2019-10-09 Alan Coon <alancoon@apple.com> Cherry-pick r250887. rdar://problem/56105002 Partially undo r250811 https://bugs.webkit.org/show_bug.cgi?id=202715 <rdar://problem/56084287> Reviewed by Chris Dumez. Source/WebCore: This patch changes the SerializedScriptValue to always wrap CryptoKey objects again. CryptoKey objects could belong to an array or another object. In those cases, IDBObjectStore cannot set the flag for the embedded Cryptokey objects. Neither can postMessage to unset the flag. Therefore, there is no way to separate the serialization process into two and this patch restores the old behaviour. However, the hardening part of r250811 is kept and therefore the crash should still be prevented. No new test, updated existing test * Modules/indexeddb/IDBObjectStore.cpp: (WebCore::IDBObjectStore::putOrAdd): (WebCore::JSC::setIsWrappingRequiredForCryptoKey): Deleted. * bindings/js/SerializedScriptValue.cpp: (WebCore::CloneSerializer::dumpIfTerminal): (WebCore::CloneDeserializer::readTerminal): * crypto/CryptoKey.h: (WebCore::CryptoKey::allows const): (WebCore::CryptoKey::isWrappingRequired const): Deleted. (WebCore::CryptoKey::setIsWrappingRequired): Deleted. (): Deleted. * dom/ScriptExecutionContext.h: Tools: * TestWebKitAPI/Tests/WebKit/navigation-client-default-crypto.html: Modified to crash if SerializedScriptValue doesn't wrap CryptoKey objects. LayoutTests: Some rebaselines. * crypto/workers/subtle/ec-postMessage-worker-expected.txt: * crypto/workers/subtle/hrsa-postMessage-worker-expected.txt: * crypto/workers/subtle/rsa-postMessage-worker-expected.txt: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250887 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-10-08 Jiewen Tan <jiewen_tan@apple.com> Partially undo r250811 https://bugs.webkit.org/show_bug.cgi?id=202715 <rdar://problem/56084287> Reviewed by Chris Dumez. This patch changes the SerializedScriptValue to always wrap CryptoKey objects again. CryptoKey objects could belong to an array or another object. In those cases, IDBObjectStore cannot set the flag for the embedded Cryptokey objects. Neither can postMessage to unset the flag. Therefore, there is no way to separate the serialization process into two and this patch restores the old behaviour. However, the hardening part of r250811 is kept and therefore the crash should still be prevented. No new test, updated existing test * Modules/indexeddb/IDBObjectStore.cpp: (WebCore::IDBObjectStore::putOrAdd): (WebCore::JSC::setIsWrappingRequiredForCryptoKey): Deleted. * bindings/js/SerializedScriptValue.cpp: (WebCore::CloneSerializer::dumpIfTerminal): (WebCore::CloneDeserializer::readTerminal): * crypto/CryptoKey.h: (WebCore::CryptoKey::allows const): (WebCore::CryptoKey::isWrappingRequired const): Deleted. (WebCore::CryptoKey::setIsWrappingRequired): Deleted. (): Deleted. * dom/ScriptExecutionContext.h: 2019-10-09 Alan Coon <alancoon@apple.com> Cherry-pick r250811. rdar://problem/56061124 Only wrapping CryptoKeys for IDB during serialization https://bugs.webkit.org/show_bug.cgi?id=202500 <rdar://problem/52445927> Reviewed by Chris Dumez. Source/WebCore: Wrapping CryptoKeys during IDB serialization is a legacy request from Netflix when WebKit was an early adopter. It is not necessary for other kinds of serialization. However, given existing keys stored in users' idb are wrapped, the wrapping/unwrapping mechanism cannot be easily discarded. Therefore, this patch restricts the wrapping/unwrapping mechanism to idb only. To do so, a isWrappingRequired flag is added to CryptoKey such that whenever idb sees a CryptoKey, it can set it. SerializedScriptValue will then only wrap a CryptoKey when this flag is set. Otherwise, a new tag UnwrappedCryptoKeyTag is used to store unwrapped CryptoKeys in order to keep the old CryptoKeyTag binaries intact. For deserialization, each type will be deserialized differently. Besides the above, this patch also hardens WorkerGlobalScope::wrapCryptoKey/unwrapCryptoKey for any potential racy issues. CryptoBooleanContainer is introduced to capture boolean in the lambda. workerGlobalScope is replaced with workerMessagingProxy. Now, every variables captured in the lambdas should be either a copy or a thread safe ref of the original object. Test: crypto/workers/subtle/aes-indexeddb.html * Modules/indexeddb/IDBObjectStore.cpp: (WebCore::JSC::setIsWrappingRequiredForCryptoKey): (WebCore::IDBObjectStore::putOrAdd): * bindings/js/SerializedScriptValue.cpp: (WebCore::CloneSerializer::dumpIfTerminal): (WebCore::CloneDeserializer::readTerminal): * crypto/CryptoKey.h: (WebCore::CryptoKey::isWrappingRequired const): (WebCore::CryptoKey::setIsWrappingRequired): * dom/ScriptExecutionContext.h: * workers/WorkerGlobalScope.cpp: (WebCore::CryptoBooleanContainer::create): (WebCore::CryptoBooleanContainer::boolean const): (WebCore::CryptoBooleanContainer::setBoolean): (WebCore::WorkerGlobalScope::wrapCryptoKey): (WebCore::WorkerGlobalScope::unwrapCryptoKey): * workers/WorkerGlobalScope.h: * workers/WorkerLoaderProxy.h: (WebCore::WorkerLoaderProxy::isWorkerMessagingProxy const): * workers/WorkerMessagingProxy.h: (isType): Tools: Modifies IndexedDB.StructuredCloneBackwardCompatibility test to include CryptoKeys. * TestWebKitAPI/Tests/WebKitCocoa/IndexedDBStructuredCloneBackwardCompatibility.mm: (-[StructuredCloneBackwardCompatibilityNavigationDelegate _webCryptoMasterKeyForWebView:]): (TEST): * TestWebKitAPI/Tests/WebKitCocoa/IndexedDBStructuredCloneBackwardCompatibility.sqlite3: * TestWebKitAPI/Tests/WebKitCocoa/IndexedDBStructuredCloneBackwardCompatibility.sqlite3-shm: * TestWebKitAPI/Tests/WebKitCocoa/IndexedDBStructuredCloneBackwardCompatibility.sqlite3-wal: * TestWebKitAPI/Tests/WebKitCocoa/IndexedDBStructuredCloneBackwardCompatibilityRead.html: * TestWebKitAPI/Tests/WebKitCocoa/IndexedDBStructuredCloneBackwardCompatibilityWrite.html: LayoutTests: Adds a new test aes-indexeddb.html to do idb in workers and makes other tests more deterministic. * crypto/workers/subtle/aes-indexeddb-expected.txt: Added. * crypto/workers/subtle/aes-indexeddb.html: Added. * crypto/workers/subtle/ec-postMessage-worker-expected.txt: * crypto/workers/subtle/ec-postMessage-worker.html: * crypto/workers/subtle/hrsa-postMessage-worker-expected.txt: * crypto/workers/subtle/hrsa-postMessage-worker.html: * crypto/workers/subtle/resources/aes-indexeddb.js: Added. * crypto/workers/subtle/rsa-postMessage-worker-expected.txt: * crypto/workers/subtle/rsa-postMessage-worker.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250811 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-10-07 Jiewen Tan <jiewen_tan@apple.com> Only wrapping CryptoKeys for IDB during serialization https://bugs.webkit.org/show_bug.cgi?id=202500 <rdar://problem/52445927> Reviewed by Chris Dumez. Wrapping CryptoKeys during IDB serialization is a legacy request from Netflix when WebKit was an early adopter. It is not necessary for other kinds of serialization. However, given existing keys stored in users' idb are wrapped, the wrapping/unwrapping mechanism cannot be easily discarded. Therefore, this patch restricts the wrapping/unwrapping mechanism to idb only. To do so, a isWrappingRequired flag is added to CryptoKey such that whenever idb sees a CryptoKey, it can set it. SerializedScriptValue will then only wrap a CryptoKey when this flag is set. Otherwise, a new tag UnwrappedCryptoKeyTag is used to store unwrapped CryptoKeys in order to keep the old CryptoKeyTag binaries intact. For deserialization, each type will be deserialized differently. Besides the above, this patch also hardens WorkerGlobalScope::wrapCryptoKey/unwrapCryptoKey for any potential racy issues. CryptoBooleanContainer is introduced to capture boolean in the lambda. workerGlobalScope is replaced with workerMessagingProxy. Now, every variables captured in the lambdas should be either a copy or a thread safe ref of the original object. Test: crypto/workers/subtle/aes-indexeddb.html * Modules/indexeddb/IDBObjectStore.cpp: (WebCore::JSC::setIsWrappingRequiredForCryptoKey): (WebCore::IDBObjectStore::putOrAdd): * bindings/js/SerializedScriptValue.cpp: (WebCore::CloneSerializer::dumpIfTerminal): (WebCore::CloneDeserializer::readTerminal): * crypto/CryptoKey.h: (WebCore::CryptoKey::isWrappingRequired const): (WebCore::CryptoKey::setIsWrappingRequired): * dom/ScriptExecutionContext.h: * workers/WorkerGlobalScope.cpp: (WebCore::CryptoBooleanContainer::create): (WebCore::CryptoBooleanContainer::boolean const): (WebCore::CryptoBooleanContainer::setBoolean): (WebCore::WorkerGlobalScope::wrapCryptoKey): (WebCore::WorkerGlobalScope::unwrapCryptoKey): * workers/WorkerGlobalScope.h: * workers/WorkerLoaderProxy.h: (WebCore::WorkerLoaderProxy::isWorkerMessagingProxy const): * workers/WorkerMessagingProxy.h: (isType): 2019-10-08 Alan Coon <alancoon@apple.com> Cherry-pick r250694. rdar://problem/56061133 [iOS] WebContent process can be interrupted during suspension; loses "Now Playing" status https://bugs.webkit.org/show_bug.cgi?id=202537 <rdar://problem/55952707> Reviewed by Eric Carlson. Always deactivate the AVAudioSession when the last playing PlatformAudioSession ends playback and the application is in the background. * platform/audio/PlatformMediaSessionManager.cpp: (WebCore::PlatformMediaSessionManager::removeSession): (WebCore::PlatformMediaSessionManager::processWillSuspend): (WebCore::PlatformMediaSessionManager::maybeDeactivateAudioSession): * platform/audio/PlatformMediaSessionManager.h: (WebCore::PlatformMediaSessionManager::isApplicationInBackground const): * platform/audio/ios/MediaSessionManagerIOS.h: * platform/audio/ios/MediaSessionManagerIOS.mm: (WebCore::MediaSessionManageriOS::sessionWillEndPlayback): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250694 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-10-03 Jer Noble <jer.noble@apple.com> [iOS] WebContent process can be interrupted during suspension; loses "Now Playing" status https://bugs.webkit.org/show_bug.cgi?id=202537 <rdar://problem/55952707> Reviewed by Eric Carlson. Always deactivate the AVAudioSession when the last playing PlatformAudioSession ends playback and the application is in the background. * platform/audio/PlatformMediaSessionManager.cpp: (WebCore::PlatformMediaSessionManager::removeSession): (WebCore::PlatformMediaSessionManager::processWillSuspend): (WebCore::PlatformMediaSessionManager::maybeDeactivateAudioSession): * platform/audio/PlatformMediaSessionManager.h: (WebCore::PlatformMediaSessionManager::isApplicationInBackground const): * platform/audio/ios/MediaSessionManagerIOS.h: * platform/audio/ios/MediaSessionManagerIOS.mm: (WebCore::MediaSessionManageriOS::sessionWillEndPlayback): 2019-10-03 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r250642. rdar://problem/55947639 [iOS] When hit testing for a context menu interaction, do not consider whether the element is contenteditable https://bugs.webkit.org/show_bug.cgi?id=202498 <rdar://problem/54723131> Reviewed by Tim Horton. Source/WebCore: When the user selects a context menu action, WebKit performs a hit test in order to find the acted-on element on the page. This is separate from the hit test performed to generate the context menu's targeted preview. Since an arbitrary amount of time can elapse between preview generation and action selection, this second hit-tests might return a different element. One case where we know a different element can be returned is in apps that dynamically enable and disable editing. If editing is disabled when the first hit test occurs but is enabled when the second one occurs, different elements will be returned due to Frame::qualifyingNodeAtViewportLocation preferring to return the root editable element when the approximate node is contenteditable. While the appropriate long-term fix is to only hit-test once and use that element for both preview generation and action selection, this patch implements a short-term fix to address the specific problem in rdar://problem/54723131 by disabling the contenteditable behavior described above for context menu interaction hit testing. The long-term fix is tracked by <https://webkit.org/b/202499>. * page/Frame.h: * page/ios/FrameIOS.mm: (WebCore::Frame::qualifyingNodeAtViewportLocation): (WebCore::Frame::approximateNodeAtViewportLocationLegacy): (WebCore::ancestorRespondingToClickEventsNodeQualifier): (WebCore::Frame::nodeRespondingToClickEvents): (WebCore::Frame::nodeRespondingToDoubleClickEvent): (WebCore::Frame::nodeRespondingToInteraction): (WebCore::Frame::nodeRespondingToScrollWheelEvents): Source/WebKit: * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::startInteractionWithElementAtPosition): Changed to call WebCore::Frame::nodeRespondingToInteraction. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250642 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-10-02 Andy Estes <aestes@apple.com> [iOS] When hit testing for a context menu interaction, do not consider whether the element is contenteditable https://bugs.webkit.org/show_bug.cgi?id=202498 <rdar://problem/54723131> Reviewed by Tim Horton. When the user selects a context menu action, WebKit performs a hit test in order to find the acted-on element on the page. This is separate from the hit test performed to generate the context menu's targeted preview. Since an arbitrary amount of time can elapse between preview generation and action selection, this second hit-tests might return a different element. One case where we know a different element can be returned is in apps that dynamically enable and disable editing. If editing is disabled when the first hit test occurs but is enabled when the second one occurs, different elements will be returned due to Frame::qualifyingNodeAtViewportLocation preferring to return the root editable element when the approximate node is contenteditable. While the appropriate long-term fix is to only hit-test once and use that element for both preview generation and action selection, this patch implements a short-term fix to address the specific problem in rdar://problem/54723131 by disabling the contenteditable behavior described above for context menu interaction hit testing. The long-term fix is tracked by <https://webkit.org/b/202499>. * page/Frame.h: * page/ios/FrameIOS.mm: (WebCore::Frame::qualifyingNodeAtViewportLocation): (WebCore::Frame::approximateNodeAtViewportLocationLegacy): (WebCore::ancestorRespondingToClickEventsNodeQualifier): (WebCore::Frame::nodeRespondingToClickEvents): (WebCore::Frame::nodeRespondingToDoubleClickEvent): (WebCore::Frame::nodeRespondingToInteraction): (WebCore::Frame::nodeRespondingToScrollWheelEvents): 2019-10-01 Alan Coon <alancoon@apple.com> Cherry-pick r250528. rdar://problem/55876838 Refine restrictions for X-Temp-Tablet HTTP header experiment https://bugs.webkit.org/show_bug.cgi?id=202367 <rdar://problem/55849139> Reviewed by Geoffrey Garen. Refine restrictions for X-Temp-Tablet HTTP header experiment: 1. Only send the header if the embedding application is MobileSafari. 2. Only send the header if the first party is google.com 3. Only send the header if the current date is before 2/1/2020 4. Send the header even if using an ephemeral session * loader/cache/CachedResourceLoader.cpp: (WebCore::isXTempTabletHeaderExperimentOver): (WebCore::CachedResourceLoader::CachedResourceLoader): (WebCore::isGoogleSearch): (WebCore::CachedResourceLoader::shouldSendXTempTabletHeader const): (WebCore::CachedResourceLoader::requestResource): * loader/cache/CachedResourceLoader.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250528 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-30 Chris Dumez <cdumez@apple.com> Refine restrictions for X-Temp-Tablet HTTP header experiment https://bugs.webkit.org/show_bug.cgi?id=202367 <rdar://problem/55849139> Reviewed by Geoffrey Garen. Refine restrictions for X-Temp-Tablet HTTP header experiment: 1. Only send the header if the embedding application is MobileSafari. 2. Only send the header if the first party is google.com 3. Only send the header if the current date is before 2/1/2020 4. Send the header even if using an ephemeral session * loader/cache/CachedResourceLoader.cpp: (WebCore::isXTempTabletHeaderExperimentOver): (WebCore::CachedResourceLoader::CachedResourceLoader): (WebCore::isGoogleSearch): (WebCore::CachedResourceLoader::shouldSendXTempTabletHeader const): (WebCore::CachedResourceLoader::requestResource): * loader/cache/CachedResourceLoader.h: 2019-09-30 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r250483. rdar://problem/55825351 [Experiment][iOS] Add temporary HTTP header to distinguish iPads for requests to Google https://bugs.webkit.org/show_bug.cgi?id=202335 <rdar://problem/55790994> Reviewed by Maciej Stachowiak. * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::requestResource): * platform/network/HTTPHeaderNames.in: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250483 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-28 Chris Dumez <cdumez@apple.com> [Experiment][iOS] Add temporary HTTP header to distinguish iPads for requests to Google https://bugs.webkit.org/show_bug.cgi?id=202335 <rdar://problem/55790994> Reviewed by Maciej Stachowiak. * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::requestResource): * platform/network/HTTPHeaderNames.in: 2019-09-30 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r250488. rdar://problem/55826334 Crash when removing the target element while animating its attributes https://bugs.webkit.org/show_bug.cgi?id=202247 Reviewed by Darin Adler. Source/WebCore: If SMIL is animating a CSS attribute, there is a chance the animation is ended while it is being started or progressed. For that reason, the member SVGAnimateElementBase::m_animator has to be made RefPtr and it has to be be protected in resetAnimatedType() and calculateAnimatedValue(). While SMILTimeContainer::updateAnimations() is calling progress() for the scheduled animation elements, SMILTimeContainer::unschedule() might get called if processing an animation causes events to be dispatched. For that reason we need to copy the scheduled animations Vector before processing them so we avoid changing the Vector while looping through its items. Remove the guard SMILTimeContainer::m_preventScheduledAnimationsChanges which was added in r129670 for debugging purposes. In some situations, the scheduled animations map could be modified out from under some of the functions of SMILTimeContainer. Test: svg/animations/animate-and-remove-target-element.html * svg/SVGAnimateElementBase.cpp: (WebCore::SVGAnimateElementBase::resetAnimatedType): (WebCore::SVGAnimateElementBase::calculateAnimatedValue): * svg/SVGAnimateElementBase.h: * svg/SVGElement.cpp: (WebCore::SVGElement::createAnimator): * svg/SVGElement.h: * svg/animation/SMILTimeContainer.cpp: (WebCore::SMILTimeContainer::schedule): (WebCore::SMILTimeContainer::unschedule): (WebCore::SMILTimeContainer::setElapsed): (WebCore::SMILTimeContainer::sortByPriority): (WebCore::SMILTimeContainer::processAnimations): (WebCore::SMILTimeContainer::processScheduledAnimations): (WebCore::SMILTimeContainer::updateAnimations): (WebCore::SMILTimeContainer::~SMILTimeContainer): Deleted. * svg/animation/SMILTimeContainer.h: * svg/animation/SVGSMILElement.cpp: (WebCore::SVGSMILElement::calculateNextProgressTime const): * svg/properties/SVGAnimatedPropertyAccessorImpl.h: * svg/properties/SVGAnimatedPropertyAnimatorImpl.h: * svg/properties/SVGAnimatedPropertyPairAccessorImpl.h: * svg/properties/SVGAnimatedPropertyPairAnimator.h: * svg/properties/SVGAnimatedPropertyPairAnimatorImpl.h: * svg/properties/SVGAttributeAnimator.h: * svg/properties/SVGMemberAccessor.h: (WebCore::SVGMemberAccessor::createAnimator const): * svg/properties/SVGPrimitivePropertyAnimator.h: (WebCore::SVGPrimitivePropertyAnimator::create): * svg/properties/SVGPropertyAnimatorFactory.h: (WebCore::SVGPropertyAnimatorFactory::createAnimator): * svg/properties/SVGPropertyOwnerRegistry.h: * svg/properties/SVGPropertyRegistry.h: * svg/properties/SVGValuePropertyAnimatorImpl.h: * svg/properties/SVGValuePropertyListAnimatorImpl.h: LayoutTests: * svg/animations/animate-and-remove-target-element-expected.txt: Added. * svg/animations/animate-and-remove-target-element.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250488 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-28 Said Abou-Hallawa <sabouhallawa@apple.com> Crash when removing the target element while animating its attributes https://bugs.webkit.org/show_bug.cgi?id=202247 Reviewed by Darin Adler. If SMIL is animating a CSS attribute, there is a chance the animation is ended while it is being started or progressed. For that reason, the member SVGAnimateElementBase::m_animator has to be made RefPtr and it has to be be protected in resetAnimatedType() and calculateAnimatedValue(). While SMILTimeContainer::updateAnimations() is calling progress() for the scheduled animation elements, SMILTimeContainer::unschedule() might get called if processing an animation causes events to be dispatched. For that reason we need to copy the scheduled animations Vector before processing them so we avoid changing the Vector while looping through its items. Remove the guard SMILTimeContainer::m_preventScheduledAnimationsChanges which was added in r129670 for debugging purposes. In some situations, the scheduled animations map could be modified out from under some of the functions of SMILTimeContainer. Test: svg/animations/animate-and-remove-target-element.html * svg/SVGAnimateElementBase.cpp: (WebCore::SVGAnimateElementBase::resetAnimatedType): (WebCore::SVGAnimateElementBase::calculateAnimatedValue): * svg/SVGAnimateElementBase.h: * svg/SVGElement.cpp: (WebCore::SVGElement::createAnimator): * svg/SVGElement.h: * svg/animation/SMILTimeContainer.cpp: (WebCore::SMILTimeContainer::schedule): (WebCore::SMILTimeContainer::unschedule): (WebCore::SMILTimeContainer::setElapsed): (WebCore::SMILTimeContainer::sortByPriority): (WebCore::SMILTimeContainer::processAnimations): (WebCore::SMILTimeContainer::processScheduledAnimations): (WebCore::SMILTimeContainer::updateAnimations): (WebCore::SMILTimeContainer::~SMILTimeContainer): Deleted. * svg/animation/SMILTimeContainer.h: * svg/animation/SVGSMILElement.cpp: (WebCore::SVGSMILElement::calculateNextProgressTime const): * svg/properties/SVGAnimatedPropertyAccessorImpl.h: * svg/properties/SVGAnimatedPropertyAnimatorImpl.h: * svg/properties/SVGAnimatedPropertyPairAccessorImpl.h: * svg/properties/SVGAnimatedPropertyPairAnimator.h: * svg/properties/SVGAnimatedPropertyPairAnimatorImpl.h: * svg/properties/SVGAttributeAnimator.h: * svg/properties/SVGMemberAccessor.h: (WebCore::SVGMemberAccessor::createAnimator const): * svg/properties/SVGPrimitivePropertyAnimator.h: (WebCore::SVGPrimitivePropertyAnimator::create): * svg/properties/SVGPropertyAnimatorFactory.h: (WebCore::SVGPropertyAnimatorFactory::createAnimator): * svg/properties/SVGPropertyOwnerRegistry.h: * svg/properties/SVGPropertyRegistry.h: * svg/properties/SVGValuePropertyAnimatorImpl.h: * svg/properties/SVGValuePropertyListAnimatorImpl.h: 2019-09-30 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249822. rdar://problem/55826334 SVGLengthValue should use two enums for 'type' and 'mode' instead of one unsigned for 'units' https://bugs.webkit.org/show_bug.cgi?id=201663 Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2019-09-12 Reviewed by Simon Fraser, Nikolas Zimmermann. SVGLengthValue had one unsigned to store SVGLengthMode and SVGLengthType. It used to allocate the least significant 4 bits of this unsigned to the SVGLengthMode while it leaves the rest for SVGLengthType. This will not be needed if SVGLengthMode and SVGLengthType are made of size uint_8. Also in this patch: -- SVGLengthNegativeValuesMode is made enum class. -- SVGLengthValue::blend() is moved to SVGLengthValue.cpp so we do not need to include SVGLengthContext.h in SVGLengthValue.h. -- SVGLengthType and SVGLengthMode are moved to SVGLengthValue.h. Instead of having SVGLengthValue.h includes SVGLengthConttext.h, the opposite will happen. -- SVGAnimatedPropertyDescription.h is deleted. It should have been deleted with the SVG tear off objects removal. -- SVGPropertyTraits<SVGAngleValue> and SVGPropertyTraits<SVGLengthValue> are deleted. They should have been deleted with SVGAnimatedType removal. -- SVGLengthValue::lengthModeForAnimatedLengthAttribute() is deleted. It was only called from SVGPropertyTraits<SVGLengthValue>. * WebCore.xcodeproj/project.pbxproj: * css/StyleResolver.h: * page/animation/CSSPropertyAnimation.cpp: (WebCore::blendFunc): * rendering/style/SVGRenderStyle.h: (WebCore::SVGRenderStyle::initialBaselineShiftValue): (WebCore::SVGRenderStyle::initialKerning): * rendering/svg/RenderSVGEllipse.cpp: (WebCore::RenderSVGEllipse::calculateRadiiAndCenter): * rendering/svg/RenderSVGRect.cpp: (WebCore::RenderSVGRect::updateShapeFromElement): * rendering/svg/SVGPathData.cpp: (WebCore::pathFromCircleElement): (WebCore::pathFromEllipseElement): (WebCore::pathFromRectElement): * rendering/svg/SVGTextLayoutEngineBaseline.cpp: (WebCore::SVGTextLayoutEngineBaseline::calculateBaselineShift const): * rendering/svg/SVGTextLayoutEngineSpacing.cpp: (WebCore::SVGTextLayoutEngineSpacing::calculateCSSKerningAndSpacing): * svg/LinearGradientAttributes.h: (WebCore::LinearGradientAttributes::LinearGradientAttributes): * svg/RadialGradientAttributes.h: (WebCore::RadialGradientAttributes::RadialGradientAttributes): * svg/SVGAngleValue.h: (WebCore::SVGPropertyTraits<SVGAngleValue>::initialValue): Deleted. (WebCore::SVGPropertyTraits<SVGAngleValue>::toString): Deleted. * svg/SVGCircleElement.cpp: (WebCore::SVGCircleElement::parseAttribute): * svg/SVGCircleElement.h: * svg/SVGCursorElement.cpp: (WebCore::SVGCursorElement::parseAttribute): * svg/SVGCursorElement.h: * svg/SVGEllipseElement.cpp: (WebCore::SVGEllipseElement::parseAttribute): * svg/SVGEllipseElement.h: * svg/SVGFilterElement.cpp: (WebCore::SVGFilterElement::parseAttribute): * svg/SVGFilterElement.h: * svg/SVGFilterPrimitiveStandardAttributes.cpp: (WebCore::SVGFilterPrimitiveStandardAttributes::parseAttribute): * svg/SVGFilterPrimitiveStandardAttributes.h: * svg/SVGForeignObjectElement.cpp: (WebCore::SVGForeignObjectElement::parseAttribute): * svg/SVGForeignObjectElement.h: * svg/SVGImageElement.cpp: (WebCore::SVGImageElement::parseAttribute): * svg/SVGImageElement.h: * svg/SVGLength.h: (WebCore::SVGLength::unitType const): (WebCore::SVGLength::setValueForBindings): (WebCore::SVGLength::newValueSpecifiedUnits): (WebCore::SVGLength::convertToSpecifiedUnits): (WebCore::SVGLength::unitType): Deleted. * svg/SVGLengthContext.cpp: (WebCore::SVGLengthContext::valueForLength): (WebCore::SVGLengthContext::convertValueToUserUnits const): (WebCore::SVGLengthContext::convertValueFromUserUnits const): (WebCore::SVGLengthContext::convertValueFromUserUnitsToPercentage const): (WebCore::SVGLengthContext::convertValueFromPercentageToUserUnits const): * svg/SVGLengthContext.h: (): Deleted. * svg/SVGLengthList.h: (WebCore::SVGLengthList::create): * svg/SVGLengthValue.cpp: (WebCore::lengthTypeToString): (WebCore::parseLengthType): (WebCore::primitiveTypeToLengthType): (WebCore::lengthTypeToPrimitiveType): (WebCore::SVGLengthValue::SVGLengthValue): (WebCore::SVGLengthValue::construct): (WebCore::SVGLengthValue::blend): (WebCore::SVGLengthValue::fromCSSPrimitiveValue): (WebCore::SVGLengthValue::toCSSPrimitiveValue): (WebCore::SVGLengthValue::setValueAsString): (WebCore::SVGLengthValue::valueAsString const): (WebCore::SVGLengthValue::valueForBindings const): (WebCore::SVGLengthValue::setValue): (WebCore::SVGLengthValue::convertToSpecifiedUnits): (WebCore::storeUnit): Deleted. (WebCore::extractMode): Deleted. (WebCore::extractType): Deleted. (WebCore::SVGLengthValue::operator== const): Deleted. (WebCore::SVGLengthValue::operator!= const): Deleted. (WebCore::SVGLengthValue::unitType const): Deleted. (WebCore::SVGLengthValue::unitMode const): Deleted. (WebCore::SVGLengthValue::valueAsPercentage const): Deleted. (WebCore::SVGLengthValue::newValueSpecifiedUnits): Deleted. (WebCore::SVGLengthValue::lengthModeForAnimatedLengthAttribute): Deleted. * svg/SVGLengthValue.h: (WebCore::SVGLengthValue::lengthType const): (WebCore::SVGLengthValue::lengthMode const): (WebCore::SVGLengthValue::isZero const): (WebCore::SVGLengthValue::isRelative const): (WebCore::SVGLengthValue::valueAsPercentage const): (WebCore::SVGLengthValue::valueInSpecifiedUnits const): (WebCore::operator==): (WebCore::operator!=): (WebCore::SVGLengthValue::blend const): Deleted. (WebCore::SVGPropertyTraits<SVGLengthValue>::initialValue): Deleted. (WebCore::SVGPropertyTraits<SVGLengthValue>::parse): Deleted. (WebCore::SVGPropertyTraits<SVGLengthValue>::toString): Deleted. * svg/SVGLineElement.cpp: (WebCore::SVGLineElement::parseAttribute): * svg/SVGLineElement.h: * svg/SVGLinearGradientElement.cpp: (WebCore::SVGLinearGradientElement::parseAttribute): * svg/SVGLinearGradientElement.h: * svg/SVGMarkerElement.cpp: (WebCore::SVGMarkerElement::parseAttribute): * svg/SVGMarkerElement.h: * svg/SVGMaskElement.cpp: (WebCore::SVGMaskElement::parseAttribute): * svg/SVGMaskElement.h: * svg/SVGPatternElement.cpp: (WebCore::SVGPatternElement::parseAttribute): * svg/SVGPatternElement.h: * svg/SVGRadialGradientElement.cpp: (WebCore::SVGRadialGradientElement::parseAttribute): * svg/SVGRadialGradientElement.h: * svg/SVGRectElement.cpp: (WebCore::SVGRectElement::parseAttribute): * svg/SVGRectElement.h: * svg/SVGSVGElement.cpp: (WebCore::SVGSVGElement::parseAttribute): (WebCore::SVGSVGElement::hasIntrinsicWidth const): (WebCore::SVGSVGElement::hasIntrinsicHeight const): (WebCore::SVGSVGElement::intrinsicWidth const): (WebCore::SVGSVGElement::intrinsicHeight const): * svg/SVGSVGElement.h: * svg/SVGTextContentElement.cpp: (WebCore::SVGTextContentElement::parseAttribute): (WebCore::SVGTextContentElement::textLengthAnimated): * svg/SVGTextContentElement.h: * svg/SVGTextPathElement.cpp: (WebCore::SVGTextPathElement::parseAttribute): * svg/SVGTextPathElement.h: * svg/SVGTextPositioningElement.h: * svg/SVGUseElement.cpp: (WebCore::SVGUseElement::parseAttribute): * svg/SVGUseElement.h: * svg/properties/SVGAnimatedPropertyAccessorImpl.h: * svg/properties/SVGAnimatedPropertyDescription.h: Removed. * svg/properties/SVGAnimationAdditiveListFunctionImpl.h: (WebCore::SVGAnimationLengthListFunction::animate): * svg/properties/SVGAnimationAdditiveValueFunctionImpl.h: (WebCore::SVGAnimationLengthFunction::animate): * svg/properties/SVGValuePropertyAnimatorImpl.h: * svg/properties/SVGValuePropertyListAnimatorImpl.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249822 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-12 Said Abou-Hallawa <sabouhallawa@apple.com> SVGLengthValue should use two enums for 'type' and 'mode' instead of one unsigned for 'units' https://bugs.webkit.org/show_bug.cgi?id=201663 Reviewed by Simon Fraser, Nikolas Zimmermann. SVGLengthValue had one unsigned to store SVGLengthMode and SVGLengthType. It used to allocate the least significant 4 bits of this unsigned to the SVGLengthMode while it leaves the rest for SVGLengthType. This will not be needed if SVGLengthMode and SVGLengthType are made of size uint_8. Also in this patch: -- SVGLengthNegativeValuesMode is made enum class. -- SVGLengthValue::blend() is moved to SVGLengthValue.cpp so we do not need to include SVGLengthContext.h in SVGLengthValue.h. -- SVGLengthType and SVGLengthMode are moved to SVGLengthValue.h. Instead of having SVGLengthValue.h includes SVGLengthConttext.h, the opposite will happen. -- SVGAnimatedPropertyDescription.h is deleted. It should have been deleted with the SVG tear off objects removal. -- SVGPropertyTraits<SVGAngleValue> and SVGPropertyTraits<SVGLengthValue> are deleted. They should have been deleted with SVGAnimatedType removal. -- SVGLengthValue::lengthModeForAnimatedLengthAttribute() is deleted. It was only called from SVGPropertyTraits<SVGLengthValue>. * WebCore.xcodeproj/project.pbxproj: * css/StyleResolver.h: * page/animation/CSSPropertyAnimation.cpp: (WebCore::blendFunc): * rendering/style/SVGRenderStyle.h: (WebCore::SVGRenderStyle::initialBaselineShiftValue): (WebCore::SVGRenderStyle::initialKerning): * rendering/svg/RenderSVGEllipse.cpp: (WebCore::RenderSVGEllipse::calculateRadiiAndCenter): * rendering/svg/RenderSVGRect.cpp: (WebCore::RenderSVGRect::updateShapeFromElement): * rendering/svg/SVGPathData.cpp: (WebCore::pathFromCircleElement): (WebCore::pathFromEllipseElement): (WebCore::pathFromRectElement): * rendering/svg/SVGTextLayoutEngineBaseline.cpp: (WebCore::SVGTextLayoutEngineBaseline::calculateBaselineShift const): * rendering/svg/SVGTextLayoutEngineSpacing.cpp: (WebCore::SVGTextLayoutEngineSpacing::calculateCSSKerningAndSpacing): * svg/LinearGradientAttributes.h: (WebCore::LinearGradientAttributes::LinearGradientAttributes): * svg/RadialGradientAttributes.h: (WebCore::RadialGradientAttributes::RadialGradientAttributes): * svg/SVGAngleValue.h: (WebCore::SVGPropertyTraits<SVGAngleValue>::initialValue): Deleted. (WebCore::SVGPropertyTraits<SVGAngleValue>::toString): Deleted. * svg/SVGCircleElement.cpp: (WebCore::SVGCircleElement::parseAttribute): * svg/SVGCircleElement.h: * svg/SVGCursorElement.cpp: (WebCore::SVGCursorElement::parseAttribute): * svg/SVGCursorElement.h: * svg/SVGEllipseElement.cpp: (WebCore::SVGEllipseElement::parseAttribute): * svg/SVGEllipseElement.h: * svg/SVGFilterElement.cpp: (WebCore::SVGFilterElement::parseAttribute): * svg/SVGFilterElement.h: * svg/SVGFilterPrimitiveStandardAttributes.cpp: (WebCore::SVGFilterPrimitiveStandardAttributes::parseAttribute): * svg/SVGFilterPrimitiveStandardAttributes.h: * svg/SVGForeignObjectElement.cpp: (WebCore::SVGForeignObjectElement::parseAttribute): * svg/SVGForeignObjectElement.h: * svg/SVGImageElement.cpp: (WebCore::SVGImageElement::parseAttribute): * svg/SVGImageElement.h: * svg/SVGLength.h: (WebCore::SVGLength::unitType const): (WebCore::SVGLength::setValueForBindings): (WebCore::SVGLength::newValueSpecifiedUnits): (WebCore::SVGLength::convertToSpecifiedUnits): (WebCore::SVGLength::unitType): Deleted. * svg/SVGLengthContext.cpp: (WebCore::SVGLengthContext::valueForLength): (WebCore::SVGLengthContext::convertValueToUserUnits const): (WebCore::SVGLengthContext::convertValueFromUserUnits const): (WebCore::SVGLengthContext::convertValueFromUserUnitsToPercentage const): (WebCore::SVGLengthContext::convertValueFromPercentageToUserUnits const): * svg/SVGLengthContext.h: (): Deleted. * svg/SVGLengthList.h: (WebCore::SVGLengthList::create): * svg/SVGLengthValue.cpp: (WebCore::lengthTypeToString): (WebCore::parseLengthType): (WebCore::primitiveTypeToLengthType): (WebCore::lengthTypeToPrimitiveType): (WebCore::SVGLengthValue::SVGLengthValue): (WebCore::SVGLengthValue::construct): (WebCore::SVGLengthValue::blend): (WebCore::SVGLengthValue::fromCSSPrimitiveValue): (WebCore::SVGLengthValue::toCSSPrimitiveValue): (WebCore::SVGLengthValue::setValueAsString): (WebCore::SVGLengthValue::valueAsString const): (WebCore::SVGLengthValue::valueForBindings const): (WebCore::SVGLengthValue::setValue): (WebCore::SVGLengthValue::convertToSpecifiedUnits): (WebCore::storeUnit): Deleted. (WebCore::extractMode): Deleted. (WebCore::extractType): Deleted. (WebCore::SVGLengthValue::operator== const): Deleted. (WebCore::SVGLengthValue::operator!= const): Deleted. (WebCore::SVGLengthValue::unitType const): Deleted. (WebCore::SVGLengthValue::unitMode const): Deleted. (WebCore::SVGLengthValue::valueAsPercentage const): Deleted. (WebCore::SVGLengthValue::newValueSpecifiedUnits): Deleted. (WebCore::SVGLengthValue::lengthModeForAnimatedLengthAttribute): Deleted. * svg/SVGLengthValue.h: (WebCore::SVGLengthValue::lengthType const): (WebCore::SVGLengthValue::lengthMode const): (WebCore::SVGLengthValue::isZero const): (WebCore::SVGLengthValue::isRelative const): (WebCore::SVGLengthValue::valueAsPercentage const): (WebCore::SVGLengthValue::valueInSpecifiedUnits const): (WebCore::operator==): (WebCore::operator!=): (WebCore::SVGLengthValue::blend const): Deleted. (WebCore::SVGPropertyTraits<SVGLengthValue>::initialValue): Deleted. (WebCore::SVGPropertyTraits<SVGLengthValue>::parse): Deleted. (WebCore::SVGPropertyTraits<SVGLengthValue>::toString): Deleted. * svg/SVGLineElement.cpp: (WebCore::SVGLineElement::parseAttribute): * svg/SVGLineElement.h: * svg/SVGLinearGradientElement.cpp: (WebCore::SVGLinearGradientElement::parseAttribute): * svg/SVGLinearGradientElement.h: * svg/SVGMarkerElement.cpp: (WebCore::SVGMarkerElement::parseAttribute): * svg/SVGMarkerElement.h: * svg/SVGMaskElement.cpp: (WebCore::SVGMaskElement::parseAttribute): * svg/SVGMaskElement.h: * svg/SVGPatternElement.cpp: (WebCore::SVGPatternElement::parseAttribute): * svg/SVGPatternElement.h: * svg/SVGRadialGradientElement.cpp: (WebCore::SVGRadialGradientElement::parseAttribute): * svg/SVGRadialGradientElement.h: * svg/SVGRectElement.cpp: (WebCore::SVGRectElement::parseAttribute): * svg/SVGRectElement.h: * svg/SVGSVGElement.cpp: (WebCore::SVGSVGElement::parseAttribute): (WebCore::SVGSVGElement::hasIntrinsicWidth const): (WebCore::SVGSVGElement::hasIntrinsicHeight const): (WebCore::SVGSVGElement::intrinsicWidth const): (WebCore::SVGSVGElement::intrinsicHeight const): * svg/SVGSVGElement.h: * svg/SVGTextContentElement.cpp: (WebCore::SVGTextContentElement::parseAttribute): (WebCore::SVGTextContentElement::textLengthAnimated): * svg/SVGTextContentElement.h: * svg/SVGTextPathElement.cpp: (WebCore::SVGTextPathElement::parseAttribute): * svg/SVGTextPathElement.h: * svg/SVGTextPositioningElement.h: * svg/SVGUseElement.cpp: (WebCore::SVGUseElement::parseAttribute): * svg/SVGUseElement.h: * svg/properties/SVGAnimatedPropertyAccessorImpl.h: * svg/properties/SVGAnimatedPropertyDescription.h: Removed. * svg/properties/SVGAnimationAdditiveListFunctionImpl.h: (WebCore::SVGAnimationLengthListFunction::animate): * svg/properties/SVGAnimationAdditiveValueFunctionImpl.h: (WebCore::SVGAnimationLengthFunction::animate): * svg/properties/SVGValuePropertyAnimatorImpl.h: * svg/properties/SVGValuePropertyListAnimatorImpl.h: 2019-09-30 Babak Shafiei <bshafiei@apple.com> Cherry-pick r249930. rdar://problem/55826316 AX: USER: VO: Messages > Message > Shift-VO-M doesn't reveal correct actions https://bugs.webkit.org/show_bug.cgi?id=201840 Patch by Eric Liang <ericliang@apple.com> on 2019-09-16 Reviewed by Chris Fleizach. menuForEvent: expects event-position in window's space, but we pass the position in Core's space. In this case, we need to convert core's space to window's space. Tested that existing tests passed with WK1 and WK2 * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilityShowContextMenu]): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249930 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-16 Eric Liang <ericliang@apple.com> AX: USER: VO: Messages > Message > Shift-VO-M doesn't reveal correct actions https://bugs.webkit.org/show_bug.cgi?id=201840 Reviewed by Chris Fleizach. menuForEvent: expects event-position in window's space, but we pass the position in Core's space. In this case, we need to convert core's space to window's space. Tested that existing tests passed with WK1 and WK2 * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilityShowContextMenu]): 2019-09-30 Babak Shafiei <bshafiei@apple.com> Cherry-pick r249077. rdar://problem/55826882 Crash under TimerBase::setNextFireTime() in the NetworkProcess https://bugs.webkit.org/show_bug.cgi?id=201097 <rdar://problem/54658339> Reviewed by Ryosuke Niwa. NetworkStateNotifier is a WebCore/platform class used by both WebKitLegacy and WebKit2 in the NetworkProcess. On iOS, the lambda in the implementation of NetworkStateNotifier::startObserving() may get called by the underlying framework on a non-main thread and we therefore want to go back to the main thread before calling NetworkStateNotifier::singleton().updateStateSoon(). This is important because updateStateSoon() will schedule a WebCore::Timer. The issue is that the code was using WebThreadRun() to go back the the main thread. While this works fine in iOS WK1, it does not do what we want in WebKit2 in the network process. Indeed, before there is no WebThread in the network process, WebThreadRun() will simply run the block on whatever thread we're one. This would lead to crashes when trying to schedule the Timer in updateStateSoon(). To address the issue, we now use callOnMainThread(). * platform/network/ios/NetworkStateNotifierIOS.mm: (WebCore::NetworkStateNotifier::startObserving): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249077 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-23 Chris Dumez <cdumez@apple.com> Crash under TimerBase::setNextFireTime() in the NetworkProcess https://bugs.webkit.org/show_bug.cgi?id=201097 <rdar://problem/54658339> Reviewed by Ryosuke Niwa. NetworkStateNotifier is a WebCore/platform class used by both WebKitLegacy and WebKit2 in the NetworkProcess. On iOS, the lambda in the implementation of NetworkStateNotifier::startObserving() may get called by the underlying framework on a non-main thread and we therefore want to go back to the main thread before calling NetworkStateNotifier::singleton().updateStateSoon(). This is important because updateStateSoon() will schedule a WebCore::Timer. The issue is that the code was using WebThreadRun() to go back the the main thread. While this works fine in iOS WK1, it does not do what we want in WebKit2 in the network process. Indeed, before there is no WebThread in the network process, WebThreadRun() will simply run the block on whatever thread we're one. This would lead to crashes when trying to schedule the Timer in updateStateSoon(). To address the issue, we now use callOnMainThread(). * platform/network/ios/NetworkStateNotifierIOS.mm: (WebCore::NetworkStateNotifier::startObserving): 2019-09-30 Babak Shafiei <bshafiei@apple.com> Cherry-pick r248591. rdar://problem/55826878 FrameLoader::open can execute scritps via style recalc in Frame::setDocument https://bugs.webkit.org/show_bug.cgi?id=200377 Reviewed by Antti Koivisto. Source/WebCore: Fixed the bug that FrameLoader::open can execute arbitrary author scripts via post style update callbacks by adding PostResolutionCallbackDisabler, WidgetHierarchyUpdatesSuspensionScope, and NavigationDisabler to CachedFrameBase::restore and FrameLoader::open. This ensures all frames are restored from the page cache before any of them would start running scripts. Test: fast/frames/restoring-page-cache-should-not-run-scripts-via-style-update.html * history/CachedFrame.cpp: (WebCore::CachedFrameBase::restore): * loader/FrameLoader.cpp: (WebCore::FrameLoader::open): * page/FrameViewLayoutContext.cpp: (WebCore::FrameViewLayoutContext::layout): Fixed the debug assertion. The layout of a document may be updated while we're preparing to put a page into the page cache. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::updateCompositingLayers): Ditto. LayoutTests: Added a regression test. * fast/frames/restoring-page-cache-should-not-run-scripts-via-style-update-expected.txt: Added. * fast/frames/restoring-page-cache-should-not-run-scripts-via-style-update.html: Added. * platform/win/TestExpectations: Skip the newly added test. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248591 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-12 Ryosuke Niwa <rniwa@webkit.org> FrameLoader::open can execute scritps via style recalc in Frame::setDocument https://bugs.webkit.org/show_bug.cgi?id=200377 Reviewed by Antti Koivisto. Fixed the bug that FrameLoader::open can execute arbitrary author scripts via post style update callbacks by adding PostResolutionCallbackDisabler, WidgetHierarchyUpdatesSuspensionScope, and NavigationDisabler to CachedFrameBase::restore and FrameLoader::open. This ensures all frames are restored from the page cache before any of them would start running scripts. Test: fast/frames/restoring-page-cache-should-not-run-scripts-via-style-update.html * history/CachedFrame.cpp: (WebCore::CachedFrameBase::restore): * loader/FrameLoader.cpp: (WebCore::FrameLoader::open): * page/FrameViewLayoutContext.cpp: (WebCore::FrameViewLayoutContext::layout): Fixed the debug assertion. The layout of a document may be updated while we're preparing to put a page into the page cache. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::updateCompositingLayers): Ditto. 2019-09-30 Babak Shafiei <bshafiei@apple.com> Cherry-pick r248173. rdar://problem/55826879 Harden NodeRareData::m_connectedFrameCount https://bugs.webkit.org/show_bug.cgi?id=200300 Reviewed by Geoffrey Garen. Use unsinged integer type in NodeRareData::m_connectedFrameCount since it's padded anyway. * dom/Node.cpp: (WebCore::Node::decrementConnectedSubframeCount): Check that hasRareNode() is true in release builds. * dom/NodeRareData.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248173 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-02 Ryosuke Niwa <rniwa@webkit.org> Harden NodeRareData::m_connectedFrameCount https://bugs.webkit.org/show_bug.cgi?id=200300 Reviewed by Geoffrey Garen. Use unsinged integer type in NodeRareData::m_connectedFrameCount since it's padded anyway. * dom/Node.cpp: (WebCore::Node::decrementConnectedSubframeCount): Check that hasRareNode() is true in release builds. * dom/NodeRareData.h: 2019-09-30 Babak Shafiei <bshafiei@apple.com> Cherry-pick r248172. rdar://problem/55826873 Document::resume should delay resetting of form control elements. https://bugs.webkit.org/show_bug.cgi?id=200376 Reviewed by Geoffrey Garen. Source/WebCore: Delay the execution of form control element resets until the next task to avoid synchronously mutating DOM during page cache restoration. Test: fast/frames/restoring-page-cache-should-not-run-scripts.html * html/HTMLFormElement.cpp: (WebCore::HTMLFormElement::resumeFromDocumentSuspension): * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::resumeFromDocumentSuspension): LayoutTests: Added a regression test. * fast/frames/restoring-page-cache-should-not-run-scripts-expected.txt: Added. * fast/frames/restoring-page-cache-should-not-run-scripts.html: Added. * platform/win/TestExpectations: Skip this test on Windows since navigating to blob fails on Windows. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248172 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-02 Ryosuke Niwa <rniwa@webkit.org> Document::resume should delay resetting of form control elements. https://bugs.webkit.org/show_bug.cgi?id=200376 Reviewed by Geoffrey Garen. Delay the execution of form control element resets until the next task to avoid synchronously mutating DOM during page cache restoration. Test: fast/frames/restoring-page-cache-should-not-run-scripts.html * html/HTMLFormElement.cpp: (WebCore::HTMLFormElement::resumeFromDocumentSuspension): * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::resumeFromDocumentSuspension): 2019-09-30 Babak Shafiei <bshafiei@apple.com> Revert r250483. rdar://problem/55825351 2019-09-29 Alan Coon <alancoon@apple.com> Cherry-pick r250483. rdar://problem/55825351 [Experiment][iOS] Add temporary HTTP header to distinguish iPads for requests to Google https://bugs.webkit.org/show_bug.cgi?id=202335 <rdar://problem/55790994> Reviewed by Maciej Stachowiak. * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::requestResource): * platform/network/HTTPHeaderNames.in: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250483 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-28 Chris Dumez <cdumez@apple.com> [Experiment][iOS] Add temporary HTTP header to distinguish iPads for requests to Google https://bugs.webkit.org/show_bug.cgi?id=202335 <rdar://problem/55790994> Reviewed by Maciej Stachowiak. * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::requestResource): * platform/network/HTTPHeaderNames.in: 2019-09-29 Alan Coon <alancoon@apple.com> Cherry-pick r250345. rdar://problem/55825352 [iPadOS] [DataActivation] Focus moves away after focusing input fields on www.att.com https://bugs.webkit.org/show_bug.cgi?id=202167 <rdar://problem/55185021> Reviewed by Tim Horton. Source/WebCore: Adds a new site-specific quirk. See WebKit ChangeLog for more details. * page/Quirks.cpp: (WebCore::Quirks::shouldUseLegacySelectPopoverDismissalBehaviorInDataActivation const): * page/Quirks.h: * platform/RuntimeApplicationChecks.h: * platform/cocoa/RuntimeApplicationChecksCocoa.mm: (WebCore::IOSApplication::isDataActivation): Source/WebKit: When using the data activation page on www.att.com, one of the sections on the page contains several select elements; in the case where the user agent: 1. contains the string "iPad", and 2. does not contain the string "Safari" ...www.att.com's data activation page will opt into a mode where it adds blur event listeners to the select elements; in this blur event listener, www.att.com proceeds to programmatically focus a non-editable div element after a 1 second timeout. The reasons for this behavior remain unclear to me, though it's worth noting that the blur event handler name is "screenReaderFocus", which suggests that this is in place to ensure compatibility with screen readers. In iOS 12, dismissing the popover would blur the focused select menu with an animation. Since the animation would take a slightly less than 1 second, www.att.com's logic would have the effect of moving focus to the div element shortly after dismissing the select menu. However, after r243808, we no longer attempt to blur the focused select element when dismissing the popover. This means that the select element is only blurred the next time the user activates another focused element, such as one of the input fields on the page, or a different select element. Consequently, the logic to move focus into a div element now occurs only after a different element has already been focused; this results in focus moving away from newly focused elements after 1 second in the case where a select element has previously focused. To mitigate this, restore iOS 12 behavior behind a site- and app-specific quirk. See comments below for more details. * Shared/FocusedElementInformation.cpp: (WebKit::FocusedElementInformation::encode const): (WebKit::FocusedElementInformation::decode): * Shared/FocusedElementInformation.h: Add a new behavioral quirk flag to FocusedElementInformation to determine whether we should use "legacy" select popover dismissal behavior (i.e. blurring the focused select element when dismissing the select popover, as well as dismissing the popover with animation). * Shared/WebPreferences.yaml: Enable site-specific quirks by default in WKWebView. With regards to this bug, this change allows for site-specific hacks (namely, legacy select popover dismissal) in DataActivation. However, this also fixes various known bugs that are otherwise addressed in Safari only, via site-specific quirks. * UIProcess/API/Cocoa/WKWebView.mm: (-[WKWebView _initializeWithConfiguration:]): For apps linked on or before iOS 13 and macOS 10.15, revert the default of value of NeedsSiteSpecificQuirks to false. This is done here instead of in a default value function in WebPreferencesDefaultValues to prevent the default values of NeedsSiteSpecificQuirks in the web process and UI process from going out of sync, since the web process is not necessarily linked against the same SDK as the application. * UIProcess/Cocoa/VersionChecks.h: Add a new DYLD version check for the first version of iOS and macOS where site-specific quirks are enabled by default. * UIProcess/ios/WKContentViewInteraction.h: * UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView endEditingAndUpdateFocusAppearanceWithReason:]): (-[WKContentView _elementDidBlur]): (-[WKContentView _shouldUseLegacySelectPopoverDismissalBehavior]): We only use "legacy" select popover dismissal behavior in the case where the site-specific quirk flag is on, a select popover is used (i.e. the device is an iPad and a select element is focused), and the application bundle is "com.apple.DataActivation". * UIProcess/ios/forms/WKFormSelectPopover.mm: (-[WKSelectTableViewController shouldDismissWithAnimation]): Keyed off of _shouldUseLegacySelectPopoverDismissalBehavior. (-[WKSelectPopover controlEndEditing]): * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::getFocusedElementInformation): Source/WTF: Declare DYLD_IOS_VERSION_13_2. * wtf/spi/darwin/dyldSPI.h: Tools: Rebaseline an API test. * TestWebKitAPI/Tests/WebKit/WKPreferences.cpp: (TestWebKitAPI::TEST): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250345 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-25 Wenson Hsieh <wenson_hsieh@apple.com> [iPadOS] [DataActivation] Focus moves away after focusing input fields on www.att.com https://bugs.webkit.org/show_bug.cgi?id=202167 <rdar://problem/55185021> Reviewed by Tim Horton. Adds a new site-specific quirk. See WebKit ChangeLog for more details. * page/Quirks.cpp: (WebCore::Quirks::shouldUseLegacySelectPopoverDismissalBehaviorInDataActivation const): * page/Quirks.h: * platform/RuntimeApplicationChecks.h: * platform/cocoa/RuntimeApplicationChecksCocoa.mm: (WebCore::IOSApplication::isDataActivation): 2019-09-29 Alan Coon <alancoon@apple.com> Cherry-pick r249893. rdar://problem/55825342 Expose misspelling ranges for editable content to accessibility clients. https://bugs.webkit.org/show_bug.cgi?id=201752 <rdar://problem/49556828> Patch by Andres Gonzalez <andresg_22@apple.com> on 2019-09-16 Reviewed by Chris Fleizach. Source/WebCore: Test: accessibility/misspelling-range.html Added [WebAccessibilityObjectWrapper misspellingTextMarkerRange] and underlying AccessibilityObject implementation to expose misspellings to accessibility clients that provide an alternative user interface to spell checking. * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::getMisspellingRange const): * accessibility/AccessibilityObject.h: * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper misspellingTextMarkerRange:direction:]): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (accessibilityMisspellingSearchCriteriaForParameterizedAttribute): (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]): Tools: Test code needed for LayoutTests/accessibility/misspelling-range.html. * WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h: * WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl: * WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm: (WTR::AccessibilityUIElement::misspellingTextMarkerRange): (WTR::AccessibilityUIElement::indexForTextMarker): * WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm: (WTR::misspellingSearchParameterizedAttributeForCriteria): (WTR::AccessibilityUIElement::misspellingTextMarkerRange): LayoutTests: * accessibility/misspelling-range-expected.txt: Added. * accessibility/misspelling-range.html: Added. * platform/ios-simulator/TestExpectations: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249893 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-16 Andres Gonzalez <andresg_22@apple.com> Expose misspelling ranges for editable content to accessibility clients. https://bugs.webkit.org/show_bug.cgi?id=201752 <rdar://problem/49556828> Reviewed by Chris Fleizach. Test: accessibility/misspelling-range.html Added [WebAccessibilityObjectWrapper misspellingTextMarkerRange] and underlying AccessibilityObject implementation to expose misspellings to accessibility clients that provide an alternative user interface to spell checking. * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::getMisspellingRange const): * accessibility/AccessibilityObject.h: * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper misspellingTextMarkerRange:direction:]): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (accessibilityMisspellingSearchCriteriaForParameterizedAttribute): (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]): 2019-09-27 Alan Coon <alancoon@apple.com> Cherry-pick r250441. rdar://problem/55801089 [iOS] Vimeo fails to AirPlay in desktop mode https://bugs.webkit.org/show_bug.cgi?id=202322 Reviewed by Eric Carlson. Add a Quirk which opts Vimeo out of the preload=auto restriction, and allows their second video element containing a HLS stream to correctly start AirPlaying when the system route changes. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::finishInitialization): * page/Quirks.cpp: (WebCore::Quirks::needsPreloadAutoQuirk const): * page/Quirks.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250441 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-27 Jer Noble <jer.noble@apple.com> [iOS] Vimeo fails to AirPlay in desktop mode https://bugs.webkit.org/show_bug.cgi?id=202322 Reviewed by Eric Carlson. Add a Quirk which opts Vimeo out of the preload=auto restriction, and allows their second video element containing a HLS stream to correctly start AirPlaying when the system route changes. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::finishInitialization): * page/Quirks.cpp: (WebCore::Quirks::needsPreloadAutoQuirk const): * page/Quirks.h: 2019-09-27 Alan Coon <alancoon@apple.com> Cherry-pick r250459. rdar://problem/55797570 [Win] Crash under FontCache::lastResortFallbackFont https://bugs.webkit.org/show_bug.cgi?id=202325 <rdar://problem/47856730> Reviewed by Brent Fulgham. As demonstrated by crash reports, there seems to be cases where we are not able to create a last resort fallback font on Windows. If all attempts to create a fallback font fail, create a font from the default UI font. No new tests. I have not been able to reproduce this issue. * platform/graphics/win/FontCacheWin.cpp: (WebCore::FontCache::lastResortFallbackFont): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250459 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-27 Per Arne Vollan <pvollan@apple.com> [Win] Crash under FontCache::lastResortFallbackFont https://bugs.webkit.org/show_bug.cgi?id=202325 <rdar://problem/47856730> Reviewed by Brent Fulgham. As demonstrated by crash reports, there seems to be cases where we are not able to create a last resort fallback font on Windows. If all attempts to create a fallback font fail, create a font from the default UI font. No new tests. I have not been able to reproduce this issue. * platform/graphics/win/FontCacheWin.cpp: (WebCore::FontCache::lastResortFallbackFont): 2019-09-27 Alan Coon <alancoon@apple.com> Cherry-pick r250365. rdar://problem/55770710 Update selections after scrolling for iframes and hide selections while iframes and overflow scrolls are scrolling. https://bugs.webkit.org/show_bug.cgi?id=202125 Reviewed by Tim Horton. Source/WebCore: Test: editing/selection/ios/update-selection-after-iframe-scroll.html When we end scrolling, make sure that iframes get a final update to ensure that the selection is in the correct position. Pipe that to WebKit/UIProcess via frame specific plath. * loader/EmptyClients.cpp: * page/EditorClient.h: * page/scrolling/AsyncScrollingCoordinator.cpp: (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll): Source/WebKit: Add additional calls into UIKit differentiate between main frame scrolling and overflow/iframe scrolling. Add piping for iframe specific scrolling. * Platform/spi/ios/UIKitSPI.h: * UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView _willStartScrollingOrZooming]): (-[WKContentView _didEndScrollingOrZooming]): * WebProcess/WebCoreSupport/WebEditorClient.cpp: (WebKit::WebEditorClient::subFrameScrollPositionChanged): * WebProcess/WebCoreSupport/WebEditorClient.h: * WebProcess/WebCoreSupport/ios/WebEditorClientIOS.mm: (WebKit::WebEditorClient::subFrameScrollPositionChanged): Source/WebKitLegacy/mac: Filling out unused functions needed for new fix. * WebCoreSupport/WebEditorClient.h: LayoutTests: Test that an iframe selection is updated after a scroll is completed. * editing/selection/ios/update-selection-after-iframe-scroll-expected.txt: Added. * editing/selection/ios/update-selection-after-iframe-scroll.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250365 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-25 Megan Gardner <megan_gardner@apple.com> Update selections after scrolling for iframes and hide selections while iframes and overflow scrolls are scrolling. https://bugs.webkit.org/show_bug.cgi?id=202125 Reviewed by Tim Horton. Test: editing/selection/ios/update-selection-after-iframe-scroll.html When we end scrolling, make sure that iframes get a final update to ensure that the selection is in the correct position. Pipe that to WebKit/UIProcess via frame specific plath. * loader/EmptyClients.cpp: * page/EditorClient.h: * page/scrolling/AsyncScrollingCoordinator.cpp: (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll): 2019-09-27 Alan Coon <alancoon@apple.com> Cherry-pick r250361. rdar://problem/55770728 Page temporarily jumps to an excessively small viewport scale while loading usatoday.com https://bugs.webkit.org/show_bug.cgi?id=202224 <rdar://problem/52906640> Reviewed by Tim Horton. Source/WebCore: On some pages (e.g. usatoday.com), the content width of the page temporarily becomes very large during page load. This causes a couple of viewport scaling behaviors (notably, the existing shrink-to-fit heuristic in ViewportConfiguration::initialScaleFromSize, as well as the new iPad-specific content-aware shrink-to-fit heuristic in WebPage::immediatelyShrinkToFitContent) to cause the page to shrink down excessively in an attempt to fit all the content to the viewport. This causes a very ugly flash as the page appears zoomed out initially during page load, before zooming back in. To fix this, we add some sanity checks to these viewport scaling heuristics. In ViewportConfiguration's initialScaleFromSize method, in the codepath where an initial scale is not specified, we always scale to fit the contents of the page; instead, detect the case where the content width is enormous (with a threshold arbitrarily chosen to be 1920) and fall back to the scaling to fit the viewport's width, if such a width has been explicitly set. This ensures that we avoid excessive shrinking in the case where content is extremely wide, but also that we do scale the viewport down to fit all the content in the case where the content isn't extremely wide (e.g. on daringfireball.com). See WebKit ChangeLog for more detail. Test: fast/viewport/ios/shrink-to-fit-large-content-width.html * page/ViewportConfiguration.cpp: (WebCore::ViewportConfiguration::initialScaleFromSize const): Source/WebKit: Tweaks the content-aware shrink-to-fit algorithm to bail in the case where the content width is extremely large, such that it bails instead of attempting to fit the entire content of the page. See WebCore ChangeLog for more details. * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::immediatelyShrinkToFitContent): LayoutTests: Adds a new layout test to verify that when the content width of the page is excessively large and an explicit viewport width is specified, we don't attempt to zoom out to fit the larger content width, and instead zoom to fit the explicit viewport width. * fast/viewport/ios/shrink-to-fit-large-content-width-expected.txt: Added. * fast/viewport/ios/shrink-to-fit-large-content-width.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250361 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-25 Wenson Hsieh <wenson_hsieh@apple.com> Page temporarily jumps to an excessively small viewport scale while loading usatoday.com https://bugs.webkit.org/show_bug.cgi?id=202224 <rdar://problem/52906640> Reviewed by Tim Horton. On some pages (e.g. usatoday.com), the content width of the page temporarily becomes very large during page load. This causes a couple of viewport scaling behaviors (notably, the existing shrink-to-fit heuristic in ViewportConfiguration::initialScaleFromSize, as well as the new iPad-specific content-aware shrink-to-fit heuristic in WebPage::immediatelyShrinkToFitContent) to cause the page to shrink down excessively in an attempt to fit all the content to the viewport. This causes a very ugly flash as the page appears zoomed out initially during page load, before zooming back in. To fix this, we add some sanity checks to these viewport scaling heuristics. In ViewportConfiguration's initialScaleFromSize method, in the codepath where an initial scale is not specified, we always scale to fit the contents of the page; instead, detect the case where the content width is enormous (with a threshold arbitrarily chosen to be 1920) and fall back to the scaling to fit the viewport's width, if such a width has been explicitly set. This ensures that we avoid excessive shrinking in the case where content is extremely wide, but also that we do scale the viewport down to fit all the content in the case where the content isn't extremely wide (e.g. on daringfireball.com). See WebKit ChangeLog for more detail. Test: fast/viewport/ios/shrink-to-fit-large-content-width.html * page/ViewportConfiguration.cpp: (WebCore::ViewportConfiguration::initialScaleFromSize const): 2019-09-27 Alan Coon <alancoon@apple.com> Cherry-pick r250300. rdar://problem/55770718 Mixed content blocking is bypassed for WebSockets in Workers (159726) https://bugs.webkit.org/show_bug.cgi?id=159726 <rdar://problem/27326438> Patch by Kate Cheney <katherine_cheney@apple.com> on 2019-09-24 Reviewed by Brady Eidson. Source/WebCore: Tests: http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https.html http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https.html http/tests/websocket/tests/hybi/non-document-mixed-content-blocked.https.html * Modules/websockets/WebSocket.cpp: (WebCore::WebSocket::connect): * Modules/websockets/WorkerThreadableWebSocketChannel.cpp: (WebCore::WorkerThreadableWebSocketChannel::Bridge::connect): * loader/MixedContentChecker.cpp: (WebCore::MixedContentChecker::checkForMixedContentInFrameTree): * loader/MixedContentChecker.h: Patch to block insecure WebSocket URL connection attempts by Workers on secure pages. If the URL is ws, and any embedding iframe has protocol https, and the context is a Worker, the connection should be blocked. I was unable to write a test case to hit the case where a document does not have a frame and tries to communicate via a worker to connect to a WebSocket because after removing the subframe from its parent, the subframe is unable to perform a postMessage to a worker even in the same script execution to tell the worker to connect to a WebSocket. LayoutTests: Added 4 test cases and 2 html resources utilized by the tests. The cases test the following: 1. an https page with a worker trying to connect via ws: url --> fails. 2. an https page embedded in an http page trying to connect via ws :url (through a worker) --> fails. 3. an http page embedded in an https page with an http top frame trying to connect via an insecure ws url fails. 4. an https page embedded in an http page embedded in an https page trying to connect to a ws :url via a worker --> fails. * http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-expected.txt: Added. * http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt: Added. * http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html: Added. * http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https.html: Added. * http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt: Added. * http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https.html: Added. * http/tests/websocket/tests/hybi/non-document-mixed-content-blocked.https-expected.txt: Added. * http/tests/websocket/tests/hybi/non-document-mixed-content-blocked.https.html: Added. * http/tests/websocket/tests/hybi/resources/non-document-mixed-content-blocked-embedded-http.https.html: Added. * http/tests/websocket/tests/hybi/resources/non-document-mixed-content-blocked-embedding-https.js: Added. (handleConnect.self.postMessage): (handleConnect): (runTests.ws.onopen): (runTests.ws.onerror): (runTests): * http/tests/websocket/tests/hybi/resources/non-document-mixed-content-blocked.html: Added. * http/tests/websocket/tests/hybi/resources/non-document-mixed-content-blocked.js: Added. (handleConnect.self.postMessage): (handleConnect): (runTests.ws.onopen): (runTests.ws.onerror): (runTests): * http/tests/workers/service/resources/serviceworker-websocket-worker.js: (async.doTest): Updated previous test which was hitting the fix to use a wss url git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250300 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-24 Kate Cheney <katherine_cheney@apple.com> Mixed content blocking is bypassed for WebSockets in Workers (159726) https://bugs.webkit.org/show_bug.cgi?id=159726 <rdar://problem/27326438> Reviewed by Brady Eidson. Tests: http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https.html http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https.html http/tests/websocket/tests/hybi/non-document-mixed-content-blocked.https.html * Modules/websockets/WebSocket.cpp: (WebCore::WebSocket::connect): * Modules/websockets/WorkerThreadableWebSocketChannel.cpp: (WebCore::WorkerThreadableWebSocketChannel::Bridge::connect): * loader/MixedContentChecker.cpp: (WebCore::MixedContentChecker::checkForMixedContentInFrameTree): * loader/MixedContentChecker.h: Patch to block insecure WebSocket URL connection attempts by Workers on secure pages. If the URL is ws, and any embedding iframe has protocol https, and the context is a Worker, the connection should be blocked. I was unable to write a test case to hit the case where a document does not have a frame and tries to communicate via a worker to connect to a WebSocket because after removing the subframe from its parent, the subframe is unable to perform a postMessage to a worker even in the same script execution to tell the worker to connect to a WebSocket. 2019-09-27 Alan Coon <alancoon@apple.com> Cherry-pick r250290. rdar://problem/55770704 AudioTrackPrivateMediaStreamCocoa does not need to manipulate the audio unit in play/pause methods https://bugs.webkit.org/show_bug.cgi?id=202097 <rdar://problem/51548144> Reviewed by Eric Carlson. Instead of manipulating the audio unit in play/pause methods, it is more convenient to do so in audioSamplesAvailable. play/pause methods only update boolean values that audioSamplesAvailable will read. In particular, m_autoPlay and m_isPlaying are no longer modified in the audio thread. Behavior was racy so difficult to reproduce. * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.cpp: (WebCore::AudioTrackPrivateMediaStreamCocoa::playInternal): (WebCore::AudioTrackPrivateMediaStreamCocoa::pause): (WebCore::AudioTrackPrivateMediaStreamCocoa::audioSamplesAvailable): * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250290 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-24 Youenn Fablet <youenn@apple.com> AudioTrackPrivateMediaStreamCocoa does not need to manipulate the audio unit in play/pause methods https://bugs.webkit.org/show_bug.cgi?id=202097 <rdar://problem/51548144> Reviewed by Eric Carlson. Instead of manipulating the audio unit in play/pause methods, it is more convenient to do so in audioSamplesAvailable. play/pause methods only update boolean values that audioSamplesAvailable will read. In particular, m_autoPlay and m_isPlaying are no longer modified in the audio thread. Behavior was racy so difficult to reproduce. * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.cpp: (WebCore::AudioTrackPrivateMediaStreamCocoa::playInternal): (WebCore::AudioTrackPrivateMediaStreamCocoa::pause): (WebCore::AudioTrackPrivateMediaStreamCocoa::audioSamplesAvailable): * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.h: 2019-09-24 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r250256. rdar://problem/55644660 [iOS] Drop animation when dragging images from Photos to WebKit2 Mail compose is incorrect https://bugs.webkit.org/show_bug.cgi?id=201674 <rdar://problem/51250952> Reviewed by Tim Horton. Source/WebCore: Adds new helper methods on DragController to support the new image placeholder drop codepath. See WebKit ChangeLog for more details. Tests: WKAttachmentTestsIOS.TargetedPreviewsWhenDroppingImages WKAttachmentTestsIOS.TargetedPreviewIsClippedWhenDroppingTallImage * editing/WebContentReader.h: Fix the Windows build after including WebContentReader.h in DragController.cpp. * html/HTMLImageElement.h: (WebCore::HTMLImageElement::isDroppedImagePlaceholder const): (WebCore::HTMLImageElement::setIsDroppedImagePlaceholder): Add a flag to HTMLImageElement, indicating whether it is a dropped image placeholder. If so, we have special logic to remove some temporary inline style properties from the image after it has finished loading (see finalizeDroppedImagePlaceholder). Note that this doesn't increase the size of HTMLImageElement. * page/DragController.cpp: (WebCore::DragController::dragEnded): Clean up any stale placeholders after the drag ends. (WebCore::DragController::performDragOperation): (WebCore::DragController::removeAllDroppedImagePlaceholders): Add a private helper to clean up any dropped image placeholders after failing to update dropped image placeholders for any reason. (WebCore::DragController::tryToUpdateDroppedImagePlaceholders): Invoked when performing the drag operation, after image data has been loaded; this function attempts to update the list of image placeholder elements tracked by DragController that were previously inserted using insertDroppedImagePlaceholdersAtCaret, and updates the source attribute of each element (as well as any backed attachment element, if attachment elements are enabled). It achieves this by reading the dropped data as web content, and matching up the images in the resulting fragment against the placeholder images. If each image in the fragment can correspond to exactly one placeholder, we update the source of each placeholder image, migrate attachment elements over to the placeholder images if needed, and finally discard the fragment. A return value of false indicates that this process failed, in which case we clean up the placeholders and fall back to handling the drop normally. (WebCore::DragController::insertDroppedImagePlaceholdersAtCaret): Invoked when handling the drop, before any image data has been loaded; this function takes a list of sizes representing the preferred presentation sizes of each item provider that will be loaded as an image, and uses ReplaceSelectionCommand to insert a list of (initially blank) placeholder images at the drop caret, sized accordingly to each item provider's preferredPresentationSize. To make this compatible with Mail compose (and all other known internal clients that use the _editable SPI), we additionally enforce a max-width of 100% on each image and preserve the aspect ratio of the image by adjusting the height if needed. (WebCore::DragController::finalizeDroppedImagePlaceholder): * page/DragController.h: Have DragController keep track of the list of dropped image placeholders (in DOM order), as well as the dropped image placeholder range. This information is used once item provider data arrives and the drag operation is being performed, to update the source of each dropped image placeholder. (WebCore::DragController::droppedImagePlaceholders const): (WebCore::DragController::droppedImagePlaceholderRange const): * platform/network/mac/UTIUtilities.h: Mark an existing helper function as WEBCORE_EXPORT. Source/WebKit: Our current logic for handling dropped content in editable elements on iOS works like this in the ideal case: (1) UIKit asks us for a targeted preview for each UIDragItem. We don't know (and can't determine this synchronously without blocking on the web process) so we simply retarget the preview to animate to the last known caret location. (2) Soonafter, UIKit hands us a drop preview update block, which may be used to retarget the drop preview once, as long as the drop animation is less than 90% complete. We stash these update blocks for now. (3) -dropInteraction:performDrop: is then called, and we start loading item provider data right away. (4) When the data has finished loading, we perform the drop in the web process. After any inserted images have finished loading, we take snapshots (of the dropped content as well as surrounding web content minus the dropped content), and deliver these images to the UI process via TextIndicatorData. (5) Upon receiving the TextIndicatorData sent in (4), we use the image data to create updated targeted drag previews, and use these to invoke the preview update blocks we stored earlier in (2). We also obscure the entire web view with a snapshot of the view minus any dropped content, such that the updated drop previews may animate into place without also showing the final content. (6) When the drop animation ends, we remove the unselected content snapshot view added in (5) simultaneously as the targeted previews disappear, revealing the actual dropped content on the page. The drop is now complete. However, note that the drag update block we invoke in (5) doesn't work if the drop animation is already more than 90% complete. Since the lifecycle of the drop animation is distinct from that of item provider loading, if the delay between (3) and (4) exceeds 90% of the total drop animation time, we'll fail to update the targeted previews, such that the user only sees the initial drag preview fly on top of the caret and disappear. While we typically win this race for data dragged from other WebKit apps, we almost always lose when dragging from Photos and end up with a janky drop animation. This is especially true for any images that aren't locally available, and need to be fetched from iCloud. An additional problem is that in step (5), we use the same final snapshot to update the drop preview of every item, since we don't have a snapshot for the fragment corresponding to each individual dropped item. To address these issues for Mail in the case where the user drops images with known sizes (i.e. -[NSItemProvider preferredPresentationSize] is specified), we introduce an alternate codepath for handling dropped images that performs the drop immediately upon receiving -dropInteraction:performDrop: in the UI process. Since the data has yet to arrive, we instead handle the drop by inserting placeholder image elements at the drag caret position, which initially have no source but are sized to fit their expected final image sizes. After doing so, we snapshot the page (minus the dropped content range, as usual) and deliver this snapshot to the UI process, along with the rects (in root view coordinates) of each placeholder image that was inserted. In the UI process, we then take this snapshot and obscure the content view with it, and also use each of the placeholder rects to provide an updated target for each drag preview, such that the drop previews now animate to their final locations on the page. When the data eventually arrives, we handle the drop by detecting the placeholder elements we inserted earlier, and using the dropped data to update the source attribute and attachment backing for each of these placeholder elements instead of attempting to insert new content. Note that this codepath is currently only enabled for SPI clients that set -[WKWebView _editable] to YES, since it involves us performing the editing action for the drop (thus changing the DOM) prior to the preventable drop event, and prior to us having any data at all. However, the drop event can't come before the editing action, since we need to have already loaded data from the item providers to expose it via the dataTransfer of the drop event. This contradiction means that this image placeholder hack is only for _editable SPI clients that, at the very least, will not require preventing default behavior when dropping only images with predetermined sizes. Covered by 2 new API tests. See comments below for more detail. * UIProcess/WebPageProxy.h: * UIProcess/ios/DragDropInteractionState.h: * UIProcess/ios/DragDropInteractionState.mm: (WebKit::DragDropInteractionState::setDefaultDropPreview): Add a way to keep track of default drop previews that we observed during each call to -dropInteraction:previewForDroppingItem:withDefault:. In the image placeholder drop scenario, we use these default drop previews later on to create retargeted drop previews after the placeholders have been inserted. (WebKit::DragDropInteractionState::defaultDropPreview const): (WebKit::DragDropInteractionState::deliverDelayedDropPreview): Add an alternate version of deliverDelayedDropPreview that is used when inserting image placeholders. Rather than use text indicator data of the final dropped content on the page, use the root-view-coordinate rects of each of the placeholder elements to reposition the default drop previews. There's additional logic here to handle the case where the final image is taller than the height of the unobscured content rect, in which case we clip the drop preview using UIDragPreviewParameter's visiblePath to prevent the drop preview from being shown outside of the bounds of the web view. * UIProcess/ios/WKContentViewInteraction.h: * UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView _deliverDelayedDropPreviewIfPossible:]): (sizesOfPlaceholderElementsToInsertWhenDroppingItems): Collects the list of expected image sizes for the dropped item providers, or an empty list in the case where any of the item providers may not be represented as inline images or do not have predetermined sizes. (-[WKContentView _handleDropByInsertingImagePlaceholders:session:]): If possible, handles the drop by inserting image placeholders instead of waiting for the data to finish loading before dropping. Returns whether or not we decided to proceed with the image placeholder drop. (-[WKContentView dropInteraction:performDrop:]): (-[WKContentView dropInteraction:item:willAnimateDropWithAnimator:]): Fixes a bug where the unselected content snapshot view could linger around on the web view forever after a drop where the data doesn't load in time for the drop to finish by keeping track of whether there is an actively animating drag item, and only applying the unselected content snapshot if so. (-[WKContentView dropInteraction:previewForDroppingItem:withDefault:]): Stash the default drop preview away here. * UIProcess/ios/WebPageProxyIOS.mm: (WebKit::WebPageProxy::insertDroppedImagePlaceholders): * WebProcess/WebPage/WebPage.h: * WebProcess/WebPage/WebPage.messages.in: * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::insertDroppedImagePlaceholders): See WebCore ChangeLog for more information. (WebKit::WebPage::didFinishLoadingImageForElement): If the image that finished loading is a dropped image placeholder, allow DragController to "finalize" it by stripping away some styles that were temporarily added. Tools: Add a couple of new API tests to exercise the new image placeholder drop codepath, in addition to testing infrastructure to simulate the timing of drop animation delegate calls. * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm: (-[NSArray _attachmentWithName:]): (-[TestWKWebView allBoundingClientRects:]): Add some new API testing helper methods. (TestWebKitAPI::targetedImageDragPreview): (TestWebKitAPI::TEST): Add two new tests, to: (1) verify that images are dropped as attachment-backed placeholder image elements when the web view is editable and enables attachment elements, and (2) verify that when dropping an image taller than the web view, the bottom portion of the drop preview is clipped using the targeted preview parameter's visiblePath. * TestWebKitAPI/Tests/ios/DragAndDropTestsIOS.mm: (-[NSItemProvider registerDataRepresentationForTypeIdentifier:withData:]): Deleted. * TestWebKitAPI/cocoa/DragAndDropSimulator.h: * TestWebKitAPI/cocoa/NSItemProviderAdditions.h: Added. * TestWebKitAPI/cocoa/NSItemProviderAdditions.mm: Added. Move some common helpers for registering data on a NSItemProvider to a separate file, so that it can be used in both WKAttachmentTests and DragAndDropTests. (-[NSItemProvider registerDataRepresentationForTypeIdentifier:withData:]): (-[NSItemProvider registerDataRepresentationForTypeIdentifier:withData:loadingDelay:]): * TestWebKitAPI/ios/DragAndDropSimulatorIOS.mm: (-[DragAndDropSimulator initWithWebView:]): (-[DragAndDropSimulator _concludeDropAndPerformOperationIfNecessary]): (-[DragAndDropSimulator clearExternalDragInformation]): (-[DragAndDropSimulator setExternalItemProviders:defaultDropPreviews:]): Add a new method to allow tests to specify both a list of externally dragged item providers, as well as default targeted previews for each of the corresponding items. These default previews are used when invoking the drop interaction delegate's preview generation methods. (-[DragAndDropSimulator addAnimations:]): Not implemented yet; for now, this simply asserts. (-[DragAndDropSimulator addCompletion:]): Queues a completion handler, which is invoked when the drop animation for each item completes. Depending on the value of DragAndDropSimulator's -dropAnimationTiming, this may occur either before or after handling the drop. By default, these will be invoked after the drop completes, which represents the common case where data can be loaded quickly relative to the drop animation. (-[DragAndDropSimulator _invokeDropAnimationCompletionBlocksAndConcludeDrop]): (-[DragAndDropSimulator _webView:dataInteractionOperationWasHandled:forSession:itemProviders:]): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250256 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-23 Wenson Hsieh <wenson_hsieh@apple.com> [iOS] Drop animation when dragging images from Photos to WebKit2 Mail compose is incorrect https://bugs.webkit.org/show_bug.cgi?id=201674 <rdar://problem/51250952> Reviewed by Tim Horton. Adds new helper methods on DragController to support the new image placeholder drop codepath. See WebKit ChangeLog for more details. Tests: WKAttachmentTestsIOS.TargetedPreviewsWhenDroppingImages WKAttachmentTestsIOS.TargetedPreviewIsClippedWhenDroppingTallImage * editing/WebContentReader.h: Fix the Windows build after including WebContentReader.h in DragController.cpp. * html/HTMLImageElement.h: (WebCore::HTMLImageElement::isDroppedImagePlaceholder const): (WebCore::HTMLImageElement::setIsDroppedImagePlaceholder): Add a flag to HTMLImageElement, indicating whether it is a dropped image placeholder. If so, we have special logic to remove some temporary inline style properties from the image after it has finished loading (see finalizeDroppedImagePlaceholder). Note that this doesn't increase the size of HTMLImageElement. * page/DragController.cpp: (WebCore::DragController::dragEnded): Clean up any stale placeholders after the drag ends. (WebCore::DragController::performDragOperation): (WebCore::DragController::removeAllDroppedImagePlaceholders): Add a private helper to clean up any dropped image placeholders after failing to update dropped image placeholders for any reason. (WebCore::DragController::tryToUpdateDroppedImagePlaceholders): Invoked when performing the drag operation, after image data has been loaded; this function attempts to update the list of image placeholder elements tracked by DragController that were previously inserted using insertDroppedImagePlaceholdersAtCaret, and updates the source attribute of each element (as well as any backed attachment element, if attachment elements are enabled). It achieves this by reading the dropped data as web content, and matching up the images in the resulting fragment against the placeholder images. If each image in the fragment can correspond to exactly one placeholder, we update the source of each placeholder image, migrate attachment elements over to the placeholder images if needed, and finally discard the fragment. A return value of false indicates that this process failed, in which case we clean up the placeholders and fall back to handling the drop normally. (WebCore::DragController::insertDroppedImagePlaceholdersAtCaret): Invoked when handling the drop, before any image data has been loaded; this function takes a list of sizes representing the preferred presentation sizes of each item provider that will be loaded as an image, and uses ReplaceSelectionCommand to insert a list of (initially blank) placeholder images at the drop caret, sized accordingly to each item provider's preferredPresentationSize. To make this compatible with Mail compose (and all other known internal clients that use the _editable SPI), we additionally enforce a max-width of 100% on each image and preserve the aspect ratio of the image by adjusting the height if needed. (WebCore::DragController::finalizeDroppedImagePlaceholder): * page/DragController.h: Have DragController keep track of the list of dropped image placeholders (in DOM order), as well as the dropped image placeholder range. This information is used once item provider data arrives and the drag operation is being performed, to update the source of each dropped image placeholder. (WebCore::DragController::droppedImagePlaceholders const): (WebCore::DragController::droppedImagePlaceholderRange const): * platform/network/mac/UTIUtilities.h: Mark an existing helper function as WEBCORE_EXPORT. 2019-09-23 Alan Coon <alancoon@apple.com> Cherry-pick r250255. rdar://problem/55644665 Improve CSP inheritance semantics https://bugs.webkit.org/show_bug.cgi?id=201884 <rdar://problem/50172407> Reviewed by Brent Fulgham. LayoutTests/imported/w3c: Update expected results now that we pass more sub-tests. * web-platform-tests/content-security-policy/inheritance/iframe-all-local-schemes-inherit-self.sub-expected.txt: * web-platform-tests/content-security-policy/inheritance/window-expected.txt: Source/WebCore: Update the CSP inheritance semantics to more closely match the logic in section Initialize a Document's CSP list of the CSP3 spec., <https://w3c.github.io/webappsec-csp/#initialize-document-csp>. Towards this, move more of the inheritance logic out of Document::initContentSecurityPolicy() and into DocumentWriter::begin() where details about the document being replaced live. This lets us remove the need to track the previous content security policy to pass it to Document::initContentSecurityPolicy(). Moreover, DocumentWriter::begin() knows the owner document that will be replaced with the result of executing a JavaScript URL. This is needed in order to fix up inheritance of CSP for such documents. Tests: http/tests/security/contentSecurityPolicy/iframe-allowed-when-loaded-via-javascript-url.html http/tests/security/contentSecurityPolicy/iframe-blocked-when-loaded-via-javascript-url.html http/tests/security/contentSecurityPolicy/iframe-blocked-when-loaded-via-javascript-url2.html * dom/Document.cpp: (WebCore::Document::initSecurityContext): If we are inheriting the security origin from the owner document then inherit its CSP policy. We copy over both the CSP state from the owner as well as update 'self' to match the owner's origin so that CSP source expressions that include 'self' work correctly even from about:blank documents. (WebCore::Document::initContentSecurityPolicy): Move most of the logic from here into DocumentWriter::begin() to take advantage of the fact that DocumentWriter::begin() knows about the outgoing document (if there is one) as well as whether the outgoing document is being replaced with a new document that is the result of evaluating a JavaScript URL. We need do know both these things in order to inherit the correct CSP policy. This function only exists to copy some upgrade-insecure-requests state and to fix up plugin documents as we currently do. (WebCore::Document::shouldInheritContentSecurityPolicy const): Deleted. * dom/Document.h: * dom/SecurityContext.cpp: (WebCore::SecurityContext::setContentSecurityPolicy): Modified to take its param by rvalue-reference to make it less error prone to use. * dom/SecurityContext.h: Expose setContentSecurityPolicy() so that we can invoke it from DocumentWriter::begin(). * loader/DocumentWriter.cpp: (WebCore::DocumentWriter::begin): For documents being replaced with the result of a JavaScript URL (i.e. ownerDocument is non-null) inherit the CSP from the owner document. Similarly, if we have an existing document in the frame and the protocol of the new document's URL is data: or blob: then inherit the CSP from the existing page. The latter is what we currently do just moved from Document::initContentSecurityPolicy() and re-written in terms of the existingDocument instead of previousContentSecurityPolicy. Also call setInsecureNavigationRequestsToUpgrade() both when we have a non-null ownerDocument as well as when we have a non-null existingDocument. The former fixes the block-all-mixed-content feature for documents loaded via JavaScript URLs and the latter is what we do now. * loader/FrameLoader.cpp: (WebCore::FrameLoader::didBeginDocument): Remove parameter previousContentSecurityPolicy as the logic that made use of it moved to DocumentWriter::begin(). * loader/FrameLoader.h: * page/csp/ContentSecurityPolicy.h: LayoutTests: Add some more tests and update expected results of existing tests now that we pass more sub-tests. * http/tests/security/contentSecurityPolicy/iframe-allowed-when-loaded-via-javascript-url-expected.txt: Added. * http/tests/security/contentSecurityPolicy/iframe-allowed-when-loaded-via-javascript-url.html: Added. * http/tests/security/contentSecurityPolicy/iframe-blocked-when-loaded-via-javascript-url-expected.txt: Added. * http/tests/security/contentSecurityPolicy/iframe-blocked-when-loaded-via-javascript-url.html: Added. * http/tests/security/contentSecurityPolicy/iframe-blocked-when-loaded-via-javascript-url2-expected.txt: Added. * http/tests/security/contentSecurityPolicy/iframe-blocked-when-loaded-via-javascript-url2.html: Added. * http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt: I don't understand why there is another duplicte console log message emitted, but there are already two such messages, which is already one too many. The duplicate messages are more cosmetic than functional though there may be implications with respect to CSP reporting. Filed <https://bugs.webkit.org/show_bug.cgi?id=202004> to track this issue. * platform/mac-wk1/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt: * platform/win/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250255 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-23 Daniel Bates <dabates@apple.com> Improve CSP inheritance semantics https://bugs.webkit.org/show_bug.cgi?id=201884 <rdar://problem/50172407> Reviewed by Brent Fulgham. Update the CSP inheritance semantics to more closely match the logic in section Initialize a Document's CSP list of the CSP3 spec., <https://w3c.github.io/webappsec-csp/#initialize-document-csp>. Towards this, move more of the inheritance logic out of Document::initContentSecurityPolicy() and into DocumentWriter::begin() where details about the document being replaced live. This lets us remove the need to track the previous content security policy to pass it to Document::initContentSecurityPolicy(). Moreover, DocumentWriter::begin() knows the owner document that will be replaced with the result of executing a JavaScript URL. This is needed in order to fix up inheritance of CSP for such documents. Tests: http/tests/security/contentSecurityPolicy/iframe-allowed-when-loaded-via-javascript-url.html http/tests/security/contentSecurityPolicy/iframe-blocked-when-loaded-via-javascript-url.html http/tests/security/contentSecurityPolicy/iframe-blocked-when-loaded-via-javascript-url2.html * dom/Document.cpp: (WebCore::Document::initSecurityContext): If we are inheriting the security origin from the owner document then inherit its CSP policy. We copy over both the CSP state from the owner as well as update 'self' to match the owner's origin so that CSP source expressions that include 'self' work correctly even from about:blank documents. (WebCore::Document::initContentSecurityPolicy): Move most of the logic from here into DocumentWriter::begin() to take advantage of the fact that DocumentWriter::begin() knows about the outgoing document (if there is one) as well as whether the outgoing document is being replaced with a new document that is the result of evaluating a JavaScript URL. We need do know both these things in order to inherit the correct CSP policy. This function only exists to copy some upgrade-insecure-requests state and to fix up plugin documents as we currently do. (WebCore::Document::shouldInheritContentSecurityPolicy const): Deleted. * dom/Document.h: * dom/SecurityContext.cpp: (WebCore::SecurityContext::setContentSecurityPolicy): Modified to take its param by rvalue-reference to make it less error prone to use. * dom/SecurityContext.h: Expose setContentSecurityPolicy() so that we can invoke it from DocumentWriter::begin(). * loader/DocumentWriter.cpp: (WebCore::DocumentWriter::begin): For documents being replaced with the result of a JavaScript URL (i.e. ownerDocument is non-null) inherit the CSP from the owner document. Similarly, if we have an existing document in the frame and the protocol of the new document's URL is data: or blob: then inherit the CSP from the existing page. The latter is what we currently do just moved from Document::initContentSecurityPolicy() and re-written in terms of the existingDocument instead of previousContentSecurityPolicy. Also call setInsecureNavigationRequestsToUpgrade() both when we have a non-null ownerDocument as well as when we have a non-null existingDocument. The former fixes the block-all-mixed-content feature for documents loaded via JavaScript URLs and the latter is what we do now. * loader/FrameLoader.cpp: (WebCore::FrameLoader::didBeginDocument): Remove parameter previousContentSecurityPolicy as the logic that made use of it moved to DocumentWriter::begin(). * loader/FrameLoader.h: * page/csp/ContentSecurityPolicy.h: 2019-09-23 Alan Coon <alancoon@apple.com> Cherry-pick r250182. rdar://problem/55608034 releasePointerCapture() not working for implicit capture; can't opt-in to pointerenter/leave for touches https://bugs.webkit.org/show_bug.cgi?id=199803 <rdar://problem/53127223> Reviewed by Dean Jackson. Source/WebCore: In order to dispatch boundary events (pointerover/out/enter/leave) when the implicit pointer capture is released on iOS, we need to track the target of the pointer events that was dispatched last for a given pointer id. Then we compare that target with the current target when dispatching a new pointer event and determine whether we should dispatch boundary events using the exact same approach used to dispatch mouse boundary events in EventHandler::updateMouseEventTargetNode(). Tests: pointerevents/ios/boundary-events-through-hierarchy-without-pointer-capture.html pointerevents/ios/boundary-events-without-pointer-capture.html * page/PointerCaptureController.cpp: (WebCore::hierarchyHasCapturingEventListeners): (WebCore::PointerCaptureController::dispatchEventForTouchAtIndex): (WebCore::PointerCaptureController::pointerEventWillBeDispatched): (WebCore::PointerCaptureController::ensureCapturingDataForPointerEvent): (WebCore::PointerCaptureController::cancelPointer): * page/PointerCaptureController.h: LayoutTests: Add new tests that check we correctly dispatch boundary events on iOS when pointer capture is disabled. * pointerevents/ios/boundary-events-through-hierarchy-without-pointer-capture-expected.txt: Added. * pointerevents/ios/boundary-events-through-hierarchy-without-pointer-capture.html: Added. * pointerevents/ios/boundary-events-without-pointer-capture-expected.txt: Added. * pointerevents/ios/boundary-events-without-pointer-capture.html: Added. * pointerevents/utils.js: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250182 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-20 Antoine Quint <graouts@apple.com> releasePointerCapture() not working for implicit capture; can't opt-in to pointerenter/leave for touches https://bugs.webkit.org/show_bug.cgi?id=199803 <rdar://problem/53127223> Reviewed by Dean Jackson. In order to dispatch boundary events (pointerover/out/enter/leave) when the implicit pointer capture is released on iOS, we need to track the target of the pointer events that was dispatched last for a given pointer id. Then we compare that target with the current target when dispatching a new pointer event and determine whether we should dispatch boundary events using the exact same approach used to dispatch mouse boundary events in EventHandler::updateMouseEventTargetNode(). Tests: pointerevents/ios/boundary-events-through-hierarchy-without-pointer-capture.html pointerevents/ios/boundary-events-without-pointer-capture.html * page/PointerCaptureController.cpp: (WebCore::hierarchyHasCapturingEventListeners): (WebCore::PointerCaptureController::dispatchEventForTouchAtIndex): (WebCore::PointerCaptureController::pointerEventWillBeDispatched): (WebCore::PointerCaptureController::ensureCapturingDataForPointerEvent): (WebCore::PointerCaptureController::cancelPointer): * page/PointerCaptureController.h: 2019-09-23 Alan Coon <alancoon@apple.com> Apply patch. rdar://problem/55608031 Clean up handling of summary items and payment method updates https://bugs.webkit.org/show_bug.cgi?id=202018 <rdar://problem/55470632> Reviewed by Tim Horton. Source/WebCore: Replaced the PaymentMethodUpdate struct with a class that knows how to convert from ApplePayPaymentMethodUpdate structs to PKPaymentRequestPaymentMethodUpdate instances. Moved some scattered-around free functions for converting payment summary items into PaymentSummaryItems{.h,Cocoa.mm}. * Modules/applepay/ApplePayPaymentMethodUpdate.h: * Modules/applepay/ApplePaySession.cpp: (WebCore::finishConverting): (WebCore::convertAndValidateTotal): (WebCore::convertAndValidate): * Modules/applepay/ApplePaySessionPaymentRequest.h: * Modules/applepay/PaymentCoordinator.h: * Modules/applepay/PaymentCoordinatorClient.h: * Modules/applepay/PaymentHeaders.h: * Modules/applepay/PaymentMethodUpdate.h: Added. * Modules/applepay/PaymentSummaryItems.h: Added. * Modules/applepay/cocoa/PaymentMethodUpdateCocoa.mm: Added. (WebCore::PaymentMethodUpdate::PaymentMethodUpdate): (WebCore::PaymentMethodUpdate::totalAndLineItems const): (WebCore::PaymentMethodUpdate::platformUpdate const): * Modules/applepay/cocoa/PaymentSummaryItemsCocoa.mm: Added. (WebCore::toDecimalNumber): (WebCore::toPKPaymentSummaryItemType): (WebCore::toPKPaymentSummaryItem): (WebCore::platformSummaryItems): * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp: (WebCore::ApplePayPaymentHandler::paymentMethodUpdated): * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: * testing/MockPaymentCoordinator.cpp: (WebCore::MockPaymentCoordinator::completePaymentMethodSelection): Source/WebKit: Now that PaymentMethodUpdate knows how to convert itself to a PKPaymentRequestPaymentMethodUpdate, PaymentAuthorizationPresenter can merely pass the converted update directly to the platform delegate rather than passing the individual components and relying on the delegate to instantiate the platform update itself. Added FIXMEs for applying a similar treatment to ShippingContactUpdate and ShippingMethodUpdate. * Platform/cocoa/PaymentAuthorizationPresenter.h: * Platform/cocoa/PaymentAuthorizationPresenter.mm: (WebKit::PaymentAuthorizationPresenter::completePaymentMethodSelection): (WebKit::PaymentAuthorizationPresenter::completeShippingContactSelection): (WebKit::PaymentAuthorizationPresenter::completeShippingMethodSelection): * Platform/cocoa/WKPaymentAuthorizationDelegate.h: * Platform/cocoa/WKPaymentAuthorizationDelegate.mm: (-[WKPaymentAuthorizationDelegate completePaymentMethodSelection:]): (-[WKPaymentAuthorizationDelegate completeShippingContactSelection:]): (-[WKPaymentAuthorizationDelegate completeShippingMethodSelection:]): (-[WKPaymentAuthorizationDelegate _didSelectPaymentMethod:completion:]): (-[WKPaymentAuthorizationDelegate _didSelectShippingContact:completion:]): (-[WKPaymentAuthorizationDelegate _didSelectShippingMethod:completion:]): (-[WKPaymentAuthorizationDelegate completeShippingContactSelection:summaryItems:shippingMethods:errors:]): Deleted. * Shared/ApplePay/WebPaymentCoordinatorProxy.h: * Shared/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.h: * Shared/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.mm: (WebKit::WebPaymentCoordinatorProxy::platformPaymentRequest): (WebKit::toPKPaymentSummaryItemType): Deleted. (WebKit::toPKPaymentSummaryItem): Deleted. (WebKit::toPKPaymentSummaryItems): Deleted. * Shared/Cocoa/WebCoreArgumentCodersCocoa.mm: (IPC::ArgumentCoder<WebCore::PaymentMethodUpdate>::encode): (IPC::ArgumentCoder<WebCore::PaymentMethodUpdate>::decode): 2019-09-19 Andy Estes <aestes@apple.com> [Apple Pay] Clean up handling of summary items and payment method updates https://bugs.webkit.org/show_bug.cgi?id=202018 <rdar://problem/55470632> Reviewed by Tim Horton. Replaced the PaymentMethodUpdate struct with a class that knows how to convert from ApplePayPaymentMethodUpdate structs to PKPaymentRequestPaymentMethodUpdate instances. Moved some scattered-around free functions for converting payment summary items into PaymentSummaryItems{.h,Cocoa.mm}. * Modules/applepay/ApplePayPaymentMethodUpdate.h: * Modules/applepay/ApplePaySession.cpp: (WebCore::finishConverting): (WebCore::convertAndValidateTotal): (WebCore::convertAndValidate): * Modules/applepay/ApplePaySessionPaymentRequest.h: * Modules/applepay/PaymentCoordinator.h: * Modules/applepay/PaymentCoordinatorClient.h: * Modules/applepay/PaymentHeaders.h: * Modules/applepay/PaymentMethodUpdate.h: Added. * Modules/applepay/PaymentSummaryItems.h: Added. * Modules/applepay/cocoa/PaymentMethodUpdateCocoa.mm: Added. (WebCore::PaymentMethodUpdate::PaymentMethodUpdate): (WebCore::PaymentMethodUpdate::totalAndLineItems const): (WebCore::PaymentMethodUpdate::platformUpdate const): * Modules/applepay/cocoa/PaymentSummaryItemsCocoa.mm: Added. (WebCore::toDecimalNumber): (WebCore::toPKPaymentSummaryItemType): (WebCore::toPKPaymentSummaryItem): (WebCore::platformSummaryItems): * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp: (WebCore::ApplePayPaymentHandler::paymentMethodUpdated): * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: * testing/MockPaymentCoordinator.cpp: (WebCore::MockPaymentCoordinator::completePaymentMethodSelection): 2019-09-23 Alan Coon <alancoon@apple.com> Apply patch. rdar://problem/55608028 Tell websites why a session was cancelled https://bugs.webkit.org/show_bug.cgi?id=201912 Source/WebCore: Reviewed by Brady Eidson. Added ApplePayCancelEvent as the interface for ApplePaySession's cancel event. This event object includes a `sessionError` attribute that exposes a Web-safe version of the PassKit domain error we received from PKPaymentAuthorization(View)Controller. Currently, we report all errors with code "unknown", but more codes will be added in future patches. Test: http/tests/ssl/applepay/ApplePayCancelEvent.https.html * DerivedSources-input.xcfilelist: * DerivedSources-output.xcfilelist: * DerivedSources.make: * Modules/applepay/ApplePayCancelEvent.cpp: Copied from Source/WebCore/Modules/applepay/PaymentHeaders.h. (WebCore::ApplePayCancelEvent::ApplePayCancelEvent): (WebCore::ApplePayCancelEvent::sessionError const): (WebCore::ApplePayCancelEvent::eventInterface const): * Modules/applepay/ApplePayCancelEvent.h: Copied from Source/WebCore/Modules/applepay/PaymentHeaders.h. (WebCore::ApplePayCancelEvent::create): * Modules/applepay/ApplePayCancelEvent.idl: Copied from Source/WebCore/Modules/applepay/PaymentHeaders.h. * Modules/applepay/ApplePaySession.cpp: (WebCore::ApplePaySession::didCancelPaymentSession): * Modules/applepay/ApplePaySession.h: * Modules/applepay/ApplePaySessionError.h: Copied from Source/WebCore/Modules/applepay/PaymentHeaders.h. * Modules/applepay/ApplePaySessionError.idl: Copied from Source/WebCore/Modules/applepay/PaymentHeaders.h. * Modules/applepay/PaymentCoordinator.cpp: (WebCore::PaymentCoordinator::didCancelPaymentSession): * Modules/applepay/PaymentCoordinator.h: * Modules/applepay/PaymentHeaders.h: * Modules/applepay/PaymentSession.cpp: * Modules/applepay/PaymentSession.h: * Modules/applepay/PaymentSessionError.h: Copied from Source/WebCore/Modules/applepay/PaymentHeaders.h. * Modules/applepay/cocoa/PaymentSessionErrorCocoa.mm: Copied from Source/WebCore/Modules/applepay/PaymentSession.h. (WebCore::additionalError): (WebCore::PaymentSessionError::PaymentSessionError): (WebCore::PaymentSessionError::sessionError const): (WebCore::PaymentSessionError::platformError const): (WebCore::PaymentSessionError::unknownError const): * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp: (WebCore::ApplePayPaymentHandler::didCancelPaymentSession): * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h: * Modules/webgpu/WHLSL/WHLSLCheckTextureReferences.cpp: * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: * dom/EventNames.in: * testing/MockPaymentCoordinator.cpp: (WebCore::MockPaymentCoordinator::cancelPayment): Source/WebCore/PAL: <rdar://problem/55469706> Reviewed by Brady Eidson. Soft-linked PKPassKitErrorDomain and included PassKit headers more judiciously. * pal/cocoa/PassKitSoftLink.h: * pal/cocoa/PassKitSoftLink.mm: * pal/spi/cocoa/PassKitSPI.h: Source/WebKit: <rdar://problem/55469706> Reviewed by Brady Eidson. Remembered the error passed to -[WKPaymentAuthorizationDelegate _willFinishWithError:] and sent it to the WebContent process in Messages::WebPaymentCoordinator::DidCancelPaymentSession. * Platform/cocoa/PaymentAuthorizationPresenter.h: * Platform/cocoa/WKPaymentAuthorizationDelegate.mm: (-[WKPaymentAuthorizationDelegate _didFinish]): (-[WKPaymentAuthorizationDelegate _willFinishWithError:]): * Shared/ApplePay/WebPaymentCoordinatorProxy.cpp: (WebKit::WebPaymentCoordinatorProxy::didCancelPaymentSession): (WebKit::WebPaymentCoordinatorProxy::presenterDidFinish): * Shared/ApplePay/WebPaymentCoordinatorProxy.h: (WebKit::WebPaymentCoordinatorProxy::didCancelPaymentSession): * Shared/ApplePay/ios/WebPaymentCoordinatorProxyIOS.mm: * Shared/Cocoa/WebCoreArgumentCodersCocoa.mm: (IPC::ArgumentCoder<WebCore::PaymentSessionError>::encode): (IPC::ArgumentCoder<WebCore::PaymentSessionError>::decode): * Shared/WebCoreArgumentCoders.h: * WebProcess/ApplePay/WebPaymentCoordinator.cpp: (WebKit::WebPaymentCoordinator::networkProcessConnectionClosed): (WebKit::WebPaymentCoordinator::didCancelPaymentSession): * WebProcess/ApplePay/WebPaymentCoordinator.h: * WebProcess/ApplePay/WebPaymentCoordinator.messages.in: LayoutTests: Reviewed by Brady Eidson. * http/tests/ssl/applepay/ApplePayCancelEvent.https-expected.txt: Added. * http/tests/ssl/applepay/ApplePayCancelEvent.https.html: Added. 2019-09-18 Andy Estes <aestes@apple.com> [Apple Pay] Tell websites why a session was cancelled https://bugs.webkit.org/show_bug.cgi?id=201912 Reviewed by Brady Eidson. Added ApplePayCancelEvent as the interface for ApplePaySession's cancel event. This event object includes a `sessionError` attribute that exposes a Web-safe version of the PassKit domain error we received from PKPaymentAuthorization(View)Controller. Currently, we report all errors with code "unknown", but more codes will be added in future patches. Test: http/tests/ssl/applepay/ApplePayCancelEvent.https.html * DerivedSources-input.xcfilelist: * DerivedSources-output.xcfilelist: * DerivedSources.make: * Modules/applepay/ApplePayCancelEvent.cpp: Copied from Source/WebCore/Modules/applepay/PaymentHeaders.h. (WebCore::ApplePayCancelEvent::ApplePayCancelEvent): (WebCore::ApplePayCancelEvent::sessionError const): (WebCore::ApplePayCancelEvent::eventInterface const): * Modules/applepay/ApplePayCancelEvent.h: Copied from Source/WebCore/Modules/applepay/PaymentHeaders.h. (WebCore::ApplePayCancelEvent::create): * Modules/applepay/ApplePayCancelEvent.idl: Copied from Source/WebCore/Modules/applepay/PaymentHeaders.h. * Modules/applepay/ApplePaySession.cpp: (WebCore::ApplePaySession::didCancelPaymentSession): * Modules/applepay/ApplePaySession.h: * Modules/applepay/ApplePaySessionError.h: Copied from Source/WebCore/Modules/applepay/PaymentHeaders.h. * Modules/applepay/ApplePaySessionError.idl: Copied from Source/WebCore/Modules/applepay/PaymentHeaders.h. * Modules/applepay/PaymentCoordinator.cpp: (WebCore::PaymentCoordinator::didCancelPaymentSession): * Modules/applepay/PaymentCoordinator.h: * Modules/applepay/PaymentHeaders.h: * Modules/applepay/PaymentSession.cpp: * Modules/applepay/PaymentSession.h: * Modules/applepay/PaymentSessionError.h: Copied from Source/WebCore/Modules/applepay/PaymentHeaders.h. * Modules/applepay/cocoa/PaymentSessionErrorCocoa.mm: Copied from Source/WebCore/Modules/applepay/PaymentSession.h. (WebCore::additionalError): (WebCore::PaymentSessionError::PaymentSessionError): (WebCore::PaymentSessionError::sessionError const): (WebCore::PaymentSessionError::platformError const): (WebCore::PaymentSessionError::unknownError const): * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp: (WebCore::ApplePayPaymentHandler::didCancelPaymentSession): * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h: * Modules/webgpu/WHLSL/WHLSLCheckTextureReferences.cpp: * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: * dom/EventNames.in: * testing/MockPaymentCoordinator.cpp: (WebCore::MockPaymentCoordinator::cancelPayment): 2019-09-23 Alan Coon <alancoon@apple.com> Cherry-pick r250026. rdar://problem/55608017 [Cocoa] Add a WKA extension point https://bugs.webkit.org/show_bug.cgi?id=201801 <rdar://problem/55372507> Reviewed by Alexey Proskuryakov. * Modules/applepay/ApplePayRequestBase.cpp: (WebCore::requiresSupportedNetworks): (WebCore::convertAndValidate): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250026 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-18 Andy Estes <aestes@apple.com> [Cocoa] Add a WKA extension point https://bugs.webkit.org/show_bug.cgi?id=201801 <rdar://problem/55372507> Reviewed by Alexey Proskuryakov. * Modules/applepay/ApplePayRequestBase.cpp: (WebCore::requiresSupportedNetworks): (WebCore::convertAndValidate): 2019-09-17 Alan Coon <alancoon@apple.com> Cherry-pick r249954. rdar://problem/55461404 [First-letter] Use WeakPtr for the first-letter insertion point. https://bugs.webkit.org/show_bug.cgi?id=201842 <rdar://problem/51373788> Reviewed by Antti Koivisto. Source/WebCore: The about-to-be-removed first letter renderer's sibling could potentially be destroyed too as the result of the anonymous subtree collapsing logic (when the next sibling is a generated anonymous block and it is not needed anymore.) Test: fast/text/first-letter-with-columns-crash.html * rendering/updating/RenderTreeBuilderFirstLetter.cpp: (WebCore::RenderTreeBuilder::FirstLetter::updateStyle): LayoutTests: * fast/text/first-letter-with-columns-crash-expected.txt: Added. * fast/text/first-letter-with-columns-crash.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249954 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-17 Zalan Bujtas <zalan@apple.com> [First-letter] Use WeakPtr for the first-letter insertion point. https://bugs.webkit.org/show_bug.cgi?id=201842 <rdar://problem/51373788> Reviewed by Antti Koivisto. The about-to-be-removed first letter renderer's sibling could potentially be destroyed too as the result of the anonymous subtree collapsing logic (when the next sibling is a generated anonymous block and it is not needed anymore.) Test: fast/text/first-letter-with-columns-crash.html * rendering/updating/RenderTreeBuilderFirstLetter.cpp: (WebCore::RenderTreeBuilder::FirstLetter::updateStyle): 2019-09-17 Alan Coon <alancoon@apple.com> Cherry-pick r249888. rdar://problem/55461403 [WebIDL] Derived dictionaries should inherit their inherited dictionaries' partials https://bugs.webkit.org/show_bug.cgi?id=201802 Reviewed by Sam Weinig. Prior to this change, a dictionary D that inherits from dictionary B would not inherit B's partial dictionaries. Fixed this by moving supplemental dependencies processing from generate-bindings.pl to CodeGenerator.pm and reusing it in GetDictionaryByType. Added new bindings tests. * bindings/scripts/CodeGenerator.pm: (new): (ProcessDocument): (ProcessSupplementalDependencies): (shouldPropertyBeExposed): (GetDictionaryByType): * bindings/scripts/generate-bindings.pl: (generateBindings): (shouldPropertyBeExposed): Deleted. * bindings/scripts/test/JS/JSTestDerivedDictionary.cpp: Added. (WebCore::convertDictionary<TestDerivedDictionary>): (WebCore::convertDictionaryToJS): * bindings/scripts/test/JS/JSTestDerivedDictionary.h: Added. * bindings/scripts/test/JS/JSTestInheritedDictionary.cpp: Added. (WebCore::convertDictionary<TestInheritedDictionary>): (WebCore::convertDictionaryToJS): * bindings/scripts/test/JS/JSTestInheritedDictionary.h: Added. * bindings/scripts/test/TestDerivedDictionary.idl: Added. * bindings/scripts/test/TestInheritedDictionary.idl: Added. * bindings/scripts/test/TestSupplemental.idl: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249888 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-15 Andy Estes <aestes@apple.com> [WebIDL] Derived dictionaries should inherit their inherited dictionaries' partials https://bugs.webkit.org/show_bug.cgi?id=201802 Reviewed by Sam Weinig. Prior to this change, a dictionary D that inherits from dictionary B would not inherit B's partial dictionaries. Fixed this by moving supplemental dependencies processing from generate-bindings.pl to CodeGenerator.pm and reusing it in GetDictionaryByType. Added new bindings tests. * bindings/scripts/CodeGenerator.pm: (new): (ProcessDocument): (ProcessSupplementalDependencies): (shouldPropertyBeExposed): (GetDictionaryByType): * bindings/scripts/generate-bindings.pl: (generateBindings): (shouldPropertyBeExposed): Deleted. * bindings/scripts/test/JS/JSTestDerivedDictionary.cpp: Added. (WebCore::convertDictionary<TestDerivedDictionary>): (WebCore::convertDictionaryToJS): * bindings/scripts/test/JS/JSTestDerivedDictionary.h: Added. * bindings/scripts/test/JS/JSTestInheritedDictionary.cpp: Added. (WebCore::convertDictionary<TestInheritedDictionary>): (WebCore::convertDictionaryToJS): * bindings/scripts/test/JS/JSTestInheritedDictionary.h: Added. * bindings/scripts/test/TestDerivedDictionary.idl: Added. * bindings/scripts/test/TestInheritedDictionary.idl: Added. * bindings/scripts/test/TestSupplemental.idl: 2019-09-17 Alan Coon <alancoon@apple.com> Cherry-pick r247573. rdar://problem/55461395 [Pointer Events] The button and buttons properties are incorrect on iOS https://bugs.webkit.org/show_bug.cgi?id=199910 <rdar://problem/52778374> Reviewed by Dean Jackson. Source/WebCore: The button and buttons properties were always set to 0 on iOS. We now use the correct values such that button is always 0 except for "pointermove" where it's -1, and "buttons" is 1 as long as the pointer is in contact with the touch surface. Tests: pointerevents/ios/pointer-event-button-and-buttons-pointer-cancel.html pointerevents/ios/pointer-event-button-and-buttons.html * dom/ios/PointerEventIOS.cpp: (WebCore::buttonForType): (WebCore::buttonsForType): (WebCore::PointerEvent::PointerEvent): LayoutTests: * pointerevents/ios/pointer-event-button-and-buttons-expected.txt: Added. * pointerevents/ios/pointer-event-button-and-buttons-pointer-cancel-expected.txt: Added. * pointerevents/ios/pointer-event-button-and-buttons-pointer-cancel.html: Added. * pointerevents/ios/pointer-event-button-and-buttons.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247573 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-18 Antoine Quint <graouts@apple.com> [Pointer Events] The button and buttons properties are incorrect on iOS https://bugs.webkit.org/show_bug.cgi?id=199910 <rdar://problem/52778374> Reviewed by Dean Jackson. The button and buttons properties were always set to 0 on iOS. We now use the correct values such that button is always 0 except for "pointermove" where it's -1, and "buttons" is 1 as long as the pointer is in contact with the touch surface. Tests: pointerevents/ios/pointer-event-button-and-buttons-pointer-cancel.html pointerevents/ios/pointer-event-button-and-buttons.html * dom/ios/PointerEventIOS.cpp: (WebCore::buttonForType): (WebCore::buttonsForType): (WebCore::PointerEvent::PointerEvent): 2019-09-17 Alan Coon <alancoon@apple.com> Apply patch. rdar://problem/55240888 2019-09-17 Chris Dumez <cdumez@apple.com> Nullptr crash in Page::sessionID() via WebKit::WebFrameLoaderClient::detachedFromParent2() https://bugs.webkit.org/show_bug.cgi?id=201625 Reviewed by Ryosuke Niwa. This is based on a patch from Ryosuke Niwa. Drop setHasFrameSpecificStorageAccess() in WebCore and call it from the WebKit layer instead. * dom/DocumentStorageAccess.cpp: (WebCore::DocumentStorageAccess::requestStorageAccess): (WebCore::DocumentStorageAccess::setHasFrameSpecificStorageAccess): Deleted. * dom/DocumentStorageAccess.h: * loader/EmptyFrameLoaderClient.h: * loader/FrameLoaderClient.h: 2019-09-17 Alan Coon <alancoon@apple.com> Revert r249748. rdar://problem/55240888 2019-09-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249815. rdar://problem/55427483 REGRESSION (iOS 13): Top fixed element on apple.com flickers in size while pinching in https://bugs.webkit.org/show_bug.cgi?id=201668 rdar://problem/51934041 Reviewed by Frédéric Wang. Source/WebCore: When computing the new layout viewport rect in ScrollingTreeFrameScrollingNode, use "StickToDocumentBounds" mode, not "StickToViewportBounds", because otherwise we'll compute a layout viewport that has negative top/left offsets which causes fixed elements to jump outside the viewport. The only code that should be moving things outside the viewport (a temporary effect that happens when pinching) is the 'isBelowMinimumScale' path in WebPageProxy::computeCustomFixedPositionRect(). With this change ScrollingTreeFrameScrollingNode no longer needs m_behaviorForFixed; it can be removed later. Not currently testable, since it involves pinching in past minimum zoom and transients state. * page/scrolling/ScrollingTreeFrameScrollingNode.cpp: (WebCore::ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition const): Source/WebKit: The UI process can have transient state that pushes scrolling-tree-managed layers into custom locations while pinch-zooming. We have to apply this state both when the visible rects in the UI process change (existing code in -[WKContentView didUpdateVisibleRect:...]) and when we get new layers from the web process (added in RemoteLayerTreeDrawingAreaProxy::commitLayerTree() in this patch). Move some code into WebPageProxy to create functions that we can call from both places. For manual testing, visit a page with fixed banners, pinch in slightly, then pinch out and, while keeping your fingers down, move the contents around. * UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm: (WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree): * UIProcess/WebPageProxy.h: * UIProcess/ios/WKContentView.mm: (-[WKContentView didUpdateVisibleRect:unobscuredRect:contentInsets:unobscuredRectInScrollViewCoordinates:obscuredInsets:unobscuredSafeAreaInsets:inputViewBounds:scale:minimumScale:inStableState:isChangingObscuredInsetsInteractively:enclosedInScrollableAncestorView:]): * UIProcess/ios/WebPageProxyIOS.mm: (WebKit::WebPageProxy::unconstrainedLayoutViewportRect const): (WebKit::WebPageProxy::adjustLayersForLayoutViewport): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249815 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249813. rdar://problem/55427490 [Cocoa] Text indicator for an image link on the front page of apple.com looks wrong https://bugs.webkit.org/show_bug.cgi?id=201724 <rdar://problem/54622894> Reviewed by Tim Horton. Source/WebCore: When computing the bounds of the range (<a>, 0) to (<a>, 1) for a text indicator snapshot where <a> is a link with a single non-breaking whitespace character, we currently use the text rect of the single space. This leads to a confusing text indicator, as the resulting snapshot is a tiny blank square in the top left corner of the link. This problem manifests when starting a drag or showing the system context menu on iOS, or force clicking or three-finger tapping to show a preview on macOS. To address this scenario, tweak the heuristic in the case where the text indicator option TextIndicatorOptionUseBoundingRectAndPaintAllContentForComplexRanges is specified, such that we consider a range containing only text with whitespaces to be "complex"; additionally, instead of falling back to the range's bounding rect (which in this case is still tiny), fall back to the common ancestor container's bounding rect, which encompasses not only the text inside the range but also the element containing the range (in this case, the anchor element). Test: fast/text-indicator/text-indicator-empty-link.html * page/TextIndicator.cpp: (WebCore::containsOnlyWhiteSpaceText): Add a helper to determine whether a Range is comprised only of rendered text that only contains whitespace characters. (WebCore::initializeIndicator): See ChangeLog entry above for more detail. LayoutTests: Add a new layout test to exercise this scenario. * fast/text-indicator/text-indicator-empty-link-expected.txt: Added. * fast/text-indicator/text-indicator-empty-link.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249813 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-12 Wenson Hsieh <wenson_hsieh@apple.com> [Cocoa] Text indicator for an image link on the front page of apple.com looks wrong https://bugs.webkit.org/show_bug.cgi?id=201724 <rdar://problem/54622894> Reviewed by Tim Horton. When computing the bounds of the range (<a>, 0) to (<a>, 1) for a text indicator snapshot where <a> is a link with a single non-breaking whitespace character, we currently use the text rect of the single space. This leads to a confusing text indicator, as the resulting snapshot is a tiny blank square in the top left corner of the link. This problem manifests when starting a drag or showing the system context menu on iOS, or force clicking or three-finger tapping to show a preview on macOS. To address this scenario, tweak the heuristic in the case where the text indicator option TextIndicatorOptionUseBoundingRectAndPaintAllContentForComplexRanges is specified, such that we consider a range containing only text with whitespaces to be "complex"; additionally, instead of falling back to the range's bounding rect (which in this case is still tiny), fall back to the common ancestor container's bounding rect, which encompasses not only the text inside the range but also the element containing the range (in this case, the anchor element). Test: fast/text-indicator/text-indicator-empty-link.html * page/TextIndicator.cpp: (WebCore::containsOnlyWhiteSpaceText): Add a helper to determine whether a Range is comprised only of rendered text that only contains whitespace characters. (WebCore::initializeIndicator): See ChangeLog entry above for more detail. 2019-09-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249770. rdar://problem/55427487 REGRESSION (245006): can't scroll in "read more" view in Eventbrite app https://bugs.webkit.org/show_bug.cgi?id=201683 <rdar://problem/54582602> Reviewed by Simon Fraser. Source/WebCore: * platform/RuntimeApplicationChecks.h: * platform/cocoa/RuntimeApplicationChecksCocoa.mm: (WebCore::IOSApplication::isEventbrite): Source/WebKit: Content <body> has 'overflow:hidden'. * UIProcess/Cocoa/VersionChecks.h: * UIProcess/RemoteLayerTree/RemoteScrollingCoordinatorProxy.cpp: (WebKit::RemoteScrollingCoordinatorProxy::hasScrollableMainFrame const): Fix by adding an app specific LinkedOnOrAfter quirk that always allows main frame scrolling. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249770 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-11 Antti Koivisto <antti@apple.com> REGRESSION (245006): can't scroll in "read more" view in Eventbrite app https://bugs.webkit.org/show_bug.cgi?id=201683 <rdar://problem/54582602> Reviewed by Simon Fraser. * platform/RuntimeApplicationChecks.h: * platform/cocoa/RuntimeApplicationChecksCocoa.mm: (WebCore::IOSApplication::isEventbrite): 2019-09-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249762. rdar://problem/55427465 Prevent reentrancy FrameLoader::dispatchUnloadEvents() https://bugs.webkit.org/show_bug.cgi?id=200738 Reviewed by Brady Eidson. Reentrancy causes m_pageDismissalEventBeingDispatched to be incorrectly updated, so don't allow reentrancy. Since this prevents m_pageDismissalEventBeingDispatched from being reset inside a reentrant call, it can have the unintended effect of causing FrameLoader::stopAllLoaders to early-out when called from FrameLoader::detachFromParent while a frame's unload event handler calls document.open() on a parent frame and causes itself to become detached. Allowing a load to continue in a detached frame will lead to a crash. To prevent this, add a new argument to FrameLoader::stopAllLoaders that FrameLoader::detachFromParent can use to prevent an early-out. * loader/FrameLoader.cpp: (WebCore::FrameLoader::stopAllLoaders): (WebCore::FrameLoader::detachFromParent): (WebCore::FrameLoader::dispatchUnloadEvents): (WebCore::FrameLoader::dispatchBeforeUnloadEvent): Ensure that m_pageDismissalEventBeingDispatched is reset to its previous value, even if this is not None. * loader/FrameLoader.h: * loader/FrameLoaderTypes.h: Add a StopLoadingPolicy enum. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249762 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-11 Ali Juma <ajuma@chromium.org> Prevent reentrancy FrameLoader::dispatchUnloadEvents() https://bugs.webkit.org/show_bug.cgi?id=200738 Reviewed by Brady Eidson. Reentrancy causes m_pageDismissalEventBeingDispatched to be incorrectly updated, so don't allow reentrancy. Since this prevents m_pageDismissalEventBeingDispatched from being reset inside a reentrant call, it can have the unintended effect of causing FrameLoader::stopAllLoaders to early-out when called from FrameLoader::detachFromParent while a frame's unload event handler calls document.open() on a parent frame and causes itself to become detached. Allowing a load to continue in a detached frame will lead to a crash. To prevent this, add a new argument to FrameLoader::stopAllLoaders that FrameLoader::detachFromParent can use to prevent an early-out. * loader/FrameLoader.cpp: (WebCore::FrameLoader::stopAllLoaders): (WebCore::FrameLoader::detachFromParent): (WebCore::FrameLoader::dispatchUnloadEvents): (WebCore::FrameLoader::dispatchBeforeUnloadEvent): Ensure that m_pageDismissalEventBeingDispatched is reset to its previous value, even if this is not None. * loader/FrameLoader.h: * loader/FrameLoaderTypes.h: Add a StopLoadingPolicy enum. 2019-09-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249748. rdar://problem/55240888 Nullptr crash in Page::sessionID() via WebKit::WebFrameLoaderClient::detachedFromParent2() https://bugs.webkit.org/show_bug.cgi?id=201625 Reviewed by Ryosuke Niwa. This is based on a patch from Ryosuke Niwa. Source/WebCore: Drop setHasFrameSpecificStorageAccess() in WebCore and call it from the WebKit layer instead. * dom/DocumentStorageAccess.cpp: (WebCore::DocumentStorageAccess::requestStorageAccess): (WebCore::DocumentStorageAccess::setHasFrameSpecificStorageAccess): Deleted. * dom/DocumentStorageAccess.h: * loader/EmptyFrameLoaderClient.h: * loader/FrameLoaderClient.h: Source/WebKit: The crash was caused by WebFrameLoaderClient::sessionID() calling WebPage::sessionID() without checking the nullity of WebPage::m_page which can be null. Added a null check. Because passing a wrong session to RemoveStorageAccessForFrame could result in a leak, this patch also replaces m_hasFrameSpecificStorageAccess boolean with an optioanl struct which stores session ID, frame ID, and page ID even after WebCore::Frame or WebCore::Page had been cleared or before WebFrameLoaderClient::m_frame is set. * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp: (WebKit::WebFrameLoaderClient::sessionID const): (WebKit::WebFrameLoaderClient::setHasFrameSpecificStorageAccess): (WebKit::WebFrameLoaderClient::detachedFromParent2): (WebKit::WebFrameLoaderClient::dispatchWillChangeDocument): * WebProcess/WebCoreSupport/WebFrameLoaderClient.h: * WebProcess/WebPage/WebFrame.h: (WebKit::WebFrame::frameLoaderClient const): * WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::requestStorageAccess): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249748 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-10 Chris Dumez <cdumez@apple.com> Nullptr crash in Page::sessionID() via WebKit::WebFrameLoaderClient::detachedFromParent2() https://bugs.webkit.org/show_bug.cgi?id=201625 Reviewed by Ryosuke Niwa. This is based on a patch from Ryosuke Niwa. Drop setHasFrameSpecificStorageAccess() in WebCore and call it from the WebKit layer instead. * dom/DocumentStorageAccess.cpp: (WebCore::DocumentStorageAccess::requestStorageAccess): (WebCore::DocumentStorageAccess::setHasFrameSpecificStorageAccess): Deleted. * dom/DocumentStorageAccess.h: * loader/EmptyFrameLoaderClient.h: * loader/FrameLoaderClient.h: 2019-09-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249701. rdar://problem/55291696 Tap and hold on Facebook sometimes creates a tall empty selection. https://bugs.webkit.org/show_bug.cgi?id=201618 rdar://53630145 Reviewed by Megan Gardner. Source/WebCore: API Test: SelectionTests.ByWordAtEndOfDocument * editing/VisibleUnits.cpp: (WebCore::wordRangeFromPosition): Remove special case code for the possibility of an empty paragraph and at the end of the document. This is no longer needed and was causing a large selection to be created on Facebook due to large areas of non-selectable content on the page. Tools: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/ios/SelectionByWord.mm: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249701 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-09 Timothy Hatcher <timothy@apple.com> Tap and hold on Facebook sometimes creates a tall empty selection. https://bugs.webkit.org/show_bug.cgi?id=201618 rdar://53630145 Reviewed by Megan Gardner. API Test: SelectionTests.ByWordAtEndOfDocument * editing/VisibleUnits.cpp: (WebCore::wordRangeFromPosition): Remove special case code for the possibility of an empty paragraph and at the end of the document. This is no longer needed and was causing a large selection to be created on Facebook due to large areas of non-selectable content on the page. 2019-09-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249511. rdar://problem/55291693 Cancelled transitions on Google image search leave content with opacity 0 sometimes https://bugs.webkit.org/show_bug.cgi?id=201482 rdar://problem/54921036 Reviewed by Tim Horton. Source/WebCore: If, in a single rendering update, we started an accelerated opacity transition, and then removed it, we'd still push the transition onto the CALayer with fillForwards and never remove it, so its effects would last forever. Fix by making GraphicsLayerCA::removeAnimation() remove animations from the uncomittedAnimations list as well. Also fix layer names in debug; if a layer's primaryLayerID changed, we'd fail to rename the CALayer, causing confusion when logging at layer dumps. Fix by adding the layer ID just before pushing the name to the platform layer. Some drive-by logging cleanup. Test: legacy-animation-engine/compositing/transitions/add-remove-transition.html * platform/graphics/GraphicsLayer.cpp: (WebCore::GraphicsLayer::debugName const): * platform/graphics/GraphicsLayer.h: * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::setName): (WebCore::GraphicsLayerCA::debugName const): (WebCore::GraphicsLayerCA::addAnimation): (WebCore::GraphicsLayerCA::pauseAnimation): (WebCore::GraphicsLayerCA::seekAnimation): (WebCore::GraphicsLayerCA::removeAnimation): (WebCore::GraphicsLayerCA::platformCALayerAnimationStarted): (WebCore::GraphicsLayerCA::platformCALayerAnimationEnded): (WebCore::GraphicsLayerCA::updateNames): (WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes): * platform/graphics/ca/GraphicsLayerCA.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::logLayerInfo): LayoutTests: * legacy-animation-engine/compositing/transitions/add-remove-transition-expected.html: Added. * legacy-animation-engine/compositing/transitions/add-remove-transition.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249511 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249507. rdar://problem/55427491 Line artifacts in note body after viewing note with <attachment>s https://bugs.webkit.org/show_bug.cgi?id=201474 <rdar://problem/51306108> Reviewed by Simon Fraser. Source/WebCore: Test: fast/attachment/attachment-border-should-stay-inside-attachment.html * rendering/RenderThemeIOS.mm: (WebCore::attachmentBorderPath): (WebCore::paintAttachmentBorder): Inset the border rect by half the width, so that <attachment> doesn't paint out-of-bounds. LayoutTests: * fast/attachment/attachment-border-should-stay-inside-attachment-expected.html: Added. * fast/attachment/attachment-border-should-stay-inside-attachment.html: Added. Add a test that ensures that <attachment> stays inside its bounds. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249507 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-04 Tim Horton <timothy_horton@apple.com> Line artifacts in note body after viewing note with <attachment>s https://bugs.webkit.org/show_bug.cgi?id=201474 <rdar://problem/51306108> Reviewed by Simon Fraser. Test: fast/attachment/attachment-border-should-stay-inside-attachment.html * rendering/RenderThemeIOS.mm: (WebCore::attachmentBorderPath): (WebCore::paintAttachmentBorder): Inset the border rect by half the width, so that <attachment> doesn't paint out-of-bounds. 2019-09-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249854. rdar://problem/55427477 Crash under WebCore::firstPositionInNode() https://bugs.webkit.org/show_bug.cgi?id=201764 <rdar://problem/54823754> Reviewed by Wenson Hsieh and Geoff Garen. Make sure to keep a Ref<> to the textNode when we call insertNodeAtTabSpanPosition() or insertNodeAt(). Test: editing/firstPositionInNode-crash.html * editing/InsertTextCommand.cpp: (WebCore::InsertTextCommand::positionInsideTextNode): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249854 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-13 Chris Dumez <cdumez@apple.com> Crash under WebCore::firstPositionInNode() https://bugs.webkit.org/show_bug.cgi?id=201764 2019-09-11 Simon Fraser <simon.fraser@apple.com> REGRESSION (iOS 13): Top fixed element on apple.com flickers in size while pinching in https://bugs.webkit.org/show_bug.cgi?id=201668 rdar://problem/51934041 Reviewed by Frédéric Wang. When computing the new layout viewport rect in ScrollingTreeFrameScrollingNode, use "StickToDocumentBounds" mode, not "StickToViewportBounds", because otherwise we'll compute a layout viewport that has negative top/left offsets which causes fixed elements to jump outside the viewport. The only code that should be moving things outside the viewport (a temporary effect that happens when pinching) is the 'isBelowMinimumScale' path in WebPageProxy::computeCustomFixedPositionRect(). With this change ScrollingTreeFrameScrollingNode no longer needs m_behaviorForFixed; it can be removed later. Not currently testable, since it involves pinching in past minimum zoom and transients state. * page/scrolling/ScrollingTreeFrameScrollingNode.cpp: (WebCore::ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition const): <rdar://problem/54823754> Reviewed by Wenson Hsieh and Geoff Garen. Make sure to keep a Ref<> to the textNode when we call insertNodeAtTabSpanPosition() or insertNodeAt(). Test: editing/firstPositionInNode-crash.html * editing/InsertTextCommand.cpp: (WebCore::InsertTextCommand::positionInsideTextNode): 2019-09-09 Ryosuke Niwa <rniwa@webkit.org> REGRESSION (iOS 13): Bulleted list copied from Notes to Mail results in Times New Roman https://bugs.webkit.org/show_bug.cgi?id=201490 Reviewed by Daniel Bates. The bug was caused by an element in the pasted content not having any explicit font name resolving to use the font-family value of `-webkit-standard`. When such an inline style is inserted into Mail's WKWebView which sets a different font family, ReplaceSelectionCommand would fail to strip away, making the pasted content using the default font family of Times New Roman. Fixed the bug by stripping away font-family set to -webkit-standard in the sanitization document since that's indicative of the pasted content not having any font family being specified. In the future, we should consider making regular copy (as opposed to the copy for sanitization) resolve generic font family names to concrete font names since different WKWebView might be using different concrete font names. Unfortuantely, such a change is quite involved and risky since various paste side code in EditingStyle that removes redundant inline styles (i.e. redundant `font-family`) need to be aware of this special font family resolution. Tests: editing/pasteboard/paste-cocoa-writer-markup-with-webkit-standard-font-family.html PasteHTML.DoesNotAddStandardFontFamily * editing/EditingStyle.cpp: (WebCore::EditingStyle::mergeInlineAndImplicitStyleOfElement): (WebCore::EditingStyle::wrappingStyleForSerialization): (WebCore::familyNameFromCSSPrimitiveValue): Added. (WebCore::loneFontFamilyName): Extracted from usesForbiddenSystemFontAsOnlyFontFamilyName. Fixed a bug that it was not handling the case when `font-family` property's value is a CSSPrimitiveValue instead of a CSSValueList. (WebCore::usesForbiddenSystemFontAsOnlyFontFamilyName): Deleted. (WebCore::EditingStyle::mergeStyleFromRulesForSerialization): Remove `font-family` property when StandardFontFamilySerializationMode::Strip is specified and its value is `-webkit-standard`. * editing/EditingStyle.h: * editing/markup.cpp: (WebCore::StyledMarkupAccumulator::StyledMarkupAccumulator): Added StandardFontFamilySerializationMode as an argument. (WebCore::StyledMarkupAccumulator::appendStartTag): (WebCore::StyledMarkupAccumulator::serializeNodes): (WebCore::serializePreservingVisualAppearanceInternal): Ditto. (WebCore::serializePreservingVisualAppearance): Use StandardFontFamilySerializationMode::Keep to preserve the pre-existing behavior. (WebCore::sanitizedMarkupForFragmentInDocument): Use StandardFontFamilySerializationMode::Strip as this is the code used by sanitization code. 2019-09-09 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249605. rdar://problem/55182896 Incorrect selection rect revealed after pasting images in a contenteditable element https://bugs.webkit.org/show_bug.cgi?id=201549 <rdar://problem/50956429> Reviewed by Simon Fraser. Source/WebCore: Editor::replaceSelectionWithFragment currently scrolls to reveal the selection after inserting the given DocumentFragment. However, this scrolling occurs before any inserted images have loaded yet, which causes the wrong caret rect to be revealed, since all image elements inserted during paste will be empty. To fix this, we defer revealing the selection after inserting the fragment until after all images that have been inserted are done loading. While waiting for images to load, if any layers which may be scrolled as a result of revealing the selection are scrolled, we additionally cancel the deferred selection reveal. See comments below for more detail. Tests: editing/pasteboard/do-not-reveal-selection-after-programmatic-scroll.html editing/pasteboard/reveal-selection-after-pasting-images.html PasteImage.RevealSelectionAfterPastingImage * editing/Editing.cpp: (WebCore::visibleImageElementsInRangeWithNonLoadedImages): Add a new helper to iterate through a range and collect all image elements in that range, that contain cached images that have not finished loading yet. * editing/Editing.h: * editing/Editor.cpp: (WebCore::Editor::replaceSelectionWithFragment): Instead of always immediately revealing the selection after applying the ReplaceSelectionCommand, collect the image elements that were just inserted, and avoid immediately revealing the selection if any of these images have non-null cached images, but are not loaded yet. Instead, hold on to these images in a set, remove them once they finish loading using the new method below, and once all images are removed, reveal the selection. (WebCore::Editor::revealSelectionIfNeededAfterLoadingImageForElement): (WebCore::Editor::renderLayerDidScroll): Called whenever a scrollable RenderLayer is scrolled (or in the case of FrameView, the root layer). In the case where Editor is waiting to reveal the selection, we check to see if the scrolled layer is an ancestor of the layer enclosing the start of the selection. (WebCore::Editor::respondToChangedSelection): If the selection changes between pasting and waiting for pasted images to load, just cancel waiting to reveal the selection after pasting. * editing/Editor.h: * editing/ReplaceSelectionCommand.cpp: (WebCore::ReplaceSelectionCommand::insertedContentRange const): Add a helper method to grab the Range of content inserted after applying the command. * editing/ReplaceSelectionCommand.h: * page/FrameView.cpp: (WebCore::FrameView::scrollPositionChanged): * page/FrameView.h: * page/Page.cpp: (WebCore::Page::didFinishLoadingImageForElement): Notify Editor after an image finishes loading. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollTo): Source/WebKit: Tweak some existing logic to use the new visibleImageElementsInRangeWithNonLoadedImages helper function. See WebCore for more details. * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::didConcludeEditDrag): Tools: Add an API test to exercise the scenario where we scroll to reveal the selection after pasting an image that was directly written to the pasteboard. * TestWebKitAPI/Tests/WebKitCocoa/PasteImage.mm: LayoutTests: Add a couple of new layout tests. * editing/pasteboard/do-not-reveal-selection-after-programmatic-scroll-expected.txt: Added. * editing/pasteboard/do-not-reveal-selection-after-programmatic-scroll.html: Added. This test verifies that we don't try to scroll to reveal the caret after pasting, if the scroll position was changed before the images finished loading. * editing/pasteboard/reveal-selection-after-pasting-images-expected.txt: Added. * editing/pasteboard/reveal-selection-after-pasting-images.html: Added. * platform/ios/editing/pasteboard/reveal-selection-after-pasting-images-expected.txt: Added. This test verifies that we reveal the caret after loading multiple pasted images in a selection, and dispatch a scroll event in the process. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249605 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-06 Wenson Hsieh <wenson_hsieh@apple.com> Incorrect selection rect revealed after pasting images in a contenteditable element https://bugs.webkit.org/show_bug.cgi?id=201549 <rdar://problem/50956429> Reviewed by Simon Fraser. Editor::replaceSelectionWithFragment currently scrolls to reveal the selection after inserting the given DocumentFragment. However, this scrolling occurs before any inserted images have loaded yet, which causes the wrong caret rect to be revealed, since all image elements inserted during paste will be empty. To fix this, we defer revealing the selection after inserting the fragment until after all images that have been inserted are done loading. While waiting for images to load, if any layers which may be scrolled as a result of revealing the selection are scrolled, we additionally cancel the deferred selection reveal. See comments below for more detail. Tests: editing/pasteboard/do-not-reveal-selection-after-programmatic-scroll.html editing/pasteboard/reveal-selection-after-pasting-images.html PasteImage.RevealSelectionAfterPastingImage * editing/Editing.cpp: (WebCore::visibleImageElementsInRangeWithNonLoadedImages): Add a new helper to iterate through a range and collect all image elements in that range, that contain cached images that have not finished loading yet. * editing/Editing.h: * editing/Editor.cpp: (WebCore::Editor::replaceSelectionWithFragment): Instead of always immediately revealing the selection after applying the ReplaceSelectionCommand, collect the image elements that were just inserted, and avoid immediately revealing the selection if any of these images have non-null cached images, but are not loaded yet. Instead, hold on to these images in a set, remove them once they finish loading using the new method below, and once all images are removed, reveal the selection. (WebCore::Editor::revealSelectionIfNeededAfterLoadingImageForElement): (WebCore::Editor::renderLayerDidScroll): Called whenever a scrollable RenderLayer is scrolled (or in the case of FrameView, the root layer). In the case where Editor is waiting to reveal the selection, we check to see if the scrolled layer is an ancestor of the layer enclosing the start of the selection. (WebCore::Editor::respondToChangedSelection): If the selection changes between pasting and waiting for pasted images to load, just cancel waiting to reveal the selection after pasting. * editing/Editor.h: * editing/ReplaceSelectionCommand.cpp: (WebCore::ReplaceSelectionCommand::insertedContentRange const): Add a helper method to grab the Range of content inserted after applying the command. * editing/ReplaceSelectionCommand.h: * page/FrameView.cpp: (WebCore::FrameView::scrollPositionChanged): * page/FrameView.h: * page/Page.cpp: (WebCore::Page::didFinishLoadingImageForElement): Notify Editor after an image finishes loading. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollTo): 2019-09-09 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249581. rdar://problem/55202922 REGRESSION (iOS 13): If an overflow:hidden with a non-zero scroll position is toggled to overflow:scroll, some other scroll causes its scroll position to get reset https://bugs.webkit.org/show_bug.cgi?id=201528 rdar://problem/55044885 Reviewed by Frédéric Wang. Source/WebCore: If, when an overflow scrolling node is created, the scroller has non-zero scroll position (for example, via toggling to overflow:hidden, setting scrollTop, then toggling to overflow:scroll), then on the next update its scroll position will reset back to zero. The bug was that newly created ScrollingTreeScrollingNodes didn't set m_currentScrollPosition to the scroll position coming from the state node, so a subsequent update could cause the 0,0 currentScrollPosition to get applied. If we're making a new node, and there's no requestedScrollPosition, then initialize m_currentScrollPosition. Test: scrollingcoordinator/ios/scroller-initial-scroll-position.html * page/scrolling/ScrollingTreeScrollingNode.cpp: (WebCore::ScrollingTreeScrollingNode::commitStateBeforeChildren): (WebCore::ScrollingTreeScrollingNode::commitStateAfterChildren): * page/scrolling/ScrollingTreeScrollingNode.h: LayoutTests: * scrollingcoordinator/ios/scroller-initial-scroll-position-expected.html: Added. * scrollingcoordinator/ios/scroller-initial-scroll-position.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249581 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-09 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249565. rdar://problem/55113261 AccessibilityRenderObject::setSelectedTextRange fails to set the selection passed an empty line. https://bugs.webkit.org/show_bug.cgi?id=201518 <rdar://problem/54835122> Patch by Andres Gonzalez <andresg_22@apple.com> on 2019-09-06 Reviewed by Ryosuke Niwa. Source/WebCore: Test: accessibility/set-selected-text-range-after-newline.html In the case of an empty line, the CharacterIterator range start and end were not equal, thus we were not advancing the iterator and returning the iterator range end, which is not correct. With this change we are always advancing the iterator if its text is just '\n'. This covers all the cases we fixed before plus empty lines. * editing/Editing.cpp: (WebCore::visiblePositionForIndexUsingCharacterIterator): LayoutTests: Extended this test to set the selection range passed an empty line. * accessibility/set-selected-text-range-after-newline-expected.txt: * accessibility/set-selected-text-range-after-newline.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249565 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-06 Andres Gonzalez <andresg_22@apple.com> AccessibilityRenderObject::setSelectedTextRange fails to set the selection passed an empty line. https://bugs.webkit.org/show_bug.cgi?id=201518 <rdar://problem/54835122> Reviewed by Ryosuke Niwa. Test: accessibility/set-selected-text-range-after-newline.html In the case of an empty line, the CharacterIterator range start and end were not equal, thus we were not advancing the iterator and returning the iterator range end, which is not correct. With this change we are always advancing the iterator if its text is just '\n'. This covers all the cases we fixed before plus empty lines. * editing/Editing.cpp: (WebCore::visiblePositionForIndexUsingCharacterIterator): 2019-09-09 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249534. rdar://problem/55183098 AX: children cache are not re-computed if tab index is removed https://bugs.webkit.org/show_bug.cgi?id=201502 Reviewed by Zalan Bujtas. Source/WebCore: Test: accessibility/tabindex-removed.html If the tabindex changes, it can potentially affect whether an element is accessible. If we don't update the children cache information can be stale and lead to incorrect navigation with VoiceOver. * accessibility/AXObjectCache.cpp: (WebCore::AXObjectCache::handleAttributeChange): LayoutTests: * accessibility/tabindex-removed-expected.txt: Added. * accessibility/tabindex-removed.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249534 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-05 Chris Fleizach <cfleizach@apple.com> AX: children cache are not re-computed if tab index is removed https://bugs.webkit.org/show_bug.cgi?id=201502 Reviewed by Zalan Bujtas. Test: accessibility/tabindex-removed.html If the tabindex changes, it can potentially affect whether an element is accessible. If we don't update the children cache information can be stale and lead to incorrect navigation with VoiceOver. * accessibility/AXObjectCache.cpp: (WebCore::AXObjectCache::handleAttributeChange): 2019-09-09 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249493. rdar://problem/55182906 [iPadOS] Unable to change sheets on Airtable.com https://bugs.webkit.org/show_bug.cgi?id=201456 <rdar://problem/51557377> Patch by Antoine Quint <graouts@apple.com> on 2019-09-04 Reviewed by Dean Jackson. Simulated mouse events are required to be able to manipulate cells and and columns on Airtable.com. However, dispatching a "mousedown" event on tabs allowing to pick a different sheet ends up calling preventDefault() and prevent "click" events from being dispatched, which makes it impossible to change sheet. We now limit the dispatch of simulated mouse events to the grid. * page/Quirks.cpp: (WebCore::Quirks::simulatedMouseEventTypeForTarget const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249493 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-04 Antoine Quint <graouts@apple.com> [iPadOS] Unable to change sheets on Airtable.com https://bugs.webkit.org/show_bug.cgi?id=201456 <rdar://problem/51557377> Reviewed by Dean Jackson. Simulated mouse events are required to be able to manipulate cells and and columns on Airtable.com. However, dispatching a "mousedown" event on tabs allowing to pick a different sheet ends up calling preventDefault() and prevent "click" events from being dispatched, which makes it impossible to change sheet. We now limit the dispatch of simulated mouse events to the grid. * page/Quirks.cpp: (WebCore::Quirks::simulatedMouseEventTypeForTarget const): 2019-09-09 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248170. rdar://problem/55183128 [iOS] Directly use RealtimeMediaSourceCenter to compute the media capture state https://bugs.webkit.org/show_bug.cgi?id=200368 <rdar://problem/53191450> Unreviewed. Build fix by guarding with MEDIA_STREAM in addition to IOS. * dom/Document.cpp: (WebCore::Document::updateIsPlayingMedia): (WebCore::Document::pageMutedStateDidChange): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248170 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-09-04 Simon Fraser <simon.fraser@apple.com> Cancelled transitions on Google image search leave content with opacity 0 sometimes https://bugs.webkit.org/show_bug.cgi?id=201482 rdar://problem/54921036 Reviewed by Tim Horton. If, in a single rendering update, we started an accelerated opacity transition, and then removed it, we'd still push the transition onto the CALayer with fillForwards and never remove it, so its effects would last forever. Fix by making GraphicsLayerCA::removeAnimation() remove animations from the uncomittedAnimations list as well. Also fix layer names in debug; if a layer's primaryLayerID changed, we'd fail to rename the CALayer, causing confusion when logging at layer dumps. Fix by adding the layer ID just before pushing the name to the platform layer. Some drive-by logging cleanup. Test: legacy-animation-engine/compositing/transitions/add-remove-transition.html * platform/graphics/GraphicsLayer.cpp: (WebCore::GraphicsLayer::debugName const): * platform/graphics/GraphicsLayer.h: * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::setName): (WebCore::GraphicsLayerCA::debugName const): (WebCore::GraphicsLayerCA::addAnimation): (WebCore::GraphicsLayerCA::pauseAnimation): (WebCore::GraphicsLayerCA::seekAnimation): (WebCore::GraphicsLayerCA::removeAnimation): (WebCore::GraphicsLayerCA::platformCALayerAnimationStarted): (WebCore::GraphicsLayerCA::platformCALayerAnimationEnded): (WebCore::GraphicsLayerCA::updateNames): (WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes): * platform/graphics/ca/GraphicsLayerCA.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::logLayerInfo): 2019-08-02 Youenn Fablet <youenn@apple.com> [iOS] Directly use RealtimeMediaSourceCenter to compute the media capture state https://bugs.webkit.org/show_bug.cgi?id=200368 <rdar://problem/53191450> Unreviewed. Build fix by guarding with MEDIA_STREAM in addition to IOS. * dom/Document.cpp: (WebCore::Document::updateIsPlayingMedia): (WebCore::Document::pageMutedStateDidChange): 2019-09-09 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248161. rdar://problem/55183128 [iOS] Directly use RealtimeMediaSourceCenter to compute the media capture state https://bugs.webkit.org/show_bug.cgi?id=200368 <rdar://problem/53191450> Reviewed by Eric Carlson. Instead of registering a MediaStreamTrack as a media producer to compute capture state, go directly to the sources from the RealtimeMediaSourceCenter. Do the same when requested to mute capture tracks. No observable change of behavior. Covered by manual test on iOS and existing tests. * Modules/mediastream/MediaStreamTrack.cpp: (WebCore::MediaStreamTrack::MediaStreamTrack): (WebCore::MediaStreamTrack::~MediaStreamTrack): (WebCore::MediaStreamTrack::mediaState const): (WebCore::sourceCaptureState): (WebCore::MediaStreamTrack::captureState): (WebCore::MediaStreamTrack::muteCapture): * Modules/mediastream/MediaStreamTrack.h: * dom/Document.cpp: (WebCore::Document::updateIsPlayingMedia): (WebCore::Document::pageMutedStateDidChange): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248161 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-02 Youenn Fablet <youenn@apple.com> [iOS] Directly use RealtimeMediaSourceCenter to compute the media capture state https://bugs.webkit.org/show_bug.cgi?id=200368 <rdar://problem/53191450> Reviewed by Eric Carlson. Instead of registering a MediaStreamTrack as a media producer to compute capture state, go directly to the sources from the RealtimeMediaSourceCenter. Do the same when requested to mute capture tracks. No observable change of behavior. Covered by manual test on iOS and existing tests. * Modules/mediastream/MediaStreamTrack.cpp: (WebCore::MediaStreamTrack::MediaStreamTrack): (WebCore::MediaStreamTrack::~MediaStreamTrack): (WebCore::MediaStreamTrack::mediaState const): (WebCore::sourceCaptureState): (WebCore::MediaStreamTrack::captureState): (WebCore::MediaStreamTrack::muteCapture): * Modules/mediastream/MediaStreamTrack.h: * dom/Document.cpp: (WebCore::Document::updateIsPlayingMedia): (WebCore::Document::pageMutedStateDidChange): 2019-09-04 Mark Lam <mark.lam@apple.com> Cherry-pick 248143. rdar://problem/55000992 2019-08-01 Mark Lam <mark.lam@apple.com> Add crash diagnostics for debugging unexpected zapped cells. https://bugs.webkit.org/show_bug.cgi?id=200149 <rdar://problem/53570112> Reviewed by Yusuke Suzuki. No new tests because this is a feature for debugging crashes. It has been tested manually by modifying the code to force a crash at the point of interest. Added some comments to document the hashes of known subspaces. * bindings/js/WebCoreJSClientData.cpp: (WebCore::JSVMClientData::JSVMClientData): 2019-09-04 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249147. rdar://problem/55001178 Removing fullscreen element in rAF() callback after requestFullscreen() can leave fullscreen in inconsistent state. https://bugs.webkit.org/show_bug.cgi?id=201101 <rdar://problem/54164587> Reviewed by Eric Carlson. Source/WebCore: Test: fullscreen/full-screen-request-removed-with-raf.html Add a new state variable, m_pendingFullscreenElement, to track which element is about to become the fullscreen element, so that when elements are removed or cancelFullscreen() is called, the state machine inside the fullscreen algorithm can cancel effectively. * dom/FullscreenManager.cpp: (WebCore::FullscreenManager::requestFullscreenForElement): (WebCore::FullscreenManager::cancelFullscreen): (WebCore::FullscreenManager::exitFullscreen): (WebCore::FullscreenManager::willEnterFullscreen): (WebCore::FullscreenManager::willExitFullscreen): (WebCore::FullscreenManager::didExitFullscreen): (WebCore::FullscreenManager::adjustFullscreenElementOnNodeRemoval): (WebCore::FullscreenManager::clear): (WebCore::FullscreenManager::fullscreenElementRemoved): Deleted. * dom/FullscreenManager.h: Source/WebKit: Add more state to track in which direction the animation is flowing to allow in-process animations to be cancelled more gracefully. * UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm: (-[WKFullScreenWindowController enterFullScreen]): (-[WKFullScreenWindowController beganEnterFullScreenWithInitialFrame:finalFrame:]): (-[WKFullScreenWindowController requestExitFullScreen]): (-[WKFullScreenWindowController exitFullScreen]): * WebProcess/cocoa/VideoFullscreenManager.h: (WebKit::VideoFullscreenInterfaceContext::animationState const): (WebKit::VideoFullscreenInterfaceContext::setAnimationState): (WebKit::VideoFullscreenInterfaceContext::isAnimating const): Deleted. (WebKit::VideoFullscreenInterfaceContext::setIsAnimating): Deleted. * WebProcess/cocoa/VideoFullscreenManager.mm: (WebKit::VideoFullscreenManager::enterVideoFullscreenForVideoElement): (WebKit::VideoFullscreenManager::exitVideoFullscreenForVideoElement): (WebKit::VideoFullscreenManager::didEnterFullscreen): (WebKit::VideoFullscreenManager::didCleanupFullscreen): LayoutTests: * fullscreen/full-screen-request-removed-with-raf-expected.txt: Added. * fullscreen/full-screen-request-removed-with-raf.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249147 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-26 Jer Noble <jer.noble@apple.com> Removing fullscreen element in rAF() callback after requestFullscreen() can leave fullscreen in inconsistent state. https://bugs.webkit.org/show_bug.cgi?id=201101 <rdar://problem/54164587> Reviewed by Eric Carlson. Test: fullscreen/full-screen-request-removed-with-raf.html Add a new state variable, m_pendingFullscreenElement, to track which element is about to become the fullscreen element, so that when elements are removed or cancelFullscreen() is called, the state machine inside the fullscreen algorithm can cancel effectively. * dom/FullscreenManager.cpp: (WebCore::FullscreenManager::requestFullscreenForElement): (WebCore::FullscreenManager::cancelFullscreen): (WebCore::FullscreenManager::exitFullscreen): (WebCore::FullscreenManager::willEnterFullscreen): (WebCore::FullscreenManager::willExitFullscreen): (WebCore::FullscreenManager::didExitFullscreen): (WebCore::FullscreenManager::adjustFullscreenElementOnNodeRemoval): (WebCore::FullscreenManager::clear): (WebCore::FullscreenManager::fullscreenElementRemoved): Deleted. * dom/FullscreenManager.h: 2019-09-04 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249140. rdar://problem/55001152 Image pasted from screenshot into Mail compose window via share sheet has the wrong aspect ratio https://bugs.webkit.org/show_bug.cgi?id=201171 <rdar://problem/54671275> Reviewed by Tim Horton. Augments an existing app-specific hack to include the Mail composition service, in addition to Mail. * platform/RuntimeApplicationChecks.h: * platform/cocoa/RuntimeApplicationChecksCocoa.mm: (WebCore::IOSApplication::isMailCompositionService): Add a new bundle checking method for the Mail composition service (com.apple.MailCompositionService). * platform/ios/PlatformPasteboardIOS.mm: (WebCore::PlatformPasteboard::informationForItemAtIndex): Only plumb the preferred presentation height through to the web process if the application is neither Mail nor the Mail composition service. In the future, we should consider putting this hack behind SPI, or maybe only expose the preferred presentation width in all apps (it isn't difficult to imagine a use case where a "Mail- compose-like" web app has `img { max-width: 100%; }` in their stylesheet). git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249140 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-27 Wenson Hsieh <wenson_hsieh@apple.com> Image pasted from screenshot into Mail compose window via share sheet has the wrong aspect ratio https://bugs.webkit.org/show_bug.cgi?id=201171 <rdar://problem/54671275> Reviewed by Tim Horton. Augments an existing app-specific hack to include the Mail composition service, in addition to Mail. * platform/RuntimeApplicationChecks.h: * platform/cocoa/RuntimeApplicationChecksCocoa.mm: (WebCore::IOSApplication::isMailCompositionService): Add a new bundle checking method for the Mail composition service (com.apple.MailCompositionService). * platform/ios/PlatformPasteboardIOS.mm: (WebCore::PlatformPasteboard::informationForItemAtIndex): Only plumb the preferred presentation height through to the web process if the application is neither Mail nor the Mail composition service. In the future, we should consider putting this hack behind SPI, or maybe only expose the preferred presentation width in all apps (it isn't difficult to imagine a use case where a "Mail- compose-like" web app has `img { max-width: 100%; }` in their stylesheet). 2019-09-03 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249339. rdar://problem/55001170 Caret does not appear in text field inside a transformed, overflow: hidden container https://bugs.webkit.org/show_bug.cgi?id=201317 <rdar://problem/54859264> Reviewed by Simon Fraser. Source/WebCore: This patch refactors the heuristic for determining whether to suppress selection gestures and UI in a way that fixes the corner case encountered in this bug. To understand why this test case fails with our existing heuristic, consider the below test case. Let's say we have an input field inside an "overflow: hidden;" container, which is positioned in such a way that it is completely clipped by its enclosing container which is also "overflow: hidden". Our existing logic would appropriately identify this as a hidden editable element. However, let's now apply a transform to the input field's closest "overflow: hidden" ancestor, such that the field is now visible. Since RenderLayer::offsetFromAncestor doesn't take transforms into account when we try to find the offset of the "overflow: hidden" layer relative to the root view, we end up passing an offsetFromRoot of (0, 100vw) to RenderLayer::calculateClipRects, which computes a background clip rect of (0, 0, 100vw, 100vh). This means that at the end of RenderLayer::calculateClipRects, we end up intersecting the background clip rect (0, 0, 100vw, 100vh) against (100vw, 0, 100vw, 100vh), which results in the empty rect, and subsequently makes us believe we're editing a hidden editable element. Instead of tacking on more logic to isTransparentOrFullyClippedRespectingParentFrames, we can fix this by using RenderObject::computeVisibleRectInContainer instead, performing a similar walk up the render tree to compute the visible rect of each focused element or subframe relative to its root. This is capable of taking transforms into account. See comments below for more details. Test: editing/selection/ios/show-selection-in-transformed-container-2.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::isTransparentRespectingParentFrames const): Split out isTransparentOrFullyClippedRespectingParentFrames into two methods: RenderLayer's isTransparentRespectingParentFrames, and RenderObject's hasNonEmptyVisibleRectRespectingParentFrames. The transparency check starts at the enclosing layer and walks up the layer tree, while the non-empty visible rect check looks for renderers that are completely empty relative to their root views. * rendering/RenderLayer.h: * rendering/RenderObject.cpp: (WebCore::RenderObject::hasNonEmptyVisibleRectRespectingParentFrames const): Rewrite logic for detecting completely clipped editable areas (that formerly lived in isTransparentOrFullyClippedRespectingParentFrames) to use computeVisibleRectInContainer instead. * rendering/RenderObject.h: Source/WebKit: Adjust isTransparentOrFullyClipped to use the new methods in RenderLayer and RenderObject. See WebCore ChangeLog for more details. * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::isTransparentOrFullyClipped const): LayoutTests: Add a new layout test that covers this scenario. See WebCore ChangeLog for additional detail. * editing/selection/ios/show-selection-in-transformed-container-2-expected.txt: Added. * editing/selection/ios/show-selection-in-transformed-container-2.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249339 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-30 Wenson Hsieh <wenson_hsieh@apple.com> Caret does not appear in text field inside a transformed, overflow: hidden container https://bugs.webkit.org/show_bug.cgi?id=201317 <rdar://problem/54859264> Reviewed by Simon Fraser. This patch refactors the heuristic for determining whether to suppress selection gestures and UI in a way that fixes the corner case encountered in this bug. To understand why this test case fails with our existing heuristic, consider the below test case. Let's say we have an input field inside an "overflow: hidden;" container, which is positioned in such a way that it is completely clipped by its enclosing container which is also "overflow: hidden". Our existing logic would appropriately identify this as a hidden editable element. However, let's now apply a transform to the input field's closest "overflow: hidden" ancestor, such that the field is now visible. Since RenderLayer::offsetFromAncestor doesn't take transforms into account when we try to find the offset of the "overflow: hidden" layer relative to the root view, we end up passing an offsetFromRoot of (0, 100vw) to RenderLayer::calculateClipRects, which computes a background clip rect of (0, 0, 100vw, 100vh). This means that at the end of RenderLayer::calculateClipRects, we end up intersecting the background clip rect (0, 0, 100vw, 100vh) against (100vw, 0, 100vw, 100vh), which results in the empty rect, and subsequently makes us believe we're editing a hidden editable element. Instead of tacking on more logic to isTransparentOrFullyClippedRespectingParentFrames, we can fix this by using RenderObject::computeVisibleRectInContainer instead, performing a similar walk up the render tree to compute the visible rect of each focused element or subframe relative to its root. This is capable of taking transforms into account. See comments below for more details. Test: editing/selection/ios/show-selection-in-transformed-container-2.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::isTransparentRespectingParentFrames const): Split out isTransparentOrFullyClippedRespectingParentFrames into two methods: RenderLayer's isTransparentRespectingParentFrames, and RenderObject's hasNonEmptyVisibleRectRespectingParentFrames. The transparency check starts at the enclosing layer and walks up the layer tree, while the non-empty visible rect check looks for renderers that are completely empty relative to their root views. * rendering/RenderLayer.h: * rendering/RenderObject.cpp: (WebCore::RenderObject::hasNonEmptyVisibleRectRespectingParentFrames const): Rewrite logic for detecting completely clipped editable areas (that formerly lived in isTransparentOrFullyClippedRespectingParentFrames) to use computeVisibleRectInContainer instead. * rendering/RenderObject.h: 2019-09-03 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249115. rdar://problem/55001212 Don't compute upconverted characters twice in buildQuery() in DataDetection.mm <https://webkit.org/b/201144> <rdar://problem/54689399> Reviewed by Brent Fulgham. Source/WebCore: * editing/cocoa/DataDetection.mm: (WebCore::buildQuery): Extract common variables to prevent double conversion for 8-bit strings. Tools: 2019-09-06 Simon Fraser <simon.fraser@apple.com> REGRESSION (iOS 13): If an overflow:hidden with a non-zero scroll position is toggled to overflow:scroll, some other scroll causes its scroll position to get reset https://bugs.webkit.org/show_bug.cgi?id=201528 rdar://problem/55044885 Reviewed by Frédéric Wang. If, when an overflow scrolling node is created, the scroller has non-zero scroll position (for example, via toggling to overflow:hidden, setting scrollTop, then toggling to overflow:scroll), then on the next update its scroll position will reset back to zero. The bug was that newly created ScrollingTreeScrollingNodes didn't set m_currentScrollPosition to the scroll position coming from the state node, so a subsequent update could cause the 0,0 currentScrollPosition to get applied. If we're making a new node, and there's no requestedScrollPosition, then initialize m_currentScrollPosition. Test: scrollingcoordinator/ios/scroller-initial-scroll-position.html * page/scrolling/ScrollingTreeScrollingNode.cpp: (WebCore::ScrollingTreeScrollingNode::commitStateBeforeChildren): (WebCore::ScrollingTreeScrollingNode::commitStateAfterChildren): * page/scrolling/ScrollingTreeScrollingNode.h: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Add DataDetectorsTestIOS.mm to the project. * TestWebKitAPI/Tests/ios/DataDetectorsTestIOS.mm: Add a new test for Data Detectors for phone numbers. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249115 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-26 David Kilzer <ddkilzer@apple.com> Don't compute upconverted characters twice in buildQuery() in DataDetection.mm <https://webkit.org/b/201144> <rdar://problem/54689399> Reviewed by Brent Fulgham. * editing/cocoa/DataDetection.mm: (WebCore::buildQuery): Extract common variables to prevent double conversion for 8-bit strings. 2019-09-03 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249026. rdar://problem/55001375 Crash may happen when an SVG <feImage> element references the root <svg> element https://bugs.webkit.org/show_bug.cgi?id=201014 Reviewed by Ryosuke Niwa. Source/WebCore: When an <feImage> references an <svg> element as its target image but this <svg> element is also one of the ancestors of the <feImage>, the parent <filter> should not be applied. Test: svg/filters/filter-image-ref-root.html * svg/SVGFEImageElement.cpp: (WebCore::SVGFEImageElement::build const): LayoutTests: Ensure the cyclic reference between the <feImage> renderer and its ancestor <svg> root renderer is broken. * svg/filters/filter-image-ref-root-expected.txt: Added. * svg/filters/filter-image-ref-root.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249026 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-22 Said Abou-Hallawa <sabouhallawa@apple.com> Crash may happen when an SVG <feImage> element references the root <svg> element https://bugs.webkit.org/show_bug.cgi?id=201014 Reviewed by Ryosuke Niwa. When an <feImage> references an <svg> element as its target image but this <svg> element is also one of the ancestors of the <feImage>, the parent <filter> should not be applied. Test: svg/filters/filter-image-ref-root.html * svg/SVGFEImageElement.cpp: (WebCore::SVGFEImageElement::build const): 2019-09-03 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248692. rdar://problem/55001378 [Cocoa] Add some WKA extension points https://bugs.webkit.org/show_bug.cgi?id=200506 <rdar://problem/51682474> Reviewed by Tim Horton. Source/WebCore: * Modules/applepay/ApplePayPayment.h: * Modules/applepay/ApplePayPaymentMethod.h: * Modules/applepay/ApplePayRequestBase.cpp: (WebCore::finishConverting): (WebCore::convertAndValidate): * Modules/applepay/ApplePayRequestBase.h: * Modules/applepay/ApplePaySessionPaymentRequest.h: * Modules/applepay/PaymentCoordinatorClient.cpp: (WebCore::PaymentCoordinatorClient::supportsVersion): * Modules/applepay/cocoa/PaymentCocoa.mm: (WebCore::convert): * Modules/applepay/cocoa/PaymentMethodCocoa.mm: (WebCore::finishConverting): (WebCore::convert): Source/WebKit: * Shared/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.mm: (WebKit::finishCreating): (WebKit::WebPaymentCoordinatorProxy::platformPaymentRequest): * Shared/Cocoa/WebCoreArgumentCodersCocoa.mm: (IPC::finishDecoding): (IPC::finishEncoding): (IPC::ArgumentCoder<ApplePaySessionPaymentRequest>::encode): (IPC::ArgumentCoder<ApplePaySessionPaymentRequest>::decode): * Shared/WebCoreArgumentCoders.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248692 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-14 Andy Estes <aestes@apple.com> [Cocoa] Add some WKA extension points https://bugs.webkit.org/show_bug.cgi?id=200506 <rdar://problem/51682474> Reviewed by Tim Horton. * Modules/applepay/ApplePayPayment.h: * Modules/applepay/ApplePayPaymentMethod.h: * Modules/applepay/ApplePayRequestBase.cpp: (WebCore::finishConverting): (WebCore::convertAndValidate): * Modules/applepay/ApplePayRequestBase.h: * Modules/applepay/ApplePaySessionPaymentRequest.h: * Modules/applepay/PaymentCoordinatorClient.cpp: (WebCore::PaymentCoordinatorClient::supportsVersion): * Modules/applepay/cocoa/PaymentCocoa.mm: (WebCore::convert): * Modules/applepay/cocoa/PaymentMethodCocoa.mm: (WebCore::finishConverting): (WebCore::convert): 2019-09-03 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248275. rdar://problem/55001373 [WebIDL] Support partial dictionaries and conditional dictionary members https://bugs.webkit.org/show_bug.cgi?id=200441 Reviewed by Alex Christensen. Added new bindings tests. * bindings/scripts/CodeGeneratorJS.pm: (GenerateDictionaryImplementationContent): * bindings/scripts/IDLParser.pm: (parsePartialDefinition): (parsePartialInterface): Deleted. (parsePartialDictionary): Deleted. * bindings/scripts/generate-bindings.pl: (generateBindings): * bindings/scripts/preprocess-idls.pl: (getPartialNamesFromIDL): (getPartialInterfaceNameFromIDL): Deleted. * bindings/scripts/test/JS/JSTestEventConstructor.cpp: (WebCore::convertDictionary<TestEventConstructor::Init>): * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp: (WebCore::convertDictionary<DictionaryImplName>): (WebCore::convertDictionaryToJS): * bindings/scripts/test/JS/JSTestStandaloneDictionary.h: * bindings/scripts/test/TestStandaloneDictionary.idl: * bindings/scripts/test/TestSupplemental.idl: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248275 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-05 Andy Estes <aestes@apple.com> [WebIDL] Support partial dictionaries and conditional dictionary members https://bugs.webkit.org/show_bug.cgi?id=200441 Reviewed by Alex Christensen. Added new bindings tests. * bindings/scripts/CodeGeneratorJS.pm: (GenerateDictionaryImplementationContent): * bindings/scripts/IDLParser.pm: (parsePartialDefinition): (parsePartialInterface): Deleted. (parsePartialDictionary): Deleted. * bindings/scripts/generate-bindings.pl: (generateBindings): * bindings/scripts/preprocess-idls.pl: (getPartialNamesFromIDL): (getPartialInterfaceNameFromIDL): Deleted. * bindings/scripts/test/JS/JSTestEventConstructor.cpp: (WebCore::convertDictionary<TestEventConstructor::Init>): * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp: (WebCore::convertDictionary<DictionaryImplName>): (WebCore::convertDictionaryToJS): * bindings/scripts/test/JS/JSTestStandaloneDictionary.h: * bindings/scripts/test/TestStandaloneDictionary.idl: * bindings/scripts/test/TestSupplemental.idl: 2019-08-28 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249156. rdar://problem/54775048 Crash under WebCore::jsNotificationConstructorPermission https://bugs.webkit.org/show_bug.cgi?id=201186 <rdar://problem/53962833> Reviewed by Youenn Fablet. Source/WebCore: Update the Notification API implementation to null-check the page before using. The page becomes null when using the API in a frame that gets detached from its parent while in the middle of running script. Test: http/tests/notifications/request-in-detached-frame.html * Modules/notifications/Notification.cpp: (WebCore::Notification::permission): (WebCore::Notification::requestPermission): LayoutTests: Add layout test coverage. * http/tests/notifications/request-in-detached-frame-expected.txt: Added. * http/tests/notifications/request-in-detached-frame.html: Added. * http/tests/notifications/resources/request-in-detached-frame-subframe.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249156 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-27 Chris Dumez <cdumez@apple.com> Crash under WebCore::jsNotificationConstructorPermission https://bugs.webkit.org/show_bug.cgi?id=201186 <rdar://problem/53962833> Reviewed by Youenn Fablet. Update the Notification API implementation to null-check the page before using. The page becomes null when using the API in a frame that gets detached from its parent while in the middle of running script. Test: http/tests/notifications/request-in-detached-frame.html * Modules/notifications/Notification.cpp: (WebCore::Notification::permission): (WebCore::Notification::requestPermission): 2019-08-28 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249154. rdar://problem/54775050 Disabled devices should not be taken into account when searching for a capture device https://bugs.webkit.org/show_bug.cgi?id=201183 <rdar://problem/54353440> Reviewed by Jer Noble. Manually tested. * platform/mediastream/mac/CoreAudioCaptureDeviceManager.cpp: (WebCore::CoreAudioCaptureDeviceManager::coreAudioDeviceWithUID): We currently keep a list of devices, some of which might be disabled. We should not take into account disabled devices, only enabled devices when doing this search. * platform/mediastream/mac/CoreAudioCaptureSource.cpp: (WebCore::CoreAudioSharedUnit::setupAudioUnit): Improve logging. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249154 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-27 Youenn Fablet <youenn@apple.com> Disabled devices should not be taken into account when searching for a capture device https://bugs.webkit.org/show_bug.cgi?id=201183 <rdar://problem/54353440> Reviewed by Jer Noble. Manually tested. * platform/mediastream/mac/CoreAudioCaptureDeviceManager.cpp: (WebCore::CoreAudioCaptureDeviceManager::coreAudioDeviceWithUID): We currently keep a list of devices, some of which might be disabled. We should not take into account disabled devices, only enabled devices when doing this search. * platform/mediastream/mac/CoreAudioCaptureSource.cpp: (WebCore::CoreAudioSharedUnit::setupAudioUnit): Improve logging. 2019-08-27 Alan Coon <alancoon@apple.com> Revert r249140. rdar://problem/54749102 2019-08-27 Alan Coon <alancoon@apple.com> Revert r249147. rdar://problem/54751753 2019-08-27 Alan Coon <alancoon@apple.com> Cherry-pick r249147. rdar://problem/54751753 Removing fullscreen element in rAF() callback after requestFullscreen() can leave fullscreen in inconsistent state. https://bugs.webkit.org/show_bug.cgi?id=201101 <rdar://problem/54164587> Reviewed by Eric Carlson. Source/WebCore: Test: fullscreen/full-screen-request-removed-with-raf.html Add a new state variable, m_pendingFullscreenElement, to track which element is about to become the fullscreen element, so that when elements are removed or cancelFullscreen() is called, the state machine inside the fullscreen algorithm can cancel effectively. * dom/FullscreenManager.cpp: (WebCore::FullscreenManager::requestFullscreenForElement): (WebCore::FullscreenManager::cancelFullscreen): (WebCore::FullscreenManager::exitFullscreen): (WebCore::FullscreenManager::willEnterFullscreen): (WebCore::FullscreenManager::willExitFullscreen): (WebCore::FullscreenManager::didExitFullscreen): (WebCore::FullscreenManager::adjustFullscreenElementOnNodeRemoval): (WebCore::FullscreenManager::clear): (WebCore::FullscreenManager::fullscreenElementRemoved): Deleted. * dom/FullscreenManager.h: Source/WebKit: Add more state to track in which direction the animation is flowing to allow in-process animations to be cancelled more gracefully. * UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm: (-[WKFullScreenWindowController enterFullScreen]): (-[WKFullScreenWindowController beganEnterFullScreenWithInitialFrame:finalFrame:]): (-[WKFullScreenWindowController requestExitFullScreen]): (-[WKFullScreenWindowController exitFullScreen]): * WebProcess/cocoa/VideoFullscreenManager.h: (WebKit::VideoFullscreenInterfaceContext::animationState const): (WebKit::VideoFullscreenInterfaceContext::setAnimationState): (WebKit::VideoFullscreenInterfaceContext::isAnimating const): Deleted. (WebKit::VideoFullscreenInterfaceContext::setIsAnimating): Deleted. * WebProcess/cocoa/VideoFullscreenManager.mm: (WebKit::VideoFullscreenManager::enterVideoFullscreenForVideoElement): (WebKit::VideoFullscreenManager::exitVideoFullscreenForVideoElement): (WebKit::VideoFullscreenManager::didEnterFullscreen): (WebKit::VideoFullscreenManager::didCleanupFullscreen): LayoutTests: * fullscreen/full-screen-request-removed-with-raf-expected.txt: Added. * fullscreen/full-screen-request-removed-with-raf.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249147 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-26 Jer Noble <jer.noble@apple.com> Removing fullscreen element in rAF() callback after requestFullscreen() can leave fullscreen in inconsistent state. https://bugs.webkit.org/show_bug.cgi?id=201101 <rdar://problem/54164587> Reviewed by Eric Carlson. Test: fullscreen/full-screen-request-removed-with-raf.html Add a new state variable, m_pendingFullscreenElement, to track which element is about to become the fullscreen element, so that when elements are removed or cancelFullscreen() is called, the state machine inside the fullscreen algorithm can cancel effectively. * dom/FullscreenManager.cpp: (WebCore::FullscreenManager::requestFullscreenForElement): (WebCore::FullscreenManager::cancelFullscreen): (WebCore::FullscreenManager::exitFullscreen): (WebCore::FullscreenManager::willEnterFullscreen): (WebCore::FullscreenManager::willExitFullscreen): (WebCore::FullscreenManager::didExitFullscreen): (WebCore::FullscreenManager::adjustFullscreenElementOnNodeRemoval): (WebCore::FullscreenManager::clear): (WebCore::FullscreenManager::fullscreenElementRemoved): Deleted. * dom/FullscreenManager.h: 2019-08-27 Alan Coon <alancoon@apple.com> Cherry-pick r249140. rdar://problem/54749102 Image pasted from screenshot into Mail compose window via share sheet has the wrong aspect ratio https://bugs.webkit.org/show_bug.cgi?id=201171 <rdar://problem/54671275> Reviewed by Tim Horton. Augments an existing app-specific hack to include the Mail composition service, in addition to Mail. * platform/RuntimeApplicationChecks.h: * platform/cocoa/RuntimeApplicationChecksCocoa.mm: (WebCore::IOSApplication::isMailCompositionService): Add a new bundle checking method for the Mail composition service (com.apple.MailCompositionService). * platform/ios/PlatformPasteboardIOS.mm: (WebCore::PlatformPasteboard::informationForItemAtIndex): Only plumb the preferred presentation height through to the web process if the application is neither Mail nor the Mail composition service. In the future, we should consider putting this hack behind SPI, or maybe only expose the preferred presentation width in all apps (it isn't difficult to imagine a use case where a "Mail- compose-like" web app has `img { max-width: 100%; }` in their stylesheet). git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249140 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-27 Wenson Hsieh <wenson_hsieh@apple.com> Image pasted from screenshot into Mail compose window via share sheet has the wrong aspect ratio https://bugs.webkit.org/show_bug.cgi?id=201171 <rdar://problem/54671275> Reviewed by Tim Horton. Augments an existing app-specific hack to include the Mail composition service, in addition to Mail. * platform/RuntimeApplicationChecks.h: * platform/cocoa/RuntimeApplicationChecksCocoa.mm: (WebCore::IOSApplication::isMailCompositionService): Add a new bundle checking method for the Mail composition service (com.apple.MailCompositionService). * platform/ios/PlatformPasteboardIOS.mm: (WebCore::PlatformPasteboard::informationForItemAtIndex): Only plumb the preferred presentation height through to the web process if the application is neither Mail nor the Mail composition service. In the future, we should consider putting this hack behind SPI, or maybe only expose the preferred presentation width in all apps (it isn't difficult to imagine a use case where a "Mail- compose-like" web app has `img { max-width: 100%; }` in their stylesheet). 2019-08-27 Alan Coon <alancoon@apple.com> Cherry-pick r249074. rdar://problem/54735492 [iOS] [WebKit2] Tapping on the “I’m” text suggestion after typing “i’” does nothing https://bugs.webkit.org/show_bug.cgi?id=201085 <rdar://problem/53056118> Reviewed by Tim Horton. Source/WebCore: Exposes an existing quote folding function as a helper on TextIterator, and also adjusts foldQuoteMarks to take a const String& rather than a String. See WebKit ChangeLog for more details. * editing/TextIterator.cpp: (WebCore::foldQuoteMarks): (WebCore::SearchBuffer::SearchBuffer): * editing/TextIterator.h: Source/WebKit: Currently, logic in applyAutocorrectionInternal only selects the range to autocorrect if the text of the range matches the string to replace (delivered to us from UIKit). In the case of changing "I’" to "I’m", the string to replace is "I'" (with a straight quote rather than an apostrophe), even though the DOM contains an apostrophe. This is because kbd believes that the document context contains straight quotes (rather than apostrophes). For native text views, this works out because UIKit uses relative UITextPositions to determine the replacement range rather than by checking against the contents of the document. However, WKWebView does not have the ability to synchronously compute and reason about arbitrary UITextPositions relative to the selection, so we instead search for the string near the current selection when applying autocorrections. Of course, this doesn't work in this scenario because the replacement string contains a straight quote, yet the text node contains an apostrophe, so we bail and don't end up replacing any text. To address this, we repurpose TextIterator helpers currently used to allow find-in-page to match straight quotes against apostrophes; instead of matching the replacement string exactly, we instead match the quote-folded versions of these strings when finding the range to replace. Test: fast/events/ios/autocorrect-with-apostrophe.html * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::applyAutocorrectionInternal): LayoutTests: Add a new layout test to verify that "I’" can be autocorrected to "I’m". * fast/events/ios/autocorrect-with-apostrophe-expected.txt: Added. * fast/events/ios/autocorrect-with-apostrophe.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249074 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-23 Wenson Hsieh <wenson_hsieh@apple.com> [iOS] [WebKit2] Tapping on the “I’m” text suggestion after typing “i’” does nothing https://bugs.webkit.org/show_bug.cgi?id=201085 <rdar://problem/53056118> Reviewed by Tim Horton. Exposes an existing quote folding function as a helper on TextIterator, and also adjusts foldQuoteMarks to take a const String& rather than a String. See WebKit ChangeLog for more details. * editing/TextIterator.cpp: (WebCore::foldQuoteMarks): (WebCore::SearchBuffer::SearchBuffer): * editing/TextIterator.h: 2019-08-27 Alan Coon <alancoon@apple.com> Cherry-pick r248886. rdar://problem/54365278 Source/WebCore: [Cocoa] Fix misspelling of -preventsDisplaySleepForVideoPlayback https://bugs.webkit.org/show_bug.cgi?id=200774 <rdar://problem/54321071> Reviewed by Eric Carlson. Only declare the API on platforms where that API is undefined, so as to catch this kind of misspelling at compile time. * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer): Source/WebCore/PAL: [Cocoa] Adopt -preventDisplaySleepForVideoPlayback https://bugs.webkit.org/show_bug.cgi?id=200774 <rdar://problem/54321071> Reviewed by Eric Carlson. * pal/spi/mac/AVFoundationSPI.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248886 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-19 Jer Noble <jer.noble@apple.com> [Cocoa] Fix misspelling of -preventsDisplaySleepForVideoPlayback https://bugs.webkit.org/show_bug.cgi?id=200774 <rdar://problem/54321071> Reviewed by Eric Carlson. Only declare the API on platforms where that API is undefined, so as to catch this kind of misspelling at compile time. * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer): 2019-08-23 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248969. rdar://problem/54643450 Crash under StringImpl::~StringImpl() in IDBServer::computeSpaceUsedForOrigin() https://bugs.webkit.org/show_bug.cgi?id=200989 <rdar://problem/54565546> Reviewed by Alex Christensen. Make sure we call isolatedCopy() on IDBServer::m_databaseDirectoryPath before using it from background threads. * Modules/indexeddb/server/IDBServer.cpp: (WebCore::IDBServer::IDBServer::createBackingStore): (WebCore::IDBServer::IDBServer::performGetAllDatabaseNames): (WebCore::IDBServer::IDBServer::removeDatabasesModifiedSinceForVersion): (WebCore::IDBServer::IDBServer::performCloseAndDeleteDatabasesModifiedSince): (WebCore::IDBServer::IDBServer::removeDatabasesWithOriginsForVersion): (WebCore::IDBServer::IDBServer::performCloseAndDeleteDatabasesForOrigins): (WebCore::IDBServer::IDBServer::computeSpaceUsedForOrigin): (WebCore::IDBServer::IDBServer::upgradeFilesIfNecessary): * Modules/indexeddb/server/IDBServer.h: (WebCore::IDBServer::IDBServer::databaseDirectoryPath const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248969 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-21 Chris Dumez <cdumez@apple.com> Crash under StringImpl::~StringImpl() in IDBServer::computeSpaceUsedForOrigin() https://bugs.webkit.org/show_bug.cgi?id=200989 <rdar://problem/54565546> Reviewed by Alex Christensen. Make sure we call isolatedCopy() on IDBServer::m_databaseDirectoryPath before using it from background threads. * Modules/indexeddb/server/IDBServer.cpp: (WebCore::IDBServer::IDBServer::createBackingStore): (WebCore::IDBServer::IDBServer::performGetAllDatabaseNames): (WebCore::IDBServer::IDBServer::removeDatabasesModifiedSinceForVersion): (WebCore::IDBServer::IDBServer::performCloseAndDeleteDatabasesModifiedSince): (WebCore::IDBServer::IDBServer::removeDatabasesWithOriginsForVersion): (WebCore::IDBServer::IDBServer::performCloseAndDeleteDatabasesForOrigins): (WebCore::IDBServer::IDBServer::computeSpaceUsedForOrigin): (WebCore::IDBServer::IDBServer::upgradeFilesIfNecessary): * Modules/indexeddb/server/IDBServer.h: (WebCore::IDBServer::IDBServer::databaseDirectoryPath const): 2019-08-23 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248971. rdar://problem/54643440 Crash under StringImpl::endsWith() in SQLiteIDBBackingStore::fullDatabaseDirectoryWithUpgrade() https://bugs.webkit.org/show_bug.cgi?id=200990 <rdar://problem/54566439> Reviewed by Alex Christensen. Make sure we call isolatedCopy() on SQLiteIDBBackingStore::m_databaseRootDirectory before using it from background threads. * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp: (WebCore::IDBServer::SQLiteIDBBackingStore::fullDatabaseDirectoryWithUpgrade): (WebCore::IDBServer::SQLiteIDBBackingStore::databasesSizeForOrigin const): (WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore): * Modules/indexeddb/server/SQLiteIDBBackingStore.h: (WebCore::IDBServer::SQLiteIDBBackingStore::databaseRootDirectory const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248971 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-21 Chris Dumez <cdumez@apple.com> Crash under StringImpl::endsWith() in SQLiteIDBBackingStore::fullDatabaseDirectoryWithUpgrade() https://bugs.webkit.org/show_bug.cgi?id=200990 <rdar://problem/54566439> Reviewed by Alex Christensen. Make sure we call isolatedCopy() on SQLiteIDBBackingStore::m_databaseRootDirectory before using it from background threads. * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp: (WebCore::IDBServer::SQLiteIDBBackingStore::fullDatabaseDirectoryWithUpgrade): (WebCore::IDBServer::SQLiteIDBBackingStore::databasesSizeForOrigin const): (WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore): * Modules/indexeddb/server/SQLiteIDBBackingStore.h: (WebCore::IDBServer::SQLiteIDBBackingStore::databaseRootDirectory const): 2019-08-23 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248967. rdar://problem/54643456 Crash under StringImpl::endsWith() in RegistrationDatabase::openSQLiteDatabase() https://bugs.webkit.org/show_bug.cgi?id=200991 <rdar://problem/54566689> Reviewed by Geoffrey Garen. Make sure we call isolatedCopy() on RegistrationDatabase::m_databaseDirectory before using it from background threads. * workers/service/server/RegistrationDatabase.cpp: (WebCore::RegistrationDatabase::openSQLiteDatabase): (WebCore::RegistrationDatabase::clearAll): * workers/service/server/RegistrationDatabase.h: (WebCore::RegistrationDatabase::databaseDirectory const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248967 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-21 Chris Dumez <cdumez@apple.com> Crash under StringImpl::endsWith() in RegistrationDatabase::openSQLiteDatabase() https://bugs.webkit.org/show_bug.cgi?id=200991 <rdar://problem/54566689> Reviewed by Geoffrey Garen. Make sure we call isolatedCopy() on RegistrationDatabase::m_databaseDirectory before using it from background threads. * workers/service/server/RegistrationDatabase.cpp: (WebCore::RegistrationDatabase::openSQLiteDatabase): (WebCore::RegistrationDatabase::clearAll): * workers/service/server/RegistrationDatabase.h: (WebCore::RegistrationDatabase::databaseDirectory const): 2019-08-22 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r249006. rdar://problem/54600921 Typing Korean in title field after typing in the body inserts extraneous characters on blog.naver.com https://bugs.webkit.org/show_bug.cgi?id=201023 <rdar://problem/54294794> Reviewed by Ryosuke Niwa. Source/WebCore: Ensures that we recognize the blog editor on blog.naver.com to be a hidden editable area. This website places focus inside an editable body element of a subframe that is completely empty (width: 0 and border: 0). See the WebKit ChangeLog for more details. Test: editing/selection/ios/do-not-show-selection-in-empty-borderless-subframe.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::calculateClipRects const): Source/WebKit: After r242833, we began to avoid sending redundant ElementDidFocus updates in the case where a focused element was blurred and refocused within the same runloop. This was done to prevent the input view from flickering due to input view reloading, as well as scrolling to reveal the focused element, when tapping to change selection on Microsoft Word online. However, on blog.naver.com, these ElementDidFocus messages were necessary in order to ensure that the platform input context changes when moving between the title and body fields, or when tapping to change selection. This is because blog.naver.com uses a hidden contenteditable area under a subframe (see WebCore ChangeLog for more detail here). While text is never directly inserted into this hidden contenteditable, the events are observed and used to "play back" editing in the main visible content area. Thus, when moving between the title and body fields (or when changing selection within either), the only hint we get is that the hidden editable element is blurred and immediately refocused. Since we no longer send ElementDidFocus updates in this scenario, UIKeyboardImpl and kbd are not aware that the page has effectively changed input contexts. Combined with the fact that Korean IME on iOS may insert additional text given the document context (i.e. text that the input manager, kbd, thinks we've previously inserted), this means that when typing several characters into the body field on naver and then switching to edit the title, initial keystrokes may insert unexpected text in the title field. To fix this, we add some hooks to notify the UI process when an element that was blurred has been immediately refocused. Upon receiving this message, the UI process then tells UIKeyboardImpl to re-retrieve its input context, which calls into -requestAutocorrectionContextWithCompletionHandler: in WKContentView. While notorious for being synchronous IPC, this is mitigated by (1) being limiting to only instances where we have a hidden editable area, and (2) being limited by a batching mechanism in the web process, such that if the focused element is blurred, refocused, re-blurred, and refocused many times in the same runloop, we'll only send a single UpdateInputContextAfterBlurringAndRefocusingElement message (as opposed to the many ElementDidFocus messages we would've sent in previous releases). * Platform/spi/ios/UIKitSPI.h: * UIProcess/PageClient.h: * UIProcess/WebPageProxy.h: * UIProcess/WebPageProxy.messages.in: Add a new mechanism to update the platform input context (on iOS, UIKeyboardImpl's document state) when focus moves away from and immediately returns to a hidden editable element. * UIProcess/ios/PageClientImplIOS.h: * UIProcess/ios/PageClientImplIOS.mm: (WebKit::PageClientImpl::updateInputContextAfterBlurringAndRefocusingElement): * UIProcess/ios/WKContentViewInteraction.h: * UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView _updateInputContextAfterBlurringAndRefocusingElement]): Tell the active UIKeyboardImpl to refetch document state from the WKContentView. While this does result in a new autocorrection context request (which, unfortunately, triggers synchronous IPC to the web process), this request would've still happened anyways in the case where we would previously have sent an ElementDidFocus message. * UIProcess/ios/WebPageProxyIOS.mm: (WebKit::WebPageProxy::updateInputContextAfterBlurringAndRefocusingElement): * WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::elementDidFocus): In the case where we avoid sending a full ElementDidFocus message to the UI process due to refocusing the same element, we should still notify the UI process so that it can synchronize state between the application process and kbd. See above for more details. (WebKit::WebPage::elementDidBlur): (WebKit::WebPage::updateInputContextAfterBlurringAndRefocusingElementIfNeeded): * WebProcess/WebPage/WebPage.h: * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::updateInputContextAfterBlurringAndRefocusingElementIfNeeded): LayoutTests: Add a new layout test to verify that we suppress text interactions when focusing an editable element inside an empty, borderless subframe. * editing/selection/ios/do-not-show-selection-in-empty-borderless-subframe-expected.txt: Added. * editing/selection/ios/do-not-show-selection-in-empty-borderless-subframe.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249006 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-22 Wenson Hsieh <wenson_hsieh@apple.com> Typing Korean in title field after typing in the body inserts extraneous characters on blog.naver.com https://bugs.webkit.org/show_bug.cgi?id=201023 <rdar://problem/54294794> Reviewed by Ryosuke Niwa. Ensures that we recognize the blog editor on blog.naver.com to be a hidden editable area. This website places focus inside an editable body element of a subframe that is completely empty (width: 0 and border: 0). See the WebKit ChangeLog for more details. Test: editing/selection/ios/do-not-show-selection-in-empty-borderless-subframe.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::calculateClipRects const): 2019-08-22 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248977. rdar://problem/54599960 Do not adjust viewport if editing selection is already visible https://bugs.webkit.org/show_bug.cgi?id=200907 <rdar://problem/53903417> Reviewed by Simon Fraser. Source/WebCore: Test: fast/scrolling/ios/autoscroll-input-when-very-zoomed.html Currently due to scrolling being mostly handled by integers, we are getting issues with rounding errors when trying to adjust the viewport while editing text when we are significantly zoomed in. The real fix would be to start dealing with scrolling with floats/doubles, but until such time, we should early out of adjusting selections that we are certain are currently visible. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollRectToVisible): LayoutTests: * fast/scrolling/ios/autoscroll-input-when-very-zoomed-expected.txt: Added. * fast/scrolling/ios/autoscroll-input-when-very-zoomed.html: Added. * resources/ui-helper.js: (window.UIHelper.immediateZoomToScale): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248977 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-21 Megan Gardner <megan_gardner@apple.com> Do not adjust viewport if editing selection is already visible https://bugs.webkit.org/show_bug.cgi?id=200907 <rdar://problem/53903417> Reviewed by Simon Fraser. Test: fast/scrolling/ios/autoscroll-input-when-very-zoomed.html Currently due to scrolling being mostly handled by integers, we are getting issues with rounding errors when trying to adjust the viewport while editing text when we are significantly zoomed in. The real fix would be to start dealing with scrolling with floats/doubles, but until such time, we should early out of adjusting selections that we are certain are currently visible. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollRectToVisible): 2019-08-22 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248997. rdar://problem/54579627 Unreviewed build fix; add a 'final' declaration on shouldOverridePauseDuringRouteChange(). * Modules/mediastream/MediaStream.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248997 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-21 Jer Noble <jer.noble@apple.com> Unreviewed build fix; add a 'final' declaration on shouldOverridePauseDuringRouteChange(). * Modules/mediastream/MediaStream.h: 2019-08-21 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248978. rdar://problem/54579627 Adopt AVSystemController_ActiveAudioRouteDidChangeNotification https://bugs.webkit.org/show_bug.cgi?id=200992 <rdar://problem/54408993> Reviewed by Eric Carlson. Follow-up to r248962: When the active audio route changes, and the system instructs us to pause, only pause the currently audible sessions. * platform/audio/ios/MediaSessionManagerIOS.h: * platform/audio/ios/MediaSessionManagerIOS.mm: (WebCore::MediaSessionManageriOS::activeAudioRouteDidChange): (-[WebMediaSessionHelper activeAudioRouteDidChange:]): (WebCore::MediaSessionManageriOS::activeRouteDidChange): Deleted. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248978 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-21 Jer Noble <jer.noble@apple.com> Adopt AVSystemController_ActiveAudioRouteDidChangeNotification https://bugs.webkit.org/show_bug.cgi?id=200992 <rdar://problem/54408993> Reviewed by Eric Carlson. Follow-up to r248962: When the active audio route changes, and the system instructs us to pause, only pause the currently audible sessions. * platform/audio/ios/MediaSessionManagerIOS.h: * platform/audio/ios/MediaSessionManagerIOS.mm: (WebCore::MediaSessionManageriOS::activeAudioRouteDidChange): (-[WebMediaSessionHelper activeAudioRouteDidChange:]): (WebCore::MediaSessionManageriOS::activeRouteDidChange): Deleted. 2019-08-21 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248962. rdar://problem/54579627 Adopt AVSystemController_ActiveAudioRouteDidChangeNotification https://bugs.webkit.org/show_bug.cgi?id=200992 <rdar://problem/54408993> Reviewed by Eric Carlson. When the system notifies us that the active audio route has changed in such a way that necessitates pausing, pause all media sessions, exempting those that are associated with WebRTC, since "pausing" an active audio conference isn't really possible. * Modules/mediastream/MediaStream.h: * platform/audio/PlatformMediaSession.cpp: (WebCore::PlatformMediaSession::shouldOverridePauseDuringRouteChange const): * platform/audio/PlatformMediaSession.h: (WebCore::PlatformMediaSessionClient::shouldOverridePauseDuringRouteChange const): * platform/audio/ios/MediaSessionManagerIOS.h: * platform/audio/ios/MediaSessionManagerIOS.mm: (WebCore::MediaSessionManageriOS::activeRouteDidChange): (-[WebMediaSessionHelper initWithCallback:]): (-[WebMediaSessionHelper activeAudioRouteDidChange:]): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248962 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-21 Jer Noble <jer.noble@apple.com> Adopt AVSystemController_ActiveAudioRouteDidChangeNotification https://bugs.webkit.org/show_bug.cgi?id=200992 <rdar://problem/54408993> Reviewed by Eric Carlson. When the system notifies us that the active audio route has changed in such a way that necessitates pausing, pause all media sessions, exempting those that are associated with WebRTC, since "pausing" an active audio conference isn't really possible. * Modules/mediastream/MediaStream.h: * platform/audio/PlatformMediaSession.cpp: (WebCore::PlatformMediaSession::shouldOverridePauseDuringRouteChange const): * platform/audio/PlatformMediaSession.h: (WebCore::PlatformMediaSessionClient::shouldOverridePauseDuringRouteChange const): * platform/audio/ios/MediaSessionManagerIOS.h: * platform/audio/ios/MediaSessionManagerIOS.mm: (WebCore::MediaSessionManageriOS::activeRouteDidChange): (-[WebMediaSessionHelper initWithCallback:]): (-[WebMediaSessionHelper activeAudioRouteDidChange:]): 2019-08-21 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248974. rdar://problem/54579634 [Mail] Tapping top of message scrolls back to copied text instead of top of the message https://bugs.webkit.org/show_bug.cgi?id=200999 <rdar://problem/54564878> Reviewed by Wenson Hsieh. Source/WebCore: Test: editing/selection/ios/change-selection-by-tapping-with-existing-selection.html * page/EditorClient.h: (WebCore::EditorClient::shouldAllowSingleClickToChangeSelection const): * page/EventHandler.cpp: (WebCore::EventHandler::handleMousePressEventSingleClick): Instead of encoding platform behaviors in EventHandler, defer to EditorClient. Source/WebKit: In the case where you have a WebCore selection but are not first responder, when you tap the WKWebView to become first responder, EventHandler would bail from setting the selection, assuming UIKit was going to do it. This behavior was introduced in r233311. However, since we are not first responder, UIKit does not change the selection, since it considers the view to not be editable. Fix this by letting WebCore set the selection in this case, as it used to. * WebProcess/WebCoreSupport/WebEditorClient.h: * WebProcess/WebCoreSupport/ios/WebEditorClientIOS.mm: (WebKit::WebEditorClient::shouldAllowSingleClickToChangeSelection const): * WebProcess/WebPage/WebPage.h: (WebKit::WebPage::isShowingInputViewForFocusedElement const): Copy the logic from EventHandler, with the added caveat (which fixes the aforementioned behavior) that we will allow EventHandler to change the selection if we don't have a focused node in the UIKit sense, because we know that the platform text interaction code will *not* change the selection if that is the case, so it's up to us. Source/WebKitLegacy/mac: * WebCoreSupport/WebEditorClient.h: * WebCoreSupport/WebEditorClient.mm: (WebEditorClient::shouldAllowSingleClickToChangeSelection const): Copy the existing behavior from EventHandler. We do not fix the bug in WebKitLegacy for a multitude of reasons, primarily because we do not know of any user impact. LayoutTests: * editing/selection/ios/change-selection-by-tapping-with-existing-selection-expected.txt: Added. * editing/selection/ios/change-selection-by-tapping-with-existing-selection.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248974 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-21 Tim Horton <timothy_horton@apple.com> [Mail] Tapping top of message scrolls back to copied text instead of top of the message https://bugs.webkit.org/show_bug.cgi?id=200999 <rdar://problem/54564878> Reviewed by Wenson Hsieh. Test: editing/selection/ios/change-selection-by-tapping-with-existing-selection.html * page/EditorClient.h: (WebCore::EditorClient::shouldAllowSingleClickToChangeSelection const): * page/EventHandler.cpp: (WebCore::EventHandler::handleMousePressEventSingleClick): Instead of encoding platform behaviors in EventHandler, defer to EditorClient. 2019-08-21 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248952. rdar://problem/54579626 [iOS] HLS streams disappear from Now Playing when paused on the lock screen https://bugs.webkit.org/show_bug.cgi?id=200951 <rdar://problem/54534301> Reviewed by Eric Carlson. The AVPlayerItemTracks will get recreated on occasion (during seeks, and when changing buffering policy) which can result in a player which no longer reports that it has audio, which in turn results in Now Playing no longer considering the web page to be an eligable now playing application. Bridge this gap by also taking AVPlayerItem.hasEnabledAudio into account when determining whether the player has audio. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248952 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-21 Jer Noble <jer.noble@apple.com> [iOS] HLS streams disappear from Now Playing when paused on the lock screen https://bugs.webkit.org/show_bug.cgi?id=200951 <rdar://problem/54534301> Reviewed by Eric Carlson. The AVPlayerItemTracks will get recreated on occasion (during seeks, and when changing buffering policy) which can result in a player which no longer reports that it has audio, which in turn results in Now Playing no longer considering the web page to be an eligable now playing application. Bridge this gap by also taking AVPlayerItem.hasEnabledAudio into account when determining whether the player has audio. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged): 2019-08-21 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r248944. rdar://problem/54579628 REGRESSION: naver.com - Multiple taps are required to open email https://bugs.webkit.org/show_bug.cgi?id=200979 <rdar://problem/54295239> Patch by Antoine Quint <graouts@apple.com> on 2019-08-21 Reviewed by Dean Jackson. The "click" events on subjects in the message list are prevented by preventDefault() being called from a "mouseup" event listener. This shouldn't actually happen, but due to how simulated mouse events are implemented, there is no current distinction between "touchend" and "mouseup" events. It is safe however to opt mail.naver.com out of simulated mouse events altogether. * page/Quirks.cpp: (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248944 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-21 Antoine Quint <graouts@apple.com> REGRESSION: naver.com - Multiple taps are required to open email https://bugs.webkit.org/show_bug.cgi?id=200979 <rdar://problem/54295239> Reviewed by Dean Jackson. The "click" events on subjects in the message list are prevented by preventDefault() being called from a "mouseup" event listener. This shouldn't actually happen, but due to how simulated mouse events are implemented, there is no current distinction between "touchend" and "mouseup" events. It is safe however to opt mail.naver.com out of simulated mouse events altogether. * page/Quirks.cpp: (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): 2019-08-20 Babak Shafiei <bshafiei@apple.com> Cherry-pick r248909. rdar://problem/54543354 Clicking the search icon on ae.com hangs the web content process https://bugs.webkit.org/show_bug.cgi?id=200889 <rdar://problem/54359330> Reviewed by Ryosuke Niwa. Source/WebCore: The hang occurs under FrameSelection::selectionAtSentenceStart, while computing an EditorState to send to the UI process. This act of determining whether the given positon is at the start of sentence entails moving backwards from the start of the current visible selection until the start of a paragraph or sentence is found, using VisiblePosition::previous to iterate backwards through VisiblePositions. However, on this website, VisiblePosition::previous ends up just returning the current position, and we loop infinitely as a result because we never actually move backwards. This happens because VisiblePosition::previous first uses previousVisuallyDistinctCandidate to find a candidate Position before the current position, but when the position is canonicalized to create a VisiblePosition, it is moved back to its original Position as the deep equivalent. In the attached test case (which is representative of the relevant part of the DOM on ae.com), we try to find the previous VisiblePosition from (#c, 0). The previous visually distinct candidate we initially find is (#b, 0), since: 1. The enclosing renderer is a RenderBlock with a non-zero height. 2. The enclosing renderer has no rendered children. 3. The position is at the first editing position in the node (i.e. the span element). However, when canonicalizing the position, we find that neither the upstream nor the downstream position is a candidate because both the upstream and downstream nodes end up well outside of the span (the upstream node ends up being at the start of the body element, and the downstream position ends up right before the start of #c's container). The downstream position is at the end of a text node with a leading newline, it's not a candidate because its last caret offset is less than the length of the text node. As a result, even though the given position (#b, 0) is a candidate itself, its downstream and upstream positions are not. Thus, VisiblePosition::canonicalPosition expands the scope of its candidate positions to the next closest candidate positions; the next candidate position is (#c, 0). Both of these candidates are outside of the containing block, so we (somewhat arbitrarily) break the tie by choosing the next visible position, bringing us back to (#c, 0). There are several ways to fix this, one of which involves fixing the downstream/upstream positions of (#b, 0) so that they no longer jump out of the containing block of #b and cause (#b, 0) to be an invalid visible position despite being a candidate position. This can be achieved by adjusting the heuristic in endsOfNodeAreVisuallyDistinctPositions (used when moving upstream or downstream). Currently, this helper function returns false for #b because they contain a single (non-rendered) whitespace character. Removing this extraneous whitespace character actually causes the problem to stop reproducing, since #b and #c no longer contain any child nodes. This is important because the heuristic in Position::downstream attempts to keep the downstream position within the confines of the enclosing visual boundary, which (currently) ends up being the entire body element because endsOfNodeAreVisuallyDistinctPositions returns false for #b. To avoid this scenario, we teach endsOfNodeAreVisuallyDistinctPositions to treat inline-block containers that are empty (that is, contain no rendered content) but may have children for editing in the same way as inline- block containers that don't have any children; in both scenarios, they may contain a candidate position, so we should treat the ends of the container node as being visually distinct. Doing so causes the downstream position of (#b, 0) to be kept within the immediate containing span element, which then allows (#b, 0) to be a canonical VisiblePosition. Tests: fast/events/focus-anchor-with-tabindex-hang.html editing/selection/modify-backward-inline-block-containers.html * editing/VisiblePosition.cpp: (WebCore::VisiblePosition::previous const): LayoutTests: * editing/selection/modify-backward-inline-block-containers-expected.txt: Added. * editing/selection/modify-backward-inline-block-containers.html: Added. Add a layout test to ensure that the selection may be moved through empty inline-block containers that span the width of the page. * fast/events/focus-anchor-with-tabindex-hang-expected.txt: Added. * fast/events/focus-anchor-with-tabindex-hang.html: Added. Add a layout test to ensure that clicking an empty span under a focusable anchor element moves focus to the anchor element instead of hanging the web content process or hitting a debug assertion. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248909 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-20 Wenson Hsieh <wenson_hsieh@apple.com> Clicking the search icon on ae.com hangs the web content process https://bugs.webkit.org/show_bug.cgi?id=200889 <rdar://problem/54359330> Reviewed by Ryosuke Niwa. The hang occurs under FrameSelection::selectionAtSentenceStart, while computing an EditorState to send to the UI process. This act of determining whether the given positon is at the start of sentence entails moving backwards from the start of the current visible selection until the start of a paragraph or sentence is found, using VisiblePosition::previous to iterate backwards through VisiblePositions. However, on this website, VisiblePosition::previous ends up just returning the current position, and we loop infinitely as a result because we never actually move backwards. This happens because VisiblePosition::previous first uses previousVisuallyDistinctCandidate to find a candidate Position before the current position, but when the position is canonicalized to create a VisiblePosition, it is moved back to its original Position as the deep equivalent. In the attached test case (which is representative of the relevant part of the DOM on ae.com), we try to find the previous VisiblePosition from (#c, 0). The previous visually distinct candidate we initially find is (#b, 0), since: 1. The enclosing renderer is a RenderBlock with a non-zero height. 2. The enclosing renderer has no rendered children. 3. The position is at the first editing position in the node (i.e. the span element). However, when canonicalizing the position, we find that neither the upstream nor the downstream position is a candidate because both the upstream and downstream nodes end up well outside of the span (the upstream node ends up being at the start of the body element, and the downstream position ends up right before the start of #c's container). The downstream position is at the end of a text node with a leading newline, it's not a candidate because its last caret offset is less than the length of the text node. As a result, even though the given position (#b, 0) is a candidate itself, its downstream and upstream positions are not. Thus, VisiblePosition::canonicalPosition expands the scope of its candidate positions to the next closest candidate positions; the next candidate position is (#c, 0). Both of these candidates are outside of the containing block, so we (somewhat arbitrarily) break the tie by choosing the next visible position, bringing us back to (#c, 0). There are several ways to fix this, one of which involves fixing the downstream/upstream positions of (#b, 0) so that they no longer jump out of the containing block of #b and cause (#b, 0) to be an invalid visible position despite being a candidate position. This can be achieved by adjusting the heuristic in endsOfNodeAreVisuallyDistinctPositions (used when moving upstream or downstream). Currently, this helper function returns false for #b because they contain a single (non-rendered) whitespace character. Removing this extraneous whitespace character actually causes the problem to stop reproducing, since #b and #c no longer contain any child nodes. This is important because the heuristic in Position::downstream attempts to keep the downstream position within the confines of the enclosing visual boundary, which (currently) ends up being the entire body element because endsOfNodeAreVisuallyDistinctPositions returns false for #b. To avoid this scenario, we teach endsOfNodeAreVisuallyDistinctPositions to treat inline-block containers that are empty (that is, contain no rendered content) but may have children for editing in the same way as inline- block containers that don't have any children; in both scenarios, they may contain a candidate position, so we should treat the ends of the container node as being visually distinct. Doing so causes the downstream position of (#b, 0) to be kept within the immediate containing span element, which then allows (#b, 0) to be a canonical VisiblePosition. Tests: fast/events/focus-anchor-with-tabindex-hang.html editing/selection/modify-backward-inline-block-containers.html * editing/VisiblePosition.cpp: (WebCore::VisiblePosition::previous const): 2019-08-20 Babak Shafiei <bshafiei@apple.com> Cherry-pick r248902. rdar://problem/54543355 Unsafe usage of CookieStorageObserver from a background thread https://bugs.webkit.org/show_bug.cgi?id=200920 Reviewed by Alex Christensen. Source/WebCore: Unsafe usage of CookieStorageObserver from a background thread. CookieStorageObserver gets constructed / destructed on the main thread. However, CookieStorageObserver::cookiesDidChange() gets called on a background thread and tries to ref |this|. Even though CookieStorageObserver is ThreadSafeRefCounted, this is still unsafe because the CookieStorageObserver destructor may already be running on the main thread when CookieStorageObserver::cookiesDidChange() gets called on the background thread. * platform/network/NetworkStorageSession.h: * platform/network/cocoa/CookieStorageObserver.h: * platform/network/cocoa/CookieStorageObserver.mm: (WebCore::CookieStorageObserver::CookieStorageObserver): (WebCore::CookieStorageObserver::cookiesDidChange): (WebCore::CookieStorageObserver::create): Deleted. * platform/network/cocoa/NetworkStorageSessionCocoa.mm: (WebCore::NetworkStorageSession::cookieStorageObserver const): Source/WebKit: * UIProcess/API/APIHTTPCookieStore.h: * UIProcess/API/Cocoa/APIHTTPCookieStoreCocoa.mm: (API::HTTPCookieStore::startObservingChangesToDefaultUIProcessCookieStore): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248902 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-20 Chris Dumez <cdumez@apple.com> Unsafe usage of CookieStorageObserver from a background thread https://bugs.webkit.org/show_bug.cgi?id=200920 Reviewed by Alex Christensen. Unsafe usage of CookieStorageObserver from a background thread. CookieStorageObserver gets constructed / destructed on the main thread. However, CookieStorageObserver::cookiesDidChange() gets called on a background thread and tries to ref |this|. Even though CookieStorageObserver is ThreadSafeRefCounted, this is still unsafe because the CookieStorageObserver destructor may already be running on the main thread when CookieStorageObserver::cookiesDidChange() gets called on the background thread. * platform/network/NetworkStorageSession.h: * platform/network/cocoa/CookieStorageObserver.h: * platform/network/cocoa/CookieStorageObserver.mm: (WebCore::CookieStorageObserver::CookieStorageObserver): (WebCore::CookieStorageObserver::cookiesDidChange): (WebCore::CookieStorageObserver::create): Deleted. * platform/network/cocoa/NetworkStorageSessionCocoa.mm: (WebCore::NetworkStorageSession::cookieStorageObserver const): 2019-08-18 Babak Shafiei <bshafiei@apple.com> Cherry-pick r248815. rdar://problem/54454993 [macOS] Emoji with variation selectors are rendered in text style, not emoji style https://bugs.webkit.org/show_bug.cgi?id=200830 <rdar://problem/53076002> Reviewed by Simon Fraser. Source/WebCore: When mapping characters to glyphs, Core Text is giving us the deleted glyph ID, which is unexpected. We were treating it as a valid glyph ID, but it rather should be treated as an invalid glyph ID. Test: fast/text/emoji-variation-selector.html * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::GlyphPage::fill): LayoutTests: * fast/text/emoji-variation-selector-expected-mismatch.html: Added. * fast/text/emoji-variation-selector.html: Added. * platform/win/TestExpectations: Mark as failing on Windows, because it doesn't support variation selectors. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248815 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-16 Myles C. Maxfield <mmaxfield@apple.com> [macOS] Emoji with variation selectors are rendered in text style, not emoji style https://bugs.webkit.org/show_bug.cgi?id=200830 <rdar://problem/53076002> Reviewed by Simon Fraser. When mapping characters to glyphs, Core Text is giving us the deleted glyph ID, which is unexpected. We were treating it as a valid glyph ID, but it rather should be treated as an invalid glyph ID. Test: fast/text/emoji-variation-selector.html * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::GlyphPage::fill): 2019-08-18 Babak Shafiei <bshafiei@apple.com> Cherry-pick r248747. rdar://problem/54365278 [Cocoa] Adopt -preventDisplaySleepForVideoPlayback https://bugs.webkit.org/show_bug.cgi?id=200774 Reviewed by Eric Carlson. * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248747 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-15 Jer Noble <jer.noble@apple.com> [Cocoa] Adopt -preventDisplaySleepForVideoPlayback https://bugs.webkit.org/show_bug.cgi?id=200774 Reviewed by Eric Carlson. * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer): 2019-08-18 Babak Shafiei <bshafiei@apple.com> Cherry-pick r248028. rdar://problem/54454990 ASSERTion failure under takeSnapshot after r247846 * page/TextIndicator.cpp: (WebCore::takeSnapshots): We now sometimes inflate the scale factor; allow this. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248028 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-30 Tim Horton <timothy_horton@apple.com> ASSERTion failure under takeSnapshot after r247846 * page/TextIndicator.cpp: (WebCore::takeSnapshots): We now sometimes inflate the scale factor; allow this. 2019-08-15 Alan Coon <alancoon@apple.com> Cherry-pick r248722. rdar://problem/54360866 Negative size box with border radius causes hang under WebCore::approximateAsRegion https://bugs.webkit.org/show_bug.cgi?id=200769 <rdar://problem/53380674> Reviewed by Alex Christensen. Source/WebCore: If a box's width or height computes negative the rounded border rect will also be negative. This caused near-infinite loop during rounded border region approximation. Test: fast/css/border-radius-negative-size.html * platform/graphics/RoundedRect.cpp: (WebCore::approximateAsRegion): Bail out if the region is empty (which includes negative sizes). For safety also limit the number of rectangles we generate for corner arc approximation. LayoutTests: * fast/css/border-radius-negative-size-expected.txt: Added. * fast/css/border-radius-negative-size.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248722 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-15 Antti Koivisto <antti@apple.com> Negative size box with border radius causes hang under WebCore::approximateAsRegion https://bugs.webkit.org/show_bug.cgi?id=200769 <rdar://problem/53380674> Reviewed by Alex Christensen. If a box's width or height computes negative the rounded border rect will also be negative. This caused near-infinite loop during rounded border region approximation. Test: fast/css/border-radius-negative-size.html * platform/graphics/RoundedRect.cpp: (WebCore::approximateAsRegion): Bail out if the region is empty (which includes negative sizes). For safety also limit the number of rectangles we generate for corner arc approximation. 2019-08-15 Alan Coon <alancoon@apple.com> Cherry-pick r248648. rdar://problem/54333931 Focus rings are black https://bugs.webkit.org/show_bug.cgi?id=200593 <rdar://problem/54145925> Patch by Daniel Bates <dabates@apple.com> on 2019-08-13 Reviewed by Wenson Hsieh. Work around <rdar://problem/50838886> and make focus rings a pretty blue. * rendering/RenderThemeIOS.mm: (WebCore::RenderThemeIOS::platformFocusRingColor const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248648 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-13 Daniel Bates <dabates@apple.com> Focus rings are black https://bugs.webkit.org/show_bug.cgi?id=200593 <rdar://problem/54145925> Reviewed by Wenson Hsieh. Work around <rdar://problem/50838886> and make focus rings a pretty blue. * rendering/RenderThemeIOS.mm: (WebCore::RenderThemeIOS::platformFocusRingColor const): 2019-08-13 Alan Coon <alancoon@apple.com> Cherry-pick r248604. rdar://problem/54282801 Source/WebCore: Event region collection should take clipping into account https://bugs.webkit.org/show_bug.cgi?id=200668 <rdar://problem/53826561> Reviewed by Simon Fraser. Test: pointerevents/ios/touch-action-region-clip-and-transform.html * rendering/EventRegion.cpp: (WebCore::EventRegionContext::pushClip): (WebCore::EventRegionContext::popClip): Maintain clip rect stack. (WebCore::EventRegionContext::unite): Apply both transforms and clipping. * rendering/EventRegion.h: * rendering/RenderBlock.cpp: * rendering/RenderBox.cpp: (WebCore::RenderBox::pushContentsClip): (WebCore::RenderBox::popContentsClip): Update clip for non-self-painting layers. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::clipToRect): (WebCore::RenderLayer::restoreClip): Update clip for self-painting layers. LayoutTests: Event regions collection should take clipping into account https://bugs.webkit.org/show_bug.cgi?id=200668 <rdar://problem/53826561> Reviewed by Simon Fraser. * pointerevents/ios/touch-action-region-clip-and-transform-expected.txt: Added. * pointerevents/ios/touch-action-region-clip-and-transform.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248604 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-13 Antti Koivisto <antti@apple.com> Event region collection should take clipping into account https://bugs.webkit.org/show_bug.cgi?id=200668 <rdar://problem/53826561> Reviewed by Simon Fraser. Test: pointerevents/ios/touch-action-region-clip-and-transform.html * rendering/EventRegion.cpp: (WebCore::EventRegionContext::pushClip): (WebCore::EventRegionContext::popClip): Maintain clip rect stack. (WebCore::EventRegionContext::unite): Apply both transforms and clipping. * rendering/EventRegion.h: * rendering/RenderBlock.cpp: * rendering/RenderBox.cpp: (WebCore::RenderBox::pushContentsClip): (WebCore::RenderBox::popContentsClip): Update clip for non-self-painting layers. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::clipToRect): (WebCore::RenderLayer::restoreClip): Update clip for self-painting layers. 2019-08-13 Alan Coon <alancoon@apple.com> Cherry-pick r248597. rdar://problem/54282817 Make sure UniqueIDBDatabaseConnection unregister itself from IDBServer https://bugs.webkit.org/show_bug.cgi?id=200650 <rdar://problem/54236010> Reviewed by Youenn Fablet. We register UniqueIDBDatabaseConnection unconditionally to IDBServer but fail to unregister if UniqueIDBDatabase of UniqueIDBDatabaseConnection is gone. * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp: (WebCore::IDBServer::UniqueIDBDatabaseConnection::UniqueIDBDatabaseConnection): (WebCore::IDBServer::UniqueIDBDatabaseConnection::~UniqueIDBDatabaseConnection): * Modules/indexeddb/server/UniqueIDBDatabaseConnection.h: (WebCore::IDBServer::UniqueIDBDatabaseConnection::server): * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp: (WebCore::IDBServer::UniqueIDBDatabaseTransaction::UniqueIDBDatabaseTransaction): (WebCore::IDBServer::UniqueIDBDatabaseTransaction::~UniqueIDBDatabaseTransaction): * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248597 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-13 Sihui Liu <sihui_liu@apple.com> Make sure UniqueIDBDatabaseConnection unregister itself from IDBServer https://bugs.webkit.org/show_bug.cgi?id=200650 <rdar://problem/54236010> Reviewed by Youenn Fablet. We register UniqueIDBDatabaseConnection unconditionally to IDBServer but fail to unregister if UniqueIDBDatabase of UniqueIDBDatabaseConnection is gone. * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp: (WebCore::IDBServer::UniqueIDBDatabaseConnection::UniqueIDBDatabaseConnection): (WebCore::IDBServer::UniqueIDBDatabaseConnection::~UniqueIDBDatabaseConnection): * Modules/indexeddb/server/UniqueIDBDatabaseConnection.h: (WebCore::IDBServer::UniqueIDBDatabaseConnection::server): * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp: (WebCore::IDBServer::UniqueIDBDatabaseTransaction::UniqueIDBDatabaseTransaction): (WebCore::IDBServer::UniqueIDBDatabaseTransaction::~UniqueIDBDatabaseTransaction): * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h: 2019-08-13 Alan Coon <alancoon@apple.com> Cherry-pick r248499. rdar://problem/54237800 Can’t sort videos on a YouTube channel page on iPad https://bugs.webkit.org/show_bug.cgi?id=200573 <rdar://problem/53415195> Reviewed by Darin Adler. Add a quirk to make touch events non-cancelable (preventDefault() does nothing). * page/Quirks.cpp: (WebCore::Quirks::shouldMakeTouchEventNonCancelableForTarget const): * page/Quirks.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248499 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-10 Antti Koivisto <antti@apple.com> Can’t sort videos on a YouTube channel page on iPad https://bugs.webkit.org/show_bug.cgi?id=200573 <rdar://problem/53415195> Reviewed by Darin Adler. Add a quirk to make touch events non-cancelable (preventDefault() does nothing). * page/Quirks.cpp: (WebCore::Quirks::shouldMakeTouchEventNonCancelableForTarget const): * page/Quirks.h: 2019-08-13 Alan Coon <alancoon@apple.com> Cherry-pick r248513. rdar://problem/54237806 Accessibility client cannot navigate to internal links targets on iOS. https://bugs.webkit.org/show_bug.cgi?id=200559 <rdar://problem/45242534> Patch by Andres Gonzalez <andresg_22@apple.com> on 2019-08-10 Reviewed by Zalan Bujtas. Source/WebCore: The cause of the problem on iOS is that AccessibilityObject::firstAccessibleObjectFromNode used in AccessibilityRenderObject::linkedUIElements may return an object that is ignored by accessibility clients on iOS, and thus the client would not track the target of an internal link. This change ensures that accessibilityLinkedElement will return a valid accessibility element to the client, if it is exists. * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::firstAccessibleObjectFromNode): (WebCore::firstAccessibleObjectFromNode): * accessibility/AccessibilityObject.h: * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper accessibilityLinkedElement]): LayoutTests: Extneded this test to not only check that internal links expose their target, but also that the target is an accessible element. Added a second test case where the target is contained in a grouping element. * accessibility/ios-simulator/internal-link-expected.txt: * accessibility/ios-simulator/internal-link.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248513 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-10 Andres Gonzalez <andresg_22@apple.com> Accessibility client cannot navigate to internal links targets on iOS. https://bugs.webkit.org/show_bug.cgi?id=200559 <rdar://problem/45242534> Reviewed by Zalan Bujtas. The cause of the problem on iOS is that AccessibilityObject::firstAccessibleObjectFromNode used in AccessibilityRenderObject::linkedUIElements may return an object that is ignored by accessibility clients on iOS, and thus the client would not track the target of an internal link. This change ensures that accessibilityLinkedElement will return a valid accessibility element to the client, if it is exists. * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::firstAccessibleObjectFromNode): (WebCore::firstAccessibleObjectFromNode): * accessibility/AccessibilityObject.h: * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper accessibilityLinkedElement]): 2019-08-13 Alan Coon <alancoon@apple.com> Cherry-pick r248514. rdar://problem/54236213 REGRESSION (r245974): Missing content on habitburger.com, amazon.com https://bugs.webkit.org/show_bug.cgi?id=200618 rdar://problem/53920224 Reviewed by Zalan Bujtas. Source/WebCore: In r245974 TileController::adjustTileCoverageRect() started to intersect the coverage rect with the bounds of the layer, which is wrong because this coverage rect is passed down to descendant layers, and they may project outside the bounds of this tiled layer. This caused missing dropdowns on amazon.com, and a missing menu on habitburger.com on iPhone. The fix is to just not do the intersection with the bounds. TileGrid::getTileIndexRangeForRect() already ensures that we never make tiles outside the bounds of a TileController. Test: compositing/backing/layer-outside-tiled-parent.html * platform/graphics/ca/TileController.cpp: (WebCore::TileController::adjustTileCoverageRect): * platform/graphics/ca/TileGrid.cpp: (WebCore::TileGrid::ensureTilesForRect): LayoutTests: * compositing/backing/layer-outside-tiled-parent-expected.txt: Added. * compositing/backing/layer-outside-tiled-parent.html: Added. * platform/ios-wk2/compositing/backing/layer-outside-tiled-parent-expected.txt: Added. * tiled-drawing/tile-coverage-iframe-to-zero-coverage-expected.txt: * tiled-drawing/tiled-backing-in-window-expected.txt: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248514 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-10 Simon Fraser <simon.fraser@apple.com> REGRESSION (r245974): Missing content on habitburger.com, amazon.com https://bugs.webkit.org/show_bug.cgi?id=200618 rdar://problem/53920224 Reviewed by Zalan Bujtas. In r245974 TileController::adjustTileCoverageRect() started to intersect the coverage rect with the bounds of the layer, which is wrong because this coverage rect is passed down to descendant layers, and they may project outside the bounds of this tiled layer. This caused missing dropdowns on amazon.com, and a missing menu on habitburger.com on iPhone. The fix is to just not do the intersection with the bounds. TileGrid::getTileIndexRangeForRect() already ensures that we never make tiles outside the bounds of a TileController. Test: compositing/backing/layer-outside-tiled-parent.html * platform/graphics/ca/TileController.cpp: (WebCore::TileController::adjustTileCoverageRect): * platform/graphics/ca/TileGrid.cpp: (WebCore::TileGrid::ensureTilesForRect): 2019-08-13 Alan Coon <alancoon@apple.com> Cherry-pick r248301. rdar://problem/54237793 Adopt -expectMinimumUpcomingSampleBufferPresentationTime: https://bugs.webkit.org/show_bug.cgi?id=200457 <rdar://problem/53961130> Reviewed by Eric Carlson. Source/WebCore: Test: media/media-source/media-source-minimumupcomingpresentationtime.html Adopt a new API vended by AVSampleBufferDisplayLayer, piped from SourceBuffer down through SourceBufferPrivate to SourceBufferPrivateAVFObjC. This value should be reset and updated when new samples are appended. * Modules/mediasource/SourceBuffer.cpp: (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample): (WebCore::SourceBuffer::provideMediaData): (WebCore::SourceBuffer::updateMinimumUpcomingPresentationTime): (WebCore::SourceBuffer::resetMinimumUpcomingPresentationTime): (WebCore::SourceBuffer::minimumUpcomingPresentationTimeForTrackID): (WebCore::SourceBuffer::setMaximumQueueDepthForTrackID): * Modules/mediasource/SourceBuffer.h: * platform/graphics/SourceBufferPrivate.h: (WebCore::SourceBufferPrivate::canSetMinimumUpcomingPresentationTime const): (WebCore::SourceBufferPrivate::setMinimumUpcomingPresentationTime): (WebCore::SourceBufferPrivate::clearMinimumUpcomingPresentationTime): (WebCore::SourceBufferPrivate::enqueuedSamplesForTrackID): (WebCore::SourceBufferPrivate::minimumUpcomingPresentationTimeForTrackID): (WebCore::SourceBufferPrivate::setMaximumQueueDepthForTrackID): * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h: * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: (WebCore::SourceBufferPrivateAVFObjC::canSetMinimumUpcomingPresentationTime const): (WebCore::SourceBufferPrivateAVFObjC::setMinimumUpcomingPresentationTime): (WebCore::SourceBufferPrivateAVFObjC::clearMinimumUpcomingPresentationTime): * platform/mock/mediasource/MockSourceBufferPrivate.cpp: (WebCore::MockSourceBufferPrivate::minimumUpcomingPresentationTimeForTrackID): (WebCore::MockSourceBufferPrivate::setMaximumQueueDepthForTrackID): (WebCore::MockSourceBufferPrivate::canSetMinimumUpcomingPresentationTime const): (WebCore::MockSourceBufferPrivate::setMinimumUpcomingPresentationTime): (WebCore::MockSourceBufferPrivate::clearMinimumUpcomingPresentationTime): * platform/mock/mediasource/MockSourceBufferPrivate.h: * testing/Internals.cpp: (WebCore::Internals::minimumUpcomingPresentationTimeForTrackID): (WebCore::Internals::setMaximumQueueDepthForTrackID): * testing/Internals.h: * testing/Internals.idl: LayoutTests: * media/media-source/media-source-minimumupcomingpresentationtime-expected.txt: Added. * media/media-source/media-source-minimumupcomingpresentationtime.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248301 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-06 Jer Noble <jer.noble@apple.com> Adopt -expectMinimumUpcomingSampleBufferPresentationTime: https://bugs.webkit.org/show_bug.cgi?id=200457 <rdar://problem/53961130> Reviewed by Eric Carlson. Test: media/media-source/media-source-minimumupcomingpresentationtime.html Adopt a new API vended by AVSampleBufferDisplayLayer, piped from SourceBuffer down through SourceBufferPrivate to SourceBufferPrivateAVFObjC. This value should be reset and updated when new samples are appended. * Modules/mediasource/SourceBuffer.cpp: (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample): (WebCore::SourceBuffer::provideMediaData): (WebCore::SourceBuffer::updateMinimumUpcomingPresentationTime): (WebCore::SourceBuffer::resetMinimumUpcomingPresentationTime): (WebCore::SourceBuffer::minimumUpcomingPresentationTimeForTrackID): (WebCore::SourceBuffer::setMaximumQueueDepthForTrackID): * Modules/mediasource/SourceBuffer.h: * platform/graphics/SourceBufferPrivate.h: (WebCore::SourceBufferPrivate::canSetMinimumUpcomingPresentationTime const): (WebCore::SourceBufferPrivate::setMinimumUpcomingPresentationTime): (WebCore::SourceBufferPrivate::clearMinimumUpcomingPresentationTime): (WebCore::SourceBufferPrivate::enqueuedSamplesForTrackID): (WebCore::SourceBufferPrivate::minimumUpcomingPresentationTimeForTrackID): (WebCore::SourceBufferPrivate::setMaximumQueueDepthForTrackID): * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h: * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: (WebCore::SourceBufferPrivateAVFObjC::canSetMinimumUpcomingPresentationTime const): (WebCore::SourceBufferPrivateAVFObjC::setMinimumUpcomingPresentationTime): (WebCore::SourceBufferPrivateAVFObjC::clearMinimumUpcomingPresentationTime): * platform/mock/mediasource/MockSourceBufferPrivate.cpp: (WebCore::MockSourceBufferPrivate::minimumUpcomingPresentationTimeForTrackID): (WebCore::MockSourceBufferPrivate::setMaximumQueueDepthForTrackID): (WebCore::MockSourceBufferPrivate::canSetMinimumUpcomingPresentationTime const): (WebCore::MockSourceBufferPrivate::setMinimumUpcomingPresentationTime): (WebCore::MockSourceBufferPrivate::clearMinimumUpcomingPresentationTime): * platform/mock/mediasource/MockSourceBufferPrivate.h: * testing/Internals.cpp: (WebCore::Internals::minimumUpcomingPresentationTimeForTrackID): (WebCore::Internals::setMaximumQueueDepthForTrackID): * testing/Internals.h: * testing/Internals.idl: 2019-08-13 Alan Coon <alancoon@apple.com> Cherry-pick r248295. rdar://problem/54237762 REGRESSION: Cannot tap on any buttons on m.naver.com home screen on iPad https://bugs.webkit.org/show_bug.cgi?id=200466 Reviewed by Zalan Bujtas. The page calls preventDefault() for a mouse event generated by a site specific quirk. * page/Quirks.cpp: (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): Disable the quirk for the "m." subdomain. This is a mobile site that don't need or expect them. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248295 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-06 Antti Koivisto <antti@apple.com> REGRESSION: Cannot tap on any buttons on m.naver.com home screen on iPad https://bugs.webkit.org/show_bug.cgi?id=200466 Reviewed by Zalan Bujtas. The page calls preventDefault() for a mouse event generated by a site specific quirk. * page/Quirks.cpp: (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): Disable the quirk for the "m." subdomain. This is a mobile site that don't need or expect them. 2019-08-13 Alan Coon <alancoon@apple.com> Cherry-pick r248292. rdar://problem/54236220 [iPadOS] Unable to increase zoom level on Google using the Aa menu https://bugs.webkit.org/show_bug.cgi?id=200453 <rdar://problem/52278579> Reviewed by Tim Horton. Source/WebCore: Makes a couple of minor adjustments to how layout size scale factor is handled in ViewportConfiguration, to address some scenarios in which adjusting WKWebView's _viewScale does not have any apparent effect on the page. See changes below for more detail. Tests: fast/viewport/ios/non-responsive-viewport-after-changing-view-scale.html fast/viewport/ios/responsive-viewport-with-minimum-width-after-changing-view-scale.html * page/ViewportConfiguration.cpp: (WebCore::ViewportConfiguration::initialScaleFromSize const): When the page is either zoomed in or zoomed out using _viewScale, let the specified initial scale take precedence over the scale computed by fitting the content width to the view width, or the scale computed by fitting the content height to the view height. This avoids a scenario in which nothing happens when increasing view scale in a responsively designed web page that has a fixed minimum width. Before this change, when computing the initial scale at a view scale that would not allow the entire content width of the page to fit within the viewport, the new initial scale would remain unchanged if the initial scale in the meta viewport is not also set to 1, because a new initial scale would be computed in ViewportConfiguration::initialScaleFromSize to accomodate for the entire content width. Our new behavior allows us to zoom into the page, even if doing so would cause horizontal scrolling. (WebCore::ViewportConfiguration::updateConfiguration): When the page is either zoomed in or zoomed out using _viewScale and the default viewport configuration has a fixed width (e.g. on iPhone), then adjust the width of the default viewport configuration to account for the _viewScale. For example, the default width of a viewport-less web page is 980px on iPhone; at a view scale of 2, this would become 490px instead, and at 0.5 view scale, it would become 1960px. This ensures that on iPhone, for web pages without a meta viewport, changing the view scale still changes the layout and initial scale of the web page. * page/ViewportConfiguration.h: (WebCore::ViewportConfiguration::layoutSizeIsExplicitlyScaled const): LayoutTests: Adds a couple of layout tests (with device-specific expectations) to verify that the two scenarios targeted by this change are fixed. * fast/viewport/ios/non-responsive-viewport-after-changing-view-scale-expected.txt: Added. * fast/viewport/ios/non-responsive-viewport-after-changing-view-scale.html: Added. Verifies that, for a page with no viewport meta tag (where we fall back to a fixed 980px viewport on iPhone), changing view scale still changes page scale and window size. * fast/viewport/ios/responsive-viewport-with-minimum-width-after-changing-view-scale-expected.txt: Added. * fast/viewport/ios/responsive-viewport-with-minimum-width-after-changing-view-scale.html: Added. Verifies that, for a page with a responsive meta viewport tag containing a fixed-width element that forces a minimum width for the page, setting the view scale such that the page scrolls horizontally (2.5) doesn't result in the initial scale being adjusted back to the maximum scale that would accomodate the full contents of the page (2). * platform/ipad/fast/viewport/ios/non-responsive-viewport-after-changing-view-scale-expected.txt: Added. * platform/ipad/fast/viewport/ios/responsive-viewport-with-minimum-width-after-changing-view-scale-expected.txt: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248292 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-06 Wenson Hsieh <wenson_hsieh@apple.com> [iPadOS] Unable to increase zoom level on Google using the Aa menu https://bugs.webkit.org/show_bug.cgi?id=200453 <rdar://problem/52278579> Reviewed by Tim Horton. Makes a couple of minor adjustments to how layout size scale factor is handled in ViewportConfiguration, to address some scenarios in which adjusting WKWebView's _viewScale does not have any apparent effect on the page. See changes below for more detail. Tests: fast/viewport/ios/non-responsive-viewport-after-changing-view-scale.html fast/viewport/ios/responsive-viewport-with-minimum-width-after-changing-view-scale.html * page/ViewportConfiguration.cpp: (WebCore::ViewportConfiguration::initialScaleFromSize const): When the page is either zoomed in or zoomed out using _viewScale, let the specified initial scale take precedence over the scale computed by fitting the content width to the view width, or the scale computed by fitting the content height to the view height. This avoids a scenario in which nothing happens when increasing view scale in a responsively designed web page that has a fixed minimum width. Before this change, when computing the initial scale at a view scale that would not allow the entire content width of the page to fit within the viewport, the new initial scale would remain unchanged if the initial scale in the meta viewport is not also set to 1, because a new initial scale would be computed in ViewportConfiguration::initialScaleFromSize to accomodate for the entire content width. Our new behavior allows us to zoom into the page, even if doing so would cause horizontal scrolling. (WebCore::ViewportConfiguration::updateConfiguration): When the page is either zoomed in or zoomed out using _viewScale and the default viewport configuration has a fixed width (e.g. on iPhone), then adjust the width of the default viewport configuration to account for the _viewScale. For example, the default width of a viewport-less web page is 980px on iPhone; at a view scale of 2, this would become 490px instead, and at 0.5 view scale, it would become 1960px. This ensures that on iPhone, for web pages without a meta viewport, changing the view scale still changes the layout and initial scale of the web page. * page/ViewportConfiguration.h: (WebCore::ViewportConfiguration::layoutSizeIsExplicitlyScaled const): 2019-08-13 Alan Coon <alancoon@apple.com> Cherry-pick r248188. rdar://problem/54237663 Add accessibility object method to determine whether an element is inside a table cell. Needed for iOS accessibility client. https://bugs.webkit.org/show_bug.cgi?id=200394 <rdar://problem/52914964> Patch by Andres Gonzalez <andresg_22@apple.com> on 2019-08-02 Reviewed by Chris Fleizach. Explicitly returning BOOL to avoid error in some compiler configurations. * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper _accessibilityIsInTableCell]): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248188 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-02 Andres Gonzalez <andresg_22@apple.com> Add accessibility object method to determine whether an element is inside a table cell. Needed for iOS accessibility client. https://bugs.webkit.org/show_bug.cgi?id=200394 <rdar://problem/52914964> Reviewed by Chris Fleizach. Explicitly returning BOOL to avoid error in some compiler configurations. * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper _accessibilityIsInTableCell]): 2019-08-13 Alan Coon <alancoon@apple.com> Cherry-pick r248169. rdar://problem/54237663 Add accessibility object method to determine whether an element is inside a table cell. Needed for iOS accessibility client. https://bugs.webkit.org/show_bug.cgi?id=200394 <rdar://problem/52914964> Patch by Andres Gonzalez <andresg_22@apple.com> on 2019-08-02 Reviewed by Chris Fleizach. Source/WebCore: Test: accessibility/ios-simulator/element-in-table-cell.html Added _accessibilityIsInTableCell needed for iOS accessibility client. * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper _accessibilityIsInTableCell]): Tools: Glue code to exercise new method [WebAccessibilityObjectWrapper _accessibilityIsInTableCell]. * WebKitTestRunner/InjectedBundle/AccessibilityUIElement.cpp: (WTR::AccessibilityUIElement::isInTableCell const): * WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h: * WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl: * WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm: (WTR::AccessibilityUIElement::isInTableCell const): LayoutTests: New test that exercises [WebAccessibilityObjectWrapper _accessibilityIsInTableCell]. * accessibility/ios-simulator/element-in-table-cell-expected.txt: Added. * accessibility/ios-simulator/element-in-table-cell.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248169 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-02 Andres Gonzalez <andresg_22@apple.com> Add accessibility object method to determine whether an element is inside a table cell. Needed for iOS accessibility client. https://bugs.webkit.org/show_bug.cgi?id=200394 <rdar://problem/52914964> Reviewed by Chris Fleizach. Test: accessibility/ios-simulator/element-in-table-cell.html Added _accessibilityIsInTableCell needed for iOS accessibility client. * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper _accessibilityIsInTableCell]): 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248502. rdar://problem/54130670 Disable ContentChangeObserver TouchEvent adjustment on youtube.com on iOS in mobile browsing mode https://bugs.webkit.org/show_bug.cgi?id=200609 <rdar://problem/54015403> Reviewed by Maciej Stachowiak. Source/WebCore: When watching a youtube video on iOS with "Autoplay" switched to off, upon finishing the video all clicks anywhere on the page are effectively ignored. Disabling ContentChangeObserver's TouchEvent adjustment fixes this bug. I verified this manually. This switch was introduced in r242621, and it disables part of a new feature, so there is low risk of fallout. * loader/DocumentLoader.h: (WebCore::DocumentLoader::setAllowContentChangeObserverQuirk): (WebCore::DocumentLoader::allowContentChangeObserverQuirk const): * page/Quirks.cpp: (WebCore::Quirks::shouldDisableContentChangeObserverTouchEventAdjustment const): * page/Quirks.h: * page/ios/ContentChangeObserver.cpp: (WebCore::ContentChangeObserver::touchEventDidStart): Source/WebKit: * Shared/WebsitePoliciesData.cpp: (WebKit::WebsitePoliciesData::encode const): (WebKit::WebsitePoliciesData::decode): (WebKit::WebsitePoliciesData::applyToDocumentLoader): * Shared/WebsitePoliciesData.h: * UIProcess/API/APIWebsitePolicies.cpp: (API::WebsitePolicies::copy const): (API::WebsitePolicies::data): * UIProcess/API/APIWebsitePolicies.h: * UIProcess/ios/WebPageProxyIOS.mm: (WebKit::WebPageProxy::effectiveContentModeAfterAdjustingPolicies): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248502 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-10 Alex Christensen <achristensen@webkit.org> Disable ContentChangeObserver TouchEvent adjustment on youtube.com on iOS in mobile browsing mode https://bugs.webkit.org/show_bug.cgi?id=200609 <rdar://problem/54015403> Reviewed by Maciej Stachowiak. When watching a youtube video on iOS with "Autoplay" switched to off, upon finishing the video all clicks anywhere on the page are effectively ignored. Disabling ContentChangeObserver's TouchEvent adjustment fixes this bug. I verified this manually. This switch was introduced in r242621, and it disables part of a new feature, so there is low risk of fallout. * loader/DocumentLoader.h: (WebCore::DocumentLoader::setAllowContentChangeObserverQuirk): (WebCore::DocumentLoader::allowContentChangeObserverQuirk const): * page/Quirks.cpp: (WebCore::Quirks::shouldDisableContentChangeObserverTouchEventAdjustment const): * page/Quirks.h: * page/ios/ContentChangeObserver.cpp: (WebCore::ContentChangeObserver::touchEventDidStart): 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248501. rdar://problem/54130614 [iOS] Add a quirk for gmail.com messages on iPhone iOS13 https://bugs.webkit.org/show_bug.cgi?id=200605 Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2019-08-10 Reviewed by Maciej Stachowiak. Source/WebCore: Add a quirk which sets the user agent for gmail.com messages on iPhone OS 13 to be iPhone OS 12. This is a workaround for a gmail.com bug till it is fixed. * page/Quirks.cpp: (WebCore::Quirks::shouldAvoidUsingIOS13ForGmail const): * page/Quirks.h: * platform/UserAgent.h: * platform/ios/UserAgentIOS.mm: (WebCore::osNameForUserAgent): (WebCore::standardUserAgentWithApplicationName): * platform/mac/UserAgentMac.mm: (WebCore::standardUserAgentWithApplicationName): Source/WebKit: Use WebPage::platformUserAgent() to add the gmail.com quirk. * UIProcess/ios/WebPageProxyIOS.mm: (WebKit::WebPageProxy::effectiveContentModeAfterAdjustingPolicies): * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::platformUserAgent const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248501 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-10 Said Abou-Hallawa <sabouhallawa@apple.com> [iOS] Add a quirk for gmail.com messages on iPhone iOS13 https://bugs.webkit.org/show_bug.cgi?id=200605 Reviewed by Maciej Stachowiak. Add a quirk which sets the user agent for gmail.com messages on iPhone OS 13 to be iPhone OS 12. This is a workaround for a gmail.com bug till it is fixed. * page/Quirks.cpp: (WebCore::Quirks::shouldAvoidUsingIOS13ForGmail const): * page/Quirks.h: * platform/UserAgent.h: * platform/ios/UserAgentIOS.mm: (WebCore::osNameForUserAgent): (WebCore::standardUserAgentWithApplicationName): * platform/mac/UserAgentMac.mm: (WebCore::standardUserAgentWithApplicationName): 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248494. rdar://problem/54171876 Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive https://bugs.webkit.org/show_bug.cgi?id=199864 Reviewed by Saam Barati. Source/JavaScriptCore: Our JSObject::put implementation is not correct in term of the spec. Our [[Put]] implementation is something like this. JSObject::put(object): if (can-do-fast-path(object)) return fast-path(object); // slow-path do { object-put-check-and-setter-calls(object); // (1) object = object->prototype; } while (is-object(object)); return do-put(object); Since JSObject::put is registered in the methodTable, the derived classes can override it. Some of classes are adding extra checks to this put. Derived::put(object): if (do-extra-check(object)) fail return JSObject::put(object) The problem is that Derived::put is only called when the |this| object is the Derived class. When traversing [[Prototype]] in JSObject::put, at (1), we do not perform the extra checks added in Derived::put even if `object` is Derived one. This means that we skip the check. Currently, JSObject::put and WebCore checking mechanism are broken. JSObject::put should call getOwnPropertySlot at (1) to perform the additional checks. This behavior is matching against the spec. However, currently, our JSObject::getOwnPropertySlot does not propagate setter information. This is required to cache cacheable [[Put]] at (1) for CustomValue, CustomAccessor, and Accessors. We also need to reconsider how to integrate static property setters to this mechanism. So, basically, this involves large refactoring to renew our JSObject::put and JSObject::getOwnPropertySlot. To work-around for now, we add a new TypeInfo flag, HasPutPropertySecurityCheck . And adding this flag to DOM objects that implements the addition checks. We also add doPutPropertySecurityCheck method hook to perform the check in JSObject. When we found this flag at (1), we perform doPutPropertySecurityCheck to properly perform the checks. Since our JSObject::put code is old and it does not match against the spec now, we should refactor it largely. This is tracked separately in [1]. [1]: https://bugs.webkit.org/show_bug.cgi?id=200562 * runtime/ClassInfo.h: * runtime/JSCJSValue.cpp: (JSC::JSValue::putToPrimitive): * runtime/JSCell.cpp: (JSC::JSCell::doPutPropertySecurityCheck): * runtime/JSCell.h: * runtime/JSObject.cpp: (JSC::JSObject::putInlineSlow): (JSC::JSObject::getOwnPropertyDescriptor): * runtime/JSObject.h: (JSC::JSObject::doPutPropertySecurityCheck): * runtime/JSTypeInfo.h: (JSC::TypeInfo::hasPutPropertySecurityCheck const): Source/WebCore: Test: http/tests/security/cross-frame-access-object-put-optimization.html * bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::doPutPropertySecurityCheck): * bindings/js/JSLocationCustom.cpp: (WebCore::JSLocation::doPutPropertySecurityCheck): * bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader): * bindings/scripts/test/JS/JSTestActiveDOMObject.h: LayoutTests: * http/tests/security/cross-frame-access-object-put-optimization-expected.txt: Added. * http/tests/security/cross-frame-access-object-put-optimization.html: Added. * http/tests/security/resources/cross-frame-iframe-for-object-put-optimization-test.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248494 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-09 Yusuke Suzuki <ysuzuki@apple.com> Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive https://bugs.webkit.org/show_bug.cgi?id=199864 Reviewed by Saam Barati. Test: http/tests/security/cross-frame-access-object-put-optimization.html * bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::doPutPropertySecurityCheck): * bindings/js/JSLocationCustom.cpp: (WebCore::JSLocation::doPutPropertySecurityCheck): * bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader): * bindings/scripts/test/JS/JSTestActiveDOMObject.h: 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248491. rdar://problem/54130636 Don't allow cross-origin iframes to autofocus https://bugs.webkit.org/show_bug.cgi?id=200515 <rdar://problem/54092988> Reviewed by Ryosuke Niwa. Source/WebCore: According to Step 6 in the WhatWG Spec (https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofocusing-a-form-control:-the-autofocus-attribute), the 'autofocus' attribute shouldn't work for cross-origin iframes. This change is based on the Blink change (patch by <mustaq@chromium.org>): <https://chromium-review.googlesource.com/c/chromium/src/+/1593026> Also disallow cross-origin iframes from focusing programmatically without ever having had any user interaction. * dom/Element.cpp: Check if an invalid frame is trying to grab the focus. (WebCore::Element::focus): * html/HTMLFormControlElement.cpp: Check if the focus is moving to an invalid frame. (WebCore::shouldAutofocus): * page/DOMWindow.cpp: Check if an invalid frame is trying to grab the focus. (WebCore::DOMWindow::focus): Tools: Make WebKit.FocusedFrameAfterCrash use same-origin iframes instead of cross-origin iframes, since it depends on focusing one of the frames. * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp: (TestWebKitAPI::TEST): * TestWebKitAPI/Tests/WebKit/many-same-origin-iframes.html: Added. LayoutTests: Add test coverage, and simulate user interaction in existing tests that require focusing a cross-origin frame. * http/tests/security/clipboard/resources/copy-html.html: * http/tests/security/clipboard/resources/copy-mso-list.html: * http/tests/security/clipboard/resources/copy-url.html: * http/wpt/html/interaction/focus/no-cross-origin-element-focus-expected.txt: Added. * http/wpt/html/interaction/focus/no-cross-origin-element-focus.html: Added. * http/wpt/html/interaction/focus/no-cross-origin-window-focus-expected.txt: Added. * http/wpt/html/interaction/focus/no-cross-origin-window-focus.html: Added. * http/wpt/html/interaction/focus/resources/child-focus-element.html: Added. * http/wpt/html/interaction/focus/resources/child-focus-window.html: Added. * http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub-expected.txt: Added. * http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub.html: Added. * http/wpt/html/semantics/forms/autofocus/resources/child-autofocus.html: Added. * http/wpt/webauthn/resources/last-layer-frame.https.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248491 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-09 Ali Juma <ajuma@chromium.org> Don't allow cross-origin iframes to autofocus https://bugs.webkit.org/show_bug.cgi?id=200515 <rdar://problem/54092988> Reviewed by Ryosuke Niwa. According to Step 6 in the WhatWG Spec (https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofocusing-a-form-control:-the-autofocus-attribute), the 'autofocus' attribute shouldn't work for cross-origin iframes. This change is based on the Blink change (patch by <mustaq@chromium.org>): <https://chromium-review.googlesource.com/c/chromium/src/+/1593026> Also disallow cross-origin iframes from focusing programmatically without ever having had any user interaction. * dom/Element.cpp: Check if an invalid frame is trying to grab the focus. (WebCore::Element::focus): * html/HTMLFormControlElement.cpp: Check if the focus is moving to an invalid frame. (WebCore::shouldAutofocus): * page/DOMWindow.cpp: Check if an invalid frame is trying to grab the focus. (WebCore::DOMWindow::focus): 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248471. rdar://problem/54130624 Disable CSSOM View Scrolling API for IMDb iOS app https://bugs.webkit.org/show_bug.cgi?id=200586 <rdar://problem/53645833> Patch by Alex Christensen <achristensen@webkit.org> on 2019-08-09 Reviewed by Simon Fraser. Source/WebCore: They are calling scrollHeight on the HTML element and it is running new code introduced in r235806 Disable this new feature until they update their app to use the iOS13 SDK. * platform/RuntimeApplicationChecks.h: * platform/cocoa/RuntimeApplicationChecksCocoa.mm: (WebCore::IOSApplication::isIMDb): Source/WebKit: Change the CSSOMViewScrollingAPIEnabled default value to be off for the IMDb app's WKWebViews. I manually verified this is effective in those WKWebViews but no other WKWebViews and that it fixes the radar. * Shared/WebPreferences.yaml: * Shared/WebPreferencesDefaultValues.cpp: (WebKit::defaultCSSOMViewScrollingAPIEnabled): * Shared/WebPreferencesDefaultValues.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248471 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-09 Alex Christensen <achristensen@webkit.org> Disable CSSOM View Scrolling API for IMDb iOS app https://bugs.webkit.org/show_bug.cgi?id=200586 <rdar://problem/53645833> Reviewed by Simon Fraser. They are calling scrollHeight on the HTML element and it is running new code introduced in r235806 Disable this new feature until they update their app to use the iOS13 SDK. * platform/RuntimeApplicationChecks.h: * platform/cocoa/RuntimeApplicationChecksCocoa.mm: (WebCore::IOSApplication::isIMDb): 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248463. rdar://problem/54139782 REGRESSION (iOS 13): united.com web forms do not respond to taps https://bugs.webkit.org/show_bug.cgi?id=200531 Reviewed by Antti Koivisto and Wenson Hsieh. The bug is caused by the content change observer detecting “Site Feedback” link at the bottom of the page (https://www.united.com/ual/en/US/account/enroll/default) constantly getting re-generated in every frame via requestAnimationFrame when the page is opened with iPhone UA string. Note that the content re-generation can be reproduced even in Chrome if iPhone UA string is used. Ignore this constant content change in ContentChangeObserver as a site specific quirk. In the future, we should make ContentChangeObserver observe the final location of each element being observed so that we can ignore content that like this which is placed outside the viewport, and/or far away from where the user tapped. * page/Quirks.cpp: (WebCore::Quirks::shouldIgnoreContentChange const): Added. * page/Quirks.h: * page/ios/ContentChangeObserver.cpp: (WebCore::ContentChangeObserver::shouldObserveVisibilityChangeForElement): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248463 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-09 Ryosuke Niwa <rniwa@webkit.org> REGRESSION (iOS 13): united.com web forms do not respond to taps https://bugs.webkit.org/show_bug.cgi?id=200531 Reviewed by Antti Koivisto and Wenson Hsieh. The bug is caused by the content change observer detecting “Site Feedback” link at the bottom of the page (https://www.united.com/ual/en/US/account/enroll/default) constantly getting re-generated in every frame via requestAnimationFrame when the page is opened with iPhone UA string. Note that the content re-generation can be reproduced even in Chrome if iPhone UA string is used. Ignore this constant content change in ContentChangeObserver as a site specific quirk. In the future, we should make ContentChangeObserver observe the final location of each element being observed so that we can ignore content that like this which is placed outside the viewport, and/or far away from where the user tapped. * page/Quirks.cpp: (WebCore::Quirks::shouldIgnoreContentChange const): Added. * page/Quirks.h: * page/ios/ContentChangeObserver.cpp: (WebCore::ContentChangeObserver::shouldObserveVisibilityChangeForElement): 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248438. rdar://problem/54093220 [iOS] Position image information should respect the image orientation https://bugs.webkit.org/show_bug.cgi?id=200487 Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2019-08-08 Reviewed by Simon Fraser. Source/WebCore: Re-factor CachedImage::imageSizeForRenderer() into another overriding function which does not scale the imageSize. Therefore the new function returns FloatSize while the original function returns LayoutSize. * loader/cache/CachedImage.cpp: (WebCore::CachedImage::imageSizeForRenderer const): * loader/cache/CachedImage.h: * rendering/RenderElement.h: Source/WebKit: imagePositionInformation() should respect the image orientation when drawing an Image to a ShareableBitmap context. boundsPositionInformation() already takes care of the image orientation because it gets RenderImage::enclosingBoundingBox(). * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::imagePositionInformation): Tools: Add an API test to verify the position image information is drawn rotated because of respecting its image orientation. * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WebKitCocoa/WKRequestActivatedElementInfo.mm: (TestWebKitAPI::TEST): * TestWebKitAPI/Tests/WebKitCocoa/exif-orientation-8-llo.jpg: Added. * TestWebKitAPI/Tests/WebKitCocoa/img-with-rotated-image.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248438 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-08 Said Abou-Hallawa <sabouhallawa@apple.com> [iOS] Position image information should respect the image orientation https://bugs.webkit.org/show_bug.cgi?id=200487 Reviewed by Simon Fraser. Re-factor CachedImage::imageSizeForRenderer() into another overriding function which does not scale the imageSize. Therefore the new function returns FloatSize while the original function returns LayoutSize. * loader/cache/CachedImage.cpp: (WebCore::CachedImage::imageSizeForRenderer const): * loader/cache/CachedImage.h: * rendering/RenderElement.h: 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248410. rdar://problem/54084721 Do not allow navigations of frames about to get replaced by the result of evaluating javascript: URLs <rdar://problem/53788893> and https://bugs.webkit.org/show_bug.cgi?id=198786 Reviewed by Geoff Garen. Source/WebCore: Covered by API Test Add a "willReplaceWithResultOfExecutingJavascriptURL" flag which is respected inside FrameLoader::isNavigationAllowed * bindings/js/ScriptController.cpp: (WebCore::ScriptController::executeIfJavaScriptURL): * bindings/js/ScriptController.h: (WebCore::ScriptController::willReplaceWithResultOfExecutingJavascriptURL const): * loader/FrameLoader.cpp: (WebCore::FrameLoader::isNavigationAllowed const): Tools: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/mac/JavascriptURLNavigation.mm: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248410 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-08 Brady Eidson <beidson@apple.com> Do not allow navigations of frames about to get replaced by the result of evaluating javascript: URLs <rdar://problem/53788893> and https://bugs.webkit.org/show_bug.cgi?id=198786 Reviewed by Geoff Garen. Covered by API Test Add a "willReplaceWithResultOfExecutingJavascriptURL" flag which is respected inside FrameLoader::isNavigationAllowed * bindings/js/ScriptController.cpp: (WebCore::ScriptController::executeIfJavaScriptURL): * bindings/js/ScriptController.h: (WebCore::ScriptController::willReplaceWithResultOfExecutingJavascriptURL const): * loader/FrameLoader.cpp: (WebCore::FrameLoader::isNavigationAllowed const): 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248368. rdar://problem/54037153 Extra space inserted at start of line when inserting a newline in Mail compose https://bugs.webkit.org/show_bug.cgi?id=200490 <rdar://problem/53501354> Reviewed by Antti Koivisto. Source/WebCore: This started happening after r244494, which deferred editor state computation until the next layer tree flush when changing selection. After inserting a paragraph, the act of computing an editor state ensured that the text node containing the caret drops out of simple line layout, while grabbing the characters near the selection (i.e., calling charactersAroundPosition). This meant that when we subsequently ask positionAfterSplit whether it isRenderedCharacter() at the end of the command, we are guaranteed to have line boxes, so we get a meaningful answer and avoid inserting an extra non-breaking space. However, after r244494, we defer the editor state computation until the end of the edit command; this means that we may not have line boxes for positionAfterSplit's text node renderer, due to remaining in simple line layout. In turn, this means that we end up hitting the assertion in containsRenderedCharacterOffset in debug builds; on release builds, we simply return false from containsRenderedCharacterOffset, which causes us to insert an extra space. To fix this, we educate RenderText::containsRenderedCharacterOffset about simple line layout. Test: editing/inserting/insert-paragraph-in-designmode-document.html * rendering/RenderText.cpp: (WebCore::RenderText::containsRenderedCharacterOffset const): (WebCore::RenderText::containsCaretOffset const): Changed to use SimpleLineLayout::containsOffset. * rendering/SimpleLineLayoutFunctions.h: (WebCore::SimpleLineLayout::containsOffset): I first contrasted the behavior of RenderTextLineBoxes::containsOffset in the cases where the OffsetType is CaretOffset or CharacterOffset, and found that the only interesting differences were: 1. The caret offset type case has special handling for line breaks. 2. Both offset types have handling for reversed text. 3. The end offset of a line box contains a caret offset, but not a character offset. For the purposes of OffsetType CharacterOffset, (1) is irrelevant; furthermore, (2) is already not handled by logic in containsCaretOffset(). Thus, the only major difference in the CharacterOffset case should be (3), which we handle by only allowing the case where the given offset is equal to the very end of a text run for caret offsets, and not character offsets. (WebCore::SimpleLineLayout::containsCaretOffset): Deleted. Renamed to just containsOffset. LayoutTests: Add a new test to verify that inserting a newline in the middle of text in a document with designMode "on" doesn't insert an extra space at the beginning of the newly inserted line. * editing/inserting/insert-paragraph-in-designmode-document-expected.txt: Added. * editing/inserting/insert-paragraph-in-designmode-document.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248368 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-07 Wenson Hsieh <wenson_hsieh@apple.com> Extra space inserted at start of line when inserting a newline in Mail compose https://bugs.webkit.org/show_bug.cgi?id=200490 <rdar://problem/53501354> Reviewed by Antti Koivisto. This started happening after r244494, which deferred editor state computation until the next layer tree flush when changing selection. After inserting a paragraph, the act of computing an editor state ensured that the text node containing the caret drops out of simple line layout, while grabbing the characters near the selection (i.e., calling charactersAroundPosition). This meant that when we subsequently ask positionAfterSplit whether it isRenderedCharacter() at the end of the command, we are guaranteed to have line boxes, so we get a meaningful answer and avoid inserting an extra non-breaking space. However, after r244494, we defer the editor state computation until the end of the edit command; this means that we may not have line boxes for positionAfterSplit's text node renderer, due to remaining in simple line layout. In turn, this means that we end up hitting the assertion in containsRenderedCharacterOffset in debug builds; on release builds, we simply return false from containsRenderedCharacterOffset, which causes us to insert an extra space. To fix this, we educate RenderText::containsRenderedCharacterOffset about simple line layout. Test: editing/inserting/insert-paragraph-in-designmode-document.html * rendering/RenderText.cpp: (WebCore::RenderText::containsRenderedCharacterOffset const): (WebCore::RenderText::containsCaretOffset const): Changed to use SimpleLineLayout::containsOffset. * rendering/SimpleLineLayoutFunctions.h: (WebCore::SimpleLineLayout::containsOffset): I first contrasted the behavior of RenderTextLineBoxes::containsOffset in the cases where the OffsetType is CaretOffset or CharacterOffset, and found that the only interesting differences were: 1. The caret offset type case has special handling for line breaks. 2. Both offset types have handling for reversed text. 3. The end offset of a line box contains a caret offset, but not a character offset. For the purposes of OffsetType CharacterOffset, (1) is irrelevant; furthermore, (2) is already not handled by logic in containsCaretOffset(). Thus, the only major difference in the CharacterOffset case should be (3), which we handle by only allowing the case where the given offset is equal to the very end of a text run for caret offsets, and not character offsets. (WebCore::SimpleLineLayout::containsCaretOffset): Deleted. Renamed to just containsOffset. 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248265. rdar://problem/54017842 Ping loads should not prevent page caching https://bugs.webkit.org/show_bug.cgi?id=200418 <rdar://problem/53901632> Reviewed by Darin Adler. Source/WebCore: We normally prevent page caching if there were any pending subresource loads when navigating, to avoid caching partial / broken content. However, this should not apply to Ping / Beacon loads since those do not impact page rendering and can outlive the page. Tests: http/tests/navigation/page-cache-pending-ping-load-cross-origin.html http/tests/navigation/page-cache-pending-ping-load-same-origin.html * history/PageCache.cpp: (WebCore::PageCache::addIfCacheable): After we've fired the 'pagehide' event in each frame, stop all the loads again. This is needed since pages are allowed to start ping / beacon loads in their 'pagehide' handlers. If we do not stop those loads, then the next call to canCachePage() would fail because the DocumentLoader is still loading. Note that we're not actually preventing these ping loads from hitting the server since we never cancel page loads and those can outlive their page. * loader/DocumentLoader.cpp: (WebCore::shouldPendingCachedResourceLoadPreventPageCache): (WebCore::areAllLoadersPageCacheAcceptable): Make sure that Ping / Beacon / Prefetches / Icon loads do not prevent page caching. (WebCore::DocumentLoader::addSubresourceLoader): Tweak assertion that was incorrect since we actually allow ping / beacon loads when the document is about to enter PageCache (while firing pagehide event). Tools: Add TestOption to enable PageCache at UIProcess-level so that we can test page caching when navigating cross-origin with PSON enabled. * WebKitTestRunner/TestController.cpp: (WTR::TestController::resetPreferencesToConsistentValues): (WTR::updateTestOptionsFromTestHeader): * WebKitTestRunner/TestOptions.h: (WTR::TestOptions::hasSameInitializationOptions const): LayoutTests: Add layout test coverage. * http/tests/navigation/page-cache-pending-ping-load-cross-origin-expected.txt: Added. * http/tests/navigation/page-cache-pending-ping-load-cross-origin.html: Added. * http/tests/navigation/page-cache-pending-ping-load-same-origin-expected.txt: Added. * http/tests/navigation/page-cache-pending-ping-load-same-origin.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248265 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-04 Chris Dumez <cdumez@apple.com> Ping loads should not prevent page caching https://bugs.webkit.org/show_bug.cgi?id=200418 <rdar://problem/53901632> Reviewed by Darin Adler. We normally prevent page caching if there were any pending subresource loads when navigating, to avoid caching partial / broken content. However, this should not apply to Ping / Beacon loads since those do not impact page rendering and can outlive the page. Tests: http/tests/navigation/page-cache-pending-ping-load-cross-origin.html http/tests/navigation/page-cache-pending-ping-load-same-origin.html * history/PageCache.cpp: (WebCore::PageCache::addIfCacheable): After we've fired the 'pagehide' event in each frame, stop all the loads again. This is needed since pages are allowed to start ping / beacon loads in their 'pagehide' handlers. If we do not stop those loads, then the next call to canCachePage() would fail because the DocumentLoader is still loading. Note that we're not actually preventing these ping loads from hitting the server since we never cancel page loads and those can outlive their page. * loader/DocumentLoader.cpp: (WebCore::shouldPendingCachedResourceLoadPreventPageCache): (WebCore::areAllLoadersPageCacheAcceptable): Make sure that Ping / Beacon / Prefetches / Icon loads do not prevent page caching. (WebCore::DocumentLoader::addSubresourceLoader): Tweak assertion that was incorrect since we actually allow ping / beacon loads when the document is about to enter PageCache (while firing pagehide event). 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248148. rdar://problem/54017840 Pages using MessagePorts should be PageCacheable https://bugs.webkit.org/show_bug.cgi?id=200366 <rdar://problem/53837882> Reviewed by Geoffrey Garen. Source/WebCore: Allow a page to enter PageCache, even if it has MessagePorts (potentially with pending messages). If there are pending messages on the MessagePorts when entering PageCache, those will get dispatched upon restoring from PageCache. Test: fast/history/page-cache-MessagePort-pending-message.html * dom/MessagePort.cpp: (WebCore::MessagePort::messageAvailable): (WebCore::MessagePort::dispatchMessages): Do not dispatch messages while in PageCache. (WebCore::MessagePort::canSuspendForDocumentSuspension const): Allow pages with MessagePort objects to enter PageCache. * dom/ScriptExecutionContext.cpp: (WebCore::ScriptExecutionContext::resumeActiveDOMObjects): Make sure pending messages on MessagePorts get dispatched asynchronously after restoring from PageCache. * loader/DocumentLoader.cpp: (WebCore::areAllLoadersPageCacheAcceptable): Make sure only CachedResources that are still loading upon load cancelation prevent entering PageCache. LayoutTests: Add layout test coverage. * fast/history/page-cache-MessagePort-pending-message-expected.txt: Added. * fast/history/page-cache-MessagePort-pending-message.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248148 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-01 Chris Dumez <cdumez@apple.com> Pages using MessagePorts should be PageCacheable https://bugs.webkit.org/show_bug.cgi?id=200366 <rdar://problem/53837882> Reviewed by Geoffrey Garen. Allow a page to enter PageCache, even if it has MessagePorts (potentially with pending messages). If there are pending messages on the MessagePorts when entering PageCache, those will get dispatched upon restoring from PageCache. Test: fast/history/page-cache-MessagePort-pending-message.html * dom/MessagePort.cpp: (WebCore::MessagePort::messageAvailable): (WebCore::MessagePort::dispatchMessages): Do not dispatch messages while in PageCache. (WebCore::MessagePort::canSuspendForDocumentSuspension const): Allow pages with MessagePort objects to enter PageCache. * dom/ScriptExecutionContext.cpp: (WebCore::ScriptExecutionContext::resumeActiveDOMObjects): Make sure pending messages on MessagePorts get dispatched asynchronously after restoring from PageCache. * loader/DocumentLoader.cpp: (WebCore::areAllLoadersPageCacheAcceptable): Make sure only CachedResources that are still loading upon load cancelation prevent entering PageCache. 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248112. rdar://problem/53836593 [Text autosizing] [iPadOS] Add targeted hacks to address some remaining text autosizing issues https://bugs.webkit.org/show_bug.cgi?id=200271 <rdar://problem/51734741> Reviewed by Zalan Bujtas. Source/WebCore: Makes some targeted adjustments to the text autosizing heuristic, to ensure compatibility with several high- profile websites. See changes below for more detail. Tests: fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidate-special-cases.html fast/text-autosizing/ios/idempotentmode/line-height-boosting.html * css/StyleResolver.cpp: (WebCore::StyleResolver::adjustRenderStyleForTextAutosizing): Avoid clipped sidebar links on sohu.com by not performing line-height boosting in the case where the element probably has a small, fixed number of lines. See below for more detail. Additionally, don't attempt to adjust the line height using the boosted font size, in the case where the element is not a candidate for idempotent text autosizing. * rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::isIdempotentTextAutosizingCandidate const): Make various targeted hacks to fix a few websites: - Add a special case for top navigation bar links on yandex.ru, where line height greatly exceeds the specified font size. - Avoid boosting some related video links on v.youku.com by considering the line-clamp CSS property when determining the maximum number of lines of text an element is expected to contain. - Avoid boosting some front page links on asahi.com, which have non-repeating background images. - Add several other adjustments to more aggressively boost pieces of text on Google search results, such as taking the `word-break` CSS property into account. The bottom few pixels of sidebar links on naver.com are also no longer clipped after these changes. * rendering/style/TextSizeAdjustment.cpp: (WebCore::AutosizeStatus::probablyContainsASmallFixedNumberOfLines): Pulls out a piece of the heuristic added to fix sephora.com in r247467 out into a separate helper method. To recap, this heuristic identifies elements with both a fixed height and fixed line height, for which the fixed height is close to an integer multiple of the line height. Also makes several small tweaks in the process: (1) change the max difference between fixed line height and font size from 6 to 5 to ensure that some multiline caption text on Google search results is boosted, and (2) replace usages of `lineHeight()` with `specifiedLineHeight()`, which current prevents this function from being truly idempotent. (WebCore::AutosizeStatus::updateStatus): * rendering/style/TextSizeAdjustment.h: LayoutTests: Add tests to cover some changes to line height boosting and the idempotent text autosizing candidate heuristic. * fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidate-special-cases-expected.txt: Added. * fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidate-special-cases.html: Added. * fast/text-autosizing/ios/idempotentmode/line-height-boosting-expected.txt: * fast/text-autosizing/ios/idempotentmode/line-height-boosting.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248112 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-01 Wenson Hsieh <wenson_hsieh@apple.com> [Text autosizing] [iPadOS] Add targeted hacks to address some remaining text autosizing issues https://bugs.webkit.org/show_bug.cgi?id=200271 <rdar://problem/51734741> Reviewed by Zalan Bujtas. Makes some targeted adjustments to the text autosizing heuristic, to ensure compatibility with several high- profile websites. See changes below for more detail. Tests: fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidate-special-cases.html fast/text-autosizing/ios/idempotentmode/line-height-boosting.html * css/StyleResolver.cpp: (WebCore::StyleResolver::adjustRenderStyleForTextAutosizing): Avoid clipped sidebar links on sohu.com by not performing line-height boosting in the case where the element probably has a small, fixed number of lines. See below for more detail. Additionally, don't attempt to adjust the line height using the boosted font size, in the case where the element is not a candidate for idempotent text autosizing. * rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::isIdempotentTextAutosizingCandidate const): Make various targeted hacks to fix a few websites: - Add a special case for top navigation bar links on yandex.ru, where line height greatly exceeds the specified font size. - Avoid boosting some related video links on v.youku.com by considering the line-clamp CSS property when determining the maximum number of lines of text an element is expected to contain. - Avoid boosting some front page links on asahi.com, which have non-repeating background images. - Add several other adjustments to more aggressively boost pieces of text on Google search results, such as taking the `word-break` CSS property into account. The bottom few pixels of sidebar links on naver.com are also no longer clipped after these changes. * rendering/style/TextSizeAdjustment.cpp: (WebCore::AutosizeStatus::probablyContainsASmallFixedNumberOfLines): Pulls out a piece of the heuristic added to fix sephora.com in r247467 out into a separate helper method. To recap, this heuristic identifies elements with both a fixed height and fixed line height, for which the fixed height is close to an integer multiple of the line height. Also makes several small tweaks in the process: (1) change the max difference between fixed line height and font size from 6 to 5 to ensure that some multiline caption text on Google search results is boosted, and (2) replace usages of `lineHeight()` with `specifiedLineHeight()`, which current prevents this function from being truly idempotent. (WebCore::AutosizeStatus::updateStatus): * rendering/style/TextSizeAdjustment.h: 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248095. rdar://problem/53820658 REGRESSION (r240942): first visually non-empty layout milestone is not reached in media documents until after the video finishes loading https://bugs.webkit.org/show_bug.cgi?id=200293 <rdar://problem/52937749> Reviewed by Alex Christensen. Source/WebCore: r240942 changed FrameView::qualifiesAsVisuallyNonEmpty() to consider only documents in the Interactive or Complete ready states as "finished parsing". Documents considered finished parsing can qualify as visually non-empty even without exceeding the visual character or pixel thresholds, but documents considered not finished must first exceed one of these thresholds in order to qualify as visually non-empty. HTMLDocuments are placed in the Interactive ready state by their HTMLDocumentParsers. However, HTMLDocument subclasses like ImageDocument and MediaDocument use their own custom parsers that never set the Interactive ready state on their documents; these documents go from Loading directly to Complete. In order for these HTMLDocument subclasses to be considered visually non-empty before they finish loading they must render something that exceeds the visual character or pixel thresholds. For image documents, rendering the image is usually enough to cross the threshold, but for media documents the visual pixel threshold was never crossed because videos did not contribute to the visually non-empty pixel count. As a result, media documents are not considered visually non-empty until the main resource finishes loading. On iOS this means that the layer tree remains frozen until this point, even though the media might have started autoplaying with audio long before it finished loading. Fix this by teaching RenderVideo to contribute the video player's size to FrameView's visually non-empty pixel count once the video player has loaded enough data to determine its intrinsic size. Videos that render more than 1024 pixels will qualify a media document as visually non-empty even when it is still loading its main resource. Added a new API test. * rendering/RenderImage.cpp: (WebCore::RenderImage::imageChanged): (WebCore::RenderImage::incrementVisuallyNonEmptyPixelCountIfNeeded): * rendering/RenderImage.h: * rendering/RenderVideo.cpp: (WebCore::RenderVideo::updateIntrinsicSize): Tools: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WebKitCocoa/FirstVisuallyNonEmptyMilestone.mm: Renamed from Tools/TestWebKitAPI/Tests/WebKit/FirstVisuallyNonEmptyMilestoneWithDeferredScript.mm. (-[FirstPaintMessageHandler userContentController:didReceiveScriptMessage:]): (-[RenderingProgressNavigationDelegate _webView:renderingProgressDidChange:]): (-[RenderingProgressNavigationDelegate webView:didFinishNavigation:]): (TEST): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248095 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-31 Andy Estes <aestes@apple.com> REGRESSION (r240942): first visually non-empty layout milestone is not reached in media documents until after the video finishes loading https://bugs.webkit.org/show_bug.cgi?id=200293 <rdar://problem/52937749> Reviewed by Alex Christensen. r240942 changed FrameView::qualifiesAsVisuallyNonEmpty() to consider only documents in the Interactive or Complete ready states as "finished parsing". Documents considered finished parsing can qualify as visually non-empty even without exceeding the visual character or pixel thresholds, but documents considered not finished must first exceed one of these thresholds in order to qualify as visually non-empty. HTMLDocuments are placed in the Interactive ready state by their HTMLDocumentParsers. However, HTMLDocument subclasses like ImageDocument and MediaDocument use their own custom parsers that never set the Interactive ready state on their documents; these documents go from Loading directly to Complete. In order for these HTMLDocument subclasses to be considered visually non-empty before they finish loading they must render something that exceeds the visual character or pixel thresholds. For image documents, rendering the image is usually enough to cross the threshold, but for media documents the visual pixel threshold was never crossed because videos did not contribute to the visually non-empty pixel count. As a result, media documents are not considered visually non-empty until the main resource finishes loading. On iOS this means that the layer tree remains frozen until this point, even though the media might have started autoplaying with audio long before it finished loading. Fix this by teaching RenderVideo to contribute the video player's size to FrameView's visually non-empty pixel count once the video player has loaded enough data to determine its intrinsic size. Videos that render more than 1024 pixels will qualify a media document as visually non-empty even when it is still loading its main resource. Added a new API test. * rendering/RenderImage.cpp: (WebCore::RenderImage::imageChanged): (WebCore::RenderImage::incrementVisuallyNonEmptyPixelCountIfNeeded): * rendering/RenderImage.h: * rendering/RenderVideo.cpp: (WebCore::RenderVideo::updateIntrinsicSize): 2019-08-12 Alan Coon <alancoon@apple.com> Cherry-pick r248447. rdar://problem/54218162 Add to InteractionInformationAtPosition information about whether the element is in a subscrollable region https://bugs.webkit.org/show_bug.cgi?id=200374 rdar://problem/54095519 Reviewed by Tim Horton. Source/WebCore: Add to InteractionInformationAtPosition a ScrollingNodeID which represents the enclosing scrolling node that affects the targeted element's position. We use this to find a UIScrollView in the UI process. The entrypoint to finding the enclosing scrolling node is ScrollingCoordinator::scrollableContainerNodeID(), which calls RenderLayerCompositor::asyncScrollableContainerNodeID() to look for a scrolling ancestor in the current frame, and then looks for an enclosing scrollable frame, or a scrolling ancestor in the enclosing frame. There's a bit of subtlety in RenderLayerCompositor::asyncScrollableContainerNodeID() because if you're asking for the node that scrolls the renderer, if the renderer itself has a layer and is scrollable, you want its enclosing scroller. * page/scrolling/AsyncScrollingCoordinator.cpp: (WebCore::AsyncScrollingCoordinator::scrollableContainerNodeID const): * page/scrolling/AsyncScrollingCoordinator.h: * page/scrolling/ScrollingCoordinator.cpp: (WebCore::scrollableContainerNodeID const): * page/scrolling/ScrollingCoordinator.h: * rendering/RenderLayer.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::asyncScrollableContainerNodeID): * rendering/RenderLayerCompositor.h: Source/WebKit: Add InteractionInformationAtPosition.containerScrollingNodeID and initialize it in elementPositionInformation() by asking the scrolling coordinator. Also add a way to get from a ScrollingNodeID to a UIScrollView to RemoteScrollingCoordinatorProxy, which gets the scrolling node and asks the delegate for the UIView. * Shared/ios/InteractionInformationAtPosition.h: * Shared/ios/InteractionInformationAtPosition.mm: (WebKit::InteractionInformationAtPosition::encode const): (WebKit::InteractionInformationAtPosition::decode): * UIProcess/RemoteLayerTree/RemoteScrollingCoordinatorProxy.h: * UIProcess/RemoteLayerTree/ios/RemoteScrollingCoordinatorProxyIOS.mm: (WebKit::RemoteScrollingCoordinatorProxy::scrollViewForScrollingNodeID const): * UIProcess/RemoteLayerTree/ios/ScrollingTreeOverflowScrollingNodeIOS.h: * UIProcess/RemoteLayerTree/ios/ScrollingTreeOverflowScrollingNodeIOS.mm: (WebKit::ScrollingTreeOverflowScrollingNodeIOS::scrollView const): * UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.h: * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::elementPositionInformation): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248447 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-08-06 Alan Coon <alancoon@apple.com> Apply patch. rdar://problem/53992160 2019-08-06 Per Arne Vollan <pvollan@apple.com> [Win] Fix AppleWin build https://bugs.webkit.org/show_bug.cgi?id=200414 Reviewed by Brent Fulgham. * CMakeLists.txt: * PlatformPlayStation.cmake: * PlatformWPE.cmake: * PlatformWin.cmake: 2019-08-01 Alan Coon <alancoon@apple.com> Apply patch. rdar://problem/53764238 2019-08-01 Ryosuke Niwa <rniwa@webkit.org> The maximum subframe count check should not be skipped for empty URLs. https://bugs.webkit.org/show_bug.cgi?id=200032 Based on the patch by Sergei Glazunov (r247924). Move the check closer to the actual frame creation code in loadSubframe. Tests: fast/dom/connected-subframe-counter-overflow.html * dom/Document.cpp: (WebCore::Document::prepareForDestruction): Assert that all child frames have been detached. * html/HTMLFrameElementBase.cpp: (WebCore::HTMLFrameElementBase::isURLAllowed const): * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::loadSubframe): Added the check here. * page/Frame.cpp: (WebCore::Frame::isURLAllowed const): 2019-07-31 Alan Coon <alancoon@apple.com> Cherry-pick r248080. rdar://problem/53788956 [ContentChangeObserver] twitch.tv video controls do not always respond to taps in fullscreen https://bugs.webkit.org/show_bug.cgi?id=200309 <rdar://problem/52964977> Reviewed by Simon Fraser. Source/WebCore: Do not consider an element visible if it is not a descendant of the active fullscreen element. This patch fixes the cases when the user taps on a button in fullscreen mode while the non-fullscreen content is being mutated and the ContentChangeObserver mistakenly registers it as a valid, actionable change and as a result we don't fire the click event (stay at hover). Test: fast/events/touch/ios/content-observation/non-visible-content-change-in-fullscreen-mode.html * page/ios/ContentChangeObserver.cpp: (WebCore::fullscreenElement): (WebCore::ContentChangeObserver::isVisuallyHidden): LayoutTests: * fast/events/touch/ios/content-observation/non-visible-content-change-in-fullscreen-mode-expected.txt: Added. * fast/events/touch/ios/content-observation/non-visible-content-change-in-fullscreen-mode.html: Added. * platform/ios/TestExpectations: Fullscreen API is not yet enabled on iOS. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248080 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-31 Zalan Bujtas <zalan@apple.com> [ContentChangeObserver] twitch.tv video controls do not always respond to taps in fullscreen https://bugs.webkit.org/show_bug.cgi?id=200309 <rdar://problem/52964977> Reviewed by Simon Fraser. Do not consider an element visible if it is not a descendant of the active fullscreen element. This patch fixes the cases when the user taps on a button in fullscreen mode while the non-fullscreen content is being mutated and the ContentChangeObserver mistakenly registers it as a valid, actionable change and as a result we don't fire the click event (stay at hover). Test: fast/events/touch/ios/content-observation/non-visible-content-change-in-fullscreen-mode.html * page/ios/ContentChangeObserver.cpp: (WebCore::fullscreenElement): (WebCore::ContentChangeObserver::isVisuallyHidden): 2019-07-31 Alan Coon <alancoon@apple.com> Cherry-pick r248079. rdar://problem/53788988 [iPadOS] Enable simulated mouse events on iqiyi.com to fix the video controls https://bugs.webkit.org/show_bug.cgi?id=200322 rdar://problem/53235709 Reviewed by Wenson Hsieh. iqiyi.com needs to get mouseMove events for dragging the video scrubber to work. * page/Quirks.cpp: (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248079 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-31 Alan Coon <alancoon@apple.com> Cherry-pick r248071. rdar://problem/53789003 Use CTFontCreateForCharactersWithLanguageAndOption if available instead of CTFontCreateForCharactersWithLanguage https://bugs.webkit.org/show_bug.cgi?id=200241 Source/WebCore: Reviewed by Myles C. Maxfield. We can use CTFontCreateForCharactersWithLanguageAndOption instead of CTFontCreateForCharactersWithLanguage as it allows setting more easily the fallback option. This allows us to never fallback to user installed fonts. In such a case, we no longer need to wrap the fonts to change the fallback option. We also prewarm the fonts with the same SPI and use system fallback as the default value. Covered by existing tests. * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::preparePlatformFont): (WebCore::lookupFallbackFont): (WebCore::FontCache::systemFallbackForCharacters): (WebCore::FontCache::prewarm): (WebCore::fontFamiliesForPrewarming): Source/WebCore/PAL: Reviewed by Myles C. Maxfield. Add new SPI. * pal/spi/cocoa/CoreTextSPI.h: Source/WTF: Reviewed by Myles C. Maxfield. * wtf/Platform.h: Add macro to enable/disable new SPI. LayoutTests: We update the tests to flush font caches as otherwise some debug asserts would be hit. This is due to changing the user installed font runtime flag while browsing which is not a typical situation. Reviewed by Myles C. Maxfield. * fast/text/user-installed-fonts/extended-character-with-user-font.html: * fast/text/user-installed-fonts/extended-character.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248071 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-31 Youenn Fablet <youenn@apple.com> Use CTFontCreateForCharactersWithLanguageAndOption if available instead of CTFontCreateForCharactersWithLanguage https://bugs.webkit.org/show_bug.cgi?id=200241 Reviewed by Myles C. Maxfield. We can use CTFontCreateForCharactersWithLanguageAndOption instead of CTFontCreateForCharactersWithLanguage as it allows setting more easily the fallback option. This allows us to never fallback to user installed fonts. In such a case, we no longer need to wrap the fonts to change the fallback option. We also prewarm the fonts with the same SPI and use system fallback as the default value. Covered by existing tests. * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::preparePlatformFont): (WebCore::lookupFallbackFont): (WebCore::FontCache::systemFallbackForCharacters): (WebCore::FontCache::prewarm): (WebCore::fontFamiliesForPrewarming): 2019-07-31 Alan Coon <alancoon@apple.com> Cherry-pick r248046. rdar://problem/53788952 Owners of MultiChannelResampler should make sure that the output bus given to it has the same number of channels https://bugs.webkit.org/show_bug.cgi?id=200248 <rdar://problem/53411051> Reviewed by Eric Carlson. Source/WebCore: When a track's number of channels changes, MediaStreamAudioSourceNode is expected to update its MultiChannelResampler and its output number of channels. MultiChannelResampler expects to have the same number of channels as the output but it is not always the case since the channel numbers are changed in different threads and locks do not help there. Instead, whenever detecting that the number of channels do not match, render silence and wait for the next rendering where the number of channels should again match. Add internals API to change the number of channels from 2 to 1 or 1 to 2 to allow testing that code path (iOS only as MacOS audio capture is in UIProcess). Covered by updated test. * Modules/webaudio/MediaElementAudioSourceNode.cpp: (WebCore::MediaElementAudioSourceNode::process): * Modules/webaudio/MediaStreamAudioSourceNode.cpp: (WebCore::MediaStreamAudioSourceNode::process): * platform/audio/MultiChannelResampler.cpp: (WebCore::MultiChannelResampler::process): * platform/mediastream/RealtimeMediaSource.h: * platform/mediastream/mac/MockRealtimeAudioSourceMac.mm: (WebCore::MockRealtimeAudioSourceMac::reconfigure): * platform/mock/MockRealtimeAudioSource.cpp: (WebCore::MockRealtimeAudioSource::setChannelCount): * platform/mock/MockRealtimeAudioSource.h: (isType): * platform/mock/MockRealtimeVideoSource.h: * testing/Internals.cpp: (WebCore::Internals::setMockAudioTrackChannelNumber): * testing/Internals.h: * testing/Internals.idl: LayoutTests: * fast/mediastream/getUserMedia-webaudio-expected.txt: * fast/mediastream/getUserMedia-webaudio.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248046 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-31 Youenn Fablet <youenn@apple.com> Owners of MultiChannelResampler should make sure that the output bus given to it has the same number of channels https://bugs.webkit.org/show_bug.cgi?id=200248 <rdar://problem/53411051> Reviewed by Eric Carlson. When a track's number of channels changes, MediaStreamAudioSourceNode is expected to update its MultiChannelResampler and its output number of channels. MultiChannelResampler expects to have the same number of channels as the output but it is not always the case since the channel numbers are changed in different threads and locks do not help there. Instead, whenever detecting that the number of channels do not match, render silence and wait for the next rendering where the number of channels should again match. Add internals API to change the number of channels from 2 to 1 or 1 to 2 to allow testing that code path (iOS only as MacOS audio capture is in UIProcess). Covered by updated test. * Modules/webaudio/MediaElementAudioSourceNode.cpp: (WebCore::MediaElementAudioSourceNode::process): * Modules/webaudio/MediaStreamAudioSourceNode.cpp: (WebCore::MediaStreamAudioSourceNode::process): * platform/audio/MultiChannelResampler.cpp: (WebCore::MultiChannelResampler::process): * platform/mediastream/RealtimeMediaSource.h: * platform/mediastream/mac/MockRealtimeAudioSourceMac.mm: (WebCore::MockRealtimeAudioSourceMac::reconfigure): * platform/mock/MockRealtimeAudioSource.cpp: (WebCore::MockRealtimeAudioSource::setChannelCount): * platform/mock/MockRealtimeAudioSource.h: (isType): * platform/mock/MockRealtimeVideoSource.h: * testing/Internals.cpp: (WebCore::Internals::setMockAudioTrackChannelNumber): * testing/Internals.h: * testing/Internals.idl: 2019-07-31 Alan Coon <alancoon@apple.com> Cherry-pick r248037. rdar://problem/53764079 AX: Re-enable accessibility/set-selected-text-range-after-newline.html test. https://bugs.webkit.org/show_bug.cgi?id=199431 <rdar://problem/52563340> Patch by Andres Gonzalez <andresg_22@apple.com> on 2019-07-31 Reviewed by Chris Fleizach. Source/WebCore: - Re-enabled LayoutTests/accessibility/set-selected-text-range-after-newline.html. - Put back workaround in visiblePositionForIndexUsingCharacterIterator that is needed for several accessibility issues. - This workaround was rolled back because it was thought the cause of: https://bugs.webkit.org/show_bug.cgi?id=199434 It turned out that the actual cause of that hang was unrelated and was fixed in: https://bugs.webkit.org/show_bug.cgi?id=199845 * editing/Editing.cpp: (WebCore::visiblePositionForIndexUsingCharacterIterator): LayoutTests: * TestExpectations: * accessibility/ios-simulator/set-selected-text-range-after-newline.html: Removed because it was the same as the one in the parent accessibility directory, so enabling it for iOS in ios-wk2/TestExpectations. * platform/ios-wk2/TestExpectations: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248037 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-31 Andres Gonzalez <andresg_22@apple.com> AX: Re-enable accessibility/set-selected-text-range-after-newline.html test. https://bugs.webkit.org/show_bug.cgi?id=199431 <rdar://problem/52563340> Reviewed by Chris Fleizach. - Re-enabled LayoutTests/accessibility/set-selected-text-range-after-newline.html. - Put back workaround in visiblePositionForIndexUsingCharacterIterator that is needed for several accessibility issues. - This workaround was rolled back because it was thought the cause of: https://bugs.webkit.org/show_bug.cgi?id=199434 It turned out that the actual cause of that hang was unrelated and was fixed in: https://bugs.webkit.org/show_bug.cgi?id=199845 * editing/Editing.cpp: (WebCore::visiblePositionForIndexUsingCharacterIterator): 2019-07-31 Alan Coon <alancoon@apple.com> Cherry-pick r248024. rdar://problem/53764047 WorkerGlobalScope::wrapCryptoKey/unwrapCryptoKey should use local heap objects for replies https://bugs.webkit.org/show_bug.cgi?id=200179 <rdar://problem/52334658> Reviewed by Brent Fulgham. Based on the patch by Jiewen Tan. WorkerGlobalScope::wrapCryptoKey and WorkerGlobalScope::unwrapCryptoKey had a bug that they could exit the function before the main thread had finished writing to the result vector passed in to these functions when the worker's runloop receives MessageQueueTerminated before the main thread finishes writing. Fixed the bug by creating a new temporary Vector inside a ThreadSafeRefCounted object shared between the main thread and the worker thread, which extends the lifetime of the Vector until when the worker thread receives the result or when the main thread finishes writing to the Vector, whichever happens last. Unfortunately no new tests since there is no reproducible test case, and this crash is highly racy. * workers/WorkerGlobalScope.cpp: (WebCore::CryptoBufferContainer): Added. (WebCore::CryptoBufferContainer::create): Added. (WebCore::CryptoBufferContainer::buffer): Added. (WebCore::WorkerGlobalScope::wrapCryptoKey): (WebCore::WorkerGlobalScope::unwrapCryptoKey): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248024 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-29 Ryosuke Niwa <rniwa@webkit.org> WorkerGlobalScope::wrapCryptoKey/unwrapCryptoKey should use local heap objects for replies https://bugs.webkit.org/show_bug.cgi?id=200179 <rdar://problem/52334658> Reviewed by Brent Fulgham. Based on the patch by Jiewen Tan. WorkerGlobalScope::wrapCryptoKey and WorkerGlobalScope::unwrapCryptoKey had a bug that they could exit the function before the main thread had finished writing to the result vector passed in to these functions when the worker's runloop receives MessageQueueTerminated before the main thread finishes writing. Fixed the bug by creating a new temporary Vector inside a ThreadSafeRefCounted object shared between the main thread and the worker thread, which extends the lifetime of the Vector until when the worker thread receives the result or when the main thread finishes writing to the Vector, whichever happens last. Unfortunately no new tests since there is no reproducible test case, and this crash is highly racy. * workers/WorkerGlobalScope.cpp: 2019-08-08 Simon Fraser <simon.fraser@apple.com> Add to InteractionInformationAtPosition information about whether the element is in a subscrollable region https://bugs.webkit.org/show_bug.cgi?id=200374 rdar://problem/54095519 Reviewed by Tim Horton. Add to InteractionInformationAtPosition a ScrollingNodeID which represents the enclosing scrolling node that affects the targeted element's position. We use this to find a UIScrollView in the UI process. The entrypoint to finding the enclosing scrolling node is ScrollingCoordinator::scrollableContainerNodeID(), which calls RenderLayerCompositor::asyncScrollableContainerNodeID() to look for a scrolling ancestor in the current frame, and then looks for an enclosing scrollable frame, or a scrolling ancestor in the enclosing frame. There's a bit of subtlety in RenderLayerCompositor::asyncScrollableContainerNodeID() because if you're asking for the node that scrolls the renderer, if the renderer itself has a layer and is scrollable, you want its enclosing scroller. * page/scrolling/AsyncScrollingCoordinator.cpp: (WebCore::AsyncScrollingCoordinator::scrollableContainerNodeID const): * page/scrolling/AsyncScrollingCoordinator.h: * page/scrolling/ScrollingCoordinator.cpp: (WebCore::scrollableContainerNodeID const): * page/scrolling/ScrollingCoordinator.h: * rendering/RenderLayer.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::asyncScrollableContainerNodeID): * rendering/RenderLayerCompositor.h: (WebCore::CryptoBufferContainer): Added. (WebCore::CryptoBufferContainer::create): Added. (WebCore::CryptoBufferContainer::buffer): Added. (WebCore::WorkerGlobalScope::wrapCryptoKey): (WebCore::WorkerGlobalScope::unwrapCryptoKey): 2019-07-31 Alan Coon <alancoon@apple.com> Cherry-pick r248018. rdar://problem/53764057 REGRESSION(r241288): Text on Yahoo Japan mobile looks too bold https://bugs.webkit.org/show_bug.cgi?id=200065 <rdar://problem/50912757> Reviewed by Simon Fraser. Source/WebCore: Before r241288, we were mapping Japanese sans-serif to Hiragino Kaku Gothic ProN, which has a 300 weight and a 600 weight. However, we can't use that font because it's user-installed, so in r241288 we switched to using Hiragino Sans, which has a 300 weight, a 600 weight, and an 800 weight. According to the CSS font selection algorithm, sites that request a weight of 700 would get the 800 weight instead of the 600 weight, which caused the text to look too heavy. Therefore, the apparent visual change is from a weight change from 600 to 800. In general, this is working as intended. However, text on Yahoo Japan looks too heavy in weight 800. Instead, this patch adds a quirk specific to Yahoo Japan that overwrites any font requests to give them a weight of 600 instead of 700. This way, the lighter font will be used. No new tests because quirks cannot be tested. * css/CSSFontSelector.cpp: (WebCore::resolveGenericFamily): (WebCore::CSSFontSelector::fontRangesForFamily): * page/Quirks.cpp: (WebCore::Quirks::shouldLightenJapaneseBoldSansSerif const): * page/Quirks.h: Source/WTF: * wtf/Platform.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248018 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-30 Myles C. Maxfield <mmaxfield@apple.com> REGRESSION(r241288): Text on Yahoo Japan mobile looks too bold https://bugs.webkit.org/show_bug.cgi?id=200065 <rdar://problem/50912757> Reviewed by Simon Fraser. Before r241288, we were mapping Japanese sans-serif to Hiragino Kaku Gothic ProN, which has a 300 weight and a 600 weight. However, we can't use that font because it's user-installed, so in r241288 we switched to using Hiragino Sans, which has a 300 weight, a 600 weight, and an 800 weight. According to the CSS font selection algorithm, sites that request a weight of 700 would get the 800 weight instead of the 600 weight, which caused the text to look too heavy. Therefore, the apparent visual change is from a weight change from 600 to 800. In general, this is working as intended. However, text on Yahoo Japan looks too heavy in weight 800. Instead, this patch adds a quirk specific to Yahoo Japan that overwrites any font requests to give them a weight of 600 instead of 700. This way, the lighter font will be used. No new tests because quirks cannot be tested. * css/CSSFontSelector.cpp: (WebCore::resolveGenericFamily): (WebCore::CSSFontSelector::fontRangesForFamily): * page/Quirks.cpp: (WebCore::Quirks::shouldLightenJapaneseBoldSansSerif const): * page/Quirks.h: 2019-07-31 Alan Coon <alancoon@apple.com> Cherry-pick r247934. rdar://problem/53764085 MediaSource.isTypeSupported claims FLAC-in-MP4 support on iOS and macOS, but plays silence https://bugs.webkit.org/show_bug.cgi?id=198583 <rdar://problem/51487853> Reviewed by Maciej Stachowiak. * platform/graphics/avfoundation/objc/AVStreamDataParserMIMETypeCache.h: (WebCore::AVStreamDataParserMIMETypeCache::canDecodeType): Use anParseExtendedMIMEType: when it is available. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247934 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-29 Eric Carlson <eric.carlson@apple.com> MediaSource.isTypeSupported claims FLAC-in-MP4 support on iOS and macOS, but plays silence https://bugs.webkit.org/show_bug.cgi?id=198583 <rdar://problem/51487853> Reviewed by Maciej Stachowiak. * platform/graphics/avfoundation/objc/AVStreamDataParserMIMETypeCache.h: (WebCore::AVStreamDataParserMIMETypeCache::canDecodeType): Use anParseExtendedMIMEType: when it is available. 2019-07-31 Alan Coon <alancoon@apple.com> Cherry-pick r247915. rdar://problem/53764061 Force Reveal to always lookup from menu https://bugs.webkit.org/show_bug.cgi?id=200186 <rdar://problem/52967940> 2019-07-31 Simon Fraser <simon.fraser@apple.com> [iPadOS] Enable simulated mouse events on iqiyi.com to fix the video controls https://bugs.webkit.org/show_bug.cgi?id=200322 rdar://problem/53235709 Reviewed by Wenson Hsieh. iqiyi.com needs to get mouseMove events for dragging the video scrubber to work. * page/Quirks.cpp: (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): Reviewed by Tim Horton. We currently only have the 'lookup' menu item, so we should always force the 'lookup' action from it. Reveal is not currently testable. * editing/cocoa/DictionaryLookup.mm: (WebCore::showPopupOrCreateAnimationController): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247915 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-29 Megan Gardner <megan_gardner@apple.com> Force Reveal to always lookup from menu https://bugs.webkit.org/show_bug.cgi?id=200186 <rdar://problem/52967940> Reviewed by Tim Horton. We currently only have the 'lookup' menu item, so we should always force the 'lookup' action from it. Reveal is not currently testable. * editing/cocoa/DictionaryLookup.mm: (WebCore::showPopupOrCreateAnimationController): 2019-07-31 Alan Coon <alancoon@apple.com> Cherry-pick r247912. rdar://problem/53764200 REGRESSION (r246899): Subtitles show twice when controls show/hide on hulu.com https://bugs.webkit.org/show_bug.cgi?id=200187 rdar://problem/53511121 Reviewed by Zalan Bujtas. Source/WebCore: When a layer that painted into shared backing moved, we'd fail to repaint its old position because the RenderLayer's repaint rects are cleared via BackingSharingState::updateBeforeDescendantTraversal(). Recomputing repaint rects is expensive, so we only want to do it when necessary, which is for layers that start and stop sharing (going into and out of compositing already recomputes them). So add logic to RenderLayerBacking::setBackingSharingLayers() that recomputes repaint rects on layers that will no longer use shared backing, and those that are newly using shared backing. Test: compositing/shared-backing/backing-sharing-repaint.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::setBackingProviderLayer): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::setBackingSharingLayers): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::BackingSharingState::appendSharingLayer): (WebCore::RenderLayerCompositor::updateBacking): LayoutTests: * compositing/shared-backing/backing-sharing-repaint-expected.html: Added. * compositing/shared-backing/backing-sharing-repaint.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247912 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-29 Simon Fraser <simon.fraser@apple.com> REGRESSION (r246899): Subtitles show twice when controls show/hide on hulu.com https://bugs.webkit.org/show_bug.cgi?id=200187 rdar://problem/53511121 Reviewed by Zalan Bujtas. When a layer that painted into shared backing moved, we'd fail to repaint its old position because the RenderLayer's repaint rects are cleared via BackingSharingState::updateBeforeDescendantTraversal(). Recomputing repaint rects is expensive, so we only want to do it when necessary, which is for layers that start and stop sharing (going into and out of compositing already recomputes them). So add logic to RenderLayerBacking::setBackingSharingLayers() that recomputes repaint rects on layers that will no longer use shared backing, and those that are newly using shared backing. Test: compositing/shared-backing/backing-sharing-repaint.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::setBackingProviderLayer): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::setBackingSharingLayers): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::BackingSharingState::appendSharingLayer): (WebCore::RenderLayerCompositor::updateBacking): 2019-07-31 Alan Coon <alancoon@apple.com> Cherry-pick r247909. rdar://problem/53764231 The touch-action property was ignored on replaced elements (canvas, img etc) https://bugs.webkit.org/show_bug.cgi?id=200205 rdar://problem/53331224 Reviewed by Antti Koivisto. Source/WebCore: The event region painting code didn't handle replaced elements correctly, causing touch-action to get ignored for <canvas>, <img> etc. Fix by handling region painting in RenderReplaced. This still doesn't fix <iframe> but I'm not sure what the correct behavior is there (webkit.org/b/200204). Test: pointerevents/ios/touch-action-region-replaced-elements.html * rendering/RenderReplaced.cpp: (WebCore::RenderReplaced::paint): (WebCore::RenderReplaced::shouldPaint): LayoutTests: * pointerevents/ios/touch-action-region-replaced-elements-expected.txt: Added. * pointerevents/ios/touch-action-region-replaced-elements.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247909 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-29 Simon Fraser <simon.fraser@apple.com> The touch-action property was ignored on replaced elements (canvas, img etc) https://bugs.webkit.org/show_bug.cgi?id=200205 rdar://problem/53331224 Reviewed by Antti Koivisto. The event region painting code didn't handle replaced elements correctly, causing touch-action to get ignored for <canvas>, <img> etc. Fix by handling region painting in RenderReplaced. This still doesn't fix <iframe> but I'm not sure what the correct behavior is there (webkit.org/b/200204). Test: pointerevents/ios/touch-action-region-replaced-elements.html * rendering/RenderReplaced.cpp: (WebCore::RenderReplaced::paint): (WebCore::RenderReplaced::shouldPaint): 2019-07-31 Alan Coon <alancoon@apple.com> Cherry-pick r247891. rdar://problem/53764053 Expose the aria-label attribute for <video> elements. https://bugs.webkit.org/show_bug.cgi?id=200169 <rdar://problem/51754558> Patch by Andres Gonzalez <andresg_22@apple.com> on 2019-07-27 Reviewed by Chris Fleizach. Source/WebCore: Tests: accessibility/ios-simulator/media-with-aria-label.html accessibility/media-with-aria-label.html We now expose the <video> element to accessibility clients as long as auto-play is not enabled. * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper accessibilityIsWebInteractiveVideo]): LayoutTests: * accessibility/ios-simulator/media-with-aria-label-expected.txt: Added. * accessibility/ios-simulator/media-with-aria-label.html: Added. * accessibility/media-with-aria-label-expected.txt: Added. * accessibility/media-with-aria-label.html: Added. * platform/win/TestExpectations: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247891 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-27 Andres Gonzalez <andresg_22@apple.com> Expose the aria-label attribute for <video> elements. https://bugs.webkit.org/show_bug.cgi?id=200169 <rdar://problem/51754558> Reviewed by Chris Fleizach. Tests: accessibility/ios-simulator/media-with-aria-label.html accessibility/media-with-aria-label.html We now expose the <video> element to accessibility clients as long as auto-play is not enabled. * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper accessibilityIsWebInteractiveVideo]): 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247880. rdar://problem/53647903 Do not fire readystatechange events at documents about to get replaced by javascript URLs. <rdar://problem/51665406> and https://bugs.webkit.org/show_bug.cgi?id=198786 Reviewed by Ryosuke Niwa. Source/WebCore: Test: http/tests/dom/ready-state-on-javascript-replace.html We were firing too many readystatechange events, more than other browsers. Our behavior on this test with this patch now matches Chrome. (There was even an ancient FIXME alluding to this referencing a spec issue, and that issues has long been resolvedv) * loader/FrameLoader.cpp: (WebCore::FrameLoader::stopLoading): LayoutTests: * http/tests/dom/ready-state-on-javascript-replace-expected.txt: Added. * http/tests/dom/ready-state-on-javascript-replace.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247880 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-26 Brady Eidson <beidson@apple.com> Do not fire readystatechange events at documents about to get replaced by javascript URLs. <rdar://problem/51665406> and https://bugs.webkit.org/show_bug.cgi?id=198786 Reviewed by Ryosuke Niwa. Test: http/tests/dom/ready-state-on-javascript-replace.html We were firing too many readystatechange events, more than other browsers. Our behavior on this test with this patch now matches Chrome. (There was even an ancient FIXME alluding to this referencing a spec issue, and that issues has long been resolvedv) * loader/FrameLoader.cpp: (WebCore::FrameLoader::stopLoading): 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247879. rdar://problem/53648230 [iPadOS] wix.com cannot select a template to edit or view https://bugs.webkit.org/show_bug.cgi?id=200174 <rdar://problem/53281296> Reviewed by Simon Fraser. Opt out of simulated mouse event sending for template selection on wix.com. When wix.com receives a simulated mouse event during the touch events, it calls preventDefault() which prevents us from running the hover heuristics -> no click. * page/Quirks.cpp: (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247879 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-26 Zalan Bujtas <zalan@apple.com> [iPadOS] wix.com cannot select a template to edit or view https://bugs.webkit.org/show_bug.cgi?id=200174 <rdar://problem/53281296> Reviewed by Simon Fraser. Opt out of simulated mouse event sending for template selection on wix.com. When wix.com receives a simulated mouse event during the touch events, it calls preventDefault() which prevents us from running the hover heuristics -> no click. * page/Quirks.cpp: (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247873. rdar://problem/53648217 slides.google.com: opening speaker notes while presenting causes a fatal error in the web app on iPad https://bugs.webkit.org/show_bug.cgi?id=199933 <rdar://problem/53034345> Reviewed by Darin Adler. docs.google.com might sometimes try to window.open an about URL that not about:blank or about:srcdoc. In that case, WebKit is opening a window but is considering that the window is cross origin with its opener. This breaks docs.google.com as they want to access the website. Add a site-specific hack so as to treat all about URLs being opened through window.open as about:blank. Manually tested on docs.google.com website. * page/DOMWindow.cpp: (WebCore::DOMWindow::createWindow): (WebCore::DOMWindow::open): * page/Quirks.cpp: (WebCore::Quirks::needsYouTubeOverflowScrollQuirk const): (WebCore::Quirks::shouldOpenAsAboutBlank const): * page/Quirks.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247873 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-26 Youenn Fablet <youenn@apple.com> slides.google.com: opening speaker notes while presenting causes a fatal error in the web app on iPad https://bugs.webkit.org/show_bug.cgi?id=199933 <rdar://problem/53034345> Reviewed by Darin Adler. docs.google.com might sometimes try to window.open an about URL that not about:blank or about:srcdoc. In that case, WebKit is opening a window but is considering that the window is cross origin with its opener. This breaks docs.google.com as they want to access the website. Add a site-specific hack so as to treat all about URLs being opened through window.open as about:blank. Manually tested on docs.google.com website. * page/DOMWindow.cpp: (WebCore::DOMWindow::createWindow): (WebCore::DOMWindow::open): * page/Quirks.cpp: (WebCore::Quirks::needsYouTubeOverflowScrollQuirk const): (WebCore::Quirks::shouldOpenAsAboutBlank const): * page/Quirks.h: 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247846. rdar://problem/53647613 Subpixel fringes around TextIndicator snapshots at non-integral scale factors https://bugs.webkit.org/show_bug.cgi?id=200145 Reviewed by Simon Fraser. * page/FrameSnapshotting.cpp: (WebCore::snapshotFrameRectWithClip): * page/FrameSnapshotting.h: * page/TextIndicator.cpp: (WebCore::snapshotOptionsForTextIndicatorOptions): Round the scale factor up, and snappily enclose the clip rects. TextIndicator doesn't require the use of the precise scale factor that the page is painted at, but we want it to be sharp, so we overshoot! git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247846 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-25 Tim Horton <timothy_horton@apple.com> Subpixel fringes around TextIndicator snapshots at non-integral scale factors https://bugs.webkit.org/show_bug.cgi?id=200145 Reviewed by Simon Fraser. * page/FrameSnapshotting.cpp: (WebCore::snapshotFrameRectWithClip): * page/FrameSnapshotting.h: * page/TextIndicator.cpp: (WebCore::snapshotOptionsForTextIndicatorOptions): Round the scale factor up, and snappily enclose the clip rects. TextIndicator doesn't require the use of the precise scale factor that the page is painted at, but we want it to be sharp, so we overshoot! 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247840. rdar://problem/53647624 REGRESSION (r243637): Some web fonts fail to load on Google docs https://bugs.webkit.org/show_bug.cgi?id=200106 Reviewed by Geoffrey Garen. Prior to r243637, WebKit threw an exception if the font family name didn't parse as a CSS identifier in the setter of `family` IDL attribute of FontFace interface because WebKit implemented the old spec faithfully unlike Chrome and Firefox which basically treated it as a string and didn't throw any exception. [1] To account for this browser behavior difference, Google docs implemented a workaround for Safari which is to wrap some identifiers in font family names with quotation marks: `docs-Amatic SC` as `'docs-Amatic SC'` and `docs-Playfair Display` as `docs-'Playfair Display'`. Unfortunately, this in turn causes the latest Safari to not match these font face family with those that appear in stylesheet since we no longer parse it as a CSS identifier. This patch adds a site specific quirk for Google docs to undo this workaround by stripping away single quotation marks. [1] See https://github.com/w3c/csswg-drafts/issues/3776 for the context. * css/FontFace.cpp: (WebCore::FontFace::create): (WebCore::FontFace::setFamily): * css/FontFace.h: * css/FontFace.idl: * page/Quirks.cpp: (WebCore::Quirks::shouldStripQuotationMarkInFontFaceSetFamily const): * page/Quirks.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247840 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-25 Ryosuke Niwa <rniwa@webkit.org> REGRESSION (r243637): Some web fonts fail to load on Google docs https://bugs.webkit.org/show_bug.cgi?id=200106 Reviewed by Geoffrey Garen. Prior to r243637, WebKit threw an exception if the font family name didn't parse as a CSS identifier in the setter of `family` IDL attribute of FontFace interface because WebKit implemented the old spec faithfully unlike Chrome and Firefox which basically treated it as a string and didn't throw any exception. [1] To account for this browser behavior difference, Google docs implemented a workaround for Safari which is to wrap some identifiers in font family names with quotation marks: `docs-Amatic SC` as `'docs-Amatic SC'` and `docs-Playfair Display` as `docs-'Playfair Display'`. Unfortunately, this in turn causes the latest Safari to not match these font face family with those that appear in stylesheet since we no longer parse it as a CSS identifier. This patch adds a site specific quirk for Google docs to undo this workaround by stripping away single quotation marks. [1] See https://github.com/w3c/csswg-drafts/issues/3776 for the context. * css/FontFace.cpp: (WebCore::FontFace::create): (WebCore::FontFace::setFamily): * css/FontFace.h: * css/FontFace.idl: * page/Quirks.cpp: (WebCore::Quirks::shouldStripQuotationMarkInFontFaceSetFamily const): * page/Quirks.h: 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247839. rdar://problem/53647896 [iOS WK2] A top fixed bar can flicker when scrolling with the keyboard up https://bugs.webkit.org/show_bug.cgi?id=200105 rdar://problem/52871975 Reviewed by Wenson Hsieh. Source/WebCore: ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition() computes a visual viewport from the current scroll position and scrollableAreaSize(). This doesn't know anything about the impact of keyboards on the visual viewport, so it computes a too-large visual viewport when the keyboard is up, triggering incorrect manipulations of the layout viewport. This leads to the top bar flashing to position 0 when it should be hidden off the top. Fix by feeding into the scrolling tree the height of the visual viewport which takes FrameView::visualViewportOverrideRect() into account. This is stored on ScrollingStateFrameScrollingNode/ ScrollingTreeFrameScrollingNode. Test: scrollingcoordinator/ios/fixed-scrolling-with-keyboard.html * page/FrameView.h: * page/scrolling/AsyncScrollingCoordinator.cpp: (WebCore::AsyncScrollingCoordinator::setFrameScrollingNodeState): * page/scrolling/ScrollingStateFrameScrollingNode.cpp: (WebCore::ScrollingStateFrameScrollingNode::ScrollingStateFrameScrollingNode): (WebCore::ScrollingStateFrameScrollingNode::setPropertyChangedBitsAfterReattach): (WebCore::ScrollingStateFrameScrollingNode::setOverrideVisualViewportSize): (WebCore::ScrollingStateFrameScrollingNode::dumpProperties const): * page/scrolling/ScrollingStateFrameScrollingNode.h: * page/scrolling/ScrollingTree.cpp: (WebCore::ScrollingTree::commitTreeState): LOG_WITH_STREAM() doesn't evaluate scrollingTreeAsText() every time. * page/scrolling/ScrollingTreeFrameScrollingNode.cpp: (WebCore::ScrollingTreeFrameScrollingNode::commitStateBeforeChildren): (WebCore::ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition const): (WebCore::ScrollingTreeFrameScrollingNode::dumpProperties const): * page/scrolling/ScrollingTreeFrameScrollingNode.h: Source/WebKit: ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition() computes a visual viewport from the current scroll position and scrollableAreaSize(). This doesn't know anything about the impact of keyboards on the visual viewport, so it computes a too-large visual viewport when the keyboard is up, triggering incorrect manipulations of the layout viewport. This leads to the top bar flashing to position 0 when it should be hidden off the top. Fix by feeding into the scrolling tree the height of the visual viewport which takes FrameView::visualViewportOverrideRect() into account. This is stored on ScrollingStateFrameScrollingNode/ ScrollingTreeFrameScrollingNode. * Shared/RemoteLayerTree/RemoteScrollingCoordinatorTransaction.cpp: (ArgumentCoder<ScrollingStateFrameScrollingNode>::encode): (ArgumentCoder<ScrollingStateFrameScrollingNode>::decode): LayoutTests: * resources/ui-helper.js: (window.UIHelper.ensureStablePresentationUpdate.return.new.Promise): (window.UIHelper.ensureStablePresentationUpdate): * scrollingcoordinator/ios/fixed-scrolling-with-keyboard-expected.txt: Added. * scrollingcoordinator/ios/fixed-scrolling-with-keyboard.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247839 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247837. rdar://problem/53648220 Add helper for ignoring deprecated implementation warnings https://bugs.webkit.org/show_bug.cgi?id=200135 Reviewed by Wenson Hsieh. Add ALLOW_DEPRECATED_IMPLEMENTATIONS_BEGIN/END macro which is IGNORE_WARNINGS_BEGIN("deprecated-implementations") Source/WebCore: * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]): (-[WebAccessibilityObjectWrapper accessibilityIsAttributeSettable:]): (-[WebAccessibilityObjectWrapper accessibilityPerformAction:]): (-[WebAccessibilityObjectWrapper accessibilitySetValue:forAttribute:]): (-[WebAccessibilityObjectWrapper accessibilityActionDescription:]): (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]): (-[WebAccessibilityObjectWrapper IGNORE_WARNINGS_END]): Deleted. * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: (-[WebAVStreamDataParserListener streamDataParserWillProvideContentKeyRequestInitializationData:forTrackID:]): (-[WebAVStreamDataParserListener streamDataParser:didProvideContentKeyRequestInitializationData:forTrackID:]): * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm: (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveAuthenticationChallenge:]): (-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]): Source/WebKit: * UIProcess/API/Cocoa/LegacyBundleForClass.mm: * UIProcess/API/Cocoa/WKBrowsingContextController.mm: (IGNORE_WARNINGS_BEGIN): Deleted. * UIProcess/API/Cocoa/WKBrowsingContextGroup.mm: (IGNORE_WARNINGS_BEGIN): Deleted. * UIProcess/API/Cocoa/WKConnection.mm: (IGNORE_WARNINGS_BEGIN): Deleted. * UIProcess/API/Cocoa/WKPreviewElementInfo.mm: * UIProcess/API/Cocoa/WKProcessGroup.mm: (IGNORE_WARNINGS_BEGIN): Deleted. * UIProcess/API/Cocoa/WKTypeRefWrapper.mm: * UIProcess/API/Cocoa/WKWebView.mm: (-[WKWebView ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WKWebView draggedImage:endedAt:operation:]): (-[WKWebView accessibilityAttributeValue:]): (-[WKWebView accessibilityAttributeValue:forParameter:]): (-[WKWebView namesOfPromisedFilesDroppedAtDestination:]): (-[WKWebView IGNORE_WARNINGS_END]): Deleted. * UIProcess/API/Cocoa/WKWebViewConfiguration.mm: (-[WKWebViewConfiguration ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WKWebViewConfiguration _setWebsiteDataStore:]): (-[WKWebViewConfiguration IGNORE_WARNINGS_END]): Deleted. * UIProcess/API/Cocoa/_WKWebsiteDataStore.mm: * UIProcess/API/mac/WKView.mm: (-[WKView ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WKView draggedImage:endedAt:operation:]): (-[WKView accessibilityAttributeValue:]): (-[WKView accessibilityAttributeValue:forParameter:]): (-[WKView namesOfPromisedFilesDroppedAtDestination:]): (-[WKView IGNORE_WARNINGS_END]): Deleted. * UIProcess/WKImagePreviewViewController.mm: (-[WKImagePreviewViewController ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WKImagePreviewViewController IGNORE_WARNINGS_END]): Deleted. * UIProcess/ios/forms/WKAirPlayRoutePicker.mm: (-[WKAirPlayRoutePicker popoverControllerDidDismissPopover:]): * UIProcess/ios/forms/WKFileUploadPanel.mm: (-[WKFileUploadPanel popoverControllerDidDismissPopover:]): * UIProcess/ios/forms/WKFormPopover.mm: (-[WKRotatingPopover popoverControllerDidDismissPopover:]): * WebProcess/Plugins/PDF/PDFPlugin.mm: (-[WKPDFPluginAccessibilityObject ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WKPDFPluginAccessibilityObject accessibilityAttributeValue:]): (-[WKPDFPluginAccessibilityObject accessibilityAttributeValue:forParameter:]): (-[WKPDFPluginAccessibilityObject accessibilityPerformAction:]): (-[WKPDFPluginAccessibilityObject accessibilityIsAttributeSettable:]): (-[WKPDFPluginAccessibilityObject accessibilitySetValue:forAttribute:]): (-[WKPDFPluginAccessibilityObject IGNORE_WARNINGS_END]): Deleted. * WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.mm: (-[WKAccessibilityWebPageObject ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WKAccessibilityWebPageObject accessibilityIsAttributeSettable:]): (-[WKAccessibilityWebPageObject accessibilitySetValue:forAttribute:]): (-[WKAccessibilityWebPageObject accessibilityAttributeValue:]): (-[WKAccessibilityWebPageObject accessibilityAttributeValue:forParameter:]): (-[WKAccessibilityWebPageObject IGNORE_WARNINGS_END]): Deleted. Source/WebKitLegacy/mac: * Misc/WebDownload.mm: (-[WebDownload initWithRequest:delegate:]): * Misc/WebIconDatabase.mm: * Plugins/WebBaseNetscapePluginView.mm: (-[WebBaseNetscapePluginView ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WebBaseNetscapePluginView IGNORE_WARNINGS_END]): Deleted. * WebView/WebDynamicScrollBarsView.mm: (-[WebDynamicScrollBarsView ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WebDynamicScrollBarsView IGNORE_WARNINGS_END]): Deleted. * WebView/WebHTMLView.mm: (-[WebHTMLView draggingSourceOperationMaskForLocal:]): (-[WebHTMLView draggedImage:endedAt:operation:]): (-[WebHTMLView namesOfPromisedFilesDroppedAtDestination:]): (-[WebHTMLView accessibilityAttributeValue:]): (-[WebHTMLView ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WebHTMLView characterIndexForPoint:]): (-[WebHTMLView firstRectForCharacterRange:]): (-[WebHTMLView attributedSubstringFromRange:]): (-[WebHTMLView setMarkedText:selectedRange:]): (-[WebHTMLView doCommandBySelector:]): (-[WebHTMLView insertText:]): (-[WebHTMLView IGNORE_WARNINGS_END]): Deleted. Source/WTF: * wtf/Compiler.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247837 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-25 Dean Jackson <dino@apple.com> Add helper for ignoring deprecated implementation warnings https://bugs.webkit.org/show_bug.cgi?id=200135 Reviewed by Wenson Hsieh. Add ALLOW_DEPRECATED_IMPLEMENTATIONS_BEGIN/END macro which is IGNORE_WARNINGS_BEGIN("deprecated-implementations") * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]): (-[WebAccessibilityObjectWrapper accessibilityIsAttributeSettable:]): (-[WebAccessibilityObjectWrapper accessibilityPerformAction:]): (-[WebAccessibilityObjectWrapper accessibilitySetValue:forAttribute:]): (-[WebAccessibilityObjectWrapper accessibilityActionDescription:]): (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]): (-[WebAccessibilityObjectWrapper IGNORE_WARNINGS_END]): Deleted. * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: (-[WebAVStreamDataParserListener streamDataParserWillProvideContentKeyRequestInitializationData:forTrackID:]): (-[WebAVStreamDataParserListener streamDataParser:didProvideContentKeyRequestInitializationData:forTrackID:]): * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm: (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveAuthenticationChallenge:]): (-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]): 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247822. rdar://problem/53648211 Avoid UI Process hangs when the WebContent process is showing JS prompts / alerts https://bugs.webkit.org/show_bug.cgi?id=200107 <rdar://problem/53034592> Reviewed by Geoffrey Garen. Source/WebCore: Add testing infrastructure for SendSyncOption::ProcessIncomingSyncMessagesWhenWaitingForSyncReply. Test: fast/misc/testProcessIncomingSyncMessagesWhenWaitingForSyncReply.html * page/ChromeClient.h: * testing/Internals.cpp: (WebCore::Internals::testProcessIncomingSyncMessagesWhenWaitingForSyncReply): * testing/Internals.h: * testing/Internals.idl: Source/WebKit: * Platform/IPC/Connection.cpp: (IPC::Connection::SyncMessageState::incrementProcessIncomingSyncMessagesWhenWaitingForSyncReplyCount): (IPC::Connection::SyncMessageState::decrementProcessIncomingSyncMessagesWhenWaitingForSyncReplyCount): (IPC::Connection::SyncMessageState::processIncomingMessage): (IPC::Connection::sendSyncMessage): * Platform/IPC/Connection.h: Add support for new SendSyncOption::ProcessIncomingSyncMessagesWhenWaitingForSyncReply flag to allow processing incoming sync messages while sending a particular sync IPC. This is the default behavior in all processes except in the WebContent process, where we try to avoid re-entering to prevent bugs. This flag allows the WebContent process to change its default behavior for some specific IPCs, where we know it is safe to re-enter and where it benefits performance to re-renter. * NetworkProcess/NetworkConnectionToWebProcess.cpp: (WebKit::NetworkConnectionToWebProcess::testProcessIncomingSyncMessagesWhenWaitingForSyncReply): * NetworkProcess/NetworkConnectionToWebProcess.h: * NetworkProcess/NetworkConnectionToWebProcess.messages.in: * UIProcess/Network/NetworkProcessProxy.cpp: (WebKit::NetworkProcessProxy::didReceiveSyncMessage): (WebKit::NetworkProcessProxy::testProcessIncomingSyncMessagesWhenWaitingForSyncReply): * UIProcess/Network/NetworkProcessProxy.h: * UIProcess/Network/NetworkProcessProxy.messages.in: * WebProcess/WebCoreSupport/WebChromeClient.cpp: (WebKit::WebChromeClient::testProcessIncomingSyncMessagesWhenWaitingForSyncReply): * WebProcess/WebCoreSupport/WebChromeClient.h: * WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::testProcessIncomingSyncMessagesWhenWaitingForSyncReply): * WebProcess/WebPage/WebPage.h: (WebKit::WebPage::sendSyncWithDelayedReply): * WebProcess/WebPage/WebPage.messages.in: SendSyncOption::ProcessIncomingSyncMessagesWhenWaitingForSyncReply Add testing infrastructure for SendSyncOption::ProcessIncomingSyncMessagesWhenWaitingForSyncReply flag. * WebProcess/WebCoreSupport/WebChromeClient.cpp: (WebKit::WebChromeClient::runJavaScriptAlert): (WebKit::WebChromeClient::runJavaScriptConfirm): (WebKit::WebChromeClient::runJavaScriptPrompt): Use new SendSyncOption::ProcessIncomingSyncMessagesWhenWaitingForSyncReply flag when sending the synchronous IPC for JS alerts / prompt / confirm. This allows the WebProcess to process incoming synchronous IPC for other processes (in particular the UIProcess) while it is blocked on those synchronous IPCs. It is safe to re-enter the WebContent process on these sync IPCs since they are triggered by JS and we return to JS right after. This should avoid UIProcess hangs when the UIProcess is sending a sync IPC to the WebContent process, which is itself stuck on the sync IPC to show a JS alert. LayoutTests: Add layout test coverage for SendSyncOption::ProcessIncomingSyncMessagesWhenWaitingForSyncReply. Without the flag on the sendSync from the WebContent process of the NetworkConnectionToWebProcess::TestProcessIncomingSyncMessagesWhenWaitingForSyncReply IPC, the test would hang. This is because the WebContent process sends a sync IPC to the network process, which in turns sends one to the UIProcess, which itself sends one back to the WebContent process. This would attempt to re-enter the WebContent process which is currently sending a sync IPC, which is not allowed by default. * fast/misc/testProcessIncomingSyncMessagesWhenWaitingForSyncReply-expected.txt: Added. * fast/misc/testProcessIncomingSyncMessagesWhenWaitingForSyncReply.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247822 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-25 Chris Dumez <cdumez@apple.com> Avoid UI Process hangs when the WebContent process is showing JS prompts / alerts https://bugs.webkit.org/show_bug.cgi?id=200107 <rdar://problem/53034592> Reviewed by Geoffrey Garen. Add testing infrastructure for SendSyncOption::ProcessIncomingSyncMessagesWhenWaitingForSyncReply. Test: fast/misc/testProcessIncomingSyncMessagesWhenWaitingForSyncReply.html * page/ChromeClient.h: * testing/Internals.cpp: (WebCore::Internals::testProcessIncomingSyncMessagesWhenWaitingForSyncReply): * testing/Internals.h: * testing/Internals.idl: 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247792. rdar://problem/53647626 Daring Fireball long press highlights are unnecessarily inflated due to false illegibility https://bugs.webkit.org/show_bug.cgi?id=200064 Reviewed by Geoff Garen. Source/WebCore: If we consider text illegible on the given estimated background color, we bail from doing a tightly fitted selection-only TextIndicator and instead just paint the page without modification into the indicator, causing ugly overlap and an excessively inflated indicator. Change the mechanism we use to determine illegibility to be based on a standard, instead of a constant chosen by hand 13 years ago. Test: fast/text-indicator/text-indicator-with-low-contrast-text.html * platform/graphics/ColorUtilities.cpp: (WebCore::luminance): Fix a typo. (WebCore::contrastRatio): Add a function that computes the contrast ratio given two colors using the formula from WCAG. * platform/graphics/ColorUtilities.h: * rendering/TextPaintStyle.cpp: (WebCore::textColorIsLegibleAgainstBackgroundColor): Make use of WCAG's minimum legible contrast ratio instead of an arbitrary color difference cutoff for determining whether we consider text legible. It seems sensible and also considers the text on DF readable (which it seems to be to me!). * testing/Internals.cpp: (WebCore::Internals::TextIndicatorInfo::TextIndicatorInfo): * testing/Internals.h: * testing/Internals.idl: Expose all of the text rects to Internals, not just the bounding rect. Expose some more TextIndicator options to Internals so that we can turn on the legibility mechanism. LayoutTests: * fast/text-indicator/text-indicator-with-low-contrast-text-expected.txt: Added. * fast/text-indicator/text-indicator-with-low-contrast-text.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247792 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-24 Tim Horton <timothy_horton@apple.com> Daring Fireball long press highlights are unnecessarily inflated due to false illegibility https://bugs.webkit.org/show_bug.cgi?id=200064 Reviewed by Geoff Garen. If we consider text illegible on the given estimated background color, we bail from doing a tightly fitted selection-only TextIndicator and instead just paint the page without modification into the indicator, causing ugly overlap and an excessively inflated indicator. Change the mechanism we use to determine illegibility to be based on a standard, instead of a constant chosen by hand 13 years ago. Test: fast/text-indicator/text-indicator-with-low-contrast-text.html * platform/graphics/ColorUtilities.cpp: (WebCore::luminance): Fix a typo. (WebCore::contrastRatio): Add a function that computes the contrast ratio given two colors using the formula from WCAG. * platform/graphics/ColorUtilities.h: * rendering/TextPaintStyle.cpp: (WebCore::textColorIsLegibleAgainstBackgroundColor): Make use of WCAG's minimum legible contrast ratio instead of an arbitrary color difference cutoff for determining whether we consider text legible. It seems sensible and also considers the text on DF readable (which it seems to be to me!). * testing/Internals.cpp: (WebCore::Internals::TextIndicatorInfo::TextIndicatorInfo): * testing/Internals.h: * testing/Internals.idl: Expose all of the text rects to Internals, not just the bounding rect. Expose some more TextIndicator options to Internals so that we can turn on the legibility mechanism. 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247779. rdar://problem/53647892 Add per-document autoplay quirk for netflix.com. https://bugs.webkit.org/show_bug.cgi?id=200058 Reviewed by Eric Carlson. Opt netflix.com into the desktop-style per-document autoplay quirk. * page/Quirks.cpp: (WebCore::Quirks::needsPerDocumentAutoplayBehavior const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247779 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-24 Jer Noble <jer.noble@apple.com> Add per-document autoplay quirk for netflix.com. https://bugs.webkit.org/show_bug.cgi?id=200058 Reviewed by Eric Carlson. Opt netflix.com into the desktop-style per-document autoplay quirk. * page/Quirks.cpp: (WebCore::Quirks::needsPerDocumentAutoplayBehavior const): 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247756. rdar://problem/53648073 Long press hint has half blue shape in Feedly.com https://bugs.webkit.org/show_bug.cgi?id=200053 <rdar://problem/53323369> Reviewed by Simon Fraser. No new tests, because TextIndicator snapshots are not yet testable. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::paintForegroundForFragments): Paint ChildBlockBackgrounds when painting selection AND backgrounds; only exclude it when doing a selection-only paint. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247756 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-23 Tim Horton <timothy_horton@apple.com> Long press hint has half blue shape in Feedly.com https://bugs.webkit.org/show_bug.cgi?id=200053 <rdar://problem/53323369> Reviewed by Simon Fraser. No new tests, because TextIndicator snapshots are not yet testable. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::paintForegroundForFragments): Paint ChildBlockBackgrounds when painting selection AND backgrounds; only exclude it when doing a selection-only paint. 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247755. rdar://problem/53575423 AX: CrashTracer: com.apple.WebKit.WebContent at WebKit: WebKit::WebSpeechSynthesisClient::speak https://bugs.webkit.org/show_bug.cgi?id=199988 Reviewed by Per Arne Vollan. Source/WebCore: Implement the reset state to cancel current speech jobs. * Modules/speech/SpeechSynthesis.cpp: (WebCore::SpeechSynthesis::startSpeakingImmediately): (WebCore::SpeechSynthesis::cancel): * platform/PlatformSpeechSynthesizer.h: * platform/ios/PlatformSpeechSynthesizerIOS.mm: (WebCore::PlatformSpeechSynthesizer::resetState): * platform/mac/PlatformSpeechSynthesizerMac.mm: (WebCore::PlatformSpeechSynthesizer::resetState): Source/WebKit: Improvements to WebSpeechSynthesis to avoid crashing and improve correctness. - Reset and cancel speech jobs on page close or reload (otherwise the synthesizer keeps talking after your page is gone) - Have a separate speech finish callback mechanism, use the start speaking callback when the synthesizer tells us. - Move an assert on utterance state to only apply when we use the in process synthesizer. * UIProcess/Cocoa/WebPageProxyCocoa.mm: (WebKit::WebPageProxy::didStartSpeaking): * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::reload): (WebKit::WebPageProxy::resetState): (WebKit::WebPageProxy::resetSpeechSynthesizer): (WebKit::WebPageProxy::speechSynthesisSetFinishedCallback): (WebKit::WebPageProxy::speechSynthesisSpeak): * UIProcess/WebPageProxy.h: * UIProcess/WebPageProxy.messages.in: * WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp: (WebKit::WebSpeechSynthesisClient::speak): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247755 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-23 Chris Fleizach <cfleizach@apple.com> AX: CrashTracer: com.apple.WebKit.WebContent at WebKit: WebKit::WebSpeechSynthesisClient::speak https://bugs.webkit.org/show_bug.cgi?id=199988 Reviewed by Per Arne Vollan. Implement the reset state to cancel current speech jobs. * Modules/speech/SpeechSynthesis.cpp: (WebCore::SpeechSynthesis::startSpeakingImmediately): (WebCore::SpeechSynthesis::cancel): * platform/PlatformSpeechSynthesizer.h: * platform/ios/PlatformSpeechSynthesizerIOS.mm: (WebCore::PlatformSpeechSynthesizer::resetState): * platform/mac/PlatformSpeechSynthesizerMac.mm: (WebCore::PlatformSpeechSynthesizer::resetState): 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247734. rdar://problem/53575394 Fix crashes in ScrollingStateNode::insertChild() https://bugs.webkit.org/show_bug.cgi?id=200023 rdar://problem/53265378 Reviewed by Darin Adler. Crash data suggest that ScrollingStateNode::insertChild() can be passed an index that is larger than the size of the vector, causing crashes. Fix defensively by falling back to append() if the passed index is equal to or larger than the size of the children vector. * page/scrolling/ScrollingStateNode.cpp: (WebCore::ScrollingStateNode::insertChild): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247734 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-22 Simon Fraser <simon.fraser@apple.com> Fix crashes in ScrollingStateNode::insertChild() https://bugs.webkit.org/show_bug.cgi?id=200023 rdar://problem/53265378 Reviewed by Darin Adler. Crash data suggest that ScrollingStateNode::insertChild() can be passed an index that is larger than the size of the vector, causing crashes. Fix defensively by falling back to append() if the passed index is equal to or larger than the size of the children vector. * page/scrolling/ScrollingStateNode.cpp: (WebCore::ScrollingStateNode::insertChild): 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247730. rdar://problem/53647886 Long press hint of AirPods buy buttons are tall and narrow during animation https://bugs.webkit.org/show_bug.cgi?id=200036 <rdar://problem/53145697> Reviewed by Wenson Hsieh. Source/WebCore: New test: fast/text-indicator/text-indicator-with-tiny-child.html * dom/Range.cpp: (WebCore::Range::borderAndTextRects const): * dom/Range.h: Add a BoundingRectBehavior that ignores 1x1 and smaller rects. * page/TextIndicator.cpp: (WebCore::absoluteBoundingRectForRange): Enable IgnoreTinyRects. LayoutTests: * fast/text-indicator/text-indicator-with-tiny-child-expected.txt: Added. * fast/text-indicator/text-indicator-with-tiny-child.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247730 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-23 Tim Horton <timothy_horton@apple.com> Long press hint of AirPods buy buttons are tall and narrow during animation https://bugs.webkit.org/show_bug.cgi?id=200036 <rdar://problem/53145697> Reviewed by Wenson Hsieh. New test: fast/text-indicator/text-indicator-with-tiny-child.html * dom/Range.cpp: (WebCore::Range::borderAndTextRects const): * dom/Range.h: Add a BoundingRectBehavior that ignores 1x1 and smaller rects. * page/TextIndicator.cpp: (WebCore::absoluteBoundingRectForRange): Enable IgnoreTinyRects. 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247722. rdar://problem/53647293 [macOS 10.15] Web process crashes when attempting to show the font panel via Font > Show Fonts https://bugs.webkit.org/show_bug.cgi?id=200021 <rdar://problem/53301325> Reviewed by Ryosuke Niwa. Source/WebCore: In macOS 10.15, attempting to access ~/Library/FontCollections/ from the web process causes a Sandbox violation and a subsequent crash. This can be triggered by trying to show the font panel via Font > Show Fonts in the context menu after right clicking. In the (near) future, we should fix this by moving logic to show the font panel, color panel and styles panel from the Editor in the web process to the UI process in WebKit2. However, for the time being, we can just work around this by adding a new EditorClient hook to determine whether to allow the font panel to show; this returns true in the legacy macOS WebKit port, and false everywhere else. Test: editing/mac/style/do-not-crash-when-showing-font-panel.html * editing/mac/EditorMac.mm: (WebCore::Editor::showFontPanel): * loader/EmptyClients.cpp: * page/EditorClient.h: Source/WebKit: Always return false from canShowFontPanel in WebKit2. * WebProcess/WebCoreSupport/WebEditorClient.h: Source/WebKitLegacy/mac: Implement a new editing client hook. In WebKit1, this always returns true on macOS and false on iOS. * WebCoreSupport/WebEditorClient.h: Source/WebKitLegacy/win: Implement a new editing client hook. * WebCoreSupport/WebEditorClient.h: Tools: Add support for grabbing the child menu items of a context menu item. * WebKitTestRunner/InjectedBundle/EventSendingController.cpp: (WTR::getMenuItemChildrenCallback): LayoutTests: Add a new layout test to verify that attempting to show the font panel doesn't crash the web process in WebKit2. This test is skipped in WebKit1, since EventSender::contextClick() in WebKit1 only returns an array of strings corresponding to the titles of each menu item. * editing/mac/style/do-not-crash-when-showing-font-panel-expected.txt: Added. * editing/mac/style/do-not-crash-when-showing-font-panel.html: Added. * platform/mac-wk1/TestExpectations: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247722 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-23 Wenson Hsieh <wenson_hsieh@apple.com> [macOS 10.15] Web process crashes when attempting to show the font panel via Font > Show Fonts https://bugs.webkit.org/show_bug.cgi?id=200021 <rdar://problem/53301325> Reviewed by Ryosuke Niwa. In macOS 10.15, attempting to access ~/Library/FontCollections/ from the web process causes a Sandbox violation and a subsequent crash. This can be triggered by trying to show the font panel via Font > Show Fonts in the context menu after right clicking. In the (near) future, we should fix this by moving logic to show the font panel, color panel and styles panel from the Editor in the web process to the UI process in WebKit2. However, for the time being, we can just work around this by adding a new EditorClient hook to determine whether to allow the font panel to show; this returns true in the legacy macOS WebKit port, and false everywhere else. Test: editing/mac/style/do-not-crash-when-showing-font-panel.html * editing/mac/EditorMac.mm: (WebCore::Editor::showFontPanel): * loader/EmptyClients.cpp: * page/EditorClient.h: 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247720. rdar://problem/53647897 WebKit should strip away system font names from the pasted content https://bugs.webkit.org/show_bug.cgi?id=199975 <rdar://problem/53336353> Reviewed by Darin Adler. Source/WebCore: Cocoa HTML Writer sometimes generate system font names such as ".AppleSystemUIFont", ".SFUI-Regular", and ".SF UI Mono". We need to strip away these font names upon paste to avoid these font names falling back to Times New Roman. Added the code to strip these font names away in EditingStyle::mergeStyleFromRulesForSerialization, which is used by StylizedMarkupAccumulator to generate HTML during copy. This works because WebContentReader::readWebArchive invokes sanitizeMarkupWithArchive which inserts the pasteboard content into a temporary document then re-serializes back to HTML using StylizedMarkupAccumulator before the actual pasting happens. This approach has a few benefits over stripping away these font names in ReplaceSelectionCommand: 1. It would only affect clients that opts-in to copy & paste sanitization. e.g. it won't affect legacy WebKit clients and those that opt out of pasteboard content sanitization. 2. It preserves font names such as ".SF Blah" that a website may insert as some kind of house keeping purposes if ever. While we don't have any evidence that there is any such a website but it's a real risk nonetheless. The copy side fix would only affect cross-site and cross-app pasting, which is rare and less likely to affect real user scenarios. 3. It avoids exposing bogus .Apple* or .SF* font names to websites that directly use event.clipboardData.getData. Indeed stripping away bogus markup like this is one of the key features / benefit of using copy & paste sanitization. Test: editing/pasteboard/paste-cocoa-writer-markup-with-system-fonts.html * editing/EditingStyle.cpp: (WebCore::usesForbiddenSystemFontAsOnlyFontFamilyName): Added. (WebCore::EditingStyle::mergeStyleFromRulesForSerialization): Added the code to remove font-family property when needed. * platform/graphics/FontCache.h: * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::isSystemFont): Moved. (WebCore::FontCache::isSystemFontForbiddenForEditing): Added. * platform/graphics/freetype/FontCacheFreeType.cpp: (WebCore::FontCache::isSystemFontForbiddenForEditing): Added. Always returns false. * platform/graphics/win/FontCacheWin.cpp: (WebCore::FontCache::isSystemFontForbiddenForEditing): Ditto. Tools: Added a test to strip away system font names such as ".AppleSystemUIFont", ".SFUI-Regular", and ".SF UI Mono". * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm: * TestWebKitAPI/Tests/WebKitCocoa/cocoa-writer-markup-with-system-fonts.html: Added. LayoutTests: Added a test for ClipboardData.getData returning the original markup and execCommand('insertHTML', ~) not stripping away system font names. * editing/pasteboard/paste-cocoa-writer-markup-with-system-fonts-expected.txt: Added. * editing/pasteboard/paste-cocoa-writer-markup-with-system-fonts.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247720 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-23 Ryosuke Niwa <rniwa@webkit.org> WebKit should strip away system font names from the pasted content https://bugs.webkit.org/show_bug.cgi?id=199975 <rdar://problem/53336353> Reviewed by Darin Adler. Cocoa HTML Writer sometimes generate system font names such as ".AppleSystemUIFont", ".SFUI-Regular", and ".SF UI Mono". We need to strip away these font names upon paste to avoid these font names falling back to Times New Roman. Added the code to strip these font names away in EditingStyle::mergeStyleFromRulesForSerialization, which is used by StylizedMarkupAccumulator to generate HTML during copy. This works because WebContentReader::readWebArchive invokes sanitizeMarkupWithArchive which inserts the pasteboard content into a temporary document then re-serializes back to HTML using StylizedMarkupAccumulator before the actual pasting happens. This approach has a few benefits over stripping away these font names in ReplaceSelectionCommand: 1. It would only affect clients that opts-in to copy & paste sanitization. e.g. it won't affect legacy WebKit clients and those that opt out of pasteboard content sanitization. 2. It preserves font names such as ".SF Blah" that a website may insert as some kind of house keeping purposes if ever. While we don't have any evidence that there is any such a website but it's a real risk nonetheless. The copy side fix would only affect cross-site and cross-app pasting, which is rare and less likely to affect real user scenarios. 3. It avoids exposing bogus .Apple* or .SF* font names to websites that directly use event.clipboardData.getData. Indeed stripping away bogus markup like this is one of the key features / benefit of using copy & paste sanitization. Test: editing/pasteboard/paste-cocoa-writer-markup-with-system-fonts.html * editing/EditingStyle.cpp: (WebCore::usesForbiddenSystemFontAsOnlyFontFamilyName): Added. (WebCore::EditingStyle::mergeStyleFromRulesForSerialization): Added the code to remove font-family property when needed. * platform/graphics/FontCache.h: * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::isSystemFont): Moved. (WebCore::FontCache::isSystemFontForbiddenForEditing): Added. * platform/graphics/freetype/FontCacheFreeType.cpp: (WebCore::FontCache::isSystemFontForbiddenForEditing): Added. Always returns false. * platform/graphics/win/FontCacheWin.cpp: (WebCore::FontCache::isSystemFontForbiddenForEditing): Ditto. 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247714. rdar://problem/53647616 [bmalloc] Each IsoPage gets 1MB VA because VMHeap::tryAllocateLargeChunk rounds up https://bugs.webkit.org/show_bug.cgi?id=200024 Reviewed by Saam Barati. Source/bmalloc: When we allocate IsoHeap's page, we reused VMHeap::tryAllocateLargeChunk. However, this function is originally designed to be used for Large allocation in bmalloc (e.g. allocating Chunk in bmalloc). As a result, this function rounds up the requested size with 1MB (bmalloc::chunkSize). As a result, all IsoHeap's 16KB page gets 1MB VA while it just uses 16KB of the allocated region. This leads to VA exhaustion since IsoHeap now uses 64x VA than we expected! This patch fixes the above VA exhaustion issue by allocating a page by using tryVMAllocate. When allocating a page, we start using a VM tag for IsoHeap. We discussed at e-mail and we decided reusing a VM tag previously assigned to CLoop Stack since this is less profitable. Since this tag is not Malloc-related tag, Leaks tool can scan memory region conservatively without registering allocated region into Zone, which was previously done in VMHeap and that's why we reused VMHeap for IsoHeap. * bmalloc/BVMTags.h: * bmalloc/IsoPage.cpp: (bmalloc::IsoPageBase::allocatePageMemory): * bmalloc/IsoTLS.cpp: (bmalloc::IsoTLS::ensureEntries): * bmalloc/VMAllocate.h: (bmalloc::vmAllocate): Source/JavaScriptCore: Discussed and we decided to use this VM tag for IsoHeap instead of CLoop stack. 2019-07-24 Simon Fraser <simon.fraser@apple.com> [iOS WK2] A top fixed bar can flicker when scrolling with the keyboard up https://bugs.webkit.org/show_bug.cgi?id=200105 rdar://problem/52871975 Reviewed by Wenson Hsieh. ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition() computes a visual viewport from the current scroll position and scrollableAreaSize(). This doesn't know anything about the impact of keyboards on the visual viewport, so it computes a too-large visual viewport when the keyboard is up, triggering incorrect manipulations of the layout viewport. This leads to the top bar flashing to position 0 when it should be hidden off the top. Fix by feeding into the scrolling tree the height of the visual viewport which takes FrameView::visualViewportOverrideRect() into account. This is stored on ScrollingStateFrameScrollingNode/ ScrollingTreeFrameScrollingNode. Test: scrollingcoordinator/ios/fixed-scrolling-with-keyboard.html * page/FrameView.h: * page/scrolling/AsyncScrollingCoordinator.cpp: (WebCore::AsyncScrollingCoordinator::setFrameScrollingNodeState): * page/scrolling/ScrollingStateFrameScrollingNode.cpp: (WebCore::ScrollingStateFrameScrollingNode::ScrollingStateFrameScrollingNode): (WebCore::ScrollingStateFrameScrollingNode::setPropertyChangedBitsAfterReattach): (WebCore::ScrollingStateFrameScrollingNode::setOverrideVisualViewportSize): (WebCore::ScrollingStateFrameScrollingNode::dumpProperties const): * page/scrolling/ScrollingStateFrameScrollingNode.h: * page/scrolling/ScrollingTree.cpp: (WebCore::ScrollingTree::commitTreeState): LOG_WITH_STREAM() doesn't evaluate scrollingTreeAsText() every time. * page/scrolling/ScrollingTreeFrameScrollingNode.cpp: (WebCore::ScrollingTreeFrameScrollingNode::commitStateBeforeChildren): (WebCore::ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition const): (WebCore::ScrollingTreeFrameScrollingNode::dumpProperties const): * page/scrolling/ScrollingTreeFrameScrollingNode.h: * interpreter/CLoopStack.cpp: (JSC::CLoopStack::CLoopStack): Source/WebCore: Changed how we interpret VM tags. Add IsoHeap VM tag support, and rename WebAssembly tag to Gigacage tag. * page/ResourceUsageData.h: * page/ResourceUsageOverlay.h: * page/cocoa/ResourceUsageOverlayCocoa.mm: (WebCore::HistoricResourceUsageData::HistoricResourceUsageData): * page/cocoa/ResourceUsageThreadCocoa.mm: (WebCore::displayNameForVMTag): (WebCore::categoryForVMTag): Source/WTF: Start using a VM tag for IsoHeap instead of CLoop Stack. * wtf/OSAllocator.h: * wtf/VMTags.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247714 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-22 Yusuke Suzuki <ysuzuki@apple.com> [bmalloc] Each IsoPage gets 1MB VA because VMHeap::tryAllocateLargeChunk rounds up https://bugs.webkit.org/show_bug.cgi?id=200024 Reviewed by Saam Barati. Changed how we interpret VM tags. Add IsoHeap VM tag support, and rename WebAssembly tag to Gigacage tag. * page/ResourceUsageData.h: * page/ResourceUsageOverlay.h: * page/cocoa/ResourceUsageOverlayCocoa.mm: (WebCore::HistoricResourceUsageData::HistoricResourceUsageData): * page/cocoa/ResourceUsageThreadCocoa.mm: (WebCore::displayNameForVMTag): (WebCore::categoryForVMTag): 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247702. rdar://problem/53575409 [iOS] [WK1] UIWebView always jumps to the top left corner when scrolling to reveal the selection https://bugs.webkit.org/show_bug.cgi?id=200013 <rdar://problem/52526901> Reviewed by Simon Fraser. Source/WebCore: After <https://trac.webkit.org/r244141>, we no longer attempt to scroll to reveal the text selection in UIWebView after changing the selection, due to how we use the legacy document view rect in legacy WebKit when computing the visual viewport. This causes the viewRect in RenderLayer::scrollRectToVisible to be the same size as the content size, which then causes us to always scroll to the origin when revealing the selection. To make selection revealing work again in legacy WebKit, conditionally restore the old behavior of using the unobscured content rect as the view rect, only in the case where scrolling is delegated and the platform widget is present. Test: WebKitLegacy.ScrollToRevealSelection * page/FrameView.cpp: (WebCore::FrameView::viewRectExpandedByContentInsets const): (WebCore::FrameView::visualViewportRectExpandedByContentInsets const): Deleted. Additionally rename visualViewportRectExpandedByContentInsets to viewRectExpandedByContentInsets, to reflect the fact that this may either be the visual viewport rect or unobscured content rect. * page/FrameView.h: * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollRectToVisible): Tools: Add a new API test to verify that inserting text in UIWebView causes the document to scroll. * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WebKitLegacy/ios/ScrollToRevealSelection.mm: Added. (-[LegacyLoadingDelegate webViewDidFinishLoad:]): (-[LegacyLoadingDelegate waitForDidFinishLoad]): * TestWebKitAPI/ios/UIKitSPI.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247702 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-22 Wenson Hsieh <wenson_hsieh@apple.com> [iOS] [WK1] UIWebView always jumps to the top left corner when scrolling to reveal the selection https://bugs.webkit.org/show_bug.cgi?id=200013 <rdar://problem/52526901> Reviewed by Simon Fraser. After <https://trac.webkit.org/r244141>, we no longer attempt to scroll to reveal the text selection in UIWebView after changing the selection, due to how we use the legacy document view rect in legacy WebKit when computing the visual viewport. This causes the viewRect in RenderLayer::scrollRectToVisible to be the same size as the content size, which then causes us to always scroll to the origin when revealing the selection. To make selection revealing work again in legacy WebKit, conditionally restore the old behavior of using the unobscured content rect as the view rect, only in the case where scrolling is delegated and the platform widget is present. Test: WebKitLegacy.ScrollToRevealSelection * page/FrameView.cpp: (WebCore::FrameView::viewRectExpandedByContentInsets const): (WebCore::FrameView::visualViewportRectExpandedByContentInsets const): Deleted. Additionally rename visualViewportRectExpandedByContentInsets to viewRectExpandedByContentInsets, to reflect the fact that this may either be the visual viewport rect or unobscured content rect. * page/FrameView.h: * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollRectToVisible): 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247698. rdar://problem/53647459 Make sure the player underlying volume is correctly set after creating a new player https://bugs.webkit.org/show_bug.cgi?id=199974 <rdar://problem/52762559> Reviewed by Eric Carlson. Source/WebCore: When creating a player before starting to play, the volume might not be correctly initialized. Fix that by updating the volume like done for rate and muted state. A future refactoring should probably move that code in MediaPlayer. Add an internal API to query the volume value from the underlying player. Test: http/tests/media/audio-volume-zero.html * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::updateVolume): (WebCore::HTMLMediaElement::updatePlayState): (WebCore::HTMLMediaElement::effectiveVolume const): (WebCore::HTMLMediaElement::effectiveMuted const): * html/HTMLMediaElement.h: * testing/Internals.cpp: (WebCore::Internals::privatePlayerVolume): * testing/Internals.h: * testing/Internals.idl: * testing/Internals.mm: (WebCore::Internals::privatePlayerVolume): LayoutTests: * http/tests/media/128kbps-44khz.mp3: Added. * http/tests/media/audio-volume-zero-expected.txt: Added. * http/tests/media/audio-volume-zero.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247698 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-22 Youenn Fablet <youenn@apple.com> Make sure the player underlying volume is correctly set after creating a new player https://bugs.webkit.org/show_bug.cgi?id=199974 <rdar://problem/52762559> Reviewed by Eric Carlson. When creating a player before starting to play, the volume might not be correctly initialized. Fix that by updating the volume like done for rate and muted state. A future refactoring should probably move that code in MediaPlayer. Add an internal API to query the volume value from the underlying player. Test: http/tests/media/audio-volume-zero.html * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::updateVolume): (WebCore::HTMLMediaElement::updatePlayState): (WebCore::HTMLMediaElement::effectiveVolume const): (WebCore::HTMLMediaElement::effectiveMuted const): * html/HTMLMediaElement.h: * testing/Internals.cpp: (WebCore::Internals::privatePlayerVolume): * testing/Internals.h: * testing/Internals.idl: * testing/Internals.mm: (WebCore::Internals::privatePlayerVolume): 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247667. rdar://problem/53647463 [Text autosizing] Do not nuke the style on dynamicViewportSizeUpdate https://bugs.webkit.org/show_bug.cgi?id=199718 <rdar://problem/53344961> Reviewed by Simon Fraser. Source/WebCore: When the page scale changes (e.g. as the result of shink to fit mode) we need to visit all the text content on the page and check whether they need to be boosted. Currently we call setNeedsRecalcStyleInAllFrames() to accomplish it. Unfortunatelly setNeedsRecalcStyleInAllFrames destroys all the style information which means that the subsequent styleResolve() needs to start from scratch. This patch addresses this issue by directly adjusting the computed style information when text boosting is required and schedules layout accordingly. We also trigger this style adjusting on a timer so that rapid dynamicViewportSizeUpdate() calls won't trigger redundant layouts. * css/StyleResolver.cpp: (WebCore::hasTextChild): (WebCore::StyleResolver::adjustRenderStyleForTextAutosizing): (WebCore::hasTextChildren): Deleted. * css/StyleResolver.h: * page/FrameView.h: * page/Page.cpp: (WebCore::Page::invalidateTextAutoSizeInAllFrames): * page/Page.h: Source/WebKit: * WebProcess/WebPage/WebPage.cpp: (WebKit::m_textAutoSizingAdjustmentTimer): (WebKit::WebPage::close): (WebKit::WebPage::didCommitLoad): (WebKit::WebPage::textAutoSizingAdjustmentTimerFired): (WebKit::m_shrinkToFitContentTimer): Deleted. * WebProcess/WebPage/WebPage.h: * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::dynamicViewportSizeUpdate): (WebKit::WebPage::resetIdempotentTextAutosizingIfNeeded): (WebKit::WebPage::resetTextAutosizing): (WebKit::WebPage::viewportConfigurationChanged): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247667 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-20 Zalan Bujtas <zalan@apple.com> [Text autosizing] Do not nuke the style on dynamicViewportSizeUpdate https://bugs.webkit.org/show_bug.cgi?id=199718 <rdar://problem/53344961> Reviewed by Simon Fraser. When the page scale changes (e.g. as the result of shink to fit mode) we need to visit all the text content on the page and check whether they need to be boosted. Currently we call setNeedsRecalcStyleInAllFrames() to accomplish it. Unfortunatelly setNeedsRecalcStyleInAllFrames destroys all the style information which means that the subsequent styleResolve() needs to start from scratch. This patch addresses this issue by directly adjusting the computed style information when text boosting is required and schedules layout accordingly. We also trigger this style adjusting on a timer so that rapid dynamicViewportSizeUpdate() calls won't trigger redundant layouts. * css/StyleResolver.cpp: (WebCore::hasTextChild): (WebCore::StyleResolver::adjustRenderStyleForTextAutosizing): (WebCore::hasTextChildren): Deleted. * css/StyleResolver.h: * page/FrameView.h: * page/Page.cpp: (WebCore::Page::invalidateTextAutoSizeInAllFrames): * page/Page.h: 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247662. rdar://problem/53648208 Remote WebInspector should enable mock capture devices in UIProcess if doing it in WebProcess https://bugs.webkit.org/show_bug.cgi?id=199924 <rdar://problem/50552067> Reviewed by Devin Rousso. Source/WebCore: Add necessary API to set mock capture devices override. In case of desynchronization between webprocess and uiprocess, make sure to return early and fail capture instead of crashing. * inspector/InspectorClient.h: (WebCore::InspectorClient::setMockCaptureDevicesEnabled): * inspector/agents/InspectorPageAgent.cpp: (WebCore::InspectorPageAgent::disable): (WebCore::InspectorPageAgent::overrideSetting): * platform/mock/MockRealtimeMediaSourceCenter.cpp: Source/WebKit: Add IPC plumbery to pass inspector override value for mock capture devices. Add an override in UserMediaPermissionRequestManagerProxy so that the value stays in sync with web inspector. The override will be removed when web inspector goes away. * UIProcess/UserMediaPermissionRequestManagerProxy.cpp: (WebKit::UserMediaPermissionRequestManagerProxy::syncWithWebCorePrefs const): * UIProcess/UserMediaPermissionRequestManagerProxy.h: (WebKit::UserMediaPermissionRequestManagerProxy::setMockCaptureDevicesEnabledOverride): * UIProcess/WebInspectorProxy.cpp: (WebKit::WebInspectorProxy::setMockCaptureDevicesEnabled): * UIProcess/WebInspectorProxy.h: * UIProcess/WebInspectorProxy.messages.in: * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::setMockCaptureDevicesEnabledOverride): * UIProcess/WebPageProxy.h: * WebProcess/WebCoreSupport/WebInspectorClient.cpp: (WebKit::WebInspectorClient::setMockCaptureDevicesEnabled): * WebProcess/WebCoreSupport/WebInspectorClient.h: * WebProcess/WebPage/WebInspector.cpp: (WebKit::WebInspector::setMockCaptureDevicesEnabled): * WebProcess/WebPage/WebInspector.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247662 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-19 Youenn Fablet <youenn@apple.com> Remote WebInspector should enable mock capture devices in UIProcess if doing it in WebProcess https://bugs.webkit.org/show_bug.cgi?id=199924 <rdar://problem/50552067> Reviewed by Devin Rousso. Add necessary API to set mock capture devices override. In case of desynchronization between webprocess and uiprocess, make sure to return early and fail capture instead of crashing. * inspector/InspectorClient.h: (WebCore::InspectorClient::setMockCaptureDevicesEnabled): * inspector/agents/InspectorPageAgent.cpp: (WebCore::InspectorPageAgent::disable): (WebCore::InspectorPageAgent::overrideSetting): * platform/mock/MockRealtimeMediaSourceCenter.cpp: 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247649. rdar://problem/53647611 IndexedDB: error in starting version change transaction may be neglected https://bugs.webkit.org/show_bug.cgi?id=199818 <rdar://problem/52925738> Reviewed by Brady Eidson. For version change transaction, IDBServer didn't wait the result of beginTransaction on the background thread before giving the IDBClient the result of open request. In this case, beginTransaction may fail to update the DatabaseVersion in database file or set m_originalDatabaseInfoBeforeVersionChange, but the transaction was marked as started. When we later set m_databaseInfo with m_originalDatabaseInfoBeforeVersionChange, m_databaseInfo could become nullptr. To write a test for this, we will need to simulate an SQLite error. I manually tested this by crafting the SQLiteStatement in beginTransaction, making it an invalid statement, and verified that error event, instead of ungradeneeded event is dispatched to the IDBRequest. * Modules/indexeddb/server/UniqueIDBDatabase.cpp: (WebCore::IDBServer::UniqueIDBDatabase::startVersionChangeTransaction): (WebCore::IDBServer::UniqueIDBDatabase::performStartVersionChangeTransaction): (WebCore::IDBServer::UniqueIDBDatabase::didPerformStartVersionChangeTransaction): (WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete): (WebCore::IDBServer::UniqueIDBDatabase::beginTransactionInBackingStore): Deleted. * Modules/indexeddb/server/UniqueIDBDatabase.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247649 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-19 Sihui Liu <sihui_liu@apple.com> IndexedDB: error in starting version change transaction may be neglected https://bugs.webkit.org/show_bug.cgi?id=199818 <rdar://problem/52925738> Reviewed by Brady Eidson. For version change transaction, IDBServer didn't wait the result of beginTransaction on the background thread before giving the IDBClient the result of open request. In this case, beginTransaction may fail to update the DatabaseVersion in database file or set m_originalDatabaseInfoBeforeVersionChange, but the transaction was marked as started. When we later set m_databaseInfo with m_originalDatabaseInfoBeforeVersionChange, m_databaseInfo could become nullptr. To write a test for this, we will need to simulate an SQLite error. I manually tested this by crafting the SQLiteStatement in beginTransaction, making it an invalid statement, and verified that error event, instead of ungradeneeded event is dispatched to the IDBRequest. * Modules/indexeddb/server/UniqueIDBDatabase.cpp: (WebCore::IDBServer::UniqueIDBDatabase::startVersionChangeTransaction): (WebCore::IDBServer::UniqueIDBDatabase::performStartVersionChangeTransaction): (WebCore::IDBServer::UniqueIDBDatabase::didPerformStartVersionChangeTransaction): (WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete): (WebCore::IDBServer::UniqueIDBDatabase::beginTransactionInBackingStore): Deleted. * Modules/indexeddb/server/UniqueIDBDatabase.h: 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247627. rdar://problem/53648213 Enable simulated mouse events quirk for soundcloud.com https://bugs.webkit.org/show_bug.cgi?id=199908 <rdar://problem/52915981> Patch by Antoine Quint <graouts@apple.com> on 2019-07-18 Reviewed by Brent Fulgham. Scrubbing on soundcloud.com relies on mouse events alone when displaying on iPad with the desktop UA string. Opting into the simulated mouse events quirk makes scrubbing work and we also ensure that page scrolling is disabled as a result of scrubbing by returning true in shouldDispatchedSimulatedMouseEventsAssumeDefaultPrevented(). Also making a drive-by fix in shouldDispatchedSimulatedMouseEventsAssumeDefaultPrevented() to use a reference instead of a pointer when downcasting a null-checked pointer. * page/Quirks.cpp: (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): (WebCore::Quirks::shouldDispatchedSimulatedMouseEventsAssumeDefaultPrevented const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247627 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-18 Antoine Quint <graouts@apple.com> Enable simulated mouse events quirk for soundcloud.com https://bugs.webkit.org/show_bug.cgi?id=199908 <rdar://problem/52915981> Reviewed by Brent Fulgham. Scrubbing on soundcloud.com relies on mouse events alone when displaying on iPad with the desktop UA string. Opting into the simulated mouse events quirk makes scrubbing work and we also ensure that page scrolling is disabled as a result of scrubbing by returning true in shouldDispatchedSimulatedMouseEventsAssumeDefaultPrevented(). Also making a drive-by fix in shouldDispatchedSimulatedMouseEventsAssumeDefaultPrevented() to use a reference instead of a pointer when downcasting a null-checked pointer. * page/Quirks.cpp: (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): (WebCore::Quirks::shouldDispatchedSimulatedMouseEventsAssumeDefaultPrevented const): 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247621. rdar://problem/53648017 Ensure Quirks::shouldDispatchSimulatedMouseEvents() works for all Google Maps and Amazon domains https://bugs.webkit.org/show_bug.cgi?id=199904 <rdar://problem/53250104> Reviewed by Dean Jackson. Use topPrivatelyControlledDomain() to determine whether the URL is a Google or Amazon domain so as to apply Google Maps and Amazon quirks to all the various domain names used. * page/Quirks.cpp: (WebCore::Quirks::isAmazon const): (WebCore::Quirks::isGoogleMaps const): (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): (WebCore::Quirks::simulatedMouseEventTypeForTarget const): * page/Quirks.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247621 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-18 Antoine Quint <graouts@apple.com> Ensure Quirks::shouldDispatchSimulatedMouseEvents() works for all Google Maps and Amazon domains https://bugs.webkit.org/show_bug.cgi?id=199904 <rdar://problem/53250104> Reviewed by Dean Jackson. Use topPrivatelyControlledDomain() to determine whether the URL is a Google or Amazon domain so as to apply Google Maps and Amazon quirks to all the various domain names used. * page/Quirks.cpp: (WebCore::Quirks::isAmazon const): (WebCore::Quirks::isGoogleMaps const): (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): (WebCore::Quirks::simulatedMouseEventTypeForTarget const): * page/Quirks.h: 2019-07-29 Alan Coon <alancoon@apple.com> Cherry-pick r247620. rdar://problem/53519929 Crash under WebPage::boundaryEventOccurred https://bugs.webkit.org/show_bug.cgi?id=199907 Reviewed by Chris Fleizach. Add null pointer checks. No new tests, since I have not been able to reproduce this in a test. * Modules/speech/SpeechSynthesis.cpp: (WebCore::SpeechSynthesis::didStartSpeaking): (WebCore::SpeechSynthesis::didFinishSpeaking): (WebCore::SpeechSynthesis::didPauseSpeaking): (WebCore::SpeechSynthesis::didResumeSpeaking): (WebCore::SpeechSynthesis::speakingErrorOccurred): (WebCore::SpeechSynthesis::boundaryEventOccurred): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247620 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-18 Per Arne Vollan <pvollan@apple.com> Crash under WebPage::boundaryEventOccurred https://bugs.webkit.org/show_bug.cgi?id=199907 Reviewed by Chris Fleizach. Add null pointer checks. No new tests, since I have not been able to reproduce this in a test. * Modules/speech/SpeechSynthesis.cpp: (WebCore::SpeechSynthesis::didStartSpeaking): (WebCore::SpeechSynthesis::didFinishSpeaking): (WebCore::SpeechSynthesis::didPauseSpeaking): (WebCore::SpeechSynthesis::didResumeSpeaking): (WebCore::SpeechSynthesis::speakingErrorOccurred): (WebCore::SpeechSynthesis::boundaryEventOccurred): 2019-07-24 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247671. rdar://problem/53501836 Add accessibilityInsertText for text insertion in edit fields. https://bugs.webkit.org/show_bug.cgi?id=199973 Patch by Andres Gonzalez <andresg_22@apple.com> on 2019-07-20 Reviewed by Chris Fleizach. Source/WebCore: Tests: accessibility/insert-newline.html accessibility/ios-simulator/insert-newline.html Accessibility clients like VoiceOver and Voice Control were entering text in text fields by replacing the entire content of the field (SetValue) and then setting the insertion point to the appropriate offset (SetSelectedTextRange). accessibilityInsertText gives a simpler interface to clients to insert text at the insertion point location. In addition, this provides a workaround for the issue encountered with the previous method when inserting a linebreak. * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::insertText): * accessibility/AccessibilityObject.h: * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper accessibilityInsertText:]): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilityInsertText:]): Tools: Glue code to run new LayoutTests. * WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h: * WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl: * WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp: (WTR::AccessibilityUIElement::insertText): * WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm: (WTR::AccessibilityUIElement::insertText): * WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm: (WTR::AccessibilityUIElement::insertText): * WebKitTestRunner/InjectedBundle/win/AccessibilityUIElementWin.cpp: (WTR::AccessibilityUIElement::insertText): LayoutTests: Tests for inserting a newline in the middle of a text line and checking that the insertion point and text ranges are correct. * accessibility/insert-newline-expected.txt: Added. * accessibility/insert-newline.html: Added. * accessibility/ios-simulator/insert-newline-expected.txt: Added. * accessibility/ios-simulator/insert-newline.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247671 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-20 Andres Gonzalez <andresg_22@apple.com> Add accessibilityInsertText for text insertion in edit fields. https://bugs.webkit.org/show_bug.cgi?id=199973 Reviewed by Chris Fleizach. Tests: accessibility/insert-newline.html accessibility/ios-simulator/insert-newline.html Accessibility clients like VoiceOver and Voice Control were entering text in text fields by replacing the entire content of the field (SetValue) and then setting the insertion point to the appropriate offset (SetSelectedTextRange). accessibilityInsertText gives a simpler interface to clients to insert text at the insertion point location. In addition, this provides a workaround for the issue encountered with the previous method when inserting a linebreak. * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::insertText): * accessibility/AccessibilityObject.h: * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper accessibilityInsertText:]): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilityInsertText:]): 2019-07-24 Alan Coon <alancoon@apple.com> Apply patch. rdar://problem/53483188 Disable ENABLE_LAYOUT_FORMATTING_CONTEXT https://bugs.webkit.org/show_bug.cgi?id=200038 <rdar://problem/53457282> Reviewed by Zalan Bujtas. This feature is not complete. It is enabled for the trunk, but needs to be disabled in branches for shipping products. Source/JavaScriptCore: * Configurations/FeatureDefines.xcconfig: Source/WebCore: No new tests -- this change does not add any new functionality. * Configurations/FeatureDefines.xcconfig: Source/WebCore/PAL: * Configurations/FeatureDefines.xcconfig: Source/WebKit: * Configurations/FeatureDefines.xcconfig: Source/WebKitLegacy/mac: * Configurations/FeatureDefines.xcconfig: Tools: * TestWebKitAPI/Configurations/FeatureDefines.xcconfig: 2019-07-23 Keith Rollin <krollin@apple.com> Disable ENABLE_LAYOUT_FORMATTING_CONTEXT https://bugs.webkit.org/show_bug.cgi?id=200038 <rdar://problem/53457282> Reviewed by Zalan Bujtas. This feature is not complete. It is enabled for the trunk, but needs to be disabled in branches for shipping products. No new tests -- this change does not add any new functionality. * Configurations/FeatureDefines.xcconfig: 2019-07-24 Alan Coon <alancoon@apple.com> Cherry-pick r247746. rdar://problem/53483297 [iOS] Tapping the search field on a search results page on zillow.com shows and immediately dismisses the keyboard https://bugs.webkit.org/show_bug.cgi?id=200044 <rdar://problem/53103732> Reviewed by Wenson Hsieh. Source/WebCore: 1. The keyboard gets dismissed as the result of scroll event. 2. The (horizontal)scroll event is initiated by WebKit as we try to re-center the content. 3. The content gets off-centered as the result of the newly constructed drop-down menu which slightly sticks out of the document to the right (layout overflows). It works with shipping version of iOS because _zoomToFocusRect operates on stale viewport information (see r244494 for the progression). This patch applies a site specific quirk to restore shipping behavior. * page/Quirks.cpp: (WebCore::Quirks::shouldAvoidScrollingWhenFocusedContentIsVisible const): * page/Quirks.h: Source/WebKit: * Shared/FocusedElementInformation.cpp: (WebKit::FocusedElementInformation::encode const): (WebKit::FocusedElementInformation::decode): * Shared/FocusedElementInformation.h: * UIProcess/API/Cocoa/WKWebView.mm: (-[WKWebView _zoomToFocusRect:selectionRect:insideFixed:fontSize:minimumScale:maximumScale:allowScaling:forceScroll:]): * UIProcess/ios/WKContentViewInteraction.h: * UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView _elementDidBlur]): (-[WKContentView _shouldAvoidScrollingWhenFocusedContentIsVisible]): * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::getFocusedElementInformation): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247746 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-23 Zalan Bujtas <zalan@apple.com> [iOS] Tapping the search field on a search results page on zillow.com shows and immediately dismisses the keyboard https://bugs.webkit.org/show_bug.cgi?id=200044 <rdar://problem/53103732> Reviewed by Wenson Hsieh. 1. The keyboard gets dismissed as the result of scroll event. 2. The (horizontal)scroll event is initiated by WebKit as we try to re-center the content. 3. The content gets off-centered as the result of the newly constructed drop-down menu which slightly sticks out of the document to the right (layout overflows). It works with shipping version of iOS because _zoomToFocusRect operates on stale viewport information (see r244494 for the progression). This patch applies a site specific quirk to restore shipping behavior. * page/Quirks.cpp: (WebCore::Quirks::shouldAvoidScrollingWhenFocusedContentIsVisible const): * page/Quirks.h: 2019-07-24 Alan Coon <alancoon@apple.com> Cherry-pick r247674. rdar://problem/53483189 [iOS] Fast and complex text codepaths disagree about how to lay out bopomofo with tone marks https://bugs.webkit.org/show_bug.cgi?id=199912 <rdar://problem/52182454> Reviewed by Simon Fraser. Source/WebCore: This is because CoreText has special composition rules for CJK languages, which we don't have in our simple text codepath. Rather than implementing the composition rules in WebKit, we can simply disable them in CoreText. Test: fast/text/international/system-language/composition.html * platform/graphics/mac/SimpleFontDataCoreText.cpp: (WebCore::Font::getCFStringAttributes const): Source/WebCore/PAL: * pal/spi/cocoa/CoreTextSPI.h: LayoutTests: * css3/font-feature-font-face-local-expected.html: * css3/font-feature-font-face-local.html: * editing/mac/selection/word-thai-expected.txt: * editing/mac/selection/word-thai.html: * fast/text/international/system-language/composition-expected.txt: Added. * fast/text/international/system-language/composition.html: Added. * platform/ios/fast/text/crash-complex-text-surrogate-expected.txt: * svg/custom/glyph-selection-arabic-forms-expected.txt: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247674 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-21 Myles C. Maxfield <mmaxfield@apple.com> [iOS] Fast and complex text codepaths disagree about how to lay out bopomofo with tone marks https://bugs.webkit.org/show_bug.cgi?id=199912 <rdar://problem/52182454> Reviewed by Simon Fraser. This is because CoreText has special composition rules for CJK languages, which we don't have in our simple text codepath. Rather than implementing the composition rules in WebKit, we can simply disable them in CoreText. Test: fast/text/international/system-language/composition.html * platform/graphics/mac/SimpleFontDataCoreText.cpp: (WebCore::Font::getCFStringAttributes const): 2019-07-23 Alan Coon <alancoon@apple.com> Cherry-pick r247701. rdar://problem/53449745 Correct web audio-related crash in seed reports https://bugs.webkit.org/show_bug.cgi?id=200009 <rdar://problem/51565203> Reviewed by Per Arne Vollan. Source/WebCore: Update the 'createMix' method to do proper return value checking so that we can clear the result of MTAudioProcessingTapCreate if the create operation failed. * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm: (WebCore::AudioSourceProviderAVFObjC::createMix): Source/WebKit: Revise the iOS sandbox to allow the WebContent process to communicate with the 'com.apple.coremedia.audioprocessingtap.xpc' service, which is needed by some types of WebAudio. * WebProcess/com.apple.WebKit.WebContent.sb.in: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247701 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-22 Brent Fulgham <bfulgham@apple.com> Correct web audio-related crash in seed reports https://bugs.webkit.org/show_bug.cgi?id=200009 <rdar://problem/51565203> Reviewed by Per Arne Vollan. Update the 'createMix' method to do proper return value checking so that we can clear the result of MTAudioProcessingTapCreate if the create operation failed. * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm: (WebCore::AudioSourceProviderAVFObjC::createMix): 2019-07-23 Alan Coon <alancoon@apple.com> Cherry-pick r247652. rdar://problem/53423997 Add a menu item to toggle between showing and hiding link previews https://bugs.webkit.org/show_bug.cgi?id=199940 <rdar://problem/53032288> Reviewed by Beth Dakin. Source/WebCore: New strings for Show/Hide Link Previews. * en.lproj/Localizable.strings: Source/WebKit: Add a new _WKElementAction that toggles the display of link previews in context menus, and add it to the default set of actions we provide for links. When a UIAction is created from this new _WKElementAction type, it can be identified by WKElementActionTypeToggleShowLinkPreviewsIdentifier. This allows us to check a UIMenu provided by a delegate to make sure that they have provided the toggle menu item. If they haven't, we add it back. The preference for showing links is moved from kCFPreferencesAnyApplication to standard user defaults, so that it can be set no matter what the hosting application is. * UIProcess/API/Cocoa/_WKElementAction.h: New action type. * UIProcess/API/Cocoa/_WKElementAction.mm: (+[_WKElementAction _elementActionWithType:customTitle:assistant:]): (+[_WKElementAction imageForElementActionType:]): Use eye.fill for now. I'll need to check with HI to see if there is a more appropriate glyph. (elementActionTypeToUIActionIdentifier): (uiActionIdentifierToElementActionType): * UIProcess/ios/WKActionSheetAssistant.mm: Add the toggle action to the default set. (-[WKActionSheetAssistant defaultActionsForLinkSheet:]): * UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView _registerPreview]): No need to listen for CFPreferences notifications any more. (-[WKContentView _unregisterPreview]): (menuWithShowLinkPreviewAction): New method that adds the UIAction for toggling previews to a UIMenu if necessary. (-[WKContentView assignLegacyDataForContextMenuInteraction]): (-[WKContentView _contextMenuInteraction:configurationForMenuAtLocation:completion:]): (-[WKContentView _showLinkPreviewsPreferenceChanged:]): Deleted. (titleForMenu): Deleted. URL text previews will be provided separately. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247652 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-19 Dean Jackson <dino@apple.com> Add a menu item to toggle between showing and hiding link previews https://bugs.webkit.org/show_bug.cgi?id=199940 <rdar://problem/53032288> Reviewed by Beth Dakin. New strings for Show/Hide Link Previews. * en.lproj/Localizable.strings: 2019-07-23 Alan Coon <alancoon@apple.com> Cherry-pick r247650. rdar://problem/53449730 Links stop working after long-pressing a link (WK1) https://bugs.webkit.org/show_bug.cgi?id=199952 <rdar://problem/52291860> Patch by Antoine Quint <graouts@apple.com> on 2019-07-19 Reviewed by Wenson Hsieh. Source/WebCore: Test: fast/events/touch/ios/click-after-long-press.html When EventHandler::tryToBeginDragAtPoint() is called, we must reset m_mousePressed to false so that WebChromeClientIOS::observedContentChange() is called by EventHandler::mousePressed() when we would process the next tap after a drag interaction. * page/ios/EventHandlerIOS.mm: (WebCore::EventHandler::tryToBeginDragAtPoint): LayoutTests: * fast/events/touch/ios/click-after-long-press-expected.txt: Added. * fast/events/touch/ios/click-after-long-press.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247650 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-19 Antoine Quint <graouts@apple.com> Links stop working after long-pressing a link (WK1) https://bugs.webkit.org/show_bug.cgi?id=199952 <rdar://problem/52291860> Reviewed by Wenson Hsieh. Test: fast/events/touch/ios/click-after-long-press.html When EventHandler::tryToBeginDragAtPoint() is called, we must reset m_mousePressed to false so that WebChromeClientIOS::observedContentChange() is called by EventHandler::mousePressed() when we would process the next tap after a drag interaction. * page/ios/EventHandlerIOS.mm: (WebCore::EventHandler::tryToBeginDragAtPoint): 2019-07-18 Alan Coon <alancoon@apple.com> Cherry-pick r247568. rdar://problem/53279098 REGRESSION: Panning on an Amazon product image scrolls the page on iPadOS https://bugs.webkit.org/show_bug.cgi?id=199905 <rdar://problem/49124529> Reviewed by Dean Jackson. Amazon product pages include images that the user can touch and pan to show zoomed details in a side image. This currently works on iPadOS thanks to the dispatch of simulated "mousemove" events on the product image, but the site doesn't call preventDefault() when handling those events as it wasn't necessary for macOS. We add a new quirk that will indicate that a given element is such a product image. * page/Quirks.cpp: (WebCore::Quirks::isAmazon const): (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): (WebCore::Quirks::shouldDispatchedSimulatedMouseEventsAssumeDefaultPrevented const): (WebCore::Quirks::simulatedMouseEventTypeForTarget const): * page/Quirks.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247568 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-18 Antoine Quint <graouts@apple.com> REGRESSION: Panning on an Amazon product image scrolls the page on iPadOS https://bugs.webkit.org/show_bug.cgi?id=199905 <rdar://problem/49124529> Reviewed by Dean Jackson. Amazon product pages include images that the user can touch and pan to show zoomed details in a side image. This currently works on iPadOS thanks to the dispatch of simulated "mousemove" events on the product image, but the site doesn't call preventDefault() when handling those events as it wasn't necessary for macOS. We add a new quirk that will indicate that a given element is such a product image. * page/Quirks.cpp: (WebCore::Quirks::isAmazon const): (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): (WebCore::Quirks::shouldDispatchedSimulatedMouseEventsAssumeDefaultPrevented const): (WebCore::Quirks::simulatedMouseEventTypeForTarget const): * page/Quirks.h: 2019-07-18 Alan Coon <alancoon@apple.com> Cherry-pick r247566. rdar://problem/53279081 Make sure to set kCTFontFallbackOptionAttribute to kCTFontFallbackOptionSystem for system fonts https://bugs.webkit.org/show_bug.cgi?id=199769 <rdar://problem/49390297> Reviewed by Myles C. Maxfield. Source/WebCore: When getting a system font, set the appropriate attribute so that it does not fallback to a user initiated font. Add an ASSERT that checks that the font in use is not a user font if policy is to not use user installed fonts. Tests: fast/text/user-installed-fonts/extended-character-with-user-font.html fast/text/user-installed-fonts/extended-character.html * platform/graphics/Font.h: * platform/graphics/FontCascadeFonts.cpp: (WebCore::FontCascadeFonts::glyphDataForSystemFallback): * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::preparePlatformFont): (WebCore::FontDatabase::singletonAllowingUserInstalledFonts): (WebCore::FontDatabase::singletonDisallowingUserInstalledFonts): (WebCore::addAttributesForInstalledFonts): (WebCore::addAttributesForWebFonts): (WebCore::installedFontMandatoryAttributes): * platform/graphics/mac/SimpleFontDataCoreText.cpp: (WebCore::Font::isUserInstalledFont const): Source/WTF: * wtf/Platform.h: Tools: Add a font containing one extended character not found in system fonts. * WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj: * WebKitTestRunner/fonts/FakeHelvetica-SingleExtendedCharacter.ttf: Added. LayoutTests: Tests require WTR and recent MacOS, hence why they are disabled elsewhere. * TestExpectations: * platform/mac-wk2/TestExpectations: * fast/text/user-installed-fonts/extended-character-expected.html: Added. * fast/text/user-installed-fonts/extended-character-with-user-font-expected-mismatch.html: Added. * fast/text/user-installed-fonts/extended-character-with-user-font.html: Added. * fast/text/user-installed-fonts/extended-character.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247566 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-18 Youenn Fablet <youenn@apple.com> Make sure to set kCTFontFallbackOptionAttribute to kCTFontFallbackOptionSystem for system fonts https://bugs.webkit.org/show_bug.cgi?id=199769 <rdar://problem/49390297> Reviewed by Myles C. Maxfield. When getting a system font, set the appropriate attribute so that it does not fallback to a user initiated font. Add an ASSERT that checks that the font in use is not a user font if policy is to not use user installed fonts. Tests: fast/text/user-installed-fonts/extended-character-with-user-font.html fast/text/user-installed-fonts/extended-character.html * platform/graphics/Font.h: * platform/graphics/FontCascadeFonts.cpp: (WebCore::FontCascadeFonts::glyphDataForSystemFallback): * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::preparePlatformFont): (WebCore::FontDatabase::singletonAllowingUserInstalledFonts): (WebCore::FontDatabase::singletonDisallowingUserInstalledFonts): (WebCore::addAttributesForInstalledFonts): (WebCore::addAttributesForWebFonts): (WebCore::installedFontMandatoryAttributes): * platform/graphics/mac/SimpleFontDataCoreText.cpp: (WebCore::Font::isUserInstalledFont const): 2019-07-18 Alan Coon <alancoon@apple.com> Cherry-pick r247562. rdar://problem/53279086 [LFC][IFC] InlineFormattingContext::LineLayout::placeInlineItems is getting too complex. https://bugs.webkit.org/show_bug.cgi?id=199898 <rdar://problem/53235958> Reviewed by Antti Koivisto. It's time to restructure LineLayout::placeInlineItems to be able to expand it further. Introduce the LineLayout class. This class is responsible to place the inline items on the current line. (Rename InlineFormattingContext::lineLayout -> InlineFormattingContext::InlineLayout and use Line::InitialConstraints in LineInput) * layout/inlineformatting/InlineFormattingContext.cpp: (WebCore::Layout::InlineFormattingContext::layout const): (WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthConstraints const): * layout/inlineformatting/InlineFormattingContext.h: (WebCore::Layout::InlineFormattingContext::LineLayout::layoutState const): Deleted. * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::inlineItemWidth): (WebCore::Layout::LineLayout::layoutState const): (WebCore::Layout::LineLayout::UncommittedContent::runs): (WebCore::Layout::LineLayout::UncommittedContent::isEmpty const): (WebCore::Layout::LineLayout::UncommittedContent::size const): (WebCore::Layout::LineLayout::UncommittedContent::width const): (WebCore::Layout::LineLayout::UncommittedContent::add): (WebCore::Layout::LineLayout::UncommittedContent::reset): (WebCore::Layout::LineLayout::LineLayout): (WebCore::Layout::LineLayout::commitPendingContent): (WebCore::Layout::LineLayout::close): (WebCore::Layout::LineLayout::layout): (WebCore::Layout::LineInput::LineInput): (WebCore::Layout::InlineFormattingContext::InlineLayout::InlineLayout): (WebCore::Layout::InlineFormattingContext::InlineLayout::layout const): (WebCore::Layout::InlineFormattingContext::InlineLayout::computedIntrinsicWidth const): (WebCore::Layout::InlineFormattingContext::InlineLayout::createDisplayRuns const): (WebCore::Layout::InlineFormattingContext::InlineLayout::alignRuns const): (WebCore::Layout::UncommittedContent::runs): Deleted. (WebCore::Layout::UncommittedContent::isEmpty const): Deleted. (WebCore::Layout::UncommittedContent::size const): Deleted. (WebCore::Layout::UncommittedContent::width const): Deleted. (WebCore::Layout::UncommittedContent::add): Deleted. (WebCore::Layout::UncommittedContent::reset): Deleted. (WebCore::Layout::LineInput::HorizontalConstraint::HorizontalConstraint): Deleted. (WebCore::Layout::InlineFormattingContext::LineLayout::LineLayout): Deleted. (WebCore::Layout::InlineFormattingContext::LineLayout::placeInlineItems const): Deleted. (WebCore::Layout::InlineFormattingContext::LineLayout::layout const): Deleted. (WebCore::Layout::InlineFormattingContext::LineLayout::computedIntrinsicWidth const): Deleted. (WebCore::Layout::InlineFormattingContext::LineLayout::createDisplayRuns const): Deleted. (WebCore::Layout::InlineFormattingContext::LineLayout::alignRuns const): Deleted. * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::Line): * layout/inlineformatting/InlineLine.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247562 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-18 Zalan Bujtas <zalan@apple.com> [LFC][IFC] InlineFormattingContext::LineLayout::placeInlineItems is getting too complex. https://bugs.webkit.org/show_bug.cgi?id=199898 <rdar://problem/53235958> Reviewed by Antti Koivisto. It's time to restructure LineLayout::placeInlineItems to be able to expand it further. Introduce the LineLayout class. This class is responsible to place the inline items on the current line. (Rename InlineFormattingContext::lineLayout -> InlineFormattingContext::InlineLayout and use Line::InitialConstraints in LineInput) * layout/inlineformatting/InlineFormattingContext.cpp: (WebCore::Layout::InlineFormattingContext::layout const): (WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthConstraints const): * layout/inlineformatting/InlineFormattingContext.h: (WebCore::Layout::InlineFormattingContext::LineLayout::layoutState const): Deleted. * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::inlineItemWidth): (WebCore::Layout::LineLayout::layoutState const): (WebCore::Layout::LineLayout::UncommittedContent::runs): (WebCore::Layout::LineLayout::UncommittedContent::isEmpty const): (WebCore::Layout::LineLayout::UncommittedContent::size const): (WebCore::Layout::LineLayout::UncommittedContent::width const): (WebCore::Layout::LineLayout::UncommittedContent::add): (WebCore::Layout::LineLayout::UncommittedContent::reset): (WebCore::Layout::LineLayout::LineLayout): (WebCore::Layout::LineLayout::commitPendingContent): (WebCore::Layout::LineLayout::close): (WebCore::Layout::LineLayout::layout): (WebCore::Layout::LineInput::LineInput): (WebCore::Layout::InlineFormattingContext::InlineLayout::InlineLayout): (WebCore::Layout::InlineFormattingContext::InlineLayout::layout const): (WebCore::Layout::InlineFormattingContext::InlineLayout::computedIntrinsicWidth const): (WebCore::Layout::InlineFormattingContext::InlineLayout::createDisplayRuns const): (WebCore::Layout::InlineFormattingContext::InlineLayout::alignRuns const): (WebCore::Layout::UncommittedContent::runs): Deleted. (WebCore::Layout::UncommittedContent::isEmpty const): Deleted. (WebCore::Layout::UncommittedContent::size const): Deleted. (WebCore::Layout::UncommittedContent::width const): Deleted. (WebCore::Layout::UncommittedContent::add): Deleted. (WebCore::Layout::UncommittedContent::reset): Deleted. (WebCore::Layout::LineInput::HorizontalConstraint::HorizontalConstraint): Deleted. (WebCore::Layout::InlineFormattingContext::LineLayout::LineLayout): Deleted. (WebCore::Layout::InlineFormattingContext::LineLayout::placeInlineItems const): Deleted. (WebCore::Layout::InlineFormattingContext::LineLayout::layout const): Deleted. (WebCore::Layout::InlineFormattingContext::LineLayout::computedIntrinsicWidth const): Deleted. (WebCore::Layout::InlineFormattingContext::LineLayout::createDisplayRuns const): Deleted. (WebCore::Layout::InlineFormattingContext::LineLayout::alignRuns const): Deleted. * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::Line): * layout/inlineformatting/InlineLine.h: 2019-07-18 Alan Coon <alancoon@apple.com> Revert r247531. rdar://problem/53229712 2019-07-18 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247555. rdar://problem/53254411 Prewarm local storage in the NetworkProcess to reduce WebContent process hangs https://bugs.webkit.org/show_bug.cgi?id=199879 <rdar://problem/53217757> Reviewed by Ryosuke Niwa. Source/WebCore: When JS accesses window.localStorage for the first time, we end up doing a synchronous IPC to the network process to pull in all items in the local storage for the origin. If the network process does not have this data in memory, it has to read it from a database on disk, which may take a significant amount of time and hang the WebContent process during this time. To alleviate this problem, this patch introduces prewarming on the local storage in the network process when loading a given origin in the WebContent process. This way, in most cases, when the JS accesses window.localStorage for the first time, the synchronous IPC to the network process returns much faster (measured 50-100ms for a very large database, down from 250-300ms), as it only needs to IPC the data over, without the need to fetch it from disk. As a safety net to avoid excessive prewarming, we currently prewarm at most 5 security origins per page load. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::commitData): * page/DOMWindow.cpp: (WebCore::DOMWindow::prewarmLocalStorageIfNecessary): * page/DOMWindow.h: * page/Frame.cpp: (WebCore::Frame::didPrewarmLocalStorage): (WebCore::Frame::mayPrewarmLocalStorage const): * page/Frame.h: * storage/Storage.cpp: (WebCore::Storage::prewarm): * storage/Storage.h: * storage/StorageArea.h: (WebCore::StorageArea::prewarm): Source/WebKit: * NetworkProcess/WebStorage/StorageManager.cpp: (WebKit::StorageManager::prewarm): (WebKit::StorageManager::getValues): * NetworkProcess/WebStorage/StorageManager.h: * NetworkProcess/WebStorage/StorageManager.messages.in: * WebProcess/WebStorage/StorageAreaImpl.cpp: (WebKit::StorageAreaImpl::prewarm): * WebProcess/WebStorage/StorageAreaImpl.h: * WebProcess/WebStorage/StorageAreaMap.cpp: (WebKit::StorageAreaMap::loadValuesIfNeeded): (WebKit::StorageAreaMap::prewarm): * WebProcess/WebStorage/StorageAreaMap.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247555 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-17 Chris Dumez <cdumez@apple.com> Prewarm local storage in the NetworkProcess to reduce WebContent process hangs https://bugs.webkit.org/show_bug.cgi?id=199879 <rdar://problem/53217757> Reviewed by Ryosuke Niwa. When JS accesses window.localStorage for the first time, we end up doing a synchronous IPC to the network process to pull in all items in the local storage for the origin. If the network process does not have this data in memory, it has to read it from a database on disk, which may take a significant amount of time and hang the WebContent process during this time. To alleviate this problem, this patch introduces prewarming on the local storage in the network process when loading a given origin in the WebContent process. This way, in most cases, when the JS accesses window.localStorage for the first time, the synchronous IPC to the network process returns much faster (measured 50-100ms for a very large database, down from 250-300ms), as it only needs to IPC the data over, without the need to fetch it from disk. As a safety net to avoid excessive prewarming, we currently prewarm at most 5 security origins per page load. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::commitData): * page/DOMWindow.cpp: (WebCore::DOMWindow::prewarmLocalStorageIfNecessary): * page/DOMWindow.h: * page/Frame.cpp: (WebCore::Frame::didPrewarmLocalStorage): (WebCore::Frame::mayPrewarmLocalStorage const): * page/Frame.h: * storage/Storage.cpp: (WebCore::Storage::prewarm): * storage/Storage.h: * storage/StorageArea.h: (WebCore::StorageArea::prewarm): 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247544. rdar://problem/53230040 Unable to bring up custom media controls on iOS for video.sina.cn https://bugs.webkit.org/show_bug.cgi?id=199889 <rdar://problem/51883919> Reviewed by Dean Jackson. Source/WebCore: Videos on video.sina.cn by default have the "controls" attribute and are set not to autoplay. This means that the original state of the media controls are set to show the built-in media controls and also show the prominent play button to begin playback. The display of the play button also requires a tap gesture recognizer, which calls preventDefault() when the "touchend" is received to prevent double-tap-to-zoom, but also has the side-effect of preventing a "click" event from being dispatched for a tap. The video.sina.cn code would eventually remove the "controls" attribute, which would make the built-in media controls not visible, but still participate in hit-testing because we keep the shadow DOM around in order to potentially show the Airplay or picture-in-picture placards. Additionally, we wouldn't disable the tap gesture recognizer when the "controls" attribute was removed. We now ensure that both gesture recognizers used by iOS inline media controls are only enabled when media controls are visible. Test: media/modern-media-controls/media-controller/ios/media-controller-allows-click-over-video-with-no-controls.html * Modules/modern-media-controls/controls/ios-inline-media-controls.js: (IOSInlineMediaControls.prototype.set showsStartButton): (IOSInlineMediaControls.prototype.get visible): (IOSInlineMediaControls.prototype.set visible): (IOSInlineMediaControls.prototype._updateGestureRecognizers): (IOSInlineMediaControls.prototype._tapGestureRecognizerStateDidChange): (IOSInlineMediaControls.prototype._pinchGestureRecognizerStateDidChange): LayoutTests: This test replicates the scenario found on video.sina.cn that caused the issue: a <video> element originally has the "controls" attribute and is not set to autoplay. This means the tap gesture recognizer is created to track a tap for the video to play. Then the "controls" attribute is removed and we dispatch a tap on the video which would previously have *not* caused a "click" event to eventually be dispatched on the <video> element since the tap gesture recognizer would call preventDefault(). With this patch applied, we get the "click" event because the tap gesture recognizer is disabled once the controls are no longer visible. * media/modern-media-controls/media-controller/ios/media-controller-allows-click-over-video-with-no-controls-expected.txt: Added. * media/modern-media-controls/media-controller/ios/media-controller-allows-click-over-video-with-no-controls.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247544 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-17 Antoine Quint <graouts@apple.com> Unable to bring up custom media controls on iOS for video.sina.cn https://bugs.webkit.org/show_bug.cgi?id=199889 <rdar://problem/51883919> Reviewed by Dean Jackson. Videos on video.sina.cn by default have the "controls" attribute and are set not to autoplay. This means that the original state of the media controls are set to show the built-in media controls and also show the prominent play button to begin playback. The display of the play button also requires a tap gesture recognizer, which calls preventDefault() when the "touchend" is received to prevent double-tap-to-zoom, but also has the side-effect of preventing a "click" event from being dispatched for a tap. The video.sina.cn code would eventually remove the "controls" attribute, which would make the built-in media controls not visible, but still participate in hit-testing because we keep the shadow DOM around in order to potentially show the Airplay or picture-in-picture placards. Additionally, we wouldn't disable the tap gesture recognizer when the "controls" attribute was removed. We now ensure that both gesture recognizers used by iOS inline media controls are only enabled when media controls are visible. Test: media/modern-media-controls/media-controller/ios/media-controller-allows-click-over-video-with-no-controls.html * Modules/modern-media-controls/controls/ios-inline-media-controls.js: (IOSInlineMediaControls.prototype.set showsStartButton): (IOSInlineMediaControls.prototype.get visible): (IOSInlineMediaControls.prototype.set visible): (IOSInlineMediaControls.prototype._updateGestureRecognizers): (IOSInlineMediaControls.prototype._tapGestureRecognizerStateDidChange): (IOSInlineMediaControls.prototype._pinchGestureRecognizerStateDidChange): 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247541. rdar://problem/53230029 Unable to tap buttons at top of Wells Fargo app’s Payees screen https://bugs.webkit.org/show_bug.cgi?id=199846 <rdar://problem/48112220> Reviewed by Simon Fraser. Source/WebCore: This patch restores the stop-before-reaching-the-body heuristics for the approximate node finding feature only. (WebFrame::approximateNodeAtViewportLocation mistakenly relied on this odd quirk of nodeRespondingToClickEvents.) * page/Frame.h: * page/ios/FrameIOS.mm: (WebCore::Frame::approximateNodeAtViewportLocationLegacy): Source/WebKitLegacy/mac: * WebView/WebFrame.mm: (-[WebFrame approximateNodeAtViewportLocation:]): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247541 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-17 Zalan Bujtas <zalan@apple.com> Unable to tap buttons at top of Wells Fargo app’s Payees screen https://bugs.webkit.org/show_bug.cgi?id=199846 <rdar://problem/48112220> Reviewed by Simon Fraser. This patch restores the stop-before-reaching-the-body heuristics for the approximate node finding feature only. (WebFrame::approximateNodeAtViewportLocation mistakenly relied on this odd quirk of nodeRespondingToClickEvents.) * page/Frame.h: * page/ios/FrameIOS.mm: (WebCore::Frame::approximateNodeAtViewportLocationLegacy): 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247540. rdar://problem/53230036 [iOS WK2] Avoid lots of compositing backing store for offscreen position:fixed descendants https://bugs.webkit.org/show_bug.cgi?id=199819 rdar://problem/51977416 Reviewed by Zalan Bujtas. Source/WebCore: There was code to ensure that position:fixed layers and their descendants don't have their backing store detached (thrown away to save memory when offscreen), since that can trigger flashing when async scrolling moves layers in and out of the visual viewport. However, some pages have many descendant layers of positon:fixed which entrain backing store, because, for example, they have a stack of translated-offscreen menu elements inside a fixed header, and those elements may composite because of overflow:scroll. To avoid using too much memory on such pages, allow backing store detachment for fixed layers that are outside the layout viewport. Add a flag to RenderLayer that's set for layers which are fixed, or descendants of fixed, and consult that flag in updateAllowsBackingStoreDetaching(). The logic there is similar to RenderLayerCompositor::requiresCompositingForPosition(). I considered allowing all position:fixed to composite (since this patch would keep most of the memory saving), but historically we've avoided compositing out-of-viewport position:fixed because it's quite common to have them with negative z-index, and compositing those has significant compositing knock-on effects. GraphicsLayer flushing no longer needs to track the viewport-constrained status of layers, so remove that code. This patch removes backing-store pinning for sticky layers. scrolling/ios/reconcile-layer-position-recursive.html then revealed a bug in ScrollingStateStickyNode::reconcileLayerPositionForViewportRect(), which was assuming that the sticky element was scrolled by the page, causing a bad layer position to get sync'd onto the layer. Fixed by copying code from ScrollingTreeStickyNode that is smarter about computing layer positions. This patch fixes jetsams on kmart.com.au in iOS 13 beta. Test: compositing/layer-creation/fixed-position-descendants-out-of-view.html * page/scrolling/ScrollingStateStickyNode.cpp: (WebCore::ScrollingStateStickyNode::computeLayerPosition const): (WebCore::ScrollingStateStickyNode::reconcileLayerPositionForViewportRect): * page/scrolling/ScrollingStateStickyNode.h: * platform/graphics/GraphicsLayer.h: (WebCore::GraphicsLayer::setAllowsBackingStoreDetaching): (WebCore::GraphicsLayer::allowsBackingStoreDetaching const): (WebCore::GraphicsLayer::setIsViewportConstrained): Deleted. (WebCore::GraphicsLayer::isViewportConstrained const): Deleted. (WebCore::GraphicsLayer::setCanDetachBackingStore): Deleted. (WebCore::GraphicsLayer::canDetachBackingStore const): Deleted. * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::GraphicsLayerCA): (WebCore::GraphicsLayerCA::recursiveVisibleRectChangeRequiresFlush const): (WebCore::GraphicsLayerCA::setVisibleAndCoverageRects): (WebCore::GraphicsLayerCA::recursiveCommitChanges): (WebCore::GraphicsLayerCA::updateCoverage): (WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes): * platform/graphics/ca/GraphicsLayerCA.h: * rendering/RenderLayer.cpp: (WebCore::RenderLayer::RenderLayer): (WebCore::RenderLayer::updateLayerPositions): (WebCore::outputPaintOrderTreeLegend): (WebCore::outputPaintOrderTreeRecursive): * rendering/RenderLayer.h: * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateAllowsBackingStoreDetaching): (WebCore::RenderLayerBacking::updateOverflowControlsLayers): (WebCore::RenderLayerBacking::setIsScrollCoordinatedWithViewportConstrainedRole): Deleted. * rendering/RenderLayerBacking.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::computeCompositingRequirements): (WebCore::RenderLayerCompositor::requiresCompositingForPosition const): (WebCore::RenderLayerCompositor::updateOverflowControlsLayers): (WebCore::RenderLayerCompositor::updateScrollCoordinationForLayer): LayoutTests: * compositing/layer-creation/fixed-position-change-out-of-view-in-view.html: * compositing/layer-creation/fixed-position-descendants-out-of-view-expected.txt: Added. * compositing/layer-creation/fixed-position-descendants-out-of-view.html: Added. * compositing/layer-creation/fixed-position-out-of-view.html: * platform/ios-wk2/fast/scrolling/ios/reconcile-layer-position-recursive-expected.txt: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247540 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-17 Simon Fraser <simon.fraser@apple.com> [iOS WK2] Avoid lots of compositing backing store for offscreen position:fixed descendants https://bugs.webkit.org/show_bug.cgi?id=199819 rdar://problem/51977416 Reviewed by Zalan Bujtas. There was code to ensure that position:fixed layers and their descendants don't have their backing store detached (thrown away to save memory when offscreen), since that can trigger flashing when async scrolling moves layers in and out of the visual viewport. However, some pages have many descendant layers of positon:fixed which entrain backing store, because, for example, they have a stack of translated-offscreen menu elements inside a fixed header, and those elements may composite because of overflow:scroll. To avoid using too much memory on such pages, allow backing store detachment for fixed layers that are outside the layout viewport. Add a flag to RenderLayer that's set for layers which are fixed, or descendants of fixed, and consult that flag in updateAllowsBackingStoreDetaching(). The logic there is similar to RenderLayerCompositor::requiresCompositingForPosition(). I considered allowing all position:fixed to composite (since this patch would keep most of the memory saving), but historically we've avoided compositing out-of-viewport position:fixed because it's quite common to have them with negative z-index, and compositing those has significant compositing knock-on effects. GraphicsLayer flushing no longer needs to track the viewport-constrained status of layers, so remove that code. This patch removes backing-store pinning for sticky layers. scrolling/ios/reconcile-layer-position-recursive.html then revealed a bug in ScrollingStateStickyNode::reconcileLayerPositionForViewportRect(), which was assuming that the sticky element was scrolled by the page, causing a bad layer position to get sync'd onto the layer. Fixed by copying code from ScrollingTreeStickyNode that is smarter about computing layer positions. This patch fixes jetsams on kmart.com.au in iOS 13 beta. Test: compositing/layer-creation/fixed-position-descendants-out-of-view.html * page/scrolling/ScrollingStateStickyNode.cpp: (WebCore::ScrollingStateStickyNode::computeLayerPosition const): (WebCore::ScrollingStateStickyNode::reconcileLayerPositionForViewportRect): * page/scrolling/ScrollingStateStickyNode.h: * platform/graphics/GraphicsLayer.h: (WebCore::GraphicsLayer::setAllowsBackingStoreDetaching): (WebCore::GraphicsLayer::allowsBackingStoreDetaching const): (WebCore::GraphicsLayer::setIsViewportConstrained): Deleted. (WebCore::GraphicsLayer::isViewportConstrained const): Deleted. (WebCore::GraphicsLayer::setCanDetachBackingStore): Deleted. (WebCore::GraphicsLayer::canDetachBackingStore const): Deleted. * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::GraphicsLayerCA): (WebCore::GraphicsLayerCA::recursiveVisibleRectChangeRequiresFlush const): (WebCore::GraphicsLayerCA::setVisibleAndCoverageRects): (WebCore::GraphicsLayerCA::recursiveCommitChanges): (WebCore::GraphicsLayerCA::updateCoverage): (WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes): * platform/graphics/ca/GraphicsLayerCA.h: * rendering/RenderLayer.cpp: (WebCore::RenderLayer::RenderLayer): (WebCore::RenderLayer::updateLayerPositions): (WebCore::outputPaintOrderTreeLegend): (WebCore::outputPaintOrderTreeRecursive): * rendering/RenderLayer.h: * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateAllowsBackingStoreDetaching): (WebCore::RenderLayerBacking::updateOverflowControlsLayers): (WebCore::RenderLayerBacking::setIsScrollCoordinatedWithViewportConstrainedRole): Deleted. * rendering/RenderLayerBacking.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::computeCompositingRequirements): (WebCore::RenderLayerCompositor::requiresCompositingForPosition const): (WebCore::RenderLayerCompositor::updateOverflowControlsLayers): (WebCore::RenderLayerCompositor::updateScrollCoordinationForLayer): 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247531. rdar://problem/53229712 IndexedDB: error in starting version change transaction may be neglected https://bugs.webkit.org/show_bug.cgi?id=199818 <rdar://problem/52925738> Reviewed by Brady Eidson. For version change transaction, IDBServer didn't wait the result of beginTransaction on the background thread before giving the IDBClient the result of open request. In this case, beginTransaction may fail to update the DatabaseVersion in database file or set m_originalDatabaseInfoBeforeVersionChange, but the transaction was marked as started. When we later set m_databaseInfo with m_originalDatabaseInfoBeforeVersionChange, m_databaseInfo could become nullptr. To write a test for this, we will need to simulate an SQLite error. I manually tested this by crafting the SQLiteStatement in beginTransaction, making it an invalid statement, and verified that error event, instead of ungradeneeded event is dispatched to the IDBRequest. * Modules/indexeddb/server/UniqueIDBDatabase.cpp: (WebCore::IDBServer::UniqueIDBDatabase::startVersionChangeTransaction): (WebCore::IDBServer::UniqueIDBDatabase::performStartVersionChangeTransaction): (WebCore::IDBServer::UniqueIDBDatabase::didPerformStartVersionChangeTransaction): (WebCore::IDBServer::UniqueIDBDatabase::beginTransactionInBackingStore): Deleted. * Modules/indexeddb/server/UniqueIDBDatabase.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247531 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-17 Sihui Liu <sihui_liu@apple.com> IndexedDB: error in starting version change transaction may be neglected https://bugs.webkit.org/show_bug.cgi?id=199818 <rdar://problem/52925738> Reviewed by Brady Eidson. For version change transaction, IDBServer didn't wait the result of beginTransaction on the background thread before giving the IDBClient the result of open request. In this case, beginTransaction may fail to update the DatabaseVersion in database file or set m_originalDatabaseInfoBeforeVersionChange, but the transaction was marked as started. When we later set m_databaseInfo with m_originalDatabaseInfoBeforeVersionChange, m_databaseInfo could become nullptr. To write a test for this, we will need to simulate an SQLite error. I manually tested this by crafting the SQLiteStatement in beginTransaction, making it an invalid statement, and verified that error event, instead of ungradeneeded event is dispatched to the IDBRequest. * Modules/indexeddb/server/UniqueIDBDatabase.cpp: (WebCore::IDBServer::UniqueIDBDatabase::startVersionChangeTransaction): (WebCore::IDBServer::UniqueIDBDatabase::performStartVersionChangeTransaction): (WebCore::IDBServer::UniqueIDBDatabase::didPerformStartVersionChangeTransaction): (WebCore::IDBServer::UniqueIDBDatabase::beginTransactionInBackingStore): Deleted. * Modules/indexeddb/server/UniqueIDBDatabase.h: 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247530. rdar://problem/53229569 Typing into a cell in a Google Sheet lags behind by one character https://bugs.webkit.org/show_bug.cgi?id=199587 <rdar://problem/51616845> Reviewed by Brent Fulgham. Source/WebCore: Add a Google Sheets quirk. Put all DOM timers scheduled from keydown and keypress event listeners into a holding tank. The timers continue to tick, but are barred from executing their action until the next text insertion or deletion or 32 ms (on device) have elapsed, whichever is sooner. We only allocate a holding tank once per document, only if the quirk is active, and this allocation is done when the document schedules a timer on keydown or keypress. The holding tank lives for the lifetime of the document. The story behind the quirk: On keypress Google Sheets schedules timers and expects that a DOM update will occur (i.e. text will be inserted or deleted) within the same event loop iteration as the dispatched keypress. The UI Events spec. [1] makes no such guarantee of when a DOM update must occur in relation to the keypress event. It could happen in the same event loop iteration as the key press (as Google expects), the next iteration, 500ms later, 2 minutes later, etc. What the spec does guarantee is that by the time a DOM input event is dispatched that the DOM will be updated. And this is the solution to the problem Google Sheets is trying to solve, but is doing so using pre-IE 9 technology (though similar functionality was available via onpropertychange in IE < 9). See also <https://github.com/w3c/uievents/issues/238>, which is tracking a spec. text update for this quirk. Test: fast/events/ios/dom-update-on-keydown-quirk.html [1] <https://w3c.github.io/uievents/> (Editor's Draft, 14 October 2018) * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: Add some files to the project. * dom/Document.cpp: (WebCore::Document::domTimerHoldingTank): Added. * dom/Document.h: (WebCore::Document::domTimerHoldingTankIfExists): Added. * page/DOMTimer.cpp: (WebCore::DOMTimer::install): Put the newly instantiated timer into the holding tank. (WebCore::DOMTimer::removeById): Remove the timer from the holding tank. (WebCore::DOMTimer::fired): Check if the timer is in the holding tank. If it is and it is a one- shot timer then schedule it for the next event loop iteration. If it's a repeating timer just let it continue ticking. Otherwise, do what we no now and execute the timer's action. The reason we do not suspend timers in the holding tank is because: 1. Far out timers (Google Sheets registers timers as far out as 5 minutes!) are not penalized. Though smart supension logic could avoid this. See (3). 2. Empirical observations indicate that the keyboard will perform the insertion or deletion reasonably quickly (not the same event loop iteration as the keydown, but within two iterations out). So, the timers in the holding tank are short-lived. 3. Simplifies the code. There is no need to keep additional bookkeeping to track multiple timer suspension reasons (timers currently can only have one suspension reason) or alternatively defer scheduling a timer until a later time and computing a new "fair" firing time when scheduled. * page/EventHandler.cpp: (WebCore::EventHandler::internalKeyEvent): Place a token on the stack to put all DOM timers scheduled on keydown and keypress into the holding tank if the quirk is enabled. * page/Quirks.cpp: (WebCore::Quirks::needsDeferKeyDownAndKeyPressTimersUntilNextEditingCommand const): Added. * page/Quirks.h: * page/Settings.yaml: Added setting so that this quirk can be enabled from a layout test. This setting also lets us enable the quirk for all sites or for certain third-party apps if desired. * page/ios/DOMTimerHoldingTank.cpp: Added. (WebCore::DOMTimerHoldingTank::DOMTimerHoldingTank): (WebCore::DOMTimerHoldingTank::add): (WebCore::DOMTimerHoldingTank::remove): (WebCore::DOMTimerHoldingTank::contains): (WebCore::DOMTimerHoldingTank::removeAll): (WebCore::DOMTimerHoldingTank::stopExceededMaximumHoldTimer): * page/ios/DOMTimerHoldingTank.h: Added. (WebCore::DeferDOMTimersForScope::DeferDOMTimersForScope): (WebCore::DeferDOMTimersForScope::~DeferDOMTimersForScope): (WebCore::DeferDOMTimersForScope::isDeferring): Source/WebKit: Remove all timers from the holding tank on text insertion or deletion (represented as an editing command). Timers that were in the holding tank never stopped ticking and will now be able to execute their action. * WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::executeEditingCommand): (WebKit::WebPage::insertTextAsync): (WebKit::WebPage::setCompositionAsync): (WebKit::WebPage::confirmCompositionAsync): Call platformWillPerformEditingCommand(). * WebProcess/WebPage/WebPage.h: (WebKit::WebPage::platformWillPerformEditingCommand): Added. * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::platformWillPerformEditingCommand): Remove all the timers from the holding tank if we have a holding tank. LayoutTests: Add a test that enables the quirk and ensures that the DOM is up-to-date on expiration of a zero timer scheduled from keydown, keypress, keyup, and input. * fast/events/ios/dom-update-on-keydown-quirk-expected.txt: Added. * fast/events/ios/dom-update-on-keydown-quirk.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247530 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-17 Daniel Bates <dabates@apple.com> Typing into a cell in a Google Sheet lags behind by one character https://bugs.webkit.org/show_bug.cgi?id=199587 <rdar://problem/51616845> Reviewed by Brent Fulgham. Add a Google Sheets quirk. Put all DOM timers scheduled from keydown and keypress event listeners into a holding tank. The timers continue to tick, but are barred from executing their action until the next text insertion or deletion or 32 ms (on device) have elapsed, whichever is sooner. We only allocate a holding tank once per document, only if the quirk is active, and this allocation is done when the document schedules a timer on keydown or keypress. The holding tank lives for the lifetime of the document. The story behind the quirk: On keypress Google Sheets schedules timers and expects that a DOM update will occur (i.e. text will be inserted or deleted) within the same event loop iteration as the dispatched keypress. The UI Events spec. [1] makes no such guarantee of when a DOM update must occur in relation to the keypress event. It could happen in the same event loop iteration as the key press (as Google expects), the next iteration, 500ms later, 2 minutes later, etc. What the spec does guarantee is that by the time a DOM input event is dispatched that the DOM will be updated. And this is the solution to the problem Google Sheets is trying to solve, but is doing so using pre-IE 9 technology (though similar functionality was available via onpropertychange in IE < 9). See also <https://github.com/w3c/uievents/issues/238>, which is tracking a spec. text update for this quirk. Test: fast/events/ios/dom-update-on-keydown-quirk.html [1] <https://w3c.github.io/uievents/> (Editor's Draft, 14 October 2018) * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: Add some files to the project. * dom/Document.cpp: (WebCore::Document::domTimerHoldingTank): Added. * dom/Document.h: (WebCore::Document::domTimerHoldingTankIfExists): Added. * page/DOMTimer.cpp: (WebCore::DOMTimer::install): Put the newly instantiated timer into the holding tank. (WebCore::DOMTimer::removeById): Remove the timer from the holding tank. (WebCore::DOMTimer::fired): Check if the timer is in the holding tank. If it is and it is a one- shot timer then schedule it for the next event loop iteration. If it's a repeating timer just let it continue ticking. Otherwise, do what we no now and execute the timer's action. The reason we do not suspend timers in the holding tank is because: 1. Far out timers (Google Sheets registers timers as far out as 5 minutes!) are not penalized. Though smart supension logic could avoid this. See (3). 2. Empirical observations indicate that the keyboard will perform the insertion or deletion reasonably quickly (not the same event loop iteration as the keydown, but within two iterations out). So, the timers in the holding tank are short-lived. 3. Simplifies the code. There is no need to keep additional bookkeeping to track multiple timer suspension reasons (timers currently can only have one suspension reason) or alternatively defer scheduling a timer until a later time and computing a new "fair" firing time when scheduled. * page/EventHandler.cpp: (WebCore::EventHandler::internalKeyEvent): Place a token on the stack to put all DOM timers scheduled on keydown and keypress into the holding tank if the quirk is enabled. * page/Quirks.cpp: (WebCore::Quirks::needsDeferKeyDownAndKeyPressTimersUntilNextEditingCommand const): Added. * page/Quirks.h: * page/Settings.yaml: Added setting so that this quirk can be enabled from a layout test. This setting also lets us enable the quirk for all sites or for certain third-party apps if desired. * page/ios/DOMTimerHoldingTank.cpp: Added. (WebCore::DOMTimerHoldingTank::DOMTimerHoldingTank): (WebCore::DOMTimerHoldingTank::add): (WebCore::DOMTimerHoldingTank::remove): (WebCore::DOMTimerHoldingTank::contains): (WebCore::DOMTimerHoldingTank::removeAll): (WebCore::DOMTimerHoldingTank::stopExceededMaximumHoldTimer): * page/ios/DOMTimerHoldingTank.h: Added. (WebCore::DeferDOMTimersForScope::DeferDOMTimersForScope): (WebCore::DeferDOMTimersForScope::~DeferDOMTimersForScope): (WebCore::DeferDOMTimersForScope::isDeferring): 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247525. rdar://problem/53229719 Hop to the main thread when doing logging in RealtimeIncomingVideoSourceCocoa https://bugs.webkit.org/show_bug.cgi?id=199865 Reviewed by Darin Adler. LoggerHelper routines allow logging messages in system console and inspector console. These routines iterate through a Vector of log observers which is not thread safe. Document, the main log observer, also expects to be called on the main thread. Manually tested (writing a layout test for this would require more than 2 seconds). * platform/mediastream/mac/RealtimeIncomingVideoSourceCocoa.mm: (WebCore::RealtimeIncomingVideoSourceCocoa::OnFrame): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247525 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-17 Youenn Fablet <youenn@apple.com> Hop to the main thread when doing logging in RealtimeIncomingVideoSourceCocoa https://bugs.webkit.org/show_bug.cgi?id=199865 Reviewed by Darin Adler. LoggerHelper routines allow logging messages in system console and inspector console. These routines iterate through a Vector of log observers which is not thread safe. Document, the main log observer, also expects to be called on the main thread. Manually tested (writing a layout test for this would require more than 2 seconds). * platform/mediastream/mac/RealtimeIncomingVideoSourceCocoa.mm: (WebCore::RealtimeIncomingVideoSourceCocoa::OnFrame): 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247521. rdar://problem/53229717 Make ANGLE work inside WebKit2's sandbox https://bugs.webkit.org/show_bug.cgi?id=199844 Patch by Kenneth Russell <kbr@chromium.org> on 2019-07-17 Reviewed by Alex Christensen. Source/ThirdParty/ANGLE: Cherry-pick fix for crbug.com/angleproject/3383 to eliminate use of deprecated API in SystemInfo_mac.mm. * BUILD.gn: * src/gpu_info_util/SystemInfo.cpp: (angle::FindActiveGPU): (angle::PrintSystemInfo): (angle::FindPrimaryGPU): Deleted. * src/gpu_info_util/SystemInfo.h: * src/gpu_info_util/SystemInfo_internal.h: * src/gpu_info_util/SystemInfo_linux.cpp: (angle::GetSystemInfo): * src/gpu_info_util/SystemInfo_mac.mm: (angle::GetSystemInfo): * src/gpu_info_util/SystemInfo_win.cpp: (angle::GetSystemInfo): * src/tests/BUILD.gn: * src/tests/test_expectations/GPUTestConfig.cpp: * src/tests/test_utils/angle_test_instantiate.cpp: (angle::IsConfigWhitelisted): Source/WebCore: Fix missing #import introduced at the last minute while removing some debugging code in the last patch. Tested with San Angeles WebGL demo and some conformance tests. * platform/graphics/cocoa/WebGLLayer.mm: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247521 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-17 Kenneth Russell <kbr@chromium.org> Make ANGLE work inside WebKit2's sandbox https://bugs.webkit.org/show_bug.cgi?id=199844 Reviewed by Alex Christensen. Fix missing #import introduced at the last minute while removing some debugging code in the last patch. Tested with San Angeles WebGL demo and some conformance tests. * platform/graphics/cocoa/WebGLLayer.mm: 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247519. rdar://problem/53229612 Hang in WebCore::AccessibilityRenderObject::visiblePositionRangeForLine. https://bugs.webkit.org/show_bug.cgi?id=199845 <rdar://problem/53121017> Patch by Andres Gonzalez <andresg_22@apple.com> on 2019-07-17 Reviewed by Chris Fleizach. - Added check for upper bound NSNotFound for parameter to visiblePositionRangeForLine. - Fixed signed/unsigned issue for AXTextMarkerRangeForLine attribute. * accessibility/AccessibilityRenderObject.cpp: (WebCore::AccessibilityRenderObject::visiblePositionRangeForLine const): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247519 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-17 Andres Gonzalez <andresg_22@apple.com> Hang in WebCore::AccessibilityRenderObject::visiblePositionRangeForLine. https://bugs.webkit.org/show_bug.cgi?id=199845 <rdar://problem/53121017> Reviewed by Chris Fleizach. - Added check for upper bound NSNotFound for parameter to visiblePositionRangeForLine. - Fixed signed/unsigned issue for AXTextMarkerRangeForLine attribute. * accessibility/AccessibilityRenderObject.cpp: (WebCore::AccessibilityRenderObject::visiblePositionRangeForLine const): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]): 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247504. rdar://problem/53229614 Fix includes and make a constructor explicit to avoid unified-sources-triggered test failures https://bugs.webkit.org/show_bug.cgi?id=199849 Reviewed by Wenson Hsieh. webkit.org/b/199587 triggered some unexpected test failures because of unified sources include order. The TextStream operator in ScrollingTreeOverflowScrollingNode::dumpProperties() was invoking the implicit constructor of TransformOperations. * page/scrolling/ScrollingTreeOverflowScrollingNode.cpp: Include TextStream.h * platform/graphics/transforms/TransformOperations.h: Make ctor explicit. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247504 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-16 Simon Fraser <simon.fraser@apple.com> Fix includes and make a constructor explicit to avoid unified-sources-triggered test failures https://bugs.webkit.org/show_bug.cgi?id=199849 Reviewed by Wenson Hsieh. webkit.org/b/199587 triggered some unexpected test failures because of unified sources include order. The TextStream operator in ScrollingTreeOverflowScrollingNode::dumpProperties() was invoking the implicit constructor of TransformOperations. * page/scrolling/ScrollingTreeOverflowScrollingNode.cpp: Include TextStream.h * platform/graphics/transforms/TransformOperations.h: Make ctor explicit. 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247502. rdar://problem/53229564 REGRESSION: fast/events/watchos/double-tap-to-zoom* tests crashing in com.apple.WebKit: -[WKContentView(WKInteraction) _singleTapDidReset:] https://bugs.webkit.org/show_bug.cgi?id=199840 <rdar://problem/52856531> Patch by Antoine Quint <graouts@apple.com> on 2019-07-16 Reviewed by Wenson Hsieh. Source/WebCore: Fix a build error that occured when building for the watchOS Simulator in the debug configuration. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::updateScrollingNodeForScrollingProxyRole): Source/WebKit: We need to ensure the NSNumber used for -[WKSyntheticTapGestureRecognizer lastActiveTouchIdentifier] is retained. This innocent change required the use of RetainPtr<>, which required the move to an Objective-C++ file, which lead to a change in the order files are unified, which lead to build errors, which leads to a much bigger patch than just the source change necessary to fix the crash. * SourcesCocoa.txt: * UIProcess/ios/WKSyntheticTapGestureRecognizer.mm: Renamed from Source/WebKit/UIProcess/ios/WKSyntheticTapGestureRecognizer.m. * UIProcess/ios/forms/WKFormPeripheralBase.h: * UIProcess/ios/forms/WKFormPeripheralBase.mm: * WebKit.xcodeproj/project.pbxproj: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247502 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-16 Antoine Quint <graouts@apple.com> REGRESSION: fast/events/watchos/double-tap-to-zoom* tests crashing in com.apple.WebKit: -[WKContentView(WKInteraction) _singleTapDidReset:] https://bugs.webkit.org/show_bug.cgi?id=199840 <rdar://problem/52856531> Reviewed by Wenson Hsieh. Fix a build error that occured when building for the watchOS Simulator in the debug configuration. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::updateScrollingNodeForScrollingProxyRole): 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247490. rdar://problem/53229559 NSTextFinder holes don't scroll with the page https://bugs.webkit.org/show_bug.cgi?id=199815 <rdar://problem/52280514> Reviewed by Simon Fraser. Source/WebCore: * rendering/ScrollAlignment.h: Source/WebKit: * UIProcess/API/Cocoa/WKWebView.mm: (-[WKWebView _usePlatformFindUI]): (-[WKWebView _setUsePlatformFindUI:]): (-[WKWebView _ensureTextFinderClient]): Add a bit so that clients can choose whether they want our find UI, which respects scrolling, or the system find UI, which works when doing multi-document searches. Right now you can't have both. (-[WKWebView scrollFindMatchToVisible:]): Implement and plumb scrollFindMatchToVisible. * UIProcess/API/Cocoa/WKWebViewPrivate.h: * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::indicateFindMatch): * UIProcess/WebPageProxy.h: * WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::indicateFindMatch): * WebProcess/WebPage/WebPage.h: * WebProcess/WebPage/WebPage.messages.in: Plumb indicateFindMatch to FindController. * UIProcess/mac/WKTextFinderClient.h: * UIProcess/mac/WKTextFinderClient.mm: (-[WKTextFinderClient initWithPage:view:usePlatformFindUI:]): Store whether or not we are using the platform find UI. (-[WKTextFinderClient findMatchesForString:relativeToMatch:findOptions:maxResults:resultCollector:]): If using WebKit find UI, turn on our UI in the options passed to findString[Matches]. (-[WKTextFinderClient scrollFindMatchToVisible:]): If using WebKit find UI, when the platform tells us to reveal a find match, indicate it. (-[WKTextFinderClient didFindStringMatchesWithRects:didWrapAround:]): If using WebKit find UI, lie to the platform and return no rects so that it doesn't paint a yellow rectangle. (-[WKTextFinderClient getImageForMatchResult:completionHandler:]): If using WebKit find UI, lie to the platform and return no image so that it doesn't paint a yellow rectangle. (-[WKTextFinderClient initWithPage:view:]): Deleted. * WebProcess/WebPage/FindController.cpp: (WebKit::FindController::updateFindUIAfterPageScroll): Make it possible to use our find UI with 'findStringMatches'; since the platform find infrastrucutre depends on knowing about all matches up front, we need to use 'findStringMatches' instead of 'findString', but we had never combined that with our UI. Don't throw away the other matches when we indicate one, and don't send DidFindString in the case we are coming from 'findStringMatches'. This all needs a bit of cleanup in the future. (WebKit::FindController::findString): Tell updateFindUIAfterPageScroll that we are 'findString' so that it uses its normal behavior. (WebKit::FindController::findStringMatches): Tell updateFindUIAfterPageScroll that we are 'findStringMatches' so that it uses the adjusted behavior. (WebKit::FindController::indicateFindMatch): Add 'indicateFindMatch', which both selects the match and moves the indicator there. * WebProcess/WebPage/FindController.h: Tools: * MiniBrowser/mac/WK2BrowserWindowController.m: (-[MiniBrowserNSTextFinder performAction:]): (-[WK2BrowserWindowController awakeFromNib]): Adopt the WebKit UI in MiniBrowser. Also, override NSTextFinder's -performAction: so that we can intercept the close action and hide our own find UI, since there is no delegate for that action yet. * TestWebKitAPI/Tests/WebKitCocoa/FindInPage.mm: (TEST): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247490 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-16 Tim Horton <timothy_horton@apple.com> NSTextFinder holes don't scroll with the page https://bugs.webkit.org/show_bug.cgi?id=199815 <rdar://problem/52280514> Reviewed by Simon Fraser. * rendering/ScrollAlignment.h: 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247489. rdar://problem/53229754 [iOS] Make sure the first camera device in the list is the front camera https://bugs.webkit.org/show_bug.cgi?id=199811 <rdar://problem/53125157> Reviewed by Jer Noble. Some websites call getUserMedia with a deviceId constraint and theey pick the first deviceId in the list provided by enumerateDevices. On iOS, this is the back camera which is often not what is expected by WebRTC applications. Instead, make sure the first camera device is the front camera. Manually tested. * platform/mediastream/mac/AVCaptureDeviceManager.mm: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247489 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-16 Youenn Fablet <youenn@apple.com> [iOS] Make sure the first camera device in the list is the front camera https://bugs.webkit.org/show_bug.cgi?id=199811 <rdar://problem/53125157> Reviewed by Jer Noble. Some websites call getUserMedia with a deviceId constraint and theey pick the first deviceId in the list provided by enumerateDevices. On iOS, this is the back camera which is often not what is expected by WebRTC applications. Instead, make sure the first camera device is the front camera. Manually tested. * platform/mediastream/mac/AVCaptureDeviceManager.mm: 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247487. rdar://problem/53229629 Remove "GraphicsContext 0x7ffd8765f6b0 stack changed by" logging https://bugs.webkit.org/show_bug.cgi?id=199834 Reviewed by Dean Jackson. I inadvertently left in a couple of GraphicsContextStateStackChecker (used to detect mismatched GraphicsContext save/restore) in r246725, so remove them. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::paintLayerContents): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::paintIntoLayer): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247487 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247486. rdar://problem/53229738 Speed up StorageManager::getValues() https://bugs.webkit.org/show_bug.cgi?id=199812 Reviewed by Alex Christensen. Source/WebCore: 2019-07-16 Simon Fraser <simon.fraser@apple.com> Remove "GraphicsContext 0x7ffd8765f6b0 stack changed by" logging https://bugs.webkit.org/show_bug.cgi?id=199834 Reviewed by Dean Jackson. I inadvertently left in a couple of GraphicsContextStateStackChecker (used to detect mismatched GraphicsContext save/restore) in r246725, so remove them. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::paintLayerContents): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::paintIntoLayer): * storage/StorageMap.cpp: (WebCore::StorageMap::importItems): * storage/StorageMap.h: Source/WebKit: Made the following performance improvements: - Made StorageManager a WorkQueueMessageReceiver again (like it was before it got moved from the UIProcess to the Network process). This avoids a lot of thread hopping (IPC thread -> Main thread -> StorageManagerThread -> Main Thread) and a lot of isolatedCopying of the strings. - Move values around when possible to avoid copying. - Add fast path to StorageMap::importItems() for when the StorageMap is empty when importing (15ms -> 2.5ms). * NetworkProcess/NetworkConnectionToWebProcess.cpp: (WebKit::NetworkConnectionToWebProcess::didReceiveMessage): (WebKit::NetworkConnectionToWebProcess::didReceiveSyncMessage): * NetworkProcess/WebStorage/LocalStorageDatabase.cpp: (WebKit::LocalStorageDatabase::importItems): * NetworkProcess/WebStorage/StorageManager.cpp: (WebKit::StorageManager::addAllowedSessionStorageNamespaceConnection): (WebKit::StorageManager::removeAllowedSessionStorageNamespaceConnection): (WebKit::StorageManager::processDidCloseConnection): (WebKit::StorageManager::createLocalStorageMap): (WebKit::StorageManager::createTransientLocalStorageMap): (WebKit::StorageManager::createSessionStorageMap): (WebKit::StorageManager::destroyStorageMap): (WebKit::StorageManager::getValues): (WebKit::StorageManager::setItem): (WebKit::StorageManager::setItems): (WebKit::StorageManager::removeItem): (WebKit::StorageManager::clear): * NetworkProcess/WebStorage/StorageManager.h: * Platform/IPC/Connection.cpp: (IPC::Connection::addWorkQueueMessageReceiver): (IPC::Connection::removeWorkQueueMessageReceiver): (IPC::Connection::processIncomingMessage): (IPC::Connection::dispatchMessage): (IPC::Connection::dispatchMessageToWorkQueueReceiver): * Platform/IPC/Connection.h: * WebProcess/WebStorage/StorageAreaMap.cpp: (WebKit::StorageAreaMap::loadValuesIfNeeded): Messages to WorkQueueMessageReceivers are normally dispatched from the IPC WorkQueue. However, there is a race if a client (here StorageManager) adds itself as a WorkQueueMessageReceiver as a result of receiving an IPC message on the main thread (here NetworkConnectionToWebProcess::WebPageWasAdded). The message might have already been dispatched from the IPC WorkQueue to the main thread by the time the client registers itself as a WorkQueueMessageReceiver. To address this, we check again for messages receivers once the message arrives on the main thread. Source/WebKitLegacy: * Storage/StorageAreaImpl.cpp: (WebKit::StorageAreaImpl::importItems): * Storage/StorageAreaImpl.h: * Storage/StorageAreaSync.cpp: (WebKit::StorageAreaSync::performImport): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247486 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-16 Chris Dumez <cdumez@apple.com> Speed up StorageManager::getValues() https://bugs.webkit.org/show_bug.cgi?id=199812 Reviewed by Alex Christensen. * storage/StorageMap.cpp: (WebCore::StorageMap::importItems): * storage/StorageMap.h: 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247484. rdar://problem/53229757 [Text autosizing] [iPadOS] Paragraph text on the front page of LinkedIn.com is not boosted https://bugs.webkit.org/show_bug.cgi?id=199827 <rdar://problem/53152660> Reviewed by Zalan Bujtas. Source/WebCore: After r247467, we try to avoid boosting some text that might cause vertical overflow due to line height increasing inside a container that expects a fixed integer number of lines. However, in the case of linkedin.com, the line height specified is a fixed value of 26px, which greatly exceeds the specified font size of 14px. In this case, it's safe to boost font size, since doing so would not affect the line height at all. To handle this case, don't avoid text autosizing due to the "fixed number of lines" heuristic if the line height is fixed, and is much larger than the font size. Test: fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidates.html * rendering/style/TextSizeAdjustment.cpp: (WebCore::AutosizeStatus::updateStatus): LayoutTests: Add a new test case, inspired by paragraph text in a post on linkedin.com. This text should get autosized. * fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidates-expected.txt: * fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidates.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247484 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-16 Wenson Hsieh <wenson_hsieh@apple.com> [Text autosizing] [iPadOS] Paragraph text on the front page of LinkedIn.com is not boosted https://bugs.webkit.org/show_bug.cgi?id=199827 <rdar://problem/53152660> Reviewed by Zalan Bujtas. After r247467, we try to avoid boosting some text that might cause vertical overflow due to line height increasing inside a container that expects a fixed integer number of lines. However, in the case of linkedin.com, the line height specified is a fixed value of 26px, which greatly exceeds the specified font size of 14px. In this case, it's safe to boost font size, since doing so would not affect the line height at all. To handle this case, don't avoid text autosizing due to the "fixed number of lines" heuristic if the line height is fixed, and is much larger than the font size. Test: fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidates.html * rendering/style/TextSizeAdjustment.cpp: (WebCore::AutosizeStatus::updateStatus): 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247483. rdar://problem/53229618 [ContentChangeObserver] Cancel ongoing content observation when tap is failed/cancelled https://bugs.webkit.org/show_bug.cgi?id=199828 <rdar://problem/53152696> Reviewed by Wenson Hsieh. Source/WebCore: This patch ensures that we stop the content observation (initiated by touch start) when the tap is cancelled/failed. Not testable. * page/ios/ContentChangeObserver.cpp: (WebCore::ContentChangeObserver::didCancelPotentialTap): * page/ios/ContentChangeObserver.h: Source/WebKit: * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::commitPotentialTapFailed): (WebKit::WebPage::cancelPotentialTap): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247483 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-16 Zalan Bujtas <zalan@apple.com> [ContentChangeObserver] Cancel ongoing content observation when tap is failed/cancelled https://bugs.webkit.org/show_bug.cgi?id=199828 <rdar://problem/53152696> Reviewed by Wenson Hsieh. This patch ensures that we stop the content observation (initiated by touch start) when the tap is cancelled/failed. Not testable. * page/ios/ContentChangeObserver.cpp: (WebCore::ContentChangeObserver::didCancelPotentialTap): * page/ios/ContentChangeObserver.h: 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247480. rdar://problem/53229746 Hop to main thread for release logging in RealtimeIncomingAudioSource https://bugs.webkit.org/show_bug.cgi?id=199813 Reviewed by Eric Carlson. LoggerHelper routines allow logging messages in system console and inspector console. These routines iterate through a Vector of log observers which is not thread safe. Document, the main log observer, also expects to be called on the main thread. Manually tested (writing a layout test for this would require more than 2 seconds). * platform/mediastream/mac/RealtimeIncomingAudioSourceCocoa.cpp: (WebCore::RealtimeIncomingAudioSourceCocoa::OnData): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247480 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-16 Youenn Fablet <youenn@apple.com> Hop to main thread for release logging in RealtimeIncomingAudioSource https://bugs.webkit.org/show_bug.cgi?id=199813 Reviewed by Eric Carlson. LoggerHelper routines allow logging messages in system console and inspector console. These routines iterate through a Vector of log observers which is not thread safe. Document, the main log observer, also expects to be called on the main thread. Manually tested (writing a layout test for this would require more than 2 seconds). * platform/mediastream/mac/RealtimeIncomingAudioSourceCocoa.cpp: (WebCore::RealtimeIncomingAudioSourceCocoa::OnData): 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247470. rdar://problem/53229634 outlook.live.com has odd viewport with edge gap https://bugs.webkit.org/show_bug.cgi?id=199822 <rdar://problem/53029072> Reviewed by Wenson Hsieh. Source/WebCore: r244944 introduced a viewport width quirk because at certain screen size outlook.live.com's flex setup produced a slighly broken layout. We don't seem to need this quirk anymore (composed column's min-width is removed.) * page/Quirks.cpp: (WebCore::Quirks::shouldIgnoreShrinkToFitContent const): Deleted. (WebCore::Quirks::overriddenViewLayoutWidth const): Deleted. * page/Quirks.h: Source/WebKit: * WebProcess/WebPage/WebPage.h: * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::setViewportConfigurationViewLayoutSize): (WebKit::WebPage::dynamicViewportSizeUpdate): (WebKit::WebPage::resetViewportDefaultConfiguration): (WebKit::WebPage::immediatelyShrinkToFitContent): (WebKit::WebPage::viewLayoutSizeAdjustedForQuirks): Deleted. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247470 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-15 Zalan Bujtas <zalan@apple.com> outlook.live.com has odd viewport with edge gap https://bugs.webkit.org/show_bug.cgi?id=199822 <rdar://problem/53029072> Reviewed by Wenson Hsieh. r244944 introduced a viewport width quirk because at certain screen size outlook.live.com's flex setup produced a slighly broken layout. We don't seem to need this quirk anymore (composed column's min-width is removed.) * page/Quirks.cpp: (WebCore::Quirks::shouldIgnoreShrinkToFitContent const): Deleted. (WebCore::Quirks::overriddenViewLayoutWidth const): Deleted. * page/Quirks.h: 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247467. rdar://problem/53229768 [Text autosizing] [iPadOS] Product label text is clipped in portrait mode on the front page of sephora.com https://bugs.webkit.org/show_bug.cgi?id=199806 <rdar://problem/52902482> Reviewed by Zalan Bujtas. Source/WebCore: On sephora.com, some product label text is currently boosted by idempotent text autosizing, which causes the labels be vertically clipped. This patch augments the idempotent text autosizing heuristic to avoid this case by checking if the element to be boosted has a fixed height or max height, whose value is very close to a small integer multiple of the line height. In this case, it's likely that the website expects the text to be no more than a few lines' worth of height, so boosting the text is likely to break the page. Test: fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidates.html * rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::isIdempotentTextAutosizingCandidate const): * rendering/style/TextSizeAdjustment.cpp: (WebCore::AutosizeStatus::updateStatus): * rendering/style/TextSizeAdjustment.h: Rename Fields::DisplayNone to Fields::AvoidSubtree to avoid introducing another bit in RenderStyle's inherited flags. LayoutTests: Add a new test case to an existing layout test, which mimics the product label text on sephora.com's front page. * fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidates-expected.txt: * fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidates.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247467 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-15 Wenson Hsieh <wenson_hsieh@apple.com> [Text autosizing] [iPadOS] Product label text is clipped in portrait mode on the front page of sephora.com https://bugs.webkit.org/show_bug.cgi?id=199806 <rdar://problem/52902482> Reviewed by Zalan Bujtas. On sephora.com, some product label text is currently boosted by idempotent text autosizing, which causes the labels be vertically clipped. This patch augments the idempotent text autosizing heuristic to avoid this case by checking if the element to be boosted has a fixed height or max height, whose value is very close to a small integer multiple of the line height. In this case, it's likely that the website expects the text to be no more than a few lines' worth of height, so boosting the text is likely to break the page. Test: fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidates.html * rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::isIdempotentTextAutosizingCandidate const): * rendering/style/TextSizeAdjustment.cpp: (WebCore::AutosizeStatus::updateStatus): * rendering/style/TextSizeAdjustment.h: Rename Fields::DisplayNone to Fields::AvoidSubtree to avoid introducing another bit in RenderStyle's inherited flags. 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247465. rdar://problem/53229731 New York font erroneously gets synthetic bold https://bugs.webkit.org/show_bug.cgi?id=199653 Unreviewed watchOS build fix. Source/WebCore: * page/ProcessWarming.cpp: (WebCore::ProcessWarming::prewarmGlobally): * page/cocoa/MemoryReleaseCocoa.mm: (WebCore::platformReleaseMemory): * platform/graphics/FontCascadeDescription.cpp: * platform/graphics/FontDescription.h: * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::invalidateFontCache): (WebCore::lookupFallbackFont): * platform/graphics/cocoa/FontDescriptionCocoa.cpp: (WebCore::FontCascadeDescription::effectiveFamilyAt const): * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp: (WebCore::FontFamilySpecificationCoreText::fontRanges const): * platform/graphics/cocoa/SystemFontDatabaseCoreText.cpp: Source/WTF: * wtf/Platform.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247465 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-15 Myles C. Maxfield <mmaxfield@apple.com> New York font erroneously gets synthetic bold https://bugs.webkit.org/show_bug.cgi?id=199653 Unreviewed watchOS build fix. * page/ProcessWarming.cpp: (WebCore::ProcessWarming::prewarmGlobally): * page/cocoa/MemoryReleaseCocoa.mm: (WebCore::platformReleaseMemory): * platform/graphics/FontCascadeDescription.cpp: * platform/graphics/FontDescription.h: * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::invalidateFontCache): (WebCore::lookupFallbackFont): * platform/graphics/cocoa/FontDescriptionCocoa.cpp: (WebCore::FontCascadeDescription::effectiveFamilyAt const): * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp: (WebCore::FontFamilySpecificationCoreText::fontRanges const): * platform/graphics/cocoa/SystemFontDatabaseCoreText.cpp: 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247459. rdar://problem/53229552 Crash under DisplayRefreshMonitorManager::displayWasUpdated() https://bugs.webkit.org/show_bug.cgi?id=199808 <rdar://problem/53070144> Reviewed by Geoffrey Garen. Copy m_monitors before iterating over it because the calling displayLinkFired() on the monitor may end up calling DisplayRefreshMonitorManager::displayDidRefresh() synchronously, which removes the monitor from m_monitors. * platform/graphics/DisplayRefreshMonitorManager.cpp: (WebCore::DisplayRefreshMonitorManager::displayWasUpdated): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247459 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-15 Chris Dumez <cdumez@apple.com> Crash under DisplayRefreshMonitorManager::displayWasUpdated() https://bugs.webkit.org/show_bug.cgi?id=199808 <rdar://problem/53070144> Reviewed by Geoffrey Garen. Copy m_monitors before iterating over it because the calling displayLinkFired() on the monitor may end up calling DisplayRefreshMonitorManager::displayDidRefresh() synchronously, which removes the monitor from m_monitors. * platform/graphics/DisplayRefreshMonitorManager.cpp: (WebCore::DisplayRefreshMonitorManager::displayWasUpdated): 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247450. rdar://problem/53229577 Add missing webgpu includes https://bugs.webkit.org/show_bug.cgi?id=199802 <rdar://problem/53119120> Reviewed by Myles C. Maxfield. WHLSLFunctionWriter.cpp fails to compile on tvOS and watchOS due to missing includes. This file likely compiles on other platforms due to the Unified Sources facility that clumps several implementation files together, exposing those implementation files to the others' includes. It fails on tvOS and watchOS due to the different ways these implementation files can get clumped together on different platforms. No new tests as there is no functional change. * Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247450 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-15 Keith Rollin <krollin@apple.com> Add missing webgpu includes https://bugs.webkit.org/show_bug.cgi?id=199802 <rdar://problem/53119120> Reviewed by Myles C. Maxfield. WHLSLFunctionWriter.cpp fails to compile on tvOS and watchOS due to missing includes. This file likely compiles on other platforms due to the Unified Sources facility that clumps several implementation files together, exposing those implementation files to the others' includes. It fails on tvOS and watchOS due to the different ways these implementation files can get clumped together on different platforms. No new tests as there is no functional change. * Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp: 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247434. rdar://problem/53229565 window.openDatabase is not writable https://bugs.webkit.org/show_bug.cgi?id=199737 <rdar://problem/52551332> Reviewed by Chris Dumez. Source/WebCore: In r246707 we made openDatabase an undetectable attribute of window, and it was set to be read-only. This broke some sites which replace window.openDatabase with their own implementation when window.openDatabase does not exists or WebSQL is not implemented. This patch removes the readonly property and adds a setter for openDatabase. * Modules/webdatabase/DOMWindowWebDatabase.idl: * bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::setOpenDatabase): Tools: * TestWebKitAPI/Tests/WebKitCocoa/WebSQLBasics.mm: (TEST): * TestWebKitAPI/Tests/WebKitCocoa/opendatabase-always-exists.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247434 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-15 Sihui Liu <sihui_liu@apple.com> window.openDatabase is not writable https://bugs.webkit.org/show_bug.cgi?id=199737 <rdar://problem/52551332> Reviewed by Chris Dumez. In r246707 we made openDatabase an undetectable attribute of window, and it was set to be read-only. This broke some sites which replace window.openDatabase with their own implementation when window.openDatabase does not exists or WebSQL is not implemented. This patch removes the readonly property and adds a setter for openDatabase. * Modules/webdatabase/DOMWindowWebDatabase.idl: * bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::setOpenDatabase): 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247379. rdar://problem/53229731 Fix builds where HAVE_DESIGN_SYSTEM_UI_FONTS is not defined. * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::fontWithFamilySpecialCase): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247379 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-11 Simon Fraser <simon.fraser@apple.com> Fix builds where HAVE_DESIGN_SYSTEM_UI_FONTS is not defined. * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::fontWithFamilySpecialCase): 2019-07-17 Kocsen Chung <kocsen_chung@apple.com> Cherry-pick r247377. rdar://problem/53229731 New York font erroneously gets synthetic bold https://bugs.webkit.org/show_bug.cgi?id=199653 <rdar://problem/51692592> Reviewed by Simon Fraser. Source/WebCore: This patch adds support for -apple-system-ui-serif, -apple-system-ui-monospaced, and -apple-system-ui-rounded, behind an SPI that is off-by-default. We don't want to expose these fonts to the web because we don't a standardization story for them yet, but we do want some apps to be able to use them. WebKit clients who want to use these fonts can set -[WKPreferences _shouldAllowDesignSystemUIFonts] = YES. The patch generalizes our existing system-ui infrastructure to handle these three additional fonts. It also explicitly disables the unsupported dot-prefixed names so they don't leak out into Web content. Tests: fast/text/design-system-ui-10.html fast/text/design-system-ui-11.html fast/text/design-system-ui-12.html fast/text/design-system-ui-13.html fast/text/design-system-ui-14.html fast/text/design-system-ui-15.html fast/text/design-system-ui-16.html fast/text/design-system-ui-2.html fast/text/design-system-ui-3.html fast/text/design-system-ui-4.html fast/text/design-system-ui-5.html fast/text/design-system-ui-6.html fast/text/design-system-ui-7.html fast/text/design-system-ui-8.html fast/text/design-system-ui-9.html fast/text/design-system-ui.html * css/CSSFontFace.cpp: (WebCore::CSSFontFace::shouldAllowDesignSystemUIFonts const): * css/CSSFontFace.h: * css/CSSFontFaceSource.cpp: (WebCore::CSSFontFaceSource::load): * css/StyleResolver.cpp: (WebCore::StyleResolver::initializeFontStyle): * page/Settings.yaml: * platform/graphics/FontDescription.cpp: (WebCore::m_shouldAllowDesignSystemUIFonts): (WebCore::m_shouldAllowUserInstalledFonts): Deleted. * platform/graphics/FontDescription.h: (WebCore::FontDescription::shouldAllowDesignSystemUIFonts const): (WebCore::FontDescription::setShouldAllowDesignSystemUIFonts): (WebCore::FontDescription::operator== const): * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::platformFontLookupWithFamily): (WebCore::fontWithFamily): * platform/graphics/cocoa/FontCacheCoreText.h: * platform/graphics/cocoa/FontDescriptionCocoa.cpp: (WebCore::systemFontUse): (WebCore::systemFontCascadeList): (WebCore::FontCascadeDescription::effectiveFamilyCount const): (WebCore::FontCascadeDescription::effectiveFamilyAt const): (WebCore::isSystemFontString): Deleted. (WebCore::isUIFontTextStyle): Deleted. * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::ctFont const): * platform/graphics/cocoa/SystemFontDatabaseCoreText.cpp: (WebCore::SystemFontDatabaseCoreText::createSystemUI): (WebCore::SystemFontDatabaseCoreText::createDesignSystemUI): (WebCore::SystemFontDatabaseCoreText::createTextStyle): (WebCore::SystemFontDatabaseCoreText::cascadeList): (WebCore::SystemFontDatabaseCoreText::applyWeightItalicsAndFallbackBehavior): (WebCore::SystemFontDatabaseCoreText::systemFontParameters): * platform/graphics/cocoa/SystemFontDatabaseCoreText.h: * platform/graphics/ios/FontCacheIOS.mm: (WebCore::platformFontWithFamilySpecialCase): * platform/graphics/mac/FontCacheMac.mm: (WebCore::platformFontWithFamilySpecialCase): * style/StyleResolveForDocument.cpp: (WebCore::Style::resolveForDocument): * svg/graphics/SVGImage.cpp: (WebCore::SVGImage::dataChanged): * testing/InternalSettings.cpp: (WebCore::InternalSettings::Backup::Backup): (WebCore::InternalSettings::Backup::restoreTo): (WebCore::InternalSettings::setShouldAllowDesignSystemUIFonts): * testing/InternalSettings.h: * testing/InternalSettings.idl: Source/WebCore/PAL: * pal/spi/cocoa/CoreTextSPI.h: Source/WebKit: Add the SPI to enable the new fonts. * Shared/WebPreferences.yaml: * UIProcess/API/C/WKPreferences.cpp: (WKPreferencesSetShouldAllowDesignSystemUIFonts): (WKPreferencesGetShouldAllowDesignSystemUIFonts): * UIProcess/API/C/WKPreferencesRefPrivate.h: * UIProcess/API/Cocoa/WKPreferences.mm: (-[WKPreferences _shouldAllowDesignSystemUIFonts]): (-[WKPreferences _setShouldAllowDesignSystemUIFonts:]): * UIProcess/API/Cocoa/WKPreferencesPrivate.h: Source/WTF: * wtf/Platform.h: LayoutTests: * TestExpectations: * fast/text/design-system-ui-10-expected-mismatch.html: Added. * fast/text/design-system-ui-10.html: Added. * fast/text/design-system-ui-11-expected-mismatch.html: Added. * fast/text/design-system-ui-11.html: Added. * fast/text/design-system-ui-12-expected-mismatch.html: Added. * fast/text/design-system-ui-12.html: Added. * fast/text/design-system-ui-13-expected-mismatch.html: Added. * fast/text/design-system-ui-13.html: Added. * fast/text/design-system-ui-14-expected-mismatch.html: Added. * fast/text/design-system-ui-14.html: Added. * fast/text/design-system-ui-15-expected-mismatch.html: Added. * fast/text/design-system-ui-15.html: Added. * fast/text/design-system-ui-16-expected-mismatch.html: Added. * fast/text/design-system-ui-16.html: Added. * fast/text/design-system-ui-2-expected.html: Added. * fast/text/design-system-ui-2.html: Added. * fast/text/design-system-ui-3-expected-mismatch.html: Added. * fast/text/design-system-ui-3.html: Added. * fast/text/design-system-ui-4-expected-mismatch.html: Added. * fast/text/design-system-ui-4.html: Added. * fast/text/design-system-ui-5-expected-mismatch.html: Added. * fast/text/design-system-ui-5.html: Added. * fast/text/design-system-ui-6-expected.html: Added. * fast/text/design-system-ui-6.html: Added. * fast/text/design-system-ui-7-expected.html: Added. * fast/text/design-system-ui-7.html: Added. * fast/text/design-system-ui-8-expected-mismatch.html: Added. * fast/text/design-system-ui-8.html: Added. * fast/text/design-system-ui-9-expected-mismatch.html: Added. * fast/text/design-system-ui-9.html: Added. * fast/text/design-system-ui-expected.html: Added. * fast/text/design-system-ui.html: Added. * platform/mac/TestExpectations: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247377 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-07-11 Myles C. Maxfield <mmaxfield@apple.com> New York font erroneously gets synthetic bold https://bugs.webkit.org/show_bug.cgi?id=199653 <rdar://problem/51692592> Reviewed by Simon Fraser. This patch adds support for -apple-system-ui-serif, -apple-system-ui-monospaced, and -apple-system-ui-rounded, behind an SPI that is off-by-default. We don't want to expose these fonts to the web because we don't a standardization story for them yet, but we do want some apps to be able to use them. WebKit clients who want to use these fonts can set -[WKPreferences _shouldAllowDesignSystemUIFonts] = YES. The patch generalizes our existing system-ui infrastructure to handle these three additional fonts. It also explicitly disables the unsupported dot-prefixed names so they don't leak out into Web content. Tests: fast/text/design-system-ui-10.html fast/text/design-system-ui-11.html fast/text/design-system-ui-12.html fast/text/design-system-ui-13.html fast/text/design-system-ui-14.html fast/text/design-system-ui-15.html fast/text/design-system-ui-16.html fast/text/design-system-ui-2.html fast/text/design-system-ui-3.html fast/text/design-system-ui-4.html fast/text/design-system-ui-5.html fast/text/design-system-ui-6.html fast/text/design-system-ui-7.html fast/text/design-system-ui-8.html fast/text/design-system-ui-9.html fast/text/design-system-ui.html * css/CSSFontFace.cpp: (WebCore::CSSFontFace::shouldAllowDesignSystemUIFonts const): * css/CSSFontFace.h: * css/CSSFontFaceSource.cpp: (WebCore::CSSFontFaceSource::load): * css/StyleResolver.cpp: (WebCore::StyleResolver::initializeFontStyle): * page/Settings.yaml: * platform/graphics/FontDescription.cpp: (WebCore::m_shouldAllowDesignSystemUIFonts): (WebCore::m_shouldAllowUserInstalledFonts): Deleted. * platform/graphics/FontDescription.h: (WebCore::FontDescription::shouldAllowDesignSystemUIFonts const): (WebCore::FontDescription::setShouldAllowDesignSystemUIFonts): (WebCore::FontDescription::operator== const): * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::platformFontLookupWithFamily): (WebCore::fontWithFamily): * platform/graphics/cocoa/FontCacheCoreText.h: * platform/graphics/cocoa/FontDescriptionCocoa.cpp: (WebCore::systemFontUse): (WebCore::systemFontCascadeList): (WebCore::FontCascadeDescription::effectiveFamilyCount const): (WebCore::FontCascadeDescription::effectiveFamilyAt const): (WebCore::isSystemFontString): Deleted. (WebCore::isUIFontTextStyle): Deleted. * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::ctFont const): * platform/graphics/cocoa/SystemFontDatabaseCoreText.cpp: (WebCore::SystemFontDatabaseCoreText::createSystemUI): (WebCore::SystemFontDatabaseCoreText::createDesignSystemUI): (WebCore::SystemFontDatabaseCoreText::createTextStyle): (WebCore::SystemFontDatabaseCoreText::cascadeList): (WebCore::SystemFontDatabaseCoreText::applyWeightItalicsAndFallbackBehavior): (WebCore::SystemFontDatabaseCoreText::systemFontParameters): * platform/graphics/cocoa/SystemFontDatabaseCoreText.h: * platform/graphics/ios/FontCacheIOS.mm: (WebCore::platformFontWithFamilySpecialCase): * platform/graphics/mac/FontCacheMac.mm: (WebCore::platformFontWithFamilySpecialCase): * style/StyleResolveForDocument.cpp: (WebCore::Style::resolveForDocument): * svg/graphics/SVGImage.cpp: (WebCore::SVGImage::dataChanged): * testing/InternalSettings.cpp: (WebCore::InternalSettings::Backup::Backup): (WebCore::InternalSettings::Backup::restoreTo): (WebCore::InternalSettings::setShouldAllowDesignSystemUIFonts): * testing/InternalSettings.h: * testing/InternalSettings.idl: 2019-07-15 Alan Coon <alancoon@apple.com> Revert r247377. rdar://problem/53125241 2019-07-15 Alan Coon <alancoon@apple.com> Revert r247379. rdar://problem/53125241 2019-07-15 Alan Coon <alancoon@apple.com> Revert r247366. rdar://problem/53118665 2019-07-15 Alan Coon <alancoon@apple.com> Revert r247378. rdar://problem/53118665 2019-07-15 Alan Coon <alancoon@apple.com> Revert r247397. rdar://problem/53118665 2019-07-15 Youenn Fablet <youenn@apple.com> Filter SDP c lines https://bugs.webkit.org/show_bug.cgi?id=199791 Reviewed by Eric Carlson. As discussed in https://github.com/rtcweb-wg/mdns-ice-candidates/issues/91, use 0.0.0.0 for c lines when filtering the SDP. Covered by updated test. * Modules/mediastream/PeerConnectionBackend.cpp: (WebCore::PeerConnectionBackend::filterSDP const): 2019-07-15 Zalan Bujtas <zalan@apple.com> naver.com: Video stops when tapping on the video to use buttons https://bugs.webkit.org/show_bug.cgi?id=199784 <rdar://problem/48068610> Reviewed by Maciej Stachowiak. Opt out of simulated mouse event sending for tv.naver.com. When tv.naver.com receives the simulated mouseUp at touchEnd, it pauses the video right away and calls preventDefault() which prevents us from running the hover heuristics. * page/Quirks.cpp: (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): 2019-07-15 Michael Catanzaro <mcatanzaro@igalia.com> [GTK] GitHub breaks on FreeBSD because of "unsupported browser" https://bugs.webkit.org/show_bug.cgi?id=199745 Reviewed by Carlos Garcia Campos. It's been a while since I last updated the fake version numbers in our user agent, both for the user agent quirks for naughty websites and also the Safari version in our standard user agent. Update them. This should fix github.com on FreeBSD at least. I also noticed some wonkiness on Google Docs recently that I thought required this update, but I didn't do anything about it at the time because I wasn't able to reproduce the issue when I tried again later. This could absolutely break websites, because the web is awful, but that's calculated risk. * platform/UserAgentQuirks.cpp: (WebCore::UserAgentQuirks::stringForQuirk): * platform/glib/UserAgentGLib.cpp: (WebCore::buildUserAgentString): 2019-07-14 Chris Dumez <cdumez@apple.com> Add threading assertion to WeakPtrFactory::createWeakPtr() https://bugs.webkit.org/show_bug.cgi?id=199639 Reviewed by Ryosuke Niwa. * platform/ScrollableArea.cpp: * rendering/RenderObject.cpp: 2019-07-14 Dean Jackson <dino@apple.com> WebGL not supported on WKWebView on UIKit for Mac https://bugs.webkit.org/show_bug.cgi?id=199785 <rdar://problem/52911449> Reviewed by Antoine Quint. UIKit for Mac was not creating a CGLPixelFormatObj because it wasn't using the code hidden in PLATFORM(MAC). Instead we should be guarding for USE(OPENGL). There are still some inconsistencies: <rdar://53062794> Test: webgl/smell-test.html * platform/graphics/cocoa/GraphicsContext3DCocoa.mm: (WebCore::GraphicsContext3D::GraphicsContext3D): (WebCore::GraphicsContext3D::allowOfflineRenderers const): We have to return true for this, since we don't have access to the Window Server. 2019-07-13 Wenson Hsieh <wenson_hsieh@apple.com> [Text autosizing] [iPadOS] Further adjust our heuristics to determine text autosizing candidates https://bugs.webkit.org/show_bug.cgi?id=199780 <rdar://problem/52289088> Reviewed by Simon Fraser. Our current idempotent text autosizing candidate heuristic makes the right judgment call most of the time, but there is still a large batch of text autosizing bugs left unfixed by the first iteration of the heuristic added in r246781. This patch attempts to address most of these bugs by adjusting the decision-tree-based heuristic once again, mostly with improvements to the model generation pipeline. During the first iteration, I placed emphasis on tuning the max tree depth and min leaf size hyperparameters when coming up with my decision tree, and didn't consider the inclusion or exclusion of each feature as a hyperparameters. As such, the trees generated using the pipeline tended to use too many features, and as a result, tended to have cross-validation overall accuracy scores hovering around 73%. In this revised model generation pipeline, I now consider the inclusion of each feature (along with max depth and min leaf size, as before) as a hyperparameter. Since this increases the number of hyperparameters by many orders of magnitude, a naive grid search (as described in the prior ChangeLog entry) is no longer a tractible procedure for tuning hyperparameters to the training algorithm. Instead, I now use a stochastic greedy algorithm to search for good sets of hyperparameters; this process begins with seeding some number (usually 20-24) of "searchers" with completely randomized sets of hyperparameters (i.e. random max depth, random leaf size, and random subsets of features). I then evaluate the average performance of each set of hyperparameters by using them to generate 2000 decision trees over 90% of the training data, and then cross-validating these trees against the remaining 10%. These cross-validation scores are aggregated into a single confusion matrix, which is then passed into a loss function that computes a single value indicating how well training with the set of hyperparameters generalized to cross-validation data. After experimenting with various loss functions, I settled on the following: `k(false positive rate)^2 + (false negative rate)^2` ...where a constant k is chosen to penalize false positives (i.e. broken layout) more harshly than false negatives (small text). Additionally, squaring the false negative and false positive rates seems to help avoid converging on solutions that heavily favor reducing only false positives or false negatives, or vice versa. The stochastic algorithm starts by computing a loss value for the randomly generated configuration. Then, for an indefinite number of iterations, it randomly mutates the configuration (e.g. by adding or removing features, or changing min leaf size or max tree depth) and computes a new loss value for the mutated configuration. If the mutated configuration performs better (i.e. achieves lower loss) than the current configuration, I set the current configuration to be the mutated configuration. Otherwise, I keep the current (non-mutated) configuration as-is. The stochastic algorithm then proceeds, ad-infinitum, with this current configuration. Of course, since each mutation is small, this strategy so far is prone to leaving each searcher stuck in local optima. To mitigate this, for each searcher, I keep track of a side-table of configurations that have already been tested; when random mutations would normally lead to testing a configuration that has already been tested, each searcher instead increases the chance of applying additional mutations. This has the effect of searchers initially exhausting similar configurations, and expanding to test more and more dissimilar configurations as the local alternatives all turn out to be worse. This allows searchers to effectively jump out of local optima after being stuck for a long time. So, using these strategies, I simultaneously ran a handful of searchers until they all appeared to converge (a process that takes 8-12 hours on my current dataset). Many of the searchers achieved configurations with cross-validation scores of 81% and above, up from the 73% of the previous attempt. These additionally have the added bonus of reducing the number of features, often making the final trees themselves shallower and simpler to understand than before. This patch introduces one such decision tree generated using a set of hyperparameters acquired via this stochasic search algorithm; it appears to simultaneously use fewer features, and achieve better cross-validation performance. Test: fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidates.html * css/StyleResolver.cpp: (WebCore::StyleResolver::adjustRenderStyleForTextAutosizing): Adjust the early return to bail if either (1) the element is a candidate and the computed size is already equal to the boosted size, or (2) the element is not a candidate and the computed size is already equal to the specified size. Since the autosizing candidate heuristic depends on styles specified on the element itself (as opposed to styles on any element in the ancestor chain), a parent may be an autosizing candidate, but a child of it may not. * rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::isIdempotentTextAutosizingCandidate const): Revamp the idempotent text autosizing candidate heuristic. See the explanation above for more details. * rendering/style/RenderStyle.h: Remove some bits from RenderStyle's autosizeStatus, now that we care about fewer bits of information from the inherited flags. * rendering/style/TextSizeAdjustment.cpp: (WebCore::AutosizeStatus::updateStatus): * rendering/style/TextSizeAdjustment.h: 2019-07-13 Simon Fraser <simon.fraser@apple.com> Don't do async overflow scrolling for visibility:hidden scrollers https://bugs.webkit.org/show_bug.cgi?id=199779 Reviewed by Dean Jackson. An overflow:scroll with visibility:hidden is not scrollable on macOS, even if it has visible content. So disable async overflow:scroll when the scroller has non-visible visibility (this also takes visibility on ancestors into account). visibility:hidden overflow:scroll can be common because some JS libraries use it (https://github.com/wnr/element-resize-detector). Test: compositing/scrolling/async-overflow-scrolling/visibility-hidden-scrollers.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::canUseCompositedScrolling const): Don't use hasVisibleContent() because that's affected by visible children. 2019-07-13 Robin Morisset <rmorisset@apple.com> [WHLSL] Return statements don't need to keep track of the function they're in https://bugs.webkit.org/show_bug.cgi?id=199763 Reviewed by Myles C. Maxfield. Return::m_function is only used in the Checker, and it can easily enough keep track of the current function. This means we no longer need to keep track of the current function in the NameResolver, and we can save 8 bytes per Return Since I was touching the NameResolver I also removed a few pointless overrides of Visitor::visit(). No new tests as there is no intended functional change. * Modules/webgpu/WHLSL/AST/WHLSLReturn.h: * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::Checker::visit): * Modules/webgpu/WHLSL/WHLSLNameResolver.cpp: (WebCore::WHLSL::NameResolver::NameResolver): (WebCore::WHLSL::resolveTypeNamesInFunctions): * Modules/webgpu/WHLSL/WHLSLNameResolver.h: 2019-07-13 Andres Gonzalez <andresg_22@apple.com> Add accessibility support to WKDataListSuggestionsView. https://bugs.webkit.org/show_bug.cgi?id=199772 <rdar://problem/47095851> Reviewed by Chris Fleizach. Localizable strings for accessibility announcements. * en.lproj/Localizable.strings: 2019-07-13 Chris Dumez <cdumez@apple.com> Drop non thread-safe usage of WeakPtr in VideoFullscreenInterfaceAVKit https://bugs.webkit.org/show_bug.cgi?id=199775 Reviewed by Eric Carlson. The VideoFullscreenInterfaceAVKit constructor was making a weakPtr on the UI Thread of an WebThread object. The WeakPtr would then be used as a data member throughout the class on the UIThread. This is not thread-safe. This patch switches to using a raw pointer instead of a WeakPtr. This is a partial rollout of r243298, which turned the raw pointer into a WeakPtr for hardening purposes. For extra safety, this patch updates the VideoFullscreenControllerContext so that it notifies its clients (i.e. PlaybackSessionInterfaceAVKit) that it is getting destroyed, so that they can null-out their m_videoFullscreenModel & m_fullscreenChangeObserver data members. This gives the sames guarantees as WeakPtr but in a thread-safe way. This is very similar to the fix that was done for PlaybackSessionInterfaceAVKit in r247380. * platform/cocoa/VideoFullscreenModel.h: (WebCore::VideoFullscreenModelClient::modelDestroyed): * platform/ios/VideoFullscreenInterfaceAVKit.h: * platform/ios/VideoFullscreenInterfaceAVKit.mm: (VideoFullscreenInterfaceAVKit::setVideoFullscreenModel): (VideoFullscreenInterfaceAVKit::setVideoFullscreenChangeObserver): (VideoFullscreenInterfaceAVKit::modelDestroyed): * platform/ios/WebVideoFullscreenControllerAVKit.mm: (VideoFullscreenControllerContext::~VideoFullscreenControllerContext): 2019-07-13 Zalan Bujtas <zalan@apple.com> Cannot bring up custom media controls at all on v.youku.com https://bugs.webkit.org/show_bug.cgi?id=199699 <rdar://problem/51835327> Reviewed by Simon Fraser. The "find the node under the finger" heuristic should only find nodes that are visible to hit-testing. When the user taps on the screen, we run a "find the best node under the finger" heuristic and use the node's location to dispatch the associated event (e.g. mousePressed). Ideally the "best node under the finger" and the final target node for the associated event are the same. However these two methods configure the hit-testing process differently which could lead to node mismatch. The "best node" heuristic calls hit-testing with AllowChildFrameContent. This flag allows hit-testing to descend into subframes even if the subframe is not visible to hit-testing (visibility: hidden). While event dispatching never descends into subfames through hit-testing, but instead it forwards the dispatching to subframes that are visible to hit-testing. This patch addresses the mismatching node issue by calling the descending version of hit-testing with a flag that enforces visiblity check before descending into a subframe. Tests: fast/events/touch/ios/visibility-hidden-iframe-click.html fast/events/touch/ios/visibility-hidden-nested-iframe-click.html * page/ios/FrameIOS.mm: (WebCore::Frame::hitTestResultAtViewportLocation): * rendering/HitTestRequest.h: (WebCore::HitTestRequest::skipsChildFrameContentInvisibleToHitTest const): * rendering/RenderWidget.cpp: (WebCore::RenderWidget::nodeAtPoint): 2019-07-13 Chris Dumez <cdumez@apple.com> Fix non thread-safe usage of makeWeakPtr() in MediaPlayerPrivateAVFoundation https://bugs.webkit.org/show_bug.cgi?id=199777 Reviewed by Eric Carlson. The code was calling makeWeakPtr() on a main-thread object, from a background thread. This is not thread safe. To address the issue, this patches creates the WeakPtr ahead of time, on the main thread. * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp: (WebCore::MediaPlayerPrivateAVFoundation::MediaPlayerPrivateAVFoundation): (WebCore::MediaPlayerPrivateAVFoundation::scheduleMainThreadNotification): (WebCore::MediaPlayerPrivateAVFoundation::dispatchNotification): * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h: 2019-07-12 Thibault Saunier <tsaunier@igalia.com> [GStreamer] Mock GStreamer realtime sources should keep a Ref of their mock realtime media sources https://bugs.webkit.org/show_bug.cgi?id=194326 WrappedMockRealtimeVideoSource is a subclass of RealtimeMediaSource which is refcounted, we can't use a unique_ptr on those. Also changed m_wrappedSource type to its actual type so it is cleaner even if needed to upcast it to RealtimeMediaSource so some method that are made private in the mock can still be called. Reviewed by Youenn Fablet. This fixes MediaStream tests * platform/mediastream/gstreamer/MockGStreamerAudioCaptureSource.cpp: (WebCore::WrappedMockRealtimeAudioSource::create): (WebCore::WrappedMockRealtimeAudioSource::asRealtimeMediaSource): (WebCore::WrappedMockRealtimeAudioSource::WrappedMockRealtimeAudioSource): (WebCore::m_wrappedSource): (WebCore::MockGStreamerAudioCaptureSource::startProducingData): (WebCore::MockGStreamerAudioCaptureSource::settings): (WebCore::MockGStreamerAudioCaptureSource::capabilities): * platform/mediastream/gstreamer/MockGStreamerAudioCaptureSource.h: * platform/mediastream/gstreamer/MockGStreamerVideoCaptureSource.cpp: (WebCore::WrappedMockRealtimeVideoSource::create): (WebCore::WrappedMockRealtimeVideoSource::asRealtimeMediaSource): (WebCore::WrappedMockRealtimeVideoSource::WrappedMockRealtimeVideoSource): (WebCore::m_wrappedSource): (WebCore::MockGStreamerVideoCaptureSource::settings): (WebCore::MockGStreamerVideoCaptureSource::capabilities): * platform/mediastream/gstreamer/MockGStreamerVideoCaptureSource.h: 2019-07-12 Alex Christensen <achristensen@webkit.org> Change RELEASE_ASSERT in DocumentWriter::addData to ASSERT and early return https://bugs.webkit.org/show_bug.cgi?id=199756 <rdar://problem/51554775> Reviewed by Brady Eidson. Attempts to reach this assertion were unsuccessful, but sometimes this assertion crashes. Let's change it to an early return to prevent crashes. * loader/DocumentWriter.cpp: (WebCore::DocumentWriter::addData): 2019-07-12 Justin Fan <justin_fan@apple.com> [WebGPU] Move error scopes out of GPUDevice for more portable error generation https://bugs.webkit.org/show_bug.cgi?id=199740 Reviewed by Myles C. Maxfield. Move error generation into a separate RefCounted class to allow GPU objects to generate errors independent of any GPUDevice. Create GPUObjectBase to delegate error generation and refactor GPUBuffer to inherit from GPUObjectBase. No behavior change or new tests. Error scopes covered by error-scopes-test.html. * Modules/webgpu/WebGPUDevice.cpp: (WebCore::WebGPUDevice::WebGPUDevice): Now creates a GPUErrorGenerator. (WebCore::WebGPUDevice::createBuffer const): Pass the GPUErrorGenerator to any created GPUBuffer. (WebCore::WebGPUDevice::createBufferMapped const): Ditto. (WebCore::WebGPUDevice::popErrorScope): Shouldn't be const. Can just ask for the GPUError rather than passing a lambda. (WebCore::WebGPUDevice::pushErrorScope const): Deleted. (WebCore::WebGPUDevice::popErrorScope const): Deleted. * Modules/webgpu/WebGPUDevice.h: (WebCore::WebGPUDevice::pushErrorScope): * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * platform/graphics/gpu/GPUBuffer.h: Now inherits from GPUObjectBase for error generation ease. * platform/graphics/gpu/GPUDevice.cpp: (WebCore::GPUDevice::tryCreateBuffer): Ensure GPUBuffers reference the GPUErrorGenerator. (WebCore::GPUDevice::pushErrorScope): Deleted. No longer needed here. (WebCore::GPUDevice::popErrorScope): Deleted. (WebCore::GPUDevice::registerError): Deleted. * platform/graphics/gpu/GPUDevice.h: Move error scope logic out. * platform/graphics/gpu/GPUErrorGenerator.cpp: Added. (WebCore::GPUErrorGenerator::pushErrorScope): (WebCore::GPUErrorGenerator::popErrorScope): (WebCore::GPUErrorGenerator::generateError): * platform/graphics/gpu/GPUErrorGenerator.h: Added. (WebCore::GPUErrorGenerator::create): * platform/graphics/gpu/GPUObjectBase.h: Added. (WebCore::GPUObjectBase::generateError): (WebCore::GPUObjectBase::GPUObjectBase): * platform/graphics/gpu/cocoa/GPUBufferMetal.mm: Use the GPUErrorGenerator directly during buffer creation. (WebCore::GPUBuffer::validateBufferUsage): (WebCore::GPUBuffer::tryCreate): (WebCore::GPUBuffer::GPUBuffer): * platform/graphics/gpu/cocoa/GPUQueueMetal.mm: (WebCore::GPUQueue::submit): Prevent possible null dereference. 2019-07-12 Youenn Fablet <youenn@apple.com> Add release logging for quota checks https://bugs.webkit.org/show_bug.cgi?id=199697 Reviewed by Alex Christensen. Log whether a request to extend quota is made and the result of the request. This logging should happen in the networking process. No change of behavior. * platform/Logging.h: * storage/StorageQuotaManager.cpp: (WebCore::StorageQuotaManager::askForMoreSpace): (WebCore::StorageQuotaManager::processPendingRequests): 2019-07-12 Youenn Fablet <youenn@apple.com> Stopping a cloned MediaStream video track should not stop any other video track https://bugs.webkit.org/show_bug.cgi?id=199635 Reviewed by Eric Carlson. In case a track is requesting its source to end, the RealtimeVideoSource should request its own source to end and not stop it directly. Also, if a track is removing itself as an observer to a RealtimeVideoSource, we should stop the underlying source only if this one does not have any other observer. Covered by updated test. * platform/mediastream/RealtimeMediaSource.cpp: (WebCore::RealtimeMediaSource::removeObserver): * platform/mediastream/RealtimeMediaSource.h: * platform/mediastream/RealtimeVideoSource.cpp: (WebCore::RealtimeVideoSource::requestToEnd): (WebCore::RealtimeVideoSource::stopBeingObserved): * platform/mediastream/RealtimeVideoSource.h: 2019-07-12 Timothy Hatcher <timothy@apple.com> Drop DarkModeCSSEnabled as an experimental feature and always enable it. https://bugs.webkit.org/show_bug.cgi?id=199725 rdar://problem/52970972 Reviewed by Megan Gardner. Tests: css-dark-mode * css/CSSComputedStyleDeclaration.cpp: (WebCore::ComputedStyleExtractor::valueForPropertyInStyle): * css/MediaQueryEvaluator.cpp: (WebCore::prefersColorSchemeEvaluate): * css/MediaQueryExpression.cpp: (WebCore::featureWithValidIdent): (WebCore::isFeatureValidWithoutValue): * css/parser/CSSPropertyParser.cpp: (WebCore::CSSPropertyParser::parseSingleValue): * html/HTMLMetaElement.cpp: (WebCore::HTMLMetaElement::process): * page/RuntimeEnabledFeatures.h: (WebCore::RuntimeEnabledFeatures::setDarkModeCSSEnabled): Deleted. (WebCore::RuntimeEnabledFeatures::darkModeCSSEnabled const): Deleted. 2019-07-12 Carlos Alberto Lopez Perez <clopez@igalia.com> Refactor ShadowBlur: remove some class variables and use function parameters instead. https://bugs.webkit.org/show_bug.cgi?id=199511 Reviewed by Said Abou-Hallawa. On the ShadowBlur class it is confusing to know if the status of the m_layerImage buffer or the values calculated by calculateLayerBoundingRect() are valid between the different function calls. To avoid this problem, pass this values as function parameters instead of storing them in the class. No new tests, no intended behaviour change. * platform/graphics/ShadowBlur.cpp: (WebCore::ShadowBlur::ShadowBlur): (WebCore::ShadowBlur::calculateLayerBoundingRect): (WebCore::ShadowBlur::drawShadowBuffer): (WebCore::ShadowBlur::drawRectShadow): Pass the parameters from the callback. (WebCore::ShadowBlur::drawInsetShadow): Ditto. (WebCore::ShadowBlur::drawRectShadowWithoutTiling): (WebCore::ShadowBlur::drawInsetShadowWithoutTiling): (WebCore::ShadowBlur::drawRectShadowWithTiling): (WebCore::ShadowBlur::drawInsetShadowWithTiling): (WebCore::ShadowBlur::drawLayerPieces): (WebCore::ShadowBlur::drawLayerPiecesAndFillCenter): (WebCore::ShadowBlur::blurShadowBuffer): (WebCore::ShadowBlur::blurAndColorShadowBuffer): (WebCore::ShadowBlur::drawShadowLayer): * platform/graphics/ShadowBlur.h: Use a struct to pass the values calculated on calculateLayerBoundingRect(). 2019-07-12 Adrian Perez de Castro <aperez@igalia.com> [ATK] Avoid unneeded call to to core(selection) in listObjectForSelection() https://bugs.webkit.org/show_bug.cgi?id=199748 <rdar://problem/52995908> Reviewed by Konstantin Tokarev. No new tests needed. * accessibility/atk/WebKitAccessibleInterfaceSelection.cpp: (listObjectForCoreSelection): Renamed from listObjectForSelection() and remove the unneeded call to core() now that coreSelection is passed directly to the function. (optionFromList): Change to pass coreSelection directly to listObjectForCoreSelection(). 2019-07-11 Chris Dumez <cdumez@apple.com> Fix non-thread safe use of makeWeakPtr() under MediaPlayerPrivateMediaFoundation::CustomVideoPresenter::processInputNotify() https://bugs.webkit.org/show_bug.cgi?id=199727 Reviewed by Eric Carlson. Stop calling makeWeakPtr() on a main thread object from a background thread. * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp: (WebCore::MediaPlayerPrivateMediaFoundation::CustomVideoPresenter::processInputNotify): 2019-07-11 Youenn Fablet <youenn@apple.com> Register a MediaStreamTrack as media producer only if it is a capture track https://bugs.webkit.org/show_bug.cgi?id=199566 <rdar://problem/52761361> Addressing post-landing comment to simplify setMuted call. Unreviewed. * Modules/mediastream/MediaStreamTrack.cpp: (WebCore::MediaStreamTrack::MediaStreamTrack): 2019-07-11 Youenn Fablet <youenn@apple.com> Protect CoreAudioSharedUnit::m_clients for accessing in different threads simultaneously https://bugs.webkit.org/show_bug.cgi?id=199717 Reviewed by Eric Carlson. Add a lock whenever accessing to m_clients. Manual tests show that audio capture still works. * platform/mediastream/mac/CoreAudioCaptureSource.cpp: (WebCore::CoreAudioSharedUnit::addClient): (WebCore::CoreAudioSharedUnit::removeClient): (WebCore::CoreAudioSharedUnit::forEachClient const): (WebCore::CoreAudioSharedUnit::processMicrophoneSamples): (WebCore::CoreAudioSharedUnit::captureFailed): 2019-07-11 Chris Dumez <cdumez@apple.com> Drop non thread-safe usage of WeakPtr in PlaybackSessionInterfaceAVKit https://bugs.webkit.org/show_bug.cgi?id=199698 Reviewed by Eric Carlson. The PlaybackSessionInterfaceAVKit constructor was making a weakPtr on the UI Thread of an WebThread object. The WeakPtr would then be used as a data member throughout the class on the UIThread. This is not thread-safe. This patch switches to using a raw pointer instead of a WeakPtr. This is a partial rollout of r243337, which turned the raw pointer into a WeakPtr for hardening purposes. For extra safety, this patch updates the VideoFullscreenControllerContext so that it notifies its clients (i.e. PlaybackSessionInterfaceAVKit) that it is getting destroyed, so that they can null-out their m_playbackSessionModel data member. This gives the sames guarantees than WeakPtr but in a thread-safe way. * platform/cocoa/PlaybackSessionModel.h: (WebCore::PlaybackSessionModelClient::modelDestroyed): * platform/ios/PlaybackSessionInterfaceAVKit.h: * platform/ios/PlaybackSessionInterfaceAVKit.mm: (WebCore::PlaybackSessionInterfaceAVKit::PlaybackSessionInterfaceAVKit): (WebCore::PlaybackSessionInterfaceAVKit::~PlaybackSessionInterfaceAVKit): (WebCore::PlaybackSessionInterfaceAVKit::playbackSessionModel const): (WebCore::PlaybackSessionInterfaceAVKit::modelDestroyed): * platform/ios/WebVideoFullscreenControllerAVKit.mm: (VideoFullscreenControllerContext::~VideoFullscreenControllerContext): (VideoFullscreenControllerContext::addClient): (VideoFullscreenControllerContext::removeClient): 2019-07-11 Simon Fraser <simon.fraser@apple.com> Fix builds where HAVE_DESIGN_SYSTEM_UI_FONTS is not defined. * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::fontWithFamilySpecialCase): 2019-07-11 Justin Fan <justin_fan@apple.com> Unreviewed build fix. * Modules/webgpu/WHLSL/WHLSLRecursionChecker.cpp: Missing include. 2019-07-11 Myles C. Maxfield <mmaxfield@apple.com> New York font erroneously gets synthetic bold https://bugs.webkit.org/show_bug.cgi?id=199653 <rdar://problem/51692592> Reviewed by Simon Fraser. This patch adds support for -apple-system-ui-serif, -apple-system-ui-monospaced, and -apple-system-ui-rounded, behind an SPI that is off-by-default. We don't want to expose these fonts to the web because we don't a standardization story for them yet, but we do want some apps to be able to use them. WebKit clients who want to use these fonts can set -[WKPreferences _shouldAllowDesignSystemUIFonts] = YES. The patch generalizes our existing system-ui infrastructure to handle these three additional fonts. It also explicitly disables the unsupported dot-prefixed names so they don't leak out into Web content. Tests: fast/text/design-system-ui-10.html fast/text/design-system-ui-11.html fast/text/design-system-ui-12.html fast/text/design-system-ui-13.html fast/text/design-system-ui-14.html fast/text/design-system-ui-15.html fast/text/design-system-ui-16.html fast/text/design-system-ui-2.html fast/text/design-system-ui-3.html fast/text/design-system-ui-4.html fast/text/design-system-ui-5.html fast/text/design-system-ui-6.html fast/text/design-system-ui-7.html fast/text/design-system-ui-8.html fast/text/design-system-ui-9.html fast/text/design-system-ui.html * css/CSSFontFace.cpp: (WebCore::CSSFontFace::shouldAllowDesignSystemUIFonts const): * css/CSSFontFace.h: * css/CSSFontFaceSource.cpp: (WebCore::CSSFontFaceSource::load): * css/StyleResolver.cpp: (WebCore::StyleResolver::initializeFontStyle): * page/Settings.yaml: * platform/graphics/FontDescription.cpp: (WebCore::m_shouldAllowDesignSystemUIFonts): (WebCore::m_shouldAllowUserInstalledFonts): Deleted. * platform/graphics/FontDescription.h: (WebCore::FontDescription::shouldAllowDesignSystemUIFonts const): (WebCore::FontDescription::setShouldAllowDesignSystemUIFonts): (WebCore::FontDescription::operator== const): * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::platformFontLookupWithFamily): (WebCore::fontWithFamily): * platform/graphics/cocoa/FontCacheCoreText.h: * platform/graphics/cocoa/FontDescriptionCocoa.cpp: (WebCore::systemFontUse): (WebCore::systemFontCascadeList): (WebCore::FontCascadeDescription::effectiveFamilyCount const): (WebCore::FontCascadeDescription::effectiveFamilyAt const): (WebCore::isSystemFontString): Deleted. (WebCore::isUIFontTextStyle): Deleted. * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::ctFont const): * platform/graphics/cocoa/SystemFontDatabaseCoreText.cpp: (WebCore::SystemFontDatabaseCoreText::createSystemUI): (WebCore::SystemFontDatabaseCoreText::createDesignSystemUI): (WebCore::SystemFontDatabaseCoreText::createTextStyle): (WebCore::SystemFontDatabaseCoreText::cascadeList): (WebCore::SystemFontDatabaseCoreText::applyWeightItalicsAndFallbackBehavior): (WebCore::SystemFontDatabaseCoreText::systemFontParameters): * platform/graphics/cocoa/SystemFontDatabaseCoreText.h: * platform/graphics/ios/FontCacheIOS.mm: (WebCore::platformFontWithFamilySpecialCase): * platform/graphics/mac/FontCacheMac.mm: (WebCore::platformFontWithFamilySpecialCase): * style/StyleResolveForDocument.cpp: (WebCore::Style::resolveForDocument): * svg/graphics/SVGImage.cpp: (WebCore::SVGImage::dataChanged): * testing/InternalSettings.cpp: (WebCore::InternalSettings::Backup::Backup): (WebCore::InternalSettings::Backup::restoreTo): (WebCore::InternalSettings::setShouldAllowDesignSystemUIFonts): * testing/InternalSettings.h: * testing/InternalSettings.idl: 2019-07-11 Pablo Saavedra <psaavedra@igalia.com> [WPE][GTK] Build failure with ENABLE_ACCESSIBILITY=OFF https://bugs.webkit.org/show_bug.cgi?id=199625 Added ENABLE(ACCESSIBILITY) and replaced HAVE(ACCESSIBILITY) with ENABLE(ACCESSIBILITY) in the code. Additionally, the TestRunner code generator now honors the Conditional IDL format. No new tests as there is no intended functional change Reviewed by Konstantin Tokarev. * accessibility/AXObjectCache.cpp: * accessibility/AXObjectCache.h: * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::detach): (WebCore::AccessibilityObject::isDetached const): * accessibility/AccessibilityObject.h: * accessibility/atk/AXObjectCacheAtk.cpp: * accessibility/atk/AccessibilityObjectAtk.cpp: * accessibility/atk/WebKitAccessible.cpp: * accessibility/atk/WebKitAccessible.h: * accessibility/atk/WebKitAccessibleHyperlink.cpp: * accessibility/atk/WebKitAccessibleHyperlink.h: * accessibility/atk/WebKitAccessibleInterfaceAction.cpp: * accessibility/atk/WebKitAccessibleInterfaceAction.h: * accessibility/atk/WebKitAccessibleInterfaceComponent.cpp: * accessibility/atk/WebKitAccessibleInterfaceComponent.h: * accessibility/atk/WebKitAccessibleInterfaceDocument.cpp: * accessibility/atk/WebKitAccessibleInterfaceDocument.h: * accessibility/atk/WebKitAccessibleInterfaceEditableText.cpp: * accessibility/atk/WebKitAccessibleInterfaceEditableText.h: * accessibility/atk/WebKitAccessibleInterfaceHyperlinkImpl.cpp: * accessibility/atk/WebKitAccessibleInterfaceHyperlinkImpl.h: * accessibility/atk/WebKitAccessibleInterfaceHypertext.cpp: * accessibility/atk/WebKitAccessibleInterfaceHypertext.h: * accessibility/atk/WebKitAccessibleInterfaceImage.cpp: * accessibility/atk/WebKitAccessibleInterfaceImage.h: * accessibility/atk/WebKitAccessibleInterfaceSelection.cpp: * accessibility/atk/WebKitAccessibleInterfaceSelection.h: * accessibility/atk/WebKitAccessibleInterfaceTable.cpp: * accessibility/atk/WebKitAccessibleInterfaceTable.h: * accessibility/atk/WebKitAccessibleInterfaceTableCell.cpp: * accessibility/atk/WebKitAccessibleInterfaceTableCell.h: * accessibility/atk/WebKitAccessibleInterfaceText.cpp: * accessibility/atk/WebKitAccessibleInterfaceText.h: * accessibility/atk/WebKitAccessibleInterfaceValue.cpp: * accessibility/atk/WebKitAccessibleInterfaceValue.h: * accessibility/atk/WebKitAccessibleUtil.cpp: * accessibility/atk/WebKitAccessibleUtil.h: * accessibility/ios/AXObjectCacheIOS.mm: * accessibility/ios/AccessibilityObjectIOS.mm: * accessibility/ios/WebAccessibilityObjectWrapperIOS.h: * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: * accessibility/mac/AXObjectCacheMac.mm: * accessibility/mac/AccessibilityObjectBase.mm: * accessibility/mac/AccessibilityObjectMac.mm: * accessibility/mac/WebAccessibilityObjectWrapperBase.mm: * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: * accessibility/win/AccessibilityObjectWin.cpp: * accessibility/win/AccessibilityObjectWrapperWin.cpp: * dom/Document.cpp: (WebCore::Document::prepareForDestruction): * editing/FrameSelection.h: * editing/atk/FrameSelectionAtk.cpp: * html/HTMLTextFormControlElement.cpp: (WebCore::HTMLTextFormControlElement::setInnerTextValue): * testing/Internals.cpp: (WebCore::Internals::resetToConsistentState): 2019-07-11 Justin Fan <justin_fan@apple.com> [WebGPU] Implement GPUError and error scopes https://bugs.webkit.org/show_bug.cgi?id=199655 Reviewed by Myles C. Maxfield. Add GPUErrorFilter, GPUError, and the ability to push and pop error scopes on a GPUDevice. This will allow us to check for WebGPU errors from JavaScript. Currently, only some GPUBuffer creation errors are reported for testing; more errors will follow in later patches. Test: webgpu/error-scopes-test.html * Modules/webgpu/GPUErrorFilter.idl: Added. * Modules/webgpu/GPUOutOfMemoryError.idl: Added. * Modules/webgpu/GPUValidationError.idl: Added. * Modules/webgpu/WebGPUDevice.cpp: (WebCore::WebGPUDevice::pushErrorScope): (WebCore::WebGPUDevice::popErrorScope): Resolve the Promise here, since GPUDevice shouldn't worry about DOM layer. * Modules/webgpu/WebGPUDevice.h: * Modules/webgpu/WebGPUDeviceErrorScopes.cpp: Added. (WebCore::WebGPUDeviceErrorScopes::pushErrorScope): Delegates to WebGPUDevice. (WebCore::WebGPUDeviceErrorScopes::popErrorScope): Ditto. * Modules/webgpu/WebGPUDeviceErrorScopes.h: Added. * Modules/webgpu/WebGPUDeviceErrorScopes.idl: Added. * platform/graphics/gpu/GPUBuffer.h: * platform/graphics/gpu/GPUDevice.cpp: The actual error stack lives here. (WebCore::GPUDevice::pushErrorScope): (WebCore::GPUDevice::popErrorScope): Calls a callback with a GPUError, if any. (WebCore::GPUDevice::registerError): Actually creates GPUErrors. * platform/graphics/gpu/GPUDevice.h: * platform/graphics/gpu/GPUError.cpp: Added. (WebCore::createError): Factory function for various error types. * platform/graphics/gpu/GPUError.h: Added. * platform/graphics/gpu/GPUErrorFilter.h: Added. * platform/graphics/gpu/GPUOutOfMemoryError.h: Added. (WebCore::GPUOutOfMemoryError::create): * platform/graphics/gpu/GPUValidationError.cpp: Added. (WebCore::GPUValidationError::create): (WebCore::GPUValidationError::GPUValidationError): * platform/graphics/gpu/GPUValidationError.h: Added. (WebCore::GPUValidationError::message const): * platform/graphics/gpu/cocoa/GPUBufferMetal.mm: (WebCore::GPUBuffer::validateBufferUsage): Create an actual GPUValidationError :) (WebCore::GPUBuffer::tryCreate): Create GPUOutOfMemoryErrors where appropriate. Add file/name references: * CMakeLists.txt: * DerivedSources-input.xcfilelist: * DerivedSources-output.xcfilelist: * DerivedSources.make: * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * bindings/js/WebCoreBuiltinNames.h: Missing includes: * Modules/webgpu/WHLSL/WHLSLCheckTextureReferences.cpp: 2019-07-11 Tim Horton <timothy_horton@apple.com> Null deref of RenderView under FrameView::setNeedsCompositingConfigurationUpdate https://bugs.webkit.org/show_bug.cgi?id=199723 <rdar://problem/51554747> Reviewed by Simon Fraser. * page/FrameView.cpp: (WebCore::FrameView::setNeedsCompositingConfigurationUpdate): Add a null-check; it looks like it is possible to get here by dismissing the find overlay (or other page overlay) at an inopportune time. 2019-07-11 Chris Dumez <cdumez@apple.com> Pages using Google Tag Manager Google's anti-flicker optimization may take ~5 seconds to do initial paint https://bugs.webkit.org/show_bug.cgi?id=199704 <rdar://problem/52966461> Reviewed by Geoffrey Garen. Apply the same fix as r246764 for when "https://www.googletagmanager.com/gtm.js" load is blocked by a content extension to avoid delaying initial paint by ~5 seconds. This was tested on https://www.formula1.com/en.html. * contentextensions/ContentExtensionsBackend.cpp: (WebCore::ContentExtensions::ContentExtensionsBackend::processContentRuleListsForLoad): 2019-07-11 Chris Dumez <cdumez@apple.com> Disable RGB10 IOSurface pixel format for Mac Catalyst https://bugs.webkit.org/show_bug.cgi?id=199712 <rdar://problem/52793584> Reviewed by Beth Dakin. Disable RGB10 IOSurface pixel format for Mac Catalyst. This format is not supported on Mac Catalyst and causes us not to render anything. * platform/graphics/cocoa/IOSurface.h: 2019-07-11 Simon Fraser <simon.fraser@apple.com> [iOS WK2] Can't place caret or select in content that overflows a contenteditable element https://bugs.webkit.org/show_bug.cgi?id=199741 rdar://problem/50545233 Reviewed by Wenson Hsieh. Various code paths for editing used renderer->absoluteBoundingBoxRect(), which is the border box of the element (or a set of line boxes for inline elements) converted to absolute coordinates. This excludes overflow content, but contenteditable needs to be able to place the caret in overflow content, and allow selection rects to be in the overflow area (if the element has visible overflow). Try to clean this up by adding some static helpers on WebPage for accessing the relevant rects, and use them in code call from visiblePositionInFocusedNodeForPoint(), and code that is input to selectionClipRect. This changes selectionClipRect to use the padding box (excluding borders), which is a progression. Tests: editing/caret/ios/caret-in-overflow-area.html editing/selection/ios/place-selection-in-overflow-area.html editing/selection/ios/selection-extends-into-overflow-area.html * editing/FrameSelection.cpp: (WebCore::DragCaretController::editableElementRectInRootViewCoordinates const): 2019-07-11 Jonathan Bedard <jbedard@apple.com> [iOS 13] Enable WebKit build https://bugs.webkit.org/show_bug.cgi?id=199481 <rdar://problem/52619048> Reviewed by Tim Horton. No new tests, iOS 13 test expectations will be migrated in the near future. * platform/ios/LocalCurrentTraitCollection.mm: (WebCore::LocalCurrentTraitCollection::LocalCurrentTraitCollection): Remove underscore from currentTraitCollection. (WebCore::LocalCurrentTraitCollection::~LocalCurrentTraitCollection): Remove underscore from setCurrentTraitCollection. 2019-07-11 Chris Dumez <cdumez@apple.com> Fix non thread-safe usage of makeWeakPtr() in MediaPlayerPrivateMediaFoundation https://bugs.webkit.org/show_bug.cgi?id=199700 Reviewed by Eric Carlson. The code was calling makeWeakPtr() on a main-thread object, from a background thread. This is not thread safe. To address the issue, this patches creates the WeakPtr ahead of time, on the main thread. * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp: (WebCore::MediaPlayerPrivateMediaFoundation::MediaPlayerPrivateMediaFoundation): (WebCore::MediaPlayerPrivateMediaFoundation::endCreatedMediaSource): (WebCore::MediaPlayerPrivateMediaFoundation::endGetEvent): (WebCore::MediaPlayerPrivateMediaFoundation::CustomVideoPresenter::processInputNotify): * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h: (WebCore::MediaPlayerPrivateMediaFoundation::ThreadSafeWrapper::create): (WebCore::MediaPlayerPrivateMediaFoundation::ThreadSafeWrapper::wrapped): (WebCore::MediaPlayerPrivateMediaFoundation::ThreadSafeWrapper::ThreadSafeWrapper): 2019-07-11 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Cleanup InlineFormattingContext::LineLayout class. https://bugs.webkit.org/show_bug.cgi?id=199702 <rdar://problem/52931733> Reviewed by Sam Weinig. Move some structs to .cpp. They don't need to pollute the class declaration. * layout/inlineformatting/InlineFormattingContext.h: (WebCore::Layout::InlineFormattingContext::LineLayout::layoutState const): (): Deleted. * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::LineInput::HorizontalConstraint::HorizontalConstraint): (WebCore::Layout::LineInput::LineInput): (WebCore::Layout::InlineFormattingContext::LineLayout::placeInlineItems const): (WebCore::Layout::InlineFormattingContext::LineLayout::LineInput::HorizontalConstraint::HorizontalConstraint): Deleted. (WebCore::Layout::InlineFormattingContext::LineLayout::LineInput::LineInput): Deleted. 2019-07-11 Joanmarie Diggs <jdiggs@igalia.com> AX: Implement support for ARIA roles insertion, deletion, subscript, superscript, and time https://bugs.webkit.org/show_bug.cgi?id=199692 Reviewed by Chris Fleizach. Create new AccessibilityRole types which correspond to the new ARIA roles and update AccessibilityRenderObject::determineAccessibilityRole() to assign these internal roles to the related HTML elements. Update both ATK and Mac to recognize these new internal roles. In addition, update the ATK mappings for the ins and del elements to ATK_ROLE_CONTENT_INSERTION and ATK_ROLE_CONTENT_DELETION respectively. Also expose "insertion" and "deletion" via the AtkObject xml-roles attribute so that this information is not completely absent for GTK or WPE built against earlier versions of ATK. Remove AccessibilityObject's isSubscriptStyleGroup() and isSuperscriptStyleGroup(). These two methods were only being used by ATK and are no longer needed for platform role mapping. No new tests. Instead add the roles to the existing role-exposure tests. * accessibility/AccessibilityObject.cpp: (WebCore::initializeRoleMap): (WebCore::AccessibilityObject::isSubscriptStyleGroup const): Deleted. (WebCore::AccessibilityObject::isSuperscriptStyleGroup const): Deleted. * accessibility/AccessibilityObject.h: * accessibility/AccessibilityObjectInterface.h: * accessibility/AccessibilityRenderObject.cpp: (WebCore::AccessibilityRenderObject::determineAccessibilityRole): * accessibility/atk/WebKitAccessible.cpp: (webkitAccessibleGetAttributes): (atkRole): * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (createAccessibilityRoleMap): (-[WebAccessibilityObjectWrapper subrole]): 2019-07-11 Thibault Saunier <tsaunier@igalia.com> [GStreamer][MediaStream] Use the new dispatchMediaSampleToObservers to dispatch new buffers https://bugs.webkit.org/show_bug.cgi?id=199689 Reviewed by Philippe Normand. We already have tests for this. * platform/mediastream/gstreamer/GStreamerVideoCaptureSource.cpp: (WebCore::GStreamerVideoCaptureSource::processNewFrame): (WebCore::GStreamerVideoCaptureSource::newSampleCallback): * platform/mediastream/gstreamer/GStreamerVideoCaptureSource.h: 2019-07-10 Simon Fraser <simon.fraser@apple.com> [iOS WK2] With modal overlay and body overflow:hidden, can't access all the content https://bugs.webkit.org/show_bug.cgi?id=199693 rdar://problem/51930364 Reviewed by Tim Horton. A page with overflow:hidden on the root needs to be scrollable if: * it's zoomed * the visual viewport is smaller than the layout viewport (including visible keyboard) * scrolling is required to hide MobileSafari's squishy bars This patch does the last two, plumbing a "visual viewport is smaller than layout viewport" bit up from WebCore via the scrolling tree (that way, when it changes we automatically trigger a commit), and checking for squished bars in WKWebView. Tested by new API tests. * page/FrameView.cpp: (WebCore::FrameView::updateLayoutViewport): (WebCore::FrameView::layoutOrVisualViewportChanged): Make this not iOS-specific. It's not yet called in all the right places (doing so has risk because it's exposed via VisualViewport resize events). (WebCore::FrameView::didUpdateViewportOverrideRects): Deleted. * page/FrameView.h: * page/scrolling/AsyncScrollingCoordinator.cpp: (WebCore::AsyncScrollingCoordinator::frameViewVisualViewportChanged): (WebCore::AsyncScrollingCoordinator::setFrameScrollingNodeState): * page/scrolling/AsyncScrollingCoordinator.h: * page/scrolling/ScrollingCoordinator.h: (WebCore::ScrollingCoordinator::frameViewVisualViewportChanged): * page/scrolling/ScrollingStateFrameScrollingNode.cpp: (WebCore::ScrollingStateFrameScrollingNode::ScrollingStateFrameScrollingNode): (WebCore::ScrollingStateFrameScrollingNode::setPropertyChangedBitsAfterReattach): (WebCore::ScrollingStateFrameScrollingNode::setVisualViewportIsSmallerThanLayoutViewport): (WebCore::ScrollingStateFrameScrollingNode::dumpProperties const): * page/scrolling/ScrollingStateFrameScrollingNode.h: * page/scrolling/ScrollingTreeFrameScrollingNode.cpp: (WebCore::ScrollingTreeFrameScrollingNode::commitStateBeforeChildren): (WebCore::ScrollingTreeFrameScrollingNode::dumpProperties const): * page/scrolling/ScrollingTreeFrameScrollingNode.h: 2019-07-10 Robin Morisset <rmorisset@apple.com> [WHLSL] Optional<UniqueRef<T>> -> std::unique_ptr in Return/IfStatement/ForLoop https://bugs.webkit.org/show_bug.cgi?id=199695 Reviewed by Dean Jackson. Trivial patch that saves 8 bytes per Return/If, and 16 bytes per For loop. No new tests as there is no intended functional change. * Modules/webgpu/WHLSL/AST/WHLSLForLoop.h: (WebCore::WHLSL::AST::ForLoop::ForLoop): (WebCore::WHLSL::AST::ForLoop::condition): (WebCore::WHLSL::AST::ForLoop::increment): * Modules/webgpu/WHLSL/AST/WHLSLIfStatement.h: (WebCore::WHLSL::AST::IfStatement::IfStatement): (WebCore::WHLSL::AST::IfStatement::elseBody): * Modules/webgpu/WHLSL/AST/WHLSLReturn.h: (WebCore::WHLSL::AST::Return::Return): (WebCore::WHLSL::AST::Return::value): * Modules/webgpu/WHLSL/WHLSLParser.cpp: (WebCore::WHLSL::Parser::parseIfStatement): (WebCore::WHLSL::Parser::parseForLoop): (WebCore::WHLSL::Parser::parseStatement): 2019-07-10 Robin Morisset <rmorisset@apple.com> [WHLSL] The recursion checker should not have quadratic complexity https://bugs.webkit.org/show_bug.cgi?id=199688 Reviewed by Saam Barati. I fix it by using two different hash sets, tracking which functions we have started visiting, and which we have finished visiting. The difference are those that are currently "on the stack", and calling any of those is an error. As a bonus, I also overrode visit(Program&), so that we only bother visiting function definitions. On whlsl-compute.html ran 5 times, this patch reduces the time spent in the recursion checker from 26ms to 12ms. It is likely to be a much bigger win on larger programs (since it took the complexity from quadratic to linear). No new tests as there is no intended functional change. * Modules/webgpu/WHLSL/WHLSLRecursionChecker.cpp: 2019-07-10 Sihui Liu <sihui_liu@apple.com> Crash at WebCore::IDBServer::MemoryObjectStoreCursor::incrementReverseIterator https://bugs.webkit.org/show_bug.cgi?id=199677 <rdar://problem/52334665> Reviewed by Alex Christensen. Add an early return in incrementReverseIterator when setFirstInRemainingRange fails to set m_iterator. This is in line with what we did in incrementForwardIterator. * Modules/indexeddb/server/MemoryObjectStoreCursor.cpp: (WebCore::IDBServer::MemoryObjectStoreCursor::incrementReverseIterator): 2019-07-10 Chris Dumez <cdumez@apple.com> Stop using GenericTaskQueue from multiple threads https://bugs.webkit.org/show_bug.cgi?id=199652 Reviewed by Eric Carlson and Geoffrey Garen. WebCoreAVFLoaderDelegate was calling GenericTaskQueue::enqueueTask() from a background thread, which is not safe because the implementation of enqueueTask() calls makeWeakPtr() on the GenericTaskQueue (a main thread object). Update WebCoreAVFLoaderDelegate to make sure it is on the main thread before it calls GenericTaskQueue::enqueueTask(). * platform/GenericTaskQueue.h: Remove last template parameter which was used exclusively by WebCoreAVFLoaderDelegate to try and make GenericTaskQueue thread-safe. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (-[WebCoreAVFMovieObserver metadataLoaded]): (-[WebCoreAVFMovieObserver didEnd:]): (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]): (-[WebCoreAVFMovieObserver legibleOutput:didOutputAttributedStrings:nativeSampleBuffers:forItemTime:]): (-[WebCoreAVFMovieObserver outputSequenceWasFlushed:]): (-[WebCoreAVFLoaderDelegate resourceLoader:shouldWaitForLoadingOfRequestedResource:]): (-[WebCoreAVFLoaderDelegate resourceLoader:didCancelLoadingRequest:]): 2019-07-10 Chris Fleizach <cfleizach@apple.com> AX: VoiceOver ignored role="presentation" on <table> HTML elements https://bugs.webkit.org/show_bug.cgi?id=199659 Reviewed by Zalan Bujtas. Only include a table ancestor if it's a table we care about for accessibility. Modified Test: accessibility/ios-simulator/tables-lists.html * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper _accessibilityTableAncestor]): 2019-07-10 Robin Morisset <rmorisset@apple.com> [WHLSL] Track code locations correctly throughout the compiler to get good error messages https://bugs.webkit.org/show_bug.cgi?id=199675 Reviewed by Myles Maxfield. The basic idea is to go from having each AST node contain its own token to having each AST node contain a pair of offsets into the source, the offset before its start and the offset after its end. This will let us get good error messages. As a bonus, it saves a bit of memory as Tokens are larger (one extra word for their type). The new CodeLocation class is put in Lexer.h, because it has a cyclic dependency on Token, which also has a cyclic dependency on Lexer. No new tests as there is no intended functional change. * Modules/webgpu/WHLSL/AST/WHLSLArrayReferenceType.h: (WebCore::WHLSL::AST::ArrayReferenceType::ArrayReferenceType): * Modules/webgpu/WHLSL/AST/WHLSLArrayType.h: (WebCore::WHLSL::AST::ArrayType::ArrayType): * Modules/webgpu/WHLSL/AST/WHLSLAssignmentExpression.h: (WebCore::WHLSL::AST::AssignmentExpression::AssignmentExpression): * Modules/webgpu/WHLSL/AST/WHLSLBaseFunctionAttribute.h: (WebCore::WHLSL::AST::BaseFunctionAttribute::BaseFunctionAttribute): * Modules/webgpu/WHLSL/AST/WHLSLBaseSemantic.h: (WebCore::WHLSL::AST::BaseSemantic::BaseSemantic): * Modules/webgpu/WHLSL/AST/WHLSLBlock.h: (WebCore::WHLSL::AST::Block::Block): * Modules/webgpu/WHLSL/AST/WHLSLBooleanLiteral.h: (WebCore::WHLSL::AST::BooleanLiteral::BooleanLiteral): (WebCore::WHLSL::AST::BooleanLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLBreak.h: (WebCore::WHLSL::AST::Break::Break): * Modules/webgpu/WHLSL/AST/WHLSLBuiltInSemantic.h: (WebCore::WHLSL::AST::BuiltInSemantic::BuiltInSemantic): * Modules/webgpu/WHLSL/AST/WHLSLCallExpression.h: (WebCore::WHLSL::AST::CallExpression::CallExpression): * Modules/webgpu/WHLSL/AST/WHLSLCommaExpression.h: (WebCore::WHLSL::AST::CommaExpression::CommaExpression): * Modules/webgpu/WHLSL/AST/WHLSLContinue.h: (WebCore::WHLSL::AST::Continue::Continue): * Modules/webgpu/WHLSL/AST/WHLSLDereferenceExpression.h: (WebCore::WHLSL::AST::DereferenceExpression::DereferenceExpression): * Modules/webgpu/WHLSL/AST/WHLSLDoWhileLoop.h: (WebCore::WHLSL::AST::DoWhileLoop::DoWhileLoop): * Modules/webgpu/WHLSL/AST/WHLSLDotExpression.h: (WebCore::WHLSL::AST::DotExpression::DotExpression): * Modules/webgpu/WHLSL/AST/WHLSLEffectfulExpressionStatement.h: (WebCore::WHLSL::AST::EffectfulExpressionStatement::EffectfulExpressionStatement): * Modules/webgpu/WHLSL/AST/WHLSLEnumerationDefinition.h: (WebCore::WHLSL::AST::EnumerationDefinition::EnumerationDefinition): * Modules/webgpu/WHLSL/AST/WHLSLEnumerationMember.h: (WebCore::WHLSL::AST::EnumerationMember::EnumerationMember): (WebCore::WHLSL::AST::EnumerationMember::codeLocation const): * Modules/webgpu/WHLSL/AST/WHLSLEnumerationMemberLiteral.h: (WebCore::WHLSL::AST::EnumerationMemberLiteral::EnumerationMemberLiteral): (WebCore::WHLSL::AST::EnumerationMemberLiteral::wrap): (WebCore::WHLSL::AST::EnumerationMemberLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLExpression.h: (WebCore::WHLSL::AST::Expression::Expression): (WebCore::WHLSL::AST::Expression::codeLocation const): (WebCore::WHLSL::AST::Expression::updateCodeLocation): * Modules/webgpu/WHLSL/AST/WHLSLFallthrough.h: (WebCore::WHLSL::AST::Fallthrough::Fallthrough): * Modules/webgpu/WHLSL/AST/WHLSLFloatLiteral.h: (WebCore::WHLSL::AST::FloatLiteral::FloatLiteral): (WebCore::WHLSL::AST::FloatLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLFloatLiteralType.cpp: (WebCore::WHLSL::AST::FloatLiteralType::FloatLiteralType): (WebCore::WHLSL::AST::FloatLiteralType::clone const): * Modules/webgpu/WHLSL/AST/WHLSLFloatLiteralType.h: * Modules/webgpu/WHLSL/AST/WHLSLForLoop.h: (WebCore::WHLSL::AST::ForLoop::ForLoop): * Modules/webgpu/WHLSL/AST/WHLSLFunctionDeclaration.h: (WebCore::WHLSL::AST::FunctionDeclaration::FunctionDeclaration): (WebCore::WHLSL::AST::FunctionDeclaration::codeLocation const): * Modules/webgpu/WHLSL/AST/WHLSLGlobalVariableReference.h: (WebCore::WHLSL::AST::GlobalVariableReference::GlobalVariableReference): * Modules/webgpu/WHLSL/AST/WHLSLIfStatement.h: (WebCore::WHLSL::AST::IfStatement::IfStatement): * Modules/webgpu/WHLSL/AST/WHLSLIndexExpression.h: (WebCore::WHLSL::AST::IndexExpression::IndexExpression): * Modules/webgpu/WHLSL/AST/WHLSLIntegerLiteral.h: (WebCore::WHLSL::AST::IntegerLiteral::IntegerLiteral): (WebCore::WHLSL::AST::IntegerLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLIntegerLiteralType.cpp: (WebCore::WHLSL::AST::IntegerLiteralType::IntegerLiteralType): (WebCore::WHLSL::AST::IntegerLiteralType::clone const): * Modules/webgpu/WHLSL/AST/WHLSLIntegerLiteralType.h: * Modules/webgpu/WHLSL/AST/WHLSLLogicalExpression.h: (WebCore::WHLSL::AST::LogicalExpression::LogicalExpression): * Modules/webgpu/WHLSL/AST/WHLSLLogicalNotExpression.h: (WebCore::WHLSL::AST::LogicalNotExpression::LogicalNotExpression): * Modules/webgpu/WHLSL/AST/WHLSLMakeArrayReferenceExpression.h: (WebCore::WHLSL::AST::MakeArrayReferenceExpression::MakeArrayReferenceExpression): * Modules/webgpu/WHLSL/AST/WHLSLMakePointerExpression.h: (WebCore::WHLSL::AST::MakePointerExpression::MakePointerExpression): * Modules/webgpu/WHLSL/AST/WHLSLNamedType.h: (WebCore::WHLSL::AST::NamedType::NamedType): (WebCore::WHLSL::AST::NamedType::codeLocation const): (WebCore::WHLSL::AST::NamedType::updateCodeLocation): * Modules/webgpu/WHLSL/AST/WHLSLNativeTypeDeclaration.h: (WebCore::WHLSL::AST::NativeTypeDeclaration::NativeTypeDeclaration): * Modules/webgpu/WHLSL/AST/WHLSLNullLiteral.h: (WebCore::WHLSL::AST::NullLiteral::NullLiteral): (WebCore::WHLSL::AST::NullLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLNumThreadsFunctionAttribute.h: (WebCore::WHLSL::AST::NumThreadsFunctionAttribute::NumThreadsFunctionAttribute): * Modules/webgpu/WHLSL/AST/WHLSLPointerType.h: (WebCore::WHLSL::AST::PointerType::PointerType): * Modules/webgpu/WHLSL/AST/WHLSLPropertyAccessExpression.h: (WebCore::WHLSL::AST::PropertyAccessExpression::PropertyAccessExpression): * Modules/webgpu/WHLSL/AST/WHLSLReadModifyWriteExpression.h: (WebCore::WHLSL::AST::ReadModifyWriteExpression::create): (WebCore::WHLSL::AST::ReadModifyWriteExpression::ReadModifyWriteExpression): * Modules/webgpu/WHLSL/AST/WHLSLReferenceType.h: (WebCore::WHLSL::AST::ReferenceType::ReferenceType): * Modules/webgpu/WHLSL/AST/WHLSLResourceSemantic.h: (WebCore::WHLSL::AST::ResourceSemantic::ResourceSemantic): * Modules/webgpu/WHLSL/AST/WHLSLReturn.h: (WebCore::WHLSL::AST::Return::Return): * Modules/webgpu/WHLSL/AST/WHLSLSpecializationConstantSemantic.h: (WebCore::WHLSL::AST::SpecializationConstantSemantic::SpecializationConstantSemantic): * Modules/webgpu/WHLSL/AST/WHLSLStageInOutSemantic.h: (WebCore::WHLSL::AST::StageInOutSemantic::StageInOutSemantic): * Modules/webgpu/WHLSL/AST/WHLSLStatement.h: (WebCore::WHLSL::AST::Statement::Statement): (WebCore::WHLSL::AST::Statement::codeLocation const): (WebCore::WHLSL::AST::Statement::updateCodeLocation): * Modules/webgpu/WHLSL/AST/WHLSLStatementList.h: (WebCore::WHLSL::AST::StatementList::StatementList): * Modules/webgpu/WHLSL/AST/WHLSLStructureDefinition.h: (WebCore::WHLSL::AST::StructureDefinition::StructureDefinition): * Modules/webgpu/WHLSL/AST/WHLSLStructureElement.h: (WebCore::WHLSL::AST::StructureElement::StructureElement): (WebCore::WHLSL::AST::StructureElement::codeLocation const): * Modules/webgpu/WHLSL/AST/WHLSLSwitchCase.h: (WebCore::WHLSL::AST::SwitchCase::SwitchCase): * Modules/webgpu/WHLSL/AST/WHLSLSwitchStatement.h: (WebCore::WHLSL::AST::SwitchStatement::SwitchStatement): * Modules/webgpu/WHLSL/AST/WHLSLTernaryExpression.h: (WebCore::WHLSL::AST::TernaryExpression::TernaryExpression): * Modules/webgpu/WHLSL/AST/WHLSLTrap.h: (WebCore::WHLSL::AST::Trap::Trap): * Modules/webgpu/WHLSL/AST/WHLSLTypeDefinition.h: (WebCore::WHLSL::AST::TypeDefinition::TypeDefinition): * Modules/webgpu/WHLSL/AST/WHLSLTypeReference.cpp: (WebCore::WHLSL::AST::TypeReference::wrap): * Modules/webgpu/WHLSL/AST/WHLSLTypeReference.h: (WebCore::WHLSL::AST::TypeReference::TypeReference): (WebCore::WHLSL::AST::TypeReference::cloneTypeReference const): * Modules/webgpu/WHLSL/AST/WHLSLUnnamedType.h: (WebCore::WHLSL::AST::UnnamedType::UnnamedType): (WebCore::WHLSL::AST::UnnamedType::codeLocation const): * Modules/webgpu/WHLSL/AST/WHLSLUnsignedIntegerLiteral.h: (WebCore::WHLSL::AST::UnsignedIntegerLiteral::UnsignedIntegerLiteral): (WebCore::WHLSL::AST::UnsignedIntegerLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLUnsignedIntegerLiteralType.cpp: (WebCore::WHLSL::AST::UnsignedIntegerLiteralType::UnsignedIntegerLiteralType): (WebCore::WHLSL::AST::UnsignedIntegerLiteralType::clone const): * Modules/webgpu/WHLSL/AST/WHLSLUnsignedIntegerLiteralType.h: * Modules/webgpu/WHLSL/AST/WHLSLVariableDeclaration.h: * Modules/webgpu/WHLSL/AST/WHLSLVariableDeclarationsStatement.h: (WebCore::WHLSL::AST::VariableDeclarationsStatement::VariableDeclarationsStatement): * Modules/webgpu/WHLSL/AST/WHLSLVariableReference.h: (WebCore::WHLSL::AST::VariableReference::VariableReference): (WebCore::WHLSL::AST::VariableReference::wrap): * Modules/webgpu/WHLSL/AST/WHLSLWhileLoop.h: (WebCore::WHLSL::AST::WhileLoop::WhileLoop): * Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.cpp: (WebCore::WHLSL::AutoInitialize::visit): * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::resolveWithOperatorAnderIndexer): (WebCore::WHLSL::resolveWithOperatorLength): (WebCore::WHLSL::resolveWithReferenceComparator): (WebCore::WHLSL::resolveByInstantiation): (WebCore::WHLSL::resolveFunction): (WebCore::WHLSL::Checker::visit): (WebCore::WHLSL::argumentTypeForAndOverload): (WebCore::WHLSL::Checker::finishVisiting): * Modules/webgpu/WHLSL/WHLSLInferTypes.cpp: (WebCore::WHLSL::matchAndCommit): * Modules/webgpu/WHLSL/WHLSLLexer.cpp: (WebCore::WHLSL::Token::typeName): (WebCore::WHLSL::Lexer::consumeTokenFromStream): * Modules/webgpu/WHLSL/WHLSLLexer.h: (WebCore::WHLSL::AST::CodeLocation::CodeLocation): (WebCore::WHLSL::AST::CodeLocation::startOffset const): (WebCore::WHLSL::AST::CodeLocation::endOffset const): (WebCore::WHLSL::Token::startOffset const): (WebCore::WHLSL::Lexer::errorString): (WebCore::WHLSL::Token::stringView const): * Modules/webgpu/WHLSL/WHLSLNameResolver.cpp: (WebCore::WHLSL::NameResolver::visit): * Modules/webgpu/WHLSL/WHLSLParser.cpp: (WebCore::WHLSL::Parser::parse): (WebCore::WHLSL::Parser::peek): (WebCore::WHLSL::Parser::peekFurther): (WebCore::WHLSL::Types::includes): (WebCore::WHLSL::Types::appendNameTo): (WebCore::WHLSL::Types<t>::includes): (WebCore::WHLSL::Types<t>::appendNameTo): (WebCore::WHLSL::Parser::peekType): (WebCore::WHLSL::Parser::tryType): (WebCore::WHLSL::Parser::tryTypes): (WebCore::WHLSL::Parser::consumeType): (WebCore::WHLSL::Parser::consumeTypes): (WebCore::WHLSL::Parser::consumeIntegralLiteral): (WebCore::WHLSL::Parser::parseConstantExpression): (WebCore::WHLSL::Parser::parseTypeArgument): (WebCore::WHLSL::Parser::parseTypeArguments): (WebCore::WHLSL::Parser::parseTypeSuffixAbbreviated): (WebCore::WHLSL::Parser::parseTypeSuffixNonAbbreviated): (WebCore::WHLSL::Parser::parseType): (WebCore::WHLSL::Parser::parseTypeDefinition): (WebCore::WHLSL::Parser::parseBuiltInSemantic): (WebCore::WHLSL::Parser::parseResourceSemantic): (WebCore::WHLSL::Parser::parseSpecializationConstantSemantic): (WebCore::WHLSL::Parser::parseStageInOutSemantic): (WebCore::WHLSL::Parser::parseSemantic): (WebCore::WHLSL::Parser::parseQualifiers): (WebCore::WHLSL::Parser::parseStructureElement): (WebCore::WHLSL::Parser::parseStructureDefinition): (WebCore::WHLSL::Parser::parseEnumerationDefinition): (WebCore::WHLSL::Parser::parseEnumerationMember): (WebCore::WHLSL::Parser::parseNativeTypeDeclaration): (WebCore::WHLSL::Parser::parseNumThreadsFunctionAttribute): (WebCore::WHLSL::Parser::parseAttributeBlock): (WebCore::WHLSL::Parser::parseParameter): (WebCore::WHLSL::Parser::parseParameters): (WebCore::WHLSL::Parser::parseComputeFunctionDeclaration): (WebCore::WHLSL::Parser::parseVertexOrFragmentFunctionDeclaration): (WebCore::WHLSL::Parser::parseRegularFunctionDeclaration): (WebCore::WHLSL::Parser::parseOperatorFunctionDeclaration): (WebCore::WHLSL::Parser::parseFunctionDeclaration): (WebCore::WHLSL::Parser::parseBlock): (WebCore::WHLSL::Parser::parseBlockBody): (WebCore::WHLSL::Parser::parseIfStatement): (WebCore::WHLSL::Parser::parseSwitchStatement): (WebCore::WHLSL::Parser::parseSwitchCase): (WebCore::WHLSL::Parser::parseForLoop): (WebCore::WHLSL::Parser::parseWhileLoop): (WebCore::WHLSL::Parser::parseDoWhileLoop): (WebCore::WHLSL::Parser::parseVariableDeclaration): (WebCore::WHLSL::Parser::parseVariableDeclarations): (WebCore::WHLSL::Parser::parseStatement): (WebCore::WHLSL::Parser::parseEffectfulExpression): (WebCore::WHLSL::Parser::parseEffectfulAssignment): (WebCore::WHLSL::Parser::parseLimitedSuffixOperator): (WebCore::WHLSL::Parser::parseSuffixOperator): (WebCore::WHLSL::Parser::parseExpression): (WebCore::WHLSL::Parser::completeTernaryConditional): (WebCore::WHLSL::Parser::completeAssignment): (WebCore::WHLSL::Parser::parsePossibleTernaryConditional): (WebCore::WHLSL::Parser::completePossibleLogicalBinaryOperation): (WebCore::WHLSL::Parser::completePossibleRelationalBinaryOperation): (WebCore::WHLSL::Parser::completePossibleShift): (WebCore::WHLSL::Parser::completePossibleAdd): (WebCore::WHLSL::Parser::completePossibleMultiply): (WebCore::WHLSL::Parser::parsePossiblePrefix): (WebCore::WHLSL::Parser::parsePossibleSuffix): (WebCore::WHLSL::Parser::parseCallExpression): (WebCore::WHLSL::Parser::parseTerm): * Modules/webgpu/WHLSL/WHLSLParser.h: * Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp: (WebCore::WHLSL::anonymousToken): (WebCore::WHLSL::PreserveLifetimes::PreserveLifetimes): (WebCore::WHLSL::PreserveLifetimes::assignVariableIntoStruct): (WebCore::WHLSL::preserveVariableLifetimes): * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: (WebCore::WHLSL::PropertyResolver::visit): (WebCore::WHLSL::wrapAnderCallArgument): (WebCore::WHLSL::setterCall): (WebCore::WHLSL::getterCall): (WebCore::WHLSL::modify): (WebCore::WHLSL::PropertyResolver::simplifyRightValue): (WebCore::WHLSL::LeftValueSimplifier::finishVisiting): * Modules/webgpu/WHLSL/WHLSLSynthesizeArrayOperatorLength.cpp: (WebCore::WHLSL::synthesizeArrayOperatorLength): * Modules/webgpu/WHLSL/WHLSLSynthesizeConstructors.cpp: (WebCore::WHLSL::synthesizeConstructors): * Modules/webgpu/WHLSL/WHLSLSynthesizeEnumerationFunctions.cpp: (WebCore::WHLSL::synthesizeEnumerationFunctions): * Modules/webgpu/WHLSL/WHLSLSynthesizeStructureAccessors.cpp: (WebCore::WHLSL::synthesizeStructureAccessors): 2019-07-10 Ryosuke Niwa <rniwa@webkit.org> [iOS] REGRESSION(r244851): Revealing caret sometimes fails when content inset is used https://bugs.webkit.org/show_bug.cgi?id=199662 Reviewed by Simon Fraser. The bug was caused by ScrollableArea::maximumScrollPosition using ScrollableArea::visibleSize, which does not take the content insets into account correctly, rather than FrameView::visualViewportRectExpandedByContentInsets, which does, and is used for "viewRect" in RenderLayer::scrollRectToVisible. Override the maximum scroll position using visualViewportRectExpandedByContentInsets in iOS to fix the issue. Test: editing/selection/ios/autoscroll-with-top-content-inset-2.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollRectToVisible): Fixed the bug. 2019-07-10 Ryan Haddad <ryanhaddad@apple.com> Unreviewed, rolling out r247316. Broke Mojave build Reverted changeset: "[WHLSL] Track code locations correctly throughout the compiler to get good error messages" https://bugs.webkit.org/show_bug.cgi?id=199675 https://trac.webkit.org/changeset/247316 2019-07-10 Alex Christensen <achristensen@webkit.org> Allow CMake to build WebCore on Mac https://bugs.webkit.org/show_bug.cgi?id=198979 Reviewed by Don Olmstead. * Modules/websockets/ThreadableWebSocketChannel.cpp: (WebCore::ThreadableWebSocketChannel::validateURL): * PlatformMac.cmake: * platform/cocoa/VideoFullscreenModelVideoElement.mm: * platform/ios/WebItemProviderPasteboard.h: 2019-07-10 Chris Dumez <cdumez@apple.com> Unreviewed, rolling out r247292. Caused CloseWebViewDuringEnterFullscreen.VideoFullscreen API test to time out on Mojave bots Reverted changeset: "Stop using GenericTaskQueue from multiple threads" https://bugs.webkit.org/show_bug.cgi?id=199652 https://trac.webkit.org/changeset/247292 2019-07-10 Robin Morisset <rmorisset@apple.com> [WHLSL] Track code locations correctly throughout the compiler to get good error messages https://bugs.webkit.org/show_bug.cgi?id=199675 Reviewed by Myles Maxfield. The basic idea is to go from having each AST node contain its own token to having each AST node contain a pair of offsets into the source, the offset before its start and the offset after its end. This will let us get good error messages. As a bonus, it saves a bit of memory as Tokens are larger (one extra word for their type). The new CodeLocation class is put in Lexer.h, because it has a cyclic dependency on Token, which also has a cyclic dependency on Lexer. No new tests as there is no intended functional change. * Modules/webgpu/WHLSL/AST/WHLSLArrayReferenceType.h: (WebCore::WHLSL::AST::ArrayReferenceType::ArrayReferenceType): * Modules/webgpu/WHLSL/AST/WHLSLArrayType.h: (WebCore::WHLSL::AST::ArrayType::ArrayType): * Modules/webgpu/WHLSL/AST/WHLSLAssignmentExpression.h: (WebCore::WHLSL::AST::AssignmentExpression::AssignmentExpression): * Modules/webgpu/WHLSL/AST/WHLSLBaseFunctionAttribute.h: (WebCore::WHLSL::AST::BaseFunctionAttribute::BaseFunctionAttribute): * Modules/webgpu/WHLSL/AST/WHLSLBaseSemantic.h: (WebCore::WHLSL::AST::BaseSemantic::BaseSemantic): * Modules/webgpu/WHLSL/AST/WHLSLBlock.h: (WebCore::WHLSL::AST::Block::Block): * Modules/webgpu/WHLSL/AST/WHLSLBooleanLiteral.h: (WebCore::WHLSL::AST::BooleanLiteral::BooleanLiteral): (WebCore::WHLSL::AST::BooleanLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLBreak.h: (WebCore::WHLSL::AST::Break::Break): * Modules/webgpu/WHLSL/AST/WHLSLBuiltInSemantic.h: (WebCore::WHLSL::AST::BuiltInSemantic::BuiltInSemantic): * Modules/webgpu/WHLSL/AST/WHLSLCallExpression.h: (WebCore::WHLSL::AST::CallExpression::CallExpression): * Modules/webgpu/WHLSL/AST/WHLSLCommaExpression.h: (WebCore::WHLSL::AST::CommaExpression::CommaExpression): * Modules/webgpu/WHLSL/AST/WHLSLContinue.h: (WebCore::WHLSL::AST::Continue::Continue): * Modules/webgpu/WHLSL/AST/WHLSLDereferenceExpression.h: (WebCore::WHLSL::AST::DereferenceExpression::DereferenceExpression): * Modules/webgpu/WHLSL/AST/WHLSLDoWhileLoop.h: (WebCore::WHLSL::AST::DoWhileLoop::DoWhileLoop): * Modules/webgpu/WHLSL/AST/WHLSLDotExpression.h: (WebCore::WHLSL::AST::DotExpression::DotExpression): * Modules/webgpu/WHLSL/AST/WHLSLEffectfulExpressionStatement.h: (WebCore::WHLSL::AST::EffectfulExpressionStatement::EffectfulExpressionStatement): * Modules/webgpu/WHLSL/AST/WHLSLEnumerationDefinition.h: (WebCore::WHLSL::AST::EnumerationDefinition::EnumerationDefinition): * Modules/webgpu/WHLSL/AST/WHLSLEnumerationMember.h: (WebCore::WHLSL::AST::EnumerationMember::EnumerationMember): (WebCore::WHLSL::AST::EnumerationMember::codeLocation const): * Modules/webgpu/WHLSL/AST/WHLSLEnumerationMemberLiteral.h: (WebCore::WHLSL::AST::EnumerationMemberLiteral::EnumerationMemberLiteral): (WebCore::WHLSL::AST::EnumerationMemberLiteral::wrap): (WebCore::WHLSL::AST::EnumerationMemberLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLExpression.h: (WebCore::WHLSL::AST::Expression::Expression): (WebCore::WHLSL::AST::Expression::codeLocation const): (WebCore::WHLSL::AST::Expression::updateCodeLocation): * Modules/webgpu/WHLSL/AST/WHLSLFallthrough.h: (WebCore::WHLSL::AST::Fallthrough::Fallthrough): * Modules/webgpu/WHLSL/AST/WHLSLFloatLiteral.h: (WebCore::WHLSL::AST::FloatLiteral::FloatLiteral): (WebCore::WHLSL::AST::FloatLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLFloatLiteralType.cpp: (WebCore::WHLSL::AST::FloatLiteralType::FloatLiteralType): (WebCore::WHLSL::AST::FloatLiteralType::clone const): * Modules/webgpu/WHLSL/AST/WHLSLFloatLiteralType.h: * Modules/webgpu/WHLSL/AST/WHLSLForLoop.h: (WebCore::WHLSL::AST::ForLoop::ForLoop): * Modules/webgpu/WHLSL/AST/WHLSLFunctionDeclaration.h: (WebCore::WHLSL::AST::FunctionDeclaration::FunctionDeclaration): (WebCore::WHLSL::AST::FunctionDeclaration::codeLocation const): * Modules/webgpu/WHLSL/AST/WHLSLGlobalVariableReference.h: (WebCore::WHLSL::AST::GlobalVariableReference::GlobalVariableReference): * Modules/webgpu/WHLSL/AST/WHLSLIfStatement.h: (WebCore::WHLSL::AST::IfStatement::IfStatement): * Modules/webgpu/WHLSL/AST/WHLSLIndexExpression.h: (WebCore::WHLSL::AST::IndexExpression::IndexExpression): * Modules/webgpu/WHLSL/AST/WHLSLIntegerLiteral.h: (WebCore::WHLSL::AST::IntegerLiteral::IntegerLiteral): (WebCore::WHLSL::AST::IntegerLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLIntegerLiteralType.cpp: (WebCore::WHLSL::AST::IntegerLiteralType::IntegerLiteralType): (WebCore::WHLSL::AST::IntegerLiteralType::clone const): * Modules/webgpu/WHLSL/AST/WHLSLIntegerLiteralType.h: * Modules/webgpu/WHLSL/AST/WHLSLLogicalExpression.h: (WebCore::WHLSL::AST::LogicalExpression::LogicalExpression): * Modules/webgpu/WHLSL/AST/WHLSLLogicalNotExpression.h: (WebCore::WHLSL::AST::LogicalNotExpression::LogicalNotExpression): * Modules/webgpu/WHLSL/AST/WHLSLMakeArrayReferenceExpression.h: (WebCore::WHLSL::AST::MakeArrayReferenceExpression::MakeArrayReferenceExpression): * Modules/webgpu/WHLSL/AST/WHLSLMakePointerExpression.h: (WebCore::WHLSL::AST::MakePointerExpression::MakePointerExpression): * Modules/webgpu/WHLSL/AST/WHLSLNamedType.h: (WebCore::WHLSL::AST::NamedType::NamedType): (WebCore::WHLSL::AST::NamedType::codeLocation const): (WebCore::WHLSL::AST::NamedType::updateCodeLocation): * Modules/webgpu/WHLSL/AST/WHLSLNativeTypeDeclaration.h: (WebCore::WHLSL::AST::NativeTypeDeclaration::NativeTypeDeclaration): * Modules/webgpu/WHLSL/AST/WHLSLNullLiteral.h: (WebCore::WHLSL::AST::NullLiteral::NullLiteral): (WebCore::WHLSL::AST::NullLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLNumThreadsFunctionAttribute.h: (WebCore::WHLSL::AST::NumThreadsFunctionAttribute::NumThreadsFunctionAttribute): * Modules/webgpu/WHLSL/AST/WHLSLPointerType.h: (WebCore::WHLSL::AST::PointerType::PointerType): * Modules/webgpu/WHLSL/AST/WHLSLPropertyAccessExpression.h: (WebCore::WHLSL::AST::PropertyAccessExpression::PropertyAccessExpression): * Modules/webgpu/WHLSL/AST/WHLSLReadModifyWriteExpression.h: (WebCore::WHLSL::AST::ReadModifyWriteExpression::create): (WebCore::WHLSL::AST::ReadModifyWriteExpression::ReadModifyWriteExpression): * Modules/webgpu/WHLSL/AST/WHLSLReferenceType.h: (WebCore::WHLSL::AST::ReferenceType::ReferenceType): * Modules/webgpu/WHLSL/AST/WHLSLResourceSemantic.h: (WebCore::WHLSL::AST::ResourceSemantic::ResourceSemantic): * Modules/webgpu/WHLSL/AST/WHLSLReturn.h: (WebCore::WHLSL::AST::Return::Return): * Modules/webgpu/WHLSL/AST/WHLSLSpecializationConstantSemantic.h: (WebCore::WHLSL::AST::SpecializationConstantSemantic::SpecializationConstantSemantic): * Modules/webgpu/WHLSL/AST/WHLSLStageInOutSemantic.h: (WebCore::WHLSL::AST::StageInOutSemantic::StageInOutSemantic): * Modules/webgpu/WHLSL/AST/WHLSLStatement.h: (WebCore::WHLSL::AST::Statement::Statement): (WebCore::WHLSL::AST::Statement::codeLocation const): (WebCore::WHLSL::AST::Statement::updateCodeLocation): * Modules/webgpu/WHLSL/AST/WHLSLStatementList.h: (WebCore::WHLSL::AST::StatementList::StatementList): * Modules/webgpu/WHLSL/AST/WHLSLStructureDefinition.h: (WebCore::WHLSL::AST::StructureDefinition::StructureDefinition): * Modules/webgpu/WHLSL/AST/WHLSLStructureElement.h: (WebCore::WHLSL::AST::StructureElement::StructureElement): (WebCore::WHLSL::AST::StructureElement::codeLocation const): * Modules/webgpu/WHLSL/AST/WHLSLSwitchCase.h: (WebCore::WHLSL::AST::SwitchCase::SwitchCase): * Modules/webgpu/WHLSL/AST/WHLSLSwitchStatement.h: (WebCore::WHLSL::AST::SwitchStatement::SwitchStatement): * Modules/webgpu/WHLSL/AST/WHLSLTernaryExpression.h: (WebCore::WHLSL::AST::TernaryExpression::TernaryExpression): * Modules/webgpu/WHLSL/AST/WHLSLTrap.h: (WebCore::WHLSL::AST::Trap::Trap): * Modules/webgpu/WHLSL/AST/WHLSLTypeDefinition.h: (WebCore::WHLSL::AST::TypeDefinition::TypeDefinition): * Modules/webgpu/WHLSL/AST/WHLSLTypeReference.cpp: (WebCore::WHLSL::AST::TypeReference::wrap): * Modules/webgpu/WHLSL/AST/WHLSLTypeReference.h: (WebCore::WHLSL::AST::TypeReference::TypeReference): (WebCore::WHLSL::AST::TypeReference::cloneTypeReference const): * Modules/webgpu/WHLSL/AST/WHLSLUnnamedType.h: (WebCore::WHLSL::AST::UnnamedType::UnnamedType): (WebCore::WHLSL::AST::UnnamedType::codeLocation const): * Modules/webgpu/WHLSL/AST/WHLSLUnsignedIntegerLiteral.h: (WebCore::WHLSL::AST::UnsignedIntegerLiteral::UnsignedIntegerLiteral): (WebCore::WHLSL::AST::UnsignedIntegerLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLUnsignedIntegerLiteralType.cpp: (WebCore::WHLSL::AST::UnsignedIntegerLiteralType::UnsignedIntegerLiteralType): (WebCore::WHLSL::AST::UnsignedIntegerLiteralType::clone const): * Modules/webgpu/WHLSL/AST/WHLSLUnsignedIntegerLiteralType.h: * Modules/webgpu/WHLSL/AST/WHLSLVariableDeclaration.h: * Modules/webgpu/WHLSL/AST/WHLSLVariableDeclarationsStatement.h: (WebCore::WHLSL::AST::VariableDeclarationsStatement::VariableDeclarationsStatement): * Modules/webgpu/WHLSL/AST/WHLSLVariableReference.h: (WebCore::WHLSL::AST::VariableReference::VariableReference): (WebCore::WHLSL::AST::VariableReference::wrap): * Modules/webgpu/WHLSL/AST/WHLSLWhileLoop.h: (WebCore::WHLSL::AST::WhileLoop::WhileLoop): * Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.cpp: (WebCore::WHLSL::AutoInitialize::visit): * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::resolveWithOperatorAnderIndexer): (WebCore::WHLSL::resolveWithOperatorLength): (WebCore::WHLSL::resolveWithReferenceComparator): (WebCore::WHLSL::resolveByInstantiation): (WebCore::WHLSL::resolveFunction): (WebCore::WHLSL::Checker::visit): (WebCore::WHLSL::argumentTypeForAndOverload): (WebCore::WHLSL::Checker::finishVisiting): * Modules/webgpu/WHLSL/WHLSLInferTypes.cpp: (WebCore::WHLSL::matchAndCommit): * Modules/webgpu/WHLSL/WHLSLLexer.cpp: (WebCore::WHLSL::Token::typeName): (WebCore::WHLSL::Lexer::consumeTokenFromStream): * Modules/webgpu/WHLSL/WHLSLLexer.h: (WebCore::WHLSL::AST::CodeLocation::CodeLocation): (WebCore::WHLSL::AST::CodeLocation::startOffset const): (WebCore::WHLSL::AST::CodeLocation::endOffset const): (WebCore::WHLSL::Token::startOffset const): (WebCore::WHLSL::Lexer::errorString): (WebCore::WHLSL::Token::stringView const): * Modules/webgpu/WHLSL/WHLSLNameResolver.cpp: (WebCore::WHLSL::NameResolver::visit): * Modules/webgpu/WHLSL/WHLSLParser.cpp: (WebCore::WHLSL::Parser::parse): (WebCore::WHLSL::Parser::peek): (WebCore::WHLSL::Parser::peekFurther): (WebCore::WHLSL::Types::includes): (WebCore::WHLSL::Types::appendNameTo): (WebCore::WHLSL::Types<t>::includes): (WebCore::WHLSL::Types<t>::appendNameTo): (WebCore::WHLSL::Parser::peekType): (WebCore::WHLSL::Parser::tryType): (WebCore::WHLSL::Parser::tryTypes): (WebCore::WHLSL::Parser::consumeType): (WebCore::WHLSL::Parser::consumeTypes): (WebCore::WHLSL::Parser::consumeIntegralLiteral): (WebCore::WHLSL::Parser::parseConstantExpression): (WebCore::WHLSL::Parser::parseTypeArgument): (WebCore::WHLSL::Parser::parseTypeArguments): (WebCore::WHLSL::Parser::parseTypeSuffixAbbreviated): (WebCore::WHLSL::Parser::parseTypeSuffixNonAbbreviated): (WebCore::WHLSL::Parser::parseType): (WebCore::WHLSL::Parser::parseTypeDefinition): (WebCore::WHLSL::Parser::parseBuiltInSemantic): (WebCore::WHLSL::Parser::parseResourceSemantic): (WebCore::WHLSL::Parser::parseSpecializationConstantSemantic): (WebCore::WHLSL::Parser::parseStageInOutSemantic): (WebCore::WHLSL::Parser::parseSemantic): (WebCore::WHLSL::Parser::parseQualifiers): (WebCore::WHLSL::Parser::parseStructureElement): (WebCore::WHLSL::Parser::parseStructureDefinition): (WebCore::WHLSL::Parser::parseEnumerationDefinition): (WebCore::WHLSL::Parser::parseEnumerationMember): (WebCore::WHLSL::Parser::parseNativeTypeDeclaration): (WebCore::WHLSL::Parser::parseNumThreadsFunctionAttribute): (WebCore::WHLSL::Parser::parseAttributeBlock): (WebCore::WHLSL::Parser::parseParameter): (WebCore::WHLSL::Parser::parseParameters): (WebCore::WHLSL::Parser::parseComputeFunctionDeclaration): (WebCore::WHLSL::Parser::parseVertexOrFragmentFunctionDeclaration): (WebCore::WHLSL::Parser::parseRegularFunctionDeclaration): (WebCore::WHLSL::Parser::parseOperatorFunctionDeclaration): (WebCore::WHLSL::Parser::parseFunctionDeclaration): (WebCore::WHLSL::Parser::parseBlock): (WebCore::WHLSL::Parser::parseBlockBody): (WebCore::WHLSL::Parser::parseIfStatement): (WebCore::WHLSL::Parser::parseSwitchStatement): (WebCore::WHLSL::Parser::parseSwitchCase): (WebCore::WHLSL::Parser::parseForLoop): (WebCore::WHLSL::Parser::parseWhileLoop): (WebCore::WHLSL::Parser::parseDoWhileLoop): (WebCore::WHLSL::Parser::parseVariableDeclaration): (WebCore::WHLSL::Parser::parseVariableDeclarations): (WebCore::WHLSL::Parser::parseStatement): (WebCore::WHLSL::Parser::parseEffectfulExpression): (WebCore::WHLSL::Parser::parseEffectfulAssignment): (WebCore::WHLSL::Parser::parseLimitedSuffixOperator): (WebCore::WHLSL::Parser::parseSuffixOperator): (WebCore::WHLSL::Parser::parseExpression): (WebCore::WHLSL::Parser::completeTernaryConditional): (WebCore::WHLSL::Parser::completeAssignment): (WebCore::WHLSL::Parser::parsePossibleTernaryConditional): (WebCore::WHLSL::Parser::completePossibleLogicalBinaryOperation): (WebCore::WHLSL::Parser::completePossibleRelationalBinaryOperation): (WebCore::WHLSL::Parser::completePossibleShift): (WebCore::WHLSL::Parser::completePossibleAdd): (WebCore::WHLSL::Parser::completePossibleMultiply): (WebCore::WHLSL::Parser::parsePossiblePrefix): (WebCore::WHLSL::Parser::parsePossibleSuffix): (WebCore::WHLSL::Parser::parseCallExpression): (WebCore::WHLSL::Parser::parseTerm): * Modules/webgpu/WHLSL/WHLSLParser.h: * Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp: (WebCore::WHLSL::anonymousToken): (WebCore::WHLSL::PreserveLifetimes::PreserveLifetimes): (WebCore::WHLSL::PreserveLifetimes::assignVariableIntoStruct): (WebCore::WHLSL::preserveVariableLifetimes): * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: (WebCore::WHLSL::PropertyResolver::visit): (WebCore::WHLSL::wrapAnderCallArgument): (WebCore::WHLSL::setterCall): (WebCore::WHLSL::getterCall): (WebCore::WHLSL::modify): (WebCore::WHLSL::PropertyResolver::simplifyRightValue): (WebCore::WHLSL::LeftValueSimplifier::finishVisiting): * Modules/webgpu/WHLSL/WHLSLSynthesizeArrayOperatorLength.cpp: (WebCore::WHLSL::synthesizeArrayOperatorLength): * Modules/webgpu/WHLSL/WHLSLSynthesizeConstructors.cpp: (WebCore::WHLSL::synthesizeConstructors): * Modules/webgpu/WHLSL/WHLSLSynthesizeEnumerationFunctions.cpp: (WebCore::WHLSL::synthesizeEnumerationFunctions): * Modules/webgpu/WHLSL/WHLSLSynthesizeStructureAccessors.cpp: (WebCore::WHLSL::synthesizeStructureAccessors): 2019-07-10 Kenneth Russell <kbr@chromium.org> Hook up WebGL's back buffer in ANGLE backend on macOS https://bugs.webkit.org/show_bug.cgi?id=198982 Reviewed by Alex Christensen. Fix a few places which were accidentally calling desktop OpenGL rather than ANGLE. Fix some calls which were using ANGLE's OpenGL ES 3.0 entry points rather than the OpenGL ES 2.0 extension APIs, causing them to generate errors in WebGL 1.0's backend. Change Extensions3DANGLE to use ANGLE's requestable extension mechanism. Fix framebuffer setup when using ANGLE for WebGL 1.0 contexts, for both antialias:true and false. Remove ANGLEWebKitBridge in ANGLE backend. It interfered with the correct operation of ANGLE's internal shader compiler, and was unnecessary given the use of ANGLE. Remove all manual shader name hashing and mapping in ANGLE backend. Tested with parts of the WebGL conformance suite and the San Angeles demo, which now runs properly with WebKit's ANGLE backend for WebGL. * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::getProgramParameter): (WebCore::WebGLRenderingContextBase::getUniformLocation): (WebCore::WebGLRenderingContextBase::linkProgramWithoutInvalidatingAttribLocations): * platform/graphics/GraphicsContext3D.h: * platform/graphics/angle/Extensions3DANGLE.cpp: (WebCore::Extensions3DANGLE::Extensions3DANGLE): (WebCore::Extensions3DANGLE::supports): (WebCore::Extensions3DANGLE::ensureEnabled): (WebCore::Extensions3DANGLE::isEnabled): (WebCore::Extensions3DANGLE::getTranslatedShaderSourceANGLE): (WebCore::Extensions3DANGLE::initializeAvailableExtensions): (WebCore::Extensions3DANGLE::blitFramebuffer): (WebCore::Extensions3DANGLE::renderbufferStorageMultisample): (WebCore::Extensions3DANGLE::createVertexArrayOES): (WebCore::Extensions3DANGLE::deleteVertexArrayOES): (WebCore::Extensions3DANGLE::isVertexArrayOES): (WebCore::Extensions3DANGLE::bindVertexArrayOES): (WebCore::Extensions3DANGLE::supportsExtension): (WebCore::Extensions3DANGLE::drawBuffersEXT): (WebCore::Extensions3DANGLE::drawArraysInstanced): (WebCore::Extensions3DANGLE::drawElementsInstanced): (WebCore::Extensions3DANGLE::vertexAttribDivisor): * platform/graphics/angle/Extensions3DANGLE.h: * platform/graphics/angle/GraphicsContext3DANGLE.cpp: (WebCore::GraphicsContext3D::validateAttributes): (WebCore::GraphicsContext3D::reshapeFBOs): (WebCore::GraphicsContext3D::attachDepthAndStencilBufferIfNeeded): (WebCore::GraphicsContext3D::resolveMultisamplingIfNecessary): (WebCore::GraphicsContext3D::validateDepthStencil): (WebCore::GraphicsContext3D::prepareTexture): (WebCore::GraphicsContext3D::attachShader): (WebCore::GraphicsContext3D::bindAttribLocation): (WebCore::GraphicsContext3D::compileShader): (WebCore::GraphicsContext3D::compileShaderDirect): (WebCore::GraphicsContext3D::detachShader): (WebCore::GraphicsContext3D::getActiveAttribImpl): (WebCore::GraphicsContext3D::getActiveAttrib): (WebCore::GraphicsContext3D::getActiveUniformImpl): (WebCore::GraphicsContext3D::getActiveUniform): (WebCore::GraphicsContext3D::getAttribLocation): (WebCore::GraphicsContext3D::getAttribLocationDirect): (WebCore::GraphicsContext3D::moveErrorsToSyntheticErrorList): (WebCore::GraphicsContext3D::linkProgram): (WebCore::GraphicsContext3D::shaderSource): (WebCore::GraphicsContext3D::getUnmangledInfoLog): (WebCore::GraphicsContext3D::getShaderiv): (WebCore::GraphicsContext3D::getShaderInfoLog): (WebCore::GraphicsContext3D::getUniformLocation): (WebCore::GraphicsContext3D::createBuffer): (WebCore::GraphicsContext3D::createFramebuffer): (WebCore::GraphicsContext3D::createProgram): (WebCore::GraphicsContext3D::createRenderbuffer): (WebCore::GraphicsContext3D::createShader): (WebCore::GraphicsContext3D::createTexture): (WebCore::GraphicsContext3D::deleteBuffer): (WebCore::GraphicsContext3D::deleteFramebuffer): (WebCore::GraphicsContext3D::deleteProgram): (WebCore::GraphicsContext3D::deleteRenderbuffer): (WebCore::GraphicsContext3D::deleteShader): (WebCore::GraphicsContext3D::deleteTexture): (WebCore::GraphicsContext3D::synthesizeGLError): (): Deleted. (WebCore::setCurrentNameHashMapForShader): Deleted. (WebCore::nameHashForShader): Deleted. (WebCore::GraphicsContext3D::checkVaryingsPacking const): Deleted. (WebCore::GraphicsContext3D::precisionsMatch const): Deleted. (WebCore::generateHashedName): Deleted. (WebCore::GraphicsContext3D::mappedSymbolInShaderSourceMap): Deleted. (WebCore::GraphicsContext3D::mappedSymbolName): Deleted. (WebCore::GraphicsContext3D::originalSymbolInShaderSourceMap): Deleted. (WebCore::GraphicsContext3D::originalSymbolName): Deleted. (WebCore::GraphicsContext3D::getNonBuiltInActiveSymbolCount): Deleted. (WebCore::GraphicsContext3D::getShaderSource): Deleted. * platform/graphics/cocoa/GraphicsContext3DCocoa.mm: (WebCore::GraphicsContext3D::GraphicsContext3D): (WebCore::GraphicsContext3D::~GraphicsContext3D): (WebCore::GraphicsContext3D::makeContextCurrent): (WebCore::GraphicsContext3D::checkGPUStatus): (WebCore::GraphicsContext3D::allocateIOSurfaceBackingStore): (WebCore::GraphicsContext3D::updateFramebufferTextureBackingStoreFromLayer): * platform/graphics/cocoa/WebGLLayer.h: * platform/graphics/cocoa/WebGLLayer.mm: (-[WebGLLayer initWithGraphicsContext3D:]): (-[WebGLLayer copyImageSnapshotWithColorSpace:]): (-[WebGLLayer display]): (-[WebGLLayer setEGLDisplay:andConfig:]): (-[WebGLLayer dealloc]): (-[WebGLLayer allocateIOSurfaceBackingStoreWithSize:usingAlpha:]): (-[WebGLLayer bindFramebufferToNextAvailableSurface]): 2019-07-10 Youenn Fablet <youenn@apple.com> openDatabase property should not be enumerable on DOMWindow https://bugs.webkit.org/show_bug.cgi?id=199672 <rdar://problem/52809000> Reviewed by Chris Dumez. Test: storage/websql/openDatabase-deprecation.html * Modules/webdatabase/DOMWindowWebDatabase.idl: 2019-07-10 Chris Dumez <cdumez@apple.com> Fix unsafe usage of makeWeakPtr() in CMTimebaseEffectiveRateChangedCallback() https://bugs.webkit.org/show_bug.cgi?id=199656 Reviewed by Eric Carlson. CMTimebaseEffectiveRateChangedCallback() is getting called on a background thread and would call makeWeakPtr() on the MediaPlayerPrivateMediaSourceAVFObjC object, which is not safe because MediaPlayerPrivateMediaSourceAVFObjC is a main thread object. To address the issue, move the logic for listening to effective rate changes to its own Listener class which is ThreadSafeRefCounted. Instead of using makeWeakPtr() on the background thread, we now merely ref the thread-safe listener. * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h: * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::EffectiveRateChangedListener::create): (WebCore::EffectiveRateChangedListener::effectiveRateChanged): (WebCore::CMTimebaseEffectiveRateChangedCallback): (WebCore::EffectiveRateChangedListener::stop): (WebCore::EffectiveRateChangedListener::EffectiveRateChangedListener): (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::MediaPlayerPrivateMediaSourceAVFObjC): (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::~MediaPlayerPrivateMediaSourceAVFObjC): 2019-07-10 Antti Koivisto <antti@apple.com> Remove TouchActionData https://bugs.webkit.org/show_bug.cgi?id=199668 Reviewed by Simon Fraser. TouchActionData structure has been superseded by touch-action regions in EventRegion and is unused. Remove it and the supporting code. No functional changes. * dom/Document.cpp: (WebCore::Document::nodeWillBeRemoved): (WebCore::Document::updateTouchActionElements): Deleted. * dom/Document.h: (WebCore::Document::mayHaveElementsWithNonAutoTouchAction const): (WebCore::Document::setMayHaveElementsWithNonAutoTouchAction): Replace touchActionElements set with a bit that covers the only remaining clients (optimizations). Note that touchActionElements was not deleted when emptied, it had the same "may have" behavior (which is currently needed). (WebCore::Document::touchActionElements const): Deleted. * dom/Element.cpp: (WebCore::Element::computedTouchActions const): Deleted. * dom/Element.h: * page/scrolling/ScrollingCoordinator.cpp: (WebCore::ScrollingCoordinator::absoluteEventTrackingRegionsForFrame const): * page/scrolling/ScrollingTree.cpp: (WebCore::ScrollingTree::touchActionDataAtPoint const): Deleted. * page/scrolling/ScrollingTree.h: * platform/EventTrackingRegions.cpp: (WebCore::operator==): * platform/EventTrackingRegions.h: (): Deleted. * rendering/RenderBlock.cpp: (WebCore::RenderBlock::paintObject): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::calculateClipRects const): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateEventRegion): * style/StyleTreeResolver.cpp: (WebCore::Style::TreeResolver::resolveElement): 2019-07-10 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Remove redundant InlineFormattingContext::LineLayout members. https://bugs.webkit.org/show_bug.cgi?id=199654 <rdar://problem/52869206> Reviewed by Antti Koivisto. Some of the members are actually only needed in selected functions. * layout/inlineformatting/InlineFormattingContext.cpp: (WebCore::Layout::InlineFormattingContext::layout const): (WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthConstraints const): * layout/inlineformatting/InlineFormattingContext.h: (WebCore::Layout::InlineFormattingContext::LineLayout::layoutState const): * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::InlineFormattingContext::LineLayout::LineLayout): (WebCore::Layout::InlineFormattingContext::LineLayout::layout const): (WebCore::Layout::InlineFormattingContext::LineLayout::computedIntrinsicWidth const): (WebCore::Layout::InlineFormattingContext::LineLayout::createDisplayRuns const): (WebCore::Layout::InlineFormattingContext::LineLayout::alignRuns const): * layout/inlineformatting/InlineFormattingState.h: (WebCore::Layout::InlineFormattingState::inlineItems): (WebCore::Layout::InlineFormattingState::inlineRuns): (WebCore::Layout::InlineFormattingState::lineBoxes): 2019-07-10 Enrique Ocaña González <eocanha@igalia.com> [GStreamer] Protect against null samples and samples with null buffers https://bugs.webkit.org/show_bug.cgi?id=199619 Reviewed by Philippe Normand. * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp: (WebCore::GstVideoFrameHolder::GstVideoFrameHolder): Assert to enforce non-null samples. (WebCore::GstVideoFrameHolder::updateTexture): Protect against null m_buffer and improperly mapped video frame. 2019-07-09 Andres Gonzalez <andresg_22@apple.com> AX: HTML datalist accessibility is not exposed by WebKit https://bugs.webkit.org/show_bug.cgi?id=196998 <rdar://problem/49962521> Reviewed by Chris Fleizach. Input fields with datalist are exposed as having a listbox popup. Test: accessibility/datalist.html * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::popupValue const): (WebCore::AccessibilityObject::hasDatalist const): * accessibility/AccessibilityObject.h: 2019-07-09 Justin Fan <justin_fan@apple.com> Replace old, broken WebGPU IDL spec link with the new one in IDL comments. Rubber-stamped by Myles C. Maxfield. No test changes or change in behavior. * Modules/webgpu/GPUBindGroupLayoutBinding.idl: * Modules/webgpu/GPUBindGroupLayoutDescriptor.idl: * Modules/webgpu/GPUBlendDescriptor.idl: * Modules/webgpu/GPUBufferDescriptor.idl: * Modules/webgpu/GPUBufferUsage.idl: * Modules/webgpu/GPUCanvasContext.idl: * Modules/webgpu/GPUColor.idl: * Modules/webgpu/GPUColorStateDescriptor.idl: * Modules/webgpu/GPUColorWriteBits.idl: * Modules/webgpu/GPUCompareFunction.idl: * Modules/webgpu/GPUDepthStencilStateDescriptor.idl: * Modules/webgpu/GPUExtent3D.idl: * Modules/webgpu/GPULoadOp.idl: * Modules/webgpu/GPUOrigin3D.idl: * Modules/webgpu/GPURequestAdapterOptions.idl: * Modules/webgpu/GPUSamplerDescriptor.idl: * Modules/webgpu/GPUShaderStageBit.idl: * Modules/webgpu/GPUStoreOp.idl: * Modules/webgpu/GPUTextureDescriptor.idl: * Modules/webgpu/GPUTextureUsage.idl: * Modules/webgpu/GPUVertexAttributeDescriptor.idl: * Modules/webgpu/GPUVertexBufferDescriptor.idl: * Modules/webgpu/GPUVertexInputDescriptor.idl: * Modules/webgpu/WebGPU.idl: * Modules/webgpu/WebGPUAdapter.idl: * Modules/webgpu/WebGPUBindGroup.idl: * Modules/webgpu/WebGPUBindGroupBinding.idl: * Modules/webgpu/WebGPUBindGroupDescriptor.idl: * Modules/webgpu/WebGPUBindGroupLayout.idl: * Modules/webgpu/WebGPUBuffer.idl: * Modules/webgpu/WebGPUBufferBinding.idl: * Modules/webgpu/WebGPUCommandBuffer.idl: * Modules/webgpu/WebGPUCommandEncoder.idl: * Modules/webgpu/WebGPUComputePassEncoder.idl: * Modules/webgpu/WebGPUComputePipeline.idl: * Modules/webgpu/WebGPUComputePipelineDescriptor.idl: * Modules/webgpu/WebGPUDevice.idl: * Modules/webgpu/WebGPUPipelineDescriptorBase.idl: * Modules/webgpu/WebGPUPipelineLayout.idl: * Modules/webgpu/WebGPUPipelineLayoutDescriptor.idl: * Modules/webgpu/WebGPUPipelineStageDescriptor.idl: * Modules/webgpu/WebGPUProgrammablePassEncoder.idl: * Modules/webgpu/WebGPUQueue.idl: * Modules/webgpu/WebGPURenderPassDescriptor.idl: * Modules/webgpu/WebGPURenderPassEncoder.idl: * Modules/webgpu/WebGPURenderPipeline.idl: * Modules/webgpu/WebGPURenderPipelineDescriptor.idl: * Modules/webgpu/WebGPUSampler.idl: * Modules/webgpu/WebGPUShaderModule.idl: * Modules/webgpu/WebGPUShaderModuleDescriptor.idl: * Modules/webgpu/WebGPUSwapChain.idl: * Modules/webgpu/WebGPUTexture.idl: * Modules/webgpu/WebGPUTextureView.idl: 2019-07-09 Chris Dumez <cdumez@apple.com> Stop using GenericTaskQueue from multiple threads https://bugs.webkit.org/show_bug.cgi?id=199652 Reviewed by Geoffrey Garen. WebCoreAVFLoaderDelegate was calling GenericTaskQueue::enqueueTask() from a background thread, which is not safe because the implementation of enqueueTask() calls makeWeakPtr() on the GenericTaskQueue (a main thread object). Update WebCoreAVFLoaderDelegate to use callOnMainThread() instead. * platform/GenericTaskQueue.h: Stop last template parameter which was used exclusively by WebCoreAVFLoaderDelegate to try and make GenericTaskQueue thread-safe. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (-[WebCoreAVFMovieObserver metadataLoaded]): (-[WebCoreAVFMovieObserver didEnd:]): (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]): (-[WebCoreAVFMovieObserver legibleOutput:didOutputAttributedStrings:nativeSampleBuffers:forItemTime:]): (-[WebCoreAVFMovieObserver outputSequenceWasFlushed:]): (-[WebCoreAVFLoaderDelegate resourceLoader:shouldWaitForLoadingOfRequestedResource:]): (-[WebCoreAVFLoaderDelegate resourceLoader:didCancelLoadingRequest:]): 2019-07-09 Tim Horton <timothy_horton@apple.com> Fixed elements appear in the middle of full page screenshots taken when scrolled https://bugs.webkit.org/show_bug.cgi?id=199649 <rdar://problem/52476226> Reviewed by Simon Fraser. * page/FrameView.h: Expose a getter for the layout viewport override rect. 2019-07-09 Alex Christensen <achristensen@webkit.org> Fix build after r247279 https://bugs.webkit.org/show_bug.cgi?id=199640 * WebCore.xcodeproj/project.pbxproj: 2019-07-09 Alex Christensen <achristensen@webkit.org> Move AutofillElements.{h,cpp} from editing/ios to editing/cocoa since they're used on macOS https://bugs.webkit.org/show_bug.cgi?id=199640 Reviewed by Chris Dumez. * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: * editing/cocoa/AutofillElements.cpp: Copied from Source/WebCore/editing/ios/AutofillElements.cpp. * editing/cocoa/AutofillElements.h: Copied from Source/WebCore/editing/ios/AutofillElements.h. * editing/ios/AutofillElements.cpp: Removed. * editing/ios/AutofillElements.h: Removed. 2019-07-09 Devin Rousso <drousso@apple.com> Web Inspector: Canvas: replace WTF::Vector with std::initializer_list in CallTracer to avoid dynamic allocations https://bugs.webkit.org/show_bug.cgi?id=199611 Reviewed by Joseph Pecoraro. The number of arguments for each member function is known at build time, so there's no need to dynamically allocate a `WTF::Vector` when capturing the arguments. One downside to using a `std::initializer_list` is that we can no longer "flatten" `WTF::Variant` arguments into a `RecordCanvasActionVariant`, but this is acceptable because `WTF::Variant` supports having yet another `WTF::Variant` as one of it's types, which the `InspectorCanvas` can then figure out when it finally gets the data. The same applies to `nullptr`/`Optional` checks as well. * bindings/scripts/CodeGeneratorJS.pm: (GenerateAttributeSetterBodyDefinition): (GenerateImplementationFunctionCall): (GenerateCallTracer): (GenerateCallTracerParameter): Deleted. * bindings/scripts/test/JS/JSTestCallTracer.cpp: * bindings/js/CallTracerTypes.h: * bindings/js/CallTracer.h: * bindings/js/CallTracer.cpp: (WebCore::CallTracer::recordCanvasAction): * inspector/InspectorInstrumentation.h: (WebCore::InspectorInstrumentation::recordCanvasAction): * inspector/InspectorInstrumentation.cpp: (WebCore::InspectorInstrumentation::recordCanvasActionImpl): * inspector/agents/InspectorCanvasAgent.h: * inspector/agents/InspectorCanvasAgent.cpp: (WebCore::InspectorCanvasAgent::recordCanvasAction): * inspector/InspectorCanvas.h: * inspector/InspectorCanvas.cpp: (WebCore::InspectorCanvas::recordAction): (WebCore::InspectorCanvas::buildAction): Drive-by: handle the situation where a parameter is an array of deduplicated strings, which would otherwise be treated as an array of numbers. 2019-07-09 Chris Dumez <cdumez@apple.com> Fix non thread-safe use of WeakPtr in DisplayRefreshMonitorMac::displayLinkFired() https://bugs.webkit.org/show_bug.cgi?id=199626 Reviewed by Ryosuke Niwa. Fix non thread-safe use of WeakPtr in DisplayRefreshMonitorMac::displayLinkFired(). DisplayRefreshMonitorMac gets constructed / destroyed on the main thread, it is not thread-safe to call makeWeakPtr() on a DisplayRefreshMonitorMac object like it was done before. To address the issue, mark the object as ThreadSafeRefCounted and ref the object in the lambda instead. * platform/graphics/DisplayRefreshMonitor.h: (WebCore::DisplayRefreshMonitor::stop): * platform/graphics/DisplayRefreshMonitorManager.cpp: (WebCore::DisplayRefreshMonitorManager::unregisterClient): * platform/graphics/mac/DisplayRefreshMonitorMac.cpp: (WebCore::DisplayRefreshMonitorMac::~DisplayRefreshMonitorMac): (WebCore::DisplayRefreshMonitorMac::stop): (WebCore::DisplayRefreshMonitorMac::displayLinkFired): * platform/graphics/mac/DisplayRefreshMonitorMac.h: 2019-07-09 Sihui Liu <sihui_liu@apple.com> Only allow fetching and removing session credentials from WebsiteDataStore https://bugs.webkit.org/show_bug.cgi?id=199385 <rdar://problem/52622080> Reviewed by Alex Christensen. Fetch and remove only session credentials from NSURLCredentialStorage. Modified existing API tests: WKWebsiteDataStore.FetchPersistentCredentials * platform/network/CredentialStorage.cpp: (WebCore::CredentialStorage::originsWithCredentials const): (WebCore::CredentialStorage::originsWithSessionCredentials): (WebCore::CredentialStorage::removeSessionCredentialsWithOrigins): (WebCore::CredentialStorage::clearSessionCredentials): (WebCore::CredentialStorage::clearPermanentCredentialsForProtectionSpace): * platform/network/CredentialStorage.h: * platform/network/mac/CredentialStorageMac.mm: (WebCore::CredentialStorage::originsWithSessionCredentials): (WebCore::CredentialStorage::removeSessionCredentialsWithOrigins): (WebCore::CredentialStorage::clearSessionCredentials): (WebCore::CredentialStorage::clearPermanentCredentialsForProtectionSpace): (WebCore::CredentialStorage::originsWithPersistentCredentials): Deleted. 2019-07-09 Alex Christensen <achristensen@webkit.org> Null check HistoryItems given to loadDifferentDocumentItem https://bugs.webkit.org/show_bug.cgi?id=199596 <rdar://problem/49884391> Reviewed by Ryosuke Niwa. * loader/FrameLoader.cpp: (WebCore::FrameLoader::retryAfterFailedCacheOnlyMainResourceLoad): Under some rare and mysterious conditions we can have a null provisionalItem when loading from the cache. 2019-07-09 Zalan Bujtas <zalan@apple.com> Fix LOG_DISABLED and TREE_DEBUGGING enabled build. https://bugs.webkit.org/show_bug.cgi?id=199623 <rdar://problem/52837648> Reviewed by Simon Fraser. * rendering/RenderLayerCompositor.cpp: 2019-07-09 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Remove InlineItem references from inline runs. https://bugs.webkit.org/show_bug.cgi?id=199608 <rdar://problem/52812775> Reviewed by Antti Koivisto. Constructing the inline runs is where we stop using InlineItems in the process of processing the inline content. InlineItems are redundant in the context of Display::Runs. It also enables us to create temporary InlineItems to process split content. * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::InlineFormattingContext::LineLayout::createDisplayRuns const): * layout/inlineformatting/InlineFormattingContextQuirks.cpp: (WebCore::Layout::InlineFormattingContext::Quirks::lineDescentNeedsCollapsing): * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::Content::Run::Run): (WebCore::Layout::Line::isVisuallyEmpty const): (WebCore::Layout::Line::close): (WebCore::Layout::Line::removeTrailingTrimmableContent): (WebCore::Layout::Line::trailingTrimmableWidth const): (WebCore::Layout::Line::appendNonBreakableSpace): (WebCore::Layout::Line::appendTextContent): (WebCore::Layout::Line::appendNonReplacedInlineBox): (WebCore::Layout::Line::appendHardLineBreak): * layout/inlineformatting/InlineLine.h: (WebCore::Layout::Line::Content::Run::layoutBox const): (WebCore::Layout::Line::Content::Run::logicalRect const): (WebCore::Layout::Line::Content::Run::textContext const): (WebCore::Layout::Line::Content::Run::type const): (WebCore::Layout::Line::Content::Run::isText const): (WebCore::Layout::Line::Content::Run::isBox const): (WebCore::Layout::Line::Content::Run::isLineBreak const): (WebCore::Layout::Line::Content::Run::isContainerStart const): (WebCore::Layout::Line::Content::Run::isContainerEnd const): (WebCore::Layout::Line::Content::Run::adjustLogicalTop): (WebCore::Layout::Line::Content::Run::moveVertically): (WebCore::Layout::Line::Content::Run::moveHorizontally): (WebCore::Layout::Line::Content::Run::setTextIsCollapsed): 2019-07-09 Antti Koivisto <antti@apple.com> REGRESSION(r244906): Crash in WebCore::positionOffsetValue https://bugs.webkit.org/show_bug.cgi?id=199613 <rdar://problem/51518172> Reviewed by Zalan Bujtas. Test: fast/css/getComputedStyle/sticky-scroll-container-crash.html * css/CSSComputedStyleDeclaration.cpp: (WebCore::positionOffsetValue): * rendering/RenderBox.cpp: (WebCore::RenderBox::enclosingScrollportBox const): Deleted. The client trivally hits nullptr when this is called for element without overflow scroll parent. Fix by removing the whole function and using shared enclosingClippingBoxForStickyPosition instead. It does the same ancestor walk more efficiently via layer tree. * rendering/RenderBox.h: * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::enclosingClippingBoxForStickyPosition const): Factor into function. (WebCore::RenderBoxModelObject::computeStickyPositionConstraints const): * rendering/RenderBoxModelObject.h: 2019-07-09 Cathie Chen <cathiechen@igalia.com> Support writing-mode and direction for scrollIntoViewOptions. https://bugs.webkit.org/show_bug.cgi?id=161611 Reviewed by Frédéric Wang and Simon Fraser. To determine which physical side to align we need to transform ScrollIntoViewOptions to scrollAlignment. We'll translate the inline and block direction separately. The writing-mode will affect the block scrollAlignment. While both writing-mode and CSS direction will affect the inline scrollAlignment. The argument for scrollRectToVisible should be physical, so if !isHorizontalWritingMode(), we need to switch alignX and alignY. For direction: rtl and writing-mode: horizontal-tb box, WebKit puts the scrollbar on the left side. The visible rect starts from the right side of the scroll bar, so localExposeRect should also start from the right side of scroll bar. * dom/Element.cpp: (WebCore::toScrollAlignmentForInlineDirection): (WebCore::toScrollAlignmentForBlockDirection): (WebCore::Element::scrollIntoView): (WebCore::toScrollAlignment): Deleted. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollRectToVisible): 2019-07-08 Saam Barati <sbarati@apple.com> [WHLSL Import 23 new JS reference spec tests https://bugs.webkit.org/show_bug.cgi?id=199604 Reviewed by Myles C. Maxfield. This patch imports a bunch of JS reference spec tests on our way to completing https://bugs.webkit.org/show_bug.cgi?id=199595 It also fixes the recursion checker phase. That phase had two bugs: 1. We'd assert after visiting the function declaration that it was still in the set. However, it will not be in the set when we actually detect recursion. 2. We would not visit the arguments to a call, so if they contained other calls which were recursive, we would not detect such recursive calls. Tests: webgpu/whlsl-int-literal-compare.html webgpu/whlsl-simple-tests.html webgpu/whlsl-type-mismatch.html webgpu/whlsl-uint-bitwise.html * Modules/webgpu/WHLSL/WHLSLRecursionChecker.cpp: 2019-07-08 Chris Dumez <cdumez@apple.com> Make Document::postTask() safe to call from a background thread https://bugs.webkit.org/show_bug.cgi?id=199585 Reviewed by Alex Christensen. Make Document::postTask() safe to call from a background thread by not calling makeWeakPtr() on the Document. Calling makeWeakPtr() on a document from a background thread is not safe since Document is a main thread object. Instead, capture Document::identifier() in the lambda and lookup the document from its identifier once we're on the main thread. * dom/Document.cpp: (WebCore::Document::postTask): 2019-07-08 Youenn Fablet <youenn@apple.com> Hop explicitly to the main thread after generating a frame in ScreenDisplayCaptureSourceMac https://bugs.webkit.org/show_bug.cgi?id=199581 Reviewed by Eric Carlson. Instead of locking and setting the current frame from a background thread, hop to the main thread. This also makes sure the weakThis check is done in the main thread. Manually tested. * platform/mediastream/mac/ScreenDisplayCaptureSourceMac.h: (WebCore::ScreenDisplayCaptureSourceMac::DisplaySurface::DisplaySurface): * platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm: (WebCore::ScreenDisplayCaptureSourceMac::createDisplayStream): (WebCore::ScreenDisplayCaptureSourceMac::generateFrame): (WebCore::ScreenDisplayCaptureSourceMac::newFrame): (WebCore::ScreenDisplayCaptureSourceMac::frameAvailable): Deleted. 2019-07-08 Daniel Bates <dabates@apple.com> Command + . generates Escape with key identifier Period, should be Escape https://bugs.webkit.org/show_bug.cgi?id=199393 <rdar://problem/52498001> Reviewed by Wenson Hsieh. Remap the key code for Command + . before we compute the Windows virtual key code. Otherwise, the Windows virtual key code reveals the pre-mapped key code. * platform/ios/WebEvent.mm: (-[WebEvent initWithKeyEventType:timeStamp:characters:charactersIgnoringModifiers:modifiers:isRepeating:withFlags:withInputManagerHint:keyCode:isTabKey:]): 2019-07-08 Alex Christensen <achristensen@webkit.org> Prevent null dereferencing in SubresourceLoader::init's lambda https://bugs.webkit.org/show_bug.cgi?id=199580 Reviewed by Ryosuke Niwa. Crash logs indicate that sometimes m_documentLoader is null. This is similar to https://bugs.webkit.org/show_bug.cgi?id=187360 * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::init): 2019-07-08 Wenson Hsieh <wenson_hsieh@apple.com> Unable to paste from Notes into Excel 365 spreadsheet https://bugs.webkit.org/show_bug.cgi?id=199565 <rdar://problem/43615497> Reviewed by Chris Dumez. When pasting into Microsoft Excel 365, the copied data is all inserted into a single cell, even when copying a table. To understand why this happens, we first need to understand how Excel's logic for handling paste works. When tapping on the "Paste" button, Excel performs and expects the following: 1. Before triggering programmatic paste, move focus into a hidden contenteditable area specifically intended to capture pasted content. 2. Run a promise that resolves immediately; the promise callback restores focus to the originally focused element prior to (1). 3. Invoke programmatic paste using `document.execCommand("Paste")`. 4. The callback scheduled in step (2) then runs, restoring focus to the main editable element representing a table cell. However, what ends up happening is this: Steps (1)-(3): same as before. 4. We (WebKit) create a temporary Page for the purposes of sanitizing copied web content before exposing it to the paste handler. This involves creating and loading a document; when this is finished, we call into Document::finishedParsing which flushes the microtask queue. 5. This causes us to immediately run the microtask enqueued in step (2), which restores focus to the previously focused element (importantly, this is not the element that was focused in step (1)). 6. The paste commences, and inserts the sanitized fragment into the originally focused element rather than the content editable area intended to capture pasted content. Excel's script then gets confused, and does not end up using their special paste logic to handle the paste. The pasted content is instead just inserted as plain text in a cell. To address this, we simply prevent document load in the Page for web content sanitization from triggering a microtask checkpoint; this allows any scheduled main thread microtasks to be deferred until the next turn of the runloop. Test: editing/pasteboard/paste-does-not-fire-promises-while-sanitizing-web-content.html * dom/Document.cpp: (WebCore::Document::finishedParsing): Don't immediately dispatch microtasks when we finish document parsing, in the case where the page is intended only for web content sanitization, since this may end up executing script in the original document. As explained above, this causes compatibility issues when pasting in Excel. * editing/markup.cpp: (WebCore::createPageForSanitizingWebContent): When creating a page for sanitizing web content, mark it as such. * page/Page.h: Add a new flag to indicate that a Page is only intended for sanitizing web content. (WebCore::Page::setIsForSanitizingWebContent): (WebCore::Page::isForSanitizingWebContent const): 2019-07-08 Konstantin Tokarev <annulen@yandex.ru> Remove unused #include "ImageBufferData.h" https://bugs.webkit.org/show_bug.cgi?id=199574 Reviewed by Michael Catanzaro. * html/canvas/ImageBitmapRenderingContext.h: 2019-07-08 Chris Dumez <cdumez@apple.com> Fix thread safety issue in Database::scheduleTransactionCallback() https://bugs.webkit.org/show_bug.cgi?id=199557 Reviewed by Alex Christensen. I am working on adding threading assertions to WeakPtr and found a potentially unsafe call to makeWeakPtr() on a Document from Database::scheduleTransactionCallback() via Document::postTask(), on a background database thread. Document is a main thread object and we should therefore not be interacting with it from a background thread. For clarity, this patch also switches the webdatabase code to use Document instead of ScriptExecution as type since it is only exposed to Window contexts, not workers. * Modules/webdatabase/Database.cpp: (WebCore::Database::Database): (WebCore::Database::~Database): (WebCore::Database::runTransaction): (WebCore::Database::scheduleTransactionCallback): (WebCore::Database::logErrorMessage): (WebCore::Database::securityOrigin): (WebCore::Database::didExceedQuota): * Modules/webdatabase/Database.h: (WebCore::Database::document): * Modules/webdatabase/DatabaseContext.cpp: (WebCore::DatabaseContext::DatabaseContext): * Modules/webdatabase/DatabaseContext.h: * Modules/webdatabase/DatabaseManager.cpp: (WebCore::DatabaseManager::databaseContext): (WebCore::logOpenDatabaseError): (WebCore::DatabaseManager::openDatabaseBackend): (WebCore::DatabaseManager::tryToOpenDatabaseBackend): (WebCore::DatabaseManager::openDatabase): (WebCore::DatabaseManager::hasOpenDatabases): (WebCore::DatabaseManager::stopDatabases): (WebCore::DatabaseManager::logErrorMessage): * Modules/webdatabase/DatabaseManager.h: * Modules/webdatabase/SQLStatement.cpp: (WebCore::SQLStatement::SQLStatement): * Modules/webdatabase/SQLTransaction.cpp: (WebCore::SQLTransaction::SQLTransaction): * inspector/InspectorInstrumentation.h: (WebCore::InspectorInstrumentation::didOpenDatabase): * inspector/agents/InspectorDatabaseAgent.cpp: (WebCore::InspectorDatabaseAgent::executeSQL): 2019-07-08 Chris Dumez <cdumez@apple.com> Add threading assertion to WTF::CompletionHandler https://bugs.webkit.org/show_bug.cgi?id=199516 Reviewed by Alex Christensen. Update some MessagePort-related code to use WTF::Function instead of WTF::CompletionHandler since the callback is always called on the main thread, even when it was created on a worker thread. Ideally, this code would be refactored so that the callback gets called on the worker thread directly. * dom/messageports/MessagePortChannel.cpp: (WebCore::MessagePortChannel::checkRemotePortForActivity): * dom/messageports/MessagePortChannel.h: * dom/messageports/MessagePortChannelProvider.h: * dom/messageports/MessagePortChannelProviderImpl.cpp: (WebCore::MessagePortChannelProviderImpl::checkRemotePortForActivity): * dom/messageports/MessagePortChannelProviderImpl.h: * dom/messageports/MessagePortChannelRegistry.cpp: (WebCore::MessagePortChannelRegistry::checkRemotePortForActivity): * dom/messageports/MessagePortChannelRegistry.h: 2019-07-08 Charlie Turner <cturner@igalia.com> REGRESSION(r243197): [GStreamer] Web process hangs when scrolling twitter timeline which contains HLS videos https://bugs.webkit.org/show_bug.cgi?id=197558 Reviewed by Xabier Rodriguez-Calvar. Not covered, I have a test locally that would probably trigger the deadlock if the network requests took a realistic amount of time, but from a local webserver the window of time to hit this deadlock is too narrow. * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp: (webkit_web_src_init): Make the websrc start asynchronously, this allows the main thread to be free to complete resource loader setup. (webKitWebSrcCreate): Calling start() from the create() vfunc is a recipe for deadlock, since BaseSrc holds the streaming lock during seeks, and then calls create(). In these cases, we do not want to notify async-completion, since we've already completed from the necessarily preceeding start() vfunc, and calling it again would require the stream-lock and deadlock us. (webKitWebSrcStart): Refactor to use webKitWebSrcMakeRequest, but ensuring that we do perform an async-complete notification. (webKitWebSrcMakeRequest): What Start() used to be, but now can be toggled when to notify of async-completion. Start() no longer blocks, since the return value of initiating a resource loader is of no interest to the callers. (webKitWebSrcCloseSession): Similarly to Start(), we do not need to wait for the completion of cancelled net requests. 2019-07-08 Chris Dumez <cdumez@apple.com> Unable to play videos on xfinity.com/stream on macOS Catalina https://bugs.webkit.org/show_bug.cgi?id=199576 <rdar://problem/50101264> Reviewed by Alex Christensen. Enable invalidate Fetch signal quirk for all sites as the blacklist is getting too large and we are finding too much breakage too late in the release cycle. * Modules/fetch/FetchRequest.cpp: (WebCore::processInvalidSignal): * page/Quirks.cpp: (WebCore::Quirks::shouldIgnoreInvalidSignal const): 2019-07-08 Youenn Fablet <youenn@apple.com> MediaStreamTrackPrivate should always call readyStateChanged on the main thread https://bugs.webkit.org/show_bug.cgi?id=199538 <rdar://problem/52709106> Reviewed by Eric Carlson. MediaStreamTrackPrivate is sometimes calling readyStateChanged in a background thread inside its audioSamplesAvailable method. Instead of doing that, we hop to the main thread to call readyStateChanged. Once the call is made in the main thread, MediaStreamTrackPrivate will send the audio samples to its observers. To make mock audio source closer to real capture audio sources, audioSamplesAvailable is called on a background thread. RealtimeMediaSource is updated to always be destroyed in the main run loop since it is WebKit2 only. Covered by existing tests and making sure the mock audio source calls the audioSamplesAvailable method on a background thread. * platform/mediastream/MediaStreamTrackPrivate.cpp: (WebCore::MediaStreamTrackPrivate::videoSampleAvailable): (WebCore::MediaStreamTrackPrivate::audioSamplesAvailable): * platform/mediastream/MediaStreamTrackPrivate.h: * platform/mediastream/RealtimeMediaSource.cpp: (WebCore::RealtimeMediaSource::scheduleDeferredTask): scheduleDeferredTask may be called from a background thread. It is thus safer to ref the source instead of creating a weak pointer. * platform/mediastream/RealtimeMediaSource.h: * platform/mediastream/mac/MockRealtimeAudioSourceMac.mm: (WebCore::MockRealtimeAudioSourceMac::MockRealtimeAudioSourceMac): (WebCore::MockRealtimeAudioSourceMac::emitSampleBuffers): (WebCore::MockRealtimeAudioSourceMac::reconfigure): (WebCore::MockRealtimeAudioSourceMac::render): (WebCore::MockRealtimeAudioSourceMac::settingsDidChange): * platform/mock/MockRealtimeAudioSource.cpp: (WebCore::MockRealtimeAudioSource::MockRealtimeAudioSource): (WebCore::MockRealtimeAudioSource::tick): * platform/mock/MockRealtimeAudioSource.h: 2019-07-08 Youenn Fablet <youenn@apple.com> Register a MediaStreamTrack as media producer only if it is a capture track https://bugs.webkit.org/show_bug.cgi?id=199566 Reviewed by Eric Carlson. MediaStreamTrack registration as a media producer is only useful for capture tracks. Otherwise, the audio/video playing state is computed through HTMLMediaElement. Do not register MediaStreamTrack as a media producer if it is not a capture track. Set the muted state of the track before registering it as an audio producer. Otherwise, it might create unnecessary small change of playing state. Covered by existing tests. * Modules/mediastream/MediaStreamTrack.cpp: (WebCore::MediaStreamTrack::MediaStreamTrack): (WebCore::MediaStreamTrack::~MediaStreamTrack): * Modules/mediastream/MediaStreamTrack.h: 2019-07-08 Simon Fraser <simon.fraser@apple.com> YouTube embedding iframes in WebView sometimes go blank when the video starts playing https://bugs.webkit.org/show_bug.cgi?id=199600 rdar://problem/47806012 Reviewed by Tim Horton. With some combinations of nested iframes that are being resized from empty, and toggling into compositing mode, we'd fail to update compositing in the iframe's enclosing document, so never host the iframes's layers. Fix by moving some widget-resize-related code into RenderLayerCompositor::widgetDidChangeSize(), and adding code to schedule a compositing update. I was unable to come up with a layout test for this. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::widgetDidChangeSize): * rendering/RenderLayerCompositor.h: * rendering/RenderWidget.cpp: (WebCore::RenderWidget::setWidgetGeometry): 2019-07-08 Antoine Quint <graouts@apple.com> [Pointer Events] Enable only on the most recent version of the supported iOS family https://bugs.webkit.org/show_bug.cgi?id=199562 <rdar://problem/52766511> Reviewed by Dean Jackson. * Configurations/FeatureDefines.xcconfig: 2019-07-08 Philippe Normand <pnormand@igalia.com> [GStreamer] The CREATE_TRACK macro is messed up https://bugs.webkit.org/show_bug.cgi?id=199356 Reviewed by Xabier Rodriguez-Calvar. * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp: (WebCore::MediaPlayerPrivateGStreamer::updateTracks): Fix the CREATE_TRACK macro for !VIDEO_TRACK builds. 2019-07-07 Zalan Bujtas <zalan@apple.com> [ContentChangeObserver] Difficult to control videos on iqiyi.com as the actions are mouse hover https://bugs.webkit.org/show_bug.cgi?id=199542 <rdar://problem/51886813> Reviewed by Simon Fraser. Decouple isVisuallyHidden and isConsideredVisible. Just because an element is not visually hidden (1px wide content) it is not necessarily qualified to be visible in the context of hover heuristic (e.g. iqiyi.com brings up a 1px wide clickable element when hovering over the scrubber. This element is clearly not designed to be actionable.) Tests: fast/events/touch/ios/content-observation/tap-on-1px-height-content.html fast/events/touch/ios/content-observation/tap-on-1px-width-content.html * dom/Node.cpp: (WebCore::Node::defaultEventHandler): * page/ios/ContentChangeObserver.cpp: (WebCore::ContentChangeObserver::isVisuallyHidden): (WebCore::ContentChangeObserver::isConsideredVisible): (WebCore::ContentChangeObserver::didAddTransition): (WebCore::ContentChangeObserver::didFinishTransition): (WebCore::ContentChangeObserver::willDestroyRenderer): (WebCore::ContentChangeObserver::StyleChangeScope::StyleChangeScope): (WebCore::ContentChangeObserver::StyleChangeScope::~StyleChangeScope): (WebCore::ContentChangeObserver::isConsideredHidden): Deleted. * page/ios/ContentChangeObserver.h: 2019-07-07 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Introduce splitPosition to LineLayout https://bugs.webkit.org/show_bug.cgi?id=199558 <rdar://problem/52737649> Reviewed by Antti Koivisto. This is in preparation for breaking runs at line end. * layout/inlineformatting/InlineFormattingContext.h: * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::InlineFormattingContext::LineLayout::LineInput::LineInput): (WebCore::Layout::InlineFormattingContext::LineLayout::placeInlineItems const): (WebCore::Layout::InlineFormattingContext::LineLayout::layout const): (WebCore::Layout::InlineFormattingContext::LineLayout::computedIntrinsicWidth const): 2019-07-07 Zalan Bujtas <zalan@apple.com> [LFC] Fix formatting context root for inflow positioned inline containers https://bugs.webkit.org/show_bug.cgi?id=199551 <rdar://problem/52728868> Reviewed by Antti Koivisto. Relatively positioned (inflow) inline container lives in the formatting context where its parent lives unless the parent establishes a formatting context. This is slightly different from the usual behavior which is containing block driven. div id=outer style="position: absolute">><div id=inner><span style="position: relative">content</span></div></div> While the relatively positioned inline container (span) is placed relative to its containing block "outer", it lives in the inline formatting context established by "inner". * layout/FormattingContext.cpp: (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const): * layout/layouttree/LayoutBox.cpp: (WebCore::Layout::Box::formattingContextRoot const): * layout/layouttree/LayoutBox.h: * layout/layouttree/LayoutInlineContainer.cpp: (WebCore::Layout::InlineContainer::formattingContextRoot const): * layout/layouttree/LayoutInlineContainer.h: 2019-07-06 Simon Fraser <simon.fraser@apple.com> Long hang when loading a cnn.com page on iOS https://bugs.webkit.org/show_bug.cgi?id=199556 Reviewed by Zalan Bujtas. Loading https://edition.cnn.com/travel/article/brussels-airlines-flight-to-nowhere/index.html in the iOS 13 sim results in a long hang under OverlapMapContainer::append(). We were creating pathological clipping scopes with thousands of entries, because OverlapMapContainer::mergeClippingScopesRecursive() had a logic error where it added 'sourceScope' to the child instead of 'sourceChildScope'. Add a new assertion to detect that case. I wasn't able to create a testcase that caused a hang, but a number of existing tests would have hit the assertion. * rendering/LayerOverlapMap.cpp: (WebCore::OverlapMapContainer::ClippingScope::addChild): (WebCore::OverlapMapContainer::mergeClippingScopesRecursive): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::flushPendingLayerChanges): Drive-by fix: m_overflowControlsHostLayer is null on iOS, so use rootGraphicsLayer(). 2019-07-05 Youenn Fablet <youenn@apple.com> Carvana.com needs the fetch AbortSignal quirk https://bugs.webkit.org/show_bug.cgi?id=199540 Reviewed by Chris Dumez. Manually tested. * page/Quirks.cpp: (WebCore::Quirks::shouldIgnoreInvalidSignal const): 2019-07-05 Robin Morisset <rmorisset@apple.com> [WHLSL] The checker does not need to keep a separate m_typeAnnotations map https://bugs.webkit.org/show_bug.cgi?id=199537 Reviewed by Myles C. Maxfield. Nothing is ever deleted from it, and all of its contents are eventually copied into the expressions. We might as well put the type annotations directly into the expressions in the first place. It is about a 5% speedup of the checker. No new test as there is no inteded functional change. * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::Checker::assignTypes): (WebCore::WHLSL::Checker::getInfo): (WebCore::WHLSL::Checker::assignType): (WebCore::WHLSL::Checker::forwardType): (WebCore::WHLSL::Checker::visit): 2019-07-05 Youenn Fablet <youenn@apple.com> and Simon Fraser <simon.fraser@apple.com> Trigger a compositing update when video element is changing https://bugs.webkit.org/show_bug.cgi?id=199522 <rdar://problem/47297159> Reviewed by Simon Fraser. Test: compositing/video/video-update-rendering.html * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::contentChanged): 2019-07-05 Michael Catanzaro <mcatanzaro@igalia.com> Unreviewed, fix -Wmisleading-indentation warning introduced in r246764 https://bugs.webkit.org/show_bug.cgi?id=199173 <rdar://problem/45968770> * contentextensions/ContentExtensionsBackend.cpp: (WebCore::ContentExtensions::ContentExtensionsBackend::processContentRuleListsForLoad): 2019-07-05 Timothy Hatcher <timothy@apple.com> Mail's use of punchOutWhiteBackgroundsInDarkMode not working on iOS. https://bugs.webkit.org/show_bug.cgi?id=199534 rdar://problem/52586836 Reviewed by Simon Fraser. Tests: css3/color-filters/punch-out-white-backgrounds.html * dom/Document.cpp: (WebCore::Document::compositeOperatorForBackgroundColor const): Added. Use CompositeDestinationOut for transparent frames, otherwise CompositeDestinationIn. * dom/Document.h: * rendering/InlineFlowBox.cpp: (WebCore::InlineFlowBox::paintBoxDecorations): Use compositeOperatorForBackgroundColor. * rendering/RenderBox.cpp: (WebCore::RenderBox::paintRootBoxFillLayers): Ditto. (WebCore::RenderBox::paintBackground): Ditto. * rendering/RenderTableCell.cpp: (WebCore::RenderTableCell::paintBackgroundsBehindCell): Ditto. 2019-07-05 Jer Noble <jer.noble@apple.com> Revert change to block playback when process is ostensibly "suspended". https://bugs.webkit.org/show_bug.cgi?id=199530 Reviewed by Eric Carlson. In r243958, a drive-by-fix was added that blocked playback when the WebProcess thought it was susposed to be suspended. The intent was to keep the AVAudioSession for the process from being activated just before the process was suspended, and thus avoid receiving an "interruption" and having the AVAudioSession deactivated out from under us upon resuming. Unfortunately, this caused problems when another process resumes the WebContent process in order to start playback; namely the Now Playing UI's play button. Because we may receive the play command long before whe notice that we've been resumed, the WebContent process may refuse to honor the play command because it thinks its supposed to be suspended. * platform/audio/PlatformMediaSessionManager.cpp: (WebCore::PlatformMediaSessionManager::sessionWillBeginPlayback): 2019-07-05 Ryosuke Niwa <rniwa@webkit.org> [iOS] Crash in WebKit::WebPage::positionInformation via Range::startPosition https://bugs.webkit.org/show_bug.cgi?id=199503 Reviewed by Wenson Hsieh. * editing/Editor.cpp: (WebCore::Editor::compositionRange const): Added a FIXME. 2019-07-02 Myles C. Maxfield <mmaxfield@apple.com> [WHLSL] Standard library is too big to directly include in WebCore https://bugs.webkit.org/show_bug.cgi?id=198186 <rdar://problem/51288898> Reviewed by Saam Barati. This patch adds almost the entire remainder of the standard library. There are a few pieces missing: - step() because of https://bugs.webkit.org/show_bug.cgi?id=199289 - sign() also because of https://bugs.webkit.org/show_bug.cgi?id=199289 - faceforward() because it calls sign() - Some of the more rarely-used texturing functions (e.g. Gather()) https://bugs.webkit.org/show_bug.cgi?id=195813 - RWTextures https://bugs.webkit.org/show_bug.cgi?id=198985 There were two problems with adding so many standard library functions: - We didn't want to increase the WebCore binary size that much - Compiling all the functions at runtime took 7 seconds, which is much too long This patch addresses the first problem by gzipping the standard library before including it in the binary. At runtime, we use libcompression to unzip it. To address the second problem, we did some analysis and found that 14% of that 7 seconds was simply destroying all the AST nodes. Even if we eliminated all processing of the AST, simply having the AST of the entire standard library built and destroyed would still be too slow. Therefore, this patch limits which parts of the standard library get parsed in the first place. All the functions in the standard library file are sorted by name, and each group of functions with the same name are preceeded by a comment of the form /* Functions named xyz */. At build time, a Python script looks for all these comments, and builds a map from function name to character offset inside the file where those functions begin. At run time, we parse the user program first, look for all function calls within it, and look up those function call names in the map to see which part of the standard library holds those functions. We then parse just that part. Because the standard library can call other functions in the standard library, we do this in a loop until we have exhausted all the functions. Covered by existing tests. * DerivedSources-input.xcfilelist: * DerivedSources-output.xcfilelist: * DerivedSources.make: gzip the standard library, and add a build step to generate the offset map. * Modules/webgpu/WHLSL/AST/WHLSLCallExpression.h: (WebCore::WHLSL::AST::CallExpression::setOverloads): (WebCore::WHLSL::AST::CallExpression::function): Every caller of this ASSERT()s the result. Might as well move the ASSERT() into the function. (WebCore::WHLSL::AST::CallExpression::setFunction): * Modules/webgpu/WHLSL/Cocoa/WHLSLStandardLibraryUtilities.cpp: Added. (WebCore::WHLSL::decompressStandardLibrary): Use libcompression. This is why this file is in a Cocoa/ subfolder, and is listed in SourcesCocoa.txt instead of Sources.txt. (WebCore::WHLSL::decompressAndDecodeStandardLibrary): (WebCore::WHLSL::NameFinder::takeFunctionNames): (WebCore::WHLSL::includeStandardLibrary): Include only the bits of the standard library which are relevant, as described above. * Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp: Only emit MSL code for functions which are actually reached. The MSL compiler is a significant amount of our compile time, so reducing the size of the emitted program can significantly improve compile times. (WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit): (WebCore::WHLSL::Metal::sharedMetalFunctions): (WebCore::WHLSL::Metal::metalFunctions): * Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp: (WebCore::WHLSL::Metal::writeNativeFunction): - Change how load() and store() are written. We need explicit functions because we have explicit atomic types, which HLSL doesn't have. load() and store() aren't present in HLSL. - Delete f16tof32 because they're probably not important and are not obvious how to implement. We can re-add them again later if necessary. - Various fixes to make us generate the correct MSL code for each standard library function. * Modules/webgpu/WHLSL/WHLSLBuildStandardLibraryFunctionMap.py: Added. Build the function map as described above. * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::resolveByInstantiation): Previously, the standard library included an operator== for two pointers. However, that function should be generated by the compiler instead. This fixes the bug in the compiler which allows the compiler to correctly generate the right function. This also prompted me to file https://bugs.webkit.org/show_bug.cgi?id=199335 (WebCore::WHLSL::checkOperatorOverload): (WebCore::WHLSL::Checker::visit): * Modules/webgpu/WHLSL/WHLSLFunctionStageChecker.cpp: Update to the new function() signature. * Modules/webgpu/WHLSL/WHLSLLexer.h: Add a new position() method to the lexer. This isn't actually used in this patch, but it's useful when doing some analysis during parsing. (WebCore::WHLSL::Lexer::Lexer): (WebCore::WHLSL::Lexer::consumeToken): (WebCore::WHLSL::Lexer::peek const): (WebCore::WHLSL::Lexer::peekFurther const): (WebCore::WHLSL::Lexer::position const): (WebCore::WHLSL::Lexer::state const): (WebCore::WHLSL::Lexer::setState): (WebCore::WHLSL::Lexer::isFullyConsumed const): Fixes a bug where isFullyConsumed() might return true even when there is a token in the ring buffer. (WebCore::WHLSL::Lexer::peek): Deleted. (WebCore::WHLSL::Lexer::peekFurther): Deleted. * Modules/webgpu/WHLSL/WHLSLNameResolver.cpp: (WebCore::WHLSL::NameResolver::visit): Drive-by partial fix of https://bugs.webkit.org/show_bug.cgi?id=199347 * Modules/webgpu/WHLSL/WHLSLPrepare.cpp: Call includeStandardLibrary(). (WebCore::WHLSL::prepareShared): * Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp: * Modules/webgpu/WHLSL/WHLSLRecursionChecker.cpp: * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: * Modules/webgpu/WHLSL/WHLSLStandardLibraryFunctionMap.h: Copied from Source/WebCore/Modules/webgpu/WHLSL/WHLSLRecursionChecker.cpp. * Modules/webgpu/WHLSL/WHLSLStandardLibraryUtilities.h: Copied from Source/WebCore/Modules/webgpu/WHLSL/WHLSLRecursionChecker.cpp. * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: 2019-07-05 Youenn Fablet <youenn@apple.com> Add fetch quirk for www.bnz.co.nz https://bugs.webkit.org/show_bug.cgi?id=199518 rdar://problem/52230914 Reviewed by Chris Dumez. Use fetch quirk to make bnz main page load properly. Manually tested. * page/Quirks.cpp: (WebCore::Quirks::shouldIgnoreInvalidSignal const): 2019-07-05 Robin Morisset <rmorisset@apple.com> [WHLSL] Optimize the lexer https://bugs.webkit.org/show_bug.cgi?id=199520 Reviewed by Myles Maxfield. This patch includes a number of small optimizations to the lexer: - By creating two new types of Token (Invalid and EOF), we can avoid having to manipulate Optional<Token> everywhere - By combining the lexing of identifiers, keywords and operator names, we can avoid re-reading them several times - By storing mere offsets in the tokens instead of string views, we save space in the common case where the string view is unused (e.g. for keywords) - By storing mere offsets in the tokens instead of line numbers, we can simplify the whitespace and comment lexing; and we can easily recompute the line number on demand - By using templates we can avoid constructing and destructing vectors at runtime every time we call tryTypes, consumeTypes or peekTypes; as well as avoiding a call to find(). - I also hoisted the length check out of the loop in Lexer::string() All of this combined brought the time spent in the parser when running LayoutTests/webgpu/whlsl-test-harness-test.html 5 times on my machine from 612ms to 462ms. I also removed the 'anyCharacter' method since it was dead code. I also removed Lexer::position(), but it is directly equivalent now to peek().startOffset. No new tests as there is no intended functional change. * Modules/webgpu/WHLSL/WHLSLLexer.cpp: (WebCore::WHLSL::Lexer::Token::typeName): (WebCore::WHLSL::Lexer::consumeTokenFromStream): (WebCore::WHLSL::Lexer::lineNumberFromOffset): (WebCore::WHLSL::isWhitespace): (WebCore::WHLSL::isNewline): (WebCore::WHLSL::Lexer::skipWhitespaceAndComments): (WebCore::WHLSL::Lexer::digitStar const): (WebCore::WHLSL::Lexer::completeOperatorName const): * Modules/webgpu/WHLSL/WHLSLLexer.h: (WebCore::WHLSL::Lexer::Lexer): (WebCore::WHLSL::Lexer::Token::stringView): (WebCore::WHLSL::Lexer::consumeToken): (WebCore::WHLSL::Lexer::peek const): (WebCore::WHLSL::Lexer::peekFurther const): (WebCore::WHLSL::Lexer::state const): (WebCore::WHLSL::Lexer::setState): (WebCore::WHLSL::Lexer::isFullyConsumed const): (WebCore::WHLSL::Lexer::errorString): (WebCore::WHLSL::Lexer::string const): * Modules/webgpu/WHLSL/WHLSLNameResolver.h: * Modules/webgpu/WHLSL/WHLSLParser.cpp: (WebCore::WHLSL::Parser::parse): (WebCore::WHLSL::Parser::peek): (WebCore::WHLSL::Parser::peekFurther): (WebCore::WHLSL::Types::includes): (WebCore::WHLSL::Types::appendNameTo): (WebCore::WHLSL::Types<t>::includes): (WebCore::WHLSL::Types<t>::appendNameTo): (WebCore::WHLSL::Parser::peekTypes): (WebCore::WHLSL::Parser::tryType): (WebCore::WHLSL::Parser::tryTypes): (WebCore::WHLSL::Parser::consumeType): (WebCore::WHLSL::Parser::consumeTypes): (WebCore::WHLSL::Parser::consumeIntegralLiteral): (WebCore::WHLSL::Parser::parseConstantExpression): (WebCore::WHLSL::Parser::parseTypeArgument): (WebCore::WHLSL::Parser::parseTypeSuffixAbbreviated): (WebCore::WHLSL::Parser::parseTypeSuffixNonAbbreviated): (WebCore::WHLSL::Parser::parseType): (WebCore::WHLSL::Parser::parseTypeDefinition): (WebCore::WHLSL::Parser::parseBuiltInSemantic): (WebCore::WHLSL::Parser::parseResourceSemantic): (WebCore::WHLSL::Parser::parseQualifiers): (WebCore::WHLSL::Parser::parseStructureElement): (WebCore::WHLSL::Parser::parseStructureDefinition): (WebCore::WHLSL::Parser::parseEnumerationDefinition): (WebCore::WHLSL::Parser::parseEnumerationMember): (WebCore::WHLSL::Parser::parseNativeTypeDeclaration): (WebCore::WHLSL::Parser::parseParameter): (WebCore::WHLSL::Parser::parseComputeFunctionDeclaration): (WebCore::WHLSL::Parser::parseVertexOrFragmentFunctionDeclaration): (WebCore::WHLSL::Parser::parseRegularFunctionDeclaration): (WebCore::WHLSL::Parser::parseBlockBody): (WebCore::WHLSL::Parser::parseSwitchCase): (WebCore::WHLSL::Parser::parseVariableDeclaration): (WebCore::WHLSL::Parser::parseStatement): (WebCore::WHLSL::Parser::parseEffectfulAssignment): (WebCore::WHLSL::Parser::parseLimitedSuffixOperator): (WebCore::WHLSL::Parser::parseSuffixOperator): (WebCore::WHLSL::Parser::completeAssignment): (WebCore::WHLSL::Parser::parsePossibleTernaryConditional): (WebCore::WHLSL::Parser::completePossibleLogicalBinaryOperation): (WebCore::WHLSL::Parser::completePossibleRelationalBinaryOperation): (WebCore::WHLSL::Parser::completePossibleShift): (WebCore::WHLSL::Parser::completePossibleAdd): (WebCore::WHLSL::Parser::completePossibleMultiply): (WebCore::WHLSL::Parser::parsePossiblePrefix): (WebCore::WHLSL::Parser::parseCallExpression): (WebCore::WHLSL::Parser::parseTerm): * Modules/webgpu/WHLSL/WHLSLParser.h: * Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp: (WebCore::WHLSL::anonymousToken): 2019-07-05 Robin Morisset <rmorisset@apple.com> [WHLSL] Remove the phase resolveCallsInFunctions https://bugs.webkit.org/show_bug.cgi?id=199474 Reviewed by Myles Maxfield. This pass only stores into each property access and call expression vectors of all the functions it might be calling, for use by the Checker afterwards. But the checker is perfectly able to compute a pointer to these vectors by itself. So by removing this pass, we gain the following: - One less pass over the AST - No need to copy these vectors (which can be large for heavily overloaded functions, of which there are quite a few in the stdlib) - No need to have these vectors in the expressions, saving 24 bytes per CallExpression and 72 bytes per PropertyAccessExpression - No need to allocate and then destroy these vectors. No new tests as there is no intended functional change. * Modules/webgpu/WHLSL/AST/WHLSLCallExpression.h: (WebCore::WHLSL::AST::CallExpression::castReturnType): * Modules/webgpu/WHLSL/AST/WHLSLPropertyAccessExpression.h: * Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.cpp: (WebCore::WHLSL::AutoInitialize::visit): * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::resolveFunction): (WebCore::WHLSL::Checker::finishVisiting): (WebCore::WHLSL::Checker::visit): * Modules/webgpu/WHLSL/WHLSLNameResolver.cpp: (WebCore::WHLSL::NameResolver::NameResolver): (WebCore::WHLSL::NameResolver::visit): * Modules/webgpu/WHLSL/WHLSLNameResolver.h: * Modules/webgpu/WHLSL/WHLSLPrepare.cpp: (WebCore::WHLSL::prepareShared): 2019-07-05 Youenn Fablet <youenn@apple.com> [iOS] Local capture MediaStreamTrack does not render in portrait mode https://bugs.webkit.org/show_bug.cgi?id=199519 <rdar://problem/52689720> Reviewed by Eric Carlson. RealtimeVideoSource was badly computing its size in case of rotation. Whenever its underlying source is notifying of settings change, compute the size and transpose it only in left/right case. Update mock video source to cover that case. Covered by updated test. * platform/mediastream/RealtimeVideoSource.cpp: (WebCore::RealtimeVideoSource::sourceSettingsChanged): * platform/mediastream/mac/MockRealtimeVideoSourceMac.h: * platform/mediastream/mac/MockRealtimeVideoSourceMac.mm: (WebCore::MockRealtimeVideoSourceMac::updateSampleBuffer): * platform/mock/MockRealtimeVideoSource.cpp: (WebCore::MockRealtimeVideoSource::settings): (WebCore::MockRealtimeVideoSource::orientationChanged): (WebCore::MockRealtimeVideoSource::monitorOrientation): * platform/mock/MockRealtimeVideoSource.h: 2019-07-05 Ryan Haddad <ryanhaddad@apple.com> Unreviewed, rolling out r247115. Breaks lldbWebKitTester (and by extension, test-webkitpy) Reverted changeset: "[WHLSL] Standard library is too big to directly include in WebCore" https://bugs.webkit.org/show_bug.cgi?id=198186 https://trac.webkit.org/changeset/247115 2019-07-05 Ryan Haddad <ryanhaddad@apple.com> Unreviewed, rolling out r247159. IndexedDB layout tests are failing the new assert. Reverted changeset: "ASSERT that a sessionID is valid when encoding it" https://bugs.webkit.org/show_bug.cgi?id=199302 https://trac.webkit.org/changeset/247159 2019-07-05 Ryan Haddad <ryanhaddad@apple.com> Unreviewed, rolling out r247123. Caused TestWebKitAPI.Challenge.BasicProposedCredential to fail. Reverted changeset: "Only allow fetching and removing session credentials from WebsiteDataStore" https://bugs.webkit.org/show_bug.cgi?id=199385 https://trac.webkit.org/changeset/247123 2019-07-05 Youenn Fablet <youenn@apple.com> ASSERT that a sessionID is valid when encoding it https://bugs.webkit.org/show_bug.cgi?id=199302 Reviewed by Darin Adler. For IDBValue, instead of encoding an invalid session ID, encode a boolean that tells there is no sessionID. For IDBRequestData, keep track of whether there is an IDBDatabaseIdentifier and encode/decode accordingly to not encode an invalid sessionID. No observable change of behavior. * Modules/indexeddb/IDBValue.h: (WebCore::IDBValue::sessionID const): (WebCore::IDBValue::encode const): (WebCore::IDBValue::decode): * Modules/indexeddb/shared/IDBRequestData.cpp: (WebCore::IDBRequestData::isolatedCopy): * Modules/indexeddb/shared/IDBRequestData.h: (WebCore::IDBRequestData::databaseIdentifier const): (WebCore::IDBRequestData::decode): 2019-07-05 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Inline runs should be relative to the line's top/left initially https://bugs.webkit.org/show_bug.cgi?id=199157 <rdar://problem/52053415> Reviewed by Antti Koivisto. Let's construct the runs relative to the line's top/left and convert them relative to the formatting root's border box top/left when the line is being closed. When the line moves (floats etc) we don't have to move each runs individually. * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::close): (WebCore::Layout::Line::moveLogicalLeft): (WebCore::Layout::Line::appendInlineContainerStart): (WebCore::Layout::Line::appendTextContent): (WebCore::Layout::Line::appendNonReplacedInlineBox): (WebCore::Layout::Line::appendHardLineBreak): 2019-07-05 Antti Koivisto <antti@apple.com> REGRESSION(r244218): desmos.com: Cannot scroll formulas region when region is scrollable https://bugs.webkit.org/show_bug.cgi?id=199508 <rdar://problem/50925173> Reviewed by Zalan Bujtas. The page invokes preventDefault on simulated mouse events which stops scrolling. To fix, add a quirk that turns simulated mouse events non-cancelable. * dom/MouseEvent.h: * dom/ios/MouseEventIOS.cpp: (WebCore::MouseEvent::create): * page/Quirks.cpp: (WebCore::Quirks::simulatedMouseEventTypeForTarget const): (WebCore::Quirks::shouldDispatchSimulatedMouseEventsOnTarget const): Deleted. To avoid adding more similar functions, and for future flexibility, make this one return the type too. * page/Quirks.h: 2019-07-05 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Empty text node should generate empty InlineTextItem https://bugs.webkit.org/show_bug.cgi?id=199495 <rdar://problem/52643225> Reviewed by Antti Koivisto. Empty text nodes generate empty RenderText renderers but they don't generate inline boxes. This patch aligns LFC with the current rendering code. * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::appendTextContent): * layout/inlineformatting/InlineTextItem.cpp: (WebCore::Layout::InlineTextItem::createAndAppendTextItems): 2019-07-05 Adrian Perez de Castro <aperez@igalia.com> [ATK] Do not use C linkage for functions using C++ features https://bugs.webkit.org/show_bug.cgi?id=199510 <rdar://problem/52674702> Reviewed by Carlos Garcia Campos. No new tests needed. * accessibility/atk/WebKitAccessible.h: Move function and type declarations involving C++ features outside of the block delimited by the G_BEGIN_DECLS and G_END_DECLS macros, which were setting the C linkage. 2019-07-05 Antoine Quint <graouts@apple.com> [Pointer Events] Respect pointer capture when dispatching mouse boundary events and updating :hover https://bugs.webkit.org/show_bug.cgi?id=198999 <rdar://problem/51979477> Reviewed by Dean Jackson. Up until now, we would not account for pointer capture (see https://w3c.github.io/pointerevents/#pointer-capture) when dispatching mouse boundary events (mouseover, mouseout, mouseenter, mouseleave) and their counterpart pointer events. We would also not account for it when updating :hover styles. Now, when pointer capture changes for an element, we call setCapturingMouseEventsElement() on the EventHandler such that the element that would naturally hit-test is overridden by the pointer capture element when identifying which target to use for the dispatch of boundary mouse events. Additionally, when calling Document::prepareMouseEvent(), we also use the pointer capture element to pass down to Document::updateHoverActiveState() such that :hover styles are applied to the correct element. * dom/Document.cpp: (WebCore::Document::prepareMouseEvent): When a new event is going to be dispatched, we must run the Process Pending Capture Element steps as mandated by the Pointer Events spec. Calling this will dispatch the appropriate pointer capture change events and also required boundary events since EventHandler::setCapturingMouseEventsElement() calls into EventHandler::updateMouseEventTargetNode(). Since this may update the capturing mouse events element, we ensure that we call updateHoverActiveState() with a flag that indicates that. Finally, we use the capturing mouse events element instead of the hit-testing element to pass to updateHoverActiveState() to ensure that is has :hover styles applied. (WebCore::Document::updateHoverActiveState): Account for the new CaptureChange flag to force the invalidation of the :hover and :active elements chain at all times when the capturing mouse events element changed. * dom/Document.h: * dom/PointerEvent.h: Update PointerEvent::createForPointerCapture() to take specific parameters rather than a single PointerEvent to set the pointerId, isPrimary and pointerType properties of the generated event. This is required to call processPendingPointerCapture() outside of PointerEvent dispatch logic since we now call it from Document::prepareMouseEvent() where we haven't yet generated such an event. * page/EventHandler.cpp: (WebCore::EventHandler::pointerCaptureElementDidChange): When a new pointer capture element is set, call updateMouseEventTargetNode() to ensure that boundary events are fired to indicate the pointer capture state change. (WebCore::EventHandler::prepareMouseEvent): Keep track of the last PlatformMouseEvent used to prepare a mouse event so that we can use it when setCapturingMouseEventsElement() is called. * page/EventHandler.h: * page/PointerCaptureController.cpp: (WebCore::PointerCaptureController::pointerCaptureElement): Since Document::prepareMouseEvent() needs to know the current pointer capture element, add a new public method that indicates the pointer capture element if that element is contained in the provided document. We need to provide the document since PointerCaptureController is owned by the Page and may manage several documents. (WebCore::PointerCaptureController::dispatchEvent): Only run the Process Pending Capture Element steps when dealing with a touch or pen event since those steps are already ran for mouse events in Document::prepareMouseEvent(). Additionally, since the element target is already set to be the pointer capture element with the changes made to processPendingPointerCapture(), and because on iOS pointer capture is always active, we can remove the code that would retarget the event to the pointer capture element. (WebCore::PointerCaptureController::pointerEventWasDispatched): (WebCore::PointerCaptureController::cancelPointer): (WebCore::PointerCaptureController::processPendingPointerCapture): We now call into EventHandler::setCapturingMouseEventsElement() when the capture target element changes. We must be careful to call this method prior to dispatching the "gotpointercapture" event and after dispatching the "lostpointercapture" event so that boundary events are fired at the right time. * page/PointerCaptureController.h: 2019-07-04 Zalan Bujtas <zalan@apple.com> [ContentChangeObserver] didFinishTransition triggers a nested style recalc via isConsideredClickable https://bugs.webkit.org/show_bug.cgi?id=199506 <rdar://problem/52656221> Reviewed by Ryosuke Niwa. isConsideredClickable() may trigger style update through Node::computeEditability. Let's adjust the observer state in the next runloop. Test: fast/events/touch/ios/content-observation/animation-end-with-visiblity-change-and-recursive-update-style.html * page/ios/ContentChangeObserver.cpp: (WebCore::ContentChangeObserver::didFinishTransition): * page/ios/ContentChangeObserver.h: 2019-07-04 Zalan Bujtas <zalan@apple.com> [ContentChangeObserver] Limit mouseOut dispatching after synthetic click to YouTube.com https://bugs.webkit.org/show_bug.cgi?id=199497 <rdar://problem/52361019> Reviewed by Wenson Hsieh. r242798 introduced synthetic mouseOut dispatching soon after sythentic click to dismiss certain type of content (e.g. video control bar on YouTube). However on many sites, it resulted in dismissing useful content, like menu panes and other, non-clickable but informative content. This patch limits the mouseOut dispatching to YouTube.com. Test: fast/events/touch/ios/content-observation/mouse-out-event-should-not-fire-on-click.html * page/Quirks.cpp: (WebCore::Quirks::needsYouTubeMouseOutQuirk const): * page/Quirks.h: * page/Settings.yaml: * testing/InternalSettings.cpp: (WebCore::InternalSettings::Backup::Backup): (WebCore::InternalSettings::Backup::restoreTo): (WebCore::InternalSettings::setShouldDispatchSyntheticMouseOutAfterSyntheticClick): * testing/InternalSettings.h: * testing/InternalSettings.idl: 2019-07-04 Ryan Haddad <ryanhaddad@apple.com> Unreviewed, rolling out r247127. Broke the watchOS build. Reverted changeset: "[WHLSL] Remove the phase resolveCallsInFunctions" https://bugs.webkit.org/show_bug.cgi?id=199474 https://trac.webkit.org/changeset/247127 2019-07-03 Simon Fraser <simon.fraser@apple.com> Some layers inside overflow:scroll don't move back to correct positions when the contents are shrunk https://bugs.webkit.org/show_bug.cgi?id=199464 rdar://problem/52613285 Reviewed by Sam Weinig. When an overflow scroller's content shrink and it becomes non-scrollable, the 'boundsOrigin' in the ancestor clipping stacks of related layers wouldn't get reset to zero, leaving layers in the wrong place, so always set boundsOrigin to zero on the clipping layers of non-overflow entries in the ancestor clipping stack. Test: compositing/scrolling/async-overflow-scrolling/become-non-scrollable-with-child.html * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateGeometry): 2019-07-04 Konstantin Tokarev <annulen@yandex.ru> HyphenationLibHyphen: Include GLib-related headers only for PLATFORM(GTK) https://bugs.webkit.org/show_bug.cgi?id=199469 Reviewed by Michael Catanzaro. Also added compile guard for a couple of functions used only in GTK port. * platform/text/hyphen/HyphenationLibHyphen.cpp: 2019-07-03 Eric Carlson <eric.carlson@apple.com> [MSE] Add more debug and error logging https://bugs.webkit.org/show_bug.cgi?id=199473 <rdar://problem/52615882> Reviewed by Jer Noble. * Modules/mediasource/SourceBuffer.cpp: (WebCore::SourceBuffer::provideMediaData): Log if we don't enqueue every buffer. * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::playInternal): Log if we return without starting playback. * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: (WebCore::SourceBufferPrivateAVFObjC::enqueueSample): Log if prerollDecodeWithCompletionHandler fails. 2019-07-03 Simon Fraser <simon.fraser@apple.com> RELEASE_ASSERT in WebCore: WebCore::ScrollingStateTree::insertNode() https://bugs.webkit.org/show_bug.cgi?id=199479 rdar://problem/52392556 Reviewed by Zalan Bujtas. Certain compositing tree updates could leave a layer with a ScrollingProxy role, but having an AncestorClippingStack with no overflow scrolling layers - for example, a related scroller could become scrollable, but we failed to mark the layer with the ancestor clippings stack as needing a geometry update. When this happened updateScrollingNodeForScrollingProxyRole() would return 0, causing the next child to be inserted with a parent of 0 (which should only happen for the root), and triggering a release assert in ScrollingStateTree::insertNode(). Fix by ensuring that updateScrollingNodeForScrollingProxyRole() always returns the existing parentNodeID if we don't have a new node to insert. Test: scrollingcoordinator/scrolling-tree/scrolling-proxy-with-no-scrolling-layer.html * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateAncestorClippingStack): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::updateScrollingNodeForScrollingProxyRole): 2019-07-03 Konstantin Tokarev <annulen@yandex.ru> RenderLayerCompositor.cpp should include RenderImage.h https://bugs.webkit.org/show_bug.cgi?id=199478 Reviewed by Michael Catanzaro. * rendering/RenderLayerCompositor.cpp: 2019-07-03 Robin Morisset <rmorisset@apple.com> [WHLSL] Remove the phase resolveCallsInFunctions https://bugs.webkit.org/show_bug.cgi?id=199474 Reviewed by Myles C. Maxfield. This pass only stores into each property access and call expression vectors of all the functions it might be calling, for use by the Checker afterwards. But the checker is perfectly able to compute a pointer to these vectors by itself. So by removing this pass, we gain the following: - One less pass over the AST - No need to copy these vectors (which can be large for heavily overloaded functions, of which there are quite a few in the stdlib) - No need to have these vectors in the expressions, saving 24 bytes per CallExpression and 72 bytes per PropertyAccessExpression - No need to allocate and then destroy these vectors. No new tests as there is no intended functional change. * Modules/webgpu/WHLSL/AST/WHLSLCallExpression.h: (WebCore::WHLSL::AST::CallExpression::castReturnType): * Modules/webgpu/WHLSL/AST/WHLSLPropertyAccessExpression.h: * Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.cpp: (WebCore::WHLSL::AutoInitialize::visit): * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::resolveFunction): (WebCore::WHLSL::Checker::finishVisiting): (WebCore::WHLSL::Checker::visit): * Modules/webgpu/WHLSL/WHLSLNameResolver.cpp: (WebCore::WHLSL::NameResolver::NameResolver): (WebCore::WHLSL::NameResolver::visit): * Modules/webgpu/WHLSL/WHLSLNameResolver.h: * Modules/webgpu/WHLSL/WHLSLPrepare.cpp: (WebCore::WHLSL::prepareShared): 2019-07-03 Robin Morisset <rmorisset@apple.com> [WHLSL] Make the destructor of VariableDeclaration non-virtual https://bugs.webkit.org/show_bug.cgi?id=199460 Reviewed by Myles C. Maxfield. Three steps: - Remove WHLSL::AST::Value, inlining it into its children (it is trivial, it just has one field m_origin with a getter and nothing else) - Mark WHLSL::AST::VariableDeclaration final - Now that it inherits from nothing and nothing can inherit from it, there is no reason for it to have any virtual method, including its destructor. This not only saves 8 bytes from every variable declaration (for the virtual table pointer), it also should make destructing the AST at the end of compilation a bit faster by removing the virtual destructor call. No new tests as there is no intended functional change. * Modules/webgpu/WHLSL/AST/WHLSLAST.h: * Modules/webgpu/WHLSL/AST/WHLSLExpression.h: (WebCore::WHLSL::AST::Expression::Expression): (WebCore::WHLSL::AST::Expression::origin const): * Modules/webgpu/WHLSL/AST/WHLSLStatement.h: (WebCore::WHLSL::AST::Statement::Statement): (WebCore::WHLSL::AST::Statement::origin const): * Modules/webgpu/WHLSL/AST/WHLSLValue.h: Removed. * Modules/webgpu/WHLSL/AST/WHLSLVariableDeclaration.h: * Modules/webgpu/WHLSL/WHLSLParser.h: * WebCore.xcodeproj/project.pbxproj: 2019-07-03 Sihui Liu <sihui_liu@apple.com> Only allow fetching and removing session credentials from WebsiteDataStore https://bugs.webkit.org/show_bug.cgi?id=199385 Reviewed by Alex Christensen. Fetch and remove only session credentials from NSURLCredentialStorage. Modified existing API tests: WKWebsiteDataStore.FetchPersistentCredentials * platform/network/CredentialStorage.cpp: (WebCore::CredentialStorage::originsWithCredentials const): (WebCore::CredentialStorage::originsWithSessionCredentials): (WebCore::CredentialStorage::removeSessionCredentialsWithOrigins): (WebCore::CredentialStorage::clearSessionCredentials): * platform/network/CredentialStorage.h: * platform/network/mac/CredentialStorageMac.mm: (WebCore::CredentialStorage::originsWithSessionCredentials): (WebCore::CredentialStorage::removeSessionCredentialsWithOrigins): (WebCore::CredentialStorage::clearSessionCredentials): (WebCore::CredentialStorage::originsWithPersistentCredentials): Deleted. 2019-07-03 Said Abou-Hallawa <sabouhallawa@apple.com> The destructor of CSSAnimationControllerPrivate must explicitly clear the composite animations https://bugs.webkit.org/show_bug.cgi?id=199415 Reviewed by Simon Fraser. After the destructor of CSSAnimationControllerPrivate exists, the non static members are deleted. When the HashMap m_compositeAnimations is deleted, its entries are deleted. The destructor of CompositeAnimation calls the method CSSAnimationControllerPrivate::animationWillBeRemoved() back through its back reference m_animationController. The non static members of CSSAnimationControllerPrivate are being deleted and it is incorrect to try to use any of these members after exiting the destructor. We need to explicitly clear the composite animations before exiting the destructor of CSSAnimationControllerPrivate. * page/animation/CSSAnimationController.cpp: (WebCore::CSSAnimationControllerPrivate::~CSSAnimationControllerPrivate): 2019-07-03 Jer Noble <jer.noble@apple.com> HTMLMediaElement can hold onto display sleep assertion while process is suspended. https://bugs.webkit.org/show_bug.cgi?id=199471 <rdar://problem/52124320> If the WebContent process is suspended before HTMLMediaElement gets a callback telling it that the MediaPlayer has stopped playing, the SleepDisabler may stay set (and hold a display or system sleep assertion) for the entire duration the process is suspended, causing excess power drain. Add a PlatformMediaSessionClient method (and an implementation in HTMLMediaElement) which will be called during the preperation for process suspension, and in this callback, clear the SleepDisabler token. Reviewed by Eric Carlson. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::shouldDisableSleep const): (WebCore::HTMLMediaElement::processIsSuspendedChanged): * html/HTMLMediaElement.h: * platform/audio/PlatformMediaSession.h: (WebCore::PlatformMediaSessionClient::processIsSuspendedChanged): * platform/audio/PlatformMediaSessionManager.cpp: (WebCore::PlatformMediaSessionManager::processWillSuspend): (WebCore::PlatformMediaSessionManager::processDidResume): * platform/audio/PlatformMediaSessionManager.h: (WebCore::PlatformMediaSessionManager::processIsSuspended const): 2019-07-03 Jonathan Bedard <jbedard@apple.com> [Catalina] Enable WebKit build https://bugs.webkit.org/show_bug.cgi?id=199209 Reviewed by Darin Adler. No new tests, Catalina test expectations will be migrated in the near future. * WebCorePrefix.h: Exclude the header which declares SecTrustedApplicationCreateFromPath unavailable on Mac. * crypto/mac/SerializedCryptoKeyWrapMac.mm: Ensure that we define SecTrustedApplicationCreateFromPath before other headers declare it unavailable on Mac. 2019-07-02 Myles C. Maxfield <mmaxfield@apple.com> [WHLSL] Standard library is too big to directly include in WebCore https://bugs.webkit.org/show_bug.cgi?id=198186 <rdar://problem/51288898> Reviewed by Saam Barati. This patch adds almost the entire remainder of the standard library. There are a few pieces missing: - step() because of https://bugs.webkit.org/show_bug.cgi?id=199289 - sign() also because of https://bugs.webkit.org/show_bug.cgi?id=199289 - faceforward() because it calls sign() - Some of the more rarely-used texturing functions (e.g. Gather()) https://bugs.webkit.org/show_bug.cgi?id=195813 - RWTextures https://bugs.webkit.org/show_bug.cgi?id=198985 There were two problems with adding so many standard library functions: - We didn't want to increase the WebCore binary size that much - Compiling all the functions at runtime took 7 seconds, which is much too long This patch addresses the first problem by gzipping the standard library before including it in the binary. At runtime, we use libcompression to unzip it. To address the second problem, we did some analysis and found that 14% of that 7 seconds was simply destroying all the AST nodes. Even if we eliminated all processing of the AST, simply having the AST of the entire standard library built and destroyed would still be too slow. Therefore, this patch limits which parts of the standard library get parsed in the first place. All the functions in the standard library file are sorted by name, and each group of functions with the same name are preceeded by a comment of the form /* Functions named xyz */. At build time, a Python script looks for all these comments, and builds a map from function name to character offset inside the file where those functions begin. At run time, we parse the user program first, look for all function calls within it, and look up those function call names in the map to see which part of the standard library holds those functions. We then parse just that part. Because the standard library can call other functions in the standard library, we do this in a loop until we have exhausted all the functions. Covered by existing tests. * DerivedSources-input.xcfilelist: * DerivedSources-output.xcfilelist: * DerivedSources.make: gzip the standard library, and add a build step to generate the offset map. * Modules/webgpu/WHLSL/AST/WHLSLCallExpression.h: (WebCore::WHLSL::AST::CallExpression::setOverloads): (WebCore::WHLSL::AST::CallExpression::function): Every caller of this ASSERT()s the result. Might as well move the ASSERT() into the function. (WebCore::WHLSL::AST::CallExpression::setFunction): * Modules/webgpu/WHLSL/Cocoa/WHLSLStandardLibraryUtilities.cpp: Added. (WebCore::WHLSL::decompressStandardLibrary): Use libcompression. This is why this file is in a Cocoa/ subfolder, and is listed in SourcesCocoa.txt instead of Sources.txt. (WebCore::WHLSL::decompressAndDecodeStandardLibrary): (WebCore::WHLSL::NameFinder::takeFunctionNames): (WebCore::WHLSL::includeStandardLibrary): Include only the bits of the standard library which are relevant, as described above. * Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp: Only emit MSL code for functions which are actually reached. The MSL compiler is a significant amount of our compile time, so reducing the size of the emitted program can significantly improve compile times. (WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit): (WebCore::WHLSL::Metal::sharedMetalFunctions): (WebCore::WHLSL::Metal::metalFunctions): * Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp: (WebCore::WHLSL::Metal::writeNativeFunction): - Change how load() and store() are written. We need explicit functions because we have explicit atomic types, which HLSL doesn't have. load() and store() aren't present in HLSL. - Delete f16tof32 because they're probably not important and are not obvious how to implement. We can re-add them again later if necessary. - Various fixes to make us generate the correct MSL code for each standard library function. * Modules/webgpu/WHLSL/WHLSLBuildStandardLibraryFunctionMap.py: Added. Build the function map as described above. * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::resolveByInstantiation): Previously, the standard library included an operator== for two pointers. However, that function should be generated by the compiler instead. This fixes the bug in the compiler which allows the compiler to correctly generate the right function. This also prompted me to file https://bugs.webkit.org/show_bug.cgi?id=199335 (WebCore::WHLSL::checkOperatorOverload): (WebCore::WHLSL::Checker::visit): * Modules/webgpu/WHLSL/WHLSLFunctionStageChecker.cpp: Update to the new function() signature. * Modules/webgpu/WHLSL/WHLSLLexer.h: Add a new position() method to the lexer. This isn't actually used in this patch, but it's useful when doing some analysis during parsing. (WebCore::WHLSL::Lexer::Lexer): (WebCore::WHLSL::Lexer::consumeToken): (WebCore::WHLSL::Lexer::peek const): (WebCore::WHLSL::Lexer::peekFurther const): (WebCore::WHLSL::Lexer::position const): (WebCore::WHLSL::Lexer::state const): (WebCore::WHLSL::Lexer::setState): (WebCore::WHLSL::Lexer::isFullyConsumed const): Fixes a bug where isFullyConsumed() might return true even when there is a token in the ring buffer. (WebCore::WHLSL::Lexer::peek): Deleted. (WebCore::WHLSL::Lexer::peekFurther): Deleted. * Modules/webgpu/WHLSL/WHLSLNameResolver.cpp: (WebCore::WHLSL::NameResolver::visit): Drive-by partial fix of https://bugs.webkit.org/show_bug.cgi?id=199347 * Modules/webgpu/WHLSL/WHLSLPrepare.cpp: Call includeStandardLibrary(). (WebCore::WHLSL::prepareShared): * Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp: * Modules/webgpu/WHLSL/WHLSLRecursionChecker.cpp: * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: * Modules/webgpu/WHLSL/WHLSLStandardLibraryFunctionMap.h: Copied from Source/WebCore/Modules/webgpu/WHLSL/WHLSLRecursionChecker.cpp. * Modules/webgpu/WHLSL/WHLSLStandardLibraryUtilities.h: Copied from Source/WebCore/Modules/webgpu/WHLSL/WHLSLRecursionChecker.cpp. * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: 2019-07-03 Jer Noble <jer.noble@apple.com> Exception thrown from -[AVSampleBufferRenderSynchronizer addRenderer:], not a valid renderer. https://bugs.webkit.org/show_bug.cgi?id=199419 <rdar://problem/52141139> Reviewed by Eric Carlson. Sometimes, -[AVSampleBufferDisplayLayer init] will return nil. When that happens, passing a nil pointer to -addRenderer: will throw an exception. * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer): 2019-07-03 Robin Morisset <rmorisset@apple.com> [WHLSL] "Semantic" should be held by a unique_ptr, not an Optional https://bugs.webkit.org/show_bug.cgi?id=199462 Reviewed by Myles C. Maxfield. Most StructureElement, FunctionDeclaration and (especially) VariableDeclaration don't have a 'Semantic' field. Using an Optional<Semantic> to represent this is a major memory waste, as Semantic is 56 bytes, so Optional<Semantic> is 64 bytes! Putting one level of indirection through a unique_ptr thus saves 56 bytes for each VariableDeclaration (and FunctionDeclaration and StructureElement) that does not have a Semantic, at the low cost of one pointer dereference when accessing the field for those that have one. This patch also reorders the fields of FunctionDefinition to save another 8 bytes. No new tests as there is no intended functional change. * Modules/webgpu/WHLSL/AST/WHLSLFunctionDeclaration.h: (WebCore::WHLSL::AST::FunctionDeclaration::FunctionDeclaration): (WebCore::WHLSL::AST::FunctionDeclaration::semantic): * Modules/webgpu/WHLSL/AST/WHLSLReadModifyWriteExpression.h: (WebCore::WHLSL::AST::ReadModifyWriteExpression::ReadModifyWriteExpression): * Modules/webgpu/WHLSL/AST/WHLSLStructureElement.h: (WebCore::WHLSL::AST::StructureElement::StructureElement): (WebCore::WHLSL::AST::StructureElement::semantic): * Modules/webgpu/WHLSL/AST/WHLSLVariableDeclaration.h: (WebCore::WHLSL::AST::VariableDeclaration::VariableDeclaration): (WebCore::WHLSL::AST::VariableDeclaration::semantic): * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::resolveWithOperatorAnderIndexer): (WebCore::WHLSL::resolveWithOperatorLength): (WebCore::WHLSL::resolveWithReferenceComparator): * Modules/webgpu/WHLSL/WHLSLGatherEntryPointItems.cpp: (WebCore::WHLSL::Gatherer::visit): (WebCore::WHLSL::gatherEntryPointItems): * Modules/webgpu/WHLSL/WHLSLParser.cpp: (WebCore::WHLSL::Parser::parseSemantic): * Modules/webgpu/WHLSL/WHLSLParser.h: * Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp: (WebCore::WHLSL::preserveVariableLifetimes): * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: (WebCore::WHLSL::wrapAnderCallArgument): (WebCore::WHLSL::modify): (WebCore::WHLSL::PropertyResolver::visit): * Modules/webgpu/WHLSL/WHLSLSynthesizeArrayOperatorLength.cpp: (WebCore::WHLSL::synthesizeArrayOperatorLength): * Modules/webgpu/WHLSL/WHLSLSynthesizeConstructors.cpp: (WebCore::WHLSL::synthesizeConstructors): * Modules/webgpu/WHLSL/WHLSLSynthesizeEnumerationFunctions.cpp: (WebCore::WHLSL::synthesizeEnumerationFunctions): * Modules/webgpu/WHLSL/WHLSLSynthesizeStructureAccessors.cpp: (WebCore::WHLSL::synthesizeStructureAccessors): 2019-07-03 Robin Morisset <rmorisset@apple.com> [WHLSL] WHLSL::AST::Node is useless https://bugs.webkit.org/show_bug.cgi?id=199391 Reviewed by Dean Jackson. It has no member, no non-trivial method, and we never access an AST node completely generically. So WHLSL::AST::Node can be removed, as a first step towards removing the virtual table pointer from most AST nodes (and avoiding a virtual destructor call at the end of the compiler). No new test because there is no functional change. * Modules/webgpu/WHLSL/AST/WHLSLAST.h: * Modules/webgpu/WHLSL/AST/WHLSLBaseFunctionAttribute.h: * Modules/webgpu/WHLSL/AST/WHLSLBaseSemantic.h: * Modules/webgpu/WHLSL/AST/WHLSLEnumerationMember.h: * Modules/webgpu/WHLSL/AST/WHLSLFunctionDeclaration.h: * Modules/webgpu/WHLSL/AST/WHLSLNamedType.h: * Modules/webgpu/WHLSL/AST/WHLSLReplaceWith.h: Renamed from Source/WebCore/Modules/webgpu/WHLSL/AST/WHLSLNode.h. (WebCore::WHLSL::AST::replaceWith): * Modules/webgpu/WHLSL/AST/WHLSLStructureElement.h: * Modules/webgpu/WHLSL/AST/WHLSLType.h: * Modules/webgpu/WHLSL/AST/WHLSLTypeDefinition.h: * Modules/webgpu/WHLSL/AST/WHLSLUnnamedType.h: * Modules/webgpu/WHLSL/AST/WHLSLValue.h: * Modules/webgpu/WHLSL/WHLSLNameResolver.cpp: * Modules/webgpu/WHLSL/WHLSLParser.h: * Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp: * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: * WebCore.xcodeproj/project.pbxproj: 2019-07-03 Youenn Fablet <youenn@apple.com> Strengthen updating/removing of registrations from the database https://bugs.webkit.org/show_bug.cgi?id=199450 rdar://problem/51891395 Reviewed by Chris Dumez. SWServerWorker is ref counted and has a ref to its SWServer. There is thus a possibility for SWServerWorker to live longer than its SWServer. To mitigate this, have SWServerWorker use a WeakPtr<SWServer> and check whether SWServer is null when receiving messages from WebProcess. Make also sure that RegistrationStore updated registration map does not get corrupted by checking the registration keys explicitly. Covered by existing tests. * workers/service/ServiceWorkerRegistrationKey.h: (WebCore::ServiceWorkerRegistrationKey::operator!= const): (WebCore::ServiceWorkerRegistrationKey::isEmpty const): * workers/service/server/RegistrationStore.cpp: (WebCore::RegistrationStore::updateRegistration): (WebCore::RegistrationStore::removeRegistration): (WebCore::RegistrationStore::addRegistrationFromDatabase): * workers/service/server/RegistrationStore.h: * workers/service/server/SWServer.cpp: (WebCore::SWServer::workerByID const): (WebCore::SWServer::removeRegistration): * workers/service/server/SWServer.h: * workers/service/server/SWServerWorker.cpp: (WebCore::SWServerWorker::SWServerWorker): (WebCore::m_scriptResourceMap): (WebCore::SWServerWorker::contextData const): (WebCore::SWServerWorker::terminate): (WebCore::SWServerWorker::scriptContextFailedToStart): (WebCore::SWServerWorker::scriptContextStarted): (WebCore::SWServerWorker::didFinishInstall): (WebCore::SWServerWorker::didFinishActivation): (WebCore::SWServerWorker::contextTerminated): (WebCore::SWServerWorker::findClientByIdentifier const): (WebCore::SWServerWorker::matchAll): (WebCore::SWServerWorker::userAgent const): (WebCore::SWServerWorker::claim): (WebCore::SWServerWorker::skipWaiting): (WebCore::SWServerWorker::setHasPendingEvents): (WebCore::SWServerWorker::setState): * workers/service/server/SWServerWorker.h: (WebCore::SWServerWorker::server): 2019-07-03 Sam Weinig <weinig@apple.com> Adopt simple structured bindings in more places https://bugs.webkit.org/show_bug.cgi?id=199247 Reviewed by Alex Christensen. Replaces simple uses of std::tie() with structured bindings. Does not touch uses of std::tie() that are not initial declarations, use std::ignore or in case where the binding is captured by a lambda, as structured bindings don't work for those cases yet. * css/StyleResolver.cpp: (WebCore::checkForOrientationChange): * page/csp/ContentSecurityPolicy.cpp: (WebCore::ContentSecurityPolicy::allowInlineScript const): (WebCore::ContentSecurityPolicy::allowInlineStyle const): * platform/graphics/ComplexTextController.cpp: (WebCore::ComplexTextController::adjustGlyphsAndAdvances): * platform/graphics/PathUtilities.cpp: (WebCore::PathUtilities::pathWithShrinkWrappedRectsForOutline): * platform/graphics/WidthIterator.cpp: (WebCore::WidthIterator::advanceInternal): * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::FontCache::createFontPlatformData): (WebCore::FontCache::systemFallbackForCharacters): (WebCore::FontCache::lastResortFallbackFont): * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp: (WebCore::FontFamilySpecificationCoreText::fontRanges const): * platform/network/SocketStreamHandleImpl.cpp: (WebCore::cookieDataForHandshake): * rendering/InlineTextBox.cpp: (WebCore::InlineTextBox::selectionState): (WebCore::createMarkedTextFromSelectionInBox): * rendering/svg/SVGInlineTextBox.cpp: (WebCore::SVGInlineTextBox::paintSelectionBackground): * style/StyleResolveForDocument.cpp: (WebCore::Style::resolveForDocument): * svg/animation/SVGSMILElement.cpp: (WebCore::SVGSMILElement::constructAttributeName const): 2019-07-03 Wenson Hsieh <wenson_hsieh@apple.com> REGRESSION (iOS 13): Tapping an element with a click event handler no longer clears the selection https://bugs.webkit.org/show_bug.cgi?id=199430 Reviewed by Tim Horton. After <trac.webkit.org/r245067>, we no longer immediately clear the text selection when recognizing a single tap in WKContentView, and instead only clear it out in the case where the single tap didn't result in a click event in the web process. This fixed an issue wherein the text selection would be prematurely cleared when tapping, but also made it such that tapping on an element with a click event handler would not cause the selection to change, even if preventDefault() is not called on mousedown. On web pages that add a click event listener to `document.body`, it's nearly impossible to dismiss text selections by tapping elsewhere in the body. On macOS, this works because EventHandler::handleMousePressEventSingleClick contains logic to modify the selection when handling a mousedown, as a part of default behavior. However, there is platform-specific logic added in <trac.webkit.org/r233311> that avoids changing the selection when handling a synthetic mousedown on iOS; this is because we defer to the single tap text interaction gesture on iOS, which (among other things) provides additional support for moving the selection to word boundaries, instead of the editing position directly under the click. However, no such platform-specific text interaction single tap gesture exists for non-editable text, so there's no reason we need to bail in the case where the root editable element is null. We can fix this bug without breaking the fix in r233311 by matching macOS behavior and not bailing via early return in the case where the single tap would move selection into non-editable text. Tests: editing/selection/ios/clear-selection-after-tapping-on-element-with-click-handler.html editing/selection/ios/persist-selection-after-tapping-on-element-with-mousedown-handler.html * page/EventHandler.cpp: (WebCore::EventHandler::handleMousePressEventSingleClick): 2019-07-03 Ryan Haddad <ryanhaddad@apple.com> Unreviewed, rolling out r246616. Caused http/tests/inspector/network/har/har-page.html to fail on Catalina. Reverted changeset: "Web Inspector: Network: replace CFNetwork SPI with new API where able" https://bugs.webkit.org/show_bug.cgi?id=198762 https://trac.webkit.org/changeset/246616 2019-07-03 Andres Gonzalez <andresg_22@apple.com> Safari hanging while loading pages - WebCore::AccessibilityRenderObject::visiblePositionRangeForLine. https://bugs.webkit.org/show_bug.cgi?id=199434 <rdar://problem/52475140> Reviewed by Chris Fleizach. Tests were disabled until underlying bug is fixed. Rolling out a workaround for CharacterIterator::advance bug because it seems to be causing a hang in Safari. * editing/Editing.cpp: (WebCore::visiblePositionForIndexUsingCharacterIterator): 2019-07-02 Simon Fraser <simon.fraser@apple.com> REGRESSION (r246723): ScrollingTreeOverflowScrollProxyNode::m_overflowScrollingNodeID is uninitialized sometimes https://bugs.webkit.org/show_bug.cgi?id=199432 Reviewed by Antti Koivisto. I noticed while debugging rdar://problem/52291642 that m_overflowScrollingNodeID was uninitialized in ScrollingTreeOverflowScrollProxyNode. This could lead to the wrong node being found by m_scrollingTree->nodeForID(), which could result in type confusion bugs. This can happen with negative z-order layers when we fail to find their related scrolling tree node on the first pass. * page/scrolling/cocoa/ScrollingTreeOverflowScrollProxyNode.h: 2019-07-02 Zan Dobersek <zdobersek@igalia.com> FetchResponse::BodyLoader should not be movable https://bugs.webkit.org/show_bug.cgi?id=199380 Reviewed by Youenn Fablet. The FetchResponse::BodyLoader class has a FetchLoader member that is initialized in the start() method with the reference of the owning FetchResponse::BodyLoader object. This reference doesn't change when the FetchResponse::BodyLoader object is moved into a different object and the FetchLoader unique_ptr along with it, leading to problems when that FetchLoader tries to invoke the FetchLoaderClient methods on the FetchResponse::BodyLoader object that's been moved from and is possibly already destroyed. To avoid this, the FetchResponse::BodyLoader has the move constructor removed and is now managed through std::unique_ptr instead of Optional, ensuring the FetchResponse::BodyLoader object itself isn't moved around. * Modules/fetch/FetchResponse.cpp: (WebCore::FetchResponse::fetch): (WebCore::FetchResponse::BodyLoader::didSucceed): (WebCore::FetchResponse::BodyLoader::didFail): * Modules/fetch/FetchResponse.h: 2019-07-02 Said Abou-Hallawa <sabouhallawa@apple.com> Assertion fires when animating the 'class' attribute of an SVG element https://bugs.webkit.org/show_bug.cgi?id=197372 Reviewed by Ryosuke Niwa. All instances of SVG animated properties have to share a single animVal such that once its value is progressed, all the instances will see the change. This was not happening for SVGAnimatedPrimitiveProperty. To do that we need to: -- Introduce the new template class SVGSharedPrimitiveProperty which is derived from SVGProperty. This class manages a single primitive value. -- Change the type of SVGAnimatedPrimitiveProperty::m_animVal to RefPtr<SVGSharedPrimitiveProperty<PropertyType>>. The master property creates it and all the instances hold references to the same pointer. -- Change the type of SVGAnimatedPrimitiveProperty::m_baseVal to Ref<SVGSharedPrimitiveProperty<PropertyType>> for simplicity and get rid of SVGAnimatedPrimitiveProperty::m_state. -- Override the virtual methods instanceStartAnimation() and instanceStopAnimation() of SVGAnimatedPrimitiveProperty. -- SVGAnimatedStringAnimator should invalidate the style of the target element if attribute name is 'class' and when its animVal changes. * WebCore.xcodeproj/project.pbxproj: * svg/properties/SVGAnimatedPrimitiveProperty.h: (WebCore::SVGAnimatedPrimitiveProperty::setBaseVal): (WebCore::SVGAnimatedPrimitiveProperty::setBaseValInternal): (WebCore::SVGAnimatedPrimitiveProperty::baseVal const): (WebCore::SVGAnimatedPrimitiveProperty::setAnimVal): (WebCore::SVGAnimatedPrimitiveProperty::animVal const): (WebCore::SVGAnimatedPrimitiveProperty::animVal): (WebCore::SVGAnimatedPrimitiveProperty::currentValue const): (WebCore::SVGAnimatedPrimitiveProperty::SVGAnimatedPrimitiveProperty): (WebCore::SVGAnimatedPrimitiveProperty::ensureAnimVal): * svg/properties/SVGAnimatedPropertyAnimatorImpl.h: * svg/properties/SVGAttributeAnimator.cpp: (WebCore::SVGAttributeAnimator::invalidateStyle): (WebCore::SVGAttributeAnimator::applyAnimatedStylePropertyChange): (WebCore::SVGAttributeAnimator::removeAnimatedStyleProperty): * svg/properties/SVGAttributeAnimator.h: * svg/properties/SVGSharedPrimitiveProperty.h: Added. (WebCore::SVGSharedPrimitiveProperty::create): (WebCore::SVGSharedPrimitiveProperty::value const): (WebCore::SVGSharedPrimitiveProperty::value): (WebCore::SVGSharedPrimitiveProperty::setValue): (WebCore::SVGSharedPrimitiveProperty::SVGSharedPrimitiveProperty): 2019-07-02 Andres Gonzalez <andresg_22@apple.com> Enhance support of aria-haspopup per ARIA 1.1 specification. https://bugs.webkit.org/show_bug.cgi?id=199216 <rdar://problem/46221342> Reviewed by Chris Fleizach. Test button-with-aria-haspopup-role.html was expanded to cover testing of new functionality. * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::popupValue const): replaces hasPopupValue. (WebCore::AccessibilityObject::hasPopupValue const): Deleted. * accessibility/AccessibilityObject.h: * accessibility/AccessibilityRenderObject.cpp: (WebCore::AccessibilityRenderObject::hasPopup const): method rename. * accessibility/atk/WebKitAccessible.cpp: (webkitAccessibleGetAttributes): method rename. * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper accessibilityPopupValue]): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]): 2019-07-02 Saam Barati <sbarati@apple.com> [WHLSL] Import bitwise bool tests https://bugs.webkit.org/show_bug.cgi?id=199093 Reviewed by Myles C. Maxfield. Add standard library functions for: - bool bit ops - converting from bool to number - converting from number to bool Test: webgpu/whlsl-bitwise-bool-ops.html * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: 2019-07-02 Takashi Komori <Takashi.Komori@sony.com> [Curl] Fix CookieJarCurl::getRawCookie. https://bugs.webkit.org/show_bug.cgi?id=199300 Reviewed by Fujii Hironori. On wincairo some cookie information was not displayed in WebInspector's storage tab as CookieJarCurl::getRawCookies was calling CookieJarDB::searchCookies with wrong arguments. This patch fixes it. Test: http/tests/inspector/page/get-cookies.html * platform/network/curl/CookieJarCurl.cpp: (WebCore::CookieJarCurl::getRawCookies const): 2019-07-02 Robin Morisset <rmorisset@apple.com> [WHLSL] the initializer in VariableDeclaration should be a std::unique_ptr, not Optional<UniqueRef<..>> https://bugs.webkit.org/show_bug.cgi?id=199389 Reviewed by Sam Weinig. Optional<UniqueRef<..>> is not only semantically weird (UniqueRef is basically a unique_ptr that promises not to be null), but also inefficient, wasting 8 bytes for the boolean in Optional. It is a pattern that appears throughout the AST. In this patch I start by removing it in a fairly simple spot: the initializer for VariableDeclaration. No test because there is no intended functional change. * Modules/webgpu/WHLSL/AST/WHLSLReadModifyWriteExpression.h: (WebCore::WHLSL::AST::ReadModifyWriteExpression::ReadModifyWriteExpression): * Modules/webgpu/WHLSL/AST/WHLSLVariableDeclaration.h: (WebCore::WHLSL::AST::VariableDeclaration::VariableDeclaration): (WebCore::WHLSL::AST::VariableDeclaration::initializer): (WebCore::WHLSL::AST::VariableDeclaration::takeInitializer): (WebCore::WHLSL::AST::VariableDeclaration::setInitializer): * Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.cpp: (WebCore::WHLSL::AutoInitialize::visit): * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::resolveWithOperatorAnderIndexer): (WebCore::WHLSL::resolveWithOperatorLength): (WebCore::WHLSL::resolveWithReferenceComparator): * Modules/webgpu/WHLSL/WHLSLParser.cpp: (WebCore::WHLSL::Parser::parseParameter): (WebCore::WHLSL::Parser::parseVariableDeclaration): * Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp: * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: (WebCore::WHLSL::wrapAnderCallArgument): (WebCore::WHLSL::modify): (WebCore::WHLSL::PropertyResolver::visit): * Modules/webgpu/WHLSL/WHLSLSynthesizeArrayOperatorLength.cpp: (WebCore::WHLSL::synthesizeArrayOperatorLength): * Modules/webgpu/WHLSL/WHLSLSynthesizeConstructors.cpp: (WebCore::WHLSL::synthesizeConstructors): * Modules/webgpu/WHLSL/WHLSLSynthesizeEnumerationFunctions.cpp: (WebCore::WHLSL::synthesizeEnumerationFunctions): * Modules/webgpu/WHLSL/WHLSLSynthesizeStructureAccessors.cpp: (WebCore::WHLSL::synthesizeStructureAccessors): 2019-07-02 Jer Noble <jer.noble@apple.com> Pipe suport for 'cenc' init data type into CDMFairPlayStreaming https://bugs.webkit.org/show_bug.cgi?id=199381 Reviewed by Eric Carlson. Expose the parsing of 'cenc' init data from InitDataRegistry, so it can be used in the evaluation steps inside CDMFairPlayStreaming. + Add a new method, extractPsshBoxesFromCenc() which returns an optional array of unique_ptrs to different types of ISOPSSHBoxes. + Add a peekScheme() method to ISOPSSHBox so that we can create the correct subclass of ISOPSSHBox from the above method. + Remove an extra definition of fairPlaySystemID() from CDMFairPlayStreaming. + Add 'cenc' to the list of supported types in CDMPrivateFairPlayStreaming::vaildInitDataTypes(). + Add support for 'cenc' in CDMPrivateFairPlayStreaming::supportsInitData(). + Format the 'cenc' init data as an encodec-JSON structure for AVContentKeySession. + Update the ISOFairPlayStreamingKeyRequestInfoBox to be a ISOFullBox. + Update the box name of ISOFairPlayStreamingInitDataBox. * Modules/encryptedmedia/InitDataRegistry.cpp: (WebCore::InitDataRegistry::extractPsshBoxesFromCenc): (WebCore::InitDataRegistry::extractKeyIDsCenc): (WebCore::InitDataRegistry::sanitizeCenc): (WebCore::InitDataRegistry::cencName): (WebCore::InitDataRegistry::keyidsName): (WebCore::InitDataRegistry::webmName): (WebCore::extractKeyIDsCenc): Deleted. (WebCore::sanitizeCenc): Deleted. * Modules/encryptedmedia/InitDataRegistry.h: (WebCore::SourceBuffer::changeType): * platform/graphics/avfoundation/CDMFairPlayStreaming.cpp: (WebCore::validInitDataTypes): (WebCore::CDMPrivateFairPlayStreaming::supportsInitData const): (WebCore::CDMPrivateFairPlayStreaming::fairPlaySystemID): Deleted. * platform/graphics/avfoundation/CDMFairPlayStreaming.h: * platform/graphics/avfoundation/ISOFairPlayStreamingPsshBox.h: (isType): * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm: (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::requestLicense): * platform/graphics/iso/ISOProtectionSystemSpecificHeaderBox.cpp: (WebCore::ISOProtectionSystemSpecificHeaderBox::peekSystemID): * platform/graphics/iso/ISOProtectionSystemSpecificHeaderBox.h: 2019-07-02 Daniel Bates <dabates@apple.com> [iOS] Cannot tab cycle through credit card fields on antonsvpatisserie.com checkout page https://bugs.webkit.org/show_bug.cgi?id=196053 <rdar://problem/49093034> Reviewed by Wenson Hsieh. Remove the iOS override for isKeyboardFocusable() so that the focus controller allows iframes to be keyboard focusable. Tests: fast/events/ios/tab-cycle.html fast/events/ios/tab-into-text-field-inside-iframe.html * html/HTMLIFrameElement.h: 2019-07-02 Daniel Bates <dabates@apple.com> Left and right option key has Unidentified key identifier https://bugs.webkit.org/show_bug.cgi?id=199392 <rdar://problem/52497604> Reviewed by Wenson Hsieh. Fix up switch case for left Option key and add a case statement for the right Option key. * platform/ios/PlatformEventFactoryIOS.mm: (WebCore::codeForKeyEvent): 2019-07-02 Antti Koivisto <antti@apple.com> Crash when adding inline stylesheet to shadow tree in document with null base URL https://bugs.webkit.org/show_bug.cgi?id=199400 Reviewed by Zalan Bujtas. We compute CSSParserContextHash for the inline stylesheet cache but that hits a nullptr crash if the document happens to have null base URL (which is uncommon but possible). Test: fast/shadow-dom/stylesheet-in-shadow-without-base-url-crash.html * css/parser/CSSParserContext.h: (WebCore::CSSParserContextHash::hash): Null check the base URL (like other strings), it is a valid case. 2019-07-02 Devin Rousso <drousso@apple.com> Web Inspector: Debug: "Reset Web Inspector" should also clear the saved window size and attachment side https://bugs.webkit.org/show_bug.cgi?id=198956 Reviewed by Matt Baker. * inspector/InspectorFrontendClient.h: * inspector/InspectorFrontendClientLocal.h: * inspector/InspectorFrontendClientLocal.cpp: (WebCore::InspectorFrontendClientLocal::Settings::deleteProperty): Added. (WebCore::InspectorFrontendClientLocal::resetWindowState): Added. * inspector/InspectorFrontendHost.idl: * inspector/InspectorFrontendHost.h: * inspector/InspectorFrontendHost.cpp: (WebCore::InspectorFrontendHost::reset): Added. 2019-07-01 Zalan Bujtas <zalan@apple.com> [Text autosizing] [iPadOS] AutosizeStatus::idempotentTextSize returns the computed font size in certain cases. https://bugs.webkit.org/show_bug.cgi?id=199382 <rdar://problem/52483097> Reviewed by Wenson Hsieh. Adjust the font size on the style only when the autosized value is different from the computed value. * css/StyleResolver.cpp: (WebCore::StyleResolver::adjustRenderStyleForTextAutosizing): 2019-07-01 Chris Dumez <cdumez@apple.com> It should not be possible to trigger a load while in the middle of restoring a page in PageCache https://bugs.webkit.org/show_bug.cgi?id=199190 <rdar://problem/52114552> Reviewed by Brady Eidson. Test: http/tests/security/navigate-when-restoring-cached-page.html * history/CachedFrame.cpp: (WebCore::CachedFrame::open): Stop attaching the cached document before calling FrameLoader::open() given that the previous document is still attached to the frame at this point. This avoids having 2 documents attached to the same frame during a short period of time. * loader/FrameLoader.cpp: (WebCore::FrameLoader::open): We now attach the cached document to the frame *after* calling FrameLoader::clear(), which means that the previous document now has been detached from this frame. (WebCore::FrameLoader::detachChildren): As per the HTML specification [1], an attempt to navigate should fail if the prompt to unload algorithm is being run for the active document of browsingContext. Note that the "prompt to unload" algorithm [2] includes firing the 'unload' event in the current document and in all the documents in the subframes. As a result, FrameLoader::detachChildren() is the right prevent such navigations. We were actually trying to do this via the SubframeLoadingDisabler stack variable inside detachChildren(). The issue is that this only prevents navigation in the subframes (i.e. <iframe> elements), not the main frame. As a result, script would be able to navigate the top-frame even though detachChildren() is being called on the top frame. To address the issue, I now create a NavigationDisabler variable in the scope of detachChildren() when detachChildren() is called on the top frame. NavigationDisabler prevents all navigations within the page, including navigations on the main/top frame. [1] https://html.spec.whatwg.org/multipage/browsing-the-web.html#navigate [2] https://html.spec.whatwg.org/multipage/browsing-the-web.html#prompt-to-unload-a-document 2019-07-01 Truitt Savell <tsavell@apple.com> Unreviewed, rolling out r246844. Broke 12 tests in imported/w3c/web-platform- tests/pointerevents/ Reverted changeset: "[Pointer Events] Respect pointer capture when dispatching mouse boundary events and updating :hover" https://bugs.webkit.org/show_bug.cgi?id=198999 https://trac.webkit.org/changeset/246844 2019-07-01 Truitt Savell <tsavell@apple.com> Unreviewed, rolling out r246849. 12 tests broken in r246844 require this to be rolled out. Reverted changeset: "[Pointer Events] Respect pointer capture when dispatching mouse boundary events and updating :hover" https://bugs.webkit.org/show_bug.cgi?id=198999 https://trac.webkit.org/changeset/246849 2019-07-01 Alex Christensen <achristensen@webkit.org> Null check provisionalItem in FrameLoader::continueLoadAfterNavigationPolicy https://bugs.webkit.org/show_bug.cgi?id=199327 <rdar://problem/48262384> Reviewed by Darin Adler. * loader/FrameLoader.cpp: (WebCore::FrameLoader::continueLoadAfterNavigationPolicy): Sometimes provisionalItem is null. Let's not crash. 2019-07-01 Truitt Savell <tsavell@apple.com> Unreviewed, rolling out r246958. Broke inspector/dom/getAccessibilityPropertiesForNode.html Reverted changeset: "Enhance support of aria-haspopup per ARIA 1.1 specification." https://bugs.webkit.org/show_bug.cgi?id=199216 https://trac.webkit.org/changeset/246958 2019-07-01 Brady Eidson <beidson@apple.com> More judiciously handle clearing/creation of DOMWindows for new Documents. <rdar://problem/51665406> and https://bugs.webkit.org/show_bug.cgi?id=198786 Reviewed by Chris Dumez. * bindings/js/ScriptController.cpp: (WebCore::ScriptController::executeIfJavaScriptURL): * loader/DocumentWriter.cpp: (WebCore::DocumentWriter::replaceDocumentWithResultOfExecutingJavascriptURL): Rename for clarity. (WebCore::DocumentWriter::begin): Handle DOMWindow taking/creation inside FrameLoader::clear via a lambda. (WebCore::DocumentWriter::replaceDocument): Deleted. * loader/DocumentWriter.h: * loader/FrameLoader.cpp: (WebCore::FrameLoader::clear): Take a "handleDOMWindowCreation" lambda to run after clearing the previous document. * loader/FrameLoader.h: 2019-07-01 Zalan Bujtas <zalan@apple.com> [iPadOS] Tapping on the bottom part of youtube video behaves as if controls were visible https://bugs.webkit.org/show_bug.cgi?id=199349 <rdar://problem/51955744> Reviewed by Simon Fraser. Synthetic click event should not be dispatched to a node that is initially hidden (by opacity: 0) and becomes visible by the touchStart event. While this behaves different from macOS where opacity: 0; content is "clickable", it impoves usability on certain sites like YouTube.com. Test: fast/events/touch/ios/content-observation/opacity-change-happens-on-touchstart-with-transition2.html * dom/Node.cpp: (WebCore::Node::defaultEventHandler): * page/ios/ContentChangeObserver.cpp: (WebCore::ContentChangeObserver::isConsideredHidden): (WebCore::ContentChangeObserver::reset): (WebCore::isConsideredHidden): Deleted. * page/ios/ContentChangeObserver.h: (WebCore::ContentChangeObserver::setHiddenTouchTarget): (WebCore::ContentChangeObserver::resetHiddenTouchTarget): (WebCore::ContentChangeObserver::hiddenTouchTarget const): 2019-06-28 Brent Fulgham <bfulgham@apple.com> [FTW] Build WebCore https://bugs.webkit.org/show_bug.cgi?id=199199 Reviewed by Don Olmstead. Make some minor corrections needed to get FTW WebCore to build and link. * PlatformFTW.cmake: Added. * platform/graphics/win/GlyphPageTreeNodeDirect2D.cpp: (WebCore::GlyphPage::fill): * platform/graphics/win/GraphicsContextDirect2D.cpp: (WebCore::GraphicsContext::setURLForRect): * platform/graphics/win/PatternDirect2D.cpp: * platform/graphics/win/SimpleFontDataDirect2D.cpp: * platform/image-decoders/ScalableImageDecoder.cpp: (WebCore::ScalableImageDecoder::setTargetContext): Added stub. * platform/image-decoders/ScalableImageDecoder.h: * platform/network/curl/CookieJarDB.cpp: (WebCore::CookieJarDB::hasCookies): (WebCore::CookieJarDB::canAcceptCookie): 2019-07-01 Wenson Hsieh <wenson_hsieh@apple.com> iOS: REGRESSION(async scroll): Caret doesn't scroll when scrolling textarea https://bugs.webkit.org/show_bug.cgi?id=198217 <rdar://problem/51097296> Reviewed by Simon Fraser. Add a ScrollingLayerPositionAction argument to ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling, and avoid bailing early in the case where ScrollingLayerPositionAction::Set is used. See the WebKit ChangeLog for more detail. Test: editing/selection/ios/update-selection-after-overflow-scroll.html * page/scrolling/ScrollingTreeScrollingNode.cpp: (WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling): * page/scrolling/ScrollingTreeScrollingNode.h: 2019-07-01 Antti Koivisto <antti@apple.com> REGRESSION(r240047): Overflow scrollers on WK1 fail to update their content size when it changes https://bugs.webkit.org/show_bug.cgi?id=199360 <rdar://problem/51643386> Reviewed by Simon Fraser. r240047 replaced didCommitChangesForLayer() mechanism by a more narrow didChangePlatformLayerForLayer. Unfortunately on WK1 we relied on scroll layers being invalidated after every size (and scrollbar) change. Without this invalidation we don't call WebChromeClientIOS::addOrUpdateScrollingLayer and the UIKit delegate that resizes the UIScrollView content. Fix by removing the scroll layer invalidation mechanism from LegacyWebKitScrollingLayerCoordinator completely and instead simply update all scroll layers after commit. The UIKit delegate doesn't do any significant work if nothing changes, this was not a very meaninful optimization. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayersAfterFlush): Update all scroll layers after flush (similar to viewport constrained layers). (WebCore::RenderLayerCompositor::didChangePlatformLayerForLayer): (WebCore::LegacyWebKitScrollingLayerCoordinator::updateScrollingLayer): (WebCore::LegacyWebKitScrollingLayerCoordinator::addScrollingLayer): (WebCore::LegacyWebKitScrollingLayerCoordinator::removeScrollingLayer): (WebCore::LegacyWebKitScrollingLayerCoordinator::registerScrollingLayersNeedingUpdate): Deleted. (WebCore::LegacyWebKitScrollingLayerCoordinator::didChangePlatformLayerForLayer): Deleted. * rendering/RenderLayerCompositor.h: 2019-07-01 Philippe Normand <pnormand@igalia.com> [GStreamer] Cannot play Bert's Bytes radio stream from http://radio.dos.nl/ https://bugs.webkit.org/show_bug.cgi?id=198376 Reviewed by Xabier Rodriguez-Calvar. The delayed startup was due to a mix of buffering feedback messages not handled correctly by the player. We were handling download and streaming buffering metrics without distinction. Range requests (used for seeking) were also triggering on-disk buffering in some cases. The buffering percentage estimation based on network read position was not working either because uint64_t division doesn't return a floating point value. No new tests, existing media tests cover this patch. * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp: (WebCore::MediaPlayerPrivateGStreamer::commitLoad): (WebCore::MediaPlayerPrivateGStreamer::play): (WebCore::MediaPlayerPrivateGStreamer::handleMessage): (WebCore::MediaPlayerPrivateGStreamer::processBufferingStats): (WebCore::MediaPlayerPrivateGStreamer::updateBufferingStatus): (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired): (WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded const): (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress const): (WebCore::MediaPlayerPrivateGStreamer::updateStates): (WebCore::MediaPlayerPrivateGStreamer::updateDownloadBufferingFlag): (WebCore::MediaPlayerPrivateGStreamer::setPreload): * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp: (webkitWebSrcReset): * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.h: 2019-07-01 Miguel Gomez <magomez@igalia.com> REGRESSION(r246963) GTK's debug build is broken https://bugs.webkit.org/show_bug.cgi?id=199358 Reviewed by Michael Catanzaro. Add traits to be able to downcast AnimatedBackingStoreClient. * platform/graphics/nicosia/NicosiaAnimatedBackingStoreClient.h: (Nicosia::AnimatedBackingStoreClient::AnimatedBackingStoreClient): (Nicosia::AnimatedBackingStoreClient::type const): * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp: (WebCore::CoordinatedGraphicsLayer::updateContentBuffers): 2019-07-01 Carlos Garcia Campos <cgarcia@igalia.com> Unreviewed. Fix GTK build with GSTREAMER_GL disabled after r246710 * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h: 2019-07-01 Carlos Garcia Campos <cgarcia@igalia.com> WebSockets: add support for sending blob messages when using web sockets platform APIs https://bugs.webkit.org/show_bug.cgi?id=199189 Reviewed by Youenn Fablet. * Headers.cmake: Add missing headers. 2019-07-01 Miguel Gomez <magomez@igalia.com> [WPE][GTK] Content disappearing when using CSS transforms https://bugs.webkit.org/show_bug.cgi?id=181757 Reviewed by Žan Doberšek. During each layer flush, create an AnimatedBackingStoreClient instance for each layer that has a backingStore and is to be animated, and send that client to the appropriate TextureMapperLayer on the compositor thread. During each frame rendering, the client will use the future layer position (currently 50ms in the future) to check whether new tiles are required to keep the animation ongoing, and notify the appropriate CoordinatedGraphicsLayer so it can perform a layer flush and provide new tiles. * platform/TextureMapper.cmake: * platform/graphics/nicosia/NicosiaAnimatedBackingStoreClient.h: Added. * platform/graphics/nicosia/NicosiaPlatformLayer.h: (Nicosia::CompositionLayer::flushState): * platform/graphics/texmap/TextureMapperAnimation.cpp: (WebCore::TextureMapperAnimation::applyKeepingInternalState): (WebCore::TextureMapperAnimations::applyKeepingInternalState): * platform/graphics/texmap/TextureMapperAnimation.h: * platform/graphics/texmap/TextureMapperLayer.cpp: (WebCore::TextureMapperLayer::computeTransformsRecursive): (WebCore::TextureMapperLayer::setAnimatedBackingStoreClient): (WebCore::TextureMapperLayer::syncAnimations): * platform/graphics/texmap/TextureMapperLayer.h: * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp: (WebCore::CoordinatedGraphicsLayer::~CoordinatedGraphicsLayer): (WebCore::clampToContentsRectIfRectIsInfinite): (WebCore::CoordinatedGraphicsLayer::flushCompositingStateForThisLayerOnly): (WebCore::CoordinatedGraphicsLayer::requestBackingStoreUpdate): (WebCore::CoordinatedGraphicsLayer::updateContentBuffers): * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h: 2019-06-30 Antti Koivisto <antti@apple.com> Use separate variables for moving and stationary scrolling relationships in RemoteLayerTreeNode https://bugs.webkit.org/show_bug.cgi?id=199348 Reviewed by Darin Adler. * page/scrolling/ScrollingStateStickyNode.cpp: * page/scrolling/ScrollingTree.cpp: (WebCore::ScrollingTree::commitTreeState): * page/scrolling/ScrollingTree.h: (WebCore::ScrollingTree::activeOverflowScrollProxyNodes): (WebCore::ScrollingTree::activePositionedNodes): (WebCore::ScrollingTree::nodesWithRelatedOverflow): Deleted. Use separate sets for overflow proxies and positioned nodes. Use Refs to nodes instead of ids to simplify client code. This doesn't affect lifetimes, these sets are cleared at the beginning of each commit. * page/scrolling/cocoa/ScrollingTreeOverflowScrollProxyNode.mm: (WebCore::ScrollingTreeOverflowScrollProxyNode::commitStateBeforeChildren): * page/scrolling/cocoa/ScrollingTreePositionedNode.mm: (WebCore::ScrollingTreePositionedNode::commitStateBeforeChildren): 2019-06-30 Andres Gonzalez <andresg_22@apple.com> Enhance support of aria-haspopup per ARIA 1.1 specification. https://bugs.webkit.org/show_bug.cgi?id=199216 <rdar://problem/46221342> Reviewed by Chris Fleizach. Test button-with-aria-haspopup-role.html was expanded to cover testing of new functionality. * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::popupValue const): replaces hasPopupValue. (WebCore::AccessibilityObject::hasPopupValue const): Deleted. * accessibility/AccessibilityObject.h: * accessibility/AccessibilityRenderObject.cpp: (WebCore::AccessibilityRenderObject::hasPopup const): method rename. * accessibility/atk/WebKitAccessible.cpp: (webkitAccessibleGetAttributes): method rename. * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper accessibilityPopupValue]): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]): 2019-06-30 Zalan Bujtas <zalan@apple.com> [LFC] Implement Layout::printLayoutTreeForLiveDocuments https://bugs.webkit.org/show_bug.cgi?id=199343 <rdar://problem/52393047> Reviewed by Antti Koivisto. * layout/layouttree/LayoutTreeBuilder.cpp: (WebCore::Layout::printLayoutTreeForLiveDocuments): * page/FrameViewLayoutContext.cpp: (WebCore::layoutUsingFormattingContext): 2019-06-22 Darin Adler <darin@apple.com> Streamline some string code, focusing on functions that were using substringSharingImpl https://bugs.webkit.org/show_bug.cgi?id=198898 Reviewed by Daniel Bates. * css/CSSComputedStyleDeclaration.cpp: (WebCore::CSSComputedStyleDeclaration::CSSComputedStyleDeclaration): Take a StringView instead of a String argument for the pseudo-element name. This prevents us from having to use substringSharingImpl to strip off leading colons. (WebCore::CSSComputedStyleDeclaration::create): Moved this function in here since it's no longer being inlined. * css/CSSComputedStyleDeclaration.h: Moved the create function to no longer be inlined, since it's better to have the constructor be inlined in the create function instead. Changed the pseudo-element name argument to be a StringView rather than a String. Also initialize m_refCount in the class definition. * css/CSSSelector.cpp: (WebCore::CSSSelector::parsePseudoElementType): Take a StringView instead of a String. * css/CSSSelector.h: Updated for the above change. * css/SelectorPseudoTypeMap.h: Change both parse functions to take StringView. Before one took a StringImpl and the other used const StringView&, which is not as good as StringView. * css/makeSelectorPseudoClassAndCompatibilityElementMap.py: Use StringView, not const StringView&. * css/makeSelectorPseudoElementsMap.py: Use StringView rather than StringImpl. * css/parser/CSSParserImpl.cpp: (WebCore::CSSParserImpl::parsePageSelector): Use a StringView for the pseudo-element name. It was already computed as a StringView, but the old code converted it to an AtomicString. * css/parser/CSSParserSelector.cpp: (WebCore::CSSParserSelector::parsePagePseudoSelector): Take a StringView, and return a std::unique_ptr. (WebCore::CSSParserSelector::parsePseudoElementSelector): Renamed to not mention StringView in function name. Take a StringView, not a StringView&. Do the lowercasing inside this function rather than having it be a caller responsibility. Don't convert from a StringView to an AtomicString before starting to parse; only do it in the "unknown/custom" case. Return a std::unique_ptr. (WebCore::CSSParserSelector::parsePseudoClassSelector): Ditto. * css/parser/CSSParserSelector.h: Make the three parse functions all take a StringView and all return a std::unique_ptr. They were already creating objects, but before callers just had to know to adopt. * css/parser/CSSSelectorParser.cpp: (WebCore::CSSSelectorParser::consumePseudo): Updated to use improved parse functions above. * page/DOMWindow.cpp: (WebCore::DOMWindow::getMatchedCSSRules const): Updated to use the new parsePseudoElementType above and use StringView::substring instead of String::substringSharingImpl. * platform/Length.cpp: (WebCore::newCoordsArray): Local string that is "spacified" can't have any non-Latin-1 characters, so use LChar instead of UChar. * rendering/RenderText.cpp: (WebCore::convertNoBreakSpaceToSpace): Renamed for clarity. Also use constexpr instead of inline since this is a pure function. (WebCore::capitalize): Tighten up logic a bit. 2019-06-29 Simon Fraser <simon.fraser@apple.com> Remove a PLATFORM(IOS_FAMILY) related to repaint offsets in composited scrolling layers https://bugs.webkit.org/show_bug.cgi?id=199342 Reviewed by Zalan Bujtas. Code in RenderObject::shouldApplyCompositedContainerScrollsForRepaint() adds VisibleRectContextOption::ApplyCompositedContainerScrolls only for iOS, and RenderLayerBacking::setContentsNeedDisplayInRect() subtracts out scroll position for only iOS, so remove this iOS-specific code. Blame for this code mentions touch event regions, so I tested these but they use absoluteBoundingBoxRect() which doesn't hit this code. Still, I added a layout test for touch regions inside scrolled overflow. Existing tests exist for repaint inside scrolled overflow. Test: fast/events/touch/ios/touch-event-regions/scrolled-overflow.html * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::setContentsNeedDisplayInRect): * rendering/RenderObject.cpp: (WebCore::RenderObject::shouldApplyCompositedContainerScrollsForRepaint): Deleted. (WebCore::RenderObject::visibleRectContextForRepaint): Deleted. * rendering/RenderObject.h: (WebCore::RenderObject::visibleRectContextForRepaint): 2019-06-28 Tim Horton <timothy_horton@apple.com> iOS WebKit2 find-in-page indicator doesn't move with 'overflow: scroll' https://bugs.webkit.org/show_bug.cgi?id=175032 <rdar://problem/29346482> Reviewed by Wenson Hsieh. * editing/FrameSelection.cpp: (WebCore::FrameSelection::selectionBounds const): (WebCore::FrameSelection::revealSelection): * editing/FrameSelection.h: Make selectionBounds' clipToVisibleContent param an enum class. * page/TextIndicator.cpp: (WebCore::initializeIndicator): Save the un-clipped selection rect; otherwise we'll frequently save 0, 0 here when finding a match that is off-screen. 2019-06-28 Zalan Bujtas <zalan@apple.com> [Text autosizing][iPadOS] bing.com is hard to read even with boosted text because of the line height https://bugs.webkit.org/show_bug.cgi?id=199318 <rdar://problem/51826096> Reviewed by Wenson Hsieh. Initial implementation of line height boosting on iPadOs. It enlarges line height in certain cases to improve readability when the text content feels too dense. It kicks in only for relatively small text (12px) where it slightly (1.25x) changes the line height to widen the gap between lines. * css/StyleResolver.cpp: (WebCore::StyleResolver::adjustRenderStyleForTextAutosizing): 2019-06-28 Alex Christensen <achristensen@webkit.org> Make getHostnamesWithCookies more robust https://bugs.webkit.org/show_bug.cgi?id=199334 <rdar://problem/51860593> Reviewed by Brent Fulgham. Crash logs suggest either httpCookies is returning a nil cookie or a cookie without a domain. This should not happen, but if it does we shouldn't crash. * platform/network/cocoa/NetworkStorageSessionCocoa.mm: (WebCore::NetworkStorageSession::getHostnamesWithCookies): 2019-06-28 chris fleizach <cfleizach@apple.com> AX: Both convertToNSArray() functions in WebAccessibilityObjectWrapperBase.mm leak every NSMutableArray returned https://bugs.webkit.org/show_bug.cgi?id=199306 Reviewed by David Kilzer. Stop leaking every instance of convertToNSArray and return an autoreleased version. Remove unneeded casts. * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper accessibilityFindMatchingObjects:]): * accessibility/mac/WebAccessibilityObjectWrapperBase.h: * accessibility/mac/WebAccessibilityObjectWrapperBase.mm: (convertToNSArray): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper childrenVectorArray]): (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]): (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]): 2019-06-28 Wenson Hsieh <wenson_hsieh@apple.com> Followup to r246931 https://bugs.webkit.org/show_bug.cgi?id=199331 Reviewed by Tim Horton. Extend the site-specific quirk added in r246931 to *.sharepoint.com, so that it fixes Word for enterprise customers as well. * page/Quirks.cpp: (WebCore::Quirks::shouldAvoidResizingWhenInputViewBoundsChange const): 2019-06-28 Timothy Hatcher <timothy@apple.com> Rename effectiveAppearanceIsInactive and useInactiveAppearance to better match UIUserInterfaceLevel. https://bugs.webkit.org/show_bug.cgi?id=199336 rdar://problem/52348938 Reviewed by Tim Horton. * css/StyleColor.h: * dom/Document.cpp: (WebCore::Document::useElevatedUserInterfaceLevel const): (WebCore::Document::styleColorOptions const): (WebCore::Document::useInactiveAppearance const): Deleted. * dom/Document.h: * page/Page.cpp: (WebCore::Page::effectiveAppearanceDidChange): * page/Page.h: (WebCore::Page::useElevatedUserInterfaceLevel const): (WebCore::Page::useInactiveAppearance const): Deleted. * platform/ios/LocalCurrentTraitCollection.h: (WebCore::LocalCurrentTraitCollection::usingElevatedUserInterfaceLevel const): (WebCore::LocalCurrentTraitCollection::usingBaseLevelAppearance const): Deleted. * platform/ios/LocalCurrentTraitCollection.mm: (WebCore::LocalCurrentTraitCollection::LocalCurrentTraitCollection): * rendering/RenderThemeIOS.mm: (WebCore::RenderThemeIOS::systemColor const): * testing/InternalSettings.cpp: (WebCore::InternalSettings::setUseDarkAppearanceInternal): 2019-06-28 Simon Fraser <simon.fraser@apple.com> REGRESSION (r239984): pages with custom scrollbars also show normal scrollbars https://bugs.webkit.org/show_bug.cgi?id=199321 <rdar://problem/52308095> Reviewed by Timothy Hatcher. Revert the part of r239984 that made isCustomScrollbar() virtual, since theme().registerScrollbar() calls it from the base class constructor. I wasn't able to make a test that tests rendering of overlay scrollbars (webkit.org/b/199323). * platform/Scrollbar.cpp: (WebCore::Scrollbar::Scrollbar): * platform/Scrollbar.h: (WebCore::Scrollbar::isCustomScrollbar const): * rendering/RenderScrollbar.cpp: (WebCore::RenderScrollbar::RenderScrollbar): * rendering/RenderScrollbar.h: 2019-06-28 Wenson Hsieh <wenson_hsieh@apple.com> Need a way for SPI clients to know when to avoid resizing to accommodate for the input view bounds https://bugs.webkit.org/show_bug.cgi?id=199331 <rdar://problem/52116170> Reviewed by Tim Horton. Add a new quirk to avoid resizing the web view when input view bounds change. * page/Quirks.cpp: (WebCore::Quirks::shouldAvoidResizingWhenInputViewBoundsChange const): * page/Quirks.h: 2019-06-28 Konstantin Tokarev <annulen@yandex.ru> Remove traces of ENABLE_ICONDATABASE remaining after its removal in 219733 https://bugs.webkit.org/show_bug.cgi?id=199317 Reviewed by Michael Catanzaro. While IconDatabase and all code using it was removed, ENABLE_ICONDATABASE still exists as build option and C++ macro. * Configurations/FeatureDefines.xcconfig: * Resources/urlIcon.png: Removed file which was only used in IconDatabase.cpp. 2019-06-28 Fujii Hironori <Hironori.Fujii@sony.com> [Win] unresolved external symbol "JSC::JSObject::didBecomePrototype(void)" referenced in function "JSC::Structure::create(...)" https://bugs.webkit.org/show_bug.cgi?id=199312 Reviewed by Keith Miller. WinCairo port, clang-cl Release builds reported a following linkage error: > WebCore.lib(UnifiedSource-4babe430-10.cpp.obj) : error LNK2019: unresolved external symbol "public: void __cdecl JSC::JSObject::didBecomePrototype(void)" (?didBecomePrototype@JSObject@JSC@@QEAAXXZ) referenced in function "public: static class JSC::Structure * __cdecl JSC::Structure::create(class JSC::VM &,class JSC::JSGlobalObject *,class JSC::JSValue,class JSC::TypeInfo const &,struct JSC::ClassInfo const *,unsigned char,unsigned int)" (?create@Structure@JSC@@SAPEAV12@AEAVVM@2@PEAVJSGlobalObject@2@VJSValue@2@AEBVTypeInfo@2@PEBUClassInfo@2@EI@Z) No new tests because there is no behavior change. * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp: Include <JavaScriptCore/JSCInlines.h>, and do not include headers which is included by it. 2019-06-27 Zalan Bujtas <zalan@apple.com> REGRESSION(r244633): e-mail with "height: 100%" causes unstable layout. https://bugs.webkit.org/show_bug.cgi?id=199303 <rdar://problem/51340927> Reviewed by Tim Horton. This patch restores the previous behavior (pre r244633) where we intentionally reported stale content size value to avoid unstable layout for content like height: 100px. * page/FrameView.cpp: (WebCore::FrameView::autoSizeIfEnabled): 2019-06-27 Fujii Hironori <Hironori.Fujii@sony.com> [WinCairo][MediaFoundation] Stop using soft linking for Media Foundation https://bugs.webkit.org/show_bug.cgi?id=198783 <rdar://problem/52301843> Unreviewed compilation warning fix. clang-cl reports: ..\..\Source\WebCore\platform\graphics\win\MediaPlayerPrivateMediaFoundation.cpp(526,10): warning: address of function 'MFCreateTopology' will always evaluate to 'true' [-Wpointer-bool-conversion] if (!MFCreateTopology) ~^~~~~~~~~~~~~~~~ * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp: (WebCore::MediaPlayerPrivateMediaFoundation::createTopologyFromSource): Removed the pointer check of MFCreateTopology. 2019-06-27 Fujii Hironori <Hironori.Fujii@sony.com> [WinCairo][MediaFoundation] Stop using soft linking for Media Foundation https://bugs.webkit.org/show_bug.cgi?id=198783 Reviewed by Alex Christensen. WinCairo is supporting Windows 7 or newer. It doesn't need soft linking anymore. No new tests because there is no behavior change. * PlatformWinCairo.cmake: Added libraries to WebCore_LIBRARIES. * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp: (WebCore::mimeTypeCache): (WebCore::MediaPlayerPrivateMediaFoundation::setRate): (WebCore::MediaPlayerPrivateMediaFoundation::setAllChannelVolumes): (WebCore::MediaPlayerPrivateMediaFoundation::createSession): (WebCore::MediaPlayerPrivateMediaFoundation::endSession): (WebCore::MediaPlayerPrivateMediaFoundation::startCreateMediaSource): (WebCore::MediaPlayerPrivateMediaFoundation::createTopologyFromSource): (WebCore::MediaPlayerPrivateMediaFoundation::createOutputNode): (WebCore::MediaPlayerPrivateMediaFoundation::createSourceStreamNode): (WebCore::MediaPlayerPrivateMediaFoundation::updateReadyState): (WebCore::MediaPlayerPrivateMediaFoundation::videoDisplay): (WebCore::MediaPlayerPrivateMediaFoundation::CustomVideoPresenter::createOptimalVideoType): (WebCore::MediaPlayerPrivateMediaFoundation::VideoScheduler::setFrameRate): (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::presentSample): (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::initializeD3D): (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::createD3DSample): 2019-06-27 Basuke Suzuki <Basuke.Suzuki@sony.com> Fix build error on WebCore when disabling ENABLE_INDEXED_DATABASE. https://bugs.webkit.org/show_bug.cgi?id=199286 Unreviewed build fix. * testing/Internals.cpp: Make method conditional. * testing/Internals.h: Ditto. * testing/Internals.idl: Ditto. 2019-06-27 Simon Fraser <simon.fraser@apple.com> Fix crash in ScrollingStateNode::insertChild() https://bugs.webkit.org/show_bug.cgi?id=199297 rdar://problem/49415136 Reviewed by Tim Horton. Crash data suggest that 'parent' can be deleted in ScrollingStateTree::insertNode(). To avoid this, have ScrollingStateTree::m_stateNodeMap store RefPts, and do the same for ScrollingTree::m_nodeMap. * page/scrolling/ScrollingStateNode.cpp: (WebCore::ScrollingStateNode::ScrollingStateNode): The relaxAdoptionRequirement() is required to avoid ASSERT(!m_adoptionIsRequired) when the node is added to the tree in its constructor. * page/scrolling/ScrollingStateTree.cpp: (WebCore::ScrollingStateTree::unparentNode): (WebCore::ScrollingStateTree::unparentChildrenAndDestroyNode): (WebCore::ScrollingStateTree::detachAndDestroySubtree): (WebCore::ScrollingStateTree::stateNodeForID const): * page/scrolling/ScrollingStateTree.h: * page/scrolling/ScrollingTree.cpp: (WebCore::ScrollingTree::updateTreeFromStateNode): * page/scrolling/ScrollingTree.h: 2019-06-27 Simon Fraser <simon.fraser@apple.com> REGRESSION (r246869): ASSERTION FAILED: !renderer().hasRepaintLayoutRects() || renderer().repaintLayoutRects().m_repaintRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint()) https://bugs.webkit.org/show_bug.cgi?id=199274 Reviewed by Zalan Bujtas. When layer backing sharing changes, we need to clear cached repaint rects, since they painting root changes. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::setBackingProviderLayer): 2019-06-27 Beth Dakin <bdakin@apple.com> Upstream use of MACCATALYST https://bugs.webkit.org/show_bug.cgi?id=199245 rdar://problem/51687723 Reviewed by Tim Horton. * Configurations/Base.xcconfig: * Configurations/FeatureDefines.xcconfig: * Configurations/SDKVariant.xcconfig: * Configurations/WebCore.xcconfig: * Modules/geolocation/ios/GeolocationPositionIOS.mm: (WebCore::GeolocationPosition::GeolocationPosition): * editing/cocoa/DictionaryLookup.mm: (-[WebRevealHighlight drawHighlightContentForItem:context:]): (WebCore::showPopupOrCreateAnimationController): * editing/cocoa/WebContentReaderCocoa.mm: * page/Navigator.h: * page/SettingsBase.cpp: (WebCore::SettingsBase::defaultContentChangeObserverEnabled): * page/cocoa/MemoryReleaseCocoa.mm: (WebCore::platformReleaseMemory): * platform/audio/ios/AudioSessionIOS.mm: (WebCore::AudioSession::setCategory): (WebCore::AudioSession::routingContextUID const): * platform/cocoa/ParentalControlsContentFilter.mm: (WebCore::canHandleResponse): * platform/graphics/avfoundation/objc/AVAssetMIMETypeCache.mm: (WebCore::AVAssetMIMETypeCache::isAvailable const): * platform/graphics/avfoundation/objc/AVStreamDataParserMIMETypeCache.mm: (WebCore::AVStreamDataParserMIMETypeCache::isAvailable const): * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer): (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldDisableSleep): * platform/graphics/cv/ImageTransferSessionVT.h: * platform/graphics/cv/ImageTransferSessionVT.mm: (WebCore::cvPixelFormatOpenGLKey): (WebCore::ImageTransferSessionVT::ImageTransferSessionVT): * platform/ios/PasteboardIOS.mm: (WebCore::Pasteboard::readPasteboardWebContentDataForType): (WebCore::Pasteboard::supportedWebContentPasteboardTypes): * platform/ios/PlatformPasteboardIOS.mm: (WebCore::registerItemToPasteboard): (WebCore::PlatformPasteboard::write): * platform/ios/VideoFullscreenInterfaceAVKit.mm: (-[WebAVPlayerLayer setVideoGravity:]): * platform/ios/WebItemProviderPasteboard.mm: (-[WebItemProviderRegistrationInfoList itemProvider]): (-[WebItemProviderLoadResult canBeRepresentedAsFileUpload]): (-[WebItemProviderPasteboard numberOfFiles]): * platform/network/cf/CertificateInfoCFNet.cpp: (WebCore::CertificateInfo::summaryInfo const): 2019-06-27 Brent Fulgham <bfulgham@apple.com> Correct document lifecycle while processing commands https://bugs.webkit.org/show_bug.cgi?id=199146 <rdar://problem/52047462> Reviewed by Darin Adler. Protect the document while commands are being processed since script may run during the style resolution. We should protect against this. * dom/Document.cpp: (WebCore::command): 2019-06-27 Jon Davis <jond@apple.com> Add status for Web Bluetooth Scanning standards specification. https://bugs.webkit.org/show_bug.cgi?id=199235 Reviewed by Joseph Pecoraro. * features.json: 2019-06-27 Saam Barati <sbarati@apple.com> Make WEBGPU enabled only on Mojave and later. Rubber-stamped by Myles C. Maxfield. We're going to look into re-enabling it on High Sierra in: https://bugs.webkit.org/show_bug.cgi?id=199275 * Configurations/FeatureDefines.xcconfig: 2019-06-27 Antti Koivisto <antti@apple.com> REGRESSION (touch-action): Can't scroll vertically when touching a horizontally-scrollable element on instagram.com https://bugs.webkit.org/show_bug.cgi?id=199268 <rdar://problem/52246473> Reviewed by Antoine Quint. Test: pointerevents/ios/touch-action-region-manipulation.html Having a restrictive touch-action value like 'pan-y' on on element and then having a descendant with 'touch-action: manipulation' computes to 'none'. * css/StyleResolver.cpp: (WebCore::computeEffectiveTouchActions): For value 'manipulation' return the current effective value, similar to the reverse case above. Set intersection should only be computed out of restrictive values (pan-x/pan-y/pinch-zoom/none). 2019-06-27 Carlos Garcia Campos <cgarcia@igalia.com> [SOUP] Use libsoup WebSockets API https://bugs.webkit.org/show_bug.cgi?id=199151 Reviewed by Michael Catanzaro. Use createWebSocketChannel() from the provider also for libsoup when WEBKIT_USE_SOUP_WEBSOCKETS env var is set. * Modules/websockets/ThreadableWebSocketChannel.cpp: (WebCore::ThreadableWebSocketChannel::create): 2019-06-27 Devin Rousso <drousso@apple.com> Web Inspector: throw an error if console.count/console.countReset is called with an object that throws an error from toString https://bugs.webkit.org/show_bug.cgi?id=199252 Reviewed by Joseph Pecoraro. Parse the arguments passed to `console.count` and `console.countReset` before sending it to the `ConsoleClient` so that an error can be thrown if the first argument doesn't `toString` nicely (e.g. without throwing an error). Generate call stacks for `console.countReset` to match other `console` methods. Also do this for `console.time`, `console.timeLog`, and `console.timeEnd`. Limit the call stack to only have the top frame, so no unnecessary/extra data is sent to the frontend (right now, only the call location is displayed). Rename `title` to `label` for `console.time`, `console.timeLog`, and `console.timeEnd` to better match the spec. Updated existing LayoutTests: - inspector/console/console-count.html - inspector/console/console-api.html Also covered by existing WPT tests. * inspector/InspectorInstrumentation.h: (WebCore::InspectorInstrumentation::consoleCount): (WebCore::InspectorInstrumentation::consoleCountReset): (WebCore::InspectorInstrumentation::startConsoleTiming): (WebCore::InspectorInstrumentation::logConsoleTiming): (WebCore::InspectorInstrumentation::stopConsoleTiming): * inspector/InspectorInstrumentation.cpp: (WebCore::InspectorInstrumentation::consoleCountImpl): (WebCore::InspectorInstrumentation::consoleCountResetImpl): (WebCore::InspectorInstrumentation::startConsoleTimingImpl): (WebCore::InspectorInstrumentation::logConsoleTimingImpl): (WebCore::InspectorInstrumentation::stopConsoleTimingImpl): * page/PageConsoleClient.h: * page/PageConsoleClient.cpp: (WebCore::PageConsoleClient::count): (WebCore::PageConsoleClient::countReset): (WebCore::PageConsoleClient::time): (WebCore::PageConsoleClient::timeLog): (WebCore::PageConsoleClient::timeEnd): * workers/WorkerConsoleClient.h: * workers/WorkerConsoleClient.cpp: (WebCore::WorkerConsoleClient::count): (WebCore::WorkerConsoleClient::countReset): (WebCore::WorkerConsoleClient::time): (WebCore::WorkerConsoleClient::timeLog): (WebCore::WorkerConsoleClient::timeEnd): * worklets/WorkletConsoleClient.h: * worklets/WorkletConsoleClient.cpp: (WebCore::WorkletConsoleClient::count): (WebCore::WorkletConsoleClient::countReset): 2019-06-27 Saam Barati <sbarati@apple.com> [WHLSL] Implement arrays and MakeArrayReference https://bugs.webkit.org/show_bug.cgi?id=198414 Reviewed by Myles C. Maxfield. This patch implements WHLSL arrays. The main implementation detail is that arrays get compiled to use Metal's array type. To make everything work, this patch also fixes a few bugs: - The checker now allows "operator.length" to be called on arrays. Prior to this patch, it was just allowed on array references. - The preserve variable lifetimes pass now looks at MakeArrayReference nodes. Prior to this patch, it just looked at MakePointerExpression. - We were producing the wrong type for ander arguments for indexed accesses on array types. We were saying the argument that was produced was a reference to an array instead of an array reference to the element type. - The trie we compose for the reverse type hierarchy was inserting elements into the wrong "children" vector. We were always inserting things into the top level vector. This is wrong when we have a nesting of types > 1. I also found a bug with having arrays of pointers when writing this patch. Work on this will take place in a follow up: https://bugs.webkit.org/show_bug.cgi?id=199197 Tests: webgpu/whlsl-huge-array.html webgpu/whlsl-make-array-reference.html webgpu/whlsl-simple-arrays.html webgpu/whlsl-two-dimensional-array.html * Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp: (WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit): * Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp: (WebCore::WHLSL::Metal::writeNativeFunction): * Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.cpp: (WebCore::WHLSL::Metal::TypeNamer::insert): (WebCore::WHLSL::Metal::TypeNamer::emitUnnamedTypeDefinition): * Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.h: * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::resolveByInstantiation): (WebCore::WHLSL::Checker::visit): * Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp: (WebCore::WHLSL::EscapedVariableCollector::escapeVariableUse): * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: (WebCore::WHLSL::wrapAnderCallArgument): (WebCore::WHLSL::anderCallArgument): * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: 2019-06-27 Fujii Hironori <Hironori.Fujii@sony.com> [CMake] Bump cmake_minimum_required version to 3.10 https://bugs.webkit.org/show_bug.cgi?id=199181 Reviewed by Don Olmstead. No new tests because there is no behavior change. * CMakeLists.txt: 2019-06-26 Simon Fraser <simon.fraser@apple.com> [Async overflow scrolling] Fix missing or misplaced content inside overflow:scroll https://bugs.webkit.org/show_bug.cgi?id=199253 rdar://problem/51855156, rdar://problem/51934514 Reviewed by Zalan Bujtas. This patch fixes a couple of related issues triggered by failing to composite layers inside non-stacking-context overflow scroll. First, we relied on overlap testing to composite position:relative layers inside overflow:scroll, but this only worked when they came later in z-order, so didn't work for layers with negative z-index. RenderLayerCompositor::requiresCompositingForIndirectReason() was intended to trigger compositing in such cases, but it only did so for position:absolute inside stacking-context scroller, because isNonScrolledLayerInsideScrolledCompositedAncestor() tested ancestorMovedByScroller && !layerMovedByScroller. I fixed this by sharing code between the three places that ask whether compositing crosses a containing-block boundary to call a single function, RenderLayerCompositor::layerScrollBehahaviorRelativeToCompositedAncestor(), that returns a ScrollPositioningBehavior. We now do compositing for both "moves" and "stationary" behaviors (but not "none"), ensuring that position:relative inside non-stacking scroller is always composited. However, this would trigger compositing on layers that should be using backing sharing; if they were outside the visible part of the scroller, the overlap code would not trigger, but the "IndirectCompositingReason::OverflowScrollPositioning" code would. This is undesirable; any layer that can use backing sharing should, because that's fewer composited layers, so smaller layer trees and less backing store. To fix this, I moved the backing-sharing check before the overlap check in RenderLayerCompositor::computeCompositingRequirements(). The "layer.setHasCompositingDescendant(currentState.subtreeIsCompositing)" line was in the wrong place, triggering assertions on some content; "subtreeIsCompositing" only refers to child layers, so this bit needs to be set right after we've traversed the z-order lists. Tests: compositing/scrolling/async-overflow-scrolling/hidden-relative-layer-content-in-scroller.html compositing/scrolling/async-overflow-scrolling/layer-for-negative-z-in-scroller.html compositing/scrolling/async-overflow-scrolling/negative-z-in-scroller.html * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::computeCompositingRequirements): (WebCore::RenderLayerCompositor::traverseUnchangedSubtree): (WebCore::RenderLayerCompositor::requiresCompositingForIndirectReason const): (WebCore::isScrolledByOverflowScrollLayer): (WebCore::enclosingCompositedScrollingLayer): (WebCore::RenderLayerCompositor::layerScrollBehahaviorRelativeToCompositedAncestor): (WebCore::RenderLayerCompositor::computeCoordinatedPositioningForLayer const): (WebCore::isNonScrolledLayerInsideScrolledCompositedAncestor): Deleted. (WebCore::RenderLayerCompositor::layerContainingBlockCrossesCoordinatedScrollingBoundary): Deleted. * rendering/RenderLayerCompositor.h: 2019-06-26 Ryosuke Niwa <rniwa@webkit.org> ReplacementFragment should not have script observable side effects https://bugs.webkit.org/show_bug.cgi?id=199147 Reviewed by Wenson Hsieh. Fixed the bug that ReplacementFragment has script observable side effects. Use a brand new document for sanitization where the script is disabled for test rendering, and remove style and script elements as well as event handlers before the test rendering and the actual pasting. Test: editing/pasteboard/paste-contents-with-side-effects.html * editing/ReplaceSelectionCommand.cpp: (WebCore::ReplacementFragment::document): Deleted. (WebCore::ReplacementFragment::ReplacementFragment): Use createPageForSanitizingWebContent to create our own document for test rendering. We need to copy over the computed style from the root editable element (editing host) to respect whitespace treatment, etc... (WebCore::ReplacementFragment::removeContentsWithSideEffects): Moved from removeHeadContents. Now removes event handlers and JavaScript URLs. (WebCore::ReplacementFragment::insertFragmentForTestRendering): Renamed variable names. (WebCore::ReplaceSelectionCommand::willApplyCommand): Create the plain text and HTML markup for beforeinput and input events before ReplacementFragment removes contents with side effects. (WebCore::ReplaceSelectionCommand::ensureReplacementFragment): The removal of head elements is now done in ReplacementFragment's constructor. 2019-06-26 Andy Estes <aestes@apple.com> [Payment Request] Set state to Closed when show() is called during an active session https://bugs.webkit.org/show_bug.cgi?id=199239 Reviewed by Alex Christensen. According to step 7 of https://w3c.github.io/payment-request/#show-method (as of 26 June 2019), when another payment request is showing, calling show() should set the [[state]] internal slot to Closed in addition to rejecting the show promise with an AbortError. WebKit was only doing the latter. Let's do both. Test: http/tests/paymentrequest/payment-is-showing.https.html * Modules/paymentrequest/PaymentRequest.cpp: (WebCore::PaymentRequest::show): 2019-06-26 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Implement console.countReset https://bugs.webkit.org/show_bug.cgi?id=199200 Reviewed by Devin Rousso. Updated existing tests. * inspector/InspectorInstrumentation.cpp: (WebCore::InspectorInstrumentation::consoleCountImpl): (WebCore::InspectorInstrumentation::consoleCountResetImpl): * inspector/InspectorInstrumentation.h: (WebCore::InspectorInstrumentation::consoleCountReset): * page/PageConsoleClient.cpp: (WebCore::PageConsoleClient::countReset): * page/PageConsoleClient.h: * workers/WorkerConsoleClient.cpp: (WebCore::WorkerConsoleClient::countReset): * workers/WorkerConsoleClient.h: * worklets/WorkletConsoleClient.cpp: (WebCore::WorkletConsoleClient::countReset): * worklets/WorkletConsoleClient.h: 2019-06-26 Antoine Quint <graouts@apple.com> [Pointer Events] Respect pointer capture when dispatching mouse boundary events and updating :hover https://bugs.webkit.org/show_bug.cgi?id=198999 <rdar://problem/51979477> Reviewed by Dean Jackson. Make sure we don't return early prior to setting the flag that prevents re-entrancy, or else we would never enter this function again. No new tests, this was caught because Pointer Events WPT tests on iOS tests regressed. * page/PointerCaptureController.cpp: (WebCore::PointerCaptureController::processPendingPointerCapture): 2019-06-26 Myles C. Maxfield <mmaxfield@apple.com> REGRESSION: ( r246394 ) webgpu/whlsl-buffer-fragment.html and webgpu/whlsl-buffer-vertex.html are failing https://bugs.webkit.org/show_bug.cgi?id=199012 Reviewed by Saam Barati. * platform/graphics/gpu/cocoa/GPUDeviceMetal.mm: (WebCore::isAcceptableDevice): (WebCore::GPUDevice::tryCreate): 2019-06-26 Simon Fraser <simon.fraser@apple.com> Incorrect clippping with overflow:scroll inside oveflow:hidden with border-radius https://bugs.webkit.org/show_bug.cgi?id=199135 rdar://problem/51882383 Reviewed by Zalan Bujtas. In some cases the geometry of the shape mask layer added to m_childContainmentLayer, for border-radius, was incorrect. GraphicsLayerCA::updateClippingStrategy() treated the rounded rect as if it were in renderer coordinates, but to match the other geometry on GraphicsLayer, it should in GraphicsLayer coordinates, so we need to offset by clipLayer->offsetFromRenderer(). In addition, RenderLayerBacking::updateChildClippingStrategy() is called from the updateConfiguration(), which is before we've set offsetFromRenderer() on the clipLayer. This first call is really to find out whether the platform supports this rounded rect as a shape mask. So we need to call setMasksToBoundsRect() a second time in RenderLayerBacking::updateGeometry() after clipLayers's offsetFromRenderer() has been computed. Test: compositing/scrolling/async-overflow-scrolling/border-radius-on-scroll-container.html * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::updateClippingStrategy): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): (WebCore::RenderLayerBacking::updateDescendantClippingLayer): (WebCore::RenderLayerBacking::updateChildClippingStrategy): 2019-06-26 Antoine Quint <graouts@apple.com> [Pointer Events] Respect pointer capture when dispatching mouse boundary events and updating :hover https://bugs.webkit.org/show_bug.cgi?id=198999 <rdar://problem/51979477> Reviewed by Dean Jackson. Up until now, we would not account for pointer capture (see https://w3c.github.io/pointerevents/#pointer-capture) when dispatching mouse boundary events (mouseover, mouseout, mouseenter, mouseleave) and their counterpart pointer events. We would also not account for it when updating :hover styles. Now, when pointer capture changes for an element, we call setCapturingMouseEventsElement() on the EventHandler such that the element that would naturally hit-test is overridden by the pointer capture element when identifying which target to use for the dispatch of boundary mouse events. Additionally, when calling Document::prepareMouseEvent(), we also use the pointer capture element to pass down to Document::updateHoverActiveState() such that :hover styles are applied to the correct element. * dom/Document.cpp: (WebCore::Document::prepareMouseEvent): When a new event is going to be dispatched, we must run the Process Pending Capture Element steps as mandated by the Pointer Events spec. Calling this will dispatch the appropriate pointer capture change events and also required boundary events since EventHandler::setCapturingMouseEventsElement() calls into EventHandler::updateMouseEventTargetNode(). Since this may update the capturing mouse events element, we ensure that we call updateHoverActiveState() with a flag that indicates that. Finally, we use the capturing mouse events element instead of the hit-testing element to pass to updateHoverActiveState() to ensure that is has :hover styles applied. (WebCore::Document::updateHoverActiveState): Account for the new CaptureChange flag to force the invalidation of the :hover and :active elements chain at all times when the capturing mouse events element changed. * dom/Document.h: * dom/PointerEvent.h: Update PointerEvent::createForPointerCapture() to take specific parameters rather than a single PointerEvent to set the pointerId, isPrimary and pointerType properties of the generated event. This is required to call processPendingPointerCapture() outside of PointerEvent dispatch logic since we now call it from Document::prepareMouseEvent() where we haven't yet generated such an event. * page/EventHandler.cpp: (WebCore::EventHandler::pointerCaptureElementDidChange): When a new pointer capture element is set, call updateMouseEventTargetNode() to ensure that boundary events are fired to indicate the pointer capture state change. (WebCore::EventHandler::prepareMouseEvent): Keep track of the last PlatformMouseEvent used to prepare a mouse event so that we can use it when setCapturingMouseEventsElement() is called. * page/EventHandler.h: * page/PointerCaptureController.cpp: (WebCore::PointerCaptureController::pointerCaptureElement): Since Document::prepareMouseEvent() needs to know the current pointer capture element, add a new public method that indicates the pointer capture element if that element is contained in the provided document. We need to provide the document since PointerCaptureController is owned by the Page and may manage several documents. (WebCore::PointerCaptureController::dispatchEvent): Only run the Process Pending Capture Element steps when dealing with a touch or pen event since those steps are already ran for mouse events in Document::prepareMouseEvent(). Additionally, since the element target is already set to be the pointer capture element with the changes made to processPendingPointerCapture(), and because on iOS pointer capture is always active, we can remove the code that would retarget the event to the pointer capture element. (WebCore::PointerCaptureController::pointerEventWasDispatched): (WebCore::PointerCaptureController::cancelPointer): (WebCore::PointerCaptureController::processPendingPointerCapture): We now call into EventHandler::setCapturingMouseEventsElement() when the capture target element changes. We must be careful to call this method prior to dispatching the "gotpointercapture" event and after dispatching the "lostpointercapture" event so that boundary events are fired at the right time. * page/PointerCaptureController.h: 2019-06-25 Fujii Hironori <Hironori.Fujii@sony.com> [WinCairo] incorrect font height for 'Google Sans Display' font https://bugs.webkit.org/show_bug.cgi?id=198909 Reviewed by Frédéric Wang. r191893 changed to use OS/2 typo metrics, but its calculation wasn't correct. And, there is no reliable way to get OS/2 table by using Windows API. Revert the part of r191893 change at the moment. * platform/graphics/win/SimpleFontDataCairoWin.cpp: (WebCore::Font::platformInit): * platform/graphics/win/SimpleFontDataWin.cpp: (WebCore::Font::initGDIFont): Reverted the part of r191893 change, and added FIXME comments. 2019-06-25 Timothy Hatcher <timothy@apple.com> Clicking the up/down spin buttons for a number input increments/decrements by 2. https://bugs.webkit.org/show_bug.cgi?id=198809 Reviewed by Tim Horton. AppKit no longer registers NSScrollerButtonDelay and NSScrollerButtonPeriod in the base NSUserDefaults for an app. This caused our use to always get 0s when setting the click and hold timer, causing the value to increment quickly for a single press. * platform/mac/ScrollbarThemeMac.h: (WebCore::ScrollbarThemeMac::initialAutoscrollTimerDelay): Added. Hardcode 500ms. (WebCore::ScrollbarThemeMac::autoscrollTimerDelay): Added. Hardcode 50ms. * platform/mac/ScrollbarThemeMac.mm: (WebCore::ScrollbarThemeMac::preferencesChanged): Removed use of old user defaults. (WebCore::ScrollbarThemeMac::initialAutoscrollTimerDelay): Deleted. (WebCore::ScrollbarThemeMac::autoscrollTimerDelay): Deleted. 2019-06-25 Keith Miller <keith_miller@apple.com> Unreviewed, windows build fix. * bindings/js/JSDOMGlobalObject.h: 2019-06-25 Keith Miller <keith_miller@apple.com> Add didBecomePrototype() calls to global context prototypes https://bugs.webkit.org/show_bug.cgi?id=199202 Reviewed by Mark Lam. This fixes some crashes related to asserting that all prototypes have been marked as such in JSC from https://trac.webkit.org/changeset/246801. It's ok to call didBecomePrototype here as we setting up the world state right now so we won't be having a bad time. We don't automatically call didBecomePrototype() for setPrototypeWithoutTransition because existing objects may already have this structure so it seems more reasonable to be explicit there. * bindings/js/JSWindowProxy.cpp: (WebCore::JSWindowProxy::setWindow): * bindings/js/WorkerScriptController.cpp: (WebCore::WorkerScriptController::initScript): * worklets/WorkletScriptController.cpp: (WebCore::WorkletScriptController::initScriptWithSubclass): 2019-06-25 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Implement console.timeLog https://bugs.webkit.org/show_bug.cgi?id=199184 Reviewed by Devin Rousso. Updated existing tests. * inspector/InspectorInstrumentation.cpp: (WebCore::InspectorInstrumentation::logConsoleTimingImpl): * inspector/InspectorInstrumentation.h: (WebCore::InspectorInstrumentation::logConsoleTiming): * page/PageConsoleClient.cpp: (WebCore::PageConsoleClient::timeLog): * page/PageConsoleClient.h: * workers/WorkerConsoleClient.cpp: (WebCore::WorkerConsoleClient::timeLog): * workers/WorkerConsoleClient.h: * worklets/WorkletConsoleClient.cpp: (WebCore::WorkletConsoleClient::timeLog): * worklets/WorkletConsoleClient.h: 2019-06-25 Michael Catanzaro <mcatanzaro@igalia.com> Add user agent quirk for bankofamerica.com https://bugs.webkit.org/show_bug.cgi?id=199154 Reviewed by Carlos Garcia Campos. This suppresses an unsupported browser warning. * platform/UserAgentQuirks.cpp: (WebCore::urlRequiresMacintoshPlatform): 2019-06-25 Michael Catanzaro <mcatanzaro@igalia.com> Fully rename WebKitGTK+ -> WebKitGTK everywhere https://bugs.webkit.org/show_bug.cgi?id=199159 Reviewed by Carlos Garcia Campos. * accessibility/atk/WebKitAccessibleInterfaceText.cpp: (webkitAccessibleTextGetStringAtOffset): * platform/UserAgentQuirks.cpp: (WebCore::urlRequiresMacintoshPlatform): * platform/network/soup/NetworkStorageSessionSoup.cpp: (WebCore::NetworkStorageSession::saveCredentialToPersistentStorage): * rendering/RenderThemeGtk.cpp: (WebCore::RenderThemeGtk::adjustTextFieldStyle const): 2019-06-25 Rob Buis <rbuis@igalia.com> Introduce LinkLoadParameters https://bugs.webkit.org/show_bug.cgi?id=198960 Reviewed by Frédéric Wang. Avoid the long parameters lists in LinkLoader by moving them to LinkLoadParameters. No new tests because there is no behavior change. * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::process): * loader/LinkLoader.cpp: (WebCore::LinkLoader::loadLinksFromHeader): (WebCore::LinkLoader::preconnectIfNeeded): (WebCore::LinkLoader::preloadIfNeeded): (WebCore::LinkLoader::prefetchIfNeeded): (WebCore::LinkLoader::loadLink): * loader/LinkLoader.h: 2019-06-24 Wenson Hsieh <wenson_hsieh@apple.com> [Text autosizing] [iPadOS] Revise our heuristics to determine idempotent text autosizing candidates https://bugs.webkit.org/show_bug.cgi?id=198763 <rdar://problem/51826266> Reviewed by Simon Fraser. This patch adjusts existing text autosizing heuristics, based on a survey of text on websites in the Alexa top 500 that shrink down to fit the viewport when requesting the desktop version of the site. The new heuristic is derived from training decision trees against the dataset obtained from this survey, and balances false positives (cases where layout is broken due to autosizing) against overall accuracy (measured using cross-validation). See below for more details. Additionally, please refer to the link in the radar for more details, as well as resources used to generate, validate, and analyze these decision trees. Test: fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidates.html * css/StyleResolver.cpp: (WebCore::StyleResolver::adjustRenderStyleForTextAutosizing): * rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::isIdempotentTextAutosizingCandidate const): Rename AutosizeStatus::shouldSkipSubtree to RenderStyle::isIdempotentTextAutosizingCandidate. We relocate this logic to RenderStyle, such that we're able to ask the element's RenderStyle questions when determining whether the element should be autosized. Of course, this patch additionally revamps the heuristic used to determine whether it is safe to autosize an element. Our current heuristic in trunk simply checks for the presence of inline block display, out of flow positioning and a fixed height ancestor; if any of these conditions are satisfied, we opt the element out of text autosizing. This is an excellent strategy for boosting some runs of text while avoiding autosizing in the vast majority of cases where increasing font size may lead to layout breakage (e.g. overlapping or clipped text, content unexpectedly flowing to the next line, etc.). However, it also avoids boosting font sizes in many scenarios where boosting font sizes is desired; for concrete examples, see the (currently 24) radars about small font sizes that are duped to <rdar://problem/51826266>. To help analyze and identify trends in autosizable and non-autosizable text, we assembled a dataset of elements with text from the Alexa top 500 that either: (1) were too small and could be boosted safely, or (2) would break layout if boosted. With this labeled dataset, we then trained binary decision trees to classify the data. Each decision tree was trained with a number of hyperparameters: namely, maximum depth, minimum leaf size, and the amount of bias towards negative samples (i.e. the ratio of the weight of a non-autosizable sample relative to the weight of an autosizable sample). For each 3-tuple of these hyperparameters (800 in total: max depth between 3 and 10, min leaf size between 1 and 10 and bias between 1 and 10), for 5000 iterations each, we split the full dataset into a training dataset and a cross-validation dataset, trained a decision tree using the training set, and tested against the cross- validation set to compute average precision, recall, and overall accuracy for each tuple of hyperparameters. The decision tree introduced in this patch was generated using a hand-picked set of hyperparameters (max depth 10, min leaf size 4, and negative bias 2) to provide a balance between precision scores (limiting layout breakage) and recall score (ensuring that small text is mostly autosized), while optimizing for overall accuracy. Cross-validation scores predict that the overall accuracy of this classifier is approximately 70%, up from the current accuracy in trunk (~53%). * rendering/style/RenderStyle.h: Grow the width of `autosizeStatus` from 4 to 8 (notably, this does not increase the size of RenderStyle). * rendering/style/TextSizeAdjustment.cpp: (WebCore::AutosizeStatus::updateStatus): (WebCore::AutosizeStatus::shouldSkipSubtree const): Deleted. * rendering/style/TextSizeAdjustment.h: Introduce new text autosizing state flags, and remove some existing ones. 2019-06-24 Commit Queue <commit-queue@webkit.org> Unreviewed, rolling out r246714. https://bugs.webkit.org/show_bug.cgi?id=199179 revert to do patch in a different way. (Requested by keith_mi_ on #webkit). Reverted changeset: "All prototypes should call didBecomePrototype()" https://bugs.webkit.org/show_bug.cgi?id=196315 https://trac.webkit.org/changeset/246714 2019-06-24 Sihui Liu <sihui_liu@apple.com> REGRESSION (r244436): IndexedDB Uint8Array returned as ArrayBuffer https://bugs.webkit.org/show_bug.cgi?id=198738 <rdar://problem/51614053> Reviewed by Brady Eidson. In InexedDB, two binary keys are the same as long as their data is the same. Modified tests: storage/indexeddb/key-type-binary.html storage/indexeddb/key-type-binary-private.html * bindings/js/IDBBindingUtilities.cpp: (WebCore::injectIDBKeyIntoScriptValue): * bindings/js/SerializedScriptValue.cpp: (WebCore::CloneDeserializer::readArrayBufferView): 2019-06-24 Sihui Liu <sihui_liu@apple.com> Remove WebSQL quirk for nytimes.com https://bugs.webkit.org/show_bug.cgi?id=199175 Reviewed by Geoffrey Garen. Removed unused code. * bindings/scripts/CodeGeneratorJS.pm: (GenerateRuntimeEnableConditionalString): * bindings/scripts/IDLAttributes.json: * page/Quirks.cpp: (WebCore::Quirks::hasBrokenEncryptedMediaAPISupportQuirk const): (WebCore::Quirks::hasWebSQLSupportQuirk const): Deleted. * page/Quirks.h: 2019-06-24 Brady Eidson <beidson@apple.com> Null deref in WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad. <rdar://problem/51535942> and https://bugs.webkit.org/show_bug.cgi?id=199123 Reviewed by Andy Estes. * loader/FrameLoaderStateMachine.h: (WebCore::FrameLoaderStateMachine::stateForDebugging const): 2019-06-24 Simon Fraser <simon.fraser@apple.com> REGRESSION (r246725 ): Crashes on twitch.tv https://bugs.webkit.org/show_bug.cgi?id=199176 rdar://problem/52071249 Reviewed by Zalan Bujtas. With a composited negative z-index child inside a scroller, we can register the overflow scroll proxy node before we've traversed the overflow layer, so it that layer hasn't got its OverflowScrollingNode yet. Thus, AsyncScrollingCoordinator::setRelatedOverflowScrollingNodes() can be called with an empty vector. Avoid crashing when this happens. Test: scrollingcoordinator/scrolling-tree/scroller-with-negative-z-child.html * page/scrolling/AsyncScrollingCoordinator.cpp: (WebCore::AsyncScrollingCoordinator::setRelatedOverflowScrollingNodes): * page/scrolling/cocoa/ScrollingTreeOverflowScrollProxyNode.mm: (WebCore::ScrollingTreeOverflowScrollProxyNode::commitStateBeforeChildren): 2019-06-24 Chris Dumez <cdumez@apple.com> Pages using Google's anti-flicker optimization may take ~5 seconds to do initial paint https://bugs.webkit.org/show_bug.cgi?id=199173 <rdar://problem/45968770> Reviewed by Geoffrey Garen. Pages using Google's anti-flicker optimization [1] take ~5 seconds to do initial paint when analytics.js load is blocked by a content blocker. To address the issue, this patch introduces a quirk behind an experimental feature flag that calls window.dataLayer.hide.end() on the page when the load of https://www.google-analytics.com/analytics.js is blocked by a content blocker. Note that this is more robust than dropping the 'async-hide' class from document.documentElement since the class name is customizable by the caller. A message is logged in the console when the quirk causes window.dataLayer.hide.end() to get called early. [1] https://developers.google.com/optimize/ * contentextensions/ContentExtensionsBackend.cpp: (WebCore::ContentExtensions::ContentExtensionsBackend::processContentRuleListsForLoad): * page/Settings.yaml: 2019-06-24 John Wilander <wilander@apple.com> Remove IsITPFirstPartyWebsiteDataRemovalEnabled as runtime check https://bugs.webkit.org/show_bug.cgi?id=199164 <rdar://problem/52061147> Reviewed by Brent Fulgham. No new tests. Just a removal of a runtime feature check. The functionality already has a layout test. We've had this toggle as a safety thing since mid-March. No need for it any longer. * page/RuntimeEnabledFeatures.h: (WebCore::RuntimeEnabledFeatures::isITPDatabaseEnabled const): (WebCore::RuntimeEnabledFeatures::setIsITPFirstPartyWebsiteDataRemovalEnabled): Deleted. (WebCore::RuntimeEnabledFeatures::isITPFirstPartyWebsiteDataRemovalEnabled const): Deleted. 2019-06-24 Jer Noble <jer.noble@apple.com> iOS 12.2 Drawing portrait video to canvas is sideways https://bugs.webkit.org/show_bug.cgi?id=196772 <rdar://problem/49781802> Reviewed by Eric Carlson. Test: media/video-orientation-canvas.html Move rotation code into its own ImageRotationSessionVT class for re-use across all existing classes with rotation operations. Should slightly increase performance for painting rotated media files, as the rotation only occurs once per frame, rather than once per drawing operation. * WebCore.xcodeproj/project.pbxproj: * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.h: (WebCore::ImageDecoderAVFObjC::RotationProperties::isIdentity const): Deleted. * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.mm: (WebCore::ImageDecoderAVFObjC::readTrackMetadata): (WebCore::ImageDecoderAVFObjC::storeSampleBuffer): (WebCore::ImageDecoderAVFObjC::setTrack): (WebCore::transformToRotationProperties): Deleted. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateLastPixelBuffer): (WebCore::MediaPlayerPrivateAVFoundationObjC::paintWithVideoOutput): * platform/graphics/cv/ImageRotationSessionVT.h: Added. (WebCore::ImageRotationSessionVT::RotationProperties::isIdentity const): (WebCore::ImageRotationSessionVT::rotationProperties const): (WebCore::ImageRotationSessionVT::rotatedSize): * platform/graphics/cv/ImageRotationSessionVT.mm: Added. (WebCore::transformToRotationProperties): (WebCore::ImageRotationSessionVT::ImageRotationSessionVT): (WebCore::ImageRotationSessionVT::rotate): * platform/mediastream/mac/RealtimeOutgoingVideoSourceCocoa.cpp: * platform/mediastream/mac/RealtimeOutgoingVideoSourceCocoa.h: * platform/mediastream/mac/RealtimeOutgoingVideoSourceCocoa.mm: (WebCore::rotationToAngle): (WebCore::RealtimeOutgoingVideoSourceCocoa::rotatePixelBuffer): (WebCore::computeRotatedWidthAndHeight): Deleted. 2019-06-24 Zalan Bujtas <zalan@apple.com> [StyleResolver] Pass RenderStyle& instead of RenderStyle* to updateFont() related functions. https://bugs.webkit.org/show_bug.cgi?id=199167 <rdar://problem/52062669> Reviewed by Antti Koivisto. It is expected to have a valid RenderStyle object here (and existing code relies on it). * css/StyleResolver.cpp: (WebCore::checkForOrientationChange): (WebCore::StyleResolver::updateFont): (WebCore::StyleResolver::checkForTextSizeAdjust): (WebCore::StyleResolver::checkForZoomChange): (WebCore::StyleResolver::checkForGenericFamilyChange): * css/StyleResolver.h: 2019-06-24 Antoine Quint <graouts@apple.com> [Pointer Events WPT] Unskip imported/w3c/web-platform-tests/pointerevents/pointerevent_lostpointercapture_is_first.html https://bugs.webkit.org/show_bug.cgi?id=197005 Reviewed by Dean Jackson. We were calling processPendingPointerCapture() at the wrong time, calling in after dispatching a PointerEvent rather than before. We now do this correctly in the consolidated PointerCaptureController::dispatchEvent() method, which we call for dispatching all PointerEvents, save for gotpointercapture and lostpointercapture since these should not yield the processing of the pending pointer capture per the spec. This uncovered a couple of new issues. First, since we would now call processPendingPointerCapture() and dispatch a lostpointercapture event earlier, the alternative lostpointercapture dispatch when an element is removed (which is dispatched asynchronously on the document) would be dispatched *after* dispatching the event in processPendingPointerCapture(). We now check in processPendingPointerCapture() whether the event target is connected to fix this. This makes sure pointerevent_lostpointercapture_for_disconnected_node.html doesn't regress. Finally, we must also call processPendingPointerCapture() when implicitly releasing pointer capture during handling of a "pointerup" event. This ensures that pointerevent_releasepointercapture_invalid_pointerid.html doesn't regress. As a result of all these changes, we now pass imported/w3c/web-platform-tests/pointerevents/pointerevent_lostpointercapture_is_first.html reliably. * page/PointerCaptureController.cpp: (WebCore::PointerCaptureController::dispatchEventForTouchAtIndex): (WebCore::PointerCaptureController::dispatchEvent): We now more closely adhere to the spec when determining what the pointer capture target is by only checking for the target override. We can now do this safely since we call processPendingPointerCapture() before and not after event dispatch. (WebCore::PointerCaptureController::pointerEventWasDispatched): (WebCore::PointerCaptureController::processPendingPointerCapture): Cache the pending target override to make sure that dispatching a "gotpointercapture" or "lostpointercapture" event during this function does not alter it until the next call is made when the next event is dispatched. 2019-06-24 Greg Doolittle <gr3g@apple.com> Web Inspector: AXI: Audit: image label test is throwing spurious errors on elements with existing alt attr, but no value: <img alt> https://bugs.webkit.org/show_bug.cgi?id=194754 Reviewed by Chris Fleizach. Test: accessibility/img-alt-attribute-unassigned-value.html * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::computedRoleString const): 2019-06-24 Adrian Perez de Castro <aperez@igalia.com> [WPE][GTK] Fixes for compilation with unified builds disabled https://bugs.webkit.org/show_bug.cgi?id=199155 Reviewed by Michael Catanzaro. No new tests needed. * rendering/LayerAncestorClippingStack.h: Add missing inclusion of RenderLayer.h 2019-06-24 Michael Catanzaro <mcatanzaro@igalia.com> Add user agent quirk for Google Drive https://bugs.webkit.org/show_bug.cgi?id=199153 Reviewed by Carlos Garcia Campos. This suppresses an unsupported browser warning. * platform/UserAgentQuirks.cpp: (WebCore::urlRequiresMacintoshPlatform): (WebCore::urlRequiresLinuxDesktopPlatform): 2019-06-24 Charlie Turner <cturner@igalia.com> [GStreamer][MSE] Pausing video sometimes causes skip to finish https://bugs.webkit.org/show_bug.cgi?id=197355 Reviewed by Philippe Normand. Covered by existing tests. * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp: (WebCore::MediaPlayerPrivateGStreamerMSE::currentMediaTime const): Assuming that when m_eosPending is on and we're paused() that the network resource is fully loaded and the end is reached is clearly wrong. Whether this is now correct is unclear... 2019-06-24 Charlie Turner <cturner@igalia.com> [GStreamer] Volume level sometimes changes inappropriately https://bugs.webkit.org/show_bug.cgi?id=197358 Reviewed by Xabier Rodriguez-Calvar. Be consistent with our application of volume scaling. We were setting volumes using cubic interpolation in setVolume() and using the inverse in volume(); however setting initial volumes was done linearly in setStreamVolumeElement, which was causing strange jumps in the volume level at non-deterministic times. The fix looks to be that we should use linear interpolation consistently, since PulseAudio already applies cubic scaling to software volumes. Covered by existing tests. * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp: (WebCore::MediaPlayerPrivateGStreamer::paused const): Bump the logging here to LOG level, it's very spammy at DEBUG. * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp: (WebCore::MediaPlayerPrivateGStreamerBase::setVolume): Switch to linear interpolation. (WebCore::MediaPlayerPrivateGStreamerBase::volume const): Ditto. (WebCore::MediaPlayerPrivateGStreamerBase::notifyPlayerOfVolumeChange): Ditto. (WebCore::MediaPlayerPrivateGStreamerBase::setStreamVolumeElement): Ditto, and be consistent here with the API, do not set the raw volume managed by MediaElement. 2019-06-24 Antoine Quint <graouts@apple.com> [Pointer Events] Respect pointer capture when dispatching mouse boundary events and updating :hover https://bugs.webkit.org/show_bug.cgi?id=198999 <rdar://problem/51979477> Unreviewed. Rolling back all changes made for this bug (r246728 + r246716 + r246674) as it regressed one test (imported/w3c/web-platform-tests/pointerevents/pointerevent_mouse_pointercapture_in_frame.html). * dom/Document.cpp: (WebCore::Document::prepareMouseEvent): (WebCore::Document::updateHoverActiveState): * page/EventHandler.cpp: (WebCore::EventHandler::handleMousePressEvent): (WebCore::EventHandler::handleMouseMoveEvent): (WebCore::EventHandler::handleMouseReleaseEvent): (WebCore::EventHandler::setCapturingMouseEventsElement): * page/EventHandler.h: * page/PointerCaptureController.cpp: (WebCore::PointerCaptureController::releasePointerCapture): (WebCore::PointerCaptureController::hasPointerCapture): (WebCore::PointerCaptureController::dispatchEventForTouchAtIndex): (WebCore::PointerCaptureController::dispatchEvent): (WebCore::PointerCaptureController::processPendingPointerCapture): (WebCore::PointerCaptureController::pointerCaptureElement): Deleted. * page/PointerCaptureController.h: * rendering/HitTestRequest.h: (WebCore::HitTestRequest::includesAllElementsUnderPoint const): (WebCore::HitTestRequest::pointerCaptureElementChanged const): Deleted. 2019-06-23 Antoine Quint <graouts@apple.com> [Pointer Events] Respect pointer capture when dispatching mouse boundary events and updating :hover https://bugs.webkit.org/show_bug.cgi?id=198999 <rdar://problem/52005663> Reviewed by Dean Jackson. We should only set the mouse events capturing element in EventHandler if we're dealing with mouse-originated Pointer Events (part 2). * page/PointerCaptureController.cpp: (WebCore::PointerCaptureController::releasePointerCapture): 2019-06-23 Simon Fraser <simon.fraser@apple.com> [Async overflow scroll] Clipped composited layers inside overflow scroll jitter and get incorrectly clipped https://bugs.webkit.org/show_bug.cgi?id=199133 rdar://problem/43614439 Reviewed by Antti Koivisto. Currently a composited layer with an overflow:scroll ancestor (which is not a paint-order ancestor) gets a single "ancestor clip layer" that represents the intersection of all the clips provided by its containing-block ancestors with non-visible overflow (both scrolling and non-scrolling ones). To correctly update clips with async overflow scroll, this single clip layer needs to be broken up into multiple clipping ancestors. We need a separate layer, and scrolling tree node for each ancestor that is an overflow scroll, and layers that represent non-moving clips (i.e. overflow:hidden and 'clip') between them. This patch adds LayerAncestorClippingStack to represent this stack of clipping layers. For example with the following content: <div style="overflow:hidden"> <--- A <div style="overflow:scroll"> <--- B <div style="overflow:hidden"> <--- C <div style="overflow:hidden"> <--- D <div style="overflow:scroll"> <--- E <div style="overflow:hidden"> <--- F <div style="overflow:hidden"> <--- G <div></div> <--- H <div> <div> <div> <div> <div> <div> <div> the composited RenderLayer for H owns a LayerAncestorClippingStack with the following contents: [clip - A] [scroller - B] [clip - intersection of C and D] [scroller - E] [clip - intersection of F and G] Each stack entry has a 'masksToBounds' GraphicsLayer for clipping. Entries representing overflow:scroll clips have a ScrollingNodeID for their OverflowScrollProxy scrolling tree node (which references the actual OverflowScrollingNode). The non-scroller clips in this stack are computed unconstrained by the enclosing overflow:scroll. When the OverflowScrollingNode is scrolled, the boundsOrigin of related OverflowScrollProxy nodes is adjusted to move the descendant layers (other clipping layers, or composited layers). OverflowScrollProxy nodes thus take over the role that "Moves" ScrollingTreePositionedNode had. With this patch, ScrollingTreePositionedNode are purely for absolute position inside non-containing-block stacking context overflow scroll. LayoutConstraints is renamed to AbsolutePositionConstraints accordingly. Tests: compositing/scrolling/async-overflow-scrolling/clipped-layer-in-overflow-clipped-by-scroll.html compositing/scrolling/async-overflow-scrolling/clipped-layer-in-overflow-nested.html compositing/scrolling/async-overflow-scrolling/clipped-layer-in-overflow.html compositing/scrolling/async-overflow-scrolling/layer-in-overflow-clip-to-hidden.html compositing/scrolling/async-overflow-scrolling/layer-in-overflow-clip-to-visible.html compositing/scrolling/async-overflow-scrolling/layer-in-overflow-gain-clipping-layer.html compositing/scrolling/async-overflow-scrolling/layer-in-overflow-in-clipped.html compositing/scrolling/async-overflow-scrolling/layer-in-overflow-lose-clipping-layer.html compositing/scrolling/async-overflow-scrolling/layer-in-overflow.html scrollingcoordinator/scrolling-tree/clipped-layer-in-overflow-nested.html scrollingcoordinator/scrolling-tree/clipped-layer-in-overflow.html * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * page/scrolling/AsyncScrollingCoordinator.cpp: (WebCore::AsyncScrollingCoordinator::setPositionedNodeConstraints): (WebCore::AsyncScrollingCoordinator::setPositionedNodeGeometry): Deleted. * page/scrolling/AsyncScrollingCoordinator.h: * page/scrolling/ScrollingConstraints.cpp: (WebCore::operator<<): * page/scrolling/ScrollingConstraints.h: (WebCore::AbsolutePositionConstraints::operator== const): (WebCore::AbsolutePositionConstraints::operator!= const): (WebCore::LayoutConstraints::operator== const): Deleted. (WebCore::LayoutConstraints::operator!= const): Deleted. (WebCore::LayoutConstraints::alignmentOffset const): Deleted. (WebCore::LayoutConstraints::setAlignmentOffset): Deleted. (WebCore::LayoutConstraints::layerPositionAtLastLayout const): Deleted. (WebCore::LayoutConstraints::setLayerPositionAtLastLayout): Deleted. (WebCore::LayoutConstraints::scrollPositioningBehavior const): Deleted. (WebCore::LayoutConstraints::setScrollPositioningBehavior): Deleted. * page/scrolling/ScrollingCoordinator.h: (WebCore::ScrollingCoordinator::setPositionedNodeConstraints): (WebCore::ScrollingCoordinator::setPositionedNodeGeometry): Deleted. * page/scrolling/ScrollingStatePositionedNode.cpp: (WebCore::ScrollingStatePositionedNode::updateConstraints): * page/scrolling/ScrollingStatePositionedNode.h: * page/scrolling/ScrollingTree.cpp: (WebCore::ScrollingTree::commitTreeState): * page/scrolling/ScrollingTree.h: (WebCore::ScrollingTree::nodesWithRelatedOverflow): (WebCore::ScrollingTree::positionedNodesWithRelatedOverflow): Deleted. * page/scrolling/cocoa/ScrollingTreeFixedNode.mm: (WebCore::ScrollingTreeFixedNode::applyLayerPositions): * page/scrolling/cocoa/ScrollingTreeOverflowScrollProxyNode.mm: (WebCore::ScrollingTreeOverflowScrollProxyNode::commitStateBeforeChildren): * page/scrolling/cocoa/ScrollingTreePositionedNode.h: (WebCore::ScrollingTreePositionedNode::scrollPositioningBehavior const): Deleted. * page/scrolling/cocoa/ScrollingTreePositionedNode.mm: (WebCore::ScrollingTreePositionedNode::commitStateBeforeChildren): (WebCore::ScrollingTreePositionedNode::scrollDeltaSinceLastCommit const): * page/scrolling/cocoa/ScrollingTreeStickyNode.mm: (WebCore::ScrollingTreeStickyNode::computeLayerPosition const): * rendering/LayerAncestorClippingStack.cpp: Added. (WebCore::LayerAncestorClippingStack::LayerAncestorClippingStack): (WebCore::LayerAncestorClippingStack::equalToClipData const): (WebCore::LayerAncestorClippingStack::hasAnyScrollingLayers const): (WebCore::LayerAncestorClippingStack::clear): (WebCore::LayerAncestorClippingStack::detachFromScrollingCoordinator): (WebCore::LayerAncestorClippingStack::firstClippingLayer const): (WebCore::LayerAncestorClippingStack::lastClippingLayer const): (WebCore::LayerAncestorClippingStack::lastOverflowScrollProxyNodeID const): (WebCore::LayerAncestorClippingStack::updateScrollingNodeLayers): (WebCore::LayerAncestorClippingStack::updateWithClipData): (WebCore::operator<<): * rendering/LayerAncestorClippingStack.h: Added. (WebCore::CompositedClipData::CompositedClipData): (WebCore::CompositedClipData::operator== const): (WebCore::CompositedClipData::operator!= const): (WebCore::LayerAncestorClippingStack::stack): (WebCore::LayerAncestorClippingStack::stack const): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::~RenderLayerBacking): (WebCore::RenderLayerBacking::updateDebugIndicators): (WebCore::RenderLayerBacking::destroyGraphicsLayers): (WebCore::RenderLayerBacking::updateTransform): (WebCore::RenderLayerBacking::updateBlendMode): (WebCore::RenderLayerBacking::updateAfterLayout): (WebCore::RenderLayerBacking::updateConfiguration): (WebCore::computeOffsetFromAncestorGraphicsLayer): (WebCore::RenderLayerBacking::computePrimaryGraphicsLayerRect const): (WebCore::RenderLayerBacking::computeParentGraphicsLayerRect const): (WebCore::RenderLayerBacking::updateGeometry): (WebCore::RenderLayerBacking::updateInternalHierarchy): (WebCore::RenderLayerBacking::updateAncestorClippingStack): (WebCore::RenderLayerBacking::updateAncestorClipping): (WebCore::RenderLayerBacking::detachFromScrollingCoordinator): (WebCore::RenderLayerBacking::scrollingNodeIDForChildren const): (WebCore::RenderLayerBacking::childForSuperlayers const): (WebCore::RenderLayerBacking::backingStoreMemoryEstimate const): (WebCore::operator<<): (WebCore::RenderLayerBacking::updateAncestorClippingLayer): Deleted. (WebCore::RenderLayerBacking::coordinatedScrollingRoles const): Deleted. * rendering/RenderLayerBacking.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::didChangePlatformLayerForLayer): (WebCore::RenderLayerCompositor::updateBackingAndHierarchy): (WebCore::RenderLayerCompositor::layerStyleChanged): We need to run the checks for changed clipping whether or not this layer has backing, because a non-composited layer with clipping can be represented in the clipping stack of some other layer. (WebCore::RenderLayerCompositor::clippedByAncestor const): (WebCore::RenderLayerCompositor::updateAncestorClippingStack const): (WebCore::RenderLayerCompositor::computeAncestorClippingStack const): The output of this function is a Vector<CompositedClipData> which represents the ancestor clipping stack, but without the proxy node and GraphicsLayer information. It's input to LayerAncestorClippingStack::updateWithClipData() which does the merging of old and new states. (WebCore::collectRelatedCoordinatedScrollingNodes): (WebCore::RenderLayerCompositor::removeFromScrollCoordinatedLayers): (WebCore::scrollCoordinationRoleForNodeType): (WebCore::RenderLayerCompositor::attachScrollingNode): (WebCore::RenderLayerCompositor::registerScrollingNodeID): (WebCore::RenderLayerCompositor::detachScrollCoordinatedLayerWithRole): (WebCore::RenderLayerCompositor::detachScrollCoordinatedLayer): (WebCore::RenderLayerCompositor::coordinatedScrollingRolesForLayer const): Code moved from RenderLayerBacking. (WebCore::RenderLayerCompositor::updateScrollCoordinationForLayer): (WebCore::RenderLayerCompositor::updateScrollingNodeForScrollingProxyRole): (WebCore::RenderLayerCompositor::updateScrollingNodeForPositioningRole): * rendering/RenderLayerCompositor.h: (WebCore::allScrollCoordinationRoles): 2019-06-23 Simon Fraser <simon.fraser@apple.com> Add OverflowScrollProxyNodes to the scrolling tree https://bugs.webkit.org/show_bug.cgi?id=199132 Reviewed by Antti Koivisto. Add ScrollingStateOverflowScrollProxyNode and ScrollingTreeOverflowScrollProxyNode. These nodes represent clip and scroll position for an overflow:scroll in the containing block chain, but not the paint ancestor chain of a layer. They will be used to correctly manipulate clip rects for composited layers in non-stacking-context scrollers, and in a future patch will replace the functionality of "Moves" positioned nodes. An OverflowScrollProxyNode has the ScrollingNodeID of the scrolling node that it relates to, and we use the existing "related overflow nodes" to create the back references in the scrolling tree. These nodes are not instantiated yet; a future patch will hook them up. * Sources.txt: * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: * page/scrolling/AsyncScrollingCoordinator.cpp: (WebCore::AsyncScrollingCoordinator::setRelatedOverflowScrollingNodes): * page/scrolling/ScrollingCoordinator.cpp: (WebCore::operator<<): * page/scrolling/ScrollingCoordinatorTypes.h: * page/scrolling/ScrollingStateNode.h: (WebCore::ScrollingStateNode::isOverflowScrollProxyNode const): * page/scrolling/ScrollingStateOverflowScrollProxyNode.cpp: Added. (WebCore::ScrollingStateOverflowScrollProxyNode::create): (WebCore::ScrollingStateOverflowScrollProxyNode::ScrollingStateOverflowScrollProxyNode): (WebCore::ScrollingStateOverflowScrollProxyNode::clone): (WebCore::ScrollingStateOverflowScrollProxyNode::setOverflowScrollingNode): (WebCore::ScrollingStateOverflowScrollProxyNode::dumpProperties const): * page/scrolling/ScrollingStateOverflowScrollProxyNode.h: Copied from Source/WebCore/page/scrolling/ScrollingStateOverflowScrollingNode.cpp. (WebCore::ScrollingStateOverflowScrollProxyNode::overflowScrollingNode const): * page/scrolling/ScrollingStateOverflowScrollingNode.cpp: * page/scrolling/ScrollingStateTree.cpp: (WebCore::ScrollingStateTree::createNode): * page/scrolling/ScrollingTreeNode.h: (WebCore::ScrollingTreeNode::isOverflowScrollProxyNode const): * page/scrolling/ScrollingTreeOverflowScrollProxyNode.cpp: Added. (WebCore::ScrollingTreeOverflowScrollProxyNode::create): (WebCore::ScrollingTreeOverflowScrollProxyNode::ScrollingTreeOverflowScrollProxyNode): (WebCore::ScrollingTreeOverflowScrollProxyNode::commitStateBeforeChildren): (WebCore::ScrollingTreeOverflowScrollProxyNode::applyLayerPositions): (WebCore::ScrollingTreeOverflowScrollProxyNode::dumpProperties const): * page/scrolling/ScrollingTreeOverflowScrollProxyNode.h: Copied from Source/WebCore/page/scrolling/ScrollingStateOverflowScrollingNode.cpp. * page/scrolling/ScrollingTreeScrollingNode.h: * page/scrolling/cocoa/ScrollingTreeOverflowScrollProxyNode.h: Copied from Source/WebCore/page/scrolling/ScrollingStateOverflowScrollingNode.cpp. (WebCore::ScrollingTreeOverflowScrollProxyNode::overflowScrollingNodeID const): (WebCore::ScrollingTreeOverflowScrollProxyNode::layer const): * page/scrolling/cocoa/ScrollingTreeOverflowScrollProxyNode.mm: Added. (WebCore::ScrollingTreeOverflowScrollProxyNode::create): (WebCore::ScrollingTreeOverflowScrollProxyNode::ScrollingTreeOverflowScrollProxyNode): (WebCore::ScrollingTreeOverflowScrollProxyNode::commitStateBeforeChildren): (WebCore::ScrollingTreeOverflowScrollProxyNode::scrollDeltaSinceLastCommit const): (WebCore::ScrollingTreeOverflowScrollProxyNode::applyLayerPositions): (WebCore::ScrollingTreeOverflowScrollProxyNode::dumpProperties const): * page/scrolling/cocoa/ScrollingTreePositionedNode.mm: * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm: * page/scrolling/mac/ScrollingTreeMac.cpp: (ScrollingTreeMac::createScrollingTreeNode): * page/scrolling/mac/ScrollingTreeOverflowScrollingNodeMac.mm: (WebCore::ScrollingTreeOverflowScrollingNodeMac::repositionScrollingLayers): * rendering/RenderLayerCompositor.cpp: (WebCore::scrollCoordinationRoleForNodeType): 2019-06-23 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Non-baseline aligned inline container should not mutate the baseline https://bugs.webkit.org/show_bug.cgi?id=199129 <rdar://problem/52022533> Reviewed by Antti Koivisto. Only baseline aligned inline container (<span style="vertical-aligned: baseline">) should adjust line's baseline. This patch also fixes m_baselineTop's value when we apply the initial strut. * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::isInlineContainerConsideredEmpty): (WebCore::Layout::Line::isVisuallyEmpty const): (WebCore::Layout::Line::adjustBaselineAndLineHeight): 2019-06-22 Zalan Bujtas <zalan@apple.com> [LFC][IFC] The anonymous InlineBox wrapper for the text node should take the parent style. https://bugs.webkit.org/show_bug.cgi?id=199127 <rdar://problem/52017744> Reviewed by Antti Koivisto. <span style="vertical-align: bottom">bottom aligned text</span> The InlineBox wrapper for the "bottom aligned text" content should take the parent span's style. * layout/layouttree/LayoutTreeBuilder.cpp: (WebCore::Layout::TreeBuilder::createSubTree): 2019-06-22 Antoine Quint <graouts@apple.com> [Pointer Events] Respect pointer capture when dispatching mouse boundary events and updating :hover https://bugs.webkit.org/show_bug.cgi?id=198999 <rdar://problem/52005663> Reviewed by Dean Jackson. We should only set the mouse events capturing element in EventHandler if we're dealing with mouse-originated Pointer Events. * page/PointerCaptureController.cpp: (WebCore::PointerCaptureController::processPendingPointerCapture): 2019-06-22 Andres Gonzalez <andresg_22@apple.com> Accessibility objects contained in links should honor the aria-haspopup attribute in the ancestor link. https://bugs.webkit.org/show_bug.cgi?id=199107 <rdar://problem/43663611> Reviewed by Chris Fleizach. Tests: accessibility/ios-simulator/button-with-aria-haspopup-role.html accessibility/ios-simulator/element-haspopup.html If an accessibility object is contained within an <a>, we should check the aria-haspopup attribute on the ancestor <a> element. This was done before in the iOS WebKit accessibility bunddle override. * accessibility/AccessibilityRenderObject.cpp: (WebCore::AccessibilityRenderObject::hasPopup const): 2019-06-22 Robin Morisset <rmorisset@apple.com> and Yusuke Suzuki <ysuzuki@apple.com> All prototypes should call didBecomePrototype() https://bugs.webkit.org/show_bug.cgi?id=196315 Reviewed by Saam Barati. * bindings/js/JSDOMIterator.h: (WebCore::IteratorTraits>::finishCreation): * bindings/js/JSDOMWindowProperties.h: (WebCore::JSDOMWindowProperties::create): Deleted. (WebCore::JSDOMWindowProperties::createStructure): Deleted. (WebCore::JSDOMWindowProperties::JSDOMWindowProperties): Deleted. * bindings/js/JSWindowProxy.cpp: (WebCore::JSWindowProxy::setWindow): * bindings/scripts/CodeGeneratorJS.pm: (GeneratePrototypeDeclaration): (GenerateConstructorHelperMethods): * bindings/scripts/test/JS/JSInterfaceName.cpp: (WebCore::JSInterfaceNamePrototype::JSInterfaceNamePrototype): * bindings/scripts/test/JS/JSMapLike.cpp: (WebCore::JSMapLikePrototype::JSMapLikePrototype): * bindings/scripts/test/JS/JSReadOnlyMapLike.cpp: (WebCore::JSReadOnlyMapLikePrototype::JSReadOnlyMapLikePrototype): * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp: (WebCore::JSTestActiveDOMObjectPrototype::JSTestActiveDOMObjectPrototype): * bindings/scripts/test/JS/JSTestCEReactions.cpp: (WebCore::JSTestCEReactionsPrototype::JSTestCEReactionsPrototype): * bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp: (WebCore::JSTestCEReactionsStringifierPrototype::JSTestCEReactionsStringifierPrototype): * bindings/scripts/test/JS/JSTestCallTracer.cpp: (WebCore::JSTestCallTracerPrototype::JSTestCallTracerPrototype): * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp: (WebCore::JSTestClassWithJSBuiltinConstructorPrototype::JSTestClassWithJSBuiltinConstructorPrototype): * bindings/scripts/test/JS/JSTestDOMJIT.cpp: (WebCore::JSTestDOMJITPrototype::JSTestDOMJITPrototype): (WebCore::JSTestDOMJITConstructor::prototypeForStructure): * bindings/scripts/test/JS/JSTestEnabledBySetting.cpp: (WebCore::JSTestEnabledBySettingPrototype::JSTestEnabledBySettingPrototype): * bindings/scripts/test/JS/JSTestEnabledForContext.cpp: (WebCore::JSTestEnabledForContextPrototype::JSTestEnabledForContextPrototype): * bindings/scripts/test/JS/JSTestEventConstructor.cpp: (WebCore::JSTestEventConstructorPrototype::JSTestEventConstructorPrototype): (WebCore::JSTestEventConstructorConstructor::prototypeForStructure): * bindings/scripts/test/JS/JSTestEventTarget.cpp: (WebCore::JSTestEventTargetPrototype::JSTestEventTargetPrototype): (WebCore::JSTestEventTargetConstructor::prototypeForStructure): * bindings/scripts/test/JS/JSTestException.cpp: (WebCore::JSTestExceptionPrototype::JSTestExceptionPrototype): * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp: (WebCore::JSTestGenerateIsReachablePrototype::JSTestGenerateIsReachablePrototype): * bindings/scripts/test/JS/JSTestGlobalObject.h: (WebCore::JSTestGlobalObjectPrototype::JSTestGlobalObjectPrototype): * bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp: (WebCore::JSTestIndexedSetterNoIdentifierPrototype::JSTestIndexedSetterNoIdentifierPrototype): * bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp: (WebCore::JSTestIndexedSetterThrowingExceptionPrototype::JSTestIndexedSetterThrowingExceptionPrototype): * bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp: (WebCore::JSTestIndexedSetterWithIdentifierPrototype::JSTestIndexedSetterWithIdentifierPrototype): * bindings/scripts/test/JS/JSTestInterface.cpp: (WebCore::JSTestInterfacePrototype::JSTestInterfacePrototype): * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp: (WebCore::JSTestInterfaceLeadingUnderscorePrototype::JSTestInterfaceLeadingUnderscorePrototype): * bindings/scripts/test/JS/JSTestIterable.cpp: (WebCore::JSTestIterablePrototype::JSTestIterablePrototype): * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp: (WebCore::JSTestJSBuiltinConstructorPrototype::JSTestJSBuiltinConstructorPrototype): * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp: (WebCore::JSTestMediaQueryListListenerPrototype::JSTestMediaQueryListListenerPrototype): * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp: (WebCore::JSTestNamedAndIndexedSetterNoIdentifierPrototype::JSTestNamedAndIndexedSetterNoIdentifierPrototype): * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp: (WebCore::JSTestNamedAndIndexedSetterThrowingExceptionPrototype::JSTestNamedAndIndexedSetterThrowingExceptionPrototype): * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp: (WebCore::JSTestNamedAndIndexedSetterWithIdentifierPrototype::JSTestNamedAndIndexedSetterWithIdentifierPrototype): * bindings/scripts/test/JS/JSTestNamedConstructor.cpp: (WebCore::JSTestNamedConstructorPrototype::JSTestNamedConstructorPrototype): * bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp: (WebCore::JSTestNamedDeleterNoIdentifierPrototype::JSTestNamedDeleterNoIdentifierPrototype): * bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp: (WebCore::JSTestNamedDeleterThrowingExceptionPrototype::JSTestNamedDeleterThrowingExceptionPrototype): * bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp: (WebCore::JSTestNamedDeleterWithIdentifierPrototype::JSTestNamedDeleterWithIdentifierPrototype): * bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp: (WebCore::JSTestNamedDeleterWithIndexedGetterPrototype::JSTestNamedDeleterWithIndexedGetterPrototype): * bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp: (WebCore::JSTestNamedGetterCallWithPrototype::JSTestNamedGetterCallWithPrototype): * bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp: (WebCore::JSTestNamedGetterNoIdentifierPrototype::JSTestNamedGetterNoIdentifierPrototype): * bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp: (WebCore::JSTestNamedGetterWithIdentifierPrototype::JSTestNamedGetterWithIdentifierPrototype): * bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp: (WebCore::JSTestNamedSetterNoIdentifierPrototype::JSTestNamedSetterNoIdentifierPrototype): * bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp: (WebCore::JSTestNamedSetterThrowingExceptionPrototype::JSTestNamedSetterThrowingExceptionPrototype): * bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp: (WebCore::JSTestNamedSetterWithIdentifierPrototype::JSTestNamedSetterWithIdentifierPrototype): * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp: (WebCore::JSTestNamedSetterWithIndexedGetterPrototype::JSTestNamedSetterWithIndexedGetterPrototype): * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp: (WebCore::JSTestNamedSetterWithIndexedGetterAndSetterPrototype::JSTestNamedSetterWithIndexedGetterAndSetterPrototype): * bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp: (WebCore::JSTestNamedSetterWithOverrideBuiltinsPrototype::JSTestNamedSetterWithOverrideBuiltinsPrototype): * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp: (WebCore::JSTestNamedSetterWithUnforgablePropertiesPrototype::JSTestNamedSetterWithUnforgablePropertiesPrototype): * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp: (WebCore::JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltinsPrototype::JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltinsPrototype): * bindings/scripts/test/JS/JSTestNode.cpp: (WebCore::JSTestNodePrototype::JSTestNodePrototype): (WebCore::JSTestNodeConstructor::prototypeForStructure): * bindings/scripts/test/JS/JSTestObj.cpp: (WebCore::JSTestObjPrototype::JSTestObjPrototype): * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp: (WebCore::JSTestOverloadedConstructorsPrototype::JSTestOverloadedConstructorsPrototype): * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp: (WebCore::JSTestOverloadedConstructorsWithSequencePrototype::JSTestOverloadedConstructorsWithSequencePrototype): * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp: (WebCore::JSTestOverrideBuiltinsPrototype::JSTestOverrideBuiltinsPrototype): * bindings/scripts/test/JS/JSTestPluginInterface.cpp: (WebCore::JSTestPluginInterfacePrototype::JSTestPluginInterfacePrototype): * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp: (WebCore::JSTestPromiseRejectionEventPrototype::JSTestPromiseRejectionEventPrototype): (WebCore::JSTestPromiseRejectionEventConstructor::prototypeForStructure): * bindings/scripts/test/JS/JSTestSerialization.cpp: (WebCore::JSTestSerializationPrototype::JSTestSerializationPrototype): * bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.cpp: (WebCore::JSTestSerializationIndirectInheritancePrototype::JSTestSerializationIndirectInheritancePrototype): (WebCore::JSTestSerializationIndirectInheritanceConstructor::prototypeForStructure): * bindings/scripts/test/JS/JSTestSerializationInherit.cpp: (WebCore::JSTestSerializationInheritPrototype::JSTestSerializationInheritPrototype): (WebCore::JSTestSerializationInheritConstructor::prototypeForStructure): * bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp: (WebCore::JSTestSerializationInheritFinalPrototype::JSTestSerializationInheritFinalPrototype): (WebCore::JSTestSerializationInheritFinalConstructor::prototypeForStructure): * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp: (WebCore::JSTestSerializedScriptValueInterfacePrototype::JSTestSerializedScriptValueInterfacePrototype): * bindings/scripts/test/JS/JSTestStringifier.cpp: (WebCore::JSTestStringifierPrototype::JSTestStringifierPrototype): * bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp: (WebCore::JSTestStringifierAnonymousOperationPrototype::JSTestStringifierAnonymousOperationPrototype): * bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp: (WebCore::JSTestStringifierNamedOperationPrototype::JSTestStringifierNamedOperationPrototype): * bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp: (WebCore::JSTestStringifierOperationImplementedAsPrototype::JSTestStringifierOperationImplementedAsPrototype): * bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp: (WebCore::JSTestStringifierOperationNamedToStringPrototype::JSTestStringifierOperationNamedToStringPrototype): * bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp: (WebCore::JSTestStringifierReadOnlyAttributePrototype::JSTestStringifierReadOnlyAttributePrototype): * bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp: (WebCore::JSTestStringifierReadWriteAttributePrototype::JSTestStringifierReadWriteAttributePrototype): * bindings/scripts/test/JS/JSTestTypedefs.cpp: (WebCore::JSTestTypedefsPrototype::JSTestTypedefsPrototype): 2019-06-22 Mike Gorse <mgorse@suse.com> webkitgtk 2.24.2 fails to build w/gstreamer 1.12.5 https://bugs.webkit.org/show_bug.cgi?id=198080 Reviewed by Philippe Normand. No new tests (build fix only). * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp: * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h: Move includes of gst/gl/gl.h and epoxy/gl.h into MediaPlayerPrivateGStreamerBase.h. 2019-06-21 Sihui Liu <sihui_liu@apple.com> openDatabase should return an empty object when WebSQL is disabled https://bugs.webkit.org/show_bug.cgi?id=198805 Reviewed by Geoffrey Garen. Some websites rely on calling openDatabase with null parameters to check for private browsing. To not break those sites, we now expose openDatabase interface even if Web SQL is disabled. When Web SQL is disabled, window.openDatabase returns false, but it is callable and returns empty object. Test: WebSQL.OpenDatabaseAlwaysExists * Modules/webdatabase/DOMWindowWebDatabase.idl: * bindings/js/JSDOMWindowCustom.cpp: (WebCore::jsDOMWindowInstanceFunctionOpenDatabaseBody): (WebCore::IDLOperation<JSDOMWindow>::cast): (WebCore::jsDOMWindowInstanceFunctionOpenDatabase): (WebCore::JSDOMWindow::openDatabase const): 2019-06-21 Ryosuke Niwa <rniwa@webkit.org> Nullptr crash in DeleteSelectionCommand::handleGeneralDelete https://bugs.webkit.org/show_bug.cgi?id=199126 Reviewed by Wenson Hsieh. Added null checks to handleGeneralDelete as well as mergeParagraphs which runs after handleGeneralDelete to be defensive. Unfortunately no new tests since there is no reproducible test case. * editing/DeleteSelectionCommand.cpp: (WebCore::DeleteSelectionCommand::handleGeneralDelete): (WebCore::DeleteSelectionCommand::mergeParagraphs): 2019-06-21 Youenn Fablet <youenn@apple.com> ResourceLoadNotifier should check whether its frame document loader is null https://bugs.webkit.org/show_bug.cgi?id=199118 Reviewed by Geoffrey Garen. * loader/ResourceLoadNotifier.cpp: (WebCore::ResourceLoadNotifier::dispatchWillSendRequest): 2019-06-21 Jiewen Tan <jiewen_tan@apple.com> WebPageProxy::loadData should accept ShouldOpenExternalURLsPolicy https://bugs.webkit.org/show_bug.cgi?id=199114 <rdar://problem/51671674> Reviewed by Youenn Fablet. Covered by new test content within existing tests. * loader/FrameLoaderTypes.h: Adds an EnumTraits for ShouldOpenExternalURLsPolicy. 2019-06-21 Saam Barati <sbarati@apple.com> [WHLSL] Code that accesses an undefined variable crashes https://bugs.webkit.org/show_bug.cgi?id=198775 Reviewed by Myles C. Maxfield. Myles mostly fixed this in r246631 when he made NameResolver propagate its error to its parent NameResolver. However, there was still one bug where we ended up calling setError twice for an if statement. This patch fixes that and adds tests. Tests: webgpu/whlsl-use-undefined-variable-2.html webgpu/whlsl-use-undefined-variable.html * Modules/webgpu/WHLSL/WHLSLNameResolver.cpp: (WebCore::WHLSL::NameResolver::visit): 2019-06-21 Truitt Savell <tsavell@apple.com> Unreviewed, rolling out r246611. Introduced a flakey test. Reverted changeset: "iOS 12.2 Drawing portrait video to canvas is sideways" https://bugs.webkit.org/show_bug.cgi?id=196772 https://trac.webkit.org/changeset/246611 2019-06-21 Tim Horton <timothy_horton@apple.com> Preview of <picture> element doesn't match element bounds https://bugs.webkit.org/show_bug.cgi?id=199049 <rdar://problem/51474402> Reviewed by Simon Fraser. Test: fast/text-indicator/text-indicator-uses-img-size-inside-picture.html * dom/DOMRectReadOnly.idl: * dom/Range.cpp: (WebCore::Range::absoluteRectsForRangeInText const): (WebCore::Range::absoluteTextRects const): (WebCore::Range::borderAndTextRects const): (WebCore::Range::boundingRect const): (WebCore::Range::absoluteBoundingRect const): * dom/Range.h: (WebCore::Range::absoluteTextRects): (WebCore::Range::absoluteBoundingRect): (WebCore::Range::borderAndTextRects): (WebCore::Range::boundingRect): * page/TextIndicator.cpp: (WebCore::absoluteBoundingRectForRange): (WebCore::estimatedBackgroundColorForRange): (WebCore::initializeIndicator): * rendering/RenderBlock.h: * testing/Internals.cpp: (WebCore::Internals::TextIndicatorData::TextIndicatorData): (WebCore::Internals::TextIndicatorData::~TextIndicatorData): (WebCore::Internals::textIndicatorForRange): * testing/Internals.h: * testing/Internals.idl: 2019-06-21 Youenn Fablet <youenn@apple.com> Safari crashes after ~2028 OfflineAudioContext objects are created (they never get garbage collected, consuming a thread each) https://bugs.webkit.org/show_bug.cgi?id=198964 <rdar://problem/51891520> Reviewed by Jer Noble. Move from setPendingActivity/unsetPendingActivity to an m_pendingActivity member which is easier to manage. Keep setting a pending activity for AudioContext at construction time but do not do that for Offline contexts. Instead, set the pending activity when startRendering is called. Unset the pending activity when the rendering activity is finished. Make m_audioDecoder a unique pointer so that it can lazily be initialized. This removes the burden of creating an audio decoder thread for each context. Test: webaudio/offlineaudiocontext-gc.html * Modules/webaudio/AudioContext.cpp: (WebCore::AudioContext::AudioContext): (WebCore::AudioContext::constructCommon): (WebCore::AudioContext::clear): (WebCore::AudioContext::decodeAudioData): (WebCore::AudioContext::startRendering): (WebCore::AudioContext::finishedRendering): (WebCore::AudioContext::dispatchEvent): (WebCore::AudioContext::clearPendingActivity): (WebCore::AudioContext::makePendingActivity): To keep it consistent with setPendingActivity/unsetPendingActivity, we explicitly ref/unref the AudioContext. We should try to remove this ref/unref. * Modules/webaudio/AudioContext.h: * Modules/webaudio/OfflineAudioDestinationNode.cpp: (WebCore::OfflineAudioDestinationNode::startRendering): 2019-06-21 Truitt Savell <tsavell@apple.com> Unreviewed, rolling out r246655. Introduced a failing test Reverted changeset: "Web Inspector: AXI: Audit: image label test is throwing spurious errors on elements with existing alt attr, but no value: <img alt>" https://bugs.webkit.org/show_bug.cgi?id=194754 https://trac.webkit.org/changeset/246655 2019-06-21 Myles C. Maxfield <mmaxfield@apple.com> [WHLSL] read modify write expressions do no work as expected https://bugs.webkit.org/show_bug.cgi?id=195864 Reviewed by Saam Barati. Turns out https://bugs.webkit.org/show_bug.cgi?id=199037 already fixed everything. This patch just adds a test. Test: webgpu/whlsl-read-modify-write.html * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: 2019-06-21 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Adjust baseline top when the baseline moves. https://bugs.webkit.org/show_bug.cgi?id=199091 <rdar://problem/51966257> Reviewed by Antti Koivisto. Currently only "text-align: bottom" adjusts the baseline top. This patch fixes the "text-align: baseline" case when the growing ascent pushes the baseline top closer to the line top. * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::adjustBaselineAndLineHeight): 2019-06-21 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Rename Line::m_contentLogicalHeight to m_lineLogicalHeight https://bugs.webkit.org/show_bug.cgi?id=199100 <rdar://problem/51973614> Reviewed by Antti Koivisto. m_logicalLineHeight name seems more appropriate at this point (though the line heigh is driven by the content height). * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::close): (WebCore::Layout::Line::adjustBaselineAndLineHeight): * layout/inlineformatting/InlineLine.h: (WebCore::Layout::Line::logicalHeight const): 2019-06-21 Zalan Bujtas <zalan@apple.com> [LFC][IFC] LineBox::Baseline should have a height getter. https://bugs.webkit.org/show_bug.cgi?id=199092 <rdar://problem/51966958> Reviewed by Antti Koivisto. The baseline height does not need to be a getter on the Line (no one calls it). * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::adjustBaselineAndLineHeight): * layout/inlineformatting/InlineLine.h: (WebCore::Layout::Line::contentLogicalWidth const): (WebCore::Layout::Line::baselineAlignedContentHeight const): Deleted. * layout/inlineformatting/InlineLineBox.h: (WebCore::Layout::LineBox::Baseline::height const): 2019-06-21 Michael Catanzaro <mcatanzaro@igalia.com> [WPE][GTK] Bump minimum versions of GLib, GTK, libsoup, ATK, GStreamer, and Cairo https://bugs.webkit.org/show_bug.cgi?id=199094 Reviewed by Carlos Garcia Campos. * accessibility/atk/AXObjectCacheAtk.cpp: (WebCore::AXObjectCache::postPlatformNotification): * accessibility/atk/WebKitAccessible.cpp: (atkRole): (setAtkStateSetFromCoreObject): (interfaceMaskFromObject): * accessibility/atk/WebKitAccessibleInterfaceTableCell.cpp: * accessibility/atk/WebKitAccessibleInterfaceTableCell.h: * accessibility/atk/WebKitAccessibleInterfaceText.cpp: (webkitAccessibleTextGetStringAtOffset): (webkitAccessibleTextInterfaceInit): * accessibility/atk/WebKitAccessibleInterfaceValue.cpp: (webkitAccessibleValueInterfaceInit): * platform/graphics/gstreamer/AudioTrackPrivateGStreamer.cpp: (WebCore::AudioTrackPrivateGStreamer::kind const): * platform/graphics/gstreamer/AudioTrackPrivateGStreamer.h: * platform/graphics/gstreamer/GRefPtrGStreamer.cpp: (WTF::derefGPtr<GstStreamCollection>): * platform/graphics/gstreamer/GRefPtrGStreamer.h: * platform/graphics/gstreamer/GStreamerCommon.cpp: (WebCore::initializeGStreamerAndRegisterWebKitElements): * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.cpp: (WebCore::InbandTextTrackPrivateGStreamer::InbandTextTrackPrivateGStreamer): * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.h: (WebCore::InbandTextTrackPrivateGStreamer::create): * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp: (WebCore::MediaPlayerPrivateGStreamer::load): (WebCore::MediaPlayerPrivateGStreamer::updateTracks): (WebCore::MediaPlayerPrivateGStreamer::enableTrack): (WebCore::MediaPlayerPrivateGStreamer::handleMessage): (WebCore::MediaPlayerPrivateGStreamer::sourceSetup): (WebCore::MediaPlayerPrivateGStreamer::handleSyncMessage): (WebCore::MediaPlayerPrivateGStreamer::supportsType): (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin): * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp: (WebCore::MediaPlayerPrivateGStreamerBase::requestGLContext): (WebCore::MediaPlayerPrivateGStreamerBase::createGLAppSink): (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL): * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h: * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp: (WebCore::TrackPrivateBaseGStreamer::TrackPrivateBaseGStreamer): (WebCore::TrackPrivateBaseGStreamer::disconnect): (WebCore::TrackPrivateBaseGStreamer::tagsChanged): * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.h: (WebCore::TrackPrivateBaseGStreamer::stream): * platform/graphics/gstreamer/VideoTrackPrivateGStreamer.cpp: (WebCore::VideoTrackPrivateGStreamer::kind const): * platform/graphics/gstreamer/VideoTrackPrivateGStreamer.h: * platform/gtk/PlatformKeyboardEventGtk.cpp: (WebCore::eventTypeForGdkKeyEvent): * platform/gtk/PlatformMouseEventGtk.cpp: (WebCore::PlatformMouseEvent::PlatformMouseEvent): * platform/gtk/PlatformScreenGtk.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): (WebCore::screenHasTouchDevice): (WebCore::screenIsTouchPrimaryInputDevice): (): Deleted. (WebCore::isTouchDevice): Deleted. (WebCore::deviceAddedCallback): Deleted. (WebCore::deviceRemovedCallback): Deleted. * platform/gtk/PlatformWheelEventGtk.cpp: (WebCore::PlatformWheelEvent::PlatformWheelEvent): * platform/gtk/RenderThemeGadget.cpp: * platform/gtk/RenderThemeGadget.h: * platform/gtk/RenderThemeWidget.cpp: * platform/gtk/RenderThemeWidget.h: * platform/gtk/ScrollbarThemeGtk.cpp: (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk): (WebCore::ScrollbarThemeGtk::themeChanged): (WebCore::ScrollbarThemeGtk::updateThemeProperties): (WebCore::ScrollbarThemeGtk::trackRect): (WebCore::ScrollbarThemeGtk::forwardButtonRect): (WebCore::ScrollbarThemeGtk::paint): (WebCore::ScrollbarThemeGtk::scrollbarThickness): (WebCore::createStyleContext): Deleted. (WebCore::createChildStyleContext): Deleted. (WebCore::paintStepper): Deleted. (WebCore::adjustRectAccordingToMargin): Deleted. * platform/mediastream/gstreamer/GStreamerCapturer.cpp: * platform/mediastream/gstreamer/GStreamerMediaStreamSource.cpp: * platform/network/soup/ResourceRequest.h: (WebCore::toSoupMessagePriority): * platform/network/soup/SoupNetworkSession.cpp: (WebCore::SoupNetworkSession::SoupNetworkSession): * rendering/RenderThemeGtk.cpp: (WebCore::themePartStateFlags): (WebCore::paintToggle): (WebCore::RenderThemeGtk::paintButton): (WebCore::menuListColor): (WebCore::RenderThemeGtk::paintMenuList): (WebCore::RenderThemeGtk::paintTextField): (WebCore::adjustSearchFieldIconStyle): (WebCore::RenderThemeGtk::paintSearchFieldCancelButton): (WebCore::RenderThemeGtk::paintSliderThumb): (WebCore::RenderThemeGtk::paintProgressBar): (WebCore::RenderThemeGtk::paintInnerSpinButton): (WebCore::styleColor): (WebCore::RenderThemeGtk::systemColor const): (WebCore::RenderThemeGtk::paintMediaButton): (WebCore::createStyleContext): Deleted. (WebCore::loadThemedIcon): Deleted. (WebCore::gtkTextDirection): Deleted. (WebCore::gtkIconStateFlags): Deleted. (WebCore::adjustRectForFocus): Deleted. (WebCore::renderButton): Deleted. (WebCore::getIconSizeForPixelSize): Deleted. (WebCore::paintIcon): Deleted. (WebCore::paintEntryIcon): Deleted. (WebCore::centerRectVerticallyInParentInputElement): Deleted. (WebCore::spinButtonArrowSize): Deleted. (WebCore::paintSpinArrowButton): Deleted. 2019-06-20 Antoine Quint <graouts@apple.com> [Pointer Events] Respect pointer capture when dispatching mouse boundary events and updating :hover https://bugs.webkit.org/show_bug.cgi?id=198999 Reviewed by Dean Jackson. Up until now, we would not account for pointer capture (see https://w3c.github.io/pointerevents/#pointer-capture) when dispatching mouse boundary events (mouseover, mouseout, mouseenter, mouseleave) and their counterpart pointer events. We would also not account for it when updating :hover styles. Now, when pointer capture changes for an element, we call setCapturingMouseEventsElement() on the EventHandler such that the element that would naturally hit-test is overridden by the pointer capture element when identifying which target to use for the dispatch of boundary mouse events. Additionally, when calling EventHandler::prepareMouseEvent(), we also use the pointer capture element to eventually pass down to Document::updateHoverActiveState() such that :hover styles are applied to the correct element. This also means that we need to re-run EventHandler::prepareMouseEvent() during mouse state changes to ensure that the :hover styles are applied correctly should the pointer capture element change during dispatch of boundary mouse events. * dom/Document.cpp: (WebCore::Document::prepareMouseEvent): If there is one, use the pointer capture element instead of the hit-test target. (WebCore::Document::updateHoverActiveState): Relax the mustBeInActiveChain condition in case the pointer capture element changed when updating the :hover/:active chains. * page/EventHandler.cpp: (WebCore::EventHandler::handleMousePressEvent): Re-process the mouse event if the pointer capture element changed during event dispatch. (WebCore::EventHandler::handleMouseMoveEvent): Re-process the mouse event if the pointer capture element changed during event dispatch. (WebCore::EventHandler::handleMouseReleaseEvent): As we know the pointer capture element will be reset as part of the mouse being released, we reset the pointer capture element and EventHandler's capture element prior to invalidating hover styles and boundary events. (WebCore::EventHandler::setCapturingMouseEventsElement): Dispatch boundary events when a new element is set. (WebCore::EventHandler::dispatchMouseEvent): New dispatchMouseEvent() variant that re-processes the provided MouseEventWithHitTestResults in case the pointer capture element changes during event dispatch, as called by handleMousePressEvent() and handleMouseMoveEvent(). * page/EventHandler.h: * page/PointerCaptureController.cpp: (WebCore::PointerCaptureController::pointerCaptureElement): We now need to query whay the pointer capture element might be from EventHandler, so expose a new method to access it. (WebCore::PointerCaptureController::releasePointerCapture): Since we may not call processPendingPointerCapture() until the dispatch of the next event, we must reset EventHandler's capturing mouse element right now so that the next event processed does not use it as an overriding target. (WebCore::PointerCaptureController::hasPointerCapture): We would mistakenly return true if the provided element was null, which could be the case of EventHandler's capturing element. Rather than changing call sites to check that the provided value exists, we change the method to return false when the provided element is null. Note that this does not affect the API since it's exposed on Element itself. (WebCore::PointerCaptureController::dispatchEventForTouchAtIndex): Call dispatchEvent() instead of calling pointerEventWillBeDispatched() and pointerEventWasDispatched(). (WebCore::PointerCaptureController::dispatchEvent): Remove all code specific to pointer capture since now the events will be dispatched on the pointer capture element by EventHandler. (WebCore::PointerCaptureController::processPendingPointerCapture): Make sure this method is not re-entrant since it dispatches events. * page/PointerCaptureController.h: * rendering/HitTestRequest.h: (WebCore::HitTestRequest::pointerCaptureElementChanged const): Add a new HitTestRequestType bit such that we can indicate to Document::updateHoverActiveState() that it must be update the :hover/:active chains when the pointer capture element has just changed. 2019-06-20 Carlos Garcia Campos <cgarcia@igalia.com> [GTK] Stop pretending WebCore::Widget can have a platform widget https://bugs.webkit.org/show_bug.cgi?id=199066 Reviewed by Michael Catanzaro. That was only possible in legacy WebKit that we no longer support. The code can be simplified a bit. * platform/Widget.cpp: (WebCore::Widget::init): * platform/Widget.h: (WebCore::Widget::setPlatformWidget): (WebCore::Widget::releasePlatformWidget): Deleted. (WebCore::Widget::retainPlatformWidget): Deleted. * platform/gtk/PlatformScreenGtk.cpp: (WebCore::systemVisual): (WebCore::screenDepth): (WebCore::screenDepthPerComponent): (WebCore::screenRect): (WebCore::screenAvailableRect): (WebCore::getToplevel): Deleted. (WebCore::getVisual): Deleted. (WebCore::getScreen): Deleted. * platform/gtk/WidgetGtk.cpp: (WebCore::Widget::~Widget): (WebCore::Widget::show): (WebCore::Widget::hide): (WebCore::Widget::setIsSelected): (WebCore::Widget::setFrameRect): (WebCore::Widget::releasePlatformWidget): Deleted. (WebCore::Widget::retainPlatformWidget): Deleted. * platform/ios/WidgetIOS.mm: (WebCore::Widget::~Widget): 2019-06-20 Simon Fraser <simon.fraser@apple.com> Make it possible to include clipping in GraphicsLayer tree dumps https://bugs.webkit.org/show_bug.cgi?id=199096 Reviewed by Zalan Bujtas. Add LAYER_TREE_INCLUDES_CLIPPING and plumb it down to GraphicsLayers, turning it on for a couple of tests. * page/Frame.h: * platform/graphics/GraphicsLayer.cpp: (WebCore::GraphicsLayer::dumpProperties const): * platform/graphics/GraphicsLayerClient.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::layerTreeAsText): * testing/Internals.cpp: (WebCore::toLayerTreeFlags): * testing/Internals.h: * testing/Internals.idl: 2019-06-20 Daniel Bates <dabates@apple.com> [iOS] Evernote crashes when creating a note https://bugs.webkit.org/show_bug.cgi?id=199083 <rdar://problem/51759247> Reviewed by Brent Fulgham. Add runtime check whether WebKit is being used in Evernote. Evernote's bundle ID references iPhone, but they use the same ID for their iPad app as well. * platform/RuntimeApplicationChecks.h: * platform/cocoa/RuntimeApplicationChecksCocoa.mm: (WebCore::IOSApplication::isEvernote): Added. 2019-06-20 Greg Doolittle <gr3g@apple.com> Web Inspector: AXI: Audit: image label test is throwing spurious errors on elements with existing alt attr, but no value: <img alt> https://bugs.webkit.org/show_bug.cgi?id=194754 Reviewed by Chris Fleizach. Test: accessibility/img-alt-attribute-unassigned-value.html * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::computedRoleString const): 2019-06-20 Ryosuke Niwa <rniwa@webkit.org> REGRESSION(r245912): Crash in TextIterator::range via visiblePositionForIndexUsingCharacterIterator https://bugs.webkit.org/show_bug.cgi?id=199061 Reviewed by Wenson Hsieh. Avoid calling CharacterIterator::range when it's at the end. Otherwise, we'd crash with null pointer dereferencing. Unfortunately no new tests since we don't have any reproducible test case. * editing/Editing.cpp: (WebCore::visiblePositionForIndexUsingCharacterIterator): 2019-06-20 Brent Fulgham <bfulgham@apple.com> Resolve frequent crashes in topPrivatelyControlledDomain https://bugs.webkit.org/show_bug.cgi?id=199072 <rdar://problem/51428162> Reviewed by Youenn Fablet. Crash data indicates that we are frequently crashing when multiple threads call WebCore::topPrivatelyControlledDomain. Code review showed the potential for a thread contention issue, since WebKit builds with '--fno-threadsafe-statics'. This patch corrects the thread safety issue in WebCore::topPrivatelyControlledDomain. * platform/mac/PublicSuffixMac.mm: (WebCore::topPrivatelyControlledDomain): Only instantiate the static cache after the current thread has achieved its lock. 2019-06-20 Saam Barati <sbarati@apple.com> [WHLSL] Property resolver needs to recurse on newValueExpression for RMW operations https://bugs.webkit.org/show_bug.cgi?id=199037 Reviewed by Myles C. Maxfield. When we had an expression like `<e1> += <e2>`, we weren't running the property resolver on <e2>. If <e2> was something like `mat[1][2]`, we wouldn't end up simplifying that into the needed getter calls. This patch fixes this by having the property resolver recurse on <e2>. This patch also fixes a bug in the property resolver where we weren't marking some dereference expressions as LValues. This was causing bugs in the metal code generator. This patch also adds a way to dump the AST between passes that are guaranteed to not fail. Test: webgpu/whlsl-read-modify-write-high-zombies.html * Modules/webgpu/WHLSL/WHLSLPrepare.cpp: (WebCore::WHLSL::prepareShared): * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: (WebCore::WHLSL::PropertyResolver::visit): * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: 2019-06-20 John Wilander <wilander@apple.com> Storage Access API: Cap the number of times an iframe document can request access https://bugs.webkit.org/show_bug.cgi?id=199074 <rdar://problem/51857195> Reviewed by Brent Fulgham. Tested manually. This change just adds a counter to the number of times the user explicitly denies storage access and returns early if the counter has reached the limit of 2. We hoped that iframes that request storage access would count the number of times the user has been asked and not repeat the request over and over. However, we're seeing pretty aggressive use of the API and users are complaining. Therefore, we need a cap on how many times an iframed document can ask if it is explicitly denied access by the user. This is a first measure. If we see continued aggressive use of the API, we'll have to consider more drastic measures. * dom/DocumentStorageAccess.cpp: (WebCore::DocumentStorageAccess::requestStorageAccess): * dom/DocumentStorageAccess.h: 2019-06-20 Youenn Fablet <youenn@apple.com> Changing settings of a MediaStreamTrack clone should not alter the settings of the original track https://bugs.webkit.org/show_bug.cgi?id=198840 Reviewed by Eric Carlson. Rename RealtimeVideoSource in RealtimeVideoCaptureSource. Introduce RealtimeVideoSource as a class wrapping RealtimeVideoCaptureSource. Its goal is to be able to have independent settings from its underlying RealtimeVideoCaptureSource. It can also adapt size based on its settings if different than its RealtimeVideoCaptureSource. Apply this wrapping for AV video sources as well as mock video sources. Test: fast/mediastream/mediastreamtrack-video-clone.html * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * platform/mediastream/MediaStreamTrackPrivate.cpp: (WebCore::MediaStreamTrackPrivate::clone): * platform/mediastream/RealtimeMediaSource.h: * platform/mediastream/RealtimeVideoCaptureSource.cpp: Added. (WebCore::RealtimeVideoCaptureSource::RealtimeVideoCaptureSource): (WebCore::RealtimeVideoCaptureSource::~RealtimeVideoCaptureSource): (WebCore::RealtimeVideoCaptureSource::prepareToProduceData): (WebCore::RealtimeVideoCaptureSource::presets): (WebCore::RealtimeVideoCaptureSource::setSupportedPresets): (WebCore::RealtimeVideoCaptureSource::standardVideoSizes): (WebCore::updateMinMax): (WebCore::RealtimeVideoCaptureSource::updateCapabilities): (WebCore::RealtimeVideoCaptureSource::supportsSizeAndFrameRate): (WebCore::RealtimeVideoCaptureSource::frameRateRangeIncludesRate): (WebCore::RealtimeVideoCaptureSource::presetSupportsFrameRate): (WebCore::RealtimeVideoCaptureSource::supportsCaptureSize): (WebCore::RealtimeVideoCaptureSource::shouldUsePreset): (WebCore::RealtimeVideoCaptureSource::bestSupportedSizeAndFrameRate): (WebCore::RealtimeVideoCaptureSource::setSizeAndFrameRate): (WebCore::RealtimeVideoCaptureSource::adaptVideoSample): (WebCore::RealtimeVideoCaptureSource::dispatchMediaSampleToObservers): (WebCore::RealtimeVideoCaptureSource::clientUpdatedSizeAndFrameRate): (WebCore::SizeAndFrameRate::toJSONObject const): (WebCore::SizeAndFrameRate::toJSONString const): * platform/mediastream/RealtimeVideoCaptureSource.h: Added. (WebCore::RealtimeVideoCaptureSource::sampleRotation const): (WebCore::RealtimeVideoCaptureSource::prefersPreset): (WebCore::RealtimeVideoCaptureSource::setFrameRateWithPreset): (WebCore::RealtimeVideoCaptureSource::canResizeVideoFrames const): (WebCore::RealtimeVideoCaptureSource::setDefaultSize): (WebCore::RealtimeVideoCaptureSource::observedFrameRate const): (WTF::LogArgument<WebCore::SizeAndFrameRate>::toString): * platform/mediastream/RealtimeVideoSource.cpp: (WebCore::RealtimeVideoSource::RealtimeVideoSource): (WebCore::m_source): (WebCore::RealtimeVideoSource::~RealtimeVideoSource): (WebCore::RealtimeVideoSource::startProducingData): (WebCore::RealtimeVideoSource::stopProducingData): (WebCore::RealtimeVideoSource::supportsSizeAndFrameRate): (WebCore::RealtimeVideoSource::setSizeAndFrameRate): (WebCore::RealtimeVideoSource::sourceMutedChanged): (WebCore::RealtimeVideoSource::sourceSettingsChanged): (WebCore::RealtimeVideoSource::preventSourceFromStopping): (WebCore::RealtimeVideoSource::sourceStopped): (WebCore::RealtimeVideoSource::videoSampleAvailable): (WebCore::RealtimeVideoSource::clone): * platform/mediastream/RealtimeVideoSource.h: * platform/mediastream/gstreamer/GStreamerVideoCaptureSource.cpp: (WebCore::GStreamerVideoCaptureSource::GStreamerVideoCaptureSource): * platform/mediastream/gstreamer/GStreamerVideoCaptureSource.h: * platform/mediastream/mac/AVVideoCaptureSource.h: * platform/mediastream/mac/AVVideoCaptureSource.mm: (WebCore::AVVideoCaptureSource::create): (WebCore::AVVideoCaptureSource::AVVideoCaptureSource): * platform/mediastream/mac/MockRealtimeVideoSourceMac.h: * platform/mediastream/mac/MockRealtimeVideoSourceMac.mm: (WebCore::MockRealtimeVideoSource::create): * platform/mock/MockRealtimeVideoSource.cpp: (WebCore::MockRealtimeVideoSource::create): (WebCore::MockRealtimeVideoSource::MockRealtimeVideoSource): (WebCore::MockRealtimeVideoSource::supportsSizeAndFrameRate): (WebCore::MockRealtimeVideoSource::setSizeAndFrameRate): * platform/mock/MockRealtimeVideoSource.h: 2019-06-20 Saam Barati <sbarati@apple.com> Unreviewed. More speculative build fixing for watchOS after r246631. * Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp: 2019-06-20 Saam Barati <sbarati@apple.com> Unreviewed. Speculative build fix for watchOS after r246631. * Modules/webgpu/WHLSL/WHLSLVisitor.cpp: 2019-06-18 Darin Adler <darin@apple.com> Tidy up the remaining bits of the AtomicString to AtomString rename https://bugs.webkit.org/show_bug.cgi?id=198990 Reviewed by Michael Catanzaro. * bindings/scripts/test/JS/JSTestObj.cpp: Updated names. * bindings/scripts/test/TestObj.idl: Ditto. * css/makeprop.pl: Updated comment. * css/makevalues.pl: Ditto. * html/FormController.cpp: (WebCore::FormKeyGenerator::formKey): Ditto. 2019-06-20 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Make the initial strut explicit https://bugs.webkit.org/show_bug.cgi?id=199057 <rdar://problem/51927864> Reviewed by Antti Koivisto. The strut always sets the initial vertical constraints on the new line in strict mode. However in quirks mode we can ignore it as long as there's no baseline type content on the line. * layout/inlineformatting/InlineFormattingContext.h: * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::InlineFormattingContext::LineLayout::placeInlineItems const): * layout/inlineformatting/InlineFormattingContextQuirks.cpp: (WebCore::Layout::InlineFormattingContext::Quirks::lineHeightConstraints): * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::appendTextContent): (WebCore::Layout::Line::appendHardLineBreak): (WebCore::Layout::Line::adjustBaselineAndLineHeight): * layout/inlineformatting/InlineLine.h: 2019-06-20 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Introduce Line::InitialConstraints https://bugs.webkit.org/show_bug.cgi?id=199056 <rdar://problem/51927597> Reviewed by Antti Koivisto. Line::InitialConstraints, as the name suggests, holds the initial constraint values for the new line. * layout/inlineformatting/InlineFormattingContext.h: * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::InlineFormattingContext::LineLayout::LineInput::LineInput): (WebCore::Layout::InlineFormattingContext::LineLayout::placeInlineItems const): (WebCore::Layout::InlineFormattingContext::LineLayout::layout const): (WebCore::Layout::InlineFormattingContext::LineLayout::computedIntrinsicWidth const): * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::Line): (WebCore::Layout::m_skipVerticalAligment): (WebCore::Layout::m_lineLogicalWidth): Deleted. * layout/inlineformatting/InlineLine.h: 2019-06-20 Carlos Garcia Campos <cgarcia@igalia.com> [GTK] Remove support for GTK2 plugins https://bugs.webkit.org/show_bug.cgi?id=199065 Reviewed by Sergio Villar Senin. * PlatformGTK.cmake: * SourcesGTK.txt: * SourcesWPE.txt: * platform/FreeType.cmake: * platform/SourcesGLib.txt: * platform/graphics/Color.h: * platform/graphics/PlatformDisplay.cpp: (WebCore::PlatformDisplay::createPlatformDisplay): * platform/graphics/gtk/ColorGtk.cpp: (WebCore::Color::operator GdkRGBA const): * platform/graphics/gtk/DisplayRefreshMonitorGtk.cpp: (WebCore::onFrameClockUpdate): (WebCore::DisplayRefreshMonitorGtk::requestRefreshCallback): * platform/graphics/gtk/DisplayRefreshMonitorGtk.h: (WebCore::DisplayRefreshMonitorGtk::create): * platform/graphics/gtk/GdkCairoUtilities.cpp: * platform/gtk/GRefPtrGtk.cpp: * platform/gtk/GRefPtrGtk.h: * platform/gtk/GtkVersioning.c: Removed. * platform/gtk/GtkVersioning.h: Removed. * platform/gtk/PasteboardHelper.cpp: (WebCore::PasteboardHelper::getClipboardContents): * platform/gtk/PlatformKeyboardEventGtk.cpp: (WebCore::modifiersForGdkKeyEvent): (WebCore::PlatformKeyboardEvent::PlatformKeyboardEvent): * platform/gtk/PlatformMouseEventGtk.cpp: (WebCore::PlatformMouseEvent::PlatformMouseEvent): * platform/gtk/PlatformScreenGtk.cpp: (WebCore::screenIsTouchPrimaryInputDevice): * platform/gtk/PlatformWheelEventGtk.cpp: (WebCore::PlatformWheelEvent::PlatformWheelEvent): * platform/gtk/ScrollbarThemeGtk.cpp: * platform/gtk/ScrollbarThemeGtk.h: * platform/gtk/WidgetGtk.cpp: * rendering/RenderThemeGtk.cpp: * rendering/RenderThemeGtk.h: 2019-06-19 Myles C. Maxfield <mmaxfield@apple.com> [WHLSL] Hook up common texture functions https://bugs.webkit.org/show_bug.cgi?id=198704 <rdar://problem/51668841> Reviewed by Saam Barati. This patch adds the Metal implementation of the Sample(), Load(), and GetDimensions() texture functions. The implementation simply performs string concatenation to produce the correct results, and adds many new native functions to the standard library. We can't zero-fill texture types or sampler types, so this patch forbids default constructors for those types. It also forbids those types to exist within arrays, array references, or pointers, becuase an out-of-bounds access may cause us to try to zero-fill them. Tests: webgpu/whlsl-textures-getdimensions.html webgpu/whlsl-textures-load.html webgpu/whlsl-textures-sample.html * Modules/webgpu/WHLSL/AST/WHLSLNativeTypeDeclaration.h: Add some more introspection functions so we can generate the necessary Metal functions for the appropriate texture types. (WebCore::WHLSL::AST::NativeTypeDeclaration::isAtomic const): (WebCore::WHLSL::AST::NativeTypeDeclaration::isTextureArray const): (WebCore::WHLSL::AST::NativeTypeDeclaration::isDepthTexture const): (WebCore::WHLSL::AST::NativeTypeDeclaration::isWritableTexture const): (WebCore::WHLSL::AST::NativeTypeDeclaration::textureDimension const): (WebCore::WHLSL::AST::NativeTypeDeclaration::setIsTextureArray): (WebCore::WHLSL::AST::NativeTypeDeclaration::setIsDepthTexture): (WebCore::WHLSL::AST::NativeTypeDeclaration::setIsWritableTexture): (WebCore::WHLSL::AST::NativeTypeDeclaration::setTextureDimension): (WebCore::WHLSL::AST::NativeTypeDeclaration::isAtom const): Deleted. * Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.cpp: Native types can be passed into entry points, too. (WebCore::WHLSL::Metal::EntryPointScaffolding::resourceHelperTypes): * Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp: Entry points that return void don't need a semantic. (WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit): * Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp: Implement the functions. (WebCore::WHLSL::Metal::vectorLength): (WebCore::WHLSL::Metal::vectorInnerType): (WebCore::WHLSL::Metal::vectorSuffix): (WebCore::WHLSL::Metal::writeNativeFunction): * Modules/webgpu/WHLSL/Metal/WHLSLNativeTypeWriter.cpp: Textures come in two flavors: sample-able and read/write-able. Make sure we produce the correct Metal types for them. (WebCore::WHLSL::Metal::writeNativeType): * Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.cpp: We can't auto-initialize textures and samplers. Therefore, this function needs to be able to fail. (WebCore::WHLSL::AutoInitialize::visit): (WebCore::WHLSL::autoInitializeVariables): * Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.h: * Modules/webgpu/WHLSL/WHLSLCheckDuplicateFunctions.cpp: We can't auto-initialize textures, so users shouldn't be able to either. (WebCore::WHLSL::checkDuplicateFunctions): * Modules/webgpu/WHLSL/WHLSLCheckTextureReferences.cpp: Added. Make sure textures and samplers can't exist inside arrays, array references, or pointers. This is because out-of-bounds accesses may cause us to attempt to zero-fill the inner type, but we can't zero-fill textures and samplers. (WebCore::WHLSL::TextureReferencesChecker::TextureReferencesChecker): (WebCore::WHLSL::Searcher::Searcher): (WebCore::WHLSL::Searcher::found const): (WebCore::WHLSL::Searcher::visit): (WebCore::WHLSL::TextureReferencesChecker::containsTextureOrSampler): (WebCore::WHLSL::TextureReferencesChecker::visit): (WebCore::WHLSL::checkTextureReferences): * Modules/webgpu/WHLSL/WHLSLCheckTextureReferences.h: Copied from Source/WebCore/Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.h. * Modules/webgpu/WHLSL/WHLSLChecker.cpp: * Modules/webgpu/WHLSL/WHLSLIntrinsics.cpp: Record more detailed information about texture types, so we can emit correct Metal code. (WebCore::WHLSL::Intrinsics::addFullTexture): (WebCore::WHLSL::Intrinsics::addDepthTexture): * Modules/webgpu/WHLSL/WHLSLIntrinsics.h: (WebCore::WHLSL::Intrinsics::WTF_ARRAY_LENGTH): * Modules/webgpu/WHLSL/WHLSLNameResolver.cpp: Nested NameResolvers need to propagate their error. Also, native functions with named arguments shouldn't be adding their arguments to the global scope. (WebCore::WHLSL::NameResolver::visit): * Modules/webgpu/WHLSL/WHLSLNameResolver.h: * Modules/webgpu/WHLSL/WHLSLPrepare.cpp: (WebCore::WHLSL::prepareShared): * Modules/webgpu/WHLSL/WHLSLProgram.h: (WebCore::WHLSL::Program::intrinsics const): * Modules/webgpu/WHLSL/WHLSLRecursiveTypeChecker.cpp: * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: Metal doesn't have writable depth textures. * Modules/webgpu/WHLSL/WHLSLSynthesizeArrayOperatorLength.cpp: * Modules/webgpu/WHLSL/WHLSLSynthesizeConstructors.cpp: Don't generate default constructors for textures or samplers. (WebCore::WHLSL::synthesizeConstructors): * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * platform/graphics/gpu/GPUTexture.h: Make texture usages more clear. (WebCore::GPUTexture::isSampled const): (WebCore::GPUTexture::isStorage const): * platform/graphics/gpu/cocoa/GPUBindGroupMetal.mm: Ditto. (WebCore::GPUBindGroup::tryCreate): * platform/graphics/gpu/cocoa/GPUProgrammablePassEncoderMetal.mm: Ditto. (WebCore::GPUProgrammablePassEncoder::setBindGroup): * platform/graphics/gpu/cocoa/GPUTextureMetal.mm: Ditto. (WebCore::mtlTextureUsageForGPUTextureUsageFlags): 2019-06-19 Justin Fan <justin_fan@apple.com> [WHLSL] Create a shading language test harness https://bugs.webkit.org/show_bug.cgi?id=198978 Reviewed by Myles C. Maxfield. When creating MTLArgumentEncoders for argument buffers, the user's arguments must match the order that they are declared in the shader. Move back-end information such as buffer lengths to the end of the argument arrays. Test: webgpu/whlsl-harness-test.html * Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.cpp: (WebCore::WHLSL::Metal::EntryPointScaffolding::resourceHelperTypes): * platform/graphics/gpu/cocoa/GPUBindGroupLayoutMetal.mm: (WebCore::GPUBindGroupLayout::tryCreate): 2019-06-19 Saam Barati <sbarati@apple.com> [WHLSL] The checker needs to resolve types for the anonymous variables in ReadModifyWrite expressions https://bugs.webkit.org/show_bug.cgi?id=198988 Reviewed by Dean Jackson and Myles C. Maxfield. This patch makes it so that the Checker assigns types to the internal variables in a read modify write expression. These were the only variables that didn't have types ascribed to them. This patch also does a fly by fix where we kept pointers to value types in a HashMap in the checker. This is wrong precisely when the HashMap gets resized. Instead, we now just store the value itself since we're just dealing with a simple Variant that wraps either an empty struct or an enum. Test: webgpu/whlsl-checker-should-set-type-of-read-modify-write-variables.html * Modules/webgpu/WHLSL/AST/WHLSLVariableDeclaration.h: (WebCore::WHLSL::AST::VariableDeclaration::setType): (WebCore::WHLSL::AST::VariableDeclaration::type const): * Modules/webgpu/WHLSL/WHLSLASTDumper.cpp: Make it obvious that read modify write expressions are such by prefixing them with "RMW". (WebCore::WHLSL::ASTDumper::visit): * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::Checker::visit): 2019-06-19 Devin Rousso <drousso@apple.com> Web Inspector: Network: replace CFNetwork SPI with new API where able https://bugs.webkit.org/show_bug.cgi?id=198762 Reviewed by Timothy Hatcher. * platform/network/NetworkLoadMetrics.h: 2019-06-19 Jer Noble <jer.noble@apple.com> iOS 12.2 Drawing portrait video to canvas is sideways https://bugs.webkit.org/show_bug.cgi?id=196772 <rdar://problem/49781802> Reviewed by Eric Carlson. Test: media/video-orientation-canvas.html Move rotation code into its own ImageRotationSessionVT class for re-use across all existing classes with rotation operations. Should slightly increase performance for painting rotated media files, as the rotation only occurs once per frame, rather than once per drawing operation. * WebCore.xcodeproj/project.pbxproj: * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.h: (WebCore::ImageDecoderAVFObjC::RotationProperties::isIdentity const): Deleted. * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.mm: (WebCore::ImageDecoderAVFObjC::readTrackMetadata): (WebCore::ImageDecoderAVFObjC::storeSampleBuffer): (WebCore::ImageDecoderAVFObjC::setTrack): (WebCore::transformToRotationProperties): Deleted. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateLastPixelBuffer): (WebCore::MediaPlayerPrivateAVFoundationObjC::paintWithVideoOutput): * platform/graphics/cv/ImageRotationSessionVT.h: Added. (WebCore::ImageRotationSessionVT::RotationProperties::isIdentity const): (WebCore::ImageRotationSessionVT::rotationProperties const): (WebCore::ImageRotationSessionVT::rotatedSize): * platform/graphics/cv/ImageRotationSessionVT.mm: Added. (WebCore::transformToRotationProperties): (WebCore::ImageRotationSessionVT::ImageRotationSessionVT): (WebCore::ImageRotationSessionVT::rotate): * platform/mediastream/mac/RealtimeOutgoingVideoSourceCocoa.cpp: * platform/mediastream/mac/RealtimeOutgoingVideoSourceCocoa.h: * platform/mediastream/mac/RealtimeOutgoingVideoSourceCocoa.mm: (WebCore::rotationToAngle): (WebCore::RealtimeOutgoingVideoSourceCocoa::rotatePixelBuffer): (WebCore::computeRotatedWidthAndHeight): Deleted. 2019-06-19 Simon Fraser <simon.fraser@apple.com> REGRESSION (246538): Newyorker.com header scrolls on page Revert parts of r246538 so that frame scrolling is reverted to using layer positions. Overflow scroll will still scroll by changing boundsOrigin. The bug was caused by confusion about insetClipLayer and scrollContainerLayer; macOS positions the clip layer using FrameView::yPositionForInsetClipLayer(), so it's not just a simple scroll container, and this change broke positioning for fixed position layers. * page/scrolling/AsyncScrollingCoordinator.cpp: (WebCore::AsyncScrollingCoordinator::reconcileScrollPosition): * page/scrolling/ScrollingCoordinator.cpp: (WebCore::ScrollingCoordinator::insetClipLayerForFrameView): * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm: (WebCore::ScrollingTreeFrameScrollingNodeMac::repositionScrollingLayers): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::~RenderLayerCompositor): (WebCore::RenderLayerCompositor::frameViewDidChangeSize): (WebCore::RenderLayerCompositor::updateScrollLayerPosition): (WebCore::RenderLayerCompositor::updateScrollLayerClipping): (WebCore::RenderLayerCompositor::frameViewDidScroll): (WebCore::RenderLayerCompositor::updateRootLayerPosition): (WebCore::RenderLayerCompositor::updateOverflowControlsLayers): (WebCore::RenderLayerCompositor::ensureRootLayer): (WebCore::RenderLayerCompositor::destroyRootLayer): (WebCore::RenderLayerCompositor::updateScrollingNodeLayers): (WebCore::RenderLayerCompositor::updateLayersForScrollPosition): Deleted. (WebCore::RenderLayerCompositor::updateScrollContainerGeometry): Deleted. * rendering/RenderLayerCompositor.h: 2019-06-19 Adrian Perez de Castro <aperez@igalia.com> [WPE][GTK] Fix build with unified sources disabled https://bugs.webkit.org/show_bug.cgi?id=198752 Reviewed by Michael Catanzaro. No new tests needed. * Modules/indexeddb/server/UniqueIDBDatabase.h: Add missing forward declaration for IDBGetRecordData, replace inclusion of UniqueIDBDatabaseConnection.h with a forward declaration. * Modules/indexeddb/server/UniqueIDBDatabaseConnection.h: Remove unneeded inclusion of UniqueIDBDatabaseTransaction.h, add missing inclusion of UniqueIDBDatabase.h * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h: Remove unneeded inclusion of UniqueIDBDatabaseConnection.h inclusion. * bridge/c/c_class.cpp: Add inclusion of JSCJSValueInlines.h to avoid linker errors due to missing JSValue inline functions. * dom/DocumentParser.h: Replace forward declaration of Document with inclusion of Document.h, to avoid error due to usage of incomplete type in template expansion. * dom/Microtasks.h: Add missing forward declaration of JSC::VM * editing/markup.cpp: Add missing inclusion of PasteboardItemInfo.h * page/Quirks.h: Add missing forward declaration of WebCore::EventTarget * page/RuntimeEnabledFeatures.h: Add missing inclusion of wtf/Optional.h to avoid error due to expansion of undefined template. * page/SocketProvider.h: Add missing forward declaration for Document. * platform/graphics/GraphicsLayerClient.h: Add missing inclusion of wtf/OptionSet.h to avoid error due to expansion of undefined template. * rendering/RenderMultiColumnSpannerPlaceholder.h: Replace forward declaration of RenderMultiColumnFlow with inclusion of RenderMultiColumnFlow.h to avoid error due to usage of undefined class. 2019-06-19 Antti Koivisto <antti@apple.com> RequestedScrollPosition shouldn't be applied after node reattach https://bugs.webkit.org/show_bug.cgi?id=198994 <rdar://problem/51439685> Reviewed by Simon Fraser. Test: scrollingcoordinator/ios/scroll-position-after-reattach.html If a scrolling node gets reattached, its scroll position resets to (0,0) or whatever the previous requestedScrollPosition was, and the current position is lost. * page/scrolling/ScrollingStateFixedNode.cpp: (WebCore::ScrollingStateFixedNode::setPropertyChangedBitsAfterReattach): (WebCore::ScrollingStateFixedNode::setAllPropertiesChanged): Deleted. Rename to better reflect what this is for. * page/scrolling/ScrollingStateFixedNode.h: * page/scrolling/ScrollingStateFrameHostingNode.cpp: (WebCore::ScrollingStateFrameHostingNode::setPropertyChangedBitsAfterReattach): (WebCore::ScrollingStateFrameHostingNode::setAllPropertiesChanged): Deleted. * page/scrolling/ScrollingStateFrameHostingNode.h: * page/scrolling/ScrollingStateFrameScrollingNode.cpp: (WebCore::ScrollingStateFrameScrollingNode::setPropertyChangedBitsAfterReattach): (WebCore::ScrollingStateFrameScrollingNode::setAllPropertiesChanged): Deleted. * page/scrolling/ScrollingStateFrameScrollingNode.h: * page/scrolling/ScrollingStateNode.cpp: (WebCore::ScrollingStateNode::setPropertyChangedBitsAfterReattach): (WebCore::ScrollingStateNode::setAllPropertiesChanged): Deleted. * page/scrolling/ScrollingStateNode.h: * page/scrolling/ScrollingStatePositionedNode.cpp: (WebCore::ScrollingStatePositionedNode::setPropertyChangedBitsAfterReattach): (WebCore::ScrollingStatePositionedNode::setAllPropertiesChanged): Deleted. * page/scrolling/ScrollingStatePositionedNode.h: * page/scrolling/ScrollingStateScrollingNode.cpp: (WebCore::ScrollingStateScrollingNode::setPropertyChangedBitsAfterReattach): Don't set RequestedScrollPosition. It is a special property that is applied only once on request and shouldn't get reapplied. Nodes should keep their existing scroll position on reattach. (WebCore::ScrollingStateScrollingNode::setAllPropertiesChanged): Deleted. * page/scrolling/ScrollingStateScrollingNode.h: * page/scrolling/ScrollingStateStickyNode.cpp: (WebCore::ScrollingStateStickyNode::setPropertyChangedBitsAfterReattach): (WebCore::ScrollingStateStickyNode::setAllPropertiesChanged): Deleted. * page/scrolling/ScrollingStateStickyNode.h: * page/scrolling/ScrollingStateTree.cpp: (WebCore::ScrollingStateTree::nodeWasReattachedRecursive): 2019-06-18 Saam Barati <sbarati@apple.com> [WHLSL] Support matrices https://bugs.webkit.org/show_bug.cgi?id=198876 <rdar://problem/51768882> Reviewed by Dean Jackson and Myles Maxfield. This patch adds in support for matrices to WHLSL. Most matrix related code is defined by the standard library. This patch just needed to add support for the native functions operator[] and operator[]= on matrix types. The only native functions that are named operator[] and operator[]= are for matrix operations, so we strongly assume when generating code for native operator[] and operator[]= that we're dealing with matrix types. operator[]= ignores the write if the index is out of bounds. operator[] returns a zeroed vector if the index is out of bounds. This patch also incorporates two bug fixes: 1. This patch takes Robin's patch in https://bugs.webkit.org/show_bug.cgi?id=198313 to ensure we don't have pointers to values in a hash map. This was needed in this patch otherwise we'd crash parsing the standard library. 2. This patch fixes how we handle "break" in metal codegen. When I first implemented break, I strongly assumed we were in a loop. However, break can be either from a loop or from switch. This patch teaches the metal code generator to track which context we're in and to emit code accordingly. Tests: webgpu/whlsl-matrix-2.html webgpu/whlsl-matrix.html * Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp: (WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit): (WebCore::WHLSL::Metal::FunctionDefinitionWriter::emitLoop): * Modules/webgpu/WHLSL/Metal/WHLSLMetalCodeGenerator.cpp: (WebCore::WHLSL::Metal::generateMetalCodeShared): * Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp: (WebCore::WHLSL::Metal::writeNativeFunction): * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::Checker::assignTypes): (WebCore::WHLSL::Checker::getInfo): (WebCore::WHLSL::Checker::assignType): (WebCore::WHLSL::Checker::forwardType): * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: 2019-06-18 Yusuke Suzuki <ysuzuki@apple.com> [JSC] JSLock should be WebThread aware https://bugs.webkit.org/show_bug.cgi?id=198911 Reviewed by Geoffrey Garen. * bindings/js/CommonVM.cpp: (WebCore::commonVMSlow): 2019-06-18 Joseph Pecoraro <pecoraro@apple.com> WebSocketDeflater uses an unnecessarily constrained compression memory level https://bugs.webkit.org/show_bug.cgi?id=198973 Reviewed by Alex Christensen. * Modules/websockets/WebSocketDeflater.cpp: Set the memLevel to the deflateInit2 default value, not a minimum value. 2019-06-18 Keith Miller <keith_miller@apple.com> Add support for WeakRef https://bugs.webkit.org/show_bug.cgi?id=198710 Reviewed by Yusuke Suzuki. We need to make sure the Web MicrotaskQueue notifies the JSC VM that it has finished performing a microtask checkpoint. This lets the JSC VM know it is safe to collect referenced WeakRefs. Since there was no way to get the VM from the MicrotaskQueue I have added a RefPtr to the queue's VM. For the main thread the VM lives forever so is fine. For workers the queue and the VM share an owner so this shouldn't matter either. Tests: js/weakref-async-is-collected.html js/weakref-eventually-collects-values.html js/weakref-microtasks-dont-collect.html js/weakref-weakset-consistency.html * dom/Microtasks.cpp: (WebCore::MicrotaskQueue::MicrotaskQueue): (WebCore::MicrotaskQueue::mainThreadQueue): (WebCore::MicrotaskQueue::performMicrotaskCheckpoint): * dom/Microtasks.h: (WebCore::MicrotaskQueue::vm const): * workers/WorkerGlobalScope.cpp: (WebCore::WorkerGlobalScope::WorkerGlobalScope): 2019-06-18 Kenneth Russell <kbr@chromium.org> Add preliminary ANGLE backend to WebCore https://bugs.webkit.org/show_bug.cgi?id=197755 Reviewed by Dean Jackson. Add new files supplying an ANGLE version of GraphicsContext3D and Extensions3D, conditionalized under USE_ANGLE. Update Xcode project to build these files. This option compiles and links successfully. FIXMEs remain in several common files which will be addressed in subsequent patches. This work will be tested with the preexisting WebGL conformance suite. * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: * platform/graphics/ANGLEWebKitBridge.h: * platform/graphics/GraphicsContext3D.h: * platform/graphics/GraphicsContext3DManager.cpp: (WebCore::GraphicsContext3DManager::updateAllContexts): (WebCore::GraphicsContext3DManager::updateHighPerformanceState): (WebCore::GraphicsContext3DManager::disableHighPerformanceGPUTimerFired): * platform/graphics/angle/Extensions3DANGLE.cpp: Copied from Source/WebCore/platform/graphics/opengl/Extensions3DOpenGLCommon.cpp. (WebCore::Extensions3DANGLE::Extensions3DANGLE): (WebCore::Extensions3DANGLE::supports): (WebCore::Extensions3DANGLE::ensureEnabled): (WebCore::Extensions3DANGLE::isEnabled): (WebCore::Extensions3DANGLE::getGraphicsResetStatusARB): (WebCore::Extensions3DANGLE::getTranslatedShaderSourceANGLE): (WebCore::Extensions3DANGLE::initializeAvailableExtensions): (WebCore::Extensions3DANGLE::readnPixelsEXT): (WebCore::Extensions3DANGLE::getnUniformfvEXT): (WebCore::Extensions3DANGLE::getnUniformivEXT): (WebCore::Extensions3DANGLE::blitFramebuffer): (WebCore::Extensions3DANGLE::renderbufferStorageMultisample): (WebCore::Extensions3DANGLE::createVertexArrayOES): (WebCore::Extensions3DANGLE::deleteVertexArrayOES): (WebCore::Extensions3DANGLE::isVertexArrayOES): (WebCore::Extensions3DANGLE::bindVertexArrayOES): (WebCore::Extensions3DANGLE::insertEventMarkerEXT): (WebCore::Extensions3DANGLE::pushGroupMarkerEXT): (WebCore::Extensions3DANGLE::popGroupMarkerEXT): (WebCore::Extensions3DANGLE::supportsExtension): (WebCore::Extensions3DANGLE::drawBuffersEXT): (WebCore::Extensions3DANGLE::drawArraysInstanced): (WebCore::Extensions3DANGLE::drawElementsInstanced): (WebCore::Extensions3DANGLE::vertexAttribDivisor): (WebCore::Extensions3DANGLE::getExtensions): * platform/graphics/angle/Extensions3DANGLE.h: Added. * platform/graphics/angle/GraphicsContext3DANGLE.cpp: Copied from Source/WebCore/platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp. (WebCore::GraphicsContext3D::releaseShaderCompiler): (WebCore::wipeAlphaChannelFromPixels): (WebCore::GraphicsContext3D::readPixelsAndConvertToBGRAIfNecessary): (WebCore::GraphicsContext3D::validateAttributes): (WebCore::GraphicsContext3D::reshapeFBOs): (WebCore::GraphicsContext3D::attachDepthAndStencilBufferIfNeeded): (WebCore::GraphicsContext3D::resolveMultisamplingIfNecessary): (WebCore::GraphicsContext3D::renderbufferStorage): (WebCore::GraphicsContext3D::getIntegerv): (WebCore::GraphicsContext3D::getShaderPrecisionFormat): (WebCore::GraphicsContext3D::texImage2D): (WebCore::GraphicsContext3D::depthRange): (WebCore::GraphicsContext3D::clearDepth): (WebCore::GraphicsContext3D::getExtensions): (WebCore::GraphicsContext3D::readPixels): (WebCore::setCurrentNameHashMapForShader): (WebCore::nameHashForShader): (WebCore::GraphicsContext3D::validateDepthStencil): (WebCore::GraphicsContext3D::paintRenderingResultsToCanvas): (WebCore::GraphicsContext3D::paintCompositedResultsToCanvas): (WebCore::GraphicsContext3D::paintRenderingResultsToImageData): (WebCore::GraphicsContext3D::prepareTexture): (WebCore::GraphicsContext3D::readRenderingResults): (WebCore::GraphicsContext3D::reshape): (WebCore::GraphicsContext3D::checkVaryingsPacking const): (WebCore::GraphicsContext3D::precisionsMatch const): (WebCore::GraphicsContext3D::getInternalFramebufferSize const): (WebCore::GraphicsContext3D::activeTexture): (WebCore::GraphicsContext3D::attachShader): (WebCore::GraphicsContext3D::bindAttribLocation): (WebCore::GraphicsContext3D::bindBuffer): (WebCore::GraphicsContext3D::bindFramebuffer): (WebCore::GraphicsContext3D::bindRenderbuffer): (WebCore::GraphicsContext3D::bindTexture): (WebCore::GraphicsContext3D::blendColor): (WebCore::GraphicsContext3D::blendEquation): (WebCore::GraphicsContext3D::blendEquationSeparate): (WebCore::GraphicsContext3D::blendFunc): (WebCore::GraphicsContext3D::blendFuncSeparate): (WebCore::GraphicsContext3D::bufferData): (WebCore::GraphicsContext3D::bufferSubData): (WebCore::GraphicsContext3D::mapBufferRange): (WebCore::GraphicsContext3D::unmapBuffer): (WebCore::GraphicsContext3D::copyBufferSubData): (WebCore::GraphicsContext3D::getInternalformativ): (WebCore::GraphicsContext3D::renderbufferStorageMultisample): (WebCore::GraphicsContext3D::texStorage2D): (WebCore::GraphicsContext3D::texStorage3D): (WebCore::GraphicsContext3D::getActiveUniforms): (WebCore::GraphicsContext3D::checkFramebufferStatus): (WebCore::GraphicsContext3D::clearColor): (WebCore::GraphicsContext3D::clear): (WebCore::GraphicsContext3D::clearStencil): (WebCore::GraphicsContext3D::colorMask): (WebCore::GraphicsContext3D::compileShader): (WebCore::GraphicsContext3D::compileShaderDirect): (WebCore::GraphicsContext3D::copyTexImage2D): (WebCore::GraphicsContext3D::copyTexSubImage2D): (WebCore::GraphicsContext3D::cullFace): (WebCore::GraphicsContext3D::depthFunc): (WebCore::GraphicsContext3D::depthMask): (WebCore::GraphicsContext3D::detachShader): (WebCore::GraphicsContext3D::disable): (WebCore::GraphicsContext3D::disableVertexAttribArray): (WebCore::GraphicsContext3D::drawArrays): (WebCore::GraphicsContext3D::drawElements): (WebCore::GraphicsContext3D::enable): (WebCore::GraphicsContext3D::enableVertexAttribArray): (WebCore::GraphicsContext3D::finish): (WebCore::GraphicsContext3D::flush): (WebCore::GraphicsContext3D::framebufferRenderbuffer): (WebCore::GraphicsContext3D::framebufferTexture2D): (WebCore::GraphicsContext3D::frontFace): (WebCore::GraphicsContext3D::generateMipmap): (WebCore::GraphicsContext3D::getActiveAttribImpl): (WebCore::GraphicsContext3D::getActiveAttrib): (WebCore::GraphicsContext3D::getActiveUniformImpl): (WebCore::GraphicsContext3D::getActiveUniform): (WebCore::GraphicsContext3D::getAttachedShaders): (WebCore::generateHashedName): (WebCore::GraphicsContext3D::mappedSymbolInShaderSourceMap): (WebCore::GraphicsContext3D::mappedSymbolName): (WebCore::GraphicsContext3D::originalSymbolInShaderSourceMap): (WebCore::GraphicsContext3D::originalSymbolName): (WebCore::GraphicsContext3D::getAttribLocation): (WebCore::GraphicsContext3D::getAttribLocationDirect): (WebCore::GraphicsContext3D::getContextAttributes): (WebCore::GraphicsContext3D::moveErrorsToSyntheticErrorList): (WebCore::GraphicsContext3D::getError): (WebCore::GraphicsContext3D::getString): (WebCore::GraphicsContext3D::hint): (WebCore::GraphicsContext3D::isBuffer): (WebCore::GraphicsContext3D::isEnabled): (WebCore::GraphicsContext3D::isFramebuffer): (WebCore::GraphicsContext3D::isProgram): (WebCore::GraphicsContext3D::isRenderbuffer): (WebCore::GraphicsContext3D::isShader): (WebCore::GraphicsContext3D::isTexture): (WebCore::GraphicsContext3D::lineWidth): (WebCore::GraphicsContext3D::linkProgram): (WebCore::GraphicsContext3D::pixelStorei): (WebCore::GraphicsContext3D::polygonOffset): (WebCore::GraphicsContext3D::sampleCoverage): (WebCore::GraphicsContext3D::scissor): (WebCore::GraphicsContext3D::shaderSource): (WebCore::GraphicsContext3D::stencilFunc): (WebCore::GraphicsContext3D::stencilFuncSeparate): (WebCore::GraphicsContext3D::stencilMask): (WebCore::GraphicsContext3D::stencilMaskSeparate): (WebCore::GraphicsContext3D::stencilOp): (WebCore::GraphicsContext3D::stencilOpSeparate): (WebCore::GraphicsContext3D::texParameterf): (WebCore::GraphicsContext3D::texParameteri): (WebCore::GraphicsContext3D::uniform1f): (WebCore::GraphicsContext3D::uniform1fv): (WebCore::GraphicsContext3D::uniform2f): (WebCore::GraphicsContext3D::uniform2fv): (WebCore::GraphicsContext3D::uniform3f): (WebCore::GraphicsContext3D::uniform3fv): (WebCore::GraphicsContext3D::uniform4f): (WebCore::GraphicsContext3D::uniform4fv): (WebCore::GraphicsContext3D::uniform1i): (WebCore::GraphicsContext3D::uniform1iv): (WebCore::GraphicsContext3D::uniform2i): (WebCore::GraphicsContext3D::uniform2iv): (WebCore::GraphicsContext3D::uniform3i): (WebCore::GraphicsContext3D::uniform3iv): (WebCore::GraphicsContext3D::uniform4i): (WebCore::GraphicsContext3D::uniform4iv): (WebCore::GraphicsContext3D::uniformMatrix2fv): (WebCore::GraphicsContext3D::uniformMatrix3fv): (WebCore::GraphicsContext3D::uniformMatrix4fv): (WebCore::GraphicsContext3D::useProgram): (WebCore::GraphicsContext3D::validateProgram): (WebCore::GraphicsContext3D::vertexAttrib1f): (WebCore::GraphicsContext3D::vertexAttrib1fv): (WebCore::GraphicsContext3D::vertexAttrib2f): (WebCore::GraphicsContext3D::vertexAttrib2fv): (WebCore::GraphicsContext3D::vertexAttrib3f): (WebCore::GraphicsContext3D::vertexAttrib3fv): (WebCore::GraphicsContext3D::vertexAttrib4f): (WebCore::GraphicsContext3D::vertexAttrib4fv): (WebCore::GraphicsContext3D::vertexAttribPointer): (WebCore::GraphicsContext3D::viewport): (WebCore::GraphicsContext3D::createVertexArray): (WebCore::GraphicsContext3D::deleteVertexArray): (WebCore::GraphicsContext3D::isVertexArray): (WebCore::GraphicsContext3D::bindVertexArray): (WebCore::GraphicsContext3D::getBooleanv): (WebCore::GraphicsContext3D::getBufferParameteriv): (WebCore::GraphicsContext3D::getFloatv): (WebCore::GraphicsContext3D::getInteger64v): (WebCore::GraphicsContext3D::getFramebufferAttachmentParameteriv): (WebCore::GraphicsContext3D::getProgramiv): (WebCore::GraphicsContext3D::getNonBuiltInActiveSymbolCount): (WebCore::GraphicsContext3D::getUnmangledInfoLog): (WebCore::GraphicsContext3D::getProgramInfoLog): (WebCore::GraphicsContext3D::getRenderbufferParameteriv): (WebCore::GraphicsContext3D::getShaderiv): (WebCore::GraphicsContext3D::getShaderInfoLog): (WebCore::GraphicsContext3D::getShaderSource): (WebCore::GraphicsContext3D::getTexParameterfv): (WebCore::GraphicsContext3D::getTexParameteriv): (WebCore::GraphicsContext3D::getUniformfv): (WebCore::GraphicsContext3D::getUniformiv): (WebCore::GraphicsContext3D::getUniformLocation): (WebCore::GraphicsContext3D::getVertexAttribfv): (WebCore::GraphicsContext3D::getVertexAttribiv): (WebCore::GraphicsContext3D::getVertexAttribOffset): (WebCore::GraphicsContext3D::texSubImage2D): (WebCore::GraphicsContext3D::compressedTexImage2D): (WebCore::GraphicsContext3D::compressedTexSubImage2D): (WebCore::GraphicsContext3D::createBuffer): (WebCore::GraphicsContext3D::createFramebuffer): (WebCore::GraphicsContext3D::createProgram): (WebCore::GraphicsContext3D::createRenderbuffer): (WebCore::GraphicsContext3D::createShader): (WebCore::GraphicsContext3D::createTexture): (WebCore::GraphicsContext3D::deleteBuffer): (WebCore::GraphicsContext3D::deleteFramebuffer): (WebCore::GraphicsContext3D::deleteProgram): (WebCore::GraphicsContext3D::deleteRenderbuffer): (WebCore::GraphicsContext3D::deleteShader): (WebCore::GraphicsContext3D::deleteTexture): (WebCore::GraphicsContext3D::synthesizeGLError): (WebCore::GraphicsContext3D::markContextChanged): (WebCore::GraphicsContext3D::markLayerComposited): (WebCore::GraphicsContext3D::layerComposited const): (WebCore::GraphicsContext3D::forceContextLost): (WebCore::GraphicsContext3D::recycleContext): (WebCore::GraphicsContext3D::dispatchContextChangedNotification): (WebCore::GraphicsContext3D::texImage2DDirect): (WebCore::GraphicsContext3D::drawArraysInstanced): (WebCore::GraphicsContext3D::drawElementsInstanced): (WebCore::GraphicsContext3D::vertexAttribDivisor): * platform/graphics/angle/TemporaryANGLESetting.cpp: Added. (WebCore::TemporaryANGLESetting::TemporaryANGLESetting): (WebCore::TemporaryANGLESetting::~TemporaryANGLESetting): * platform/graphics/angle/TemporaryANGLESetting.h: Added. * platform/graphics/cocoa/GraphicsContext3DCocoa.mm: (WebCore::GraphicsContext3D::GraphicsContext3D): (WebCore::GraphicsContext3D::~GraphicsContext3D): (WebCore::GraphicsContext3D::makeContextCurrent): (WebCore::GraphicsContext3D::checkGPUStatus): (WebCore::GraphicsContext3D::screenDidChange): * platform/graphics/cocoa/WebGLLayer.h: * platform/graphics/cocoa/WebGLLayer.mm: (-[WebGLLayer display]): * platform/graphics/cv/TextureCacheCV.mm: (WebCore::TextureCacheCV::create): (WebCore::TextureCacheCV::textureFromImage): * platform/graphics/cv/VideoTextureCopierCV.cpp: (WebCore::enumToStringMap): (WebCore::VideoTextureCopierCV::initializeContextObjects): (WebCore::VideoTextureCopierCV::initializeUVContextObjects): (WebCore::VideoTextureCopierCV::copyImageToPlatformTexture): (WebCore::VideoTextureCopierCV::copyVideoTextureToPlatformTexture): * platform/graphics/opengl/Extensions3DOpenGL.cpp: * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp: * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp: * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp: * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp: 2019-06-18 Saam Barati <sbarati@apple.com> [WHLSL] Do not generate duplicate constructors/copy constructors in synthesizeConstructors https://bugs.webkit.org/show_bug.cgi?id=198580 Reviewed by Robin Morisset. Prior to this patch, we were generating duplicate constructors for unnamed types. This is bad for two reasons: 1. It's inefficient, since we'd generate a constructor for every place in the AST where we'd visit this unnamed type. 2. It made it impossible to resolve function overloads to call the default constructor. This made it so that the autoInitializeVariables pass would crash if we ever generated more than one of these functions for the same type. To make this work, this patch splits up what used to be the resolveNamesInFunctions pass. Previously, this pass would both resolve calls and resolve type names. Synthesize constructors would run before this, since resolving calls meant we may resolve a call to one of these synthesized constructors. However, synthesize constructors now needs to test for the equality unnamed types, so it now requires running the type resolution part of resolveNamesInFunctions before it runs. This patch splits resolveNamesInFunctions into two parts: resolveTypeNamesInFunctions and resolveCallsInFunctions. So we used to run: synthesizeConstructors resolveNamesInFunctions And now we run: resolveTypeNamesInFunctions synthesizeConstructors resolveCallsInFunctions Test: webgpu/whlsl-duplicate-types-should-not-produce-duplicate-ctors.html * Modules/webgpu/WHLSL/AST/WHLSLArrayReferenceType.h: * Modules/webgpu/WHLSL/AST/WHLSLArrayType.h: * Modules/webgpu/WHLSL/AST/WHLSLBooleanLiteral.h: (WebCore::WHLSL::AST::BooleanLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLEnumerationMemberLiteral.h: (WebCore::WHLSL::AST::EnumerationMemberLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLExpression.h: (WebCore::WHLSL::AST::Expression::copyTypeTo const): * Modules/webgpu/WHLSL/AST/WHLSLFloatLiteral.h: (WebCore::WHLSL::AST::FloatLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLFloatLiteralType.cpp: (WebCore::WHLSL::AST::FloatLiteralType::clone const): * Modules/webgpu/WHLSL/AST/WHLSLFloatLiteralType.h: * Modules/webgpu/WHLSL/AST/WHLSLIntegerLiteral.h: (WebCore::WHLSL::AST::IntegerLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLIntegerLiteralType.cpp: (WebCore::WHLSL::AST::IntegerLiteralType::clone const): * Modules/webgpu/WHLSL/AST/WHLSLIntegerLiteralType.h: * Modules/webgpu/WHLSL/AST/WHLSLNullLiteral.h: (WebCore::WHLSL::AST::NullLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLPointerType.h: * Modules/webgpu/WHLSL/AST/WHLSLTypeReference.h: * Modules/webgpu/WHLSL/AST/WHLSLUnnamedType.h: * Modules/webgpu/WHLSL/AST/WHLSLUnsignedIntegerLiteral.h: (WebCore::WHLSL::AST::UnsignedIntegerLiteral::clone const): * Modules/webgpu/WHLSL/AST/WHLSLUnsignedIntegerLiteralType.cpp: (WebCore::WHLSL::AST::UnsignedIntegerLiteralType::clone const): * Modules/webgpu/WHLSL/AST/WHLSLUnsignedIntegerLiteralType.h: * Modules/webgpu/WHLSL/WHLSLASTDumper.h: * Modules/webgpu/WHLSL/WHLSLInferTypes.cpp: (WebCore::WHLSL::matches): * Modules/webgpu/WHLSL/WHLSLNameResolver.cpp: (WebCore::WHLSL::NameResolver::NameResolver): (WebCore::WHLSL::NameResolver::visit): (WebCore::WHLSL::resolveTypeNamesInFunctions): (WebCore::WHLSL::resolveCallsInFunctions): (WebCore::WHLSL::resolveNamesInFunctions): Deleted. * Modules/webgpu/WHLSL/WHLSLNameResolver.h: (WebCore::WHLSL::NameResolver::setIsResolvingCalls): * Modules/webgpu/WHLSL/WHLSLPrepare.cpp: (WebCore::WHLSL::prepareShared): * Modules/webgpu/WHLSL/WHLSLSynthesizeConstructors.cpp: (WebCore::WHLSL::UnnamedTypeKey::UnnamedTypeKey): (WebCore::WHLSL::UnnamedTypeKey::isEmptyValue const): (WebCore::WHLSL::UnnamedTypeKey::isHashTableDeletedValue const): (WebCore::WHLSL::UnnamedTypeKey::hash const): (WebCore::WHLSL::UnnamedTypeKey::operator== const): (WebCore::WHLSL::UnnamedTypeKey::unnamedType const): (WebCore::WHLSL::UnnamedTypeKey::Hash::hash): (WebCore::WHLSL::UnnamedTypeKey::Hash::equal): (WebCore::WHLSL::UnnamedTypeKey::Traits::isEmptyValue): (WebCore::WHLSL::FindAllTypes::takeUnnamedTypes): (WebCore::WHLSL::FindAllTypes::appendNamedType): (WebCore::WHLSL::synthesizeConstructors): 2019-06-18 Truitt Savell <tsavell@apple.com> Unreviewed, rolling out r246524. Caused 45 webgpu/ crashes. Reverted changeset: "[WHLSL] The name resolver does not deal with nativeFunctionDeclaration" https://bugs.webkit.org/show_bug.cgi?id=198306 https://trac.webkit.org/changeset/246524 2019-06-18 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Inline quirks should have their dedicated class. https://bugs.webkit.org/show_bug.cgi?id=198962 <rdar://problem/51848170> Reviewed by Antti Koivisto. * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * layout/LayoutState.h: * layout/inlineformatting/InlineFormattingContext.h: * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::InlineFormattingContext::LineLayout::createDisplayRuns const): * layout/inlineformatting/InlineFormattingContextQuirks.cpp: Added. (WebCore::Layout::InlineFormattingContext::Quirks::collapseLineDescent): * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::close): * layout/inlineformatting/InlineLineBreaker.cpp: * layout/inlineformatting/InlineLineBreaker.h: 2019-06-18 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Line::append() should take care of all the inline types. https://bugs.webkit.org/show_bug.cgi?id=198961 <rdar://problem/51847712> Reviewed by Antti Koivisto. Make all the existing Line::append* functions private. * layout/FormattingContextGeometry.cpp: (WebCore::Layout::staticHorizontalPositionForOutOfFlowPositioned): fix a typo. * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::InlineFormattingContext::LineLayout::placeInlineItems const): * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::append): * layout/inlineformatting/InlineLine.h: 2019-06-18 Simon Fraser <simon.fraser@apple.com> Convert macOS to scroll by changing layer boundsOrigin https://bugs.webkit.org/show_bug.cgi?id=198917 Reviewed by Antti Koivisto. macOS did frame and overflow scrolling by changing the position of the scrolled contents layer. iOS scrolls by changing the boundsOrigin of the scrollContainer layer (which it has to, to match how UIScrollView works). The iOS approach removes the need for an extra layer whose only role is for scroll positioning, so migrate macOS to the same approach. A later patch can remove m_scrolledContentsLayer. We can remove RenderLayerCompositor::m_clipLayer since m_scrollContainerLayer has exactly the same role now. * page/scrolling/AsyncScrollingCoordinator.cpp: (WebCore::AsyncScrollingCoordinator::reconcileScrollPosition): * page/scrolling/ScrollingCoordinator.cpp: (WebCore::ScrollingCoordinator::insetClipLayerForFrameView): * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm: (WebCore::ScrollingTreeFrameScrollingNodeMac::repositionScrollingLayers): * page/scrolling/mac/ScrollingTreeOverflowScrollingNodeMac.mm: (WebCore::ScrollingTreeOverflowScrollingNodeMac::repositionScrollingLayers): * platform/graphics/cocoa/WebCoreCALayerExtras.h: * platform/graphics/cocoa/WebCoreCALayerExtras.mm: (-[CALayer _web_setLayerBoundsOrigin:]): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateGeometry): (WebCore::RenderLayerBacking::setLocationOfScrolledContents): (WebCore::RenderLayerBacking::updateScrollOffset): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::~RenderLayerCompositor): (WebCore::RenderLayerCompositor::flushPendingLayerChanges): (WebCore::RenderLayerCompositor::frameViewDidChangeSize): (WebCore::RenderLayerCompositor::updateLayersForScrollPosition): (WebCore::RenderLayerCompositor::updateScrollContainerGeometry): (WebCore::RenderLayerCompositor::frameViewDidScroll): (WebCore::RenderLayerCompositor::updateRootLayerPosition): (WebCore::RenderLayerCompositor::updateOverflowControlsLayers): (WebCore::RenderLayerCompositor::ensureRootLayer): (WebCore::RenderLayerCompositor::destroyRootLayer): (WebCore::RenderLayerCompositor::updateScrollingNodeLayers): (WebCore::RenderLayerCompositor::updateScrollLayerPosition): Deleted. (WebCore::RenderLayerCompositor::updateScrollLayerClipping): Deleted. * rendering/RenderLayerCompositor.h: 2019-06-18 Philippe Normand <pnormand@igalia.com> [GStreamer] Identify elements with monotonically increasing counters https://bugs.webkit.org/show_bug.cgi?id=198916 Reviewed by Xabier Rodriguez-Calvar. Those ids tend to be shorter, easier to read for humans and for diff tools :) Underscores were also replaced by dashes, for consistency with the usual GStreamer element naming untold conventions. * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp: (WebCore::MediaPlayerPrivateGStreamer::load): (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin): * platform/mediastream/libwebrtc/GStreamerVideoEncoderFactory.cpp: (WebCore::GStreamerVideoEncoder::makeElement): (WebCore::GStreamerVideoEncoder::InitEncode): 2019-06-18 Zan Dobersek <zdobersek@igalia.com> [WebGL] Extensions3DOpenGLES::bindVertexArrayOES() should allow zero array object https://bugs.webkit.org/show_bug.cgi?id=198929 Reviewed by Carlos Garcia Campos. A 0 object parameter for the glBindVertexArrayOES() call is a valid value since it binds the default vertex array object for any updates and draws. As such the Extensions3DOpenGLES implementation shouldn't return early if the object value is 0. No new tests -- covered by existing tests. * platform/graphics/opengl/Extensions3DOpenGLES.cpp: (WebCore::Extensions3DOpenGLES::bindVertexArrayOES): 2019-06-17 Sihui Liu <sihui_liu@apple.com> -[WKWebsiteDataStore removeDataOfTypes:modifiedSince:completionHandler:] doesn't delete _WKWebsiteDataTypeCredentials https://bugs.webkit.org/show_bug.cgi?id=198854 <rdar://problem/51386058> Reviewed by Geoffrey Garen. Add option NSURLCredentialStorageRemoveSynchronizableCredentials when removing persistent credential so credentials from same account will be removed from all devices. Test: WKWebsiteDataStore.RemoveAllPersistentCredentials * platform/network/CredentialStorage.cpp: (WebCore::CredentialStorage::originsWithPersistentCredentials): (WebCore::CredentialStorage::removePersistentCredentialsWithOrigins): (WebCore::CredentialStorage::clearPersistentCredentials): * platform/network/CredentialStorage.h: * platform/network/mac/CredentialStorageMac.mm: (WebCore::CredentialStorage::originsWithPersistentCredentials): (WebCore::CredentialStorage::removePersistentCredentialsWithOrigins): (WebCore::CredentialStorage::clearPersistentCredentials): 2019-06-17 Ryosuke Niwa <rniwa@webkit.org> m_disconnectedFrame can be null in DOMWindowExtension::willDestroyGlobalObjectInCachedFrame() https://bugs.webkit.org/show_bug.cgi?id=198943 Reviewed by Brady Eidson. Apparently it's possible for m_disconnectedFrame to be null in this function even though this should never happen. We've been trying to diagnose a class of issues in this area (e.g. r246187, r244971, r242797, r242677, r242676, r241848) but at some point, we need to stop crashing for the sake of user. Worked around the bug by adding a null pointer check here. * page/DOMWindowExtension.cpp: (WebCore::DOMWindowExtension::willDestroyGlobalObjectInCachedFrame): 2019-06-17 Alex Christensen <achristensen@webkit.org> Fix iOS crash when starting loads with no active DocumentLoader https://bugs.webkit.org/show_bug.cgi?id=187360 <rdar://problem/29389084> Reviewed by Geoff Garen. When FrameLoader::activeDocumentLoader returns null in the ResourceLoader constructor, on iOS we will dereference it to ask if it has a frame in an early return in init. Let's not. If we don't have a DocumentLoader, we don't have a frame and should fail. Crash reports indicate this crash is related to Beacon and other uses of LoaderStrategy::startPingLoad, but attempts to make a unit test to reproduce the crash were unsuccessful. * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::init): 2019-06-17 Robin Morisset <rmorisset@apple.com> [WHLSL] The name resolver does not deal with nativeFunctionDeclaration https://bugs.webkit.org/show_bug.cgi?id=198306 Reviewed by Saam Barati. We currently have a crash in the nameResolver when trying to use the full standard library. What is happening is that because we don't specify anything to do to nativeFunctionDeclarations, names in their parameters are added to the global environment. And so as soon as we have two such parameters with the same name, the name resolver fails. Tested by adding two native functions that share a parameter name to the standard library. * Modules/webgpu/WHLSL/WHLSLNameResolver.cpp: (WebCore::WHLSL::NameResolver::visit): * Modules/webgpu/WHLSL/WHLSLNameResolver.h: 2019-06-17 Robin Morisset <rmorisset@apple.com> [WHLSL] Remove backtracking from parseAttributeBlock https://bugs.webkit.org/show_bug.cgi?id=198934 Reviewed by Myles C. Maxfield. No functional change intended. Tested by running LayoutTests/webgpu/whlsl-compute.html * Modules/webgpu/WHLSL/WHLSLParser.cpp: (WebCore::WHLSL::Parser::parseAttributeBlock): 2019-06-17 Saam Barati <sbarati@apple.com> [WHLSL] Make .length work https://bugs.webkit.org/show_bug.cgi?id=198890 Reviewed by Myles Maxfield. This patch makes accessing .length on buffers work. To make this work as expected, I've fixed a handful of small bugs: - The checker was not calling resolveByInstantiation for getters. This patch modifies the checker to do that, so we can now resolve a getter to "operator.length". I also refactored the checker to have a helper method that both does overload resolution and resolveByInstantiation to make it difficult to forget to call resolveByInstantiation. - The property resolver had a bug where it would return a non-null value in anderCallArgument for array references even when there was no ander and no thread ander function. This patch makes it now return null if there is neither an ander nor a thread ander. - The metal codegen incorrectly unpacked the length of buffers. It swapped the bottom four bytes and the top four bytes of the size_t value. This patch corrects that. This was also a cause of flakiness in various tests since we ended up with a length much larger than expected, leading to bounds checks always passing in our tests. - This patch also fixes our tests to specify the output buffer length properly for various programs. Test: webgpu/whlsl-buffer-length.html * Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.cpp: (WebCore::WHLSL::Metal::EntryPointScaffolding::unpackResourcesAndNamedBuiltIns): * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::resolveFunction): (WebCore::WHLSL::Checker::finishVisiting): (WebCore::WHLSL::Checker::visit): * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: (WebCore::WHLSL::anderCallArgument): 2019-06-17 Ryan Haddad <ryanhaddad@apple.com> Unreviewed, rolling out r246501. Breaks Apple internal builds. Reverted changeset: "Support using ANGLE as the backend for the WebGL implementation" https://bugs.webkit.org/show_bug.cgi?id=197755 https://trac.webkit.org/changeset/246501 2019-06-17 Kenneth Russell <kbr@chromium.org> Support using ANGLE as the backend for the WebGL implementation https://bugs.webkit.org/show_bug.cgi?id=197755 Reviewed by Dean Jackson. Add new files supplying an ANGLE version of GraphicsContext3D and Extensions3D, conditionalized under USE_ANGLE. Update Xcode project to build these files. This option compiles and links successfully. FIXMEs remain in several common files which will be addressed in subsequent patches. This work will be tested with the preexisting WebGL conformance suite. * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: * platform/graphics/ANGLEWebKitBridge.h: * platform/graphics/GraphicsContext3D.h: * platform/graphics/GraphicsContext3DManager.cpp: (WebCore::GraphicsContext3DManager::updateAllContexts): (WebCore::GraphicsContext3DManager::updateHighPerformanceState): (WebCore::GraphicsContext3DManager::disableHighPerformanceGPUTimerFired): * platform/graphics/angle/Extensions3DANGLE.cpp: Copied from Source/WebCore/platform/graphics/opengl/Extensions3DOpenGLCommon.cpp. (WebCore::Extensions3DANGLE::Extensions3DANGLE): (WebCore::Extensions3DANGLE::supports): (WebCore::Extensions3DANGLE::ensureEnabled): (WebCore::Extensions3DANGLE::isEnabled): (WebCore::Extensions3DANGLE::getGraphicsResetStatusARB): (WebCore::Extensions3DANGLE::getTranslatedShaderSourceANGLE): (WebCore::Extensions3DANGLE::initializeAvailableExtensions): (WebCore::Extensions3DANGLE::readnPixelsEXT): (WebCore::Extensions3DANGLE::getnUniformfvEXT): (WebCore::Extensions3DANGLE::getnUniformivEXT): (WebCore::Extensions3DANGLE::blitFramebuffer): (WebCore::Extensions3DANGLE::renderbufferStorageMultisample): (WebCore::Extensions3DANGLE::createVertexArrayOES): (WebCore::Extensions3DANGLE::deleteVertexArrayOES): (WebCore::Extensions3DANGLE::isVertexArrayOES): (WebCore::Extensions3DANGLE::bindVertexArrayOES): (WebCore::Extensions3DANGLE::insertEventMarkerEXT): (WebCore::Extensions3DANGLE::pushGroupMarkerEXT): (WebCore::Extensions3DANGLE::popGroupMarkerEXT): (WebCore::Extensions3DANGLE::supportsExtension): (WebCore::Extensions3DANGLE::drawBuffersEXT): (WebCore::Extensions3DANGLE::drawArraysInstanced): (WebCore::Extensions3DANGLE::drawElementsInstanced): (WebCore::Extensions3DANGLE::vertexAttribDivisor): (WebCore::Extensions3DANGLE::getExtensions): * platform/graphics/angle/Extensions3DANGLE.h: Added. * platform/graphics/angle/GraphicsContext3DANGLE.cpp: Copied from Source/WebCore/platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp. (WebCore::GraphicsContext3D::releaseShaderCompiler): (WebCore::wipeAlphaChannelFromPixels): (WebCore::GraphicsContext3D::readPixelsAndConvertToBGRAIfNecessary): (WebCore::GraphicsContext3D::validateAttributes): (WebCore::GraphicsContext3D::reshapeFBOs): (WebCore::GraphicsContext3D::attachDepthAndStencilBufferIfNeeded): (WebCore::GraphicsContext3D::resolveMultisamplingIfNecessary): (WebCore::GraphicsContext3D::renderbufferStorage): (WebCore::GraphicsContext3D::getIntegerv): (WebCore::GraphicsContext3D::getShaderPrecisionFormat): (WebCore::GraphicsContext3D::texImage2D): (WebCore::GraphicsContext3D::depthRange): (WebCore::GraphicsContext3D::clearDepth): (WebCore::GraphicsContext3D::getExtensions): (WebCore::GraphicsContext3D::readPixels): (WebCore::setCurrentNameHashMapForShader): (WebCore::nameHashForShader): (WebCore::GraphicsContext3D::validateDepthStencil): (WebCore::GraphicsContext3D::paintRenderingResultsToCanvas): (WebCore::GraphicsContext3D::paintCompositedResultsToCanvas): (WebCore::GraphicsContext3D::paintRenderingResultsToImageData): (WebCore::GraphicsContext3D::prepareTexture): (WebCore::GraphicsContext3D::readRenderingResults): (WebCore::GraphicsContext3D::reshape): (WebCore::GraphicsContext3D::checkVaryingsPacking const): (WebCore::GraphicsContext3D::precisionsMatch const): (WebCore::GraphicsContext3D::getInternalFramebufferSize const): (WebCore::GraphicsContext3D::activeTexture): (WebCore::GraphicsContext3D::attachShader): (WebCore::GraphicsContext3D::bindAttribLocation): (WebCore::GraphicsContext3D::bindBuffer): (WebCore::GraphicsContext3D::bindFramebuffer): (WebCore::GraphicsContext3D::bindRenderbuffer): (WebCore::GraphicsContext3D::bindTexture): (WebCore::GraphicsContext3D::blendColor): (WebCore::GraphicsContext3D::blendEquation): (WebCore::GraphicsContext3D::blendEquationSeparate): (WebCore::GraphicsContext3D::blendFunc): (WebCore::GraphicsContext3D::blendFuncSeparate): (WebCore::GraphicsContext3D::bufferData): (WebCore::GraphicsContext3D::bufferSubData): (WebCore::GraphicsContext3D::mapBufferRange): (WebCore::GraphicsContext3D::unmapBuffer): (WebCore::GraphicsContext3D::copyBufferSubData): (WebCore::GraphicsContext3D::getInternalformativ): (WebCore::GraphicsContext3D::renderbufferStorageMultisample): (WebCore::GraphicsContext3D::texStorage2D): (WebCore::GraphicsContext3D::texStorage3D): (WebCore::GraphicsContext3D::getActiveUniforms): (WebCore::GraphicsContext3D::checkFramebufferStatus): (WebCore::GraphicsContext3D::clearColor): (WebCore::GraphicsContext3D::clear): (WebCore::GraphicsContext3D::clearStencil): (WebCore::GraphicsContext3D::colorMask): (WebCore::GraphicsContext3D::compileShader): (WebCore::GraphicsContext3D::compileShaderDirect): (WebCore::GraphicsContext3D::copyTexImage2D): (WebCore::GraphicsContext3D::copyTexSubImage2D): (WebCore::GraphicsContext3D::cullFace): (WebCore::GraphicsContext3D::depthFunc): (WebCore::GraphicsContext3D::depthMask): (WebCore::GraphicsContext3D::detachShader): (WebCore::GraphicsContext3D::disable): (WebCore::GraphicsContext3D::disableVertexAttribArray): (WebCore::GraphicsContext3D::drawArrays): (WebCore::GraphicsContext3D::drawElements): (WebCore::GraphicsContext3D::enable): (WebCore::GraphicsContext3D::enableVertexAttribArray): (WebCore::GraphicsContext3D::finish): (WebCore::GraphicsContext3D::flush): (WebCore::GraphicsContext3D::framebufferRenderbuffer): (WebCore::GraphicsContext3D::framebufferTexture2D): (WebCore::GraphicsContext3D::frontFace): (WebCore::GraphicsContext3D::generateMipmap): (WebCore::GraphicsContext3D::getActiveAttribImpl): (WebCore::GraphicsContext3D::getActiveAttrib): (WebCore::GraphicsContext3D::getActiveUniformImpl): (WebCore::GraphicsContext3D::getActiveUniform): (WebCore::GraphicsContext3D::getAttachedShaders): (WebCore::generateHashedName): (WebCore::GraphicsContext3D::mappedSymbolInShaderSourceMap): (WebCore::GraphicsContext3D::mappedSymbolName): (WebCore::GraphicsContext3D::originalSymbolInShaderSourceMap): (WebCore::GraphicsContext3D::originalSymbolName): (WebCore::GraphicsContext3D::getAttribLocation): (WebCore::GraphicsContext3D::getAttribLocationDirect): (WebCore::GraphicsContext3D::getContextAttributes): (WebCore::GraphicsContext3D::moveErrorsToSyntheticErrorList): (WebCore::GraphicsContext3D::getError): (WebCore::GraphicsContext3D::getString): (WebCore::GraphicsContext3D::hint): (WebCore::GraphicsContext3D::isBuffer): (WebCore::GraphicsContext3D::isEnabled): (WebCore::GraphicsContext3D::isFramebuffer): (WebCore::GraphicsContext3D::isProgram): (WebCore::GraphicsContext3D::isRenderbuffer): (WebCore::GraphicsContext3D::isShader): (WebCore::GraphicsContext3D::isTexture): (WebCore::GraphicsContext3D::lineWidth): (WebCore::GraphicsContext3D::linkProgram): (WebCore::GraphicsContext3D::pixelStorei): (WebCore::GraphicsContext3D::polygonOffset): (WebCore::GraphicsContext3D::sampleCoverage): (WebCore::GraphicsContext3D::scissor): (WebCore::GraphicsContext3D::shaderSource): (WebCore::GraphicsContext3D::stencilFunc): (WebCore::GraphicsContext3D::stencilFuncSeparate): (WebCore::GraphicsContext3D::stencilMask): (WebCore::GraphicsContext3D::stencilMaskSeparate): (WebCore::GraphicsContext3D::stencilOp): (WebCore::GraphicsContext3D::stencilOpSeparate): (WebCore::GraphicsContext3D::texParameterf): (WebCore::GraphicsContext3D::texParameteri): (WebCore::GraphicsContext3D::uniform1f): (WebCore::GraphicsContext3D::uniform1fv): (WebCore::GraphicsContext3D::uniform2f): (WebCore::GraphicsContext3D::uniform2fv): (WebCore::GraphicsContext3D::uniform3f): (WebCore::GraphicsContext3D::uniform3fv): (WebCore::GraphicsContext3D::uniform4f): (WebCore::GraphicsContext3D::uniform4fv): (WebCore::GraphicsContext3D::uniform1i): (WebCore::GraphicsContext3D::uniform1iv): (WebCore::GraphicsContext3D::uniform2i): (WebCore::GraphicsContext3D::uniform2iv): (WebCore::GraphicsContext3D::uniform3i): (WebCore::GraphicsContext3D::uniform3iv): (WebCore::GraphicsContext3D::uniform4i): (WebCore::GraphicsContext3D::uniform4iv): (WebCore::GraphicsContext3D::uniformMatrix2fv): (WebCore::GraphicsContext3D::uniformMatrix3fv): (WebCore::GraphicsContext3D::uniformMatrix4fv): (WebCore::GraphicsContext3D::useProgram): (WebCore::GraphicsContext3D::validateProgram): (WebCore::GraphicsContext3D::vertexAttrib1f): (WebCore::GraphicsContext3D::vertexAttrib1fv): (WebCore::GraphicsContext3D::vertexAttrib2f): (WebCore::GraphicsContext3D::vertexAttrib2fv): (WebCore::GraphicsContext3D::vertexAttrib3f): (WebCore::GraphicsContext3D::vertexAttrib3fv): (WebCore::GraphicsContext3D::vertexAttrib4f): (WebCore::GraphicsContext3D::vertexAttrib4fv): (WebCore::GraphicsContext3D::vertexAttribPointer): (WebCore::GraphicsContext3D::viewport): (WebCore::GraphicsContext3D::createVertexArray): (WebCore::GraphicsContext3D::deleteVertexArray): (WebCore::GraphicsContext3D::isVertexArray): (WebCore::GraphicsContext3D::bindVertexArray): (WebCore::GraphicsContext3D::getBooleanv): (WebCore::GraphicsContext3D::getBufferParameteriv): (WebCore::GraphicsContext3D::getFloatv): (WebCore::GraphicsContext3D::getInteger64v): (WebCore::GraphicsContext3D::getFramebufferAttachmentParameteriv): (WebCore::GraphicsContext3D::getProgramiv): (WebCore::GraphicsContext3D::getNonBuiltInActiveSymbolCount): (WebCore::GraphicsContext3D::getUnmangledInfoLog): (WebCore::GraphicsContext3D::getProgramInfoLog): (WebCore::GraphicsContext3D::getRenderbufferParameteriv): (WebCore::GraphicsContext3D::getShaderiv): (WebCore::GraphicsContext3D::getShaderInfoLog): (WebCore::GraphicsContext3D::getShaderSource): (WebCore::GraphicsContext3D::getTexParameterfv): (WebCore::GraphicsContext3D::getTexParameteriv): (WebCore::GraphicsContext3D::getUniformfv): (WebCore::GraphicsContext3D::getUniformiv): (WebCore::GraphicsContext3D::getUniformLocation): (WebCore::GraphicsContext3D::getVertexAttribfv): (WebCore::GraphicsContext3D::getVertexAttribiv): (WebCore::GraphicsContext3D::getVertexAttribOffset): (WebCore::GraphicsContext3D::texSubImage2D): (WebCore::GraphicsContext3D::compressedTexImage2D): (WebCore::GraphicsContext3D::compressedTexSubImage2D): (WebCore::GraphicsContext3D::createBuffer): (WebCore::GraphicsContext3D::createFramebuffer): (WebCore::GraphicsContext3D::createProgram): (WebCore::GraphicsContext3D::createRenderbuffer): (WebCore::GraphicsContext3D::createShader): (WebCore::GraphicsContext3D::createTexture): (WebCore::GraphicsContext3D::deleteBuffer): (WebCore::GraphicsContext3D::deleteFramebuffer): (WebCore::GraphicsContext3D::deleteProgram): (WebCore::GraphicsContext3D::deleteRenderbuffer): (WebCore::GraphicsContext3D::deleteShader): (WebCore::GraphicsContext3D::deleteTexture): (WebCore::GraphicsContext3D::synthesizeGLError): (WebCore::GraphicsContext3D::markContextChanged): (WebCore::GraphicsContext3D::markLayerComposited): (WebCore::GraphicsContext3D::layerComposited const): (WebCore::GraphicsContext3D::forceContextLost): (WebCore::GraphicsContext3D::recycleContext): (WebCore::GraphicsContext3D::dispatchContextChangedNotification): (WebCore::GraphicsContext3D::texImage2DDirect): (WebCore::GraphicsContext3D::drawArraysInstanced): (WebCore::GraphicsContext3D::drawElementsInstanced): (WebCore::GraphicsContext3D::vertexAttribDivisor): * platform/graphics/angle/TemporaryANGLESetting.cpp: Added. (WebCore::TemporaryANGLESetting::TemporaryANGLESetting): (WebCore::TemporaryANGLESetting::~TemporaryANGLESetting): * platform/graphics/angle/TemporaryANGLESetting.h: Added. * platform/graphics/cocoa/GraphicsContext3DCocoa.mm: (WebCore::GraphicsContext3D::GraphicsContext3D): (WebCore::GraphicsContext3D::~GraphicsContext3D): (WebCore::GraphicsContext3D::makeContextCurrent): (WebCore::GraphicsContext3D::checkGPUStatus): (WebCore::GraphicsContext3D::screenDidChange): * platform/graphics/cocoa/WebGLLayer.h: * platform/graphics/cocoa/WebGLLayer.mm: (-[WebGLLayer display]): * platform/graphics/cv/TextureCacheCV.mm: (WebCore::TextureCacheCV::create): (WebCore::TextureCacheCV::textureFromImage): * platform/graphics/cv/VideoTextureCopierCV.cpp: (WebCore::enumToStringMap): (WebCore::VideoTextureCopierCV::initializeContextObjects): (WebCore::VideoTextureCopierCV::initializeUVContextObjects): (WebCore::VideoTextureCopierCV::copyImageToPlatformTexture): (WebCore::VideoTextureCopierCV::copyVideoTextureToPlatformTexture): * platform/graphics/opengl/Extensions3DOpenGL.cpp: * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp: * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp: * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp: * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp: 2019-06-17 Ludovico de Nittis <ludovico.denittis@collabora.com> [GTK] Stop accessing GdkEvent fields when possible https://bugs.webkit.org/show_bug.cgi?id=198829 Reviewed by Michael Catanzaro. Direct access to GdkEvent structs is no longer possible in GTK 4. No behaviour changes. * platform/gtk/PlatformKeyboardEventGtk.cpp: (WebCore::eventTypeForGdkKeyEvent): (WebCore::modifiersForGdkKeyEvent): (WebCore::PlatformKeyboardEvent::PlatformKeyboardEvent): * platform/gtk/PlatformMouseEventGtk.cpp: (WebCore::PlatformMouseEvent::PlatformMouseEvent): * platform/gtk/PlatformWheelEventGtk.cpp: (WebCore::PlatformWheelEvent::PlatformWheelEvent): 2019-06-17 Carlos Garcia Campos <cgarcia@igalia.com> Unreviewed, rolling out r246467. It broke scrolling with mouse wheel Reverted changeset: "[GTK] Stop accessing GdkEvent fields when possible" https://bugs.webkit.org/show_bug.cgi?id=198829 https://trac.webkit.org/changeset/246467 2019-06-16 Darin Adler <darin@apple.com> Convert some uses of fixed width and fixed precision floating point formatting to use shortest instead https://bugs.webkit.org/show_bug.cgi?id=198896 Reviewed by Sam Weinig. * Modules/indexeddb/IDBKeyData.cpp: (WebCore::IDBKeyData::loggingString const): Removed unneeded use of FormattedNumber::fixedWidth to override the default shortest-form formatting. * page/History.cpp: (WebCore::History::stateObjectAdded): Ditto. * page/PrintContext.cpp: (WebCore::PrintContext::pageProperty): Use String::number instead of String::numberToStringFixedPrecision. Also removed some uses of FormattedNumber::fixedPrecision. * platform/graphics/FloatPolygon.cpp: (WebCore::FloatPolygonEdge::debugString const): Ditto. 2019-06-16 Darin Adler <darin@apple.com> Rename AtomicString to AtomString https://bugs.webkit.org/show_bug.cgi?id=195276 Reviewed by Michael Catanzaro. * many files: Let do-webcore-rename do the renaming. 2019-06-16 Eric Carlson <eric.carlson@apple.com> [MediaStream] Avoid roundoff error when setting AVCapture min/max frame rate https://bugs.webkit.org/show_bug.cgi?id=198875 <rdar://problem/51768374> Reviewed by Youenn Fablet. * platform/graphics/MediaPlayer.h: (WTF::LogArgument<MediaTime>::toString): Deleted, moved to MediaTime.h. (WTF::LogArgument<MediaTimeRange>::toString): Deleted, moved to MediaTime.h. * platform/mediastream/mac/AVVideoCaptureSource.mm: (WebCore::AVVideoCaptureSource::setSessionSizeAndFrameRate): Avoid roundoff error. 2019-06-16 Simon Fraser <simon.fraser@apple.com> Implement ScrollableArea::scrollOffset() https://bugs.webkit.org/show_bug.cgi?id=198895 Reviewed by Antti Koivisto. Remove from ScrollableArea the following: virtual int scrollSize(ScrollbarOrientation) const = 0; virtual int scrollOffset(ScrollbarOrientation) const = 0; and instead implement ScrollOffset scrollOffset() const. Also make scrollPosition() pure virtual, avoiding the reverse dependency where this base class implementation got values from scrollbars. scrollSize(ScrollbarOrientation) was only used by ScrollAnimatorIOS and we can do the same computation via min/max scroll positions. RenderListBox and PopupMenuWin need implementations of scrollPosition(). Remove some PLATFORM(IOS_FAMILY) #ifdefs from ScrollableArea for code that compiles on all platforms. * page/FrameView.h: * platform/ScrollView.cpp: (WebCore::ScrollView::overhangAmount const): (WebCore::ScrollView::scrollSize const): Deleted. (WebCore::ScrollView::scrollOffset const): Deleted. * platform/ScrollView.h: * platform/ScrollableArea.cpp: (WebCore::ScrollableArea::isPinnedVerticallyInDirection const): (WebCore::ScrollableArea::scrollOffset const): (WebCore::ScrollableArea::scrollPosition const): Deleted. * platform/ScrollableArea.h: (WebCore::offsetForOrientation): (WebCore::ScrollableArea::isHorizontalScrollerPinnedToMinimumPosition const): (WebCore::ScrollableArea::isHorizontalScrollerPinnedToMaximumPosition const): (WebCore::ScrollableArea::isVerticalScrollerPinnedToMinimumPosition const): (WebCore::ScrollableArea::isVerticalScrollerPinnedToMaximumPosition const): (WebCore::ScrollableArea::tiledBacking const): Deleted. * platform/Scrollbar.cpp: (WebCore::Scrollbar::Scrollbar): (WebCore::Scrollbar::offsetDidChange): * platform/ios/ScrollAnimatorIOS.mm: (WebCore::ScrollAnimatorIOS::handleTouchEvent): * platform/win/PopupMenuWin.cpp: (WebCore::PopupMenuWin::scrollPosition const): (WebCore::PopupMenuWin::wndProc): (WebCore::PopupMenuWin::scrollSize const): Deleted. (WebCore::PopupMenuWin::scrollOffset const): Deleted. * platform/win/PopupMenuWin.h: (WebCore::PopupMenuWin::scrollOffset const): Deleted. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollSize const): Deleted. (WebCore::RenderLayer::scrollOffset const): Deleted. * rendering/RenderLayer.h: * rendering/RenderListBox.cpp: (WebCore::RenderListBox::scrollPosition const): (WebCore::RenderListBox::scrollSize const): Deleted. (WebCore::RenderListBox::scrollOffset const): Deleted. * rendering/RenderListBox.h: 2019-06-16 Zalan Bujtas <zalan@apple.com> Address Sam's post-landing review of r246234. * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::InlineFormattingContext::LineLayout::createDisplayRuns const): 2019-06-16 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Decouple baseline ascent/descent and baseline offset. https://bugs.webkit.org/show_bug.cgi?id=198901 <rdar://problem/51782393> Reviewed by Antti Koivisto. Baseline offset is the baseline's distance from the line's logical top -and it is not necessarily the same as the baseline's ascent. It's easier to track the baseline and its top separately since certain properties only change one or the other. * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::InlineFormattingContext::LineLayout::placeInlineItems const): (WebCore::Layout::InlineFormattingContext::LineLayout::createDisplayRuns const): * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::Line): (WebCore::Layout::Line::close): (WebCore::Layout::Line::adjustBaselineAndLineHeight): (WebCore::Layout::Line::halfLeadingMetrics): * layout/inlineformatting/InlineLine.h: (WebCore::Layout::Line::Content::baselineOffset const): (WebCore::Layout::Line::Content::setBaselineOffset): (WebCore::Layout::Line::baselineOffset const): * layout/inlineformatting/InlineLineBox.h: (WebCore::Layout::LineBox::baselineOffset const): (WebCore::Layout::LineBox::LineBox): 2019-06-16 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Intruding float may prevent adding any inline box https://bugs.webkit.org/show_bug.cgi?id=198891 <rdar://problem/51779956> Reviewed by Antti Koivisto. Take the intruding left/right float pair and find the vertical position where the next line might go if these floats prevent us from adding even one inline box to the current line. * layout/FormattingContext.cpp: (WebCore::Layout::FormattingContext::mapPointToAncestor): (WebCore::Layout::FormattingContext::mapPointToDescendent): * layout/FormattingContext.h: * layout/LayoutUnits.h: (WebCore::Layout::Point::max): * layout/inlineformatting/InlineFormattingContext.h: * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::InlineFormattingContext::LineLayout::placeInlineItems const): (WebCore::Layout::InlineFormattingContext::LineLayout::layout const): 2019-06-16 Zalan Bujtas <zalan@apple.com> [LFC][Floats] Add bottom value to FloatingState::Constraints https://bugs.webkit.org/show_bug.cgi?id=198889 <rdar://problem/51776730> Reviewed by Antti Koivisto. Constraints::left/right->y indicates where this particular constrain ends. This is going to be used by inline layout to figure where the next line should go (vertical position). * layout/floats/FloatingState.cpp: (WebCore::Layout::FloatingState::constraints const): * layout/floats/FloatingState.h: 2019-06-16 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Ignore descent when in limited/full quirks mode https://bugs.webkit.org/show_bug.cgi?id=198893 <rdar://problem/51780634> Reviewed by Antti Koivisto. In limited/full quirks mode, line's descent should be ignored when computing the final line height when 1. the line has baseline aligned content only and 2. these baseline aligned boxes don't have descent. * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::isVisuallyEmpty const): (WebCore::Layout::Line::close): 2019-06-16 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Line::isVisuallyEmpty should check inline-block boxes. https://bugs.webkit.org/show_bug.cgi?id=198894 <rdar://problem/51780886> Reviewed by Antti Koivisto. Non-zero width/height inline-block boxes make the line visually non-empty. * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::isVisuallyEmpty const): 2019-06-16 Zalan Bujtas <zalan@apple.com> [LFC] Add Layout::Box::isContainingBlockDescendantOf https://bugs.webkit.org/show_bug.cgi?id=198888 <rdar://problem/51776466> Reviewed by Antti Koivisto. Box::isDescendantOf indicates simple ancestor - descendant relationship, while isContainingBlockDescendantOf checks the containing block chain. * layout/FormattingContext.cpp: (WebCore::Layout::mapHorizontalPositionToAncestor): (WebCore::Layout::FormattingContext::mapBoxToAncestor): (WebCore::Layout::FormattingContext::mapTopToAncestor): (WebCore::Layout::FormattingContext::mapPointToAncestor): * layout/floats/FloatingState.h: (WebCore::Layout::FloatingState::FloatItem::isDescendantOfFormattingRoot const): * layout/layouttree/LayoutBox.cpp: (WebCore::Layout::Box::isDescendantOf const): (WebCore::Layout::Box::isContainingBlockDescendantOf const): * layout/layouttree/LayoutBox.h: 2019-06-16 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Remove Line::Content::isVisuallyEmpty https://bugs.webkit.org/show_bug.cgi?id=198892 <rdar://problem/51780345> Reviewed by Antti Koivisto. Instead of setting the isVisuallyEmpty flag, reset the line height to 0. * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::InlineFormattingContext::LineLayout::createDisplayRuns const): * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::close): * layout/inlineformatting/InlineLine.h: (WebCore::Layout::Line::Content::isEmpty const): (WebCore::Layout::Line::Content::setBaseline): (WebCore::Layout::Line::Content::isVisuallyEmpty const): Deleted. (WebCore::Layout::Line::Content::setIsVisuallyEmpty): Deleted. 2019-06-16 Zalan Bujtas <zalan@apple.com> [LFC] Add limited quirks mode to LayoutState. https://bugs.webkit.org/show_bug.cgi?id=198881 <rdar://problem/51773229> Reviewed by Antti Koivisto. This is in preparation for introducing limited quirks mode to inline layout. * layout/LayoutState.h: (WebCore::Layout::LayoutState::setQuirksMode): (WebCore::Layout::LayoutState::inQuirksMode const): (WebCore::Layout::LayoutState::inLimitedQuirksMode const): (WebCore::Layout::LayoutState::inNoQuirksMode const): (WebCore::Layout::LayoutState::setInQuirksMode): Deleted. * page/FrameViewLayoutContext.cpp: (WebCore::layoutUsingFormattingContext): 2019-06-16 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Completely collapsed runs should not go to the trimmable run list. https://bugs.webkit.org/show_bug.cgi?id=198900 <rdar://problem/51782156> Reviewed by Antti Koivisto. * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::trailingTrimmableWidth const): (WebCore::Layout::Line::appendTextContent): 2019-06-16 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Use the borderBox rect consistently to size the inline box. https://bugs.webkit.org/show_bug.cgi?id=198899 Reviewed by Antti Koivisto. <rdar://problem/51781969> Use the margin box height (when applicable) to adjust the line height and use the borderBox rect (or font size) height to size the inline box. * layout/displaytree/DisplayBox.h: (WebCore::Display::Box::borderBoxHeight const): (WebCore::Display::Box::marginBoxHeight const): * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::appendInlineContainerStart): (WebCore::Layout::Line::appendTextContent): (WebCore::Layout::Line::appendNonReplacedInlineBox): (WebCore::Layout::Line::inlineItemContentHeight const): (WebCore::Layout::Line::inlineItemHeight const): Deleted. * layout/inlineformatting/InlineLine.h: 2019-06-15 Simon Fraser <simon.fraser@apple.com> Make layerTreeAsText() output a bit less verbose https://bugs.webkit.org/show_bug.cgi?id=198870 Reviewed by Tim Horton. "accelerates drawing" was getting dumped twice for debug dumps. Only dump the non-default state for "uses display-list drawing". Use the new OptionSet<> dumping for GraphicsLayerPaintingPhases. * platform/graphics/GraphicsLayer.cpp: (WebCore::GraphicsLayer::dumpProperties const): (WebCore::operator<<): * platform/graphics/GraphicsLayer.h: * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes): 2019-06-15 Youenn Fablet <youenn@apple.com> Make MediaStream constructor take a Document instead of a ScriptExecutionContext https://bugs.webkit.org/show_bug.cgi?id=198873 Reviewed by Darin Adler. Update MediaStream constructors and call site to take a Document&. Make the same for creation of CanvasCaptureMediaStreamTrack. No observable change of behavior. * Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp: (WebCore::CanvasCaptureMediaStreamTrack::create): (WebCore::CanvasCaptureMediaStreamTrack::CanvasCaptureMediaStreamTrack): (WebCore::loggerFromContext): Deleted. * Modules/mediastream/CanvasCaptureMediaStreamTrack.h: * Modules/mediastream/MediaStream.cpp: (WebCore::MediaStream::create): (WebCore::MediaStream::MediaStream): (WebCore::MediaStream::clone): (WebCore::loggerFromContext): Deleted. * Modules/mediastream/MediaStream.h: * Modules/mediastream/MediaStream.idl: * Modules/mediastream/UserMediaRequest.cpp: (WebCore::UserMediaRequest::allow): * html/HTMLCanvasElement.cpp: (WebCore::HTMLCanvasElement::captureStream): * html/HTMLCanvasElement.h: * html/HTMLCanvasElement.idl: 2019-06-15 Zalan Bujtas <zalan@apple.com> [LFC][BFC] Fix available width for non-floating positioned float avoiders. https://bugs.webkit.org/show_bug.cgi?id=198886 <rdar://problem/51773643> Reviewed by Antti Koivisto. Normally the available width for an in-flow block level box is the width of the containing block's content box. However a non-floating positioned float avoider box might be constrained by existing floats. The idea here is that we pre-compute(estimate) the vertical position and check the current floating context for left and right floats. These floats contrain the available width and this computed value should be used instead of the containing block's content box's width whe calculating the used width for width: auto. * layout/FormattingContext.cpp: (WebCore::Layout::mapHorizontalPositionToAncestor): (WebCore::Layout::FormattingContext::mapLeftToAncestor): (WebCore::Layout::FormattingContext::mapRightToAncestor): (WebCore::Layout::FormattingContext::mapPointToAncestor): (WebCore::Layout::FormattingContext::mapCoordinateToAncestor): Deleted. * layout/FormattingContext.h: * layout/blockformatting/BlockFormattingContext.cpp: (WebCore::Layout::BlockFormattingContext::usedAvailableWidthForFloatAvoider const): (WebCore::Layout::BlockFormattingContext::layoutFormattingContextRoot const): (WebCore::Layout::BlockFormattingContext::computeStaticVerticalPosition const): (WebCore::Layout::BlockFormattingContext::computeStaticHorizontalPosition const): (WebCore::Layout::BlockFormattingContext::computeStaticPosition const): (WebCore::Layout::BlockFormattingContext::computeEstimatedVerticalPositionForFormattingRoot const): (WebCore::Layout::BlockFormattingContext::computeWidthAndMargin const): * layout/blockformatting/BlockFormattingContext.h: (WebCore::Layout::BlockFormattingContext::computeWidthAndMargin): * layout/blockformatting/BlockFormattingContextGeometry.cpp: (WebCore::Layout::BlockFormattingContext::Geometry::staticVerticalPosition): (WebCore::Layout::BlockFormattingContext::Geometry::staticHorizontalPosition): (WebCore::Layout::BlockFormattingContext::Geometry::staticPosition): * layout/floats/FloatingState.cpp: (WebCore::Layout::FloatingState::constraints const): * layout/layouttree/LayoutBlockContainer.cpp: (WebCore::Layout::BlockContainer::establishesInlineFormattingContextOnly const): * layout/layouttree/LayoutBlockContainer.h: * layout/layouttree/LayoutBox.cpp: (WebCore::Layout::Box::isFloatAvoider const): * layout/layouttree/LayoutBox.h: (WebCore::Layout::Box::establishesInlineFormattingContextOnly const): 2019-06-15 Ludovico de Nittis <ludovico.denittis@collabora.com> [GTK] Stop accessing GdkEvent fields when possible https://bugs.webkit.org/show_bug.cgi?id=198829 Reviewed by Michael Catanzaro. Direct access to GdkEvent structs is no longer possible in GTK 4. No behaviour changes. * platform/gtk/PlatformKeyboardEventGtk.cpp: (WebCore::eventTypeForGdkKeyEvent): (WebCore::modifiersForGdkKeyEvent): (WebCore::PlatformKeyboardEvent::PlatformKeyboardEvent): * platform/gtk/PlatformMouseEventGtk.cpp: (WebCore::PlatformMouseEvent::PlatformMouseEvent): * platform/gtk/PlatformWheelEventGtk.cpp: (WebCore::PlatformWheelEvent::PlatformWheelEvent): 2019-06-15 Rob Buis <rbuis@igalia.com> Add tests for prefetch redirects https://bugs.webkit.org/show_bug.cgi?id=197371 Reviewed by Youenn Fablet. Test: http/wpt/prefetch/link-prefetch-main-resource-redirect.html Allow clearing of the Purpose request header field. * platform/network/ResourceRequestBase.cpp: (WebCore::ResourceRequestBase::clearPurpose): * platform/network/ResourceRequestBase.h: 2019-06-15 Zalan Bujtas <zalan@apple.com> [LFC][MarginCollapsing] Remove redundant checks in MarginCollapse::marginBefore/AfterCollapsesWith* https://bugs.webkit.org/show_bug.cgi?id=198882 <rdar://problem/51773334> Reviewed by Antti Koivisto. In-flow child can neither be floating nor out-of-flow positioned. * layout/blockformatting/BlockMarginCollapse.cpp: (WebCore::Layout::BlockFormattingContext::MarginCollapse::marginBeforeCollapsesWithFirstInFlowChildMarginBefore): (WebCore::Layout::BlockFormattingContext::MarginCollapse::marginAfterCollapsesWithLastInFlowChildMarginAfter): 2019-06-15 Zalan Bujtas <zalan@apple.com> [LFC][MarginCollapsing] Collapsed through margin values preserve quirk state. https://bugs.webkit.org/show_bug.cgi?id=198885 <rdar://problem/51773568> Reviewed by Antti Koivisto. The collapsed through margin becomes a quirk margin if either of the vertical(before/after) margins have quirk value. * layout/blockformatting/BlockMarginCollapse.cpp: (WebCore::Layout::computedPositiveAndNegativeMargin): 2019-06-15 Zalan Bujtas <zalan@apple.com> [LFC[MarginCollapsing] Anonymous boxes never collapse their margins with siblings. https://bugs.webkit.org/show_bug.cgi?id=198884 <rdar://problem/51773509> Reviewed by Antti Koivisto. * layout/blockformatting/BlockMarginCollapse.cpp: (WebCore::Layout::BlockFormattingContext::MarginCollapse::marginBeforeCollapsesWithPreviousSiblingMarginAfter): 2019-06-15 Zalan Bujtas <zalan@apple.com> [LFC][MarginCollapsing] Add check for computed height value in MarginCollapse::marginsCollapseThrough https://bugs.webkit.org/show_bug.cgi?id=198883 <rdar://problem/51773395> Reviewed by Antti Koivisto. "A box's own margins collapse if... ...and it has a 'height' of either 0 or 'auto" https://www.w3.org/TR/CSS22/box.html#collapsing-margins * layout/blockformatting/BlockMarginCollapse.cpp: (WebCore::Layout::BlockFormattingContext::MarginCollapse::marginsCollapseThrough): 2019-06-15 Zalan Bujtas <zalan@apple.com> [LFC] Fix available width for shrink-to-fit (for out-of-flow non-replaced box) https://bugs.webkit.org/show_bug.cgi?id=198880 <rdar://problem/51773118> Reviewed by Antti Koivisto. This patch fixes the cases when the available width for the out-of-flow positioned box is not the same as the containing block's (padding)width. * layout/FormattingContextGeometry.cpp: (WebCore::Layout::FormattingContext::Geometry::outOfFlowNonReplacedHorizontalGeometry): 2019-06-15 Zalan Bujtas <zalan@apple.com> [LFC] Fix over-constrained logic for out-of-flow non-replaced horizontal geometry. https://bugs.webkit.org/show_bug.cgi?id=198879 <rdar://problem/51772995> Reviewed by Antti Koivisto. The over-constrained logic applies to the case when all the horizontal properties are set. * layout/FormattingContextGeometry.cpp: (WebCore::Layout::FormattingContext::Geometry::outOfFlowNonReplacedHorizontalGeometry): 2019-06-15 Zalan Bujtas <zalan@apple.com> [LFC] Convert both the absolutely and statically positioned out-of-flow block level boxes positions relative to the containing block's padding box https://bugs.webkit.org/show_bug.cgi?id=198878 <rdar://problem/51772882> Reviewed by Antti Koivisto. This patch ensures that while we compute the vertical/horizontal geometry for an out-of-flow block level box, the static and the absolute positioned values are in the same coordinate system (relative to the containing block's padding box). * layout/FormattingContextGeometry.cpp: (WebCore::Layout::staticVerticalPositionForOutOfFlowPositioned): (WebCore::Layout::staticHorizontalPositionForOutOfFlowPositioned): (WebCore::Layout::FormattingContext::Geometry::outOfFlowNonReplacedVerticalGeometry): (WebCore::Layout::FormattingContext::Geometry::outOfFlowNonReplacedHorizontalGeometry): (WebCore::Layout::FormattingContext::Geometry::outOfFlowReplacedVerticalGeometry): (WebCore::Layout::FormattingContext::Geometry::outOfFlowReplacedHorizontalGeometry): 2019-06-15 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Add support for vertical-align: top and bottom https://bugs.webkit.org/show_bug.cgi?id=198697 <rdar://problem/51556188> Reviewed by Antti Koivisto. Use the layout box's vertical alignment to adjust line baseline and height and set the run's logical top when the line is being closed. * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::isVisuallyEmpty const): (WebCore::Layout::Line::close): (WebCore::Layout::Line::appendInlineContainerStart): (WebCore::Layout::Line::appendTextContent): (WebCore::Layout::Line::appendNonReplacedInlineBox): (WebCore::Layout::Line::appendHardLineBreak): (WebCore::Layout::Line::adjustBaselineAndLineHeight): (WebCore::Layout::Line::inlineItemHeight const): (WebCore::Layout::Line::Content::isVisuallyEmpty const): Deleted. * layout/inlineformatting/InlineLine.h: (WebCore::Layout::Line::Content::isVisuallyEmpty const): (WebCore::Layout::Line::Content::setIsVisuallyEmpty): (WebCore::Layout::Line::hasContent const): 2019-06-14 Antoine Quint <graouts@apple.com> [Pointer Events] button property is -1 for pointerdown and pointerup https://bugs.webkit.org/show_bug.cgi?id=198868 <rdar://problem/51758109> Reviewed by Dean Jackson. A value of -1 for "button", which means there was no change of pressed button since the last event, should only ever be used for "pointermove" events. Test: pointerevents/mouse/pointer-button-and-buttons.html * page/PointerCaptureController.cpp: (WebCore::PointerCaptureController::pointerEventForMouseEvent): 2019-06-14 Megan Gardner <megan_gardner@apple.com> Move Synthetic Editing Commands to behind an experimental feature flag https://bugs.webkit.org/show_bug.cgi?id=198842 <rdar://problem/50594700> Reviewed by Simon Fraser. Moving from a quirk to a feature flag. * page/Quirks.cpp: (WebCore::shouldEmulateEditingButtonsAndGesturesInHiddenEditableAreasForHost): Deleted. (WebCore::Quirks::shouldEmulateEditingButtonsAndGesturesInHiddenEditableAreas const): Deleted. * page/Quirks.h: * page/RuntimeEnabledFeatures.h: (WebCore::RuntimeEnabledFeatures::setSyntheticEditingCommandsEnabled): (WebCore::RuntimeEnabledFeatures::syntheticEditingCommandsEnabled const): 2019-06-14 Jer Noble <jer.noble@apple.com> REGRESSION(244439): platform/mac/media/encrypted-media/fps-* tests are crashing https://bugs.webkit.org/show_bug.cgi?id=198612 <rdar://problem/51078978> Reviewed by Eric Carlson. There are two implementations of a 'cenc' initialiation data factory; an ASSERT fires when the second one is added to the registry. Unify them. * Modules/encryptedmedia/InitDataRegistry.cpp: (WebCore::extractKeyIDsCenc): * platform/graphics/avfoundation/CDMFairPlayStreaming.cpp: (WebCore::CDMPrivateFairPlayStreaming::validFairPlayStreamingSchemes): (WebCore::CDMPrivateFairPlayStreaming::fairPlaySystemID): (WebCore::validInitDataTypes): (WebCore::CDMFactory::platformRegisterFactories): (WebCore::validFairPlayStreamingSchemes): Deleted. (WebCore::CDMPrivateFairPlayStreaming::cencName): Deleted. (WebCore::fairPlaySystemID): Deleted. (WebCore::extractSchemeAndKeyIdFromCenc): Deleted. (WebCore::CDMPrivateFairPlayStreaming::extractKeyIDsCenc): Deleted. (WebCore::CDMPrivateFairPlayStreaming::sanitizeCenc): Deleted. * platform/graphics/avfoundation/CDMFairPlayStreaming.h: 2019-06-14 Saam Barati <sbarati@apple.com> Unreviewed. Follow up to r246438. This removes a debug assert until we do further compiler work in: https://bugs.webkit.org/show_bug.cgi?id=198861 * Modules/webgpu/WHLSL/WHLSLCheckDuplicateFunctions.cpp: (WebCore::WHLSL::checkDuplicateFunctions): * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: 2019-06-14 Saam Barati <sbarati@apple.com> [WHLSL] Implement out-of-bounds and nullptr behavior https://bugs.webkit.org/show_bug.cgi?id=198600 <rdar://problem/51668853> Reviewed by Robin Morisset. The behavior we're implementing is: - OOB writes are ignored. - OOB reads return zero. - Writes to null are ignored. - Reads from null return zero. - &*x == x, including &*null == null. We implement this like so: - The value stack in FunctionWriter turns into a stack of pairs: rvalues and lvalues. rvalues are represented the same as before. Lvalues are always pointers. - Anything that produces an lvalue must push a pointer to the stack. Not all things produce lvalues, so that entry in the stack may be empty. However, all things that produce lvalues also produce rvalues. So, "*x = 42" works, and so does "foo(*x)". Nodes that produce lvalues are responsible for also producing an rvalue, which should be the value as if the lvalue was dereferenced at that point in program execution. So the "*x" in "thread int* x = null; *x" produces the int zero for its rvalue, and null for its lvalue. - Dereference just works, as dereference produces both an lvalue and rvalue. Dereference node's child must also be an lvalue. So we just forward that value along on the stack. For the rvalue, if we try to dereference nullptr, we just fill in zero bytes instead. Otherwise, the rvalue is the result of dereferencing the non-null pointer. - Assignment expressions check if the incoming lvalue is null. If it is, it skips the assignment. - operator&[] returns nullptr on an OOB access. Then, based on the above behavior, we get the desired OOB reads return zero, and OOB writes are ignored. - MakePointerExpression just takes the last lvalue off the stack (which must be a pointer) and returns it as an rvalue. - VariableReference will push both the variable value and a pointer to the variable onto the stack. This patch also fixes a few bugs where we weren't giving certain AST nodes the proper address space values. This patch also removes code to generate native functions for operators "operator[]" and "operator[]=" as we should never be generating these ourselves. We should only be generating the "operator&[]" ander. Tests: webgpu/whlsl-null-dereference.html webgpu/whlsl-oob-access.html * Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp: (WebCore::WHLSL::Metal::FunctionDefinitionWriter::FunctionDefinitionWriter): (WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendRightValue): (WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendLeftValue): (WebCore::WHLSL::Metal::FunctionDefinitionWriter::takeLastValue): (WebCore::WHLSL::Metal::FunctionDefinitionWriter::takeLastLeftValue): (WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit): (WebCore::WHLSL::Metal::FunctionDefinitionWriter::emitLoop): * Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp: (WebCore::WHLSL::Metal::writeNativeFunction): * Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.h: * Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.cpp: (WebCore::WHLSL::Metal::TypeNamer::emitUnnamedTypeDefinition): * Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp: (WebCore::WHLSL::PreserveLifetimes::assignVariableIntoStruct): * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: (WebCore::WHLSL::PropertyResolver::visit): * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: * platform/graphics/gpu/cocoa/GPUComputePipelineMetal.mm: (WebCore::trySetFunctions): * platform/graphics/gpu/cocoa/GPURenderPipelineMetal.mm: (WebCore::trySetFunctions): 2019-06-14 Jer Noble <jer.noble@apple.com> CRASH(nullptr) in WebCore::jsAudioContextCurrentTime() https://bugs.webkit.org/show_bug.cgi?id=198859 <rdar://problem/27986991> Reviewed by Eric Carlson. AudioContext's m_destinationNode can become null during iframe teardown, but can AudioContext methods can still be called by JavaScript. Add null-checks to all (remaing) unprotected dereferences of m_destinationNode. * Modules/webaudio/AudioContext.cpp: (WebCore::AudioContext::uninitialize): (WebCore::AudioContext::createBufferSource): (WebCore::AudioContext::createScriptProcessor): (WebCore::AudioContext::createBiquadFilter): (WebCore::AudioContext::createPanner): (WebCore::AudioContext::createConvolver): (WebCore::AudioContext::createDynamicsCompressor): (WebCore::AudioContext::createAnalyser): (WebCore::AudioContext::createGain): (WebCore::AudioContext::createDelay): (WebCore::AudioContext::createChannelSplitter): (WebCore::AudioContext::createChannelMerger): (WebCore::AudioContext::createOscillator): * Modules/webaudio/AudioContext.h: (WebCore::AudioContext::currentSampleFrame const): (WebCore::AudioContext::currentTime const): (WebCore::AudioContext::sampleRate const): 2019-06-14 Youenn Fablet <youenn@apple.com> Cloning a MediaStreamTrack does not clone the logger https://bugs.webkit.org/show_bug.cgi?id=198844 Reviewed by Eric Carlson. Make MediaStream and MediaStreamTrack rely on their private versions for logging. Move from a RefPtr version to a Ref so as to forbid nullptr crashes. Make sure that RealtimeIncomingAudioSource and RealtimeIncomingVideoSource check for their logger before logging. Covered by existing tests and updated test. * Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp: (WebCore::loggerFromContext): (WebCore::CanvasCaptureMediaStreamTrack::CanvasCaptureMediaStreamTrack): * Modules/mediastream/MediaStream.cpp: (WebCore::loggerFromContext): (WebCore::MediaStream::create): (WebCore::MediaStream::MediaStream): * Modules/mediastream/MediaStream.h: * Modules/mediastream/MediaStreamTrack.cpp: (WebCore::MediaStreamTrack::MediaStreamTrack): * Modules/mediastream/MediaStreamTrack.h: * Modules/mediastream/UserMediaRequest.cpp: (WebCore::UserMediaRequest::allow): * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp: (WebCore::LibWebRTCMediaEndpoint::mediaStreamFromRTCStream): * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp: (WebCore::LibWebRTCPeerConnectionBackend::createReceiverForSource): * Modules/webaudio/MediaStreamAudioDestinationNode.cpp: (WebCore::MediaStreamAudioDestinationNode::MediaStreamAudioDestinationNode): * platform/mediastream/MediaStreamPrivate.cpp: (WebCore::MediaStreamPrivate::create): (WebCore::MediaStreamPrivate::MediaStreamPrivate): (WebCore::MediaStreamPrivate::setLogger): Deleted. * platform/mediastream/MediaStreamPrivate.h: * platform/mediastream/MediaStreamTrackPrivate.cpp: (WebCore::MediaStreamTrackPrivate::create): (WebCore::MediaStreamTrackPrivate::MediaStreamTrackPrivate): (WebCore::MediaStreamTrackPrivate::clone): (WebCore::MediaStreamTrackPrivate::setLogger): Deleted. * platform/mediastream/MediaStreamTrackPrivate.h: * platform/mediastream/RealtimeMediaSourceCenter.cpp: (WebCore::RealtimeMediaSourceCenter::createMediaStream): * platform/mediastream/RealtimeMediaSourceCenter.h: * platform/mediastream/mac/RealtimeIncomingAudioSourceCocoa.cpp: (WebCore::RealtimeIncomingAudioSourceCocoa::OnData): * platform/mediastream/mac/RealtimeIncomingVideoSourceCocoa.mm: (WebCore::RealtimeIncomingVideoSourceCocoa::pixelBufferPool): (WebCore::RealtimeIncomingVideoSourceCocoa::pixelBufferFromVideoFrame): (WebCore::RealtimeIncomingVideoSourceCocoa::OnFrame): 2019-06-14 Ali Juma <ajuma@chromium.org> IntersectionObserver rootMargin detection fails when `root` is an element https://bugs.webkit.org/show_bug.cgi?id=198784 Reviewed by Simon Fraser. When computing a target's bounds in root space, we were applying the root's clip rect (if any), and then intersecting with the root rect expanded by the root margin. This meant that if a target did not intersect the non-expanded root rect, we would get an empty intersection even if the target did intersect the expanded root rect. Fix this by not applying the root's clip rect when computing a target's bounds in root space. Add a new VisibleRectContextOption::ApplyContainerClip that determines whether RenderObject::computeVisibleRectInContainer should apply the container's clip. Test: imported/w3c/web-platform-tests/intersection-observer/root-margin-root-element.html * rendering/RenderBox.cpp: (WebCore::RenderBox::applyCachedClipAndScrollPosition const): * rendering/RenderObject.cpp: (WebCore::RenderObject::visibleRectContextForRepaint): * rendering/RenderObject.h: 2019-06-14 Carlos Garcia Campos <cgarcia@igalia.com> [cairo] Entering text into forms on github.com creates a trapezoid artifact https://bugs.webkit.org/show_bug.cgi?id=126124 Reviewed by Michael Catanzaro. Mixing antialiasing modes in the same clip is not actually supported by cairo. In the case of rectangle clips we are already ignoring the current antialiasing to not do any antialiasing. We could do the opposite for clips receiving a path, we want to enforce antialiasing in that case since the paths might contain curves. Doing that we ensure all calls to clip with a path use the same antialiasing, which is the case of the github bug. * platform/graphics/cairo/CairoOperations.cpp: (WebCore::Cairo::doClipWithAntialias): Helper to call cairo_clip() with the given antialising mode. (WebCore::Cairo::clip): Use doClipWithAntialias(). (WebCore::Cairo::clipOut): Ditto. (WebCore::Cairo::clipPath): Ditto. 2019-06-13 Myles C. Maxfield <mmaxfield@apple.com> [WHLSL] Remove unnecessary ASSERT()s and clean up visitor lambdas https://bugs.webkit.org/show_bug.cgi?id=198706 Reviewed by Dean Jackson, Saam Barati, and Robin Morisset. Some minor refactoring. If the code is going to unconditionally downcast<Foo>(bar), there's no need to guard that with an ASSERT(is<Foo>(bar)) because the downcast() call will do that automatically. No new tests because there is no behavior change. * Modules/webgpu/WHLSL/AST/WHLSLConstantExpression.h: (WebCore::WHLSL::AST::ConstantExpression::visit): (WebCore::WHLSL::AST::ConstantExpression::visit const): * Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.cpp: (WebCore::WHLSL::Metal::EntryPointScaffolding::resourceHelperTypes): (WebCore::WHLSL::Metal::EntryPointScaffolding::mangledOutputPath): (WebCore::WHLSL::Metal::EntryPointScaffolding::unpackResourcesAndNamedBuiltIns): * Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp: (WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit): (WebCore::WHLSL::Metal::FunctionDefinitionWriter::constantExpressionString): * Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp: (WebCore::WHLSL::Metal::writeNativeFunction): * Modules/webgpu/WHLSL/Metal/WHLSLNativeTypeWriter.cpp: (WebCore::WHLSL::Metal::writeNativeType): * Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.cpp: (WebCore::WHLSL::Metal::find): (WebCore::WHLSL::Metal::TypeNamer::createNameNode): (WebCore::WHLSL::Metal::TypeNamer::insert): (WebCore::WHLSL::Metal::TypeNamer::emitUnnamedTypeDefinition): (WebCore::WHLSL::Metal::TypeNamer::emitNamedTypeDefinition): * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::Checker::visit): (WebCore::WHLSL::argumentTypeForAndOverload): * Modules/webgpu/WHLSL/WHLSLInferTypes.cpp: (WebCore::WHLSL::inferTypesForTypeArguments): * Modules/webgpu/WHLSL/WHLSLIntrinsics.cpp: (WebCore::WHLSL::Intrinsics::addFullTexture): (WebCore::WHLSL::Intrinsics::addDepthTexture): * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: (WebCore::WHLSL::modify): (WebCore::WHLSL::PropertyResolver::visit): * Modules/webgpu/WHLSL/WHLSLVisitor.cpp: (WebCore::WHLSL::Visitor::visit): 2019-06-12 Myles C. Maxfield <mmaxfield@apple.com> [WHLSL] Hook up compute https://bugs.webkit.org/show_bug.cgi?id=198644 Reviewed by Saam Barati. This patch hooks up compute shaders in exactly the same way that vertex and fragment shaders are hooked up. I've modified the two patchs (compute and rendering) to be almost exactly the same code. This patch also adds support for the WHLSL compiler to determine what the numthreads() attribute in the shader says so that it can be hooked up to Metal's threads-per-threadgroup argument in the dispatch call. There is some logic to make sure that there aren't two numthreads() attributes on the same compute shader. It also adds a little bit of type renaming. For built-in variables, sometimes Metal's type doesn't always match WHLSL's (and HLSL's type). For example, in WHLSL and HLSL, SV_DispatchThreadID variables have to be a float3, but in Metal, they are a uint3. Therefore, I've added a little bit of code during each entry point's pack and unpack stages to handle this type conversion. Test: webgpu/whlsl-compute.html * Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.cpp: (WebCore::WHLSL::Metal::internalTypeForSemantic): Determine which Metal type corresponds to each built-in variable. (WebCore::WHLSL::Metal::EntryPointScaffolding::builtInsSignature): Perform the type conversion. (WebCore::WHLSL::Metal::EntryPointScaffolding::unpackResourcesAndNamedBuiltIns): Ditto. (WebCore::WHLSL::Metal::VertexEntryPointScaffolding::VertexEntryPointScaffolding): Ditto. (WebCore::WHLSL::Metal::VertexEntryPointScaffolding::helperTypes): Ditto. (WebCore::WHLSL::Metal::VertexEntryPointScaffolding::pack): Ditto. (WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::FragmentEntryPointScaffolding): Ditto. (WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::helperTypes): Ditto. (WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::pack): Ditto. (WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::signature): Ditto. * Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.h: * Modules/webgpu/WHLSL/WHLSLComputeDimensions.cpp: Added. Add a pass to determine whether or not any entry point has duplicate numthreads() attribute, and to determine what the appropriate numthreads() values should be for the current entry point. (WebCore::WHLSL::ComputeDimensionsVisitor::ComputeDimensionsVisitor): (WebCore::WHLSL::ComputeDimensionsVisitor::computeDimensions const): (WebCore::WHLSL::computeDimensions): * Modules/webgpu/WHLSL/WHLSLComputeDimensions.h: Copied from Source/WebCore/Modules/webgpu/WHLSL/WHLSLPrepare.h. * Modules/webgpu/WHLSL/WHLSLGatherEntryPointItems.cpp: (WebCore::WHLSL::gatherEntryPointItems): Compute shaders don't need to have a semantic for their return type. * Modules/webgpu/WHLSL/WHLSLPrepare.cpp: (WebCore::WHLSL::prepare): Run the computeDimensions() pass. * Modules/webgpu/WHLSL/WHLSLPrepare.h: * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: In a left-value propertyAccessExpression, the index expression can be a right-value. Treat it as such. (WebCore::WHLSL::LeftValueSimplifier::finishVisiting): (WebCore::WHLSL::LeftValueSimplifier::visit): * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: We need support for multiplication (for a test) and float3 for SV_DispatchThreadID. * Sources.txt: * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: * platform/graphics/gpu/GPUComputePipeline.h: Associate a compute dimensions with a particular compute pipeline. This is how Metal knows what values to use for a dispatch. (WebCore::GPUComputePipeline::computeDimensions const): * platform/graphics/gpu/cocoa/GPUComputePassEncoderMetal.mm: Use the saved compute dimensions. (WebCore::GPUComputePassEncoder::dispatch): * platform/graphics/gpu/cocoa/GPUComputePipelineMetal.mm: Make the code match GPURenderPipelineMetal. (WebCore::trySetMetalFunctions): (WebCore::trySetFunctions): (WebCore::convertComputePipelineDescriptor): (WebCore::tryCreateMTLComputePipelineState): (WebCore::GPUComputePipeline::tryCreate): (WebCore::GPUComputePipeline::GPUComputePipeline): (WebCore::tryCreateMtlComputeFunction): Deleted. * platform/graphics/gpu/cocoa/GPUPipelineMetalConvertLayout.cpp: Added. Moved shared helper functions to a file where they can be accessed by multiple places. (WebCore::convertShaderStageFlags): (WebCore::convertBindingType): (WebCore::convertLayout): * platform/graphics/gpu/cocoa/GPUPipelineMetalConvertLayout.h: Copied from Source/WebCore/Modules/webgpu/WHLSL/WHLSLPrepare.h. * platform/graphics/gpu/cocoa/GPURenderPipelineMetal.mm: Delete the functions that were moved to GPUPipelineMetalConvertLayout. (WebCore::trySetFunctions): (WebCore::tryCreateMtlRenderPipelineState): (WebCore::convertShaderStageFlags): Deleted. (WebCore::convertBindingType): Deleted. (WebCore::convertLayout): Deleted. 2019-06-13 Jer Noble <jer.noble@apple.com> AVKit play button bypasses MediaElementSession playbackPermitted() checks. https://bugs.webkit.org/show_bug.cgi?id=198813 Reviewed by Eric Carlson. HTMLMediaElement::togglePlayState() is an internal-only method that doesn't run playbackPermitted() checks. For our imitation AVPlayerController, translate requests to -togglePlayback: into calls to play() and pause() depending on playback state. * platform/ios/WebAVPlayerController.mm: (-[WebAVPlayerController togglePlayback:]): 2019-06-13 Commit Queue <commit-queue@webkit.org> Unreviewed, rolling out r246396 and r246397. https://bugs.webkit.org/show_bug.cgi?id=198837 Breaks internal builds (Requested by ShawnRoberts on #webkit). Reverted changesets: "[WHLSL] Hook up compute" https://bugs.webkit.org/show_bug.cgi?id=198644 https://trac.webkit.org/changeset/246396 "[WHLSL] Hook up compute" https://bugs.webkit.org/show_bug.cgi?id=198644 https://trac.webkit.org/changeset/246397 2019-06-13 Antti Koivisto <antti@apple.com> twitch.tv: embedded video hovers down the screen when scrolling on iPad https://bugs.webkit.org/show_bug.cgi?id=198832 <rdar://problem/51541439> Reviewed by Simon Fraser. Test: compositing/scrolling/async-overflow-scrolling/overflow-scroll-paint-order-sibling.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollTo): Overflow scroll layer may have composited descendants that are its paint order siblings. We need to invalidate the tree of the paint order parent for compositing update (instead of just the tree of the overflow scroll layer). This matches what RenderLayer::updateLayerPosition() does. 2019-06-13 Youenn Fablet <youenn@apple.com> SocketStreamHandle should not be destroyed in a background thread https://bugs.webkit.org/show_bug.cgi?id=198781 Reviewed by Geoffrey Garen. Make sure to destroy SocketStreamHandle on the main thread since it owns an URL created on the main thread. Covered by WPT websocket tests from https://bugs.webkit.org/show_bug.cgi?id=198774. * platform/network/SocketStreamHandle.cpp: (WebCore::SocketStreamHandle::SocketStreamHandle): * platform/network/SocketStreamHandle.h: 2019-06-13 Antoine Quint <graouts@apple.com> "display: contents" Content click does not trigger https://bugs.webkit.org/show_bug.cgi?id=198559 <rdar://problem/51488524> Reviewed by Antti Koivisto. Test: fast/events/ios/click-event-and-display-contents.html * dom/Element.h: 2019-06-13 Takashi Komori <Takashi.Komori@sony.com> [curl] Remove member objects of CurlRequest not to share by different threads. https://bugs.webkit.org/show_bug.cgi?id=198747 Reviewed by Fujii Hironori. Removed m_certificateInfo and m_networkLoadMetrics. Before patch those objects were updated by different threads. No tests needed, no functionality changes. * platform/network/curl/CurlDownload.cpp: (WebCore::CurlDownload::curlDidReceiveResponse): (WebCore::CurlDownload::curlDidReceiveBuffer): (WebCore::CurlDownload::curlDidComplete): (WebCore::CurlDownload::curlDidFailWithError): * platform/network/curl/CurlDownload.h: * platform/network/curl/CurlRequest.cpp: (WebCore::CurlRequest::start): (WebCore::CurlRequest::didReceiveHeader): (WebCore::CurlRequest::didCompleteTransfer): (WebCore::CurlRequest::invokeDidReceiveResponse): (WebCore::CurlRequest::networkLoadMetrics): (WebCore::CurlRequest::updateNetworkLoadMetrics): Deleted. * platform/network/curl/CurlRequest.h: (WebCore::CurlRequest::setStartTime): (WebCore::CurlRequest::certificateInfo const): Deleted. (WebCore::CurlRequest::networkLoadMetrics const): Deleted. * platform/network/curl/CurlRequestClient.h: * platform/network/curl/CurlResourceHandleDelegate.cpp: (WebCore::CurlResourceHandleDelegate::curlDidSendData): (WebCore::CurlResourceHandleDelegate::curlDidReceiveResponse): (WebCore::CurlResourceHandleDelegate::curlDidReceiveBuffer): (WebCore::CurlResourceHandleDelegate::curlDidComplete): (WebCore::CurlResourceHandleDelegate::curlDidFailWithError): * platform/network/curl/CurlResourceHandleDelegate.h: * platform/network/curl/CurlResponse.h: (WebCore::CurlResponse::isolatedCopy const): * platform/network/curl/ResourceResponseCurl.cpp: (WebCore::ResourceResponse::ResourceResponse): 2019-06-13 Zan Dobersek <zdobersek@igalia.com> [Nicosia] Add SceneIntegration https://bugs.webkit.org/show_bug.cgi?id=198791 Reviewed by Carlos Garcia Campos. Add the SceneIntegration class to the Nicosia namespace, primarily for the purpose of being able to conveniently trigger scene updates whenever changes are done to the state of layers that are included in that scene. Initially this would be used for layer changes done on a scrolling-dedicated thread. Each Nicosia::PlatformLayer can have a SceneIntegration object reference associated. Helper createUpdateScope() method returns a SceneIntegration::UpdateScope instance that triggers an update for the scene when that instance is destroyed (normally when it goes out of the scope). * platform/TextureMapper.cmake: * platform/graphics/nicosia/NicosiaPlatformLayer.h: (Nicosia::PlatformLayer::setSceneIntegration): (Nicosia::PlatformLayer::createUpdateScope): * platform/graphics/nicosia/NicosiaSceneIntegration.cpp: Added. (Nicosia::SceneIntegration::SceneIntegration): (Nicosia::SceneIntegration::~SceneIntegration): (Nicosia::SceneIntegration::setClient): (Nicosia::SceneIntegration::invalidate): (Nicosia::SceneIntegration::requestUpdate): (Nicosia::SceneIntegration::createUpdateScope): (Nicosia::SceneIntegration::UpdateScope::UpdateScope): (Nicosia::SceneIntegration::UpdateScope::~UpdateScope): * platform/graphics/nicosia/NicosiaSceneIntegration.h: Added. 2019-06-13 Philippe Normand <pnormand@igalia.com> [GStreamer] HLS stream slow start https://bugs.webkit.org/show_bug.cgi?id=198377 Reviewed by Xabier Rodriguez-Calvar. * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp: (webKitWebSrcCreate): Cut down the adapter condition to 200 ms to improve start-up times for HLS playback. 2019-06-13 Ludovico de Nittis <ludovico.denittis@collabora.com> [GTK] gdk_display_get_device_manager and gdk_screen_get_width/height are deprecated https://bugs.webkit.org/show_bug.cgi?id=198822 Reviewed by Carlos Garcia Campos. GdkSeat and GdkRectangle should be used, respectively. No behaviour changes. * platform/gtk/GtkVersioning.c: (getDefaultGDKPointerDevice): (getScreenWorkArea): 2019-06-12 Antoine Quint <graouts@apple.com> [WHLSL] Hook up compute https://bugs.webkit.org/show_bug.cgi?id=198644 Unreviewed build fix. Release iOS build would complain that pipelineState was unused. * platform/graphics/gpu/cocoa/GPUComputePassEncoderMetal.mm: (WebCore::GPUComputePassEncoder::dispatch): 2019-06-12 Myles C. Maxfield <mmaxfield@apple.com> [WHLSL] Hook up compute https://bugs.webkit.org/show_bug.cgi?id=198644 Reviewed by Saam Barati. This patch hooks up compute shaders in exactly the same way that vertex and fragment shaders are hooked up. I've modified the two patchs (compute and rendering) to be almost exactly the same code. This patch also adds support for the WHLSL compiler to determine what the numthreads() attribute in the shader says so that it can be hooked up to Metal's threads-per-threadgroup argument in the dispatch call. There is some logic to make sure that there aren't two numthreads() attributes on the same compute shader. It also adds a little bit of type renaming. For built-in variables, sometimes Metal's type doesn't always match WHLSL's (and HLSL's type). For example, in WHLSL and HLSL, SV_DispatchThreadID variables have to be a float3, but in Metal, they are a uint3. Therefore, I've added a little bit of code during each entry point's pack and unpack stages to handle this type conversion. Test: webgpu/whlsl-compute.html * Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.cpp: (WebCore::WHLSL::Metal::internalTypeForSemantic): Determine which Metal type corresponds to each built-in variable. (WebCore::WHLSL::Metal::EntryPointScaffolding::builtInsSignature): Perform the type conversion. (WebCore::WHLSL::Metal::EntryPointScaffolding::unpackResourcesAndNamedBuiltIns): Ditto. (WebCore::WHLSL::Metal::VertexEntryPointScaffolding::VertexEntryPointScaffolding): Ditto. (WebCore::WHLSL::Metal::VertexEntryPointScaffolding::helperTypes): Ditto. (WebCore::WHLSL::Metal::VertexEntryPointScaffolding::pack): Ditto. (WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::FragmentEntryPointScaffolding): Ditto. (WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::helperTypes): Ditto. (WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::pack): Ditto. (WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::signature): Ditto. * Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.h: * Modules/webgpu/WHLSL/WHLSLComputeDimensions.cpp: Added. Add a pass to determine whether or not any entry point has duplicate numthreads() attribute, and to determine what the appropriate numthreads() values should be for the current entry point. (WebCore::WHLSL::ComputeDimensionsVisitor::ComputeDimensionsVisitor): (WebCore::WHLSL::ComputeDimensionsVisitor::computeDimensions const): (WebCore::WHLSL::computeDimensions): * Modules/webgpu/WHLSL/WHLSLComputeDimensions.h: Copied from Source/WebCore/Modules/webgpu/WHLSL/WHLSLPrepare.h. * Modules/webgpu/WHLSL/WHLSLGatherEntryPointItems.cpp: (WebCore::WHLSL::gatherEntryPointItems): Compute shaders don't need to have a semantic for their return type. * Modules/webgpu/WHLSL/WHLSLPrepare.cpp: (WebCore::WHLSL::prepare): Run the computeDimensions() pass. * Modules/webgpu/WHLSL/WHLSLPrepare.h: * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: In a left-value propertyAccessExpression, the index expression can be a right-value. Treat it as such. (WebCore::WHLSL::LeftValueSimplifier::finishVisiting): (WebCore::WHLSL::LeftValueSimplifier::visit): * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: We need support for multiplication (for a test) and float3 for SV_DispatchThreadID. * Sources.txt: * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: * platform/graphics/gpu/GPUComputePipeline.h: Associate a compute dimensions with a particular compute pipeline. This is how Metal knows what values to use for a dispatch. (WebCore::GPUComputePipeline::computeDimensions const): * platform/graphics/gpu/cocoa/GPUComputePassEncoderMetal.mm: Use the saved compute dimensions. (WebCore::GPUComputePassEncoder::dispatch): * platform/graphics/gpu/cocoa/GPUComputePipelineMetal.mm: Make the code match GPURenderPipelineMetal. (WebCore::trySetMetalFunctions): (WebCore::trySetFunctions): (WebCore::convertComputePipelineDescriptor): (WebCore::tryCreateMTLComputePipelineState): (WebCore::GPUComputePipeline::tryCreate): (WebCore::GPUComputePipeline::GPUComputePipeline): (WebCore::tryCreateMtlComputeFunction): Deleted. * platform/graphics/gpu/cocoa/GPUPipelineMetalConvertLayout.cpp: Added. Moved shared helper functions to a file where they can be accessed by multiple places. (WebCore::convertShaderStageFlags): (WebCore::convertBindingType): (WebCore::convertLayout): * platform/graphics/gpu/cocoa/GPUPipelineMetalConvertLayout.h: Copied from Source/WebCore/Modules/webgpu/WHLSL/WHLSLPrepare.h. * platform/graphics/gpu/cocoa/GPURenderPipelineMetal.mm: Delete the functions that were moved to GPUPipelineMetalConvertLayout. (WebCore::trySetFunctions): (WebCore::tryCreateMtlRenderPipelineState): (WebCore::convertShaderStageFlags): Deleted. (WebCore::convertBindingType): Deleted. (WebCore::convertLayout): Deleted. 2019-06-12 Myles C. Maxfield <mmaxfield@apple.com> [WHLSL] Implement array references https://bugs.webkit.org/show_bug.cgi?id=198163 Reviewed by Saam Barati. The compiler automatically generates anders for every array reference. Luckily, the infrastructure to generate those anders and emit Metal code to represent them already exists in the compiler. There are two pieces remaining (which this patch implements): 1. The JavaScript compiler has a behavior where anders that are called with an array reference as an argument don't wrap the argument in a MakePointerExpression. This is because the array reference is already a reference type, so it's silly to operate on a pointer to a reference. This patch implements this by teaching the type checker about which types should be passed to the ander call, and by actually constructing those types in the property resolver. The property resolver does this by placing the logic to construct an ander argument in a single function which also has logic to save the argument in a temporary if the thread ander will be called. The semantics about which functions are called in which situations are not changed; instead, we just simply don't wrap array references with MakePointerExpressions. 2. Creating a bind group from the WebGPU API has to retain information about buffer lengths for each buffer so the shader can properly perform bounds checks. This can be broken down into a few pieces: - Creating a bind group layout has to assign extra id indexes for each buffer which will be filled in to represent the buffer's length - Creating the bind group itself needs to fill in the buffer length into the Metal argument buffer - The shader compiler needs to emit code at the beginning of entry point to find the buffer lengths and pack them together into the array reference (array references correspond to a Metal struct with two fields: a pointer and a length). This patch doesn't actually implement bounds checks themselves; it just hooks up the buffer lengths so https://bugs.webkit.org/show_bug.cgi?id=198600 can implement it. The shader compiler's API is modified to allow for this extra buffer length information to be passed in from the WebGPU implementation. Unfortunately, I don't think I could split this patch up into two pieces because both are required to test the compiler with buffers. Tests: webgpu/whlsl-buffer-fragment.html webgpu/whlsl-buffer-vertex.html * Modules/webgpu/WHLSL/AST/WHLSLPropertyAccessExpression.h: (WebCore::WHLSL::AST::PropertyAccessExpression::baseReference): * Modules/webgpu/WHLSL/AST/WHLSLResourceSemantic.cpp: (WebCore::WHLSL::AST::ResourceSemantic::isAcceptableType const): Arrays can't be resources because the compiler has no way of guaranteeing if the resource is long enough to hold the array at compile time. * Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.cpp: (WebCore::WHLSL::Metal::EntryPointScaffolding::EntryPointScaffolding): Generate an extra variable name to represent the buffer length. Only do it for resources which have lengths. (WebCore::WHLSL::Metal::EntryPointScaffolding::resourceHelperTypes): (WebCore::WHLSL::Metal::EntryPointScaffolding::unpackResourcesAndNamedBuiltIns): Perform the appropriate math to turn byte lengths into element counts and store the element count in the array reference. * Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.h: * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::resolveWithOperatorAnderIndexer): Refactor. (WebCore::WHLSL::resolveWithOperatorLength): Ditto. (WebCore::WHLSL::resolveWithReferenceComparator): Ditto. (WebCore::WHLSL::resolveByInstantiation): Ditto. (WebCore::WHLSL::argumentTypeForAndOverload): Given an ander, what should the type of the argument be? (WebCore::WHLSL::Checker::finishVisiting): Call argumentTypeForAndOverload(). Also, if we couldn't find an ander, try automatically generating it, the same way that function calls do. (This is how array references get their anders.) (WebCore::WHLSL::Checker::visit): * Modules/webgpu/WHLSL/WHLSLPipelineDescriptor.h: New WHLSL API to provide the length information. * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: (WebCore::WHLSL::PropertyResolver::visit): SimplifyRightValue() can't fail any more. (WebCore::WHLSL::wrapAnderCallArgument): If the ander argument should be wrapped in a MakePointer or a MakeArrayReference, do that. Also, if the ander is a thread ander, save the argument in a local variable and use that. (WebCore::WHLSL::anderCallArgument): The equivalent of argumentTypeForAndOverload(). (WebCore::WHLSL::setterCall): Call anderCallArgument(). (WebCore::WHLSL::getterCall): Ditto. (WebCore::WHLSL::modify): We used to have special-case code for handling pointer-to-argument values as distinct from just the argument values themselves. However, emitting chains of &* operators is valid and won't even make it through the Metal code generator after https://bugs.webkit.org/show_bug.cgi?id=198600 is fixed. So, in order to simplify wrapAnderCallArgument(), don't special case these values and just create &* chains instead. (WebCore::WHLSL::PropertyResolver::simplifyRightValue): (WebCore::WHLSL::LeftValueSimplifier::finishVisiting): Call anderCallArgument(). * Modules/webgpu/WHLSL/WHLSLSemanticMatcher.cpp: Update to support the new compiler API. (WebCore::WHLSL::matchMode): (WebCore::WHLSL::matchResources): * Modules/webgpu/WebGPUBindGroupDescriptor.cpp: Ditto. (WebCore::WebGPUBindGroupDescriptor::tryCreateGPUBindGroupDescriptor const): * platform/graphics/gpu/GPUBindGroupLayout.h: Add some internal implementation data inside the bindings object. Use a Variant to differentiate between the various bindings types, and put the extra length field on just those members of the variant that represent buffers. * platform/graphics/gpu/cocoa/GPUBindGroupLayoutMetal.mm: Update to support the new compiler API. (WebCore::argumentDescriptor): (WebCore::GPUBindGroupLayout::tryCreate): * platform/graphics/gpu/cocoa/GPUBindGroupMetal.mm: Ditto. (WebCore::setBufferOnEncoder): (WebCore::GPUBindGroup::tryCreate): * platform/graphics/gpu/cocoa/GPURenderPipelineMetal.mm: Ditto. (WebCore::convertBindingType): (WebCore::convertLayout): 2019-06-12 Carlos Garcia Campos <cgarcia@igalia.com> [cairo][SVG] If clipPath has multiple elements, clip-path doesn't work with transform https://bugs.webkit.org/show_bug.cgi?id=198746 Reviewed by Don Olmstead. We need to save the current transformation matrix at the moment the image mask is set and set it again on restore right before applying the mask. This patch also creates a pattern for the image mask surface and set its transformation matrix according to the mask position, so that we don't need to save the mask rectangle too. Tests: svg/clip-path/clip-hidpi-expected.svg svg/clip-path/clip-hidpi.svg svg/clip-path/clip-opacity-translate-expected.svg svg/clip-path/clip-opacity-translate.svg * platform/graphics/cairo/PlatformContextCairo.cpp: (WebCore::PlatformContextCairo::restore): (WebCore::PlatformContextCairo::pushImageMask): 2019-06-12 Simon Fraser <simon.fraser@apple.com> paddingBoxRect() is wrong with RTL scrollbars on the left https://bugs.webkit.org/show_bug.cgi?id=198816 Reviewed by Jon Lee. RenderBox::paddingBoxRect() needs to offset the left side of the box for the vertical scrollbar, if it's placed on the left. Test: compositing/geometry/rtl-overflow-scroll.html * rendering/RenderBox.cpp: (WebCore::RenderBox::paddingBoxRect const): * rendering/RenderBox.h: (WebCore::RenderBox::paddingBoxRect const): Deleted. * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateGeometry): * rendering/RenderListBox.cpp: (WebCore::RenderListBox::controlClipRect const): 2019-06-12 Youenn Fablet <youenn@apple.com> Use NSURLSession for WebSocket https://bugs.webkit.org/show_bug.cgi?id=198568 Reviewed by Geoffrey Garen. Add a runtime flag to either choose the new WebSocket code path or the previously existing one. The switch is done at WebSocket channel API level which offers the necessary high level API to abstract the two code paths. By default, we continue using the current WebSocket implementation. Covered by manual testing on current WebSocket tests. * Modules/websockets/ThreadableWebSocketChannel.cpp: (WebCore::ThreadableWebSocketChannel::create): * Modules/websockets/WebSocketChannel.cpp: (WebCore::WebSocketChannel::document): * Modules/websockets/WebSocketChannel.h: * WebCore.xcodeproj/project.pbxproj: * page/RuntimeEnabledFeatures.h: (WebCore::RuntimeEnabledFeatures::isNSURLSessionWebSocketEnabled const): (WebCore::RuntimeEnabledFeatures::setIsNSURLSessionWebSocketEnabled): * page/SocketProvider.cpp: (WebCore::SocketProvider::createWebSocketChannel): * page/SocketProvider.h: 2019-06-12 Myles C. Maxfield <mmaxfield@apple.com> [WHLSL] Educate the property resolver about IndexExpressions https://bugs.webkit.org/show_bug.cgi?id=198399 Reviewed by Saam Barati. This is part one of two patches which will allow buffers to work. This patch adds support in the property resolver for index expressions. Index expressions get turned into calls to "getter indexers", "setter indexers", or "ander indexers". They work almost identically to dot expressions, except there is an extra "index" expression which gets turned into an extra argument to those functions. There's actually a bit of a trick here. Let's say we need to run a getter and a setter separately (e.g. "foo[3]++;"). The index expression can't be duplicated for both the getter and the setter (e.g. the functions are int operator[](Foo, uint) and Foo operator[]=(Foo, uint, int), and we aren't allowed to execute the index expression multiple times. Consider if that "3" in the example is actually "bar()" with some side effect. So, we have to run the index expression once at the correct time, and save its result to a temporary variable, and then pass in the temporary variable into the getter and setter. So, if the code says "foo[bar()][baz()] = quux();" the following sequence of functions get run: - bar() - operator[](Foo, uint) - baz() - quux() - operator[]=(OtherType, uint, OtherOtherType) - operator[]=(Foo, uint, OtherType) The next patch will modify the WebGPU JavaScript implementation to send buffer lengths to the shader, and for the shader compiler to correctly unpack this information and place it inside the array references. That should be everything that's needed to get buffers to work. After that, hooking up compute should be fairly trivial. Tests: webgpu/propertyresolver/ander-abstract-lvalue.html webgpu/propertyresolver/ander-lvalue-3-levels.html webgpu/propertyresolver/ander-lvalue.html webgpu/propertyresolver/ander.html webgpu/propertyresolver/getter.html webgpu/propertyresolver/indexer-ander-abstract-lvalue.html webgpu/propertyresolver/indexer-ander-lvalue-3-levels.html webgpu/propertyresolver/indexer-ander-lvalue.html webgpu/propertyresolver/indexer-ander.html webgpu/propertyresolver/indexer-getter.html webgpu/propertyresolver/indexer-setter-abstract-lvalue-3-levels.html webgpu/propertyresolver/indexer-setter-abstract-lvalue.html webgpu/propertyresolver/indexer-setter-lvalue.html webgpu/propertyresolver/indexer-setter.html webgpu/propertyresolver/setter-abstract-lvalue-3-levels.html webgpu/propertyresolver/setter-abstract-lvalue.html webgpu/propertyresolver/setter-lvalue.html * Modules/webgpu/WHLSL/AST/WHLSLAddressSpace.h: (WebCore::WHLSL::AST::toString): * Modules/webgpu/WHLSL/AST/WHLSLEntryPointType.h: (WebCore::WHLSL::AST::toString): * Modules/webgpu/WHLSL/AST/WHLSLIndexExpression.h: (WebCore::WHLSL::AST::IndexExpression::takeIndex): * Modules/webgpu/WHLSL/AST/WHLSLReferenceType.h: * Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp: (WebCore::WHLSL::Metal::writeNativeFunction): (WebCore::WHLSL::Metal::convertAddressSpace): Deleted. * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::checkOperatorOverload): (WebCore::WHLSL::Checker::finishVisiting): (WebCore::WHLSL::Checker::visit): * Modules/webgpu/WHLSL/WHLSLInferTypes.h: * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: (WebCore::WHLSL::PropertyResolver::visit): (WebCore::WHLSL::setterCall): (WebCore::WHLSL::getterCall): (WebCore::WHLSL::modify): (WebCore::WHLSL::PropertyResolver::simplifyRightValue): (WebCore::WHLSL::LeftValueSimplifier::finishVisiting): (WebCore::WHLSL::LeftValueSimplifier::visit): * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: * Modules/webgpu/WHLSL/WHLSLSynthesizeStructureAccessors.cpp: (WebCore::WHLSL::synthesizeStructureAccessors): 2019-06-12 Devin Rousso <drousso@apple.com> Web Inspector: artificial context menus don't work when Web Inspector is zoomed https://bugs.webkit.org/show_bug.cgi?id=198801 Reviewed by Joseph Pecoraro. * inspector/InspectorFrontendHost.cpp: (WebCore::InspectorFrontendHost::dispatchEventAsContextMenuEvent): Use the `absoluteLocation` of the `MouseEvent`, which takes into account zoom and scale. 2019-06-12 Sam Weinig <weinig@apple.com> Remove dead code in user agent construction https://bugs.webkit.org/show_bug.cgi?id=198802 Reviewed by Anders Carlsson. * page/NavigatorBase.cpp: (WebCore::NavigatorBase::platform const): Drop dead architures. 2019-06-12 Ludovico de Nittis <ludovico.denittis@collabora.com> [GTK] GTK_STOCK_* types have been deprecated since GTK 3.10 https://bugs.webkit.org/show_bug.cgi?id=198787 Reviewed by Michael Catanzaro. No behaviour changes. * platform/graphics/gtk/IconGtk.cpp: (WebCore::lookupIconName): * platform/graphics/gtk/ImageGtk.cpp: (WebCore::loadMissingImageIconFromTheme): 2019-06-12 Antti Koivisto <antti@apple.com> (Async scrolling) Handle 'position:fixed' inside 'position:sticky' correctly. https://bugs.webkit.org/show_bug.cgi?id=198788 <rdar://problem/51589759> Reviewed by Simon Fraser. Handle 'position:fixed' inside 'position:sticky' correctly. Also fix nested 'position:fixed' in case where there is an overflow scroller between them. Tests: scrollingcoordinator/ios/fixed-inside-overflow-inside-fixed.html scrollingcoordinator/ios/fixed-inside-sticky-frame.html scrollingcoordinator/ios/fixed-inside-sticky-no-stacking-context-2.html scrollingcoordinator/ios/fixed-inside-sticky-no-stacking-context.html scrollingcoordinator/ios/fixed-inside-sticky-stacking-context.html * page/scrolling/cocoa/ScrollingTreeFixedNode.mm: (WebCore::ScrollingTreeFixedNode::applyLayerPositions): Take offsets from sticky nodes into account. * page/scrolling/cocoa/ScrollingTreeStickyNode.h: (WebCore::ScrollingTreeStickyNode::layer): * page/scrolling/cocoa/ScrollingTreeStickyNode.mm: (WebCore::ScrollingTreeStickyNode::computeLayerPosition const): Factor into a function. (WebCore::ScrollingTreeStickyNode::applyLayerPositions): (WebCore::ScrollingTreeStickyNode::scrollDeltaSinceLastCommit const): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::isViewportConstrainedFixedOrStickyLayer const): We need to generate a scrolling tree node for position:fixed in nested case if there is an overflow scroller between the layers. 2019-06-12 Truitt Savell <tsavell@apple.com> Unreviewed, rolling out r246350. r246350 Introduced a failing and timing out test svg/clip-path /clip-hidpi.svg Reverted changeset: "[cairo][SVG] If clipPath has multiple elements, clip-path doesn't work with transform" https://bugs.webkit.org/show_bug.cgi?id=198746 https://trac.webkit.org/changeset/246350 2019-06-12 Carlos Garcia Campos <cgarcia@igalia.com> [cairo][SVG] If clipPath has multiple elements, clip-path doesn't work with transform https://bugs.webkit.org/show_bug.cgi?id=198746 <rdar://problem/51665805> Reviewed by Don Olmstead. We need to save the current transformation matrix at the moment the image mask is set and set it again on restore right before applying the mask. This patch also creates a pattern for the image mask surface and set its transformation matrix according to the mask position, so that we don't need to save the mask rectangle too. Tests: svg/clip-path/clip-hidpi-expected.svg svg/clip-path/clip-hidpi.svg svg/clip-path/clip-opacity-translate-expected.svg svg/clip-path/clip-opacity-translate.svg * platform/graphics/cairo/PlatformContextCairo.cpp: (WebCore::PlatformContextCairo::restore): (WebCore::PlatformContextCairo::pushImageMask): 2019-06-11 Wenson Hsieh <wenson_hsieh@apple.com> [iOS] Idempotent text autosizing needs to react properly to viewport changes https://bugs.webkit.org/show_bug.cgi?id=198736 <rdar://problem/50591911> Reviewed by Zalan Bujtas. Minor refactoring and some adjustments around StyleResolver::adjustRenderStyleForTextAutosizing. See below for more details, as well as the WebKit ChangeLog. Test: fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-after-changing-initial-scale.html * css/StyleResolver.cpp: (WebCore::StyleResolver::adjustRenderStyleForTextAutosizing): Rewrite this using early return statements, to make it easier to debug why elements fall out of text autosizing. Additionally, this function currently bails if the initial scale is exactly 1, whereas we can really avoid text autosizing in the case where the initial scale is at least 1; handle this by making idempotentTextSize return immediately with the specified size, in the case where the scale is at least 1. Lastly, remove the null check for element by making this method take an Element&, and only call this from adjustRenderStyle if the element is nonnull (which matches adjustRenderStyleForSiteSpecificQuirks). (WebCore::StyleResolver::adjustRenderStyle): * css/StyleResolver.h: * rendering/style/TextSizeAdjustment.cpp: (WebCore::AutosizeStatus::idempotentTextSize): 2019-06-11 Timothy Hatcher <timothy@apple.com> Flash when tapping compose button after switching to/from dark mode without restarting Mail. https://bugs.webkit.org/show_bug.cgi?id=198769 rdar://problem/51370037 Reviewed by Tim Horton. * WebCore.xcodeproj/project.pbxproj: Make LocalCurrentTraitCollection.h a private header. 2019-06-11 Commit Queue <commit-queue@webkit.org> Unreviewed, rolling out r246320. https://bugs.webkit.org/show_bug.cgi?id=198773 New test is failing, and commit is causing another test to fail. (Requested by ShawnRoberts on #webkit). Reverted changeset: "Web Inspector: AXI: Audit: image label test is throwing spurious errors on elements with existing alt attr, but no value: <img alt>" https://bugs.webkit.org/show_bug.cgi?id=194754 https://trac.webkit.org/changeset/246320 2019-06-11 Devin Rousso <drousso@apple.com> Sort the computed styles list https://bugs.webkit.org/show_bug.cgi?id=198743 Reviewed by Simon Fraser * css/CSSComputedStyleDeclaration.cpp: 2019-06-11 Michael Catanzaro <mcatanzaro@igalia.com> Unreviewed build warning fixes Silence -Wunused-parameter warning * testing/Internals.cpp: (WebCore::Internals::storeRegistrationsOnDisk): 2019-06-10 Simon Fraser <simon.fraser@apple.com> Add logging for UI-side compositing hit-testing https://bugs.webkit.org/show_bug.cgi?id=198739 Reviewed by Antti Koivisto. Export the TextStream output operator. * platform/TouchAction.h: 2019-06-11 Greg Doolittle <gr3g@apple.com> Web Inspector: AXI: Audit: image label test is throwing spurious errors on elements with existing alt attr, but no value: <img alt> https://bugs.webkit.org/show_bug.cgi?id=194754 <rdar://problem/48144534> Reviewed by Chris Fleizach. Tests: accessibility/img-alt-attribute-empty-string.html accessibility/img-alt-attribute-no-value.html * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::computedRoleString const): 2019-06-11 Sihui Liu <sihui_liu@apple.com> Add a quirk for washingtonpost.com and nytimes.com https://bugs.webkit.org/show_bug.cgi?id=198678 Reviewed by Geoffrey Garen. Covered by manual test. * page/Quirks.cpp: (WebCore::Quirks::hasWebSQLSupportQuirk const): 2019-06-11 Devin Rousso <drousso@apple.com> Include `touch-action` in the computed styles list https://bugs.webkit.org/show_bug.cgi?id=198742 Reviewed by Antoine Quint. * css/CSSComputedStyleDeclaration.cpp: 2019-06-11 Michael Catanzaro <mcatanzaro@igalia.com> tu-berlin university email web interface (Outlook Web App) goes directly to the light version instead of the normal web app https://bugs.webkit.org/show_bug.cgi?id=198749 Reviewed by Carlos Garcia Campos. Add user agent quirk for exchange.tu-berlin.de, which has lost the right to receive an accurate user agent from WebKit. * platform/UserAgentQuirks.cpp: (WebCore::urlRequiresMacintoshPlatform): 2019-06-11 Youenn Fablet <youenn@apple.com> MediaStreamAudioSourceNode::setFormat should check for m_sourceSampleRate equality https://bugs.webkit.org/show_bug.cgi?id=198740 <rdar://problem/47088939> Reviewed by Eric Carlson. Covered by tests that are now passing. * Modules/webaudio/MediaStreamAudioSourceNode.cpp: (WebCore::MediaStreamAudioSourceNode::setFormat): 2019-06-11 Ludovico de Nittis <ludovico.denittis@collabora.com> [GTK] Replace gdk_screen_get_monitor_geometry and gdk_screen_get_monitor_workarea https://bugs.webkit.org/show_bug.cgi?id=198750 Reviewed by Carlos Garcia Campos. Since GTK 3.22 gdk_screen_get_monitor_geometry and gdk_screen_get_monitor_workarea has been deprecated. No behavior change. * platform/gtk/PlatformScreenGtk.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): 2019-06-11 Fujii Hironori <Hironori.Fujii@sony.com> [cairo][SVG] Putting multiple path elements in clippath causes rendering artifacts https://bugs.webkit.org/show_bug.cgi?id=198701 PlatformContextCairo::pushImageMask blits wrong position of the surface to the background of masking objects. And, I don't know the reason why this blitting is needed. Removed the blitting. Reviewed by Carlos Garcia Campos. Tests: svg/clip-path/clip-opacity.html svg/clip-path/svg-in-html.html * platform/graphics/cairo/PlatformContextCairo.cpp: (WebCore::PlatformContextCairo::pushImageMask): Don't blit the surface to the background. 2019-06-10 Fujii Hironori <Hironori.Fujii@sony.com> [WinCairo][MediaFoundation] Remove the unused video window https://bugs.webkit.org/show_bug.cgi?id=198523 Reviewed by Don Olmstead. Remove the video window which had been unused since Bug 150941. No behavior change. * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp: (WebCore::MediaPlayerPrivateMediaFoundation::MediaPlayerPrivateMediaFoundation): (WebCore::MediaPlayerPrivateMediaFoundation::~MediaPlayerPrivateMediaFoundation): (WebCore::MediaPlayerPrivateMediaFoundation::setSize): (WebCore::MediaPlayerPrivateMediaFoundation::paint): (WebCore::MediaPlayerPrivateMediaFoundation::hostWindow): (WebCore::MediaPlayerPrivateMediaFoundation::createOutputNode): (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::setVideoWindow): (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::setDestinationRect): (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::createVideoSamples): (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::presentSample): (WebCore::MediaPlayerPrivateMediaFoundation::VideoViewWndProc): Deleted. (WebCore::MediaPlayerPrivateMediaFoundation::registerVideoWindowClass): Deleted. (WebCore::MediaPlayerPrivateMediaFoundation::createVideoWindow): Deleted. (WebCore::MediaPlayerPrivateMediaFoundation::destroyVideoWindow): Deleted. (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::presentSwapChain): Deleted. (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::updateDestRect): Deleted. * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h: 2019-06-10 Simon Fraser <simon.fraser@apple.com> Add visualization of touch action regions https://bugs.webkit.org/show_bug.cgi?id=198718 Reviewed by Antoine Quint. Add a way to show which elements of the page have touch-action set on them by painting an overlay with small text that shows the type of action(s). The event regions are painted into GraphicsLayers at paint time in RenderLayerBacking by making a pattern image and filling the region rects with the pattern. * page/DebugPageOverlays.cpp: (WebCore::touchEventRegionColors): * rendering/EventRegion.cpp: (WebCore::EventRegion::regionForTouchAction const): * rendering/EventRegion.h: (WebCore::EventRegion::region const): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateEventRegion): (WebCore::patternForTouchAction): (WebCore::RenderLayerBacking::paintContents): 2019-06-10 Basuke Suzuki <Basuke.Suzuki@sony.com> Web Inspector: DNS names in SymmaryInfo was wrong. https://bugs.webkit.org/show_bug.cgi?id=198732 Reviewed by Devin Rousso. * inspector/agents/InspectorNetworkAgent.cpp: (WebCore::InspectorNetworkAgent::buildObjectForResourceResponse): 2019-06-10 Michael Catanzaro <mcatanzaro@igalia.com> [GTK] 2.25.1 does not build on 32-bit ARM due to bit-packing assertion, requires -DENABLE_DARK_MODE_CSS=OFF https://bugs.webkit.org/show_bug.cgi?id=198274 Reviewed by Timothy Hatcher. Rather than reorder everything in StyleRareInheritedData, let's slightly increase the size of GreaterThanOrSameSizeAsStyleRareInheritedData to allow the static assert to pass. At the same time, remove an obsolote iOS-specific member that is probably no longer needed. * rendering/style/StyleRareInheritedData.cpp: 2019-06-10 Sam Weinig <weinig@apple.com> Remove Dashboard support https://bugs.webkit.org/show_bug.cgi?id=198615 Reviewed by Ryosuke Niwa. * Configurations/FeatureDefines.xcconfig: * WebCore.xcodeproj/project.pbxproj: * css/CSSCalculationValue.cpp: (WebCore::hasDoubleValue): * css/CSSComputedStyleDeclaration.cpp: (WebCore::ComputedStyleExtractor::valueForPropertyInStyle): * css/CSSPrimitiveValue.cpp: (WebCore::isValidCSSUnitTypeForDoubleConversion): (WebCore::isStringType): (WebCore::CSSPrimitiveValue::cleanup): (WebCore::CSSPrimitiveValue::formatNumberForCustomCSSText const): (WebCore::CSSPrimitiveValue::equals const): * css/CSSPrimitiveValue.h: * css/CSSProperties.json: * css/CSSValueKeywords.in: * css/DashboardRegion.h: Removed. * css/StyleBuilderCustom.h: (WebCore::convertToIntLength): Deleted. (WebCore::StyleBuilderCustom::applyValueWebkitDashboardRegion): Deleted. * css/StyleResolver.cpp: * css/parser/CSSPropertyParser.cpp: (WebCore::CSSPropertyParser::parseSingleValue): (WebCore::consumeWebkitDashboardRegion): Deleted. * dom/DataTransfer.cpp: (WebCore::DataTransfer::createForUpdatingDropTarget): * dom/Document.cpp: (WebCore::Document::invalidateRenderingDependentRegions): (WebCore::Document::annotatedRegions const): Deleted. (WebCore::Document::setAnnotatedRegions): Deleted. (WebCore::Document::updateAnnotatedRegions): Deleted. (WebCore::Document::invalidateScrollbarDependentRegions): Deleted. (WebCore::Document::updateZOrderDependentRegions): Deleted. * dom/Document.h: (WebCore::Document::setHasAnnotatedRegions): Deleted. (WebCore::Document::setAnnotatedRegionsDirty): Deleted. (WebCore::Document::annotatedRegionsDirty const): Deleted. (WebCore::Document::hasAnnotatedRegions const): Deleted. * html/HTMLCanvasElement.cpp: (WebCore::HTMLCanvasElement::createContext2d): * html/HTMLEmbedElement.cpp: (WebCore::HTMLEmbedElement::rendererIsNeeded): * html/HTMLImageLoader.cpp: (WebCore::HTMLImageLoader::sourceURI const): * html/canvas/CanvasGradient.cpp: (WebCore::CanvasGradient::addColorStop): * html/canvas/CanvasGradient.h: (WebCore::CanvasGradient::setDashboardCompatibilityMode): Deleted. (): Deleted. * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::create): (WebCore::CanvasRenderingContext2D::CanvasRenderingContext2D): * html/canvas/CanvasRenderingContext2D.h: * html/canvas/CanvasRenderingContext2DBase.cpp: (WebCore::CanvasRenderingContext2DBase::CanvasRenderingContext2DBase): (WebCore::CanvasRenderingContext2DBase::fill): (WebCore::CanvasRenderingContext2DBase::stroke): (WebCore::CanvasRenderingContext2DBase::clip): (WebCore::CanvasRenderingContext2DBase::createLinearGradient): (WebCore::CanvasRenderingContext2DBase::createRadialGradient): (WebCore::CanvasRenderingContext2DBase::prepareGradientForDashboard const): Deleted. (WebCore::CanvasRenderingContext2DBase::clearPathForDashboardBackwardCompatibilityMode): Deleted. * html/canvas/CanvasRenderingContext2DBase.h: * html/canvas/OffscreenCanvasRenderingContext2D.cpp: (WebCore::OffscreenCanvasRenderingContext2D::OffscreenCanvasRenderingContext2D): * html/canvas/PaintRenderingContext2D.cpp: (WebCore::PaintRenderingContext2D::PaintRenderingContext2D): * page/Chrome.cpp: (WebCore::ChromeClient::annotatedRegionsChanged): Deleted. * page/ChromeClient.h: * page/FrameView.cpp: (WebCore::FrameView::didLayout): (WebCore::FrameView::didPaintContents): * page/Settings.yaml: * page/mac/EventHandlerMac.mm: (WebCore::EventHandler::needsKeyboardEventDisambiguationQuirks const): * rendering/RenderInline.cpp: (WebCore::RenderInline::addAnnotatedRegions): Deleted. * rendering/RenderInline.h: * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollTo): (WebCore::RenderLayer::setHasHorizontalScrollbar): (WebCore::RenderLayer::setHasVerticalScrollbar): (WebCore::RenderLayer::updateScrollbarsAfterLayout): * rendering/RenderListBox.cpp: (WebCore::RenderListBox::setHasVerticalScrollbar): * rendering/RenderObject.cpp: (WebCore::RenderObject::addAnnotatedRegions): Deleted. (WebCore::RenderObject::collectAnnotatedRegions): Deleted. * rendering/RenderObject.h: (WebCore::AnnotatedRegionValue::operator== const): Deleted. (WebCore::AnnotatedRegionValue::operator!= const): Deleted. * rendering/style/RenderStyle.cpp: (WebCore::rareNonInheritedDataChangeRequiresLayout): (WebCore::RenderStyle::initialDashboardRegions): Deleted. (WebCore::RenderStyle::noneDashboardRegions): Deleted. (WebCore::RenderStyle::setDashboardRegion): Deleted. * rendering/style/RenderStyle.h: (WebCore::RenderStyle::dashboardRegions const): Deleted. (WebCore::RenderStyle::setDashboardRegions): Deleted. * rendering/style/StyleDashboardRegion.h: Removed. * rendering/style/StyleRareNonInheritedData.cpp: (WebCore::StyleRareNonInheritedData::operator== const): * rendering/style/StyleRareNonInheritedData.h: * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::send): (WebCore::XMLHttpRequest::setRequestHeader): (WebCore::XMLHttpRequest::usesDashboardBackwardCompatibilityMode const): Deleted. * xml/XMLHttpRequest.h: 2019-06-10 Antti Koivisto <antti@apple.com> Event region should be set on scrolledContentsLayer if it exists https://bugs.webkit.org/show_bug.cgi?id=198717 <rdar://problem/51572169> Reviewed by Simon Fraser. Test: pointerevents/ios/touch-action-region-overflow.html * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateConfiguration): Move to updateBackingAndHierarchy. (WebCore::RenderLayerBacking::updateEventRegion): - Set event region on scrolledContentsLayer if it exists - Translate away the scroll offset - Get the offset from renderer from the GraphicsLayer so scrolling and non-scrolling case can be handled uniformly. * rendering/RenderLayerBacking.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::updateBackingAndHierarchy): Invoke updateEventRegion after geometry update so offsets are already available on GraphicsLayer. 2019-06-10 Daniel Bates <dabates@apple.com> [CSP] Blob URLs should inherit their CSP policy https://bugs.webkit.org/show_bug.cgi?id=198579 <rdar://problem/51366878> Reviewed by Brent Fulgham. As per <https://w3c.github.io/webappsec-csp/#security-inherit-csp> (Editor's Draft, 28 February 2019) blob URLs should inherit their CSP policy from their parent (if they have one). Test: http/tests/security/contentSecurityPolicy/navigate-self-to-blob.html http/tests/security/contentSecurityPolicy/navigate-self-to-data-url.html * dom/Document.cpp: (WebCore::Document::shouldInheritContentSecurityPolicyFromOwner const): Return true if the document's URL is a Blob URL. (WebCore::Document::initContentSecurityPolicy): Take a pointer to a ContentSecurityPolicy object that represents the previous document's CSP. We only make us of this if the current URL is a Blob URL or a data URL. Otherwise, do what we do now and take the policy from the owner frame. * dom/Document.h: * loader/DocumentWriter.cpp: (WebCore::DocumentWriter::begin): Extend the lifetime of the previous document temporarily so that we can pass its CSP to FrameLoader::didBeginDocument(). We need to do this extension because this function calls FrameLoader::clear(), which can destroy the previous document and its ContentSecurityPolicy object. This extension is also no different than if this function was called with a non-null ownerDocument except that in that case it is the caller that extends the previous document's lifetime. Although it is tempting to make use of ownerDocument to fix this bug by having the caller of begin() pass the previous document as the ownerDocument when the new document's url (the one we are begin()ing) is a Blob URL. The ownerDocument concept would privilege the Blob URL more than necessary; we only need to inherit the CSP policy from the previous document for a Blob URL, not inherit the cookie URL or strict mixed content checking bit, etc. We could make ContentSecurityPolicy ref-counted or even steal the ContentSecurityPolicy object from the previous document. The latter is not of the question as a future enhancement, but the former seemed excessive as a way to avoid extending the lifetime of the previous document because this would be the *only* call site that actaully takes out a second ref of a ContentSecurityPolicy object. In general, shared ownership of a ContentSecurityPolicy object does not make sense. * loader/FrameLoader.cpp: (WebCore::FrameLoader::didBeginDocument): Pass the specified content security policy through to Document::initContentSecurityPolicy(). * loader/FrameLoader.h: 2019-06-10 Saam Barati <sbarati@apple.com> [WHLSL] Auto initialize local variables https://bugs.webkit.org/show_bug.cgi?id=198426 Reviewed by Myles Maxfield. This patch implements zero-filling for local variables in two parts: 1. We add a new pass, autoInitializeVariables, which makes any variable declaration without an initializer call the default constructor for the variable's type. Since we auto generate the default constructor, it's a native function whose implementation we control. 2. Each native constructor is implemented as a memset(&value, sizeof(value), 0). This memset is an inlined loop in each constructor. The reason this turns everything into zero is that for every primitive type, the "zero" value is represented as all zeroes in memory: float, int, pointers, etc. Since our ability to test some of this is limited, I opened a follow-up bug to test this more: https://bugs.webkit.org/show_bug.cgi?id=198413 Tests: webgpu/whlsl-zero-initialize-values-2.html webgpu/whlsl-zero-initialize-values.html * Modules/webgpu/WHLSL/AST/WHLSLVariableDeclaration.h: (WebCore::WHLSL::AST::VariableDeclaration::setInitializer): * Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp: (WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit): * Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp: (WebCore::WHLSL::Metal::writeNativeFunction): * Modules/webgpu/WHLSL/WHLSLASTDumper.h: * Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.cpp: Added. (WebCore::WHLSL::AutoInitialize::AutoInitialize): (WebCore::WHLSL::AutoInitialize::visit): (WebCore::WHLSL::autoInitializeVariables): * Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.h: Added. * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::checkOperatorOverload): (WebCore::WHLSL::Checker::visit): * Modules/webgpu/WHLSL/WHLSLInferTypes.cpp: (WebCore::WHLSL::inferTypesForCallImpl): (WebCore::WHLSL::inferTypesForCall): * Modules/webgpu/WHLSL/WHLSLInferTypes.h: * Modules/webgpu/WHLSL/WHLSLPrepare.cpp: (WebCore::WHLSL::prepareShared): * Modules/webgpu/WHLSL/WHLSLResolveOverloadImpl.cpp: (WebCore::WHLSL::resolveFunctionOverloadImpl): (WebCore::WHLSL::resolveFunctionOverload): * Modules/webgpu/WHLSL/WHLSLResolveOverloadImpl.h: * Sources.txt: * WebCore.xcodeproj/project.pbxproj: 2019-06-10 Timothy Hatcher <timothy@apple.com> Integrate dark mode support for iOS. https://bugs.webkit.org/show_bug.cgi?id=198687 rdar://problem/51545643 Reviewed by Tim Horton. Tests: css-dark-mode * Configurations/FeatureDefines.xcconfig: * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: * platform/graphics/cocoa/FontCascadeCocoa.mm: (WebCore::showLetterpressedGlyphsWithAdvances): * platform/ios/LocalCurrentTraitCollection.h: Added. * platform/ios/LocalCurrentTraitCollection.mm: Added. * platform/ios/PasteboardIOS.mm: * rendering/RenderThemeIOS.mm: (WebCore::RenderThemeIOS::systemColor const): * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::systemColor const): 2019-06-10 Ali Juma <ajuma@chromium.org> REGRESSION (r245396): Page load time performance regression https://bugs.webkit.org/show_bug.cgi?id=198382 Reviewed by Per Arne Vollan. Use a delay of 2000ms instead of 500ms when scheduling rendering updates for IntersectionObserver targets added during page load. This is a speculative fix for a page load time regression caused by r245396 and still not fixed after r245958. * dom/Document.cpp: (WebCore::Document::scheduleTimedRenderingUpdate): 2019-06-10 Sihui Liu <sihui_liu@apple.com> [WKHTTPCookieStore getAllCookies:] may return duplicate cookies https://bugs.webkit.org/show_bug.cgi?id=198635 <rdar://problem/46010232> Reviewed by Ryosuke Niwa. Test: WebKit.WKHTTPCookieStoreWithoutProcessPoolDuplicates * platform/Cookie.h: (WebCore::Cookie::isKeyEqual const): (WTF::HashTraits<WebCore::Cookie>::isEmptyValue): 2019-06-09 Rob Buis <rbuis@igalia.com> Add wildcard to Access-Control-Allow-Methods and Access-Control-Allow-Headers https://bugs.webkit.org/show_bug.cgi?id=165508 Reviewed by Frédéric Wang. According to the spec [1] step 6.5, a wildcard for method and request's credentials mode should be taken into account, so add this to the check. Same for Access-Control-Allow-Headers (step 6.7). [1] https://fetch.spec.whatwg.org/#cors-preflight-fetch Tests: web-platform-tests/fetch/api/cors/cors-preflight-star.any.html web-platform-tests/fetch/api/cors/cors-preflight-star.any.worker.html * loader/CrossOriginAccessControl.cpp: (WebCore::validatePreflightResponse): * loader/CrossOriginPreflightResultCache.cpp: (WebCore::CrossOriginPreflightResultCacheItem::allowsCrossOriginMethod const): (WebCore::CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders const): (WebCore::CrossOriginPreflightResultCacheItem::allowsRequest const): * loader/CrossOriginPreflightResultCache.h: 2019-06-08 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Introduce Baseline to LineBox https://bugs.webkit.org/show_bug.cgi?id=198686 <rdar://problem/51545175> Reviewed by Antti Koivisto. Make baselines alignment explicit in Line. This is in preparation for adding non-baseline vertical alignment support. * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::InlineFormattingContext::LineLayout::placeInlineItems const): (WebCore::Layout::InlineFormattingContext::LineLayout::createDisplayRuns const): * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::Line): (WebCore::Layout::Line::close): (WebCore::Layout::Line::adjustBaselineAndLineHeight): (WebCore::Layout::Line::halfLeadingMetrics): * layout/inlineformatting/InlineLine.h: (WebCore::Layout::Line::Content::baseline const): (WebCore::Layout::Line::Content::setBaseline): (WebCore::Layout::Line::logicalHeight const): (WebCore::Layout::Line::baselineAlignedContentHeight const): (WebCore::Layout::Line::baselineOffset const): * layout/inlineformatting/InlineLineBox.h: (WebCore::Layout::LineBox::baseline const): (WebCore::Layout::LineBox::LineBox): 2019-06-07 Said Abou-Hallawa <sabouhallawa@apple.com> REGRESSION (r244182) [WK1]: Page updates should always scheduleCompositingLayerFlush() immediately https://bugs.webkit.org/show_bug.cgi?id=198664 Reviewed by Simon Fraser. Because WK1 is a single process, scheduleCompositingLayerFlush() has to be called immediately when layers' update is needed. Otherwise no content will be drawn for the current frame. Doing this will get smooth scrolling back to WK1. RenderingUpdateScheduler now has three different scheduling methods: 1. scheduleTimedRenderingUpdate(): This is a two-steps scheduling method. DisplayRefreshMonitor has to fire before scheduleCompositingLayerFlush() is called. This is used by rAF, WebAnimations and intersection and resize observers. 2. scheduleImmediateRenderingUpdate(): This is a one-step scheduling method. layerTreeAsText() calls this method because it has to process the rendering update within the current frame. 3. scheduleRenderingUpdate(): RenderLayerCompositor::scheduleLayerFlush() calls this function to decide either immediately flush layers or wait for the next timed frame. scheduleImmediateRenderingUpdate() will be called for WK1. scheduleTimedRenderingUpdate() will be called for WK2. * animation/DocumentTimeline.cpp: (WebCore::DocumentTimeline::scheduleAnimationResolution): * dom/Document.cpp: (WebCore::Document::scheduleTimedRenderingUpdate): (WebCore::Document::scheduleInitialIntersectionObservationUpdate): (WebCore::Document::updateResizeObservations): (WebCore::Document::scheduleRenderingUpdate): Deleted. * dom/Document.h: * dom/ScriptedAnimationController.cpp: (WebCore::ScriptedAnimationController::scheduleAnimation): * page/ChromeClient.h: * page/PageOverlayController.cpp: (WebCore::PageOverlayController::didChangeViewExposedRect): (WebCore::PageOverlayController::notifyFlushRequired): * page/RenderingUpdateScheduler.cpp: (WebCore::RenderingUpdateScheduler::scheduleTimedRenderingUpdate): (WebCore::RenderingUpdateScheduler::displayRefreshFired): (WebCore::RenderingUpdateScheduler::scheduleImmediateRenderingUpdate): (WebCore::RenderingUpdateScheduler::scheduleRenderingUpdate): (WebCore::RenderingUpdateScheduler::scheduleCompositingLayerFlush): Deleted. * page/RenderingUpdateScheduler.h: * page/ResizeObserver.cpp: (WebCore::ResizeObserver::observe): * page/mac/ServicesOverlayController.mm: (WebCore::ServicesOverlayController::Highlight::notifyFlushRequired): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::layerTreeAsText): 2019-06-07 Megan Gardner <megan_gardner@apple.com> Extend quirks to emulate bold/italic/underline in hidden editable areas https://bugs.webkit.org/show_bug.cgi?id=198681 Reviewed by Wenson Hsieh. Rename only. Rename quirks to be more accurate for new extended use. * page/Quirks.cpp: (WebCore::shouldEmulateEditingButtonsAndGesturesInHiddenEditableAreasForHost): (WebCore::Quirks::shouldEmulateEditingButtonsAndGesturesInHiddenEditableAreas const): (WebCore::shouldEmulateUndoRedoInHiddenEditableAreasForHost): Deleted. (WebCore::Quirks::shouldEmulateUndoRedoInHiddenEditableAreas const): Deleted. * page/Quirks.h: 2019-06-07 Truitt Savell <tsavell@apple.com> Unreviewed, rolling out r246138. Broke internal builds Reverted changeset: "[WHLSL] Educate the property resolver about IndexExpressions" https://bugs.webkit.org/show_bug.cgi?id=198399 https://trac.webkit.org/changeset/246138 2019-06-07 Justin Fan <justin_fan@apple.com> [WebGPU] Remove GPUBuffer.setSubData and implement GPUDevice.createBufferMapped https://bugs.webkit.org/show_bug.cgi?id=198591 Reviewed by Myles C. Maxfield. Remove GPUBuffer.setSubData from the WebGPU API. Add GPUDevice.createBufferMapped to the WebGPU API. Existing tests have been updated. * Modules/webgpu/WebGPUBuffer.cpp: (WebCore::WebGPUBuffer::setSubData): Deleted. * Modules/webgpu/WebGPUBuffer.h: * Modules/webgpu/WebGPUBuffer.idl: * Modules/webgpu/WebGPUDevice.cpp: (WebCore::WebGPUDevice::createBufferMapped const): * Modules/webgpu/WebGPUDevice.h: * Modules/webgpu/WebGPUDevice.idl: * platform/graphics/gpu/GPUBuffer.h: * platform/graphics/gpu/GPUCommandBuffer.h: * platform/graphics/gpu/GPUDevice.cpp: (WebCore::GPUDevice::tryCreateBuffer): * platform/graphics/gpu/GPUDevice.h: * platform/graphics/gpu/cocoa/GPUBufferMetal.mm: (WebCore::GPUBuffer::tryCreate): (WebCore::GPUBuffer::GPUBuffer): (WebCore::GPUBuffer::state const): (WebCore::GPUBuffer::mapOnCreation): (WebCore::GPUBuffer::commandBufferCompleted): (WebCore::GPUBuffer::copyStagingBufferToGPU): Required to unmap GPUBuffers created with GPU-private storage. (WebCore::GPUBuffer::unmap): (WebCore::GPUBuffer::setSubData): Deleted. (WebCore::GPUBuffer::reuseSubDataBuffer): Deleted. 2019-06-07 Michael Catanzaro <mcatanzaro@igalia.com> Unreviewed, fix non-iOS build after r246205 https://bugs.webkit.org/show_bug.cgi?id=198657 <rdar://problem/51345064> * page/Quirks.cpp: * page/Quirks.h: 2019-06-07 Youenn Fablet <youenn@apple.com> mediaDevices.enumerateDevices() doesn't list the system default audio devices with deviceId as "default" https://bugs.webkit.org/show_bug.cgi?id=198577 <rdar://problem/51454067> Reviewed by Eric Carlson. Make the system default microphone/camera be the first in the list. This ensures that getUserMedia without constraints will pick these devices. This also ensures enumerateDevices will show these default devices as first in the list. Make sure that a default device change will refresh the list. For CoreAudioCaptureSource, we always add the default system input device in the list of capture devices. Covered by manual testing. * platform/mediastream/mac/AVCaptureDeviceManager.h: * platform/mediastream/mac/AVCaptureDeviceManager.mm: (WebCore::toCaptureDevice): (WebCore::AVCaptureDeviceManager::isMatchingExistingCaptureDevice): (WebCore::AVCaptureDeviceManager::refreshCaptureDevices): * platform/mediastream/mac/CoreAudioCaptureDeviceManager.cpp: (WebCore::getDefaultDeviceID): (WebCore::CoreAudioCaptureDeviceManager::refreshAudioCaptureDevices): 2019-06-07 Youenn Fablet <youenn@apple.com> A MediaStreamTrack cannot modify whether being a capture track or not https://bugs.webkit.org/show_bug.cgi?id=198669 Reviewed by Eric Carlson. Add a boolean in MediaStreamTrack to store whether a track is a capture one or not. This removes the need to always go through the private and its source. As a track might change of source (for non capture track cases), this also removes the possibility for a track to be capture and then no longer capture. No change of behavior. See also rdar://problem/49444622. * Modules/mediastream/MediaStreamTrack.cpp: (WebCore::MediaStreamTrack::MediaStreamTrack): * Modules/mediastream/MediaStreamTrack.h: (WebCore::MediaStreamTrack::isCaptureTrack const): 2019-06-07 Youenn Fablet <youenn@apple.com> Add a RELEASE_ASSERT that removeAudioProducer should always be done in the main thread https://bugs.webkit.org/show_bug.cgi?id=198668 Reviewed by Eric Carlson. See rdar://problem/49444622 for background information. No change of behavior. * dom/Document.cpp: (WebCore::Document::removeAudioProducer): 2019-06-07 Zalan Bujtas <zalan@apple.com> Images are not resizing correctly when dragged to a message in 1/3 view https://bugs.webkit.org/show_bug.cgi?id=198623 <rdar://problem/51185518> Reviewed by Wenson Hsieh. Mail's max-width: 100%; default style is in conflict with the preferred presentation size. This patch preserves the existing behaviour for Mail by not setting the height (and rely on the width + aspect ratio). * editing/WebContentReader.h: * editing/cocoa/WebContentReaderCocoa.mm: (WebCore::createFragmentForImageAttachment): (WebCore::WebContentReader::readImage): (WebCore::attachmentForFilePath): (WebCore::attachmentForData): (WebCore::WebContentReader::readFilePath): (WebCore::WebContentReader::readDataBuffer): * editing/gtk/EditorGtk.cpp: (WebCore::createFragmentFromPasteboardData): * editing/markup.cpp: (WebCore::createFragmentForImageAndURL): * editing/markup.h: * platform/Pasteboard.h: (WebCore::PasteboardWebContentReader::readFilePath): (WebCore::PasteboardWebContentReader::readImage): (WebCore::PasteboardWebContentReader::readDataBuffer): * platform/PasteboardItemInfo.h: (WebCore::PasteboardItemInfo::encode const): (WebCore::PasteboardItemInfo::decode): * platform/ios/PasteboardIOS.mm: (WebCore::Pasteboard::readPasteboardWebContentDataForType): (WebCore::Pasteboard::read): (WebCore::Pasteboard::readRespectingUTIFidelities): * platform/ios/PlatformPasteboardIOS.mm: (WebCore::PlatformPasteboard::informationForItemAtIndex): 2019-06-07 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Line should skip all vertical adjustment when running preferred width computation https://bugs.webkit.org/show_bug.cgi?id=198642 <rdar://problem/51511043> Reviewed by Antti Koivisto. While layout triggers both horizontal and vertical aligment, preferred width computation should only do (logical)horizontal. Make all vertical alignment computation optional in Line. * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::UncommittedContent::add): (WebCore::Layout::InlineFormattingContext::LineLayout::placeInlineItems const): (WebCore::Layout::InlineFormattingContext::LineLayout::computedIntrinsicWidth const): (WebCore::Layout::InlineFormattingContext::LineLayout::createDisplayRuns const): (WebCore::Layout::inlineItemHeight): Deleted. * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::Content::Run::Run): (WebCore::Layout::Line::Line): (WebCore::Layout::Line::close): (WebCore::Layout::Line::removeTrailingTrimmableContent): (WebCore::Layout::Line::moveLogicalLeft): (WebCore::Layout::Line::trailingTrimmableWidth const): (WebCore::Layout::Line::appendNonBreakableSpace): (WebCore::Layout::Line::appendInlineContainerStart): (WebCore::Layout::Line::appendInlineContainerEnd): (WebCore::Layout::Line::appendTextContent): (WebCore::Layout::Line::appendNonReplacedInlineBox): (WebCore::Layout::Line::appendReplacedInlineBox): (WebCore::Layout::Line::appendHardLineBreak): (WebCore::Layout::Line::inlineItemHeight const): * layout/inlineformatting/InlineLine.h: 2019-06-07 Antoine Quint <graouts@apple.com> Limit simulated mouse events on Google Maps to entering Street View https://bugs.webkit.org/show_bug.cgi?id=198657 <rdar://problem/51345064> Reviewed by Brent Fulgham. * page/Quirks.cpp: (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const): (WebCore::Quirks::shouldDispatchSimulatedMouseEventsOnTarget const): * page/Quirks.h: 2019-06-07 Joonghun Park <jh718.park@samsung.com> Unreviewed. Use const TabSize& instead of TabSize to avoid unnecessary copy. Using const reference is a c++ feature to extend the life time of a temporary object to the life time of the const reference which refers to it. No behavioral changes. * rendering/style/RenderStyle.h: (WebCore::RenderStyle::setTabSize): 2019-06-07 Michael Catanzaro <mcatanzaro@igalia.com> [GTK] GLContextEGL.h must be built with @no-unify https://bugs.webkit.org/show_bug.cgi?id=198659 Unreviewed ARM build fix. * SourcesGTK.txt: 2019-06-07 Antti Koivisto <antti@apple.com> position:fixed inside overflow positioning nodes is jumpy https://bugs.webkit.org/show_bug.cgi?id=198647 <rdar://problem/51514437> Reviewed by Frédéric Wang. Tests: scrollingcoordinator/ios/fixed-overflow-no-stacking-context-1.html scrollingcoordinator/ios/fixed-overflow-no-stacking-context-2.html scrollingcoordinator/ios/fixed-overflow-stacking-context-stationary.html * page/scrolling/ScrollingTreeScrollingNode.h: * page/scrolling/cocoa/ScrollingTreeFixedNode.mm: (WebCore::ScrollingTreeFixedNode::applyLayerPositions): Take deltas from positioning nodes into account. * page/scrolling/cocoa/ScrollingTreePositionedNode.h: * page/scrolling/cocoa/ScrollingTreePositionedNode.mm: (WebCore::ScrollingTreePositionedNode::scrollDeltaSinceLastCommit const): Rename since 'scrollOffset' has other meaning. (WebCore::ScrollingTreePositionedNode::applyLayerPositions): (WebCore::ScrollingTreePositionedNode::scrollOffsetSinceLastCommit const): Deleted. * page/scrolling/cocoa/ScrollingTreeStickyNode.mm: (WebCore::ScrollingTreeStickyNode::applyLayerPositions): 2019-06-07 Enrique Ocaña González <eocanha@igalia.com> [MSE][GStreamer] Avoid QUOTA_EXCEEDED_ERR when seeking to a buffered range just before the buffered one https://bugs.webkit.org/show_bug.cgi?id=166620 Reviewed by Xabier Rodriguez-Calvar. This patch is fixing a seek to unbuffered range just before the buffered one. For example, supposing a [120, 176) append has filled all the memory and then a seek to 115.0 is done, a subsequent [115, 120) append would fail without this fix. EvictCodedFrames() would return without actually evicting anything, and appendBufferInternal will print "buffer full, failing with QUOTA_EXCEEDED_ERR error" on GStreamer platforms instead of letting the new [115, 120) append succeed. This patch is based on an original patch by iivlev <iivlev@productengine.com> Test: media/media-source/media-source-append-before-last-range-no-quota-exceeded.html * Modules/mediasource/SourceBuffer.cpp: (WebCore::SourceBuffer::evictCodedFrames): Removed the "only if there are buffered ranges *containing* the currentTime" condition to enter into the second part of the eviction algorithm, which removes frames starting from the duration of the media and going backwards down to currentPosition + 30. The loop break condition has also been changed to deal with notFound currentTimeRange. 2019-06-07 Philippe Normand <philn@igalia.com> [GStreamer] AVC1 decoding capabilities probing support https://bugs.webkit.org/show_bug.cgi?id=198569 Reviewed by Xabier Rodriguez-Calvar. When capabilities for an avc1 codec are requested, the registry scanner looks for a compatible decoder for the given H.264 profile and level. This new approach can be avoided by using the WEBKIT_GST_MAX_AVC1_RESOLUTION environment variable. If supplied, the decoder capabilities won't be probed and the codec will be advertised as supported if it complies with the contents of the environment variable. The resolutions currently handled are specifically: 1080P, 720P and 480P. We don't handle framerate checking yet, so the implied H.264 levels are assumed to be for 30FPS. * platform/graphics/gstreamer/GStreamerRegistryScanner.cpp: (WebCore::GStreamerRegistryScanner::isCodecSupported const): (WebCore::GStreamerRegistryScanner::areInputCapsAccepted const): (WebCore::GStreamerRegistryScanner::isAVC1CodecSupported const): * platform/graphics/gstreamer/GStreamerRegistryScanner.h: 2019-06-07 Joonghun Park <jh718.park@samsung.com> Implement tab-size with units https://bugs.webkit.org/show_bug.cgi?id=179022 Reviewed by Simon Fraser. This change is ported from Blink. The committed revision is https://src.chromium.org/viewvc/blink?revision=189430&view=revision. Additionally, this patch lets css "number" value be allowed as tab-size's property value, not css "integer" value, according to https://drafts.csswg.org/css-text-3/#tab-size-property. Tests: css3/tab-size.html imported/w3c/web-platform-tests/css/css-values/calc-numbers.html * Headers.cmake: * WebCore.xcodeproj/project.pbxproj: * css/CSSComputedStyleDeclaration.cpp: (WebCore::ComputedStyleExtractor::valueForPropertyInStyle): * css/CSSProperties.json: * css/StyleBuilderConverter.h: (WebCore::StyleBuilderConverter::convertTabSize): * css/parser/CSSPropertyParser.cpp: (WebCore::consumeTabSize): * layout/inlineformatting/text/TextUtil.cpp: (WebCore::Layout::TextUtil::width): * platform/graphics/FontCascade.h: (WebCore::FontCascade::tabWidth const): * platform/graphics/TabSize.h: Added. (WebCore::TabSize::TabSize): (WebCore::TabSize::isSpaces const): (WebCore::TabSize::widthInPixels const): (WebCore::TabSize::operator bool const): (WebCore::operator==): (WebCore::operator!=): * platform/graphics/TextRun.cpp: * platform/graphics/TextRun.h: (WebCore::TextRun::tabSize const): (WebCore::TextRun::setTabSize): * rendering/SimpleLineLayoutTextFragmentIterator.cpp: (WebCore::SimpleLineLayout::TextFragmentIterator::Style::Style): * rendering/SimpleLineLayoutTextFragmentIterator.h: * rendering/style/RenderStyle.h: (WebCore::RenderStyle::tabSize const): (WebCore::RenderStyle::setTabSize): (WebCore::RenderStyle::initialTabSize): * rendering/style/StyleRareInheritedData.cpp: * rendering/style/StyleRareInheritedData.h: 2019-06-07 Philippe Normand <pnormand@igalia.com> [GStreamer] videorate issues with v4l2src https://bugs.webkit.org/show_bug.cgi?id=198614 Reviewed by Xabier Rodriguez-Calvar. Configure videorate to cope with the live stream provided by the source element. Not doing so might lead to errors in the v4l2 buffer allocator. * platform/mediastream/gstreamer/GStreamerVideoCapturer.cpp: (WebCore::GStreamerVideoCapturer::createConverter): 2019-06-06 Andy Estes <aestes@apple.com> process-swap-on-navigation error when loading blocked website on iOS 12.2 only. https://bugs.webkit.org/show_bug.cgi?id=196930 <rdar://problem/47819301> Reviewed by Chris Dumez. When the content filter blocks a navigation, it will continue to load the content filter error page in the provisional web process. When dispatching didFailProvisionalLoad, we need to specify WillContinueLoading::Yes so that WebKit presents the error page rather than switching back to the committed web process. Testing blocked by <https://webkit.org/b/198626>. * loader/ContentFilter.cpp: (WebCore::ContentFilter::willHandleProvisionalLoadFailure): (WebCore::ContentFilter::handleProvisionalLoadFailure): * loader/ContentFilter.h: * loader/FrameLoader.cpp: (WebCore::FrameLoader::dispatchDidFailProvisionalLoad): (WebCore::FrameLoader::checkLoadCompleteForThisFrame): * loader/FrameLoader.h: 2019-06-06 Chris Dumez <cdumez@apple.com> RELEASE_ASSERT hit in CachedFrame constructor https://bugs.webkit.org/show_bug.cgi?id=198625 <rdar://problem/49877867> Reviewed by Geoffrey Garen. This is a speculative fix, it appears the document is already detached from its frame by the time we construct a CachedFrame for it when entering PageCache. No new tests, because we do not know yet how this can be reproduced. * history/PageCache.cpp: (WebCore::canCacheFrame): Make a frame as ineligible for PageCache if: 1. It does not have a document or 2. Its document is already detached from the frame (WebCore::PageCache::addIfCacheable): Destroy the render tree *before* we check if the page can enter page cache, in case destroying the render tree has any side effects that could make the page ineligible for Page Cache. 2019-06-06 Devin Rousso <drousso@apple.com> Web Inspector: Timelines: only complete Composite records if the m_startedComposite (followup to r246142) https://bugs.webkit.org/show_bug.cgi?id=198639 Reviewed by Matt Baker. In r246142, an `ASSERT` was removed because it is possible for Web Inspector to be opened in between `willComposite` and `didComposite`, meaning that previously the `ASSERT` would fire. In order to properly handle this, we should replace the `ASSERT` with an `if` so that Web Inspector doesn't even try to complete a `Composite` record if it was opened in that case. * inspector/agents/InspectorTimelineAgent.cpp: (WebCore::InspectorTimelineAgent::didComposite): 2019-06-06 Youenn Fablet <youenn@apple.com> Allow WebKitTestRunner to terminate network process after it finishes service worker file operations https://bugs.webkit.org/show_bug.cgi?id=198584 Reviewed by Geoffrey Garen. Add a promise-based internal API to store service worker registrations on disk. Covered by updated test. * testing/Internals.cpp: (WebCore::Internals::storeRegistrationsOnDisk): * testing/Internals.h: * testing/Internals.idl: * workers/service/SWClientConnection.h: (WebCore::SWClientConnection::storeRegistrationsOnDiskForTesting): * workers/service/server/RegistrationStore.cpp: (WebCore::RegistrationStore::startSuspension): (WebCore::RegistrationStore::closeDatabase): * workers/service/server/RegistrationStore.h: * workers/service/server/SWServer.cpp: (WebCore::SWServer::Connection::storeRegistrationsOnDisk): * workers/service/server/SWServer.h: 2019-06-06 Brent Fulgham <bfulgham@apple.com> Avoid generating new XSLT-based document when already changing the document. https://bugs.webkit.org/show_bug.cgi?id=198525 <rdar://problem/51393787> Reviewed by Ryosuke Niwa. We should not allow a pending XSLT transform to change the current document when that current document is int he process of being replaced. * dom/Document.cpp: (WebCore::Document::applyPendingXSLTransformsTimerFired): 2019-06-06 Devin Rousso <drousso@apple.com> Web Inspector: create CommandLineAPIHost lazily like the other agents https://bugs.webkit.org/show_bug.cgi?id=196047 <rdar://problem/49087835> Reviewed by Timothy Hatcher. No change in functionality. * inspector/InspectorController.cpp: (WebCore::InspectorController::InspectorController): (WebCore::InspectorController::createLazyAgents): * inspector/WorkerInspectorController.cpp: (WebCore::WorkerInspectorController::WorkerInspectorController): (WebCore::WorkerInspectorController::createLazyAgents): * inspector/WebInjectedScriptManager.h: * inspector/WebInjectedScriptManager.cpp: (WebCore::WebInjectedScriptManager::WebInjectedScriptManager): (WebCore::WebInjectedScriptManager::connect): Added. (WebCore::WebInjectedScriptManager::disconnect): (WebCore::WebInjectedScriptManager::discardInjectedScripts): * inspector/agents/InspectorDOMAgent.cpp: (WebCore::InspectorDOMAgent::setInspectedNode): 2019-06-05 Said Abou-Hallawa <sabouhallawa@apple.com> REGRESSION (r243121): Load event should not be fired while animating the 'externalResourcesRequired' attribute https://bugs.webkit.org/show_bug.cgi?id=198576 Reviewed by Simon Fraser. Firing the load event should only happen when dynamic update changes the attribute 'externalResourcesRequired'. Animating this attribute should not fire the load event. When stopping the animations, applyAnimatedPropertyChange() should be called first then stopAnimation() is called second. The target element should know that its svgAttributeChanged() is called because of animating the attribute. So it can differentiate this case from the dynamic update. Test: svg/animations/animate-externalResourcesRequired-no-load-event.html * svg/SVGExternalResourcesRequired.cpp: (WebCore::SVGExternalResourcesRequired::svgAttributeChanged): * svg/properties/SVGAnimatedPropertyAnimator.h: 2019-06-05 Saam Barati <sbarati@apple.com> 2019-06-06 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Move baseline and line height computation to a dedicated function https://bugs.webkit.org/show_bug.cgi?id=198611 <rdar://problem/51482708> Reviewed by Antti Koivisto. This is in preparation for adding vertical aligment. * layout/inlineformatting/InlineLine.cpp: (WebCore::Layout::Line::appendInlineContainerStart): (WebCore::Layout::Line::appendNonReplacedInlineBox): (WebCore::Layout::Line::adjustBaselineAndLineHeight): * layout/inlineformatting/InlineLine.h: 2019-06-06 Antti Koivisto <antti@apple.com> Position fixed is buggy with overflow:auto scrolling inside iframes https://bugs.webkit.org/show_bug.cgi?id=154399 <rdar://problem/24742251> Reviewed by Frederic Wang and Simon Fraser. Test: scrollingcoordinator/ios/fixed-frame-overflow-swipe.html After layer tree commit we were calling mainFrameViewportChangedViaDelegatedScrolling (even if viewport did not change) and expecting it to apply UI side scrolling deltas. However optimization prevents it from descending into subframes and we fail to update those properly. In reality we only need to to apply scrolling tree positiong after commit if there has been delegated scrolling after the last one. Track this and do full update when needed. * page/scrolling/ScrollingTree.cpp: (WebCore::ScrollingTree::applyLayerPositionsAfterCommit): Add specific function for this. Don't do anything unless needed. * page/scrolling/ScrollingTree.h: (WebCore::ScrollingTree::didScrollByDelegatedScrolling): Track if there has been any delegated scrolling. * page/scrolling/ScrollingTreeScrollingNode.cpp: (WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling): We can now bail out if nothing changes since we no longer rely on this for post-commit updates. 2019-06-06 Zalan Bujtas <zalan@apple.com> [LFC][IFC] Layout and preferred width computation should both call placeInlineItems(). https://bugs.webkit.org/show_bug.cgi?id=198587 <rdar://problem/51460340> Reviewed by Antti Koivisto. This patch enables inline placement logic sharing between layout and preferred width computation. * layout/inlineformatting/InlineFormattingContext.h: * layout/inlineformatting/InlineFormattingContextLineLayout.cpp: (WebCore::Layout::InlineFormattingContext::LineLayout::LineInput::LineInput): (WebCore::Layout::InlineFormattingContext::LineLayout::placeInlineItems const): (WebCore::Layout::InlineFormattingContext::LineLayout::layout const): (WebCore::Layout::InlineFormattingContext::LineLayout::computedIntrinsicWidth const): 2019-06-05 Takashi Komori <Takashi.Komori@sony.com> [Curl] Report all request headers to web inspector. https://bugs.webkit.org/show_bug.cgi?id=191653 Reviewed by Fujii Hironori. Test: http/tests/inspector/network/resource-request-headers.html * platform/network/curl/CurlContext.cpp: (WebCore::CurlHandle::setDebugCallbackFunction): * platform/network/curl/CurlContext.h: * platform/network/curl/CurlRequest.cpp: (WebCore::CurlRequest::setupTransfer): (WebCore::CurlRequest::didReceiveDebugInfo): (WebCore::CurlRequest::updateNetworkLoadMetrics): (WebCore::CurlRequest::didReceiveDebugInfoCallback): * platform/network/curl/CurlRequest.h: 2019-06-05 Said Abou-Hallawa <sabouhallawa@apple.com> [Cocoa] REGRESSION(r244182): Inspector thinks CA commits can be nested https://bugs.webkit.org/show_bug.cgi?id=198497 Reviewed by Simon Fraser. WebInspecter should coalesce nested composites as one recorded composite. This can be done by ensuring that we only process CA preCommit and postCommit once per nested commits. * inspector/InspectorController.cpp: (WebCore::InspectorController::willComposite): * inspector/InspectorController.h: Export willComposite(). We want to call willComposite()/ didComposite() from CA preCommit and postCommit handlers in flushLayers(). * inspector/agents/InspectorTimelineAgent.cpp: (WebCore::InspectorTimelineAgent::didComposite): Unrelated change: didComposite() should not assert that we're in the middle of a composite. Web Inspector may connect in the middle of a composite. * page/FrameView.cpp: (WebCore::FrameView::flushCompositingStateIncludingSubframes): InspectorController::willComposite() will be called form CA preCommit handler of flushLayers(). 2019-06-05 Myles C. Maxfield <mmaxfield@apple.com> [WHLSL] Educate the property resolver about IndexExpressions https://bugs.webkit.org/show_bug.cgi?id=198399 Reviewed by Saam Barati. This is part one of two patches which will allow buffers to work. This patch adds support in the property resolver for index expressions. Index expressions get turned into calls to "getter indexers", "setter indexers", or "ander indexers". They work almost identically to dot expressions, except there is an extra "index" expression which gets turned into an extra argument to those functions. There's actually a bit of a trick here. Let's say we need to run a getter and a setter separately (e.g. "foo[3]++;"). The index expression can't be duplicated for both the getter and the setter (e.g. the functions are int operator[](Foo, uint) and Foo operator[]=(Foo, uint, int), and we aren't allowed to execute the index expression multiple times. Consider if that "3" in the example is actually "bar()" with some side effect. So, we have to run the index expression once at the correct time, and save its result to a temporary variable, and then pass in the temporary variable into the getter and setter. So, if the code says "foo[bar()][baz()] = quux();" the following sequence of functions get run: - bar() - operator[](Foo, uint) - baz() - quux() - operator[]=(OtherType, uint, OtherOtherType) - operator[]=(Foo, uint, OtherType) The next patch will modify the WebGPU JavaScript implementation to send buffer lengths to the shader, and for the shader compiler to correctly unpack this information and place it inside the array references. That should be everything that's needed to get buffers to work. After that, hooking up compute should be fairly trivial. Tests: webgpu/propertyresolver/ander-abstract-lvalue.html webgpu/propertyresolver/ander-lvalue-3-levels.html webgpu/propertyresolver/ander-lvalue.html webgpu/propertyresolver/ander.html webgpu/propertyresolver/getter.html webgpu/propertyresolver/indexer-ander-abstract-lvalue.html webgpu/propertyresolver/indexer-ander-lvalue-3-levels.html webgpu/propertyresolver/indexer-ander-lvalue.html webgpu/propertyresolver/indexer-ander.html webgpu/propertyresolver/indexer-getter.html webgpu/propertyresolver/indexer-setter-abstract-lvalue-3-levels.html webgpu/propertyresolver/indexer-setter-abstract-lvalue.html webgpu/propertyresolver/indexer-setter-lvalue.html webgpu/propertyresolver/indexer-setter.html webgpu/propertyresolver/setter-abstract-lvalue-3-levels.html webgpu/propertyresolver/setter-abstract-lvalue.html webgpu/propertyresolver/setter-lvalue.html * Modules/webgpu/WHLSL/AST/WHLSLAddressSpace.h: (WebCore::WHLSL::AST::toString): * Modules/webgpu/WHLSL/AST/WHLSLEntryPointType.h: (WebCore::WHLSL::AST::toString): * Modules/webgpu/WHLSL/AST/WHLSLIndexExpression.h: (WebCore::WHLSL::AST::IndexExpression::takeIndex): * Modules/webgpu/WHLSL/AST/WHLSLReferenceType.h: * Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp: (WebCore::WHLSL::Metal::writeNativeFunction): (WebCore::WHLSL::Metal::convertAddressSpace): Deleted. * Modules/webgpu/WHLSL/WHLSLChecker.cpp: (WebCore::WHLSL::checkOperatorOverload): (WebCore::WHLSL::Checker::finishVisiting): (WebCore::WHLSL::Checker::visit): * Modules/webgpu/WHLSL/WHLSLInferTypes.h: * Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp: (WebCore::WHLSL::PropertyResolver::visit): (WebCore::WHLSL::setterCall): (WebCore::WHLSL::getterCall): (WebCore::WHLSL::modify): (WebCore::WHLSL::PropertyResolver::simplifyRightValue): (WebCore::WHLSL::LeftValueSimplifier::finishVisiting): (WebCore::WHLSL::LeftValueSimplifier::visit): * Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt: * Modules/webgpu/WHLSL/WHLSLSynthesizeStructureAccessors.cpp: (WebCore::WHLSL::synthesizeStructureAccessors): 2019-06-05 Robin Morisset <rmorisset@apple.com> [WHLSL] Parsing and lexing the standard library is slow https://bugs.webkit.org/show_bug.cgi?id=192890 <rdar://problem/50746335> Reviewed by Myles Maxfield. The main idea is to avoid backtracking by instead peeking at the next token (and occasionally at the one after that). This implies a few things: - We can replace the stack of tokens by a trivial ring buffer of size 2 (holding the next token and the one after, or WTF::nullopt if we are at the end of the file). - We now have "completeFooExpression" functions, to avoid having to reparse the prefix of some expression, if we find half-way through what it is. I also fixed the following parser bug: - https://bugs.webkit.org/show_bug.cgi?id=198305 [WHLSL] Multiple variables with initializers in a declaration statement crashes the compiler which was due to a mistake I made in the grammar Finally I added two new macros: CONSUME_TYPE and PARSE to eliminate about 500 lines of error propagation boilerplate. There are still lots of ways of improving the parser and lexer, such as: - finishing the conversion of tokens in the lexer, not bothering with allocating string views - make two special tokens Invalid and EOF, to remove the overhead of Optional - make peekTypes and consumeTypes use templates to avoid constructing a Vector and calling find on it. - Turn the entire lexer into a proper automata, not going through the same characters again and again (this is certainly the largest win by far) - Remove the last few pieces of backtracking from the parser. The current patch is already enough to make parsing the full standard library (something like 85k lines) approximately 260ms. This is still longer than I would like, but nowhere near the bottleneck any longer because of some other parts of the compiler. * Modules/webgpu/WHLSL/WHLSLLexer.h: (WebCore::WHLSL::Lexer::Lexer): (WebCore::WHLSL::Lexer::consumeToken): (WebCore::WHLSL::Lexer::peek): (WebCore::WHLSL::Lexer::peekFurther): (WebCore::WHLSL::Lexer::state const): (WebCore::WHLSL::Lexer::setState): (WebCore::WHLSL::Lexer::unconsumeToken): Deleted. * Modules/webgpu/WHLSL/WHLSLParser.cpp: (WebCore::WHLSL::Parser::parse): (WebCore::WHLSL::Parser::peek): (WebCore::WHLSL::Parser::peekTypes): (WebCore::WHLSL::Parser::tryType): (WebCore::WHLSL::Parser::tryTypes): (WebCore::WHLSL::Parser::consumeTypes): (WebCore::WHLSL::Parser::parseConstantExpression): (WebCore::WHLSL::Parser::parseTypeArgument): (WebCore::WHLSL::Parser::parseTypeArguments): (WebCore::WHLSL::Parser::parseTypeSuffixAbbreviated): (WebCore::WHLSL::Parser::parseTypeSuffixNonAbbreviated): (WebCore::WHLSL::Parser::parseType): (WebCore::WHLSL::Parser::parseTypeDefinition): (WebCore::WHLSL::Parser::parseResourceSemantic): (WebCore::WHLSL::Parser::parseSpecializationConstantSemantic): (WebCore::WHLSL::Parser::parseStageInOutSemantic): (WebCore::WHLSL::Parser::parseSemantic): (WebCore::WHLSL::Parser::parseQualifiers): (WebCore::WHLSL::Parser::parseStructureElement): (WebCore::WHLSL::Parser::parseStructureDefinition): (WebCore::WHLSL::Parser::parseEnumerationDefinition): (WebCore::WHLSL::Parser::parseEnumerationMember): (WebCore::WHLSL::Parser::parseNativeTypeDeclaration): (WebCore::WHLSL::Parser::parseNumThreadsFunctionAttribute): (WebCore::WHLSL::Parser::parseAttributeBlock): (WebCore::WHLSL::Parser::parseParameter): (WebCore::WHLSL::Parser::parseParameters): (WebCore::WHLSL::Parser::parseFunctionDefinition): (WebCore::WHLSL::Parser::parseComputeFunctionDeclaration): (WebCore::WHLSL::Parser::parseVertexFragmentFunctionDeclaration): (WebCore::WHLSL::Parser::parseRegularFunctionDeclaration): (WebCore::WHLSL::Parser::parseOperatorFunctionDeclaration): (WebCore::WHLSL::Parser::parseFunctionDeclaration): (WebCore::WHLSL::Parser::parseNativeFunctionDeclaration): (WebCore::WHLSL::Parser::parseBlock): (WebCore::WHLSL::Parser::parseBlockBody): (WebCore::WHLSL::Parser::parseIfStatement): (WebCore::WHLSL::Parser::parseSwitchStatement): (WebCore::WHLSL::Parser::parseSwitchCase): (WebCore::WHLSL::Parser::parseForLoop): (WebCore::WHLSL::Parser::parseWhileLoop): (WebCore::WHLSL::Parser::parseDoWhileLoop): (WebCore::WHLSL::Parser::parseVariableDeclaration): (WebCore::WHLSL::Parser::parseVariableDeclarations): (WebCore::WHLSL::Parser::parseStatement): (WebCore::WHLSL::Parser::parseEffectfulExpression): (WebCore::WHLSL::Parser::parseEffectfulAssignment): (WebCore::WHLSL::Parser::parseExpression): (WebCore::WHLSL::Parser::parseTernaryConditional): Deleted. (WebCore::WHLSL::Parser::completeTernaryConditional): (WebCore::WHLSL::Parser::parseAssignment): Deleted. (WebCore::WHLSL::Parser::completeAssignment): (WebCore::WHLSL::Parser::parsePossibleTernaryConditional): (WebCore::WHLSL::Parser::parsePossibleLogicalBinaryOperation): (WebCore::WHLSL::Parser::completePossibleLogicalBinaryOperation): (WebCore::WHLSL::Parser::parsePossibleRelationalBinaryOperation): (WebCore::WHLSL::Parser::completePossibleRelationalBinaryOperation): (WebCore::WHLSL::Parser::parsePossibleShift): (WebCore::WHLSL::Parser::completePossibleShift): (WebCore::WHLSL::Parser::parsePossibleAdd): (WebCore::WHLSL::Parser::completePossibleAdd): (WebCore::WHLSL::Parser::parsePossibleMultiply): (WebCore::WHLSL::Parser::completePossibleMultiply): (WebCore::WHLSL::Parser::parsePossiblePrefix): (WebCore::WHLSL::Parser::parsePossibleSuffix): (WebCore::WHLSL::Parser::parseCallExpression): (WebCore::WHLSL::Parser::parseTerm): (WebCore::WHLSL::Parser::parseAddressSpaceType): Deleted. (WebCore::WHLSL::Parser::parseNonAddressSpaceType): Deleted. (WebCore::WHLSL::Parser::parseEntryPointFunctionDeclaration): Deleted. (WebCore::WHLSL::Parser::parseEffectfulPrefix): Deleted. (WebCore::WHLSL::Parser::parseEffectfulSuffix): Deleted. * Modules/webgpu/WHLSL/WHLSLParser.h: (WebCore::WHLSL::Parser::Error::dump const): 2019-06-05 Alex Christensen <achristensen@webkit.org> Revert part of r246126 https://bugs.webkit.org/show_bug.cgi?id=197132 * platform/ios/WebItemProviderPasteboard.h: This change broke an internal build, so I'm reverting it. 2019-06-05 Daniel Bates <dabates@apple.com> [CSP] Data URLs should inherit their CSP policy https://bugs.webkit.org/show_bug.cgi?id=198572 <rdar://problem/50660927> Reviewed by Brent Fulgham. As per <https://w3c.github.io/webappsec-csp/#security-inherit-csp> (Editor's Draft, 28 February 2019) data URLs should inherit their CSP policy from their parent (if they have one). Test: http/tests/security/contentSecurityPolicy/subframe-with-data-url-inheritance.html * dom/Document.cpp: (WebCore::Document::shouldInheritContentSecurityPolicyFromOwner const): 2019-06-05 Saam Barati <sbarati@apple.com> Unreviewed. Follow up fix after r246115. I changed the code to assert that we don't have duplicate native functions. It turns out we do. I will fix that here, then add back the assert. https://bugs.webkit.org/show_bug.cgi?id=198580 * Modules/webgpu/WHLSL/WHLSLCheckDuplicateFunctions.cpp: (WebCore::WHLSL::checkDuplicateFunctions): 2019-06-05 Alex Christensen <achristensen@webkit.org> Progress towards resurrecting Mac CMake build https://bugs.webkit.org/show_bug.cgi?id=197132 Reviewed by Don Olmstead. * CMakeLists.txt: * PlatformMac.cmake: * platform/cocoa/ContentFilterUnblockHandlerCocoa.mm: == Rolled over to ChangeLog-2019-06-05 ==