bug.cgi?id=130560

        Reviewed by Andreas Kling.

        * WebCore.exp.in: Added new symbol for decodeAndFlush. Also re-did
        the geometry types #if so it would sort more logically.

        * fileapi/FileReaderLoader.cpp:
        (WebCore::FileReaderLoader::convertToText): Use decodeAndFlush.
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::cachedResourceContent): Ditto.
        * inspector/NetworkResourcesData.cpp:
        (WebCore::NetworkResourcesData::ResourceData::decodeDataToContent): Ditto.

        * loader/TextResourceDecoder.cpp:
        (WebCore::TextResourceDecoder::decodeAndFlush): Added.
        * loader/TextResourceDecoder.h: Ditto.

        * loader/appcache/ManifestParser.cpp:
        (WebCore::parseManifest): Use decodeAndFlush.
        * loader/cache/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::sheetText): Ditto.
        (WebCore::CachedCSSStyleSheet::finishLoading): Ditto.

        * loader/cache/CachedFont.cpp:
        (WebCore::CachedFont::ensureSVGFontData): Use decodeAndFlush. Also use nullptr.
        (WebCore::CachedFont::getSVGFontById): Use descendantsOfType<SVGFontElement>
        instead of using a NodeList. Much more efficient!

        * loader/cache/CachedSVGDocument.cpp:
        (WebCore::CachedSVGDocument::finishLoading): Use decodeAndFlush.
        * loader/cache/CachedScript.cpp:
        (WebCore::CachedScript::script): Ditto.
        * loader/cache/CachedXSLStyleSheet.cpp:
        (WebCore::CachedXSLStyleSheet::finishLoading): Ditto.
        * page/Page.cpp:
        (WebCore::Page::userStyleSheet): Ditto.

2014-03-20  Darin Adler  <darin@apple.com>

        Remove a couple of unused functions from CSSOMUtils
        https://bugs.webkit.org/show_bug.cgi?id=130558

        Reviewed by Andreas Kling.

        * css/CSSOMUtils.cpp: Remove String overloads. Callers all use the StringBuilder
        ones, which is good since that is a more efficient idiom.
        * css/CSSOMUtils.h: Ditto.

2014-03-20  Pratik Solanki  <psolanki@apple.com>

        Unreviewed. iOS build fix after r166017, r166032.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::visibleContentRectInternal):

2014-03-20  Hyowon Kim  <hw1008.kim@samsung.com>

        Move to using std::unique_ptr for EFL objects.
        https://bugs.webkit.org/show_bug.cgi?id=129853

        Reviewed by Gyuyoung Kim.

        EflUniquePtr is a template alias of std::unique_ptr
        with a custom deleter for each Efl Objects, which is motivated by GUniquePtr.
        This patch replaces uses of OwnPtr and PassOwnPtr for Efl objects with EflUniquePtr.

        No new tests. No new functionality.

        * platform/efl/EflScreenUtilities.h:
        * platform/efl/RenderThemeEfl.cpp:
        (WebCore::RenderThemeEfl::ThemePartCacheEntry::create):
        (WebCore::RenderThemeEfl::loadTheme):
        * platform/efl/RenderThemeEfl.h:
        * platform/graphics/Icon.h:
        * platform/graphics/efl/EvasGLContext.h:
        (WebCore::EvasGLContext::create):
        * platform/graphics/efl/EvasGLSurface.h:
        (WebCore::EvasGLSurface::create):

2014-03-20  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        [EFL][GTK] Get CMake to find Freetype2 properly
        https://bugs.webkit.org/show_bug.cgi?id=130150

        Reviewed by Martin Robinson.

        Newer versions of CMake are not able to find Freetype2 correctly.
        FindFreetype2.cmake checks for the version number in freetype.h header, since it seems that bug exists in
        freetype2 repo, because a completely different version number is found in freetype2.pc.

        * PlatformEfl.cmake:
        * PlatformGTK.cmake:

2014-03-20  Martin Robinson  <mrobinson@igalia.com>

        [GTK] Suppress errors about using gdk_threads_enter gdk_threads_leave
        https://bugs.webkit.org/show_bug.cgi?id=130517

        Reviewed by Sergio Villar Senin.

        * plugins/gtk/gtk2xtbin.c: Use GCC suppression to suppress errors about deprecations.

2014-03-20  Simon Fraser  <simon.fraser@apple.com>

        Cleanup in aisle r166017.
        
        visibleContentRectInternal() was dropping the scrollbar
        inclusiveness on the floor, and we need to reset the top inset
        between tests.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::visibleContentRectInternal):
        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState):

2014-03-20  Enrica Casucci  <enrica@apple.com>

        Build fix.

        Removing unused variable.
        
        * page/FrameView.cpp:
        (WebCore::FrameView::didPaintContents):

2014-03-20  Brent Fulgham  <bfulgham@apple.com>

        Rename TextTrackRegion/TextTrackRegionList to VTTRegion/VTTRegionList
        https://bugs.webkit.org/show_bug.cgi?id=130543

        Reviewed by Dean Jackson.

        Merged from Blink (patch by philipj@opera.com):
        https://chromium.googlesource.com/chromium/blink/+/69ee6d3399d64163e4936ac1bde222036c54c4b8
        http://crbug.com/55653003

        Tests: media/track/regions-webvtt/vtt-region-constructor.html
               media/track/regions-webvtt/vtt-region-display.html
               media/track/regions-webvtt/vtt-region-dom-layout.html
               media/track/regions-webvtt/vtt-region-list.html
               media/track/regions-webvtt/vtt-region-parser.html

        * Configurations/FeatureDefines.xcconfig:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateDisplay):
        * html/track/LoadableTextTrack.cpp:
        (WebCore::LoadableTextTrack::newRegionsAvailable):
        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::ensureVTTRegionList):
        (WebCore::TextTrack::regions):
        (WebCore::TextTrack::addRegion):
        (WebCore::TextTrack::removeRegion):
        * html/track/TextTrack.h:
        * html/track/TextTrack.idl:
        * html/track/TextTrackCue.cpp:
        * html/track/TextTrackRegion.cpp: Removed.
        * html/track/TextTrackRegion.h: Removed.
        * html/track/TextTrackRegion.idl: Removed.
        * html/track/TextTrackRegionList.cpp: Removed.
        * html/track/TextTrackRegionList.h: Removed.
        * html/track/TextTrackRegionList.idl: Removed.
        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::removeDisplayTree):
        * html/track/VTTRegion.cpp: Copied from Source/WebCore/html/track/TextTrackRegion.cpp.
        (WebCore::VTTRegion::VTTRegion):
        (WebCore::VTTRegion::~VTTRegion):
        (WebCore::VTTRegion::setTrack):
        (WebCore::VTTRegion::setId):
        (WebCore::VTTRegion::setWidth):
        (WebCore::VTTRegion::setHeight):
        (WebCore::VTTRegion::setRegionAnchorX):
        (WebCore::VTTRegion::setRegionAnchorY):
        (WebCore::VTTRegion::setViewportAnchorX):
        (WebCore::VTTRegion::setViewportAnchorY):
        (WebCore::VTTRegion::scroll):
        (WebCore::VTTRegion::setScroll):
        (WebCore::VTTRegion::updateParametersFromRegion):
        (WebCore::VTTRegion::setRegionSettings):
        (WebCore::VTTRegion::getSettingFromString):
        (WebCore::VTTRegion::parseSettingValue):
        (WebCore::VTTRegion::parseSetting):
        (WebCore::VTTRegion::textTrackCueContainerScrollingClass):
        (WebCore::VTTRegion::textTrackCueContainerShadowPseudoId):
        (WebCore::VTTRegion::textTrackRegionShadowPseudoId):
        (WebCore::VTTRegion::appendTextTrackCueBox):
        (WebCore::VTTRegion::displayLastTextTrackCueBox):
        (WebCore::VTTRegion::willRemoveTextTrackCueBox):
        (WebCore::VTTRegion::getDisplayTree):
        (WebCore::VTTRegion::prepareRegionDisplayTree):
        (WebCore::VTTRegion::startTimer):
        (WebCore::VTTRegion::stopTimer):
        (WebCore::VTTRegion::scrollTimerFired):
        * html/track/VTTRegion.h: Copied from Source/WebCore/html/track/TextTrackRegion.h.
        (WebCore::VTTRegion::create):
        * html/track/VTTRegion.idl: Copied from Source/WebCore/html/track/TextTrackRegion.idl.
        * html/track/VTTRegionList.cpp: Copied from Source/WebCore/html/track/TextTrackRegionList.cpp.
        (WebCore::VTTRegionList::VTTRegionList):
        (WebCore::VTTRegionList::length):
        (WebCore::VTTRegionList::item):
        (WebCore::VTTRegionList::getRegionById):
        (WebCore::VTTRegionList::add):
        (WebCore::VTTRegionList::remove):
        (WebCore::VTTRegionList::clear):
        * html/track/VTTRegionList.h: Copied from Source/WebCore/html/track/TextTrackRegionList.h.
        (WebCore::VTTRegionList::create):
        (WebCore::VTTRegionList::~VTTRegionList):
        * html/track/VTTRegionList.idl: Copied from Source/WebCore/html/track/TextTrackRegionList.idl.
        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::parseFloatPercentageValue):
        (WebCore::WebVTTParser::getNewRegions):
        (WebCore::WebVTTParser::createNewRegion):
        * html/track/WebVTTParser.h:
        * loader/TextTrackLoader.cpp:
        (WebCore::TextTrackLoader::getNewRegions):
        * loader/TextTrackLoader.h:

2014-03-20  Simon Fraser  <simon.fraser@apple.com>

        Fix the iOS build.

        * page/FrameView.cpp:
        (WebCore::FrameView::willPaintContents):
        (WebCore::FrameView::didPaintContents):

2014-03-20  Hans Muller  <hmuller@adobe.com>

        [CSS Shapes] clamp RasterShape shapeMargin to reference box size
        https://bugs.webkit.org/show_bug.cgi?id=130350

        Reviewed by Dean Jackson.

        Corrected the way the maximum shape-margin value was computed for image valued
        shapes. The limiting case is an image with just one above threshold pixel. The
        largest possible value for shapeMargin is the radius of a circle that encloses
        the size of the shape-outside element's margin-box, since the shape-outside's
        boundary is clipped to the margin-box. The radius is just sqrt(2) * the margin-box's
        largest dimension.

        Also cleaned up up a few poorly named parameters.

        Test: fast/shapes/shape-outside-floats/shape-outside-one-pixel.html

        * rendering/shapes/RasterShape.cpp:
        (WebCore::RasterShape::marginIntervals):
        * rendering/shapes/RasterShape.h:
        (WebCore::RasterShape::RasterShape):
        * rendering/shapes/Shape.h:

2014-03-20  Beth Dakin  <bdakin@apple.com>

        Build fix.

        * page/FrameView.cpp:
        (WebCore::FrameView::paintContents):

2014-03-20  Beth Dakin  <bdakin@apple.com>

        Implement contentInset for Mac WebKit2
        https://bugs.webkit.org/show_bug.cgi?id=130273

        Reviewed by Simon Fraser.

        This patch adds support for topContentInset(). If a page has a topContentInset(), 
        the root layer’s position is adjusted to account for the inset. It is assumed that 
        the area accounted for by the inset is visible but obscured, so scrollbars need to 
        be moved so that they only cover the non-obscured area, and most parts of WebCore 
        that wonder about visibleContentSize only care about the unobscured area, so this 
        patch makes that visibleContentRect return the unobscuredRect. Finally since this 
        is achieved by moving a layer’s position, the topContentInset() also needs to be 
        factored into various functions that are used to convert between coordinate 
        spaces. 

        Return Page::topContentInset() if this is the main frame.
        * page/FrameView.cpp:
        (WebCore::FrameView::topContentInset):
        * page/FrameView.h:

        Cache the inset on Page.
        * page/Page.cpp:
        (WebCore::Page::Page):
        * page/Page.h:
        (WebCore::Page::topContentInset):
        (WebCore::Page::setTopContentInset):

        unobscuredContentRect() used to unconditionally return visibleContentRect() on 
        non-iOS platforms. Now that it is possible for some technically visible content to 
        be obscured, this code needed to be re-worked a bit to make some more sense. 
        visibleContentRect() now represents that visible content that is completely 
        unobscured, so it should call into unobscuredContentRect() rather than the other 
        way around.
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::unobscuredContentRect):

        unscaledTotalVisibleContentSize() includes the size of all content that might be 
        visible. Some of this content might be obscured.
        (WebCore::ScrollView::unscaledTotalVisibleContentSize):

        Most of the time, we only care about the content that is FULLY visible. That is 
        what you get from unscaledUnobscuredVisibleContentSize().
        (WebCore::ScrollView::unscaledUnobscuredVisibleContentSize):

        Use the unobscured size for these computations.
        (WebCore::ScrollView::visibleContentRectInternal):
        (WebCore::ScrollView::layoutSize):

        Factor in the topContentInset().
        (WebCore::ScrollView::scrollOffsetRelativeToDocument):
        (WebCore::ScrollView::scrollPositionRelativeToDocument):

        The scrollbars should be positioned to cover the non-obscured content only. 
        (WebCore::ScrollView::updateScrollbars):

        Again, factor the topContentInset() into these conversions since the root layer’s 
        position has been adjusted to account for it.
        (WebCore::ScrollView::contentsToRootView):
        (WebCore::ScrollView::contentsToWindow):

         Just like the scrollbars, the scroll corner must be moved the account for the 
        inset.
        (WebCore::ScrollView::scrollCornerRect):
        * platform/ScrollView.h:
        (WebCore::ScrollView::topContentInset):

        RenderLayerCompositor cares about unscaledTotalVisibleContentSize(). It does not 
        care if some of that content is obscured.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::frameViewDidChangeSize):

        Move the root layer’s position based on the contentInset.
        (WebCore::RenderLayerCompositor::updateRootLayerPosition):
        (WebCore::RenderLayerCompositor::ensureRootLayer):

        Allow setting contentInset via Internals for testing purposes.
        * testing/Internals.cpp:
        (WebCore::Internals::setTopContentInset):
        * testing/Internals.h:
        * testing/Internals.idl:

2014-03-20  Laszlo Vidacs  <lvidacs.u-szeged@partner.samsung.com>

        Optimize RenderTable::colToEffCol() for tables without colspans
        https://bugs.webkit.org/show_bug.cgi?id=129298

        Reviewed by Simon Fraser.

        Create an alternative fast path to RenderTable colToEffCol() and effColToCol()
        when there is no colspan or colspan does not exceed the width of table.
        Blink merge https://codereview.chromium.org/154243002 by rhogan

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::RenderTable):
        (WebCore::RenderTable::appendColumn):
        (WebCore::RenderTable::recalcSections):
        * rendering/RenderTable.h:
        (WebCore::RenderTable::colToEffCol):
        (WebCore::RenderTable::effColToCol):
        (WebCore::RenderTable::hasCellColspanThatDeterminesTableWidth):

2014-03-20  Simon Fraser  <simon.fraser@apple.com>

        FrameView::paintContents() is not called for composited content
        https://bugs.webkit.org/show_bug.cgi?id=130541

        Reviewed by Beth Dakin.

        FrameView::paintContents() is not called for frames that have
        composited contents, yet it contains code that is expected
        to run for all Frames.
        
        Fix by factoring into will/didPaintContents(), and calling
        the will/did functions from RenderLayerBacking::paintIntoLayer().
        
        Also add a SetLayoutNeededForbiddenScope check for composited-layer
        painting.

        * page/FrameView.cpp:
        (WebCore::FrameView::updateControlTints):
        (WebCore::FrameView::willPaintContents):
        (WebCore::FrameView::didPaintContents):
        (WebCore::FrameView::paintContents):
        * page/FrameView.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::paintIntoLayer):

2014-03-20  Tim Horton  <timothy_horton@apple.com>

        Fix the Mountain Lion build.

        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::setIsPurgeable):

2014-03-20  Brian Burg  <bburg@apple.com>

        Web Replay: capture and replay mouse events
        https://bugs.webkit.org/show_bug.cgi?id=129395

        Reviewed by Joseph Pecoraro.

        Add support for capturing and replaying mouse inputs that come from WebKit2.
        Hook up the UserInputBridge to session state changes in the ReplayController so
        that the bridge knows when to capture or deny mouse inputs.

        Test: ManualTests/inspector/replay-mouse-events.html

        * platform/PlatformEvent.h: Give explicit storage types to Modifiers and Type enums
        so they can be forward-declared.
        * platform/PlatformMouseEvent.h: Give an explicit storage type to enum MouseButton.
        Add operator== and operator!= for MouseButton to work around an MSVC bug.

        * replay/ReplayController.cpp: Perform session state changes in a helper function, and
        at the same time change the state of the page's user input bridge.
        (WebCore::ReplayController::setSessionState):
        (WebCore::ReplayController::startCapturing):
        (WebCore::ReplayController::stopCapturing):
        (WebCore::ReplayController::startPlayback):
        (WebCore::ReplayController::cancelPlayback):

        * replay/ReplayInputDispatchMethods.cpp: Add dispatch methods for new inputs.
        (WebCore::HandleMouseMove::dispatch):
        (WebCore::HandleMousePress::dispatch):
        (WebCore::HandleMouseRelease::dispatch):

        * replay/SerializationMethods.cpp: Add helper macros so that encode/decode methods look
        symmetric with one data member per line. This helps reduce unintentional inconsistencies.
        (JSC::EncodingTraits<PlatformMouseEvent>::encodeValue): Added.
        (JSC::EncodingTraits<PlatformMouseEvent>::decodeValue): Added.
        * replay/SerializationMethods.h:

        * replay/UserInputBridge.cpp: Fill in the bridge method implementations for mouse
        events, adding helpers and macros as necessary to reduce boilerplate.
        (WebCore::UserInputBridge::activeCursor): Added.
        (WebCore::UserInputBridge::handleMousePressEvent):
        (WebCore::UserInputBridge::handleMouseReleaseEvent):
        (WebCore::UserInputBridge::handleMouseMoveEvent):
        (WebCore::UserInputBridge::handleMouseMoveOnScrollbarEvent):

        * replay/UserInputBridge.h: Add a bridge state enum along with getters and setters.
        The enum value controls whether the bridge should capture commands, deny non-synthetic
        commands (from the user), or allow anything to pass (the default).
        (WebCore::UserInputBridge::setState): Added.
        (WebCore::UserInputBridge::state): Added.

        * replay/WebInputs.json: Add inputs HandleMouseMove, HandleMousePress, HandleMouseRelease.
        Add enum definitions for PlatformEvent::Type, PlatformEvent::Modifiers, and PlatformMouseEvent::MouseButton.
        Alphabetize the existing data type definitions.

2014-03-20  Tim Horton  <timothy_horton@apple.com>

        Add WebCore::IOSurface wrapper
        https://bugs.webkit.org/show_bug.cgi?id=130529

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/cg/ColorCG.cpp:
        * platform/graphics/cg/GraphicsContextCG.h:
        (WebCore::cachedCGColorSpace):
        Move cachedCGColorSpace out so that other clients of GraphicsContextCG
        can use its mapping from WebCore::ColorSpace -> CGColorSpaceRef.

        * platform/graphics/cg/ImageBufferBackingStoreCache.cpp:
        * platform/graphics/cg/ImageBufferCG.cpp:
        Add FIXMEs for ImageBuffer to adopt WebCore::IOSurface.

        * platform/graphics/cocoa/IOSurface.h: Added.
        * platform/graphics/cocoa/IOSurface.mm: Added.
        (IOSurface::create):
        (IOSurface::createFromMachPort):
        (IOSurface::createFromSurface):
        (IOSurface::IOSurface):
        (IOSurface::maximumSize):
        (IOSurface::createMachPort):
        (IOSurface::createImage):
        (IOSurface::ensurePlatformContext):
        (IOSurface::ensureGraphicsContext):
        (IOSurface::state):
        (IOSurface::isPurgeable):
        (IOSurface::setIsPurgeable):
        (IOSurface::inUse):
        Add WebCore::IOSurface.

2014-03-20  Pratik Solanki  <psolanki@apple.com>

        iOS build fix after r165992.

        * generate-export-file:
        (preprocessorMacros):

2014-03-20  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        [WebRTC] Moving RTCConfiguration and RTCIceServer to Modules/mediastream
        https://bugs.webkit.org/show_bug.cgi?id=130434

        Reviewed by Eric Carlson.

        Those classes are defined in WebRTC spec, so they should not be in platform layer.
        Adding a platform implementation to be passed to handler classes.

        * Modules/mediastream/RTCConfiguration.h: Copied from Source/WebCore/platform/mediastream/RTCConfiguration.h.
        * Modules/mediastream/RTCIceServer.h: Copied from Source/WebCore/platform/mediastream/RTCIceServer.h.
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::RTCPeerConnection):
        (WebCore::RTCPeerConnection::updateIce):
        * WebCore.xcodeproj/project.pbxproj:
        * platform/mediastream/RTCConfigurationPrivate.h: Added.
        * platform/mediastream/RTCIceServerPrivate.h: Added.
        * platform/mediastream/RTCPeerConnectionHandler.h:
        * platform/mock/RTCPeerConnectionHandlerMock.cpp:
        (WebCore::RTCPeerConnectionHandlerMock::initialize):
        (WebCore::RTCPeerConnectionHandlerMock::updateIce):
        * platform/mock/RTCPeerConnectionHandlerMock.h:

2014-03-20  Alex Christensen  <achristensen@webkit.org>

        [WinCairo] Unreviewed speculative build after my r165996.

        * platform/network/soup/AuthenticationChallengeSoup.cpp:
        * platform/network/soup/CertificateInfo.cpp:
        * platform/network/soup/CookieJarSoup.cpp:
        * platform/network/soup/ResourceRequestSoup.cpp:
        * platform/network/soup/ResourceResponseSoup.cpp:
        * platform/network/soup/SynchronousLoaderClientSoup.cpp:

2014-03-20  Brent Fulgham  <bfulgham@apple.com>

        Add a flushing mechanism for the WebVTTParser
        https://bugs.webkit.org/show_bug.cgi?id=130532

        Reviewed by Eric Carlson.

        Merged from Blink (patch by vcarbune@chromium.org):
        https://chromium.googlesource.com/chromium/blink/+/1ac2b3081492ab8661429230004013a9a3623f0f
        http://crbug.com/54203003
        https://chromium.googlesource.com/chromium/blink/+/24343d32bc36d20d59ef3e10040faddde65929e6
        http://crbug.com/59453002
        https://chromium.googlesource.com/chromium/blink/+/ef2793f1d9d207389589ecf9a136ea5c7170b4af
        http://crbug.com/75233002
        https://chromium.googlesource.com/chromium/blink/+/a29f2f8324abcd4826b41e7dc34373dee2ec57a9
        http://crbug.com/52713005
        https://chromium.googlesource.com/chromium/blink/+/7ce003c8d47b39f116f1f2a592a5dfb4a9e77228
        http://crbug.com/64303004
        https://chromium.googlesource.com/chromium/blink/+/18f896b3498478311e880f782813d5dfc8c0c7d1
        http://crbug.com/96933004
        https://chromium.googlesource.com/chromium/blink/+/8670e8ecb13254a651f5493ec83f4484d18c154e
        http://crbug.com/98783005
        https://chromium.googlesource.com/chromium/blink/+/4ac55780a6af3d76e0159c1d145330964ad56647
        http://crbug.com/104713002

        Tests: http/tests/media/track/track-webvtt-slow-loading-2.html
               http/tests/media/track/track-webvtt-slow-loading.html

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * html/track/BufferedLineReader.cpp: Added.
        * html/track/BufferedLineReader.h: Added.
        * html/track/TextTrackRegion.cpp:
        * html/track/VTTCue.cpp:
        * html/track/WebVTTParser.cpp:
        * html/track/WebVTTParser.h:
        * loader/TextTrackLoader.cpp:

2014-03-20  Alex Christensen  <achristensen@webkit.org>

        Preparation for using Soup on Windows.
        https://bugs.webkit.org/show_bug.cgi?id=130472

        Reviewed by Brent Fulgham.

        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        Added Soup source to build on WinCairo.
        * platform/network/curl/CookieJarCurl.cpp:
        * platform/network/curl/CredentialStorageCurl.cpp:
        * platform/network/curl/CurlCacheEntry.cpp:
        * platform/network/curl/CurlCacheManager.cpp:
        * platform/network/curl/CurlDownload.cpp:
        * platform/network/curl/DNSCurl.cpp:
        * platform/network/curl/FormDataStreamCurl.cpp:
        * platform/network/curl/MultipartHandle.cpp:
        * platform/network/curl/ProxyServerCurl.cpp:
        * platform/network/curl/ResourceHandleCurl.cpp:
        * platform/network/curl/ResourceHandleManager.cpp:
        * platform/network/curl/SSLHandle.cpp:
        * platform/network/curl/SocketStreamHandleCurl.cpp:
        Protected with USE(CURL) to avoid duplicate symbols when linking.
        * platform/network/soup/AuthenticationChallengeSoup.cpp:
        * platform/network/soup/CertificateInfo.cpp:
        * platform/network/soup/CookieJarSoup.cpp:
        * platform/network/soup/CookieStorageSoup.cpp:
        * platform/network/soup/CredentialStorageSoup.cpp:
        * platform/network/soup/DNSSoup.cpp:
        * platform/network/soup/NetworkStorageSessionSoup.cpp:
        * platform/network/soup/ProxyResolverSoup.cpp:
        * platform/network/soup/ProxyServerSoup.cpp:
        * platform/network/soup/ResourceErrorSoup.cpp:
        * platform/network/soup/ResourceHandleSoup.cpp:
        * platform/network/soup/ResourceRequestSoup.cpp:
        * platform/network/soup/ResourceResponseSoup.cpp:
        * platform/network/soup/SocketStreamHandleSoup.cpp:
        * platform/network/soup/SoupNetworkSession.cpp:
        * platform/network/soup/SynchronousLoaderClientSoup.cpp:
        Protected with USE(CURL) to avoid duplicate symbols when linking.

2014-03-20  Pratik Solanki  <psolanki@apple.com>

        iOS build fix after r165979.

        * generate-export-file:
        (preprocessorMacros):

2014-03-20  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] getClientRects returns wrong rectangle
        https://bugs.webkit.org/show_bug.cgi?id=128614

        Reviewed by Sam Weinig.

        Added fast/multicol/newmulticol/client-rects.html and beefed up existing
        fast/multicol/client-rects.html to use more writing modes.

        * rendering/LayoutState.h:
        Removed unused function.

        * rendering/RenderFlowThread.h:
        Make mapFlowToRegion virtual so that RenderMultiColumnFlowThread can
        override it.

        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::mapFromFlowToRegion):
        * rendering/RenderMultiColumnFlowThread.h:
        Implement mapFlowToRegion to correctly translate a flow thread position
        into a column offset within a region.

        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::columnTranslationForOffset):
        (WebCore::RenderMultiColumnSet::adjustRegionBoundsFromFlowThreadPortionRect):
        * rendering/RenderMultiColumnSet.h:
        Refactored some code to make a columnTranslationForOffset helper that
        can be used by RenderMultiColumnFlowThread.

2014-03-20  Daniel Bates  <dabates@apple.com>

        Preserve original document URL for XSSAuditor reports

        Merged from Blink (patch by Tom Sepez):
        https://src.chromium.org/viewvc/blink?view=rev&revision=158406

        Test: http/tests/security/xssAuditor/report-script-tag-replace-state.html

        * html/parser/XSSAuditor.cpp:
        (WebCore::XSSAuditor::filterToken):
        * html/parser/XSSAuditorDelegate.cpp:
        (WebCore::buildConsoleError):
        (WebCore::XSSAuditorDelegate::generateViolationReport):
        (WebCore::XSSAuditorDelegate::didBlockScript):
        * html/parser/XSSAuditorDelegate.h:
        (WebCore::XSSInfo::XSSInfo):

2014-03-20  Daniel Bates  <dabates@apple.com>

        XSSAuditor bypass with frameset tags

        Merged from Blink (patch by Tom Sepez):
        https://src.chromium.org/viewvc/blink?view=rev&revision=157794

        Test: http/tests/security/xssAuditor/frameset-injection.html

        * html/parser/XSSAuditor.cpp:
        (WebCore::XSSAuditor::filterStartToken):
        (WebCore::XSSAuditor::filterFrameToken):
        * html/parser/XSSAuditor.h:

2014-03-20  Brian Burg  <bburg@apple.com>

        Web Replay: fix some oversights in the replay backend
        https://bugs.webkit.org/show_bug.cgi?id=130435

        Reviewed by Andreas Kling.

        This functionality will be covered by tests in https://webkit.org/b/130145.

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::playbackFinishedImpl):
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::playbackFinished):
        * inspector/InspectorReplayAgent.cpp:
        (WebCore::buildInspectorObjectForSegment):
        (WebCore::InspectorReplayAgent::playbackFinished):
        * inspector/InspectorReplayAgent.h: Add a playbackFinished event to Inspector
        instrumentation. This is fired by ReplayController when playback is cancelled or 
        playback of the final segment has completed.

        * replay/EventLoopInputDispatcher.cpp:
        (WebCore::EventLoopInputDispatcher::dispatchInputSoon): Fix wrong cast.
        (WebCore::EventLoopInputDispatcher::dispatchInput): Ensure that m_dispatching is
        false when m_running is false.
        * replay/EventLoopInputDispatcher.h: Distinguish 'dispaching' and 'running' in comments.
        (WebCore::EventLoopInputDispatcher::isRunning): Added.

        * replay/FunctorInputCursor.h: Since the base class InputCursor is RefCounted, the
        Functor subclass cannot be put into a unique_ptr. Add create() method instead.

        * replay/ReplayController.cpp:
        (WebCore::ReplayController::loadSegmentAtIndex): Renamed from loadSegment(). Callers
        now pass in the desired segment index rather than the segment itself. The index is
        necessary to properly reset m_position after the segment is loaded.

        (WebCore::ReplayController::startPlayback): Set the dispatcher's speed before run().
        (WebCore::ReplayController::pausePlayback): Only pause the dispatcher if it's running.
        (WebCore::ReplayController::cancelPlayback): Add playbackFinished instrumentation.
        (WebCore::ReplayController::replayToPosition):
        (WebCore::ReplayController::didDispatchFinalInput): If there are no more segments to load,
        manually adjust the final m_position and defer to cancelPlayback to unload the segment.
        * replay/ReplayController.h:
        * replay/ReplaySessionSegment.cpp:
        (WebCore::ReplaySessionSegment::createFunctorCursor):
        * replay/ReplaySessionSegment.h:

2014-03-20  Pratik Solanki  <psolanki@apple.com>

        [iOS] Get code to compile on older iOS versions
        https://bugs.webkit.org/show_bug.cgi?id=130142
        <rdar://problem/16302908>

        Reviewed by Darin Adler.

        * WebCore.exp.in:
        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (-[WebVideoFullscreenController WebCore::]):
        (-[WebVideoFullscreenController enterFullscreen:]):
        (-[WebVideoFullscreenController exitFullscreen]):
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        * platform/mac/HTMLConverter.mm:
        (_dateForString):
        * platform/network/cf/CookieJarCFNet.cpp:
        (WebCore::copyCookiesForURLWithFirstPartyURL):
        * platform/text/ios/LocalizedDateCache.mm:
        (WebCore::LocalizedDateCache::calculateMaximumWidth):
        * platform/text/mac/LocaleMac.mm:
        (WebCore::LocaleMac::LocaleMac):

2014-03-20  Simon Fraser  <simon.fraser@apple.com>

        Followup build fix: AnimationBase.h needs to be private because
        it's included by AnimationController.h.

        * WebCore.xcodeproj/project.pbxproj:

2014-03-20  Simon Fraser  <simon.fraser@apple.com>

        A completed fill-forwards animation should not disable overlap testing
        https://bugs.webkit.org/show_bug.cgi?id=130522
        <rdar://problem/15862395>

        Reviewed by Dean Jackson.
        
        Previously, if -webkit-transform was being keyframe-animated, and the
        animation had fill-forwards, then we would continue to think that the
        animation is running and turn off compositing overlap testing. This
        caused some sites to keep too much backing store around.
        
        Fix by having isRunning{Accelerated}AnimationOnRenderer take some flags
        so that more specific questions about the running state can be asked.
        For layer creation, keep using the same criteria as before (for now)
        which includes paused and fill-forwards animations. For overlap testing,
        don't include the fill-forwards test.

        Tests: compositing/animation/filling-animation-overlap-at-end.html
               compositing/animation/filling-animation-overlap.html
               compositing/animation/layer-for-filling-animation.html

        * page/animation/AnimationBase.h:
        (WebCore::AnimationBase::fillingForwards):
        (WebCore::AnimationBase::inPausedState):
        (WebCore::AnimationBase::isAnimatingProperty):
        * page/animation/AnimationController.cpp:
        (WebCore::AnimationControllerPrivate::isRunningAnimationOnRenderer):
        (WebCore::AnimationControllerPrivate::isRunningAcceleratedAnimationOnRenderer):
        (WebCore::AnimationController::isRunningAnimationOnRenderer):
        (WebCore::AnimationController::isRunningAcceleratedAnimationOnRenderer):
        * page/animation/AnimationController.h:
        * page/animation/AnimationControllerPrivate.h:
        * page/animation/CompositeAnimation.cpp:
        (WebCore::CompositeAnimation::isAnimatingProperty):
        * page/animation/CompositeAnimation.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresCompositingForAnimation):
        (WebCore::RenderLayerCompositor::isRunningAcceleratedTransformAnimation):

2014-03-20  Dirk Schulze  <krit@webkit.org>

        Canvas methods clip/fill/stroke should not except 0 argument
        https://bugs.webkit.org/show_bug.cgi?id=130497

        Reviewed by Dean Jackson.

        Do not allow nullable argument for fill/stroke/clip.

        No new tests. Updated existing tests.

        * html/canvas/CanvasRenderingContext2D.idl:

2014-03-20  Eric Carlson  <eric.carlson@apple.com>

        [iOS] Support MediaDocument when building with PLUGIN_PROXY_FOR_VIDEO
        https://bugs.webkit.org/show_bug.cgi?id=130520

        Reviewed by Jer Noble.

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::createDocument): Check the isVideoPluginProxyEnabled setting 
            when building with ENABLE_PLUGIN_PROXY_FOR_VIDEO.

2014-03-20  Mihai Tica  <mitica@adobe.com>

        [CSS Blending] Blending operation is not isolated when setting z-index on parent from javascript
        https://bugs.webkit.org/show_bug.cgi?id=129307

        Reviewed by Dean Jackson.

        Reimplement the logic behind isolating blend modes. The blending operation should be limited to the
        contents of the parent stacking context. The proposed solution implies adding logic in updateDescendantDependentFlags,
        to track child elements that have blending and create a transparency layer that triggers isolation.

        Tests: css3/compositing/blend-mode-background.html
               fast/repaint/blend-mode-isolate-stacking-context.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer): Remove old members, add new members to constructor.
        (WebCore::RenderLayer::updateBlendMode): Update parent stacking context isolation on blend mode change.
        (WebCore::RenderLayer::updateNonCompositedParentStackingContextHasBlendedChild):
        - Set m_hasBlendedElementInChildStackingContext for the non composited parent stacking context.
        (WebCore::RenderLayer::dirtyAncestorParentStackingContextHasBlendedElement):
        - Set flag so isolation should be considered in updateDescendantDependentFlags.
        (WebCore::RenderLayer::nonCompositedParentStackingContextHasBlendedChild):
        - Return whether the non composited parent stacking context isolates blending.
        (WebCore::RenderLayer::updateDescendantDependentFlags): Add logic for isolating blending.
        (WebCore::RenderLayer::addChild): Call to updateNonCompositedParentStackingContextHasBlendedChild if needed.
        (WebCore::RenderLayer::removeChild): Call to dirtyAncestorParentStackingContextHasBlendedElement if needed.
        (WebCore::RenderLayer::updateStackingContextsAfterStyleChange): Update isolation when a stacking context was set or unset.
        (WebCore::RenderLayer::styleChanged): Removed oldStyle parameter from updateBlendMode call.
         Update parent stacking context isolation on blend mode change.
        * rendering/RenderLayer.h:
        - Add members, getters and setters for tracking whether the element has a blended child:
            - m_hasBlendedElementInChildStackingContext
            - m_hasBlendedElementInChildStackingContextStatusDirty
        - Removed m_updateParentStackingContextShouldIsolateBlendingDirty (replaced with m_hasBlendedElementInChildStackingContextStatusDirty)
        - Removed m_isolatesBlending (replaced with m_hasBlendedElementInChildStackingContext)
        - Updated the isolatesBlending method to return true only when the element is a stacking context and has a blended child.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::computeCompositingRequirements): Removed layer.updateParentStackingContextShouldIsolateBlending call.

2014-03-20  Martin Robinson  <mrobinson@igalia.com>

        [GTK] [CMake] Do not compile ProxyResolverSoup.cpp
        https://bugs.webkit.org/show_bug.cgi?id=130516

        Reviewed by Sergio Villar Senin.

        * PlatformGTK.cmake: Remove the file from the source list.

2014-03-20  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r165962.
        https://bugs.webkit.org/show_bug.cgi?id=130512

        It broke the build (Requested by Ossy on #webkit).

        Reverted changeset:

        "[EFL][GTK] Get CMake to find Freetype2 properly"
        https://bugs.webkit.org/show_bug.cgi?id=130150
        http://trac.webkit.org/changeset/165962

2014-03-20  Lorenzo Tilve  <ltilve@igalia.com>

        "input" event is not fired when changing a select element's value
        https://bugs.webkit.org/show_bug.cgi?id=117526

        Reviewed by Antti Koivisto.

        Add a call to dispatch input event when listbox or menulist
        values are modified.

        According to the spec: "When the user agent is to send select update
        notifications, queue a task to first fire a simple even that bubbles
        named input at the select element, and then fire a simple event that
        bubbles named change at the select element, using the user interaction
        task source as the task source."

        Tests: fast/forms/select/listbox-oninput-fired.html
               fast/forms/select/menulist-oninput-fired.html

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::listBoxOnChange):
        (WebCore::HTMLSelectElement::dispatchChangeEventForMenuList):

2014-03-20  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] The height of a scrollable element flowed inside a scrollable region is not computed correctly
        https://bugs.webkit.org/show_bug.cgi?id=129487

        Reviewed by Andrei Bucur.

        When propagating the layout overflow from the flowed element up to the flow thread itself,
        the region's logical bottom padding and the element's logical bottom margin must be taken into consideration.
        However, if the flowed element has overflow, the overflow will be painted over the region's padding
        and the element's margin, in order to be compatible with the non-regions case.
        More info can be found here: http://lists.w3.org/Archives/Public/www-style/2014Jan/0089.html

        Tests: fast/regions/scrollable-region-content-size-horiz-bt.html
               fast/regions/scrollable-region-content-size-no-overflow-horiz-bt.html
               fast/regions/scrollable-region-content-size-no-overflow-vert-rl.html
               fast/regions/scrollable-region-content-size-no-overflow.html
               fast/regions/scrollable-region-content-size-relative.html
               fast/regions/scrollable-region-content-size-vert-rl.html
               fast/regions/scrollable-region-content-size-vertical-lr.html
               fast/regions/scrollable-region-content-size.html
               fast/regions/scrollable-region-scrollable-content.html

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::addRegionsOverflowFromChild):
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::rectFlowPortionForBox):

2014-03-20  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Nested layers with subpixel accumulation paint to wrong position.
        https://bugs.webkit.org/show_bug.cgi?id=130153

        Reviewed by Simon Fraser.

        Subpixels (fractional device pixels here) can accumulate through nested layers. Subpixels
        need to be propagated through the layer tree so that painting coordinates match layout coordinates.

        Subpixel accumulation through nesting (absolute positioning, 2x display):
        non-compositing case:
        (nested boxes)  (layout pos) (norm.paint pos) (translate accumulation, subpixel accumulation, final paint pos)
        div -> top: 1.3px   1.3px     1.5px      1.5px 0.2px -> snapped 0.0px -> 1.5px
         div -> top: 1.3px   2.6px     2.5px      3.0px 0.4px -> snapped 0.5px -> 2.5px
          div -> top: 1.3px   3.9px     4.0px      4.5px 0.6px -> snapped 0.5px -> 4.0px
           div -> top: 1.3px   5.2px     5.0px      6.0px 0.8px -> snapped 1.0px -> 5.0px

        compositing case:
        (nested boxes)  (layout pos) (norm.paint pos) (device pixel offset + fractional offset, final pos)
        div -> top: 1.3px   1.3px      1.5px      1.0px + 0.3px -> snapped -> 1.5px
         div -> top: 1.3px   2.6px      2.5px      2.5px + 0.1px -> snapped -> 2.5px
          div -> top: 1.3px   3.9px      4.0px      3.5px + 0.4px -> snapped -> 4.0px
           div -> top: 1.3px   5.2px      5.0px      5.0px + 0.2px -> snapped -> 5.0px

        Tests: compositing/hidpi-nested-compositing-layers-with-subpixel-accumulation.html
               fast/layers/hidpi-nested-layers-with-subpixel-accumulation.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerByApplyingTransform):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        * rendering/RenderLayerBacking.h:
        (WebCore::RenderLayerBacking::devicePixelFractionFromRenderer):

2014-03-20  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        [EFL][GTK] Get CMake to find Freetype2 properly
        https://bugs.webkit.org/show_bug.cgi?id=130150

        Reviewed by Csaba Osztrogonác.

        Newer versions of CMake are not able to find Freetype2 correctly.
        FindFreetype2.cmake checks for the version number in freetype.h header, since it seems that bug exists in
        freetype2 repo, because a completely different version number is found in freetype2.pc.

        * PlatformEfl.cmake:
        * PlatformGTK.cmake:

2014-03-20  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>

        Refactor checking log channel state in MediaPlayerPrivateGStreamerBase.
        https://bugs.webkit.org/show_bug.cgi?id=130241

        Reviewed by Philippe Normand.

        The channel was passed around only to check its state. Cleaned this up
        by adding a method to check whether a log channel is enabled.

        * platform/Logging.cpp:
        (WebCore::isLogChannelEnabled):
        * platform/Logging.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSink):

2014-03-20  Lorenzo Tilve  <ltilve@igalia.com>

        Dispatch input event for Range element keyboard event
        https://bugs.webkit.org/show_bug.cgi?id=129929

        Reviewed by Kent Tamura.

        For any value update, dispatch both input and change event.
        Also removes extra dispatch change event, as event is dispatched
        from TextFieldInputType:setValue.

        Merged from Blink (patch by Habib Virji):
        https://src.chromium.org/viewvc/blink?revision=168558&view=revision

        Test: fast/forms/range/range-keyboard-oninput-event.html

        * html/RangeInputType.cpp:
        (WebCore::RangeInputType::handleKeydownEvent):

2014-03-20  Jinwoo Song  <jinwoo7.song@samsung.com>

        Refine BatteryStatus module
        https://bugs.webkit.org/show_bug.cgi?id=130495

        Reviewed by Andreas Kling.

        Small refinements:
         - Return PassRef instead of PassRefPtr in create method
         - Switched to nullptr instead of 0 where appropriate.
         - Removed unused function and header file.
         - Removed unnecessary empty lines.

        * Modules/battery/BatteryController.h:
        * Modules/battery/BatteryManager.cpp:
        (WebCore::BatteryManager::create): Make return passRef.
        * Modules/battery/BatteryManager.h:
        (WebCore::BatteryManager::batteryControllerDestroyed): Use nullptr.
        * Modules/battery/BatteryStatus.cpp:
        (WebCore::BatteryStatus::create): Make return passRef.
        * Modules/battery/BatteryStatus.h:
        * Modules/battery/NavigatorBattery.cpp:
        (WebCore::NavigatorBattery::webkitBattery): Remove batteryManager().
        * Modules/battery/NavigatorBattery.h:

2014-03-19  Pratik Solanki  <psolanki@apple.com>

        [iOS] Get code to compile on older iOS versions
        https://bugs.webkit.org/show_bug.cgi?id=130142
        <rdar://problem/16302908>

        Reviewed by Darin Adler.

        * WebCore.exp.in:
        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (-[WebVideoFullscreenController WebCore::]):
        (-[WebVideoFullscreenController enterFullscreen:]):
        (-[WebVideoFullscreenController exitFullscreen]):
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        * platform/mac/HTMLConverter.mm:
        (_dateForString):
        * platform/network/cf/CookieJarCFNet.cpp:
        (WebCore::copyCookiesForURLWithFirstPartyURL):
        * platform/text/ios/LocalizedDateCache.mm:
        (WebCore::LocalizedDateCache::calculateMaximumWidth):
        * platform/text/mac/LocaleMac.mm:
        (WebCore::LocaleMac::LocaleMac):

2014-03-19  Byungseon Shin  <sun.shin@lge.com>

        Fix "WEBKIT_WEBGL_compressed_texture_pvrtc" extension support
        https://bugs.webkit.org/show_bug.cgi?id=130292

        Reviewed by Dean Jackson.

        WebGLRenderingContext::getExtension was not returning WEBGL_compressed_texture_pvrtc extension.

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getExtension):

2014-03-19  Brent Fulgham  <bfulgham@apple.com>

        Merge Misc. WebVTT Updates from Blink.
        https://bugs.webkit.org/show_bug.cgi?id=130491

        Reviewed by Eric Carlson.

        Test: media/track/track-webvtt-tc030-interspersed-non-cue.html

        Merged from Blink (patch by vcarbune@chromium.org):
        https://chromium.googlesource.com/chromium/blink/+/fb62b2b54944bd19026192c049a1db250756fc12
        http://crbug.com/40323003
        https://chromium.googlesource.com/chromium/blink/+/29176fb0b394a97e85f4dabc07e18329f3ceae41
        http://crbug.com/54463002
        https://chromium.googlesource.com/chromium/blink/+/29476f839a08cb17c5a3fc713f7e454e7cea9c60
        http://crbug.com/55853002
        https://chromium.googlesource.com/chromium/blink/+/ba2378ef873e786cf2937034e012669cdd37dfe8
        http://crbug.com/65343003
        https://chromium.googlesource.com/chromium/blink/+/1915b9aa1bba45aebf28531b40ae627ecf9a3d59
        http://crbug.com/62833005
        https://chromium.googlesource.com/chromium/blink/+/ea46dbd0f1f29779a1cd4f59b19361b803f09a9b
        http://crbug.com/64273013
        https://chromium.googlesource.com/chromium/blink/+/9eb4bb6b627357bb94d66386a4123ec004cccfc4
        http://crbug.com/101513002
        https://chromium.googlesource.com/chromium/blink/+/192a843b32eafb77bf92c50ec50d334ba935028a
        http://crbug.com/102403002
        https://chromium.googlesource.com/chromium/blink/+/15f9efcc952fcf73184e28fb9db79633c1fa6653
        http://crbug.com/104443002
        https://chromium.googlesource.com/chromium/blink/+/74fd66b451a464683f7cb748855b1740a54b2c16
        http://crbug.com/75243004

        * html/track/TextTrackRegion.cpp:
        (WebCore::TextTrackRegion::parseSettingValue):
        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::markFutureAndPastNodes):
        (WebCore::VTTCue::setCueSettings):
        * html/track/WebVTTParser.cpp:
        (WebCore::scanDigits):
        (WebCore::WebVTTParser::collectDigitsToInt):
        (WebCore::WebVTTParser::parseFloatPercentageValue):
        (WebCore::WebVTTParser::parseBytes):
        (WebCore::WebVTTParser::collectMetadataHeader):
        (WebCore::WebVTTParser::collectTimingsAndSettings):
        (WebCore::WebVTTParser::createDocumentFragmentFromCueText):
        (WebCore::WebVTTParser::createNewCue):
        (WebCore::WebVTTParser::createNewRegion):
        (WebCore::WebVTTParser::collectTimeStamp):
        (WebCore::tokenToNodeType):
        (WebCore::WebVTTParser::constructTreeFromToken):
        * html/track/WebVTTParser.h:
        * html/track/WebVTTToken.h:
        (WebCore::WebVTTToken::name):
        (WebCore::WebVTTToken::characters):
        (WebCore::WebVTTToken::appendToCharacter):
        (WebCore::WebVTTToken::addNewClass):
        (WebCore::WebVTTToken::classes):
        (WebCore::WebVTTToken::addNewAnnotation):
        (WebCore::WebVTTToken::annotation):
        * html/track/WebVTTTokenizer.cpp:
        (WebCore::equalLiteral):
        (WebCore::WebVTTTokenizer::WebVTTTokenizer):
        (WebCore::WebVTTTokenizer::nextToken):
        * html/track/WebVTTTokenizer.h:

2014-03-19  Mark Hahnenberg  <mhahnenberg@apple.com>

        GC timer should intelligently choose between EdenCollections and FullCollections
        https://bugs.webkit.org/show_bug.cgi?id=128261

        Reviewed by Geoffrey Garen.

        No new tests.

        Updated WebSafeGCActivityCallbacks for both Eden and Full timers.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::commonVM):
        * platform/ios/WebSafeGCActivityCallbackIOS.h:

2014-03-19  Andy Estes  <aestes@apple.com>

        Fix the iOS build after r165917.

        * platform/ios/WebCoreSystemInterfaceIOS.mm:

2014-03-19  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r165926.
        https://bugs.webkit.org/show_bug.cgi?id=130488

        broke the iOS build (Requested by estes on #webkit).

        Reverted changeset:

        "GC timer should intelligently choose between EdenCollections
        and FullCollections"
        https://bugs.webkit.org/show_bug.cgi?id=128261
        http://trac.webkit.org/changeset/165926

2014-03-19  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r165929.
        https://bugs.webkit.org/show_bug.cgi?id=130487

        in order to roll out r165926 (Requested by estes on #webkit).

        Reverted changeset:

        http://trac.webkit.org/changeset/165929

2014-03-19  Mark Hahnenberg  <mhahnenberg@apple.com>

        Build fix for iOS after r165926

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::commonVM):
        * platform/ios/WebSafeGCActivityCallbackIOS.h:

2014-03-19  Eric Carlson  <eric.carlson@apple.com>

        Allow media engine to update HTMLMediaElement state when playing to external device
        https://bugs.webkit.org/show_bug.cgi?id=130480

        Reviewed by Jer Noble.

        * html/HTMLMediaElement.h: Add mediaPlayerHandlePlaybackCommand.

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::handlePlaybackCommand): New.
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayerClient::mediaPlayerHandlePlaybackCommand):

        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::rateChanged): Send Play and Pause commands when
            playing to an external device.

2014-03-19  Dirk Schulze  <krit@webkit.org>

        Implement isPointInPath and isPointInStroke with Path2D argument
        https://bugs.webkit.org/show_bug.cgi?id=130473

        Reviewed by Dean Jackson.

        Implement isPointInPath and isPointInStroke for 2D Canvas contxts
        with Path2D argument.


        Tests: fast/canvas/canvas-path-isPointInPath.html
               fast/canvas/canvas-path-isPointInStroke.html

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::isPointInPath):
        (WebCore::CanvasRenderingContext2D::isPointInStroke):
        (WebCore::CanvasRenderingContext2D::isPointInPathInternal):
        (WebCore::CanvasRenderingContext2D::isPointInStrokeInternal):
        * html/canvas/CanvasRenderingContext2D.h:
        * html/canvas/CanvasRenderingContext2D.idl:

2014-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>

        GC timer should intelligently choose between EdenCollections and FullCollections
        https://bugs.webkit.org/show_bug.cgi?id=128261

        Reviewed by Geoffrey Garen.

        No new tests.

        * platform/ios/WebSafeGCActivityCallbackIOS.h: Update WebSafeGCActivityCallback
        appropriately for the introduction of another type of GCActivityCallback.

2014-03-18  Mark Hahnenberg  <mhahnenberg@apple.com>

        GC timer should intelligently choose between EdenCollections and FullCollections
        https://bugs.webkit.org/show_bug.cgi?id=128261

        Reviewed by Geoffrey Garen.

        No new tests.

        Updated WebSafeGCActivityCallbacks for both Eden and Full timers.

        * platform/ios/WebSafeGCActivityCallbackIOS.h:

2014-03-19  Antti Koivisto  <antti@apple.com>

        Crash with long selector list
        https://bugs.webkit.org/show_bug.cgi?id=123006

        Reviewed by Andreas Kling.

        Test: fast/css/long-selector-list-crash.html

        * css/CSSSelectorList.cpp:
        (WebCore::CSSSelectorList::CSSSelectorList):
        (WebCore::CSSSelectorList::adoptSelectorVector):
        (WebCore::CSSSelectorList::operator=):
        * css/StyleRule.cpp:
        (WebCore::StyleRule::create):

            Add a bunch of asserts.

        (WebCore::StyleRule::splitIntoMultipleRulesWithMaximumSelectorComponentCount):
        
            This could produce a zero-length selector list.

2014-03-19  Andreas Kling  <akling@apple.com>

        Rebaseline bindings tests.

        * bindings/scripts/test/JS/*:

2014-03-04  Jer Noble  <jer.noble@apple.com>

        [iOS][MediaControls] Reverse-pinching using the built-in controls should enter full screen
        https://bugs.webkit.org/show_bug.cgi?id=129707

        Reviewed by Eric Carlson.

        The default controls on iOS should respond to a pinch gesture by entering fullscreen. Add a gesture
        event listener, and enter full screen if the user does a quick (>2 velocity) reverse (>1.25 scale) pinch.

        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.createBase):
        (ControllerIOS.prototype.handlePlayButtonTouchEnd):
        (ControllerIOS.prototype.handleBaseGestureStart):
        (ControllerIOS.prototype.handleBaseGestureChange):
        (ControllerIOS.prototype.handleBaseGestureEnd):

2014-03-19  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r156316): Scrollbar on a large document is broken
        https://bugs.webkit.org/show_bug.cgi?id=130474
        <rdar://problem/16371523>

        Reviewed by Anders Carlsson.

        The bug was caused by updateArrowPlacement() doing the work even though Scrollbar Overlay API is available.
        Prior to r156316, this function exited early:
        http://trac.webkit.org/browser/trunk/Source/WebCore/platform/mac/ScrollbarThemeMac.mm?rev=156315#L147

        Fixed the bug by deleting updateArrowPlacement() entirely.

        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::ScrollbarThemeMac::preferencesChanged):

2014-03-19  Jer Noble  <jer.noble@apple.com>

        [Mac][EME] Query whether decoder support exists before creating a new MediaKeys object.
        https://bugs.webkit.org/show_bug.cgi?id=130459

        Reviewed by Eric Carlson.

        * WebCore.exp.in: Export the new WCSI method.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::supportsKeySystem): Bail early if we have no decoder support.
        * platform/mac/WebCoreSystemInterface.h: Provide a WCSI wrapper for WKSI.
        * platform/mac/WebCoreSystemInterface.mm: Ditto.

2014-03-19  Eric Carlson  <eric.carlson@apple.com>

        Make Remote Control commands testable
        https://bugs.webkit.org/show_bug.cgi?id=130358

        Reviewed by Jer Noble.

        Test: media/video-remote-control-playpause.html

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaPlayerTimeChanged): Call session->clientWillPausePlayback.
        (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand): Log the command.

        * platform/audio/MediaSession.cpp:
        (WebCore::MediaSessionClient::mediaSessionTitle): Move from header file.
        (WebCore::MediaSessionClient::mediaSessionDuration): Ditto.
        (WebCore::MediaSessionClient::mediaSessionCurrentTime): Ditto.
        * platform/audio/MediaSession.h:

        * platform/audio/MediaSessionManager.cpp:
        (WebCore::MediaSessionManager::MediaSessionManager): Get rid of m_activeSession.
        (WebCore::MediaSessionManager::removeSession): No need to clear m_activeSession because 
            we use the m_sessions vector.
        (WebCore::MediaSessionManager::sessionWillBeginPlayback): setCurrentSession takes a 
            MediaSession&.
        (WebCore::MediaSessionManager::sessionWillEndPlayback): Keep m_sessions sorted so playing
            sessions are before paused sessions.
        (WebCore::MediaSessionManager::setCurrentSession): Move the session that is beginning to
            play to the head of m_sessions.
        (WebCore::MediaSessionManager::currentSession): Return m_sessions[0] or nullptr.
        (WebCore::MediaSessionManager::didReceiveRemoteControlCommand):
        * platform/audio/MediaSessionManager.h:

        * platform/audio/ios/MediaSessionManagerIOS.mm: Include MediaPlayer.h.

        * testing/Internals.cpp:
        (WebCore::Internals::postRemoteControlCommand): New.
        * testing/Internals.h:
        * testing/Internals.idl:

2014-03-19  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        Improving webkitGetUserMedia error handling and error messages
        https://bugs.webkit.org/show_bug.cgi?id=130452

        Reviewed by Eric Carlson.

        Checking if first argument of webkitGetUserMedia is a valid Dictionary. If not, throw an exception with a
        clearer message of the error.

        Test updated.

        * Modules/mediastream/NavigatorMediaStream.idl:
        * UseJSC.cmake:
        * bindings/js/JSNavigatorCustom.cpp: Added.

2014-03-19  Andreas Kling  <akling@apple.com>

        JSC bindings should use the passed-in global object for wrapper caching.
        <https://webkit.org/b/130458>

        Take a shorter path to the DOMWrapperWorld by using the passed-in
        global object instead of getting the lexical global from ExecState.
        Removed an old FIXME that no longer applies since JSObjects can
        always find the right global object these days.

        Reviewed by Geoff Garen.

        * bindings/js/JSCSSRuleCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        (WebCore::JSCSSStyleDeclaration::getPropertyCSSValue):
        * bindings/js/JSCSSValueCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSDOMBinding.h:
        (WebCore::createWrapper):
        (WebCore::wrap):
        (WebCore::getExistingWrapper):
        (WebCore::createNewWrapper):
        (WebCore::toJS):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setTimeout):
        (WebCore::JSDOMWindow::setInterval):
        (WebCore::JSDOMWindow::addEventListener):
        (WebCore::JSDOMWindow::removeEventListener):
        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::JSDocument::location):
        (WebCore::toJS):
        * bindings/js/JSElementCustom.cpp:
        (WebCore::toJSNewlyCreated):
        * bindings/js/JSEventCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSHTMLCollectionCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSHTMLTemplateElementCustom.cpp:
        (WebCore::JSHTMLTemplateElement::content):
        * bindings/js/JSImageDataCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSNodeCustom.cpp:
        (WebCore::createWrapperInline):
        * bindings/js/JSNodeCustom.h:
        (WebCore::toJS):
        * bindings/js/JSSVGPathSegCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSStyleSheetCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSTextTrackCueCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSTrackCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSWorkerGlobalScopeCustom.cpp:
        (WebCore::JSWorkerGlobalScope::setTimeout):
        (WebCore::JSWorkerGlobalScope::setInterval):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):

2014-03-19  Benjamin Poulain  <bpoulain@apple.com>

        Page::setPageScaleFactor should not force the scroll view position when using delegatesScrolling()
        https://bugs.webkit.org/show_bug.cgi?id=130429

        Reviewed by Simon Fraser.

        When setting the same scale mutliple time (for example on load), Page was asking the top scrollview
        to scroll to the origin. This is bogus since the scroll view is driving Page::setDeviceScaleFactor,
        not the other way around.

        Simon fixed the general case in http://trac.webkit.org/changeset/165652/trunk/Source/WebCore/page/Page.cpp
        but this branch was still scrolling content.

        * page/Page.cpp:
        (WebCore::Page::setPageScaleFactor):

2014-03-19  Brady Eidson  <beidson@apple.com>

        Filter out editable services from image menu for non-contenteditable images
        <rdar://problem/16319645> and https://bugs.webkit.org/show_bug.cgi?id=130437

        Reviewed by Tim Horton.

        * WebCore.exp.in:

2014-03-19  Dirk Schulze  <krit@webkit.org>

        Implement method addPath for Path2D
        https://bugs.webkit.org/show_bug.cgi?id=130461

        Reviewed by Dean Jackson.

        Add support for the Path2D method addPath. The method allows
        to append and existing Path2D object to another one. It can be
        combined with a transformation matrix SVGMatrix.

        Test: fast/canvas/canvas-path-addPath.html

        * html/canvas/DOMPath.h: Add new method addPath().
        (WebCore::DOMPath::addPath):
        * html/canvas/DOMPath.idl:
        * platform/graphics/Path.h: Add support for appending paths.
        * platform/graphics/cairo/PathCairo.cpp:
        (WebCore::Path::addPath):
        * platform/graphics/cg/PathCG.cpp:
        (WebCore::Path::addPath):
        * platform/graphics/wince/PathWinCE.cpp:
        (WebCore::Path::addPath):

2014-03-19  Yongjun Zhang  <yongjun_zhang@apple.com>

        [iOS] WebKit2 Quicklook.
        https://bugs.webkit.org/show_bug.cgi?id=130360

        Reviewed by Tim Horton.

        Since ResourceLoaders using WebKit2 network process don't have ResourceHandle any more, we
        need to make it possible to create QuickLookHandle from ResourceLoader.

        * WebCore.exp.in: Make some QuickLookHandle methods visible from WebKit2.
        * loader/ResourceLoader.h: Add m_quickLookHandle data member to ResourceLoader.
        (WebCore::ResourceLoader::quickLookHandle):
        (WebCore::ResourceLoader::setQuickLookHandle):
        * platform/network/ios/QuickLook.h: Add a new method to create QuickLookHandle from ResourceLoader.
        * platform/network/ios/QuickLook.mm:
        (WebCore::QuickLookHandle::create):

2014-03-19  Brent Fulgham  <bfulgham@apple.com>

        Fix cue rendering test and include support for left/right alignment
        https://bugs.webkit.org/show_bug.cgi?id=130406

        Reviewed by Eric Carlson.

        Merged from Blink (patch by vcarbune@chromium.org):
        https://chromium.googlesource.com/chromium/blink/+/e695703cb603421c741e59a557a7989113c13b94
        http://crbug.com/25155003

        No new tests. Covered by media/track/track-cue-rendering-snap-to-lines-not-set.html.

        * html/track/VTTCue.cpp:
        (WebCore::leftKeyword): Added.
        (WebCore::rightKeyword): Added.
        (WebCore::VTTCueBox::applyCSSProperties): Added.
        (WebCore::VTTCue::VTTCue):
        (WebCore::VTTCue::align): Handle left/right alignment.
        (WebCore::VTTCue::setAlign): Ditto.
        (WebCore::VTTCue::calculateDisplayParameters): Refactored and revised for left/right tokens.
        (WebCore::VTTCue::setCueSettings): Ditto.
        (WebCore::VTTCue::getCSSAlignment): Added.
        (WebCore::VTTCue::getCSSWritingMode): Added.
        * html/track/VTTCue.h:

2014-03-18  Anders Carlsson  <andersca@apple.com>

        Add new functionality that will be required by the history item decoding
        https://bugs.webkit.org/show_bug.cgi?id=130433

        Reviewed by Sam Weinig.

        * platform/KeyedCoding.h:
        (WebCore::KeyedDecoder::decodeConditionalObject):

2014-03-19  Tim Horton  <timothy_horton@apple.com>

        Fix the iOS build.

        * html/BaseDateAndTimeInputType.cpp:
        (WebCore::BaseDateAndTimeInputType::parseToDateComponents):
        Missing a StringView().

2014-03-19  Antti Koivisto  <antti@apple.com>

        Tighten ElementRuleCollector::m_matchedRuleList typing
        https://bugs.webkit.org/show_bug.cgi?id=130446

        Reviewed by Anders Carlsson.

        StyleRuleBase -> StyleRule.

        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::matchedRuleList):
        * css/ElementRuleCollector.h:
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::styleRulesForElement):
        (WebCore::StyleResolver::pseudoStyleRulesForElement):
        * css/StyleResolver.h:
        * editing/EditingStyle.cpp:
        (WebCore::styleFromMatchedRulesForElement):
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::getMatchedStylesForNode):
        (WebCore::InspectorCSSAgent::buildArrayForMatchedRuleList):
        * inspector/InspectorCSSAgent.h:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::getMatchedCSSRules):

2014-03-19  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] An unsplittable box is always displayed in a single region
        https://bugs.webkit.org/show_bug.cgi?id=130451

        Reviewed by Andrei Bucur.

        Add an ASSERT stating that an unsplittable box region range always contains 1 region.
        No new functionality, no new tests.

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::getRegionRangeForBox):

2014-03-19  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Transform origin is miscalculated when RenderLayer's
        offsetfromRenderer has device pixel fraction value.
        https://bugs.webkit.org/show_bug.cgi?id=129859

        Reviewed by Simon Fraser.

        We need to calculate the transformed origin using the painting coordinates to produce
        pixel precise result.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        (WebCore::RenderLayerBacking::computeTransformOriginForPainting):
        * rendering/RenderLayerBacking.h:

2014-03-19  Claudio Saavedra  <csaavedra@igalia.com>

        [GStreamer] Clean timeout source ids
        https://bugs.webkit.org/show_bug.cgi?id=130450

        Reviewed by Philippe Normand.

        Sources IDs need to be cleaned up if the callback removes the
        source, otherwise we'll be attempting to remove an empty source at
        some point.

        * platform/graphics/gstreamer/WebKitMediaSourceGStreamer.cpp:
        (webKitMediaVideoSrcStart): Clean the source id.
        (webKitMediaAudioSrcStart): Ditto.
        (webKitMediaVideoSrcSeekMainCb): Ditto.
        (webKitMediaAudioSrcSeekMainCb): Ditto.

2014-03-19  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Compute region ranges for children of inline blocks
        https://bugs.webkit.org/show_bug.cgi?id=130392

        Reviewed by Andrei Bucur.

        Extend the region ranges computation for children of inline blocks.
        When we cannot retrieve the region range for a box using cached information,
        either from region range map or from the region cached on the RootInlineBox,
        try to find the top most unsplittable box up to the flow thread boundary.
        If we find such unsplittable box and the box has a region range, then return
        this range.

        Before this patch, method getRegionRangeForBox did not return true/false
        if it was able to retrieve the range and the caller checked the returned
        region values. I modified the method to return true if we were able to compute
        the range.

        Tests: fast/regions/inline-block-inline-children-flowed-in-regions.html
               fast/regions/inline-blocks-dyn-enlarged-regions.html
               fast/regions/inline-blocks-dyn-shrunk-regions.html
               fast/regions/inline-blocks-in-two-regions.html

        * inspector/InspectorOverlay.cpp:
        (WebCore::buildObjectForRendererFragments):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::updateRegionRangeForBoxChild):
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::hasNextPage):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::clampToStartAndEndRegions):
        (WebCore::RenderBox::borderBoxRectInRegion):
        (WebCore::RenderBox::computeRectForRepaint):
        (WebCore::RenderBox::layoutOverflowRectForPropagation):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::mapAbsoluteToLocalPoint):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::regionForCompositedLayer):
        (WebCore::RenderFlowThread::adjustedPositionRelativeToOffsetParent):
        (WebCore::RenderFlowThread::removeRenderBoxRegionInfo):
        (WebCore::RenderFlowThread::logicalWidthChangedInRegionsForBlock):
        (WebCore::RenderFlowThread::getRegionRangeForBoxFromCachedInfo):
        (WebCore::RenderFlowThread::getRegionRangeForBox):
        (WebCore::RenderFlowThread::objectShouldPaintInFlowRegion):
        (WebCore::RenderFlowThread::objectInFlowRegion):
        (WebCore::RenderFlowThread::addRegionsVisualEffectOverflow):
        (WebCore::RenderFlowThread::addRegionsVisualOverflowFromTheme):
        (WebCore::RenderFlowThread::addRegionsOverflowFromChild):
        (WebCore::RenderFlowThread::addRegionsLayoutOverflow):
        (WebCore::RenderFlowThread::addRegionsVisualOverflow):
        (WebCore::RenderFlowThread::clearRegionsOverflow):
        * rendering/RenderFlowThread.h:
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::fragmentFromAbsolutePointAndBox):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::locateFlowThreadContainingBlock):
        Make sure we return the right render flow thread in the case of
        region-based multicolumn inside named flows.
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::rectFlowPortionForBox):

2014-03-19  Krzysztof Wolanski  <k.wolanski@samsung.com>

        [EFL] vibration/cancelVibration-during-pattern-vibrating.html is failing after r165598
        https://bugs.webkit.org/show_bug.cgi?id=130333

        Reviewed by Gyuyoung Kim.

        Added setting m_state when calling Vibration::vibrate. It was missing after
        refactoring Vibration (r165598).

        * Modules/vibration/Vibration.cpp:
        (WebCore::Vibration::vibrate):

2014-03-19  Sam Weinig  <sam@webkit.org>

        Rewrite WebHTMLConverter::_colorForNode in C++
        https://bugs.webkit.org/show_bug.cgi?id=130443

        Reviewed by Andreas Kling.

        * platform/mac/HTMLConverter.mm:
        (_platformColor):
        Rename from _colorForRGBColor and simplify to just do the platform conversion.

        (normalizedColor):
        Extract normalization out of _colorForRGBColor and remove cases that are impossible to hit
        due to us only ever using the device color space.

        (HTMLConverterCaches::colorPropertyValueForNode):
        (-[WebHTMLConverter _colorForNode:property:]):
        Convert to C++.

        (-[WebHTMLConverter dealloc]):
        (-[WebHTMLConverter init]):
        Remove caches, we already cache in ColorMac.

2014-03-18  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] Strange layout for content with region breaks
        https://bugs.webkit.org/show_bug.cgi?id=121318

        Reviewed by Mihnea Ovidenie.

        When break-inside: avoid is used on an element, the implementation tries to
        force it inside a single fragmentation container even though the descendants
        of the element specify forced breaks. This leads to unexpected results and
        unstable layout.

        The change extends the definition of unsplittable elements for flow threads
        using the same conditions found inside RenderBlockFlow::adjustForUnsplittableChild.
        This change forces elements that require break avoidance to have a single region
        in the region range. As a result, forced breaks have no effect inside them.

        It should be noted this may not the behavior defined by the CSS3 Fragmentation spec.
        From my understanding of the text, forced breaks override any avoidance specified
        by ancestor elements. However, implementing this is a larger change that will require
        a fundamental new approach in handling break avoidance. This patch just brings
        consistency to the API.

        Test: fast/regions/forced-break-inside-avoid-break.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::childBoxIsUnsplittableForFragmentation):
        (WebCore::RenderBlock::computeRegionRangeForBoxChild):
        (WebCore::RenderBlock::estimateRegionRangeForBoxChild):
        * rendering/RenderBlock.h:
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::adjustForUnsplittableChild): Move the avoidance conditions inside
        a helper method RenderBlock::childBoxIsUnsplittableForFragmentation.

2014-03-18  Samuel White  <samuel_white@apple.com>

        AX: Not able to use arrow keys to read text with VoiceOver before selection is set someplace (anyplace).
        https://bugs.webkit.org/show_bug.cgi?id=130250

        Reviewed by Chris Fleizach.

        If initial selection isn't set when we handle selection movement for accessibility, we need to set it. If we don't, using arrow
        keys to read text with VoiceOver doesn't work as expected. Things will only start working after the user holds shift and arrows
        around to select any arbitrary thing to force selection to get set. This logic handles that special case more gracefully.

        Test: platform/mac/accessibility/selection-initial.html

        * page/EventHandler.cpp:
        (WebCore::handleKeyboardSelectionMovement):
        (WebCore::EventHandler::handleKeyboardSelectionMovementForAccessibility):
        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState):

2014-03-18  Brent Fulgham  <bfulgham@apple.com>

        TextTrackRegion Not Implemented
        https://bugs.webkit.org/show_bug.cgi?id=116546

        Reviewed by Eric Carlson.

        Merged from Blink (patch by vcarbune@chromium.org):
        https://chromium.googlesource.com/chromium/blink/+/4940f89a087fea5b5ea628e98d0b355d398a9eea
        http://crbug.com/25798003

        Tests: media/track/regions-webvtt/text-track-region-display.html
               media/track/regions-webvtt/text-track-region-dom-layout.html

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):
        * html/track/LoadableTextTrack.cpp:
        (WebCore::LoadableTextTrack::newRegionsAvailable):
        * html/track/TextTrack.cpp:
        * html/track/TextTrack.h:
        * html/track/TextTrackRegion.cpp:
        (WebCore::TextTrackRegion::TextTrackRegion):
        (WebCore::TextTrackRegion::appendTextTrackCueBox):
        * html/track/TextTrackRegion.h:
        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::VTTCue):
        (WebCore::VTTCue::notifyRegionWhenRemovingDisplayTree):
        (WebCore::VTTCue::removeDisplayTree):
        * html/track/VTTCue.h:
        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::parseBytes):
        (WebCore::WebVTTParser::collectMetadataHeader):
        * html/track/WebVTTParser.h:

2014-03-18  Andreas Kling  <akling@apple.com>

        Share MemoryPressureHandler::releaseMemory() between platforms.
        <https://webkit.org/b/130416>

        Move the code that scours WebKit for things we can free up right now
        to the common part of MemoryPressureHandler. This will enable other
        platforms to do the same thing under pressure.

        There's now also a platformReleaseMemory() where platform-specific
        pressure relief stuff can go.

        Reviewed by Antti Koivisto.

        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseMemory):
        (WebCore::MemoryPressureHandler::platformReleaseMemory):
        * platform/MemoryPressureHandler.h:
        * platform/mac/MemoryPressureHandlerMac.mm:
        (WebCore::MemoryPressureHandler::respondToMemoryPressure):
        (WebCore::MemoryPressureHandler::platformReleaseMemory):

2014-03-18  Dean Jackson  <dino@apple.com>

        [WebGL] Destroy EAGLContext's backing store
        https://bugs.webkit.org/show_bug.cgi?id=130439
        <rdar://problem/16295217>

        Reviewed by Tim Horton.

        When a GraphicsContext3D is being destroyed, we should
        also remove any EAGLContext backing store.

        * platform/graphics/mac/GraphicsContext3DMac.mm:
        (WebCore::GraphicsContext3D::~GraphicsContext3D):

2014-03-18  Tim Horton  <timothy_horton@apple.com>

        [iOS][WebKit2] Mark layer contents as being opaque if they are
        https://bugs.webkit.org/show_bug.cgi?id=130427
        <rdar://problem/15540434>

        Reviewed by Simon Fraser.

        * platform/graphics/GraphicsLayerClient.h:
        (WebCore::GraphicsLayerClient::paintsOpaquelyAtNonIntegralScales):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::updateContentsOpaque):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::paintsOpaquelyAtNonIntegralScales):
        * rendering/RenderLayerBacking.h:
        r159463 stopped us from setting layers opaque if they were being painted
        at non-integral scale. This makes sense for compositing layers, which
        are painted by arbitrary elements, but the main frame's RenderView
        will always paint its entire contents. To restore the opaque contents
        optimization to the main frame's tiles, don't de-opaquify layers
        belonging to the main frame's RenderView.

2014-03-18  Jeffrey Pfau  <jpfau@apple.com>

        Unify <media> element callback registration and unregistration
        https://bugs.webkit.org/show_bug.cgi?id=130417

        Reviewed by Eric Carlson.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::~HTMLMediaElement):
        (WebCore::HTMLMediaElement::registerWithDocument):
        (WebCore::HTMLMediaElement::unregisterWithDocument):
        (WebCore::HTMLMediaElement::didMoveToNewDocument):
        * html/HTMLMediaElement.h:

2014-03-18  Jer Noble  <jer.noble@apple.com>

        MediaDocument should set a max-width on its <video> element.
        https://bugs.webkit.org/show_bug.cgi?id=114691

        Reviewed by Eric Carlson.

        Set a style attribute containing max-width:100% and max-height:100% so that large videos
        are entirely visible within the browser window bounds.

        * html/MediaDocument.cpp:
        (WebCore::MediaDocumentParser::createDocumentStructure):

2014-03-18  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        [WebRTC] Fix layering violation in RTCStatsRequest
        https://bugs.webkit.org/show_bug.cgi?id=130426

        Reviewed by Eric Carlson.

        RTCStatsRequest::track() should return a MediaStreamTrackPrivate*.

        No new tests needed.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::getStats):
        * Modules/mediastream/RTCStatsRequestImpl.cpp:
        (WebCore::RTCStatsRequestImpl::create):
        (WebCore::RTCStatsRequestImpl::RTCStatsRequestImpl):
        (WebCore::RTCStatsRequestImpl::track):
        * Modules/mediastream/RTCStatsRequestImpl.h:
        * platform/mediastream/RTCStatsRequest.h:

2014-03-18  Anders Carlsson  <andersca@apple.com>

        Fix a trivial FIXME
        https://bugs.webkit.org/show_bug.cgi?id=130432

        Reviewed by Tim Horton.

        * history/HistoryItem.cpp:
        (WebCore::HistoryItem::encodeBackForwardTreeNode):

2014-03-18  Anders Carlsson  <andersca@apple.com>

        Begin cleaning up KeyedDecoder and KeyedEncoder
        https://bugs.webkit.org/show_bug.cgi?id=130431

        Reviewed by Tim Horton.

        Rename KeyedDecoder::decodeVerifiedEnum to decodeEnum to match the encode function,
        and sort the decode functions to be in the same logical order as the encode functions.

        * Modules/indexeddb/IDBKeyData.cpp:
        (WebCore::IDBKeyData::decode):
        * Modules/indexeddb/IDBKeyPath.cpp:
        (WebCore::IDBKeyPath::decode):
        * platform/KeyedCoding.h:
        (WebCore::KeyedDecoder::decodeEnum):

2014-03-18  Darin Adler  <darin@apple.com>

        Reduce use of deprecatedCharacters in WebCore
        https://bugs.webkit.org/show_bug.cgi?id=130318

        Reviewed by Andreas Kling.

        * Modules/indexeddb/IDBKeyPath.cpp:
        (WebCore::IDBKeyPathLexer::IDBKeyPathLexer): Use StringView for parsing.
        (WebCore::IDBKeyPathLexer::lex): Ditto.
        (WebCore::IDBKeyPathLexer::lexIdentifier): Ditto.

        * Modules/indexeddb/leveldb/IDBLevelDBCoding.cpp:
        (WebCore::IDBLevelDBCoding::encodeString): Index directly into string instead of
        using deprecatedCharacters.

        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
        (WebCore::ThreadableWebSocketChannelClientWrapper::setSubprotocol): Use
        StringView::getCharactersWithUpconvert.
        (WebCore::ThreadableWebSocketChannelClientWrapper::setExtensions): Ditto.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper arrayOfTextForTextMarkers:attributed:]):
        Use operator NSString * instead of explicitly creating an NSString.

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::writeLittleEndianUInt16): Added.
        (WebCore::CloneSerializer::serialize): Added a separate code path for 8-bit strings.
        (WebCore::CloneSerializer::write): Ditto.

        * bindings/objc/WebScriptObject.mm:
        (+[WebScriptObject _convertValueToObjcValue:JSC::originRootObject:rootObject:]):
        Use operator NSString * instead of explicitly creating an NSString.

        * dom/Document.cpp:
        (WebCore::Document::parseQualifiedName): Index directly into string instead of
        using deprecatedCharacters.
        * editing/CompositeEditCommand.cpp:
        (WebCore::containsOnlyWhitespace): Ditto.
        * editing/SmartReplace.cpp:
        (WebCore::addAllCodePoints): Ditto.
        (WebCore::getSmartSet): Use StringView::upconvertedCharacters.

        * editing/TextIterator.cpp:
        (WebCore::foldQuoteMarksAndSoftHyphens): Changed to return a value so it can be
        used in initialization rather than assignment.
        (WebCore::SearchBuffer::SearchBuffer): Use StringView::upconvertedCharacters.

        * editing/TypingCommand.cpp:
        (WebCore::TypingCommand::insertText): Index directly into string instead of using
        deprecatedCharacters.
        * editing/VisiblePosition.cpp:
        (WebCore::VisiblePosition::characterAfter): Ditto.
        * editing/VisibleUnits.cpp:
        (WebCore::startOfParagraph): Ditto.
        (WebCore::endOfParagraph): Ditto.

        * fileapi/WebKitBlobBuilder.cpp:
        (WebCore::BlobBuilder::append): Pass a StringView to TextEncoding::encode.

        * html/BaseDateAndTimeInputType.cpp:
        (WebCore::BaseDateAndTimeInputType::parseToDateComponents): Use
        StringView::upconvertedCharacters.

        * html/FormDataList.cpp:
        (WebCore::FormDataList::appendString): Pass a StringView to TextEncoding::encode.

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::normalizeSpaces): Use StringView::getCharactersWithUpconvert.

        * html/parser/HTMLParserIdioms.cpp:
        (WebCore::stripLeadingAndTrailingHTMLSpaces): Use characters16 for a code path
        that already handled 8-bit characters separately.
        (WebCore::parseHTMLNonNegativeInteger): Ditto.
        (WebCore::parseDescriptors): Added an 8-bit code path.

        * inspector/InspectorStyleSheet.cpp:
        (WebCore::InspectorStyle::newLineAndWhitespaceDelimiters): Index directly into
        string instead of using deprecatedCharacters.
        * inspector/InspectorStyleTextEditor.cpp:
        (WebCore::InspectorStyleTextEditor::insertProperty): Ditto.
        (WebCore::InspectorStyleTextEditor::internalReplaceProperty): Ditto.

        * page/ContentSecurityPolicy.cpp:
        (WebCore::isSourceListNone): Use StringView::upconvertedCharacters.
        (WebCore::CSPSourceList::parse): Ditto.
        (WebCore::NonceDirective::parse): Ditto.
        (WebCore::MediaListDirective::parse): Ditto.
        (WebCore::CSPDirectiveList::parse): Ditto.
        (WebCore::CSPDirectiveList::parseReportURI): Ditto.
        (WebCore::CSPDirectiveList::parseReflectedXSS): Ditto.
        (WebCore::ContentSecurityPolicy::didReceiveHeader): Ditto.

        * page/PageSerializer.cpp:
        (WebCore::PageSerializer::serializeFrame): Pass a StringView into
        TextEncoding::encode.
        (WebCore::PageSerializer::serializeCSSStyleSheet): Ditto.

        * platform/Length.cpp:
        (WebCore::countCharacter): Index directly into string instead of using
        deprecatedCharacters. Also changed to take a StringImpl&.
        (WebCore::newCoordsArray): Ditto. Call countCharacter the new way, and
        use StringView::upconvertedCharacters.
        (WebCore::newLengthArray): Ditto.

        * platform/LinkHash.cpp:
        (WebCore::visitedLinkHash): Use characters16 for the 16-bit path.
        Also removed unused visitedURL function.
        * platform/LinkHash.h: Removed unused visitedURL function.

        * platform/SharedBuffer.cpp:
        (WebCore::utf8Buffer): Added an 8-bit code path.
        * platform/URL.cpp:
        (WebCore::URL::port): Ditto.
        (WebCore::encodeRelativeString): Use StringView to call TextEncoding::encode.

        * platform/graphics/Color.cpp:
        (WebCore::Color::parseHexColor): Use characters16 in the 16-bit path.
        (WebCore::Color::Color): Ditto.

        * platform/graphics/harfbuzz/HarfBuzzFaceCairo.cpp:
        (WebCore::harfBuzzGetGlyph): Use StringView to call TextEncoding::encode.

        * platform/graphics/StringTruncator.cpp:
        (WebCore::centerTruncateToBuffer): Use StringView::getCharactersWithUpconvert.
        (WebCore::rightTruncateToBuffer): Ditto.
        (WebCore::rightClipToCharacterBuffer): Ditto.
        (WebCore::rightClipToWordBuffer): Ditto.
        (WebCore::leftTruncateToBuffer): Ditto.
        (WebCore::truncateString): Ditto.

        * platform/graphics/TextRun.h:
        (WebCore::TextRun::TextRun): Use characters16 in the 16-bit code path.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource):
        Use StringView::upconvertedCharacters.

        * platform/network/DataURL.cpp:
        (WebCore::handleDataURL): Use StringView to call TextEncoding::encode.
        * platform/network/FormDataBuilder.cpp:
        (WebCore::FormDataBuilder::addFilenameToMultiPartHeader): Ditto.

        * platform/sql/SQLiteStatement.cpp:
        (WebCore::SQLiteStatement::bindBlob): Use StringView::upconvertedCharacters.
        (WebCore::SQLiteStatement::bindText): Ditto.

        * platform/text/DecodeEscapeSequences.h:
        (WebCore::Unicode16BitEscapeSequence::decodeRun): Changed to take a StringView.
        (WebCore::URLEscapeSequence::decodeRun): Ditto.
        (WebCore::decodeEscapeSequences): Pass StringView to decodeRun.

        * platform/text/Hyphenation.cpp:
        (WebCore::lastHyphenLocation): Take a StringView.
        * platform/text/Hyphenation.h: Make lastHyphenLocation take a StringView.

        * platform/text/TextBreakIterator.cpp:
        (WebCore::initializeIteratorWithRules): Use StringView::upconvertedCharacters.

        * platform/text/TextEncoding.cpp:
        (WebCore::TextEncoding::encode): Use StringView::upconvertedCharacters.
        Change argument type to StringView.
        * platform/text/TextEncoding.h: Ditto.

        * platform/text/TextEncodingRegistry.cpp:
        (WebCore::atomicCanonicalTextEncodingName): Use characters16 for the 16-bit path.

        * platform/text/cf/HyphenationCF.cpp:
        (WebCore::lastHyphenLocation): Use StringView::text.createCFStringWithoutCopying.
        Change argument type to StringView.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::constructTextRun): Use characters16 for the 16-bit path.

        * rendering/RenderCombineText.cpp:
        (WebCore::RenderCombineText::width): Removed check for null characters pointer,
        since the pointer will never be null, and even if it was there would be no need
        for an early exit.

        * rendering/RenderText.cpp:
        (WebCore::maxWordFragmentWidth): Take a StringView.
        (WebCore::RenderText::computePreferredLogicalWidths): Pass in a StringView.
        * rendering/line/BreakingContextInlineHeaders.h:
        (WebCore::tryHyphenating): Ditto.

        * rendering/svg/SVGTextLayoutEngine.cpp:
        (WebCore::SVGTextLayoutEngine::layoutTextOnLineOrPath): Use
        StringView::upconvertedCharacters.

        * rendering/svg/SVGTextMetrics.cpp:
        (WebCore::SVGTextMetrics::SVGTextMetrics): Use String::substring.

        * svg/SVGAngle.cpp:
        (WebCore::SVGAngle::setValueAsString): Use StringView::upconvertedCharacters.
        * svg/SVGAnimateMotionElement.cpp:
        (WebCore::parsePoint): Ditto.
        * svg/SVGAnimationElement.cpp:
        (WebCore::parseKeySplines): Ditto.
        * svg/SVGFitToViewBox.cpp:
        (WebCore::SVGFitToViewBox::parseViewBox): Ditto.

        * svg/SVGFontData.cpp:
        (WebCore::SVGFontData::applySVGGlyphSelection): Pass StringView to
        createStringWIthMirroredCharacters.
        (WebCore::createStringWithMirroredCharacters): Changed to use StringView and
        use indexing into that instead of a characters pointer.

        * svg/SVGFontData.h: Removed createStringWithMirroredCharacters member function,
        since it has nothing to do with the SVGFontData object. Now it's just a private
        helper function in the SVGFontData.cpp source file.

        * svg/SVGFontElement.cpp:
        (WebCore::SVGFontElement::registerLigaturesInGlyphCache): Index into the string
        instead of using deprecatedCharacters.

        * svg/SVGGlyphMap.h:
        (WebCore::SVGGlyphMap::addGlyph): Use StringView::upconvertedCharacters.
        (WebCore::SVGGlyphMap::collectGlyphsForString): Ditto.
        * svg/SVGGlyphRefElement.cpp:
        (WebCore::SVGGlyphRefElement::parseAttribute): Ditto.
        * svg/SVGLength.cpp:
        (WebCore::SVGLength::setValueAsString): Ditto.
        * svg/SVGLengthList.cpp:
        (WebCore::SVGLengthList::parse): Ditto.
        * svg/SVGNumberList.cpp:
        (WebCore::SVGNumberList::parse): Ditto.
        * svg/SVGParserUtilities.cpp:
        (WebCore::parseNumberFromString): Ditto.
        (WebCore::parseNumberOptionalNumber): Ditto.
        (WebCore::parseRect): Ditto.
        (WebCore::pointsListFromSVGData): Ditto.
        (WebCore::parseGlyphName): Ditto.
        (WebCore::parseKerningUnicodeString): Ditto.
        (WebCore::parseDelimitedString): Ditto.
        * svg/SVGPreserveAspectRatio.cpp:
        (WebCore::SVGPreserveAspectRatio::parse): Ditto.
        * svg/SVGStringList.cpp:
        (WebCore::SVGStringList::parse): Ditto.
        * svg/SVGTransformList.cpp:
        (WebCore::SVGTransformList::parse): Ditto.
        * svg/SVGTransformable.cpp:
        (WebCore::SVGTransformable::parseTransformType): Ditto.
        * svg/SVGViewSpec.cpp:
        (WebCore::SVGViewSpec::parseViewSpec): Ditto.
        * svg/SVGZoomAndPan.h:
        (WebCore::SVGZoomAndPan::parseAttribute): Ditto.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::send): Pass a StringView to TextEncoding::encode.

        * xml/XSLStyleSheetLibxslt.cpp:
        (WebCore::XSLStyleSheet::parseString): Use StringView::upconvertedCharacters.

2014-03-18  Bem Jones-Bey  <bjonesbe@adobe.com>

        LayoutBox is a terrible name
        https://bugs.webkit.org/show_bug.cgi?id=130351

        Reviewed by Simon Fraser.

        Rename LayoutBox to CSSBoxType. Also rename the functions and methods
        that mention "LayoutBox" to something that makes sense for each
        specific situation.

        No new tests, no behavior change.

        * css/BasicShapeFunctions.cpp:
        (WebCore::valueForBasicShape):
        (WebCore::basicShapeForValue):
        * css/CSSBasicShapes.cpp:
        (WebCore::CSSBasicShapeCircle::cssText):
        (WebCore::CSSBasicShapeCircle::equals):
        (WebCore::CSSBasicShapeEllipse::cssText):
        (WebCore::CSSBasicShapeEllipse::equals):
        (WebCore::CSSBasicShapePolygon::cssText):
        (WebCore::CSSBasicShapePolygon::equals):
        (WebCore::CSSBasicShapeInset::cssText):
        * css/CSSBasicShapes.h:
        (WebCore::CSSBasicShape::referenceBox):
        (WebCore::CSSBasicShape::setReferenceBox):
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::shapePropertyValue):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::operator CSSBoxType):
        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::ApplyPropertyClipPath::applyValue):
        (WebCore::ApplyPropertyShape::applyValue):
        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::blendFunc):
        * rendering/ClipPathOperation.h:
        (WebCore::ShapeClipPathOperation::setReferenceBox):
        (WebCore::ShapeClipPathOperation::referenceBox):
        (WebCore::BoxClipPathOperation::create):
        (WebCore::BoxClipPathOperation::referenceBox):
        (WebCore::BoxClipPathOperation::BoxClipPathOperation):
        * rendering/shapes/Shape.cpp:
        (WebCore::Shape::createBoxShape):
        * rendering/shapes/Shape.h:
        * rendering/shapes/ShapeInfo.cpp:
        (WebCore::ShapeInfo<RenderType>::computedShape):
        * rendering/shapes/ShapeInfo.h:
        * rendering/shapes/ShapeInsideInfo.h:
        * rendering/shapes/ShapeOutsideInfo.h:
        * rendering/style/BasicShapes.cpp:
        (WebCore::BasicShape::canBlend):
        * rendering/style/BasicShapes.h:
        (WebCore::BasicShape::referenceBox):
        (WebCore::BasicShape::setReferenceBox):
        (WebCore::BasicShape::BasicShape):
        * rendering/style/RenderStyleConstants.h:
        * rendering/style/ShapeValue.h:
        (WebCore::ShapeValue::createShapeValue):
        (WebCore::ShapeValue::createBoxShapeValue):
        (WebCore::ShapeValue::cssBox):
        (WebCore::ShapeValue::ShapeValue):

2014-03-18  Daniel Bates  <dabates@apple.com>

        REGRESSION (r162334): RenderTableCol::styleDidChange uses out-of-date table information
        https://bugs.webkit.org/show_bug.cgi?id=129561

        Reviewed by Antti Koivisto.

        Test: fast/table/update-col-width-and-remove-table-cell-crash.html

        Fixes an issue where a table column or table column group may query an out-
        of-date model of its associated table as part of its process to propagate
        style changes to affected table cells.

        * rendering/RenderTableCol.cpp:
        (WebCore::RenderTableCol::styleDidChange): Ensure that all sections in the table
        are up-to-date before querying for a table cell.
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::recalcCells): Update comment to read well. In
        particular, remove the reference to RenderTableSection::fillRowsWithDefaultStartingAtPosition()
        as this function was removed in <http://trac.webkit.org/changeset/99919>.
        (WebCore::RenderTableSection::setNeedsCellRecalc): Clear the grid preemptively to
        to ensure that accessors cannot access stale data. We'll build the grid again
        in RenderTableSection::recalcCells().
        (WebCore::RenderTableSection::numColumns): Add ASSERT(!m_needsCellRecalc) to assert
        that the grid cells are up-to-date. That is, we don't need to calculate them again.
        * rendering/RenderTableSection.h: Add ASSERT(!m_needsCellRecalc) or call recalcCellsIfNeeded()
        before accessing the grid to ensure that it's up-to-date.

2014-03-18  Daniel Bates  <dabates@apple.com>

        REGRESSION (r163560): ASSERTION FAILED: childrenInline() in WebCore::RenderSVGText::layout
        https://bugs.webkit.org/show_bug.cgi?id=130346

        Reviewed by Andreas Kling.

        Following <http://trac.webkit.org/changeset/163560>, SVG inline elements may be treated as block-
        level elements depending on their CSS styles (e.g. display: block). But such elements should always
        be treated as inline-level elements.

        Partially revert <http://trac.webkit.org/changeset/164368> as it addressed a similar issue for
        <tspan> and <tref>. Instead we should implement RenderSVGInline::updateFromStyle() to ensure that
        RenderSVGInline and any derived classes (e.g. RenderSVGTSpan) are always treated as inline elements
        regardless of their CSS style because the SVG text layout code depends on this assumption as part
        of a performance optimization. We may want to revaluate the benefits of this optimization with respect
        to code clarity and ensuring the code is less error prone.

        Test: svg/text/a-display-block.html
              svg/text/tref-display-inherit.html

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle): Revert changes from <http://trac.webkit.org/changeset/164368>.
        * rendering/RenderInline.h:
        * rendering/svg/RenderSVGInline.cpp:
        (WebCore::RenderSVGInline::updateFromStyle): Added; ensure that RenderSVGInline and any derived
        classes are treated as inline elements because the SVG text layout code depends on this assumption.
        * rendering/svg/RenderSVGInline.h:

2014-03-18  Hans Muller  <hmuller@adobe.com>

        [CSS Shapes] shape-outside: ellipse(50% 50% at) causes crash
        https://bugs.webkit.org/show_bug.cgi?id=130366

        Reviewed by Andreas Kling.

        The BasicShape ellipse and circle functions now report a syntax error
        if the "at" keyword is not followed by a position.

        The existing parsing tests have been updated to include this case.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseBasicShapeCircle):
        (WebCore::CSSParser::parseBasicShapeEllipse):

2014-03-18  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        Removing MediaStreamVector typedef
        https://bugs.webkit.org/show_bug.cgi?id=130402

        Reviewed by Eric Carlson.

        * Modules/mediastream/MediaStream.h:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::getLocalStreams):
        (WebCore::RTCPeerConnection::getRemoteStreams):
        (WebCore::RTCPeerConnection::getStreamById):
        (WebCore::RTCPeerConnection::hasLocalStreamWithTrackId):
        * Modules/mediastream/RTCPeerConnection.h:

2014-03-18  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r165815.
        https://bugs.webkit.org/show_bug.cgi?id=130410

        Broke many VTT tests (Requested by bfulgham on #webkit).

        Reverted changeset:

        "TextTrackRegion Not Implemented"
        https://bugs.webkit.org/show_bug.cgi?id=116546
        http://trac.webkit.org/changeset/165815

2014-03-18  Renata Hodovan  <rhodovan.u-szeged@partner.samsung.com>

        Bad cast with toRenderBox in WebCore::RenderView::repaintViewRectangle
        https://bugs.webkit.org/show_bug.cgi?id=129104

        Reviewed by Simon Fraser.

        We should not cast the renderer of a RenderView's owner to RenderBox
        unless we are sure it is one.

        Test: plugins/crash-invalid-data-reference.html

        * rendering/RenderView.cpp:
        (WebCore::RenderView::repaintViewRectangle):

2014-03-18  Andreas Kling  <akling@apple.com>

        Micro-optimize element descendant iterator.
        <https://webkit.org/b/130384>

        Add a slightly more efficient ElementDescendantIterator that keeps a stack
        of relevant ancestor siblings instead of walking up the parent chain every
        time we run out of children.

        Reviewed by Antti Koivisto.

        * WebCore.xcodeproj/project.pbxproj:
        * dom/ElementDescendantIterator.h: Added.
        (WebCore::ElementDescendantIterator::ElementDescendantIterator):
        (WebCore::ElementDescendantIterator::operator++):
        (WebCore::ElementDescendantConstIterator::ElementDescendantConstIterator):
        (WebCore::ElementDescendantConstIterator::operator++):
        (WebCore::ElementDescendantIteratorAdapter::ElementDescendantIteratorAdapter):
        (WebCore::ElementDescendantIteratorAdapter::begin):
        (WebCore::ElementDescendantIteratorAdapter::end):
        (WebCore::ElementDescendantConstIteratorAdapter::ElementDescendantConstIteratorAdapter):
        (WebCore::ElementDescendantConstIteratorAdapter::begin):
        (WebCore::ElementDescendantConstIteratorAdapter::end):
        (WebCore::elementDescendants):
        * dom/ElementIterator.h:
        * dom/SelectorQuery.cpp:
        (WebCore::elementsForLocalName):
        (WebCore::anyElement):
        (WebCore::SelectorDataList::executeSingleTagNameSelectorData):
        (WebCore::SelectorDataList::executeSingleClassNameSelectorData):
        (WebCore::SelectorDataList::executeSingleSelectorData):
        (WebCore::SelectorDataList::executeSingleMultiSelectorData):
        (WebCore::SelectorDataList::executeCompiledSimpleSelectorChecker):

2014-03-18  Antti Koivisto  <antti@apple.com>

        Mutating rules returned by getMatchedCSSRules can result in crash
        https://bugs.webkit.org/show_bug.cgi?id=130209

        Reviewed by Andreas Kling.
        
        The non-standard getMatchedCSSRules API returns CSSStyleRule objects that don't
        have parent stylesheet pointer (as we don't know which sheet the rule originated from).
        Mutating the rule via such wrapper can lead to crashes later as we fail to invalidate
        the underlying stylesheet.
        
        Fix by disallowing mutation of style rules that don't have parent sheet pointer. CSSStyleRule
        has two mutable properties selectorText and style. The latter gives back CSSStyleDeclaration.
        This patch disallows mutations in both cases for CSSStyleRules that don't have parent stylesheet
        pointer.
        
        While it is technically possible to have CSSRules that are legitimately disconnected
        from stylesheet (by removing rule from sheet while holding a reference to it) it never
        makes sense to mutate such rule as there is no way to do anything with it afterwards.

        Tests: fast/css/getMatchedCSSProperties-rule-mutation.html
               fast/css/getMatchedCSSRules-crash.html

        * css/CSSStyleRule.cpp:
        (WebCore::CSSStyleRule::setSelectorText):

            Bail out if parent stylesheet is null.

        * css/PropertySetCSSStyleDeclaration.cpp:
        (WebCore::PropertySetCSSStyleDeclaration::setCssText):
        (WebCore::PropertySetCSSStyleDeclaration::setProperty):
        (WebCore::PropertySetCSSStyleDeclaration::removeProperty):
        (WebCore::PropertySetCSSStyleDeclaration::setPropertyInternal):
        
            Allow StyleRuleCSSStyleDeclaration subclass cancel the mutation via
            boolean return value from willMutate.

        (WebCore::StyleRuleCSSStyleDeclaration::willMutate):
        
            Disallow mutation if the owning CSSStyleRule is null or has null stylesheet.

        (WebCore::StyleRuleCSSStyleDeclaration::didMutate):
        
            We never get here with null rule or stylesheet anymore.

        * css/PropertySetCSSStyleDeclaration.h:
        (WebCore::PropertySetCSSStyleDeclaration::willMutate):

2014-03-17  Jeffrey Pfau  <jpfau@apple.com>

        <media> elements are not properly moved to new documents' visibility callback lists
        https://bugs.webkit.org/show_bug.cgi?id=127711

        Reviewed by David Kilzer.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::didMoveToNewDocument):

2014-03-18  Filip Pizlo  <fpizlo@apple.com>

        More FTL enabling.

        Rubber stamped by Dan Bernstein and Mark Hahnenberg.

        No new tests.

        * Configurations/FeatureDefines.xcconfig:

2014-03-18  Brent Fulgham  <bfulgham@apple.com>

        TextTrackRegion Not Implemented
        https://bugs.webkit.org/show_bug.cgi?id=116546

        Reviewed by Eric Carlson.

        Merged from Blink (patch by vcarbune@chromium.org):
        https://chromium.googlesource.com/chromium/blink/+/4940f89a087fea5b5ea628e98d0b355d398a9eea
        http://crbug.com/25798003

        Tests: media/track/regions-webvtt/text-track-region-display.html
               media/track/regions-webvtt/text-track-region-dom-layout.html

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):
        * html/track/LoadableTextTrack.cpp:
        (WebCore::LoadableTextTrack::newRegionsAvailable):
        * html/track/TextTrack.cpp:
        * html/track/TextTrack.h:
        * html/track/TextTrackRegion.cpp:
        (WebCore::TextTrackRegion::TextTrackRegion):
        (WebCore::TextTrackRegion::appendTextTrackCueBox):
        * html/track/TextTrackRegion.h:
        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::VTTCue):
        (WebCore::VTTCue::notifyRegionWhenRemovingDisplayTree):
        (WebCore::VTTCue::removeDisplayTree):
        * html/track/VTTCue.h:
        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::parseBytes):
        (WebCore::WebVTTParser::collectMetadataHeader):
        * html/track/WebVTTParser.h:

2014-03-18  Philippe Normand  <pnormand@igalia.com>

        [GTK] ResourceLoaderSoup.cpp was added by mistake
        https://bugs.webkit.org/show_bug.cgi?id=130396

        Reviewed by Carlos Garcia Campos.

        This file was committed by mistake in r152778 and is not built by
        any port.

        * loader/soup/ResourceLoaderSoup.cpp: Removed.

2014-03-18  Andreas Kling  <akling@apple.com>

        Rename ElementDescendantIterator to TypedElementDescendantIterator.
        Romper-stubbed by Antti "Latte Lung" Koivisto.

        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/ElementDescendantIterator.h: Removed.
        * dom/ElementIterator.h:
        * dom/TypedElementDescendantIterator.h: Added.
        (WebCore::TypedElementDescendantIterator<ElementType>::TypedElementDescendantIterator):
        (WebCore::TypedElementDescendantIterator<ElementType>::operator):
        (WebCore::TypedElementDescendantConstIterator<ElementType>::TypedElementDescendantConstIterator):
        (WebCore::TypedElementDescendantConstIterator<ElementType>::operator):
        (WebCore::TypedElementDescendantIteratorAdapter<ElementType>::TypedElementDescendantIteratorAdapter):
        (WebCore::TypedElementDescendantIteratorAdapter<ElementType>::begin):
        (WebCore::TypedElementDescendantIteratorAdapter<ElementType>::end):
        (WebCore::TypedElementDescendantIteratorAdapter<ElementType>::beginAt):
        (WebCore::TypedElementDescendantIteratorAdapter<ElementType>::from):
        (WebCore::TypedElementDescendantIteratorAdapter<ElementType>::first):
        (WebCore::TypedElementDescendantIteratorAdapter<ElementType>::last):
        (WebCore::TypedElementDescendantConstIteratorAdapter<ElementType>::TypedElementDescendantConstIteratorAdapter):
        (WebCore::TypedElementDescendantConstIteratorAdapter<ElementType>::begin):
        (WebCore::TypedElementDescendantConstIteratorAdapter<ElementType>::end):
        (WebCore::TypedElementDescendantConstIteratorAdapter<ElementType>::beginAt):
        (WebCore::TypedElementDescendantConstIteratorAdapter<ElementType>::from):
        (WebCore::TypedElementDescendantConstIteratorAdapter<ElementType>::first):
        (WebCore::TypedElementDescendantConstIteratorAdapter<ElementType>::last):
        (WebCore::descendantsOfType):

2014-03-18  Ion Rosca  <rosca@adobe.com>

        Add blend mode property to dumped information in GraphicsLayer.
        https://bugs.webkit.org/show_bug.cgi?id=130331

        Reviewed by Simon Fraser.

        Functionality is not changed, therefore no new tests added.
        I adjusted the affected test results generated with layerTreeAsText.

        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::dumpProperties):

2014-03-17  Sergio Villar Senin  <svillar@igalia.com>

        webdatabase: Replace DEPRECATED_DEFINE_STATIC_LOCAL by static NeverDestroyed<T>
        https://bugs.webkit.org/show_bug.cgi?id=130347

        Reviewed by Darin Adler.

        * Modules/webdatabase/DatabaseTracker.cpp:
        (WebCore::DatabaseTracker::openDatabaseMutex):
        (WebCore::notificationMutex):
        (WebCore::notificationQueue):

2014-03-17  Jer Noble  <jer.noble@apple.com>

        Add RemoteCommandListener support to MediaSessionManager.
        https://bugs.webkit.org/show_bug.cgi?id=130354

        Reviewed by Eric Carlson.

        Listen for remote commands in MediaSessionManager.

        * platform/audio/MediaSessionManager.cpp:
        (WebCore::MediaSessionManager::addSession):
        (WebCore::MediaSessionManager::removeSession):
        * platform/audio/MediaSessionManager.h:

        Add RemoteCommandListener to the project files:
        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:

2014-03-17  Ryosuke Niwa  <rniwa@webkit.org>

        Rewrite WebHTMLConverter::_elementHasOwnBackgroundColor in C++
        https://bugs.webkit.org/show_bug.cgi?id=130291

        Reviewed by Andreas Kling.

        Extracted HTMLConverterCaches::elementHasOwnBackgroundColor.

        * platform/mac/HTMLConverter.mm:
        (HTMLConverterCaches::elementHasOwnBackgroundColor):
        (-[WebHTMLConverter _elementHasOwnBackgroundColor:]):

2014-03-17  Ryosuke Niwa  <rniwa@webkit.org>

        Rewrite WebHTMLConverter::_elementIsBlockLevel in C++
        https://bugs.webkit.org/show_bug.cgi?id=130287

        Reviewed by Andreas Kling.

        Rewrote _elementIsBlockLevel as HTMLConverterCaches::isBlockElement. Also removed the code to update
        _elementIsBlockLevel in _traverseNode as computing the value of _elementIsBlockLevel is now fast.

        * platform/mac/HTMLConverter.h:
        * platform/mac/HTMLConverter.mm:
        (HTMLConverterCaches::isBlockElement):
        (-[WebHTMLConverter _elementIsBlockLevel:]):
        (-[WebHTMLConverter _traverseNode:depth:embedded:]):
        (-[WebHTMLConverter dealloc]):
        (-[WebHTMLConverter init]):

2014-03-17  Ryosuke Niwa  <rniwa@webkit.org>

        Rewrite WebHTMLConverter::_getComputedFloat in C++
        https://bugs.webkit.org/show_bug.cgi?id=130284

        Reviewed by Andreas Kling.

        Rewrote _getComputedFloat as HTMLConverterCaches::floatPropertyValueForNode.

        * platform/mac/HTMLConverter.h:
        * platform/mac/HTMLConverter.mm:
        (HTMLConverterCaches::floatPropertyValueForNode):
        (-[WebHTMLConverter _getFloat:forNode:property:]): Now that computing the float value is fast, we don't need to
        store it in the cache.
        (-[WebHTMLConverter dealloc]):
        (-[WebHTMLConverter init]):

2014-03-16  Andreas Kling  <akling@apple.com>

        HTMLInputElement::defaultEventHandler() shouldn't force style updates.
        <https://webkit.org/b/130303>

        Move the updateStyleIfNeeded() call down to TextFieldInputType instead
        of doing it for every HTMLInputEvent.

        There might be a better way to do this; we only want to know about this
        specific element's renderer, and don't need the rest of the tree.
        This is still an easy hack to avoid a lot of unnecessary work.

        Reviewed by Anders Carlsson.

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::defaultEventHandler):
        * html/TextFieldInputType.cpp:
        (WebCore::TextFieldInputType::forwardEvent):

2014-03-17  Brent Fulgham  <bfulgham@apple.com>

        [WebVTT] Extending WebVTT Rendering with Regions
        https://bugs.webkit.org/show_bug.cgi?id=109822

        Reviewed by Eric Carlson.

        Merged from Blink (patch by Victor Carbune vcarbune@chromium.org):
        https://chromium.googlesource.com/chromium/blink/+/0cdebc1d76d41bfcb9c4b022e54a4fbff132225d

        No new tests, as this feature is not active in default builds. New tests will be added
        in an upcoming bug.

        * css/mediaControls.css:
        (video::-webkit-media-text-track-region):
        (video::-webkit-media-text-track-region-container):
        (video::-webkit-media-text-track-region-container.scrolling):
        (video::-webkit-media-text-track-display):
        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateDisplay):
        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::~TextTrack):
        * html/track/TextTrackCue.cpp:
        * html/track/TextTrackRegion.cpp:
        (WebCore::TextTrackRegion::TextTrackRegion):
        (WebCore::TextTrackRegion::textTrackCueContainerScrollingClass):
        (WebCore::TextTrackRegion::textTrackCueContainerShadowPseudoId):
        (WebCore::TextTrackRegion::textTrackRegionShadowPseudoId):
        (WebCore::TextTrackRegion::appendTextTrackCueBox):
        (WebCore::TextTrackRegion::displayLastTextTrackCueBox):
        (WebCore::TextTrackRegion::willRemoveTextTrackCueBox):
        (WebCore::TextTrackRegion::getDisplayTree):
        (WebCore::TextTrackRegion::prepareRegionDisplayTree):
        (WebCore::TextTrackRegion::startTimer):
        (WebCore::TextTrackRegion::stopTimer):
        (WebCore::TextTrackRegion::scrollTimerFired):
        * html/track/TextTrackRegion.h:
        (WebCore::TextTrackRegion::create):
        (WebCore::TextTrackRegion::isScrollingRegion):
        (WebCore::TextTrackRegion::ownerDocument):
        * html/track/TextTrackRegion.idl:
        * html/track/TextTrackRegionList.cpp:
        (WebCore::TextTrackRegionList::getRegionById):
        * html/track/VTTCue.cpp:
        (WebCore::VTTCueBox::applyCSSProperties):
        (WebCore::VTTCue::~VTTCue):
        (WebCore::VTTCue::setIsActive):
        (WebCore::VTTCue::removeDisplayTree):
        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::createNewRegion):
        * rendering/RenderVTTCue.cpp:
        (WebCore::RenderVTTCue::layout):

2014-03-17  Brendan Long  <b.long@cablelabs.com>

        [GStreamer] human readable language code for tracks
        https://bugs.webkit.org/show_bug.cgi?id=124514

        Reviewed by Martin Robinson.

        * PlatformEfl.cmake: Add GSTREAMER_TAG_INCLUDE_DIRS and GSTREAMER_TAG_LIBRARIES.
        * PlatformGTK.cmake: Same.
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
        (WebCore::TrackPrivateBaseGStreamer::getLanguageCode): Run language codes though gst_tag_get_language_code_iso_639_1() to make sure they're valid.
        (WebCore::TrackPrivateBaseGStreamer::notifyTrackOfTagsChanged): Use getLanguageCode() for languages instead of just getTag().

2014-03-17  Ryosuke Niwa  <rniwa@webkit.org>

        [Mac] Rewrite WebHTMLConverter::_computedStringForNode in C++
        https://bugs.webkit.org/show_bug.cgi?id=130274

        Reviewed by Andreas Kling.

        Rewrote WebHTMLConverter::_computedStringForNode as HTMLConverterCaches::propertyValueForNode.

        * platform/mac/HTMLConverter.h: Removed unused caches.
        * platform/mac/HTMLConverter.mm:
        (HTMLConverterCaches::computedStylePropertyForElement): Added use const String& instead of String& on property name.
        (HTMLConverterCaches::inlineStylePropertyForElement): Ditto.
        (HTMLConverterCaches::propertyValueForNode): Renamed and rewritten from _computedStringForNode.
        (-[WebHTMLConverter _stringForNode:property:]): Simply return the computed value instead of storing it in the cache
        now that the computing the value is fast.
        (-[WebHTMLConverter dealloc]):
        (-[WebHTMLConverter init]):

2014-03-17  Andreas Kling  <akling@apple.com>

        Remove unnecessary JSC::Handle null checks in bindings code.
        <https://webkit.org/b/130356>

        Use Handle::slot() directly instead of going through Handle::get().
        This avoids null checking the HandleSlot, which isn't necessary here
        anyway, and the code already assumes it'll never be null.

        Reviewed by Gavin Barraclough.

        * bindings/js/JSCSSRuleListCustom.cpp:
        (WebCore::JSCSSRuleListOwner::isReachableFromOpaqueRoots):
        * bindings/js/JSCSSValueCustom.cpp:
        (WebCore::JSCSSValueOwner::isReachableFromOpaqueRoots):
        (WebCore::JSCSSValueOwner::finalize):
        * bindings/js/JSMutationObserverCustom.cpp:
        (WebCore::JSMutationObserverOwner::isReachableFromOpaqueRoots):
        * bindings/js/JSNodeCustom.cpp:
        (WebCore::JSNodeOwner::isReachableFromOpaqueRoots):
        * bindings/js/JSNodeListCustom.cpp:
        (WebCore::JSNodeListOwner::isReachableFromOpaqueRoots):
        * bindings/js/JSTextTrackCueCustom.cpp:
        (WebCore::JSTextTrackCueOwner::isReachableFromOpaqueRoots):
        * bindings/js/WebCoreTypedArrayController.cpp:
        (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots):
        (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        * bridge/runtime_root.cpp:
        (JSC::Bindings::RootObject::finalize):

2014-03-17  Krzysztof Czech  <k.czech@samsung.com>

        AX: Reducing some code by using helper function ariaElementsFromAttribute
        https://bugs.webkit.org/show_bug.cgi?id=130344

        Reviewed by Chris Fleizach.

        Change visibility of ariaElementsFromAttribute function from private to protected
        so that other classes that derives from AccessibilityRenderObject can use it.

        No new tests. No behaviour change.

        * accessibility/AccessibilityRenderObject.h:
        * accessibility/AccessibilityTableCell.cpp:
        (WebCore::AccessibilityTableCell::columnHeaders):

2014-03-16  Brent Fulgham  <bfulgham@apple.com>

        Provide preference to enable additional AVFoundation options
        https://bugs.webkit.org/show_bug.cgi?id=130275

        Reviewed by Eric Carlson.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::doesHaveAttribute): Added.
        * html/HTMLMediaElement.h:
        * page/Settings.in: Add new attribute.
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::doesHaveAttribute): Added stub to call private player object's
        implementation of doesHaveAttribute.
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayerClient::doesHaveAttribute):
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::MediaPlayerPrivateAVFoundationCF::AVFWrapper::createAssetForURL): Check the <media> object,
        and notify AVFoundationCF to use URI option if relevant.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Check the <media> object,
        and notify AVFoundation to use URI option if relevant.

2014-03-17  Jer Noble  <jer.noble@apple.com>

        [EME] Add NULL protections in SourceBuffer and MediaSource.
        https://bugs.webkit.org/show_bug.cgi?id=130266

        Reviewed by Eric Carlson.

        Add NULL checks in places which may be called after a SourceBuffer has been removed:

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::monitorSourceBuffers): Protect against a SourceBuffer being removed
            (and thus activeSourceBuffers being empty) when monitoring source buffer state.
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::appendBufferTimerFired): Protect against SourceBuffer being removed.
        (WebCore::SourceBuffer::videoTracks): Ditto.
        (WebCore::SourceBuffer::audioTracks): Ditto.
        (WebCore::SourceBuffer::textTracks): Ditto.
        (WebCore::SourceBuffer::setActive): Ditto.
        (WebCore::SourceBuffer::sourceBufferPrivateDidEndStream): Ditto.
        (WebCore::SourceBuffer::hasCurrentTime): Ditto.
        (WebCore::SourceBuffer::canPlayThrough): Ditto.
        (WebCore::SourceBuffer::hasFutureTime): Ditto, and check for an empty buffered ranges.

2014-03-17  Tim Horton  <timothy_horton@apple.com>

        WKThumbnailView should support snapshots
        https://bugs.webkit.org/show_bug.cgi?id=130335
        <rdar://problem/16255139>

        Reviewed by Simon Fraser.

        * WebCore.exp.in:

2014-01-29  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] getComputedStyle() not using author's order when showing named grid lines
        https://bugs.webkit.org/show_bug.cgi?id=127837

        Reviewed by David Hyatt.

        Added a couple of new Vectors to store the names of the grid lines
        respecting their order. They will be used to get the right outcome
        for getComputedStyle().

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::addValuesForNamedGridLinesAtIndex):
        (WebCore::valueForGridTrackList):
        * css/StyleResolver.cpp:
        (WebCore::createGridTrackList):
        (WebCore::StyleResolver::applyProperty):
        * rendering/style/RenderStyle.h:
        * rendering/style/StyleGridData.cpp:
        (WebCore::StyleGridData::StyleGridData):
        * rendering/style/StyleGridData.h:
        (WebCore::StyleGridData::operator==):

2014-03-17  Zsolt Borbely  <borbezs@inf.u-szeged.hu>

        Fix the !ENABLE(PROMISES) build
        https://bugs.webkit.org/show_bug.cgi?id=130328

        Reviewed by Darin Adler.

        Add missing ENABLE(PROMISES) guards.

        * bindings/js/JSDOMPromise.cpp:
        * bindings/js/JSDOMPromise.h:

2014-03-17  Gurpreet Kaur  <k.gurpreet@samsung.com>

        Safari should not render a cell if the <td> is empty
        https://bugs.webkit.org/show_bug.cgi?id=15273

        Reviewed by Darin Adler.

        When table cell has no children and the doctype is not present or not
        correct the border for that cell should not be drawn. Firefox also
        follows the same behaviour hence making the changes to make it similiar
        to Firefox behaviour.

        Tests: fast/table/table-cell-border-doctype.html
               fast/table/table-cell-border-no-doctype.html

        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::paintBoxDecorations):
        Added condition for not drawing the border when table cell has no child
        and doctype.


2014-03-17  Frédéric Wang  <fred.wang@free.fr>

        Fix handling of <annotation> in MathMLTextElement.
        https://bugs.webkit.org/show_bug.cgi?id=124128.

        Reviewed by Darin Adler.

        No new tests.

        * mathml/MathMLTextElement.cpp:
        (WebCore::MathMLTextElement::createElementRenderer): do not create the special RenderMathMLToken for the <annotation> tag.
        (WebCore::MathMLTextElement::childShouldCreateRenderer): only allow text inside <annotation>.

2014-03-17  Martin Robinson  <mrobinson@igalia.com>

        [GTK][CMake] Credential storage is not enabled
        https://bugs.webkit.org/show_bug.cgi?id=130149

        Reviewed by Philippe Normand.

        * PlatformGTK.cmake: Add the libsecret include directories and link line to the build.

2014-03-17  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed.

        Addressing reviewing comments by Darin in bug #130310 that I forgot
        to address before landing the changes in r165732.
        https://bugs.webkit.org/show_bug.cgi?id=130310

        * rendering/InlineTextBox.cpp:
        * rendering/RenderLayer.cpp:
        * rendering/RenderObject.cpp:

2014-03-17  Jessie Berlin  <jberlin@apple.com>

        Speculative build fix for ENABLE(TELEPHONE_NUMBER_DETECTION) after r165724.

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::linkifyPhoneNumbers):

2014-03-17  Zan Dobersek  <zdobersek@igalia.com>

        Only supplement Page with UserMediaController once
        https://bugs.webkit.org/show_bug.cgi?id=130311

        Reviewed by Darin Adler.

        Don't supplement the Page with an UserMediaController object if that Page was
        already supplemented with one. This avoids triggering an assertion in
        Supplementable::provideSupplement() that ensures no supplement with the same key
        exists yet. The cause of this is calling provideUserMediaTo() in the Internals
        constructor that's using the same Page for two subsequent tests.

        * Modules/mediastream/UserMediaController.cpp:
        (WebCore::provideUserMediaTo):

2014-03-17  Zan Dobersek  <zdobersek@igalia.com>

        Explicitly include cstdio header for debug builds in InlineTextBox, RenderLayer, RenderObject
        https://bugs.webkit.org/show_bug.cgi?id=130310

        Reviewed by Darin Adler.

        Building the GTK port with Clang through CMake falls into a configuration where
        the cstdio header is not indirectly included in InlineTextBox, RenderLayer and
        RenderObject source files. fprintf() is required for helper functions that print
        out helpful debugging information in debug builds, so the cstdio header should
        be included explicitly in that case.

        * rendering/InlineTextBox.cpp:
        * rendering/RenderLayer.cpp:
        * rendering/RenderObject.cpp:

2014-03-17  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Cleanup WebKitDOMObject
        https://bugs.webkit.org/show_bug.cgi?id=130246

        Reviewed by Martin Robinson.

        Remove unneeded getter and fix coding style.

        * bindings/gobject/WebKitDOMObject.cpp:
        (webkitDOMObjectSetProperty):
        (webkit_dom_object_class_init):

2014-03-17  Darin Adler  <darin@apple.com>

        Stop using deprecatedCharacters in HTMLTreeBuilder
        https://bugs.webkit.org/show_bug.cgi?id=130323

        Reviewed by Andreas Kling.

        Keeping this separate from other patches because of concern that this could affect
        page load performance.

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::ExternalCharacterTokenBuffer):
        Use a StringView instead of a character pointer.
        (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::isEmpty): Ditto.
        (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::skipAtMostOneLeadingNewline):
        Ditto.
        (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::takeRemaining): Ditto.
        (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::giveRemainingTo): Ditto.
        (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::takeRemainingWhitespace): Ditto.
        (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::skipLeading): Ditto.
        (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::takeLeading): Ditto.
        (WebCore::HTMLTreeBuilder::linkifyPhoneNumbers): Use StringView::upconvertedCharacters.

2014-03-17  Jinwoo Song  <jinwoo7.song@samsung.com>

        Make some Module class constructors return PassRef.
        https://bugs.webkit.org/show_bug.cgi?id=130282

        Reviewed by Andreas Kling.

        Make the constructor helpers for the following classes return PassRef
        instead of PassRefPtr since they will never return null.
         - GamepadList
         - Geolocation
         - NavigatorContentUtils
         - NetworkInfoConnection
         - Notification
         - NotificationCenter
         - DeviceProximityEvent

        * Modules/gamepad/GamepadList.h:
        (WebCore::GamepadList::create):
        * Modules/geolocation/Geolocation.cpp:
        (WebCore::Geolocation::create):
        * Modules/geolocation/Geolocation.h:
        (WebCore::Geolocation::GeoNotifier::create):
        * Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
        (WebCore::NavigatorContentUtils::create):
        * Modules/navigatorcontentutils/NavigatorContentUtils.h:
        * Modules/networkinfo/NetworkInfoConnection.cpp:
        (WebCore::NetworkInfoConnection::create):
        * Modules/networkinfo/NetworkInfoConnection.h:
        * Modules/notifications/Notification.cpp:
        (WebCore::Notification::create):
        * Modules/notifications/Notification.h:
        * Modules/notifications/NotificationCenter.cpp:
        (WebCore::NotificationCenter::create):
        * Modules/notifications/NotificationCenter.h:
        * Modules/proximity/DeviceProximityEvent.h:
        (WebCore::DeviceProximityEvent::create):

2014-03-16  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions]Do not compute region range for a box unless the parent has one
        https://bugs.webkit.org/show_bug.cgi?id=130249

        Reviewed by Andrei Bucur.

        If the containing block does not have a region range computed, do not attempt to compute
        a region range for a child. In such cases, the range computation for a child can lead to
        a result that is wrong, possibly leading to an incorrect clipping.

        Test: fast/regions/inline-block-flowed-in-regions.html

        * rendering/RenderBlock.cpp:
        (WebCore::canComputeRegionRangeForBox):
        (WebCore::RenderBlock::computeRegionRangeForBoxChild):
        (WebCore::RenderBlock::estimateRegionRangeForBoxChild):
        (WebCore::RenderBlock::updateRegionRangeForBoxChild):
        * rendering/RenderFlowThread.h:

2014-03-16  Andreas Kling  <akling@apple.com>

        CSSValueList should assert that no null values are added to it.
        <https://webkit.org/b/130315>

        Add assertions in CSSValueList's append() and prepend() that we are
        not adding a null value. This caught a single place in CSSParser
        that was appending an alread-released RefPtr to a CSSValueList.
        That list was eventually discarded anyway (due to "foundClip" now
        being true), so the fix is simply to remove the adding.

        Eventually we should use Ref and PassRef all over for CSSValueList,
        this is just a first step on the way.

        Reviewed by Darin Adler.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseFillShorthand):
        * css/CSSValueList.h:
        (WebCore::CSSValueList::append):
        (WebCore::CSSValueList::prepend):

2014-03-16  Praveen R Jadhav  <praveen.j@samsung.com>

        AudioBufferSourceNode stop attribute shouldn't throw exception in finished state.
        https://bugs.webkit.org/show_bug.cgi?id=130000.

        Reviewed by Jer Noble.

        AudioBufferSourceNode may go to FINISHED_STATE even before "stop" method is called 
        as silence rendered after audio data is played out when its not looping.
        A call to "stop" method after this shouldn't throw exception.

        * Modules/webaudio/AudioScheduledSourceNode.cpp:
        (WebCore::AudioScheduledSourceNode::stop):

2014-03-16  Brian Burg  <bburg@apple.com>

        Web Inspector: generated backend commands should reflect build system ENABLE settings
        https://bugs.webkit.org/show_bug.cgi?id=130111

        Reviewed by Timothy Hatcher.

        Add guards for conditional inspector domains.

        For Makefile-based build systems, force regeneration of the
        combined file if the list of domains has changed.

        Combine only the Inspector domains listed in INSPECTOR_DOMAINS,
        instead of globbing any .json file.

        * CMakeLists.txt:
        * DerivedSources.make:
        * GNUmakefile.am:

2014-03-16  David Kilzer  <ddkilzer@apple.com>

        Follow-up: Double values passed to fabsf() in maxScaleFromTransform()
        <http://webkit.org/b/130297>

        Reviewed by Darin Adler.

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::maxScaleFromTransform): Use narrowPrecisionToFloat()
        instead of static_cast<float>().

2014-03-16  Andreas Kling  <akling@apple.com>

        ScriptExecutionContext::vm() should return a reference.
        <https://webkit.org/b/129611>

        Every ScriptExecutionContext has a VM, so this can never return null.
        Made WorkerScriptController::vm() return a reference as well, since
        that was needed for this change.

        Reviewed by Geoffrey Garen.

        * bindings/js/WorkerScriptController.h:
        (WebCore::WorkerScriptController::vm):
        * bindings/js/WorkerScriptDebugServer.cpp:
        (WebCore::WorkerScriptDebugServer::recompileAllJSFunctions):
        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::ruleMatches):
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::vm):
        * dom/ScriptExecutionContext.h:
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorDataList::execute):
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::createImageBuffer):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::dropProtection):
        * testing/Internals.cpp:
        (WebCore::Internals::parserMetaData):

2014-03-16  Zan Dobersek  <zdobersek@igalia.com>

        Remove OwnPtr.h, PassOwnPtr.h header inclusions in Source/WebCore/html/parser/ code
        https://bugs.webkit.org/show_bug.cgi?id=129667

        Reviewed by Anders Carlsson.

        Remove unnecessary inclusions of the OwnPtr.h and PassOwnPtr.h headers
        in the code under Source/WebCore/html/parser/.

        * html/parser/HTMLParserScheduler.h:
        * html/parser/HTMLToken.h:
        * html/parser/HTMLTreeBuilder.h:
        * html/parser/XSSAuditor.h:
        * html/parser/XSSAuditorDelegate.h:

2014-03-16  Darin Adler  <darin@apple.com>

        Remove uses of "cat" in DerivedSources.make outside platform-specific rules
        https://bugs.webkit.org/show_bug.cgi?id=130307

        Reviewed by Anders Carlsson.

        * DerivedSources.make: Use "perl -pe ''" instead of "cat".

2014-03-16  Brian Burg  <bburg@apple.com>

        Web Inspector: vended backend commands file should be generated as part of the build
        https://bugs.webkit.org/show_bug.cgi?id=130110

        Reviewed by Timothy Hatcher.

        * WebCore.xcodeproj/project.pbxproj: Copy InspectorWebBackendCommands.js to the
        private headers directory.

2014-03-16  Frédéric Wang  <fred.wang@free.fr>

        [regression] foreign content not displayed in MathML
        <https://webkit.org/b/124128>

        Reviewed by Chris Fleizach.

        This restores foreign content in <mtext>, <mn> and <mi> elements, but only when it is "phrasing content" as defined per the HTML5 specification. Other token elements are not handled here. This change makes mspace-units.html work again on Linux.

        Tests: mathml/presentation/foreign-mi-dynamic.html
               mathml/presentation/foreign-mi.html
               mathml/presentation/foreign-mn.html
               mathml/presentation/foreign-mtext-rejected.html
               mathml/presentation/foreign-mtext.html

        * mathml/MathMLTextElement.cpp:
        (WebCore::MathMLTextElement::createElementRenderer): create a RenderMathMLToken for mn, ms and mtext.
        (WebCore::isPhrasingContent): helper function to check phrasing content, as defined by the HTML spec.
        (WebCore::MathMLTextElement::childShouldCreateRenderer): <mi>, <mn>, <mtext> and, <ms> now accepts phrasing content.
        * rendering/mathml/RenderMathMLToken.cpp:
        (WebCore::RenderMathMLToken::RenderMathMLToken):
        (WebCore::RenderMathMLToken::updateTokenContent): initialize the m_containsElement boolean when updating the token content.
        (WebCore::RenderMathMLToken::updateStyle): move <mi> specific handling in its own section and only apply the single-char rule when it does not contain elements.
        * rendering/mathml/RenderMathMLToken.h: add an m_containsElement boolean to handle token element specifically.

2014-03-16  David Kilzer  <ddkilzer@apple.com>

        PlatformTimeRanges::nearest() truncates closestDelta values from double to float
        <http://webkit.org/b/130298>

        Reviewed by Darin Adler.

        Fixes the following build failures using trunk clang:

            WebCore/platform/graphics/PlatformTimeRanges.cpp:210:28: error: absolute value function 'fabsf' given an argument of type 'double' but has parameter of type 'float' which may cause truncation of value [-Werror,-Wabsolute-value]
                        closestDelta = fabsf(startTime - time);
                                       ^
            WebCore/platform/graphics/PlatformTimeRanges.cpp:210:28: note: use function 'fabs' instead
                        closestDelta = fabsf(startTime - time);
                                       ^~~~~
                                       fabs
            WebCore/platform/graphics/PlatformTimeRanges.cpp:214:28: error: absolute value function 'fabsf' given an argument of type 'double' but has parameter of type 'float' which may cause truncation of value [-Werror,-Wabsolute-value]
                        closestDelta = fabsf(endTime - time);
                                       ^
            WebCore/platform/graphics/PlatformTimeRanges.cpp:214:28: note: use function 'fabs' instead
                        closestDelta = fabsf(endTime - time);
                                       ^~~~~
                                       fabs

        * platform/graphics/PlatformTimeRanges.cpp:
        (WebCore::PlatformTimeRanges::nearest): Extract start and end
        time deltas into local variables so they don't have to be
        computed twice, using fabs() instead of fabsf().

2014-03-16  Darin Adler  <darin@apple.com>

        Optimize hasTagName when called on an HTMLElement
        https://bugs.webkit.org/show_bug.cgi?id=130090

        Reviewed by Antti Koivisto.

        Added new hasTagName functions that have the efficiency of hasLocalName.
        but are safe.

        Now we can always use hasTagName, and we'll get a compile time error if
        we try to use an SVG tag name with an HTML element. All call sites that
        use the more specific tag name types are more efficient, and call sites
        that have a specific pointer type will get even more efficient checking
        that is exactly what we used to get by calling hasLocalName.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::hasTagName): Cast explicitly to Element
        since Node::hasTagName no longer works on a general QualifiedName.
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::isDescendantOfElementType): Use
        more specific type, RenderElement, so we can call hasTagName on Element
        instead of Node; eliminates an unnecessary branch.

        * accessibility/AccessibilityTableColumn.cpp: Added now-needed include.
        * accessibility/atk/AccessibilityObjectAtk.cpp: Ditto.

        * dom/DocumentStyleSheetCollection.cpp:
        (WebCore::DocumentStyleSheetCollection::collectActiveStyleSheets): Use
        new for loop and full words for variable names. Also use nullptr instead
        of 0. Call toHTMLElement and toSVGElement in code that checks hasTagName
        since it's already checking isHTMLElement and isSVGElement.

        * dom/Element.cpp:
        (WebCore::attrNodeListMap): Use NeverDestroyed and put the vectors into
        the map rather than putting pointers to a vector into the map.
        (WebCore::attrNodeListForElement): Take a reference rather than a pointer,
        and update for the change above.
        (WebCore::ensureAttrNodeListForElement): Ditto.
        (WebCore::removeAttrNodeListForElement): Ditto.
        (WebCore::findAttrNodeInList): Ditto.
        (WebCore::Element::isFocusable): Use lineageOfType<HTMLCanvasElement>
        to fine the canvas rather than a hand-written loop.
        (WebCore::Element::attrNodeList): Update for above changes.
        (WebCore::Element::setAttributeNode): Ditto.
        (WebCore::Element::attrIfExists): Ditto.
        (WebCore::Element::ensureAttr): Ditto.
        (WebCore::Element::detachAttrNodeFromElementWithValue): Ditto.
        (WebCore::Element::detachAllAttrNodesFromElement): Ditto.

        * dom/Element.h: Removed the overload of hasLocalName that takes a
        QualifiedName and ignores the non-local-name parts of it. Callers should
        use hasTagName instead, now that it's optimized appropriately. Added
        overloads of hasTagName for all the specific qualified name types. It's
        more efficient to use the Node versions of these functions rather than
        using QualifiedName::matches to do the check. Removed the hasTagName and
        hasLocalName functions from the Node class; the only convenience functions
        needed in Node are the specific checks for tags from HTML, MathML, and SVG,
        not the general purpose ones.

        * dom/Node.h: Removed hasLocalName and replaced the single hasTagName
        that takes a QualifiedName with three faster ones that take HTML, MathML,
        and SVG qualified names instead. Also updated to use nullptr instead of 0.

        * dom/PositionIterator.cpp: Added now-needed include.
        * dom/Text.cpp: Ditto.

        * dom/make_names.pl:
        (printHeaderHead): Renamed an argument for clarity and added a definitions
        argument, which is where we insert the classes derived from QualifiedName.
        (printCppHead): Renamed an argument for clarity.
        (printTypeHelpers): Use hasTagName rather than hasLocalName, since the
        former is now optimized to be the same as what the latter was.
        (printNamesHeaderFile): Define a class derived from QualifiedName that can
        be used at compile time to avoid having to check the namespace.
        (printNamesCppFile): Use the new more-specific type as needed.

        * editing/ApplyStyleCommand.cpp:
        (WebCore::isLegacyAppleStyleSpan): Use hasTagName instead of hasLocalName,
        and references instead of pointers.
        (WebCore::ApplyStyleCommand::ApplyStyleCommand): Removed uneeded explicit
        construction of a smart pointer.
        (WebCore::ApplyStyleCommand::shouldApplyInlineStyleToRun): Updated to use
        the enclosingElementWithTag function by its new name.

        * editing/Editor.cpp:
        (WebCore::Editor::selectionUnorderedListState): Updated to use the
        enclosingElementWithTag function by its new name.
        (WebCore::Editor::selectionOrderedListState): Ditto.

        * editing/InsertListCommand.cpp:
        (WebCore::InsertListCommand::doApply): Use a more-specific type for the list tag.
        (WebCore::InsertListCommand::doApplyForSingleParagraph): Ditto.
        * editing/InsertListCommand.h: Ditto.

        * editing/MarkupAccumulator.cpp:
        (WebCore::MarkupAccumulator::serializeNodesWithNamespaces): Added an explicit
        cast to Element in the loop that is already guarded by an isElementNode check.
        Also use a modern C++ for loop.

        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):
        Updated to use the enclosingElementWithTag function by its new name.
        (WebCore::ReplaceSelectionCommand::removeUnrenderedTextNodesAtEnds): Ditto.
        (WebCore::ReplaceSelectionCommand::positionAtEndOfInsertedContent): Ditto.

        * editing/TypingCommand.cpp: Added now-needed includes.
        * editing/VisibleUnits.cpp: Ditto.

        * editing/htmlediting.cpp:
        (WebCore::enclosingElementWithTag): Changed to return an Element instead of a Node,
        since nodes other than elements do not have tags.
        * editing/htmlediting.h: Ditto.

        * editing/mac/EditorMac.mm:
        (WebCore::Editor::adjustedSelectionRange): Updated to use the enclosingElementWithTag
        function by its new name.
        * editing/markup.cpp:
        (WebCore::StyledMarkupAccumulator::appendText): Ditto.
        (WebCore::StyledMarkupAccumulator::traverseNodesForSerialization): Ditto.
        (WebCore::highestAncestorToWrapMarkup): Ditto.
        (WebCore::createMarkupInternal): Ditto.
        (WebCore::createContextualFragment): Ditto. Use hasTagName instead of hasLocalName,
        since the former is now optimized to be the same as the latter was before.

        * html/HTMLCollection.cpp:
        (WebCore::isMatchingElement): Use hasTagName instead of hasLocalName,
        since the former is now optimized to be the same as the latter was before.
        (WebCore::nameShouldBeVisibleInDocumentAll): Ditto.
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::ieForbidsInsertHTML): Ditto.
        (WebCore::unicodeBidiAttributeForDirAuto): Ditto.
        (WebCore::HTMLElement::parseBorderWidthAttribute): Ditto.
        (WebCore::HTMLElement::setInnerHTML): Ditto.
        (WebCore::shouldProhibitSetInnerOuterText): Ditto. Added this to share code between
        setInnerText and setOuterText.
        (WebCore::HTMLElement::setInnerText): Ditto.
        (WebCore::HTMLElement::setOuterText): Ditto.
        (WebCore::HTMLElement::rendererIsNeeded): Ditto.
        (WebCore::HTMLElement::createElementRenderer): Ditto.

        * html/HTMLElement.h: Added hasTagName, which hides the one inherited from Element
        and takes the more-specific HTMLQualifiedName type. This means we don't need to check
        the namespace at runtime because it's known at compile time. Also put the
        implementation of Node::hasTagName for HTMLQualifiedName into this header.

        * html/HTMLObjectElement.cpp:
        (WebCore::isRecognizedTagName): Updated for change in return type of
        HTMLNames::getHTMLTags.

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::add): Use hasTagName inastead of hasLocalName.
        (WebCore::HTMLSelectElement::value): Use isHTMLOptionElement instead of hasTagName.
        Also use a new style for loop and emptyString() instead of "".
        (WebCore::HTMLSelectElement::setValue): Ditto.
        (WebCore::HTMLSelectElement::setLength): Ditto.
        (WebCore::HTMLSelectElement::searchOptionsForValue): Ditto.
        (WebCore::HTMLSelectElement::restoreFormControlState): Ditto.

        * html/HTMLTableColElement.cpp:
        (WebCore::HTMLTableColElement::additionalPresentationAttributeStyle): Use hasTagName
        instead of hasLocalName.

        * html/HTMLTableRowsCollection.cpp:
        (WebCore::isInSection): Updated to use hasTagName and take a reference.
        (WebCore::HTMLTableRowsCollection::rowAfter): Pass a reference.

        * html/parser/HTMLConstructionSite.cpp: Added now-needed include.

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::createCaseMap): Updated to return a map rather than filling one in, and to
        be flxible about the type of the table being used.
        (WebCore::adjustSVGTagNameCase): Updated to use NeverDestroyed.
        (WebCore::adjustAttributes): Added new helper so we can share more code. Updated
        template argument names for clarity.
        (WebCore::adjustSVGAttributes): Marked this inline, since it just turns around and
        calls a single non-inline function.
        (WebCore::adjustMathMLAttributes): Ditto.
        (WebCore::addNamesWithPrefix): Changed to take argument by reference instead of pointer.
        (WebCore::createForeignAttributesMap): Added. Factors out the map creation from the
        function below.
        (WebCore::adjustForeignAttributes): Updated for above changes.
        (WebCore::HTMLTreeBuilder::processStartTagForInBody): Updated to pass reference.
        (WebCore::HTMLTreeBuilder::processTokenInForeignContent): Ditto.

        * inspector/InspectorStyleSheet.cpp: Added now-needed include.

        * mathml/MathMLElement.h: Added hasTagName, which hides the one inherited from Element
        and takes the more-specific MathMLQualifiedName type. This means we don't need to check
        the namespace at runtime because it's known at compile time. Also put the
        implementation of Node::hasTagName for MathMLQualifiedName into this header.

        * mathml/MathMLInlineContainerElement.cpp:
        (WebCore::MathMLInlineContainerElement::createElementRenderer): Use hasTagName.

        * mathml/MathMLSelectElement.cpp:
        (WebCore::MathMLSelectElement::attributeChanged): Use hasTagName.
        (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex): Ditto.
        (WebCore::MathMLSelectElement::getSelectedActionChild): Ditto.
        (WebCore::MathMLSelectElement::getSelectedSemanticsChild): Ditto.
        (WebCore::MathMLSelectElement::updateSelectedChild): Ditto.
        * mathml/MathMLTextElement.cpp:
        (WebCore::MathMLTextElement::createElementRenderer): Ditto.
        (WebCore::MathMLTextElement::childShouldCreateRenderer): Ditto.

        * platform/gtk/PasteboardGtk.cpp: Added now-needed include.
        * platform/mac/HTMLConverter.mm: Ditto.
        * rendering/RenderBlockFlow.cpp: Ditto.

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended): Use hasTagName.
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::rendererForRootBackground): Ditto.
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::isSimpleContainerCompositingLayer): Ditto.

        * rendering/RenderReplaced.cpp: Added now-needed include.

        * rendering/mathml/RenderMathMLScripts.cpp:
        (WebCore::RenderMathMLScripts::RenderMathMLScripts): Use hasTagName.
        * rendering/mathml/RenderMathMLUnderOver.cpp:
        (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver): Ditto.

        * svg/SVGElement.h: Added hasTagName, which hides the one inherited from Element
        and takes the more-specific SVGQualifiedName type. This means we don't need to check
        the namespace at runtime because it's known at compile time. Also put the
        implementation of Node::hasTagName for SVGQualifiedName into this header.

        * svg/SVGFontFaceSrcElement.cpp:
        (WebCore::SVGFontFaceSrcElement::childrenChanged): Use isSVGFontFaceElement instead
        of calling hasTagName.

        * svg/SVGUseElement.cpp:
        (WebCore::isDirectReference): Changed to take a reference and a more specific type.
        (WebCore::SVGUseElement::toClipPath): Added a type cast.
        (WebCore::SVGUseElement::rendererClipChild): Use more specific types so we don't
        need a type cast.

        * xml/parser/XMLDocumentParser.cpp:
        (WebCore::XMLDocumentParser::parseDocumentFragment): Added explicit calls to this
        unusual call site that has a good reason to use hasLocalName instead of hasTagName.

2014-03-16  Andreas Kling  <akling@apple.com>

        Stop pulling in JSDOMBinding.h via JSEventListener.h
        <https://webkit.org/b/130299>

        Just chippin' away at the compile time monster.

        Reviewed by Darin Adler.

        * bindings/js/IDBBindingUtilities.cpp:
        * bindings/js/JSEventListener.h:

2014-03-16  David Kilzer  <ddkilzer@apple.com>

        Double values passed to fabsf() in maxScaleFromTransform()
        <http://webkit.org/b/130297>

        Reviewed by Darin Adler.

        Fixes the following build failures using trunk clang:

            WebCore/platform/graphics/ca/GraphicsLayerCA.cpp:287:21: error: absolute value function 'fabsf' given an argument of type 'double' but has parameter of type 'float' which may cause truncation of value [-Werror,-Wabsolute-value]
                return std::max(fabsf(decomposeData.scaleX), fabsf(decomposeData.scaleY));
                                ^
            WebCore/platform/graphics/ca/GraphicsLayerCA.cpp:287:21: note: use function 'fabs' instead
                return std::max(fabsf(decomposeData.scaleX), fabsf(decomposeData.scaleY));
                                ^~~~~
                                fabs
            WebCore/platform/graphics/ca/GraphicsLayerCA.cpp:287:50: error: absolute value function 'fabsf' given an argument of type 'double' but has parameter of type 'float' which may cause truncation of value [-Werror,-Wabsolute-value]
                return std::max(fabsf(decomposeData.scaleX), fabsf(decomposeData.scaleY));
                                                             ^
            WebCore/platform/graphics/ca/GraphicsLayerCA.cpp:287:50: note: use function 'fabs' instead
                return std::max(fabsf(decomposeData.scaleX), fabsf(decomposeData.scaleY));
                                                             ^~~~~
                                                             fabs

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::maxScaleFromTransform): Use static_cast<float>() to
        convert float values to double values.

2014-03-15  Zalan Bujtas  <zalan@apple.com>

        Move BorderEdge class to its own file.
        https://bugs.webkit.org/show_bug.cgi?id=130294

        Reviewed by Sam Weinig.

        This is in preparation to have better encapsulation for border box decoration painting.

        No change in functionality.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/BorderEdge.cpp: Added.
        (WebCore::BorderEdge::BorderEdge):
        (WebCore::BorderEdge::getBorderEdgeInfo):
        (WebCore::BorderEdge::includesAdjacentEdges):
        (WebCore::BorderEdge::obscuresBackgroundEdge):
        (WebCore::BorderEdge::obscuresBackground):
        (WebCore::BorderEdge::getDoubleBorderStripeWidths):
        * rendering/BorderEdge.h: Added.
        (WebCore::BorderEdge::edgeFlagForSide):
        (WebCore::BorderEdge::includesEdge):
        (WebCore::BorderEdge::edgesShareColor):
        (WebCore::BorderEdge::hasVisibleColorAndStyle):
        (WebCore::BorderEdge::shouldRender):
        (WebCore::BorderEdge::presentButInvisible):
        (WebCore::BorderEdge::widthForPainting):
        (WebCore::BorderEdge::borderWidthInDevicePixel):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::borderStyleHasUnmatchedColorsAtCorner):
        (WebCore::colorsMatchAtCorner):
        (WebCore::colorNeedsAntiAliasAtCorner):
        (WebCore::willBeOverdrawn):
        (WebCore::joinRequiresMitre):
        (WebCore::RenderBoxModelObject::paintBorderSides):
        (WebCore::RenderBoxModelObject::paintTranslucentBorderSides):
        (WebCore::RenderBoxModelObject::paintBorder):
        (WebCore::RenderBoxModelObject::borderObscuresBackgroundEdge):
        (WebCore::RenderBoxModelObject::borderObscuresBackground):
        * rendering/RenderBoxModelObject.h:

2014-03-15  Martin Robinson  <mrobinson@igalia.com>

        Fix WebCore unused parameter warnings for WebKitGTK+ CMake build
        https://bugs.webkit.org/show_bug.cgi?id=130252

        Reviewed by Carlos Garcia Campos.

        * Modules/mediastream/HTMLMediaElementMediaStream.cpp: Fix unused parameters.
        * html/RangeInputType.cpp: Ditto.
        * page/gtk/EventHandlerGtk.cpp: Ditto.
        * platform/graphics/cairo/GraphicsContextCairo.cpp: Ditto.
        * platform/graphics/gstreamer/WebKitMediaSourceGStreamer.cpp: Ditto.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp: Ditto.
        * platform/graphics/opengl/Extensions3DOpenGLES.cpp: Ditto.
        * platform/gtk/GamepadsGtk.cpp: Ditto.
        * platform/gtk/GtkClickCounter.cpp: Ditto.
        * platform/gtk/GtkPopupMenu.cpp: Ditto.
        * platform/gtk/GtkTouchContextHelper.cpp: Ditto.
        * platform/gtk/GtkVersioning.c: Ditto.
        * platform/gtk/MainFrameScrollbarGtk.cpp: Ditto.
        * platform/gtk/PasteboardGtk.cpp: Ditto.
        * platform/gtk/PasteboardHelper.cpp: Ditto.
        * platform/gtk/RedirectedXCompositeWindow.cpp: Ditto.
        * platform/gtk/RenderThemeGtk.cpp: Ditto.
        * platform/gtk/RenderThemeGtk.h: Ditto.
        * platform/gtk/RenderThemeGtk2.cpp: Ditto.
        * platform/gtk/ScrollbarThemeGtk.cpp: Ditto.
        * platform/gtk/ScrollbarThemeGtk2.cpp: Ditto.
        * platform/gtk/WidgetGtk.cpp: Ditto.
        * platform/network/gtk/CredentialBackingStore.cpp: Ditto.
        * platform/soup/SharedBufferSoup.cpp: Ditto.
        * plugins/gtk/PluginViewGtk.cpp: Ditto.
        * plugins/gtk/gtk2xtbin.c: Ditto.
        * rendering/InlineTextBox.cpp: Ditto.

2014-03-14  Myles C. Maxfield  <mmaxfield@apple.com>

        RenderTextControl::hasValidAvgCharWidth doesn't detect System Font
        https://bugs.webkit.org/show_bug.cgi?id=130168

        Reviewed by Dean Jackson.

        No new tests.

        * platform/graphics/Font.cpp: Moved functions from RenderTextControl
        (WebCore::Font::hasValidAverageCharWidth):
        (WebCore::Font::fastAverageCharWidthIfAvailable):
        * platform/graphics/Font.h:
        * rendering/RenderTextControl.cpp: Moved functions to Font.cpp
        (WebCore::RenderTextControl::getAverageCharWidth): Removed redundant function argument
        (WebCore::RenderTextControl::computeIntrinsicLogicalWidths):
        * rendering/RenderTextControl.h:
        * rendering/RenderTextControlMultiLine.cpp:
        (WebCore::RenderTextControlMultiLine::getAverageCharWidth): Removed redundant function argument
        * rendering/RenderTextControlMultiLine.h:
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::getAverageCharWidth): Removed redundant function argument
        (WebCore::RenderTextControlSingleLine::preferredContentLogicalWidth):
        * rendering/RenderTextControlSingleLine.h:

2014-03-15  David Kilzer  <ddkilzer@apple.com>

        [iOS] Define SYSTEM_VERSION_PREFIX consistently
        <http://webkit.org/b/130293>
        <rdar://problem/15926359>

        Reviewed by Dan Bernstein.

        * Configurations/Version.xcconfig:
        (SYSTEM_VERSION_PREFIX_iphoneos): Sync with
        Source/WebKit/mac/Version.xcconfig.

2014-03-14  Mark Rowe  <mrowe@apple.com>

        Fix the production build.

        Don't rely on USE_INTERNAL_SDK being set for the Production configuration since UseInternalSDK.xcconfig won't
        be at the expected relative path when working from installed source.

        * Configurations/Base.xcconfig:

2014-03-14  Maciej Stachowiak  <mjs@apple.com>

        Replace "Apple Computer, Inc." with "Apple Inc." in copyright headers
        https://bugs.webkit.org/show_bug.cgi?id=130276
        <rdar://problem/16266927>

        Reviewed by Simon Fraser.

        No new tests because no behavior changes.

        * DerivedSources.make:
        * Modules/airplay/WebKitPlaybackTargetAvailabilityEvent.cpp:
        * Modules/airplay/WebKitPlaybackTargetAvailabilityEvent.h:
        * Modules/airplay/WebKitPlaybackTargetAvailabilityEvent.idl:
        * Modules/encryptedmedia/MediaKeyMessageEvent.cpp:
        * Modules/encryptedmedia/MediaKeyMessageEvent.h:
        * Modules/encryptedmedia/MediaKeyMessageEvent.idl:
        * Modules/encryptedmedia/MediaKeyNeededEvent.cpp:
        * Modules/encryptedmedia/MediaKeyNeededEvent.h:
        * Modules/encryptedmedia/MediaKeyNeededEvent.idl:
        * Modules/encryptedmedia/MediaKeySession.idl:
        * Modules/encryptedmedia/MediaKeys.idl:
        * Modules/geolocation/NavigatorGeolocation.cpp:
        * Modules/indexeddb/DOMWindowIndexedDatabase.idl:
        * Modules/indexeddb/IDBCallbacks.h:
        * Modules/indexeddb/IDBDatabaseException.cpp:
        * Modules/indexeddb/IDBDatabaseMetadata.h:
        * Modules/indexeddb/IDBEventDispatcher.cpp:
        * Modules/indexeddb/IDBEventDispatcher.h:
        * Modules/indexeddb/IDBFactory.cpp:
        * Modules/indexeddb/IDBFactory.h:
        * Modules/indexeddb/IDBFactoryBackendInterface.cpp:
        * Modules/indexeddb/IDBFactoryBackendInterface.h:
        * Modules/indexeddb/IDBHistograms.h:
        * Modules/indexeddb/IDBIndexMetadata.h:
        * Modules/indexeddb/IDBObjectStoreMetadata.h:
        * Modules/indexeddb/IDBRecordIdentifier.h:
        * Modules/indexeddb/IDBRequest.cpp:
        * Modules/indexeddb/IDBRequest.h:
        * Modules/indexeddb/IDBRequest.idl:
        * Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.cpp:
        * Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.h:
        * Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.idl:
        * Modules/indexeddb/leveldb/IDBFactoryBackendLevelDB.cpp:
        * Modules/indexeddb/leveldb/IDBFactoryBackendLevelDB.h:
        * Modules/mediacontrols/MediaControlsHost.cpp:
        * Modules/mediacontrols/MediaControlsHost.h:
        * Modules/mediacontrols/MediaControlsHost.idl:
        * Modules/mediacontrols/mediaControlsApple.css:
        * Modules/mediacontrols/mediaControlsiOS.css:
        * Modules/mediasource/AudioTrackMediaSource.h:
        * Modules/mediasource/AudioTrackMediaSource.idl:
        * Modules/mediasource/TextTrackMediaSource.h:
        * Modules/mediasource/TextTrackMediaSource.idl:
        * Modules/mediasource/VideoTrackMediaSource.h:
        * Modules/mediasource/VideoTrackMediaSource.idl:
        * Modules/mediastream/AllAudioCapabilities.h:
        * Modules/mediastream/AllAudioCapabilities.idl:
        * Modules/mediastream/AllVideoCapabilities.h:
        * Modules/mediastream/AllVideoCapabilities.idl:
        * Modules/mediastream/AudioStreamTrack.cpp:
        * Modules/mediastream/AudioStreamTrack.h:
        * Modules/mediastream/AudioStreamTrack.idl:
        * Modules/mediastream/CapabilityRange.cpp:
        * Modules/mediastream/CapabilityRange.h:
        * Modules/mediastream/CapabilityRange.idl:
        * Modules/mediastream/MediaSourceStates.cpp:
        * Modules/mediastream/MediaSourceStates.h:
        * Modules/mediastream/MediaSourceStates.idl:
        * Modules/mediastream/MediaStreamCapabilities.cpp:
        * Modules/mediastream/MediaStreamCapabilities.h:
        * Modules/mediastream/MediaStreamCapabilities.idl:
        * Modules/mediastream/MediaTrackConstraint.cpp:
        * Modules/mediastream/MediaTrackConstraint.h:
        * Modules/mediastream/MediaTrackConstraint.idl:
        * Modules/mediastream/MediaTrackConstraintSet.cpp:
        * Modules/mediastream/MediaTrackConstraintSet.h:
        * Modules/mediastream/MediaTrackConstraints.cpp:
        * Modules/mediastream/MediaTrackConstraints.h:
        * Modules/mediastream/MediaTrackConstraints.idl:
        * Modules/mediastream/NavigatorMediaStream.cpp:
        * Modules/mediastream/NavigatorUserMediaError.cpp:
        * Modules/mediastream/RTCConfiguration.idl:
        * Modules/mediastream/RTCIceServer.idl:
        * Modules/mediastream/RTCOfferAnswerOptions.cpp:
        * Modules/mediastream/RTCOfferAnswerOptions.h:
        * Modules/mediastream/VideoStreamTrack.cpp:
        * Modules/mediastream/VideoStreamTrack.h:
        * Modules/mediastream/VideoStreamTrack.idl:
        * Modules/networkinfo/NetworkInfo.cpp:
        * Modules/networkinfo/NetworkInfo.h:
        * Modules/networkinfo/NetworkInfoConnection.cpp:
        * Modules/networkinfo/NetworkInfoConnection.h:
        * Modules/networkinfo/NetworkInfoController.cpp:
        * Modules/notifications/DOMWindowNotifications.cpp:
        * Modules/notifications/DOMWindowNotifications.h:
        * Modules/notifications/DOMWindowNotifications.idl:
        * Modules/notifications/NotificationController.cpp:
        * Modules/notifications/NotificationController.h:
        * Modules/notifications/NotificationPermissionCallback.h:
        * Modules/notifications/NotificationPermissionCallback.idl:
        * Modules/notifications/WorkerGlobalScopeNotifications.cpp:
        * Modules/notifications/WorkerGlobalScopeNotifications.h:
        * Modules/notifications/WorkerGlobalScopeNotifications.idl:
        * Modules/plugins/PluginReplacement.h:
        * Modules/plugins/QuickTimePluginReplacement.cpp:
        * Modules/plugins/QuickTimePluginReplacement.css:
        * Modules/plugins/QuickTimePluginReplacement.h:
        * Modules/plugins/QuickTimePluginReplacement.idl:
        * Modules/quota/DOMWindowQuota.idl:
        * Modules/speech/DOMWindowSpeechSynthesis.h:
        * Modules/speech/DOMWindowSpeechSynthesis.idl:
        * Modules/speech/SpeechSynthesis.cpp:
        * Modules/speech/SpeechSynthesis.h:
        * Modules/speech/SpeechSynthesis.idl:
        * Modules/speech/SpeechSynthesisEvent.cpp:
        * Modules/speech/SpeechSynthesisEvent.h:
        * Modules/speech/SpeechSynthesisEvent.idl:
        * Modules/speech/SpeechSynthesisUtterance.cpp:
        * Modules/speech/SpeechSynthesisUtterance.h:
        * Modules/speech/SpeechSynthesisUtterance.idl:
        * Modules/speech/SpeechSynthesisVoice.cpp:
        * Modules/speech/SpeechSynthesisVoice.h:
        * Modules/speech/SpeechSynthesisVoice.idl:
        * Modules/webaudio/AudioBuffer.cpp:
        * Modules/webaudio/AudioBuffer.h:
        * Modules/webaudio/AudioBuffer.idl:
        * Modules/webaudio/AudioListener.cpp:
        * Modules/webaudio/AudioListener.h:
        * Modules/webaudio/AudioListener.idl:
        * Modules/webaudio/AudioParam.h:
        * Modules/webaudio/AudioParam.idl:
        * Modules/webaudio/AudioParamTimeline.h:
        * Modules/webaudio/AudioScheduledSourceNode.h:
        * Modules/webaudio/ChannelMergerNode.cpp:
        * Modules/webaudio/ChannelMergerNode.h:
        * Modules/webaudio/ChannelMergerNode.idl:
        * Modules/webaudio/MediaStreamAudioSource.cpp:
        * Modules/webaudio/MediaStreamAudioSource.h:
        * Modules/webaudio/PeriodicWave.cpp:
        * Modules/webaudio/PeriodicWave.h:
        * Modules/webdatabase/ChangeVersionWrapper.cpp:
        * Modules/webdatabase/ChangeVersionWrapper.h:
        * Modules/webdatabase/DOMWindowWebDatabase.cpp:
        * Modules/webdatabase/DOMWindowWebDatabase.h:
        * Modules/webdatabase/DOMWindowWebDatabase.idl:
        * Modules/webdatabase/Database.cpp:
        * Modules/webdatabase/Database.h:
        * Modules/webdatabase/Database.idl:
        * Modules/webdatabase/DatabaseAuthorizer.cpp:
        * Modules/webdatabase/DatabaseAuthorizer.h:
        * Modules/webdatabase/DatabaseBackendBase.cpp:
        * Modules/webdatabase/DatabaseBackendBase.h:
        * Modules/webdatabase/DatabaseCallback.idl:
        * Modules/webdatabase/DatabaseContext.cpp:
        * Modules/webdatabase/DatabaseContext.h:
        * Modules/webdatabase/DatabaseDetails.h:
        * Modules/webdatabase/DatabaseTask.cpp:
        * Modules/webdatabase/DatabaseTask.h:
        * Modules/webdatabase/DatabaseThread.cpp:
        * Modules/webdatabase/DatabaseThread.h:
        * Modules/webdatabase/DatabaseTracker.cpp:
        * Modules/webdatabase/DatabaseTracker.h:
        * Modules/webdatabase/SQLCallbackWrapper.h:
        * Modules/webdatabase/SQLError.h:
        * Modules/webdatabase/SQLError.idl:
        * Modules/webdatabase/SQLException.cpp:
        * Modules/webdatabase/SQLResultSet.cpp:
        * Modules/webdatabase/SQLResultSet.h:
        * Modules/webdatabase/SQLResultSet.idl:
        * Modules/webdatabase/SQLResultSetRowList.cpp:
        * Modules/webdatabase/SQLResultSetRowList.h:
        * Modules/webdatabase/SQLResultSetRowList.idl:
        * Modules/webdatabase/SQLStatement.cpp:
        * Modules/webdatabase/SQLStatement.h:
        * Modules/webdatabase/SQLStatementBackend.cpp:
        * Modules/webdatabase/SQLStatementBackend.h:
        * Modules/webdatabase/SQLStatementCallback.h:
        * Modules/webdatabase/SQLStatementCallback.idl:
        * Modules/webdatabase/SQLStatementErrorCallback.h:
        * Modules/webdatabase/SQLStatementErrorCallback.idl:
        * Modules/webdatabase/SQLStatementSync.cpp:
        * Modules/webdatabase/SQLTransaction.cpp:
        * Modules/webdatabase/SQLTransaction.h:
        * Modules/webdatabase/SQLTransaction.idl:
        * Modules/webdatabase/SQLTransactionBackend.cpp:
        * Modules/webdatabase/SQLTransactionBackend.h:
        * Modules/webdatabase/SQLTransactionCallback.h:
        * Modules/webdatabase/SQLTransactionCallback.idl:
        * Modules/webdatabase/SQLTransactionErrorCallback.h:
        * Modules/webdatabase/SQLTransactionErrorCallback.idl:
        * Modules/webdatabase/WorkerGlobalScopeWebDatabase.cpp:
        * Modules/webdatabase/WorkerGlobalScopeWebDatabase.h:
        * Modules/webdatabase/WorkerGlobalScopeWebDatabase.idl:
        * Resources/deleteButton.tiff:
        * Resources/deleteButtonPressed.tiff:
        * WebCore.vcxproj/MigrateScripts:
        * WebCorePrefix.cpp:
        * accessibility/AXObjectCache.cpp:
        * accessibility/AXObjectCache.h:
        * accessibility/AccessibilityARIAGrid.cpp:
        * accessibility/AccessibilityARIAGrid.h:
        * accessibility/AccessibilityARIAGridCell.cpp:
        * accessibility/AccessibilityARIAGridCell.h:
        * accessibility/AccessibilityARIAGridRow.cpp:
        * accessibility/AccessibilityARIAGridRow.h:
        * accessibility/AccessibilityImageMapLink.cpp:
        * accessibility/AccessibilityImageMapLink.h:
        * accessibility/AccessibilityList.cpp:
        * accessibility/AccessibilityList.h:
        * accessibility/AccessibilityListBox.cpp:
        * accessibility/AccessibilityListBox.h:
        * accessibility/AccessibilityListBoxOption.cpp:
        * accessibility/AccessibilityListBoxOption.h:
        * accessibility/AccessibilityMediaControls.cpp:
        * accessibility/AccessibilityMediaControls.h:
        * accessibility/AccessibilityNodeObject.cpp:
        * accessibility/AccessibilityNodeObject.h:
        * accessibility/AccessibilityObject.cpp:
        * accessibility/AccessibilityObject.h:
        * accessibility/AccessibilityRenderObject.cpp:
        * accessibility/AccessibilityRenderObject.h:
        * accessibility/AccessibilitySVGRoot.cpp:
        * accessibility/AccessibilitySVGRoot.h:
        * accessibility/AccessibilityScrollbar.cpp:
        * accessibility/AccessibilityScrollbar.h:
        * accessibility/AccessibilitySlider.cpp:
        * accessibility/AccessibilitySlider.h:
        * accessibility/AccessibilityTable.cpp:
        * accessibility/AccessibilityTable.h:
        * accessibility/AccessibilityTableCell.cpp:
        * accessibility/AccessibilityTableCell.h:
        * accessibility/AccessibilityTableColumn.cpp:
        * accessibility/AccessibilityTableColumn.h:
        * accessibility/AccessibilityTableHeaderContainer.cpp:
        * accessibility/AccessibilityTableHeaderContainer.h:
        * accessibility/AccessibilityTableRow.cpp:
        * accessibility/AccessibilityTableRow.h:
        * accessibility/ios/AXObjectCacheIOS.mm:
        * accessibility/ios/AccessibilityObjectIOS.mm:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        * accessibility/mac/AXObjectCacheMac.mm:
        * accessibility/mac/AccessibilityObjectMac.mm:
        * accessibility/mac/WebAccessibilityObjectWrapperBase.h:
        * accessibility/mac/WebAccessibilityObjectWrapperBase.mm:
        * accessibility/mac/WebAccessibilityObjectWrapperMac.h:
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        * bindings/gobject/WebKitDOMEventTarget.cpp:
        * bindings/gobject/WebKitDOMHTMLPrivate.cpp:
        * bindings/gobject/WebKitDOMHTMLPrivate.h:
        * bindings/js/Dictionary.cpp:
        * bindings/js/GCController.cpp:
        * bindings/js/GCController.h:
        * bindings/js/JSAttrCustom.cpp:
        * bindings/js/JSAudioTrackCustom.cpp:
        * bindings/js/JSAudioTrackListCustom.cpp:
        * bindings/js/JSCSSRuleCustom.cpp:
        * bindings/js/JSCSSRuleCustom.h:
        * bindings/js/JSCSSRuleListCustom.cpp:
        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        * bindings/js/JSCSSValueCustom.cpp:
        * bindings/js/JSCallbackData.cpp:
        * bindings/js/JSCallbackData.h:
        * bindings/js/JSCanvasRenderingContextCustom.cpp:
        * bindings/js/JSClipboardCustom.cpp:
        * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
        * bindings/js/JSCustomXPathNSResolver.cpp:
        * bindings/js/JSCustomXPathNSResolver.h:
        * bindings/js/JSDOMGlobalObject.cpp:
        * bindings/js/JSDOMGlobalObject.h:
        * bindings/js/JSDOMWindowShell.cpp:
        * bindings/js/JSDOMWindowShell.h:
        * bindings/js/JSElementCustom.cpp:
        * bindings/js/JSEventCustom.cpp:
        * bindings/js/JSHTMLAppletElementCustom.cpp:
        * bindings/js/JSHTMLCanvasElementCustom.cpp:
        * bindings/js/JSHTMLDocumentCustom.cpp:
        * bindings/js/JSHTMLElementCustom.cpp:
        * bindings/js/JSHTMLEmbedElementCustom.cpp:
        * bindings/js/JSHTMLFormElementCustom.cpp:
        * bindings/js/JSHTMLFrameElementCustom.cpp:
        * bindings/js/JSHTMLFrameSetElementCustom.cpp:
        * bindings/js/JSHTMLObjectElementCustom.cpp:
        * bindings/js/JSHTMLSelectElementCustom.h:
        * bindings/js/JSHistoryCustom.cpp:
        * bindings/js/JSMediaListCustom.h:
        * bindings/js/JSMediaSourceStatesCustom.cpp:
        * bindings/js/JSMediaStreamCapabilitiesCustom.cpp:
        * bindings/js/JSNamedNodeMapCustom.cpp:
        * bindings/js/JSNodeCustom.cpp:
        * bindings/js/JSNodeCustom.h:
        * bindings/js/JSNodeFilterCustom.cpp:
        * bindings/js/JSNodeListCustom.cpp:
        * bindings/js/JSSQLResultSetRowListCustom.cpp:
        * bindings/js/JSSQLTransactionCustom.cpp:
        * bindings/js/JSSQLTransactionSyncCustom.cpp:
        * bindings/js/JSSVGElementInstanceCustom.cpp:
        * bindings/js/JSStyleSheetCustom.cpp:
        * bindings/js/JSStyleSheetCustom.h:
        * bindings/js/JSStyleSheetListCustom.cpp:
        * bindings/js/JSTextTrackCueCustom.cpp:
        * bindings/js/JSTextTrackCustom.cpp:
        * bindings/js/JSTextTrackListCustom.cpp:
        * bindings/js/JSTouchCustom.cpp:
        * bindings/js/JSTouchListCustom.cpp:
        * bindings/js/JSTrackCustom.cpp:
        * bindings/js/JSTrackCustom.h:
        * bindings/js/JSTrackEventCustom.cpp:
        * bindings/js/JSVideoTrackCustom.cpp:
        * bindings/js/JSVideoTrackListCustom.cpp:
        * bindings/js/JSWebGLRenderingContextCustom.cpp:
        * bindings/js/JSWebKitPointCustom.cpp:
        * bindings/js/JSWorkerGlobalScopeBase.cpp:
        * bindings/js/JSWorkerGlobalScopeBase.h:
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        * bindings/js/JSXSLTProcessorCustom.cpp:
        * bindings/js/ScriptControllerMac.mm:
        * bindings/js/ScriptProfile.cpp:
        * bindings/js/ScriptProfile.h:
        * bindings/js/ScriptProfileNode.h:
        * bindings/js/ScriptProfiler.cpp:
        * bindings/js/ScriptProfiler.h:
        * bindings/js/SerializedScriptValue.cpp:
        * bindings/js/SerializedScriptValue.h:
        * bindings/js/WorkerScriptController.cpp:
        * bindings/js/WorkerScriptController.h:
        * bindings/objc/DOM.h:
        * bindings/objc/DOM.mm:
        * bindings/objc/DOMAbstractView.mm:
        * bindings/objc/DOMAbstractViewFrame.h:
        * bindings/objc/DOMCSS.h:
        * bindings/objc/DOMCSS.mm:
        * bindings/objc/DOMCore.h:
        * bindings/objc/DOMCustomXPathNSResolver.h:
        * bindings/objc/DOMCustomXPathNSResolver.mm:
        * bindings/objc/DOMEventException.h:
        * bindings/objc/DOMEvents.h:
        * bindings/objc/DOMEvents.mm:
        * bindings/objc/DOMException.h:
        * bindings/objc/DOMExtensions.h:
        * bindings/objc/DOMHTML.h:
        * bindings/objc/DOMHTML.mm:
        * bindings/objc/DOMInternal.h:
        * bindings/objc/DOMInternal.mm:
        * bindings/objc/DOMObject.h:
        * bindings/objc/DOMObject.mm:
        * bindings/objc/DOMPrivate.h:
        * bindings/objc/DOMRangeException.h:
        * bindings/objc/DOMRanges.h:
        * bindings/objc/DOMStylesheets.h:
        * bindings/objc/DOMTraversal.h:
        * bindings/objc/DOMUIKitExtensions.h:
        * bindings/objc/DOMUIKitExtensions.mm:
        * bindings/objc/DOMUtility.mm:
        * bindings/objc/DOMViews.h:
        * bindings/objc/DOMXPath.h:
        * bindings/objc/DOMXPath.mm:
        * bindings/objc/DOMXPathException.h:
        * bindings/objc/ExceptionHandlers.h:
        * bindings/objc/ExceptionHandlers.mm:
        * bindings/objc/ObjCEventListener.h:
        * bindings/objc/ObjCEventListener.mm:
        * bindings/objc/ObjCNodeFilterCondition.h:
        * bindings/objc/ObjCNodeFilterCondition.mm:
        * bindings/objc/PublicDOMInterfaces.h:
        * bindings/objc/WebScriptObject.mm:
        * bindings/scripts/CodeGeneratorObjC.pm:
        * bindings/scripts/InFilesCompiler.pm:
        (license):
        * bindings/scripts/InFilesParser.pm:
        * bindings/scripts/generate-bindings.pl:
        * bindings/scripts/test/ObjC/DOMFloat64Array.h:
        * bindings/scripts/test/ObjC/DOMFloat64Array.mm:
        * bindings/scripts/test/ObjC/DOMFloat64ArrayInternal.h:
        * bindings/scripts/test/ObjC/DOMTestActiveDOMObject.h:
        * bindings/scripts/test/ObjC/DOMTestActiveDOMObject.mm:
        * bindings/scripts/test/ObjC/DOMTestActiveDOMObjectInternal.h:
        * bindings/scripts/test/ObjC/DOMTestCallback.h:
        * bindings/scripts/test/ObjC/DOMTestCallback.mm:
        * bindings/scripts/test/ObjC/DOMTestCallbackInternal.h:
        * bindings/scripts/test/ObjC/DOMTestCustomNamedGetter.h:
        * bindings/scripts/test/ObjC/DOMTestCustomNamedGetter.mm:
        * bindings/scripts/test/ObjC/DOMTestCustomNamedGetterInternal.h:
        * bindings/scripts/test/ObjC/DOMTestEventConstructor.h:
        * bindings/scripts/test/ObjC/DOMTestEventConstructor.mm:
        * bindings/scripts/test/ObjC/DOMTestEventConstructorInternal.h:
        * bindings/scripts/test/ObjC/DOMTestEventTarget.h:
        * bindings/scripts/test/ObjC/DOMTestEventTarget.mm:
        * bindings/scripts/test/ObjC/DOMTestEventTargetInternal.h:
        * bindings/scripts/test/ObjC/DOMTestException.h:
        * bindings/scripts/test/ObjC/DOMTestException.mm:
        * bindings/scripts/test/ObjC/DOMTestExceptionInternal.h:
        * bindings/scripts/test/ObjC/DOMTestGenerateIsReachable.h:
        * bindings/scripts/test/ObjC/DOMTestGenerateIsReachable.mm:
        * bindings/scripts/test/ObjC/DOMTestGenerateIsReachableInternal.h:
        * bindings/scripts/test/ObjC/DOMTestInterface.h:
        * bindings/scripts/test/ObjC/DOMTestInterface.mm:
        * bindings/scripts/test/ObjC/DOMTestInterfaceInternal.h:
        * bindings/scripts/test/ObjC/DOMTestMediaQueryListListener.h:
        * bindings/scripts/test/ObjC/DOMTestMediaQueryListListener.mm:
        * bindings/scripts/test/ObjC/DOMTestMediaQueryListListenerInternal.h:
        * bindings/scripts/test/ObjC/DOMTestNamedConstructor.h:
        * bindings/scripts/test/ObjC/DOMTestNamedConstructor.mm:
        * bindings/scripts/test/ObjC/DOMTestNamedConstructorInternal.h:
        * bindings/scripts/test/ObjC/DOMTestNode.h:
        * bindings/scripts/test/ObjC/DOMTestNode.mm:
        * bindings/scripts/test/ObjC/DOMTestNodeInternal.h:
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        * bindings/scripts/test/ObjC/DOMTestObjInternal.h:
        * bindings/scripts/test/ObjC/DOMTestOverloadedConstructors.h:
        * bindings/scripts/test/ObjC/DOMTestOverloadedConstructors.mm:
        * bindings/scripts/test/ObjC/DOMTestOverloadedConstructorsInternal.h:
        * bindings/scripts/test/ObjC/DOMTestSerializedScriptValueInterface.h:
        * bindings/scripts/test/ObjC/DOMTestSerializedScriptValueInterface.mm:
        * bindings/scripts/test/ObjC/DOMTestSerializedScriptValueInterfaceInternal.h:
        * bindings/scripts/test/ObjC/DOMTestTypedefs.h:
        * bindings/scripts/test/ObjC/DOMTestTypedefs.mm:
        * bindings/scripts/test/ObjC/DOMTestTypedefsInternal.h:
        * bindings/scripts/test/ObjC/DOMattribute.h:
        * bindings/scripts/test/ObjC/DOMattribute.mm:
        * bindings/scripts/test/ObjC/DOMattributeInternal.h:
        * bindings/scripts/test/ObjC/DOMreadonly.h:
        * bindings/scripts/test/ObjC/DOMreadonly.mm:
        * bindings/scripts/test/ObjC/DOMreadonlyInternal.h:
        * bindings/scripts/test/TestCallback.idl:
        * bindings/scripts/test/TestCustomNamedGetter.idl:
        * bindings/scripts/test/TestDomainSecurity.idl:
        * bindings/scripts/test/TestEventConstructor.idl:
        * bindings/scripts/test/TestEventTarget.idl:
        * bindings/scripts/test/TestException.idl:
        * bindings/scripts/test/TestImplements.idl:
        * bindings/scripts/test/TestInterface.idl:
        * bindings/scripts/test/TestMediaQueryListListener.idl:
        * bindings/scripts/test/TestNamedConstructor.idl:
        * bindings/scripts/test/TestObj.idl:
        * bindings/scripts/test/TestOverloadedConstructors.idl:
        * bindings/scripts/test/TestSupplemental.idl:
        * bridge/Bridge.h:
        * bridge/IdentifierRep.cpp:
        * bridge/IdentifierRep.h:
        * bridge/NP_jsobject.cpp:
        * bridge/NP_jsobject.h:
        * bridge/c/CRuntimeObject.cpp:
        * bridge/c/CRuntimeObject.h:
        * bridge/c/c_class.cpp:
        * bridge/c/c_class.h:
        * bridge/c/c_instance.cpp:
        * bridge/c/c_instance.h:
        * bridge/c/c_runtime.cpp:
        * bridge/c/c_runtime.h:
        * bridge/c/c_utility.cpp:
        * bridge/c/c_utility.h:
        * bridge/jsc/BridgeJSC.cpp:
        * bridge/jsc/BridgeJSC.h:
        * bridge/npruntime.cpp:
        * bridge/npruntime_impl.h:
        * bridge/npruntime_priv.h:
        * bridge/objc/ObjCRuntimeObject.h:
        * bridge/objc/ObjCRuntimeObject.mm:
        * bridge/objc/WebScriptObject.h:
        * bridge/objc/objc_class.h:
        * bridge/objc/objc_class.mm:
        * bridge/objc/objc_header.h:
        * bridge/objc/objc_instance.h:
        * bridge/objc/objc_instance.mm:
        * bridge/objc/objc_runtime.h:
        * bridge/objc/objc_runtime.mm:
        * bridge/objc/objc_utility.h:
        * bridge/objc/objc_utility.mm:
        * bridge/runtime_array.cpp:
        * bridge/runtime_array.h:
        * bridge/runtime_method.cpp:
        * bridge/runtime_method.h:
        * bridge/runtime_object.cpp:
        * bridge/runtime_object.h:
        * bridge/runtime_root.cpp:
        * bridge/runtime_root.h:
        * bridge/testbindings.mm:
        * css/CSSAllInOne.cpp:
        * css/CSSAspectRatioValue.cpp:
        * css/CSSAspectRatioValue.h:
        * css/CSSBorderImageSliceValue.cpp:
        * css/CSSBorderImageSliceValue.h:
        * css/CSSCanvasValue.cpp:
        * css/CSSCanvasValue.h:
        * css/CSSCrossfadeValue.cpp:
        * css/CSSCrossfadeValue.h:
        * css/CSSFontFace.cpp:
        * css/CSSFontFace.h:
        * css/CSSFontFaceSource.cpp:
        * css/CSSFontFaceSource.h:
        * css/CSSFontFaceSrcValue.cpp:
        * css/CSSFontFaceSrcValue.h:
        * css/CSSFontFeatureValue.cpp:
        * css/CSSFontFeatureValue.h:
        * css/CSSFontSelector.cpp:
        * css/CSSFontSelector.h:
        * css/CSSFontValue.cpp:
        * css/CSSGradientValue.cpp:
        * css/CSSGradientValue.h:
        * css/CSSImageGeneratorValue.cpp:
        * css/CSSImageGeneratorValue.h:
        * css/CSSMediaRule.cpp:
        * css/CSSProperty.cpp:
        * css/CSSProperty.h:
        * css/CSSReflectValue.cpp:
        * css/CSSReflectValue.h:
        * css/CSSReflectionDirection.h:
        * css/CSSRuleList.cpp:
        * css/CSSRuleList.h:
        * css/CSSRuleList.idl:
        * css/CSSSegmentedFontFace.cpp:
        * css/CSSSegmentedFontFace.h:
        * css/CSSShadowValue.cpp:
        * css/CSSTimingFunctionValue.cpp:
        * css/CSSTimingFunctionValue.h:
        * css/CSSUnicodeRangeValue.cpp:
        * css/CSSUnicodeRangeValue.h:
        * css/CSSUnknownRule.idl:
        * css/CSSValue.cpp:
        * css/CSSValueList.idl:
        * css/MediaAllInOne.cpp:
        * css/MediaFeatureNames.cpp:
        * css/MediaList.idl:
        * css/MediaQuery.cpp:
        * css/MediaQuery.h:
        * css/MediaQueryEvaluator.cpp:
        * css/MediaQueryEvaluator.h:
        * css/MediaQueryExp.cpp:
        * css/MediaQueryExp.h:
        * css/Pair.h:
        * css/PropertySetCSSStyleDeclaration.h:
        * css/RGBColor.cpp:
        * css/RGBColor.h:
        * css/SVGCSSParser.cpp:
        * css/SVGCSSStyleSelector.cpp:
        * css/StyleInvalidationAnalysis.cpp:
        * css/StyleInvalidationAnalysis.h:
        * css/StyleMedia.cpp:
        * css/StyleMedia.h:
        * css/StyleMedia.idl:
        * css/StyleSheet.cpp:
        * css/WebKitCSSFilterValue.cpp:
        * css/WebKitCSSFilterValue.h:
        * css/WebKitCSSFilterValue.idl:
        * css/WebKitCSSKeyframeRule.cpp:
        * css/WebKitCSSKeyframeRule.h:
        * css/WebKitCSSKeyframeRule.idl:
        * css/WebKitCSSKeyframesRule.cpp:
        * css/WebKitCSSKeyframesRule.h:
        * css/WebKitCSSKeyframesRule.idl:
        * css/WebKitCSSTransformValue.cpp:
        * css/WebKitCSSTransformValue.h:
        * css/WebKitCSSTransformValue.idl:
        * css/make-css-file-arrays.pl:
        * css/mediaControls.css:
        * css/mediaControlsEfl.css:
        * css/mediaControlsEflFullscreen.css:
        * css/mediaControlsGtk.css:
        * css/mediaControlsiOS.css:
        * css/svg.css:
        * dom/ActiveDOMObject.cpp:
        * dom/ActiveDOMObject.h:
        * dom/BeforeLoadEvent.h:
        * dom/BeforeLoadEvent.idl:
        * dom/BeforeTextInsertedEvent.cpp:
        * dom/BeforeTextInsertedEvent.h:
        * dom/BeforeUnloadEvent.cpp:
        * dom/BeforeUnloadEvent.h:
        * dom/BeforeUnloadEvent.idl:
        * dom/ClassNodeList.cpp:
        * dom/ClassNodeList.h:
        * dom/ClientRect.cpp:
        * dom/ClientRect.h:
        * dom/ClientRect.idl:
        * dom/ClientRectList.cpp:
        * dom/ClientRectList.h:
        * dom/ClientRectList.idl:
        * dom/Clipboard.cpp:
        * dom/Clipboard.idl:
        * dom/ClipboardAccessPolicy.h:
        * dom/ClipboardMac.mm:
        * dom/CompositionEvent.cpp:
        * dom/CompositionEvent.h:
        * dom/CompositionEvent.idl:
        * dom/ContextDestructionObserver.cpp:
        * dom/ContextDestructionObserver.h:
        * dom/CurrentScriptIncrementer.h:
        * dom/CustomEvent.cpp:
        * dom/CustomEvent.h:
        * dom/CustomEvent.idl:
        * dom/DOMCoreException.cpp:
        * dom/DOMCoreException.h:
        * dom/DOMCoreException.idl:
        * dom/DOMError.idl:
        * dom/DeviceMotionEvent.cpp:
        * dom/DeviceMotionEvent.h:
        * dom/DeviceMotionEvent.idl:
        * dom/DocumentEventQueue.cpp:
        * dom/DocumentEventQueue.h:
        * dom/DocumentMarker.h:
        * dom/DocumentParser.h:
        * dom/DocumentSharedObjectPool.cpp:
        * dom/DocumentSharedObjectPool.h:
        * dom/Entity.idl:
        * dom/EventContext.cpp:
        * dom/EventContext.h:
        * dom/EventException.cpp:
        * dom/EventException.h:
        * dom/EventException.idl:
        * dom/EventListener.idl:
        * dom/EventListenerMap.cpp:
        * dom/EventListenerMap.h:
        * dom/EventNames.cpp:
        * dom/EventQueue.h:
        * dom/EventTarget.cpp:
        * dom/EventTarget.h:
        * dom/ExceptionBase.cpp:
        * dom/ExceptionBase.h:
        * dom/GenericEventQueue.cpp:
        * dom/GenericEventQueue.h:
        * dom/KeyboardEvent.idl:
        * dom/MessageChannel.cpp:
        * dom/MessageChannel.h:
        * dom/MessageChannel.idl:
        * dom/MessageEvent.cpp:
        * dom/MessageEvent.h:
        * dom/MessageEvent.idl:
        * dom/MessagePort.cpp:
        * dom/MessagePort.h:
        * dom/MessagePort.idl:
        * dom/MouseRelatedEvent.h:
        * dom/MutationEvent.idl:
        * dom/Notation.idl:
        * dom/OverflowEvent.cpp:
        * dom/OverflowEvent.h:
        * dom/OverflowEvent.idl:
        * dom/PopStateEvent.cpp:
        * dom/PopStateEvent.h:
        * dom/PopStateEvent.idl:
        * dom/Position.cpp:
        * dom/Position.h:
        * dom/ProcessingInstruction.idl:
        * dom/ProgressEvent.cpp:
        * dom/ProgressEvent.h:
        * dom/ProgressEvent.idl:
        * dom/Range.idl:
        * dom/RangeException.cpp:
        * dom/RangeException.h:
        * dom/ScriptExecutionContext.cpp:
        * dom/ScriptExecutionContext.h:
        * dom/SecurityContext.cpp:
        * dom/SecurityContext.h:
        * dom/StaticNodeList.cpp:
        * dom/StaticNodeList.h:
        * dom/Text.idl:
        * dom/TextEvent.cpp:
        * dom/TextEvent.h:
        * dom/TextEvent.idl:
        * dom/Touch.cpp:
        * dom/Touch.h:
        * dom/Touch.idl:
        * dom/TouchEvent.cpp:
        * dom/TouchEvent.h:
        * dom/TouchEvent.idl:
        * dom/TouchList.cpp:
        * dom/TouchList.h:
        * dom/TouchList.idl:
        * dom/TransitionEvent.cpp:
        * dom/TransitionEvent.h:
        * dom/TransitionEvent.idl:
        * dom/TreeWalker.idl:
        * dom/UIEvent.idl:
        * dom/UIEventWithKeyState.cpp:
        * dom/WebKitAnimationEvent.cpp:
        * dom/WebKitAnimationEvent.h:
        * dom/WebKitAnimationEvent.idl:
        * dom/WebKitTransitionEvent.cpp:
        * dom/WebKitTransitionEvent.h:
        * dom/WebKitTransitionEvent.idl:
        * dom/make_dom_exceptions.pl:
        * dom/make_event_factory.pl:
        * dom/make_names.pl:
        (printLicenseHeader):
        * editing/AlternativeTextController.cpp:
        * editing/AlternativeTextController.h:
        * editing/AppendNodeCommand.cpp:
        * editing/AppendNodeCommand.h:
        * editing/ApplyStyleCommand.cpp:
        * editing/ApplyStyleCommand.h:
        * editing/BreakBlockquoteCommand.cpp:
        * editing/BreakBlockquoteCommand.h:
        * editing/CompositeEditCommand.cpp:
        * editing/CompositeEditCommand.h:
        * editing/CreateLinkCommand.cpp:
        * editing/CreateLinkCommand.h:
        * editing/DeleteButton.cpp:
        * editing/DeleteButton.h:
        * editing/DeleteButtonController.cpp:
        * editing/DeleteButtonController.h:
        * editing/DeleteFromTextNodeCommand.cpp:
        * editing/DeleteFromTextNodeCommand.h:
        * editing/DeleteSelectionCommand.cpp:
        * editing/DeleteSelectionCommand.h:
        * editing/EditAction.h:
        * editing/EditCommand.cpp:
        * editing/EditCommand.h:
        * editing/EditingBoundary.h:
        * editing/EditingStyle.cpp:
        * editing/Editor.cpp:
        * editing/Editor.h:
        * editing/EditorCommand.cpp:
        * editing/EditorDeleteAction.h:
        * editing/EditorInsertAction.h:
        * editing/FormatBlockCommand.cpp:
        * editing/FormatBlockCommand.h:
        * editing/FrameSelection.cpp:
        * editing/FrameSelection.h:
        * editing/HTMLInterchange.cpp:
        * editing/HTMLInterchange.h:
        * editing/IndentOutdentCommand.cpp:
        * editing/IndentOutdentCommand.h:
        * editing/InsertIntoTextNodeCommand.cpp:
        * editing/InsertIntoTextNodeCommand.h:
        * editing/InsertLineBreakCommand.cpp:
        * editing/InsertLineBreakCommand.h:
        * editing/InsertListCommand.cpp:
        * editing/InsertListCommand.h:
        * editing/InsertNodeBeforeCommand.cpp:
        * editing/InsertNodeBeforeCommand.h:
        * editing/InsertParagraphSeparatorCommand.cpp:
        * editing/InsertParagraphSeparatorCommand.h:
        * editing/InsertTextCommand.cpp:
        * editing/InsertTextCommand.h:
        * editing/MarkupAccumulator.h:
        * editing/MergeIdenticalElementsCommand.cpp:
        * editing/MergeIdenticalElementsCommand.h:
        * editing/ModifySelectionListLevel.cpp:
        * editing/ModifySelectionListLevel.h:
        * editing/MoveSelectionCommand.cpp:
        * editing/MoveSelectionCommand.h:
        * editing/RemoveCSSPropertyCommand.cpp:
        * editing/RemoveCSSPropertyCommand.h:
        * editing/RemoveFormatCommand.cpp:
        * editing/RemoveFormatCommand.h:
        * editing/RemoveNodeCommand.cpp:
        * editing/RemoveNodeCommand.h:
        * editing/RemoveNodePreservingChildrenCommand.cpp:
        * editing/RemoveNodePreservingChildrenCommand.h:
        * editing/ReplaceSelectionCommand.cpp:
        * editing/ReplaceSelectionCommand.h:
        * editing/SetNodeAttributeCommand.cpp:
        * editing/SetNodeAttributeCommand.h:
        * editing/SetSelectionCommand.cpp:
        * editing/SetSelectionCommand.h:
        * editing/SimplifyMarkupCommand.cpp:
        * editing/SimplifyMarkupCommand.h:
        * editing/SmartReplace.cpp:
        * editing/SmartReplace.h:
        * editing/SmartReplaceCF.cpp:
        * editing/SpellChecker.cpp:
        * editing/SpellChecker.h:
        * editing/SpellingCorrectionCommand.cpp:
        * editing/SpellingCorrectionCommand.h:
        * editing/SplitElementCommand.cpp:
        * editing/SplitElementCommand.h:
        * editing/SplitTextNodeCommand.cpp:
        * editing/SplitTextNodeCommand.h:
        * editing/SplitTextNodeContainingElementCommand.cpp:
        * editing/SplitTextNodeContainingElementCommand.h:
        * editing/TextAffinity.h:
        * editing/TextCheckingHelper.cpp:
        * editing/TextGranularity.h:
        * editing/TextIterator.cpp:
        * editing/TextIterator.h:
        * editing/TextIteratorBehavior.h:
        * editing/TypingCommand.cpp:
        * editing/TypingCommand.h:
        * editing/UnlinkCommand.cpp:
        * editing/UnlinkCommand.h:
        * editing/VisiblePosition.cpp:
        * editing/VisiblePosition.h:
        * editing/VisibleSelection.cpp:
        * editing/VisibleSelection.h:
        * editing/VisibleUnits.cpp:
        * editing/VisibleUnits.h:
        * editing/WrapContentsInDummySpanCommand.cpp:
        * editing/WrapContentsInDummySpanCommand.h:
        * editing/WritingDirection.h:
        * editing/efl/EditorEfl.cpp:
        * editing/htmlediting.cpp:
        * editing/htmlediting.h:
        * editing/mac/EditorMac.mm:
        * editing/mac/FrameSelectionMac.mm:
        * editing/markup.cpp:
        * editing/markup.h:
        * extract-localizable-strings.pl:
        * fileapi/FileException.cpp:
        * history/BackForwardClient.h:
        * history/BackForwardList.cpp:
        * history/BackForwardList.h:
        * history/CachedFrame.cpp:
        * history/CachedFrame.h:
        * history/CachedFramePlatformData.h:
        * history/CachedPage.cpp:
        * history/CachedPage.h:
        * history/HistoryItem.cpp:
        * history/HistoryItem.h:
        * history/PageCache.cpp:
        * history/PageCache.h:
        * history/mac/HistoryItemMac.mm:
        * html/FTPDirectoryDocument.cpp:
        * html/FTPDirectoryDocument.h:
        * html/HTMLAudioElement.cpp:
        * html/HTMLAudioElement.h:
        * html/HTMLAudioElement.idl:
        * html/HTMLCanvasElement.cpp:
        * html/HTMLCanvasElement.h:
        * html/HTMLCanvasElement.idl:
        * html/HTMLFieldSetElement.idl:
        * html/HTMLImageLoader.h:
        * html/HTMLMediaElement.cpp:
        * html/HTMLMediaElement.h:
        * html/HTMLMediaElement.idl:
        * html/HTMLOptionsCollection.cpp:
        * html/HTMLPlugInElement.cpp:
        * html/HTMLSourceElement.cpp:
        * html/HTMLSourceElement.h:
        * html/HTMLSourceElement.idl:
        * html/HTMLTablePartElement.cpp:
        * html/HTMLTableRowsCollection.cpp:
        * html/HTMLTableRowsCollection.h:
        * html/HTMLTitleElement.idl:
        * html/HTMLTrackElement.cpp:
        * html/HTMLTrackElement.h:
        * html/HTMLTrackElement.idl:
        * html/HTMLVideoElement.cpp:
        * html/HTMLVideoElement.h:
        * html/HTMLVideoElement.idl:
        * html/ImageData.cpp:
        * html/ImageData.h:
        * html/ImageData.idl:
        * html/ImageDocument.cpp:
        * html/ImageDocument.h:
        * html/MediaController.cpp:
        * html/MediaController.h:
        * html/MediaController.idl:
        * html/MediaControllerInterface.h:
        * html/MediaError.h:
        * html/MediaError.idl:
        * html/MediaFragmentURIParser.cpp:
        * html/MediaFragmentURIParser.h:
        * html/MediaKeyError.h:
        * html/MediaKeyError.idl:
        * html/MediaKeyEvent.cpp:
        * html/MediaKeyEvent.h:
        * html/MediaKeyEvent.idl:
        * html/PluginDocument.cpp:
        * html/PluginDocument.h:
        * html/TextDocument.cpp:
        * html/TextDocument.h:
        * html/TimeRanges.cpp:
        * html/TimeRanges.h:
        * html/TimeRanges.idl:
        * html/VoidCallback.h:
        * html/VoidCallback.idl:
        * html/canvas/CanvasGradient.cpp:
        * html/canvas/CanvasGradient.h:
        * html/canvas/CanvasGradient.idl:
        * html/canvas/CanvasPattern.cpp:
        * html/canvas/CanvasPattern.h:
        * html/canvas/CanvasPattern.idl:
        * html/canvas/CanvasRenderingContext.cpp:
        * html/canvas/CanvasRenderingContext.h:
        * html/canvas/CanvasRenderingContext.idl:
        * html/canvas/CanvasRenderingContext2D.cpp:
        * html/canvas/CanvasRenderingContext2D.h:
        * html/canvas/CanvasRenderingContext2D.idl:
        * html/canvas/CanvasStyle.cpp:
        * html/canvas/CanvasStyle.h:
        * html/canvas/DOMPath.idl:
        * html/canvas/OESVertexArrayObject.cpp:
        * html/canvas/OESVertexArrayObject.h:
        * html/canvas/OESVertexArrayObject.idl:
        * html/canvas/WebGLBuffer.cpp:
        * html/canvas/WebGLBuffer.h:
        * html/canvas/WebGLBuffer.idl:
        * html/canvas/WebGLContextGroup.cpp:
        * html/canvas/WebGLContextGroup.h:
        * html/canvas/WebGLContextObject.cpp:
        * html/canvas/WebGLContextObject.h:
        * html/canvas/WebGLFramebuffer.cpp:
        * html/canvas/WebGLFramebuffer.h:
        * html/canvas/WebGLFramebuffer.idl:
        * html/canvas/WebGLObject.cpp:
        * html/canvas/WebGLObject.h:
        * html/canvas/WebGLProgram.cpp:
        * html/canvas/WebGLProgram.h:
        * html/canvas/WebGLProgram.idl:
        * html/canvas/WebGLRenderbuffer.cpp:
        * html/canvas/WebGLRenderbuffer.h:
        * html/canvas/WebGLRenderbuffer.idl:
        * html/canvas/WebGLRenderingContext.cpp:
        * html/canvas/WebGLRenderingContext.h:
        * html/canvas/WebGLRenderingContext.idl:
        * html/canvas/WebGLShader.cpp:
        * html/canvas/WebGLShader.h:
        * html/canvas/WebGLShader.idl:
        * html/canvas/WebGLSharedObject.cpp:
        * html/canvas/WebGLSharedObject.h:
        * html/canvas/WebGLTexture.cpp:
        * html/canvas/WebGLTexture.h:
        * html/canvas/WebGLTexture.idl:
        * html/canvas/WebGLUniformLocation.cpp:
        * html/canvas/WebGLUniformLocation.h:
        * html/canvas/WebGLUniformLocation.idl:
        * html/canvas/WebGLVertexArrayObjectOES.cpp:
        * html/canvas/WebGLVertexArrayObjectOES.h:
        * html/canvas/WebGLVertexArrayObjectOES.idl:
        * html/forms/FileIconLoader.cpp:
        * html/forms/FileIconLoader.h:
        * html/parser/TextDocumentParser.cpp:
        * html/parser/TextDocumentParser.h:
        * html/shadow/MediaControlElementTypes.cpp:
        * html/shadow/MediaControlElementTypes.h:
        * html/shadow/MediaControlElements.cpp:
        * html/shadow/MediaControlElements.h:
        * html/shadow/MediaControls.cpp:
        * html/shadow/MediaControls.h:
        * html/shadow/MediaControlsApple.cpp:
        * html/shadow/MediaControlsApple.h:
        * html/shadow/MediaControlsGtk.cpp:
        * html/shadow/MediaControlsGtk.h:
        * html/shadow/SpinButtonElement.cpp:
        * html/shadow/SpinButtonElement.h:
        * html/shadow/TextControlInnerElements.cpp:
        * html/shadow/TextControlInnerElements.h:
        * html/track/AudioTrack.h:
        * html/track/AudioTrack.idl:
        * html/track/AudioTrackList.cpp:
        * html/track/AudioTrackList.h:
        * html/track/AudioTrackList.idl:
        * html/track/DataCue.cpp:
        * html/track/DataCue.h:
        * html/track/DataCue.idl:
        * html/track/InbandGenericTextTrack.cpp:
        * html/track/InbandGenericTextTrack.h:
        * html/track/InbandTextTrack.cpp:
        * html/track/InbandTextTrack.h:
        * html/track/InbandWebVTTTextTrack.cpp:
        * html/track/InbandWebVTTTextTrack.h:
        * html/track/LoadableTextTrack.cpp:
        * html/track/LoadableTextTrack.h:
        * html/track/TextTrack.h:
        * html/track/TextTrack.idl:
        * html/track/TextTrackCue.idl:
        * html/track/TextTrackCueGeneric.cpp:
        * html/track/TextTrackCueGeneric.h:
        * html/track/TextTrackCueList.cpp:
        * html/track/TextTrackCueList.h:
        * html/track/TextTrackCueList.idl:
        * html/track/TextTrackList.cpp:
        * html/track/TextTrackList.h:
        * html/track/TextTrackList.idl:
        * html/track/TextTrackRegion.idl:
        * html/track/TextTrackRegionList.cpp:
        * html/track/TextTrackRegionList.h:
        * html/track/TextTrackRegionList.idl:
        * html/track/TrackBase.cpp:
        * html/track/TrackBase.h:
        * html/track/TrackEvent.cpp:
        * html/track/TrackEvent.h:
        * html/track/TrackEvent.idl:
        * html/track/TrackListBase.cpp:
        * html/track/TrackListBase.h:
        * html/track/VTTCue.idl:
        * html/track/VideoTrack.h:
        * html/track/VideoTrack.idl:
        * html/track/VideoTrackList.cpp:
        * html/track/VideoTrackList.h:
        * html/track/VideoTrackList.idl:
        * html/track/WebVTTElement.cpp:
        * html/track/WebVTTElement.h:
        * inspector/CommandLineAPIHost.cpp:
        * inspector/CommandLineAPIHost.h:
        * inspector/CommandLineAPIModuleSource.js:
        * inspector/InspectorAllInOne.cpp:
        * inspector/InspectorClient.h:
        * inspector/InspectorDOMAgent.cpp:
        * inspector/InspectorDOMAgent.h:
        * inspector/InspectorDOMStorageAgent.cpp:
        * inspector/InspectorDOMStorageAgent.h:
        * inspector/InspectorDatabaseAgent.cpp:
        * inspector/InspectorDatabaseAgent.h:
        * inspector/InspectorDatabaseResource.cpp:
        * inspector/InspectorDatabaseResource.h:
        * inspector/InspectorForwarding.h:
        * inspector/InspectorFrontendHost.cpp:
        * inspector/InspectorFrontendHost.h:
        * inspector/InspectorLayerTreeAgent.h:
        * inspector/InspectorNodeFinder.cpp:
        * inspector/InspectorNodeFinder.h:
        * inspector/InspectorOverlay.cpp:
        * inspector/InspectorOverlay.h:
        * inspector/InspectorOverlayPage.html:
        * inspector/InspectorProfilerAgent.cpp:
        * inspector/InspectorProfilerAgent.h:
        * inspector/ScriptProfile.idl:
        * inspector/ScriptProfileNode.idl:
        * loader/CookieJar.h:
        * loader/CrossOriginAccessControl.cpp:
        * loader/CrossOriginAccessControl.h:
        * loader/CrossOriginPreflightResultCache.cpp:
        * loader/CrossOriginPreflightResultCache.h:
        * loader/DocumentLoader.cpp:
        * loader/DocumentLoader.h:
        * loader/DocumentWriter.cpp:
        * loader/EmptyClients.h:
        * loader/FormState.cpp:
        * loader/FormState.h:
        * loader/FrameLoadRequest.h:
        * loader/FrameLoader.cpp:
        * loader/FrameLoader.h:
        * loader/FrameLoaderClient.h:
        * loader/FrameLoaderTypes.h:
        * loader/HistoryController.cpp:
        * loader/HistoryController.h:
        * loader/MixedContentChecker.cpp:
        * loader/NavigationAction.cpp:
        * loader/NavigationAction.h:
        * loader/NavigationScheduler.cpp:
        * loader/NavigationScheduler.h:
        * loader/NetscapePlugInStreamLoader.cpp:
        * loader/NetscapePlugInStreamLoader.h:
        * loader/PolicyCallback.cpp:
        * loader/PolicyCallback.h:
        * loader/PolicyChecker.cpp:
        * loader/PolicyChecker.h:
        * loader/ProgressTracker.cpp:
        * loader/ProgressTracker.h:
        * loader/ResourceBuffer.cpp:
        * loader/ResourceBuffer.h:
        * loader/ResourceLoadNotifier.cpp:
        * loader/ResourceLoadNotifier.h:
        * loader/ResourceLoader.cpp:
        * loader/ResourceLoader.h:
        * loader/SinkDocument.cpp:
        * loader/SinkDocument.h:
        * loader/SubframeLoader.cpp:
        * loader/SubframeLoader.h:
        * loader/SubresourceLoader.cpp:
        * loader/SubresourceLoader.h:
        * loader/SubstituteData.h:
        * loader/TextTrackLoader.cpp:
        * loader/appcache/ApplicationCacheAllInOne.cpp:
        * loader/archive/Archive.cpp:
        * loader/archive/Archive.h:
        * loader/archive/ArchiveFactory.cpp:
        * loader/archive/ArchiveFactory.h:
        * loader/archive/ArchiveResource.cpp:
        * loader/archive/ArchiveResource.h:
        * loader/archive/ArchiveResourceCollection.cpp:
        * loader/archive/ArchiveResourceCollection.h:
        * loader/archive/cf/LegacyWebArchive.cpp:
        * loader/archive/cf/LegacyWebArchive.h:
        * loader/archive/cf/LegacyWebArchiveMac.mm:
        * loader/cache/CachePolicy.h:
        * loader/cache/CachedCSSStyleSheet.cpp:
        * loader/cache/CachedFont.cpp:
        * loader/cache/CachedFont.h:
        * loader/cache/CachedResourceRequest.cpp:
        * loader/cache/CachedResourceRequest.h:
        * loader/cache/CachedResourceRequestInitiators.cpp:
        * loader/cache/CachedResourceRequestInitiators.h:
        * loader/cf/ResourceLoaderCFNet.cpp:
        * loader/icon/IconController.cpp:
        * loader/icon/IconController.h:
        * loader/icon/IconDatabase.cpp:
        * loader/icon/IconDatabase.h:
        * loader/icon/IconDatabaseBase.cpp:
        * loader/icon/IconDatabaseBase.h:
        * loader/icon/IconDatabaseClient.h:
        * loader/icon/IconLoader.cpp:
        * loader/icon/IconLoader.h:
        * loader/icon/IconRecord.cpp:
        * loader/icon/IconRecord.h:
        * loader/icon/PageURLRecord.cpp:
        * loader/icon/PageURLRecord.h:
        * loader/mac/DocumentLoaderMac.cpp:
        * loader/mac/LoaderNSURLExtras.h:
        * loader/mac/LoaderNSURLExtras.mm:
        * loader/mac/ResourceBuffer.mm:
        * loader/mac/ResourceLoaderMac.mm:
        * loader/win/DocumentLoaderWin.cpp:
        * loader/win/FrameLoaderWin.cpp:
        * mathml/MathMLAllInOne.cpp:
        * page/AbstractView.idl:
        * page/AlternativeTextClient.h:
        * page/AutoscrollController.cpp:
        * page/AutoscrollController.h:
        * page/BarProp.cpp:
        * page/BarProp.h:
        * page/BarProp.idl:
        * page/ContentSecurityPolicy.cpp:
        * page/ContentSecurityPolicy.h:
        * page/ContextMenuClient.h:
        * page/ContextMenuContext.cpp:
        * page/ContextMenuContext.h:
        * page/ContextMenuController.cpp:
        * page/ContextMenuController.h:
        * page/DOMSecurityPolicy.cpp:
        * page/DOMSecurityPolicy.h:
        * page/DOMSelection.cpp:
        * page/DOMSelection.h:
        * page/DOMSelection.idl:
        * page/DOMTimer.cpp:
        * page/DOMTimer.h:
        * page/DOMWindow.cpp:
        * page/DOMWindow.h:
        * page/DOMWindow.idl:
        * page/DragActions.h:
        * page/DragClient.h:
        * page/DragController.cpp:
        * page/DragController.h:
        * page/DragSession.h:
        * page/DragState.h:
        * page/EditorClient.h:
        * page/EventHandler.cpp:
        * page/EventHandler.h:
        * page/FocusController.cpp:
        * page/FocusController.h:
        * page/FocusDirection.h:
        * page/FrameTree.h:
        * page/GestureTapHighlighter.cpp:
        * page/GestureTapHighlighter.h:
        * page/History.cpp:
        * page/History.h:
        * page/History.idl:
        * page/Location.cpp:
        * page/Location.h:
        * page/Location.idl:
        * page/MouseEventWithHitTestResults.cpp:
        * page/MouseEventWithHitTestResults.h:
        * page/Navigator.cpp:
        * page/NavigatorBase.cpp:
        * page/NavigatorBase.h:
        * page/PageConsole.cpp:
        * page/PageConsole.h:
        * page/Screen.cpp:
        * page/Screen.h:
        * page/Screen.idl:
        * page/SecurityOrigin.cpp:
        * page/SecurityOrigin.h:
        * page/SecurityOriginHash.h:
        * page/Settings.cpp:
        * page/Settings.h:
        * page/SpatialNavigation.cpp:
        * page/SuspendableTimer.cpp:
        * page/SuspendableTimer.h:
        * page/UserContentTypes.h:
        * page/UserContentURLPattern.cpp:
        * page/UserContentURLPattern.h:
        * page/UserScript.h:
        * page/UserScriptTypes.h:
        * page/UserStyleSheet.h:
        * page/UserStyleSheetTypes.h:
        * page/WebCoreKeyboardUIMode.h:
        * page/WebKitPoint.h:
        * page/WebKitPoint.idl:
        * page/WindowBase64.idl:
        * page/WindowFeatures.h:
        * page/WindowFocusAllowedIndicator.cpp:
        * page/WindowFocusAllowedIndicator.h:
        * page/WindowTimers.idl:
        * page/WorkerNavigator.cpp:
        * page/WorkerNavigator.h:
        * page/WorkerNavigator.idl:
        * page/animation/AnimationBase.cpp:
        * page/animation/AnimationBase.h:
        * page/animation/AnimationController.cpp:
        * page/animation/AnimationController.h:
        * page/animation/AnimationControllerPrivate.h:
        * page/animation/CSSPropertyAnimation.cpp:
        * page/animation/CSSPropertyAnimation.h:
        * page/animation/CompositeAnimation.cpp:
        * page/animation/CompositeAnimation.h:
        * page/animation/ImplicitAnimation.cpp:
        * page/animation/ImplicitAnimation.h:
        * page/animation/KeyframeAnimation.cpp:
        * page/animation/KeyframeAnimation.h:
        * page/efl/DragControllerEfl.cpp:
        * page/efl/EventHandlerEfl.cpp:
        * page/gtk/DragControllerGtk.cpp:
        * page/gtk/EventHandlerGtk.cpp:
        * page/ios/EventHandlerIOS.mm:
        * page/mac/DragControllerMac.mm:
        * page/mac/EventHandlerMac.mm:
        * page/mac/PageMac.cpp:
        * page/mac/WebCoreFrameView.h:
        * page/make_settings.pl:
        * page/win/DragControllerWin.cpp:
        * page/win/EventHandlerWin.cpp:
        * page/win/FrameCGWin.cpp:
        * page/win/FrameCairoWin.cpp:
        * page/win/FrameGdiWin.cpp:
        * page/win/FrameWin.cpp:
        * page/win/FrameWin.h:
        * pdf/ios/PDFDocument.h:
        * platform/Clock.cpp:
        * platform/Clock.h:
        * platform/ClockGeneric.cpp:
        * platform/ClockGeneric.h:
        * platform/ColorChooser.h:
        * platform/ColorChooserClient.h:
        * platform/ContentType.cpp:
        * platform/ContentType.h:
        * platform/ContextMenu.h:
        * platform/ContextMenuItem.h:
        * platform/Cookie.h:
        * platform/Cursor.h:
        * platform/DragData.cpp:
        * platform/DragData.h:
        * platform/DragImage.cpp:
        * platform/DragImage.h:
        * platform/FileChooser.cpp:
        * platform/FileChooser.h:
        * platform/FileSystem.h:
        * platform/FloatConversion.h:
        * platform/KillRing.h:
        * platform/LinkHash.h:
        * platform/LocalizedStrings.cpp:
        * platform/LocalizedStrings.h:
        * platform/Logging.cpp:
        * platform/Logging.h:
        * platform/MIMETypeRegistry.cpp:
        * platform/MIMETypeRegistry.h:
        * platform/MediaDescription.h:
        * platform/MediaSample.h:
        * platform/NotImplemented.h:
        * platform/PODFreeListArena.h:
        * platform/Pasteboard.h:
        * platform/PasteboardStrategy.h:
        * platform/PlatformExportMacros.h:
        * platform/PlatformKeyboardEvent.h:
        * platform/PlatformMenuDescription.h:
        * platform/PlatformMouseEvent.h:
        * platform/PlatformPasteboard.h:
        * platform/PlatformScreen.h:
        * platform/PlatformSpeechSynthesis.h:
        * platform/PlatformSpeechSynthesisUtterance.cpp:
        * platform/PlatformSpeechSynthesisUtterance.h:
        * platform/PlatformSpeechSynthesisVoice.cpp:
        * platform/PlatformSpeechSynthesisVoice.h:
        * platform/PlatformSpeechSynthesizer.cpp:
        * platform/PlatformSpeechSynthesizer.h:
        * platform/PlatformWheelEvent.h:
        * platform/PopupMenuClient.h:
        * platform/RemoteCommandListener.cpp:
        * platform/RemoteCommandListener.h:
        * platform/SSLKeyGenerator.h:
        * platform/SchemeRegistry.cpp:
        * platform/SchemeRegistry.h:
        * platform/ScrollTypes.h:
        * platform/ScrollView.cpp:
        * platform/ScrollView.h:
        * platform/Scrollbar.cpp:
        * platform/Scrollbar.h:
        * platform/SharedBuffer.cpp:
        * platform/SharedBuffer.h:
        * platform/SharedTimer.h:
        * platform/Sound.h:
        * platform/ThreadCheck.h:
        * platform/ThreadGlobalData.cpp:
        * platform/ThreadGlobalData.h:
        * platform/ThreadTimers.cpp:
        * platform/ThreadTimers.h:
        * platform/Timer.cpp:
        * platform/Timer.h:
        * platform/URL.cpp:
        * platform/URL.h:
        * platform/Widget.cpp:
        * platform/Widget.h:
        * platform/animation/AnimationUtilities.h:
        * platform/audio/AudioArray.h:
        * platform/audio/AudioBus.cpp:
        * platform/audio/AudioBus.h:
        * platform/audio/AudioChannel.cpp:
        * platform/audio/AudioChannel.h:
        * platform/audio/AudioDestination.h:
        * platform/audio/AudioFIFO.cpp:
        * platform/audio/AudioFIFO.h:
        * platform/audio/AudioFileReader.h:
        * platform/audio/AudioIOCallback.h:
        * platform/audio/AudioPullFIFO.cpp:
        * platform/audio/AudioPullFIFO.h:
        * platform/audio/AudioSourceProvider.h:
        * platform/audio/Biquad.cpp:
        * platform/audio/Biquad.h:
        * platform/audio/Cone.cpp:
        * platform/audio/Cone.h:
        * platform/audio/DirectConvolver.cpp:
        * platform/audio/DirectConvolver.h:
        * platform/audio/Distance.cpp:
        * platform/audio/Distance.h:
        * platform/audio/DownSampler.cpp:
        * platform/audio/DownSampler.h:
        * platform/audio/DynamicsCompressor.cpp:
        * platform/audio/DynamicsCompressor.h:
        * platform/audio/DynamicsCompressorKernel.cpp:
        * platform/audio/DynamicsCompressorKernel.h:
        * platform/audio/FFTConvolver.cpp:
        * platform/audio/FFTConvolver.h:
        * platform/audio/FFTFrame.cpp:
        * platform/audio/FFTFrame.h:
        * platform/audio/HRTFDatabase.cpp:
        * platform/audio/HRTFDatabase.h:
        * platform/audio/HRTFDatabaseLoader.cpp:
        * platform/audio/HRTFDatabaseLoader.h:
        * platform/audio/HRTFElevation.cpp:
        * platform/audio/HRTFElevation.h:
        * platform/audio/HRTFKernel.cpp:
        * platform/audio/HRTFKernel.h:
        * platform/audio/MultiChannelResampler.cpp:
        * platform/audio/MultiChannelResampler.h:
        * platform/audio/Panner.cpp:
        * platform/audio/Panner.h:
        * platform/audio/Reverb.cpp:
        * platform/audio/Reverb.h:
        * platform/audio/ReverbAccumulationBuffer.cpp:
        * platform/audio/ReverbAccumulationBuffer.h:
        * platform/audio/ReverbConvolver.cpp:
        * platform/audio/ReverbConvolver.h:
        * platform/audio/ReverbConvolverStage.cpp:
        * platform/audio/ReverbConvolverStage.h:
        * platform/audio/ReverbInputBuffer.cpp:
        * platform/audio/ReverbInputBuffer.h:
        * platform/audio/SincResampler.cpp:
        * platform/audio/SincResampler.h:
        * platform/audio/UpSampler.cpp:
        * platform/audio/UpSampler.h:
        * platform/audio/ZeroPole.cpp:
        * platform/audio/ZeroPole.h:
        * platform/audio/ios/AudioDestinationIOS.cpp:
        * platform/audio/ios/AudioDestinationIOS.h:
        * platform/audio/ios/AudioFileReaderIOS.cpp:
        * platform/audio/ios/AudioFileReaderIOS.h:
        * platform/audio/mac/AudioDestinationMac.cpp:
        * platform/audio/mac/AudioDestinationMac.h:
        * platform/audio/mac/AudioFileReaderMac.cpp:
        * platform/audio/mac/AudioFileReaderMac.h:
        * platform/audio/mac/FFTFrameMac.cpp:
        * platform/cf/FileSystemCF.cpp:
        * platform/cf/SharedBufferCF.cpp:
        * platform/cf/URLCF.cpp:
        * platform/cocoa/KeyEventCocoa.h:
        * platform/cocoa/KeyEventCocoa.mm:
        * platform/efl/CursorEfl.cpp:
        * platform/efl/EflKeyboardUtilities.cpp:
        * platform/efl/EflKeyboardUtilities.h:
        * platform/efl/FileSystemEfl.cpp:
        * platform/efl/LanguageEfl.cpp:
        * platform/efl/LocalizedStringsEfl.cpp:
        * platform/efl/MIMETypeRegistryEfl.cpp:
        * platform/efl/PlatformKeyboardEventEfl.cpp:
        * platform/efl/PlatformMouseEventEfl.cpp:
        * platform/efl/PlatformScreenEfl.cpp:
        * platform/efl/PlatformWheelEventEfl.cpp:
        * platform/efl/RenderThemeEfl.h:
        * platform/efl/ScrollbarEfl.h:
        * platform/efl/SharedTimerEfl.cpp:
        * platform/efl/SoundEfl.cpp:
        * platform/efl/TemporaryLinkStubs.cpp:
        * platform/efl/WidgetEfl.cpp:
        * platform/graphics/ANGLEWebKitBridge.cpp:
        * platform/graphics/ANGLEWebKitBridge.h:
        * platform/graphics/AudioTrackPrivate.h:
        * platform/graphics/BitmapImage.cpp:
        * platform/graphics/BitmapImage.h:
        * platform/graphics/Color.cpp:
        * platform/graphics/Color.h:
        * platform/graphics/CrossfadeGeneratedImage.cpp:
        * platform/graphics/CrossfadeGeneratedImage.h:
        * platform/graphics/DashArray.h:
        * platform/graphics/DisplayRefreshMonitor.cpp:
        * platform/graphics/DisplayRefreshMonitor.h:
        * platform/graphics/FloatPoint.cpp:
        * platform/graphics/FloatPoint.h:
        * platform/graphics/FloatQuad.cpp:
        * platform/graphics/FloatQuad.h:
        * platform/graphics/FloatRect.cpp:
        * platform/graphics/FloatRect.h:
        * platform/graphics/FloatSize.cpp:
        * platform/graphics/FloatSize.h:
        * platform/graphics/FontBaseline.h:
        * platform/graphics/FontCache.cpp:
        * platform/graphics/FontCache.h:
        * platform/graphics/FontData.cpp:
        * platform/graphics/FontData.h:
        * platform/graphics/FontDescription.cpp:
        * platform/graphics/FontFeatureSettings.cpp:
        * platform/graphics/FontFeatureSettings.h:
        * platform/graphics/FontGlyphs.cpp:
        * platform/graphics/FontOrientation.h:
        * platform/graphics/FontRenderingMode.h:
        * platform/graphics/FontSelector.h:
        * platform/graphics/FontWidthVariant.h:
        * platform/graphics/FormatConverter.cpp:
        * platform/graphics/FormatConverter.h:
        * platform/graphics/GeneratedImage.h:
        * platform/graphics/Glyph.h:
        * platform/graphics/GlyphBuffer.h:
        * platform/graphics/GlyphMetricsMap.h:
        * platform/graphics/GlyphPage.h:
        * platform/graphics/GlyphPageTreeNode.cpp:
        * platform/graphics/GlyphPageTreeNode.h:
        * platform/graphics/Gradient.cpp:
        * platform/graphics/Gradient.h:
        * platform/graphics/GradientImage.h:
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/GraphicsContext3D.cpp:
        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/GraphicsLayer.cpp:
        * platform/graphics/GraphicsLayer.h:
        * platform/graphics/GraphicsLayerClient.h:
        * platform/graphics/GraphicsTypes.cpp:
        * platform/graphics/GraphicsTypes.h:
        * platform/graphics/GraphicsTypes3D.h:
        * platform/graphics/Image.cpp:
        * platform/graphics/Image.h:
        * platform/graphics/ImageBuffer.cpp:
        * platform/graphics/ImageBuffer.h:
        * platform/graphics/ImageBufferData.h:
        * platform/graphics/ImageObserver.h:
        * platform/graphics/ImageSource.cpp:
        * platform/graphics/ImageSource.h:
        * platform/graphics/InbandTextTrackPrivate.h:
        * platform/graphics/InbandTextTrackPrivateClient.h:
        * platform/graphics/IntPoint.cpp:
        * platform/graphics/IntPoint.h:
        * platform/graphics/IntSize.cpp:
        * platform/graphics/IntSize.h:
        * platform/graphics/MediaPlayer.cpp:
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:
        * platform/graphics/MediaSourcePrivateClient.h:
        * platform/graphics/NativeImagePtr.h:
        * platform/graphics/OpenGLESShims.h:
        * platform/graphics/Path.cpp:
        * platform/graphics/Path.h:
        * platform/graphics/PathTraversalState.h:
        * platform/graphics/Pattern.cpp:
        * platform/graphics/Pattern.h:
        * platform/graphics/PlatformLayer.h:
        * platform/graphics/PlatformTimeRanges.cpp:
        * platform/graphics/PlatformTimeRanges.h:
        * platform/graphics/SegmentedFontData.cpp:
        * platform/graphics/SegmentedFontData.h:
        * platform/graphics/ShadowBlur.cpp:
        * platform/graphics/ShadowBlur.h:
        * platform/graphics/SimpleFontData.cpp:
        * platform/graphics/SourceBufferPrivateClient.h:
        * platform/graphics/StringTruncator.cpp:
        * platform/graphics/StringTruncator.h:
        * platform/graphics/TrackPrivateBase.h:
        * platform/graphics/VideoTrackPrivate.h:
        * platform/graphics/WindRule.h:
        * platform/graphics/avfoundation/AVTrackPrivateAVFObjCImpl.h:
        * platform/graphics/avfoundation/AVTrackPrivateAVFObjCImpl.mm:
        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.h:
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
        * platform/graphics/avfoundation/cf/AVFoundationCFSoftLinking.h:
        * platform/graphics/avfoundation/cf/CoreMediaSoftLinking.h:
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.cpp:
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.h:
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateLegacyAVCF.cpp:
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateLegacyAVCF.h:
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h:
        * platform/graphics/avfoundation/objc/AudioTrackPrivateMediaSourceAVFObjC.cpp:
        * platform/graphics/avfoundation/objc/AudioTrackPrivateMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.mm:
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateLegacyAVFObjC.h:
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateLegacyAVFObjC.mm:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        * platform/graphics/avfoundation/objc/VideoTrackPrivateMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/VideoTrackPrivateMediaSourceAVFObjC.mm:
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        * platform/graphics/ca/GraphicsLayerCA.h:
        * platform/graphics/ca/LayerFlushScheduler.cpp:
        * platform/graphics/ca/LayerFlushScheduler.h:
        * platform/graphics/ca/LayerFlushSchedulerClient.h:
        * platform/graphics/ca/PlatformCAAnimation.h:
        * platform/graphics/ca/PlatformCAFilters.h:
        * platform/graphics/ca/PlatformCALayer.cpp:
        * platform/graphics/ca/PlatformCALayer.h:
        * platform/graphics/ca/PlatformCALayerClient.h:
        * platform/graphics/ca/TransformationMatrixCA.cpp:
        * platform/graphics/ca/mac/LayerFlushSchedulerMac.cpp:
        * platform/graphics/ca/mac/LayerPool.mm:
        * platform/graphics/ca/mac/PlatformCAAnimationMac.mm:
        * platform/graphics/ca/mac/PlatformCAFiltersMac.h:
        * platform/graphics/ca/mac/PlatformCAFiltersMac.mm:
        * platform/graphics/ca/mac/PlatformCALayerMac.h:
        * platform/graphics/ca/mac/PlatformCALayerMac.mm:
        * platform/graphics/ca/mac/WebTiledBackingLayer.h:
        * platform/graphics/ca/mac/WebTiledBackingLayer.mm:
        * platform/graphics/ca/win/AbstractCACFLayerTreeHost.h:
        * platform/graphics/ca/win/CACFLayerTreeHost.cpp:
        * platform/graphics/ca/win/CACFLayerTreeHost.h:
        * platform/graphics/ca/win/CACFLayerTreeHostClient.h:
        * platform/graphics/ca/win/LayerChangesFlusher.cpp:
        * platform/graphics/ca/win/LayerChangesFlusher.h:
        * platform/graphics/ca/win/LegacyCACFLayerTreeHost.cpp:
        * platform/graphics/ca/win/LegacyCACFLayerTreeHost.h:
        * platform/graphics/ca/win/PlatformCAAnimationWin.cpp:
        * platform/graphics/ca/win/PlatformCAFiltersWin.cpp:
        * platform/graphics/ca/win/PlatformCALayerWin.cpp:
        * platform/graphics/ca/win/PlatformCALayerWin.h:
        * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp:
        * platform/graphics/ca/win/PlatformCALayerWinInternal.h:
        * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp:
        * platform/graphics/ca/win/WKCACFViewLayerTreeHost.h:
        * platform/graphics/cairo/BitmapImageCairo.cpp:
        * platform/graphics/cairo/CairoUtilities.cpp:
        * platform/graphics/cairo/CairoUtilities.h:
        * platform/graphics/cairo/DrawingBufferCairo.cpp:
        * platform/graphics/cairo/FloatRectCairo.cpp:
        * platform/graphics/cairo/FontCairo.cpp:
        * platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:
        * platform/graphics/cairo/GradientCairo.cpp:
        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        * platform/graphics/cairo/GraphicsContextPlatformPrivateCairo.h:
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        * platform/graphics/cairo/ImageBufferDataCairo.h:
        * platform/graphics/cairo/ImageCairo.cpp:
        * platform/graphics/cairo/PatternCairo.cpp:
        * platform/graphics/cairo/PlatformContextCairo.cpp:
        * platform/graphics/cairo/PlatformContextCairo.h:
        * platform/graphics/cairo/TransformationMatrixCairo.cpp:
        * platform/graphics/cg/BitmapImageCG.cpp:
        * platform/graphics/cg/ColorCG.cpp:
        * platform/graphics/cg/FloatPointCG.cpp:
        * platform/graphics/cg/FloatRectCG.cpp:
        * platform/graphics/cg/FloatSizeCG.cpp:
        * platform/graphics/cg/GradientCG.cpp:
        * platform/graphics/cg/GraphicsContext3DCG.cpp:
        * platform/graphics/cg/GraphicsContextCG.cpp:
        * platform/graphics/cg/GraphicsContextCG.h:
        * platform/graphics/cg/GraphicsContextPlatformPrivateCG.h:
        * platform/graphics/cg/ImageBufferCG.cpp:
        * platform/graphics/cg/ImageBufferDataCG.cpp:
        * platform/graphics/cg/ImageBufferDataCG.h:
        * platform/graphics/cg/ImageCG.cpp:
        * platform/graphics/cg/ImageSourceCG.cpp:
        * platform/graphics/cg/IntPointCG.cpp:
        * platform/graphics/cg/IntRectCG.cpp:
        * platform/graphics/cg/IntSizeCG.cpp:
        * platform/graphics/cg/PDFDocumentImage.cpp:
        * platform/graphics/cg/PDFDocumentImage.h:
        * platform/graphics/cg/PathCG.cpp:
        * platform/graphics/cg/PatternCG.cpp:
        * platform/graphics/cg/TransformationMatrixCG.cpp:
        * platform/graphics/efl/IconEfl.cpp:
        * platform/graphics/efl/ImageEfl.cpp:
        * platform/graphics/filters/FilterOperation.cpp:
        * platform/graphics/filters/FilterOperation.h:
        * platform/graphics/filters/FilterOperations.cpp:
        * platform/graphics/filters/FilterOperations.h:
        * platform/graphics/freetype/FontPlatformDataFreeType.cpp:
        * platform/graphics/freetype/GlyphPageTreeNodeFreeType.cpp:
        * platform/graphics/freetype/SimpleFontDataFreeType.cpp:
        * platform/graphics/gpu/mac/DrawingBufferMac.mm:
        * platform/graphics/gtk/GdkCairoUtilities.cpp:
        * platform/graphics/gtk/GdkCairoUtilities.h:
        * platform/graphics/gtk/IconGtk.cpp:
        * platform/graphics/gtk/ImageGtk.cpp:
        * platform/graphics/ios/DisplayRefreshMonitorIOS.mm:
        * platform/graphics/ios/FontCacheIOS.mm:
        * platform/graphics/ios/GraphicsContext3DIOS.h:
        * platform/graphics/ios/InbandTextTrackPrivateAVFIOS.h:
        * platform/graphics/ios/InbandTextTrackPrivateAVFIOS.mm:
        * platform/graphics/ios/MediaPlayerPrivateIOS.h:
        * platform/graphics/ios/MediaPlayerPrivateIOS.mm:
        * platform/graphics/mac/ColorMac.h:
        * platform/graphics/mac/ColorMac.mm:
        * platform/graphics/mac/DisplayRefreshMonitorMac.cpp:
        * platform/graphics/mac/FloatPointMac.mm:
        * platform/graphics/mac/FloatRectMac.mm:
        * platform/graphics/mac/FloatSizeMac.mm:
        * platform/graphics/mac/FontCacheMac.mm:
        * platform/graphics/mac/FontCustomPlatformData.h:
        * platform/graphics/mac/GlyphPageTreeNodeMac.cpp:
        * platform/graphics/mac/GraphicsContext3DMac.mm:
        * platform/graphics/mac/GraphicsContextMac.mm:
        * platform/graphics/mac/ImageMac.mm:
        * platform/graphics/mac/IntPointMac.mm:
        * platform/graphics/mac/IntRectMac.mm:
        * platform/graphics/mac/IntSizeMac.mm:
        * platform/graphics/mac/MediaPlayerPrivateQTKit.h:
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        * platform/graphics/mac/MediaPlayerProxy.h:
        * platform/graphics/mac/WebCoreCALayerExtras.h:
        * platform/graphics/mac/WebCoreCALayerExtras.mm:
        * platform/graphics/mac/WebGLLayer.h:
        * platform/graphics/mac/WebGLLayer.mm:
        * platform/graphics/mac/WebLayer.h:
        * platform/graphics/mac/WebLayer.mm:
        * platform/graphics/mac/WebTiledLayer.h:
        * platform/graphics/mac/WebTiledLayer.mm:
        * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
        * platform/graphics/opentype/OpenTypeUtilities.cpp:
        * platform/graphics/opentype/OpenTypeUtilities.h:
        * platform/graphics/transforms/AffineTransform.cpp:
        * platform/graphics/transforms/AffineTransform.h:
        * platform/graphics/transforms/Matrix3DTransformOperation.cpp:
        * platform/graphics/transforms/Matrix3DTransformOperation.h:
        * platform/graphics/transforms/PerspectiveTransformOperation.cpp:
        * platform/graphics/transforms/PerspectiveTransformOperation.h:
        * platform/graphics/transforms/TransformState.cpp:
        * platform/graphics/transforms/TransformState.h:
        * platform/graphics/transforms/TransformationMatrix.cpp:
        * platform/graphics/transforms/TransformationMatrix.h:
        * platform/graphics/win/FontCGWin.cpp:
        * platform/graphics/win/FontCacheWin.cpp:
        * platform/graphics/win/FontCustomPlatformDataCairo.cpp:
        * platform/graphics/win/FontWin.cpp:
        * platform/graphics/win/FullScreenController.cpp:
        * platform/graphics/win/FullScreenController.h:
        * platform/graphics/win/FullScreenControllerClient.h:
        * platform/graphics/win/GlyphPageTreeNodeCGWin.cpp:
        * platform/graphics/win/GlyphPageTreeNodeCairoWin.cpp:
        * platform/graphics/win/GraphicsContextCGWin.cpp:
        * platform/graphics/win/GraphicsContextCairoWin.cpp:
        * platform/graphics/win/GraphicsContextWin.cpp:
        * platform/graphics/win/ImageCGWin.cpp:
        * platform/graphics/win/ImageCairoWin.cpp:
        * platform/graphics/win/ImageWin.cpp:
        * platform/graphics/win/IntPointWin.cpp:
        * platform/graphics/win/IntRectWin.cpp:
        * platform/graphics/win/IntSizeWin.cpp:
        * platform/graphics/win/LocalWindowsContext.h:
        * platform/graphics/win/MediaPlayerPrivateTaskTimer.cpp:
        * platform/graphics/win/MediaPlayerPrivateTaskTimer.h:
        * platform/graphics/win/SimpleFontDataCGWin.cpp:
        * platform/graphics/win/SimpleFontDataCairoWin.cpp:
        * platform/graphics/win/SimpleFontDataWin.cpp:
        * platform/graphics/win/TransformationMatrixWin.cpp:
        * platform/graphics/wince/FontCacheWinCE.cpp:
        * platform/graphics/wince/FontWinCE.cpp:
        * platform/graphics/wince/MediaPlayerPrivateWinCE.h:
        * platform/graphics/wince/SimpleFontDataWinCE.cpp:
        * platform/gtk/CompositionResults.h:
        * platform/gtk/CursorGtk.cpp:
        * platform/gtk/GtkPluginWidget.cpp:
        * platform/gtk/GtkPluginWidget.h:
        * platform/gtk/LocalizedStringsGtk.cpp:
        * platform/gtk/MIMETypeRegistryGtk.cpp:
        * platform/gtk/PlatformKeyboardEventGtk.cpp:
        * platform/gtk/PlatformMouseEventGtk.cpp:
        * platform/gtk/PlatformScreenGtk.cpp:
        * platform/gtk/PlatformWheelEventGtk.cpp:
        * platform/gtk/RedirectedXCompositeWindow.cpp:
        * platform/gtk/RedirectedXCompositeWindow.h:
        * platform/gtk/RenderThemeGtk.h:
        * platform/gtk/ScrollViewGtk.cpp:
        * platform/gtk/SharedTimerGtk.cpp:
        * platform/gtk/TemporaryLinkStubs.cpp:
        * platform/gtk/UserAgentGtk.cpp:
        * platform/gtk/UserAgentGtk.h:
        * platform/gtk/WidgetGtk.cpp:
        * platform/gtk/WidgetRenderingContext.cpp:
        * platform/image-decoders/ImageDecoder.h:
        * platform/image-decoders/cairo/ImageDecoderCairo.cpp:
        * platform/image-decoders/gif/GIFImageDecoder.cpp:
        * platform/image-decoders/gif/GIFImageDecoder.h:
        * platform/image-decoders/gif/GIFImageReader.cpp:
        * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
        * platform/image-decoders/jpeg/JPEGImageDecoder.h:
        * platform/image-decoders/png/PNGImageDecoder.cpp:
        * platform/image-decoders/png/PNGImageDecoder.h:
        * platform/image-decoders/webp/WEBPImageDecoder.cpp:
        * platform/image-decoders/webp/WEBPImageDecoder.h:
        * platform/ios/CursorIOS.cpp:
        * platform/ios/DragImageIOS.mm:
        * platform/ios/KeyEventCodesIOS.h:
        * platform/ios/KeyEventIOS.mm:
        * platform/ios/PlatformPasteboardIOS.mm:
        * platform/ios/PlatformScreenIOS.mm:
        * platform/ios/PlatformSpeechSynthesizerIOS.mm:
        * platform/ios/RemoteCommandListenerIOS.h:
        * platform/ios/RemoteCommandListenerIOS.mm:
        * platform/ios/ScrollViewIOS.mm:
        * platform/ios/SoundIOS.mm:
        * platform/ios/SystemMemory.h:
        * platform/ios/SystemMemoryIOS.cpp:
        * platform/ios/WebCoreSystemInterfaceIOS.h:
        * platform/ios/WebCoreSystemInterfaceIOS.mm:
        * platform/ios/WidgetIOS.mm:
        * platform/mac/BlockExceptions.h:
        * platform/mac/BlockExceptions.mm:
        * platform/mac/ContextMenuItemMac.mm:
        * platform/mac/ContextMenuMac.mm:
        * platform/mac/CursorMac.mm:
        * platform/mac/DragDataMac.mm:
        * platform/mac/DragImageMac.mm:
        * platform/mac/FileSystemMac.mm:
        * platform/mac/KeyEventMac.mm:
        * platform/mac/LocalCurrentGraphicsContext.h:
        * platform/mac/LocalCurrentGraphicsContext.mm:
        * platform/mac/LoggingMac.mm:
        * platform/mac/MIMETypeRegistryMac.mm:
        * platform/mac/MediaTimeMac.cpp:
        * platform/mac/MediaTimeMac.h:
        * platform/mac/PasteboardMac.mm:
        * platform/mac/PlatformClockCA.cpp:
        * platform/mac/PlatformClockCA.h:
        * platform/mac/PlatformClockCM.h:
        * platform/mac/PlatformClockCM.mm:
        * platform/mac/PlatformPasteboardMac.mm:
        * platform/mac/PlatformScreenMac.mm:
        * platform/mac/PlatformSpeechSynthesisMac.mm:
        * platform/mac/PlatformSpeechSynthesizerMac.mm:
        * platform/mac/ScrollViewMac.mm:
        * platform/mac/SharedBufferMac.mm:
        * platform/mac/SharedTimerMac.mm:
        * platform/mac/SoftLinking.h:
        * platform/mac/SoundMac.mm:
        * platform/mac/ThreadCheck.mm:
        * platform/mac/URLMac.mm:
        * platform/mac/WebCoreNSStringExtras.h:
        * platform/mac/WebCoreNSStringExtras.mm:
        * platform/mac/WebCoreNSURLExtras.h:
        * platform/mac/WebCoreNSURLExtras.mm:
        * platform/mac/WebCoreObjCExtras.h:
        * platform/mac/WebCoreObjCExtras.mm:
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:
        * platform/mac/WebCoreView.h:
        * platform/mac/WebCoreView.m:
        * platform/mac/WebFontCache.h:
        * platform/mac/WebFontCache.mm:
        * platform/mac/WebWindowAnimation.h:
        * platform/mac/WebWindowAnimation.mm:
        * platform/mac/WidgetMac.mm:
        * platform/mediastream/MediaStreamConstraintsValidationClient.h:
        * platform/mediastream/MediaStreamCreationClient.h:
        * platform/mediastream/MediaStreamSourceCapabilities.h:
        * platform/mediastream/MediaStreamSourceStates.h:
        * platform/mediastream/MediaStreamTrackSourcesRequestClient.h:
        * platform/mediastream/RTCIceServer.h:
        * platform/mediastream/mac/AVAudioCaptureSource.h:
        * platform/mediastream/mac/AVAudioCaptureSource.mm:
        * platform/mediastream/mac/AVCaptureDeviceManager.h:
        * platform/mediastream/mac/AVCaptureDeviceManager.mm:
        * platform/mediastream/mac/AVMediaCaptureSource.h:
        * platform/mediastream/mac/AVMediaCaptureSource.mm:
        * platform/mediastream/mac/AVVideoCaptureSource.h:
        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        * platform/mock/MockMediaStreamCenter.cpp:
        * platform/mock/MockMediaStreamCenter.h:
        * platform/mock/PlatformSpeechSynthesizerMock.cpp:
        * platform/mock/PlatformSpeechSynthesizerMock.h:
        * platform/mock/mediasource/MockBox.cpp:
        * platform/mock/mediasource/MockBox.h:
        * platform/mock/mediasource/MockMediaPlayerMediaSource.cpp:
        * platform/mock/mediasource/MockMediaPlayerMediaSource.h:
        * platform/mock/mediasource/MockMediaSourcePrivate.cpp:
        * platform/mock/mediasource/MockMediaSourcePrivate.h:
        * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
        * platform/mock/mediasource/MockSourceBufferPrivate.h:
        * platform/mock/mediasource/MockTracks.cpp:
        * platform/mock/mediasource/MockTracks.h:
        * platform/network/AuthenticationChallengeBase.cpp:
        * platform/network/AuthenticationChallengeBase.h:
        * platform/network/Credential.cpp:
        * platform/network/Credential.h:
        * platform/network/DNS.h:
        * platform/network/DNSResolveQueue.cpp:
        * platform/network/DNSResolveQueue.h:
        * platform/network/DataURL.cpp:
        * platform/network/DataURL.h:
        * platform/network/HTTPHeaderMap.h:
        * platform/network/HTTPParsers.cpp:
        * platform/network/HTTPParsers.h:
        * platform/network/PlatformCookieJar.h:
        * platform/network/ProtectionSpace.cpp:
        * platform/network/ProtectionSpace.h:
        * platform/network/ResourceErrorBase.cpp:
        * platform/network/ResourceErrorBase.h:
        * platform/network/ResourceHandle.cpp:
        * platform/network/ResourceHandle.h:
        * platform/network/ResourceHandleClient.h:
        * platform/network/ResourceHandleInternal.h:
        * platform/network/ResourceRequestBase.cpp:
        * platform/network/ResourceRequestBase.h:
        * platform/network/ResourceResponseBase.cpp:
        * platform/network/ResourceResponseBase.h:
        * platform/network/cf/AuthenticationCF.cpp:
        * platform/network/cf/AuthenticationCF.h:
        * platform/network/cf/AuthenticationChallenge.h:
        * platform/network/cf/CookieJarCFNet.cpp:
        * platform/network/cf/CookieStorageCFNet.cpp:
        * platform/network/cf/DNSCFNet.cpp:
        * platform/network/cf/DownloadBundle.h:
        * platform/network/cf/FormDataStreamCFNet.cpp:
        * platform/network/cf/FormDataStreamCFNet.h:
        * platform/network/cf/ResourceError.h:
        * platform/network/cf/ResourceErrorCF.cpp:
        * platform/network/cf/ResourceHandleCFNet.cpp:
        * platform/network/cf/ResourceHandleCFURLConnectionDelegate.cpp:
        * platform/network/cf/ResourceHandleCFURLConnectionDelegate.h:
        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.h:
        * platform/network/cf/ResourceRequest.h:
        * platform/network/cf/ResourceRequestCFNet.cpp:
        * platform/network/cf/ResourceRequestCFNet.h:
        * platform/network/cf/ResourceResponse.h:
        * platform/network/cf/ResourceResponseCFNet.cpp:
        * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp:
        * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.h:
        * platform/network/curl/AuthenticationChallenge.h:
        * platform/network/curl/CurlDownload.cpp:
        * platform/network/curl/CurlDownload.h:
        * platform/network/curl/DNSCurl.cpp:
        * platform/network/curl/DownloadBundle.h:
        * platform/network/curl/FormDataStreamCurl.cpp:
        * platform/network/curl/FormDataStreamCurl.h:
        * platform/network/curl/ResourceError.h:
        * platform/network/curl/ResourceHandleCurl.cpp:
        * platform/network/curl/ResourceHandleManager.cpp:
        * platform/network/curl/ResourceHandleManager.h:
        * platform/network/curl/ResourceRequest.h:
        * platform/network/curl/ResourceResponse.h:
        * platform/network/curl/SSLHandle.cpp:
        * platform/network/curl/SSLHandle.h:
        * platform/network/gtk/CredentialBackingStore.cpp:
        * platform/network/gtk/CredentialBackingStore.h:
        * platform/network/ios/WebCoreURLResponseIOS.h:
        * platform/network/ios/WebCoreURLResponseIOS.mm:
        * platform/network/mac/AuthenticationMac.h:
        * platform/network/mac/AuthenticationMac.mm:
        * platform/network/mac/CookieJarMac.mm:
        * platform/network/mac/CookieStorageMac.mm:
        * platform/network/mac/FormDataStreamMac.h:
        * platform/network/mac/FormDataStreamMac.mm:
        * platform/network/mac/ResourceErrorMac.mm:
        * platform/network/mac/ResourceHandleMac.mm:
        * platform/network/mac/ResourceRequestMac.mm:
        * platform/network/mac/ResourceResponseMac.mm:
        * platform/network/mac/WebCoreURLResponse.h:
        * platform/network/mac/WebCoreURLResponse.mm:
        * platform/network/soup/AuthenticationChallenge.h:
        * platform/network/soup/AuthenticationChallengeSoup.cpp:
        * platform/network/soup/CookieJarSoup.h:
        * platform/network/soup/DNSSoup.cpp:
        * platform/network/soup/ResourceError.h:
        * platform/network/soup/ResourceErrorSoup.cpp:
        * platform/network/soup/ResourceRequest.h:
        * platform/network/soup/ResourceResponse.h:
        * platform/network/soup/SoupNetworkSession.cpp:
        * platform/network/soup/SoupNetworkSession.h:
        * platform/network/win/CookieJarWin.cpp:
        * platform/network/win/DownloadBundleWin.cpp:
        * platform/network/win/ResourceError.h:
        * platform/network/win/ResourceHandleWin.cpp:
        * platform/network/win/ResourceRequest.h:
        * platform/network/win/ResourceResponse.h:
        * platform/posix/FileSystemPOSIX.cpp:
        * platform/posix/SharedBufferPOSIX.cpp:
        * platform/soup/URLSoup.cpp:
        * platform/sql/SQLValue.cpp:
        * platform/sql/SQLValue.h:
        * platform/sql/SQLiteAuthorizer.cpp:
        * platform/sql/SQLiteDatabase.cpp:
        * platform/sql/SQLiteDatabase.h:
        * platform/sql/SQLiteStatement.cpp:
        * platform/sql/SQLiteStatement.h:
        * platform/sql/SQLiteTransaction.cpp:
        * platform/sql/SQLiteTransaction.h:
        * platform/text/SuffixTree.h:
        * platform/text/TextAllInOne.cpp:
        * platform/text/TextBoundaries.cpp:
        * platform/text/TextBoundaries.h:
        * platform/text/TextCodec.cpp:
        * platform/text/TextCodec.h:
        * platform/text/TextCodecASCIIFastPath.h:
        * platform/text/TextCodecICU.cpp:
        * platform/text/TextCodecICU.h:
        * platform/text/TextCodecLatin1.cpp:
        * platform/text/TextCodecLatin1.h:
        * platform/text/TextCodecUTF16.cpp:
        * platform/text/TextCodecUTF16.h:
        * platform/text/TextCodecUTF8.cpp:
        * platform/text/TextCodecUTF8.h:
        * platform/text/TextCodecUserDefined.cpp:
        * platform/text/TextCodecUserDefined.h:
        * platform/text/TextDirection.h:
        * platform/text/TextEncoding.cpp:
        * platform/text/TextEncoding.h:
        * platform/text/TextEncodingRegistry.cpp:
        * platform/text/TextEncodingRegistry.h:
        * platform/text/TextStream.cpp:
        * platform/text/TextStream.h:
        * platform/text/UnicodeBidi.h:
        * platform/text/mac/CharsetData.h:
        * platform/text/mac/TextBoundaries.mm:
        * platform/text/mac/TextCodecMac.cpp:
        * platform/text/mac/TextCodecMac.h:
        * platform/text/mac/character-sets.txt:
        * platform/text/mac/make-charset-table.pl:
        * platform/text/win/TextCodecWin.h:
        * platform/win/BString.cpp:
        * platform/win/BString.h:
        * platform/win/COMPtr.h:
        * platform/win/ClipboardUtilitiesWin.cpp:
        * platform/win/ClipboardUtilitiesWin.h:
        * platform/win/ContextMenuItemWin.cpp:
        * platform/win/ContextMenuWin.cpp:
        * platform/win/CursorWin.cpp:
        * platform/win/DragDataWin.cpp:
        * platform/win/DragImageCGWin.cpp:
        * platform/win/DragImageCairoWin.cpp:
        * platform/win/DragImageWin.cpp:
        * platform/win/FileSystemWin.cpp:
        * platform/win/GDIObjectCounter.cpp:
        * platform/win/GDIObjectCounter.h:
        * platform/win/HWndDC.h:
        * platform/win/KeyEventWin.cpp:
        * platform/win/LanguageWin.cpp:
        * platform/win/MIMETypeRegistryWin.cpp:
        * platform/win/PasteboardWin.cpp:
        * platform/win/PlatformMouseEventWin.cpp:
        * platform/win/PlatformScreenWin.cpp:
        * platform/win/SharedBufferWin.cpp:
        * platform/win/SharedTimerWin.cpp:
        * platform/win/SoftLinking.h:
        * platform/win/SoundWin.cpp:
        * platform/win/StructuredExceptionHandlerSuppressor.cpp:
        * platform/win/TemporaryLinkStubs.cpp:
        * platform/win/WCDataObject.cpp:
        * platform/win/WCDataObject.h:
        * platform/win/WebCoreTextRenderer.cpp:
        * platform/win/WebCoreTextRenderer.h:
        * platform/win/WheelEventWin.cpp:
        * platform/win/WidgetWin.cpp:
        * platform/win/WindowMessageBroadcaster.cpp:
        * platform/win/WindowMessageBroadcaster.h:
        * platform/win/WindowMessageListener.h:
        * platform/win/WindowsTouch.h:
        * platform/win/makesafeseh.asm:
        * plugins/PluginDatabase.cpp:
        * plugins/PluginDatabase.h:
        * plugins/PluginDebug.cpp:
        * plugins/PluginDebug.h:
        * plugins/PluginPackage.cpp:
        * plugins/PluginPackage.h:
        * plugins/PluginQuirkSet.h:
        * plugins/PluginStream.cpp:
        * plugins/PluginStream.h:
        * plugins/PluginView.cpp:
        * plugins/PluginView.h:
        * plugins/efl/PluginPackageEfl.cpp:
        * plugins/efl/PluginViewEfl.cpp:
        * plugins/gtk/PluginPackageGtk.cpp:
        * plugins/gtk/PluginViewGtk.cpp:
        * plugins/mac/PluginPackageMac.cpp:
        * plugins/mac/PluginViewMac.mm:
        * plugins/npapi.cpp:
        * plugins/npfunctions.h:
        * plugins/npruntime.h:
        * plugins/win/PluginDatabaseWin.cpp:
        * plugins/win/PluginPackageWin.cpp:
        * plugins/win/PluginViewWin.cpp:
        * plugins/x11/PluginViewX11.cpp:
        * rendering/EllipsisBox.cpp:
        * rendering/EllipsisBox.h:
        * rendering/FilterEffectRenderer.cpp:
        * rendering/FilterEffectRenderer.h:
        * rendering/HitTestLocation.h:
        * rendering/HitTestRequest.h:
        * rendering/HitTestResult.h:
        * rendering/HitTestingTransformState.cpp:
        * rendering/HitTestingTransformState.h:
        * rendering/RenderBoxRegionInfo.h:
        * rendering/RenderButton.cpp:
        * rendering/RenderButton.h:
        * rendering/RenderDeprecatedFlexibleBox.cpp:
        * rendering/RenderDeprecatedFlexibleBox.h:
        * rendering/RenderFieldset.cpp:
        * rendering/RenderFrameBase.cpp:
        * rendering/RenderFrameBase.h:
        * rendering/RenderFrameSet.cpp:
        * rendering/RenderGeometryMap.cpp:
        * rendering/RenderGeometryMap.h:
        * rendering/RenderGrid.cpp:
        * rendering/RenderGrid.h:
        * rendering/RenderHTMLCanvas.cpp:
        * rendering/RenderHTMLCanvas.h:
        * rendering/RenderIFrame.cpp:
        * rendering/RenderIFrame.h:
        * rendering/RenderLayerBacking.cpp:
        * rendering/RenderLayerBacking.h:
        * rendering/RenderLayerCompositor.cpp:
        * rendering/RenderLayerCompositor.h:
        * rendering/RenderLineBoxList.cpp:
        * rendering/RenderLineBoxList.h:
        * rendering/RenderListBox.cpp:
        * rendering/RenderListBox.h:
        * rendering/RenderMarquee.h:
        * rendering/RenderMedia.cpp:
        * rendering/RenderMedia.h:
        * rendering/RenderMultiColumnFlowThread.cpp:
        * rendering/RenderMultiColumnFlowThread.h:
        * rendering/RenderMultiColumnSet.cpp:
        * rendering/RenderMultiColumnSet.h:
        * rendering/RenderNamedFlowThread.cpp:
        * rendering/RenderNamedFlowThread.h:
        * rendering/RenderRegionSet.cpp:
        * rendering/RenderRegionSet.h:
        * rendering/RenderReplica.cpp:
        * rendering/RenderReplica.h:
        * rendering/RenderTheme.cpp:
        * rendering/RenderTheme.h:
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeWin.h:
        * rendering/RenderThemeWinCE.cpp:
        * rendering/RenderThemeWinCE.h:
        * rendering/RenderTreeAsText.cpp:
        * rendering/RenderTreeAsText.h:
        * rendering/RenderVTTCue.cpp:
        * rendering/RenderVTTCue.h:
        * rendering/RenderVideo.cpp:
        * rendering/RenderVideo.h:
        * rendering/RenderView.h:
        * rendering/style/SVGRenderStyle.cpp:
        * rendering/style/SVGRenderStyle.h:
        * rendering/style/SVGRenderStyleDefs.cpp:
        * rendering/style/SVGRenderStyleDefs.h:
        * rendering/style/StyleFilterData.cpp:
        * rendering/style/StyleFilterData.h:
        * rendering/style/StylePendingImage.h:
        * rendering/svg/RenderSVGBlock.cpp:
        * rendering/svg/RenderSVGBlock.h:
        * rendering/svg/RenderSVGForeignObject.cpp:
        * rendering/svg/RenderSVGForeignObject.h:
        * rendering/svg/RenderSVGImage.cpp:
        * rendering/svg/RenderSVGInline.h:
        * rendering/svg/RenderSVGInlineText.cpp:
        * rendering/svg/RenderSVGPath.h:
        * rendering/svg/RenderSVGShape.h:
        * rendering/svg/RenderSVGTSpan.h:
        * rendering/svg/RenderSVGText.cpp:
        * rendering/svg/RenderSVGText.h:
        * rendering/svg/SVGInlineFlowBox.cpp:
        * rendering/svg/SVGInlineFlowBox.h:
        * rendering/svg/SVGRenderTreeAsText.cpp:
        * rendering/svg/SVGRenderTreeAsText.h:
        * rendering/svg/SVGRootInlineBox.cpp:
        * rendering/svg/SVGRootInlineBox.h:
        * storage/StorageEventDispatcher.h:
        * svg/SVGException.cpp:
        * svg/graphics/SVGImageChromeClient.h:
        * workers/Worker.cpp:
        * workers/Worker.h:
        * workers/Worker.idl:
        * workers/WorkerEventQueue.cpp:
        * workers/WorkerEventQueue.h:
        * workers/WorkerGlobalScope.cpp:
        * workers/WorkerGlobalScope.h:
        * workers/WorkerGlobalScope.idl:
        * workers/WorkerLocation.cpp:
        * workers/WorkerLocation.h:
        * workers/WorkerLocation.idl:
        * workers/WorkerMessagingProxy.cpp:
        * workers/WorkerMessagingProxy.h:
        * workers/WorkerScriptLoader.cpp:
        * workers/WorkerScriptLoader.h:
        * workers/WorkerScriptLoaderClient.h:
        * workers/WorkerThread.cpp:
        * workers/WorkerThread.h:
        * xml/DOMParser.h:
        * xml/DOMParser.idl:
        * xml/NativeXPathNSResolver.cpp:
        * xml/NativeXPathNSResolver.h:
        * xml/XMLHttpRequest.idl:
        * xml/XMLHttpRequestException.cpp:
        * xml/XMLHttpRequestException.h:
        * xml/XMLHttpRequestException.idl:
        * xml/XMLHttpRequestProgressEvent.h:
        * xml/XMLHttpRequestProgressEvent.idl:
        * xml/XMLHttpRequestUpload.idl:
        * xml/XMLSerializer.h:
        * xml/XMLSerializer.idl:
        * xml/XPathEvaluator.cpp:
        * xml/XPathEvaluator.h:
        * xml/XPathEvaluator.idl:
        * xml/XPathException.cpp:
        * xml/XPathException.h:
        * xml/XPathException.idl:
        * xml/XPathExpression.idl:
        * xml/XPathExpressionNode.cpp:
        * xml/XPathNSResolver.cpp:
        * xml/XPathNSResolver.h:
        * xml/XPathNSResolver.idl:
        * xml/XPathNodeSet.h:
        * xml/XPathResult.idl:
        * xml/XPathUtil.h:
        * xml/XPathVariableReference.cpp:
        * xml/XSLTProcessor.idl:
        * xml/XSLTUnicodeSort.cpp:
        * xml/XSLTUnicodeSort.h:

2014-03-14  Simon Fraser  <simon.fraser@apple.com>

        Fix scrollperf logging
        https://bugs.webkit.org/show_bug.cgi?id=130278
        <rdar://problem/16320003>

        Reviewed by Anders Carlsson.
        
        r165493 broke scrollperf logging by adding in the scroll position
        to the viewport rect, which used to be 0,0 based. Restore
        the previous behavior.

        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
        (WebCore::ScrollingTreeScrollingNodeMac::logExposedUnfilledArea):

2014-03-14  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: border-radius painting falls back to rectangle at subpixel positions.
        https://bugs.webkit.org/show_bug.cgi?id=130272

        Unreviewed. Missing piece from http://trac.webkit.org/changeset/165670

        * platform/graphics/RoundedRect.cpp:
        (WebCore::RoundedRect::pixelSnappedRoundedRectForPainting):

2014-03-14  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: border-radius painting falls back to rectangle at subpixel positions.
        https://bugs.webkit.org/show_bug.cgi?id=130272

        Reviewed by Simon Fraser.

        Rounded rectangle's radius needs adjustment after its containing rect gets pixel snapped.
        Keeping the old radius value could make rounded rectangle non-renderable, because the
        originally calculated radius length does not fit the snapped rectangle anymore.

        Test: fast/borders/hidpi-border-radius-outer-border-goes-rectangle.html

        * platform/graphics/RoundedRect.cpp:
        (WebCore::RoundedRect::pixelSnappedRoundedRectForPainting):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintBorder):

2014-03-14  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] background-attachment: fixed renders oddly, moves around
        https://bugs.webkit.org/show_bug.cgi?id=130277
        <rdar://problem/16332883>

        Reviewed by Tim Horton.

        If we have a counter-scrolling layer (for a fixed background), move
        it around when changing the viewport.

        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeScrollingNodeIOS::updateForViewport):

2014-03-14  Jae Hyun Park  <jaepark@webkit.org>

        [Texmap] Remove duplicated code in TextureMapperLayer
        https://bugs.webkit.org/show_bug.cgi?id=130173

        Reviewed by Martin Robinson.

        This patch is a simple refactoring to remove duplicated code in
        TextureMapperLayer.

        * platform/graphics/texmap/TextureMapperLayer.cpp:
        (WebCore::TextureMapperLayer::~TextureMapperLayer):
        (WebCore::TextureMapperLayer::removeFromParent):

2014-03-14  Simon Fraser  <simon.fraser@apple.com>

        Release-assert if someone starts the WebThread in the WebProcess
        https://bugs.webkit.org/show_bug.cgi?id=130270
        <rdar://problem/16332380>

        Reviewed by Sam Weinig.

        If someone tries to start the WebThread in the WebProcess, assert,
        even in release builds, because this should never happen.

        * platform/ios/wak/WebCoreThread.mm:
        (WebThreadEnable):

2014-03-14  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>

        Clean up unused externs from WebCore logging.
        https://bugs.webkit.org/show_bug.cgi?id=130240

        Reviewed by Andreas Kling.

        * platform/Logging.h:

2014-03-14  James Craig  <jcraig@apple.com>

        AX: AccessibilityObject::invalidStatus() is incorrect when aria-invalid="undefined" or whitespace
        https://bugs.webkit.org/show_bug.cgi?id=130071

        Reviewed by Chris Fleizach.

        Accounted for whitespace values and the explicit string, "undefined".

        Test: accessibility/aria-invalid.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::invalidStatus):
        * accessibility/AccessibilityObject.h:
        * accessibility/atk/WebKitAccessibleInterfaceText.cpp:
        (getAttributeSetForAccessibilityObject):

2014-03-14  Bear Travis  <betravis@adobe.com>

        [CSS Shapes] CSS parser accepts trailing position arguments
        https://bugs.webkit.org/show_bug.cgi?id=129514

        Reviewed by Andreas Kling.

        Add a check to make sure there are no remaining function args
        following a position in the circle() and ellipse() css shape
        functions.

        Updated existing parsing tests.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseBasicShapeCircle):
        (WebCore::CSSParser::parseBasicShapeEllipse):

2014-03-14  Simon Fraser  <simon.fraser@apple.com>

        Fix the iOS build and sort the exports file.

        * WebCore.exp.in:

2014-03-14  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Improve behavior of fixed elments on zooming
        https://bugs.webkit.org/show_bug.cgi?id=130253

        Reviewed by Beth Dakin.

        Correctly reposition right- and bottom-relative position:fixed
        elements on zooming in WK2 iOS by telling the scrolling tree
        about zoom-related viewport changes.

        * WebCore.exp.in:
        * page/FrameView.cpp:
        (WebCore::FrameView::rectForViewportConstrainedObjects):
        (WebCore::FrameView::viewportConstrainedObjectsRect): We need to be able to
        recompute the fixed position rect from the scrolling tree on iOS, so we need
        a static function, similar to scrollOffsetForFixedPosition(), that computes
        the constrained viewport.
        * page/FrameView.h:
        * page/Page.cpp:
        (WebCore::Page::setPageScaleFactor): When scrolling (and, by implication, zooming)
        is delegated, then setPageScaleFactor() should not affect the scroll position.
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated): Go back to just
        passing the visibleContentRect() for iOS.
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::viewportChangedViaDelegatedScrolling): Entrypoint to
        the scrolling tree, called when the viewport is changed by zooming.
        * page/scrolling/ScrollingTree.h:
        * page/scrolling/ScrollingTreeScrollingNode.h:
        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.h:
        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeScrollingNodeIOS::setScrollLayerPosition): Use the
        new FrameView::rectForViewportConstrainedObjects() to compute the correct viewport
        for fixed/sticky child nodes.
        (WebCore::ScrollingTreeScrollingNodeIOS::updateForViewport):
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
        (WebCore::ScrollingTreeScrollingNodeMac::updateForViewport):

2014-03-14  Dirk Schulze  <krit@webkit.org>

        Refactor Path to Path2D and remove currentPath
        https://bugs.webkit.org/show_bug.cgi?id=130236

        Reviewed by Dean Jackson.

        Other implementations prefer Path2D over Path. Furthermore, currentPath is not the right
        way to apply a Path2D object to a context. Main argument is that currentPath creates a copy
        of the Path2D object. Instead we pass Path2D as argument to fill, stroke and clip now.

        Tests: fast/canvas/canvas-clip-path.html
               fast/canvas/canvas-fill-path.html
               fast/canvas/canvas-stroke-path.html

        * bindings/scripts/CodeGeneratorJS.pm: WebIDL parser didn't handle enumerations
            for overloaded methods at all.
        (GenerateParametersCheckExpression):
        * html/canvas/CanvasRenderingContext2D.cpp: New functions with DOMPath argument.
        (WebCore::CanvasRenderingContext2D::fill):
        (WebCore::CanvasRenderingContext2D::stroke):
        (WebCore::CanvasRenderingContext2D::clip):
        (WebCore::CanvasRenderingContext2D::fillInternal): Internal method to avoid code duplication
            and copy operation.
        (WebCore::CanvasRenderingContext2D::strokeInternal): Ditto.
        (WebCore::CanvasRenderingContext2D::clipInternal): Ditto.
        * html/canvas/CanvasRenderingContext2D.h:
        * html/canvas/CanvasRenderingContext2D.idl:
        * html/canvas/DOMPath.idl: Rename Path to Path2D.

2014-03-14  Grzegorz Czajkowski  <g.czajkowski@samsung.com>

        ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder should take a const reference to InsertedNodes
        https://bugs.webkit.org/show_bug.cgi?id=130232

        Reviewed by Andreas Kling.

        This method doesn't modify InsertedNodes object.

        No new tests, no behavior change.

        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):
        * editing/ReplaceSelectionCommand.h:

2014-03-14  Jer Noble  <jer.noble@apple.com>

        [EME] Extend the lifetime of MediaKeySession.
        https://bugs.webkit.org/show_bug.cgi?id=129841

        Reviewed by Eric Carlson.

        Test: media/encrypted-media/encrypted-media-session-lifetime.html

        In anticipation of guidance to be added to the EME Spec <https://www.w3.org/Bugs/Public/show_bug.cgi?id=24771>,
        extend the lifetime of MediaKeySession by making the session an ActiveDOMObject, and returning true to
        hasPendingActivity when the session is both not closed and is associated with a live MediaKeys object.

        Additionally, keep the object from being destroyed while events are pending.

        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::MediaKeySession):
        * Modules/encryptedmedia/MediaKeySession.h:
        * Modules/encryptedmedia/MediaKeySession.idl:

2014-03-14  Ryosuke Niwa  <rniwa@webkit.org>

        Remove an unused function fix builds.

        * platform/mac/HTMLConverter.mm:

2014-03-14  Frédéric Wang  <fred.wang@free.fr>

        FontCache: Replace DEPRECATED_DEFINE_STATIC_LOCAL with static NeverDestroyed<T>.
        https://bugs.webkit.org/show_bug.cgi?id=130233

        Reviewed by Andreas Kling.

        No new tests.

        * platform/graphics/FontCache.cpp:
        (WebCore::fontCache):
        (WebCore::FontVerticalDataCacheKeyTraits::emptyValue):
        (WebCore::fontVerticalDataCacheInstance):
        (WebCore::FontDataCacheKeyTraits::emptyValue):
        * platform/graphics/FontCache.h:

2014-03-11  Oliver Hunt  <oliver@apple.com>

        Improve dom error messages
        https://bugs.webkit.org/show_bug.cgi?id=130103

        Reviewed by Andreas Kling.

        Make the DOM error messages more descriptive, and update bindings tests.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        (GenerateParametersCheck):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::jsTestActiveDOMObjectExcitingAttr):
        (WebCore::jsTestActiveDOMObjectPrototypeFunctionExcitingFunction):
        (WebCore::jsTestActiveDOMObjectPrototypeFunctionPostMessage):
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        (WebCore::jsTestCustomNamedGetterPrototypeFunctionAnotherFunction):
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        (WebCore::jsTestEventConstructorAttr1):
        (WebCore::jsTestEventConstructorAttr2):
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::jsTestEventTargetPrototypeFunctionItem):
        (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
        (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
        (WebCore::jsTestEventTargetPrototypeFunctionDispatchEvent):
        * bindings/scripts/test/JS/JSTestException.cpp:
        (WebCore::jsTestExceptionName):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::jsTestInterfaceImplementsStr1):
        (WebCore::jsTestInterfaceImplementsStr2):
        (WebCore::jsTestInterfaceImplementsStr3):
        (WebCore::jsTestInterfaceImplementsNode):
        (WebCore::jsTestInterfaceSupplementalStr1):
        (WebCore::jsTestInterfaceSupplementalStr2):
        (WebCore::jsTestInterfaceSupplementalStr3):
        (WebCore::jsTestInterfaceSupplementalNode):
        (WebCore::setJSTestInterfaceImplementsStr2):
        (WebCore::setJSTestInterfaceImplementsStr3):
        (WebCore::setJSTestInterfaceImplementsNode):
        (WebCore::setJSTestInterfaceSupplementalStr2):
        (WebCore::setJSTestInterfaceSupplementalStr3):
        (WebCore::setJSTestInterfaceSupplementalNode):
        (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod1):
        (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod2):
        (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod3):
        (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod1):
        (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2):
        (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod3):
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        (WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObjConstructor::constructJSTestObj):
        (WebCore::jsTestObjReadOnlyLongAttr):
        (WebCore::jsTestObjReadOnlyStringAttr):
        (WebCore::jsTestObjReadOnlyTestObjAttr):
        (WebCore::jsTestObjConstructorTestSubObj):
        (WebCore::jsTestObjTestSubObjEnabledBySettingConstructor):
        (WebCore::jsTestObjEnumAttr):
        (WebCore::jsTestObjByteAttr):
        (WebCore::jsTestObjOctetAttr):
        (WebCore::jsTestObjShortAttr):
        (WebCore::jsTestObjUnsignedShortAttr):
        (WebCore::jsTestObjLongAttr):
        (WebCore::jsTestObjLongLongAttr):
        (WebCore::jsTestObjUnsignedLongLongAttr):
        (WebCore::jsTestObjStringAttr):
        (WebCore::jsTestObjTestObjAttr):
        (WebCore::jsTestObjXMLObjAttr):
        (WebCore::jsTestObjCreate):
        (WebCore::jsTestObjReflectedStringAttr):
        (WebCore::jsTestObjReflectedIntegralAttr):
        (WebCore::jsTestObjReflectedUnsignedIntegralAttr):
        (WebCore::jsTestObjReflectedBooleanAttr):
        (WebCore::jsTestObjReflectedURLAttr):
        (WebCore::jsTestObjReflectedCustomIntegralAttr):
        (WebCore::jsTestObjReflectedCustomBooleanAttr):
        (WebCore::jsTestObjReflectedCustomURLAttr):
        (WebCore::jsTestObjTypedArrayAttr):
        (WebCore::jsTestObjAttrWithGetterException):
        (WebCore::jsTestObjAttrWithSetterException):
        (WebCore::jsTestObjStringAttrWithGetterException):
        (WebCore::jsTestObjStringAttrWithSetterException):
        (WebCore::jsTestObjCustomAttr):
        (WebCore::jsTestObjWithScriptStateAttribute):
        (WebCore::jsTestObjWithScriptExecutionContextAttribute):
        (WebCore::jsTestObjWithScriptStateAttributeRaises):
        (WebCore::jsTestObjWithScriptExecutionContextAttributeRaises):
        (WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttribute):
        (WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
        (WebCore::jsTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):
        (WebCore::jsTestObjWithScriptArgumentsAndCallStackAttribute):
        (WebCore::jsTestObjConditionalAttr1):
        (WebCore::jsTestObjConditionalAttr2):
        (WebCore::jsTestObjConditionalAttr3):
        (WebCore::jsTestObjConditionalAttr4Constructor):
        (WebCore::jsTestObjConditionalAttr5Constructor):
        (WebCore::jsTestObjConditionalAttr6Constructor):
        (WebCore::jsTestObjCachedAttribute1):
        (WebCore::jsTestObjCachedAttribute2):
        (WebCore::jsTestObjAnyAttribute):
        (WebCore::jsTestObjContentDocument):
        (WebCore::jsTestObjMutablePoint):
        (WebCore::jsTestObjImmutablePoint):
        (WebCore::jsTestObjStrawberry):
        (WebCore::jsTestObjStrictFloat):
        (WebCore::jsTestObjDescription):
        (WebCore::jsTestObjId):
        (WebCore::jsTestObjHash):
        (WebCore::jsTestObjReplaceableAttribute):
        (WebCore::jsTestObjNullableDoubleAttribute):
        (WebCore::jsTestObjNullableLongAttribute):
        (WebCore::jsTestObjNullableBooleanAttribute):
        (WebCore::jsTestObjNullableStringAttribute):
        (WebCore::jsTestObjNullableLongSettableAttribute):
        (WebCore::jsTestObjNullableStringValue):
        (WebCore::jsTestObjAttribute):
        (WebCore::jsTestObjAttributeWithReservedEnumType):
        (WebCore::setJSTestObjTestSubObjEnabledBySettingConstructor):
        (WebCore::setJSTestObjEnumAttr):
        (WebCore::setJSTestObjByteAttr):
        (WebCore::setJSTestObjOctetAttr):
        (WebCore::setJSTestObjShortAttr):
        (WebCore::setJSTestObjUnsignedShortAttr):
        (WebCore::setJSTestObjLongAttr):
        (WebCore::setJSTestObjLongLongAttr):
        (WebCore::setJSTestObjUnsignedLongLongAttr):
        (WebCore::setJSTestObjStringAttr):
        (WebCore::setJSTestObjTestObjAttr):
        (WebCore::setJSTestObjXMLObjAttr):
        (WebCore::setJSTestObjCreate):
        (WebCore::setJSTestObjReflectedStringAttr):
        (WebCore::setJSTestObjReflectedIntegralAttr):
        (WebCore::setJSTestObjReflectedUnsignedIntegralAttr):
        (WebCore::setJSTestObjReflectedBooleanAttr):
        (WebCore::setJSTestObjReflectedURLAttr):
        (WebCore::setJSTestObjReflectedCustomIntegralAttr):
        (WebCore::setJSTestObjReflectedCustomBooleanAttr):
        (WebCore::setJSTestObjReflectedCustomURLAttr):
        (WebCore::setJSTestObjTypedArrayAttr):
        (WebCore::setJSTestObjAttrWithGetterException):
        (WebCore::setJSTestObjAttrWithSetterException):
        (WebCore::setJSTestObjStringAttrWithGetterException):
        (WebCore::setJSTestObjStringAttrWithSetterException):
        (WebCore::setJSTestObjCustomAttr):
        (WebCore::setJSTestObjWithScriptStateAttribute):
        (WebCore::setJSTestObjWithScriptExecutionContextAttribute):
        (WebCore::setJSTestObjWithScriptStateAttributeRaises):
        (WebCore::setJSTestObjWithScriptExecutionContextAttributeRaises):
        (WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttribute):
        (WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
        (WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):
        (WebCore::setJSTestObjWithScriptArgumentsAndCallStackAttribute):
        (WebCore::setJSTestObjConditionalAttr1):
        (WebCore::setJSTestObjConditionalAttr2):
        (WebCore::setJSTestObjConditionalAttr3):
        (WebCore::setJSTestObjConditionalAttr4Constructor):
        (WebCore::setJSTestObjConditionalAttr5Constructor):
        (WebCore::setJSTestObjConditionalAttr6Constructor):
        (WebCore::setJSTestObjAnyAttribute):
        (WebCore::setJSTestObjMutablePoint):
        (WebCore::setJSTestObjImmutablePoint):
        (WebCore::setJSTestObjStrawberry):
        (WebCore::setJSTestObjStrictFloat):
        (WebCore::setJSTestObjId):
        (WebCore::setJSTestObjReplaceableAttribute):
        (WebCore::setJSTestObjNullableLongSettableAttribute):
        (WebCore::setJSTestObjNullableStringValue):
        (WebCore::setJSTestObjAttributeWithReservedEnumType):
        (WebCore::jsTestObjPrototypeFunctionVoidMethod):
        (WebCore::jsTestObjPrototypeFunctionVoidMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionByteMethod):
        (WebCore::jsTestObjPrototypeFunctionByteMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionOctetMethod):
        (WebCore::jsTestObjPrototypeFunctionOctetMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionLongMethod):
        (WebCore::jsTestObjPrototypeFunctionLongMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionObjMethod):
        (WebCore::jsTestObjPrototypeFunctionObjMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionMethodWithSequenceArg):
        (WebCore::jsTestObjPrototypeFunctionMethodReturningSequence):
        (WebCore::jsTestObjPrototypeFunctionMethodWithEnumArg):
        (WebCore::jsTestObjPrototypeFunctionMethodThatRequiresAllArgsAndThrows):
        (WebCore::jsTestObjPrototypeFunctionSerializedValue):
        (WebCore::jsTestObjPrototypeFunctionOptionsObject):
        (WebCore::jsTestObjPrototypeFunctionMethodWithException):
        (WebCore::jsTestObjPrototypeFunctionCustomMethod):
        (WebCore::jsTestObjPrototypeFunctionCustomMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionAddEventListener):
        (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateVoid):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateObj):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateVoidException):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateObjException):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContext):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptState):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateObjException):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateWithSpaces):
        (WebCore::jsTestObjPrototypeFunctionWithScriptArgumentsAndCallStack):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArg):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndOptionalArg):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndTwoOptionalArgs):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalString):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsUndefined):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsNullString):
        (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackArg):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonCallbackArgAndCallbackArg):
        (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackAndOptionalArg):
        (WebCore::jsTestObjConstructorFunctionStaticMethodWithCallbackAndOptionalArg):
        (WebCore::jsTestObjConstructorFunctionStaticMethodWithCallbackArg):
        (WebCore::jsTestObjPrototypeFunctionConditionalMethod1):
        (WebCore::jsTestObjPrototypeFunctionConditionalMethod2):
        (WebCore::jsTestObjPrototypeFunctionConditionalMethod3):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod1):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod2):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod3):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod4):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod5):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod6):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod8):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod10):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod11):
        (WebCore::jsTestObjPrototypeFunctionClassMethodWithClamp):
        (WebCore::jsTestObjPrototypeFunctionMethodWithUnsignedLongSequence):
        (WebCore::jsTestObjPrototypeFunctionStringArrayFunction):
        (WebCore::jsTestObjPrototypeFunctionDomStringListFunction):
        (WebCore::jsTestObjPrototypeFunctionGetSVGDocument):
        (WebCore::jsTestObjPrototypeFunctionConvert1):
        (WebCore::jsTestObjPrototypeFunctionConvert2):
        (WebCore::jsTestObjPrototypeFunctionConvert4):
        (WebCore::jsTestObjPrototypeFunctionConvert5):
        (WebCore::jsTestObjPrototypeFunctionMutablePointFunction):
        (WebCore::jsTestObjPrototypeFunctionImmutablePointFunction):
        (WebCore::jsTestObjPrototypeFunctionOrange):
        (WebCore::jsTestObjPrototypeFunctionStrictFunction):
        (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithSequence):
        (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithArray):
        (WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
        (WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
        (WebCore::jsTestObjPrototypeFunctionVariadicNodeMethod):
        (WebCore::jsTestObjPrototypeFunctionAny):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        (WebCore::jsTestSerializedScriptValueInterfaceValue):
        (WebCore::jsTestSerializedScriptValueInterfaceReadonlyValue):
        (WebCore::jsTestSerializedScriptValueInterfaceCachedValue):
        (WebCore::jsTestSerializedScriptValueInterfacePorts):
        (WebCore::jsTestSerializedScriptValueInterfaceCachedReadonlyValue):
        (WebCore::setJSTestSerializedScriptValueInterfaceValue):
        (WebCore::setJSTestSerializedScriptValueInterfaceCachedValue):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::JSTestTypedefsConstructor::constructJSTestTypedefs):
        (WebCore::jsTestTypedefsUnsignedLongLongAttr):
        (WebCore::jsTestTypedefsImmutableSerializedScriptValue):
        (WebCore::jsTestTypedefsConstructorTestSubObj):
        (WebCore::jsTestTypedefsAttrWithGetterException):
        (WebCore::jsTestTypedefsAttrWithSetterException):
        (WebCore::jsTestTypedefsStringAttrWithGetterException):
        (WebCore::jsTestTypedefsStringAttrWithSetterException):
        (WebCore::setJSTestTypedefsUnsignedLongLongAttr):
        (WebCore::setJSTestTypedefsImmutableSerializedScriptValue):
        (WebCore::setJSTestTypedefsAttrWithGetterException):
        (WebCore::setJSTestTypedefsAttrWithSetterException):
        (WebCore::setJSTestTypedefsStringAttrWithGetterException):
        (WebCore::setJSTestTypedefsStringAttrWithSetterException):
        (WebCore::jsTestTypedefsPrototypeFunctionFunc):
        (WebCore::jsTestTypedefsPrototypeFunctionSetShadow):
        (WebCore::jsTestTypedefsPrototypeFunctionMethodWithSequenceArg):
        (WebCore::jsTestTypedefsPrototypeFunctionNullableArrayArg):
        (WebCore::jsTestTypedefsPrototypeFunctionFuncWithClamp):
        (WebCore::jsTestTypedefsPrototypeFunctionImmutablePointFunction):
        (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction):
        (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction2):
        (WebCore::jsTestTypedefsPrototypeFunctionCallWithSequenceThatRequiresInclude):
        (WebCore::jsTestTypedefsPrototypeFunctionMethodWithException):
        * bindings/scripts/test/JS/JSattribute.cpp:
        (WebCore::jsattributeReadonly):

2014-03-14  Bear Travis  <betravis@adobe.com>

        [CSS Shapes] polygon default fill-rule should be omitted from the serialization
        https://bugs.webkit.org/show_bug.cgi?id=129840

        Reviewed by Dirk Schulze.

        Modifying the default polygon string opening to be "polygon(" rather than
        "polygon(nonzero".

        Updated existing parsing tests.

        * css/CSSBasicShapes.cpp:
        (WebCore::buildPolygonString):

2014-03-14  Brent Fulgham  <bfulgham@apple.com>

        Crash when using a mixture of In-Band and Out-of-Band Tracks
        https://bugs.webkit.org/show_bug.cgi?id=130247

        Reviewed by Eric Carlson.

        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::processNewAndRemovedTextTracks): Do not include
        the new Out-of-Band placeholder tracks in our counts of in-band tracks.

2014-03-13  Ryosuke Niwa  <rniwa@webkit.org>

        [Mac] Avoid creating DOMCSSStyleDeclaration in WebHTMLConverter
        https://bugs.webkit.org/show_bug.cgi?id=130226

        Reviewed by Andreas Kling.

        Extracted HTMLConverterCaches in C++ that directly calls getPropertyCSSValue on computed style
        and inline style to avoid creating Objective-C wrappers for CSSComputedStyleDeclaration.

        This improves the runtime of PerformanceTests/Interactive/CopyAll.html from 31-32s to 25-26s (20%).

        * platform/mac/HTMLConverter.h:
        * platform/mac/HTMLConverter.mm:
        (HTMLConverterCaches::computedStylePropertyForElement):
        (HTMLConverterCaches::inlineStylePropertyForElement):
        (stringFromCSSValue):
        (-[WebHTMLConverter _computedStringForNode:property:]):
        (floatValueFromPrimitiveValue):
        (_getFloat):
        (-[WebHTMLConverter _getComputedFloat:forNode:property:]):
        (-[WebHTMLConverter _computedColorForNode:property:]):
        (-[WebHTMLConverter dealloc]):
        (-[WebHTMLConverter init]):

2014-03-14  James Craig  <jcraig@apple.com>

        Web Inspector: AXI: Include Role as an extra attribute in the page overlay.
        https://bugs.webkit.org/show_bug.cgi?id=130214

        Reviewed by Timothy Hatcher.

        Adding Role to the Web Inspector element overlay.

        * inspector/InspectorOverlay.cpp:
        (WebCore::buildObjectForElementInfo):
        * inspector/InspectorOverlayPage.js:
        (_createElementTitle):

2014-03-14  James Craig  <jcraig@apple.com>

        Web Inspector: AXI: Expose Accessibility Tree parent of the selected node
        https://bugs.webkit.org/show_bug.cgi?id=129943

        Reviewed by Timothy Hatcher.

        Tests: inspector-protocol/dom/getAccessibilityPropertiesForNode.html

        Web Accessibility Node Inspector now displays a link to the AX parent node,
        because it's not a 1:1 match with the DOMNode parent.

        * inspector/InspectorDOMAgent.cpp: Support for DOMNode.role and AccessibilityProperties.axParentNodeId.
        (WebCore::InspectorDOMAgent::buildObjectForNode): Support for role.
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties): Support for axParentNodeId.
        * inspector/protocol/DOM.json: Added axParentNodeId on AccessibilityProperties, and role on DOMNode.

2014-03-14  Andreas Kling  <akling@apple.com>

        [Mac] Remove NSURLCache logic from WebCore pressure relief code.
        <https://webkit.org/b/130248>

        The NSURLCache lives in the networking process and should be cleared
        on that end. Furthermore, this code doesn't really do what we thought
        it was doing; it merely sets and and resets the limits. No truncation
        ever occurred. The intended functionality was implemented in r165342.

        Reviewed by Anders Carlsson.

        * platform/mac/MemoryPressureHandlerMac.mm:
        (WebCore::MemoryPressureHandler::releaseMemory):

2014-03-14  Andreas Kling  <akling@apple.com>

        Simplify jettisoning of style resolvers on memory pressure.
        <https://webkit.org/b/129644>

        Now that we have Document::allDocuments(), we can jettison all the
        style resolvers by walking the set of live documents and calling
        clearStyleResolver() on each one, instead of having a function on
        Page that walks the frame tree of every living page, etc.

        Reviewed by Antti Koivisto.

        * page/Page.cpp:
        * page/Page.h:
        * platform/mac/MemoryPressureHandlerMac.mm:
        (WebCore::MemoryPressureHandler::releaseMemory):

2014-03-07  Jer Noble  <jer.noble@apple.com>

        Add Remote Control command support to HTLMediaElement
        https://bugs.webkit.org/show_bug.cgi?id=129926

        Reviewed by Eric Carlson.

        Support the new MediaSession remote control commands by pulling in code from
        MediaControlElementTypes to control scanning.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        * html/HTMLMediaElement.h:
        * html/MediaController.cpp:
        (MediaController::beginScanning): Moved from MediaControlElementTypes.
        (MediaController::endScanning): Ditto.
        * html/MediaController.h:
        * html/MediaControllerInterface.h:

        Remove all the scanning code from MediaControlSeekButtonElement.
        * html/shadow/MediaControlElementTypes.cpp:
        (WebCore::MediaControlSeekButtonElement::MediaControlSeekButtonElement):
        (WebCore::MediaControlSeekButtonElement::setActive):
        * html/shadow/MediaControlElementTypes.h:

2014-03-14  Krzysztof Czech  <k.czech@samsung.com>

        Move WebSpeech code to use std::unique_ptr
        https://bugs.webkit.org/show_bug.cgi?id=130231

        Reviewed by Anders Carlsson.

        Replace uses of OwnPtr and PassOwnPtr in WebSpeech code with std::unique_ptr.

        No new tests. Covered by existing ones.

        * Modules/speech/SpeechRecognitionController.cpp:
        * Modules/speech/SpeechRecognitionController.h:
        * Modules/speech/SpeechSynthesis.cpp:
        (WebCore::SpeechSynthesis::setPlatformSynthesizer):
        (WebCore::SpeechSynthesis::getVoices):
        (WebCore::SpeechSynthesis::startSpeakingImmediately):
        * Modules/speech/SpeechSynthesis.h:
        * WebCore.exp.in:
        * platform/PlatformSpeechSynthesizer.cpp:
        * platform/PlatformSpeechSynthesizer.h:
        * platform/mock/PlatformSpeechSynthesizerMock.cpp:
        * platform/mock/PlatformSpeechSynthesizerMock.h:
        * testing/Internals.cpp:
        (WebCore::Internals::enableMockSpeechSynthesizer):

2014-03-13  Anders Carlsson  <andersca@apple.com>

        Move visited link handling to VisitedLinkTableController and VisitedLinkProvider
        https://bugs.webkit.org/show_bug.cgi?id=130223
        <rdar://problem/16315792>

        Reviewed by Dan Bernstein.

        Export symbols needed by WebKit2.

        * WebCore.exp.in:

2014-03-12  Martin Robinson  <mrobinson@igalia.com>

        [GTK] Fix unused parameter warnings in the GObject WebKitDOM bindings
        https://bugs.webkit.org/show_bug.cgi?id=130174

        Reviewed by Daniel Bates.

        * bindings/gobject/DOMObjectCache.cpp:
        (WebKit::weakRefNotify): Fix unused parameters.
        * bindings/gobject/WebKitDOMDeprecated.cpp: Ditto.
        * bindings/gobject/WebKitDOMObject.cpp: Ditto.
        * bindings/scripts/CodeGeneratorGObject.pm: Generate UNUSED_PARAM when appropriate and clean
        up the getter and setter code generation a little to make it easier to read.

2014-03-14  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        Build fix with SUBPIXEL_LAYOUT disabled
        https://bugs.webkit.org/show_bug.cgi?id=130210

        Reviewed by Daniel Bates.

        Use pre-incremeent operator for LayoutUnit instead of post-increment operator as LayoutUnit doesn't support the
        latter and we don't make use of the return value.

        * dom/Element.cpp:
        (WebCore::adjustForLocalZoom):

2014-03-14  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Inline-block child of content node incorrectly clipped
        https://bugs.webkit.org/show_bug.cgi?id=130229

        Reviewed by Andrei Bucur.

        Constrain the target box rect to the region box rect only if we are able
        to determine the region range for box. If we cannot do that, getRegionRangeForBox
        returns null values for start and end region and we should not perform the clamping.

        Test: fast/regions/inlineblock-child-inlineblock-contentnode-in-region.html

        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::rectFlowPortionForBox):

2014-03-14  Zan Dobersek  <zdobersek@igalia.com>

        Unnecessary ImplementationLacksVTable IDL attribute used for RTCConfiguration, RTCIceServer
        https://bugs.webkit.org/show_bug.cgi?id=130230

        Reviewed by Philippe Normand.

        The RTCConfiguration and RTCIceServer classes do not own virtual tables, so using the
        ImplementationLacksVTable attribute in the IDL interface leads to a compile-time assertion
        failure in the generates JSC wrappers because none of the classes is polymorphic.

        * Modules/mediastream/RTCConfiguration.idl:
        * Modules/mediastream/RTCIceServer.idl:

2014-03-14  Javier Fernandez  <jfernandez@igalia.com>

        [CSS Grid Layout] the "grid-template-areas" is not identified as computable property.
        https://bugs.webkit.org/show_bug.cgi?id=130073

        Reviewed by Sergio Villar Senin.

        The "grid-template-areas" property is a computable CSS property, so it should be
        handled accordingly by the Web Inspector.

        No new tests.

        * css/CSSComputedStyleDeclaration.cpp:
        CSSPropertyWebkitGridTemplateAreas added to the computedProperties array.

2014-03-14  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid layout] Initial position in span not correctly computed sometimes
        https://bugs.webkit.org/show_bug.cgi?id=130124

        Reviewed by Darin Adler.

        The code uses std::lower_bound() to get the first grid line
        position before a given resolved position in a Vector. That
        function returns an iterator pointing to the first value not
        "strictly less" than the given one. Consequently, the returned
        position might be actually located after the resolved final
        position. In those cases we need to select the previous position
        in the Vector (which is guaranted to be "< resolved position" due
        to how std::lower_bound() works).

        For example, if we have vector=[2,5,8] as grid positions, and we
        need the first position before 7, std::lower_bound(vector, 7) will
        point to 8 (first value not < 7). It's obvious that we should
        select 5 instead. Should the pointed value be equal, then we
        should do nothing, because the indexes mean tracks, so the item
        will be placed in just one cell of the grid.

        * rendering/RenderGrid.cpp:
        (WebCore::firstNamedGridLineBeforePosition):
        (WebCore::RenderGrid::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):

2014-03-14  Zsolt Borbely  <borbezs@inf.u-szeged.hu>

        Fix the !ENABLE(SVG_FONTS) build
        https://bugs.webkit.org/show_bug.cgi?id=130193

        Reviewed by Dirk Schulze.

        Add missing ENABLE(SVG_FONTS) guards for createGlyphToPathTranslator() function
        in SVGTextRunRenderingContext.h and TextRun.h, because when the SVG_FONTS are
        disabled the function is not implemented.

        * platform/graphics/TextRun.h:
        * rendering/svg/SVGTextRunRenderingContext.h:

2014-03-14  Sergio Villar Senin  <svillar@igalia.com>

        Unreviewed build fix after r165607. There were two missing replaces.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        * dom/Element.cpp:
        (WebCore::attrNodeListMap):

2014-03-14  Frédéric Wang  <fred.wang@free.fr>

        Migrate the MathML stretchy code from UChar to Glyph.
        https://bugs.webkit.org/show_bug.cgi?id=128907

        Reviewed by Chris Fleizach.

        This prepares the MathML stretchy code for future support for the MATH
        table. In particular, this uses the glyph index for measuring and
        drawing instead of Unicode code point since the MATH table uses glyph
        indices. Also, this merges the preferred width and stretchy character
        selection into one common path since they will also have to share the
        size variants measuring/selection. Finally, we expose a drawGlyphs()
        method so that we can draw a glyph by index.

        No new tests. This should not change the behavior of the stretchy code.

        * platform/graphics/Font.h:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawGlyphs):
        * platform/graphics/GraphicsContext.h:
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::RenderMathMLOperator):
        (WebCore::RenderMathMLOperator::boundsForGlyph):
        (WebCore::RenderMathMLOperator::heightForGlyph):
        (WebCore::RenderMathMLOperator::advanceForGlyph):
        (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
        (WebCore::RenderMathMLOperator::findStretchyData):
        (WebCore::RenderMathMLOperator::updateStyle):
        (WebCore::RenderMathMLOperator::firstLineBaseline):
        (WebCore::RenderMathMLOperator::computeLogicalHeight):
        (WebCore::RenderMathMLOperator::paintGlyph):
        (WebCore::RenderMathMLOperator::fillWithExtensionGlyph):
        (WebCore::RenderMathMLOperator::paint):
        (WebCore::RenderMathMLOperator::paintChildren):
        * rendering/mathml/RenderMathMLOperator.h:

2014-03-12  Sergio Villar Senin  <svillar@igalia.com>

        Rename DEFINE_STATIC_LOCAL to DEPRECATED_DEFINE_STATIC_LOCAL
        https://bugs.webkit.org/show_bug.cgi?id=129612

        Reviewed by Darin Adler.

        For new code use static NeverDestroyed<T> instead.

        Removed the list of changed files as it was huge.

2014-03-14  Gavin Barraclough  <barraclough@apple.com>

        Reduce memory use for static property maps
        https://bugs.webkit.org/show_bug.cgi?id=129986

        Unreviewed Windows build fix / update bindings test results following r165603.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHashTable):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::jsTestEventTargetPrototypeFunctionItem):
        (WebCore::jsTestEventTargetPrototypeFunctionDispatchEvent):
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod2):
        (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2):
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjAttrWithGetterException):
        (WebCore::jsTestObjStringAttrWithGetterException):
        (WebCore::jsTestObjWithScriptStateAttributeRaises):
        (WebCore::jsTestObjWithScriptExecutionContextAttributeRaises):
        (WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
        (WebCore::jsTestObjNullableStringValue):
        (WebCore::jsTestObjPrototypeFunctionByteMethod):
        (WebCore::jsTestObjPrototypeFunctionByteMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionOctetMethod):
        (WebCore::jsTestObjPrototypeFunctionOctetMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionLongMethod):
        (WebCore::jsTestObjPrototypeFunctionLongMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionObjMethod):
        (WebCore::jsTestObjPrototypeFunctionObjMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionMethodReturningSequence):
        (WebCore::jsTestObjPrototypeFunctionMethodThatRequiresAllArgsAndThrows):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateObj):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateObjException):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateObjException):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateWithSpaces):
        (WebCore::jsTestObjPrototypeFunctionConditionalMethod1):
        (WebCore::jsTestObjConstructorFunctionClassMethodWithOptional):
        (WebCore::jsTestObjPrototypeFunctionStringArrayFunction):
        (WebCore::jsTestObjPrototypeFunctionDomStringListFunction):
        (WebCore::jsTestObjPrototypeFunctionGetSVGDocument):
        (WebCore::jsTestObjPrototypeFunctionMutablePointFunction):
        (WebCore::jsTestObjPrototypeFunctionImmutablePointFunction):
        (WebCore::jsTestObjPrototypeFunctionStrictFunction):
        (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithSequence):
        (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithArray):
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::jsTestTypedefsAttrWithGetterException):
        (WebCore::jsTestTypedefsStringAttrWithGetterException):
        (WebCore::jsTestTypedefsPrototypeFunctionMethodWithSequenceArg):
        (WebCore::jsTestTypedefsPrototypeFunctionImmutablePointFunction):
        (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction):
        (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction2):
        (WebCore::jsTestTypedefsPrototypeFunctionCallWithSequenceThatRequiresInclude):
        * bindings/scripts/test/JS/JSattribute.cpp:
        * bindings/scripts/test/JS/JSreadonly.cpp:

2014-03-14  Jinwoo Song  <jinwoo7.song@samsung.com>

        Use override keyword in BatteryManager
        https://bugs.webkit.org/show_bug.cgi?id=130225

        Reviewed by Daniel Bates.

        * Modules/battery/BatteryManager.h:

2014-03-12  Gavin Barraclough  <barraclough@apple.com>

        Reduce memory use for static property maps
        https://bugs.webkit.org/show_bug.cgi?id=129986

        Reviewed by Andreas Kling.

        Static property tables are currently duplicated on first use from read-only memory into dirty memory
        in every process, and since the entries are large (48 bytes) and the tables can be unusually sparse
        (we use a custom hash table without a rehash) a lot of memory may be wasted.

        * bindings/js/JSDOMBinding.h:
        (WebCore::getStaticValueSlotEntryWithoutCaching):
        (WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMWrapper>):
            - HashEntry -> HashTableValue.
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):
            - HashEntry -> HashTableValue.
        * bindings/js/JSHistoryCustom.cpp:
        (WebCore::JSHistory::getOwnPropertySlotDelegate):
            - HashEntry -> HashTableValue.
        * bindings/js/JSLocationCustom.cpp:
        (WebCore::JSLocation::getOwnPropertySlotDelegate):
        (WebCore::JSLocation::putDelegate):
            - HashEntry -> HashTableValue.
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateGetOwnPropertySlotBody):
            - HashEntry -> HashTableValue.
        (GenerateHashTable):
            - emit the hash table index into the derived source (we were calculating this already to ensure chaining does not get too deep).

2014-03-13  Manish R Gurnaney  <m.gurnaney@samsung.com>

        Scroll size is not recalculated when absolute left of child is updated
        https://bugs.webkit.org/show_bug.cgi?id=123958

        Reviewed by Simon Fraser.

        Test: fast/css/display-inline-block-scrollbar.html
        Actual issue was that whenever there is the content change in the
        RenderBlock having inline-block children, The InlineFlowBox while
        computing overflow never resets previous value.
        
        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::computeOverflow):
        Added code to clear overflow when we start computing overflow for
        InlineFlowBox. So as to ScrollSize can be recalculated properly.

2014-03-13  Zalan Bujtas  <zalan@apple.com>

        Pass const RenderStyle& to box decoration functions.
        https://bugs.webkit.org/show_bug.cgi?id=130201

        Reviewed by Andreas Goran Kling.

        No change in functionality.

        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::paintBoxShadow):
        (WebCore::InlineFlowBox::paintBoxDecorations):
        (WebCore::InlineFlowBox::paintMask):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::paintBoxDecorations):
        (WebCore::RenderBox::paintMaskImages):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintNinePieceImage):
        (WebCore::RenderBoxModelObject::paintOneBorderSide):
        (WebCore::RenderBoxModelObject::paintBorderSides):
        (WebCore::RenderBoxModelObject::paintTranslucentBorderSides):
        (WebCore::RenderBoxModelObject::paintBorder):
        (WebCore::RenderBoxModelObject::drawBoxSideFromPath):
        (WebCore::RenderBoxModelObject::getBorderEdgeInfo):
        (WebCore::RenderBoxModelObject::borderObscuresBackgroundEdge):
        (WebCore::RenderBoxModelObject::borderObscuresBackground):
        (WebCore::RenderBoxModelObject::paintBoxShadow):
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderFieldset.cpp:
        (WebCore::RenderFieldset::paintBoxDecorations):
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::paintBoxDecorations):
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::paintBoxDecorations):

2014-03-13  Jinwoo Jeong  <jw00.jeong@samsung.com>

        Refactor Vibration algorithm to use only one timer.
        https://bugs.webkit.org/show_bug.cgi?id=130059

        Reviewed by Darin Adler.

        Currently Vibration is using two timers,
        one is to start a vibration and another is to check termination of a vibration.
        But they do not work in same time, if one of them is fired, then anothor will start.
        Thus this patch removes one of them, and manages vibration states by enumeration.

        Also, this patch implement the missing part of the algorithm,
        which check the maximum length of the vibration pattern and the maximum duration of the vibration.

        Lastly, this patch removes unused methods from Vibration.

        * Modules/vibration/Vibration.cpp:
        (WebCore::Vibration::Vibration):
        (WebCore::Vibration::vibrate):
        (WebCore::Vibration::cancelVibration):
        Removed stopVibration() and its contents moved to cancelVibration().
        (WebCore::Vibration::timerFired): Combined timerStartFired() and timerStopFired().
        Removed suspendVibration() and resumeVibration(), which is never called since r.
        * Modules/vibration/Vibration.h: Added new enumertaion to specify states of Vibration.
        (WebCore::Vibration::isVibrating):

2014-03-13  James Craig  <jcraig@apple.com>

        Web Inspector: AXI: Use loc strings for known aria-invalid types
        https://bugs.webkit.org/show_bug.cgi?id=129952

        Reviewed by Joseph Pecoraro.

        Updating inspector-protocol enum and UI display values for @aria-invalid.

        Test: inspector-protocol/dom/getAccessibilityPropertiesForNode.html

        * inspector/InspectorDOMAgent.cpp: Enum for DOM.AccessibilityPropertiesInvalid
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
        * inspector/protocol/DOM.json: Enum for DOM.AccessibilityPropertiesInvalid

2014-03-13  Dirk Schulze  <krit@webkit.org>

        [SVG2] support paint-order presentation attribute
        https://bugs.webkit.org/show_bug.cgi?id=129373

        Reviewed by Dean Jackson.

        Add support for the paint-order property from SVG2. The presentation
        attribute/CSS property allows to paint fill, stroke and markers in any order
        the author desires.

        Firefox supports this but behind a runtime flag. It is just activated in
        nightly builds by default.

        Chromium supports it behind a runtime flag as well but is going to ship it
        pretty soon.

        Tests: svg/paint-order/paint-order-fill-expected.svg
               svg/paint-order/paint-order-fill-markers-expected.svg
               svg/paint-order/paint-order-fill-markers.svg
               svg/paint-order/paint-order-fill.svg
               svg/paint-order/paint-order-markers-expected.svg
               svg/paint-order/paint-order-markers-stroke-expected.svg
               svg/paint-order/paint-order-markers-stroke.svg
               svg/paint-order/paint-order-markers.svg
               svg/paint-order/paint-order-normal-expected.svg
               svg/paint-order/paint-order-normal.svg
               svg/paint-order/paint-order-stroke-expected.svg
               svg/paint-order/paint-order-stroke-marker-expected.svg
               svg/paint-order/paint-order-stroke-marker.svg
               svg/paint-order/paint-order-stroke.svg
               svg/paint-order/paint-order-text-markers-expected.svg
               svg/paint-order/paint-order-text-markers.svg
               svg/paint-order/paint-order-text-normal-expected.svg
               svg/paint-order/paint-order-text-normal.svg
               svg/paint-order/paint-order-text-stroke-expected.svg
               svg/paint-order/paint-order-text-stroke.svg
               svg/paint-order/paint-order-text-tspan-001-expected.svg
               svg/paint-order/paint-order-text-tspan-001.svg
               svg/paint-order/paint-order-text-tspan-002-expected.svg
               svg/paint-order/paint-order-text-tspan-002.svg
               svg/paint-order/parsing-paint-order.html

        * css/CSSComputedStyleDeclaration.cpp: Computed style for paint-order.
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSParser.h:
        * css/CSSPropertyNames.in:
        * css/CSSValueKeywords.in:
        * css/SVGCSSComputedStyleDeclaration.cpp:
        (WebCore::paintOrder):
        (WebCore::ComputedStyleExtractor::svgPropertyValue):
        * css/SVGCSSParser.cpp: Parse paint-order. Take care of serialization
            at this point already to get element style correct.
        (WebCore::CSSParser::parseSVGValue):
        (WebCore::CSSParser::parsePaintOrder):
        * css/SVGCSSStyleSelector.cpp:
        (WebCore::StyleResolver::applySVGProperty):
        * rendering/style/SVGRenderStyle.cpp:
        (WebCore::SVGRenderStyle::paintTypesForPaintOrder):
        (WebCore::SVGRenderStyle::diff): Repaint on change.
        * rendering/style/SVGRenderStyle.h:
        (WebCore::SVGRenderStyle::initialPaintOrder):
        (WebCore::SVGRenderStyle::setPaintOrder):
        (WebCore::SVGRenderStyle::paintOrder):
        (WebCore::SVGRenderStyle::InheritedFlags::operator==):
        (WebCore::SVGRenderStyle::setBitDefaults):
        * rendering/style/SVGRenderStyleDefs.h:
        * rendering/svg/RenderSVGShape.cpp: Change order of painting based on paint-order.
        (WebCore::RenderSVGShape::strokeShape):
        (WebCore::RenderSVGShape::fillStrokeMarkers):
        (WebCore::RenderSVGShape::paint):
        (WebCore::RenderSVGShape::addFocusRingRects):
        * rendering/svg/RenderSVGShape.h:
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::paint): Ditto.
        * svg/SVGElement.cpp: Make property a presentation attribute.
        (WebCore::populateAttributeNameToCSSPropertyIDMap):
        (WebCore::populateAttributeNameToAnimatedPropertyTypeMap):
        * svg/svgattrs.in: Add paint-order attribute.

2014-03-13  Andreas Kling  <akling@apple.com>

        Network process instantiates JSC::VM under fake memory pressure.
        <https://webkit.org/b/130143>

        Stop calling GCController::garbageCollectSoon() in the fake memory
        pressure callback. The pressure relief code already schedules GC
        by way of discardAllCode() which does reportAbandonedObjectGraph().
        This way we don't accidentally instantiate a VM in the networking
        process for no reason.

        Reviewed by Geoffrey Garen.

        * platform/mac/MemoryPressureHandlerMac.mm:
        (WebCore::MemoryPressureHandler::install):

2014-03-13  Diego Pino Garcia  <dpino@igalia.com>

        Web Inspector: AXI: Expose focused/focusable state in the Accessibility Node Inspector
        https://bugs.webkit.org/show_bug.cgi?id=129779

        Reviewed by Timothy Hatcher.

        * inspector/InspectorDOMAgent.cpp: Set property "focused".
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
        * inspector/protocol/DOM.json: Add property "focused" to
        AccessibilityProperties.

2014-03-12  Jae Hyun Park  <jaepark@webkit.org>

        Remove remaining Nix port related files
        https://bugs.webkit.org/show_bug.cgi?id=130179

        Reviewed by Csaba Osztrogonác.

        GLContextFromCurrentEGL was added in r155360 as a part of nix
        upstreaming. As Nix port is removed from the source tree, these files
        are in no use.

        * platform/graphics/egl/GLContextFromCurrentEGL.cpp: Removed.
        * platform/graphics/egl/GLContextFromCurrentEGL.h: Removed.

2014-03-13  Daniel Bates  <dabates@apple.com>

        REGRESSION (r160806): Incorrect cascade order of prefixed and non-prefixed variants of
        CSS properties box-shadow and background-{clip, origin, size}
        https://bugs.webkit.org/show_bug.cgi?id=130102
        <rdar://problem/16187037>

        Reviewed by Andreas Kling.

        Fixes an issues in the computation of the final value for the CSS properties
        box-shadow and background-{clip, origin, size} when the definition of a selector
        uses both the prefixed and non-prefixed variants (in order) of these properties.

        Tests: fast/css/cascade/background-clip-and-webkit-background-clip-cascade-order.html
               fast/css/cascade/background-origin-and-webkit-background-origin-cascade-order.html
               fast/css/cascade/background-size-and-webkit-background-size-cascade-order.html
               fast/css/cascade/box-shadow-and-webkit-box-shadow-cascade-order.html

        * css/CSSPropertyNames.in: Add a comment to explain the difference between property
        -webkit-box-shadow and property box-shadow.
        * css/StyleResolver.cpp:
        (WebCore::shouldApplyPropertyInParseOrder): Add prefixed and non-prefixed variants
        of box-shadow and background-{clip, origin, size} to the list of properties that need
        to be applied in the same order as they were parsed from the stylesheet.

2014-03-13  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Remove InspectorFrontendHost.loadResourceSynchronously
        https://bugs.webkit.org/show_bug.cgi?id=130217

        Reviewed by Timothy Hatcher.

        This has been replaced by NetworkAgent.loadResource,
        which loads asynchronously through the backend.

        * inspector/InspectorFrontendHost.cpp:
        * inspector/InspectorFrontendHost.h:
        * inspector/InspectorFrontendHost.idl:

2014-03-13  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Network.loadResource should include the response status code
        https://bugs.webkit.org/show_bug.cgi?id=130216

        Reviewed by Timothy Hatcher.

        * inspector/InspectorResourceAgent.cpp:
        Record and send the http status code.

        * inspector/protocol/Network.json:
        Include status code property in the success callback.

2014-03-13  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Network.loadResource XHR crash if page reloaded while request is ongoing
        https://bugs.webkit.org/show_bug.cgi?id=130211

        Reviewed by Timothy Hatcher.

        Merged from Blink with changes, (patch by vsevik@chromium.org):
        http://src.chromium.org/viewvc/blink?view=revision&revision=152712

        Using an XMLHttpRequest to download resources had a few issues. Being an
        Active DOM Object the load could be paused. Without an extra retain,
        when the load was cancelled (e.g. a page reload) the XHR would get
        destructed and could cause a crash if the list of active DOM objects
        was actively being iterated.

        Switch to a DocumentThreadableLoader to manage the load ourselves.
        This still uses the Memory cache, but we have a little more control.

        * inspector/InspectorResourceAgent.h:
        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::InspectorResourceAgent):
        (WebCore::InspectorResourceAgent::loadResource):
        Switch from XHR to DocumentThreadableLoader.

        * xml/XMLHttpRequest.h:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::XMLHttpRequest):
        (WebCore::XMLHttpRequest::createRequest):
        (WebCore::XMLHttpRequest::sendForInspector):
        Remove the now unnecessary XHR sendForInspector path.

2014-03-13  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r165540.
        https://bugs.webkit.org/show_bug.cgi?id=130199

        caused 1 hidpi test fail (Requested by zalan on #webkit).

        Reverted changeset:

        "Subpixel rendering: Nested layers with subpixel accumulation
        paint to wrong position."
        https://bugs.webkit.org/show_bug.cgi?id=130153
        http://trac.webkit.org/changeset/165540

2014-03-13  Benjamin Poulain  <bpoulain@apple.com>

        Fix a bunch of mistakes in the parsing of ::cue( and ::cue
        https://bugs.webkit.org/show_bug.cgi?id=130113

        Reviewed by Andreas Kling.

        * css/CSSGrammar.y.in:
        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::setPseudoTypeValue):
        The ::cue() pseudo element "function" was passed as a PseudoClass.
        The type was then parsed and considered as a compatibility type to flip
        the match type back to PseudoElement.

        Instead of all that jazz, just pass the right type from the grammar.

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::parsePseudoType):
        The non-function ::cue pseudo element use shadow pseudo ID for matching the element.
        Since it is unprefixed, it needs to map to one of the Custom types. The previous code
        was using String::startsWith() for some reason, change that to a simple equality.

2014-03-13  Benjamin Poulain  <benjamin@webkit.org>

        Clean up RenderStyle creation
        https://bugs.webkit.org/show_bug.cgi?id=130180

        Reviewed by Andreas Kling.

        Use the copy constructor with the default style instead of having a special
        constructor for that.

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::create):
        (WebCore::RenderStyle::RenderStyle):
        * rendering/style/RenderStyle.h:

2014-03-13  Benjamin Poulain  <bpoulain@apple.com>

        The viewport code should not depend on WebKitSystemInterface
        https://bugs.webkit.org/show_bug.cgi?id=130218

        Reviewed by Tim Horton.

        The viewport code cannot be generalized to other ports because it relies
        on WebKit system interface to get the device screen size.
        This patch fixes that by going through ChromeClient to get the data.

        * dom/Document.cpp:
        (WebCore::Document::processViewport):
        Get the screensize from chrome client.

        * dom/ViewportArguments.cpp:
        (WebCore::computeViewportAttributes):
        This is dead code. Nothing should ever use computeViewportAttributes().

        (WebCore::finalizeViewportArguments):
        * dom/ViewportArguments.h:
        * page/ChromeClient.h:
        (WebCore::ChromeClient::viewportScreenSize):

2014-03-07  Jer Noble  <jer.noble@apple.com>

        Add remote control command support to MediaSession.
        https://bugs.webkit.org/show_bug.cgi?id=129903

        Reviewed by Eric Carlson.

        Add the capability to receive remote control commands (currently iOS only) and to
        pass those commands through the MediaSessionManager.

        Add a new platform class which can listen for remote control commands:
        * platform/RemoteCommandListener.cpp: Added.
        (WebCore::RemoteCommandListener::create):
        * platform/RemoteCommandListener.h: Added.
        (WebCore::RemoteCommandListenerClient::~RemoteCommandListenerClient):
        (WebCore::RemoteCommandListener::~RemoteCommandListener):
        (WebCore::RemoteCommandListener::RemoteCommandListener):
        * platform/ios/RemoteCommandListenerIOS.h: Added.
        * platform/ios/RemoteCommandListenerIOS.mm: Added.
        (WebCore::RemoteCommandListener::create):
        (WebCore::RemoteCommandListenerIOS::RemoteCommandListenerIOS):
        (WebCore::RemoteCommandListenerIOS::~RemoteCommandListenerIOS):

        Handle remote control command events in HTMLMediaElement and AudioDestinationMac:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):
        * html/HTMLMediaElement.h:
        * platform/audio/mac/AudioDestinationMac.h:
        (WebCore::AudioDestinationMac::canReceiveRemoteControlCommands):
        (WebCore::AudioDestinationMac::didReceiveRemoteControlCommand):

        Pipe command events through MediaSessionManager:
        * platform/audio/MediaSession.cpp:
        (WebCore::MediaSession::canReceiveRemoteControlCommands):
        (WebCore::MediaSession::didReceivRemoteControlCommand):
        * platform/audio/MediaSession.h:
        * platform/audio/MediaSessionManager.cpp:
        (WebCore::MediaSessionManager::addSession):
        (WebCore::MediaSessionManager::removeSession):
        (WebCore::MediaSessionManager::sessionWillBeginPlayback):
        (WebCore::MediaSessionManager::didReceiveRemoteControlCommand):
        (WebCore::MediaSessionManager::addClient):
        (WebCore::MediaSessionManager::removeClient):
        * platform/audio/MediaSessionManager.h:
        (WebCore::MediaSessionManagerClient::~MediaSessionManagerClient):
        (WebCore::MediaSessionManagerClient::MediaSessionManagerClient):

        Make sessionWillBegin/EndPlayback() methods take non-const parameters:
        * platform/audio/MediaSessionManager.h:
        (WebCore::MediaSessionManager::sessionWillEndPlayback):
        * platform/audio/ios/MediaSessionManagerIOS.h:
        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (WebCore::MediaSessionManagerIOS::sessionWillBeginPlayaback):
        (WebCore::MediaSessionManagerIOS::sessionWillEndPlayaback):

        Add new files and export new symbols:
        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:

2014-03-13  Csaba Osztrogonác  <ossy@webkit.org>

        Unreviewed, rolling out r165544 and r165560.

        It broke EFL/GTK/Windows build

        Reverted changesets:

        "Optimize hasTagName when called on an HTMLElement"
        https://bugs.webkit.org/show_bug.cgi?id=130090
        http://trac.webkit.org/changeset/165544

        http://trac.webkit.org/changeset/165560

2014-03-13  Antti Koivisto  <antti@apple.com>

        Try to stop asserts in debug build.

        * dom/Node.cpp:
        (WebCore::Document::invalidateNodeListAndCollectionCaches):

2014-03-13  Benjamin Poulain  <bpoulain@apple.com>

        Update the build fix for r165544

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        Fix typo :(

2014-03-13  Benjamin Poulain  <bpoulain@apple.com>

        Update the build fix for r165544

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper isSVGGroupElement]):
        Use the SVG version since the name being tested is a SVG name.

2014-03-13  Benjamin Poulain  <bpoulain@apple.com>

        Attempt to fix the build after r165542

        * dom/NodeRenderStyle.h:

2014-03-13  Benjamin Poulain  <bpoulain@apple.com>

        Update WebAccessibilityObjectWrapperIOS after r165544

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper isSVGGroupElement]):

2014-03-13  Antti Koivisto  <antti@apple.com>

        REGRESSION(r165542): printing/page-rule-selection.html failing
        https://bugs.webkit.org/show_bug.cgi?id=130205

        Reviewed by Andreas Kling.

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::keyframeStylesForAnimation):
        (WebCore::StyleResolver::styleForPage):
        
            Use Document style as parent when resolving page style.

        (WebCore::StyleResolver::applyPropertyToStyle):
        * css/StyleResolver.h:
        
            Get rid of the default null parameter.

2014-03-13  Benjamin Poulain  <bpoulain@apple.com>

        Remove INPUT_LIST_BUTTON from the PseudoIds
        https://bugs.webkit.org/show_bug.cgi?id=130108

        Reviewed by Andreas Kling.

        * rendering/style/RenderStyleConstants.h:
        It is unused.

2014-03-12  Eric Carlson  <eric.carlson@apple.com>

        [iOS] Sync media playback with now playing
        https://bugs.webkit.org/show_bug.cgi?id=130172

        Reviewed by Jer Noble.
        
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::play): Move clientWillBeginPlayback to
            playInternal so it is called every time playback begins.
        (WebCore::HTMLMediaElement::playInternal): Call clientWillBeginPlayback.
        (WebCore::HTMLMediaElement::pause): Move clientWillPausePlayback to
            playInternal so it is called every time playback begins.
        (WebCore::HTMLMediaElement::playInternal): Call clientWillPausePlayback.
        (WebCore::HTMLMediaElement::mediaSessionTitle): New. Return the 'title' attribute,
            or currenSrc if that is empty.
        * html/HTMLMediaElement.h:
        (WebCore::HTMLMediaElement::mediaSessionDuration): Return duration.
        (WebCore::HTMLMediaElement::mediaSessionCurrentTime): Return current time.

        * platform/audio/MediaSession.cpp:
        (WebCore::MediaSession::clientWillPausePlayback): New, passthrough to the
            media element.
        (WebCore::MediaSession::title): Ditto.
        (WebCore::MediaSession::duration): Ditto.
        (WebCore::MediaSession::currentTime): Ditto.
        * platform/audio/MediaSession.h:
        (WebCore::MediaSessionClient::mediaSessionTitle):
        (WebCore::MediaSessionClient::mediaSessionDuration):
        (WebCore::MediaSessionClient::mediaSessionCurrentTime):

        * platform/audio/MediaSessionManager.cpp:
        (WebCore::MediaSessionManager::MediaSessionManager): Initialize m_activeSession.
        (WebCore::MediaSessionManager::removeSession): Set m_activeSession if the session
            being removed is currently active.
        (WebCore::MediaSessionManager::sessionWillBeginPlayback): Set m_activeSession.
        * platform/audio/MediaSessionManager.h:
        (WebCore::MediaSessionManager::sessionWillEndPlayback):
        (WebCore::MediaSessionManager::setCurrentSession):
        (WebCore::MediaSessionManager::currentSession):

        * platform/audio/ios/MediaSessionManagerIOS.h:
        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (WebCore::MediaSessionManageriOS::sessionWillBeginPlayback): Call updateNowPlayingInfo. 
        (WebCore::MediaSessionManageriOS::sessionWillEndPlayback): Ditto.
        (WebCore::MediaSessionManageriOS::updateNowPlayingInfo): Update MPNowPlayingInfoCenter
            with the current media item's title, duration, and current time.
        (-[WebMediaSessionHelper initWithCallback:]): Turn on deliver of remote control
            events, even though we don't respond to them yet, or Now Playing won't work.

2014-03-13  Radu Stavila  <stavila@adobe.com>

        Webkit not building on XCode 5.1 due to garbage collection no longer being supported
        https://bugs.webkit.org/show_bug.cgi?id=130087

        Reviewed by Mark Rowe.

        Disable garbage collection on macosx when not using internal SDK.

        No new tests required.

        * Configurations/Base.xcconfig:

2014-03-13  Andreas Kling  <akling@apple.com>

        Don't send synchronous resize events when FrameView has auto-sizing enabled.
        <https://webkit.org/b/130198>
        <rdar://problem/15991333>

        Reviewed by Dan Bernstein.

        * page/FrameView.cpp:
        (WebCore::FrameView::sendResizeEventIfNeeded):

2014-03-13  Antti Koivisto  <antti@apple.com>

        Try to fix release build.

        * css/MediaQueryMatcher.cpp:
        * css/StyleMedia.cpp:
        * html/HTMLTitleElement.cpp:

2014-03-11  Darin Adler  <darin@apple.com>

        Avoid copy-prone idiom "for (auto item : collection)"
        https://bugs.webkit.org/show_bug.cgi?id=129990

        Reviewed by Geoffrey Garen.

        Most of these changes have no effect. A few of them get rid of unwanted
        copying of the items as we iterate them. Found these with the command
        'git grep "for (auto .*:"' or the equivalent.

        * Modules/indexeddb/IDBKeyData.cpp:
        (WebCore::IDBKeyData::IDBKeyData): Use auto& to avoid copying the keys.
        (WebCore::IDBKeyData::maybeCreateIDBKey): Ditto.
        (WebCore::IDBKeyData::isolatedCopy): Ditto.

        * dom/Node.cpp:
        (WebCore::Document::invalidateNodeListAndCollectionCaches): Use auto*
        to make explicit the fact that these are pointers. Stop using "it" for
        a variable that is not an iterator. Get rid of unneeded local variables
        for the collections themselves.

        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::adoptDocument): Use auto& to make sure we
        don't do any unnecessary copying. Stop using "it" for a variable that
        is not an iterator.

        * html/HTMLTableRowsCollection.cpp:
        (WebCore::HTMLTableRowsCollection::lastRow): Use auto* to be explicit
        that these are pointers.
        * inspector/InspectorNodeFinder.cpp:
        (WebCore::InspectorNodeFinder::searchUsingDOMTreeTraversal): Ditto.
        * page/ios/FrameIOS.mm:
        (WebCore::Frame::interpretationsForCurrentRoot): Ditto. Also got rid of
        an unnecessary local variable.

        * platform/FileChooser.cpp:
        (WebCore::FileChooser::chooseFiles): Use auto&. Also fix a FIXME.
        (WebCore::FileChooser::chooseMediaFiles): Ditto.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::naturalSize): Use auto&.

        * rendering/RenderIterator.h: Changed include from RenderObject.h to
        RenderElement.h; iterators are based on RenderElement now.

        * rendering/svg/RenderSVGResource.cpp:
        (WebCore::removeFromCacheAndInvalidateDependencies): Use auto*.

        * rendering/svg/RenderSVGResourceContainer.cpp:
        (WebCore::RenderSVGResourceContainer::markAllClientsForInvalidation): Use auto*.
        (WebCore::RenderSVGResourceContainer::markAllClientLayersForInvalidation): Ditto.
        (WebCore::RenderSVGResourceContainer::registerResource): Ditto.

        * rendering/svg/SVGRenderSupport.cpp:
        (WebCore::SVGRenderSupport::layoutChildren): Updated to use a more specific
        type, to use auto* instead of of auto, and to eliminate the slightly sloppily
        capitalized and not-so-slightly ungrammatical notlayoutedObjects.
        (WebCore::SVGRenderSupport::applyStrokeStyleToContext): Use auto&.
        (WebCore::SVGRenderSupport::updateMaskedAncestorShouldIsolateBlending): Use auto*.

        * rendering/svg/SVGResourcesCycleSolver.cpp:
        (WebCore::SVGResourcesCycleSolver::resourceContainsCycles): Use auto*.
        (WebCore::SVGResourcesCycleSolver::resolveCycles): Ditto. Also lineageOfType.

        * svg/SVGAnimateMotionElement.cpp:
        (WebCore::SVGAnimateMotionElement::applyResultsToTarget): Use auto*.
        * svg/SVGPathElement.cpp:
        (WebCore::SVGPathElement::invalidateMPathDependencies): Ditto.

2014-03-13  Brian Burg  <bburg@apple.com>

        Web Inspector: Remove unused callId parameter from evaluateInWebInspector
        https://bugs.webkit.org/show_bug.cgi?id=129744

        Reviewed by Timothy Hatcher.

        * WebCore.exp.in:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::evaluateForTestInFrontend):
        * inspector/InspectorController.h:

2014-03-13  Darin Adler  <darin@apple.com>

        Optimize hasTagName when called on an HTMLElement
        https://bugs.webkit.org/show_bug.cgi?id=130090

        Reviewed by Antti Koivisto.

        Added new hasTagName functions that have the efficiency of hasLocalName.
        but are safe.

        Now we can always use hasTagName, and we'll get a compile time error if
        we try to use an SVG tag name with an HTML element. All call sites that
        use the more specific tag name types are more efficient, and call sites
        that have a specific pointer type will get even more efficient checking
        that is exactly what we used to get by calling hasLocalName.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::hasTagName): Cast explicitly to Element
        since Node::hasTagName no longer works on a general QualifiedName.
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::isDescendantOfElementType): Use
        more specific type, RenderElement, so we can call hasTagName on Element
        instead of Node; eliminates an unnecessary branch.

        * dom/DocumentStyleSheetCollection.cpp:
        (WebCore::DocumentStyleSheetCollection::collectActiveStyleSheets): Use
        new for loop and full words for variable names. Also use nullptr instead
        of 0. Call toHTMLElement and toSVGElement in code that checks hasTagName
        since it's already checking isHTMLElement and isSVGElement.

        * dom/Element.cpp:
        (WebCore::attrNodeListMap): Use NeverDestroyed and put the vectors into
        the map rather than putting pointers to a vector into the map.
        (WebCore::attrNodeListForElement): Take a reference rather than a pointer,
        and update for the change above.
        (WebCore::ensureAttrNodeListForElement): Ditto.
        (WebCore::removeAttrNodeListForElement): Ditto.
        (WebCore::findAttrNodeInList): Ditto.
        (WebCore::Element::isFocusable): Use ancestorsOfType<HTMLCanvasElement>
        to fine the canvas rather than a hand-written loop.
        (WebCore::Element::attrNodeList): Update for above changes.
        (WebCore::Element::setAttributeNode): Ditto.
        (WebCore::Element::attrIfExists): Ditto.
        (WebCore::Element::ensureAttr): Ditto.
        (WebCore::Element::detachAttrNodeFromElementWithValue): Ditto.
        (WebCore::Element::detachAllAttrNodesFromElement): Ditto.

        * dom/Element.h: Removed the overload of hasLocalName that takes a
        QualifiedName and ignores the non-local-name parts of it. Callers should
        use hasTagName instead, now that it's optimized appropriately. Added
        overloads of hasTagName for all the specific qualified name types. It's
        more efficient to use the Node versions of these functions rather than
        using QualifiedName::matches to do the check. Removed the hasTagName and
        hasLocalName functions from the Node class; the only convenience functions
        needed in Node are the specific checks for tags from HTML, MathML, and SVG,
        not the general purpose ones.

        * dom/Node.h: Removed hasLocalName and replaced the single hasTagName
        that takes a QualifiedName with three faster ones that take HTML, MathML,
        and SVG qualified names instead. Also updated to use nullptr instead of 0.

        * dom/PositionIterator.cpp: Added now-needed include.
        * dom/Text.cpp: Ditto.

        * dom/make_names.pl:
        (printHeaderHead): Renamed an argument for clarity and added a definitions
        argument, which is where we insert the classes derived from QualifiedName.
        (printCppHead): Renamed an argument for clarity.
        (printTypeHelpers): Use hasTagName rather than hasLocalName, since the
        former is now optimized to be the same as what the latter was.
        (printNamesHeaderFile): Define a class derived from QualifiedName that can
        be used at compile time to avoid having to check the namespace.
        (printNamesCppFile): Use the new more-specific type as needed.

        * editing/ApplyStyleCommand.cpp:
        (WebCore::isLegacyAppleStyleSpan): Use hasTagName instead of hasLocalName,
        and references instead of pointers.
        (WebCore::ApplyStyleCommand::ApplyStyleCommand): Removed uneeded explicit
        construction of a smart pointer.
        (WebCore::ApplyStyleCommand::shouldApplyInlineStyleToRun): Updated to use
        the enclosingElementWithTag function by its new name.

        * editing/Editor.cpp:
        (WebCore::Editor::selectionUnorderedListState): Updated to use the
        enclosingElementWithTag function by its new name.
        (WebCore::Editor::selectionOrderedListState): Ditto.

        * editing/InsertListCommand.cpp:
        (WebCore::InsertListCommand::doApply): Use a more-specific type for the list tag.
        (WebCore::InsertListCommand::doApplyForSingleParagraph): Ditto.
        * editing/InsertListCommand.h: Ditto.

        * editing/MarkupAccumulator.cpp:
        (WebCore::MarkupAccumulator::serializeNodesWithNamespaces): Added an explicit
        cast to Element in the loop that is already guarded by an isElementNode check.
        Also use a modern C++ for loop.

        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):
        Updated to use the enclosingElementWithTag function by its new name.
        (WebCore::ReplaceSelectionCommand::removeUnrenderedTextNodesAtEnds): Ditto.
        (WebCore::ReplaceSelectionCommand::positionAtEndOfInsertedContent): Ditto.

        * editing/TypingCommand.cpp: Added now-needed includes.
        * editing/VisibleUnits.cpp: Ditto.

        * editing/htmlediting.cpp:
        (WebCore::enclosingElementWithTag): Changed to return an Element instead of a Node,
        since nodes other than elements do not have tags.
        * editing/htmlediting.h: Ditto.

        * editing/mac/EditorMac.mm:
        (WebCore::Editor::adjustedSelectionRange): Updated to use the enclosingElementWithTag
        function by its new name.
        * editing/markup.cpp:
        (WebCore::StyledMarkupAccumulator::appendText): Ditto.
        (WebCore::StyledMarkupAccumulator::traverseNodesForSerialization): Ditto.
        (WebCore::highestAncestorToWrapMarkup): Ditto.
        (WebCore::createMarkupInternal): Ditto.
        (WebCore::createContextualFragment): Ditto. Use hasTagName instead of hasLocalName,
        since the former is now optimized to be the same as the latter was before.

        * html/HTMLCollection.cpp:
        (WebCore::isMatchingElement): Use hasTagName instead of hasLocalName,
        since the former is now optimized to be the same as the latter was before.
        (WebCore::nameShouldBeVisibleInDocumentAll): Ditto.
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::ieForbidsInsertHTML): Ditto.
        (WebCore::unicodeBidiAttributeForDirAuto): Ditto.
        (WebCore::HTMLElement::parseBorderWidthAttribute): Ditto.
        (WebCore::HTMLElement::setInnerHTML): Ditto.
        (WebCore::shouldProhibitSetInnerOuterText): Ditto. Added this to share code between
        setInnerText and setOuterText.
        (WebCore::HTMLElement::setInnerText): Ditto.
        (WebCore::HTMLElement::setOuterText): Ditto.
        (WebCore::HTMLElement::rendererIsNeeded): Ditto.
        (WebCore::HTMLElement::createElementRenderer): Ditto.

        * html/HTMLElement.h: Added hasTagName, which hides the one inherited from Element
        and takes the more-specific HTMLQualifiedName type. This means we don't need to check
        the namespace at runtime because it's known at compile time. Also put the
        implementation of Node::hasTagName for HTMLQualifiedName into this header.

        * html/HTMLObjectElement.cpp:
        (WebCore::isRecognizedTagName): Updated for change in return type of
        HTMLNames::getHTMLTags.

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::add): Use hasTagName inastead of hasLocalName.
        (WebCore::HTMLSelectElement::value): Use isHTMLOptionElement instead of hasTagName.
        Also use a new style for loop and emptyString() instead of "".
        (WebCore::HTMLSelectElement::setValue): Ditto.
        (WebCore::HTMLSelectElement::setLength): Ditto.
        (WebCore::HTMLSelectElement::searchOptionsForValue): Ditto.
        (WebCore::HTMLSelectElement::restoreFormControlState): Ditto.

        * html/HTMLTableColElement.cpp:
        (WebCore::HTMLTableColElement::additionalPresentationAttributeStyle): Use hasTagName
        instead of hasLocalName.

        * html/HTMLTableRowsCollection.cpp:
        (WebCore::isInSection): Updated to use hasTagName and take a reference.
        (WebCore::HTMLTableRowsCollection::rowAfter): Pass a reference.

        * html/parser/HTMLConstructionSite.cpp: Added now-needed include.

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::createCaseMap): Updated to return a map rather than filling one in, and to
        be flxible about the type of the table being used.
        (WebCore::adjustSVGTagNameCase): Updated to use NeverDestroyed.
        (WebCore::adjustAttributes): Added new helper so we can share more code. Updated
        template argument names for clarity.
        (WebCore::adjustSVGAttributes): Marked this inline, since it just turns around and
        calls a single non-inline function.
        (WebCore::adjustMathMLAttributes): Ditto.
        (WebCore::addNamesWithPrefix): Changed to take argument by reference instead of pointer.
        (WebCore::createForeignAttributesMap): Added. Factors out the map creation from the
        function below.
        (WebCore::adjustForeignAttributes): Updated for above changes.
        (WebCore::HTMLTreeBuilder::processStartTagForInBody): Updated to pass reference.
        (WebCore::HTMLTreeBuilder::processTokenInForeignContent): Ditto.

        * inspector/InspectorStyleSheet.cpp: Added now-needed include.

        * mathml/MathMLElement.h: Added hasTagName, which hides the one inherited from Element
        and takes the more-specific MathMLQualifiedName type. This means we don't need to check
        the namespace at runtime because it's known at compile time. Also put the
        implementation of Node::hasTagName for MathMLQualifiedName into this header.

        * mathml/MathMLInlineContainerElement.cpp:
        (WebCore::MathMLInlineContainerElement::createElementRenderer): Use hasTagName.

        * mathml/MathMLSelectElement.cpp:
        (WebCore::MathMLSelectElement::attributeChanged): Use hasTagName.
        (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex): Ditto.
        (WebCore::MathMLSelectElement::getSelectedActionChild): Ditto.
        (WebCore::MathMLSelectElement::getSelectedSemanticsChild): Ditto.
        (WebCore::MathMLSelectElement::updateSelectedChild): Ditto.
        * mathml/MathMLTextElement.cpp:
        (WebCore::MathMLTextElement::createElementRenderer): Ditto.
        (WebCore::MathMLTextElement::childShouldCreateRenderer): Ditto.

        * platform/mac/HTMLConverter.mm: Added now-needed include.
        * rendering/RenderBlockFlow.cpp: Ditto.

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended): Use hasTagName.
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::rendererForRootBackground): Ditto.
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::isSimpleContainerCompositingLayer): Ditto.

        * rendering/RenderReplaced.cpp: Added now-needed include.

        * rendering/mathml/RenderMathMLScripts.cpp:
        (WebCore::RenderMathMLScripts::RenderMathMLScripts): Use hasTagName.
        * rendering/mathml/RenderMathMLUnderOver.cpp:
        (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver): Ditto.

        * svg/SVGElement.h: Added hasTagName, which hides the one inherited from Element
        and takes the more-specific SVGQualifiedName type. This means we don't need to check
        the namespace at runtime because it's known at compile time. Also put the
        implementation of Node::hasTagName for SVGQualifiedName into this header.

        * svg/SVGFontFaceSrcElement.cpp:
        (WebCore::SVGFontFaceSrcElement::childrenChanged): Use isSVGFontFaceElement instead
        of calling hasTagName.

        * svg/SVGUseElement.cpp:
        (WebCore::isDirectReference): Changed to take a reference and a more specific type.
        (WebCore::SVGUseElement::toClipPath): Added a type cast.
        (WebCore::SVGUseElement::rendererClipChild): Use more specific types so we don't
        need a type cast.

        * xml/parser/XMLDocumentParser.cpp:
        (WebCore::XMLDocumentParser::parseDocumentFragment): Added explicit calls to this
        unusual call site that has a good reason to use hasLocalName instead of hasTagName.

2014-03-13  Antti Koivisto  <antti@apple.com>

        Try to fix iOS build.

        * page/FrameView.cpp:
        (WebCore::FrameView::performPostLayoutTasks):

2014-03-13  Antti Koivisto  <antti@apple.com>

        Remove StyleResolver::State::m_parentNode
        https://bugs.webkit.org/show_bug.cgi?id=130194

        Reviewed by Andreas Kling.

        This variable was the "parent" node where the style was being inherited from, not the actual parent.
        The code would also recompute it even though the call sites generally know the rendering parent already.

        If we consistently pass parent style to StyleResolver::styleForElement we won't need the variable and
        the associated code. We also get rid of one more client of NodeRenderingTraversal.

        * css/MediaQueryMatcher.cpp:
        (WebCore::MediaQueryMatcher::prepareEvaluator):
        * css/SVGCSSStyleSelector.cpp:
        (WebCore::StyleResolver::applySVGProperty):
        * css/StyleMedia.cpp:
        (WebCore::StyleMedia::matchMedium):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::State::clear):
        (WebCore::StyleResolver::StyleResolver):
        (WebCore::StyleResolver::State::initForStyleResolve):
        (WebCore::StyleResolver::applyProperty):
        * css/StyleResolver.h:
        (WebCore::StyleResolver::document):
        (WebCore::StyleResolver::State::State):
        * dom/Element.cpp:
        (WebCore::Element::customStyleForRenderer):
        
            Add parentStyle parameter.

        * dom/Element.h:
        * dom/PseudoElement.cpp:
        (WebCore::PseudoElement::customStyleForRenderer):
        * dom/PseudoElement.h:
        * html/HTMLOptGroupElement.cpp:
        (WebCore::HTMLOptGroupElement::didAttachRenderers):
        (WebCore::HTMLOptGroupElement::updateNonRenderStyle):
        (WebCore::HTMLOptGroupElement::customStyleForRenderer):
        * html/HTMLOptGroupElement.h:
        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::didAttachRenderers):
        (WebCore::HTMLOptionElement::updateNonRenderStyle):
        (WebCore::HTMLOptionElement::customStyleForRenderer):
        * html/HTMLOptionElement.h:
        * html/HTMLTitleElement.cpp:
        (WebCore::HTMLTitleElement::textWithDirection):
        * html/shadow/TextControlInnerElements.cpp:
        (WebCore::TextControlInnerElement::customStyleForRenderer):
        (WebCore::TextControlInnerTextElement::customStyleForRenderer):
        * html/shadow/TextControlInnerElements.h:
        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::computeStyleInRegion):
        (WebCore::RenderNamedFlowFragment::computeChildrenStyleInRegion):
        (WebCore::RenderNamedFlowFragment::setRegionObjectsRegionStyle):
        * rendering/RenderNamedFlowFragment.h:
        * style/StyleResolveTree.cpp:
        (WebCore::Style::styleForElement):
        
            This used to be Element::styleForRenderer. It is now a standalone static.

        (WebCore::Style::elementInsideRegionNeedsRenderer):
        (WebCore::Style::createRendererIfNeeded):
        (WebCore::Style::resolveLocal):
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::customStyleForRenderer):
        * svg/SVGElement.h:

2014-03-13  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Nested layers with subpixel accumulation paint to wrong position.
        https://bugs.webkit.org/show_bug.cgi?id=130153

        Reviewed by Simon Fraser.

        Subpixels (fractional device pixels here) can accumulate through nested layers. Subpixels
        need to be propagated through the layer tree so that painting coordinates match layout coordinates.
        
        Compositing case: (absolute positioning, 2x display)
        parent layer pos(0.3, 0.3) -> floored painting position (0, 0)
        child layer pos(10.2, 10.2) -> layout offset from parent (10.2, 10.2), 
        but the actual painting offset is (10.5, 10.5) as the result of parent flooring.
        
        Non-compositing case: (absolute positioning, 2x display)
        parent layer pos(0.3, 0.3) -> GraphicsContext is translated to (0, 0).
        child layer pos(10.2, 10.2) -> layout offset from parent (10.2, 10.2)
        but the GraphicsContext's offset is (10.5, 10.5) as the result of the parent's translate.   

        In both cases, without the subpixel adjustment, we'd paint the current layer at (10.0, 10.0)
        after flooring, while its painting position is actually (10.5, 10.5).
        Subpixels do accumulate through nested layers.

        Tests: compositing/hidpi-nested-compositing-layers-with-subpixel-accumulation.html
               fast/layers/hidpi-nested-layers-with-subpixel-accumulation.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerByApplyingTransform):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        * rendering/RenderLayerBacking.h:
        (WebCore::RenderLayerBacking::devicePixelFractionFromRenderer):

2014-03-13  Radu Stavila  <stavila@adobe.com>

        The scrolledContentOffset method should handle the hasOverflowClip check
        https://bugs.webkit.org/show_bug.cgi?id=130028

        Reviewed by Antti Koivisto.

        Before this patch, every call to RenderBox::scrolledContentOffset was guarded by the
        hasOverflowClip check, because the scrolledContentOffset method would ASSERT(hasOverflowClip()).
        This was simplified by moving the hasOverflowClip check inside the scrolledContentOffset method
        and returning (0, 0) for elements that do not clip the overflow.

        No new tests needed, just a refactor.

        * editing/VisibleUnits.cpp:
        (WebCore::absoluteLineDirectionPointToLocalPointInBlock):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::paintObject):
        (WebCore::RenderBlock::selectionGapRectsForRepaint):
        (WebCore::RenderBlock::paintSelection):
        (WebCore::RenderBlock::nodeAtPoint):
        (WebCore::RenderBlock::offsetForContents):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::scrolledContentOffset):
        (WebCore::RenderBox::offsetFromContainer):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::offsetFromContainer):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::mapLayerClipRectsToFragmentationLayer):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::decorationsClipRectForBoxInNamedFlowFragment):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::mapLocalToContainer):
        (WebCore::RenderObject::pushMappingToContainer):
        (WebCore::RenderObject::mapAbsoluteToLocalPoint):
        (WebCore::RenderObject::offsetFromContainer):
        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::hitInnerTextElement):

2014-03-13  Chris Fleizach  <cfleizach@apple.com>

        AX: accessibility data table heuristics fail on this jQuery table
        https://bugs.webkit.org/show_bug.cgi?id=129369

        Reviewed by Mario Sanchez Prada.

        Updated accessibility/table-detection.html

        If a table uses display style of table-row-group, the RenderTable gets disassociated from the HTMLTableElement.
        We can find that element in a different way by asking for the parent of the first table section.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::activeDescendant):
            This method was accessing an object's element unsafely and this table change exposed the issue.
        * accessibility/AccessibilityTable.cpp:
        (WebCore::AccessibilityTable::tableElement):
        (WebCore::AccessibilityTable::isDataTable):
        * accessibility/AccessibilityTable.h:

2014-03-13  Antti Koivisto  <antti@apple.com>

        Ensure that layout milestones complete in all cases
        https://bugs.webkit.org/show_bug.cgi?id=130101
        
        Reviewed by Darin Adler.
        
        Milestones fail to complete in some testing scenarios.

        * dom/Document.cpp:
        (WebCore::Document::setParsing):
        
            Check if we need to fire layout milestones if parsing finishes without pending layout.
            Parsing status affects whether the document is considered non-empty and that affects
            layout milestones.

            Remove explicit layout scheduling here, layout timer will be active already if there
            is a layout pending

        * page/FrameView.cpp:
        (WebCore::FrameView::performPostLayoutTasks):
        (WebCore::FrameView::firePaintRelatedMilestonesIfNeeded):
        
            Renamed for consistency

        (WebCore::FrameView::fireLayoutRelatedMilestonesIfNeeded):
        
            Factor layout milestone firing into a function.

        * page/FrameView.h:

2014-03-12  Brian Burg  <bburg@apple.com>

        Web Replay: add infrastructure for memoizing nondeterministic DOM APIs
        https://bugs.webkit.org/show_bug.cgi?id=129445

        Reviewed by Timothy Hatcher.

        Add two pieces of infrastructure to support memoization of selected DOM APIs.

        The first piece is MemoizedDOMResult, a templated replay input class that knows
        how to serialize a DOM API's return value, ctype, and exception code.

        The second piece is the addition of a new IDL attribute called `Nondeterministic`.
        When placed on a DOM function or attribute, the code generator will emit code
        to save the DOM API's return value or use a memoized return value instead,
        depending on the current replay state. This new emitted code path is behind
        a feature flag.

        No new tests, as no new inputs are addressed by this change. Per-DOM API replay
        regression tests will be added when those APIs are marked as nondeterministic.

        * WebCore.xcodeproj/project.pbxproj:
        * bindings/scripts/CodeGeneratorJS.pm: Add support of the `Nondeterministic` attribute.
        (GenerateImplementation): Handle cases for attributes and getters with exceptions.
        (GenerateImplementationFunctionCall): Handle function calls with and without exceptions.
        (GetNativeTypeForMemoization): Added. Converts DOMString to WTF::String.
        * bindings/scripts/IDLAttributes.txt: Add new `Nondeterministic` attribute.
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::jsTestEventTargetPrototypeFunctionItem):
        (WebCore::jsTestEventTargetPrototypeFunctionDispatchEvent):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod2):
        (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjAttrWithGetterException):
        (WebCore::jsTestObjStringAttrWithGetterException):
        (WebCore::jsTestObjWithScriptStateAttributeRaises):
        (WebCore::jsTestObjWithScriptExecutionContextAttributeRaises):
        (WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
        (WebCore::jsTestObjNullableStringValue):
        (WebCore::jsTestObjPrototypeFunctionByteMethod):
        (WebCore::jsTestObjPrototypeFunctionByteMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionOctetMethod):
        (WebCore::jsTestObjPrototypeFunctionOctetMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionLongMethod):
        (WebCore::jsTestObjPrototypeFunctionLongMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionObjMethod):
        (WebCore::jsTestObjPrototypeFunctionObjMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionMethodReturningSequence):
        (WebCore::jsTestObjPrototypeFunctionMethodThatRequiresAllArgsAndThrows):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateObj):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateObjException):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateObjException):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateWithSpaces):
        (WebCore::jsTestObjPrototypeFunctionConditionalMethod1):
        (WebCore::jsTestObjConstructorFunctionClassMethodWithOptional):
        (WebCore::jsTestObjPrototypeFunctionStringArrayFunction):
        (WebCore::jsTestObjPrototypeFunctionDomStringListFunction):
        (WebCore::jsTestObjPrototypeFunctionGetSVGDocument):
        (WebCore::jsTestObjPrototypeFunctionMutablePointFunction):
        (WebCore::jsTestObjPrototypeFunctionImmutablePointFunction):
        (WebCore::jsTestObjPrototypeFunctionStrictFunction):
        (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithSequence):
        (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithArray):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::jsTestTypedefsAttrWithGetterException):
        (WebCore::jsTestTypedefsStringAttrWithGetterException):
        (WebCore::jsTestTypedefsPrototypeFunctionMethodWithSequenceArg):
        (WebCore::jsTestTypedefsPrototypeFunctionImmutablePointFunction):
        (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction):
        (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction2):
        (WebCore::jsTestTypedefsPrototypeFunctionCallWithSequenceThatRequiresInclude):

        * replay/AllReplayInputs.h:
        * replay/MemoizedDOMResult.cpp: Added.
        (WebCore::MemoizedDOMResultBase::type):
        (WebCore::MemoizedDOMResultBase::createFromEncodedResult):
        (InputTraits<MemoizedDOMResultBase>::type):
        (InputTraits<MemoizedDOMResultBase>::encode):
        (InputTraits<MemoizedDOMResultBase>::decode):

        * replay/MemoizedDOMResult.h: Added. Every specialization of MemoizedDOMResult<T>
        stores a binding name, ctype, result value of type T, and optional exception code.
        The ctype-specific code uses the CTypeTraits struct to abstract over enum names and
        compiler types. The actual encode/decode methods just use methods from EncodingTraits<T>.

        (WebCore::MemoizedDOMResultBase::MemoizedDOMResultBase):
        (WebCore::MemoizedDOMResultBase::~MemoizedDOMResultBase):
        (WebCore::MemoizedDOMResultBase::attribute):
        (WebCore::MemoizedDOMResultBase::ctype):
        (WebCore::MemoizedDOMResultBase::exceptionCode):
        (WebCore::CTypeTraits::decode):
        (WebCore::MemoizedDOMResultBase::convertTo):
        (JSC::InputTraits<MemoizedDOMResultBase>::queue):
        * replay/ReplayInputTypes.cpp: See below.
        (WebCore::ReplayInputTypes::ReplayInputTypes):
        * replay/ReplayInputTypes.h: See below.
        * replay/SerializationMethods.cpp: We need to special-case the encoding
        and decoding of MemoizedDOMResult inputs because the input is not part of
        the generated per-framework replay inputs enum.
        (JSC::EncodingTraits<NondeterministicInputBase>::encodeValue):
        (JSC::EncodingTraits<NondeterministicInputBase>::decodeValue):

        * replay/WebInputs.json: Add the EncodedCType enum as an external enum type,
        so that we can use a generated EncodingTraits specialization to encode the enum.

2014-03-11  Jae Hyun Park  <jaepark@webkit.org>

        Make HTMLCanvasElement::is3D private
        https://bugs.webkit.org/show_bug.cgi?id=130117

        Reviewed by Anders Carlsson.

        HTMLCanvasElement::is3D is not used anywhere except HTMLCanvasElement.
        So, make HTMLCanvasElement::is3D a private method. Also, make more use
        of is3D method.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::reset):
        (WebCore::HTMLCanvasElement::getImageData):
        * html/HTMLCanvasElement.h:

2014-03-12  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: OS X View Indication
        https://bugs.webkit.org/show_bug.cgi?id=130119

        Reviewed by Timothy Hatcher.

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::setIndicating):
        OS X will handles this in the InspectorOverlay. iOS does not use the
        overlay, so it handles this in the client (already implemented).

        * inspector/InspectorOverlay.h:
        Remove unused m_size, and add a boolean for the indicating state.

        * inspector/InspectorOverlay.cpp:
        (WebCore::InspectorOverlay::InspectorOverlay):
        (WebCore::InspectorOverlay::shouldShowOverlay):
        Helper for determining if we should show the overlay or not.

        (WebCore::InspectorOverlay::setIndicating):
        Set the state and trigger an overlay update.

        (WebCore::InspectorOverlay::paint):
        (WebCore::InspectorOverlay::update):
        (WebCore::InspectorOverlay::drawGutter):
        (WebCore::InspectorOverlay::evaluateInOverlay):
        Simplification of existing methods.

        * inspector/InspectorOverlayPage.css:
        (.indicate):
        Give the page a blue tint, matching the node highlight color.

        * inspector/InspectorOverlayPage.js:
        (showPageIndication):
        (hidePageIndication):
        Add / remove a body style class.

        (drawNodeHighlight):
        Remove unused parameters.

2014-03-12  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Disable REMOTE_INSPECTOR in earlier OS X releases
        https://bugs.webkit.org/show_bug.cgi?id=130118

        Reviewed by Timothy Hatcher.

        * Configurations/FeatureDefines.xcconfig:

2014-03-12  Tim Horton  <timothy_horton@apple.com>

        Build fix for ENABLE(IMAGE_CONTROLS) after 165479

        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::servicesRolloverButtonCell):
        (WebCore::RenderThemeMac::paintImageControlsButton):
        (WebCore::RenderThemeMac::imageControlsButtonSize):
        Don't try to use the AppKit methods that are only available on 64-bit.

2014-03-12  Brent Fulgham  <bfulgham@apple.com>

        [WebVTT] HTML5 "space" cahracters around "-->" are not required
        https://bugs.webkit.org/show_bug.cgi?id=117421

        Reviewed by Eric Carlson.

        Merged from Blink (patch by caitpotter88@gmail.com):
        https://chromium.googlesource.com/chromium/blink/+/4ef469cd627a13696b88e285ae28a60e38f9c286
        http://crbug.com/242158

        New tests: media/track/track-webvtt-tc029-timings-whitespace.html

        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::collectTimingsAndSettings): Make whitespace around cue-timings optional.

2014-03-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r165482.
        https://bugs.webkit.org/show_bug.cgi?id=130157

        Broke the windows build; "error C2466: cannot allocate an
        array of constant size 0" (Requested by jernoble on #webkit).

        Reverted changeset:

        "Reduce memory use for static property maps"
        https://bugs.webkit.org/show_bug.cgi?id=129986
        http://trac.webkit.org/changeset/165482

2014-03-12  Brian Burg  <bburg@apple.com>

        Web Inspector receives spurious setScriptEnabled instrumentation calls
        https://bugs.webkit.org/show_bug.cgi?id=130147

        Reviewed by Timothy Hatcher.

        When page settings change, inspector instrumentation should only fire if
        the scriptsEnabled setting actually changes from the previous setting. But
        due to an unnecessary PLATFORM(IOS) guard, the inspector was being notified
        on every settings update even if nothing changed.

        This manifested as lots of Page.scriptsEnabled messages being sent to
        the inspector frontend as the Inspector window is dragged.

        * page/Settings.cpp:
        (WebCore::Settings::setScriptEnabled): Remove PLATFORM(IOS) from early return.

2014-03-12  Simon Fraser  <simon.fraser@apple.com>

        Have the scrolling tree track the viewport size, not the viewport rect
        https://bugs.webkit.org/show_bug.cgi?id=130141

        Reviewed by Beth Dakin.

        The scrolling tree only needs to know the size of the viewport, not its
        origin, since the origin is deduced from the updated scroll position.

        * WebCore.exp.in:
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):
        * page/scrolling/ScrollingStateScrollingNode.cpp:
        (WebCore::ScrollingStateScrollingNode::ScrollingStateScrollingNode):
        (WebCore::ScrollingStateScrollingNode::setViewportSize):
        (WebCore::ScrollingStateScrollingNode::dumpProperties):
        * page/scrolling/ScrollingStateScrollingNode.h:
        * page/scrolling/ScrollingTreeScrollingNode.cpp:
        (WebCore::ScrollingTreeScrollingNode::updateBeforeChildren):
        * page/scrolling/ScrollingTreeScrollingNode.h:
        (WebCore::ScrollingTreeScrollingNode::viewportSize):
        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeScrollingNodeIOS::setScrollLayerPosition):
        (WebCore::ScrollingTreeScrollingNodeIOS::maximumScrollPosition):
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
        (WebCore::ScrollingTreeScrollingNodeMac::updateAfterChildren):
        (WebCore::ScrollingTreeScrollingNodeMac::setScrollLayerPosition):
        (WebCore::ScrollingTreeScrollingNodeMac::maximumScrollPosition):
        (WebCore::ScrollingTreeScrollingNodeMac::logExposedUnfilledArea):

2014-03-12  Simon Fraser  <simon.fraser@apple.com>

        Spelling is hard
        https://bugs.webkit.org/show_bug.cgi?id=130146

        Reviewed by Beth Dakin.

        Fix spelling (constained -> constrained).

        * rendering/RenderLayerModelObject.cpp:
        (WebCore::RenderLayerModelObject::styleDidChange):

2014-03-12  Simon Fraser  <simon.fraser@apple.com>

        Change scrollOffsetForFixedPosition() to do LayoutUnit math
        https://bugs.webkit.org/show_bug.cgi?id=129981

        Reviewed by Beth Dakin.

        FrameView::scrollOffsetForFixedPosition() returned an IntSize,
        but to allow subpixel scroll offsets, we need it to return a LayoutSize.
        
        Fix code that calls this to use more LayoutUnit math.
        
        This progresses fixed background images on zoom, which cam now be subpixel
        positioned.

        * WebCore.exp.in:
        * page/FrameView.cpp:
        (WebCore::FrameView::viewportConstrainedVisibleContentRect):
        (WebCore::FrameView::scrollOffsetForFixedPosition):
        * page/FrameView.h:
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::constrainScrollPositionForOverhang):
        * platform/ScrollableArea.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateScrollLayerPosition):

2014-03-12  Gavin Barraclough  <barraclough@apple.com>

        Reduce memory use for static property maps
        https://bugs.webkit.org/show_bug.cgi?id=129986

        Reviewed by Andreas Kling.

        Static property tables are currently duplicated on first use from read-only memory into dirty memory
        in every process, and since the entries are large (48 bytes) and the tables can be unusually sparse
        (we use a custom hash table without a rehash) a lot of memory may be wasted.

        * bindings/js/JSDOMBinding.h:
        (WebCore::getStaticValueSlotEntryWithoutCaching):
        (WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMWrapper>):
            - HashEntry -> HashTableValue.
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):
            - HashEntry -> HashTableValue.
        * bindings/js/JSHistoryCustom.cpp:
        (WebCore::JSHistory::getOwnPropertySlotDelegate):
            - HashEntry -> HashTableValue.
        * bindings/js/JSLocationCustom.cpp:
        (WebCore::JSLocation::getOwnPropertySlotDelegate):
        (WebCore::JSLocation::putDelegate):
            - HashEntry -> HashTableValue.
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateGetOwnPropertySlotBody):
            - HashEntry -> HashTableValue.
        (GenerateHashTable):
            - emit the hash table index into the derived source (we were calculating this already to ensure chaining does not get too deep).

2014-03-12  Tim Horton  <timothy_horton@apple.com>

        Hook up image controls for WebKit1
        https://bugs.webkit.org/show_bug.cgi?id=130062
        <rdar://problem/15964809>

        Reviewed by Brady Eidson.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSPrimitiveValueMappings.h:
        Fix some header ordering.

        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        Handle mapping ImageControlsButtonPart to the -webkit-appearance value CSSValueImageControlsButton.

        * css/CSSValueKeywords.in:
        * platform/ThemeTypes.h:
        Add a -webkit-appearance value image-controls-button, and an associated control part.

        * dom/Node.h:
        (WebCore::Node::isImageControlsButtonElement): Added.

        * html/shadow/mac/ImageControlsButtonElementMac.cpp: Added.
        (WebCore::RenderImageControlsButton::RenderImageControlsButton):
        (WebCore::RenderImageControlsButton::~RenderImageControlsButton):
        (WebCore::RenderImageControlsButton::updateLogicalWidth):
        (WebCore::RenderImageControlsButton::computeLogicalHeight):
        (WebCore::ImageControlsButtonElementMac::ImageControlsButtonElementMac):
        (WebCore::ImageControlsButtonElementMac::~ImageControlsButtonElementMac):
        (WebCore::ImageControlsButtonElementMac::maybeCreate):
        (WebCore::ImageControlsButtonElementMac::defaultEventHandler):
        (WebCore::ImageControlsButtonElementMac::createElementRenderer):
        * html/shadow/mac/ImageControlsButtonElementMac.h: Added.
        Add a new element/renderer pair for the single button that comprises image controls on Mac.
        RenderImageControlsButton gets its size from the theme's imageControlsButtonSize.

        * html/shadow/mac/ImageControlsRootElementMac.cpp:
        (WebCore::RenderImageControls::RenderImageControls):
        (WebCore::RenderImageControls::~RenderImageControls):
        (WebCore::RenderImageControls::updateLogicalWidth):
        (WebCore::RenderImageControls::computeLogicalHeight):
        (WebCore::ImageControlsRootElement::maybeCreate):
        (WebCore::ImageControlsRootElementMac::ImageControlsRootElementMac):
        (WebCore::ImageControlsRootElementMac::~ImageControlsRootElementMac):
        (WebCore::ImageControlsRootElementMac::createElementRenderer):
        * html/shadow/mac/ImageControlsRootElementMac.h:
        Add a custom renderer for the root image controls element on Mac, which inherits
        its size from the <img> that it is shadowing.
        Add a ImageControlsButtonElementMac as the sole child of the root element.

        * html/shadow/mac/imageControlsMac.css:
        (.x-webkit-image-controls):
        (.x-webkit-image-controls-button):
        (.x-webkit-image-controls:hover .x-webkit-image-controls-button):
        The button should become opaque whenever *any* part of the image is hovered,
        not just the button itself. Also, use the new image-controls-button -webkit-appearance
        value to get the appropriate appearance from the theme.

        * page/ContextMenuContext.cpp:
        (WebCore::ContextMenuContext::ContextMenuContext):
        * page/ContextMenuContext.h:
        (WebCore::ContextMenuContext::setControlledImage):
        (WebCore::ContextMenuContext::controlledImage):
        Store an image on the ContextMenuContext instead of just whether we hit an image.

        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::handleContextMenuEvent):
        (WebCore::ContextMenuController::showContextMenu):
        (WebCore::imageFromImageElementNode):
        (WebCore::ContextMenuController::maybeCreateContextMenu):
        (WebCore::ContextMenuController::populate):
        Keep track of the hit image in the ContextMenuContext.

        (WebCore::ContextMenuController::replaceControlledImage):
        Replace the hit image with a new one.

        * page/ContextMenuController.h:

        * rendering/RenderReplaced.h:
        Fix a double-space typo.

        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::adjustStyle):
        (WebCore::RenderTheme::paint):
        (WebCore::RenderTheme::paintBorderOnly):
        (WebCore::RenderTheme::paintDecorations):
        Handle ImageControlsButtonPart in RenderTheme's switches.

        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::imageControlsButtonSize):
        (WebCore::RenderTheme::paintImageControlsButton):
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::servicesRolloverButtonCell):
        (WebCore::RenderThemeMac::paintImageControlsButton):
        (WebCore::RenderThemeMac::imageControlsButtonSize):
        Paint the image controls button.

        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::WebContentReader::readImage):
        (WebCore::Editor::WebContentReader::readURL):
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::WebContentReader::readImage):
        * platform/URL.cpp:
        (WebCore::URL::fakeURLWithRelativePart):
        * platform/URL.h:
        Factor out code to create a "fake" URL (with a UUID "hostname" and the
        webkit-fake-url protocol), and make use of it where we construct such URLs.

2014-03-12  Jer Noble  <jer.noble@apple.com>

        [Mac] Crash when running media/fallback.html test in MediaPlayerPrivateAVFoundation::scheduleMainThreadNotification()
        https://bugs.webkit.org/show_bug.cgi?id=130136

        Reviewed by Eric Carlson.

        MediaPlayerPrivateAVFoundation is trying to lock its m_queueMutex from an async thread after
        while being destroyed in the main thread. To resolve this race condition, redispatch from
        the async thread to the main thread, and use a WeakPtr to determine whether the object has
        been destroyed or not.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::checkPlayability):

2014-03-12  Brent Fulgham  <bfulgham@apple.com>

        [Win] Remove use of QTSDK
        https://bugs.webkit.org/show_bug.cgi?id=130049

        Reviewed by Darin Adler.

        Media testing already covers this functionality.

        * WebCore.vcxproj/WebCore.vcxproj: Remove QuickTime files.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * platform/graphics/MediaPlayer.h: Remove QuickTime and Chromium
        media references.
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp: Removed.
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.h: Removed.
        * platform/graphics/win/QTCFDictionary.cpp: Removed.
        * platform/graphics/win/QTCFDictionary.h: Removed.
        * platform/graphics/win/QTDecompressionSession.cpp: Removed.
        * platform/graphics/win/QTDecompressionSession.h: Removed.
        * platform/graphics/win/QTMovie.cpp: Removed.
        * platform/graphics/win/QTMovie.h: Removed.
        * platform/graphics/win/QTMovieGWorld.cpp: Removed.
        * platform/graphics/win/QTMovieGWorld.h: Removed.
        * platform/graphics/win/QTMovieTask.cpp: Removed.
        * platform/graphics/win/QTMovieTask.h: Removed.
        * platform/graphics/win/QTMovieVisualContext.cpp: Removed.
        * platform/graphics/win/QTMovieVisualContext.h: Removed.
        * platform/graphics/win/QTMovieWinTimer.cpp: Removed.
        * platform/graphics/win/QTMovieWinTimer.h: Removed.
        * platform/graphics/win/QTPixelBuffer.cpp: Removed.
        * platform/graphics/win/QTPixelBuffer.h: Removed.
        * platform/graphics/win/QTTrack.cpp: Removed.
        * platform/graphics/win/QTTrack.h: Removed.
        * plugins/win/PluginDatabaseWin.cpp:
        (WebCore::PluginDatabase::defaultPluginDirectories): Don't look
        for the QuickTime plugin anymore.

2014-03-12  David Kilzer  <ddkilzer@apple.com>

        Fix build after r165472

        Fixes the following build failure:

            WebCore/rendering/shapes/Shape.cpp:97:20: error: unused function 'ensureRadiiDoNotOverlap' [-Werror,-Wunused-function]
            static inline void ensureRadiiDoNotOverlap(FloatRect& bounds, FloatSize& radii)
                               ^
            1 error generated.

        * rendering/shapes/Shape.cpp:
        (ensureRadiiDoNotOverlap): Remove unused function.

2014-03-12  Bem Jones-Bey  <bjonesbe@adobe.com>

        [CSS Shapes] Remove deprecated shapes
        https://bugs.webkit.org/show_bug.cgi?id=125235

        Reviewed by Dirk Schulze.

        Remove support for deprecated shape types and syntax. These have
        already been removed from the CSS Shapes specification, so this aligns
        the implementation with the specification.

        The "new" tests below were simply moved from the old csswg directory,
        as they were the only tests there that applied to the current syntax.

        Tests: fast/shapes/shape-outside-floats/shape-outside-floats-polygon-000.html
               fast/shapes/shape-outside-floats/shape-outside-floats-polygon-001.html
               fast/shapes/shape-outside-floats/shape-outside-floats-polygon-002.html

        * css/BasicShapeFunctions.cpp:
        (WebCore::valueForBasicShape):
        (WebCore::basicShapeForValue):
        * css/BasicShapeFunctions.h:
        * css/CSSBasicShapes.cpp:
        * css/CSSBasicShapes.h:
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseBasicShape):
        * rendering/shapes/Shape.cpp:
        (WebCore::Shape::createShape):
        * rendering/shapes/ShapeInsideInfo.cpp:
        (WebCore::ShapeInsideInfo::isEnabledFor):
        * rendering/style/BasicShapes.cpp:
        * rendering/style/BasicShapes.h:

2014-03-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] [Stable] deadlock in gobject introspection
        https://bugs.webkit.org/show_bug.cgi?id=125651

        Reviewed by Sergio Villar Senin.

        Make the default SoupNetworkSession a destroyable object to ensure
        the wrapped SoupSession is finalized when the process finishes. This
        is important because soup cancels any ongoing connection when finalized.

        * platform/network/soup/SoupNetworkSession.cpp:
        (WebCore::SoupNetworkSession::defaultSession): Do not use NeverDestroyed.
        * platform/network/soup/SoupNetworkSession.h:

2014-03-12  Antti Koivisto  <antti@apple.com>

        Don't use NodeRenderingTraversal for pseudo elements
        https://bugs.webkit.org/show_bug.cgi?id=130091

        Reviewed by Andreas Kling.

        Make traversing during style resolve more comprehensible by handling before/after pseudo elements explicitly.

        With this patch NodeRenderingTraversal is only needed for InsertionPoints (which are nothing but an implementation
        detail of the <details> element at this point).

        * dom/Element.cpp:
        (WebCore::shouldUseNodeRenderingTraversalSlowPath):
        
            PseudoElements don't need the slow path anymore.

        (WebCore::Element::setBeforePseudoElement):
        (WebCore::Element::setAfterPseudoElement):
        (WebCore::Element::clearBeforePseudoElement):
        (WebCore::Element::clearAfterPseudoElement):
        * dom/NodeRenderingTraversal.cpp:
        (WebCore::NodeRenderingTraversal::traverseParent):
        (WebCore::NodeRenderingTraversal::firstChildSlow):
        (WebCore::NodeRenderingTraversal::nextSiblingSlow):
        (WebCore::NodeRenderingTraversal::previousSiblingSlow):
        * dom/NodeRenderingTraversal.h:
        (WebCore::NodeRenderingTraversal::firstChild):
        * style/StyleResolveTree.cpp:
        (WebCore::Style::nextSiblingRenderer):
        
            Add ::before/::after pseudo element handling here.

        (WebCore::Style::shouldCreateRenderer):
        (WebCore::Style::elementInsideRegionNeedsRenderer):
        (WebCore::Style::createRendererIfNeeded):
        (WebCore::Style::previousSiblingRenderer):
        
            Add ::before pseudo element handling here (text node can't be ::after).

        (WebCore::Style::reattachTextRenderersForWhitespaceOnlySiblingsAfterAttachIfNeeded):
        (WebCore::Style::textRendererIsNeeded):
        (WebCore::Style::createTextRendererIfNeeded):
        (WebCore::Style::attachTextRenderer):
        (WebCore::Style::updateTextRendererAfterContentChange):
        (WebCore::Style::attachChildren):
        (WebCore::Style::attachDistributedChildren):
        
            Handle InsertionPoints in one place.

        (WebCore::Style::attachShadowRoot):
        (WebCore::Style::attachBeforeOrAfterPseudoElementIfNeeded):
        (WebCore::Style::attachRenderTree):
        (WebCore::Style::resolveLocal):
        (WebCore::Style::updateTextStyle):
        (WebCore::Style::resolveShadowTree):
        (WebCore::Style::updateBeforeOrAfterPseudoElement):
        (WebCore::Style::resolveTree):
        
            Pass the rendering parent around to various functions instead of determining it repeatedly by calling 
            NodeRenderingTraversal::parent. It is always the same for all direct children being resolved and generally just
            the parent element.

2014-03-12  Frédéric Wang  <fred.wang@free.fr>

        Invisible Operators should not add space.
        https://bugs.webkit.org/show_bug.cgi?id=115786

        Reviewed by Chris Fleizach.

        This change adds special handling for invisible operator to ensure they really behave as empty box. We now ignore their glyph widths and do not paint them.

        Test: mathml/presentation/mo-invisible.html

        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
        (WebCore::RenderMathMLOperator::paint):
        * rendering/mathml/RenderMathMLOperator.h:

2014-03-11  Frédéric Wang  <fred.wang@free.fr>

        Implement MathML spacing around operators .
        https://bugs.webkit.org/show_bug.cgi?id=115787

        Reviewed by Chris Fleizach.

        This makes the <mo> operators use the lspace/rspace properties to
        determine their spacing. The spacing is now consistent with the one
        of <mfenced> and as a consequence bug 118843 is fixed. This also ensures
        that the rendering of <mo> elements is updated when the form or
        attributes are changed.

        Tests: mathml/presentation/dir-mo.html
               mathml/presentation/mo-form-dynamic.html
               mathml/presentation/mo-form-minus-plus.html
               mathml/presentation/mo-form.html
               mathml/presentation/mo-lspace-rspace-dynamic.html
               mathml/presentation/mo-lspace-rspace.html
               mathml/presentation/mo-whitespaces.html

        * css/mathml.css:
        * mathml/MathMLInlineContainerElement.cpp:
        (WebCore::MathMLInlineContainerElement::childrenChanged):
        * mathml/MathMLInlineContainerElement.h:
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::setOperatorPropertiesFromOpDictEntry):
        (WebCore::RenderMathMLOperator::SetOperatorProperties):
        (WebCore::RenderMathMLOperator::updateFromElement):
        (WebCore::RenderMathMLOperator::updateOperatorProperties):
        (WebCore::RenderMathMLOperator::updateStyle):
        * rendering/mathml/RenderMathMLOperator.h:
        * rendering/mathml/RenderMathMLRow.cpp:
        (WebCore::RenderMathMLRow::updateOperatorProperties):
        * rendering/mathml/RenderMathMLRow.h:
        * rendering/mathml/RenderMathMLToken.h:

2014-03-11  Brent Fulgham  <bfulgham@apple.com>

        Get the incomplete WebVTT Regions code to build again.
        https://bugs.webkit.org/show_bug.cgi?id=130094

        Reviewed by Eric Carlson.

        The feature is not being turned on here, so there are no new tests.

        * DerivedSources.make: Add missing IDL files for Regions.
        * WebCore.xcodeproj/project.pbxproj: Add Regions-related files.
        * html/track/InbandWebVTTTextTrack.cpp:
        (WebCore::InbandWebVTTTextTrack::newRegionsParsed): Add stub implementation.
        * html/track/LoadableTextTrack.cpp: Add missing include file.
        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::TextTrack): Correct ordering of construction
        to avoid compiler warning.

2014-03-11  Ryuan Choi  <ryuan.choi@samsung.com>

        Remove unused method from BatteryController
        https://bugs.webkit.org/show_bug.cgi?id=130063

        Reviewed by Darin Adler.

        * Modules/battery/BatteryController.h: Removed client() which is not used.

2014-03-11  Krzysztof Czech  <k.czech@samsung.com>

        [ATK] Expose aria-posinset and aria-setsize through object attributes
        https://bugs.webkit.org/show_bug.cgi?id=130011

        Reviewed by Chris Fleizach.

        Based on http://www.w3.org/TR/2014/PR-wai-aria-implementation-20140206/
        aria-poinset and aria-setsize can be exposed as object attributes.

        Test: accessibility/aria-setsize-posinset.html

        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (webkitAccessibleGetAttributes):

2014-03-10  Frédéric Wang  <fred.wang@free.fr>

        Improve renderer classes for MathML Token elements.
        https://bugs.webkit.org/show_bug.cgi?id=124838

        Reviewed by Chris Fleizach.

        This patch continues the refactoring of token elements that has been
        started in bug 44208. The <mo> element now derives from the
        RenderMathMLToken class, which was already used for the <mi> element.
        The behavior of anonymous <mo> elements created by the <mfenced> element
        is now more consistent with the one of "standard" <mo> elements and the
        spacing around them is now handled in RenderMathMLOperator. This is a
        first step towards fixing bugs 115787 and 118843. The only visible
        rendering change is how <mfenced> open/close attributes handle
        whitespace and multiple characters and some tests are added for that.
        Other features are already covered by other tests. Finally, this also
        removes some code from AccessibilityRenderObject that was used to
        workaround issues with <mo> elements.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::startOfContinuations):
        (WebCore::AccessibilityRenderObject::textUnderElement):
        (WebCore::AccessibilityRenderObject::isMathOperator):
        (WebCore::AccessibilityRenderObject::isIgnoredElementWithinMathTree):
        * mathml/MathMLTextElement.cpp:
        (WebCore::MathMLTextElement::didAttachRenderers):
        (WebCore::MathMLTextElement::childrenChanged):
        * rendering/mathml/RenderMathMLBlock.cpp:
        (WebCore::RenderMathMLBlock::RenderMathMLBlock):
        * rendering/mathml/RenderMathMLBlock.h:
        * rendering/mathml/RenderMathMLFenced.cpp:
        (WebCore::RenderMathMLFenced::RenderMathMLFenced):
        (WebCore::RenderMathMLFenced::updateFromElement):
        (WebCore::RenderMathMLFenced::createMathMLOperator):
        (WebCore::RenderMathMLFenced::makeFences):
        (WebCore::RenderMathMLFenced::addChild):
        * rendering/mathml/RenderMathMLFenced.h:
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::RenderMathMLOperator):
        (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
        (WebCore::RenderMathMLOperator::setOperatorPropertiesFromOpDictEntry):
        (WebCore::RenderMathMLOperator::SetOperatorProperties):
        (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
        (WebCore::RenderMathMLOperator::rebuildTokenContent):
        (WebCore::RenderMathMLOperator::updateTokenContent):
        (WebCore::RenderMathMLOperator::updateStyle):
        (WebCore::RenderMathMLOperator::firstLineBaseline):
        (WebCore::RenderMathMLOperator::paint):
        (WebCore::RenderMathMLOperator::paintChildren):
        * rendering/mathml/RenderMathMLOperator.h:
        * rendering/mathml/RenderMathMLToken.cpp:
        (WebCore::RenderMathMLToken::createWrapperIfNeeded):

2014-03-10  James Craig  <jcraig@apple.com>

        Web Inspector: AXI: Expose checked/disabled/expanded/pressed/readonly/selected
        https://bugs.webkit.org/show_bug.cgi?id=129781

        Reviewed by Joseph Pecoraro.

        Enabling several more properties to be exposed in the Accessibility Node Inspector.

        Updated Tests: inspector-protocol/dom/getAccessibilityPropertiesForNode.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::supportsChecked):
        * accessibility/AccessibilityObject.h:
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
        * inspector/protocol/DOM.json:

2014-03-10  Bem Jones-Bey  <bjonesbe@adobe.com>

        [CSS Shapes] inset corner radii are not flipped for vertical writing modes
        https://bugs.webkit.org/show_bug.cgi?id=129918

        Reviewed by Dean Jackson.

        When creating an inset shape, convert the radii to logical coordinates
        as well as the box.

        Tests: fast/shapes/shape-outside-floats/shape-outside-floats-inset-rounded-different-writing-modes-left.html
               fast/shapes/shape-outside-floats/shape-outside-floats-inset-rounded-different-writing-modes-right.html

        * rendering/shapes/Shape.cpp:
        (WebCore::Shape::createShape): Convert the radii to logical
            coordinates.

2014-03-10  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Frontend loaded resources from cache are not hidden as expected
        https://bugs.webkit.org/show_bug.cgi?id=130044

        Reviewed by Timothy Hatcher.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadedResourceFromMemoryCache):
        Use the new request that was passed in. Assume it is filled in appropriately.

        * loader/cache/CachedResourceLoader.h:
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::shouldContinueAfterNotifyingLoadedFromMemoryCache):
        Carry over the hidden from inspector state if the passed in request had it,
        and create the request that loadedResourceFromMemoryCache will use.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest):
        Add missing ifdefs for INSPECTOR only function.

2014-03-10  Jinwoo Song  <jinwoo7.song@samsung.com>

        Remove 'visibilitychange' attribute event listener from document
        https://bugs.webkit.org/show_bug.cgi?id=129794

        Reviewed by Simon Fraser.

        Remove the unused attribute event listener which is not defined in Page Visibility API spec.
        http://www.w3.org/TR/page-visibility/#sec-document-interface

        * dom/Document.h:

2014-03-10  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WebKit 2] Wire the unobscured rect in the WebProcess
        https://bugs.webkit.org/show_bug.cgi?id=130058

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        * platform/ScrollView.h:
        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::unobscuredContentRect):
        (WebCore::ScrollView::setUnobscuredContentRect):

2014-03-10  Benjamin Poulain  <bpoulain@apple.com>

        makeSelectorPseudoTypeMap.py should not be copied in the WebCore bundle

        * WebCore.xcodeproj/project.pbxproj:

2014-03-10  Mario Sanchez Prada  <mario.prada@samsung.com>

        [GTK] Add support for Geoclue2
        https://bugs.webkit.org/show_bug.cgi?id=120185

        Reviewed by Carlos Garcia Campos.

        Patch by Anton Obzhirov <a.obzhirov@samsung.com> and Mario Sanchez Prada <mario.prada@samsung.com>

        Implement a new geolocation provider based on Geoclue2, which will only
        be used if a good enough version of Geoclue2 is found  at configure time.

        * GNUmakefile.am: Generate C-API for accessing the D-Bus API
        provided by Geoclue2, and place it in DerivedSources.
        * GNUmakefile.list.am: Add GeolocationProviderGeoclue2.cpp, and
        include the generated proxy files when using Geoclue2.
        * PlatformGTK.cmake: Likewise, for CMake based builds.
        * platform/geoclue/GeolocationProviderGeoclue.h: Modified to
        accomodate the needs both for Geoclue and Geoclue2 providers.
        * platform/geoclue/GeolocationProviderGeoclue1.cpp: Renamed from Source/WebCore/platform/geoclue/GeolocationProviderGeoclue.cpp.
        (GeolocationProviderGeoclue::getPositionCallback):
        (GeolocationProviderGeoclue::positionChangedCallback):
        (GeolocationProviderGeoclue::createGeocluePositionCallback):
        (GeolocationProviderGeoclue::geoclueClientSetRequirementsCallback):
        (GeolocationProviderGeoclue::createGeoclueClientCallback):
        (GeolocationProviderGeoclue::GeolocationProviderGeoclue):
        (GeolocationProviderGeoclue::~GeolocationProviderGeoclue):
        (GeolocationProviderGeoclue::startUpdating):
        (GeolocationProviderGeoclue::stopUpdating):
        (GeolocationProviderGeoclue::setEnableHighAccuracy):
        (GeolocationProviderGeoclue::initializeGeoclueClient):
        (GeolocationProviderGeoclue::initializeGeocluePosition):
        (GeolocationProviderGeoclue::updateClientRequirements):
        (GeolocationProviderGeoclue::positionChanged):
        (GeolocationProviderGeoclue::errorOccurred):
        * platform/geoclue/GeolocationProviderGeoclue2.cpp: Added.
        (GeolocationProviderGeoclue::GeolocationProviderGeoclue):
        (GeolocationProviderGeoclue::~GeolocationProviderGeoclue):
        (GeolocationProviderGeoclue::startUpdating):
        (GeolocationProviderGeoclue::stopUpdating):
        (GeolocationProviderGeoclue::setEnableHighAccuracy):
        (GeolocationProviderGeoclue::createGeoclueManagerProxyCallback):
        (GeolocationProviderGeoclue::getGeoclueClientCallback):
        (GeolocationProviderGeoclue::createGeoclueClientProxyCallback):
        (GeolocationProviderGeoclue::startClientCallback):
        (GeolocationProviderGeoclue::locationUpdatedCallback):
        (GeolocationProviderGeoclue::createLocationProxyCallback):
        (GeolocationProviderGeoclue::startGeoclueClient):
        (GeolocationProviderGeoclue::updateLocation):
        (GeolocationProviderGeoclue::errorOccurred):
        (GeolocationProviderGeoclue::updateClientRequirements):

2014-03-10  Brent Fulgham  <bfulgham@apple.com>

        Unreviewed Windows Build Fix.

        * WebCore.vcxproj/WebCore.vcxproj: Don't build cURL files for Apple Windows port.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::LayerClient::platformCALayerPaintContents): Correct
        method signature to match base class.
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::loadInternal): Use proper character encoding.

2014-03-10  Simon Fraser  <simon.fraser@apple.com>

        Fix three leaks
        https://bugs.webkit.org/show_bug.cgi?id=130048

        Reviewed by Anders Carlsson.

        The NSDictionary was leaked.

        * page/ios/UserAgentIOS.mm:
        (WebCore::osMarketingVersion):

2014-03-10  Beth Dakin  <bdakin@apple.com>

        Set background color of WK2's UIScrollView to the pageExtendedBackgroundColor
        https://bugs.webkit.org/show_bug.cgi?id=129919

        Reviewed by Benjamin Poulain.

        WK2 needs to be able to ask for the pageExtendedBackgroundColor, so this patch 
        adds a function to Page that will return it

        * WebCore.exp.in:
        * page/Page.cpp:
        (WebCore::Page::pageExtendedBackgroundColor):
        * page/Page.h:
        * rendering/RenderLayerCompositor.h:
        (WebCore::RenderLayerCompositor::rootExtendedBackgroundColor):

2014-03-10  Benjamin Poulain  <bpoulain@apple.com>

        Generalize unobscured rect to all ports
        https://bugs.webkit.org/show_bug.cgi?id=130036

        Reviewed by Simon Fraser.

        iOS differentiates visible content and unobscured content. This patch moves the concept to all
        ports to remove the #ifdefs from the call sites.

        On everything but iOS, unobscuredRect and visibleRect are the same.

        * WebCore.exp.in:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::innerHeight):
        (WebCore::DOMWindow::innerWidth):
        * page/SpatialNavigation.cpp:
        (WebCore::canScrollInDirection):
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::updateScrollbars):
        (WebCore::ScrollView::paint):
        * platform/ScrollView.h:
        (WebCore::ScrollView::unobscuredContentRectIncludingScrollbars):
        (WebCore::ScrollView::unobscuredContentRect):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::viewportSize):

2014-03-10  Benjamin Poulain  <benjamin@webkit.org>

        Start splitting CSS Selectors's pseudo types
        https://bugs.webkit.org/show_bug.cgi?id=130003

        Reviewed by Andreas Kling.

        CSS Selectors pseudo types come in 3 flavors: page, pseudo class, pseudo elements.

        The three types are mixed together in a single enum list named PseudoType. Only some combinations
        of match type + pseudo type are valid, but this is implicitly defined from the code.

        This patch is the beginning of a refactoring to add more clear boundaries between
        valid and invalid combinations.

        First, the handling of page pseudo types is completely split from the other values.
        The parser use a different method for handling the value CSSParserSelector::parsePagePseudoSelector().

        PagePseudo types no longer store their string in the CSSSelector either to reduce the redundancy
        with m_pseudoType.
        When we need to generate the string for those CSSSelector, we recreate the string as needed in
        CSSSelector::selectorText().

        The remaining two types are not yet split in this patch but this introduce the preliminary clean up
        toward that goal.
        The list of parsed pseudo types is now generated at compile time from the source in SelectorPseudoTypeMap.in.

        * DerivedSources.make:
        The mapping of strings to pseudo types is generated from SelectorPseudoTypeMap.in
        by the new script makeSelectorPseudoTypeMap.py.

        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSGrammar.y.in:
        Split the parsing of Pseudo Types. Pseudo page get its own method. The others will need some work.

        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::parsePagePseudoSelector):
        (WebCore::CSSParserSelector::setPseudoTypeValue):
        * css/CSSParserValues.h:
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::specificityForPage):
        This is an example of invalid combination that is hidden by the current code.
        First, Left and Right could never appear in a pseudo class match.
        (WebCore::CSSSelector::pseudoId):
        (WebCore::CSSSelector::parsePseudoType):
        (WebCore::appendPseudoTypeTailIfNecessary):
        (WebCore::CSSSelector::selectorText):
        * css/CSSSelector.h:
        (WebCore::CSSSelector::pseudoType):
        (WebCore::CSSSelector::matchesPseudoElement):
        (WebCore::CSSSelector::setValue):
        (WebCore::CSSSelector::CSSSelector):
        * css/PageRuleCollector.cpp:
        (WebCore::checkPageSelectorComponents):
        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::checkOne):
        * css/SelectorPseudoTypeMap.h: Added.
        * css/SelectorPseudoTypeMap.in: Added.
        * css/makeSelectorPseudoTypeMap.py: Added.
        (enumerablePseudoType):
        (expand_ifdef_condition):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoType):

2014-03-10  Enrica Casucci  <enrica@apple.com>

        iOS build fix after http://trac.webkit.org/changeset/165385

        Unreviewed.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper arrayOfTextForTextMarkers:attributed:]):

2014-03-10  Daniel Bates  <dabates@apple.com>

        REGRESSION (r159218): FrameView::layout() should destroy TemporaryChange<LayoutPhase>
        before destroying Ref<FrameView>
        https://bugs.webkit.org/show_bug.cgi?id=130034
        <rdar://problem/15664288>

        Reviewed by Alexey Proskuryakov.

        We should always destroy TemporaryChange<LayoutPhase> before destroying Ref<FrameView>
        in FrameView::layout() so as to ensure that the FrameView exists when we restore the
        original layout phase value.

        The existing test fast/frames/crash-remove-iframe-during-object-beforeload.html covers
        this change. Although you must run the test with Guard Malloc enabled (i.e. run-webkit-tests -r).

        * page/FrameView.cpp:
        (WebCore::FrameView::layout): Move construction of variable protect before the construction of
        variable layoutPhaseRestorer. Additionally, add a period to the end of the comment associated
        with variable protect.

2014-03-10  Zsolt Borbely  <borbezs@inf.u-szeged.hu>

        ASSERTION FAILED: span >= 1
        https://bugs.webkit.org/show_bug.cgi?id=129148

        Reviewed by Andreas Kling.

        Set the value of span to 1 if the given number is too big or zero.

        Test: fast/table/incorrect-colgroup-span-values.html

        * html/HTMLTableColElement.cpp:
        (WebCore::HTMLTableColElement::parseAttribute):

2014-03-10  Brent Fulgham  <bfulgham@apple.com>

        [Win] Pass environment to Pre-Build, Pre-Link, and Post-Build Stages.
        https://bugs.webkit.org/show_bug.cgi?id=130023.

        Reviewed by Dean Jackson.

        * WebCore.vcxproj/WebCore.proj: Avoid trailing slashes in path values to
        prevent escaping during later string substitution.

2014-03-10  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Hit-testing is not working properly inside scrollable regions
        https://bugs.webkit.org/show_bug.cgi?id=130015

        Reviewed by Antti Koivisto.

        When hit-testing inside the flow thread's layer, the scrolled offset
        of the current region must be taken into consideration.

        Test: fast/regions/scrollable-regions-hit-testing-inside.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):

2014-03-10  Hans Muller  <hmuller@adobe.com>

        [CSS Shapes] SVG Image valued shape fails if root element's size is relative
        https://bugs.webkit.org/show_bug.cgi?id=128983

        Reviewed by Simon Fraser.

        When creating a shape based on an Image, compute its dimensions using
        RenderBoxModelObject::calculateImageIntrinsicDimensions(), then set the
        ImageResource's containerSize, and then use imageForRenderer() to get the
        image to be drawn. The first step resolves SVG Image relative sizes, the
        second step creates and caches an SVGImageForContainer with the correct
        containerSize, and the last step retrieves the SVGImageForContainer.

        Test: fast/shapes/shape-outside-floats/shape-outside-relative-size-svg.html

        * rendering/RenderBoxModelObject.h: Publicized calculateImageIntrinsicDimensions() and its enum.
        * rendering/shapes/Shape.cpp:
        (WebCore::Shape::createRasterShape):
        * rendering/shapes/Shape.h:
        * rendering/shapes/ShapeInfo.cpp:
        (WebCore::getShapeImageAndRect):
        (WebCore::ShapeInfo<RenderType>::computedShape):

2014-03-10  Darin Adler  <darin@apple.com>

        TextIterator: Use StringView and references rather than pointers
        https://bugs.webkit.org/show_bug.cgi?id=129975

        Reviewed by Anders Carlsson.

        TextIterator refinements:
        - Use StringView instead of deprecatedCharacters to point to characters within strings.
        - Added TextIteratorCopyableText, a safe way to copy the current text of a TextIterator,
          for use by WordAwareIterator.
        - Removed m_shouldStop; iterators stop by setting m_positionNode to null, and there is no
          need for a separate boolean to do the same thing.
        - Got rid of all the boolean data members set based on the text iterator behavior; instead
          store the behavior in a data member and check it directly.
        - Changed most functions to use references rather than pointers.
        - Small micro-optimizations, such as using fastGetAttribute rather than getAttribute.
        - Switched to nullptr instead of 0 where appropriate.
        - Removed unused functions.
        - Cut down on use of abbreviations instead of words.
        - Renamed data members and argument names for clarity.
        - Split up assertions that needlessly asserted more than one thing in a single expression.
        - Treat CDATASection just like other Text, since its text will be visible.

        * editing/Editor.cpp:
        (WebCore::Editor::advanceToNextMisspelling): Pass reference rather than pointer.
        (WebCore::Editor::rangeOfString): Ditto.
        (WebCore::Editor::countMatchesForText): Ditto.
        * editing/TextCheckingHelper.cpp:
        (WebCore::TextCheckingHelper::findFirstMisspelling): Ditto.

        * editing/TextIterator.cpp:
        (WebCore::depthCrossingShadowBoundaries): Take a reference rather than a pointer.
        (WebCore::nextInPreOrderCrossingShadowBoundaries): Ditto.
        (WebCore::fullyClipsContents): Ditto.
        (WebCore::ignoresContainerClip): Ditto.
        (WebCore::pushFullyClippedState): Ditto.
        (WebCore::setUpFullyClippedStack): Ditto.
        (WebCore::isRendererReplacedElement): Use references rather than pointers in the
        implementation. Also use fastGetAttribute instead of getAttribute.
        (WebCore::TextIteratorCopyableText::reset): Added.
        (WebCore::TextIteratorCopyableText::set): Added.
        (WebCore::TextIteratorCopyableText::appendToStringBuilder): Added.
        (WebCore::TextIterator::TextIterator): Use more initialization rather than assignment.
        Got rid of some local variables.
        (WebCore::TextIterator::advance): Removed the m_shouldStop boolean, uneeded.
        Many other improvements. Use isTextNode instead of nodeType.
        (WebCore::hasVisibleTextNode): Changed this into a file-private helper function
        instead of a member function.
        (WebCore::TextIterator::handleTextNode): Used references and cut down on type casts.
        Gave local variables clearer names.
        (WebCore::TextIterator::handleTextBox): More of the same.
        (WebCore::TextIterator::handleTextNodeFirstLetter): Ditto.
        (WebCore::TextIterator::handleReplacedElement): Ditto.
        (WebCore::shouldEmitTabBeforeNode): Ditto.
        (WebCore::hasHeaderTag): Added.
        (WebCore::shouldEmitNewlinesBeforeAndAfterNode): More of the same.
        (WebCore::shouldEmitNewlineAfterNode): Ditto.
        (WebCore::shouldEmitNewlineBeforeNode): Ditto.
        (WebCore::shouldEmitExtraNewlineForNode): Ditto.
        (WebCore::collapsedSpaceLength): Use StringImpl directly instead of using the
        deprecatedCharacters function.
        (WebCore::TextIterator::shouldRepresentNodeOffsetZero): More like above.
        (WebCore::TextIterator::shouldEmitSpaceBeforeAndAfterNode): Ditto.
        (WebCore::TextIterator::representNodeOffsetZero): Ditto.
        (WebCore::TextIterator::handleNonTextNode): Ditto.
        (WebCore::TextIterator::exitNode): Ditto.
        (WebCore::TextIterator::emitCharacter): Changed to use the new copyable text class
        instead of managing the single character buffer directly here.
        (WebCore::TextIterator::emitText): Changed to take a Text& and use the copyable text
        class. Added a FIXME about a mistake I noticed.
        (WebCore::TextIterator::range): Streamlined and simplified a bit. Updated data
        member names to be a bit clearer. This function never returned null before, but there
        was a code path that looked like it would; I removed that.
        (WebCore::TextIterator::node): Removed unneeded null checks; the range function will
        never return a range of null or one with null for a start container.
        (WebCore::SimplifiedBackwardsTextIterator::SimplifiedBackwardsTextIterator): More
        like above.
        (WebCore::SimplifiedBackwardsTextIterator::advance): Reorganized a bit and removed
        m_shouldStop.
        (WebCore::SimplifiedBackwardsTextIterator::handleTextNode): More of the same.
        (WebCore::SimplifiedBackwardsTextIterator::handleFirstLetter): Ditto.
        (WebCore::SimplifiedBackwardsTextIterator::handleReplacedElement): Ditto.
        (WebCore::SimplifiedBackwardsTextIterator::handleNonTextNode): Ditto.
        (WebCore::SimplifiedBackwardsTextIterator::exitNode): Ditto.
        (WebCore::SimplifiedBackwardsTextIterator::emitCharacter): Ditto.
        (WebCore::SimplifiedBackwardsTextIterator::advanceRespectingRange): Ditto.
        (WebCore::SimplifiedBackwardsTextIterator::range): Ditto.
        (WebCore::CharacterIterator::CharacterIterator): Ditto.
        (WebCore::CharacterIterator::range): Ditto. No need for ASSERT_NO_EXCEPTION.
        (WebCore::CharacterIterator::advance): Ditto.
        (WebCore::BackwardsCharacterIterator::BackwardsCharacterIterator): Ditto.
        (WebCore::BackwardsCharacterIterator::range): Ditto.
        (WebCore::BackwardsCharacterIterator::advance): Ditto.
        (WebCore::WordAwareIterator::WordAwareIterator): Ditto.
        (WebCore::WordAwareIterator::advance): Use copyableText for m_previousText, fixing
        the FIXME that I wrote in here before.
        (WebCore::WordAwareIterator::text): Ditto.
        (WebCore::containsKanaLetters): Changed to quickly return false when the pattern
        is all Latin-1 rather than expanding to 16-bit just to check.
        (WebCore::SearchBuffer::SearchBuffer): Iterate the target using the string operator[]
        instead of using deprecatedCharacters.
        (WebCore::SearchBuffer::append): Do the folding of quote marks and hyphens one character
        at a time as we move characters into the buffer instead of in a separate loop.
        (WebCore::TextIterator::rangeLength): Updated for changes eslwehere.
        (WebCore::TextIterator::subrange): Ditto.
        (WebCore::isInsideReplacedElement): Ditto. Also streamlined and removed unneeded null check.
        (WebCore::TextIterator::rangeFromLocationAndLength): Updated for changes elsewhere and
        removed unneeded ASSERT_NO_EXCEPTION.
        (WebCore::plainText): Ditto.
        (WebCore::collapsedToBoundary): Ditto.
        (WebCore::findPlainText): Ditto.

        * editing/TextIterator.h: Changed many functions to take references instead of pointers.
        Added TextIteratorCopyableText, to represent the current text in a TextIterator in a form
        that can be safely copied and used after further iteration. Reorganized member functions so
        they are in the same order in all the classes. Changed TextIterator to use
        TextIteratorCopyableText. Removed many unused functions, including:
        - TextIterator::length
        - TextIterator::deprecatedTextIteratorCharacters
        - TextIterator::characterAt
        - SimplifiedBackwardsTextIterator::length
        - CharacterIterator::length
        - CharacterIterator::string
        - WordAwareIterator::length
        - WordAwareIterator::range

        * editing/VisibleSelection.cpp:
        (WebCore::VisibleSelection::appendTrailingWhitespace): Pass reference rather than pointer.
        Use text().length() instead of length(). Check atEnd() before using CharacterIterator, since
        iterator member functions don't work when at the end.
        * editing/VisibleUnits.cpp:
        (WebCore::previousBoundary): Ditto.
        (WebCore::nextBoundary): Ditto.
        * editing/htmlediting.cpp:
        (WebCore::visiblePositionForIndexUsingCharacterIterator): Ditto.
        * page/ios/FrameIOS.mm:
        (WebCore::Frame::indexCountOfWordPrecedingSelection): Ditto.
        (WebCore::Frame::wordsInCurrentParagraph): Ditto.

2014-03-10  Martin Robinson  <mrobinson@igalia.com>

        [GTK] [CMake] Clean up library linking
        https://bugs.webkit.org/show_bug.cgi?id=129782

        Reviewed by Philippe Normand.

        * PlatformGTK.cmake: Some files are duplicated on the source list of two convenience
        libraries. Ensure that they are all compiled into WebCore instead of WebCorePlatformGTK.
        Some simply need to be moved to WebCore from WebCorePlatformGTK. Don't try to link
        WebCorePlatformGTK against WebCore -- convenience libraries should be able to save
        their symbol resolution for the final linking step.

2014-03-10  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Scrolling regions with the mouse wheel only works properly if hovering over the region's padding
        https://bugs.webkit.org/show_bug.cgi?id=129485

        Reviewed by Andrei Bucur.

        When searching for the region under the mouse pointer (to identify which region to scroll), 
        the localToAbsolute method must be called on the region container, not the region itself.
        Also, when calling the offsetFromContainer method on a named flow fragment,
        it must only take into consideration the border and padding of the fragment container,
        not its scrolled offset.

        Test: fast/regions/wheel-scrollable-single-region.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::scroll):
        * rendering/RenderFlowThread.cpp:
        * rendering/RenderFlowThread.h:
        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::offsetFromContainer):
        * rendering/RenderNamedFlowFragment.h:
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::fragmentFromAbsolutePointAndBox):
        * rendering/RenderNamedFlowThread.h:

2014-03-10  Jinwoo Song  <jinwoo7.song@samsung.com>

        Remove unused dispatchStorageEvent() from StorageAreaSync
        https://bugs.webkit.org/show_bug.cgi?id=129999

        Reviewed by Andreas Kling.

        dispatchStorageEvent() is not used anywhere.

        * storage/StorageAreaSync.h: Remove dispatchStorageEvent().

2014-03-09  Alexey Proskuryakov  <ap@apple.com>

        iOS build fix.

        * dom/KeyboardEvent.cpp: (WebCore::KeyboardEvent::KeyboardEvent):

2014-03-06  Alexey Proskuryakov  <ap@apple.com>

        [Mac] Don't perform a round-trip through WebProcess before interpreting key events
        https://bugs.webkit.org/show_bug.cgi?id=129812

        Reviewed by Darin Adler.

        No significant behavior changes expected, except for Esc key processing, which now
        dispatches a keypress before executing its default action.

        * platform/KeypressCommand.h: Added.
        (WebCore::KeypressCommand::KeypressCommand):
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        Moved KeypressCommand from dom/KeyboardEvent.h to its own header, as it needed
        in platform/ directory now.

        * dom/KeyboardEvent.cpp:
        (WebCore::KeyboardEvent::KeyboardEvent):
        * dom/KeyboardEvent.h:
        (WebCore::KeyboardEvent::handledByInputMethod):
        (WebCore::KeyboardEvent::keypressCommands):
        * platform/PlatformKeyboardEvent.h:
        (WebCore::PlatformKeyboardEvent::PlatformKeyboardEvent):
        (WebCore::PlatformKeyboardEvent::handledByInputMethod):
        (WebCore::PlatformKeyboardEvent::commands):
        PlatformKeyboardEvent now carries results of interpreting the event by AppKit. This
        is logically not much different from carrying charcode, and is similar to what Gtk
        does for input methods.
        KeyboardEvent already had keypress commands, which were added to it after construction.
        It's still possible for WebKit1, while with WebKit2, they are provided at construction
        time. The event now also has a boolean for whether IM handled it already.

2014-03-09  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Pass FloatSize boxsize to transform animations to support device pixel sizing.
        https://bugs.webkit.org/show_bug.cgi?id=129985

        Reviewed by Simon Fraser.

        This is in preparation to stop passing integral positioned boxes to transform animations.

        No change in behavior.

        * WebCore.exp.in:
        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::addAnimation):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::getTransformFunctionValue):
        (WebCore::GraphicsLayerCA::addAnimation):
        (WebCore::GraphicsLayerCA::appendToUncommittedAnimations):
        (WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes):
        (WebCore::GraphicsLayerCA::setTransformAnimationEndpoints):
        (WebCore::GraphicsLayerCA::setTransformAnimationKeyframes):
        * platform/graphics/ca/GraphicsLayerCA.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::startTransition):

2014-03-08  Simon Fraser  <simon.fraser@apple.com>

        [iOS Wk2] Can't scroll after going back to page in page cache
        https://bugs.webkit.org/show_bug.cgi?id=129989
        <rdar://problem/16217588>

        Reviewed by Dan Bernstein.

        iOS has a special FrameLoader::forceLayoutWithoutRecalculatingStyle()
        function that is called instead of FrameView::forceLayout(). This was unimplemented
        for the WK2 FrameLoaderClient, so no layout was forced, with the result
        that the contentSize was never updated and scrolling was broken.
        
        Fix by renaming the client function to forceLayoutOnRestoreFromPageCache()
        and having it return a bool to say whether the default forceLayout()
        should be done. WK1 can then continue to have its custom behavior,
        and Wk2 will simply do a forceLayout().
        
        Also remove FrameLaoderClient::forceLayout(), which was never called.

        * loader/EmptyClients.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad):
        * loader/FrameLoaderClient.h:

2014-03-08  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Get position:fixed working slighlty better
        https://bugs.webkit.org/show_bug.cgi?id=129988

        Reviewed by Dan Bernstein.

        On iOS we want to use the viewport-constrained visible rect, not
        just the visible rect.

        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):

2014-03-07  Simon Fraser  <simon.fraser@apple.com>

        [iOS] Don't call scrollOffsetForFixedPosition a second time if we have no header and footer layers
        https://bugs.webkit.org/show_bug.cgi?id=129912

        Reviewed by Tim Horton.

        Avoid extra work if we have no header or footer layers.

        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeScrollingNodeIOS::setScrollLayerPosition):

2014-03-08  Zalan Bujtas  <zalan@apple.com>

        RenderElement::valueForLength() callers misuse bool parameter.
        https://bugs.webkit.org/show_bug.cgi?id=129982

        Reviewed by Andreas Kling.

        Remove bogus RenderView* parameter.

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computePercentageLogicalHeight):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::repaintAfterLayoutIfNeeded):

2014-03-08  Jeremy Jones  <jeremyj@apple.com>

        Allow media element to supply the video layer after fullscreen transition has already begun.
        https://bugs.webkit.org/show_bug.cgi?id=129870

        Reviewed by Eric Carlson.

        Instead of borrowing the videolayer from the HTMLMediaElement, WebVideoFullscreen now supplies a layer to HTMLMediaElement to fill in as needed and at the appropriate time.

        This allows fullscreen even if the video layer hasn't yet been created. And in the future it allows MediaPlayer to supply other layers such as closed captions. 

        * WebCore.exp.in:
        Remove exports related to borrowing and lend the video layer.
        Add exports for supplying a layer to fullscreen and keepying the frame and gravity properties in sync.

        * html/HTMLMediaElement.cpp:
        Remove the concept of borrowing the platform layer.
        Add the concept of a supplied m_videoFullscreenLayer, into which the media player can add layers.
        When the m_videoFullscreenFrame is supplied, don't show the video layer inline any more.
        Stash video layer properties in case the media player is not yet created.

        (WebCore::HTMLMediaElement::HTMLMediaElement):
        Initialize gravity to the default. Remove m_platformLayerBorrowed.

        (WebCore::HTMLMediaElement::platformLayer):
        When we have a m_videoFullscreenLayer, don't show video inline.

        (WebCore::HTMLMediaElement::setVideoFullscreenLayer):
        Pass along the m_videoFullscreenLayer to the MediaPlayer if available or just stash it for later.

        (WebCore::HTMLMediaElement::createMediaPlayer):
        Pass along video fullscreen properties that we may have accumulated before the MediaPlayer was created.

        (WebCore::HTMLMediaElement::setVideoFullscreenGravity):
        Stash the gravity property, pass it along to the media player if possible.

        * html/HTMLMediaElement.h:
        Remove concept of borrowing the video layer. Add properties for a supplied videoFullscreenLayer.

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::setVideoFullscreenLayer):
        Forward on to internal implementation.

        (WebCore::MediaPlayer::setVideoFullscreenFrame):
        Forward on to internal implementation.

        (WebCore::MediaPlayer::setVideoFullscreenGravity):
        Forward on to internal implementation.

        * platform/graphics/MediaPlayer.h:
        Add methods for video fullscreen Layer, Frame and Gravity.

        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::setVideoFullscreenLayer):
        Add default implementation.

        (WebCore::MediaPlayerPrivateInterface::setVideoFullscreenFrame):
        Add default implementation.
        
        (WebCore::MediaPlayerPrivateInterface::setVideoFullscreenGravity):
        Add default implementation.
        
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        Add support for fullscreen video layer, frame and gravity.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC):
        Init m_videoFullscreenGravity. 

        (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoLayer):
        Apply cached properties once video layer is created and add to the fullscreen layer.

        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer):
        Cache the property value. Add video layer right away available.

        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenFrame):
        Cache the property value. Apply to video layer right away if available.

        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenGravity):
        Cache the property value. Apply to video layer right away if available.

        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        Supply a fullscreen video layer to the WebVideoFullscreenModel and to the WebVideoFullscreenInterface.

        (-[WebVideoFullscreenController enterFullscreen:]):
        Supply a fullscreen video layer to the WebVideoFullscreenModel and to the WebVideoFullscreenInterface.

        (-[WebVideoFullscreenController didExitFullscreen]):
        Clean up the videoFullscreenLayer.

        * platform/ios/WebVideoFullscreenInterface.h:
        Remove methods related to lending the video layer.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        Rename WebAVPlayer layer to WebAVVideoLayer to match the AVKit name.
        Remove functions related to lending the video layer.
        Supply a layer directly to enterFullscreen.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (+[WebAVVideoLayer videoLayer]):
        Rename WebAVPlayer layer to WebAVVideoLayer to match the AVKit name.

        (-[WebAVVideoLayer setPlayerController:]):
        Store the AVPlayerController to prevent AVKit's default behavior.

        (-[WebAVVideoLayer setBounds:]):
        Forward this onto the WebVideoFullscreenModel

        (-[WebAVVideoLayer setVideoLayerGravity:]):
        Forward this onto the WebVideoFullscreenModel

        (-[WebAVVideoLayer videoLayerGravity]):
        Forward this onto the WebVideoFullscreenModel

        (WebVideoFullscreenInterfaceAVKit::enterFullscreen):
        Supply a video layer directly instead of relying on one being previously loaned.

        (WebVideoFullscreenInterfaceAVKit::exitFullscreen):
        Clean-up now assumes there is a video layer.

        * platform/ios/WebVideoFullscreenModel.h:
        Remove methods for borrowing and returning video layers.
        Add methods for keeping video layer state in sync.

        * platform/ios/WebVideoFullscreenModelMediaElement.h:
        Remove methods for borrowing and returning video layers.
        Add method for supplying a video fullscreen layer.
        Add methods for keeping video layer state in sync.

        * platform/ios/WebVideoFullscreenModelMediaElement.mm:
        (WebVideoFullscreenModelMediaElement::setMediaElement):
        Handle audio element case by setting hasVideo to false.

        (WebVideoFullscreenModelMediaElement::setVideoFullscreenLayer):
        Pass along the video fullscreen layer to the media element.

        (WebVideoFullscreenModelMediaElement::setVideoLayerFrame):
        Pass along the video layer frame to the media element.

        (WebVideoFullscreenModelMediaElement::setVideoLayerGravity):
        Pass along the video layer gravity to the media element.

2014-03-08  Jae Hyun Park  <jaepark@webkit.org>

        Clean up PlatformLayer.h
        https://bugs.webkit.org/show_bug.cgi?id=129967

        Reviewed by Martin Robinson.

        * platform/graphics/PlatformLayer.h:
        Remove duplicated declaration of PlatformLayer when using TextureMapper.

2014-03-08  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Simple compositing container layer (isSimpleContainerCompositingLayer) paints to wrong position.
        https://bugs.webkit.org/show_bug.cgi?id=129861

        Reviewed by Simon Fraser.

        This patch ensures that both the simple and non-simple cases paint to the same position.
        Simple compositing container layer codepath needs to take the fractional device pixel offset
        into account when painting. Without the fractional value, the final paint rounding could push the
        paint offset to a different position.
        retina example:
        compositing top-left: 0px 0px.
        fractional offset: 0.3px 0.3px
        painting coords without offseting: 0px 0px
                           with offseting: 0.5px 0.5px

        Tests: compositing/hidpi-simple-container-layer-on-device-pixel.html

        * WebCore.exp.in:
        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::contentsRect):
        (WebCore::GraphicsLayer::setContentsRect):
        (WebCore::GraphicsLayer::contentsClippingRect):
        (WebCore::GraphicsLayer::setContentsClippingRect):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::setContentsRect):
        (WebCore::GraphicsLayerCA::setContentsClippingRect):
        (WebCore::GraphicsLayerCA::updateContentsRects):
        * platform/graphics/ca/GraphicsLayerCA.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        (WebCore::RenderLayerBacking::updateDirectlyCompositedBackgroundColor):
        (WebCore::RenderLayerBacking::updateDirectlyCompositedBackgroundImage):
        (WebCore::RenderLayerBacking::contentOffsetInCompostingLayer):
        (WebCore::RenderLayerBacking::backgroundBoxForPainting):
        * rendering/RenderLayerBacking.h:

2014-03-08  Oliver Hunt  <oliver@apple.com>

        SerializedScriptValue may move Identifiers between worlds
        https://bugs.webkit.org/show_bug.cgi?id=129979

        Reviewed by Andreas Kling.

        Test: fast/workers/worker-copy-shared-blob-url.html

        Don't use Strings to store blob URLs as String's may be Identifiers
        and they can only exist in one world/thread at a time.

        * Modules/indexeddb/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::put):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::deserializeString):
        (WebCore::SerializedScriptValue::addBlobURL):
        (WebCore::SerializedScriptValue::SerializedScriptValue):
        * bindings/js/SerializedScriptValue.h:

2014-03-07  Timothy Hatcher  <timothy@apple.com>

        Load source maps and their resources asynchronously.

        https://bugs.webkit.org/show_bug.cgi?id=112071

        Reviewed by Joseph Pecoraro.

        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::buildObjectForFrameTree):
        Honor the hiddenFromInspector flag.

        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::willSendRequest):
        (WebCore::InspectorResourceAgent::markResourceAsCached):
        (WebCore::InspectorResourceAgent::didReceiveResponse):
        (WebCore::InspectorResourceAgent::didReceiveData):
        (WebCore::InspectorResourceAgent::didFinishLoading):
        (WebCore::InspectorResourceAgent::didFailLoading):
        (WebCore::InspectorResourceAgent::replayXHR):
        (WebCore::InspectorResourceAgent::loadResource):
        * inspector/InspectorResourceAgent.h:
        Honor the hiddenFromInspector flag by keeping track of
        hidden identifiers in a HashSet.

        * inspector/protocol/Network.json:
        (Network.loadResource): Added.

        * platform/network/ResourceRequestBase.h:
        (WebCore::ResourceRequestBase::hiddenFromInspector): Added.
        (WebCore::ResourceRequestBase::setHiddenFromInspector): Added.
        (WebCore::ResourceRequestBase::ResourceRequestBase):
        Add a flag to hide the request from the Inspector.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::XMLHttpRequest):
        (WebCore::XMLHttpRequest::sendForInspector): Added.
        (WebCore::XMLHttpRequest::sendForInspectorXHRReplay): Renamed.
        (WebCore::XMLHttpRequest::createRequest):
        * xml/XMLHttpRequest.h:
        Make Inspector loads allow cross-origins and hide their request
        from the Inspector itself.

2014-03-07  Tim Horton  <timothy_horton@apple.com>

        [WebKit2][iOS] PDF
        https://bugs.webkit.org/show_bug.cgi?id=129600
        <rdar://problem/15260216>

        Reviewed by Anders Carlsson.

        * WebCore.exp.in:
        * platform/MIMETypeRegistry.cpp:
        (WebCore::initializeSupportedImageMIMETypes):
        (WebCore::initializePDFMIMETypes):
        (WebCore::initializePostScriptMIMETypes):
        (WebCore::initializeMIMETypeRegistry):
        (WebCore::MIMETypeRegistry::getPDFMIMETypes):
        * platform/MIMETypeRegistry.h:
        Split PDF and PostScript MIME types, so WebKit2 can retrieve just the PDF ones
        without PostScript included.

2014-03-07  Myles C. Maxfield  <mmaxfield@apple.com>

        Comment in RenderStyle is no longer accurate
        https://bugs.webkit.org/show_bug.cgi?id=129956

        Reviewed by Simon Fraser.

        RenderStyle::createStyleInheritingFromPseudoStyle was moved from RenderImage. Before it
        was moved, there was an image-specific comment in the function. However, that comment
        is both irrelevant to RenderStyle, and incorrect as the function is necessary for
        RenderQuotes as well.

        No new tests are necessary because there is no behavior change.

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::createStyleInheritingFromPseudoStyle):

2014-03-07  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        [WebRTC] Throw SYNTAX_ERROR when maxRetransmits and maxRetransmitTime are both set in RTCDataChannelInit
        https://bugs.webkit.org/show_bug.cgi?id=129894

        Reviewed by Eric Carlson.

        Existing test was updated.

        * Modules/mediastream/RTCDataChannel.cpp:
        (WebCore::RTCDataChannel::create):

2014-03-07  Benjamin Poulain  <bpoulain@apple.com>

        Fix the regression introduced by r165288
        https://bugs.webkit.org/show_bug.cgi?id=129934

        Reviewed by Ryosuke Niwa.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::scrollX):
        (WebCore::DOMWindow::scrollY):
        We need to return the new value after layout, not the value from the dirty tree.

2014-03-07  Benjamin Poulain  <benjamin@webkit.org>

        Traversal failure in a direct adjacent chain with tail backtracking lacks the path to clear the tail
        https://bugs.webkit.org/show_bug.cgi?id=129863

        Reviewed by Gavin Barraclough.

        Direct adjacent backtracking use the stack to push the backtracking entry point and recover from there.
        In case of traversal failure, their is no point in recovering from the indirect adjancent entry point and
        we should clear entry point from the stack (which is the purpose of the tail).

        The adjancent tail was missing the part for clearing the stack in one case.

        The case with adjancent backtracking inside descendant backtracing was doing everything right. This patch
        generalize this code and the correct tail is fully generated by generateAdjacentBacktrackingTail().

        JumpToClearAdjacentDescendantTail becomes JumpToClearAdjacentTail, and this new backtracking state is added
        to the missing traversal action.

        Test: fast/selectors/long-adjacent-backtracking.html

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::solveBacktrackingAction):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::linkFailures):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateAdjacentBacktrackingTail):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateBacktrackingTailsIfNeeded):

2014-03-07  Andreas Kling  <akling@apple.com>

        [Mac] Notify system malloc of fake memory pressure.
        <https://webkit.org/b/129908>

        After fixing the leak in r165252, I was surprised to find that it didn't
        show up on memory test bots. It turns out that while the memory is now
        getting freed, the system malloc implementation doesn't actually release
        pages back to the OS until there is memory pressure.

        Since we are just faking the memory pressure on bots, we have to let
        system malloc in on the fun, so we can get representative numbers.
        With this change, we should finally see the effect of not leaking the
        URLRequest object tree.

        Reviewed by Anders Carlsson.

        * platform/mac/MemoryPressureHandlerMac.mm:
        (WebCore::MemoryPressureHandler::install):

            Tell system malloc that we are under fake memory pressure.

2014-03-07  Benjamin Poulain  <bpoulain@apple.com>

        [iOS] WebKit1 scroll position is incorrect
        https://bugs.webkit.org/show_bug.cgi?id=129905

        Reviewed by Simon Fraser.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::scrollX):
        (WebCore::DOMWindow::scrollY):
        A new optimization was avoiding layout if the position is zero. This was using the scrollX/Y instead
        of actualScrollX/Y which caused us to always bail out instead of returning the value to JavaScript.

        * platform/ScrollView.h:
        (WebCore::ScrollView::actualScrollX):
        (WebCore::ScrollView::actualScrollY):
        (WebCore::ScrollView::actualScrollPosition):
        This was accidentally changed to the iOS compat document visible rect at some point.

2014-03-07  Adenilson Cavalcanti  <cavalcantii@gmail.com>

        Remove unused StdDeviation from Drop shadow effect
        https://bugs.webkit.org/show_bug.cgi?id=129891

        Reviewed by Dirk Schulze.

        No new tests, no change on behavior.

        * platform/graphics/filters/FEDropShadow.h:

2014-03-07  Brent Fulgham  <bfulgham@apple.com>

        Correct out-of-band track selection logic.
        https://bugs.webkit.org/show_bug.cgi?id=129900

        Reviewed by Jer Noble.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::synchronizeTextTrackState): Correct test to
        use inequality.

2014-03-07  Bear Travis  <betravis@adobe.com>

        [CSS Shapes] Correctly serialize ellipse positions
        https://bugs.webkit.org/show_bug.cgi?id=129700

        Reviewed by Dirk Schulze.

        Updating ellipse serialization to be in line with
        the CSS Shapes spec. Positions should serialize as
        2 or 4-value positions, converting keywords to
        percentages where possible. This uses the same method
        as circle position serialization (bug 129404).

        Updated existing parsing tests.

        * css/CSSBasicShapes.cpp:
        (WebCore::CSSBasicShapeEllipse::cssText): Use the
        normalization / serialization helpers for shape position.

2014-03-07  Brian Burg  <bburg@apple.com>

        Unreviewed, rebaseline run-binding-tests results after r165242.

        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionMethodWithSequenceArg):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::jsTestTypedefsPrototypeFunctionCallWithSequenceThatRequiresInclude):

2014-03-07  Darin Adler  <darin@apple.com>

        Remove non-working optimization that was attempted on iOS only
        https://bugs.webkit.org/show_bug.cgi?id=129595
        <rdar://problem/15798825>

        Reviewed by Sam Weinig.

        Code in GCController tried to optimize cases where the controller
        was used, but no JavaScript had been run in the current process.
        The code was never effective, and was iOS-only. Another way to fix
        the problem would be to change the code so it works, and if we do
        that we should do it for all platforms, not just iOS.

        * bindings/js/GCController.cpp:
        (WebCore::GCController::garbageCollectNow): Remove check of
        JSDOMWindow::commonVMExists, since it's called just after a call
        to JSDOMWindow::commonVM, which will create it as a side effect.
        (WebCore::GCController::releaseExecutableMemory): Ditto.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::commonVM): Removed iOS-specific code
        that pulled the commonVM global out into another function so we
        can check for its existence without creating it as a side effect.

        * bindings/js/JSDOMWindowBase.h: Ditto.

2014-03-07  Bem Jones-Bey  <bjonesbe@adobe.com>

        [CSS Shapes] inset does not properly clamp large corner radii
        https://bugs.webkit.org/show_bug.cgi?id=129726

        Reviewed by Dirk Schulze.

        Make sure that radii that are larger than 50% of the associated shape
        dimension (height or width) are properly reduced the same way as
        border-radius radii are.

        Test: fast/shapes/shape-outside-floats/shape-outside-floats-inset-rounded-large-radius.html

        * rendering/shapes/Shape.cpp:
        (WebCore::ensureRadiiDoNotOverlap): Drive by style fix.
        (WebCore::Shape::createShape): Scale radii the same way as border
            radii are scaled.
        * platform/graphics/FloatRoundedRect.h:
        (WebCore::calcBorderRadiiConstraintScaleFor): Move border radii
            constraint calculation function out so that it can be shared by
            the shape code.
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::getRoundedBorderFor): Call renamed scale function.

2014-03-07  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GST] Set name to several timeout sources
        https://bugs.webkit.org/show_bug.cgi?id=129878

        Reviewed by Philippe Normand.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::videoChanged):
        (WebCore::MediaPlayerPrivateGStreamer::videoCapsChanged):
        (WebCore::MediaPlayerPrivateGStreamer::audioChanged):
        (WebCore::MediaPlayerPrivateGStreamer::textChanged):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::volumeChanged):
        (WebCore::MediaPlayerPrivateGStreamerBase::muteChanged):

2014-03-07  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Timeout sources not correctly removed
        https://bugs.webkit.org/show_bug.cgi?id=129877

        Reviewed by Philippe Normand.

        Set source ID variables to 0 after removing the sources from the
        context. Also give a name to the sources.

        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
        (WebCore::TrackPrivateBaseGStreamer::disconnect):
        (WebCore::TrackPrivateBaseGStreamer::activeChanged):
        (WebCore::TrackPrivateBaseGStreamer::tagsChanged):
        (WebCore::TrackPrivateBaseGStreamer::notifyTrackOfActiveChanged):

2014-03-07  Gergo Balogh  <gbalogh.u-szeged@partner.samsung.com>

        Remove FFTFrameMKL.
        https://bugs.webkit.org/show_bug.cgi?id=129866

        Reviewed by Csaba Osztrogonác.

        * platform/audio/FFTFrame.h:
        * platform/audio/FFTFrameStub.cpp:
        * platform/audio/mkl/FFTFrameMKL.cpp: Removed, it is never used.

2014-03-07  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        [WebRTC] Adding getConfiguration method to RTCPeerConnection
        https://bugs.webkit.org/show_bug.cgi?id=129845

        Reviewed by Eric Carlson.

        Test: fast/mediastream/RTCPeerConnection-getConfiguration.html

        * CMakeLists.txt:
        * DerivedSources.make:
        * GNUmakefile.list.am:
        * Modules/mediastream/RTCConfiguration.idl: Added.
        * Modules/mediastream/RTCIceServer.idl: Added.
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::RTCPeerConnection):
        (WebCore::RTCPeerConnection::updateIce):
        (WebCore::RTCPeerConnection::getConfiguration):
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/RTCPeerConnection.idl:

2014-03-07  Jinwoo Song  <jinwoo7.song@samsung.com>

        Optimize collectionLast() and collectionTraverseBackward() in LiveNodeList
        https://bugs.webkit.org/show_bug.cgi?id=129775

        Reviewed by Ryosuke Niwa.

        Check the LiveNodeList type if it is HTMLTagNodeListType and ClassNodeListType then
        apply inlined matching methods for each type.

        * dom/LiveNodeList.cpp:
        (WebCore::lastMatchingElement): Added.
        (WebCore::previousMatchingElement): Added.
        (WebCore::traverseMatchingElementsBackward): Added.
        (WebCore::LiveNodeList::collectionLast): Apply lastMatchingElement() with LiveNodeList type.
        (WebCore::LiveNodeList::collectionTraverseBackward): Apply traverseMatchingElementsBackward()
        with LiveNodeList type.

2014-03-06  Andreas Kling  <akling@apple.com>

        WebCoreResourceHandleAsOperationQueueDelegate over-retains NSURLRequest.
        <https://webkit.org/b/129862>

        Don't retain the pointer before assigning it to a RetainPtr, since that
        will cause the object to leak.

        Reviewed by Alexey Proskuryakov.

        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleAsOperationQueueDelegate continueWillSendRequest:]):

2014-03-06  Dan Bernstein  <mitz@apple.com>

        Don’t copy WebInputs.json into the framework.

        * WebCore.xcodeproj/project.pbxproj: Removed WebInputs.json from the Copy Bundle Resources
        build phase of the WebCore target.

2014-03-06  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        [WebRTC] Updating RTCPeerConnection.idl
        https://bugs.webkit.org/show_bug.cgi?id=129804

        Reviewed by Eric Carlson.

        Some methods signatures were wrong, marking some arguments as optional when they are mandatory.

        Existing tests were updated.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::getStats):
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/RTCPeerConnection.idl:
        * Modules/mediastream/RTCStatsRequestImpl.cpp:
        (WebCore::RTCStatsRequestImpl::create):
        (WebCore::RTCStatsRequestImpl::RTCStatsRequestImpl):
        (WebCore::RTCStatsRequestImpl::requestFailed):
        * Modules/mediastream/RTCStatsRequestImpl.h:
        * platform/mediastream/RTCStatsRequest.h:

2014-03-06  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        [WebRTC] Updating RTCIceServer to match spec
        https://bugs.webkit.org/show_bug.cgi?id=129844

        Reviewed by Eric Carlson.

        Move RTCIceServer from RTCConfiguration to its own file.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::validateIceServerURL):
        (WebCore::processIceServer):
        * platform/mediastream/RTCConfiguration.h:
        (WebCore::RTCConfiguration::iceServers):
        * platform/mediastream/RTCIceServer.h: Added.

2014-03-06  Hyowon Kim  <hw1008.kim@samsung.com>

        [EFL] Move EvasGL classes from WebKit to WebCore namespace.
        https://bugs.webkit.org/show_bug.cgi?id=129797

        Reviewed by Gyuyoung Kim.

        Though EvasGLContext and EvasGLSurface files were moved from WebKit2/UIProcess/API/efl/ 
        to WebCore/platform/graphics/efl/, they are still in WebKit namespace.
        Patch for namespace changes.

        * platform/graphics/efl/EvasGLContext.cpp:
        * platform/graphics/efl/EvasGLContext.h:
        * platform/graphics/efl/EvasGLSurface.cpp:
        * platform/graphics/efl/EvasGLSurface.h:

2014-03-06  Brian Burg  <bburg@apple.com>

        CodeGeneratorJS.pm doesn't need to add spaces between consecutive closing template brackets
        https://bugs.webkit.org/show_bug.cgi?id=129836

        Reviewed by Andreas Kling.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateParametersCheck):
        (GetNativeVectorInnerType):
        (GetSVGPropertyTypes):

2014-03-06  Jinwoo Song  <jinwoo7.song@samsung.com>

        Remove unused method from BatteryController
        https://bugs.webkit.org/show_bug.cgi?id=129850

        Reviewed by Gyuyoung Kim.

        isActive() method is never called anywhere.

        * Modules/battery/BatteryController.cpp:
        * Modules/battery/BatteryController.h:

2014-03-06  Pratik Solanki  <psolanki@apple.com>

        [iOS] Crash on launch with website restrictions enabled
        https://bugs.webkit.org/show_bug.cgi?id=129854
        <rdar://problem/16207016>

        Reviewed by Simon Fraser.

        * platform/mac/ContentFilterMac.mm:
        (WebCore::ContentFilter::ContentFilter): Initialize m_neFilterSourceQueue so that we don't
        crash in the dtor due to garbage value in the field.

2014-03-06  Simon Fraser  <simon.fraser@apple.com>

        Minor optimization in ScrollingTreeScrollingNodeMac
        https://bugs.webkit.org/show_bug.cgi?id=129848

        Reviewed by Dean Jackson.

        No need to call scrollOffsetForFixedPosition() again if we don't have header
        and footer layers.

        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
        (WebCore::ScrollingTreeScrollingNodeMac::setScrollLayerPosition):

2014-03-06  Mark Lam  <mark.lam@apple.com>

        XMLHttpRequest: status and statusText throw DOM Exception 11 when the state is UNSENT or OPENED.
        https://bugs.webkit.org/show_bug.cgi?id=45994

        Not reviewed.

        Re-landing r161051 (originally by Ryosuke Niwa, reviewed by Alexey Proskuryakov)
        since https://bugs.webkit.org/show_bug.cgi?id=126219 is no longer an issue.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::status):
        (WebCore::XMLHttpRequest::statusText):
        * xml/XMLHttpRequest.h:
        * xml/XMLHttpRequest.idl:

2014-03-06  Brent Fulgham  <bfulgham@apple.com>

        Revise Out-of-band VTT support for better integration with AVFoundation engine
        https://bugs.webkit.org/show_bug.cgi?id=129749
        <rdar://problem/16215701>

        Reviewed by Eric Carlson.

        Revise the platform handling of out-of-band text tracks so that we can keep AVFoundation
        informed of track selections we make. Use a dummy out-of-band child of the existing text
        track classes to avoid code duplication.

        * WebCore.xcodeproj/project.pbxproj: Add new OutOfBandTextTrackPrivateAVF.h file.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute): Notify player when OOB tracks change.
        (WebCore::HTMLMediaElement::outOfBandTrackSources): Also pass track mode to platform backend.
        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::platformTextTrack): Also pass track mode to constructor.
        * html/track/TrackBase.cpp:
        (WebCore::TrackBase::TrackBase): Move ownership of track unique identifier to this base class.
        * html/track/TrackBase.h:
        (WebCore::TrackBase::uniqueId): Ditto.
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::notifyTrackModeChanged): Added stub to pass message to platform player.
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::notifyTrackModeChanged): Stub for most platforms.
        * platform/graphics/PlatformTextTrack.h:
        (WebCore::PlatformTextTrack::create): Update for revised constructor (with 'mode' argument).
        (WebCore::PlatformTextTrack::createOutOfBand): Ditto.
        (WebCore::PlatformTextTrack::mode): Added.
        (WebCore::PlatformTextTrack::captionMenuOffItem): Use revised constructor arguments.
        (WebCore::PlatformTextTrack::captionMenuAutomaticItem): Ditto.
        (WebCore::PlatformTextTrack::PlatformTextTrack): Ditto.
        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.h: Change predicate to return enum indicating the category
        of track (out-of-band, legacy closed caption, or in band).
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
        (WebCore::MediaPlayerPrivateAVFoundation::notifyTrackModeChanged): Added.
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.h: Override predicate to return category enum.
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp: Revise to use new category enum.
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.h: Override predicate to return category enum.
        that this is NOT an out-of-band track.
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateLegacyAVFObjC.h: Ditto.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::notifyTrackModeChanged): Added implementation.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::processMediaSelectionOptions): Revise to handle out-of-band
        track placeholders.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setCurrentTrack): Modify to inform AVFoundation about any
        out-of-band tracks we've selected.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::synchronizeTextTrackState): Added.
        * platform/graphics/avfoundation/objc/OutOfBandTextTrackPrivateAVF.h: Added.
        (WebCore::OutOfBandTextTrackPrivateAVF::create):
        (WebCore::OutOfBandTextTrackPrivateAVF::processCue):
        (WebCore::OutOfBandTextTrackPrivateAVF::resetCueValues):
        (WebCore::OutOfBandTextTrackPrivateAVF::mediaSelectionOption):
        (WebCore::OutOfBandTextTrackPrivateAVF::OutOfBandTextTrackPrivateAVF):
        (WebCore::OutOfBandTextTrackPrivateAVF::processCueAttributes):
        * platform/graphics/ios/InbandTextTrackPrivateAVFIOS.h: Override predicate to indicate
        that this is NOT an out-of-band track.
        * platform/graphics/ios/MediaPlayerPrivateIOS.mm:
        (WebCore::MediaPlayerPrivateIOS::setSelectedTextTrack): Correct typo in logging text.

2014-03-06  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        [WebRTC] Updating createOffer and createAnswer methods to match WebRTC editor's draft of 01/27/2014
        https://bugs.webkit.org/show_bug.cgi?id=129484

        Reviewed by Eric Carlson.

        According to the spec, createOffer and createAnswer will no longer have MediaConstraints as an argument,
        instead they will have RTCOfferOptions and RTCOfferAnswerOptions, respectively.

        Existing tests were updated.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * Modules/mediastream/RTCOfferAnswerOptions.cpp: Added.
        * Modules/mediastream/RTCOfferAnswerOptions.h: Added.
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::createOffer):
        (WebCore::RTCPeerConnection::createAnswer):
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/RTCPeerConnection.idl:
        * platform/mediastream/RTCPeerConnectionHandler.h:
        * platform/mock/RTCPeerConnectionHandlerMock.cpp:
        (WebCore::RTCPeerConnectionHandlerMock::createOffer):
        (WebCore::RTCPeerConnectionHandlerMock::createAnswer):
        * platform/mock/RTCPeerConnectionHandlerMock.h:

2014-03-06  Brian Burg  <bburg@apple.com>

        Web Replay: premature release() of PassRefPtr in InspectorReplayAgent
        https://bugs.webkit.org/show_bug.cgi?id=129827

        Reviewed by Timothy Hatcher.

        * inspector/InspectorReplayAgent.cpp:
        (WebCore::InspectorReplayAgent::didCreateFrontendAndBackend):

2014-03-06  Benjamin Poulain  <bpoulain@apple.com>

        [iOS] Do not compile fake mouse event handling when iOS Touch Events are enabled
        https://bugs.webkit.org/show_bug.cgi?id=129725

        Reviewed by Dan Bernstein.

        Bug <rdar://problem/16218636>. The code is #ifdef'ed out to avoid setting up useless objects
        and to avoid future mistake.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::EventHandler):
        (WebCore::EventHandler::~EventHandler):
        (WebCore::EventHandler::clear):
        (WebCore::EventHandler::handleMousePressEvent):
        (WebCore::EventHandler::startAutoHideCursorTimer):
        (WebCore::EventHandler::handleMouseMoveEvent):
        (WebCore::EventHandler::dispatchFakeMouseMoveEventSoon):
        (WebCore::EventHandler::dispatchFakeMouseMoveEventSoonInQuad):
        * page/EventHandler.h:

2014-03-06  Pratik Solanki  <psolanki@apple.com>

        Unreviewed. iOS build fix after r165199.

        * rendering/RootInlineBox.cpp:

2014-03-06  Benjamin Poulain  <bpoulain@apple.com>

        [iOS] Rename the actualVisibleXXXRect to unobscuredContentRect for consistency
        https://bugs.webkit.org/show_bug.cgi?id=129773

        Reviewed by Simon Fraser.

        * dom/TreeScope.cpp:
        (WebCore::nodeFromPoint):
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::visibleContentRectInternal):
        * platform/ScrollView.h:
        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::unoscuredContentRect):
        * platform/ios/wak/WAKScrollView.h:
        * platform/ios/wak/WAKScrollView.mm:
        (-[WAKScrollView unoscuredContentRect]):
        (-[WAKScrollView description]):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollRectToVisible):

2014-03-05  Oliver Hunt  <oliver@apple.com>

        Support caching of custom setters
        https://bugs.webkit.org/show_bug.cgi?id=129519

        Reviewed by Filip Pizlo.

        Add forwarding header

        Tests: js/regress/assign-custom-setter-polymorphic.html
               js/regress/assign-custom-setter.html

        * ForwardingHeaders/jit/SpillRegistersMode.h: Added.

2014-03-05  Jon Honeycutt  <jhoneycutt@apple.com>

        Invalid cast in WebCore::RenderLayer::FilterInfo::updateReferenceFilterClients()

        <https://bugs.webkit.org/show_bug.cgi?id=121887>
        <rdar://problem/15073043>

        Clang appears to be optimizing out a branch in RenderObject::node()
        when compiling RenderLayer::FilterInfo::updateReferenceFilterClients().
        We'll work around this by factoring out the code in question into a
        separate member function marked NEVER_INLINE.

        No test possible due to <https://bugs.webkit.org/show_bug.cgi?id=129757>.

        Reviewed by David Kilzer.

        * rendering/RenderLayerFilterInfo.cpp:
        (WebCore::RenderLayer::FilterInfo::layerElement):
        Code moved from updateReferenceFilterClients(). Returns the Element*
        for m_layer.
        (WebCore::RenderLayer::FilterInfo::updateReferenceFilterClients):
        Use layerElement().

        * rendering/RenderLayerFilterInfo.h:
        Declared layerElement().

2014-03-06  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Expose the console object in JSContexts to interact with Web Inspector
        https://bugs.webkit.org/show_bug.cgi?id=127944

        Reviewed by Geoffrey Garen.

        Covered by existing tests.

        * CMakeLists.txt:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * ForwardingHeaders/runtime/ConsoleClient.h: Added.
        * ForwardingHeaders/runtime/ConsoleTypes.h: Renamed from Source/WebCore/ForwardingHeaders/inspector/ConsoleTypes.h.
        * GNUmakefile.list.am:
        * PlatformGTK.cmake:
        * WebCore.exp.in:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/gobject/GNUmakefile.am:
        Update build systems.

        * page/Console.cpp: Removed.
        * page/Console.h: Removed.
        * page/Console.idl: Removed.
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::~DOMWindow):
        (WebCore::DOMWindow::resetDOMWindowProperties):
        * page/DOMWindow.h:
        (WebCore::DOMWindow::defaultStatus):
        * page/DOMWindow.idl:
        Removed the old IDL generated Console object on window.

        * page/PageConsole.cpp:
        (WebCore::PageConsole::shouldPrintExceptions):
        (WebCore::PageConsole::setShouldPrintExceptions):
        (WebCore::PageConsole::mute):
        (WebCore::PageConsole::unmute):
        (WebCore::PageConsole::messageWithTypeAndLevel):
        (WebCore::PageConsole::count):
        (WebCore::PageConsole::profile):
        (WebCore::PageConsole::profileEnd):
        (WebCore::PageConsole::time):
        (WebCore::PageConsole::timeEnd):
        (WebCore::PageConsole::timeStamp):
        (WebCore::PageConsole::group):
        (WebCore::PageConsole::groupCollapsed):
        (WebCore::PageConsole::groupEnd):
        (WebCore::PageConsole::clearProfiles):
        * page/PageConsole.h:
        Move the handling of Console object into PageConsole.

        * bindings/js/ScriptCachedFrameData.cpp:
        (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
        (WebCore::ScriptCachedFrameData::restore):
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::clearWindowShell):
        (WebCore::ScriptController::initScript):
        Set the PageConsole as the ConsoleClient of the JSGlobalObject
        so that WebCore may handle console messages directly. For instance
        it may pass messages on to the ChromeClient.

        * testing/Internals.cpp:
        (WebCore::Internals::consoleProfiles):
        To access profiles, go through PageConsole now instead of Console.

        * bindings/js/JSDOMWindowBase.cpp:
        * bindings/objc/WebScriptObject.mm:
        * css/MediaList.cpp:
        * dom/ScriptExecutionContext.h:
        * dom/UIEvent.cpp:
        * dom/ViewportArguments.cpp:
        * html/parser/XSSAuditorDelegate.cpp:
        * inspector/CommandLineAPIHost.h:
        * inspector/InspectorInstrumentation.cpp:
        * inspector/InspectorInstrumentation.h:
        * inspector/InspectorProfilerAgent.cpp:
        * inspector/WebConsoleAgent.cpp:
        * loader/FrameLoader.cpp:
        * loader/MixedContentChecker.cpp:
        * loader/appcache/ApplicationCacheGroup.cpp:
        * loader/cache/CachedResourceLoader.cpp:
        * page/ChromeClient.h:
        * page/ContentSecurityPolicy.cpp:
        * page/Page.cpp:
        * page/Page.h:
        * svg/SVGDocumentExtensions.cpp:
        * workers/WorkerMessagingProxy.cpp:
        * workers/WorkerReportingProxy.h:
        Update includes.

2014-03-06  Zsolt Borbely  <borbezs@inf.u-szeged.hu>

        Fix the !ENABLE(CSS_STICKY_POSITION) build
        https://bugs.webkit.org/show_bug.cgi?id=129793

        Reviewed by Simon Fraser.

        Add missing ENABLE(CSS_STICKY_POSITION) guard to EditingStyle::convertPositionStyle().

        * editing/EditingStyle.cpp:
        (WebCore::EditingStyle::convertPositionStyle):

2014-03-06  Joseph Pecoraro  <pecoraro@apple.com>

        [Mac] Leak: dispatch_semaphore leak allocated in MediaPlayerPrivateAVFoundationObjC::waitForVideoOutputMediaDataWillChange
        https://bugs.webkit.org/show_bug.cgi?id=129792

        Reviewed by Anders Carlsson.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC):

2014-03-06  Brendan Long  <b.long@cablelabs.com>

        Implement VideoTrackList.selectedIndex
        https://bugs.webkit.org/show_bug.cgi?id=129770

        Reviewed by Eric Carlson.

        Tests: media/track/video/video-track-mkv-theora-selected.html

        * html/track/VideoTrackList.idl:

2014-03-06  Lorenzo Tilve  <ltilve@igalia.com>

        [GTK][CMake] Fix the GTK+ CMake build
        https://bugs.webkit.org/show_bug.cgi?id=129801

        Reviewed by Martin Robinson.

        Include missing files for CMake build

        * CMakeLists.txt: Add a missing references to DOMURLMediaStream

2014-03-06  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Setting content to opaque on m_graphicsLayer depends on subpixel accumulation.
        https://bugs.webkit.org/show_bug.cgi?id=129776

        Reviewed by Simon Fraser.

        isEmpty() returns true when any of the dimensions is <= 0. Subpixel accumulation could happen
        in one direction only. Use isZero() instead().

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):

2014-03-06  Gurpreet Kaur  <k.gurpreet@samsung.com>

        REGRESSION (r158254): Rubber-banding at Bing image search causes the toolbar to move up and away
        https://bugs.webkit.org/show_bug.cgi?id=128873

        Reviewed by Antonio Gomes.

        This regression is caused by  http://trac.webkit.org/changeset/154614 
        and http://trac.webkit.org/changeset/156605. So reverting the changes
        to make it Web compatible as earlier.

        * dom/Element.cpp:
        (WebCore::Element::scrollLeft):
        (WebCore::Element::scrollTop):
        (WebCore::Element::setScrollLeft):
        (WebCore::Element::setScrollTop):
        Reverting changes as it caused regression.

2014-03-06  Zan Dobersek  <zdobersek@igalia.com>

        Move Source/WebCore/html/canvas/ code to std::unique_ptr
        https://bugs.webkit.org/show_bug.cgi?id=129668

        Reviewed by Anders Carlsson.

        Replace uses of OwnPtr and PassOwnPtr in code under Source/WebCore/html/canvas/ to std::unique_ptr.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::~HTMLCanvasElement):
        (WebCore::HTMLCanvasElement::getContext):
        * html/HTMLCanvasElement.h:
        * html/canvas/ANGLEInstancedArrays.cpp:
        * html/canvas/ANGLEInstancedArrays.h:
        * html/canvas/CanvasRenderingContext2D.h:
        * html/canvas/EXTTextureFilterAnisotropic.cpp:
        * html/canvas/EXTTextureFilterAnisotropic.h:
        * html/canvas/OESElementIndexUint.cpp:
        * html/canvas/OESElementIndexUint.h:
        * html/canvas/OESStandardDerivatives.cpp:
        * html/canvas/OESStandardDerivatives.h:
        * html/canvas/OESTextureFloat.cpp:
        * html/canvas/OESTextureFloat.h:
        * html/canvas/OESTextureFloatLinear.cpp:
        * html/canvas/OESTextureFloatLinear.h:
        * html/canvas/OESTextureHalfFloat.cpp:
        * html/canvas/OESTextureHalfFloat.h:
        * html/canvas/OESTextureHalfFloatLinear.cpp:
        * html/canvas/OESTextureHalfFloatLinear.h:
        * html/canvas/OESVertexArrayObject.cpp:
        * html/canvas/OESVertexArrayObject.h:
        * html/canvas/WebGLCompressedTextureATC.cpp:
        * html/canvas/WebGLCompressedTextureATC.h:
        * html/canvas/WebGLCompressedTexturePVRTC.cpp:
        * html/canvas/WebGLCompressedTexturePVRTC.h:
        * html/canvas/WebGLCompressedTextureS3TC.cpp:
        * html/canvas/WebGLCompressedTextureS3TC.h:
        * html/canvas/WebGLDebugRendererInfo.cpp:
        * html/canvas/WebGLDebugRendererInfo.h:
        * html/canvas/WebGLDebugShaders.cpp:
        * html/canvas/WebGLDebugShaders.h:
        * html/canvas/WebGLDepthTexture.cpp:
        * html/canvas/WebGLDepthTexture.h:
        * html/canvas/WebGLDrawBuffers.cpp:
        * html/canvas/WebGLDrawBuffers.h:
        * html/canvas/WebGLLoseContext.cpp:
        * html/canvas/WebGLLoseContext.h:
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::create):
        (WebCore::WebGLRenderingContext::getExtension):
        * html/canvas/WebGLRenderingContext.h:

2014-03-06  Zan Dobersek  <zdobersek@igalia.com>

        Move Source/WebCore/editing/ code to std::unique_ptr
        https://bugs.webkit.org/show_bug.cgi?id=129665

        Reviewed by Anders Carlsson.

        Replace uses of OwnPtr and PassOwnPtr in code under Source/WebCore/editing/ with std::unique_ptr.

        * editing/EditingStyle.cpp:
        (WebCore::htmlElementEquivalents):
        (WebCore::EditingStyle::conflictsWithImplicitStyleOfElement):
        (WebCore::htmlAttributeEquivalents):
        (WebCore::EditingStyle::conflictsWithImplicitStyleOfAttributes):
        (WebCore::EditingStyle::extractConflictingImplicitStyleOfAttributes):
        (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
        (WebCore::EditingStyle::mergeInlineAndImplicitStyleOfElement):
        * editing/Editor.cpp:
        (WebCore::Editor::Editor):
        (WebCore::Editor::clear):
        * editing/Editor.h:
        * page/Frame.cpp:
        (WebCore::Frame::Frame):
        * page/Frame.h:

2014-03-06  Zan Dobersek  <zdobersek@igalia.com>

        Move to using std::unique_ptr for KeyboardEvent, ScriptExecutionContext::PendingException
        https://bugs.webkit.org/show_bug.cgi?id=129061

        Reviewed by Eric Carlson.

        Replace uses of OwnPtr and PassOwnPtr for KeyboardEvent and ScriptExecutionContext::PendingException
        classes with std::unique_ptr. ScriptExecutionContext::Task objects are still handled through OwnPtr,
        but this will be addressed later.

        * dom/KeyboardEvent.cpp:
        (WebCore::KeyboardEvent::KeyboardEvent):
        * dom/KeyboardEvent.h:
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::reportException):
        * dom/ScriptExecutionContext.h:
        * dom/ScriptRunner.h: Remove an unnecessary PassOwnPtr header inclusion.

2014-03-06  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r165175.
        http://trac.webkit.org/changeset/165175
        https://bugs.webkit.org/show_bug.cgi?id=129788

        Linking failures on GTK, EFL due to missing gstreamer-tag-1.0
        dependency (Requested by zdobersek on #webkit).

        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
        (WebCore::TrackPrivateBaseGStreamer::notifyTrackOfTagsChanged):

2014-03-05  Brendan Long  <b.long@cablelabs.com>

        [GStreamer] human readable language code for tracks
        https://bugs.webkit.org/show_bug.cgi?id=124514

        Reviewed by Philippe Normand.

        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
        (WebCore::TrackPrivateBaseGStreamer::notifyTrackOfTagsChanged): Run language codes though gst_tag_get_language_code_iso_639_1() to make sure they're valid.

2014-03-05  Ryuan Choi  <ryuan.choi@samsung.com>

        Remove unused method from Vibration
        https://bugs.webkit.org/show_bug.cgi?id=129732

        Reviewed by Gyuyoung Kim.

        * Modules/vibration/Vibration.cpp:
        Removed isActive(), which is never called since r152441.
        * Modules/vibration/Vibration.h: Ditto.

2014-03-05  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r165141, r165157, and r165158.
        http://trac.webkit.org/changeset/165141
        http://trac.webkit.org/changeset/165157
        http://trac.webkit.org/changeset/165158
        https://bugs.webkit.org/show_bug.cgi?id=129772

        "broke ftl" (Requested by olliej_ on #webkit).

        * ForwardingHeaders/jit/SpillRegistersMode.h: Removed.

2014-03-05  Martin Robinson  <mrobinson@igalia.com>

        [GTK][CMake] The GObject DOM bindings should always be built
        https://bugs.webkit.org/show_bug.cgi?id=127963

        Reviewed by Ryosuke Niwa.

        * PlatformGTK.cmake: Make compilation of the WebKitGTK+ GObject DOM bindings
        unconditional, instead of conditional on the WebKit2 build.

2014-03-05  Jer Noble  <jer.noble@apple.com>

        [MSE] Crash in SourceBuffer::sourceBufferPrivateDidReceiveSample() - received samples after SourceBuffer was removed.
        https://bugs.webkit.org/show_bug.cgi?id=129761

        Reviewed by Eric Carlson.

        Guard against the possibility that SourceBufferPrivates will continue to generate samples even after
        a parse error. Bail out early from sourceBufferPrivateDidReceiveInitializationSegment and
        sourceBufferPrivateDidReceiveSample if the SourceBuffer has been removed.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment):
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):

2014-03-05  Enrica Casucci  <enrica@apple.com>

        Build fix, take 2.

        * platform/mac/HTMLConverter.mm:

2014-03-05  Enrica Casucci  <enrica@apple.com>

        Build fix.

        * platform/mac/HTMLConverter.mm:

2014-03-05  Enrica Casucci  <enrica@apple.com>

        Crash when copying content that contains <sup>.
        https://bugs.webkit.org/show_bug.cgi?id=129765
        <rdar://problem/16139498>
        
        Reviewed by Benjamin Poulain.

        Adding static definition of NSAttributeSuperscriptName.

        * platform/mac/HTMLConverter.mm:

2014-03-05  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=128625
        Add fast mapping from StringImpl to JSString

        Unreviewed roll-out.

        Reverting r164347, r165054, r165066 - not clear the performance tradeoff was right.

        * bindings/js/DOMWrapperWorld.cpp:
        (WebCore::DOMWrapperWorld::clearWrappers):
        * bindings/js/DOMWrapperWorld.h:
        * bindings/js/JSDOMBinding.h:
        (WebCore::jsStringWithCache):
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::commonVM):
        * bindings/scripts/StaticString.pm:
        (GenerateStrings):

2014-03-05  Daniel Bates  <dabates@apple.com>
            And Alexey Proskuryakov  <ap@apple.com>

        ASSERT(newestManifest) fails in WebCore::ApplicationCacheGroup::didFinishLoadingManifest()
        https://bugs.webkit.org/show_bug.cgi?id=129753
        <rdar://problem/12069835>

        Reviewed by Alexey Proskuryakov.

        Fixes an issue where an assertion failure would occur when visiting a web site whose on-disk
        app cache doesn't contain a manifest resource.

        For some reason an app cache for a web site may be partially written to disk. In particular, the
        app cache may only contain a CacheGroups entry. That is, the manifest resource and origin records
        may not be persisted to disk. From looking over the code, we're unclear how such a situation can occur
        and hence have been unable to create such an app cache. We were able to reproduce this issue using
        an app cache database file that was provided by a person that was affected by this issue.

        No test included because it's not straightforward to write a test for this change.

        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::checkIfLoadIsComplete): Assert that m_cacheBeingUpdated->manifestResource()
        is non-null. Currently we only document this assumption in a code comment. Also separated a single assertion
        expression into two assertion expressions to make it straightforward to identify the failing sub-expression
        on failure.
        * loader/appcache/ApplicationCacheStorage.cpp:
        (WebCore::ApplicationCacheStorage::store): Modified to call ApplicationCacheStorage::deleteCacheGroupRecord()
        to remove a cache group and associated cache records (if applicable) before inserting a cache group entry.
        This replacement approach will ultimately repair incomplete app cache data for people affected by this bug.
        (WebCore::ApplicationCacheStorage::loadCache): Log an error and return nullptr if the cache we loaded doesn't
        have a manifest resource.
        (WebCore::ApplicationCacheStorage::deleteCacheGroupRecord): Added.
        (WebCore::ApplicationCacheStorage::deleteCacheGroup): Extracted deletion logic for cache group record into
        ApplicationCacheStorage::deleteCacheGroupRecord().
        * loader/appcache/ApplicationCacheStorage.h:

2014-03-05  Oliver Hunt  <oliver@apple.com>

        Support caching of custom setters
        https://bugs.webkit.org/show_bug.cgi?id=129519

        Reviewed by Filip Pizlo.

        Add forwarding header

        Tests: js/regress/assign-custom-setter-polymorphic.html
               js/regress/assign-custom-setter.html

        * ForwardingHeaders/jit/SpillRegistersMode.h: Added.

2014-03-05  David Kilzer  <ddkilzer@apple.com>

        Fix crash in CompositeEditCommand::cloneParagraphUnderNewElement()
        <http://webkit.org/b/129751>
        <rdar://problem/16237965>

        Reviewed by Jon Honeycutt.

        Merged from Blink (patch by Yuta Kitamura):
        https://src.chromium.org/viewvc/blink?revision=168160&view=revision
        http://crbug.com/345005

            The root cause is CompositeEditCommand::moveParagraphWithClones() passing
            two positions |start| and |end| which do not follow the document order,
            i.e. in some situations |start| is located after |end| because of
            the difference in affinity.

            This patch fixes this crash by normalizing |end| to |start| in such situations.
            It also adds an ASSERT that checks the relationship between |start| and |end|.

        Test: editing/execCommand/format-block-crash.html

        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::cloneParagraphUnderNewElement):
        (WebCore::CompositeEditCommand::moveParagraphWithClones):
        * editing/CompositeEditCommand.h:

2014-03-05  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Scrollable regions
        https://bugs.webkit.org/show_bug.cgi?id=129301

        Reviewed by David Hyatt.

        Named flow fragments do not inherit the overflow property from the fragment container.
        When asked if the flow thread content should be clipped, the named flow fragments
        will respond using the overflow property of the named flow fragment container.

        When painting the flow thread layer inside the region, the scrolled content offset of
        the region must be used to offset the flow thread's layer.

        Tests: fast/regions/scrollable-last-region.html
               fast/regions/scrollable-single-region-bt.html
               fast/regions/scrollable-single-region-lr.html
               fast/regions/scrollable-single-region-relative-element.html
               fast/regions/scrollable-single-region-rl.html
               fast/regions/scrollable-single-region.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::mapLayerClipRectsToFragmentationLayer):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::createStyle):
        (WebCore::RenderNamedFlowFragment::shouldClipFlowThreadContent):
        * rendering/RenderNamedFlowFragment.h:
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::decorationsClipRectForBoxInNamedFlowFragment):
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::shouldClipFlowThreadContent):
        * rendering/RenderRegion.h:

2014-03-05  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Device pixel round accumulated subpixel value when the RenderLayer with transform paints its content.
        https://bugs.webkit.org/show_bug.cgi?id=129079

        Reviewed by Simon Fraser.

        Snap the content to the device pixel position (as opposed to integral position) before
        applying the transform. Recalculate the remaining subpixels that need offsetting at painting time.

        Test: compositing/hidpi-absolute-subpixel-positioned-transformed-elements.html

        * platform/graphics/LayoutPoint.h:
        (WebCore::roundedForPainting):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerByApplyingTransform):

2014-03-05  Eric Carlson  <eric.carlson@apple.com>

        [iOS] Show external device name/type in placeholder
        https://bugs.webkit.org/show_bug.cgi?id=129723

        Reviewed by Jer Noble.

        Make the name and type of the external device available to the JS based controls.
        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::externalDeviceDisplayName):
        (WebCore::MediaControlsHost::externalDeviceType):
        * Modules/mediacontrols/MediaControlsHost.h:
        * Modules/mediacontrols/MediaControlsHost.idl:

        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.updateWirelessPlaybackStatus): Display device type-specific infomation
            in the placeholder image.

        * WebCore.exp.in: Export new WebKitSystemInterface functions.

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::wirelessPlaybackTargetName): Added.
        (WebCore::MediaPlayer::wirelessPlaybackTargetType): Ditto.
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::wirelessPlaybackTargetType): Added.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::wirelessPlaybackTargetName): Ditto.

        * platform/ios/WebCoreSystemInterfaceIOS.mm:
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:

2014-03-05  Benjamin Poulain  <bpoulain@apple.com>

        [iOS] Rename the various VisibleExtent variations to exposedContentRect
        https://bugs.webkit.org/show_bug.cgi?id=129728

        Reviewed by Simon Fraser.

        Rename DocumentVisibleExtent and VisibleExtentContentRect to ExposedContentRect in a desperate
        attempt to make things a tiny little bit less confusing.

        The name is ExposedContentRect and not ExposedRect as that rect is exposed on ScrollView, while the
        rect is in document coordinates (which does not make any difference on WebKit1...).

        * WebCore.exp.in:
        * platform/ScrollView.h:
        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::exposedContentRect):
        (WebCore::ScrollView::setExposedContentRect):
        * platform/ios/wak/WAKScrollView.h:
        * platform/ios/wak/WAKScrollView.mm:
        (-[WAKScrollView exposedContentRect]):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::flushPendingLayerChanges):
        (WebCore::RenderLayerCompositor::didChangeVisibleRect):

2014-03-05  Simon Fraser  <simon.fraser@apple.com>

        ObjC exception when dropping files into a WKView: drag and drop uses code from WebKit.framework
        https://bugs.webkit.org/show_bug.cgi?id=129752

        Reviewed by Enrica Casucci.

        Add C functions for NSURL-related functionality required by WebKit2

        * WebCore.exp.in:
        * platform/mac/WebCoreNSURLExtras.h:
        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::URLByCanonicalizingURL):
        (WebCore::rangeOfURLScheme):
        (WebCore::looksLikeAbsoluteURL):

2014-03-05  Martin Hock  <mhock@apple.com>

        Add support for sessions to MemoryCache.
        https://bugs.webkit.org/show_bug.cgi?id=127794

        Reviewed by Sam Weinig.

        * WebCore.exp.in:
        * editing/DeleteButtonController.cpp:
        (WebCore::DeleteButtonController::createDeletionUI): Initialize CachedImage with sessionID.
        * html/DOMURL.cpp:
        (WebCore::DOMURL::revokeObjectURL): Remove URL from MemoryCache for all sessions.
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::cachedResource): Pass sessionID to MemoryCache.
        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::replayXHR): Ditto.
        * loader/DocumentLoader.cpp:
        (WebCore::areAllLoadersPageCacheAcceptable): Ditto.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::tellClientAboutPastMemoryCacheLoads): Ditto.
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::updateFromElement): Initialize CachedImage with sessionID.
        * loader/archive/cf/LegacyWebArchive.cpp:
        (WebCore::LegacyWebArchive::create): Pass sessionID to MemoryCache.
        * loader/cache/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::CachedCSSStyleSheet): Constructor takes sessionID.
        * loader/cache/CachedCSSStyleSheet.h:
        * loader/cache/CachedFont.cpp: Ditto.
        (WebCore::CachedFont::CachedFont):
        * loader/cache/CachedFont.h:
        * loader/cache/CachedImage.cpp: Ditto.
        (WebCore::CachedImage::CachedImage):
        * loader/cache/CachedImage.h:
        * loader/cache/CachedRawResource.cpp: Ditto.
        (WebCore::CachedRawResource::CachedRawResource):
        * loader/cache/CachedRawResource.h:
        * loader/cache/CachedResource.cpp: Ditto.
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::~CachedResource): Pass sessionID to MemoryCache.
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::sessionID):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::createResource): Constructors take sessionID.
        (WebCore::CachedResourceLoader::sessionID): Retrieve sessionID from page.
        (WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Pass sessionID to MemoryCache.
        (WebCore::CachedResourceLoader::requestResource): Initialize CachedCSSStyleSheet with sessionID.
        (WebCore::CachedResourceLoader::revalidateResource): Initialize cached resource with sessionID.
        (WebCore::CachedResourceLoader::loadResource): Pass sessionID to MemoryCache and initialize cached resource with sessionID.
        * loader/cache/CachedResourceLoader.h:
        * loader/cache/CachedSVGDocument.cpp: Constructor takes sessionID.
        (WebCore::CachedSVGDocument::CachedSVGDocument):
        * loader/cache/CachedSVGDocument.h:
        * loader/cache/CachedScript.cpp: Ditto.
        (WebCore::CachedScript::CachedScript):
        * loader/cache/CachedScript.h:
        * loader/cache/CachedTextTrack.cpp: Ditto.
        (WebCore::CachedTextTrack::CachedTextTrack):
        * loader/cache/CachedTextTrack.h:
        * loader/cache/CachedXSLStyleSheet.cpp: Ditto.
        (WebCore::CachedXSLStyleSheet::CachedXSLStyleSheet):
        * loader/cache/CachedXSLStyleSheet.h:
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::getSessionMap): Retrieve CachedResourceMap based on sessionID.
        (WebCore::MemoryCache::add): Use sessionID from CachedResource parameter.
        (WebCore::MemoryCache::revalidationSucceeded): Add sessionID parameter.
        (WebCore::MemoryCache::resourceForURL): Ditto.
        (WebCore::MemoryCache::resourceForRequest): Ditto, also move impl into impl method.
        (WebCore::MemoryCache::resourceForRequestImpl): Add CachedResourceMap parameter.
        (WebCore::MemoryCache::addImageToCache): Use default sessionID.
        (WebCore::MemoryCache::removeImageFromCache): Ditto.
        (WebCore::MemoryCache::evict): Use sessionID from CachedResource parameter.
        (WebCore::MemoryCache::removeResourcesWithOrigin): Iterate through all CachedResourceMaps.
        (WebCore::MemoryCache::getOriginsWithCache): Ditto.
        (WebCore::MemoryCache::removeUrlFromCache): Add sessionID parameter.
        (WebCore::MemoryCache::removeRequestFromCache): Ditto.
        (WebCore::MemoryCache::removeRequestFromSessionCaches): Remove request from all CachedResourceMaps, with multithread support.
        (WebCore::MemoryCache::removeRequestFromCacheImpl): Add sessionID parameter.
        (WebCore::MemoryCache::removeRequestFromSessionCachesImpl): Iterate through all CachedResourceMaps.
        (WebCore::MemoryCache::crossThreadRemoveRequestFromCache): Add sessionID parameter.
        (WebCore::MemoryCache::crossThreadRemoveRequestFromSessionCaches): Pass on request to removeRequestFromSessionCachesImpl.
        (WebCore::MemoryCache::getStatistics): Iterate through all CachedResourceMaps.
        (WebCore::MemoryCache::setDisabled): Ditto.
        * loader/cache/MemoryCache.h: Create another level for cache.
        * platform/CrossThreadCopier.cpp: Allow copying SessionIDs across threads.
        (WebCore::SessionID>::copy):
        * platform/CrossThreadCopier.h:
        * platform/network/cf/ResourceRequest.h:
        (WebCore::ResourceRequest::ResourceRequest): Remove trailing whitespace.
        * rendering/RenderSnapshottedPlugIn.cpp:
        (WebCore::RenderSnapshottedPlugIn::updateSnapshot): Initialize CachedImage with sessionID.
        * testing/Internals.cpp:
        (WebCore::Internals::isLoadingFromMemoryCache): Pass sessionID to MemoryCache.

2014-03-03  Martin Robinson  <mrobinson@igalia.com>

        [GTK][CMake] Generate documentation for the DOM bindings
        https://bugs.webkit.org/show_bug.cgi?id=126211

        Reviewed by Carlos Garcia Campos.

        * PlatformGTK.cmake: Add some files to the GObjectDOMBindings build, so that the
        doc generation succeeds. Have the GObjectDOMBindings_INSTALLED_HEADERS variable contain
        all installed headers and use another variable for GIR generation. Create the configuration
        file for the gtkdoc generation.

2014-03-05  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Wrong cliprect on absolute positioned elements.
        https://bugs.webkit.org/show_bug.cgi?id=129656

        Reviewed by Simon Fraser.

        outlineBoundsForRepaint() is expected to return the outline repaint rect. Using enclosingIntRect()
        to calculate the outline boundaries breaks repaint logic in RenderElement::repaintAfterLayoutIfNeeded().
        Since enclosingIntRect() can return bigger rect than repaint rect, the old/new bounds' dimensions could end up
        being different which triggers the size change repaint code path.

        Test: fast/repaint/hidpi-absolute-positioned-element-wrong-cliprect-after-move.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::outlineBoundsForRepaint):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::repaintAfterLayoutIfNeeded):
        * rendering/svg/RenderSVGModelObject.cpp:
        (WebCore::RenderSVGModelObject::outlineBoundsForRepaint):

2014-03-05  Krzysztof Czech  <k.czech@samsung.com>

        [ATK] Expose missing functionalities of AtkTableCell to AT.
        https://bugs.webkit.org/show_bug.cgi?id=129492

        Reviewed by Mario Sanchez Prada.

        Implemented missing API of AtkTableCell.

        No new tests. Covered by existing ones.

        * accessibility/atk/WebKitAccessibleInterfaceTableCell.cpp:
        (webkitAccessibleTableCellGetColumnSpan):
        (webkitAccessibleTableCellGetRowSpan):
        (webkitAccessibleTableCellGetPosition):
        (webkitAccessibleTableCellGetTable):
        (webkitAccessibleTableCellInterfaceInit):

2014-03-05  Andres Gomez  <agomez@igalia.com>

        [GStreamer] WebSource doesn't need the "iradio-mode" property
        https://bugs.webkit.org/show_bug.cgi?id=129685

        Reviewed by Philippe Normand.

        Removed the "iradio-mode" property from the WK source element
        since this was only available for its modification from
        playbin/uridecodebin and, as discussed in GStreamer bug #725383,
        it was not being set and now is going to be removed.

        It is safe just to send always the "icy-metadata" header set and
        deal with returning "icy" headers as we were already doing.

        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcSetProperty):
        (webKitWebSrcGetProperty):
        (webKitWebSrcStart):

2014-03-05  Chang Shu  <cshu@webkit.org>

        Copying wrapping text results in multiple spaces between wrapped lines stripped.
        https://bugs.webkit.org/show_bug.cgi?id=129609.

        Reviewed by Ryosuke Niwa.

        While checking the condition of restoring the missing space, the collapsed spaces
        may not be exactly one.

        editing/pasteboard/copy-text-with-wrapped-tag.html is enhanced to test this case.

        * editing/TextIterator.cpp:
        (WebCore::TextIterator::handleTextBox):

2014-03-05  Ryosuke Niwa  <rniwa@webkit.org>

        appendChild shouldn't invalidate LiveNodeLists and HTMLCollections if they don't have valid caches
        https://bugs.webkit.org/show_bug.cgi?id=129727

        Reviewed by Andreas Kling.

        Before this patch, invalidateNodeListAndCollectionCachesInAncestors invalidated node lists and HTML
        collections on ancestors of a node whenever we're inserting or removing a child node. This patch
        makes HTMLCollections and LiveNodeLists register themselves with Document only when they have valid
        caches.

        Each user of CollectionIndexCache now implements willValidateIndexCache member function that gets
        called when CollectionIndexCache caches any state and necessitates the registration with document.

        * dom/ChildNodeList.h: Added an empty willValidateIndexCache since child node lists are never
        registered with document.

        * dom/CollectionIndexCache.h:
        (WebCore::CollectionIndexCache::hasValidCache): Added.
        (WebCore::CollectionIndexCache::nodeCount): Calls willValidateIndexCache when caching node count.
        (WebCore::CollectionIndexCache::nodeAfterCached): Ditto. Also assert that hasValidCache() true in
        the cases where we're simply updating our caches or adding more caches.
        (WebCore::CollectionIndexCache::nodeAt): Ditto. Also added a code to set the length cache when
        we've reached the end of the list. This should be a slight speed up on some cases.

        * dom/Document.cpp:
        (WebCore::Document::Document): Initializes a variable used by assertions.
        (WebCore::Document::unregisterNodeList): Added an early exit for when m_listsInvalidatedAtDocument
        is empty since invalidateNodeListAndCollectionCaches swaps out the list.
        (WebCore::Document::registerCollection): Removed the boolean hasIdNameMap since we now explicitly
        call collectionCachedIdNameMap in HTMLCollection.
        (WebCore::Document::unregisterCollection): Ditto. Exit early if m_collectionsInvalidatedAtDocument
        is empty since invalidateNodeListAndCollectionCaches swaps out the list.
        * dom/Document.h:

        * dom/LiveNodeList.cpp:
        (WebCore::LiveNodeList::invalidateCache): Unregister the node list with document if we had caches.
        * dom/LiveNodeList.h:
        (WebCore::LiveNodeList::LiveNodeList):
        (WebCore::LiveNodeList::~LiveNodeList): Ditto.
        (WebCore::LiveNodeList::invalidateCache): Pass around document. This is necessary since document()
        had already moved to the new document inside NodeListsNodeData::invalidateCaches.
        (WebCore::LiveNodeList::willValidateIndexCache): Added. Registers itself with document.

        * dom/Node.cpp:
        (WebCore::Document::invalidateNodeListAndCollectionCaches): Swap the lists since invalidateCache
        tries to unregister node lists and HTML collections with document. Since this is the only case in
        which node lists and HTML collections being removed may not be in the lists in unregisterNodeList
        and unregisterCollection, assert this condition via m_inInvalidateNodeListAndCollectionCaches.
        (WebCore::NodeListsNodeData::invalidateCaches):

        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::adoptDocument): Unregister node lists and HTML collections from old
        document via invalidateCache. We need to explicitly pass in oldDocument here since owner node's
        document had already been changed to newDocument at this point. Since we're invalidating caches,
        there is no need to register node lists and HTML collections with newDocument.

        * html/HTMLCollection.cpp:
        (WebCore::HTMLCollection::HTMLCollection):
        (WebCore::HTMLCollection::~HTMLCollection): Unregister the node list with document if we had caches.
        (WebCore::HTMLCollection::invalidateCache): Ditto.
        (WebCore::HTMLCollection::invalidateNamedElementCache):
        * html/HTMLCollection.h:
        (WebCore::HTMLCollection::invalidateCache): Pass around document as done in LiveNodeList.
        (WebCore::HTMLCollection::willValidateIndexCache): Ditto.

        * html/HTMLFormControlsCollection.cpp:
        (WebCore::HTMLFormControlsCollection::invalidateCache): Ditto.
        * html/HTMLFormControlsCollection.h:

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::invalidateSelectedItems): Ditto.
        (WebCore::HTMLSelectElement::setRecalcListItems): Ditto.

2014-03-05  Jon Lee  <jonlee@apple.com>

        Fix linker error after r165087
        https://bugs.webkit.org/show_bug.cgi?id=129730

        Reviewed by Csaba Osztrogonác.

        * WebCore.exp.in: Remove undefined symbol __ZN7WebCore32WebVideoFullscreenChangeObserverD2Ev.

2014-03-04  Zalan Bujtas  <zalan@apple.com>

        Enable device pixel repaint rect tracking.
        https://bugs.webkit.org/show_bug.cgi?id=129712

        Reviewed by Simon Fraser.

        Tracked repaint rects are device pixel snapped now to support hiDPI test cases.

        Test: fast/repaint/hidpi-device-pixel-based-repaint-rect-tracking.html

        * WebCore.exp.in:
        * page/FrameView.cpp:
        (WebCore::FrameView::addTrackedRepaintRect):
        (WebCore::FrameView::trackedRepaintRectsAsText): Print them as LayoutUnits to get
        trailing zeros cut off.
        * page/FrameView.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayer.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::setContentsNeedDisplay):
        (WebCore::RenderLayerBacking::setContentsNeedDisplayInRect):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::repaintViewRectangle):

2014-03-04  Simon Fraser  <simon.fraser@apple.com>

        Don't clamp scrolling node offsets when the offset is changed by delegated scrolling
        https://bugs.webkit.org/show_bug.cgi?id=129724

        Reviewed by Sam Weinig.
        
        Call setScrollPositionWithoutContentEdgeConstraints() from
        ScrollingTree::scrollPositionChangedViaDelegatedScrolling() so that
        layers are not clamped during rubber-banding.
        
        This requires making setScrollPositionWithoutContentEdgeConstraints()
        a pure virtual function on the base class.

        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::scrollPositionChangedViaDelegatedScrolling):
        * page/scrolling/ScrollingTreeScrollingNode.h:
        * page/scrolling/ios/ScrollingTreeScrollingNodeIOS.h:
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.h:

2014-03-04  Jeremy Jones  <jeremyj@apple.com>

        WebVideoFullscreen, should make the hand off of the video layer explicit.
        https://bugs.webkit.org/show_bug.cgi?id=128844

        Reviewed by Simon Fraser.

        This change introduces a more explicit hand-off of the video layer.
        This describes the interactions between WebVideoFullscreenInterface and WebVideoFullscreenModel
        WebVideoFullscreenModel <-> WebVideoFullscreenInterface
              enterFullScreen(*) ->
                                <- borrowVideoLayer
              willLendVideoLayer ->
               didLendVideoLayer ->
                                <- didEnterFullscreen
                                ...
                                <- requestExitFullscreen
                  exitFullscreen ->
                                <- returnVideoLayer
                                <- didExitFullscreen
        (*) enterFullScreen actually comes from WebVideoFullscreenControllerAVKit.

        * WebCore.exp.in:
        Export new functions in WebVideoFullscreenInterfaceAVKit, WebVideoFullscreenModelMediaElement, etc.

        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        Add WebVideoFullscreenControllerChangeObserver to forward fullscreen callbacks to WebVideoFullscreenController

        (WebVideoFullscreenControllerChangeObserver::setTarget):
        Sets obj-c target of fullscreen change callbacks.

        (-[WebVideoFullscreenController init]):
        Point _changeObserver's target at self.

        (-[WebVideoFullscreenController dealloc]):
        Clear _changeObserver's target.

        (-[WebVideoFullscreenController enterFullscreen:]):
        Retain self to prevent dealloc during animation or while fullscreen.
        Connect _interface to _changeObserver.

        (-[WebVideoFullscreenController exitFullscreen]):
        Remove use of completion move cleanup to -didExitFullscreen.

        (-[WebVideoFullscreenController didEnterFullscreen]):
        Nothing to see here.

        (-[WebVideoFullscreenController didExitFullscreen]):
        Move clean up code that was in a completion to here.

        * platform/ios/WebVideoFullscreenInterface.h:
        Add delarations for more explicit hand-off of video layer.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        Add WebVideoFullscreenChangeObserver to notify when fullscreen animations complete.
        Add declarations for more explicit hand-off of video layer.
        Add WebAVPlayerLayer now always wraps the m_videoLayer to prevent default behavior
        of AVPlayerLayer.

        (WebCore::WebVideoFullscreenChangeObserver::~WebVideoFullscreenChangeObserver):
        Add empty virtual destructor.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        Include AVKit headers instead of declaring everything locally.
        AVPlayerLayer protocol renamed to AVVideoLayer per AVKit.

        (-[WebAVPlayerController dealloc]):
        Don't refer to self.

        (-[WebAVPlayerController playerViewController:shouldDismissWithReason:]):
        Pause before requesting exit fullscreen.

        (-[WebAVPlayerLayer setPlayerController:]):
        This is required by AVVideoLayer, but we don't need it.

        (WebVideoFullscreenInterfaceAVKit::playerController):
        White space.

        (WebVideoFullscreenInterfaceAVKit::setWebVideoFullscreenChangeObserver):
        Set observer to forward fullscreen changes to.

        (WebVideoFullscreenInterfaceAVKit::enterFullscreen):
        Use more explicit video layer hand-off.

        (WebVideoFullscreenInterfaceAVKit::doEnterFullscreen):
        Move enterFullscreen logic here.
        AVPlayerViewController now takes the video layer at init time.
        Always provide a video layer wrapped in a WebAVPlayerLayer.

        (WebVideoFullscreenInterfaceAVKit::willLendVideoLayer):
        Use more explicit video layer hand-off.

        (WebVideoFullscreenInterfaceAVKit::didLendVideoLayer):
        Use more explicit video layer hand-off.

        (WebVideoFullscreenInterfaceAVKit::exitFullscreen):
        Use more explicit video layer hand-off.

        * platform/ios/WebVideoFullscreenModel.h:
        Add functions for more explicit video layer hand-off.

        * platform/ios/WebVideoFullscreenModelMediaElement.h:
        Mark virtual functions as virtual.
        Add changes for WebVideoFullscreenModel.

        * platform/ios/WebVideoFullscreenModelMediaElement.mm:
        Use more explicit video layer hand-off.

        (WebVideoFullscreenModelMediaElement::setMediaElement):
        Don't push the video layer. Wait for a request for it.

        (WebVideoFullscreenModelMediaElement::handleEvent):
        Make sure m_videoFullscreenInterface is valid.

        (WebVideoFullscreenModelMediaElement::borrowVideoLayer):
        Use more explicit video layer hand-off.
        Lend videoLayer in request to a request to borrow the videoLayer.
        Make sure to retain the video layer before it is removed from the layer tree.

        (WebVideoFullscreenModelMediaElement::returnVideoLayer):
        Use more explicit video layer hand-off.

        (WebVideoFullscreenModelMediaElement::requestExitFullscreen):
        Don't clear the mediaElement reference until completely exited from fullscreen.

2014-03-04  Simon Fraser  <simon.fraser@apple.com>

        Get position:fixed working slightly better on iOS
        https://bugs.webkit.org/show_bug.cgi?id=129714

        Reviewed by Benjamin Poulain.

        Send the scroll position as a FloatPoint, rather than an IntPoint.

        * WebCore.exp.in:
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::scrollPositionChangedViaDelegatedScrolling):
        * page/scrolling/ScrollingTree.h:

2014-03-04  Alex Christensen  <achristensen@webkit.org>

        Fixed Windows build without MEDIA_CONTROLS_SCRIPT enabled.
        https://bugs.webkit.org/show_bug.cgi?id=129701

        Reviewed by Jer Noble.

        * WebCore.vcxproj/WebCore.vcxproj:
        * DerivedSources.cpp:
        Moved UserAgentScriptsData.cpp to DerivedSources.cpp to only be built if MEDIA_CONTROLS_SCRIPT is enabled.
        * DerivedSources.make:
        Only generate UserAgentScripts.cpp/h when USER_AGENT_SCRIPTS is non-empty.
        * rendering/RenderThemeWin.cpp:
        Only include UserAgentScripts.h when MEDIA_CONTROLS_SCRIPT is enabled.

2014-03-04  Simon Fraser  <simon.fraser@apple.com>

        Allow iOS DumpRenderTree crashes to show application-specific information
        https://bugs.webkit.org/show_bug.cgi?id=129705

        Reviewed by David Kilzer.

        Make the WKSI function SetCrashReportApplicationSpecificInformation available
        in iOS simulator builds.

        * WebCore.exp.in:
        * platform/ios/WebCoreSystemInterfaceIOS.mm:
        * platform/mac/WebCoreSystemInterface.h:

2014-03-04  Andreas Kling  <akling@apple.com>

        Spam static branch prediction hints on JS bindings.
        <https://webkit.org/b/129703>

        Add UNLIKELY hints to all !castedThis and exec->hadException() paths
        in the JS bindings since they are almost always going to get skipped.

        Reviewed by Geoff Garen.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        (GenerateParametersCheck):
        (GenerateImplementationFunctionCall):
        (GenerateConstructorDefinition):

2014-03-04  Adenilson Cavalcanti  <cavalcantii@gmail.com>

        Remove unused StdDeviation from Gaussian Blur effect
        https://bugs.webkit.org/show_bug.cgi?id=129693

        Reviewed by Simon Fraser.

        No new tests, no change on behavior.

        * platform/graphics/filters/FEGaussianBlur.cpp:
        * platform/graphics/filters/FEGaussianBlur.h:

2014-03-04  Andreas Kling  <akling@apple.com>

        Add a Document::updateStyleIfNeededForNode(Node&).
        <https://webkit.org/b/129689>

        Generalize the mechanism that computed style uses to avoid doing full
        style updates when the node we're interested in isn't actually dirty.

        Reviewed by Antti Koivisto.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        * dom/Document.cpp:
        (WebCore::nodeOrItsAncestorNeedsStyleRecalc):
        (WebCore::Document::updateStyleIfNeededForNode):
        * dom/Document.h:
        * editing/htmlediting.cpp:
        (WebCore::isEditablePosition):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::defaultEventHandler):

2014-03-04  Mark Hahnenberg  <mhahnenberg@apple.com>

        Merge API shims and JSLock
        https://bugs.webkit.org/show_bug.cgi?id=129650

        Reviewed by Mark Lam.

        No new tests.

        JSLock is now taking on all of APIEntryShim's responsibilities since there is never a reason 
        to take just the JSLock. Ditto for DropAllLocks and APICallbackShim.

        * bindings/js/DOMRequestState.h:
        (WebCore::DOMRequestState::Scope::Scope):
        * bindings/js/JSDOMPromise.h:
        (WebCore::DeferredWrapper::resolve):
        (WebCore::DeferredWrapper::reject):
        (WebCore::DeferredWrapper::resolve<String>):
        (WebCore::DeferredWrapper::resolve<bool>):
        (WebCore::char>>):
        (WebCore::DeferredWrapper::reject<String>):
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::evaluateInWorld):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::SerializedScriptValue::create):
        (WebCore::SerializedScriptValue::deserialize):

2014-03-04  Beth Dakin  <bdakin@apple.com>

        REGRESSION: Overlay scrollbars that have grown are sometimes askew in the track
        https://bugs.webkit.org/show_bug.cgi?id=129691
        -and corresponding-
        <rdar://problem/15666846>

        Reviewed by Simon Fraser.

        This regression started happening after we adopted the setPresentationValue 
        ScrollbarPainter API which allows us to update the position of the scrollbar knob 
        from our secondary scrolling thread. The bug occurs when the scrollbar grows while 
        it still thinks it is in presentation-value mode. Whenever the scrollbar grows, it 
        should be in non-presentation value mode.

        If the wheel event has ended or been cancelled, we can switch out of presentation 
        value mode.
        * page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:
        (WebCore::ScrollingTreeScrollingNodeMac::handleWheelEvent):

        Sometimes we will grow the scrollbar before we have received a wheel event with 
        the end or cancelled phase, and so automatically switch out of presentation-value 
        mode whenever we start one of these animations.
        * platform/mac/ScrollAnimatorMac.mm:
        (-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):

2014-03-04  Zan Dobersek  <zdobersek@igalia.com>

        Move Source/WebCore/html/track/ code to std::unique_ptr
        https://bugs.webkit.org/show_bug.cgi?id=129666

        Reviewed by Eric Carlson.

        Replace uses of OwnPtr and PassOwnPtr in code under Source/WebCore/html/track/ with std::unique_ptr.

        * html/track/AudioTrack.h:
        * html/track/InbandWebVTTTextTrack.cpp:
        (WebCore::InbandWebVTTTextTrack::parseWebVTTCueData):
        * html/track/InbandWebVTTTextTrack.h:
        * html/track/LoadableTextTrack.cpp:
        (WebCore::LoadableTextTrack::loadTimerFired):
        (WebCore::LoadableTextTrack::newCuesAvailable):
        (WebCore::LoadableTextTrack::cueLoadingCompleted):
        (WebCore::LoadableTextTrack::newRegionsAvailable):
        * html/track/LoadableTextTrack.h:
        * html/track/TextTrack.h:
        * html/track/TextTrackCue.h:
        * html/track/TextTrackRegion.h:
        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::createWebVTTNodeTree):
        (WebCore::VTTCue::markFutureAndPastNodes):
        * html/track/VTTCue.h:
        * html/track/VideoTrack.h:
        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::WebVTTParser):
        * html/track/WebVTTParser.h:
        * html/track/WebVTTTokenizer.h:
        * loader/TextTrackLoader.cpp:
        (WebCore::TextTrackLoader::processNewCueData):
        * loader/TextTrackLoader.h:

2014-03-04  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Make border-radius painting device pixel aware.
        https://bugs.webkit.org/show_bug.cgi?id=129558

        Reviewed by Simon Fraser.

        Snap rounded rects to device pixels right before passing them to GraphicsContext.

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::clipRoundedInnerRect):
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        (WebCore::RenderBoxModelObject::paintBorder):
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::paint):
        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::paint):

2014-03-04  Simon Fraser  <simon.fraser@apple.com>

        Crashes and assertions running iOS compositing tests
        https://bugs.webkit.org/show_bug.cgi?id=129688

        Reviewed by Dean Jackson.
        
        When a layer is no longer composited, we need to unregister it
        from the scrolling coordinator, and remove it from m_scrollCoordinatedLayers.

        Tested by compositing tests on iOS.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateBacking):

2014-03-04  Antti Koivisto  <antti@apple.com>

        Update bindings test results after r165046.

        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_set_property):
        (webkit_dom_test_obj_set_reflected_string_attr):
        (webkit_dom_test_obj_set_reflected_url_attr):
        (webkit_dom_test_obj_set_reflected_custom_url_attr):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::setJSTestObjReflectedStringAttr):
        (WebCore::setJSTestObjReflectedURLAttr):
        (WebCore::setJSTestObjReflectedCustomURLAttr):
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj setReflectedStringAttr:]):
        (-[DOMTestObj setReflectedURLAttr:]):
        (-[DOMTestObj setReflectedCustomURLAttr:]):

2014-03-04  Martin Robinson  <mrobinson@igalia.com>

        [GTK] Simplify the GObject DOM bindings API break check into one step
        https://bugs.webkit.org/show_bug.cgi?id=129571

        Reviewed by Carlos Garcia Campos.

        * bindings/gobject/GNUmakefile.am: We no longer generate the webkitdom.symbols file in the
        DerivedSources directory. All the logic is handled internally in the script now.
        * bindings/scripts/gobject-run-api-break-test: Removed.

2014-03-04  Zalan Bujtas  <zalan@apple.com>

        Build fix for iOS.

        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::addRoundedBorderClip):
        (WebCore::RenderThemeIOS::paintFileUploadIconDecorations):

2014-03-04  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Make GraphicsLayer::fillRect FloatRoundedRect based and cleanup dependencies.
        https://bugs.webkit.org/show_bug.cgi?id=129557

        Reviewed by Simon Fraser.

        This is the preparation for snapping rounded rects to device pixel position. It enables
        device pixel aware border-radius painting.

        No change in functionality.

        * platform/efl/RenderThemeEfl.cpp:
        (WebCore::RenderThemeEfl::paintMediaSliderThumb):
        * platform/graphics/FloatRoundedRect.cpp:
        (WebCore::FloatRoundedRect::FloatRoundedRect):
        (WebCore::FloatRoundedRect::isRenderable):
        * platform/graphics/FloatRoundedRect.h:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::clipRoundedRect):
        (WebCore::GraphicsContext::clipOutRoundedRect):
        (WebCore::GraphicsContext::fillRoundedRect):
        (WebCore::GraphicsContext::fillRectWithRoundedHole):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/Path.cpp:
        (WebCore::Path::addRoundedRect):
        * platform/graphics/Path.h:
        * platform/graphics/RoundedRect.cpp:
        (WebCore::RoundedRect::pixelSnappedRoundedRectForPainting):
        * platform/graphics/RoundedRect.h:
        * platform/graphics/ShadowBlur.cpp:
        (WebCore::ShadowBlur::drawRectShadow):
        (WebCore::ShadowBlur::drawInsetShadow):
        (WebCore::ShadowBlur::drawRectShadowWithoutTiling):
        (WebCore::ShadowBlur::drawInsetShadowWithoutTiling):
        (WebCore::ShadowBlur::drawInsetShadowWithTiling):
        (WebCore::ShadowBlur::drawRectShadowWithTiling):
        * platform/graphics/ShadowBlur.h:
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::fillRect):
        (WebCore::GraphicsContext::platformFillRoundedRect):
        (WebCore::GraphicsContext::fillRectWithRoundedHole):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::fillRect):
        (WebCore::GraphicsContext::platformFillRoundedRect):
        (WebCore::GraphicsContext::fillRectWithRoundedHole):
        * platform/graphics/wince/GraphicsContextWinCE.cpp:
        (WebCore::GraphicsContext::fillRoundedRect):
        * platform/gtk/RenderThemeGtk.cpp:
        (WebCore::borderRadiiFromStyle):
        (WebCore::RenderThemeGtk::paintMediaSliderTrack):
        (WebCore::RenderThemeGtk::paintMediaSliderThumb):
        (WebCore::RenderThemeGtk::paintMediaVolumeSliderTrack):
        * platform/win/DragImageWin.cpp:
        (WebCore::createDragImageForLink):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::paintBoxDecorations):
        (WebCore::RenderBox::pushContentsClip):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::clipRoundedInnerRect):
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        (WebCore::RenderBoxModelObject::paintBorder):
        (WebCore::RenderBoxModelObject::drawBoxSideFromPath):
        (WebCore::RenderBoxModelObject::clipBorderSideForComplexInnerPath):
        (WebCore::RenderBoxModelObject::paintBoxShadow):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::clipToRect):
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::paintRadioDecorations):
        (WebCore::RenderThemeIOS::paintTextFieldDecorations):
        (WebCore::RenderThemeIOS::paintMenuListButtonDecorations):
        (WebCore::RenderThemeIOS::paintSliderTrack):
        (WebCore::RenderThemeIOS::paintProgressBar):
        (WebCore::RenderThemeIOS::paintFileUploadIconDecorations):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintMenuListButtonGradients):
        (WebCore::RenderThemeMac::paintSliderTrack):
        * rendering/RenderThemeSafari.cpp:
        (WebCore::RenderThemeSafari::paintMenuListButtonGradients):
        (WebCore::RenderThemeSafari::paintSliderTrack):
        * rendering/shapes/BoxShape.cpp:
        (WebCore::BoxShape::buildDisplayPaths):
        * rendering/style/BasicShapes.cpp:
        (WebCore::BasicShapeInset::path):

2014-03-04  Andreas Kling  <akling@apple.com>

        Micro-optimize Strings in JS bindings.
        <https://webkit.org/b/129673>

        Tweaked for new jsStringWithWeakOwner signature. This patch removes
        36 bytes of code from every wrapper getter that returns a DOMString.

        Reviewed by Ryosuke Niwa.

        * bindings/js/JSDOMBinding.h:
        (WebCore::jsStringWithCache):

2014-03-03  David Kilzer  <ddkilzer@apple.com>

        SVGPropertyTearOffs should detachChildren before deleting its value.
        <http://webkit.org/b/129618>
        <rdar://problem/15661617>

        Reviewed by Maciej Stachowiak.

        Merged from Blink (patch by kouhei@chromium.org):
        https://src.chromium.org/viewvc/blink?revision=158563&view=revision
        http://crbug.com/296276

        Test: svg/transforms/svg-matrix-tearoff-crash.html

        NOTE: The test does not reproduce a crash on WebKit using
        JavaScriptCore.

        * svg/properties/SVGPropertyTearOff.h:
        (WebCore::SVGPropertyTearOff::setValue):
        (WebCore::SVGPropertyTearOff::~SVGPropertyTearOff):
        - Call detachChildren() if m_value is a copy.  The original
          Blink patch did not modify the destructor code path, although
          that seems obvious via code inspection.

2014-03-04  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Incorrect repaint rect cuts off content's right edge after move.
        https://bugs.webkit.org/show_bug.cgi?id=129652

        Reviewed by Simon Fraser.

        When repaint rect is adjusted in order to take the distance from renderer into account,
        the accumulated fraction value need to be added too. This is always a positive value.

        Test: fast/borders/hidpi-border-clipping-right-after-move.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::setContentsNeedDisplayInRect):

2014-03-04  Ryuan Choi  <ryuan.choi@samsung.com>

        Remove unused member variable of NetworkInfoController
        https://bugs.webkit.org/show_bug.cgi?id=129674

        Reviewed by Gyuyoung Kim.

        * Modules/networkinfo/NetworkInfoController.cpp:
        (WebCore::NetworkInfoController::NetworkInfoController):
        (WebCore::NetworkInfoController::create):
        (WebCore::provideNetworkInfoTo):
        * Modules/networkinfo/NetworkInfoController.h: Removed m_page which is not really used.

2014-02-07  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] Percentages of indefinite sizes should compute to auto
        https://bugs.webkit.org/show_bug.cgi?id=128173

        Reviewed by Darin Adler.

        We should treat percentages of indefinite sizes as auto as
        mandated by the spec. Otherwise we would end up calculating a
        percentage of -1, the value we use to represent infinite.

        Added some test cases to the current tests.

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::gridTrackSize):
        * rendering/style/GridTrackSize.h:
        (WebCore::GridTrackSize::isPercentage):

2014-03-04  Ryosuke Niwa  <rniwa@webkit.org>

        Don't synchronize attributes in reflect setters when we don't need to
        https://bugs.webkit.org/show_bug.cgi?id=129662

        Reviewed by Andreas Kling.

        The vast majority of attributes don't need synchronization. Avoid calling synchronizeAttribute in setters
        for those content attributes generated by "Reflect" keyword in IDL.

        * bindings/scripts/CodeGenerator.pm:
        (SetterExpression):
        * dom/Element.cpp:
        (WebCore::Element::setAttributeWithoutSynchronization): Added.
        * dom/Element.h:

2014-03-04  Andreas Kling  <akling@apple.com>

        Remove Document::idAttributeName().
        <https://webkit.org/b/129663>

        Reviewed by Ryosuke "DYEB" Niwa.

        This abstraction is not actually used and causes unnecessary indirection
        in some pretty hot code paths.

        Replace it with hard-coded HTMLNames::idAttr instead which is a compile
        time constant pointer. We can revisit this in the future if we wish to
        implement support for custom id attributes.

        * dom/Attr.cpp:
        (WebCore::Attr::isId):
        * dom/Document.cpp:
        (WebCore::Document::Document):
        * dom/Document.h:
        * dom/Element.cpp:
        (WebCore::Element::attributeChanged):
        (WebCore::Element::willModifyAttribute):
        * dom/Element.h:
        (WebCore::Element::getIdAttribute):
        (WebCore::Element::getNameAttribute):
        (WebCore::Element::setIdAttribute):
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::parseAttribute):
        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::parseAttribute):
        * html/HTMLMapElement.cpp:
        (WebCore::HTMLMapElement::parseAttribute):
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::attributeChanged):
        (WebCore::SVGElement::isKnownAttribute):
        (WebCore::SVGElement::svgAttributeChanged):

2014-03-04  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r164856): Use after free in WebCore::QualifiedName::operator== / WebCore::StyledElement::attributeChanged
        https://bugs.webkit.org/show_bug.cgi?id=129550

        Reviewed by Andreas Kling.

        We can't store a reference to QualifiedName here because ensureUniqueElementData could delete QualifiedName inside Attribute.

        Test: fast/dom/uniquing-attributes-via-setAttribute.html

        * dom/Element.cpp:
        (WebCore::Element::setAttributeInternal):

2014-03-04  Hyowon Kim  <hw1008.kim@samsung.com>

        Move EvasGLContext and EvasGLSurface files into the efl common directory.
        https://bugs.webkit.org/show_bug.cgi?id=129603

        Reviewed by Gyuyoung Kim.

        EFL port will use EvasGLContext and EvasGLSurface files in both WK1 and WK2.

        No new tests, just refactorings.

        * PlatformEfl.cmake:
        * platform/graphics/efl/EvasGLContext.cpp: Renamed from Source/WebKit2/UIProcess/API/efl/EvasGLContext.cpp.
        (WebKit::EvasGLContext::EvasGLContext):
        (WebKit::EvasGLContext::~EvasGLContext):
        * platform/graphics/efl/EvasGLContext.h: Renamed from Source/WebKit2/UIProcess/API/efl/EvasGLContext.h.
        (WebKit::EvasGLContext::create):
        (WebKit::EvasGLContext::context):
        * platform/graphics/efl/EvasGLSurface.cpp: Renamed from Source/WebKit2/UIProcess/API/efl/EvasGLSurface.cpp.
        (WebKit::EvasGLSurface::EvasGLSurface):
        (WebKit::EvasGLSurface::~EvasGLSurface):
        * platform/graphics/efl/EvasGLSurface.h: Renamed from Source/WebKit2/UIProcess/API/efl/EvasGLSurface.h.
        (WebKit::EvasGLSurface::create):
        (WebKit::EvasGLSurface::surface):

2014-03-03  Martin Robinson  <mrobinson@igalia.com>

        Fix the GTK+ CMake build

        * PlatformGTK.cmake: Add a missing file to the source list.

2014-03-03  Sanghyup Lee  <sh53.lee@samsung.com>

        :active style is not cleared when its display property is set to none before mouse released.
        https://bugs.webkit.org/show_bug.cgi?id=129465

        Reviewed by Antonio Gomes.

        Source/WebCore:

        We currently clearing the :active style when element has a renderer.
        This patch makes elements clear its active style regardless of renderer. 

        * dom/Document.cpp:
        (WebCore::Document::updateHoverActiveState):

        LayoutTests:

        * fast/css/active-display-none-expected.txt: Added.
        * fast/css/active-display-none.html: Added.


2014-03-03  Andreas Kling  <akling@apple.com>

        Remove 2 unnecessary includes from JSDOMBinding.h
        <https://webkit.org/b/129619>

        Reviewed by Antti Koivisto.

        * bindings/js/JSDOMBinding.h:

2014-03-03  Myles C. Maxfield  <mmaxfield@apple.com>

        GraphicsContext::drawLineForText needs to be exported from WebCore.dylib for iOS builds
        https://bugs.webkit.org/show_bug.cgi?id=129647

        Reviewed by NOBODY (This is a build fix).

        Fixing after r165025 and r165016.

        No new tests as this is a build fix.

        * WebCore.exp.in:

2014-03-03  Jer Noble  <jer.noble@apple.com>

        [iOS] Start playback button misplaced
        https://bugs.webkit.org/show_bug.cgi?id=129628

        Reviewed by Simon Fraser.

        On YouTube embeds, while the video is loading it is placed into the DOM with a 0x0 size.
        This causes the start playback button to be visible in the upper-left corner of the embed
        area. The button wasn't visible previously (in plugin mode) because the plugin clipped its
        drawing to its bounds, and so the <video> shadow should do the same.

        * Modules/mediacontrols/mediaControlsiOS.css:
        (::-webkit-media-controls):

2014-03-03  Enrica Casucci  <enrica@apple.com>

        Build fix for iOS simulator.

        * WebCore.exp.in:

2014-03-03  Jeremy Jones  <jeremyj@apple.com>

        Forward application suspend resume notifications to the web process.
        https://bugs.webkit.org/show_bug.cgi?id=129356

        Reviewed by Eric Carlson.

        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (-[WebMediaSessionHelper initWithCallback:]):
        Observe UIApplicationDidBecomeActiveNotification,
        WebUIApplicationDidBecomeActiveNotification,
        WebUIApplicationWillEnterForegroundNotification, and
        WebUIApplicationWillResignActiveNotification
        
        (-[WebMediaSessionHelper applicationDidBecomeActive:]):
        Resume session.

2014-03-03  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r165013.
        http://trac.webkit.org/changeset/165013
        https://bugs.webkit.org/show_bug.cgi?id=129646

        New code is not thread safe, asserting on a worker test
        (Requested by ap on #webkit).

        * WebCore.exp.in:
        * editing/DeleteButtonController.cpp:
        (WebCore::DeleteButtonController::createDeletionUI):
        * html/DOMURL.cpp:
        (WebCore::DOMURL::revokeObjectURL):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::cachedResource):
        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::replayXHR):
        * loader/DocumentLoader.cpp:
        (WebCore::areAllLoadersPageCacheAcceptable):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::tellClientAboutPastMemoryCacheLoads):
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::updateFromElement):
        * loader/archive/cf/LegacyWebArchive.cpp:
        (WebCore::LegacyWebArchive::create):
        * loader/cache/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::CachedCSSStyleSheet):
        * loader/cache/CachedCSSStyleSheet.h:
        * loader/cache/CachedFont.cpp:
        (WebCore::CachedFont::CachedFont):
        * loader/cache/CachedFont.h:
        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::CachedImage):
        * loader/cache/CachedImage.h:
        * loader/cache/CachedRawResource.cpp:
        (WebCore::CachedRawResource::CachedRawResource):
        * loader/cache/CachedRawResource.h:
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::~CachedResource):
        * loader/cache/CachedResource.h:
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::createResource):
        (WebCore::CachedResourceLoader::requestUserCSSStyleSheet):
        (WebCore::CachedResourceLoader::requestResource):
        (WebCore::CachedResourceLoader::revalidateResource):
        (WebCore::CachedResourceLoader::loadResource):
        * loader/cache/CachedResourceLoader.h:
        * loader/cache/CachedSVGDocument.cpp:
        (WebCore::CachedSVGDocument::CachedSVGDocument):
        * loader/cache/CachedSVGDocument.h:
        * loader/cache/CachedScript.cpp:
        (WebCore::CachedScript::CachedScript):
        * loader/cache/CachedScript.h:
        * loader/cache/CachedTextTrack.cpp:
        (WebCore::CachedTextTrack::CachedTextTrack):
        * loader/cache/CachedTextTrack.h:
        * loader/cache/CachedXSLStyleSheet.cpp:
        (WebCore::CachedXSLStyleSheet::CachedXSLStyleSheet):
        * loader/cache/CachedXSLStyleSheet.h:
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::add):
        (WebCore::MemoryCache::revalidationSucceeded):
        (WebCore::MemoryCache::resourceForURL):
        (WebCore::MemoryCache::resourceForRequest):
        (WebCore::MemoryCache::addImageToCache):
        (WebCore::MemoryCache::removeImageFromCache):
        (WebCore::MemoryCache::evict):
        (WebCore::MemoryCache::removeResourcesWithOrigin):
        (WebCore::MemoryCache::getOriginsWithCache):
        (WebCore::MemoryCache::removeUrlFromCache):
        (WebCore::MemoryCache::removeRequestFromCache):
        (WebCore::MemoryCache::removeRequestFromCacheImpl):
        (WebCore::MemoryCache::crossThreadRemoveRequestFromCache):
        (WebCore::MemoryCache::getStatistics):
        (WebCore::MemoryCache::setDisabled):
        * loader/cache/MemoryCache.h:
        * platform/CrossThreadCopier.cpp:
        * platform/CrossThreadCopier.h:
        * platform/network/cf/ResourceRequest.h:
        (WebCore::ResourceRequest::ResourceRequest):
        * rendering/RenderSnapshottedPlugIn.cpp:
        (WebCore::RenderSnapshottedPlugIn::updateSnapshot):
        * testing/Internals.cpp:
        (WebCore::Internals::isLoadingFromMemoryCache):

2014-03-03  Sam Weinig  <sam@webkit.org>

        Fix the iOS Simulator build.

        * WebCore.exp.in:

2014-03-03  Myles C. Maxfield  <mmaxfield@apple.com>

        Space between double underlines does not scale with font size
        https://bugs.webkit.org/show_bug.cgi?id=129521

        Reviewed by Simon Fraser.

        This patch moves the logic about how far to draw the second underline (when text-decoration-style: double
        is specified) from InlineTextBox to GraphicsContext, because GraphicsContext is the authoritative source
        about how thick underlines should be. The space between the two underlines is set to the thickness of
        each of the underlines.

        This patch also deletes some unused code in InlineTextBox that was never getting triggered, in addition
        to unifying drawLineForText with drawLinesForText. This didn't have any performance impact in my testing.

        Test: fast/css3-text/css3-text-decoration/text-decoration-style-double-space-scales.html

        * platform/graphics/GraphicsContext.h: drawLineForText takes a boolean for if we should draw double
        underlines.
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::drawLineForText):
        (WebCore::GraphicsContext::drawLinesForText):
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::drawLineForText):
        * platform/graphics/wince/GraphicsContextWinCE.cpp:
        (WebCore::GraphicsContext::drawLineForText):
        * rendering/InlineTextBox.cpp: Use new boolean argument
        (WebCore::drawSkipInkUnderline):
        (WebCore::InlineTextBox::paintDecoration):

2014-02-28  Chris Fleizach  <cfleizach@apple.com>

        AX: Support IOS Accessibility in WK2
        https://bugs.webkit.org/show_bug.cgi?id=129527

        Reviewed by Sam Weinig.

        Update the iOS wrapper so that it can convert points to screen space in WebKit2.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper convertPointToScreenSpace:]):
        (-[WebAccessibilityObjectWrapper convertRectToScreenSpace:]):

2014-03-03  Martin Hock  <mhock@apple.com>

        Add support for sessions to MemoryCache.
        https://bugs.webkit.org/show_bug.cgi?id=127794

        Reviewed by Sam Weinig.

        * WebCore.exp.in:
        * editing/DeleteButtonController.cpp:
        (WebCore::DeleteButtonController::createDeletionUI): Initialize CachedImage with sessionID.
        * html/DOMURL.cpp:
        (WebCore::DOMURL::revokeObjectURL): Remove URL from MemoryCache for all sessions.
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::cachedResource): Pass sessionID to MemoryCache.
        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::replayXHR): Ditto.
        * loader/DocumentLoader.cpp:
        (WebCore::areAllLoadersPageCacheAcceptable): Ditto.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::tellClientAboutPastMemoryCacheLoads): Ditto.
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::updateFromElement): Initialize CachedImage with sessionID.
        * loader/archive/cf/LegacyWebArchive.cpp:
        (WebCore::LegacyWebArchive::create): Pass sessionID to MemoryCache.
        * loader/cache/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::CachedCSSStyleSheet): Constructor takes sessionID.
        * loader/cache/CachedCSSStyleSheet.h:
        * loader/cache/CachedFont.cpp: Ditto.
        (WebCore::CachedFont::CachedFont):
        * loader/cache/CachedFont.h:
        * loader/cache/CachedImage.cpp: Ditto.
        (WebCore::CachedImage::CachedImage):
        * loader/cache/CachedImage.h:
        * loader/cache/CachedRawResource.cpp: Ditto.
        (WebCore::CachedRawResource::CachedRawResource):
        * loader/cache/CachedRawResource.h:
        * loader/cache/CachedResource.cpp: Ditto.
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::~CachedResource): Pass sessionID to MemoryCache.
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::sessionID):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::createResource): Constructors take sessionID.
        (WebCore::CachedResourceLoader::sessionID): Retrieve sessionID from page.
        (WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Pass sessionID to MemoryCache.
        (WebCore::CachedResourceLoader::requestResource): Initialize CachedCSSStyleSheet with sessionID.
        (WebCore::CachedResourceLoader::revalidateResource): Initialize cached resource with sessionID.
        (WebCore::CachedResourceLoader::loadResource): Pass sessionID to MemoryCache and initialize cached resource with sessionID.
        * loader/cache/CachedResourceLoader.h:
        * loader/cache/CachedSVGDocument.cpp: Constructor takes sessionID.
        (WebCore::CachedSVGDocument::CachedSVGDocument):
        * loader/cache/CachedSVGDocument.h:
        * loader/cache/CachedScript.cpp: Ditto.
        (WebCore::CachedScript::CachedScript):
        * loader/cache/CachedScript.h:
        * loader/cache/CachedTextTrack.cpp: Ditto.
        (WebCore::CachedTextTrack::CachedTextTrack):
        * loader/cache/CachedTextTrack.h:
        * loader/cache/CachedXSLStyleSheet.cpp: Ditto.
        (WebCore::CachedXSLStyleSheet::CachedXSLStyleSheet):
        * loader/cache/CachedXSLStyleSheet.h:
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::getSessionMap): Retrieve CachedResourceMap based on sessionID.
        (WebCore::MemoryCache::add): Use sessionID from CachedResource parameter.
        (WebCore::MemoryCache::revalidationSucceeded): Add sessionID parameter.
        (WebCore::MemoryCache::resourceForURL): Ditto.
        (WebCore::MemoryCache::resourceForRequest): Ditto, also move impl into impl method.
        (WebCore::MemoryCache::resourceForRequestImpl): Add CachedResourceMap parameter.
        (WebCore::MemoryCache::addImageToCache): Use default sessionID.
        (WebCore::MemoryCache::removeImageFromCache): Ditto.
        (WebCore::MemoryCache::evict): Use sessionID from CachedResource parameter.
        (WebCore::MemoryCache::removeResourcesWithOrigin): Iterate through all CachedResourceMaps.
        (WebCore::MemoryCache::getOriginsWithCache): Ditto.
        (WebCore::MemoryCache::removeUrlFromCache): Add sessionID parameter.
        (WebCore::MemoryCache::removeRequestFromCache): Ditto.
        (WebCore::MemoryCache::removeRequestFromCacheImpl): Ditto.
        (WebCore::MemoryCache::removeRequestFromSessionCaches): Iterate through all CachedResourceMaps.
        (WebCore::MemoryCache::crossThreadRemoveRequestFromCache): Add sessionID parameter.
        (WebCore::MemoryCache::getStatistics): Iterate through all CachedResourceMaps.
        (WebCore::MemoryCache::setDisabled): Ditto.
        * loader/cache/MemoryCache.h: Create another level for cache.
        * platform/CrossThreadCopier.cpp: Allow copying SessionIDs across threads.
        (WebCore::SessionID>::copy):
        * platform/CrossThreadCopier.h:
        * platform/network/cf/ResourceRequest.h:
        (WebCore::ResourceRequest::ResourceRequest): Remove trailing whitespace.
        * rendering/RenderSnapshottedPlugIn.cpp:
        (WebCore::RenderSnapshottedPlugIn::updateSnapshot): Initialize CachedImage with sessionID.
        * testing/Internals.cpp:
        (WebCore::Internals::isLoadingFromMemoryCache): Pass sessionID to MemoryCache.

2014-03-03  Andreas Kling  <akling@apple.com>

        Remove unused DataView code from JSDOMBinding.h
        <https://webkit.org/b/129616>

        Reviewed by Antti Koivisto.

        * bindings/js/JSDOMBinding.h:

2014-03-03  Simon Fraser  <simon.fraser@apple.com>

        Allow overflow-scroll to be one-finger scrolled until we hook up UIScrollViews
        https://bugs.webkit.org/show_bug.cgi?id=129621

        Reviewed by Benjamin Poulain.

        Temporary change to allow overflow:scroll to be scrolled in iOS WK2.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::hasAcceleratedTouchScrolling):

2014-03-03  Antti Koivisto  <antti@apple.com>

        Find results on simple lines are not marked correctly
        https://bugs.webkit.org/show_bug.cgi?id=129586

        Reviewed by Andreas Kling.

        Tests: editing/text-iterator/count-mark-lineboxes.html
               editing/text-iterator/count-mark-simple-lines.html
               
        TextIterator operating on simple lines failed to take the end of the range into account.
        This also causes performance issues on long documents as range traversals would miss the end
        node and end up going through the entire document.

        * editing/TextIterator.cpp:
        (WebCore::TextIterator::handleTextNode):
        
            Stop when hitting the range end on simple text nodes.

        (WebCore::SimplifiedBackwardsTextIterator::handleTextNode):
        
            Use hasRenderedText test instead of linebox-only firstTextBox.

        * testing/Internals.cpp:
        (WebCore::Internals::countMatchesForText):
        * testing/Internals.h:
        * testing/Internals.idl:
        
            Add testing interface for counting and marking matches.

2014-03-03  Benjamin Poulain  <benjamin@webkit.org>

        SelectorQuery failing RightMostWithIdMatch are compiling their selectors for each execution
        https://bugs.webkit.org/show_bug.cgi?id=129601

        Reviewed by Andreas Kling.

        This caused a regression after r164924 for documents in quirks mode. Since those always fail
        selectorForIdLookup(), they ended up compiling the selector every time they were called.

        * dom/SelectorQuery.cpp:
        (WebCore::SelectorDataList::execute):

2014-03-01  Jer Noble  <jer.noble@apple.com>

        [Mac] Crash in MediaPlayer::rateChanged()
        https://bugs.webkit.org/show_bug.cgi?id=129548

        Reviewed by Darin Adler.

        WTF::bind will automatically ref the parameters added to it. But MediaPlayerPrivate-
        AVFoundation and -MediaSOurceAVFObjC are not RefCounted, so by the time the bound
        function is called, the underlying objects may have been freed.

        Replace or augment callOnMainThread arguments with lambdas and weakPtrs so that
        if the argument has been destroyed, its methods will not be called.

        Make the MediaPlayerPrivateAVFoundation::Notification function type a std::function:
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
        (WebCore::MediaPlayerPrivateAVFoundation::Notification::Notification):
        (WebCore::MediaPlayerPrivateAVFoundation::Notification::function):

        Make createWeakPtr() public so that it can be called from non-class methods:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createWeakPtr): 
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::createWeakPtr): 

        Use a weakPtr to abort callOnMainThread() if the object has been destroyed:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::CMTimebaseEffectiveRateChangedCallback):
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::play):
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::pause):
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekWithTolerance):

2014-02-28  Jer Noble  <jer.noble@apple.com>

        [MSE] YouTube videos fail to play
        https://bugs.webkit.org/show_bug.cgi?id=129525

        Reviewed by Darin Adler.

        Test: media/media-source/media-source-fudge-factor.html

        Add a very simple playability metric to SourceBuffer. Track the number of seconds buffered
        and use that metric to determine whether the MediaSource has buffered enough data to play
        through.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::currentTime): Added simple accessor.
        (WebCore::MediaSource::monitorSourceBuffers): Replace the functor-based iterators with lambdas.
        (WebCore::MediaSource::addSourceBuffer): Drive-by fix; only add new source buffers to the
            activeSourceBuffers list if those buffers are actually active.
        * Modules/mediasource/MediaSource.h:
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::SourceBuffer): Initialize new ivars.
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample): Measure the number of seconds buffered.
        (WebCore::SourceBuffer::monitorBufferingRate): Use a simple Exponential moving average to
            track the buffering rate.
        (WebCore::SourceBuffer::hasCurrentTime): Return true if the current time is within 1/24 s
            of a buffered range.
        (WebCore::SourceBuffer::hasFutureTime): Moved from MediaSource.
        (WebCore::SourceBuffer::canPlayThrough): Return true if the buffering rate is > 1s per
            second, or if the rate is sufficient to keep up over the remaining time.
        * Modules/mediasource/SourceBuffer.h:

2014-03-03  Bear Travis  <betravis@adobe.com>

        [CSS Shapes] Serialize circle positions
        https://bugs.webkit.org/show_bug.cgi?id=129404

        Reviewed by Dirk Schulze.

        Circle positions should always be present when serialized, and should
        only have the 2 or 4-valued form. Keywords are converted to percentages
        and simplified where possible. This patch adds some additional processing
        that converts the parsed position into the serialized format, before
        converting it to text. See http://dev.w3.org/csswg/css-shapes/#basic-shape-serialization.

        Updated existing parsing tests.

        * css/CSSBasicShapes.cpp:
        (WebCore::serializePositionOffset): Convert a position offset to a serialized string.
        The offset must be a pair, as generated by buildSerializablePositionOffset.
        (WebCore::buildSerializablePositionOffset): Generates a keyword + offset pair for each
        position offset. The keywords may later be dropped during serialization.
        (WebCore::CSSBasicShapeCircle::cssText): Use the new serialization methods.

2014-03-03  Lorenzo Tilve  <ltilve@igalia.com>

        Optimize StylePropertiesSet::findPropertyIndex() to improve CSS properties performance
        https://bugs.webkit.org/show_bug.cgi?id=129605

        Reviewed by Andreas Kling.

        Merged from Blink (patch by Mikhail Pozdnyakov):
        https://src.chromium.org/viewvc/blink?view=revision&revision=167325

        Avoid checking whether 'StylePropertiesSet' is mutable and accesing directly to its
        data members to achieve performance improvements

        Before the optimization applied:
            mean: 3064.8337171934063 runs/s
            median: 3097.5899379343855 runs/s
            stdev: 66.89274074044187 runs/s
            min: 2891.7479324362585 runs/s
            max: 3113.288683440125 runs/s

        After the optimization applied:
            mean: 3343.8356114138105 runs/s
            median: 3356.25682957446 runs/s
            stdev: 36.297533087489036 runs/s
            min: 3238.5468032264243 runs/s
            max: 3368.664837531425 runs/s

        Performance gain for the average value is approx. 9.1%, in the
        range of the 10% - 8.2% for the min and max measured
        values (Linux desktop x64).

        * css/StyleProperties.cpp:
        (WebCore::ImmutableStyleProperties::findPropertyIndex):
        (WebCore::MutableStyleProperties::findPropertyIndex):
        * css/StyleProperties.h:
        (WebCore::toMutableStyleProperties):
        (WebCore::toImmutableStyleProperties):
        (WebCore::StyleProperties::findPropertyIndex):

2014-03-03  Brian Burg  <bburg@apple.com>

        Unreviewed build fix for Windows after r164986.

        * WebCore.vcxproj/build-generated-files.sh: Export WebReplayScripts
        so that the build system knows how to find CodeGeneratorReplayInputs.py.

2014-03-03  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] Overset computation is incorrect in some cases
        https://bugs.webkit.org/show_bug.cgi?id=129032

        Reviewed by Mihnea Ovidenie.

        This patch reworks the way overset is computed for regions and named flows.

        1. Regions overflow no longer trigger an overset changed event. This is because
        the overflow of a box is contained within the region range of the box. The content
        edge should be considered the logical bottom position of the content inside the
        flow thread.

        2. The regions events logic was moved from RenderFlowThread to RenderNamedFlowThread
        and from RenderRegion to RenderNamedFlowFragment (including the regionOverset property).

        3. The overset value of the named flow is no longer stored in the named flow. It is
        extracted from the overset of the last region in the chain.

        4. The regions overset is not computed every time the flow thread is laid out which
        should improve performance for flows with many regions. With the patch, each region
        computes the overset value during its layout when the flow thread is in the overflow
        or the final layout phase.

        5. The overset changed event is dispatched only at the end of the layout of the named flows,
        after all the region overset changes have been considered. This means that the overset
        event can't be dispatched in the middle of the auto-height processing algorithm that
        requires multiple layout passes for the flow threads.

        However, the region layout update event dispatch timing was not changed, it is dispatched
        every time the flow thread has a layout. This preserves the current behavior of the event.

        Tests: The old tests were modified to take into account the change.

        * dom/Element.cpp:
        (WebCore::Element::webkitRegionOverset):
        * dom/WebKitNamedFlow.cpp:
        (WebCore::WebKitNamedFlow::overset):
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::buildArrayForRegions):
        * rendering/FlowThreadController.cpp:
        (WebCore::FlowThreadController::updateFlowThreadsIntoMeasureContentPhase):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::computeOverflow):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::RenderFlowThread):
        (WebCore::RenderFlowThread::layout):
        * rendering/RenderFlowThread.h:
        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::layoutBlock):
        (WebCore::RenderNamedFlowFragment::setRegionOversetState):
        (WebCore::RenderNamedFlowFragment::regionOversetState):
        (WebCore::RenderNamedFlowFragment::updateOversetState):
        * rendering/RenderNamedFlowFragment.h:
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::RenderNamedFlowThread):
        (WebCore::RenderNamedFlowThread::computeOverflow):
        (WebCore::RenderNamedFlowThread::layout):
        (WebCore::RenderNamedFlowThread::dispatchNamedFlowEvents):
        (WebCore::RenderNamedFlowThread::dispatchRegionLayoutUpdateEventIfNeeded):
        (WebCore::RenderNamedFlowThread::dispatchRegionOversetChangeEventIfNeeded):
        * rendering/RenderNamedFlowThread.h:
        There's a new field called m_flowContentBottom that tracks the content bottom of the flow thread
        after layout. This value is used to compute the overset value of the regions because it's not
        affected by relative positioning or visual overflow such as shadows.
        * rendering/RenderRegion.cpp:
        * rendering/RenderRegion.h:

2014-03-03  Tomas Popela  <tpopela@redhat.com>

        [GTK] CodeGeneratorGObject.pm remove usage of undefined variable
        https://bugs.webkit.org/show_bug.cgi?id=129602

        Reviewed by Martin Robinson.

        Remove usage of undefined variable hdrPropIncludes in CodeGeneratorGObject.pm

        * bindings/scripts/CodeGeneratorGObject.pm:
        (WriteData):

2014-03-03  Brian Burg  <bburg@apple.com>

        Web Replay: upstream input storage, capture/replay machinery, and inspector domain
        https://bugs.webkit.org/show_bug.cgi?id=128782

        Reviewed by Timothy Hatcher, Joseph Pecoraro, and Andreas Kling.

        No new tests yet, as they rely on infrastructure tracked in https://webkit.org/b/129190.

        Replayable executions are organized into ReplaySessions, which can
        contain several ReplaySessionSegments that divide overall execution
        at main frame navigation boundaries. NondeterministicInput subclasses
        are stored in SegmentedInputStorage according to the input's InputQueue.

        Capture and playback are controlled at the page granularity by the Page's
        ReplayController. The controller knows how to create new segments, replay to
        arbitrary positions in the ReplaySession, and track the active InputCursor.

        The capturing and replaying input cursor subclasses encapsulate state for
        storing new inputs and loading/dispatching saved inputs, respectively.

        The ReplayAgent and associated inspector protocol domain is the friendly
        public API for programmatically capturing and replaying sessions.

        * DerivedSources.make: Add replay inputs code generation target. Add the
        replay domain specification to the list of inspector domains.

        * ForwardingHeaders/replay/EncodedValue.h: Added.
        * WebCore.xcodeproj/project.pbxproj: Add many files, and export
        `WebReplayScripts` environment variable to DerivedSources.make.

        * inspector/InspectorController.cpp: Add the replay agent.
        (WebCore::InspectorController::InspectorController):

        * inspector/InspectorInstrumentation.cpp:
        Add events for segment lifecycle events, and loading/unloading of sessions
        and segments, and capture/replay progress events. The replay controller
        also needs to know about detached and committed frames.

        (WebCore::InspectorInstrumentation::frameDetachedFromParentImpl):
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):
        (WebCore::InspectorInstrumentation::sessionCreatedImpl):
        (WebCore::InspectorInstrumentation::sessionLoadedImpl):
        (WebCore::InspectorInstrumentation::sessionModifiedImpl):
        (WebCore::InspectorInstrumentation::segmentCreatedImpl):
        (WebCore::InspectorInstrumentation::segmentCompletedImpl):
        (WebCore::InspectorInstrumentation::segmentLoadedImpl):
        (WebCore::InspectorInstrumentation::segmentUnloadedImpl):
        (WebCore::InspectorInstrumentation::captureStartedImpl):
        (WebCore::InspectorInstrumentation::captureStoppedImpl):
        (WebCore::InspectorInstrumentation::playbackStartedImpl):
        (WebCore::InspectorInstrumentation::playbackPausedImpl):
        (WebCore::InspectorInstrumentation::playbackHitPositionImpl):
        (WebCore::InspectorInstrumentation::replayAgentEnabled):
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::replayAgentEnabled):
        (WebCore::InspectorInstrumentation::sessionCreated):
        (WebCore::InspectorInstrumentation::sessionLoaded):
        (WebCore::InspectorInstrumentation::sessionModified):
        (WebCore::InspectorInstrumentation::segmentCreated):
        (WebCore::InspectorInstrumentation::segmentCompleted):
        (WebCore::InspectorInstrumentation::segmentLoaded):
        (WebCore::InspectorInstrumentation::segmentUnloaded):
        (WebCore::InspectorInstrumentation::captureStarted):
        (WebCore::InspectorInstrumentation::captureStopped):
        (WebCore::InspectorInstrumentation::playbackStarted):
        (WebCore::InspectorInstrumentation::playbackPaused):
        (WebCore::InspectorInstrumentation::playbackHitPosition):

        * inspector/InspectorReplayAgent.cpp: Added.
        (WebCore::buildInspectorObjectForPosition):
        (WebCore::buildInspectorObjectForInput):
        (WebCore::buildInspectorObjectForSession):
        (WebCore::SerializeInputToJSONFunctor::SerializeInputToJSONFunctor):
        (WebCore::SerializeInputToJSONFunctor::~SerializeInputToJSONFunctor):
        (WebCore::SerializeInputToJSONFunctor::operator()):
        (WebCore::SerializeInputToJSONFunctor::returnValue):
        (WebCore::buildInspectorObjectForSegment):
        (WebCore::InspectorReplayAgent::InspectorReplayAgent):
        (WebCore::InspectorReplayAgent::~InspectorReplayAgent):
        (WebCore::InspectorReplayAgent::sessionState):
        (WebCore::InspectorReplayAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorReplayAgent::willDestroyFrontendAndBackend):
        (WebCore::InspectorReplayAgent::frameNavigated):
        (WebCore::InspectorReplayAgent::frameDetached):
        (WebCore::InspectorReplayAgent::sessionCreated):
        (WebCore::InspectorReplayAgent::sessionModified):
        (WebCore::InspectorReplayAgent::sessionLoaded):
        (WebCore::InspectorReplayAgent::segmentCreated):
        (WebCore::InspectorReplayAgent::segmentCompleted):
        (WebCore::InspectorReplayAgent::segmentLoaded):
        (WebCore::InspectorReplayAgent::segmentUnloaded):
        (WebCore::InspectorReplayAgent::captureStarted):
        (WebCore::InspectorReplayAgent::captureStopped):
        (WebCore::InspectorReplayAgent::playbackStarted):
        (WebCore::InspectorReplayAgent::playbackPaused):
        (WebCore::InspectorReplayAgent::playbackHitPosition):
        (WebCore::InspectorReplayAgent::startCapturing):
        (WebCore::InspectorReplayAgent::stopCapturing):
        (WebCore::InspectorReplayAgent::replayToPosition):
        (WebCore::InspectorReplayAgent::replayToCompletion):
        (WebCore::InspectorReplayAgent::pausePlayback):
        (WebCore::InspectorReplayAgent::cancelPlayback):
        (WebCore::InspectorReplayAgent::switchSession):
        (WebCore::InspectorReplayAgent::insertSessionSegment):
        (WebCore::InspectorReplayAgent::removeSessionSegment):
        Provide a public API for modifying sessions. This is the backend support
        for user editing of replay sessions to add/remove specific segments.

        (WebCore::InspectorReplayAgent::findSession):
        (WebCore::InspectorReplayAgent::findSegment):
        (WebCore::InspectorReplayAgent::getAvailableSessions):
        (WebCore::InspectorReplayAgent::getSerializedSession):
        (WebCore::InspectorReplayAgent::getSerializedSegment):
        Most of the replay protocol domain speaks in terms of sesssion and
        segment identifiers. These functions return the actual data associated
        with these identifiers.

        * inspector/InspectorReplayAgent.h: Added.
        * inspector/InstrumentingAgents.cpp:
        (WebCore::InstrumentingAgents::InstrumentingAgents):
        (WebCore::InstrumentingAgents::reset):
        * inspector/InstrumentingAgents.h:
        (WebCore::InstrumentingAgents::inspectorReplayAgent): Added.
        (WebCore::InstrumentingAgents::setInspectorReplayAgent): Added.
        * inspector/protocol/Replay.json: Added.

        * page/Page.cpp:
        (WebCore::Page::Page):
        * page/Page.h:
        (WebCore::Page::replayController): Added.
        * platform/Logging.h: Add WebReplay logging channel.
        * replay/AllReplayInputs.h: Added. Simplifies importing all input definitions.

        * replay/CapturingInputCursor.cpp: Added.
        (WebCore::CapturingInputCursor::CapturingInputCursor):
        (WebCore::CapturingInputCursor::~CapturingInputCursor):
        (WebCore::CapturingInputCursor::create):
        (WebCore::CapturingInputCursor::storeInput):
        (WebCore::CapturingInputCursor::loadInput):
        (WebCore::CapturingInputCursor::uncheckedLoadInput):
        * replay/CapturingInputCursor.h: Added.

        * replay/EventLoopInput.h:
        (WebCore::EventLoopInputBase::EventLoopInputBase):
        (WebCore::EventLoopInputBase::timestamp):
        (WebCore::EventLoopInputBase::setTimestamp): Support deserialization.

        * replay/EventLoopInputDispatcher.cpp: Added. This class encapsulates the timers
        and measurements used to dispatch event loop inputs during replay.

        (WebCore::EventLoopInputDispatcher::EventLoopInputDispatcher):
        (WebCore::EventLoopInputDispatcher::run):
        (WebCore::EventLoopInputDispatcher::pause):
        (WebCore::EventLoopInputDispatcher::timerFired):
        (WebCore::EventLoopInputDispatcher::dispatchInputSoon):
        (WebCore::EventLoopInputDispatcher::dispatchInput):
        * replay/EventLoopInputDispatcher.h: Added.
        (WebCore::EventLoopInputDispatcherClient::EventLoopInputDispatcherClient):
        (WebCore::EventLoopInputDispatcherClient::~EventLoopInputDispatcherClient):

        * replay/FunctorInputCursor.h: Added.
        (WebCore::FunctorInputCursor::~FunctorInputCursor):
        (WebCore::FunctorInputCursor::forEachInputInQueue):
        (WebCore::FunctorInputCursor::FunctorInputCursor):
        (WebCore::FunctorInputCursor::storeInput):
        (WebCore::FunctorInputCursor::loadInput):
        (WebCore::FunctorInputCursor::uncheckedLoadInput):

        * replay/ReplayController.cpp: Added.
        (WebCore::ReplayController::ReplayController):
        (WebCore::ReplayController::switchSession):
        (WebCore::ReplayController::createSegment):
        (WebCore::ReplayController::completeSegment):
        (WebCore::ReplayController::loadSegment):
        (WebCore::ReplayController::unloadSegment):
        (WebCore::ReplayController::startCapturing):
        (WebCore::ReplayController::stopCapturing):
        (WebCore::ReplayController::startPlayback):
        (WebCore::ReplayController::pausePlayback):
        (WebCore::ReplayController::cancelPlayback):
        (WebCore::ReplayController::replayToPosition):
        (WebCore::ReplayController::frameDetached):
        (WebCore::ReplayController::frameNavigated):
        (WebCore::ReplayController::loadedSession):
        (WebCore::ReplayController::loadedSegment):
        (WebCore::ReplayController::activeInputCursor):
        (WebCore::ReplayController::dispatcher):
        (WebCore::ReplayController::willDispatchInput):
        (WebCore::ReplayController::didDispatchInput):
        (WebCore::ReplayController::didDispatchFinalInput):
        * replay/ReplayController.h: Added.
        (WebCore::ReplayPosition::ReplayPosition):
        (WebCore::ReplayPosition::operator<):
        (WebCore::ReplayPosition::operator==):

        * replay/ReplayInputCreationMethods.cpp: Added.
        Static factory implementations for inputs belong here.
        (WebCore::InitialNavigation::createFromPage):

        * replay/ReplayInputDispatchMethods.cpp: Added.
        All dispatch() implementations for generated replay inputs belong here.
        (WebCore::BeginSegmentSentinel::dispatch):
        (WebCore::EndSegmentSentinel::dispatch):
        (WebCore::InitialNavigation::dispatch):

        * replay/ReplayInputTypes.cpp:
        (WebCore::ReplayInputTypes::ReplayInputTypes):
        * replay/ReplayInputTypes.h: Define strings for WebCore inputs.

        * replay/ReplaySession.cpp: Added.
        (WebCore::ReplaySession::create):
        (WebCore::ReplaySession::ReplaySession):
        (WebCore::ReplaySession::~ReplaySession):
        (WebCore::ReplaySession::appendSegment):
        (WebCore::ReplaySession::insertSegment):
        (WebCore::ReplaySession::removeSegment):
        * replay/ReplaySession.h: Added.
        (WebCore::ReplaySession::identifier):
        (WebCore::ReplaySession::timestamp):
        (WebCore::ReplaySession::size):
        (WebCore::ReplaySession::at):
        (WebCore::ReplaySession::begin):
        (WebCore::ReplaySession::end):

        * replay/ReplaySessionSegment.cpp: Added.
        (WebCore::ReplaySessionSegment::create):
        (WebCore::ReplaySessionSegment::ReplaySessionSegment):
        (WebCore::ReplaySessionSegment::~ReplaySessionSegment):
        (WebCore::ReplaySessionSegment::createCapturingCursor):
        (WebCore::ReplaySessionSegment::createReplayingCursor):
        (WebCore::ReplaySessionSegment::createFunctorCursor):
        * replay/ReplaySessionSegment.h: Added.
        (WebCore::ReplaySessionSegment::identifier):
        (WebCore::ReplaySessionSegment::timestamp):

        * replay/ReplayingInputCursor.cpp: Added.
        (WebCore::ReplayingInputCursor::ReplayingInputCursor):
        (WebCore::ReplayingInputCursor::~ReplayingInputCursor):
        (WebCore::ReplayingInputCursor::create):
        (WebCore::ReplayingInputCursor::storeInput):
        (WebCore::ReplayingInputCursor::loadInput):
        (WebCore::ReplayingInputCursor::uncheckedLoadInput):
        * replay/ReplayingInputCursor.h: Added.

        * replay/SegmentedInputStorage.cpp: Added.
        (WebCore::queueTypeToLogPrefix):
        (WebCore::jsonStringForInput):
        (WebCore::offsetForInputQueue):
        (WebCore::SegmentedInputStorage::SegmentedInputStorage):
        (WebCore::SegmentedInputStorage::~SegmentedInputStorage):
        (WebCore::SegmentedInputStorage::load):
        (WebCore::SegmentedInputStorage::store):
        (WebCore::SegmentedInputStorage::queueSize):
        * replay/SegmentedInputStorage.h: Added.

        * replay/SerializationMethods.cpp: Added.
        Specializations of EncodingTraits for WebCore types belong here.

        (JSC::EncodingTraits<NondeterministicInputBase>::encodeValue):
        (JSC::EncodingTraits<NondeterministicInputBase>::decodeValue):
        (JSC::EncodingTraits<SecurityOrigin>::encodeValue):
        (JSC::EncodingTraits<SecurityOrigin>::decodeValue):
        (JSC::EncodingTraits<URL>::encodeValue):
        (JSC::EncodingTraits<URL>::decodeValue):
        * replay/SerializationMethods.h: Added.
        * replay/WebInputs.json: Added.
        In this inital patch, we define BeginSegmentSentinel,
        EndSegmentSentinel, and InitialNavigation inputs.

2014-03-03  Antoine Quint  <graouts@webkit.org>

        Respect SVG fragment identifiers in <img> src attribute
        https://bugs.webkit.org/show_bug.cgi?id=129387

        Reviewed by Dirk Schulze.

        Following Dirk Schulze's suggestion, we set the URL on the SVGImage itself and handle the URL's
        fragment identifier at draw time in the SVGImage itself, which will provide a sounder base for
        handling of fragment identifier in SVG resource URLs in CSS properties, and should also deal
        with the crasher reported in http://webkit.org/b/129498 since there is a guaranteed Frame at the
        time we call SVGImage::draw().

        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::draw):
        * svg/graphics/SVGImage.h:
        * svg/graphics/SVGImageForContainer.cpp:
        * svg/graphics/SVGImageForContainer.h:

2014-03-03  Laszlo Vidacs  <lvidacs.u-szeged@partner.samsung.com>

        Move function calls outside loop in dom
        https://bugs.webkit.org/show_bug.cgi?id=126525

        Reviewed by Csaba Osztrogonác.

        Store the result of length() in a local variable and use it in each iteration.

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::isXMLMIMEType):
        * dom/ElementData.cpp:
        (WebCore::UniqueElementData::UniqueElementData):
        * dom/EventContext.cpp:
        (WebCore::TouchEventContext::checkReachability):

2014-03-03  Tomas Popela  <tpopela@redhat.com>

        [GTK] webkit_dom_range_compare_boundary_points fails when 0 is passed as how parameter
        https://bugs.webkit.org/show_bug.cgi?id=129145

        Reviewed by Carlos Garcia Campos.

        While generating GObject DOM API the generator should skip non pointer
        types while generating the g_return_val_if_fail macro.
        This will avoid the situation when Range.START_TO_START is defined as 0,
        thus the webkit_dom_range_compare_boundary_points function will fail
        everytime it is called with 0 as how value.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (GenerateFunction):

2014-03-03  Jozsef Berta  <jberta.u-szeged@partner.samsung.com>

        [cmake] *Names.cpp file should be regenerated after touching StaticString.pm
        https://bugs.webkit.org/show_bug.cgi?id=129031

        Reviewed by Csaba Osztrogonác.

        * CMakeLists.txt: Added make_names.pl dependencies: bindings/scripts/Hasher.pm and bindings/scripts/StaticString.pm

2014-03-03  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GTK] Multimedia controls captions icon needs its own metaphor
        https://bugs.webkit.org/show_bug.cgi?id=129091

        Reviewed by Martin Robinson.

        As we got the new icon created, we used it with a fallback to the
        old icon to keep run-time compatibility.

        No new tests, current ones suffice.

        * platform/gtk/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::paintMediaToggleClosedCaptionsButton):
        Replicated RenderThemeGtk::paintMediaButton to check for the
        necessary icon first and do the fallback to the old and stock
        icons.
        * platform/gtk/RenderThemeGtk2.cpp:
        (WebCore::getStockIconForWidgetType): Added ASSERT for non-empty
        icon name.
        (WebCore::getStockSymbolicIconForWidgetType): Check for non empty
        icon name before calling getStockIconForWidgetType. Fixed coding
        style.
        * platform/gtk/RenderThemeGtk3.cpp:
        (WebCore::getStockIconForWidgetType): Added ASSERT for non-empty
        icon name.
        (WebCore::getStockSymbolicIconForWidgetType): Check for non empty
        icon name before calling getStockIconForWidgetType. Fixed coding
        style.

2014-03-02  Benjamin Poulain  <benjamin@webkit.org>

        Add a fallback path for compiling the remaining attribute checkers
        https://bugs.webkit.org/show_bug.cgi?id=129580

        Reviewed by Darin Adler.

        The remaining attribute checkers appear to be less common than the simple value match.
        This patch adds them to SelectorCompiler for completeness but no attempt is made at optimizing them,
        they all default to function calls.

        If the assumption that those selectors are not common turn out to be incorrect, we should see
        the function calls in profiles and optimize them as needed.

        * css/SelectorChecker.cpp:
        (WebCore::attributeValueMatches):
        If we get anything but attribute match here, something has gone horribly wrong. Update the code
        to fail if that were to happen.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
        Add the missing match type to the selector fragment.

        Begin, End, Contain cannot match an empty value per specification. We can test that at compile time
        and fail immediately. See http://www.w3.org/TR/css3-selectors/#attribute-substrings

        List has the extra requirement that a value containing a space does not match anything. It also cannot
        match with an empty string. See http://www.w3.org/TR/css3-selectors/#attribute-representation

        (WebCore::SelectorCompiler::attributeValueBeginsWith):
        (WebCore::SelectorCompiler::attributeValueContains):
        (WebCore::SelectorCompiler::attributeValueEndsWith):
        (WebCore::SelectorCompiler::attributeValueMatchHyphenRule):
        (WebCore::SelectorCompiler::attributeValueSpaceSeparetedListContains):
        The slow fallbacks.

        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeValueMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeFunctionCallValueMatching):
        A generic code generator making function call to match an attribute value.

2014-02-25  Andreas Kling  <akling@apple.com>

        JSDOMWindow::commonVM() should return a reference.
        <https://webkit.org/b/129293>

        Since this function always returns a VM and never null, make it
        return a reference instead. There are more VM getters that never
        return null, but I tried to keep the patch from snowballing.

        Reviewed by Geoff Garen.

2014-03-02  Timothy Hatcher  <timothy@apple.com>

        Remove ASSERT in ~IDBRequest since it is firing during legitimate uses in Web Inspector.

        Adding the ASSERT back is tracked by https://webkit.org/b/129593.

        https://bugs.webkit.org/show_bug.cgi?id=129328

        Reviewed by Sam Weinig.

        * Modules/indexeddb/IDBRequest.cpp:
        (WebCore::IDBRequest::~IDBRequest):

2014-03-02  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r164961.
        http://trac.webkit.org/changeset/164961
        https://bugs.webkit.org/show_bug.cgi?id=129596

        Caused many assertion failures (Requested by ap on #webkit).

        * css/SelectorChecker.cpp:
        (WebCore::attributeValueMatches):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeValueMatching):

2014-03-02  Darin Adler  <darin@apple.com>

        Streamline use of TextIterator, cutting down includes and use of soon-to-be-deleted functions
        https://bugs.webkit.org/show_bug.cgi?id=129592

        Reviewed by Sam Weinig.

        * WebCore.exp.in: Re-sorted this file. Not sure how it got unsorted.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::stringForVisiblePositionRange): Call TextIterator::text
        instead of TextIterator::length. Also removed unneeded special case for empty string
        and exception code.
        (WebCore::AccessibilityObject::lengthForVisiblePositionRange): Ditto.

        * accessibility/AccessibilityObject.h: Include TextIteratorBehavior.h instead of
        TextIterator.h.

        * accessibility/AccessibilityRenderObject.cpp: Include TextIterator.h.

        * accessibility/mac/WebAccessibilityObjectWrapperBase.mm: Removed unneeded
        TextIterator.h include.

        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper doAXAttributedStringForTextMarkerRange:]): Call
        TextIterator::text instead of TextIterator::length.

        * dom/Element.cpp: Include TextIterator.h.

        * dom/Node.cpp: Include Range.h.

        * dom/Position.cpp:
        (WebCore::Position::isCandidate): Cast to RenderBlockFlow since that's what the
        type check above does. Use a return statement instead of an else for better flow.
        (WebCore::Position::leadingWhitespacePosition): Call
        deprecatedIsCollapsibleWhitespace by its new name (newly deprecated).
        (WebCore::Position::trailingWhitespacePosition): Ditto.

        * dom/Range.cpp:
        (WebCore::Range::firstNode): Added a FIXME about code that clearly does not
        belong. This is something we really need to fix.

        * editing/AlternativeTextController.cpp: Include TextIterator.h.
        * editing/ApplyStyleCommand.cpp: Ditto.

        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::prepareWhitespaceAtPositionForSplit): Call
        deprecatedIsCollapsibleWhitespace by its new name (newly deprecated).

        * editing/Editor.h: Include TextIteratorBehavior.h instead of TextIterator.h.

        * editing/HTMLInterchange.cpp:
        (WebCore::convertHTMLTextToInterchangeFormat): Call
        deprecatedIsCollapsibleWhitespace by its new name (newly deprecated).

        * editing/SpellingCorrectionCommand.cpp: Include TextIterator.h.

        * editing/TextIterator.h: Moved isCollapsibleWhitespace from here into
        htmlediting.h and renamed it deprecatedIsCollapsibleWhitespace.

        * editing/TextIterator.cpp: Call
        deprecatedIsCollapsibleWhitespace by its new name (newly deprecated).

        * editing/TypingCommand.cpp: Include TextIterator.h.

        * editing/VisibleUnits.cpp:
        (WebCore::previousBoundary): Call TextIterator::text instead of
        TextIterator::length.
        (WebCore::nextBoundary): Ditto.

        * editing/htmlediting.cpp: Include TextIterator.h.

        * editing/htmlediting.h: Removed non-helpful section comments.
        Added FIXME about isWhitespace. Added deprecatedIsCollapsibleWhitespace,
        formerly not deprecated and in TextIterator.h.

        * editing/markup.cpp: Include TextIterator.h.

        * html/HTMLTextAreaElement.cpp: Include TextIterator.h.

        * page/ContextMenuController.cpp:
        (WebCore::selectionContainsPossibleWord): Call TextIterator::text
        instead of TextIterator::length and TextIterator::characterAt.

        * page/EventHandler.cpp: Sorted conditional includes alphabetically by condition.

        * platform/mac/HTMLConverter.mm:
        (+[WebHTMLConverter editingAttributedStringFromRange:]): Call TextIterator::text
        instead of TextIterator::length.

2014-03-02  Benjamin Poulain  <benjamin@webkit.org>

        Add a fallback path for compiling the remaining attribute checkers
        https://bugs.webkit.org/show_bug.cgi?id=129580

        Reviewed by Darin Adler.

        The remaining attribute checkers appear to be less common than the simple value match.
        This patch adds them to SelectorCompiler for completeness but no attempt is made at optimizing them,
        they all default to function calls.

        If the assumption that those selectors are not common turn out to be incorrect, we should see
        the function calls in profiles and optimize them as needed.

        * css/SelectorChecker.cpp:
        (WebCore::attributeValueMatches):
        If we get anything but attribute match here, something has gone horribly wrong. Update the code
        to fail if that were to happen.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
        Add the missing match type to the selector fragment.

        Begin, End, Contain cannot match an empty value per specification. We can test that at compile time
        and fail immediately. See http://www.w3.org/TR/css3-selectors/#attribute-substrings

        List has the extra requirement that a value containing a space does not match anything. It also cannot
        match with an empty string. See http://www.w3.org/TR/css3-selectors/#attribute-representation

        (WebCore::SelectorCompiler::attributeValueBeginsWith):
        (WebCore::SelectorCompiler::attributeValueContains):
        (WebCore::SelectorCompiler::attributeValueEndsWith):
        (WebCore::SelectorCompiler::attributeValueMatchHyphenRule):
        (WebCore::SelectorCompiler::attributeValueSpaceSeparetedListContains):
        The slow fallbacks.

        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeValueMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeFunctionCallValueMatching):
        A generic code generator making function call to match an attribute value.

2014-03-02  Darin Adler  <darin@apple.com>

        Fix build for case-sensitive file systems.

        * platform/UserActivity.h: Runloop -> RunLoop.

2014-03-02  Gavin Barraclough  <barraclough@apple.com>

        HysteresisTimer should use WebCore::Timer
        https://bugs.webkit.org/show_bug.cgi?id=129587

        Reviewed by Sam Weinig.

        * platform/HysteresisActivity.h:
        (WebCore::HysteresisActivity::HysteresisActivity):
        (WebCore::HysteresisActivity::hysteresisTimerFired):
            - RunLoop::Timer -> WebCore::Timer.
        * platform/UserActivity.h:

2014-03-02  Darin Adler  <darin@apple.com>

        Split TextIteratorBehavior into a separate header
        https://bugs.webkit.org/show_bug.cgi?id=129578

        Reviewed by Sam Weinig.

        This is in preparation to greatly cut down on includes of TextIterator.h.

        * GNUmakefile.list.am: Added new header.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.

         * editing/FindOptions.h: Changed typedef to unsigned char;
        there is no reason to store these in a 32-bit integer.

         * editing/TextIterator.h: Added include of TextIteratorBehavior.h
        and moved comments about the meanings of flag bits to their definition.

        * editing/TextIteratorBehavior.h: Added.

        * WebCore.exp.in: Updated for type changes.

2014-03-02  Enrica Casucci  <enrica@apple.com>

        [iOS WebKit2] Form controls handling
        https://bugs.webkit.org/show_bug.cgi?id=129344
        <rdar://problem/16053643>

        Reviewed by Simon Fraser.

        Updates localizable strings and adds some exports.

        * English.lproj/Localizable.strings:
        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:

2014-03-02  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] Pages using tiled compositing layers allocate too many tiles on zoom
        https://bugs.webkit.org/show_bug.cgi?id=129471

        Reviewed by Simon Fraser.

        A few issues with TileController were causing sublayers of the root layers
        to tile incorrect surfaces on zoom.

        First, the exposedRect API was not updating the sublayers. The layers go correctly
        into tiling mode, but the tiles cover the full document instead of the visible area.

        The other major issue was the margins being applied to the coverage size in document
        coordinates. Since each margin is 512px, the total coverage size after zoom was
        gigantic.

        To solve this, this patch switch from the exposedRect API to the generic concept
        of VisibleExtentContentRect introduced for iOS WebKit1.

        * WebCore.exp.in:
        * platform/ScrollView.h:
        Define a VisibleExtentContentRect on the scrollview itself when there is no
        platformWidget().
        The case with inside frame is untested due to stability issues :(.
        (see <rdar://problem/16199219>)

        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::computeTileCoverageRect):
        Remove the margin from the tile coverage.

        On iOS, m_tileCoverage is always zero at the moment. Previously, the tile coverage
        was artificially extended by the margins. With the margins removed, I temporarily added
        a factor of 1.5.
        ViewUpdateDispatcher has all the information to compute a great tile coverage, I will need
        a follow up patch to fix that.

        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::visibleExtentContentRect):
        (WebCore::ScrollView::setVisibleExtentContentRect):

2014-03-02  Darin Adler  <darin@apple.com>

        Sort Mac platform export files so they merge better
        https://bugs.webkit.org/show_bug.cgi?id=129581

        Reviewed by Sam Weinig.

        * WebCore.exp.in: Ran the new sort-export-file on this.

2014-03-02  Dean Jackson  <dino@apple.com>

        Add protected casting to FilterOperation classes.
        https://bugs.webkit.org/show_bug.cgi?id=124062

        Reviewed by Sam Weinig.

        Use the type cast macro generators to produce some toFilterOperation-style
        functions, and then use them in our PlatformCA filter code.

        Test: css3/filters/animation-from-initial-values-with-color-matrix.html

        * platform/graphics/ca/mac/PlatformCAFiltersMac.mm: Use the toFilterOperation methods, in
        some cases removing the unnecessary double cast.
        (PlatformCAFilters::filterValueForOperation):
        (PlatformCAFilters::colorMatrixValueForFilter):
        * platform/graphics/filters/FilterOperation.cpp:
        (WebCore::BasicColorMatrixFilterOperation::blend):
        (WebCore::BasicColorMatrixFilterOperation::operator==): Move this to the .cpp file so it can use the casting methods.
        (WebCore::BasicComponentTransferFilterOperation::blend):
        (WebCore::BasicComponentTransferFilterOperation::operator==): Ditto.
        * platform/graphics/filters/FilterOperation.h: Add the casting macros.

2014-03-02  Yoav Weiss  <yoav@yoav.ws>

        Fix srcset related bugs
        https://bugs.webkit.org/show_bug.cgi?id=129539

        Fixed a bug reported against Blink's srcset implementation at https://code.google.com/p/chromium/issues/detail?id=347998
        When both src and srcset had only 1x descriptors and the DPR was higher than 1, the src's resource was picked.

        Also fixed the invalid descriptor handling, which wasn't aligned with the spec, and therefore was not as forward compatible as it should be.
        Invalid descriptors caused the entire resource to be ignored, rather than just the descriptors themselves.

        Reviewed by Andreas Kling.

        Tests: fast/hidpi/image-srcset-invalid-descriptor.html
               fast/hidpi/image-srcset-src-selection-1x-both.html

        * html/parser/HTMLParserIdioms.cpp:
        (WebCore::parseDescriptors):
        (WebCore::parseImagesWithScaleFromSrcsetAttribute):
        (WebCore::bestFitSourceForImageAttributes):

2014-03-01  Gavin Barraclough  <barraclough@apple.com>

        Split UserActivity, simplify PageThrottler
        https://bugs.webkit.org/show_bug.cgi?id=129551

        Reviewed by Darin Adler.

        The class UserActivity currently implements two things – a hysteresis mechanism, and
        an abstraction of NSActivity controlled by that mechanism. PageThrottler implements
        its own hysteresis mechanism, which directly controls DOM timer throttling and also
        controls a couple of UserActivities, giving a total of 3 separate hysteresis mechanisms,
        layered two deep.

        Split UserActivity into three, with HysteresisActivity implementing an abstract hysteresis
        mechanism, UserActivity::Impl controlling the NSActivity, and then UserActivity combining
        these two back together. The interface to UserActivity is unchanged.

        Remove PageThrottler's bespoke hysteresis, replacing it with a use of HysteresisActivity.
        Replace the two UserActivities with a single UserActivity::Impl, so there are no longer
        layered hysteresis mechanisms.

        * WebCore.exp.in:
            - exports changed.
        * WebCore.xcodeproj/project.pbxproj:
            - added HysteresisActivity.h.
        * page/PageThrottler.cpp:
        (WebCore::PageThrottler::PageThrottler):
            - if the page starts visible, begin activity. If it starts hidden throttle DOM timers.
        (WebCore::PageThrottler::hiddenPageDOMTimerThrottlingStateChanged):
            - when the DOM timer throttling setting changes, make sure we update.
        (WebCore::PageThrottler::incrementActivityCount):
        (WebCore::PageThrottler::decrementActivityCount):
            - when m_activityCount changes update the hysteresis state.
        (WebCore::PageThrottler::updateHysteresis):
        (WebCore::PageThrottler::setViewState):
            - when IsVisuallyIdle changes update the hysteresis state.
        (WebCore::PageThrottler::started):
        (WebCore::PageThrottler::stopped):
            - callbacks from HysteresisActivity, these control m_activity and DOM timer throttling.
        * page/PageThrottler.h:
        (WebCore::PageThrottler::didReceiveUserInput):
        (WebCore::PageThrottler::pluginDidEvaluate):
            - call impulse to temporarily enable the activity.
        * platform/HysteresisActivity.h: Copied from Source/WebCore/platform/UserActivity.h.
        (WebCore::HysteresisActivity::HysteresisActivity):
            - constructor takes a delegate optionally a timeout.
        (WebCore::HysteresisActivity::start):
            - start activity immediately. If stopped, call started method on delegate. If in timeout period, cancel the timer.
        (WebCore::HysteresisActivity::stop):
            - stop activity after hysteresis. If started, initiate timeout period.
        (WebCore::HysteresisActivity::impulse):
            - ensure activity for at least the timeout period.
        (WebCore::HysteresisActivity::hysteresisTimerFired):
            - delayed stop - when the timer fires call stopped on the delegate.
        * platform/UserActivity.cpp:
        (WebCore::UserActivity::Impl::Impl):
        (WebCore::UserActivity::Impl::beginActivity):
        (WebCore::UserActivity::Impl::endActivity):
            - nop implementation.
        (WebCore::UserActivity::UserActivity):
            - UserActivity maintains existing interface with hysteresis.
        (WebCore::UserActivity::started):
        (WebCore::UserActivity::stopped):
            - callbacks from HysteresisTimer; forward to Impl.
        * platform/UserActivity.h:
        * platform/mac/UserActivityMac.mm:
        (WebCore::UserActivity::Impl::Impl):
            - UserActivity::Impl, abstraction for NSActivity without added hysteresis.
        (WebCore::UserActivity::Impl::beginActivity):
            - allocate NSActivity.
        (WebCore::UserActivity::Impl::endActivity):
            - release NSActivity.

2014-03-02  Brian Burg  <bburg@apple.com>

        DocumentLoader should keep maps of ResourceLoaders instead of sets
        https://bugs.webkit.org/show_bug.cgi?id=129388

        Reviewed by Darin Adler.

        For web replay, we need to be able to pull a ResourceLoader instance by
        identifier from the DocumentLoader. This is easy to do if we convert
        ResourceLoaderSet to ResourceLoaderMap, keyed by the loader's identifier.

        Added assertions whenever adding or removing from the map to ensure
        that we don't try to add duplicates or resources with zero identifiers.

        No new tests required. No functionality was added.

        * loader/DocumentLoader.cpp:
        (WebCore::cancelAll):
        (WebCore::setAllDefersLoading):
        (WebCore::areAllLoadersPageCacheAcceptable):
        (WebCore::DocumentLoader::addSubresourceLoader):
        (WebCore::DocumentLoader::removeSubresourceLoader):
        (WebCore::DocumentLoader::addPlugInStreamLoader):
        (WebCore::DocumentLoader::removePlugInStreamLoader):
        (WebCore::DocumentLoader::subresourceLoaderFinishedLoadingOnePart):
        * loader/DocumentLoader.h:
        * loader/NetscapePlugInStreamLoader.cpp:
        (WebCore::NetscapePlugInStreamLoader::create): Only add the loader
        to the document loader's map if it initialized successfully.
        The old code was probably leaking resource loaders that failed to
        initialize.

        * loader/mac/DocumentLoaderMac.cpp:
        (WebCore::scheduleAll):
        (WebCore::unscheduleAll):

2014-03-02  Dirkjan Ochtman  <d.ochtman@activevideo.com>

        Support ENABLE_ENCRYPTED_MEDIA in cmake builds
        https://bugs.webkit.org/show_bug.cgi?id=129575

        Reviewed by Philippe Normand.

        No new tests, only fixes the build.

        * CMakeLists.txt:
        Add support for ENABLE_ENCRYPTED_MEDIA.
        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::close):
        Assign nullptr instead of 0 to OwnPtr to appease gcc-4.7.

2014-03-01  Tim Horton  <timothy_horton@apple.com>

        WebKit2 View Gestures (Smart Magnification): Support for iOS
        https://bugs.webkit.org/show_bug.cgi?id=129146
        <rdar://problem/16032668>

        Reviewed by Benjamin Poulain.

        * WebCore.exp.in:
        Add an export.

2014-03-01  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r164929 and r164934.
        http://trac.webkit.org/changeset/164929
        http://trac.webkit.org/changeset/164934
        https://bugs.webkit.org/show_bug.cgi?id=129570

        Caused assertions on two srcset tests (Requested by ap on
        #webkit).

        * html/parser/HTMLParserIdioms.cpp:
        (WebCore::isHTMLSpaceOrComma):
        (WebCore::parseImagesWithScaleFromSrcsetAttribute):
        (WebCore::bestFitSourceForImageAttributes):

2014-03-01  Dan Bernstein  <mitz@apple.com>

        Build fix.

        * html/parser/HTMLParserIdioms.cpp: Removed an unused function.

2014-03-01  David Kilzer  <ddkilzer@apple.com>

        Ensure keySplines is valid in SMIL animations
        <http://webkit.org/b/129547>
        <rdar://problem/15676128>

        Reviewed by Darin Adler.

        Merged from Blink (patch by Philip Rogers):
        https://src.chromium.org/viewvc/blink?revision=156452&view=revision
        http://crbug.com/276111

            This patch fixes a crash in SMIL animations when keySplines are not
            specified. The SMIL spec is clear on this:
            http://www.w3.org/TR/2001/REC-smil-animation-20010904/#AnimFuncCalcMode
            "If there are any errors in the keyTimes specification (bad values,
            too many or too few values), the animation will have no effect."

            This patch simply checks that keyTimes is not empty. Previously,
            splinesCount was set to be m_keySplines.size() + 1 in
            SVGAnimationElement.cpp; this patch changes splinesCount to be equal
            to m_keySplines.size() to make the logic easier to follow and to
            match other checks in SVGAnimationElement::startedActiveInterval.

        Test: svg/animations/animate-keysplines-crash.html

        * svg/SVGAnimationElement.cpp:
        (WebCore::SVGAnimationElement::startedActiveInterval):

2014-03-01  Benjamin Poulain  <benjamin@webkit.org>

        Tighten minimumRegisterRequirements()
        https://bugs.webkit.org/show_bug.cgi?id=129538

        Reviewed by Andreas Kling.

        Fix small things that made minimumRegisterRequirements() a little optimistic
        when dealing with attributes.

        Test: fast/selectors/adjacent-descendant-tail-register-requirement.html

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
        Attribute Set does not do value matching, the case sensitive value matching is irrelevant
        The problem is that flag is also used by minimumRegisterRequirements()
        to find if one more register is needed.

        Set the flag to case sensitive to avoid reserving one extra register.

        (WebCore::SelectorCompiler::minimumRegisterRequirements):
        Use a new backtrackingFlag to know if there is a descendant tail, thus a backtracking register
        reserved.
        This is better than using the backtracking action because the backtracking chain could be
        an adjacent chain inside a descendant chain.

        The flags are designed for that, just set one for minimumRegisterRequirements().

        The 2 extra registers for the attribute count and address become limited to all attributes
        except the last one. We don't keep a copy for the last matching, those registers were not needed.

        (WebCore::SelectorCompiler::SelectorCodeGenerator::computeBacktrackingInformation):

2014-03-01  Pratik Solanki  <psolanki@apple.com>

        [iOS] selectionImageForcingBlackText should return autoreleased object
        https://bugs.webkit.org/show_bug.cgi?id=129437
        <rdar://problem/15810384>

        Reviewed by Darin Adler.

        * bindings/objc/DOM.mm:
        (-[DOMRange renderedImageForcingBlackText:renderedImageForcingBlackText:]):

2014-03-01  Yoav Weiss  <yoav@yoav.ws>

        Fix srcset related bugs
        https://bugs.webkit.org/show_bug.cgi?id=129539

        Fixed a bug reported against Blink's srcset implementation at https://code.google.com/p/chromium/issues/detail?id=347998
        When both src and srcset had only 1x descriptors and the DPR was higher than 1, the src's resource was picked.

        Also fixed the invalid descriptor handling, which wasn't aligned with the spec, and therefore was not as forward compatible as it should be.
        Invalid descriptors caused the entire resource to be ignored, rather than just the descriptors themselves.

        Reviewed by Andreas Kling.

        Tests: fast/hidpi/image-srcset-invalid-descriptor.html
               fast/hidpi/image-srcset-src-selection-1x-both.html

        * html/parser/HTMLParserIdioms.cpp:
        (WebCore::parseDescriptors):
        (WebCore::parseImagesWithScaleFromSrcsetAttribute):
        (WebCore::bestFitSourceForImageAttributes):

2014-03-01  Darin Adler  <darin@apple.com>

        Improve "bad parent" and "bad child list" assertions in line boxes
        https://bugs.webkit.org/show_bug.cgi?id=125656

        Reviewed by Sam Weinig.

        My previous fix for this problem was incomplete. This continuation of that fix addresses
        the flaw in the original and adds additional lifetime checking so problems can be seen in
        debug builds without a memory debugger.

        * rendering/InlineBox.cpp:
        (WebCore::InlineBox::assertNotDeleted): Added. Poor man's memory debugging helper.
        (WebCore::InlineBox::~InlineBox): Refactored body into a new function named
        invalidateParentChildList. Added code to update the deletion sentinel to record
        that this object is deleted.
        (WebCore::InlineBox::setHasBadParent): Moved here from header since this debug-only
        feature does not need to be inlined. Added a call to assertNotDeleted.
        (WebCore::InlineBox::invalidateParentChildList): Added. Refactored from the destructor,
        this is used by RenderTextLineBoxes.

        * rendering/InlineBox.h: Added the deletion sentinel, and called it in the parent
        function. Also changed the expansion/setExpansion functions to use the type name "int",
        since we don't use the type name "signed" in the WebKit coding style.

        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::~InlineFlowBox): Call setHasBadChildList rather than doing the
        setHasBadParent work on children directly, to avoid code duplication.
        (WebCore::InlineFlowBox::setHasBadChildList): Moved here from header. Added code to set
        "has bad parent" on all children, something we previously did only on destruction. Also
        added assertNotDeleted.
        (WebCore::InlineFlowBox::checkConsistency): Added call to assertNotDeleted. Also tweaked
        code style and variable names a little bit.

        * rendering/InlineFlowBox.h: Moved setHasBadChildList out of the header when it's on.
        The empty version for ASSERT_WITH_SECURITY_IMPLICATION_DISABLED is still in the header.

        * rendering/RenderTextLineBoxes.cpp:
        (WebCore::RenderTextLineBoxes::invalidateParentChildLists): Call the new
        InlineBox::invalidateParentChildList function instead of calling setHasBadChildList directly.
        The new function checks m_hasBadParent, something we couldn't do here.

2014-03-01  Benjamin Poulain  <benjamin@webkit.org>

        Optimized querySelector(All) when selector contains #id
        https://bugs.webkit.org/show_bug.cgi?id=116502

        Reviewed by Andreas Kling.

        Test: fast/selectors/querySelector-id-filtering.html

        The idea of this patch is to perform querySelector on a subtree
        rooted at the last element with #id matching. For example, if we have the selector
        "#foobar div a", we start by looking for the element with ID foobar in the TreeScope
        cache, and start matching the children from there.

        The idea comes from Rune for
        https://chromium.googlesource.com/chromium/blink/+/1cd83d3588973a02ab15d94b1b05a28620853624
        but the code as diverged too much so it had to be reimplemented specifically for WebKit.

        * css/CSSSelectorList.cpp:
        (WebCore::CSSSelectorList::CSSSelectorList):
        (WebCore::CSSSelectorList::operator=):
        * css/CSSSelectorList.h:
        (WebCore::CSSSelectorList::~CSSSelectorList):
        * css/StyleRule.h:
        (WebCore::StyleRule::wrapperAdoptSelectorList):
        (WebCore::StyleRulePage::wrapperAdoptSelectorList):
        * dom/SelectorQuery.cpp:
        (WebCore::isSingleTagNameSelector):
        (WebCore::isSingleClassNameSelector):
        (WebCore::findIdMatchingType):
        (WebCore::SelectorDataList::SelectorDataList):
        (WebCore::filterRootById):
        (WebCore::SelectorDataList::executeCompiledSimpleSelectorChecker):
        (WebCore::SelectorDataList::execute):
        (WebCore::SelectorQuery::SelectorQuery):
        (WebCore::SelectorQueryCache::add):
        * dom/SelectorQuery.h:
        (WebCore::SelectorDataList::SelectorData::SelectorData):

2014-02-28  Alexey Proskuryakov  <ap@apple.com>

        Node::compareDocumentPosition leaks memory structure
        https://bugs.webkit.org/show_bug.cgi?id=120244

        Reviewed by Ryosuke Niwa.

        * dom/Node.cpp: (WebCore::Node::compareDocumentPosition): Don't do it.

2014-03-01  David Kilzer  <ddkilzer@apple.com>

        Fix lifetime handling of SVGPropertyTearOffs
        <http://webkit.org/b/129211>
        <rdar://problem/15696025>

        Reviewed by Maciej Stachowiak.

        Merged from Blink (patch by Ojan Vafai):
        https://src.chromium.org/viewvc/blink?revision=157801&view=revision
        http://crbug.com/288771

            -Replace SVGStaticPropertyWithParentTearOff with SVGMatrixTearOff
            since it's only used in that one place. This means we can get rid
            of the templatizing and the method pointer.
            -Change SVGPropertyTearOff to keep track of it's child tearoffs
            and call detachWrapper on its child tearoffs when it's destroyed
            or when it's wrapper is detached.
            -Have SVGPropertyTearOff hold WeakPtrs to the child tearoffs
            to avoid having a cycle.

        Test: svg/transforms/svg-matrix-tearoff-crash.html

        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/scripts/CodeGeneratorJS.pm:
        (NativeToJSValue):
        * svg/properties/SVGMatrixTearOff.h: Renamed from Source/WebCore/svg/properties/SVGStaticPropertyWithParentTearOff.h.
        (WebCore::SVGMatrixTearOff::create):
        (WebCore::SVGMatrixTearOff::commitChange):
        (WebCore::SVGMatrixTearOff::SVGMatrixTearOff):
        * svg/properties/SVGPropertyTearOff.h:
        (WebCore::SVGPropertyTearOff::addChild):
        (WebCore::SVGPropertyTearOff::detachChildren):

2014-03-01  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed build fix after r164913.

        * platform/CountedUserActivity.h: Some ports don't (yet) support forwarding headers for WebCore,
        so UserActivity.h should be included as non-forwarding.

2014-03-01  Gavin Barraclough  <barraclough@apple.com>

        Change PageActivityAssertionToken to use a WeakPtr
        https://bugs.webkit.org/show_bug.cgi?id=129526

        Reviewed by Sam Weinig.

        PageThrottler effectively implements a bespoke weak pointer mechanism; remove this & just use WeakPtr.

        * page/PageActivityAssertionToken.cpp:
        (WebCore::PageActivityAssertionToken::PageActivityAssertionToken):
        (WebCore::PageActivityAssertionToken::~PageActivityAssertionToken):
            - addActivityToken->incrementActivityCount, removeActivityToken->decrementActivityCount
        * page/PageActivityAssertionToken.h:
            - removed invalidate, made m_throttler a WeakPtr
        * page/PageThrottler.cpp:
        (WebCore::PageThrottler::PageThrottler):
            - initialize m_weakPtrFactory, m_activityCount.
        (WebCore::PageThrottler::~PageThrottler):
            - removed called to invalidate.
        (WebCore::PageThrottler::startThrottleHysteresisTimer):
            - m_activityTokens.size()->m_activityCount
        (WebCore::PageThrottler::throttleHysteresisTimerFired):
            - m_activityTokens.size()->m_activityCount
        (WebCore::PageThrottler::incrementActivityCount):
            - m_activityTokens.add->++
        (WebCore::PageThrottler::decrementActivityCount):
            - m_activityTokens.remove->--
        * page/PageThrottler.h:
        (WebCore::PageThrottler::weakPtr):
            - replaced HashSet with WeakPtrFactory & count.

2014-03-01  Gavin Barraclough  <barraclough@apple.com>

        Split UserActivity/CountedUserActivity
        https://bugs.webkit.org/show_bug.cgi?id=129520

        Reviewed by Sam Weinig.

        UserActivity currently provides an interface allowing counted, nested calls to enable/disable.
        In some cases it would be easier to use if it were a simpler boolean enabled/disabled interface.

        * WebCore.exp.in:
            - beginActivity->start, endActivity->stop.
        * WebCore.xcodeproj/project.pbxproj:
        * page/PageThrottler.cpp:
        (WebCore::PageThrottler::PageThrottler):
        (WebCore::PageThrottler::~PageThrottler):
        (WebCore::PageThrottler::throttlePage):
        (WebCore::PageThrottler::unthrottlePage):
        (WebCore::PageThrottler::setIsVisuallyIdle):
            - beginActivity->increment, endActivity->decrement.
        * page/PageThrottler.h:
            - UserActivity->CountedUserActivity for m_pageActivity
        * platform/CountedUserActivity.h: Copied from Source/WebCore/platform/UserActivity.h.
        (WebCore::CountedUserActivity::CountedUserActivity):
        (WebCore::CountedUserActivity::increment):
        (WebCore::CountedUserActivity::decrement):
            - Added, provides counted interface to UserActivity.
        * platform/UserActivity.cpp:
        (WebCore::UserActivity::UserActivity):
            - m_count removed
        (WebCore::UserActivity::start):
        (WebCore::UserActivity::stop):
            - beginActivity->start, endActivity->stop, implentation now empty.
        * platform/UserActivity.h:
            - beginActivity->start, endActivity->stop, m_count moved to HAVE(NS_ACTIVITY)
        * platform/mac/UserActivityMac.mm:
        (WebCore::UserActivity::UserActivity):
            - m_count->m_started
        (WebCore::UserActivity::isValid):
            - m_count->m_started
        (WebCore::UserActivity::start):
        (WebCore::UserActivity::stop):
            - beginActivity->start, endActivity->stop, no longer nest


2014-02-28  Benjamin Poulain  <benjamin@webkit.org>

        Caller saved registers can be accidentally discarded when clearing the local stack
        https://bugs.webkit.org/show_bug.cgi?id=129532

        Reviewed by Andreas Kling.

        Tests: fast/selectors/tree-modifying-case-insensitive-selectors.html
               fast/selectors/tree-modifying-selectors.html

        StackAllocator::discard() no longer make sense now that we can use caller saved regsiter.
        We should instead discard everything up to the beginning of the local stack.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
        * cssjit/StackAllocator.h:
        (WebCore::StackAllocator::popAndDiscardUpTo):

2014-02-28  Andy Estes  <aestes@apple.com>

        [iOS] FrameLoader has a NULL m_progressTracker when initialized with initForSynthesizedDocument()
        https://bugs.webkit.org/show_bug.cgi?id=129534

        Reviewed by Simon Fraser.

        No new tests because TestWebKitAPI does not yet support iOS. See <http://webkit.org/b/129535>.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::initForSynthesizedDocument): Create a FrameProgressTracker.

2014-02-28  Sam Weinig  <sam@webkit.org>

        ASSERT(isMainThread()) hit under platformUserPreferredLanguages() with WebKit1 and WebKit2 in the same process
        https://bugs.webkit.org/show_bug.cgi?id=129528

        Reviewed by Andreas Kling.

        * platform/mac/Language.mm:
        (WebCore::preferredLanguagesMutex):
        (WebCore::preferredLanguages):
        (+[WebLanguageChangeObserver languagePreferencesDidChange:]):
        (WebCore::httpStyleLanguageCode):
        (WebCore::platformUserPreferredLanguages):
        Add a mutex and do an isolated copy of the strings to allow this function to be called from multiple threads.

2014-02-28  Dean Jackson  <dino@apple.com>

        Crash at ebay.com when viewing auction items at com.apple.WebCore: WebCore::GraphicsContext3D::getExtensions + 10
        https://bugs.webkit.org/show_bug.cgi?id=129523

        Reviewed by Simon Fraser.

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getSupportedExtensions): Early return if the
        context is pending policy resolution.

2014-02-28  Andreas Kling  <akling@apple.com>

        Micro-optimize JSNodeOwner::isReachableFromOpaqueRoots().
        <https://webkit.org/b/129518>

        Only do image and audio element specific checks for element nodes.
        Time spent in here goes from 0.8% to 0.5% on DYEB.

        Reviewed by Benjamin Poulain.

        * bindings/js/JSNodeCustom.cpp:
        (WebCore::isReachableFromDOM):

2014-02-28  Geoffrey Garen  <ggaren@apple.com>

        JSC Assertion failure every time I start Safari (r164846)
        https://bugs.webkit.org/show_bug.cgi?id=129510

        Reviewed by Mark Hahnenberg.

        Take the lock before allocating objects because afterward is too late.

        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::evaluateInWorld):
        (WebCore::ScriptController::windowScriptNPObject):
        (WebCore::ScriptController::jsObjectForPluginElement):

2014-02-28  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: ASSERT in WebCore::JSDOMWindowBase::supportsRichSourceInfo inspecting iOS
        https://bugs.webkit.org/show_bug.cgi?id=129512

        Reviewed by Simon Fraser.

        * page/PageDebuggable.cpp:
        (WebCore::PageDebuggable::connect):
        (WebCore::PageDebuggable::disconnect):

2014-02-28  Anders Carlsson  <andersca@apple.com>

        VisitedLinkStore should be able to invalidate link styles for associated pages
        https://bugs.webkit.org/show_bug.cgi?id=129515

        Reviewed by Dan Bernstein.

        * page/Page.cpp:
        (WebCore::Page::Page):
        Add the VisitedLinkStore if we have one.

        (WebCore::Page::~Page):
        Remove the VisitedLinkStore if we have one.

        * page/VisitedLinkStore.cpp:
        (WebCore::VisitedLinkStore::~VisitedLinkStore):
        Assert that we don't have any pages.

        (WebCore::VisitedLinkStore::addPage):
        Add the page to the set.

        (WebCore::VisitedLinkStore::removePage):
        Remove the page from the set.

        (WebCore::VisitedLinkStore::invalidateStylesForAllLinks):
        Traverse all the pages and invalidate the style for all links.

        (WebCore::VisitedLinkStore::invalidateStylesForLink):
        Traverse all the pages and invalidate the style for a given link.

        * page/VisitedLinkStore.h:
        Add new members.

2014-02-28  Benjamin Poulain  <bpoulain@apple.com>

        [iOS][WK2] highlight rects should never big bigger than the view
        https://bugs.webkit.org/show_bug.cgi?id=129472

        Reviewed by Enrica Casucci.

        * WebCore.exp.in:

2014-02-28  Beth Dakin  <bdakin@apple.com>

        Turn off margin tiles on iOS
        https://bugs.webkit.org/show_bug.cgi?id=129509
        -and corresponding-
        <rdar://problem/16200383>

        Reviewed by Simon Fraser.

        * page/FrameView.cpp:
        (WebCore::FrameView::needsExtendedBackgroundRectForPainting):

2014-02-28  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Add subpixel support to border type of double, groove, ridge, inset and outset.
        https://bugs.webkit.org/show_bug.cgi?id=129226

        Reviewed by Simon Fraser.

        This is the conversion of double, inset, outset, groove and ridge border type
        painting to support device pixel precision width/height.

        Regression is covered by existing tests.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::drawLineForBoxSide):
        * rendering/RenderObject.h:

2014-02-28  Adenilson Cavalcanti  <cavalcantii@gmail.com>

        Filters should test for area instead of single dimension
        https://bugs.webkit.org/show_bug.cgi?id=123716

        Reviewed by Dirk Schulze.

        A filtered SVG element with a sigle dimension bigger than 5000
        (counting the margin/border) will fail to render. So an element
        with 4000x4000 will render fine, while another with 5000x10
        won't. This patch instead tests against the total element area,
        which fixes such cases.

        It also fixes some layer violations where FilterEffectRenderer and
        RenderSVGResourceFilter were directly accessing the maximum filter
        size in FilterEffect. Since before a somewhat bigger filter would
        be aborted, it required to change the maximum kernel size
        for blur filter (some filters are slower to run than others for
        bigger SVGs).

        Tests: svg/filters/big-height-filter-expected.svg
               svg/filters/big-height-filter.svg
               svg/filters/big-width-filter-expected.svg
               svg/filters/big-width-filter.svg

        * platform/graphics/filters/FEGaussianBlur.cpp:
        * platform/graphics/filters/FilterEffect.cpp:
        (WebCore::FilterEffect::maxFilterArea): New function, returns the
        maximum allowed element area (currently is 4096 x 4096).
        (WebCore::FilterEffect::isFilterSizeValid): Now it tests for
        element area instead of a single dimension. This code is reused by
        FilterEffectRenderer.
        * platform/graphics/filters/FilterEffect.h:
        * rendering/FilterEffectRenderer.cpp:
        (WebCore::FilterEffectRenderer::updateBackingStoreRect): Uses the
        new function in FilterEffect to test for valid sizes.
        (WebCore::FilterEffectRendererHelper::beginFilterEffect): Same case.
        * rendering/svg/RenderSVGResourceFilter.cpp:
        (WebCore::RenderSVGResourceFilter::fitsInMaximumImageSize): Test
        for maximum area and properly changes the scale of transformed
        element to fit.

2014-02-28  Brent Fulgham  <bfulgham@apple.com>

        [Mac, iOS] Incorrect ordering of construction arguments for out-of-band text elements
        https://bugs.webkit.org/show_bug.cgi?id=129501
        <rdar://problem/16198587>

        Reviewed by Eric Carlson.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute): Correct order of arguments
        to PlatformTextTrack.

2014-02-28  Bem Jones-Bey  <bjonesbe@adobe.com>

        Properly clear m_logicallyLastRun to remove use-after-free possibility
        https://bugs.webkit.org/show_bug.cgi?id=129489

        Reviewed by David Hyatt.

        A use-after-free issue was caught in Blink because m_logicallyLastRun
        is not cleared when the item it points to is deleted. Clearing it
        turns the use-after-free into a segfault, and prevents any future
        use-after-frees from happening.

        * platform/text/BidiRunList.h:
        (WebCore::BidiRunList<Run>::deleteRuns):

2014-02-28  Jer Noble  <jer.noble@apple.com>

        [Mac] Disambiguate calls to [[window contentView] layer] and [... setLayer:]
        https://bugs.webkit.org/show_bug.cgi?id=129491

        Reviewed by Alexey Proskuryakov.

        -[NSWindow contentView] returns a bare id, leading to ambiguity when calling
        certain methods, including -layer and -setLayer:. Resolve the ambiguity by
        explicitly casting the -contentView call to a NSView*.

        * platform/mac/WebVideoFullscreenController.mm:
        (-[WebVideoFullscreenController setupVideoOverlay:]):
        (-[WebVideoFullscreenController windowDidLoad]):
        (-[WebVideoFullscreenController windowDidExitFullscreen]):

2014-02-28  Andreas Kling  <akling@apple.com>

        MouseEvent.offsetX/Y should just return 0,0 for simulated clicks.
        <https://webkit.org/b/129477>

        There's no need to compute the exact target-relative coordinates for
        simulated mouse events, e.g those fired by HTMLElement.click().

        The offsetX/Y properties are not supported by Firefox.

        Test: fast/events/relative-offset-of-simulated-click.html

        Reviewed by Alexey Proskuryakov.

        * dom/MouseRelatedEvent.cpp:
        (WebCore::MouseRelatedEvent::offsetX):
        (WebCore::MouseRelatedEvent::offsetY):

2014-02-27  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] Fix positioning grid items using named grid lines/areas
        https://bugs.webkit.org/show_bug.cgi?id=129372

        Reviewed by Darin Adler.

        Our code was assuming that a <custom-ident> in
        -webkit-grid-{column|row}-{start|end} and
        -webkit-grid-{column|row} was always a grid area name. That's
        wrong because the <custom-ident> could be also a explicitly named
        grid line or the an implicitly named grid line created by a grid
        area definition.

        The style resolution code was not correct either. This patch fixes
        it so it now matches the spec, which means that:
        - first we try to match any existing grid area.
        - then if there is a named grid line with the name
        <custom-ident>-{start|end} for -webkit-grid-{column|row}-{start|end}
        defined before the grid area then we use it instead of the grid
        area.
        - otherwise if there is a named grid line we resolve to the first such line.
        - otherwise we treat it as 'auto'.

        Fixing this uncovered a bug in GridPosition, we were not using the
        name of the stored grid area to check if two GridPositions were
        the same.

        Tests: fast/css-grid-layout/grid-item-position-changed-dynamic.html
               fast/css-grid-layout/named-grid-lines-with-named-grid-areas-resolution.html

        * css/StyleResolver.cpp:
        (WebCore::gridLineDefinedBeforeGridArea): New function to check if
        a given named grid line was defined before an implicit named grid
        line created by a grid area definition.
        (WebCore::StyleResolver::adjustNamedGridItemPosition): New
        function that adjusts the position of a GridPosition parsed as a
        grid area.
        (WebCore::StyleResolver::adjustGridItemPosition): Use the new
        function adjustNamedGridItemPosition to adjust the positions of
        named grid lines.
        * css/StyleResolver.h:
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::resolveNamedGridLinePositionFromStyle): Use GridPosition:: namespace.
        (WebCore::RenderGrid::resolveGridPositionFromStyle): Ditto.
        (WebCore::RenderGrid::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition): Ditto.
        * rendering/RenderGrid.h:
        * rendering/style/GridPosition.h:
        (WebCore::GridPosition::adjustGridPositionForRowEndColumnEndSide): Moved from RenderGrid.cpp.
        (WebCore::GridPosition::adjustGridPositionForSide): Ditto.
        (WebCore::GridPosition::operator==): Use the named grid line to check equality.

2014-02-28  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] Update line segments for ShapeInside only if the new line is wide enough
        https://bugs.webkit.org/show_bug.cgi?id=129461

        Reviewed by David Hyatt.

        Shape-inside can make a line only narrower than the original line width, thus we don't need
        to update the line/shape segments in fitBelowFloats for every single line inside shape-inside.
        This patch adds a helper function, which updates the line segments, furthermore it updates the
        line segments only when the content would fit without the shape.

        No new tests, no behavior change.

        * rendering/line/BreakingContextInlineHeaders.h: Use new helper.
        (WebCore::updateSegmentsForShapes):
        * rendering/line/LineWidth.cpp: Use new helper.
        (WebCore::LineWidth::updateLineSegment): Add new helper.
        (WebCore::LineWidth::fitBelowFloats):

2014-02-28  Mario Sanchez Prada  <mario.prada@samsung.com>

        paragraphs with different directionality in textarea with unicode-bidi: plaintext are aligned the same
        https://bugs.webkit.org/show_bug.cgi?id=71194

        Reviewed by David Hyatt.

        Merged from Blink r157263 by <igor.o@sisa.samsung.com>
        <https://src.chromium.org/viewvc/blink?revision=157263&view=revision>

        In the css3-text spec (http://www.w3.org/TR/css3-text/#bidi-linebox):

        The start and end edges of a line box are determined by the inline
        base direction of the line box. In most cases, this is given by
        its containing block's computed ‘direction’. However if its
        containing block has ‘unicode-bidi: plaintext’, the inline base
        direction the line box must be determined by the base direction of
        the bidi paragraph to which it belongs: that is, the bidi
        paragraph for which the line box holds content.

        This patch just implements the behavior described above modifying
        updateLogicalWidthForAlignment and setting the bidi level of the
        RootInlineBox.

        * rendering/RenderBlockFlow.h:
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::updateLogicalWidthForAlignment):
        (WebCore::RenderBlockFlow::computeInlineDirectionPositionsForSegment):
        (WebCore::RenderBlockFlow::createLineBoxesFromBidiRuns):
        (WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
        (WebCore::RenderBlockFlow::deleteEllipsisLineBoxes):
        (WebCore::RenderBlockFlow::checkLinesForTextOverflow):
        (WebCore::RenderBlockFlow::startAlignedOffsetForLine):

2014-02-28  Jochen Eisinger  <jochen@chromium.org>

        Update meta-referrer behavior for invalid policies
        https://bugs.webkit.org/show_bug.cgi?id=129475

        This patch aligns the behavior with the CSP 1.1 referrer directive,
        where the fallback for an invalid value is the "never" policy.

        Original patch from Mike West: https://src.chromium.org/viewvc/blink?view=rev&revision=165627

        Reviewed by Alexey Proskuryakov.

        Test: http/tests/security/referrer-policy-invalid.html

        * dom/Document.cpp:
        (WebCore::Document::processReferrerPolicy):

2014-02-28  Daniel Bates  <dabates@apple.com>

        SubresourceLoader::didFinishLoading() should not assert when a decode error occurs
        https://bugs.webkit.org/show_bug.cgi?id=127029

        Reviewed by Darin Adler.

        SubresourceLoader::didFinishLoading() can be called for a resource (e.g. an image) that
        failed to be decoded or, in the case of an image, whose estimated decoded size exceeds
        the maximum decoded size (Settings::maximumDecodedImageSize()).

        Test: fast/images/decoded-size-exceeds-max-decoded-size.html

        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::didFinishLoading):

2014-02-28  Martin Hodovan  <mhodovan@inf.u-szeged.hu>

        ASSERTION FAILED: roundedIntPoint(rendererMappedResult) == roundedIntPoint(result) in WebCore::RenderGeometryMap::mapToContainer
        https://bugs.webkit.org/show_bug.cgi?id=119626

        SVGRenderSupport::mapLocalToContainer() was trying to apply transforms
        in the incorrect order. Specifically, it would attempt to apply its
        localToParentTransform before its localToBorderBoxTransform. This
        was causing an ASSERT to fail when the computed transforms didn't
        match up to those computed by RenderGeometryMap.

        Backported from Blink: https://codereview.chromium.org/143363004

        Reviewed by Simon Fraser.

        Test: svg/transforms/svg-geometry-crash.html

        * rendering/svg/SVGRenderSupport.cpp:
        (WebCore::SVGRenderSupport::mapLocalToContainer):

2014-02-28  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] ASSERTION FAILED: !m_regionsInvalidated in RenderFlowThread::regionAtBlockOffset
        https://bugs.webkit.org/show_bug.cgi?id=129371

        Reviewed by Andrei Bucur.

        regionAtBlockOffset method is meant to be used after the flow thread validated
        its region chain, otherwise we cannot rely on regionAtBlockOffset to determine correctly
        the target region based on the offset in flow thread coordinates.

        When the video element is collected in a named flow and displayed in a region, we ensure
        that the region's decorations are taken into account to properly position the video.
        However, we have to do that only if the named flow regions are validated.

        I changed the method cachedRegionForCompositedLayer to check only the "cached" region
        for a layer and not update the layer to region mappings before returning the region.
        Because method cachedRegionForCompositedLayer does not update the region - layer mappings,
        the code does not call regionAtBlockOffset in situations where the region chain is not validated yet.

        Test: compositing/regions/video-in-overflow-region.html

        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::getLayerListForRegion): Make it a getter that relies on
        cached information and refrain from updating the mappings. Make it const too.
        (WebCore::RenderFlowThread::cachedRegionForCompositedLayer):
        * rendering/RenderFlowThread.h:

2014-02-28  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GTK] Finetune captions menu as per design team
        https://bugs.webkit.org/show_bug.cgi?id=129432

        Reviewed by Eric Carlson.

        Some design fine tuning of the captions dialog was required.
        
        No new tests, current suffice.

        * Modules/mediacontrols/mediaControlsApple.js:
        Added out class.
        * Modules/mediacontrols/mediaControlsGtk.js:
        (ControllerGtk.prototype.buildCaptionMenu): Setting out class when
        menu is going to show overlap the panel right border.
        * css/mediaControlsGtk.css:
        (video::-webkit-media-controls-closed-captions-container.out):
        Setting all borders to 5px;
        (video::-webkit-media-controls-closed-captions-container h3):
        Reduced font size and increasing top padding.
        (video::-webkit-media-controls-closed-captions-container ul):
        Increased top padding.

2014-02-27  Ryosuke Niwa  <rniwa@webkit.org>

        Element::attributeChanged shouldn't do any work when attribute value didn't change
        https://bugs.webkit.org/show_bug.cgi?id=129467

        Reviewed by Geoffrey Garen.

        Exit early in childrenChanged when the attribute value didn't change.

        * dom/Attr.cpp:
        (WebCore::Attr::setValue):
        (WebCore::Attr::childrenChanged):
        * dom/Element.cpp:
        (WebCore::Element::setAttributeInternal):
        (WebCore::Element::attributeChanged):
        (WebCore::Element::parserSetAttributes):
        (WebCore::Element::removeAttributeInternal):
        (WebCore::Element::didAddAttribute):
        (WebCore::Element::didModifyAttribute):
        (WebCore::Element::didRemoveAttribute):
        (WebCore::Element::cloneAttributesFromElement):
        * dom/Element.h:
        * dom/StyledElement.cpp:
        (WebCore::StyledElement::attributeChanged):
        * dom/StyledElement.h:
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::updateType):
        * mathml/MathMLElement.cpp:
        (WebCore::MathMLElement::attributeChanged):
        * mathml/MathMLElement.h:
        * mathml/MathMLSelectElement.cpp:
        (WebCore::MathMLSelectElement::attributeChanged):
        * mathml/MathMLSelectElement.h:
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::attributeChanged):
        * svg/SVGElement.h:

2014-02-27  Jinwoo Song  <jinwoo7.song@samsung.com>

        [EFL] Remove duplicated keyboard string key from keyMap
        https://bugs.webkit.org/show_bug.cgi?id=129469

        Reviewed by Gyuyoung Kim.

        "Down" key is duplicated in keyMap().

        * platform/efl/EflKeyboardUtilities.cpp:
        (WebCore::createKeyMap):

2014-02-27  Benjamin Poulain  <benjamin@webkit.org>

        Unify the three call sites of SelectorQueryCache
        https://bugs.webkit.org/show_bug.cgi?id=129249

        Reviewed by Andreas Kling.

        The three call sites of SelectorQueryCache were doing the exact same thing.
        That code is mvoed to a new function Document::selectorQueryForString().

        Also use String instead of AtomicString for querySelector() and querySelectorAll().
        This prevent the call sites from creating AtomicString just for the time of the call.
        This causes a tiny slow down on microbenchmarks that continuously query the same string
        but has no negative impact on realistic/good test cases (and the bindings are simplified).

        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::querySelector):
        (WebCore::ContainerNode::querySelectorAll):
        * dom/ContainerNode.h:
        * dom/Document.cpp:
        (WebCore::Document::selectorQueryForString):
        * dom/Document.h:
        * dom/Element.cpp:
        (WebCore::Element::webkitMatchesSelector):
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorQueryCache::add):
        * dom/SelectorQuery.h:

2014-02-27  Ryosuke Niwa  <rniwa@webkit.org>

        JSC ignores the extra memory cost of HTMLCollection after a major GC
        https://bugs.webkit.org/show_bug.cgi?id=129450

        Reviewed by Andreas Kling.

        Report the extra memory cost of HTMLCollection to JSC.

        Unfortunately, the existing mechanism to report the extra memory cost in toJS is insufficient for
        HTMLCollection since collection caches are populated later when HTMLCollection is accessed. Also,
        the extra memory cost reported by Heap::reportExtraMemoryCost will be thrown away after a major GC.

        To work around this limitation, added a visitor.reportExtraMemoryUsage call inside visitChildren
        for interfaces with a newly added ReportExtraMemoryCost IDL extension flag to report the extra cost.

        Since we may need to generate visitChildren when this flag is set, we can't automatically detect
        and generate calls using C++ template as done in r148648.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * Modules/webaudio/AudioBuffer.idl:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMBinding.h:
        * bindings/scripts/CodeGeneratorJS.pm:
        (InstanceNeedsVisitChildren):
        (GenerateHeader):
        (GenerateImplementation):
        * bindings/scripts/IDLAttributes.txt:
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSTestException.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSattribute.cpp:
        (WebCore::toJS):
        * bindings/scripts/test/JS/JSreadonly.cpp:
        (WebCore::toJS):
        * dom/ChildNodeList.h:
        * dom/CollectionIndexCache.cpp: Added.
        (WebCore::reportExtraMemoryCostForCollectionIndexCache):
        * dom/CollectionIndexCache.h:
        (WebCore::CollectionIndexCache::memoryCost):
        (WebCore::NodeType>::CollectionIndexCache):
        (WebCore::NodeType>::nodeCount):
        (WebCore::NodeType>::computeNodeCountUpdatingListCache):
        (WebCore::NodeType>::nodeAt):
        (WebCore::NodeType>::invalidate):
        * dom/DOMAllInOne.cpp:
        * dom/LiveNodeList.cpp:
        (WebCore::LiveNodeList::memoryCost):
        * dom/LiveNodeList.h:
        * dom/NodeList.h:
        (WebCore::NodeList::memoryCost):
        * dom/NodeList.idl:
        * html/HTMLCollection.cpp:
        (WebCore::HTMLCollection::updateNamedElementCache):
        * html/HTMLCollection.h:
        (WebCore::CollectionNamedElementCache::didPopulate):
        (WebCore::CollectionNamedElementCache::memoryCost):
        (WebCore::CollectionNamedElementCache::find):
        (WebCore::HTMLCollection::memoryCost):
        * html/HTMLCollection.idl:
        * html/HTMLFormControlsCollection.cpp:
        (WebCore::HTMLFormControlsCollection::updateNamedElementCache):

2014-02-27  Benjamin Poulain  <benjamin@webkit.org>

        Compile attribute value matching
        https://bugs.webkit.org/show_bug.cgi?id=129228

        Reviewed by Geoffrey Garen.

        Add support for compiling value matching when matching attributes in Selector.
        This patch only adds exact matching, the other cases will follow.

        There is a little infrastructure changes since FunctionCall now needs to support
        calls taking 2 arguments. The fun begins when the arguments are not in the right
        registers and need to be moved to the right place. Otherwise the code is straightforward.

        In SelectorCompiler, it is necessary to handle two different cases of matching: case sensitive
        and case insensitive. The choice is done in part at compilation time by asking HTMLDocument
        if the name filter can include case insensitive attribute. The other part is done at runtime
        by querying the element for its type and document.

        Test: fast/selectors/case-insensitive-value-matching.html

        * css/SelectorChecker.cpp:
        (WebCore::attributeValueMatches): Null values matching should never happen, when an attribute
        has no value, its value is empty.

        * cssjit/FunctionCall.h:
        (WebCore::FunctionCall::FunctionCall):
        Add support for calls with two arguments.
        (WebCore::FunctionCall::setOneArgument):
        (WebCore::FunctionCall::setTwoArguments):
        (WebCore::FunctionCall::swapArguments):
        Here we need to swap two registers, but we cannot allocate a new register (because the context
        of the function call may have taken all the available registers already).

        On x86, the solution is simple, we can swap the two registers without side effects.

        On other platforms, it is a little more complex. If there is any available register, we can just
        use it as a temporary to make the swap.
        If there are no available registers, we know that all the registers are taken. Since swapArguments()
        was called after pushing all the arguments on the stack, we can safely trash the value of any of those.
        We take the first available register that is not a function argument and use it as a temporary.

        (WebCore::FunctionCall::prepareAndCall):
        This is the fun part, we have two registers where the values must go before the function call. The values
        can be in any combination of the allocated registers. The code here needs to move the two values to
        their target register while avoiding conflicts.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::AttributeMatchingInfo::AttributeMatchingInfo):
        (WebCore::SelectorCompiler::AttributeMatchingInfo::canDefaultToCaseSensitiveValueMatch):
        (WebCore::SelectorCompiler::AttributeMatchingInfo::selector):
        The value of HTMLDocument::isCaseSensitiveAttribute is needed at compilation time to compute the number
        of required registers. As a result, we need to keep it along in the selector fragment.

        (WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
        (WebCore::SelectorCompiler::attributeNameTestingRequiresNamespaceRegister):
        (WebCore::SelectorCompiler::attributeValueTestingRequiresExtraRegister):
        (WebCore::SelectorCompiler::minimumRegisterRequirements):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::markParentElementIfResolvingStyle):
        (WebCore::SelectorCompiler::canMatchStyleAttribute):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSynchronizeStyleAttribute):
        (WebCore::SelectorCompiler::canMatchAnimatableSVGAttribute):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSynchronizeAllAnimatedSVGAttribute):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeMatching):
        The matching code is moved in a local scope. This is done to recover the register of qualifiedNameImpl
        before doing any value matching. That register can then be used to store the expected value when matching
        an attribute value.
        It is unfortunate there is so much register pressure in this part.

        Value matching is done outside the loop. The idea is to keep the loop really small since in the vast majority
        of cases, name matching fails.
        If the value matching fails, we jump back into the tight loop.

        This is not ideal in all situation. For example trivial name matching with trivial value matching should
        be done in loop. There is a FIXME to improve those cases later.

        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeValueMatching):
        (WebCore::SelectorCompiler::testIsHTMLClassOnDocument):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeValueExactMatching):
        In the case sensitive branch, things are really simple. We have to AtomicStringImpl pointers, if they
        don't match, it is a failure.

        The case sensitive branch start by comparing the pointers in case the values are equal. This is a common
        case and it simplifies the cases for SVG, XHTML, etc.
        If the two values are not equal, we must first find if the context requires case insensitive comparison
        (HTMLElement in HTMLDocument). If the conditions require case insensitive matching, we then fall back
        to a function call.

        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementFunctionCallTest):
        * dom/Attribute.h:
        (WebCore::Attribute::valueMemoryOffset):
        * dom/Document.h:
        (WebCore::Document::documentClassesMemoryOffset):
        (WebCore::Document::isHTMLDocumentClassFlag):
        * dom/Node.h:
        (WebCore::Node::treeScopeMemoryOffset):
        * dom/TreeScope.h:
        (WebCore::TreeScope::documentScopeMemoryOffset):

2014-02-27  Ryuan Choi  <ryuan.choi@samsung.com>

        Build break when disabled CSS_GRID_LAYOUT
        https://bugs.webkit.org/show_bug.cgi?id=129459

        Reviewed by Gyuyoung Kim.

        * css/CSSValue.h: Added guards of CSS_GRID_LAYOUT for GridTemplateAreasClass.

2014-02-17  Myles C. Maxfield  <mmaxfield@apple.com>

        text-decoration-skip: ink does not skip over SVG fonts
        https://bugs.webkit.org/show_bug.cgi?id=128936

        Reviewed by Darin Adler.

        When drawing glyphs in an SVG font, the glyphs are converted to paths and then filled. This patch moves
        the glyph -> path conversion into a helper class, GlyphToPathTranslator, and creates an implementation
        for the SVG drawing code. Once this helper class is created, it can be used to trace paths in order
        to make underlines skip over SVG glyphs. This helper class also has an implementation for non-SVG glyphs,
        which allows for the glyph tracing code to be paramaterized over the implementation of the helper class
        rather than if the FontData itself is SVG or not.

        Tests: fast/css3-text/css3-text-decoration/text-decoration-skip/text-decoration-skip-ink-svg.html

        * platform/graphics/Font.h:
        (WebCore::GlyphToPathTranslator::~GlyphToPathTranslator): Virtual implementation of helper class
        * platform/graphics/cg/PathCG.cpp:
        (WebCore::Path::Path): Created constructor that takes a RefPtr<CGMutablePathRef>
        * platform/graphics/Path.h:
        * platform/graphics/TextRun.h: Give RenderingContext a factory function to create the helper class
        instance
        * platform/graphics/mac/FontMac.mm: Implementation of helper class used for skipping underlines on
        regular (CoreText) glyphs
        (WebCore::MacGlyphToPathTranslator::MacGlyphToPathTranslator):
        (WebCore::MacGlyphToPathTranslator::moveToNextValidGlyph):
        (WebCore::MacGlyphToPathTranslator::incrementIndex):
        (WebCore::Font::dashesForIntersectionsWithRect): Call the relevant factory function, and use it
        to successively generate Paths
        * rendering/svg/SVGTextRunRenderingContext.cpp: Implementation of helper class used for SVG fonts
        (WebCore::SVGGlyphToPathTranslator::SVGGlyphToPathTranslator):
        (WebCore::SVGGlyphToPathTranslator::moveToNextValidGlyph):
        (WebCore::SVGGlyphToPathTranslator::incrementIndex):
        (WebCore::SVGTextRunRenderingContext::createGlyphToPathTranslator):
        (WebCore::SVGTextRunRenderingContext::drawSVGGlyphs): Use the above implementation
        * rendering/svg/SVGTextRunRenderingContext.h: Factory function declaration

2014-02-27  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        [WebRTC] Removing MediaConstraints argument from RTCPeerConnection addStream, updateIce methods and constructor
        https://bugs.webkit.org/show_bug.cgi?id=129449

        Reviewed by Eric Carlson.

        According to WebRTC editor's draft, MediaConstraints will no longer be an argument of those methods and
        constructor.

        Existing tests were updated.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::create):
        (WebCore::RTCPeerConnection::RTCPeerConnection):
        (WebCore::RTCPeerConnection::updateIce):
        (WebCore::RTCPeerConnection::addStream):
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/RTCPeerConnection.idl:
        * bindings/js/JSRTCPeerConnectionCustom.cpp:
        (WebCore::JSRTCPeerConnectionConstructor::constructJSRTCPeerConnection):
        * platform/mediastream/RTCPeerConnectionHandler.h:
        * platform/mock/RTCPeerConnectionHandlerMock.cpp:
        (WebCore::RTCPeerConnectionHandlerMock::initialize):
        (WebCore::RTCPeerConnectionHandlerMock::updateIce):
        (WebCore::RTCPeerConnectionHandlerMock::addStream):
        * platform/mock/RTCPeerConnectionHandlerMock.h:

2014-02-27  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Move named-flow specific method decorationsClipRectForBoxInRegion to RenderNamedFlowThread
        https://bugs.webkit.org/show_bug.cgi?id=129428

        Reviewed by Andreas Kling.

        Since the decorationsClipRectForBoxInRegion method is a named flow specific method, it makes
        sense to be in the named flow specific class, RenderNamedFlowThread, instead of the more
        generic RenderFlowThread.

        No new tests required. No new functionality.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::paintObject):
        * rendering/RenderFlowThread.cpp:
        * rendering/RenderFlowThread.h:
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::decorationsClipRectForBoxInNamedFlowFragment):
        * rendering/RenderNamedFlowThread.h:

2014-02-27  Zoltan Horvath  <zoltan@webkit.org>

        Avoid calling logicalLeftOffsetForLine 2 times in LineWidth::fitBelowFloats
        https://bugs.webkit.org/show_bug.cgi?id=129433

        Reviewed by Darin Adler.

        This change updates fitBelowFloats and its helpers to call RenderBlock::logicalLeftOffsetForLine only once.

        No new tests, no behavior change.

        * rendering/line/LineWidth.cpp:
        (WebCore::availableWidthAtOffset):
        (WebCore::LineWidth::updateLineDimension):
        (WebCore::LineWidth::wrapNextToShapeOutside):
        (WebCore::LineWidth::fitBelowFloats):
        * rendering/line/LineWidth.h:

2014-02-27  Andreas Kling  <akling@apple.com>

        Micro-optimize elementAffectsDirectionality().
        <https://webkit.org/b/129444>

        Tweak this function to skip an unnecessary bit check and use
        fastHasAttribute() instead of hasAttribute() for looking up dirAttr.

        ~1% speedup on DYEB/AngularJS.

        Reviewed by Ryosuke Niwa.

        * html/HTMLElement.cpp:
        (WebCore::elementAffectsDirectionality):

2014-02-27  Brian Burg  <bburg@apple.com>

        Web Inspector: model tests should use a special Test.html inspector page
        https://bugs.webkit.org/show_bug.cgi?id=129190

        Reviewed by Timothy Hatcher.

        Convert InspectorController::isUnderTest() into a flag, and expose an
        Internals method so it can be set by the test before opening the inspector.

        Test: inspector/test-harness-trivially-works.html

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::evaluateForTestInFrontend):
        * inspector/InspectorController.h:
        * testing/Internals.cpp:
        (WebCore::Internals::setInspectorIsUnderTest): Added.
        * testing/Internals.h:
        * testing/Internals.idl:

2014-02-27  Joseph Pecoraro  <pecoraro@apple.com>

        Unreviewed build fix after r164824.

        Accidentally re-added some code that was removed.

        * page/ContentSecurityPolicy.cpp:

2014-02-26  Alex Christensen  <achristensen@webkit.org>

        Compile fix when not using TEXTURE_MAPPER_GL.
        https://bugs.webkit.org/show_bug.cgi?id=129417

        Reviewed by Darin Adler.

        * platform/graphics/texmap/TextureMapperGL.cpp:
        Protect platformCreateAccelerated with USE(TEXTURE_MAPPER_GL).

2014-02-27  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: JSContext inspection should report exceptions in the console
        https://bugs.webkit.org/show_bug.cgi?id=128776

        Reviewed by Timothy Hatcher.

        Include some clean up of ConsoleMessage and ScriptCallStack construction.

        Covered by existing tests.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::reportException):
        Simplify code now that createStackTraceFromException handles it.

        * page/ContentSecurityPolicy.cpp:
        (WebCore::gatherSecurityPolicyViolationEventData):
        (WebCore::ContentSecurityPolicy::reportViolation):
        ScriptCallStack can give us the first non-native callframe.

        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::buildInitiatorObject):
        * inspector/PageDebuggerAgent.cpp:
        (WebCore::PageDebuggerAgent::breakpointActionLog):
        * inspector/TimelineRecordFactory.cpp:
        (WebCore::TimelineRecordFactory::createGenericRecord):
        * page/Console.cpp:
        (WebCore::internalAddMessage):
        (WebCore::Console::profile):
        (WebCore::Console::profileEnd):
        (WebCore::Console::timeEnd):
        * page/ContentSecurityPolicy.cpp:
        (WebCore::gatherSecurityPolicyViolationEventData):
        (WebCore::ContentSecurityPolicy::reportViolation):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::postMessage):

2014-02-27  Andreas Kling  <akling@apple.com>

        Remove FeatureObserver.
        <https://webkit.org/b/129439>

        This code was only used by the Chromium port and nobody else is
        making use of it.

        Reviewed by Anders Carlsson.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/EventTarget.cpp:
        (WebCore::EventTarget::fireEventListeners):
        * dom/EventTarget.h:
        * html/ColorInputType.cpp:
        * html/ColorInputType.h:
        * html/DateInputType.cpp:
        * html/DateInputType.h:
        * html/DateTimeInputType.cpp:
        * html/DateTimeInputType.h:
        * html/DateTimeLocalInputType.cpp:
        * html/DateTimeLocalInputType.h:
        * html/EmailInputType.cpp:
        * html/EmailInputType.h:
        * html/HTMLDataListElement.cpp:
        (WebCore::HTMLDataListElement::create):
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::parseAttribute):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::parseAttribute):
        * html/HTMLTextFormControlElement.cpp:
        (WebCore::HTMLTextFormControlElement::parseAttribute):
        * html/InputType.cpp:
        * html/InputType.h:
        * html/MonthInputType.cpp:
        * html/MonthInputType.h:
        * html/NumberInputType.cpp:
        * html/NumberInputType.h:
        * html/RangeInputType.cpp:
        * html/RangeInputType.h:
        * html/SearchInputType.cpp:
        * html/SearchInputType.h:
        * html/TelephoneInputType.cpp:
        * html/TelephoneInputType.h:
        * html/TextInputType.cpp:
        * html/TextInputType.h:
        * html/TimeInputType.cpp:
        * html/TimeInputType.h:
        * html/URLInputType.cpp:
        * html/URLInputType.h:
        * html/WeekInputType.cpp:
        * html/WeekInputType.h:
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::responseReceived):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::shouldInterruptLoadForXFrameOptions):
        (WebCore::FrameLoader::dispatchDidCommitLoad):
        * page/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::didReceiveHeader):
        * page/EventHandler.cpp:
        (WebCore::EventHandler::selectCursor):
        * page/FeatureObserver.cpp: Removed.
        * page/FeatureObserver.h: Removed.
        * page/Page.h:
        * rendering/RenderDeprecatedFlexibleBox.cpp:
        (WebCore::RenderDeprecatedFlexibleBox::RenderDeprecatedFlexibleBox):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):
        * workers/SharedWorker.cpp:
        (WebCore::SharedWorker::create):
        * workers/Worker.cpp:
        (WebCore::Worker::create):

2014-02-27  Chris Fleizach  <cfleizach@apple.com>

        speechSynthesis.speak of a zero length utterance kills future speech
        https://bugs.webkit.org/show_bug.cgi?id=129403

        Reviewed by Mario Sanchez Prada.

        Empty length strings may choke a synthesizer and result in didFinishSpeaking not being called. 
        The WebKit code should be proactive about screening out empty length strings.

        Test: platform/mac/fast/speechsynthesis/speech-synthesis-speak-empty-string.html

        * Modules/speech/SpeechSynthesis.cpp:
        (WebCore::SpeechSynthesis::startSpeakingImmediately):

2014-02-27  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r164783.
        http://trac.webkit.org/changeset/164783
        https://bugs.webkit.org/show_bug.cgi?id=129425

        Broke number of multicol tests (Requested by anttik on
        #webkit).

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::containingColumnsBlock):

2014-02-27  Antoine Quint  <graouts@webkit.org>

        Respect SVG fragment identifiers in <img> src attribute
        https://bugs.webkit.org/show_bug.cgi?id=129387

        Reviewed by Antti Koivisto.

        Test: svg/css/svg-resource-fragment-identifier-img-src.html

        When providing an SVG image for a given renderer, check that the URL used to load
        that image is taken into account in case it featured a fragment identifier, ensuring
        that the CSS :target pseudo-class is correctly handled for SVG resources. This patch
        is specific to <img> elements, specific support will also need to be added for various
        CSS properties that support SVG images.

        * svg/graphics/SVGImageCache.cpp:
        (WebCore::SVGImageCache::imageForRenderer):
        Check if the provided renderer is attached to an <img> element and, if so, pass the
        resolved <img> source URL, taking into account srcset, to the SVGImageForContainer.

        * svg/graphics/SVGImageForContainer.cpp:
        (WebCore::SVGImageForContainer::setURL):
        Trigger the FrameView machinery to ensure that the :target pseudo-class is respected
        should the provided URL feature a fragment identifier.

        * svg/graphics/SVGImageForContainer.h:
        Declare the new setURL() method.

2014-02-27  Krzysztof Czech  <k.czech@samsung.com>

        [ATK] Fix style errors in enum members
        https://bugs.webkit.org/show_bug.cgi?id=129421

        Reviewed by Mario Sanchez Prada.

        No new tests. No new functionality.

        Enum members should use InterCaps with an initial capital letter.

        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (getInterfaceMaskFromObject):

2014-02-27  Mihai Tica  <mitica@adobe.com>

        [CSS Blending] Parse and implement the -webkit-isolation CSS property.

        https://bugs.webkit.org/show_bug.cgi?id=128958

        Reviewed by Dirk Schulze.

        Parse and implement -webkit-isolation, part of the CSS Blending and Compositing spec.
        This patch adds functionality for HTML and SVG.
        -webkit-isolation: isolate restricts any child elements from blending with any of the content outside the isolated parent element.

        Tests: css3/compositing/isolation-isolate-blended-child.html
               css3/compositing/isolation-parsing.html
               css3/compositing/svg-isolation-default.html
               css3/compositing/svg-isolation-isolated-group.html
               css3/compositing/svg-isolation-simple.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        (WebCore::isKeywordPropertyID):
        (WebCore::CSSParser::parseValue):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::operator Isolation):
        * css/CSSPropertyNames.in: Add -webkit-isolation.
        * css/CSSValueKeywords.in: Add the isolate value.
        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::DeprecatedStyleBuilder::DeprecatedStyleBuilder):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle): Explicitly set isolation:isolate to create a stacking context.
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeRequiresLayerRepaint): Changing isolation should trigger a repaint.
        * rendering/style/RenderStyle.h: Setters and getters for isolation.
        * rendering/style/RenderStyleConstants.h: Add Isolation enum.
        * rendering/style/StyleRareNonInheritedData.cpp: Add m_isolation.
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:
        * rendering/svg/SVGRenderingContext.cpp:
        (WebCore::SVGRenderingContext::prepareToRenderSVGContent): If isolated, paint in a transparency layer.

2014-02-27  Krzysztof Czech  <k.czech@samsung.com>

        [ATK] Utilize AtkTableCell to expose directly AccessibilityTableCell to AT
        https://bugs.webkit.org/show_bug.cgi?id=129250

        Reviewed by Mario Sanchez Prada.

        Test: accessibility/table-scope.html

        Exposing AtkTableCell to AT. Implementing possibility to get column headers and row headers
        as an array of cells.

        * GNUmakefile.list.am:
        * PlatformEfl.cmake:
        * accessibility/atk/WebKitAccessibleInterfaceTableCell.cpp: Added.
        (convertToGPtrArray):
        (core):
        (webkitAccessibleTableCellGetColumnHeaderCells):
        (webkitAccessibleTableCellGetRowHeaderCells):
        (webkitAccessibleTableCellInterfaceInit):
        * accessibility/atk/WebKitAccessibleInterfaceTableCell.h: Added.
        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (getInterfaceMaskFromObject):

2014-02-27  Renata Hodovan  <rhodovan.u-szeged@partner.samsung.com>

        Improving containing column block determination
        https://bugs.webkit.org/show_bug.cgi?id=125449

        Reviewed by Darin Adler.

        Making sure that the containing column block of any elements
        can not be oneself.

        Test: fast/css/crash-on-column-splitting.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::containingColumnsBlock):
        (WebCore::RenderBlock::splitFlow):

2014-02-27  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GTK] Improve JavaScript multimedia controls
        https://bugs.webkit.org/show_bug.cgi?id=129044

        Reviewed by Jer Noble.

        After webkit.org/b/123097 a follow up was needed to improve
        accessibily and some other cosmetic problems, like cleaner CSS and
        new missing baselines.

        No new tests because of no new functionality.

        * Modules/mediacontrols/mediaControlsApple.js:
        Added hiding class name.
        * Modules/mediacontrols/mediaControlsGtk.js:
        (ControllerGtk.prototype.createControls): Set remaining time as
        hidden by default and turned volumebox hidden into hiding.
        (ControllerGtk.prototype.updateTime): Simplified the hiding and
        showing by removing the show class and using hidden only.
        (ControllerGtk.prototype.handleMuteButtonMouseOver):
        (ControllerGtk.prototype.handleVolumeBoxMouseOut): Turned hidden
        into hiding.
        (ControllerGtk.prototype.updateReadyState): Changed coding style
        and added down class for the panel too.
        (ControllerGtk.prototype.updatePlaying): Change for coding style
        coherence.
        (ControllerGtk.prototype.handleCaptionButtonClicked): Call
        handleCaptionButtonShowMenu.
        (ControllerGtk.prototype.handleCaptionButtonMouseOver): Call
        handleCaptionButtonShowMenu.
        (ControllerGtk.prototype.handleCaptionButtonShowMenu): Created
        with the former behavior of handleCaptionButtonMouseOver.
        * css/mediaControlsGtk.css:
        (.hidden): Set display none for all objects with hidden class.
        (audio::-webkit-media-controls-panel *:focus):
        (audio::-webkit-media-controls-panel.down *:focus): Added gradient
        for the active and focus status.
        (audio::-webkit-media-controls-time-remaining-display)
        (video::-webkit-media-controls-time-remaining-display): Set
        display block.
        (audio::-webkit-media-controls-volume-slider-container)
        (video::-webkit-media-controls-volume-slider-container): Set
        display flex.
        (video::-webkit-media-controls-volume-slider-container.hiding):
        Changed from hidden.
        (video::-webkit-media-controls-panel .hiding.down): Changed from
        hidden.
        * platform/gtk/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::paintMediaButton): Returning true to
        allow CSS painting the gradient.

2014-02-27  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed. Fixing the GTK build fix after r164757.

        * platform/network/NetworkStateNotifier.cpp: r164757 introduced a layering violation by including
        the Settings.h header. The use of that class is guarded by PLATFORM(IOS), so the header inclusion
        should be guarded as well.

2014-02-26  Ryosuke Niwa  <rniwa@webkit.org>

        Extract named items caches in HTMLCollection as a class
        https://bugs.webkit.org/show_bug.cgi?id=129365

        Reviewed by Antti Koivisto.

        Extracted CollectionNamedElementCache, like CollectionIndexCache, out of HTMLCollection.
        We can move more named item related functions into this class in the future.

        HTMLCollection's member variables m_isNameCacheValid, m_idCache, and m_nameCache were replaced by
        a single unique_ptr that holds an instance of CollectionNamedElementCache since this object rarely
        exists in most HTMLCollections.

        Also removed m_isItemRefElementsCacheValid since it was only used by Microdata API removed in r153772
        and renamed a whole bunch of member functions and variables for consistency.

        * dom/Document.cpp:
        (WebCore::Document::collectionCachedIdNameMap):
        (WebCore::Document::collectionWillClearIdNameMap):
        * dom/Document.h:
        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::adoptDocument):
        * html/HTMLAllCollection.cpp:
        (WebCore::HTMLAllCollection::namedItemWithIndex):
        * html/HTMLCollection.cpp:
        (WebCore::HTMLCollection::HTMLCollection):
        (WebCore::HTMLCollection::~HTMLCollection):
        (WebCore::HTMLCollection::invalidateCache):
        (WebCore::HTMLCollection::invalidateNamedElementCache): Renamed from invalidateIdNameCacheMaps.
        (WebCore::HTMLCollection::namedItem):
        (WebCore::HTMLCollection::updateNamedElementCache): Renamed from updateNameCache.
        (WebCore::HTMLCollection::namedItems):

        * html/HTMLCollection.h:
        (WebCore::CollectionNamedElementCache::findElementsWithId): Renamed from HTMLCollection::idCache.
        (WebCore::CollectionNamedElementCache::findElementsWithName): Renamed from HTMLCollection::nameCache.
        (WebCore::CollectionNamedElementCache::appendIdCache): Moved from HTMLCollection.
        (WebCore::CollectionNamedElementCache::appendNameCache): Ditto.
        (WebCore::CollectionNamedElementCache::find): Ditto.
        (WebCore::CollectionNamedElementCache::append): Ditto.

        (WebCore::HTMLCollection::invalidateCache):
        (WebCore::HTMLCollection::hasNamedElementCache): Renamed from hasIdNameCache.
        (WebCore::HTMLCollection::createNameItemCache): Added.
        (WebCore::HTMLCollection::namedItemCaches): Added.

        * html/HTMLFormControlsCollection.cpp:
        (WebCore::HTMLFormControlsCollection::updateNamedElementCache):
        * html/HTMLFormControlsCollection.h:

2014-02-26  Ryosuke Niwa  <rniwa@webkit.org>

        Indenting an indented image element resulted in an extra indentation
        https://bugs.webkit.org/show_bug.cgi?id=129201

        Reviewed by Enrica Casucci.

        The bug was caused by endOfParagraph returning a position at the beginning of a block when the position
        passed into the function was at the beginning of the block. Consider the following DOM:
        <blockquote><img></blockquote>

        When endOfParagraph is called on (blockquote, 0), the condition r->isBR() || isBlock(n) in endOfParagraph
        matches immediately on startNode and it returns (blockquote, 0) again.

        This resulted in moveParagraphWithClones invoked by indentIntoBlockquote to erroneously clone the inner
        blockquote. Worked around this bug in ApplyBlockElementCommand::formatSelection by checking this specific
        condition and moving the position to the end of the block. Unfortunately, a lot of existing code depends
        on the current behavior of endOfParagraph so fixing the function itself was not possible.

        There was another bug in indentIntoBlockquote to incorrectly insert a new blockquote into the existing
        blockquote due to the code introduced in r99594 to avoid inserting before the root editable element.
        Since this happens only if outerBlock is the root editable element, which is nodeToSplitTo or an ancestor
        of nodeToSplitTo, explicitly look for this condition.

        Test: editing/execCommand/indent-img-twice.html

        * editing/ApplyBlockElementCommand.cpp:
        (WebCore::ApplyBlockElementCommand::formatSelection):
        (WebCore::isNewLineAtPosition):
        * editing/IndentOutdentCommand.cpp:
        (WebCore::IndentOutdentCommand::indentIntoBlockquote):
        * editing/VisibleUnits.cpp:
        (WebCore::endOfParagraph): Added a FIXME.

2014-02-26  Simon Fraser  <simon.fraser@apple.com>

        Fix two assertions/crashes in compositing code
        https://bugs.webkit.org/show_bug.cgi?id=129414

        Reviewed by Dean Jackson.

        Fix two issues introduced in r164759.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::removeFromScrollCoordinatedLayers): Don't call
        ourselves recursively!
        (WebCore::RenderLayerCompositor::detachScrollCoordinatedLayer): We call this
        function unconditionally on layer teardown, so this assertion is bogus.

2014-02-26  Simon Fraser  <simon.fraser@apple.com>

        Fix the build with some compiler configurations.

        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
        (WebCore::ScrollAnimatorMac::didAddVerticalScrollbar):
        (WebCore::ScrollAnimatorMac::didAddHorizontalScrollbar):

2014-02-26  Myles C. Maxfield  <mmaxfield@apple.com>

        Ranges given to createMarkupInternal might not be canonicalized
        https://bugs.webkit.org/show_bug.cgi?id=129408

        Reviewed by Ryosuke Niwa.

        When WebKit clients (such as Mail) call WKWebArchiveCreateFromRange() with a range,
        that range is not necessarily canonicalized. Therefore, comparing it for equality
        with a canonicalized range might return a false negative. Instead, we should compare
        canonicalized ranges.

        No new tests because this codepath will only be reached via SPI.

        * editing/markup.cpp:
        (WebCore::createMarkupInternal):

2014-02-26  Enrica Casucci  <enrica@apple.com>

        [iOS WebKit2] Form controls handling: implement date and time controls.
        https://bugs.webkit.org/show_bug.cgi?id=129344

        Reviewed by Simon Fraser and Joseph Pecoraro.

        Adding one localizable string.

        * English.lproj/Localizable.strings:

2014-02-26  Simon Fraser  <simon.fraser@apple.com>

        Prepare for overflow scrolling nodes in the scrolling tree
        https://bugs.webkit.org/show_bug.cgi?id=129398

        Reviewed by Tim Horton.

        Lay some groundwork for overflow:scrolling nodes in the scrolling tree.
        Change terminology to refer to "scroll-coordinatored" layers now, not just viewport-constrained
        layers.
        
        A given layer can be both viewport-constrained and overflow-scrolling (e.g. position:fixed,
        overflow:scroll), so handle that in RenderLayerBacking, and use some "reason" flags
        in RenderLayerCompositor.

        * page/FrameView.cpp:
        (WebCore::FrameView::scrollLayerID): Rename
        * page/scrolling/ScrollingStateTree.cpp:
        (WebCore::ScrollingStateTree::attachNode): Remove invalid assertion.
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::RenderLayerBacking):
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        (WebCore::RenderLayerBacking::updateScrollingLayers): Simplify the logic with
        an early return.
        (WebCore::RenderLayerBacking::detachFromScrollingCoordinator):
        Allow a layer to play both viewport-constrained and scrolling roles
        in the scrolling tree.
        * rendering/RenderLayerBacking.h:
        (WebCore::RenderLayerBacking::viewportConstrainedNodeID):
        (WebCore::RenderLayerBacking::setViewportConstrainedNodeID):
        (WebCore::RenderLayerBacking::scrollingNodeID):
        (WebCore::RenderLayerBacking::setScrollingNodeID):
        (WebCore::RenderLayerBacking::scrollingNodeIDForChildren):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::flushPendingLayerChanges):
        (WebCore::RenderLayerCompositor::didFlushChangesForLayer):
        (WebCore::RenderLayerCompositor::updateBacking):
        (WebCore::RenderLayerCompositor::layerWillBeRemoved):
        (WebCore::RenderLayerCompositor::fixedRootBackgroundLayerChanged):
        (WebCore::RenderLayerCompositor::clearBackingForLayerIncludingDescendants):
        (WebCore::RenderLayerCompositor::requiresCompositingLayer):
        (WebCore::RenderLayerCompositor::requiresOwnBackingStore):
        (WebCore::RenderLayerCompositor::reasonsForCompositing):
        (WebCore::RenderLayerCompositor::requiresCompositingForScrolling):
        (WebCore::isViewportConstrainedFixedOrStickyLayer):
        (WebCore::isMainFrameScrollingOrOverflowScrolling):
        (WebCore::RenderLayerCompositor::rootLayerAttachmentChanged):
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedStatus):
        (WebCore::RenderLayerCompositor::removeFromScrollCoordinatedLayers):
        (WebCore::nearestScrollCoordinatedAncestor):
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):
        (WebCore::RenderLayerCompositor::detachScrollCoordinatedLayer):
        (WebCore::RenderLayerCompositor::registerAllViewportConstrainedLayers):
        (WebCore::RenderLayerCompositor::willRemoveScrollingLayer):
        (WebCore::RenderLayerCompositor::didAddScrollingLayer):
        * rendering/RenderLayerCompositor.h:

2014-02-26  Andy Estes  <aestes@apple.com>

        [iOS] Support network state notification using CPNetworkObserver
        https://bugs.webkit.org/show_bug.cgi?id=129358

        Reviewed by Dan Bernstein.

        Add iOS support for navigator.onLine and online/offline events. Since
        it can be expensive to query CPNetworkObserver, wait to do so until
        someone calls NetworkStateObserver::onLine() or
        NetworkStateObserver::addNetworkStateChangeListener(). For clients that
        don't wish to observe network reachability at all, add a global opt-out.
        These clients will only pay the cost of CPNetworkObserver if they load
        a page that explicitly accesses navigator.onLine.

        No new tests. Covered by existing tests.

        * WebCore.exp.in: Stopped exporting NetworkStateNotifier::setIsOnLine()
        and started exporting Settings::gShouldOptOutOfNetworkStateObservation.
        * WebCore.xcodeproj/project.pbxproj: Renamed NetworkStateNotifierIOS.cpp
        to NetworkStateNotifierIOS.mm.
        * page/Settings.cpp: Defaulted gShouldOptOutOfNetworkStateObservation
        to false.
        * page/Settings.h:
        (WebCore::Settings::setShouldOptOutOfNetworkStateObservation):
        (WebCore::Settings::shouldOptOutOfNetworkStateObservation):
        * platform/network/NetworkStateNotifier.cpp:
        (WebCore::NetworkStateNotifier::addNetworkStateChangeListener): Ignored
        the listener if Settings::shouldOptOutOfNetworkStateObservation().
        Called registerObserverIfNecessary() and added the listener otherwise.
        (WebCore::NetworkStateNotifier::notifyNetworkStateChange): Const qualified.
        * platform/network/NetworkStateNotifier.h
        (NetworkStateNotifier::onLine):
        * platform/network/ios/NetworkStateNotifierIOS.cpp: Removed.
        * platform/network/ios/NetworkStateNotifierIOS.mm: Added.
        (-[NetworkStateObserver initWithNotifier:WebCore::]): Registered self
        as a network reachable observer on CPNetworkObserver.
        (-[NetworkStateObserver dealloc]): Removed self as a network reachable
        observer.
        (-[NetworkStateObserver networkStateChanged:]): Called setOnLine() on
        the web thread, passing the reachability value from the notification.
        (WebCore::NetworkStateNotifier::NetworkStateNotifier):
        (WebCore::NetworkStateNotifier::~NetworkStateNotifier): Cleared
        m_observer's pointer back to us.
        (WebCore::NetworkStateNotifier::registerObserverIfNecessary): Initialized
        m_observer if necessary.
        (WebCore::NetworkStateNotifier::onLine): Called
        registerObserverIfNecessary() and set an initial value for m_isOnLine
        if m_isOnLineInitialized is false. Returned m_isOnLine.
        (WebCore::setOnLine): Set m_isOnLine and called
        notifyNetworkStateChange() if needed. Unconditionally set
        m_isOnLineInitialized to true.

2014-02-26  Brian Burg  <bburg@apple.com>

        Unreviewed build fix for !ENABLE(CONTEXT_MENUS).

        I forgot to add guards to handleContextMenuEvent().

        * replay/UserInputBridge.cpp:
        * replay/UserInputBridge.h:

2014-02-26  Dean Jackson  <dino@apple.com>

        [WebGL] Only skip context error retrieval if a pending context
        https://bugs.webkit.org/show_bug.cgi?id=129397

        Reviewed by Tim Horton.

        A lost context should still ask the GC3D what the error is. Only
        a pending context should return early.

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getError):

2014-02-26  Brian Burg  <bburg@apple.com>

        Web Replay: route through UserInputBridge when delivering user inputs to WebCore
        https://bugs.webkit.org/show_bug.cgi?id=128150

        Reviewed by Timothy Hatcher.

        Add an UserInputBridge instance to each Page. WebKit2 routes a page's user inputs through
        the WebCore page's user input bridge so that the inputs can be selectively captured, filtered,
        and replayed using instrumentation inside the UserInputBridge.

        For now, the routing methods of UserInputBridge have no replay-specific code paths, and just
        put the input delivery code inside WebCore rather than its external clients. Replay-specific
        code paths will be added once https://bugs.webkit.org/show_bug.cgi?id=128782 is fixed. However,
        once complete the code will work as follows:

        - When neither capturing or replaying, behavior is unchanged.

        - When capturing user inputs, each external input is saved into a replay log as it crosses
        the bridge from outside WebCore.

        - When replaying, the bridge closes and user inputs from WebKit2 are not accepted. Instead,
        the saved inputs from the replay log are re-dispatched as if they had crossed the bridge.

        * CMakeLists.txt:
        * GNUmakefile.am:
        * GNUmakefile.list.am:
        * WebCore.exp.in: Add symbols for input routing methods.
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * page/Page.cpp:
        (WebCore::Page::Page): Initialize the owned UserInputBridge in the Page constructor.
        * page/Page.h:
        (WebCore::Page::inputBridge): Added a by-reference getter.
        * replay/UserInputBridge.cpp: Added.
        (WebCore::UserInputBridge::UserInputBridge):
        (WebCore::UserInputBridge::~UserInputBridge):
        (WebCore::UserInputBridge::handleContextMenuEvent):
        (WebCore::UserInputBridge::handleMousePressEvent):
        (WebCore::UserInputBridge::handleMouseReleaseEvent):
        (WebCore::UserInputBridge::handleMouseMoveEvent):
        (WebCore::UserInputBridge::handleMouseMoveOnScrollbarEvent):
        (WebCore::UserInputBridge::handleKeyEvent):
        (WebCore::UserInputBridge::handleAccessKeyEvent):
        (WebCore::UserInputBridge::handleWheelEvent):
        (WebCore::UserInputBridge::focusSetActive):
        (WebCore::UserInputBridge::focusSetFocused):
        (WebCore::UserInputBridge::scrollRecursively):
        (WebCore::UserInputBridge::logicalScrollRecursively):
        (WebCore::UserInputBridge::loadRequest):
        (WebCore::UserInputBridge::reloadFrame):
        (WebCore::UserInputBridge::stopLoadingFrame):
        (WebCore::UserInputBridge::tryClosePage):
        * replay/UserInputBridge.h: Added.

2014-02-26  Dean Jackson  <dino@apple.com>

        [WebGL] Protect more WebGL entry points for pending contexts
        https://bugs.webkit.org/show_bug.cgi?id=129386

        Reviewed by Tim Horton.

        There are entry points into a WebGLRenderingContext that don't
        come from the web-exposed API directly, such as drawImage with
        the WebGL canvas. Protect these by returning early if we're
        a pending context.

        Also a bunch of drive-by 0 -> nullptr changes.

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::markLayerComposited):
        (WebCore::WebGLRenderingContext::paintRenderingResultsToCanvas):
        (WebCore::WebGLRenderingContext::paintRenderingResultsToImageData):
        (WebCore::WebGLRenderingContext::reshape):
        (WebCore::WebGLRenderingContext::createBuffer):
        (WebCore::WebGLRenderingContext::createFramebuffer):
        (WebCore::WebGLRenderingContext::createTexture):
        (WebCore::WebGLRenderingContext::createProgram):
        (WebCore::WebGLRenderingContext::createRenderbuffer):
        (WebCore::WebGLRenderingContext::createShader):
        (WebCore::WebGLRenderingContext::getActiveAttrib):
        (WebCore::WebGLRenderingContext::getActiveUniform):
        (WebCore::WebGLRenderingContext::getContextAttributes):
        (WebCore::WebGLRenderingContext::getError):
        (WebCore::WebGLRenderingContext::getExtension):
        (WebCore::WebGLRenderingContext::getShaderPrecisionFormat):
        (WebCore::WebGLRenderingContext::getUniformLocation):
        (WebCore::WebGLRenderingContext::drawImageIntoBuffer):
        (WebCore::WebGLRenderingContext::videoFrameToImage):
        (WebCore::WebGLRenderingContext::validateBufferDataParameters):
        (WebCore::WebGLRenderingContext::LRUImageBufferCache::imageBuffer):

2014-02-26  Bem Jones-Bey  <bjonesbe@adobe.com>

        [CSS Shapes] inset and inset-rectangle trigger assert with replaced element and large percentage dimension
        https://bugs.webkit.org/show_bug.cgi?id=129060

        Reviewed by Simon Fraser.

        A bounds check was omitted when computing the width and height for inset
        rectangles, making it possible for the width or height to end up being
        negative. This patch adds in that check for both. It seems that only
        replaced elements like iframe and img trigger this problem.

        Tests: fast/shapes/shape-outside-floats/shape-outside-floats-img-inset-negative-width-crash.html
               fast/shapes/shape-outside-floats/shape-outside-floats-img-inset-rectangle-negative-width-crash.html

        * rendering/shapes/Shape.cpp:
        (WebCore::Shape::createShape):

2014-02-26  Myles C. Maxfield  <mmaxfield@apple.com>

        Underlines are too thick when zoomed in
        https://bugs.webkit.org/show_bug.cgi?id=129352

        Reviewed by Dean Jackson.

        The input to the underline drawing code is in user-space, not device-space.
        The underlines were getting scaled twice, once in InlineTextBox and the other
        in GraphicsContext.

        Test: fast/css3-text/css3-text-decoration/text-decoration-scaled.html

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paintDecoration):

2014-02-26  Andreas Kling  <akling@apple.com>

        Remove unused InspectorCounters.
        <https://webkit.org/b/129367>

        The InspectorCounters code was only used to implement two layout test
        APIs (window.internals.numberOfLive{Nodes,Documents}) yet it had hooks
        in crazy places like Node construction and destruction.

        Rewrote the internals APIs to iterate over all live Documents instead,
        totaling up their referencing Node count. Added a process-global
        Document::allDocuments() HashSet to make this whole thing possible.

        Reviewed by Sam Weinig.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * WebCore.exp.in:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSEventListener.cpp:
        * dom/Document.cpp:
        (WebCore::Document::allDocuments):
        (WebCore::Document::Document):
        (WebCore::Document::~Document):
        * dom/Document.h:
        (WebCore::Node::Node):
        * dom/Node.cpp:
        (WebCore::Node::~Node):
        * inspector/InspectorAllInOne.cpp:
        * inspector/InspectorCounters.cpp: Removed.
        * inspector/InspectorCounters.h: Removed.
        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::start):
        (WebCore::InspectorTimelineAgent::innerAddRecordToTimeline):
        (WebCore::InspectorTimelineAgent::InspectorTimelineAgent):
        * inspector/InspectorTimelineAgent.h:
        * inspector/protocol/Timeline.json:
        * platform/ThreadGlobalData.cpp:
        * testing/Internals.cpp:
        (WebCore::Internals::numberOfLiveNodes):
        (WebCore::Internals::numberOfLiveDocuments):
        * testing/Internals.h:
        * testing/Internals.idl:

2014-02-26  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Remove console.profiles from window.console API
        https://bugs.webkit.org/show_bug.cgi?id=116883

        Reviewed by Timothy Hatcher.

        console.profiles has been removed or never implemented by other
        browsers. We should remove it as well. However, since tests
        rely on it, keep it as window.internals.consoleProfiles.

        * WebCore.exp.in:
        * page/Console.idl:
        * testing/Internals.cpp:
        (WebCore::Internals::consoleProfiles):
        * testing/Internals.h:
        * testing/Internals.idl:

2014-02-26  Martin Hock  <mhock@apple.com>

        Create SessionID value-style class for session IDs.
        https://bugs.webkit.org/show_bug.cgi?id=129141

        Reviewed by Sam Weinig.

        * GNUmakefile.list.am:
        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * page/Page.cpp: Add SessionID member.
        (WebCore::Page::Page):
        (WebCore::Page::sessionID): Retrieve sessionID or use settings if not set.
        * page/Page.h:
        (WebCore::Page::isSessionIDSet):
        (WebCore::Page::setSessionID):
        * page/SessionID.h: Session ID class consisting solely of its uint64_t session ID.
        (WebCore::SessionID::SessionID):
        (WebCore::SessionID::isValid): Not empty.
        (WebCore::SessionID::isEphemeral):
        (WebCore::SessionID::sessionID):
        (WebCore::SessionID::operator==): Value-based equality.
        (WebCore::SessionID::operator!=):
        (WebCore::SessionID::emptySessionID): Zero value also used for HashTraits emptyValue.
        (WebCore::SessionID::defaultSessionID):
        (WebCore::SessionID::legacyPrivateSessionID):
        * page/SessionIDHash.h:
        (WTF::SessionIDHash::hash): Just the casted session ID (low order bytes)
        (WTF::SessionIDHash::equal):
        (WTF::HashTraits<WebCore::SessionID>::emptyValue): Equal to emptySessionID.
        (WTF::HashTraits<WebCore::SessionID>::constructDeletedValue): -1 value.
        (WTF::HashTraits<WebCore::SessionID>::isDeletedValue):

2014-02-26  Eric Carlson  <eric.carlson@apple.com>

        Fix builds that don't define IMAGE_CONTROLS.

        * page/ContextMenuContext.cpp:
        (WebCore::ContextMenuContext::ContextMenuContext):

2014-02-26  Eric Carlson  <eric.carlson@apple.com>

        Build fix for OS X after r164720.

        * page/ContextMenuContext.cpp:

2014-02-26  Brady Eidson  <beidson@apple.com>

        Pipe experimental image controls menu up to WebKit2
        https://bugs.webkit.org/show_bug.cgi?id=129339

        Reviewed by Simon Fraser.

        Handle events for the image control, starting down the context menu code path if appropriate:
        * html/shadow/mac/ImageControlsRootElementMac.cpp:
        (WebCore::ImageControlsRootElementMac::defaultEventHandler):
        * html/shadow/mac/ImageControlsRootElementMac.h:

        Add a class to hold a HitTestResult and addition info about the current ContextMenu invocation:
        * page/ContextMenuContext.cpp: Added.
        (WebCore::ContextMenuContext::ContextMenuContext):
        * page/ContextMenuContext.h: Added.
        (WebCore::ContextMenuContext::hitTestResult):
        (WebCore::ContextMenuContext::isImageControl):

        Update ContextMenuController to work with ContextMenuContext instead of HitTestResult directly:
        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::showContextMenu):
        (WebCore::ContextMenuController::createContextMenu):
        (WebCore::ContextMenuController::contextMenuItemSelected):
        (WebCore::ContextMenuController::populate):
        (WebCore::ContextMenuController::addInspectElementItem):
        (WebCore::ContextMenuController::checkOrEnableIfNeeded):
        (WebCore::ContextMenuController::showImageControlsMenu):
        * page/ContextMenuController.h:
        (WebCore::ContextMenuController::contextMenu):
        (WebCore::ContextMenuController::setContextMenuContext):
        (WebCore::ContextMenuController::context):
        (WebCore::ContextMenuController::hitTestResult):

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:

2014-02-26  Zan Dobersek  <zdobersek@igalia.com>

        REGRESSION(r162947): Document::topDocument() returns an incorrect reference for cached Documents
        https://bugs.webkit.org/show_bug.cgi?id=128175

        Reviewed by Antti Koivisto.

        * dom/Document.cpp:
        (WebCore::Document::topDocument): Fall back to pre-r162947 way of determining the top document
        when the Document is in page cache or is in the middle of having its render tree destroyed.
        In the first case, the determined top document is actually the document currently loaded in the
        Frame to which the cached document is still connected, which is obviously not desired. In the
        second case the top document is similarly incorrectly deduced, leading to non-deletion of the
        proper top document's AXObjectCache. Because of this AccessibilityRenderObjects are not detached
        which results in assertions in RenderObject destructor where the objects are found to be still
        flagged as in use by the AX cache.

2014-02-26  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Remove unused method RenderFlowThread::updateLayerToRegionMappings()
        https://bugs.webkit.org/show_bug.cgi?id=129368

        Reviewed by Andrei Bucur.

        Remove unused code, no new tests.

        * rendering/RenderFlowThread.h:

2014-02-26  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GTK] Regression when showing the captions menu
        https://bugs.webkit.org/show_bug.cgi?id=129106

        Reviewed by Martin Robinson.

        In some cases, when clicking the captions button the menu was not
        shown.

        Updated test: media/video-controls-captions-trackmenu.html

        * Modules/mediacontrols/mediaControlsGtk.js:
        (ControllerGtk.prototype.buildCaptionMenu):
        (ControllerGtk.prototype.showCaptionMenu): Specify sizes in
        pixels.

2014-02-26  Ryosuke Niwa  <rniwa@webkit.org>

        Avoid unnecessary HTML Collection invalidations for id and name attribute changes
        https://bugs.webkit.org/show_bug.cgi?id=129361

        Reviewed by Benjamin Poulain.

        Before this patch, setting id and name attributes resulted in traversing all the ancestors to invalidate
        HTML collections on those nodes whenever we had more than one HTMLCollection alive.

        Avoid the traversal when HTMLCollections don't have any valid id and name map caches by making each
        HTMLCollection explicitly call collectionCachedIdNameMap and collectionWillClearIdNameMap when it caches
        or clears the id and name map.

        Inspired by https://chromium.googlesource.com/chromium/blink/+/5b06b91b79098f7d42e480f85be32198315d2440

        * dom/Document.cpp:
        (WebCore::Document::registerCollection): Takes a boolean to indicate whether collection has a valid cache
        for the id and name map.
        (WebCore::Document::unregisterCollection): Ditto.
        (WebCore::Document::collectionCachedIdNameMap): Added.
        (WebCore::Document::collectionWillClearIdNameMap): Added.
        * dom/Document.h:

        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::adoptDocument): Call invalidateCache on HTML collections after, not before,
        calling unregisterCollection and registerCollection since collections' owner nodes have already been
        moved to the new document here and invalidateCache uses owner node's document to call
        collectionWillClearIdNameMap. So calling invalidateCache before calling unregister/registerCollection
        would result in collectionWillClearIdNameMap getting called on a wrong document.

        * html/HTMLCollection.cpp:
        (WebCore::HTMLCollection::HTMLCollection):
        (WebCore::HTMLCollection::~HTMLCollection):
        (WebCore::HTMLCollection::invalidateCache):
        (WebCore::HTMLCollection::invalidateIdNameCacheMaps): Added the code to uncount itself from the number
        of live node lists and HTML collections that need to be invalidated upon id and name attribute changes.
        (WebCore::HTMLCollection::updateNameCache):

        * html/HTMLCollection.h:
        (WebCore::HTMLCollection::invalidateCache):
        (WebCore::HTMLCollection::hasIdNameCache): Renamed from hasNameCache.
        (WebCore::HTMLCollection::setHasIdNameCache): Renamed from setHasIdNameCache.

        * html/HTMLFormControlsCollection.cpp:
        (WebCore::HTMLFormControlsCollection::updateNameCache):

2014-02-25  Frédéric Wang  <fred.wang@free.fr>

        Add support for minsize/maxsize attributes.
        https://bugs.webkit.org/show_bug.cgi?id=122567

        Reviewed by Chris Fleizach.

        This change implements the minsize/maxsize attributes of the mo element.
        We also switch stretch sizes from int to LayoutUnit to improve accuracy.

        Tests: mathml/presentation/stretchy-minsize-maxsize-dynamic.html
               mathml/presentation/stretchy-minsize-maxsize.html

        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::SetOperatorProperties):
        (WebCore::RenderMathMLOperator::stretchTo):
        * rendering/mathml/RenderMathMLOperator.h:
        * rendering/mathml/RenderMathMLRow.cpp:
        (WebCore::RenderMathMLRow::layout):

2014-02-25  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Small clean-up of flow threads accelerated compositing code
        https://bugs.webkit.org/show_bug.cgi?id=129312

        Reviewed by Andrei Bucur.

        Some clean-up for the code used for regions in accelerated compositing functionality:
        1. Rename updateRenderFlowThreadLayersIfNeeded -> updateFlowThreadsLayerToRegionMappingsIfNeeded
        as the function updates the mapping between the flow threads layers and their corresponding regions
        2. Remove RenderLayerCompositor::updateRenderFlowThreadLayersIfNeeded and move the code in place
        at call site since the function body does not require a dedicated function.

        No new functionality, no new tests.

        * rendering/FlowThreadController.cpp:
        (WebCore::FlowThreadController::updateFlowThreadsLayerToRegionMappingsIfNeeded):
        Now that the regions are always layers, we do not need to iterate backwards.
        * rendering/FlowThreadController.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateCompositingLayers):
        * rendering/RenderLayerCompositor.h:

2014-02-25  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Ensure consistent border painting width.
        https://bugs.webkit.org/show_bug.cgi?id=129259

        Reviewed by Simon Fraser.

        Border edges are painted as (semi)independent rectangles. When snapping an edge rectangle
        to device pixels, its painted dimensions depend on its size and its fractional position.
        Specific combination of position and border width can result in painting edges sized differently.
        Using device snapped border width to calculate inner/outer rectangles helps to maintain
        uniform border width.

        Currently not testable.

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::BorderEdge::BorderEdge):
        (WebCore::BorderEdge::shouldRender):
        (WebCore::BorderEdge::presentButInvisible):
        (WebCore::BorderEdge::widthForPainting):
        (WebCore::BorderEdge::getDoubleBorderStripeWidths):
        (WebCore::RenderBoxModelObject::paintOneBorderSide):
        (WebCore::calculateSideRect):
        (WebCore::RenderBoxModelObject::paintBorderSides):
        (WebCore::RenderBoxModelObject::paintBorder):
        (WebCore::RenderBoxModelObject::drawBoxSideFromPath):
        (WebCore::calculateSideRectIncludingInner):

2014-02-25  Zalan Bujtas  <zalan@apple.com>

        Subpixel layout: Remove explicit static_cast<LayoutUnit> conversions.
        https://bugs.webkit.org/show_bug.cgi?id=129359

        Reviewed by Simon Fraser.

        No testable change in behavior.

        * css/LengthFunctions.cpp:
        (WebCore::minimumValueForLength):
        * page/FrameView.cpp:
        (WebCore::FrameView::forceLayoutForPagination):
        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::paintFillLayer):
        * rendering/InlineFlowBox.h:
        (WebCore::InlineFlowBox::logicalLeftVisualOverflow):
        (WebCore::InlineFlowBox::logicalRightVisualOverflow):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::isSelected):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::computeColumnCountAndWidth):
        (WebCore::getBPMWidth):
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::adjustForBorderFit):
        * rendering/RenderDeprecatedFlexibleBox.cpp:
        (WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox):
        * rendering/RenderFieldset.cpp:
        (WebCore::RenderFieldset::paintBoxDecorations):
        * rendering/RenderTable.h:
        (WebCore::RenderTable::borderSpacingInRowDirection):
        * rendering/RenderTextControlMultiLine.cpp:
        (WebCore::RenderTextControlMultiLine::preferredContentLogicalWidth):
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::preferredContentLogicalWidth):
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::beforeAnnotationsAdjustment):
        (WebCore::RootInlineBox::ascentAndDescentForBox):
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::resolveLengthAttributeForSVG):

2014-02-25  Anders Carlsson  <andersca@apple.com>

        Build fixes.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:

2014-02-25  Benjamin Poulain  <bpoulain@apple.com>

        Build fix for OS X after r164690

        * WebCore.exp.in:

2014-02-25  Anders Carlsson  <andersca@apple.com>

        Rename WebCore::VisitedLinkProvider to WebCore::VisitedLinkStore
        https://bugs.webkit.org/show_bug.cgi?id=129357

        Reviewed by Sam Weinig.

        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/VisitedLinkState.cpp:
        (WebCore::VisitedLinkState::determineLinkStateSlowCase):
        * loader/HistoryController.cpp:
        (WebCore::addVisitedLink):
        * page/DefaultVisitedLinkStore.cpp: Renamed from Source/WebCore/page/DefaultVisitedLinkProvider.cpp.
        (WebCore::DefaultVisitedLinkStore::create):
        (WebCore::DefaultVisitedLinkStore::DefaultVisitedLinkStore):
        (WebCore::DefaultVisitedLinkStore::~DefaultVisitedLinkStore):
        (WebCore::DefaultVisitedLinkStore::isLinkVisited):
        (WebCore::DefaultVisitedLinkStore::addVisitedLink):
        * page/DefaultVisitedLinkStore.h: Renamed from Source/WebCore/page/DefaultVisitedLinkProvider.h.
        * page/Page.cpp:
        (WebCore::Page::Page):
        (WebCore::Page::visitedLinkStore):
        * page/Page.h:
        * page/PageGroup.cpp:
        (WebCore::PageGroup::visitedLinkStore):
        * page/PageGroup.h:
        * page/VisitedLinkStore.cpp: Renamed from Source/WebCore/page/VisitedLinkProvider.cpp.
        (WebCore::VisitedLinkStore::VisitedLinkStore):
        (WebCore::VisitedLinkStore::~VisitedLinkStore):
        * page/VisitedLinkStore.h: Renamed from Source/WebCore/page/VisitedLinkProvider.h.

2014-02-25  Enrica Casucci  <enrica@apple.com>

        [WebKit2] Form controls handling.
        https://bugs.webkit.org/show_bug.cgi?id=129344
        <rdar://problem/16053643>

        Reviewed by Simon Fraser and Joseph Pecoraro.

        Adding some exports.
        
        * WebCore.exp.in:

2014-02-25  Samuel White  <samuel_white@apple.com>

        Add accessibility search predicate support for AXOutlines
        https://bugs.webkit.org/show_bug.cgi?id=123748

        Reviewed by Chris Fleizach.

        Added new AXOutlineSearchKey to support finding elements with aria role=tree.

        No new tests, updated existing search-predicate.html test to cover AXOutlineSearchKey.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::isAccessibilityObjectSearchMatchAtIndex):
        * accessibility/AccessibilityObject.h:
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (createAccessibilitySearchKeyMap):

2014-02-25  Mark Lam  <mark.lam@apple.com>

        Need to initialize VM stack data even when the VM is on an exclusive thread.
        <https://webkit.org/b/129265>

        Not reviewed.

        No new tests.

        Relanding r164627 now that <https://webkit.org/b/129341> is fixed.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::reportException):
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::commonVM):

2014-02-25  Mark Lam  <mark.lam@apple.com>

        JSDOMPromise methods should acquire VM lock before calling into JS.
        <https://webkit.org/b/129341>

        Reviewed by Geoffrey Garen.

        No new tests.

        * bindings/js/JSDOMPromise.h:
        (WebCore::DeferredWrapper::resolve):
        (WebCore::DeferredWrapper::reject):
        (WebCore::DeferredWrapper::resolve<String>):
        (WebCore::DeferredWrapper::resolve<bool>):
        (WebCore::char>>):
        (WebCore::DeferredWrapper::reject<String>):

2014-02-25  Anders Carlsson  <andersca@apple.com>

        Simplify visited link style invalidation
        https://bugs.webkit.org/show_bug.cgi?id=129340

        Reviewed by Dan Bernstein.

        Get rid of the static Page::allVisitedStateChanged and Page::visitedStateChanged
        member functions and add functions to invalidate all styles on a single page or the style
        for a single link hash on a single page.

        * WebCore.exp.in:
        * page/Page.cpp:
        (WebCore::Page::invalidateStylesForAllLinks):
        (WebCore::Page::invalidateStylesForLink):
        * page/Page.h:
        * page/PageGroup.cpp:
        (WebCore::PageGroup::addVisitedLink):
        (WebCore::PageGroup::removeVisitedLink):
        (WebCore::PageGroup::removeVisitedLinks):

2014-02-25  Andreas Kling  <akling@apple.com>

        Remove unused ThreadSpecificInspectorCounters.
        <https://webkit.org/b/129337>

        We were keeping count of all the JS event listeners in every thread
        to support an old Chromium feature that's no longer relevant.

        Removing this gets rid of expensive thread-local storage lookups.

        Reviewed by Anders Carlsson.

        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::JSEventListener):
        (WebCore::JSEventListener::~JSEventListener):
        * inspector/InspectorCounters.cpp:
        * inspector/InspectorCounters.h:
        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::setDOMCounters):
        * inspector/protocol/Timeline.json:
        * platform/ThreadGlobalData.cpp:
        (WebCore::ThreadGlobalData::ThreadGlobalData):
        (WebCore::ThreadGlobalData::destroy):
        * platform/ThreadGlobalData.h:

2014-02-25  Laszlo Vidacs  <lvidacs.u-szeged@partner.samsung.com>

        display:table with padding and/or borders in border-box calculates height incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=126576

        Reviewed by David Hyatt.

        Based on blink issue https://codereview.chromium.org/25206002/

        Tests: fast/box-sizing/css-table-collapse.html
               fast/box-sizing/css-table-no-collapse.html
               fast/box-sizing/table-collapse.html
               fast/box-sizing/table-no-collapse.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computePositionedLogicalHeightUsing):

2014-02-25  Anders Carlsson  <andersca@apple.com>

        Get rid of VisitedLinkStrategy
        https://bugs.webkit.org/show_bug.cgi?id=129324

        Reviewed by Dan Bernstein.

        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/PlatformStrategies.h:
        (WebCore::PlatformStrategies::PlatformStrategies):
        * platform/VisitedLinkStrategy.h: Removed.

2014-02-25  Alexey Proskuryakov  <ap@apple.com>

        Rolling out http://trac.webkit.org/changeset/164611, because it broke
        WebKit2.PrivateBrowsingPushStateNoHistoryCallback API test

        The change was for:

        https://bugs.webkit.org/show_bug.cgi?id=129141
        Create SessionID class

2014-02-25  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r164627.
        http://trac.webkit.org/changeset/164627
        https://bugs.webkit.org/show_bug.cgi?id=129325

        Broke SubtleCrypto tests (Requested by ap on #webkit).

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::reportException):
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::commonVM):

2014-02-25  Anders Carlsson  <andersca@apple.com>

        DefaultVisitedLinkProvider can just call into the page group directly
        https://bugs.webkit.org/show_bug.cgi?id=129320

        Reviewed by Andreas Kling.

        * page/DefaultVisitedLinkProvider.cpp:
        (WebCore::DefaultVisitedLinkProvider::isLinkVisited):
        (WebCore::DefaultVisitedLinkProvider::addVisitedLink):

2014-02-25  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r164638.
        http://trac.webkit.org/changeset/164638
        https://bugs.webkit.org/show_bug.cgi?id=129321

        Broke Windows build. (Requested by bfulgham on #webkit).

        * dom/ContainerNode.h:
        (WebCore::ChildNodesLazySnapshot::takeSnapshot):
        (WebCore::ChildNodesLazySnapshot::hasSnapshot):
        * dom/Element.cpp:
        (WebCore::ensureAttrNodeListForElement):
        (WebCore::Element::attributes):
        * dom/ElementIteratorAssertions.h:
        (WebCore::ElementIteratorAssertions::ElementIteratorAssertions):
        * dom/ElementRareData.h:
        (WebCore::ElementRareData::create):
        (WebCore::ElementRareData::setAttributeMap):
        * dom/MutationObserverRegistration.cpp:
        (WebCore::MutationObserverRegistration::create):
        (WebCore::MutationObserverRegistration::observedSubtreeNodeWillDetach):
        (WebCore::MutationObserverRegistration::clearTransientRegistrations):
        (WebCore::MutationObserverRegistration::addRegistrationNodesToSet):
        * dom/MutationObserverRegistration.h:
        * dom/NamedNodeMap.h:
        (WebCore::NamedNodeMap::create):
        (WebCore::NamedNodeMap::NamedNodeMap):
        * dom/Node.cpp:
        (WebCore::Node::ensureRareData):
        (WebCore::Node::didMoveToNewDocument):
        (WebCore::Node::ensureEventTargetData):
        (WebCore::Node::mutationObserverRegistry):
        (WebCore::Node::registerMutationObserver):
        (WebCore::Node::unregisterMutationObserver):
        (WebCore::Node::notifyMutationObserversNodeWillDetach):
        * dom/Node.h:
        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::create):
        (WebCore::NodeListsNodeData::NodeListsNodeData):
        (WebCore::NodeMutationObserverData::create):
        (WebCore::NodeMutationObserverData::NodeMutationObserverData):
        (WebCore::NodeRareData::create):
        (WebCore::NodeRareData::clearNodeLists):
        (WebCore::NodeRareData::ensureNodeLists):
        (WebCore::NodeRareData::ensureMutationObserverData):
        (WebCore::NodeRareData::NodeRareData):
        * dom/StyledElement.cpp:
        (WebCore::StyledElement::rebuildPresentationAttributeStyle):

2014-02-25  Eric Carlson  <eric.carlson@apple.com>

        [iOS] Show status image when playing video to external device
        https://bugs.webkit.org/show_bug.cgi?id=129277

        Reviewed by Jer Noble.

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.handleEvent): Restructure the code so it is possible to handle events
            that target the video element which aren't in the HandledVideoEvents array.

        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.currentPlaybackTargetIsWireless): webkitCurrentPlaybackTargetIsWireless
            is an attribute, not a function.
        (ControllerIOS.prototype.updateWirelessPlaybackStatus): Fix style.
        (ControllerIOS.prototype.updateWirelessTargetAvailable): Ditto.
        (ControllerIOS.prototype.updateProgress): Ditto.
        (ControllerIOS.prototype.handleWrapperTouchStart): Show the controls if the wireless status
            display is touched.
        (ControllerIOS.prototype.handleFullscreenButtonClicked): Fix style
        (ControllerIOS.prototype.handleWirelessPlaybackChange): Ditto.
        (ControllerIOS.prototype.handleWirelessTargetAvailableChange):
        (ControllerIOS.prototype.handleWirelessPickerButtonClicked): Ditto. Stop even propagation.

        Move "playback target" logic into HTMLMediaSession.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::~HTMLMediaElement): Call media session.
        (WebCore::HTMLMediaElement::loadResource): Tell media session to apply media player
            restrictions now that it has a url.
        (WebCore::HTMLMediaElement::invalidateCachedTime): Only log when cached time is not 
            already invalie.
        (WebCore::HTMLMediaElement::webkitShowPlaybackTargetPicker): Call media session.
        (WebCore::HTMLMediaElement::webkitCurrentPlaybackTargetIsWireless): Ditto.
        (WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged): Ditto.
        (WebCore::HTMLMediaElement::addEventListener): Ditto.
        (WebCore::HTMLMediaElement::removeEventListen): Ditto.
        (WebCore::HTMLMediaElement::enqueuePlaybackTargetAvailabilityChangedEvent): Ditto.
        (WebCore::HTMLMediaElement::createMediaPlayer): Ditto.

        * html/HTMLMediaSession.cpp:
        (WebCore::restrictionName): Log new WirelessVideoPlaybackDisabled restriction.
        (WebCore::HTMLMediaSession::showingPlaybackTargetPickerPermitted): Return false if there
            is no page, or if wireless playback is disabled.
        (WebCore::HTMLMediaSession::currentPlaybackTargetIsWireless): New, logic from HTMLMediaElement.
        (WebCore::HTMLMediaSession::showPlaybackTargetPicker): Ditto.
        (WebCore::HTMLMediaSession::hasWirelessPlaybackTargets): Ditto.
        (WebCore::HTMLMediaSession::wirelessVideoPlaybackDisabled): Ditto.
        (WebCore::HTMLMediaSession::setWirelessVideoPlaybackDisabled): Ditto.
        (WebCore::HTMLMediaSession::setHasPlaybackTargetAvailabilityListeners): Ditto.
        (WebCore::HTMLMediaSession::applyMediaPlayerRestrictions): New, apply media player specific
            restriction.
        * html/HTMLMediaSession.h:

        Move "playback target" logic into HTMLMediaSession.
        * html/HTMLVideoElement.cpp:
        (WebCore::HTMLVideoElement::parseAttribute): Call media session.
        (WebCore::HTMLVideoElement::webkitWirelessVideoPlaybackDisabled): Call media session.

        * platform/audio/MediaSessionManager.h:
        (WebCore::MediaSessionManager::showPlaybackTargetPicker): New method, does nothing in base class.

        * platform/audio/ios/MediaSessionManagerIOS.h:
        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (WebCore::MediaSessionManageriOS::showPlaybackTargetPicker): Add non-functional stub.

        Implement wireless playback control and status API.
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::dispatchNotification): Dispatch TargetIsWirelessChanged.
        (WebCore::MediaPlayerPrivateAVFoundation::playbackTargetIsWirelessChanged): Pass through to
            media element.
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC): Initialize
            m_allowsWirelessVideoPlayback.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::cancelLoad): Remove "externalPlaybackActive" observer.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): Fix broken logging.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer): Add "externalPlaybackActive" observer,
            set initial wireless playback.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createPixelBuffer):  Fix broken logging.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::languageOfPrimaryAudioTrack): Ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::isCurrentPlaybackTargetWireless): New.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::wirelessVideoPlaybackDisabled): New.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setWirelessVideoPlaybackDisabled): New.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::playbackTargetIsWirelessDidChange): New.
        (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]): Deal with 
            externalPlaybackActive.

2014-02-24  Brent Fulgham  <bfulgham@apple.com>

        [Win] Gracefully recover from missing 'naturalSize' parameter for media
        https://bugs.webkit.org/show_bug.cgi?id=129278

        Reviewed by Eric Carlson.

        * platform/graphics/avfoundation/cf/AVFoundationCFSoftLinking.h: Add declaration for
        missing function call.
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::MediaPlayerPrivateAVFoundationCF::assetStatus): Don't treat missing 'naturalSize'
        as a fatal error.
        (WebCore::MediaPlayerPrivateAVFoundationCF::tracksChanged): Handle case of asset track
        not being available yet. 
        (WebCore::MediaPlayerPrivateAVFoundationCF::sizeChanged): If the 'naturalSize' is empty,
        use the Player Item's 'presentationSize' instead.
        (WebCore::AVFWrapper::processNotification): Add missing handler for duration changed.

2014-02-25  Sergio Villar Senin  <svillar@igalia.com>

        [CSS Grid Layout] Add ENABLE flag
        https://bugs.webkit.org/show_bug.cgi?id=129153

        Reviewed by Simon Fraser.

        Added ENABLE_CSS_GRID_LAYOUT feature flag.

        * Configurations/FeatureDefines.xcconfig:
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::isLayoutDependent):
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSGridTemplateAreasValue.cpp:
        * css/CSSGridTemplateAreasValue.h:
        * css/CSSParser.cpp:
        (WebCore::CSSParserContext::CSSParserContext):
        (WebCore::operator==):
        (WebCore::isValidKeywordPropertyAndValue):
        (WebCore::isKeywordPropertyID):
        (WebCore::CSSParser::parseValue):
        * css/CSSParser.h:
        * css/CSSParserMode.h:
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        * css/CSSPropertyNames.in:
        * css/CSSValue.cpp:
        (WebCore::CSSValue::equals):
        (WebCore::CSSValue::cssText):
        (WebCore::CSSValue::destroy):
        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::DeprecatedStyleBuilder::DeprecatedStyleBuilder):
        * css/StyleProperties.cpp:
        (WebCore::StyleProperties::getPropertyValue):
        * css/StylePropertyShorthand.cpp:
        (WebCore::shorthandForProperty):
        (WebCore::matchingShorthandsForLonghand):
        * css/StyleResolver.cpp:
        (WebCore::equivalentBlockDisplay):
        (WebCore::StyleResolver::adjustRenderStyle):
        (WebCore::StyleResolver::applyProperty):
        * css/StyleResolver.h:
        * dom/Document.cpp:
        * dom/Document.h:
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::createFor):
        * rendering/RenderGrid.cpp:
        * rendering/RenderGrid.h:
        * rendering/style/GridCoordinate.h:
        * rendering/style/GridLength.h:
        * rendering/style/GridPosition.h:
        * rendering/style/GridTrackSize.h:
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeRequiresLayout):
        * rendering/style/RenderStyle.h:
        * rendering/style/RenderStyleConstants.h:
        * rendering/style/StyleAllInOne.cpp:
        * rendering/style/StyleGridData.cpp:
        * rendering/style/StyleGridData.h:
        * rendering/style/StyleGridItemData.cpp:
        * rendering/style/StyleGridItemData.h:
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:

2014-02-25  Jer Noble  <jer.noble@apple.com>

        [EME][Mac] Fix a few issues in CDMSessionMediaSourceAVFObjC.
        https://bugs.webkit.org/show_bug.cgi?id=129310

        Reviewed by Eric Carlson.

        Only send a 'keyerror' event if an actual error code was returned, not just
        when no key was added:
        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::addKeyTimerFired):

        The 'length' parameter to a typed ArrayBufferView is the number of entries
        in the array, not the byte length:
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm:
        (WebCore::CDMSessionMediaSourceAVFObjC::generateKeyRequest):

        The return value of streamingContentKeyRequestDataForApp:contentIdentifier:trackId:options:error
        is autoreleased; do not wrap it in an adoptNS:
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm:
        (WebCore::CDMSessionMediaSourceAVFObjC::update):

2014-02-25  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        [MediaStream] Adding mock implementation of UserMediaClient
        https://bugs.webkit.org/show_bug.cgi?id=129274

        Reviewed by Eric Carlson.

        * platform/mock/UserMediaClientMock.h: Added.
        (WebCore::UserMediaClientRequestNotifier::UserMediaClientRequestNotifier):
        * testing/Internals.cpp:
        (WebCore::Internals::Internals):

2014-02-25  Ryosuke Niwa  <rniwa@webkit.org>

        Tighten bitfields in live NodeLists and HTMLCollections
        https://bugs.webkit.org/show_bug.cgi?id=129300

        Reviewed by Geoffrey Garen.

        Reduce the number of bits used for m_rootType and m_type in LiveNodeList.
        Also use enum class for LiveNodeList types. We keep "Type" suffix not to
        confuse old-ish compilers.

        * dom/ClassNodeList.cpp:
        (WebCore::ClassNodeList::ClassNodeList):
        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::getElementsByTagName):
        (WebCore::ContainerNode::getElementsByName):
        (WebCore::ContainerNode::getElementsByClassName):
        (WebCore::ContainerNode::radioNodeList):
        * dom/LiveNodeList.cpp:
        (WebCore::LiveNodeList::collectionFirst):
        (WebCore::LiveNodeList::collectionTraverseForward):
        * dom/LiveNodeList.h:
        (WebCore::LiveNodeList::LiveNodeList):
        * dom/NameNodeList.cpp:
        (WebCore::NameNodeList::NameNodeList):
        * dom/NameNodeList.h:
        (WebCore::NameNodeList::create):
        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::namedNodeListKey):
        * dom/TagNodeList.cpp:
        (WebCore::HTMLTagNodeList::HTMLTagNodeList):
        * dom/TagNodeList.h:
        (WebCore::TagNodeList::create):
        (WebCore::HTMLTagNodeList::create):
        * html/HTMLCollection.h:
        * html/LabelableElement.cpp:
        (WebCore::LabelableElement::labels):
        * html/LabelsNodeList.cpp:
        (WebCore::LabelsNodeList::LabelsNodeList):
        * html/LabelsNodeList.h:
        * html/RadioNodeList.cpp:
        (WebCore::RadioNodeList::RadioNodeList):
        * html/RadioNodeList.h:
        (WebCore::RadioNodeList::create):

2014-02-24  Anders Carlsson  <andersca@apple.com>

        Make it possible to set the visited link provider on a per page basis
        https://bugs.webkit.org/show_bug.cgi?id=129288

        Reviewed by Andreas Kling.

        * WebCore.exp.in:
        Export symbols needed by WebKit2.

        * WebCore.xcodeproj/project.pbxproj:
        Make VisitedLinkProvider a private header.

        * page/Page.cpp:
        (WebCore::Page::Page):
        Take the visited link provider from the PageClients object.

        (WebCore::Page::visitedLinkProvider):
        If the page has a visited link provider set, return it.

        * page/Page.h:
        Add VisitedLinkProvider to Page and PageClients.

2014-02-25  Morten Stenshorne  <mstensho@opera.com>

        [New Multicolumn] -webkit-column-break-inside:avoid doesn't work
        https://bugs.webkit.org/show_bug.cgi?id=129299

        Reviewed by Andrei Bucur.

        adjustForUnsplittableChild() simply forgot to check whether we
        were inside flow thread based multicol.

        Test: fast/multicol/newmulticol/avoid-column-break-inside.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::adjustForUnsplittableChild):

2014-02-25  Mihnea Ovidenie  <mihnea@adobe.com>

        [CSSRegions] Remove unused function RenderFlowThread::regionForCompositedLayer
        https://bugs.webkit.org/show_bug.cgi?id=129303

        Reviewed by Andrei Bucur.

        Cleanup, no funtionality change, no new tests.

        * rendering/RenderFlowThread.h:

2014-02-25  Mihai Tica  <mitica@adobe.com>

        [CSS Blending] -webkit-mix-blend-mode should force transform-style: flat.
        https://bugs.webkit.org/show_bug.cgi?id=126158

        Reviewed by Mihnea Ovidenie.

        As stated in the http://www.w3.org/TR/css3-transforms/#propdef-transform-style, an element with blending
        should force transform-style: flat.

        Test: css3/compositing/blend-mode-transform-style.html

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle): If blending is detected, set transform-style to flat.

2014-02-25  Zan Dobersek  <zdobersek@igalia.com>

        Move to using std::unique_ptr for Element, Node and related classes
        https://bugs.webkit.org/show_bug.cgi?id=129058

        Reviewed by Anders Carlsson.

        Replace uses of OwnPtr and PassOwnPtr in Element, Node and the related
        classes with std::unique_ptr and move semantics.

        * dom/ContainerNode.h:
        (WebCore::ChildNodesLazySnapshot::takeSnapshot):
        (WebCore::ChildNodesLazySnapshot::hasSnapshot):
        * dom/Element.cpp:
        (WebCore::ensureAttrNodeListForElement):
        (WebCore::Element::attributes):
        * dom/ElementIteratorAssertions.h:
        (WebCore::ElementIteratorAssertions::ElementIteratorAssertions):
        * dom/ElementRareData.h:
        (WebCore::ElementRareData::setAttributeMap):
        * dom/MutationObserverRegistration.cpp:
        (WebCore::MutationObserverRegistration::observedSubtreeNodeWillDetach):
        (WebCore::MutationObserverRegistration::clearTransientRegistrations):
        (WebCore::MutationObserverRegistration::addRegistrationNodesToSet):
        * dom/MutationObserverRegistration.h:
        * dom/NamedNodeMap.h:
        (WebCore::NamedNodeMap::NamedNodeMap):
        * dom/Node.cpp:
        (WebCore::Node::ensureRareData):
        (WebCore::Node::didMoveToNewDocument):
        (WebCore::Node::ensureEventTargetData):
        (WebCore::Node::mutationObserverRegistry):
        (WebCore::Node::registerMutationObserver):
        (WebCore::Node::unregisterMutationObserver):
        (WebCore::Node::notifyMutationObserversNodeWillDetach):
        * dom/Node.h:
        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::NodeListsNodeData):
        (WebCore::NodeRareData::NodeRareData):
        (WebCore::NodeRareData::clearNodeLists):
        (WebCore::NodeRareData::ensureNodeLists):
        (WebCore::NodeRareData::ensureMutationObserverData):
        * dom/StyledElement.cpp:
        (WebCore::StyledElement::rebuildPresentationAttributeStyle):

2014-02-25  Andreas Kling  <akling@apple.com>

        Prune dead code for Web Inspector memory instrumentation.
        <https://webkit.org/b/129286>

        This was leftover code from Chromium's inspector. It's not used by
        today's WebKit inspector.

        Reviewed by Sam Weinig.

        * CMakeLists.txt:
        * DerivedSources.make:
        * GNUmakefile.am:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * inspector/InspectorAllInOne.cpp:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        * inspector/InspectorController.h:
        * inspector/InspectorMemoryAgent.cpp: Removed.
        * inspector/InspectorMemoryAgent.h: Removed.
        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::InspectorTimelineAgent):
        * inspector/InspectorTimelineAgent.h:
        * inspector/WorkerInspectorController.cpp:
        (WebCore::WorkerInspectorController::WorkerInspectorController):
        * inspector/protocol/Memory.json: Removed.

2014-02-24  Chris Fleizach  <cfleizach@apple.com>

        AX: Support abbr, acronym
        https://bugs.webkit.org/show_bug.cgi?id=128860

        Reviewed by Mario Sanchez Prada.

        Expose the data in <abbr>, <acronym> and <th abbr=""> as an 
        alternateTextValue() parameter.

        Test: platform/mac/accessibility/abbr-acronym-tags.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::hasTagName):
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::alternateTextValue):
        (WebCore::AccessibilityObject::supportsAlternateTextValue):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::alternateTextValue):
        (WebCore::AccessibilityRenderObject::supportsAlternateTextValue):
        * accessibility/AccessibilityRenderObject.h:
        * accessibility/AccessibilityTableCell.cpp:
        (WebCore::AccessibilityTableCell::alternateTextValue):
        (WebCore::AccessibilityTableCell::supportsAlternateTextValue):
        * accessibility/AccessibilityTableCell.h:
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (AXAttributeStringSetAlternateTextValue):
        (AXAttributedStringAppendText):
        (-[WebAccessibilityObjectWrapper additionalAccessibilityAttributeNames]):
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

2014-02-24  Martin Robinson  <mrobinson@igalia.com>

        [GTK] generate-gtkdoc should not generate documentation for source files for unbuilt source files
        https://bugs.webkit.org/show_bug.cgi?id=128417

        Reviewed by Carlos Garcia Campos.

        * bindings/gobject/GNUmakefile.am: Generate a config file for webkitdom documentation generation.

2014-02-24  Mark Lam  <mark.lam@apple.com>

        Need to initialize VM stack data even when the VM is on an exclusive thread.
        <https://webkit.org/b/129265>

        Reviewed by Geoffrey Garen.

        No new tests.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::reportException):
        - Added an assertion to ensure that we are holding the JSLock.
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::commonVM):
        - Updated to use the new VM::setExclusiveThread().

2014-02-24  Anders Carlsson  <andersca@apple.com>

        Add a DefaultVisitedLinkProvider and route visited link actions through it
        https://bugs.webkit.org/show_bug.cgi?id=129285

        Reviewed by Dan Bernstein.

        DefaultVisitedLinkProvider currently just forwards everything to the visited link strategy,
        but will soon take over the responsibilities of visited link handling from PageGroup.
        
        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/VisitedLinkState.cpp:
        (WebCore::VisitedLinkState::determineLinkStateSlowCase):
        * loader/HistoryController.cpp:
        (WebCore::addVisitedLink):
        (WebCore::HistoryController::updateForStandardLoad):
        (WebCore::HistoryController::updateForRedirectWithLockedBackForwardList):
        (WebCore::HistoryController::updateForClientRedirect):
        (WebCore::HistoryController::updateForSameDocumentNavigation):
        (WebCore::HistoryController::pushState):
        (WebCore::HistoryController::replaceState):
        * page/DefaultVisitedLinkProvider.cpp: Copied from Source/WebCore/page/VisitedLinkProvider.h.
        (WebCore::DefaultVisitedLinkProvider::create):
        (WebCore::DefaultVisitedLinkProvider::DefaultVisitedLinkProvider):
        (WebCore::DefaultVisitedLinkProvider::~DefaultVisitedLinkProvider):
        (WebCore::DefaultVisitedLinkProvider::isLinkVisited):
        (WebCore::DefaultVisitedLinkProvider::addVisitedLink):
        * page/DefaultVisitedLinkProvider.h: Copied from Source/WebCore/page/VisitedLinkProvider.h.
        * page/Page.cpp:
        (WebCore::Page::visitedLinkProvider):
        * page/Page.h:
        * page/PageGroup.cpp:
        (WebCore::PageGroup::PageGroup):
        (WebCore::PageGroup::visitedLinkProvider):
        * page/PageGroup.h:
        * page/VisitedLinkProvider.h:

2014-02-24  Jeremy Jones  <jeremyj@apple.com>

        WK2 AVKit fullscreen doesn't display video.
        https://bugs.webkit.org/show_bug.cgi?id=128564

        Reviewed by Simon Fraser.

        * WebCore.exp.in:
        Export WebCore::PlatformCALayer::platformCALayer()

        * platform/ios/WebVideoFullscreenInterface.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        Remove SetVideoLayerID(). 

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::setVideoLayer):
        Wrap make video layer look like an AVAVPlayerLayer with WebAVPlayerLayer

        * platform/ios/WebVideoFullscreenModelMediaElement.mm:
        (WebVideoFullscreenModelMediaElement::setMediaElement):
        Pass along the videoLayer before borrowing it so the interface will be ready to
        catch the transaction that removes it.

2014-02-24  Samuel White  <samuel_white@apple.com>

        AX: AccessibilityObject::findMatchingObjects should never include 'this' in results.
        https://bugs.webkit.org/show_bug.cgi?id=129243

        Reviewed by Chris Fleizach.

        Fix removes the container object from the search results when searching backwards. This
        makes backwards & forwards search results consistent with each other.

        Test: platform/mac/accessibility/search-predicate-container-not-included.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::findMatchingObjects):

2014-02-24  Samuel White  <samuel_white@apple.com>

        AX: findMatchingObjects backwards start position inconsistent with forwards start position when startObject == nullptr.
        https://bugs.webkit.org/show_bug.cgi?id=129266

        Reviewed by Chris Fleizach.

        When searching forward with no start object, the first thing considered is the first child of
        the container. However, when searching backwards with no start object nothing in the container
        is considered; this basically negates the search. This patch makes backwards searching without
        a start object start from the last child of the container to match forward search expectations.

        Test: platform/mac/accessibility/search-predicate-start-not-specified.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::findMatchingObjects):

2014-02-24  Andreas Kling  <akling@apple.com>

        Prune dead code for Web Inspector canvas instrumentation.
        <https://webkit.org/b/129269>

        This was leftover code from Chromium's inspector. It's not used by
        today's WebKit inspector.

        Reviewed by Timothy Hatcher.

        * CMakeLists.txt:
        * DerivedSources.make:
        * GNUmakefile.am:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSHTMLCanvasElementCustom.cpp:
        (WebCore::JSHTMLCanvasElement::getContext):
        * inspector/InjectedScriptCanvasModule.cpp: Removed.
        * inspector/InjectedScriptCanvasModule.h: Removed.
        * inspector/InspectorAllInOne.cpp:
        * inspector/InspectorCanvasAgent.cpp: Removed.
        * inspector/InspectorCanvasAgent.h: Removed.
        * inspector/InspectorCanvasInstrumentation.h: Removed.
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        (WebCore::InspectorController::didBeginFrame):
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::frameDetachedFromParentImpl):
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):
        * inspector/InspectorInstrumentation.h:
        * inspector/InstrumentingAgents.cpp:
        (WebCore::InstrumentingAgents::InstrumentingAgents):
        (WebCore::InstrumentingAgents::reset):
        * inspector/InstrumentingAgents.h:

2014-02-24  Zoltan Horvath  <zoltan@webkit.org>

        [CSS Shapes] Adjust lineTop position to the next available wrapping location at shape-outsides
        https://bugs.webkit.org/show_bug.cgi?id=128693

        Reviewed by David Hyatt.

        When we don't have space next to the floating container, but we have space inside the floating-container next
        to the defined shape-outside, we should wrap around the shape-outside. This patch fixes the behavior both for
        cases when there is no space to fit at the first line, and for the additional lines cases.

        Test: fast/shapes/shape-outside-floats/shape-outside-floats-linetop-adjustment.html

        * rendering/line/BreakingContextInlineHeaders.h:
        (WebCore::BreakingContext::handleText):
        (WebCore::BreakingContext::commitAndUpdateLineBreakIfNeeded):
        * rendering/line/LineWidth.cpp:
        (WebCore::availableWidthAtOffset):
        (WebCore::LineWidth::updateLineDimension): Added new helper.
        (WebCore::isWholeLineFit): Added new helper.
        (WebCore::LineWidth::wrapNextToShapeOutside): Added new helper.
        (WebCore::LineWidth::fitBelowFloats): Add optional parameter for the function.
        * rendering/line/LineWidth.h:

2014-02-24  Martin Hock  <mhock@apple.com>

        Create SessionID value-style class for session IDs.
        https://bugs.webkit.org/show_bug.cgi?id=129141

        Reviewed by Brady Eidson.

        * GNUmakefile.list.am:
        * WebCore.exp.in:
        * WebCore.xcodeproj/project.pbxproj:
        * page/Page.cpp: Add SessionID member.
        (WebCore::Page::Page):
        (WebCore::Page::sessionID): Retrieve sessionID or use settings if not set.
        * page/Page.h:
        (WebCore::Page::setSessionID):
        * page/SessionID.h: Session ID class consisting solely of its uint64_t session ID.
        (WebCore::SessionID::SessionID):
        (WebCore::SessionID::isValid): Not empty.
        (WebCore::SessionID::isEphemeral):
        (WebCore::SessionID::sessionID):
        (WebCore::SessionID::operator==): Value-based equality.
        (WebCore::SessionID::operator!=):
        (WebCore::SessionID::emptySessionID): Zero value also used for HashTraits emptyValue.
        (WebCore::SessionID::defaultSessionID):
        (WebCore::SessionID::legacyPrivateSessionID):
        * page/SessionIDHash.h:
        (WTF::SessionIDHash::hash): Just the casted session ID (low order bytes)
        (WTF::SessionIDHash::equal):
        (WTF::HashTraits<WebCore::SessionID>::emptyValue): Equal to emptySessionID.
        (WTF::HashTraits<WebCore::SessionID>::constructDeletedValue): -1 value.
        (WTF::HashTraits<WebCore::SessionID>::isDeletedValue):

2014-02-24  Javier Fernandez  <jfernandez@igalia.com>

        [CSS Grid Layout] handle undefined RemainingSpace in computeUsedBreadthOfGridTracks algorithm
        https://bugs.webkit.org/show_bug.cgi?id=128372

        Reviewed by David Hyatt.

        From Blink r165692 by <svillar@igalia.com>

        The spec defines a different code path for the computeUsedBreadthOfGridTracks algorithm
        http://dev.w3.org/csswg/css-grid/#function-ComputeUsedBreadthOfGridTracks.

        Basically the track breadth is different when the available size is undefined and thus,
        cannot be taken into account during the computations.
        The available size is undefined whenever the height is auto or the grid element has a
        shrink-to-fit behavior.

        It was also renamed the function to match the specs so the function name starts with
        'compute' instead of 'computed'.

        No new tests, but added new cases to some of them.

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
        (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
        (WebCore::gridElementIsShrinkToFit):
        (WebCore::RenderGrid::computeNormalizedFractionBreadth):
        (WebCore::RenderGrid::layoutGridItems):
        * rendering/RenderGrid.h:

2014-02-24  Roger Fong  <roger_fong@apple.com>

        [Windows] Unreviewed pre-emptive build fix.

        * WebCore.vcxproj/WebCoreCommon.props: Add replay directory to include path.

2014-02-24  Brady Eidson  <beidson@apple.com>

        Break out ImageControls style into an external stylesheet
        https://bugs.webkit.org/show_bug.cgi?id=129273

        Reviewed by Jer Noble.

        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:

        * css/CSSDefaultStyleSheets.cpp:
        (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):
        * css/CSSDefaultStyleSheets.h:

        * html/shadow/mac/ImageControlsRootElementMac.cpp:
        (WebCore::ImageControlsRootElementMac::maybeCreate):

        * html/shadow/mac/imageControlsMac.css:
        (.x-webkit-imagemenu):
        (.x-webkit-imagemenu:hover):

        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::mediaControlsScript):
        (WebCore::RenderTheme::imageControlsStyleSheet):
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::imageControlsStyleSheet):

2014-02-24  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>

        [WebRTC] Validating RTCConfiguration according to the spec
        https://bugs.webkit.org/show_bug.cgi?id=129182

        Reviewed by Eric Carlson.

        Spec states that:
            - iceServers should not be an empty list
            - the entry in the configuration dictionary is "urls", instead of "url"
            - urls can be either a list or a string
        Fixing all that in RTCConfiguration validation when creating a RTCPeerConnection

        Existing tests were updated.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::appendIceServer): Added.
        (WebCore::processIceServer): Added.
        (WebCore::RTCPeerConnection::parseConfiguration):

2014-02-24  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Relative positioned elements overflowing the region do not get painted into the next tile
        https://bugs.webkit.org/show_bug.cgi?id=129254

        Reviewed by Antti Koivisto.

        The painting of the region's layer should not be aborted so early if the region's fragment shouldn't be painted
        because that would prevent all the layer's children from being painted.

        Another problem this patch addresses is that clipping should also be performed when the clip rect is empty,
        which is what happens when painting in a tile in which the flowed element would normally be painted
        if it wasn't clipped by the region.

        Test: fast/regions/content-relative-next-tile.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintFlowThreadIfRegionForFragments):

2014-02-24  Renata Hodovan  <rhodovan.u-szeged@partner.samsung.com>
        
        Get rid of the unused 'immediate' parameters from repaint related functions
        https://bugs.webkit.org/show_bug.cgi?id=129111

        Reviewed by Simon Fraser.

        Removing the 'immediate' parameters from repaint related functions - accoring
        to the FIXME in RenderView::repaintViewRectangle() - since they have no effect.

        No new tests are necessary because there is no behavior change

        * dom/Element.cpp:
        (WebCore::Element::setActive):
        * loader/EmptyClients.h:
        * page/Chrome.cpp:
        (WebCore::Chrome::invalidateRootView):
        (WebCore::Chrome::invalidateContentsAndRootView):
        (WebCore::Chrome::invalidateContentsForSlowScroll):
        * page/Chrome.h:
        * page/ChromeClient.h:
        * page/Frame.cpp:
        (WebCore::Frame::tiledBackingStorePaintEnd):
        * page/FrameView.cpp:
        (WebCore::FrameView::invalidateRect):
        (WebCore::FrameView::scrollContentsFastPath):
        (WebCore::FrameView::repaintContentRectangle):
        (WebCore::FrameView::shouldUpdate):
        * page/FrameView.h:
        * platform/HostWindow.h:
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::scrollContents):
        (WebCore::ScrollView::scrollContentsSlowPath):
        (WebCore::ScrollView::repaintContentRectangle):
        (WebCore::ScrollView::updateOverhangAreas):
        (WebCore::ScrollView::addPanScrollIcon):
        (WebCore::ScrollView::removePanScrollIcon):
        (WebCore::ScrollView::platformRepaintContentRectangle):
        * platform/ScrollView.h:
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::repaintLayerRectsForImage):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::repaintRectangleInRegions):
        * rendering/RenderFlowThread.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::setFilterBackendNeedsRepaintingInRect):
        * rendering/RenderLayer.h:
        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::repaintFlowThreadContent):
        * rendering/RenderMultiColumnSet.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::repaintUsingContainer):
        (WebCore::RenderObject::repaint):
        (WebCore::RenderObject::repaintRectangle):
        (WebCore::RenderObject::repaintSlowRepaintObject):
        * rendering/RenderObject.h:
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::repaintFlowThreadContent):
        (WebCore::RenderRegion::repaintFlowThreadContentRectangle):
        * rendering/RenderRegion.h:
        * rendering/RenderView.cpp:
        (WebCore::RenderView::repaintViewRectangle):
        (WebCore::RenderView::flushAccumulatedRepaintRegion):
        (WebCore::RenderView::repaintRectangleInViewAndCompositedLayers):
        * rendering/RenderView.h:
        * svg/graphics/SVGImageChromeClient.h:

2014-02-24  Tamas Gergely  <tgergely.u-szeged@partner.samsung.com>

        Code cleanup: remove leftover ENABLE(WORKERS) macros and support.
        https://bugs.webkit.org/show_bug.cgi?id=129255

        Reviewed by Csaba Osztrogonác.

        ENABLE_WORKERS macro was removed in r159679, but r161589 added back some occurrences.
        Support is now also removed from xcconfig files.

        No new tests needed.

        * Configurations/FeatureDefines.xcconfig:
        * platform/ThreadGlobalData.cpp:
        * platform/ThreadGlobalData.h:
        * platform/Timer.h:
        (WebCore::TimerBase::isActive):
        * platform/ios/wak/WebCoreThread.mm:
        (RunWebThread):
        (StartWebThread):

2014-02-24  Tibor Meszaros  <tmeszaros.u-szeged@partner.samsung.com>

        [CMake] Get rid of "FIXME: The Blackberry port ..." from WebCore/CmakeLists.txt
        https://bugs.webkit.org/show_bug.cgi?id=129152

        Reviewed by Gyuyoung Kim.

        * CMakeLists.txt:

2014-02-24  David Kilzer  <ddkilzer@apple.com>

        Remove redundant setting in FeatureDefines.xcconfig

        * Configurations/FeatureDefines.xcconfig:

2014-02-24  Mihai Tica  <mitica@adobe.com>

        [CSS Blending] An element having -webkit-mix-blend-mode should only blend with the contents of the parent stacking context
        https://bugs.webkit.org/show_bug.cgi?id=129154

        Reviewed by Dean Jackson.

        The blending operation of an element having -webkit-mix-blend-mode should be restricted to the parent stacking context.
        This change isolates blending, preventing it from blending with other underlying elements besides the parent stacking context.

        Tests: css3/compositing/blend-mode-isolated-group-1.html
               css3/compositing/blend-mode-isolated-group-2.html
               css3/compositing/blend-mode-isolated-group-3.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer): Initialize added members to false.
        (WebCore::RenderLayer::updateBlendMode): Check if a blend mode was set or unset. If so, set the m_updateParentStackingContextShouldIsolateBlendingDirty to true.
        (WebCore::RenderLayer::updateParentStackingContextShouldIsolateBlending): Traverse to the parent stacking context and update the
        m_isolatesBlending member accordingly.
        * rendering/RenderLayer.h:
        - Add isolatesBlending() as a condition for creating a transparency layer in the paintsWithTransparency method.
        - Add m_updateParentStackingContextShouldIsolateBlendingDirty member.
        - Add m_isolatesBlending member and getter.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::computeCompositingRequirements): Call updateParentStackingContextShouldIsolateBlending. 

2014-02-24  Krzysztof Czech  <k.czech@samsung.com>

        [ATK] Wrong selected element at a given index in a list box.
        https://bugs.webkit.org/show_bug.cgi?id=129039

        Reviewed by Chris Fleizach.

        Test: accessibility/select-element-at-index.html

        The selected element at a given index was wrong. One should be considered among the
        all children of a list box, not only selected ones.

        * accessibility/atk/WebKitAccessibleInterfaceSelection.cpp:
        (core):
        (listObjectForSelection):
        (optionFromList):
        (optionFromSelection):
        (webkitAccessibleSelectionRefSelection):

2014-02-23  Dean Jackson  <dino@apple.com>

        [WebGL] Allow ANGLE to initialize unused varyings
        https://bugs.webkit.org/show_bug.cgi?id=129240
        <rdar://problem/15203342>

        Reviewed by Sam Weinig.

        Covered by: conformance/glsl/misc/shaders-with-varyings.html

        * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
        (WebCore::Extensions3DOpenGLCommon::getTranslatedShaderSourceANGLE):
        Add SH_INIT_VARYINGS_WITHOUT_STATIC_USE to compiler flags.

2014-02-23  Sam Weinig  <sam@webkit.org>

        Update FeatureDefines.xcconfig

        Rubber-stamped by Anders Carlsson.

        * Configurations/FeatureDefines.xcconfig:

2014-02-23  Dean Jackson  <dino@apple.com>

        Sort the project file with sort-Xcode-project-file.

        Rubber-stamped by Sam Weinig.

        * WebCore.xcodeproj/project.pbxproj:

2014-02-23  Sam Weinig  <sam@webkit.org>

        Fix incorrectly commented out code.

        * platform/TelephoneNumberDetector.h:

2014-02-23  Sam Weinig  <sam@webkit.org>

        Extract platform specific parts of telephone number detection 
        https://bugs.webkit.org/show_bug.cgi?id=129238

        Reviewed by Dean Jackson.

        * WebCore.xcodeproj/project.pbxproj:
        Add new files.

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::linkifyPhoneNumbers):
        (WebCore::HTMLTreeBuilder::processCharacterBufferForInBody):
        * platform/TelephoneNumberDetector.h: Added.
        * platform/cocoa/TelephoneNumberDetectorCocoa.cpp: Added.
        (WebCore::TelephoneNumberDetector::phoneNumbersScanner):
        (WebCore::TelephoneNumberDetector::isSupported):
        (WebCore::TelephoneNumberDetector::find):
        Move code to TelephoneNumberDetector.

2014-02-23  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Change a url parameter type with URL in NavigatorContentUtils
        https://bugs.webkit.org/show_bug.cgi?id=129202

        Reviewed by Sam Weinig.

        It would be good if we use *URL* for url parameters instead of using String.

        Merge from blink. https://src.chromium.org/viewvc/blink?view=rev&revision=165458.

        * Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
        (WebCore::verifyCustomHandlerURL):
        (WebCore::NavigatorContentUtils::registerProtocolHandler):
        (WebCore::NavigatorContentUtils::isProtocolHandlerRegistered):
        (WebCore::NavigatorContentUtils::unregisterProtocolHandler):
        * Modules/navigatorcontentutils/NavigatorContentUtilsClient.h:

2014-02-23  Dean Jackson  <dino@apple.com>

        Update ANGLE to 836bd2176e5607b14846cf1fbc5932dbc91318f4
        https://bugs.webkit.org/show_bug.cgi?id=129232

        Reviewed by Brent Fulgham.

        New files added, derived sources compiled directly, and generated
        steps removed for both EFL and GTK, with much-needed help from
        Sergio Correia.

        * CMakeLists.txt:
        * GNUMakefile.am:

2014-02-23  Sam Weinig  <sam@webkit.org>

        Move RenderMathMLMenclose.h/cpp to the right place in the Xcode project and sort.

        Rubber-stamped by Anders Carlsson.

        * WebCore.xcodeproj/project.pbxproj:

2014-02-23  Sam Weinig  <sam@webkit.org>

        Move telephone number detection behind its own ENABLE macro
        https://bugs.webkit.org/show_bug.cgi?id=129236

        Reviewed by Dean Jackson.

        * Configurations/FeatureDefines.xcconfig:
        Add ENABLE_TELEPHONE_NUMBER_DETECTION.

        * dom/Document.cpp:
        (WebCore::Document::Document):
        * dom/Document.h:
        * html/parser/HTMLConstructionSite.h:
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::processCharacterBufferForInBody):
        * html/parser/HTMLTreeBuilder.h:
        Use ENABLE(TELEPHONE_NUMBER_DETECTION).

        * platform/mac/SoftLinking.h:
        Remove PLATOFORM(IOS) from SOFT_LINK_PRIVATE_FRAMEWORK_OPTIONAL, it is not iOS specific.

2014-02-23  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Fix bleed avoidance subpixel calculation.
        https://bugs.webkit.org/show_bug.cgi?id=129225

        Reviewed by Simon Fraser.
        
        static_cast<LayoutUnit>(int value) only produces the desired result when subpixel is off.

        Currently not testable.

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::getBackgroundRoundedRect):
        (WebCore::shrinkRectByOneDevicePixel):
        (WebCore::RenderBoxModelObject::borderInnerRectAdjustedForBleedAvoidance):
        (WebCore::RenderBoxModelObject::backgroundRoundedRectAdjustedForBleedAvoidance):
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderBoxModelObject.h:

2014-02-23  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Add devicepixel based computation to BorderEdge class.
        https://bugs.webkit.org/show_bug.cgi?id=129224

        Reviewed by Simon Fraser.

        To produce correct width (and type) results, BorderEdge class needs to take device pixel ratio into account.

        Currently not testable.

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::BorderEdge::BorderEdge):
        (WebCore::BorderEdge::obscuresBackgroundEdge):
        (WebCore::BorderEdge::getDoubleBorderStripeWidths): this does not always produce the same
        result as before, but the sum of inner and outer is not different.
        (WebCore::BorderEdge::borderWidthInDevicePixel):
        (WebCore::RenderBoxModelObject::getBorderEdgeInfo):

2014-02-22  Dan Bernstein  <mitz@apple.com>

        REGRESSION (r164507): Crash beneath JSGlobalObjectInspectorController::reportAPIException at facebook.com, twitter.com, youtube.com
        https://bugs.webkit.org/show_bug.cgi?id=129227

        Reviewed by Eric Carlson.

        Reverted r164507.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::reportException):
        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::buildInitiatorObject):
        * inspector/PageDebuggerAgent.cpp:
        (WebCore::PageDebuggerAgent::breakpointActionLog):
        * inspector/TimelineRecordFactory.cpp:
        (WebCore::TimelineRecordFactory::createGenericRecord):
        * page/Console.cpp:
        (WebCore::internalAddMessage):
        (WebCore::Console::profile):
        (WebCore::Console::profileEnd):
        (WebCore::Console::timeEnd):
        * page/ContentSecurityPolicy.cpp:
        (WebCore::gatherSecurityPolicyViolationEventData):
        (WebCore::ContentSecurityPolicy::reportViolation):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::postMessage):

2014-02-22  Joseph Pecoraro  <pecoraro@apple.com>

        Remove some unreachable code (-Wunreachable-code)
        https://bugs.webkit.org/show_bug.cgi?id=129220

        Reviewed by Eric Carlson.

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::processCharacterBuffer):
        (WebCore::HTMLTreeBuilder::processEndTag):
        The only tricky case. Here there was a break inside the
        #if, but not the #else, and a break after the #endif.
        Remove the break inside the #if, and always use the
        break after the #endif.

        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::modeToString):
        * bindings/js/JSTrackCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSWebGLRenderingContextCustom.cpp:
        (WebCore::functionForUniform):
        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::checkOne):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):
        * page/CaptionUserPreferencesMediaAF.cpp:
        (WebCore::CaptionUserPreferencesMediaAF::captionDisplayMode):

2014-02-22  Dean Jackson  <dino@apple.com>

        Letterpress effect disabled for synthetic italic
        https://bugs.webkit.org/show_bug.cgi?id=129218
        <rdar://problem/15997846>

        Reviewed by Dan Bernstein.

        There was no need to guard against synthetic italics and letterpress.

        * platform/graphics/mac/FontMac.mm:
        (WebCore::Font::drawGlyphs): Remove !useLetterpressEffect from conditional.

2014-02-21  Sam Weinig  <sam@webkit.org>

        Expose phase and momentum phase as SPI on DOMWheelEvent
        <rdar://problem/16110871>
        https://bugs.webkit.org/show_bug.cgi?id=129184

        Reviewed by Anders Carlsson.

        * WebCore.exp.in:
        Export core(DOMWheelEvent).

        * WebCore.xcodeproj/project.pbxproj:
        Make DOMWheelEventInternal.h available in WebKit.

        * dom/Element.cpp:
        (WebCore::Element::dispatchWheelEvent):
        * dom/WheelEvent.cpp:
        (WebCore::determineDeltaMode):
        (WebCore::WheelEvent::WheelEvent):
        (WebCore::WheelEvent::initWheelEvent):
        (WebCore::WheelEvent::initWebKitWheelEvent):
        Move PlatformWheelEvent -> DOMWheelEvent conversion to DOMWheelEvent.

        * dom/WheelEvent.h:
        (WebCore::WheelEvent::create):
        (WebCore::WheelEvent::phase):
        (WebCore::WheelEvent::momentumPhase):
        Store phase and momentumPhase on the WheelEvent.

2014-02-22  Alexey Proskuryakov  <ap@apple.com>

        Rename JWK key_ops values from wrap/unwrap to wrapKey/unwrapKey
        https://bugs.webkit.org/show_bug.cgi?id=129121

        Reviewed by Sam Weinig.

        * bindings/js/JSCryptoKeySerializationJWK.cpp:
        (WebCore::JSCryptoKeySerializationJWK::reconcileUsages): Updated to newer names.
        (WebCore::addUsagesToJSON): Ditto.
        (WebCore::JSCryptoKeySerializationJWK::serialize): rsa-oaep-key-manipulation test
        started ot fail, because RSA-OAEP with 2048 bit key and sha-1 can only encrypt
        214 bytes, and the new longer names made JSON serialization slightly longer.
        Compensate by not doing any indentation in JSON.

2014-02-22  Frédéric Wang  <fred.wang@free.fr>

        Only skip stretchy operators when determining the stretch height.
        https://bugs.webkit.org/show_bug.cgi?id=126842

        Reviewed by Chris Fleizach.

        The MathML code only takes into account non-mo children for the computation of the stretch size. This change includes non-stretchy mo in that computation. A new test is added into mathml/presentation/stretchy-depth-height.html.

        * rendering/mathml/RenderMathMLRow.cpp:
        (WebCore::RenderMathMLRow::layout):

2014-02-22  Frédéric Wang  <fred.wang@free.fr>

        Implement asymmetric/symmetric stretching of vertical operators.
        https://bugs.webkit.org/show_bug.cgi?id=124827.

        Reviewed by Chris Fleizach.

        The MathML code stretches vertical operators asymmetrically by default. This patch takes into account the symmetric attribute or the symmetric property of the operator dictionary to stretch operators symmetrically.

        Test: mathml/presentation/stretchy-depth-height-symmetric.html

        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::stretchTo):
        (WebCore::RenderMathMLOperator::updateFromElement):
        (WebCore::RenderMathMLOperator::updateStyle):

2014-02-22  Frédéric Wang  <fred.wang@free.fr>

        Bug 119043 - Large stretch size error for MathML operators.
        https://bugs.webkit.org/show_bug.cgi?id=119043

        Reviewed by Chris Fleizach.

        The MathML code used some arbitrary gOperatorExpansion factor for the
        stretch size and 2/3 1/2 constants for the baseline. This change tries
        to consider height/depth of siblings of the stretchy operator so that
        the stretchy operator now matches its target.

        Test: mathml/presentation/stretchy-depth-height.html

        * rendering/RenderObject.h:
        (WebCore::RenderObject::isRenderMathMLTable):
        * rendering/mathml/RenderMathMLBlock.h:
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::RenderMathMLOperator):
        (WebCore::RenderMathMLOperator::stretchTo):
        (WebCore::RenderMathMLOperator::findAcceptableStretchyCharacter):
        (WebCore::RenderMathMLOperator::updateStyle):
        (WebCore::RenderMathMLOperator::firstLineBaseline):
        (WebCore::RenderMathMLOperator::computeLogicalHeight):
        * rendering/mathml/RenderMathMLOperator.h:
        * rendering/mathml/RenderMathMLRow.cpp:
        (WebCore::RenderMathMLRow::layout):

2014-02-22  Frédéric Wang  <fred.wang@free.fr>

        Unreviewed, rolling out r164534.
        http://trac.webkit.org/changeset/164534
        https://bugs.webkit.org/show_bug.cgi?id=119043

        missing tests

        * rendering/RenderObject.h:
        * rendering/mathml/RenderMathMLBlock.h:
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::RenderMathMLOperator):
        (WebCore::RenderMathMLOperator::expandedStretchHeight):
        (WebCore::RenderMathMLOperator::stretchToHeight):
        (WebCore::RenderMathMLOperator::findAcceptableStretchyCharacter):
        (WebCore::RenderMathMLOperator::updateStyle):
        (WebCore::RenderMathMLOperator::firstLineBaseline):
        (WebCore::RenderMathMLOperator::computeLogicalHeight):
        * rendering/mathml/RenderMathMLOperator.h:
        * rendering/mathml/RenderMathMLRow.cpp:
        (WebCore::RenderMathMLRow::layout):

2014-02-22  Frédéric Wang  <fred.wang@free.fr>

        Bug 119043 - Large stretch size error for MathML operators.
        https://bugs.webkit.org/show_bug.cgi?id=119043

        Reviewed by Chris Fleizach.

        The MathML code used some arbitrary gOperatorExpansion factor for the
        stretch size and 2/3 1/2 constants for the baseline. This change tries
        to consider height/depth of siblings of the stretchy operator so that
        the stretchy operator now matches its target.

        Test: mathml/presentation/stretchy-depth-height.html

        * rendering/RenderObject.h:
        (WebCore::RenderObject::isRenderMathMLTable):
        * rendering/mathml/RenderMathMLBlock.h:
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::RenderMathMLOperator):
        (WebCore::RenderMathMLOperator::stretchTo):
        (WebCore::RenderMathMLOperator::findAcceptableStretchyCharacter):
        (WebCore::RenderMathMLOperator::updateStyle):
        (WebCore::RenderMathMLOperator::firstLineBaseline):
        (WebCore::RenderMathMLOperator::computeLogicalHeight):
        * rendering/mathml/RenderMathMLOperator.h:
        * rendering/mathml/RenderMathMLRow.cpp:
        (WebCore::RenderMathMLRow::layout):

2014-02-21  Zalan Bujtas  <zalan@apple.com>

        REGRESSION(r164412): Pixel cracks when zooming in to any web content.
        https://bugs.webkit.org/show_bug.cgi?id=129195

        Reviewed by Simon Fraser.

        Integral clipping of the repaint rect was prematurely removed in RenderLayerBacking::paintContents().
        Repaint rects needs a uniform, device pixel precise clipping across the painting flow including RenderLayer,
        RenderView and TileController.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::paintContents):
        (WebCore::RenderLayerBacking::compositedBoundsIncludingMargin):

2014-02-21  Jer Noble  <jer.noble@apple.com>

        Unreviewed Mac build fix after r164529.

        Replace the string-to-array algorithm with a archictecture-independant
        one.

        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm:
        (WebCore::CDMSessionMediaSourceAVFObjC::generateKeyRequest):

2014-02-21  Jer Noble  <jer.noble@apple.com>

        [EME] Add a CDMSession for MediaPlayerPrivateMediaSourceAVFObjC
        https://bugs.webkit.org/show_bug.cgi?id=129166

        Reviewed by Eric Carlson.

        Add a new CDMSession, cerated by MediaPlayerPrivateMediaSourceAVFObjC allowing
        media-source-backed media elements to play protected content.

        Add a new CDMSessionMediaSourceAVFObjC class:
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h: Added.
        (WebCore::CDMSessionMediaSourceAVFObjC::~CDMSessionMediaSourceAVFObjC):
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm: Added.
        (WebCore::CDMSessionMediaSourceAVFObjC::CDMSessionMediaSourceAVFObjC):
        (WebCore::CDMSessionMediaSourceAVFObjC::generateKeyRequest): Do not actually generate a
            key request until the certificate data has been added via update();
        (WebCore::CDMSessionMediaSourceAVFObjC::releaseKeys): No-op.
        (WebCore::CDMSessionMediaSourceAVFObjC::update): If no certificate data has yet been
            added, assume the incoming message contains it.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::registerMediaEngine): Add supportsKeySystem.
        (WebCore::keySystemIsSupported): Use "com.apple.fps.2_0" to distinguish from the not-media-source scheme.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::supportsType): Check the keySystem type.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::supportsKeySystem): Added.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::createSession): Added, pass through to MediaSourcePrivate.
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
        (WebCore::MediaSourcePrivateAVFObjC::createSession): Added.
        (WebCore::MediaSourcePrivateAVFObjC::sourceBufferKeyNeeded): Pass through to MediaPlayer.
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (-[WebAVStreamDataParserListener streamDataParser:didProvideContentKeyRequestInitializationData:forTrackID:]):
            Added, pass through to SourceBufferPrivate.
        (WebCore::SourceBufferPrivateAVFObjC::SourceBufferPrivateAVFObjC):
        (WebCore::SourceBufferPrivateAVFObjC::didProvideContentKeyRequestInitializationDataForTrackID): Remember
            which track is requesting the key, and pass the request to MediaSourcePrivate.

        Add new files to the project.
        * WebCore.xcodeproj/project.pbxproj:

2014-02-21  Alexey Proskuryakov  <ap@apple.com>

        CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify contains seemingly accidental unreachable code
        https://bugs.webkit.org/show_bug.cgi?id=129193

        Reviewed by Joseph Pecoraro.

        * crypto/mac/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp:
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify): Fix the accidental code.

2014-02-21  Brent Fulgham  <bfulgham@apple.com>

        Extend media support for WebVTT sources
        https://bugs.webkit.org/show_bug.cgi?id=129156

        Reviewed by Eric Carlson.

        * Configurations/FeatureDefines.xcconfig: Add new feature define for AVF_CAPTIONS
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::outOfBandTrackSources): Added.
        * html/HTMLMediaElement.h:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::outOfBandTrackSources): Added.
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayerClient::outOfBandTrackSources): Added.
        * platform/graphics/PlatformTextTrack.h:
        (WebCore::PlatformTextTrack::create): Update for new constructor signature.
        (WebCore::PlatformTextTrack::createOutOfBand): Added.
        (WebCore::PlatformTextTrack::url): Added.
        (WebCore::PlatformTextTrack::isDefault): Added.
        (WebCore::PlatformTextTrack::PlatformTextTrack): Revised to take new URL and
        'isDefault' arguments.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::mediaDescriptionForKind): Added.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Tell AVFoundation about any
        WebVTT tracks supplied by the web page.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::processMediaSelectionOptions): Filter out any out-of-band
        WebVTT tracks returned by the media engine to avoid double-counting tracks.

2014-02-21  Ryosuke Niwa  <rniwa@webkit.org>

        Inner text element should not use -webkit-user-modify
        https://bugs.webkit.org/show_bug.cgi?id=129035

        Reviewed by Andreas Kling.

        To eliminate the internal use of -webkit-user-modify, use contenteditable attribute in the inner text elements
        instead of manually inspecting disabled-ness and readonly-ness in RenderTextControl.

        Unfortunately, we still have to manually set UserModify value in RenderTextControl::adjustInnerTextStyle since
        RenderTextControl::styleDidChange creates RenderStyle for its inner text from scratch via createInnerTextStyle.    

        * html/HTMLFieldSetElement.cpp:
        (WebCore::HTMLFieldSetElement::disabledStateChanged): Don't use childrenOfType iterator which asserts that DOM
        isn't mutated during the traversal since we now set contenteditable attribute inside disabledStateChanged via
        updateFromControlElementsAncestorDisabledStateUnder.

        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::parseAttribute): Extracted readOnlyAttributeChanged out of this function so
        that HTMLTextFormControl could override it to call updateInnerTextElementEditability.
        (WebCore::HTMLFormControlElement::readOnlyAttributeChanged): Ditto.
        * html/HTMLFormControlElement.h:

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::didAddUserAgentShadowRoot): Call updateInnerTextElementEditability after creating
        shadow DOM for the current input type.
        (WebCore::HTMLInputElement::updateType): Ditto.
        (WebCore::HTMLInputElement::parseAttribute): Ditto.

        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::didAddUserAgentShadowRoot): Call updateInnerTextElementEditability.

        * html/HTMLTextFormControlElement.cpp:
        (WebCore::HTMLTextFormControlElement::disabledStateChanged): Added to update contenteditable attribute since
        the editability of the inner text element depends on disabled-ness of the element.
        (WebCore::HTMLTextFormControlElement::readOnlyAttributeChanged): Ditto for the readonly-ness of the element.
        (WebCore::HTMLTextFormControlElement::updateInnerTextElementEditability): Added.
        * html/HTMLTextFormControlElement.h:

        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::adjustInnerTextStyle): Use the inner text element's presentationAttributeStyle() to
        compute the appropriate EUserModify value instead of hard-coding it here.
        * rendering/RenderTextControl.h:

2014-02-21  ChangSeok Oh  <changseok.oh@collabora.com>

        [GTK] Support WEBGL_draw_buffers extension.
        https://bugs.webkit.org/show_bug.cgi?id=129143

        Reviewed by Dean Jackson.

        Support the WEBGL_draw_buffers WebGL extension for gtk port. Relevant opengl APIs
        are exposed for WebGLRenderingContext to access them properly.

        Covered by fast/canvas/webgl/webgl-draw-buffers.html

        * platform/graphics/OpenGLShims.cpp:
        (WebCore::initializeOpenGLShims):
        * platform/graphics/OpenGLShims.h:
        * platform/graphics/opengl/Extensions3DOpenGL.cpp:
        (WebCore::Extensions3DOpenGL::supportsExtension):
        (WebCore::Extensions3DOpenGL::drawBuffersEXT):

2014-02-21  ChangSeok Oh  <changseok.oh@collabora.com>

        Mac port uses ANGLE_instanced_arrays related apis through those in GraphicsContext3DCommon.cpp
        https://bugs.webkit.org/show_bug.cgi?id=128803

        Reviewed by Dean Jackson.

        Merge mac port implementation of ANGLE_instanced_arrays into common code.

        No new tests, no functionality changed.

        * platform/graphics/mac/GraphicsContext3DMac.mm:
        * platform/graphics/opengl/Extensions3DOpenGL.cpp:
        (WebCore::Extensions3DOpenGL::drawArraysInstanced):
        (WebCore::Extensions3DOpenGL::drawElementsInstanced):
        (WebCore::Extensions3DOpenGL::vertexAttribDivisor):
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::vertexAttribDivisor):

2014-02-21  Myles C. Maxfield  <mmaxfield@apple.com>

        After copy and paste, cursor may appear to be above the bottom of content
        https://bugs.webkit.org/show_bug.cgi?id=129167

        Reviewed by Ryosuke Niwa.

        Adding a clear:both to the end of content.

        I can't handle the case of the cursor appearing above the bottom of
        absolutely positioned divs (of the case of floats inside absolutely
        positioned divs) because you can't know where the bottom of a div
        will end up being rendered (it is affected by things like browser
        window width and text size settings). Therefore, the only case I
        can handle is the case where there is a floating div in the same
        level as the document itself.

        Test: editing/pasteboard/copy-paste-inserts-clearing-div.html

        * editing/EditingStyle.cpp:
        (WebCore::EditingStyle::isFloating):
        * editing/EditingStyle.h:
        * editing/markup.cpp:
        (WebCore::StyledMarkupAccumulator::StyledMarkupAccumulator):
        (WebCore::StyledMarkupAccumulator::appendElement):
        (WebCore::createMarkupInternal):

2014-02-21  Dean Jackson  <dino@apple.com>

        [iOS Media] Wireless target UI
        https://bugs.webkit.org/show_bug.cgi?id=129189
        <rdar://problem/15349928>
        <rdar://problem/16100060>

        Reviewed by Eric Carlson.

        Implement a prototype UI for wireless playback targets. The UI
        doesn't currently work, but can be simulated via a class variable
        in ControllerIOS.

        * Modules/mediacontrols/mediaControlsiOS.css:
        (audio::-webkit-media-controls-panel button): Reset the default style of
        button elements, to avoid getting a border.
        (audio::-webkit-media-controls-wireless-playback-status): Holds the UI showing
        the user that the media is playing on another target.
        (audio::-webkit-media-controls-wireless-playback-status.hidden):
        (audio::-webkit-media-controls-wireless-playback-picker-button): The button to
        trigger selection of targets.
        (audio::-webkit-media-controls-wireless-playback-picker-button.active):
        (audio::-webkit-media-controls-panel): This needs to be position absolute for
        the wireless playback status to fill the viewport.
        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS): Check for targets.
        (ControllerIOS.prototype.addVideoListeners):
        (ControllerIOS.prototype.removeVideoListeners):
        (ControllerIOS.prototype.UIString): New method to return localized strings (with
        a FIXME).
        (ControllerIOS.prototype.shouldHaveAnyUI): Needs to display if there is a wireless
        target.
        (ControllerIOS.prototype.currentPlaybackTargetIsWireless):
        (ControllerIOS.prototype.updateWirelessPlaybackStatus): Create the status content,
        replacing the device name if it is available.
        (ControllerIOS.prototype.updateWirelessTargetAvailable):
        (ControllerIOS.prototype.createControls):
        (ControllerIOS.prototype.configureInlineControls):
        (ControllerIOS.prototype.handleWirelessPlaybackChange):
        (ControllerIOS.prototype.handleWirelessTargetAvailableChange):
        (ControllerIOS.prototype.handleWirelessPickerButtonClicked):

2014-02-21  Jer Noble  <jer.noble@apple.com>

        Make a generic CDMPrivateMediaPlayer and move its CDMSession into platform/.
        https://bugs.webkit.org/show_bug.cgi?id=129164

        Reviewed by Eric Carlson.

        Move the session created by CDMPrivateAVFoundation into platform, and rename
        CDMPrivateAVFoundation to CDMPrivateMediaPlayer. Future media engines who want
        to support a keysystem from within the media engine can create their own
        CDMSession as part of the MediaPlayerPrivate interface.

        * Modules/encryptedmedia/CDM.cpp:
        (WebCore::installedCDMFactories):
        (WebCore::CDM::createSession):
        * Modules/encryptedmedia/CDM.h:
        * Modules/encryptedmedia/CDMPrivate.h:
        * Modules/encryptedmedia/MediaKeySession.cpp:
        * Modules/encryptedmedia/MediaKeySession.h:
        * Modules/encryptedmedia/CDMPrivateAVFoundation.mm: Removed.
        * Modules/encryptedmedia/CDMPrivateMediaPlayer.cpp: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivateAVFoundation.cpp.
        (WebCore::CDMPrivateMediaPlayer::supportsKeySystem):
        (WebCore::CDMPrivateMediaPlayer::supportsKeySystemAndMimeType):
        (WebCore::CDMPrivateMediaPlayer::supportsMIMEType):
        (WebCore::CDMPrivateMediaPlayer::createSession):
        * Modules/encryptedmedia/CDMPrivateMediaPlayer.h: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivateAVFoundation.h.
        (WebCore::CDMPrivateMediaPlayer::create):
        (WebCore::CDMPrivateMediaPlayer::~CDMPrivateMediaPlayer):
        (WebCore::CDMPrivateMediaPlayer::cdm):
        (WebCore::CDMPrivateMediaPlayer::CDMPrivateMediaPlayer):
        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/CDMSession.h: Extracted from CDMPrivateAVFoundation.h.
        (WebCore::CDMSessionClient::~CDMSessionClient):
        (WebCore::CDMSession::CDMSession):
        (WebCore::CDMSession::~CDMSession):
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::createSession):
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::createSession):
        * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.h: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivateAVFoundation.h.
        (WebCore::CDMSessionAVFoundationObjC::~CDMSessionAVFoundationObjC):
        * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivateAVFoundation.mm.
        (WebCore::CDMSessionAVFoundationObjC::CDMSessionAVFoundationObjC):
        (WebCore::CDMSessionAVFoundationObjC::generateKeyRequest):
        (WebCore::CDMSessionAVFoundationObjC::releaseKeys):
        (WebCore::CDMSessionAVFoundationObjC::update):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createSession):
        * testing/MockCDM.cpp:
        (WebCore::MockCDMSession::setClient):
        (WebCore::MockCDM::createSession):
        * testing/MockCDM.h:

2014-02-21  Jer Noble  <jer.noble@apple.com>

        Add a supportsKeySystem media engine factory parameter.
        https://bugs.webkit.org/show_bug.cgi?id=129161

        Reviewed by Eric Carlson.

        Add a new parameter to the MediaPlayerFactory to allow registered media
        engines to be queried for keySystem support:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayerFactory::MediaPlayerFactory):
        (WebCore::MediaPlayer::supportsKeySystem):
        * platform/graphics/MediaPlayer.h:

        Support this new field in MediaPlayerPrivateAVFoundationObjC:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::registerMediaEngine):
        (WebCore::keySystemIsSupported):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::supportsKeySystem):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource):

        Add an empty field for SupportsKeySystem to the remaining media engines:
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::MediaPlayerPrivateAVFoundationCF::registerMediaEngine):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::registerMediaEngine):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::registerMediaEngine):
        * platform/graphics/ios/MediaPlayerPrivateIOS.mm:
        (WebCore::MediaPlayerPrivateIOS::registerMediaEngine):
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        (WebCore::MediaPlayerPrivateQTKit::registerMediaEngine):
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::registerMediaEngine):
        * platform/mock/mediasource/MockMediaPlayerMediaSource.cpp:
        (WebCore::MockMediaPlayerMediaSource::registerMediaEngine):

2014-02-21  Benjamin Poulain  <bpoulain@apple.com>

        Fix WebCore's internals after r164505

        * testing/Internals.cpp:
        (WebCore::Internals::findEditingDeleteButton): The call became ambiguous after r164505.

2014-02-21  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: JSContext inspection should report exceptions in the console
        https://bugs.webkit.org/show_bug.cgi?id=128776

        Reviewed by Timothy Hatcher.

        Include some clean up of ConsoleMessage and ScriptCallStack construction.

        Covered by existing tests.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::reportException):
        Simplify code now that createStackTraceFromException handles it.

        * page/ContentSecurityPolicy.cpp:
        (WebCore::gatherSecurityPolicyViolationEventData):
        (WebCore::ContentSecurityPolicy::reportViolation):
        ScriptCallStack can give us the first non-native callframe.

        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::buildInitiatorObject):
        * inspector/PageDebuggerAgent.cpp:
        (WebCore::PageDebuggerAgent::breakpointActionLog):
        * inspector/TimelineRecordFactory.cpp:
        (WebCore::TimelineRecordFactory::createGenericRecord):
        * page/Console.cpp:
        (WebCore::internalAddMessage):
        (WebCore::Console::profile):
        (WebCore::Console::profileEnd):
        (WebCore::Console::timeEnd):
        * page/ContentSecurityPolicy.cpp:
        (WebCore::gatherSecurityPolicyViolationEventData):
        (WebCore::ContentSecurityPolicy::reportViolation):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::postMessage):

2014-02-21  Benjamin Poulain  <benjamin@webkit.org>

        jsDocumentPrototypeFunctionGetElementById should not create an AtomicString for the function argument
        https://bugs.webkit.org/show_bug.cgi?id=128893

        Reviewed by Darin Adler.

        The declaration of TreeScope::getElementById() was taking an AtomicString as the parameter.
        Because of this, all the call sites manipulating String were creating and keeping alive an AtomicString
        to make the call.

        This had two negative consequences:
        -The call sites were ref-ing the ID's atomic string for no reason.
        -When there is no ID associated with the input string, an atomic string was created for the sole
         purpose of failing the query. Since IDs are stored as AtomicString, if there is not an existing
         AtomicString for the input, there is no reason to query anything.

        * WebCore.exp.in:
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::findAtomicString): Update this after the rename.

        * bindings/scripts/CodeGeneratorObjC.pm:
        (GenerateImplementation):
        * bindings/scripts/IDLAttributes.txt:
        Now that there are two overloads for TreeScope::getElementById(), the conversion from NSString*
        is ambiguous. I add the keyword ObjCExplicitAtomicString to force an explicit conversion to AtomicString.

        * dom/Document.idl:
        * dom/TreeScope.cpp:
        (WebCore::TreeScope::getElementById):
        When getting an AtomicString, the case of a empty string is not important, use isNull() instead.
        When getting a String, get the corresponding AtomicString if any and use that for getting the element.

        * dom/TreeScope.h:
        * html/FTPDirectoryDocument.cpp:
        (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
        Solve the ambiguous call.

        * svg/SVGAElement.cpp:
        (WebCore::SVGAElement::defaultEventHandler):
        This is a wonderful candidate for substringSharingImpl. The substring does not survive the call since
        the new getElementById never create any AtomicString.

        * svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::getElementById):
        It looks like there are opportunities to get faster here, Ryosuke should have a look.

        * svg/SVGSVGElement.h:
        * xml/XMLTreeViewer.cpp:
        (WebCore::XMLTreeViewer::transformDocumentToTreeView):
        Unrelated cleanup: noStyleMessage was useless.

2014-02-21  Daniel Bates  <dabates@apple.com>

        COL element in table has 0 for offsetWidth
        https://bugs.webkit.org/show_bug.cgi?id=15277

        Reviewed by David Hyatt.

        Implements offset{Left, Top, Width, Height} for table columns and column groups
        per section Extensions to the HTMLElement Interface of the CSSOM View spec,
        <http://www.w3.org/TR/cssom-view/#extensions-to-the-htmlelement-interface> (Draft 17 December 2013).

        For now, we fail almost all of the offset{Height, Top} sub-tests in the included test
        for the separate border model as we need to fix <https://bugs.webkit.org/show_bug.cgi?id=128988>.

        Test: fast/table/col-and-colgroup-offsets.html

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::RenderTable): Initialize cached column offset top and offset height.
        We cache these offsets since they are the same for all columns in the table.
        (WebCore::RenderTable::invalidateCachedColumns): Clear cached effective column index map.
        (WebCore::RenderTable::invalidateCachedColumnOffsets): Added.
        (WebCore::RenderTable::layout): Invalidate cached column offsets as the location or height
        of one or more sections may have changed.
        (WebCore::RenderTable::updateColumnCache): Modified to build effective column index map.
        (WebCore::RenderTable::effectiveIndexOfColumn): Added.
        (WebCore::RenderTable::offsetTopForColumn): Added.
        (WebCore::RenderTable::offsetLeftForColumn): Added.
        (WebCore::RenderTable::offsetWidthForColumn): Added.
        (WebCore::RenderTable::offsetHeightForColumn): Added.
        * rendering/RenderTable.h: Make isTableColumnGroupWithColumnChildren() const.
        * rendering/RenderTableCol.cpp:
        (WebCore::RenderTableCol::offsetLeft): Added; turns around and calls RenderTable::offsetLeftForColumn().
        (WebCore::RenderTableCol::offsetTop): Added; turns around and calls RenderTable::offsetTopForColumn().
        (WebCore::RenderTableCol::offsetWidth): Added; turns around and calls RenderTable::offsetWidthForColumn().
        (WebCore::RenderTableCol::offsetHeight): Added; turns around and calls RenderTable::offsetHeightForColumn().
        * rendering/RenderTableCol.h:

2014-02-21  Enrica Casucci  <enrica@apple.com>

        Build fix for iOS after r164498.

        Unreviewed.

        * platform/graphics/ios/MediaPlayerPrivateIOS.mm:
        (WebCore::MediaPlayerPrivateIOS::buffered):

2014-02-21  Ryosuke Niwa  <rniwa@webkit.org>

        Disallow the use of -webkit-user-modify on shadow pseudo elements
        https://bugs.webkit.org/show_bug.cgi?id=129144

        Reviewed by Geoffrey Garen.

        Completely disallow -webkit-user-modify on user agent (builtin) pseudo elements.

        We've already had rules to do this in html.css but just hard code it into the engine
        in order to eliminate the all uses of -webkit-user-modify in html.css.

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle):
        * css/html.css:
        (input::-webkit-textfield-decoration-container):
        (input::-webkit-clear-button):
        (input[type="search"]::-webkit-search-cancel-button):
        (input[type="search"]::-webkit-search-decoration):
        (input[type="search"]::-webkit-search-results-decoration):
        (input[type="search"]::-webkit-search-results-button):
        (input::-webkit-inner-spin-button):
        (input::-webkit-input-speech-button):
        (input::-webkit-input-placeholder, isindex::-webkit-input-placeholder):
        (input[type="file"]::-webkit-file-upload-button):
        (input[type="range"]::-webkit-slider-container, input[type="range"]::-webkit-media-slider-container):
        (input[type="range"]::-webkit-slider-runnable-track):
        (input[type="range"]::-webkit-slider-thumb, input[type="range"]::-webkit-media-slider-thumb):
        (input[type="color"]::-webkit-color-swatch-wrapper):
        (input[type="color"]::-webkit-color-swatch):
        (::-webkit-validation-bubble):
        (::-webkit-validation-bubble-message):
        (::-webkit-validation-bubble-text-block):
        (::-webkit-validation-bubble-heading):
        (::-webkit-validation-bubble-arrow):
        (::-webkit-validation-bubble-arrow-clipper):
        (meter::-webkit-meter-inner-element):
        (meter::-webkit-meter-bar):
        (meter::-webkit-meter-optimum-value):
        (meter::-webkit-meter-suboptimum-value):
        (meter::-webkit-meter-even-less-good-value):
        (progress::-webkit-progress-inner-element):
        (progress::-webkit-progress-bar):
        (progress::-webkit-progress-value):

2014-02-21  Eric Carlson  <eric.carlson@apple.com>

        Fix TimeRanges layering violations
        https://bugs.webkit.org/show_bug.cgi?id=128717

        Reviewed by Jer Noble.

        No new tests, no functionality changed.

        * CMakeLists.txt:
        * GNUmakefile.list.am: Add PlatformTimeRanges.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::buffered): TimeRanges -> PlatformTimeRanges.
        * Modules/mediasource/MediaSource.h:

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample): TimeRanges* -> TimeRanges&.

        * WebCore.exp.in: Update for signature changes.

        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj: Add PlatformTimeRanges.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::percentLoaded): Create TimeRanges from PlatformTimeRanges.
        (WebCore::HTMLMediaElement::buffered): Ditto.
        (WebCore::HTMLMediaElement::seekable): Ditto.

        * html/MediaController.cpp:
        (MediaController::buffered): TimeRanges* -> TimeRanges&.
        (MediaController::seekable): Ditto.
        (MediaController::played): Ditto.

        Move all of the logic into PlatformTimeRanges. Change API to take TimeRanges& instead of TimeRanges*.
        * html/TimeRanges.cpp:
        (WebCore::TimeRanges::create): Move to .cpp from .h.
        (WebCore::TimeRanges::TimeRanges): Initialize the PlatformTimeRanges member variable.
        (WebCore::TimeRanges::start): Passthrough to PlatformTimeRanges.
        (WebCore::TimeRanges::end): Ditto.
        (WebCore::TimeRanges::invert): Ditto.
        (WebCore::TimeRanges::copy): Ditto.
        (WebCore::TimeRanges::intersectWith): Ditto.
        (WebCore::TimeRanges::unionWith): Ditto.
        (WebCore::TimeRanges::length): Ditto.
        (WebCore::TimeRanges::add): Ditto.
        (WebCore::TimeRanges::contain): Ditto.
        (WebCore::TimeRanges::find): Ditto.
        (WebCore::TimeRanges::nearest): Ditto.
        (WebCore::TimeRanges::totalDuration): Ditto.
        * html/TimeRanges.h:

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::NullMediaPlayerPrivate::buffered): TimeRanges -> PlatformTimeRanges.
        (WebCore::MediaPlayer::buffered): Ditto.
        (WebCore::MediaPlayer::seekable): Ditto.
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:

        * platform/graphics/MediaSourcePrivateClient.h:

        * platform/graphics/PlatformTimeRanges.cpp: Added.
        * platform/graphics/PlatformTimeRanges.h: Added.

        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::buffered): TimeRanges -> PlatformTimeRanges.
        (WebCore::MediaPlayerPrivateAVFoundation::loadedTimeRangesChanged): Drive-by fix to log
            FunctionType notifications. ASSERT when passed an unknown notification.

        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::MediaPlayerPrivateAVFoundationCF::platformBufferedTimeRanges):  TimeRanges -> PlatformTimeRanges.
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::currentTime): Ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::platformBufferedTimeRanges): Ditto.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekable): Ditto.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::buffered): Ditto.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::buffered): Ditto.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:

        * platform/graphics/ios/MediaPlayerPrivateIOS.h:
        * platform/graphics/ios/MediaPlayerPrivateIOS.mm:
        (WebCore::MediaPlayerPrivateIOS::buffered): Ditto.

        * platform/graphics/mac/MediaPlayerPrivateQTKit.h:
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        (WebCore::MediaPlayerPrivateQTKit::buffered): Ditto.

        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::buffered): Ditto.
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.h:

        * platform/graphics/wince/MediaPlayerPrivateWinCE.h:

        * platform/mock/mediasource/MockMediaPlayerMediaSource.cpp:
        (WebCore::MockMediaPlayerMediaSource::buffered): Ditto.
        (WebCore::MockMediaPlayerMediaSource::advanceCurrentTime): Ditto.
        * platform/mock/mediasource/MockMediaPlayerMediaSource.h:

2014-02-21  Enrica Casucci  <enrica@apple.com>

        Support WebSelections in WK2 on iOS.
        https://bugs.webkit.org/show_bug.cgi?id=127015
        <rdar://problem/15211964>

        Reviewed by Benjamin Poulain.

        Adding some exports.

        * WebCore.exp.in:

2014-02-21  Benjamin Poulain  <bpoulain@apple.com>

        'mouseenter' mouse compat event not fired when listeners for touch events
        https://bugs.webkit.org/show_bug.cgi?id=128534

        Reviewed by Andreas Kling.

        The code dispatching mouseenter and mouseleave events was making the assumption that
        only mouse move would cause Document::updateHoverActiveState.

        This is not true in some cases. In the case of this bug, the first touch handler sets
        the hover state. From there, the code handling enter/leave is in an inconsistent state.

        This patch changes the delivery of mouse enter/leave events to be done through the regular
        processing of mouse events. The update is done with the mouseover and mouseout events.

        * dom/Document.cpp:
        (WebCore::Document::prepareMouseEvent):
        (WebCore::Document::updateHoverActiveState):
        * dom/Document.h:
        * page/EventHandler.cpp:
        (WebCore::nearestCommonHoverAncestor):
        (WebCore::hierarchyHasCapturingEventListeners):
        (WebCore::EventHandler::updateMouseEventTargetNode):

2014-02-21  Jon Honeycutt  <jhoneycutt@apple.com>

        Crash reloading page with position: fixed content
        https://bugs.webkit.org/show_bug.cgi?id=129119
        <rdar://problem/16127090>

        Reviewed by Brent Fulgham.

        Test: platform/mac-wk2/tiled-drawing/crash-reloading-with-position-fixed-content.html

        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::removeDestroyedNodes):
        Check the node's ID against the latched node's ID before the node is
        removed from the tree.

2014-02-21  Joseph Pecoraro  <pecoraro@apple.com>

        Revert r164486, causing a number of test failures.

        Unreviewed rollout.

2014-02-21  David Kilzer  <ddkilzer@apple.com>

        StyleResolver::loadPendingImage() should take a reference to StylePendingImage
        <http://webkit.org/b/129021>

        Reviewed by Brent Fulgham.

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::loadPendingImage): Change pendingImage
        parameter to a reference.
        (WebCore::StyleResolver::loadPendingShapeImage): Update to use
        references.
        (WebCore::StyleResolver::loadPendingImages): Ditto.
        * css/StyleResolver.h:
        (WebCore::StyleResolver::loadPendingImage): Change pendingImage
        parameter to a reference.

2014-02-21  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: JSContext inspection should report exceptions in the console
        https://bugs.webkit.org/show_bug.cgi?id=128776

        Reviewed by Timothy Hatcher.

        Include some clean up of ConsoleMessage and ScriptCallStack construction.

        Covered by existing tests.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::reportException):
        Simplify code now that createStackTraceFromException handles it.

        * page/ContentSecurityPolicy.cpp:
        (WebCore::gatherSecurityPolicyViolationEventData):
        (WebCore::ContentSecurityPolicy::reportViolation):
        ScriptCallStack can give us the first non-native callframe.

        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::buildInitiatorObject):
        * inspector/PageDebuggerAgent.cpp:
        (WebCore::PageDebuggerAgent::breakpointActionLog):
        * inspector/TimelineRecordFactory.cpp:
        (WebCore::TimelineRecordFactory::createGenericRecord):
        * page/Console.cpp:
        (WebCore::internalAddMessage):
        (WebCore::Console::profile):
        (WebCore::Console::profileEnd):
        (WebCore::Console::timeEnd):
        * page/ContentSecurityPolicy.cpp:
        (WebCore::gatherSecurityPolicyViolationEventData):
        (WebCore::ContentSecurityPolicy::reportViolation):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::postMessage):

2014-02-21  Martin Hodovan  <mhodovan@inf.u-szeged.hu>

        Fixing the !ENABLE(SVG_FONTS) build
        https://bugs.webkit.org/show_bug.cgi?id=129150

        Reviewed by Anders Carlsson.

        No new tests required.

        * svg/SVGAltGlyphElement.cpp:
        * svg/SVGAltGlyphElement.h:
        * svg/svgtags.in:

2014-02-21  Radu Stavila  <stavila@adobe.com>

        [CSS Regions] Use the named-flow-specific object RenderNamedFlowFragment instead of the generic RenderRegion whenever possible
        https://bugs.webkit.org/show_bug.cgi?id=128599

        Reviewed by Andrei Bucur.

        Use the named flow specific RenderNamedFlowFragment instead of the generic RenderRegion, whenever possible.
        Move named flow specific methods from RenderRegion to RenderNamedFlowFragment.

        No new tests required.

        * dom/Element.cpp:
        (WebCore::Element::renderNamedFlowFragment):
        (WebCore::Element::webkitRegionOverset):
        (WebCore::Element::webkitGetRegionFlowRanges):
        * dom/Element.h:
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::buildArrayForRegions):
        * rendering/PaintInfo.h:
        (WebCore::PaintInfo::PaintInfo):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::paint):
        (WebCore::RenderBlock::paintObject):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::paintBoxDecorations):
        (WebCore::RenderBox::pushContentsClip):
        (WebCore::RenderBox::layoutOverflowRectForPropagation):
        * rendering/RenderBox.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintMaskForTextFillBox):
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderInline.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paint):
        (WebCore::RenderLayer::paintLayer):
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::paintLayerByApplyingTransform):
        (WebCore::RenderLayer::updatePaintingInfoForFragments):
        (WebCore::RenderLayer::paintTransformedLayerIntoFragments):
        (WebCore::RenderLayer::paintBackgroundForFragments):
        (WebCore::RenderLayer::paintForegroundForFragmentsWithPhase):
        (WebCore::RenderLayer::paintOutlineForFragments):
        (WebCore::RenderLayer::paintMaskForFragments):
        (WebCore::RenderLayer::mapLayerClipRectsToFragmentationLayer):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayer.h:
        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::getRanges):
        * rendering/RenderNamedFlowFragment.h:
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::updateWritingMode):
        (WebCore::compareRenderNamedFlowFragments):
        (WebCore::addFragmentToList):
        (WebCore::RenderNamedFlowThread::addFragmentToNamedFlowThread):
        (WebCore::RenderNamedFlowThread::addRegionToThread):
        (WebCore::RenderNamedFlowThread::removeRegionFromThread):
        (WebCore::RenderNamedFlowThread::computeOversetStateForRegions):
        (WebCore::RenderNamedFlowThread::checkInvalidRegions):
        (WebCore::RenderNamedFlowThread::getRanges):
        (WebCore::RenderNamedFlowThread::checkRegionsWithStyling):
        (WebCore::RenderNamedFlowThread::clearRenderObjectCustomStyle):
        * rendering/RenderNamedFlowThread.h:
        * rendering/RenderRegion.cpp:
        * rendering/RenderRegion.h:
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::shouldPaint):
        * rendering/RenderReplica.cpp:
        (WebCore::RenderReplica::paint):
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::paint):
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::paintReplaced):

2014-02-21  Andrei Bucur  <abucur@adobe.com>

        [CSS Regions] Regions don't paint correctly in new-multicol elements
        https://bugs.webkit.org/show_bug.cgi?id=120711

        Reviewed by David Hyatt.

        This patch implements basic support for regions inside multi-column elements.
        Currently, the painting and hit-testing logic of CSS Regions is not aware of
        enclosing multi-column elements. The change is integrated at a layer level by
        making use of the pre-computed layer fragments during the painting and hit-testing
        phases for regions.

        There are limitations such that self painting layers found inside the named flow
        thread layer will not be correctly processed because they don't go through the
        layer fragment collection step. This is not trivial to implement because the enclosing
        pagination layer provided by the multi-column element is not visibile from inside
        the named flow thread layer and they reside in different coordinate systems.

        A side effect of this patch is the fix of regions incorrect clipping in certain
        cases (when both a region and its container clip their overflow, the region's
        content is visible outside the container).

        Tests: fast/regions/region-clipping.html
               fast/regions/regions-in-multicol-bt.html
               fast/regions/regions-in-multicol-hover-overflow.html
               fast/regions/regions-in-multicol-hover.html
               fast/regions/regions-in-multicol-lr.html
               fast/regions/regions-in-multicol-rl.html
               fast/regions/regions-in-multicol.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::hitTestLayer):
        (WebCore::RenderLayer::paintFlowThreadIfRegionForFragments):
        (WebCore::RenderLayer::hitTestFlowThreadIfRegionForFragments):
        * rendering/RenderLayer.h:

2014-02-21  Mihai Tica  <mitica@adobe.com>

        [CSS Blending] Refactor -webkit-blend-mode to -webkit-mix-blend-mode
        https://bugs.webkit.org/show_bug.cgi?id=128805

        Reviewed by Dean Jackson.

        The spec defines the mix-blend-mode property. This means that the
        prefixed version should be -webkit-mix-blend-mode, instead of
        -webkit-blend-mode.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        (WebCore::isKeywordPropertyID):
        (WebCore::CSSParser::parseValue):
        * css/CSSPropertyNames.in:
        * css/DeprecatedStyleBuilder.cpp:
        (WebCore::DeprecatedStyleBuilder::DeprecatedStyleBuilder):

2014-02-21  Ryosuke Niwa  <rniwa@webkit.org>

        Bindings tests rebaseline after r164473.

        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj mutablePoint]):
        (-[DOMTestObj immutablePoint]):
        (-[DOMTestObj mutablePointFunction]):
        (-[DOMTestObj immutablePointFunction]):
        * bindings/scripts/test/ObjC/DOMTestTypedefs.mm:
        (-[DOMTestTypedefs immutablePointFunction]):

2014-02-21  Tim Horton  <timothy_horton@apple.com>

        Remove removed symbol from exports list.

        * WebCore.exp.in:

2014-02-20  ChangSeok Oh  <changseok.oh@collabora.com>

        Rename EXT_draw_buffers to WEBGL_draw_buffers
        https://bugs.webkit.org/show_bug.cgi?id=128894

        Reviewed by Dean Jackson.

        I noticed the related spec has changed. Accordingly chromium also changed its implementation
        to meet the spec. So here I'd like to apply it to webkit as well.

        Merged from Blink (patch by bajones):
        https://src.chromium.org/viewvc/blink?revision=152065&view=revision

        Test: fast/canvas/webgl/webgl-draw-buffers.html

        * CMakeLists.txt:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * GNUmakefile.list.am:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSWebGLRenderingContextCustom.cpp:
        (WebCore::toJS):
        * html/canvas/EXTDrawBuffers.idl: Removed.
        * html/canvas/WebGLDrawBuffers.cpp: Renamed from Source/WebCore/html/canvas/EXTDrawBuffers.cpp.
        (WebCore::WebGLDrawBuffers::WebGLDrawBuffers):
        (WebCore::WebGLDrawBuffers::~WebGLDrawBuffers):
        (WebCore::WebGLDrawBuffers::getName):
        (WebCore::WebGLDrawBuffers::create):
        (WebCore::WebGLDrawBuffers::supported):
        (WebCore::WebGLDrawBuffers::drawBuffersWEBGL):
        (WebCore::WebGLDrawBuffers::satisfiesWebGLRequirements):
        * html/canvas/WebGLDrawBuffers.h: Renamed from Source/WebCore/html/canvas/EXTDrawBuffers.h.
        * html/canvas/WebGLDrawBuffers.idl: Added.
        * html/canvas/WebGLExtension.h:
        * html/canvas/WebGLFramebuffer.cpp:
        (WebCore::WebGLFramebuffer::drawBuffersIfNecessary):
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getExtension):
        (WebCore::WebGLRenderingContext::getParameter):
        (WebCore::WebGLRenderingContext::getSupportedExtensions):
        (WebCore::WebGLRenderingContext::validateFramebufferFuncParameters):
        (WebCore::WebGLRenderingContext::supportsDrawBuffers):
        * html/canvas/WebGLRenderingContext.h:

2014-02-20  Ryosuke Niwa  <rniwa@webkit.org>

        m_ancestorDisabledState should never be unknown
        https://bugs.webkit.org/show_bug.cgi?id=129084

        Reviewed by Benjamin Poulain.

        In order to resolve the bug 129035, a text form control elements needs to synchronously change
        its inner text element's editability by setting or unsetting contenteditable content attribute.
        Before this patch, we could not do this because editability of a text form control dependent on
        its disabled-ness which was only computed lazily via updateAncestorDisabledState().

        This patch makes HTMLFieldSetElement and HTMLFormControlElement update this state synchronously.
        To avoid O(k) DOM traversal, where k is the depth of the tree, in insertedInto and removedFrom of
        HTMLFormControlElement on most pages, a new document-level flag, m_disabledFieldsetElementsCount,
        has been added to indicate whether the document contains any disabled fieldset or not.

        Also renamed the misleadingly named disabledAttributeChanged to disabledStateChanged, and added
        new function of the same name (disabledAttributeChanged) to be used by HTMLFieldSetElement
        for keeping the document-level flag up-to-date upon disabled attribute changes.

        Tests: fast/forms/fieldset/fieldset-disabled-2.html

        * dom/Document.cpp:
        (WebCore::Document::Document): Initializes newly added m_disabledFieldsetElementsCount.
        (WebCore::Document::~Document): Assert that we've done house keeping right.
        * dom/Document.h:
        (WebCore::Document::hasDisabledFieldsetElement): Added.
        (WebCore::Document::addDisabledFieldsetElement): Added.
        (WebCore::Document::removeDisabledFieldsetElement): Added.

        * html/HTMLFieldSetElement.cpp:
        (WebCore::HTMLFieldSetElement::~HTMLFieldSetElement): Removes itself from the owner document.

        (WebCore::updateFromControlElementsAncestorDisabledStateUnder): Added. Updates startNode and
        its descendants' ancestor disabled flag. We don't update controls under another disabled
        fieldset element since disabled-ness of those controls aren't affected by startNode.

        (WebCore::HTMLFieldSetElement::disabledAttributeChanged): Call addDisabledFieldsetElement and
        removeDisabledFieldsetElement to update the owner document's flag.

        (WebCore::HTMLFieldSetElement::disabledStateChanged): Renamed from disabledAttributeChanged. 
        Enable form control elements under the first legend element and disable or enable other
        descendent form controls in accordance with the presence of disabled content attribute.

        (WebCore::HTMLFieldSetElement::childrenChanged): Update disabled-ness of form controls under
        child legend elements because controls aren't disabled in the first legend element, and adding
        or removing child elements may have changed the first legend element.

        (WebCore::HTMLFieldSetElement::didMoveToNewDocument): Update the flag on the owner document.
        * html/HTMLFieldSetElement.h:

        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::HTMLFormControlElement):
        (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor): Returns boolean instead of
        updating m_ancestorDisabledState internally. Also renamed from updateAncestorDisabledState.

        (WebCore::HTMLFormControlElement::setAncestorDisabled): Replaced ancestorDisabledStateWasChanged.
        This function updates m_disabledByAncestorFieldset and calls disabledAttributeChanged as needed.

        (WebCore::HTMLFormControlElement::disabledAttributeChanged): Added. Calls disabledStateChanged.
        (WebCore::HTMLFormControlElement::disabledStateChanged): Renamed from disabledAttributeChanged.

        (WebCore::HTMLFormControlElement::insertedInto): Update m_disabledByAncestorFieldset if there is
        a possibility (i.e. the document contains any disabled fieldset element) that this form control
        is inserted under a disabled fieldset element.

        (WebCore::HTMLFormControlElement::removedFrom): If this form control element is not disabled by
        a fieldset ancestor, then there is nothing to do. If it is, then check to see if the element is
        still disabled now that we've lost some ancestors.

        (WebCore::HTMLFormControlElement::isDisabledFormControl): No longer updates m_ancestorDisabledState
        lazily since m_disabledByAncestorFieldset is never ambiguous now.

        * html/HTMLFormControlElement.h:
        (WebCore::HTMLFormControlElement::disabledByAncestorFieldset): Added.

2014-02-20  Zalan Bujtas  <zalan@apple.com>

        Remove redundant deviceScaleFactor() functions and make callers use Document::deviceScaleFactor() when accessible.
        https://bugs.webkit.org/show_bug.cgi?id=129137

        Reviewed by Simon Fraser.

        No change in behavior.

        * editing/DeleteButtonController.cpp:
        (WebCore::DeleteButtonController::createDeletionUI):
        * page/Page.cpp:
        * page/Page.h:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::GraphicsContext):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::platformInit):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        (WebCore::RenderBoxModelObject::drawBoxSideFromPath):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::imageSizeForError):
        (WebCore::RenderImage::paintReplaced):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::drawPlatformResizerImage):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::drawLineForBoxSide):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintProgressBar):
        * rendering/svg/SVGRenderingContext.cpp:
        (WebCore::SVGRenderingContext::calculateTransformationToOutermostCoordinateSystem):

2014-02-20  David Kilzer  <ddkilzer@apple.com>

        Stop generating Objective-C bindings for the SVG DOM
        <http://webkit.org/b/129107>

        Reviewed by Timothy Hatcher.

        Bug 114076 stopped compiling the Objective-C bindings for the
        SVG DOM, but we continued to generate the header and source
        files after that landed in r147822.  This patch also stops
        generating the unused header and source files.

        * DerivedSources.make:
        - Split BINDING_IDLS into NON_SVG_BINDING_IDLS and
          SVG_BINDING_IDLS so that they may operated on separately.
        - Define BINDING_IDLS again as the full list of IDL files.
        - Rename DOM_CLASSES to JS_DOM_CLASSES so that JavaScript
          bindings are still generated for all IDL files.
        - Add OBJC_DOM_CLASSES so that Objective-C bindings are only
          generated for non-SVG IDL files.

        * bindings/scripts/CodeGeneratorObjC.pm:
        (GetBaseClass):
        (GetPropertyAttributes):
        (AddIncludesForType):
        (GenerateHeader):
        (GenerateImplementation):
        - Remove support for SVG classes.

2014-02-20  Simon Fraser  <simon.fraser@apple.com>

        RenderBox::updateShapeOutsideInfoAfterStyleChange shows up on profiles
        https://bugs.webkit.org/show_bug.cgi?id=129075

        Reviewed by Dean Jackson.

        updateShapeOutsideInfoAfterStyleChange() showed up on profiles in content
        with no shapes. Avoid calling this if no style has shapeOutside().

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::styleDidChange):

2014-02-20  ChangSeok Oh  <changseok.oh@collabora.com>

        Remove unused chromium stuff in Extensions3D
        https://bugs.webkit.org/show_bug.cgi?id=129086

        Reviewed by Anders Carlsson.

        Remove GL_CHROMIUM_copy_texture and GL_CHROMIUM_flipy interfaces since they are used nowhere.

        No new tests since no functionality changed.

        * platform/graphics/Extensions3D.h:
        * platform/graphics/opengl/Extensions3DOpenGL.cpp:
        * platform/graphics/opengl/Extensions3DOpenGL.h:
        * platform/graphics/opengl/Extensions3DOpenGLES.cpp:
        * platform/graphics/opengl/Extensions3DOpenGLES.h:

2014-02-20  Joseph Pecoraro  <pecoraro@apple.com>

        [iOS] Assert / crash trying to draw empty checked input
        https://bugs.webkit.org/show_bug.cgi?id=129138

        Reviewed by Simon Fraser.

        Test: fast/forms/checkbox-empty-size.html

        * rendering/RenderThemeIOS.mm:
        (WebCore::shortened):
        Avoid a divide by 0, but checking for the condition upfront.

2014-02-20  Benjamin Poulain  <bpoulain@apple.com>

        Start fixing the view states driven by the WKScrollView
        https://bugs.webkit.org/show_bug.cgi?id=129140

        Reviewed by Tim Horton and Simon Fraser.

        * platform/graphics/ca/mac/TileController.mm:
        (WebCore::TileController::scaledExposedRect):
        That comment was more confusing than helping. FrameView-relative coordinates should not need
        scaling.

2014-02-20  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Start to use std::unique_ptr for DragImageLoader
        https://bugs.webkit.org/show_bug.cgi?id=129078

        Reviewed by Ryosuke Niwa.

        As a step to use std::unique_ptr, this patch replace uses of OwnPtr and PassOwnPtr
        in the DragImageLoader class with std::unique_ptr. Besides DragImageLoader is set to
        non-copyable class.

        * dom/Clipboard.cpp:
        (WebCore::Clipboard::setDragImage):
        * dom/Clipboard.h:

2014-02-20  Brady Eidson  <beidson@apple.com>

        Move the image controls setting to Settings.in
        https://bugs.webkit.org/show_bug.cgi?id=129126

        Reviewed by Tim Horton.

        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        * page/Settings.h:
        * page/Settings.in:

2014-02-20  Brady Eidson  <beidson@apple.com>

        Add very basic image control rendering
        https://bugs.webkit.org/show_bug.cgi?id=129080

        Reviewed by Tim Horton.

        Test: fast/images/image-controls-basic.html

        This patch is groundwork that adds a very basic image control that can render on top of images.

        * dom/Node.h:
        (WebCore::Node:: isImageControlsRootElement): Returns false, unless you are an ImageControls object.
        * html/HTMLAttributeNames.in:

        Teach HTMLImageElement how to understand an experimental attribute to install controls,
        how to actually build the DOM to attach to the shadow root, how to tear that DOM down,
        and how to make sure that Renderers are created for that DOM:
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::HTMLImageElement):
        (WebCore::HTMLImageElement::parseAttribute):
        (WebCore::HTMLImageElement::didAttachRenderers):
        (WebCore::HTMLImageElement::updateImageControls):
        (WebCore::HTMLImageElement::createImageControls):
        (WebCore::HTMLImageElement::destroyImageControls):
        (WebCore::HTMLImageElement::hasImageControls):
        (WebCore::HTMLImageElement::childShouldCreateRenderer):
        * html/HTMLImageElement.h:
        (WebCore::HTMLImageElement::hasShadowControls): For RenderImage to query when it is constructed. 

        Add a generic, platform independent ImageControls root element that does nothing:
        * html/shadow/ImageControlsRootElement.cpp: Added.
        (WebCore::ImageControlsRootElement::maybeCreate):
        (WebCore::ImageControlsRootElement::ImageControlsRootElement):
        (WebCore::ImageControlsRootElement::~ImageControlsRootElement):
        * html/shadow/ImageControlsRootElement.h: Added.

        Add a Mac-specific ImageControls root element that renders a 20x20 red box (for now):
        * html/shadow/mac/ImageControlsRootElementMac.cpp: Added.
        (WebCore::ImageControlsRootElementMac::ImageControlsRootElementMac):
        (WebCore::ImageControlsRootElementMac::~ImageControlsRootElementMac):
        (WebCore::ImageControlsRootElement::maybeCreate):
        (WebCore::ImageControlsRootElementMac::maybeCreate):
        * html/shadow/mac/ImageControlsRootElementMac.h: Added.

        Since much of the RenderMedia::layout() method is now required for RenderImage as well,
        move the logic to RenderImage. The extra work is controlled by a bool flag that will always
        be set for RenderMedias but will only be set for certain RenderImages:
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::RenderImage):
        (WebCore::RenderImage::canHaveChildren):
        (WebCore::RenderImage::layout):
        (WebCore::RenderImage::layoutShadowControls):
        * rendering/RenderImage.h:
        (WebCore::RenderImage::setHasShadowControls):
        (WebCore::RenderImage::shadowControlsNeedCustomLayoutMetrics):

        * rendering/RenderMedia.cpp:
        (WebCore::RenderMedia::RenderMedia):
        * rendering/RenderMedia.h:
        (WebCore::RenderMedia::shadowControlsNeedCustomLayoutMetrics):

        * WebCore.xcodeproj/project.pbxproj:

== Rolled over to ChangeLog-2014-02-20 ==